[llvm-bugs] [Bug 44295] New: Crash in CStringChecker
via llvm-bugs
llvm-bugs at lists.llvm.org
Fri Dec 13 08:40:40 PST 2019
https://bugs.llvm.org/show_bug.cgi?id=44295
Bug ID: 44295
Summary: Crash in CStringChecker
Product: clang
Version: trunk
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P
Component: Static Analyzer
Assignee: dcoughlin at apple.com
Reporter: xazax.hun at gmail.com
CC: dcoughlin at apple.com, llvm-bugs at lists.llvm.org
Created attachment 22934
--> https://bugs.llvm.org/attachment.cgi?id=22934&action=edit
Preprocessed file for reproducing the crash.
This is the stacktrace:
#0 __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007ffff708d8ad in __GI_abort () at abort.c:79
#2 0x00007ffff708d77f in __assert_fail_base (fmt=0x7ffff71efbc0 "%s%s%s:%u:
%s%sAssertion `%s' failed.\n%n", assertion=0x322220 "hasVal", file=0x341355
"/usr/local/google/home/xazax/LLVM/llvm/include/llvm/ADT/Optional.h", line=173,
function=<optimized out>) at assert.c:92
#3 0x00007ffff709b542 in __GI___assert_fail (assertion=0x322220 "hasVal",
file=0x341355
"/usr/local/google/home/xazax/LLVM/llvm/include/llvm/ADT/Optional.h", line=173,
function=0x598ff5 "T
&llvm::optional_detail::OptionalStorage<clang::ento::NonLoc, true>::getValue()
& [T = clang::ento::NonLoc]") at assert.c:101
#4 0x00000000036be8ed in (anonymous
namespace)::CStringChecker::evalStrcpyCommon (this=<optimized out>, C=...,
CE=0x4e05e70, ReturnEnd=false, IsBounded=true, appendK=(anonymous
namespace)::ConcatFnKind::strlcat, returnPtr=<optimized out>)
at clang/include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h:104
#5 0x00000000036b657b in (anonymous namespace)::CStringChecker::evalStrlcat
(this=0x2, C=..., CE=0x0) at
clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp:1527
#6 0x00000000036c11f2 in (anonymous namespace)::CStringChecker::evalCall
(this=<optimized out>, Call=..., C=...) at
clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp:2297
#7 clang::ento::eval::Call::_evalCall<(anonymous namespace)::CStringChecker>
(checker=<optimized out>, Call=..., C=...) at
clang/include/clang/StaticAnalyzer/Core/Checker.h:479
#8 0x000000000392d9b3 in clang::ento::CheckerFn<bool (clang::ento::CallEvent
const&, clang::ento::CheckerContext&)>::operator()(clang::ento::CallEvent
const&, clang::ento::CheckerContext&) const (this=<optimized out>, ps=...,
ps=...)
at clang/include/clang/StaticAnalyzer/Core/CheckerManager.h:69
#9 clang::ento::CheckerManager::runCheckersForEvalCall (this=0x4ce6da0,
Dst=..., Src=..., Call=..., Eng=...) at
clang/lib/StaticAnalyzer/Core/CheckerManager.cpp:674
#10 0x000000000396a09e in clang::ento::ExprEngine::evalCall
(this=0x7fffffffae98, Dst=..., Pred=<optimized out>, Call=...) at
clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp:587
#11 0x0000000003969e24 in clang::ento::ExprEngine::VisitCallExpr
(this=0x7fffffffae98, CE=0x4e05e70, Pred=<optimized out>, dst=...) at
clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp:514
#12 0x0000000003949fec in clang::ento::ExprEngine::Visit (this=0x7fffffffae98,
S=0x4e05e70, Pred=0x4ecfdc8, DstTop=...) at
clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:1603
#13 0x00000000039465a4 in clang::ento::ExprEngine::ProcessStmt
(this=0x7fffffffae98, currStmt=<optimized out>, Pred=<optimized out>) at
clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:791
#14 0x00000000039461f9 in clang::ento::ExprEngine::processCFGElement
(this=0x7fffffffae98, E=..., Pred=0x4ed0110, StmtIdx=11, Ctx=0x7fffffffacb0) at
clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:637
#15 0x0000000003933b41 in clang::ento::CoreEngine::HandlePostStmt
(this=<optimized out>, B=<optimized out>, StmtIdx=0, Pred=0x7ffff70a2cfb
<__GI_raise+267>) at clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:467
#16 0x0000000003932bc9 in clang::ento::CoreEngine::ExecuteWorkList
(this=0x7fffffffaeb8, L=<optimized out>, Steps=218621, InitState=...) at
clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:148
#17 0x000000000368dced in clang::ento::ExprEngine::ExecuteWorkList
(this=0x7fffffffae98, L=0x0, Steps=0) at
clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h:168
#18 (anonymous namespace)::AnalysisConsumer::RunPathSensitiveChecks
(this=0x4ce6710, D=0x4df7ba8, IMode=clang::ento::ExprEngine::Inline_Regular,
VisitedCallees=0x7fffffffb200) at
clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:818
#19 (anonymous namespace)::AnalysisConsumer::HandleCode (this=0x4ce6710,
D=0x4df7ba8, Mode=2, IMode=clang::ento::ExprEngine::Inline_Regular,
VisitedCallees=<optimized out>) at
clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:791
#20 0x0000000003670457 in (anonymous
namespace)::AnalysisConsumer::HandleDeclsCallGraph (this=0x4ce6710,
LocalTUDeclsSize=<optimized out>) at
clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:580
#21 (anonymous namespace)::AnalysisConsumer::runAnalysisOnTranslationUnit
(this=0x4ce6710, C=...) at
clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:631
#22 (anonymous namespace)::AnalysisConsumer::HandleTranslationUnit
(this=0x4ce6710, C=...) at
clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:661
#23 0x00000000039e6e93 in clang::ParseAST (S=..., PrintStats=<optimized out>,
SkipFunctionBodies=<optimized out>) at clang/lib/Parse/ParseAST.cpp:171
#24 0x0000000002fbccd1 in clang::FrontendAction::Execute (this=0x4cc62f0) at
clang/lib/Frontend/FrontendAction.cpp:936
#25 0x0000000002f381c3 in clang::CompilerInstance::ExecuteAction
(this=0x4cbd8e0, Act=...) at clang/lib/Frontend/CompilerInstance.cpp:965
#26 0x0000000003052795 in clang::ExecuteCompilerInvocation (Clang=<optimized
out>) at clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:290
#27 0x000000000169ec27 in cc1_main (Argv=..., Argv0=0x7fffffffd744
"/usr/local/google/home/xazax/LLVM/build/bin/clang", MainAddr=0x1699c20
<GetExecutablePath(char const*, bool)>) at clang/tools/driver/cc1_main.cpp:250
#28 0x000000000169ca20 in ExecuteCC1Tool (argv=..., Tool=...) at
clang/tools/driver/driver.cpp:309
#29 main (argc_=<optimized out>, argv_=<optimized out>) at
clang/tools/driver/driver.cpp:382
I attached a preprocessed file. Using --analyze on it reproduces the crash for
me.
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20191213/e2012ee2/attachment.html>
More information about the llvm-bugs
mailing list