<html>
<head>
<base href="https://bugs.llvm.org/">
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - MemRegion.cpp:1196 - Assertion `isValidBaseClass(RD, cast<TypedValueRegion>(Super), IsVirtual)' failed."
href="https://bugs.llvm.org/show_bug.cgi?id=48739">48739</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>MemRegion.cpp:1196 - Assertion `isValidBaseClass(RD, cast<TypedValueRegion>(Super), IsVirtual)' failed.
</td>
</tr>
<tr>
<th>Product</th>
<td>clang
</td>
</tr>
<tr>
<th>Version</th>
<td>trunk
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>All
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>Static Analyzer
</td>
</tr>
<tr>
<th>Assignee</th>
<td>dcoughlin@apple.com
</td>
</tr>
<tr>
<th>Reporter</th>
<td>vince.a.bridgers@gmail.com
</td>
</tr>
<tr>
<th>CC</th>
<td>dcoughlin@apple.com, llvm-bugs@lists.llvm.org
</td>
</tr></table>
<p>
<div>
<pre>We came across this issue internally while using CSA. This is a reduced
reproducer.
command line
---
clang --analyze test.cpp
cat test.cpp
---
class b {
public:
int c;
b(int);
};
class e : public b {};
int b::*d;
void f() {
int e::*bp = &b::c;
b a(1);
d = static_cast<int b::*>(bp);
a.*d;
}
Relevant backtrace (slighty edited)
---
clang: <root>/clang/lib/StaticAnalyzer/Core/MemRegion.cpp:1196: const
clang::ento::CXXBaseObjectRegion*
clang::ento::MemRegionManager::getCXXBaseObjectRegion(const
clang::CXXRecordDecl*, const clang::ento::SubRegion*, bool): Assertion
`isValidBaseClass(RD, cast<TypedValueRegion>(Super), IsVirtual)' failed.
PLEASE submit a bug report to <a href="https://bugs.llvm.org/">https://bugs.llvm.org/</a> and include the crash
backtrace, preprocessed source, and associated run script.
Stack dump:
0. Program arguments: clang --analyze check.cpp
1. <eof> parser at end of file
2. While analyzing stack:
#0 Calling f
3. check.cpp:12:3: Error evaluating statement
4. check.cpp:12:3: Error evaluating statement
... <trimmed>
#11 0x0000000006bd4f03
clang::ento::MemRegionManager::getCXXBaseObjectRegion(clang::CXXRecordDecl
const*, clang::ento::SubRegion const*, bool)
<root>/clang/lib/StaticAnalyzer/Core/MemRegion.cpp:1199:5
#12 0x0000000006c5c2a4
clang::ento::StoreManager::evalDerivedToBase(clang::ento::SVal,
clang::QualType, bool) <root>/clang/lib/StaticAnalyzer/Core/Store.cpp:295:58
#13 0x0000000006c4e822 clang::ento::SVal (anonymous
namespace)::SimpleSValBuilder::evalBinOpLN(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState
const>, clang::BinaryOperatorKind, clang::ento::Loc, clang::ento::NonLoc,
clang::QualType)::'lambda'(auto const*)::operator()<clang::FieldDecl>(auto
const*) const
<root>/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp:1120:64
#14 0x0000000006c4d275 (anonymous
namespace)::SimpleSValBuilder::evalBinOpLN(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState
const>, clang::BinaryOperatorKind, clang::ento::Loc, clang::ento::NonLoc,
clang::QualType)
<root>/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp:1127:33
#15 0x0000000006c5f364
clang::ento::SValBuilder::evalBinOp(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState
const>, clang::BinaryOperatorKind, clang::ento::SVal, clang::ento::SVal,
clang::QualType) <root>/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp:430:66
#16 0x0000000006b8bba9
clang::ento::ExprEngine::evalBinOp(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState
const>, clang::BinaryOperatorKind, clang::ento::SVal, clang::ento::SVal,
clang::QualType)
<root>/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h:631:53
#17 0x0000000006b9e85a
clang::ento::ExprEngine::VisitBinaryOperator(clang::BinaryOperator const*,
clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&)
<root>/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp:100:69
#18 0x0000000006b7c073 clang::ento::ExprEngine::Visit(clang::Stmt const*,
clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&)
<root>/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:1578:20
#19 0x0000000006b78376 clang::ento::ExprEngine::ProcessStmt(clang::Stmt const*,
clang::ento::ExplodedNode*)
<root>/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:792:15
#20 0x0000000006b776f8
clang::ento::ExprEngine::processCFGElement(clang::CFGElement,
clang::ento::ExplodedNode*, unsigned int, clang::ento::NodeBuilderContext*)
<root>/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:637:18
#21 0x0000000006b49ed4 clang::ento::CoreEngine::HandlePostStmt(clang::CFGBlock
const*, unsigned int, clang::ento::ExplodedNode*)
<root>/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:468:1
#22 0x0000000006b48bd3
clang::ento::CoreEngine::dispatchWorkItem(clang::ento::ExplodedNode*,
clang::ProgramPoint, clang::ento::WorkListUnit const&) (.localalias)
<root>/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:192:7
#23 0x0000000006b4886d
clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*,
unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>)
<root>/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:147:21</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>