This is an archive of the discontinued LLVM Phabricator instance.

Did this only crash during error recovery before, or also for your void g() example? If we were only crashing in error recovery, that would suggest that error recovery was producing a bad AST, and perhaps we should be fixing this elsewhere.

clang/lib/Sema/SemaChecking.cpp
10164	Can we handle this in code that's specific to conditional expressions instead? Presumably somewhere higher up in the call graph, some code is assuming that it can recurse from a conditional expression to its subexpressions, and that assumption is wrong.

I added void g() since that's valid code which also caused an assertion failure. So the issue isn't in the error recovery but in determining the required IntRange. It seems the code doesn't take http://eel.is/c++draft/expr.cond#2.1 into account.

clang/lib/Sema/SemaChecking.cpp
10164	I can take a look at it if you want. However I feel this fix is better. If the conditional doesn't throw it can properly evaluate the required IntRange. If it throws the range doesn't matter, therefore I didn't want to increment the required range. Do you agree? Should I add more comment to clarify the design decission?

rsmith added inline comments.Aug 10 2020, 6:09 PM

clang/lib/Sema/SemaChecking.cpp
10164	In order to get here, we need to have called functions that are documented as taking only integer types but passing them a `void` type. So the bug has already occurred before we got here.
10317–10320	It seems to me that the bug is here. `GetExprRange` is documented as "Pseudo-evaluate the given integer expression", but the true and false expressions here might not be integer expressions -- specifically, one of them could be of type `void` if it's a throw-expression. In that case, we should only call `GetExprRange` on the other expression. The expression range of the `void`-typed expression is irrelevant in this case, because that expression never returns.

Mordante marked 3 inline comments as done.Aug 14 2020, 10:28 AM

Mordante added inline comments.

clang/lib/Sema/SemaChecking.cpp
10317–10320	Thanks for the hint I'll look into this solution.

Addresses review comments.

Thanks!

This revision is now accepted and ready to land.Aug 14 2020, 12:02 PM

Closed by commit rG827ba67e3833: [Sema] Validate calls to GetExprRange. (authored by Mordante). · Explain WhyAug 16 2020, 9:36 AM

This revision was automatically updated to reflect the committed changes.

Mordante added a commit: rG827ba67e3833: [Sema] Validate calls to GetExprRange..

Revision Contents

Path

Size

clang/

lib/

Sema/

SemaChecking.cpp

8 lines

test/

SemaCXX/

conditional-expr.cpp

14 lines

Diff 284187

clang/lib/Sema/SemaChecking.cpp

This file is larger than 256 KB, so syntax highlighting is disabled by default.

Show First 20 Lines • Show All 10,155 Lines • ▼ Show 20 Lines	if (!C.getLangOpts().CPlusPlus) {
return IntRange(std::max(NumPositive + 1, NumNegative),		return IntRange(std::max(NumPositive + 1, NumNegative),
false/NonNegative/);		false/NonNegative/);
}		}

if (const auto *EIT = dyn_cast<ExtIntType>(T))		if (const auto *EIT = dyn_cast<ExtIntType>(T))
return IntRange(EIT->getNumBits(), EIT->isUnsigned());		return IntRange(EIT->getNumBits(), EIT->isUnsigned());

const BuiltinType *BT = cast<BuiltinType>(T);		const BuiltinType *BT = cast<BuiltinType>(T);
assert(BT->isInteger());		if (!BT->isInteger()) {
		rsmithUnsubmitted Done Reply Inline Actions Can we handle this in code that's specific to conditional expressions instead? Presumably somewhere higher up in the call graph, some code is assuming that it can recurse from a conditional expression to its subexpressions, and that assumption is wrong. rsmith: Can we handle this in code that's specific to conditional expressions instead? Presumably…
		MordanteAuthorUnsubmitted Done Reply Inline Actions I can take a look at it if you want. However I feel this fix is better. If the conditional doesn't throw it can properly evaluate the required IntRange. If it throws the range doesn't matter, therefore I didn't want to increment the required range. Do you agree? Should I add more comment to clarify the design decission? Mordante: I can take a look at it if you want. However I feel this fix is better. If the conditional…
		rsmithUnsubmitted Done Reply Inline Actions In order to get here, we need to have called functions that are documented as taking only integer types but passing them a `void` type. So the bug has already occurred before we got here. rsmith: In order to get here, we need to have called functions that are documented as taking only…
		// This can happen in a conditional expression with a throw statement
		// C++11 [expr.cond]p2
		// If either the second or the third operand has type (cv) void, ...
		assert(BT->isVoidType());
		IntRange(1, true /NonNegative/);
		}

return IntRange(C.getIntWidth(QualType(T, 0)), BT->isUnsignedInteger());		return IntRange(C.getIntWidth(QualType(T, 0)), BT->isUnsignedInteger());
}		}

