Clang crash for C++ in clang::Parser::isCXXDeclarationSpecifier

[pmatos]

I found a compiler crash when compiling a C++ file. I was using Clang 15 but have reproduced a similar but not exactly the same failure in Clang 17, built from main.

The test_parse.cpp.ii.gz is the compressed preprocessed file. I have reduced it using clang-15 and clang-17 and both end up with:

namespace std {
template <_Tp> class optional;          C_A_T_C_H_T_E_S_T_0(std:optional.

This segfaults in clang-15 and aborts in clang-17 with:

clang-17: /home/pmatos/dev/llvm-project/clang/lib/Parse/ParseTentative.cpp:1672: Parser::TPResult clang::Parser::isCXXDeclarationSpecifier

File: test_parse.cpp.ii.gz

[llvmbot]

@llvm/issue-subscribers-c-1

[llvmbot]

@llvm/issue-subscribers-clang-frontend

[Fznamznon]

The assertion message is:

clang-17: source/llorg/llvm-project/clang/lib/Parse/ParseTentative.cpp:1672:
clang::Parser::TPResult clang::Parser::isCXXDeclarationSpecifier(clang::ImplicitTypenameContext, clang::Parser::TPResult, bool*):
Assertion `Tok.isNot(tok::annot_cxxscope) || NextToken().isNot(tok::identifier)' 

Backtrace:

#0 0x0000000003314818 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (source/llorg/llvm-project/build/bin/clang-17+0x3314818)
 #1 0x00000000033120fc SignalHandler(int) Signals.cpp:0:0
 #2 0x00007fb986fd1b20 __restore_rt sigaction.c:0:0
 #3 0x00007fb98580e37f raise (/lib64/libc.so.6+0x3737f)
 #4 0x00007fb9857f8db5 abort (/lib64/libc.so.6+0x21db5)
 #5 0x00007fb9857f8c89 _nl_load_domain.cold.0 loadmsgcat.c:0:0
 #6 0x00007fb985806a76 .annobin___GI___assert_fail.end assert.c:0:0
 #7 0x00000000052f71e2 clang::Parser::isCXXDeclarationSpecifier(clang::ImplicitTypenameContext, clang::Parser::TPResult, bool*) (source/llorg/llvm-proj
ect/build/bin/clang-17+0x52f71e2)
 #8 0x00000000052f5dfd clang::Parser::isCXXDeclarationSpecifier(clang::ImplicitTypenameContext, clang::Parser::TPResult, bool*) (source/llorg/llvm-proj
ect/build/bin/clang-17+0x52f5dfd)
 #9 0x00000000052fb3d9 clang::Parser::isCXXSimpleDeclaration(bool) (source/llorg/llvm-project/build/bin/clang-17+0x52fb3d9)
#10 0x00000000052fb5f2 clang::Parser::isCXXDeclarationStatement(bool) (source/llorg/llvm-project/build/bin/clang-17+0x52fb5f2)
#11 0x00000000052d7005 clang::Parser::ParseStatementOrDeclarationAfterAttributes(llvm::SmallVector<clang::Stmt*, 32u>&, clang::Parser::ParsedStmtContext, clang::SourceLocat
ion*, clang::ParsedAttributes&, clang::ParsedAttributes&) (source/llorg/llvm-project/build/bin/clang-17+0x52d7005)
#12 0x00000000052d80a8 clang::Parser::ParseStatementOrDeclaration(llvm::SmallVector<clang::Stmt*, 32u>&, clang::Parser::ParsedStmtContext, clang::SourceLocation*) (/localdi
sk2/mpodchis/source/llorg/llvm-project/build/bin/clang-17+0x52d80a8)
#13 0x00000000052d4268 clang::Parser::ParseCompoundStatementBody(bool) (source/llorg/llvm-project/build/bin/clang-17+0x52d4268)
#14 0x00000000052d48fb clang::Parser::ParseFunctionStatementBody(clang::Decl*, clang::Parser::ParseScope&) (source/llorg/llvm-project/build/bin/clang-1
7+0x52d48fb)
#15 0x00000000052250b3 clang::Parser::ParseFunctionDefinition(clang::ParsingDeclarator&, clang::Parser::ParsedTemplateInfo const&, clang::Parser::LateParsedAttrList*) (/loc
aldisk2/mpodchis/source/llorg/llvm-project/build/bin/clang-17+0x52250b3)
#16 0x000000000524a137 clang::Parser::ParseDeclGroup(clang::ParsingDeclSpec&, clang::DeclaratorContext, clang::ParsedAttributes&, clang::SourceLocation*, clang::Parser::For
RangeInit*) (source/llorg/llvm-project/build/bin/clang-17+0x524a137)
#17 0x000000000521e44b clang::Parser::ParseDeclOrFunctionDefInternal(clang::ParsedAttributes&, clang::ParsedAttributes&, clang::ParsingDeclSpec&, clang::AccessSpecifier) (/
localdisk2/mpodchis/source/llorg/llvm-project/build/bin/clang-17+0x521e44b)
#18 0x000000000521ecf6 clang::Parser::ParseDeclarationOrFunctionDefinition(clang::ParsedAttributes&, clang::ParsedAttributes&, clang::ParsingDeclSpec*, clang::AccessSpecifi
er) (.part.371) Parser.cpp:0:0
#19 0x0000000005226147 clang::Parser::ParseExternalDeclaration(clang::ParsedAttributes&, clang::ParsedAttributes&, clang::ParsingDeclSpec*) (source/llo
rg/llvm-project/build/bin/clang-17+0x5226147)
#20 0x000000000522782e clang::Parser::ParseTopLevelDecl(clang::OpaquePtr<clang::DeclGroupRef>&, clang::Sema::ModuleImportState&) (source/llorg/llvm-pro
ject/build/bin/clang-17+0x522782e)
#21 0x0000000005219f6a clang::ParseAST(clang::Sema&, bool, bool) (source/llorg/llvm-project/build/bin/clang-17+0x5219f6a)
#21 0x0000000005219f6a clang::ParseAST(clang::Sema&, bool, bool) (source/llorg/llvm-project/build/bin/clang-17+0x5219f6a)
#22 0x0000000004357468 clang::CodeGenAction::ExecuteAction() (source/llorg/llvm-project/build/bin/clang-17+0x4357468)
#23 0x0000000003c97fc9 clang::FrontendAction::Execute() (source/llorg/llvm-project/build/bin/clang-17+0x3c97fc9)
#24 0x0000000003c2d269 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (source/llorg/llvm-project/build/bin/clang-17+0x3c2d269)
#25 0x0000000003d650b2 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (source/llorg/llvm-project/build/bin/clang-17+0x3d650b2)
#26 0x0000000000aeb348 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (source/llorg/llvm-project/build/bin/clang-17+0xaeb348)
#27 0x0000000000ae6724 ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&, llvm::ToolContext const&) driver.cpp:0:0
#28 0x0000000000ae802f clang_main(int, char**, llvm::ToolContext const&) (source/llorg/llvm-project/build/bin/clang-17+0xae802f)
#29 0x0000000000a20271 main (source/llorg/llvm-project/build/bin/clang-17+0xa20271)
#30 0x00007fb9857fa493 __libc_start_main (/lib64/libc.so.6+0x23493)
#31 0x0000000000ae1a2e _start (source/llorg/llvm-project/build/bin/clang-17+0xae1a2e)

The original preprocessed file doesn't show any errors, so it could be valid code. Reduced version asserts the same way. But valid or not, clang shouldn't crash.

[shafik]

Duplicate of: #57495

[shafik]

@Fznamznon I have an attempted fix here: https://reviews.llvm.org/D134334 I have been sitting on it b/c @erichkeane asked some good questions and I never got around to figuring them out.

[pmatos]

The original preprocessed file doesn't show any errors, so it could be valid code. Reduced version asserts the same way. But valid or not, clang shouldn't crash.

As I mentioned in my initial message, it does.

