[clang] [analyzer] Limit Store by region-store-binding-limit (PR #127602)
Mikael Holmén via cfe-commits
cfe-commits at lists.llvm.org
Thu Feb 27 22:14:37 PST 2025
mikaelholmen wrote:
Hello @balazs-benics-sonarsource
The following starts crashing with this patch:
```clang --analyze bbi-104578.c```
It crashes with
```
clang: ../../clang/lib/StaticAnalyzer/Core/RegionStore.cpp:375: LimitedRegionBindingsRef LimitedRegionBindingsRef::addBinding(BindingKey, SVal) const: Assertion `NewBindingsLeft.value() != 0' failed.
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0. Program arguments: build-all/bin/clang --analyze bbi-104578.c
1. <eof> parser at end of file
2. While analyzing stack:
#0 Calling c
3. bbi-104578.c:5:3: Error evaluating statement
4. bbi-104578.c:5:3: Error evaluating statement
#0 0x000055dcb12b54f6 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (build-all/bin/clang+0x856b4f6)
#1 0x000055dcb12b2fde llvm::sys::RunSignalHandlers() (build-all/bin/clang+0x8568fde)
#2 0x000055dcb12b4834 llvm::sys::CleanupOnSignal(unsigned long) (build-all/bin/clang+0x856a834)
#3 0x000055dcb1215bfd CrashRecoverySignalHandler(int) CrashRecoveryContext.cpp:0:0
#4 0x00007fa82a361d10 __restore_rt (/lib64/libpthread.so.0+0x12d10)
#5 0x00007fa827d0152f raise (/lib64/libc.so.6+0x4e52f)
#6 0x00007fa827cd4e65 abort (/lib64/libc.so.6+0x21e65)
#7 0x00007fa827cd4d39 _nl_load_domain.cold.0 (/lib64/libc.so.6+0x21d39)
#8 0x00007fa827cf9e86 (/lib64/libc.so.6+0x46e86)
#9 0x000055dcb34a2bf5 LimitedRegionBindingsRef::addBinding((anonymous namespace)::BindingKey, clang::ento::SVal) const RegionStore.cpp:0:0
#10 0x000055dcb34a01f6 (anonymous namespace)::RegionStoreManager::bindArray(LimitedRegionBindingsRef const&, clang::ento::TypedValueRegion const*, clang::ento::SVal) RegionStore.cpp:0:0
#11 0x000055dcb34a03e3 (anonymous namespace)::RegionStoreManager::bindArray(LimitedRegionBindingsRef const&, clang::ento::TypedValueRegion const*, clang::ento::SVal) RegionStore.cpp:0:0
#12 0x000055dcb349fb68 (anonymous namespace)::RegionStoreManager::bind(LimitedRegionBindingsRef const&, clang::ento::Loc, clang::ento::SVal) RegionStore.cpp:0:0
#13 0x000055dcb3494678 (anonymous namespace)::RegionStoreManager::Bind(void const*, clang::ento::Loc, clang::ento::SVal) RegionStore.cpp:0:0
#14 0x000055dcb34609eb clang::ento::ProgramState::bindLoc(clang::ento::Loc, clang::ento::SVal, clang::LocationContext const*, bool) const (build-all/bin/clang+0xa7169eb)
#15 0x000055dcb340dea2 clang::ento::ExprEngine::processPointerEscapedOnBind(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>, llvm::ArrayRef<std::pair<clang::ento::SVal, clang::ento::SVal>>, clang::LocationContext const*, clang::ento::PointerEscapeKind, clang::ento::CallEvent const*) (build-all/bin/clang+0xa6c3ea2)
#16 0x000055dcb3403650 clang::ento::ExprEngine::evalBind(clang::ento::ExplodedNodeSet&, clang::Stmt const*, clang::ento::ExplodedNode*, clang::ento::SVal, clang::ento::SVal, bool, clang::ProgramPoint const*) (build-all/bin/clang+0xa6b9650)
#17 0x000055dcb341e195 clang::ento::ExprEngine::VisitDeclStmt(clang::DeclStmt const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) (build-all/bin/clang+0xa6d4195)
#18 0x000055dcb340261b clang::ento::ExprEngine::Visit(clang::Stmt const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) (build-all/bin/clang+0xa6b861b)
#19 0x000055dcb33fe863 clang::ento::ExprEngine::ProcessStmt(clang::Stmt const*, clang::ento::ExplodedNode*) (build-all/bin/clang+0xa6b4863)
#20 0x000055dcb33fe555 clang::ento::ExprEngine::processCFGElement(clang::CFGElement, clang::ento::ExplodedNode*, unsigned int, clang::ento::NodeBuilderContext*) (build-all/bin/clang+0xa6b4555)
#21 0x000055dcb33e06b0 clang::ento::CoreEngine::HandlePostStmt(clang::CFGBlock const*, unsigned int, clang::ento::ExplodedNode*) (build-all/bin/clang+0xa6966b0)
#22 0x000055dcb33dfd1b clang::ento::CoreEngine::dispatchWorkItem(clang::ento::ExplodedNode*, clang::ProgramPoint, clang::ento::WorkListUnit const&) (build-all/bin/clang+0xa695d1b)
#23 0x000055dcb33df36d clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*, unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>) (build-all/bin/clang+0xa69536d)
#24 0x000055dcb313d2c7 (anonymous namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int, clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*, llvm::DenseMapInfo<clang::Decl const*, void>>*) AnalysisConsumer.cpp:0:0
#25 0x000055dcb313b70b (anonymous namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&) AnalysisConsumer.cpp:0:0
#26 0x000055dcb34f6029 clang::ParseAST(clang::Sema&, bool, bool) (build-all/bin/clang+0xa7ac029)
#27 0x000055dcb20b15e4 clang::FrontendAction::Execute() (build-all/bin/clang+0x93675e4)
#28 0x000055dcb201a1cd clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (build-all/bin/clang+0x92d01cd)
#29 0x000055dcb21b37c5 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (build-all/bin/clang+0x94697c5)
#30 0x000055dcae7a9626 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (build-all/bin/clang+0x5a5f626)
#31 0x000055dcae7a5abd ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&, llvm::ToolContext const&) driver.cpp:0:0
#32 0x000055dcb1e4f979 void llvm::function_ref<void ()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const::$_0>(long) Job.cpp:0:0
#33 0x000055dcb12158f6 llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) (build-all/bin/clang+0x84cb8f6)
#34 0x000055dcb1e4ee83 clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const (build-all/bin/clang+0x9104e83)
#35 0x000055dcb1e07517 clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&, clang::driver::Command const*&, bool) const (build-all/bin/clang+0x90bd517)
#36 0x000055dcb1e07837 clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&, bool) const (build-all/bin/clang+0x90bd837)
#37 0x000055dcb1e280c9 clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&) (build-all/bin/clang+0x90de0c9)
#38 0x000055dcae7a4f16 clang_main(int, char**, llvm::ToolContext const&) (build-all/bin/clang+0x5a5af16)
#39 0x000055dcae7b5d06 main (build-all/bin/clang+0x5a6bd06)
#40 0x00007fa827ced7e5 __libc_start_main (/lib64/libc.so.6+0x3a7e5)
#41 0x000055dcae7a342e _start (build-all/bin/clang+0x5a5942e)
clang: error: clang frontend command failed with exit code 134 (use -v to see invocation)
clang version 21.0.0git
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /repo/uabelho/main-github/llvm/build-all/bin
Build config: +assertions
clang: note: diagnostic msg:
********************
PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang: note: diagnostic msg: /tmp/bbi-104578-9c6928.c
clang: note: diagnostic msg: /tmp/bbi-104578-9c6928.sh
clang: note: diagnostic msg:
********************
```
[bbi-104578.c.gz](https://github.com/user-attachments/files/19023020/bbi-104578.c.gz)
https://github.com/llvm/llvm-project/pull/127602
More information about the cfe-commits
mailing list