Bug 417971

Summary: Kdevelop crashes during autocomplete
Product: [Applications] kdevelop Reporter: Andrei Slavoiu <ansla80>
Component: generalAssignee: kdevelop-bugs-null
Status: RESOLVED UPSTREAM    
Severity: crash CC: aaronpuchert, cyp561, kdebug, mail
Priority: NOR Keywords: drkonqi
Version First Reported In: 5.5.0   
Target Milestone: ---   
Platform: Gentoo Packages   
OS: Linux   
See Also: https://bugs.llvm.org/show_bug.cgi?id=46147
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:
Attachments: New crash information added by DrKonqi

Description Andrei Slavoiu 2020-02-21 07:00:15 UTC 
Application: kdevelop (5.5.0)

Qt Version: 5.13.2
Frameworks Version: 5.64.0
Operating System: Linux 4.19.93-gentoo x86_64
Distribution: "Gentoo Base System release 2.6"

-- Information about the crash:
- What I was doing when the application crashed:

The crashes seem to happen at random moments, though they started happening after I replaced some manual std::unique_ptr instantiations with calls to boost::make_unique, not sure if it's related or just a coincidence.

The stack trace is similar to that from some bugs related to static_assert parsing with clang 3.9, but given I'm using clang 9.0.1 it shouldn't be related.

The crash can be reproduced sometimes.

-- Backtrace (Reduced):
#7  0x00007f113662f51d in clang::Stmt::getStmtClass() const (this=<optimized out>) at /var/tmp/portage/sys-devel/clang-9.0.1/work/x/y/clang/include/clang/AST/Stmt.h:1088
#8  0x00007f113662f51d in clang::cxcursor::MakeCXCursor(clang::Stmt const*, clang::Decl const*, CXTranslationUnitImpl*, clang::SourceRange) (S=S@entry=0x0, Parent=0x0, TU=0x7f10f402be00, RegionOfInterest=...) at /var/tmp/portage/sys-devel/clang-9.0.1/work/x/y/clang/tools/libclang/CXCursor.cpp:132
#9  0x00007f11365fbfd5 in clang::cxcursor::CursorVisitor::EnqueueWorkList(llvm::SmallVector<clang::cxcursor::VisitorJob, 10u>&, clang::Stmt const*) (this=this@entry=0x7f11195f59e0, WL=..., S=S@entry=0x0) at /var/tmp/portage/sys-devel/clang-9.0.1/work/x/y/clang/tools/libclang/CIndex.cpp:2966
#10 0x00007f1136619caf in clang::cxcursor::CursorVisitor::Visit(clang::Stmt const*) (this=this@entry=0x7f11195f59e0, S=0x0) at /var/tmp/portage/sys-devel/clang-9.0.1/work/x/y/clang/tools/libclang/CIndex.cpp:3194
#11 0x00007f11366194da in clang::cxcursor::CursorVisitor::RunVisitorWorkList(llvm::SmallVector<clang::cxcursor::VisitorJob, 10u>&) (this=0x7f11195f59e0, WL=...) at /var/tmp/portage/sys-devel/clang-9.0.1/work/x/y/clang/tools/libclang/CIndex.cpp:3152


Possible duplicates by query: bug 383612, bug 378294.

Reported using DrKonqi
Comment 1 Andrei Slavoiu 2020-02-21 07:00:15 UTC 
Created attachment 126239 [details]
New crash information added by DrKonqi

DrKonqi auto-attaching complete backtrace.
Comment 2 Cyp 2020-05-29 12:21:16 UTC 
I got the same crash backtrace with the same kdevelop version.

