[Clang][Sema] placement new initializes typedef array with correct size

[mahtohappy]

When in-place new-ing a local variable of an array of trivial type, the generated code calls 'memset' with the correct size of the array, earlier it was generating size (squared of the typedef array + size).

The cause: typedef TYPE TArray[8]; TArray x; The type of declarator is Tarray[8] and in SemaExprCXX.cpp::BuildCXXNew we check if it's of typedef and of constant size then we get the original type and it works fine for non-dependent cases.
But in case of template we do TreeTransform.h:TransformCXXNEWExpr and there we again check the allocated type which is TArray[8] and it stays that way, so ArraySize=(Tarray[8] type, alloc Tarray[8*type]) so the squared size allocation.

ArraySize gets calculated earlier in TreeTransform.h so that if(!ArraySize) condition was failing.
fix: I changed that condition to if(ArraySize).
fixes #41441

[github-actions]

Thank you for submitting a Pull Request (PR) to the LLVM Project!

This PR will be automatically labeled and the relevant teams will be
notified.

If you wish to, you can add reviewers by using the "Reviewers" section on this page.

If this is not working for you, it is probably because you do not have write
permissions for the repository. In which case you can instead tag reviewers by
name in a comment by using @ followed by their GitHub username.

If you have received no comments on your PR for a week, you can request a review
by "ping"ing the PR by adding a comment “Ping”. The common courtesy "ping" rate
is once a week. Please remember that you are asking for valuable time from other developers.

If you have further questions, they may be answered by the LLVM GitHub User Guide.

You can also ask questions in a comment on this PR, on the LLVM Discord or on the forums.

[llvmbot]

@llvm/pr-subscribers-backend-x86

@llvm/pr-subscribers-clang

Author: None (mahtohappy)

Changes

When in-place new-ing a local variable of an array of trivial type, the generated code calls 'memset' with the correct size of the array.
#fixes 41441

---

Full diff: https://github.com/llvm/llvm-project/pull/83124.diff

2 Files Affected:

• (modified) clang/lib/Sema/TreeTransform.h (+1-1)
• (added) clang/test/CodeGen/instantiate-new-placement-size.cpp (+19)

diff --git a/clang/lib/Sema/TreeTransform.h b/clang/lib/Sema/TreeTransform.h
index 7389a48fe56fcc..0a46deda194826 100644
--- a/clang/lib/Sema/TreeTransform.h
+++ b/clang/lib/Sema/TreeTransform.h
@@ -12731,7 +12731,7 @@ TreeTransform<Derived>::TransformCXXNewExpr(CXXNewExpr *E) {
   }
 
   QualType AllocType = AllocTypeInfo->getType();
-  if (!ArraySize) {
+  if (ArraySize) {
     // If no array size was specified, but the new expression was
     // instantiated with an array type (e.g., "new T" where T is
     // instantiated with "int[4]"), extract the outer bound from the
diff --git a/clang/test/CodeGen/instantiate-new-placement-size.cpp b/clang/test/CodeGen/instantiate-new-placement-size.cpp
new file mode 100644
index 00000000000000..eaf013a57a6176
--- /dev/null
+++ b/clang/test/CodeGen/instantiate-new-placement-size.cpp
@@ -0,0 +1,19 @@
+// RUN: %clang -S -emit-llvm -o - %s | FileCheck %s
+#include <new>
+
+// CHECK: call void @llvm.memset.p0.i64(ptr align 1 %x, i8 0, i64 8, i1 false)
+// CHECK: call void @llvm.memset.p0.i64(ptr align 16 %x, i8 0, i64 32, i1 false)
+template <typename TYPE>
+void f()
+{
+    typedef TYPE TArray[8];
+
+    TArray x;
+    new(&x) TArray();
+}
+
+int main()
+{
+    f<char>();
+    f<int>();
+}

[mahtohappy]

It fixes this issue #41441
https://godbolt.org/z/8qoz3GM9h

[shafik]

We need more test cases to make sure we are not breaking other cases. Non-dependent Vs dependent, constant Vs dynamically sized, VLA etc

[shafik]

Thank you for this fix.

Can you put more details in your summary. The approach I like to take is 1. what the problem is 2. what is the approach of the fix 3. any other important details.

[erichkeane]

I definitely agree with both of Shafik's comments!

