[llvm-bugs] [Bug 38668] New: Regression introduced by r326520

via llvm-bugs llvm-bugs at lists.llvm.org
Wed Aug 22 04:15:37 PDT 2018 

https://bugs.llvm.org/show_bug.cgi?id=38668

            Bug ID: 38668
           Summary: Regression introduced by r326520
           Product: clang
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: Static Analyzer
          Assignee: dcoughlin at apple.com
          Reporter: abramo.bagnara at bugseng.com
                CC: llvm-bugs at lists.llvm.org

Many tests where there is an invocation of function with wrong argument leads
to crash after this commit:

commit 5d3eb81ee5b6730fb1cd18b240907822932b838b
Author: George Karpenkov <ekarpenkov at apple.com>
Date:   Fri Mar 2 00:55:59 2018 +0000

    [analyzer] Prevent crashing in NonNullParamChecker

    https://bugs.llvm.org/show_bug.cgi?id=36381
    rdar://37543426

    Turns out, the type passed for the lambda capture was incorrect.
    One more argument to abandon the getSVal overload which does not require
the
    type information.

    Differential Revision: https://reviews.llvm.org/D43925

    git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@326520
91177308-0d34
-0410-b5e6-96231b3b80d8


$ cat bug.c
float a;
char b(int *d) {
  *d += 1;
  return *d;
}
e() {
  char (*f)() = b;
  f(&a);
}
$ ~/llvm-build/bin/clang -cc1 -triple x86_64-pc-linux-gnu -analyze
-analyzer-checker=core bug.c
bug.c:6:1: warning: type specifier missing, defaults to 'int'
e() {
^
bug.c:9:1: warning: control reaches end of non-void function
}
^
clang:
/home/abramo/llvm/tools/clang/include/clang/StaticAnalyzer/Core/PathSensitive/BasicValueFactory.h:143:
clang::ento::APSIntType
clang::ento::BasicValueFactory::getAPSIntType(clang::QualType) const: Assertion
`T->isIntegralOrEnumerationType() || Loc::isLocType(T)' failed.
Stack dump:
0.      Program arguments: /home/abramo/llvm-build/bin/clang -cc1 -triple
x86_64-pc-linux-gnu -analyze -analyzer-checker=core bug.c 
1.      <eof> parser at end of file
2.      While analyzing stack: 
        #0 Calling b at line 8
        #1 Calling e
3.      bug.c:4:10: Error evaluating statement
4.      bug.c:4:10: Error evaluating statement
#0 0x00005579700b66ba llvm::sys::PrintStackTrace(llvm::raw_ostream&)
(/home/abramo/llvm-build/bin/clang+0x26596ba)
#1 0x00005579700b4ae4 llvm::sys::RunSignalHandlers()
(/home/abramo/llvm-build/bin/clang+0x2657ae4)
#2 0x00005579700b4c22 SignalHandler(int)
(/home/abramo/llvm-build/bin/clang+0x2657c22)
#3 0x00007f932e4a9890 __restore_rt
(/lib/x86_64-linux-gnu/libpthread.so.0+0x12890)
#4 0x00007f932d372e97 gsignal (/lib/x86_64-linux-gnu/libc.so.6+0x3ee97)
#5 0x00007f932d374801 abort (/lib/x86_64-linux-gnu/libc.so.6+0x40801)
#6 0x00007f932d36439a (/lib/x86_64-linux-gnu/libc.so.6+0x3039a)
#7 0x00007f932d364412 (/lib/x86_64-linux-gnu/libc.so.6+0x30412)
#8 0x000055797128bb20 clang::ento::BasicValueFactory::getTruthValue(bool,
clang::QualType) (/home/abramo/llvm-build/bin/clang+0x382eb20)
#9 0x000055797128ce1f (anonymous
namespace)::SimpleSValBuilder::MakeSymIntVal(clang::ento::SymExpr const*,
clang::BinaryOperatorKind, llvm::APSInt const&, clang::QualType)
(/home/abramo/llvm-build/bin/clang+0x382fe1f)
#10 0x000055797128e996 (anonymous
namespace)::SimpleSValBuilder::evalBinOpNN(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState
const>, clang::BinaryOperatorKind, clang::ento::NonLoc, clang::ento::NonLoc,
clang::QualType) (/home/abramo/llvm-build/bin/clang+0x3831996)
#11 0x0000557971284955
clang::ento::SValBuilder::evalIntegralCast(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState
const>, clang::ento::SVal, clang::QualType, clang::QualType)
(/home/abramo/llvm-build/bin/clang+0x3827955)
#12 0x00005579711f9990 clang::ento::ExprEngine::VisitCast(clang::CastExpr
const*, clang::Expr const*, clang::ento::ExplodedNode*,
clang::ento::ExplodedNodeSet&) (/home/abramo/llvm-build/bin/clang+0x379c990)
#13 0x00005579711f0c4d clang::ento::ExprEngine::Visit(clang::Stmt const*,
clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&)
(/home/abramo/llvm-build/bin/clang+0x3793c4d)
#14 0x00005579711f17d4 clang::ento::ExprEngine::ProcessStmt(clang::Stmt const*,
clang::ento::ExplodedNode*) (/home/abramo/llvm-build/bin/clang+0x37947d4)
#15 0x00005579711f19c2
clang::ento::ExprEngine::processCFGElement(clang::CFGElement,
clang::ento::ExplodedNode*, unsigned int, clang::ento::NodeBuilderContext*)
(/home/abramo/llvm-build/bin/clang+0x37949c2)
#16 0x00005579711c4c5b clang::ento::CoreEngine::HandlePostStmt(clang::CFGBlock
const*, unsigned int, clang::ento::ExplodedNode*)
(/home/abramo/llvm-build/bin/clang+0x3767c5b)
#17 0x00005579711c4ec7
clang::ento::CoreEngine::dispatchWorkItem(clang::ento::ExplodedNode*,
clang::ProgramPoint, clang::ento::WorkListUnit const&)
(/home/abramo/llvm-build/bin/clang+0x3767ec7)
#18 0x00005579711c5164
clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*,
unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>)
(/home/abramo/llvm-build/bin/clang+0x3768164)
#19 0x0000557970efa64c (anonymous
namespace)::AnalysisConsumer::ActionExprEngine(clang::Decl*, bool,
clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*,
llvm::DenseMapInfo<clang::Decl const*> >*) (.part.4872)
(/home/abramo/llvm-build/bin/clang+0x349d64c)
#20 0x0000557970efae92 (anonymous
namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int,
clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*,
llvm::DenseMapInfo<clang::Decl const*> >*)
(/home/abramo/llvm-build/bin/clang+0x349de92)
#21 0x0000557970f07288 (anonymous
namespace)::AnalysisConsumer::runAnalysisOnTranslationUnit(clang::ASTContext&)
(/home/abramo/llvm-build/bin/clang+0x34aa288)
#22 0x0000557970f07fdb (anonymous
namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&)
(/home/abramo/llvm-build/bin/clang+0x34aafdb)
#23 0x00005579712d1c29 clang::ParseAST(clang::Sema&, bool, bool)
(/home/abramo/llvm-build/bin/clang+0x3874c29)
#24 0x000055797072dc7e clang::FrontendAction::Execute()
(/home/abramo/llvm-build/bin/clang+0x2cd0c7e)
#25 0x00005579706f2cae
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
(/home/abramo/llvm-build/bin/clang+0x2c95cae)
#26 0x00005579707d15eb
clang::ExecuteCompilerInvocation(clang::CompilerInstance*)
(/home/abramo/llvm-build/bin/clang+0x2d745eb)
#27 0x000055796e722b28 cc1_main(llvm::ArrayRef<char const*>, char const*,
void*) (/home/abramo/llvm-build/bin/clang+0xcc5b28)
#28 0x000055796e6969f0 main (/home/abramo/llvm-build/bin/clang+0xc399f0)
#29 0x00007f932d355b97 __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21b97)
#30 0x000055796e71e68a _start (/home/abramo/llvm-build/bin/clang+0xcc168a)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20180822/25491bf0/attachment-0001.html>

More information about the llvm-bugs mailing list