/// Returns the "target" range of a canonical integral type, i.e.		/// Returns the "target" range of a canonical integral type, i.e.
/// the range of values expressible in the type.		/// the range of values expressible in the type.
///		///
/// This matches forValueOfCanonicalType except that enums have the		/// This matches forValueOfCanonicalType except that enums have the
▲ Show 20 Lines • Show All 130 Lines • ▼ Show 20 Lines	if (const auto *CO = dyn_cast<ConditionalOperator>(E)) {
// If we can fold the condition, just take that operand.		// If we can fold the condition, just take that operand.
bool CondResult;		bool CondResult;
if (CO->getCond()->EvaluateAsBooleanCondition(CondResult, C))		if (CO->getCond()->EvaluateAsBooleanCondition(CondResult, C))
return GetExprRange(C,		return GetExprRange(C,
CondResult ? CO->getTrueExpr() : CO->getFalseExpr(),		CondResult ? CO->getTrueExpr() : CO->getFalseExpr(),
MaxWidth, InConstantContext);		MaxWidth, InConstantContext);

// Otherwise, conservatively merge.		// Otherwise, conservatively merge.
IntRange L =		IntRange L =
GetExprRange(C, CO->getTrueExpr(), MaxWidth, InConstantContext);		GetExprRange(C, CO->getTrueExpr(), MaxWidth, InConstantContext);
IntRange R =		IntRange R =
GetExprRange(C, CO->getFalseExpr(), MaxWidth, InConstantContext);		GetExprRange(C, CO->getFalseExpr(), MaxWidth, InConstantContext);
		rsmithUnsubmitted Done Reply Inline Actions It seems to me that the bug is here. `GetExprRange` is documented as "Pseudo-evaluate the given integer expression", but the true and false expressions here might not be integer expressions -- specifically, one of them could be of type `void` if it's a throw-expression. In that case, we should only call `GetExprRange` on the other expression. The expression range of the `void`-typed expression is irrelevant in this case, because that expression never returns. rsmith: It seems to me that the bug is here. `GetExprRange` is documented as "Pseudo-evaluate the given…
		MordanteAuthorUnsubmitted Done Reply Inline Actions Thanks for the hint I'll look into this solution. Mordante: Thanks for the hint I'll look into this solution.
return IntRange::join(L, R);		return IntRange::join(L, R);
}		}

if (const auto *BO = dyn_cast<BinaryOperator>(E)) {		if (const auto *BO = dyn_cast<BinaryOperator>(E)) {
switch (BO->getOpcode()) {		switch (BO->getOpcode()) {
case BO_Cmp:		case BO_Cmp:
llvm_unreachable("builtin <=> should have class type");		llvm_unreachable("builtin <=> should have class type");

▲ Show 20 Lines • Show All 5,322 Lines • Show Last 20 Lines

clang/test/SemaCXX/conditional-expr.cpp

Show First 20 Lines • Show All 403 Lines • ▼ Show 20 Lines	void f(bool b) {
A &&r = b ? static_cast<A&&>(B()) : static_cast<A&&>(C());		A &&r = b ? static_cast<A&&>(B()) : static_cast<A&&>(C());
}		}

struct D { A &&a; };		struct D { A &&a; };
void f_indirect(bool b) {		void f_indirect(bool b) {
D d = b ? D{B()} : D{C()};		D d = b ? D{B()} : D{C()};
}		}
}		}

		namespace PR46484 {
		// expected-error@+4{{expected ':'}}
		// expected-note@+3{{to match this '?'}}
		// expected-warning@+2{{variable 'b' is uninitialized}}
		// expected-error@+1 2 {{expected ';' after top level declarator}}
		int a long b = a = b ? throw 0 1

		void g() {
		extern int a;
		extern long b;
		long c = a = b ? throw 0 : 1;
		}
		} // namespace PR46484

This is an archive of the discontinued LLVM Phabricator instance.

Fixes an assertion when IntRange processes a throw expressionClosedPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 284187

clang/lib/Sema/SemaChecking.cpp

clang/test/SemaCXX/conditional-expr.cpp

Fixes an assertion when IntRange processes a throw expression
ClosedPublic