[LLVMdev] Addressing const reference in ArrayRef

Justin Bogner mail at justinbogner.com
Thu Aug 21 00:38:36 PDT 2014


David Blaikie <dblaikie at gmail.com> writes:
> I seem to recall discussing this before - is there an existing llvm
> bug filed, another email thread or something (or perhaps it was just
> an IRC conversation)? It would be good to keep all the discussion
> together or at least reference the prior (llvm community) discussion.

I'm not sure if it's been discussed before, but it's led to issues as
recently as a couple of weeks ago:

    http://lists.cs.uiuc.edu/pipermail/llvm-commits/Week-of-Mon-20140804/229557.html

I certainly think it's worthwhile to make this API safer, or at least to
document the caveats in how it can safely be used.

> Have you tried applying your suggested patch? I assume you meant to suggest
> replacing/modifying the existing ctor (to take non-const ref) rather than
> adding another?
>
> I'd assume that causes a lot of build failures as we probably rely on binding
> temporaries to ArrayRef's in many places correctly (most ArrayRef's are
> temporaries, not local variables).
>
> I think in the previous discussion I suggested we might just want to make a
> practice of treating named/local (not parameter) ArrayRef's with greater
> suspicion, the same way we do for twine, but I'm not sure.
>
> We could move this ctor into a factory function (and/or just make the CTor
> private and friend the makeArrayRef helper for this case) to make it more
> obvious/easier to find bad call sites. But it would be helpful to have the
> context of the prior discussion to continue from there.
>
> On Aug 19, 2014 11:18 PM, "Joey Ye" <joey.ye.cc at gmail.com> wrote:
>
>     Analyzing why GCC failed to build LLVM recently, one root cause lies
>     in definition of ArrayRef:
>     // ArrayRef.h:
>     ArrayRef(const T &OneElt) : Data(&OneElt), Length(1) {}
>    
>     Here address of const reference is taken and stored to an object. It
>     is believed that live range of const reference is only at the function
>     call site, escaping of its address to an object with a longer live
>     range is invalid. Referring to the case and discussion here:
>     https://gcc.gnu.org/ml/gcc/2014-08/msg00173.html
>    
>     So I would suggest to fix ArrayRef. Adding a non-const version of
>     constructor should work, but it still leaves the vulnerability in
>     const version, which I'd expect on people in the community to work out
>     a solution.
>     ArrayRef(T &OneElt) : Data(&OneElt), Length(1) {}
>
>     Thanks,
>     Joey
>     _______________________________________________
>     LLVM Developers mailing list
>     LLVMdev at cs.uiuc.edu         http://llvm.cs.uiuc.edu
>     http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev
>
> _______________________________________________
> LLVM Developers mailing list
> LLVMdev at cs.uiuc.edu         http://llvm.cs.uiuc.eduhttp://lists.cs.uiuc.edu/mailman/listinfo/llvmdev




More information about the llvm-dev mailing list