<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/59636>59636</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            Clang-tidy/libclang crashes in CallEvent CXXInstanceCall::getExtraInvalidatedValues
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          Jesseeee
      </td>
    </tr>
</table>

<pre>
    In our project we use FastDelegate: https://github.com/dreamcat4/FastDelegate/blob/master/FastDelegate.h
When it tries to evaluate an expression that calls FastDelegate0<unsigned short>::operator()() at line 990/991 in FastDelegate.h it crashes in libclang in CXXInstanceCall::getExtraInvalidatedValues

Using llvm/clang 14+15 this crashes, I have not tried to build from source with the latest but I suspect this won't help much since this piece of code has not changed in years.

Backtrace:
 #0 0x00007f15478113b1 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/usr/lib/llvm-15/bin/../lib/libLLVM-15.so.1+0xf043b1)
 #1 0x00007f154780f0fe llvm::sys::RunSignalHandlers() (/usr/lib/llvm-15/bin/../lib/libLLVM-15.so.1+0xf020fe)
 #2 0x00007f15478118d6 (/usr/lib/llvm-15/bin/../lib/libLLVM-15.so.1+0xf048d6)
 #3 0x00007f15463dd520 (/lib/x86_64-linux-gnu/libc.so.6+0x42520)
 #4 0x00007f155026124e clang::ento::CXXInstanceCall::getExtraInvalidatedValues(llvm::SmallVectorImpl<clang::ento::SVal>&, clang::ento::RegionAndSymbolInvalidationTraits*) const (/usr/lib/llvm-15/bin/../lib/libclang-cpp.so.15+0x296224e)
 #5 0x00007f155025f9c8 clang::ento::CallEvent::invalidateRegions(unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>) const (/usr/lib/llvm-15/bin/../lib/libclang-cpp.so.15+0x29609c8)
 #6 0x00007f15502b139b clang::ento::ExprEngine::conservativeEvalCall(clang::ento::CallEvent const&, clang::ento::NodeBuilder&, clang::ento::ExplodedNode*, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>) (/usr/lib/llvm-15/bin/../lib/libclang-cpp.so.15+0x29b239b)
 #7 0x00007f15502b3a6e clang::ento::ExprEngine::defaultEvalCall(clang::ento::NodeBuilder&, clang::ento::ExplodedNode*, clang::ento::CallEvent const&, clang::ento::EvalCallOptions const&) (/usr/lib/llvm-15/bin/../lib/libclang-cpp.so.15+0x29b4a6e)
 #8 0x00007f155026cf91 clang::ento::CheckerManager::runCheckersForEvalCall(clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNodeSet const&, clang::ento::CallEvent const&, clang::ento::ExprEngine&, clang::ento::EvalCallOptions const&) (/usr/lib/llvm-15/bin/../lib/libclang-cpp.so.15+0x296df91)
 #9 0x00007f15502b19f7 clang::ento::ExprEngine::evalCall(clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNode*, clang::ento::CallEvent const&) (/usr/lib/llvm-15/bin/../lib/libclang-cpp.so.15+0x29b29f7)
#10 0x00007f15502b16b4 clang::ento::ExprEngine::VisitCallExpr(clang::CallExpr const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) (/usr/lib/llvm-15/bin/../lib/libclang-cpp.so.15+0x29b26b4)
#11 0x00007f15502909c9 clang::ento::ExprEngine::Visit(clang::Stmt const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) (/usr/lib/llvm-15/bin/../lib/libclang-cpp.so.15+0x29919c9)
