search

llvm / llvm-project

The LLVM Project is a collection of modular and reusable compiler and toolchain technologies.
http://llvm.org
Other
28.23k stars 11.65k forks source link

Assertion failure in SmartPtrChecker when initializing std::unique_ptr with nullptr #49932

Open RedDocMD opened 3 years ago

RedDocMD commented 3 years ago
Bugzilla Link 50588
Version trunk
OS Linux
CC @devincoughlin,@RedDocMD,@haoNoQ,@Teemperor,@SavchenkoValeriy,@Xazax-hun

Extended Description

For the following code:

#include <memory>

void foo(s) {
    auto hell = std::unique_ptr<int>(nullptr);
    *hell;
}

the assertion at SmartPtrModeling.cpp:240: TrackingExpr->getType()->isPointerType() && "Adding a non pointer value to TrackedRegionMap" fails.

The full stack trace:

clang++: /home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp:242: bool (anonymous namespace)::SmartPtrModeling::evalCall(const clang::ento::CallEvent &, clang::ento::CheckerContext &) const: Assertion `TrackingExpr->getType()->isPointerType() && "Adding a non pointer value to TrackedRegionMap"' failed.
PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.  Program arguments: ./llvm/release/bin/clang++ -std=c++20 -Xclang -analyze -Xclang -analyzer-checker=core,cplusplus.Move,cplusplus.NewDelete,alpha.cplusplus.SmartPtr -Xclang -analyzer-output=text -Xclang -analyzer-config -Xclang cplusplus.SmartPtrModeling:ModelSmartPtrDereference=true -c make_unique.cpp
1.  <eof> parser at end of file
2.  While analyzing stack: 
    #0 Calling foo
3.  make_unique.cpp:8:17: Error evaluating statement
4.  make_unique.cpp:8:17: Error evaluating statement
 #&#8203;0 0x00007f9a6c3317b1 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) /home/dknite/work/llvm-project/llvm/llvm/lib/Support/Unix/Signals.inc:565:13
 #&#8203;1 0x00007f9a6c32f7e0 llvm::sys::RunSignalHandlers() /home/dknite/work/llvm-project/llvm/llvm/lib/Support/Signals.cpp:77:18
 #&#8203;2 0x00007f9a6c330d9b llvm::sys::CleanupOnSignal(unsigned long) /home/dknite/work/llvm-project/llvm/llvm/lib/Support/Unix/Signals.inc:0:3
 #&#8203;3 0x00007f9a6c257df3 (anonymous namespace)::CrashRecoveryContextImpl::HandleCrash(int, unsigned long) /home/dknite/work/llvm-project/llvm/llvm/lib/Support/CrashRecoveryContext.cpp:75:5
 #&#8203;4 0x00007f9a6c257fab CrashRecoverySignalHandler(int) /home/dknite/work/llvm-project/llvm/llvm/lib/Support/CrashRecoveryContext.cpp:0:51
 #&#8203;5 0x00007f9a6fe35870 __restore_rt sigaction.c:0:0
 #&#8203;6 0x00007f9a6bc2fd22 raise (/usr/lib/libc.so.6+0x3cd22)
 #&#8203;7 0x00007f9a6bc19862 abort (/usr/lib/libc.so.6+0x26862)
 #&#8203;8 0x00007f9a6bc19747 _nl_load_domain.cold loadmsgcat.c:0:0
 #&#8203;9 0x00007f9a6bc28616 (/usr/lib/libc.so.6+0x35616)
#&#8203;10 0x00007f9a68c24b02 getInnerPointerType(clang::ento::CallEvent const&, clang::ento::CheckerContext&) /home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp:0:0
#&#8203;11 0x00007f9a68c24b02 (anonymous namespace)::SmartPtrModeling::handleBoolConversion(clang::ento::CallEvent const&, clang::ento::CheckerContext&) const /home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp:575:29
#&#8203;12 0x00007f9a68c24b02 (anonymous namespace)::SmartPtrModeling::evalCall(clang::ento::CallEvent const&, clang::ento::CheckerContext&) const /home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp:193:7
#&#8203;13 0x00007f9a68c24b02 bool clang::ento::eval::Call::_evalCall<(anonymous namespace)::SmartPtrModeling>(void*, clang::ento::CallEvent const&, clang::ento::CheckerContext&) /home/dknite/work/llvm-project/llvm/clang/include/clang/StaticAnalyzer/Core/Checker.h:479:40
#&#8203;14 0x00007f9a687492bd clang::ento::CheckerFn<bool (clang::ento::CallEvent const&, clang::ento::CheckerContext&)>::operator()(clang::ento::CallEvent const&, clang::ento::CheckerContext&) const /home/dknite/work/llvm-project/llvm/clang/include/clang/StaticAnalyzer/Core/CheckerManager.h:0:12
