[llvm-bugs] [Bug 48897] New: Infinite loop while analyzing test file ObjectTransformLayer.cpp

via llvm-bugs llvm-bugs at lists.llvm.org
Wed Jan 27 02:23:36 PST 2021 

https://bugs.llvm.org/show_bug.cgi?id=48897

            Bug ID: 48897
           Summary: Infinite loop while analyzing test file
                    ObjectTransformLayer.cpp
           Product: clang
           Version: unspecified
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: Static Analyzer
          Assignee: dcoughlin at apple.com
          Reporter: endre.fulop at sigmatechnology.se
                CC: dcoughlin at apple.com, llvm-bugs at lists.llvm.org

Clang versions tested: trunk, 11, 10 release builds

I have built a release Clang and then tried to analyze the project itself (also
release build which is not the recommended config but the analyzer should still
not hang).
Analyzing test file ObjectTransformLayerTest.cpp produces an infinite loop.

Invocation used:
/mnt/ssd/zfulend/clang-rwa/bin/clang --analyze -Qunused-arguments -Xclang
-analyzer-opt-analyze-headers -Xclang -analyzer-output=plist-multi-file -o
/mnt/ssd/zfulend/llvm-results/ObjectTransformLayerTest.cpp_clangsa_8cc9f11eff102b263c466caa38816e44.plist
-Xclang -analyzer-config -Xclang
aggressive-binary-operation-simplification=true -x c++
--target=x86_64-pc-linux-gnu -std=gnu++14 -DGTEST_HAS_RTTI=0
-DGTEST_HAS_TR1_TUPLE=0 -DGTEST_LANG_CXX11=1 -D_DEBUG -D_GNU_SOURCE
-D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -D__STDC_LIMIT_MACROS
-I/mnt/ssd/zfulend/clang-rwa/unittests/ExecutionEngine/Orc
-I/mnt/ssd/zfulend/llvm-project/llvm/unittests/ExecutionEngine/Orc
-I/usr/include/libxml2 -I/mnt/ssd/zfulend/clang-rwa/include
-I/mnt/ssd/zfulend/llvm-project/llvm/include
-I/mnt/ssd/zfulend/llvm-project/llvm/utils/unittest/googletest/include
-I/mnt/ssd/zfulend/llvm-project/llvm/utils/unittest/googlemock/include -fPIC
-fvisibility-inlines-hidden -Wall -Wextra -Wno-unused-parameter -Wwrite-strings
-Wcast-qual -Wmissing-field-initializers -pedantic -Wno-long-long
-Wimplicit-fallthrough -Wcovered-switch-default -Wno-noexcept-type
-Wnon-virtual-dtor -Wdelete-non-virtual-dtor -Wstring-conversion
-fdiagnostics-color -ffunction-sections -fdata-sections -O3
-Wno-variadic-macros -Wno-gnu-zero-variadic-macro-arguments -fno-exceptions
-fno-rtti -UNDEBUG -std=c++14 -isystem /usr/include/c++/7.5.0 -isystem
/usr/include/x86_64-linux-gnu/c++/7.5.0 -isystem
/usr/include/c++/7.5.0/backward -isystem /usr/local/include -isystem
/usr/include/x86_64-linux-gnu -isystem /usr/include
/mnt/ssd/zfulend/llvm-project/llvm/unittests/ExecutionEngine/Orc/ObjectTransformLayerTest.cpp

I have debugged the run, randomly sampled the backtraces.
This sample is representative as far as I can tell:

#0 0x00000000046d9756 in
generateVisitorsDiagnostics(clang::ento::PathSensitiveBugReport*,
clang::ento::ExplodedNode const*, clang::ento::BugReporterContext&) ()
#1 0x00000000046d576f in
clang::ento::PathSensitiveBugReporter::generatePathDiagnostics(llvm::ArrayRef<clang::ento::PathDiagnosticConsumer*>,
llvm::ArrayRef<clang::ento::PathSensitiveBugReport*>&) ()
#2 0x00000000046d83b3 in
clang::ento::PathSensitiveBugReporter::generateDiagnosticForConsumerMap(clang::ento::BugReport*,
llvm::ArrayRef<clang::ento::PathDiagnosticConsumer*>,
llvm::ArrayRef<clang::ento::BugReport*>) ()
#3 0x00000000046d3a2b in
clang::ento::BugReporter::FlushReport(clang::ento::BugReportEquivClass&) ()
#4 0x00000000046d38cb in clang::ento::BugReporter::FlushReports() ()
#5 0x0000000004445bc9 in (anonymous
namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int,
clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*,
llvm::DenseMapInfo<clang::Decl const*> >*) ()
#6 0x0000000004429dda in (anonymous
namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&) ()
#7 0x00000000047dabd3 in clang::ParseAST(clang::Sema&, bool, bool) ()
#8 0x00000000038425c0 in clang::FrontendAction::Execute() ()
#9 0x000000000379aaf4 in
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) ()
#10 0x00000000038f8541 in
clang::ExecuteCompilerInvocation(clang::CompilerInstance*) ()
#11 0x0000000001d36444 in cc1_main(llvm::ArrayRef<char const*>, char const*,
void*) ()
#12 0x0000000001d3486b in ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&)
()
#13 0x0000000003664022 in void llvm::function_ref<void
()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<llvm::Optional<llvm::StringRef>
>, std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> >*, bool*) const::$_1>(long)()
#14 0x0000000002e0a7e2 in
llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) ()
#15 0x000000000366360e in
clang::driver::CC1Command::Execute(llvm::ArrayRef<llvm::Optional<llvm::StringRef>
>, std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> >*, bool*) const ()
#16 0x000000000362f28e in
clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&,
clang::driver::Command const*&) const ()
#17 0x000000000362f68c in
clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&,
llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*> >&) const
()
#18 0x0000000003647b06 in
clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&,
llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*> >&) ()
#19 0x0000000001d33ef3 in main ()

generateVisitorsDiagnostics is the most often encountered frame in my
experience.

Furthermore, the infinite loop continuously allocates memory as well. I have
noticed the bug at first by noticing the swapping.

Another backtrace, that is deeper (with only parts inside
generateVisitorsDiagnostics):

#0  0x0000555558a25e33 in bool
llvm::DenseMapBase<llvm::DenseMap<clang::CFGBlock*,
llvm::DomTreeBuilder::SemiNCAInfo<llvm::DominatorTreeBase<clang::CFGBlock,
true> >::InfoRec, llvm::DenseMapInfo<clang::CFGBlock*>,
llvm::detail::DenseMapPair<clang::CFGBlock*,
llvm::DomTreeBuilder::SemiNCAInfo<llvm::DominatorTreeBase<clang::CFGBlock,
true> >::InfoRec> >, clang::CFGBlock*,
llvm::DomTreeBuilder::SemiNCAInfo<llvm::DominatorTreeBase<clang::CFGBlock,
true> >::InfoRec, llvm::DenseMapInfo<clang::CFGBlock*>,
llvm::detail::DenseMapPair<clang::CFGBlock*,
llvm::DomTreeBuilder::SemiNCAInfo<llvm::DominatorTreeBase<clang::CFGBlock,
true> >::InfoRec> >::LookupBucketFor<clang::CFGBlock*>(clang::CFGBlock* const&,
llvm::detail::DenseMapPair<clang::CFGBlock*,
llvm::DomTreeBuilder::SemiNCAInfo<llvm::DominatorTreeBase<clang::CFGBlock,
true> >::InfoRec> const*&) const ()
#1  0x0000555558a29f63 in
llvm::DomTreeBuilder::SemiNCAInfo<llvm::DominatorTreeBase<clang::CFGBlock,
true> >::addVirtualRoot() ()
#2  0x0000555558a2c874 in
llvm::DomTreeBuilder::SemiNCAInfo<llvm::DominatorTreeBase<clang::CFGBlock,
true> >::FindRoots(llvm::DominatorTreeBase<clang::CFGBlock, true> const&,
llvm::DomTreeBuilder::SemiNCAInfo<llvm::DominatorTreeBase<clang::CFGBlock,
true> >::BatchUpdateInfo*) ()
#3  0x0000555558da91ce in (anonymous
namespace)::TrackControlDependencyCondBRVisitor::TrackControlDependencyCondBRVisitor(clang::ento::ExplodedNode
const*) ()
#4  0x0000555558dab626 in
clang::ento::bugreporter::trackExpressionValue(clang::ento::ExplodedNode
const*, clang::Expr const*, clang::ento::PathSensitiveBugReport&,
clang::ento::bugreporter::TrackingKind, bool) [clone .part.1564] ()
#5  0x0000555558dadd57 in (anonymous
namespace)::ReturnVisitor::visitNodeInitial(clang::ento::ExplodedNode const*,
clang::ento::BugReporterContext&, clang::ento::PathSensitiveBugReport&) ()
#6  0x0000555558dae38d in (anonymous
namespace)::ReturnVisitor::VisitNode(clang::ento::ExplodedNode const*,
clang::ento::BugReporterContext&, clang::ento::PathSensitiveBugReport&) ()
#7  0x0000555558d92df1 in
generateVisitorsDiagnostics(clang::ento::PathSensitiveBugReport*,
clang::ento::ExplodedNode const*, clang::ento::BugReporterContext&) ()

I'm looking for insight. If someone has any idea what could this relate to, I
would be grateful.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20210127/7f634a09/attachment-0001.html>

More information about the llvm-bugs mailing list