fatal error: error in backend: Access past stack top!

[CamJN]

Compiling the following reduced program will result in clang crashing with the error in the title.

typedef long a;
namespace b {
namespace c {
namespace d {
namespace e {
namespace {
struct g {};
int h(g, bool, char *);
} // namespace
int i(double f, char *j) {
  a bits(f);
  bool k(bits);
  g l;
  return h(l, k, j);
}
} // namespace e
} // namespace d
} // namespace c
} // namespace b

I can compile the program with this command to see the crash:
clang++ -mno-sse2 reduced-bug.cpp

here's a godbolt reproduction:

https://godbolt.org/#g:!((g:!((g:!((h:codeEditor,i:(filename:'1',fontScale:14,fontUsePx:'0',j:1,lang:c%2B%2B,selection:(endColumn:17,endLineNumber:19,positionColumn:17,positionLineNumber:19,selectionStartColumn:17,selectionStartLineNumber:19,startColumn:17,startLineNumber:19),source:'typedef+long+a%3B%0Anamespace+b+%7B%0Anamespace+c+%7B%0Anamespace+d+%7B%0Anamespace+e+%7B%0Anamespace+%7B%0Astruct+g+%7B%7D%3B%0Aint+h(g,+bool,+char+*)%3B%0A%7D+//+namespace%0Aint+i(double+f,+char+*j)+%7B%0A++a+bits(f)%3B%0A++bool+k(bits)%3B%0A++g+l%3B%0A++return+h(l,+k,+j)%3B%0A%7D%0A%7D+//+namespace+e%0A%7D+//+namespace+d%0A%7D+//+namespace+c%0A%7D+//+namespace+b'),l:'5',n:'0',o:'C%2B%2B+source+%231',t:'0')),k:33.333333333333336,l:'4',n:'0',o:'',s:0,t:'0'),(g:!((h:compiler,i:(compiler:clang1810,filters:(b:'0',binary:'1',binaryObject:'1',commentOnly:'0',debugCalls:'1',demangle:'0',directives:'0',execute:'1',intel:'0',libraryCode:'0',trim:'1',verboseDemangling:'0'),flagsViewOpen:'1',fontScale:14,fontUsePx:'0',j:1,lang:c%2B%2B,libs:!(),options:'-mno-sse2',overrides:!(),selection:(endColumn:1,endLineNumber:1,positionColumn:1,positionLineNumber:1,selectionStartColumn:1,selectionStartLineNumber:1,startColumn:1,startLineNumber:1),source:1),l:'5',n:'0',o:'+x86-64+clang+18.1.0+(Editor+%231)',t:'0')),header:(),k:33.333333333333336,l:'4',m:100,n:'0',o:'',s:0,t:'0'),(g:!((h:output,i:(compilerName:'x86-64+clang+18.1.0',editorid:1,fontScale:14,fontUsePx:'0',j:1,wrap:'1'),l:'5',n:'0',o:'Output+of+x86-64+clang+18.1.0+(Compiler+%231)',t:'0')),j:__glMaximised,k:33.33333333333333,l:'4',n:'0',o:'',s:0,t:'0')),l:'2',n:'0',o:'',t:'0')),version:4

I know I can avoid the crash if I put in a definition for h or enable sse2 instructions, I'm not looking for how to work around the crash, just reporting it so it can be fixed, as in my actual non-reduced program figuring out how to work around the crash is much less obvious.

[llvmbot]

@llvm/issue-subscribers-backend-x86

Author: Camden Narzt (CamJN)

Compiling the following reduced program will result in clang crashing with the error in the title.

typedef long a;
namespace b {
namespace c {
namespace d {
namespace e {
namespace {
struct g {};
int h(g, bool, char *);
} // namespace
int i(double f, char *j) {
  a bits(f);
  bool k(bits);
  g l;
  return h(l, k, j);
}
} // namespace e
} // namespace d
} // namespace c
} // namespace b

I can compile the program with this command to see the crash:
clang++ -mno-sse2 reduced-bug.cpp

here's a godbolt reproduction:

https://godbolt.org/#g:!((g:!((g:!((h:codeEditor,i:(filename:'1',fontScale:14,fontUsePx:'0',j:1,lang:c%2B%2B,selection:(endColumn:17,endLineNumber:19,positionColumn:17,positionLineNumber:19,selectionStartColumn:17,selectionStartLineNumber:19,startColumn:17,startLineNumber:19),source:'typedef+long+a%3B%0Anamespace+b+%7B%0Anamespace+c+%7B%0Anamespace+d+%7B%0Anamespace+e+%7B%0Anamespace+%7B%0Astruct+g+%7B%7D%3B%0Aint+h(g,+bool,+char+*)%3B%0A%7D+//+namespace%0Aint+i(double+f,+char+*j)+%7B%0A++a+bits(f)%3B%0A++bool+k(bits)%3B%0A++g+l%3B%0A++return+h(l,+k,+j)%3B%0A%7D%0A%7D+//+namespace+e%0A%7D+//+namespace+d%0A%7D+//+namespace+c%0A%7D+//+namespace+b'),l:'5',n:'0',o:'C%2B%2B+source+%231',t:'0')),k:33.333333333333336,l:'4',n:'0',o:'',s:0,t:'0'),(g:!((h:compiler,i:(compiler:clang1810,filters:(b:'0',binary:'1',binaryObject:'1',commentOnly:'0',debugCalls:'1',demangle:'0',directives:'0',execute:'1',intel:'0',libraryCode:'0',trim:'1',verboseDemangling:'0'),flagsViewOpen:'1',fontScale:14,fontUsePx:'0',j:1,lang:c%2B%2B,libs:!(),options:'-mno-sse2',overrides:!(),selection:(endColumn:1,endLineNumber:1,positionColumn:1,positionLineNumber:1,selectionStartColumn:1,selectionStartLineNumber:1,startColumn:1,startLineNumber:1),source:1),l:'5',n:'0',o:'+x86-64+clang+18.1.0+(Editor+%231)',t:'0')),header:(),k:33.333333333333336,l:'4',m:100,n:'0',o:'',s:0,t:'0'),(g:!((h:output,i:(compilerName:'x86-64+clang+18.1.0',editorid:1,fontScale:14,fontUsePx:'0',j:1,wrap:'1'),l:'5',n:'0',o:'Output+of+x86-64+clang+18.1.0+(Compiler+%231)',t:'0')),j:__glMaximised,k:33.33333333333333,l:'4',n:'0',o:'',s:0,t:'0')),l:'2',n:'0',o:'',t:'0')),version:4

I know I can avoid the crash if I put in a definition for h or enable sse2 instructions, I'm not looking for how to work around the crash, just reporting it so it can be fixed, as in my actual non-reduced program figuring out how to work around the crash is much less obvious.

[cygao90]

Related to #29774