<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/59010>59010</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            Clang crash with unevaluated variable length array type
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          EricPostpischil
      </td>
    </tr>
</table>

<pre>
    Put “int foo(void); int bar(void) { return sizeof *(1 ? 0 : (char (*)[foo()]) 0); }” in a file named x.c and execute “clang -c x.c”.
 This results in a crash. Output copied from Compiler Explorer (https://godbolt.org/z/bW6xvse7v) is:

<pre>
Could not execute the program
Compiler returned: 254
Compiler stderr
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.      Program arguments: /opt/compiler-explorer/clang-trunk-20221115/bin/clang-16 -cc1 -triple x86_64-unknown-linux-gnu -emit-obj -mrelax-all --mrelax-relocations -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name example.c -mrelocation-model pic -pic-level 2 -pic-is-pie -mframe-pointer=all -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -mllvm -treat-scalable-fixed-error-as-warning -debug-info-kind=constructor -dwarf-version=4 -debugger-tuning=gdb -fcoverage-compilation-dir=/app -resource-dir /opt/compiler-explorer/clang-trunk-20221115/lib/clang/16 -internal-isystem /opt/compiler-explorer/clang-trunk-20221115/lib/clang/16/include -internal-isystem /usr/local/include -internal-isystem /opt/compiler-explorer/gcc-9.2.0/lib/gcc/x86_64-linux-gnu/9.2.0/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -fdebug-compilation-dir=/app -ferror-limit 19 -fgnuc-version=4.2.1 -fcolor-diagnostics -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/example-850648.o -x c <source>
1.      <eof> parser at end of file
2.      <source>:1:20: LLVM IR generation of declaration 'bar'
3.      <source>:1:20: Generating code for declaration 'bar'
 #0 0x0000564afefad024 PrintStackTraceSignalHandler(void*) Signals.cpp:0:0
 #1 0x0000564afefaa8a4 SignalHandler(int) Signals.cpp:0:0
 #2 0x00007fe307810420 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x14420)
 #3 0x0000564aff7c69e2 (anonymous namespace)::ScalarExprEmitter::EmitScalarConversion(llvm::Value*, clang::QualType, clang::QualType, clang::SourceLocation, (anonymous namespace)::ScalarExprEmitter::ScalarConversionOpts) CGExprScalar.cpp:0:0
 #4 0x0000564aff7d8af9 (anonymous namespace)::ScalarExprEmitter::VisitCastExpr(clang::CastExpr*) CGExprScalar.cpp:0:0
 #5 0x0000564aff7d21ba (anonymous namespace)::ScalarExprEmitter::Visit(clang::Expr*) CGExprScalar.cpp:0:0
 #6 0x0000564aff7d3fb7 clang::CodeGen::CodeGenFunction::EmitScalarExpr(clang::Expr const*, bool) (/opt/compiler-explorer/clang-trunk-20221115/bin/clang-16+0x42a6fb7)
 #7 0x0000564aff3ffe04 clang::CodeGen::CodeGenFunction::EmitReturnStmt(clang::ReturnStmt const&) (/opt/compiler-explorer/clang-trunk-20221115/bin/clang-16+0x3ed2e04)
 #8 0x0000564aff401d35 clang::CodeGen::CodeGenFunction::EmitStmt(clang::Stmt const*, llvm::ArrayRef<clang::Attr const*>) (/opt/compiler-explorer/clang-trunk-20221115/bin/clang-16+0x3ed4d35)
 #9 0x0000564aff407d9a clang::CodeGen::CodeGenFunction::EmitCompoundStmtWithoutScope(clang::CompoundStmt const&, bool, clang::CodeGen::AggValueSlot) (/opt/compiler-explorer/clang-trunk-20221115/bin/clang-16+0x3edad9a)
