[clang-tidy] v16.0.0 bugprone-unchecked-optional-access crash with Eigen v3.3.4 matrix member

[HannesFranke-smartoptics]

Dear Clang team: I found a crash in

$ clang-tidy --version
Ubuntu LLVM version 16.0.0
  Optimized build.
$ clang --version
Ubuntu clang version 16.0.0 (++20230324083102+1f9ea2d3f045-1~exp1~20230324083210.63)
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/bin

$ clang-tidy-16 -header-filter=.* -checks=-*,-readability-*,performance-*,modernize-*,misc-*,cppcoreguidelines-*,-cppcoreguidelines-pro-type-vararg,-cppcoreguidelines-pro-bounds-array-to-pointer-decay,bugprone-*,boost-* -p=./json /minimal/minimal.cpp
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace.
Stack dump:
0.      Program arguments: clang-tidy-16 -header-filter=.* -checks=-*,-readability-*,performance-*,modernize-*,misc-*,cppcoreguidelines-*,-cppcoreguidelines-pro-type-vararg,-cppcoreguidelines-pro-bounds-array-to-pointer-decay,bugprone-*,boost-* -p=./json /minimal/minimal.cpp
1.      <eof> parser at end of file
2.      ASTMatcher: Processing 'bugprone-unchecked-optional-access' against:
        FunctionDecl main : </minimal/minimal.cpp:16:1, line:21:1>
--- Bound Nodes Begin ---
    T - { RecordType : std::vector<float> }
    fun - { FunctionDecl main : </minimal/minimal.cpp:16:1, line:21:1> }
--- Bound Nodes End ---
 #0 0x00007ffa40ca7f66 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/lib/x86_64-linux-gnu/libLLVM-16.so.1+0xfbaf66)
 #1 0x00007ffa40ca60a0 llvm::sys::RunSignalHandlers() (/lib/x86_64-linux-gnu/libLLVM-16.so.1+0xfb90a0)
 #2 0x00007ffa40ca8740 (/lib/x86_64-linux-gnu/libLLVM-16.so.1+0xfbb740)
 #3 0x00007ffa4af01420 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x14420)
 #4 0x00007ffa493224fa (/usr/lib/llvm-16/bin/../lib/libclang-cpp.so.16+0x205e4fa)
 #5 0x00007ffa49320e33 clang::dataflow::transfer(clang::dataflow::StmtToEnvMap const&, clang::Stmt const&, clang::dataflow::Environment&) (/usr/lib/llvm-16/bin/../lib/libclang-cpp.so.16+0x205ce33)
 #6 0x00007ffa49324ef9 clang::dataflow::transferCFGBlock(clang::CFGBlock const&, clang::dataflow::AnalysisContext&, std::function<void (clang::CFGElement const&, clang::dataflow::TypeErasedDataflowAnalysisState const&)>) (/usr/lib/llvm-16/bin/../lib/libclang-cpp.so.16+0x2060ef9)
 #7 0x00007ffa493259dc clang::dataflow::runTypeErasedDataflowAnalysis(clang::dataflow::ControlFlowContext const&, clang::dataflow::TypeErasedDataflowAnalysis&, clang::dataflow::Environment const&, std::function<void (clang::CFGElement const&, clang::dataflow::TypeErasedDataflowAnalysisState const&)>) (/usr/lib/llvm-16/bin/../lib/libclang-cpp.so.16+0x20619dc)
 #8 0x0000556f9c3661ec llvm::Expected<std::vector<std::optional<clang::dataflow::DataflowAnalysisState<clang::dataflow::UncheckedOptionalAccessModel::Lattice>>, std::allocator<std::optional<clang::dataflow::DataflowAnalysisState<clang::dataflow::UncheckedOptionalAccessModel::Lattice>>>>> clang::dataflow::runDataflowAnalysis<clang::dataflow::UncheckedOptionalAccessModel>(clang::dataflow::ControlFlowContext const&, clang::dataflow::UncheckedOptionalAccessModel&, clang::dataflow::Environment const&, std::function<void (clang::CFGElement const&, clang::dataflow::DataflowAnalysisState<clang::dataflow::UncheckedOptionalAccessModel::Lattice> const&)>) (/usr/lib/llvm-16/bin/clang-tidy+0x99b1ec)
 #9 0x0000556f9c365ba0 clang::tidy::bugprone::UncheckedOptionalAccessCheck::check(clang::ast_matchers::MatchFinder::MatchResult const&) (/usr/lib/llvm-16/bin/clang-tidy+0x99aba0)
#10 0x0000556f9c91541b (/usr/lib/llvm-16/bin/clang-tidy+0xf4a41b)
#11 0x0000556f9c9463ac clang::ast_matchers::internal::BoundNodesTreeBuilder::visitMatches(clang::ast_matchers::internal::BoundNodesTreeBuilder::Visitor*) (/usr/lib/llvm-16/bin/clang-tidy+0xf7b3ac)
#12 0x0000556f9c914d88 (/usr/lib/llvm-16/bin/clang-tidy+0xf49d88)
#13 0x0000556f9c91777b (/usr/lib/llvm-16/bin/clang-tidy+0xf4c77b)
#14 0x0000556f9c9202bb (/usr/lib/llvm-16/bin/clang-tidy+0xf552bb)
#15 0x0000556f9c917f5b (/usr/lib/llvm-16/bin/clang-tidy+0xf4cf5b)
#16 0x0000556f9c8ea058 clang::ast_matchers::MatchFinder::matchAST(clang::ASTContext&) (/usr/lib/llvm-16/bin/clang-tidy+0xf1f058)
#17 0x00007ffa49aea62c clang::MultiplexConsumer::HandleTranslationUnit(clang::ASTContext&) (/usr/lib/llvm-16/bin/../lib/libclang-cpp.so.16+0x282662c)
#18 0x00007ffa47e911b2 clang::ParseAST(clang::Sema&, bool, bool) (/usr/lib/llvm-16/bin/../lib/libclang-cpp.so.16+0xbcd1b2)
#19 0x00007ffa49ab0a95 clang::FrontendAction::Execute() (/usr/lib/llvm-16/bin/../lib/libclang-cpp.so.16+0x27eca95)
#20 0x00007ffa49a2e604 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/usr/lib/llvm-16/bin/../lib/libclang-cpp.so.16+0x276a604)
#21 0x00007ffa49cc0eb4 clang::tooling::FrontendActionFactory::runInvocation(std::shared_ptr<clang::CompilerInvocation>, clang::FileManager*, std::shared_ptr<clang::PCHContainerOperations>, clang::DiagnosticConsumer*) (/usr/lib/llvm-16/bin/../lib/libclang-cpp.so.16+0x29fceb4)
#22 0x0000556f9ce588df (/usr/lib/llvm-16/bin/clang-tidy+0x148d8df)
#23 0x00007ffa49cc0bd4 clang::tooling::ToolInvocation::runInvocation(char const*, clang::driver::Compilation*, std::shared_ptr<clang::CompilerInvocation>, std::shared_ptr<clang::PCHContainerOperations>) (/usr/lib/llvm-16/bin/../lib/libclang-cpp.so.16+0x29fcbd4)
#24 0x00007ffa49cbfce4 clang::tooling::ToolInvocation::run() (/usr/lib/llvm-16/bin/../lib/libclang-cpp.so.16+0x29fbce4)
#25 0x00007ffa49cc23af clang::tooling::ClangTool::run(clang::tooling::ToolAction*) (/usr/lib/llvm-16/bin/../lib/libclang-cpp.so.16+0x29fe3af)
#26 0x0000556f9ce54c7b clang::tidy::runClangTidy(clang::tidy::ClangTidyContext&, clang::tooling::CompilationDatabase const&, llvm::ArrayRef<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>, llvm::IntrusiveRefCntPtr<llvm::vfs::OverlayFileSystem>, bool, bool, llvm::StringRef) (/usr/lib/llvm-16/bin/clang-tidy+0x1489c7b)
#27 0x0000556f9c1ee1c2 clang::tidy::clangTidyMain(int, char const**) (/usr/lib/llvm-16/bin/clang-tidy+0x8231c2)
#28 0x00007ffa3f7d1083 __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24083)
#29 0x0000556f9c1e94de _start (/usr/lib/llvm-16/bin/clang-tidy+0x81e4de)
/minimal/minimal.cpp: terminated by signal 11

