[cfe-dev] Use-after-free/-poison bug in AST building

[Volodymyr Sapsai via cfe-dev]

Personally I don’t have any advice on how to deal with ASAN errors. From experience it helps to work with clang and clang libraries built with assertions enabled, it helps to encounter inconsistencies like FunctionDecl/AccessSpecDecl pretty early. What else can be helpful is to have pure clang failing and to remove IWYU itself from the list of suspects.

You can try to minimize the repro manually or with creduce-clang-crash.py <https://github.com/llvm/llvm-project/blob/main/clang/utils/creduce-clang-crash.py> or with C-Reduce itself <http://embed.cs.utah.edu/creduce/>.

Hope this helps,
Volodymyr

> On Sep 23, 2021, at 12:00, Kim Gräsman via cfe-dev <cfe-dev at lists.llvm.org> wrote:
> 
> We've had a curious bug reported on IWYU, where CastExpr::getConversionFunction does not return a FunctionDecl.
> 
> After some research, it turns out we get an AccessSpecDecl instead, which seems like a strange conversion function.
> 
> I tried running with ASAN enabled for only IWYU, but didn't get any useful results, but eventually I managed to repro a non-IWYU contained example. That in turn led me to:
> https://bugs.llvm.org/show_bug.cgi?id=44972 <https://bugs.llvm.org/show_bug.cgi?id=44972>
> 
> I'm not sure where to go from there, though... It seems the parser somehow triggers a use-after-free in BumpPtrAllocator. Can I narrow it down somehow? I have an 800K preprocessed repro, but from cursory experiments ASAN triggers use-after-poison there on basically anything.
> 
> Thanks for any ideas for narrowing down the issue,
> - Kim
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at lists.llvm.org
> https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20211006/0c95b6a1/attachment.html>