The crash seems 100% reproducible if opening a file with the following reduced testcase in kdevelop, or typing it manually:
----
void a(int b) { int c[b]; [&] { c
----

The crash may be related to using variable-length arrays from lambda functions.
Comment 3 Bartek Szady 2020-05-31 06:04:37 UTC 
Kdevelop 5.5.1 with clang 10.0.0 crashes, after pasting 'void a(int b) { int c[b]; [&] { c', too.
Comment 4 Cyp 2020-05-31 20:51:14 UTC 
After building llvm with `cmake -DLLVM_ENABLE_ASSERTIONS=ON -DLLVM_ENABLE_PROJECTS=clang -G "Unix Makefiles" ../llvm`:

kdevelop: /git/llvm-project/clang/tools/libclang/CXCursor.cpp:129: CXCursor clang::cxcursor::MakeCXCursor(const clang::Stmt*, const clang::Decl*, CXTranslationUnit, clang::SourceRange): Assertion `S && TU && "Invalid arguments!"' failed.

gdb says S is null:

#3  0x00007ffff5fc8f72 in __GI___assert_fail
    (assertion=0x7fff92ad7da6 "S && \"Invalid arguments! (S)\"", file=0x7fff92ad7760 "/git/llvm-project/clang/tools/libclang/CXCursor.cpp", line=129, function=0x7fff92ad7d30 "CXCursor clang::cxcursor::MakeCXCursor(const clang::Stmt*, const clang::Decl*, CXTranslationUnit, clang::SourceRange)") at assert.c:101
#4  0x00007fff8d56a73f in clang::cxcursor::MakeCXCursor(clang::Stmt const*, clang::Decl const*, CXTranslationUnitImpl*, clang::SourceRange) (S=0x0, Parent=0x0, TU=0x7fff74057c00, RegionOfInterest=...)
    at /git/llvm-project/clang/tools/libclang/CXCursor.cpp:129
#5  0x00007fff8d4e874d in clang::cxcursor::CursorVisitor::EnqueueWorkList(llvm::SmallVector<clang::cxcursor::VisitorJob, 10u>&, clang::Stmt const*) (this=0x7fff8caae310, WL=..., S=0x0)
    at /git/llvm-project/clang/tools/libclang/CIndex.cpp:2966
#6  0x00007fff8d4e988c in clang::cxcursor::CursorVisitor::Visit(clang::Stmt const*) (this=0x7fff8caae310, S=0x0) at /git/llvm-project/clang/tools/libclang/CIndex.cpp:3194
#7  0x00007fff8d4e955e in clang::cxcursor::CursorVisitor::RunVisitorWorkList(llvm::SmallVector<clang::cxcursor::VisitorJob, 10u>&) (this=0x7fff8caae310, WL=...)
    at /git/llvm-project/clang/tools/libclang/CIndex.cpp:3152
#8  0x00007fff8d4e989f in clang::cxcursor::CursorVisitor::Visit(clang::Stmt const*) (this=0x7fff8caae310, S=0x7fff74096938) at /git/llvm-project/clang/tools/libclang/CIndex.cpp:3195
#9  0x00007fff8d4dde67 in clang::cxcursor::CursorVisitor::VisitChildren(CXCursor) (this=0x7fff8caae310, Cursor=...) at /git/llvm-project/clang/tools/libclang/CIndex.cpp:514
#10 0x00007fff8d4ee64e in clang_visitChildren(CXCursor, CXCursorVisitor, CXClientData)
    (parent=..., visitor=0x7fffa8f11ba0 <(anonymous namespace)::visitCursor(CXCursor, CXCursor, CXClientData)>, client_data=0x7fff8cab08d0) at /git/llvm-project/clang/tools/libclang/CIndex.cpp:4389
#11 0x00007fffa8f12676 in (anonymous namespace)::Visitor::buildCompoundStatement<(CXCursorKind)144> (cursor=..., this=0x7fff8cab08d0) at /usr/lib/gcc/x86_64-pc-linux-gnu/9.2.0/include/g++-v9/bits/move.h:99
#12 (anonymous namespace)::visitCursor(CXCursor, CXCursor, CXClientData) (cursor=..., parent=..., data=0x7fff8cab08d0)
    at /var/tmp/portage/dev-util/kdevelop-5.5.0/work/kdevelop-5.5.0/plugins/clang/duchain/builder.cpp:1587
#13 0x00007fff8d4e8de9 in clang::cxcursor::CursorVisitor::RunVisitorWorkList(llvm::SmallVector<clang::cxcursor::VisitorJob, 10u>&) (this=0x7fff8caaefb0, WL=...)
    at /git/llvm-project/clang/tools/libclang/CIndex.cpp:3052
#14 0x00007fff8d4e989f in clang::cxcursor::CursorVisitor::Visit(clang::Stmt const*) (this=0x7fff8caaefb0, S=0x7fff74096ad8) at /git/llvm-project/clang/tools/libclang/CIndex.cpp:3195
