<html>
    <head>
      <base href="https://bugs.llvm.org/">
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - Assertion "isa<> used on a null pointer" triggered"
   href="https://bugs.llvm.org/show_bug.cgi?id=36533">36533</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>Assertion "isa<> used on a null pointer" triggered
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>clang
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>trunk
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>PC
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>Linux
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Keywords</th>
          <td>regression
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>enhancement
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>Static Analyzer
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>dcoughlin@apple.com
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>v.reichelt@netcologne.de
          </td>
        </tr>

        <tr>
          <th>CC</th>
          <td>llvm-bugs@lists.llvm.org
          </td>
        </tr></table>
      <p>
        <div>
        <pre>The following code snippet triggers an assertion in the analyzer,
i.e. runnning "clang++ --analyze -c bug.cc" results in a crash:

============================================================================
struct A
{
  virtual ~A();
  A* next();
};

A* get(A* p) { return p; }

struct B : A
{
  A* foo(B* p) { delete p; return get(next() ? next() : 0)->next(); }
};
============================================================================

clang-7.0: /tmp/LLVM/llvm/include/llvm/Support/Casting.h:106: static bool
llvm::isa_impl_cl<To, const From*>::doit(const From*) [with To =
clang::FunctionDecl; From = clang::Decl]: Assertion `Val && "isa<> used on a
null pointer"' failed.
#0 0x00000000020c10ea llvm::sys::PrintStackTrace(llvm::raw_ostream&)
(/LLVM-trunk-326181/bin/clang-7.0+0x20c10ea)
#1 0x00000000020bee26 llvm::sys::RunSignalHandlers()
(/LLVM-trunk-326181/bin/clang-7.0+0x20bee26)
#2 0x00000000020bf195 SignalHandler(int)
(/LLVM-trunk-326181/bin/clang-7.0+0x20bf195)
#3 0x00007fd8fa119100 __restore_rt (/lib64/libpthread.so.0+0xf100)
#4 0x00007fd8f8c965f7 __GI_raise (/lib64/libc.so.6+0x355f7)
#5 0x00007fd8f8c97ce8 __GI_abort (/lib64/libc.so.6+0x36ce8)
#6 0x00007fd8f8c8f566 __assert_fail_base (/lib64/libc.so.6+0x2e566)
#7 0x00007fd8f8c8f612 (/lib64/libc.so.6+0x2e612)
#8 0x000000000399bb16 bool llvm::isa<clang::ento::FieldRegion,
clang::ento::MemRegion const*>(clang::ento::MemRegion const* const&) [clone
.isra.350] [clone .part.351] (/LLVM-trunk-326181/bin/clang-7.0+0x399bb16)
#9 0x00000000039a210d (/LLVM-trunk-326181/bin/clang-7.0+0x39a210d)
#10 0x0000000003995cbb
clang::ento::GRBugReporter::generatePathDiagnostic(clang::ento::PathDiagnostic&,
clang::ento::PathDiagnosticConsumer&, llvm::ArrayRef<clang::ento::BugReport*>&)
(/LLVM-trunk-326181/bin/clang-7.0+0x3995cbb)
#11 0x00000000039996c0
clang::ento::BugReporter::FlushReport(clang::ento::BugReport*,
clang::ento::PathDiagnosticConsumer&, llvm::ArrayRef<clang::ento::BugReport*>)
(/LLVM-trunk-326181/bin/clang-7.0+0x39996c0)
#12 0x000000000399a05b
clang::ento::BugReporter::FlushReport(clang::ento::BugReportEquivClass&)
(/LLVM-trunk-326181/bin/clang-7.0+0x399a05b)
#13 0x000000000399af27 clang::ento::BugReporter::FlushReports()
(/LLVM-trunk-326181/bin/clang-7.0+0x399af27)
#14 0x0000000002f0618b (anonymous
namespace)::AnalysisConsumer::ActionExprEngine(clang::Decl*, bool,
clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*,
llvm::DenseMapInfo<clang::Decl const*> >*) [clone .part.4623]
(/LLVM-trunk-326181/bin/clang-7.0+0x2f0618b)
#15 0x0000000002f0694b (anonymous
namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int,
clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*,
llvm::DenseMapInfo<clang::Decl const*> >*)
(/LLVM-trunk-326181/bin/clang-7.0+0x2f0694b)
#16 0x0000000002f18d5a (anonymous
namespace)::AnalysisConsumer::runAnalysisOnTranslationUnit(clang::ASTContext&)
(/LLVM-trunk-326181/bin/clang-7.0+0x2f18d5a)
#17 0x0000000002f19aeb (anonymous
namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&)
(/LLVM-trunk-326181/bin/clang-7.0+0x2f19aeb)
#18 0x0000000002f46f29 clang::ParseAST(clang::Sema&, bool, bool)
(/LLVM-trunk-326181/bin/clang-7.0+0x2f46f29)
#19 0x00000000026bfdce clang::FrontendAction::Execute()
(/LLVM-trunk-326181/bin/clang-7.0+0x26bfdce)
#20 0x000000000268826e
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
(/LLVM-trunk-326181/bin/clang-7.0+0x268826e)
#21 0x0000000002769a5b
clang::ExecuteCompilerInvocation(clang::CompilerInstance*)
(/LLVM-trunk-326181/bin/clang-7.0+0x2769a5b)
#22 0x00000000008979b8 cc1_main(llvm::ArrayRef<char const*>, char const*,
void*) (/LLVM-trunk-326181/bin/clang-7.0+0x8979b8)
#23 0x000000000081cf3b main (/LLVM-trunk-326181/bin/clang-7.0+0x81cf3b)
#24 0x00007fd8f8c82b15 __libc_start_main (/lib64/libc.so.6+0x21b15)
#25 0x0000000000894c09 _start (/LLVM-trunk-326181/bin/clang-7.0+0x894c09)

This is a recent regression on the trunk: Revision 325473 was OK,
revision 326070 crashes.</pre>
        </div>
      </p>


      <hr>
      <span>You are receiving this mail because:</span>

      <ul>
          <li>You are on the CC list for the bug.</li>
      </ul>
    </body>
</html>