<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Issue</th>
<td>
<a href=https://github.com/llvm/llvm-project/issues/60278>60278</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>
Assertion `I != ValueState.end() && "V not found in ValueState nor Paramstate map!"' failed with optimizations, ubsan, and reference to value with conversion operator that calls pointer to function in `new`
</td>
</tr>
<tr>
<th>Labels</th>
<td>
new issue
</td>
</tr>
<tr>
<th>Assignees</th>
<td>
</td>
</tr>
<tr>
<th>Reporter</th>
<td>
davidstone
</td>
</tr>
</table>
<pre>
The following valid translation unit:
```cpp
#include <new>
int a() {
return 0;
}
struct convert {
operator int() {
return m();
}
int(*m)();
};
void b() {
convert arg{a};
new int(arg);
};
```
causes clang to crash with
```
clang++: llvm/lib/Transforms/Utils/SCCPSolver.cpp:691: const llvm::ValueLatticeElement &llvm::SCCPInstVisitor::getLatticeValueFor(llvm::Value *) const: Assertion `I != ValueState.end() && "V not found in ValueState nor Paramstate map!"' failed.
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0. Program arguments: clang++ -g -o /tmp/compiler-explorer-compiler2023024-838-1ausl72.u1r3/output.s -mllvm --x86-asm-syntax=intel -S -fcolor-diagnostics -fno-crash-diagnostics -std=c++20 -Og -Wno-everything -fsanitize=undefined <source>
1. <eof> parser at end of file
2. Optimizer
#0 0x00005604d9e1fbf1 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (clang+++0x4150bf1)
#1 0x00005604d9e1dafe llvm::sys::RunSignalHandlers() (clang+++0x414eafe)
#2 0x00005604d9e1efc1 llvm::sys::CleanupOnSignal(unsigned long) (clang+++0x414ffc1)
#3 0x00005604d9d9672b CrashRecoverySignalHandler(int) CrashRecoveryContext.cpp:0:0
#4 0x00007f2b186519e0 (/usr/lib/libc.so.6+0x389e0)
#5 0x00007f2b186a164c (/usr/lib/libc.so.6+0x8864c)
#6 0x00007f2b18651938 raise (/usr/lib/libc.so.6+0x38938)
#7 0x00007f2b1863b53d abort (/usr/lib/libc.so.6+0x2253d)
#8 0x00007f2b1863b45c (/usr/lib/libc.so.6+0x2245c)
#9 0x00007f2b1864a486 (/usr/lib/libc.so.6+0x31486)
#10 0x00005604d9f59c1e llvm::SCCPInstVisitor::getLatticeValueFor(llvm::Value*) const SCCPSolver.cpp:0:0
#11 0x00005604d9f5a092 llvm::refineInstruction(llvm::SCCPSolver&, llvm::SmallPtrSetImpl<llvm::Value*>&, llvm::Instruction&)::$_1::operator()(llvm::Value*) const SCCPSolver.cpp:0:0
#12 0x00005604d9f4d02c llvm::SCCPSolver::simplifyInstsInBlock(llvm::BasicBlock&, llvm::SmallPtrSetImpl<llvm::Value*>&, llvm::TrackingStatistic&, llvm::TrackingStatistic&) (clang+++0x427e02c)
#13 0x00005604d9cf3f31 runSCCP(llvm::Function&, llvm::DataLayout const&, llvm::TargetLibraryInfo const*, llvm::DomTreeUpdater&) SCCP.cpp:0:0
#14 0x00005604d9cf3abb llvm::SCCPPass::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) (clang+++0x4024abb)
#15 0x00005604db59fcbd llvm::detail::PassModel<llvm::Function, llvm::SCCPPass, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::Function>>::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) PassBuilder.cpp:0:0
#16 0x00005604d96d01a7 llvm::PassManager<llvm::Function, llvm::AnalysisManager<llvm::Function>>::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) (clang+++0x3a011a7)
#17 0x00005604da72eead llvm::detail::PassModel<llvm::Function, llvm::PassManager<llvm::Function, llvm::AnalysisManager<llvm::Function>>, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::Function>>::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) BackendUtil.cpp:0:0
#18 0x00005604d973d9a4 llvm::CGSCCToFunctionPassAdaptor::run(llvm::LazyCallGraph::SCC&, llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>&, llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&) (clang+++0x3a6e9a4)
#19 0x00005604db5a3bfd llvm::detail::PassModel<llvm::LazyCallGraph::SCC, llvm::CGSCCToFunctionPassAdaptor, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>, llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&>::run(llvm::LazyCallGraph::SCC&, llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>&, llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&) PassBuilder.cpp:0:0
#20 0x00005604d9738133 llvm::PassManager<llvm::LazyCallGraph::SCC, llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>, llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&>::run(llvm::LazyCallGraph::SCC&, llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>&, llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&) (clang+++0x3a69133)
#21 0x00005604d985755d llvm::detail::PassModel<llvm::LazyCallGraph::SCC, llvm::PassManager<llvm::LazyCallGraph::SCC, llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>, llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&>, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>, llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&>::run(llvm::LazyCallGraph::SCC&, llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>&, llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&) Inliner.cpp:0:0
#22 0x00005604d973bb52 llvm::DevirtSCCRepeatedPass::run(llvm::LazyCallGraph::SCC&, llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>&, llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&) (clang+++0x3a6cb52)
#23 0x00005604d9857d7d llvm::detail::PassModel<llvm::LazyCallGraph::SCC, llvm::DevirtSCCRepeatedPass, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>, llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&>::run(llvm::LazyCallGraph::SCC&, llvm::AnalysisManager<llvm::LazyCallGraph::SCC, llvm::LazyCallGraph&>&, llvm::LazyCallGraph&, llvm::CGSCCUpdateResult&) Inliner.cpp:0:0
#24 0x00005604d973a2b1 llvm::ModuleToPostOrderCGSCCPassAdaptor::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (clang+++0x3a6b2b1)
#25 0x00005604d9857afd llvm::detail::PassModel<llvm::Module, llvm::ModuleToPostOrderCGSCCPassAdaptor, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::Module>>::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) Inliner.cpp:0:0
#26 0x00005604d96ced57 llvm::PassManager<llvm::Module, llvm::AnalysisManager<llvm::Module>>::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (clang+++0x39ffd57)
#27 0x00005604d9853914 llvm::ModuleInlinerWrapperPass::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (clang+++0x3b84914)
#28 0x00005604db35ad4d llvm::detail::PassModel<llvm::Module, llvm::ModuleInlinerWrapperPass, llvm::PreservedAnalyses, llvm::AnalysisManager<llvm::Module>>::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) Canonicalization.cpp:0:0
#29 0x00005604d96ced57 llvm::PassManager<llvm::Module, llvm::AnalysisManager<llvm::Module>>::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (clang+++0x39ffd57)
#30 0x00005604da725371 (anonymous namespace)::EmitAssemblyHelper::RunOptimizationPipeline(clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream>>&, std::unique_ptr<llvm::ToolOutputFile, std::default_delete<llvm::ToolOutputFile>>&) BackendUtil.cpp:0:0
#31 0x00005604da71d1e6 clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::HeaderSearchOptions const&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::StringRef, llvm::Module*, clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream>>) (clang+++0x4a4e1e6)
#32 0x00005604dabc950f clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) CodeGenAction.cpp:0:0
#33 0x00005604dc2dd2c8 clang::ParseAST(clang::Sema&, bool, bool) (clang+++0x660e2c8)
#34 0x00005604dabc7595 clang::CodeGenAction::ExecuteAction() (clang+++0x4ef8595)
#35 0x00005604daad99fe clang::FrontendAction::Execute() (clang+++0x4e0a9fe)
#36 0x00005604daa41c3f clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (clang+++0x4d72c3f)
#37 0x00005604dabc1c76 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (clang+++0x4ef2c76)
#38 0x00005604d89aa1fa cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (clang+++0x2cdb1fa)
#39 0x00005604d89a636a ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&) driver.cpp:0:0
#40 0x00005604da8a0ee2 void llvm::function_ref<void ()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const::$_1>(long) Job.cpp:0:0
#41 0x00005604d9d9642c llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) (clang+++0x40c742c)
#42 0x00005604da8a068d clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const (clang+++0x4bd168d)
#43 0x00005604da85bc25 clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&, clang::driver::Command const*&, bool) const (clang+++0x4b8cc25)
#44 0x00005604da85beee clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&, bool) const (clang+++0x4b8ceee)
#45 0x00005604da87b55f clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&) (clang+++0x4bac55f)
#46 0x00005604d89a5637 clang_main(int, char**) (clang+++0x2cd6637)
#47 0x00007f2b1863c290 (/usr/lib/libc.so.6+0x23290)
#48 0x00007f2b1863c34a __libc_start_main (/usr/lib/libc.so.6+0x2334a)
#49 0x00005604d89a2465 _start (clang+++0x2cd3465)
clang-16: error: clang frontend command failed with exit code 134 (use -v to see invocation)
Compiler returned: 134
```
See it live (soon): https://godbolt.org/z/qKvfqdon5
Note that the version of clang in compiler explorer (2275e325e4bc7db4ea0f4fa527774be524c2c287) doesn't yet show this problem, so we know that it was introduced between then and 92b4946aa2f6e061bf0ab9803fc6a0657d9ce969. I expect compiler explorer to update their build before this gets fixed, so including compiler explorer link anyway.
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJzsW1tz4zay_jX0C0ouErw_-EGW7WRyJmdcYyf76GoCTRlnKEABQF_m158CSUkETdme7GQ32U2VM3ZI9O3rDw2QaIIxYi0Rz4L0PEgvTqC190qfcXgQ3Fgl8aRS_Pns9h5JrZpGPQq5Jg_QCE6sBmkasEJJ0kphg3gZhBdBuPs3C_sftt0OV2gsJGtajiSIVxIfg_hyLCGkJRDQIqAlCfLz3a1So221JGEQ767lF2M5Y3XLLGFKPqC2nqjaogarNBHSzmg-KN_0dw8mwnJiJQjLnZLlxg2dCOQXI2H374MSnFQzVneOgl4H-Tn4kqXEx8Fbd_-YhR24Y4MMWoOGsAbkmlhFmAZzTx6FvZ_NyyDkRgf03P3ES9I0D5uAXjWiCujVrctwrfTGBPTqFysa9_tmtbq-Uc0D6lOX2XiZlZGTZEoa28vHyyBe_gpNix_BWsHwssENSksCmh0GOEUfpLG_CiOs0v3FNdpBppO_UjqgxUQpCejSYdpZdKaXxqDueBhk4QcS0CiIL0g39saCxVOUfJcHmgU0IwGlvxKpLKlVKzkRcjSaSKXJNWjYmO5_N7B1GikNaE5qEA3y0x6764-Xy5tLYtpqIywBUrVronGrtHXw31u7Nc5tehXQq7Ww9211ylQH74By87BZbLX6P2Q2oFfCmBYdxAQ6n_qpYu9xyGQF7IvVwDCgK7LVuNWKoTHIiVGt7i87STBGMQEWOdGtJIZpsbWDyzcW2BfC2812P13D0yAsr7Vaa9g4TrYuVaZL6YEbZLEmC0UCemU324BeMbXZigb1Ap-2jdKoF7srNKRxSJNFEReLCFrT5PS0jXQc0CvV2m1rTw1ZbFzoZLF4KrIFmM3CPEsLT0F8IaTFhixuyKJmqlF6wQWspTJWMEMWtVSLDgv_srE8iC9Y7ykNyeLTmiz-IdUCH1A_23tXsxa1ASms-IpBfNFKjrWQyF0hGsDb1aLIwRHEK1R1EF-SLWiDmoAlKDlRNalFg_1I6kZ-2lqxEV9R99dIQOOQhE9hGIZpFia8xKiu6mg0Mcyz6f-41kLaLiG3fVZHRNfweKeM1QibjrKrviY4AhfjKUvPw6ckSsOqjlyt2PsQTXzgUOOcD59beSPWEpofQfIGtdnPkxkzCUKNnhk6MYM1mw111SDIdvtpMBbQopXdwsNJo5yVYxbrmvmBxZ5FXmY5rcjKceIzMuXy7cUT0GIAzhuzUtLikx0qWNj9tzeRDCbymlZRkaVRiSHpcLlqjd5Xx0ZU7NSo06zzNS5KDD1PU18NRFnC3lRTFFnCPDXZC2_igmgQBt_jU1x4ynJfWVylMSdQuYr1ljJK05h7yoqpsiR9O0BKk9QPsPTVJJAU2duhRUmR7dU4wvuzrk5LFo0Z_7tXm_FiQ14sfiPqOCeiiRMQlnTkhO6qjnPD7ViEkp65g_Jhyo9ubaBprq2-Qfths22CeDXjZXz5Qs4z1eHVXQ5ochf1f-52SMN25p8L3y8HdcJDyshsgH15EJttI-pn56X5IM8bxb54HpyDEWy4_J0QcaX2i5Brt9QLt368c8R8gaI5hpR5PPQLFKvjOo7cOuyC94K7auUhMWMHLsDCR3hWrR22OC88BO2YKyoN-vmDrNVu3HKiSG1uNeIvWw52IFXZ5XA-e8nUc6iqSfauwQwVXbfyfdEsJTTPRpifQcLaZX41IzQkah7kkCZQVR7I6djVKi1rVvGRTY4WRDOssmDMz4pjM2_ZJ9UuRO_qtUaD-gF5Hwqa3xeg-_kDkXN-n7ei4ccmZ-alN-NhBPk4SofTa5b-jEHP0CWGMIog9-iSj0OHnCLC96DLHwbZX5B-58C-oOTuKXGefoVHvzzmJSQja6sfblarW7VT7KBdctjul-qp2x_h6_MKmuYHDdv7_ez9piCOqRjL-2NoNrekvBjj3e0C60vwZzRtY1-jboYlJB51S7_SQVzV30bd90T5Cvjfi4q_G-x_EuljtP_L8-etek_DyYQrojh-R_F6T1R_J_rfXijKKI7HhYL6jx5Fmqfp9y8U_4Gk-bvA_Ul5_0E2Qh4rbnRS3KoqHT9oX-CD0PZmtfqMWwSL_PiDy18ep_n6wKqUevUhntYHnn__-jCP-99T7E9KnVenWDKZYkCr8bvdnxVvG7xV18rYT5qj7oy8uW_vxb4Jo0Hk9Ye-rKJV5BE-nRIevnHnvHN19U1Rfy-yH6I-Rr_vAOWrBJi8MGDI0_e8MJiD7d8e6BxnyrrmqfeigOYTzsRllLzI_gDaPzRst6iPryx_kNtVkZSR95BIvWfrKk6BJ9-L6jPB_qUYvgKppGDQiK9dq8I81cv_Oqr7p5SQ0zTOIyfr8HreqNYQCRs02-5kcjg3uNwIuzQGN1Xz_CM2292L_M-tHM5BO4yvxRYda_aedIOGN0TL_aux7tjW3Wml-K3Fu631A9PweLd91MLi3e4kdCTEsYa2sXccG7T4huDwWi17j9lbpZpP3Un1leiT-x6bE6mDwbdfjfmHtZBHPMKMjJBzsA9KehM-sBeHs_BLue5w7wIdDfkRgaO-QdDs3mVKSeOdLYyGrhTHH1C-Mao_gnhj0EeQ67khB9RurBZy_RnrudIznGf8uSg0f0QBCUbonUf6R-NQsTIN65lYVkqadrObSP2p9e2hs-oXKSbZXt7cDqfXuwrXJ6wHZZ5g3t6fUc4pK8a-XIM2uLy59S3d4AaGjFVKNYffsxhkWYiUFR4GyQSDPC3TGa4N-ey5_oSstbhL8dFmBKyLtEw9a96GD4CXZY1ja1fa4banz9jca4ZCKEddD85Q5htKIhbXflh9K8wHaSxIhvORHffs-FEYzymLa8-ZfIJxxHK_ePRmDz49KAYvXXjhc3_uOw89ZblPdm8DUpQAUQ2EsehuA8Jf4JZaw7Ob8PGK3YM-nFz2z2n-NboiD0rw475QxquoBs-XcuJLFmdAdiisotuOwuNj9w00za_IrNLDSfJLx7qEcC2OnXwn_mpaQIhIO99HVa0eXq_f6S787u6ui3DYDjBomgrYl7taOj8O6eltD6laRSu12YDkUw7Pwrwvd6orxeDv_A4VeH_0tBe4u2NPT9HQKFCBEcwVQ-F86jDyBrsLd1aDsGZ3e6IOmsZRzz0Z7u-7IctDZfH6-oJ9o8Kli23oE_pJVfMpiKadQYnXfDDX_7PfvdxAjc2zh-Dr2Tp2VM3yxO8HSOiUGVnByX9zZmeBq3iUFdwDLvaBSytG06PAddULXtT1HZpeqZsIugHHdjCvDF16S-OrsRWMUW-pSpJpbIj4rbH9pCpzPLCfVPVRmGMdJC9r3j6XWxAujV3X3PuxGG-w34UIoremJv7iXeRVmtbHrF-M_vaWt5l17RiS_0JE5ktFBSxNvaU8ySYrV5rFeW9vt47ufOim6PLVdTHLYu-BL5n2_jFavt3W6J6NQ0_NtOuPxQmQuzsndmcsaNv5-g7FceKt28l03aZJlpJe5ZEQ4yQ7TKvu_iLKgnhJUOvu_ePQC18P2yvChiT1XdxdazzBJ-FmCUcSxYkz1BokiwdiFTGIRIz2S4Ol3VaJ9N8OoKOJE36lNf_GabKkEQ9d16ZRvbp4Oe0SV7xSjT1Veh3Qq68Bvfrtfx7q37iS6Vjd_yqLxN6D7brDH1AboSRRw4QhQpJdNzbZ9Wc7s5TmKcY0xaRiOa8ShLBOakhpnudJhSlNGGW0yLvNjkIjA5pb8oyWmHv1SOy9MGSrVdVg_xylyCOSL7K7BdYF-AiGCGm14i1DTiq0j4jSeSm71vSSVkmZZAC0zjDMoqoOoSqLMK5ZBmGW5rxkWGblKfngPMfus45pJFaRtnuX7fQKTapWNM5WrTT2Tq7RGlKLJ-SDn30zvZDrGXWNkF8IyOdHeD494WcxL-MSTvAsyvIki-KizE_uz1iWFcCwLiOMi7wAHmd5nrM8LIoirzM8EWdd43tE05DGUZyf5iXjNQOaxBxCLOMgCXEDojl1Nccl-KTr9z_LQpoXJw1U2JjuKxxKu09A3M2A0iC9ONFnTmZRtWsTJGEjjDUHLVbYBs_-5Z9A9JNHjd76dG_-2sqA3H2IoLFGjZKhS9lD9-lGJ9V_ANNzdveBTscgt_01ZKuEtH2ed5sw516QhRIfgyw8aXVz9vu_rugA__8AAAD__7HA6R8">