[llvm-bugs] [Bug 38371] New: Crash for alpha.cplusplus.IteratorRange (regression)

via llvm-bugs llvm-bugs at lists.llvm.org
Mon Jul 30 08:52:44 PDT 2018 

https://bugs.llvm.org/show_bug.cgi?id=38371

            Bug ID: 38371
           Summary: Crash for alpha.cplusplus.IteratorRange (regression)
           Product: clang
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: -New Bugs
          Assignee: unassignedclangbugs at nondot.org
          Reporter: abramo.bagnara at bugseng.com
                CC: llvm-bugs at lists.llvm.org

Using svn 338230:

$ cat p.cc
class iterator {
  int current;
  void operator*();
  void operator++();
  void operator++(int);
};
bool operator!=(iterator, iterator);

struct s {
  iterator begin();
  iterator end();
};
void f(s l) {
  iterator i = l.begin();
  iterator e = l.end();
  for (; i != e;)
    ;
}
$ ~/llvm-build/bin/clang -cc1 -triple x86_64-pc-linux-gnu -analyze
-analyzer-checker=alpha.cplusplus.IteratorRange p.cc
Stack dump:
0.      Program arguments: /home/abramo/llvm-build/bin/clang -cc1 -triple
x86_64-pc-linux-gnu -analyze -analyzer-checker=alpha.cplusplus.IteratorRange
p.cc 
1.      <eof> parser at end of file
2.      While analyzing stack: 
        #0 Calling f
3.      p.cc:16:10: Error evaluating branch
#0 0x000055655a94021a llvm::sys::PrintStackTrace(llvm::raw_ostream&)
(/home/abramo/llvm-build/bin/clang+0x212c21a)
#1 0x000055655a93e794 llvm::sys::RunSignalHandlers()
(/home/abramo/llvm-build/bin/clang+0x212a794)
#2 0x000055655a93e8d2 SignalHandler(int)
(/home/abramo/llvm-build/bin/clang+0x212a8d2)
#3 0x00007fad004e1890 __restore_rt
(/lib/x86_64-linux-gnu/libpthread.so.0+0x12890)
#4 0x000055655b92f8aa
assumeNoOverflow(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>,
clang::ento::SymExpr const*, long)
(/home/abramo/llvm-build/bin/clang+0x311b8aa)
#5 0x000055655b9366df (anonymous
namespace)::processComparison(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState
const>, llvm::PointerUnion<clang::ento::MemRegion const*, clang::ento::SymExpr
const*>, llvm::PointerUnion<clang::ento::MemRegion const*, clang::ento::SymExpr
const*>, bool) (/home/abramo/llvm-build/bin/clang+0x31226df)
#6 0x000055655b936f22 llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>
clang::ento::eval::Assume::_evalAssume<(anonymous
namespace)::IteratorChecker>(void*,
llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>, clang::ento::SVal
const&, bool) (/home/abramo/llvm-build/bin/clang+0x3122f22)
#7 0x000055655bb9fa38
clang::ento::CheckerManager::runCheckersForEvalAssume(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState
const>, clang::ento::SVal, bool) (/home/abramo/llvm-build/bin/clang+0x338ba38)
#8 0x000055655bbd0b11
clang::ento::ExprEngine::processAssume(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState
const>, clang::ento::SVal, bool) (/home/abramo/llvm-build/bin/clang+0x33bcb11)
#9 0x000055655bc75e2b
clang::ento::SimpleConstraintManager::assume(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState
const>, clang::ento::NonLoc, bool)
(/home/abramo/llvm-build/bin/clang+0x3461e2b)
#10 0x000055655bc75ef6
clang::ento::SimpleConstraintManager::assume(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState
const>, clang::ento::DefinedSVal, bool)
(/home/abramo/llvm-build/bin/clang+0x3461ef6)
#11 0x000055655bbd0ffa
clang::ento::ProgramState::assume(clang::ento::DefinedOrUnknownSVal) const
(.isra.310) (/home/abramo/llvm-build/bin/clang+0x33bcffa)
#12 0x000055655bbd953b clang::ento::ExprEngine::processBranch(clang::Stmt
const*, clang::Stmt const*, clang::ento::NodeBuilderContext&,
clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&, clang::CFGBlock
const*, clang::CFGBlock const*) (/home/abramo/llvm-build/bin/clang+0x33c553b)
#13 0x000055655bbb2341 clang::ento::CoreEngine::HandleBranch(clang::Stmt
const*, clang::Stmt const*, clang::CFGBlock const*, clang::ento::ExplodedNode*)
(/home/abramo/llvm-build/bin/clang+0x339e341)
#14 0x000055655bbb2dbd clang::ento::CoreEngine::HandleBlockExit(clang::CFGBlock
const*, clang::ento::ExplodedNode*)
(/home/abramo/llvm-build/bin/clang+0x339edbd)
#15 0x000055655bbb30f8 clang::ento::CoreEngine::HandlePostStmt(clang::CFGBlock
const*, unsigned int, clang::ento::ExplodedNode*)
(/home/abramo/llvm-build/bin/clang+0x339f0f8)
#16 0x000055655bbb6dec
clang::ento::CoreEngine::dispatchWorkItem(clang::ento::ExplodedNode*,
clang::ProgramPoint, clang::ento::WorkListUnit const&)
(/home/abramo/llvm-build/bin/clang+0x33a2dec)
#17 0x000055655bbb6fdb
clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*,
unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>)
(/home/abramo/llvm-build/bin/clang+0x33a2fdb)
#18 0x000055655b860ffc (anonymous
namespace)::AnalysisConsumer::ActionExprEngine(clang::Decl*, bool,
clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*,
llvm::DenseMapInfo<clang::Decl const*> >*) (.part.3767)
(/home/abramo/llvm-build/bin/clang+0x304cffc)
#19 0x000055655b861a8a (anonymous
namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int,
clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*,
llvm::DenseMapInfo<clang::Decl const*> >*)
(/home/abramo/llvm-build/bin/clang+0x304da8a)
#20 0x000055655b87d090 (anonymous
namespace)::AnalysisConsumer::runAnalysisOnTranslationUnit(clang::ASTContext&)
(/home/abramo/llvm-build/bin/clang+0x3069090)
#21 0x000055655b87e3b3 (anonymous
namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&)
(/home/abramo/llvm-build/bin/clang+0x306a3b3)
#22 0x000055655bcbea59 clang::ParseAST(clang::Sema&, bool, bool)
(/home/abramo/llvm-build/bin/clang+0x34aaa59)
#23 0x000055655afb10c6 clang::FrontendAction::Execute()
(/home/abramo/llvm-build/bin/clang+0x279d0c6)
#24 0x000055655af76e2c
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
(/home/abramo/llvm-build/bin/clang+0x2762e2c)
#25 0x000055655b06c3eb
clang::ExecuteCompilerInvocation(clang::CompilerInstance*)
(/home/abramo/llvm-build/bin/clang+0x28583eb)
#26 0x00005565591b8b48 cc1_main(llvm::ArrayRef<char const*>, char const*,
void*) (/home/abramo/llvm-build/bin/clang+0x9a4b48)
#27 0x00005565591251b9 main (/home/abramo/llvm-build/bin/clang+0x9111b9)
#28 0x00007facff38db97 __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21b97)
#29 0x00005565591b5e3a _start (/home/abramo/llvm-build/bin/clang+0x9a1e3a)


With a different build I've obtained the following failed assertion:

tools/clang/lib/StaticAnalyzer/Checkers/IteratorChecker.cpp:1181:
clang::ento::ProgramStateRef
{anonymous}::relateIteratorPositions(clang::ento::ProgramStateRef, const
{anonymous}::IteratorPosition&, const {anonymous}::IteratorPosition&, bool):
Assertion failed: isa<SymIntExpr>(CompSym) && "Symbol comparison must be a
`SymIntExpr`"

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20180730/efc64a53/attachment.html>

More information about the llvm-bugs mailing list