#15 0x00007fff8d4dde04 in clang::cxcursor::CursorVisitor::VisitChildren(CXCursor) (this=0x7fff8caaefb0, Cursor=...) at /git/llvm-project/clang/tools/libclang/CIndex.cpp:507
#16 0x00007fff8d4ee64e in clang_visitChildren(CXCursor, CXCursorVisitor, CXClientData)
    (parent=..., visitor=0x7fffa8f11ba0 <(anonymous namespace)::visitCursor(CXCursor, CXCursor, CXClientData)>, client_data=0x7fff8cab08d0) at /git/llvm-project/clang/tools/libclang/CIndex.cpp:4389
#17 0x00007fffa8f1627b in (anonymous namespace)::Visitor::buildCompoundStatement<(CXCursorKind)202> (cursor=..., this=0x7fff8cab08d0) at /usr/lib/gcc/x86_64-pc-linux-gnu/9.2.0/include/g++-v9/bits/move.h:99
#18 (anonymous namespace)::visitCursor(CXCursor, CXCursor, CXClientData) (cursor=..., parent=..., data=0x7fff8cab08d0)
    at /var/tmp/portage/dev-util/kdevelop-5.5.0/work/kdevelop-5.5.0/plugins/clang/duchain/builder.cpp:1585
#19 0x00007fff8d4dcde8 in clang::cxcursor::CursorVisitor::Visit(CXCursor, bool) (this=0x7fff8caafa70, Cursor=..., CheckedRegionOfInterest=false) at /git/llvm-project/clang/tools/libclang/CIndex.cpp:213
#20 0x00007fff8d4df799 in clang::cxcursor::CursorVisitor::VisitFunctionDecl(clang::FunctionDecl*) (this=0x7fff8caafa70, ND=0x7fff740962d8) at /git/llvm-project/clang/tools/libclang/CIndex.cpp:885
#21 0x00007fff8d5207f4 in clang::declvisitor::Base<std::add_pointer, clang::cxcursor::CursorVisitor, bool>::Visit(clang::Decl*) (this=0x7fff8caafa70, D=0x7fff740962d8)
    at /git/llvm-project/build/tools/clang/include/clang/AST/DeclNodes.inc:395
#22 0x00007fff8d4ddd9a in clang::cxcursor::CursorVisitor::VisitChildren(CXCursor) (this=0x7fff8caafa70, Cursor=...) at /git/llvm-project/clang/tools/libclang/CIndex.cpp:502
#23 0x00007fff8d4ee64e in clang_visitChildren(CXCursor, CXCursorVisitor, CXClientData)
    (parent=..., visitor=0x7fffa8f11ba0 <(anonymous namespace)::visitCursor(CXCursor, CXCursor, CXClientData)>, client_data=0x7fff8cab08d0) at /git/llvm-project/clang/tools/libclang/CIndex.cpp:4389
#24 0x00007fffa8f05bf9 in (anonymous namespace)::Visitor::buildDeclaration<(CXCursorKind)8, KDevelop::FunctionDefinition, true>(CXCursor) (this=this@entry=0x7fff8cab08d0, cursor=...)
    at /usr/lib/gcc/x86_64-pc-linux-gnu/9.2.0/include/g++-v9/bits/move.h:99
#25 0x00007fffa8f12e9a in (anonymous namespace)::Visitor::dispatchCursor<(CXCursorKind)8, (Decision)1, (Decision)0> (cursor=..., this=0x7fff8cab08d0, parent=...)
    at /var/tmp/portage/dev-util/kdevelop-5.5.0/work/kdevelop-5.5.0/plugins/clang/duchain/builder.cpp:942
#26 (anonymous namespace)::Visitor::dispatchCursor<(CXCursorKind)8> (cursor=..., this=0x7fff8cab08d0, parent=...)
    at /var/tmp/portage/dev-util/kdevelop-5.5.0/work/kdevelop-5.5.0/plugins/clang/duchain/builder.cpp:935
#27 (anonymous namespace)::visitCursor(CXCursor, CXCursor, CXClientData) (cursor=..., parent=..., data=0x7fff8cab08d0)
    at /var/tmp/portage/dev-util/kdevelop-5.5.0/work/kdevelop-5.5.0/plugins/clang/duchain/builder.cpp:1544
#28 0x00007fff8d4dcde8 in clang::cxcursor::CursorVisitor::Visit(CXCursor, bool) (this=0x7fff8cab06b0, Cursor=..., CheckedRegionOfInterest=true) at /git/llvm-project/clang/tools/libclang/CIndex.cpp:213
#29 0x00007fff8d4de910 in clang::cxcursor::CursorVisitor::handleDeclForVisitation(clang::Decl const*) (this=0x7fff8cab06b0, D=0x7fff740962d8) at /git/llvm-project/clang/tools/libclang/CIndex.cpp:670
#30 0x00007fff8d4de674 in clang::cxcursor::CursorVisitor::VisitDeclContext(clang::DeclContext*) (this=0x7fff8cab06b0, DC=0x7fff7404c430) at /git/llvm-project/clang/tools/libclang/CIndex.cpp:631
