New issue
Advanced search Search tips

Issue 695243 link

Starred by 1 user
Status: Archived
Owner:
kmarshall@chromium.org
Closed: Jun 2017
Cc:
thakis@chromium.org
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

LLVM analysis errors tracking bug

Project Member Reported by kmarshall@chromium.org, Feb 22 2017 
Tracking bug for creating and upstreaming a fix to the LLVM analyzer.

Stack trace:
clang++: /usr/local/google/home/marshallk/chrome/src/third_party/llvm/tools/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h:77: T clang::ento::SVal::castAs() const [with T = clang::ento::NonLoc]: Assertion `T::isKind(*this)' failed.
#0 0x0000000001d381f5 llvm::sys::PrintStackTrace(llvm::raw_ostream&) (../../third_party/llvm-build/Release+Asserts/bin/clang+++0x1d381f5)
#1 0x0000000001d3626e llvm::sys::RunSignalHandlers() (../../third_party/llvm-build/Release+Asserts/bin/clang+++0x1d3626e)
#2 0x0000000001d363d2 (../../third_party/llvm-build/Release+Asserts/bin/clang+++0x1d363d2)
#3 0x00007fb707014330 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x10330)
#4 0x00007fb705c08c37 gsignal /build/eglibc-oGUzwX/eglibc-2.19/signal/../nptl/sysdeps/unix/sysv/linux/raise.c:56:0
#5 0x00007fb705c0c028 abort /build/eglibc-oGUzwX/eglibc-2.19/stdlib/abort.c:91:0
#6 0x00007fb705c01bf6 __assert_fail_base /build/eglibc-oGUzwX/eglibc-2.19/assert/assert.c:92:0
#7 0x00007fb705c01ca2 (/lib/x86_64-linux-gnu/libc.so.6+0x2fca2)
#8 0x0000000000a099c8 _init (../../third_party/llvm-build/Release+Asserts/bin/clang+++0xa099c8)
#9 0x0000000002fc93b9 (../../third_party/llvm-build/Release+Asserts/bin/clang+++0x2fc93b9)
#10 0x0000000003142837 clang::ento::CheckerManager::runCheckersForStmt(bool, clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNodeSet const&, clang::Stmt const*, clang::ento::ExprEngine&, bool) (../../third_party/llvm-build/Release+Asserts/bin/clang+++0x3142837)
#11 0x000000000316c036 clang::ento::ExprEngine::Visit(clang::Stmt const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) (../../third_party/llvm-build/Release+Asserts/bin/clang+++0x316c036)
#12 0x000000000316d616 clang::ento::ExprEngine::ProcessStmt(clang::CFGStmt, clang::ento::ExplodedNode*) (../../third_party/llvm-build/Release+Asserts/bin/clang+++0x316d616)
#13 0x000000000316d8a5 clang::ento::ExprEngine::processCFGElement(clang::CFGElement, clang::ento::ExplodedNode*, unsigned int, clang::ento::NodeBuilderContext*) (../../third_party/llvm-build/Release+Asserts/bin/clang+++0x316d8a5)
#14 0x00000000031479f4 clang::ento::CoreEngine::HandlePostStmt(clang::CFGBlock const*, unsigned int, clang::ento::ExplodedNode*) (../../third_party/llvm-build/Release+Asserts/bin/clang+++0x31479f4)
#15 0x00000000031493f4 clang::ento::CoreEngine::dispatchWorkItem(clang::ento::ExplodedNode*, clang::ProgramPoint, clang::ento::WorkListUnit const&) (../../third_party/llvm-build/Release+Asserts/bin/clang+++0x31493f4)
#16 0x00000000031495a6 clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*, unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>) (../../third_party/llvm-build/Release+Asserts/bin/clang+++0x31495a6)
#17 0x00000000028805bc (../../third_party/llvm-build/Release+Asserts/bin/clang+++0x28805bc)
#18 0x0000000002880f7b (../../third_party/llvm-build/Release+Asserts/bin/clang+++0x2880f7b)
#19 0x000000000288d257 (../../third_party/llvm-build/Release+Asserts/bin/clang+++0x288d257)
#20 0x00000000021f5c28 clang::MultiplexConsumer::HandleTranslationUnit(clang::ASTContext&) (../../third_party/llvm-build/Release+Asserts/bin/clang+++0x21f5c28)
#21 0x00000000028b48b2 clang::ParseAST(clang::Sema&, bool, bool) (../../third_party/llvm-build/Release+Asserts/bin/clang+++0x28b48b2)
#22 0x00000000021d5666 clang::FrontendAction::Execute() (../../third_party/llvm-build/Release+Asserts/bin/clang+++0x21d5666)
#23 0x00000000021af5a6 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (../../third_party/llvm-build/Release+Asserts/bin/clang+++0x21af5a6)
#24 0x000000000225e30a clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (../../third_party/llvm-build/Release+Asserts/bin/clang+++0x225e30a)
#25 0x0000000000abeb18 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (../../third_party/llvm-build/Release+Asserts/bin/clang+++0xabeb18)
#26 0x0000000000a5fb36 main (../../third_party/llvm-build/Release+Asserts/bin/clang+++0xa5fb36)
#27 0x00007fb705bf3f45 __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:321:0
#28 0x0000000000abacae _start (../../third_party/llvm-build/Release+Asserts/bin/clang+++0xabacae)
Stack dump:
