Fix for malloc incorrectly preventing checked region addition (issue #486)
#527
Conversation
clang/test/3C/type_params_macro.c
Outdated
| @@ -18,15 +18,15 @@ void test_none() { | |||
| int *i = 0; | |||
| foo(i); | |||
| } | |||
| // CHECK: void test_none() _Checked { | |||
| // CHECK: void test_none() { | |||
There was a problem hiding this comment.
Should this not have been checked? If not, why wouldn't have the compilation by clang, post conversion, discovered the issue? Perhaps the test was not doing that part?
There was a problem hiding this comment.
I guess this is a general question: It would be nice to confirm that the added annotation makes the Checked C compiler happy, so we should make sure that these tests are doing that, for -addcr runs.
There was a problem hiding this comment.
This happens because of the regression I mentioned above. It's fine to call a function who's parameters are unchecked but have itypes in a checked region, but the change I made to fix one issue revealed this one. If it was an issue that caused miscompilation we would have caught it, and in fact the tests did catch such an issue. Working on fixing this now but I though you might want this change in sooner because of the example code.
There was a problem hiding this comment.
Fixed in latest commit
clang/test/3C/supernested.c
Outdated
| @@ -39,7 +39,7 @@ int vsf_sysdep_has_capabilities_as_non_root(void) { | |||
| static void do_sanity_checks(void) { | |||
| //CHECK: static void do_sanity_checks(void) _Checked { | |||
| { | |||
| //CHECK: { | |||
| //CHECK: _Unchecked { | |||
There was a problem hiding this comment.
Is this _Unchecked because of an unsafe external call, e.g., die ? Just curious if you know the reason.
There was a problem hiding this comment.
Because of a call to a function with unchecked types (and itypes) is incorrectly inferred as being unchecked, as above
There was a problem hiding this comment.
Fixed in latest commit
| if (Cv.hasValue()) | ||
| return Cv.getValue().hasWild(E) || Cv.getValue().hasParamWild(E); | ||
| else | ||
| return false; |
There was a problem hiding this comment.
I'm wondering where the presence of type instantiations (i.e., that you return malloc<int>(...) and not malloc(...)) is showing up?
There was a problem hiding this comment.
Line 227 in the handling of call expressions
mattmccutchen-cci
changed the title
malloc incorrectly preventing checked region addition (issue #486)
|
As we look over the PR list, it would be helpful to have titles more descriptive than "Fix for issue #N". @aaronjeline Is the new title I gave to this PR reasonable? |
now produces the following when run with -alltypes -addcr:
This patch also revealed some other soundness issues with checked region insertion that have been fixed.
It also introduces a minor regression, which is that calling a function with
ityped arguments will cause a region to be inferred asUnchecked. Will open a second issue for this because it will never cause compilation issues and I know this fix was high priority.