[llvm-bugs] [Bug 50588] New: Assertion failure in SmartPtrChecker when initializing std::unique_ptr with nullptr
via llvm-bugs
llvm-bugs at lists.llvm.org
Sat Jun 5 10:51:06 PDT 2021
https://bugs.llvm.org/show_bug.cgi?id=50588
Bug ID: 50588
Summary: Assertion failure in SmartPtrChecker when initializing
std::unique_ptr with nullptr
Product: clang
Version: trunk
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P
Component: Static Analyzer
Assignee: dcoughlin at apple.com
Reporter: deep.majumder2019 at gmail.com
CC: dcoughlin at apple.com, llvm-bugs at lists.llvm.org
For the following code:
```
#include <memory>
void foo(s) {
auto hell = std::unique_ptr<int>(nullptr);
*hell;
}
```
the assertion at `SmartPtrModeling.cpp:240`:
`TrackingExpr->getType()->isPointerType() && "Adding a non pointer value to
TrackedRegionMap"` fails.
The full stack trace:
```
clang++:
/home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp:242:
bool (anonymous namespace)::SmartPtrModeling::evalCall(const
clang::ento::CallEvent &, clang::ento::CheckerContext &) const: Assertion
`TrackingExpr->getType()->isPointerType() && "Adding a non pointer value to
TrackedRegionMap"' failed.
PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash
backtrace, preprocessed source, and associated run script.
Stack dump:
0. Program arguments: ./llvm/release/bin/clang++ -std=c++20 -Xclang
-analyze -Xclang
-analyzer-checker=core,cplusplus.Move,cplusplus.NewDelete,alpha.cplusplus.SmartPtr
-Xclang -analyzer-output=text -Xclang -analyzer-config -Xclang
cplusplus.SmartPtrModeling:ModelSmartPtrDereference=true -c make_unique.cpp
1. <eof> parser at end of file
2. While analyzing stack:
#0 Calling foo
3. make_unique.cpp:8:17: Error evaluating statement
4. make_unique.cpp:8:17: Error evaluating statement
#0 0x00007f9a6c3317b1 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int)
/home/dknite/work/llvm-project/llvm/llvm/lib/Support/Unix/Signals.inc:565:13
#1 0x00007f9a6c32f7e0 llvm::sys::RunSignalHandlers()
/home/dknite/work/llvm-project/llvm/llvm/lib/Support/Signals.cpp:77:18
#2 0x00007f9a6c330d9b llvm::sys::CleanupOnSignal(unsigned long)
/home/dknite/work/llvm-project/llvm/llvm/lib/Support/Unix/Signals.inc:0:3
#3 0x00007f9a6c257df3 (anonymous
namespace)::CrashRecoveryContextImpl::HandleCrash(int, unsigned long)
/home/dknite/work/llvm-project/llvm/llvm/lib/Support/CrashRecoveryContext.cpp:75:5
#4 0x00007f9a6c257fab CrashRecoverySignalHandler(int)
/home/dknite/work/llvm-project/llvm/llvm/lib/Support/CrashRecoveryContext.cpp:0:51
#5 0x00007f9a6fe35870 __restore_rt sigaction.c:0:0
#6 0x00007f9a6bc2fd22 raise (/usr/lib/libc.so.6+0x3cd22)
#7 0x00007f9a6bc19862 abort (/usr/lib/libc.so.6+0x26862)
#8 0x00007f9a6bc19747 _nl_load_domain.cold loadmsgcat.c:0:0
#9 0x00007f9a6bc28616 (/usr/lib/libc.so.6+0x35616)
#10 0x00007f9a68c24b02 getInnerPointerType(clang::ento::CallEvent const&,
clang::ento::CheckerContext&)
/home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp:0:0
#11 0x00007f9a68c24b02 (anonymous
namespace)::SmartPtrModeling::handleBoolConversion(clang::ento::CallEvent
const&, clang::ento::CheckerContext&) const
/home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp:575:29
#12 0x00007f9a68c24b02 (anonymous
namespace)::SmartPtrModeling::evalCall(clang::ento::CallEvent const&,
clang::ento::CheckerContext&) const
/home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp:193:7
#13 0x00007f9a68c24b02 bool clang::ento::eval::Call::_evalCall<(anonymous
namespace)::SmartPtrModeling>(void*, clang::ento::CallEvent const&,
clang::ento::CheckerContext&)
/home/dknite/work/llvm-project/llvm/clang/include/clang/StaticAnalyzer/Core/Checker.h:479:40
#14 0x00007f9a687492bd clang::ento::CheckerFn<bool (clang::ento::CallEvent
const&, clang::ento::CheckerContext&)>::operator()(clang::ento::CallEvent
const&, clang::ento::CheckerContext&) const
/home/dknite/work/llvm-project/llvm/clang/include/clang/StaticAnalyzer/Core/CheckerManager.h:0:12
#15 0x00007f9a687492bd
