BugReporter.cpp:2869: {anonymous}::TrimmedGraph::TrimmedGraph(const clang::ento::ExplodedGraph*, llvm::ArrayRef<const clang::ento::ExplodedNode*>): Assertion `!RemainingNodes.empty() && "No error node found in the trimmed graph"' failed. #24558
Comments
|
assigned to @tkremenek |
|
One more similiar testcase clang++ -cc1 -analyze -analyzer-checker=core -analyzer-checker=cplusplus -fcxx-exceptions -analyzer-checker alpha.core.PointerArithm -analyzer-max-loop {62,63,64} x.ii $ cat x.ii void fn2(uint32_t *p1, unsigned char *p2, uint32_t p3) { struct A { $ /usr/local/llvm/bin/clang++ -v |
|
Thanks Dmitry for reporting the issue, a patch is currently under review at http://reviews.llvm.org/D12163. Regards, |
|
The patch passed the code review Committed in http://reviews.llvm.org/rL246188 |
|
PASS for me. Thanks! |
|
mentioned in issue llvm/llvm-bugzilla-archive#25222 |
|
mentioned in issue llvm/llvm-bugzilla-archive#32342 |
Extended Description
$ /usr/local/llvm/bin/clang++ --version
clang version 3.8.0 (trunk 242641)
Target: x86_64-unknown-linux-gnu
Thread model: posix
$ /usr/local/llvm/bin/clang++ -cc1 -analyze -analyzer-eagerly-assume -fcxx-exceptions -analyzer-checker=core -analyzer-checker=alpha.core.PointerArithm -analyzer-max-loop 64 x.ii
[...skip warnings...]
clang++: /home/dimhen/src/llvm/tools/clang/lib/StaticAnalyzer/Core/BugReporter.cpp:2869: {anonymous}::TrimmedGraph::TrimmedGraph(const clang::ento::ExplodedGraph*, llvm::ArrayRef<const clang::ento::ExplodedNode*>): Assertion `!RemainingNodes.empty() && "No error node found in the trimmed graph"' failed.
0 clang++ 0x0000000002398915 llvm::sys::PrintStackTrace(llvm::raw_ostream&) + 37
1 clang++ 0x0000000002397481
2 libpthread.so.0 0x0000003469010430
3 libc.so.6 0x0000003468c349c8 gsignal + 56
4 libc.so.6 0x0000003468c3665a abort + 362
5 libc.so.6 0x0000003468c2d187
6 libc.so.6 0x0000003468c2d232
7 clang++ 0x0000000001193153
8 clang++ 0x0000000001199ee1 clang::ento::GRBugReporter::generatePathDiagnostic(clang::ento::PathDiagnostic&, clang::ento::PathDiagnosticConsumer&, llvm::ArrayRefclang::ento::BugReport*&) + 545
9 clang++ 0x000000000119cf35 clang::ento::BugReporter::FlushReport(clang::ento::BugReport*, clang::ento::PathDiagnosticConsumer&, llvm::ArrayRefclang::ento::BugReport*) + 1445
10 clang++ 0x000000000119d275 clang::ento::BugReporter::FlushReport(clang::ento::BugReportEquivClass&) + 277
11 clang++ 0x000000000119eea7 clang::ento::BugReporter::FlushReports() + 3943
12 clang++ 0x0000000001037011
13 clang++ 0x00000000010377fe
14 clang++ 0x000000000103e671
15 clang++ 0x0000000000b704a2 clang::ParseAST(clang::Sema&, bool, bool) + 754
16 clang++ 0x00000000007cbad6 clang::FrontendAction::Execute() + 486
17 clang++ 0x00000000007a47c1 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) + 353
18 clang++ 0x000000000078a25b clang::ExecuteCompilerInvocation(clang::CompilerInstance*) + 2107
19 clang++ 0x00000000007817c8 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) + 2104
20 clang++ 0x000000000075f339 main + 1321
21 libc.so.6 0x0000003468c20700 __libc_start_main + 240
22 clang++ 0x0000000000780749 _start + 41
Stack dump:
0. Program arguments: /usr/local/llvm/bin/clang++ -cc1 -analyze -analyzer-eagerly-assume -fcxx-exceptions -analyzer-checker=core -analyzer-checker=alpha.core.PointerArithm -analyzer-max-loop 64 x.ii
$ cat x.ii
typedef struct {
int cbData;
unsigned pbData;
} CRYPT_DATA_BLOB;
typedef enum { DT_NONCE_FIXED } DATA_TYPE;
int a;
typedef int *vcreate_t(int *, DATA_TYPE, int, int);
void fn1(unsigned, unsigned) {
char b = 0;
for (; 1; a++, &b + a * 0)
;
}
vcreate_t fn2;
struct A {
CRYPT_DATA_BLOB value;
int m_fn1() {
int c;
value.pbData == 0;
fn1(0, 0);
}
};
struct B {
A IkeHashAlg;
A IkeGType;
A NoncePhase1_r;
};
class C {
int m_fn2(B *);
void m_fn3(B *, int, int, int);
};
int C::m_fn2(B *p1) {
int *d;
int e = p1->IkeHashAlg.m_fn1();
unsigned f = p1->IkeGType.m_fn1(), h;
int g;
d = fn2(0, DT_NONCE_FIXED, (char)0, p1->NoncePhase1_r.value.cbData);
h = 0 | 0;
m_fn3(p1, 0, 0, 0);
}
The text was updated successfully, but these errors were encountered: