Clang front-end segmentation fault

[zmochi]

Clang front-end crashes with a segmentation fault while processing C code.

The offending line is a C23 constexpr very similar to the minimal example I attempted to write below.

I tried to reduce the preprocessed files with creduce and creduce-clang-crash.py as suggested in how to submit a bug but the script did not emit the listed files (I did notice the repository is deprecated but worth a shot). This is the output of the script. It seems like creduce itself crashed but I'm not sure.

Output of clang command causing the crash:
clang-crash-output.txt
Crash report:
clang-19-2024-10-16-130218.ips.txt
Preprocessed source:
freelist_tests-4bf7f5.c.txt
Run script:
freelist_tests-4bf7f5.sh.txt

The actual source files are:
freelist.c.txt
freelist_tests.c.txt
freelist.h.txt

I tried to reproduce a minimal example with the following input which did not crash:

#define min(a, b) ((a) < (b) ? (a) : (b))

struct min_st {
    int a;
};

void foo(struct min_st *st) {
     constexpr int bad_constexpr = min(10, st->a);
}

[tbaederr]

The initializer of the constexpr variable is invalid and later using the variable as an array index causes the assertion failure: https://godbolt.org/z/fG84TTxqx

void *freelist_thread(void *arg) {
    constexpr int    num_elem_allocated = 1/0;    
    void            *allocated_elems[num_elem_allocated];
}

IIRC we had a case similar to this before but I don't know what bug number that would be. @Fznamznon?

[llvmbot]

@llvm/issue-subscribers-clang-frontend

Author: Orian (zmochi)

Clang front-end crashes with a segmentation fault while processing C code.

The offending line is a C23 constexpr very similar to the minimal example I attempted to write below.

I tried to reduce the preprocessed files with creduce and creduce-clang-crash.py as suggested in how to submit a bug but the script did not emit the listed files (I did notice the repository is deprecated but worth a shot). This is the output of the script. It seems like creduce itself crashed but I'm not sure.

Output of clang command causing the crash:
clang-crash-output.txt
Crash report:
clang-19-2024-10-16-130218.ips.txt
Preprocessed source:
freelist_tests-4bf7f5.c.txt
Run script:
freelist_tests-4bf7f5.sh.txt

The actual source files are:
freelist.c.txt
freelist_tests.c.txt
freelist.h.txt

I tried to reproduce a minimal example with the following input which did not crash:

#define min(a, b) ((a) < (b) ? (a) : (b))

struct min_st {
    int a;
};

void foo(struct min_st *st) {
     constexpr int bad_constexpr = min(10, st->a);
}

[Fznamznon]

IIRC we had a case similar to this before but I don't know what bug number that would be. @Fznamznon?

Do you mean #109095 ? It is a bit different but I suppose the reason might be the same.

[DimitryAndric]

Further minimized I get:

// clang -cc1 -triple arm64-- -S -std=c23 freelist_tests-min.c
struct freelist {
  int array_len;
};
void __assert_rtn() {
  struct freelist *list = 0;
  constexpr int num_elem_allocated = list->array_len;
  void *allocated_elems[num_elem_allocated];
  for (int i = 1;;
       __builtin_expect(allocated_elems[i] != 0, 1) ? __assert_rtn() : 1)
    ;
}

And the stack trace:

Assertion failed: (Result && "Could not evaluate expression"), function EvaluateKnownConstIntCheckOverflow, file /home/dim/src/llvm/llvm-project/clang/lib/AST/ExprConstant.cpp, line 16727.
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.      Program arguments: /home/dim/ins/llvmorg-20-init-08299-g6636f326150/bin/clang -cc1 -triple arm64-- -S -std=c23 freelist_tests-min.c
1.      freelist_tests-min.c:8:44: current parser token ';'
2.      freelist_tests-min.c:5:21: parsing function body '__assert_rtn'
3.      freelist_tests-min.c:5:21: in compound statement ('{}')
 #0 0x0000000004685058 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/home/dim/ins/llvmorg-20-init-08299-g6636f326150/bin/clang+0x4685058)
 #1 0x0000000004682e39 llvm::sys::RunSignalHandlers() (/home/dim/ins/llvmorg-20-init-08299-g6636f326150/bin/clang+0x4682e39)
 #2 0x000000000468581e SignalHandler(int) Signals.cpp:0:0
 #3 0x000000082b5824af handle_signal /usr/src/lib/libthr/thread/thr_sig.c:0:3
 #4 0x000000082b581a6b thr_sighandler /usr/src/lib/libthr/thread/thr_sig.c:245:1
 #5 0x000000082986b2d3 ([vdso]+0x2d3)
 #6 0x000000082f5b5a0a __sys_thr_kill /usr/obj/usr/src/lib/libc/thr_kill.S:4:0
 #7 0x000000082f52f1e4 _raise /usr/src/lib/libc/gen/raise.c:0:10
 #8 0x000000082f5dfbc9 abort /usr/src/lib/libc/stdlib/abort.c:71:17
 #9 0x000000082f512551 (/lib/libc.so.7+0x93551)
#10 0x000000000741ba9c clang::Expr::EvaluateKnownConstIntCheckOverflow(clang::ASTContext const&, llvm::SmallVectorImpl<std::__1::pair<clang::SourceLocation, clang::PartialDiagnostic>>*) const (/home/dim/ins/llvmorg-20-init-08299-g6636f326150/bin/clang+0x741ba9c)
#11 0x00000000067e3473 clang::Sema::VerifyIntegerConstantExpression(clang::Expr*, llvm::APSInt*, clang::Sema::VerifyICEDiagnoser&, clang::Sema::AllowFoldKind) (/home/dim/ins/llvmorg-20-init-08299-g6636f326150/bin/clang+0x67e3473)
#12 0x0000000006f5a3d0 checkArraySize(clang::Sema&, clang::Expr*&, llvm::APSInt&, unsigned int, bool) SemaType.cpp:0:0
#13 0x0000000006f599b3 clang::Sema::BuildArrayType(clang::QualType, clang::ArraySizeModifier, clang::Expr*, unsigned int, clang::SourceRange, clang::DeclarationName) (/home/dim/ins/llvmorg-20-init-08299-g6636f326150/bin/clang+0x6f599b3)
#14 0x0000000006f60333 GetFullTypeForDeclarator((anonymous namespace)::TypeProcessingState&, clang::QualType, clang::TypeSourceInfo*) SemaType.cpp:0:0
#15 0x0000000006f5cfb2 clang::Sema::GetTypeForDeclarator(clang::Declarator&) (/home/dim/ins/llvmorg-20-init-08299-g6636f326150/bin/clang+0x6f5cfb2)
#16 0x0000000006597c05 clang::Sema::HandleDeclarator(clang::Scope*, clang::Declarator&, llvm::MutableArrayRef<clang::TemplateParameterList*>) (/home/dim/ins/llvmorg-20-init-08299-g6636f326150/bin/clang+0x6597c05)
#17 0x00000000065977f9 clang::Sema::ActOnDeclarator(clang::Scope*, clang::Declarator&) (/home/dim/ins/llvmorg-20-init-08299-g6636f326150/bin/clang+0x65977f9)
#18 0x000000000630d153 clang::Parser::ParseDeclarationAfterDeclaratorAndAttributes(clang::Declarator&, clang::Parser::ParsedTemplateInfo const&, clang::Parser::ForRangeInit*) (/home/dim/ins/llvmorg-20-init-08299-g6636f326150/bin/clang+0x630d153)
#19 0x000000000630b3ea clang::Parser::ParseDeclGroup(clang::ParsingDeclSpec&, clang::DeclaratorContext, clang::ParsedAttributes&, clang::Parser::ParsedTemplateInfo&, clang::SourceLocation*, clang::Parser::ForRangeInit*) (/home/dim/ins/llvmorg-20-init-08299-g6636f326150/bin/clang+0x630b3ea)
#20 0x000000000630a5ce clang::Parser::ParseSimpleDeclaration(clang::DeclaratorContext, clang::SourceLocation&, clang::ParsedAttributes&, clang::ParsedAttributes&, bool, clang::Parser::ForRangeInit*, clang::SourceLocation*) (/home/dim/ins/llvmorg-20-init-08299-g6636f326150/bin/clang+0x630a5ce)
#21 0x0000000006309ed8 clang::Parser::ParseDeclaration(clang::DeclaratorContext, clang::SourceLocation&, clang::ParsedAttributes&, clang::ParsedAttributes&, clang::SourceLocation*) (/home/dim/ins/llvmorg-20-init-08299-g6636f326150/bin/clang+0x6309ed8)
#22 0x0000000006347a73 clang::Parser::ParseStatementOrDeclarationAfterAttributes(llvm::SmallVector<clang::Stmt*, 32u>&, clang::Parser::ParsedStmtContext, clang::SourceLocation*, clang::ParsedAttributes&, clang::ParsedAttributes&) (/home/dim/ins/llvmorg-20-init-08299-g6636f326150/bin/clang+0x6347a73)
#23 0x0000000006345bec clang::Parser::ParseStatementOrDeclaration(llvm::SmallVector<clang::Stmt*, 32u>&, clang::Parser::ParsedStmtContext, clang::SourceLocation*) (/home/dim/ins/llvmorg-20-init-08299-g6636f326150/bin/clang+0x6345bec)
#24 0x000000000634f3d0 clang::Parser::ParseCompoundStatementBody(bool) (/home/dim/ins/llvmorg-20-init-08299-g6636f326150/bin/clang+0x634f3d0)
#25 0x0000000006350251 clang::Parser::ParseFunctionStatementBody(clang::Decl*, clang::Parser::ParseScope&) (/home/dim/ins/llvmorg-20-init-08299-g6636f326150/bin/clang+0x6350251)
#26 0x00000000062a76a6 clang::Parser::ParseFunctionDefinition(clang::ParsingDeclarator&, clang::Parser::ParsedTemplateInfo const&, clang::Parser::LateParsedAttrList*) (/home/dim/ins/llvmorg-20-init-08299-g6636f326150/bin/clang+0x62a76a6)
#27 0x000000000630c58c clang::Parser::ParseDeclGroup(clang::ParsingDeclSpec&, clang::DeclaratorContext, clang::ParsedAttributes&, clang::Parser::ParsedTemplateInfo&, clang::SourceLocation*, clang::Parser::ForRangeInit*) (/home/dim/ins/llvmorg-20-init-08299-g6636f326150/bin/clang+0x630c58c)
#28 0x00000000062a6644 clang::Parser::ParseDeclOrFunctionDefInternal(clang::ParsedAttributes&, clang::ParsedAttributes&, clang::ParsingDeclSpec&, clang::AccessSpecifier) (/home/dim/ins/llvmorg-20-init-08299-g6636f326150/bin/clang+0x62a6644)
#29 0x00000000062a5e5b clang::Parser::ParseDeclarationOrFunctionDefinition(clang::ParsedAttributes&, clang::ParsedAttributes&, clang::ParsingDeclSpec*, clang::AccessSpecifier) (/home/dim/ins/llvmorg-20-init-08299-g6636f326150/bin/clang+0x62a5e5b)
#30 0x00000000062a4df6 clang::Parser::ParseExternalDeclaration(clang::ParsedAttributes&, clang::ParsedAttributes&, clang::ParsingDeclSpec*) (/home/dim/ins/llvmorg-20-init-08299-g6636f326150/bin/clang+0x62a4df6)
#31 0x00000000062a33c7 clang::Parser::ParseTopLevelDecl(clang::OpaquePtr<clang::DeclGroupRef>&, clang::Sema::ModuleImportState&) (/home/dim/ins/llvmorg-20-init-08299-g6636f326150/bin/clang+0x62a33c7)
#32 0x000000000629f46e clang::ParseAST(clang::Sema&, bool, bool) (/home/dim/ins/llvmorg-20-init-08299-g6636f326150/bin/clang+0x629f46e)
#33 0x000000000527c073 clang::FrontendAction::Execute() (/home/dim/ins/llvmorg-20-init-08299-g6636f326150/bin/clang+0x527c073)
#34 0x00000000052083dd clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/home/dim/ins/llvmorg-20-init-08299-g6636f326150/bin/clang+0x52083dd)
#35 0x0000000005357e3e clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/home/dim/ins/llvmorg-20-init-08299-g6636f326150/bin/clang+0x5357e3e)
#36 0x0000000002a18154 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/home/dim/ins/llvmorg-20-init-08299-g6636f326150/bin/clang+0x2a18154)
#37 0x0000000002a14cd5 ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&, llvm::ToolContext const&) driver.cpp:0:0
#38 0x0000000002a13fb4 clang_main(int, char**, llvm::ToolContext const&) (/home/dim/ins/llvmorg-20-init-08299-g6636f326150/bin/clang+0x2a13fb4)
Abort trap

[shafik]

Looks like a clang-19 regression: https://godbolt.org/z/os59PbPPY

CC @AaronBallman

[Fznamznon]

I confirm that the simple solution I described by #109095 (comment) works for this case too, so it is basically the same problem. Should I put it to review since this is now considered as a regression?

[AaronBallman]

Yeah, it would be nice to try to get this into 19.x as well, if the fix is sufficiently straightforward