Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clang-tidy-14 crashes #77378

Closed
aleksisch opened this issue Jan 8, 2024 · 5 comments · Fixed by #111138
Closed

Clang-tidy-14 crashes #77378

aleksisch opened this issue Jan 8, 2024 · 5 comments · Fixed by #111138
Labels
clang:static analyzer crash Prefer [crash-on-valid] or [crash-on-invalid]

Comments

@aleksisch
Copy link

I removed all information specific to my project. Hope it still will be helpful

PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace.
Stack dump:
0.      Program arguments: clang-tidy-14 -checks=*,-bugprone-narrowing-conversions,-cert-con36-c,-cert-con54-cpp,-cert-dcl03-c,-cert-dcl16-c,-cert-dcl37-c,-cert-dcl51-cpp,-cert-dcl54-cpp,-cert-dcl59-cpp,-cert-err09-cpp,-cert-err61-cpp,-cert-exp42-c,-cert-fio38-c,-cert-flp37-c,-cert-msc30-c,-cert-msc32-c,-cert-oop11-cpp,-cert-oop54-cpp,-cert-pos44-c,-cert-pos47-c,-cert-sig30-c,-cert-str34-c,-cppcoreguidelines-avoid-c-arrays,-cppcoreguidelines-avoid-magic-numbers,-cppcoreguidelines-c-copy-assignment-signature,-cppcoreguidelines-explicit-virtual-functions,-cppcoreguidelines-macro-to-enum,-cppcoreguidelines-non-private-member-variables-in-classes,-fuchsia-header-anon-namespaces,-google-readability-braces-around-statements,-google-readability-function-size,-google-readability-namespace-comments,-hicpp-avoid-c-arrays,-hicpp-avoid-goto,-hicpp-braces-around-statements,-hicpp-deprecated-headers,-hicpp-explicit-conversions,-hicpp-function-size,-hicpp-invalid-access-moved,-hicpp-member-init,-hicpp-move-const-arg,-hicpp-named-parameter,-hicpp-new-delete-operators,-hicpp-no-array-decay,-hicpp-no-malloc,-hicpp-noexcept-move,-hicpp-special-member-functions,-hicpp-static-assert,-hicpp-undelegated-constructor,-hicpp-uppercase-literal-suffix,-hicpp-use-auto,-hicpp-use-emplace,-hicpp-use-equals-default,-hicpp-use-equals-delete,-hicpp-use-noexcept,-hicpp-use-nullptr,-hicpp-use-override,-hicpp-vararg,-llvm-else-after-return,-llvm-qualified-auto,-bugprone-macro-parentheses,-llvm-header-guard,-llvm-include-order,-google-runtime-references,-fuchsia-trailing-return,-fuchsia-default-arguments-calls,-fuchsia-default-arguments-declarations,-modernize-use-trailing-return-type,-readability-static-accessed-through-instance,-bugprone-sizeof-expression,-readability-convert-member-functions-to-static,-bugprone-branch-clone,-llvmlibc-*,-altera-*,-abseil-*,-readability-identifier-length,-cppcoreguidelines-owning-memory,-cppcoreguidelines-pro-bounds-array-to-pointer-decay,-cppcoreguidelines-pro-bounds-constant-array-index,-cppcoreguidelines-pro-type-const-cast,-cppcoreguidelines-pro-type-reinterpret-cast,-cppcoreguidelines-pro-type-static-cast-downcast,-fuchsia-default-arguments,-fuchsia-overloaded-operator,-modernize-use-nodiscard,-cert-dcl50-cpp,-performance-noexcept-move-constructor,-bugprone-easily-swappable-parameters,-bugprone-reserved-identifier,-bugprone-signed-char-misuse,-bugprone-implicit-widening-of-multiplication-result,-bugprone-suspicious-include,-bugprone-dynamic-static-initializers,-cppcoreguidelines-avoid-non-const-global-variables,-cppcoreguidelines-virtual-class-destructor,-cppcoreguidelines-prefer-member-initializer,-cppcoreguidelines-init-variables,-cppcoreguidelines-narrowing-conversions,-google-upgrade-googletest-case,-readability-redundant-access-specifiers,-readability-qualified-auto,-readability-make-member-function-const,-readability-container-data-pointer,-readability-function-cognitive-complexity,-readability-use-anyofallof,-readability-suspicious-call-argument,-modernize-return-braced-init-list,-cert-err33-c,-google-readability-casting,-concurrency-mt-unsafe,-performance-no-int-to-ptr,-misc-no-recursion,-google-readability-avoid-underscore-in-googletest-name --header-filter=.* --config-file=../.clang-tidy HERE_GOES_FLAGS_SPECIFIC_TO_MY_PROJECT
1.      <eof> parser at end of file
2.      While analyzing stack: 
        #0 Calling <HERE_GOES_FUNCTION_SIGNATURE> parser_test.cpp:98:17
        #1 Calling Parser_Test::TestBody()
3.      callable.h:106:16: Error evaluating statement
4.      callable.h:106:16: Error evaluating statement
 #0 0x00007f25d3e3fd01 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/lib/x86_64-linux-gnu/libLLVM-14.so.1+0xe3fd01)
 #1 0x00007f25d3e3da3e llvm::sys::RunSignalHandlers() (/lib/x86_64-linux-gnu/libLLVM-14.so.1+0xe3da3e)
 #2 0x00007f25d3e40236 (/lib/x86_64-linux-gnu/libLLVM-14.so.1+0xe40236)
 #3 0x00007f25d2842520 (/lib/x86_64-linux-gnu/libc.so.6+0x42520)
 #4 0x00007f25dc194459 clang::ento::CXXInstanceCall::getExtraInvalidatedValues(llvm::SmallVectorImpl<clang::ento::SVal>&, clang::ento::RegionAndSymbolInvalidationTraits*) const (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x2794459)
 #5 0x00007f25dc192c53 clang::ento::CallEvent::invalidateRegions(unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>) const (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x2792c53)
 #6 0x00007f25dc1de47b clang::ento::ExprEngine::conservativeEvalCall(clang::ento::CallEvent const&, clang::ento::NodeBuilder&, clang::ento::ExplodedNode*, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x27de47b)
 #7 0x00007f25dc1df2c4 clang::ento::ExprEngine::defaultEvalCall(clang::ento::NodeBuilder&, clang::ento::ExplodedNode*, clang::ento::CallEvent const&, clang::ento::EvalCallOptions const&) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x27df2c4)
 #8 0x00007f25dc1a03f1 clang::ento::CheckerManager::runCheckersForEvalCall(clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNodeSet const&, clang::ento::CallEvent const&, clang::ento::ExprEngine&, clang::ento::EvalCallOptions const&) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x27a03f1)
 #9 0x00007f25dc1dd1b7 clang::ento::ExprEngine::evalCall(clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNode*, clang::ento::CallEvent const&) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x27dd1b7)
#10 0x00007f25dc1dce64 clang::ento::ExprEngine::VisitCallExpr(clang::CallExpr const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x27dce64)
#11 0x00007f25dc1c2ce3 clang::ento::ExprEngine::Visit(clang::Stmt const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x27c2ce3)
#12 0x00007f25dc1bea25 clang::ento::ExprEngine::ProcessStmt(clang::Stmt const*, clang::ento::ExplodedNode*) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x27bea25)
#13 0x00007f25dc1be6fe clang::ento::ExprEngine::processCFGElement(clang::CFGElement, clang::ento::ExplodedNode*, unsigned int, clang::ento::NodeBuilderContext*) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x27be6fe)
#14 0x00007f25dc1a69eb clang::ento::CoreEngine::dispatchWorkItem(clang::ento::ExplodedNode*, clang::ProgramPoint, clang::ento::WorkListUnit const&) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x27a69eb)
#15 0x00007f25dc1a6653 clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*, unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x27a6653)
#16 0x00007f25dc5de300 (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x2bde300)
#17 0x00007f25dc5bd552 (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x2bbd552)
#18 0x00007f25dbf4fd7c clang::MultiplexConsumer::HandleTranslationUnit(clang::ASTContext&) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x254fd7c)
#19 0x00007f25da404824 clang::ParseAST(clang::Sema&, bool, bool) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0xa04824)
#20 0x00007f25dbf14b57 clang::FrontendAction::Execute() (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x2514b57)
#21 0x00007f25dbe6c3a6 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x246c3a6)
#22 0x00007f25dc112423 clang::tooling::FrontendActionFactory::runInvocation(std::shared_ptr<clang::CompilerInvocation>, clang::FileManager*, std::shared_ptr<clang::PCHContainerOperations>, clang::DiagnosticConsumer*) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x2712423)
#23 0x0000000000bb78ea (/usr/lib/llvm-14/bin/clang-tidy+0xbb78ea)
#24 0x00007f25dc112175 clang::tooling::ToolInvocation::runInvocation(char const*, clang::driver::Compilation*, std::shared_ptr<clang::CompilerInvocation>, std::shared_ptr<clang::PCHContainerOperations>) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x2712175)
#25 0x00007f25dc111183 clang::tooling::ToolInvocation::run() (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x2711183)
#26 0x00007f25dc113d0e clang::tooling::ClangTool::run(clang::tooling::ToolAction*) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x2713d0e)
#27 0x0000000000bb301d clang::tidy::runClangTidy(clang::tidy::ClangTidyContext&, clang::tooling::CompilationDatabase const&, llvm::ArrayRef<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, llvm::IntrusiveRefCntPtr<llvm::vfs::OverlayFileSystem>, bool, bool, llvm::StringRef) (/usr/lib/llvm-14/bin/clang-tidy+0xbb301d)
#28 0x00000000005b02ae clang::tidy::clangTidyMain(int, char const**) (/usr/lib/llvm-14/bin/clang-tidy+0x5b02ae)
#29 0x00007f25d2829d90 __libc_start_call_main ./csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#30 0x00007f25d2829e40 call_init ./csu/../csu/libc-start.c:128:20
#31 0x00007f25d2829e40 __libc_start_main ./csu/../csu/libc-start.c:379:5
#32 0x00000000005ac1c5 _start (/usr/lib/llvm-14/bin/clang-tidy+0x5ac1c5)
@EugeneZelenko EugeneZelenko added clang:static analyzer crash Prefer [crash-on-valid] or [crash-on-invalid] and removed clang-tidy labels Jan 8, 2024
@llvmbot
Copy link
Member

