pytorch
diff --git a/‎runtime/executor/program.cpp‎
Lines changed: 8 additions & 0 deletions b/‎runtime/executor/program.cpp‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎runtime/executor/program.h‎
Lines changed: 5 additions & 1 deletion b/‎runtime/executor/program.h‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎runtime/executor/program_validation.cpp‎
Lines changed: 210 additions & 0 deletions b/‎runtime/executor/program_validation.cpp‎
Lines changed: 210 additions & 0 deletions
diff --git a/‎runtime/executor/program_validation.h‎
Lines changed: 52 additions & 0 deletions b/‎runtime/executor/program_validation.h‎
Lines changed: 52 additions & 0 deletions
diff --git a/‎runtime/executor/targets.bzl‎
Lines changed: 3 additions & 1 deletion b/‎runtime/executor/targets.bzl‎
Lines changed: 3 additions & 1 deletion
@@ -14,6 +14,7 @@
 #include <executorch/runtime/core/event_tracer_hooks.h>
 #include <executorch/runtime/executor/memory_manager.h>
 #include <executorch/runtime/executor/method.h>
+#include <executorch/runtime/executor/program_validation.h>
 #include <executorch/runtime/platform/profiler.h>
 #include <executorch/schema/extended_header.h>
 #include <executorch/schema/program_generated.h>
@@ -150,6 +151,13 @@ Result<executorch_flatbuffer::ExecutionPlan*> get_execution_plan(
         ok,
         InvalidProgram,
         "Verification failed; data may be truncated or corrupt");
+    const executorch_flatbuffer::Program* flatbuffer_program =
+        executorch_flatbuffer::GetProgram(program_data->data());
+    Error err = validate_program(flatbuffer_program);
+    ET_CHECK_OR_RETURN_ERROR(
+        err == Error::Ok,
+        InvalidProgram,
+        "Program validation failed: likely a corrupt file");
 #else
     ET_LOG(
         Info, "InternalConsistency verification requested but not available");
 
@@ -8,7 +8,6 @@
 
 #pragma once
 
-#include <cinttypes>
 #include <cstdint>
 #include <optional>
 
@@ -58,10 +57,15 @@ class Program final {
      */
     Minimal,
     /**
+     * When ET_ENABLE_PROGRAM_VERIFICATION is enabled,
      * Do full verification of the data, ensuring that internal pointers are
      * self-consistent and that the data has not been truncated or obviously
      * corrupted. May not catch all types of corruption, but should guard
      * against illegal memory operations during parsing.
+     * Also performs additional semantic validation such as:
+     * - Tensor numel overflow checks (ensuring size calculations don't
+     * overflow)
+     * - List element type validation
      *
      * Will have higher runtime overhead, scaling with the complexity of the
      * proram data.
 
