Skip to content

[analyzer] alpha.cplusplus.InvalidatedIterator checker crashes on c++23 code with deducing this #116372

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
michael-jabbour-sonarsource opened this issue Nov 15, 2024 · 1 comment
Closed

[analyzer] alpha.cplusplus.InvalidatedIterator checker crashes on c++23 code with deducing this #116372

michael-jabbour-sonarsource opened this issue Nov 15, 2024 · 1 comment
Labels
c++23 clang:static analyzer crash Prefer [crash-on-valid] or [crash-on-invalid]

Comments

@michael-jabbour-sonarsource
Copy link
Contributor

michael-jabbour-sonarsource commented Nov 15, 2024
edited
Loading

The following example:

// clang-19 -std=c++23 --analyze -Xclang -analyzer-config -Xclang aggressive-binary-operation-simplification=true -Xclang -analyzer-checker=alpha.cplusplus.InvalidatedIterator -Xclang -analyzer-output=text file.cpp
class ExplicitThis {
  int f = 0;
public:
  ExplicitThis();
  ExplicitThis(ExplicitThis& other);

  ExplicitThis& operator=(this ExplicitThis& self, ExplicitThis const& other) {
    self.f = other.f;
    return self;
  }

  ~ExplicitThis();
};

void func(ExplicitThis& obj1) {
    obj1 = obj1;
}

crashes the analyzer (both when assertions are enabled and disabled).

Stack trace:

clang++: /root/llvm-project/llvm/include/llvm/Support/Casting.h:578: decltype(auto) llvm::cast(From*) [with To = clang::ento::CXXInstanceCall; From = const clang::ento::CallEvent]: Assertion `isa<To>(Val) && "cast<Ty>() argument of incompatible type!"' failed.
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.	Program arguments: /opt/compiler-explorer/clang-assertions-19.1.0/bin/clang++ -gdwarf-4 -g -o /app/output.s -mllvm --x86-asm-syntax=intel -fno-verbose-asm -S --gcc-toolchain=/opt/compiler-explorer/gcc-14.2.0 -fcolor-diagnostics -fno-crash-diagnostics -std=c++23 --analyze -Xclang -analyzer-config -Xclang aggressive-binary-operation-simplification=true -Xclang -analyzer-checker=alpha.cplusplus.InvalidatedIterator -Xclang -analyzer-output=text <source>
1.	<eof> parser at end of file
2.	While analyzing stack: 
	#0 Calling ExplicitThis::operator=(ExplicitThis &, const ExplicitThis &) at line 16
	#1 Calling func(ExplicitThis &)
 #0 0x0000000003ae9978 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/opt/compiler-explorer/clang-assertions-19.1.0/bin/clang+++0x3ae9978)
 #1 0x0000000003ae766c llvm::sys::CleanupOnSignal(unsigned long) (/opt/compiler-explorer/clang-assertions-19.1.0/bin/clang+++0x3ae766c)
 #2 0x0000000003a308f8 CrashRecoverySignalHandler(int) CrashRecoveryContext.cpp:0:0
 #3 0x0000786312842520 (/lib/x86_64-linux-gnu/libc.so.6+0x42520)
 #4 0x00007863128969fc pthread_kill (/lib/x86_64-linux-gnu/libc.so.6+0x969fc)
 #5 0x0000786312842476 gsignal (/lib/x86_64-linux-gnu/libc.so.6+0x42476)
 #6 0x00007863128287f3 abort (/lib/x86_64-linux-gnu/libc.so.6+0x287f3)
 #7 0x000078631282871b (/lib/x86_64-linux-gnu/libc.so.6+0x2871b)
 #8 0x0000786312839e96 (/lib/x86_64-linux-gnu/libc.so.6+0x39e96)
 #9 0x0000000005e2a5d7 void clang::ento::check::PostCall::_checkCall<(anonymous namespace)::ContainerModeling>(void*, clang::ento::CallEvent const&, clang::ento::CheckerContext&) ContainerModeling.cpp:0:0
#10 0x000000000634bde9 void expandGraphWithCheckers<(anonymous namespace)::CheckCallContext>((anonymous namespace)::CheckCallContext, clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNodeSet const&) CheckerManager.cpp:0:0
#11 0x000000000634bfba clang::ento::CheckerManager::runCheckersForCallEvent(bool, clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNodeSet const&, clang::ento::CallEvent const&, clang::ento::ExprEngine&, bool) (/opt/compiler-explorer/clang-assertions-19.1.0/bin/clang+++0x634bfba)
#12 0x00000000063bef7d clang::ento::ExprEngine::processCallExit(clang::ento::ExplodedNode*) (/opt/compiler-explorer/clang-assertions-19.1.0/bin/clang+++0x63bef7d)
#13 0x0000000006355a4c clang::ento::CoreEngine::dispatchWorkItem(clang::ento::ExplodedNode*, clang::ProgramPoint, clang::ento::WorkListUnit const&) (/opt/compiler-explorer/clang-assertions-19.1.0/bin/clang+++0x6355a4c)
#14 0x0000000006355d7a clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*, unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>) (/opt/compiler-explorer/clang-assertions-19.1.0/bin/clang+++0x6355d7a)
#15 0x0000000005d35621 (anonymous namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int, clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*, llvm::DenseMapInfo<clang::Decl const*, void>>*) AnalysisConsumer.cpp:0:0
#16 0x0000000005d5c842 (anonymous namespace)::AnalysisConsumer::HandleDeclsCallGraph(unsigned int) AnalysisConsumer.cpp:0:0
#17 0x0000000005d5dee6 (anonymous namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&) AnalysisConsumer.cpp:0:0
#18 0x00000000064cc55c clang::ParseAST(clang::Sema&, bool, bool) (/opt/compiler-explorer/clang-assertions-19.1.0/bin/clang+++0x64cc55c)
#19 0x0000000004684f59 clang::FrontendAction::Execute() (/opt/compiler-explorer/clang-assertions-19.1.0/bin/clang+++0x4684f59)
#20 0x0000000004609f8e clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/opt/compiler-explorer/clang-assertions-19.1.0/bin/clang+++0x4609f8e)
#21 0x000000000476e2be clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/opt/compiler-explorer/clang-assertions-19.1.0/bin/clang+++0x476e2be)
#22 0x0000000000c82b7f cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/opt/compiler-explorer/clang-assertions-19.1.0/bin/clang+++0xc82b7f)
#23 0x0000000000c7bcda ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&, llvm::ToolContext const&) driver.cpp:0:0
#24 0x000000000443cba9 void llvm::function_ref<void ()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const::'lambda'()>(long) Job.cpp:0:0
#25 0x0000000003a30da4 llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) (/opt/compiler-explorer/clang-assertions-19.1.0/bin/clang+++0x3a30da4)
#26 0x000000000443d19f clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const (.part.0) Job.cpp:0:0
#27 0x0000000004402c05 clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&, clang::driver::Command const*&, bool) const (/opt/compiler-explorer/clang-assertions-19.1.0/bin/clang+++0x4402c05)
#28 0x000000000440366d clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&, bool) const (/opt/compiler-explorer/clang-assertions-19.1.0/bin/clang+++0x440366d)
#29 0x000000000440b075 clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&) (/opt/compiler-explorer/clang-assertions-19.1.0/bin/clang+++0x440b075)
#30 0x0000000000c7fe95 clang_main(int, char**, llvm::ToolContext const&) (/opt/compiler-explorer/clang-assertions-19.1.0/bin/clang+++0xc7fe95)
#31 0x0000000000b547a4 main (/opt/compiler-explorer/clang-assertions-19.1.0/bin/clang+++0xb547a4)
#32 0x0000786312829d90 (/lib/x86_64-linux-gnu/libc.so.6+0x29d90)
#33 0x0000786312829e40 __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e40)
#34 0x0000000000c7b78e _start (/opt/compiler-explorer/clang-assertions-19.1.0/bin/clang+++0xc7b78e)
clang++: error: clang frontend command failed with exit code 134 (use -v to see invocation)
Compiler returned: 134

