<div dir="ltr">No worries. If it takes a while to analyze, please revert while you you investigate, to keep trunk green.</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Aug 21, 2019 at 10:29 PM Csaba Dabis via Phabricator via cfe-commits <<a href="mailto:cfe-commits@lists.llvm.org">cfe-commits@lists.llvm.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Charusso added a comment.<br>
<br>
     return C.getNoteTag(<br>
  -      [=] {<br>
  +      [=]() -> std::string {<br>
           SmallString<128> Msg;<br>
<br>
That was the fix by rL369609 <<a href="https://reviews.llvm.org/rL369609" rel="noreferrer" target="_blank">https://reviews.llvm.org/rL369609</a>>. Somehow it converted to a temporary object therefore that was an issue:<br>
<br>
  [175/176] Running the Clang regression tests<br>
  llvm-lit: /b/sanitizer-x86_64-linux-fast/build/llvm/utils/lit/lit/llvm/config.py:340: note: using clang: /b/sanitizer-x86_64-linux-fast/build/llvm_build_asan/bin/clang<br>
  -- Testing: 15399 tests, 64 threads --<br>
  Testing: 0 <br>
  FAIL: Clang :: Analysis/cast-value-notes.cpp (355 of 15399)<br>
  ******************** TEST 'Clang :: Analysis/cast-value-notes.cpp' FAILED ********************<br>
  Script:<br>
  --<br>
  : 'RUN: at line 1';   /b/sanitizer-x86_64-linux-fast/build/llvm_build_asan/bin/clang -cc1 -internal-isystem /b/sanitizer-x86_64-linux-fast/build/llvm_build_asan/lib/clang/10.0.0/include -nostdsysteminc -analyze -analyzer-constraints=range   -analyzer-checker=core,apiModeling.llvm.CastValue   -analyzer-output=text -verify /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/test/Analysis/cast-value-notes.cpp<br>
  --<br>
  Exit Code: 1<br>
<br>
  Command Output (stderr):<br>
  --<br>
  =================================================================<br>
  ==43337==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7fa639ecfa30 at pc 0x000000c7ac85 bp 0x7fff83887490 sp 0x7fff83886c40<br>
  READ of size 19 at 0x7fa639ecfa30 thread T0<br>
      #0 0xc7ac84 in __asan_memcpy /b/sanitizer-x86_64-linux-fast/build/llvm/projects/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cc:22<br>
      #1 0xa328415 in copy /b/sanitizer-x86_64-linux-fast/build/libcxx_build_asan/include/c++/v1/__string:225:50<br>
      #2 0xa328415 in __init /b/sanitizer-x86_64-linux-fast/build/libcxx_build_asan/include/c++/v1/string:1792<br>
      #3 0xa328415 in basic_string /b/sanitizer-x86_64-linux-fast/build/libcxx_build_asan/include/c++/v1/string:1813<br>
      #4 0xa328415 in str /b/sanitizer-x86_64-linux-fast/build/llvm/include/llvm/ADT/StringRef.h:220<br>
      #5 0xa328415 in operator basic_string /b/sanitizer-x86_64-linux-fast/build/llvm/include/llvm/ADT/StringRef.h:247<br>
      #6 0xa328415 in __call<(lambda at /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/lib/StaticAnalyzer/Checkers/CastValueChecker.cpp:113:7) &> /b/sanitizer-x86_64-linux-fast/build/libcxx_build_asan/include/c++/v1/__functional_base:317<br>
      #7 0xa328415 in operator() /b/sanitizer-x86_64-linux-fast/build/libcxx_build_asan/include/c++/v1/functional:1540<br>
      #8 0xa328415 in std::__1::__function::__func<getNoteTag(clang::ento::CheckerContext&, clang::ento::DynamicCastInfo const*, clang::QualType, clang::Expr const*, bool, bool)::$_0, std::__1::allocator<getNoteTag(clang::ento::CheckerContext&, clang::ento::DynamicCastInfo const*, clang::QualType, clang::Expr const*, bool, bool)::$_0>, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > ()>::operator()() /b/sanitizer-x86_64-linux-fast/build/libcxx_build_asan/include/c++/v1/functional:1714<br>
      #9 0xa32751d in operator() /b/sanitizer-x86_64-linux-fast/build/libcxx_build_asan/include/c++/v1/functional:1867:16<br>
      #10 0xa32751d in operator() /b/sanitizer-x86_64-linux-fast/build/libcxx_build_asan/include/c++/v1/functional:2473<br>
      #11 0xa32751d in operator() /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/include/clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h:259<br>
      #12 0xa32751d in __invoke<(lambda at /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/include/clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h:259:23) &, clang::ento::BugReporterContext &, clang::ento::BugReport &> /b/sanitizer-x86_64-linux-fast/build/libcxx_build_asan/include/c++/v1/type_traits:3501<br>
