Segmentation violation with multiple passes

As reported in https://github.com/marxin/cvise/issues/54

For:

clang_delta --version
clang_delta 2.11.0
Git version: 3e1f5a1

(that is, I'm using the llvm-11.0 branch of creduce)

with:

llvm-config --version
11.0.1

and on the following file:

template <typename...> struct a;
template <typename> struct b { b(...); };
namespace {
auto bx() -> b<a<>> {
  using by = b<int>;
  by bz;
  return bz;
}
} // namespace

we get:

for pass in aggregate-to-scalar callexpr-to-value param-to-global param-to-local remove-enum-member-value remove-namespace remove-nested-function remove-unused-function replace-callexpr simplify-callexpr union-to-struct local-to-global param-to-global; do ../clang_delta --transformation=$pass --counter=1 54.cpp; echo $pass has return code: $?; done
aggregate-to-scalar has return code: 139
callexpr-to-value has return code: 139
param-to-global has return code: 139
param-to-local has return code: 139
remove-enum-member-value has return code: 139
remove-namespace has return code: 139
remove-nested-function has return code: 139
remove-unused-function has return code: 139
replace-callexpr has return code: 139
simplify-callexpr has return code: 139
union-to-struct has return code: 139
local-to-global has return code: 139
param-to-global has return code: 139

The crash looks like something:

#0  0x00007ffff5f13a45 in clang::FunctionDecl::getParamDecl (this=<optimized out>, i=0) at ../tools/clang/include/clang/AST/Decl.h:2431
#1  TryMoveInitialization (S=..., Entity=..., NRVOCandidate=<optimized out>, ResultType=..., Value=@0x7fffffffbd78: 0x1edbbb0, ConvertingConstructorsOnly=true,
    Res=...) at ../tools/clang/lib/Sema/SemaStmt.cpp:3108
#2  0x00007ffff5f12891 in clang::Sema::PerformMoveOrCopyInitialization (this=0x1ea8000, Entity=..., NRVOCandidate=<optimized out>, ResultType=..., Value=0x1edbbb0,
    AllowNRVO=<optimized out>) at ../tools/clang/lib/Sema/SemaStmt.cpp:3183
#3  0x00007ffff5f1734b in clang::Sema::BuildReturnStmt (this=<optimized out>, ReturnLoc=..., RetValExp=0x0) at ../tools/clang/lib/Sema/SemaStmt.cpp:3809
#4  0x00007ffff5f1666b in clang::Sema::ActOnReturnStmt (this=0x1ea8000, ReturnLoc=..., RetValExp=<optimized out>, CurScope=0x1deae00)
    at ../tools/clang/lib/Sema/SemaStmt.cpp:3593
#5  0x00007ffff5100c77 in clang::Parser::ParseReturnStatement (this=<optimized out>) at ../tools/clang/lib/Parse/ParseStmt.cpp:2180
#6  0x00007ffff50f9faf in clang::Parser::ParseStatementOrDeclarationAfterAttributes (this=0x1e08b00, Stmts=..., StmtCtx=clang::Parser::ParsedStmtContext::Compound,
    TrailingElseLoc=0x0, Attrs=...) at ../tools/clang/lib/Parse/ParseStmt.cpp:282
#7  0x00007ffff50f94e3 in clang::Parser::ParseStatementOrDeclaration (this=0x1e08b00, Stmts=..., StmtCtx=clang::Parser::ParsedStmtContext::Compound,
    TrailingElseLoc=0x0) at ../tools/clang/lib/Parse/ParseStmt.cpp:106
#8  0x00007ffff5102e13 in clang::Parser::ParseCompoundStatementBody (this=0x1e08b00, isStmtExpr=<optimized out>) at ../tools/clang/lib/Parse/ParseStmt.cpp:1089
#9  0x00007ffff51041a0 in clang::Parser::ParseFunctionStatementBody (this=0x1e08b00, Decl=<optimized out>, BodyScope=...)
    at ../tools/clang/lib/Parse/ParseStmt.cpp:2237
#10 0x00007ffff51207cf in clang::Parser::ParseFunctionDefinition (this=<optimized out>, D=..., TemplateInfo=..., LateParsedAttrs=0x7fffffffc778)
    at ../tools/clang/lib/Parse/Parser.cpp:1339
#11 0x00007ffff506b96e in clang::Parser::ParseDeclGroup (this=0x1e08b00, DS=..., Context=clang::DeclaratorContext::FileContext, DeclEnd=0x0, FRI=<optimized out>)
    at ../tools/clang/lib/Parse/ParseDecl.cpp:1924
#12 0x00007ffff511f474 in clang::Parser::ParseDeclOrFunctionDefInternal (this=0x1e08b00, attrs=..., DS=..., AS=<optimized out>)
    at ../tools/clang/lib/Parse/Parser.cpp:1099
#13 0x00007ffff511edbd in clang::Parser::ParseDeclarationOrFunctionDefinition (this=0x1e08b00, attrs=..., DS=<optimized out>, AS=clang::AS_none)
    at ../tools/clang/lib/Parse/Parser.cpp:1115
#14 0x00007ffff511dc16 in clang::Parser::ParseExternalDeclaration (this=0x1e08b00, attrs=..., DS=0x0) at ../tools/clang/lib/Parse/Parser.cpp:935
#15 0x00007ffff50826fb in clang::Parser::ParseInnerNamespace (this=0x1e08b00, InnerNSs=..., index=<optimized out>, InlineLoc=..., attrs=..., Tracker=...)
    at ../tools/clang/lib/Parse/ParseDeclCXX.cpp:246
#16 0x00007ffff508222d in clang::Parser::ParseNamespace (this=0x1e08b00, Context=<optimized out>, DeclEnd=..., InlineLoc=...)
    at ../tools/clang/lib/Parse/ParseDeclCXX.cpp:224
#17 0x00007ffff5063fc0 in clang::Parser::ParseDeclaration (this=0x1e08b00, Context=<optimized out>, DeclEnd=..., attrs=..., DeclSpecStart=<optimized out>)
    at ../tools/clang/lib/Parse/ParseDecl.cpp:1623
#18 0x00007ffff511d0e9 in clang::Parser::ParseExternalDeclaration (this=0x1e08b00, attrs=..., DS=0x0) at ../tools/clang/lib/Parse/Parser.cpp:725
#19 0x00007ffff511ba2d in clang::Parser::ParseTopLevelDecl (this=0x1e08b00, Result=..., IsFirstDecl=<optimized out>) at ../tools/clang/lib/Parse/Parser.cpp:683
#20 0x00007ffff505195d in clang::ParseAST (S=..., PrintStats=<optimized out>, SkipFunctionBodies=<optimized out>) at ../tools/clang/lib/Parse/ParseAST.cpp:158
#21 0x000000000107f2ba in TransformationManager::doTransformation (this=0x1db6300, ErrorMsg="", ErrorCode=@0x15679e0: -1)
    at /usr/include/clang/Frontend/CompilerInstance.h:505
#22 0x000000000040c2c3 in main (argc=-9744, argv=<optimized out>) at ClangDelta.cpp:228

Oh, wow, actually, this crashes clang:

avj@vistrrdslin0001 ~/clones/creduce/llvm-11.0/clang_delta/ex$ g++-11 -c 54.cpp
avj@vistrrdslin0001 ~/clones/creduce/llvm-11.0/clang_delta/ex$ clang++-12 -c 54.cpp
PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.      Program arguments: clang++-12 -c 54.cpp
1.      54.cpp:7:12: current parser token ';'
2.      54.cpp:3:1: parsing namespace '(anonymous)'
3.      54.cpp:4:21: parsing function body '(anonymous namespace)::bx'
4.      54.cpp:4:21: in compound statement ('{}')
 #0 0x00007f43f67c6c31 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/usr/bin/../lib64/libLLVM.so.12+0x290bc31)
 #1 0x00007f43f67c44e0 llvm::sys::RunSignalHandlers() (/usr/bin/../lib64/libLLVM.so.12+0x29094e0)
 #2 0x00007f43f67c5f6b llvm::sys::CleanupOnSignal(unsigned long) (/usr/bin/../lib64/libLLVM.so.12+0x290af6b)
 #3 0x00007f43f66e04c9 (/usr/bin/../lib64/libLLVM.so.12+0x28254c9)
 #4 0x00007f43f3b103a0 __restore_rt (/usr/bin/../lib64/libc.so.6+0x3d3a0)
 #5 0x00007f43fb99c1dc (/usr/bin/../lib64/libclang-cpp.so.12+0x1d061dc)
 #6 0x00007f43fb99b3b4 clang::Sema::PerformMoveOrCopyInitialization(clang::InitializedEntity const&, clang::VarDecl const*, clang::QualType, clang::Expr*, bool) (/usr/bin/../lib64/libclang-cpp.so.12+0x1d053b4)
 #7 0x00007f43fb99f45c clang::Sema::BuildReturnStmt(clang::SourceLocation, clang::Expr*) (/usr/bin/../lib64/libclang-cpp.so.12+0x1d0945c)
 #8 0x00007f43fb99e699 clang::Sema::ActOnReturnStmt(clang::SourceLocation, clang::Expr*, clang::Scope*) (/usr/bin/../lib64/libclang-cpp.so.12+0x1d08699)
 #9 0x00007f43fabe5216 clang::Parser::ParseReturnStatement() (/usr/bin/../lib64/libclang-cpp.so.12+0xf4f216)
#10 0x00007f43fabddd7b clang::Parser::ParseStatementOrDeclarationAfterAttributes(llvm::SmallVector<clang::Stmt*, 32u>&, clang::Parser::ParsedStmtContext, clang::SourceLocation*, clang::Parser::ParsedAttributesWithRange&) (/usr/bin/../lib64/libclang-cpp.so.12+0xf47d7b)
#11 0x00007f43fabdd138 clang::Parser::ParseStatementOrDeclaration(llvm::SmallVector<clang::Stmt*, 32u>&, clang::Parser::ParsedStmtContext, clang::SourceLocation*) (/usr/bin/../lib64/libclang-cpp.so.12+0xf47138)
#12 0x00007f43fabe7743 clang::Parser::ParseCompoundStatementBody(bool) (/usr/bin/../lib64/libclang-cpp.so.12+0xf51743)
#13 0x00007f43fabe8ab5 clang::Parser::ParseFunctionStatementBody(clang::Decl*, clang::Parser::ParseScope&) (/usr/bin/../lib64/libclang-cpp.so.12+0xf52ab5)
#14 0x00007f43fac04e64 clang::Parser::ParseFunctionDefinition(clang::ParsingDeclarator&, clang::Parser::ParsedTemplateInfo const&, clang::Parser::LateParsedAttrList*) (/usr/bin/../lib64/libclang-cpp.so.12+0xf6ee64)
#15 0x00007f43fab48a61 clang::Parser::ParseDeclGroup(clang::ParsingDeclSpec&, clang::DeclaratorContext, clang::SourceLocation*, clang::Parser::ForRangeInit*) (/usr/bin/../lib64/libclang-cpp.so.12+0xeb2a61)
#16 0x00007f43fac03e13 clang::Parser::ParseDeclOrFunctionDefInternal(clang::Parser::ParsedAttributesWithRange&, clang::ParsingDeclSpec&, clang::AccessSpecifier) (/usr/bin/../lib64/libclang-cpp.so.12+0xf6de13)
#17 0x00007f43fac0377d clang::Parser::ParseDeclarationOrFunctionDefinition(clang::Parser::ParsedAttributesWithRange&, clang::ParsingDeclSpec*, clang::AccessSpecifier) (/usr/bin/../lib64/libclang-cpp.so.12+0xf6d77d)
#18 0x00007f43fac025c6 clang::Parser::ParseExternalDeclaration(clang::Parser::ParsedAttributesWithRange&, clang::ParsingDeclSpec*) (/usr/bin/../lib64/libclang-cpp.so.12+0xf6c5c6)
#19 0x00007f43fab6030b clang::Parser::ParseInnerNamespace(llvm::SmallVector<clang::Parser::InnerNamespaceInfo, 4u> const&, unsigned int, clang::SourceLocation&, clang::ParsedAttributes&, clang::BalancedDelimiterTracker&) (/usr/bin/../lib64/libclang-cpp.so.12+0xeca30b)
#20 0x00007f43fab5fdca clang::Parser::ParseNamespace(clang::DeclaratorContext, clang::SourceLocation&, clang::SourceLocation) (/usr/bin/../lib64/libclang-cpp.so.12+0xec9dca)
#21 0x00007f43fab411eb clang::Parser::ParseDeclaration(clang::DeclaratorContext, clang::SourceLocation&, clang::Parser::ParsedAttributesWithRange&, clang::SourceLocation*) (/usr/bin/../lib64/libclang-cpp.so.12+0xeab1eb)
#22 0x00007f43fac01add clang::Parser::ParseExternalDeclaration(clang::Parser::ParsedAttributesWithRange&, clang::ParsingDeclSpec*) (/usr/bin/../lib64/libclang-cpp.so.12+0xf6badd)
#23 0x00007f43fac0072d clang::Parser::ParseTopLevelDecl(clang::OpaquePtr<clang::DeclGroupRef>&, bool) (/usr/bin/../lib64/libclang-cpp.so.12+0xf6a72d)
#24 0x00007f43fab2dafd clang::ParseAST(clang::Sema&, bool, bool) (/usr/bin/../lib64/libclang-cpp.so.12+0xe97afd)
#25 0x00007f43fbed83b3 clang::CodeGenAction::ExecuteAction() (/usr/bin/../lib64/libclang-cpp.so.12+0x22423b3)
#26 0x00007f43fc984d74 clang::FrontendAction::Execute() (/usr/bin/../lib64/libclang-cpp.so.12+0x2ceed74)
#27 0x00007f43fc90c00d clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/usr/bin/../lib64/libclang-cpp.so.12+0x2c7600d)
#28 0x00007f43fca07fc6 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/usr/bin/../lib64/libclang-cpp.so.12+0x2d71fc6)
#29 0x0000000000213e8b cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/usr/bin/clang-12.0.0+0x213e8b)
#30 0x000000000021205d (/usr/bin/clang-12.0.0+0x21205d)
#31 0x00007f43fc5776d2 (/usr/bin/../lib64/libclang-cpp.so.12+0x28e16d2)
#32 0x00007f43f66dfe65 llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) (/usr/bin/../lib64/libLLVM.so.12+0x2824e65)
#33 0x00007f43fc576f53 clang::driver::CC1Command::Execute(llvm::ArrayRef<llvm::Optional<llvm::StringRef> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, bool*) const (/usr/bin/../lib64/libclang-cpp.so.12+0x28e0f53)
#34 0x00007f43fc549ce3 clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&, clang::driver::Command const*&) const (/usr/bin/../lib64/libclang-cpp.so.12+0x28b3ce3)
#35 0x00007f43fc54a18a clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*> >&)
const (/usr/bin/../lib64/libclang-cpp.so.12+0x28b418a)
#36 0x00007f43fc55f81d clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*> >&)
(/usr/bin/../lib64/libclang-cpp.so.12+0x28c981d)
#37 0x00000000002118f2 main (/usr/bin/clang-12.0.0+0x2118f2)
#38 0x00007f43f3afab35 __libc_start_main (/usr/bin/../lib64/libc.so.6+0x27b35)
#39 0x000000000020ef3e _start (/usr/bin/clang-12.0.0+0x20ef3e)
clang-12.0: error: clang frontend command failed with exit code 139 (use -v to see invocation)
clang version 12.0.0
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /usr/bin
clang-12.0: note: diagnostic msg:
********************

PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang-12.0: note: diagnostic msg: /mnt/baranem/54-beb051.cpp
clang-12.0: note: diagnostic msg: /mnt/baranem/54-beb051.sh
clang-12.0: note: diagnostic msg:

********************

Closing!

csmith-project / creduce

Segmentation violation with multiple passes #237