Refactor syntactic and semantic checks of permissions strings out of the attribute handlers

xdoardo · xdoardo · commit 58fd6c5e4c2b · 2025-05-20T15:09:34.000+02:00
diff --git a/clang/lib/Sema/SemaDeclAttr.cpp b/clang/lib/Sema/SemaDeclAttr.cpp
@@ -2119,55 +2119,33 @@ static void handleCHERIOTMMIODevice(Sema &S, Decl *D, const ParsedAttr &Attr,
                                      &PermissionsLiteralLoc);
   }
 
-  if (Permissions.empty()) {
-    return D->addAttr(::new (S.Context) CHERIOTMMIODeviceAttr(
-        S.Context, Attr, DeviceName,
-        llvm::cheri::GlobalCapabilityImportAttr::defaultPermissions()));
-  }
-
-  auto ScratchPermissions = Permissions.str();
-  const auto *ValidPermissionSymbols =
-      llvm::cheri::GlobalCapabilityImportAttr::getValidPermissionSymbols();
-
-  for (char Symbol : *ValidPermissionSymbols) {
-
-    int SymbolOccurrences = 0;
-    auto new_end = std::remove_if(ScratchPermissions.begin(),
-                                  ScratchPermissions.end(), [&](char c) {
-                                    if (c == Symbol) {
-                                      ++SymbolOccurrences;
-                                      return true;
-                                    }
-                                    return false;
-                                  });
-
-    ScratchPermissions.erase(new_end, ScratchPermissions.end());
+  std::string OwnedPermissions = Permissions.str();
 
-    if (SymbolOccurrences > 1) {
-      S.Diag(Attr.getLoc(), diag::warn_cheriot_cap_permissions_duplicate_sym)
-          << Attr.getAttrName() << "'" + std::string({Symbol}) + "'"
-          << Permissions;
-    }
-  }
+  auto DuplicateSymbolCallback = [&Attr, &S,
+                                  Permissions](char DuplicateSymbol) {
+    S.Diag(Attr.getLoc(), diag::warn_cheriot_cap_permissions_duplicate_sym)
+        << Attr.getAttrName() << "'" + std::string({DuplicateSymbol}) + "'"
+        << Permissions;
+  };
 
-  if (!ScratchPermissions.empty()) {
+  auto ExtraneousSymbolCallback = [&Attr, &S,
+                                   Permissions](StringRef ExtraneousSymbols) {
     S.Diag(Attr.getLoc(),
            diag::err_cheriot_malformed_cap_permissions_unknown_sym)
-        << Attr.getAttrName() << ScratchPermissions << Permissions;
-    return;
-  }
-
-  std::string OwnedPermissions = Permissions.str();
-  auto ConstraintsCheck =
-      llvm::cheri::GlobalCapabilityImportAttr::semaCheckPermissions(
-          OwnedPermissions);
+        << Attr.getAttrName() << ExtraneousSymbols << Permissions;
+  };
 
-  if (ConstraintsCheck.has_value()) {
+  auto FailedSemanticCheckCallback = [&Attr, &S,
+                                      Permissions](StringRef Reason) {
     S.Diag(Attr.getLoc(),
            diag::err_cheriot_malformed_cap_permissions_invalid_dep)
-        << Attr.getAttrName() << ConstraintsCheck.value() << OwnedPermissions;
+        << Attr.getAttrName() << Reason << Permissions;
+  };
+
+  if (!llvm::cheri::GlobalCapabilityImportAttr::checkPermissions(
+          OwnedPermissions, DuplicateSymbolCallback, ExtraneousSymbolCallback,
+          FailedSemanticCheckCallback))
     return;
-  }
 
   return D->addAttr(::new (S.Context) CHERIOTMMIODeviceAttr(
       S.Context, Attr, DeviceName, OwnedPermissions));
@@ -2188,55 +2166,33 @@ static void handleCHERIOTSharedObject(Sema &S, Decl *D, const ParsedAttr &Attr,
                                      &PermissionsLiteralLoc);
   }
 