#10 0x0000564aff46668d clang::CodeGen::CodeGenFunction::EmitFunctionBody(clang::Stmt const*) (/opt/compiler-explorer/clang-trunk-20221115/bin/clang-16+0x3f3968d)
#11 0x0000564aff471c16 clang::CodeGen::CodeGenFunction::GenerateCode(clang::GlobalDecl, llvm::Function*, clang::CodeGen::CGFunctionInfo const&) (/opt/compiler-explorer/clang-trunk-20221115/bin/clang-16+0x3f44c16)
#12 0x0000564aff4c81ba clang::CodeGen::CodeGenModule::EmitGlobalFunctionDefinition(clang::GlobalDecl, llvm::GlobalValue*) (/opt/compiler-explorer/clang-trunk-20221115/bin/clang-16+0x3f9b1ba)
#13 0x0000564aff4c4965 clang::CodeGen::CodeGenModule::EmitGlobalDefinition(clang::GlobalDecl, llvm::GlobalValue*) (/opt/compiler-explorer/clang-trunk-20221115/bin/clang-16+0x3f97965)
#14 0x0000564aff4c4e53 clang::CodeGen::CodeGenModule::EmitGlobal(clang::GlobalDecl) (/opt/compiler-explorer/clang-trunk-20221115/bin/clang-16+0x3f97e53)
#15 0x0000564aff4cc5fa clang::CodeGen::CodeGenModule::EmitTopLevelDecl(clang::Decl*) (.part.0) CodeGenModule.cpp:0:0
#16 0x0000564b0023b2b1 (anonymous namespace)::CodeGeneratorImpl::HandleTopLevelDecl(clang::DeclGroupRef) ModuleBuilder.cpp:0:0
#17 0x0000564b0022ddcd clang::BackendConsumer::HandleTopLevelDecl(clang::DeclGroupRef) (/opt/compiler-explorer/clang-trunk-20221115/bin/clang-16+0x4d00dcd)
#18 0x0000564b0143a074 clang::ParseAST(clang::Sema&, bool, bool) (/opt/compiler-explorer/clang-trunk-20221115/bin/clang-16+0x5f0d074)
#19 0x0000564b00238e15 clang::CodeGenAction::ExecuteAction() (/opt/compiler-explorer/clang-trunk-20221115/bin/clang-16+0x4d0be15)
#20 0x0000564affb39471 clang::FrontendAction::Execute() (/opt/compiler-explorer/clang-trunk-20221115/bin/clang-16+0x460c471)
#21 0x0000564affabe103 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/opt/compiler-explorer/clang-trunk-20221115/bin/clang-16+0x4591103)
#22 0x0000564affc1cdab clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/opt/compiler-explorer/clang-trunk-20221115/bin/clang-16+0x46efdab)
#23 0x0000564afc813afc cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/opt/compiler-explorer/clang-trunk-20221115/bin/clang-16+0x12e6afc)
#24 0x0000564afc80eebc ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&) driver.cpp:0:0
#25 0x0000564afc80f4df clang_main(int, char**) (/opt/compiler-explorer/clang-trunk-20221115/bin/clang-16+0x12e24df)
#26 0x00007fe3072be083 __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24083)
#27 0x0000564afc80bb3e _start (/opt/compiler-explorer/clang-trunk-20221115/bin/clang-16+0x12deb3e)
clang-16: error: unable to execute command: Segmentation fault (core dumped)
clang-16: error: clang frontend command failed due to signal (use -v to see invocation)
</pre>

This appears to involve an omission in the C standard. For “1 ? 0 : (char (*)[foo()]) 0)”, the standard says the type of the conditional expression is the type of the third operand (because the second operand is a null pointer constant), but it is not evaluated, so the type is a variable length array whose length is not evaluated.

I do not have access to Compiler Explorer’s files to provide the requested script to replay Clang, sorry, but this seems easily reproducible. (On my own system, I use Apple Clang and have reported it separately to Apple.)
