search

llvm / llvm-project

The LLVM Project is a collection of modular and reusable compiler and toolchain technologies.
http://llvm.org
Other
28.25k stars 11.66k forks source link

segfault in clang::ento::ParamVarRegion::getValueType() (clang-tidy 18.1.8) #109738

Closed oliverlee closed 5 days ago

oliverlee commented 1 week ago

Toolchain installed on macOS via homebrew. The same error seems to occur on the 18.1.8 releases from llvm for aarch64-macos and x86_64-linux. Possibly related to the static call operator?

template <class T>
struct arg
{};

struct ctx
{
  static constexpr auto z = arg<ctx>{};
};

struct fun
{
  template <class T>
  static constexpr auto operator()(arg<T>) -> arg<T>
  {
    return {};
  }
};

auto main() -> int
{
  (void)fun{}(ctx::z);
}
❯  /opt/homebrew/opt/llvm/bin/clang-tidy --checks='-*,clang-analyzer-cplusplus*' --extra-arg='-std=c++23'  demo.cpp
Error while trying to load a compilation database:
Could not auto-detect compilation database for file "demo.cpp"
No compilation database found in /Users/oliver or any parent directory
fixed-compilation-database: Error while opening fixed database: No such file or directory
json-compilation-database: Error while opening JSON database: No such file or directory
Running without flags.
PLEASE submit a bug report to https://github.com/Homebrew/homebrew-core/issues and include the crash backtrace.
Stack dump:
0.      Program arguments: /opt/homebrew/opt/llvm/bin/clang-tidy --checks=-*,clang-analyzer-cplusplus* --extra-arg=-std=c++23 demo.cpp
1.      <eof> parser at end of file
2.      While analyzing stack:
        #0 Calling main()
3.      /Users/oliver/demo.cpp:22:15: Error evaluating statement
4.      /Users/oliver/demo.cpp:22:15: Error evaluating statement
 #0 0x000000011ca8dd60 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libLLVM.dylib+0x4695d60)
 #1 0x000000011ca8e134 SignalHandler(int) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libLLVM.dylib+0x4696134)
 #2 0x0000000198aae584 (/usr/lib/system/libsystem_platform.dylib+0x18047a584)
 #3 0x000000010d0348e4 clang::ento::ParamVarRegion::getValueType() const (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x22988e4)
 #4 0x000000010d07d120 (anonymous namespace)::RegionStoreManager::getBinding((anonymous namespace)::RegionBindingsRef const&, clang::ento::Loc, clang::QualType) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x22e1120)
 #5 0x000000010d073f84 (anonymous namespace)::RegionStoreManager::getBinding(void const*, clang::ento::Loc, clang::QualType) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x22d7f84)
 #6 0x000000010d046c40 clang::ento::ProgramState::getSVal(clang::ento::Loc, clang::QualType) const (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x22aac40)
 #7 0x000000010d01b73c clang::ento::ExprEngine::bindReturnValue(clang::ento::CallEvent const&, clang::LocationContext const*, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x227f73c)
 #8 0x000000010d01023c clang::ento::ExprEngine::performTrivialCopy(clang::ento::NodeBuilder&, clang::ento::ExplodedNode*, clang::ento::CallEvent const&) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x227423c)
 #9 0x000000010d0134c4 clang::ento::ExprEngine::handleConstructor(clang::Expr const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x22774c4)
#10 0x000000010cfef08c clang::ento::ExprEngine::Visit(clang::Stmt const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x225308c)
#11 0x000000010cfeb3c4 clang::ento::ExprEngine::ProcessStmt(clang::Stmt const*, clang::ento::ExplodedNode*) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x224f3c4)
#12 0x000000010cfeb174 clang::ento::ExprEngine::processCFGElement(clang::CFGElement, clang::ento::ExplodedNode*, unsigned int, clang::ento::NodeBuilderContext*) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x224f174)
#13 0x000000010cfcb2b0 clang::ento::CoreEngine::dispatchWorkItem(clang::ento::ExplodedNode*, clang::ProgramPoint, clang::ento::WorkListUnit const&) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x222f2b0)
#14 0x000000010cfcadbc clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*, unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x222edbc)
#15 0x000000010d32b144 (anonymous namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int, clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*, llvm::DenseMapInfo<clang::Decl const*, void>>*) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x258f144)
#16 0x000000010d31b1fc (anonymous namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x257f1fc)
#17 0x000000010ce67f74 clang::MultiplexConsumer::HandleTranslationUnit(clang::ASTContext&) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x20cbf74)
#18 0x000000010afa70f8 clang::ParseAST(clang::Sema&, bool, bool) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x20b0f8)
#19 0x000000010ce38dd4 clang::FrontendAction::Execute() (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x209cdd4)
#20 0x000000010cdbbad4 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x201fad4)
#21 0x000000010cf4c9e4 clang::tooling::FrontendActionFactory::runInvocation(std::__1::shared_ptr<clang::CompilerInvocation>, clang::FileManager*, std::__1::shared_ptr<clang::PCHContainerOperations>, clang::DiagnosticConsumer*) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x21b09e4)
#22 0x00000001042708a4 clang::tidy::runClangTidy(clang::tidy::ClangTidyContext&, clang::tooling::CompilationDatabase const&, llvm::ArrayRef<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>, llvm::IntrusiveRefCntPtr<llvm::vfs::OverlayFileSystem>, bool, bool, llvm::StringRef)::ActionFactory::runInvocation(std::__1::shared_ptr<clang::CompilerInvocation>, clang::FileManager*, std::__1::shared_ptr<clang::PCHContainerOperations>, clang::DiagnosticConsumer*) (/opt/homebrew/Cellar/llvm/18.1.8/bin/clang-tidy+0x10000c8a4)
#23 0x000000010cf4c724 clang::tooling::ToolInvocation::runInvocation(char const*, clang::driver::Compilation*, std::__1::shared_ptr<clang::CompilerInvocation>, std::__1::shared_ptr<clang::PCHContainerOperations>) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x21b0724)
#24 0x000000010cf4b33c clang::tooling::ToolInvocation::run() (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x21af33c)
#25 0x000000010cf4e228 clang::tooling::ClangTool::run(clang::tooling::ToolAction*) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x21b2228)
#26 0x000000010426b2c4 clang::tidy::runClangTidy(clang::tidy::ClangTidyContext&, clang::tooling::CompilationDatabase const&, llvm::ArrayRef<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>, llvm::IntrusiveRefCntPtr<llvm::vfs::OverlayFileSystem>, bool, bool, llvm::StringRef) (/opt/homebrew/Cellar/llvm/18.1.8/bin/clang-tidy+0x1000072c4)
#27 0x00000001042a11b8 clang::tidy::clangTidyMain(int, char const**) (/opt/homebrew/Cellar/llvm/18.1.8/bin/clang-tidy+0x10003d1b8)
#28 0x00000001986f3154
zsh: segmentation fault  /opt/homebrew/opt/llvm/bin/clang-tidy --checks='-*,clang-analyzer-cplusplus*'
llvmbot commented 1 week ago

