Segmentation fault on invalid code on x86_64-linux-gnu with "-std=c++11"

[chengniansun]

Bugzilla Link	28305
Version	trunk
OS	Windows NT

Extended Description

$: clang++-trunk -v
clang version 3.9.0 (trunk 272938) (llvm/trunk 272936)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /usr/bin
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/4.8
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/4.8.4
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9.2
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/4.8
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/4.8.4
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/4.9
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/4.9.2
Selected GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9
Candidate multilib: .;@m64
Candidate multilib: 32;@m32
Candidate multilib: x32;@MX32
Selected multilib: .;@m64
$:
$: clang++-trunk -std=c++11 small.C
small.C:3:5: error: function cannot return function type 'decltype(abort)' (aka 'void ()')
->decltype (abort) {
^
#​0 0x0000000001c6b8b5 llvm::sys::PrintStackTrace(llvm::raw_ostream&) (/usr/local/clang-trunk/bin/clang-3.9+0x1c6b8b5)
#​1 0x0000000001c69776 llvm::sys::RunSignalHandlers() (/usr/local/clang-trunk/bin/clang-3.9+0x1c69776)
#​2 0x0000000001c69994 SignalHandler(int) (/usr/local/clang-trunk/bin/clang-3.9+0x1c69994)
#​3 0x00007f362d18d8d0 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0xf8d0)
#​4 0x00000000028c6a90 clang::Sema::CheckParmsForFunctionDef(clang::ParmVarDecl* const*, clang::ParmVarDecl* const*, bool) (/usr/local/clang-trunk/bin/clang-3.9+0x28c6a90)
#​5 0x0000000002ada78c clang::Sema::startLambdaDefinition(clang::CXXRecordDecl*, clang::SourceRange, clang::TypeSourceInfo*, clang::SourceLocation, llvm::ArrayRefclang::ParmVarDecl*, bool) (/usr/local/clang-trunk/bin/clang-3.9+0x2ada78c)
#​6 0x0000000002c4bfd9 clang::TreeTransform<(anonymous namespace)::TemplateInstantiator>::TransformLambdaExpr(clang::LambdaExpr*) (/usr/local/clang-trunk/bin/clang-3.9+0x2c4bfd9)
#​7 0x0000000002c4d7d4 clang::TreeTransform<(anonymous namespace)::TemplateInstantiator>::TransformExpr(clang::Expr*) (/usr/local/clang-trunk/bin/clang-3.9+0x2c4d7d4)
#​8 0x0000000002c5fed9 clang::TreeTransform<(anonymous namespace)::TemplateInstantiator>::TransformStmt(clang::Stmt*) (/usr/local/clang-trunk/bin/clang-3.9+0x2c5fed9)
#​9 0x0000000002c60bdc clang::TreeTransform<(anonymous namespace)::TemplateInstantiator>::TransformCompoundStmt(clang::CompoundStmt*, bool) (/usr/local/clang-trunk/bin/clang-3.9+0x2c60bdc)
#​10 0x0000000002c60ceb clang::TreeTransform<(anonymous namespace)::TemplateInstantiator>::TransformCompoundStmt(clang::CompoundStmt*) (/usr/local/clang-trunk/bin/clang-3.9+0x2c60ceb)
#​11 0x0000000002c5ff63 clang::TreeTransform<(anonymous namespace)::TemplateInstantiator>::TransformStmt(clang::Stmt*) (/usr/local/clang-trunk/bin/clang-3.9+0x2c5ff63)
#​12 0x0000000002c64048 clang::Sema::SubstStmt(clang::Stmt*, clang::MultiLevelTemplateArgumentList const&) (/usr/local/clang-trunk/bin/clang-3.9+0x2c64048)
#​13 0x0000000002c867fc clang::Sema::InstantiateFunctionDefinition(clang::SourceLocation, clang::FunctionDecl*, bool, bool, bool) (/usr/local/clang-trunk/bin/clang-3.9+0x2c867fc)
#​14 0x0000000002c85017 clang::Sema::PerformPendingInstantiations(bool) (/usr/local/clang-trunk/bin/clang-3.9+0x2c85017)
#​15 0x000000000288c50f clang::Sema::ActOnEndOfTranslationUnit() (/usr/local/clang-trunk/bin/clang-3.9+0x288c50f)
#​16 0x00000000026a1961 clang::Parser::ParseTopLevelDecl(clang::OpaquePtrclang::DeclGroupRef&) (/usr/local/clang-trunk/bin/clang-3.9+0x26a1961)
#​17 0x000000000269c16b clang::ParseAST(clang::Sema&, bool, bool) (/usr/local/clang-trunk/bin/clang-3.9+0x269c16b)
#​18 0x000000000236afbb clang::CodeGenAction::ExecuteAction() (/usr/local/clang-trunk/bin/clang-3.9+0x236afbb)
#​19 0x000000000209aa4e clang::FrontendAction::Execute() (/usr/local/clang-trunk/bin/clang-3.9+0x209aa4e)
#​20 0x0000000002071526 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/usr/local/clang-trunk/bin/clang-3.9+0x2071526)
#​21 0x0000000002123942 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/usr/local/clang-trunk/bin/clang-3.9+0x2123942)
#​22 0x0000000000b0eba8 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/usr/local/clang-trunk/bin/clang-3.9+0xb0eba8)
#​23 0x0000000000ac3325 main (/usr/local/clang-trunk/bin/clang-3.9+0xac3325)
#​24 0x00007f362c3b7b45 __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b45)
#​25 0x0000000000b0ad04 _start (/usr/local/clang-trunk/bin/clang-3.9+0xb0ad04)
Stack dump:
0. Program arguments: /usr/local/clang-trunk/bin/clang-3.9 -cc1 -triple x86_64-unknown-linux-gnu -emit-obj -mrelax-all -disable-free -main-file-name small.C -mrelocation-model static -mthread-model posix -mdisable-fp-elim -fmath-errno -masm-verbose -mconstructor-aliases -munwind-tables -fuse-init-array -target-cpu x86-64 -dwarf-column-info -debugger-tuning=gdb -resource-dir /usr/local/clang-trunk/bin/../lib/clang/3.9.0 -c-isystem . -c-isystem /usr/local/include/csmith -internal-isystem /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9/../../../../include/c++/4.9 -internal-isystem /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9/../../../../include/x86_64-linux-gnu/c++/4.9 -internal-isystem /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9/../../../../include/x86_64-linux-gnu/c++/4.9 -internal-isystem /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9/../../../../include/c++/4.9/backward -internal-isystem /usr/local/include -internal-isystem /usr/local/clang-trunk/bin/../lib/clang/3.9.0/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -std=c++11 -fdeprecated-macro -fdebug-compilation-dir /home/cnsun/workspace/meta-compiler/error-fuzzer/temp-runs/IdentifierSubstituionFuzzingEngine/crash/20160621-clang++-trunk--O3-c-Weverything-std=c++14-build-051707 -ferror-limit 19 -fmessage-length 132 -fobjc-runtime=gcc -fcxx-exceptions -fexceptions -fdiagnostics-show-option -fcolor-diagnostics -o /tmp/small-366559.o -x c++ small.C

1. parser at end of file
2. small.C:2:27: instantiating function definition 'f'
   clang-3.9: error: unable to execute command: Segmentation fault
   clang-3.9: error: clang frontend command failed due to signal (use -v to see invocation)
   clang version 3.9.0 (trunk 272938) (llvm/trunk 272936)
   Target: x86_64-unknown-linux-gnu
   Thread model: posix
   InstalledDir: /usr/bin
   clang-3.9: note: diagnostic msg: PLEASE submit a bug report to http://llvm.org/bugs/ and include the crash backtrace, preprocessed source, and associated run script.
   clang-3.9: note: diagnostic msg:

---

PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang-3.9: note: diagnostic msg: /tmp/small-724233.cpp
clang-3.9: note: diagnostic msg: /tmp/small-724233.sh
clang-3.9: note: diagnostic msg:

---

$:
$: cat small.C

void abort ();
template < class T > void f (T) {
  [](int)->decltype (abort) {
  };
}

int main () {
  f (5);
  return 0;
}

$:

[shafik]

Confirmed: https://godbolt.org/z/1K1585nse

Still crashes on trunk.

Assertion:

clang++: /root/llvm-project/clang/lib/Sema/SemaChecking.cpp:16075:
bool clang::Sema::CheckParmsForFunctionDef(llvm::ArrayRef<clang::ParmVarDecl*>, bool):
Assertion `Param && "null in a parameter list"' failed.

Backtrace:

PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.	Program arguments: /opt/compiler-explorer/clang-assertions-trunk/bin/clang++ -gdwarf-4 -g -o /app/output.s -mllvm --x86-asm-syntax=intel -S --gcc-toolchain=/opt/compiler-explorer/gcc-snapshot -fcolor-diagnostics -fno-crash-diagnostics -std=c++2b <source>
1.	<eof> parser at end of file
2.	<source>:2:27: instantiating function definition 'f<int>'
 #0 0x000055e4ba45547f llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x3b7f47f)
 #1 0x000055e4ba4531bc llvm::sys::CleanupOnSignal(unsigned long) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x3b7d1bc)
 #2 0x000055e4ba39fe48 CrashRecoverySignalHandler(int) CrashRecoveryContext.cpp:0:0
 #3 0x00007f290d54e420 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x14420)
 #4 0x00007f290d01b00b raise (/lib/x86_64-linux-gnu/libc.so.6+0x4300b)
 #5 0x00007f290cffa859 abort (/lib/x86_64-linux-gnu/libc.so.6+0x22859)
 #6 0x00007f290cffa729 (/lib/x86_64-linux-gnu/libc.so.6+0x22729)
 #7 0x00007f290d00bfd6 (/lib/x86_64-linux-gnu/libc.so.6+0x33fd6)
 #8 0x000055e4bcd70852 clang::Sema::CheckParmsForFunctionDef(llvm::ArrayRef<clang::ParmVarDecl*>, bool) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x649a852)
 #9 0x000055e4bd2e8339 clang::Sema::CompleteLambdaCallOperator(clang::CXXMethodDecl*, clang::SourceLocation, clang::SourceLocation, clang::Expr*, clang::TypeSourceInfo*, clang::ConstexprSpecKind, clang::StorageClass, llvm::ArrayRef<clang::ParmVarDecl*>, bool) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x6a12339)
#10 0x000055e4bd69b43c clang::TreeTransform<(anonymous namespace)::TemplateInstantiator>::TransformLambdaExpr(clang::LambdaExpr*) SemaTemplateInstantiate.cpp:0:0
#11 0x000055e4bd69c0fe clang::TreeTransform<(anonymous namespace)::TemplateInstantiator>::TransformExpr(clang::Expr*) SemaTemplateInstantiate.cpp:0:0
#12 0x000055e4bd6d511f clang::TreeTransform<(anonymous namespace)::TemplateInstantiator>::TransformStmt(clang::Stmt*, clang::TreeTransform<(anonymous namespace)::TemplateInstantiator>::StmtDiscardKind) SemaTemplateInstantiate.cpp:0:0
#13 0x000055e4bd6d6389 clang::TreeTransform<(anonymous namespace)::TemplateInstantiator>::TransformCompoundStmt(clang::CompoundStmt*, bool) SemaTemplateInstantiate.cpp:0:0
#14 0x000055e4bd6d94ce clang::Sema::SubstStmt(clang::Stmt*, clang::MultiLevelTemplateArgumentList const&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x6e034ce)
#15 0x000055e4bd729fc8 clang::Sema::InstantiateFunctionDefinition(clang::SourceLocation, clang::FunctionDecl*, bool, bool, bool) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x6e53fc8)
#16 0x000055e4bd7283af clang::Sema::PerformPendingInstantiations(bool) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x6e523af)
#17 0x000055e4bccf7fb0 clang::Sema::ActOnEndOfTranslationUnitFragment(clang::Sema::TUFragmentKind) (.part.0) Sema.cpp:0:0
#18 0x000055e4bccf869a clang::Sema::ActOnEndOfTranslationUnit() (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x642269a)
#19 0x000055e4bcb92353 clang::Parser::ParseTopLevelDecl(clang::OpaquePtr<clang::DeclGroupRef>&, clang::Sema::ModuleImportState&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x62bc353)
#20 0x000055e4bcb8604a clang::ParseAST(clang::Sema&, bool, bool) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x62b004a)
#21 0x000055e4bb6917f8 clang::CodeGenAction::ExecuteAction() (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x4dbb7f8)
#22 0x000055e4baeeb989 clang::FrontendAction::Execute() (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x4615989)
#23 0x000055e4bae6f5c6 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x45995c6)
#24 0x000055e4bafcfa47 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x46f9a47)
#25 0x000055e4b793969d cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x106369d)
#26 0x000055e4b79351fa ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&, llvm::ToolContext const&) driver.cpp:0:0
#27 0x000055e4bacd4dcd void llvm::function_ref<void ()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const::'lambda'()>(long) Job.cpp:0:0
#28 0x000055e4ba3a0330 llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x3aca330)
#29 0x000055e4bacd568f clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const (.part.0) Job.cpp:0:0
#30 0x000055e4bac9d23c clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&, clang::driver::Command const*&, bool) const (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x43c723c)
#31 0x000055e4bac9dcdd clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&, bool) const (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x43c7cdd)
#32 0x000055e4baca5bad clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x43cfbad)
#33 0x000055e4b7937890 clang_main(int, char**, llvm::ToolContext const&) (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x1061890)
#34 0x000055e4b783f515 main (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0xf69515)
#35 0x00007f290cffc083 __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24083)
#36 0x000055e4b792ff0e _start (/opt/compiler-explorer/clang-assertions-trunk/bin/clang+++0x1059f0e)
clang++: error: clang frontend command failed with exit code 134 (use -v to see invocation)
Compiler returned: 134

[llvmbot]

@llvm/issue-subscribers-clang-frontend

[shafik]

In getLambdaType(...) after calling:

 MethodTyInfo = S.GetTypeForDeclarator(ParamInfo, CurScope);
    assert(MethodTyInfo && "no type from lambda-declarator");

Debugging:

expr ParamInfo.isInvalidType()
(bool) $8 = true

but I don't see how to handle this information, the calling frame is Sema::ActOnStartOfLambdaDefinition(...) and I also don't see where to handle this there either.

[shafik]

PR: https://reviews.llvm.org/D158808