<html>
<head>
<base href="https://llvm.org/bugs/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW " title="NEW --- - crash in clang::getCursorKindForDecl" href="https://urldefense.proofpoint.com/v2/url?u=https-3A__llvm.org_bugs_show-5Fbug.cgi-3Fid-3D24266&d=AwMBaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=pF93YEPyB-J_PERP4DUZOJDzFVX5ZQ57vQk33wu0vio&m=LIbXHyNSQzDiqrAsIbFrQZjJemIZXLu5xAYzkwyj3is&s=4Vk3CQnVVMS-XKvaO15eCg8YNAEBXvWH-HmW7qQxz9g&e=">24266</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>crash in clang::getCursorKindForDecl
</td>
</tr>
<tr>
<th>Product</th>
<td>clang
</td>
</tr>
<tr>
<th>Version</th>
<td>unspecified
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>-New Bugs
</td>
</tr>
<tr>
<th>Assignee</th>
<td>unassignedclangbugs@nondot.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>mail@milianw.de
</td>
</tr>
<tr>
<th>CC</th>
<td>llvmbugs@cs.uiuc.edu
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr></table>
<p>
<div>
<pre>Created <span class=""><a href="attachment.cgi?id=14646" name="attach_14646" title="g++ -std=c++11 visit.cpp -lclang -o visit">attachment 14646</a> <a href="attachment.cgi?id=14646&action=edit" title="g++ -std=c++11 visit.cpp -lclang -o visit">[details]</a></span>
g++ -std=c++11 visit.cpp -lclang -o visit
The attached visitor application crashes with clang/llvm compiled from current
release_37 branches, when one runs it on a file containing the following code:
extern _Atomic(int (*)(int(*))) mergetest;
this content I found in clang/test/Sema/atomic-type.c. Valgrind reports:
==4400== Thread 2:
==4400== Conditional jump or move depends on uninitialised value(s)
==4400== at 0x5640874: getNumBuckets (DenseMap.h:965)
==4400== by 0x5640874: copyFrom (DenseMap.h:833)
==4400== by 0x5640874: SmallDenseMap (DenseMap.h:722)
==4400== by 0x5640874: SharingMapTy (SemaOpenMP.cpp:88)
==4400== by 0x5640874: _Construct<(anonymous
namespace)::DSAStackTy::SharingMapTy, const (anonymous
namespace)::DSAStackTy::SharingMapTy &> (stl_construct.h:75)
==4400== by 0x5640874: __uninit_fill<(anonymous
namespace)::DSAStackTy::SharingMapTy *, (anonymous
namespace)::DSAStackTy::SharingMapTy> (stl_uninitialized.h:142)
==4400== by 0x5640874: uninitialized_fill<(anonymous
namespace)::DSAStackTy::SharingMapTy *, (anonymous
namespace)::DSAStackTy::SharingMapTy> (stl_uninitialized.h:185)
==4400== by 0x5640874: assign (SmallVector.h:445)
==4400== by 0x5640874: SmallVector (SmallVector.h:868)
==4400== by 0x5640874: DSAStackTy (SemaOpenMP.cpp:133)
==4400== by 0x5640874: clang::Sema::InitDataSharingAttributesStack()
(SemaOpenMP.cpp:647)
==4400== by 0x5311195:
clang::CompilerInstance::createSema(clang::TranslationUnitKind,
clang::CodeCompleteConsumer*) (CompilerInstance.cpp:521)
==4400== by 0x53459EC: clang::ASTFrontendAction::ExecuteAction()
(FrontendAction.cpp:534)
==4400== by 0x5345608: clang::FrontendAction::Execute()
(FrontendAction.cpp:439)
==4400== by 0x52FFAD3:
clang::ASTUnit::Parse(std::shared_ptr<clang::PCHContainerOperations>,
std::unique_ptr<llvm::MemoryBuffer, std::default_delete<llvm::MemoryBuffer> >)
(ASTUnit.cpp:1146)
==4400== by 0x530447F:
clang::ASTUnit::LoadFromCompilerInvocation(std::shared_ptr<clang::PCHContainerOperations>,
bool) (ASTUnit.cpp:1889)
==4400== by 0x5304C6D: clang::ASTUnit::LoadFromCommandLine(char const**,
char const**, std::shared_ptr<clang::PCHContainerOperations>,
llvm::IntrusiveRefCntPtr<clang::DiagnosticsEngine>, llvm::StringRef, bool,
bool, llvm::ArrayRef<std::pair<std::string, llvm::MemoryBuffer*> >, bool, bool,
clang::TranslationUnitKind, bool, bool, bool, bool, bool, bool,
std::unique_ptr<clang::ASTUnit, std::default_delete<clang::ASTUnit> >*)
(ASTUnit.cpp:2004)
==4400== by 0x5130C71: clang_parseTranslationUnit_Impl(void*)
(CIndex.cpp:3095)
==4400== by 0x5FD3B3A: operator() (STLExtras.h:88)
==4400== by 0x5FD3B3A:
llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>)
(CrashRecoveryContext.cpp:316)
==4400== by 0x5FD3C23: RunSafelyOnThread_Dispatch(void*)
(CrashRecoveryContext.cpp:364)
==4400== by 0x60093B9: ExecuteOnThread_Dispatch(void*) (Threading.cpp:40)
==4400== by 0x85E3353: start_thread (in /usr/lib/libpthread-2.21.so)
==4400== Uninitialised value was created by a stack allocation
==4400== at 0x563FEBA: clang::Sema::InitDataSharingAttributesStack()
(SemaOpenMP.cpp:646)
==4400==
mergetest
==4400== Thread 1:
==4400== Invalid read of size 4
==4400== at 0x53FA715: getKind (DeclBase.h:375)
==4400== by 0x53FA715: clang::getCursorKindForDecl(clang::Decl const*)
(SemaCodeComplete.cpp:3015)
==4400== by 0x5149C64: clang::cxcursor::MakeCXCursor(clang::Decl const*,
CXTranslationUnitImpl*, clang::SourceRange, bool) (CXCursor.cpp:78)
==4400== by 0x512ABDC:
clang::cxcursor::CursorVisitor::VisitFunctionTypeLoc(clang::FunctionTypeLoc,
bool) (CIndex.cpp:1580)
==4400== by 0x51296A1: VisitFunctionNoProtoTypeLoc (CIndex.cpp:1699)
==4400== by 0x51296A1: clang::TypeLocVisitor<clang::cxcursor::CursorVisitor,
bool>::Visit(clang::TypeLoc) (TypeNodes.def:80)
==4400== by 0x51298EB: VisitAtomicTypeLoc (CIndex.cpp:1682)
==4400== by 0x51298EB: clang::TypeLocVisitor<clang::cxcursor::CursorVisitor,
bool>::Visit(clang::TypeLoc) (TypeNodes.def:107)
==4400== by 0x51298EB: VisitAtomicTypeLoc (CIndex.cpp:1682)
==4400== by 0x51298EB: clang::TypeLocVisitor<clang::cxcursor::CursorVisitor,
bool>::Visit(clang::TypeLoc) (TypeNodes.def:107)
==4400== by 0x51298EB: VisitAtomicTypeLoc (CIndex.cpp:1682)
==4400== by 0x51298EB: clang::TypeLocVisitor<clang::cxcursor::CursorVisitor,
bool>::Visit(clang::TypeLoc) (TypeNodes.def:107)
==4400== by 0x512A2FB:
clang::cxcursor::CursorVisitor::VisitDeclaratorDecl(clang::DeclaratorDecl*)
(CIndex.cpp:763)
==4400== by 0x512AC71:
clang::cxcursor::CursorVisitor::VisitVarDecl(clang::VarDecl*) (CIndex.cpp:872)
==4400== by 0x5128BC5:
clang::declvisitor::Base<clang::declvisitor::make_ptr,
clang::cxcursor::CursorVisitor, bool>::Visit(clang::Decl*) (DeclNodes.inc:403)
==4400== by 0x5127A51:
clang::cxcursor::CursorVisitor::VisitChildren(CXCursor) (CIndex.cpp:501)
==4400== by 0x51273FA: clang::cxcursor::CursorVisitor::Visit(CXCursor, bool)
(CIndex.cpp:220)
==4400== Address 0x8b0c4480000003b is not stack'd, malloc'd or (recently)
free'd
GDB backtrace is:
Program received signal SIGSEGV, Segmentation fault.
