<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/60166>60166</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            [clang] Invalid GEP for consteval constructor of derived class
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          pfent
      </td>
    </tr>
</table>

<pre>
    Clang currently generated bad IR and subsequently crashes for the following code:

```cpp
struct Base {
   void* one = nullptr;
   void* two = nullptr;
};
struct Derived : Base {
   consteval Derived() = default;
};
void method() {
   Derived();
}
```

The `consteval` folding of the Derived constructor generates an invalid GEP instruction:

```
$ clang++ -cc1 -emit-llvm -std=c++20 repro.cpp
Invalid indices for GEP pointer type!
  %1 = getelementptr inbounds %struct.Derived, ptr %agg.tmp.ensured, i32 0, i32 1
fatal error: error in backend: Broken module found, compilation aborted!
```
With IR struct definitions:
```
%struct.Derived = type { %struct.Base }
%struct.Base = type { ptr, ptr }
```

This leads to downstream segmentation faults in code that deals with the invalid GEPs, e.g., `GEPOperator::accumulateConstantOffset`, `FastISel::selectGetElementPtr`, `GetElementPtrInst::getGEPReturnType`, etc.
A workaround it to replace `consteval` with `constexpr`, where the clang AST does not contain a `ConstantExpr` for the constructor call.

The crash reproduces on clang 15, clang 15, and a current clang 16 built from main.  
The debug build fails with an assertion when creating the invalid GEP:
```
clang++: /home/fent/llvm-project/llvm/include/llvm/IR/DataLayout.h:655: uint64_t llvm::StructLayout::getElementOffset(unsigned int) const: Assertion `Idx < NumElements && "Invalid element idx!"' failed.
```


<details><summary>Full backtrace from debug build</summary>
<p>

```
#0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:44
#1  __pthread_kill_internal (signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:78
#2 __GI___pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ./nptl/pthread_kill.c:89
#3  0x00007ffff783bc46 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#4  0x00007ffff78227fc in __GI_abort () at ./stdlib/abort.c:79
#5  0x00007ffff782271b in __assert_fail_base (fmt=0x7ffff79bac30 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x55555e9bc7f0 "Idx < NumElements && \"Invalid element idx!\"", file=0x55555e9bc7b0 "/home/fent/llvm-project/llvm/include/llvm/IR/DataLayout.h", line=655, function=<optimized out>)
    at ./assert/assert.c:92
