Page MenuHomePhabricator

[analyzer] Fix function macro crash
ClosedPublic

Authored by bruntib on Feb 7 2019, 7:30 AM.

Details

Summary

When there is a functor-like macro which is passed as parameter to another "function" macro then its parameters are not listed at the place of expansion:

#define foo(x) int bar() { return x; }
#define hello(fvar) fvar(0)
hello(foo)
int main() { 1 / bar(); }

Expansion of hello(foo) asserted Clang, because it expected an l_paren token in the 3rd line after "foo", since it is a function-like token.

Diff Detail

Repository
rL LLVM

Event Timeline

bruntib created this revision.Feb 7 2019, 7:30 AM
Herald added a project: Restricted Project. · View Herald TranscriptFeb 7 2019, 7:30 AM
Szelethus accepted this revision.EditedFeb 7 2019, 8:05 AM

Cheers! Let's wait a couple days for feedback, and I'll commit on your behalf after that.

This revision is now accepted and ready to land.Feb 7 2019, 8:05 AM
Szelethus requested changes to this revision.Feb 7 2019, 8:08 AM

Actually, reproducing this with a testcase would be much preferred here too.

This revision now requires changes to proceed.Feb 7 2019, 8:08 AM
bruntib updated this revision to Diff 185957.Feb 8 2019, 5:52 AM

I've added a test case.

Szelethus accepted this revision.Feb 8 2019, 5:59 AM

Awesome, thanks! Will commit around next Friday.

This revision is now accepted and ready to land.Feb 8 2019, 5:59 AM
bruntib updated this revision to Diff 185971.Feb 8 2019, 7:40 AM

There was another place where this crash could have happened.

bruntib updated this revision to Diff 186161.Feb 10 2019, 12:38 PM
Szelethus set the repository for this revision to rC Clang.Feb 25 2019, 10:53 AM

This patch no longer applies cleanly to the latest version of clang -- could you rebase please?

I rebased the patch on the current master.

bruntib updated this revision to Diff 190225.Mar 12 2019, 2:32 AM
This revision was automatically updated to reflect the committed changes.
Szelethus reopened this revision.Mar 12 2019, 6:16 AM

Ugh. Reverted the patch.

FAIL: Clang :: Analysis/plist-macros-with-expansion.cpp (720 of 14281)
******************** TEST 'Clang :: Analysis/plist-macros-with-expansion.cpp' FAILED ********************
Script:
--
: 'RUN: at line 1';   /b/sanitizer-x86_64-linux-fast/build/llvm_build_msan/bin/clang -cc1 -internal-isystem /b/sanitizer-x86_64-linux-fast/build/llvm_build_msan/lib/clang/9.0.0/include -nostdsysteminc -analyze -analyzer-constraints=range -analyzer-checker=core -verify /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp
: 'RUN: at line 3';   /b/sanitizer-x86_64-linux-fast/build/llvm_build_msan/bin/clang -cc1 -internal-isystem /b/sanitizer-x86_64-linux-fast/build/llvm_build_msan/lib/clang/9.0.0/include -nostdsysteminc -analyze -analyzer-constraints=range -analyzer-checker=core /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp     -analyzer-output=plist -o /b/sanitizer-x86_64-linux-fast/build/llvm_build_msan/tools/clang/test/Analysis/Output/plist-macros-with-expansion.cpp.tmp.plist    -analyzer-config expand-macros=true
: 'RUN: at line 8';   cat /b/sanitizer-x86_64-linux-fast/build/llvm_build_msan/tools/clang/test/Analysis/Output/plist-macros-with-expansion.cpp.tmp.plist | diff -u -w -I "<string>/" -I "<string>.:" -I "version"    /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/test/Analysis/Inputs/expected-plists/plist-macros-with-expansion.cpp.plist -
: 'RUN: at line 13';   /b/sanitizer-x86_64-linux-fast/build/llvm_build_msan/bin/FileCheck --input-file=/b/sanitizer-x86_64-linux-fast/build/llvm_build_msan/tools/clang/test/Analysis/Output/plist-macros-with-expansion.cpp.tmp.plist /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp
--
Exit Code: 77

