Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crash on _Dynamic_bounds_cast of a string literal #575

Closed
AnnaKornfeldSimpson opened this issue Oct 13, 2018 · 5 comments
Closed

Crash on _Dynamic_bounds_cast of a string literal #575

AnnaKornfeldSimpson opened this issue Oct 13, 2018 · 5 comments

Comments

@AnnaKornfeldSimpson
Copy link
Collaborator

My last change was fixing an error such that the errors and warnings list should have then been empty for this compilation. Running in Windows, just invoked clang.exe directly. Attached zip contains the requested files.
parson-d2e18c.zip

Terminal Output:

Assertion failed: result.second && "temporary already in map!", file <...>llvm\tools\clang\lib\codegen\CodeGenFunction.h, line 1952
Wrote crash dump file "<...>\AppData\Local\Temp\clang.exe-e07960.dmp"
0x00007FF6E1485BC1 (0x00007FF6E1485BBC 0x00007FFA8F7199C1 0x0000007E00000000 0x0000000000000276)
0x00007FFA8F76D4CB (0x0000000000000001 0x00007FF600000000 0x0000000000000010 0x00007FF6E32AD190), raise() + 0x1DB bytes(s)
0x00007FFA8F76E561 (0x0002000000000003 0x0000000000000003 0x00007FFA8F7C9470 0x00007FF6E32BDD60), abort() + 0x31 bytes(s)
0x00007FFA8F770316 (0x0000007E4C18C570 0x0000007E4C1891E8 0x0000007E4C1891E0 0x00000000000007A0), _get_wpgmptr() + 0x1CE6 bytes(s)
0x00007FFA8F770211 (0x00000000000007A0 0x00007FF6E32BDD60 0x0000020AC3E7ED30 0x0000000000000001), _get_wpgmptr() + 0x1BE1 bytes(s)
0x00007FFA8F77054F (0x0000020AC3A12EA0 0x0000007E4C189229 0x0000020AC3A12F50 0x0000007E4C18B378), _wassert() + 0x3F bytes(s)
0x00007FF6E16E18BF (0x0000020AC3A12EA0 0x0000020AC3A12F50 0x0000007E4C189470 0x0000007E4C1898B0)
0x00007FF6E16CB227 (0x0000007E4C189470 0x0000007E4C1893C0 0x0000007E4C18B200 0x0000020AC1AD0608)
0x00007FF6E16D2C82 (0x0000020AC3ABCCC0 0x0000007E4C1896B0 0x0000020AC3BA2FD8 0x00007FF6E2B614D0)
0x00007FF6E16CA493 (0x0000020AC3A12F50 0x0000020AC3A12F68 0x0000000000000000 0x0000020AC3A12F68)
0x00007FF6E16D80BF (0x0000020AC3A12F68 0x0000020AC3BA2F40 0x0000020AC3BA2F40 0x0000000000000000)
0x00007FF6E16D8357 (0x0000020AC3BA2F40 0x0000000000000001 0x0000000000000002 0x0000000000000000)
0x00007FF6E180EBCC (0x0000020AC1B3FA00 0x0000020AC3BA3098 0x0000020AC3A12F98 0x0000020AC3A12F68)
0x00007FF6E16CAE9B (0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000)
0x00007FF6E179D103 (0x0000020AC3A12F98 0x0000007E4C189E40 0x0000020AC3A12F98 0x0000007E4C189E80)
0x00007FF6E1799825 (0x0000020AC3A12F98 0x00007FF6E16B4563 0x0000007E4C18B200 0x0000007E4C18A060)
0x00007FF6E179A4FB (0x0000020AC3A12F98 0x0000020AC1B62920 0x0000B5A75AF276DC 0x00007FF6E110A24E)
0x00007FF6E179631B (0x0000020AC3A12F98 0x0000007E4C18B200 0x0000000000000000 0x00007FF6E14959E6)
0x00007FF6E168AFEB (0x0000020AC1B62920 0x0000007E4C18A370 0x0000000000000000 0x0000007E4C18A2E0)
0x00007FF6E168A1DA (0x0000020AC1B62920 0x0000007E4C18A290 0x0000020AC1B62920 0x0000007E4C18A480)
0x00007FF6E16894B4 (0x0000007E00000000 0x0000020AC1B62920 0x0000007E4C18B200 0x0000000000000008)
0x00007FF6E168923B (0x0000020A00000000 0x0000020AC1B62920 0x0000020AC1B70CC0 0x0000020A0000001D)
0x00007FF6E168BE38 (0x0000000000000000 0x0000020A00000000 0x0000020AC1B62920 0x0000007E4C18B200)
0x00007FF6E1689C41 (0x0000020AC3A12FE8 0x0000007E4C18B200 0x0000000000000000 0x0000020AC3A12FF0)
0x00007FF6E1785430 (0x0000020AC3A12FE0 0x0000007E4C18A610 0x0000007E4C18A660 0x0000007E4C18B200)
0x00007FF6E1786DA4 (0x0000007E4C18B200 0x0000007E4C18B200 0x0000020AC3E447B0 0x00007FF6E1489F13)
0x00007FF6E1787012 (0x0000000000000001 0x0000020AC3A13A00 0x0000007E4C18B200 0x0000020AC3E68CD0)
0x00007FF6E1785183 (0x0000000080203783 0x0000007E4C18A850 0x0000007E4C18A870 0x0000020AC1AAD790)