      #13 0xa32751d in __call<(lambda at /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/include/clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h:259:23) &, clang::ento::BugReporterContext &, clang::ento::BugReport &> /b/sanitizer-x86_64-linux-fast/build/libcxx_build_asan/include/c++/v1/__functional_base:317<br>
      #14 0xa32751d in operator() /b/sanitizer-x86_64-linux-fast/build/libcxx_build_asan/include/c++/v1/functional:1540<br>
      #15 0xa32751d in std::__1::__function::__func<clang::ento::CheckerContext::getNoteTag(std::__1::function<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > ()>&&, bool)::'lambda'(clang::ento::BugReporterContext&, clang::ento::BugReport&), std::__1::allocator<clang::ento::CheckerContext::getNoteTag(std::__1::function<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > ()>&&, bool)::'lambda'(clang::ento::BugReporterContext&, clang::ento::BugReport&)>, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > (clang::ento::BugReporterContext&, clang::ento::BugReport&)>::operator()(clang::ento::BugReporterContext&, clang::ento::BugReport&) /b/sanitizer-x86_64-linux-fast/build/libcxx_build_asan/include/c++/v1/functional:1714<br>
      #16 0xa990926 in operator() /b/sanitizer-x86_64-linux-fast/build/libcxx_build_asan/include/c++/v1/functional:1867:16<br>
      #17 0xa990926 in operator() /b/sanitizer-x86_64-linux-fast/build/libcxx_build_asan/include/c++/v1/functional:2473<br>
      #18 0xa990926 in generateMessage /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/include/clang/StaticAnalyzer/Core/BugReporter/BugReporter.h:572<br>
      #19 0xa990926 in clang::ento::TagVisitor::VisitNode(clang::ento::ExplodedNode const*, clang::ento::BugReporterContext&, clang::ento::BugReport&) /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp:2879<br>
      #20 0xa94b59f in generateVisitorsDiagnostics(clang::ento::BugReport*, clang::ento::ExplodedNode const*, clang::ento::BugReporterContext&) /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporter.cpp:2634:19<br>
      #21 0xa9417b3 in findValidReport /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporter.cpp:2674:9<br>
      #22 0xa9417b3 in clang::ento::PathSensitiveBugReporter::generatePathDiagnostics(llvm::ArrayRef<clang::ento::PathDiagnosticConsumer*>, llvm::ArrayRef<clang::ento::BugReport*>&) /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporter.cpp:2708<br>
      #23 0xa948006 in clang::ento::BugReporter::generateDiagnosticForConsumerMap(clang::ento::BugReport*, llvm::ArrayRef<clang::ento::PathDiagnosticConsumer*>, llvm::ArrayRef<clang::ento::BugReport*>) /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporter.cpp:3032:5<br>
      #24 0xa93c090 in clang::ento::BugReporter::FlushReport(clang::ento::BugReportEquivClass&) /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporter.cpp:2893:7<br>
      #25 0xa93a72e in clang::ento::BugReporter::FlushReports() /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporter.cpp:2308:5<br>
      #26 0xa23ec21 in RunPathSensitiveChecks /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:816:24<br>
      #27 0xa23ec21 in (anonymous namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int, clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*, llvm::DenseMapInfo<clang::Decl const*> >*) /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:774<br>
      #28 0xa1f6203 in HandleDeclsCallGraph /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:556:5<br>
      #29 0xa1f6203 in runAnalysisOnTranslationUnit /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:607<br>
      #30 0xa1f6203 in (anonymous namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&) /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:637<br>
      #31 0xad37ae0 in clang::ParseAST(clang::Sema&, bool, bool) /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/lib/Parse/ParseAST.cpp:171:13<br>
      #32 0x7ad09b9 in clang::FrontendAction::Execute() /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/lib/Frontend/FrontendAction.cpp:935:8<br>
      #33 0x79ae417 in clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/lib/Frontend/CompilerInstance.cpp:946:33<br>
      #34 0x7d27c53 in clang::ExecuteCompilerInvocation(clang::CompilerInstance*) /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:291:25<br>
