[llvm-bugs] [Bug 36533] New: Assertion "isa<> used on a null pointer" triggered

via llvm-bugs llvm-bugs at lists.llvm.org
Tue Feb 27 03:10:25 PST 2018 

https://bugs.llvm.org/show_bug.cgi?id=36533

            Bug ID: 36533
           Summary: Assertion "isa<> used on a null pointer" triggered
           Product: clang
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Keywords: regression
          Severity: enhancement
          Priority: P
         Component: Static Analyzer
          Assignee: dcoughlin at apple.com
          Reporter: v.reichelt at netcologne.de
                CC: llvm-bugs at lists.llvm.org

The following code snippet triggers an assertion in the analyzer,
i.e. runnning "clang++ --analyze -c bug.cc" results in a crash:

============================================================================
struct A
{
  virtual ~A();
  A* next();
};

A* get(A* p) { return p; }

struct B : A
{
  A* foo(B* p) { delete p; return get(next() ? next() : 0)->next(); }
};
============================================================================

clang-7.0: /tmp/LLVM/llvm/include/llvm/Support/Casting.h:106: static bool
llvm::isa_impl_cl<To, const From*>::doit(const From*) [with To =
clang::FunctionDecl; From = clang::Decl]: Assertion `Val && "isa<> used on a
null pointer"' failed.
#0 0x00000000020c10ea llvm::sys::PrintStackTrace(llvm::raw_ostream&)
(/LLVM-trunk-326181/bin/clang-7.0+0x20c10ea)
#1 0x00000000020bee26 llvm::sys::RunSignalHandlers()
(/LLVM-trunk-326181/bin/clang-7.0+0x20bee26)
#2 0x00000000020bf195 SignalHandler(int)
(/LLVM-trunk-326181/bin/clang-7.0+0x20bf195)
#3 0x00007fd8fa119100 __restore_rt (/lib64/libpthread.so.0+0xf100)
#4 0x00007fd8f8c965f7 __GI_raise (/lib64/libc.so.6+0x355f7)
#5 0x00007fd8f8c97ce8 __GI_abort (/lib64/libc.so.6+0x36ce8)
#6 0x00007fd8f8c8f566 __assert_fail_base (/lib64/libc.so.6+0x2e566)
#7 0x00007fd8f8c8f612 (/lib64/libc.so.6+0x2e612)
#8 0x000000000399bb16 bool llvm::isa<clang::ento::FieldRegion,
clang::ento::MemRegion const*>(clang::ento::MemRegion const* const&) [clone
.isra.350] [clone .part.351] (/LLVM-trunk-326181/bin/clang-7.0+0x399bb16)
#9 0x00000000039a210d (/LLVM-trunk-326181/bin/clang-7.0+0x39a210d)
#10 0x0000000003995cbb
clang::ento::GRBugReporter::generatePathDiagnostic(clang::ento::PathDiagnostic&,
clang::ento::PathDiagnosticConsumer&, llvm::ArrayRef<clang::ento::BugReport*>&)
(/LLVM-trunk-326181/bin/clang-7.0+0x3995cbb)
#11 0x00000000039996c0
clang::ento::BugReporter::FlushReport(clang::ento::BugReport*,
clang::ento::PathDiagnosticConsumer&, llvm::ArrayRef<clang::ento::BugReport*>)
(/LLVM-trunk-326181/bin/clang-7.0+0x39996c0)
#12 0x000000000399a05b
clang::ento::BugReporter::FlushReport(clang::ento::BugReportEquivClass&)
(/LLVM-trunk-326181/bin/clang-7.0+0x399a05b)
#13 0x000000000399af27 clang::ento::BugReporter::FlushReports()
(/LLVM-trunk-326181/bin/clang-7.0+0x399af27)
#14 0x0000000002f0618b (anonymous
namespace)::AnalysisConsumer::ActionExprEngine(clang::Decl*, bool,
clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*,
llvm::DenseMapInfo<clang::Decl const*> >*) [clone .part.4623]
(/LLVM-trunk-326181/bin/clang-7.0+0x2f0618b)
#15 0x0000000002f0694b (anonymous
namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int,
clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*,
llvm::DenseMapInfo<clang::Decl const*> >*)
(/LLVM-trunk-326181/bin/clang-7.0+0x2f0694b)
#16 0x0000000002f18d5a (anonymous
namespace)::AnalysisConsumer::runAnalysisOnTranslationUnit(clang::ASTContext&)
(/LLVM-trunk-326181/bin/clang-7.0+0x2f18d5a)
#17 0x0000000002f19aeb (anonymous
namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&)
(/LLVM-trunk-326181/bin/clang-7.0+0x2f19aeb)
#18 0x0000000002f46f29 clang::ParseAST(clang::Sema&, bool, bool)
(/LLVM-trunk-326181/bin/clang-7.0+0x2f46f29)
#19 0x00000000026bfdce clang::FrontendAction::Execute()
(/LLVM-trunk-326181/bin/clang-7.0+0x26bfdce)
#20 0x000000000268826e
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
(/LLVM-trunk-326181/bin/clang-7.0+0x268826e)
#21 0x0000000002769a5b
clang::ExecuteCompilerInvocation(clang::CompilerInstance*)
(/LLVM-trunk-326181/bin/clang-7.0+0x2769a5b)
#22 0x00000000008979b8 cc1_main(llvm::ArrayRef<char const*>, char const*,
void*) (/LLVM-trunk-326181/bin/clang-7.0+0x8979b8)
#23 0x000000000081cf3b main (/LLVM-trunk-326181/bin/clang-7.0+0x81cf3b)
#24 0x00007fd8f8c82b15 __libc_start_main (/lib64/libc.so.6+0x21b15)
#25 0x0000000000894c09 _start (/LLVM-trunk-326181/bin/clang-7.0+0x894c09)

This is a recent regression on the trunk: Revision 325473 was OK,
revision 326070 crashes.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20180227/8e3914ac/attachment-0001.html>

More information about the llvm-bugs mailing list