https://github.com/kadircet updated
https://github.com/llvm/llvm-project/pull/118480
From 9a3ddb6ca0805f238042f0b795de93066f386e08 Mon Sep 17 00:00:00 2001
From: Kadir Cetinkaya
Date: Tue, 3 Dec 2024 11:21:44 +0100
Subject: [PATCH] [clang] Fix a use-after-free in expression evaluation
followin
https://github.com/kadircet closed
https://github.com/llvm/llvm-project/pull/118480
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
AaronBallman wrote:
Thanks! You're right, it may not address the issue we were seeing. Some of our
were also ending up with:
```
==3187048==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x1f73c115 in clang::APValue::operator=(clang::APValue&&)
(/netbatch/donb2642835_00/runDir/
kadircet wrote:
Put together a new fix based on the discussions here in
https://github.com/llvm/llvm-project/pull/137163, PTAL.
@AaronBallman I am afraid this might no longer fix the crashes you're seeing
internally though, as the new fix is focused on handling of
`CompoundLiteralExpr`s, wher
ilya-biryukov wrote:
@kadircet and I have spent some time on this.
The `LValueExprEvaluator` decides to "defer" the evaluation of compound
literals to conversions, but does this in a way that assumes the evaluation
happens inside the same expression.
https://github.com/llvm/llvm-project/blob/
AaronBallman wrote:
> @kadircet let's team up tomorrow and poke at what's happening with the
> smaller reproducer to figure out if this is the right fix?
>
> @AaronBallman I was initially concerned that it would be incorrect to
> consider the compound literal expression a full expression even
ilya-biryukov wrote:
@kadircet let's team up tomorrow and poke at what's happening with the smaller
reproducer to figure out if this is the right fix?
@AaronBallman I was initially concerned that it would be incorrect to consider
the compound literal expression a full expression even if it fix
AaronBallman wrote:
> hi @AaronBallman, no unfortunately we didn't make any progress here, and I
> just verified that reproducer from [#118480
> (comment)](https://github.com/llvm/llvm-project/pull/118480#issuecomment-2538988006)
> is still triggering the issue (with -std=c++20).
Internal val
kadircet wrote:
hi @AaronBallman, no unfortunately we didn't make any progress here, and I just
verified that reproducer from
https://github.com/llvm/llvm-project/pull/118480#issuecomment-2538988006 is
still triggering the issue (with -std=c++20).
https://github.com/llvm/llvm-project/pull/11
AaronBallman wrote:
> > > ping, is this still a problem?
> >
> >
> > yes, this is still happening. but I am currently lacking cycles to dig
> > deeper into expression evaluation to see if this is the right fix given the
> > reproducer. @VitaNuo was to take a look with some limited capacity, b
AaronBallman wrote:
> > ping, is this still a problem?
>
> yes, this is still happening. but I am currently lacking cycles to dig deeper
> into expression evaluation to see if this is the right fix given the
> reproducer. @VitaNuo was to take a look with some limited capacity, but I
> think s
VitaNuo wrote:
> If anyone wants to take over/help, feel free to do so.
SGTM. I could reproduce the issue, but then ran out of capacity. I'm not sure
I'll be able to prioritize this soon vs. the module-related work.
https://github.com/llvm/llvm-project/pull/118480
kadircet wrote:
> ping, is this still a problem?
yes, this is still happening. but I am currently lacking cycles to dig deeper
into expression evaluation to see if this is the right fix given the
reproducer. @VitaNuo was to take a look with some limited capacity, but I think
she's also in a s
shafik wrote:
ping, is this still a problem?
https://github.com/llvm/llvm-project/pull/118480
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
VitaNuo wrote:
> need to pass -std=c++20.
> passing -DLLVM_USE_SANITIZER=Address in your cmake configuration should be
> enough for that.
Makes sense, I could reproduce the example.
https://github.com/llvm/llvm-project/pull/118480
___
cfe-commits mai
kadircet wrote:
sample in
https://github.com/llvm/llvm-project/pull/118480#issuecomment-2538988006 still
triggers the crash for me, need to pass `-std=c++20`.
but note that it isn't the sample that should be built with ASAN, it's the
clang itself that needs to be built with ASAN. passing
`-DL
VitaNuo wrote:
> Here's a small reprocase (thanks to cvise for getting it)
The repro doesn't compile in this shape, I've changed it to
```
template
constexpr InputIterator find_if(InputIterator first, Predicate pred) {
if (pred(*first))
;
return first;
}
template
struct basic_string_
ilya-biryukov wrote:
Here's a small reprocase (thanks for cvise for getting it):
```cpp
// Run under ASAN: clang -fsyntax-only
template
constexpr _InputIterator find_if(_InputIterator __first, _Predicate __pred) {
if (__pred(*__first))
;
}
template
struct basic_string_view {
char __d
@@ -4515,6 +4515,8 @@ handleLValueToRValueConversion(EvalInfo &Info, const Expr
*Conv, QualType Type,
}
APValue Lit;
+ // Make sure we clean up the temporary created below.
+ FullExpressionRAII CleanupTemps(Info);
kadircet wrote:
> we c
@@ -4515,6 +4515,8 @@ handleLValueToRValueConversion(EvalInfo &Info, const Expr
*Conv, QualType Type,
}
APValue Lit;
+ // Make sure we clean up the temporary created below.
+ FullExpressionRAII CleanupTemps(Info);
ilya-biryukov wrote:
C
kadircet wrote:
still trying to come up with a reproducer.
i am also not sure if this is the best place to have the cleanup, but if i did
that closer to
[leaves](https://github.com/llvm/llvm-project/blob/main/clang/lib/AST/ExprConstant.cpp#L16376-L16385)
tests start failing. so open for sugge
llvmbot wrote:
@llvm/pr-subscribers-clang
Author: kadir çetinkaya (kadircet)
Changes
following ASAN failure is fixed with this patch.
We store cleanups in EvalInfo, which are usually run with certain
ScopeRAII objects.
We can have temporaries in the cleanup stack, backed by CallStackFrame.
https://github.com/kadircet created
https://github.com/llvm/llvm-project/pull/118480
following ASAN failure is fixed with this patch.
We store cleanups in EvalInfo, which are usually run with certain
ScopeRAII objects.
We can have temporaries in the cleanup stack, backed by CallStackFrame.
If su
23 matches
Mail list logo
