This is an archive of the discontinued LLVM Phabricator instance.

Differential D134885

[Clang] Fix variant crashes from GH58028, GH57370
ClosedPublic

Authored by royjacobson on Sep 29 2022, 8:40 AM.

Details

Reviewers
shafik
Commits
rG9415aad6a40f: [Clang] Fix variant crashes from GH58028, GH57370
rG9706bb3165f5: [Clang] Fix variant crashes from GH58028, GH57370
Summary

Fixes a null dereference in some diagnostic issuing code.

Closes https://github.com/llvm/llvm-project/issues/57370
Closes https://github.com/llvm/llvm-project/issues/58028

Diff Detail

Event Timeline

royjacobson created this revision.Sep 29 2022, 8:40 AM
Herald added a project: Restricted Project. · View Herald TranscriptSep 29 2022, 8:40 AM
royjacobson requested review of this revision.Sep 29 2022, 8:40 AM
Herald added a project: Restricted Project. · View Herald TranscriptSep 29 2022, 8:40 AM
Herald added a subscriber: cfe-commits. · View Herald Transcript
royjacobson updated this revision to Diff 463929.Sep 29 2022, 9:01 AM

Rebase on main (build was broken)

Harbormaster completed remote builds in B189440: Diff 463929.Sep 29 2022, 10:34 AM
shafik accepted this revision.Sep 29 2022, 4:35 PM

LFTM besides the comment about the test.

clang/test/SemaCXX/specialization-diagnose-crash.cpp
3

Shouldn't we see a diagnostic in order to exercise the code that is being fixed?

This revision is now accepted and ready to land.Sep 29 2022, 4:35 PM
royjacobson updated this revision to Diff 464172.Sep 30 2022, 1:07 AM

Slightly modify the test

royjacobson marked an inline comment as done.Sep 30 2022, 1:08 AM
royjacobson added inline comments.
clang/test/SemaCXX/specialization-diagnose-crash.cpp
3

Since this fixes an ICE I'm not sure we actually need to, but I modified it a bit so we have assurance that the specialization code runs.

This revision was landed with ongoing or failed builds.Sep 30 2022, 1:09 AM
Closed by commit rG9706bb3165f5: [Clang] Fix variant crashes from GH58028, GH57370 (authored by royjacobson). · Explain Why
This revision was automatically updated to reflect the committed changes.
royjacobson marked an inline comment as done.
royjacobson added a commit: rG9706bb3165f5: [Clang] Fix variant crashes from GH58028, GH57370.
royjacobson added a reverting change: rG894c0e94f9c6: Revert "[Clang] Fix variant crashes from GH58028, GH57370".Sep 30 2022, 1:25 AM
Harbormaster completed remote builds in B189612: Diff 464172.Sep 30 2022, 1:36 AM
royjacobson reopened this revision.Sep 30 2022, 1:59 AM

Apparently some of the workers crashed with the test - https://lab.llvm.org/buildbot/#/builders/216/builds/10556, but I couldn't reproduce this locally. @shafik any idea why the diagnostics might change? :/

This revision is now accepted and ready to land.Sep 30 2022, 1:59 AM
erichkeane added a subscriber: erichkeane.Sep 30 2022, 8:33 AM
In D134885#3826335, @royjacobson wrote:

Apparently some of the workers crashed with the test - https://lab.llvm.org/buildbot/#/builders/216/builds/10556, but I couldn't reproduce this locally. @shafik any idea why the diagnostics might change? :/

I have no idea where that warning comes from. That shouldn't happen on ANY machine, since it is a public member (a is), not a private one (which should cause the diagnostic). Is that the only bot with this problem?

I don't know what the 'sie' build is... but it gets me wondering if that diagnostic is getting an uninitialized version of "VerifyOnly" somewhere? It seems to me that it should be suppressing that diagnostic (if that is what VerifyOnly means here?)?

It IS bizarre to me that this crash would be noticed by something that DIDN'T try to evaluate that diagnostic though, since the ICE is on that code path.

royjacobson added a comment.Sep 30 2022, 8:40 AM
In D134885#3827383, @erichkeane wrote:
In D134885#3826335, @royjacobson wrote:

Apparently some of the workers crashed with the test - https://lab.llvm.org/buildbot/#/builders/216/builds/10556, but I couldn't reproduce this locally. @shafik any idea why the diagnostics might change? :/

I have no idea where that warning comes from. That shouldn't happen on ANY machine, since it is a public member (a is), not a private one (which should cause the diagnostic). Is that the only bot with this problem?

I don't know what the 'sie' build is... but it gets me wondering if that diagnostic is getting an uninitialized version of "VerifyOnly" somewhere? It seems to me that it should be suppressing that diagnostic (if that is what VerifyOnly means here?)?

It IS bizarre to me that this crash would be noticed by something that DIDN'T try to evaluate that diagnostic though, since the ICE is on that code path.

Hmmm, uninitialized access might explain why it's runner dependent. I'll try and see if I can run it through USan.

erichkeane added a comment.Sep 30 2022, 9:12 AM

Only thing I can think of is the 'Aggregate' calculation for this diagnostic is going wrong somewhere. See SemaDeclcXX.cpp ~6759 for where this all happens.

