This is an archive of the discontinued LLVM Phabricator instance.

[clang][Sema] Fix a clang crash with btf_type_tag
ClosedPublic

Authored by yonghong-song on Oct 26 2022, 5:57 PM.

Download Raw Diff

Details

Reviewers

aaron.ballman
dblaikie

Commits

rG2f047b56ba0e: [clang][Sema] Fix a clang crash with btf_type_tag

Summary

For the following program,

$ cat t.c 
struct t { 
 int (__attribute__((btf_type_tag("rcu"))) *f)();
 int a;
};  
int foo(struct t *arg) {
  return arg->a;
}

Compiling with 'clang -g -O2 -S t.c' will cause a failure like below:

clang: /home/yhs/work/llvm-project/clang/lib/Sema/SemaType.cpp:6391: void {anonymous}::DeclaratorLocFiller::VisitParenTypeLoc(clang::ParenTypeLoc):
       Assertion `Chunk.Kind == DeclaratorChunk::Paren' failed.
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
......
#5 0x00007f89e4280ea5 abort (/lib64/libc.so.6+0x21ea5)
#6 0x00007f89e4280d79 _nl_load_domain.cold.0 (/lib64/libc.so.6+0x21d79)
#7 0x00007f89e42a6456 (/lib64/libc.so.6+0x47456)
#8 0x00000000045c2596 GetTypeSourceInfoForDeclarator((anonymous namespace)::TypeProcessingState&, clang::QualType, clang::TypeSourceInfo*) SemaType.cpp:0:0
#9 0x00000000045ccfa5 GetFullTypeForDeclarator((anonymous namespace)::TypeProcessingState&, clang::QualType, clang::TypeSourceInfo*) SemaType.cpp:0:0
......

The reason of the failure is due to the mismatch of TypeLoc and D.getTypeObject().Kind. For example,
the TypeLoc is

BTFTagAttributedType 0x88614e0 'int  btf_type_tag(rcu)()' sugar
|-ParenType 0x8861480 'int ()' sugar
| `-FunctionNoProtoType 0x8861450 'int ()' cdecl
|   `-BuiltinType 0x87fd500 'int'

while corresponding D.getTypeObject().Kind points to DeclaratorChunk::Paren, and
this will cause later assertion.

To fix the issue, similar to AttributedTypeLoc, let us skip BTFTagAttributedTypeLoc in
GetTypeSourceInfoForDeclarator().

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

yonghong-song created this revision.Oct 26 2022, 5:57 PM

Herald added a project: Restricted Project. · View Herald TranscriptOct 26 2022, 5:57 PM

yonghong-song requested review of this revision.Oct 26 2022, 5:57 PM

Herald added a subscriber: cfe-commits. · View Herald TranscriptOct 26 2022, 5:57 PM

yonghong-song added subscribers: ast, anakryiko, iamkafai.Oct 26 2022, 6:05 PM

Harbormaster completed remote builds in B194534: Diff 470982.Oct 26 2022, 6:53 PM

The changes generally look good to me, but can you add a release note for the fix as well?

clang/test/Sema/attr-btf_type_tag-func-ptr.c
1 ↗	(On Diff #470982)	Does the dwarf version actually matter or can that be removed as well?

Could the test be expanded to test more specifically than "does not crash"? Like is there some part of the output that can't be observed in any other test (that didn't/doesn't crash without this patch) - like the location emitted in some debug info, etc?

In D136807#3888317, @aaron.ballman wrote:

The changes generally look good to me, but can you add a release note for the fix as well?

Yes, will add the bug fix brief description to clang/docs/ReleaseNotes.rst

clang/test/Sema/attr-btf_type_tag-func-ptr.c
1 ↗	(On Diff #470982)	I will move the test to CodeGen directory and actually check dwarf output for btf_type_tag in debuginfo which will address David's suggestion as well.

Add the bug fix description in Release Note
Actually compare debuginfo btf_type_tag output instead of marking 'expected-no-diagnostics'.

Harbormaster completed remote builds in B194702: Diff 471216.Oct 27 2022, 12:23 PM

@aaron.ballman or @dblaikie I have addressed the comments, could you take a look again?

LGTM!

clang/docs/ReleaseNotes.rst
263

This revision is now accepted and ready to land.Nov 1 2022, 7:09 AM

improve the bug description in release note.

This revision was landed with ongoing or failed builds.Nov 1 2022, 8:07 AM

Closed by commit rG2f047b56ba0e: [clang][Sema] Fix a clang crash with btf_type_tag (authored by yonghong-song). · Explain Why

This revision was automatically updated to reflect the committed changes.

yonghong-song added a commit: rG2f047b56ba0e: [clang][Sema] Fix a clang crash with btf_type_tag.

Harbormaster completed remote builds in B195478: Diff 472305.Nov 1 2022, 8:32 AM

Revision Contents

Path

Size

clang/

docs/

ReleaseNotes.rst

2 lines

lib/

Sema/

SemaType.cpp

3 lines

test/

CodeGen/

attr-btf_type_tag-func-ptr.c

15 lines

Diff 472308

clang/docs/ReleaseNotes.rst

Show First 20 Lines • Show All 254 Lines • ▼ Show 20 Lines

- Address the thread identification problems in coroutines.

`Issue 47179 <https://github.com/llvm/llvm-project/issues/47179>`_

- Fix a crash upon stray coloncolon token in C2x mode.

- Reject non-type template arguments formed by casting a non-zero integer

to a pointer in pre-C++17 modes, instead of treating them as null

pointers.

- Fix template arguments of pointer and reference not taking the type as

part of their identity.

`Issue 47136 <https://github.com/llvm/llvm-project/issues/47136>`_

- Fix a crash when trying to form a recovery expression on a call inside a

aaron.ballmanUnsubmitted

Not Done

`Issue 47136 <https://github.com/llvm/llvm-project/issues/47136>`_

- - Fix a crash when btf_type_tag attr is applied to the pointee of

+ - Fix a crash when a ``btf_type_tag`` attribute is applied to the pointee of

a function pointer.

aaron.ballman:

constraint, which re-evaluated the same constraint.

`Issue 53213 <https://github.com/llvm/llvm-project/issues/53213>`_

`Issue 45736 <https://github.com/llvm/llvm-project/issues/45736>`_

- Fix an issue when performing constraints partial ordering on non-template

functions. `Issue 56154 <https://github.com/llvm/llvm-project/issues/56154>`_

- Fix handling of unexpanded packs in template argument expressions.

`Issue 58679 <https://github.com/llvm/llvm-project/issues/58679>`_

- Fix a crash when a ``btf_type_tag`` attribute is applied to the pointee of

a function pointer.

Improvements to Clang's diagnostics

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

- Clang will now check compile-time determinable string literals as format strings.

Fixes `Issue 55805: <https://github.com/llvm/llvm-project/issues/55805>`_.

- ``-Wformat`` now recognizes ``%b`` for the ``printf``/``scanf`` family of

functions and ``%B`` for the ``printf`` family of functions. Fixes

`Issue 56885: <https://github.com/llvm/llvm-project/issues/56885>`_.

▲ Show 20 Lines • Show All 522 Lines • Show Last 20 Lines

clang/lib/Sema/SemaType.cpp

This file is larger than 256 KB, so syntax highlighting is disabled by default.

Show First 20 Lines • Show All 6,509 Lines • ▼ Show 20 Lines	while (MacroQualifiedTypeLoc TL = CurrTL.getAs<MacroQualifiedTypeLoc>()) {
CurrTL = TL.getNextTypeLoc().getUnqualifiedLoc();		CurrTL = TL.getNextTypeLoc().getUnqualifiedLoc();
}		}

while (AttributedTypeLoc TL = CurrTL.getAs<AttributedTypeLoc>()) {		while (AttributedTypeLoc TL = CurrTL.getAs<AttributedTypeLoc>()) {
fillAttributedTypeLoc(TL, State);		fillAttributedTypeLoc(TL, State);
CurrTL = TL.getNextTypeLoc().getUnqualifiedLoc();		CurrTL = TL.getNextTypeLoc().getUnqualifiedLoc();
}		}

		while (BTFTagAttributedTypeLoc TL = CurrTL.getAs<BTFTagAttributedTypeLoc>())
		CurrTL = TL.getNextTypeLoc().getUnqualifiedLoc();

while (DependentAddressSpaceTypeLoc TL =		while (DependentAddressSpaceTypeLoc TL =
CurrTL.getAs<DependentAddressSpaceTypeLoc>()) {		CurrTL.getAs<DependentAddressSpaceTypeLoc>()) {
fillDependentAddressSpaceTypeLoc(TL, D.getTypeObject(i).getAttrs());		fillDependentAddressSpaceTypeLoc(TL, D.getTypeObject(i).getAttrs());
CurrTL = TL.getPointeeTypeLoc().getUnqualifiedLoc();		CurrTL = TL.getPointeeTypeLoc().getUnqualifiedLoc();
}		}

if (MatrixTypeLoc TL = CurrTL.getAs<MatrixTypeLoc>())		if (MatrixTypeLoc TL = CurrTL.getAs<MatrixTypeLoc>())
fillMatrixTypeLoc(TL, D.getTypeObject(i).getAttrs());		fillMatrixTypeLoc(TL, D.getTypeObject(i).getAttrs());
▲ Show 20 Lines • Show All 3,048 Lines • Show Last 20 Lines

clang/test/CodeGen/attr-btf_type_tag-func-ptr.c

This file was added.

				// RUN: %clang_cc1 -triple %itanium_abi_triple -debug-info-kind=limited -S -emit-llvm -o - %s \| FileCheck %s

				struct t {
				int (__attribute__((btf_type_tag("rcu"))) *f)();
				int a;
				};
				int foo(struct t *arg) {
				return arg->a;
				}

				// CHECK: !DIDerivedType(tag: DW_TAG_member, name: "f"
				// CHECK-SAME: baseType: ![[L18:[0-9]+]]
				// CHECK: ![[L18]] = !DIDerivedType(tag: DW_TAG_pointer_type, baseType: ![[#]], size: [[#]], annotations: ![[L21:[0-9]+]])
				// CHECK: ![[L21]] = !{![[L22:[0-9]+]]}
				// CHECK: ![[L22]] = !{!"btf_type_tag", !"rcu"}