<html>
    <head>
      <base href="https://bugs.llvm.org/">
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - LLDB crashes on expression evaluation"
   href="https://bugs.llvm.org/show_bug.cgi?id=52449">52449</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>LLDB crashes on expression evaluation
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>lldb
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>13.0
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>PC
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>Linux
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>enhancement
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>All Bugs
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>lldb-dev@lists.llvm.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>weratt@gmail.com
          </td>
        </tr>

        <tr>
          <th>CC</th>
          <td>jdevlieghere@apple.com, llvm-bugs@lists.llvm.org, teemperor@gmail.com
          </td>
        </tr></table>
      <p>
        <div>
        <pre>The following code reliably crashes LLDB (built in Debug to trigger the
assertion):

```
<span class="quote">> cat main.cc</span >
struct Foo { static int Bar; };
int Foo::Bar = 10;

int main() { return 0; }

<span class="quote">> lldb ./main -o "p (int*)100 + (long long)(&Foo::Bar)"</span >

Assertion failed: isa<X>(Val) && "cast<Ty>() argument of incompatible type!",
file D:\src\llvm-project\build_x64_debug\include\llvm/Support/Casting.h, line
269
PLEASE submit a bug report to <a href="https://bugs.llvm.org/">https://bugs.llvm.org/</a> and include the crash
backtrace.
Stack dump:
0.      Program arguments: D:\src\llvm-project\build_x64_debug\bin\lldb.exe
.\bug.exe -o p (int*)100 + (long long)(&Foo::Bar)
 #0 0x00007ff76373ebfc HandleAbort
D:\src\llvm-project\llvm\lib\Support\Windows\Signals.inc:408:0
 #1 0x00007ffd8352bc31 (C:\Windows\SYSTEM32\ucrtbased.dll+0x6bc31)
 #2 0x00007ffd8352d889 (C:\Windows\SYSTEM32\ucrtbased.dll+0x6d889)
 #3 0x00007ffd835334b5 (C:\Windows\SYSTEM32\ucrtbased.dll+0x734b5)
 #4 0x00007ffd83533027 (C:\Windows\SYSTEM32\ucrtbased.dll+0x73027)
 #5 0x00007ffd83531091 (C:\Windows\SYSTEM32\ucrtbased.dll+0x71091)
 #6 0x00007ffd83533a1f (C:\Windows\SYSTEM32\ucrtbased.dll+0x73a1f)
 #7 0x00007ffd27957cf1 llvm::cast<class llvm::ConstantInt, class
llvm::Value>(class llvm::Value *)
D:\src\llvm-project\build_x64_debug\include\llvm\Support\Casting.h:269:0
 #8 0x00007ffd2d42dbe0 llvm::DataLayout::getIndexedOffsetInType(class
llvm::Type *, class llvm::ArrayRef<class llvm::Value *>) const
D:\src\llvm-project\llvm\lib\IR\DataLayout.cpp:846:0
 #9 0x00007ffd261b2d89 InterpreterStackFrame::ResolveConstantValue(class
llvm::APInt &, class llvm::Constant const *)
D:\src\llvm-project\lldb\source\Expression\IRInterpreter.cpp:289:0
#10 0x00007ffd2da23416 InterpreterStackFrame::ResolveConstant(unsigned __int64,
class llvm::Constant const *)
D:\src\llvm-project\lldb\source\Expression\IRInterpreter.cpp:345:0
#11 0x00007ffd2da23e64 InterpreterStackFrame::ResolveValue(class llvm::Value
const *, class llvm::Module &)
D:\src\llvm-project\lldb\source\Expression\IRInterpreter.cpp:422:0
#12 0x00007ffd2da1c439 IRInterpreter::Interpret(class llvm::Module &, class
llvm::Function &, class llvm::ArrayRef<unsigned __int64>, class
lldb_private::IRExecutionUnit &, class lldb_private::Status &, unsigned
__int64, unsigned __int64, class lldb_private::ExecutionContext &)
D:\src\llvm-project\lldb\source\Expression\IRInterpreter.cpp:1276:0
#13 0x00007ffd2da030e8 lldb_private::LLVMUserExpression::DoExecute(class
lldb_private::DiagnosticManager &, class lldb_private::ExecutionContext &,
class lldb_private::EvaluateExpressionOptions const &, class
std::shared_ptr<class lldb_private::UserExpression> &, class
std::shared_ptr<class lldb_private::ExpressionVariable> &)
D:\src\llvm-project\lldb\source\Expression\LLVMUserExpression.cpp:123:0
#14 0x00007ffd26cb5ad4 lldb_private::UserExpression::Execute(class
lldb_private::DiagnosticManager &, class lldb_private::ExecutionContext &,
class lldb_private::EvaluateExpressionOptions const &, class
std::shared_ptr<class lldb_private::UserExpression> &, class
std::shared_ptr<class lldb_private::ExpressionVariable> &)
D:\src\llvm-project\lldb\source\Expression\UserExpression.cpp:397:0
#15 0x00007ffd26cb6e16 lldb_private::UserExpression::Evaluate(class
lldb_private::ExecutionContext &, class lldb_private::EvaluateExpressionOptions
const &, class llvm::StringRef, class llvm::StringRef, class
std::shared_ptr<class lldb_private::ValueObject> &, class lldb_private::Status
&, class std::basic_string<char, struct std::char_traits<char>, class
std::allocator<char>> *, class lldb_private::ValueObject *)
D:\src\llvm-project\lldb\source\Expression\UserExpression.cpp:344:0
#16 0x00007ffd26eb1537 lldb_private::Target::EvaluateExpression(class
llvm::StringRef, class lldb_private::ExecutionContextScope *, class
std::shared_ptr<class lldb_private::ValueObject> &, class
lldb_private::EvaluateExpressionOptions const &, class std::basic_string<char,
struct std::char_traits<char>, class std::allocator<char>> *, class
lldb_private::ValueObject *)
D:\src\llvm-project\lldb\source\Target\Target.cpp:2416:0
#17 0x00007ffd28779104
lldb_private::CommandObjectExpression::EvaluateExpression(class
llvm::StringRef, class lldb_private::Stream &, class lldb_private::Stream &,
class lldb_private::CommandReturnObject &)
D:\src\llvm-project\lldb\source\Commands\CommandObjectExpression.cpp:424:0
#18 0x00007ffd28778aa6 lldb_private::CommandObjectExpression::DoExecute(class
llvm::StringRef, class lldb_private::CommandReturnObject &)
D:\src\llvm-project\lldb\source\Commands\CommandObjectExpression.cpp:653:0
#19 0x00007ffd26d2c271 lldb_private::CommandObjectRaw::Execute(char const *,
class lldb_private::CommandReturnObject &)
D:\src\llvm-project\lldb\source\Interpreter\CommandObject.cpp:1015:0
#20 0x00007ffd26d35a41 lldb_private::CommandInterpreter::HandleCommand(char
const *, enum lldb_private::LazyBool, class lldb_private::CommandReturnObject
&, class lldb_private::ExecutionContext *, bool, bool)
D:\src\llvm-project\lldb\source\Interpreter\CommandInterpreter.cpp:1797:0
#21 0x00007ffd26d42085
lldb_private::CommandInterpreter::IOHandlerInputComplete(class
lldb_private::IOHandler &, class std::basic_string<char, struct
std::char_traits<char>, class std::allocator<char>> &)
D:\src\llvm-project\lldb\source\Interpreter\CommandInterpreter.cpp:2800:0
#22 0x00007ffd26c450e2 lldb_private::IOHandlerEditline::Run(void)
D:\src\llvm-project\lldb\source\Core\IOHandler.cpp:559:0
#23 0x00007ffd26b3b7aa lldb_private::Debugger::RunIOHandlers(void)
D:\src\llvm-project\lldb\source\Core\Debugger.cpp:948:0
#24 0x00007ffd26d41118
lldb_private::CommandInterpreter::RunCommandInterpreter(class
lldb_private::CommandInterpreterRunOptions &)
D:\src\llvm-project\lldb\source\Interpreter\CommandInterpreter.cpp:2986:0
#25 0x00007ffd26346023 lldb::SBDebugger::RunCommandInterpreter(class
lldb::SBCommandInterpreterRunOptions const &)
D:\src\llvm-project\lldb\source\API\SBDebugger.cpp:1210:0
#26 0x00007ff7636ee638 Driver::MainLoop(void)
D:\src\llvm-project\lldb\tools\driver\Driver.cpp:543:0
#27 0x00007ff7636f10c2 main
D:\src\llvm-project\lldb\tools\driver\Driver.cpp:839:0
#28 0x00007ff763888859 invoke_main
d:\a01\_work\14\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:79:0
#29 0x00007ff76388873e __scrt_common_main_seh
d:\a01\_work\14\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288:0
#30 0x00007ff7638885fe __scrt_common_main
d:\a01\_work\14\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:331:0
#31 0x00007ff7638888ee mainCRTStartup
d:\a01\_work\14\s\src\vctools\crt\vcstartup\src\startup\exe_main.cpp:17:0
#32 0x00007ffde9f37c24 (C:\Windows\System32\KERNEL32.DLL+0x17c24)
#33 0x00007ffdeb7ad721 (C:\Windows\SYSTEM32\ntdll.dll+0x6d721)
```

