[clang-repl] Fixing vulnerabilities with respect to orc runtime

[anutosh491]

I was trying to play around with clang-repl out of process on my linux machine and I came across these vulnerabilities.

[llvmbot]

@llvm/pr-subscribers-clang

Author: Anutosh Bhat (anutosh491)

Changes

I was trying to play around with clang-repl out of process on my linux machine and I came across these vulnerabilities.

---

Full diff: https://github.com/llvm/llvm-project/pull/165852.diff

2 Files Affected:

• (modified) clang/lib/Interpreter/Interpreter.cpp (+3-3)
• (modified) clang/tools/clang-repl/ClangRepl.cpp (+1)

diff --git a/clang/lib/Interpreter/Interpreter.cpp b/clang/lib/Interpreter/Interpreter.cpp
index cde354c9cd8d1..21e03bbfd532a 100644
--- a/clang/lib/Interpreter/Interpreter.cpp
+++ b/clang/lib/Interpreter/Interpreter.cpp
@@ -421,9 +421,6 @@ Interpreter::getOrcRuntimePath(const driver::ToolChain &TC) {
 
 llvm::Expected<std::unique_ptr<Interpreter>>
 Interpreter::create(std::unique_ptr<CompilerInstance> CI, JITConfig Config) {
-  llvm::Error Err = llvm::Error::success();
-
-  std::unique_ptr<llvm::orc::LLJITBuilder> JB;
 
   if (Config.IsOutOfProcess) {
     const TargetInfo &TI = CI->getTarget();
@@ -453,6 +450,9 @@ Interpreter::create(std::unique_ptr<CompilerInstance> CI, JITConfig Config) {
     }
   }
 
+  llvm::Error Err = llvm::Error::success();
+  std::unique_ptr<llvm::orc::LLJITBuilder> JB;
+
   auto Interp = std::unique_ptr<Interpreter>(new Interpreter(
       std::move(CI), Err, std::move(JB), /*Consumer=*/nullptr, Config));
   if (auto E = std::move(Err))
diff --git a/clang/tools/clang-repl/ClangRepl.cpp b/clang/tools/clang-repl/ClangRepl.cpp
index c7879422cd7df..c86a1314ac026 100644
--- a/clang/tools/clang-repl/ClangRepl.cpp
+++ b/clang/tools/clang-repl/ClangRepl.cpp
@@ -309,6 +309,7 @@ int main(int argc, const char **argv) {
   clang::Interpreter::JITConfig Config;
   Config.IsOutOfProcess = !OOPExecutor.empty() || !OOPExecutorConnect.empty();
   Config.OOPExecutor = OOPExecutor;
+  Config.OrcRuntimePath = OrcRuntimePath;
   auto SizeOrErr = getSlabAllocSize(SlabAllocateSizeString);
   if (!SizeOrErr) {
     llvm::logAllUnhandledErrors(SizeOrErr.takeError(), llvm::errs(), "error: ");

[anutosh491]

No 3 : (proposing a fix through upcoming commits)

I see that the orc runtime on a linux machine would end up somewhere here (as in my case)

(test) anutosh491@vv-nuc:/build/anutosh491/llvm-project/build/lib/clang/22/lib/x86_64-unknown-linux-gnu$ ls
liborc_rt.a

But on a mac machine, it might end up here (as in @kr-2003 's case)

/Users/abhinav/Desktop/Coding/CERN/llvm-project/build/lib/clang/20/lib/darwin/liborc_rt_osx.a

So we have access to these two location in the getOrcRuntimePath function

llvm-project/clang/lib/Interpreter/Interpreter.cpp

Lines 395 to 399 in 8ea447b

	llvm::Expected<std::string>
	Interpreter::getOrcRuntimePath(const driver::ToolChain &TC) {
	std::optional<std::string> CompilerRTPath = TC.getCompilerRTPath();
	std::optional<std::string> ResourceDir = TC.getRuntimePath();

getCompilerRTPath equates to <ResourceDir>/lib/<OSLibName>
getRuntimePath equates to <ResourceDir>/lib/<triple>/

And the orc runtime can be present in one of these 2 locations but getOrcRuntimePath just searches getCompilerRTPath for now !

llvm-project/clang/lib/Interpreter/Interpreter.cpp

Lines 405 to 415 in 8ea447b

	const std::array<const char *, 3> OrcRTLibNames = {
	"liborc_rt.a", "liborc_rt_osx.a", "liborc_rt-x86_64.a"};
	for (const char *LibName : OrcRTLibNames) {
	llvm::SmallString<256> CandidatePath((*CompilerRTPath).c_str());
	llvm::sys::path::append(CandidatePath, LibName);
	if (llvm::sys::fs::exists(CandidatePath)) {
	return CandidatePath.str().str();
	}
	}

We need to update this to prioritise both !

[anutosh491]

The latest commit respects both paths

1. checks existence for atleast one
2. Then through a lambda function which is run through both the paths we check for the runtimes existence
3. if nothing is found, we have a summary of locations we traversed that we can return along the error msg.

[vgvassilev]

Can you add tests?

[anutosh491]

Can you add tests?

Sadly I haven't been able to find a way here :\

As we're making changes to getORCRuntimePath the organic path should have been getting rid of the stub function that the test uses

llvm-project/clang/unittests/Interpreter/OutOfProcessInterpreterTests.cpp

Line 104 in 6ad25c5

static std::string getOrcRuntimePath() {

while creating the interpreter

llvm-project/clang/unittests/Interpreter/OutOfProcessInterpreterTests.cpp

Lines 137 to 138 in 6ad25c5

	Config.SlabAllocateSize = 0;
	Config.OrcRuntimePath = getOrcRuntimePath();

We should have been able to simply use the public function, getOrcRuntimePath from the interpreter class here !!