#12 0x00007f155028c7f5 clang::ento::ExprEngine::ProcessStmt(clang::Stmt const*, clang::ento::ExplodedNode*) (/usr/lib/llvm-15/bin/../lib/libclang-cpp.so.15+0x298d7f5)
#13 0x00007f155028c4ce clang::ento::ExprEngine::processCFGElement(clang::CFGElement, clang::ento::ExplodedNode*, unsigned int, clang::ento::NodeBuilderContext*) (/usr/lib/llvm-15/bin/../lib/libclang-cpp.so.15+0x298d4ce)
#14 0x00007f1550273c08 clang::ento::CoreEngine::dispatchWorkItem(clang::ento::ExplodedNode*, clang::ProgramPoint, clang::ento::WorkListUnit const&) (/usr/lib/llvm-15/bin/../lib/libclang-cpp.so.15+0x2974c08)
#15 0x00007f1550273758 clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*, unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>) (/usr/lib/llvm-15/bin/../lib/libclang-cpp.so.15+0x2974758)
#16 0x00007f15506d395f (/usr/lib/llvm-15/bin/../lib/libclang-cpp.so.15+0x2dd495f)
#17 0x00007f15506b10d8 (/usr/lib/llvm-15/bin/../lib/libclang-cpp.so.15+0x2db20d8)
#18 0x00007f154fff1fdc clang::MultiplexConsumer::HandleTranslationUnit(clang::ASTContext&) (/usr/lib/llvm-15/bin/../lib/libclang-cpp.so.15+0x26f2fdc)
#19 0x00007f154e38be9b clang::ParseAST(clang::Sema&, bool, bool) (/usr/lib/llvm-15/bin/../lib/libclang-cpp.so.15+0xa8ce9b)
#20 0x00007f154ffb3ea7 clang::FrontendAction::Execute() (/usr/lib/llvm-15/bin/../lib/libclang-cpp.so.15+0x26b4ea7)
#21 0x00007f154ff26fb6 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/usr/lib/llvm-15/bin/../lib/libclang-cpp.so.15+0x2627fb6)
#22 0x00007f15501ddb11 clang::tooling::FrontendActionFactory::runInvocation(std::shared_ptr<clang::CompilerInvocation>, clang::FileManager*, std::shared_ptr<clang::PCHContainerOperations>, clang::DiagnosticConsumer*) (/usr/lib/llvm-15/bin/../lib/libclang-cpp.so.15+0x28deb11)
#23 0x00005575f87c17f6 (/usr/bin/clang-tidy+0x12e97f6)
#24 0x00007f15501dd87f clang::tooling::ToolInvocation::runInvocation(char const*, clang::driver::Compilation*, std::shared_ptr<clang::CompilerInvocation>, std::shared_ptr<clang::PCHContainerOperations>) (/usr/lib/llvm-15/bin/../lib/libclang-cpp.so.15+0x28de87f)
#25 0x00007f15501dc8df clang::tooling::ToolInvocation::run() (/usr/lib/llvm-15/bin/../lib/libclang-cpp.so.15+0x28dd8df)
#26 0x00007f15501df3ae clang::tooling::ClangTool::run(clang::tooling::ToolAction*) (/usr/lib/llvm-15/bin/../lib/libclang-cpp.so.15+0x28e03ae)
#27 0x00005575f87bca09 clang::tidy::runClangTidy(clang::tidy::ClangTidyContext&, clang::tooling::CompilationDatabase const&, llvm::ArrayRef<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>, llvm::IntrusiveRefCntPtr<llvm::vfs::OverlayFileSystem>, bool, bool, llvm::StringRef) (/usr/bin/clang-tidy+0x12e4a09)
#28 0x00005575f7c59bb2 clang::tidy::clangTidyMain(int, char const**) (/usr/bin/clang-tidy+0x781bb2)
#29 0x00007f15463c4d90 __libc_start_call_main ./csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#30 0x00007f15463c4e40 call_init ./csu/../csu/libc-start.c:128:20
#31 0x00007f15463c4e40 __libc_start_main ./csu/../csu/libc-start.c:379:5
#32 0x00005575f7c548e5 _start (/usr/bin/clang-tidy+0x77c8e5)