@@ -0,0 +1,210 @@
+/*
+ * Copyright (c) Meta Platforms, Inc. and affiliates.
+ * All rights reserved.
+ *
+ * This source code is licensed under the BSD-style license found in the
+ * LICENSE file in the root directory of this source tree.
+ */
+
+#include <executorch/runtime/executor/program_validation.h>
+
+#include <cstdint>
+
+#include <executorch/runtime/core/exec_aten/util/scalar_type_util.h>
+#include <executorch/runtime/platform/log.h>
+#include <executorch/schema/program_generated.h>
+
+#include <c10/util/safe_numerics.h>
+
+namespace executorch {
+namespace runtime {
+
+ET_NODISCARD Error
+validate_tensor(const executorch_flatbuffer::Tensor* tensor) {
+  if (tensor == nullptr) {
+    return Error::InvalidProgram;
+  }
+
+  const auto* sizes = tensor->sizes();
+  if (sizes == nullptr) {
+    return Error::InvalidProgram;
+  }
+
+  ssize_t numel = 1;
+  for (flatbuffers::uoffset_t i = 0; i < sizes->size(); i++) {
+    int32_t size = sizes->Get(i);
+
+    if (size < 0) {
+      ET_LOG(
+          Error,
+          "Size must be non-negative, got %d at dimension %u",
+          size,
+          static_cast<unsigned>(i));
+      return Error::InvalidProgram;
+    }
+
+    bool overflow =
+        c10::mul_overflows(numel, static_cast<ssize_t>(size), &numel);
+    if (overflow) {
+      ET_LOG(
+          Error,
+          "numel overflowed at dimension %u with size %d",
+          static_cast<unsigned>(i),
+          size);
+      return Error::InvalidProgram;
+    }
+  }
+
+  auto scalar_type =
+      static_cast<executorch::aten::ScalarType>(tensor->scalar_type());
+  if (!executorch::runtime::isValid(scalar_type)) {
+    return Error::InvalidProgram;
+  }
+
+  size_t nbytes;
+  bool nbytes_overflow = c10::mul_overflows(
+      static_cast<size_t>(numel),
+      executorch::runtime::elementSize(scalar_type),
+      &nbytes);
+  if (nbytes_overflow) {
+    ET_LOG(
+        Error,
+        "nbytes overflowed: numel %zd with element size %zu",
+        numel,
+        executorch::runtime::elementSize(scalar_type));
+    return Error::InvalidProgram;
+  }
+
+  return Error::Ok;
+}
+
+ET_NODISCARD Error
+validate_program(const executorch_flatbuffer::Program* program) {
+  if (program == nullptr) {
+    return Error::InvalidProgram;
+  }
+
+  // Validate all execution plans.
+  const auto* execution_plans = program->execution_plan();
+  if (execution_plans == nullptr) {
+    ET_LOG(Error, "Program has null execution_plan");
+    return Error::InvalidProgram;
+  }
+
+  for (flatbuffers::uoffset_t plan_idx = 0; plan_idx < execution_plans->size();
+       plan_idx++) {
+    const auto* plan = execution_plans->Get(plan_idx);
+    if (plan == nullptr) {
+      ET_LOG(
+          Error, "Execution plan %u is null", static_cast<unsigned>(plan_idx));
+      return Error::InvalidProgram;
+    }
+
+    // Validate all values in the plan.
+    const auto* values = plan->values();
+    if (values == nullptr) {
+      ET_LOG(
+          Error,
+          "Execution plan %u has null values table",
+          static_cast<unsigned>(plan_idx));
+      return Error::InvalidProgram;
+    }
+
+    for (flatbuffers::uoffset_t value_idx = 0; value_idx < values->size();
+         value_idx++) {
+      const auto* value = values->Get(value_idx);
+      if (value == nullptr) {
+        continue;
+      }
+
+      // Check if this value is a tensor.
+      if (value->val_type() == executorch_flatbuffer::KernelTypes::Tensor) {
+        const auto* tensor =
+            static_cast<const executorch_flatbuffer::Tensor*>(value->val());
+
+        Error err = validate_tensor(tensor);
+        if (err != Error::Ok) {
+          ET_LOG(
+              Error,
+              "Tensor validation failed for value %u in execution plan %u",
+              static_cast<unsigned>(value_idx),
+              static_cast<unsigned>(plan_idx));
+          return err;
+        }
+      }
+
+      // Check if this value is a TensorList.
+      if (value->val_type() == executorch_flatbuffer::KernelTypes::TensorList) {
+        const auto* tensor_list =
+            static_cast<const executorch_flatbuffer::TensorList*>(value->val());
+
+        if (tensor_list == nullptr) {
+          ET_LOG(
+              Error,
+              "TensorList is null for value %u in execution plan %u",
+              static_cast<unsigned>(value_idx),
+              static_cast<unsigned>(plan_idx));
+          return Error::InvalidProgram;
+        }
+
+        const auto* items = tensor_list->items();
