[clang] [analyzer] Do not reason about locations passed as inline asm input (PR #103714)
Mikael Holmén via cfe-commits
cfe-commits at lists.llvm.org
Sun Aug 18 23:32:52 PDT 2024
mikaelholmen wrote:
Hi @pskrgag
The following starts crashing with this patch:
```
clang -cc1 -analyze -analyzer-checker=core bbi-98183.c
```
It crashes like:
```
clang: ../../clang/include/clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h:1212: clang::ento::ElementRegion::ElementRegion(clang::QualType, clang::ento::NonLoc, const clang::ento::SubRegion *): Assertion `!elementType.isNull() && !elementType->isVoidType() && "Invalid region type!"' failed.
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0. Program arguments: build-all/bin/clang -cc1 -analyze -analyzer-checker=core bbi-98183.c
1. <eof> parser at end of file
2. While analyzing stack:
#0 Calling b
3. bbi-98183.c:2:12: Error evaluating statement
4. bbi-98183.c:2:12: Error evaluating statement
#0 0x0000557ee7401507 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (build-all/bin/clang+0x7ed8507)
#1 0x0000557ee73ff06e llvm::sys::RunSignalHandlers() (build-all/bin/clang+0x7ed606e)
#2 0x0000557ee7401bcf SignalHandler(int) Signals.cpp:0:0
#3 0x00007f566e78acf0 __restore_rt (/lib64/libpthread.so.0+0x12cf0)
#4 0x00007f566c343acf raise (/lib64/libc.so.6+0x4eacf)
#5 0x00007f566c316ea5 abort (/lib64/libc.so.6+0x21ea5)
#6 0x00007f566c316d79 _nl_load_domain.cold.0 (/lib64/libc.so.6+0x21d79)
#7 0x00007f566c33c426 (/lib64/libc.so.6+0x47426)
#8 0x0000557ee94c8881 clang::ento::ElementRegion::ElementRegion(clang::QualType, clang::ento::NonLoc, clang::ento::SubRegion const*) MemRegion.cpp:0:0
#9 0x0000557ee94c86a3 clang::ento::MemRegionManager::getElementRegion(clang::QualType, clang::ento::NonLoc, clang::ento::SubRegion const*, clang::ASTContext const&) (build-all/bin/clang+0x9f9f6a3)
#10 0x0000557ee9509dba (anonymous namespace)::RegionStoreManager::bind((anonymous namespace)::RegionBindingsRef const&, clang::ento::Loc, clang::ento::SVal) RegionStore.cpp:0:0
#11 0x0000557ee94ffb49 (anonymous namespace)::RegionStoreManager::Bind(void const*, clang::ento::Loc, clang::ento::SVal) RegionStore.cpp:0:0
#12 0x0000557ee94d69a1 clang::ento::ProgramState::bindLoc(clang::ento::Loc, clang::ento::SVal, clang::LocationContext const*, bool) const (build-all/bin/clang+0x9fad9a1)
#13 0x0000557ee9481c55 clang::ento::ExprEngine::VisitGCCAsmStmt(clang::GCCAsmStmt const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) (build-all/bin/clang+0x9f58c55)
#14 0x0000557ee947d2b4 clang::ento::ExprEngine::Visit(clang::Stmt const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) (build-all/bin/clang+0x9f542b4)
#15 0x0000557ee9479805 clang::ento::ExprEngine::ProcessStmt(clang::Stmt const*, clang::ento::ExplodedNode*) (build-all/bin/clang+0x9f50805)
#16 0x0000557ee9479539 clang::ento::ExprEngine::processCFGElement(clang::CFGElement, clang::ento::ExplodedNode*, unsigned int, clang::ento::NodeBuilderContext*) (build-all/bin/clang+0x9f50539)
#17 0x0000557ee945cc7e clang::ento::CoreEngine::HandlePostStmt(clang::CFGBlock const*, unsigned int, clang::ento::ExplodedNode*) (build-all/bin/clang+0x9f33c7e)
#18 0x0000557ee945bb3a clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*, unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>) (build-all/bin/clang+0x9f32b3a)
#19 0x0000557ee8fd8255 (anonymous namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int, clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*, llvm::DenseMapInfo<clang::Decl const*, void>>*) AnalysisConsumer.cpp:0:0
#20 0x0000557ee8fb10bb (anonymous namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&) AnalysisConsumer.cpp:0:0
#21 0x0000557ee955b927 clang::ParseAST(clang::Sema&, bool, bool) (build-all/bin/clang+0xa032927)
#22 0x0000557ee80b2390 clang::FrontendAction::Execute() (build-all/bin/clang+0x8b89390)
#23 0x0000557ee801d37f clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (build-all/bin/clang+0x8af437f)
#24 0x0000557ee81a017e clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (build-all/bin/clang+0x8c7717e)
#25 0x0000557ee4c83df6 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (build-all/bin/clang+0x575adf6)
#26 0x0000557ee4c8059d ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&, llvm::ToolContext const&) driver.cpp:0:0
#27 0x0000557ee4c7f2e4 clang_main(int, char**, llvm::ToolContext const&) (build-all/bin/clang+0x57562e4)
#28 0x0000557ee4c90ab7 main (build-all/bin/clang+0x5767ab7)
#29 0x00007f566c32fd85 __libc_start_main (/lib64/libc.so.6+0x3ad85)
#30 0x0000557ee4c7deae _start (build-all/bin/clang+0x5754eae)
Abort (core dumped)
```
[bbi-98183.c.gz](https://github.com/user-attachments/files/16656552/bbi-98183.c.gz)
https://github.com/llvm/llvm-project/pull/103714
More information about the cfe-commits
mailing list