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJzNWVtv27gS_jXOCyFDN98e8uA4STdAi-1pgvbRoCjK5lYWdUjKSfbXn28o-SInaZuuFzhFY1tDcvh9w-HMiMx0_nz5uXFscBMPpuFgtlCVY4XWg3i61SofxLNBcsVImHFzELLB5IoZ6RpTMav-lrpgg3iO9ogNklsW4nMOyVSsuaFv3zgbjK5a1f73NekJuxkGk-sdhGtMxzgrVClZxTcyZ09DwXiVM_kkRePkAawoebVigaAe--HDQXg9COfsYa0sMNqmdLZVKQy36yH7s3E1KAtdKygvjN6whd7UmM-wm6e61EZ60Gvnagsig_gW_1c6z3Tphtqs8PQ3_rJv46etlZMtEVG-p5-5-0wWtZGD5KZ9XOimzFml3Z6FW0tWG70yfLPr0oFoDStzMmI8Sk9arculMa3w88eb-f0Ns022UQ4Ms2aF0bU2jjnNTggot26yodAbPJTldvcVAMRfUjg8KmsbafHDm1tVomzyFqg3HXxAfHeGCzmIF8AuMVJIa2FFqxvTimkkt1YLxR0aTAMPEUbVrluXewclLG829d5gIZpmn1tTMG5WzUZWzrYudKtrQiY69oHsFohktPqBwwzfgziM4yiKRrQsqto3RmN4h4gYeqka_vQ0HS_HaYARlX6sglJVzVOwqhoWSBgw0NlfLNgYWfKngJclC3YP-NSCO6Ury4JcWZ6VMiiMlFBfSm4Cbl2QyQLIAjKShBH2_byRt9KoQmH5SCy4yYMtLxsZkIdD54arKiCX9wL4CN8AL_zeI-jmDjY6lyWrFcT4CEq5xWPcPiiLL-DZFLCiDGqNTQszJdeeSLHhbh3AbyqNh6IOhK5oJR066AqiSgdGN1WuYDXqC0XoYmFd4TT4lYpbAlo01aOq8sARNazRNaZ3WDPpAlE3ZOBgnELUVNILVrICc-JBZqCFkNwFsEDZ2lA9yZxw0Rw2eOSmUrSlcwlXDlRV6OA7psM8R2jQjI4F2dTCLGhMuxEreAimhgoIV3kGvEKjG18BjXeh1pC5IsvATXhdM6xu674k_i2XK1W2a8Q3OZ03fsVLLMuzdXJzFrW0Q7s9-eoEjSVl5C3lz7q-jWUlRDAbxsNwDwASfHZbZ79lINp1Gw5ffrzS_SUg-UQ_xEsOXddX9Px49PungIe0vva2exSte5aKYmw0gwA4xLH3wQ6RdzUYEYP5qtLWKUHbhec5usGjr5fLD4vF8o_515vl9bf5l9t4ubi9W87vP0EDRmuC5hAV49tu9wfTUThOp0Ps2CcmkFIXXZTd5ZSI4ibESL-QsZobiwDDkWIQfpCSKZ60PeOu50FBMo_wF4cUZT9-_PqJ3X1p96q3AI3OJTyvexzEE5__J6265IfqPnRqsI8FAhbKCfMjZXhOQhY-hfg3Gqe8kDBaGKfss8Eq-nTxQDnnXq2woH8gv5TyUIpQXcHaJjsUNSWV0P_tdUcnuvmUp-xUGWb6qaK4UzQpZBJOplGYxiFbLhE9EJPkEjnXlzbdrnllA6ChdmsEwHxoNe2cq_ApSqGFiqD9NMkx3mIixjMZk2Ze6ep5oxvrqyJb-zQ8oySazO8pnhoUL-YGTurjPonpoW1a6Grnr_HUJ3_f4SvlIG_EBWvjjBf_p-Hlw3Mtf018773gY5ekqPH30J4i_bNGEYBFWXygrm3r6yuT9k2WT3kx-00QX5VVboF0Ti1UwR54