<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;
        mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:#0563C1;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri",sans-serif;
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;
        mso-fareast-language:EN-US;}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
        {page:WordSection1;}
--></style>
</head>
<body lang="en-DE" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US">Dear Clang community,<br>
<br>
I think I stumbled across a front-end bug in clang’s C++ coroutine implementation.<br>
<br>
Having an awaitable with<br>
<br>
```<br>
</span>template<typename PROMISE> std::experimental::coroutine_handle<> await_suspend(std::experimental::coroutine_handle<PROMISE> coro) noexcept {<span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal">      coro.destroy();<o:p></o:p></p>
<p class="MsoNormal">     return std::experimental::noop_coroutine();<o:p></o:p></p>
<p class="MsoNormal">}<br>
<span lang="EN-US">```<br>
<br>
destroys the functions own coroutine frame. This is valid, as long as no-one afterwards resumes the coroutine anymore. However, address-sanitizer still reports a “heap-use-after-free” error.<br>
<br>
>From my understanding so far, this is because the clang-frontend stores the return value of `await_suspend` in the coroutine frame. Instead, the clang-frontend should probably store this return value on the stack. Afaik, storing on the stack should be valid,
 as it is guaranteed that this return value will never live across a suspension point.<br>
<br>
You can find a minimal repro in <a href="https://godbolt.org/z/eq6eoc">https://godbolt.org/z/eq6eoc</a> and a more complex end-to-end version in
<a href="https://godbolt.org/z/8Yadv1">https://godbolt.org/z/8Yadv1</a> . See </span>
<a href="https://stackoverflow.com/questions/65991264/c-coroutines-is-it-valid-to-call-handle-destroy-from-the-final-suspend-poin">https://stackoverflow.com/questions/65991264/c-coroutines-is-it-valid-to-call-handle-destroy-from-the-final-suspend-poin</a><span lang="EN-US">
 (in particular the comments to David Haim’s reply) for more context.<br>
<br>
Cheers,<br>
Adrian<o:p></o:p></span></p>
</div>
</body>
</html>