[cfe-dev] RewriteRope.cpp assertion: Assertion `getPiece(StartPiece).size() > NumBytes' failed.

Peeter Joot peeter.joot at gmail.com
Fri Apr 26 14:42:10 PDT 2013 

Here's more info:

RenameMethod:
/home/hotellnx94/peeterj/clang/sources/llvm/tools/clang/lib/Rewrite/Core/RewriteRope.cpp:377:
void {anonymous}::RopePieceBTreeLeaf::erase(unsigned int, unsigned int):
Assertion `getPiece(StartPiece).size() > NumBytes' failed.

stack:

Program received signal SIGABRT, Aborted.
0x00002aaaab4b2f45 in raise () from /lib64/libc.so.6
(gdb) where
#0  0x00002aaaab4b2f45 in raise () from /lib64/libc.so.6
#1  0x00002aaaab4b4340 in abort () from /lib64/libc.so.6
#2  0x00002aaaab4ac486 in __assert_fail () from /lib64/libc.so.6
#3  0x0000000000f66751 in (anonymous namespace)::RopePieceBTreeLeaf::erase
(this=0x3675550, Offset=50490, NumBytes=4294951421)
    at
/home/hotellnx94/peeterj/clang/sources/llvm/tools/clang/lib/Rewrite/Core/RewriteRope.cpp:377
#4  0x0000000000f67114 in (anonymous namespace)::RopePieceBTreeNode::erase
(this=0x3675550, Offset=50490, NumBytes=4294951421)
    at
/home/hotellnx94/peeterj/clang/sources/llvm/tools/clang/lib/Rewrite/Core/RewriteRope.cpp:652
#5  0x0000000000f6764d in clang::RopePieceBTree::erase (this=0x64a8480,
Offset=50490, NumBytes=4294951421)
    at
/home/hotellnx94/peeterj/clang/sources/llvm/tools/clang/lib/Rewrite/Core/RewriteRope.cpp:755
#6  0x0000000000f6a5bb in clang::RewriteRope::erase(unsigned int, unsigned
int) ()
#7  0x0000000000f684fb in clang::RewriteBuffer::ReplaceText
(this=0x64a8478, OrigOffset=50501, OrigLength=4294951421, NewStr=...)
    at
/home/hotellnx94/peeterj/clang/sources/llvm/tools/clang/lib/Rewrite/Core/Rewriter.cpp:111
#8  0x0000000000f692ab in clang::Rewriter::ReplaceText
(this=0x7fffffffc3b0, Start=..., OrigLength=4294951421, NewStr=...)
    at
/home/hotellnx94/peeterj/clang/sources/llvm/tools/clang/lib/Rewrite/Core/Rewriter.cpp:309
#9  0x0000000000f5db27 in clang::tooling::Replacement::apply
(this=0x63ea2c0, Rewrite=...)
    at
/home/hotellnx94/peeterj/clang/sources/llvm/tools/clang/lib/Tooling/Refactoring.cpp:69
#10 0x0000000000f5dfc4 in clang::tooling::applyAllReplacements
(Replaces=..., Rewrite=...)
    at
/home/hotellnx94/peeterj/clang/sources/llvm/tools/clang/lib/Tooling/Refactoring.cpp:130
#11 0x0000000000f5e2c0 in
clang::tooling::RefactoringTool::applyAllReplacements (this=0x7fffffffcc98,
Rewrite=...)
    at
/home/hotellnx94/peeterj/clang/sources/llvm/tools/clang/lib/Tooling/Refactoring.cpp:166
#12 0x0000000000f5e1fa in clang::tooling::RefactoringTool::runAndSave
(this=0x7fffffffcc98, ActionFactory=0x1c50af0)
    at
/home/hotellnx94/peeterj/clang/sources/llvm/tools/clang/lib/Tooling/Refactoring.cpp:158
#13 0x0000000000421305 in main (argc=2, argv=0x7fffffffcfd8) at
RenameMethod.cpp:341

The sizes being compared:

#3  0x0000000000f66761 in (anonymous namespace)::RopePieceBTreeLeaf::erase
(this=0x3675550, Offset=50490, NumBytes=4294951421)
    at
/home/hotellnx94/peeterj/clang/sources/llvm/tools/clang/lib/Rewrite/Core/RewriteRope.cpp:377
377       assert(getPiece(StartPiece).size() > NumBytes);
(gdb) p NumBytes
$1 = 4294951421
(gdb) p /x NumBytes
$2 = 0xffffc1fd
(gdb) p getPiece(StartPiece).size()
$3 = 10836

Looks like some code somewhat allows NumBytes is effectively negative.
 That goes back to the object creation:

(gdb) frame 9
#9  0x0000000000f5db37 in clang::tooling::Replacement::apply
(this=0x63ea2c0, Rewrite=...)
    at
/home/hotellnx94/peeterj/clang/sources/llvm/tools/clang/lib/Tooling/Refactoring.cpp:69
69        bool RewriteSucceeded = !Rewrite.ReplaceText(Start, Length,
ReplacementText);
(gdb) p *this
$7 = {FilePath = {static npos = <optimized out>,
    _M_dataplus = {<std::allocator<char>> =
{<__gnu_cxx::new_allocator<char>> = {<No data fields>}, <No data fields>},
      _M_p = 0x4ac9cb8
"/view/peeterj_clang8/vbs/engn/include/sqloOSResourceTrack.h"}}, Offset =
50501, Length = 4294951421, ReplacementText = {
    static npos = <optimized out>, _M_dataplus = {<std::allocator<char>> =
{<__gnu_cxx::new_allocator<char>> = {<No data fields>}, <No data fields>},
      _M_p = 0x6466b98 "&g_pOSResourceTracked"}}}


I'm assuming that this Length isn't the replacement length, but is the
source range of the text to replace.  That's calculated in this code as:

  virtual void run(const MatchFinder::MatchResult &Result) {
    const CallExpr *M = Result.Nodes.getStmtAs<CallExpr>("x");
    const Expr * a = M->getArg( 3 ) ;

    if ( const CStyleCastExpr * v = dyn_cast<CStyleCastExpr>( a ) )
    {
      const Expr * theCastedValue = v->getSubExprAsWritten() ;

      if ( theCastedValue )
      {
        std::string replacement = decl2str( theCastedValue,
Result.SourceManager ) ;

        if ( replacement.length() )
        {
          SourceLocation start = v->getLocStart() ;
          SourceLocation end = v->getLocEnd() ;
          CharSourceRange range = CharSourceRange::getTokenRange(
SourceRange(start, end) ) ;

          Replace->insert(
            Replacement(*Result.SourceManager,
                        range,
                        replacement));
        }
      }

somehow this has led to a negative length in the Replacement() object.

-- 
Peeter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20130426/3dc9d9d6/attachment.html>

More information about the cfe-dev mailing list