<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Issue</th>
<td>
<a href=https://github.com/llvm/llvm-project/issues/100492>100492</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>
[clang static analyzer] Clang crashed: Assertion `EVResult.Val.isInt() && "Expression did not evaluate to integer"' failed.
</td>
</tr>
<tr>
<th>Labels</th>
<td>
clang
</td>
</tr>
<tr>
<th>Assignees</th>
<td>
</td>
</tr>
<tr>
<th>Reporter</th>
<td>
iamanonymouscs
</td>
</tr>
</table>
<pre>
Clang crashed when using `MallocOverflow` analyzer
Compiler explorer(assertion trunck): https://godbolt.org/z/M4hvjKs5M
```
$ cat program.c
#include <stdlib.h>
void test (int n)
{
int *p = (int *)malloc (n * 2.4);
free (p);
}
$ clang --analyze --analyzer-output text -Xclang -analyzer-checker=alpha.security.MallocOverflow program.c
clang: /home/compiler/llvm/clang/lib/AST/ExprConstant.cpp:16236: APSInt clang::Expr::EvaluateKnownConstInt(const ASTContext &, SmallVectorImpl<PartialDiagnosticAt> *) const: Assertion `EVResult.Val.isInt() && "Expression did not evaluate to integer"' failed.
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0. Program arguments: /home/software/llvm-trunk-eed7c5e/bin/clang --analyze --analyzer-output text -Xclang -analyzer-checker=alpha.security.MallocOverflow program.c
1. <eof> parser at end of file
#0 0x00007eff09da6617 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/home/software/llvm-trunk-eed7c5e/bin/../lib/libLLVM.so.19.0git+0xffc617)
#1 0x00007eff09da2b92 llvm::sys::RunSignalHandlers() (/home/software/llvm-trunk-eed7c5e/bin/../lib/libLLVM.so.19.0git+0xff8b92)
#2 0x00007eff09da526f llvm::sys::CleanupOnSignal(unsigned long) (/home/software/llvm-trunk-eed7c5e/bin/../lib/libLLVM.so.19.0git+0xffb26f)
#3 0x00007eff09c318e4 (anonymous namespace)::CrashRecoveryContextImpl::HandleCrash(int, unsigned long) CrashRecoveryContext.cpp:0:0
#4 0x00007eff09c31d4b CrashRecoverySignalHandler(int) CrashRecoveryContext.cpp:0:0
#5 0x00007eff0888a520 (/lib/x86_64-linux-gnu/libc.so.6+0x42520)
#6 0x00007eff088de9fc pthread_kill (/lib/x86_64-linux-gnu/libc.so.6+0x969fc)
#7 0x00007eff0888a476 gsignal (/lib/x86_64-linux-gnu/libc.so.6+0x42476)
#8 0x00007eff088707f3 abort (/lib/x86_64-linux-gnu/libc.so.6+0x287f3)
#9 0x00007eff0887071b (/lib/x86_64-linux-gnu/libc.so.6+0x2871b)
#10 0x00007eff08881e96 (/lib/x86_64-linux-gnu/libc.so.6+0x39e96)
#11 0x00007eff23d79a6f (/home/software/llvm-trunk-eed7c5e/bin/../lib/libclang-cpp.so.19.0git+0x15b1a6f)
