[llvm-bugs] [Bug 48588] New: [analyzer] macro expansion causes crash for certain macro expressions

via llvm-bugs llvm-bugs at lists.llvm.org
Wed Dec 23 17:30:20 PST 2020 

https://bugs.llvm.org/show_bug.cgi?id=48588

            Bug ID: 48588
           Summary: [analyzer] macro expansion causes crash for certain
                    macro expressions
           Product: clang
           Version: trunk
          Hardware: PC
                OS: All
            Status: NEW
          Severity: release blocker
          Priority: P
         Component: Static Analyzer
          Assignee: dcoughlin at apple.com
          Reporter: vince.a.bridgers at gmail.com
                CC: dcoughlin at apple.com, llvm-bugs at lists.llvm.org

We came across another macro expansion issue lately, and I think I have this
debugged. 

The simple reproducer is below. The crash is causes is edited for brevity, and
pasted in below. I believe this was introduced by the refactoring change
be0d79f32930fe780dc89ba96dac0ba163f7ec50.

In summary, I think the
"TStream.injectRange(PrevParamMap.at(VariadicParamII));" needs to be guarded by
at least a check for the key present in the map PrevParamMap. I prototyped a
change, LITS pass and the crash is avoided. 

Could someone check my analysis? I'll cross post a Phabricator review for this
issue soon. 


clang -cc1 -std=c++14 -analyzer-checker=core  macro-crash.cpp -analyzer-config
expand-macros=true

const char *traceid(const char *);
int trace(int, const char *, int, ...);
#define TRACE_CALL(tracelevel, ...)  { __VA_ARGS__; }                           

#define TRACE(tracelevel, str, ...) \
  TRACE_CALL((tracelevel), trace((0), traceid("formatstr " str), 0, tracelevel,
__VA_ARGS__))

#define TRACE_WRAPPER TRACE

void funcXXX(
    void* Context_p)
{
  int localvar;
  TRACE_WRAPPER(
          localvar,
          "localvar=%u ",
          0);
}

The crash ... 
    terminate called after throwing an instance of 'std::out_of_range'
      what():  map::at

      #0 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int)
          <base>/llvm/lib/Support/Unix/Signals.inc:563:22
     ...

     #11 std::__throw_out_of_range(char const*)
          <base>/libstdc++-v3/src/c++11/functexcept.cc:82:5
     #12 std::map<clang::IdentifierInfo const*,
            llvm::SmallVector<clang::Token, 2u>,
std::less<clang::IdentifierInfo
            const*>, std::allocator<std::pair<clang::IdentifierInfo const*
const,
            llvm::SmallVector<clang::Token, 2u> > > >::at(clang::IdentifierInfo
            const* const&) const
          <base>/gcc/9.3.0/include/c++/9.3.0/bits/stl_map.h:549:10
     #13 getMacroExpansionInfo((anonymous namespace)::MacroParamMap const&,
            clang::SourceLocation, clang::Preprocessor const&)
          <base>/clang/lib/StaticAnalyzer/Core/PlistDiagnostics.cpp:1242:66
     ...

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20201224/2a3f4e47/attachment.html>

More information about the llvm-bugs mailing list