[LLVMbugs] [Bug 8419] New: 'clang --analyze' crashes when ref value returned by operator[] is '&='ed

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Tue Oct 19 14:32:27 PDT 2010


           Summary: 'clang --analyze' crashes when ref value returned by
                    operator[] is '&='ed
           Product: clang
           Version: trunk
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P
         Component: Static Analyzer
        AssignedTo: kremenek at apple.com
        ReportedBy: zhanyong.wan at gmail.com
                CC: llvmbugs at cs.uiuc.edu

This works fine:

$ cat test1.cc
class String1 {
  char& get(int n);

void Test1() {
  String1 s;
  s.get(0) = 1;
  s.get(0) &= 1;

$ clang --analyze test1.cc

This crashes:

$ cat test2.cc
class String2 {
  char& operator[](int n);

void Test2() {
  String2 s;
  s[0] = 1;
  s[0] &= 1;  // crashes 'clang --analyze'

$ clang --analyze test2.cc
0  clang           0x00000000010883d0
1  clang           0x0000000001088dca
2  libpthread.so.0 0x00007f224a7d2580
3  clang           0x000000000111d630 typeinfo for clang::SymIntExpr + 0
Stack dump:
0.      Program arguments: clang -cc1 -triple x86_64-unknown-linux-gnu -analyze
-disable-free -disable-llvm-verifier -main-file-name test2.cc
-analyzer-store=region -analyzer-opt-analyze-nested-blocks
-analyzer-check-dead-stores -analyzer-check-objc-mem -analyzer-eagerly-assume
-analyzer-check-objc-methodsigs -analyzer-check-objc-unused-ivars
-analyzer-check-idempotent-operations -analyzer-output plist -w
-mrelocation-model static -mdisable-fp-elim -mconstructor-aliases
-munwind-tables -target-cpu x86-64 -resource-dir clang/lib/clang/2.0
-ferror-limit 19 -fmessage-length 253 -fexceptions -fgnu-runtime
-fdiagnostics-show-option -fcolor-diagnostics -o test2.plist -x c++ test2.cc
1.      <eof> parser at end of file
2.      test2.cc:9:3: Error evaluating statement
3.      test2.cc:9:3: Error evaluating statement
clang: error: clang frontend command failed due to signal 4 (use -v to see

where line 9 is the "&=" line.

Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the llvm-bugs mailing list