      #35 0xcc5084 in cc1_main(llvm::ArrayRef<char const*>, char const*, void*) /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/tools/driver/cc1_main.cpp:250:15<br>
      #36 0xcbcadc in ExecuteCC1Tool /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/tools/driver/driver.cpp:309:12<br>
      #37 0xcbcadc in main /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/tools/driver/driver.cpp:381<br>
      #38 0x7fa63d18f2e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)<br>
      #39 0xbed7c9 in _start (/b/sanitizer-x86_64-linux-fast/build/llvm_build_asan/bin/clang-10+0xbed7c9)<br>
<br>
  Address 0x7fa639ecfa30 is located in stack of thread T0 at offset 48 in frame<br>
      #0 0xa32780f in std::__1::__function::__func<getNoteTag(clang::ento::CheckerContext&, clang::ento::DynamicCastInfo const*, clang::QualType, clang::Expr const*, bool, bool)::$_0, std::__1::allocator<getNoteTag(clang::ento::CheckerContext&, clang::ento::DynamicCastInfo const*, clang::QualType, clang::Expr const*, bool, bool)::$_0>, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > ()>::operator()() /b/sanitizer-x86_64-linux-fast/build/libcxx_build_asan/include/c++/v1/functional:1713<br>
<br>
    This frame has 4 object(s):<br>
      [32, 176) 'Msg.i.i.i.i' <== Memory access at offset 48 is inside this variable<br>
      [240, 288) 'Out.i.i.i.i'<br>
      [320, 344) 'ref.tmp.i.i.i.i'<br>
      [384, 408) 'ref.tmp14.i.i.i.i'<br>
  HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork<br>
        (longjmp and C++ exceptions *are* supported)<br>
  SUMMARY: AddressSanitizer: stack-use-after-scope /b/sanitizer-x86_64-linux-fast/build/llvm/projects/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cc:22 in __asan_memcpy<br>
  Shadow bytes around the buggy address:<br>
    0x0ff5473d1ef0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5<br>
    0x0ff5473d1f00: f1 f1 f1 f1 00 00 00 f2 f2 f2 f2 f2 00 00 00 00<br>
    0x0ff5473d1f10: f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2 f8 f8 f8 f8<br>
    0x0ff5473d1f20: f8 f8 f8 f8 f3 f3 f3 f3 00 00 00 00 00 00 00 00<br>
    0x0ff5473d1f30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00<br>
  =>0x0ff5473d1f40: f1 f1 f1 f1 f8 f8[f8]f8 f8 f8 f8 f8 f8 f8 f8 f8<br>
    0x0ff5473d1f50: f8 f8 f8 f8 f8 f8 f2 f2 f2 f2 f2 f2 f2 f2 f8 f8<br>
    0x0ff5473d1f60: f8 f8 f8 f8 f2 f2 f2 f2 f8 f8 f8 f2 f2 f2 f2 f2<br>
    0x0ff5473d1f70: f8 f8 f8 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00<br>
    0x0ff5473d1f80: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5<br>
    0x0ff5473d1f90: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5<br>
  Shadow byte legend (one shadow byte represents 8 application bytes):<br>
    Addressable:           00<br>
    Partially addressable: 01 02 03 04 05 06 07 <br>
    Heap left redzone:       fa<br>
    Freed heap region:       fd<br>
    Stack left redzone:      f1<br>
    Stack mid redzone:       f2<br>
    Stack right redzone:     f3<br>
    Stack after return:      f5<br>
    Stack use after scope:   f8<br>
    Global redzone:          f9<br>
    Global init order:       f6<br>
    Poisoned by user:        f7<br>
    Container overflow:      fc<br>
    Array cookie:            ac<br>
    Intra object redzone:    bb<br>
    ASan internal:           fe<br>
    Left alloca redzone:     ca<br>
    Right alloca redzone:    cb<br>
    Shadow gap:              cc<br>
  ==43337==ABORTING<br>
<br>
  --<br>
<br>
Thanks for your notes! Also @xazax.hun may you are interested in this lifetime issue.<br>
<br>
<br>
Repository:<br>
  rL LLVM<br>
<br>
CHANGES SINCE LAST ACTION<br>
  <a href="https://reviews.llvm.org/D66325/new/" rel="noreferrer" target="_blank">https://reviews.llvm.org/D66325/new/</a><br>
<br>
<a href="https://reviews.llvm.org/D66325" rel="noreferrer" target="_blank">https://reviews.llvm.org/D66325</a><br>
<br>
<br>
<br>
_______________________________________________<br>
cfe-commits mailing list<br>
<a href="mailto:cfe-commits@lists.llvm.org" target="_blank">cfe-commits@lists.llvm.org</a><br>
<a href="https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits" rel="noreferrer" target="_blank">https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits</a><br>
</blockquote></div>