[clang] Fix a use-after-free in expression evaluation #118480
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
llvmbot
added
clang
|
@llvm/pr-subscribers-clang Author: kadir çetinkaya (kadircet) Changesfollowing ASAN failure is fixed with this patch. Full diff: https://github.com/llvm/llvm-project/pull/118480.diff 1 Files Affected:
diff --git a/clang/lib/AST/ExprConstant.cpp b/clang/lib/AST/ExprConstant.cpp
index 6b5b95aee35522..fd9f715f11a058 100644
--- a/clang/lib/AST/ExprConstant.cpp
+++ b/clang/lib/AST/ExprConstant.cpp
@@ -4515,6 +4515,8 @@ handleLValueToRValueConversion(EvalInfo &Info, const Expr *Conv, QualType Type,
}
APValue Lit;
+ // Make sure we clean up the temporary created below.
+ FullExpressionRAII CleanupTemps(Info);
if (!Evaluate(Lit, Info, CLE->getInitializer()))
return false;
|
|
still trying to come up with a reproducer. i am also not sure if this is the best place to have the cleanup, but if i did that closer to leaves tests start failing. so open for suggestions here :) |
| @@ -4515,6 +4515,8 @@ handleLValueToRValueConversion(EvalInfo &Info, const Expr *Conv, QualType Type, | |||
| } | |||
|
|
|||
| APValue Lit; | |||
| // Make sure we clean up the temporary created below. | |||
| FullExpressionRAII CleanupTemps(Info); | |||
There was a problem hiding this comment.
Could we get a reduced test case?
I don't think it's correct to do the cleanups here, we could probably construct some examples that break after this change.
There are ExprWithCleanups and various other mechanisms that ensure we do all the cleanups correctly. This delayed evaluation of compound literals might not play well with those cases today, but it's hard to know for sure without understanding the full picture. Having an example would help better understand if there's a fix needed in a different place.
There was a problem hiding this comment.
we could probably construct some examples that break after this change.
fair enough, i am not sure about the change either. wanted to throw it out to get some more thoughts from community.
Could we get a reduced test case?
i hope so. i am still running a creduce, file is still too big though :(
following ASAN failure is fixed with this patch.
We store cleanups in EvalInfo, which are usually run with certain
ScopeRAII objects.
We can have temporaries in the cleanup stack, backed by CallStackFrame.
If such temporaries aren't destroyed before the enclosing
CallStackFrame, we end up accessing the freed temporary to run the
cleanup.
```
=================================================================
==553356==ERROR: AddressSanitizer: heap-use-after-free on address 0x7c63f05a65b0 at pc 0x561e4add6ae7 bp 0x7fff430f7770 sp 0x7fff430f7768
READ of size 4 at 0x7c63f05a65b0 thread T0
#0 0x561e4add6ae6 in clang::APValue::operator=(clang::APValue&&) third_party/llvm/llvm-project/clang/lib/AST/APValue.cpp:394:9
#1 0x561e4b41fd0b in (anonymous namespace)::Cleanup::endLifetime((anonymous namespace)::EvalInfo&, bool) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:749:27
#2 0x561e4b4d42a7 in (anonymous namespace)::ScopeRAII<((anonymous namespace)::ScopeKind)1>::cleanup((anonymous namespace)::EvalInfo&, bool, unsigned int) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:1449:41
llvm#3 0x561e4b4246ec in destroy third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:1427:17
llvm#4 0x561e4b4246ec in ~ScopeRAII third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:1433:9
llvm#5 0x561e4b4246ec in EvaluateCond((anonymous namespace)::EvalInfo&, clang::VarDecl const*, clang::Expr const*, bool&) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:5185:1
llvm#6 0x561e4b41ea8c in EvaluateStmt((anonymous namespace)::StmtResult&, (anonymous namespace)::EvalInfo&, clang::Stmt const*, clang::SwitchCase const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:5555:17
llvm#7 0x561e4b423755 in EvaluateLoopBody((anonymous namespace)::StmtResult&, (anonymous namespace)::EvalInfo&, clang::Stmt const*, clang::SwitchCase const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:5221:24
llvm#8 0x561e4b41d597 in EvaluateStmt((anonymous namespace)::StmtResult&, (anonymous namespace)::EvalInfo&, clang::Stmt const*, clang::SwitchCase const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:5635:28
llvm#9 0x561e4b41d341 in EvaluateStmt((anonymous namespace)::StmtResult&, (anonymous namespace)::EvalInfo&, clang::Stmt const*, clang::SwitchCase const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:5521:28
llvm#10 0x561e4b40113c in HandleFunctionCall(clang::SourceLocation, clang::FunctionDecl const*, (anonymous namespace)::LValue const*, clang::Expr const*, llvm::ArrayRef<clang::Expr const*>, (anonymous namespace)::CallRef, clang::Stmt const*, (anonymous namespace)::EvalInfo&, clang::APValue&, (anonymous namespace)::LValue const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:6520:24
llvm#11 0x561e4b4c9652 in handleCallExpr third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:8332:10
llvm#12 0x561e4b4c9652 in VisitCallExpr third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:8132:10
llvm#13 0x561e4b4c9652 in visitNonBuiltinCallExpr third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:9749:28
llvm#14 0x561e4b4c9652 in (anonymous namespace)::PointerExprEvaluator::VisitCallExpr(clang::CallExpr const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:9763:12
llvm#15 0x561e4b4c3e5b in clang::StmtVisitorBase<llvm::make_const_ptr, (anonymous namespace)::PointerExprEvaluator, bool>::Visit(clang::Stmt const*) blaze-out/k8-opt-asan/genfiles/third_party/llvm/llvm-project/clang/include/clang/AST/StmtNodes.inc
llvm#16 0x561e4b3ff820 in EvaluatePointer third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:9458:60
llvm#17 0x561e4b3ff820 in Evaluate(clang::APValue&, (anonymous namespace)::EvalInfo&, clang::Expr const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:16343:10
llvm#18 0x561e4b41f204 in EvaluateStmt((anonymous namespace)::StmtResult&, (anonymous namespace)::EvalInfo&, clang::Stmt const*, clang::SwitchCase const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:5511:17
llvm#19 0x561e4b41d341 in EvaluateStmt((anonymous namespace)::StmtResult&, (anonymous namespace)::EvalInfo&, clang::Stmt const*, clang::SwitchCase const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:5521:28
llvm#20 0x561e4b40113c in HandleFunctionCall(clang::SourceLocation, clang::FunctionDecl const*, (anonymous namespace)::LValue const*, clang::Expr const*, llvm::ArrayRef<clang::Expr const*>, (anonymous namespace)::CallRef, clang::Stmt const*, (anonymous namespace)::EvalInfo&, clang::APValue&, (anonymous namespace)::LValue const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:6520:24
llvm#21 0x561e4b4c9652 in handleCallExpr third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:8332:10
llvm#22 0x561e4b4c9652 in VisitCallExpr third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:8132:10
llvm#23 0x561e4b4c9652 in visitNonBuiltinCallExpr third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:9749:28
llvm#24 0x561e4b4c9652 in (anonymous namespace)::PointerExprEvaluator::VisitCallExpr(clang::CallExpr const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:9763:12
llvm#25 0x561e4b4c3e5b in clang::StmtVisitorBase<llvm::make_const_ptr, (anonymous namespace)::PointerExprEvaluator, bool>::Visit(clang::Stmt const*) blaze-out/k8-opt-asan/genfiles/third_party/llvm/llvm-project/clang/include/clang/AST/StmtNodes.inc
llvm#26 0x561e4b3ff820 in EvaluatePointer third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:9458:60
llvm#27 0x561e4b3ff820 in Evaluate(clang::APValue&, (anonymous namespace)::EvalInfo&, clang::Expr const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:16343:10
llvm#28 0x561e4b4ad3c2 in EvaluateAsBooleanCondition third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:2742:8
llvm#29 0x561e4b4ad3c2 in (anonymous namespace)::IntExprEvaluator::VisitCastExpr(clang::CastExpr const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:14877:10
llvm#30 0x561e4b49f192 in clang::StmtVisitorBase<llvm::make_const_ptr, (anonymous namespace)::IntExprEvaluator, bool>::Visit(clang::Stmt const*) third_party/llvm/llvm-project/clang/include/clang/AST/StmtVisitor.h
llvm#31 0x561e4b3ff8af in Evaluate(clang::APValue&, (anonymous namespace)::EvalInfo&, clang::Expr const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:16339:41
llvm#32 0x561e4b4a0dd2 in EvaluateAsBooleanCondition third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:2742:8
llvm#33 0x561e4b4a0dd2 in (anonymous namespace)::IntExprEvaluator::VisitUnaryOperator(clang::UnaryOperator const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:14795:10
llvm#34 0x561e4b49f0db in clang::StmtVisitorBase<llvm::make_const_ptr, (anonymous namespace)::IntExprEvaluator, bool>::Visit(clang::Stmt const*) third_party/llvm/llvm-project/clang/include/clang/AST/StmtVisitor.h
llvm#35 0x561e4b3ff8af in Evaluate(clang::APValue&, (anonymous namespace)::EvalInfo&, clang::Expr const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:16339:41
llvm#36 0x561e4b3fbe35 in EvaluateAsRValue((anonymous namespace)::EvalInfo&, clang::Expr const*, clang::APValue&) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:16455:8
llvm#37 0x561e4b3fc278 in clang::Expr::EvaluateForOverflow(clang::ASTContext const&) const third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:16903:11
llvm#38 0x561e4a020e69 in clang::Sema::CheckForIntOverflow(clang::Expr const*) third_party/crosstool/v18/stable/src/libcxx/include/__memory/uninitialized_algorithms.h
llvm#39 0x561e4a021cd7 in clang::Sema::CheckCompletedExpr(clang::Expr*, clang::SourceLocation, bool) third_party/llvm/llvm-project/clang/lib/Sema/SemaChecking.cpp:12989:5
llvm#40 0x561e4a4b9d2e in clang::Sema::ActOnFinishFullExpr(clang::Expr*, clang::SourceLocation, bool, bool, bool) third_party/llvm/llvm-project/clang/lib/Sema/SemaExprCXX.cpp:9225:3
llvm#41 0x561e4a372e20 in MakeFullExpr third_party/llvm/llvm-project/clang/include/clang/Sema/Sema.h:7292:9
llvm#42 0x561e4a372e20 in clang::Sema::ActOnCondition(clang::Scope*, clang::SourceLocation, clang::Expr*, clang::Sema::ConditionKind, bool) third_party/llvm/llvm-project/clang/lib/Sema/SemaExpr.cpp:20363:26
llvm#43 0x561e49b5407d in clang::Parser::ParseCXXCondition(clang::ActionResult<clang::Stmt*, true>*, clang::SourceLocation, clang::Sema::ConditionKind, bool, clang::Parser::ForRangeInfo*, bool) third_party/llvm/llvm-project/clang/lib/Parse/ParseExprCXX.cpp:2204:20
