[PATCH] D27849: crash in MallocChecker
This revision was automatically updated to reflect the committed changes.
Closed by commit rL289970: [analyzer] Fix crash in MallocChecker. (authored by
dcoughlin).
Changed prior to commit:
https://reviews.llvm.org/D27849?vs=81751=81774#toc
Repository:
rL LLVM
https://reviews.llvm.org/D27849
Files:
cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
cfe/trunk/test/Analysis/out-of-bounds-new.cpp
Index: cfe/trunk/test/Analysis/out-of-bounds-new.cpp
===
--- cfe/trunk/test/Analysis/out-of-bounds-new.cpp
+++ cfe/trunk/test/Analysis/out-of-bounds-new.cpp
@@ -148,3 +148,9 @@
int *buf = new int[s];
buf[0] = 1; // no-warning
}
+//Tests complex arithmetic
+//in new expression
+void test_dynamic_size2(unsigned m,unsigned n){
+ unsigned *U = nullptr;
+ U = new unsigned[m + n + 1];
+}
Index: cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
===
--- cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
@@ -1026,8 +1026,7 @@
ASTContext = C.getASTContext();
CharUnits TypeSize = AstContext.getTypeSizeInChars(ElementType);
- if (Optional DefinedSize =
- ElementCount.getAs()) {
+ if (ElementCount.getAs()) {
DefinedOrUnknownSVal Extent = Region->getExtent(svalBuilder);
// size in Bytes = ElementCount*TypeSize
SVal SizeInBytes = svalBuilder.evalBinOpNN(
Index: cfe/trunk/test/Analysis/out-of-bounds-new.cpp
===
--- cfe/trunk/test/Analysis/out-of-bounds-new.cpp
+++ cfe/trunk/test/Analysis/out-of-bounds-new.cpp
@@ -148,3 +148,9 @@
int *buf = new int[s];
buf[0] = 1; // no-warning
}
+//Tests complex arithmetic
+//in new expression
+void test_dynamic_size2(unsigned m,unsigned n){
+ unsigned *U = nullptr;
+ U = new unsigned[m + n + 1];
+}
Index: cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
===
--- cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
@@ -1026,8 +1026,7 @@
ASTContext = C.getASTContext();
CharUnits TypeSize = AstContext.getTypeSizeInChars(ElementType);
- if (Optional DefinedSize =
- ElementCount.getAs()) {
+ if (ElementCount.getAs()) {
DefinedOrUnknownSVal Extent = Region->getExtent(svalBuilder);
// size in Bytes = ElementCount*TypeSize
SVal SizeInBytes = svalBuilder.evalBinOpNN(
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
r289970 - [analyzer] Fix crash in MallocChecker.
Author: dcoughlin
Date: Fri Dec 16 12:41:40 2016
New Revision: 289970
URL: http://llvm.org/viewvc/llvm-project?rev=289970=rev
Log:
[analyzer] Fix crash in MallocChecker.
Fix a crash in the MallocChecker when the extent size for the argument
to new[] is not known.
A patch by Abramo Bagnara and Dániel Krupp!
https://reviews.llvm.org/D27849
Differential Revision: https://reviews.llvm.org/D27849
Modified:
cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
cfe/trunk/test/Analysis/out-of-bounds-new.cpp
Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
URL:
http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp?rev=289970=289969=289970=diff
==
--- cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp Fri Dec 16 12:41:40
2016
@@ -1026,8 +1026,7 @@ ProgramStateRef MallocChecker::addExtent
ASTContext = C.getASTContext();
CharUnits TypeSize = AstContext.getTypeSizeInChars(ElementType);
- if (Optional DefinedSize =
- ElementCount.getAs()) {
+ if (ElementCount.getAs()) {
DefinedOrUnknownSVal Extent = Region->getExtent(svalBuilder);
// size in Bytes = ElementCount*TypeSize
SVal SizeInBytes = svalBuilder.evalBinOpNN(
Modified: cfe/trunk/test/Analysis/out-of-bounds-new.cpp
URL:
http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/out-of-bounds-new.cpp?rev=289970=289969=289970=diff
==
--- cfe/trunk/test/Analysis/out-of-bounds-new.cpp (original)
+++ cfe/trunk/test/Analysis/out-of-bounds-new.cpp Fri Dec 16 12:41:40 2016
@@ -148,3 +148,9 @@ void test_dynamic_size(int s) {
int *buf = new int[s];
buf[0] = 1; // no-warning
}
+//Tests complex arithmetic
+//in new expression
+void test_dynamic_size2(unsigned m,unsigned n){
+ unsigned *U = nullptr;
+ U = new unsigned[m + n + 1];
+}
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
RE: Crash in MallocChecker
the fix seems fine. The new operator related test cases were placed in
test/Analysis/out-of-bounds-new.cpp
You may consider that as well for the test case.
