Avoid use-after-return caused by double move #11485
Conversation
🔗 Helpful Links🧪 See artifacts and rendered test results at hud.pytorch.org/pr/pytorch/executorch/11485
Note: Links to docs will display an error until the docs builds have been completed. ✅ No FailuresAs of commit 2c6361e with merge base 611092d ( This comment was automatically generated by Dr. CI and updates every 15 minutes. |
facebook-github-bot
added
the
CLA Signed
|
This pull request was exported from Phabricator. Differential Revision: D76271359 |
|
@pytorchbot label "release notes: none" |
pytorch-bot
bot
added
the
release notes: none
|
This pull request was exported from Phabricator. Differential Revision: D76271359 |
1 similar comment
|
This pull request was exported from Phabricator. Differential Revision: D76271359 |
tamird
changed the title
|
This pull request was exported from Phabricator. Differential Revision: D76271359 |
1 similar comment
|
This pull request was exported from Phabricator. Differential Revision: D76271359 |
Summary: Previously, `Result<T>`'s constructor used `std::move(val)` to initialize the value. This resulted in an unnecessary extra move and destructor call on a moved-from stack object, triggering an HWASAN stack tag mismatch when the moved-from object was later destructed. Replacing `std::move(val)` with `std::forward<T>(val)` avoids the extra move while preserving correct semantics. This ensures only one move occurs and avoids lifetime violations that can lead to tag mismatches under HWASAN. Reviewed By: StefanBossbaly Differential Revision: D76271359
|
This pull request was exported from Phabricator. Differential Revision: D76271359 |
JacobSzwejbka
left a comment
JacobSzwejbka
left a comment
There was a problem hiding this comment.
Thanks for the catch!
| /* implicit */ Result(T&& val) : value_(std::move(val)), hasValue_(true) {} | ||
| /// Value forwarding constructor. | ||
| /* implicit */ Result(T&& val) | ||
| : value_(std::forward<T>(val)), hasValue_(true) {} |
There was a problem hiding this comment.
Can you add a test that wouldve caught the previous bad behavior.
There was a problem hiding this comment.
Sure. Where are the tests for this type?
There was a problem hiding this comment.
Can you try adding to this file: https://github.com/pytorch/executorch/blob/2dedc9e0e39047269b7762652b593c5c53883168/runtime/core/test/error_handling_test.cpp
swolchok
left a comment
swolchok
left a comment
There was a problem hiding this comment.
looks great, needs test, happy to accept with the test
I tried writing a test, but I have failed to induce the problematic behavior. I think it shows up only in the presence of stack tagging as performed by hwasan. |
| /// Value move constructor. | ||
| /* implicit */ Result(T&& val) : value_(std::move(val)), hasValue_(true) {} | ||
| /// Value forwarding constructor. | ||
| /* implicit */ Result(T&& val) | ||
| : value_(std::forward<T>(val)), hasValue_(true) {} |
There was a problem hiding this comment.
I misread what was going on here originally. This isn't a template function (though it is a member of a template class), so this really is an rvalue reference. I think that the original code is probably correct; std::forward is for arguments to template functions (https://en.cppreference.com/w/cpp/utility/forward.html).
|
This turned out to be a red herring. |
5 participants
Summary:
Previously,
Result<T>'s constructor usedstd::move(val)to initialize thevalue. This resulted in an unnecessary extra move and destructor call on a
moved-from stack object, triggering an HWASAN stack tag mismatch when the
moved-from object was later destructed.
Replacing
std::move(val)withstd::forward<T>(val)avoids the extra movewhile preserving correct semantics. This ensures only one move occurs and
avoids lifetime violations that can lead to tag mismatches under HWASAN.
Differential Revision: D76271359