From 699da394ccd44de318da444bae28e472882ca830 Mon Sep 17 00:00:00 2001 From: bjorn3 Date: Fri, 3 Jul 2020 16:52:37 +0200 Subject: [PATCH] Validate simd and atomic intrinsic types --- src/intrinsics/mod.rs | 75 +++++++++++++++++++++++++++++++++++------- src/intrinsics/simd.rs | 23 +++++++++++++ 2 files changed, 87 insertions(+), 11 deletions(-) diff --git a/src/intrinsics/mod.rs b/src/intrinsics/mod.rs index a5aec52a7e44..5fb47729c110 100644 --- a/src/intrinsics/mod.rs +++ b/src/intrinsics/mod.rs @@ -138,6 +138,27 @@ macro atomic_minmax($fx:expr, $cc:expr, <$T:ident> ($ptr:ident, $src:ident) -> $ crate::atomic_shim::unlock_global_lock($fx); } +macro validate_atomic_type($fx:ident, $intrinsic:ident, $span:ident, $ty:expr) { + match $ty.kind { + ty::Uint(_) | ty::Int(_) => {} + _ => { + $fx.tcx.sess.span_err($span, &format!("`{}` intrinsic: expected basic integer type, found `{:?}`", $intrinsic, $ty)); + // Prevent verifier error + crate::trap::trap_unreachable($fx, "compilation should not have succeeded"); + return; + } + } +} + +macro validate_simd_type($fx:ident, $intrinsic:ident, $span:ident, $ty:expr) { + if !$ty.is_simd() { + $fx.tcx.sess.span_err($span, &format!("invalid monomorphization of `{}` intrinsic: expected SIMD input type, found non-SIMD `{}`", $intrinsic, $ty)); + // Prevent verifier error + crate::trap::trap_unreachable($fx, "compilation should not have succeeded"); + return; + } +} + fn lane_type_and_count<'tcx>( tcx: TyCtxt<'tcx>, layout: TyAndLayout<'tcx>, @@ -866,12 +887,15 @@ pub(crate) fn codegen_intrinsic_call<'tcx>( let inner_layout = fx.layout_of(ptr.layout().ty.builtin_deref(true).unwrap().ty); + validate_atomic_type!(fx, intrinsic, span, inner_layout.ty); let val = CValue::by_ref(Pointer::new(ptr.load_scalar(fx)), inner_layout); ret.write_cvalue(fx, val); crate::atomic_shim::unlock_global_lock(fx); }; _ if intrinsic.starts_with("atomic_store"), (v ptr, c val) { + validate_atomic_type!(fx, intrinsic, span, val.layout().ty); + crate::atomic_shim::lock_global_lock(fx); let dest = CPlace::for_ptr(Pointer::new(ptr), val.layout()); @@ -880,6 +904,8 @@ pub(crate) fn codegen_intrinsic_call<'tcx>( crate::atomic_shim::unlock_global_lock(fx); }; _ if intrinsic.starts_with("atomic_xchg"), (v ptr, c src) { + validate_atomic_type!(fx, intrinsic, span, T); + crate::atomic_shim::lock_global_lock(fx); // Read old @@ -893,7 +919,12 @@ pub(crate) fn codegen_intrinsic_call<'tcx>( crate::atomic_shim::unlock_global_lock(fx); }; - _ if intrinsic.starts_with("atomic_cxchg"), (v ptr, v test_old, v new) { // both atomic_cxchg_* and atomic_cxchgweak_* + _ if intrinsic.starts_with("atomic_cxchg"), (v ptr, c test_old, c new) { // both atomic_cxchg_* and atomic_cxchgweak_* + validate_atomic_type!(fx, intrinsic, span, T); + + let test_old = test_old.load_scalar(fx); + let new = new.load_scalar(fx); + crate::atomic_shim::lock_global_lock(fx); // Read old @@ -913,16 +944,26 @@ pub(crate) fn codegen_intrinsic_call<'tcx>( crate::atomic_shim::unlock_global_lock(fx); }; - _ if intrinsic.starts_with("atomic_xadd"), (v ptr, v amount) { + _ if intrinsic.starts_with("atomic_xadd"), (v ptr, c amount) { + validate_atomic_type!