<div dir="ltr">looks like MSVC's implementation writes a 0 into the first character on destruction.<div><br></div><div>basic_string::~basic_string() calls a function named _Tidy_deallocate(), which looks like this:</div><div><br></div><div><div><span class="Apple-tab-span" style="white-space:pre"> </span>void _Tidy_deallocate()</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>{<span class="Apple-tab-span" style="white-space:pre"> </span></div><div> // bunch of extra stuff snipped out</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>_Traits::assign(_My_data._Bx._Buf[0], _Elem());</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>}</div></div><div><br></div><div>I'd be curious whether ASAN catches this on a non-MSVC implementation, if not it seems like a bug they would probably want to fix</div><br><div class="gmail_quote"><div dir="ltr">On Sun, May 28, 2017 at 7:45 PM Craig Topper <<a href="mailto:craig.topper@gmail.com">craig.topper@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hmm the one I fixed earlier was a similar getValueAsString being captured in to a StringRef. I unable to reproduce it with debug symbols enabled, but valgrind was able to flag it as an invalid access. But valgrind wasn't flagging the one you fixed. Does MSVC's implementation of std::string null terminates the array before destructing?</div><div class="gmail_extra"></div><div class="gmail_extra"><br clear="all"><div><div class="m_1911535954135546880gmail_signature" data-smartmail="gmail_signature">~Craig</div></div></div><div class="gmail_extra">
<br><div class="gmail_quote">On Sun, May 28, 2017 at 7:38 PM, Zachary Turner <span dir="ltr"><<a href="mailto:zturner@google.com" target="_blank">zturner@google.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Also it wasn't actually "crashing", it was hitting the llvm_unreachable at the bottom of this function.</div><div class="m_1911535954135546880HOEnZb"><div class="m_1911535954135546880h5"><br><div class="gmail_quote"><div dir="ltr">On Sun, May 28, 2017 at 7:38 PM Zachary Turner <<a href="mailto:zturner@google.com" target="_blank">zturner@google.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Just let it crash under the debugger, and when I looked at Name it was "\0em16". But when I stepped into getValueAsString it looked like it was indeed returning "Mem16", which should have been correct. So there was obviously some memory corruption, but since it happened in such a narrow time frame (between the return statement and assigning the value to the StringRef, there weren't really a lot of possibilities. So when I checked the function signature, sure enough it was returning a std::string.</div><br><div class="gmail_quote"><div dir="ltr">On Sun, May 28, 2017 at 7:33 PM Craig Topper <<a href="mailto:craig.topper@gmail.com" target="_blank">craig.topper@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">How did you narrow it down to that?</div><div class="gmail_extra"></div><div class="gmail_extra"><br clear="all"><div><div class="m_1911535954135546880m_-8786685159263920469m_6426379717771413703m_598965881520387854gmail_signature" data-smartmail="gmail_signature">~Craig</div></div></div><div class="gmail_extra">
<br><div class="gmail_quote">On Sun, May 28, 2017 at 7:20 PM, Zachary Turner via llvm-commits <span dir="ltr"><<a href="mailto:llvm-commits@lists.llvm.org" target="_blank">llvm-commits@lists.llvm.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Author: zturner<br>
Date: Sun May 28 21:20:12 2017<br>
New Revision: 304123<br>
<br>
URL: <a href="http://llvm.org/viewvc/llvm-project?rev=304123&view=rev" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project?rev=304123&view=rev</a><br>
Log:<br>
Don't capture a temporary std::string in a StringRef.<br>
<br>
This fixes the breakages in llvm-tblgen.<br>
<br>
Modified:<br>
llvm/trunk/utils/TableGen/X86FoldTablesEmitter.cpp<br>
<br>
Modified: llvm/trunk/utils/TableGen/X86FoldTablesEmitter.cpp<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/llvm/trunk/utils/TableGen/X86FoldTablesEmitter.cpp?rev=304123&r1=304122&r2=304123&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project/llvm/trunk/utils/TableGen/X86FoldTablesEmitter.cpp?rev=304123&r1=304122&r2=304123&view=diff</a><br>
==============================================================================<br>
--- llvm/trunk/utils/TableGen/X86FoldTablesEmitter.cpp (original)<br>
+++ llvm/trunk/utils/TableGen/X86FoldTablesEmitter.cpp Sun May 28 21:20:12 2017<br>
@@ -285,7 +285,7 @@ getMemOperandSize(const Record *MemRec,<br>
(MemRec->getName() == "sdmem" || MemRec->getName() == "ssmem"))<br>
return 128;<br>
<br>
- StringRef Name =<br>
+ std::string Name =<br>
MemRec->getValueAsDef("ParserMatchClass")->getValueAsString("Name");<br>
if (Name == "Mem8")<br>
return 8;<br>
<br>
<br>
_______________________________________________<br>
llvm-commits mailing list<br>
<a href="mailto:llvm-commits@lists.llvm.org" target="_blank">llvm-commits@lists.llvm.org</a><br>
<a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits" rel="noreferrer" target="_blank">http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits</a><br>
</blockquote></div><br></div></blockquote></div></blockquote></div>
</div></div></blockquote></div><br></div></blockquote></div></div>