Command Output (stderr):
--
/b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:451:7: warning: expression result unused
    1 / value; // expected-warning{{Division by zero}}
    ~ ^ ~~~~~
/b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:27:8: warning: Dereference of null pointer (loaded from variable 'ptr')
  *ptr = 5; // expected-warning{{Dereference of null pointer}}
   ~~~ ^
/b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:40:8: warning: Dereference of null pointer (loaded from variable 'ptr')
  *ptr = 5; // expected-warning{{Dereference of null pointer}}
   ~~~ ^
/b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:60:8: warning: Dereference of null pointer (loaded from variable 'ptr')
  *ptr = 5; // expected-warning{{Dereference of null pointer}}
   ~~~ ^
/b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:80:12: warning: Dereference of null pointer (loaded from variable 'a')
  DEREF(a) = 5; // expected-warning{{Dereference of null pointer}}
        ~  ^
/b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:99:8: warning: Dereference of null pointer (loaded from variable 'ptr')
  *ptr = 5; // expected-warning{{Dereference of null pointer}}
   ~~~ ^
/b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:116:8: warning: Dereference of null pointer (loaded from variable 'ptr')
  *ptr = 5; // expected-warning{{Dereference of null pointer}}
   ~~~ ^
/b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:136:8: warning: Dereference of null pointer (loaded from variable 'ptr')
  *ptr = 5; // expected-warning{{Dereference of null pointer}}
   ~~~ ^
/b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:163:6: warning: Dereference of null pointer (loaded from variable 'a')
  *a = 5; // expected-warning{{Dereference of null pointer}}
   ~ ^
/b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:172:6: warning: Dereference of null pointer (loaded from variable 'a')
  *a = 5; // expected-warning{{Dereference of null pointer}}
   ~ ^
/b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:181:6: warning: Dereference of null pointer (loaded from variable 'a')
  *a = 5; // expected-warning{{Dereference of null pointer}}
   ~ ^
/b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:195:6: warning: Dereference of null pointer (loaded from variable 'a')
  *a = 5; // expected-warning{{Dereference of null pointer}}
   ~ ^
/b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:209:6: warning: Dereference of null pointer (loaded from variable 'a')
  *a = 5; // expected-warning{{Dereference of null pointer}}
   ~ ^
/b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:221:6: warning: Dereference of null pointer (loaded from variable 'a')
  *a = 5; // expected-warning{{Dereference of null pointer}}
   ~ ^
/b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:236:8: warning: Dereference of null pointer (loaded from variable 'ptr')
  *ptr = 5; // expected-warning{{Dereference of null pointer}}
   ~~~ ^
/b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:253:10: warning: Dereference of null pointer (loaded from variable 'ptr')
    *ptr = 5;
     ~~~ ^
/b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:243:3: note: expanded from macro 'PASTE_CODE'
  code
  ^~~~
/b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:271:8: warning: Dereference of null pointer (loaded from variable 'ptr')
  *ptr = 5; // expected-warning{{Dereference of null pointer}}
   ~~~ ^
/b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:285:8: warning: Dereference of null pointer (loaded from variable 'ptr')
  *ptr = 5; // expected-warning{{Dereference of null pointer}}
   ~~~ ^
/b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:297:8: warning: Dereference of null pointer (loaded from variable 'ptr')
  *ptr = 5; // expected-warning{{Dereference of null pointer}}
   ~~~ ^
/b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:317:8: warning: Dereference of null pointer (loaded from variable 'ptr')
  *ptr = 5; // expected-warning{{Dereference of null pointer}}
   ~~~ ^
/b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:328:8: warning: Dereference of null pointer (loaded from variable 'ptr')
  *ptr = 5; // expected-warning{{Dereference of null pointer}}
   ~~~ ^
/b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:345:8: warning: Dereference of null pointer (loaded from variable 'ptr')
  *ptr = 5; // expected-warning{{Dereference of null pointer}}
   ~~~ ^
/b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:354:6: warning: Dereference of null pointer (loaded from variable 'a')
  *a = 5; // expected-warning{{Dereference of null pointer}}
   ~ ^
/b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:367:8: warning: Dereference of null pointer (loaded from variable 'ptr')
  *ptr = 5; // expected-warning{{Dereference of null pointer}}
   ~~~ ^
/b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:376:6: warning: Dereference of null pointer (loaded from variable 'a')
  *a = 5; // expected-warning{{Dereference of null pointer}}
   ~ ^
/b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:418:3: warning: Division by zero
  EUCLIDEAN_ALGORITHM(A, B) // expected-warning{{Division by zero}}
  ^~~~~~~~~~~~~~~~~~~~~~~~~
/b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:415:12: note: expanded from macro 'EUCLIDEAN_ALGORITHM'
  RETURN B / (B - B) SEMICOLON
         ~~^~~~~~~~~
/b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:439:8: warning: Dereference of null pointer (loaded from variable 'ptr')
  *ptr = 5; // expected-warning{{Dereference of null pointer}}
   ~~~ ^
/b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:451:7: warning: Division by zero
    1 / value; // expected-warning{{Division by zero}}
    ~~^~~~~~~
/b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:459:35: warning: Division by zero
void useZeroApplier1() { (void)(1 / foo()); } // expected-warning{{Division by zero}}
                                ~~^~~~~~~
/b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:468:35: warning: Division by zero
void useZeroApplier2() { (void)(1 / bar()); } // expected-warning{{Division by zero}}
                                ~~^~~~~~~
==12509==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0xa3d16d8 in getMacroNameAndPrintExpansion((anonymous namespace)::TokenPrinter&, clang::SourceLocation, clang::Preprocessor const&, (anonymous namespace)::MacroArgMap const&, llvm::SmallPtrSet<clang::IdentifierInfo*, 8u>&) /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/lib/StaticAnalyzer/Core/PlistDiagnostics.cpp:903:11
    #1 0xa3c1d1a in getExpandedMacro /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/lib/StaticAnalyzer/Core/PlistDiagnostics.cpp:845:13
    #2 0xa3c1d1a in ReportMacroExpansions /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/lib/StaticAnalyzer/Core/PlistDiagnostics.cpp:344
    #3 0xa3c1d1a in printBugPath /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/lib/StaticAnalyzer/Core/PlistDiagnostics.cpp:479
    #4 0xa3c1d1a in (anonymous namespace)::PlistDiagnostics::FlushDiagnosticsImpl(std::__1::vector<clang::ento::PathDiagnostic const*, std::__1::allocator<clang::ento::PathDiagnostic const*> >&, clang::ento::PathDiagnosticConsumer::FilesMade*) /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/lib/StaticAnalyzer/Core/PlistDiagnostics.cpp:583
    #5 0xa3ab1be in clang::ento::PathDiagnosticConsumer::FlushDiagnostics(clang::ento::PathDiagnosticConsumer::FilesMade*) /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/lib/StaticAnalyzer/Core/PathDiagnostic.cpp:483:3
    #6 0xa18c704 in FlushDiagnostics /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/lib/StaticAnalyzer/Core/AnalysisManager.cpp:59:11
    #7 0xa18c704 in clang::ento::AnalysisManager::~AnalysisManager() /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/lib/StaticAnalyzer/Core/AnalysisManager.cpp:47
    #8 0xa18cd1c in clang::ento::AnalysisManager::~AnalysisManager() /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/lib/StaticAnalyzer/Core/AnalysisManager.cpp:46:37
    #9 0x9a0e7ca in operator() /b/sanitizer-x86_64-linux-fast/build/libcxx_build_msan/include/c++/v1/memory:2338:5
    #10 0x9a0e7ca in reset /b/sanitizer-x86_64-linux-fast/build/libcxx_build_msan/include/c++/v1/memory:2651
    #11 0x9a0e7ca in (anonymous namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&) /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:602
    #12 0xa539235 in clang::ParseAST(clang::Sema&, bool, bool) /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/lib/Parse/ParseAST.cpp:169:13
    #13 0x765a170 in clang::FrontendAction::Execute() /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/lib/Frontend/FrontendAction.cpp:934:8
