search

llvm / llvm-project

The LLVM Project is a collection of modular and reusable compiler and toolchain technologies.
http://llvm.org
Other
26.77k stars 10.97k forks source link

Clang static analysis assert in SimpleSValBuilder::evalBinOpLN: op == BO_Add || op == BO_Sub #71174

Open AndrewScheidecker opened 8 months ago

AndrewScheidecker commented 8 months ago

While working with a build of clang that has assertions enabled, I found a simple repro for an assertion failure with tip of tree clang: https://github.com/llvm/llvm-project/blob/d49a893cdbea0dd6f8fde7dc9f321b2e0d169bba/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp#L1159

Repro command-line:

clang -cc1 -analyze -analyzer-checker=core -x c++ repro.cpp

Contents of repro.cpp:

static void a() { __builtin_bit_cast(unsigned long long, &a) | 1; }

While this repro is very similar to #69922, the proposed fix for that bug (#70837) doesn't fix this bug.

Here's the full output of the crash trace:

repro.cpp:1:62: warning: expression result unused [-Wunused-value]
    1 | static void a() { __builtin_bit_cast(unsigned long long, &a) | 1; }
      |                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~
clang: /home/andrew/llvm-project/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp:1159: virtual clang::ento::SVal {anonymous}::SimpleSValBuilder::evalBinOpLN(clang::ento::ProgramStateRef, clang::BinaryOperator::Opcode, clang::ento::Loc, clang::ento::NonLoc, clang::QualType): Assertion `op == BO_Add || op == BO_Sub' failed.
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.      Program arguments: /home/andrew/build/llvm/bin/clang -cc1 -analyze -analyzer-checker=core -x c++ repro.cpp
1.      <eof> parser at end of file
2.      While analyzing stack:
        #0 Calling a()
3.      repro.cpp:1:19: Error evaluating statement
4.      repro.cpp:1:19: Error evaluating statement
 #0 0x000055bd6390498f llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) /home/andrew/llvm-project/llvm/lib/Support/Unix/Signals.inc:727:3
 #1 0x000055bd6390225f llvm::sys::RunSignalHandlers() /home/andrew/llvm-project/llvm/lib/Support/Signals.cpp:105:20
 #2 0x000055bd639025b6 SignalHandler(int) /home/andrew/llvm-project/llvm/lib/Support/Unix/Signals.inc:413:1
 #3 0x00007f04ccf88520 (/lib/x86_64-linux-gnu/libc.so.6+0x42520)
 #4 0x00007f04ccfdc9fc pthread_kill (/lib/x86_64-linux-gnu/libc.so.6+0x969fc)
 #5 0x00007f04ccf88476 gsignal (/lib/x86_64-linux-gnu/libc.so.6+0x42476)
 #6 0x00007f04ccf6e7f3 abort (/lib/x86_64-linux-gnu/libc.so.6+0x287f3)
 #7 0x00007f04ccf6e71b (/lib/x86_64-linux-gnu/libc.so.6+0x2871b)
 #8 0x00007f04ccf7fe96 (/lib/x86_64-linux-gnu/libc.so.6+0x39e96)
 #9 0x000055bd659f500c decltype(auto) llvm::cast<clang::ento::SubRegion, clang::ento::MemRegion const>(clang::ento::MemRegion const*) /home/andrew/llvm-project/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp:1159:7
#10 0x000055bd659f500c (anonymous namespace)::SimpleSValBuilder::evalBinOpLN(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>, clang::BinaryOperatorKind, clang::ento::Loc, clang::ento::NonLoc, clang::QualType) /home/andrew/llvm-project/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp:1155:31
#11 0x000055bd65a017e2 llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>::release() /home/andrew/llvm-project/llvm/include/llvm/ADT/IntrusiveRefCntPtr.h:232:9
#12 0x000055bd65a017e2 llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>::~IntrusiveRefCntPtr() /home/andrew/llvm-project/llvm/include/llvm/ADT/IntrusiveRefCntPtr.h:196:34
#13 0x000055bd65a017e2 clang::ento::SValBuilder::evalBinOp(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>, clang::BinaryOperatorKind, clang::ento::SVal, clang::ento::SVal, clang::QualType) /home/andrew/llvm-project/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp:509:23
#14 0x000055bd6595405e llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>::release() /home/andrew/llvm-project/llvm/include/llvm/ADT/IntrusiveRefCntPtr.h:232:9
#15 0x000055bd6595405e llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>::~IntrusiveRefCntPtr() /home/andrew/llvm-project/llvm/include/llvm/ADT/IntrusiveRefCntPtr.h:196:34
#16 0x000055bd6595405e clang::ento::ExprEngine::evalBinOp(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>, clang::BinaryOperatorKind, clang::ento::SVal, clang::ento::SVal, clang::QualType) /home/andrew/llvm-project/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h:611:33
#17 0x000055bd6595405e clang::ento::ExprEngine::VisitBinaryOperator(clang::BinaryOperator const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) /home/andrew/llvm-project/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp:100:30
#18 0x000055bd6594204e clang::ento::NodeBuilder::addNodes(clang::ento::ExplodedNodeSet const&) /home/andrew/llvm-project/clang/include/clang/StaticAnalyzer/Core/PathSensitive/CoreEngine.h:339:45
#19 0x000055bd6594204e clang::ento::ExprEngine::Visit(clang::Stmt const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) /home/andrew/llvm-project/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:2106:20
#20 0x000055bd65942aba clang::ento::ExprEngine::ProcessStmt(clang::Stmt const*, clang::ento::ExplodedNode*) /home/andrew/llvm-project/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:1132:15
#21 0x000055bd6594ab3f clang::ento::ExprEngine::processCFGElement(clang::CFGElement, clang::ento::ExplodedNode*, unsigned int, clang::ento::NodeBuilderContext*) /home/andrew/llvm-project/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:977:7
#22 0x000055bd6590b34d clang::ento::CoreEngine::HandlePostStmt(clang::CFGBlock const*, unsigned int, clang::ento::ExplodedNode*) /home/andrew/llvm-project/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:498:1
#23 0x000055bd6590b8c4 clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*, unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>)::'lambda'(unsigned int)::operator()(unsigned int) const /home/andrew/llvm-project/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:159:23
#24 0x000055bd6590b9a4 clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*, unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>) /home/andrew/llvm-project/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:163:41
#25 0x000055bd6546ee2e llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>::release() /home/andrew/llvm-project/llvm/include/llvm/ADT/IntrusiveRefCntPtr.h:232:9
#26 0x000055bd6546ee2e llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>::~IntrusiveRefCntPtr() /home/andrew/llvm-project/llvm/include/llvm/ADT/IntrusiveRefCntPtr.h:196:34
#27 0x000055bd6546ee2e clang::ento::ExprEngine::ExecuteWorkList(clang::LocationContext const*, unsigned int) /home/andrew/llvm-project/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h:190:34
#28 0x000055bd6546ee2e RunPathSensitiveChecks /home/andrew/llvm-project/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:727:22
#29 0x000055bd6546ee2e (anonymous namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int, clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*, llvm::DenseMapInfo<clang::Decl const*, void>>*) /home/andrew/llvm-project/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:697:27