0.	Program arguments: ../../third_party/llvm-build/Release+Asserts/bin/clang++ -cc1 -triple x86_64-unknown-linux-gnu -analyze -disable-free -main-file-name render_text_harfbuzz.cc -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-eagerly-assume -analyzer-checker=core -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=cplusplus -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -mrelocation-model pic -pic-level 2 -mthread-model posix -mdisable-fp-elim -relaxed-aliasing -fmath-errno -masm-verbose -mconstructor-aliases -munwind-tables -target-cpu x86-64 -dwarf-column-info -debugger-tuning=gdb -resource-dir /usr/local/google/home/marshallk/chrome/src/third_party/llvm-build/Release+Asserts/bin/../lib/clang/4.0.0 -D GFX_IMPLEMENTATION -D V8_DEPRECATION_WARNINGS -D USE_UDEV -D UI_COMPOSITOR_IMAGE_TRANSPORT -D USE_AURA=1 -D USE_PANGO=1 -D USE_CAIRO=1 -D USE_GLIB=1 -D USE_NSS_CERTS=1 -D USE_X11=1 -D FULL_SAFE_BROWSING -D SAFE_BROWSING_CSD -D SAFE_BROWSING_DB_LOCAL -D CHROMIUM_BUILD -D ENABLE_MEDIA_ROUTER=1 -D FIELDTRIAL_TESTING_ENABLED -D CR_CLANG_REVISION="289944-2" -D _FILE_OFFSET_BITS=64 -D _LARGEFILE_SOURCE -D _LARGEFILE64_SOURCE -D __STDC_CONSTANT_MACROS -D __STDC_FORMAT_MACROS -D COMPONENT_BUILD -D _DEBUG -D DYNAMIC_ANNOTATIONS_ENABLED=1 -D WTF_USE_DYNAMIC_ANNOTATIONS=1 -D _GLIBCXX_DEBUG=1 -D SK_IGNORE_DW_GRAY_FIX -D SK_IGNORE_DIRECTWRITE_GASP_FIX -D SK_IGNORE_LINEONLY_AA_CONVEX_PATH_OPTS -D SKIA_DLL -D GR_GL_IGNORE_ES3_MSAA=0 -D SK_SUPPORT_GPU=1 -D U_USING_ICU_NAMESPACE=0 -D U_ENABLE_DYLOAD=0 -D ICU_UTIL_DATA_IMPL=ICU_UTIL_DATA_FILE -D USE_LIBJPEG_TURBO=1 -I ../.. -I gen -I ../../build/linux/debian_wheezy_amd64-sysroot/usr/include/pango-1.0 -I ../../build/linux/debian_wheezy_amd64-sysroot/usr/include/cairo -I ../../build/linux/debian_wheezy_amd64-sysroot/usr/include/glib-2.0 -I ../../build/linux/debian_wheezy_amd64-sysroot/usr/lib/x86_64-linux-gnu/glib-2.0/include -I ../../build/linux/debian_wheezy_amd64-sysroot/usr/include/pixman-1 -I ../../build/linux/debian_wheezy_amd64-sysroot/usr/include/freetype2 -I ../../build/linux/debian_wheezy_amd64-sysroot/usr/include/libpng12 -I ../../build/linux/debian_wheezy_amd64-sysroot/usr/include/glib-2.0 -I ../../build/linux/debian_wheezy_amd64-sysroot/usr/lib/x86_64-linux-gnu/glib-2.0/include -I ../../skia/config -I ../../skia/ext -I ../../third_party/skia/include/c -I ../../third_party/skia/include/config -I ../../third_party/skia/include/core -I ../../third_party/skia/include/effects -I ../../third_party/skia/include/images -I ../../third_party/skia/include/lazy -I ../../third_party/skia/include/pathops -I ../../third_party/skia/include/pdf -I ../../third_party/skia/include/pipe -I ../../third_party/skia/include/ports -I ../../third_party/skia/include/utils -I ../../third_party/skia/include/gpu -I ../../third_party/skia/src/gpu -I ../../third_party/skia/src/sksl -I ../../third_party/icu/source/common -I ../../third_party/icu/source/i18n -I ../../third_party/ced/src -I ../../third_party/libpng -I ../../third_party/zlib -I ../../third_party/qcms/src -I ../../third_party/libjpeg_turbo -I ../../third_party/harfbuzz-ng/src -D __DATE__= -D __TIME__= -D __TIMESTAMP__= -isysroot ../../build/linux/debian_wheezy_amd64-sysroot -internal-isystem ../../build/linux/debian_wheezy_amd64-sysroot/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../../include/c++/4.6 -internal-isystem ../../build/linux/debian_wheezy_amd64-sysroot/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../../include/c++/4.6/x86_64-linux-gnu -internal-isystem ../../build/linux/debian_wheezy_amd64-sysroot/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../../include/c++/4.6/backward -internal-isystem ../../build/linux/debian_wheezy_amd64-sysroot/usr/local/include -internal-isystem /usr/local/google/home/marshallk/chrome/src/third_party/llvm-build/Release+Asserts/bin/../lib/clang/4.0.0/include -internal-externc-isystem ../../build/linux/debian_wheezy_amd64-sysroot/usr/include/x86_64-linux-gnu -internal-externc-isystem ../../build/linux/debian_wheezy_amd64-sysroot/include -internal-externc-isystem ../../build/linux/debian_wheezy_amd64-sysroot/usr/include -O0 -Wno-builtin-macro-redefined -Wno-missing-field-initializers -Wno-unused-parameter -Wno-c++11-narrowing -Wno-covered-switch-default -Wno-deprecated-register -Wno-unneeded-internal-declaration -Wno-inconsistent-missing-override -Wno-shift-negative-value -Wno-undefined-var-template -Wno-nonportable-include-path -Wno-address-of-packed-member -Wno-block-capture-autoreleasing -Wno-undefined-bool-conversion -Wno-tautological-undefined-compare -std=gnu++11 -fdeprecated-macro -fdebug-compilation-dir /usr/local/google/home/marshallk/chrome/src/out/ClangLint -ferror-limit 19 -fmessage-length 0 -fvisibility hidden -fvisibility-inlines-hidden -fno-rtti -fobjc-runtime=gcc -fdiagnostics-show-option -fcolor-diagnostics -load ../../third_party/llvm-build/Release+Asserts/lib/libFindBadConstructs.so -add-plugin find-bad-constructs -plugin-arg-find-bad-constructs check-ipc -analyzer-output=text -o /tmp/tmpbqr4Fp -x c++ ../../ui/gfx/render_text_harfbuzz.cc 

