This is an archive of the discontinued LLVM Phabricator instance.

Differential D23853

Assert in performTrivialCopy - Bug report and a possible solution
AbandonedPublic

Authored by szepet on Aug 24 2016, 2:01 PM.

Details

Reviewers
dcoughlin
zaks.anna
NoQ
Summary

I ran into a bug, when I was implementing a checker and tested it on LLVM with CodeChecker. And I got the next error message:

performTrivialCopy_assert.txt17 KBDownload

I got the same results even when I tried to use MallocChecker or other (probably well tested) checkers. From that I draw the next conclusion: The error was probably triggered by the last changes of SymbolRecord.h (line:260, commit: https://reviews.llvm.org/rL270511#ffc63071 line:112 in the commit) and during the analysis of that line the getArgSVal() return an UndefinedVal. (It can happen, see: http://clang.llvm.org/doxygen/Environment_8cpp_source.html#l00069) And it seems the perfromTrivialCopy function does not handle this case. (If it should not happen than the call itself is the problem, but at least I could draw attention on this assert.)

I changed the code to accept UndefinedVal too and it seems working (okay,it is more precise to say it`s not asserting...), but I have only limited knowledge in this topic.

Diff Detail

Event Timeline

szepet updated this revision to Diff 69146.Aug 24 2016, 2:01 PM
szepet retitled this revision from to Assert in performTrivialCopy - Bug report and a possible solution.
szepet updated this object.
szepet added a reviewer: jordan_rose.
szepet added a subscriber: xazax.hun.
szepet updated this object.Aug 24 2016, 2:04 PM
xazax.hun added reviewers: zaks.anna, dcoughlin, NoQ.Aug 24 2016, 2:04 PM
xazax.hun added a subscriber: cfe-commits.
dcoughlin edited edge metadata.Aug 24 2016, 7:18 PM

I'm not sure that weakening the assert is the right thing to do here. It seems like if V is undef that the analyzer ideally ought to have issued a diagnostic (and a sink) somewhere before. Do you have a test case that reproduces? (It would be good to add that to the tests in any event!).

Also: I think r270511 is unlikely to be the change that caused this -- that is a change in LLVM's treatment of DebugInfo, which shouldn't affect the analyzer.

dcoughlin removed a reviewer: jordan_rose.Aug 24 2016, 7:19 PM
xazax.hun added a comment.Aug 24 2016, 11:19 PM

Also: I think r270511 is unlikely to be the change that caused this -- that is a change in LLVM's treatment of DebugInfo, which shouldn't affect the analyzer.

I think Peter means that, that revision introduced the code that the analyzer fails to analyze (and not the bug in the analyzer).

zaks.anna edited edge metadata.Aug 26 2016, 11:06 AM
In D23853#524945, @xazax.hun wrote:

Also: I think r270511 is unlikely to be the change that caused this -- that is a change in LLVM's treatment of DebugInfo, which shouldn't affect the analyzer.

I think Peter means that, that revision introduced the code that the analyzer fails to analyze (and not the bug in the analyzer).

Can you add a reduced test case?

zaks.anna requested changes to this revision.Sep 12 2016, 10:48 AM
zaks.anna edited edge metadata.
This revision now requires changes to proceed.Sep 12 2016, 10:48 AM
szepet abandoned this revision.Oct 4 2016, 8:13 AM

At first I was not able to reproduce it. Then I realized it was my foul because I used the analyzer without the core checkers in this case. Sorry for the false positive.

zaks.anna added a comment.Oct 4 2016, 11:53 AM

Should this revision be closed?

Revision Contents

PathSize
lib/
StaticAnalyzer/
Core/
2 lines

Diff 69146

lib/StaticAnalyzer/Core/ExprEngineCXX.cpp

Context not available.
if (Optional<Loc> L = V.getAs<Loc>()) if (Optional<Loc> L = V.getAs<Loc>())
V = Pred->getState()->getSVal(*L); V = Pred->getState()->getSVal(*L);
else else
assert(V.isUnknown()); assert(V.isUnknownOrUndef());
const Expr *CallExpr = Call.getOriginExpr(); const Expr *CallExpr = Call.getOriginExpr();
evalBind(Dst, CallExpr, Pred, ThisVal, V, true); evalBind(Dst, CallExpr, Pred, ThisVal, V, true);
Context not available.