<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/55347>55347</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            Assertion "PathDiagnosticSpotPiece's must have a valid location."
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            clang:static analyzer,
            crash
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          steakhal
      </td>
    </tr>
</table>

<pre>
    Reproducer: https://godbolt.org/z/3M1v5Y37s
```bash
clang --analyze -Xclang -analyzer-checker=core,alpha.security.ReturnPtrRange preprocessed.cpp
```
```C++
namespace std {
template <typename T> T&& move(T &&) noexcept;
} // namespace std

char buf[1];

void top() {
  (void)std::move(*(buf + 3)); // crashes
}
```

Stack-trace:
```
clang: llvm-project/clang/include/clang/Analysis/PathDiagnostic.h:519: clang::ento::PathDiagnosticSpotPiece::PathDiagnosticSpotPiece(const clang::ento::PathDiagnosticLocation &, llvm::StringRef, PathDiagnosticPiece::Kind, bool): Assertion `Pos.isValid() && Pos.hasValidLocation() && "PathDiagnosticSpotPiece's must have a valid location."' failed.
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.      Program arguments: llvm-project/build/debug/bin/clang --analyze -Xclang -analyzer-checker=core,alpha.security.ReturnPtrRange preprocessed.cpp
1.      <eof> parser at end of file
2.      While analyzing stack: 
        #0 Calling std::move(char &) at line 8
        #1 Calling top(int)
3.      Error evaluating statement
4.      Error evaluating statement
 #0 0x00007f563011921a llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) llvm-project/llvm/lib/Support/Unix/Signals.inc:565:11
 #1 0x00007f56301193cb PrintStackTraceSignalHandler(void*) llvm-project/llvm/lib/Support/Unix/Signals.inc:632:1
 #2 0x00007f5630117a66 llvm::sys::RunSignalHandlers() llvm-project/llvm/lib/Support/Signals.cpp:103:5
 #3 0x00007f5630118b0e llvm::sys::CleanupOnSignal(unsigned long) llvm-project/llvm/lib/Support/Unix/Signals.inc:362:1
 #4 0x00007f562ff6db8e (anonymous namespace)::CrashRecoveryContextImpl::HandleCrash(int, unsigned long) llvm-project/llvm/lib/Support/CrashRecoveryContext.cpp:0:7
 #5 0x00007f562ff6df73 CrashRecoverySignalHandler(int) llvm-project/llvm/lib/Support/CrashRecoveryContext.cpp:390:1
 #6 0x00007f5637d4f980 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x12980)
 #7 0x00007f562ef42e87 raise /build/glibc-uZu3wS/glibc-2.27/signal/../sysdeps/unix/sysv/linux/raise.c:51:0
 #8 0x00007f562ef447f1 abort /build/glibc-uZu3wS/glibc-2.27/stdlib/abort.c:81:0
 #9 0x00007f562ef343fa __assert_fail_base /build/glibc-uZu3wS/glibc-2.27/assert/assert.c:89:0
#10 0x00007f562ef34472 (/lib/x86_64-linux-gnu/libc.so.6+0x30472)
#11 0x00007f56250c1cd4 clang::ento::PathDiagnosticSpotPiece::PathDiagnosticSpotPiece(clang::ento::PathDiagnosticLocation const&, llvm::StringRef, clang::ento::PathDiagnosticPiece::Kind, bool) llvm-project/clang/include/clang/Analysis/PathDiagnostic.h:520:21
#12 0x00007f56250c1bb8 clang::ento::PathDiagnosticNotePiece::PathDiagnosticNotePiece(clang::ento::PathDiagnosticLocation const&, llvm::StringRef, bool) llvm-project/clang/include/clang/Analysis/PathDiagnostic.h:731:9
#13 0x00007f56250c1b50 void __gnu_cxx::new_allocator<clang::ento::PathDiagnosticNotePiece>::construct<clang::ento::PathDiagnosticNotePiece, clang::ento::PathDiagnosticLocation const&, llvm::StringRef&>(clang::ento::PathDiagnosticNotePiece*, clang::ento::PathDiagnosticLocation const&, llvm::StringRef&) /usr/lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/ext/new_allocator.h:156:60
#14 0x00007f56250c1942 void std::allocator_traits<std::allocator<clang::ento::PathDiagnosticNotePiece> >::construct<clang::ento::PathDiagnosticNotePiece, clang::ento::PathDiagnosticLocation const&, llvm::StringRef&>(std::allocator<clang::ento::PathDiagnosticNotePiece>&, clang::ento::PathDiagnosticNotePiece*, clang::ento::PathDiagnosticLocation const&, llvm::StringRef&) /usr/lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/alloc_traits.h:516:2
#15 0x00007f56250c16e9 std::_Sp_counted_ptr_inplace<clang::ento::PathDiagnosticNotePiece, std::allocator<clang::ento::PathDiagnosticNotePiece>, (__gnu_cxx::_Lock_policy)2>::_Sp_counted_ptr_inplace<clang::ento::PathDiagnosticLocation const&, llvm::StringRef&>(std::allocator<clang::ento::PathDiagnosticNotePiece>, clang::ento::PathDiagnosticLocation const&, llvm::StringRef&) /usr/lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/shared_ptr_base.h:521:2
#16 0x00007f56250c152a std::__shared_count<(__gnu_cxx::_Lock_policy)2>::__shared_count<clang::ento::PathDiagnosticNotePiece, std::allocator<clang::ento::PathDiagnosticNotePiece>, clang::ento::PathDiagnosticLocation const&, llvm::StringRef&>(clang::ento::PathDiagnosticNotePiece*&, std::_Sp_alloc_shared_tag<std::allocator<clang::ento::PathDiagnosticNotePiece> >, clang::ento::PathDiagnosticLocation const&, llvm::StringRef&) /usr/lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/shared_ptr_base.h:650:16
#17 0x00007f56250c1485 std::__shared_ptr<clang::ento::PathDiagnosticNotePiece, (__gnu_cxx::_Lock_policy)2>::__shared_ptr<std::allocator<clang::ento::PathDiagnosticNotePiece>, clang::ento::PathDiagnosticLocation const&, llvm::StringRef&>(std::_Sp_alloc_shared_tag<std::allocator<clang::ento::PathDiagnosticNotePiece> >, clang::ento::PathDiagnosticLocation const&, llvm::StringRef&) /usr/lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/shared_ptr_base.h:1337:14
#18 0x00007f56250c1412 std::shared_ptr<clang::ento::PathDiagnosticNotePiece>::shared_ptr<std::allocator<clang::ento::PathDiagnosticNotePiece>, clang::ento::PathDiagnosticLocation const&, llvm::StringRef&>(std::_Sp_alloc_shared_tag<std::allocator<clang::ento::PathDiagnosticNotePiece> >, clang::ento::PathDiagnosticLocation const&, llvm::StringRef&) /usr/lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/shared_ptr.h:410:4
#19 0x00007f56250c1365 std::shared_ptr<clang::ento::PathDiagnosticNotePiece> std::allocate_shared<clang::ento::PathDiagnosticNotePiece, std::allocator<clang::ento::PathDiagnosticNotePiece>, clang::ento::PathDiagnosticLocation const&, llvm::StringRef&>(std::allocator<clang::ento::PathDiagnosticNotePiece> const&, clang::ento::PathDiagnosticLocation const&, llvm::StringRef&) /usr/lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/shared_ptr.h:860:14
#20 0x00007f56250c11b2 std::shared_ptr<clang::ento::PathDiagnosticNotePiece> std::make_shared<clang::ento::PathDiagnosticNotePiece, clang::ento::PathDiagnosticLocation const&, llvm::StringRef&>(clang::ento::PathDiagnosticLocation const&, llvm::StringRef&) /usr/lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/shared_ptr.h:876:7
#21 0x00007f56250bf44c clang::ento::BugReport::addNote(llvm::StringRef, clang::ento::PathDiagnosticLocation const&, llvm::ArrayRef<clang::SourceRange>) llvm-project/clang/include/clang/StaticAnalyzer/Core/BugReporter/BugReporter.h:205:26
#22 0x00007f562567c860 (anonymous namespace)::ReturnPointerRangeChecker::checkPreStmt(clang::ReturnStmt const*, clang::ento::CheckerContext&) const llvm-project/clang/lib/StaticAnalyzer/Checkers/ReturnPointerRangeChecker.cpp:116:5
```

Likely related to invalid source locations produced by BodyFarm #40680 (https://reviews.llvm.org/D60808).