From: dcough...@apple.com [mailto:dcough...@apple.com]
Sent: 2016. december 1. 2:55
To: Abramo Bagnara <abramo.bagn...@gmail.com>
Cc: cfe-commits <cfe-commits@lists.llvm.org>; Anna Zaks <ga...@apple.com>;
Dániel Krupp <daniel.kr...@ericsson.com>; haoNoQ <noqnoq...@gmail.com>
Subject: Re: Crash in MallocChecker
+ Artem and Daniel,
Thanks for the patch! This fix seems reasonable to me, although it would good
to add the reproducer as test case! (tests/Analysis/malloc.cpp would be a fine
place for it).
Devin
> On Nov 30, 2016, at 4:10 PM, Abramo Bagnara
> <abramo.bagn...@gmail.com<mailto:abramo.bagn...@gmail.com>> wrote:
>
> Please consider to review and apply the attached patch.
>
> This is how to reproduce the bug:
>
> abramo@tester:~$ cat bug.cpp
> void f(int a, int b)
> {
>new char[a * b];
> }
> abramo@tester:~$ ~/llvm-build/bin/clang -cc1 -analyze
> -analyzer-checker=cplusplus.NewDeleteLeaks bug.cpp
> clang:
> /home/abramo/llvm/tools/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h:76:
> T clang::ento::SVal::castAs() const [with T = clang::ento::NonLoc]:
> Assertion `T::isKind(*this)' failed.
> #0 0x03689a0f llvm::sys::PrintStackTrace(llvm::raw_ostream&)
> /home/abramo/llvm/lib/Support/Unix/Signals.inc:402:0
> #1 0x03689d6a PrintStackTraceSignalHandler(void*)
> /home/abramo/llvm/lib/Support/Unix/Signals.inc:466:0
> #2 0x03687f30 llvm::sys::RunSignalHandlers()
> /home/abramo/llvm/lib/Support/Signals.cpp:44:0
> #3 0x036893a1 SignalHandler(int)
> /home/abramo/llvm/lib/Support/Unix/Signals.inc:256:0
> #4 0x7f7833b31330 __restore_rt
> (/lib/x86_64-linux-gnu/libpthread.so.0+0x10330)
> #5 0x7f783291dc37 gsignal
> /build/eglibc-oGUzwX/eglibc-2.19/signal/../nptl/sysdeps/unix/sysv/linux/raise.c:56:0
> #6 0x7f7832921028 abort
> /build/eglibc-oGUzwX/eglibc-2.19/stdlib/abort.c:91:0
> #7 0x7f7832916bf6 __assert_fail_base
> /build/eglibc-oGUzwX/eglibc-2.19/assert/assert.c:92:0
> #8 0x7f7832916ca2 (/lib/x86_64-linux-gnu/libc.so.6+0x2fca2)
> #9 0x05b1769d clang::ento::NonLoc
> clang::ento::SVal::castAs() const
> /home/abramo/llvm/tools/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h:77:0
> #10 0x05bf5a20 (anonymous
> namespace)::MallocChecker::addExtentSize(clang::ento::CheckerContext&,
> clang::CXXNewExpr const*,
> llvm::IntrusiveRefCntPtr)
> /home/abramo/llvm/tools/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp:1036:0
> #11 0x05bf5601 (anonymous
> namespace)::MallocChecker::checkPostStmt(clang::CXXNewExpr const*,
> clang::ento::CheckerContext&) const
> /home/abramo/llvm/tools/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp:991:0
> #12 0x05c0aa29 void
> clang::ento::check::PostStmt::_checkStmt<(anonymous
> namespace)::MallocChecker>(void*, clang::Stmt const*,
> clang::ento::CheckerContext&)
> /home/abramo/llvm/tools/clang/include/clang/StaticAnalyzer/Core/Checker.h:105:0
