[cfe-dev] Debugging Clang Static Analyzer segfault (clang 3.2)

Gábor Kozár kozargabor at gmail.com
Mon Apr 29 05:15:55 PDT 2013 

Hi,

I wrote a custom checker based on SimpleStreamChecker for the Clang Static
Analyzer. I'm using clang version 3.2.

Upon running /.../llvm-3.2/build/bin/clang++ testfile.cpp -std=c++11
-Xclang -analyze -Xclang -analyzer-checker=mychecker, I get the following:

0  clang-3.2       0x0000000001b8a52c
1  clang-3.2       0x0000000001b8a21c
2  libpthread.so.0 0x00007f577ad715d0
3  clang-3.2       0x000000000291903c
4  clang-3.2       0x00000000029193f1
5  clang-3.2       0x000000000291ada1
6  clang-3.2       0x000000000298b9dc
7  clang-3.2       0x0000000002987223
8  clang-3.2       0x00000000029894b9
9  clang-3.2       0x00000000029872dd
clang::ento::CheckerManager::runCheckersForCallEvent(bool,
clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNodeSet const&,
clang::ento::CallEvent const&, clang::ento::ExprEngine&, bool) + 159
10 clang-3.2       0x00000000029c8736
11 clang-3.2       0x00000000029cb0db
clang::ento::ExprEngine::evalCall(clang::ento::ExplodedNodeSet&,
clang::ento::ExplodedNode*, clang::ento::CallEvent const&) + 127
12 clang-3.2       0x00000000029cafbd
clang::ento::ExprEngine::VisitCallExpr(clang::CallExpr const*,
clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) + 397
13 clang-3.2       0x00000000029b1163
clang::ento::ExprEngine::Visit(clang::Stmt const*,
clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) + 3785
14 clang-3.2       0x00000000029af477
clang::ento::ExprEngine::ProcessStmt(clang::CFGStmt,
clang::ento::ExplodedNode*) + 523
15 clang-3.2       0x00000000029ae9b7
clang::ento::ExprEngine::processCFGElement(clang::CFGElement,
clang::ento::ExplodedNode*, unsigned int, clang::ento::NodeBuilderContext*)
+ 205
16 clang-3.2       0x000000000299d85c
clang::ento::CoreEngine::HandlePostStmt(clang::CFGBlock const*, unsigned
int, clang::ento::ExplodedNode*) + 282
17 clang-3.2       0x000000000299cb40
clang::ento::CoreEngine::dispatchWorkItem(clang::ento::ExplodedNode*,
clang::ProgramPoint, clang::ento::WorkListUnit const&) + 630
18 clang-3.2       0x000000000299c838
clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*,
unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>) +
918
19 clang-3.2       0x00000000027fa752
20 clang-3.2       0x00000000027d9bd1
21 clang-3.2       0x00000000027d9ce2
22 clang-3.2       0x00000000027d99c9
23 clang-3.2       0x00000000027d8f9a
24 clang-3.2       0x00000000027d92b7
25 clang-3.2       0x0000000001f08c21 clang::ParseAST(clang::Sema&, bool,
bool) + 786
26 clang-3.2       0x0000000001e2427c
clang::ASTFrontendAction::ExecuteAction() + 298
27 clang-3.2       0x0000000001e23e97 clang::FrontendAction::Execute() + 197
28 clang-3.2       0x0000000001e00bbb
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) + 717
29 clang-3.2       0x0000000001b8f09d
clang::ExecuteCompilerInvocation(clang::CompilerInstance*) + 1054
30 clang-3.2       0x0000000000d0138c cc1_main(char const**, char const**,
char const*, void*) + 678
31 clang-3.2       0x0000000000cfb1d3 main + 508
32 libc.so.6       0x00007f577a2a9bc6 __libc_start_main + 230
33 clang-3.2       0x0000000000cf9879
Stack dump:
0.    Program arguments:
/home/ekozgbo/work/dev/llvm-3.2/build/bin/clang-3.2 -cc1 -triple
x86_64-unknown-linux-gnu -emit-obj -mrelax-all -disable-free
-main-file-name t2.cpp -mrelocation-model static -mdisable-fp-elim
-fmath-errno -masm-verbose -mconstructor-aliases -munwind-tables
-target-cpu x86-64 -momit-leaf-frame-pointer -resource-dir
/home/ekozgbo/work/dev/llvm-3.2/build/bin/../lib/clang/3.2
-fmodule-cache-path /var/tmp/clang-module-cache -internal-isystem
/usr/lib64/gcc/x86_64-suse-linux/4.3/../../../../include/c++/4.3
-internal-isystem
/usr/lib64/gcc/x86_64-suse-linux/4.3/../../../../include/c++/4.3/x86_64-suse-linux
-internal-isystem
/usr/lib64/gcc/x86_64-suse-linux/4.3/../../../../include/c++/4.3/backward
-internal-isystem /usr/local/include -internal-isystem
/home/ekozgbo/work/dev/llvm-3.2/build/bin/../lib/clang/3.2/include
-internal-externc-isystem /include -internal-externc-isystem /usr/include
-std=c++11 -fdeprecated-macro -fdebug-compilation-dir
/home/ekozgbo/work/dev/test -ferror-limit 19 -fmessage-length 237
-mstackrealign -fobjc-runtime=gcc -fcxx-exceptions -fexceptions
-fdiagnostics-show-option -fcolor-diagnostics -analyze
-analyzer-checker=mychecker -o /tmp/t2-lNeYsr.o -x c++ testfile.cpp
1.    <eof> parser at end of file
2.    testfile.cpp:32:2: Error evaluating statement
3.    testfile.cpp:32:2: Error evaluating statement
clang-3: error: unable to execute command: Segmentation fault
clang-3: error: clang frontend command failed due to signal (use -v to see
invocation)
clang version 3.2 (tags/RELEASE_32/final 180012)
Target: x86_64-unknown-linux-gnu
Thread model: posix
clang-3: note: diagnostic msg: PLEASE submit a bug report to
http://llvm.org/bugs/ and include the crash backtrace, preprocessed source,
and associated run script.
clang-3: error: unable to execute command: Segmentation fault
clang-3: note: diagnostic msg: Error generating preprocessed source(s).

I'm fairly certain the issue is in my checker code, but I have no idea how
to debug it. Clang seems to handle the segfault on its own, so I can't
really do much with gdb.
So how can I debug this issue? (Apart from the llvm::errs() or std::cout
solution.)

The only changes I made to clang 3.2 is that I compile it with C++11, and
of course I added two custom checkers. Oh and I'm also linking the static
analyzer with libASTMatchers. So far I haven't had any issues, although the
previous checker was much simpler.

Any help would be greatly appreciated.

Gabor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20130429/e2d5582a/attachment.html>

More information about the cfe-dev mailing list