➜  build git:(main) bin/clang++ -std=gnu++20 -O0 -c ~/test_parse.cpp.ii
clang++: /home/pmatos/dev/llvm-project/clang/lib/Parse/ParseTentative.cpp:1672: Parser::TPResult clang::Parser::isCXXDeclarationSpecifier(clang::ImplicitTypenameContext, Parser::TPResult, bool *): Assertion `Tok.isNot(tok::annot_cxxscope) || NextToken().isNot(tok::identifier)' failed.
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.	Program arguments: bin/clang++ -std=gnu++20 -O0 -c /home/pmatos/test_parse.cpp.ii
1.	/home/pmatos/dev/nora/test/unit/test_parse.cpp:11:3: at annotation token
2.	/home/pmatos/dev/nora/test/unit/test_parse.cpp:10:36: parsing function body 'C_A_T_C_H_T_E_S_T_0'
3.	/home/pmatos/dev/nora/test/unit/test_parse.cpp:10:36: in compound statement ('{}')
 #0 0x00007ff2c932964d llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) /home/pmatos/dev/llvm-project/llvm/lib/Support/Unix/Signals.inc:602:11
 #1 0x00007ff2c9329acb PrintStackTraceSignalHandler(void*) /home/pmatos/dev/llvm-project/llvm/lib/Support/Unix/Signals.inc:675:1
 #2 0x00007ff2c9327d66 llvm::sys::RunSignalHandlers() /home/pmatos/dev/llvm-project/llvm/lib/Support/Signals.cpp:104:5
 #3 0x00007ff2c9328ebe llvm::sys::CleanupOnSignal(unsigned long) /home/pmatos/dev/llvm-project/llvm/lib/Support/Unix/Signals.inc:368:1
 #4 0x00007ff2c91d3db4 (anonymous namespace)::CrashRecoveryContextImpl::HandleCrash(int, unsigned long) /home/pmatos/dev/llvm-project/llvm/lib/Support/CrashRecoveryContext.cpp:0:7
 #5 0x00007ff2c91d4172 CrashRecoverySignalHandler(int) /home/pmatos/dev/llvm-project/llvm/lib/Support/CrashRecoveryContext.cpp:391:1
 #6 0x00007ff2c8a0c520 (/lib/x86_64-linux-gnu/libc.so.6+0x42520)
 #7 0x00007ff2c8a60a7c __pthread_kill_implementation ./nptl/pthread_kill.c:44:76
 #8 0x00007ff2c8a60a7c __pthread_kill_internal ./nptl/pthread_kill.c:78:10
 #9 0x00007ff2c8a60a7c pthread_kill ./nptl/pthread_kill.c:89:10
#10 0x00007ff2c8a0c476 gsignal ./signal/../sysdeps/posix/raise.c:27:6
#11 0x00007ff2c89f27f3 abort ./stdlib/abort.c:81:7
#12 0x00007ff2c89f271b _nl_load_domain ./intl/loadmsgcat.c:1177:9
#13 0x00007ff2c8a03e96 (/lib/x86_64-linux-gnu/libc.so.6+0x39e96)
#14 0x00007ff2c2f44c45 clang::Parser::isCXXDeclarationSpecifier(clang::ImplicitTypenameContext, clang::Parser::TPResult, bool*) /home/pmatos/dev/llvm-project/clang/lib/Parse/ParseTentative.cpp:0:11
#15 0x00007ff2c2f442e5 clang::Parser::isCXXDeclarationSpecifier(clang::ImplicitTypenameContext, clang::Parser::TPResult, bool*) /home/pmatos/dev/llvm-project/clang/lib/Parse/ParseTentative.cpp:1406:5
#16 0x00007ff2c2f43e93 clang::Parser::isCXXSimpleDeclaration(bool) /home/pmatos/dev/llvm-project/clang/lib/Parse/ParseTentative.cpp:150:12
#17 0x00007ff2c2f43e45 clang::Parser::isCXXDeclarationStatement(bool) /home/pmatos/dev/llvm-project/clang/lib/Parse/ParseTentative.cpp:100:5
#18 0x00007ff2c2f2b126 clang::Parser::isDeclarationStatement(bool) /home/pmatos/dev/llvm-project/clang/include/clang/Parse/Parser.h:2489:7
#19 0x00007ff2c2f1f0a8 clang::Parser::ParseStatementOrDeclarationAfterAttributes(llvm::SmallVector<clang::Stmt*, 32u>&, clang::Parser::ParsedStmtContext, clang::SourceLocation*, clang::ParsedAttributes&, clang::ParsedAttributes&) /home/pmatos/dev/llvm-project/clang/lib/Parse/ParseStmt.cpp:237:9
