[ClangImporter] Avoid use-after-free of clang::DiagnosticOptions after rebranch (#85445)

Upstream LLVM in llvm/llvm-project#139584 changed `DiagnosticOptions`
from being a referenced counted object to just be a reference, not owned
by the `clang::DiagnosticEngine`.

In 0981b71 (part of #82243), the usages
of the Swift repository were adapted to the new memory model, but it
introduced at least one use-after-free and a potential one around the
usage of Clang in the Clang Importer.

This commit tries to fix the use-after-free in both cases, by returning
a `unique_ptr` to the `clang::DiagnosticOptions`, which makes the
lifetime of the `DiagnosticOptions` match the lifetime of the variable
that uses it (normally a `CompilerInvocation`).

Other cases in 0981b71 should be safe
because the lifetime of the `DiagnosticOptions` do not seem to propagate
beyond the scope of the functions where they live (but I am not fully
sure about the one in `IDETool/CompilerInvocation.cpp` completely).

This was causing compiler crashes during the test
`Interop/Cxx/stdlib/unsupported-stdlib.swift` which eventually uses
`createClangDriver` and tries to emit a diagnostic, which in some cases
was reading the memory from `DiagnosticOptions` when it was already out
of scope.

Author: drodriguez

include/swift/ClangImporter/ClangImporter.h

@@ -20,6 +20,7 @@
 #include "swift/AST/AttrKind.h"
 #include "swift/AST/ClangModuleLoader.h"
 #include "clang/AST/Attr.h"
+#include "clang/Basic/DiagnosticOptions.h"
 #include "clang/Basic/Specifiers.h"
 #include "llvm/Support/VirtualFileSystem.h"
 
@@ -213,7 +214,8 @@ class ClangImporter final : public ClangModuleLoader {
   std::vector<std::string>
   getClangDepScanningInvocationArguments(ASTContext &ctx);
 
-  static std::unique_ptr<clang::CompilerInvocation>
+  static std::pair<std::unique_ptr<clang::CompilerInvocation>,
+                   std::unique_ptr<clang::DiagnosticOptions>>
   createClangInvocation(ClangImporter *importer,
                         const ClangImporterOptions &importerOpts,
                         llvm::IntrusiveRefCntPtr<llvm::vfs::FileSystem> VFS,
@@ -223,8 +225,9 @@ class ClangImporter final : public ClangModuleLoader {
   ///
   /// \return a pair of the Clang Driver and the diagnostic engine, which needs
   /// to be alive during the use of the Driver.
-  static std::pair<clang::driver::Driver,
-                   llvm::IntrusiveRefCntPtr<clang::DiagnosticsEngine>>
+  static std::tuple<clang::driver::Driver,
+                    llvm::IntrusiveRefCntPtr<clang::DiagnosticsEngine>,
+                    std::unique_ptr<clang::DiagnosticOptions>>
   createClangDriver(
       const LangOptions &LangOpts,
       const ClangImporterOptions &ClangImporterOpts,

lib/ClangImporter/ClangImporter.cpp

@@ -1284,7 +1284,9 @@ std::optional<std::vector<std::string>> ClangImporter::getClangCC1Arguments(
   return CI->getCC1CommandLine();
 }
 
-std::unique_ptr<clang::CompilerInvocation> ClangImporter::createClangInvocation(
+std::pair<std::unique_ptr<clang::CompilerInvocation>,
+          std::unique_ptr<clang::DiagnosticOptions>>
+ClangImporter::createClangInvocation(
     ClangImporter *importer, const ClangImporterOptions &importerOpts,
     llvm::IntrusiveRefCntPtr<llvm::vfs::FileSystem> VFS,
     const std::vector<std::string> &CC1Args) {
@@ -1298,19 +1300,19 @@ std::unique_ptr<clang::CompilerInvocation> ClangImporter::createClangInvocation(
   // option here is either generated by dependency scanner or just round tripped
   // from `getClangCC1Arguments` so we don't expect it to fail. Use a simple
   // printing diagnostics consumer for debugging any unexpected error.
-  clang::DiagnosticOptions diagOpts;
+  auto diagOpts = std::make_unique<clang::DiagnosticOptions>();
   clang::DiagnosticsEngine clangDiags(
-      new clang::DiagnosticIDs(), diagOpts,
-      new clang::TextDiagnosticPrinter(llvm::errs(), diagOpts));
+      new clang::DiagnosticIDs(), *diagOpts,
+      new clang::TextDiagnosticPrinter(llvm::errs(), *diagOpts));
 
   // Finally, use the CC1 command-line and the diagnostic engine
   // to instantiate our Invocation.
   auto CI = std::make_unique<clang::CompilerInvocation>();
   if (!clang::CompilerInvocation::CreateFromArgs(
           *CI, invocationArgs, clangDiags, importerOpts.clangPath.c_str()))
-    return nullptr;
+    return {nullptr, nullptr};
 
-  return CI;
+  return {std::move(CI), std::move(diagOpts)};
 }
 
 std::unique_ptr<ClangImporter> ClangImporter::create(
@@ -1358,8 +1360,9 @@ std::unique_ptr<ClangImporter> ClangImporter::create(
                        [] { llvm::errs() << "' '"; });
       llvm::errs() << "'\n";
     }
-    importer->Impl.Invocation = createClangInvocation(
-        importer.get(), importerOpts, VFS, importer->Impl.ClangArgs);
+    std::tie(importer->Impl.Invocation, importer->Impl.DiagnosticOptions) =
+        createClangInvocation(importer.get(), importerOpts, VFS,
+                              importer->Impl.ClangArgs);
     if (!importer->Impl.Invocation)
       return nullptr;
   }
@@ -1435,7 +1438,7 @@ std::unique_ptr<ClangImporter> ClangImporter::create(
         ctx, instance.getVirtualFileSystemPtr(), true);
     if (!swiftTargetClangArgs)
       return nullptr;
-    auto swiftTargetClangInvocation = createClangInvocation(
+    auto [swiftTargetClangInvocation, clangDiagOpts] = createClangInvocation(
         importer.get(), importerOpts, instance.getVirtualFileSystemPtr(),
         *swiftTargetClangArgs);
     if (!swiftTargetClangInvocation)

lib/ClangImporter/ClangIncludePaths.cpp

@@ -122,22 +122,23 @@ parseClangDriverArgs(const clang::driver::Driver &clangDriver,
   return clangDriver.getOpts().ParseArgs(args, unused1, unused2);
 }
 
