Assertion failure in SmartPtrChecker when initializing std::unique_ptr with nullptr #49932
Description
| Bugzilla Link | 50588 |
| Version | trunk |
| OS | Linux |
| CC | @devincoughlin,@RedDocMD,@haoNoQ,@Teemperor,@SavchenkoValeriy,@Xazax-hun |
Extended Description
For the following code:
#include <memory>
void foo(s) {
auto hell = std::unique_ptr<int>(nullptr);
*hell;
}
the assertion at SmartPtrModeling.cpp:240: TrackingExpr->getType()->isPointerType() && "Adding a non pointer value to TrackedRegionMap" fails.
The full stack trace:
clang++: /home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp:242: bool (anonymous namespace)::SmartPtrModeling::evalCall(const clang::ento::CallEvent &, clang::ento::CheckerContext &) const: Assertion `TrackingExpr->getType()->isPointerType() && "Adding a non pointer value to TrackedRegionMap"' failed.
PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0. Program arguments: ./llvm/release/bin/clang++ -std=c++20 -Xclang -analyze -Xclang -analyzer-checker=core,cplusplus.Move,cplusplus.NewDelete,alpha.cplusplus.SmartPtr -Xclang -analyzer-output=text -Xclang -analyzer-config -Xclang cplusplus.SmartPtrModeling:ModelSmartPtrDereference=true -c make_unique.cpp
1. <eof> parser at end of file
2. While analyzing stack:
#0 Calling foo
3. make_unique.cpp:8:17: Error evaluating statement
4. make_unique.cpp:8:17: Error evaluating statement
#​0 0x00007f9a6c3317b1 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) /home/dknite/work/llvm-project/llvm/llvm/lib/Support/Unix/Signals.inc:565:13
#​1 0x00007f9a6c32f7e0 llvm::sys::RunSignalHandlers() /home/dknite/work/llvm-project/llvm/llvm/lib/Support/Signals.cpp:77:18
#​2 0x00007f9a6c330d9b llvm::sys::CleanupOnSignal(unsigned long) /home/dknite/work/llvm-project/llvm/llvm/lib/Support/Unix/Signals.inc:0:3
#​3 0x00007f9a6c257df3 (anonymous namespace)::CrashRecoveryContextImpl::HandleCrash(int, unsigned long) /home/dknite/work/llvm-project/llvm/llvm/lib/Support/CrashRecoveryContext.cpp:75:5
#​4 0x00007f9a6c257fab CrashRecoverySignalHandler(int) /home/dknite/work/llvm-project/llvm/llvm/lib/Support/CrashRecoveryContext.cpp:0:51
#​5 0x00007f9a6fe35870 __restore_rt sigaction.c:0:0
#​6 0x00007f9a6bc2fd22 raise (/usr/lib/libc.so.6+0x3cd22)
#​7 0x00007f9a6bc19862 abort (/usr/lib/libc.so.6+0x26862)
#​8 0x00007f9a6bc19747 _nl_load_domain.cold loadmsgcat.c:0:0
#​9 0x00007f9a6bc28616 (/usr/lib/libc.so.6+0x35616)
#​10 0x00007f9a68c24b02 getInnerPointerType(clang::ento::CallEvent const&, clang::ento::CheckerContext&) /home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp:0:0
#​11 0x00007f9a68c24b02 (anonymous namespace)::SmartPtrModeling::handleBoolConversion(clang::ento::CallEvent const&, clang::ento::CheckerContext&) const /home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp:575:29
#​12 0x00007f9a68c24b02 (anonymous namespace)::SmartPtrModeling::evalCall(clang::ento::CallEvent const&, clang::ento::CheckerContext&) const /home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Checkers/SmartPtrModeling.cpp:193:7
#​13 0x00007f9a68c24b02 bool clang::ento::eval::Call::_evalCall<(anonymous namespace)::SmartPtrModeling>(void*, clang::ento::CallEvent const&, clang::ento::CheckerContext&) /home/dknite/work/llvm-project/llvm/clang/include/clang/StaticAnalyzer/Core/Checker.h:479:40
#​14 0x00007f9a687492bd clang::ento::CheckerFn<bool (clang::ento::CallEvent const&, clang::ento::CheckerContext&)>::operator()(clang::ento::CallEvent const&, clang::ento::CheckerContext&) const /home/dknite/work/llvm-project/llvm/clang/include/clang/StaticAnalyzer/Core/CheckerManager.h:0:12
#​15 0x00007f9a687492bd clang::ento::CheckerManager::runCheckersForEvalCall(clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNodeSet const&, clang::ento::CallEvent const&, clang::ento::ExprEngine&, clang::ento::EvalCallOptions const&) /home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Core/CheckerManager.cpp:676:21
#​16 0x00007f9a6878e4c8 llvm::SmallVectorTemplateCommon<clang::ento::ExplodedNode*, void>::isSmall() const /home/dknite/work/llvm-project/llvm/llvm/include/llvm/ADT/SmallVector.h:129:39
#​17 0x00007f9a6878e4c8 llvm::SmallVectorImpl<clang::ento::ExplodedNode*>::~SmallVectorImpl() /home/dknite/work/llvm-project/llvm/llvm/include/llvm/ADT/SmallVector.h:581:16
#​18 0x00007f9a6878e4c8 llvm::SmallVector<clang::ento::ExplodedNode*, 4u>::~SmallVector() /home/dknite/work/llvm-project/llvm/llvm/include/llvm/ADT/SmallVector.h:1176:3
#​19 0x00007f9a6878e4c8 llvm::SetVector<clang::ento::ExplodedNode*, llvm::SmallVector<clang::ento::ExplodedNode*, 4u>, llvm::SmallDenseSet<clang::ento::ExplodedNode*, 4u, llvm::DenseMapInfo<clang::ento::ExplodedNode*> > >::~SetVector() /home/dknite/work/llvm-project/llvm/llvm/include/llvm/ADT/SetVector.h:40:7
#​20 0x00007f9a6878e4c8 clang::ento::ExplodedNodeSet::~ExplodedNodeSet() /home/dknite/work/llvm-project/llvm/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExplodedGraph.h:463:7
#​21 0x00007f9a6878e4c8 clang::ento::ExprEngine::handleConstructor(clang::Expr const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) /home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp:632:7
#​22 0x00007f9a6876dc24 clang::ento::ExprEngine::Visit(clang::Stmt const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) /home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:0:7
#​23 0x00007f9a6876ab3c clang::ento::ExprEngine::ProcessStmt(clang::Stmt const*, clang::ento::ExplodedNode*) /home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:792:9
#​24 0x00007f9a6876a7f4 clang::ento::ExprEngine::processCFGElement(clang::CFGElement, clang::ento::ExplodedNode*, unsigned int, clang::ento::NodeBuilderContext*) /home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:0:7
#​25 0x00007f9a68751ba2 clang::ento::CoreEngine::HandlePostStmt(clang::CFGBlock const*, unsigned int, clang::ento::ExplodedNode*) /home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:0:13
#​26 0x00007f9a68750fed clang::ento::CoreEngine::dispatchWorkItem(clang::ento::ExplodedNode*, clang::ProgramPoint, clang::ento::WorkListUnit const&) /home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:0:7
#​27 0x00007f9a68750b4f std::__uniq_ptr_impl<clang::ento::WorkList, std::default_delete<clang::ento::WorkList> >::_M_ptr() const /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/11.1.0/../../../../include/c++/11.1.0/bits/unique_ptr.h:173:42
#​28 0x00007f9a68750b4f std::unique_ptr<clang::ento::WorkList, std::default_delete<clang::ento::WorkList> >::get() const /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/11.1.0/../../../../include/c++/11.1.0/bits/unique_ptr.h:422:21
#​29 0x00007f9a68750b4f std::unique_ptr<clang::ento::WorkList, std::default_delete<clang::ento::WorkList> >::operator->() const /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/11.1.0/../../../../include/c++/11.1.0/bits/unique_ptr.h:416:9
#​30 0x00007f9a68750b4f clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*, unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>) /home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:128:10
#​31 0x00007f9a6af3e10c llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>::release() /home/dknite/work/llvm-project/llvm/llvm/include/llvm/ADT/IntrusiveRefCntPtr.h:218:9
#​32 0x00007f9a6af3e10c llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>::~IntrusiveRefCntPtr() /home/dknite/work/llvm-project/llvm/llvm/include/llvm/ADT/IntrusiveRefCntPtr.h:186:27
#​33 0x00007f9a6af3e10c clang::ento::ExprEngine::ExecuteWorkList(clang::LocationContext const*, unsigned int) /home/dknite/work/llvm-project/llvm/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h:192:5
#​34 0x00007f9a6af3e10c (anonymous namespace)::AnalysisConsumer::RunPathSensitiveChecks(clang::Decl*, clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*, llvm::DenseMapInfo<clang::Decl const*> >*) /home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:709:7
#​35 0x00007f9a6af3e10c (anonymous namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int, clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*, llvm::DenseMapInfo<clang::Decl const*> >*) /home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:682:5
#​36 0x00007f9a6af1b219 llvm::DenseMapBase<llvm::DenseMap<clang::Decl const*, llvm::detail::DenseSetEmpty, llvm::DenseMapInfo<clang::Decl const*>, llvm::detail::DenseSetPair<clang::Decl const*> >, clang::Decl const*, llvm::detail::DenseSetEmpty, llvm::DenseMapInfo<clang::Decl const*>, llvm::detail::DenseSetPair<clang::Decl const*> >::empty() const /home/dknite/work/llvm-project/llvm/llvm/include/llvm/ADT/DenseMap.h:98:28
#​37 0x00007f9a6af1b219 llvm::DenseMapBase<llvm::DenseMap<clang::Decl const*, llvm::detail::DenseSetEmpty, llvm::DenseMapInfo<clang::Decl const*>, llvm::detail::DenseSetPair<clang::Decl const*> >, clang::Decl const*, llvm::detail::DenseSetEmpty, llvm::DenseMapInfo<clang::Decl const*>, llvm::detail::DenseSetPair<clang::Decl const*> >::begin() /home/dknite/work/llvm-project/llvm/llvm/include/llvm/ADT/DenseMap.h:77:9
#​38 0x00007f9a6af1b219 llvm::detail::DenseSetImpl<clang::Decl const*, llvm::DenseMap<clang::Decl const*, llvm::detail::DenseSetEmpty, llvm::DenseMapInfo<clang::Decl const*>, llvm::detail::DenseSetPair<clang::Decl const*> >, llvm::DenseMapInfo<clang::Decl const*> >::begin() /home/dknite/work/llvm-project/llvm/llvm/include/llvm/ADT/DenseSet.h:173:45
#​39 0x00007f9a6af1b219 (anonymous namespace)::AnalysisConsumer::HandleDeclsCallGraph(unsigned int) /home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:475:29
#​40 0x00007f9a6af1b219 (anonymous namespace)::AnalysisConsumer::runAnalysisOnTranslationUnit(clang::ASTContext&) /home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:522:5
#​41 0x00007f9a6af1b219 (anonymous namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&) /home/dknite/work/llvm-project/llvm/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:552:5
#​42 0x00007f9a69cd8313 __gnu_cxx::__normal_iterator<std::unique_ptr<clang::TemplateInstantiationCallback, std::default_delete<clang::TemplateInstantiationCallback> >*, std::vector<std::unique_ptr<clang::TemplateInstantiationCallback, std::default_delete<clang::TemplateInstantiationCallback> >, std::allocator<std::unique_ptr<clang::TemplateInstantiationCallback, std::default_delete<clang::TemplateInstantiationCallback> > > > >::__normal_iterator(std::unique_ptr<clang::TemplateInstantiationCallback, std::default_delete<clang::TemplateInstantiationCallback> >* const&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/11.1.0/../../../../include/c++/11.1.0/bits/stl_iterator.h:1008:20
#​43 0x00007f9a69cd8313 std::vector<std::unique_ptr<clang::TemplateInstantiationCallback, std::default_delete<clang::TemplateInstantiationCallback> >, std::allocator<std::unique_ptr<clang::TemplateInstantiationCallback, std::default_delete<clang::TemplateInstantiationCallback> > > >::begin() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/11.1.0/../../../../include/c++/11.1.0/bits/stl_vector.h:812:16
#​44 0x00007f9a69cd8313 void clang::finalize<std::vector<std::unique_ptr<clang::TemplateInstantiationCallback, std::default_delete<clang::TemplateInstantiationCallback> >, std::allocator<std::unique_ptr<clang::TemplateInstantiationCallback, std::default_delete<clang::TemplateInstantiationCallback> > > > >(std::vector<std::unique_ptr<clang::TemplateInstantiationCallback, std::default_delete<clang::TemplateInstantiationCallback> >, std::allocator<std::unique_ptr<clang::TemplateInstantiationCallback, std::default_delete<clang::TemplateInstantiationCallback> > > >&, clang::Sema const&) /home/dknite/work/llvm-project/llvm/clang/include/clang/Sema/TemplateInstCallback.h:54:16
