[llvm-branch-commits] [compiler-rt] [TySan] Fix struct access with different bases (PR #108385)
Tavian Barnes via llvm-branch-commits
llvm-branch-commits at lists.llvm.org
Mon Sep 16 06:33:32 PDT 2024
tavianator wrote:
> ! Oh wow! ... Should the commented out line cause a type violation too?
No, `out->i = out->i->n;` is fine because the type of the expression `out->i->n` is just `struct inner *`, so that's the type that will be given to the storage for `out->i`. (Because `out` is dynamically allocated, it has no declared type and writes will set the effective type.)
But `memcpy(&out->i, &out->i->n, sizeof(out->i))` is specified to exactly copy the effective type from the source to the destination (again because `out` is dynamically allocated). The type that gets copied includes knowledge of exactly which struct field it is (`struct inner::n`), and TySan is faithfully copying that over. The later access with type `struct outer::i` doesn't match.
There are more details in this paper, for example: https://web.archive.org/web/20190219170809/https://trust-in-soft.com/wp-content/uploads/2017/01/vmcai.pdf
https://github.com/llvm/llvm-project/pull/108385
More information about the llvm-branch-commits
mailing list