[fuzz] Assertion `DD && "queried property of class with no definition"' failed.

[llvmbot]

Bugzilla Link	21867
Resolution	FIXED
Resolved on	Oct 21, 2016 17:52
Version	trunk
OS	Linux
Blocks	#23431
Attachments	test case
Reporter	LLVM Bugzilla Contributor
CC	@rnk

Extended Description

Fuzzing discovered that the attached test case, when given as input to

clang -fno-crash-diagnostics -std=c++11 -xc++ -c -emit-llvm

causes this assertion failure:

clang-3.6: tools/clang/include/clang/AST/DeclCXX.h:592: struct DefinitionData &clang::CXXRecordDecl::data() const: Assertion `DD && "queried property of class with no definition"' failed.

[llvmbot]

I see this assertion with the recent clang/llvm/lldb (while gdb works fine):
llvm: 1f22900
clang: 3457cd5
lldb: 942b4a2

• thread #​1: tid = 7735, 0x00007fffe47091e2 libclangParse.so.3clang::Parser::ParsePostfixExpressionSuffix(this=0x00000000006b2910, LHS=(PtrWithInvalid = 6900008)) + 34 at ParseExpr.cpp:1323, name = 'clang', stop reason = breakpoint 5.1 frame #​0: 0x00007fffe47091e2 libclangParse.so.3clang::Parser::ParsePostfixExpressionSuffix(this=0x00000000006b2910, LHS=(PtrWithInvalid = 6900008)) + 34 at ParseExpr.cpp:1323
  1320 Parser::ParsePostfixExpressionSuffix(ExprResult LHS) {
  1321 // Now that the primary-expression piece of the postfix-expression has been
  1322 // parsed, see if there are any postfix-expression pieces here.
  -> 1323 SourceLocation Loc;
  1324 while (1) {
  1325 switch (Tok.getKind()) {
  1326 case tok::code_completion:
  (lldb) p Tok.getKind()
  lldb: ../tools/clang/include/clang/AST/DeclCXX.h:592: clang::CXXRecordDecl::DefinitionData& clang::CXXRecordDecl::data() const: Assertion `DD && "queried property of class with no definition"' failed.

