This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
clang/
-
lib/Sema/
-
Sema/
1/1
SemaDeclCXX.cpp
-
test/SemaCXX/
-
SemaCXX/
1/1
invalid-template-base-specifier.cpp

Differential D82086

[AST][RecoveryExpr] Fix a crash: don't attach error-type base specifiers.
ClosedPublic

Authored by hokein on Jun 18 2020, 5:29 AM.

Download Raw Diff

Details

Reviewers

sammccall

Commits

rGf0084c3bcbc2: [AST][RecoveryExpr] Fix a crash: don't attach error-type base specifiers.

Summary

otherwise we'll run into code path which expects a good base specifiers,
and lead to crashes.

The crash only occurs in template instantiations (in non-template case,
the bad base specifiers are dropped during parsing.)

crash stacktrace:

clang: llvm-project/clang/lib/Sema/SemaInit.cpp:7864: clang::ExprResult clang::InitializationSequence::Perform(clang::Sema &, const clang::InitializedEntity &, const clang::InitializationKind &, clang::MultiExprArg, clang::QualType *): Assertion `Kind.getKind() == InitializationKind::IK_Copy || Kind.isExplicitCast() || Kind.getKind() == InitializationKind::IK_DirectList' failed.
PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
#14 clang::InitializationSequence::Perform(clang::Sema&, clang::InitializedEntity const&, clang::InitializationKind const&, llvm::MutableArrayRef<clang::Expr*>, clang::QualType*) llvm-project/clang/lib/Sema/SemaInit.cpp:7889:12
#15 BuildImplicitBaseInitializer(clang::Sema&, clang::CXXConstructorDecl*, ImplicitInitializerKind, clang::CXXBaseSpecifier*, bool, clang::CXXCtorInitializer*&) llvm-project/clang/lib/Sema/SemaDeclCXX.cpp:4563:24
#16 clang::Sema::SetCtorInitializers(clang::CXXConstructorDecl*, bool, llvm::ArrayRef<clang::CXXCtorInitializer*>) llvm-project/clang/lib/Sema/SemaDeclCXX.cpp:5090:11
#17 clang::Sema::ActOnMemInitializers(clang::Decl*, clang::SourceLocation, llvm::ArrayRef<clang::CXXCtorInitializer*>, bool) llvm-project/clang/lib/Sema/SemaDeclCXX.cpp:5404:3
#18 llvm::SmallVectorTemplateCommon<clang::CXXCtorInitializer*, void>::isSmall() const llvm-project/llvm/include/llvm/ADT/SmallVector.h:124:39
#19 llvm::SmallVectorImpl<clang::CXXCtorInitializer*>::~SmallVectorImpl() llvm-project/llvm/include/llvm/ADT/SmallVector.h:381:16
#20 llvm::SmallVector<clang::CXXCtorInitializer*, 4u>::~SmallVector() llvm-project/llvm/include/llvm/ADT/SmallVector.h:891:3
#21 clang::Sema::InstantiateMemInitializers(clang::CXXConstructorDecl*, clang::CXXConstructorDecl const*, clang::MultiLevelTemplateArgumentList const&) llvm-project/clang/lib/Sema/SemaTemplateInstantiateDecl.cpp:5391:1
#22 clang::Sema::InstantiateFunctionDefinition(clang::SourceLocation, clang::FunctionDecl*, bool, bool, bool) llvm-project/clang/lib/Sema/SemaTemplateInstantiateDecl.cpp:4699:13
#23 clang::FunctionDecl::isDefined() const llvm-project/clang/include/clang/AST/Decl.h:2035:12
#24 clang::Sema::PerformPendingInstantiations(bool) llvm-project/clang/lib/Sema/SemaTemplateInstantiateDecl.cpp:5956:23
#25 llvm::TimeTraceScope::~TimeTraceScope() llvm-project/llvm/include/llvm/Support/TimeProfiler.h:86:9
#26 clang::Sema::ActOnEndOfTranslationUnitFragment(clang::Sema::TUFragmentKind) llvm-project/clang/lib/Sema/Sema.cpp:958:3
#27 clang::Sema::ActOnEndOfTranslationUnit() llvm-project/clang/lib/Sema/Sema.cpp:999:9
#28 clang::Parser::ParseTopLevelDecl(clang::OpaquePtr<clang::DeclGroupRef>&, bool) llvm-project/clang/lib/Parse/Parser.cpp:657:15

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

hokein created this revision.Jun 18 2020, 5:29 AM

Herald added a project: Restricted Project. · View Herald TranscriptJun 18 2020, 5:29 AM

hokein edited the summary of this revision. (Show Details)Jun 18 2020, 5:52 AM

hokein marked an inline comment as done.Jun 18 2020, 6:12 AM

hokein added inline comments.