llvm#44 0x561e49c000a8 in clang::Parser::ParseParenExprOrCondition(clang::ActionResult<clang::Stmt*, true>*, clang::Sema::ConditionResult&, clang::SourceLocation, clang::Sema::ConditionKind, clang::SourceLocation&, clang::SourceLocation&) third_party/llvm/llvm-project/clang/lib/Parse/ParseStmt.cpp:1376:12
llvm#45 0x561e49bf6c2f in clang::Parser::ParseIfStatement(clang::SourceLocation*) third_party/llvm/llvm-project/clang/lib/Parse/ParseStmt.cpp:1587:9
llvm#46 0x561e49bf2d6d in clang::Parser::ParseStatementOrDeclarationAfterAttributes(llvm::SmallVector<clang::Stmt*, 32u>&, clang::Parser::ParsedStmtContext, clang::SourceLocation*, clang::ParsedAttributes&, clang::ParsedAttributes&) third_party/llvm/llvm-project/clang/lib/Parse/ParseStmt.cpp:325:12
llvm#47 0x561e49bf0a6e in clang::Parser::ParseStatementOrDeclaration(llvm::SmallVector<clang::Stmt*, 32u>&, clang::Parser::ParsedStmtContext, clang::SourceLocation*) third_party/llvm/llvm-project/clang/lib/Parse/ParseStmt.cpp:125:20
llvm#48 0x561e49bff57d in clang::Parser::ParseCompoundStatementBody(bool) third_party/llvm/llvm-project/clang/lib/Parse/ParseStmt.cpp:1267:11
llvm#49 0x561e49c0136e in clang::Parser::ParseFunctionStatementBody(clang::Decl*, clang::Parser::ParseScope&) third_party/llvm/llvm-project/clang/lib/Parse/ParseStmt.cpp:2577:21
llvm#50 0x561e49afa4fd in clang::Parser::ParseFunctionDefinition(clang::ParsingDeclarator&, clang::Parser::ParsedTemplateInfo const&, clang::Parser::LateParsedAttrList*) third_party/llvm/llvm-project/clang/lib/Parse/Parser.cpp:1520:10
llvm#51 0x561e49ba6e44 in clang::Parser::ParseDeclGroup(clang::ParsingDeclSpec&, clang::DeclaratorContext, clang::ParsedAttributes&, clang::Parser::ParsedTemplateInfo&, clang::SourceLocation*, clang::Parser::ForRangeInit*) third_party/llvm/llvm-project/clang/lib/Parse/ParseDecl.cpp:2460:17
llvm#52 0x561e49af8746 in clang::Parser::ParseDeclOrFunctionDefInternal(clang::ParsedAttributes&, clang::ParsedAttributes&, clang::ParsingDeclSpec&, clang::AccessSpecifier) third_party/llvm/llvm-project/clang/lib/Parse/Parser.cpp:1244:10
llvm#53 0x561e49af79f8 in clang::Parser::ParseDeclarationOrFunctionDefinition(clang::ParsedAttributes&, clang::ParsedAttributes&, clang::ParsingDeclSpec*, clang::AccessSpecifier) third_party/llvm/llvm-project/clang/lib/Parse/Parser.cpp:1266:12
llvm#54 0x561e49af5d96 in clang::Parser::ParseExternalDeclaration(clang::ParsedAttributes&, clang::ParsedAttributes&, clang::ParsingDeclSpec*) third_party/llvm/llvm-project/clang/lib/Parse/Parser.cpp:1069:14
llvm#55 0x561e49b6c42c in clang::Parser::ParseInnerNamespace(llvm::SmallVector<clang::Parser::InnerNamespaceInfo, 4u> const&, unsigned int, clang::SourceLocation&, clang::ParsedAttributes&, clang::BalancedDelimiterTracker&) third_party/llvm/llvm-project/clang/lib/Parse/ParseDeclCXX.cpp:276:7
llvm#56 0x561e49b6c5d7 in clang::Parser::ParseInnerNamespace(llvm::SmallVector<clang::Parser::InnerNamespaceInfo, 4u> const&, unsigned int, clang::SourceLocation&, clang::ParsedAttributes&, clang::BalancedDelimiterTracker&) third_party/llvm/llvm-project/clang/lib/Parse/ParseDeclCXX.cpp:298:3
llvm#57 0x561e49b6b7c3 in clang::Parser::ParseNamespace(clang::DeclaratorContext, clang::SourceLocation&, clang::SourceLocation) third_party/llvm/llvm-project/clang/lib/Parse/ParseDeclCXX.cpp:253:3
llvm#58 0x561e49ba337a in clang::Parser::ParseDeclaration(clang::DeclaratorContext, clang::SourceLocation&, clang::ParsedAttributes&, clang::ParsedAttributes&, clang::SourceLocation*) third_party/llvm/llvm-project/clang/lib/Parse/ParseDecl.cpp
llvm#59 0x561e49af563a in clang::Parser::ParseExternalDeclaration(clang::ParsedAttributes&, clang::ParsedAttributes&, clang::ParsingDeclSpec*) third_party/llvm/llvm-project/clang/lib/Parse/Parser.cpp:985:14
llvm#60 0x561e49af3779 in clang::Parser::ParseTopLevelDecl(clang::OpaquePtr<clang::DeclGroupRef>&, clang::Sema::ModuleImportState&) third_party/llvm/llvm-project/clang/lib/Parse/Parser.cpp:758:12
llvm#61 0x561e49aec6ae in clang::ParseAST(clang::Sema&, bool, bool) third_party/llvm/llvm-project/clang/lib/Parse/ParseAST.cpp:171:20
llvm#62 0x561e496f13ae in clang::ASTFrontendAction::ExecuteAction() third_party/llvm/llvm-project/clang/lib/Frontend/FrontendAction.cpp:1191:3
llvm#63 0x561e496f0874 in clang::FrontendAction::Execute() third_party/llvm/llvm-project/clang/lib/Frontend/FrontendAction.cpp:1077:8
llvm#64 0x561e49644511 in clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) third_party/llvm/llvm-project/clang/lib/Frontend/CompilerInstance.cpp:1062:33
llvm#65 0x561e47ffe1b9 in clang::ExecuteCompilerInvocation(clang::CompilerInstance*) third_party/llvm/llvm-project/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:296:25
llvm#66 0x561e47fee631 in cc1_main(llvm::ArrayRef<char const*>, char const*, void*) third_party/llvm/llvm-project/clang/tools/driver/cc1_main.cpp:286:15
llvm#67 0x561e47fe9912 in ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&, llvm::ToolContext const&) third_party/llvm/llvm-project/clang/tools/driver/driver.cpp:218:12
llvm#68 0x561e47fec7e6 in operator() third_party/llvm/llvm-project/clang/tools/driver/driver.cpp:360:14
llvm#69 0x561e47fec7e6 in int llvm::function_ref<int (llvm::SmallVectorImpl<char const*>&)>::callback_fn<clang_main(int, char**, llvm::ToolContext const&)::$_0>(long, llvm::SmallVectorImpl<char const*>&) third_party/llvm/llvm-project/llvm/include/llvm/ADT/STLFunctionalExtras.h:46:12
