fix: Add visited check to dependent member name lookup (#416)

varungandhi-src · web-flow · commit 8b099f05932f · 2023-08-23T08:03:07.000+08:00
A customer reported an issue where the number of iterations exceeded 10k.
This is likely because of repeatedly checking the same type somehow.

I don't have a minimal reproducer for it, but add a hard-coded limit +
a visited check to prevent timeouts.
diff --git a/indexer/ApproximateNameResolver.cc b/indexer/ApproximateNameResolver.cc
@@ -3,6 +3,7 @@
 #include "clang/AST/DeclTemplate.h"
 #include "clang/AST/DeclarationName.h"
 #include "clang/AST/Type.h"
+#include "llvm/ADT/SmallPtrSet.h"
 #include "llvm/ADT/SmallVector.h"
 
 #include "indexer/ApproximateNameResolver.h"
@@ -39,11 +40,26 @@ ApproximateNameResolver::tryResolveMember(
   };
 
   llvm::SmallVector<const clang::Type *, 2> typesToLookup;
+  llvm::SmallPtrSet<const clang::Type *, 2> seen;
   typesToLookup.push_back(type);
 
+  size_t iterations = 0;
   while (!typesToLookup.empty()) {
+    iterations++;
+    if (iterations > 10'000) {
+      spdlog::warn(
+          "exceeded 10000 iterations in member lookup for '{}' in type '{}'",
+          declNameInfo.getAsString(), clang::QualType(type, 0).getAsString());
+      spdlog::info("this is likely a scip-clang bug; please report it at "
+                   "https://github.com/sourcegraph/scip-clang/issues");
+      break;
+    }
     auto *type = typesToLookup.back();
     typesToLookup.pop_back();
+    if (seen.find(type) != seen.end()) {
+      continue;
+    }
+    seen.insert(type);
     auto *cxxRecordDecl = Self::tryFindDeclForType(type);
     if (!cxxRecordDecl || !cxxRecordDecl->hasDefinition()) {
       continue;
diff --git a/indexer/Indexer.cc b/indexer/Indexer.cc
@@ -729,7 +729,19 @@ void TuIndexer::saveTagDecl(const clang::TagDecl &tagDecl) {
     stack.push_back(cxxRecordDecl);
   }
 
+  size_t iterations = 0;
   while (!stack.empty()) {
+    iterations++;
+    if (iterations > 10'000) {
+      spdlog::warn(
+          "visited over 10000 types in inheritance hierarchy for type '{}' at "
+          "'{}'",
+          startDecl->getQualifiedNameAsString(),
+          debug::formatLoc(this->sourceManager, startDecl->getLocation()));
+      spdlog::info("this is likely a scip-clang bug; please report it at "
+                   "https://github.com/sourcegraph/scip-clang/issues");
+      break;
+    }
     auto *cxxRecordDecl = stack.back();
     stack.pop_back();
     if (!cxxRecordDecl || seen.contains(cxxRecordDecl)) {
