How to report bugs in the static analyzer if the code is proprietary?


ccc-analyzer from Clang 3.4 (built it myself from the Git tag), reported
six crashes when sifting through our code base.

How can I report this without actually getting into trouble from my
company for disclosing bits and pieces of the code?

Is there anything I can do to create a minimal working (uhm actually
crashing) example and provide that? Does a process exist for this? Tools
that can help?


// Oliver

Hi Oliver,

Alexey, Magnus, thanks. I'll try C-Reduce to get the minimal example and
file the bugs if that succeeds.


// Oliver

Hey there,

as suggested I tried C-Reduce. Alas, in those runs I am never able to
tickle the error out. What I did in all cases is to use the program
arguments as given in the *.stderr.txt and use these inside the script
passed to C-Reduce.

One thing I noticed is that all of the reported failures state:

   <eof> parser at end of file

The stack dump - except for shared object addresses - always looks like

0 clang 0x0000000001dda232 llvm::sys::PrintStackTrace(_IO_FILE*) + 34
1 clang 0x0000000001dd9de4
2 0x00002b0f26f9e340
3 clang 0x000000000126f648 clang::Stmt::getLocStart() const + 8
4 clang 0x0000000000f7d4cf
5 clang 0x0000000000f80bb7 clang::ento::PathDiagnosticLocation::createBegin(clang::Stmt const*, clang::SourceManager const&, llvm::PointerUnion<clang::LocationContext const*, clang::AnalysisDeclContext*>) + 23
6 clang 0x0000000000eca552
7 clang 0x0000000000f31b16 clang::ento::CheckerManager::runCheckersForEndAnalysis(clang::ento::ExplodedGraph&, clang::ento::BugReporter&, clang::ento::ExprEngine&) + 102
8 clang 0x0000000000f3cacb clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*, unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>) + 219
9 clang 0x0000000000dd587c
10 clang 0x0000000000dd61f5
11 clang 0x0000000000ddfd73
12 clang 0x0000000000a0a9eb clang::ParseAST(clang::Sema&, bool, bool) + 507
13 clang 0x0000000000742429 clang::FrontendAction::Execute() + 169
14 clang 0x0000000000721a28 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) + 296
15 clang 0x000000000070b8f6 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) + 1686
16 clang 0x00000000007073f8 cc1_main(char const**, char const**, char const*, void*) + 1016
17 clang 0x00000000006ef59d main + 7677
18 0x00002b0f27bf1ec5 __libc_start_main + 245
19 clang 0x00000000007064f2

(hope it gets through without breaking the lines unduly)

The command line is always this:

/home/oliver/bin/LLVM/bin/clang -cc1 -triple x86_64-unknown-linux-gnu
-analyze -disable-free -disable-llvm-verifier -main-file-name filename.c
-analyzer-store=region -analyzer-opt-analyze-nested-blocks
-analyzer-eagerly-assume -analyzer-checker=core -analyzer-checker=unix
-analyzer-checker=security.insecureAPI.vfork -analyzer-output plist -w
-mrelocation-model static -relaxed-aliasing -fmath-errno -masm-verbose
-mconstructor-aliases -munwind-tables -fuse-init-array -target-cpu
x86-64 -target-linker-version 2.24 -momit-leaf-frame-pointer
-resource-dir /home/oliver/bin/LLVM/bin/../lib/clang/3.4.1
-internal-isystem /usr/local/include -internal-isystem
-internal-externc-isystem /usr/include/x86_64-linux-gnu
-internal-externc-isystem /include -internal-externc-isystem
/usr/include -O2 -fdebug-compilation-dir /home/oliver/branches/HEAD
-ferror-limit 19 -fmessage-length 0 -mstackrealign -fobjc-runtime=gcc
-fdiagnostics-show-option -vectorize-loops -vectorize-slp
-analyzer-disable-checker deadcode.DeadStores -analyzer-checker
security.FloatLoopCounter -analyzer-opt-analyze-headers
-analyzer-checker=debug.Stats -analyzer-output=html -o
/tmp/main-branch_1399978938_tyr/2014-05-13-110219-18290-1 -x c

Where I only stripped out the defines and include folder specifications
to reduce the noise.

Does this help in any way?

// Oliver


$ clang --version
clang version 3.4.1 (
687ec9c9dcee6ddb31c45c44b2ba6f95ae7e2e9f) (
Target: x86_64-unknown-linux-gnu
Thread model: posix