This is an archive of the discontinued LLVM Phabricator instance.

Differential D103472

[clang] Fix a crash during code completion
ClosedPublic

Authored by adamcz on Jun 1 2021, 10:51 AM.

Details

Reviewers
kadircet
Commits
rG721476e6b211: [clang] Fix a crash during code completion
Summary

During code completion, lookupInDeclContext() calls
CodeCompletionDeclConsumer::FoundDecl(),which can mutate StoredDeclsMap,
over which lookupInDeclContext() iterates. This can lead to invalidation
of iterators and an assert()-crash.

Example code where this happens:
#include <list>
int main() {

std::list<int>;
std::^

}
with code completion on ^ with -std=c++20.

I do not have a repro case that does not need standard library.

This fix stores pointers to NamedDecls in a temporary vector, then
visits them outside of the main loop, when StoredDeclsMap iterators are
gone.

Diff Detail

Event Timeline

adamcz requested review of this revision.Jun 1 2021, 10:51 AM
adamcz created this revision.
Herald added a project: Restricted Project. · View Herald TranscriptJun 1 2021, 10:51 AM
Herald added a subscriber: cfe-commits. · View Herald Transcript
adamcz added a reviewer: kadircet.Jun 1 2021, 10:58 AM

This is https://github.com/clangd/clangd/issues/771

Sending for review mostly to see if you have any comments on this approach. Trying to reproduce this without <list>, <vector> or something like this didn't work for me so far, I must be holding it wrong or something ;-) Still, submitting without a nice test case seems wrong.
The whole C++20, as far as I can tell, simply adds a bunch of code that's behind ifdef, which is what causes the crash. I don't think this is related to any C++20 features.

Harbormaster completed remote builds in B107074: Diff 349020.Jun 1 2021, 11:35 AM
robbert-vdh added a subscriber: robbert-vdh.Jun 6 2021, 1:10 PM
kadircet accepted this revision.Jun 7 2021, 1:11 AM

we discussed offline but i forgot to stamp this one. it would be nice to have a test case, but fix is relatively safe and getting a repro turned out to be hard (since it depends on a densemap growing).

thanks!

This revision is now accepted and ready to land.Jun 7 2021, 1:11 AM
This revision was landed with ongoing or failed builds.Jun 7 2021, 4:37 AM
Closed by commit rG721476e6b211: [clang] Fix a crash during code completion (authored by adamcz). · Explain Why
This revision was automatically updated to reflect the committed changes.
adamcz added a commit: rG721476e6b211: [clang] Fix a crash during code completion.

Revision Contents

PathSize
clang/
lib/
Sema/
14 lines

Diff 350249

clang/lib/Sema/SemaLookup.cpp

Show First 20 LinesShow All 3,829 Lines▼ Show 20 Lines if (isa<TranslationUnitDecl>(Ctx) &&
} }
return; return;
} }
if (CXXRecordDecl *Class = dyn_cast<CXXRecordDecl>(Ctx)) if (CXXRecordDecl *Class = dyn_cast<CXXRecordDecl>(Ctx))
Result.getSema().ForceDeclarationOfImplicitMembers(Class); Result.getSema().ForceDeclarationOfImplicitMembers(Class);
llvm::SmallVector<NamedDecl *, 4> DeclsToVisit;
// We sometimes skip loading namespace-level results (they tend to be huge). // We sometimes skip loading namespace-level results (they tend to be huge).
bool Load = LoadExternal || bool Load = LoadExternal ||
!(isa<TranslationUnitDecl>(Ctx) || isa<NamespaceDecl>(Ctx)); !(isa<TranslationUnitDecl>(Ctx) || isa<NamespaceDecl>(Ctx));
// Enumerate all of the results in this context. // Enumerate all of the results in this context.
for (DeclContextLookupResult R : for (DeclContextLookupResult R :
Load ? Ctx->lookups() Load ? Ctx->lookups()
: Ctx->noload_lookups(/*PreserveInternalState=*/false)) { : Ctx->noload_lookups(/*PreserveInternalState=*/false)) {
for (auto *D : R) { for (auto *D : R) {
if (auto *ND = Result.getAcceptableDecl(D)) { if (auto *ND = Result.getAcceptableDecl(D)) {
Consumer.FoundDecl(ND, Visited.checkHidden(ND), Ctx, InBaseClass); // Rather than visit immediatelly, we put ND into a vector and visit
Visited.add(ND); // all decls, in order, outside of this loop. The reason is that
// Consumer.FoundDecl() may invalidate the iterators used in the two
// loops above.
DeclsToVisit.push_back(ND);
}
} }
} }
for (auto *ND : DeclsToVisit) {
Consumer.FoundDecl(ND, Visited.checkHidden(ND), Ctx, InBaseClass);
Visited.add(ND);
} }
DeclsToVisit.clear();
// Traverse using directives for qualified name lookup. // Traverse using directives for qualified name lookup.
if (QualifiedNameLookup) { if (QualifiedNameLookup) {
ShadowContextRAII Shadow(Visited); ShadowContextRAII Shadow(Visited);
for (auto I : Ctx->using_directives()) { for (auto I : Ctx->using_directives()) {
if (!Result.getSema().isVisible(I)) if (!Result.getSema().isVisible(I))
continue; continue;
lookupInDeclContext(I->getNominatedNamespace(), Result, lookupInDeclContext(I->getNominatedNamespace(), Result,
▲ Show 20 LinesShow All 1,655 LinesShow Last 20 Lines