(gdb) bt
#​0 0x00007f8c200d7407 in __GI_raise (sig=sig@entry=6) at raise.c:56
#​1 0x00007f8c200da508 in __GI_abort () at abort.c:89
#​2 0x00007f8c200d0516 in __assert_fail_base (fmt=0x7f8c20206d00 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n",
assertion=assertion@entry=0x7f8c23b2a0f0 "DD && "queried property of class with no definition"",
file=file@entry=0x7f8c23b2a0c0 "../tools/clang/include/clang/AST/DeclCXX.h", line=line@entry=592,
function=function@entry=0x7f8c23b2b840 <clang::CXXRecordDecl::data() const::PRETTY_FUNCTION> "clang::CXXRecordDecl::DefinitionData& clang::CXXRecordDecl::data() const") at assert.c:92
#​3 0x00007f8c200d05c2 in __GI___assert_fail (assertion=0x7f8c23b2a0f0 "DD && "queried property of class with no definition"",
file=0x7f8c23b2a0c0 "../tools/clang/include/clang/AST/DeclCXX.h", line=592,
function=0x7f8c23b2b840 <clang::CXXRecordDecl::data() const::PRETTY_FUNCTION> "clang::CXXRecordDecl::DefinitionData& clang::CXXRecordDecl::data() const") at assert.c:101
#​4 0x00007f8c238203c2 in clang::CXXRecordDecl::data (this=0x111feeb0) at DeclCXX.h:592
#​5 0x00007f8c2386a088 in clang::CXXRecordDecl::bases_begin (this=0x111feeb0) at DeclCXX.h:721
#​6 0x00007f8c2386a0ab in clang::CXXRecordDecl::bases_end (this=0x111feeb0) at DeclCXX.h:724
#​7 0x00007f8c2386a03d in clang::CXXRecordDecl::bases (this=0x111feeb0) at DeclCXX.h:717
#​8 0x00007f8c23ac59be in isSafeToConvert (RD=0x111feeb0, CGT=..., AlreadyChecked=...) at CodeGenTypes.cpp:135
#​9 0x00007f8c23ac5b80 in isSafeToConvert (T=..., CGT=..., AlreadyChecked=...) at CodeGenTypes.cpp:161
#​10 0x00007f8c23ac5ae2 in isSafeToConvert (RD=0xbf194b0, CGT=..., AlreadyChecked=...) at CodeGenTypes.cpp:144
#​11 0x00007f8c23ac5c5b in isSafeToConvert (RD=0xbf194b0, CGT=...) at CodeGenTypes.cpp:182
#​12 0x00007f8c23ac7257 in clang::CodeGen::CodeGenTypes::ConvertRecordDeclType (this=0x9fd4f00, RD=0xbf194b0) at CodeGenTypes.cpp:654
#​13 0x00007f8c23ac6119 in clang::CodeGen::CodeGenTypes::ConvertType (this=0x9fd4f00, T=...) at CodeGenTypes.cpp:304
#​14 0x00007f8c23ac57cc in clang::CodeGen::CodeGenTypes::ConvertTypeForMem (this=0x9fd4f00, T=...) at CodeGenTypes.cpp:85
#​15 0x00007f8c23ac64e9 in clang::CodeGen::CodeGenTypes::ConvertType (this=0x9fd4f00, T=...) at CodeGenTypes.cpp:416
#​16 0x00007f8c23ac57cc in clang::CodeGen::CodeGenTypes::ConvertTypeForMem (this=0x9fd4f00, T=...) at CodeGenTypes.cpp:85
#​17 0x00007f8c239bcdfc in (anonymous namespace)::CGRecordLowering::getStorageType (this=0x7fffa0c8e140, FD=0xbf195b0)
at CGRecordLayoutBuilder.cpp:121
#​18 0x00007f8c239bdc90 in (anonymous namespace)::CGRecordLowering::accumulateFields (this=0x7fffa0c8e140)
at CGRecordLayoutBuilder.cpp:350
#​19 0x00007f8c239bd49b in (anonymous namespace)::CGRecordLowering::lower (this=0x7fffa0c8e140, NVBaseType=false)
at CGRecordLayoutBuilder.cpp:259
#​20 0x00007f8c239bfb23 in clang::CodeGen::CodeGenTypes::ComputeRecordLayout (this=0x9fd4f00, D=0x9fdbb80, Ty=0x9fd7470)
at CGRecordLayoutBuilder.cpp:673
#​21 0x00007f8c23ac73bd in clang::CodeGen::CodeGenTypes::ConvertRecordDeclType (this=0x9fd4f00, RD=0x9fdbb80) at CodeGenTypes.cpp:674
#​22 0x00007f8c23ac6119 in clang::CodeGen::CodeGenTypes::ConvertType (this=0x9fd4f00, T=...) at CodeGenTypes.cpp:304
#​23 0x00007f8c23ac57cc in clang::CodeGen::CodeGenTypes::ConvertTypeForMem (this=0x9fd4f00, T=...) at CodeGenTypes.cpp:85
#​24 0x00007f8c23ac6567 in clang::CodeGen::CodeGenTypes::ConvertType (this=0x9fd4f00, T=...) at CodeGenTypes.cpp:424
#​25 0x00007f8c23b0ebbb in (anonymous namespace)::X86_64ABIInfo::classifyArgumentType (this=0x9fd1310, Ty=..., freeIntRegs=6,
neededInt=@0x7fffa0c8eb1c: 1, neededSSE=@0x7fffa0c8eb18: 0, isNamedArg=true) at TargetInfo.cpp:2647
#​26 0x00007f8c23b0f066 in (anonymous namespace)::X86_64ABIInfo::computeInfo (this=0x9fd1310, FI=...) at TargetInfo.cpp:2752
#​27 0x00007f8c238773e9 in clang::CodeGen::CodeGenTypes::arrangeLLVMFunctionInfo (this=0x9fd4f00, resultType=..., instanceMethod=true,
chainCall=false, argTypes=..., info=..., required=...) at CGCall.cpp:495
#​28 0x00007f8c238759b7 in arrangeLLVMFunctionInfo (CGT=..., instanceMethod=true, prefix=..., FTP=...) at CGCall.cpp:105
#​29 0x00007f8c23875c58 in clang::CodeGen::CodeGenTypes::arrangeCXXMethodType (this=0x9fd4f00, RD=0x9fdbb80, FTP=0x9fdbe20)
at CGCall.cpp:168
#​30 0x00007f8c23875d54 in clang::CodeGen::CodeGenTypes::arrangeCXXMethodDeclaration (this=0x9fd4f00, MD=0xfc46670) at CGCall.cpp:185
#​31 0x00007f8c23876368 in clang::CodeGen::CodeGenTypes::arrangeFunctionDeclaration (this=0x9fd4f00, FD=0xfc46670) at CGCall.cpp:259
#​32 0x00007f8c238768f9 in clang::CodeGen::CodeGenTypes::arrangeGlobalDeclaration (this=0x9fd4f00, GD=...) at CGCall.cpp:331
#​33 0x00007f8c23a15a54 in clang::CodeGen::CodeGenModule::EmitGlobalFunctionDefinition (this=0x9fd4e40, GD=..., GV=0x0)
at CodeGenModule.cpp:2398
#​34 0x00007f8c23a12b98 in clang::CodeGen::CodeGenModule::EmitGlobalDefinition (this=0x9fd4e40, GD=..., GV=0x0) at CodeGenModule.cpp:1523
#​35 0x00007f8c23a12438 in clang::CodeGen::CodeGenModule::EmitGlobal (this=0x9fd4e40, GD=...) at CodeGenModule.cpp:1387
#​36 0x00007f8c23a197ca in clang::CodeGen::CodeGenModule::EmitTopLevelDecl (this=0x9fd4e40, D=0xfc46670) at CodeGenModule.cpp:3251
#​37 0x00007f8c23b04a35 in (anonymous namespace)::CodeGeneratorImpl::HandleTopLevelDecl (this=0x9fa3310, DG=...) at ModuleBuilder.cpp:122
#​38 0x00007f8c2c31d095 in lldb_private::ASTResultSynthesizer::HandleTopLevelDecl (this=0x9fa4bd0, D=...) at ASTResultSynthesizer.cpp:125
#​39 0x00007f8c2253e1f8 in clang::ParseAST (S=..., PrintStats=false, SkipFunctionBodies=false) at ParseAST.cpp:142
#​40 0x00007f8c2253dfae in clang::ParseAST (PP=..., Consumer=0x9fa4bd0, Ctx=..., PrintStats=false, TUKind=clang::TU_Complete,
CompletionConsumer=0x0, SkipFunctionBodies=false) at ParseAST.cpp:96
#​41 0x00007f8c2c34713d in lldb_private::ClangExpressionParser::Parse (this=0x7fffa0c91a10, stream=...) at ClangExpressionParser.cpp:398
#​42 0x00007f8c2c35f6ef in lldb_private::ClangUserExpression::Parse (this=0x91a3310, error_stream=..., exe_ctx=...,
execution_policy=lldb_private::eExecutionPolicyOnlyWhenNeeded, keep_result_in_memory=true, generate_debug_info=false)
at ClangUserExpression.cpp:532
#​43 0x00007f8c2c361074 in lldb_private::ClangUserExpression::Evaluate (exe_ctx=..., options=..., expr_cstr=0x8987e5b "Tok.getKind()",
expr_prefix=0x0, result_valobj_sp=..., error=...) at ClangUserExpression.cpp:1032
#​44 0x00007f8c2b7d393e in lldb_private::Target::EvaluateExpression (this=0x13630b0, expr_cstr=0x8987e5b "Tok.getKind()", frame=
0x7f8bf2618940, result_valobj_sp=..., options=...) at Target.cpp:1972
#​45 0x00007f8c2d2c3be8 in lldb_private::CommandObjectExpression::EvaluateExpression (this=0x1537da0, expr=0x8987e5b "Tok.getKind()",
output_stream=0x7fffa0c92310, error_stream=0x7fffa0c92368, result=0x7fffa0c92310) at CommandObjectExpression.cpp:313
#​46 0x00007f8c2d2c44e0 in lldb_private::CommandObjectExpression::DoExecute (this=0x1537da0, command=0x8987e58 "-- Tok.getKind()",
result=...) at CommandObjectExpression.cpp:514
#​47 0x00007f8c2bfafb55 in lldb_private::CommandObjectRaw::Execute (this=0x1537da0, args_string=0x8987e58 "-- Tok.getKind()", result=...)
at CommandObject.cpp:1099
#​48 0x00007f8c2bf9cc24 in lldb_private::CommandInterpreter::HandleCommand (this=0x15383a0, command_line=0x8ba5a48 "p Tok.getKind()",
lazy_add_to_history=lldb_private::eLazyBoolCalculate, result=..., override_context=0x0, repeat_on_empty_command=true,
no_context_switching=false) at CommandInterpreter.cpp:1951
#​49 0x00007f8c2bfa06f1 in lldb_private::CommandInterpreter::IOHandlerInputComplete (this=0x15383a0, io_handler=...,
line="p Tok.getKind()") at CommandInterpreter.cpp:3136
#​50 0x00007f8c2c813d22 in lldb_private::IOHandlerEditline::Run (this=0x136e3e0) at IOHandler.cpp:729
#​51 0x00007f8c2c7e8e6a in lldb_private::Debugger::ExecuteIOHanders (this=0x1254b30) at Debugger.cpp:915
#​52 0x00007f8c2bfa11bb in lldb_private::CommandInterpreter::RunCommandInterpreter (this=0x15383a0, auto_handle_events=true,
spawn_thread=false, options=...) at CommandInterpreter.cpp:3373
#​53 0x00007f8c25b2ac44 in lldb::SBDebugger::RunCommandInterpreter (this=0x7fffa0c92780, auto_handle_events=true, spawn_thread=false)
at SBDebugger.cpp:977
#​54 0x0000000000409d06 in Driver::MainLoop (this=0x7fffa0c92760) at Driver.cpp:1151
#​55 0x000000000040a04c in main (argc=20, argv=0x7fffa0c92968, envp=0x7fffa0c92a10) at Driver.cpp:1251

[rnk]

Looks like CodeGen doesn't run on this invalid AST anymore. Doesn't crash on this input.

[kcc]

mentioned in issue #23431