[LLVMbugs] [Bug 24184] New: BugReporter.cpp:2869: {anonymous}::TrimmedGraph::TrimmedGraph(const clang::ento::ExplodedGraph*, llvm::ArrayRef<const clang::ento::ExplodedNode*>): Assertion `!RemainingNodes.empty() && "No error node found in the trimmed graph"' failed.

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Sun Jul 19 14:05:28 PDT 2015 

https://llvm.org/bugs/show_bug.cgi?id=24184

            Bug ID: 24184
           Summary: BugReporter.cpp:2869:
                    {anonymous}::TrimmedGraph::TrimmedGraph(const
                    clang::ento::ExplodedGraph*, llvm::ArrayRef<const
                    clang::ento::ExplodedNode*>): Assertion
                    `!RemainingNodes.empty() && "No error node found in
                    the trimmed graph"' failed.
           Product: clang
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: Static Analyzer
          Assignee: kremenek at apple.com
          Reporter: dimhen at gmail.com
                CC: llvmbugs at cs.uiuc.edu
    Classification: Unclassified

$ /usr/local/llvm/bin/clang++ --version
clang version 3.8.0 (trunk 242641)
Target: x86_64-unknown-linux-gnu
Thread model: posix


$ /usr/local/llvm/bin/clang++ -cc1 -analyze -analyzer-eagerly-assume
-fcxx-exceptions -analyzer-checker=core
-analyzer-checker=alpha.core.PointerArithm -analyzer-max-loop 64 x.ii
[...skip warnings...]
clang++:
/home/dimhen/src/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporter.cpp:2869:
{anonymous}::TrimmedGraph::TrimmedGraph(const clang::ento::ExplodedGraph*,
llvm::ArrayRef<const clang::ento::ExplodedNode*>): Assertion
`!RemainingNodes.empty() && "No error node found in the trimmed graph"' failed.
0  clang++         0x0000000002398915
llvm::sys::PrintStackTrace(llvm::raw_ostream&) + 37
1  clang++         0x0000000002397481
2  libpthread.so.0 0x0000003469010430
3  libc.so.6       0x0000003468c349c8 gsignal + 56
4  libc.so.6       0x0000003468c3665a abort + 362
5  libc.so.6       0x0000003468c2d187
6  libc.so.6       0x0000003468c2d232
7  clang++         0x0000000001193153
8  clang++         0x0000000001199ee1
clang::ento::GRBugReporter::generatePathDiagnostic(clang::ento::PathDiagnostic&,
clang::ento::PathDiagnosticConsumer&, llvm::ArrayRef<clang::ento::BugReport*>&)
+ 545
9  clang++         0x000000000119cf35
clang::ento::BugReporter::FlushReport(clang::ento::BugReport*,
clang::ento::PathDiagnosticConsumer&, llvm::ArrayRef<clang::ento::BugReport*>)
+ 1445
10 clang++         0x000000000119d275
clang::ento::BugReporter::FlushReport(clang::ento::BugReportEquivClass&) + 277
11 clang++         0x000000000119eea7 clang::ento::BugReporter::FlushReports()
+ 3943
12 clang++         0x0000000001037011
13 clang++         0x00000000010377fe
14 clang++         0x000000000103e671
15 clang++         0x0000000000b704a2 clang::ParseAST(clang::Sema&, bool, bool)
+ 754
16 clang++         0x00000000007cbad6 clang::FrontendAction::Execute() + 486
17 clang++         0x00000000007a47c1
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) + 353
18 clang++         0x000000000078a25b
clang::ExecuteCompilerInvocation(clang::CompilerInstance*) + 2107
19 clang++         0x00000000007817c8 cc1_main(llvm::ArrayRef<char const*>,
char const*, void*) + 2104
20 clang++         0x000000000075f339 main + 1321
21 libc.so.6       0x0000003468c20700 __libc_start_main + 240
22 clang++         0x0000000000780749 _start + 41
Stack dump:
0.    Program arguments: /usr/local/llvm/bin/clang++ -cc1 -analyze
-analyzer-eagerly-assume -fcxx-exceptions -analyzer-checker=core
-analyzer-checker=alpha.core.PointerArithm -analyzer-max-loop 64 x.ii 
1.    <eof> parser at end of file


$ cat x.ii
typedef struct {
  int cbData;
  unsigned pbData;
} CRYPT_DATA_BLOB;
typedef enum { DT_NONCE_FIXED } DATA_TYPE;
int a;
typedef int *vcreate_t(int *, DATA_TYPE, int, int);
void fn1(unsigned, unsigned) {
  char b = 0;
  for (; 1; a++, &b + a * 0)
    ;
}

vcreate_t fn2;
struct A {
  CRYPT_DATA_BLOB value;
  int m_fn1() {
    int c;
    value.pbData == 0;
    fn1(0, 0);
  }
};
struct B {
  A IkeHashAlg;
  A IkeGType;
  A NoncePhase1_r;
};
class C {
  int m_fn2(B *);
  void m_fn3(B *, int, int, int);
};
int C::m_fn2(B *p1) {
  int *d;
  int e = p1->IkeHashAlg.m_fn1();
  unsigned f = p1->IkeGType.m_fn1(), h;
  int g;
  d = fn2(0, DT_NONCE_FIXED, (char)0, p1->NoncePhase1_r.value.cbData);
  h = 0 | 0;
  m_fn3(p1, 0, 0, 0);
}

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20150719/c5eb447c/attachment.html>

More information about the llvm-bugs mailing list