This is an archive of the discontinued LLVM Phabricator instance.

Differential D27800

[clang] Fix crash for sizeof on VLAs
ClosedPublic

Authored by pmatos on Dec 15 2016, 1:30 AM.

Details

Reviewers
efriedma
Commits
rG968be05b8fdc: [clang] Fix crash for sizeof on VLAs
Summary

Adds overload of TransformToPotentiallyEvaluated for TypeSourceInfo to
properly deal with VLAs in nested calls of sizeof and typeof. Fixes
PR31042 (https://github.com/llvm/llvm-project/issues/30390).

Diff Detail

Event Timeline

pmatos updated this revision to Diff 81547.Dec 15 2016, 1:30 AM
pmatos retitled this revision from to Add overload of TransformToPotentiallyEvaluated for TypeSourceInfo.
pmatos updated this object.
pmatos added a reviewer: efriedma.
pmatos added a subscriber: cfe-commits.

@efriedma Here's the new patch, thanks for your help getting here.

ahatanak added a subscriber: ahatanak.Dec 15 2016, 9:14 AM

Can you add a test case?

efriedma requested changes to this revision.Jan 9 2017, 12:46 PM
efriedma edited edge metadata.

Missing regression test in test/SemaCXX/.

This revision now requires changes to proceed.Jan 9 2017, 12:46 PM
pmatos added a comment.Jan 10 2017, 12:01 AM

Apologies for the delay over the holiday season, I will look into this later on after office hours.

pmatos added a comment.Jan 13 2017, 8:26 AM

Has this been fixed upstream already?

pmatos added a comment.Jan 13 2017, 9:30 AM

Ah no, my mistake. I had the patch applied when I ran the test.

pmatos updated this revision to Diff 85328.EditedJan 22 2017, 11:32 PM
pmatos edited edge metadata.

Here's an updated patch including the test. Hope this is now ok for submission. Please accept my apologies with regards to the delay in submitting this.

efriedma added inline comments.Jan 23 2017, 12:58 PM
lib/Sema/SemaExpr.cpp
4031 ↗(On Diff #85328)

Is the isUnevaluatedContext() check here necessary?

test/SemaCXX/pr31042.cpp
1 ↗(On Diff #85328)

-emit-obj ?

3 ↗(On Diff #85328)

Is this declaration necessary somehow?

pmatos marked 3 inline comments as done.Mar 14 2017, 1:54 AM

Thanks for the comments.

pmatos added inline comments.Mar 14 2017, 1:55 AM
lib/Sema/SemaExpr.cpp
4031 ↗(On Diff #85328)

Not really. Reran tests to ensure removing it doesn't break anything.

test/SemaCXX/pr31042.cpp
1 ↗(On Diff #85328)

Not needed. Left over from copying another test.

3 ↗(On Diff #85328)

Same. Not needed. Left over from copying another test.

pmatos updated this revision to Diff 91684.Mar 14 2017, 1:58 AM

@efriedma I have uploaded a new patch taking your comments into consideration and rebased on most recent clang sources.

pmatos updated this revision to Diff 91685.Mar 14 2017, 2:00 AM

Added missing testcase to previous patch.

efriedma added inline comments.Mar 15 2017, 11:43 AM
test/SemaCXX/pr31042.cpp
1 ↗(On Diff #91685)

Oh, this testcase doesn't actually crash on trunk without at least -emit-llvm because semantic analysis doesn't actually verify the used bit. :( Better to include that, I think.

pmatos updated this revision to Diff 91980.Mar 16 2017, 2:51 AM
pmatos marked an inline comment as done.
efriedma added inline comments.Mar 16 2017, 10:47 AM
test/SemaCXX/pr31042.cpp
1 ↗(On Diff #91980)

You need to use "-o -" or something like that to avoid generating a file pr31042.ll. Also, a comment explaining why this test is using -emit-llvm would be nice.

pmatos updated this revision to Diff 398935.Jan 11 2022, 7:00 AM

After a long hiatus on this bug, this is still failing on HEAD so lets get it fixed.

