Open
Description
After #127338 we are seeing some crashes in bugprone-unchecked-optional-access checker in the dataflow framework.
New test to trigger the crash: #128065
inline:
struct NonTrivDtor {
NonTrivDtor(int x);
~NonTrivDtor() {}
};
struct Other {
std::optional<int> x = std::nullopt;
NonTrivDtor y = x.has_value() ? NonTrivDtor(*x) : NonTrivDtor(-1);
};
struct target {
target() { Other{}; }
};
- evaluating the ListInit for
Other{}in thetargetctor - involves some default inits for
y, which referencesthis->x-- thethisshould be forOther - but the
thisis being confused fortarget(also intarget's ctor)
Example stack:
#0 0x000056125e5df14b llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (clang/unittests/Analysis/FlowSensitive
/./ClangAnalysisFlowSensitiveTests+0x53a14b)
#1 0x000056125e5dbe16 SignalHandler(int, siginfo_t*, void*) Signals.cpp:0:0
#2 0x00007f383c574590 (/lib/x86_64-linux-gnu/libc.so.6+0x3f590)
#3 0x00007f383c5c33ac __pthread_kill_implementation ./nptl/pthread_kill.c:44:76
#4 0x00007f383c5744f2 raise ./signal/../sysdeps/posix/raise.c:27:6
#5 0x00007f383c55d4ed abort ./stdlib/abort.c:81:7
#6 0x00007f383c55d415 _nl_load_domain ./intl/loadmsgcat.c:1177:9
#7 0x00007f383c56d012 (/lib/x86_64-linux-gnu/libc.so.6+0x38012)
#8 0x000056125e3d64b2 clang::dataflow::RecordStorageLocation::getChild(clang::ValueDecl const&) const (clang/unit
tests/Analysis/FlowSensitive/./ClangAnalysisFlowSensitiveTests+0x3314b2)
#9 0x000056125ed61b55 clang::dataflow::(anonymous namespace)::TransferVisitor::VisitMemberExpr(clang::MemberExpr const*) Transfer.cpp:0:0
#10 0x000056125ed64b9a clang::dataflow::transfer(clang::dataflow::StmtToEnvMap const&, clang::Stmt const&, clang::dataflow::Environment&, clang::dataflow::Environment::ValueModel&) (/
usr/local/google/home/jvoung/w/jvoung-llvm/llvm-project/build/tools/clang/unittests/Analysis/FlowSensitive/./ClangAnalysisFlowSensitiveTests+0xcbfb9a)
#11 0x000056125ed54a30 clang::dataflow::transferCFGBlock(clang::CFGBlock const&, clang::dataflow::(anonymous namespace)::AnalysisContext&, clang::dataflow::CFGEltCallbacksTypeErased c
onst&) TypeErasedDataflowAnalysis.cpp:0:0
#12 0x000056125ed55a26 clang::dataflow::runTypeErasedDataflowAnalysis(clang::dataflow::AdornedCFG const&, clang::dataflow::TypeErasedDataflowAnalysis&, clang::dataflow::Environment co
nst&, clang::dataflow::CFGEltCallbacksTypeErased const&, int) (clang/unittests/Analysis/FlowSensitive/./ClangAnaly
sisFlowSensitiveTests+0xcb0a26)
#13 0x000056125e5568d2 llvm::Error clang::dataflow::test::checkDataflow<clang::dataflow::UncheckedOptionalAccessModel>(clang::dataflow::test::AnalysisInputs<clang::dataflow::UncheckedOptionalAccessModel>, std::function<void (clang::dataflow::test::AnalysisOutputs const&)>) (clang/unittests/Analysis/FlowSensitive/./ClangAnalysisFlowSensitiveTests+0x4b18d2)
#14 0x000056125e5573d1 llvm::Error clang::dataflow::test::checkDataflow<clang::dataflow::UncheckedOptionalAccessModel>(clang::dataflow::test::AnalysisInputs<clang::dataflow::UncheckedOptionalAccessModel>, std::function<void (llvm::DenseMap<unsigned int, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, llvm::DenseMapInfo<unsigned int, void>, llvm::detail::DenseMapPair<unsigned int, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, clang::dataflow::test::AnalysisOutputs const&)>) (clang/unittests/Analysis/FlowSensitive/./ClangAnalysisFlowSensitiveTests+0x4b23d1)
#15 0x000056125e55a2dd void UncheckedOptionalAccessTest::ExpectDiagnosticsFor<clang::ast_matchers::internal::Matcher<clang::NamedDecl>>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, clang::ast_matchers::internal::Matcher<clang::NamedDecl>, char const*, bool) (.isra.0) UncheckedOptionalAccessModelTest.cpp:0:0
#16 0x000056125e55a977 UncheckedOptionalAccessTest::ExpectDiagnosticsFor(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, bool) (.constprop.0.isra.0) UncheckedOptionalAccessModelTest.cpp:0:0
#17 0x000056125e55aa4c UncheckedOptionalAccessTest_ConstructorOtherStructField_Test::TestBody() (clang/unittests/Analysis/FlowSensitive/./ClangAnalysisFlowSensitiveTests+0x4b5a4c)
#18 0x000056125e63789e testing::Test::Run() (.part.0) gtest-all.cc:0:0
#19 0x000056125e63ecf2 testing::TestInfo::Run() (clang/unittests/Analysis/FlowSensitive/./ClangAnalysisFlowSensitiveTests+0x599cf2)
#20 0x000056125e64b2f9 testing::TestSuite::Run() (.part.0) gtest-all.cc:0:0
#21 0x000056125e64bcba testing::internal::UnitTestImpl::RunAllTests() (clang/unittests/Analysis/FlowSensitive/./ClangAnalysisFlowSensitiveTests+0x5a6cba)
#22 0x000056125e64c54e testing::UnitTest::Run() (clang/unittests/Analysis/FlowSensitive/./ClangAnalysisFlowSensitiveTests+0x5a754e)
#23 0x000056125e33eb09 main (clang/unittests/Analysis/FlowSensitive/./ClangAnalysisFlowSensitiveTests+0x299b09)
#24 0x00007f383c55ec8a __libc_start_call_main ./csu/../sysdeps/nptl/libc_start_call_main.h:74:3
#25 0x00007f383c55ed45 call_init ./csu/../csu/libc-start.c:128:20
#26 0x00007f383c55ed45 __libc_start_main ./csu/../csu/libc-start.c:347:5
#27 0x000056125e3888d1 _start (clang/unittests/Analysis/FlowSensitive/./ClangAnalysisFlowSensitiveTests+0x2e38d1)