[llvm-bugs] [Bug 37503] New: Assertion failure in clang::ento::SValBuilder::evalBinOp

via llvm-bugs llvm-bugs at lists.llvm.org
Thu May 17 08:26:55 PDT 2018 

https://bugs.llvm.org/show_bug.cgi?id=37503

            Bug ID: 37503
           Summary: Assertion failure in
                    clang::ento::SValBuilder::evalBinOp
           Product: clang
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: Static Analyzer
          Assignee: dcoughlin at apple.com
          Reporter: alexfh at google.com
                CC: ekarpenkov at apple.com, llvm-bugs at lists.llvm.org,
                    noqnoqneo at gmail.com

$ cat test-SValBuilder__evalBinOp.cc
void strcpy(char *, char *);
class a {
 public:
  static void *b();
};
char c;
char ***f;
void d() {
  *(unsigned char **)f = (unsigned char *)a::b();
  char **e = *f;
  strcpy(*e, &c);
}
$ clang-tidy -checks=-*,clang-analyzer* test-SValBuilder__evalBinOp.cc -- 
assertion failed at clang/lib/StaticAnalyzer/Core/SValBuilder.cpp:427 in
clang::ento::SVal
clang::ento::SValBuilder::evalBinOp(clang::ento::ProgramStateRef,
BinaryOperator::Opcode, clang::ento::SVal, clang::ento::SVal, clang::QualType):
op == BO_Add
    @     0x5646c4981cb6  __assert_fail
    @     0x5646c266903c  clang::ento::SValBuilder::evalBinOp()
    @     0x5646c26691bc  clang::ento::SValBuilder::evalEQ()
    @     0x5646c261bfe5  (anonymous namespace)::CStringChecker::assumeZero()
    @     0x5646c261c1eb  (anonymous namespace)::CStringChecker::checkNonNull()
    @     0x5646c261e9ac  (anonymous
namespace)::CStringChecker::evalStrcpyCommon()
    @     0x5646c261acf2  (anonymous namespace)::CStringChecker::evalStrcpy()
    @     0x5646c2619822  clang::ento::eval::Call::_evalCall<>()
    @     0x5646c26cd24e  clang::ento::CheckerManager::runCheckersForEvalCall()
    @     0x5646c2710683  clang::ento::ExprEngine::evalCall()
    @     0x5646c2710412  clang::ento::ExprEngine::VisitCallExpr()
    @     0x5646c26de913  clang::ento::ExprEngine::Visit()
    @     0x5646c26da68e  clang::ento::ExprEngine::ProcessStmt()
    @     0x5646c26da3ab  clang::ento::ExprEngine::processCFGElement()
    @     0x5646c26fe065  clang::ento::CoreEngine::HandlePostStmt()
    @     0x5646c26fd4bd  clang::ento::CoreEngine::ExecuteWorkList()
    @     0x5646c24330bc  (anonymous
namespace)::AnalysisConsumer::ActionExprEngine()
    @     0x5646c2432c36  (anonymous namespace)::AnalysisConsumer::HandleCode()
    @     0x5646c241e9c4  (anonymous
namespace)::AnalysisConsumer::HandleTranslationUnit()

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20180517/f3a21797/attachment.html>

More information about the llvm-bugs mailing list