[llvm-bugs] [Bug 50268] New: clang crashes on simple valid C code with "Error evaluating branch" (on trunk version)

via llvm-bugs llvm-bugs at lists.llvm.org
Fri May 7 19:40:20 PDT 2021


https://bugs.llvm.org/show_bug.cgi?id=50268

            Bug ID: 50268
           Summary: clang crashes on simple valid C code with "Error
                    evaluating branch" (on trunk version)
           Product: clang
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: Static Analyzer
          Assignee: dcoughlin at apple.com
          Reporter: haoxintu at gmail.com
                CC: dcoughlin at apple.com, llvm-bugs at lists.llvm.org

Hi all.

$cat small.c
#include <stdint.h>
uint64_t a, c;
int b;
void d() {
  c -= a;
  0 >= b;
  c != b;
  c ? 0: 2;
}

$clang --analyze small.c

PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash
backtrace, preprocessed source, and associated run script.
Stack dump:
0.      Program arguments: clang --analyze small.c
1.      <eof> parser at end of file
2.      While analyzing stack: 
        #0 Calling d
3.      small.c:8:3: Error evaluating branch
 #0 0x000055c34f34b81c llvm::sys::PrintStackTrace(llvm::raw_ostream&, int)
(/media/haoxin/SeagateData/haoxin-data/dut-research/compilers/llvm-project/build-20210502/bin/clang-13+0x363681c)
 #1 0x000055c34f3496d4 llvm::sys::RunSignalHandlers()
(/media/haoxin/SeagateData/haoxin-data/dut-research/compilers/llvm-project/build-20210502/bin/clang-13+0x36346d4)
 #2 0x000055c34f349955 llvm::sys::CleanupOnSignal(unsigned long)
(/media/haoxin/SeagateData/haoxin-data/dut-research/compilers/llvm-project/build-20210502/bin/clang-13+0x3634955)
 #3 0x000055c34f2a4108 CrashRecoverySignalHandler(int)
CrashRecoveryContext.cpp:0:0
 #4 0x00007fd758d85980 __restore_rt
(/lib/x86_64-linux-gnu/libpthread.so.0+0x12980)
 #5 0x000055c350d82f80 clang::ento::ProgramState::FindGDM(void*) const
(/media/haoxin/SeagateData/haoxin-data/dut-research/compilers/llvm-project/build-20210502/bin/clang-13+0x506df80)
 #6 0x000055c350d8d1b7 clang::ento::ProgramStateTrait<(anonymous
namespace)::ClassMap>::lookup_type clang::ento::ProgramState::get<(anonymous
namespace)::ClassMap>(clang::ento::ProgramStateTrait<(anonymous
namespace)::ClassMap>::key_type) const RangeConstraintManager.cpp:0:0
 #7 0x000055c350d9e740 (anonymous
namespace)::RangeConstraintManager::track(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState
const>, (anonymous namespace)::EqualityInfo) (.isra.772)
RangeConstraintManager.cpp:0:0
 #8 0x000055c350d9f6fb (anonymous
namespace)::RangeConstraintManager::assumeSymEQ(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState
const>, clang::ento::SymExpr const*, llvm::APSInt const&, llvm::APSInt const&)
RangeConstraintManager.cpp:0:0
 #9 0x000055c350da0c68
clang::ento::RangedConstraintManager::assumeSymUnsupported(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState
const>, clang::ento::SymExpr const*, bool)
(/media/haoxin/SeagateData/haoxin-data/dut-research/compilers/llvm-project/build-20210502/bin/clang-13+0x508bc68)
#10 0x000055c350dbca0f
clang::ento::SimpleConstraintManager::assumeAux(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState
const>, clang::ento::NonLoc, bool)
(/media/haoxin/SeagateData/haoxin-data/dut-research/compilers/llvm-project/build-20210502/bin/clang-13+0x50a7a0f)
#11 0x000055c350dbdf05
clang::ento::SimpleConstraintManager::assume(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState
const>, clang::ento::NonLoc, bool)
(/media/haoxin/SeagateData/haoxin-data/dut-research/compilers/llvm-project/build-20210502/bin/clang-13+0x50a8f05)
#12 0x000055c350dbe057
clang::ento::SimpleConstraintManager::assume(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState
const>, clang::ento::DefinedSVal, bool)
(/media/haoxin/SeagateData/haoxin-data/dut-research/compilers/llvm-project/build-20210502/bin/clang-13+0x50a9057)
#13 0x000055c35088f691
clang::ento::ProgramState::assume(clang::ento::DefinedOrUnknownSVal) const
(/media/haoxin/SeagateData/haoxin-data/dut-research/compilers/llvm-project/build-20210502/bin/clang-13+0x4b7a691)
#14 0x000055c350d2d47e clang::ento::ExprEngine::processBranch(clang::Stmt
const*, clang::ento::NodeBuilderContext&, clang::ento::ExplodedNode*,
clang::ento::ExplodedNodeSet&, clang::CFGBlock const*, clang::CFGBlock const*)
(/media/haoxin/SeagateData/haoxin-data/dut-research/compilers/llvm-project/build-20210502/bin/clang-13+0x501847e)
#15 0x000055c350cea7ab clang::ento::CoreEngine::HandleBranch(clang::Stmt
const*, clang::Stmt const*, clang::CFGBlock const*, clang::ento::ExplodedNode*)
(/media/haoxin/SeagateData/haoxin-data/dut-research/compilers/llvm-project/build-20210502/bin/clang-13+0x4fd57ab)
#16 0x000055c350cee611 clang::ento::CoreEngine::HandleBlockExit(clang::CFGBlock
const*, clang::ento::ExplodedNode*)
(/media/haoxin/SeagateData/haoxin-data/dut-research/compilers/llvm-project/build-20210502/bin/clang-13+0x4fd9611)
#17 0x000055c350ceeaa8 clang::ento::CoreEngine::HandlePostStmt(clang::CFGBlock
const*, unsigned int, clang::ento::ExplodedNode*)
(/media/haoxin/SeagateData/haoxin-data/dut-research/compilers/llvm-project/build-20210502/bin/clang-13+0x4fd9aa8)
#18 0x000055c350ceece7
clang::ento::CoreEngine::dispatchWorkItem(clang::ento::ExplodedNode*,
clang::ProgramPoint, clang::ento::WorkListUnit const&)
(/media/haoxin/SeagateData/haoxin-data/dut-research/compilers/llvm-project/build-20210502/bin/clang-13+0x4fd9ce7)
#19 0x000055c350ceef64
clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*,
unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>)
(/media/haoxin/SeagateData/haoxin-data/dut-research/compilers/llvm-project/build-20210502/bin/clang-13+0x4fd9f64)
#20 0x000055c35084c14f (anonymous
namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int,
clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*,
llvm::DenseMapInfo<clang::Decl const*> >*) AnalysisConsumer.cpp:0:0
#21 0x000055c35086a636 (anonymous
namespace)::AnalysisConsumer::HandleDeclsCallGraph(unsigned int)
AnalysisConsumer.cpp:0:0
#22 0x000055c35086b762 (anonymous
namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&)
AnalysisConsumer.cpp:0:0
#23 0x000055c350e1af59 clang::ParseAST(clang::Sema&, bool, bool)
(/media/haoxin/SeagateData/haoxin-data/dut-research/compilers/llvm-project/build-20210502/bin/clang-13+0x5105f59)
#24 0x000055c34fc2deb1 clang::FrontendAction::Execute()
(/media/haoxin/SeagateData/haoxin-data/dut-research/compilers/llvm-project/build-20210502/bin/clang-13+0x3f18eb1)
#25 0x000055c34fbcaff2
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
(/media/haoxin/SeagateData/haoxin-data/dut-research/compilers/llvm-project/build-20210502/bin/clang-13+0x3eb5ff2)
#26 0x000055c34fcf8b8a
clang::ExecuteCompilerInvocation(clang::CompilerInstance*)
(/media/haoxin/SeagateData/haoxin-data/dut-research/compilers/llvm-project/build-20210502/bin/clang-13+0x3fe3b8a)
#27 0x000055c34cfedc9c cc1_main(llvm::ArrayRef<char const*>, char const*,
void*)
(/media/haoxin/SeagateData/haoxin-data/dut-research/compilers/llvm-project/build-20210502/bin/clang-13+0x12d8c9c)
#28 0x000055c34cfe8f99 ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&)
driver.cpp:0:0
#29 0x000055c34fa849b5 void llvm::function_ref<void
()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<llvm::Optional<llvm::StringRef>
>, std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> >*, bool*) const::'lambda'()>(long) Job.cpp:0:0
#30 0x000055c34f2a41e3
llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>)
(/media/haoxin/SeagateData/haoxin-data/dut-research/compilers/llvm-project/build-20210502/bin/clang-13+0x358f1e3)
#31 0x000055c34fa85354
clang::driver::CC1Command::Execute(llvm::ArrayRef<llvm::Optional<llvm::StringRef>
>, std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> >*, bool*) const (.part.161) Job.cpp:0:0
#32 0x000055c34fa5d61a
clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&,
clang::driver::Command const*&) const
(/media/haoxin/SeagateData/haoxin-data/dut-research/compilers/llvm-project/build-20210502/bin/clang-13+0x3d4861a)
#33 0x000055c34fa5e2bf
clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&,
llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*> >&) const
(/media/haoxin/SeagateData/haoxin-data/dut-research/compilers/llvm-project/build-20210502/bin/clang-13+0x3d492bf)
#34 0x000055c34fa66c5a
clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&,
llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*> >&)
(/media/haoxin/SeagateData/haoxin-data/dut-research/compilers/llvm-project/build-20210502/bin/clang-13+0x3d51c5a)
#35 0x000055c34cf112a5 main
(/media/haoxin/SeagateData/haoxin-data/dut-research/compilers/llvm-project/build-20210502/bin/clang-13+0x11fc2a5)
#36 0x00007fd757a19bf7 __libc_start_main
/build/glibc-S9d2JN/glibc-2.27/csu/../csu/libc-start.c:344:0
#37 0x000055c34cfe8b0a _start
(/media/haoxin/SeagateData/haoxin-data/dut-research/compilers/llvm-project/build-20210502/bin/clang-13+0x12d3b0a)
clang-13: error: clang frontend command failed with exit code 139 (use -v to
see invocation)
clang version 13.0.0 (https://github.com/llvm/llvm-project
e5984a3680bef22d422beaafa73bf131d7197973)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir:
/home/haoxin/haoxin-data/dut-research/compilers/llvm-project/build-20210502/bin
clang-13: note: diagnostic msg: 
********************

PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang-13: note: diagnostic msg: /tmp/small-cd818a.c
clang-13: note: diagnostic msg: /tmp/small-cd818a.sh
clang-13: note: diagnostic msg: 

********************

Reproduced in GodBolt: https://godbolt.org/z/vbTch5oW9


Thanks,
Haoxin

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20210508/70d23632/attachment-0001.html>


More information about the llvm-bugs mailing list