<html>

    <head>

      <base href="https://llvm.org/bugs/" />

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW --- - clang's -ast-dump segfaults on objc_bridge_related attribute with missing optional argument"

   href="https://llvm.org/bugs/show_bug.cgi?id=24790">24790</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>clang's -ast-dump segfaults on objc_bridge_related attribute with missing optional argument

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>clang

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>3.6

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>Macintosh

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>MacOS X

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>-New Bugs

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedclangbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>GW@neurosynthase.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>llvm-bugs@lists.llvm.org

          </td>

        </tr>

        <tr>

          <th>Classification</th>

          <td>Unclassified

          </td>

        </tr></table>

      <p>

        <div>

        <pre>I encountered this using the -ast-dump feature of Apple's clang 6.1.0, and get

the following behavior:

pythagoras:dev gwashington$

/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang

-cc1 -E -v -ast-dump -x objective-c <(echo "typedef struct

__attribute__((objc_bridge_related(NSColor,,))) CGColor *CGColorRef;")

clang -cc1 version 6.1.0 based upon LLVM 3.6.0svn default target

x86_64-apple-darwin14.5.0

ignoring nonexistent directory "/usr/local/include"

ignoring nonexistent directory "/usr/include"

#include "..." search starts here:

#include <...> search starts here:

/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/6.1.0/include

/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/include

 /System/Library/Frameworks (framework directory)

 /Library/Frameworks (framework directory)

End of search list.

TranslationUnitDecl 0x10302d4c0 <<invalid sloc>> <invalid sloc>

|-TypedefDecl 0x10302d9c0 <<invalid sloc>> <invalid sloc> implicit __int128_t

'__int128'

|-TypedefDecl 0x10302da20 <<invalid sloc>> <invalid sloc> implicit __uint128_t

'unsigned __int128'

|-TypedefDecl 0x10302dab0 <<invalid sloc>> <invalid sloc> implicit SEL 'SEL *'

|-TypedefDecl 0x10302db80 <<invalid sloc>> <invalid sloc> implicit id 'id'

|-TypedefDecl 0x10302dc50 <<invalid sloc>> <invalid sloc> implicit Class

'Class'

|-ObjCInterfaceDecl 0x10302dca0 <<invalid sloc>> <invalid sloc> implicit

Protocol

|-TypedefDecl 0x10302e040 <<invalid sloc>> <invalid sloc> implicit

__builtin_va_list '__va_list_tag [1]'

|-RecordDecl 0x10302e0a0 </dev/fd/63:1:9, col:64> col:64 struct CGColor

| `-ObjCBridgeRelatedAttr 0x10302e140 <col:31, col:60> NSColor Stack dump:

0.                        Program arguments:

/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang

-cc1 -E -v -ast-dump -x objective-c /dev/fd/63

1.                        <eof> parser at end of file

Segmentation fault: 11

I believe the problem stems from ObjCBridgeRelatedAttr using null pointers if

its optional arguments aren't given, as in

clang/lib/Parse/ParseDecl.cpp:1068:

    IdentifierLoc *ClassMethod = nullptr;

ASTDumper dumps the arguments of the attribute ultimately using code generated

by EmitClangAttrDump, specifically with a call to

clang/utils/TableGen/ClangAttrEmitter.cpp:2770:

    for (const auto *Arg : Args)

        createArgument(*Arg, R.getName())->writeDump(OS);

which evaluates to

clang/utils/TableGen/ClangAttrEmitter.cpp:273:

    void writeDump(raw_ostream &OS) const override {

    ... (4 lines omitted)

        OS << "    OS << \" \" << SA->get" << getUpperName()

           << "()->getName();\n";

I believe the ->getName() call generated above is what dereferences the

nullptr, causing the segfault. I haven't built clang@master myself to verify

any of this, so I apologize in advance if my analysis is flawed.

I encountered this while attempting to get an AST dump for the latest

CoreText/CTParagraphStyle.h in the iOS 9 sdk if any apple folk care :)</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>