Skip to content

[LLDB][NativePDB] Check function type before casting #166090

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[LLDB][NativePDB] Check function type before casting #166090

wants to merge 1 commit into from

Conversation

@Nerixyz
Copy link
Contributor

@Nerixyz Nerixyz commented Nov 2, 2025

When I ran the shell tests on Windows locally, LLDB crashed on TestIRMemoryMapWindows.test. It crashed, because it tried to create a function type for a type index that wasn't a function type. CreateFunctionDeclFromId (the function changed in this PR) creates a function decl for LF_FUNC_ID and LF_MFUNC_ID records. These records are in the IPI stream, which only contains IDs and references to the main type stream, TPI. Specifically, it crashed when handling the 0x32BB IPI record:

IPI:                   
   0x32BB | LF_FUNC_ID [size = 32, hash = 0x221F8]
            name = invoke_main, type = 0x141E, parent scope = <no type>
TPI:
   0x141E | LF_MODIFIER [size = 12, hash = 0x272]
            referent = 0x0012 (long), modifiers = const

The type of 0x32BB here is obviously wrong, as it's not a function type.
The confusing part is that invoke_main has two LF_FUNC_ID records. The other one is a bit earlier in the stream and has a correct TPI record:

IPI:
   0x10FD | LF_FUNC_ID [size = 32, hash = 0x3D559]
            name = invoke_main, type = 0x1141, parent scope = <no type>
TPI:
   0x1141 | LF_PROCEDURE [size = 16, hash = 0x239DB]
            return type = 0x0074 (int), # args = 0, param list = 0x1001
            calling conv = cdecl, options = None

Unfortunately, I can't reproduce this anymore. I experimented with using lld-link instead of MS' link. There, I couldn't reproduce it. Switching back to MS' link resulted in the correct PDB again.

I suspect the issue is related to incremental linking.

@Nerixyz Nerixyz requested a review from JDevlieghere as a code owner November 2, 2025 19:44
@llvmbot llvmbot added the lldb label Nov 2, 2025
@llvmbot
Copy link
Member

llvmbot commented Nov 2, 2025

@llvm/pr-subscribers-lldb

Author: nerix (Nerixyz)

Changes

When I ran the shell tests on Windows locally, LLDB crashed on TestIRMemoryMapWindows.test. It crashed, because it tried to create a function type for a type index that wasn't a function type. CreateFunctionDeclFromId (the function changed in this PR) creates a function decl for LF_FUNC_ID and LF_MFUNC_ID records. These records are in the IPI stream, which only contains IDs and references to the main type stream, TPI. Specifically, it crashed when handling the 0x32BB IPI record:

IPI:                   
   0x32BB | LF_FUNC_ID [size = 32, hash = 0x221F8]
            name = invoke_main, type = 0x141E, parent scope = &lt;no type&gt;
TPI:
   0x141E | LF_MODIFIER [size = 12, hash = 0x272]
            referent = 0x0012 (long), modifiers = const

The type of 0x32BB here is obviously wrong, as it's not a function type.
The confusing part is that invoke_main has two LF_FUNC_ID records. The other one is a bit earlier in the stream and has a correct TPI record:

IPI:
   0x10FD | LF_FUNC_ID [size = 32, hash = 0x3D559]
            name = invoke_main, type = 0x1141, parent scope = &lt;no type&gt;
TPI:
   0x1141 | LF_PROCEDURE [size = 16, hash = 0x239DB]
            return type = 0x0074 (int), # args = 0, param list = 0x1001
            calling conv = cdecl, options = None

Unfortunately, I can't reproduce this anymore. I experimented with using lld-link instead of MS' link. There, I couldn't reproduce it. Switching back to MS' link resulted in the correct PDB again.

I suspect the issue is related to incremental linking.

Full diff: https://github.com/llvm/llvm-project/pull/166090.diff

1 Files Affected:

  • (modified) lldb/source/Plugins/SymbolFile/NativePDB/PdbAstBuilder.cpp (+2-1)
diff --git a/lldb/source/Plugins/SymbolFile/NativePDB/PdbAstBuilder.cpp b/lldb/source/Plugins/SymbolFile/NativePDB/PdbAstBuilder.cpp
index e7fddf08967fb..85f0c3873447b 100644
--- a/lldb/source/Plugins/SymbolFile/NativePDB/PdbAstBuilder.cpp
+++ b/lldb/source/Plugins/SymbolFile/NativePDB/PdbAstBuilder.cpp
@@ -1010,7 +1010,8 @@ PdbAstBuilder::CreateFunctionDeclFromId(PdbTypeSymId func_tid,
     lldbassert(false && "Invalid function id type!");
   }
   clang::QualType func_qt = GetOrCreateType(func_ti);
-  if (func_qt.isNull() || !parent)
+  if (func_qt.isNull() || !parent ||
+      !llvm::isa<clang::FunctionProtoType>(func_qt))
     return nullptr;
   CompilerType func_ct = ToCompilerType(func_qt);
   uint32_t param_count =

@Nerixyz Nerixyz mentioned this pull request Nov 5, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JDevlieghere JDevlieghere Awaiting requested review from JDevlieghere JDevlieghere is a code owner

Assignees

No one assigned

Labels

lldb

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Nerixyz @llvmbot