=================================================================
==1477483==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x5576c89c6f52 bp 0x7ffcf0c93480 sp 0x7ffcf0c92eb0 T0)
==1477483==The signal is caused by a READ memory access.
==1477483==Hint: address points to the zero page.
#0 0x5576c89c6f52 in FactPointTo::rhs_to_lhs_transfer(std::vector<Fact const*, std::allocator<Fact const*> > const&, std::vector<Variable const*, std::allocator<Variable const*> > const&, Expression const*) /csmith/csmith/src/FactPointTo.cpp:183
#1 0x5576c89cc909 in FactPointTo::abstract_fact_for_assign(std::vector<Fact const*, std::allocator<Fact const*> > const&, Lhs const*, Expression const*, std::vector<Fact const*, std::allocator<Fact const*> >&) /csmith/csmith/src/FactPointTo.cpp:286
#2 0x5576c899e969 in FactMgr::update_fact_for_assign(Lhs const*, Expression const*, std::vector<Fact const*, std::allocator<Fact const*> >&) /csmith/csmith/src/FactMgr.cpp:391
#3 0x5576c899f0e0 in FactMgr::update_fact_for_assign(StatementAssign const*, std::vector<Fact const*, std::allocator<Fact const*> >&) /csmith/csmith/src/FactMgr.cpp:415
#4 0x5576c8959b0c in ExpressionAssign::make_random(CGContext&, Type const*, CVQualifiers const*) /csmith/csmith/src/ExpressionAssign.cpp:61
#5 0x5576c89557d8 in Expression::make_random(CGContext&, Type const*, CVQualifiers const*, bool, bool, eTermType) /csmith/csmith/src/Expression.cpp:211
#6 0x5576c8a2323c in FunctionInvocation::make_random_binary_ptr_comparison(CGContext&) /csmith/csmith/src/FunctionInvocation.cpp:329
#7 0x5576c8a1fdef in FunctionInvocation::make_random_binary(CGContext&, Type const*) /csmith/csmith/src/FunctionInvocation.cpp:176
#8 0x5576c8a1f0a6 in FunctionInvocation::make_random(bool, CGContext&, Type const*, CVQualifiers const*) /csmith/csmith/src/FunctionInvocation.cpp:116
#9 0x5576c897506a in ExpressionFuncall::make_random(CGContext&, Type const*, CVQualifiers const*) /csmith/csmith/src/ExpressionFuncall.cpp:84
#10 0x5576c89557af in Expression::make_random(CGContext&, Type const*, CVQualifiers const*, bool, bool, eTermType) /csmith/csmith/src/Expression.cpp:208
#11 0x5576c8a20195 in FunctionInvocation::make_random_binary(CGContext&, Type const*) /csmith/csmith/src/FunctionInvocation.cpp:202
#12 0x5576c8a1f0a6 in FunctionInvocation::make_random(bool, CGContext&, Type const*, CVQualifiers const*) /csmith/csmith/src/FunctionInvocation.cpp:116
#13 0x5576c897506a in ExpressionFuncall::make_random(CGContext&, Type const*, CVQualifiers const*) /csmith/csmith/src/ExpressionFuncall.cpp:84
#14 0x5576c89557af in Expression::make_random(CGContext&, Type const*, CVQualifiers const*, bool, bool, eTermType) /csmith/csmith/src/Expression.cpp:208
#15 0x5576c8a20195 in FunctionInvocation::make_random_binary(CGContext&, Type const*) /csmith/csmith/src/FunctionInvocation.cpp:202
#16 0x5576c8a1f0a6 in FunctionInvocation::make_random(bool, CGContext&, Type const*, CVQualifiers const*) /csmith/csmith/src/FunctionInvocation.cpp:116
#17 0x5576c897506a in ExpressionFuncall::make_random(CGContext&, Type const*, CVQualifiers const*) /csmith/csmith/src/ExpressionFuncall.cpp:84
