<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/114475>114475</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            clang's constant evaluation crashes
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            clang
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          ahatanak
      </td>
    </tr>
</table>

<pre>
    clang crashes compiling the following code:

```
struct S { int a, b; };

constexpr auto offset_of_b(S* s = nullptr) {
    auto* mp = &s->b;
    return static_cast<char*>(static_cast<void*>(mp))
        - static_cast<char*>(static_cast<void*>(s));
}

auto o = offset_of_b();
```

I believe the code has undefined behavior, but clang shouldn't crash regardless.

```
Stack dump:
0.      Program arguments: /opt/compiler-explorer/clang-trunk/bin/clang++ -gdwarf-4 -g -o /app/output.s -fno-verbose-asm -S -target aarch64-linux-gnu --gcc-toolchain=/opt/compiler-explorer/arm64/gcc-12.2.0/aarch64-unknown-linux-gnu --sysroot=/opt/compiler-explorer/arm64/gcc-12.2.0/aarch64-unknown-linux-gnu/aarch64-unknown-linux-gnu/sysroot -fcolor-diagnostics -fno-crash-diagnostics -std=c++20 <source>
1.      <source>:9:23: current parser token ';'
 #0 0x0000000003972448 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/opt/compiler-explorer/clang-trunk/bin/clang+++0x3972448)
 #1 0x0000000003970594 llvm::sys::CleanupOnSignal(unsigned long) (/opt/compiler-explorer/clang-trunk/bin/clang+++0x3970594)
 #2 0x00000000038c1138 CrashRecoverySignalHandler(int) CrashRecoveryContext.cpp:0:0
 #3 0x00007b7e8b242520 (/lib/x86_64-linux-gnu/libc.so.6+0x42520)
 #4 0x0000000007460ea0 clang::ASTContext::getRecordType(clang::RecordDecl const*) const (/opt/compiler-explorer/clang-trunk/bin/clang+++0x7460ea0)
 #5 0x0000000007761407 (anonymous namespace)::PointerExprEvaluator::VisitCastExpr(clang::CastExpr const*) ExprConstant.cpp:0:0
 #6 0x0000000007728af5 clang::StmtVisitorBase<llvm::make_const_ptr, (anonymous namespace)::PointerExprEvaluator, bool>::Visit(clang::Stmt const*) ExprConstant.cpp:0:0
 #7 0x000000000776670a (anonymous namespace)::IntExprEvaluator::VisitBinaryOperator(clang::BinaryOperator const*) ExprConstant.cpp:0:0
 #8 0x00000000077368ba clang::StmtVisitorBase<llvm::make_const_ptr, (anonymous namespace)::IntExprEvaluator, bool>::Visit(clang::Stmt const*) ExprConstant.cpp:0:0
 #9 0x00000000076fe8b6 Evaluate(clang::APValue&, (anonymous namespace)::EvalInfo&, clang::Expr const*) ExprConstant.cpp:0:0
#10 0x000000000770fac3 EvaluateStmt((anonymous namespace)::StmtResult&, (anonymous namespace)::EvalInfo&, clang::Stmt const*, clang::SwitchCase const*) (.part.0) ExprConstant.cpp:0:0
#11 0x000000000770e558 EvaluateStmt((anonymous namespace)::StmtResult&, (anonymous namespace)::EvalInfo&, clang::Stmt const*, clang::SwitchCase const*) (.part.0) ExprConstant.cpp:0:0
