<html>
    <head>
      <base href="https://bugs.llvm.org/">
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - alpha.cplusplus.IteratorModeling checker hits assertion"
   href="https://bugs.llvm.org/show_bug.cgi?id=44998">44998</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>alpha.cplusplus.IteratorModeling checker hits assertion
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>clang
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>trunk
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>PC
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>Linux
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>normal
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>Static Analyzer
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>dcoughlin@apple.com
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>nicolas.alvarez@gmail.com
          </td>
        </tr>

        <tr>
          <th>CC</th>
          <td>dcoughlin@apple.com, llvm-bugs@lists.llvm.org
          </td>
        </tr></table>
      <p>
        <div>
        <pre>The alpha.cplusplus.IteratorModeling checker triggers an assertion in the
following code:

struct List {
  struct iterator {
    int c;
    bool operator!=(iterator);
  };

  iterator constEnd();
  void f() {
    iterator i;
    i != constEnd();
  }
};


$ clang++ -cc1 -analyze -analyzer-checker alpha.cplusplus.IteratorModeling
viewmode.cpp

viewmode.cpp:10:7: warning: inequality comparison result unused
    i != constEnd();
    ~~^~~~~~~~~~~~~
viewmode.cpp:10:7: note: use '|=' to turn this inequality comparison into an
or-assignment
    i != constEnd();
      ^~
      |=
clang++:
../llvm/tools/clang/lib/StaticAnalyzer/Checkers/IteratorModeling.cpp:565:
clang::ento::ProgramStateRef (anonymous
namespace)::relateSymbols(clang::ento::ProgramStateRef, clang::ento::SymbolRef,
clang::ento::SymbolRef, bool): Assertion `isa<SymIntExpr>(CompSym) && "Symbol
comparison must be a `SymIntExpr`"' failed.
Stack dump:
0.      Program arguments: /home/nicolas/src/llvm/build/llvm/bin/clang++ -cc1
-analyze -analyzer-checker alpha.cplusplus.IteratorModeling viewmode.cpp 
1.      <eof> parser at end of file
2.      While analyzing stack: 
        #0 Calling List::f
3.      viewmode.cpp:10:5: Error evaluating statement
4.      viewmode.cpp:10:5: Error evaluating statement
 #0 0x00007f6359388649 llvm::sys::PrintStackTrace(llvm::raw_ostream&)
/home/nicolas/src/llvm/build/../llvm/lib/Support/Unix/Signals.inc:564:11
 #1 0x00007f63593887f9 PrintStackTraceSignalHandler(void*)
/home/nicolas/src/llvm/build/../llvm/lib/Support/Unix/Signals.inc:625:1
 #2 0x00007f6359386f86 llvm::sys::RunSignalHandlers()
/home/nicolas/src/llvm/build/../llvm/lib/Support/Signals.cpp:67:5
 #3 0x00007f6359388f9b SignalHandler(int)
/home/nicolas/src/llvm/build/../llvm/lib/Support/Unix/Signals.inc:406:1
 #4 0x00007f635881a730 __restore_rt
(/lib/x86_64-linux-gnu/libpthread.so.0+0x12730)
 #5 0x00007f6355ff37bb raise
/build/glibc-vjB4T1/glibc-2.28/signal/../sysdeps/unix/sysv/linux/raise.c:51:1
 #6 0x00007f6355fde535 abort /build/glibc-vjB4T1/glibc-2.28/stdlib/abort.c:81:7
 #7 0x00007f6355fde40f _nl_load_domain
/build/glibc-vjB4T1/glibc-2.28/intl/loadmsgcat.c:1177:9
 #8 0x00007f6355fec102 (/lib/x86_64-linux-gnu/libc.so.6+0x30102)
 #9 0x00007f635018088b (anonymous
namespace)::relateSymbols(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState
const>, clang::ento::SymExpr const*, clang::ento::SymExpr const*, bool)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Checkers/IteratorModeling.cpp:566:5
#10 0x00007f63501803a9 (anonymous
namespace)::IteratorModeling::processComparison(clang::ento::CheckerContext&,
llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>, clang::ento::SymExpr
const*, clang::ento::SymExpr const*, clang::ento::SVal const&,
clang::OverloadedOperatorKind) const
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Checkers/IteratorModeling.cpp:385:24
#11 0x00007f635017f419 (anonymous
namespace)::IteratorModeling::handleComparison(clang::ento::CheckerContext&,
clang::Expr const*, clang::ento::SVal, clang::ento::SVal const&,
clang::ento::SVal const&, clang::OverloadedOperatorKind) const
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Checkers/IteratorModeling.cpp:363:3
#12 0x00007f635017e2fc (anonymous
namespace)::IteratorModeling::checkPostCall(clang::ento::CallEvent const&,
clang::ento::CheckerContext&) const
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Checkers/IteratorModeling.cpp:146:9
#13 0x00007f635017e180 void clang::ento::check::PostCall::_checkCall<(anonymous
namespace)::IteratorModeling>(void*, clang::ento::CallEvent const&,
clang::ento::CheckerContext&)
/home/nicolas/src/llvm/build/../llvm/tools/clang/include/clang/StaticAnalyzer/Core/Checker.h:184:3
#14 0x00007f634f9a1712 clang::ento::CheckerFn<void (clang::ento::CallEvent
const&, clang::ento::CheckerContext&)>::operator()(clang::ento::CallEvent
const&, clang::ento::CheckerContext&) const
/home/nicolas/src/llvm/build/../llvm/tools/clang/include/clang/StaticAnalyzer/Core/CheckerManager.h:69:5
#15 0x00007f634f993928 (anonymous
namespace)::CheckCallContext::runChecker(clang::ento::CheckerFn<void
