Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

llvm lint: buffer overflow in src/test/ui/foreign/foreign-truncated-arguments.rs #75839

Closed
matthiaskrgr opened this issue Aug 23, 2020 · 7 comments · Fixed by #127168
Closed

llvm lint: buffer overflow in src/test/ui/foreign/foreign-truncated-arguments.rs #75839

matthiaskrgr opened this issue Aug 23, 2020 · 7 comments · Fixed by #127168
Assignees
@dianqk
Labels
A-codegen Area: Code generation A-LLVM Area: Code generation parts specific to LLVM. Both correctness bugs and optimization-related issues. C-bug Category: This is a bug. I-unsound Issue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/Soundness P-high High priority S-has-mcve Status: A Minimal Complete and Verifiable Example has been found for this issue T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. WG-llvm Working group: LLVM backend code generation

Comments

@matthiaskrgr
Copy link
Member

matthiaskrgr commented Aug 23, 2020
edited by rustbot
Loading

code from tests/ui/foreign/foreign-truncated-arguments.rs

// run-pass
// compile-flags: -O
// Regression test for https://github.com/rust-lang/rust/issues/33868

#[repr(C)]
pub struct S {
    a: u32,
    b: f32,
    c: u32
}

#[no_mangle]
#[inline(never)]
pub extern "C" fn test(s: S) -> u32 {
    s.c
}

fn main() {
    assert_eq!(test(S{a: 0, b: 0.0, c: 42}), 42);
}

When checked with rustc -Cpasses=lint src/test/ui/foreign/foreign-truncated-arguments.rs, this generates the following llvm-ir lint warning:

Undefined behavior: Buffer overflow
  %13 = load { i64, i32 }, { i64, i32 }* %12, align 4

repo @ 2342cc3
@matthiaskrgr matthiaskrgr added the C-bug Category: This is a bug. label Aug 23, 2020
@cuviper
Copy link
Member

cuviper commented Aug 24, 2020

I captured the LLVM-IR in a single codegen unit, then ran opt -lint which has the same complaint, just on %4.

$ opt -disable-output -lint foreign-truncated-arguments.ll
Undefined behavior: Buffer overflow
  %4 = load { i64, i32 }, { i64, i32 }* %3, align 4

Here are the relevant snippets from that IR:

%S = type { [0 x i32], i32, [0 x i32], float, [0 x i32], i32, [0 x i32] }
[...]
; foreign_truncated_arguments::main
; Function Attrs: nonlazybind uwtable
define internal void @_ZN27foreign_truncated_arguments4main17h8a09fc9d120f0135E() unnamed_addr #1 {
start:
  %_26 = alloca i32*, align 8
  %_24 = alloca i32*, align 8
  %_22 = alloca { i64*, i64* }, align 8
  %_21 = alloca [2 x { i8*, i64* }], align 8
  %_14 = alloca %"core::fmt::Arguments", align 8
  %_4 = alloca %S, align 4
  %_3 = alloca i32, align 4
  %_1 = alloca { i32*, i32* }, align 8
  %0 = bitcast %S* %_4 to i32*
  store i32 0, i32* %0, align 4
  %1 = getelementptr inbounds %S, %S* %_4, i32 0, i32 3
  store float 0.000000e+00, float* %1, align 4
  %2 = getelementptr inbounds %S, %S* %_4, i32 0, i32 5
  store i32 42, i32* %2, align 4
  %3 = bitcast %S* %_4 to { i64, i32 }*
  %4 = load { i64, i32 }, { i64, i32 }* %3, align 4
  %5 = call i32 @test({ i64, i32 } %4)
  store i32 %5, i32* %_3, align 4
  br label %bb1

I expect S has size 12, but { i64, i32 } would have alignment padding up to size 16.

The lint goes away if I change all { i64, i32 } to packed <{ i64, i32 }>, but maybe we can do better than that.

@tmiasko tmiasko mentioned this issue Jun 9, 2021
Closed
@tmiasko tmiasko mentioned this issue Jul 17, 2021
Closed
@fmease fmease added A-LLVM Area: Code generation parts specific to LLVM. Both correctness bugs and optimization-related issues. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. and removed needs-triage-legacy labels Jan 31, 2024
@krasimirgg krasimirgg mentioned this issue Feb 13, 2024
Closed
@mmastrac
Copy link

We've been working on enabling ASAN in rusty_v8 (https://github.com/denoland/rusty_v8) and we suspect this is causing some real-world bugs when we call into V8 from Rust. In particular, some exceptions in V8 aren't correctly detected when we compile the Rust parts with opt-level=0.

