Clang crash on invalid code: "cast<Ty>() argument of incompatible type"

[kparzysz-quic]

Creduce has produced this interesting output:

template <a> struct b
template <a c, class>
using d = b<c>;
template <class... e>
using f = decltype(g< e... >());
template <h> class i {
  template <class>
  struct j
  template <d<f<j<i>>::k, int>>
  i() }template i()

$ clang++ -c -std=c++17 interesting.ii
interesting.ii:1:11: error: unknown type name 'a'
template <a> struct b
          ^
interesting.ii:1:22: error: expected ';' after struct
template <a> struct b
                     ^
                     ;
interesting.ii:2:11: error: unknown type name 'a'
template <a c, class>
          ^
interesting.ii:5:20: warning: use of function template name with no prior declaration in function call with explicit template arguments is a C++20 extension [-Wc++20-extensions]
using f = decltype(g< e... >());
                   ^
interesting.ii:6:11: error: unknown type name 'h'
template <h> class i {
          ^
interesting.ii:8:11: error: expected ';' after struct
  struct j
          ^
          ;
interesting.ii:5:20: warning: use of function template name with no prior declaration in function call with explicit template arguments is a C++20 extension [-Wc++20-extensions]
using f = decltype(g< e... >());
                   ^
interesting.ii:9:15: note: in instantiation of template type alias 'f' requested here
  template <d<f<j<i>>::k, int>>
              ^
interesting.ii:5:20: warning: use of function template name with no prior declaration in function call with explicit template arguments is a C++20 extension [-Wc++20-extensions]
using f = decltype(g< e... >());
                   ^
interesting.ii:9:15: note: in instantiation of template type alias 'f' requested here
  template <d<f<j<i>>::k, int>>
              ^
interesting.ii:10:6: error: expected ';' at end of declaration list
  i() }template i()
     ^
     ;
interesting.ii:10:8: error: expected ';' after class
  i() }template i()
       ^
       ;
interesting.ii:10:20: error: variable cannot be defined in an explicit instantiation; if this declaration is meant to be a variable definition, remove the 'template' keyword
  i() }template i()
       ~~~~~~~~~   ^
interesting.ii:5:20: warning: use of function template name with no prior declaration in function call with explicit template arguments is a C++20 extension [-Wc++20-extensions]
using f = decltype(g< e... >());
                   ^
interesting.ii:9:15: note: in instantiation of template type alias 'f' requested here
  template <d<f<j<i>>::k, int>>
              ^
clang++: /w/src/llvm.org/llvm/include/llvm/Support/Casting.h:578: decltype(auto) llvm::cast(From *) [To = clang::TypeAliasTemplateDecl, From = clang::Decl]: Assertion `isa<To>(Val) && "cast<Ty>() argument of incompatible type!"' failed.
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.      Program arguments: /w/c/org/bin/clang++ -c -std=c++17 interesting.ii
1.      <eof> parser at end of file
 #0 0x0000000002e16d53 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/w/c/org/bin/clang+++0x2e16d53)
 #1 0x0000000002e14c1e llvm::sys::RunSignalHandlers() (/w/c/org/bin/clang+++0x2e14c1e)
 #2 0x0000000002e1618d llvm::sys::CleanupOnSignal(unsigned long) (/w/c/org/bin/clang+++0x2e1618d)
 #3 0x0000000002d885be (anonymous namespace)::CrashRecoveryContextImpl::HandleCrash(int, unsigned long) CrashRecoveryContext.cpp:0:0
 #4 0x0000000002d88810 CrashRecoverySignalHandler(int) CrashRecoveryContext.cpp:0:0
 #5 0x00007f5bf47a5420 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x14420)
 #6 0x00007f5bf42e300b raise /build/glibc-SzIz7B/glibc-2.31/signal/../sysdeps/unix/sysv/linux/raise.c:51:1
 #7 0x00007f5bf42c2859 abort /build/glibc-SzIz7B/glibc-2.31/stdlib/abort.c:81:7
 #8 0x00007f5bf42c2729 get_sysdep_segment_value /build/glibc-SzIz7B/glibc-2.31/intl/loadmsgcat.c:509:8
 #9 0x00007f5bf42c2729 _nl_load_domain /build/glibc-SzIz7B/glibc-2.31/intl/loadmsgcat.c:970:34
#10 0x00007f5bf42d3fd6 (/lib/x86_64-linux-gnu/libc.so.6+0x33fd6)
#11 0x0000000005794144 (/w/c/org/bin/clang+++0x5794144)
#12 0x00000000057938fb clang::Sema::PrintInstantiationStack() (/w/c/org/bin/clang+++0x57938fb)
#13 0x0000000004ff8fc1 clang::Sema::EmitCurrentDiagnostic(unsigned int) (/w/c/org/bin/clang+++0x4ff8fc1)
#14 0x0000000004ff9ed7 clang::Sema::ImmediateDiagBuilder::~ImmediateDiagBuilder() (/w/c/org/bin/clang+++0x4ff9ed7)
#15 0x0000000004ffa041 clang::Sema::SemaDiagnosticBuilder::~SemaDiagnosticBuilder() (/w/c/org/bin/clang+++0x4ffa041)
#16 0x00000000052cf23c clang::Sema::ActOnCallExpr(clang::Scope*, clang::Expr*, clang::SourceLocation, llvm::MutableArrayRef<clang::Expr*>, clang::SourceLocation, clang::Expr*) (/w/c/org/bin/clang+++0x52cf23c)
#17 0x00000000057a58de clang::TreeTransform<(anonymous namespace)::TemplateInstantiator>::TransformCallExpr(clang::CallExpr*) SemaTemplateInstantiate.cpp:0:0
#18 0x00000000057bc7ca clang::TreeTransform<(anonymous namespace)::TemplateInstantiator>::TransformDecltypeType(clang::TypeLocBuilder&, clang::DecltypeTypeLoc) SemaTemplateInstantiate.cpp:0:0
#19 0x0000000005794c10 clang::TreeTransform<(anonymous namespace)::TemplateInstantiator>::TransformType(clang::TypeLocBuilder&, clang::TypeLoc) SemaTemplateInstantiate.cpp:0:0
#20 0x0000000005794667 clang::TreeTransform<(anonymous namespace)::TemplateInstantiator>::TransformType(clang::TypeSourceInfo*) SemaTemplateInstantiate.cpp:0:0
#21 0x00000000057951b3 clang::Sema::SubstType(clang::QualType, clang::MultiLevelTemplateArgumentList const&, clang::SourceLocation, clang::DeclarationName) (/w/c/org/bin/clang+++0x57951b3)
#22 0x00000000056578c8 clang::Sema::CheckTemplateIdType(clang::TemplateName, clang::SourceLocation, clang::TemplateArgumentListInfo&) (/w/c/org/bin/clang+++0x56578c8)
#23 0x00000000057b0fd6 clang::TreeTransform<(anonymous namespace)::TemplateInstantiator>::TransformTemplateSpecializationType(clang::TypeLocBuilder&, clang::TemplateSpecializationTypeLoc, clang::TemplateName) SemaTemplateInstantiate.cpp:0:0
#24 0x00000000057b0126 clang::TreeTransform<(anonymous namespace)::TemplateInstantiator>::TransformTSIInObjectScope(clang::TypeLoc, clang::QualType, clang::NamedDecl*, clang::CXXScopeSpec&) SemaTemplateInstantiate.cpp:0:0
#25 0x000000000579dceb clang::TreeTransform<(anonymous namespace)::TemplateInstantiator>::TransformNestedNameSpecifierLoc(clang::NestedNameSpecifierLoc, clang::QualType, clang::NamedDecl*) SemaTemplateInstantiate.cpp:0:0
#26 0x00000000057b2c4b clang::TreeTransform<(anonymous namespace)::TemplateInstantiator>::TransformDependentScopeDeclRefExpr(clang::DependentScopeDeclRefExpr*, bool, clang::TypeSourceInfo**) SemaTemplateInstantiate.cpp:0:0
#27 0x00000000057b1c31 clang::TreeTransform<(anonymous namespace)::TemplateInstantiator>::TransformTemplateArgument(clang::TemplateArgumentLoc const&, clang::TemplateArgumentLoc&, bool) SemaTemplateInstantiate.cpp:0:0
#28 0x00000000057b08d5 clang::TreeTransform<(anonymous namespace)::TemplateInstantiator>::TransformTemplateSpecializationType(clang::TypeLocBuilder&, clang::TemplateSpecializationTypeLoc, clang::TemplateName) SemaTemplateInstantiate.cpp:0:0