#70 0x561e498bc531 in operator() third_party/llvm/llvm-project/llvm/include/llvm/ADT/STLFunctionalExtras.h:69:12
llvm#71 0x561e498bc531 in operator() third_party/llvm/llvm-project/clang/lib/Driver/Job.cpp:437:34
llvm#72 0x561e498bc531 in void llvm::function_ref<void ()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<std::__u::optional<llvm::StringRef>>, std::__u::basic_string<char, std::__u::char_traits<char>, std::__u::allocator<char>>*, bool*) const::$_0>(long) third_party/llvm/llvm-project/llvm/include/llvm/ADT/STLFunctionalExtras.h:46:12
llvm#73 0x561e4ff969e8 in operator() third_party/llvm/llvm-project/llvm/include/llvm/ADT/STLFunctionalExtras.h:69:12
llvm#74 0x561e4ff969e8 in llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) third_party/llvm/llvm-project/llvm/lib/Support/CrashRecoveryContext.cpp:426:3
llvm#75 0x561e498bb331 in clang::driver::CC1Command::Execute(llvm::ArrayRef<std::__u::optional<llvm::StringRef>>, std::__u::basic_string<char, std::__u::char_traits<char>, std::__u::allocator<char>>*, bool*) const third_party/llvm/llvm-project/clang/lib/Driver/Job.cpp:437:12
llvm#76 0x561e49860e38 in clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&, clang::driver::Command const*&, bool) const third_party/llvm/llvm-project/clang/lib/Driver/Compilation.cpp:196:15
llvm#77 0x561e49861154 in clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&, llvm::SmallVectorImpl<std::__u::pair<int, clang::driver::Command const*>>&, bool) const third_party/llvm/llvm-project/clang/lib/Driver/Compilation.cpp:250:19
llvm#78 0x561e49886037 in clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&, llvm::SmallVectorImpl<std::__u::pair<int, clang::driver::Command const*>>&) third_party/llvm/llvm-project/clang/lib/Driver/Driver.cpp:1968:5
llvm#79 0x561e47fe8c7d in clang_main(int, char**, llvm::ToolContext const&) third_party/llvm/llvm-project/clang/tools/driver/driver.cpp:396:21
llvm#80 0x561e47fe6ae7 in main blaze-out/k8-opt-asan/bin/third_party/llvm/llvm-project/clang/clang-driver.cpp:17:10
llvm#81 0x7fb3f13c33d3 in __libc_start_main (/usr/grte/v5/lib64/libc.so.6+0x613d3) (BuildId: 9a996398ce14a94560b0c642eb4f6e94)
llvm#82 0x561e47f0a229 in _start /usr/grte/v5/debug-src/src/csu/../sysdeps/x86_64/start.S:120
0x7c63f05a65b0 is located 48 bytes inside of 104-byte region [0x7c63f05a6580,0x7c63f05a65e8)
freed by thread T0 here:
#0 0x561e47fe5342 in operator delete(void*, unsigned long) third_party/llvm/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:155:3
#1 0x561e4b4c2fcc in __libcpp_operator_delete<void *, unsigned long> third_party/crosstool/v18/stable/src/libcxx/include/new:286:3
#2 0x561e4b4c2fcc in __do_deallocate_handle_size<> third_party/crosstool/v18/stable/src/libcxx/include/new:310:10
llvm#3 0x561e4b4c2fcc in __libcpp_deallocate third_party/crosstool/v18/stable/src/libcxx/include/new:323:12
llvm#4 0x561e4b4c2fcc in deallocate third_party/crosstool/v18/stable/src/libcxx/include/__memory/allocator.h:135:7
llvm#5 0x561e4b4c2fcc in deallocate third_party/crosstool/v18/stable/src/libcxx/include/__memory/allocator_traits.h:313:9
llvm#6 0x561e4b4c2fcc in std::__u::__tree<std::__u::__value_type<std::__u::pair<void const*, unsigned int>, clang::APValue>, std::__u::__map_value_compare<std::__u::pair<void const*, unsigned int>, std::__u::__value_type<std::__u::pair<void const*, unsigned int>, clang::APValue>, std::__u::less<std::__u::pair<void const*, unsigned int>>, true>, std::__u::allocator<std::__u::__value_type<std::__u::pair<void const*, unsigned int>, clang::APValue>>>::destroy(std::__u::__tree_node<std::__u::__value_type<std::__u::pair<void const*, unsigned int>, clang::APValue>, void*>*) third_party/crosstool/v18/stable/src/libcxx/include/__tree:1549:5
llvm#7 0x561e4b400340 in ~__tree third_party/crosstool/v18/stable/src/libcxx/include/__tree:1539:3
llvm#8 0x561e4b400340 in ~map third_party/crosstool/v18/stable/src/libcxx/include/map:1138:112
llvm#9 0x561e4b400340 in (anonymous namespace)::CallStackFrame::~CallStackFrame() third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:1524:1
llvm#10 0x561e4b49697b in HandleConstructorCall(clang::Expr const*, (anonymous namespace)::LValue const&, (anonymous namespace)::CallRef, clang::CXXConstructorDecl const*, (anonymous namespace)::EvalInfo&, clang::APValue&) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:6742:1
llvm#11 0x561e4b400cca in HandleConstructorCall(clang::Expr const*, (anonymous namespace)::LValue const&, llvm::ArrayRef<clang::Expr const*>, clang::CXXConstructorDecl const*, (anonymous namespace)::EvalInfo&, clang::APValue&) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:6753:10
llvm#12 0x561e4b45cfae in (anonymous namespace)::RecordExprEvaluator::VisitCXXConstructExpr(clang::CXXConstructExpr const*, clang::QualType) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:10792:10
llvm#13 0x561e4b45dae7 in clang::StmtVisitorBase<llvm::make_const_ptr, (anonymous namespace)::RecordExprEvaluator, bool>::Visit(clang::Stmt const*) blaze-out/k8-opt-asan/genfiles/third_party/llvm/llvm-project/clang/include/clang/AST/StmtNodes.inc
