[llvm-bugs] [Bug 155920] [clang-cl] crash when compiling one particular cpp file with `-Xclang -fstrict-vtable-pointers`

Thu, 28 Aug 2025 14:02:55 -0700

Issue 155920
Summary [clang-cl] crash when compiling one particular cpp file with `-Xclang -fstrict-vtable-pointers`
Labels new issue
Assignees
Reporter solbjorn 
    One particular cpp file from a huge project (> 1000 cpp files) doesn't compile with clang-cl and `-Xclang -fstrict-vtable-pointers`, the rest does.
The file compiles fine (and the app works) without the flag.

LLVM 21.1.0 (official Windows binaries)
Windows SDK 10.0.26100.0
Visual Studio Community 17.14.13 Preview 1.0

```
1>PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
1>Stack dump:
1>0.	Program arguments: "C:\\Program Files\\LLVM\\bin\\clang-cl.exe" @C:\\Users\\aloba\\AppData\\Local\\Temp\\MSBuildTemp\\tmpb1f94b82efef427c93504ce2372bff58.rsp
1>1.	<eof> parser at end of file
1>2.	Optimizer
1>3.	Running pass "require<globals-aa>,function(invalidate<aa>),require<profile-summary>,cgscc(devirt<4>(inline,function-attrs<skip-non-recursive-function-attrs>,argpromotion,openmp-opt-cgscc,function<eager-inv;no-rerun>(sroa<modify-cfg>,early-cse<memssa>,speculative-execution<only-if-divergent-target>,jump-threading,correlated-propagation,simplifycfg<bonus-inst-threshold=1;no-forward-switch-cond;switch-range-to-icmp;no-switch-to-lookup;keep-loops;no-hoist-common-insts;no-hoist-loads-stores-with-cond-faulting;no-sink-common-insts;speculate-blocks;simplify-cond-branch;no-speculate-unpredictables>,instcombine<max-iterations=1;no-verify-fixpoint>,aggressive-instcombine,libcalls-shrinkwrap,tailcallelim,simplifycfg<bonus-inst-threshold=1;no-forward-switch-cond;switch-range-to-icmp;no-switch-to-lookup;keep-loops;no-hoist-common-insts;no-hoist-loads-stores-with-cond-faulting;no-sink-common-insts;speculate-blocks;simplify-cond-branch;no-speculate-unpredictables>,reassociate,constraint-elimination,loop-mssa(loop-instsimplify,loop-simplifycfg,licm<no-allowspeculation>,loop-rotate<header-duplication;prepare-for-lto>,licm<allowspeculation>,simple-loop-unswitch<nontrivial;trivial>),simplifycfg<bonus-inst-threshold=1;no-forward-switch-cond;switch-range-to-icmp;no-switch-to-lookup;keep-loops;no-hoist-common-insts;no-hoist-loads-stores-with-cond-faulting;no-sink-common-insts;speculate-blocks;simplify-cond-branch;no-speculate-unpredictables>,instcombine<max-iterations=1;no-verify-fixpoint>,loop(loop-idiom,indvars,extra-simple-loop-unswitch-passes,loop-deletion,loop-unroll-full),sroa<modify-cfg>,vector-combine,mldst-motion<no-split-footer-bb>,gvn<>,sccp,bdce,instcombine<max-iterations=1;no-verify-fixpoint>,jump-threading,correlated-propagation,adce,memcpyopt,dse,move-auto-init,loop-mssa(licm<allowspeculation>),coro-elide,simplifycfg<bonus-inst-threshold=1;no-forward-switch-cond;switch-range-to-icmp;no-switch-to-lookup;keep-loops;hoist-common-insts;no-hoist-loads-stores-with-cond-faulting;sink-common-insts;speculate-blocks;simplify-cond-branch;no-speculate-unpredictables>,instcombine<max-iterations=1;no-verify-fixpoint>),function-attrs,function(require<should-not-run-function-passes>),coro-split,coro-annotation-elide)),function(invalidate<should-not-run-function-passes>),cgscc(devirt<4>())" on module "xrServer.cpp"