PS: It's not entirely clear what the semantics/invariants are in the `PathDiagnosticLocation` class. When and what can be invalid etc, thus I'm requesting some feedback on this by @haoNoQ.
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJztWm1zozgS_jXkiyoUiFd_8AfHSeqmbm4vF8_d3t0XlxCy4YIRJ4kk3l-_LQljTJxZO8nWzE5timDQS-tR99MtQZPxfDu9Z43geUuZcIIZKpRqJFw4-BaONc8zXimXizXc_QL_wd_8x-g_QSId79rxZk7s2SMjsrBFtCL1Gl1ekppU218Yuvx3V9IViEtaMPqgh7umXDAHz0nVFMSVjLaiVFv3nqlW1HdK3EM_hhqhEVImJctd2jSjkUe3cwdf6cOU1mTDZEMoQ1LlyEm6YsU2TUUUQ04wV9uG6WboixPcwAnHcKANfwRg6Rdk7x08QTVnz5Q1ygk6KU5yjaya0ME4Xa1VRkEEytqVE135TnS972vOj7zMkeINjKRH6PEhkJvqSijVAsEcwayD5GCwTQoioc0VCqCFPoKrHRQqwBJM9hCPa8ucF4rQh0slALce4lhDYzrNi6p63FyCGf7HqIJhbDm-LWtatTkblMy0lWUp4fKOqOK6JOuaS1VStwA5kT_R0nZi4WC14vbqsPmi4equZBba65U4pbyW6hSJnzklquS1tencTMm2WyhR1ut7ttLFh50GEP5a1rlukHFeGZ3P0Aw4KazM2Lvj0i3lv0il7WYNasmkKwpia3YgDls4GL86wUSiTQszLMgjQwQ9aimo6sS40BOaoBUpK_AOa7S7zzezxQ2SbbYpFXTJ2jUCH-JCAdnGHl6qos1cyjdwYzRifwa2LqVsmbYnInWOOosjVTDLNZQBiyyJQDlDZ0WSt8IW655ESk5LcLscibZGkoqyUe6AiihvN03PRA-qJneCrwXZICLW7QYMK49wMWvLCjR-mzOYqL4v6x0ff_8w5GuUEEYYX-n40RABjEBEIQYz5iu0ArvYlli3_LmAe2QhAOUgXMC89Zx2fgneHHgIoFS2-tD5TTjp4hGMAW0YSodd_b6rDStlrTRVTYtAA7gRggvEgEUtEMgigHAIqrWNwlMaIQPSe_bgL1lFceD5_gT7ZOBScis7HwTXUsa8XyxH0n0jQZ6WQHfByKbzSYt3bOEdL8sMzou20VSGq3_W5bMuKNegT_C9muoIE0dw9v09Un-MNKAZGsGyMv4CNK2AEbvgO3snljjAGsseCh5BSUgcH1PafVsfIJJduDgNyw6EJikM7wVaLXsQwQhEmnnsGIh5xUjdNn_voACEtpZwyXT40bH-XboJ4pFuwgEsvFrFeZYyvQ6SmtfbDW_lfpW10VdD1AHonlHwDrGd81qxZ_UJ1nZba5Vn2uxcYY7eOIdjI3UK9uA_2c8jGs9jlQTooPuYbGeR_itAgol3qNJ4aOkkD1eT1EPLpWBSQcRbwnpgeNWN8ZzGyzi8hOjRPl-u69ZWNKoA_8xdyV0Pdhzes49BSh9U9DDJcMZsFWKWJkiQUmr79eF5DcLoZfvfNnha9LfYxQncyI5ht66r77YyZ41ecVrLHCh4NGgAGfwa0a5xdt_ov0eSjpCEycpHJONmpqchUbnVhullBklHg0wOBwnCYEVAq8TsBZZ6JV7Cbvjkudt-_YUdcrIfUkcwbzxkmOATbEe11WJjtcCDLr3VtMxhWMSRR32ahx-7MTtjS2Y2cV_fl50g7vXN2oftX7F2Mezv1YjHasyy9BSsP3HFXlXjvvLD1fjBCkkC7R0DWgUv9BF5yDzoLJdAzCV9fraoava0hL2Khs5hEzY_T2c3tt5MWLQwhTMFnEao0xUba0gnGWuAYfY7wDAPFbetFH1sWFN6PELAJqmLuKPTgATd03TXGNYaOB9YzrDAj2K93RlErHBMg0mILQ36PW0vYglPD6Xe2s9f1p1PDPTdkuMjZtcN84PzLNN0gBVR66ljR_f6QPMM72kWjWkWs8meYctFs6S8hT1SvmyUWJZ1U5mXHWfT4WNMN9dr9igMLkHpD8uGVyXdglJxz953gf9G3PxDskzCQ3WnY71v69Z5_5Bo8ZhoESYDoi07IcZgoLlz7Dzu-624-V2sh_HBjLQP2CDQ6UiR9UcuEz8OYePIPPvFe8YmY8aGaXSEsSDlDZx7C7_tSN8zW__k3dm884Mg0T_hnnjpC-LBQ1KvurfTbkeoP-n0o9HJMCn0dQQb8Ggy5lEQRx_DoxdLJusM84Otvh9CsOFgf3yWpbF3GK6wN6aZn31QuBqkb8jDOyj2jTZm37slE_0smOwNOXqhma3CkB7X3VULuM37dOsdea71fZCaOvfV428oayYE2WppB9ZfmPyoSS8aq5zxVm6hYDg663KZUDA3OczbfmqmcHBndIY9nRzD-10iPnx9GScUHOS3si5dYpSX8Gxqk6PzXSrVvHbRN3eCLdRGHTLNdtTlOzW9_maiE9llODqO2Vz_K0rqMiUvFGMFaQa9CnyXKjOvF6KvfDLxuXxg1RYJVpk8tuKorG1G3ua6-8S8RN1XNTnKtuiK59tbIjYmz-XFqVHxYSJesMeSPUlXT6773uY69lJP5_3cIYS7BfRBn5T5MqDmOtOsSqFR0YoRgZ4Kokx2XrINgSoqDYEeiSjhViJwIgBtWuiPFo6yGCq0VaR00c8Fq0363silpEYZ6yfNFNUGVAXw5BMA2oBm_t8yaZPGfMPQirFcfyCAuB6ylFobTugVhP_E_-Fe5NMgnwQTcqFKVbHp4HuK93wRcdGKavr27xyiKAiTi2LqhzgKyCpifpR6mGTphK7CJMJ-HkZ-sAovKpKxSk6dCEIV3rFYGgIi0jMQ2wcmTG0iEjvR9UU5xR4Gb_Qm3gSHXuBmJMpwGPr5BJMoj3LQEZivrHo-XIipwZu1awmVVSnVniwXYCqd1WQGC8gnrSq4mErFyENBqgszt6mZ2K9Rttbf">