This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
lib/StaticAnalyzer/Core/
-
StaticAnalyzer/
-
Core/
-
BugReporter.cpp
-
test/Analysis/
-
Analysis/
-
call_once.cpp

Differential D41680

[analyzer] do not crash with assertion on processing locations of bodyfarmed functions
ClosedPublic

Authored by george.karpenkov on Jan 2 2018, 1:38 PM.

Download Raw Diff

Details

Reviewers

dcoughlin
NoQ

Commits

rG96625fdc6bff: [analyzer] do not crash with assertion on processing locations of bodyfarmed…
rL321682: [analyzer] do not crash with assertion on processing locations of bodyfarmed…
rC321682: [analyzer] do not crash with assertion on processing locations of bodyfarmed…

Summary

This addresses an issue introduced in r183451: since removePiecesWithInvalidLocations is called *after* adjustCallLocations, it is not necessary, and in fact harmful, to have this assertion in adjustCallLocations.

Addresses rdar://36170689

Diff Detail

Repository: rC Clang

Event Timeline

george.karpenkov created this revision.Jan 2 2018, 1:38 PM

Herald added subscribers: a.sidorin, szepet, kristof.beyls and 2 others. · View Herald TranscriptJan 2 2018, 1:38 PM

The error is triggered when analyzer finds a bug *inside* the callable captured by the body farm.
Probably we didn't see the crash in the wild because either
a) the clang build did not have assertions enabled
or
b) the HTML output was not enabled

and the bug needs both to trigger.
In any case it does not make sense to assert that invalid locations are not present on the path if right after we are calling a subroutine which removes all diagnostics which do have invalid locations.

Yep, so it still doesn't answer if removePiecesWithInvalidLocations() was dead code to begin with (considering that the assertion in adjustCallLocations() says that everything but call locations is valid by now, and call locations are fixed immediately after that). The piece with invalid location seems to be a control flow piece (grey piece / arrow) which is indeed not to be displayed to the user in this case. I'm still not sure how/if-at-all this worked before. But the new behavior looks correct and i don't see these questions as the most pressing issues we're having at the moment :)

This revision is now accepted and ready to land.Jan 2 2018, 2:27 PM

Closed by commit rC321682: [analyzer] do not crash with assertion on processing locations of bodyfarmed… (authored by george.karpenkov). · Explain WhyJan 2 2018, 3:06 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents

Path

Size

lib/

StaticAnalyzer/

Core/

BugReporter.cpp

1 line

test/

Analysis/

call_once.cpp

9 lines

Diff 128474

lib/StaticAnalyzer/Core/BugReporter.cpp

	Show First 20 Lines • Show All 223 Lines • ▼ Show 20 Lines
	/// valid locations.			/// valid locations.
	static void			static void
	adjustCallLocations(PathPieces &Pieces,			adjustCallLocations(PathPieces &Pieces,
	PathDiagnosticLocation *LastCallLocation = nullptr) {			PathDiagnosticLocation *LastCallLocation = nullptr) {
	for (PathPieces::iterator I = Pieces.begin(), E = Pieces.end(); I != E; ++I) {			for (PathPieces::iterator I = Pieces.begin(), E = Pieces.end(); I != E; ++I) {
	PathDiagnosticCallPiece *Call = dyn_cast<PathDiagnosticCallPiece>(I->get());			PathDiagnosticCallPiece *Call = dyn_cast<PathDiagnosticCallPiece>(I->get());

	if (!Call) {			if (!Call) {
	assert((*I)->getLocation().asLocation().isValid());
	continue;			continue;
	}			}

	if (LastCallLocation) {			if (LastCallLocation) {
	bool CallerIsImplicit = hasImplicitBody(Call->getCaller());			bool CallerIsImplicit = hasImplicitBody(Call->getCaller());
	if (CallerIsImplicit \|\| !Call->callEnter.asLocation().isValid())			if (CallerIsImplicit \|\| !Call->callEnter.asLocation().isValid())
	Call->callEnter = *LastCallLocation;			Call->callEnter = *LastCallLocation;
	if (CallerIsImplicit \|\| !Call->callReturn.asLocation().isValid())			if (CallerIsImplicit \|\| !Call->callReturn.asLocation().isValid())
	▲ Show 20 Lines • Show All 3,465 Lines • Show Last 20 Lines

test/Analysis/call_once.cpp

	// RUN: %clang_analyze_cc1 -std=c++11 -fblocks -analyzer-checker=core,debug.ExprInspection -verify %s			// RUN: %clang_analyze_cc1 -std=c++11 -fblocks -analyzer-checker=core,debug.ExprInspection -verify %s -o %t.report
	// RUN: %clang_analyze_cc1 -std=c++11 -fblocks -analyzer-checker=core,debug.ExprInspection -DEMULATE_LIBSTDCPP -verify %s			// RUN: %clang_analyze_cc1 -std=c++11 -fblocks -analyzer-checker=core,debug.ExprInspection -DEMULATE_LIBSTDCPP -verify %s -o %t.report

	// We do NOT model libcxx03 implementation, but the analyzer should still			// We do NOT model libcxx03 implementation, but the analyzer should still
	// not crash.			// not crash.
	// RUN: %clang_analyze_cc1 -std=c++11 -fblocks -analyzer-checker=core,debug.ExprInspection -DEMULATE_LIBCXX03 -verify %s			// RUN: %clang_analyze_cc1 -std=c++11 -fblocks -analyzer-checker=core,debug.ExprInspection -DEMULATE_LIBCXX03 -verify %s -o %t.report
	// RUN: %clang_analyze_cc1 -std=c++11 -fblocks -analyzer-checker=core,debug.ExprInspection -DEMULATE_LIBCXX03 -DEMULATE_LIBSTDCPP -verify %s			// RUN: %clang_analyze_cc1 -std=c++11 -fblocks -analyzer-checker=core,debug.ExprInspection -DEMULATE_LIBCXX03 -DEMULATE_LIBSTDCPP -verify %s -o %t.report
				// RUN: rm -rf %t.report

	void clang_analyzer_eval(bool);			void clang_analyzer_eval(bool);

	// Faking std::std::call_once implementation.			// Faking std::std::call_once implementation.
	namespace std {			namespace std {

	#ifndef EMULATE_LIBSTDCPP			#ifndef EMULATE_LIBSTDCPP
	typedef struct once_flag_s {			typedef struct once_flag_s {
	▲ Show 20 Lines • Show All 346 Lines • Show Last 20 Lines