[llvm-bugs] [Bug 44998] New: alpha.cplusplus.IteratorModeling checker hits assertion

Sat Feb 22 19:39:35 PST 2020

https://bugs.llvm.org/show_bug.cgi?id=44998

            Bug ID: 44998
           Summary: alpha.cplusplus.IteratorModeling checker hits
                    assertion
           Product: clang
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: Static Analyzer
          Assignee: dcoughlin at apple.com
          Reporter: nicolas.alvarez at gmail.com
                CC: dcoughlin at apple.com, llvm-bugs at lists.llvm.org

The alpha.cplusplus.IteratorModeling checker triggers an assertion in the
following code:

struct List {
  struct iterator {
    int c;
    bool operator!=(iterator);
  };

  iterator constEnd();
  void f() {
    iterator i;
    i != constEnd();
  }
};

$ clang++ -cc1 -analyze -analyzer-checker alpha.cplusplus.IteratorModeling
viewmode.cpp

viewmode.cpp:10:7: warning: inequality comparison result unused
    i != constEnd();
    ~~^~~~~~~~~~~~~
viewmode.cpp:10:7: note: use '|=' to turn this inequality comparison into an
or-assignment
    i != constEnd();
      ^~
      |=
clang++:
../llvm/tools/clang/lib/StaticAnalyzer/Checkers/IteratorModeling.cpp:565:
clang::ento::ProgramStateRef (anonymous
namespace)::relateSymbols(clang::ento::ProgramStateRef, clang::ento::SymbolRef,
clang::ento::SymbolRef, bool): Assertion `isa<SymIntExpr>(CompSym) && "Symbol
comparison must be a `SymIntExpr`"' failed.
Stack dump:
0.      Program arguments: /home/nicolas/src/llvm/build/llvm/bin/clang++ -cc1
-analyze -analyzer-checker alpha.cplusplus.IteratorModeling viewmode.cpp 
1.      <eof> parser at end of file
2.      While analyzing stack: 
        #0 Calling List::f
3.      viewmode.cpp:10:5: Error evaluating statement
4.      viewmode.cpp:10:5: Error evaluating statement
 #0 0x00007f6359388649 llvm::sys::PrintStackTrace(llvm::raw_ostream&)
/home/nicolas/src/llvm/build/../llvm/lib/Support/Unix/Signals.inc:564:11
 #1 0x00007f63593887f9 PrintStackTraceSignalHandler(void*)
/home/nicolas/src/llvm/build/../llvm/lib/Support/Unix/Signals.inc:625:1
 #2 0x00007f6359386f86 llvm::sys::RunSignalHandlers()
/home/nicolas/src/llvm/build/../llvm/lib/Support/Signals.cpp:67:5
 #3 0x00007f6359388f9b SignalHandler(int)
/home/nicolas/src/llvm/build/../llvm/lib/Support/Unix/Signals.inc:406:1
 #4 0x00007f635881a730 __restore_rt
(/lib/x86_64-linux-gnu/libpthread.so.0+0x12730)
 #5 0x00007f6355ff37bb raise
/build/glibc-vjB4T1/glibc-2.28/signal/../sysdeps/unix/sysv/linux/raise.c:51:1
 #6 0x00007f6355fde535 abort /build/glibc-vjB4T1/glibc-2.28/stdlib/abort.c:81:7
 #7 0x00007f6355fde40f _nl_load_domain
/build/glibc-vjB4T1/glibc-2.28/intl/loadmsgcat.c:1177:9
 #8 0x00007f6355fec102 (/lib/x86_64-linux-gnu/libc.so.6+0x30102)
 #9 0x00007f635018088b (anonymous
namespace)::relateSymbols(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState
const>, clang::ento::SymExpr const*, clang::ento::SymExpr const*, bool)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Checkers/IteratorModeling.cpp:566:5
#10 0x00007f63501803a9 (anonymous
namespace)::IteratorModeling::processComparison(clang::ento::CheckerContext&,
llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>, clang::ento::SymExpr
const*, clang::ento::SymExpr const*, clang::ento::SVal const&,
clang::OverloadedOperatorKind) const
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Checkers/IteratorModeling.cpp:385:24
#11 0x00007f635017f419 (anonymous
namespace)::IteratorModeling::handleComparison(clang::ento::CheckerContext&,
clang::Expr const*, clang::ento::SVal, clang::ento::SVal const&,
clang::ento::SVal const&, clang::OverloadedOperatorKind) const
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Checkers/IteratorModeling.cpp:363:3
#12 0x00007f635017e2fc (anonymous
namespace)::IteratorModeling::checkPostCall(clang::ento::CallEvent const&,
clang::ento::CheckerContext&) const
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Checkers/IteratorModeling.cpp:146:9
#13 0x00007f635017e180 void clang::ento::check::PostCall::_checkCall<(anonymous
namespace)::IteratorModeling>(void*, clang::ento::CallEvent const&,
clang::ento::CheckerContext&)
/home/nicolas/src/llvm/build/../llvm/tools/clang/include/clang/StaticAnalyzer/Core/Checker.h:184:3
#14 0x00007f634f9a1712 clang::ento::CheckerFn<void (clang::ento::CallEvent
const&, clang::ento::CheckerContext&)>::operator()(clang::ento::CallEvent
const&, clang::ento::CheckerContext&) const
/home/nicolas/src/llvm/build/../llvm/tools/clang/include/clang/StaticAnalyzer/Core/CheckerManager.h:69:5
#15 0x00007f634f993928 (anonymous
namespace)::CheckCallContext::runChecker(clang::ento::CheckerFn<void
(clang::ento::CallEvent const&, clang::ento::CheckerContext&)>,
clang::ento::NodeBuilder&, clang::ento::ExplodedNode*)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Core/CheckerManager.cpp:291:7
#16 0x00007f634f98fe05 void expandGraphWithCheckers<(anonymous
namespace)::CheckCallContext>((anonymous namespace)::CheckCallContext,
clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNodeSet const&)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Core/CheckerManager.cpp:138:25
#17 0x00007f634f98fb5b
clang::ento::CheckerManager::runCheckersForCallEvent(bool,
clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNodeSet const&,
clang::ento::CallEvent const&, clang::ento::ExprEngine&, bool)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Core/CheckerManager.cpp:309:1
#18 0x00007f634fa1a1f8
clang::ento::CheckerManager::runCheckersForPostCall(clang::ento::ExplodedNodeSet&,
clang::ento::ExplodedNodeSet const&, clang::ento::CallEvent const&,
clang::ento::ExprEngine&, bool)
/home/nicolas/src/llvm/build/../llvm/tools/clang/include/clang/StaticAnalyzer/Core/CheckerManager.h:283:3
#19 0x00007f634fa1df2c
clang::ento::ExprEngine::evalCall(clang::ento::ExplodedNodeSet&,
clang::ento::ExplodedNode*, clang::ento::CallEvent const&)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp:606:41
#20 0x00007f634fa1dd19 clang::ento::ExprEngine::VisitCallExpr(clang::CallExpr
const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp:513:16
#21 0x00007f634f9df934 clang::ento::ExprEngine::Visit(clang::Stmt const*,
clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:1605:7
#22 0x00007f634f9dc4ac clang::ento::ExprEngine::ProcessStmt(clang::Stmt const*,
clang::ento::ExplodedNode*)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:792:9
#23 0x00007f634f9dc199
clang::ento::ExprEngine::processCFGElement(clang::CFGElement,
clang::ento::ExplodedNode*, unsigned int, clang::ento::NodeBuilderContext*)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:637:7
#24 0x00007f634f9afdaa clang::ento::CoreEngine::HandlePostStmt(clang::CFGBlock
const*, unsigned int, clang::ento::ExplodedNode*)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:469:1
#25 0x00007f634f9af46c
clang::ento::CoreEngine::dispatchWorkItem(clang::ento::ExplodedNode*,
clang::ProgramPoint, clang::ento::WorkListUnit const&)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:195:1
#26 0x00007f634f9af01f
clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*,
unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:129:3
#27 0x00007f6350d63564
clang::ento::ExprEngine::ExecuteWorkList(clang::LocationContext const*,
unsigned int)
/home/nicolas/src/llvm/build/../llvm/tools/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h:168:5
#28 0x00007f6350d0e186 (anonymous
namespace)::AnalysisConsumer::RunPathSensitiveChecks(clang::Decl*,
clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*,
llvm::DenseMapInfo<clang::Decl const*> >*)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:821:7
#29 0x00007f6350d0dd14 (anonymous
namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int,
clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*,
llvm::DenseMapInfo<clang::Decl const*> >*)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:793:15
#30 0x00007f6350ca7d7e (anonymous
namespace)::AnalysisConsumer::HandleDeclsCallGraph(unsigned int)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:585:31
#31 0x00007f6350ca68e2 (anonymous
namespace)::AnalysisConsumer::runAnalysisOnTranslationUnit(clang::ASTContext&)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:635:3
#32 0x00007f6350ca56a2 (anonymous
namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:0:5
#33 0x00007f635271830e clang::ParseAST(clang::Sema&, bool, bool)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/Parse/ParseAST.cpp:178:12
#34 0x00007f6356d80db2 clang::ASTFrontendAction::ExecuteAction()
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/Frontend/FrontendAction.cpp:1049:1
#35 0x00007f6356d80761 clang::FrontendAction::Execute()
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/Frontend/FrontendAction.cpp:944:7
#36 0x00007f6356cf515e
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/Frontend/CompilerInstance.cpp:969:23
#37 0x00007f6356a7ab4f
clang::ExecuteCompilerInvocation(clang::CompilerInstance*)
/home/nicolas/src/llvm/build/../llvm/tools/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:292:8
#38 0x0000000000428838 cc1_main(llvm::ArrayRef<char const*>, char const*,
void*)
/home/nicolas/src/llvm/build/../llvm/tools/clang/tools/driver/cc1_main.cpp:240:13
#39 0x000000000041c3c6 ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&)
/home/nicolas/src/llvm/build/../llvm/tools/clang/tools/driver/driver.cpp:328:5
#40 0x000000000041b61f main
/home/nicolas/src/llvm/build/../llvm/tools/clang/tools/driver/driver.cpp:402:5
#41 0x00007f6355fe009b __libc_start_main
/build/glibc-vjB4T1/glibc-2.28/csu/../csu/libc-start.c:342:3
#42 0x000000000041adca _start
(/home/nicolas/src/llvm/build/llvm/bin/clang+++0x41adca)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20200223/e03efb70/attachment-0001.html>