[6.1][Package CMO] Add deserialization checks to ensure correct memory layout #78700
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
elsh
commented
Jan 17, 2025
elsh
commented
- Explanation: Package CMO enables bypassing resilience barrier when accessing a decl, with an assumption that the decl's memory layout is correct. However, when its members are not correctly deserialized, bypassing resilience can lead to accessing an incorrect memory offset, potentially leading to a runtime crash. Currently, members are deserialized lazily and the deserialization errors are silently dropped with an attempt to recover later on, which may not always succeed. The cherry-picked PR loads members if not loaded already and checks for deserialization errors when resilience bypassing is triggered, and emits a diagnostic if an error is found, thus preventing a direct access to the wrong memory layout.
- Scope: Modules that import modules with Package CMO enabled.
- Issues: rdar://132411524
- Original PRs: Package CMO: add deserialization checks to ensure correct memory layout #78258
- Risk: Low; a deserialization error is found at build time instead of at runtime, and a flag to opt out is also provided in the PR.
- Testing: unit tests added.
- Reviewers: @aschwaighofer
…e memory layout of the decl being accessed is correct. When this assumption fails due to a deserialization error of its members, the use site accesses the layout with a wrong field offset, resulting in UB or a crash. The deserialization error is currently not caught at compile time due to LangOpts.EnableDeserializationRecovery being enabled by default to allow for recovery of some of the deserialization errors at a later time. In case of member deserialization, however, it's not necessarily recovered later on. This PR tracks whether member deserialization had an error by recursively loading members and checking for deserialization error, and fails and emits a diagnostic. It prevents resilience bypassing when the deserialized decl's layout is incorrect. It also provides an opt-out flag for deserialization checks for temporary migration purposes. Resolves rdar://132411524
|
@swift-ci test |
nkcsgexi
approved these changes
Jan 17, 2025
elsh
changed the title
elsh
changed the title
|
@swift-ci test windows |
1 similar comment
|
@swift-ci test windows |
|
Error has been downgraded to warning: #79019 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.