[llvm] r331200 - [DebugInfo] Prevent infinite recursion for malformed DWARF
David Blaikie via llvm-commits
llvm-commits at lists.llvm.org
Mon Apr 30 10:41:11 PDT 2018
Hey - could we revisit the review for this (I've followed up there too) - I
feel like the crux of my concerns was never really resolved?
(if I recall correctly, the original version of this code was non-recursive
(& only walked a fixed set of levels (one abstract, one specification)) -
I'm not sure how/why it became recursive & would like to revisit/reexamine
that decision before we add more complexity to handle that route)
On Mon, Apr 30, 2018 at 10:06 AM Jonas Devlieghere via llvm-commits <
llvm-commits at lists.llvm.org> wrote:
> Author: jdevlieghere
> Date: Mon Apr 30 10:02:41 2018
> New Revision: 331200
>
> URL: http://llvm.org/viewvc/llvm-project?rev=331200&view=rev
> Log:
> [DebugInfo] Prevent infinite recursion for malformed DWARF
>
> This prevents infinite recursion in DWARFDie::findRecursively for
> malformed DWARF where a DIE references itself.
>
> This fixes PR36257.
>
> Differential revision: https://reviews.llvm.org/D43092
>
> Added:
> llvm/trunk/test/tools/llvm-dwarfdump/X86/invalid_abstract_origin.s
> Modified:
> llvm/trunk/lib/DebugInfo/DWARF/DWARFDie.cpp
>
> Modified: llvm/trunk/lib/DebugInfo/DWARF/DWARFDie.cpp
> URL:
> http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/DebugInfo/DWARF/DWARFDie.cpp?rev=331200&r1=331199&r2=331200&view=diff
>
> ==============================================================================
> --- llvm/trunk/lib/DebugInfo/DWARF/DWARFDie.cpp (original)
> +++ llvm/trunk/lib/DebugInfo/DWARF/DWARFDie.cpp Mon Apr 30 10:02:41 2018
> @@ -10,6 +10,7 @@
> #include "llvm/DebugInfo/DWARF/DWARFDie.h"
> #include "llvm/ADT/None.h"
> #include "llvm/ADT/Optional.h"
> +#include "llvm/ADT/SmallSet.h"
> #include "llvm/ADT/StringRef.h"
> #include "llvm/BinaryFormat/Dwarf.h"
> #include "llvm/DebugInfo/DWARF/DWARFAbbreviationDeclaration.h"
> @@ -295,18 +296,37 @@ DWARFDie::find(ArrayRef<dwarf::Attribute
>
> Optional<DWARFFormValue>
> DWARFDie::findRecursively(ArrayRef<dwarf::Attribute> Attrs) const {
> - if (!isValid())
> - return None;
> - if (auto Value = find(Attrs))
> - return Value;
> - if (auto Die = getAttributeValueAsReferencedDie(DW_AT_abstract_origin))
> {
> - if (auto Value = Die.findRecursively(Attrs))
> - return Value;
> - }
> - if (auto Die = getAttributeValueAsReferencedDie(DW_AT_specification)) {
> - if (auto Value = Die.findRecursively(Attrs))
> + std::vector<DWARFDie> Worklist;
> + Worklist.push_back(*this);
> +
> + // Keep track if DIEs already seen to prevent infinite recursion.
> + // Empirically we rarely see a depth of more than 3 when dealing with
> valid
> + // DWARF. This corresponds to following the DW_AT_abstract_origin and
> + // DW_AT_specification just once.
> + SmallSet<DWARFDie, 3> Seen;
> +
> + while (!Worklist.empty()) {
> + DWARFDie Die = Worklist.back();
> + Worklist.pop_back();
> +
> + if (!Die.isValid())
> + continue;
> +
> + if (Seen.count(Die))
> + continue;
> +
> + Seen.insert(Die);
> +
> + if (auto Value = Die.find(Attrs))
> return Value;
> +
> + if (auto D =
> Die.getAttributeValueAsReferencedDie(DW_AT_abstract_origin))
> + Worklist.push_back(D);
> +
> + if (auto D =
> Die.getAttributeValueAsReferencedDie(DW_AT_specification))
> + Worklist.push_back(D);
> }
> +
> return None;
> }
>
>
> Added: llvm/trunk/test/tools/llvm-dwarfdump/X86/invalid_abstract_origin.s
> URL:
> http://llvm.org/viewvc/llvm-project/llvm/trunk/test/tools/llvm-dwarfdump/X86/invalid_abstract_origin.s?rev=331200&view=auto
>
> ==============================================================================
> --- llvm/trunk/test/tools/llvm-dwarfdump/X86/invalid_abstract_origin.s
> (added)
> +++ llvm/trunk/test/tools/llvm-dwarfdump/X86/invalid_abstract_origin.s Mon
> Apr 30 10:02:41 2018
> @@ -0,0 +1,296 @@
> +# This test ensures that dwarfdump doesn't crash for malformed DWARF
> where a
> +# DIE references itself.
> +#
> +# Source:
> +# void f();
> +# __attribute__((always_inline)) void g() {
> +# f();
> +# }
> +# void h() {
> +# g();
> +# };
> +#
> +# Compile with:
> +# clang inlined.c -S -g -o inlined.s
> +#
> +# RUN: llvm-mc %s -filetype obj -triple x86_64-apple-darwin -o - \
> +# RUN: | llvm-dwarfdump -debug-info - \
> +# RUN: | FileCheck %s
> +
> +# CHECK: 0x0000005a: DW_TAG_inlined_subroutine
> +# CHECK-NEXT: DW_AT_abstract_origin (0x0000005a)
> +
> + .section __TEXT,__text,regular,pure_instructions
> + .macosx_version_min 10, 13
> + .globl _g ## -- Begin function g
> + .p2align 4, 0x90
> +_g: ## @g
> +Lfunc_begin0:
> + .file 1 "inlined.c"
> + .loc 1 2 0 ## inlined.c:2:0
> + .cfi_startproc
> +## %bb.0: ## %entry
> + pushq %rbp
> + .cfi_def_cfa_offset 16
> + .cfi_offset %rbp, -16
> + movq %rsp, %rbp
> + .cfi_def_cfa_register %rbp
> +Ltmp0:
> + .loc 1 3 3 prologue_end ## inlined.c:3:3
> + movb $0, %al
> + callq _f
> + .loc 1 4 1 ## inlined.c:4:1
> + popq %rbp
> + retq
> +Ltmp1:
> +Lfunc_end0:
> + .cfi_endproc
> + ## -- End function
> + .globl _h ## -- Begin function h
> + .p2align 4, 0x90
> +_h: ## @h
> +Lfunc_begin1:
> + .loc 1 5 0 ## inlined.c:5:0
> + .cfi_startproc
> +## %bb.0: ## %entry
> + pushq %rbp
> + .cfi_def_cfa_offset 16
> + .cfi_offset %rbp, -16
> + movq %rsp, %rbp
> + .cfi_def_cfa_register %rbp
> +Ltmp2:
> + .loc 1 3 3 prologue_end ## inlined.c:3:3
> + movb $0, %al
> + callq _f
> +Ltmp3:
> + .loc 1 7 1 ## inlined.c:7:1
> + popq %rbp
> + retq
> +Ltmp4:
> +Lfunc_end1:
> + .cfi_endproc
> + ## -- End function
> + .section __DWARF,__debug_str,regular,debug
> +Linfo_string:
> + .asciz "clang version 7.0.0 " ## string offset=0
> + .asciz "inlined.c" ## string offset=21
> + .asciz "/private/tmp" ## string offset=31
> + .asciz "g" ## string offset=44
> + .asciz "h" ## string offset=46
> + .section __DWARF,__debug_abbrev,regular,debug
> +Lsection_abbrev:
> + .byte 1 ## Abbreviation Code
> + .byte 17 ## DW_TAG_compile_unit
> + .byte 1 ## DW_CHILDREN_yes
> + .byte 37 ## DW_AT_producer
> + .byte 14 ## DW_FORM_strp
> + .byte 19 ## DW_AT_language
> + .byte 5 ## DW_FORM_data2
> + .byte 3 ## DW_AT_name
> + .byte 14 ## DW_FORM_strp
> + .byte 16 ## DW_AT_stmt_list
> + .byte 23 ## DW_FORM_sec_offset
> + .byte 27 ## DW_AT_comp_dir
> + .byte 14 ## DW_FORM_strp
> + .byte 17 ## DW_AT_low_pc
> + .byte 1 ## DW_FORM_addr
> + .byte 18 ## DW_AT_high_pc
> + .byte 6 ## DW_FORM_data4
> + .byte 0 ## EOM(1)
> + .byte 0 ## EOM(2)
> + .byte 2 ## Abbreviation Code
> + .byte 46 ## DW_TAG_subprogram
> + .byte 0 ## DW_CHILDREN_no
> + .byte 17 ## DW_AT_low_pc
> + .byte 1 ## DW_FORM_addr
> + .byte 18 ## DW_AT_high_pc
> + .byte 6 ## DW_FORM_data4
> + .byte 64 ## DW_AT_frame_base
> + .byte 24 ## DW_FORM_exprloc
> + .byte 49 ## DW_AT_abstract_origin
> + .byte 19 ## DW_FORM_ref4
> + .byte 0 ## EOM(1)
> + .byte 0 ## EOM(2)
> + .byte 3 ## Abbreviation Code
> + .byte 46 ## DW_TAG_subprogram
> + .byte 0 ## DW_CHILDREN_no