#12 0x00007eff28ba963f void clang::ento::check::ASTCodeBody::_checkBody<(anonymous namespace)::MallocOverflowSecurityChecker>(void*, clang::Decl const*, clang::ento::AnalysisManager&, clang::ento::BugReporter&) MallocOverflowSecurityChecker.cpp:0:0
#13 0x00007eff28609a36 clang::ento::CheckerManager::runCheckersOnASTBody(clang::Decl const*, clang::ento::AnalysisManager&, clang::ento::BugReporter&) (/home/software/llvm-trunk-eed7c5e/bin/../lib/libclang-cpp.so.19.0git+0x5e41a36)
#14 0x00007eff2902912f (anonymous namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int, clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*, llvm::DenseMapInfo<clang::Decl const*, void>>*) AnalysisConsumer.cpp:0:0
#15 0x00007eff28fe0b7a clang::RecursiveASTVisitor<(anonymous namespace)::AnalysisConsumer>::TraverseFunctionDecl(clang::FunctionDecl*) AnalysisConsumer.cpp:0:0
#16 0x00007eff28fd9f81 clang::RecursiveASTVisitor<(anonymous namespace)::AnalysisConsumer>::TraverseDecl(clang::Decl*) AnalysisConsumer.cpp:0:0
#17 0x00007eff28fd759d (anonymous namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&) AnalysisConsumer.cpp:0:0
#18 0x00007eff2362309e clang::ParseAST(clang::Sema&, bool, bool) (/home/software/llvm-trunk-eed7c5e/bin/../lib/libclang-cpp.so.19.0git+0xe5b09e)
#19 0x00007eff27f0bed5 clang::FrontendAction::Execute() (/home/software/llvm-trunk-eed7c5e/bin/../lib/libclang-cpp.so.19.0git+0x5743ed5)
#20 0x00007eff27dc4cbb clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/home/software/llvm-trunk-eed7c5e/bin/../lib/libclang-cpp.so.19.0git+0x55fccbb)
#21 0x00007eff2800cfd1 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/home/software/llvm-trunk-eed7c5e/bin/../lib/libclang-cpp.so.19.0git+0x5844fd1)
#22 0x0000563ba8d571bf cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/home/software/llvm-trunk-eed7c5e/bin/clang+0x1d1bf)
#23 0x0000563ba8d4ca94 ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&, llvm::ToolContext const&) driver.cpp:0:0
#24 0x00007eff277435de void llvm::function_ref<void ()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const::$_0>(long) Job.cpp:0:0
#25 0x00007eff09c317cd llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) (/home/software/llvm-trunk-eed7c5e/bin/../lib/libLLVM.so.19.0git+0xe877cd)
#26 0x00007eff27740e35 clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const (/home/software/llvm-trunk-eed7c5e/bin/../lib/libclang-cpp.so.19.0git+0x4f78e35)
#27 0x00007eff276cbaee clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&, clang::driver::Command const*&, bool) const (/home/software/llvm-trunk-eed7c5e/bin/../lib/libclang-cpp.so.19.0git+0x4f03aee)
#28 0x00007eff276cc17d clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&, bool) const (/home/software/llvm-trunk-eed7c5e/bin/../lib/libclang-cpp.so.19.0git+0x4f0417d)
#29 0x00007eff27700557 clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&) (/home/software/llvm-trunk-eed7c5e/bin/../lib/libclang-cpp.so.19.0git+0x4f38557)
#30 0x0000563ba8d4bf57 clang_main(int, char**, llvm::ToolContext const&) (/home/software/llvm-trunk-eed7c5e/bin/clang+0x11f57)
#31 0x0000563ba8d73e25 main (/home/software/llvm-trunk-eed7c5e/bin/clang+0x39e25)
#32 0x00007eff08871d90 (/lib/x86_64-linux-gnu/libc.so.6+0x29d90)
#33 0x00007eff08871e40 __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e40)
#34 0x0000563ba8d486d5 _start (/home/software/llvm-trunk-eed7c5e/bin/clang+0xe6d5)
clang: error: clang frontend command failed with exit code 134 (use -v to see invocation)
clang version 19.0.0git (https://github.com/llvm/llvm-project.git eed7c5e29c1dc5f78bd01608430e2b4e0c439bb1)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /home/software/llvm-trunk-eed7c5e/bin
Build config: +assertions
clang: note: diagnostic msg:
********************
PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang: note: diagnostic msg: /tmp/program-a97095.c
clang: note: diagnostic msg: /tmp/program-a97095.sh
clang: note: diagnostic msg:
********************
```
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJzkWktT47j2_zRmoyJly-8FixCSGWaaPxRk-n93KVk6TjQ4kkuSecynvyXZCVYC3ZPpoTe3iwZbj6NzfucpyURrvhYAF0F6GaRXZ6QzG6kuONkSIcXrVnaa6rNKsteLWUPEGlFF9AYYet6AQJ3mYo2CLLwhTSPp7ROoupHPQRYiIkjz-heoILwKwulMblvegELw0jZSgQpwQbQGZbgUyKhO0McAl0E8RRtjWh3E0wAvArxYS1bJxkykWgd48VeAFzfJ5unP33V601Mefmfh8NO_4gRRYlCr5FqR7YTummMuaNMxQEE804Y1vJpsgng-JvUkOUMGtEEBLrgwSFjG-gH5Zf-AkO0I8LRFQXy1GxjgaYDLrYPCtgnbgvAkcZLtp9YKwHa34-Ygv_LkwQlC1AF-fj5A-fakzmVn2s4gAy8Gnf9nGLjvpRugj6CC-Io07YZMNNBOcfM68dV0CI8jY1UQ4MVGbiHACzroLcCLpnna2hY3CC8aXgV4MX1YBngxf2nVTAptiDAT2rZBPI0yHGeW1vTu4VoYtKMdxFM7enh6Ik1HDPwu5LNwBK6FCXBB7SOaPixnUjgRA5wFeIYeLLZfgRqprrdtE8SzO6IMJ80VJ2shteF0aoJ4PmgCOTqOib2pBVk4_3oPumvM5CtpJlz3S9rhbpUMBRhbFkFrO4FxhoQ0CAZekZFW-bC2oOAA56gmvAE26TG8-zKfPsyR7qotN4igqlsjBa1Uxk48sG1uNl01oXL7Bq_9c94q-SdQE-AF17oDHeAFIoKhnfGaDfR-iCpCH40iFCw8rYJWSQpaA0NadqpvtjOJ1pJyYoAh1QmkqeKtGVh-MIQ-ItZtrd76pnCC7nrbQEStuy0Io33D0LI2z0TBjmXrwo_nACynqW2suNgZy0-04GiC3L8gnoGsrSW0RGlQiBgEgiFZo5o3MHhigOMQhS9hGIY51HVYMpJlUY6cKpyB6lfdP9wpLowDatmjXbwNUuR5JbVRQLaDnXJrUtaeilMBm0z2rtXw6suXrzcTLSdROQnX3AT4Mnypa5pF-T4kWSGiAyFwVeL3hLjvxANfC9L8SgRrQOm93X8Kn0VVYo9PfMBnirP6PT5nDRDRtbcDtwEuOuGyFEONtMHn01iucFZ7LMceyzSOCkjs4vvkiATZgm6dTZQD-9Yz74HKJ1CvQwTrw5Xt7bF3Y_q0YQ3mSL73aAyRNXT_9xwmhxyypPKnezrfrXnKEul4iaIoSIrDQQM9ni9FtsqS84aL7uV8Lbq-g1p8M4dsglMcesBmPk0GZU1RazYKCFs98qY5bYEyK2vqLZAfMp3kGVprh8WpzCd55tEufNp5mNcxIpUN8idRxkVexx7l8ohyVJ1MM6reKhYcR-EBEhGU2Wk04xLKzKM5Djk4ZnlJsvrHndJlgXPatoeeGaVVREauaVkYRxNcVKTM4hq54m1Ua4Awsn9yGaV_dIUFg0vJXvuGlevs32ff8W4_AT0MeWm2y1fzABeWCVeBzMasXAFthorkqO-NzanNgJrrGyKIKzGyD4dedut7V1kMw0r0Td6OfduiGHsoZmFJ4uz95QYyO8b61NeJoVnfiunD0kGIi58r9eeZXQpJRGLf8sfxFpchLiNcfy8j7MSzJW633YE3ZALJ4BiyAax9XhjyxLuI2GJ1LtZcQP9-LRouuFjfSGZLx9koxV6B0PAAJohn39LRwYQb0l6LWn5nkrP6eO5cwFXfh1K_b4CpZ4A1hFVOxnLeWyvW_AmmD8uvXHMj1fed9Bjwed-xVOQJlIZFJ6jdD_RYj9H3e04QJPMFYWVdRJ8vyLEAJzOeHzCepyX7EYteKiJ0QyyIfwhufO7eNnWD9_49Hgsv32Q4DksYg3tny3y3GR0v9gBbMsSSSsrm7e9nBg1Iq7AEL2aMszrO67AClo65XygLiWBTZ3k7rwbaGfi3SvSPY1yexMDSMb849PhlNKFVNeZ3d5pz7bb8FDyOByF8p_IF_PS4ndaUVl4VhL2KpQhDWrPIP5Vw3L-J9iQpOZbkSPTe0z5RliJJahZ5suxKnzSLK1KwNI-qGlEarbbEkh7tTadKkdd7qG3s3hD1FrBtlJ4hv20XxP-xSMPZkC3YWFR55RqOfZ4TSsoE7UCfRUvnlyPOj896jgXI_GRlaexOjIZxztCY4k8fBBbspfM8T-KUQV9FvtGth5SwUg5I19v75T4cU9I0FaGPq1r4abJfe7CdWTST2y0R7NDF31WYNsM42drVicVghI9RXKzdyPmgzf2E1Yq-vERR_1IRzelKu-EDit5g27AyinCjd90H5FxVSfp8tesfsvwuoHrHbe6AK1mFfTW829L-Jqv3VZAe7mBzOkb_vX3q23kGqaF59RD8trY-6-wAijynzLP47MC0Qoi9qP8_ZxqfGCWTOi8g9rOYV9fkGa0IwIf4u7BOjtLvTileDjiYaAeM4s3sG2uMh069yuRnQBTGBLzCBBcHENEoZ6dC9Jus9Mf4_CarL1wbD59vBfm9ZbWEW6M63vh8E9LB_H42sEmU-77vV3x5GKZp_pEQV6Nnrwp5p_z4SCE_EdjPLHaSOi7SNB9DuT-i3xUOVb2Dclfu7ERx4Wt6tIf9qCz4sQInqg_4jHw-8xhwiiyHP7ZQXAL24pp_jF4UecTKE49jccnK0KMZH9KEJESrlZ220oYosxpJ8rdXgcRfJTlQZZGxFPX0fwwkyEY7mP01JihlE9N0uEith00IooNx9xd36JmbDYIXbq2DAYpid8LfaUDnT8hIpAEQH20HxssguwnnUiBrxc6O7dzTrvkmdtYgGy5pxGha50XFwigLiyQOAVcJhDSJy6p62wcsiVqDu9wcFNGJRyGfxUgh_Th3pI62kkFjR7dS85e-y-1hmgbYFVen3-45Epcdb1yUqPlwc3y5v9bXB-oQ0tidImL7y1q01f2swUJ-4Gd0dz5cwU6Xy-nsV7T8dY4Wt1--3P7_9f_9ghbXX-YPaHnrmi__-AXdz-9u75f7i8-7965QC23DxYfXqPsBCpCrhoAhYvYk_478eGG2bYAXw3XmOSnzsEyP7uVPp6A3pyrh31LF7oOMM3YRszIuyRlcRDmOihwnSXm2uagiGqeMlTkr6wxSXGZ5nkBapxgwxTg64xc4xEmY4zSM0iQsJ1meRBUGGscZpnVUBkkIW8KbibXRiVTrM3ddfhGFYVLis4ZU0Gj3YQvGQ6zAQXp1pi6cUVfdWgdJ2HBt9BsJw03jvobp_VsbYjHaf82SXiHvO5if9XXBWaeai3_--cAAydMF_m8AAAD__5Ky830">