https://llvm.org/bugs/show_bug.cgi?id=28042
Bug ID: 28042
Summary: Crash in static analyzer
Product: clang
Version: 3.8
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P
Component: Static Analyzer
Assignee: kreme...@apple.com
Reporter: andrew.m...@gmail.com
CC: llvm-bugs@lists.llvm.org
Classification: Unclassified
Created attachment 16487
--> https://llvm.org/bugs/attachment.cgi?id=16487&action=edit
lio_fuse_core.c preprocessed
Hello,
With "clang version 3.8.0-2ubuntu3 (tags/RELEASE_380/final)" on ubuntu xenial,
I get a two different crashes with my codebase (though one of them appears to
not always occur.
I've posted the stacktrace and command line after this message. The
preprocessed input is attached as an attachment. The "runner-unix" crash
appears to always occur, while the "lio_fuse_core" crash seems to happen
inconsistently.
Thanks!
Andrew
The stacktrace for each file looks the same:
0 libLLVM-3.8.so.1 0x00007f273edecd38
llvm::sys::PrintStackTrace(llvm::raw_ostream&) + 56
1 libLLVM-3.8.so.1 0x00007f273edeafc6 llvm::sys::RunSignalHandlers() + 54
2 libLLVM-3.8.so.1 0x00007f273edeb129
3 libc.so.6 0x00007f273df284a0
4 clang 0x00000000014dc4c5 clang::Stmt::getLocStart() const + 21
5 clang 0x00000000012d5e15
6 clang 0x00000000012d8e49
clang::ento::PathDiagnosticLocation::createBegin(clang::Stmt const*,
clang::SourceManager const&, llvm::PointerUnion<clang::LocationContext const*,
clang::AnalysisDeclContext*>) + 25
7 clang 0x00000000011f7643
8 clang 0x00000000012705f5
clang::ento::CheckerManager::runCheckersForEndAnalysis(clang::ento::ExplodedGraph&,
clang::ento::BugReporter&, clang::ento::ExprEngine&) + 101
9 clang 0x000000000127ba5a
clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*,
unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>) + 234
10 clang 0x0000000000b279af
11 clang 0x0000000000b282fb
12 clang 0x0000000000b321ce
13 clang 0x0000000000b3676a clang::ParseAST(clang::Sema&, bool,
bool) + 938
14 clang 0x000000000099a1fe clang::FrontendAction::Execute() + 302
15 clang 0x000000000096fbf6
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) + 278
16 clang 0x0000000000a14aa3
clang::ExecuteCompilerInvocation(clang::CompilerInstance*) + 1987
17 clang 0x00000000006b2d18 cc1_main(llvm::ArrayRef<char const*>,
char const*, void*) + 2264
18 clang 0x00000000006af7ac main + 6252
19 libc.so.6 0x00007f273df13830 __libc_start_main + 240
20 clang 0x00000000006b1159 _start + 41
Stack dump:
And the following is the command line for lio_fuse_core.c
/usr/bin/clang -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free
-disable-llvm-verifier -main-file-name lio_fuse_core.c -analyzer-store=region
-analyzer-opt-analyze-nested-blocks -analyzer-eagerly-assume
-analyzer-checker=core -analyzer-checker=unix -analyzer-checker=deadcode
-analyzer-checker=security.insecureAPI.UncheckedReturn
-analyzer-checker=security.insecureAPI.getpw
-analyzer-checker=security.insecureAPI.gets
-analyzer-checker=security.insecureAPI.mktemp
-analyzer-checker=security.insecureAPI.mkstemp
-analyzer-checker=security.insecureAPI.vfork
-analyzer-checker=nullability.NullPassedToNonnull
-analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w
-mrelocation-model pic -pic-level 2 -mthread-model posix -mdisable-fp-elim
-fmath-errno -masm-verbose -mconstructor-aliases -munwind-tables
-fuse-init-array -target-cpu x86-64 -dwarf-column-info -debugger-tuning=gdb
-resource-dir /usr/lib/llvm-3.8/bin/../lib/clang/3.8.0 -isystem
/tmp/workspace/LStore-Branches/PR-94/build/include -isystem
/tmp/workspace/LStore-Branches/PR-94/build/include/apr-ACCRE-1 -isystem
/tmp/workspace/LStore-Branches/PR-94/build/include/apr-util-ACCRE-1 -D
lio_EXPORTS -I /tmp/workspace/LStore-Branches/PR-94/src/toolbox -I
/tmp/workspace/LStore-Branches/PR-94/src/gop -I
/tmp/workspace/LStore-Branches/PR-94/src/ibp -D _REENTRANT -D _GNU_SOURCE -D
_LARGEFILE64_SOURCE -D _FILE_OFFSET_BITS=64 -D _FILE_OFFSET_BITS=64 -D
LSTORE_HACK_EXPORT -internal-isystem /usr/local/include -internal-isystem
/usr/lib/llvm-3.8/bin/../lib/clang/3.8.0/include -internal-externc-isystem
/usr/include/x86_64-linux-gnu -internal-externc-isystem /include
-internal-externc-isystem /usr/include -Wno-unused-parameter
-Wno-deprecated-declarations -std=c99 -fdebug-compilation-dir
/tmp/workspace/LStore-Branches/PR-94/build/src/lio -ferror-limit 19
-fmessage-length 0 -fvisibility hidden -fobjc-runtime=gcc
-fdiagnostics-show-option -analyzer-display-progress -analyzer-checker
alpha.core.BoolAssignment -analyzer-checker
alpha.core.CallAndMessageUnInitRefArg -analyzer-checker alpha.core.CastSize
-analyzer-checker alpha.core.CastToStruct -analyzer-checker
alpha.core.DynamicTypeChecker -analyzer-checker alpha.core.FixedAddr
-analyzer-checker alpha.core.IdenticalExpr -analyzer-checker
alpha.core.PointerArithm -analyzer-checker alpha.core.PointerSub
-analyzer-checker alpha.core.SizeofPtr -analyzer-checker
alpha.core.TestAfterDivZero -analyzer-checker alpha.cplusplus.VirtualCall
-analyzer-checker alpha.deadcode.UnreachableCode -analyzer-checker
alpha.security.ArrayBound -analyzer-checker alpha.security.ArrayBoundV2
-analyzer-checker alpha.security.MallocOverflow -analyzer-checker
alpha.security.ReturnPtrRange -analyzer-checker
alpha.security.taint.TaintPropagation -analyzer-checker alpha.unix.Chroot
-analyzer-checker alpha.unix.PthreadLock -analyzer-checker
alpha.unix.SimpleStream -analyzer-checker alpha.unix.Stream -analyzer-checker
alpha.unix.cstring.BufferOverlap -analyzer-checker
alpha.unix.cstring.NotNullTerminated -analyzer-checker
alpha.unix.cstring.OutOfBounds -analyzer-checker=debug.Stats -analyzer-max-loop
10 -analyzer-output=html -o
/tmp/workspace/LStore-Branches/PR-94/build/clang-static-analyzer/2016-06-07-064307-13352-1
-x c /tmp/workspace/LStore-Branches/PR-94/src/lio/lio_fuse_core.c
And this is the preprocessed runner-unix.c
0. Program arguments: /usr/bin/clang -cc1 -triple x86_64-pc-linux-gnu
-analyze -disable-free -disable-llvm-verifier -main-file-name runner-unix.c
-analyzer-store=region -analyzer-opt-analyze-nested-blocks
-analyzer-eagerly-assume -analyzer-checker=core -analyzer-checker=unix
-analyzer-checker=deadcode
-analyzer-checker=security.insecureAPI.UncheckedReturn
-analyzer-checker=security.insecureAPI.getpw
-analyzer-checker=security.insecureAPI.gets
-analyzer-checker=security.insecureAPI.mktemp
-analyzer-checker=security.insecureAPI.mkstemp
-analyzer-checker=security.insecureAPI.vfork
-analyzer-checker=nullability.NullPassedToNonnull
-analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w
-mrelocation-model pic -pic-level 2 -mthread-model posix -mdisable-fp-elim
-fmath-errno -masm-verbose -mconstructor-aliases -munwind-tables
-fuse-init-array -target-cpu x86-64 -dwarf-column-info -debugger-tuning=gdb
-resource-dir /usr/lib/llvm-3.8/bin/../lib/clang/3.8.0 -isystem
/tmp/workspace/LStore-Branches/PR-94/build/include/apr-ACCRE-1 -I
/tmp/workspace/LStore-Branches/PR-94/build/include -I
/tmp/workspace/LStore-Branches/PR-94/src/toolbox -I
/tmp/workspace/LStore-Branches/PR-94/src/gop -I
/tmp/workspace/LStore-Branches/PR-94/src/ibp -D _REENTRANT -D _GNU_SOURCE -D
_LARGEFILE64_SOURCE -D _FILE_OFFSET_BITS=64 -D LSTORE_HACK_EXPORT
-internal-isystem /usr/local/include -internal-isystem
/usr/lib/llvm-3.8/bin/../lib/clang/3.8.0/include -internal-externc-isystem
/usr/include/x86_64-linux-gnu -internal-externc-isystem /include
-internal-externc-isystem /usr/include -Wno-unused-parameter
-Wno-deprecated-declarations -std=c99 -fdebug-compilation-dir
/tmp/workspace/LStore-Branches/PR-94/build -ferror-limit 19 -fmessage-length 0
-fvisibility hidden -fobjc-runtime=gcc -fdiagnostics-show-option
-analyzer-display-progress -analyzer-checker alpha.core.BoolAssignment
-analyzer-checker alpha.core.CallAndMessageUnInitRefArg -analyzer-checker
alpha.core.CastSize -analyzer-checker alpha.core.CastToStruct -analyzer-checker
alpha.core.DynamicTypeChecker -analyzer-checker alpha.core.FixedAddr
-analyzer-checker alpha.core.IdenticalExpr -analyzer-checker
alpha.core.PointerArithm -analyzer-checker alpha.core.PointerSub
-analyzer-checker alpha.core.SizeofPtr -analyzer-checker
alpha.core.TestAfterDivZero -analyzer-checker alpha.cplusplus.VirtualCall
-analyzer-checker alpha.deadcode.UnreachableCode -analyzer-checker
alpha.security.ArrayBound -analyzer-checker alpha.security.ArrayBoundV2
-analyzer-checker alpha.security.MallocOverflow -analyzer-checker
alpha.security.ReturnPtrRange -analyzer-checker
alpha.security.taint.TaintPropagation -analyzer-checker alpha.unix.Chroot
-analyzer-checker alpha.unix.PthreadLock -analyzer-checker
alpha.unix.SimpleStream -analyzer-checker alpha.unix.Stream -analyzer-checker
alpha.unix.cstring.BufferOverlap -analyzer-checker
alpha.unix.cstring.NotNullTerminated -analyzer-checker
alpha.unix.cstring.OutOfBounds -analyzer-checker=debug.Stats -analyzer-max-loop
10 -analyzer-output=html -o
/tmp/workspace/LStore-Branches/PR-94/build/clang-static-analyzer/2016-06-07-064307-13352-1
-x c /tmp/workspace/LStore-Branches/PR-94/test/runner-unix.c
1. <eof> parser at end of file
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
