R345099 - [analyzer] Trust summaries for OSObject::retain and OSObject::release

The error is indeed strange.
The body is declared as

LazyDeclStmtPtr Body;

where

using LazyDeclStmtPtr =
LazyOffsetPtr<Stmt, uint64_t, &ExternalASTSource::GetExternalDeclStmt>;

where

template<typename T, typename OffsT, T* (ExternalASTSource::*Get)(OffsT Offset)>
struct LazyOffsetPtr {
mutable uint64_t Ptr = 0;

(…)

explicit operator bool() const { return Ptr != 0; }

(…)
}

so it does not seem like it can be uninitialized.
Sadly on macOS I don’t have either valgrind or msan,
so I can’t reproduce the failure.
Do you think you could debug further?
Is “Body” indeed uninitialized at use time? (e.g. if you print it…)
A stacktrace from a debug build should be helpful.

Thanks,
George

Hi,

The error is indeed strange.
The body is declared as

LazyDeclStmtPtr Body;

where

using LazyDeclStmtPtr =
LazyOffsetPtr<Stmt, uint64_t, &ExternalASTSource::GetExternalDeclStmt>;

where

template<typename T, typename OffsT, T* (ExternalASTSource::*Get)(OffsT
Offset)>
struct LazyOffsetPtr {
mutable uint64_t Ptr = 0;
(…)
explicit operator bool() const { return Ptr != 0; }
(…)
}

so it does not seem like it can be uninitialized.
Sadly on macOS I don’t have either valgrind or msan,
so I can’t reproduce the failure.
Do you think you could debug further?
Is “Body” indeed uninitialized at use time? (e.g. if you print it..)

If I print Body.Ptr when isThisDeclarationADefinition() is called from
RetainSummaryManager::canEval it's 0.

I don't know this code at all but it seems like the

     const FunctionDecl* FDD = FD->getDefinition();

call in RetainSummaryManager::canEval makes isThisDeclarationADefinition
be run two times and Body.Ptr is 0 both times. I've no idea if thes 0s
are by accident or it's indeed by some initialization.

A stacktrace from a debug build should be helpful.

Stack trace the first time we end up in isThisDeclarationADefinition
form RetainSummaryManager::canEval:

(gdb) where
#0 clang::FunctionDecl::isThisDeclarationADefinition (this=0x654a480)
at ../tools/clang/include/clang/AST/Decl.h:1979
#1 0x0000000000c79dcd in clang::FunctionDecl::isDefined
(this=0x654a480, Definition=@0x7fffffff82c8: 0x47929b <_start>) at
../tools/clang/lib/AST/Decl.cpp:2720
#2 0x0000000000c90299 in clang::FunctionDecl::getDefinition
(this=0x654a480) at ../tools/clang/include/clang/AST/Decl.h:1952
#3 0x000000000220ffe5 in clang::FunctionDecl::getDefinition
(this=0x654a480) at ../tools/clang/include/clang/AST/Decl.h:1957
#4 0x000000000220c8c3 in clang::ento::RetainSummaryManager::canEval
(this=0x6564e10, CE=0x655a580, FD=0x654a480,
hasTrustedImplementationAnnotation=@0x7fffffff8857: false) at
../tools/clang/lib/StaticAnalyzer/Core/RetainSummaryManager.cpp:562
#5 0x0000000001f542d1 in
clang::ento::retaincountchecker::RetainCountChecker::evalCall
(this=0x64d29e0, CE=0x655a580, C=...) at
../tools/clang/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountChecker.cpp:772
#6 0x0000000001f5b240 in
clang::ento::eval::Call::_evalCall<clang::ento::retaincountchecker::RetainCountChecker>
(checker=0x64d29e0, CE=0x655a580, C=...) at
../tools/clang/include/clang/StaticAnalyzer/Core/Checker.h:478
#7 0x0000000002114022 in clang::ento::CheckerFn<bool (clang::CallExpr
const*, clang::ento::CheckerContext&)>::operator()(clang::CallExpr
const*, clang::ento::CheckerContext&) const (this=0x7fffffff8a20,
ps=..., ps=...) at
../tools/clang/include/clang/StaticAnalyzer/Core/CheckerManager.h:70
#8 0x0000000002110c98 in
clang::ento::CheckerManager::runCheckersForEvalCall (this=0x64c57b0,
Dst=..., Src=..., Call=..., Eng=...) at
../tools/clang/lib/StaticAnalyzer/Core/CheckerManager.cpp:662
#9 0x0000000002181729 in clang::ento::ExprEngine::evalCall
(this=0x7fffffffa8d0, Dst=..., Pred=0x656b930, Call=...) at
../tools/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp:569
#10 0x00000000021815ec in clang::ento::ExprEngine::VisitCallExpr
(this=0x7fffffffa8d0, CE=0x655a580, Pred=0x656b930, dst=...) at
../tools/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp:496
#11 0x000000000214b749 in clang::ento::ExprEngine::Visit
(this=0x7fffffffa8d0, S=0x655a580, Pred=0x656b930, DstTop=...) at
../tools/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:1540
#12 0x000000000214818a in clang::ento::ExprEngine::ProcessStmt
(this=0x7fffffffa8d0, currStmt=0x655a580, Pred=0x656b600) at
../tools/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:741
#13 0x0000000002147e49 in clang::ento::ExprEngine::processCFGElement
(this=0x7fffffffa8d0, E=..., Pred=0x656b600, StmtIdx=10,
Ctx=0x7fffffffa398) at
../tools/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:579
#14 0x00000000021326a9 in clang::ento::CoreEngine::HandlePostStmt
(this=0x7fffffffa8f0, B=0x655cc38, StmtIdx=10, Pred=0x656b600) at
../tools/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:439
#15 0x0000000002131f69 in clang::ento::CoreEngine::dispatchWorkItem
(this=0x7fffffffa8f0, Pred=0x656b600, Loc=..., WU=...) at
../tools/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:193
#16 0x0000000002131a0e in clang::ento::CoreEngine::ExecuteWorkList
(this=0x7fffffffa8f0, L=0x6563740, Steps=224988, InitState=...) at
../tools/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:149
#17 0x0000000001aeea98 in clang::ento::ExprEngine::ExecuteWorkList
(this=0x7fffffffa8d0, L=0x6563740, Steps=225000) at
../tools/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h:165
#18 0x0000000001a87fa9 in (anonymous
namespace)::AnalysisConsumer::RunPathSensitiveChecks (this=0x64c20f0,
D=0x655a3a8, IMode=clang::ento::ExprEngine::Inline_Regular,
VisitedCallees=0x7fffffffaf38) at
../tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:741
#19 0x0000000001a87905 in (anonymous
namespace)::AnalysisConsumer::HandleCode (this=0x64c20f0, D=0x655a3a8,
Mode=2, IMode=clang::ento::ExprEngine::Inline_Regular,
VisitedCallees=0x7fffffffaf38) at
../tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:716
#20 0x0000000001a87496 in (anonymous
namespace)::AnalysisConsumer::HandleDeclsCallGraph (this=0x64c20f0,
LocalTUDeclsSize=53) at
../tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:507
#21 0x0000000001a85f2d in (anonymous
namespace)::AnalysisConsumer::runAnalysisOnTranslationUnit
(this=0x64c20f0, C=...) at
../tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:554
#22 0x0000000001a85916 in (anonymous
namespace)::AnalysisConsumer::HandleTranslationUnit (this=0x64c20f0,
C=...) at
../tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:585
#23 0x0000000002444251 in
clang::MultiplexConsumer::HandleTranslationUnit (this=0x64c2850,
Ctx=...) at ../tools/clang/lib/Frontend/MultiplexConsumer.cpp:287
#24 0x000000000271a44a in clang::ParseAST (S=..., PrintStats=false,
SkipFunctionBodies=false) at ../tools/clang/lib/Parse/ParseAST.cpp:170
#25 0x00000000023fd05e in clang::ASTFrontendAction::ExecuteAction
(this=0x64cc010) at ../tools/clang/lib/Frontend/FrontendAction.cpp:1018
#26 0x00000000023fca90 in clang::FrontendAction::Execute
(this=0x64cc010) at ../tools/clang/lib/Frontend/FrontendAction.cpp:917
#27 0x00000000023759e2 in clang::CompilerInstance::ExecuteAction
(this=0x7fffffffb6b0, Act=...) at
../tools/clang/lib/Frontend/CompilerInstance.cpp:968
#28 0x00000000018aa482 in
clang::tooling::FrontendActionFactory::runInvocation
(this=0x7fffffffc760, Invocation=std::shared_ptr (empty) 0x0,
Files=0x64529a0, PCHContainerOps=..., DiagConsumer=0x7fffffffcb00) at
../tools/clang/lib/Tooling/Tooling.cpp:370
#29 0x000000000116089e in
clang::tidy::runClangTidy(clang::tidy::ClangTidyContext&,
clang::tooling::CompilationDatabase const&, llvm::ArrayRef<std::string>,
llvm::IntrusiveRefCntPtr<llvm::vfs::FileSystem>, bool,
llvm::StringRef)::ActionFactory::runInvocation(std::shared_ptr<clang::CompilerInvocation>,
clang::FileManager*, std::shared_ptr<clang::PCHContainerOperations>,
clang::DiagnosticConsumer*) (this=0x7fffffffc760, Invocation=warning:
RTTI symbol not found for class
'std::_Sp_counted_deleter<clang::CompilerInvocation*,
std::default_delete<clang::CompilerInvocation>, std::allocator<void>,
(__gnu_cxx::_Lock_policy)2>'
warning: RTTI symbol not found for class
'std::_Sp_counted_deleter<clang::CompilerInvocation*,
std::default_delete<clang::CompilerInvocation>, std::allocator<void>,
(__gnu_cxx::_Lock_policy)2>'
std::shared_ptr (count 2, weak 0) 0x644f910, Files=0x64529a0,
PCHContainerOps=warning: RTTI symbol not found for class
'std::_Sp_counted_deleter<clang::PCHContainerOperations*,
std::__shared_ptr<clang::PCHContainerOperations,
(__gnu_cxx::_Lock_policy)2>::_Deleter<std::allocator<clang::PCHContainerOperations>
>, std::allocator<clang::PCHContainerOperations>,
(__gnu_cxx::_Lock_policy)2>'
warning: RTTI symbol not found for class
'std::_Sp_counted_deleter<clang::PCHContainerOperations*,
std::__shared_ptr<clang::PCHContainerOperations,
(__gnu_cxx::_Lock_policy)2>::_Deleter<std::allocator<clang::PCHContainerOperations>
>, std::allocator<clang::PCHContainerOperations>,
(__gnu_cxx::_Lock_policy)2>'
std::shared_ptr (count 3, weak 0) 0x644a270,
DiagConsumer=0x7fffffffcb00) at
../tools/clang/tools/extra/clang-tidy/ClangTidy.cpp:572
#30 0x00000000018aa317 in clang::tooling::ToolInvocation::runInvocation
(this=0x7fffffffc288, BinaryName=0x6440088 "clang-tool",
Compilation=0x644eb80, Invocation=std::shared_ptr (empty) 0x0,
PCHContainerOps=std::shared_ptr (empty) 0x0) at
../tools/clang/lib/Tooling/Tooling.cpp:345
#31 0x00000000018a8a59 in clang::tooling::ToolInvocation::run
(this=0x7fffffffc288) at ../tools/clang/lib/Tooling/Tooling.cpp:330
#32 0x00000000018ab924 in clang::tooling::ClangTool::run
(this=0x7fffffffcc10, Action=0x7fffffffc760) at
../tools/clang/lib/Tooling/Tooling.cpp:519
#33 0x000000000115d517 in clang::tidy::runClangTidy (Context=...,
Compilations=..., InputFiles=llvm::ArrayRef of length 1 = {...},
BaseFS=..., EnableCheckProfile=false, StoreCheckProfile="") at
../tools/clang/tools/extra/clang-tidy/ClangTidy.cpp:593
#34 0x000000000047a29f in clang::tidy::clangTidyMain (argc=3,
argv=0x7fffffffda98) at
../tools/clang/tools/extra/clang-tidy/tool/ClangTidyMain.cpp:428
#35 0x00000000004796c2 in main (argc=5, argv=0x7fffffffda98) at
../tools/clang/tools/extra/clang-tidy/tool/ClangTidyMain.cpp:581

