<html>

    <head>

      <base href="https://bugs.llvm.org/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - LLDB crashes on expression evaluation"

   href="https://bugs.llvm.org/show_bug.cgi?id=52449">52449</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>LLDB crashes on expression evaluation

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>lldb

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>13.0

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>enhancement

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>All Bugs

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>lldb-dev@lists.llvm.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>weratt@gmail.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>jdevlieghere@apple.com, llvm-bugs@lists.llvm.org, teemperor@gmail.com

          </td>

        </tr></table>

      <p>

        <div>

        <pre>The following code reliably crashes LLDB (built in Debug to trigger the

assertion):

```

<span class="quote">> cat main.cc</span >

struct Foo { static int Bar; };

int Foo::Bar = 10;

int main() { return 0; }

<span class="quote">> lldb ./main -o "p (int*)100 + (long long)(&Foo::Bar)"</span >

Assertion failed: isa<X>(Val) && "cast<Ty>() argument of incompatible type!",

file D:\src\llvm-project\build_x64_debug\include\llvm/Support/Casting.h, line

269

PLEASE submit a bug report to <a href="https://bugs.llvm.org/">https://bugs.llvm.org/</a> and include the crash

backtrace.

Stack dump:

0.      Program arguments: D:\src\llvm-project\build_x64_debug\bin\lldb.exe

.\bug.exe -o p (int*)100 + (long long)(&Foo::Bar)

 #0 0x00007ff76373ebfc HandleAbort

D:\src\llvm-project\llvm\lib\Support\Windows\Signals.inc:408:0

 #1 0x00007ffd8352bc31 (C:\Windows\SYSTEM32\ucrtbased.dll+0x6bc31)

 #2 0x00007ffd8352d889 (C:\Windows\SYSTEM32\ucrtbased.dll+0x6d889)

 #3 0x00007ffd835334b5 (C:\Windows\SYSTEM32\ucrtbased.dll+0x734b5)

 #4 0x00007ffd83533027 (C:\Windows\SYSTEM32\ucrtbased.dll+0x73027)

 #5 0x00007ffd83531091 (C:\Windows\SYSTEM32\ucrtbased.dll+0x71091)

 #6 0x00007ffd83533a1f (C:\Windows\SYSTEM32\ucrtbased.dll+0x73a1f)

 #7 0x00007ffd27957cf1 llvm::cast<class llvm::ConstantInt, class

llvm::Value>(class llvm::Value *)

D:\src\llvm-project\build_x64_debug\include\llvm\Support\Casting.h:269:0

 #8 0x00007ffd2d42dbe0 llvm::DataLayout::getIndexedOffsetInType(class

llvm::Type *, class llvm::ArrayRef<class llvm::Value *>) const

D:\src\llvm-project\llvm\lib\IR\DataLayout.cpp:846:0

 #9 0x00007ffd261b2d89 InterpreterStackFrame::ResolveConstantValue(class

llvm::APInt &, class llvm::Constant const *)

D:\src\llvm-project\lldb\source\Expression\IRInterpreter.cpp:289:0

#10 0x00007ffd2da23416 InterpreterStackFrame::ResolveConstant(unsigned __int64,

class llvm::Constant const *)

D:\src\llvm-project\lldb\source\Expression\IRInterpreter.cpp:345:0

#11 0x00007ffd2da23e64 InterpreterStackFrame::ResolveValue(class llvm::Value

const *, class llvm::Module &)

D:\src\llvm-project\lldb\source\Expression\IRInterpreter.cpp:422:0

#12 0x00007ffd2da1c439 IRInterpreter::Interpret(class llvm::Module &, class

llvm::Function &, class llvm::ArrayRef<unsigned __int64>, class

lldb_private::IRExecutionUnit &, class lldb_private::Status &, unsigned

__int64, unsigned __int64, class lldb_private::ExecutionContext &)

D:\src\llvm-project\lldb\source\Expression\IRInterpreter.cpp:1276:0

#13 0x00007ffd2da030e8 lldb_private::LLVMUserExpression::DoExecute(class

lldb_private::DiagnosticManager &, class lldb_private::ExecutionContext &,

class lldb_private::EvaluateExpressionOptions const &, class

std::shared_ptr<class lldb_private::UserExpression> &, class

std::shared_ptr<class lldb_private::ExpressionVariable> &)

D:\src\llvm-project\lldb\source\Expression\LLVMUserExpression.cpp:123:0

#14 0x00007ffd26cb5ad4 lldb_private::UserExpression::Execute(class

lldb_private::DiagnosticManager &, class lldb_private::ExecutionContext &,

class lldb_private::EvaluateExpressionOptions const &, class

std::shared_ptr<class lldb_private::UserExpression> &, class

std::shared_ptr<class lldb_private::ExpressionVariable> &)

D:\src\llvm-project\lldb\source\Expression\UserExpression.cpp:397:0

#15 0x00007ffd26cb6e16 lldb_private::UserExpression::Evaluate(class

lldb_private::ExecutionContext &, class lldb_private::EvaluateExpressionOptions

const &, class llvm::StringRef, class llvm::StringRef, class

std::shared_ptr<class lldb_private::ValueObject> &, class lldb_private::Status

&, class std::basic_string<char, struct std::char_traits<char>, class

std::allocator<char>> *, class lldb_private::ValueObject *)

D:\src\llvm-project\lldb\source\Expression\UserExpression.cpp:344:0

#16 0x00007ffd26eb1537 lldb_private::Target::EvaluateExpression(class

llvm::StringRef, class lldb_private::ExecutionContextScope *, class

std::shared_ptr<class lldb_private::ValueObject> &, class

lldb_private::EvaluateExpressionOptions const &, class std::basic_string<char,

struct std::char_traits<char>, class std::allocator<char>> *, class

lldb_private::ValueObject *)

D:\src\llvm-project\lldb\source\Target\Target.cpp:2416:0

#17 0x00007ffd28779104

lldb_private::CommandObjectExpression::EvaluateExpression(class

llvm::StringRef, class lldb_private::Stream &, class lldb_private::Stream &,

class lldb_private::CommandReturnObject &)

D:\src\llvm-project\lldb\source\Commands\CommandObjectExpression.cpp:424:0

#18 0x00007ffd28778aa6 lldb_private::CommandObjectExpression::DoExecute(class

llvm::StringRef, class lldb_private::CommandReturnObject &)

D:\src\llvm-project\lldb\source\Commands\CommandObjectExpression.cpp:653:0

#19 0x00007ffd26d2c271 lldb_private::CommandObjectRaw::Execute(char const *,

class lldb_private::CommandReturnObject &)

D:\src\llvm-project\lldb\source\Interpreter\CommandObject.cpp:1015:0

#20 0x00007ffd26d35a41 lldb_private::CommandInterpreter::HandleCommand(char

const *, enum lldb_private::LazyBool, class lldb_private::CommandReturnObject

&, class lldb_private::ExecutionContext *, bool, bool)

D:\src\llvm-project\lldb\source\Interpreter\CommandInterpreter.cpp:1797:0

#21 0x00007ffd26d42085

lldb_private::CommandInterpreter::IOHandlerInputComplete(class

lldb_private::IOHandler &, class std::basic_string<char, struct

std::char_traits<char>, class std::allocator<char>> &)

D:\src\llvm-project\lldb\source\Interpreter\CommandInterpreter.cpp:2800:0

#22 0x00007ffd26c450e2 lldb_private::IOHandlerEditline::Run(void)

D:\src\llvm-project\lldb\source\Core\IOHandler.cpp:559:0

#23 0x00007ffd26b3b7aa lldb_private::Debugger::RunIOHandlers(void)

D:\src\llvm-project\lldb\source\Core\Debugger.cpp:948:0

#24 0x00007ffd26d41118

lldb_private::CommandInterpreter::RunCommandInterpreter(class

lldb_private::CommandInterpreterRunOptions &)

D:\src\llvm-project\lldb\source\Interpreter\CommandInterpreter.cpp:2986:0

#25 0x00007ffd26346023 lldb::SBDebugger::RunCommandInterpreter(class

lldb::SBCommandInterpreterRunOptions const &)

D:\src\llvm-project\lldb\source\API\SBDebugger.cpp:1210:0

#26 0x00007ff7636ee638 Driver::MainLoop(void)

D:\src\llvm-project\lldb\tools\driver\Driver.cpp:543:0

#27 0x00007ff7636f10c2 main

D:\src\llvm-project\lldb\tools\driver\Driver.cpp:839:0

#28 0x00007ff763888859 invoke_main

d:\a01\_work\14\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:79:0

#29 0x00007ff76388873e __scrt_common_main_seh

d:\a01\_work\14\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288:0

#30 0x00007ff7638885fe __scrt_common_main

d:\a01\_work\14\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:331:0

#31 0x00007ff7638888ee mainCRTStartup

d:\a01\_work\14\s\src\vctools\crt\vcstartup\src\startup\exe_main.cpp:17:0

#32 0x00007ffde9f37c24 (C:\Windows\System32\KERNEL32.DLL+0x17c24)

#33 0x00007ffdeb7ad721 (C:\Windows\SYSTEM32\ntdll.dll+0x6d721)

```

(the backtrace is from Windows, but on Linux it's the same)

```

lldb version 14.0.0 (<a href="https://github.com/llvm/llvm-project.git">https://github.com/llvm/llvm-project.git</a> revision

d89490db70ebc6438db507a20ac9558e822f1453)

  clang revision d89490db70ebc6438db507a20ac9558e822f1453

  llvm revision d89490db70ebc6438db507a20ac9558e822f1453

```

Full log of LLDB's expression evaluation in Release --

<a href="https://pastebin.com/a3V9n7bU">https://pastebin.com/a3V9n7bU</a>

The problems seems to be that `InterpreterStackFrame::ResolveConstantValue`

assumes all operands of `GetElementPtr` are `ConstantInt`, which is not always

the case --

<a href="https://github.com/llvm/llvm-project/blob/baa6a851308dceca141a191847bc6e1a526eea17/lldb/source/Expression/IRInterpreter.cpp#L290">https://github.com/llvm/llvm-project/blob/baa6a851308dceca141a191847bc6e1a526eea17/lldb/source/Expression/IRInterpreter.cpp#L290</a></pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are the assignee for the bug.</li>

      </ul>

    </body>

</html>