llvm#14 0x561e4b3f963e in EvaluateRecord third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:10917:50
llvm#15 0x561e4b3f963e in EvaluateInPlace(clang::APValue&, (anonymous namespace)::EvalInfo&, (anonymous namespace)::LValue const&, clang::Expr const*, bool) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:16425:14
llvm#16 0x561e4b3ff0b3 in EvaluateCallArg(clang::ParmVarDecl const*, clang::Expr const*, (anonymous namespace)::CallRef, (anonymous namespace)::EvalInfo&, bool) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:6403:8
llvm#17 0x561e4b440530 in EvaluateArgs(llvm::ArrayRef<clang::Expr const*>, (anonymous namespace)::CallRef, (anonymous namespace)::EvalInfo&, clang::FunctionDecl const*, bool) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:6442:10
llvm#18 0x561e4b4a503e in handleCallExpr third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:8298:12
llvm#19 0x561e4b4a503e in VisitCallExpr third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:8132:10
llvm#20 0x561e4b4a503e in (anonymous namespace)::IntExprEvaluator::VisitCallExpr(clang::CallExpr const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:12700:33
llvm#21 0x561e4b49f1a5 in clang::StmtVisitorBase<llvm::make_const_ptr, (anonymous namespace)::IntExprEvaluator, bool>::Visit(clang::Stmt const*) third_party/llvm/llvm-project/clang/include/clang/AST/StmtVisitor.h
llvm#22 0x561e4b3ff8af in Evaluate(clang::APValue&, (anonymous namespace)::EvalInfo&, clang::Expr const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:16339:41
llvm#23 0x561e4b424658 in EvaluateAsBooleanCondition third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:2742:8
llvm#24 0x561e4b424658 in EvaluateCond((anonymous namespace)::EvalInfo&, clang::VarDecl const*, clang::Expr const*, bool&) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:5182:8
llvm#25 0x561e4b41ea8c in EvaluateStmt((anonymous namespace)::StmtResult&, (anonymous namespace)::EvalInfo&, clang::Stmt const*, clang::SwitchCase const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:5555:17
llvm#26 0x561e4b423755 in EvaluateLoopBody((anonymous namespace)::StmtResult&, (anonymous namespace)::EvalInfo&, clang::Stmt const*, clang::SwitchCase const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:5221:24
llvm#27 0x561e4b41d597 in EvaluateStmt((anonymous namespace)::StmtResult&, (anonymous namespace)::EvalInfo&, clang::Stmt const*, clang::SwitchCase const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:5635:28
llvm#28 0x561e4b41d341 in EvaluateStmt((anonymous namespace)::StmtResult&, (anonymous namespace)::EvalInfo&, clang::Stmt const*, clang::SwitchCase const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:5521:28
llvm#29 0x561e4b40113c in HandleFunctionCall(clang::SourceLocation, clang::FunctionDecl const*, (anonymous namespace)::LValue const*, clang::Expr const*, llvm::ArrayRef<clang::Expr const*>, (anonymous namespace)::CallRef, clang::Stmt const*, (anonymous namespace)::EvalInfo&, clang::APValue&, (anonymous namespace)::LValue const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:6520:24
llvm#30 0x561e4b4c9652 in handleCallExpr third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:8332:10
llvm#31 0x561e4b4c9652 in VisitCallExpr third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:8132:10
llvm#32 0x561e4b4c9652 in visitNonBuiltinCallExpr third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:9749:28
llvm#33 0x561e4b4c9652 in (anonymous namespace)::PointerExprEvaluator::VisitCallExpr(clang::CallExpr const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:9763:12
llvm#34 0x561e4b4c3e5b in clang::StmtVisitorBase<llvm::make_const_ptr, (anonymous namespace)::PointerExprEvaluator, bool>::Visit(clang::Stmt const*) blaze-out/k8-opt-asan/genfiles/third_party/llvm/llvm-project/clang/include/clang/AST/StmtNodes.inc
llvm#35 0x561e4b3ff820 in EvaluatePointer third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:9458:60
llvm#36 0x561e4b3ff820 in Evaluate(clang::APValue&, (anonymous namespace)::EvalInfo&, clang::Expr const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:16343:10
llvm#37 0x561e4b41f204 in EvaluateStmt((anonymous namespace)::StmtResult&, (anonymous namespace)::EvalInfo&, clang::Stmt const*, clang::SwitchCase const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:5511:17
llvm#38 0x561e4b41d341 in EvaluateStmt((anonymous namespace)::StmtResult&, (anonymous namespace)::EvalInfo&, clang::Stmt const*, clang::SwitchCase const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:5521:28
llvm#39 0x561e4b40113c in HandleFunctionCall(clang::SourceLocation, clang::FunctionDecl const*, (anonymous namespace)::LValue const*, clang::Expr const*, llvm::ArrayRef<clang::Expr const*>, (anonymous namespace)::CallRef, clang::Stmt const*, (anonymous namespace)::EvalInfo&, clang::APValue&, (anonymous namespace)::LValue const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:6520:24
llvm#40 0x561e4b4c9652 in handleCallExpr third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:8332:10
llvm#41 0x561e4b4c9652 in VisitCallExpr third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:8132:10
llvm#42 0x561e4b4c9652 in visitNonBuiltinCallExpr third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:9749:28