    #14 0x7574c5b in clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/lib/Frontend/CompilerInstance.cpp:952:11
    #15 0x78868e6 in clang::ExecuteCompilerInvocation(clang::CompilerInstance*) /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:271:25
    #16 0xb27555 in cc1_main(llvm::ArrayRef<char const*>, char const*, void*) /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/tools/driver/cc1_main.cpp:218:13
    #17 0xb206a0 in ExecuteCC1Tool /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/tools/driver/driver.cpp:309:12
    #18 0xb206a0 in main /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/tools/driver/driver.cpp:381
    #19 0x7f51944df2e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
    #20 0xaa2ea9 in _start (/b/sanitizer-x86_64-linux-fast/build/llvm_build_msan/bin/clang-9+0xaa2ea9)

SUMMARY: MemorySanitizer: use-of-uninitialized-value /b/sanitizer-x86_64-linux-fast/build/llvm/tools/clang/lib/StaticAnalyzer/Core/PlistDiagnostics.cpp:903:11 in getMacroNameAndPrintExpansion((anonymous namespace)::TokenPrinter&, clang::SourceLocation, clang::Preprocessor const&, (anonymous namespace)::MacroArgMap const&, llvm::SmallPtrSet<clang::IdentifierInfo*, 8u>&)
Exiting
This revision is now accepted and ready to land.Mar 12 2019, 6:16 AM
Szelethus requested changes to this revision.Mar 12 2019, 6:16 AM

Let's investigate what's behind this.

This revision now requires changes to proceed.Mar 12 2019, 6:16 AM

Some bots also break but emit a different message:

******************** TEST 'Clang :: Analysis/plist-macros-with-expansion.cpp' FAILED ********************
Script:
--
: 'RUN: at line 1';   /b/sanitizer-x86_64-linux-bootstrap/build/llvm_build_asan/bin/clang -cc1 -internal-isystem /b/sanitizer-x86_64-linux-bootstrap/build/llvm_build_asan/lib/clang/9.0.0/include -nostdsysteminc -analyze -analyzer-constraints=range -analyzer-checker=core -verify /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp
: 'RUN: at line 3';   /b/sanitizer-x86_64-linux-bootstrap/build/llvm_build_asan/bin/clang -cc1 -internal-isystem /b/sanitizer-x86_64-linux-bootstrap/build/llvm_build_asan/lib/clang/9.0.0/include -nostdsysteminc -analyze -analyzer-constraints=range -analyzer-checker=core /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp     -analyzer-output=plist -o /b/sanitizer-x86_64-linux-bootstrap/build/llvm_build_asan/tools/clang/test/Analysis/Output/plist-macros-with-expansion.cpp.tmp.plist    -analyzer-config expand-macros=true
: 'RUN: at line 8';   cat /b/sanitizer-x86_64-linux-bootstrap/build/llvm_build_asan/tools/clang/test/Analysis/Output/plist-macros-with-expansion.cpp.tmp.plist | diff -u -w -I "<string>/" -I "<string>.:" -I "version"    /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/test/Analysis/Inputs/expected-plists/plist-macros-with-expansion.cpp.plist -
: 'RUN: at line 13';   /b/sanitizer-x86_64-linux-bootstrap/build/llvm_build_asan/bin/FileCheck --input-file=/b/sanitizer-x86_64-linux-bootstrap/build/llvm_build_asan/tools/clang/test/Analysis/Output/plist-macros-with-expansion.cpp.tmp.plist /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp
--
Exit Code: 1

Command Output (stderr):
--
/b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:451:7: warning: expression result unused
    1 / value; // expected-warning{{Division by zero}}
    ~ ^ ~~~~~
/b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:27:8: warning: Dereference of null pointer (loaded from variable 'ptr')
  *ptr = 5; // expected-warning{{Dereference of null pointer}}
   ~~~ ^
/b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:40:8: warning: Dereference of null pointer (loaded from variable 'ptr')
  *ptr = 5; // expected-warning{{Dereference of null pointer}}
   ~~~ ^
/b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:60:8: warning: Dereference of null pointer (loaded from variable 'ptr')
  *ptr = 5; // expected-warning{{Dereference of null pointer}}
   ~~~ ^
/b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:80:12: warning: Dereference of null pointer (loaded from variable 'a')
  DEREF(a) = 5; // expected-warning{{Dereference of null pointer}}
        ~  ^
/b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:99:8: warning: Dereference of null pointer (loaded from variable 'ptr')
  *ptr = 5; // expected-warning{{Dereference of null pointer}}
   ~~~ ^