0x00007FF6E17850CB (0x0000007E4C18B200 0x00007FF6E110B334 0x0000020AC3A13A58 0x0000000000000000)
0x00007FF6E1786E3D (0x0000007E4C18B200 0x0000007E4C18B200 0x0000000000000000 0x0000020AC3E68CD0)
0x00007FF6E1787012 (0x0000000080203780 0x0000000080203780 0x0000007E4C18B280 0x0000007E4C18AA20)
0x00007FF6E1785756 (0x8020395D80203780 0x0000000000000000 0x0000000000000000 0x0000000000000000)
0x00007FF6E1787243 (0x0000000000000016 0x0000020AC3BA24E8 0x0000007E4C18B200 0x0000007EEB0001EA)
0x00007FF6E1785183 (0x00000000000096DE 0x0000007E4C18AC80 0x0000007E4C18ACA0 0x0000020AC1AAD790)
0x00007FF6E17850CB (0x0000020AC3C92848 0x0000020AC3E64EF0 0x0000007E4C18B3B8 0x00007FF6E16B0E35)
0x00007FF6E1786E3D (0x0000007E4C18B200 0x0000007E4C18B200 0x0000007E4C18B378 0x0000007E4C18AE20)
0x00007FF6E1787012 (0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000004)
0x00007FF6E1788537 (0x0000007E4C18B200 0x0000007E4C18B200 0x0000007E4C18B200 0x00007FF6E111A5B7)
0x00007FF6E17873A9 (0x0000020AC1AD06E8 0x0000020AC3BA2658 0x0000007E4C18B200 0x00007FF6E15CA7DE)
0x00007FF6E1785183 (0x0000020AC3BA25F8 0x0000007E4C18AFC0 0x0000000000009492 0x0000007E4C18B200)
0x00007FF6E16AD2E8 (0x0000000000000003 0x0000020AC3A11210 0x0000007E4C18B110 0x0000000000000000)
0x00007FF6E16B0973 (0x0000020AC3A11210 0x0000020AC3A11210 0x0000020AC3C6F1E8 0x0000020AC39DFD70)
0x00007FF6E160177F (0x0000000000009492 0x0000000000009492 0x0000020AC1ACD9E0 0x00007FF6E1605EBE)
0x00007FF6E16014AB (0x0000020AC1ACD910 0x0000020AC3A11210 0x0000020AC1ACDD78 0x0000020AC3A3EFB0)
0x00007FF6E16005A0 (0x0000020AC1ACD140 0x0000007E4C18C850 0x0000020AC1B38CC0 0x0000020AC1ACD910)
0x00007FF6E1609000 (0x0000007E4C18DDD0 0x0000020AC1ACD140 0x0000020AC1B38CC0 0x0000020AC1B3CF00)
0x00007FF6E2B33E97 (0x0000000000000001 0x0000020AC1B395C8 0x0000000000000000 0x0000000000000000)
0x00007FF6E2B30FA3 (0x0000000000000000 0x0000020AC1B3D3C8 0x0000000000000000 0x0000020AC1B38CC0)
0x00007FF6E1E728D5 (0x0000000000000000 0x0000007E4C18DE00 0x0000020AC1AAA190 0x0000000000000000)
0x00007FF6E1926633 (0x0000020AC1A7CC90 0x0000000000000000 0x0000020AC1AD0920 0x00007FF6E2B04722)
0x00007FF6E2B30BCF (0x0000020AC1AA64D0 0x0000000000000010 0x0000020AC1AAA1B0 0x0000020AC1A7CC90)
0x00007FF6E192646F (0x00007FF6E35BA650 0x0000020AC1AA64A0 0x0000020AC1AABA80 0x00007FF6E35BA650)
0x00007FF6E18F753F (0x0000020AC1A7ADA0 0x0000000000000000 0x0000020AC1A7CC90 0x0000020AC1A7CC90)
0x00007FF6E196A8DE (0x0000020AC1AAA190 0x0000020AC1AAA190 0x0000020AC1AAA1B0 0x0000020AC1AAA190)
0x00007FF6E0BCAE9D (0x0000000000000001 0x0000000000000000 0x0000007E4C18EB38 0x000000000000003A)
0x00007FF6E0BC6B81 (0x000000000000003A 0x0000000000000000 0x0000007E4C18EB38 0x0000020AC1A94D28)
0x00007FF6E0BC8D11 (0x0000000000000000 0x0000000000000000 0x00007FFA8F7EA570 0x0000000000000000)
0x00007FF6E2A0AE1C (0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000)
0x00007FFA91CD3034 (0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000), BaseThreadInitThunk() + 0x14 bytes(s)
0x00007FFA92FE1461 (0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000), RtlUserThreadStart() + 0x21 bytes(s)
clang.exe: error: clang frontend command failed due to signal (use -v to see invocation)
clang version 6.0.0 (git@github.com:Microsoft/checkedc-clang a172936) (git@github.com:Microsoft/checkedc-llvm b31f790325a73475659e33754716f6e2ff44bb4a)
Target: x86_64-pc-windows-msvc
Thread model: posix
InstalledDir: <...>llvm.obj\MinSizeRel\bin
clang.exe: note: diagnostic msg: PLEASE submit a bug report to https://github.com/Microsoft/checkedc-clang/issues and include the crash backtrace, preprocessed source, and associated run script.
clang.exe: note: diagnostic msg:
@AnnaKornfeldSimpson
Copy link
Collaborator Author

