search

Quuxplusone / LLVMBugzillaTest

0 stars 0 forks source link

clang-analyzer crash: in clang::Decl::getAsFunction() ? #31791

Open Quuxplusone opened 7 years ago

Quuxplusone commented 7 years ago
Bugzilla Link PR32819
Status NEW
Importance P enhancement
Reported by Roman Lebedev (lebedev.ri@gmail.com)
Reported on 2017-04-26 13:52:48 -0700
Last modified on 2017-04-27 09:40:47 -0700
Version trunk
Hardware PC Linux
CC dcoughlin@apple.com, llvm-bugs@lists.llvm.org
Fixed by commit(s)
Attachments clang_crash__vcEYv.ii (99 bytes, text/plain)
clang_crash__vcEYv.ii.stderr.txt (20275 bytes, text/plain)
clang_crash__vcEYv.ii (1006335 bytes, text/plain)
Blocks
Blocked by
See also 
Created attachment 18364
reduced testcase (i'm not sure i reduced it properly)

clang version 5.0.0-svn301352-1~exp1 (trunk)
Quuxplusone commented 7 years ago

Attached clang_crash__vcEYv.ii (99 bytes, text/plain): reduced testcase (i'm not sure i reduced it properly)

Quuxplusone commented 7 years ago

Attached clang_crash__vcEYv.ii.stderr.txt (20275 bytes, text/plain): stderr

Quuxplusone commented 7 years ago

Attached clang_crash__vcEYv.ii (1006335 bytes, text/plain): original preprocessed unreduced sources

Quuxplusone commented 7 years ago 
bt

#0 0x00007faa01951b8a llvm::sys::PrintStackTrace(llvm::raw_ostream&)
(/usr/lib/x86_64-linux-gnu/libLLVM-5.0.so.1+0x863b8a)
#1 0x00007faa0194fd1e llvm::sys::RunSignalHandlers() (/usr/lib/x86_64-linux-
gnu/libLLVM-5.0.so.1+0x861d1e)
#2 0x00007faa0194fe42 (/usr/lib/x86_64-linux-gnu/libLLVM-5.0.so.1+0x861e42)
#3 0x00007faa043770c0 __restore_rt (/lib/x86_64-linux-
gnu/libpthread.so.0+0x110c0)
#4 0x000055a4fb158280 clang::Decl::getAsFunction() (/usr/lib/llvm-
5.0/bin/clang+++0x158b280)
#5 0x000055a4fad66cd4 (/usr/lib/llvm-5.0/bin/clang+++0x1199cd4)
#6 0x000055a4faf918c7 (/usr/lib/llvm-5.0/bin/clang+++0x13c48c7)
#7 0x000055a4faf92bda
clang::ento::CheckerManager::runCheckersForCallEvent(bool,
clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNodeSet const&,
clang::ento::CallEvent const&, clang::ento::ExprEngine&, bool) (/usr/lib/llvm-
5.0/bin/clang+++0x13c5bda)
#8 0x000055a4fafdc0ab
clang::ento::ExprEngine::evalCall(clang::ento::ExplodedNodeSet&,
clang::ento::ExplodedNode*, clang::ento::CallEvent const&) (/usr/lib/llvm-
5.0/bin/clang+++0x140f0ab)
#9 0x000055a4fafdc320 clang::ento::ExprEngine::VisitCallExpr(clang::CallExpr
const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&)
(/usr/lib/llvm-5.0/bin/clang+++0x140f320)
#10 0x000055a4fafcae61 clang::ento::ExprEngine::Visit(clang::Stmt const*,
clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) (/usr/lib/llvm-
5.0/bin/clang+++0x13fde61)
#11 0x000055a4fafccb7c clang::ento::ExprEngine::ProcessStmt(clang::CFGStmt,
clang::ento::ExplodedNode*) (/usr/lib/llvm-5.0/bin/clang+++0x13ffb7c)
#12 0x000055a4fafccda6
clang::ento::ExprEngine::processCFGElement(clang::CFGElement,
clang::ento::ExplodedNode*, unsigned int, clang::ento::NodeBuilderContext*)
(/usr/lib/llvm-5.0/bin/clang+++0x13ffda6)
#13 0x000055a4faf9e71e clang::ento::CoreEngine::HandlePostStmt(clang::CFGBlock
const*, unsigned int, clang::ento::ExplodedNode*) (/usr/lib/llvm-
5.0/bin/clang+++0x13d171e)
#14 0x000055a4faf9e8cc
clang::ento::CoreEngine::dispatchWorkItem(clang::ento::ExplodedNode*,
clang::ProgramPoint, clang::ento::WorkListUnit const&) (/usr/lib/llvm-
5.0/bin/clang+++0x13d18cc)
#15 0x000055a4faf9f40d
clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*,
unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>)
(/usr/lib/llvm-5.0/bin/clang+++0x13d240d)
#16 0x000055a4fa6bf649 (/usr/lib/llvm-5.0/bin/clang+++0xaf2649)
#17 0x000055a4fa6bff67 (/usr/lib/llvm-5.0/bin/clang+++0xaf2f67)
#18 0x000055a4fa6c8408 (/usr/lib/llvm-5.0/bin/clang+++0xafb408)
#19 0x000055a4fa6cdb48 clang::ParseAST(clang::Sema&, bool, bool) (/usr/lib/llvm-
5.0/bin/clang+++0xb00b48)
#20 0x000055a4fa474c76 clang::FrontendAction::Execute() (/usr/lib/llvm-
5.0/bin/clang+++0x8a7c76)
#21 0x000055a4fa4473a6
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/usr/lib/llvm-
5.0/bin/clang+++0x87a3a6)
#22 0x000055a4fa4f5a22
clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/usr/lib/llvm-
5.0/bin/clang+++0x928a22)
#23 0x000055a4fa0f0d48 cc1_main(llvm::ArrayRef<char const*>, char const*,
void*) (/usr/lib/llvm-5.0/bin/clang+++0x523d48)
#24 0x000055a4fa0e0549 main (/usr/lib/llvm-5.0/bin/clang+++0x513549)
#25 0x00007faa0028e2b1 __libc_start_main (/lib/x86_64-linux-
gnu/libc.so.6+0x202b1)
#26 0x000055a4fa0eed6a _start (/usr/lib/llvm-5.0/bin/clang+++0x521d6a)
Stack dump:
0.  Program arguments: ... (see stderr)
1.  <eof> parser at end of file
2.  While analyzing stack:
    #0 ~unique_ptr<unsigned char, void (*)(void *)>() noexcept
    #1 unique_ptr<rawspeed::uchar8, decltype(&alignedFree)>
Buffer::Create(rawspeed::Buffer::size_type size)
    #2 Buffer::Buffer(rawspeed::Buffer::size_type size_) : NULL
TYPE(Create(size_), size_) {}
3.  /usr/lib64/gcc/x86_64-linux-
gnu/6.3.0/../../../../include/c++/6.3.0/bits/unique_ptr.h:239:4: Error
evaluating statement
4.  /usr/lib64/gcc/x86_64-linux-
gnu/6.3.0/../../../../include/c++/6.3.0/bits/unique_ptr.h:239:4: Error
evaluating statement
Quuxplusone commented 7 years ago

Thanks for this report too!

Can you comment with the command-line you used to run the analyzer? This will help us to reproduce it.

Quuxplusone commented 7 years ago 
The execution arguments are in stderr file.
I did try to creduce this, but i don't really know how to write proper
interestingness test for this problem, so as you can see in this bug, i think
reduction failed.
Quuxplusone commented 7 years ago

I see, thanks!

Those are the arguments the driver passes to -cc1. Would you be willing to share the command line that you used? (i.e., the user interface to the tool.) Did you run the analyzer from clang-tidy? Did you use scan-build?

We'd like to improve the analyzer/clang-tidy user interface so people don't run the all the alpha checks. The alpha checks are work in progress and often incomplete or not polished yet, so we want to make sure that users aren't accidentally running them.

Quuxplusone commented 7 years ago 
(In reply to Devin Coughlin from comment #6)
> I see, thanks!
>
> Those are the arguments the driver passes to -cc1. Would you be willing to
> share the command line that you used? (i.e., the user interface to the
> tool.) Did you run the analyzer from clang-tidy? Did you use scan-build?

I used scan-build.

$ git clone https://github.com/darktable-org/rawspeed.git
$ mkdir rawspeed/build && cd rawspeed/build
scan-build-5.0 --help > checkslist
manually keep only the checks, and only the check names, regex it so each check
is prefixed with -enable-checker, drop debug checkers, and replace \n with " "
$ scan-build-5.0 --use-cc=clang-5.0 --use-c++=clang++-5.0 $(cat checkslist)
cmake ../ && scan-build-5.0 --use-cc=clang-5.0 --use-c++=clang++-5.0 $(cat
checkslist) -v -v -v -maxloop 1024 make -j9

BTW that resulted in more clang-analyzer bug reports, but i believe there were
only these two unique crashes, rest were duplicates.

> We'd like to improve the analyzer/clang-tidy user interface so people don't
> run the all the alpha checks. The alpha checks are work in progress and
> often incomplete or not polished yet, so we want to make sure that users
> aren't accidentally running them.

That is why i opened #32812 :)