vs 2010 ostream:133: makes SA assertion failure

[Quuxplusone]

Bugzilla Link	PR50925
Status	NEW
Importance	P enhancement
Reported by	Ustchcs_Bugfinder (info@ustchcs.com)
Reported on	2021-06-28 06:18:09 -0700
Last modified on	2021-07-03 01:30:40 -0700
Version	trunk
Hardware	PC Windows NT
CC	balazs.benics@sigmatechnology.se, dcoughlin@apple.com, dpetrov@accesssoftek.com, llvm-bugs@lists.llvm.org, noqnoqneo@gmail.com
Fixed by commit(s)
Attachments	ast-dump.txt.gz (555027 bytes, text/plain) ex.cpp (183 bytes, text/x-c++src) 1.jpeg (72297 bytes, image/jpeg) ex-preprocessed.cpp (565026 bytes, text/x-c++src)
Blocks
Blocked by
See also

VS 2010:ostream:133:  return (_Ok ? _CONVERTIBLE_TO_TRUE : 0);

Assertion failure location: https://github.com/llvm/llvm-
project/blob/main/clang/lib/StaticAnalyzer/Core/RegionStore.cpp#L1438

1.  <eof> parser at end of file
Assertion failed!

Program: Z:\Workspace\dist\bin\clang-tidy.exe
File: /workdir/llvm-project/clang/lib/StaticAnalyzer/Core/RegionStore.cpp, Line
1439

