Serialization: Error when decoding invalid PlatformKind values.

tshortli · tshortli · commit f2c0aab26dd3 · 2024-02-28T09:47:51.000-08:00
Recently, unexpected binary module sharing between compilers that had
inconsistent views of the `PlatformKind` enumeration caused me to spend several
days debugging undefined behavior in the compiler. We should validate that
enumeration values decoded during deserialization are valid, and fail fast when
they are not to make debugging this kind of issue less time consuming. This
change just validates the `PlatformKind` value decoded for an `AvailableAttr`,
but more of deserialization could be updated to do similar validation.

Resolves rdar://123770273
diff --git a/include/swift/AST/PlatformKind.h b/include/swift/AST/PlatformKind.h
@@ -42,6 +42,10 @@ StringRef platformString(PlatformKind platform);
 /// or None if such a platform kind does not exist.
 std::optional<PlatformKind> platformFromString(StringRef Name);
 
+/// Safely converts the given unsigned value to a valid \c PlatformKind value or
+/// \c nullopt otherwise.
+std::optional<PlatformKind> platformFromUnsigned(unsigned value);
+
 /// Returns a valid platform string that is closest to the candidate string
 /// based on edit distance. Returns \c None if the closest valid platform
 /// distance is not within a minimum threshold.
diff --git a/lib/AST/PlatformKind.cpp b/lib/AST/PlatformKind.cpp
@@ -58,6 +58,17 @@ std::optional<PlatformKind> swift::platformFromString(StringRef Name) {
       .Default(std::optional<PlatformKind>());
 }
 
+std::optional<PlatformKind> swift::platformFromUnsigned(unsigned value) {
+  PlatformKind platform = PlatformKind(value);
+  switch (platform) {
+  case PlatformKind::none:
+#define AVAILABILITY_PLATFORM(X, PrettyName) case PlatformKind::X:
+#include "swift/AST/PlatformKinds.def"
+    return platform;
+  }
+  return std::nullopt;
+}
+
 std::optional<StringRef>
 swift::closestCorrectedPlatformString(StringRef candidate) {
   auto lowerCasedCandidate = candidate.lower();
diff --git a/lib/Serialization/Deserialization.cpp b/lib/Serialization/Deserialization.cpp
@@ -163,6 +163,8 @@ const char UnsafeDeserializationError::ID = '\0';
 void UnsafeDeserializationError::anchor() {}
 const char ModularizationError::ID = '\0';
 void ModularizationError::anchor() {}
+const char InvalidEnumValueError::ID = '\0';
+void InvalidEnumValueError::anchor() {}
 
 /// Skips a single record in the bitstream.
 ///
@@ -5295,8 +5297,9 @@ class DeclDeserializer {
     return macro;
   }
 
-  AvailableAttr *readAvailable_DECL_ATTR(SmallVectorImpl<uint64_t> &scratch,
-                                         StringRef blobData);
+  Expected<AvailableAttr *>
+  readAvailable_DECL_ATTR(SmallVectorImpl<uint64_t> &scratch,
+                          StringRef blobData);
 };
 }
 
@@ -5349,7 +5352,7 @@ ModuleFile::getDeclChecked(
   return declOrOffset;
 }
 
-AvailableAttr *
+Expected<AvailableAttr *>
 DeclDeserializer::readAvailable_DECL_ATTR(SmallVectorImpl<uint64_t> &scratch,
                                           StringRef blobData) {
   bool isImplicit;
@@ -5362,14 +5365,21 @@ DeclDeserializer::readAvailable_DECL_ATTR(SmallVectorImpl<uint64_t> &scratch,
   DEF_VER_TUPLE_PIECES(Deprecated);
   DEF_VER_TUPLE_PIECES(Obsoleted);
   DeclID renameDeclID;
-  unsigned platform, messageSize, renameSize;
+  unsigned rawPlatform, messageSize, renameSize;
 
