Created attachment 13508 [details] test case Fuzzing discovered that the attached test case, when given as input to clang -fno-crash-diagnostics -std=c++11 -xc++ -c -emit-llvm causes this assertion failure: clang-3.6: tools/clang/include/clang/AST/DeclCXX.h:592: struct DefinitionData &clang::CXXRecordDecl::data() const: Assertion `DD && "queried property of class with no definition"' failed.
I see this assertion with the recent clang/llvm/lldb (while gdb works fine): llvm: 1f22900 clang: 3457cd5 lldb: 942b4a2 * thread #1: tid = 7735, 0x00007fffe47091e2 libclangParse.so.3`clang::Parser::ParsePostfixExpressionSuffix(this=0x00000000006b2910, LHS=(PtrWithInvalid = 6900008)) + 34 at ParseExpr.cpp:1323, name = 'clang', stop reason = breakpoint 5.1 frame #0: 0x00007fffe47091e2 libclangParse.so.3`clang::Parser::ParsePostfixExpressionSuffix(this=0x00000000006b2910, LHS=(PtrWithInvalid = 6900008)) + 34 at ParseExpr.cpp:1323 1320 Parser::ParsePostfixExpressionSuffix(ExprResult LHS) { 1321 // Now that the primary-expression piece of the postfix-expression has been 1322 // parsed, see if there are any postfix-expression pieces here. -> 1323 SourceLocation Loc; 1324 while (1) { 1325 switch (Tok.getKind()) { 1326 case tok::code_completion: (lldb) p Tok.getKind() lldb: ../tools/clang/include/clang/AST/DeclCXX.h:592: clang::CXXRecordDecl::DefinitionData& clang::CXXRecordDecl::data() const: Assertion `DD && "queried property of class with no definition"' failed. (gdb) bt #0 0x00007f8c200d7407 in __GI_raise (sig=sig@entry=6) at raise.c:56 #1 0x00007f8c200da508 in __GI_abort () at abort.c:89 #2 0x00007f8c200d0516 in __assert_fail_base (fmt=0x7f8c20206d00 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x7f8c23b2a0f0 "DD && \"queried property of class with no definition\"", file=file@entry=0x7f8c23b2a0c0 "../tools/clang/include/clang/AST/DeclCXX.h", line=line@entry=592, function=function@entry=0x7f8c23b2b840 <clang::CXXRecordDecl::data() const::__PRETTY_FUNCTION__> "clang::CXXRecordDecl::DefinitionData& clang::CXXRecordDecl::data() const") at assert.c:92 #3 0x00007f8c200d05c2 in __GI___assert_fail (assertion=0x7f8c23b2a0f0 "DD && \"queried property of class with no definition\"", file=0x7f8c23b2a0c0 "../tools/clang/include/clang/AST/DeclCXX.h", line=592, function=0x7f8c23b2b840 <clang::CXXRecordDecl::data() const::__PRETTY_FUNCTION__> "clang::CXXRecordDecl::DefinitionData& clang::CXXRecordDecl::data() const") at assert.c:101 #4 0x00007f8c238203c2 in clang::CXXRecordDecl::data (this=0x111feeb0) at DeclCXX.h:592 #5 0x00007f8c2386a088 in clang::CXXRecordDecl::bases_begin (this=0x111feeb0) at DeclCXX.h:721 #6 0x00007f8c2386a0ab in clang::CXXRecordDecl::bases_end (this=0x111feeb0) at DeclCXX.h:724 #7 0x00007f8c2386a03d in clang::CXXRecordDecl::bases (this=0x111feeb0) at DeclCXX.h:717 #8 0x00007f8c23ac59be in isSafeToConvert (RD=0x111feeb0, CGT=..., AlreadyChecked=...) at CodeGenTypes.cpp:135 #9 0x00007f8c23ac5b80 in isSafeToConvert (T=..., CGT=..., AlreadyChecked=...) at CodeGenTypes.cpp:161 #10 0x00007f8c23ac5ae2 in isSafeToConvert (RD=0xbf194b0, CGT=..., AlreadyChecked=...) at CodeGenTypes.cpp:144 #11 0x00007f8c23ac5c5b in isSafeToConvert (RD=0xbf194b0, CGT=...) at CodeGenTypes.cpp:182 #12 0x00007f8c23ac7257 in clang::CodeGen::CodeGenTypes::ConvertRecordDeclType (this=0x9fd4f00, RD=0xbf194b0) at CodeGenTypes.cpp:654 #13 0x00007f8c23ac6119 in clang::CodeGen::CodeGenTypes::ConvertType (this=0x9fd4f00, T=...) at CodeGenTypes.cpp:304 #14 0x00007f8c23ac57cc in clang::CodeGen::CodeGenTypes::ConvertTypeForMem (this=0x9fd4f00, T=...) at CodeGenTypes.cpp:85 #15 0x00007f8c23ac64e9 in clang::CodeGen::CodeGenTypes::ConvertType (this=0x9fd4f00, T=...) at CodeGenTypes.cpp:416 #16 0x00007f8c23ac57cc in clang::CodeGen::CodeGenTypes::ConvertTypeForMem (this=0x9fd4f00, T=...) at CodeGenTypes.cpp:85 #17 0x00007f8c239bcdfc in (anonymous namespace)::CGRecordLowering::getStorageType (this=0x7fffa0c8e140, FD=0xbf195b0) at CGRecordLayoutBuilder.cpp:121 #18 0x00007f8c239bdc90 in (anonymous namespace)::CGRecordLowering::accumulateFields (this=0x7fffa0c8e140) at CGRecordLayoutBuilder.cpp:350 #19 0x00007f8c239bd49b in (anonymous namespace)::CGRecordLowering::lower (this=0x7fffa0c8e140, NVBaseType=false) at CGRecordLayoutBuilder.cpp:259 #20 0x00007f8c239bfb23 in clang::CodeGen::CodeGenTypes::ComputeRecordLayout (this=0x9fd4f00, D=0x9fdbb80, Ty=0x9fd7470) at CGRecordLayoutBuilder.cpp:673 #21 0x00007f8c23ac73bd in clang::CodeGen::CodeGenTypes::ConvertRecordDeclType (this=0x9fd4f00, RD=0x9fdbb80) at CodeGenTypes.cpp:674 #22 0x00007f8c23ac6119 in clang::CodeGen::CodeGenTypes::ConvertType (this=0x9fd4f00, T=...) at CodeGenTypes.cpp:304 #23 0x00007f8c23ac57cc in clang::CodeGen::CodeGenTypes::ConvertTypeForMem (this=0x9fd4f00, T=...) at CodeGenTypes.cpp:85 #24 0x00007f8c23ac6567 in clang::CodeGen::CodeGenTypes::ConvertType (this=0x9fd4f00, T=...) at CodeGenTypes.cpp:424 #25 0x00007f8c23b0ebbb in (anonymous namespace)::X86_64ABIInfo::classifyArgumentType (this=0x9fd1310, Ty=..., freeIntRegs=6, neededInt=@0x7fffa0c8eb1c: 1, neededSSE=@0x7fffa0c8eb18: 0, isNamedArg=true) at TargetInfo.cpp:2647 #26 0x00007f8c23b0f066 in (anonymous namespace)::X86_64ABIInfo::computeInfo (this=0x9fd1310, FI=...) at TargetInfo.cpp:2752 #27 0x00007f8c238773e9 in clang::CodeGen::CodeGenTypes::arrangeLLVMFunctionInfo (this=0x9fd4f00, resultType=..., instanceMethod=true, chainCall=false, argTypes=..., info=..., required=...) at CGCall.cpp:495 #28 0x00007f8c238759b7 in arrangeLLVMFunctionInfo (CGT=..., instanceMethod=true, prefix=..., FTP=...) at CGCall.cpp:105 #29 0x00007f8c23875c58 in clang::CodeGen::CodeGenTypes::arrangeCXXMethodType (this=0x9fd4f00, RD=0x9fdbb80, FTP=0x9fdbe20) at CGCall.cpp:168 #30 0x00007f8c23875d54 in clang::CodeGen::CodeGenTypes::arrangeCXXMethodDeclaration (this=0x9fd4f00, MD=0xfc46670) at CGCall.cpp:185 #31 0x00007f8c23876368 in clang::CodeGen::CodeGenTypes::arrangeFunctionDeclaration (this=0x9fd4f00, FD=0xfc46670) at CGCall.cpp:259 #32 0x00007f8c238768f9 in clang::CodeGen::CodeGenTypes::arrangeGlobalDeclaration (this=0x9fd4f00, GD=...) at CGCall.cpp:331 #33 0x00007f8c23a15a54 in clang::CodeGen::CodeGenModule::EmitGlobalFunctionDefinition (this=0x9fd4e40, GD=..., GV=0x0) at CodeGenModule.cpp:2398 #34 0x00007f8c23a12b98 in clang::CodeGen::CodeGenModule::EmitGlobalDefinition (this=0x9fd4e40, GD=..., GV=0x0) at CodeGenModule.cpp:1523 #35 0x00007f8c23a12438 in clang::CodeGen::CodeGenModule::EmitGlobal (this=0x9fd4e40, GD=...) at CodeGenModule.cpp:1387 #36 0x00007f8c23a197ca in clang::CodeGen::CodeGenModule::EmitTopLevelDecl (this=0x9fd4e40, D=0xfc46670) at