[clang] Extend life of variables in `DiagComparison` in `ExprConstant` (PR #79522)
via cfe-commits
cfe-commits at lists.llvm.org
Fri Jan 26 05:05:16 PST 2024
AdvenamTacet wrote:
@cor3ntin Thx for your comment! I looked at ternary operator at the very beginning, but discarded this direction as I was unable to create a small example reproducing the error. After your comment I started looking at it again.
Your temporary fix also resolves the problem on buildbots, which may mean that my assumption of the origin of the error is wrong.
We really should understand what is happening here.
Assuming that there is no use after end of life, by looking at shadow memory:
```
0x7fc0a5b28e80: f2 f2 f8 f8 f8 f8 f8 f8 f8 f8 f8 f2 f2 f2 f2 f2
=>0x7fc0a5b28f00: 00 00 00 f2 f2 f2 f2 f2 04 fc[fc]f3 f3 f3 f3 f3
0x7fc0a5b28f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
```
and backtrace:
```
#0 0x5625049af24b in __get_long_pointer /b/sanitizer-x86_64-linux-fast/build/libcxx_build_asan_ubsan/include/c++/v1/string:1870:29
#1 0x5625049af24b in __get_pointer /b/sanitizer-x86_64-linux-fast/build/libcxx_build_asan_ubsan/include/c++/v1/string:1882:26
#2 0x5625049af24b in data /b/sanitizer-x86_64-linux-fast/build/libcxx_build_asan_ubsan/include/c++/v1/string:1596:30
#3 0x5625049af24b in StringRef /b/sanitizer-x86_64-linux-fast/build/llvm-project/llvm/include/llvm/ADT/StringRef.h:101:18
#4 0x5625049af24b in operator<<<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > /b/sanitizer-x86_64-linux-fast/build/llvm-project/clang/include/clang/Basic/PartialDiagnostic.h:60:11
#5 0x5625049af24b in operator<<<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > /b/sanitizer-x86_64-linux-fast/build/llvm-project/clang/include/clang/AST/OptionalDiagnostic.h:36:13
#6 0x5625049af24b in bool EvaluateComparisonBinaryOperator<(anonymous namespace)::IntExprEvaluator::VisitBinaryOperator(clang::BinaryOperator const*)::$_0&, (anonymous namespace)::IntExprEvaluator::VisitBinaryOperator(clang::BinaryOperator const*)::$_1>((anonymous namespace)::EvalInfo&, clang::BinaryOperator const*, (anonymous namespace)::IntExprEvaluator::VisitBinaryOperator(clang::BinaryOperator const*)::$_0&, (anonymous namespace)::IntExprEvaluator::VisitBinaryOperator(clang::BinaryOperator const*)::$_1&&)::'lambda'(unsigned int, bool)::operator()(unsigned int, bool) const /b/sanitizer-x86_64-linux-fast/build/llvm-project/clang/lib/AST/ExprConstant.cpp:13295:13
#7 0x5625049aaabd in bool EvaluateComparisonBinaryOperator<(anonymous namespace)::IntExprEvaluator::VisitBinaryOperator(clang::BinaryOperator const*)::$_0&, (anonymous namespace)::IntExprEvaluator::VisitBinaryOperator(clang::BinaryOperator const*)::$_1>((anonymous namespace)::EvalInfo&, clang::BinaryOperator const*, (anonymous namespace)::IntExprEvaluator::VisitBinaryOperator(clang::BinaryOperator const*)::$_0&, (anonymous namespace)::IntExprEvaluator::VisitBinaryOperator(clang::BinaryOperator const*)::$_1&&) /b/sanitizer-x86_64-linux-fast/build/llvm-project/clang/lib/AST/ExprConstant.cpp
#8 0x5625049878b1 in (anonymous namespace)::IntExprEvaluator::VisitBinaryOperator(clang::BinaryOperator const*) /b/sanitizer-x86_64-linux-fast/build/llvm-project/clang/lib/AST/ExprConstant.cpp:13584:12
```
One potential option I see are incorrect annotations.
It's possible that a function marked `_LIBCPP_STRING_INTERNAL_MEMORY_ACCESS` in `libcxx/include/string` writes over poisoned memory and never updates annotations. There are five functions like that, which write to memory, and I cannot see a single issue with them.
For testing, I will write code not using `_LIBCPP_STRING_INTERNAL_MEMORY_ACCESS` at all and check if ASan error is raised earlier.
https://github.com/llvm/llvm-project/pull/79522
More information about the cfe-commits
mailing list