<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Issue</th>
<td>
<a href=https://github.com/llvm/llvm-project/issues/93040>93040</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>
Codegen bug: Derived ctor with consteval base ctor
</td>
</tr>
<tr>
<th>Labels</th>
<td>
clang:codegen
</td>
</tr>
<tr>
<th>Assignees</th>
<td>
</td>
</tr>
<tr>
<th>Reporter</th>
<td>
pogo59
</td>
</tr>
</table>
<pre>
Originally reported as a potential [security issue](https://bugs.chromium.org/p/llvm/issues/detail?id=67) but we believe the codegen bug has no security implications. So, refiling it here.
Original report:
>Take a look at this code example - https://godbolt.org/z/s6nM69Gqn
> GCC and MSVC flag this as an error while Clang compiles this fine, but crashes on running.
@serge-sans-paille reduced it to:
```
struct vec {
int (*func)() = nullptr;
int * data = nullptr;
int size;
vec() = default;
~vec() { delete [] data;}
};
struct Base {
consteval Base() {}
};
struct Derived : vec, Base {};
int main() {
Derived d;
if(d.func)
d.func();
return 0;
}
```
@AaronBallman said:
> Oof, this is a neat one. Clang and EDG accept, GCC and MSVC reject. However, I think Clang and EDG are correct, and I think GCC considers the rejection to be a bug: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98752
> However, there's still a codegen bug here in that we're storing undef into the empty base class:
```
define linkonce_odr dso_local void @Derived::Derived()(ptr noundef nonnull align 8 dereferenceable(20) %this) unnamed_addr comdat align 2 {
entry:
%this.addr = alloca ptr, align 8
store ptr %this, ptr %this.addr, align 8
tail call void @llvm.dbg.declare(metadata ptr %this.addr, metadata !55, metadata !DIExpression())
%this1 = load ptr, ptr %this.addr, align 8
call void @vec::vec()(ptr noundef nonnull align 8 dereferenceable(20) %this1) #4
%0 = getelementptr inbounds %struct.Base, ptr %this1, i32 0, i32 0
store i8 undef, ptr %0, align 8 // DRAGONS START HERE
ret void
}
```
> I think the issue is that our codegen is getting the initialization wrong with an empty base class and a consteval constructor. You can get the same undef even without multiple base classes: https://godbolt.org/z/GnvvxaTMx
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJykVk1v4zYQ_TX0ZRBBpix_HHxw7Di7h-0Cm6BATwFFjmVuKNIlKefj0N9eDGVbcnbbLVDAMCR-PM4bznsaEYKuLeKSlbes3IxEG_fOLw-uduViVDn1tvzqda2tMOYNPB6cj6hABBBwcBFt1MIAK28Dytbr-AY6hBZZuWF8vo_xEFixYnzL-LZq65DJvXeNbpvM-Zrx7YHxrTHHhvFt2hcY3yqMQhtWbLVixWY6Y3wBVRvhBaFCo_GIEPcI0ims0ULV1rAXAayDPobmYLQUUTsbMnhwjK_B404bbWvQEfboMWP5huWr7v_M8cSQYu5mi7tH8YwgwDj3DCJC3OuQzgZ8Fc3BINzANc_aqcqZeGL4zvg2TO2X6eL-T3sBhfv1GoRV8OXh9zXsjKg7YMqrBfTeeXjZa4OwNsLWIF1z0AZDt2qnLRIlyor0IuwxgLPgW2u1ra-IsUke0Nd4E4QNNwehjUHwqFqJijIRXc91mp9-6TVE38oIR5TAZrfdGIC2ERifM77atVYyvkgvC2DFBmxrzCF6VnxYvQIloviXJUG_42DoiHKAqnAnWhMH838NFsxuQaHBiNAVcDqK1s42J1azzWXrFbFbEXDITDobIh6FSTM9_q-RNuj1ERWwYtXFvu7Bf9hDfBuh7eCALoAzihomZ8f4XGXnVJ9GAc5DBDFY7jG23kLeH3mJ_fpuL7WxEt7ZW2FMIywEQYrrKx--uh2RSTVHxQkWRQRnMTuVJVXw3eYehJR4iLT2qq49fkcZM_jkXvCInuY_E5p9_rjfk569R5lAaPi8kADparRCH5LwO1TtLEQHFWmzamvK_QcZSpnVtj3JsGrrd22MIDXu3ctT1daZrPXZZRbzWcl74oOAI3kF47MAIWpjQFwbD3oEbSHuBRkU4zOPEKLzZDStVbijAncpbmwO8Q0qqgxpRAj_JDyFpG8w2j47K_HJKQ8quCfjpDBwdFoBm-SnciGQYnV-6QqCzw_Rg3Xd-dZZUh0Io2sLc1DocYcerURRGSp0nqdK5CVdND221ooG1ZNQypP1KBFP23lfsGijf7twgPP-LG0i4QpDEQPJne60O_68mnKENNefux6-Jpif7KNPA0hh-kTQ5yNTVZ0plEbQXc0bjCJZzs8AL5OMj8vy48jm893rwWMI2tlzOhcfKI4TPeOEOpP7D4FfxUwukS7u4mT_79LG3XMxGUSapyhrjGiwQRsJXtuKDgg035lX1pndFYUxveuCQ94_XF2bnne1PdiXDyhDJ0DYfFvdf_3tAR4eV98e4dPdt7uBUaVc_MKliruLDZCAUodARpTU5lp_kaIORDSS6NJCq6kt0e-pA4AX72wNLzru08f1gwyT24iB_acnyo3zGfzhWpDCEnyCDqLBk7DxiDahujZC05qoqRvogTH8xJR-6A3u7fH4Kh6_vA6deaSWhVoUCzHC5Xg2nhbz-azgo_0Sx6WaTGfzcl5Oq4WayRwXYjquJuMcq3I6G-klz_kkLzkfT4p5yTNe5ZMyl0U-Kfgu5zM2ybER2mRJN87Xo5TW5aLIJ_nIiApNSM0g55I8mhWrU5YZ59Qh-iXtvKFujtSnQww9VtTR4HLdOySl4Pxlo4x219Anu0tXdH7UerP8kCwd922VSdf0XWI6--Dd9_Sp6JvGLvzjkv8dAAD__wEFVl8">