#31 0x00007fff8d4de052 in clang::cxcursor::CursorVisitor::VisitChildren(CXCursor) (this=0x7fff8cab06b0, Cursor=...) at /git/llvm-project/clang/tools/libclang/CIndex.cpp:536
--Type <RET> for more, q to quit, c to continue without paging--c
#32 0x00007fff8d4ee64e in clang_visitChildren(CXCursor, CXCursorVisitor, CXClientData) (parent=..., visitor=0x7fffa8f11ba0 <(anonymous namespace)::visitCursor(CXCursor, CXCursor, CXClientData)>, client_data=0x7fff8cab08d0) at /git/llvm-project/clang/tools/libclang/CIndex.cpp:4389
#33 0x00007fffa8ef880b in (anonymous namespace)::Visitor::Visitor (update=<optimized out>, includes=..., file=<optimized out>, tu=<optimized out>, this=0x7fff8cab08d0) at /var/tmp/portage/dev-util/kdevelop-5.5.0/work/kdevelop-5.5.0/plugins/clang/duchain/builder.cpp:1464
#34 Builder::visit(CXTranslationUnitImpl*, void*, QHash<void*, KDevelop::ReferencedTopDUContext> const&, bool) (tu=<optimized out>, file=<optimized out>, includes=..., update=<optimized out>) at /var/tmp/portage/dev-util/kdevelop-5.5.0/work/kdevelop-5.5.0/plugins/clang/duchain/builder.cpp:1606
#35 0x00007fffa8f206eb in ClangHelpers::buildDUChain(void*, QMultiHash<void*, Import> const&, ParseSession const&, KDevelop::TopDUContext::Features, QHash<void*, KDevelop::ReferencedTopDUContext>&, ClangIndex*, std::function<bool ()> const&) (file=<optimized out>, imports=..., session=..., features=<optimized out>, includedFiles=..., index=0x555556115ff0, abortFunction=...) at /var/tmp/portage/dev-util/kdevelop-5.5.0/work/kdevelop-5.5.0/plugins/clang/duchain/clanghelpers.cpp:201
#36 0x00007fffa93712a4 in ClangParseJob::run(QSharedPointer<ThreadWeaver::JobInterface>, ThreadWeaver::Thread*) (this=0x55557791c190) at /var/tmp/portage/dev-util/kdevelop-5.5.0/work/kdevelop-5.5.0/plugins/clang/clangparsejob.cpp:222
#37 0x00007ffff2bf99fb in ThreadWeaver::IdDecorator::run(QSharedPointer<ThreadWeaver::JobInterface>, ThreadWeaver::Thread*) (this=<optimized out>, self=..., thread=0x555557dfb810) at /usr/lib/gcc/x86_64-pc-linux-gnu/9.2.0/include/g++-v9/bits/atomic_base.h:318
#38 0x00007ffff2bf9fa9 in ThreadWeaver::Executor::run(QSharedPointer<ThreadWeaver::JobInterface> const&, ThreadWeaver::Thread*) (this=<optimized out>, job=..., thread=<optimized out>) at /usr/lib/gcc/x86_64-pc-linux-gnu/9.2.0/include/g++-v9/bits/atomic_base.h:318
#39 0x00007ffff2bf8dd3 in ThreadWeaver::Job::execute(QSharedPointer<ThreadWeaver::JobInterface> const&, ThreadWeaver::Thread*) (this=<optimized out>, self=..., th=0x555557dfb810) at /var/tmp/portage/kde-frameworks/threadweaver-5.67.0/work/threadweaver-5.67.0/src/job.cpp:83
#40 0x00007ffff2bf89c9 in ThreadWeaver::Thread::run() (this=0x555557dfb810) at /usr/include/qt5/QtCore/qsharedpointer_impl.h:306
#41 0x00007ffff649663c in QThreadPrivate::start(void*) (arg=0x555557dfb810) at thread/qthread_unix.cpp:342
#42 0x00007ffff34e2ea7 in start_thread (arg=<optimized out>) at pthread_create.c:479
#43 0x00007ffff609121f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
Comment 5 Sven Brauch 2020-05-31 21:37:34 UTC 
This is most likely a bug in clang, and needs to be reported to them. I don't think there's anything KDevelop can do about it, judging from the trace. Sorry!
Comment 6 Aaron Puchert 2020-05-31 22:10:59 UTC 
This can be reproduced without KDevelop. Create a file test.cpp with the example from comment 2 as content, then run "c-index-test -cursor-at=test.cpp:1:34 test.cpp", where c-index-test is a tool coming with Clang. This crashes for me as well.

