On Sat, Nov 17, 2012 at 12:42 AM, Kostya Serebryany <[email protected]> wrote:
> +samsonov > > Alexey, will we catch this with asan use-after-scope? > Looks like we will. Can't tell for sure yet =/ > > On Fri, Nov 16, 2012 at 10:45 AM, Matthieu Monrocq < > [email protected]> wrote: > >> >> >> On Fri, Nov 16, 2012 at 2:58 AM, David Blaikie <[email protected]>wrote: >> >>> Can we warn about this? >>> >>> >> Unfortunately no. I don't think so. It would require inspecting the body >> of `cast`... >> >> Argyrios implemented a whole class of warnings around this theme a while >> ago now, and as we drilled into it (and I believe you helped) we just >> decided that looking through functions was too difficult. As such: `T >> const& foo(T const& t) { return t; }` completely dulls out binding to >> temporary warnings => the function itself is correct, but its use may not. >> >> >> However it seems to be that the problem is caused by the implementation >> of `cast` is wrong. >> >> template <class X, class Y> >> inline typename cast_retty<X, Y>::ret_type cast(const Y &Val) { >> assert(isa<X>(Val) && "cast<Ty>() argument of incompatible type!"); >> return cast_convert_val<X, Y, >> typename >> simplify_type<Y>::SimpleType>::doit(Val); >> } >> >> We accept a `const&`, allowing bind to temporary, but then the return >> type can be bound to X& which means the `const` qualifier was dropped on >> the floor. This is pretty nasty. >> >> The culprit is actually just above: >> >> template<class To, class FromTy> struct >> cast_convert_val<To,FromTy,FromTy> { >> // This _is_ a simple type, just cast it. >> static typename cast_retty<To, FromTy>::ret_type doit(const FromTy >> &Val) { >> typename cast_retty<To, FromTy>::ret_type Res2 >> = (typename cast_retty<To, FromTy>::ret_type)*const_cast* >> <FromTy&>(Val); >> return Res2; >> } >> }; >> >> >> However, even overloading on const-ness would not make bind-to-const >> issues disappear. The only thing I can thing of is: >> => allow `cast` (and al) only on non-const reference >> => allow on non-const and const pointers >> >> which is the only way to circumvent bind-to-temporary situations I know >> of. >> >> I am not sure it's worth it. >> >> >> For detection I see only two possibilities: >> => Interprocedural (*) static analysis: when analyzing the function, note >> that its return may be an alias of the parameter; when analyzing the use, >> note that the statement is only valid if the return is not an alias of the >> temporary; cross-reference the two and warn about the incompatibility >> => Dynamic instrumentation: I wonder if *Asan* could catch this (maybe >> it does already). With the proper instrumentation the destructor of the >> temporary could trigger poisoning of the memory so that the next use cause >> an assertion. >> >> (*) Interprocedural in the general case, here it would not be. >> >> -- Matthieu >> >> >>> On Thu, Nov 15, 2012 at 5:14 PM, Matt Beaumont-Gay < >>> [email protected]> wrote: >>> > Author: matthewbg >>> > Date: Thu Nov 15 19:14:52 2012 >>> > New Revision: 168124 >>> > >>> > URL: http://llvm.org/viewvc/llvm-project?rev=168124&view=rev >>> > Log: >>> > Fix PR14321, a crash when Clang is built with GCC 4.7 at -O1 or >>> greater. >>> > >>> > GCC 4.7 reuses stack slots fairly aggressively, which exposes more >>> temporary >>> > lifetime bugs. >>> > >>> > No new test, this was caught by the existing >>> CodeGenCXX/mangle-ms-templates.cpp. >>> > >>> > Modified: >>> > cfe/trunk/lib/AST/MicrosoftMangle.cpp >>> > >>> > Modified: cfe/trunk/lib/AST/MicrosoftMangle.cpp >>> > URL: >>> http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/AST/MicrosoftMangle.cpp?rev=168124&r1=168123&r2=168124&view=diff >>> > >>> ============================================================================== >>> > --- cfe/trunk/lib/AST/MicrosoftMangle.cpp (original) >>> > +++ cfe/trunk/lib/AST/MicrosoftMangle.cpp Thu Nov 15 19:14:52 2012 >>> > @@ -373,7 +373,7 @@ >>> > dyn_cast<ClassTemplateSpecializationDecl>(ND)) { >>> > TypeSourceInfo *TSI = Spec->getTypeAsWritten(); >>> > if (TSI) { >>> > - TemplateSpecializationTypeLoc &TSTL = >>> > + TemplateSpecializationTypeLoc TSTL = >>> > cast<TemplateSpecializationTypeLoc>(TSI->getTypeLoc()); >>> > TemplateArgumentListInfo LI(TSTL.getLAngleLoc(), >>> TSTL.getRAngleLoc()); >>> > for (unsigned i = 0, e = TSTL.getNumArgs(); i != e; ++i) >>> > >>> > >>> > _______________________________________________ >>> > cfe-commits mailing list >>> > [email protected] >>> > http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits >>> _______________________________________________ >>> cfe-commits mailing list >>> [email protected] >>> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits >>> >> >> >> _______________________________________________ >> cfe-commits mailing list >> [email protected] >> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits >> >> > -- Alexey Samsonov, MSK
_______________________________________________ cfe-commits mailing list [email protected] http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
