Clang crashes processing incorrect code with VLA


Bugzilla Link	43883
Version	trunk
OS	Linux
CC	@zygoloid

Extended Description

Clang crashes with assertion failure in debug mode (at least on 8.0.0 version) and with segmentation fault in release mode (https://godbolt.org/z/q8E5tZ) processing the following text:

int foo();

int main() {
  using X = int[foo()];
  struct S { S() { X x; } } s;
}

Compiling it using clang-8 with no additional options gives this stacktrace in debug mode:

clang-8: llvm-8.0.0.src/tools/clang/lib/CodeGen/CodeGenFunction.cpp:1991:
clang::CodeGen::CodeGenFunction::VlaSizePair clang::CodeGen::CodeGenFunction::getVLASize(const clang::VariableArrayType*):
Assertion `vlaSize && "no size for VLA!"' failed.

Stack dump:
0.      Program arguments: clang-8 -cc1 -triple x86_64-unknown-linux-gnu -emit-obj -mrelax-all -disable-free -main-file-name example.cpp -mrelocation-model static -mthread-model posix -mdisable-fp-elim -fmath-errno -masm-verbose -mconstructor-aliases -munwind-tables -target-cpu x86-64 -dwarf-column-info -debugger-tuning=gdb -resource-dir clang/8.0.0/lib/clang/8.0.0 -internal-isystem /usr/lib64/gcc/x86_64-suse-linux/4.3/../../../../include/c++/4.3 -internal-isystem /usr/lib64/gcc/x86_64-suse-linux/4.3/../../../../include/c++/4.3/x86_64-suse-linux -internal-isystem /usr/lib64/gcc/x86_64-suse-linux/4.3/../../../../include/c++/4.3/backward -internal-isystem /usr/local/include -internal-isystem clang/8.0.0/lib/clang/8.0.0/include -internal-externc-isystem /include -internal-externc-isystem /usr/include -fdeprecated-macro -fdebug-compilation-dir experimental -ferror-limit 19 -fmessage-length 211 -fobjc-runtime=gcc -fcxx-exceptions -fexceptions -fdiagnostics-show-option -fcolor-diagnostics -o /tmp/example-7c9702.o -x c++ example.cpp -faddrsig
1.      <eof> parser at end of file
2.      Per-file LLVM IR generation
3.      example.cpp:5:14: Generating code for declaration 'main()::S::S'
4.      example.cpp:5:18: LLVM IR generation of compound statement ('{}')
 #0 0x00000000018381fa llvm::sys::PrintStackTrace(llvm::raw_ostream&) (clang/8.0.0/bin/clang-8+0x18381fa)
 #1 0x0000000001836145 llvm::sys::RunSignalHandlers() (clang/8.0.0/bin/clang-8+0x1836145)
 #2 0x000000000183625c SignalHandler(int) (clang/8.0.0/bin/clang-8+0x183625c)
 #3 0x00007ffff7bcf850 __restore_rt (/lib64/libpthread.so.0+0xf850)
 #4 0x00007ffff67f8875 __GI_raise (/lib64/libc.so.6+0x32875)
 #5 0x00007ffff67f9e51 __GI_abort (/lib64/libc.so.6+0x33e51)
 #6 0x00007ffff67f1740 __GI___assert_fail (/lib64/libc.so.6+0x2b740)
 #7 0x0000000001aa5b65 clang::CodeGen::CodeGenFunction::getVLASize(clang::VariableArrayType const*) (clang/8.0.0/bin/clang-8+0x1aa5b65)
 #8 0x0000000001aa6477 clang::CodeGen::CodeGenFunction::getVLASize(clang::QualType) (clang/8.0.0/bin/clang-8+0x1aa6477)
 #9 0x0000000001c1f505 clang::CodeGen::CodeGenFunction::EmitAutoVarAlloca(clang::VarDecl const&) (clang/8.0.0/bin/clang-8+0x1c1f505)
#10 0x0000000001c1fcf7 clang::CodeGen::CodeGenFunction::EmitAutoVarDecl(clang::VarDecl const&) (clang/8.0.0/bin/clang-8+0x1c1fcf7)
#11 0x0000000001c1feeb clang::CodeGen::CodeGenFunction::EmitVarDecl(clang::VarDecl const&) (clang/8.0.0/bin/clang-8+0x1c1feeb)
#12 0x0000000001c201cb clang::CodeGen::CodeGenFunction::EmitDecl(clang::Decl const&) (clang/8.0.0/bin/clang-8+0x1c201cb)
#13 0x0000000001a5621f clang::CodeGen::CodeGenFunction::EmitDeclStmt(clang::DeclStmt const&) (clang/8.0.0/bin/clang-8+0x1a5621f)