HqTzX4M1OoEVRxn_J7D6cN4FZXwCJSmyyfEaLrBRsW97D7dNJfyKnvjSS8uQhPkE3flSpnXpXxP8hviHJZzfJ2nMx8Dc2ymTHqmkKGSYvp_UF19t37vNiX0P8h218XkpJTKPgbhHadqjlIZRDi96_zq9IHNMw6_QIQbMjeHPXyRSyOJowNy5oyVFhD839RTMetRnJ9Qn-Yy_nzq9JlEdS4S_4Y1HN_BaTTGrt5WPeh2t7s5xF2_OO1-tfMy8L7U7u0k4GO9NQpkr7JtkPB5P8_ebZCe5wsv-D73irHSKZAa0PTpRn84kEiiV30WnKy0kNfapfCh1xstrlBl9796Pf5Hk-rN92HW8wzvHv7XhizQV9PvIJnHfJmJKOeInNvmk8waV3X6BW-47AteyUJVqOf-KhVr5oRI4L-NZBkI9xskJ43Q2_mmIe53x_xnTCYj0mKanTOUo-T2mb_M7NwdA7HEYnXAQo-Ld_vmg6490VNEiPmbSSnZLMcQbjKO6GBXNsaaXJQ0hOyppsjCMkyzOop9VV51aiiHa3OElqxW37wE_hvnB6KamNAl0LayrRpW5fKXgInSTPro4z0UvdF-1p0Sodm2z2VV578VxxvIqD0Mg7C399JhClCY8nPTKq8_0vjm_fzjJKXLDT5Lp-avBURHmQNODOzvxh6mMXosr8-Ps2B7FdiJ_Ln1em2Yy6oWEuJ_Rs2SGLHgM8tboysEvXkF5fnzjUGD6Hr5-iubAH56ErHbGO-RHXgn5uh3fJnTulJqOZhEg9jj0U6qIRM6zYw4d2gOV7f7V9bRG7FE9d8pIx7IAtB72XnJEMZDgkwkRLemAuPfqfly20y1Lr1ZHodOTQXB0XHI-ClEsx0DYo5D2KYRSZoLtbL6IHnwwOCJyv-Fl-VWKfUR-hY_3mtyo7RvhNh6dTFqkedGu-c5y_oSntYs3w_ktEWPOniXGvQOjOJPhNGHLZakysYRPGeex_cKpkaDzonaeOIWS3iyTE-pZlkjW6j8rv1xC8X7mfWMyZ_58lH40FR3q09XT7pILk2545W-y7uWK7nXaM8CCN6WHJ4DE3wbJ_Me627u-ogsnO8VQBE45NPhprT-_I72NlSzYepmUTB3t8Z3pkgU4Hl_RtZ_-2pDXtUR2o-E0tNxKxiumN8rSwRTdJtKl2IJRZMi5yYfsVpvDveRv3YLu7i_JS0n7Tjez_Nl6iXuuJZ3M-gs5XeW-9AVdLKiRHbKXPd1aQQlegQ3ZC_NmUnAyj59EkqJ9K1FnVVOWrLs_arch96ejPpU3jilH_fxVJt1h0TUfNVl9mNrr2XKjvD-Uslq5NeMUsdjjWtu96FTP8Hgl7liuffOak_0FXTXSiry4rN2Zbmb9kbfvVBu9Vd3lpZH_baSl28j2JpLajaxLoFm0lyuE3pjnHUNHPgC_2VgmuVXlM_N3nXkjFPgMyYh_VmzzzPRjxdqLBRp6x8is85puGr1ifxnq0beXskAA41lZ01G4hFoA8d2HMO-FvIzwgj8aTcJxepFfJvksmfELp1wpL1t17S3so4LlmmpvtDcMTQtx0Zjy8vevgUezMAov1peTpCiAKo7DWSLTcBTJcZSks5HMeVhE0-lFiUqhtJdw7UEcV_KReRX4DQe_UJddaBkjSqVxOkyTHIkvRQ2Xx4lIwkEaomhU5ZBw0AX7hbn0kLJmZdFYKuvsoZFb2uZS-umgnzdurc3ljVHis7auVlasVXnhIVx6Cv8DJm9IQA">