/b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:116:8: warning: Dereference of null pointer (loaded from variable 'ptr')
  *ptr = 5; // expected-warning{{Dereference of null pointer}}
   ~~~ ^
/b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:136:8: warning: Dereference of null pointer (loaded from variable 'ptr')
  *ptr = 5; // expected-warning{{Dereference of null pointer}}
   ~~~ ^
/b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:163:6: warning: Dereference of null pointer (loaded from variable 'a')
  *a = 5; // expected-warning{{Dereference of null pointer}}
   ~ ^
/b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:172:6: warning: Dereference of null pointer (loaded from variable 'a')
  *a = 5; // expected-warning{{Dereference of null pointer}}
   ~ ^
/b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:181:6: warning: Dereference of null pointer (loaded from variable 'a')
  *a = 5; // expected-warning{{Dereference of null pointer}}
   ~ ^
/b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:195:6: warning: Dereference of null pointer (loaded from variable 'a')
  *a = 5; // expected-warning{{Dereference of null pointer}}
   ~ ^
/b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:209:6: warning: Dereference of null pointer (loaded from variable 'a')
  *a = 5; // expected-warning{{Dereference of null pointer}}
   ~ ^
/b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:221:6: warning: Dereference of null pointer (loaded from variable 'a')
  *a = 5; // expected-warning{{Dereference of null pointer}}
   ~ ^
/b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:236:8: warning: Dereference of null pointer (loaded from variable 'ptr')
  *ptr = 5; // expected-warning{{Dereference of null pointer}}
   ~~~ ^
/b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:253:10: warning: Dereference of null pointer (loaded from variable 'ptr')
    *ptr = 5;
     ~~~ ^
/b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:243:3: note: expanded from macro 'PASTE_CODE'
  code
  ^~~~
/b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:271:8: warning: Dereference of null pointer (loaded from variable 'ptr')
  *ptr = 5; // expected-warning{{Dereference of null pointer}}
   ~~~ ^
/b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:285:8: warning: Dereference of null pointer (loaded from variable 'ptr')
  *ptr = 5; // expected-warning{{Dereference of null pointer}}
   ~~~ ^
/b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:297:8: warning: Dereference of null pointer (loaded from variable 'ptr')
  *ptr = 5; // expected-warning{{Dereference of null pointer}}
   ~~~ ^
/b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:317:8: warning: Dereference of null pointer (loaded from variable 'ptr')
  *ptr = 5; // expected-warning{{Dereference of null pointer}}
   ~~~ ^
/b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:328:8: warning: Dereference of null pointer (loaded from variable 'ptr')
  *ptr = 5; // expected-warning{{Dereference of null pointer}}
   ~~~ ^
/b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:345:8: warning: Dereference of null pointer (loaded from variable 'ptr')
  *ptr = 5; // expected-warning{{Dereference of null pointer}}
   ~~~ ^
/b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:354:6: warning: Dereference of null pointer (loaded from variable 'a')
  *a = 5; // expected-warning{{Dereference of null pointer}}
   ~ ^
/b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:367:8: warning: Dereference of null pointer (loaded from variable 'ptr')
  *ptr = 5; // expected-warning{{Dereference of null pointer}}
   ~~~ ^
/b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:376:6: warning: Dereference of null pointer (loaded from variable 'a')
  *a = 5; // expected-warning{{Dereference of null pointer}}
   ~ ^
/b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:418:3: warning: Division by zero
  EUCLIDEAN_ALGORITHM(A, B) // expected-warning{{Division by zero}}
  ^~~~~~~~~~~~~~~~~~~~~~~~~
/b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:415:12: note: expanded from macro 'EUCLIDEAN_ALGORITHM'
  RETURN B / (B - B) SEMICOLON
         ~~^~~~~~~~~
/b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:439:8: warning: Dereference of null pointer (loaded from variable 'ptr')
  *ptr = 5; // expected-warning{{Dereference of null pointer}}
