[clang] [clang][ASTImporter] Remove trailing return testing on lambda proto (PR #101031)

Ding Fei via cfe-commits cfe-commits at lists.llvm.org
Tue Jul 30 19:49:07 PDT 2024 

danix800 wrote:

> This commit surfaces another crash on null stmt inside `CXXDeductionGuideDecl`:
> 
> ```c
> namespace foo {
>   template <typename, typename> struct is_same;
>   template <bool, typename _Tp = void> struct enable_if {};
>   template <bool _Cond, typename _Tp = void>
>     using enable_if_t = typename enable_if<_Cond, _Tp>::type;
> 
>   template <typename _Tp, typename _Up>
>     inline constexpr bool is_same_v = is_same<_Tp, _Up>::value;
> 
>   template <typename _Tp, typename Alloc> struct array {};
> 
>   template <typename _Tp, typename... _Up>
>     array(_Tp, _Up...) ->
>     array<enable_if_t<(is_same_v<_Tp, _Up> && ...)>, _Tp>;
> }
> ```
> 
> Will crash when imported:
> 
> ```
>  #0 0x00007f15958323ca llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) /home/danis/Sources/llvm-project/llvm/lib/Support/Unix/Signals.inc:567:11
>  #1 0x00007f159583257b PrintStackTraceSignalHandler(void*) /home/danis/Sources/llvm-project/llvm/lib/Support/Unix/Signals.inc:641:1
>  #2 0x00007f1595830bd6 llvm::sys::RunSignalHandlers() /home/danis/Sources/llvm-project/llvm/lib/Support/Signals.cpp:104:5
>  #3 0x00007f1595832ca5 SignalHandler(int) /home/danis/Sources/llvm-project/llvm/lib/Support/Unix/Signals.inc:412:1
>  #4 0x00007f159525b050 (/lib/x86_64-linux-gnu/libc.so.6+0x3c050)
>  #5 0x00007f159721022c clang::Stmt::getStmtClass() const /home/danis/Sources/llvm-project/clang/include/clang/AST/Stmt.h:1178:44
>  #6 0x00007f1597aab9f1 clang::Stmt::children() /home/danis/Sources/llvm-project/clang/lib/AST/Stmt.cpp:287:3
>  #7 0x00007f159734912a clang::Stmt::children() const /home/danis/Sources/llvm-project/clang/include/clang/AST/Stmt.h:1273:39
>  #8 0x00007f15973f3d61 clang::Stmt::child_begin() const /home/danis/Sources/llvm-project/clang/include/clang/AST/Stmt.h:1279:53
>  #9 0x00007f15973b9746 isAncestorDeclContextOf(clang::DeclContext const*, clang::Stmt const*) /home/danis/Sources/llvm-project/clang/lib/AST/ASTImporter.cpp:3377:47
> #10 0x00007f15973b9c38 (anonymous namespace)::IsTypeDeclaredInsideVisitor::checkTemplateArgument(clang::TemplateArgument const&) /home/danis/Sources/llvm-project/clang/lib/AST/ASTImporter.cpp:3507:7
> #11 0x00007f15973b93fe (anonymous namespace)::IsTypeDeclaredInsideVisitor::VisitTemplateSpecializationType(clang::TemplateSpecializationType const*) /home/danis/Sources/llvm-project/clang/lib/AST/ASTImporter.cpp:3467:11
> #12 0x00007f15973b89b9 clang::TypeVisitor<(anonymous namespace)::IsTypeDeclaredInsideVisitor, std::optional<bool>>::Visit(clang::Type const*) /home/danis/Sources/llvm-project/build/tools/clang/include/clang/AST/TypeNodes.inc:71:1
> #13 0x00007f1597385113 (anonymous namespace)::IsTypeDeclaredInsideVisitor::CheckType(clang::QualType) /home/danis/Sources/llvm-project/clang/lib/AST/ASTImporter.cpp:3426:37
> #14 0x00007f15973b9c0e (anonymous namespace)::IsTypeDeclaredInsideVisitor::checkTemplateArgument(clang::TemplateArgument const&) /home/danis/Sources/llvm-project/clang/lib/AST/ASTImporter.cpp:3505:7
> #15 0x00007f15973b93fe (anonymous namespace)::IsTypeDeclaredInsideVisitor::VisitTemplateSpecializationType(clang::TemplateSpecializationType const*) /home/danis/Sources/llvm-project/clang/lib/AST/ASTImporter.cpp:3467:11
> #16 0x00007f15973b89b9 clang::TypeVisitor<(anonymous namespace)::IsTypeDeclaredInsideVisitor, std::optional<bool>>::Visit(clang::Type const*) /home/danis/Sources/llvm-project/build/tools/clang/include/clang/AST/TypeNodes.inc:71:1
> #17 0x00007f1597385113 (anonymous namespace)::IsTypeDeclaredInsideVisitor::CheckType(clang::QualType) /home/danis/Sources/llvm-project/clang/lib/AST/ASTImporter.cpp:3426:37
> #18 0x00007f1597384f42 clang::ASTNodeImporter::hasReturnTypeDeclaredInside(clang::FunctionDecl*) /home/danis/Sources/llvm-project/clang/lib/AST/ASTImporter.cpp:3556:5
> #19 0x00007f1597385d8e clang::ASTNodeImporter::VisitFunctionDecl(clang::FunctionDecl*) /home/danis/Sources/llvm-project/clang/lib/AST/ASTImporter.cpp:3709:9
> #20 0x00007f1597387fab clang::ASTNodeImporter::VisitCXXDeductionGuideDecl(clang::CXXDeductionGuideDecl*) /home/danis/Sources/llvm-project/clang/lib/AST/ASTImporter.cpp:3962:10
> #21 0x00007f15973e238e clang::declvisitor::Base<std::add_pointer, clang::ASTNodeImporter, llvm::Expected<clang::Decl*>>::Visit(clang::Decl*) /home/danis/Sources/llvm-project/build/tools/clang/include/clang/AST/DeclNodes.inc:437:1
> #22 0x00007f15973ad9ed clang::ASTImporter::ImportImpl(clang::Decl*) /home/danis/Sources/llvm-project/clang/lib/AST/ASTImporter.cpp:8828:19
> #23 0x00007f1597391055 clang::ASTImporter::Import(clang::Decl*) /home/danis/Sources/llvm-project/clang/lib/AST/ASTImporter.cpp:9219:8
> #24 0x00007f15973d30f7 llvm::Error clang::ASTNodeImporter::importInto<clang::FunctionDecl>(clang::FunctionDecl*&, clang::FunctionDecl*) /home/danis/Sources/llvm-project/clang/lib/AST/ASTImporter.cpp:193:11
> #25 0x00007f159739a2c7 clang::ASTNodeImporter::VisitFunctionTemplateDecl(clang::FunctionTemplateDecl*) /home/danis/Sources/llvm-project/clang/lib/AST/ASTImporter.cpp:6502:13
> #26 0x00007f15973e217e clang::declvisitor::Base<std::add_pointer, clang::ASTNodeImporter, llvm::Expected<clang::Decl*>>::Visit(clang::Decl*) /home/danis/Sources/llvm-project/build/tools/clang/include/clang/AST/DeclNodes.inc:245:1
> #27 0x00007f15973ad9ed clang::ASTImporter::ImportImpl(clang::Decl*) /home/danis/Sources/llvm-project/clang/lib/AST/ASTImporter.cpp:8828:19
> #28 0x00007f1597391055 clang::ASTImporter::Import(clang::Decl*) /home/danis/Sources/llvm-project/clang/lib/AST/ASTImporter.cpp:9219:8
> #29 0x00007f15973bc943 std::conditional<std::is_base_of_v<clang::Type, clang::Decl>, llvm::Expected<clang::Decl const*>, llvm::Expected<clang::Decl*>>::type clang::ASTNodeImporter::import<clang::Decl>(clang::Decl*) /home/danis/Sources/llvm-project/clang/lib/AST/ASTImporter.cpp:205:12
> #30 0x00007f159737d384 clang::ASTNodeImporter::ImportDeclContext(clang::DeclContext*, bool) /home/danis/Sources/llvm-project/clang/lib/AST/ASTImporter.cpp:2036:10
> #31 0x00007f159737f831 clang::ASTNodeImporter::VisitNamespaceDecl(clang::NamespaceDecl*) /home/danis/Sources/llvm-project/clang/lib/AST/ASTImporter.cpp:2559:13
> #32 0x00007f15973e2060 clang::declvisitor::Base<std::add_pointer, clang::ASTNodeImporter, llvm::Expected<clang::Decl*>>::Visit(clang::Decl*) /home/danis/Sources/llvm-project/build/tools/clang/include/clang/AST/DeclNodes.inc:143:1
> #33 0x00007f15973ad9ed clang::ASTImporter::ImportImpl(clang::Decl*) /home/danis/Sources/llvm-project/clang/lib/AST/ASTImporter.cpp:8828:19
> #34 0x00007f1597391055 clang::ASTImporter::Import(clang::Decl*) /home/danis/Sources/llvm-project/clang/lib/AST/ASTImporter.cpp:9219:8
> #35 0x000055f6d583892a clang::ast_matchers::ASTImporterTestBase::TU::import(std::shared_ptr<clang::ASTImporterSharedState> const&, clang::ASTUnit*, clang::Decl*) /home/danis/Sources/llvm-project/clang/unittests/AST/ASTImporterFixtures.cpp:83:12