And the second time:

(gdb) where
#0 clang::FunctionDecl::isThisDeclarationADefinition (this=0x654a2b0)
at ../tools/clang/include/clang/AST/Decl.h:1979
#1 0x0000000000c79dcd in clang::FunctionDecl::isDefined
(this=0x654a480, Definition=@0x7fffffff82c8: 0x47929b <_start>) at
../tools/clang/lib/AST/Decl.cpp:2720
#2 0x0000000000c90299 in clang::FunctionDecl::getDefinition
(this=0x654a480) at ../tools/clang/include/clang/AST/Decl.h:1952
#3 0x000000000220ffe5 in clang::FunctionDecl::getDefinition
(this=0x654a480) at ../tools/clang/include/clang/AST/Decl.h:1957
#4 0x000000000220c8c3 in clang::ento::RetainSummaryManager::canEval
(this=0x6564e10, CE=0x655a580, FD=0x654a480,
hasTrustedImplementationAnnotation=@0x7fffffff8857: false) at
../tools/clang/lib/StaticAnalyzer/Core/RetainSummaryManager.cpp:562
#5 0x0000000001f542d1 in
clang::ento::retaincountchecker::RetainCountChecker::evalCall
(this=0x64d29e0, CE=0x655a580, C=...) at
../tools/clang/lib/StaticAnalyzer/Checkers/RetainCountChecker/RetainCountChecker.cpp:772
#6 0x0000000001f5b240 in
clang::ento::eval::Call::_evalCall<clang::ento::retaincountchecker::RetainCountChecker>
(checker=0x64d29e0, CE=0x655a580, C=...) at
../tools/clang/include/clang/StaticAnalyzer/Core/Checker.h:478
#7 0x0000000002114022 in clang::ento::CheckerFn<bool (clang::CallExpr
const*, clang::ento::CheckerContext&)>::operator()(clang::CallExpr
const*, clang::ento::CheckerContext&) const (this=0x7fffffff8a20,
ps=..., ps=...) at
../tools/clang/include/clang/StaticAnalyzer/Core/CheckerManager.h:70
#8 0x0000000002110c98 in
clang::ento::CheckerManager::runCheckersForEvalCall (this=0x64c57b0,
Dst=..., Src=..., Call=..., Eng=...) at
../tools/clang/lib/StaticAnalyzer/Core/CheckerManager.cpp:662
#9 0x0000000002181729 in clang::ento::ExprEngine::evalCall
(this=0x7fffffffa8d0, Dst=..., Pred=0x656b930, Call=...) at
../tools/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp:569
#10 0x00000000021815ec in clang::ento::ExprEngine::VisitCallExpr
(this=0x7fffffffa8d0, CE=0x655a580, Pred=0x656b930, dst=...) at
../tools/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp:496
#11 0x000000000214b749 in clang::ento::ExprEngine::Visit
(this=0x7fffffffa8d0, S=0x655a580, Pred=0x656b930, DstTop=...) at
../tools/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:1540
#12 0x000000000214818a in clang::ento::ExprEngine::ProcessStmt
(this=0x7fffffffa8d0, currStmt=0x655a580, Pred=0x656b600) at
../tools/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:741
#13 0x0000000002147e49 in clang::ento::ExprEngine::processCFGElement
(this=0x7fffffffa8d0, E=..., Pred=0x656b600, StmtIdx=10,
Ctx=0x7fffffffa398) at
../tools/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp:579
#14 0x00000000021326a9 in clang::ento::CoreEngine::HandlePostStmt
