[clang] [analyzer] Do not reason about locations passed as inline asm input (PR #103714)

Mikael Holmén via cfe-commits Sun, 18 Aug 2024 23:32:58 -0700

mikaelholmen wrote:

Hi @pskrgag


The following starts crashing with this patch:
```
clang -cc1 -analyze -analyzer-checker=core bbi-98183.c
```
It crashes like:
```
clang: 
../../clang/include/clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h:1212: 
clang::ento::ElementRegion::ElementRegion(clang::QualType, clang::ento::NonLoc, 
const clang::ento::SubRegion *): Assertion `!elementType.isNull() && 
!elementType->isVoidType() && "Invalid region type!"' failed.
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and 
include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.      Program arguments: build-all/bin/clang -cc1 -analyze 
-analyzer-checker=core bbi-98183.c
1.      <eof> parser at end of file
2.      While analyzing stack: 
        #0 Calling b
3.      bbi-98183.c:2:12: Error evaluating statement
4.      bbi-98183.c:2:12: Error evaluating statement
 #0 0x0000557ee7401507 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) 
(build-all/bin/clang+0x7ed8507)
 #1 0x0000557ee73ff06e llvm::sys::RunSignalHandlers() 
(build-all/bin/clang+0x7ed606e)
 #2 0x0000557ee7401bcf SignalHandler(int) Signals.cpp:0:0
 #3 0x00007f566e78acf0 __restore_rt (/lib64/libpthread.so.0+0x12cf0)
 #4 0x00007f566c343acf raise (/lib64/libc.so.6+0x4eacf)
 #5 0x00007f566c316ea5 abort (/lib64/libc.so.6+0x21ea5)
 #6 0x00007f566c316d79 _nl_load_domain.cold.0 (/lib64/libc.so.6+0x21d79)
 #7 0x00007f566c33c426 (/lib64/libc.so.6+0x47426)
 #8 0x0000557ee94c8881 
clang::ento::ElementRegion::ElementRegion(clang::QualType, clang::ento::NonLoc, 
clang::ento::SubRegion const*) MemRegion.cpp:0:0
 #9 0x0000557ee94c86a3 
clang::ento::MemRegionManager::getElementRegion(clang::QualType, 
clang::ento::NonLoc, clang::ento::SubRegion const*, clang::ASTContext const&) 
(build-all/bin/clang+0x9f9f6a3)
#10 0x0000557ee9509dba (anonymous 
namespace)::RegionStoreManager::bind((anonymous namespace)::RegionBindingsRef 
const&, clang::ento::Loc, clang::ento::SVal) RegionStore.cpp:0:0
#11 0x0000557ee94ffb49 (anonymous namespace)::RegionStoreManager::Bind(void 
const*, clang::ento::Loc, clang::ento::SVal) RegionStore.cpp:0:0
#12 0x0000557ee94d69a1 clang::ento::ProgramState::bindLoc(clang::ento::Loc, 
clang::ento::SVal, clang::LocationContext const*, bool) const 
(build-all/bin/clang+0x9fad9a1)
#13 0x0000557ee9481c55 
clang::ento::ExprEngine::VisitGCCAsmStmt(clang::GCCAsmStmt const*, 
clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) 
(build-all/bin/clang+0x9f58c55)
#14 0x0000557ee947d2b4 clang::ento::ExprEngine::Visit(clang::Stmt const*, 
clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) 
(build-all/bin/clang+0x9f542b4)
#15 0x0000557ee9479805 clang::ento::ExprEngine::ProcessStmt(clang::Stmt const*, 
clang::ento::ExplodedNode*) (build-all/bin/clang+0x9f50805)
#16 0x0000557ee9479539 
clang::ento::ExprEngine::processCFGElement(clang::CFGElement, 
clang::ento::ExplodedNode*, unsigned int, clang::ento::NodeBuilderContext*) 
(build-all/bin/clang+0x9f50539)
#17 0x0000557ee945cc7e clang::ento::CoreEngine::HandlePostStmt(clang::CFGBlock 
const*, unsigned int, clang::ento::ExplodedNode*) 
(build-all/bin/clang+0x9f33c7e)
#18 0x0000557ee945bb3a 
clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*, 
unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>) 
(build-all/bin/clang+0x9f32b3a)
#19 0x0000557ee8fd8255 (anonymous 
namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int, 
clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*, 
llvm::DenseMapInfo<clang::Decl const*, void>>*) AnalysisConsumer.cpp:0:0
#20 0x0000557ee8fb10bb (anonymous 
namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&) 
AnalysisConsumer.cpp:0:0
#21 0x0000557ee955b927 clang::ParseAST(clang::Sema&, bool, bool) 
(build-all/bin/clang+0xa032927)
#22 0x0000557ee80b2390 clang::FrontendAction::Execute() 
(build-all/bin/clang+0x8b89390)
#23 0x0000557ee801d37f 
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) 
(build-all/bin/clang+0x8af437f)
#24 0x0000557ee81a017e 
clang::ExecuteCompilerInvocation(clang::CompilerInstance*) 
(build-all/bin/clang+0x8c7717e)
#25 0x0000557ee4c83df6 cc1_main(llvm::ArrayRef<char const*>, char const*, 
void*) (build-all/bin/clang+0x575adf6)
#26 0x0000557ee4c8059d ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&, 
llvm::ToolContext const&) driver.cpp:0:0
#27 0x0000557ee4c7f2e4 clang_main(int, char**, llvm::ToolContext const&) 
(build-all/bin/clang+0x57562e4)
#28 0x0000557ee4c90ab7 main (build-all/bin/clang+0x5767ab7)
#29 0x00007f566c32fd85 __libc_start_main (/lib64/libc.so.6+0x3ad85)
#30 0x0000557ee4c7deae _start (build-all/bin/clang+0x5754eae)
Abort (core dumped)
```
[bbi-98183.c.gz](https://github.com/user-attachments/files/16656552/bbi-98183.c.gz)


https://github.com/llvm/llvm-project/pull/103714
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [analyzer] Do not reason about locations passed as inline asm input (PR #103714)

Reply via email to