> #36 0x000055f6d58391a8 clang::ast_matchers::ASTImporterTestBase::getImportedDecl(llvm::StringRef, clang::TestLanguage, llvm::StringRef, clang::TestLanguage, llvm::StringRef) /home/danis/Sources/llvm-project/clang/unittests/AST/ASTImporterFixtures.cpp:166:9
> #37 0x000055f6d589cc94 clang::ast_matchers::ASTImporterOptionSpecificTestBase_NoCrashOnCXXDeductionGuideDecl_Test::TestBody() /home/danis/Sources/llvm-project/clang/unittests/AST/ASTImporterTest.cpp:6378:3
> #38 0x00007f1598b80b5b void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /home/danis/Sources/llvm-project/third-party/unittest/googletest/src/gtest.cc:2433:3
> #39 0x00007f1598b696e7 void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /home/danis/Sources/llvm-project/third-party/unittest/googletest/src/gtest.cc:2488:5
> #40 0x00007f1598b52d93 testing::Test::Run() /home/danis/Sources/llvm-project/third-party/unittest/googletest/src/gtest.cc:2515:3
> #41 0x00007f1598b535ea testing::TestInfo::Run() /home/danis/Sources/llvm-project/third-party/unittest/googletest/src/gtest.cc:2687:12
> #42 0x00007f1598b53b4b testing::TestSuite::Run() /home/danis/Sources/llvm-project/third-party/unittest/googletest/src/gtest.cc:2815:44
> #43 0x00007f1598b5c329 testing::internal::UnitTestImpl::RunAllTests() /home/danis/Sources/llvm-project/third-party/unittest/googletest/src/gtest.cc:5337:24
> #44 0x00007f1598b83c5b bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /home/danis/Sources/llvm-project/third-party/unittest/googletest/src/gtest.cc:2433:3
> #45 0x00007f1598b6b6f7 bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /home/danis/Sources/llvm-project/third-party/unittest/googletest/src/gtest.cc:2488:5
> #46 0x00007f1598b5bf0f testing::UnitTest::Run() /home/danis/Sources/llvm-project/third-party/unittest/googletest/src/gtest.cc:4925:10
> #47 0x00007f1599631d61 RUN_ALL_TESTS() /home/danis/Sources/llvm-project/third-party/unittest/googletest/include/gtest/gtest.h:2472:3
> #48 0x00007f1599631ca4 main /home/danis/Sources/llvm-project/third-party/unittest/UnitTestMain/TestMain.cpp:55:3
> #49 0x00007f159524624a __libc_start_call_main ./csu/../sysdeps/nptl/libc_start_call_main.h:74:3
> #50 0x00007f1595246305 call_init ./csu/../csu/libc-start.c:128:20
> #51 0x00007f1595246305 __libc_start_main ./csu/../csu/libc-start.c:347:5
> #52 0x000055f6d57df631 _start (build/tools/clang/unittests/AST/ASTTests+0x471631)
> Segmentation fault
> ```
> 
> Another PR would fix the crash when this one is landed.

This is a false alarm caused by the incorrect fix. The original fix relaxed return type test to
all function protos with trailing return, which brings in `IsTypeDeclaredInsideVisitor` tests
on `CXXDeductonGuideDecl` (also a `FunctionDecl` with trailing return). There might be nullptr
in `Stmt::children()` which causes null deref.

BTW `IsTypeDeclaredInsideVisitor` might be improved to guard against null-deref here:
```c
static bool isAncestorDeclContextOf(const DeclContext *DC, const Stmt *S) {
  SmallVector<const Stmt *> ToProcess;
  ToProcess.push_back(S);
  while (!ToProcess.empty()) {
    const Stmt *CurrentS = ToProcess.pop_back_val();
    ToProcess.append(CurrentS->child_begin(), CurrentS->child_end());
    if (const auto *DeclRef = dyn_cast<DeclRefExpr>(CurrentS))
      if (const Decl *D = DeclRef->getDecl())
        if (isAncestorDeclContextOf(DC, D))
          return true;
  }
  return false;
}
```

Here can `ToProcess.append(CurrentS->child_begin(), CurrentS->child_end());` add any
nullptr into `ToProcess` in this testing context?

https://github.com/llvm/llvm-project/pull/101031

More information about the cfe-commits mailing list