From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-patches-return-388526-listarch-gcc-patches=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 11480 invoked by alias); 8 Jan 2015 01:11:59 -0000
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-patches.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-help@gcc.gnu.org>
Sender: gcc-patches-owner@gcc.gnu.org
Received: (qmail 11461 invoked by uid 89); 8 Jan 2015 01:11:56 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-2.0 required=5.0 tests=AWL,BAYES_00,SPF_HELO_PASS,SPF_PASS,T_RP_MATCHES_RCVD autolearn=ham version=3.3.2
X-Spam-User: qpsmtpd, 2 recipients
X-HELO: mx1.redhat.com
Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-GCM-SHA384 encrypted) ESMTPS; Thu, 08 Jan 2015 01:11:53 +0000
Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24])	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id t081Bppg003008	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL);	Wed, 7 Jan 2015 20:11:52 -0500
Received: from c64.redhat.com (vpn-226-196.phx2.redhat.com [10.3.226.196])	by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id t081BpkO003269;	Wed, 7 Jan 2015 20:11:51 -0500
From: David Malcolm <dmalcolm@redhat.com>
To: jit@gcc.gnu.org, gcc-patches@gcc.gnu.org
Cc: David Malcolm <dmalcolm@redhat.com>
Subject: [PATCH, committed] jit: Add checking for dereference of void *
Date: Thu, 08 Jan 2015 01:11:00 -0000
Message-Id: <1420680029-46138-1-git-send-email-dmalcolm@redhat.com>
X-IsSubscribed: yes
X-SW-Source: 2015-01/txt/msg00348.txt.bz2

Reject attempts to dereference a void *, otherwise we get an ICE
 deep inside gimplification.

Committed to trunk as r219333.

FWIW, I ran into this as part of experiments at writing a libgccjit
backend for PyPy; see
  https://bitbucket.org/pypy/pypy/branch/libgccjit-backend

In particular, the testcase is a simplified version of a buggy
version of what became:
  https://bitbucket.org/pypy/pypy/commits/72cda48c154f1bcefec8b5db7c7a84d542c52938

gcc/jit/ChangeLog:
	* jit-recording.h (gcc::jit::recording::type::is_void): New
	virtual function.
	(gcc::jit::recording::memento_of_get_type::is_void): New
	function, overriding default implementation.
	* libgccjit.c (gcc_jit_rvalue_dereference): Verify that
	the underlying type is not "void".

gcc/testsuite/ChangeLog:
	* jit.dg/test-error-dereferencing-void-ptr.c: New test case.
---
 gcc/jit/jit-recording.h                            |  2 +
 gcc/jit/libgccjit.c                                |  7 ++
 .../jit.dg/test-error-dereferencing-void-ptr.c     | 96 ++++++++++++++++++++++
 3 files changed, 105 insertions(+)
 create mode 100644 gcc/testsuite/jit.dg/test-error-dereferencing-void-ptr.c

diff --git a/gcc/jit/jit-recording.h b/gcc/jit/jit-recording.h
index 3734e9a..9034e11 100644
--- a/gcc/jit/jit-recording.h
+++ b/gcc/jit/jit-recording.h
@@ -443,6 +443,7 @@ public:
   virtual bool is_bool () const = 0;
   virtual type *is_pointer () = 0;
   virtual type *is_array () = 0;
+  virtual bool is_void () const { return false; }
 
   bool is_numeric () const
   {
@@ -494,6 +495,7 @@ public:
   bool is_bool () const;
   type *is_pointer () { return dereference (); }
   type *is_array () { return NULL; }
+  bool is_void () const { return m_kind == GCC_JIT_TYPE_VOID; }
 
 public:
   void replay_into (replayer *r);
diff --git a/gcc/jit/libgccjit.c b/gcc/jit/libgccjit.c
index 6853bb0..99b2d56 100644
--- a/gcc/jit/libgccjit.c
+++ b/gcc/jit/libgccjit.c
@@ -1664,6 +1664,13 @@ gcc_jit_rvalue_dereference (gcc_jit_rvalue *rvalue,
     rvalue->get_debug_string (),
     rvalue->get_type ()->get_debug_string ());
 
+  RETURN_NULL_IF_FAIL_PRINTF2 (
+    !underlying_type->is_void (),
+    rvalue->m_ctxt, loc,
+    "dereference of void pointer %s (type: %s)",
+    rvalue->get_debug_string (),
+    rvalue->get_type ()->get_debug_string ());
+
   return (gcc_jit_lvalue *)rvalue->dereference (loc);
 }
 
diff --git a/gcc/testsuite/jit.dg/test-error-dereferencing-void-ptr.c b/gcc/testsuite/jit.dg/test-error-dereferencing-void-ptr.c
new file mode 100644
index 0000000..a813f67
--- /dev/null
+++ b/gcc/testsuite/jit.dg/test-error-dereferencing-void-ptr.c
@@ -0,0 +1,96 @@
+#include <libgccjit.h>
+#include "harness.h"
+
+void
+create_code (gcc_jit_context *ctxt, void *user_data)
+{
+  /* Replay of API calls for ctxt.  */
+  gcc_jit_type *type_long_long =
+    gcc_jit_context_get_type (ctxt, GCC_JIT_TYPE_LONG_LONG);
+  gcc_jit_type *type_void =
+    gcc_jit_context_get_type (ctxt, GCC_JIT_TYPE_VOID);
+  gcc_jit_type *type_void_ptr =
+    gcc_jit_context_get_type (ctxt, GCC_JIT_TYPE_VOID_PTR);
+  gcc_jit_field *field_u_signed =
+    gcc_jit_context_new_field (ctxt,
+			       NULL, /* gcc_jit_location *loc */
+			       type_long_long, /* gcc_jit_type *type, */
+			       "u_signed"); /* const char *name */
+  gcc_jit_field *field_u_ptr =
+    gcc_jit_context_new_field (ctxt,
+			       NULL, /* gcc_jit_location *loc */
+			       type_void_ptr, /* gcc_jit_type *type, */
+			       "u_ptr"); /* const char *name */
+  gcc_jit_field *fields_for_union_any[2] = {
+    field_u_signed,
+    field_u_ptr,
+  };
+  gcc_jit_type *union_any =
+    gcc_jit_context_new_union_type (ctxt,
+				    NULL, /* gcc_jit_location *loc */
+				    "any", /* const char *name */
+				    2, /* int num_fields */
+				    fields_for_union_any);
+  gcc_jit_function *func =
+    gcc_jit_context_new_function (ctxt, /* gcc_jit_context *ctxt */
+				  NULL, /* gcc_jit_location *loc */
+				  GCC_JIT_FUNCTION_EXPORTED,
+				  type_void, /* gcc_jit_type *return_type */
+				  "anonloop_0", /* const char *name */
+				  0, /* int num_params */
+				  NULL, /* gcc_jit_param **params */
+				  0); /* int is_variadic */
+  gcc_jit_block *block_initial =
+    gcc_jit_function_new_block (func, "initial");
+
+  gcc_jit_lvalue *local_tmp =
+    gcc_jit_function_new_local (func, /* gcc_jit_function *func */
+				NULL, /* gcc_jit_location *loc */
+				union_any, /* gcc_jit_type *type */
+				"tmp"); /* const char *name */
+
+  /* "tmp.u_signed = 0x213d640;" */
+  gcc_jit_block_add_assignment (
+    block_initial, /*gcc_jit_block *block */
+    NULL, /* gcc_jit_location *loc */
+    gcc_jit_lvalue_access_field (local_tmp, /*gcc_jit_lvalue *struct_or_union */
+				 NULL, /*gcc_jit_location *loc */
+				 field_u_signed),
+    gcc_jit_context_new_rvalue_from_long (
+      ctxt, /* gcc_jit_context *ctxt */
+      type_long_long, /* gcc_jit_type *numeric_type */
+      0x213d640)); /* long value */
+
+  /* "(*tmp.u_ptr) += 1;" which can't be done since u_ptr is a (void *).  */
+  gcc_jit_block_add_assignment_op (
+    block_initial, /*gcc_jit_block *block */
+    NULL, /* gcc_jit_location *loc */
+    /* "(*tmp.u_ptr)".  */
+    gcc_jit_rvalue_dereference (
+      gcc_jit_lvalue_as_rvalue (
+	gcc_jit_lvalue_access_field (
+	  local_tmp, /*gcc_jit_lvalue *struct_or_union */
+	  NULL, /*gcc_jit_location *loc */
+	  field_u_ptr)),
+      NULL), /* gcc_jit_location *loc */
+    GCC_JIT_BINARY_OP_PLUS, /* enum gcc_jit_binary_op op */
+    gcc_jit_context_new_rvalue_from_int (
+      ctxt, /* gcc_jit_context *ctxt */
+      type_long_long, /* gcc_jit_type *numeric_type */
+      1)); /* int value */
+
+  gcc_jit_block_end_with_void_return (block_initial, /*gcc_jit_block *block */
+				      NULL);
+}
+
+void
+verify_code (gcc_jit_context *ctxt, gcc_jit_result *result)
+{
+  CHECK_VALUE (result, NULL);
+
+  /* Verify that the correct error message was emitted.  */
+  CHECK_STRING_VALUE (gcc_jit_context_get_first_error (ctxt),
+		      "gcc_jit_rvalue_dereference:"
+		      " dereference of void pointer tmp.u_ptr"
+		      " (type: void *)");
+}
-- 
1.8.5.3