Dear Clang community,
I think I stumbled across a front-end bug in clang’s C++ coroutine implementation.
Having an awaitable with
template<typename PROMISE> std::experimental::coroutine_handle<> await_suspend(std::experimental::coroutine_handle<PROMISE> coro) noexcept {
coro.destroy();
return std::experimental::noop_coroutine();
}
destroys the functions own coroutine frame. This is valid, as long as no-one afterwards resumes the coroutine anymore. However, address-sanitizer still reports a “heap-use-after-free” error.
From my understanding so far, this is because the clang-frontend stores the return value of
await_suspendin the coroutine frame. Instead, the clang-frontend should probably store this return value on the stack. Afaik, storing on the stack should be valid, as it is guaranteed that this return value will never live across a suspension point.
You can find a minimal repro in https://godbolt.org/z/eq6eoc and a more complex end-to-end version in https://godbolt.org/z/8Yadv1 . See https://stackoverflow.com/questions/65991264/c-coroutines-is-it-valid-to-call-handle-destroy-from-the-final-suspend-poin (in particular the comments to David Haim’s reply) for more context.
Cheers,
Adrian