search

correctcomputation / checkedc-clang

This is the primary development repository for 3C, a tool for automatically converting legacy C code to the Checked C extension of C, which aims to enforce spatial memory safety. This repository is a fork of Checked C's.
14 stars 5 forks source link

Pointers to arrays cause the tool to crash #227

Closed aaronjeline closed 4 years ago

aaronjeline commented 4 years ago

Converting: int (*coef)[10]; Causes the tool to crash with the following:

unknown array type
UNREACHABLE executed at /home/aeline/checkedc-clang/clang/lib/CConv/ConstraintVariables.cpp:273!
./cconv-standalone(+0x20a8d31)[0x5606d845ad31]
./cconv-standalone(+0x20a8dc4)[0x5606d845adc4]
./cconv-standalone(+0x20a6c9e)[0x5606d8458c9e]
./cconv-standalone(+0x20a86e8)[0x5606d845a6e8]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x128a0)[0x7fa02f25a8a0]
/lib/x86_64-linux-gnu/libc.so.6(gsignal+0xc7)[0x7fa02e10ff47]
/lib/x86_64-linux-gnu/libc.so.6(abort+0x141)[0x7fa02e1118b1]
./cconv-standalone(+0x20404e6)[0x5606d83f24e6]
./cconv-standalone(+0x22e53f7)[0x5606d86973f7]
./cconv-standalone(+0x22e47ce)[0x5606d86967ce]
./cconv-standalone(+0x23515cd)[0x5606d87035cd]
./cconv-standalone(+0x20e56ec)[0x5606d84976ec]
./cconv-standalone(+0x20e53da)[0x5606d84973da]
./cconv-standalone(+0x2153560)[0x5606d8505560]
./cconv-standalone(+0x210a4b6)[0x5606d84bc4b6]
./cconv-standalone(+0x20f0e50)[0x5606d84a2e50]
./cconv-standalone(+0x20cbe7a)[0x5606d847de7a]
./cconv-standalone(+0x469daa6)[0x5606daa4faa6]
./cconv-standalone(+0x2d150b5)[0x5606d90c70b5]
./cconv-standalone(+0x2d14a16)[0x5606d90c6a16]
./cconv-standalone(+0x2d6bc8a)[0x5606d911dc8a]
./cconv-standalone(+0x2efa2ec)[0x5606d92ac2ec]
./cconv-standalone(+0x2efa111)[0x5606d92ac111]
./cconv-standalone(+0x2ef9f18)[0x5606d92abf18]
./cconv-standalone(+0x2efb5ed)[0x5606d92ad5ed]
./cconv-standalone(+0x20c2fc3)[0x5606d8474fc3]
./cconv-standalone(+0xa7cb40)[0x5606d6e2eb40]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xe7)[0x7fa02e0f2b97]
./cconv-standalone(+0xa7c5da)[0x5606d6e2e5da]
mwhicks1 commented 4 years ago

I'm not sure I understand this syntax. What's the difference between this and int *coef[10] which presumably is no problem?

aaronjeline commented 4 years ago

Referencing cdecl.org: int *ceof[10]; -> "declare ceof as array 10 of pointer to int" int (*coef)[10]; -> "declare ceof as pointer to array 10 of int"

aaronjeline commented 4 years ago

And yes, the no-parens type converts fine. This behavior was found looking at libtiff, which references libjpeg, which uses this syntax.

mwhicks1 commented 4 years ago

Here's what I see with -ast-dump

int *x[10];
int (*y)[10];
|-VarDecl 0x7fd5fd0906a0 <a.c:1:1, col:10> col:6 x 'int *[10]'
`-VarDecl 0x7fd5fd090890 <line:2:1, col:12> col:7 y 'int (*)[10]'

Maybe this means that y is equivalent to

int arr[10];
int *y = arr;

(i.e., it's the same as auto-promoting to a pointer to an array) ???

mwhicks1 commented 4 years ago

But in ast-dump it looks different:

|-VarDecl 0x7ff33a890660 <a.c:1:1, col:11> col:5 used arr 'int [10]'
`-VarDecl 0x7ff33a890750 <line:2:1, col:10> col:6 y 'int *' cinit
  `-ImplicitCastExpr 0x7ff33a8907d8 <col:10> 'int *' <ArrayToPointerDecay>
    `-DeclRefExpr 0x7ff33a8907b8 <col:10> 'int [10]' lvalue Var 0x7ff33a890660 'arr' 'int [10]'
mwhicks1 commented 4 years ago

So: We obviously need to figure out what this is, exactly, to know how to handle it. Wacky.

aaronjeline commented 4 years ago 
void foo(void) {
  int (*coef)[10];
  int *other[10];
}

Dumps to the following:

`-FunctionDecl 0x55bc5922ad70 <array.c:3:1, line:6:1> line:3:6 foo 'void (void)'
  `-CompoundStmt 0x55bc5922b1a8 <col:16, line:6:1>
    |-DeclStmt 0x55bc5922b030 <line:4:3, col:18>
    | `-VarDecl 0x55bc5922afb8 <col:3, col:17> col:9 coef 'int (*)[10]'
    `-DeclStmt 0x55bc5922b190 <line:5:3, col:17>
      `-VarDecl 0x55bc5922b118 <col:3, col:16> col:8 other 'int *[10]'
john-h-kastner commented 4 years ago

This is #110