-  if (Permissions.empty()) {
-    return D->addAttr(::new (S.Context) CHERIOTSharedObjectAttr(
-        S.Context, Attr, ObjectName,
-        llvm::cheri::GlobalCapabilityImportAttr::defaultPermissions()));
-  }
-
-  auto ScratchPermissions = Permissions.str();
-  const auto *ValidPermissionSymbols =
-      llvm::cheri::GlobalCapabilityImportAttr::getValidPermissionSymbols();
-
-  for (char Symbol : *ValidPermissionSymbols) {
-
-    int SymbolOccurrences = 0;
-    auto new_end = std::remove_if(ScratchPermissions.begin(),
-                                  ScratchPermissions.end(), [&](char c) {
-                                    if (c == Symbol) {
-                                      ++SymbolOccurrences;
-                                      return true;
-                                    }
-                                    return false;
-                                  });
-
-    ScratchPermissions.erase(new_end, ScratchPermissions.end());
+  std::string OwnedPermissions = Permissions.str();
 
-    if (SymbolOccurrences > 1) {
-      S.Diag(Attr.getLoc(), diag::warn_cheriot_cap_permissions_duplicate_sym)
-          << Attr.getAttrName() << "'" + std::string({Symbol}) + "'"
-          << Permissions;
-    }
-  }
+  auto DuplicateSymbolCallback = [&Attr, &S,
+                                  Permissions](char DuplicateSymbol) {
+    S.Diag(Attr.getLoc(), diag::warn_cheriot_cap_permissions_duplicate_sym)
+        << Attr.getAttrName() << "'" + std::string({DuplicateSymbol}) + "'"
+        << Permissions;
+  };
 
-  if (!ScratchPermissions.empty()) {
+  auto ExtraneousSymbolCallback = [&Attr, &S,
+                                   Permissions](StringRef ExtraneousSymbols) {
     S.Diag(Attr.getLoc(),
            diag::err_cheriot_malformed_cap_permissions_unknown_sym)
-        << Attr.getAttrName() << ScratchPermissions << Permissions;
-    return;
-  }
-
-  std::string OwnedPermissions = Permissions.str();
-  auto ConstraintsCheck =
-      llvm::cheri::GlobalCapabilityImportAttr::semaCheckPermissions(
-          OwnedPermissions);
+        << Attr.getAttrName() << ExtraneousSymbols << Permissions;
+  };
 
-  if (ConstraintsCheck.has_value()) {
+  auto FailedSemanticCheckCallback = [&Attr, &S,
+                                      Permissions](StringRef Reason) {
     S.Diag(Attr.getLoc(),
            diag::err_cheriot_malformed_cap_permissions_invalid_dep)
-        << Attr.getAttrName() << ConstraintsCheck.value() << Permissions;
+        << Attr.getAttrName() << Reason << Permissions;
+  };
+
+  if (!llvm::cheri::GlobalCapabilityImportAttr::checkPermissions(
+          OwnedPermissions, DuplicateSymbolCallback, ExtraneousSymbolCallback,
+          FailedSemanticCheckCallback))
     return;
-  }
 
   D->addAttr(::new (S.Context) CHERIOTSharedObjectAttr(
       S.Context, Attr, ObjectName, OwnedPermissions));
diff --git a/llvm/include/llvm/IR/Cheri.h b/llvm/include/llvm/IR/Cheri.h
@@ -22,6 +22,7 @@
 #include "llvm/IR/Instruction.h"
 #include "llvm/IR/Module.h"
 #include "llvm/IR/Type.h"
+#include <algorithm>
 
 namespace llvm {
 
@@ -181,8 +182,9 @@ class GlobalCapabilityImportAttr {
   ///
   /// If successful, this function modifies in-place the given string ref to a
   /// known format.
-  static std::optional<std::string>
-  semaCheckPermissions(std::string &Permissions) {
+  static bool semanticCheckPermissions(
+      std::string &Permissions,
+      std::function<void(std::string)> FailedSemanticCheckCallback) {
 