#18 0x5576c89557af in Expression::make_random(CGContext&, Type const*, CVQualifiers const*, bool, bool, eTermType) /csmith/csmith/src/Expression.cpp:208
#19 0x5576c8a20195 in FunctionInvocation::make_random_binary(CGContext&, Type const*) /csmith/csmith/src/FunctionInvocation.cpp:202
#20 0x5576c8a1f0a6 in FunctionInvocation::make_random(bool, CGContext&, Type const*, CVQualifiers const*) /csmith/csmith/src/FunctionInvocation.cpp:116
#21 0x5576c897506a in ExpressionFuncall::make_random(CGContext&, Type const*, CVQualifiers const*) /csmith/csmith/src/ExpressionFuncall.cpp:84
#22 0x5576c89557af in Expression::make_random(CGContext&, Type const*, CVQualifiers const*, bool, bool, eTermType) /csmith/csmith/src/Expression.cpp:208
#23 0x5576c8a20195 in FunctionInvocation::make_random_binary(CGContext&, Type const*) /csmith/csmith/src/FunctionInvocation.cpp:202
#24 0x5576c8a1f0a6 in FunctionInvocation::make_random(bool, CGContext&, Type const*, CVQualifiers const*) /csmith/csmith/src/FunctionInvocation.cpp:116
#25 0x5576c897506a in ExpressionFuncall::make_random(CGContext&, Type const*, CVQualifiers const*) /csmith/csmith/src/ExpressionFuncall.cpp:84
#26 0x5576c89557af in Expression::make_random(CGContext&, Type const*, CVQualifiers const*, bool, bool, eTermType) /csmith/csmith/src/Expression.cpp:208
#27 0x5576c8b4a4d9 in StatementAssign::make_random(CGContext&, Type const*, CVQualifiers const*) /csmith/csmith/src/StatementAssign.cpp:169
#28 0x5576c8959a56 in ExpressionAssign::make_random(CGContext&, Type const*, CVQualifiers const*) /csmith/csmith/src/ExpressionAssign.cpp:59
#29 0x5576c89557d8 in Expression::make_random(CGContext&, Type const*, CVQualifiers const*, bool, bool, eTermType) /csmith/csmith/src/Expression.cpp:211
#30 0x5576c8a20730 in FunctionInvocation::make_random_binary(CGContext&, Type const*) /csmith/csmith/src/FunctionInvocation.cpp:241
#31 0x5576c8a1f0a6 in FunctionInvocation::make_random(bool, CGContext&, Type const*, CVQualifiers const*) /csmith/csmith/src/FunctionInvocation.cpp:116
#32 0x5576c897506a in ExpressionFuncall::make_random(CGContext&, Type const*, CVQualifiers const*) /csmith/csmith/src/ExpressionFuncall.cpp:84
#33 0x5576c89557af in Expression::make_random(CGContext&, Type const*, CVQualifiers const*, bool, bool, eTermType) /csmith/csmith/src/Expression.cpp:208
#34 0x5576c8a20195 in FunctionInvocation::make_random_binary(CGContext&, Type const*) /csmith/csmith/src/FunctionInvocation.cpp:202
#35 0x5576c8a1f0a6 in FunctionInvocation::make_random(bool, CGContext&, Type const*, CVQualifiers const*) /csmith/csmith/src/FunctionInvocation.cpp:116
#36 0x5576c897506a in ExpressionFuncall::make_random(CGContext&, Type const*, CVQualifiers const*) /csmith/csmith/src/ExpressionFuncall.cpp:84
#37 0x5576c89557af in Expression::make_random(CGContext&, Type const*, CVQualifiers const*, bool, bool, eTermType) /csmith/csmith/src/Expression.cpp:208
#38 0x5576c8b4a4d9 in StatementAssign::make_random(CGContext&, Type const*, CVQualifiers const*) /csmith/csmith/src/StatementAssign.cpp:169
#39 0x5576c8b1733b in Statement::make_random(CGContext&, eStatementType) /csmith/csmith/src/Statement.cpp:294
#40 0x5576c883e580 in Block::make_random(CGContext&, bool) /csmith/csmith/src/Block.cpp:159
