<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/107066>107066</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            [clang-tidy] Segfault in runCheckersForEvalCall (clang-tidy 18.1.8)
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            clang-tidy
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          lbonn
      </td>
    </tr>
</table>

<pre>
    The toolchain was installed from https://apt.llvm.org/ on Debian bullseye.
It only crashes on the 18 release, not on latest 19 (19.1.0-rc3?)

Sample program:

```cpp
#include <algorithm>
#include <iostream>
#include <ranges>
#include <string>
#include <unordered_map>
#include <vector>

int main() {
    try {
 std::unordered_map<std::string, std::vector<int>> to_add = {{"a", {1, 2}},{"b", {3,4}}};

        const auto added = std::ranges::fold_left(
            to_add |
 std::views::values |
            std::views::transform([] (const auto& vector) {
                return static_cast<int>(vector.size());
 }),
            0, std::plus<int>());

        std::cout << "added: " << added << "\n";
    } catch (...) {
    }
 return 0;
}
```

```
$ LLVM_SYMBOLIZER_PATH=llvm-symbolizer-18 clang-tidy --extra-arg=-stdlib=libc++ --extra-arg=-std=gnu++23 crash.cpp
Error while trying to load a compilation database:
Could not auto-detect compilation database for file "crash.cpp"
No compilation database found in /home/xx/lab/cpp or any parent directory
fixed-compilation-database: Error while opening fixed database: No such file or directory
json-compilation-database: Error while opening JSON database: No such file or directory
Running without flags.
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace.
Stack dump:
0.      Program arguments: clang-tidy --extra-arg=-stdlib=libc++ --extra-arg=-std=gnu++23 crash.cpp
1.      <eof> parser at end of file
2.      While analyzing stack:
        #0 Calling main()
3.      /home/xx/lab/cpp/crash.cpp:18:16: Error evaluating statement
4.      /home/xx/lab/cpp/crash.cpp:18:16: Error evaluating statement
 #0 0x000074b8ca5d9f16 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/usr/lib/x86_64-linux-gnu/libLLVM-18.so.18.1+0xd9cf16)
 #1 0x000074b8ca5d7ec0 llvm::sys::RunSignalHandlers() (/usr/lib/x86_64-linux-gnu/libLLVM-18.so.18.1+0xd9aec0)
 #2 0x000074b8ca5da5e0 (/usr/lib/x86_64-linux-gnu/libLLVM-18.so.18.1+0xd9d5e0)
 #3 0x000074b8d4d7e140 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x13140)
 #4 0x000074b8d3b57b6c (/usr/lib/llvm-18/bin/../lib/libclang-cpp.so.18.1+0x2cf0b6c)
 #5 0x000074b8d3b30743 clang::ento::ProgramState::invalidateRegionsImpl(llvm::ArrayRef<clang::ento::SVal>, clang::Expr const*, unsigned int, clang::LocationContext const*, bool, llvm::DenseSet<clang::ento::SymExpr const*, llvm::DenseMapInfo<clang::ento::SymExpr const*, void>>*, clang::ento::RegionAndSymbolInvalidationTraits*, clang::ento::CallEvent const*) const (/usr/lib/llvm-18/bin/../lib/libclang-cpp.so.18.1+0x2cc9743)
 #6 0x000074b8d3b30a06 clang::ento::ProgramState::invalidateRegions(llvm::ArrayRef<clang::ento::SVal>, clang::Expr const*, unsigned int, clang::LocationContext const*, bool, llvm::DenseSet<clang::ento::SymExpr const*, llvm::DenseMapInfo<clang::ento::SymExpr const*, void>>*, clang::ento::CallEvent const*, clang::ento::RegionAndSymbolInvalidationTraits*) const (/usr/lib/llvm-18/bin/../lib/libclang-cpp.so.18.1+0x2cc9a06)
 #7 0x000074b8d3ab918b clang::ento::CallEvent::invalidateRegions(unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>) const (/usr/lib/llvm-18/bin/../lib/libclang-cpp.so.18.1+0x2c5218b)
 #8 0x000074b8d3b09ceb clang::ento::ExprEngine::conservativeEvalCall(clang::ento::CallEvent const&, clang::ento::NodeBuilder&, clang::ento::ExplodedNode*, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>) (/usr/lib/llvm-18/bin/../lib/libclang-cpp.so.18.1+0x2ca2ceb)
 #9 0x000074b8d3b0c3b7 clang::ento::ExprEngine::defaultEvalCall(clang::ento::NodeBuilder&, clang::ento::ExplodedNode*, clang::ento::CallEvent const&, clang::ento::EvalCallOptions const&) (/usr/lib/llvm-18/bin/../lib/libclang-cpp.so.18.1+0x2ca53b7)
#10 0x000074b8d3ac5c38 clang::ento::CheckerManager::runCheckersForEvalCall(clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNodeSet const&, clang::ento::CallEvent const&, clang::ento::ExprEngine&, clang::ento::EvalCallOptions const&) (/usr/lib/llvm-18/bin/../lib/libclang-cpp.so.18.1+0x2c5ec38)
#11 0x000074b8d3b04191 clang::ento::ExprEngine::handleConstructor(clang::Expr const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) (/usr/lib/llvm-18/bin/../lib/libclang-cpp.so.18.1+0x2c9d191)
#12 0x000074b8d3ae82de clang::ento::ExprEngine::Visit(clang::Stmt const*, clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&) (/usr/lib/llvm-18/bin/../lib/libclang-cpp.so.18.1+0x2c812de)
#13 0x000074b8d3ae5bb3 clang::ento::ExprEngine::ProcessStmt(clang::Stmt const*, clang::ento::ExplodedNode*) (/usr/lib/llvm-18/bin/../lib/libclang-cpp.so.18.1+0x2c7ebb3)
#14 0x000074b8d3ae58df clang::ento::ExprEngine::processCFGElement(clang::CFGElement, clang::ento::ExplodedNode*, unsigned int, clang::ento::NodeBuilderContext*) (/usr/lib/llvm-18/bin/../lib/libclang-cpp.so.18.1+0x2c7e8df)
#15 0x000074b8d3acc9c7 clang::ento::CoreEngine::dispatchWorkItem(clang::ento::ExplodedNode*, clang::ProgramPoint, clang::ento::WorkListUnit const&) (/usr/lib/llvm-18/bin/../lib/libclang-cpp.so.18.1+0x2c659c7)
#16 0x000074b8d3acc531 clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*, unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>) (/usr/lib/llvm-18/bin/../lib/libclang-cpp.so.18.1+0x2c65531)
#17 0x000074b8d3eee8e5 (/usr/lib/llvm-18/bin/../lib/libclang-cpp.so.18.1+0x30878e5)