   ~~~ ^
/b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:451:7: warning: Division by zero
    1 / value; // expected-warning{{Division by zero}}
    ~~^~~~~~~
/b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:459:35: warning: Division by zero
void useZeroApplier1() { (void)(1 / foo()); } // expected-warning{{Division by zero}}
                                ~~^~~~~~~
/b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/test/Analysis/plist-macros-with-expansion.cpp:468:35: warning: Division by zero
void useZeroApplier2() { (void)(1 / bar()); } // expected-warning{{Division by zero}}
                                ~~^~~~~~~
=================================================================
==53065==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6180000037d8 at pc 0x000009ecdcf8 bp 0x7ffeb2611d50 sp 0x7ffeb2611d48
READ of size 2 at 0x6180000037d8 thread T0
    #0 0x9ecdcf7 in is /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/include/clang/Lex/Token.h:94:44
    #1 0x9ecdcf7 in getMacroNameAndPrintExpansion((anonymous namespace)::TokenPrinter&, clang::SourceLocation, clang::Preprocessor const&, (anonymous namespace)::MacroArgMap const&, llvm::SmallPtrSet<clang::IdentifierInfo*, 8u>&) /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/lib/StaticAnalyzer/Core/PlistDiagnostics.cpp:903
    #2 0x9ebaddc in getExpandedMacro /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/lib/StaticAnalyzer/Core/PlistDiagnostics.cpp:845:13
    #3 0x9ebaddc in ReportMacroExpansions /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/lib/StaticAnalyzer/Core/PlistDiagnostics.cpp:344
    #4 0x9ebaddc in printBugPath /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/lib/StaticAnalyzer/Core/PlistDiagnostics.cpp:479
    #5 0x9ebaddc in (anonymous namespace)::PlistDiagnostics::FlushDiagnosticsImpl(std::__1::vector<clang::ento::PathDiagnostic const*, std::__1::allocator<clang::ento::PathDiagnostic const*> >&, clang::ento::PathDiagnosticConsumer::FilesMade*) /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/lib/StaticAnalyzer/Core/PlistDiagnostics.cpp:583
    #6 0x9ea5aec in clang::ento::PathDiagnosticConsumer::FlushDiagnostics(clang::ento::PathDiagnosticConsumer::FilesMade*) /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/lib/StaticAnalyzer/Core/PathDiagnostic.cpp:483:3
    #7 0x9ca1a0f in FlushDiagnostics /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/lib/StaticAnalyzer/Core/AnalysisManager.cpp:59:11
    #8 0x9ca1a0f in clang::ento::AnalysisManager::~AnalysisManager() /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/lib/StaticAnalyzer/Core/AnalysisManager.cpp:47
    #9 0x9ca221d in clang::ento::AnalysisManager::~AnalysisManager() /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/lib/StaticAnalyzer/Core/AnalysisManager.cpp:46:37
    #10 0x9603b7b in operator() /b/sanitizer-x86_64-linux-bootstrap/build/libcxx_build_asan/include/c++/v1/memory:2338:5
    #11 0x9603b7b in reset /b/sanitizer-x86_64-linux-bootstrap/build/libcxx_build_asan/include/c++/v1/memory:2651
    #12 0x9603b7b in (anonymous namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&) /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:602
    #13 0xa026ee2 in clang::ParseAST(clang::Sema&, bool, bool) /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/lib/Parse/ParseAST.cpp:169:13
    #14 0x73752ad in clang::FrontendAction::Execute() /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/lib/Frontend/FrontendAction.cpp:934:8
    #15 0x726050a in clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/lib/Frontend/CompilerInstance.cpp:952:11
    #16 0x75a61be in clang::ExecuteCompilerInvocation(clang::CompilerInstance*) /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:271:25
    #17 0xc658d1 in cc1_main(llvm::ArrayRef<char const*>, char const*, void*) /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/tools/driver/cc1_main.cpp:218:13
    #18 0xc5dd4f in ExecuteCC1Tool /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/tools/driver/driver.cpp:309:12
    #19 0xc5dd4f in main /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/tools/driver/driver.cpp:381
    #20 0x7fa292e942e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
    #21 0xb8c569 in _start (/b/sanitizer-x86_64-linux-bootstrap/build/llvm_build_asan/bin/clang-9+0xb8c569)

0x6180000037d8 is located 16 bytes to the right of 840-byte region [0x618000003480,0x6180000037c8)
allocated by thread T0 here:
    #0 0xc1d580 in realloc /b/sanitizer-x86_64-linux-bootstrap/build/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:164
    #1 0x5d62737 in safe_realloc /b/sanitizer-x86_64-linux-bootstrap/build/llvm/include/llvm/Support/MemAlloc.h:41:18
    #2 0x5d62737 in llvm::SmallVectorBase::grow_pod(void*, unsigned long, unsigned long) /b/sanitizer-x86_64-linux-bootstrap/build/llvm/lib/Support/SmallVector.cpp:60
    #3 0xca71510 in grow_pod /b/sanitizer-x86_64-linux-bootstrap/build/llvm/include/llvm/ADT/SmallVector.h:98:22
    #4 0xca71510 in grow /b/sanitizer-x86_64-linux-bootstrap/build/llvm/include/llvm/ADT/SmallVector.h:299
    #5 0xca71510 in push_back /b/sanitizer-x86_64-linux-bootstrap/build/llvm/include/llvm/ADT/SmallVector.h:304
    #6 0xca71510 in AddTokenToBody /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/include/clang/Lex/MacroInfo.h:252
    #7 0xca71510 in clang::Preprocessor::ReadOptionalMacroParameterListAndBody(clang::Token const&, bool) /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/lib/Lex/PPDirectives.cpp:2456
    #8 0xca3f920 in clang::Preprocessor::HandleDefineDirective(clang::Token&, bool) /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/lib/Lex/PPDirectives.cpp:2600:25
    #9 0xca56434 in clang::Preprocessor::HandleDirective(clang::Token&) /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/lib/Lex/PPDirectives.cpp:953:14
    #10 0xc9b1109 in clang::Lexer::LexTokenInternal(clang::Token&, bool) /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/lib/Lex/Lexer.cpp:3931:7
    #11 0xc9a82be in clang::Lexer::Lex(clang::Token&) /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/lib/Lex/Lexer.cpp:3152:24
    #12 0xcb13b79 in clang::Preprocessor::Lex(clang::Token&) /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/lib/Lex/Preprocessor.cpp:870:33
    #13 0xa032d0d in clang::Parser::ConsumeBrace() /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/include/clang/Parse/Parser.h:585:8
    #14 0xa051458 in clang::BalancedDelimiterTracker::consumeClose() /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/include/clang/Parse/RAIIObjectsForParser.h:429:18
    #15 0xa2acd49 in clang::Parser::ParseCompoundStatementBody(bool) /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/lib/Parse/ParseStmt.cpp:1103:10
    #16 0xa2b01a4 in clang::Parser::ParseFunctionStatementBody(clang::Decl*, clang::Parser::ParseScope&) /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/lib/Parse/ParseStmt.cpp:2067:21
    #17 0xa048e50 in clang::Parser::ParseFunctionDefinition(clang::ParsingDeclarator&, clang::Parser::ParsedTemplateInfo const&, clang::Parser::LateParsedAttrList*) /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/lib/Parse/Parser.cpp:1246:10
    #18 0xa0ab30e in clang::Parser::ParseDeclGroup(clang::ParsingDeclSpec&, clang::DeclaratorContext, clang::SourceLocation*, clang::Parser::ForRangeInit*) /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/lib/Parse/ParseDecl.cpp:2001:11
    #19 0xa045c96 in clang::Parser::ParseDeclOrFunctionDefInternal(clang::Parser::ParsedAttributesWithRange&, clang::ParsingDeclSpec&, clang::AccessSpecifier) /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/lib/Parse/Parser.cpp:1015:10
    #20 0xa044a23 in clang::Parser::ParseDeclarationOrFunctionDefinition(clang::Parser::ParsedAttributesWithRange&, clang::ParsingDeclSpec*, clang::AccessSpecifier) /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/lib/Parse/Parser.cpp:1031:12
    #21 0xa03e7be in clang::Parser::ParseExternalDeclaration(clang::Parser::ParsedAttributesWithRange&, clang::ParsingDeclSpec*) /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/lib/Parse/Parser.cpp:855:12
    #22 0xa03ab0d in clang::Parser::ParseTopLevelDecl(clang::OpaquePtr<clang::DeclGroupRef>&) /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/lib/Parse/Parser.cpp:609:12
    #23 0xa026dd9 in clang::ParseAST(clang::Sema&, bool, bool) /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/lib/Parse/ParseAST.cpp:156:20
    #24 0x73752ad in clang::FrontendAction::Execute() /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/lib/Frontend/FrontendAction.cpp:934:8
    #25 0x726050a in clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/lib/Frontend/CompilerInstance.cpp:952:11
    #26 0x75a61be in clang::ExecuteCompilerInvocation(clang::CompilerInstance*) /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:271:25
    #27 0xc658d1 in cc1_main(llvm::ArrayRef<char const*>, char const*, void*) /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/tools/driver/cc1_main.cpp:218:13
    #28 0xc5dd4f in ExecuteCC1Tool /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/tools/driver/driver.cpp:309:12
    #29 0xc5dd4f in main /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/tools/driver/driver.cpp:381
    #30 0x7fa292e942e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)

SUMMARY: AddressSanitizer: heap-buffer-overflow /b/sanitizer-x86_64-linux-bootstrap/build/llvm/tools/clang/include/clang/Lex/Token.h:94:44 in is
Shadow bytes around the buggy address:
  0x0c307fff86a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c307fff86b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c307fff86c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c307fff86d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c307fff86e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c307fff86f0: 00 00 00 00 00 00 00 00 00 fa fa[fa]fa fa fa fa
  0x0c307fff8700: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c307fff8710: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c307fff8720: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c307fff8730: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c307fff8740: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==53065==ABORTING
bruntib updated this revision to Diff 190485.Mar 13 2019, 1:20 PM

I added a condition before std::next() invocations to check if the next element is inside the valid interval. This fixes the crash of the build-bot. Sorry for the ugly bug.
I don't know if there is a more elegant solution.

Szelethus accepted this revision.Mar 13 2019, 2:56 PM

Ah so it was a past-the-end iterator dereference error. Cheers!

This revision is now accepted and ready to land.Mar 13 2019, 2:56 PM
bruntib updated this revision to Diff 190575.Mar 14 2019, 1:40 AM

I've uploaded another version of the last fix. The previous one contained an UB, although it worked practically.

This revision was automatically updated to reflect the committed changes.
Herald added a project: Restricted Project. · View Herald TranscriptMar 14 2019, 6:40 AM