[LLVMbugs] [Bug 18227] New: Assertion failure in ResolveCondition with cfg-temporary-dtors=true
bugzilla-daemon at llvm.org
bugzilla-daemon at llvm.org
Thu Dec 12 05:59:42 PST 2013
http://llvm.org/bugs/show_bug.cgi?id=18227
Bug ID: 18227
Summary: Assertion failure in ResolveCondition with
cfg-temporary-dtors=true
Product: clang
Version: trunk
Hardware: PC
OS: All
Status: NEW
Severity: normal
Priority: P
Component: Static Analyzer
Assignee: kremenek at apple.com
Reporter: dconnelly at google.com
CC: llvmbugs at cs.uiuc.edu
Classification: Unclassified
Created attachment 11715
--> http://llvm.org/bugs/attachment.cgi?id=11715&action=edit
Stack trace
Testing against r197139 on both Linux and Mac. As noted in the summary, the
assertion only fails with cfg-temporary-dtors=true.
A small crashing input is below. I can only reproduce the crash under the
following restrictions on the input:
- The condition of the ternary operator must have the form "(x R y) S (z T w)"
for any x,y,z,w of any type, but R,S,T must each be '&&' or '||'. It is not
required that R,S,T all be the same.
- A().a() can be either the if-value or the else-value or both of the ternary
operator. All three crash.
- The A::a member function must be called on the temporary A instance; A()
alone doesn't crash.
- The destructor A::~A must be explicitly defined. Using the auto-generated
destructor won't crash.
===============================================
Preprocessed source
===============================================
# 1 "<built-in>" 1
# 1 "main.cc" 1
struct A {
~A() {}
void a() {}
};
int main() {
(false && false) && (false && false) ? (void)0 : A().a();
}
===============================================
Invocation
===============================================
clang++ --analyze -Xclang -analyzer-config -Xclang cfg-temporary-dtors=true
main.cc
===============================================
Dumped invocation
===============================================
"/media/gallia/analyzer/build/Debug+Asserts/bin/clang" -cc1 -triple
x86_64-unknown-linux-gnu -analyze -disable-free -main-file-name main.cc
-analyzer-store=region -analyzer-opt-analyze-nested-blocks
-analyzer-eagerly-assume -analyzer-checker=core -analyzer-checker=unix
-analyzer-checker=deadcode -analyzer-checker=cplusplus
-analyzer-checker=security.insecureAPI.UncheckedReturn
-analyzer-checker=security.insecureAPI.getpw
-analyzer-checker=security.insecureAPI.gets
-analyzer-checker=security.insecureAPI.mktemp
-analyzer-checker=security.insecureAPI.mkstemp
-analyzer-checker=security.insecureAPI.vfork -analyzer-output plist -w
-mrelocation-model static -mdisable-fp-elim -fmath-errno -masm-verbose
-mconstructor-aliases -munwind-tables -target-cpu x86-64 -target-linker-version
2.22 -fdeprecated-macro -ferror-limit 19 -fmessage-length 318 -mstackrealign
-fobjc-runtime=gcc -fcxx-exceptions -fexceptions -fdiagnostics-show-option
-fcolor-diagnostics -vectorize-slp -analyzer-config cfg-temporary-dtors=true -x
c++ main-77ac9d.cpp
===============================================
Stack trace
===============================================
Attached.
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20131212/b63d91ad/attachment.html>
More information about the llvm-bugs
mailing list