Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

scan-build crash - preprocessor file #25325

Closed
llvmbot opened this issue Sep 27, 2015 · 5 comments
Closed

scan-build crash - preprocessor file #25325

llvmbot opened this issue Sep 27, 2015 · 5 comments
Assignees
@tkremenek
Labels
bugzilla Issues migrated from bugzilla clang:static analyzer

Comments

@llvmbot
Copy link
Collaborator

llvmbot commented Sep 27, 2015

Bugzilla Link 24951
Resolution FIXED
Resolved on Feb 07, 2016 18:28
Version trunk
OS OpenBSD
Attachments preprocessor file
Reporter LLVM Bugzilla Contributor
CC @devincoughlin

Extended Description
@llvmbot
Copy link
Collaborator Author

llvmbot commented Sep 27, 2015

assigned to @tkremenek

@devincoughlin
Copy link
Contributor

I get an assertion failure when running the attached with:

./build/clang-ninja/bin/clang -cc1 -analyze -analyzer-checker=core,unix ~/Downloads/clang_crash_UnNL1U.i

Assertion failed: (op == BO_Add), function evalBinOp, file /Volumes/Data/Clangs/OpenSourceGit/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp, line 363.
0 clang 0x000000010984a0bb llvm::sys::PrintStackTrace(llvm::raw_ostream&) + 43
1 clang 0x0000000109849336 llvm::sys::RunSignalHandlers() + 70
2 clang 0x000000010984a762 SignalHandler(int) + 322
3 libsystem_platform.dylib 0x00007fff9bf9852a _sigtramp + 26
4 clang 0x000000010ce9f444 clang::Stmt::StatisticsEnabled + 62803
5 clang 0x000000010984a576 abort + 22
6 clang 0x000000010984a551 __assert_rtn + 81
7 clang 0x000000010bfcf809 clang::ento::SValBuilder::evalBinOp(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>, clang::BinaryOperatorKind, clang::ento::SVal, clang::ento::SVal, clang::QualType) + 985
8 clang 0x000000010bfcfae4 clang::ento::SValBuilder::evalEQ(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>, clang::ento::DefinedOrUnknownSVal, clang::ento::DefinedOrUnknownSVal) + 148
9 clang 0x000000010bb358c7 (anonymous namespace)::CStringChecker::assumeZero(clang::ento::CheckerContext&, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>, clang::ento::SVal, clang::QualType) + 455
10 clang 0x000000010bb35ba0 (anonymous namespace)::CStringChecker::checkNonNull(clang::ento::CheckerContext&, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>, clang::Expr const*, clang::ento::SVal) const + 608
11 clang 0x000000010bb3b0a6 (anonymous namespace)::CStringChecker::evalStrcpyCommon(clang::ento::CheckerContext&, clang::CallExpr const*, bool, bool, bool) const + 662
12 clang 0x000000010bb33a46 (anonymous namespace)::CStringChecker::evalStrncpy(clang::ento::CheckerContext&, clang::CallExpr const*) const + 86
13 clang 0x000000010bb32566 (anonymous namespace)::CStringChecker::evalCall(clang::CallExpr const*, clang::ento::CheckerContext&) const + 1974
14 clang 0x000000010bb31da0 bool clang::ento::eval::Call::_evalCall<(anonymous namespace)::CStringChecker>(void*, clang::CallExpr const*, clang::ento::CheckerContext&) + 48
15 clang 0x000000010bece7b2 clang::ento::CheckerFn<bool (clang::CallExpr const*, clang::ento::CheckerContext&)>::operator()(clang::CallExpr const*, clang::ento::CheckerContext&) const + 66
16 clang 0x000000010bec9d3f clang::ento::CheckerManager::runCheckersForEvalCall(clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNodeSet const&, clang::ento::CallEvent const&, clang::ento::ExprEngine&) + 831
17 clang 0x000000010bf48049 clang::ento::ExprEngine::evalCall(clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNode*, clang::ento::CallEvent const&) + 185
18 clang 0x000000010bf47f0b clang::ento::ExprEngine::VisitCallExpr(clang::CallExpr const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) + 427
19 clang 0x000000010bf11f81 clang::ento::ExprEngine::Visit(clang::Stmt const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) + 5665
20 clang 0x000000010bf0efa4 clang::ento::ExprEngine::ProcessStmt(clang::CFGStmt, clang::ento::ExplodedNode*) + 532
21 clang 0x000000010bf0ec6a clang::ento::ExprEngine::processCFGElement(clang::CFGElement, clang::ento::ExplodedNode*, unsigned int, clang::ento::NodeBuilderContext*) + 218
22 clang 0x000000010bef068e clang::ento::CoreEngine::HandlePostStmt(clang::CFGBlock const*, unsigned int, clang::ento::ExplodedNode*) + 302
23 clang 0x000000010bef0010 clang::ento::CoreEngine::dispatchWorkItem(clang::ento::ExplodedNode*, clang::ProgramPoint, clang::ento::WorkListUnit const&) + 1264
24 clang 0x000000010beef968 clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*, unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>) + 1240
25 clang 0x000000010ae4ff28 clang::ento::ExprEngine::ExecuteWorkList(clang::LocationContext const*, unsigned int) + 88
26 clang 0x000000010ae107ad (anonymous namespace)::AnalysisConsumer::ActionExprEngine(clang::Decl*, bool, clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*, llvm::DenseMapInfo<clang::Decl const*> >) + 1501
27 clang 0x000000010ae10169 (anonymous namespace)::AnalysisConsumer::RunPathSensitiveChecks(clang::Decl, clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*, llvm::DenseMapInfo<clang::Decl const*> >) + 153
28 clang 0x000000010ae0fc78 (anonymous namespace)::AnalysisConsumer::HandleCode(clang::Decl, unsigned int, clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*, llvm::DenseMapInfo<clang::Decl const*> >) + 696
29 clang 0x000000010ae073e8 (anonymous namespace)::AnalysisConsumer::HandleDeclsCallGraph(unsigned int) + 920
30 clang 0x000000010ae0503a (anonymous namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&) + 842
31 clang 0x000000010ae7d41f clang::ParseAST(clang::Sema&, bool, bool) + 1295
32 clang 0x000000010a293a8f clang::ASTFrontendAction::ExecuteAction() + 511
33 clang 0x000000010a292ff0 clang::FrontendAction::Execute() + 112
34 clang 0x000000010a1de8c1 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) + 1873
35 clang 0x000000010a3258ba clang::ExecuteCompilerInvocation(clang::CompilerInstance) + 4410
36 clang 0x0000000108b9486e cc1_main(llvm::ArrayRef<char const*>, char const*, void*) + 4926
37 clang 0x0000000108b8445f ExecuteCC1Tool(llvm::ArrayRef<char const*>, llvm::StringRef) + 479
38 clang 0x0000000108b81fbd main + 3245
39 libdyld.dylib 0x00007fff96c975ad start + 1
40 libdyld.dylib 0x0000000000000005 start + 1765182041

@devincoughlin
Copy link
Contributor

rdar://problem/23682244

@devincoughlin
Copy link
Contributor

Here is a reduced reproducer:

int strcmp(const char *s1, const char *s2);

void bar(char **a) {
strcmp("Hi", *a);
}

union argument {
char *f;
};

void foo(union argument a) {
void (*fPtr)(union argument ) = (void ()(union argument *))bar;

fPtr(&a);
}

@devincoughlin
Copy link
Contributor

Fix in r260066.

@llvmbot llvmbot transferred this issue from llvm/llvm-bugzilla-archive Dec 10, 2021
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tkremenek tkremenek

Labels
bugzilla Issues migrated from bugzilla clang:static analyzer
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@devincoughlin @llvmbot