#14 0x0000000001a6334b clang::CodeGen::CodeGenFunction::EmitSimpleStmt(clang::Stmt const*) (clang/8.0.0/bin/clang-8+0x1a6334b)
#15 0x0000000001a5f550 clang::CodeGen::CodeGenFunction::EmitStmt(clang::Stmt const*, llvm::ArrayRef<clang::Attr const*>) (clang/8.0.0/bin/clang-8+0x1a5f550)
#16 0x0000000001a5fc63 clang::CodeGen::CodeGenFunction::EmitCompoundStmtWithoutScope(clang::CompoundStmt const&, bool, clang::CodeGen::AggValueSlot) (clang/8.0.0/bin/clang-8+0x1a5fc63)
#17 0x0000000001a5ff44 clang::CodeGen::CodeGenFunction::EmitCompoundStmt(clang::CompoundStmt const&, bool, clang::CodeGen::AggValueSlot) (clang/8.0.0/bin/clang-8+0x1a5ff44)
#18 0x0000000001a6339a clang::CodeGen::CodeGenFunction::EmitSimpleStmt(clang::Stmt const*) (clang/8.0.0/bin/clang-8+0x1a6339a)
#19 0x0000000001a5f550 clang::CodeGen::CodeGenFunction::EmitStmt(clang::Stmt const*, llvm::ArrayRef<clang::Attr const*>) (clang/8.0.0/bin/clang-8+0x1a5f550)
#20 0x0000000001c01fa4 clang::CodeGen::CodeGenFunction::EmitConstructorBody(clang::CodeGen::FunctionArgList&) (clang/8.0.0/bin/clang-8+0x1c01fa4)
#21 0x0000000001aa81cb clang::CodeGen::CodeGenFunction::GenerateCode(clang::GlobalDecl, llvm::Function*, clang::CodeGen::CGFunctionInfo const&) (clang/8.0.0/bin/clang-8+0x1aa81cb)
#22 0x0000000001bd4896 clang::CodeGen::CodeGenModule::codegenCXXStructor(clang::CXXMethodDecl const*, clang::CodeGen::StructorType) (clang/8.0.0/bin/clang-8+0x1bd4896)
#23 0x0000000001b21c42 (anonymous namespace)::ItaniumCXXABI::emitCXXStructor(clang::CXXMethodDecl const*, clang::CodeGen::StructorType) (clang/8.0.0/bin/clang-8+0x1b21c42)
#24 0x0000000001ae142d clang::CodeGen::CodeGenModule::EmitGlobalDefinition(clang::GlobalDecl, llvm::GlobalValue*) (clang/8.0.0/bin/clang-8+0x1ae142d)
#25 0x0000000001ae7b2b clang::CodeGen::CodeGenModule::EmitDeferred() (clang/8.0.0/bin/clang-8+0x1ae7b2b)
#26 0x0000000001ae7b45 clang::CodeGen::CodeGenModule::EmitDeferred() (clang/8.0.0/bin/clang-8+0x1ae7b45)
#27 0x0000000001ae7c93 clang::CodeGen::CodeGenModule::Release() (clang/8.0.0/bin/clang-8+0x1ae7c93)
#28 0x000000000234da17 (anonymous namespace)::CodeGeneratorImpl::HandleTranslationUnit(clang::ASTContext&) (clang/8.0.0/bin/clang-8+0x234da17)
#29 0x000000000234c6d6 clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) (clang/8.0.0/bin/clang-8+0x234c6d6)
#30 0x0000000002c2d569 clang::ParseAST(clang::Sema&, bool, bool) (clang/8.0.0/bin/clang-8+0x2c2d569)
#31 0x000000000234b8cc clang::CodeGenAction::ExecuteAction() (clang/8.0.0/bin/clang-8+0x234b8cc)
#32 0x0000000001e984ae clang::FrontendAction::Execute() (clang/8.0.0/bin/clang-8+0x1e984ae)
#33 0x0000000001e5fd3e clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (clang/8.0.0/bin/clang-8+0x1e5fd3e)
#34 0x0000000001f37fea clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (clang/8.0.0/bin/clang-8+0x1f37fea)
#35 0x0000000000a486f0 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (clang/8.0.0/bin/clang-8+0xa486f0)
#36 0x00000000009e53a2 main (clang/8.0.0/bin/clang-8+0x9e53a2)
#37 0x00007ffff67e4c36 __libc_start_main (/lib64/libc.so.6+0x1ec36)
#38 0x0000000000a44569 _start /usr/src/packages/BUILD/glibc-2.11.3/csu/../sysdeps/x86_64/elf/start.S:116:0
clang-8: error: unable to execute command: Aborted
clang-8: error: clang frontend command failed due to signal (use -v to see invocation)
clang version 8.0.0 (tags/RELEASE_800/final)
Target: x86_64-unknown-linux-gnu
Thread model: posix

