search

llvm / llvm-project

The LLVM Project is a collection of modular and reusable compiler and toolchain technologies.
http://llvm.org
Other
29.11k stars 12.01k forks source link

clang-analyzer-osx RetainCount rules crash #44416

Open johnmcfarlane opened 4 years ago

johnmcfarlane commented 4 years ago
Bugzilla Link 45071
Version unspecified
OS Linux
Attachments Preprocessed C++ input

Extended Description

Summary:

Clang-Tidy crashes from time to time with well-formed source code .

The crash happens on Clang 9.0.0 and recent 10.0.0. While reducing the input, I found that the problem went away in 10.0.0 but not with 9.0.0 so I don't know how to reduce further or whether this is a single issue.

Repro:

With the given source file, you can reproduce simply with

clang-tidy source-file-cpp11.cpp

Versions:

9.0.0 version is stock Ubuntu 19.10 package...

john@carbon:~/ws/revision/build$ clang-tidy --version
LLVM (http://llvm.org/):
  LLVM version 9.0.0

  Optimized build.
  Default target: x86_64-pc-linux-gnu
  Host CPU: skylake

john@carbon:~/ws/revision/build$ apt show clang-tidy
Package: clang-tidy
Version: 1:9.0-49~exp1
Priority: optional
Section: universe/devel
Source: llvm-defaults (0.49~exp1)
...

10.0.0 is a local build...

john@carbon:~/ws/revision/build$ clang-tidy --version
LLVM (http://llvm.org/):
  LLVM version 10.0.0
  Optimized build.
  Default target: x86_64-unknown-linux-gnu
  Host CPU: skylake

llvm-project SHA is 4c6e5899859651d5f0907fc4d5752e616c1598c3 config: cmake -GNinja -DCMAKE_CXX_COMPILER_LAUNCHER=ccache -DCMAKE_BUILD_TYPE=MinSizeRel -DLLVM_ENABLE_PROJECTS="clang;compiler-rt;libcxx;libcxxabi;libunwind;clang-tools-extra" -DCMAKE_INSTALL_PREFIX=/home/john/llvm ../llvm-project/llvm/

Input source:

The input (attached) is preprocessor output which was generated with the command line:

john@carbon:~/ws/revision/build$ /usr/bin/c++  -DCNL_BOOST_ENABLED -I/home/john/.conan/data/benchmark/1.5.0/johnmcfarlane/stable/package/2d691cf2893838db938d13bb62c6b6a99529967e/include -I/home/john/ws/revision/cnl/src/test -I/home/john/ws/revision/cnl/include -isystem /home/john/.conan/data/gtest/1.8.1/bincrafters/stable/package/3522b70b1cf11f6272690bc7f553328064d96810/include        -O3 -DNDEBUG     -Wall -Wextra -Werror -Wundef -ftemplate-backtrace-limit=0 -pthread -fconstexpr-backtrace-limit=0 -fconstexpr-steps=1000000000 -std=c++11 -fexceptions -frtti -DCNL_USE_INT128=1 -Wconversion -Wno-sign-conversion -ftemplate-backtrace-limit=0  -o source-file-cpp11.cpp -c /home/john/ws/revision/cnl/src/test/elastic_integer/rounding_integer/overflow_integer/rounding_safe_integer.cpp -E

where

john@carbon:~/ws/revision/build$ /usr/bin/c++ --version
clang version 9.0.0-2 (tags/RELEASE_900/final)
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/bin

Backtraces:

Version 9.0.0 output (no symbols):

john@carbon:~/ws/revision/build$ clang-tidy source-file-cpp11.cpp

​0 0x00007fc01db5656f llvm::sys::PrintStackTrace(llvm::raw_ostream&) (/lib/x86_64-linux-gnu/libLLVM-9.so.1+0xa4256f)

​1 0x00007fc01db54952 llvm::sys::RunSignalHandlers() (/lib/x86_64-linux-gnu/libLLVM-9.so.1+0xa40952)

​2 0x00007fc01db56971 (/lib/x86_64-linux-gnu/libLLVM-9.so.1+0xa42971)

​3 0x00007fc021328540 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x15540)

​4 0x000000000168de1f (/usr/lib/llvm-9/bin/clang-tidy+0x168de1f)

