Crashes from the analyzer recently

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Crashes from the analyzer recently

bruce.r.stephens
I've been seeing crashes (not always reproducible reliably) from the
analyzer.  I filed one or two, but it's presumably unhelpful to file
many?

I suspect some memory mishap in the recently changed MemRegion code.
valgrind seems to give similar logs for the various crashes.  Here's one
(from processing getpass.c from coreutils-8.5 on a 64-bit GNU/Linux):

==12353== Invalid read of size 4
==12353==    at 0x12E9A36: clang::MemRegion::getKind() const (MemRegion.h:118)
==12353==    by 0x12F0B83: clang::SubRegion::classof(clang::MemRegion const*) (MemRegion.h:280)
==12353==    by 0x12F4D1C: llvm::isa_impl<clang::SubRegion, clang::MemRegion>::doit(clang::MemRegion const&) (Casting.h:55)
==12353==    by 0x12F4C70: llvm::isa_impl_wrap<clang::SubRegion, clang::MemRegion const, clang::MemRegion const>::doit(clang::MemRegion const&) (Casting.h:73)
==12353==    by 0x12F4A0D: bool llvm::isa_impl_cl<clang::MemRegion>::isa<clang::SubRegion>(clang::MemRegion const&) (Casting.h:85)
==12353==    by 0x12F4297: bool llvm::isa_impl_cl<clang::MemRegion const>::isa<clang::SubRegion>(clang::MemRegion const&) (Casting.h:94)
==12353==    by 0x12F357C: bool llvm::isa_impl_cl<clang::MemRegion const*>::isa<clang::SubRegion>(clang::MemRegion const*) (Casting.h:103)
==12353==    by 0x12F2657: bool llvm::isa<clang::SubRegion, clang::MemRegion const*>(clang::MemRegion const* const&) (Casting.h:118)
==12353==    by 0x12F1B83: llvm::cast_retty<clang::SubRegion, clang::MemRegion const*>::ret_type llvm::dyn_cast<clang::SubRegion, clang::MemRegion const*>(clang::MemRegion const* const&) (Casting.h:228)
==12353==    by 0x138108E: clang::SubRegion::isSubRegionOf(clang::MemRegion const*) const (MemRegion.cpp:149)
==12353==    by 0x13A7A90: (anonymous namespace)::RemoveDeadBindingsWorker::VisitBinding(clang::SVal) (RegionStore.cpp:1754)
==12353==    by 0x13A7E2E: (anonymous namespace)::RemoveDeadBindingsWorker::VisitBindingKey((anonymous namespace)::BindingKey) (RegionStore.cpp:1800)
==12353==  Address 0x2038210000b804 is not stack'd, malloc'd or (recently) free'd
_______________________________________________
cfe-dev mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
Reply | Threaded
Open this post in threaded view
|

Re: Crashes from the analyzer recently

Ted Kremenek
Hi Bruce,

For these kind of bugs we try and fix them very quickly (soon after they are reported).  For crashes you suspect that are similar, please just file a small number of reports, potentially attaching multiple failure cases, and then see if they get quickly resolved.  You can also attach all the failures for a given codebase, which still keeps the failures in one cohesive bug.

Ted

On Jul 6, 2010, at 3:21 PM, [hidden email] wrote:

> I've been seeing crashes (not always reproducible reliably) from the
> analyzer.  I filed one or two, but it's presumably unhelpful to file
> many?
>
> I suspect some memory mishap in the recently changed MemRegion code.
> valgrind seems to give similar logs for the various crashes.  Here's one
> (from processing getpass.c from coreutils-8.5 on a 64-bit GNU/Linux):
>
> ==12353== Invalid read of size 4
> ==12353==    at 0x12E9A36: clang::MemRegion::getKind() const (MemRegion.h:118)
> ==12353==    by 0x12F0B83: clang::SubRegion::classof(clang::MemRegion const*) (MemRegion.h:280)
> ==12353==    by 0x12F4D1C: llvm::isa_impl<clang::SubRegion, clang::MemRegion>::doit(clang::MemRegion const&) (Casting.h:55)
> ==12353==    by 0x12F4C70: llvm::isa_impl_wrap<clang::SubRegion, clang::MemRegion const, clang::MemRegion const>::doit(clang::MemRegion const&) (Casting.h:73)
> ==12353==    by 0x12F4A0D: bool llvm::isa_impl_cl<clang::MemRegion>::isa<clang::SubRegion>(clang::MemRegion const&) (Casting.h:85)
> ==12353==    by 0x12F4297: bool llvm::isa_impl_cl<clang::MemRegion const>::isa<clang::SubRegion>(clang::MemRegion const&) (Casting.h:94)
> ==12353==    by 0x12F357C: bool llvm::isa_impl_cl<clang::MemRegion const*>::isa<clang::SubRegion>(clang::MemRegion const*) (Casting.h:103)
> ==12353==    by 0x12F2657: bool llvm::isa<clang::SubRegion, clang::MemRegion const*>(clang::MemRegion const* const&) (Casting.h:118)
> ==12353==    by 0x12F1B83: llvm::cast_retty<clang::SubRegion, clang::MemRegion const*>::ret_type llvm::dyn_cast<clang::SubRegion, clang::MemRegion const*>(clang::MemRegion const* const&) (Casting.h:228)
> ==12353==    by 0x138108E: clang::SubRegion::isSubRegionOf(clang::MemRegion const*) const (MemRegion.cpp:149)
> ==12353==    by 0x13A7A90: (anonymous namespace)::RemoveDeadBindingsWorker::VisitBinding(clang::SVal) (RegionStore.cpp:1754)
> ==12353==    by 0x13A7E2E: (anonymous namespace)::RemoveDeadBindingsWorker::VisitBindingKey((anonymous namespace)::BindingKey) (RegionStore.cpp:1800)
> ==12353==  Address 0x2038210000b804 is not stack'd, malloc'd or (recently) free'd
> _______________________________________________
> cfe-dev mailing list
> [hidden email]
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev


_______________________________________________
cfe-dev mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev