mikaelholmen wrote: Hello @balazs-benics-sonarsource
The following starts crashing with this patch: ```clang --analyze bbi-104578.c``` It crashes with ``` clang: ../../clang/lib/StaticAnalyzer/Core/RegionStore.cpp:375: LimitedRegionBindingsRef LimitedRegionBindingsRef::addBinding(BindingKey, SVal) const: Assertion `NewBindingsLeft.value() != 0' failed. PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script. Stack dump: 0. Program arguments: build-all/bin/clang --analyze bbi-104578.c 1. <eof> parser at end of file 2. While analyzing stack: #0 Calling c 3. bbi-104578.c:5:3: Error evaluating statement 4. bbi-104578.c:5:3: Error evaluating statement #0 0x000055dcb12b54f6 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (build-all/bin/clang+0x856b4f6) #1 0x000055dcb12b2fde llvm::sys::RunSignalHandlers() (build-all/bin/clang+0x8568fde) #2 0x000055dcb12b4834 llvm::sys::CleanupOnSignal(unsigned long) (build-all/bin/clang+0x856a834) #3 0x000055dcb1215bfd CrashRecoverySignalHandler(int) CrashRecoveryContext.cpp:0:0 #4 0x00007fa82a361d10 __restore_rt (/lib64/libpthread.so.0+0x12d10) #5 0x00007fa827d0152f raise (/lib64/libc.so.6+0x4e52f) #6 0x00007fa827cd4e65 abort (/lib64/libc.so.6+0x21e65) #7 0x00007fa827cd4d39 _nl_load_domain.cold.0 (/lib64/libc.so.6+0x21d39) #8 0x00007fa827cf9e86 (/lib64/libc.so.6+0x46e86) #9 0x000055dcb34a2bf5 LimitedRegionBindingsRef::addBinding((anonymous namespace)::BindingKey, clang::ento::SVal) const RegionStore.cpp:0:0 #10 0x000055dcb34a01f6 (anonymous namespace)::RegionStoreManager::bindArray(LimitedRegionBindingsRef const&, clang::ento::TypedValueRegion const*, clang::ento::SVal) RegionStore.cpp:0:0 #11 0x000055dcb34a03e3 (anonymous namespace)::RegionStoreManager::bindArray(LimitedRegionBindingsRef const&, clang::ento::TypedValueRegion const*, clang::ento::SVal) RegionStore.cpp:0:0 #12 0x000055dcb349fb68 (anonymous namespace)::RegionStoreManager::bind(LimitedRegionBindingsRef const&, clang::ento::Loc, clang::ento::SVal) RegionStore.cpp:0:0 #13 0x000055dcb3494678 (anonymous namespace)::RegionStoreManager::Bind(void const*, clang::ento::Loc, clang::ento::SVal) RegionStore.cpp:0:0 #14 0x000055dcb34609eb clang::ento::ProgramState::bindLoc(clang::ento::Loc, clang::ento::SVal, clang::LocationContext const*, bool) const (build-all/bin/clang+0xa7169eb) #15 0x000055dcb340dea2 clang::ento::ExprEngine::processPointerEscapedOnBind(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>, llvm::ArrayRef<std::pair<clang::ento::SVal, clang::ento::SVal>>, clang::LocationContext const*, clang::ento::PointerEscapeKind, clang::ento::CallEvent const*) (build-all/bin/clang+0xa6c3ea2) #16 0x000055dcb3403650 clang::ento::ExprEngine::evalBind(clang::ento::ExplodedNodeSet&, clang::Stmt const*, clang::ento::ExplodedNode*, clang::ento::SVal, clang::ento::SVal, bool, clang::ProgramPoint const*) (build-all/bin/clang+0xa6b9650) #17 0x000055dcb341e195 clang::ento::ExprEngine::VisitDeclStmt(clang::DeclStmt const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) (build-all/bin/clang+0xa6d4195) #18 0x000055dcb340261b clang::ento::ExprEngine::Visit(clang::Stmt const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) (build-all/bin/clang+0xa6b861b) #19 0x000055dcb33fe863 clang::ento::ExprEngine::ProcessStmt(clang::Stmt const*, clang::ento::ExplodedNode*) (build-all/bin/clang+0xa6b4863) #20 0x000055dcb33fe555 clang::ento::ExprEngine::processCFGElement(clang::CFGElement, clang::ento::ExplodedNode*, unsigned