llvm/llvm-project

Clang ICE: `isa` used on a null pointer

langston-barrett opened this issue · 4 comments

langston-barrett commented

This bug was found with a fuzzer; please feel free to close if it's not helpful.

union { char x[]; } r = {0};

Godbolt

clang++: /root/llvm-project/llvm/include/llvm/Support/Casting.h:109: static bool llvm::isa_impl_cl<To, const From*>::doit(const From*) [with To = clang::Expr; From = clang::Stmt]: Assertion `Val && "isa<> used on a null pointer"' failed.
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.	Program arguments: /opt/compiler-explorer/clang-assertions-trunk/bin/clang++ -gdwarf-4 -g -o /app/output.s -mllvm --x86-asm-syntax=intel -S --gcc-toolchain=/opt/compiler-explorer/gcc-snapshot -fcolor-diagnostics -fno-crash-diagnostics -c -O0 <source>
1.	<source>:1:28: current parser token ';'
 #0 0x0000562510d6649f llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x401f49f)
 #1 0x0000562510d641dc llvm::sys::CleanupOnSignal(unsigned long) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x401d1dc)
 #2 0x0000562510cb12f8 CrashRecoverySignalHandler(int) CrashRecoveryContext.cpp:0:0
 #3 0x00007f9c8f19c420 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x14420)
 #4 0x00007f9c8ec6900b raise (/lib/x86_64-linux-gnu/libc.so.6+0x4300b)
 #5 0x00007f9c8ec48859 abort (/lib/x86_64-linux-gnu/libc.so.6+0x22859)
 #6 0x00007f9c8ec48729 (/lib/x86_64-linux-gnu/libc.so.6+0x22729)
 #7 0x00007f9c8ec59fd6 (/lib/x86_64-linux-gnu/libc.so.6+0x33fd6)
 #8 0x00005625137567eb (anonymous namespace)::SelfReferenceChecker::CheckExpr(clang::Expr*) SemaDecl.cpp:0:0
 #9 0x00005625137aaa8c clang::Sema::AddInitializerToDecl(clang::Decl*, clang::Expr*, bool) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x6a63a8c)
#10 0x000056251347128e clang::Parser::ParseDeclarationAfterDeclaratorAndAttributes(clang::Declarator&, clang::Parser::ParsedTemplateInfo const&, clang::Parser::ForRangeInit*) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x672a28e)
#11 0x0000562513482818 clang::Parser::ParseDeclGroup(clang::ParsingDeclSpec&, clang::DeclaratorContext, clang::ParsedAttributes&, clang::SourceLocation*, clang::Parser::ForRangeInit*) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x673b818)
#12 0x000056251344aeb2 clang::Parser::ParseDeclOrFunctionDefInternal(clang::ParsedAttributes&, clang::ParsedAttributes&, clang::ParsingDeclSpec&, clang::AccessSpecifier) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x6703eb2)
#13 0x000056251344b76f clang::Parser::ParseDeclarationOrFunctionDefinition(clang::ParsedAttributes&, clang::ParsedAttributes&, clang::ParsingDeclSpec*, clang::AccessSpecifier) (.part.0) Parser.cpp:0:0
#14 0x00005625134521f9 clang::Parser::ParseExternalDeclaration(clang::ParsedAttributes&, clang::ParsedAttributes&, clang::ParsingDeclSpec*) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x670b1f9)
#15 0x0000562513452b4d clang::Parser::ParseTopLevelDecl(clang::OpaquePtr<clang::DeclGroupRef>&, clang::Sema::ModuleImportState&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x670bb4d)
#16 0x0000562513453014 clang::Parser::ParseFirstTopLevelDecl(clang::OpaquePtr<clang::DeclGroupRef>&, clang::Sema::ModuleImportState&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x670c014)
#17 0x00005625134469ea clang::ParseAST(clang::Sema&, bool, bool) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x66ff9ea)
#18 0x0000562511f86268 clang::CodeGenAction::ExecuteAction() (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x523f268)
#19 0x00005625117eaf09 clang::FrontendAction::Execute() (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x4aa3f09)
#20 0x000056251176f436 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x4a28436)
#21 0x00005625118cebf7 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x4b87bf7)
#22 0x000056250e2eb5f6 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x15a45f6)
#23 0x000056250e2e741a ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&, llvm::ToolContext const&) driver.cpp:0:0
#24 0x00005625115d819d void llvm::function_ref<void ()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const::'lambda'()>(long) Job.cpp:0:0
#25 0x0000562510cb17e0 llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x3f6a7e0)
#26 0x00005625115d8a5f clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const (.part.0) Job.cpp:0:0
#27 0x00005625115a029c clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&, clang::driver::Command const*&, bool) const (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x485929c)
#28 0x00005625115a0d3d clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&, bool) const (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x4859d3d)
#29 0x00005625115a89ed clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x48619ed)
#30 0x000056250e2e9aa0 clang_main(int, char**, llvm::ToolContext const&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x15a2aa0)
#31 0x000056250e1f54d5 main (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x14ae4d5)
#32 0x00007f9c8ec4a083 __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24083)
#33 0x000056250e2e212e _start (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x159b12e)
clang++: error: clang frontend command failed with exit code 134 (use -v to see invocation)
Compiler returned: 134

I looked for duplicates and didn't find any: https://github.com/llvm/llvm-project/issues?q=is%3Aopen+is%3Aissue+label%3Aclang%3Afrontend+isa+null+pointer

llvmbot commented

@llvm/issue-subscribers-clang-frontend

shafik commented

Confirmed: https://godbolt.org/z/53Mvn8ffx

I think we should issue a diagnostic for this case.

  • 👍1
Fznamznon commented

The diagnostic is not issued because flexible array members in C++ are extension, so adding -Wgnu shows up the warning. In C flexible arrays in union are not allowed, so the diagnostic is issued, but crash still remains. Also, it seems MSVC is fine with code like that - https://godbolt.org/z/o468KGMjf so the code is not completely invalid.
Proposed https://reviews.llvm.org/D147626 as fix.

Fznamznon commented

Reverted the patch.