#30 0x000055bd6548311f llvm::DenseMapBase<llvm::DenseMap<clang::Decl const*, llvm::detail::DenseSetEmpty, llvm::DenseMapInfo<clang::Decl const*, void>, llvm::detail::DenseSetPair<clang::Decl const*>>, clang::Decl const*, llvm::detail::DenseSetEmpty, llvm::DenseMapInfo<clang::Decl const*, void>, llvm::detail::DenseSetPair<clang::Decl const*>>::begin() /home/andrew/llvm-project/llvm/include/llvm/ADT/DenseMap.h:78:5
#31 0x000055bd6548311f llvm::detail::DenseSetImpl<clang::Decl const*, llvm::DenseMap<clang::Decl const*, llvm::detail::DenseSetEmpty, llvm::DenseMapInfo<clang::Decl const*, void>, llvm::detail::DenseSetPair<clang::Decl const*>>, llvm::DenseMapInfo<clang::Decl const*, void>>::begin() /home/andrew/llvm-project/llvm/include/llvm/ADT/DenseSet.h:173:50
#32 0x000055bd6548311f HandleDeclsCallGraph /home/andrew/llvm-project/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:490:31
#33 0x000055bd6548311f runAnalysisOnTranslationUnit /home/andrew/llvm-project/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:557:25
#34 0x000055bd6548311f (anonymous namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&) /home/andrew/llvm-project/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:612:31
#35 0x000055bd65a49289 clang::ParseAST(clang::Sema&, bool, bool) /home/andrew/llvm-project/clang/lib/Parse/ParseAST.cpp:176:34
#36 0x000055bd6430a3a9 clang::FrontendAction::Execute() /home/andrew/llvm-project/clang/lib/Frontend/FrontendAction.cpp:1070:21
#37 0x000055bd64299815 llvm::Error::setChecked(bool) /home/andrew/llvm-project/llvm/include/llvm/Support/Error.h:307:22
#38 0x000055bd64299815 llvm::Error::operator bool() /home/andrew/llvm-project/llvm/include/llvm/Support/Error.h:239:15
#39 0x000055bd64299815 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) /home/andrew/llvm-project/clang/lib/Frontend/CompilerInstance.cpp:1045:42
#40 0x000055bd643cc3f5 std::__shared_ptr<clang::FrontendOptions, (__gnu_cxx::_Lock_policy)2>::get() const /usr/include/c++/11/bits/shared_ptr_base.h:1296:16
#41 0x000055bd643cc3f5 std::__shared_ptr_access<clang::FrontendOptions, (__gnu_cxx::_Lock_policy)2, false, false>::_M_get() const /usr/include/c++/11/bits/shared_ptr_base.h:993:69
#42 0x000055bd643cc3f5 std::__shared_ptr_access<clang::FrontendOptions, (__gnu_cxx::_Lock_policy)2, false, false>::operator*() const /usr/include/c++/11/bits/shared_ptr_base.h:979:2
#43 0x000055bd643cc3f5 clang::CompilerInvocation::getFrontendOpts() /home/andrew/llvm-project/clang/include/clang/Frontend/CompilerInvocation.h:247:48
#44 0x000055bd643cc3f5 clang::CompilerInstance::getFrontendOpts() /home/andrew/llvm-project/clang/include/clang/Frontend/CompilerInstance.h:291:39
#45 0x000055bd643cc3f5 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) /home/andrew/llvm-project/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:273:29
#46 0x000055bd626d00f9 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) /home/andrew/llvm-project/clang/tools/driver/cc1_main.cpp:294:40
#47 0x000055bd626c8213 ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&, llvm::ToolContext const&) /home/andrew/llvm-project/clang/tools/driver/driver.cpp:366:20
#48 0x000055bd626cc617 clang_main(int, char**, llvm::ToolContext const&) /home/andrew/llvm-project/clang/tools/driver/driver.cpp:407:26
#49 0x000055bd62619f13 main /home/andrew/build/llvm/tools/clang/tools/driver/clang-driver.cpp:16:1
#50 0x00007f04ccf6fd90 (/lib/x86_64-linux-gnu/libc.so.6+0x29d90)
#51 0x00007f04ccf6fe40 __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e40)
#52 0x000055bd626c6ad5 _start (/home/andrew/build/llvm/bin/clang+0xcd7ad5)
llvmbot commented 8 months ago

@llvm/issue-subscribers-clang-static-analyzer

Author: Andrew Scheidecker (AndrewScheidecker)

While working with a build of clang that has assertions enabled, I found a simple repro for an assertion failure with tip of tree clang: https://github.com/llvm/llvm-project/blob/d49a893cdbea0dd6f8fde7dc9f321b2e0d169bba/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp#L1159 Repro command-line: ``` clang -cc1 -analyze -analyzer-checker=core -x c++ repro.cpp ``` Contents of `repro.cpp`: ``` static void a() { __builtin_bit_cast(unsigned long long, &a) | 1; } ``` While this repro is very similar to #69922, the proposed fix for that bug (#70837) doesn't fix this bug. Here's the full output of the crash trace: ``` repro.cpp:1:62: warning: expression result unused [-Wunused-value] 1 | static void a() { __builtin_bit_cast(unsigned long long, &a) | 1; } | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~ clang: /home/andrew/llvm-project/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp:1159: virtual clang::ento::SVal {anonymous}::SimpleSValBuilder::evalBinOpLN(clang::ento::ProgramStateRef, clang::BinaryOperator::Opcode, clang::ento::Loc, clang::ento::NonLoc, clang::QualType): Assertion `op == BO_Add || op == BO_Sub' failed. PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script. Stack dump: 0. Program arguments: /home/andrew/build/llvm/bin/clang -cc1 -analyze -analyzer-checker=core -x c++ repro.cpp 1. <eof> parser at end of file 2. While analyzing stack: #0 Calling a() 3. repro.cpp:1:19: Error evaluating statement 4. repro.cpp:1:19: Error evaluating statement #0 0x000055bd6390498f llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) /home/andrew/llvm-project/llvm/lib/Support/Unix/Signals.inc:727:3 #1 0x000055bd6390225f llvm::sys::RunSignalHandlers() /home/andrew/llvm-project/llvm/lib/Support/Signals.cpp:105:20 #2 0x000055bd639025b6 SignalHandler(int) /home/andrew/llvm-project/llvm/lib/Support/Unix/Signals.inc:413:1 #3 0x00007f04ccf88520 (/lib/x86_64-linux-gnu/libc.so.6+0x42520) #4 0x00007f04ccfdc9fc pthread_kill (/lib/x86_64-linux-gnu/libc.so.6+0x969fc) #5 0x00007f04ccf88476 gsignal (/lib/x86_64-linux-gnu/libc.so.6+0x42476) #6 0x00007f04ccf6e7f3 abort (/lib/x86_64-linux-gnu/libc.so.6+0x287f3) #7 0x00007f04ccf6e71b (/lib/x86_64-linux-gnu/libc.so.6+0x2871b) #8 0x00007f04ccf7fe96 (/lib/x86_64-linux-gnu/libc.so.6+0x39e96) #9 0x000055bd659f500c decltype(auto) llvm::cast<clang::ento::SubRegion, clang::ento::MemRegion const>(clang::ento::MemRegion const*) /home/andrew/llvm-project/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp:1159:7 #10 0x000055bd659f500c (anonymous namespace)::SimpleSValBuilder::evalBinOpLN(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>, clang::BinaryOperatorKind, clang::ento::Loc, clang::ento::NonLoc, clang::QualType) /home/andrew/llvm-project/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp:1155:31 #11 0x000055bd65a017e2 llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>::release() /home/andrew/llvm-project/llvm/include/llvm/ADT/IntrusiveRefCntPtr.h:232:9 #12 0x000055bd65a017e2 llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>::~IntrusiveRefCntPtr() /home/andrew/llvm-project/llvm/include/llvm/ADT/IntrusiveRefCntPtr.h:196:34 #13 0x000055bd65a017e2 clang::ento::SValBuilder::evalBinOp(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>, clang::BinaryOperatorKind, clang::ento::SVal, clang::ento::SVal, clang::QualType) /home/andrew/llvm-project/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp:509:23 #14 0x000055bd6595405e llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>::release() /home/andrew/llvm-project/llvm/include/llvm/ADT/IntrusiveRefCntPtr.h:232:9 #15 0x000055bd6595405e llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>::~IntrusiveRefCntPtr() /home/andrew/llvm-project/llvm/include/llvm/ADT/IntrusiveRefCntPtr.h:196:34 #16 0x000055bd6595405e clang::ento::ExprEngine::evalBinOp(llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>, clang::BinaryOperatorKind, clang::ento::SVal, clang::ento::SVal, clang::QualType) /home/andrew/llvm-project/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h:611:33 #17 0x000055bd6595405e clang::ento::ExprEngine::VisitBinaryOperator(clang::BinaryOperator const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) /home/andrew/llvm-project/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp:100:30 #18 0x000055bd6594204e clang::ento::NodeBuilder::addNodes(clang::ento::ExplodedNodeSet const&) /home/andrew/llvm-project/clang/include/clang/StaticAnalyzer/Core/PathSensitive/CoreEngine.h:339:45 #19 0x000055bd6594204e clang::ento::ExprEngine::Visit(clang::Stmt const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) /home/andrew/llvm-project/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:2106:20 #20 0x000055bd65942aba clang::ento::ExprEngine::ProcessStmt(clang::Stmt const*, clang::ento::ExplodedNode*) /home/andrew/llvm-project/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:1132:15 #21 0x000055bd6594ab3f clang::ento::ExprEngine::processCFGElement(clang::CFGElement, clang::ento::ExplodedNode*, unsigned int, clang::ento::NodeBuilderContext*) /home/andrew/llvm-project/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:977:7 #22 0x000055bd6590b34d clang::ento::CoreEngine::HandlePostStmt(clang::CFGBlock const*, unsigned int, clang::ento::ExplodedNode*) /home/andrew/llvm-project/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:498:1 #23 0x000055bd6590b8c4 clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*, unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>)::'lambda'(unsigned int)::operator()(unsigned int) const /home/andrew/llvm-project/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:159:23 #24 0x000055bd6590b9a4 clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*, unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>) /home/andrew/llvm-project/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:163:41 #25 0x000055bd6546ee2e llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>::release() /home/andrew/llvm-project/llvm/include/llvm/ADT/IntrusiveRefCntPtr.h:232:9 #26 0x000055bd6546ee2e llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>::~IntrusiveRefCntPtr() /home/andrew/llvm-project/llvm/include/llvm/ADT/IntrusiveRefCntPtr.h:196:34 #27 0x000055bd6546ee2e clang::ento::ExprEngine::ExecuteWorkList(clang::LocationContext const*, unsigned int) /home/andrew/llvm-project/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h:190:34 #28 0x000055bd6546ee2e RunPathSensitiveChecks /home/andrew/llvm-project/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:727:22 #29 0x000055bd6546ee2e (anonymous namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int, clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*, llvm::DenseMapInfo<clang::Decl const*, void>>*) /home/andrew/llvm-project/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:697:27 #30 0x000055bd6548311f llvm::DenseMapBase<llvm::DenseMap<clang::Decl const*, llvm::detail::DenseSetEmpty, llvm::DenseMapInfo<clang::Decl const*, void>, llvm::detail::DenseSetPair<clang::Decl const*>>, clang::Decl const*, llvm::detail::DenseSetEmpty, llvm::DenseMapInfo<clang::Decl const*, void>, llvm::detail::DenseSetPair<clang::Decl const*>>::begin() /home/andrew/llvm-project/llvm/include/llvm/ADT/DenseMap.h:78:5 #31 0x000055bd6548311f llvm::detail::DenseSetImpl<clang::Decl const*, llvm::DenseMap<clang::Decl const*, llvm::detail::DenseSetEmpty, llvm::DenseMapInfo<clang::Decl const*, void>, llvm::detail::DenseSetPair<clang::Decl const*>>, llvm::DenseMapInfo<clang::Decl const*, void>>::begin() /home/andrew/llvm-project/llvm/include/llvm/ADT/DenseSet.h:173:50 #32 0x000055bd6548311f HandleDeclsCallGraph /home/andrew/llvm-project/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:490:31 #33 0x000055bd6548311f runAnalysisOnTranslationUnit /home/andrew/llvm-project/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:557:25 #34 0x000055bd6548311f (anonymous namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&) /home/andrew/llvm-project/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:612:31 #35 0x000055bd65a49289 clang::ParseAST(clang::Sema&, bool, bool) /home/andrew/llvm-project/clang/lib/Parse/ParseAST.cpp:176:34 #36 0x000055bd6430a3a9 clang::FrontendAction::Execute() /home/andrew/llvm-project/clang/lib/Frontend/FrontendAction.cpp:1070:21 #37 0x000055bd64299815 llvm::Error::setChecked(bool) /home/andrew/llvm-project/llvm/include/llvm/Support/Error.h:307:22 #38 0x000055bd64299815 llvm::Error::operator bool() /home/andrew/llvm-project/llvm/include/llvm/Support/Error.h:239:15 #39 0x000055bd64299815 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) /home/andrew/llvm-project/clang/lib/Frontend/CompilerInstance.cpp:1045:42 #40 0x000055bd643cc3f5 std::__shared_ptr<clang::FrontendOptions, (__gnu_cxx::_Lock_policy)2>::get() const /usr/include/c++/11/bits/shared_ptr_base.h:1296:16 #41 0x000055bd643cc3f5 std::__shared_ptr_access<clang::FrontendOptions, (__gnu_cxx::_Lock_policy)2, false, false>::_M_get() const /usr/include/c++/11/bits/shared_ptr_base.h:993:69 #42 0x000055bd643cc3f5 std::__shared_ptr_access<clang::FrontendOptions, (__gnu_cxx::_Lock_policy)2, false, false>::operator*() const /usr/include/c++/11/bits/shared_ptr_base.h:979:2 #43 0x000055bd643cc3f5 clang::CompilerInvocation::getFrontendOpts() /home/andrew/llvm-project/clang/include/clang/Frontend/CompilerInvocation.h:247:48 #44 0x000055bd643cc3f5 clang::CompilerInstance::getFrontendOpts() /home/andrew/llvm-project/clang/include/clang/Frontend/CompilerInstance.h:291:39 #45 0x000055bd643cc3f5 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) /home/andrew/llvm-project/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:273:29 #46 0x000055bd626d00f9 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) /home/andrew/llvm-project/clang/tools/driver/cc1_main.cpp:294:40 #47 0x000055bd626c8213 ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&, llvm::ToolContext const&) /home/andrew/llvm-project/clang/tools/driver/driver.cpp:366:20 #48 0x000055bd626cc617 clang_main(int, char**, llvm::ToolContext const&) /home/andrew/llvm-project/clang/tools/driver/driver.cpp:407:26 #49 0x000055bd62619f13 main /home/andrew/build/llvm/tools/clang/tools/driver/clang-driver.cpp:16:1 #50 0x00007f04ccf6fd90 (/lib/x86_64-linux-gnu/libc.so.6+0x29d90) #51 0x00007f04ccf6fe40 __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e40) #52 0x000055bd626c6ad5 _start (/home/andrew/build/llvm/bin/clang+0xcd7ad5) ```
steakhal commented 8 months ago

Thanks for the report. I start to hate reinterpret-casts (including bitcasts). They trigger all sorts of assertions all over the place in CSA. If only we did just model the casts as they appear.

Ah, I'll look into working around this case. Thanks again.