> + .byte 3 ## DW_AT_name
> + .byte 14 ## DW_FORM_strp
> + .byte 58 ## DW_AT_decl_file
> + .byte 11 ## DW_FORM_data1
> + .byte 59 ## DW_AT_decl_line
> + .byte 11 ## DW_FORM_data1
> + .byte 63 ## DW_AT_external
> + .byte 25 ## DW_FORM_flag_present
> + .byte 32 ## DW_AT_inline
> + .byte 11 ## DW_FORM_data1
> + .byte 0 ## EOM(1)
> + .byte 0 ## EOM(2)
> + .byte 4 ## Abbreviation Code
> + .byte 46 ## DW_TAG_subprogram
> + .byte 1 ## DW_CHILDREN_yes
> + .byte 17 ## DW_AT_low_pc
> + .byte 1 ## DW_FORM_addr
> + .byte 18 ## DW_AT_high_pc
> + .byte 6 ## DW_FORM_data4
> + .byte 64 ## DW_AT_frame_base
> + .byte 24 ## DW_FORM_exprloc
> + .byte 3 ## DW_AT_name
> + .byte 14 ## DW_FORM_strp
> + .byte 58 ## DW_AT_decl_file
> + .byte 11 ## DW_FORM_data1
> + .byte 59 ## DW_AT_decl_line
> + .byte 11 ## DW_FORM_data1
> + .byte 63 ## DW_AT_external
> + .byte 25 ## DW_FORM_flag_present
> + .byte 0 ## EOM(1)
> + .byte 0 ## EOM(2)
> + .byte 5 ## Abbreviation Code
> + .byte 29 ## DW_TAG_inlined_subroutine
> + .byte 0 ## DW_CHILDREN_no
> + .byte 49 ## DW_AT_abstract_origin
> + .byte 19 ## DW_FORM_ref4
> + .byte 17 ## DW_AT_low_pc
> + .byte 1 ## DW_FORM_addr
> + .byte 18 ## DW_AT_high_pc
> + .byte 6 ## DW_FORM_data4
> + .byte 88 ## DW_AT_call_file
> + .byte 11 ## DW_FORM_data1
> + .byte 89 ## DW_AT_call_line
> + .byte 11 ## DW_FORM_data1
> + .byte 0 ## EOM(1)
> + .byte 0 ## EOM(2)
> + .byte 0 ## EOM(3)
> + .section __DWARF,__debug_info,regular,debug
> +Lsection_info:
> +Lcu_begin0:
> + .long 107 ## Length of Unit
> + .short 4 ## DWARF version number
> +Lset0 = Lsection_abbrev-Lsection_abbrev ## Offset Into Abbrev. Section
> + .long Lset0
> + .byte 8 ## Address Size (in bytes)
> + .byte 1 ## Abbrev [1] 0xb:0x64
> DW_TAG_compile_unit
> + .long 0 ## DW_AT_producer
> + .short 12 ## DW_AT_language
> + .long 21 ## DW_AT_name
> +Lset1 = Lline_table_start0-Lsection_line ## DW_AT_stmt_list
> + .long Lset1
> + .long 31 ## DW_AT_comp_dir
> + .quad Lfunc_begin0 ## DW_AT_low_pc
> +Lset2 = Lfunc_end1-Lfunc_begin0 ## DW_AT_high_pc
> + .long Lset2
> + .byte 2 ## Abbrev [2] 0x2a:0x13
> DW_TAG_subprogram
> + .quad Lfunc_begin0 ## DW_AT_low_pc
> +Lset3 = Lfunc_end0-Lfunc_begin0 ## DW_AT_high_pc
> + .long Lset3
> + .byte 1 ## DW_AT_frame_base
> + .byte 86
> + .long 61 ## DW_AT_abstract_origin
> + .byte 3 ## Abbrev [3] 0x3d:0x8
> DW_TAG_subprogram
> + .long 44 ## DW_AT_name
> + .byte 1 ## DW_AT_decl_file
> + .byte 2 ## DW_AT_decl_line
> + ## DW_AT_external
> + .byte 1 ## DW_AT_inline
> + .byte 4 ## Abbrev [4] 0x45:0x29
> DW_TAG_subprogram
> + .quad Lfunc_begin1 ## DW_AT_low_pc
> +Lset4 = Lfunc_end1-Lfunc_begin1 ## DW_AT_high_pc
> + .long Lset4
> + .byte 1 ## DW_AT_frame_base
> + .byte 86
> + .long 46 ## DW_AT_name
> + .byte 1 ## DW_AT_decl_file
> + .byte 5 ## DW_AT_decl_line
> + ## DW_AT_external
> + .byte 5 ## Abbrev [5] 0x5a:0x13
> DW_TAG_inlined_subroutine
> + .long 90 ## DW_AT_abstract_origin <- We
> modified the value so the DIE references itself.
> + .quad Ltmp2 ## DW_AT_low_pc
> +Lset5 = Ltmp3-Ltmp2 ## DW_AT_high_pc
> + .long Lset5
> + .byte 1 ## DW_AT_call_file
> + .byte 6 ## DW_AT_call_line
> + .byte 0 ## End Of Children Mark
> + .byte 0 ## End Of Children Mark
> + .section __DWARF,__debug_ranges,regular,debug
> +Ldebug_range:
> + .section __DWARF,__debug_macinfo,regular,debug
> +Ldebug_macinfo:
> +Lcu_macro_begin0:
> + .byte 0 ## End Of Macro List Mark
> + .section __DWARF,__apple_names,regular,debug
> +Lnames_begin:
> + .long 1212240712 ## Header Magic
> + .short 1 ## Header Version
> + .short 0 ## Header Hash Function
> + .long 2 ## Header Bucket Count
> + .long 2 ## Header Hash Count
> + .long 12 ## Header Data Length
> + .long 0 ## HeaderData Die Offset Base
> + .long 1 ## HeaderData Atom Count
> + .short 1 ## DW_ATOM_die_offset
> + .short 6 ## DW_FORM_data4
> + .long 0 ## Bucket 0
> + .long 1 ## Bucket 1
> + .long 177676 ## Hash in Bucket 0
> + .long 177677 ## Hash in Bucket 1
> + .long LNames0-Lnames_begin ## Offset in Bucket 0
> + .long LNames1-Lnames_begin ## Offset in Bucket 1
> +LNames0:
> + .long 44 ## g
> + .long 2 ## Num DIEs
> + .long 42
> + .long 90
> + .long 0
> +LNames1:
> + .long 46 ## h
> + .long 1 ## Num DIEs
> + .long 69
> + .long 0
> + .section __DWARF,__apple_objc,regular,debug
> +Lobjc_begin:
> + .long 1212240712 ## Header Magic
> + .short 1 ## Header Version
> + .short 0 ## Header Hash Function
> + .long 1 ## Header Bucket Count
> + .long 0 ## Header Hash Count
> + .long 12 ## Header Data Length
> + .long 0 ## HeaderData Die Offset Base
> + .long 1 ## HeaderData Atom Count
> + .short 1 ## DW_ATOM_die_offset
> + .short 6 ## DW_FORM_data4
> + .long -1 ## Bucket 0
> + .section __DWARF,__apple_namespac,regular,debug
> +Lnamespac_begin:
> + .long 1212240712 ## Header Magic
> + .short 1 ## Header Version
> + .short 0 ## Header Hash Function
> + .long 1 ## Header Bucket Count
> + .long 0 ## Header Hash Count
> + .long 12 ## Header Data Length
> + .long 0 ## HeaderData Die Offset Base
> + .long 1 ## HeaderData Atom Count
> + .short 1 ## DW_ATOM_die_offset
> + .short 6 ## DW_FORM_data4
> + .long -1 ## Bucket 0
> + .section __DWARF,__apple_types,regular,debug
> +Ltypes_begin:
> + .long 1212240712 ## Header Magic
> + .short 1 ## Header Version
> + .short 0 ## Header Hash Function
> + .long 1 ## Header Bucket Count
> + .long 0 ## Header Hash Count
> + .long 20 ## Header Data Length
> + .long 0 ## HeaderData Die Offset Base
> + .long 3 ## HeaderData Atom Count
> + .short 1 ## DW_ATOM_die_offset
> + .short 6 ## DW_FORM_data4
> + .short 3 ## DW_ATOM_die_tag
> + .short 5 ## DW_FORM_data2
> + .short 4 ## DW_ATOM_type_flags
> + .short 11 ## DW_FORM_data1
> + .long -1 ## Bucket 0
> +
> +.subsections_via_symbols
> + .section __DWARF,__debug_line,regular,debug
> +Lsection_line:
> +Lline_table_start0:
>
>
> _______________________________________________
> llvm-commits mailing list
> llvm-commits at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20180430/25dbec62/attachment.html>
More information about the llvm-commits
mailing list