[cfe-dev] Debugging Clang Static Analyzer segfault (clang 3.2)

Gábor Kozár kozargabor at gmail.com
Tue Apr 30 08:35:35 PDT 2013 

Hi,

Thank you both!
It works as expected now (i.e. it crashes with segfault but at least I can
debug it).

Gabor


2013/4/29 Jordan Rose <jordan_rose at apple.com>

> Hi, Gabor. Yes, Senthil has the right idea here—the trick is that the
> clang executable is divided into two parts: the "driver" and the compiler
> proper (sometimes known as "cc1"). The driver's in charge of invoking all
> the separate steps involved in a compliation command (compile, assemble,
> compile, assemble, link), whereas "cc1" just does Clang's own work for
> compiling a single file.
>
> As Senthil said, you can get the driver to spit out a cc1 invocation line
> by appending -### to your usual run command. You can then use this output
> line (which will start with "path/to/clang" and then "-cc1") to launch the
> cc1-clang in your debugger and catch the assertions.
>
> It's a good question. I'll try to make sure this ends up in the Checker
> Developer Manual once Sam has finished revising it.
>
> Jordan
>
>
> On Apr 29, 2013, at 6:03 , SENTHIL KUMAR THANGAVELU <senthil.t at samsung.com>
> wrote:
>
>
>
>     I have debugged clang 3.2 static analyzer using following steps,
> someone might know a better approach. These are the steps I have used for a
> c++ checker.
>
>
> 1) built with CC=gcc & CXX=g++,  might work with CC=clang and CXX=clang++
> also I think
>
> 2) used following command from inside gdb, I remember getting these args
> either using -v or ### option
>
>  r "/home/camel/osa/bin/clang++" "-cc1" "-analyze" "-analyzer-checker"
> "Mychecker" "-internal-isystem"
> "/usr/lib/gcc/i686-linux-gnu/4.5/../../../../include/c++/4.5"
> "-internal-isystem"
> "/usr/lib/gcc/i686-linux-gnu/4.5/../../../../include/c++/4.5/i686-linux-gnu"
> "-internal-isystem"
> "/usr/lib/gcc/i686-linux-gnu/4.5/../../../../include/c++/4.5/backward"
> "-internal-isystem" "/usr/local/include" "-internal-isystem"
> "/usr/local/bin/../lib/clang/3.1/include" "-internal-isystem"
> "/usr/lib/gcc/i686-linux-gnu/4.5/../../../gcc/i686-linux-gnu/4.5/include"
> "-internal-isystem"
> "/usr/lib/gcc/i686-linux-gnu/4.5/../../../gcc/i686-linux-gnu/4.5/include-fixed"
> "-internal-externc-isystem" "/include" "-internal-externc-isystem"
> "/usr/include" testfile.cpp
>
>
> backtrace in gdb always showed segfaults for me incase of checker
> segfaults.
>
>
> Regards
>
> Senthil Kumar
>
>
> ------- *Original Message* -------
>
> *Sender* : G�bor Koz�r<kozargabor at gmail.com>
>
> *Date* : Apr 29, 2013 21:15 (GMT+09:00)
>
> *Title* : [cfe-dev] Debugging Clang Static Analyzer segfault (clang 3.2)
>
> Hi,
>
> I wrote a custom checker based on SimpleStreamChecker for the Clang Static
> Analyzer. I'm using clang version 3.2.
>
> Upon running /.../llvm-3.2/build/bin/clang++ testfile.cpp -std=c++11
> -Xclang -analyze -Xclang -analyzer-checker=mychecker, I get the following:
>
> 0  clang-3.2       0x0000000001b8a52c
> 1  clang-3.2       0x0000000001b8a21c
> 2  libpthread.so.0 0x00007f577ad715d0
> 3  clang-3.2       0x000000000291903c
> 4  clang-3.2       0x00000000029193f1
> 5  clang-3.2       0x000000000291ada1
> 6  clang-3.2       0x000000000298b9dc
> 7  clang-3.2       0x0000000002987223
> 8  clang-3.2       0x00000000029894b9
> 9  clang-3.2       0x00000000029872dd
> clang::ento::CheckerManager::runCheckersForCallEvent(bool,
> clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNodeSet const&,
> clang::ento::CallEvent const&, clang::ento::ExprEngine&, bool) + 159
> 10 clang-3.2       0x00000000029c8736
> 11 clang-3.2       0x00000000029cb0db
> clang::ento::ExprEngine::evalCall(clang::ento::ExplodedNodeSet&,
> clang::ento::ExplodedNode*, clang::ento::CallEvent const&) + 127
> 12 clang-3.2       0x00000000029cafbd
> clang::ento::ExprEngine::VisitCallExpr(clang::CallExpr const*,
> clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) + 397
> 13 clang-3.2       0x00000000029b1163
> clang::ento::ExprEngine::Visit(clang::Stmt const*,
> clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) + 3785
> 14 clang-3.2       0x00000000029af477
> clang::ento::ExprEngine::ProcessStmt(clang::CFGStmt,
> clang::ento::ExplodedNode*) + 523
> 15 clang-3.2       0x00000000029ae9b7
> clang::ento::ExprEngine::processCFGElement(clang::CFGElement,