llvmbot commented Jan 8, 2024

@llvm/issue-subscribers-clang-static-analyzer

Author: Aleksey (aleksisch)

I removed all information specific to my project. Hope it still will be helpful ``` PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace. Stack dump: 0. Program arguments: clang-tidy-14 -checks=*,-bugprone-narrowing-conversions,-cert-con36-c,-cert-con54-cpp,-cert-dcl03-c,-cert-dcl16-c,-cert-dcl37-c,-cert-dcl51-cpp,-cert-dcl54-cpp,-cert-dcl59-cpp,-cert-err09-cpp,-cert-err61-cpp,-cert-exp42-c,-cert-fio38-c,-cert-flp37-c,-cert-msc30-c,-cert-msc32-c,-cert-oop11-cpp,-cert-oop54-cpp,-cert-pos44-c,-cert-pos47-c,-cert-sig30-c,-cert-str34-c,-cppcoreguidelines-avoid-c-arrays,-cppcoreguidelines-avoid-magic-numbers,-cppcoreguidelines-c-copy-assignment-signature,-cppcoreguidelines-explicit-virtual-functions,-cppcoreguidelines-macro-to-enum,-cppcoreguidelines-non-private-member-variables-in-classes,-fuchsia-header-anon-namespaces,-google-readability-braces-around-statements,-google-readability-function-size,-google-readability-namespace-comments,-hicpp-avoid-c-arrays,-hicpp-avoid-goto,-hicpp-braces-around-statements,-hicpp-deprecated-headers,-hicpp-explicit-conversions,-hicpp-function-size,-hicpp-invalid-access-moved,-hicpp-member-init,-hicpp-move-const-arg,-hicpp-named-parameter,-hicpp-new-delete-operators,-hicpp-no-array-decay,-hicpp-no-malloc,-hicpp-noexcept-move,-hicpp-special-member-functions,-hicpp-static-assert,-hicpp-undelegated-constructor,-hicpp-uppercase-literal-suffix,-hicpp-use-auto,-hicpp-use-emplace,-hicpp-use-equals-default,-hicpp-use-equals-delete,-hicpp-use-noexcept,-hicpp-use-nullptr,-hicpp-use-override,-hicpp-vararg,-llvm-else-after-return,-llvm-qualified-auto,-bugprone-macro-parentheses,-llvm-header-guard,-llvm-include-order,-google-runtime-references,-fuchsia-trailing-return,-fuchsia-default-arguments-calls,-fuchsia-default-arguments-declarations,-modernize-use-trailing-return-type,-readability-static-accessed-through-instance,-bugprone-sizeof-expression,-readability-convert-member-functions-to-static,-bugprone-branch-clone,-llvmlibc-*,-altera-*,-abseil-*,-readability-identifier-length,-cppcoreguidelines-owning-memory,-cppcoreguidelines-pro-bounds-array-to-pointer-decay,-cppcoreguidelines-pro-bounds-constant-array-index,-cppcoreguidelines-pro-type-const-cast,-cppcoreguidelines-pro-type-reinterpret-cast,-cppcoreguidelines-pro-type-static-cast-downcast,-fuchsia-default-arguments,-fuchsia-overloaded-operator,-modernize-use-nodiscard,-cert-dcl50-cpp,-performance-noexcept-move-constructor,-bugprone-easily-swappable-parameters,-bugprone-reserved-identifier,-bugprone-signed-char-misuse,-bugprone-implicit-widening-of-multiplication-result,-bugprone-suspicious-include,-bugprone-dynamic-static-initializers,-cppcoreguidelines-avoid-non-const-global-variables,-cppcoreguidelines-virtual-class-destructor,-cppcoreguidelines-prefer-member-initializer,-cppcoreguidelines-init-variables,-cppcoreguidelines-narrowing-conversions,-google-upgrade-googletest-case,-readability-redundant-access-specifiers,-readability-qualified-auto,-readability-make-member-function-const,-readability-container-data-pointer,-readability-function-cognitive-complexity,-readability-use-anyofallof,-readability-suspicious-call-argument,-modernize-return-braced-init-list,-cert-err33-c,-google-readability-casting,-concurrency-mt-unsafe,-performance-no-int-to-ptr,-misc-no-recursion,-google-readability-avoid-underscore-in-googletest-name --header-filter=.* --config-file=../.clang-tidy HERE_GOES_FLAGS_SPECIFIC_TO_MY_PROJECT 1. <eof> parser at end of file 2. While analyzing stack: #0 Calling <HERE_GOES_FUNCTION_SIGNATURE> parser_test.cpp:98:17 #1 Calling Parser_Test::TestBody() 3. callable.h:106:16: Error evaluating statement 4. callable.h:106:16: Error evaluating statement #0 0x00007f25d3e3fd01 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/lib/x86_64-linux-gnu/libLLVM-14.so.1+0xe3fd01) #1 0x00007f25d3e3da3e llvm::sys::RunSignalHandlers() (/lib/x86_64-linux-gnu/libLLVM-14.so.1+0xe3da3e) #2 0x00007f25d3e40236 (/lib/x86_64-linux-gnu/libLLVM-14.so.1+0xe40236) #3 0x00007f25d2842520 (/lib/x86_64-linux-gnu/libc.so.6+0x42520) #4 0x00007f25dc194459 clang::ento::CXXInstanceCall::getExtraInvalidatedValues(llvm::SmallVectorImpl<clang::ento::SVal>&, clang::ento::RegionAndSymbolInvalidationTraits*) const (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x2794459) #5 0x00007f25dc192c53 clang::ento::CallEvent::invalidateRegions(unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>) const (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x2792c53) #6 0x00007f25dc1de47b clang::ento::ExprEngine::conservativeEvalCall(clang::ento::CallEvent const&, clang::ento::NodeBuilder&, clang::ento::ExplodedNode*, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x27de47b) #7 0x00007f25dc1df2c4 clang::ento::ExprEngine::defaultEvalCall(clang::ento::NodeBuilder&, clang::ento::ExplodedNode*, clang::ento::CallEvent const&, clang::ento::EvalCallOptions const&) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x27df2c4) #8 0x00007f25dc1a03f1 clang::ento::CheckerManager::runCheckersForEvalCall(clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNodeSet const&, clang::ento::CallEvent const&, clang::ento::ExprEngine&, clang::ento::EvalCallOptions const&) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x27a03f1) #9 0x00007f25dc1dd1b7 clang::ento::ExprEngine::evalCall(clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNode*, clang::ento::CallEvent const&) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x27dd1b7) #10 0x00007f25dc1dce64 clang::ento::ExprEngine::VisitCallExpr(clang::CallExpr const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x27dce64) #11 0x00007f25dc1c2ce3 clang::ento::ExprEngine::Visit(clang::Stmt const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x27c2ce3) #12 0x00007f25dc1bea25 clang::ento::ExprEngine::ProcessStmt(clang::Stmt const*, clang::ento::ExplodedNode*) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x27bea25) #13 0x00007f25dc1be6fe clang::ento::ExprEngine::processCFGElement(clang::CFGElement, clang::ento::ExplodedNode*, unsigned int, clang::ento::NodeBuilderContext*) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x27be6fe) #14 0x00007f25dc1a69eb clang::ento::CoreEngine::dispatchWorkItem(clang::ento::ExplodedNode*, clang::ProgramPoint, clang::ento::WorkListUnit const&) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x27a69eb) #15 0x00007f25dc1a6653 clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*, unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x27a6653) #16 0x00007f25dc5de300 (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x2bde300) #17 0x00007f25dc5bd552 (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x2bbd552) #18 0x00007f25dbf4fd7c clang::MultiplexConsumer::HandleTranslationUnit(clang::ASTContext&) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x254fd7c) #19 0x00007f25da404824 clang::ParseAST(clang::Sema&, bool, bool) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0xa04824) #20 0x00007f25dbf14b57 clang::FrontendAction::Execute() (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x2514b57) #21 0x00007f25dbe6c3a6 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x246c3a6) #22 0x00007f25dc112423 clang::tooling::FrontendActionFactory::runInvocation(std::shared_ptr<clang::CompilerInvocation>, clang::FileManager*, std::shared_ptr<clang::PCHContainerOperations>, clang::DiagnosticConsumer*) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x2712423) #23 0x0000000000bb78ea (/usr/lib/llvm-14/bin/clang-tidy+0xbb78ea) #24 0x00007f25dc112175 clang::tooling::ToolInvocation::runInvocation(char const*, clang::driver::Compilation*, std::shared_ptr<clang::CompilerInvocation>, std::shared_ptr<clang::PCHContainerOperations>) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x2712175) #25 0x00007f25dc111183 clang::tooling::ToolInvocation::run() (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x2711183) #26 0x00007f25dc113d0e clang::tooling::ClangTool::run(clang::tooling::ToolAction*) (/lib/x86_64-linux-gnu/libclang-cpp.so.14+0x2713d0e) #27 0x0000000000bb301d clang::tidy::runClangTidy(clang::tidy::ClangTidyContext&, clang::tooling::CompilationDatabase const&, llvm::ArrayRef<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, llvm::IntrusiveRefCntPtr<llvm::vfs::OverlayFileSystem>, bool, bool, llvm::StringRef) (/usr/lib/llvm-14/bin/clang-tidy+0xbb301d) #28 0x00000000005b02ae clang::tidy::clangTidyMain(int, char const**) (/usr/lib/llvm-14/bin/clang-tidy+0x5b02ae) #29 0x00007f25d2829d90 __libc_start_call_main ./csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #30 0x00007f25d2829e40 call_init ./csu/../csu/libc-start.c:128:20 #31 0x00007f25d2829e40 __libc_start_main ./csu/../csu/libc-start.c:379:5 #32 0x00000000005ac1c5 _start (/usr/lib/llvm-14/bin/clang-tidy+0x5ac1c5) ```