#​45 0x00007f9a69cd8313 clang::ParseAST(clang::Sema&, bool, bool) /home/dknite/work/llvm-project/llvm/clang/lib/Parse/ParseAST.cpp:178:3
#​46 0x00007f9a6e1e1b25 clang::FrontendAction::Execute() /home/dknite/work/llvm-project/llvm/clang/lib/Frontend/FrontendAction.cpp:953:10
#​47 0x00007f9a6e14fa42 llvm::Error::getPtr() const /home/dknite/work/llvm-project/llvm/llvm/include/llvm/Support/Error.h:274:42
#​48 0x00007f9a6e14fa42 llvm::Error::operator bool() /home/dknite/work/llvm-project/llvm/llvm/include/llvm/Support/Error.h:236:16
#​49 0x00007f9a6e14fa42 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) /home/dknite/work/llvm-project/llvm/clang/lib/Frontend/CompilerInstance.cpp:960:23
#​50 0x00007f9a6fe1d98c clang::ExecuteCompilerInvocation(clang::CompilerInstance*) /home/dknite/work/llvm-project/llvm/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:278:25
#​51 0x000055be0d88a8c0 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) /home/dknite/work/llvm-project/llvm/clang/tools/driver/cc1_main.cpp:246:15
#​52 0x000055be0d88840a ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&) /home/dknite/work/llvm-project/llvm/clang/tools/driver/driver.cpp:338:12
#​53 0x00007f9a6deddcb2 clang::driver::CC1Command::Execute(llvm::ArrayRef<llvm::Optional<llvm::StringRef> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, bool*) const::$_1::operator()() const /home/dknite/work/llvm-project/llvm/clang/lib/Driver/Job.cpp:404:30
#​54 0x00007f9a6deddcb2 void llvm::function_ref<void ()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<llvm::Optional<llvm::StringRef> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, bool*) const::$_1>(long) /home/dknite/work/llvm-project/llvm/llvm/include/llvm/ADT/STLExtras.h:185:12
#​55 0x00007f9a6c257d07 llvm::function_ref<void ()>::operator()() const /home/dknite/work/llvm-project/llvm/llvm/include/llvm/ADT/STLExtras.h:0:12
#​56 0x00007f9a6c257d07 llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) /home/dknite/work/llvm-project/llvm/llvm/lib/Support/CrashRecoveryContext.cpp:424:3
#​57 0x00007f9a6dedd695 clang::driver::CC1Command::Execute(llvm::ArrayRef<llvm::Optional<llvm::StringRef> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, bool*) const /home/dknite/work/llvm-project/llvm/clang/lib/Driver/Job.cpp:404:7
#​58 0x00007f9a6deab03b clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&, clang::driver::Command const*&) const /home/dknite/work/llvm-project/llvm/clang/lib/Driver/Compilation.cpp:196:15
#​59 0x00007f9a6deab5ba clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*> >&) const /home/dknite/work/llvm-project/llvm/clang/lib/Driver/Compilation.cpp:249:13
#​60 0x00007f9a6dec369e llvm::SmallVectorBase<unsigned int>::empty() const /home/dknite/work/llvm-project/llvm/llvm/include/llvm/ADT/SmallVector.h:73:47
#​61 0x00007f9a6dec369e clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*> >&) /home/dknite/work/llvm-project/llvm/clang/lib/Driver/Driver.cpp:1538:23
#​62 0x000055be0d887cfb main /home/dknite/work/llvm-project/llvm/clang/tools/driver/driver.cpp:510:21
#​63 0x00007f9a6bc1ab25 __libc_start_main (/usr/lib/libc.so.6+0x27b25)
#​64 0x000055be0d8851be _start (./llvm/release/bin/clang+++0x101be)
clang-13: error: clang frontend command failed with exit code 134 (use -v to see invocation)
clang version 13.0.0 ([email protected]:RedDocMD/deep-llvm.git 82fbc5d45b0c2fc9050d1d5e335e35afb4ab2611)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /home/dknite/work/llvm-project/./llvm/release/bin
clang-13: error: unable to execute command: Aborted (core dumped)
clang-13: note: diagnostic msg: Error generating preprocessed source(s).