[llvm-bugs] [Bug 48739] New: MemRegion.cpp:1196 - Assertion `isValidBaseClass(RD, cast<TypedValueRegion>(Super), IsVirtual)' failed.

via llvm-bugs llvm-bugs at lists.llvm.org
Wed Jan 13 07:04:03 PST 2021 

https://bugs.llvm.org/show_bug.cgi?id=48739

            Bug ID: 48739
           Summary: MemRegion.cpp:1196 - Assertion `isValidBaseClass(RD,
                    cast<TypedValueRegion>(Super), IsVirtual)' failed.
           Product: clang
           Version: trunk
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P
         Component: Static Analyzer
          Assignee: dcoughlin at apple.com
          Reporter: vince.a.bridgers at gmail.com
                CC: dcoughlin at apple.com, llvm-bugs at lists.llvm.org

We came across this issue internally while using CSA. This is a reduced
reproducer. 

command line 
---
clang --analyze test.cpp 

cat test.cpp
---
class b {
public:
  int c;
  b(int);
};
class e : public b {};
int b::*d;
void f() {
  int e::*bp = &b::c;
  b a(1);
  d = static_cast<int b::*>(bp);
  a.*d;
}

Relevant backtrace (slighty edited)
---

clang: <root>/clang/lib/StaticAnalyzer/Core/MemRegion.cpp:1196: const
clang::ento::CXXBaseObjectRegion*
clang::ento::MemRegionManager::getCXXBaseObjectRegion(const
clang::CXXRecordDecl*, const clang::ento::SubRegion*, bool): Assertion
`isValidBaseClass(RD, cast<TypedValueRegion>(Super), IsVirtual)' failed.
PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash
backtrace, preprocessed source, and associated run script.
Stack dump:
0.      Program arguments: clang --analyze check.cpp
1.      <eof> parser at end of file
2.      While analyzing stack: 
        #0 Calling f
3.      check.cpp:12:3: Error evaluating statement
4.      check.cpp:12:3: Error evaluating statement

... <trimmed>
#11 0x0000000006bd4f03
clang::ento::MemRegionManager::getCXXBaseObjectRegion(clang::CXXRecordDecl
const*, clang::ento::SubRegion const*, bool)
<root>/clang/lib/StaticAnalyzer/Core/MemRegion.cpp:1199:5
#12 0x0000000006c5c2a4
clang::ento::StoreManager::evalDerivedToBase(clang::ento::SVal,
clang::QualType, bool) <root>/clang/lib/StaticAnalyzer/Core/Store.cpp:295:58
#13 0x0000000006c4e822 clang::ento::SVal (anonymous
namespace)::SimpleSValBuilder::evalBinOpLN(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState
const>, clang::BinaryOperatorKind, clang::ento::Loc, clang::ento::NonLoc,
clang::QualType)::'lambda'(auto const*)::operator()<clang::FieldDecl>(auto
const*) const
<root>/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp:1120:64
#14 0x0000000006c4d275 (anonymous
namespace)::SimpleSValBuilder::evalBinOpLN(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState
const>, clang::BinaryOperatorKind, clang::ento::Loc, clang::ento::NonLoc,
clang::QualType)
<root>/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp:1127:33
#15 0x0000000006c5f364
clang::ento::SValBuilder::evalBinOp(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState
const>, clang::BinaryOperatorKind, clang::ento::SVal, clang::ento::SVal,
clang::QualType) <root>/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp:430:66
#16 0x0000000006b8bba9
clang::ento::ExprEngine::evalBinOp(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState
const>, clang::BinaryOperatorKind, clang::ento::SVal, clang::ento::SVal,
clang::QualType)
<root>/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h:631:53
#17 0x0000000006b9e85a
clang::ento::ExprEngine::VisitBinaryOperator(clang::BinaryOperator const*,
clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&)
<root>/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp:100:69
#18 0x0000000006b7c073 clang::ento::ExprEngine::Visit(clang::Stmt const*,
clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&)
<root>/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:1578:20
#19 0x0000000006b78376 clang::ento::ExprEngine::ProcessStmt(clang::Stmt const*,
clang::ento::ExplodedNode*)
<root>/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:792:15
#20 0x0000000006b776f8
clang::ento::ExprEngine::processCFGElement(clang::CFGElement,
clang::ento::ExplodedNode*, unsigned int, clang::ento::NodeBuilderContext*)
<root>/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:637:18
#21 0x0000000006b49ed4 clang::ento::CoreEngine::HandlePostStmt(clang::CFGBlock
const*, unsigned int, clang::ento::ExplodedNode*)
<root>/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:468:1
#22 0x0000000006b48bd3
clang::ento::CoreEngine::dispatchWorkItem(clang::ento::ExplodedNode*,
clang::ProgramPoint, clang::ento::WorkListUnit const&) (.localalias)
<root>/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:192:7
#23 0x0000000006b4886d
clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*,
unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>)
<root>/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:147:21

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20210113/ca068578/attachment-0001.html>

More information about the llvm-bugs mailing list