This is an archive of the discontinued LLVM Phabricator instance.

Differential D123898

Fix crash in ObjC codegen introduced with 5ab6ee75994d645725264e757d67bbb1c96fb2b6
ClosedPublic

Authored by theraven on Apr 16 2022, 9:00 AM.

Details

Reviewers
rjmccall
triplef
Commits
rG94c3b169785c: Fix crash in ObjC codegen introduced with…
Summary

5ab6ee75994d645725264e757d67bbb1c96fb2b6 assumed that if RValue::isScalar() returns true then RValue::getScalarVal will return a valid value. This is not the case when the return value is void and so void message returns would crash if they hit this path. This is triggered only for cases where the nil-handling path needs to do something non-trivial (destroy arguments that should be consumed by the callee).

Diff Detail

Event Timeline

theraven created this revision.Apr 16 2022, 9:00 AM
Herald added a project: Restricted Project. · View Herald TranscriptApr 16 2022, 9:00 AM
theraven requested review of this revision.Apr 16 2022, 9:00 AM
Herald added a project: Restricted Project. · View Herald TranscriptApr 16 2022, 9:00 AM
Herald added a subscriber: cfe-commits. · View Herald Transcript
Harbormaster completed remote builds in B159932: Diff 423241.Apr 16 2022, 11:50 AM
rjmccall added a comment.Apr 16 2022, 9:41 PM

LGTM. Could you add a test case?

theraven added a comment.Apr 17 2022, 9:03 AM

I'd like to. The test case from the original bug report was very large but I'm not sure how to trigger this with anything comprehensibly small. You need something where the callee is responsible for destroying the argument and I'm not sure what combination of properties / ABIs results in that. The original test was -(void)foo:(std::string)aString on the MSVC ABI, but I don't know how much of the Visual Studio std::string implementation is necessary to trigger this behaviour. Is it just a non-trivial destructor?

rjmccall added a comment.Apr 18 2022, 10:41 AM
In D123898#3455933, @theraven wrote:

I'd like to. The test case from the original bug report was very large but I'm not sure how to trigger this with anything comprehensibly small. You need something where the callee is responsible for destroying the argument and I'm not sure what combination of properties / ABIs results in that. The original test was -(void)foo:(std::string)aString on the MSVC ABI, but I don't know how much of the Visual Studio std::string implementation is necessary to trigger this behaviour. Is it just a non-trivial destructor?

Yeah, a non-trivial destructor should be good enough. Or a consumed ObjC pointer argument in ARC might also work, although I don't know if that takes the same path.

triplef accepted this revision.Apr 26 2022, 1:53 AM

Thanks, LGTM!

I tested these changes with our app’s code base, which was triggering the bug in a couple of places, and it all builds fine with the patch.

This revision is now accepted and ready to land.Apr 26 2022, 1:53 AM
sgraenitz added a subscriber: sgraenitz.May 2 2022, 6:23 AM
This revision was landed with ongoing or failed builds.Jul 24 2022, 6:02 AM
Closed by commit rG94c3b169785c: Fix crash in ObjC codegen introduced with… (authored by theraven). · Explain Why
This revision was automatically updated to reflect the committed changes.
theraven added a commit: rG94c3b169785c: Fix crash in ObjC codegen introduced with….

Revision Contents

PathSize
clang/
lib/
CodeGen/
12 lines

Diff 423241

clang/lib/CodeGen/CGObjCGNU.cpp

Context not available.
// Enter the continuation block and emit a phi if required. // Enter the continuation block and emit a phi if required.
CGF.EmitBlock(continueBB); CGF.EmitBlock(continueBB);
if (msgRet.isScalar()) { if (msgRet.isScalar()) {
llvm::Value *v = msgRet.getScalarVal(); // If the return type is void, do nothing
llvm::PHINode *phi = Builder.CreatePHI(v->getType(), 2); if (llvm::Value *v = msgRet.getScalarVal()) {
phi->addIncoming(v, nonNilPathBB); llvm::PHINode *phi = Builder.CreatePHI(v->getType(), 2);
phi->addIncoming(CGM.EmitNullConstant(ResultType), nilPathBB); phi->addIncoming(v, nonNilPathBB);
msgRet = RValue::get(phi); phi->addIncoming(CGM.EmitNullConstant(ResultType), nilPathBB);
msgRet = RValue::get(phi);
}
} else if (msgRet.isAggregate()) { } else if (msgRet.isAggregate()) {
// Aggregate zeroing is handled in nilCleanupBB when it's required. // Aggregate zeroing is handled in nilCleanupBB when it's required.
} else /* isComplex() */ { } else /* isComplex() */ {
Context not available.