Expression: !T->isVoidType() && "Attempting to dereference a void pointer!"
 #0 0x0000000062a31e80 HandleAbort.cold.232 (Z:\Workspace\dist\bin\LLVMSupport.dll+0x1e1e80)
 #1 0x000007fefdff1b65 (C:\Windows\system32\msvcrt.dll+0x41b65)
 #2 0x000007fefdff55ea (C:\Windows\system32\msvcrt.dll+0x455ea)
 #3 0x000000005c3505f6 _wassert ./build/x86_64-w64-mingw32-x86_64-w64-mingw32-crt\./mingw-w64-crt/misc\wassert.c:36:0
 #4 0x000000005c34f766 _assert ./build/x86_64-w64-mingw32-x86_64-w64-mingw32-crt\./mingw-w64-crt/misc\assert.c:29:0
 #5 0x000000005c2ff559 (anonymous namespace)::RegionStoreManager::getBinding((anonymous namespace)::RegionBindingsRef const&, clang::ento::Loc, clang::QualType) (Z:\Workspace\dist\bin\clangStaticAnalyzerCore.dll+0xef559)
 #6 0x000000005c2ffc03 (anonymous namespace)::RegionStoreManager::getBinding(void const*, clang::ento::Loc, clang::QualType) (Z:\Workspace\dist\bin\clangStaticAnalyzerCore.dll+0xefc03)
 #7 0x000000005c23fcf6 clang::ento::bugreporter::trackExpressionValue(clang::ento::ExplodedNode const*, clang::Expr const*, clang::ento::PathSensitiveBugReport&, clang::ento::bugreporter::TrackingKind, bool) (.part.1851) (Z:\Workspace\dist\bin\clangStaticAnalyzerCore.dll+0x2fcf6)
 #8 0x000000005c243900 (anonymous namespace)::ReturnVisitor::visitNodeInitial(clang::ento::ExplodedNode const*, clang::ento::BugReporterContext&, clang::ento::PathSensitiveBugReport&) (Z:\Workspace\dist\bin\clangStaticAnalyzerCore.dll+0x33900)
 #9 0x000000005c244162 (anonymous namespace)::ReturnVisitor::VisitNode(clang::ento::ExplodedNode const*, clang::ento::BugReporterContext&, clang::ento::PathSensitiveBugReport&) (Z:\Workspace\dist\bin\clangStaticAnalyzerCore.dll+0x34162)
#10 0x000000005c22e139
generateVisitorsDiagnostics(clang::ento::PathSensitiveBugReport*,
clang::ento::ExplodedNode const*, clang::ento::BugReporterContext&)
(Z:\Workspace\dist\bin\clangStaticAnalyzerCore.dll+0x1e139)
#11 0x000000005c22f5c5 (anonymous
namespace)::PathDiagnosticBuilder::findValidReport(llvm::ArrayRef<clang::ento::PathSensitiveBugReport*>&,
clang::ento::PathSensitiveBugReporter&)
(Z:\Workspace\dist\bin\clangStaticAnalyzerCore.dll+0x1f5c5)
#12 0x000000005c232b2d
clang::ento::PathSensitiveBugReporter::generatePathDiagnostics(llvm::ArrayRef<clang::ento::PathDiagnosticConsumer*>,
llvm::ArrayRef<clang::ento::PathSensitiveBugReport*>&)
(Z:\Workspace\dist\bin\clangStaticAnalyzerCore.dll+0x22b2d)
#13 0x000000005c233639
clang::ento::PathSensitiveBugReporter::generateDiagnosticForConsumerMap(clang::ento::BugReport*,
llvm::ArrayRef<clang::ento::PathDiagnosticConsumer*>,
llvm::ArrayRef<clang::ento::BugReport*>)
(Z:\Workspace\dist\bin\clangStaticAnalyzerCore.dll+0x23639)
#14 0x000000005c23041b
clang::ento::BugReporter::FlushReport(clang::ento::BugReportEquivClass&)
(Z:\Workspace\dist\bin\clangStaticAnalyzerCore.dll+0x2041b)
#15 0x000000005c23108f clang::ento::BugReporter::FlushReports()
(Z:\Workspace\dist\bin\clangStaticAnalyzerCore.dll+0x2108f)
#16 0x000000005cdf3f27 (anonymous
namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int,
clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*,
llvm::DenseMapInfo<clang::Decl const*> >*)
(Z:\Workspace\dist\bin\clangStaticAnalyzerFrontend.dll+0x3f27)
#17 0x000000005ce11ced (anonymous
namespace)::AnalysisConsumer::HandleDeclsCallGraph(unsigned int)
(Z:\Workspace\dist\bin\clangStaticAnalyzerFrontend.dll+0x21ced)
#18 0x000000005ce127c2 (anonymous
namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&)
(Z:\Workspace\dist\bin\clangStaticAnalyzerFrontend.dll+0x227c2)
#19 0x000000005e346820
clang::MultiplexConsumer::HandleTranslationUnit(clang::ASTContext&)
(Z:\Workspace\dist\bin\clangFrontend.dll+0xc6820)
#20 0x000000005dd21bd9 clang::ParseAST(clang::Sema&, bool, bool)
(Z:\Workspace\dist\bin\clangParse.dll+0x1bd9)
#21 0x000000005e3183a9 clang::FrontendAction::Execute()
(Z:\Workspace\dist\bin\clangFrontend.dll+0x983a9)
#22 0x000000005e2d5cbb
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
(Z:\Workspace\dist\bin\clangFrontend.dll+0x55cbb)
#23 0x000000005c0566da
clang::tooling::FrontendActionFactory::runInvocation(std::shared_ptr<clang::CompilerInvocation>,
clang::FileManager*, std::shared_ptr<clang::PCHContainerOperations>,
clang::DiagnosticConsumer*) (Z:\Workspace\dist\bin\clangTooling.dll+0x266da)
#24 0x0000000060f120a5
clang::tidy::runClangTidy(clang::tidy::ClangTidyContext&,
clang::tooling::CompilationDatabase const&,
llvm::ArrayRef<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > >,
llvm::IntrusiveRefCntPtr<llvm::vfs::OverlayFileSystem>, bool,
llvm::StringRef)::ActionFactory::runInvocation(std::shared_ptr<clang::CompilerInvocation>,
clang::FileManager*, std::shared_ptr<clang::PCHContainerOperations>,
clang::DiagnosticConsumer*) (Z:\Workspace\dist\bin\clangTidy.dll+0x20a5)
#25 0x000000005c04fa0f clang::tooling::ToolInvocation::runInvocation(char
const*, clang::driver::Compilation*,
std::shared_ptr<clang::CompilerInvocation>,
std::shared_ptr<clang::PCHContainerOperations>)
(Z:\Workspace\dist\bin\clangTooling.dll+0x1fa0f)
#26 0x000000005c0532fe clang::tooling::ToolInvocation::run()
(Z:\Workspace\dist\bin\clangTooling.dll+0x232fe)
#27 0x000000005c05470f
clang::tooling::ClangTool::run(clang::tooling::ToolAction*)
(Z:\Workspace\dist\bin\clangTooling.dll+0x2470f)
#28 0x0000000060f18193
clang::tidy::runClangTidy(clang::tidy::ClangTidyContext&,
clang::tooling::CompilationDatabase const&,
llvm::ArrayRef<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > >,
llvm::IntrusiveRefCntPtr<llvm::vfs::OverlayFileSystem>, bool, llvm::StringRef)
(Z:\Workspace\dist\bin\clangTidy.dll+0x8193)
#29 0x0000000074735b2a clang::tidy::clangTidyMain(int, char const**)
(Z:\Workspace\dist\bin\clangTidyMain.dll+0x5b2a)
#30 0x00000000004013c7 __tmainCRTStartup ./build/x86_64-w64-mingw32-x86_64-w64-
mingw32-crt\./mingw-w64-crt/crt\crtexe.c:341:0
#31 0x00000000004014fb mainCRTStartup ./build/x86_64-w64-mingw32-x86_64-w64-
mingw32-crt\./mingw-w64-crt/crt\crtexe.c:225:0
#32 0x0000000076fc652d (C:\Windows\system32\kernel32.dll+0x1652d)
#33 0x00000000770fc521 (C:\Windows\SYSTEM32\ntdll.dll+0x2c521)