clang++: /root/llvm-project/clang/lib/CodeGen/CodeGenFunction.cpp:2202:
clang::CodeGen::CodeGenFunction::VlaSizePair clang::CodeGen::CodeGenFunction::getVLASize(const clang::VariableArrayType*):
Assertion `vlaSize && "no size for VLA!"' failed.

PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.  Program arguments: /opt/compiler-explorer/clang-assertions-trunk/bin/clang++ -gdwarf-4 -g -o /app/output.s -mllvm --x86-asm-syntax=intel -S --gcc-toolchain=/opt/compiler-explorer/gcc-snapshot -fcolor-diagnostics -fno-crash-diagnostics <source>
1.  <eof> parser at end of file
2.  Per-file LLVM IR generation
3.  <source>:5:14: Generating code for declaration 'main()::S::S'
4.  <source>:5:18: LLVM IR generation of compound statement ('{}')
 #0 0x0000000003673648 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x3673648)
 #1 0x00000000036714cc llvm::sys::CleanupOnSignal(unsigned long) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x36714cc)
 #2 0x00000000035bed28 CrashRecoverySignalHandler(int) CrashRecoveryContext.cpp:0:0
 #3 0x00007f38fc964420 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x14420)
 #4 0x00007f38fc42700b raise (/lib/x86_64-linux-gnu/libc.so.6+0x4300b)
 #5 0x00007f38fc406859 abort (/lib/x86_64-linux-gnu/libc.so.6+0x22859)
 #6 0x00007f38fc406729 (/lib/x86_64-linux-gnu/libc.so.6+0x22729)
 #7 0x00007f38fc417fd6 (/lib/x86_64-linux-gnu/libc.so.6+0x33fd6)
 #8 0x00000000039f6c97 clang::CodeGen::CodeGenFunction::getVLASize(clang::VariableArrayType const*) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x39f6c97)
 #9 0x0000000003d362eb clang::CodeGen::CodeGenFunction::EmitAutoVarAlloca(clang::VarDecl const&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x3d362eb)
#10 0x0000000003d37343 clang::CodeGen::CodeGenFunction::EmitVarDecl(clang::VarDecl const&) (.part.0) CGDecl.cpp:0:0
#11 0x0000000003d375f0 clang::CodeGen::CodeGenFunction::EmitDecl(clang::Decl const&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x3d375f0)
#12 0x000000000397bf47 clang::CodeGen::CodeGenFunction::EmitDeclStmt(clang::DeclStmt const&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x397bf47)
#13 0x000000000398fd77 clang::CodeGen::CodeGenFunction::EmitSimpleStmt(clang::Stmt const*, llvm::ArrayRef<clang::Attr const*>) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x398fd77)
#14 0x00000000039891c5 clang::CodeGen::CodeGenFunction::EmitStmt(clang::Stmt const*, llvm::ArrayRef<clang::Attr const*>) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x39891c5)
#15 0x000000000398f6ac clang::CodeGen::CodeGenFunction::EmitCompoundStmtWithoutScope(clang::CompoundStmt const&, bool, clang::CodeGen::AggValueSlot) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x398f6ac)
#16 0x000000000398fa94 clang::CodeGen::CodeGenFunction::EmitCompoundStmt(clang::CompoundStmt const&, bool, clang::CodeGen::AggValueSlot) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x398fa94)
#17 0x000000000398fc9e clang::CodeGen::CodeGenFunction::EmitSimpleStmt(clang::Stmt const*, llvm::ArrayRef<clang::Attr const*>) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x398fc9e)
#18 0x00000000039891c5 clang::CodeGen::CodeGenFunction::EmitStmt(clang::Stmt const*, llvm::ArrayRef<clang::Attr const*>) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x39891c5)
#19 0x0000000003d0f9ba clang::CodeGen::CodeGenFunction::EmitConstructorBody(clang::CodeGen::FunctionArgList&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x3d0f9ba)
