[creduce-bugs] Crash during replace-function-def-with-decl

[markus at trippelsdorf.de (Markus Trippelsdorf)]

On 2013.10.02 at 12:16 -0600, Yang Chen wrote:
> 
> I can reproduce it. The crash happens in the Clang's parser, i.e. 
> clang::ParseAST. On the other hand, I can't say it's a Clang bug because 
> apparently the Clang standalone doesn't crash on this test case. So, it 
> could be the case where some clang_delta's initialization code triggers 
> the bug. It's hard to dig into Clang's implementation to locate the 
> source. I will leave this bug open and check what would happen in 
> Clang's next release.

Thanks.

Running under valgrind shows:

==23173== Memcheck, a memory error detector
==23173== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==23173== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==23173== Command: /var/tmp/creduce/clang_delta/clang_delta --query-instances=replace-function-def-with-decl test.ii
==23173==
==23173== Invalid read of size 1
==23173==    at 0x10B8051: clang::FunctionDecl::isNoReturn() const (in /var/tmp/creduce/clang_delta/clang_delta)
==23173==    by 0x1018A6C: (anonymous namespace)::CFGBuilder::addAutomaticObjDtors((anonymous namespace)::LocalScope::const_iterator, (anonymous namespace)::LocalScope::const_iterator, clang::Stmt*) [clone .isra.514] (in /var/tmp/creduce/clang_delta/clang_delta)
==23173==    by 0x101A534: (anonymous namespace)::CFGBuilder::VisitCompoundStmt(clang::CompoundStmt*) (in /var/tmp/creduce/clang_delta/clang_delta)
==23173==    by 0x101F837: clang::CFG::buildCFG(clang::Decl const*, clang::Stmt*, clang::ASTContext*, clang::CFG::BuildOptions const&) (in /var/tmp/creduce/clang_delta/clang_delta)
==23173==    by 0x100E3D6: clang::AnalysisDeclContext::getCFG() (in /var/tmp/creduce/clang_delta/clang_delta)
==23173==    by 0xFFD53C: clang::sema::AnalysisBasedWarnings::IssueWarnings(clang::sema::AnalysisBasedWarnings::Policy, clang::sema::FunctionScopeInfo*, clang::Decl const*, clang::BlockExpr const*) (in /var/tmp/creduce/clang_delta/clang_delta)
==23173==    by 0xCD60CF: clang::Sema::PopFunctionScopeInfo(clang::sema::AnalysisBasedWarnings::Policy const*, clang::Decl const*, clang::BlockExpr const*) (in /var/tmp/creduce/clang_delta/clang_delta)
==23173==    by 0xD67C5D: clang::Sema::ActOnFinishFunctionBody(clang::Decl*, clang::Stmt*, bool) (in /var/tmp/creduce/clang_delta/clang_delta)
==23173==    by 0xCB0784: clang::Parser::ParseFunctionStatementBody(clang::Decl*, clang::Parser::ParseScope&) (in /var/tmp/creduce/clang_delta/clang_delta)
==23173==    by 0xCBDE73: clang::Parser::ParseLexedMethodDef(clang::Parser::LexedMethod&) (in /var/tmp/creduce/clang_delta/clang_delta)
==23173==    by 0xCBDC8F: clang::Parser::ParseLexedMethodDefs(clang::Parser::ParsingClass&) (in /var/tmp/creduce/clang_delta/clang_delta)
==23173==    by 0xC769AF: clang::Parser::ParseCXXMemberSpecification(clang::SourceLocation, clang::SourceLocation, clang::Parser::ParsedAttributesWithRange&, unsigned int, clang::Decl*) (in /var/tmp/creduce/clang_delta/clang_delta)
==23173==  Address 0x1d is not stack'd, malloc'd or (recently) free'd
==23173==
Stack dump:
0.      test.ii:998:880: current parser token ';'
1.      test.ii:998:1: parsing struct/union/class body 'nsStringCaseInsensitiveHashKey'
2.      test.ii:998:700: parsing function body 'HashKey'
==23173==
==23173== Process terminating with default action of signal 11 (SIGSEGV)
==23173==  Access not within mapped region at address 0x1D

-- 
Markus