> clang::ento::ExplodedNode*, unsigned int, clang::ento::NodeBuilderContext*)
> + 205
> 16 clang-3.2       0x000000000299d85c
> clang::ento::CoreEngine::HandlePostStmt(clang::CFGBlock const*, unsigned
> int, clang::ento::ExplodedNode*) + 282
> 17 clang-3.2       0x000000000299cb40
> clang::ento::CoreEngine::dispatchWorkItem(clang::ento::ExplodedNode*,
> clang::ProgramPoint, clang::ento::WorkListUnit const&) + 630
> 18 clang-3.2       0x000000000299c838
> clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*,
> unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>) +
> 918
> 19 clang-3.2       0x00000000027fa752
> 20 clang-3.2       0x00000000027d9bd1
> 21 clang-3.2       0x00000000027d9ce2
> 22 clang-3.2       0x00000000027d99c9
> 23 clang-3.2       0x00000000027d8f9a
> 24 clang-3.2       0x00000000027d92b7
> 25 clang-3.2       0x0000000001f08c21 clang::ParseAST(clang::Sema&, bool,
> bool) + 786
> 26 clang-3.2       0x0000000001e2427c
> clang::ASTFrontendAction::ExecuteAction() + 298
> 27 clang-3.2       0x0000000001e23e97 clang::FrontendAction::Execute() +
> 197
> 28 clang-3.2       0x0000000001e00bbb
> clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) + 717
> 29 clang-3.2       0x0000000001b8f09d
> clang::ExecuteCompilerInvocation(clang::CompilerInstance*) + 1054
> 30 clang-3.2       0x0000000000d0138c cc1_main(char const**, char const**,
> char const*, void*) + 678
> 31 clang-3.2       0x0000000000cfb1d3 main + 508
> 32 libc.so.6       0x00007f577a2a9bc6 __libc_start_main + 230
> 33 clang-3.2       0x0000000000cf9879
> Stack dump:
> 0.    Program arguments:
> /home/ekozgbo/work/dev/llvm-3.2/build/bin/clang-3.2 -cc1 -triple
> x86_64-unknown-linux-gnu -emit-obj -mrelax-all -disable-free
> -main-file-name t2.cpp -mrelocation-model static -mdisable-fp-elim
> -fmath-errno -masm-verbose -mconstructor-aliases -munwind-tables
> -target-cpu x86-64 -momit-leaf-frame-pointer -resource-dir
> /home/ekozgbo/work/dev/llvm-3.2/build/bin/../lib/clang/3.2
> -fmodule-cache-path /var/tmp/clang-module-cache -internal-isystem
> /usr/lib64/gcc/x86_64-suse-linux/4.3/../../../../include/c++/4.3
> -internal-isystem
> /usr/lib64/gcc/x86_64-suse-linux/4.3/../../../../include/c++/4.3/x86_64-suse-linux
> -internal-isystem
> /usr/lib64/gcc/x86_64-suse-linux/4.3/../../../../include/c++/4.3/backward
> -internal-isystem /usr/local/include -internal-isystem
> /home/ekozgbo/work/dev/llvm-3.2/build/bin/../lib/clang/3.2/include
> -internal-externc-isystem /include -internal-externc-isystem /usr/include
> -std=c++11 -fdeprecated-macro -fdebug-compilation-dir
> /home/ekozgbo/work/dev/test -ferror-limit 19 -fmessage-length 237
> -mstackrealign -fobjc-runtime=gcc -fcxx-exceptions -fexceptions
> -fdiagnostics-show-option -fcolor-diagnostics -analyze
> -analyzer-checker=mychecker -o /tmp/t2-lNeYsr.o -x c++ testfile.cpp
> 1.    <eof> parser at end of file
> 2.    testfile.cpp:32:2: Error evaluating statement
> 3.    testfile.cpp:32:2: Error evaluating statement
> clang-3: error: unable to execute command: Segmentation fault
> clang-3: error: clang frontend command failed due to signal (use -v to see
> invocation)
> clang version 3.2 (tags/RELEASE_32/final 180012)
> Target: x86_64-unknown-linux-gnu
> Thread model: posix
> clang-3: note: diagnostic msg: PLEASE submit a bug report to
> http://llvm.org/bugs/ and include the crash backtrace, preprocessed
> source, and associated run script.
> clang-3: error: unable to execute command: Segmentation fault
> clang-3: note: diagnostic msg: Error generating preprocessed source(s).
>
> I'm fairly certain the issue is in my checker code, but I have no idea how
> to debug it. Clang seems to handle the segfault on its own, so I can't
> really do much with gdb.
> So how can I debug this issue? (Apart from the llvm::errs() or std::cout
> solution.)
>
> The only changes I made to clang 3.2 is that I compile it with C++11, and
> of course I added two custom checkers. Oh and I'm also linking the static
> analyzer with libASTMatchers. So far I haven't had any issues, although the
> previous checker was much simpler.
>
> Any help would be greatly appreciated.
>
> Gabor
>
>
>
> Regards
>
> Senthil Kumar
>
>
>
> <201304291837621_QKNMBDIF.gif>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20130430/896fbdeb/attachment.html>

More information about the cfe-dev mailing list