From 80a9fc840b1b0c5bdd6509578283af3b02782d48 Mon Sep 17 00:00:00 2001 From: Yonghong Song Date: Wed, 26 Oct 2022 16:15:02 -0700 Subject: [PATCH] [clang][Sema] Fix a clang crash with btf_type_tag For the following program, $ cat t.c struct t { int (__attribute__((btf_type_tag("rcu"))) *f)(); int a; }; int foo(struct t *arg) { return arg->a; } Compiling with 'clang -g -O2 -S t.c' will cause a failure like below: clang: /home/yhs/work/llvm-project/clang/lib/Sema/SemaType.cpp:6391: void {anonymous}::DeclaratorLocFiller::VisitParenTypeLoc(clang::ParenTypeLoc): Assertion `Chunk.Kind == DeclaratorChunk::Paren' failed. PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script. Stack dump: ...... #5 0x00007f89e4280ea5 abort (/lib64/libc.so.6+0x21ea5) #6 0x00007f89e4280d79 _nl_load_domain.cold.0 (/lib64/libc.so.6+0x21d79) #7 0x00007f89e42a6456 (/lib64/libc.so.6+0x47456) #8 0x00000000045c2596 GetTypeSourceInfoForDeclarator((anonymous namespace)::TypeProcessingState&, clang::QualType, clang::TypeSourceInfo*) SemaType.cpp:0:0 #9 0x00000000045ccfa5 GetFullTypeForDeclarator((anonymous namespace)::TypeProcessingState&, clang::QualType, clang::TypeSourceInfo*) SemaType.cpp:0:0 ...... The reason of the failure is due to the mismatch of TypeLoc and D.getTypeObject().Kind. For example, the TypeLoc is BTFTagAttributedType 0x88614e0 'int btf_type_tag(rcu)()' sugar |-ParenType 0x8861480 'int ()' sugar | `-FunctionNoProtoType 0x8861450 'int ()' cdecl | `-BuiltinType 0x87fd500 'int' while corresponding D.getTypeObject().Kind points to DeclaratorChunk::Paren, and this will cause later assertion. To fix the issue, similar to AttributedTypeLoc, let us skip BTFTagAttributedTypeLoc in GetTypeSourceInfoForDeclarator(). Differential Revision: https://reviews.llvm.org/D136807 --- clang/docs/ReleaseNotes.rst | 2 ++ clang/lib/Sema/SemaType.cpp | 3 +++ clang/test/CodeGen/attr-btf_type_tag-func-ptr.c | 15 +++++++++++++++ 3 files changed, 20 insertions(+) create mode 100644 clang/test/CodeGen/attr-btf_type_tag-func-ptr.c diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst index a17b033f5eb3ce..a1ee8f0459aedb 100644 --- a/clang/docs/ReleaseNotes.rst +++ b/clang/docs/ReleaseNotes.rst @@ -225,6 +225,8 @@ Bug Fixes - Fix a crash when generating code coverage information for an ``if consteval`` statement. This fixes `Issue 57377 `_. +- Fix a crash when a ``btf_type_tag`` attribute is applied to the pointee of + a function pointer. Improvements to Clang's diagnostics ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/clang/lib/Sema/SemaType.cpp b/clang/lib/Sema/SemaType.cpp index 3ab5d26a9a7506..edcac4d2ee9a26 100644 --- a/clang/lib/Sema/SemaType.cpp +++ b/clang/lib/Sema/SemaType.cpp @@ -6443,6 +6443,9 @@ GetTypeSourceInfoForDeclarator(TypeProcessingState &State, CurrTL = TL.getNextTypeLoc().getUnqualifiedLoc(); } + while (BTFTagAttributedTypeLoc TL = CurrTL.getAs()) + CurrTL = TL.getNextTypeLoc().getUnqualifiedLoc(); + while (DependentAddressSpaceTypeLoc TL = CurrTL.getAs()) { fillDependentAddressSpaceTypeLoc(TL, D.getTypeObject(i).getAttrs()); diff --git a/clang/test/CodeGen/attr-btf_type_tag-func-ptr.c b/clang/test/CodeGen/attr-btf_type_tag-func-ptr.c new file mode 100644 index 00000000000000..29ca5f58e4b812 --- /dev/null +++ b/clang/test/CodeGen/attr-btf_type_tag-func-ptr.c @@ -0,0 +1,15 @@ +// RUN: %clang_cc1 -triple %itanium_abi_triple -debug-info-kind=limited -S -emit-llvm -o - %s | FileCheck %s + +struct t { + int (__attribute__((btf_type_tag("rcu"))) *f)(); + int a; +}; +int foo(struct t *arg) { + return arg->a; +} + +// CHECK: !DIDerivedType(tag: DW_TAG_member, name: "f" +// CHECK-SAME: baseType: ![[L18:[0-9]+]] +// CHECK: ![[L18]] = !DIDerivedType(tag: DW_TAG_pointer_type, baseType: ![[#]], size: [[#]], annotations: ![[L21:[0-9]+]]) +// CHECK: ![[L21]] = !{![[L22:[0-9]+]]} +// CHECK: ![[L22]] = !{!"btf_type_tag", !"rcu"}