@jieyouxu jieyouxu added A-codegen Area: Code generation I-unsound Issue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/Soundness S-has-mcve Status: A Minimal Complete and Verifiable Example has been found for this issue labels Apr 13, 2024
@rustbot rustbot added the I-prioritize Issue: Indicates that prioritization has been requested for this issue. label Apr 13, 2024
@apiraino
Copy link
Contributor

WG-prioritization assigning priority (Zulip discussion).

@rustbot label -I-prioritize +P-high

@rustbot rustbot added P-high High priority and removed I-prioritize Issue: Indicates that prioritization has been requested for this issue. labels Apr 15, 2024
@wesleywiser wesleywiser added the WG-llvm Working group: LLVM backend code generation label Jun 21, 2024
@dianqk
Copy link
Member

dianqk commented Jun 30, 2024
edited
Loading

{ i64, i32 } should have 16 bytes on x86_64.

@rustbot claim

@dianqk dianqk mentioned this issue Jun 30, 2024
Merged
bors added a commit to rust-lang-ci/rust that referenced this issue Jul 2, 2024
@bors
Auto merge of rust-lang#127168 - DianQK:cast-size, r=workingjubilee
7a59bfd 
Use the aligned size for alloca at args/ret when the pass mode is cast

Fixes rust-lang#75839. Fixes rust-lang#121028.

The `load` and `store` instructions in LLVM access the aligned size. For example, `load { i64, i32 }` accesses 16 bytes on x86_64: https://alive2.llvm.org/ce/z/n8CHAp.

BTW, this example is expected to be optimized to immediate UB by Alive2: https://rust.godbolt.org/z/b7xK7hv1c and https://alive2.llvm.org/ce/z/vZDtZH.

r? compiler
@bors bors closed this as completed in 33b0238 Jul 2, 2024
rust-timer added a commit to rust-lang-ci/rust that referenced this issue Jul 2, 2024
@rust-timer
Unrolled build for rust-lang#127168
34591e5 
Rollup merge of rust-lang#127168 - DianQK:cast-size, r=workingjubilee

Use the aligned size for alloca at args/ret when the pass mode is cast

Fixes rust-lang#75839. Fixes rust-lang#121028.

The `load` and `store` instructions in LLVM access the aligned size. For example, `load { i64, i32 }` accesses 16 bytes on x86_64: https://alive2.llvm.org/ce/z/n8CHAp.

BTW, this example is expected to be optimized to immediate UB by Alive2: https://rust.godbolt.org/z/b7xK7hv1c and https://alive2.llvm.org/ce/z/vZDtZH.

r? compiler
@apiraino
Copy link
Contributor

apiraino commented Jul 3, 2024

reopening to follow the beta backport of #127168

@apiraino apiraino reopened this Jul 3, 2024
@dianqk
Copy link
Member

dianqk commented Jul 4, 2024

We've been working on enabling ASAN in rusty_v8 (https://github.com/denoland/rusty_v8) and we suspect this is causing some real-world bugs when we call into V8 from Rust. In particular, some exceptions in V8 aren't correctly detected when we compile the Rust parts with opt-level=0.

@mmastrac Can you reproduce the problem on the latest nightly? I can't confirm that #127168 has fixed it.

@dianqk
Copy link
Member

dianqk commented Jul 5, 2024

@apiraino We can close it again.

@apiraino apiraino closed this as completed Jul 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dianqk dianqk

Labels
A-codegen Area: Code generation A-LLVM Area: Code generation parts specific to LLVM. Both correctness bugs and optimization-related issues. C-bug Category: This is a bug. I-unsound Issue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/Soundness P-high High priority S-has-mcve Status: A Minimal Complete and Verifiable Example has been found for this issue T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. WG-llvm Working group: LLVM backend code generation
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Use the aligned size for alloca at args/ret when the pass mode is cast dianqk/rust
10 participants
@cuviper @matthiaskrgr @mmastrac @wesleywiser @ChrisDenton @apiraino @dianqk @fmease @jieyouxu @rustbot