[LLVMbugs] [Bug 24266] New: crash in clang::getCursorKindForDecl

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Sun Jul 26 07:58:55 PDT 2015 

https://llvm.org/bugs/show_bug.cgi?id=24266

            Bug ID: 24266
           Summary: crash in clang::getCursorKindForDecl
           Product: clang
           Version: unspecified
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: -New Bugs
          Assignee: unassignedclangbugs at nondot.org
          Reporter: mail at milianw.de
                CC: llvmbugs at cs.uiuc.edu
    Classification: Unclassified

Created attachment 14646
  --> https://llvm.org/bugs/attachment.cgi?id=14646&action=edit
g++ -std=c++11 visit.cpp -lclang -o visit

The attached visitor application crashes with clang/llvm compiled from current
release_37 branches, when one runs it on a file containing the following code:

extern _Atomic(int (*)(int(*))) mergetest;

this content I found in clang/test/Sema/atomic-type.c. Valgrind reports:

==4400== Thread 2:
==4400== Conditional jump or move depends on uninitialised value(s)
==4400==    at 0x5640874: getNumBuckets (DenseMap.h:965)
==4400==    by 0x5640874: copyFrom (DenseMap.h:833)
==4400==    by 0x5640874: SmallDenseMap (DenseMap.h:722)
==4400==    by 0x5640874: SharingMapTy (SemaOpenMP.cpp:88)
==4400==    by 0x5640874: _Construct<(anonymous
namespace)::DSAStackTy::SharingMapTy, const (anonymous
namespace)::DSAStackTy::SharingMapTy &> (stl_construct.h:75)
==4400==    by 0x5640874: __uninit_fill<(anonymous
namespace)::DSAStackTy::SharingMapTy *, (anonymous
namespace)::DSAStackTy::SharingMapTy> (stl_uninitialized.h:142)
==4400==    by 0x5640874: uninitialized_fill<(anonymous
namespace)::DSAStackTy::SharingMapTy *, (anonymous
namespace)::DSAStackTy::SharingMapTy> (stl_uninitialized.h:185)
==4400==    by 0x5640874: assign (SmallVector.h:445)
==4400==    by 0x5640874: SmallVector (SmallVector.h:868)
==4400==    by 0x5640874: DSAStackTy (SemaOpenMP.cpp:133)
==4400==    by 0x5640874: clang::Sema::InitDataSharingAttributesStack()
(SemaOpenMP.cpp:647)
==4400==    by 0x5311195:
clang::CompilerInstance::createSema(clang::TranslationUnitKind,
clang::CodeCompleteConsumer*) (CompilerInstance.cpp:521)
==4400==    by 0x53459EC: clang::ASTFrontendAction::ExecuteAction()
(FrontendAction.cpp:534)
==4400==    by 0x5345608: clang::FrontendAction::Execute()
(FrontendAction.cpp:439)
==4400==    by 0x52FFAD3:
clang::ASTUnit::Parse(std::shared_ptr<clang::PCHContainerOperations>,
std::unique_ptr<llvm::MemoryBuffer, std::default_delete<llvm::MemoryBuffer> >)
(ASTUnit.cpp:1146)
==4400==    by 0x530447F:
clang::ASTUnit::LoadFromCompilerInvocation(std::shared_ptr<clang::PCHContainerOperations>,
bool) (ASTUnit.cpp:1889)
==4400==    by 0x5304C6D: clang::ASTUnit::LoadFromCommandLine(char const**,
char const**, std::shared_ptr<clang::PCHContainerOperations>,
llvm::IntrusiveRefCntPtr<clang::DiagnosticsEngine>, llvm::StringRef, bool,
bool, llvm::ArrayRef<std::pair<std::string, llvm::MemoryBuffer*> >, bool, bool,
clang::TranslationUnitKind, bool, bool, bool, bool, bool, bool,
std::unique_ptr<clang::ASTUnit, std::default_delete<clang::ASTUnit> >*)
(ASTUnit.cpp:2004)
==4400==    by 0x5130C71: clang_parseTranslationUnit_Impl(void*)
(CIndex.cpp:3095)
==4400==    by 0x5FD3B3A: operator() (STLExtras.h:88)
==4400==    by 0x5FD3B3A:
llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>)
(CrashRecoveryContext.cpp:316)
==4400==    by 0x5FD3C23: RunSafelyOnThread_Dispatch(void*)
(CrashRecoveryContext.cpp:364)
==4400==    by 0x60093B9: ExecuteOnThread_Dispatch(void*) (Threading.cpp:40)
==4400==    by 0x85E3353: start_thread (in /usr/lib/libpthread-2.21.so)
==4400==  Uninitialised value was created by a stack allocation
==4400==    at 0x563FEBA: clang::Sema::InitDataSharingAttributesStack()
(SemaOpenMP.cpp:646)
==4400== 
mergetest
==4400== Thread 1:
==4400== Invalid read of size 4
==4400==    at 0x53FA715: getKind (DeclBase.h:375)
==4400==    by 0x53FA715: clang::getCursorKindForDecl(clang::Decl const*)
(SemaCodeComplete.cpp:3015)
==4400==    by 0x5149C64: clang::cxcursor::MakeCXCursor(clang::Decl const*,
CXTranslationUnitImpl*, clang::SourceRange, bool) (CXCursor.cpp:78)
==4400==    by 0x512ABDC:
clang::cxcursor::CursorVisitor::VisitFunctionTypeLoc(clang::FunctionTypeLoc,
bool) (CIndex.cpp:1580)
==4400==    by 0x51296A1: VisitFunctionNoProtoTypeLoc (CIndex.cpp:1699)
==4400==    by 0x51296A1: clang::TypeLocVisitor<clang::cxcursor::CursorVisitor,
bool>::Visit(clang::TypeLoc) (TypeNodes.def:80)
==4400==    by 0x51298EB: VisitAtomicTypeLoc (CIndex.cpp:1682)
==4400==    by 0x51298EB: clang::TypeLocVisitor<clang::cxcursor::CursorVisitor,
bool>::Visit(clang::TypeLoc) (TypeNodes.def:107)
==4400==    by 0x51298EB: VisitAtomicTypeLoc (CIndex.cpp:1682)
==4400==    by 0x51298EB: clang::TypeLocVisitor<clang::cxcursor::CursorVisitor,
bool>::Visit(clang::TypeLoc) (TypeNodes.def:107)
==4400==    by 0x51298EB: VisitAtomicTypeLoc (CIndex.cpp:1682)
==4400==    by 0x51298EB: clang::TypeLocVisitor<clang::cxcursor::CursorVisitor,
bool>::Visit(clang::TypeLoc) (TypeNodes.def:107)
==4400==    by 0x512A2FB:
clang::cxcursor::CursorVisitor::VisitDeclaratorDecl(clang::DeclaratorDecl*)
(CIndex.cpp:763)
==4400==    by 0x512AC71:
clang::cxcursor::CursorVisitor::VisitVarDecl(clang::VarDecl*) (CIndex.cpp:872)
==4400==    by 0x5128BC5:
clang::declvisitor::Base<clang::declvisitor::make_ptr,
clang::cxcursor::CursorVisitor, bool>::Visit(clang::Decl*) (DeclNodes.inc:403)
==4400==    by 0x5127A51:
clang::cxcursor::CursorVisitor::VisitChildren(CXCursor) (CIndex.cpp:501)
==4400==    by 0x51273FA: clang::cxcursor::CursorVisitor::Visit(CXCursor, bool)
(CIndex.cpp:220)
==4400==  Address 0x8b0c4480000003b is not stack'd, malloc'd or (recently)
free'd

GDB backtrace is:

Program received signal SIGSEGV, Segmentation fault.
clang::getCursorKindForDecl (D=0xec0344c80000001f) at
/home/milian/projects/src/clang/lib/Sema/SemaCodeComplete.cpp:3015
3015      switch (D->getKind()) {
(gdb) bt
#0  clang::getCursorKindForDecl (D=0xec0344c80000001f) at
/home/milian/projects/src/clang/lib/Sema/SemaCodeComplete.cpp:3015
#1  0x00007ffff5bf7c65 in clang::cxcursor::MakeCXCursor (D=0xec0344c80000001f,
TU=0x7fffec000e20, RegionOfInterest=..., FirstInDeclGroup=true) at
/home/milian/projects/src/clang/tools/libclang/CXCursor.cpp:78
#2  0x00007ffff5bd8bdd in clang::cxcursor::CursorVisitor::VisitFunctionTypeLoc
(this=0x7fffffffc6e8, TL=..., SkipResultType=<optimized out>) at
/home/milian/projects/src/clang/tools/libclang/CIndex.cpp:1580
#3  0x00007ffff5bd76a2 in VisitFunctionNoProtoTypeLoc (this=0x7fffffffc6e8,
TL=...) at /home/milian/projects/src/clang/tools/libclang/CIndex.cpp:1699
#4  clang::TypeLocVisitor<clang::cxcursor::CursorVisitor, bool>::Visit
(this=0x7fffffffc6e8, TyLoc=...) at
/home/milian/projects/src/clang/include/clang/AST/TypeNodes.def:80
#5  0x00007ffff5bd78ec in VisitAtomicTypeLoc (this=<optimized out>, TL=...) at
/home/milian/projects/src/clang/tools/libclang/CIndex.cpp:1682
#6  clang::TypeLocVisitor<clang::cxcursor::CursorVisitor, bool>::Visit
(this=<optimized out>, TyLoc=...) at
/home/milian/projects/src/clang/include/clang/AST/TypeNodes.def:107
#7  0x00007ffff5bd78ec in VisitAtomicTypeLoc (this=<optimized out>, TL=...) at
/home/milian/projects/src/clang/tools/libclang/CIndex.cpp:1682
#8  clang::TypeLocVisitor<clang::cxcursor::CursorVisitor, bool>::Visit
(this=<optimized out>, TyLoc=...) at
/home/milian/projects/src/clang/include/clang/AST/TypeNodes.def:107
#9  0x00007ffff5bd78ec in VisitAtomicTypeLoc (this=<optimized out>, TL=...) at
/home/milian/projects/src/clang/tools/libclang/CIndex.cpp:1682
#10 clang::TypeLocVisitor<clang::cxcursor::CursorVisitor, bool>::Visit
(this=<optimized out>, TyLoc=...) at
/home/milian/projects/src/clang/include/clang/AST/TypeNodes.def:107
#11 0x00007ffff5bd82fc in clang::cxcursor::CursorVisitor::VisitDeclaratorDecl
(this=0x7fffffffc6e8, DD=0x7fffec034708) at
/home/milian/projects/src/clang/tools/libclang/CIndex.cpp:763
#12 0x00007ffff5bd8c72 in clang::cxcursor::CursorVisitor::VisitVarDecl
(this=0x7fffffffc6e8, D=0x7fffec034708) at
/home/milian/projects/src/clang/tools/libclang/CIndex.cpp:872
#13 0x00007ffff5bd6bc6 in
clang::declvisitor::Base<clang::declvisitor::make_ptr,
clang::cxcursor::CursorVisitor, bool>::Visit (this=0x7fffffffc6e8,
D=0x7fffec034708)
    at /home/milian/projects/build/clang/include/clang/AST/DeclNodes.inc:403
#14 0x00007ffff5bd5a52 in clang::cxcursor::CursorVisitor::VisitChildren
(this=0x7fffffffc6e8, Cursor=...) at
/home/milian/projects/src/clang/tools/libclang/CIndex.cpp:501
#15 0x00007ffff5bd53fb in clang::cxcursor::CursorVisitor::Visit
(this=0x7fffffffc6e8, Cursor=..., CheckedRegionOfInterest=<optimized out>) at
/home/milian/projects/src/clang/tools/libclang/CIndex.cpp:220
#16 0x00007ffff5bd7585 in clang::cxcursor::CursorVisitor::VisitDeclContext
(this=0x7fffffffc6e8, DC=0x7fffec033b20) at
/home/milian/projects/src/clang/tools/libclang/CIndex.cpp:658
#17 0x00007ffff5bd5e8f in clang::cxcursor::CursorVisitor::VisitChildren
(this=0x7fffffffc6e8, Cursor=...) at
/home/milian/projects/src/clang/tools/libclang/CIndex.cpp:533
#18 0x00007ffff5be04a5 in clang_visitChildren (parent=..., visitor=0x4008f6
<visitCursor(CXCursor, CXCursor, void*)>, client_data=0x0) at
/home/milian/projects/src/clang/tools/libclang/CIndex.cpp:3561
#19 0x00000000004009ec in main ()

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20150726/46439dd3/attachment.html>

More information about the llvm-bugs mailing list