<html>

    <head>

      <base href="https://bugs.llvm.org/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - Analyzer crash in C++17 mode"

   href="https://bugs.llvm.org/show_bug.cgi?id=41134">41134</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>Analyzer crash in C++17 mode

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>clang

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>trunk

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Keywords</th>

          <td>compile-fail, regression

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>enhancement

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>Static Analyzer

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>dcoughlin@apple.com

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>v.reichelt@netcologne.de

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>dcoughlin@apple.com, llvm-bugs@lists.llvm.org

          </td>

        </tr></table>

      <p>

        <div>

        <pre>The following valid testcase triggers an assertion when compiled with

"--analyze -std=c++17":

=======================

struct A

{

  A() {}

};

A get()

{

  return { A() };

}

void foo(A&&);

void bar()

{

  foo(get());

}

=======================

clang-9: llvm/tools/clang/lib/StaticAnalyzer/Core/RegionStore.cpp:2362:

{anonymous}::RegionBindingsRef

{anonymous}::RegionStoreManager::bindStruct(RegionBindingsConstRef, const

clang::ento::TypedValueRegion*, clang::ento::SVal): Assertion

`CRD->isAggregate() && "Non-aggregates are constructed with a constructor!"'

failed.

Stack dump:

0.      Program arguments: LLVM/LLVM-trunk-356359/bin/clang-9 -cc1 -triple

x86_64-unknown-linux-gnu -analyze -disable-free -main-file-name CLbug.cc

-analyzer-store=region -analyzer-opt-analyze-nested-blocks

-analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix

-analyzer-checker=deadcode -analyzer-checker=cplusplus

-analyzer-checker=security.insecureAPI.UncheckedReturn

-analyzer-checker=security.insecureAPI.getpw

-analyzer-checker=security.insecureAPI.gets

-analyzer-checker=security.insecureAPI.mktemp

-analyzer-checker=security.insecureAPI.mkstemp

-analyzer-checker=security.insecureAPI.vfork

-analyzer-checker=nullability.NullPassedToNonnull

-analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w

-mrelocation-model static -mthread-model posix -mdisable-fp-elim -fmath-errno

-masm-verbose -mconstructor-aliases -munwind-tables -fuse-init-array

-target-cpu x86-64 -dwarf-column-info -debugger-tuning=gdb -resource-dir

LLVM/LLVM-trunk-356359/lib/clang/9.0.0 -internal-isystem

/opt/rh/devtoolset-4/root/usr/lib/gcc/x86_64-redhat-linux/5.3.1/../../../../include/c++/5.3.1

-internal-isystem

/opt/rh/devtoolset-4/root/usr/lib/gcc/x86_64-redhat-linux/5.3.1/../../../../include/c++/5.3.1/x86_64-redhat-linux

-internal-isystem

/opt/rh/devtoolset-4/root/usr/lib/gcc/x86_64-redhat-linux/5.3.1/../../../../include/c++/5.3.1/backward

-internal-isystem /usr/local/include -internal-isystem

LLVM/LLVM-trunk-356359/lib/clang/9.0.0/include -internal-externc-isystem

/include -internal-externc-isystem /usr/include -std=c++17 -fdeprecated-macro

-fdebug-compilation-dir /home/vreichelt -ferror-limit 19 -fmessage-length 0

-fobjc-runtime=gcc -fcxx-exceptions -fexceptions -fdiagnostics-show-option -o

CLbug.plist -x c++ CLbug.cc -faddrsig 

1.      <eof> parser at end of file

2.      While analyzing stack: 

        #0 Calling bar

3.      CLbug.cc:21:7: Error evaluating statement

4.      CLbug.cc:21:7: Error evaluating statement

 #0 0x000000000244a19a llvm::sys::PrintStackTrace(llvm::raw_ostream&)

(LLVM/LLVM-trunk-356359/bin/clang-9+0x244a19a)

 ...

 #9 0x00000000039c1233 (anonymous

namespace)::RegionStoreManager::bind((anonymous namespace)::RegionBindingsRef

const&, clang::ento::Loc, clang::ento::SVal)

(LLVM/LLVM-trunk-356359/bin/clang-9+0x39c1233)

#10 0x00000000039c17d5 (anonymous namespace)::RegionStoreManager::Bind(void

const*, clang::ento::Loc, clang::ento::SVal)

(LLVM/LLVM-trunk-356359/bin/clang-9+0x39c17d5)

#11 0x00000000039a742c clang::ento::ProgramState::bindLoc(clang::ento::Loc,

clang::ento::SVal, clang::LocationContext const*, bool) const

(LLVM/LLVM-trunk-356359/bin/clang-9+0x39a742c)

#12 0x00000000039383c5

clang::ento::ExprEngine::createTemporaryRegionIfNeeded(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState

const>, clang::LocationContext const*, clang::Expr const*, clang::Expr const*,

clang::ento::SubRegion const**) (LLVM/LLVM-trunk-356359/bin/clang-9+0x39383c5)

#13 0x000000000395ab93

clang::ento::ExprEngine::CreateCXXTemporaryObject(clang::MaterializeTemporaryExpr

const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&)

(LLVM/LLVM-trunk-356359/bin/clang-9+0x395ab93)

#14 0x000000000394628e clang::ento::ExprEngine::Visit(clang::Stmt const*,

clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&)

(LLVM/LLVM-trunk-356359/bin/clang-9+0x394628e)

#15 0x0000000003947c72 clang::ento::ExprEngine::ProcessStmt(clang::Stmt const*,

clang::ento::ExplodedNode*) (LLVM/LLVM-trunk-356359/bin/clang-9+0x3947c72)

#16 0x0000000003947e2a

clang::ento::ExprEngine::processCFGElement(clang::CFGElement,

clang::ento::ExplodedNode*, unsigned int, clang::ento::NodeBuilderContext*)

(LLVM/LLVM-trunk-356359/bin/clang-9+0x3947e2a)

#17 0x000000000391aaa6 clang::ento::CoreEngine::HandlePostStmt(clang::CFGBlock

const*, unsigned int, clang::ento::ExplodedNode*)

(LLVM/LLVM-trunk-356359/bin/clang-9+0x391aaa6)

#18 0x000000000391ad35

clang::ento::CoreEngine::dispatchWorkItem(clang::ento::ExplodedNode*,

clang::ProgramPoint, clang::ento::WorkListUnit const&) (.localalias.229)

(LLVM/LLVM-trunk-356359/bin/clang-9+0x391ad35)

#19 0x000000000391ae32

clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*,

unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>)

(LLVM/LLVM-trunk-356359/bin/clang-9+0x391ae32)

#20 0x00000000035c2ad2 (anonymous

namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int,

clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*,

llvm::DenseMapInfo<clang::Decl const*> >*)

(LLVM/LLVM-trunk-356359/bin/clang-9+0x35c2ad2)

#21 0x00000000035db770 (anonymous

namespace)::AnalysisConsumer::runAnalysisOnTranslationUnit(clang::ASTContext&)

(LLVM/LLVM-trunk-356359/bin/clang-9+0x35db770)

 ...

clang version 9.0.0 (trunk)

Target: x86_64-unknown-linux-gnu

Thread model: posix

This is a regression that was introduced between r355810 and r356359.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>