Debugging Clang Static Analyzer segfault (clang 3.2)

I have debugged clang 3.2 static analyzer using following steps, someone might know a better approach. These are the steps I have used for a c++ checker.

  1. built with CC=gcc & CXX=g++, might work with CC=clang and CXX=clang++ also I think

  2. used following command from inside gdb, I remember getting these args either using -v or ### option

r “/home/camel/osa/bin/clang++” “-cc1” “-analyze” “-analyzer-checker” “Mychecker” “-internal-isystem” “/usr/lib/gcc/i686-linux-gnu/4.5/…/…/…/…/include/c++/4.5” “-internal-isystem” “/usr/lib/gcc/i686-linux-gnu/4.5/…/…/…/…/include/c++/4.5/i686-linux-gnu” “-internal-isystem” “/usr/lib/gcc/i686-linux-gnu/4.5/…/…/…/…/include/c++/4.5/backward” “-internal-isystem” “/usr/local/include” “-internal-isystem” “/usr/local/bin/…/lib/clang/3.1/include” “-internal-isystem” “/usr/lib/gcc/i686-linux-gnu/4.5/…/…/…/gcc/i686-linux-gnu/4.5/include” “-internal-isystem” “/usr/lib/gcc/i686-linux-gnu/4.5/…/…/…/gcc/i686-linux-gnu/4.5/include-fixed” “-internal-externc-isystem” “/include” “-internal-externc-isystem” “/usr/include” testfile.cpp

backtrace in gdb always showed segfaults for me incase of checker segfaults.


Senthil Kumar

I wrote a custom checker based on SimpleStreamChecker for the Clang Static Analyzer. I’m using clang version 3.2.

Upon running /…/llvm-3.2/build/bin/clang++ testfile.cpp -std=c++11 -Xclang -analyze -Xclang -analyzer-checker=mychecker, I get the following:

I’m fairly certain the issue is in my checker code, but I have no idea how to debug it. Clang seems to handle the segfault on its own, so I can’t really do much with gdb.
So how can I debug this issue? (Apart from the llvm::errs() or std::cout solution.)

The only changes I made to clang 3.2 is that I compile it with C++11, and of course I added two custom checkers. Oh and I’m also linking the static analyzer with libASTMatchers. So far I haven’t had any issues, although the previous checker was much simpler.

Any help would be greatly appreciated.



Hi, Gabor. Yes, Senthil has the right idea here—the trick is that the clang executable is divided into two parts: the “driver” and the compiler proper (sometimes known as “cc1”). The driver’s in charge of invoking all the separate steps involved in a compliation command (compile, assemble, compile, assemble, link), whereas “cc1” just does Clang’s own work for compiling a single file.

As Senthil said, you can get the driver to spit out a cc1 invocation line by appending -### to your usual run command. You can then use this output line (which will start with “path/to/clang” and then “-cc1”) to launch the cc1-clang in your debugger and catch the assertions.

It’s a good question. I’ll try to make sure this ends up in the Checker Developer Manual once Sam has finished revising it.



Thank you both!

It works as expected now (i.e. it crashes with segfault but at least I can debug it).