<div dir="ltr"><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jan 8, 2015 at 1:22 PM, Duncan P. N. Exon Smith <span dir="ltr"><<a href="mailto:dexonsmith@apple.com" target="_blank">dexonsmith@apple.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span class="">> On 2015-Jan-08, at 12:05, Alexey Samsonov <<a href="mailto:vonosmas@gmail.com">vonosmas@gmail.com</a>> wrote:<br>
><br>
> Ping.<br>
><br>
> On Fri, Jan 2, 2015 at 6:41 PM, Alexey Samsonov <<a href="mailto:vonosmas@gmail.com">vonosmas@gmail.com</a>> wrote:<br>
> So, what do you think will be the correct resolution for this?<br>
<br>
</span>I'm a little lost. Your patch modifies behaviour for `DenseMap<T*>`, but<br>
you're talking about ubsan problems with `DenseMap<AssertingVH<T>>`.<br>
<br>
It sounds like there's undefined behaviour in `DenseMapInfo<AssertingVH<T>>`<br>
so the right fix is in there somewhere, but I'm not following what the<br>
actual cause of UB is. (Sorry if you spelled it out and I missed it.)<br></blockquote><div><br></div><div>Sorry for not being clear enough.</div><div><br></div><div>Here's the problem:</div><div>1) DenseMap<AssertingVH<T>> implementation calls DenseMapInfo<AssertingVH<T>>::getEmptyKey()</div><div>2) DenseMapInfo<AssertingVH<T>>::getEmptyKey() calls DenseMapInfo<T*>::getEmptyKey(), and uses this</div><div> pointer (let's denote it as P) to construct AssertingVH object.</div><div> AssertingVH constructor assumes that P is a valid pointer to some subclass of Value, in particular it upcasts P to Value*.</div><div> This is where UBSan reports an error - P is not a pointer to an actual object, it's a fake value (0xfffff....), which is not even</div><div> properly aligned.</div><div><br></div><div>So, we may observe the problem in AssertingVH<T>, but its root is invalid fake pointer value generated in DenseMapInfo<T*>::getEmptyKey().</div><div>I don't see another easy way to work around the problem - when we instantiate DenseMapInfo<T*>::getEmptyKey() we don't even know</div><div>alignment of T, and of course can't create the actual object of type T.</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<span class=""><br>
> On Mon, Dec 29, 2014 at 5:45 PM, Alexey Samsonov <<a href="mailto:vonosmas@gmail.com">vonosmas@gmail.com</a>> wrote:<br>
> On Mon, Dec 29, 2014 at 5:41 PM, Chandler Carruth <<a href="mailto:chandlerc@gmail.com">chandlerc@gmail.com</a>> wrote:<br>
><br>
> On Mon, Dec 29, 2014 at 5:33 PM, Alexey Samsonov <<a href="mailto:vonosmas@gmail.com">vonosmas@gmail.com</a>> wrote:<br>
> Casing (int*) to (float*) doesn't dereference a pointer. However, upcast/downcast (in general case) does dereference a pointer - you may need to read vtable and adjust the pointer value accordingly.<br>
><br>
> I see, so the problem is we're up casting or down casting? I suspect such casts can be avoided? We should only be casting between integers and a single pointer type in the dense map stuff...<br>
><br>
> If we have smth. like DenseMap<AssertingVH<T>, Foo> (or other ValueHandle kinds), we would cast empty/tombstone keys (i.e. fake pointers) for T* to Value*.<br>
><br>
> --<br>
> Alexey Samsonov<br>
> <a href="mailto:vonosmas@gmail.com">vonosmas@gmail.com</a><br>
><br>
><br>
><br>
> --<br>
> Alexey Samsonov<br>
> <a href="mailto:vonosmas@gmail.com">vonosmas@gmail.com</a><br>
><br>
><br>
><br>
> --<br>
> Alexey Samsonov<br>
> <a href="mailto:vonosmas@gmail.com">vonosmas@gmail.com</a><br>
</span>> _______________________________________________<br>
> llvm-commits mailing list<br>
> <a href="mailto:llvm-commits@cs.uiuc.edu">llvm-commits@cs.uiuc.edu</a><br>
> <a href="http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits" target="_blank">http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits</a><br>
<br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr">Alexey Samsonov<br><a href="mailto:vonosmas@gmail.com" target="_blank">vonosmas@gmail.com</a></div></div>
</div></div>