<html>

    <head>

      <base href="https://bugs.llvm.org/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - StaticAnalyzer/Core/ExprEngineCXX.cpp:187 Assertion `VD->getType()->isReferenceType()' failed."

   href="https://bugs.llvm.org/show_bug.cgi?id=37166">37166</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>StaticAnalyzer/Core/ExprEngineCXX.cpp:187 Assertion `VD->getType()->isReferenceType()' failed.

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>clang

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>trunk

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>All

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>All

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>Static Analyzer

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>dcoughlin@apple.com

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>chh@google.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>llvm-bugs@lists.llvm.org

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Created <span class=""><a href="attachment.cgi?id=20196" name="attach_20196" title="preprocessed binder_test.cpp">attachment 20196</a> <a href="attachment.cgi?id=20196&action=edit" title="preprocessed binder_test.cpp">[details]</a></span>

preprocessed binder_test.cpp

To reproduce

(1) Build latest clang-tidy with -DLLVM_ENABLE_ASSERTIONS=On

(2) Unzip attached binder_test.zip and run ./run.sh

clang-tidy aborts with assertion failure:

clang-tidy:

..../llvm/tools/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp:187: const

clang::ento::MemRegion

*clang::ento::ExprEngine::getRegionForConstructedObject(const

clang::CXXConstructExpr *, clang::ento::ExplodedNode *, const

clang::ConstructionContext *, clang::ento::ExprEngine::EvalCallOptions &):

Assertion `VD->getType()->isReferenceType()' failed.

When not built with assertion checks, clang-tidy aborts with segmentation

fault.

This regression was introduced in <a href="https://reviews.llvm.org/D43689">https://reviews.llvm.org/D43689</a>

<a href="https://llvm.org/svn/llvm-project/cfe/trunk@326240">https://llvm.org/svn/llvm-project/cfe/trunk@326240</a>

If r326240 is reverted, clang-tidy should give the following warnings:

/tmp/binder_test.cpp:5041:12: warning: Call to function 'strcpy' is insecure

as it does not provide bounding of the memory buffer. Replace unbounded copy

functions with analogous functions that support length arguments such as

'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]

    return __builtin___strcpy_chk(dst, src, __builtin_object_size(((dst)),

(1)));

           ^

....

Suppressed 21 warnings (21 with check filters).

binder_test.cpp is one of several files in Android source that failed to run

with the latest clang-tidy.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>