(fx, intrinsic, span, ret.layout().ty); + let amount = amount.load_scalar(fx); atomic_binop_return_old! (fx, iadd(ptr, amount) -> ret); }; - _ if intrinsic.starts_with("atomic_xsub"), (v ptr, v amount) { + _ if intrinsic.starts_with("atomic_xsub"), (v ptr, c amount) { + validate_atomic_type!(fx, intrinsic, span, ret.layout().ty); + let amount = amount.load_scalar(fx); atomic_binop_return_old! (fx, isub(ptr, amount) -> ret); }; - _ if intrinsic.starts_with("atomic_and"), (v ptr, v src) { + _ if intrinsic.starts_with("atomic_and"), (v ptr, c src) { + validate_atomic_type!(fx, intrinsic, span, ret.layout().ty); + let src = src.load_scalar(fx); atomic_binop_return_old! (fx, band(ptr, src) -> ret); }; - _ if intrinsic.starts_with("atomic_nand"), (v ptr, v src) { + _ if intrinsic.starts_with("atomic_nand"), (v ptr, c src) { + validate_atomic_type!(fx, intrinsic, span, T); + + let src = src.load_scalar(fx); + crate::atomic_shim::lock_global_lock(fx); let clif_ty = fx.clif_type(T).unwrap(); @@ -934,23 +975,35 @@ pub(crate) fn codegen_intrinsic_call<'tcx>( crate::atomic_shim::unlock_global_lock(fx); }; - _ if intrinsic.starts_with("atomic_or"), (v ptr, v src) { + _ if intrinsic.starts_with("atomic_or"), (v ptr, c src) { + validate_atomic_type!(fx, intrinsic, span, ret.layout().ty); + let src = src.load_scalar(fx); atomic_binop_return_old! (fx, bor(ptr, src) -> ret); }; - _ if intrinsic.starts_with("atomic_xor"), (v ptr, v src) { + _ if intrinsic.starts_with("atomic_xor"), (v ptr, c src) { + validate_atomic_type!(fx, intrinsic, span, ret.layout().ty); + let src = src.load_scalar(fx); atomic_binop_return_old! (fx, bxor(ptr, src) -> ret); }; - _ if intrinsic.starts_with("atomic_max"), (v ptr, v src) { + _ if intrinsic.starts_with("atomic_max"), (v ptr, c src) { + validate_atomic_type!(fx, intrinsic, span, ret.layout().ty); + let src = src.load_scalar(fx); atomic_minmax!(fx, IntCC::SignedGreaterThan, (ptr, src) -> ret); }; - _ if intrinsic.starts_with("atomic_umax"), (v ptr, v src) { + _ if intrinsic.starts_with("atomic_umax"), (v ptr, c src) { + validate_atomic_type!(fx, intrinsic, span, ret.layout().ty); + let src = src.load_scalar(fx); atomic_minmax!(fx, IntCC::UnsignedGreaterThan, (ptr, src) -> ret); }; - _ if intrinsic.starts_with("atomic_min"), (v ptr, v src) { + _ if intrinsic.starts_with("atomic_min"), (v ptr, c src) { + validate_atomic_type!(fx, intrinsic, span, ret.layout().ty); + let src = src.load_scalar(fx); atomic_minmax!(fx, IntCC::SignedLessThan, (ptr, src) -> ret); }; - _ if intrinsic.starts_with("atomic_umin"), (v ptr, v src) { + _ if intrinsic.starts_with("atomic_umin"), (v ptr, c src) { + validate_atomic_type!(fx, intrinsic, span, ret.layout().ty); + let src = src.load_scalar(fx); atomic_minmax!(fx, IntCC::UnsignedLessThan, (ptr, src) -> ret); }; diff --git a/src/intrinsics/simd.rs b/src/intrinsics/simd.rs index cf7decb04649..32f561bdd363 100644 --- a/src/intrinsics/simd.rs +++ b/src/intrinsics/simd.rs @@ -21,6 +21,7 @@ pub(super) fn codegen_simd_intrinsic_call<'tcx>( }; simd_cast, (c a) { + validate_simd_type!(fx, intrinsic, span, a.layout().ty); simd_for_each_lane(fx, a, ret, |fx, lane_layout, ret_lane_layout, lane| { let ret_lane_ty = fx.clif_type(ret_lane_layout.ty).unwrap(); @@ -33,26 +34,34 @@ pub(super) fn codegen_simd_intrinsic_call<'tcx>( }; simd_eq, (c x, c y) { + validate_simd_type!(fx, intrinsic, span, x.layout().ty); simd_cmp!