1>4.	Running pass "cgscc(devirt<4>(inline,function-attrs<skip-non-recursive-function-attrs>,argpromotion,openmp-opt-cgscc,function<eager-inv;no-rerun>(sroa<modify-cfg>,early-cse<memssa>,speculative-execution<only-if-divergent-target>,jump-threading,correlated-propagation,simplifycfg<bonus-inst-threshold=1;no-forward-switch-cond;switch-range-to-icmp;no-switch-to-lookup;keep-loops;no-hoist-common-insts;no-hoist-loads-stores-with-cond-faulting;no-sink-common-insts;speculate-blocks;simplify-cond-branch;no-speculate-unpredictables>,instcombine<max-iterations=1;no-verify-fixpoint>,aggressive-instcombine,libcalls-shrinkwrap,tailcallelim,simplifycfg<bonus-inst-threshold=1;no-forward-switch-cond;switch-range-to-icmp;no-switch-to-lookup;keep-loops;no-hoist-common-insts;no-hoist-loads-stores-with-cond-faulting;no-sink-common-insts;speculate-blocks;simplify-cond-branch;no-speculate-unpredictables>,reassociate,constraint-elimination,loop-mssa(loop-instsimplify,loop-simplifycfg,licm<no-allowspeculation>,loop-rotate<header-duplication;prepare-for-lto>,licm<allowspeculation>,simple-loop-unswitch<nontrivial;trivial>),simplifycfg<bonus-inst-threshold=1;no-forward-switch-cond;switch-range-to-icmp;no-switch-to-lookup;keep-loops;no-hoist-common-insts;no-hoist-loads-stores-with-cond-faulting;no-sink-common-insts;speculate-blocks;simplify-cond-branch;no-speculate-unpredictables>,instcombine<max-iterations=1;no-verify-fixpoint>,loop(loop-idiom,indvars,extra-simple-loop-unswitch-passes,loop-deletion,loop-unroll-full),sroa<modify-cfg>,vector-combine,mldst-motion<no-split-footer-bb>,gvn<>,sccp,bdce,instcombine<max-iterations=1;no-verify-fixpoint>,jump-threading,correlated-propagation,adce,memcpyopt,dse,move-auto-init,loop-mssa(licm<allowspeculation>),coro-elide,simplifycfg<bonus-inst-threshold=1;no-forward-switch-cond;switch-range-to-icmp;no-switch-to-lookup;keep-loops;hoist-common-insts;no-hoist-loads-stores-with-cond-faulting;sink-common-insts;speculate-blocks;simplify-cond-branch;no-speculate-unpredictables>,instcombine<max-iterations=1;no-verify-fixpoint>),function-attrs,function(require<should-not-run-function-passes>),coro-split,coro-annotation-elide))" on module "xrServer.cpp"
1>5.	Running pass "adce" on function "?entity_Destroy@xrServer@@QEAAXAEAPEAVCSE_Abstract@@@Z"
1>Exception Code: 0xC0000005
1> #0 0x00007ff68a724c3d (C:\Program Files\LLVM\bin\clang-cl.exe+0x1ab4c3d)
1> #1 0x00007ff68a722f29 (C:\Program Files\LLVM\bin\clang-cl.exe+0x1ab2f29)
1> #2 0x00007ff68a71fcd1 (C:\Program Files\LLVM\bin\clang-cl.exe+0x1aafcd1)
1> #3 0x00007ff68a63270e (C:\Program Files\LLVM\bin\clang-cl.exe+0x19c270e)
1> #4 0x00007ff68a6323b1 (C:\Program Files\LLVM\bin\clang-cl.exe+0x19c23b1)
1> #5 0x00007ff68a8c6747 (C:\Program Files\LLVM\bin\clang-cl.exe+0x1c56747)
1> #6 0x00007ff68a8c635b (C:\Program Files\LLVM\bin\clang-cl.exe+0x1c5635b)
1> #7 0x00007ff68a727093 (C:\Program Files\LLVM\bin\clang-cl.exe+0x1ab7093)
1> #8 0x00007ff68a726dab (C:\Program Files\LLVM\bin\clang-cl.exe+0x1ab6dab)
1> #9 0x00007ff68a9f12d8 (C:\Program Files\LLVM\bin\clang-cl.exe+0x1d812d8)
1>#10 0x00007ff68a9f10bb (C:\Program Files\LLVM\bin\clang-cl.exe+0x1d810bb)
1>#11 0x00007ff68a9531d1 (C:\Program Files\LLVM\bin\clang-cl.exe+0x1ce31d1)
1>#12 0x00007ff689058001 (C:\Program Files\LLVM\bin\clang-cl.exe+0x3e8001)
1>#13 0x00007ff688f0cb4c (C:\Program Files\LLVM\bin\clang-cl.exe+0x29cb4c)
