search

Quuxplusone / LLVMBugzillaTest

0 stars 0 forks source link

clang-analyzer-osx RetainCount rules crash #44041

Open Quuxplusone opened 4 years ago

Quuxplusone commented 4 years ago
Bugzilla Link PR45071
Status NEW
Importance P normal
Reported by John McFarlane (john@mcfarlane.name)
Reported on 2020-03-01 14:14:05 -0800
Last modified on 2020-04-12 11:59:26 -0700
Version unspecified
Hardware PC Linux
CC alexfh@google.com, djasper@google.com, klimek@google.com
Fixed by commit(s)
Attachments source-file-cpp11.cpp (934700 bytes, text/x-c++src)
Blocks
Blocked by
See also 
Created attachment 23191
Preprocessed C++ input

Summary:

Clang-Tidy crashes from time to time with well-formed source code .

The crash happens on Clang 9.0.0 and recent 10.0.0. While reducing the input, I
found that the problem went away in 10.0.0 but not with 9.0.0 so I don't know
how to reduce further or whether this is a single issue.

Repro:

With the given source file, you can reproduce simply with

    clang-tidy source-file-cpp11.cpp

Versions:

9.0.0 version is stock Ubuntu 19.10 package...

    john@carbon:~/ws/revision/build$ clang-tidy --version
    LLVM (http://llvm.org/):
      LLVM version 9.0.0

      Optimized build.
      Default target: x86_64-pc-linux-gnu
      Host CPU: skylake

    john@carbon:~/ws/revision/build$ apt show clang-tidy
    Package: clang-tidy
    Version: 1:9.0-49~exp1
    Priority: optional
    Section: universe/devel
    Source: llvm-defaults (0.49~exp1)
    ...

10.0.0 is a local build...

    john@carbon:~/ws/revision/build$ clang-tidy --version
    LLVM (http://llvm.org/):
      LLVM version 10.0.0
      Optimized build.
      Default target: x86_64-unknown-linux-gnu
      Host CPU: skylake

llvm-project SHA is 4c6e5899859651d5f0907fc4d5752e616c1598c3
config: cmake -GNinja -DCMAKE_CXX_COMPILER_LAUNCHER=ccache -
DCMAKE_BUILD_TYPE=MinSizeRel -DLLVM_ENABLE_PROJECTS="clang;compiler-
rt;libcxx;libcxxabi;libunwind;clang-tools-extra" -
DCMAKE_INSTALL_PREFIX=/home/john/llvm ../llvm-project/llvm/

Input source:

The input (attached) is preprocessor output which was generated with the
command line:

    john@carbon:~/ws/revision/build$ /usr/bin/c++  -DCNL_BOOST_ENABLED -I/home/john/.conan/data/benchmark/1.5.0/johnmcfarlane/stable/package/2d691cf2893838db938d13bb62c6b6a99529967e/include -I/home/john/ws/revision/cnl/src/test -I/home/john/ws/revision/cnl/include -isystem /home/john/.conan/data/gtest/1.8.1/bincrafters/stable/package/3522b70b1cf11f6272690bc7f553328064d96810/include        -O3 -DNDEBUG     -Wall -Wextra -Werror -Wundef -ftemplate-backtrace-limit=0 -pthread -fconstexpr-backtrace-limit=0 -fconstexpr-steps=1000000000 -std=c++11 -fexceptions -frtti -DCNL_USE_INT128=1 -Wconversion -Wno-sign-conversion -ftemplate-backtrace-limit=0  -o source-file-cpp11.cpp -c /home/john/ws/revision/cnl/src/test/elastic_integer/rounding_integer/overflow_integer/rounding_safe_integer.cpp -E

where

    john@carbon:~/ws/revision/build$ /usr/bin/c++ --version
    clang version 9.0.0-2 (tags/RELEASE_900/final)
    Target: x86_64-pc-linux-gnu
    Thread model: posix
    InstalledDir: /usr/bin

Backtraces:

Version 9.0.0 output (no symbols):

john@carbon:~/ws/revision/build$ clang-tidy source-file-cpp11.cpp
 #0 0x00007fc01db5656f llvm::sys::PrintStackTrace(llvm::raw_ostream&) (/lib/x86_64-linux-gnu/libLLVM-9.so.1+0xa4256f)
 #1 0x00007fc01db54952 llvm::sys::RunSignalHandlers() (/lib/x86_64-linux-gnu/libLLVM-9.so.1+0xa40952)
 #2 0x00007fc01db56971 (/lib/x86_64-linux-gnu/libLLVM-9.so.1+0xa42971)
 #3 0x00007fc021328540 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x15540)
 #4 0x000000000168de1f (/usr/lib/llvm-9/bin/clang-tidy+0x168de1f)
 #5 0x0000000001696ebb (/usr/lib/llvm-9/bin/clang-tidy+0x1696ebb)
 #6 0x000000000168a0b7 (/usr/lib/llvm-9/bin/clang-tidy+0x168a0b7)
 #7 0x000000000169cabc (/usr/lib/llvm-9/bin/clang-tidy+0x169cabc)
 #8 0x00000000016cfec0 (/usr/lib/llvm-9/bin/clang-tidy+0x16cfec0)
 #9 0x00000000016d195a (/usr/lib/llvm-9/bin/clang-tidy+0x16d195a)
#10 0x00000000016d0f22 (/usr/lib/llvm-9/bin/clang-tidy+0x16d0f22)
#11 0x00000000016d0c4e (/usr/lib/llvm-9/bin/clang-tidy+0x16d0c4e)
#12 0x00000000016d0a6a (/usr/lib/llvm-9/bin/clang-tidy+0x16d0a6a)
#13 0x000000000141bff9 (/usr/lib/llvm-9/bin/clang-tidy+0x141bff9)
#14 0x000000000141d2bd (/usr/lib/llvm-9/bin/clang-tidy+0x141d2bd)
#15 0x000000000141d4d6 (/usr/lib/llvm-9/bin/clang-tidy+0x141d4d6)
#16 0x000000000141e078 (/usr/lib/llvm-9/bin/clang-tidy+0x141e078)
#17 0x0000000000958a32 (/usr/lib/llvm-9/bin/clang-tidy+0x958a32)
#18 0x00000000009cf14c (/usr/lib/llvm-9/bin/clang-tidy+0x9cf14c)
#19 0x00000000009e93b4 (/usr/lib/llvm-9/bin/clang-tidy+0x9e93b4)
#20 0x00000000009d5dfa (/usr/lib/llvm-9/bin/clang-tidy+0x9d5dfa)
#21 0x00000000007c534b (/usr/lib/llvm-9/bin/clang-tidy+0x7c534b)
#22 0x00000000007bfbf7 (/usr/lib/llvm-9/bin/clang-tidy+0x7bfbf7)
#23 0x0000000000b2033c (/usr/lib/llvm-9/bin/clang-tidy+0xb2033c)
#24 0x0000000000c2e4d3 (/usr/lib/llvm-9/bin/clang-tidy+0xc2e4d3)
#25 0x0000000000b09dc8 (/usr/lib/llvm-9/bin/clang-tidy+0xb09dc8)
#26 0x0000000000ac8940 (/usr/lib/llvm-9/bin/clang-tidy+0xac8940)
#27 0x0000000000798cf6 (/usr/lib/llvm-9/bin/clang-tidy+0x798cf6)
#28 0x0000000000438f95 (/usr/lib/llvm-9/bin/clang-tidy+0x438f95)
#29 0x0000000000798a66 (/usr/lib/llvm-9/bin/clang-tidy+0x798a66)
#30 0x00000000007980ff (/usr/lib/llvm-9/bin/clang-tidy+0x7980ff)
#31 0x0000000000799e8a (/usr/lib/llvm-9/bin/clang-tidy+0x799e8a)
#32 0x0000000000435e95 (/usr/lib/llvm-9/bin/clang-tidy+0x435e95)
#33 0x0000000000432fe3 (/usr/lib/llvm-9/bin/clang-tidy+0x432fe3)
#34 0x00007fc01cbf31e3 __libc_start_main /build/glibc-t7JzpG/glibc-
2.30/csu/../csu/libc-start.c:342:3
#35 0x000000000043134e (/usr/lib/llvm-9/bin/clang-tidy+0x43134e)
Segmentation fault (core dumped)

Version 10.0.0:

john@carbon:~/ws/revision/build$ clang-tidy source-file-cpp11.cpp
Stack dump:
0.  Program arguments: clang-tidy source-file-cpp11.cpp
1.  <eof> parser at end of file
 #0 0x00000000005e5ff1 llvm::sys::PrintStackTrace(llvm::raw_ostream&) (/home/john/llvm/bin/clang-tidy+0x5e5ff1)
 #1 0x00000000005e66c7 SignalHandler(int) (/home/john/llvm/bin/clang-tidy+0x5e66c7)
 #2 0x00007f3e65275540 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x15540)
 #3 0x00000000013fcc94 clang::StmtVisitorBase<std::add_pointer, (anonymous namespace)::StmtPrinter, void>::Visit(clang::Stmt*) (/home/john/llvm/bin/clang-tidy+0x13fcc94)
 #4 0x00000000014035a7 (anonymous namespace)::StmtPrinter::PrintCallArgs(clang::CallExpr*) (/home/john/llvm/bin/clang-tidy+0x14035a7)
 #5 0x0000000001402b74 (anonymous namespace)::StmtPrinter::VisitCallExpr(clang::CallExpr*) (/home/john/llvm/bin/clang-tidy+0x1402b74)
 #6 0x00000000013fc029 clang::Stmt::printPretty(llvm::raw_ostream&, clang::PrinterHelper*, clang::PrintingPolicy const&, unsigned int, llvm::StringRef, clang::ASTContext const*) const (/home/john/llvm/bin/clang-tidy+0x13fc029)
 #7 0x0000000001406e9c clang::TemplateArgument::print(clang::PrintingPolicy const&, llvm::raw_ostream&) const (/home/john/llvm/bin/clang-tidy+0x1406e9c)
 #8 0x00000000014251e8 void printTo<clang::TemplateArgument>(llvm::raw_ostream&, llvm::ArrayRef<clang::TemplateArgument>, clang::PrintingPolicy const&, bool) (/home/john/llvm/bin/clang-tidy+0x14251e8)
 #9 0x000000000142830a (anonymous namespace)::TypePrinter::printTemplateSpecializationBefore(clang::TemplateSpecializationType const*, llvm::raw_ostream&) (/home/john/llvm/bin/clang-tidy+0x142830a)
#10 0x0000000001426809 (anonymous
namespace)::TypePrinter::printBefore(clang::Type const*, clang::Qualifiers,
llvm::raw_ostream&) (/home/john/llvm/bin/clang-tidy+0x1426809)
#11 0x0000000001425c96 (anonymous namespace)::TypePrinter::print(clang::Type
const*, clang::Qualifiers, llvm::raw_ostream&, llvm::StringRef)
(/home/john/llvm/bin/clang-tidy+0x1425c96)
#12 0x0000000001425ae6 clang::QualType::getAsStringInternal(clang::Type const*,
clang::Qualifiers, std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> >&, clang::PrintingPolicy const&)
(/home/john/llvm/bin/clang-tidy+0x1425ae6)
#13 0x000000000142598a clang::QualType::getAsString[abi:cxx11]() const
(/home/john/llvm/bin/clang-tidy+0x142598a)
#14 0x0000000001214243
clang::ento::RetainSummaryManager::getSummaryForObjCOrCFObject(clang::FunctionDecl
const*, llvm::StringRef, clang::QualType, clang::FunctionType const*, bool&)
(/home/john/llvm/bin/clang-tidy+0x1214243)
#15 0x00000000012154ac
clang::ento::RetainSummaryManager::generateSummary(clang::FunctionDecl const*,
bool&) (/home/john/llvm/bin/clang-tidy+0x12154ac)
#16 0x0000000001215559
clang::ento::RetainSummaryManager::getFunctionSummary(clang::FunctionDecl
const*) (/home/john/llvm/bin/clang-tidy+0x1215559)
#17 0x0000000001215d0b
clang::ento::RetainSummaryManager::getSummary(clang::AnyCall, bool, bool,
clang::QualType) (/home/john/llvm/bin/clang-tidy+0x1215d0b)
#18 0x0000000000a15c72
clang::ento::retaincountchecker::RetainCountChecker::checkBeginFunction(clang::ento::CheckerContext&)
const (/home/john/llvm/bin/clang-tidy+0xa15c72)
#19 0x0000000000a69c2f
clang::ento::CheckerManager::runCheckersForBeginFunction(clang::ento::ExplodedNodeSet&,
clang::BlockEdge const&, clang::ento::ExplodedNode*, clang::ento::ExprEngine&)
(/home/john/llvm/bin/clang-tidy+0xa69c2f)
#20 0x0000000000a82f3c
clang::ento::ExprEngine::processBeginOfFunction(clang::ento::NodeBuilderContext&,
clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&, clang::BlockEdge
const&) (/home/john/llvm/bin/clang-tidy+0xa82f3c)
#21 0x0000000000a6e92b
clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*,
unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>)
(/home/john/llvm/bin/clang-tidy+0xa6e92b)