#12 0x0000000007713276 HandleFunctionCall(clang::SourceLocation, clang::FunctionDecl const*, (anonymous namespace)::LValue const*, clang::Expr const*, llvm::ArrayRef<clang::Expr const*>, (anonymous namespace)::CallRef, clang::Stmt const*, (anonymous namespace)::EvalInfo&, clang::APValue&, (anonymous namespace)::LValue const*) (.isra.0) ExprConstant.cpp:0:0
#13 0x00000000077350ab (anonymous namespace)::IntExprEvaluator::VisitCallExpr(clang::CallExpr const*) ExprConstant.cpp:0:0
#14 0x0000000007736076 clang::StmtVisitorBase<llvm::make_const_ptr, (anonymous namespace)::IntExprEvaluator, bool>::Visit(clang::Stmt const*) ExprConstant.cpp:0:0
#15 0x00000000076fe8b6 Evaluate(clang::APValue&, (anonymous namespace)::EvalInfo&, clang::Expr const*) ExprConstant.cpp:0:0
#16 0x0000000007714f1a EvaluateInPlace(clang::APValue&, (anonymous namespace)::EvalInfo&, (anonymous namespace)::LValue const&, clang::Expr const*, bool) ExprConstant.cpp:0:0
#17 0x000000000771ddcd clang::Expr::EvaluateAsInitializer(clang::APValue&, clang::ASTContext const&, clang::VarDecl const*, llvm::SmallVectorImpl<std::pair<clang::SourceLocation, clang::PartialDiagnostic>>&, bool) const (/opt/compiler-explorer/clang-trunk/bin/clang+++0x771ddcd)
#18 0x000000000762fa96 clang::VarDecl::evaluateValueImpl(llvm::SmallVectorImpl<std::pair<clang::SourceLocation, clang::PartialDiagnostic>>&, bool) const (/opt/compiler-explorer/clang-trunk/bin/clang+++0x762fa96)
#19 0x000000000762fdde clang::VarDecl::checkForConstantInitialization(llvm::SmallVectorImpl<std::pair<clang::SourceLocation, clang::PartialDiagnostic>>&) const (/opt/compiler-explorer/clang-trunk/bin/clang+++0x762fdde)
#20 0x00000000066a14fb clang::Sema::CheckCompleteVariableDeclaration(clang::VarDecl*) (/opt/compiler-explorer/clang-trunk/bin/clang+++0x66a14fb)
#21 0x00000000066a658d clang::Sema::AddInitializerToDecl(clang::Decl*, clang::Expr*, bool) (/opt/compiler-explorer/clang-trunk/bin/clang+++0x66a658d)
#22 0x00000000063167aa clang::Parser::ParseDeclarationAfterDeclaratorAndAttributes(clang::Declarator&, clang::Parser::ParsedTemplateInfo const&, clang::Parser::ForRangeInit*) (/opt/compiler-explorer/clang-trunk/bin/clang+++0x63167aa)
#23 0x000000000632c4fc clang::Parser::ParseDeclGroup(clang::ParsingDeclSpec&, clang::DeclaratorContext, clang::ParsedAttributes&, clang::Parser::ParsedTemplateInfo&, clang::SourceLocation*, clang::Parser::ForRangeInit*) (/opt/compiler-explorer/clang-trunk/bin/clang+++0x632c4fc)
#24 0x00000000062db1d7 clang::Parser::ParseDeclOrFunctionDefInternal(clang::ParsedAttributes&, clang::ParsedAttributes&, clang::ParsingDeclSpec&, clang::AccessSpecifier) (/opt/compiler-explorer/clang-trunk/bin/clang+++0x62db1d7)
#25 0x00000000062dbff3 clang::Parser::ParseDeclarationOrFunctionDefinition(clang::ParsedAttributes&, clang::ParsedAttributes&, clang::ParsingDeclSpec*, clang::AccessSpecifier) (/opt/compiler-explorer/clang-trunk/bin/clang+++0x62dbff3)
#26 0x00000000062e58e2 clang::Parser::ParseExternalDeclaration(clang::ParsedAttributes&, clang::ParsedAttributes&, clang::ParsingDeclSpec*) (/opt/compiler-explorer/clang-trunk/bin/clang+++0x62e58e2)