Herald added a project: Restricted Project. · View Herald TranscriptJan 11 2022, 7:00 AM
Herald added a subscriber: wingo. · View Herald Transcript
pmatos added a comment.Jan 11 2022, 7:01 AM
This comment was removed by pmatos.
test/SemaCXX/pr31042.cpp
1 ↗(On Diff #91685)

Ah, that's why I had initially -emit-obj. That also triggered the problem. I obviously forgot about this and removed the flag without retesting to check if still broke trunk. Apologies for that.

1 ↗(On Diff #91685)

And we also need to remove -fsyntax-only. Submitting new patch.

pmatos added a comment.Jan 11 2022, 7:02 AM

Fixes https://github.com/llvm/llvm-project/issues/30390

pmatos added a comment.Jan 11 2022, 7:03 AM

@efriedma I know it has been a long time, but are you still able to review this?

Harbormaster completed remote builds in B142651: Diff 398935.Jan 11 2022, 7:24 AM
efriedma accepted this revision.Jan 11 2022, 11:45 AM

Looks like all the review comments have been addressed. LGTM

This revision is now accepted and ready to land.Jan 11 2022, 11:45 AM
pmatos added a comment.Jan 12 2022, 5:36 AM
In D27800#3235066, @efriedma wrote:

Looks like all the review comments have been addressed. LGTM

Thanks for the review, but unfortunately I found an issue right before committing, taking a look at it now.

pmatos updated this revision to Diff 399320.Jan 12 2022, 7:08 AM
pmatos retitled this revision from Add overload of TransformToPotentiallyEvaluated for TypeSourceInfo to [clang] Fix crash for sizeof on VLAs.
pmatos edited the summary of this revision. (Show Details)

Ensure that we only call transform on Unevaluated Contexts, avoids the failure of a couple of vla tests.

pmatos added a comment.Jan 12 2022, 7:09 AM
In D27800#3235066, @efriedma wrote:

Looks like all the review comments have been addressed. LGTM

Minor change.

This revision was landed with ongoing or failed builds.Jan 12 2022, 7:11 AM
Closed by commit rG968be05b8fdc: [clang] Fix crash for sizeof on VLAs (authored by pmatos). · Explain Why
This revision was automatically updated to reflect the committed changes.
pmatos added a commit: rG968be05b8fdc: [clang] Fix crash for sizeof on VLAs.
Harbormaster completed remote builds in B142910: Diff 399320.Jan 12 2022, 7:41 AM

Revision Contents

PathSize
clang/
include/
clang/
Sema/
1 line
lib/
Sema/
14 lines
test/
SemaCXX/
10 lines

Diff 399322

clang/include/clang/Sema/Sema.h

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 5,047 Lines▼ Show 20 Lines void PushExpressionEvaluationContext(
ExpressionEvaluationContext NewContext, ReuseLambdaContextDecl_t, ExpressionEvaluationContext NewContext, ReuseLambdaContextDecl_t,
ExpressionEvaluationContextRecord::ExpressionKind Type = ExpressionEvaluationContextRecord::ExpressionKind Type =
ExpressionEvaluationContextRecord::EK_Other); ExpressionEvaluationContextRecord::EK_Other);
void PopExpressionEvaluationContext(); void PopExpressionEvaluationContext();
void DiscardCleanupsInEvaluationContext(); void DiscardCleanupsInEvaluationContext();
ExprResult TransformToPotentiallyEvaluated(Expr *E); ExprResult TransformToPotentiallyEvaluated(Expr *E);
TypeSourceInfo *TransformToPotentiallyEvaluated(TypeSourceInfo *TInfo);
ExprResult HandleExprEvaluationContextForTypeof(Expr *E); ExprResult HandleExprEvaluationContextForTypeof(Expr *E);
ExprResult CheckUnevaluatedOperand(Expr *E); ExprResult CheckUnevaluatedOperand(Expr *E);
void CheckUnusedVolatileAssignment(Expr *E); void CheckUnusedVolatileAssignment(Expr *E);
ExprResult ActOnConstantExpression(ExprResult Res); ExprResult ActOnConstantExpression(ExprResult Res);
// Functions for marking a declaration referenced. These functions also // Functions for marking a declaration referenced. These functions also
▲ Show 20 LinesShow All 8,190 LinesShow Last 20 Lines

clang/lib/Sema/SemaExpr.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 4,493 Lines▼ Show 20 Lines if (auto *TT = T->getAs<TypedefType>()) {
break; break;
captureVariablyModifiedType(Context, T, CSI); captureVariablyModifiedType(Context, T, CSI);
} }
} }
} }
} }
// C99 6.5.3.4p4: the type (an unsigned integer type) is size_t. // C99 6.5.3.4p4: the type (an unsigned integer type) is size_t.
if (isUnevaluatedContext() && ExprKind == UETT_SizeOf &&
TInfo->getType()->isVariablyModifiedType())
TInfo = TransformToPotentiallyEvaluated(TInfo);
return new (Context) UnaryExprOrTypeTraitExpr( return new (Context) UnaryExprOrTypeTraitExpr(
ExprKind, TInfo, Context.getSizeType(), OpLoc, R.getEnd()); ExprKind, TInfo, Context.getSizeType(), OpLoc, R.getEnd());
} }
/// Build a sizeof or alignof expression given an expression /// Build a sizeof or alignof expression given an expression
/// operand. /// operand.
ExprResult ExprResult
Sema::CreateUnaryExprOrTypeTraitExpr(Expr *E, SourceLocation OpLoc, Sema::CreateUnaryExprOrTypeTraitExpr(Expr *E, SourceLocation OpLoc,
▲ Show 20 LinesShow All 12,086 Lines▼ Show 20 Lines assert(isUnevaluatedContext() &&
"Should only transform unevaluated expressions"); "Should only transform unevaluated expressions");
ExprEvalContexts.back().Context = ExprEvalContexts.back().Context =
ExprEvalContexts[ExprEvalContexts.size()-2].Context; ExprEvalContexts[ExprEvalContexts.size()-2].Context;
if (isUnevaluatedContext()) if (isUnevaluatedContext())
return E; return E;
return TransformToPE(*this).TransformExpr(E); return TransformToPE(*this).TransformExpr(E);
} }
TypeSourceInfo *Sema::TransformToPotentiallyEvaluated(TypeSourceInfo *TInfo) {
assert(isUnevaluatedContext() &&
"Should only transform unevaluated expressions");
ExprEvalContexts.back().Context =
ExprEvalContexts[ExprEvalContexts.size() - 2].Context;
if (isUnevaluatedContext())
return TInfo;
return TransformToPE(*this).TransformType(TInfo);
}
void void
Sema::PushExpressionEvaluationContext( Sema::PushExpressionEvaluationContext(
ExpressionEvaluationContext NewContext, Decl *LambdaContextDecl, ExpressionEvaluationContext NewContext, Decl *LambdaContextDecl,
ExpressionEvaluationContextRecord::ExpressionKind ExprContext) { ExpressionEvaluationContextRecord::ExpressionKind ExprContext) {
ExprEvalContexts.emplace_back(NewContext, ExprCleanupObjects.size(), Cleanup, ExprEvalContexts.emplace_back(NewContext, ExprCleanupObjects.size(), Cleanup,
LambdaContextDecl, ExprContext); LambdaContextDecl, ExprContext);
// Discarded statements and immediate contexts nested in other // Discarded statements and immediate contexts nested in other
▲ Show 20 LinesShow All 3,362 LinesShow Last 20 Lines

clang/test/SemaCXX/pr31042.cpp

  • This file was added.
// RUN: %clang_cc1 -o - -emit-llvm -triple x86_64-unknown-linux-gnu -disable-free %s
// We need to use -emit-llvm in order to trigger the error, without it semantic analysis
// does not verify the used bit and there's no error.
char a[1];
void f1(void) {
int i = 0;
int j = sizeof(typeof(*(char(*)[i])a));
}