Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Clang][Sema] Handle class member access expressions with valid nested-name-specifiers that become invalid after lookup #98167

Merged
merged 1 commit into from
Jul 9, 2024

Conversation

sdkrystian
Copy link
Member

@sdkrystian sdkrystian commented Jul 9, 2024

The following code causes this assert to fail:

struct A { };
struct B;

void f(A *x) {
  x->B::y; // crash here
}

This happens because we only return early from BuildMemberReferenceExpr when the CXXScopeSpecifier is invalid before the lookup is performed. Since the lookup may invalidate the CXXScopeSpecifier (e.g. if the nested-name-specifier is incomplete), this results in the second BuildMemberReferenceExpr overload being called with an invalid CXXScopeSpecifier, which causes the assert to fail. This patch moves the early return for invalid CXXScopeSpecifiers to occur after lookup is performed. This fixes #92972.

I also removed the if (SS.isSet() && SS.isInvalid()) check in ActOnMemberAccessExpr because the condition can never be true (isSet returns getScopeRep() != nullptr and isInvalid returns Range.isValid() && getScopeRep() == nullptr).

@llvmbot llvmbot added clang Clang issues not falling into any other category clang:frontend Language frontend issues, e.g. anything involving "Sema" labels Jul 9, 2024
@llvmbot
Copy link
Member

llvmbot commented Jul 9, 2024

@llvm/pr-subscribers-clang

Author: Krystian Stasiowski (sdkrystian)

Changes

The following code causes this assert to fail:

struct A { };
struct B;

void f(A *x) {
  x->B::y; // crash here
}

This happens because we only return early from BuildMemberReferenceExpr when the CXXScopeSpecifier is invalid before the lookup is performed. Since the lookup may invalidate the CXXScopeSpecifier (e.g. if the nested-name-specifier is incomplete), this results in the second BuildMemberReferenceExpr overload to be called with an invalid CXXScopeSpecifier, which causes the assert to fail. This patch moves the early return for invalid CXXScopeSpecifiers to occur after lookup is performed. This fixes #92972.


Full diff: https://github.com/llvm/llvm-project/pull/98167.diff

2 Files Affected:

  • (modified) clang/lib/Sema/SemaExprMember.cpp (+6-10)
  • (added) clang/test/CXX/basic/basic.lookup/basic.lookup.qual/basic.lookup.qual.general/p2.cpp (+16)
diff --git a/clang/lib/Sema/SemaExprMember.cpp b/clang/lib/Sema/SemaExprMember.cpp
index b7ea24790d361..daa9a4948f66c 100644
--- a/clang/lib/Sema/SemaExprMember.cpp
+++ b/clang/lib/Sema/SemaExprMember.cpp
@@ -789,9 +789,6 @@ ExprResult Sema::BuildMemberReferenceExpr(
     ActOnMemberAccessExtraArgs *ExtraArgs) {
   LookupResult R(*this, NameInfo, LookupMemberName);
 
-  if (SS.isInvalid())
-    return ExprError();
-
   // Implicit member accesses.
   if (!Base) {
     TypoExpr *TE = nullptr;
@@ -826,6 +823,10 @@ ExprResult Sema::BuildMemberReferenceExpr(
     BaseType = Base->getType();
   }
 
+  // BuildMemberReferenceExpr expects a valid nested-name-specifier, if any.
+  if (SS.isInvalid())
+    return ExprError();
+
   return BuildMemberReferenceExpr(Base, BaseType,
                                   OpLoc, IsArrow, SS, TemplateKWLoc,
                                   FirstQualifierInScope, R, TemplateArgs, S,
@@ -1745,14 +1746,9 @@ static ExprResult LookupMemberExpr(Sema &S, LookupResult &R,
 
