From: John McCall Date: Tue, 28 Jul 2009 06:52:18 +0000 (+0000) Subject: Bounds checking for address spaces. X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=efadb7768e7c7418185f5a4010ecd8b21ca9731b;p=clang Bounds checking for address spaces. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77303 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/include/clang/AST/Type.h b/include/clang/AST/Type.h index 737b259c05..70a5931225 100644 --- a/include/clang/AST/Type.h +++ b/include/clang/AST/Type.h @@ -97,6 +97,9 @@ public: Weak, Strong }; + + // 24 bits should be enough for anyone. + static const unsigned MaxAddressSpace = 0xffffffu; QualType() {} @@ -569,6 +572,10 @@ public: /// QualifierSet - This class is used to collect qualifiers. +/// Clang supports five independent qualifiers: +/// * C99: const, volatile, and restrict +/// * Embedded C (TR18037): address spaces +/// * Objective C: the GC attributes (none, weak, or strong) class QualifierSet { public: QualifierSet() : Mask(0) {} @@ -653,7 +660,7 @@ private: static const uint32_t GCAttrShift = 3; static const uint32_t AddressSpaceMask = ~(CVRMask | GCAttrMask); static const uint32_t AddressSpaceShift = 5; - static const unsigned MaxAddressSpace = ~0u >> AddressSpaceShift; + static const unsigned MaxAddressSpace = QualType::MaxAddressSpace; }; diff --git a/include/clang/Basic/DiagnosticSemaKinds.td b/include/clang/Basic/DiagnosticSemaKinds.td index b7e940457f..b654557730 100644 --- a/include/clang/Basic/DiagnosticSemaKinds.td +++ b/include/clang/Basic/DiagnosticSemaKinds.td @@ -512,6 +512,10 @@ def err_ext_vector_component_name_illegal : Error< "illegal vector component name '%0'">; def err_attribute_address_space_not_int : Error< "address space attribute requires an integer constant">; +def err_attribute_address_space_negative : Error< + "address space is negative">; +def err_attribute_address_space_too_high : Error< + "address space is larger than the maximum supported (%0)">; def err_attribute_address_multiple_qualifiers : Error< "multiple address spaces specified for type">; def err_implicit_pointer_address_space_cast : Error< diff --git a/lib/Sema/SemaType.cpp b/lib/Sema/SemaType.cpp index 226f214391..d3daa07a9c 100644 --- a/lib/Sema/SemaType.cpp +++ b/lib/Sema/SemaType.cpp @@ -1469,6 +1469,23 @@ static void HandleAddressSpaceTypeAttribute(QualType &Type, return; } + // Bounds checking. + if (addrSpace.isSigned()) { + if (addrSpace.isNegative()) { + S.Diag(Attr.getLoc(), diag::err_attribute_address_space_negative) + << ASArgExpr->getSourceRange(); + return; + } + addrSpace.setIsSigned(false); + } + llvm::APSInt max(addrSpace.getBitWidth()); + max = QualType::MaxAddressSpace; + if (addrSpace > max) { + S.Diag(Attr.getLoc(), diag::err_attribute_address_space_too_high) + << QualType::MaxAddressSpace << ASArgExpr->getSourceRange(); + return; + } + unsigned ASIdx = static_cast(addrSpace.getZExtValue()); Type = S.Context.getAddrSpaceQualType(Type, ASIdx); } diff --git a/test/Sema/address_spaces.c b/test/Sema/address_spaces.c index b79799f023..684a99faaa 100644 --- a/test/Sema/address_spaces.c +++ b/test/Sema/address_spaces.c @@ -15,6 +15,12 @@ void foo(_AS3 float *a) { _AS1 int array[5]; // expected-error {{automatic variable qualified with an address space}} _AS1 int arrarr[5][5]; // expected-error {{automatic variable qualified with an address space}} + __attribute__((address_space(-1))) int *_boundsA; // expected-error {{address space is negative}} + __attribute__((address_space(0xFFFFFF))) int *_boundsB; + __attribute__((address_space(0x1000000))) int *_boundsC; // expected-error {{address space is larger than the maximum supported}} + // chosen specifically to overflow 32 bits and come out reasonable + __attribute__((address_space(4294967500))) int *_boundsD; // expected-error {{address space is larger than the maximum supported}} + *a = 5.0f; }