[cfe-commits] PATCH: Fix crash bug due to missing array to pointer decay when rebuilding member expression in templates

Douglas Gregor dgregor at apple.com
Mon Jun 21 19:41:32 PDT 2010 

Looks perfect, thanks! Committed as r106523.

On Jun 21, 2010, at 7:12 PM, Kyle Lippincott wrote:

> A project we use has lines similar to this:
> struct mystruct {
>   int member;
> };
> typedef mystruct sometype_t[1];
> 
> Which we then use with:
> sometype_t my_instance;
> do_stuff_with(my_instance->member_var_);
> 
> This works just fine until templates are involved.  The first pass works fine, but when rebuilding the expression when instantiating the template, this doesn't perform an array to pointer decay, and this crashes when it sees an expression that IsArrow but isn't a pointer.  The attached patch causes this conversion to happen, and provides a test case.
> 
> This is my first time in this code, so I'd appreciate someone who knows more about the memory management to take a look.  I'm also curious if this shouldn't instead call Sema::LookupMemberExpr (which calls DefaultFunctionArrayConversion for us, amongst many other things that didn't seem correct to perform here) or Sema::DefaultFunctionArrayLvalueConversion (which also didn't seem to apply based on my reading), so getting another set of eyes on that would be nice too.
> 
> Example crash (when run on my test case in the attached patch):
> ~/clang tools/clang/test/SemaTemplate/array-to-pointer-decay.cpp 
> 0  clang           0x0000000000fb38e0
> 1  clang           0x0000000000fb42da
> 2  libpthread.so.0 0x00007f6ad5da3580
> 3  clang           0x000000000074566d clang::Sema::BuildMemberReferenceExpr(clang::ASTOwningResult<&(clang::ActionBase::DeleteExpr(void*))>, clang::QualType, clang::SourceLocation, bool, clang::CXXScopeSpec const&, clang::NamedDecl*, clang::LookupResult&, clang::TemplateArgumentListInfo const*, bool) + 125
> 4  clang           0x00000000007e3a99
> 5  clang           0x00000000007e5f0a
> 6  clang           0x00000000007f1062
> 7  clang           0x00000000007f91bf
> 8  clang           0x00000000007fa4b8
> 9  clang           0x00000000007fa751
> 10 clang           0x00000000007f849f
> 11 clang           0x00000000008000ea clang::Sema::SubstStmt(clang::Stmt*, clang::MultiLevelTemplateArgumentList const&) + 58
> 12 clang           0x0000000000812343 clang::Sema::InstantiateFunctionDefinition(clang::SourceLocation, clang::FunctionDecl*, bool, bool) + 995
> 13 clang           0x0000000000811e2e clang::Sema::PerformPendingImplicitInstantiations(bool) + 590
> 14 clang           0x000000000068dfca clang::Sema::ActOnEndOfTranslationUnit() + 42
> 15 clang           0x0000000000932425 clang::Parser::ParseTopLevelDecl(clang::OpaquePtr<1>&) + 197
> 16 clang           0x000000000068d043 clang::ParseAST(clang::Preprocessor&, clang::ASTConsumer*, clang::ASTContext&, bool, bool, clang::CodeCompleteConsumer*) + 211
> 17 clang           0x000000000040965d clang::CodeGenAction::ExecuteAction() + 45
> 18 clang           0x0000000000607d1b clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) + 299
> 19 clang           0x0000000000403129 cc1_main(char const**, char const**, char const*, void*) + 2201
> 20 clang           0x00000000004081b5 main + 2773
> 21 libc.so.6       0x00007f6ad5545b2a __libc_start_main + 218
> 22 clang           0x000000000040026f
> Stack dump:
> 0.	Program arguments: /home/spectral/clang -cc1 -triple x86_64-unknown-linux-gnu -S -disable-free -disable-llvm-verifier -main-file-name array-to-pointer-decay.cpp -mrelocation-model static -mdisable-fp-elim -mconstructor-aliases -munwind-tables -target-cpu x86-64 -resource-dir /home/lib/clang/2.0 -ferror-limit 19 -fmessage-length 141 -fexceptions -fgnu-runtime -fdiagnostics-show-option -fcolor-diagnostics -o /tmp/cc-MxXfXm.s -x c++ tools/clang/test/SemaTemplate/array-to-pointer-decay.cpp 
> 1.	<eof> parser at end of file
> 2.	tools/clang/test/SemaTemplate/array-to-pointer-decay.cpp:8:5: instantiating function definition 'foo'
> clang: error: clang frontend command failed due to signal 11 (use -v to see invocation)
> 
> 
> 
> <array-to-pointer-decay.patch>_______________________________________________
> cfe-commits mailing list
> cfe-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits

More information about the cfe-commits mailing list