#29 0x00000000057c15bb clang::TreeTransform<(anonymous namespace)::TemplateInstantiator>::TransformTemplateSpecializationType(clang::TypeLocBuilder&, clang::TemplateSpecializationTypeLoc) SemaTemplateInstantiate.cpp:0:0
#30 0x00000000057950a6 clang::TreeTransform<(anonymous namespace)::TemplateInstantiator>::TransformType(clang::TypeLocBuilder&, clang::TypeLoc) SemaTemplateInstantiate.cpp:0:0
#31 0x00000000057be84b clang::TreeTransform<(anonymous namespace)::TemplateInstantiator>::TransformElaboratedType(clang::TypeLocBuilder&, clang::ElaboratedTypeLoc) SemaTemplateInstantiate.cpp:0:0
#32 0x0000000005794ce5 clang::TreeTransform<(anonymous namespace)::TemplateInstantiator>::TransformType(clang::TypeLocBuilder&, clang::TypeLoc) SemaTemplateInstantiate.cpp:0:0
#33 0x0000000005794667 clang::TreeTransform<(anonymous namespace)::TemplateInstantiator>::TransformType(clang::TypeSourceInfo*) SemaTemplateInstantiate.cpp:0:0
#34 0x00000000057942a2 clang::Sema::SubstType(clang::TypeSourceInfo*, clang::MultiLevelTemplateArgumentList const&, clang::SourceLocation, clang::DeclarationName, bool) (/w/c/org/bin/clang+++0x57942a2)
#35 0x00000000057e647b clang::TemplateDeclInstantiator::VisitNonTypeTemplateParmDecl(clang::NonTypeTemplateParmDecl*) (/w/c/org/bin/clang+++0x57e647b)
#36 0x000000000581eb54 void llvm::function_ref<void ()>::callback_fn<clang::Sema::SubstDecl(clang::Decl*, clang::DeclContext*, clang::MultiLevelTemplateArgumentList const&)::$_0>(long) SemaTemplateInstantiateDecl.cpp:0:0
#37 0x0000000004ff269b clang::Sema::runWithSufficientStackSpace(clang::SourceLocation, llvm::function_ref<void ()>) (/w/c/org/bin/clang+++0x4ff269b)
#38 0x00000000057ebb89 clang::Sema::SubstDecl(clang::Decl*, clang::DeclContext*, clang::MultiLevelTemplateArgumentList const&) (/w/c/org/bin/clang+++0x57ebb89)
#39 0x000000000565403a clang::Sema::DeclareImplicitDeductionGuides(clang::TemplateDecl*, clang::SourceLocation) (/w/c/org/bin/clang+++0x565403a)
#40 0x00000000054b2dba LookupDirect(clang::Sema&, clang::LookupResult&, clang::DeclContext const*) SemaLookup.cpp:0:0
#41 0x00000000054aedb7 CppNamespaceLookup(clang::Sema&, clang::LookupResult&, clang::ASTContext&, clang::DeclContext*, (anonymous namespace)::UnqualUsingDirectiveSet&) SemaLookup.cpp:0:0
#42 0x00000000054ae31d clang::Sema::CppLookupName(clang::LookupResult&, clang::Scope*) (/w/c/org/bin/clang+++0x54ae31d)
#43 0x00000000054b25db clang::Sema::LookupName(clang::LookupResult&, clang::Scope*, bool, bool) (/w/c/org/bin/clang+++0x54b25db)
#44 0x000000000514e49e clang::Sema::HandleDeclarator(clang::Scope*, clang::Declarator&, llvm::MutableArrayRef<clang::TemplateParameterList*>) (/w/c/org/bin/clang+++0x514e49e)
#45 0x000000000514dd9a clang::Sema::ActOnDeclarator(clang::Scope*, clang::Declarator&) (/w/c/org/bin/clang+++0x514dd9a)
#46 0x0000000004eed594 clang::Parser::ParseDeclarationAfterDeclaratorAndAttributes(clang::Declarator&, clang::Parser::ParsedTemplateInfo const&, clang::Parser::ForRangeInit*) (/w/c/org/bin/clang+++0x4eed594)
#47 0x0000000004eee3fb clang::Parser::ParseDeclarationAfterDeclarator(clang::Declarator&, clang::Parser::ParsedTemplateInfo const&) (/w/c/org/bin/clang+++0x4eee3fb)
#48 0x0000000004fa104e clang::Parser::ParseSingleDeclarationAfterTemplate(clang::DeclaratorContext, clang::Parser::ParsedTemplateInfo const&, clang::ParsingDeclRAIIObject&, clang::SourceLocation&, clang::ParsedAttributes&, clang::AccessSpecifier) (/w/c/org/bin/clang+++0x4fa104e)
#49 0x0000000004f9f4f5 clang::Parser::ParseExplicitInstantiation(clang::DeclaratorContext, clang::SourceLocation, clang::SourceLocation, clang::SourceLocation&, clang::ParsedAttributes&, clang::AccessSpecifier) (/w/c/org/bin/clang+++0x4f9f4f5)
#50 0x0000000004f9f3b7 clang::Parser::ParseDeclarationStartingWithTemplate(clang::DeclaratorContext, clang::SourceLocation&, clang::ParsedAttributes&, clang::AccessSpecifier) (/w/c/org/bin/clang+++0x4f9f3b7)
#51 0x0000000004ee9f31 clang::Parser::ParseDeclaration(clang::DeclaratorContext, clang::SourceLocation&, clang::ParsedAttributes&, clang::ParsedAttributes&, clang::SourceLocation*) (/w/c/org/bin/clang+++0x4ee9f31)
#52 0x0000000004eccc0d clang::Parser::ParseExternalDeclaration(clang::ParsedAttributes&, clang::ParsedAttributes&, clang::ParsingDeclSpec*) (/w/c/org/bin/clang+++0x4eccc0d)
#53 0x0000000004eca95f clang::Parser::ParseTopLevelDecl(clang::OpaquePtr<clang::DeclGroupRef>&, clang::Sema::ModuleImportState&) (/w/c/org/bin/clang+++0x4eca95f)
#54 0x0000000004ec4cce clang::ParseAST(clang::Sema&, bool, bool) (/w/c/org/bin/clang+++0x4ec4cce)
#55 0x0000000003883da0 clang::FrontendAction::Execute() (/w/c/org/bin/clang+++0x3883da0)
#56 0x0000000003802eaf clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/w/c/org/bin/clang+++0x3802eaf)
#57 0x0000000003950d76 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/w/c/org/bin/clang+++0x3950d76)
#58 0x0000000000a4d80f cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/w/c/org/bin/clang+++0xa4d80f)
#59 0x0000000000a49a7b ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&) driver.cpp:0:0
#60 0x0000000003670792 void llvm::function_ref<void ()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<llvm::Optional<llvm::StringRef>>, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>*, bool*) const::$_1>(long) Job.cpp:0:0
#61 0x0000000002d88439 llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) (/w/c/org/bin/clang+++0x2d88439)
#62 0x0000000003670050 clang::driver::CC1Command::Execute(llvm::ArrayRef<llvm::Optional<llvm::StringRef>>, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>*, bool*) const (/w/c/org/bin/clang+++0x3670050)
#63 0x000000000363588a clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&, clang::driver::Command const*&, bool) const (/w/c/org/bin/clang+++0x363588a)
#64 0x0000000003635b7e clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&, llvm::SmallVectorImpl<std::__1::pair<int, clang::driver::Command const*>>&, bool) const (/w/c/org/bin/clang+++0x3635b7e)
#65 0x0000000003653440 clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&, llvm::SmallVectorImpl<std::__1::pair<int, clang::driver::Command const*>>&) (/w/c/org/bin/clang+++0x3653440)
#66 0x0000000000a48fb7 clang_main(int, char**) (/w/c/org/bin/clang+++0xa48fb7)
#67 0x00007f5bf42c4083 __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:342:3
#68 0x0000000000a4625e _start (/w/c/org/bin/clang+++0xa4625e)
clang-16: error: clang frontend command failed with exit code 134 (use -v to see invocation)
clang version 16.0.0 (https://github.com/llvm/llvm-project 4f17734175099e0cd492882e17d2ad51fda964aa)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /w/c/org/bin
clang-16: note: diagnostic msg: Error generating preprocessed source(s) - no preprocessable inputs.

[llvmbot]

@llvm/issue-subscribers-clang-frontend

[AaronBallman]

The crash is happening thanks to a cast<> which attempts to cast to an invalid type, but the type we get is a ClassTemplateDecl while in an instantiation code synthesis context, which is a bit of a surprise. Either we need to update Sema::PrintInstantiationStack() or the actual problem happens before we get to printing the instantiation stack (such as when we're constructing it).