(clang::ento::CallEvent const&, clang::ento::CheckerContext&)>,
clang::ento::NodeBuilder&, clang::ento::ExplodedNode*)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Core/CheckerManager.cpp:291:7
#16 0x00007f634f98fe05 void expandGraphWithCheckers<(anonymous
namespace)::CheckCallContext>((anonymous namespace)::CheckCallContext,
clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNodeSet const&)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Core/CheckerManager.cpp:138:25
#17 0x00007f634f98fb5b
clang::ento::CheckerManager::runCheckersForCallEvent(bool,
clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNodeSet const&,
clang::ento::CallEvent const&, clang::ento::ExprEngine&, bool)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Core/CheckerManager.cpp:309:1
#18 0x00007f634fa1a1f8
clang::ento::CheckerManager::runCheckersForPostCall(clang::ento::ExplodedNodeSet&,
clang::ento::ExplodedNodeSet const&, clang::ento::CallEvent const&,
clang::ento::ExprEngine&, bool)
/home/nicolas/src/llvm/build/../llvm/tools/clang/include/clang/StaticAnalyzer/Core/CheckerManager.h:283:3
#19 0x00007f634fa1df2c
clang::ento::ExprEngine::evalCall(clang::ento::ExplodedNodeSet&,
clang::ento::ExplodedNode*, clang::ento::CallEvent const&)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp:606:41
#20 0x00007f634fa1dd19 clang::ento::ExprEngine::VisitCallExpr(clang::CallExpr
const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp:513:16
#21 0x00007f634f9df934 clang::ento::ExprEngine::Visit(clang::Stmt const*,
clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:1605:7
#22 0x00007f634f9dc4ac clang::ento::ExprEngine::ProcessStmt(clang::Stmt const*,
clang::ento::ExplodedNode*)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:792:9
#23 0x00007f634f9dc199
clang::ento::ExprEngine::processCFGElement(clang::CFGElement,
clang::ento::ExplodedNode*, unsigned int, clang::ento::NodeBuilderContext*)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:637:7
#24 0x00007f634f9afdaa clang::ento::CoreEngine::HandlePostStmt(clang::CFGBlock
const*, unsigned int, clang::ento::ExplodedNode*)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:469:1
#25 0x00007f634f9af46c
clang::ento::CoreEngine::dispatchWorkItem(clang::ento::ExplodedNode*,
clang::ProgramPoint, clang::ento::WorkListUnit const&)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:195:1
#26 0x00007f634f9af01f
clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*,
unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:129:3
#27 0x00007f6350d63564
clang::ento::ExprEngine::ExecuteWorkList(clang::LocationContext const*,
unsigned int)
/home/nicolas/src/llvm/build/../llvm/tools/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h:168:5
#28 0x00007f6350d0e186 (anonymous
namespace)::AnalysisConsumer::RunPathSensitiveChecks(clang::Decl*,
clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*,
llvm::DenseMapInfo<clang::Decl const*> >*)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:821:7
#29 0x00007f6350d0dd14 (anonymous
namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int,
clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*,
llvm::DenseMapInfo<clang::Decl const*> >*)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:793:15
#30 0x00007f6350ca7d7e (anonymous
namespace)::AnalysisConsumer::HandleDeclsCallGraph(unsigned int)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:585:31
#31 0x00007f6350ca68e2 (anonymous
namespace)::AnalysisConsumer::runAnalysisOnTranslationUnit(clang::ASTContext&)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:635:3
#32 0x00007f6350ca56a2 (anonymous
namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:0:5
#33 0x00007f635271830e clang::ParseAST(clang::Sema&, bool, bool)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/Parse/ParseAST.cpp:178:12
#34 0x00007f6356d80db2 clang::ASTFrontendAction::ExecuteAction()
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/Frontend/FrontendAction.cpp:1049:1
#35 0x00007f6356d80761 clang::FrontendAction::Execute()
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/Frontend/FrontendAction.cpp:944:7
#36 0x00007f6356cf515e
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/Frontend/CompilerInstance.cpp:969:23
#37 0x00007f6356a7ab4f
clang::ExecuteCompilerInvocation(clang::CompilerInstance*)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:292:8
#38 0x0000000000428838 cc1_main(llvm::ArrayRef<char const*>, char const*,
void*)
/home/nicolas/src/llvm/build/../llvm/tools/clang/tools/driver/cc1_main.cpp:240:13
#39 0x000000000041c3c6 ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&)
/home/nicolas/src/llvm/build/../llvm/tools/clang/tools/driver/driver.cpp:328:5
#40 0x000000000041b61f main
/home/nicolas/src/llvm/build/../llvm/tools/clang/tools/driver/driver.cpp:402:5
#41 0x00007f6355fe009b __libc_start_main
/build/glibc-vjB4T1/glibc-2.28/csu/../csu/libc-start.c:342:3
#42 0x000000000041adca _start
(/home/nicolas/src/llvm/build/llvm/bin/clang+++0x41adca)</pre>
        </div>
      </p>


      <hr>
      <span>You are receiving this mail because:</span>

      <ul>
          <li>You are on the CC list for the bug.</li>
      </ul>
    </body>
</html>