   // Decode the record, pulling the version tuple information.
   serialization::decls_block::AvailableDeclAttrLayout::readRecord(
       scratch, isImplicit, isUnavailable, isDeprecated, isNoAsync,
-      isPackageDescriptionVersionSpecific, isSPI, LIST_VER_TUPLE_PIECES(Introduced),
-      LIST_VER_TUPLE_PIECES(Deprecated), LIST_VER_TUPLE_PIECES(Obsoleted),
-      platform, renameDeclID, messageSize, renameSize);
+      isPackageDescriptionVersionSpecific, isSPI,
+      LIST_VER_TUPLE_PIECES(Introduced), LIST_VER_TUPLE_PIECES(Deprecated),
+      LIST_VER_TUPLE_PIECES(Obsoleted), rawPlatform, renameDeclID, messageSize,
+      renameSize);
+
+  auto maybePlatform = platformFromUnsigned(rawPlatform);
+  if (!maybePlatform.has_value())
+    return llvm::make_error<InvalidEnumValueError>(rawPlatform, "PlatformKind");
+
+  PlatformKind platform = maybePlatform.value();
 
   ValueDecl *renameDecl = nullptr;
   if (renameDeclID) {
@@ -5391,7 +5401,7 @@ DeclDeserializer::readAvailable_DECL_ATTR(SmallVectorImpl<uint64_t> &scratch,
     platformAgnostic = PlatformAgnosticAvailabilityKind::Deprecated;
   else if (isNoAsync)
     platformAgnostic = PlatformAgnosticAvailabilityKind::NoAsync;
-  else if (((PlatformKind)platform) == PlatformKind::none &&
+  else if (platform == PlatformKind::none &&
            (!Introduced.empty() || !Deprecated.empty() || !Obsoleted.empty()))
     platformAgnostic =
         isPackageDescriptionVersionSpecific
@@ -5402,9 +5412,9 @@ DeclDeserializer::readAvailable_DECL_ATTR(SmallVectorImpl<uint64_t> &scratch,
     platformAgnostic = PlatformAgnosticAvailabilityKind::None;
 
   auto attr = new (ctx) AvailableAttr(
-      SourceLoc(), SourceRange(), (PlatformKind)platform, message, rename,
-      renameDecl, Introduced, SourceRange(), Deprecated, SourceRange(),
-      Obsoleted, SourceRange(), platformAgnostic, isImplicit, isSPI);
+      SourceLoc(), SourceRange(), platform, message, rename, renameDecl,
+      Introduced, SourceRange(), Deprecated, SourceRange(), Obsoleted,
+      SourceRange(), platformAgnostic, isImplicit, isSPI);
   return attr;
 }
 
@@ -5643,7 +5653,11 @@ llvm::Error DeclDeserializer::deserializeDeclCommon() {
       }
 
       case decls_block::Available_DECL_ATTR: {
-        Attr = readAvailable_DECL_ATTR(scratch, blobData);
+        auto attrOrError = readAvailable_DECL_ATTR(scratch, blobData);
+        if (!attrOrError)
+          return MF.diagnoseFatal(attrOrError.takeError());
+
+        Attr = attrOrError.get();
         break;
       }
 
@@ -5753,7 +5767,10 @@ llvm::Error DeclDeserializer::deserializeDeclCommon() {
           }
 
           auto attr = readAvailable_DECL_ATTR(scratch, blobData);
-          availabilityAttrs.push_back(attr);
+          if (!attr)
+            return MF.diagnoseFatal(attr.takeError());
+
+          availabilityAttrs.push_back(attr.get());
           restoreOffset2.cancel();
           --numAvailabilityAttrs;
         }
diff --git a/lib/Serialization/DeserializationErrors.h b/lib/Serialization/DeserializationErrors.h
@@ -646,6 +646,32 @@ class UnsafeDeserializationError : public llvm::ErrorInfo<UnsafeDeserializationE
   }
 };
 
+class InvalidEnumValueError
+    : public llvm::ErrorInfo<InvalidEnumValueError, DeclDeserializationError> {
+  friend ErrorInfo;
+  static const char ID;
+  void anchor() override;
+
+  unsigned enumValue;
+  const char *enumDescription;
+
+public:
+  explicit InvalidEnumValueError(unsigned enumValue,
+                                 const char *enumDescription) {
+    this->enumValue = enumValue;
+    this->enumDescription = enumDescription;
+  }
+
+  void log(raw_ostream &OS) const override {
+    OS << "invalid value " << enumValue << " for enumeration "
+       << enumDescription;
+  }
+
+  std::error_code convertToErrorCode() const override {
+    return llvm::inconvertibleErrorCode();
+  }
+};
+
 class PrettyStackTraceModuleFile : public llvm::PrettyStackTraceEntry {
   const char *Action;
   const ModuleFile &MF;