+        if (items == nullptr) {
+          ET_LOG(Error, "TensorList items is null");
+          return Error::InvalidProgram;
+        }
+
+        // Validate that each item index points to a Tensor evalue.
+        for (flatbuffers::uoffset_t item_idx = 0; item_idx < items->size();
+             item_idx++) {
+          int32_t evalue_index = items->Get(item_idx);
+
+          // Check bounds.
+          if (evalue_index < 0 ||
+              static_cast<flatbuffers::uoffset_t>(evalue_index) >=
+                  values->size()) {
+            ET_LOG(
+                Error,
+                "TensorList item %u has out-of-bounds index %d (values size "
+                "%u) in execution plan %u",
+                static_cast<unsigned>(item_idx),
+                evalue_index,
+                static_cast<unsigned>(values->size()),
+                static_cast<unsigned>(plan_idx));
+            return Error::InvalidProgram;
+          }
+
+          // Check that the referenced evalue is actually a Tensor.
+          const auto* referenced_value = values->Get(evalue_index);
+          if (referenced_value == nullptr) {
+            ET_LOG(
+                Error,
+                "TensorList item %u references null evalue at index %d in "
+                "execution plan %u",
+                static_cast<unsigned>(item_idx),
+                evalue_index,
+                static_cast<unsigned>(plan_idx));
+            return Error::InvalidProgram;
+          }
+
+          if (referenced_value->val_type() !=
+              executorch_flatbuffer::KernelTypes::Tensor) {
+            ET_LOG(
+                Error,
+                "TensorList item %u references non-Tensor evalue (type %d) at "
+                "index %d in execution plan %u",
+                static_cast<unsigned>(item_idx),
+                static_cast<int>(referenced_value->val_type()),
+                evalue_index,
+                static_cast<unsigned>(plan_idx));
+            return Error::InvalidProgram;
+          }
+        }
+      }
+    }
+  }
+
+  return Error::Ok;
+}
+
+} // namespace runtime
+} // namespace executorch
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) Meta Platforms, Inc. and affiliates.
+ * All rights reserved.
+ *
+ * This source code is licensed under the BSD-style license found in the
+ * LICENSE file in the root directory of this source tree.
+ */
+
+#pragma once
+
+#include <executorch/runtime/core/error.h>
+
+// Forward declare flatbuffer types.
+namespace executorch_flatbuffer {
+struct ExecutionPlan;
+struct Program;
+struct Tensor;
+struct TensorList;
+} // namespace executorch_flatbuffer
+
+namespace executorch {
+namespace runtime {
+
+/**
+ * Validates that computing numel (number of elements) from the tensor's sizes
+ * will not overflow. This check should be performed before creating TensorImpl
+ * objects to prevent undefined behavior from integer overflow.
+ *
+ * @param[in] tensor The flatbuffer Tensor to validate.
+ * @return Error::Ok if the numel calculation is safe, Error::InvalidProgram
+ *     if computing numel would overflow.
+ */
+ET_NODISCARD Error validate_tensor(const executorch_flatbuffer::Tensor* tensor);
+
+/**
+ * Performs validation of all tensors and lists in the program, checking that
+ * their metadata is semantically valid and will not cause issues during
+ * execution.
+ *
+ * Currently validates:
+ * - Tensor numel overflow (all tensors)
+ * - TensorList element types (all TensorLists)
+ *
+ * @param[in] program The flatbuffer Program to validate.
+ * @return Error::Ok if validation passes, Error::InvalidProgram if any
+ *     validation check fails.
+ */
+ET_NODISCARD Error
+validate_program(const executorch_flatbuffer::Program* program);
+
+} // namespace runtime
+} // namespace executorch
@@ -90,6 +90,7 @@ def define_common_targets():
             ],
             headers = [
                 "platform_memory_allocator.h",
+                "program_validation.h",
             ],
             exported_headers = [
                 "method.h",
@@ -121,7 +122,8 @@ def define_common_targets():
             ],
             deps = [
                 "//executorch/schema:program",
-                "//executorch/runtime/core/exec_aten/util:tensor_dimension_limit"
+                "//executorch/runtime/core/exec_aten/util:tensor_dimension_limit",
+                "//executorch/runtime/core/portable_type/c10/c10:c10",
             ],
             visibility = ["PUBLIC"],
         )