clang::getCursorKindForDecl (D=0xec0344c80000001f) at
/home/milian/projects/src/clang/lib/Sema/SemaCodeComplete.cpp:3015
3015 switch (D->getKind()) {
(gdb) bt
#0 clang::getCursorKindForDecl (D=0xec0344c80000001f) at
/home/milian/projects/src/clang/lib/Sema/SemaCodeComplete.cpp:3015
#1 0x00007ffff5bf7c65 in clang::cxcursor::MakeCXCursor (D=0xec0344c80000001f,
TU=0x7fffec000e20, RegionOfInterest=..., FirstInDeclGroup=true) at
/home/milian/projects/src/clang/tools/libclang/CXCursor.cpp:78
#2 0x00007ffff5bd8bdd in clang::cxcursor::CursorVisitor::VisitFunctionTypeLoc
(this=0x7fffffffc6e8, TL=..., SkipResultType=<optimized out>) at
/home/milian/projects/src/clang/tools/libclang/CIndex.cpp:1580
#3 0x00007ffff5bd76a2 in VisitFunctionNoProtoTypeLoc (this=0x7fffffffc6e8,
TL=...) at /home/milian/projects/src/clang/tools/libclang/CIndex.cpp:1699
#4 clang::TypeLocVisitor<clang::cxcursor::CursorVisitor, bool>::Visit
(this=0x7fffffffc6e8, TyLoc=...) at
/home/milian/projects/src/clang/include/clang/AST/TypeNodes.def:80
#5 0x00007ffff5bd78ec in VisitAtomicTypeLoc (this=<optimized out>, TL=...) at
/home/milian/projects/src/clang/tools/libclang/CIndex.cpp:1682
#6 clang::TypeLocVisitor<clang::cxcursor::CursorVisitor, bool>::Visit
(this=<optimized out>, TyLoc=...) at
/home/milian/projects/src/clang/include/clang/AST/TypeNodes.def:107
#7 0x00007ffff5bd78ec in VisitAtomicTypeLoc (this=<optimized out>, TL=...) at
/home/milian/projects/src/clang/tools/libclang/CIndex.cpp:1682
#8 clang::TypeLocVisitor<clang::cxcursor::CursorVisitor, bool>::Visit
(this=<optimized out>, TyLoc=...) at
/home/milian/projects/src/clang/include/clang/AST/TypeNodes.def:107
#9 0x00007ffff5bd78ec in VisitAtomicTypeLoc (this=<optimized out>, TL=...) at
/home/milian/projects/src/clang/tools/libclang/CIndex.cpp:1682
#10 clang::TypeLocVisitor<clang::cxcursor::CursorVisitor, bool>::Visit
(this=<optimized out>, TyLoc=...) at
/home/milian/projects/src/clang/include/clang/AST/TypeNodes.def:107
#11 0x00007ffff5bd82fc in clang::cxcursor::CursorVisitor::VisitDeclaratorDecl
(this=0x7fffffffc6e8, DD=0x7fffec034708) at
/home/milian/projects/src/clang/tools/libclang/CIndex.cpp:763
#12 0x00007ffff5bd8c72 in clang::cxcursor::CursorVisitor::VisitVarDecl
(this=0x7fffffffc6e8, D=0x7fffec034708) at
/home/milian/projects/src/clang/tools/libclang/CIndex.cpp:872
#13 0x00007ffff5bd6bc6 in
clang::declvisitor::Base<clang::declvisitor::make_ptr,
clang::cxcursor::CursorVisitor, bool>::Visit (this=0x7fffffffc6e8,
D=0x7fffec034708)
at /home/milian/projects/build/clang/include/clang/AST/DeclNodes.inc:403
#14 0x00007ffff5bd5a52 in clang::cxcursor::CursorVisitor::VisitChildren
(this=0x7fffffffc6e8, Cursor=...) at
/home/milian/projects/src/clang/tools/libclang/CIndex.cpp:501
#15 0x00007ffff5bd53fb in clang::cxcursor::CursorVisitor::Visit
(this=0x7fffffffc6e8, Cursor=..., CheckedRegionOfInterest=<optimized out>) at
/home/milian/projects/src/clang/tools/libclang/CIndex.cpp:220
#16 0x00007ffff5bd7585 in clang::cxcursor::CursorVisitor::VisitDeclContext
(this=0x7fffffffc6e8, DC=0x7fffec033b20) at
/home/milian/projects/src/clang/tools/libclang/CIndex.cpp:658
#17 0x00007ffff5bd5e8f in clang::cxcursor::CursorVisitor::VisitChildren
(this=0x7fffffffc6e8, Cursor=...) at
/home/milian/projects/src/clang/tools/libclang/CIndex.cpp:533
#18 0x00007ffff5be04a5 in clang_visitChildren (parent=..., visitor=0x4008f6
<visitCursor(CXCursor, CXCursor, void*)>, client_data=0x0) at
/home/milian/projects/src/clang/tools/libclang/CIndex.cpp:3561
#19 0x00000000004009ec in main ()</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>