Skip to content

[analyzer] Clang-19 crash: Assertion `isa<To>(Val) && "cast<Ty>() argument of incompatible type!"' failed. #89185

New issue
New issue
Closed
#89265
Closed
[analyzer] Clang-19 crash: Assertion `isa<To>(Val) && "cast<Ty>() argument of incompatible type!"' failed.#89185
#89265
Labels
clang:static analyzercrashPrefer [crash-on-valid] or [crash-on-invalid]
@iamanonymouscs

Description

@iamanonymouscs
iamanonymouscs
opened on Apr 18, 2024

Clang-19 with --analyze -c crashes on the test case.

Compiler explorer(assertion trunck): https://godbolt.org/z/6158W6bqo

$cat mutant.c
void a() {
  char *b = &&c;
  *b = 0;
c:
}

$clang-19 --analyze -c mutant.c
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.      Program arguments: clang-19 --analyze -c mutant.c
1.      <eof> parser at end of file
2.      While analyzing stack: 
        #0 Calling a
3.      mutant.c:3:3: Error evaluating statement
4.      mutant.c:3:3: Error evaluating statement
 #0 0x00007f071759c216 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/usr/lib/llvm-19/bin/../lib/libLLVM.so.19.0+0xdc1216)
 #1 0x00007f0717599ec0 llvm::sys::RunSignalHandlers() (/usr/lib/llvm-19/bin/../lib/libLLVM.so.19.0+0xdbeec0)
 #2 0x00007f071759b5f4 llvm::sys::CleanupOnSignal(unsigned long) (/usr/lib/llvm-19/bin/../lib/libLLVM.so.19.0+0xdc05f4)
 #3 0x00007f07174e9430 (/usr/lib/llvm-19/bin/../lib/libLLVM.so.19.0+0xd0e430)
 #4 0x00007f0721f8b980 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x12980)
 #5 0x00007f0720d006f0 clang::ento::MemRegion::getBaseRegion() const (/usr/lib/llvm-19/bin/../lib/libclang-cpp.so.19.0+0x2dcc6f0)
 #6 0x00007f0720d3bb18 (/usr/lib/llvm-19/bin/../lib/libclang-cpp.so.19.0+0x2e07b18)
 #7 0x00007f0720d3a0ed (/usr/lib/llvm-19/bin/../lib/libclang-cpp.so.19.0+0x2e060ed)
 #8 0x00007f0720d31d88 (/usr/lib/llvm-19/bin/../lib/libclang-cpp.so.19.0+0x2dfdd88)
 #9 0x00007f0720d0cf2f clang::ento::ProgramState::bindLoc(clang::ento::Loc, clang::ento::SVal, clang::LocationContext const*, bool) const (/usr/lib/llvm-19/bin/../lib/libclang-cpp.so.19.0+0x2dd8f2f)
#10 0x00007f0720cc72ac clang::ento::ExprEngine::evalBind(clang::ento::ExplodedNodeSet&, clang::Stmt const*, clang::ento::ExplodedNode*, clang::ento::SVal, clang::ento::SVal, bool, clang::ProgramPoint const*) (/usr/lib/llvm-19/bin/../lib/libclang-cpp.so.19.0+0x2d932ac)
#11 0x00007f0720ccf81f clang::ento::ExprEngine::evalStore(clang::ento::ExplodedNodeSet&, clang::Expr const*, clang::Expr const*, clang::ento::ExplodedNode*, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>, clang::ento::SVal, clang::ento::SVal, clang::ProgramPointTag const*) (/usr/lib/llvm-19/bin/../lib/libclang-cpp.so.19.0+0x2d9b81f)
#12 0x00007f0720cd8f87 clang::ento::ExprEngine::VisitBinaryOperator(clang::BinaryOperator const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) (/usr/lib/llvm-19/bin/../lib/libclang-cpp.so.19.0+0x2da4f87)
#13 0x00007f0720cc6c53 clang::ento::ExprEngine::Visit(clang::Stmt const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) (/usr/lib/llvm-19/bin/../lib/libclang-cpp.so.19.0+0x2d92c53)
#14 0x00007f0720cc2e13 clang::ento::ExprEngine::ProcessStmt(clang::Stmt const*, clang::ento::ExplodedNode*) (/usr/lib/llvm-19/bin/../lib/libclang-cpp.so.19.0+0x2d8ee13)