1.	<eof> parser at end of file
2.	While analyzing stack: 
	#0 void DrawVisualText(internal::SkiaTextRenderer *renderer) override
3.	../../ui/gfx/render_text_harfbuzz.cc:1262:44: Error evaluating statement
4.	../../ui/gfx/render_text_harfbuzz.cc:1262:44: Error evaluating statement

Comment 1 by kmarshall@chromium.org, Feb 23 2017 

It looks like the analyzer is running into an issue while casting an AST node for new array allocation (new Foo[]) - the Val being cast is of an unknown type. Investigating further with a debug LLVM build so that I have more detail in the stack trace.

Comment 2 by kmarshall@chromium.org, Feb 23 2017

Status: Assigned (was: Untriaged)

Comment 3 by kmarshall@chromium.org, Feb 23 2017 

Broken checker is "unix.Malloc". Found by adding 

    llvm::errs() << "checker name is " << ((const CHECKER *)checker)->getCheckName().getName() << "\n";

in PostStmt::_checkStmt (Checker.h)

Comment 4 by kmarshall@chromium.org, Mar 10 2017

Summary: LLVM analysis errors tracking bug (was: Fix LLVM build error)

Comment 5 by kmarshall@chromium.org, Jun 9 2017

Status: Archived (was: Assigned)
Errors should be filed against https://llvm.org/bugs/ directly.
Project Member

Comment 6 by bugdroid1@chromium.org, Mar 21 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/248c8d1ddfb6783f558b191115a33be8bc617564

commit 248c8d1ddfb6783f558b191115a33be8bc617564
Author: Rob Percival <robpercival@chromium.org>
Date: Wed Mar 21 20:46:52 2018

Remove reference to  crbug.com/695243  from clang_static_analyzer_wrapper

This bug has been archived with a message instructing people to report bugs to
https://bugs.llvm.org/.

BUG= 695243 

Change-Id: I5c6655d52797d41229435788632887908f7cb2af
Reviewed-on: https://chromium-review.googlesource.com/973441
Reviewed-by: Dirk Pranke <dpranke@chromium.org>
Commit-Queue: Rob Percival <robpercival@chromium.org>
Cr-Commit-Position: refs/heads/master@{#544831}
[modify] https://crrev.com/248c8d1ddfb6783f558b191115a33be8bc617564/build/toolchain/clang_static_analyzer_wrapper.py

Sign in to add a comment