(this=0x7fffffffa8f0, B=0x655cc38, StmtIdx=10, Pred=0x656b600) at
../tools/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:439
#15 0x0000000002131f69 in clang::ento::CoreEngine::dispatchWorkItem
(this=0x7fffffffa8f0, Pred=0x656b600, Loc=..., WU=...) at
../tools/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:193
#16 0x0000000002131a0e in clang::ento::CoreEngine::ExecuteWorkList
(this=0x7fffffffa8f0, L=0x6563740, Steps=224988, InitState=...) at
../tools/clang/lib/StaticAnalyzer/Core/CoreEngine.cpp:149
#17 0x0000000001aeea98 in clang::ento::ExprEngine::ExecuteWorkList
(this=0x7fffffffa8d0, L=0x6563740, Steps=225000) at
../tools/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h:165
#18 0x0000000001a87fa9 in (anonymous
namespace)::AnalysisConsumer::RunPathSensitiveChecks (this=0x64c20f0,
D=0x655a3a8, IMode=clang::ento::ExprEngine::Inline_Regular,
VisitedCallees=0x7fffffffaf38) at
../tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:741
#19 0x0000000001a87905 in (anonymous
namespace)::AnalysisConsumer::HandleCode (this=0x64c20f0, D=0x655a3a8,
Mode=2, IMode=clang::ento::ExprEngine::Inline_Regular,
VisitedCallees=0x7fffffffaf38) at
../tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:716
#20 0x0000000001a87496 in (anonymous
namespace)::AnalysisConsumer::HandleDeclsCallGraph (this=0x64c20f0,
LocalTUDeclsSize=53) at
../tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:507
#21 0x0000000001a85f2d in (anonymous
namespace)::AnalysisConsumer::runAnalysisOnTranslationUnit
(this=0x64c20f0, C=...) at
../tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:554
#22 0x0000000001a85916 in (anonymous
namespace)::AnalysisConsumer::HandleTranslationUnit (this=0x64c20f0,
C=...) at
../tools/clang/lib/StaticAnalyzer/Frontend/AnalysisConsumer.cpp:585
#23 0x0000000002444251 in
clang::MultiplexConsumer::HandleTranslationUnit (this=0x64c2850,
Ctx=...) at ../tools/clang/lib/Frontend/MultiplexConsumer.cpp:287
#24 0x000000000271a44a in clang::ParseAST (S=..., PrintStats=false,
SkipFunctionBodies=false) at ../tools/clang/lib/Parse/ParseAST.cpp:170
#25 0x00000000023fd05e in clang::ASTFrontendAction::ExecuteAction
(this=0x64cc010) at ../tools/clang/lib/Frontend/FrontendAction.cpp:1018
#26 0x00000000023fca90 in clang::FrontendAction::Execute
(this=0x64cc010) at ../tools/clang/lib/Frontend/FrontendAction.cpp:917
#27 0x00000000023759e2 in clang::CompilerInstance::ExecuteAction
(this=0x7fffffffb6b0, Act=...) at
../tools/clang/lib/Frontend/CompilerInstance.cpp:968
#28 0x00000000018aa482 in
clang::tooling::FrontendActionFactory::runInvocation
(this=0x7fffffffc760, Invocation=std::shared_ptr (empty) 0x0,
Files=0x64529a0, PCHContainerOps=..., DiagConsumer=0x7fffffffcb00) at
../tools/clang/lib/Tooling/Tooling.cpp:370
#29 0x000000000116089e in
clang::tidy::runClangTidy(clang::tidy::ClangTidyContext&,
clang::tooling::CompilationDatabase const&, llvm::ArrayRef<std::string>,
llvm::IntrusiveRefCntPtr<llvm::vfs::FileSystem>, bool,
llvm::StringRef)::ActionFactory::runInvocation(std::shared_ptr<clang::CompilerInvocation>,
clang::FileManager*, std::shared_ptr<clang::PCHContainerOperations>,
clang::DiagnosticConsumer*) (this=0x7fffffffc760, Invocation=warning:
RTTI symbol not found for class
'std::_Sp_counted_deleter<clang::CompilerInvocation*,
std::default_delete<clang::CompilerInvocation>, std::allocator<void>,
(__gnu_cxx::_Lock_policy)2>'
warning: RTTI symbol not found for class
'std::_Sp_counted_deleter<clang::CompilerInvocation*,
std::default_delete<clang::CompilerInvocation>, std::allocator<void>,
(__gnu_cxx::_Lock_policy)2>'
std::shared_ptr (count 2, weak 0) 0x644f910, Files=0x64529a0,
PCHContainerOps=warning: RTTI symbol not found for class
'std::_Sp_counted_deleter<clang::PCHContainerOperations*,
std::__shared_ptr<clang::PCHContainerOperations,
(__gnu_cxx::_Lock_policy)2>::_Deleter<std::allocator<clang::PCHContainerOperations>
>, std::allocator<clang::PCHContainerOperations>,
(__gnu_cxx::_Lock_policy)2>'
warning: RTTI symbol not found for class
'std::_Sp_counted_deleter<clang::PCHContainerOperations*,
std::__shared_ptr<clang::PCHContainerOperations,
(__gnu_cxx::_Lock_policy)2>::_Deleter<std::allocator<clang::PCHContainerOperations>
>, std::allocator<clang::PCHContainerOperations>,
(__gnu_cxx::_Lock_policy)2>'
std::shared_ptr (count 3, weak 0) 0x644a270,
DiagConsumer=0x7fffffffcb00) at
../tools/clang/tools/extra/clang-tidy/ClangTidy.cpp:572
#30 0x00000000018aa317 in clang::tooling::ToolInvocation::runInvocation
(this=0x7fffffffc288, BinaryName=0x6440088 "clang-tool",
Compilation=0x644eb80, Invocation=std::shared_ptr (empty) 0x0,
PCHContainerOps=std::shared_ptr (empty) 0x0) at
../tools/clang/lib/Tooling/Tooling.cpp:345
#31 0x00000000018a8a59 in clang::tooling::ToolInvocation::run
(this=0x7fffffffc288) at ../tools/clang/lib/Tooling/Tooling.cpp:330
#32 0x00000000018ab924 in clang::tooling::ClangTool::run
(this=0x7fffffffcc10, Action=0x7fffffffc760) at
../tools/clang/lib/Tooling/Tooling.cpp:519
#33 0x000000000115d517 in clang::tidy::runClangTidy (Context=...,
Compilations=..., InputFiles=llvm::ArrayRef of length 1 = {...},
BaseFS=..., EnableCheckProfile=false, StoreCheckProfile="") at
../tools/clang/tools/extra/clang-tidy/ClangTidy.cpp:593
#34 0x000000000047a29f in clang::tidy::clangTidyMain (argc=3,
argv=0x7fffffffda98) at
../tools/clang/tools/extra/clang-tidy/tool/ClangTidyMain.cpp:428
#35 0x00000000004796c2 in main (argc=5, argv=0x7fffffffda98) at
../tools/clang/tools/extra/clang-tidy/tool/ClangTidyMain.cpp:581

/Mikael