Compiler Explorer link: https://godbolt.org/z/rbTfGorMK
@github-actions github-actions bot added the clang Clang issues not falling into any other category label Nov 15, 2024
@michael-jabbour-sonarsource michael-jabbour-sonarsource changed the title [clang] alpha.cplusplus.InvalidatedIterator checker crashes on c++23 code with deducing this [analyzer] alpha.cplusplus.InvalidatedIterator checker crashes on c++23 code with deducing this Nov 15, 2024
@EugeneZelenko EugeneZelenko added clang:static analyzer crash Prefer [crash-on-valid] or [crash-on-invalid] c++23 and removed clang Clang issues not falling into any other category labels Nov 15, 2024
@llvmbot
Copy link
Member

llvmbot commented Nov 15, 2024

@llvm/issue-subscribers-clang-static-analyzer

Author: Michael Jabbour (michael-jabbour-sonarsource)

The following example: 
// clang-19 -std=c++23 --analyze -Xclang -analyzer-config -Xclang aggressive-binary-operation-simplification=true -Xclang -analyzer-checker=alpha.cplusplus.InvalidatedIterator -Xclang -analyzer-output=text file.cpp
class ExplicitThis {
  int f = 0;
public:
  ExplicitThis();
  ExplicitThis(ExplicitThis&amp; other);

  ExplicitThis&amp; operator=(this ExplicitThis&amp; self, ExplicitThis const&amp; other) {
    self.f = other.f;
    return self;
  }

  ~ExplicitThis();
};

void func(ExplicitThis&amp; obj1) {
    obj1 = obj1;
}

crashes the analyzer (both when assertions are enabled and disabled).

