This is an archive of the discontinued LLVM Phabricator instance.

Differential D118755

[clangd] Crash in __memcmp_avx2_movbe
ClosedPublic

Authored by ivanmurashko on Feb 1 2022, 11:14 PM.

Details

Reviewers
alexfh
DmitryPolukhin
sammccall
bruno
ioeric
Commits
rG71d7c8d870db: [clangd] Crash in __memcmp_avx2_movbe
Summary

There is a clangd crash at __memcmp_avx2_movbe. Short problem description is below.

The method HeaderIncludes::addExistingInclude stores Include objects by reference at 2 places: ExistingIncludes (primary storage) and IncludesByPriority (pointer to the object's location at ExistingIncludes). ExistingIncludes is a map where value is a SmallVector. A new element is inserted by push_back. The operation might do resize. As result pointers stored at IncludesByPriority might become invalid.

Typical stack trace

    frame #0: 0x00007f11460dcd94 libc.so.6`__memcmp_avx2_movbe + 308
    frame #1: 0x00000000004782b8 clangd`llvm::StringRef::compareMemory(Lhs="
\"t2.h\"", Rhs="", Length=6) at StringRef.h:76:22
    frame #2: 0x0000000000701253 clangd`llvm::StringRef::compare(this=0x0000
7f10de7d8610, RHS=(Data = "", Length = 7166742329480737377)) const at String
Ref.h:206:34
  * frame #3: 0x00000000007603ab clangd`llvm::operator<(llvm::StringRef, llv
m::StringRef)(LHS=(Data = "\"t2.h\"", Length = 6), RHS=(Data = "", Length =
7166742329480737377)) at StringRef.h:907:23
    frame #4: 0x0000000002d0ad9f clangd`clang::tooling::HeaderIncludes::inse
rt(this=0x00007f10de7fb1a0, IncludeName=(Data = "t2.h\"", Length = 4), IsAng
led=false) const at HeaderIncludes.cpp:365:22
    frame #5: 0x00000000012ebfdd clangd`clang::clangd::IncludeInserter::inse
rt(this=0x00007f10de7fb148, VerbatimHeader=(Data = "\"t2.h\"", Length = 6))
const at Headers.cpp:262:70

A unit test test for the crash was created (HeaderIncludesTest.RepeatedIncludes). The proposed solution is to use std::list instead of llvm::SmallVector

Test Plan

./tools/clang/unittests/Tooling/ToolingTests --gtest_filter=HeaderIncludesTest.RepeatedIncludes

Diff Detail

Event Timeline

ivanmurashko created this revision.Feb 1 2022, 11:14 PM
Herald added subscribers: usaxena95, kadircet, arphaman. · View Herald TranscriptFeb 1 2022, 11:14 PM
ivanmurashko requested review of this revision.Feb 1 2022, 11:14 PM
Herald added subscribers: cfe-commits, MaskRay, ilya-biryukov. · View Herald TranscriptFeb 1 2022, 11:14 PM
ivanmurashko added inline comments.Feb 1 2022, 11:24 PM
clang/lib/Tooling/Inclusions/HeaderIncludes.cpp
328 ↗(On Diff #405153)

The crash is caused by vector resize initiated by this line

Harbormaster completed remote builds in B147062: Diff 405153.Feb 1 2022, 11:46 PM
ivanmurashko added a reviewer: ioeric.Feb 2 2022, 3:52 AM
DmitryPolukhin added a comment.Feb 3 2022, 12:15 PM

@ivanmurashko

Overall looks good to me but please re-upload patch on top of some stable revision where failed test passes (it seems unrelated to your changes).

struct Include is a light weight structure so having a copy seems to be the simplest solution.

ivanmurashko updated this revision to Diff 405814.Feb 3 2022, 3:12 PM

rebase

Harbormaster completed remote builds in B147518: Diff 405814.Feb 3 2022, 5:06 PM
ivanmurashko updated this revision to Diff 405886.Feb 4 2022, 12:59 AM

rebase

Harbormaster completed remote builds in B147575: Diff 405886.Feb 4 2022, 1:39 AM
sammccall added a comment.Feb 4 2022, 2:09 AM

Thanks! This fix makes sense to me.

clang-tools-extra/clangd/test/repeated_includes.test
1 ↗(On Diff #405886)

This should be tested more directly rather than via clangd, e.g. rather in clang/unittests/Tooling/HeaderIncludesTest.cpp

clang/include/clang/Tooling/Inclusions/HeaderIncludes.h
101

An alternative would be to use a std::forward_list<Include> here.

This guarantees pointer stability, it's an extra allocation but seems unlikely to matter.

It would be more robust if the data structure changes (e.g. becomes large, or is mutated after creation) but probably none of this will ever happen.

Up to you.

ivanmurashko updated this revision to Diff 406411.Feb 7 2022, 5:33 AM

There are some changes:

  • unit test for HeaderIncludes was added
  • lit test for clangd was removed
  • Solution uses std::list instead of copying by value
ivanmurashko added inline comments.Feb 7 2022, 5:35 AM
clang/include/clang/Tooling/Inclusions/HeaderIncludes.h
101

I changed my solution accordingly this suggestion.
Small note: The std::list seems to be more suitable here as soon as the last element of the structure is used at the code.

ivanmurashko marked an inline comment as done.Feb 7 2022, 5:36 AM
ivanmurashko marked an inline comment as not done.
sammccall accepted this revision.Feb 7 2022, 5:47 AM

Thanks, looks good!

This revision is now accepted and ready to land.Feb 7 2022, 5:47 AM
sammccall added inline comments.Feb 7 2022, 5:48 AM
clang/include/clang/Tooling/Inclusions/HeaderIncludes.h
101

May be worth a comment here that std::list is used for pointer stability, since it looks a little odd at first glance.

ivanmurashko edited the summary of this revision. (Show Details)Feb 7 2022, 5:56 AM
ivanmurashko updated this revision to Diff 406420.Feb 7 2022, 6:03 AM
ivanmurashko edited the summary of this revision. (Show Details)

Comment about std::list was added

ivanmurashko updated this revision to Diff 406421.Feb 7 2022, 6:06 AM

comment update

ivanmurashko marked an inline comment as done.Feb 7 2022, 9:42 AM
sammccall added a comment.Feb 7 2022, 10:25 AM

Do you have access to commit this or should I land it for you?

ivanmurashko added a comment.EditedFeb 7 2022, 10:30 AM
In D118755#3301776, @sammccall wrote:

Do you have access to commit this or should I land it for you?

@sammccall, I would appreciate your assistance in the land. You can use the following email address: ivan.murashko at gmail.com

Harbormaster completed remote builds in B147952: Diff 406421.Feb 7 2022, 3:52 PM
Closed by commit rG71d7c8d870db: [clangd] Crash in __memcmp_avx2_movbe (authored by ivanmurashko). · Explain WhyFeb 10 2022, 9:41 AM
This revision was automatically updated to reflect the committed changes.
ivanmurashko added a commit: rG71d7c8d870db: [clangd] Crash in __memcmp_avx2_movbe.

Revision Contents

PathSize
clang/
include/
clang/
Tooling/
Inclusions/
3 lines
unittests/
Tooling/
9 lines

Diff 406411

clang/include/clang/Tooling/Inclusions/HeaderIncludes.h

//===--- HeaderIncludes.h - Insert/Delete #includes for C++ code--*- C++-*-===// //===--- HeaderIncludes.h - Insert/Delete #includes for C++ code--*- C++-*-===//
// //
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#ifndef LLVM_CLANG_TOOLING_INCLUSIONS_HEADERINCLUDES_H #ifndef LLVM_CLANG_TOOLING_INCLUSIONS_HEADERINCLUDES_H
#define LLVM_CLANG_TOOLING_INCLUSIONS_HEADERINCLUDES_H #define LLVM_CLANG_TOOLING_INCLUSIONS_HEADERINCLUDES_H
#include "clang/Basic/SourceManager.h" #include "clang/Basic/SourceManager.h"
#include "clang/Tooling/Core/Replacement.h" #include "clang/Tooling/Core/Replacement.h"
#include "clang/Tooling/Inclusions/IncludeStyle.h" #include "clang/Tooling/Inclusions/IncludeStyle.h"
#include "llvm/Support/Path.h" #include "llvm/Support/Path.h"
#include "llvm/Support/Regex.h" #include "llvm/Support/Regex.h"
#include <list>
#include <unordered_map> #include <unordered_map>
namespace clang { namespace clang {
namespace tooling { namespace tooling {
/// This class manages priorities of C++ #include categories and calculates /// This class manages priorities of C++ #include categories and calculates
/// priorities for headers. /// priorities for headers.
/// FIXME(ioeric): move this class into implementation file when clang-format's /// FIXME(ioeric): move this class into implementation file when clang-format's
▲ Show 20 LinesShow All 67 Lines▼ Show 20 Linesprivate:
void addExistingInclude(Include IncludeToAdd, unsigned NextLineOffset); void addExistingInclude(Include IncludeToAdd, unsigned NextLineOffset);
std::string FileName; std::string FileName;
std::string Code; std::string Code;
// Map from include name (quotation trimmed) to a list of existing includes // Map from include name (quotation trimmed) to a list of existing includes
// (in case there are more than one) with the name in the current file. <x> // (in case there are more than one) with the name in the current file. <x>
// and "x" will be treated as the same header when deleting #includes. // and "x" will be treated as the same header when deleting #includes.
llvm::StringMap<llvm::SmallVector<Include, 1>> ExistingIncludes; llvm::StringMap<std::list<Include>> ExistingIncludes;
sammccallUnsubmitted
Not Done
ReplyInline Actions

An alternative would be to use a std::forward_list<Include> here.

This guarantees pointer stability, it's an extra allocation but seems unlikely to matter.

It would be more robust if the data structure changes (e.g. becomes large, or is mutated after creation) but probably none of this will ever happen.

Up to you.

sammccall: An alternative would be to use a std::forward_list<Include> here. This guarantees pointer…
ivanmurashkoAuthorUnsubmitted
Not Done
ReplyInline Actions

I changed my solution accordingly this suggestion.
Small note: The std::list seems to be more suitable here as soon as the last element of the structure is used at the code.

ivanmurashko: I changed my solution accordingly this suggestion. Small note: The `std::list` seems to be…
sammccallUnsubmitted
Done
ReplyInline Actions

May be worth a comment here that std::list is used for pointer stability, since it looks a little odd at first glance.

sammccall: May be worth a comment here that std::list is used for pointer stability, since it looks a…
/// Map from priorities of #include categories to all #includes in the same /// Map from priorities of #include categories to all #includes in the same
/// category. This is used to find #includes of the same category when /// category. This is used to find #includes of the same category when
/// inserting new #includes. #includes in the same categories are sorted in /// inserting new #includes. #includes in the same categories are sorted in
/// in the order they appear in the source file. /// in the order they appear in the source file.
/// See comment for "FormatStyle::IncludeCategories" for details about include /// See comment for "FormatStyle::IncludeCategories" for details about include
/// priorities. /// priorities.
std::unordered_map<int, llvm::SmallVector<const Include *, 8>> std::unordered_map<int, llvm::SmallVector<const Include *, 8>>
Show All 25 Lines

clang/unittests/Tooling/HeaderIncludesTest.cpp

Show First 20 LinesShow All 45 Lines▼ Show 20 Lines
TEST_F(HeaderIncludesTest, NoExistingIncludeWithoutDefine) { TEST_F(HeaderIncludesTest, NoExistingIncludeWithoutDefine) {
std::string Code = "int main() {}"; std::string Code = "int main() {}";
std::string Expected = "#include \"a.h\"\n" std::string Expected = "#include \"a.h\"\n"
"int main() {}"; "int main() {}";
EXPECT_EQ(Expected, insert(Code, "\"a.h\"")); EXPECT_EQ(Expected, insert(Code, "\"a.h\""));
} }
TEST_F(HeaderIncludesTest, RepeatedIncludes) {
std::string Code;
for (int i = 0; i < 100; ++i) {
Code += "#include \"a.h\"\n";
}
std::string Expected = Code + "#include \"a2.h\"\n";
EXPECT_EQ(Expected, insert(Code, "\"a2.h\""));
}
TEST_F(HeaderIncludesTest, NoExistingIncludeWithDefine) { TEST_F(HeaderIncludesTest, NoExistingIncludeWithDefine) {
std::string Code = "#ifndef A_H\n" std::string Code = "#ifndef A_H\n"
"#define A_H\n" "#define A_H\n"
"class A {};\n" "class A {};\n"
"#define MMM 123\n" "#define MMM 123\n"
"#endif"; "#endif";
std::string Expected = "#ifndef A_H\n" std::string Expected = "#ifndef A_H\n"
"#define A_H\n" "#define A_H\n"
▲ Show 20 LinesShow All 494 LinesShow Last 20 Lines