The fix itself concerns me, the logic in the block that is having its condition inverted is specifically made for 'if no array size was specified' (see comment), so that makes me think this is an incorrect patch. It doesn't seem to follow the suggestion given in the original bug either.

[mahtohappy]

I definitely agree with both of Shafik's comments!

The fix itself concerns me, the logic in the block that is having its condition inverted is specifically made for 'if no array size was specified' (see comment), so that makes me think this is an incorrect patch. It doesn't seem to follow the suggestion given in the original bug either.
I agree with that but this was simpler solution, and it didn't break any testcase so I pushed this solution.
I had a other solution where the check for typedef was separate condition and that was working as well. But this looked neat to me and didn't break anything so I pushed this one.

[mahtohappy]

// If no array size was specified, but the new expression was
// instantiated with an array type (e.g., "new T" where T is
// instantiated with "int[4]"), extract the outer bound from the
// array type as our array size. We do this with constant and
// dependently-sized array types.

    typedef TYPE TArray[8];
    TArray x;

this is the same case. In TreeTransform.h we calculate the ArraySize earlier so that condition was failing.

[shafik]

Can you explain which cases the if (!ArraySize) condition was catching before and why the change does not effect those cases? My fear is that we are breaking other cases but we don't have test coverage for those cases and we are missing those breaks.

[mahtohappy]

@shafik I'm not aware of which cases it was catching before, I was hoping testing will reveal those testcases. I agree with your thinking that we might be breaking something and and don't have test coverage for it. I'll leave this condition as it is and add a separate check for this issue. It'll be more robust solution.

[mahtohappy]

Hi @shafik @cor3ntin @AaronBallman @erichkeane @Endilll Please review this. Thank you.

[erichkeane]

This comment doesn't really match what is happening below? the 'if' is still based on 'ArraySize' (presumably you mean this to be a proxy for E->isArray?). But there is no standardeeze quoted here about why you'd pick up the size/alloc type from it like this, rather than in the E->isArray above.

Also, does this also handle cases where this is going to still be dependent?

[mahtohappy]

Yes, you're right. It's proxy for E->isArray(), but the condition just before checks if it's Array and then calculates the ArraySize. I didn't want to check again and used the ArraySize calculated before. If the earlier condition E->isArray() fails then ArraySize won't be calculated and if(ArraySize) would also fail. In Typedef case Tarray x; the alloctype is Tarray for x, that's why using Tarray Element Type which is int, and using that as allocType. Yes, this is for dependent cases only.

[erichkeane]

So it seems this should probably be inside of that E->isArray() block instead then?

[mahtohappy]

Yes, it can be inside that block, but in the non-dependent it was outside the block to check for typedef so I followed the same thing here as well. It's in Sema::SemaExprCXX::BuildNEWCXX.

[mahtohappy]

Ping @AaronBallman @cor3ntin @Endilll

[mahtohappy]

Hi Please Review this. @Endilll @cor3ntin @AaronBallman

[cor3ntin]

Can you:

• add a changelog entry referencing the issue
• rename the test file or reference the issue number in a comment in the test?

thanks!

[dyung]

@mahtohappy the test you added seems to be failing on quite a few buildbots including the documentation build and some x86 ones:

• https://github.com/llvm/llvm-project/actions/runs/8705457952/job/23875893823
• https://lab.llvm.org/buildbot/#/builders/121/builds/40812
• https://lab.llvm.org/buildbot/#/builders/230/builds/27331
• https://lab.llvm.org/buildbot/#/builders/94/builds/19405
• https://lab.llvm.org/buildbot/#/builders/98/builds/36470
• https://lab.llvm.org/buildbot/#/builders/280/builds/1958
• https://lab.llvm.org/buildbot/#/builders/139/builds/63510
• https://lab.llvm.org/buildbot/#/builders/216/builds/37557

[antmox]

hello, instantiate-new-placement-size.cpp also fails here :
https://lab.llvm.org/buildbot/#/builders/188/builds/44501

[mahtohappy]

#88902 pushed a fix. Will update after build is done.

[dyung]

Please either revert or get the fix committed. This test has been failing on bots for around 6 hours at this point.

[erichkeane]

I merged the fix, it looks good enough, and I trust @mahtohappy that it passed locally. I DID have 1 comment on the test.

It is unfortunate that our infrastructure CI takes so long, this was likely to have to wait another ~4-5 hrs for Windows CI.

