The fix for bug 59195:
[C++ demangler handles conversion operator incorrectly]
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=59195
unfortunately makes the demangler crash due to infinite recursion, in
case of casts in template parameters.
For example, with:
template<int> struct A {};
template <typename Y> void function_temp(A<sizeof ((Y)(999))>) {}
template void function_temp<int>(A<sizeof (int)>);
The 'function_temp<int>' instantiation above mangles to:
_Z13function_tempIiEv1AIXszcvT_Li999EEE
The demangler parses this as:
typed name
template
name 'function_temp'
template argument list
builtin type int
function type
builtin type void
argument list
template (*)
name 'A'
template argument list
unary operator
operator sizeof
unary operator
cast
template parameter 0 (**)
literal
builtin type int
name '999'
And after the fix for 59195, due to:
static void
d_print_cast (struct d_print_info *dpi, int options,
const struct demangle_component *dc)
{
...
/* For a cast operator, we need the template parameters from
the enclosing template in scope for processing the type. */
if (dpi->current_template != NULL)
{
dpt.next = dpi->templates;
dpi->templates = &dpt;
dpt.template_decl = dpi->current_template;
}
when printing the template argument list of A (what should be "<sizeof
(int)>"), the template parameter 0 (that is, "T_", the '**' above) now
refers to the first parameter of the the template argument list of the
'A' template (the '*' above), exactly what we were already trying to
print. This leads to infinite recursion, and stack exaustion. The
template parameter 0 should actually refer to the first parameter of
the 'function_temp' template.
Where it reads "for the cast operator" in the comment in d_print_cast
(above), it's really talking about a conversion operator, like:
struct A { template <typename U> explicit operator U(); };
We don't want to inject the template parameters from the enclosing
template in scope when processing a cast _expression_, only when
handling a conversion operator.
The problem is that DEMANGLE_COMPONENT_CAST is currently ambiguous,
and means _both_ 'conversion operator' and 'cast expression'.
Fix this by adding a new DEMANGLE_COMPONENT_CONVERSION component type,
which does what DEMANGLE_COMPONENT_CAST does today, and making
DEMANGLE_COMPONENT_CAST just simply print its component subtree.
I think we could instead reuse DEMANGLE_COMPONENT_CAST and in
d_print_comp_inner still do:
@@ -5001,9 +5013,9 @@ d_print_comp_inner (struct d_print_info *dpi, int options,
d_print_comp (dpi, options, dc->u.s_extended_operator.name);
return;
case DEMANGLE_COMPONENT_CAST:
d_append_string (dpi, "operator ");
- d_print_cast (dpi, options, dc);
+ d_print_conversion (dpi, options, dc);
return;
leaving the unary cast case below calling d_print_cast, but seems to
me that spliting the component types makes it easier to reason about
the code.
g++'s testsuite actually generates three symbols that crash the
demangler in the same way. I've added those as tests in the demangler
testsuite as well.
And then this fixes PR other/61233 too, which happens to be a
demangler crash originally reported to GDB, at:
https://sourceware.org/bugzilla/show_bug.cgi?id=16957
Bootstrapped and regtested on x86_64 Fedora 20.
Also ran this through GDB's testsuite. GDB will require a small
update to use DEMANGLE_COMPONENT_CONVERSION in one place it's using
DEMANGLE_COMPONENT_CAST in its sources.
libiberty/
2015-11-27 Pedro Alves <palves@redhat.com>
PR other/61321
PR other/61233
* demangle.h (enum demangle_component_type)
<DEMANGLE_COMPONENT_CONVERSION>: New value.
* cp-demangle.c (d_demangle_callback, d_make_comp): Handle
DEMANGLE_COMPONENT_CONVERSION.
(is_ctor_dtor_or_conversion): Handle DEMANGLE_COMPONENT_CONVERSION
instead of DEMANGLE_COMPONENT_CAST.
(d_operator_name): Return a DEMANGLE_COMPONENT_CONVERSION
component if handling a conversion.
(d_count_templates_scopes, d_print_comp_inner): Handle
DEMANGLE_COMPONENT_CONVERSION.
(d_print_comp_inner): Handle DEMANGLE_COMPONENT_CONVERSION instead
of DEMANGLE_COMPONENT_CAST.
(d_print_cast): Rename as ...
(d_print_conversion): ... this. Adjust comments.
(d_print_cast): Rewrite - simply print the left subcomponent.
* cp-demint.c (cplus_demangle_fill_component): Handle
DEMANGLE_COMPONENT_CONVERSION.
* testsuite/demangle-expected: Add tests.
git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@231020 138bc75d-0d04-0410-961f-82ee72b054a4
libiberty/
* cp-demangle.c (d_dump): Fix syntax error.
(d_identifier): Adjust type of len to match d_source_name.
(d_expression_1): Fix out-of-bounds access. Check code variable for
NULL before dereferencing it.
(d_find_pack): Do not recurse for FIXED_TYPE, DEFAULT_ARG and NUMBER.
(d_print_comp_inner): Add NULL pointer check.
* cp-demangle.h (d_peek_next_char): Define as inline function when
CHECK_DEMANGLER is defined.
(d_advance): Likewise.
* testsuite/demangle-expected: Add new testcases.
git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@225727 138bc75d-0d04-0410-961f-82ee72b054a4
Running the demangler's testsuite with CP_DEMANGLE_DEBUG defined
crashes, with:
Program received signal SIGSEGV, Segmentation fault.
0x000000000040a8c3 in d_dump (dc=0x1, indent=12) at ../../src/libiberty/cp-demangle.c:567
567 switch (dc->type)
(gdb) bt 3
#0 0x000000000040a8c3 in d_dump (dc=0x1, indent=12) at ../../src/libiberty/cp-demangle.c:567
#1 0x000000000040ae47 in d_dump (dc=0x7fffffffd098, indent=10) at ../../src/libiberty/cp-demangle.c:787
#2 0x000000000040ae47 in d_dump (dc=0x7fffffffd0c8, indent=8) at ../../src/libiberty/cp-demangle.c:787
Note dc=0x1, which is obviously a bogus pointer. This is the end of
d_dump recursing for a component type that that doesn't actually have
subtrees:
787 d_dump (d_left (dc), indent + 2);
788 d_dump (d_right (dc), indent + 2);
This fixes the two cases the testsuite currently trips on.
libiberty/
2014-05-28 Pedro Alves <palves@redhat.com>
* cp-demangle.c (d_dump): Handle DEMANGLE_COMPONENT_FUNCTION_PARAM
and DEMANGLE_COMPONENT_NUMBER.
* cp-demangle.c (struct d_component_stack): New structure.
(struct d_print_info): New field component_stack.
(d_print_init): Initialize the above.
(d_print_comp_inner): Renamed from d_print_comp.
Do not restore template stack if it would cause a loop.
(d_print_comp): New function.
* testsuite/demangle-expected: New test cases.
git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@210205 138bc75d-0d04-0410-961f-82ee72b054a4
libiberty/
* cp-demangle.c (d_demangle_callback): Put an abort call in place,
to help the compiler.
git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@207200 138bc75d-0d04-0410-961f-82ee72b054a4
libiberty/ 2014-01-06 Gary Benson <gbenson@redhat.com>
* cp-demangle.c (struct d_print_info): New fields
next_saved_scope, copy_templates, next_copy_template and
num_copy_templates.
(d_count_templates): New function.
(d_print_init): New parameter "dc".
Estimate numbers of templates and scopes required.
(d_print_free): Removed function.
(cplus_demangle_print_callback): Allocate stack for
templates and scopes. Removed call to d_print_free.
(d_copy_templates): Removed function.
(d_save_scope): New function.
(d_get_saved_scope): Likewise.
(d_print_comp): Replace state saving/restoring code with
calls to d_save_scope and d_get_saved_scope.
git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@206362 138bc75d-0d04-0410-961f-82ee72b054a4
libiberty/
PR other/59195
* cp-demangle.c (struct d_info_checkpoint): New struct.
(struct d_print_info): Add current_template field.
(d_operator_name): Set flag when processing a conversion
operator.
(cplus_demangle_type): When processing <template-args> for
a conversion operator, backtrack if necessary.
(d_expression_1): Renamed from d_expression.
(d_expression): New wrapper around d_expression_1.
(d_checkpoint): New function.
(d_backtrack): New function.
(d_print_init): Initialize current_template.
(d_print_comp): Set current_template.
(d_print_cast): Put current_template in scope for
printing conversion operator name.
(cplus_demangle_init_info): Initialize is_expression and
is_conversion.
* cp-demangle.h (struct d_info): Add is_expression and
is_conversion fields.
* testsuite/demangle-expected: New test cases.
git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@205292 138bc75d-0d04-0410-961f-82ee72b054a4
* cp-demangle.c (struct d_saved_scope): New structure.
(struct d_print_info): New fields saved_scopes and
num_saved_scopes.
(d_print_init): Initialize the above.
(d_print_free): New function.
(cplus_demangle_print_callback): Call the above.
(d_copy_templates): New function.
(d_print_comp): New variables saved_templates and
need_template_restore.
[DEMANGLE_COMPONENT_REFERENCE,
DEMANGLE_COMPONENT_RVALUE_REFERENCE]: Capture scope the first
time the component is traversed, and use the captured scope for
subsequent traversals.
* testsuite/demangle-expected: Add regression test.
git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@204068 138bc75d-0d04-0410-961f-82ee72b054a4
libiberty/
PR debug/49408
* cp-demangle.c (d_print_comp): Suppress argument list for function
references by the '&' unary operator. Keep also already processed
variant without the argument list. Suppress argument list types for
function call used in an expression.
* testsuite/demangle-expected: Fix excessive argument list types in
`test for typed function in decltype'. New testcase for no argument
list types printed. 3 new testcases for function references by the
'&' unary operator..
2010-11-16 H.J. Lu <hongjiu.lu@intel.com>
PR other/42670
PR binutils/11137
* cp-demangle.c (d_make_demangle_mangled_name): New.
(d_demangle_callback): Use it on DCT_GLOBAL_XTORS.
* testsuite/demangle-expected: Updated.
* cp-demangle.c (struct d_print_info): Add flush_count field.
(d_print_init): Initialize it to 0.
(d_print_flush): Increment it.
(d_print_comp): If needed flush before appending ", ". Only
decrement dpi->len if no flushes happened during the recursive
call.
* testsuite/demangle-expected: Add a test for this.
