[cfe-dev] Use-after-free/-poison bug in AST building

Kim Gräsman via cfe-dev cfe-dev at lists.llvm.org
Thu Jan 6 08:37:25 PST 2022 

For what it's worth, I never managed to isolate a root cause, but I opened
a new issue with a smaller repro than IWYU:
https://github.com/llvm/llvm-project/issues/53044.

Thanks,
- Kim

On Sun, Oct 17, 2021 at 6:56 PM Kim Gräsman <kim.grasman at gmail.com> wrote:

> Hi Volodymyr,
>
> Thanks, all good suggestions!
>
> I'll try these suggestions out when I get a chance.
>
> Cheers,
> Kim
>
> On Thu, Oct 7, 2021, 04:52 Volodymyr Sapsai <vsapsai at apple.com> wrote:
>
>> Personally I don’t have any advice on how to deal with ASAN errors. From
>> experience it helps to work with clang and clang libraries built with
>> assertions enabled, it helps to encounter inconsistencies like
>> FunctionDecl/AccessSpecDecl pretty early. What else can be helpful is to
>> have pure clang failing and to remove IWYU itself from the list of suspects.
>>
>> You can try to minimize the repro manually or with creduce-clang-crash.py
>> <https://github.com/llvm/llvm-project/blob/main/clang/utils/creduce-clang-crash.py> or
>> with C-Reduce itself <http://embed.cs.utah.edu/creduce/>.
>>
>> Hope this helps,
>> Volodymyr
>>
>> On Sep 23, 2021, at 12:00, Kim Gräsman via cfe-dev <
>> cfe-dev at lists.llvm.org> wrote:
>>
>> We've had a curious bug reported on IWYU, where
>> CastExpr::getConversionFunction does not return a FunctionDecl.
>>
>> After some research, it turns out we get an AccessSpecDecl instead, which
>> seems like a strange conversion function.
>>
>> I tried running with ASAN enabled for only IWYU, but didn't get any
>> useful results, but eventually I managed to repro a non-IWYU contained
>> example. That in turn led me to:
>> https://bugs.llvm.org/show_bug.cgi?id=44972
>>
>> I'm not sure where to go from there, though... It seems the parser
>> somehow triggers a use-after-free in BumpPtrAllocator. Can I narrow it down
>> somehow? I have an 800K preprocessed repro, but from cursory experiments
>> ASAN triggers use-after-poison there on basically anything.
>>
>> Thanks for any ideas for narrowing down the issue,
>> - Kim
>> _______________________________________________
>> cfe-dev mailing list
>> cfe-dev at lists.llvm.org
>> https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20220106/08660838/attachment.html>

More information about the cfe-dev mailing list