#&#8203;15 0x00007f9a687492bd clang::ento::CheckerManager::runCheckersForEvalCall(clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNodeSet const&, clang::ento::CallEvent const&, clang::ento::ExprEngine&, clang::ento::EvalCallOptions const&) /home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Core/CheckerManager.cpp:676:21
#&#8203;16 0x00007f9a6878e4c8 llvm::SmallVectorTemplateCommon<clang::ento::ExplodedNode*, void>::isSmall() const /home/dknite/work/llvm-project/llvm/llvm/include/llvm/ADT/SmallVector.h:129:39
#&#8203;17 0x00007f9a6878e4c8 llvm::SmallVectorImpl<clang::ento::ExplodedNode*>::~SmallVectorImpl() /home/dknite/work/llvm-project/llvm/llvm/include/llvm/ADT/SmallVector.h:581:16
#&#8203;18 0x00007f9a6878e4c8 llvm::SmallVector<clang::ento::ExplodedNode*, 4u>::~SmallVector() /home/dknite/work/llvm-project/llvm/llvm/include/llvm/ADT/SmallVector.h:1176:3
#&#8203;19 0x00007f9a6878e4c8 llvm::SetVector<clang::ento::ExplodedNode*, llvm::SmallVector<clang::ento::ExplodedNode*, 4u>, llvm::SmallDenseSet<clang::ento::ExplodedNode*, 4u, llvm::DenseMapInfo<clang::ento::ExplodedNode*> > >::~SetVector() /home/dknite/work/llvm-project/llvm/llvm/include/llvm/ADT/SetVector.h:40:7
#&#8203;20 0x00007f9a6878e4c8 clang::ento::ExplodedNodeSet::~ExplodedNodeSet() /home/dknite/work/llvm-project/llvm/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExplodedGraph.h:463:7
#&#8203;21 0x00007f9a6878e4c8 clang::ento::ExprEngine::handleConstructor(clang::Expr const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) /home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp:632:7
#&#8203;22 0x00007f9a6876dc24 clang::ento::ExprEngine::Visit(clang::Stmt const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) /home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:0:7
#&#8203;23 0x00007f9a6876ab3c clang::ento::ExprEngine::ProcessStmt(clang::Stmt const*, clang::ento::ExplodedNode*) /home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:792:9
#&#8203;24 0x00007f9a6876a7f4 clang::ento::ExprEngine::processCFGElement(clang::CFGElement, clang::ento::ExplodedNode*, unsigned int, clang::ento::NodeBuilderContext*) /home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:0:7
#&#8203;25 0x00007f9a68751ba2 clang::ento::CoreEngine::HandlePostStmt(clang::CFGBlock const*, unsigned int, clang::ento::ExplodedNode*) /home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:0:13
#&#8203;26 0x00007f9a68750fed clang::ento::CoreEngine::dispatchWorkItem(clang::ento::ExplodedNode*, clang::ProgramPoint, clang::ento::WorkListUnit const&) /home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:0:7
#&#8203;27 0x00007f9a68750b4f std::__uniq_ptr_impl<clang::ento::WorkList, std::default_delete<clang::ento::WorkList> >::_M_ptr() const /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/11.1.0/../../../../include/c++/11.1.0/bits/unique_ptr.h:173:42
#&#8203;28 0x00007f9a68750b4f std::unique_ptr<clang::ento::WorkList, std::default_delete<clang::ento::WorkList> >::get() const /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/11.1.0/../../../../include/c++/11.1.0/bits/unique_ptr.h:422:21
#&#8203;29 0x00007f9a68750b4f std::unique_ptr<clang::ento::WorkList, std::default_delete<clang::ento::WorkList> >::operator->() const /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/11.1.0/../../../../include/c++/11.1.0/bits/unique_ptr.h:416:9
#&#8203;30 0x00007f9a68750b4f clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*, unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>) /home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:128:10
#&#8203;31 0x00007f9a6af3e10c llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>::release() /home/dknite/work/llvm-project/llvm/llvm/include/llvm/ADT/IntrusiveRefCntPtr.h:218:9
#&#8203;32 0x00007f9a6af3e10c llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>::~IntrusiveRefCntPtr() /home/dknite/work/llvm-project/llvm/llvm/include/llvm/ADT/IntrusiveRefCntPtr.h:186:27
#&#8203;33 0x00007f9a6af3e10c clang::ento::ExprEngine::ExecuteWorkList(clang::LocationContext const*, unsigned int) /home/dknite/work/llvm-project/llvm/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h:192:5
#&#8203;34 0x00007f9a6af3e10c (anonymous namespace)::AnalysisConsumer::RunPathSensitiveChecks(clang::Decl*, clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*, llvm::DenseMapInfo<clang::Decl const*> >*) /home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:709:7
#&#8203;35 0x00007f9a6af3e10c (anonymous namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int, clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*, llvm::DenseMapInfo<clang::Decl const*> >*) /home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:682:5
#&#8203;36 0x00007f9a6af1b219 llvm::DenseMapBase<llvm::DenseMap<clang::Decl const*, llvm::detail::DenseSetEmpty, llvm::DenseMapInfo<clang::Decl const*>, llvm::detail::DenseSetPair<clang::Decl const*> >, clang::Decl const*, llvm::detail::DenseSetEmpty, llvm::DenseMapInfo<clang::Decl const*>, llvm::detail::DenseSetPair<clang::Decl const*> >::empty() const /home/dknite/work/llvm-project/llvm/llvm/include/llvm/ADT/DenseMap.h:98:28
#&#8203;37 0x00007f9a6af1b219 llvm::DenseMapBase<llvm::DenseMap<clang::Decl const*, llvm::detail::DenseSetEmpty, llvm::DenseMapInfo<clang::Decl const*>, llvm::detail::DenseSetPair<clang::Decl const*> >, clang::Decl const*, llvm::detail::DenseSetEmpty, llvm::DenseMapInfo<clang::Decl const*>, llvm::detail::DenseSetPair<clang::Decl const*> >::begin() /home/dknite/work/llvm-project/llvm/llvm/include/llvm/ADT/DenseMap.h:77:9
#&#8203;38 0x00007f9a6af1b219 llvm::detail::DenseSetImpl<clang::Decl const*, llvm::DenseMap<clang::Decl const*, llvm::detail::DenseSetEmpty, llvm::DenseMapInfo<clang::Decl const*>, llvm::detail::DenseSetPair<clang::Decl const*> >, llvm::DenseMapInfo<clang::Decl const*> >::begin() /home/dknite/work/llvm-project/llvm/llvm/include/llvm/ADT/DenseSet.h:173:45
#&#8203;39 0x00007f9a6af1b219 (anonymous namespace)::AnalysisConsumer::HandleDeclsCallGraph(unsigned int) /home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:475:29
#&#8203;40 0x00007f9a6af1b219 (anonymous namespace)::AnalysisConsumer::runAnalysisOnTranslationUnit(clang::ASTContext&) /home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:522:5
#&#8203;41 0x00007f9a6af1b219 (anonymous namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&) /home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:552:5
#&#8203;42 0x00007f9a69cd8313 __gnu_cxx::__normal_iterator<std::unique_ptr<clang::TemplateInstantiationCallback, std::default_delete<clang::TemplateInstantiationCallback> >*, std::vector<std::unique_ptr<clang::TemplateInstantiationCallback, std::default_delete<clang::TemplateInstantiationCallback> >, std::allocator<std::unique_ptr<clang::TemplateInstantiationCallback, std::default_delete<clang::TemplateInstantiationCallback> > > > >::__normal_iterator(std::unique_ptr<clang::TemplateInstantiationCallback, std::default_delete<clang::TemplateInstantiationCallback> >* const&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/11.1.0/../../../../include/c++/11.1.0/bits/stl_iterator.h:1008:20
#&#8203;43 0x00007f9a69cd8313 std::vector<std::unique_ptr<clang::TemplateInstantiationCallback, std::default_delete<clang::TemplateInstantiationCallback> >, std::allocator<std::unique_ptr<clang::TemplateInstantiationCallback, std::default_delete<clang::TemplateInstantiationCallback> > > >::begin() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/11.1.0/../../../../include/c++/11.1.0/bits/stl_vector.h:812:16
#&#8203;44 0x00007f9a69cd8313 void clang::finalize<std::vector<std::unique_ptr<clang::TemplateInstantiationCallback, std::default_delete<clang::TemplateInstantiationCallback> >, std::allocator<std::unique_ptr<clang::TemplateInstantiationCallback, std::default_delete<clang::TemplateInstantiationCallback> > > > >(std::vector<std::unique_ptr<clang::TemplateInstantiationCallback, std::default_delete<clang::TemplateInstantiationCallback> >, std::allocator<std::unique_ptr<clang::TemplateInstantiationCallback, std::default_delete<clang::TemplateInstantiationCallback> > > >&, clang::Sema const&) /home/dknite/work/llvm-project/llvm/clang/include/clang/Sema/TemplateInstCallback.h:54:16
#&#8203;45 0x00007f9a69cd8313 clang::ParseAST(clang::Sema&, bool, bool) /home/dknite/work/llvm-project/llvm/clang/lib/Parse/ParseAST.cpp:178:3
#&#8203;46 0x00007f9a6e1e1b25 clang::FrontendAction::Execute() /home/dknite/work/llvm-project/llvm/clang/lib/Frontend/FrontendAction.cpp:953:10
#&#8203;47 0x00007f9a6e14fa42 llvm::Error::getPtr() const /home/dknite/work/llvm-project/llvm/llvm/include/llvm/Support/Error.h:274:42
#&#8203;48 0x00007f9a6e14fa42 llvm::Error::operator bool() /home/dknite/work/llvm-project/llvm/llvm/include/llvm/Support/Error.h:236:16
#&#8203;49 0x00007f9a6e14fa42 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) /home/dknite/work/llvm-project/llvm/clang/lib/Frontend/CompilerInstance.cpp:960:23
#&#8203;50 0x00007f9a6fe1d98c clang::ExecuteCompilerInvocation(clang::CompilerInstance*) /home/dknite/work/llvm-project/llvm/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:278:25
#&#8203;51 0x000055be0d88a8c0 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) /home/dknite/work/llvm-project/llvm/clang/tools/driver/cc1_main.cpp:246:15
#&#8203;52 0x000055be0d88840a ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&) /home/dknite/work/llvm-project/llvm/clang/tools/driver/driver.cpp:338:12
#&#8203;53 0x00007f9a6deddcb2 clang::driver::CC1Command::Execute(llvm::ArrayRef<llvm::Optional<llvm::StringRef> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, bool*) const::$_1::operator()() const /home/dknite/work/llvm-project/llvm/clang/lib/Driver/Job.cpp:404:30
#&#8203;54 0x00007f9a6deddcb2 void llvm::function_ref<void ()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<llvm::Optional<llvm::StringRef> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, bool*) const::$_1>(long) /home/dknite/work/llvm-project/llvm/llvm/include/llvm/ADT/STLExtras.h:185:12
#&#8203;55 0x00007f9a6c257d07 llvm::function_ref<void ()>::operator()() const /home/dknite/work/llvm-project/llvm/llvm/include/llvm/ADT/STLExtras.h:0:12
#&#8203;56 0x00007f9a6c257d07 llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) /home/dknite/work/llvm-project/llvm/llvm/lib/Support/CrashRecoveryContext.cpp:424:3
#&#8203;57 0x00007f9a6dedd695 clang::driver::CC1Command::Execute(llvm::ArrayRef<llvm::Optional<llvm::StringRef> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, bool*) const /home/dknite/work/llvm-project/llvm/clang/lib/Driver/Job.cpp:404:7
#&#8203;58 0x00007f9a6deab03b clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&, clang::driver::Command const*&) const /home/dknite/work/llvm-project/llvm/clang/lib/Driver/Compilation.cpp:196:15
#&#8203;59 0x00007f9a6deab5ba clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*> >&) const /home/dknite/work/llvm-project/llvm/clang/lib/Driver/Compilation.cpp:249:13
#&#8203;60 0x00007f9a6dec369e llvm::SmallVectorBase<unsigned int>::empty() const /home/dknite/work/llvm-project/llvm/llvm/include/llvm/ADT/SmallVector.h:73:47
#&#8203;61 0x00007f9a6dec369e clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*> >&) /home/dknite/work/llvm-project/llvm/clang/lib/Driver/Driver.cpp:1538:23
#&#8203;62 0x000055be0d887cfb main /home/dknite/work/llvm-project/llvm/clang/tools/driver/driver.cpp:510:21
#&#8203;63 0x00007f9a6bc1ab25 __libc_start_main (/usr/lib/libc.so.6+0x27b25)
#&#8203;64 0x000055be0d8851be _start (./llvm/release/bin/clang+++0x101be)
clang-13: error: clang frontend command failed with exit code 134 (use -v to see invocation)
clang version 13.0.0 (git@github.com:RedDocMD/deep-llvm.git 82fbc5d45b0c2fc9050d1d5e335e35afb4ab2611)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /home/dknite/work/llvm-project/./llvm/release/bin
clang-13: error: unable to execute command: Aborted (core dumped)
clang-13: note: diagnostic msg: Error generating preprocessed source(s).
RedDocMD commented 3 years ago

assigned to @RedDocMD