If there is anything I can provide more to help debug this or if there's any suggestions to what code changes I can make to make this parseable, I'd be happy to help or look into what can fix this as it's rather annoying as this makes quite a bit of our code unable to be analyzed with clang.
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJzUmllv4zjywD-N8kLEkKj7IQ9uJ_5P_ujeCdqZnnkzKLJkcUOTWpJy7P30C0q-6LFzzLixWKDhtnXU8atisUiGGMMXEuAuSL8E6f0N6Wyj9N3_gzEAADeVYpu7R4lUp1Gr1T-BWvQKqDOApsTYexCwIBaCeIwaa1sTxOMATwM8XXDbdNWIqmWAp0wDWVJikwBPvdfwtBKqCvB0SYwFfXJ71AThfRCOf29AIm6R1RwMsgrBioiOWEBEIli3GozhSiLbEIsoEcJ4xoVBPOlk7ydDplHaBvGDMzQeqxY0sUoHuAhwOXwiYpHgElBZhgGelmWEuES-Xc4aqolpwLibgldUELlw3yd__PEojSWSwoQIMehZgH1YW00e5YoIzogF9oOIDszg4PD5m-FygYRYOWSDvCgJ8JcoRbbhZqcwwBP0iBqyAiTVAIU5KFXHBUO1VktkVKcpoFduG2QbQIJYMBZVnUWPyHSmdWHsZb4qGeDcogZEi5YdbZDhksJws-VAAakaUcUANcT0CmlD5AKY83UDRJvRsQ9fCH2xmlCXEcMVFOA4ROE6DMMwr6M0yYsoiqtocLSnYzZm-PKkubQzS-jLcy8DF4eHNHmdK2NdJgU4cxC4tC5cfdSmnXHZI7hLJvfSbZS67OIywNPR6HCLV1-__vh2G6Ujo0ZRgL-E6zpM4ipy8d8bHPkGh3VYwzmDv3dyxheSiF-IZAK02abQFWzCYQ2eTfgUYsGyqzhfsMxTFB8rymLGUhxuFQ1y1kU2z5JbwWW3vl3IbrhBndCsF5rgFIeezORIZhriLMIJoD7HB5AgrRq-fXL8HKfIbEmE-AHUKv24bEUQT85qmP0gwlWAIYvOPvIdFlzJsWSzzbJSYq-WK_msCbcmwGMXZ6qksZ8OQq_ylrZtH4a0R4bLDOPEj3jqQ0vrkhYXoBEhHlYg7fCT7zENjjhM-wrYD5vJUTY_Sqs7w1fwHeqJtE9WXyL3pNVCk-XMutrb-95zvDKHsKSFxyHzOVRRXFbnOTysW_0gF1zC8NvZBXpFLF_Bw4qIPqNw8TbDrWdvpMc_FIMvrty6KevyYw_rVigGzD3eJ8yVqV-Hd4XjsvJ45ye8Y5JdGKynvBnUpBP2PdR_nd_fjdzOsl9bN5bN0QtXw5mQzB_GxUnto3UZXXCkAfoC-huRZAF6O-91cnvZTJV-j-wxshm8jcJ_9H12n8F8yIv_ajAyVpf-zF6e1pKyzj-W2_Bz0H82sa837Ms636NxPU94iiarko-h-cENt72x61b7fHZXdx5cdvajUM5xvh6UrEo8KJEPpQxLWn4Cig9jZpf2fwNEGZW09EBgH0RB8zr9GIgnrSgY45y_Co5r-ViwvE49H-NTHxP6wYmvHXycTP_vQcDSNWL-KDi6_vGon7Zs782lEyUtrO2VISUUPEgnrXwe0_BSV6o0eN0BNy2xtPld6ZdHC8uPVNI_Z8a2HXpSb1FxKr5yY3-T_GcUzzyhYeFRSU-p5OkHqTysgXYWdhb7UL4q2q86tqH1RstP7eivxSlPfU5-L5-xuEzr6yhjLCnT2lPmN7JZFYWsuJKyCofM9-y4zUvquo5qRo8z4FsnLG8FrCdKmm656--GnYNnTaQRfahdyvpJMJ4974f29ZI4q3HNqOfCcXOUQFxU4C-0nog2MJ49n5RxWJJtt1MpJQ7_X8dQUlA4WqAEOMahj7qKgXhN3FQ7XJKNqQPqDbO_uEFznmCVAPF6KBz5luGsrrJjyyZq2XIBerfF4dm2NdeDe-LKNeOP87rKPOv9OT5irIq8lYpVSvDzlk0JtUpv9muWR7nalq4AF8ay7cZZQzSweXtakA5Y9m-5MuQV9ykXsFsZDQXwXbFPk1_cwCFcgv613-rtN0P-JPqek4VUxnK6H5tXnEMLBlUUeaB3jUaa5mld5DTKa38vbxA-iLOcbXpJEYYyr_2QJachK_L6YsieVb-XtUd8Lla0IRebdab5ale3hpBt3_pYOC5G-e8E8npBKnJv9sDpCVpasE-jvWa5KRgrmG9idmJiHRO4aOLEXXd2Hlv3lj-7mnPFoQBhTLx2Euf-UKgoCb0FVp_9-52Q3oV-PBRnn9k_cDxhTi4jOSTxPbGkIga8zY1DSzXWmmy-Qx3Ek322zud0vY6i4UdFDKdzY3UvfOKGkZfa7sLcDpvH29snyU-EcOmj9NH94d_7zd3h9qrenk38ugItyMaVzdnGuHZ7kOTP0ceSZ73xzsmTeF-qRgkJvUUiLo6DmdO0rCp8Pph0F6hvxAkvds28X33-lHlnLcmLqKqwZ0jpn2HQhJUhms9dXs6NJdrOKRFiviRcIpe21HS7DDYbw6A1AZ7K1optMp--NGqCeJwWQTyOsr1W_5zLaYUk7A8k59ytQ04UDV-d9Nte-og6cdgJxeFBaHROqOfKOS_OCo_z0pl9kI1P4pUUkKJB6gew57SAowV0__lYI9uABsQNInJjGy4X6BFRIlGr1YozQEulAVk1nDkyqLrFcNyoNOLbtwOc968j0y0WYIbtQavQa3_CqxhsTyHNVvSSvPQih__7s0vXqpJKQH9cGuCcoQpQQ9p2s9etNBJKvbj10040kajm60EEMch14rlBmjirEJFSbZw_xAxPOHUG_avjFhBBFbdI1f1ReW9iJ53-_mgWEJFEbP4NbDiU7UmObthdzMq4JDdwF2V5lGEcJclNcxfVeV7HdcnqvKwTmtM8gwQgzjJKwiLObvgdDjGOMI6iCJdhMsqLNIOsgrgiJasyHCQhLAkXIze6R0ovbrgxHdylZRZnN4JUIEx_5o-xhFfU3wwwDtL7G33XF_aqW5ggCQU31hykWG4F3E2OEmFf648PxA8bl587zrvptLh74w8JtofjvYHbP0cI8LS33g3Y3rv_BAAA__8vHu-n">