#22 0x00000000008df0e9
clang::ento::ExprEngine::ExecuteWorkList(clang::LocationContext const*,
unsigned int) (/home/john/llvm/bin/clang-tidy+0x8df0e9)
#23 0x00000000008defa9 (anonymous
namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int,
clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*,
llvm::DenseMapInfo<clang::Decl const*> >*) (/home/john/llvm/bin/clang-
tidy+0x8defa9)
#24 0x00000000008cf924 (anonymous
namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&)
(/home/john/llvm/bin/clang-tidy+0x8cf924)
#25 0x0000000000b66985
clang::MultiplexConsumer::HandleTranslationUnit(clang::ASTContext&)
(/home/john/llvm/bin/clang-tidy+0xb66985)
#26 0x0000000000c26a22 clang::ParseAST(clang::Sema&, bool, bool)
(/home/john/llvm/bin/clang-tidy+0xc26a22)
#27 0x0000000000b5513a clang::FrontendAction::Execute()
(/home/john/llvm/bin/clang-tidy+0xb5513a)
#28 0x0000000000b28d87
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
(/home/john/llvm/bin/clang-tidy+0xb28d87)
#29 0x00000000005f25cd
clang::tooling::FrontendActionFactory::runInvocation(std::shared_ptr<clang::CompilerInvocation>,
clang::FileManager*, std::shared_ptr<clang::PCHContainerOperations>,
clang::DiagnosticConsumer*) (/home/john/llvm/bin/clang-tidy+0x5f25cd)
#30 0x00000000005fed15
clang::tidy::runClangTidy(clang::tidy::ClangTidyContext&,
clang::tooling::CompilationDatabase const&,
llvm::ArrayRef<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > >,
llvm::IntrusiveRefCntPtr<llvm::vfs::OverlayFileSystem>, bool,
llvm::StringRef)::ActionFactory::runInvocation(std::shared_ptr<clang::CompilerInvocation>,
clang::FileManager*, std::shared_ptr<clang::PCHContainerOperations>,
clang::DiagnosticConsumer*) (/home/john/llvm/bin/clang-tidy+0x5fed15)
#31 0x00000000005f23cb clang::tooling::ToolInvocation::runInvocation(char
const*, clang::driver::Compilation*,
std::shared_ptr<clang::CompilerInvocation>,
std::shared_ptr<clang::PCHContainerOperations>) (/home/john/llvm/bin/clang-
tidy+0x5f23cb)
#32 0x00000000005f1e5c clang::tooling::ToolInvocation::run()
(/home/john/llvm/bin/clang-tidy+0x5f1e5c)
#33 0x00000000005f3336
clang::tooling::ClangTool::run(clang::tooling::ToolAction*)
(/home/john/llvm/bin/clang-tidy+0x5f3336)
#34 0x00000000005fc5cc
clang::tidy::runClangTidy(clang::tidy::ClangTidyContext&,
clang::tooling::CompilationDatabase const&,
llvm::ArrayRef<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > >,
llvm::IntrusiveRefCntPtr<llvm::vfs::OverlayFileSystem>, bool, llvm::StringRef)
(/home/john/llvm/bin/clang-tidy+0x5fc5cc)
#35 0x0000000000419315 main (/home/john/llvm/bin/clang-tidy+0x419315)
#36 0x00007f3e64ce01e3 __libc_start_main /build/glibc-t7JzpG/glibc-
2.30/csu/../csu/libc-start.c:342:3
#37 0x000000000041758e _start (/home/john/llvm/bin/clang-tidy+0x41758e)
Segmentation fault (core dumped)

Examples of crashes from CI run: https://travis-
ci.org/johnmcfarlane/cnl/builds/656836507
Quuxplusone commented 4 years ago

Attached source-file-cpp11.cpp (934700 bytes, text/x-c++src): Preprocessed C++ input

Quuxplusone commented 4 years ago 
I've narrowed the crash down to enabling of three rules:

- clang-analyzer-osx.cocoa.RetainCount,
- clang-analyzer-osx.cocoa.RetainCountBase, and
- clang-analyzer-osx.OSObjectRetainCount.

When all three rules are disabled, the crash does not occur.

To reproduce, download the attached source file and run either clang-tidy v9 or
v10 like so...

    clang-tidy Downloads/source-file-cpp11.cpp

... and observe that Clang-Tidy crashes.

To show that excluding three of the clang-analyzer-osx rules circumvents the
crash, amend the command...

    clang-tidy Downloads/source-file-cpp11.cpp --checks="*,-clang-analyzer-osx.cocoa.RetainCount,-clang-analyzer-osx.cocoa.RetainCountBase,-clang-analyzer-osx.OSObjectRetainCount"

...and observe that Clang-Tidy completes without crashing.

I've updated the name of the issue accordingly.