#20 0x0000000003a006cd clang::CodeGen::CodeGenFunction::GenerateCode(clang::GlobalDecl, llvm::Function*, clang::CodeGen::CGFunctionInfo const&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x3a006cd)
#21 0x0000000003ccdc65 clang::CodeGen::CodeGenModule::codegenCXXStructor(clang::GlobalDecl) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x3ccdc65)
#22 0x0000000003acac3d (anonymous namespace)::ItaniumCXXABI::emitCXXStructor(clang::GlobalDecl) ItaniumCXXABI.cpp:0:0
#23 0x0000000003a5c365 clang::CodeGen::CodeGenModule::EmitGlobalDefinition(clang::GlobalDecl, llvm::GlobalValue*) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x3a5c365)
#24 0x0000000003a67146 clang::CodeGen::CodeGenModule::EmitDeferred() (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x3a67146)
#25 0x0000000003a67098 clang::CodeGen::CodeGenModule::EmitDeferred() (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x3a67098)
#26 0x0000000003a69bf3 clang::CodeGen::CodeGenModule::Release() (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x3a69bf3)
#27 0x00000000048c788a (anonymous namespace)::CodeGeneratorImpl::HandleTranslationUnit(clang::ASTContext&) ModuleBuilder.cpp:0:0
#28 0x00000000048c63bd clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x48c63bd)
#29 0x0000000005d7ff09 clang::ParseAST(clang::Sema&, bool, bool) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x5d7ff09)
#30 0x00000000048c50c8 clang::CodeGenAction::ExecuteAction() (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x48c50c8)
#31 0x000000000412d7d9 clang::FrontendAction::Execute() (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x412d7d9)
#32 0x00000000040b1b6e clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x40b1b6e)
#33 0x000000000420da46 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x420da46)
#34 0x0000000000bcb732 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0xbcb732)
#35 0x0000000000bc3f1a ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&, llvm::ToolContext const&) driver.cpp:0:0
#36 0x0000000003f11a19 void llvm::function_ref<void ()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const::'lambda'()>(long) Job.cpp:0:0
#37 0x00000000035bf1d4 llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x35bf1d4)
#38 0x0000000003f1200f clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const (.part.0) Job.cpp:0:0
#39 0x0000000003ed9f75 clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&, clang::driver::Command const*&, bool) const (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x3ed9f75)
#40 0x0000000003eda9dd clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&, bool) const (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x3eda9dd)
#41 0x0000000003ee2505 clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x3ee2505)
#42 0x0000000000bc99e7 clang_main(int, char**, llvm::ToolContext const&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0xbc99e7)
#43 0x0000000000ac3ab1 main (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0xac3ab1)
#44 0x00007f38fc408083 __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24083)
#45 0x0000000000bc39fe _start (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0xbc39fe)
clang++: error: clang frontend command failed with exit code 134 (use -v to see invocation)

llvm / llvm-project

Clang crashes processing incorrect code with VLA #43228

Extended Description