​5 0x0000000001696ebb (/usr/lib/llvm-9/bin/clang-tidy+0x1696ebb)

​6 0x000000000168a0b7 (/usr/lib/llvm-9/bin/clang-tidy+0x168a0b7)

​7 0x000000000169cabc (/usr/lib/llvm-9/bin/clang-tidy+0x169cabc)

​8 0x00000000016cfec0 (/usr/lib/llvm-9/bin/clang-tidy+0x16cfec0)

​9 0x00000000016d195a (/usr/lib/llvm-9/bin/clang-tidy+0x16d195a)

​10 0x00000000016d0f22 (/usr/lib/llvm-9/bin/clang-tidy+0x16d0f22)

​11 0x00000000016d0c4e (/usr/lib/llvm-9/bin/clang-tidy+0x16d0c4e)

​12 0x00000000016d0a6a (/usr/lib/llvm-9/bin/clang-tidy+0x16d0a6a)

​13 0x000000000141bff9 (/usr/lib/llvm-9/bin/clang-tidy+0x141bff9)

​14 0x000000000141d2bd (/usr/lib/llvm-9/bin/clang-tidy+0x141d2bd)

​15 0x000000000141d4d6 (/usr/lib/llvm-9/bin/clang-tidy+0x141d4d6)

​16 0x000000000141e078 (/usr/lib/llvm-9/bin/clang-tidy+0x141e078)

​17 0x0000000000958a32 (/usr/lib/llvm-9/bin/clang-tidy+0x958a32)

​18 0x00000000009cf14c (/usr/lib/llvm-9/bin/clang-tidy+0x9cf14c)

​19 0x00000000009e93b4 (/usr/lib/llvm-9/bin/clang-tidy+0x9e93b4)

​20 0x00000000009d5dfa (/usr/lib/llvm-9/bin/clang-tidy+0x9d5dfa)

​21 0x00000000007c534b (/usr/lib/llvm-9/bin/clang-tidy+0x7c534b)

​22 0x00000000007bfbf7 (/usr/lib/llvm-9/bin/clang-tidy+0x7bfbf7)

​23 0x0000000000b2033c (/usr/lib/llvm-9/bin/clang-tidy+0xb2033c)

​24 0x0000000000c2e4d3 (/usr/lib/llvm-9/bin/clang-tidy+0xc2e4d3)

​25 0x0000000000b09dc8 (/usr/lib/llvm-9/bin/clang-tidy+0xb09dc8)

​26 0x0000000000ac8940 (/usr/lib/llvm-9/bin/clang-tidy+0xac8940)

​27 0x0000000000798cf6 (/usr/lib/llvm-9/bin/clang-tidy+0x798cf6)

​28 0x0000000000438f95 (/usr/lib/llvm-9/bin/clang-tidy+0x438f95)

​29 0x0000000000798a66 (/usr/lib/llvm-9/bin/clang-tidy+0x798a66)

​30 0x00000000007980ff (/usr/lib/llvm-9/bin/clang-tidy+0x7980ff)

​31 0x0000000000799e8a (/usr/lib/llvm-9/bin/clang-tidy+0x799e8a)

​32 0x0000000000435e95 (/usr/lib/llvm-9/bin/clang-tidy+0x435e95)

​33 0x0000000000432fe3 (/usr/lib/llvm-9/bin/clang-tidy+0x432fe3)

​34 0x00007fc01cbf31e3 __libc_start_main /build/glibc-t7JzpG/glibc-2.30/csu/../csu/libc-start.c:342:3

​35 0x000000000043134e (/usr/lib/llvm-9/bin/clang-tidy+0x43134e)

Segmentation fault (core dumped)

Version 10.0.0:

john@carbon:~/ws/revision/build$ clang-tidy source-file-cpp11.cpp Stack dump:

  1. Program arguments: clang-tidy source-file-cpp11.cpp
  2. parser at end of file #​0 0x00000000005e5ff1 llvm::sys::PrintStackTrace(llvm::raw_ostream&) (/home/john/llvm/bin/clang-tidy+0x5e5ff1) #​1 0x00000000005e66c7 SignalHandler(int) (/home/john/llvm/bin/clang-tidy+0x5e66c7) #​2 0x00007f3e65275540 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x15540) #​3 0x00000000013fcc94 clang::StmtVisitorBase::Visit(clang::Stmt*) (/home/john/llvm/bin/clang-tidy+0x13fcc94) #​4 0x00000000014035a7 (anonymous namespace)::StmtPrinter::PrintCallArgs(clang::CallExpr*) (/home/john/llvm/bin/clang-tidy+0x14035a7) #​5 0x0000000001402b74 (anonymous namespace)::StmtPrinter::VisitCallExpr(clang::CallExpr*) (/home/john/llvm/bin/clang-tidy+0x1402b74) #​6 0x00000000013fc029 clang::Stmt::printPretty(llvm::raw_ostream&, clang::PrinterHelper*, clang::PrintingPolicy const&, unsigned int, llvm::StringRef, clang::ASTContext const*) const (/home/john/llvm/bin/clang-tidy+0x13fc029) #​7 0x0000000001406e9c clang::TemplateArgument::print(clang::PrintingPolicy const&, llvm::raw_ostream&) const (/home/john/llvm/bin/clang-tidy+0x1406e9c) #​8 0x00000000014251e8 void printTo(llvm::raw_ostream&, llvm::ArrayRef, clang::PrintingPolicy const&, bool) (/home/john/llvm/bin/clang-tidy+0x14251e8) #​9 0x000000000142830a (anonymous namespace)::TypePrinter::printTemplateSpecializationBefore(clang::TemplateSpecializationType const*, llvm::raw_ostream&) (/home/john/llvm/bin/clang-tidy+0x142830a) #​10 0x0000000001426809 (anonymous namespace)::TypePrinter::printBefore(clang::Type const*, clang::Qualifiers, llvm::raw_ostream&) (/home/john/llvm/bin/clang-tidy+0x1426809) #​11 0x0000000001425c96 (anonymous namespace)::TypePrinter::print(clang::Type const*, clang::Qualifiers, llvm::raw_ostream&, llvm::StringRef) (/home/john/llvm/bin/clang-tidy+0x1425c96) #​12 0x0000000001425ae6 clang::QualType::getAsStringInternal(clang::Type const*, clang::Qualifiers, std::__cxx11::basic_string, std::allocator >&, clang::PrintingPolicy const&) (/home/john/llvm/bin/clang-tidy+0x1425ae6) #​13 0x000000000142598a clang::QualType::getAsString[abi:cxx11]() const (/home/john/llvm/bin/clang-tidy+0x142598a) #​14 0x0000000001214243 clang::ento::RetainSummaryManager::getSummaryForObjCOrCFObject(clang::FunctionDecl const*, llvm::StringRef, clang::QualType, clang::FunctionType const*, bool&) (/home/john/llvm/bin/clang-tidy+0x1214243) #​15 0x00000000012154ac clang::ento::RetainSummaryManager::generateSummary(clang::FunctionDecl const*, bool&) (/home/john/llvm/bin/clang-tidy+0x12154ac) #​16 0x0000000001215559 clang::ento::RetainSummaryManager::getFunctionSummary(clang::FunctionDecl const*) (/home/john/llvm/bin/clang-tidy+0x1215559) #​17 0x0000000001215d0b clang::ento::RetainSummaryManager::getSummary(clang::AnyCall, bool, bool, clang::QualType) (/home/john/llvm/bin/clang-tidy+0x1215d0b) #​18 0x0000000000a15c72 clang::ento::retaincountchecker::RetainCountChecker::checkBeginFunction(clang::ento::CheckerContext&) const (/home/john/llvm/bin/clang-tidy+0xa15c72) #​19 0x0000000000a69c2f clang::ento::CheckerManager::runCheckersForBeginFunction(clang::ento::ExplodedNodeSet&, clang::BlockEdge const&, clang::ento::ExplodedNode*, clang::ento::ExprEngine&) (/home/john/llvm/bin/clang-tidy+0xa69c2f) #​20 0x0000000000a82f3c clang::ento::ExprEngine::processBeginOfFunction(clang::ento::NodeBuilderContext&, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&, clang::BlockEdge const&) (/home/john/llvm/bin/clang-tidy+0xa82f3c) #​21 