[clang static analyzer] Crash in printReferrer(const clang::ento::MemRegion*): Assertion `false && "Unexpected referrer region type."' failed.

[tianxinghe]

commit 3e47883 (HEAD -> main, origin/main, origin/HEAD)
Author: Giulio Eulisse 10544+ktf@users.noreply.github.com
Date: Thu Sep 5 10:16:51 2024 +0200

Recover performance loss after PagedVector introduction (#67972)

clang --analyze
code.zip

clang: /home/htx/Documents/llvm19/llvm-project/clang/lib/StaticAnalyzer/Checkers/StackAddrEscapeChecker.cpp:341: std::optional<std::__cxx11::basic_string<char> > printReferrer(const clang::ento::MemRegion*): Assertion `false && "Unexpected referrer region type."' failed.
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.	Program arguments: /home/htx/Documents/llvm19/build-clang/bin/clang --analyze 4.c
1.	<eof> parser at end of file
2.	While analyzing stack: 
	#0 Calling func4 at line 1558
	#1 Calling main
 #0 0x000063c6f904aaef llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (.localalias) (/home/htx/Documents/llvm19/build-clang/bin/clang+0x486caef)
 #1 0x000063c6f9048b3c llvm::sys::CleanupOnSignal(unsigned long) (/home/htx/Documents/llvm19/build-clang/bin/clang+0x486ab3c)
 #2 0x000063c6f8f8f148 CrashRecoverySignalHandler(int) (/home/htx/Documents/llvm19/build-clang/bin/clang+0x47b1148)
 #3 0x0000728d79c42520 (/lib/x86_64-linux-gnu/libc.so.6+0x42520)
 #4 0x0000728d79c969fc pthread_kill (/lib/x86_64-linux-gnu/libc.so.6+0x969fc)
 #5 0x0000728d79c42476 raise (/lib/x86_64-linux-gnu/libc.so.6+0x42476)
 #6 0x0000728d79c287f3 abort (/lib/x86_64-linux-gnu/libc.so.6+0x287f3)
 #7 0x0000728d79c2871b (/lib/x86_64-linux-gnu/libc.so.6+0x2871b)
 #8 0x0000728d79c39e96 (/lib/x86_64-linux-gnu/libc.so.6+0x39e96)
 #9 0x000063c6fc7958ad printReferrer[abi:cxx11](clang::ento::MemRegion const*) (.localalias) /home/htx/Documents/llvm19/llvm-project/clang/lib/StaticAnalyzer/Checkers/StackAddrEscapeChecker.cpp:345:3
#10 0x000063c6fc79634f (anonymous namespace)::StackAddrEscapeChecker::checkEndFunction(clang::ReturnStmt const*, clang::ento::CheckerContext&) const /home/htx/Documents/llvm19/llvm-project/clang/lib/StaticAnalyzer/Checkers/StackAddrEscapeChecker.cpp:517:10
#11 0x000063c6fc796c18 void clang::ento::check::EndFunction::_checkEndFunction<(anonymous namespace)::StackAddrEscapeChecker>(void*, clang::ReturnStmt const*, clang::ento::CheckerContext&) /home/htx/Documents/llvm19/llvm-project/clang/include/clang/StaticAnalyzer/Core/Checker.h:258:3
#12 0x000063c6fcba5996 clang::ento::CheckerFn<void (clang::ReturnStmt const*, clang::ento::CheckerContext&)>::operator()(clang::ReturnStmt const*, clang::ento::CheckerContext&) const /home/htx/Documents/llvm19/llvm-project/clang/include/clang/StaticAnalyzer/Core/CheckerManager.h:72:29
#13 0x000063c6fcb9f69a clang::ento::CheckerManager::runCheckersForEndFunction(clang::ento::NodeBuilderContext&, clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNode*, clang::ento::ExprEngine&, clang::ReturnStmt const*) /home/htx/Documents/llvm19/llvm-project/clang/lib/StaticAnalyzer/Core/CheckerManager.cpp:456:30
#14 0x000063c6fcbfd944 clang::ento::ExprEngine::processEndOfFunction(clang::ento::NodeBuilderContext&, clang::ento::ExplodedNode*, clang::ReturnStmt const*) /home/htx/Documents/llvm19/llvm-project/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:2986:30
#15 0x000063c6fcbbea30 clang::ento::CoreEngine::HandleBlockEdge(clang::BlockEdge const&, clang::ento::ExplodedNode*) (.localalias) /home/htx/Documents/llvm19/llvm-project/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:276:5
#16 0x000063c6fcbbe308 clang::ento::CoreEngine::dispatchWorkItem(clang::ento::ExplodedNode*, clang::ProgramPoint, clang::ento::WorkListUnit const&) (.localalias) /home/htx/Documents/llvm19/llvm-project/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:188:7
#17 0x000063c6fcbbdcf5 clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*, unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>)::'lambda'(unsigned int)::operator()(unsigned int) const /home/htx/Documents/llvm19/llvm-project/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:159:23
#18 0x000063c6fcbbe0f2 clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*, unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>) /home/htx/Documents/llvm19/llvm-project/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:163:41
#19 0x000063c6fc0daf7e clang::ento::ExprEngine::ExecuteWorkList(clang::LocationContext const*, unsigned int) /home/htx/Documents/llvm19/llvm-project/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h:192:34
#20 0x000063c6fc064fd1 (anonymous namespace)::AnalysisConsumer::RunPathSensitiveChecks(clang::Decl*, clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*, llvm::DenseMapInfo<clang::Decl const*, void> >*) /home/htx/Documents/llvm19/llvm-project/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:731:22
#21 0x000063c6fc064d23 (anonymous namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int, clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*, llvm::DenseMapInfo<clang::Decl const*, void> >*) /home/htx/Documents/llvm19/llvm-project/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:700:5
#22 0x000063c6fc063d3c (anonymous namespace)::AnalysisConsumer::HandleDeclsCallGraph(unsigned int) /home/htx/Documents/llvm19/llvm-project/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:490:31
#23 0x000063c6fc0642d8 (anonymous namespace)::AnalysisConsumer::runAnalysisOnTranslationUnit(clang::ASTContext&) /home/htx/Documents/llvm19/llvm-project/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:561:48
#24 0x000063c6fc064648 (anonymous namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&) /home/htx/Documents/llvm19/llvm-project/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:616:74
#25 0x000063c6fcdd28ad clang::ParseAST(clang::Sema&, bool, bool) (.localalias) /home/htx/Documents/llvm19/llvm-project/clang/lib/Parse/ParseAST.cpp:191:14
#26 0x000063c6fa2544e6 clang::ASTFrontendAction::ExecuteAction() (.localalias) /home/htx/Documents/llvm19/llvm-project/clang/lib/Frontend/FrontendAction.cpp:1192:11
#27 0x000063c6fa253da0 clang::FrontendAction::Execute() /home/htx/Documents/llvm19/llvm-project/clang/lib/Frontend/FrontendAction.cpp:1082:38
#28 0x000063c6fa159a90 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (.localalias) /home/htx/Documents/llvm19/llvm-project/clang/lib/Frontend/CompilerInstance.cpp:1061:42
#29 0x000063c6fa416209 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) /home/htx/Documents/llvm19/llvm-project/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:280:38
#30 0x000063c6f652a124 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) /home/htx/Documents/llvm19/llvm-project/clang/tools/driver/cc1_main.cpp:285:40
#31 0x000063c6f651c6d8 ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&, llvm::ToolContext const&) /home/htx/Documents/llvm19/llvm-project/clang/tools/driver/driver.cpp:215:20
#32 0x000063c6f651c8ee clang_main(int, char**, llvm::ToolContext const&)::'lambda'(llvm::SmallVectorImpl<char const*>&)::operator()(llvm::SmallVectorImpl<char const*>&) const /home/htx/Documents/llvm19/llvm-project/clang/tools/driver/driver.cpp:356:5
#33 0x000063c6f651df8b int llvm::function_ref<int (llvm::SmallVectorImpl<char const*>&)>::callback_fn<clang_main(int, char**, llvm::ToolContext const&)::'lambda'(llvm::SmallVectorImpl<char const*>&)>(long, llvm::SmallVectorImpl<char const*>&) /home/htx/Documents/llvm19/install/include/llvm/ADT/STLFunctionalExtras.h:47:3
#34 0x000063c6f9f951dd llvm::function_ref<int (llvm::SmallVectorImpl<char const*>&)>::operator()(llvm::SmallVectorImpl<char const*>&) const /home/htx/Documents/llvm19/install/include/llvm/ADT/STLFunctionalExtras.h:69:3
#35 0x000063c6f9f93ac0 clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, bool*) const::'lambda'()::operator()() const /home/htx/Documents/llvm19/llvm-project/clang/lib/Driver/Job.cpp:440:32
#36 0x000063c6f9f93f7d void llvm::function_ref<void ()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, bool*) const::'lambda'()>(long) /home/htx/Documents/llvm19/install/include/llvm/ADT/STLFunctionalExtras.h:46:40
#37 0x000063c6f8f8f5c7 llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) (.localalias) (/home/htx/Documents/llvm19/build-clang/bin/clang+0x47b15c7)
#38 0x000063c6f9f93cdd clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, bool*) const (.localalias) /home/htx/Documents/llvm19/llvm-project/clang/lib/Driver/Job.cpp:440:7
#39 0x000063c6f9f2657e clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&, clang::driver::Command const*&, bool) const (.localalias) /home/htx/Documents/llvm19/llvm-project/clang/lib/Driver/Compilation.cpp:199:22
#40 0x000063c6f9f2690c clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*> >&, bool) const /home/htx/Documents/llvm19/llvm-project/clang/lib/Driver/Compilation.cpp:253:62
#41 0x000063c6f9f3a349 clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*> >&) /home/htx/Documents/llvm19/llvm-project/clang/lib/Driver/Driver.cpp:1946:28
#42 0x000063c6f651daca clang_main(int, char**, llvm::ToolContext const&) /home/htx/Documents/llvm19/llvm-project/clang/tools/driver/driver.cpp:391:39
#43 0x000063c6f6555a1a main /home/htx/Documents/llvm19/build-clang/tools/driver/clang-driver.cpp:17:20
#44 0x0000728d79c29d90 (/lib/x86_64-linux-gnu/libc.so.6+0x29d90)
#45 0x0000728d79c29e40 __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e40)
#46 0x000063c6f651ba95 _start (/home/htx/Documents/llvm19/build-clang/bin/clang+0x1d3da95)
clang: error: clang frontend command failed with exit code 134 (use -v to see invocation)

[llvmbot]

@llvm/issue-subscribers-clang-static-analyzer

Author: Tianxing He (tianxinghe)

commit 3e47883 (HEAD -> main, origin/main, origin/HEAD) Author: Giulio Eulisse <10544+ktf@users.noreply.github.com> Date: Thu Sep 5 10:16:51 2024 +0200

Recover performance loss after PagedVector introduction (#<!-- -->67972)

clang --analyze
code.zip

clang: /home/htx/Documents/llvm19/llvm-project/clang/lib/StaticAnalyzer/Checkers/StackAddrEscapeChecker.cpp:341: std::optional<std::__cxx11::basic_string<char> > printReferrer(const clang::ento::MemRegion*): Assertion `false && "Unexpected referrer region type."' failed.
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0. Program arguments: /home/htx/Documents/llvm19/build-clang/bin/clang --analyze 4.c

1. <eof> parser at end of file
2. While analyzing stack:
   #0 Calling func4 at line 1558
   #1 Calling main
   #0 0x000063c6f904aaef llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (.localalias) (/home/htx/Documents/llvm19/build-clang/bin/clang+0x486caef)
   #1 0x000063c6f9048b3c llvm::sys::CleanupOnSignal(unsigned long) (/home/htx/Documents/llvm19/build-clang/bin/clang+0x486ab3c)
   #2 0x000063c6f8f8f148 CrashRecoverySignalHandler(int) (/home/htx/Documents/llvm19/build-clang/bin/clang+0x47b1148)
   #3 0x0000728d79c42520 (/lib/x86_64-linux-gnu/libc.so.6+0x42520)
   #4 0x0000728d79c969fc pthread_kill (/lib/x86_64-linux-gnu/libc.so.6+0x969fc)
   #5 0x0000728d79c42476 raise (/lib/x86_64-linux-gnu/libc.so.6+0x42476)
   #6 0x0000728d79c287f3 abort (/lib/x86_64-linux-gnu/libc.so.6+0x287f3)
   #7 0x0000728d79c2871b (/lib/x86_64-linux-gnu/libc.so.6+0x2871b)
   #8 0x0000728d79c39e96 (/lib/x86_64-linux-gnu/libc.so.6+0x39e96)
   #9 0x000063c6fc7958ad printReferrer[abi:cxx11](clang::ento::MemRegion const*) (.localalias) /home/htx/Documents/llvm19/llvm-project/clang/lib/StaticAnalyzer/Checkers/StackAddrEscapeChecker.cpp:345:3
   #10 0x000063c6fc79634f (anonymous namespace)::StackAddrEscapeChecker::checkEndFunction(clang::ReturnStmt const*, clang::ento::CheckerContext&) const /home/htx/Documents/llvm19/llvm-project/clang/lib/StaticAnalyzer/Checkers/StackAddrEscapeChecker.cpp:517:10
   #11 0x000063c6fc796c18 void clang::ento::check::EndFunction::_checkEndFunction<(anonymous namespace)::StackAddrEscapeChecker>(void*, clang::ReturnStmt const*, clang::ento::CheckerContext&) /home/htx/Documents/llvm19/llvm-project/clang/include/clang/StaticAnalyzer/Core/Checker.h:258:3
   #12 0x000063c6fcba5996 clang::ento::CheckerFn<void (clang::ReturnStmt const*, clang::ento::CheckerContext&)>::operator()(clang::ReturnStmt const*, clang::ento::CheckerContext&) const /home/htx/Documents/llvm19/llvm-project/clang/include/clang/StaticAnalyzer/Core/CheckerManager.h:72:29
   #13 0x000063c6fcb9f69a clang::ento::CheckerManager::runCheckersForEndFunction(clang::ento::NodeBuilderContext&, clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNode*, clang::ento::ExprEngine&, clang::ReturnStmt const*) /home/htx/Documents/llvm19/llvm-project/clang/lib/StaticAnalyzer/Core/CheckerManager.cpp:456:30
   #14 0x000063c6fcbfd944 clang::ento::ExprEngine::processEndOfFunction(clang::ento::NodeBuilderContext&, clang::ento::ExplodedNode*, clang::ReturnStmt const*) /home/htx/Documents/llvm19/llvm-project/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:2986:30
   #15 0x000063c6fcbbea30 clang::ento::CoreEngine::HandleBlockEdge(clang::BlockEdge const&, clang::ento::ExplodedNode*) (.localalias) /home/htx/Documents/llvm19/llvm-project/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:276:5
   #16 0x000063c6fcbbe308 clang::ento::CoreEngine::dispatchWorkItem(clang::ento::ExplodedNode*, clang::ProgramPoint, clang::ento::WorkListUnit const&) (.localalias) /home/htx/Documents/llvm19/llvm-project/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:188:7
   #17 0x000063c6fcbbdcf5 clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*, unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>)::'lambda'(unsigned int)::operator()(unsigned int) const /home/htx/Documents/llvm19/llvm-project/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:159:23
   #18 0x000063c6fcbbe0f2 clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*, unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>) /home/htx/Documents/llvm19/llvm-project/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:163:41
   #19 0x000063c6fc0daf7e clang::ento::ExprEngine::ExecuteWorkList(clang::LocationContext const*, unsigned int) /home/htx/Documents/llvm19/llvm-project/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h:192:34
   #20 0x000063c6fc064fd1 (anonymous namespace)::AnalysisConsumer::RunPathSensitiveChecks(clang::Decl*, clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*, llvm::DenseMapInfo<clang::Decl const*, void> >) /home/htx/Documents/llvm19/llvm-project/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:731:22
   #21 0x000063c6fc064d23 (anonymous namespace)::AnalysisConsumer::HandleCode(clang::Decl, unsigned int, clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*, llvm::DenseMapInfo<clang::Decl const*, void> >) /home/htx/Documents/llvm19/llvm-project/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:700:5
   #22 0x000063c6fc063d3c (anonymous namespace)::AnalysisConsumer::HandleDeclsCallGraph(unsigned int) /home/htx/Documents/llvm19/llvm-project/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:490:31
   #23 0x000063c6fc0642d8 (anonymous namespace)::AnalysisConsumer::runAnalysisOnTranslationUnit(clang::ASTContext&) /home/htx/Documents/llvm19/llvm-project/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:561:48
   #24 0x000063c6fc064648 (anonymous namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&) /home/htx/Documents/llvm19/llvm-project/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:616:74
   #25 0x000063c6fcdd28ad clang::ParseAST(clang::Sema&, bool, bool) (.localalias) /home/htx/Documents/llvm19/llvm-project/clang/lib/Parse/ParseAST.cpp:191:14
   #26 0x000063c6fa2544e6 clang::ASTFrontendAction::ExecuteAction() (.localalias) /home/htx/Documents/llvm19/llvm-project/clang/lib/Frontend/FrontendAction.cpp:1192:11
   #27 0x000063c6fa253da0 clang::FrontendAction::Execute() /home/htx/Documents/llvm19/llvm-project/clang/lib/Frontend/FrontendAction.cpp:1082:38
   #28 0x000063c6fa159a90 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (.localalias) /home/htx/Documents/llvm19/llvm-project/clang/lib/Frontend/CompilerInstance.cpp:1061:42
   #29 0x000063c6fa416209 clang::ExecuteCompilerInvocation(clang::CompilerInstance) /home/htx/Documents/llvm19/llvm-project/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:280:38
   #30 0x000063c6f652a124 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) /home/htx/Documents/llvm19/llvm-project/clang/tools/driver/cc1_main.cpp:285:40
   #31 0x000063c6f651c6d8 ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&, llvm::ToolContext const&) /home/htx/Documents/llvm19/llvm-project/clang/tools/driver/driver.cpp:215:20
   #32 0x000063c6f651c8ee clang_main(int, char**, llvm::ToolContext const&)::'lambda'(llvm::SmallVectorImpl<char const*>&)::operator()(llvm::SmallVectorImpl<char const*>&) const /home/htx/Documents/llvm19/llvm-project/clang/tools/driver/driver.cpp:356:5
   #33 0x000063c6f651df8b int llvm::function_ref<int (llvm::SmallVectorImpl<char const*>&)>::callback_fn<clang_main(int, char**, llvm::ToolContext const&)::'lambda'(llvm::SmallVectorImpl<char const*>&)>(long, llvm::SmallVectorImpl<char const*>&) /home/htx/Documents/llvm19/install/include/llvm/ADT/STLFunctionalExtras.h:47:3
   #34 0x000063c6f9f951dd llvm::function_ref<int (llvm::SmallVectorImpl<char const*>&)>::operator()(llvm::SmallVectorImpl<char const*>&) const /home/htx/Documents/llvm19/install/include/llvm/ADT/STLFunctionalExtras.h:69:3
   #35 0x000063c6f9f93ac0 clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, bool) const::'lambda'()::operator()() const /home/htx/Documents/llvm19/llvm-project/clang/lib/Driver/Job.cpp:440:32
   #36 0x000063c6f9f93f7d void llvm::function_ref<void ()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, bool) const::'lambda'()>(long) /home/htx/Documents/llvm19/install/include/llvm/ADT/STLFunctionalExtras.h:46:40
   #37 0x000063c6f8f8f5c7 llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) (.localalias) (/home/htx/Documents/llvm19/build-clang/bin/clang+0x47b15c7)
   #38 0x000063c6f9f93cdd clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, bool) const (.localalias) /home/htx/Documents/llvm19/llvm-project/clang/lib/Driver/Job.cpp:440:7
   #39 0x000063c6f9f2657e clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&, clang::driver::Command const*&, bool) const (.localalias) /home/htx/Documents/llvm19/llvm-project/clang/lib/Driver/Compilation.cpp:199:22
   #40 0x000063c6f9f2690c clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*> >&, bool) const /home/htx/Documents/llvm19/llvm-project/clang/lib/Driver/Compilation.cpp:253:62
   #41 0x000063c6f9f3a349 clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*> >&) /home/htx/Documents/llvm19/llvm-project/clang/lib/Driver/Driver.cpp:1946:28
   #42 0x000063c6f651daca clang_main(int, char**, llvm::ToolContext const&) /home/htx/Documents/llvm19/llvm-project/clang/tools/driver/driver.cpp:391:39
   #43 0x000063c6f6555a1a main /home/htx/Documents/llvm19/build-clang/tools/driver/clang-driver.cpp:17:20
   #44 0x0000728d79c29d90 (/lib/x86_64-linux-gnu/libc.so.6+0x29d90)
   #45 0x0000728d79c29e40 __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e40)
   #46 0x000063c6f651ba95 _start (/home/htx/Documents/llvm19/build-clang/bin/clang+0x1d3da95)
   clang: error: clang frontend command failed with exit code 134 (use -v to see invocation)

[steakhal]

I'll have a look tomorrow.

[tianxinghe]

I am trying to minimize it and will put it up tomorrow. （may be 12 hours later）

…

---Original---&nbsp; From: "Balazs ***@***.***&gt; Date: Tue, Sep 10, 2024 00:56 AM To: ***@***.***&gt;; Cc: "Tianxing ***@***.******@***.***&gt;; Subject: Re: [llvm/llvm-project] [clang static analyzer] Crash inprintReferrer(const clang::ento::MemRegion*): Assertion `false &amp;&amp; "Unexpectedreferrer region type."' failed. (Issue #107852) I'll have a look tomorrow. — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: ***@***.***&gt;

[tianxinghe]

I'll have a look tomorrow.

command : clang --analyze
What confuses me is that the checker did not crash when executing the following command :
clang --analyze --analyzer-no-default-checks -Xanalyzer -analyzer-checker=core.NullDereference -Xanalyzer -analyzer-config -Xanalyzer -mode=deep -Xanalyzer -analyzer-output=text

Meanwhile, in version 18.1.0, when executing -- analyze, the null pointer dereference bug can be correctly detected:
https://godbolt.org/z/MaEvnjaKe

But when performing the dereference check alone, the bug cannot be detected normally
https://godbolt.org/z/c7Gc1dbds

minimal version:

#include <alloca.h>

void func(int**);

int main(int argc, char ** argv) {
  int** v1;
  int*** v2;
  int** v3;

  v1 = (int**) alloca(sizeof(int*));
  v2 = (int***) alloca(sizeof(int**));
  *v2 = v1;
  v3 = *v2;
  func(v3);
  return 0;
}

void func(int** a1) {
  int* v1;
  int v2; 
  int* v3;

  v1 = (&v2);
  v3 = v1;
  *v3 = 1;
  *a1 = v3;
  return;
}

[tianxinghe]

I'll have a look tomorrow.

I would like to inquire about a few things:

Will the analyzer stop checking if there are too many variables related to input values?
Is the analyzer currently capable of solving constraints related to floating-point values?
Does the analyzer now support checking union and VectorType?

[necto]

Hi @tianxinghe

I confirm that I could reproduce the crash you reported. I'll look into it be cause it crashes on the as I introduced the failing assertion.

Will the analyzer stop checking if there are too many variables related to input values?

Could you, please, reformulate your question? I did not understand what "too many variables related to input values" means.

Is the analyzer currently capable of solving constraints related to floating-point values?

Clang Static Analyzer currently ignores floating-point values.

Does the analyzer now support checking union and VectorType?

AFAIK, the analyzer can work with a union as long as you access the same field. Once you access a different field, it forgets all it knows about the union.
What do you mean by VectorType?