[llvm-bugs] [Bug 37646] New: Another Z3 constraint manager crash

[via llvm-bugs]

https://bugs.llvm.org/show_bug.cgi?id=37646

            Bug ID: 37646
           Summary: Another Z3 constraint manager crash
           Product: clang
           Version: trunk
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P
         Component: Static Analyzer
          Assignee: dcoughlin at apple.com
          Reporter: vlad at tsyrklevich.net
                CC: d.c.ddcc at gmail.com, llvm-bugs at lists.llvm.org

creduce'd input:
_Bool b;
c() {
  _Bool a = b | 0;
  for (;;)
    if (a)
      ;
}

Crashes with: clang -cc1 -triple x86_64-unknown-linux-gnu -analyze
-analyzer-eagerly-assume -analyzer-constraints=z3 -analyzer-checker core test.c

Hits the same assertion as PR37622:
clang-7: llvm/tools/clang/include/clang/AST/Type.h:670: const
clang::ExtQualsTypeCommonBase* clang::QualType::getCommonPtr() const: Assertion
`!isNull() && "Cannot retrieve a NULL type pointer"' failed.

This hits an exception with the expression: (reg_$0<_Bool b>) != 0

Stack trace:
- clang::ASTContext::getTypeSize(clang::QualType) const
llvm/tools/clang/include/clang/AST/ASTContext.h:2026:0
- doIntTypeConversion<llvm::APSInt, (anonymous
namespace)::Z3ConstraintManager::castAPSInt>
llvm/tools/clang/lib/StaticAnalyzer/Core/Z3ConstraintManager.cpp:1498:0
- (anonymous
namespace)::Z3ConstraintManager::getSymVal(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState
const>, clang::ento::SymExpr const*) const
llvm/tools/clang/lib/StaticAnalyzer/Core/Z3ConstraintManager.cpp:1223:0

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20180601/1f1183e5/attachment.html>