But @kr-2003 educated me that he already tried this out. He says

For normal clang-repl, the calculation of runtime path is done in Interpreter side. 

But same cant be done in ClangRepl unittest because:
unitest runs in some build/tools/clang/unittests/Interpreter/ClangReplInterpreterTests
and the orcRuntimePath is wrongly calculated.
because llvm::...::getMainExecutable is build/tools/clang/unittests/Interpreter/ClangReplInterpreterTests and it calculates the baseDir wrongly

That being said, we can check the correctness of this test simply by running
out-of-process.cpp file against llvm-lit.

Without the patch on current master

anutosh491@vv-nuc:/build/anutosh491/llvm-project/build$ ./bin/llvm-lit -v ../clang/test/Interpreter/out-of-process.cpp
llvm-lit: /build/anutosh491/llvm-project/llvm/utils/lit/lit/llvm/config.py:531: note: using clang: /build/anutosh491/llvm-project/build/bin/clang
llvm-lit: /build/anutosh491/llvm-project/llvm/utils/lit/lit/llvm/subst.py:126: note: Did not find cir-opt in /build/anutosh491/llvm-project/build/bin:/build/anutosh491/llvm-project/build/bin
-- Testing: 1 tests, 1 workers --
UNSUPPORTED: Clang :: Interpreter/out-of-process.cpp (1 of 1)

Testing Time: 0.01s

Total Discovered Tests: 1
  Unsupported: 1 (100.00%)

With the patch on current master

anutosh491@vv-nuc:/build/anutosh491/llvm-project/build$ ./bin/llvm-lit -v ../clang/test/Interpreter/out-of-process.cpp
llvm-lit: /build/anutosh491/llvm-project/llvm/utils/lit/lit/llvm/config.py:531: note: using clang: /build/anutosh491/llvm-project/build/bin/clang
llvm-lit: /build/anutosh491/llvm-project/llvm/utils/lit/lit/llvm/subst.py:126: note: Did not find cir-opt in /build/anutosh491/llvm-project/build/bin:/build/anutosh491/llvm-project/build/bin
-- Testing: 1 tests, 1 workers --
PASS: Clang :: Interpreter/out-of-process.cpp (1 of 1)

Testing Time: 1.10s

Total Discovered Tests: 1
  Passed: 1 (100.00%)
  

Fails if we force a dummy failure. for eg add(1,2) = 4 on line 23

anutosh491@vv-nuc:/build/anutosh491/llvm-project/build$ ./bin/llvm-lit -v ../clang/test/Interpreter/out-of-process.cpp
llvm-lit: /build/anutosh491/llvm-project/llvm/utils/lit/lit/llvm/config.py:531: note: using clang: /build/anutosh491/llvm-project/build/bin/clang
llvm-lit: /build/anutosh491/llvm-project/llvm/utils/lit/lit/llvm/subst.py:126: note: Did not find cir-opt in /build/anutosh491/llvm-project/build/bin:/build/anutosh491/llvm-project/build/bin
-- Testing: 1 tests, 1 workers --
FAIL: Clang :: Interpreter/out-of-process.cpp (1 of 1)
******************** TEST 'Clang :: Interpreter/out-of-process.cpp' FAILED ********************
Exit Code: 1

Command Output (stdout):
--
# RUN: at line 3
cat /build/anutosh491/llvm-project/clang/test/Interpreter/out-of-process.cpp | /build/anutosh491/llvm-project/build/bin/clang-repl -oop-executor -orc-runtime | /build/anutosh491/llvm-project/build/bin/FileCheck /build/anutosh491/llvm-project/clang/test/Interpreter/out-of-process.cpp
# executed command: cat /build/anutosh491/llvm-project/clang/test/Interpreter/out-of-process.cpp
# executed command: /build/anutosh491/llvm-project/build/bin/clang-repl -oop-executor -orc-runtime

[anutosh491]

If the above looks convincing, maybe let's take the patch in and keep exploring better ways to test these utility function like getORCRuntimePath etc ?

[anutosh491]

Hey @vgvassilev ,

As discussed with @Vipul-Cariappa and @kr-2003 , we think testing path based helper utilities like getORCRuntimePath is not the easiest when it comes to out of process.

Testing the out-of-process.cpp file through llvm-lit was the most organic approach we could think of as of now as mentioned here #165852 (comment)

Do you think this is good enough to take this in for now
or can you help us think of any way to improve this ?

[github-actions]

✅ With the latest revision this PR passed the C/C++ code formatter.

[anutosh491]

Addressed the suggestions above.

Trying to forcefully mess up the path in my case shows me this

anutosh491@vv-nuc:/build/anutosh491/llvm-project/build/bin$ ./clang-repl   --oop-executor=$PWD/llvm-jitlink-executor
clang version 22.0.0git (https://github.com/anutosh491/llvm-project.git 81ad8fbc2bb09bae61ed59316468011e4a42cf47)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /build/anutosh491/llvm-project/build/bin
Build config: +unoptimized, +assertions
clang-repl: OrcRuntime library not found in: /build/anutosh491/llvm-project/build/lib/clang/22/lib/linux; /build/anutosh491/llvm-project/build/lib/clang/22/lib/x86_64-unknown-linux-gnu

Which is covering both paths as we want.

[vgvassilev]

Lgtm!

[anutosh491]

Thanks for the review. Merging !