Stack trace:

clang++: /root/llvm-project/llvm/include/llvm/Support/Casting.h:578: decltype(auto) llvm::cast(From*) [with To = clang::ento::CXXInstanceCall; From = const clang::ento::CallEvent]: Assertion `isa&lt;To&gt;(Val) &amp;&amp; "cast&lt;Ty&gt;() argument of incompatible type!"' failed.
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.	Program arguments: /opt/compiler-explorer/clang-assertions-19.1.0/bin/clang++ -gdwarf-4 -g -o /app/output.s -mllvm --x86-asm-syntax=intel -fno-verbose-asm -S --gcc-toolchain=/opt/compiler-explorer/gcc-14.2.0 -fcolor-diagnostics -fno-crash-diagnostics -std=c++23 --analyze -Xclang -analyzer-config -Xclang aggressive-binary-operation-simplification=true -Xclang -analyzer-checker=alpha.cplusplus.InvalidatedIterator -Xclang -analyzer-output=text &lt;source&gt;
1.	&lt;eof&gt; parser at end of file
2.	While analyzing stack: 
	#<!-- -->0 Calling ExplicitThis::operator=(ExplicitThis &amp;, const ExplicitThis &amp;) at line 16
	#<!-- -->1 Calling func(ExplicitThis &amp;)
 #<!-- -->0 0x0000000003ae9978 llvm::sys::PrintStackTrace(llvm::raw_ostream&amp;, int) (/opt/compiler-explorer/clang-assertions-19.1.0/bin/clang+++0x3ae9978)
 #<!-- -->1 0x0000000003ae766c llvm::sys::CleanupOnSignal(unsigned long) (/opt/compiler-explorer/clang-assertions-19.1.0/bin/clang+++0x3ae766c)
 #<!-- -->2 0x0000000003a308f8 CrashRecoverySignalHandler(int) CrashRecoveryContext.cpp:0:0
 #<!-- -->3 0x0000786312842520 (/lib/x86_64-linux-gnu/libc.so.6+0x42520)
 #<!-- -->4 0x00007863128969fc pthread_kill (/lib/x86_64-linux-gnu/libc.so.6+0x969fc)
 #<!-- -->5 0x0000786312842476 gsignal (/lib/x86_64-linux-gnu/libc.so.6+0x42476)
 #<!-- -->6 0x00007863128287f3 abort (/lib/x86_64-linux-gnu/libc.so.6+0x287f3)
 #<!-- -->7 0x000078631282871b (/lib/x86_64-linux-gnu/libc.so.6+0x2871b)
 #<!-- -->8 0x0000786312839e96 (/lib/x86_64-linux-gnu/libc.so.6+0x39e96)
 #<!-- -->9 0x0000000005e2a5d7 void clang::ento::check::PostCall::_checkCall&lt;(anonymous namespace)::ContainerModeling&gt;(void*, clang::ento::CallEvent const&amp;, clang::ento::CheckerContext&amp;) ContainerModeling.cpp:0:0
#<!-- -->10 0x000000000634bde9 void expandGraphWithCheckers&lt;(anonymous namespace)::CheckCallContext&gt;((anonymous namespace)::CheckCallContext, clang::ento::ExplodedNodeSet&amp;, clang::ento::ExplodedNodeSet const&amp;) CheckerManager.cpp:0:0
#<!-- -->11 0x000000000634bfba clang::ento::CheckerManager::runCheckersForCallEvent(bool, clang::ento::ExplodedNodeSet&amp;, clang::ento::ExplodedNodeSet const&amp;, clang::ento::CallEvent const&amp;, clang::ento::ExprEngine&amp;, bool) (/opt/compiler-explorer/clang-assertions-19.1.0/bin/clang+++0x634bfba)
#<!-- -->12 0x00000000063bef7d clang::ento::ExprEngine::processCallExit(clang::ento::ExplodedNode*) (/opt/compiler-explorer/clang-assertions-19.1.0/bin/clang+++0x63bef7d)
#<!-- -->13 0x0000000006355a4c clang::ento::CoreEngine::dispatchWorkItem(clang::ento::ExplodedNode*, clang::ProgramPoint, clang::ento::WorkListUnit const&amp;) (/opt/compiler-explorer/clang-assertions-19.1.0/bin/clang+++0x6355a4c)
#<!-- -->14 0x0000000006355d7a clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*, unsigned int, llvm::IntrusiveRefCntPtr&lt;clang::ento::ProgramState const&gt;) (/opt/compiler-explorer/clang-assertions-19.1.0/bin/clang+++0x6355d7a)
#<!-- -->15 0x0000000005d35621 (anonymous namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int, clang::ento::ExprEngine::InliningModes, llvm::DenseSet&lt;clang::Decl const*, llvm::DenseMapInfo&lt;clang::Decl const*, void&gt;&gt;*) AnalysisConsumer.cpp:0:0