int, clang::ento::NodeBuilderContext*) (build-all/bin/clang+0xa6b4555) #21 0x000055dcb33e06b0 clang::ento::CoreEngine::HandlePostStmt(clang::CFGBlock const*, unsigned int, clang::ento::ExplodedNode*) (build-all/bin/clang+0xa6966b0) #22 0x000055dcb33dfd1b clang::ento::CoreEngine::dispatchWorkItem(clang::ento::ExplodedNode*, clang::ProgramPoint, clang::ento::WorkListUnit const&) (build-all/bin/clang+0xa695d1b) #23 0x000055dcb33df36d clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*, unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>) (build-all/bin/clang+0xa69536d) #24 0x000055dcb313d2c7 (anonymous namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int, clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*, llvm::DenseMapInfo<clang::Decl const*, void>>*) AnalysisConsumer.cpp:0:0 #25 0x000055dcb313b70b (anonymous namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&) AnalysisConsumer.cpp:0:0 #26 0x000055dcb34f6029 clang::ParseAST(clang::Sema&, bool, bool) (build-all/bin/clang+0xa7ac029) #27 0x000055dcb20b15e4 clang::FrontendAction::Execute() (build-all/bin/clang+0x93675e4) #28 0x000055dcb201a1cd clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (build-all/bin/clang+0x92d01cd) #29 0x000055dcb21b37c5 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (build-all/bin/clang+0x94697c5) #30 0x000055dcae7a9626 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (build-all/bin/clang+0x5a5f626) #31 0x000055dcae7a5abd ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&, llvm::ToolContext const&) driver.cpp:0:0 #32 0x000055dcb1e4f979 void llvm::function_ref<void ()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const::$_0>(long) Job.cpp:0:0 #33 0x000055dcb12158f6 llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) (build-all/bin/clang+0x84cb8f6) #34 0x000055dcb1e4ee83 clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const (build-all/bin/clang+0x9104e83) #35 0x000055dcb1e07517 clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&, clang::driver::Command const*&, bool) const (build-all/bin/clang+0x90bd517) #36 0x000055dcb1e07837 clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&, bool) const (build-all/bin/clang+0x90bd837) #37 0x000055dcb1e280c9 clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&) (build-all/bin/clang+0x90de0c9) #38 0x000055dcae7a4f16 clang_main(int, char**, llvm::ToolContext const&) (build-all/bin/clang+0x5a5af16) #39 0x000055dcae7b5d06 main (build-all/bin/clang+0x5a6bd06) #40 0x00007fa827ced7e5 __libc_start_main (/lib64/libc.so.6+0x3a7e5) #41 0x000055dcae7a342e _start (build-all/bin/clang+0x5a5942e) clang: error: clang frontend command failed with exit code 134 (use -v to see invocation) clang version 21.0.0git Target: x86_64-unknown-linux-gnu Thread model: posix InstalledDir: /repo/uabelho/main-github/llvm/build-all/bin Build config: +assertions clang: note: diagnostic msg: ******************** PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT: Preprocessed source(s) and associated run script(s) are located at: clang: note: diagnostic msg: /tmp/bbi-104578-9c6928.c clang: note: diagnostic msg: /tmp/bbi-104578-9c6928.sh clang: note: diagnostic msg: ******************** ``` [bbi-104578.c.gz](https://github.com/user-attachments/files/19023020/bbi-104578.c.gz) https://github.com/llvm/llvm-project/pull/127602 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
