
<html>

    <head>

      <base href="https://bugs.llvm.org/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - clang analyzer on crashes on RegionStoreManager::getBinding"

   href="https://bugs.llvm.org/show_bug.cgi?id=46264">46264</a>

          </td>

        </tr>


        <tr>

          <th>Summary</th>

          <td>clang analyzer on crashes on RegionStoreManager::getBinding

          </td>

        </tr>


        <tr>

          <th>Product</th>

          <td>clang

          </td>

        </tr>


        <tr>

          <th>Version</th>

          <td>trunk

          </td>

        </tr>


        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>


        <tr>

          <th>OS</th>

          <td>All

          </td>

        </tr>


        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>


        <tr>

          <th>Severity</th>

          <td>enhancement

          </td>

        </tr>


        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>


        <tr>

          <th>Component</th>

          <td>Static Analyzer

          </td>

        </tr>


        <tr>

          <th>Assignee</th>

          <td>dcoughlin@apple.com

          </td>

        </tr>


        <tr>

          <th>Reporter</th>

          <td>hokein@google.com

          </td>

        </tr>


        <tr>

          <th>CC</th>

          <td>dcoughlin@apple.com, llvm-bugs@lists.llvm.org

          </td>

        </tr></table>

      <p>

        <div>

        <pre>A testcase:


// ./clang-tidy -checks="-*,clang-analyzer*" /tmp/crash.cc

namespace a {

class b {

public:

  typedef int b::*c;

  operator c() { return d ? &b::d : 0; }

  int d;

};

} // namespace a

using a::b;

class e {

  void f();

  void g();

  b h;

};

void e::f() {

  e *i;

  if (h)

    i->g();

}


stack trace:


F0610 08:26:50.863129    7644 logging.cc:106] assert.h assertion failed at

/llvm-project/clang/lib/StaticAnalyzer/Core/RegionStore.cpp:1439 in

clang::ento::SVal (anonymous

namespace)::RegionStoreManager::getBinding(RegionBindingsConstRef,

clang::ento::Loc, clang::QualType): !T->isVoidType() && "Attempting to

dereference a void pointer!"

*** Check failure stack trace: ***

    @     0x55abd68e8646  __assert_fail

    @     0x55abd4fc9c72  (anonymous

namespace)::RegionStoreManager::getBinding()

    @     0x55abd4fc41be  (anonymous

namespace)::RegionStoreManager::getBinding()

    @     0x55abd4f25866  clang::ento::bugreporter::trackExpressionValue()

    @     0x55abd4f2c4c2  (anonymous namespace)::ReturnVisitor::VisitNode()

    @     0x55abd4f146fa  generateVisitorsDiagnostics()

    @     0x55abd4f10144 

clang::ento::PathSensitiveBugReporter::generatePathDiagnostics()

    @     0x55abd4f1327d 

clang::ento::PathSensitiveBugReporter::generateDiagnosticForConsumerMap()

    @     0x55abd4f0e0c0  clang::ento::BugReporter::FlushReport()

    @     0x55abd4f0df8b  clang::ento::BugReporter::FlushReports()

    @     0x55abd4c3628d  (anonymous namespace)::AnalysisConsumer::HandleCode()

    @     0x55abd4c164f3  (anonymous

namespace)::AnalysisConsumer::HandleTranslationUnit()

    @     0x55abd526976c  clang::MultiplexConsumer::HandleTranslationUnit()</pre>

        </div>

      </p>


      <hr>

      <span>You are receiving this mail because:</span>


      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>