@EugeneZelenko
Copy link
Contributor

Could you please try 17 or main branch?

@steakhal steakhal added the incomplete Issue not complete (e.g. missing a reproducer, build arguments, etc.) label Mar 5, 2024
@steakhal
Copy link
Contributor

steakhal commented Mar 5, 2024

TBH I don't think it's useful without a reproducer.
I can't investigate the issue this way.
If you still have the code laying around, let me know and I'll reopen this issue.

@steakhal steakhal closed this as not planned Won't fix, can't repro, duplicate, stale Mar 5, 2024
@aleksisch
Copy link
Author

aleksisch commented Sep 16, 2024
edited
Loading

@steakhal @EugeneZelenko Hi, sorry for the long delay. I had some time to investigate the problem. Here's the minimal code I was able to get, which fails on the current master:

template <typename Signature>
class callable;

template <typename R>
class callable<R()> {
    struct CallableType {
        bool operator()();
    };
    using MethodType = R (CallableType::*)();
    CallableType *object_ {nullptr};
    MethodType method_;
public:
    callable() = default;

    template <typename T>
    constexpr callable(const T &obj)
        : object_ {reinterpret_cast<CallableType *>(&const_cast<T &>(obj))},
          method_ {reinterpret_cast<MethodType>(static_cast<bool (T::*)() const>(&T::operator()))}
    {
    }

    constexpr bool foo1() const
    {
        return (object_->*(method_))();
    }

    callable call() const &
    {
        static const auto L = [this]() {
            while (true) {
                if (this->foo1()) {
                    break;
                }
            }
            return true;
        };
        return L;
    }
};

void foo()
{
    callable<bool()>().call().foo1();
}

In debug mode it fails with this assertion:

clang-tidy: /home/llvm-project/clang/include/clang/AST/DeclCXX.h:465: clang::CXXRecordDecl::DefinitionData& clang::CXXRecordDecl::data() const: Assertion `DD && "queried property of class with no definition"' failed.

I believe it has some ties with this comment:
https://github.com/llvm/llvm-project/blob/main/clang/lib/StaticAnalyzer/Core/CallEvent.cpp#L738

@EugeneZelenko EugeneZelenko removed the incomplete Issue not complete (e.g. missing a reproducer, build arguments, etc.) label Sep 16, 2024
steakhal added a commit to steakhal/llvm-project that referenced this issue Oct 4, 2024
@steakhal
[analyzer] Use dynamic type when invalidating by a member function call
d3e8f1f 
When instantiating "callable<T>", the "class CallableType" nested type
will only have a declaration in the copy for the instantiation - because
it's not refered to directly by any other code that would need a
complete definition.

However, in the past, when conservative eval calling member function,
we took the static type of the "this" expr, and looked up the
CXXRecordDecl it refered to to see if it has any mutable members (to
decide if it needs to refine invalidation or not).
Unfortunately, that query needs a definition, and it asserts otherwise,
thus we crashed.

To fix this, we should consult the dynamic type of the object, because
that will have the definition.
I anyways added a check for "hasDefinition" just to be on the safe side.

Fixes llvm#77378
@steakhal steakhal mentioned this issue Oct 4, 2024
Merged
@steakhal
Copy link
Contributor

steakhal commented Oct 4, 2024

@aleksisch It was a really interesting crash, so thanks again for sharing. I managed to find a fix for it too, see the related PR.

@steakhal steakhal reopened this Oct 4, 2024
NoumanAmir657 pushed a commit to NoumanAmir657/llvm-project that referenced this issue Nov 4, 2024
@steakhal @NoumanAmir657
[analyzer] Use dynamic type when invalidating by a member function ca…
6ce3dd1 
…ll (llvm#111138)

When instantiating "callable<T>", the "class CallableType" nested type
will only have a declaration in the copy for the instantiation - because
it's not refereed to directly by any other code that would need a
complete definition.

However, in the past, when conservative eval calling member function, we
took the static type of the "this" expr, and looked up the CXXRecordDecl
it refereed to to see if it has any mutable members (to decide if it
needs to refine invalidation or not). Unfortunately, that query needs a
definition, and it asserts otherwise, thus we crashed.

To fix this, we should consult the dynamic type of the object, because
that will have the definition.
I anyways added a check for "hasDefinition" just to be on the safe side.

Fixes llvm#77378
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
clang:static analyzer crash Prefer [crash-on-valid] or [crash-on-invalid]
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[analyzer] Use dynamic type when invalidating by a member function call steakhal/llvm-project
4 participants
@steakhal @EugeneZelenko @aleksisch @llvmbot