[clang] [Clang][Frontend] Fix a crash when -Wdocumentation is used (PR #68525)

Byoungchan Lee via cfe-commits cfe-commits at lists.llvm.org
Thu Oct 12 10:01:51 PDT 2023 

bc-lee wrote:

Since **I'm not an expert in clang AST**, it is hard to reduce the failing cases. According to my analysis, this crash only happens when the multiple files are involved, so code reduction tools like creduce doesn't helpful a lot.
 Instead, I'm providing an explanation of the crash with screenshots in my local environment.

In my local environment, I was building Apple's LLVM with [dac71d2e8c4cdc9e0a1254dbf3716252c302d6a5](https://github.com/apple/llvm-project/tree/dac71d2e8c4cdc9e0a1254dbf3716252c302d6a5) commit.
A single line containing `#include "clang/AST/ASTContext.h"` and `-Wdocumentation` flag is enough to reproduce the crash.

(Note that I'm not making changes against Apple's LLVM. I'm just building Apple's LLVM(and Swift compiler) using the original LLVM ToT commit.)

To explain the crash, I've made modifications to `clang/lib/AST/ASTContext.cpp`, as shown in the screenshot.

![screenshot 2023-10-13 01-56-32](https://github.com/llvm/llvm-project/assets/7533290/cb9d6dbc-8601-4bb8-b648-cd0cdd583ca6)

It seems that `ASTContext::getRawCommentForDeclNoCacheImpl`, `OffsetCommentBehindDecl`, which is from  `CommentsInTheFile` is directing `clang/include/clang/AST/ASTContext.h` file. More precisely, `CommentBeforeDeclRawText` is `/// The type for the C sigjmp_buf type.` and
 `OffsetCommentBehindDeclRawText` is  `/// The type for the C ucontext_t type.` and in this case. The offset of each element are `14832` and `14913`, respectively.

However, `Buffer` which is given by `DeclLocDecomp.first` directs the another source code, `clang/include/clang/AST/ExternalASTSource.h`.
Since `CommentEndOffset` is based on `CommentBeforeDecl`, it doesn't make sense to compare `DeclLocDecomp.second` and `CommentEndOffset`, as they are not from the same source code.

So the crash is happened because the result of `DeclLocDecomp.second - CommentEndOffset` is overflowed, so operations over `StringRef Text` is making the crash.


**The best way to fix this issue** is to find out why they are not from the same source code and fix it. However, I'm not sure how to fix it, so I've made a patch to avoid the crash.

This logic is behind by `CommentBeforeDecl->isDocumentation()`, and the crash occurs only when the `-Wdocumentation` flag is enabled. I believe that this logic is intended for aggregating comments to explain the reason for the `-Wdocumentation` warning. In other words, clang crashes when it attempts to provide an explanation for the warning. Therefore, **it might be acceptable to bypass this logic instead of crashing.**

https://github.com/llvm/llvm-project/pull/68525

More information about the cfe-commits mailing list