1>#14 0x00007ff6894fe640 (C:\Program Files\LLVM\bin\clang-cl.exe+0x88e640)
1>#15 0x00007ff6894fe471 (C:\Program Files\LLVM\bin\clang-cl.exe+0x88e471)
1>#16 0x00007ff688f0cb4c (C:\Program Files\LLVM\bin\clang-cl.exe+0x29cb4c)
1>#17 0x00007ff688f09269 (C:\Program Files\LLVM\bin\clang-cl.exe+0x299269)
1>#18 0x00007ff688effde5 (C:\Program Files\LLVM\bin\clang-cl.exe+0x28fde5)
1>#19 0x00007ff68a64023a (C:\Program Files\LLVM\bin\clang-cl.exe+0x19d023a)
1>#20 0x00007ff68aba8c85 (C:\Program Files\LLVM\bin\clang-cl.exe+0x1f38c85)
1>#21 0x00007ff6892999b3 (C:\Program Files\LLVM\bin\clang-cl.exe+0x6299b3)
1>#22 0x00007ff6892995fd (C:\Program Files\LLVM\bin\clang-cl.exe+0x6295fd)
1>#23 0x00007ff6892962b6 (C:\Program Files\LLVM\bin\clang-cl.exe+0x6262b6)
1>#24 0x00007ff689292e18 (C:\Program Files\LLVM\bin\clang-cl.exe+0x622e18)
1>#25 0x00007ff6892916ae (C:\Program Files\LLVM\bin\clang-cl.exe+0x6216ae)
1>#26 0x00007ff689b7e18d (C:\Program Files\LLVM\bin\clang-cl.exe+0xf0e18d)
1>#27 0x00007ff689421d75 (C:\Program Files\LLVM\bin\clang-cl.exe+0x7b1d75)
1>#28 0x00007ff689421b68 (C:\Program Files\LLVM\bin\clang-cl.exe+0x7b1b68)
1>#29 0x00007ff689146af5 (C:\Program Files\LLVM\bin\clang-cl.exe+0x4d6af5)
1>#30 0x00007ff68914643e (C:\Program Files\LLVM\bin\clang-cl.exe+0x4d643e)
1>#31 0x00007ff68914601d (C:\Program Files\LLVM\bin\clang-cl.exe+0x4d601d)
1>#32 0x00007ff68913cd56 (C:\Program Files\LLVM\bin\clang-cl.exe+0x4ccd56)
1>#33 0x00007ff68913a2f3 (C:\Program Files\LLVM\bin\clang-cl.exe+0x4ca2f3)
1>#34 0x00007ff68ac5bdd0 (C:\Program Files\LLVM\bin\clang-cl.exe+0x1febdd0)
1>#35 0x00007ff9b701e8d7 (C:\WINDOWS\System32\KERNEL32.DLL+0x2e8d7)
1>#36 0x00007ff9b7ee8d9c (C:\WINDOWS\SYSTEM32\ntdll.dll+0x8d9c)
1>clang-cl : error : clang frontend command failed due to signal (use -v to see invocation)
1>clang version 21.1.0
1>Target: amd64-pc-windows-msvc
1>Thread model: posix
1>InstalledDir: C:\Program Files\LLVM\bin
1>clang-cl : message : diagnostic msg:
1>********************
1>PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
1>Preprocessed source(s) and associated run script(s) are located at:
1>clang-cl : message : diagnostic msg: C:\Users\aloba\AppData\Local\Temp\xrServer-16436c.cpp
1>clang-cl : message : diagnostic msg: C:\Users\aloba\AppData\Local\Temp\xrServer-16436c.sh
1>clang-cl : message : diagnostic msg:
1>********************
```

The function mentioned in the trace:
```
void xrServer::entity_Destroy(CSE_Abstract*& P)
{
#ifdef DEBUG
    Msg("xrServer::entity_Destroy : [%d][%s][%s]", P->ID, P->name(), P->name_replace());
#endif
    R_ASSERT(P);
 entities.erase(P->ID);
    m_tID_Generator.vfFreeID(P->ID, Device.TimerAsync());

    if (P->owner && P->owner->owner == P)
 P->owner->owner = NULL;

    P->owner = NULL;
    if (!ai().get_alife() || !P->m_bALifeControl)
    {
        F_entity_Destroy(P);
 }
}
```
With these two lines commented out:
```
 entities.erase(P->ID);
    m_tID_Generator.vfFreeID(P->ID, Device.TimerAsync());
```
it compiles fine. Leaving any of them leads to the crash. `CSE_Abstract` is polymorphic.

Is `-fstrict-vtable-pointers` mature and stable enough on Windows already?

`xrServer-16436c.{cpp,sh}` from the trace:

[xrServer.zip](https://github.com/user-attachments/files/22033057/xrServer.zip)

_______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs

Reply via email to