Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix a subtle uninitialized-memory-read in Buffer::for_each_value() #7330

Merged
merged 4 commits into from
Feb 10, 2023
Merged

Fix a subtle uninitialized-memory-read in Buffer::for_each_value() #7330

Changes from 2 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
71f9482
Fix a subtle uninitialized-memory-read in Buffer::for_each_value()
steven-johnson Feb 8, 2023
259f641
Oopsie
steven-johnson Feb 9, 2023
afde331
Update HalideBuffer.h
steven-johnson Feb 9, 2023
d0ff065
Update HalideBuffer.h
steven-johnson Feb 9, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 22 additions & 13 deletions src/runtime/HalideBuffer.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2172,9 +2172,10 @@ class Buffer {
}
}

// Return pair is <new_dimensions, innermost_strides_are_one>
template<int N>
HALIDE_NEVER_INLINE static bool for_each_value_prep(for_each_value_task_dim<N> *t,
const halide_buffer_t **buffers) {
HALIDE_NEVER_INLINE static std::pair<int, bool> for_each_value_prep(for_each_value_task_dim<N> *t,
const halide_buffer_t **buffers) {
// Check the buffers all have clean host allocations
for (int i = 0; i < N; i++) {
if (buffers[i]->device) {
Expand All @@ -2190,6 +2191,9 @@ class Buffer {

const int dimensions = buffers[0]->dimensions;

// Caller currently enforces this
assert(dimensions > 0);

// Extract the strides in all the dimensions
for (int i = 0; i < dimensions; i++) {
for (int j = 0; j < N; j++) {
Expand Down Expand Up @@ -2219,7 +2223,7 @@ class Buffer {
}
if (flat) {
t[i - 1].extent *= t[i].extent;
for (int j = i; j < d; j++) {
for (int j = i; j < d - 1; j++) {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

t[d-1].extent will be set on line 2231, what is about .stride?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, we want to leave that alone -- @abadams to confirm.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we still need to set the extent, given that we're not going to iterate over that dimension?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oooh, good point. We can probably elide that now. Let me do some hackery to verify.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, that was definitely unnecessary.

t[j] = t[j + 1];
}
i--;
Expand All @@ -2235,26 +2239,31 @@ class Buffer {
}
}

return innermost_strides_are_one;
return {d, innermost_strides_are_one};
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this d can be after d-- on 2226, is this expected?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, this is deliberate; if we 'flatten' multiple dimensions into one, we want to know the new, smaller number of dimensions.

}

template<typename Fn, typename... Args, int N = sizeof...(Args) + 1>
void for_each_value_impl(Fn &&f, Args &&...other_buffers) const {
if (dimensions() > 0) {
const size_t alloc_size = dimensions() * sizeof(for_each_value_task_dim<N>);
Buffer<>::for_each_value_task_dim<N> *t =
(Buffer<>::for_each_value_task_dim<N> *)HALIDE_ALLOCA((dimensions() + 1) * sizeof(for_each_value_task_dim<N>));
(Buffer<>::for_each_value_task_dim<N> *)HALIDE_ALLOCA(alloc_size);
// Move the preparatory code into a non-templated helper to
// save code size.
const halide_buffer_t *buffers[] = {&buf, (&other_buffers.buf)...};
bool innermost_strides_are_one = Buffer<>::for_each_value_prep(t, buffers);

Buffer<>::for_each_value_helper(f, dimensions() - 1,
innermost_strides_are_one,
t,
data(), (other_buffers.data())...);
} else {
f(*data(), (*other_buffers.data())...);
auto [new_dims, innermost_strides_are_one] = Buffer<>::for_each_value_prep(t, buffers);
if (new_dims > 0) {
Buffer<>::for_each_value_helper(f, new_dims - 1,
innermost_strides_are_one,
t,
data(), (other_buffers.data())...);
return;
}
abadams marked this conversation as resolved.
Show resolved Hide resolved
// else fall thru
}

// zero-dimensional case
f(*data(), (*other_buffers.data())...);
abadams marked this conversation as resolved.
Show resolved Hide resolved
}
// @}

Expand Down