0x0000000000a6e92b clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*, unsigned int, llvm::IntrusiveRefCntPtr) (/home/john/llvm/bin/clang-tidy+0xa6e92b) #​22 0x00000000008df0e9 clang::ento::ExprEngine::ExecuteWorkList(clang::LocationContext const*, unsigned int) (/home/john/llvm/bin/clang-tidy+0x8df0e9) #​23 0x00000000008defa9 (anonymous namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int, clang::ento::ExprEngine::InliningModes, llvm::DenseSet >*) (/home/john/llvm/bin/clang-tidy+0x8defa9) #​24 0x00000000008cf924 (anonymous namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&) (/home/john/llvm/bin/clang-tidy+0x8cf924) #​25 0x0000000000b66985 clang::MultiplexConsumer::HandleTranslationUnit(clang::ASTContext&) (/home/john/llvm/bin/clang-tidy+0xb66985) #​26 0x0000000000c26a22 clang::ParseAST(clang::Sema&, bool, bool) (/home/john/llvm/bin/clang-tidy+0xc26a22) #​27 0x0000000000b5513a clang::FrontendAction::Execute() (/home/john/llvm/bin/clang-tidy+0xb5513a) #​28 0x0000000000b28d87 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/home/john/llvm/bin/clang-tidy+0xb28d87) #​29 0x00000000005f25cd clang::tooling::FrontendActionFactory::runInvocation(std::shared_ptr, clang::FileManager*, std::shared_ptr, clang::DiagnosticConsumer*) (/home/john/llvm/bin/clang-tidy+0x5f25cd) #​30 0x00000000005fed15 clang::tidy::runClangTidy(clang::tidy::ClangTidyContext&, clang::tooling::CompilationDatabase const&, llvm::ArrayRef, std::allocator > >, llvm::IntrusiveRefCntPtr, bool, llvm::StringRef)::ActionFactory::runInvocation(std::shared_ptr, clang::FileManager*, std::shared_ptr, clang::DiagnosticConsumer*) (/home/john/llvm/bin/clang-tidy+0x5fed15) #​31 0x00000000005f23cb clang::tooling::ToolInvocation::runInvocation(char const*, clang::driver::Compilation*, std::shared_ptr, std::shared_ptr) (/home/john/llvm/bin/clang-tidy+0x5f23cb) #​32 0x00000000005f1e5c clang::tooling::ToolInvocation::run() (/home/john/llvm/bin/clang-tidy+0x5f1e5c) #​33 0x00000000005f3336 clang::tooling::ClangTool::run(clang::tooling::ToolAction*) (/home/john/llvm/bin/clang-tidy+0x5f3336) #​34 0x00000000005fc5cc clang::tidy::runClangTidy(clang::tidy::ClangTidyContext&, clang::tooling::CompilationDatabase const&, llvm::ArrayRef, std::allocator > >, llvm::IntrusiveRefCntPtr, bool, llvm::StringRef) (/home/john/llvm/bin/clang-tidy+0x5fc5cc) #​35 0x0000000000419315 main (/home/john/llvm/bin/clang-tidy+0x419315) #​36 0x00007f3e64ce01e3 __libc_start_main /build/glibc-t7JzpG/glibc-2.30/csu/../csu/libc-start.c:342:3 #​37 0x000000000041758e _start (/home/john/llvm/bin/clang-tidy+0x41758e) Segmentation fault (core dumped)

Examples of crashes from CI run: https://travis-ci.org/johnmcfarlane/cnl/builds/656836507

johnmcfarlane commented 4 years ago

I've narrowed the crash down to enabling of three rules:

When all three rules are disabled, the crash does not occur.

To reproduce, download the attached source file and run either clang-tidy v9 or v10 like so...

clang-tidy Downloads/source-file-cpp11.cpp

... and observe that Clang-Tidy crashes.

To show that excluding three of the clang-analyzer-osx rules circumvents the crash, amend the command...

clang-tidy Downloads/source-file-cpp11.cpp --checks="*,-clang-analyzer-osx.cocoa.RetainCount,-clang-analyzer-osx.cocoa.RetainCountBase,-clang-analyzer-osx.OSObjectRetainCount"

...and observe that Clang-Tidy completes without crashing.

I've updated the name of the issue accordingly.

llvmbot commented 2 years ago

@llvm/issue-subscribers-bug