<html>
<head>
<base href="https://llvm.org/bugs/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW --- - Assertion UNREACHABLE: "Unexpected ProgramPoint" with widen-loops=true"
href="https://llvm.org/bugs/show_bug.cgi?id=25609">25609</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>Assertion UNREACHABLE: "Unexpected ProgramPoint" with widen-loops=true
</td>
</tr>
<tr>
<th>Product</th>
<td>clang
</td>
</tr>
<tr>
<th>Version</th>
<td>trunk
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>Static Analyzer
</td>
</tr>
<tr>
<th>Assignee</th>
<td>kremenek@apple.com
</td>
</tr>
<tr>
<th>Reporter</th>
<td>eveson.sean@gmail.com
</td>
</tr>
<tr>
<th>CC</th>
<td>llvm-bugs@lists.llvm.org
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr></table>
<p>
<div>
<pre>The Analyzer crashes on the following test case with widen-loops=true:
$ cat test.c
int *p;
void bar();
void foo() {
if (p == 0)
bar();
for (int i = 0; i < 99; i++) {}
int x = p[0];
}
$ clang -cc1 -analyze -analyzer-config widen-loops=true test.c
Unexpected ProgramPoint
UNREACHABLE executed at
llvm/tools/clang/lib/StaticAnalyzer/Core/PathDiagnostic.cpp:688!
In the test case the problem occurs when trying to report a null dereference on
the last line of 'foo'.
The issue seems to happen when the FindLastStoreBRVisitor looks for the point
at which an SVal last changed. In this case the pointer 'p' was last changed
when the loop was widened (on block entrance). This causes the assertion when
trying to create a PathDiagnosticLocation, since the ProgramPoint being a
BlockEntrance is not an expected case.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>