#20 0x00007ff2c2f1eacb clang::Parser::ParseStatementOrDeclaration(llvm::SmallVector<clang::Stmt*, 32u>&, clang::Parser::ParsedStmtContext, clang::SourceLocation*) /home/pmatos/dev/llvm-project/clang/lib/Parse/ParseStmt.cpp:117:20
#21 0x00007ff2c2f2787e clang::Parser::ParseCompoundStatementBody(bool) /home/pmatos/dev/llvm-project/clang/lib/Parse/ParseStmt.cpp:1205:11
#22 0x00007ff2c2f28f84 clang::Parser::ParseFunctionStatementBody(clang::Decl*, clang::Parser::ParseScope&) /home/pmatos/dev/llvm-project/clang/lib/Parse/ParseStmt.cpp:2469:21
#23 0x00007ff2c2f51faf clang::Parser::ParseFunctionDefinition(clang::ParsingDeclarator&, clang::Parser::ParsedTemplateInfo const&, clang::Parser::LateParsedAttrList*) /home/pmatos/dev/llvm-project/clang/lib/Parse/Parser.cpp:1471:3
#24 0x00007ff2c2e1687b clang::Parser::ParseDeclGroup(clang::ParsingDeclSpec&, clang::DeclaratorContext, clang::ParsedAttributes&, clang::SourceLocation*, clang::Parser::ForRangeInit*) /home/pmatos/dev/llvm-project/clang/lib/Parse/ParseDecl.cpp:2195:27
#25 0x00007ff2c2f50e2a clang::Parser::ParseDeclOrFunctionDefInternal(clang::ParsedAttributes&, clang::ParsedAttributes&, clang::ParsingDeclSpec&, clang::AccessSpecifier) /home/pmatos/dev/llvm-project/clang/lib/Parse/Parser.cpp:1210:10
#26 0x00007ff2c2f5036f clang::Parser::ParseDeclarationOrFunctionDefinition(clang::ParsedAttributes&, clang::ParsedAttributes&, clang::ParsingDeclSpec*, clang::AccessSpecifier) /home/pmatos/dev/llvm-project/clang/lib/Parse/Parser.cpp:1225:12
#27 0x00007ff2c2f4fc34 clang::Parser::ParseExternalDeclaration(clang::ParsedAttributes&, clang::ParsedAttributes&, clang::ParsingDeclSpec*) /home/pmatos/dev/llvm-project/clang/lib/Parse/Parser.cpp:1040:14
#28 0x00007ff2c2f4dafc clang::Parser::ParseTopLevelDecl(clang::OpaquePtr<clang::DeclGroupRef>&, clang::Sema::ModuleImportState&) /home/pmatos/dev/llvm-project/clang/lib/Parse/Parser.cpp:742:12
#29 0x00007ff2c2df45b7 clang::ParseAST(clang::Sema&, bool, bool) /home/pmatos/dev/llvm-project/clang/lib/Parse/ParseAST.cpp:163:16
#30 0x00007ff2cdf4a7dc clang::ASTFrontendAction::ExecuteAction() /home/pmatos/dev/llvm-project/clang/lib/Frontend/FrontendAction.cpp:1172:1
#31 0x00007ff2d18c01e4 clang::CodeGenAction::ExecuteAction() /home/pmatos/dev/llvm-project/clang/lib/CodeGen/CodeGenAction.cpp:1176:5
#32 0x00007ff2cdf4a1dc clang::FrontendAction::Execute() /home/pmatos/dev/llvm-project/clang/lib/Frontend/FrontendAction.cpp:1064:7
#33 0x00007ff2cde563b8 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) /home/pmatos/dev/llvm-project/clang/lib/Frontend/CompilerInstance.cpp:1049:23
#34 0x00007ff2d2dc7887 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) /home/pmatos/dev/llvm-project/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:264:8
#35 0x000056289390d6d3 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) /home/pmatos/dev/llvm-project/clang/tools/driver/cc1_main.cpp:249:13
#36 0x00005628938f904a ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&, llvm::ToolContext const&) /home/pmatos/dev/llvm-project/clang/tools/driver/driver.cpp:366:5
#37 0x00005628938fa9bd clang_main(int, char**, llvm::ToolContext const&)::$_0::operator()(llvm::SmallVectorImpl<char const*>&) const /home/pmatos/dev/llvm-project/clang/tools/driver/driver.cpp:506:7