I managed to create a minimal test case:

$ wget https://gitlab.com/libeigen/eigen/-/archive/3.3.4/eigen-3.3.4.tar.bz2
$ tar x -f eigen-3.3.4.tar.bz2 --directory /opt
$ cd /minimal
$ cat json/compile_commands.json
[
    {
        "directory": "/minimal",
        "command": "/usr/bin/clang++ -isystem/opt/eigen-3dc3a0ea2d0773af4c0ffd7bbcb21c608e28fcef -g -DEIGEN_DONT_ALIGN_STATICALLY -Wall -Wextra -Wpedantic -Werror -Wshadow -Wfloat-conversion -Wno-format-security -fdiagnostics-absolute-paths -Wcovered-switch-default -Wimplicit-fallthrough -fdiagnostics-color=always -fPIC -Wno-covered-switch-default -fvisibility=hidden -fopenmp=libomp -std=gnu++17 -Winvalid-pch -o /minimal/minimal.o -c /minimal/minimal.cpp",
        "file": "/minimal/minimal.cpp"
    }
]

$ cat minimal.cpp
#include <Eigen/Dense>
#include <iostream>

struct Data
{
    std::optional<std::vector<float>> data;
    Eigen::Matrix4d mat;
};

namespace lib
{
    std::pair<Data, Data> func(Data&& full);
}

int main()
{
    const auto [a, b] = lib::func(Data{});
    std::cout << a.data.has_value() << std::endl;
    return 0;
}

$ run-clang-tidy -checks=bugprone-unchecked-optional-access -p=/minimal/json

[llvmbot]

@llvm/issue-subscribers-clang-tidy

[5chmidti]

While Eigen 3.3.4 results in a compile error on godbolt with clang-tidy, using 3.3.5, this crash no longer reproduces: https://godbolt.org/z/1vPPPKf6j