#27 0x00000000062e7178 clang::Parser::ParseTopLevelDecl(clang::OpaquePtr<clang::DeclGroupRef>&, clang::Sema::ModuleImportState&) (/opt/compiler-explorer/clang-trunk/bin/clang+++0x62e7178)
#28 0x00000000062d584a clang::ParseAST(clang::Sema&, bool, bool) (/opt/compiler-explorer/clang-trunk/bin/clang+++0x62d584a)
#29 0x00000000042b8035 clang::CodeGenAction::ExecuteAction() (/opt/compiler-explorer/clang-trunk/bin/clang+++0x42b8035)
#30 0x0000000004580d91 clang::FrontendAction::Execute() (/opt/compiler-explorer/clang-trunk/bin/clang+++0x4580d91)
#31 0x0000000004500c5b clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/opt/compiler-explorer/clang-trunk/bin/clang+++0x4500c5b)
#32 0x00000000046651b3 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/opt/compiler-explorer/clang-trunk/bin/clang+++0x46651b3)
#33 0x0000000000cec6cc cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/opt/compiler-explorer/clang-trunk/bin/clang+++0xcec6cc)
#34 0x0000000000ce512d ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&, llvm::ToolContext const&) driver.cpp:0:0
#35 0x00000000042ffe59 void llvm::function_ref<void ()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const::'lambda'()>(long) Job.cpp:0:0
#36 0x00000000038c1563 llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) (/opt/compiler-explorer/clang-trunk/bin/clang+++0x38c1563)
#37 0x0000000004300079 clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const (.part.0) Job.cpp:0:0
#38 0x00000000042c7a1d clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&, clang::driver::Command const*&, bool) const (/opt/compiler-explorer/clang-trunk/bin/clang+++0x42c7a1d)
#39 0x00000000042c8a1d clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&, bool) const (/opt/compiler-explorer/clang-trunk/bin/clang+++0x42c8a1d)
#40 0x00000000042d1fcc clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&) (/opt/compiler-explorer/clang-trunk/bin/clang+++0x42d1fcc)
#41 0x0000000000ce9421 clang_main(int, char**, llvm::ToolContext const&) (/opt/compiler-explorer/clang-trunk/bin/clang+++0xce9421)
#42 0x0000000000bba574 main (/opt/compiler-explorer/clang-trunk/bin/clang+++0xbba574)
#43 0x00007b7e8b229d90 (/lib/x86_64-linux-gnu/libc.so.6+0x29d90)
#44 0x00007b7e8b229e40 __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e40)
#45 0x0000000000ce4bce _start (/opt/compiler-explorer/clang-trunk/bin/clang+++0xce4bce)
clang++: error: clang frontend command failed with exit code 139 (use -v to see invocation)
Compiler returned: 139
```
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJzkWltv2zoS_jXMC2FDoq5-yIPjJGdz0EWLOuirQVEjmxua1JJUmuyvX1CSHVG2c-lxDtDdIE1tXr_5ZjgzvFBj-FoCXKLkCiXXF7SxG6Uv6YZaKunDRaHK50smqFxjpqnZgMFMbWsuuFxjuwFcKSHUT_eNqRJQNEfBNQp2f9Og_22_GqsbZvESo-wKc2kxRWSBCxRdYZRdo-hq2JcpaSw81RrTxiqsqsqAXalqVSCSLxGZY4NRdI1lI0RtNSIzN2zXF2Pc9nKttnXbDJHUTFB0U-yncY002EZLbCy1nK0YNRZFC7ahGpE5im4Qyf2qR8XLfdW2RmTmfvfDuZ_JL45m-sH2LGTXQzo6ElpRfCq8Pj7f3d87XIDg8AitvpyW8IYa3MgSKi6hxAVs6CNXulVGY3GnbrNRjSglIpntVI81rKkuBRgzfUXJS0vZAy6bbb03hmCKgtk3rdaabjHV62YL0hoUzTEit6q2iNx2RgV6Ak-1UBq0K3M4JlY38gGR24LLXRkiV4hc4cm6_El1NYnxZI0nyg1G69oN2di6sVODJ5VUk0fQhTIwoWaLJ0s8sVSvwWJKNduk8URw2TxN1rLBk8masYlVSrAN5RJF16_Co3qbxojcuk4hmZJp4Ar7URv5INVP6Y1uno1Wyp533Dfq-jnxpGJKKD0pOV1LZSxnPTutav1iY0sUXbOOZRJgFC2MajQDZ6itQkOnUK84ms9QNCeRUyprtAZpcU21AY2tegCJEcmcmZKsXy2IRAEOnoLdTzTLSBznWIjHrTOcaG6eTffhm-bStmZ1rykDRPKXRpr-XCljNdAtIqmzYC5t6wvcyvh140LkKnjqMb0scUSicAQ6SGbxMdALAVQ29Ve55GtJBSJ5I1tXW2Kh3Cxng-gQeBCJBzFnYRjleOH0_B2YegT93GH6B5WlcDPlPWdem4WSFp7slNVuIQftv_0UUT9FVmSQFyQmibOTVh7BC0Run_J0NVxcXQWbGjVNW-BtFw92PISdxWkANOh8UcfofHnfY-q-r8E6rLq8f66dUQyaduXXwARuw4hzsmTWfT4L7T08D3_i4c_SMA4yNxmVSj5vVWOwpFswdWvCs960FZcW9M1TrW8eqWioVbqr-cENtwtqrKvzpduVerK5goX7TuUJnaU-PpLTKhnyu7Rb286q9BU1gKLFi1lv6QOs2ulWbaxd_JJgLr4oJTp_sZPRl82B-KBc2Yj3NAvoW_DupD3F-RWXVD9_rUF3mIfo_LoP4sx9nFGaF_TT-D8Q8HO4n3kypRXkRYr7SUdrcv7tBxUN9F76DfhuiDtZqb71YJgPGr7z2IFPfFBRFu1BOqFbj_AqHtfqO5hG2L-Kf0SyX_eTW7ZZUAOehIjk05pq6xKB98gbjuSFJMn_l-UlvrxhRLIUd8HttpHMciUXVIiRsbepyxfFqKsfAdt1G0WQN2n40pr4KXFHprsYpA1zrenzd6jcfuFUB7dLeBOBE9SN84YSflmdH1rFB3R0uuVG0_fqNho5zSSgxV9w7o6eYwG1K_2gX4nHDj3I0t_ZoTuZkt_BoY8ymTCuQroHeSe_iW6XcCasHzLyN6TrdfYuKUd5TViWrBwP_QLYiT43d5JbTgX_D-jXCDiaVZ8S4QfVB37wxZCXWyrED2BW6bttLdym0G0fXVVNufYd2qtO9xvVDvv1fivamvZND2jH2xlz-I7SfQ7vOPdztJRUdJYe4aL7Aj3tLbOt8MOd6W9MTCe3R8xsTExZwkli2AbYw63a2_feKnvp_naWzs1OWcKQHeJlmGlKw7gqvEgAW9qHGkfNQm1rAc5wNKeFAMcc1TtyjrC6j51_GX0PzkMfjtCnSV4eRz8vy4GHuVcduCHiPdwDLzjyf2cSxmH1hPGSwTQK04zSkZkY0IPPA_LnlQW9-670XJZzazUvGgvmUEzabxDH_vJghvIetrVoQ1OlTnnZYa9bpb9TuQbH9Tl137Hh0RX5dBEWV-xNuv7Qqql9Qlwdl2tXu6yBHcr3wtjuEOeI_B7fH-P1yM5j5C3GRvm3MN4S6jHuZY0pKYuwzN5k_Kt-2ZJUd9KC7s4UP07gmy1e1eKcMTDG1fGKgz4bTx0NHk_JmKeqit67kD26uPNYY8_6KWyNLewT2aqqyGMr9dmCJAfyKls3T50RnYw9n8XQuThoRfQ4yEYcZGGWv8rBvaq_wCOIwzD2tab_buCbHSUge-fXbtVvjvicfaj8pyob4bJCpe3Stpun9IzCO9k84fPRckny-DDuzZf3ox2iwzvMI88coDscHlAvk4xJkQeRdwy9UCX8AXLeLt9d-gCssdAXtVeeZ4HXzz6E519KxUkelLPQOxrSLnzJ8gi-cyLrJvaQhT6yIGBJ4RPXzXXXJt0MjnN3WpTz2WcPzkPv5WVxmiZhEfkpYovzRYjHfeDOXxPyfC6lB-Wh9tKjgAFLGcOMhast5f5GZniCt6EHx3Z-GVng3d3_mcB30Dzs8Qh7EpIS72hehPftOn91K3YoSOpv_t0Yh6cHM1xq_gj66LGGf00Wk6qCZNayMRi36qP3SreEtrW7pw79cRejQhSUPawq6fvobu7eWhbhQm23VJbjhXpUcfutp6rd7FR4R3ZLq7lc956_0-q-w2rFnp7CsPtSUMPZyrTN9w9ABo1dwcpqyq3ZVY-Go0I461d6UO-aDHZQLxeaXRdEMkG3RUkRyV6oIvnusvlPVRzXRzq-LU7SaKCKY3fCXc33Ri5pBeLZo_N11Z3r1ruD6Zm7F_3jKAiCbIb_n-1idI9y0gByf0GyjIblSeJahdGD0Ldj0_PVo46uwand7ytN5592ztXL6lnRKDth-S-Q8acqzGkm_lTFF27809aPnIe1bzXeT97nHhX2DA0pjP0MipRhxdgpuNeDz14GcCT0n6L-b6TwXGlny4lHWjgK1rOY9GnnLtXYge6fE47P4U-F4vMkFw6Oh9dL54KioEkWY4f0LBN243kTjl4ckVk5--CLo7aLN2Y8HhPiAK9WrtvKWKrtaiDRu2eB2J8lGak2LhjgbvwzaceNuJ9yWB3NMWjd3oD2rzqrPufHrLfyinIBJf7J7QbDE7fdA9Ewai2nMYAnj9gqbAAwH-Tk_WS7dLx_SAtunbnOo5ehF-VlVM6iGb2AyzCLgjiMs4RcbC6jJKdFTsIkTsIyzIGWwAIoyiRLg4oF-QW_JAGJwyAKCYmThEwzyiIaRVGWBmlZ5gzFAWwpF1O3FKZKry-4MQ1chmEcZ8mFoAUI075uJqSnhqDk-kJfug6TolkbFAeCG2tehrDcCrjsm2emW1BUWtxf-XAld8-hLxotLjfW1u27P3KLyO2a201TTJnaOutwK7T7b1Jr9S9gTtctRoPIbQ_z8ZL8NwAA__-Be9oR">