[Sterling-Augustine]

Unless the original test was subtly broken, the forward fix in 0a789ea seems erroneous.

The forward fix changes the test to have a different declaration of new. But I would not expect this original change to require source-code level changes. Or was that intended?

We are experiencing errors that look like this:

[foo.cc:1045] error: no matching member function for call to 'reset'
 1045 |   values_remaining_at_rank_of_width_.reset(new int64_t[ranks][65]);
      |   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~
[foo.cc:1784] note: in instantiation of member function '(anonymous namespace)::Writer<unsigned long>::InitStats' requested here
 1784 |   InitStats();
      |   ^
[foo.cc:2045] note: in instantiation of member function '(anonymous namespace)::Writer<unsigned long>::DoIt' requested here
 2045 |   writer.DoIt();
      |          ^
[.../toolchain/bin/../include/c++/v1/__memory/unique_ptr.h:487] note: candidate template ignored: requirement '_CheckArrayPointerConversion<long *>::value' was not satisfied [with _Pp = int64_t *]
  487 |   _LIBCPP_HIDE_FROM_ABI _LIBCPP_CONSTEXPR_SINCE_CXX23 void reset(_Pp __p) _NOEXCEPT {
      |                                                            ^

[metaflow]

The problem is still present. I have reverted this chain of commits.

[erichkeane]

Unless the original test was subtly broken, the forward fix in 0a789ea seems erroneous.

The forward fix changes the test to have a different declaration of new. But I would not expect this original change to require source-code level changes. Or was that intended?

We are experiencing errors that look like this:

[foo.cc:1045] error: no matching member function for call to 'reset'
 1045 |   values_remaining_at_rank_of_width_.reset(new int64_t[ranks][65]);
      |   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~
[foo.cc:1784] note: in instantiation of member function '(anonymous namespace)::Writer<unsigned long>::InitStats' requested here
 1784 |   InitStats();
      |   ^
[foo.cc:2045] note: in instantiation of member function '(anonymous namespace)::Writer<unsigned long>::DoIt' requested here
 2045 |   writer.DoIt();
      |          ^
[.../toolchain/bin/../include/c++/v1/__memory/unique_ptr.h:487] note: candidate template ignored: requirement '_CheckArrayPointerConversion<long *>::value' was not satisfied [with _Pp = int64_t *]
  487 |   _LIBCPP_HIDE_FROM_ABI _LIBCPP_CONSTEXPR_SINCE_CXX23 void reset(_Pp __p) _NOEXCEPT {
      |                                                            ^

That forward-fix was just a test change, doing a #include in our tests isn't something we can do, as it makes them fail with "file not found". As far as your errors, it shouldn't be because of those, but could definitely be a problem wiht the originnal patch, hopefully @mahtohappy can get a chance to look at this.

[mahtohappy]

@Sterling-Augustine please provide a reproducer script for your errors.

[slackito]

The following program fails to build after this change:

#include <cstdint>
#include <memory>

template<typename T>
struct X {
  void f() {
    values_.reset(new int64_t[123][65]);
  }

  std::unique_ptr<int64_t[][65]> values_;
};

int main() {
  X<unsigned char> x;
  x.f();
}

you get similar errors with both libstdc++:

jgorbe@gorbe:~/llvm-build/bin$ ./clang++ -o /dev/null ~/repro.cc
/usr/local/google/home/jgorbe/repro.cc:7:13: error: no matching member function for call to 'reset'
    7 |     values_.reset(new int64_t[123][65]);
      |     ~~~~~~~~^~~~~
/usr/local/google/home/jgorbe/repro.cc:15:5: note: in instantiation of member function 'X<unsigned char>::f' requested here
   15 |   x.f();
      |     ^
/usr/lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/bits/unique_ptr.h:779:7: note: candidate template ignored: requirement '__and_<std::__or_<std::is_same<long *, long (*)[65]>, std::__and_<std::is_same<long (*)[65], long (*)[65]>, std::is_pointer<long *>, std::is_convertible<long (*)[], long (*)[][65]>>>>::value' was not satisfied [with _Up = int64_t *]
  779 |       reset(_Up __p) noexcept
      |       ^
1 error generated.

and libc++

jgorbe@gorbe:~/llvm-build/bin$ ./clang++ -o /dev/null ~/repro.cc -stdlib=libc++
/usr/local/google/home/jgorbe/repro.cc:7:13: error: no matching member function for call to 'reset'
    7 |     values_.reset(new int64_t[123][65]);
      |     ~~~~~~~~^~~~~
/usr/local/google/home/jgorbe/repro.cc:15:5: note: in instantiation of member function 'X<unsigned char>::f' requested here
   15 |   x.f();
      |     ^
/usr/local/google/home/jgorbe/llvm-build/bin/../include/c++/v1/__memory/unique_ptr.h:457:60: note: candidate template ignored: requirement '_CheckArrayPointerConversion<long *>::value' was not satisfied [with _Pp = int64_t *]
  457 |   _LIBCPP_HIDE_FROM_ABI _LIBCPP_CONSTEXPR_SINCE_CXX23 void reset(_Pp __p) _NOEXCEPT {
      |                                                            ^
1 error generated.

[dwblaikie]

Simplified a bit more:

template <typename T>
void f1() {
  int (*x)[1] = new int[1][1]; // fails
}
template void f1<char>();
void f2() {
  int (*x)[1] = new int[1][1]; // passes
}

https://godbolt.org/z/MhaYbvefG - yeah seems pretty clear this is a regression. Compiles with GCC, fails with clang, and the non-dependent context passes with either.

[pranavk]

This commit is still problematic. Minimal reproducer (https://godbolt.org/z/hE7M8EfT1).

We should get this reverted again.

[pranavk]

In file included from /usr/local/foo/home/prka/wip/unique/test.cpp:1:
In file included from /usr/lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/memory:78:
/usr/lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/bits/unique_ptr.h:1085:14: error: no matching conversion for functional-style cast from 'unsigned short *' to 'unique_ptr<unsigned short[][256]>'
 1085 |     { return unique_ptr<_Tp>(new remove_extent_t<_Tp>[__num]()); }
      |              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/local/foo/home/prka/wip/unique/test.cpp:10:47: note: in instantiation of function template specialization 'std::make_unique<unsigned short[][256]>' requested here
   10 |   const std::unique_ptr<Node[]> nodes_ = std::make_unique<Node[]>(max_nodes_);
      |                                               ^
/usr/local/foo/home/prka/wip/unique/test.cpp:15:38: note: in instantiation of member function 'Base<256>::Base' requested here
   15 |   explicit Child(size_t max_bytes) : Base<256>(max_bytes) {
      |                                      ^
/usr/lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/bits/unique_ptr.h:648:7: note: candidate constructor not viable: no known conversion from 'unsigned short *' to 'unique_ptr<unsigned short[][256]>' for 1st argument
  648 |       unique_ptr(unique_ptr&&) = default;
      |       ^          ~~~~~~~~~~~~
/usr/lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/bits/unique_ptr.h:652:12: note: candidate constructor template not viable: no known conversion from 'unsigned short *' to 'nullptr_t' (aka 'std::nullptr_t') for 1st argument
  652 |         constexpr unique_ptr(nullptr_t) noexcept
      |                   ^          ~~~~~~~~~
/usr/lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/bits/unique_ptr.h:796:7: note: candidate constructor not viable: no known conversion from 'unsigned short *' to 'const unique_ptr<unsigned short[][256]>' for 1st argument
  796 |       unique_ptr(const unique_ptr&) = delete;
      |       ^          ~~~~~~~~~~~~~~~~~
/usr/lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/bits/unique_ptr.h:603:2: note: candidate template ignored: requirement '__and_<std::__or_<std::__or_<std::is_same<unsigned short *, unsigned short (*)[256]>, std::is_same<unsigned short *, std::nullptr_t>>, std::__and_<std::is_pointer<unsigned short *>, std::is_same<unsigned short (*)[256], unsigned short (*)[256]>, std::is_convertible<unsigned short (*)[], unsigned short (*)[][256]>>>>::value' was not satisfied [with _Up = unsigned short *, _Vp = std::default_delete<unsigned short[][256]>, $2 = _DeleterConstraint<default_delete<unsigned short[][256]>>]
  603 |         unique_ptr(_Up __p) noexcept
      |         ^
/usr/lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/bits/unique_ptr.h:662:2: note: candidate template ignored: could not match 'unique_ptr<_Up, _Ep>' against 'unsigned short *'
  662 |         unique_ptr(unique_ptr<_Up, _Ep>&& __u) noexcept

We get error messages like above with this commit. This compiles fine without this commit or with gcc.