[all-commits] [llvm/llvm-project] 6c2caa: [Serialization] Fix crash while lazy-loading templ...

Michael Jabbour via All-commits all-commits at lists.llvm.org
Mon Jul 28 02:42:52 PDT 2025 

  Branch: refs/heads/main
  Home:   https://github.com/llvm/llvm-project
  Commit: 6c2caa63d7d2929765199a66a61660f5372f01c7
      https://github.com/llvm/llvm-project/commit/6c2caa63d7d2929765199a66a61660f5372f01c7
  Author: Michael Jabbour <michael.jabbour at sonarsource.com>
  Date:   2025-07-28 (Mon, 28 Jul 2025)

  Changed paths:
    M clang/lib/Serialization/ASTReader.cpp
    A clang/test/Modules/specializations-lazy-load-parentmap-crash.cpp

  Log Message:
  -----------
  [Serialization] Fix crash while lazy-loading template specializations (#150430)

## Problem

This is a regression that was observed in Clang 20 on modules code that
uses import std.

The lazy-loading mechanism for template specializations introduced in
#119333 can currently load additional nodes when called multiple times,
which breaks assumptions made by code that iterates over
specializations. This leads to iterator invalidation crashes in some
scenarios.

The core issue occurs when:
1. Code calls `spec_begin()` to get an iterator over template
specializations. This invokes `LoadLazySpecializations()`.
2. Code then calls `spec_end()` to get the end iterator.
3. During the `spec_end()` call, `LoadExternalSpecializations()` is
invoked again.
4. This can load additional specializations for certain cases,
invalidating the begin iterator returned in 1.

I was able to trigger the problem when constructing a ParentMapContext.
The regression test demonstrates two ways to trigger the construction of
the ParentMapContext on problematic code:
- The ArrayBoundV2 checker
- Unsigned overflow detection in sanitized builds

Unfortunately, simply dumping the ast (e.g. using `-ast-dump-all`)
doesn't trigger the crash because dumping requires completing the redecl
chain before iterating over the specializations.

## Solution

The fix ensures that the redeclaration chain is always completed
**before** loading external specializations by calling
`CompleteRedeclChain(D)` at the start of
`LoadExternalSpecializations()`. The idea is to ensure that all
`SpecLookups` are fully known and loaded before the call to
`LoadExternalSpecializationsImpl()`.



To unsubscribe from these emails, change your notification settings at https://github.com/llvm/llvm-project/settings/notifications

More information about the All-commits mailing list