[Quuxplusone]

Could you please attach the preprocessed source code of the code?
The invocation is might not be strictly necessary, but useful as well.
Also, which clang-tidy did you use? Do you have a commit hash?

/CC Denys, who worked on void dereference assertions in the past

[Quuxplusone]

Thanks for adding me!
We've recently been not able to reproduce such assertion in one another case,
so we just add a repro-test for the future, hoping to catch it.
https://reviews.llvm.org/D104381
Actually I didn't work on this but I don't mind to dig into the problem. I'll
put it into my backlog and handle ASAP.

[Quuxplusone]

Attached ast-dump.txt.gz (555027 bytes, text/plain): ast-dump

[Quuxplusone]

Attached ex.cpp (183 bytes, text/x-c++src): testcase

[Quuxplusone]

Attached 1.jpeg (72297 bytes, image/jpeg): screenshot

[Quuxplusone]

I could not reproduce it on godbolt, probably because the crash depends on VS
2010:ostream.
https://godbolt.org/z/sbWfTq7j5 - no crash even with assertions.

Reconstructing the source code from the AST dump is more than tedious IMO.
I would rather request a preprocessed version of the reproducer file.

You can acquire it by passing the '-E' flag to the invocation, then the '-o'
for specifying the name of the output file.

Let me know how it goes!
BTW thank you for reporting the issue.

[Quuxplusone]

Attached ex-preprocessed.cpp (565026 bytes, text/x-c++src): preprocessed testcase

[Quuxplusone]

It is vs 2010 specific.

[Quuxplusone]

I'm mainly a Linux user.
And I'm having difficulties with specifying the correct options to analyze the
attached code.

I tried something like this:
  ./bin/clang -cc1 -analyze -setup-static-analyzer -analyzer-checker=core ex-preprocessed.cpp  -std=c++14 -triple x86_64-pc-windows-msvc19.11.0 -fms-compatibility -fms-extensions

However, it still reports errors:

  C:/Program Files (x86)/Microsoft Visual Studio 10.0/VC/include\xmemory:37:3:
  error: cannot use 'throw' with exceptions disabled
    throw bad_alloc(0);

Or:

  C:/Program Files (x86)/Microsoft Visual Studio 10.0/VC/include\xlocale:263:17: error: no template named 'collate' in namespace 'std'
    const ::std:: collate<_Elem>& _Coll_fac =

Even if I specify the '-fexceptions' flag, remains the same.

Could you please provide a clang invocation?

[Quuxplusone]

I managed to build the preprocessed file as

  clang-cl /EHsc -c ex-preprocessed.cpp --analyze -Xclang -analyzer-output=text

after deleting the two lines that define char16_t and char32_t respectively.

(clang-cl is the variant of the clang driver that tries to emulate the
Microsoft compiler instead of GCC)

It doesn't crash on me anyway though.

Preprocessed files are typically very reliable so unless your full compile
command reveals something exotic, I suspect that your Clang isn't fresh enough.
In any case, please mention clang version and full invocation.