@llvm/issue-subscribers-clang-static-analyzer

Author: Oliver Lee (oliverlee)

Toolchain installed on macOS via homebrew. The same error seems to occur on the 18.1.8 releases from llvm for aarch64-macos and x86_64-linux. Possibly related to the static call operator? ```cpp template <class T> struct arg {}; struct ctx { static constexpr auto z = arg<ctx>{}; }; struct fun { template <class T> static constexpr auto operator()(arg<T>) -> arg<T> { return {}; } }; auto main() -> int { (void)fun{}(ctx::z); } ``` ``` ❯ /opt/homebrew/opt/llvm/bin/clang-tidy --checks='-*,clang-analyzer-cplusplus*' --extra-arg='-std=c++23' demo.cpp Error while trying to load a compilation database: Could not auto-detect compilation database for file "demo.cpp" No compilation database found in /Users/oliver or any parent directory fixed-compilation-database: Error while opening fixed database: No such file or directory json-compilation-database: Error while opening JSON database: No such file or directory Running without flags. PLEASE submit a bug report to https://github.com/Homebrew/homebrew-core/issues and include the crash backtrace. Stack dump: 0. Program arguments: /opt/homebrew/opt/llvm/bin/clang-tidy --checks=-*,clang-analyzer-cplusplus* --extra-arg=-std=c++23 demo.cpp 1. <eof> parser at end of file 2. While analyzing stack: #0 Calling main() 3. /Users/oliver/demo.cpp:22:15: Error evaluating statement 4. /Users/oliver/demo.cpp:22:15: Error evaluating statement #0 0x000000011ca8dd60 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libLLVM.dylib+0x4695d60) #1 0x000000011ca8e134 SignalHandler(int) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libLLVM.dylib+0x4696134) #2 0x0000000198aae584 (/usr/lib/system/libsystem_platform.dylib+0x18047a584) #3 0x000000010d0348e4 clang::ento::ParamVarRegion::getValueType() const (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x22988e4) #4 0x000000010d07d120 (anonymous namespace)::RegionStoreManager::getBinding((anonymous namespace)::RegionBindingsRef const&, clang::ento::Loc, clang::QualType) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x22e1120) #5 0x000000010d073f84 (anonymous namespace)::RegionStoreManager::getBinding(void const*, clang::ento::Loc, clang::QualType) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x22d7f84) #6 0x000000010d046c40 clang::ento::ProgramState::getSVal(clang::ento::Loc, clang::QualType) const (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x22aac40) #7 0x000000010d01b73c clang::ento::ExprEngine::bindReturnValue(clang::ento::CallEvent const&, clang::LocationContext const*, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x227f73c) #8 0x000000010d01023c clang::ento::ExprEngine::performTrivialCopy(clang::ento::NodeBuilder&, clang::ento::ExplodedNode*, clang::ento::CallEvent const&) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x227423c) #9 0x000000010d0134c4 clang::ento::ExprEngine::handleConstructor(clang::Expr const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x22774c4) #10 0x000000010cfef08c clang::ento::ExprEngine::Visit(clang::Stmt const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x225308c) #11 0x000000010cfeb3c4 clang::ento::ExprEngine::ProcessStmt(clang::Stmt const*, clang::ento::ExplodedNode*) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x224f3c4) #12 0x000000010cfeb174 clang::ento::ExprEngine::processCFGElement(clang::CFGElement, clang::ento::ExplodedNode*, unsigned int, clang::ento::NodeBuilderContext*) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x224f174) #13 0x000000010cfcb2b0 clang::ento::CoreEngine::dispatchWorkItem(clang::ento::ExplodedNode*, clang::ProgramPoint, clang::ento::WorkListUnit const&) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x222f2b0) #14 0x000000010cfcadbc clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*, unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x222edbc) #15 0x000000010d32b144 (anonymous namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int, clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*, llvm::DenseMapInfo<clang::Decl const*, void>>*) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x258f144) #16 0x000000010d31b1fc (anonymous namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x257f1fc) #17 0x000000010ce67f74 clang::MultiplexConsumer::HandleTranslationUnit(clang::ASTContext&) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x20cbf74) #18 0x000000010afa70f8 clang::ParseAST(clang::Sema&, bool, bool) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x20b0f8) #19 0x000000010ce38dd4 clang::FrontendAction::Execute() (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x209cdd4) #20 0x000000010cdbbad4 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x201fad4) #21 0x000000010cf4c9e4 clang::tooling::FrontendActionFactory::runInvocation(std::__1::shared_ptr<clang::CompilerInvocation>, clang::FileManager*, std::__1::shared_ptr<clang::PCHContainerOperations>, clang::DiagnosticConsumer*) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x21b09e4) #22 0x00000001042708a4 clang::tidy::runClangTidy(clang::tidy::ClangTidyContext&, clang::tooling::CompilationDatabase const&, llvm::ArrayRef<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>, llvm::IntrusiveRefCntPtr<llvm::vfs::OverlayFileSystem>, bool, bool, llvm::StringRef)::ActionFactory::runInvocation(std::__1::shared_ptr<clang::CompilerInvocation>, clang::FileManager*, std::__1::shared_ptr<clang::PCHContainerOperations>, clang::DiagnosticConsumer*) (/opt/homebrew/Cellar/llvm/18.1.8/bin/clang-tidy+0x10000c8a4) #23 0x000000010cf4c724 clang::tooling::ToolInvocation::runInvocation(char const*, clang::driver::Compilation*, std::__1::shared_ptr<clang::CompilerInvocation>, std::__1::shared_ptr<clang::PCHContainerOperations>) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x21b0724) #24 0x000000010cf4b33c clang::tooling::ToolInvocation::run() (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x21af33c) #25 0x000000010cf4e228 clang::tooling::ClangTool::run(clang::tooling::ToolAction*) (/opt/homebrew/Cellar/llvm/18.1.8/lib/libclang-cpp.dylib+0x21b2228) #26 0x000000010426b2c4 clang::tidy::runClangTidy(clang::tidy::ClangTidyContext&, clang::tooling::CompilationDatabase const&, llvm::ArrayRef<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>, llvm::IntrusiveRefCntPtr<llvm::vfs::OverlayFileSystem>, bool, bool, llvm::StringRef) (/opt/homebrew/Cellar/llvm/18.1.8/bin/clang-tidy+0x1000072c4) #27 0x00000001042a11b8 clang::tidy::clangTidyMain(int, char const**) (/opt/homebrew/Cellar/llvm/18.1.8/bin/clang-tidy+0x10003d1b8) #28 0x00000001986f3154 zsh: segmentation fault /opt/homebrew/opt/llvm/bin/clang-tidy --checks='-*,clang-analyzer-cplusplus*' ```
EugeneZelenko commented 1 week ago

Could you please try 19 or main branch? https://godbolt.org should be helpful.

oliverlee commented 1 week ago

I wasn't able to repro with 18.1.0 or 19 on godbolt.

steakhal commented 6 days ago

Have you checked the release notes of clang-19? There I claim support for static call operators. Befofe clang-19 they didn't work.

oliverlee commented 6 days ago

I haven't checked with Clang 19 yet - I'll try to do so soon.

I'm a bit surprised as I have been defining all other function objects in a project with static call operators and I only know observed an issue with clang-tidy. I'm also surprised that godbolt isn't showing the same behavior. I first noticed the issue in a github runner using linux and then was able to reproduce it locally on my mac.

oliverlee commented 5 days ago

No issues on linux x86_64 with 19.1.0 or 20.0.0.