[all-commits] [llvm/llvm-project] 7abbd6: [libc++] Fix proxy iterator issues that trigger an...
Hui via All-commits
all-commits at lists.llvm.org
Wed Jul 20 18:16:07 PDT 2022
Branch: refs/heads/main
Home: https://github.com/llvm/llvm-project
Commit: 7abbd6224b0b6089e4483a9c939be5d9a16b682b
https://github.com/llvm/llvm-project/commit/7abbd6224b0b6089e4483a9c939be5d9a16b682b
Author: Hui Xie <hui.xie1990 at gmail.com>
Date: 2022-07-20 (Wed, 20 Jul 2022)
Changed paths:
M libcxx/include/__algorithm/iterator_operations.h
M libcxx/test/std/algorithms/alg.sorting/alg.sort/sort/sort_proxy.pass.cpp
Log Message:
-----------
[libc++] Fix proxy iterator issues that trigger an assertion in Chromium.
Crash report:
https://bugs.chromium.org/p/chromium/issues/detail?id=1346012
The triggered assertion is related sorting with `v8::internal::AtomicSlot`.
`AtomicSlot` is a proxy iterator with a proxy type `AtomicSlot::Reference`
(see https://chromium.googlesource.com/v8/v8/+/9bcb5eb590643db0c1f688fea316c7f1f4786a3c/src/objects/slots-atomic-inl.h).
https://reviews.llvm.org/D130197 correctly spotted the issue in
`__iter_move` but doesn't actually fix the issue. The reason is that
`AtomicSlot::operator*` returns a prvalue `Reference`. After the fix in
D130197, the return type of `__iter_move` is `Reference&&`. But the
rvalue reference is bound to the temporary value returned by
`operator*`, which will be dangling after `__iter_move` returns.
The idea of the fix in this change is borrowed from C++17's move_iterator
https://timsong-cpp.github.io/cppwp/n4659/move.iterators#move.iterator-1
When the underlying reference is a prvalue, we just return it by value.
Differential Revision: https://reviews.llvm.org/D130212
More information about the All-commits
mailing list