[llvm-bugs] [Bug 32229] New: Analyzer: Repeatable RegionStore.cpp assertion failure "!B.lookup(R, BindingKey::Direct)'

via llvm-bugs llvm-bugs at lists.llvm.org
Fri Mar 10 14:04:58 PST 2017 

https://bugs.llvm.org/show_bug.cgi?id=32229

            Bug ID: 32229
           Summary: Analyzer: Repeatable RegionStore.cpp assertion failure
                    "!B.lookup(R, BindingKey::Direct)'
           Product: clang
           Version: unspecified
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: -New Bugs
          Assignee: unassignedclangbugs at nondot.org
          Reporter: marshallk at google.com
                CC: llvm-bugs at lists.llvm.org

Created attachment 18077
  --> https://bugs.llvm.org/attachment.cgi?id=18077&action=edit
Archive of generated trace log .cpp and .sh

Encountered this failure while analyzing base/trace_event/trace_log.cc in the
Chromium codebase. Link:
https://cs.chromium.org/chromium/src/base/trace_event/trace_log.cc?q=base/trace_event/trace_log.cc&dr



clang:
/b/build/slave/linux_upload_clang/build/src/third_party/llvm/tools/clang/lib/StaticAnalyzer/Core/RegionStore.cpp:413:
virtual clang::ento::StoreRef (anonymous
namespace)::RegionStoreManager::BindDefault(Store, const clang::ento::MemRegion
*, clang::ento::SVal): Assertion `!B.lookup(R, BindingKey::Direct)' failed.
#0 0x0000000001b8d584
(/usr/local/google/home/marshallk/chrome/src/third_party/llvm-build/Release+Asserts/bin/clang+0x1b8d584)
#1 0x0000000001b8d8c6
(/usr/local/google/home/marshallk/chrome/src/third_party/llvm-build/Release+Asserts/bin/clang+0x1b8d8c6)
#2 0x00007ff40f6a7330 __restore_rt
(/lib/x86_64-linux-gnu/libpthread.so.0+0x10330)
#3 0x00007ff40e29bc37 gsignal
/build/eglibc-oGUzwX/eglibc-2.19/signal/../nptl/sysdeps/unix/sysv/linux/raise.c:56:0
#4 0x00007ff40e29f028 abort
/build/eglibc-oGUzwX/eglibc-2.19/stdlib/abort.c:91:0
#5 0x00007ff40e294bf6 __assert_fail_base
/build/eglibc-oGUzwX/eglibc-2.19/assert/assert.c:92:0
#6 0x00007ff40e294ca2 (/lib/x86_64-linux-gnu/libc.so.6+0x2fca2)
#7 0x00000000032e7348
(/usr/local/google/home/marshallk/chrome/src/third_party/llvm-build/Release+Asserts/bin/clang+0x32e7348)
#8 0x00000000032d862c clang::ento::ProgramState::bindDefault(clang::ento::SVal,
clang::ento::SVal, clang::LocationContext const*) const
(/usr/local/google/home/marshallk/chrome/src/third_party/llvm-build/Release+Asserts/bin/clang+0x32d862c)
#9 0x00000000032b5a3a
clang::ento::ExprEngine::VisitCXXConstructExpr(clang::CXXConstructExpr const*,
clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&)
(/usr/local/google/home/marshallk/chrome/src/third_party/llvm-build/Release+Asserts/bin/clang+0x32b5a3a)
#10 0x000000000329a9e6 clang::ento::ExprEngine::Visit(clang::Stmt const*,
clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&)
(/usr/local/google/home/marshallk/chrome/src/third_party/llvm-build/Release+Asserts/bin/clang+0x329a9e6)
#11 0x0000000003296d03 clang::ento::ExprEngine::ProcessStmt(clang::CFGStmt,
clang::ento::ExplodedNode*)
(/usr/local/google/home/marshallk/chrome/src/third_party/llvm-build/Release+Asserts/bin/clang+0x3296d03)
#12 0x00000000032969c7
clang::ento::ExprEngine::processCFGElement(clang::CFGElement,
clang::ento::ExplodedNode*, unsigned int, clang::ento::NodeBuilderContext*)
(/usr/local/google/home/marshallk/chrome/src/third_party/llvm-build/Release+Asserts/bin/clang+0x32969c7)
#13 0x000000000328cd6a
clang::ento::CoreEngine::HandleBlockEntrance(clang::BlockEntrance const&,
clang::ento::ExplodedNode*)
(/usr/local/google/home/marshallk/chrome/src/third_party/llvm-build/Release+Asserts/bin/clang+0x328cd6a)
#14 0x000000000328c7b7
clang::ento::CoreEngine::dispatchWorkItem(clang::ento::ExplodedNode*,
clang::ProgramPoint, clang::ento::WorkListUnit const&)
(/usr/local/google/home/marshallk/chrome/src/third_party/llvm-build/Release+Asserts/bin/clang+0x328c7b7)
#15 0x000000000328c03f
clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*,
unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>)
(/usr/local/google/home/marshallk/chrome/src/third_party/llvm-build/Release+Asserts/bin/clang+0x328c03f)
#16 0x00000000028082ad
(/usr/local/google/home/marshallk/chrome/src/third_party/llvm-build/Release+Asserts/bin/clang+0x28082ad)
#17 0x0000000002807e5e
(/usr/local/google/home/marshallk/chrome/src/third_party/llvm-build/Release+Asserts/bin/clang+0x2807e5e)
#18 0x00000000028013ea
(/usr/local/google/home/marshallk/chrome/src/third_party/llvm-build/Release+Asserts/bin/clang+0x28013ea)
#19 0x00000000020e739c
clang::MultiplexConsumer::HandleTranslationUnit(clang::ASTContext&)
(/usr/local/google/home/marshallk/chrome/src/third_party/llvm-build/Release+Asserts/bin/clang+0x20e739c)
#20 0x0000000002834d56 clang::ParseAST(clang::Sema&, bool, bool)
(/usr/local/google/home/marshallk/chrome/src/third_party/llvm-build/Release+Asserts/bin/clang+0x2834d56)
#21 0x00000000020c1ea8 clang::FrontendAction::Execute()
(/usr/local/google/home/marshallk/chrome/src/third_party/llvm-build/Release+Asserts/bin/clang+0x20c1ea8)
#22 0x0000000002088e31
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
(/usr/local/google/home/marshallk/chrome/src/third_party/llvm-build/Release+Asserts/bin/clang+0x2088e31)
#23 0x0000000002146dc5
clang::ExecuteCompilerInvocation(clang::CompilerInstance*)
(/usr/local/google/home/marshallk/chrome/src/third_party/llvm-build/Release+Asserts/bin/clang+0x2146dc5)
#24 0x00000000008272f8 cc1_main(llvm::ArrayRef<char const*>, char const*,
void*)
(/usr/local/google/home/marshallk/chrome/src/third_party/llvm-build/Release+Asserts/bin/clang+0x8272f8)
#25 0x0000000000825226 main
(/usr/local/google/home/marshallk/chrome/src/third_party/llvm-build/Release+Asserts/bin/clang+0x825226)
#26 0x00007ff40e286f45 __libc_start_main
/build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:321:0
#27 0x00000000008223da _start
(/usr/local/google/home/marshallk/chrome/src/third_party/llvm-build/Release+Asserts/bin/clang+0x8223da)
Stack dump:
0.      Program arguments:
/usr/local/google/home/marshallk/chrome/src/third_party/llvm-build/Release+Asserts/bin/clang
-cc1 -triple x86_64-unknown-linux-gnu -analyze -disable-free -main-file-name
trace_log.cc -analyzer-store=region -analyzer-opt-analyze-nested-blocks
-analyzer-eagerly-assume -analyzer-checker=core -analyzer-checker=apiModeling
-analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=cplusplus
-analyzer-checker=security.insecureAPI.UncheckedReturn
-analyzer-checker=security.insecureAPI.getpw
-analyzer-checker=security.insecureAPI.gets
-analyzer-checker=security.insecureAPI.mktemp
-analyzer-checker=security.insecureAPI.mkstemp
-analyzer-checker=security.insecureAPI.vfork
-analyzer-checker=nullability.NullPassedToNonnull
-analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w
-analyzer-checker=cplusplus -analyzer-opt-analyze-nested-blocks
-analyzer-eagerly-assume -analyzer-output=text -analyzer-config
suppress-c++-stdlib=true -analyzer-checker=core -analyzer-checker=unix
-analyzer-checker=deadcode -mrelocation-model pic -pic-level 2 -mthread-model
posix -mdisable-fp-elim -relaxed-aliasing -fmath-errno -masm-verbose
-mconstructor-aliases -munwind-tables -target-cpu x86-64 -dwarf-column-info
-backend-option -split-dwarf=Enable -debug-info-kind=limited
-debugger-tuning=gdb -coverage-notes-file
/usr/local/google/home/marshallk/chrome/src/out/ClangLint/obj/base/base/trace_log.gcno
-resource-dir
/usr/local/google/home/marshallk/chrome/src/third_party/llvm-build/Release+Asserts/lib/clang/5.0.0
-dependency-file obj/base/base/trace_log.o.d -MT obj/base/base/trace_log.o -D
USE_SYMBOLIZE -D V8_DEPRECATION_WARNINGS -D USE_UDEV -D
UI_COMPOSITOR_IMAGE_TRANSPORT -D USE_AURA=1 -D USE_PANGO=1 -D USE_CAIRO=1 -D
USE_GLIB=1 -D USE_NSS_CERTS=1 -D USE_X11=1 -D FULL_SAFE_BROWSING -D
SAFE_BROWSING_CSD -D SAFE_BROWSING_DB_LOCAL -D CHROMIUM_BUILD -D
ENABLE_MEDIA_ROUTER=1 -D FIELDTRIAL_TESTING_ENABLED -D
CR_CLANG_REVISION="296321-1" -D _FILE_OFFSET_BITS=64 -D _LARGEFILE_SOURCE -D
_LARGEFILE64_SOURCE -D __STDC_CONSTANT_MACROS -D __STDC_FORMAT_MACROS -D
COMPONENT_BUILD -D _DEBUG -D DYNAMIC_ANNOTATIONS_ENABLED=1 -D
WTF_USE_DYNAMIC_ANNOTATIONS=1 -D _GLIBCXX_DEBUG=1 -D BASE_IMPLEMENTATION -D
GLIB_VERSION_MAX_ALLOWED=GLIB_VERSION_2_32 -D
GLIB_VERSION_MIN_REQUIRED=GLIB_VERSION_2_26 -I ../.. -I gen -I