     auto PermissionsRef = StringRef(Permissions);
     auto HasRead = PermissionsRef.contains(ReadPermissionSymbol);
@@ -191,23 +193,91 @@ class GlobalCapabilityImportAttr {
     auto HasCap = PermissionsRef.contains(CapPermissionSymbol);
 
     if (!HasRead && !HasWrite) {
-      return std::optional("does not contain either read (" +
-                           std::string(ReadPermissionSymbol) + ") or write (" +
-                           std::string(WritePermissionSymbol) + ")");
+      FailedSemanticCheckCallback(
+          "does not contain either read (" + std::string(ReadPermissionSymbol) +
+          ") or write (" + std::string(WritePermissionSymbol) + ")");
+      return false;
     }
 
     if (HasMut && (!HasRead || !HasCap)) {
-      return std::optional("contains mut (" + std::string(MutPermissionSymbol) +
-                           ") but does not have both read (" +
-                           std::string(ReadPermissionSymbol) + ") and cap (" +
-                           std::string(CapPermissionSymbol) + ")");
+      FailedSemanticCheckCallback(
+          "contains mut (" + std::string(MutPermissionSymbol) +
+          ") but does not have both read (" +
+          std::string(ReadPermissionSymbol) + ") and cap (" +
+          std::string(CapPermissionSymbol) + ")");
+      return false;
     }
 
     Permissions = (HasRead ? std::string(ReadPermissionSymbol) : "") +
                   (HasWrite ? std::string(WritePermissionSymbol) : "") +
                   (HasCap ? std::string(CapPermissionSymbol) : "") +
                   (HasMut ? std::string(MutPermissionSymbol) : "");
-    return std::nullopt;
+    return true;
+  }
+
+  /// Checks whether a permission encoding respects the syntactic constraints.
+  static bool syntaxCheckPermissions(
+      std::string &Permissions,
+      std::function<void(char)> DuplicateSymbolCallback,
+      std::function<void(StringRef)> ExtraneousSymbolCallback) {
+
+    const auto ValidSymbolsSize = ValidSymbols.size();
+    std::vector<bool> SymbolsCounter(ValidSymbolsSize, false);
+    std::string ExtraneousSymbols("");
+    const auto *ValidSymbolsBegin = std::begin(ValidSymbols);
+    bool Duplicate;
+
+    for (char C : Permissions) {
+      Duplicate = false;
+
+      const unsigned long Pos =
+          std::find(ValidSymbolsBegin, ValidSymbolsBegin + ValidSymbolsSize,
+                    C) -
+          ValidSymbolsBegin;
+
+      if (Pos < ValidSymbolsSize) {
+        if (SymbolsCounter[Pos]) {
+          Duplicate = true;
+        }
+
+        SymbolsCounter[Pos] = true;
+      } else {
+        ExtraneousSymbols.push_back(C);
+      }
+
+      if (Duplicate)
+        DuplicateSymbolCallback(C);
+    }
+
+    if (!ExtraneousSymbols.empty()) {
+      ExtraneousSymbolCallback(ExtraneousSymbols);
+      return false;
+    }
+
+    return true;
+  }
+
+  static bool checkPermissions(
+      std::string &Permissions,
+      std::function<void(char)> DuplicateSymbolCallback = [](char) {},
+      std::function<void(StringRef)> ExtraneousSymbolCallback =
+          [](StringRef) {},
+      std::function<void(std::string)> FailedSemanticCheckCallback =
+          [](std::string) {}) {
+
+    // If no permissions were set, use the default ones.
+    if (Permissions.empty()) {
+      Permissions = defaultPermissions();
+    }
+
+    // Perform the syntactic checks.
+    if (!syntaxCheckPermissions(Permissions, DuplicateSymbolCallback,
+                                ExtraneousSymbolCallback)) {
+      return false;
+    }
+
+    // Semantics checks.
+    return semanticCheckPermissions(Permissions, FailedSemanticCheckCallback);
   }
 
   /// Returns the default permissions.
