https://llvm.org/bugs/show_bug.cgi?id=25414
Bug ID: 25414
Summary: Assertion failed `!RegionType.isNull() &&
"DynamicTypeInfo should always be a pointer."'
Product: clang
Version: trunk
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P
Component: Static Analyzer
Assignee: kremenek at apple.com
Reporter: alexfh at google.com
CC: llvm-bugs at lists.llvm.org
Classification: Unclassified
Static analyzer crashes on a number of translation units in our code base.
Reduced test case:
$ cat sa3.cc
struct x0 {
void x1() { x2(); }
virtual int x2();
};
class x3 {
public:
class x4 {
public:
x4(int *, int, x0 *x5) : x6(x5) {}
x0 *x7() { return x6; }
x0 *x6;
};
};
namespace x8 {
namespace x9 {
template <typename x10> void x11(const x10 &, int *);
template <typename x10> class x12 {
public:
static void x13(x10 x14, int *x15) { x16(x14, x15); }
};
class x17 {
public:
static void x18(x3::x4 x14) {
int x19;
x11(x14, &x19);
}
};
template <typename x10> void x11(const x10 &x14, int *x15) {
x12<x10>::x13(x14, x15);
}
}
void x20(x3::x4 x14) { x9::x17::x18(x14); }
template <typename> class x21 {};
template <typename, typename x22> x21<int> x23(x22 x14) { return x14; }
namespace x9 {
template <typename x22> class x24 {
public:
template <typename x10> void operator()(char *, x10) { x23<x10>(x25); }
x22 x25;
};
template <typename x22> x24<x22> x26(x22);
}
}
using x8::x20;
template <typename x27, typename x28> class x29 {
public:
class x30 {
public:
x30(x27, int, x28) { x31(false); }
x27 x32;
int x33;
x28 x34;
void x31(bool) { x20(x3::x4(x32, x33, x34)); }
};
template <typename x35> operator x8::x21<x35>() { x30(x32, x33, x34); }
x27 x32;
int x33;
x28 x34;
};
template <typename x27, typename x36, typename x28>
x29<x27, x28> x37(x27, x36, x28);
void x16(x3::x4 x14, int *) { x14.x7()->x1(); }
void x38() {
x3 x39;
int *x40;
x8::x9::x26(x37(x40, 1, nullptr))("", x39);
}
$ clang-tidy -checks=-*,clang-analyzer*,-clang-analyzer-alpha* sa3.cc --
-std=c++11
clang-tidy: llvm/tools/clang/lib/StaticAnalyzer/Core/CallEvent.cpp:482: virtual
clang::ento::RuntimeDefinition
clang::ento::CXXInstanceCall::getRuntimeDefinition() const: Assertion
`!RegionType.isNull() && "DynamicTypeInfo should always be a pointer."' failed.
Aborted (core dumped)
Here's the stack trace:
PC: @ 0x13892e6 (unknown)
clang::ento::CXXInstanceCall::getRuntimeDefinition()
@ 0x19f930d 928 FailureSignalHandler()
@ 0x7f1136987390 1520 __restore_rt
@ 0x1389678 32
clang::ento::CXXMemberCall::getRuntimeDefinition()
@ 0x13b3374 144 clang::ento::ExprEngine::defaultEvalCall()
@ 0x13a4abd 352
clang::ento::CheckerManager::runCheckersForEvalCall()
@ 0x13b25aa 368 clang::ento::ExprEngine::evalCall()
@ 0x13b2297 384 clang::ento::ExprEngine::VisitCallExpr()
@ 0x1391138 1248 clang::ento::ExprEngine::Visit()
@ 0x138d877 400 clang::ento::ExprEngine::ProcessStmt()
@ 0x138d50c 96
clang::ento::ExprEngine::processCFGElement()
@ 0x139e89e 160
clang::ento::CoreEngine::dispatchWorkItem()
@ 0x139e49a 192 clang::ento::CoreEngine::ExecuteWorkList()
@ 0xb45452 1120 (anonymous
namespace)::AnalysisConsumer::ActionExprEngine()
@ 0xb44f61 288 (anonymous
namespace)::AnalysisConsumer::HandleCode()
@ 0xb38274 480 (anonymous
namespace)::AnalysisConsumer::HandleTranslationUnit()
@ 0xd3b24c 48
clang::MultiplexConsumer::HandleTranslationUnit()
@ 0xe43f82 144 clang::ParseAST()
@ 0xd3eeff 48 clang::FrontendAction::Execute()
@ 0xc7e282 96 clang::CompilerInstance::ExecuteAction()
@ 0xc36da5 352
clang::tooling::FrontendActionFactory::runInvocation()
@ 0xc36bee 64
clang::tooling::ToolInvocation::runInvocation()
@ 0xc366fa 1440 clang::tooling::ToolInvocation::run()
@ 0xc37c9a 1040 clang::tooling::ClangTool::run()
@ 0xa1a355 1952 clang::tidy::runClangTidy()
@ 0x435aa0 1344 main
@ 0x7f11363dace8 208 __libc_start_main
@ 0x434a69 (unknown) _start
Segmentation fault (core dumped)
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20151105/88a70348/attachment.html>