Aggregate IS initialized correctly to 'true' in CXXRecordDecl's DefinitionData as far as I can tell. BUT I can't imagine that some sort of optimization or mis-initialization of aggregate wouldn't cause some significant problems elsewhere. I'm thoroughly confused.

shafik added a comment.Sep 30 2022, 9:24 AM
In D134885#3826335, @royjacobson wrote:

Apparently some of the workers crashed with the test - https://lab.llvm.org/buildbot/#/builders/216/builds/10556, but I couldn't reproduce this locally. @shafik any idea why the diagnostics might change? :/

I can't see what is going on here either. It looks like this is a windows PS5 bot. If you have access to a windows machine it might be worth trying a windows release w/ asserts build to see if it reproduces there.

royjacobson added a comment.Sep 30 2022, 9:51 AM
In D134885#3827479, @shafik wrote:
In D134885#3826335, @royjacobson wrote:

Apparently some of the workers crashed with the test - https://lab.llvm.org/buildbot/#/builders/216/builds/10556, but I couldn't reproduce this locally. @shafik any idea why the diagnostics might change? :/

I can't see what is going on here either. It looks like this is a windows PS5 bot. If you have access to a windows machine it might be worth trying a windows release w/ asserts build to see if it reproduces there.

Ahhh, that exaplains it. The PlayStation targets didn't switch their default standard version to C++17, and using --std=c++14 will indeed reproduce the warnings. Some C++17 aggregate initialization changes, I guess. Thank you!

royjacobson updated this revision to Diff 464309.Sep 30 2022, 9:53 AM

Lock the test to standard version

erichkeane added a comment.Sep 30 2022, 9:59 AM
In D134885#3827535, @royjacobson wrote:
In D134885#3827479, @shafik wrote:
In D134885#3826335, @royjacobson wrote:

Apparently some of the workers crashed with the test - https://lab.llvm.org/buildbot/#/builders/216/builds/10556, but I couldn't reproduce this locally. @shafik any idea why the diagnostics might change? :/

I can't see what is going on here either. It looks like this is a windows PS5 bot. If you have access to a windows machine it might be worth trying a windows release w/ asserts build to see if it reproduces there.

Ahhh, that exaplains it. The PlayStation targets didn't switch their default standard version to C++17, and using --std=c++14 will indeed reproduce the warnings. Some C++17 aggregate initialization changes, I guess. Thank you!

Hah, wow! Good catch! I'd not known about the PS not changing defaults, but I DID have the DeclCXX.cpp 'setBases' function up on my screen that set that aggregate and was like, "huh... this is interesting, but I don't see how that applies here".

Harbormaster completed remote builds in B189714: Diff 464309.Sep 30 2022, 10:29 AM
Closed by commit rG9415aad6a40f: [Clang] Fix variant crashes from GH58028, GH57370 (authored by royjacobson). · Explain WhySep 30 2022, 11:17 AM
This revision was automatically updated to reflect the committed changes.
royjacobson added a commit: rG9415aad6a40f: [Clang] Fix variant crashes from GH58028, GH57370.

Revision Contents

PathSize
clang/
lib/
Sema/
8 lines
test/
SemaCXX/
24 lines

Diff 464335

clang/lib/Sema/SemaInit.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 689 Lines▼ Show 20 Lines if (Init >= NumInits || !ILE->getInit(Init)) {
if (Field->getType()->isReferenceType()) { if (Field->getType()->isReferenceType()) {
if (!VerifyOnly) { if (!VerifyOnly) {
// C++ [dcl.init.aggr]p9: // C++ [dcl.init.aggr]p9:
// If an incomplete or empty initializer-list leaves a // If an incomplete or empty initializer-list leaves a
// member of reference type uninitialized, the program is // member of reference type uninitialized, the program is
// ill-formed. // ill-formed.
SemaRef.Diag(Loc, diag::err_init_reference_member_uninitialized) SemaRef.Diag(Loc, diag::err_init_reference_member_uninitialized)
<< Field->getType() << Field->getType()
<< ILE->getSyntacticForm()->getSourceRange(); << (ILE->isSyntacticForm() ? ILE : ILE->getSyntacticForm())
SemaRef.Diag(Field->getLocation(), ->getSourceRange();
diag::note_uninit_reference_member); SemaRef.Diag(Field->getLocation(), diag::note_uninit_reference_member);
} }
hadError = true; hadError = true;
return; return;
} }
ExprResult MemberInit = PerformEmptyInit(Loc, MemberEntity); ExprResult MemberInit = PerformEmptyInit(Loc, MemberEntity);
if (MemberInit.isInvalid()) { if (MemberInit.isInvalid()) {
hadError = true; hadError = true;
▲ Show 20 LinesShow All 9,604 LinesShow Last 20 Lines

clang/test/SemaCXX/specialization-diagnose-crash.cpp

  • This file was added.
// RUN: %clang_cc1 -fsyntax-only %s --std=c++17 -verify
// This is a reduction of GH57370 and GH58028, originally appearing
// in libstdc++'s variant code.
shafikUnsubmitted
Done
ReplyInline Actions

Shouldn't we see a diagnostic in order to exercise the code that is being fixed?

shafik: Shouldn't we see a diagnostic in order to exercise the code that is being fixed?
royjacobsonAuthorUnsubmitted
Done
ReplyInline Actions

Since this fixes an ICE I'm not sure we actually need to, but I modified it a bit so we have assurance that the specialization code runs.

royjacobson: Since this fixes an ICE I'm not sure we actually need to, but I modified it a bit so we have…
struct V1 {};
struct V2 : V1 {
int &a;
};
template <class T> using void_t = void;
template <class T> struct X { T x; };
template <class T1, class T2, class = void> struct Variant {
Variant() = delete; // expected-note {{deleted here}}
};
template <class T1, class T2>
struct Variant<T1, T2, void_t<decltype(X<T2>{T1()})>> {};
void f() {
Variant<V1, V1>();
Variant<V1, V2>(); // expected-error {{call to deleted constructor}}
}