So I filed a bug report with Clang: https://bugs.llvm.org/show_bug.cgi?id=46147.
Comment 7 Aaron Puchert 2020-06-05 20:34:21 UTC 
Andrei, does your code also involve captures of variable-length arrays, or is it something else? I can see from your stack trace that an lambda init expression is nullptr (since #11 is at https://github.com/llvm/llvm-project/blob/llvmorg-9.0.1/clang/tools/libclang/CIndex.cpp#L3152 and the call to #10 has S=0x0), and I haven't seen that happen except for VLA type captures.

One way to find out if you have VLAs is to compile with -Wvla.
Comment 8 Aaron Puchert 2020-06-16 22:16:31 UTC 
It would be good to know if the original issue has the same root case as the example from comment 2, if not we might need to open another bug upstream.
Comment 9 Bug Janitor Service 2020-07-01 04:33:09 UTC 
Dear Bug Submitter,

This bug has been in NEEDSINFO status with no change for at least
15 days. Please provide the requested information as soon as
possible and set the bug status as REPORTED. Due to regular bug
tracker maintenance, if the bug is still in NEEDSINFO status with
no change in 30 days the bug will be closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

If you have already provided the requested information, please
mark the bug as REPORTED so that the KDE team knows that the bug is
ready to be confirmed.

Thank you for helping us make KDE software even better for everyone!
Comment 10 Bug Janitor Service 2020-07-16 04:33:10 UTC 
This bug has been in NEEDSINFO status with no change for at least
30 days. The bug is now closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

Thank you for helping us make KDE software even better for everyone!
Comment 11 Andrei Slavoiu 2020-08-30 23:26:23 UTC 
(In reply to Aaron Puchert from comment #7)
> Andrei, does your code also involve captures of variable-length arrays, or
> is it something else?
The code does use VLAs, but AFAICT, none of them is captured by a lambda.

Also, I haven't seen any crashes with clang-10.