<html>

    <head>

      <base href="https://bugs.llvm.org/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - Assertion failure in clang::ento::SValBuilder::evalBinOp"

   href="https://bugs.llvm.org/show_bug.cgi?id=37503">37503</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>Assertion failure in clang::ento::SValBuilder::evalBinOp

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>clang

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>trunk

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>enhancement

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>Static Analyzer

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>dcoughlin@apple.com

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>alexfh@google.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>ekarpenkov@apple.com, llvm-bugs@lists.llvm.org, noqnoqneo@gmail.com

          </td>

        </tr></table>

      <p>

        <div>

        <pre>$ cat test-SValBuilder__evalBinOp.cc

void strcpy(char *, char *);

class a {

 public:

  static void *b();

};

char c;

char ***f;

void d() {

  *(unsigned char **)f = (unsigned char *)a::b();

  char **e = *f;

  strcpy(*e, &c);

}

$ clang-tidy -checks=-*,clang-analyzer* test-SValBuilder__evalBinOp.cc -- 

assertion failed at clang/lib/StaticAnalyzer/Core/SValBuilder.cpp:427 in

clang::ento::SVal

clang::ento::SValBuilder::evalBinOp(clang::ento::ProgramStateRef,

BinaryOperator::Opcode, clang::ento::SVal, clang::ento::SVal, clang::QualType):

op == BO_Add

    @     0x5646c4981cb6  __assert_fail

    @     0x5646c266903c  clang::ento::SValBuilder::evalBinOp()

    @     0x5646c26691bc  clang::ento::SValBuilder::evalEQ()

    @     0x5646c261bfe5  (anonymous namespace)::CStringChecker::assumeZero()

    @     0x5646c261c1eb  (anonymous namespace)::CStringChecker::checkNonNull()

    @     0x5646c261e9ac  (anonymous

namespace)::CStringChecker::evalStrcpyCommon()

    @     0x5646c261acf2  (anonymous namespace)::CStringChecker::evalStrcpy()

    @     0x5646c2619822  clang::ento::eval::Call::_evalCall<>()

    @     0x5646c26cd24e  clang::ento::CheckerManager::runCheckersForEvalCall()

    @     0x5646c2710683  clang::ento::ExprEngine::evalCall()

    @     0x5646c2710412  clang::ento::ExprEngine::VisitCallExpr()

    @     0x5646c26de913  clang::ento::ExprEngine::Visit()

    @     0x5646c26da68e  clang::ento::ExprEngine::ProcessStmt()

    @     0x5646c26da3ab  clang::ento::ExprEngine::processCFGElement()

    @     0x5646c26fe065  clang::ento::CoreEngine::HandlePostStmt()

    @     0x5646c26fd4bd  clang::ento::CoreEngine::ExecuteWorkList()

    @     0x5646c24330bc  (anonymous

namespace)::AnalysisConsumer::ActionExprEngine()

    @     0x5646c2432c36  (anonymous namespace)::AnalysisConsumer::HandleCode()

    @     0x5646c241e9c4  (anonymous

namespace)::AnalysisConsumer::HandleTranslationUnit()</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>