[cfe-commits] PATCH: Fix crash bug due to missing array to pointer decay when rebuilding member expression in templates

Kyle Lippincott spectral at google.com
Mon Jun 21 19:12:29 PDT 2010 

A project we use has lines similar to this:
struct mystruct {
  int member;
};
typedef mystruct sometype_t[1];

Which we then use with:
sometype_t my_instance;
do_stuff_with(my_instance->member_var_);

This works just fine until templates are involved.  The first pass works
fine, but when rebuilding the expression when instantiating the template,
this doesn't perform an array to pointer decay, and this crashes when it
sees an expression that IsArrow but isn't a pointer.  The attached patch
causes this conversion to happen, and provides a test case.

This is my first time in this code, so I'd appreciate someone who knows more
about the memory management to take a look.  I'm also curious if this
shouldn't instead call Sema::LookupMemberExpr (which calls
DefaultFunctionArrayConversion for us, amongst many other things that didn't
seem correct to perform here) or Sema::DefaultFunctionArrayLvalueConversion
(which also didn't seem to apply based on my reading), so getting another
set of eyes on that would be nice too.

Example crash (when run on my test case in the attached patch):
~/clang tools/clang/test/SemaTemplate/array-to-pointer-decay.cpp
0  clang           0x0000000000fb38e0
1  clang           0x0000000000fb42da
2  libpthread.so.0 0x00007f6ad5da3580
3  clang           0x000000000074566d
clang::Sema::BuildMemberReferenceExpr(clang::ASTOwningResult<&(clang::ActionBase::DeleteExpr(void*))>,
clang::QualType, clang::SourceLocation, bool, clang::CXXScopeSpec const&,
clang::NamedDecl*, clang::LookupResult&, clang::TemplateArgumentListInfo
const*, bool) + 125
4  clang           0x00000000007e3a99
5  clang           0x00000000007e5f0a
6  clang           0x00000000007f1062
7  clang           0x00000000007f91bf
8  clang           0x00000000007fa4b8
9  clang           0x00000000007fa751
10 clang           0x00000000007f849f
11 clang           0x00000000008000ea clang::Sema::SubstStmt(clang::Stmt*,
clang::MultiLevelTemplateArgumentList const&) + 58
12 clang           0x0000000000812343
clang::Sema::InstantiateFunctionDefinition(clang::SourceLocation,
clang::FunctionDecl*, bool, bool) + 995
13 clang           0x0000000000811e2e
clang::Sema::PerformPendingImplicitInstantiations(bool) + 590
14 clang           0x000000000068dfca
clang::Sema::ActOnEndOfTranslationUnit() + 42
15 clang           0x0000000000932425
clang::Parser::ParseTopLevelDecl(clang::OpaquePtr<1>&) + 197
16 clang           0x000000000068d043 clang::ParseAST(clang::Preprocessor&,
clang::ASTConsumer*, clang::ASTContext&, bool, bool,
clang::CodeCompleteConsumer*) + 211
17 clang           0x000000000040965d clang::CodeGenAction::ExecuteAction()
+ 45
18 clang           0x0000000000607d1b
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) + 299
19 clang           0x0000000000403129 cc1_main(char const**, char const**,
char const*, void*) + 2201
20 clang           0x00000000004081b5 main + 2773
21 libc.so.6       0x00007f6ad5545b2a __libc_start_main + 218
22 clang           0x000000000040026f
Stack dump:
0. Program arguments: /home/spectral/clang -cc1 -triple
x86_64-unknown-linux-gnu -S -disable-free -disable-llvm-verifier
-main-file-name array-to-pointer-decay.cpp -mrelocation-model static
-mdisable-fp-elim -mconstructor-aliases -munwind-tables -target-cpu x86-64
-resource-dir /home/lib/clang/2.0 -ferror-limit 19 -fmessage-length 141
-fexceptions -fgnu-runtime -fdiagnostics-show-option -fcolor-diagnostics -o
/tmp/cc-MxXfXm.s -x c++
tools/clang/test/SemaTemplate/array-to-pointer-decay.cpp
1. <eof> parser at end of file
2. tools/clang/test/SemaTemplate/array-to-pointer-decay.cpp:8:5:
instantiating function definition 'foo'
clang: error: clang frontend command failed due to signal 11 (use -v to see
invocation)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20100621/bf185d3a/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: array-to-pointer-decay.patch
Type: application/octet-stream
Size: 1541 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20100621/bf185d3a/attachment.obj>

More information about the cfe-commits mailing list