[PATCH] D51855: [constexpr] Fix ICE when memcpy() is given a pointer to an incomplete array

Petr Pavlu via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Mon Sep 10 05:32:26 PDT 2018 

petpav01 created this revision.
petpav01 added a reviewer: rsmith.
Herald added a reviewer: javed.absar.
Herald added subscribers: cfe-commits, kristof.beyls.

Trying to compile the following example results in a clang crash:

  $ cat char.c
  void *memcpy(void *, const void *, unsigned int);
  extern char array2[];
  extern char array[];
  void test(void) { memcpy(&array, &array2, 9 * sizeof(char)); }
  
  $ ./llvm/build/bin/clang -target armv8a-none-eabi -c char.c
  clang-8: /work/llvm/lib/Support/APInt.cpp:1785: static void llvm::APInt::udivrem(const llvm::APInt&, uint64_t, llvm::APInt&, uint64_t&): Assertion `RHS != 0 && "Divide by zero?"' failed.
  [...]

The problem occurs since rC338941 <https://reviews.llvm.org/rC338941>. The change added support for constant evaluation of `__builtin_memcpy/memmove()` but it does not always cope well with incomplete types.

The AST for the `memcpy()` call looks as follows:

  CallExpr 0x7416d0 'void *'
  |-ImplicitCastExpr 0x7416b8 'void *(*)(void *, const void *, unsigned int)' <FunctionToPointerDecay>
  | `-DeclRefExpr 0x741518 'void *(void *, const void *, unsigned int)' Function 0x741198 'memcpy' 'void *(void *, const void *, unsigned int)'
  |-ImplicitCastExpr 0x741710 'void *' <BitCast>
  | `-UnaryOperator 0x741598 'char (*)[]' prefix '&' cannot overflow
  |   `-DeclRefExpr 0x741540 'char []' lvalue Var 0x741358 'array' 'char []'
  |-ImplicitCastExpr 0x741728 'const void *' <BitCast>
  | `-UnaryOperator 0x7415e0 'char (*)[]' prefix '&' cannot overflow
  |   `-DeclRefExpr 0x7415b8 'char []' lvalue Var 0x741298 'array2' 'char []'
  `-BinaryOperator 0x741668 'unsigned int' '*'
    |-ImplicitCastExpr 0x741650 'unsigned int' <IntegralCast>
    | `-IntegerLiteral 0x741600 'int' 9
    `-UnaryExprOrTypeTraitExpr 0x741630 'unsigned int' sizeof 'char'

The following happens in `PointerExprEvaluator::VisitBuiltinCallExpr()`, label `Builtin::BI__builtin_memcpy`:

- Types `T` and `SrcT` are determined as:

  IncompleteArrayType 0x741250 'char []'
  `-BuiltinType 0x6ff430 'char'

- Method `ASTContext::getTypeSizeInChars()` is called to obtain size of type `T`. It returns 0 because the type is incomplete. The result is stored in variable `TSize`.
- Following call to `llvm::APInt::udivrem(OrigN, TSize, N, Remainder)` fails because it attempts a divide by zero.

The proposed patch fixes the problem by adding a check that no incomplete type is getting copied prior to the call to `ASTContext::getTypeSizeInChars()`.


Repository:
  rC Clang

https://reviews.llvm.org/D51855

Files:
  include/clang/Basic/DiagnosticASTKinds.td
  lib/AST/ExprConstant.cpp
  test/CodeGen/builtin-memfns.c
  test/SemaCXX/constexpr-string.cpp


Index: test/SemaCXX/constexpr-string.cpp
===================================================================
--- test/SemaCXX/constexpr-string.cpp
+++ test/SemaCXX/constexpr-string.cpp
@@ -370,4 +370,31 @@
   // designators until we have a long enough matching size, if both designators
   // point to the start of their respective final elements.
   static_assert(test_derived_to_base(2) == 3434); // expected-error {{constant}} expected-note {{in call}}
+
+  // Check that when address-of an array is passed to a tested function the
+  // array can be fully copied.
+  constexpr int test_address_of_const_array_type() {
+    int arr[4] = {1, 2, 3, 4};
+    __builtin_memmove(&arr, &arr, sizeof(arr));
+    return arr[0] * 1000 + arr[1] * 100 + arr[2] * 10 + arr[3];
+  }
+  static_assert(test_address_of_const_array_type() == 1234);
+
+  // Check that an incomplete array is rejected.
+  constexpr int test_incomplete_array_type() { // expected-error {{never produces a constant}}
+    extern int arr[];
+    __builtin_memmove(arr, arr, 4 * sizeof(arr[0]));
+    // expected-note at -1 2{{'memmove' not supported: source is not a contiguous array of at least 4 elements of type 'int'}}
+    return arr[0] * 1000 + arr[1] * 100 + arr[2] * 10 + arr[3];
+  }
+  static_assert(test_incomplete_array_type() == 1234); // expected-error {{constant}} expected-note {{in call}}
+
+  // Check that a pointer to an incomplete array is rejected.
+  constexpr int test_address_of_incomplete_array_type() { // expected-error {{never produces a constant}}
+    extern int arr[];
+    __builtin_memmove(&arr, &arr, 4 * sizeof(arr[0]));
+    // expected-note at -1 2{{cannot constant evaluate 'memmove' between objects of incomplete type 'int []'}}
+    return arr[0] * 1000 + arr[1] * 100 + arr[2] * 10 + arr[3];
+  }
+  static_assert(test_address_of_incomplete_array_type() == 1234); // expected-error {{constant}} expected-note {{in call}}
 }
Index: test/CodeGen/builtin-memfns.c
===================================================================
--- test/CodeGen/builtin-memfns.c
+++ test/CodeGen/builtin-memfns.c
@@ -111,3 +111,10 @@
   memcpy(&d, (char *)&e.a, sizeof(e));
 }
 
+// CHECK-LABEL: @test12
+extern char dest_array[];
+extern char src_array[];
+void test12() {
+  // CHECK: call void @llvm.memcpy{{.*}}(
+  memcpy(&dest_array, &dest_array, 2);
+}
Index: lib/AST/ExprConstant.cpp
===================================================================
--- lib/AST/ExprConstant.cpp
+++ lib/AST/ExprConstant.cpp
@@ -6222,6 +6222,10 @@
       Info.FFDiag(E, diag::note_constexpr_memcpy_nontrivial) << Move << T;
       return false;
     }
+    if (T->isIncompleteType()) {
+      Info.FFDiag(E, diag::note_constexpr_memcpy_incompletetype) << Move << T;
+      return false;
+    }
 
     // Figure out how many T's we're copying.
     uint64_t TSize = Info.Ctx.getTypeSizeInChars(T).getQuantity();
Index: include/clang/Basic/DiagnosticASTKinds.td
===================================================================
--- include/clang/Basic/DiagnosticASTKinds.td
+++ include/clang/Basic/DiagnosticASTKinds.td
@@ -169,6 +169,9 @@
 def note_constexpr_memcpy_nontrivial : Note<
   "cannot constant evaluate '%select{memcpy|memmove}0' between objects of "
   "non-trivially-copyable type %1">;
+def note_constexpr_memcpy_incompletetype : Note<
+  "cannot constant evaluate '%select{memcpy|memmove}0' between objects of "
+  "incomplete type %1">;
 def note_constexpr_memcpy_overlap : Note<
   "'%select{memcpy|wmemcpy}0' between overlapping memory regions">;
 def note_constexpr_memcpy_unsupported : Note<


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D51855.164656.patch
Type: text/x-patch
Size: 3591 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20180910/24b43d48/attachment.bin>

More information about the cfe-commits mailing list