(the backtrace is from Windows, but on Linux it's the same)

```
lldb version 14.0.0 (<a href="https://github.com/llvm/llvm-project.git">https://github.com/llvm/llvm-project.git</a> revision
d89490db70ebc6438db507a20ac9558e822f1453)
  clang revision d89490db70ebc6438db507a20ac9558e822f1453
  llvm revision d89490db70ebc6438db507a20ac9558e822f1453
```

Full log of LLDB's expression evaluation in Release --
<a href="https://pastebin.com/a3V9n7bU">https://pastebin.com/a3V9n7bU</a>

The problems seems to be that `InterpreterStackFrame::ResolveConstantValue`
assumes all operands of `GetElementPtr` are `ConstantInt`, which is not always
the case --
<a href="https://github.com/llvm/llvm-project/blob/baa6a851308dceca141a191847bc6e1a526eea17/lldb/source/Expression/IRInterpreter.cpp#L290">https://github.com/llvm/llvm-project/blob/baa6a851308dceca141a191847bc6e1a526eea17/lldb/source/Expression/IRInterpreter.cpp#L290</a></pre>
        </div>
      </p>


      <hr>
      <span>You are receiving this mail because:</span>

      <ul>
          <li>You are on the CC list for the bug.</li>
      </ul>
    </body>
</html>