AnnaKornfeldSimpson commented Oct 26, 2018
edited

crashAttach.zip
A much smaller reproduction of the crash. The crash disappears if the _Dynamic_bounds_cast is changed to an _Assume_bounds_cast.

#include <stdlib_checked.h>
#include <string_checked.h>
#include <stdio_checked.h>

#define APPEND_STRING(raw_str) do {\
    size_t len = strlen((raw_str));\
    _Nt_array_ptr<const char> str_with_len : count(len) = _Dynamic_bounds_cast<_Nt_array_ptr<const char>>((raw_str), count(len));\
    useLen(str_with_len, len);\
    } while(0)

static void useLen(_Nt_array_ptr<const char> str : count(len), size_t len)
{
    puts("Success");
}

int main() {
    APPEND_STRING("\n");
    return 0;
}

@AnnaKornfeldSimpson AnnaKornfeldSimpson changed the title Crash of Unknown Cause Crash on _Dynamic_bounds_cast of a string literal Oct 26, 2018
@AnnaKornfeldSimpson
Copy link
Collaborator Author

AnnaKornfeldSimpson commented Oct 31, 2018
edited

Edit never mind, typo.
Neither my original nor the smaller example repro on the latest build of the compiler, so I'm guessing #581 fixed this too, hurrah!

dtarditi added a commit that referenced this issue Nov 1, 2018
@dtarditi
Fix for compiler assert.
fe33a23 
This change fixes the compiler assert reported in Github issue #575. We are
inserting temporary variables for strings so that we can describe their
bounds.  The assert was checking that we don't compute a temporary
variable more than once in an expression.

The problem is that we are copying the expression that creates and binds the
temporary into the bounds.   The bounds is used at runtime in the
dynamic_bounds_cast.  This causes the temporary to computed twice, which is
what the assert is protecting against.  Since we've already computed the value
into a temporary, the fix is to replace the binding with a read of the
temporary.

Testing:
- Added simple repro case that caused a compiler crash.
- Passed local testing and repro case.  Still needs a runtime test that the
  right thing is happening.
@dtarditi
Copy link
Contributor

dtarditi commented Nov 1, 2018

@AnnaKornfeldSimpson, I've pushed a branch with a fix (issue575). It still needs a runtime test before committing it to master.

@AnnaKornfeldSimpson
Copy link
Collaborator Author

Confirmed that this no longer crashes my code while compiling, thanks for the fix!
(Should it be giving me a warning or an error about my use of Dynamic_bounds_cast on a string literal? Right now it compiles cleanly.)

This was referenced Nov 3, 2018
Merged
Merged
dtarditi added a commit to microsoft/checkedc that referenced this issue Nov 3, 2018
@dtarditi
Test dynamic_bounds_cast involving string literal. (#331)
ada5bee 
There was a compiler assert on a dynamic_bounds_cast of a string literal (microsoft/checkedc-clang#575).  This is fixed by microsoft/checkedc-clang#585.   Add runtime tests that check that the right results are being computed in this case.
dtarditi added a commit that referenced this issue Nov 3, 2018
@dtarditi
Fix compiler assert. (#585)
18a77c6 
This change fixes the compiler assert reported in Github issue #575. We are inserting temporary variables for strings so that we can describe their bounds.  The assert was checking that we don't compute a temporary variable more than once in an expression.

The problem was that we were copying an expression that creates and binds a temporary into the bounds.   The bounds is used at runtime in the dynamic_bounds_cast.  This causes the temporary to be computed twice, which is what the assert is protecting against.  Since we've already computed the value into a temporary, the fix is to replace the binding with a read of the temporary.

Testing:
- Added simple repro case that caused a compiler crash.
- Added a runtime test that will be covered by a PR to the Checked C repo
- Passed testing locally for Window x64.
- Passed automated testing for Linux.
@dtarditi
Copy link
Contributor

dtarditi commented Nov 3, 2018

I've merged the fix: PR #585. Yes, it is OK to do a dynamic_bounds_cast on a string literal. The semantics are well-defined. The cast is unnecessary, but there's no need to warn about it. It isn't a correctness issue. It's a performance/conciseness issue. We could end up with these casts from the use of macros.

This was referenced Jan 15, 2022
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AnnaKornfeldSimpson @dtarditi