clang::ento::CheckerManager::runCheckersForEvalCall(clang::ento::ExplodedNodeSet&,
clang::ento::ExplodedNodeSet const&, clang::ento::CallEvent const&,
clang::ento::ExprEngine&, clang::ento::EvalCallOptions const&)
/home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Core/CheckerManager.cpp:676:21
#16 0x00007f9a6878e4c8
llvm::SmallVectorTemplateCommon<clang::ento::ExplodedNode*, void>::isSmall()
const
/home/dknite/work/llvm-project/llvm/llvm/include/llvm/ADT/SmallVector.h:129:39
#17 0x00007f9a6878e4c8
llvm::SmallVectorImpl<clang::ento::ExplodedNode*>::~SmallVectorImpl()
/home/dknite/work/llvm-project/llvm/llvm/include/llvm/ADT/SmallVector.h:581:16
#18 0x00007f9a6878e4c8 llvm::SmallVector<clang::ento::ExplodedNode*,
4u>::~SmallVector()
/home/dknite/work/llvm-project/llvm/llvm/include/llvm/ADT/SmallVector.h:1176:3
#19 0x00007f9a6878e4c8 llvm::SetVector<clang::ento::ExplodedNode*,
llvm::SmallVector<clang::ento::ExplodedNode*, 4u>,
llvm::SmallDenseSet<clang::ento::ExplodedNode*, 4u,
llvm::DenseMapInfo<clang::ento::ExplodedNode*> > >::~SetVector()
/home/dknite/work/llvm-project/llvm/llvm/include/llvm/ADT/SetVector.h:40:7
#20 0x00007f9a6878e4c8 clang::ento::ExplodedNodeSet::~ExplodedNodeSet()
/home/dknite/work/llvm-project/llvm/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExplodedGraph.h:463:7
#21 0x00007f9a6878e4c8 clang::ento::ExprEngine::handleConstructor(clang::Expr
const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&)
/home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp:632:7
#22 0x00007f9a6876dc24 clang::ento::ExprEngine::Visit(clang::Stmt const*,
clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&)
/home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:0:7
#23 0x00007f9a6876ab3c clang::ento::ExprEngine::ProcessStmt(clang::Stmt const*,
clang::ento::ExplodedNode*)
/home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:792:9
#24 0x00007f9a6876a7f4
clang::ento::ExprEngine::processCFGElement(clang::CFGElement,
clang::ento::ExplodedNode*, unsigned int, clang::ento::NodeBuilderContext*)
/home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:0:7
#25 0x00007f9a68751ba2 clang::ento::CoreEngine::HandlePostStmt(clang::CFGBlock
const*, unsigned int, clang::ento::ExplodedNode*)
/home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:0:13
#26 0x00007f9a68750fed
clang::ento::CoreEngine::dispatchWorkItem(clang::ento::ExplodedNode*,
clang::ProgramPoint, clang::ento::WorkListUnit const&)
/home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:0:7
#27 0x00007f9a68750b4f std::__uniq_ptr_impl<clang::ento::WorkList,
std::default_delete<clang::ento::WorkList> >::_M_ptr() const
/usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/11.1.0/../../../../include/c++/11.1.0/bits/unique_ptr.h:173:42
#28 0x00007f9a68750b4f std::unique_ptr<clang::ento::WorkList,
std::default_delete<clang::ento::WorkList> >::get() const
/usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/11.1.0/../../../../include/c++/11.1.0/bits/unique_ptr.h:422:21
#29 0x00007f9a68750b4f std::unique_ptr<clang::ento::WorkList,
std::default_delete<clang::ento::WorkList> >::operator->() const
/usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/11.1.0/../../../../include/c++/11.1.0/bits/unique_ptr.h:416:9
#30 0x00007f9a68750b4f
clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*,
unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>)
/home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:128:10
#31 0x00007f9a6af3e10c llvm::IntrusiveRefCntPtr<clang::ento::ProgramState
const>::release()
/home/dknite/work/llvm-project/llvm/llvm/include/llvm/ADT/IntrusiveRefCntPtr.h:218:9
#32 0x00007f9a6af3e10c llvm::IntrusiveRefCntPtr<clang::ento::ProgramState
const>::~IntrusiveRefCntPtr()
/home/dknite/work/llvm-project/llvm/llvm/include/llvm/ADT/IntrusiveRefCntPtr.h:186:27
#33 0x00007f9a6af3e10c
clang::ento::ExprEngine::ExecuteWorkList(clang::LocationContext const*,
unsigned int)
/home/dknite/work/llvm-project/llvm/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h:192:5
#34 0x00007f9a6af3e10c (anonymous
namespace)::AnalysisConsumer::RunPathSensitiveChecks(clang::Decl*,
clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*,
llvm::DenseMapInfo<clang::Decl const*> >*)
/home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:709:7
#35 0x00007f9a6af3e10c (anonymous
namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int,
clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*,
llvm::DenseMapInfo<clang::Decl const*> >*)
/home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:682:5
#36 0x00007f9a6af1b219 llvm::DenseMapBase<llvm::DenseMap<clang::Decl const*,
llvm::detail::DenseSetEmpty, llvm::DenseMapInfo<clang::Decl const*>,
llvm::detail::DenseSetPair<clang::Decl const*> >, clang::Decl const*,
llvm::detail::DenseSetEmpty, llvm::DenseMapInfo<clang::Decl const*>,
llvm::detail::DenseSetPair<clang::Decl const*> >::empty() const
/home/dknite/work/llvm-project/llvm/llvm/include/llvm/ADT/DenseMap.h:98:28
#37 0x00007f9a6af1b219 llvm::DenseMapBase<llvm::DenseMap<clang::Decl const*,
llvm::detail::DenseSetEmpty, llvm::DenseMapInfo<clang::Decl const*>,
llvm::detail::DenseSetPair<clang::Decl const*> >, clang::Decl const*,
llvm::detail::DenseSetEmpty, llvm::DenseMapInfo<clang::Decl const*>,
llvm::detail::DenseSetPair<clang::Decl const*> >::begin()
/home/dknite/work/llvm-project/llvm/llvm/include/llvm/ADT/DenseMap.h:77:9
#38 0x00007f9a6af1b219 llvm::detail::DenseSetImpl<clang::Decl const*,
llvm::DenseMap<clang::Decl const*, llvm::detail::DenseSetEmpty,
llvm::DenseMapInfo<clang::Decl const*>, llvm::detail::DenseSetPair<clang::Decl
const*> >, llvm::DenseMapInfo<clang::Decl const*> >::begin()
/home/dknite/work/llvm-project/llvm/llvm/include/llvm/ADT/DenseSet.h:173:45
#39 0x00007f9a6af1b219 (anonymous
namespace)::AnalysisConsumer::HandleDeclsCallGraph(unsigned int)
/home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:475:29
#40 0x00007f9a6af1b219 (anonymous
namespace)::AnalysisConsumer::runAnalysisOnTranslationUnit(clang::ASTContext&)
/home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:522:5
#41 0x00007f9a6af1b219 (anonymous
namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&)
/home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:552:5
#42 0x00007f9a69cd8313
__gnu_cxx::__normal_iterator<std::unique_ptr<clang::TemplateInstantiationCallback,
std::default_delete<clang::TemplateInstantiationCallback> >*,
std::vector<std::unique_ptr<clang::TemplateInstantiationCallback,
std::default_delete<clang::TemplateInstantiationCallback> >,
std::allocator<std::unique_ptr<clang::TemplateInstantiationCallback,
std::default_delete<clang::TemplateInstantiationCallback> > > >
>::__normal_iterator(std::unique_ptr<clang::TemplateInstantiationCallback,
std::default_delete<clang::TemplateInstantiationCallback> >* const&)
/usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/11.1.0/../../../../include/c++/11.1.0/bits/stl_iterator.h:1008:20
#43 0x00007f9a69cd8313
std::vector<std::unique_ptr<clang::TemplateInstantiationCallback,
std::default_delete<clang::TemplateInstantiationCallback> >,
std::allocator<std::unique_ptr<clang::TemplateInstantiationCallback,
std::default_delete<clang::TemplateInstantiationCallback> > > >::begin()
/usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/11.1.0/../../../../include/c++/11.1.0/bits/stl_vector.h:812:16
#44 0x00007f9a69cd8313 void
clang::finalize<std::vector<std::unique_ptr<clang::TemplateInstantiationCallback,
std::default_delete<clang::TemplateInstantiationCallback> >,
std::allocator<std::unique_ptr<clang::TemplateInstantiationCallback,
std::default_delete<clang::TemplateInstantiationCallback> > > >
>(std::vector<std::unique_ptr<clang::TemplateInstantiationCallback,
std::default_delete<clang::TemplateInstantiationCallback> >,
std::allocator<std::unique_ptr<clang::TemplateInstantiationCallback,
std::default_delete<clang::TemplateInstantiationCallback> > > >&, clang::Sema
const&)
/home/dknite/work/llvm-project/llvm/clang/include/clang/Sema/TemplateInstCallback.h:54:16
#45 0x00007f9a69cd8313 clang::ParseAST(clang::Sema&, bool, bool)
/home/dknite/work/llvm-project/llvm/clang/lib/Parse/ParseAST.cpp:178:3
#46 0x00007f9a6e1e1b25 clang::FrontendAction::Execute()
/home/dknite/work/llvm-project/llvm/clang/lib/Frontend/FrontendAction.cpp:953:10
#47 0x00007f9a6e14fa42 llvm::Error::getPtr() const
/home/dknite/work/llvm-project/llvm/llvm/include/llvm/Support/Error.h:274:42
#48 0x00007f9a6e14fa42 llvm::Error::operator bool()
/home/dknite/work/llvm-project/llvm/llvm/include/llvm/Support/Error.h:236:16
#49 0x00007f9a6e14fa42
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
/home/dknite/work/llvm-project/llvm/clang/lib/Frontend/CompilerInstance.cpp:960:23
#50 0x00007f9a6fe1d98c
clang::ExecuteCompilerInvocation(clang::CompilerInstance*)
/home/dknite/work/llvm-project/llvm/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:278:25
#51 0x000055be0d88a8c0 cc1_main(llvm::ArrayRef<char const*>, char const*,
void*)
/home/dknite/work/llvm-project/llvm/clang/tools/driver/cc1_main.cpp:246:15
#52 0x000055be0d88840a ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&)
/home/dknite/work/llvm-project/llvm/clang/tools/driver/driver.cpp:338:12
#53 0x00007f9a6deddcb2
clang::driver::CC1Command::Execute(llvm::ArrayRef<llvm::Optional<llvm::StringRef>
>, std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> >*, bool*) const::$_1::operator()() const
/home/dknite/work/llvm-project/llvm/clang/lib/Driver/Job.cpp:404:30
#54 0x00007f9a6deddcb2 void llvm::function_ref<void
()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<llvm::Optional<llvm::StringRef>
>, std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> >*, bool*) const::$_1>(long)
/home/dknite/work/llvm-project/llvm/llvm/include/llvm/ADT/STLExtras.h:185:12
#55 0x00007f9a6c257d07 llvm::function_ref<void ()>::operator()() const
/home/dknite/work/llvm-project/llvm/llvm/include/llvm/ADT/STLExtras.h:0:12
#56 0x00007f9a6c257d07
llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>)
/home/dknite/work/llvm-project/llvm/llvm/lib/Support/CrashRecoveryContext.cpp:424:3
#57 0x00007f9a6dedd695
clang::driver::CC1Command::Execute(llvm::ArrayRef<llvm::Optional<llvm::StringRef>
>, std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> >*, bool*) const
/home/dknite/work/llvm-project/llvm/clang/lib/Driver/Job.cpp:404:7
#58 0x00007f9a6deab03b
clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&,
clang::driver::Command const*&) const
/home/dknite/work/llvm-project/llvm/clang/lib/Driver/Compilation.cpp:196:15
#59 0x00007f9a6deab5ba
clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&,
llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*> >&) const
/home/dknite/work/llvm-project/llvm/clang/lib/Driver/Compilation.cpp:249:13
#60 0x00007f9a6dec369e llvm::SmallVectorBase<unsigned int>::empty() const
/home/dknite/work/llvm-project/llvm/llvm/include/llvm/ADT/SmallVector.h:73:47
#61 0x00007f9a6dec369e
clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&,
llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*> >&)
/home/dknite/work/llvm-project/llvm/clang/lib/Driver/Driver.cpp:1538:23
#62 0x000055be0d887cfb main
/home/dknite/work/llvm-project/llvm/clang/tools/driver/driver.cpp:510:21
#63 0x00007f9a6bc1ab25 __libc_start_main (/usr/lib/libc.so.6+0x27b25)
#64 0x000055be0d8851be _start (./llvm/release/bin/clang+++0x101be)
clang-13: error: clang frontend command failed with exit code 134 (use -v to
see invocation)
clang version 13.0.0 (git at github.com:RedDocMD/deep-llvm.git
82fbc5d45b0c2fc9050d1d5e335e35afb4ab2611)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /home/dknite/work/llvm-project/./llvm/release/bin
clang-13: error: unable to execute command: Aborted (core dumped)
clang-13: note: diagnostic msg: Error generating preprocessed source(s).
```
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20210605/ac4dff37/attachment-0001.html>
More information about the llvm-bugs
mailing list