[llvm-bugs] [Bug 34943] New: LoopUnrolling: APInts don't tolerate type mismatch.
via llvm-bugs
llvm-bugs at lists.llvm.org
Fri Oct 13 16:15:12 PDT 2017
https://bugs.llvm.org/show_bug.cgi?id=34943
Bug ID: 34943
Summary: LoopUnrolling: APInts don't tolerate type mismatch.
Product: clang
Version: trunk
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P
Component: Static Analyzer
Assignee: dcoughlin at apple.com
Reporter: noqnoqneo at gmail.com
CC: llvm-bugs at lists.llvm.org
When i was looking into enabling LoopUnrolling by default, i found exactly one
crash on quite a lot of code. It can be reproduced on the following code:
int casts() {
for (int i = 0; i < 6L; ++i) {
clang_analyzer_numTimesReached();
}
}
The crash occurs because shouldCompletelyUnroll() tries to compute (BoundNum -
InitNum) which are of different bit width. APInt/APSInt things don't tolerate
bit width or signedness mismatch and need to be casted manually. There can
probably be more cases that crash.
It may also be worth it to look at how consistently do our matchers remove (or
avoid removing) implicit casts surrounding matched expressions. As far as I
understand, the following case:
int casts() {
for (short i = 0; i < 6; ++i) {
clang_analyzer_numTimesReached();
}
}
...doesn't cause a crash because it isn't unrolled because the implicit cast in
the loop condition prevents the matcher from treating the loop as trivial; i
didn't try to figure out if it's really non-trivial or just accidentally
omitted.
Peter, do you think you'd be able to look into this?
Here's the complete backtrace of the crash:
Assertion failed: (BitWidth == RHS.BitWidth && "Bit widths must be the same"),
function operator-=, file /Users/adergachev/stash/llvm/lib/Support/APInt.cpp,
line 215.
0 clang 0x000000010f7be9fc
llvm::sys::PrintStackTrace(llvm::raw_ostream&) + 60
1 clang 0x000000010f7beff9
PrintStackTraceSignalHandler(void*) + 25
2 clang 0x000000010f7baa09 llvm::sys::RunSignalHandlers() +
425
3 clang 0x000000010f7bf382 SignalHandler(int) + 354
4 libsystem_platform.dylib 0x00007fff9c383b3a _sigtramp + 26
5 libsystem_platform.dylib 0x00007fff53325638 _sigtramp + 3069844248
6 libsystem_c.dylib 0x00007fff9c208420 abort + 129
7 libsystem_c.dylib 0x00007fff9c1cf893 basename_r + 0
8 clang 0x000000010f637fca
llvm::APInt::operator-=(llvm::APInt const&) + 106
9 clang 0x000000010cadaeca llvm::operator-(llvm::APInt,
llvm::APInt const&) + 42
10 clang 0x00000001137d65b9
clang::ento::shouldCompletelyUnroll(clang::Stmt const*, clang::ASTContext&,
clang::ento::ExplodedNode*, unsigned int&) + 2073
11 clang 0x00000001137d7d98
clang::ento::updateLoopStack(clang::Stmt const*, clang::ASTContext&,
clang::ento::ExplodedNode*, unsigned int) + 552
12 clang 0x000000011378ef0c
clang::ento::ExprEngine::processCFGBlockEntrance(clang::BlockEdge const&,
clang::ento::NodeBuilderWithSinks&, clang::ento::ExplodedNode*) + 284
13 clang 0x0000000113763eb0
clang::ento::CoreEngine::HandleBlockEdge(clang::BlockEdge const&,
clang::ento::ExplodedNode*) + 896
14 clang 0x000000011376369f
clang::ento::CoreEngine::dispatchWorkItem(clang::ento::ExplodedNode*,
clang::ProgramPoint, clang::ento::WorkListUnit const&) + 175
15 clang 0x0000000113763069
clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*,
unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>) + 1801
16 clang 0x0000000111e21565
clang::ento::ExprEngine::ExecuteWorkList(clang::LocationContext const*,
unsigned int) + 85
17 clang 0x0000000111e20cb9 (anonymous
namespace)::AnalysisConsumer::ActionExprEngine(clang::Decl*, bool,
clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*,
llvm::DenseMapInfo<clang::Decl const*> >*) + 1481
18 clang 0x0000000111e20671 (anonymous
namespace)::AnalysisConsumer::RunPathSensitiveChecks(clang::Decl*,
clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*,
llvm::DenseMapInfo<clang::Decl const*> >*) + 161
19 clang 0x0000000111e2021a (anonymous
namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int,
clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*,
llvm::DenseMapInfo<clang::Decl const*> >*) + 698
20 clang 0x0000000111e11a38 (anonymous
namespace)::AnalysisConsumer::HandleDeclsCallGraph(unsigned int) + 904
21 clang 0x0000000111e08b44 (anonymous
namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&) + 820
22 clang 0x0000000111f01dc9 clang::ParseAST(clang::Sema&,
bool, bool) + 1241
23 clang 0x000000011075ed45
clang::ASTFrontendAction::ExecuteAction() + 485
24 clang 0x000000011075dca0 clang::FrontendAction::Execute()
+ 112
25 clang 0x00000001106740bd
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) + 2285
26 clang 0x000000011081111c
clang::ExecuteCompilerInvocation(clang::CompilerInstance*) + 5836
27 clang 0x000000010c8ea624 cc1_main(llvm::ArrayRef<char
const*>, char const*, void*) + 4900
28 clang 0x000000010c8d95fe
ExecuteCC1Tool(llvm::ArrayRef<char const*>, llvm::StringRef) + 622
29 clang 0x000000010c8d6520 main + 4784
30 libdyld.dylib 0x00007fff9c174235 start + 1
Stack dump:
0. Program arguments: /Users/adergachev/stash/debug/./bin/clang -cc1
-internal-isystem /Volumes/Data/stash/debug/lib/clang/5.0.1/include
-nostdsysteminc -analyze -analyzer-constraints=range
-analyzer-checker=core,debug.ExprInspection -analyzer-config
unroll-loops=true,cfg-loopexit=true -verify -std=c++11
/Volumes/Data/stash/llvm/tools/clang/test/Analysis/loop-unrolling.cpp
1. <eof> parser at end of file
2. While analyzing stack:
#0 int casts()
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20171013/464dd2b7/attachment.html>
More information about the llvm-bugs
mailing list