<div style="font-family: arial, helvetica, sans-serif; font-size: 10pt"><br><br><div class="gmail_quote">On Sat, Nov 17, 2012 at 12:42 AM, Kostya Serebryany <span dir="ltr"><<a href="mailto:kcc@google.com" target="_blank">kcc@google.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="font-family:arial,helvetica,sans-serif;font-size:10pt">+samsonov<div><br></div><div>Alexey, will we catch this with asan use-after-scope? <br>
</div></div></blockquote><div><br></div><div>Looks like we will. Can't tell for sure yet =/</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="font-family:arial,helvetica,sans-serif;font-size:10pt">
<div><br><div class="gmail_quote"><div class="im">On Fri, Nov 16, 2012 at 10:45 AM, Matthieu Monrocq <span dir="ltr"><<a href="mailto:matthieu.monrocq@gmail.com" target="_blank">matthieu.monrocq@gmail.com</a>></span> wrote:<br>
</div><div><div class="h5"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br><br><div class="gmail_quote"><div>On Fri, Nov 16, 2012 at 2:58 AM, David Blaikie <span dir="ltr"><<a href="mailto:dblaikie@gmail.com" target="_blank">dblaikie@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Can we warn about this?<br>
<div><br></div></blockquote></div><div><br>Unfortunately no. I don't think so. It would require inspecting the body of `cast`...<br><br>Argyrios implemented a whole class of warnings around this theme a while ago now, and as we drilled into it (and I believe you helped) we just decided that looking through functions was too difficult. As such: `T const& foo(T const& t) { return t; }` completely dulls out binding to temporary warnings => the function itself is correct, but its use may not.<br>
<br><br>However it seems to be that the problem is caused by the implementation of `cast` is wrong.<br><br>template <class X, class Y><br>inline typename cast_retty<X, Y>::ret_type cast(const Y &Val) {<br>
assert(isa<X>(Val) && "cast<Ty>() argument of incompatible type!");<br> return cast_convert_val<X, Y,<br> typename simplify_type<Y>::SimpleType>::doit(Val);<br>
}<br><br>We accept a `const&`, allowing bind to temporary, but then the return type can be bound to X& which means the `const` qualifier was dropped on the floor. This is pretty nasty.<br><br>The culprit is actually just above:<br>
<br>template<class To, class FromTy> struct cast_convert_val<To,FromTy,FromTy> {<br> // This _is_ a simple type, just cast it.<br> static typename cast_retty<To, FromTy>::ret_type doit(const FromTy &Val) {<br>
typename cast_retty<To, FromTy>::ret_type Res2<br> = (typename cast_retty<To, FromTy>::ret_type)<b>const_cast</b><FromTy&>(Val);<br> return Res2;<br> }<br>};<br><br><br>However, even overloading on const-ness would not make bind-to-const issues disappear. The only thing I can thing of is:<br>
=> allow `cast` (and al) only on non-const reference<br>=> allow on non-const and const pointers<br><br>which is the only way to circumvent bind-to-temporary situations I know of.<br><br>I am not sure it's worth it.<br>
<br><br>For detection I see only two possibilities:<br>=> Interprocedural (*) static analysis: when analyzing the function, note that its return may be an alias of the parameter; when analyzing the use, note that the statement is only valid if the return is not an alias of the temporary; cross-reference the two and warn about the incompatibility<br>
=> Dynamic instrumentation: I wonder if <b>Asan</b> could catch this (maybe it does already). With the proper instrumentation the destructor of the temporary could trigger poisoning of the memory so that the next use cause an assertion.<br>
<br>(*) Interprocedural in the general case, here it would not be.<span><font color="#888888"><br><br>-- Matthieu<br> </font></span></div><div><div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
On Thu, Nov 15, 2012 at 5:14 PM, Matt Beaumont-Gay <<a href="mailto:matthewbg@google.com" target="_blank">matthewbg@google.com</a>> wrote:<br>
</div><div><div>> Author: matthewbg<br>
> Date: Thu Nov 15 19:14:52 2012<br>
> New Revision: <a href="tel:168124" value="+49168124" target="_blank">168124</a><br>
><br>
> URL: <a href="http://llvm.org/viewvc/llvm-project?rev=168124&view=rev" target="_blank">http://llvm.org/viewvc/llvm-project?rev=168124&view=rev</a><br>
> Log:<br>
> Fix PR14321, a crash when Clang is built with GCC 4.7 at -O1 or greater.<br>
><br>
> GCC 4.7 reuses stack slots fairly aggressively, which exposes more temporary<br>
> lifetime bugs.<br>
><br>
> No new test, this was caught by the existing CodeGenCXX/mangle-ms-templates.cpp.<br>
><br>
> Modified:<br>
> cfe/trunk/lib/AST/MicrosoftMangle.cpp<br>
><br>
> Modified: cfe/trunk/lib/AST/MicrosoftMangle.cpp<br>
> URL: <a href="http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/AST/MicrosoftMangle.cpp?rev=168124&r1=168123&r2=168124&view=diff" target="_blank">http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/AST/MicrosoftMangle.cpp?rev=168124&r1=168123&r2=168124&view=diff</a><br>
> ==============================================================================<br>
> --- cfe/trunk/lib/AST/MicrosoftMangle.cpp (original)<br>
> +++ cfe/trunk/lib/AST/MicrosoftMangle.cpp Thu Nov 15 19:14:52 2012<br>
> @@ -373,7 +373,7 @@<br>
> dyn_cast<ClassTemplateSpecializationDecl>(ND)) {<br>
> TypeSourceInfo *TSI = Spec->getTypeAsWritten();<br>
> if (TSI) {<br>
> - TemplateSpecializationTypeLoc &TSTL =<br>
> + TemplateSpecializationTypeLoc TSTL =<br>
> cast<TemplateSpecializationTypeLoc>(TSI->getTypeLoc());<br>
> TemplateArgumentListInfo LI(TSTL.getLAngleLoc(), TSTL.getRAngleLoc());<br>
> for (unsigned i = 0, e = TSTL.getNumArgs(); i != e; ++i)<br>
><br>
><br>
> _______________________________________________<br>
> cfe-commits mailing list<br>
> <a href="mailto:cfe-commits@cs.uiuc.edu" target="_blank">cfe-commits@cs.uiuc.edu</a><br>
> <a href="http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits" target="_blank">http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits</a><br>
_______________________________________________<br>
cfe-commits mailing list<br>
<a href="mailto:cfe-commits@cs.uiuc.edu" target="_blank">cfe-commits@cs.uiuc.edu</a><br>
<a href="http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits" target="_blank">http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits</a><br>
</div></div></blockquote></div></div></div><br>
<br>_______________________________________________<br>
cfe-commits mailing list<br>
<a href="mailto:cfe-commits@cs.uiuc.edu" target="_blank">cfe-commits@cs.uiuc.edu</a><br>
<a href="http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits" target="_blank">http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits</a><br>
<br></blockquote></div></div></div><br></div></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div>Alexey Samsonov, MSK</div><br>
</div>