llvm#43 0x561e4b4c9652 in (anonymous namespace)::PointerExprEvaluator::VisitCallExpr(clang::CallExpr const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:9763:12
llvm#44 0x561e4b4c3e5b in clang::StmtVisitorBase<llvm::make_const_ptr, (anonymous namespace)::PointerExprEvaluator, bool>::Visit(clang::Stmt const*) blaze-out/k8-opt-asan/genfiles/third_party/llvm/llvm-project/clang/include/clang/AST/StmtNodes.inc
llvm#45 0x561e4b3ff820 in EvaluatePointer third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:9458:60
llvm#46 0x561e4b3ff820 in Evaluate(clang::APValue&, (anonymous namespace)::EvalInfo&, clang::Expr const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:16343:10
llvm#47 0x561e4b4ad3c2 in EvaluateAsBooleanCondition third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:2742:8
llvm#48 0x561e4b4ad3c2 in (anonymous namespace)::IntExprEvaluator::VisitCastExpr(clang::CastExpr const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:14877:10
llvm#49 0x561e4b49f192 in clang::StmtVisitorBase<llvm::make_const_ptr, (anonymous namespace)::IntExprEvaluator, bool>::Visit(clang::Stmt const*) third_party/llvm/llvm-project/clang/include/clang/AST/StmtVisitor.h
previously allocated by thread T0 here:
#0 0x561e47fe46bd in operator new(unsigned long) third_party/llvm/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:86:3
#1 0x561e4b424d00 in __libcpp_operator_new<unsigned long> third_party/crosstool/v18/stable/src/libcxx/include/new:277:10
#2 0x561e4b424d00 in __libcpp_allocate third_party/crosstool/v18/stable/src/libcxx/include/new:301:10
llvm#3 0x561e4b424d00 in allocate third_party/crosstool/v18/stable/src/libcxx/include/__memory/allocator.h:120:32
llvm#4 0x561e4b424d00 in allocate third_party/crosstool/v18/stable/src/libcxx/include/__memory/allocator_traits.h:281:16
llvm#5 0x561e4b424d00 in __construct_node<const std::__u::piecewise_construct_t &, std::__u::tuple<std::__u::pair<const void *, unsigned int> &&>, std::__u::tuple<> > third_party/crosstool/v18/stable/src/libcxx/include/__tree:1820:21
llvm#6 0x561e4b424d00 in std::__u::pair<std::__u::__tree_iterator<std::__u::__value_type<std::__u::pair<void const*, unsigned int>, clang::APValue>, std::__u::__tree_node<std::__u::__value_type<std::__u::pair<void const*, unsigned int>, clang::APValue>, void*>*, long>, bool> std::__u::__tree<std::__u::__value_type<std::__u::pair<void const*, unsigned int>, clang::APValue>, std::__u::__map_value_compare<std::__u::pair<void const*, unsigned int>, std::__u::__value_type<std::__u::pair<void const*, unsigned int>, clang::APValue>, std::__u::less<std::__u::pair<void const*, unsigned int>>, true>, std::__u::allocator<std::__u::__value_type<std::__u::pair<void const*, unsigned int>, clang::APValue>>>::__emplace_unique_key_args<std::__u::pair<void const*, unsigned int>, std::__u::piecewise_construct_t const&, std::__u::tuple<std::__u::pair<void const*, unsigned int>&&>, std::__u::tuple<>>(std::__u::pair<void const*, unsigned int> const&, std::__u::piecewise_construct_t const&, std::__u::tuple<std::__u::pair<void const*, unsigned int>&&>&&, std::__u::tuple<>&&) third_party/crosstool/v18/stable/src/libcxx/include/__tree:1787:25
llvm#7 0x561e4b424a03 in operator[] third_party/crosstool/v18/stable/src/libcxx/include/map:1531:8
llvm#8 0x561e4b424a03 in (anonymous namespace)::CallStackFrame::createLocal(clang::APValue::LValueBase, void const*, clang::QualType, (anonymous namespace)::ScopeKind) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:1963:21
llvm#9 0x561e4b42bd95 in clang::APValue& (anonymous namespace)::CallStackFrame::createTemporary<clang::Expr>(clang::Expr const*, clang::QualType, (anonymous namespace)::ScopeKind, (anonymous namespace)::LValue&) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:1944:10
llvm#10 0x561e4b3ffd17 in Evaluate(clang::APValue&, (anonymous namespace)::EvalInfo&, clang::Expr const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:16367:27
llvm#11 0x561e4b40429c in handleLValueToRValueConversion((anonymous namespace)::EvalInfo&, clang::Expr const*, clang::QualType, (anonymous namespace)::LValue const&, clang::APValue&, bool) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:4518:12
llvm#12 0x561e4b496e9c in handleTrivialCopy((anonymous namespace)::EvalInfo&, clang::ParmVarDecl const*, clang::Expr const*, clang::APValue&, bool) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:6469:10
llvm#13 0x561e4b494fdd in HandleConstructorCall(clang::Expr const*, (anonymous namespace)::LValue const&, (anonymous namespace)::CallRef, clang::CXXConstructorDecl const*, (anonymous namespace)::EvalInfo&, clang::APValue&) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:6582:12
llvm#14 0x561e4b400cca in HandleConstructorCall(clang::Expr const*, (anonymous namespace)::LValue const&, llvm::ArrayRef<clang::Expr const*>, clang::CXXConstructorDecl const*, (anonymous namespace)::EvalInfo&, clang::APValue&) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:6753:10
llvm#15 0x561e4b45cfae in (anonymous namespace)::RecordExprEvaluator::VisitCXXConstructExpr(clang::CXXConstructExpr const*, clang::QualType) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:10792:10
llvm#16 0x561e4b45dae7 in clang::StmtVisitorBase<llvm::make_const_ptr, (anonymous namespace)::RecordExprEvaluator, bool>::Visit(clang::Stmt const*) blaze-out/k8-opt-asan/genfiles/third_party/llvm/llvm-project/clang/include/clang/AST/StmtNodes.inc
llvm#17 0x561e4b3f963e in EvaluateRecord third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:10917:50
llvm#18 0x561e4b3f963e in EvaluateInPlace(clang::APValue&, (anonymous namespace)::EvalInfo&, (anonymous namespace)::LValue const&, clang::Expr const*, bool) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:16425:14
llvm#19 0x561e4b3ff0b3 in EvaluateCallArg(clang::ParmVarDecl const*, clang::Expr const*, (anonymous namespace)::CallRef, (anonymous namespace)::EvalInfo&, bool) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:6403:8
llvm#20 0x561e4b440530 in EvaluateArgs(llvm::ArrayRef<clang::Expr const*>, (anonymous namespace)::CallRef, (anonymous namespace)::EvalInfo&, clang::FunctionDecl const*, bool) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:6442:10
llvm#21 0x561e4b4a503e in handleCallExpr third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:8298:12
llvm#22 0x561e4b4a503e in VisitCallExpr third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:8132:10
llvm#23 0x561e4b4a503e in (anonymous namespace)::IntExprEvaluator::VisitCallExpr(clang::CallExpr const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:12700:33
llvm#24 0x561e4b49f1a5 in clang::StmtVisitorBase<llvm::make_const_ptr, (anonymous namespace)::IntExprEvaluator, bool>::Visit(clang::Stmt const*) third_party/llvm/llvm-project/clang/include/clang/AST/StmtVisitor.h
llvm#25 0x561e4b3ff8af in Evaluate(clang::APValue&, (anonymous namespace)::EvalInfo&, clang::Expr const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:16339:41
llvm#26 0x561e4b424658 in EvaluateAsBooleanCondition third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:2742:8
llvm#27 0x561e4b424658 in EvaluateCond((anonymous namespace)::EvalInfo&, clang::VarDecl const*, clang::Expr const*, bool&) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:5182:8
llvm#28 0x561e4b41ea8c in EvaluateStmt((anonymous namespace)::StmtResult&, (anonymous namespace)::EvalInfo&, clang::Stmt const*, clang::SwitchCase const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:5555:17
llvm#29 0x561e4b423755 in EvaluateLoopBody((anonymous namespace)::StmtResult&, (anonymous namespace)::EvalInfo&, clang::Stmt const*, clang::SwitchCase const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:5221:24
llvm#30 0x561e4b41d597 in EvaluateStmt((anonymous namespace)::StmtResult&, (anonymous namespace)::EvalInfo&, clang::Stmt const*, clang::SwitchCase const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:5635:28
llvm#31 0x561e4b41d341 in EvaluateStmt((anonymous namespace)::StmtResult&, (anonymous namespace)::EvalInfo&, clang::Stmt const*, clang::SwitchCase const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:5521:28
llvm#32 0x561e4b40113c in HandleFunctionCall(clang::SourceLocation, clang::FunctionDecl const*, (anonymous namespace)::LValue const*, clang::Expr const*, llvm::ArrayRef<clang::Expr const*>, (anonymous namespace)::CallRef, clang::Stmt const*, (anonymous namespace)::EvalInfo&, clang::APValue&, (anonymous namespace)::LValue const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:6520:24
llvm#33 0x561e4b4c9652 in handleCallExpr third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:8332:10
llvm#34 0x561e4b4c9652 in VisitCallExpr third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:8132:10
llvm#35 0x561e4b4c9652 in visitNonBuiltinCallExpr third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:9749:28
llvm#36 0x561e4b4c9652 in (anonymous namespace)::PointerExprEvaluator::VisitCallExpr(clang::CallExpr const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:9763:12
llvm#37 0x561e4b4c3e5b in clang::StmtVisitorBase<llvm::make_const_ptr, (anonymous namespace)::PointerExprEvaluator, bool>::Visit(clang::Stmt const*) blaze-out/k8-opt-asan/genfiles/third_party/llvm/llvm-project/clang/include/clang/AST/StmtNodes.inc
llvm#38 0x561e4b3ff820 in EvaluatePointer third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:9458:60
llvm#39 0x561e4b3ff820 in Evaluate(clang::APValue&, (anonymous namespace)::EvalInfo&, clang::Expr const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:16343:10
llvm#40 0x561e4b41f204 in EvaluateStmt((anonymous namespace)::StmtResult&, (anonymous namespace)::EvalInfo&, clang::Stmt const*, clang::SwitchCase const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:5511:17
llvm#41 0x561e4b41d341 in EvaluateStmt((anonymous namespace)::StmtResult&, (anonymous namespace)::EvalInfo&, clang::Stmt const*, clang::SwitchCase const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:5521:28
llvm#42 0x561e4b40113c in HandleFunctionCall(clang::SourceLocation, clang::FunctionDecl const*, (anonymous namespace)::LValue const*, clang::Expr const*, llvm::ArrayRef<clang::Expr const*>, (anonymous namespace)::CallRef, clang::Stmt const*, (anonymous namespace)::EvalInfo&, clang::APValue&, (anonymous namespace)::LValue const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:6520:24
llvm#43 0x561e4b4c9652 in handleCallExpr third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:8332:10
llvm#44 0x561e4b4c9652 in VisitCallExpr third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:8132:10
llvm#45 0x561e4b4c9652 in visitNonBuiltinCallExpr third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:9749:28
llvm#46 0x561e4b4c9652 in (anonymous namespace)::PointerExprEvaluator::VisitCallExpr(clang::CallExpr const*) third_party/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp:9763:12
```
|
Here's a small reprocase (thanks to cvise for getting it): // Run under ASAN: clang -fsyntax-only <file>
template <class _InputIterator, class _Predicate>
constexpr _InputIterator find_if(_InputIterator __first, _Predicate __pred) {
if (__pred(*__first))
;
}
template <class = char>
struct basic_string_view {
char __data_;
};
template <typename T>
struct Span {
T *begin;
};
constexpr Span<basic_string_view<char>> kNames((basic_string_view<char>[]){});
void StripConsentJoinIfNeeded() {
!find_if(kNames.begin, [](basic_string_view<char>) { return true; });
}Somebody would need to dig a little deeper to understand what's causing the crash here, but it should be manageable with this size. (I'd look at it myself, but probably not until next week) |
The repro doesn't compile in this shape, I've changed it to This compiles but doesn't crash under ASAN (neither without ASAN). @ilya-biryukov @kadircet Can you spot any changes in the reproducer that make it not crash anymore? |
|
sample in #118480 (comment) still triggers the crash for me, need to pass |
Makes sense, I could reproduce the example. |
|
ping, is this still a problem? |
yes, this is still happening. but I am currently lacking cycles to dig deeper into expression evaluation to see if this is the right fix given the reproducer. @VitaNuo was to take a look with some limited capacity, but I think she's also in a similar situation as me :D. If anyone wants to take over/help, feel free to do so. But I'll wait for an update from @VitaNuo, in case she already made progress here. |
SGTM. I could reproduce the issue, but then ran out of capacity. I'm not sure I'll be able to prioritize this soon vs. the module-related work. |
Has there been any chance to get back into this yet? |
|
|
hi @AaronBallman, no unfortunately we didn't make any progress here, and I just verified that reproducer from #118480 (comment) is still triggering the issue (with -std=c++20). |
Internal validation testing at Intel is hitting this same problem, so we can also reproduce the issue. Any chance we can get this PR across the finish line? The failures we're seeing are with the clang test suite itself: |
Ping |
|
@kadircet let's team up tomorrow and poke at what's happening with the smaller reproducer to figure out if this is the right fix? @AaronBallman I was initially concerned that it would be incorrect to consider the compound literal expression a full expression even if it fixes the crash. After re-reading the code now, I'm not sure how to properly test that as C++ does not have those (right?) and so I'd probably spend some time poking at GCC and Clang's codegen to see if they exhibit the signs of full expressions. If you feel this fix is correct (or at least won't hurt too much), we can definitely land this ASAP. Help with reviewing this or steering it in the right direction is greatly appreciated. |
In C:
So a compound literal is definitely not a full expression in C. C++'s rules are similar: https://eel.is/c++draft/intro.execution#5 What's more, in C, it produces an lvalue whose lifetime is that of the block which contains it whereas in C++ it creates a prvalue... most of the time. There are a pile of FIXMEs around here: so the correct fix may very well be elsewhere. |
AaronBallman
requested review from
zygoloid,
hubert-reinterpretcast and
efriedma-quic
|
@kadircet and I have spent some time on this. The llvm-project/clang/lib/AST/ExprConstant.cpp Line 9127 in 6c56160 When we end up storing this resulting Then the following code sees the expression in various random contexts it didn't belong to (e.g. when calling a constructor that happens to use the global variable) llvm-project/clang/lib/AST/ExprConstant.cpp Line 4585 in 6c56160 We feel that the right fix would be to instead create a proper l-value with the right lifetime (either static or block scope, depending the rules for the compound literals) and remove the "defering" logic altogether. This would be very similar to what This should be enough to fix the crash and properly evaluate the compound literals, but probably won't address the FIXMEs mentioned above. @AaronBallman thanks for the pointers, they were really helpful to figure this out. |
This was referenced Apr 24, 2025
|
Put together a new fix based on the discussions here in #137163, PTAL. @AaronBallman I am afraid this might no longer fix the crashes you're seeing internally though, as the new fix is focused on handling of |
|
Thanks! You're right, it may not address the issue we were seeing. Some of our were also ending up with: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
following ASAN failure is fixed with this patch.
We store cleanups in EvalInfo, which are usually run with certain
ScopeRAII objects.
We can have temporaries in the cleanup stack, backed by CallStackFrame.
If such temporaries aren't destroyed before the enclosing
CallStackFrame, we end up accessing the freed temporary to run the
cleanup.