#6 0x00007ffff7833596 in __GI___assert_fail (assertion=0x55555e9bc7f0 "Idx < NumElements && \"Invalid element idx!\"", file=0x55555e9bc7b0 "/home/fent/llvm-project/llvm/include/llvm/IR/DataLayout.h", line=655, function=0x55555e9bc768 "uint64_t llvm::StructLayout::getElementOffset(unsigned int) const")
    at ./assert/assert.c:101
#7  0x00005555566b62ad in llvm::StructLayout::getElementOffset (this=0x555564dde2a0, Idx=1) at /home/fent/llvm-project/llvm/include/llvm/IR/DataLayout.h:655
#8 0x000055555900137e in clang::CodeGen::CGBuilderTy::CreateStructGEP (this=0x7fffffff85b8, Addr=..., Index=1, Name=...) at /home/fent/llvm-project/clang/lib/CodeGen/CGBuilder.h:197
#9 0x000055555920604b in clang::CodeGen::CodeGenFunction::EmitAggregateStore (this=0x7fffffff84a0, Val=0x555564df6d20, Dest=..., DestIsVolatile=false) at /home/fent/llvm-project/clang/lib/CodeGen/CGCall.cpp:1339
#10 0x00005555592c6882 in (anonymous namespace)::AggExprEmitter::VisitConstantExpr (this=0x7fffffff7f10, E=0x555564df0158) at /home/fent/llvm-project/clang/lib/CodeGen/CGExprAgg.cpp:134
#11 0x00005555592d3598 in clang::StmtVisitorBase<std::add_pointer, (anonymous namespace)::AggExprEmitter, void>::Visit (this=0x7fffffff7f10, S=0x555564df0158) at /home/fent/llvm-project/build/tools/clang/include/clang/AST/StmtNodes.inc:1167
#12 0x00005555592c6520 in (anonymous namespace)::AggExprEmitter::Visit (this=0x7fffffff7f10, E=0x555564df0158) at /home/fent/llvm-project/clang/lib/CodeGen/CGExprAgg.cpp:108
#13 0x00005555592cae35 in (anonymous namespace)::AggExprEmitter::VisitCastExpr (this=0x7fffffff7f10, E=0x555564df02e0) at /home/fent/llvm-project/clang/lib/CodeGen/CGExprAgg.cpp:880
#14 0x00005555592d603f in clang::StmtVisitorBase<std::add_pointer, (anonymous namespace)::AggExprEmitter, void>::VisitExplicitCastExpr (this=0x7fffffff7f10, S=0x555564df02e0) at /home/fent/llvm-project/build/tools/clang/include/clang/AST/StmtNodes.inc:979
#15 0x00005555592d556b in clang::StmtVisitorBase<std::add_pointer, (anonymous namespace)::AggExprEmitter, void>::VisitCXXFunctionalCastExpr (this=0x7fffffff7f10, S=0x555564df02e0) at /home/fent/llvm-project/build/tools/clang/include/clang/AST/StmtNodes.inc:995
#16 0x00005555592d3358 in clang::StmtVisitorBase<std::add_pointer, (anonymous namespace)::AggExprEmitter, void>::Visit (this=0x7fffffff7f10, S=0x555564df02e0) at /home/fent/llvm-project/build/tools/clang/include/clang/AST/StmtNodes.inc:995
#17 0x00005555592c6520 in (anonymous namespace)::AggExprEmitter::Visit (this=0x7fffffff7f10, E=0x555564df02e0) at /home/fent/llvm-project/clang/lib/CodeGen/CGExprAgg.cpp:108
#18 0x00005555592d1046 in clang::CodeGen::CodeGenFunction::EmitAggExpr (this=0x7fffffff84a0, E=0x555564df02e0, Slot=...) at /home/fent/llvm-project/clang/lib/CodeGen/CGExprAgg.cpp:2038
#19 0x0000555559296f86 in clang::CodeGen::CodeGenFunction::EmitAnyExpr (this=0x7fffffff84a0, E=0x555564df02e0, aggSlot=..., ignoreResult=true) at /home/fent/llvm-project/clang/lib/CodeGen/CGExpr.cpp:224
#20 0x0000555559296d62 in clang::CodeGen::CodeGenFunction::EmitIgnoredExpr (this=0x7fffffff84a0, E=0x555564df02e0) at /home/fent/llvm-project/clang/lib/CodeGen/CGExpr.cpp:193
#21 0x0000555558cf4ade in clang::CodeGen::CodeGenFunction::EmitStmt (this=0x7fffffff84a0, S=0x555564df02e0, Attrs=...) at /home/fent/llvm-project/clang/lib/CodeGen/CGStmt.cpp:122
#22 0x0000555558cf5ec4 in clang::CodeGen::CodeGenFunction::EmitCompoundStmtWithoutScope (this=0x7fffffff84a0, S=..., GetLast=false, AggSlot=...) at /home/fent/llvm-project/clang/lib/CodeGen/CGStmt.cpp:535
#23 0x0000555558dc79ce in clang::CodeGen::CodeGenFunction::EmitFunctionBody (this=0x7fffffff84a0, Body=0x555564df0308) at /home/fent/llvm-project/clang/lib/CodeGen/CodeGenFunction.cpp:1247
#24 0x0000555558dc896b in clang::CodeGen::CodeGenFunction::GenerateCode (this=0x7fffffff84a0, GD=..., Fn=0x555564d4db78, FnInfo=...) at /home/fent/llvm-project/clang/lib/CodeGen/CodeGenFunction.cpp:1455
#25 0x0000555558dfe0bb in clang::CodeGen::CodeGenModule::EmitGlobalFunctionDefinition (this=0x555564d88c30, GD=..., GV=0x555564d4db78) at /home/fent/llvm-project/clang/lib/CodeGen/CodeGenModule.cpp:5402
#26 0x0000555558df5f3b in clang::CodeGen::CodeGenModule::EmitGlobalDefinition (this=0x555564d88c30, GD=..., GV=0x0) at /home/fent/llvm-project/clang/lib/CodeGen/CodeGenModule.cpp:3646
#27 0x0000555558df4dce in clang::CodeGen::CodeGenModule::EmitGlobal (this=0x555564d88c30, GD=...) at /home/fent/llvm-project/clang/lib/CodeGen/CodeGenModule.cpp:3386
#28 0x0000555558e02b75 in clang::CodeGen::CodeGenModule::EmitTopLevelDecl (this=0x555564d88c30, D=0x555564dd3bb8) at /home/fent/llvm-project/clang/lib/CodeGen/CodeGenModule.cpp:6294
#29 0x000055555a18bc45 in (anonymous namespace)::CodeGeneratorImpl::HandleTopLevelDecl (this=0x555564d836b0, DG=...) at /home/fent/llvm-project/clang/lib/CodeGen/ModuleBuilder.cpp:190
#30 0x000055555a182985 in clang::BackendConsumer::HandleTopLevelDecl (this=0x555564d834c0, D=...) at /home/fent/llvm-project/clang/lib/CodeGen/CodeGenAction.cpp:233
#31 0x000055555bfc244d in clang::ParseAST (S=..., PrintStats=false, SkipFunctionBodies=false) at /home/fent/llvm-project/clang/lib/Parse/ParseAST.cpp:166
#32 0x000055555974af71 in clang::ASTFrontendAction::ExecuteAction (this=0x555564d4cd90) at /home/fent/llvm-project/clang/lib/Frontend/FrontendAction.cpp:1162
#33 0x000055555a17fbac in clang::CodeGenAction::ExecuteAction (this=0x555564d4cd90) at /home/fent/llvm-project/clang/lib/CodeGen/CodeGenAction.cpp:1171
#34 0x000055555974a858 in clang::FrontendAction::Execute (this=0x555564d4cd90) at /home/fent/llvm-project/clang/lib/Frontend/FrontendAction.cpp:1055
#35 0x0000555559673573 in clang::CompilerInstance::ExecuteAction (this=0x555564d4a7c0, Act=...) at /home/fent/llvm-project/clang/lib/Frontend/CompilerInstance.cpp:1046
#36 0x00005555598f0f97 in clang::ExecuteCompilerInvocation (Clang=0x555564d4a7c0) at /home/fent/llvm-project/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:264
#37 0x0000555556656cfc in cc1_main (Argv=..., Argv0=0x7fffffffe68e "/home/fent/llvm-project/build/bin/clang++", MainAddr=0x555556641faa <GetExecutablePath[abi:cxx11](char const*, bool)>) at /home/fent/llvm-project/clang/tools/driver/cc1_main.cpp:251
#38 0x0000555556643a4c in ExecuteCC1Tool (ArgV=...) at /home/fent/llvm-project/clang/tools/driver/driver.cpp:360
#39 0x0000555556644249 in clang_main (Argc=5, Argv=0x7fffffffe408) at /home/fent/llvm-project/clang/tools/driver/driver.cpp:435
#40 0x000055555667af19 in main (argc=5, argv=0x7fffffffe408) at /home/fent/llvm-project/build/tools/clang/tools/driver/clang-driver.cpp:11
```

</p>
</details>

</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJzkWllv4zqW_jXMC1GGRGrzQx4cO84EuEtQDuret4AiKZtTEqmRqCzz6wcktcdJpRzPrW50o2_Foiie831n4eFC6lrsJeeXILwC4eaCNPqgqssy41JfpIq9XK5zIveQNlXFpc5f4J5LXhHNGUwJg7dfIZEM1k1a8_9pXA9akfrAa5ipCuoDh5nKc_UkzCiKcYBXwNsAr_s38tz_aVm6llpXDdXwitQcgvjKNUIIH5VgAK2gkhwCvIGyyfNSVwC_7qKf1NEuIN70v1sxG16JR84gwKvXIqmSteaPJO-6AZQAtLRjM56RJtdHxzZ6wILrg-q_GI06GWvy_ZSRMU33Bw4NSZ1CIPIMr8ywqjJLc4fE9jHYVNUbq4ZEQiEfSS4YvLm-g6LtI5R8yyDtIwogNS4A0BVAV_ALpT78wguhv-T5YwG_1JoBvKHuNfJgxctKLXpr3rZChWSCtk5hFCiVkJpXUL-UHCC_Iweg0Lf07rnmOS-41KWuoJCpaiSrzXun-KJncQ1ND4BCst8vdFEuuKybyr0RGEGv-9EKyYgmOeRVpSpjdPsDCglTQr9zyawjVOo7l7BQrMmN_zbSjkZVUYqcGNIgSVWljRD_KG1_CX0wwdF6GeOZkMJ8WA90z4meIbM0GHqM84yAt166mX_m2sffGNfv6PmBd4ka5pywGmoFmXoy3sFJAWu-NyZwkK2_14YqE8dQH4gBRvIaPhm0xgdHLlYb0XyxX5i_IPJuru_-LI0zWtoBXhFKm6LJieZr47FE6j-zrOba6OY-2ZJa3-547vrXPOdU33B97fziTldD10nzray1-2bP9c313Veum0reG09zH3BNFw75Cj6p6jupjImh0AZ-xcuc0NfhZkH2jc9lJ_3pwCtu0ds4gavdPWSK11AqbYJREyEhMV92OK_dx32CHEcsJXm-mEe-zaguslhjokjJVpgfWscc_TbpmHT5unsTwbQRuYZZpQpYECEXEA7DM542e9uDwYyIzqBEQlLXvLLGfzpwCWnFiTYpZ2brt3x6lDhMWAG0PaiCA7Q10wtAW5NBvpSV-m9Ou0eAtkLSvGF8aLj9CtB2QzT5jbyoRi8OAK-iMDRDNkLqKHjQ0Ha1Nt9ZKl3X3gta52g9DCWNtPOeyUva5GdrAjPgqkcMIu-WPUOA1_CPpmgHMBkoAiiCAKEutbV5Cgr2bNIBQgDFlkfOFu8EXfsvXjOuDekAXwO8rpuiINULwNfbJs9tUtKVcUdrupGlAF4DtB2698OVw8PxPIM9CB8eSn2oOGEP30WeP4iidCBcpAOUSPWghcns1scNWQrgTWQe3If2JcBrVWpRiP_lDFq-rw2bRMMFQFtZ6hyg7VjSggK8CoJeFf-1KmZakCQ3SpxXbJz0YhF8eLi5fZiKNhJ_JGSgwv0NPC614d_o-EMNkmWvAYbQe_Y8z4uzLMviBKc0iExutYpVRJhkbhlwso5JMqLql5rxsjbSVC2eAdrab604FPXigpk4hOKM9uLsZAbbUqXFUGuWixSgrX3pCBzUD1-P56duPJczHkwAPKTEwcgKbVzp2fVepoRiD9pICev-P2wms8YlCtc0CUbXOERWuJYAhdKOsh4ylZUTmv_xZUrjzMp5L5DD9duxbN-1EjKR89ngaQviXGnNCcqFNIJMhjNiG9mWaW-4fV9XdpZzVPQ_rOmWqDddNHM8HC4Hx5uYz1juP4HXsegoMaLPO60Y8R8zk-_5vZ3iLsSsclGURoiYgX9KJ5fTRN2jjALGOCI2q9-yZ4A3fhv0556dOxzJGMbS83wcc1tE2uLAar1WjN9w2T7cXJn5jVf3L22DqTq4w2qWDmNI1omzLEvCNDGQVoxVAG8WC1t23krGW4hr-AcpePfqQ4Db6mXr0mCnI9r2Clqo_jLuoS4nUJEXeUH6LlT3sO1d0TReF0Kv9vuK7y1qVfHjiANnxG8kHxs3ixiy7RtuCpqOCfN0W39TZvViwy0jec0_TcTaVKtmrYdXPsbD9OB7UyZolCTIMGEyilTypVBNDSUpeF0Syu062GBf7femODYUaN6uE76JWuhx6XyUjjjzLezrCRmeHyafBmlkrvb7HueoevGnMBkOl8nM4DtdaAtBVWaFZko8s2K2KyDGHtp1sF3G_BQ3aO22O0zV2NP0LjW7U6lx9SbaaqXyekTVkAq6ltXuHqCtgfyHYrxeCGmzmh8NMeKjuWuEyPuMa_xid_CGqtLHM2iE4_BTXk_qn_Z4xL0zQ0ySYengBzOPjzyc_UqPv34uc0E_SNXuVKo-GwHLUenshzMKwzCazxL_KIXrv__uZiCS_4vzuBzqCj-aJ18c_tsk319EWfwLc-_5E9Mk9yYzb_A9t54-pfZ6MwC6ousYtDXc5UqfqcKcAkUeHiGdVZnLKEtORCpfTkRK9vsx2DUUe6kq_pXX9khko6vm88Wl0a0jAA1FF_Lm-FmETsJ_a5VmJ3FwPmz-Eg_YJgVlQrOAsPcXS29hM2ngXVDHEtIarrSu6jP5sFGhw4iG_QeEZhhDToOTMK5VUapGMiPoL6EPqtE7qsr310u7wWlvuP6N2FVSuxpaw9XUsc_HQIiHNIwmdWLCaLykp1m5a7lS7OVd1KbD1ODY-3QpPNWqN3UwFPsomCFNlq9qnR8jvWlPMc3Ld1HebAbjbuUYb8DSOHHNtzJT57HvcfzBaO8DhVP8GffSj-D_3Z48Dna-yVVK8k7Spj9NPLa9kyQUv2Lj5tsRNs6B3mnaOXngjeI8mmEPM3w69tMxfzpZHwGKo2DYW0fxDGjAPhTOx4F-EN75IeFkBGlSTSXcQ2kcngDpXpW_8Ueebzh9H9hmskGJ0_T_wz0jtByVEZMyivhJSoOPLNbbgd1J9m1RtqfT_0Uky_kP8eIodXhvzmJIB6_bjuzqiWG5jr0ZSLRM5na8cvce1krWTdFV9x-FE9DefGdzy9U4nSI8VEd4Uh2lGUVBwGZo7khV89Xu3qg7murvKiH1ThNdj2f73XdRjqZQwetP7Yxa2d3f1e6-M0g0BBae7n7FAclifwZhtbvfVkpqLtlqPN8_c9po7pqOWSOgbHlasuvEjX5OjOD70ZDXMZ76VJylhB7PDf-Q-u97kO_Hw6EKDub8J682Dd4h_x-m3RuVEni6bRTFOIzxK9qLUuTcXoAhkvKPMk9iF8Yr-pnKdwRnrkgPaDRt4un-TZJ52TKeAWpVH4Z7VLS_orB2_V7h-ITq90rlAG3fFNslpWiYR3A8PaYLI-pO1in1HwriJpRVtX8ckpF58iYFLI8S_pEjz24zKBVywGCv17gjzt-JkO0RWHuoGUWBnxECAV7fcO2AkTTnd0QfQHhFUgHwij4_-z4INwAl9ECq7thyZYZMLSXL4YrFR5ntNqxYJR55ZV60hHQkhqOwTKYkBpgElsTOEmvfmKal8ttJTvpKH_ejr-hGs-Zypk2AgmXvmWOjUoA3YWfSqUWDn15fva9gMFpABt5UwZhkvlWwU42MVCOfUO2tzcfXtjUvvkwU9o_fjOzvKQG0Lcf3lsxww00o23rBLjFb4iW54Jd-FAcI-V6wvDhcspDyxFtGfoI9HiOfpiTKPJ8mHDMeeemFuEQewp6PPB-jwFsuvMCjNE5oEsQxSlgMAo8XROQLg3ihqv2FqOuGX0aeH0UXOUl5XttL0QhJ_gTtSxNk4eaiurQspc2-BoGXi1rXwyha6NzepnZUhRt4O7p2m6lqdKl4fO9PZZB1F3hzUtcXTZVfHrQu3b2YLUDbvdCHJl1QVQyH7zN7WTWNYSyM_wsAAP__72LrJw">