[PATCH] D11832: [Patch] [Analyzer] false positive: Potential leak connected with memcpy (PR 22954)
Gábor Horváth via cfe-commits
cfe-commits at lists.llvm.org
Mon Aug 31 12:04:16 PDT 2015
xazax.hun added a comment.
Hi!
With this patch committed I noticed a regression in the static analyzer.
I analyzed openssl-1.0.0d (using the test suite in utils/analyzer/SATestBuild.py).
I got the following assertion error:
(lldb) bt
- thread #1: tid = 0xa1fcb, 0x00007fff943e50ae libsystem_kernel.dylib`__pthread_kill + 10, queue = 'com.apple.main-thread', stop reason = signal SIGABRT
- frame #0: 0x00007fff943e50ae libsystem_kernel.dylib`__pthread_kill + 10 frame #1: 0x00007fff943f25fd libsystem_pthread.dylib`pthread_kill + 90 frame #2: 0x0000000100960106 clang`::abort() [inlined] raise(sig=6) + 18 at Signals.inc:504 frame #3: 0x00000001009600f4 clang`::abort() + 4 at Signals.inc:521 frame #4: 0x00000001009600e1 clang`::__assert_rtn(func=<unavailable>, file=<unavailable>, line=<unavailable>, expr=<unavailable>) + 81 at Signals.inc:517 frame #5: 0x00000001018fc418 clang`(anonymous namespace)::CStringChecker::InvalidateBuffer(clang::ento::CheckerContext&, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>, clang::Expr const*, clang::ento::SVal, bool, clang::Expr const*) [inlined] clang::ento::NonLoc clang::ento::SVal::castAs<clang::ento::NonLoc>() const + 1448 at SVals.h:76 frame #6: 0x00000001018fc3f9 clang`(anonymous namespace)::CStringChecker::InvalidateBuffer(clang::ento::CheckerContext&, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>, clang::Expr const*, clang::ento::SVal, bool, clang::Expr const*) [inlined] (anonymous namespace)::CStringChecker::IsFirstBufInBound(state=clang::ento::ProgramStateRef @ 0x0000000103bf2080, FirstBuf=0x0000000103a86768) at CStringChecker.cpp:842 frame #7: 0x00000001018fc3f9 clang`(anonymous namespace)::CStringChecker::InvalidateBuffer(C=<unavailable>, state=<unavailable>, E=0x0000000103a86768, V=<unavailable>, IsSourceBuffer=<unavailable>, Size=<unavailable>) + 1417 at CStringChecker.cpp:920 frame #8: 0x00000001018fadf7 clang`(anonymous namespace)::CStringChecker::evalCopyCommon(this=0x0000000103212fb0, C=0x00007fff5fbfc1a0, CE=<unavailable>, state=clang::ento::ProgramStateRef @ 0x00007fff5fbfc0c0, Size=0x0000000103a867b0, Dest=0x0000000103a86768, Source=<unavailable>, Restricted=<unavailable>, IsMempcpy=<unavailable>) const + 3991 at CStringChecker.cpp:1079 frame #9: 0x00000001018f8ad8 clang`(anonymous namespace)::CStringChecker::evalMemcpy(this=0x0000000103212fb0, C=0x00007fff5fbfc1a0, CE=0x0000000103a86720) const + 248 at CStringChecker.cpp:1101 frame #10: 0x00000001018f89b6 clang`bool clang::ento::eval::Call::_evalCall<(anonymous namespace)::CStringChecker>(void*, clang::CallExpr const*, clang::ento::CheckerContext&) [inlined] (anonymous namespace)::CStringChecker::evalCall(CE=0x0000000103a86720, C=0x00007fff5fbfc1a0) const + 655 at CStringChecker.cpp:2002 frame #11: 0x00000001018f8727 clang`bool clang::ento::eval::Call::_evalCall<(anonymous namespace)::CStringChecker>(checker=0x0000000103212fb0, CE=0x0000000103a86720, C=0x00007fff5fbfc1a0) + 23 at Checker.h:438 frame #12: 0x0000000101a0417d clang`clang::ento::CheckerManager::runCheckersForEvalCall(clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNodeSet const&, clang::ento::CallEvent const&, clang::ento::ExprEngine&) [inlined] clang::ento::CheckerFn<bool (clang::CallExpr const*, clang::ento::CheckerContext&)>::operator(this=<unavailable>, ps=<unavailable>)(clang::CallExpr const*, clang::ento::CheckerContext&) const + 653 at CheckerManager.h:58 frame #13: 0x0000000101a0416b clang`clang::ento::CheckerManager::runCheckersForEvalCall(this=0x0000000103211950, Dst=0x00007fff5fbfc2d8, Src=<unavailable>, Call=0x0000000103ac2070, Eng=0x00007fff5fbfcd90) + 635 at CheckerManager.cpp:549 frame #14: 0x0000000101a361af clang`clang::ento::ExprEngine::evalCall(this=0x00007fff5fbfcd90, Dst=0x00007fff5fbfc448, Pred=<unavailable>, Call=0x0000000103ac2070) + 383 at ExprEngineCallAndReturn.cpp:527 frame #15: 0x0000000101a35ee0 clang`clang::ento::ExprEngine::VisitCallExpr(this=0x00007fff5fbfcd90, CE=0x0000000103a86720, Pred=<unavailable>, dst=0x00007fff5fbfc9b8) + 528 at ExprEngineCallAndReturn.cpp:499 frame #16: 0x0000000101a1b4a0 clang`clang::ento::ExprEngine::Visit(this=0x00007fff5fbfcd90, S=0x0000000103a86720, Pred=<unavailable>, DstTop=<unavailable>) + 12224 at ExprEngine.cpp:1075 frame #17: 0x0000000101a16c30 clang`clang::ento::ExprEngine::ProcessStmt(this=0x00007fff5fbfcd90, S=<unavailable>, Pred=<unavailable>) + 880 at ExprEngine.cpp:446 frame #18: 0x0000000101a1681e clang`clang::ento::ExprEngine::processCFGElement(this=<unavailable>, E=<unavailable>, Pred=0x0000000103bf1be0, StmtIdx=<unavailable>, Ctx=0x00007fff5fbfcc98) + 190 at ExprEngine.cpp:295 frame #19: 0x0000000101a0c128 clang`clang::ento::CoreEngine::HandlePostStmt(this=<unavailable>, B=<unavailable>, StmtIdx=<unavailable>, Pred=<unavailable>) + 136 at CoreEngine.cpp:503 frame #20: 0x0000000101a0b71b clang`clang::ento::CoreEngine::ExecuteWorkList(this=0x00007fff5fbfcda8, L=<unavailable>, Steps=150000, InitState=clang::ento::ProgramStateRef @ 0x00007fff5fbfd120) + 491 at CoreEngine.cpp:223 frame #21: 0x00000001012698a0 clang`(anonymous namespace)::AnalysisConsumer::ActionExprEngine(clang::Decl*, bool, clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*, llvm::DenseMapInfo<clang::Decl const*> >*) [inlined] clang::ento::ExprEngine::ExecuteWorkList(L=0x00000001032c84a0, Steps=<unavailable>) + 35 at ExprEngine.h:109 frame #22: 0x000000010126987d clang`(anonymous namespace)::AnalysisConsumer::ActionExprEngine(this=0x0000000103211090, D=0x00000001039b8418, ObjCGCEnabled=<unavailable>, IMode=<unavailable>, VisitedCallees=<unavailable>) + 973 at AnalysisConsumer.cpp:659 frame #23: 0x000000010126931d clang`(anonymous namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int, clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*, llvm::DenseMapInfo<clang::Decl const*> >*) [inlined] (anonymous namespace)::AnalysisConsumer::RunPathSensitiveChecks(this=<unavailable>, D=<unavailable>, IMode=<unavailable>, Visited=<unavailable>) + 1501 at AnalysisConsumer.cpp:689 frame #24: 0x00000001012692c9 clang`(anonymous namespace)::AnalysisConsumer::HandleCode(this=<unavailable>, D=<unavailable>, Mode=<unavailable>, IMode=Inline_Regular, VisitedCallees=<unavailable>) + 1417 at AnalysisConsumer.cpp:627 frame #25: 0x000000010125bd31 clang`(anonymous namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&) + 743 at AnalysisConsumer.cpp:491 frame #26: 0x000000010125ba4a clang`(anonymous namespace)::AnalysisConsumer::HandleTranslationUnit(this=0x0000000103211090, C=<unavailable>) + 650 at AnalysisConsumer.cpp:542 frame #27: 0x0000000101274065 clang`clang::ParseAST(S=0x0000000103858a00, PrintStats=false, SkipFunctionBodies=<unavailable>) + 581 at ParseAST.cpp:168 frame #28: 0x0000000100d96adb clang`clang::FrontendAction::Execute(this=<unavailable>) + 75 at FrontendAction.cpp:439 frame #29: 0x0000000100d621eb clang`clang::CompilerInstance::ExecuteAction(this=0x0000000103208240, Act=0x0000000103209ae0) + 843 at CompilerInstance.cpp:830 frame #30: 0x0000000100dd48bf clang`clang::ExecuteCompilerInvocation(Clang=0x0000000103208240) + 4047 at ExecuteCompilerInvocation.cpp:222 frame #31: 0x000000010000608c clang`cc1_main(Argv=<unavailable>, Argv0="/Users/ghorvath/Documents/LLVM/build/bin/clang", MainAddr=0x0000000100001df0) + 1180 at cc1_main.cpp:116 frame #32: 0x0000000100004cc9 clang`main [inlined] ExecuteCC1Tool(Tool=<unavailable>) + 83 at driver.cpp:380 frame #33: 0x0000000100004c76 clang`main(argc_=<unavailable>, argv_=<unavailable>) + 11830 at driver.cpp:443 frame #34: 0x00007fff881eb5ad libdyld.dylib`start + 1 frame #35: 0x00007fff881eb5ad libdyld.dylib`start + 1
Could you look into this?
Repository:
rL LLVM
http://reviews.llvm.org/D11832
More information about the cfe-commits
mailing list