> #13 0x05f0d9a8 clang::ento::CheckerFn clang::ento::CheckerContext&)>::operator()(clang::Stmt const*,
> clang::ento::CheckerContext&) const
> /home/abramo/llvm/tools/clang/include/clang/StaticAnalyzer/Core/CheckerManager.h:60:0
> #14 0x05f08002 (anonymous
> namespace)::CheckStmtContext::runChecker(clang::ento::CheckerFn (clang::Stmt const*, clang::ento::CheckerContext&)>,
> clang::ento::NodeBuilder&, clang::ento::ExplodedNode*)
> /home/abramo/llvm/tools/clang/lib/StaticAnalyzer/Core/CheckerManager.cpp:161:0
> #15 0x05f0a761 void expandGraphWithCheckers<(anonymous
> namespace)::CheckStmtContext>((anonymous namespace)::CheckStmtContext,
> clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNodeSet const&)
> /home/abramo/llvm/tools/clang/lib/StaticAnalyzer/Core/CheckerManager.cpp:121:0
> #16 0x05f080b2
> clang::ento::CheckerManager::runCheckersForStmt(bool,
> clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNodeSet const&,
> clang::Stmt const*, clang::ento::ExprEngine&, bool)
> /home/abramo/llvm/tools/clang/lib/StaticAnalyzer/Core/CheckerManager.cpp:175:0
> #17 0x05f40184
> clang::ento::CheckerManager::runCheckersForPostStmt(clang::ento::ExplodedNodeSet&,
> clang::ento::ExplodedNodeSet const&, clang::Stmt const*,
> clang::ento::ExprEngine&, bool)
> /home/abramo/llvm/tools/clang/include/clang/StaticAnalyzer/Core/CheckerManager.h:206:0
> #18 0x05f3770a clang::ento::ExprEngine::Visit(clang::Stmt
> const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&)
> /ho
Re: Crash in MallocChecker
+ Artem and Daniel,
Thanks for the patch! This fix seems reasonable to me, although it would good
to add the reproducer as test case! (tests/Analysis/malloc.cpp would be a fine
place for it).
Devin
Index: lib/StaticAnalyzer/Checkers/MallocChecker.cpp
===
--- lib/StaticAnalyzer/Checkers/MallocChecker.cpp (revisione 285953)
+++ lib/StaticAnalyzer/Checkers/MallocChecker.cpp (copia locale)
@@ -1026,8 +1026,7 @@
ASTContext = C.getASTContext();
CharUnits TypeSize = AstContext.getTypeSizeInChars(ElementType);
- if (Optional DefinedSize =
- ElementCount.getAs()) {
+ if (ElementCount.getAs()) {
DefinedOrUnknownSVal Extent = Region->getExtent(svalBuilder);
// size in Bytes = ElementCount*TypeSize
SVal SizeInBytes = svalBuilder.evalBinOpNN(
> On Nov 30, 2016, at 4:10 PM, Abramo Bagnara wrote:
>
> Please consider to review and apply the attached patch.
>
> This is how to reproduce the bug:
>
> abramo@tester:~$ cat bug.cpp
> void f(int a, int b)
> {
>new char[a * b];
> }
> abramo@tester:~$ ~/llvm-build/bin/clang -cc1 -analyze
> -analyzer-checker=cplusplus.NewDeleteLeaks bug.cpp
> clang:
> /home/abramo/llvm/tools/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h:76:
> T clang::ento::SVal::castAs() const [with T = clang::ento::NonLoc]:
> Assertion `T::isKind(*this)' failed.
> #0 0x03689a0f llvm::sys::PrintStackTrace(llvm::raw_ostream&)
> /home/abramo/llvm/lib/Support/Unix/Signals.inc:402:0
> #1 0x03689d6a PrintStackTraceSignalHandler(void*)
> /home/abramo/llvm/lib/Support/Unix/Signals.inc:466:0
> #2 0x03687f30 llvm::sys::RunSignalHandlers()
> /home/abramo/llvm/lib/Support/Signals.cpp:44:0
> #3 0x036893a1 SignalHandler(int)
> /home/abramo/llvm/lib/Support/Unix/Signals.inc:256:0
> #4 0x7f7833b31330 __restore_rt
> (/lib/x86_64-linux-gnu/libpthread.so.0+0x10330)
> #5 0x7f783291dc37 gsignal
> /build/eglibc-oGUzwX/eglibc-2.19/signal/../nptl/sysdeps/unix/sysv/linux/raise.c:56:0
> #6 0x7f7832921028 abort
> /build/eglibc-oGUzwX/eglibc-2.19/stdlib/abort.c:91:0
> #7 0x7f7832916bf6 __assert_fail_base
> /build/eglibc-oGUzwX/eglibc-2.19/assert/assert.c:92:0
> #8 0x7f7832916ca2 (/lib/x86_64-linux-gnu/libc.so.6+0x2fca2)
> #9 0x05b1769d clang::ento::NonLoc
> clang::ento::SVal::castAs() const
> /home/abramo/llvm/tools/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h:77:0
> #10 0x05bf5a20 (anonymous
> namespace)::MallocChecker::addExtentSize(clang::ento::CheckerContext&,
> clang::CXXNewExpr const*,
> llvm::IntrusiveRefCntPtr)
> /home/abramo/llvm/tools/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp:1036:0
> #11 0x05bf5601 (anonymous
> namespace)::MallocChecker::checkPostStmt(clang::CXXNewExpr const*,
> clang::ento::CheckerContext&) const
> /home/abramo/llvm/tools/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp:991:0
> #12 0x05c0aa29 void
> clang::ento::check::PostStmt::_checkStmt<(anonymous
> namespace)::MallocChecker>(void*, clang::Stmt const*,
> clang::ento::CheckerContext&)
> /home/abramo/llvm/tools/clang/include/clang/StaticAnalyzer/Core/Checker.h:105:0
> #13 0x05f0d9a8 clang::ento::CheckerFn clang::ento::CheckerContext&)>::operator()(clang::Stmt const*,
> clang::ento::CheckerContext&) const
> /home/abramo/llvm/tools/clang/include/clang/StaticAnalyzer/Core/CheckerManager.h:60:0
> #14 0x05f08002 (anonymous
> namespace)::CheckStmtContext::runChecker(clang::ento::CheckerFn (clang::Stmt const*, clang::ento::CheckerContext&)>,
> clang::ento::NodeBuilder&, clang::ento::ExplodedNode*)
> /home/abramo/llvm/tools/clang/lib/StaticAnalyzer/Core/CheckerManager.cpp:161:0
> #15 0x05f0a761 void expandGraphWithCheckers<(anonymous
> namespace)::CheckStmtContext>((anonymous namespace)::CheckStmtContext,
> clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNodeSet const&)
> /home/abramo/llvm/tools/clang/lib/StaticAnalyzer/Core/CheckerManager.cpp:121:0
> #16 0x05f080b2
> clang::ento::CheckerManager::runCheckersForStmt(bool,
> clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNodeSet const&,
> clang::Stmt const*, clang::ento::ExprEngine&, bool)
> /home/abramo/llvm/tools/clang/lib/StaticAnalyzer/Core/CheckerManager.cpp:175:0
> #17 0x05f40184
> clang::ento::CheckerManager::runCheckersForPostStmt(clang::ento::ExplodedNodeSet&,
> clang::ento::ExplodedNodeSet const&, clang::Stmt const*,
> clang::ento::ExprEngine&, bool)
> /home/abramo/llvm/tools/clang/include/clang/StaticAnalyzer/Core/CheckerManager.h:206:0
> #18 0x05f3770a clang::ento::ExprEngine::Visit(clang::Stmt
> const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&)
> /home/abramo/llvm/tools/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:1151:0
> #19 0x05f341e4
> clang::ento::ExprEngine::ProcessStmt(clang::CFGStmt,
> clang::ento::ExplodedNode*)
>
Crash in MallocChecker
Please consider to review and apply the attached patch.
This is how to reproduce the bug:
abramo@tester:~$ cat bug.cpp
void f(int a, int b)
{
new char[a * b];
}
abramo@tester:~$ ~/llvm-build/bin/clang -cc1 -analyze
-analyzer-checker=cplusplus.NewDeleteLeaks bug.cpp
clang:
/home/abramo/llvm/tools/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h:76:
T clang::ento::SVal::castAs() const [with T = clang::ento::NonLoc]:
Assertion `T::isKind(*this)' failed.
#0 0x03689a0f llvm::sys::PrintStackTrace(llvm::raw_ostream&)
/home/abramo/llvm/lib/Support/Unix/Signals.inc:402:0
#1 0x03689d6a PrintStackTraceSignalHandler(void*)
/home/abramo/llvm/lib/Support/Unix/Signals.inc:466:0
#2 0x03687f30 llvm::sys::RunSignalHandlers()
/home/abramo/llvm/lib/Support/Signals.cpp:44:0
#3 0x036893a1 SignalHandler(int)
/home/abramo/llvm/lib/Support/Unix/Signals.inc:256:0
#4 0x7f7833b31330 __restore_rt
(/lib/x86_64-linux-gnu/libpthread.so.0+0x10330)
#5 0x7f783291dc37 gsignal
/build/eglibc-oGUzwX/eglibc-2.19/signal/../nptl/sysdeps/unix/sysv/linux/raise.c:56:0
#6 0x7f7832921028 abort
/build/eglibc-oGUzwX/eglibc-2.19/stdlib/abort.c:91:0
#7 0x7f7832916bf6 __assert_fail_base
/build/eglibc-oGUzwX/eglibc-2.19/assert/assert.c:92:0
#8 0x7f7832916ca2 (/lib/x86_64-linux-gnu/libc.so.6+0x2fca2)
#9 0x05b1769d clang::ento::NonLoc
clang::ento::SVal::castAs() const
/home/abramo/llvm/tools/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h:77:0
#10 0x05bf5a20 (anonymous
namespace)::MallocChecker::addExtentSize(clang::ento::CheckerContext&,
clang::CXXNewExpr const*,
llvm::IntrusiveRefCntPtr)
/home/abramo/llvm/tools/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp:1036:0
#11 0x05bf5601 (anonymous
namespace)::MallocChecker::checkPostStmt(clang::CXXNewExpr const*,
clang::ento::CheckerContext&) const
/home/abramo/llvm/tools/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp:991:0
#12 0x05c0aa29 void
clang::ento::check::PostStmt::_checkStmt<(anonymous
namespace)::MallocChecker>(void*, clang::Stmt const*,
clang::ento::CheckerContext&)
/home/abramo/llvm/tools/clang/include/clang/StaticAnalyzer/Core/Checker.h:105:0
#13 0x05f0d9a8 clang::ento::CheckerFn::operator()(clang::Stmt const*,
clang::ento::CheckerContext&) const
/home/abramo/llvm/tools/clang/include/clang/StaticAnalyzer/Core/CheckerManager.h:60:0
#14 0x05f08002 (anonymous
namespace)::CheckStmtContext::runChecker(clang::ento::CheckerFn,
clang::ento::NodeBuilder&, clang::ento::ExplodedNode*)
/home/abramo/llvm/tools/clang/lib/StaticAnalyzer/Core/CheckerManager.cpp:161:0
#15 0x05f0a761 void expandGraphWithCheckers<(anonymous
namespace)::CheckStmtContext>((anonymous namespace)::CheckStmtContext,
clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNodeSet const&)
/home/abramo/llvm/tools/clang/lib/StaticAnalyzer/Core/CheckerManager.cpp:121:0
#16 0x05f080b2
clang::ento::CheckerManager::runCheckersForStmt(bool,
clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNodeSet const&,
clang::Stmt const*, clang::ento::ExprEngine&, bool)
/home/abramo/llvm/tools/clang/lib/StaticAnalyzer/Core/CheckerManager.cpp:175:0
#17 0x05f40184
clang::ento::CheckerManager::runCheckersForPostStmt(clang::ento::ExplodedNodeSet&,
clang::ento::ExplodedNodeSet const&, clang::Stmt const*,
clang::ento::ExprEngine&, bool)
/home/abramo/llvm/tools/clang/include/clang/StaticAnalyzer/Core/CheckerManager.h:206:0
#18 0x05f3770a clang::ento::ExprEngine::Visit(clang::Stmt
const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&)
/home/abramo/llvm/tools/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:1151:0
#19 0x05f341e4
clang::ento::ExprEngine::ProcessStmt(clang::CFGStmt,
clang::ento::ExplodedNode*)
/home/abramo/llvm/tools/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:463:0
#20 0x05f334e4
clang::ento::ExprEngine::processCFGElement(clang::CFGElement,
clang::ento::ExplodedNode*, unsigned int,
clang::ento::NodeBuilderContext*)
/home/abramo/llvm/tools/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:311:0
#21 0x05f228db
clang::ento::CoreEngine::HandlePostStmt(clang::CFGBlock const*, unsigned
int, clang::ento::ExplodedNode*)
/home/abramo/llvm/tools/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:532:0
#22 0x05f217ea
clang::ento::CoreEngine::dispatchWorkItem(clang::ento::ExplodedNode*,
clang::ProgramPoint, clang::ento::WorkListUnit const&)
/home/abramo/llvm/tools/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:279:0
#23 0x05f213ca
clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*,
unsigned int, llvm::IntrusiveRefCntPtr)
/home/abramo/llvm/tools/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:216:0
#24 0x04e7ee6a
clang::ento::ExprEngine::ExecuteWorkList(clang::LocationContext const*,
unsigned int)
/home/abramo/llvm/tools/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h:109:0
#25 0x04e388be (anonymous
