<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/79575>79575</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            [analyzer] Crash on using non-type template arguments
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            clang:static analyzer,
            crash-on-valid
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          steakhal
      </td>
    </tr>
</table>

<pre>
    clang 18.1.0 crashes on the following code snippet, while clang-17 does not.
https://godbolt.org/z/h3sME4Gdz

This is a nullpointer dereference.

```c++
constexpr char abc[] = "abc";
void use(const char *fmt);

template <const char* in>
void use_template_param() {
  const char *p = in;
}
void force_instantiate() {
 use_template_param<abc>();
}
```

Stack trace:
```
#0 clang::Stmt::getStmtClass (this=0x0) at clang/include/clang/AST/Stmt.h:1357
#1  ignoreTransparentExprs (E=0x0) at Core/Environment.cpp:41
#2  ignoreTransparentExprs (E=0x0) at Core/Environment.cpp:62
#3  ignoreTransparentExprs (E=0x7f2d5418c080) at Core/Environment.cpp:62
#4  ignoreTransparentExprs (E=0x7f2d5418c098) at Core/Environment.cpp:62
#5  ignoreTransparentExprs (S=0x7f2d5418c0f8) at Core/Environment.cpp:67
#6 clang::ento::EnvironmentEntry::EnvironmentEntry () at Core/Environment.cpp:73
#7  clang::ento::ProgramState::getSVal () at Core/PathSensitive/ProgramState.h:807
#8  0x00007f2d68e76926 in clang::ento::ExprEngine::VisitCast () at Core/ExprEngineC.cpp:337
#9 0x00007f2d68e38cdc in clang::ento::ExprEngine::Visit () at Core/ExprEngine.cpp:2280
#10 0x00007f2d68e35039 in clang::ento::ExprEngine::ProcessStmt () at Core/ExprEngine.cpp:1134
#11 0x00007f2d68e34ccd in clang::ento::ExprEngine::processCFGElement () at Core/ExprEngine.cpp:976
#12 0x00007f2d68dfb5ff in clang::ento::CoreEngine::HandlePostStmt () at Core/CoreEngine.cpp:499
#13 0x00007f2d68dfad62 in clang::ento::CoreEngine::dispatchWorkItem () at Core/CoreEngine.cpp:220
```

In the AST, we have this segment for the `const char *p = in;` variable declaration:
```
`-VarDecl <col:3, col:19> col:15 p 'const char *' cinit
  `-SubstNonTypeTemplateParmExpr <col:19> 'const char *'
    |-NonTypeTemplateParmDecl <line:4:11, col:23> col:23 referenced 'const char *' depth 0 index 0 in
    `-ConstantExpr <line:6:19> 'const char *'
      |-value: LValue <todo>
 `-OpaqueValueExpr <col:19> 'const char *'
```

That dump comes from the `TextNodeDumper.cpp`:
```c++
  case APValue::LValue:
 (void)Context;
    OS << "LValue <todo>";
    return;
```
So, some APValue must be of kind `LValue`.

Anyways, bisections blames 5518a9d7673bfe55b4110bea049140316d032fbf (`[c++20] P1907R1: Support for generalized non-type template arguments of scalar type. (#78041)`, 2024.01.21.) commit for introducing this crash.

This is a regression, as clang-17 did not crash on the same input.

Notes for myself: CPP-4927
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJysV11v47oR_TXMy8AGRerzwQ9ex769wO1eow7SxwVFjSx2JVIlqWyyv76g5M_Em02AAoZNycNz5gyH5IxwTu014oIkX0hyfycG3xi7cB7F90a0d6WpXhayFXoPUT6P5hSkFa5BB0aDbxBq07bmh9J7kKZCcFr1PXrCVvCjUS3COHcWZVAZdKCNnxN6T-iy8b53hC8J2xC22ZuqNK2fG7snbPOTsE3D3T_X8R_Vz8l8-n5olAPlQIAe2rY3Snu0UKHFGi1qifNLa5LS6SMJ-xI-41tptPP43FuQjbAgSjlJB8LvgTAWXjBG-MH8yagKBoeE5ePMaRZhy7rzhBUnu-nbY9e3wiMQvjqbE7YEpQlfX0N-O1p_64UVHWE5YQWQ7IAIcE3Yjx4GnCNldn8BWBsr8ZvSzgvtlfD4Bu8GJV8FuXw92b5FPoXwUuTOC_kdvBUSwwLeNGScTksfLPhy5zs_jfbow8OqFc4BYblvlCP8nj7T4Kzwh1lso7RshwoJ2xzfLHcPhG3C7HlD-DLiSXZiiwDUXhuLD1Zo1wuL2q-feztyrK8IVsYG1LV-UtboDrWfy74nfBlHJzj2f4BL2QmO_x4uq1mVxFEuaf4Z5PgzyEX-CeTkPeTdK-T698jntUovMwO1N9PoYs5ae_ty-y0c0vo9royfuDK4Tba1Zm9Ft_Nho5wS81G0b_G3wjc71E559TQ-X0wdEzGnZ205AH2mlNIQmzTHLC1YCkr_QvJzb9d6r_TBh0fllF8J52-oPJmuDio5P9MW16w8l5X8HOt7jAdCxvLz9o7oK8qE8uLDlFtrJDoX9vIHiKOIx2fi6BVxLGX1YeJ-Il5t_li3GFLmA_RFlp7Z2RV7VZdJXf-SPSBesv9D6KrFrXH-tvKz_fFIKoozNX9FLaqUfZi6Uq4XXjb_Nvb7nx67D5AzRt-5Bf6c7v_xUF7BD4RGPCGE4xwc7sfQ1saONuEK_uVVllJ4ElaJskWoULbCCq-M_uXNktLZo7D3KNvpkm3DVgguTMOoIHx9HCfQA2HZNTlhGUillT9eswFyN5TOfzX64aXHh8MduRW2C8lw5pnAbyEesQBItprdADo63E4rEo9pfXab8bPbjMOpoKlu-19h7xugoHSFz-PvhQMpna3MVAcc3T-wph_UMKl4Eu0QZsFfj2EUcLypzKmOGZn-7sV_BxwNPherm0n10AgP1dD1IE2HDmprumMKPeCz_2oqvB-6Hu2Yoyl9myZXxR6AFA5huX08aCF8-ddpfFDB8lBAEVasjPb47E9lUAjE37sgifBVqA3fBuKiUgzWFv1gLyq0a407Exbcme7kEXSD81AimBq-K10FnQf_UnpVzC71yw_x4gJAqRzKsEcclK0IYUqSKBdFlaUZL2tMkjKOIlqioHERxZRHaUU5q8t63PQpJcmXQ5QYDZXvNipo9q8oLPVu6Htjp627R41WtOonVqCNnvmXHuFU4Qq7H8Iud8F3J0UrLASL-XSy8CyncRSKypQGpxll8ZxGcxbNw7EjTdepiUZpb001yNBDjMfH2GHMb9f9FvcWnQsHBFuBcBf9hQpe-mn2sTtxokNQuh_8Fd5X40NyGQvdi8O2DspX2-0sLlh2Vy14VfBC3OEiymjK0ozG_K5ZxDKlWSJQFlFZVXWWIc3zjGdlwqqCVtmdWgSRNGJpFNGYRvOoykXEskLmlKOkMYkpdkK187Z96kKvc6ecG3CRFUmW3LWixNaNjRhjxzPdeeGVBKFF-_ITbcg3tgr_B5Uzo8MmDbnLQvNmFwF4Vg57R2LaKufdmcor345t3gkruYfVMViDC-F_Z5XvBtsuXjVtyjdDOZemI2wTeA4_s96a_6D0oYgP-hxhm1Hi_wIAAP__4A5K0g">