#41 0x5576c8b6b15e in StatementFor::make_random(CGContext&) /csmith/csmith/src/StatementFor.cpp:288
#42 0x5576c8b6c34c in StatementFor::make_random_array_loop(CGContext const&) /csmith/csmith/src/StatementFor.cpp:329
#43 0x5576c8b37066 in StatementArrayOp::make_random(CGContext&) /csmith/csmith/src/StatementArrayOp.cpp:87
#44 0x5576c8b17424 in Statement::make_random(CGContext&, eStatementType) /csmith/csmith/src/Statement.cpp:321
#45 0x5576c883e580 in Block::make_random(CGContext&, bool) /csmith/csmith/src/Block.cpp:159
#46 0x5576c8a076dd in Function::generate_body_with_known_params(CGContext const&, Effect&) /csmith/csmith/src/Function.cpp:741
#47 0x5576c8a4d28d in FunctionInvocationUser::build_invocation_and_function(CGContext&, Type const*, CVQualifiers const*) /csmith/csmith/src/FunctionInvocationUser.cpp:222
#48 0x5576c8a1ee87 in FunctionInvocation::make_random(bool, CGContext&, Type const*, CVQualifiers const*) /csmith/csmith/src/FunctionInvocation.cpp:102
#49 0x5576c897506a in ExpressionFuncall::make_random(CGContext&, Type const*, CVQualifiers const*) /csmith/csmith/src/ExpressionFuncall.cpp:84
#50 0x5576c89557af in Expression::make_random(CGContext&, Type const*, CVQualifiers const*, bool, bool, eTermType) /csmith/csmith/src/Expression.cpp:208
#51 0x5576c8b4a4d9 in StatementAssign::make_random(CGContext&, Type const*, CVQualifiers const*) /csmith/csmith/src/StatementAssign.cpp:169
#52 0x5576c8b1733b in Statement::make_random(CGContext&, eStatementType) /csmith/csmith/src/Statement.cpp:294
#53 0x5576c883e580 in Block::make_random(CGContext&, bool) /csmith/csmith/src/Block.cpp:159
#54 0x5576c8b6b15e in StatementFor::make_random(CGContext&) /csmith/csmith/src/StatementFor.cpp:288
#55 0x5576c8b17376 in Statement::make_random(CGContext&, eStatementType) /csmith/csmith/src/Statement.cpp:300
#56 0x5576c883e580 in Block::make_random(CGContext&, bool) /csmith/csmith/src/Block.cpp:159
#57 0x5576c8a06605 in Function::GenerateBody(CGContext const&) /csmith/csmith/src/Function.cpp:699
#58 0x5576c8a01815 in Function::make_first() /csmith/csmith/src/Function.cpp:499
#59 0x5576c8a0b379 in GenerateFunctions() /csmith/csmith/src/Function.cpp:858
#60 0x5576c893360d in DefaultProgramGenerator::goGenerator() /csmith/csmith/src/DefaultProgramGenerator.cpp:85
#61 0x5576c8b0d7d4 in main /csmith/csmith/src/RandomProgramGenerator.cpp:1558
#62 0x7fab2f2030b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x240b2)
#63 0x5576c87fd31d in _start (/csmith/csmith/src/csmith+0xa7a31d)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /csmith/csmith/src/FactPointTo.cpp:183 in FactPointTo::rhs_to_lhs_transfer(std::vector<Fact const*, std::allocator<Fact const*> > const&, std::vector<Variable const*, std::allocator<Variable const*> > const&, Expression const*)
==1477483==ABORTING
Hi,
I found that csmitch would crash with
--null-ptr-deref-probparameter. So I built csmith with asan and it reported a null-pointer-deference error:./src/csmith --null-ptr-deref-prob 50a few times, you'll observer that it sometimes crashes.CFLAGS="-fsanitize=address" CXXFLAGS="-fsanitize=address" cmake . && make./src/csmith --null-ptr-deref-prob 50, asan reports as follows: