<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Issue</th>
<td>
<a href=https://github.com/llvm/llvm-project/issues/62086>62086</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>
clang++ crash when accessing private member using loophole
</td>
</tr>
<tr>
<th>Labels</th>
<td>
new issue
</td>
</tr>
<tr>
<th>Assignees</th>
<td>
</td>
</tr>
<tr>
<th>Reporter</th>
<td>
fbenkstein
</td>
</tr>
</table>
<pre>
While trying to adapt the code from [a blog post](https://quuxplusone.github.io/blog/2020/12/03/steal-a-private-member/) into a library I ran into the following compiler crash:
```
PLEASE submit a bug report to https://github.com/Homebrew/homebrew-core/issues and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0. Program arguments: /opt/homebrew/Cellar/llvm/16.0.1/bin/clang++ -I/Users/frank/Projects/c++-thief/include -std=gnu++20 -arch arm64 -isysroot /Library/Developer/CommandLineTools/SDKs/MacOSX13.3.sdk -MD -MT examples/CMakeFiles/access_private_stuff.dir/access_private_stuff.cpp.o -MF CMakeFiles/access_private_stuff.dir/access_private_stuff.cpp.o.d -o CMakeFiles/access_private_stuff.dir/access_private_stuff.cpp.o -c /Users/frank/Projects/c++-thief/examples/access_private_stuff.cpp
1. <eof> parser at end of file
2. /Users/frank/Projects/c++-thief/examples/access_private_stuff.cpp:12:5: LLVM IR generation of declaration 'main'
3. /Users/frank/Projects/c++-thief/examples/access_private_stuff.cpp:12:5: Generating code for declaration 'main'
Stack dump without symbol names (ensure you have llvm-symbolizer in your PATH or set the environment var `LLVM_SYMBOLIZER_PATH` to point to it):
0 libLLVM.dylib 0x00000001119e5fa4 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) + 56
1 libLLVM.dylib 0x00000001119e5334 llvm::sys::CleanupOnSignal(unsigned long) + 252
2 libLLVM.dylib 0x000000011581ce58 (anonymous namespace)::CrashRecoveryContextImpl::HandleCrash(int, unsigned long) + 76
3 libLLVM.dylib 0x000000011581cf34 CrashRecoverySignalHandler(int) + 112
4 libsystem_platform.dylib 0x0000000197136a84 _sigtramp + 56
5 libclang-cpp.dylib 0x000000010631ae60 clang::CodeGen::CodeGenFunction::EmitPointerWithAlignment(clang::Expr const*, clang::CodeGen::LValueBaseInfo*, clang::CodeGen::TBAAAccessInfo*) + 176
6 libclang-cpp.dylib 0x000000010631ae60 clang::CodeGen::CodeGenFunction::EmitPointerWithAlignment(clang::Expr const*, clang::CodeGen::LValueBaseInfo*, clang::CodeGen::TBAAAccessInfo*) + 176
7 libclang-cpp.dylib 0x0000000106321354 clang::CodeGen::CodeGenFunction::EmitUnaryOpLValue(clang::UnaryOperator const*) + 140
8 libclang-cpp.dylib 0x0000000106311f4c clang::CodeGen::CodeGenFunction::EmitLValue(clang::Expr const*) + 1572
9 libclang-cpp.dylib 0x000000010637148c (anonymous namespace)::ScalarExprEmitter::EmitLoadOfLValue(clang::Expr const*) + 88
10 libclang-cpp.dylib 0x000000010635cb84 (anonymous namespace)::ScalarExprEmitter::Visit(clang::Expr*) + 1360
11 libclang-cpp.dylib 0x0000000106368cec clang::CodeGen::CodeGenFunction::EmitPromotedScalarExpr(clang::Expr const*, clang::QualType) + 56
12 libclang-cpp.dylib 0x0000000106371ea4 (anonymous namespace)::ScalarExprEmitter::EmitBinOps(clang::BinaryOperator const*, clang::QualType) + 84
13 libclang-cpp.dylib 0x000000010635daa0 (anonymous namespace)::ScalarExprEmitter::Visit(clang::Expr*) + 5228
14 libclang-cpp.dylib 0x0000000106368cec clang::CodeGen::CodeGenFunction::EmitPromotedScalarExpr(clang::Expr const*, clang::QualType) + 56
15 libclang-cpp.dylib 0x0000000106371e90 (anonymous namespace)::ScalarExprEmitter::EmitBinOps(clang::BinaryOperator const*, clang::QualType) + 64
16 libclang-cpp.dylib 0x000000010635daa0 (anonymous namespace)::ScalarExprEmitter::Visit(clang::Expr*) + 5228
17 libclang-cpp.dylib 0x0000000106311264 clang::CodeGen::CodeGenFunction::EmitIgnoredExpr(clang::Expr const*) + 132
18 libclang-cpp.dylib 0x00000001064581fc clang::CodeGen::CodeGenFunction::EmitStmt(clang::Stmt const*, llvm::ArrayRef<clang::Attr const*>) + 416
19 libclang-cpp.dylib 0x00000001064bf714 clang::CodeGen::CodeGenFunction::EmitFunctionBody(clang::Stmt const*) + 140
20 libclang-cpp.dylib 0x00000001064c0230 clang::CodeGen::CodeGenFunction::GenerateCode(clang::GlobalDecl, llvm::Function*, clang::CodeGen::CGFunctionInfo const&) + 1084
21 libclang-cpp.dylib 0x00000001064e81ac clang::CodeGen::CodeGenModule::EmitGlobalFunctionDefinition(clang::GlobalDecl, llvm::GlobalValue*) + 412
22 libclang-cpp.dylib 0x00000001064dbf50 clang::CodeGen::CodeGenModule::EmitGlobalDefinition(clang::GlobalDecl, llvm::GlobalValue*) + 528
23 libclang-cpp.dylib 0x00000001064da278 clang::CodeGen::CodeGenModule::EmitTopLevelDecl(clang::Decl*) + 288
24 libclang-cpp.dylib 0x0000000106549c2c (anonymous namespace)::CodeGeneratorImpl::HandleTopLevelDecl(clang::DeclGroupRef) + 136
25 libclang-cpp.dylib 0x00000001064b2e70 clang::BackendConsumer::HandleTopLevelDecl(clang::DeclGroupRef) + 168
26 libclang-cpp.dylib 0x0000000104f47d58 clang::ParseAST(clang::Sema&, bool, bool) + 456
27 libclang-cpp.dylib 0x0000000106b90854 clang::FrontendAction::Execute() + 96
28 libclang-cpp.dylib 0x0000000106b12238 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) + 580
29 libclang-cpp.dylib 0x0000000106bdf4dc clang::ExecuteCompilerInvocation(clang::CompilerInstance*) + 512
30 clang-16 0x00000001007c6270 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) + 1772
31 clang-16 0x00000001007c3dc4 ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&) + 1092
32 libclang-cpp.dylib 0x0000000106785138 void llvm::function_ref<void ()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<std::__1::optional<llvm::StringRef>>, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>*, bool*) const::$_0>(long) + 28
33 libLLVM.dylib 0x000000011190efe8 llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) + 148
34 libclang-cpp.dylib 0x00000001067849a4 clang::driver::CC1Command::Execute(llvm::ArrayRef<std::__1::optional<llvm::StringRef>>, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>*, bool*) const + 244
35 libclang-cpp.dylib 0x0000000106744268 clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&, clang::driver::Command const*&, bool) const + 940
36 libclang-cpp.dylib 0x000000010676775c clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&, llvm::SmallVectorImpl<std::__1::pair<int, clang::driver::Command const*>>&) + 332
37 clang-16 0x00000001007c29d4 clang_main(int, char**) + 9788
38 dyld 0x0000000196daff28 start + 2236
clang-16: error: clang frontend command failed with exit code 139 (use -v to see invocation)
Homebrew clang version 16.0.1
Target: arm64-apple-darwin22.4.0
Thread model: posix
InstalledDir: /opt/homebrew/Cellar/llvm/16.0.1/bin
clang-16: note: diagnostic msg:
********************
PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang-16: note: diagnostic msg: /var/folders/z2/f_d5vhdd7sx8chnlx9ykpkzh0000gn/T/access_private_stuff-43ef1b.cpp
clang-16: note: diagnostic msg: /var/folders/z2/f_d5vhdd7sx8chnlx9ykpkzh0000gn/T/access_private_stuff-43ef1b.sh
clang-16: note: diagnostic msg: Crash backtrace is located in
clang-16: note: diagnostic msg: /Users/frank/Library/Logs/DiagnosticReports/clang-16_<YYYY-MM-DD-HHMMSS>_<hostname>.crash
clang-16: note: diagnostic msg: (choose the .crash file that corresponds to your crash)
clang-16: note: diagnostic msg:
********************
make[2]: *** [examples/CMakeFiles/access_private_stuff.dir/access_private_stuff.cpp.o] Error 1
make[1]: *** [examples/CMakeFiles/access_private_stuff.dir/all] Error 2
make: *** [all] Error 2
```
[access_private_stuff-43ef1b.cpp.txt](https://github.com/llvm/llvm-project/files/11208087/access_private_stuff-43ef1b.cpp.txt)
[access_private_stuff-43ef1b.sh.txt](https://github.com/llvm/llvm-project/files/11208099/access_private_stuff-43ef1b.sh.txt)
I tried with the latest version of LLVM available on Homebrew, the version of Clang shipped with Xcode (`Apple clang version 14.0.3 (clang-1403.0.22.14.1)`) and clang-11.
It's also reproducible on Compiler Explorer: https://godbolt.org/z/3Gf1zq3b9
The crash does not happen when compiling with gcc.
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJzsWl1zoziX_jXkRmUXCLDhIhf-TKc22WQTT8_03rgEHGxthMRIwh33r98SAts4TuJkMjX1vvW6ujq2ONJ5zoeeIyERpeiKA1w64dgJpxek0mshL_ME-JPSQPlFIrLt5e9rygBpuaV8hbRAJCOlRnoNKBUZoFyKAjnhmKCEiRUqhdJOOHVwtNa6VI4_cvDcwfM_q-q5ZJUSHPorqtdV0qfCwXPTycFz7GLXwXMPO3ju-g6eKw2E9UivlHRDNPQKKBKQ9VgxotzgQIwmksgtukaScNtoYOWCMfHToE1FUVIGEqWSqLXB4k4dt_1_4Db_6p_3N7PR4wypKimoRgQl1QpJKIXUxuiuMY0BqSgcPP8mCkgk_HTwfN187aVCgoPnVKkKFCI8Q5SnrMrA-s2gQQlJn7QkKTh4gkoJpRQpKAUZUqKSttn0JEqJlBINGZIVRyqVtNR9C_pRk_QJZVVR7oxz-6j-3EuxkqRARK6qArg26JGD56LUB0gdPJ8AY8R4lrGNsccb9N2-Z0JDuYPnKSN85eCxg8eod-3g-W8KpHLwPJeEPzl4fi_F_0GqTVNq5Xp6TSE39jdG95TOHH-64pUVwC7qEZmuEZHFIEA9qrZKCqENvhsbVAfPp7ABJso66hNRFIRnN5TDQghmlD1O_8v8uSXp3eMfnt_3-yp7Qr3bKerdLhA8k6JkYCQmt-QJ5tT-IKlx8rJJq6XSVZ73Mypfe5SWZV-g3u0c_fVh-hnqiS8YB_VS9LFAHHjjtWFt9nh95PgTELnjz1BJpAKJiEbAMyRylFMGVg73_wYE_sjDjj8KTabe3Hy_RdcPaAUcJNFUcAMgg5SR5qeDhwUxKTq0kPy_G9JVA6UmFsN8Qr4JaD850U-q16LSSG2LRDDESQEKOTgCrioJaCsqtCYbQGYK9qwQ_QUSUW6eSXQ_WnxDQiIFlnmBb6gU3MxrtCESOQPXOGz5-ON2fHdz_b-zh6Xp4gxcQ16loLxmMaodHO-ZAhkGNf362ZbRBLnPrv14nhdDmJOgBmQ6-CO1VfbLvaRc17YtLHtFeyFJfi6F0hJI4eCBYTDKjU5k2CMcNDl2rPfgcwTB909CmDAgvCrv-CNdccIcHFW8rmUZYsKwlVWIQ9xk6xuWhpGXQhiZaBAu-LYQlbIBKmvr4kal4ewHSMUG5HYiuIZnfV2UzD79RnjGoJZxcFTbPEEnMQ0bJ_jnOcGgy_0AddRbq61O2eqzw3teY3JQj6-2SkOxLBnRuZDFC-vjoecPSBSgpaIrLUlRdiIV1oPUFaBnmOe4uzvwPQIDF9kiYR0lMrgC3vkxr3hqpohtnBVU35uUBPk71esRo6s6kx0cHYwzey4lSgVX2sEj487XdNx8J6yCMVFwzXPxjvBiPBqN6sm-E24c1wZmcMrk47j8Oxo-PNNw7Plh8HHDf-NEbu9KC7prcfPIkKs4NL0BGDQrtOhkNp4KjZcH6ccRnoJ2FIwGUThsZll8JqKhF0TpexTzmBJGpNFo0GiQB9AEye7yswFGUcO07pn4wjSJgk_i-04VPZHCh_7y20W2550JaBCl8IkQ3ktRCA3ZHur5c-t_KsIW2xJelCt8dpCBfNaJ5seY8rtSdQGP6Stz403oUdBA99_l7zAjxP3bIh9i3KZi8C8Y-fD8yMefdeLXRn7QRv5kGftnIn9uYfE8PPhEYblecSEhezfkLRc11O1F58EKwsjLP5GQj7o48pBp6cRxv7IdSUm2D5A7_uSgw0jrAwP8WWtD4LUJerL-dNAn-dD7hFPblrHItm9acVSj8ZkVJ0hd7H9w-dTsv8A87GK6YiIhbAop67p11__ttdHkqhU0a6PWuMHOOLflU3xm-Qog8si7OXMrsorB3ufWihbKFHLKqUV_jq22vVkhjPap0m6BzqxiQZbk4buBOQ39ayCHLXHgk9XrFGSCh9FHIS9EeQMbaGAdwrUtOzy4XU3hM0tYGMQpfne118Cy9H68k3wb3JUUVWnYYr--ahCeWbCCBMOwE-QxSZ-AZxPBVVW0LP8pLIPWW-dtpII8GGZhJ3r3RCoYPS6OeAcK0rxTSIRg-79NordFG59ZbpLYjbr7mLk023qejQ658BnSShu6aRXFrZ6T9aOjwcPYP8pL-z76mitNeAodHY3ajtFHkPacFEYt4Z65BUmyPMg6lNSo3WPaiJS8hPAC88FMbcmlZfKeN0DHnwMQ7jAdYJN3qbe0b8qi0yVwTY7q3gR12_AEbQTNOtvYdk_me3swXeV-lgaoNXviLer0OYDwWBDGvkO6m5AnkBxUhbhVeCa1DqPQ86Ma-AEJ5g3fL2Vte_3UppvRV4ukhLGEpE_LnHcXCJmkm3ayTiZe85L8OHNP-rh-I2_alkvPfhGlgUGM2Qcu0ZLyVd1l1kTiZc-EKJouVS3aOO20oHmy1JJQrVq518YkjJl0FPJA0MiO9hO_jr0NTt3FwcHSrYWizlvAhpB8_8zXji7kEB1E6NSrP_vkoeKPJAe27Xj57YjuVkwtrDOryjAKYtLhq_9E30bfRjlo1mj-yRrY8WQQ4EH0qidrviMvSkDr3g45HnU0AgfLx8kbOg5FR526dmhV3K6r_Xf3c8PBcBimr2mcHnzvEP8Jxn_NGxbkW3T5MpAloSaGzRvxc93RRHvHtX67afOH5xYaHGfNZGlLTYuhzs_RQemIh-0Kz49QtmXZi6G7w8eDjOQ5jpDSRDbZh9slWAvP8UcIpDQZPLI4UN4Uc5Q29uaEMsjqwyEEz1TbYyXPN7CiSgHqbZAWSAEgelCdY6upPXduRt-AVFRw1Bzf1iILIldguMoetPZIWTLoZUT-pBzjftBvsmuxlkAyVIgMzDIUlULRZ_uoLvuMQTal8lMnyC-8woU2Cx-UUbLiQmmaokLVWWGP5fFf-HdwvN-c548Wi9HkG1p8m6H53c3N3e_X_32F5tc3s0e0uKubx79doYfZ_d3DYofh_tRpfKRMwrx6Ir8TkIBq8oIMEb0b8iwPGO9uak_mgmX2IPMXNj-XWbhZZ9lQPUfpmrPnePtUPv1am3xccQfPF68cYvYCH3Iv2R_w_sM41PojMCbdixKIqp1rP5RZpw6G9_cMbsTKPJjuej3U1z5Ue_mh5w2Wjj_58ePHj97tbW867X37dnv7-Oj4M9O-Fkqb7Z3jz_r2nsmHgEXpWghlL4bY_vUxO9JrYghBSlCl4JkyTFCfBVsdLQt8ZGZ90fwqyBM44Rg74dSa0DxFTjj-0msXTjhFM8OhyOto9r5KM2N7FfhAxfHYpwSPrg81_4fjd2ZhXz-fvB_VuVLU8Gh9G6C0FxhM5jYWeR52Izcavj_la2VtpryDTa2_DFocv8sCXWS20iAtaVsOzWxgRIPSu8ImcnsphGwIZSRhgARH-8tXk7rPgfCkLotqTcuyHfWPusCatfjAHZlaeFw7g77b91G7HOp5gev33T7GfS8wBS024W6KQCPh9Ts2aAcPFSJMCVTXkKxKaQO13Uij2XPJhKwXP8f3ykSWCKb7Qq4M4zp47l_l3q8__aTjqcXuDlkmQJlpj9akLIGjn2vgza03ylfW6FWaNhgvsks_i_2YXMClN4g8HOHIjS_WlxgICSBN3CCOBnk08FzfC_PATcIoHwZ5ckEvsYt9N_CwO3RdN-5nEMcxcT0fojgbJqkTuFAQyvomMQz-i_ru2-UAu9HggpEEmKrvGWLM4SeqHzrYUMiFvKyTKalWyglcRpVW-1E01QwuD--gWcNrQ22KGUObLEP2liCq6kYmRLkWDC4qyS4_nNL27p6D57UJ_x8AAP__eGuRGw">