(fx, Equal(x, y) -> ret); }; simd_ne, (c x, c y) { + validate_simd_type!(fx, intrinsic, span, x.layout().ty); simd_cmp!(fx, NotEqual(x, y) -> ret); }; simd_lt, (c x, c y) { + validate_simd_type!(fx, intrinsic, span, x.layout().ty); simd_cmp!(fx, UnsignedLessThan|SignedLessThan(x, y) -> ret); }; simd_le, (c x, c y) { + validate_simd_type!(fx, intrinsic, span, x.layout().ty); simd_cmp!(fx, UnsignedLessThanOrEqual|SignedLessThanOrEqual(x, y) -> ret); }; simd_gt, (c x, c y) { + validate_simd_type!(fx, intrinsic, span, x.layout().ty); simd_cmp!(fx, UnsignedGreaterThan|SignedGreaterThan(x, y) -> ret); }; simd_ge, (c x, c y) { + validate_simd_type!(fx, intrinsic, span, x.layout().ty); simd_cmp!(fx, UnsignedGreaterThanOrEqual|SignedGreaterThanOrEqual(x, y) -> ret); }; // simd_shuffle32(x: T, y: T, idx: [u32; 32]) -> U _ if intrinsic.starts_with("simd_shuffle"), (c x, c y, o idx) { + validate_simd_type!(fx, intrinsic, span, x.layout().ty); + let n: u16 = intrinsic["simd_shuffle".len()..].parse().unwrap(); assert_eq!(x.layout(), y.layout()); @@ -105,6 +114,7 @@ pub(super) fn codegen_simd_intrinsic_call<'tcx>( }; simd_insert, (c base, o idx, v _val) { + // FIXME validate let idx_const = if let Some(idx_const) = crate::constant::mir_operand_get_const_val(fx, idx) { idx_const } else { @@ -132,6 +142,7 @@ pub(super) fn codegen_simd_intrinsic_call<'tcx>( }; simd_extract, (c v, o idx) { + validate_simd_type!(fx, intrinsic, span, v.layout().ty); let idx_const = if let Some(idx_const) = crate::constant::mir_operand_get_const_val(fx, idx) { idx_const } else { @@ -155,34 +166,44 @@ pub(super) fn codegen_simd_intrinsic_call<'tcx>( }; simd_add, (c x, c y) { + validate_simd_type!(fx, intrinsic, span, x.layout().ty); simd_int_flt_binop!(fx, iadd|fadd(x, y) -> ret); }; simd_sub, (c x, c y) { + validate_simd_type!(fx, intrinsic, span, x.layout().ty); simd_int_flt_binop!(fx, isub|fsub(x, y) -> ret); }; simd_mul, (c x, c y) { + validate_simd_type!(fx, intrinsic, span, x.layout().ty); simd_int_flt_binop!(fx, imul|fmul(x, y) -> ret); }; simd_div, (c x, c y) { + validate_simd_type!(fx, intrinsic, span, x.layout().ty); simd_int_flt_binop!(fx, udiv|sdiv|fdiv(x, y) -> ret); }; simd_shl, (c x, c y) { + validate_simd_type!(fx, intrinsic, span, x.layout().ty); simd_int_binop!(fx, ishl(x, y) -> ret); }; simd_shr, (c x, c y) { + validate_simd_type!(fx, intrinsic, span, x.layout().ty); simd_int_binop!(fx, ushr|sshr(x, y) -> ret); }; simd_and, (c x, c y) { + validate_simd_type!(fx, intrinsic, span, x.layout().ty); simd_int_binop!(fx, band(x, y) -> ret); }; simd_or, (c x, c y) { + validate_simd_type!(fx, intrinsic, span, x.layout().ty); simd_int_binop!(fx, bor(x, y) -> ret); }; simd_xor, (c x, c y) { + validate_simd_type!(fx, intrinsic, span, x.layout().ty); simd_int_binop!(fx, bxor(x, y) -> ret); }; simd_fma, (c a, c b, c c) { + validate_simd_type!(fx, intrinsic, span, a.layout().ty); assert_eq!(a.layout(), b.layout()); assert_eq!(a.layout(), c.layout()); let layout = a.layout(); @@ -205,9 +226,11 @@ pub(super) fn codegen_simd_intrinsic_call<'tcx>( }; simd_fmin, (c x, c y) { + validate_simd_type!(fx, intrinsic, span, x.layout().ty); simd_flt_binop!(fx, fmin(x, y) -> ret); }; simd_fmax, (c x, c y) { + validate_simd_type!(fx, intrinsic, span, x.layout().ty); simd_flt_binop!(fx, fmax(x, y) -> ret); }; }