NoQ added a comment.
Herald added a subscriber: Charusso.
Herald added a project: clang.
Hey, i'm seeing a crash in this checker, would you like to look at it? It looks
as if you're not being careful about dereferences/lvalue-to-rvalue-casts so it
tries to compare `&e` to `e1`.
**$ `cat repro.c`**
enum E { e1 };
void foo() {
enum E e;
e;
}
**$ `clang --analyze repro.c -Xclang
-analyzer-checker=alpha.cplusplus.EnumCastOutOfRange`**
Assertion failed: (op == BO_Add), function evalBinOp, file
/Users/adergachev/llvm/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp, line 427.
Stack dump:
0. Program arguments: /Users/adergachev/debug/bin/clang-9 -cc1 -triple
x86_64-apple-macosx10.14.0 -Wdeprecated-objc-isa-usage
-Werror=deprecated-objc-isa-usage -analyze -disable-free -main-file-name
repro.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks
-analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix
-analyzer-checker=osx -analyzer-checker=deadcode
-analyzer-checker=security.insecureAPI.UncheckedReturn
-analyzer-checker=security.insecureAPI.getpw
-analyzer-checker=security.insecureAPI.gets
-analyzer-checker=security.insecureAPI.mktemp
-analyzer-checker=security.insecureAPI.mkstemp
-analyzer-checker=security.insecureAPI.vfork
-analyzer-checker=nullability.NullPassedToNonnull
-analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w
-mrelocation-model pic -pic-level 2 -mthread-model posix -mdisable-fp-elim
-masm-verbose -munwind-tables -target-cpu penryn -dwarf-column-info
-debugger-tuning=lldb -ggnu-pubnames -target-linker-version 510.2 -resource-dir
/Users/adergachev/debug/lib/clang/9.0.0 -internal-isystem /usr/local/include
-internal-isystem /Users/adergachev/debug/lib/clang/9.0.0/include
-internal-externc-isystem /usr/include -fdebug-compilation-dir
/Users/adergachev/test -ferror-limit 19 -fmessage-length 142 -stack-protector 1
-fblocks -fencode-extended-block-signature -fregister-global-dtors-with-atexit
-fobjc-runtime=macosx-10.14.0 -fmax-type-align=16 -fdiagnostics-show-option
-fcolor-diagnostics -analyzer-checker=alpha.cplusplus.EnumCastOutOfRange -o
repro.plist -x c repro.c
1. <eof> parser at end of file
2. While analyzing stack:
#0 Calling foo
3. repro.c:5:3: Error evaluating statement
4. repro.c:5:3: Error evaluating statement
0 clang-9 0x00000001043f98cc
llvm::sys::PrintStackTrace(llvm::raw_ostream&) + 60
1 clang-9 0x00000001043f9e89
PrintStackTraceSignalHandler(void*) + 25
2 clang-9 0x00000001043f7bd6 llvm::sys::RunSignalHandlers()
+ 118
3 clang-9 0x00000001043fd032 SignalHandler(int) + 210
4 libsystem_platform.dylib 0x00007fff63a0eb5d _sigtramp + 29
5 clang-9 0x000000010a444d08
llvm::DenseMapInfo<llvm::codeview::GloballyHashedType>::Tombstone + 3005112
6 libsystem_c.dylib 0x00007fff638ce6a6 abort + 127
7 libsystem_c.dylib 0x00007fff6389720d basename_r + 0
8 clang-9 0x0000000107048c06
clang::ento::SValBuilder::evalBinOp(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState
const>, clang::BinaryOperatorKind, clang::ento::SVal, clang::ento::SVal,
clang::QualType) + 950
9 clang-9 0x0000000107048ef0
clang::ento::SValBuilder::evalEQ(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState
const>, clang::ento::SVal, clang::ento::SVal) + 144
10 clang-9 0x0000000107048f82
clang::ento::SValBuilder::evalEQ(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState
const>, clang::ento::DefinedOrUnknownSVal, clang::ento::DefinedOrUnknownSVal)
+ 114
11 clang-9 0x0000000106afe56f (anonymous
namespace)::ConstraintBasedEQEvaluator::operator()(llvm::APSInt const&) + 175
12 clang-9 0x0000000106afe3ef bool
std::__1::any_of<llvm::APSInt*, (anonymous
namespace)::ConstraintBasedEQEvaluator>(llvm::APSInt*, llvm::APSInt*,
(anonymous namespace)::ConstraintBasedEQEvaluator) + 47
13 clang-9 0x0000000106afdd18 bool
llvm::any_of<llvm::SmallVector<llvm::APSInt, 6u>&, (anonymous
namespace)::ConstraintBasedEQEvaluator>(llvm::SmallVector<llvm::APSInt, 6u>&,
(anonymous namespace)::ConstraintBasedEQEvaluator) + 72
14 clang-9 0x0000000106afdbb9 (anonymous
namespace)::EnumCastOutOfRangeChecker::checkPreStmt(clang::CastExpr const*,
clang::ento::CheckerContext&) const + 297
15 clang-9 0x0000000106afda85 void
clang::ento::check::PreStmt<clang::CastExpr>::_checkStmt<(anonymous
namespace)::EnumCastOutOfRangeChecker>(void*, clang::Stmt const*,
clang::ento::CheckerContext&) + 53
16 clang-9 0x0000000106f128a2 clang::ento::CheckerFn<void
(clang::Stmt const*, clang::ento::CheckerContext&)>::operator()(clang::Stmt
const*, clang::ento::CheckerContext&) const + 66
17 clang-9 0x0000000106f1232c (anonymous
namespace)::CheckStmtContext::runChecker(clang::ento::CheckerFn<void
(clang::Stmt const*, clang::ento::CheckerContext&)>, clang::ento::NodeBuilder&,
clang::ento::ExplodedNode*) + 220
18 clang-9 0x0000000106effd71 void
expandGraphWithCheckers<(anonymous namespace)::CheckStmtContext>((anonymous
namespace)::CheckStmtContext, clang::ento::ExplodedNodeSet&,
clang::ento::ExplodedNodeSet const&) + 561
19 clang-9 0x0000000106eff8a9
clang::ento::CheckerManager::runCheckersForStmt(bool,
clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNodeSet const&, clang::Stmt
const*, clang::ento::ExprEngine&, bool) + 217
20 clang-9 0x0000000106f81906
clang::ento::CheckerManager::runCheckersForPreStmt(clang::ento::ExplodedNodeSet&,
clang::ento::ExplodedNodeSet const&, clang::Stmt const*,
clang::ento::ExprEngine&) + 70
21 clang-9 0x0000000106f70131
clang::ento::ExprEngine::VisitCast(clang::CastExpr const*, clang::Expr const*,
clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) + 161
22 clang-9 0x0000000106f45224
clang::ento::ExprEngine::Visit(clang::Stmt const*, clang::ento::ExplodedNode*,
clang::ento::ExplodedNodeSet&) + 8084
23 clang-9 0x0000000106f40f6e
clang::ento::ExprEngine::ProcessStmt(clang::Stmt const*,
clang::ento::ExplodedNode*) + 510
24 clang-9 0x0000000106f40bf9
clang::ento::ExprEngine::processCFGElement(clang::CFGElement,
clang::ento::ExplodedNode*, unsigned int, clang::ento::NodeBuilderContext*) +
201
25 clang-9 0x0000000106f270e8
clang::ento::CoreEngine::HandlePostStmt(clang::CFGBlock const*, unsigned int,
clang::ento::ExplodedNode*) + 296
26 clang-9 0x0000000106f261b0
clang::ento::CoreEngine::dispatchWorkItem(clang::ento::ExplodedNode*,
clang::ProgramPoint, clang::ento::WorkListUnit const&) + 880
27 clang-9 0x0000000106f25ac9
clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*,
unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>) + 1481
28 clang-9 0x0000000106880b14
clang::ento::ExprEngine::ExecuteWorkList(clang::LocationContext const*,
unsigned int) + 84
29 clang-9 0x00000001068808e5 (anonymous
namespace)::AnalysisConsumer::RunPathSensitiveChecks(clang::Decl*,
clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*,
llvm::DenseMapInfo<clang::Decl const*> >*) + 341
30 clang-9 0x00000001068803f5 (anonymous
namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int,
clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*,
llvm::DenseMapInfo<clang::Decl const*> >*) + 501
31 clang-9 0x000000010687108f (anonymous
namespace)::AnalysisConsumer::HandleDeclsCallGraph(unsigned int) + 543
32 clang-9 0x000000010686f998 (anonymous
namespace)::AnalysisConsumer::runAnalysisOnTranslationUnit(clang::ASTContext&)
+ 440
33 clang-9 0x00000001068690db (anonymous
namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&) + 283
34 clang-9 0x00000001070b086c clang::ParseAST(clang::Sema&,
bool, bool) + 940
35 clang-9 0x000000010512a6e2
clang::ASTFrontendAction::ExecuteAction() + 322
36 clang-9 0x0000000105129cf0
clang::FrontendAction::Execute() + 112
37 clang-9 0x000000010509b49c
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) + 1548
38 clang-9 0x00000001051b092c
clang::ExecuteCompilerInvocation(clang::CompilerInstance*) + 2060
39 clang-9 0x00000001014354c1 cc1_main(llvm::ArrayRef<char
const*>, char const*, void*) + 1233
40 clang-9 0x000000010142871f
ExecuteCC1Tool(llvm::ArrayRef<char const*>, llvm::StringRef) + 159
41 clang-9 0x00000001014275b9 main + 1433
42 libdyld.dylib 0x00007fff638293d5 start + 1
43 libdyld.dylib 0x0000000000000049 start + 2625465461
clang-9: error: unable to execute command: Abort trap: 6
clang-9: error: clang frontend command failed due to signal (use -v to see
invocation)
clang version 9.0.0 (https://github.com/llvm/llvm-project.git
e917ff76a0f25cf6c0d3de6cceb9e84475339183)
Repository:
rC Clang
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D33672/new/
https://reviews.llvm.org/D33672
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