../../build/linux/debian_wheezy_amd64-sysroot/usr/include/glib-2.0 -I
../../build/linux/debian_wheezy_amd64-sysroot/usr/lib/x86_64-linux-gnu/glib-2.0/include
-D __DATE__= -D __TIME__= -D __TIMESTAMP__= -isysroot
../../build/linux/debian_wheezy_amd64-sysroot -internal-isystem
../../build/linux/debian_wheezy_amd64-sysroot/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../../include/c++/4.6
-internal-isystem
../../build/linux/debian_wheezy_amd64-sysroot/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../../include/c++/4.6/x86_64-linux-gnu
-internal-isystem
../../build/linux/debian_wheezy_amd64-sysroot/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../../include/c++/4.6/backward
-internal-isystem
../../build/linux/debian_wheezy_amd64-sysroot/usr/local/include
-internal-isystem
/usr/local/google/home/marshallk/chrome/src/third_party/llvm-build/Release+Asserts/lib/clang/5.0.0/include
-internal-externc-isystem
../../build/linux/debian_wheezy_amd64-sysroot/usr/include/x86_64-linux-gnu
-internal-externc-isystem ../../build/linux/debian_wheezy_amd64-sysroot/include
-internal-externc-isystem
../../build/linux/debian_wheezy_amd64-sysroot/usr/include -O0
-Wno-builtin-macro-redefined -Wall -Werror -Wextra
-Wno-missing-field-initializers -Wno-unused-parameter -Wno-c++11-narrowing
-Wno-covered-switch-default -Wno-deprecated-register
-Wno-unneeded-internal-declaration -Wno-inconsistent-missing-override
-Wno-shift-negative-value -Wno-undefined-var-template
-Wno-nonportable-include-path -Wno-address-of-packed-member
-Wno-unused-lambda-capture -Wno-user-defined-warnings -Wheader-hygiene
-Wstring-conversion -Wtautological-overlap-compare -Wno-char-subscripts
-Wexit-time-destructors -Wexit-time-destructors -Wno-undefined-bool-conversion
-Wno-tautological-undefined-compare -std=gnu++11 -fdeprecated-macro
-fdebug-compilation-dir
/usr/local/google/home/marshallk/chrome/src/out/ClangLint -ferror-limit 19
-fmessage-length 0 -fvisibility hidden -fvisibility-inlines-hidden -pthread
-stack-protector 1 -stack-protector-buffer-size 4 -fno-rtti -fobjc-runtime=gcc
-fdiagnostics-show-option -fcolor-diagnostics -load
../../third_party/llvm-build/Release+Asserts/lib/libFindBadConstructs.so
-add-plugin find-bad-constructs -plugin-arg-find-bad-constructs
check-auto-raw-pointer -plugin-arg-find-bad-constructs check-ipc -o
obj/base/base/trace_log.o -x c++ ../../base/trace_event/trace_log.cc 
1.      <eof> parser at end of file
2.      While analyzing stack: 
        #0 constexpr _Tuple_impl() : _Inherited(), _Base() {}
        #1 constexpr _Tuple_impl() : _Inherited(), _Base() {}
        #2 constexpr tuple() : _Inherited() {}
        #3 constexpr unique_ptr() : _M_t() {}
        #4 void CreateFiltersForTraceConfig()
        #5 void UpdateCategoryRegistry()
        #6 void SetEnabled(const base::trace_event::TraceConfig &trace_config,
uint8_t modes_to_enable)
3.     
../../build/linux/debian_wheezy_amd64-sysroot/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../../include/c++/4.6/tuple:158:9:
Error evaluating statement
4.     
../../build/linux/debian_wheezy_amd64-sysroot/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../../include/c++/4.6/tuple:158:9:
Error evaluating statement
clang: error: unable to execute command: Aborted (core dumped)
clang: error: clang frontend command failed due to signal (use -v to see
invocation)
clang version 5.0.0 (trunk 296321)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir:
/usr/local/google/home/marshallk/chrome/src/out/ClangLint/../../third_party/llvm-build/Release+Asserts/bin
clang: note: diagnostic msg: PLEASE submit a bug report to
http://llvm.org/bugs/ and include the crash backtrace, preprocessed source, and
associated run script.
clang: note: diagnostic msg: 
********************

PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang: note: diagnostic msg: /tmp/trace_log-76f2bf.cpp
clang: note: diagnostic msg: /tmp/trace_log-76f2bf.sh
clang: note: diagnostic msg: 

********************

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20170310/9142e0c0/attachment-0001.html>

More information about the llvm-bugs mailing list