#15 0x00007f0720cc2b3f clang::ento::ExprEngine::processCFGElement(clang::CFGElement, clang::ento::ExplodedNode*, unsigned int, clang::ento::NodeBuilderContext*) (/usr/lib/llvm-19/bin/../lib/libclang-cpp.so.19.0+0x2d8eb3f)
#16 0x00007f0720ca9b32 clang::ento::CoreEngine::dispatchWorkItem(clang::ento::ExplodedNode*, clang::ProgramPoint, clang::ento::WorkListUnit const&) (/usr/lib/llvm-19/bin/../lib/libclang-cpp.so.19.0+0x2d75b32)
#17 0x00007f0720ca96d1 clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*, unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>) (/usr/lib/llvm-19/bin/../lib/libclang-cpp.so.19.0+0x2d756d1)
#18 0x00007f07210ca595 (/usr/lib/llvm-19/bin/../lib/libclang-cpp.so.19.0+0x3196595)
#19 0x00007f07210aa35f (/usr/lib/llvm-19/bin/../lib/libclang-cpp.so.19.0+0x317635f)
#20 0x00007f071eae4076 clang::ParseAST(clang::Sema&, bool, bool) (/usr/lib/llvm-19/bin/../lib/libclang-cpp.so.19.0+0xbb0076)
#21 0x00007f07209e1825 clang::FrontendAction::Execute() (/usr/lib/llvm-19/bin/../lib/libclang-cpp.so.19.0+0x2aad825)
#22 0x00007f072095d0d4 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/usr/lib/llvm-19/bin/../lib/libclang-cpp.so.19.0+0x2a290d4)
#23 0x00007f0720a5af7e clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/usr/lib/llvm-19/bin/../lib/libclang-cpp.so.19.0+0x2b26f7e)
#24 0x000055be870befad cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/usr/lib/llvm-19/bin/clang+0x12fad)
#25 0x000055be870bc075 (/usr/lib/llvm-19/bin/clang+0x10075)
#26 0x00007f07205ed439 (/usr/lib/llvm-19/bin/../lib/libclang-cpp.so.19.0+0x26b9439)
#27 0x00007f07174e91dc llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) (/usr/lib/llvm-19/bin/../lib/libLLVM.so.19.0+0xd0e1dc)
#28 0x00007f07205ecdfe clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const (/usr/lib/llvm-19/bin/../lib/libclang-cpp.so.19.0+0x26b8dfe)
#29 0x00007f07205b4901 clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&, clang::driver::Command const*&, bool) const (/usr/lib/llvm-19/bin/../lib/libclang-cpp.so.19.0+0x2680901)
#30 0x00007f07205b4b4e clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&, bool) const (/usr/lib/llvm-19/bin/../lib/libclang-cpp.so.19.0+0x2680b4e)
#31 0x00007f07205d16cc clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&) (/usr/lib/llvm-19/bin/../lib/libclang-cpp.so.19.0+0x269d6cc)
#32 0x000055be870bb9e5 clang_main(int, char**, llvm::ToolContext const&) (/usr/lib/llvm-19/bin/clang+0xf9e5)
#33 0x000055be870c9556 main (/usr/lib/llvm-19/bin/clang+0x1d556)
#34 0x00007f07159d5c87 __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:344:0
#35 0x000055be870b8bfa _start (/usr/lib/llvm-19/bin/clang+0xcbfa)
clang-19: error: clang frontend command failed with exit code 139 (use -v to see invocation)
Ubuntu clang version 19.0.0 (++20240301064251+dd426fa5f931-1~exp1~20240301184412.1845)
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/lib/llvm-19/bin
clang-19: note: diagnostic msg: 
********************

PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang-19: note: diagnostic msg: /tmp/mutant-9d37b7.c
clang-19: note: diagnostic msg: /tmp/mutant-9d37b7.sh
clang-19: note: diagnostic msg: 

********************

Metadata

Metadata

Assignees

No one assigned

    Labels

    clang:static analyzercrashPrefer [crash-on-valid] or [crash-on-invalid]

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions