clang currently broken?

I just checked out the latest llvm and clang (rev 57766). Compiling a
really simple program works, such as:

int main(void) { int a; return 0; }

But:

int main(void) { int a, b; return 0; }

segfaults:

#0 0x00000000008cd393 in clang::DeclGroup::Destroy (this=0xf02800,
    C=@0xf03280) at DeclGroup.cpp:60
#1 0x00000000008cd445 in clang::DeclGroupOwningRef::Destroy (this=0xf1ee20,
    C=@0xf03280) at DeclGroup.cpp:78
#2 0x00000000008e5fc7 in clang::DeclStmt::Destroy (this=0xf1ee10, C=@0xf03280)
    at Stmt.cpp:58
#3 0x00000000008e6055 in clang::Stmt::DestroyChildren (this=0xf1eeb0,
    C=@0xf03280) at Stmt.cpp:46
#4 0x00000000008e608f in clang::Stmt::Destroy (this=0xf1eeb0, C=@0xf03280)
    at Stmt.cpp:50
#5 0x00000000008c9489 in clang::FunctionDecl::Destroy (this=0xf1ed00,
    C=@0xf03280) at Decl.cpp:159
#6 0x00000000008f7c2e in ~TranslationUnit (this=0xf13aa0)
    at TranslationUnit.cpp:100
#7 0x00000000008595b5 in clang::ParseAST (PP=@0xf01000, Consumer=0xf03260,
    PrintStats=false, FreeMemory=true) at ParseAST.cpp:82
#8 0x0000000000765ef5 in ProcessInputFile (PP=@0xf01000, PPF=@0x7fff25daa1e0,
    InFile=@0xefe060) at clang.cpp:1194
#9 0x00000000007678cd in main (argc=2, argv=0x7fff25daa3e8) at clang.cpp:1386

(gdb) p NumDecls
$2 = 2
(gdb) p *Decls[0]
Cannot access memory at address 0xf1edc000000000
(gdb) p *Decls[1]
Cannot access memory at address 0x0

This is with x86-64 Debian unstable, compiled with gcc 4.3.1.

Hi Timo,

This is strange; this error doesn't show up on Mac OS X at all. I even ran it through valgrind (on Mac OS X) and didn't get any user-after-free errors.

What are the exact arguments you passed to clang?

Ted

Hi Timo,

This is strange; this error doesn't show up on Mac OS X at all.

So it seems. I did everything exactly the same as in Debian and it
worked in OS X.

I
even ran it through valgrind (on Mac OS X) and didn't get any user-
after-free errors.

Oh, there's a working valgrind for OS X?

What are the exact arguments you passed to clang?

Nothing really. Either "ccc test2.c -o test" or just "clang test2.c".

Anyway, looks like I figured it out:

--- lib/AST/DeclGroup.cpp (revision 57766)
+++ lib/AST/DeclGroup.cpp (working copy)
@@ -54,7 +54,7 @@
}

void DeclGroup::Destroy(ASTContext& C) {
- Decl** Decls = (Decl**) this + 1;
+ Decl** Decls = (Decl**) (this + 1);
   
   for (unsigned i = 0; i < NumDecls; ++i)
     Decls[i]->Destroy(C);

Oh, there's a working valgrind for OS X?

Greg Parker (one of Apple's engineers in the debugging team) recently released his patches to Valgrind. I included the URL in my other email I sent a couple minutes ago.

What are the exact arguments you passed to clang?

Nothing really. Either "ccc test2.c -o test" or just "clang test2.c".

Anyway, looks like I figured it out:

--- lib/AST/DeclGroup.cpp (revision 57766)
+++ lib/AST/DeclGroup.cpp (working copy)
@@ -54,7 +54,7 @@
}

void DeclGroup::Destroy(ASTContext& C) {
- Decl** Decls = (Decl**) this + 1;
+ Decl** Decls = (Decl**) (this + 1);

  for (unsigned i = 0; i < NumDecls; ++i)
    Decls[i]->Destroy(C);

Wow. I'm very curious to know why that even works at all on Mac OS X.

Patch applied:

http://lists.cs.uiuc.edu/pipermail/cfe-commits/Week-of-Mon-20081013/008276.html

Thanks so much for diagnosing the bug!

That’s right Ken. Thanks for clarifying!