#18 0x000074b8d3ece94e (/usr/lib/llvm-18/bin/../lib/libclang-cpp.so.18.1+0x306794e)
#19 0x000074b8d386388c clang::MultiplexConsumer::HandleTranslationUnit(clang::ASTContext&) (/usr/lib/llvm-18/bin/../lib/libclang-cpp.so.18.1+0x29fc88c)
#20 0x000074b8d19ecfb6 clang::ParseAST(clang::Sema&, bool, bool) (/usr/lib/llvm-18/bin/../lib/libclang-cpp.so.18.1+0xb85fb6)
#21 0x000074b8d3827c95 clang::FrontendAction::Execute() (/usr/lib/llvm-18/bin/../lib/libclang-cpp.so.18.1+0x29c0c95)
#22 0x000074b8d37a1be4 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/usr/lib/llvm-18/bin/../lib/libclang-cpp.so.18.1+0x293abe4)
#23 0x000074b8d3a13734 clang::tooling::FrontendActionFactory::runInvocation(std::shared_ptr<clang::CompilerInvocation>, clang::FileManager*, std::shared_ptr<clang::PCHContainerOperations>, clang::DiagnosticConsumer*) (/usr/lib/llvm-18/bin/../lib/libclang-cpp.so.18.1+0x2bac734)
#24 0x00005df92722d43f (/usr/lib/llvm-18/bin/clang-tidy+0x136d43f)
#25 0x000074b8d3a13454 clang::tooling::ToolInvocation::runInvocation(char const*, clang::driver::Compilation*, std::shared_ptr<clang::CompilerInvocation>, std::shared_ptr<clang::PCHContainerOperations>) (/usr/lib/llvm-18/bin/../lib/libclang-cpp.so.18.1+0x2bac454)
#26 0x000074b8d3a12354 clang::tooling::ToolInvocation::run() (/usr/lib/llvm-18/bin/../lib/libclang-cpp.so.18.1+0x2bab354)
#27 0x000074b8d3a1527a clang::tooling::ClangTool::run(clang::tooling::ToolAction*) (/usr/lib/llvm-18/bin/../lib/libclang-cpp.so.18.1+0x2bae27a)
#28 0x00005df92722966d clang::tidy::runClangTidy(clang::tidy::ClangTidyContext&, clang::tooling::CompilationDatabase const&, llvm::ArrayRef<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>, llvm::IntrusiveRefCntPtr<llvm::vfs::OverlayFileSystem>, bool, bool, llvm::StringRef) (/usr/lib/llvm-18/bin/clang-tidy+0x136966d)
#29 0x00005df9265bbe8f clang::tidy::clangTidyMain(int, char const**) (/usr/lib/llvm-18/bin/clang-tidy+0x6fbe8f)
#30 0x000074b8c937bd0a __libc_start_main ./csu/../csu/libc-start.c:308:16
#31 0x00005df9265b705a _start (/usr/lib/llvm-18/bin/clang-tidy+0x6f705a)
Segmentation fault (core dumped)
```
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJzsWktv47qS_jXKhrAhkdZrkUVix3My6EfQzpyDmY1BUSWbp2VSICm3c379gHrYomKn091u3Lu4QWAnIlmPrz5WlShRrflGANx64b0XLm5obbZS3ZaZFOImk_nL7fMWkJGyZFvKBfpGNeJCG1qWkKNCyR3aGlNpj9x5eOnhJa3MtCz3u6lUGw8vkRRoARmnAmV1WWp4gannLzz_7tEgKcoXxBTVW9B2otkCChKkoASqwcNzJKSdhUpqQBsUpMjDSZBOg6k_UYx4ZOnhtBXXfq7orioBVUpuFN1ZowaDXuS3v6yquiuYcMHKOgfkkTktN1Jxs9155OHcOJfaKKCXhhUVG9AXBrVRXGwuDNZCqhwU5OsdrS7M2QMzUp0Gm08uDNpRLjyceDhFXnzfXkcIIaNeBhe0yS0a5G6ka34c6CzE89PcXuecC2M1kwdk5JrmOfLIohEe33sYUw9ju86L7wP7jb14YX_xvB3PTuPEw_NZNxwvPHI_9AZ1P0wKbRCtjUQ0z6HVdjSqh9n-XcgyX5dQGAuAI6NBoLM1no9B2HP41onY07IGPZg0-Dk33ygqdCHVzqps9ozl5MlkD0eow20ckeGPAlMrgbShhrM1o9qcYMZJK2Cq-T_Qhtb-9mChBtvUwvtKtO_EryprPRQ7EuQuP65isjaWcR6ZIxtdGwKP3Nm_-8t9WPo5XjgX9osMvPXiBWLUsK3FZzqdvoLDutH-04Hhnyzrh45b9uw-7vfJDH348OfH9ep_P95__vD4fw9f1k93z394ZGET0US_7DJZ8n9ATYIEsZKKzcTw_AVNJnAwik6o2nhkMdEmL3lmV_GMefjew_dnpnhksRF1O4xJm72mx4TyoJRU6NuWl2A3IBcbZCQqJc0RRUzuKl5Sw6VAOTU0s0muT1FzWZd5k-8siyY5GGDm7BJUSIUKq8HD-KQf41bQJ3lpVS1yxAXy8HIrd-Dh5eHg4WVJMw8vWVUhqRAVL6iiCoRBOVcNC19asQU_QD4ZSJ4MXEBDv2UFwjrerBg6ij5JpGu2bY2Xaqziby3FD2n479XnTz-i4EstmnXfuNlakhcl3eiuHD19eLhbPSBdZztuEEVZvUEKKqmMjaBb4zbcbOtsyuTO4lfu-69JpeTfwIyHl1zrGrQtgLRBvc3jtsA1EUMZZV-NoqyvhitD2VeU17vqyAh_6vnpU1vJEFWbegfCWCN-M4cDq9cjc5CFzfgVVRoUogaByJEsGnDbmdjO_KsJCRW0fPnHgqutJ4PKm3qY-GhOy9KOnqpVO04aZRcYaT-PtpG7ILEf0YkNYJM3NZ1WAxagVuzs94hFjS_-wfd9P55lCaNhnhZBhBoStGX0pSsUT4oL04T12cbZw8lpkqLf1n0zgSObs22Oxk174-FlrZW1l1t7D0m0jmaTkov6MGmiZgdsvpsEyVTLaZBMAw_f-4c8ZUUQHZG1tgYjW2Ng_jlbv9RixTeCln9QkZegdN9Q_JI5FJjvmINH5tAQ_F_UkYfg6iADHfksjyGY-Wi9VqCNVLBWplP4lqrKbBXQ3KryGz0BCWaumtlQDcnCOIvYGVearBDYq5nl_dKWwX6IZ-0-ZlXlOIVZ4WcRc9SFrjrixzPSpoE2gCCM7GnXJIyVJW57hYs9LXlODXyBDZdCP-6q0qHjnVL05QsUHpmflbn6k5ZNBzEf6nw4VKrt1Tx8Z8dq0dxL5C2ZnbkfJGtS-lwKAwfjLMukLO33yZ4FCA0rMBftedm9Uj5a_ZFWj6KQPyJhL3nedrndhbMrWwzvRL5q2orHHlwuxbOi3Oi3Ftss-LC31fWkOO363WuRh6XxjDjkicbkoX700-T5D3F-kjjnYv9LHLs-cajvlo_YIQ7N0iDJvuPcZdaMg3zC_VEYVWu-hy9QzIV5MuoS-kN-djBa0K-NRIiDJHOQSNwt5KcMLiBh2fEgNlxAfzclNKg9NXwPD3taWqTsDeO7KBJdpMgnmcN9zcsc1FvTHg5VKXPI7fRXfL8C7tdCnGIGLuLpCHFGsvh9iOdQ0Lo03wP75xH81dj1ln2u7I7WgwVXBDQkWXw6HMMk8N3NzEJGkguubIF9BfWRCroB1XWstegu66VU38N2CJpNx-_EdwXvQO9HgD4x418cjhAYSZxwBCN-z4I0eB-_t02PPrdWqro9aEreqq6_ROtzkbweLGkepIEDC3ZZCgnO4X2w_Mk1Ny4UK7N7R7X994AiCbBVP4CCjKAIs-xCzz-G4klJBlpb968CyPW8jCHLiOPlbOxlkhfv87JqvZwv_-uhbO_RHV-H198f-Tda0bOlo-tLrw5TkhcOTOEoe7OUXSiHc6nAKYdcV9Sw7V9SfX00sHtPzn7Njq4DeJJv4WJVfODa_I_g5rek0ShMmVvVojEuIbmQRse4PByA1QZ6m11Y3rrt-K2N7PWQCombWd1mHgASCK-kjvhJnEDoqHM7ZmCQzuBq6qI4nbnJ0m0Xk4gkCRvy4GNdGl6VcLB1s971bU173vWsqNDtmbOlrkuFu9XzcZNfk8xpwZKEDZ3ATosWpMCKzLlRf6JKw93qeZTUYUe7_qa_I26_r2VqloRFFjmWut1LgmOWhkNLl8pCJvI7ZkF1NtzFo8WfQ5H5LHWYh90WIqZBBrOhbfPmCQOoR6ENFcxNB53BDsAjZ67LAkIzmDn2j-p-QGLi2G-kLPl525a0fdrRt-yPYt8lMg8npye9W6ogX1fj9HQC5rjq1dnNkpfQ3xi06fC7Yp_mf9gNRLkA9bkC1UjWr0UvON0IqQ1nxz161aqaURYTF-q--QjzIsUxxvmMFO9Qd3r-0p0OR3ahIzkcB3EWXg7is2wOeY6gn4se29KLbX2u-L7PaPPT87P3Buhi3H8ltNcM2yx0wzYq-gEmPw7uddNQRjMyMnJ0eBaEOKYXjZzb69bSoX1vedTnoutuEMAxdZxIRhskjaLcccLugeMBQeNEsyuSs3OOE4YFdX4ZlBOVF_1T7OE9_9lz6CNn12t2OARB-09GNWfr_iWcud1MDsHthbVpz1a74dEWoGVpKdS8DtOPd2e-320BT8P7onvi9nkPqqQvNp2uXrRty1tJbgUfSl41xlsn3xXx1znKxs4JbjoMbhRmGSTF-eCyPnAf28e3_U2Am5PeycWRZVFh9Q4Ncx-xpiTOcp-i9doyd60NVWa9o1wgy2mm657e7Z920qSZNGUeuSN-93T3KDwYeR37IUWt2J8x3i4_Gr-Cjb3hbN-8aE4h25eDFDSP9mGAf_8Oy01-S_KUpPQGboMYhySMfDK72d5GUUajdAaMBqSI_SCMspxFaZHhvGBhTm_4LfbxzE994qeEhLNp4JM4n0GckRhmKS28mQ87ysvj-3g3zVsJt4Ef-1F0U9IMSt28-Ifx0C_shYsbddu4ntUb7c38kmujT3IMN2XzyuBgWbhAK9i0TnOBzh8Yoj41tG8v2NwztXn4plbl7c-_ZNF5tL_F_x8AAP__NyQ4Cw">