This is an archive of the discontinued LLVM Phabricator instance.

Differential D10508

[Clang/CodeGen] Prevent crash if destructor class is not accessible
ClosedPublic

Authored by davide on Jun 17 2015, 10:30 AM.

Details

Reviewers
rjmccall
rsmith
Commits
rG982bbf404eba: [Sema] Commit a better fix for r240242
rG8c93d5eddc75: [Codegen] Don't crash if destructor is not accessible.
rC240742: [Sema] Commit a better fix for r240242
rC240242: [Codegen] Don't crash if destructor is not accessible.
rL240742: [Sema] Commit a better fix for r240242
rL240242: [Codegen] Don't crash if destructor is not accessible.
Summary

Fixes

struct A {

~A();

};

struct B {

A a;

};

struct C {

union {
  B b;
};

~C() noexcept;

};

C::~C() noexcept {}

Diff Detail

Event Timeline

davide updated this revision to Diff 27844.Jun 17 2015, 10:30 AM
davide retitled this revision from to [Clang/CodeGen] Prevent crash if destructor class is not accessible.
davide updated this object.
davide edited the test plan for this revision. (Show Details)
davide added a reviewer: rjmccall.
davide set the repository for this revision to rL LLVM.
davide added a subscriber: Unknown Object (MLST).
davide added a comment.Jun 17 2015, 10:33 AM

+ Anders Carlsson who originally wrote the code (apparently he's not
on phabricator).
Also the summary of this review should be read as "Prevent crash if
class destructor is not accessible".

rnk added a subscriber: rnk.Jun 17 2015, 11:49 AM

Any reason not to add the test case you have?

davide added a comment.Jun 17 2015, 2:32 PM
In D10508#189569, @rnk wrote:

Any reason not to add the test case you have?

No. Missed 'svn add' before sending the review. My bad.

davide updated this revision to Diff 27872.Jun 17 2015, 2:33 PM
davide removed rL LLVM as the repository for this revision.

Test the right condition, add a comment && a test.

rnk added a reviewer: rsmith.Jun 18 2015, 10:15 AM
rnk added inline comments.
lib/CodeGen/CGClass.cpp
1296–1302

I suspect you want to reorder these checks. The triviality check is a bittest, and getDestructor() may perform lookup.

davide updated this revision to Diff 28053.Jun 19 2015, 3:14 PM

Reordered checks as suggested.
Anders Carlsson LGTM'd the change. Reid, do you think we can go forward and check this in?

rnk added a comment.Jun 20 2015, 8:15 PM

Lgtm

Sent from phone

Closed by commit rL240242: [Codegen] Don't crash if destructor is not accessible. (authored by davide). · Explain WhyJun 21 2015, 9:38 AM
This revision was automatically updated to reflect the committed changes.
rjmccall edited edge metadata.Jun 22 2015, 10:43 AM

Um. I don't mind us being a little more defensive in IR-gen, but the right fix for this code is that it needs to be handled / diagnosed by Sema.

davide added a comment.Jun 22 2015, 11:23 AM

Thank you for your reply John. Sorry if I submitted this before hearing back from you.
I can either revert or maybe keep it this way (under the assumption the code added isn't wrong) and add open a bug/put a TODO/FIXME in the code.
Also, I would appreciate any guidance on how this can be correctly diagnosed in Sema.

Thanks!

rsmith added inline comments.Jun 22 2015, 11:38 AM
cfe/trunk/lib/CodeGen/CGClass.cpp
1345 ↗(On Diff #28090)

The right place to fix this is here. The corresponding code from Sema is:

// The destructor for an implicit anonymous union member is never invoked.
if (FieldClassDecl->isUnion() && FieldClassDecl->isAnonymousStructOrUnion())
  continue;

Since the AST doesn't explicitly list the field destructor class that a destructor will perform, we need to mirror that check here. (Alternatively, we could change Sema to declare a trivial destructor for an anonymous union member, but that seems a little wasteful.)

rjmccall added a comment.Jun 22 2015, 2:09 PM

Richard: this code is already testing hasTrivialDestructor. If you would be comfortable with declaring a trivial destructor except for performance reasons, maybe hasTrivialDestructor should be returning true?

rjmccall added a comment.Jun 22 2015, 3:39 PM

I'm fine with saying that the destructor is non-trivial when it's deleted like this; it just seemed inconsistent with your statement that we could make Sema declare a trivial destructor but it would be wasteful. Certainly I don't think we want hasTrivialDestructor and getDestructor()->isTrivial() to return different things.

If we're going to leave hasTrivialDestructor returning false, then I agree that the best fix is to repeat the logic from Sema that completely skips the field.

rjmccall added a comment.Jun 22 2015, 3:40 PM

If we do that, we should remove the defensive code from IR-gen, because the less-defensive code is serving the admirable purpose of detecting this problem by causing this assertion.

davide added a comment.Jun 22 2015, 6:45 PM

New review: http://reviews.llvm.org/D10626

davide mentioned this in D10626: [Clang/CodeGen] Prevent crash if destructor class is not accessible (Part two).Jun 22 2015, 6:46 PM

Revision Contents

PathSize
lib/
CodeGen/
4 lines
test/
CodeGenCXX/
19 lines

Diff 28053

lib/CodeGen/CGClass.cpp

Show First 20 LinesShow All 488 Lines▼ Show 20 Lines
static bool static bool
FieldHasTrivialDestructorBody(ASTContext &Context, const FieldDecl *Field); FieldHasTrivialDestructorBody(ASTContext &Context, const FieldDecl *Field);
static bool static bool
HasTrivialDestructorBody(ASTContext &Context, HasTrivialDestructorBody(ASTContext &Context,
const CXXRecordDecl *BaseClassDecl, const CXXRecordDecl *BaseClassDecl,
const CXXRecordDecl *MostDerivedClassDecl) const CXXRecordDecl *MostDerivedClassDecl)
{ {
// If the destructor is trivial we don't have to check anything else. // If the destructor is trivial we don't have to check anything else.
if (BaseClassDecl->hasTrivialDestructor()) if (BaseClassDecl->hasTrivialDestructor())
return true; return true;
// Give up if the destructor is not accessible.
if (!BaseClassDecl->getDestructor())
return false;
rnkUnsubmitted
Not Done
ReplyInline Actions

I suspect you want to reorder these checks. The triviality check is a bittest, and getDestructor() may perform lookup.

rnk: I suspect you want to reorder these checks. The triviality check is a bittest, and…
if (!BaseClassDecl->getDestructor()->hasTrivialBody()) if (!BaseClassDecl->getDestructor()->hasTrivialBody())
return false; return false;
// Check fields. // Check fields.
for (const auto *Field : BaseClassDecl->fields()) for (const auto *Field : BaseClassDecl->fields())
if (!FieldHasTrivialDestructorBody(Context, Field)) if (!FieldHasTrivialDestructorBody(Context, Field))
return false; return false;
▲ Show 20 LinesShow All 492 LinesShow Last 20 Lines

test/CodeGenCXX/destructor-crash.cpp

// RUN: %clang_cc1 %s -emit-llvm -std=c++11 -o %t
struct A {
~A();
};
struct B {
A a;
};
struct C {
union {
B b;
};
~C() noexcept;
};
C::~C() noexcept {}