[cfe-dev] Crashes from the analyzer recently

bruce.r.stephens at gmail.com bruce.r.stephens at gmail.com
Tue Jul 6 15:21:49 PDT 2010 

I've been seeing crashes (not always reproducible reliably) from the
analyzer.  I filed one or two, but it's presumably unhelpful to file
many?

I suspect some memory mishap in the recently changed MemRegion code.
valgrind seems to give similar logs for the various crashes.  Here's one
(from processing getpass.c from coreutils-8.5 on a 64-bit GNU/Linux):

==12353== Invalid read of size 4
==12353==    at 0x12E9A36: clang::MemRegion::getKind() const (MemRegion.h:118)
==12353==    by 0x12F0B83: clang::SubRegion::classof(clang::MemRegion const*) (MemRegion.h:280)
==12353==    by 0x12F4D1C: llvm::isa_impl<clang::SubRegion, clang::MemRegion>::doit(clang::MemRegion const&) (Casting.h:55)
==12353==    by 0x12F4C70: llvm::isa_impl_wrap<clang::SubRegion, clang::MemRegion const, clang::MemRegion const>::doit(clang::MemRegion const&) (Casting.h:73)
==12353==    by 0x12F4A0D: bool llvm::isa_impl_cl<clang::MemRegion>::isa<clang::SubRegion>(clang::MemRegion const&) (Casting.h:85)
==12353==    by 0x12F4297: bool llvm::isa_impl_cl<clang::MemRegion const>::isa<clang::SubRegion>(clang::MemRegion const&) (Casting.h:94)
==12353==    by 0x12F357C: bool llvm::isa_impl_cl<clang::MemRegion const*>::isa<clang::SubRegion>(clang::MemRegion const*) (Casting.h:103)
==12353==    by 0x12F2657: bool llvm::isa<clang::SubRegion, clang::MemRegion const*>(clang::MemRegion const* const&) (Casting.h:118)
==12353==    by 0x12F1B83: llvm::cast_retty<clang::SubRegion, clang::MemRegion const*>::ret_type llvm::dyn_cast<clang::SubRegion, clang::MemRegion const*>(clang::MemRegion const* const&) (Casting.h:228)
==12353==    by 0x138108E: clang::SubRegion::isSubRegionOf(clang::MemRegion const*) const (MemRegion.cpp:149)
==12353==    by 0x13A7A90: (anonymous namespace)::RemoveDeadBindingsWorker::VisitBinding(clang::SVal) (RegionStore.cpp:1754)
==12353==    by 0x13A7E2E: (anonymous namespace)::RemoveDeadBindingsWorker::VisitBindingKey((anonymous namespace)::BindingKey) (RegionStore.cpp:1800)
==12353==  Address 0x2038210000b804 is not stack'd, malloc'd or (recently) free'd

More information about the cfe-dev mailing list