clang/test/SemaCXX/invalid-template-base-specifier.cpp
7	to explain what's happening here: when parsing this primary template class decl, we'll keep this base specifier (whose type is a normal dependent type, `DecltypeType 'decltype(Foo(T()))' dependent`) later clang instantiates `Crash<int>` (creating a ClassTemplateSpecializationDecl), which will subst the base specifier with an instantiated base specifier (the type is `DecltypeType decltype(<recovery-expr>(Foo, int()))` ), and the instantiated specifier is passed the sanity checks (`CheckBaseSpecifier`), and gets attached to the ClassTemplateSpecializationDecl.

Harbormaster completed remote builds in B60814: Diff 271680.Jun 18 2020, 7:02 AM

sammccall accepted this revision.Jun 24 2020, 12:08 AM

sammccall added inline comments.

clang/lib/Sema/SemaDeclCXX.cpp
2430	I think this is fine, just "// already emitted this error" or so

This revision is now accepted and ready to land.Jun 24 2020, 12:08 AM

Closed by commit rGf0084c3bcbc2: [AST][RecoveryExpr] Fix a crash: don't attach error-type base specifiers. (authored by hokein). · Explain WhyJun 24 2020, 1:34 AM

This revision was automatically updated to reflect the committed changes.

hokein marked an inline comment as done.

Revision Contents

Path

Size

clang/

lib/

Sema/

SemaDeclCXX.cpp

5 lines

test/

SemaCXX/

invalid-template-base-specifier.cpp

10 lines

Diff 272931

clang/lib/Sema/SemaDeclCXX.cpp

This file is larger than 256 KB, so syntax highlighting is disabled by default.

	Show First 20 Lines • Show All 2,420 Lines • ▼ Show 20 Lines
	/// and returns NULL otherwise.			/// and returns NULL otherwise.
	CXXBaseSpecifier *			CXXBaseSpecifier *
	Sema::CheckBaseSpecifier(CXXRecordDecl *Class,			Sema::CheckBaseSpecifier(CXXRecordDecl *Class,
	SourceRange SpecifierRange,			SourceRange SpecifierRange,
	bool Virtual, AccessSpecifier Access,			bool Virtual, AccessSpecifier Access,
	TypeSourceInfo *TInfo,			TypeSourceInfo *TInfo,
	SourceLocation EllipsisLoc) {			SourceLocation EllipsisLoc) {
	QualType BaseType = TInfo->getType();			QualType BaseType = TInfo->getType();
				if (BaseType->containsErrors()) {
				// Already emitted a diagnostic when parsing the error type.
				sammccallUnsubmitted Done Reply Inline Actions I think this is fine, just "// already emitted this error" or so sammccall: I think this is fine, just "// already emitted this error" or so
				return nullptr;
				}
	// C++ [class.union]p1:			// C++ [class.union]p1:
	// A union shall not have base classes.			// A union shall not have base classes.
	if (Class->isUnion()) {			if (Class->isUnion()) {
	Diag(Class->getLocation(), diag::err_base_clause_on_union)			Diag(Class->getLocation(), diag::err_base_clause_on_union)
	<< SpecifierRange;			<< SpecifierRange;
	return nullptr;			return nullptr;
	}			}

	▲ Show 20 Lines • Show All 15,344 Lines • Show Last 20 Lines

clang/test/SemaCXX/invalid-template-base-specifier.cpp

This file was added.

				// RUN: %clang_cc1 -frecovery-ast -verify %s

				bool Foo(int *); // expected-note {{candidate function not viable}}

				template <typename T>
				struct Crash : decltype(Foo(T())) { // expected-error {{no matching function for call to 'Foo'}}
				Crash(){};
				hokeinAuthorUnsubmitted Done Reply Inline Actions to explain what's happening here: when parsing this primary template class decl, we'll keep this base specifier (whose type is a normal dependent type, `DecltypeType 'decltype(Foo(T()))' dependent`) later clang instantiates `Crash<int>` (creating a ClassTemplateSpecializationDecl), which will subst the base specifier with an instantiated base specifier (the type is `DecltypeType decltype(<recovery-expr>(Foo, int()))` ), and the instantiated specifier is passed the sanity checks (`CheckBaseSpecifier`), and gets attached to the ClassTemplateSpecializationDecl. hokein: to explain what's happening here: - when parsing this primary template class decl, we'll keep…
				};

				void test() { Crash<int>(); } // expected-note {{in instantiation of template class}}