search

llvm / llvm-project

The LLVM Project is a collection of modular and reusable compiler and toolchain technologies.
http://llvm.org
Other
28.97k stars 11.94k forks source link

Two Crashes in StaticAnalyzer of Clang #43683

Open llvmbot opened 4 years ago

llvmbot commented 4 years ago
Bugzilla Link 44338
Version trunk
OS Linux
Reporter LLVM Bugzilla Contributor
CC @Snape3058,@steakhal,@davidbolvansky,@devincoughlin,@haoNoQ

Extended Description

First crash seems to be occasioned by a typo in file clang-8.0.0.src/StaticAnalyzer/Core/PathSensitive/SMTConstraintManager.h:144. Condition !isSat.hasValue() || isNotSat.getValue() here should be !isNotSat.hasValue() || isNotSat.getValue(). getValue here crashed when we used the static analyzer to analyze postgresql-12.0.

Second crash occured at line 161 in the same file. It seems that SC->getType() may return some types except void, integer and location occasionally. This crash happended on the analysis for ffmpeg-4.2.git.

Both of them happended several hours later than correspondent analysis began with AlwaysInlineSize, MinCFGSizeTreatFunctionsAsLarge and MaxInlinableSize configured to 1000.

Snape3058 commented 4 years ago

The patch is now being discussed on https://reviews.llvm.org/D83660. However, we still need a test case to trigger the problem. If anybody wants to help, you can leave a regression test case here or just add the test case to the patch.

Thanks

llvmbot commented 4 years ago

Sorry, It is a long time ago, and I'm now occupied by some other projects right now. So I could also not reproduce it easily.

steakhal commented 4 years ago

getValue here crashed when we used the static analyzer to analyze postgresql-12.0. I could not reproduce the crash with the Z3 constraint manager on trunk.

Could you specify exactly what configuration did you use? Or a stack trace for the crash? Which file caused the crash?

llvmbot commented 4 years ago

assigned to @Snape3058