-std::pair<clang::driver::Driver,
-          llvm::IntrusiveRefCntPtr<clang::DiagnosticsEngine>>
+std::tuple<clang::driver::Driver,
+           llvm::IntrusiveRefCntPtr<clang::DiagnosticsEngine>,
+           std::unique_ptr<clang::DiagnosticOptions>>
 ClangImporter::createClangDriver(
     const LangOptions &LangOpts, const ClangImporterOptions &ClangImporterOpts,
     llvm::IntrusiveRefCntPtr<llvm::vfs::FileSystem> vfs) {
 
   auto diagVFS = vfs ? vfs : llvm::vfs::getRealFileSystem();
 
-  clang::DiagnosticOptions diagOpts;
+  auto diagOpts = std::make_unique<clang::DiagnosticOptions>();
   auto *silentDiagConsumer = new clang::DiagnosticConsumer();
   auto clangDiags = clang::CompilerInstance::createDiagnostics(
-      *diagVFS, diagOpts, silentDiagConsumer);
+      *diagVFS, *diagOpts, silentDiagConsumer);
   clang::driver::Driver clangDriver(ClangImporterOpts.clangPath,
                                     LangOpts.Target.str(), *clangDiags,
                                     "clang LLVM compiler", vfs);
-  return {std::move(clangDriver), clangDiags};
+  return {std::move(clangDriver), clangDiags, std::move(diagOpts)};
 }
 
 /// Given a list of include paths and a list of file names, finds the first
@@ -208,8 +209,9 @@ getLibcFileMapping(const ASTContext &ctx, StringRef modulemapFileName,
   const llvm::Triple &triple = ctx.LangOpts.Target;
 
   // Extract the libc path from Clang driver.
-  auto [clangDriver, clangDiagEngine] = ClangImporter::createClangDriver(
-      ctx.LangOpts, ctx.ClangImporterOpts, vfs);
+  auto [clangDriver, clangDiagEngine, clangDiagOpts] =
+      ClangImporter::createClangDriver(ctx.LangOpts, ctx.ClangImporterOpts,
+                                       vfs);
   auto clangDriverArgs = ClangImporter::createClangArgs(
       ctx.ClangImporterOpts, ctx.SearchPathOpts, clangDriver);
 
@@ -287,8 +289,9 @@ static void getLibStdCxxFileMapping(
     return;
 
   // Extract the libstdc++ installation path from Clang driver.
-  auto [clangDriver, clangDiagEngine] = ClangImporter::createClangDriver(
-      ctx.LangOpts, ctx.ClangImporterOpts, vfs);
+  auto [clangDriver, clangDiagEngine, clangDiagOpts] =
+      ClangImporter::createClangDriver(ctx.LangOpts, ctx.ClangImporterOpts,
+                                       vfs);
   auto clangDriverArgs = ClangImporter::createClangArgs(
       ctx.ClangImporterOpts, ctx.SearchPathOpts, clangDriver);
 
@@ -482,8 +485,9 @@ void GetWindowsFileMappings(
   if (!Triple.isWindowsMSVCEnvironment())
     return;
 
-  auto [Driver, clangDiagEngine] = ClangImporter::createClangDriver(
-      Context.LangOpts, Context.ClangImporterOpts, driverVFS);
+  auto [Driver, clangDiagEngine, clangDiagOpts] =
+      ClangImporter::createClangDriver(Context.LangOpts,
+                                       Context.ClangImporterOpts, driverVFS);
   const llvm::opt::InputArgList Args = ClangImporter::createClangArgs(
       Context.ClangImporterOpts, Context.SearchPathOpts, Driver);
   const clang::driver::ToolChain &ToolChain = Driver.getToolChain(Args, Triple);

lib/ClangImporter/ImporterImpl.h

@@ -551,6 +551,9 @@ class LLVM_LIBRARY_VISIBILITY ClangImporter::Implementation
   /// Clang arguments used to create the Clang invocation.
   std::vector<std::string> ClangArgs;
 
+  /// Clang diagnostic options used to create the Clang invocation.
+  std::unique_ptr<clang::DiagnosticOptions> DiagnosticOptions;
+
   /// Mapping from Clang swift_attr attribute text to the Swift source file(s)
   /// that contain that attribute text.
   ///

lib/Frontend/CompilerInvocation.cpp

@@ -392,7 +392,7 @@ void CompilerInvocation::computeCXXStdlibOptions() {
     LangOpts.PlatformDefaultCXXStdlib = CXXStdlibKind::Msvcprt;
   } else if (LangOpts.Target.isOSLinux() || LangOpts.Target.isOSDarwin() ||
              LangOpts.Target.isOSFreeBSD()) {
-    auto [clangDriver, clangDiagEngine] =
+    auto [clangDriver, clangDiagEngine, clangDiagOpts] =
         ClangImporter::createClangDriver(LangOpts, ClangImporterOpts);
     auto clangDriverArgs = ClangImporter::createClangArgs(
         ClangImporterOpts, SearchPathOpts, clangDriver);