CodeGenModule.cpp:3251 #37 0x00007f8c23b04a35 in (anonymous namespace)::CodeGeneratorImpl::HandleTopLevelDecl (this=0x9fa3310, DG=...) at ModuleBuilder.cpp:122 #38 0x00007f8c2c31d095 in lldb_private::ASTResultSynthesizer::HandleTopLevelDecl (this=0x9fa4bd0, D=...) at ASTResultSynthesizer.cpp:125 #39 0x00007f8c2253e1f8 in clang::ParseAST (S=..., PrintStats=false, SkipFunctionBodies=false) at ParseAST.cpp:142 #40 0x00007f8c2253dfae in clang::ParseAST (PP=..., Consumer=0x9fa4bd0, Ctx=..., PrintStats=false, TUKind=clang::TU_Complete, CompletionConsumer=0x0, SkipFunctionBodies=false) at ParseAST.cpp:96 #41 0x00007f8c2c34713d in lldb_private::ClangExpressionParser::Parse (this=0x7fffa0c91a10, stream=...) at ClangExpressionParser.cpp:398 #42 0x00007f8c2c35f6ef in lldb_private::ClangUserExpression::Parse (this=0x91a3310, error_stream=..., exe_ctx=..., execution_policy=lldb_private::eExecutionPolicyOnlyWhenNeeded, keep_result_in_memory=true, generate_debug_info=false) at ClangUserExpression.cpp:532 #43 0x00007f8c2c361074 in lldb_private::ClangUserExpression::Evaluate (exe_ctx=..., options=..., expr_cstr=0x8987e5b "Tok.getKind()", expr_prefix=0x0, result_valobj_sp=..., error=...) at ClangUserExpression.cpp:1032 #44 0x00007f8c2b7d393e in lldb_private::Target::EvaluateExpression (this=0x13630b0, expr_cstr=0x8987e5b "Tok.getKind()", frame= 0x7f8bf2618940, result_valobj_sp=..., options=...) at Target.cpp:1972 #45 0x00007f8c2d2c3be8 in lldb_private::CommandObjectExpression::EvaluateExpression (this=0x1537da0, expr=0x8987e5b "Tok.getKind()", output_stream=0x7fffa0c92310, error_stream=0x7fffa0c92368, result=0x7fffa0c92310) at CommandObjectExpression.cpp:313 #46 0x00007f8c2d2c44e0 in lldb_private::CommandObjectExpression::DoExecute (this=0x1537da0, command=0x8987e58 "-- Tok.getKind()", result=...) at CommandObjectExpression.cpp:514 #47 0x00007f8c2bfafb55 in lldb_private::CommandObjectRaw::Execute (this=0x1537da0, args_string=0x8987e58 "-- Tok.getKind()", result=...) at CommandObject.cpp:1099 #48 0x00007f8c2bf9cc24 in lldb_private::CommandInterpreter::HandleCommand (this=0x15383a0, command_line=0x8ba5a48 "p Tok.getKind()", lazy_add_to_history=lldb_private::eLazyBoolCalculate, result=..., override_context=0x0, repeat_on_empty_command=true, no_context_switching=false) at CommandInterpreter.cpp:1951 #49 0x00007f8c2bfa06f1 in lldb_private::CommandInterpreter::IOHandlerInputComplete (this=0x15383a0, io_handler=..., line="p Tok.getKind()") at CommandInterpreter.cpp:3136 #50 0x00007f8c2c813d22 in lldb_private::IOHandlerEditline::Run (this=0x136e3e0) at IOHandler.cpp:729 #51 0x00007f8c2c7e8e6a in lldb_private::Debugger::ExecuteIOHanders (this=0x1254b30) at Debugger.cpp:915 #52 0x00007f8c2bfa11bb in lldb_private::CommandInterpreter::RunCommandInterpreter (this=0x15383a0, auto_handle_events=true, spawn_thread=false, options=...) at CommandInterpreter.cpp:3373 #53 0x00007f8c25b2ac44 in lldb::SBDebugger::RunCommandInterpreter (this=0x7fffa0c92780, auto_handle_events=true, spawn_thread=false) at SBDebugger.cpp:977 #54 0x0000000000409d06 in Driver::MainLoop (this=0x7fffa0c92760) at Driver.cpp:1151 #55 0x000000000040a04c in main (argc=20, argv=0x7fffa0c92968, envp=0x7fffa0c92a10) at Driver.cpp:1251
Looks like CodeGen doesn't run on this invalid AST anymore. Doesn't crash on this input.