#38 0x00005628938fa98d int llvm::function_ref<int (llvm::SmallVectorImpl<char const*>&)>::callback_fn<clang_main(int, char**, llvm::ToolContext const&)::$_0>(long, llvm::SmallVectorImpl<char const*>&) /home/pmatos/dev/llvm-project/llvm/include/llvm/ADT/STLFunctionalExtras.h:45:5
#39 0x00007ff2cd80fb19 llvm::function_ref<int (llvm::SmallVectorImpl<char const*>&)>::operator()(llvm::SmallVectorImpl<char const*>&) const /home/pmatos/dev/llvm-project/llvm/include/llvm/ADT/STLFunctionalExtras.h:68:5
#40 0x00007ff2cd8094f8 clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const::$_1::operator()() const /home/pmatos/dev/llvm-project/clang/lib/Driver/Job.cpp:439:34
#41 0x00007ff2cd8094c5 void llvm::function_ref<void ()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const::$_1>(long) /home/pmatos/dev/llvm-project/llvm/include/llvm/ADT/STLFunctionalExtras.h:45:5
#42 0x00007ff2c91be6e9 llvm::function_ref<void ()>::operator()() const /home/pmatos/dev/llvm-project/llvm/include/llvm/ADT/STLFunctionalExtras.h:68:5
#43 0x00007ff2c91d3bca llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) /home/pmatos/dev/llvm-project/llvm/lib/Support/CrashRecoveryContext.cpp:427:3
#44 0x00007ff2cd808e17 clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const /home/pmatos/dev/llvm-project/clang/lib/Driver/Job.cpp:439:7
#45 0x00007ff2cd78692f clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&, clang::driver::Command const*&, bool) const /home/pmatos/dev/llvm-project/clang/lib/Driver/Compilation.cpp:199:15
#46 0x00007ff2cd786b37 clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&, bool) const /home/pmatos/dev/llvm-project/clang/lib/Driver/Compilation.cpp:253:13
#47 0x00007ff2cd7a8348 clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&) /home/pmatos/dev/llvm-project/clang/lib/Driver/Driver.cpp:1866:7
#48 0x00005628938f8b08 clang_main(int, char**, llvm::ToolContext const&) /home/pmatos/dev/llvm-project/clang/tools/driver/driver.cpp:542:9
#49 0x0000562893930f2d main /home/pmatos/dev/llvm-project/build/tools/clang/tools/driver/clang-driver.cpp:15:3
#50 0x00007ff2c89f3d90 __libc_start_call_main ./csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#51 0x00007ff2c89f3e40 call_init ./csu/../csu/libc-start.c:128:20
#52 0x00007ff2c89f3e40 __libc_start_main ./csu/../csu/libc-start.c:379:5
#53 0x00005628938f77a5 _start (bin/clang+++0x477a5)
clang++: error: clang frontend command failed with exit code 134 (use -v to see invocation)
clang version 17.0.0 (git@github.com:pmatos/llvm-project.git 2e87ed80b23ad5c30a85762aa879739fa1e9cea0)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /home/pmatos/dev/llvm-project/build/bin
clang++: note: diagnostic msg: Error generating preprocessed source(s) - no preprocessable inputs.

clang compiled in Debug mode, with extensive checks enabled.

[pmatos]

@Fznamznon I have an attempted fix here: https://reviews.llvm.org/D134334 I have been sitting on it b/c @erichkeane asked some good questions and I never got around to figuring them out.

I can confirm this fix fixes the crash.

[shafik]

I updated the PR based on feedback it should still fix this issue as well.