#<!-- -->16 0x0000000005d5c842 (anonymous namespace)::AnalysisConsumer::HandleDeclsCallGraph(unsigned int) AnalysisConsumer.cpp:0:0
#<!-- -->17 0x0000000005d5dee6 (anonymous namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&amp;) AnalysisConsumer.cpp:0:0
#<!-- -->18 0x00000000064cc55c clang::ParseAST(clang::Sema&amp;, bool, bool) (/opt/compiler-explorer/clang-assertions-19.1.0/bin/clang+++0x64cc55c)
#<!-- -->19 0x0000000004684f59 clang::FrontendAction::Execute() (/opt/compiler-explorer/clang-assertions-19.1.0/bin/clang+++0x4684f59)
#<!-- -->20 0x0000000004609f8e clang::CompilerInstance::ExecuteAction(clang::FrontendAction&amp;) (/opt/compiler-explorer/clang-assertions-19.1.0/bin/clang+++0x4609f8e)
#<!-- -->21 0x000000000476e2be clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/opt/compiler-explorer/clang-assertions-19.1.0/bin/clang+++0x476e2be)
#<!-- -->22 0x0000000000c82b7f cc1_main(llvm::ArrayRef&lt;char const*&gt;, char const*, void*) (/opt/compiler-explorer/clang-assertions-19.1.0/bin/clang+++0xc82b7f)
#<!-- -->23 0x0000000000c7bcda ExecuteCC1Tool(llvm::SmallVectorImpl&lt;char const*&gt;&amp;, llvm::ToolContext const&amp;) driver.cpp:0:0
#<!-- -->24 0x000000000443cba9 void llvm::function_ref&lt;void ()&gt;::callback_fn&lt;clang::driver::CC1Command::Execute(llvm::ArrayRef&lt;std::optional&lt;llvm::StringRef&gt;&gt;, std::__cxx11::basic_string&lt;char, std::char_traits&lt;char&gt;, std::allocator&lt;char&gt;&gt;*, bool*) const::'lambda'()&gt;(long) Job.cpp:0:0
#<!-- -->25 0x0000000003a30da4 llvm::CrashRecoveryContext::RunSafely(llvm::function_ref&lt;void ()&gt;) (/opt/compiler-explorer/clang-assertions-19.1.0/bin/clang+++0x3a30da4)
#<!-- -->26 0x000000000443d19f clang::driver::CC1Command::Execute(llvm::ArrayRef&lt;std::optional&lt;llvm::StringRef&gt;&gt;, std::__cxx11::basic_string&lt;char, std::char_traits&lt;char&gt;, std::allocator&lt;char&gt;&gt;*, bool*) const (.part.0) Job.cpp:0:0
#<!-- -->27 0x0000000004402c05 clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&amp;, clang::driver::Command const*&amp;, bool) const (/opt/compiler-explorer/clang-assertions-19.1.0/bin/clang+++0x4402c05)
#<!-- -->28 0x000000000440366d clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&amp;, llvm::SmallVectorImpl&lt;std::pair&lt;int, clang::driver::Command const*&gt;&gt;&amp;, bool) const (/opt/compiler-explorer/clang-assertions-19.1.0/bin/clang+++0x440366d)
#<!-- -->29 0x000000000440b075 clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&amp;, llvm::SmallVectorImpl&lt;std::pair&lt;int, clang::driver::Command const*&gt;&gt;&amp;) (/opt/compiler-explorer/clang-assertions-19.1.0/bin/clang+++0x440b075)
#<!-- -->30 0x0000000000c7fe95 clang_main(int, char**, llvm::ToolContext const&amp;) (/opt/compiler-explorer/clang-assertions-19.1.0/bin/clang+++0xc7fe95)
#<!-- -->31 0x0000000000b547a4 main (/opt/compiler-explorer/clang-assertions-19.1.0/bin/clang+++0xb547a4)
#<!-- -->32 0x0000786312829d90 (/lib/x86_64-linux-gnu/libc.so.6+0x29d90)
#<!-- -->33 0x0000786312829e40 __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e40)
#<!-- -->34 0x0000000000c7b78e _start (/opt/compiler-explorer/clang-assertions-19.1.0/bin/clang+++0xc7b78e)
clang++: error: clang frontend command failed with exit code 134 (use -v to see invocation)
Compiler returned: 134

Compiler Explorer link: https://godbolt.org/z/rbTfGorMK

@flovent flovent mentioned this issue Mar 23, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
c++23 clang:static analyzer crash Prefer [crash-on-valid] or [crash-on-invalid]
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@EugeneZelenko @llvmbot @michael-jabbour-sonarsource