 ExprResult Sema::ActOnMemberAccessExpr(Scope *S, Expr *Base,
                                        SourceLocation OpLoc,
-                                       tok::TokenKind OpKind,
-                                       CXXScopeSpec &SS,
+                                       tok::TokenKind OpKind, CXXScopeSpec &SS,
                                        SourceLocation TemplateKWLoc,
-                                       UnqualifiedId &Id,
-                                       Decl *ObjCImpDecl) {
-  if (SS.isSet() && SS.isInvalid())
-    return ExprError();
-
+                                       UnqualifiedId &Id, Decl *ObjCImpDecl) {
   // Warn about the explicit constructor calls Microsoft extension.
   if (getLangOpts().MicrosoftExt &&
       Id.getKind() == UnqualifiedIdKind::IK_ConstructorName)
diff --git a/clang/test/CXX/basic/basic.lookup/basic.lookup.qual/basic.lookup.qual.general/p2.cpp b/clang/test/CXX/basic/basic.lookup/basic.lookup.qual/basic.lookup.qual.general/p2.cpp
new file mode 100644
index 0000000000000..ebdae971a929e
--- /dev/null
+++ b/clang/test/CXX/basic/basic.lookup/basic.lookup.qual/basic.lookup.qual.general/p2.cpp
@@ -0,0 +1,16 @@
+// RUN: %clang_cc1 -verify -Wno-unused %s
+
+struct A {
+  int y;
+};
+
+struct B; // expected-note 4{{forward declaration of 'B'}}
+
+void f(A *a, B *b) {
+  a->B::x; // expected-error {{incomplete type 'B' named in nested name specifier}}
+  a->A::x; // expected-error {{no member named 'x' in 'A'}}
+  a->A::y;
+  b->B::x; // expected-error {{member access into incomplete type 'B'}}
+  b->A::x; // expected-error {{member access into incomplete type 'B'}}
+  b->A::y; // expected-error {{member access into incomplete type 'B'}}
+}

…d-name-specifiers that become invalid after lookup
Copy link
Contributor

@cor3ntin cor3ntin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM but can you add a changelog entry?

@ilovepi
Copy link
Contributor

ilovepi commented Jul 9, 2024

Thanks for running this down!

@sdkrystian
Copy link
Member Author

@cor3ntin This fixes a bug introduced in this release, so I don't believe a release note is needed.

@sdkrystian sdkrystian merged commit 9e1f1cf into llvm:main Jul 9, 2024
7 checks passed
searlmc1 pushed a commit to ROCm/llvm-project that referenced this pull request Jul 10, 2024
Reverts: more Sema changes
9e1f1cf [Clang][Sema] Handle class member access expressions with valid nested-name-specifiers that become invalid after lookup (llvm#98167)

Change-Id: I80aa10cf856f4854120e2eb7446335403b163b77
aaryanshukla pushed a commit to aaryanshukla/llvm-project that referenced this pull request Jul 14, 2024
…d-name-specifiers that become invalid after lookup (llvm#98167)

The following code causes an assert in `SemaExprMember.cpp` on line 981
to fail:
```
struct A { };
struct B;

void f(A *x) {
  x->B::y; // crash here
}
```
This happens because we only return early from
`BuildMemberReferenceExpr` when the `CXXScopeSpecifier` is invalid
_before_ the lookup is performed. Since the lookup may invalidate the
`CXXScopeSpecifier` (e.g. if the _nested-name-specifier_ is incomplete),
this results in the second `BuildMemberReferenceExpr` overload being
called with an invalid `CXXScopeSpecifier`, which causes the assert to
fail. This patch moves the early return for invalid `CXXScopeSpecifiers`
to occur _after_ lookup is performed. This fixes llvm#92972.

I also removed the `if (SS.isSet() && SS.isInvalid())` check in
`ActOnMemberAccessExpr` because the condition can never be true (`isSet`
returns `getScopeRep() != nullptr` and `isInvalid` returns
`Range.isValid() && getScopeRep() == nullptr`).
searlmc1 pushed a commit to ROCm/llvm-project that referenced this pull request Oct 28, 2024
cherry-picked:
9e1f1cf [email protected]      Tue Jul  9 16:40:53 2024 -0400 [Clang][Sema] Handle class member access expressions with valid nested-name-specifiers that become invalid after lookup (llvm#98167)
584e431 [email protected]      Wed Jul  3 12:12:53 2024 -0400 [Clang][Sema] Treat explicit specializations of static data member templates declared without 'static' as static data members when diagnosing uses of 'auto' (llvm#97425)
a1bce0b [email protected]        Thu Jun 27 08:17:40 2024 -0700 Clang: Add warning flag for storage class specifiers on explicit specializations (llvm#96699)
f46d146 [email protected]     Fri May 31 11:02:21 2024 -0700 [clang] require template arg list after template kw (llvm#80801)
033ec09 [email protected]       Fri Dec 22 09:00:41 2023 +0800 [Clang][Sema] Fix Wswitch-default bad warning in template (llvm#76007)
c281782 [email protected] Thu Dec  7 09:03:15 2023 +0800 [clang][Sema] Add -Wswitch-default warning option (llvm#73077)

Change-Id: Ib2582201b01cc62c3bf62011347925556e8531f7
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
clang:frontend Language frontend issues, e.g. anything involving "Sema" clang Clang issues not falling into any other category
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Clang-Doc hits an assertion in Sema when run on LLVM
5 participants