<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/124975>124975</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            [analyzer] "non-static stackless VarRegion" crash
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          wjristow
      </td>
    </tr>
</table>

<pre>
    The following code crashes the Clang Static Analyzer when built with assertions:

```
// =============================================================
enum PrimaryColors {
  Color_Red     = 0x01,
  Color_Green   = 0x02,
 Color_Blue    = 0x04,
  Color_None    = 0x00
};
extern void ReportMissing(PrimaryColors color);

struct ColorInfo {
  PrimaryColors getColor() const { return m_color; }
  PrimaryColors m_color;
};

void CheckColor(ColorInfo *pColorInfo, bool AllowSkip) {
  extern bool SkipCheck;
  if (SkipCheck || !pColorInfo) {
    if (AllowSkip)
 return;
  }
  if ((pColorInfo->getColor() & Color_Red) == 0)
 ReportMissing(Color_Red);
}
// -------------------------------------------------------------
```

Specifically, using Clang 19.1.0:

```
$ clang++ --analyze test.cpp
clang++: /root/llvm-project/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp:1290: bool isInitializationOfVar(const clang::ento::ExplodedNode*, const clang::ento::VarRegion*): Assertion `VR->getDecl()->isStaticLocal() && "non-static stackless VarRegion"' failed.
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
  ...
$
```

[Godbolt link](https://godbolt.org/z/vao3vPnTe).

FTR, with a non-assetions compiler, it gets a sensible warning from the analyzer:

```
$ clang++ --analyze test.cpp
test.cpp:21:8: warning: Called C++ object pointer is null [core.CallAndMessage]
   21 |   if ((pColorInfo->getColor() & Color_Red) == 0)
      |        ^~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
$
```

Looking through history, I see it passed with llvm 9.0, and crashes beginning with llvm 10.0.
</pre>
<img width="1" height="1" alt="" src="http://email.email.llvm.org/o/eJzUVk1v2zgT_jX0ZRCBoqzYOvgg23FRoO1bJEWuBUWNJDY0KZBU3PTw_vYFSX812S4W3b2sIEAUZzgznHnmIblzsteIK1KuSbmd8ckPxq4O36x03hxmjWlfVl8GhM4oZQ5S9yBMiyAsdwM68APCRnHdw4PnXgqoNVcvP9DCYUANzSSVh4P0A3Dn0HpptCNFTWh8b-nxpTVhO8J2QIrtf_KlNeppD5-t3HP7sjHKWAdksSa0Boi_X--xhfCQYgv0O80J21xJ31lEfZGyozQJ12rCq6Xzn5d-MvpaGrO52JIiOMfvHq2GZyNbuMfRWP9ROid1T9jy52BF-BBWpXWE1s7bSfjk473uzHk7P6_r0W_S0iVhFQijnQ-qYNFPVsP-a7JcrCFE9dbAReE6cELrGPRmQPF0cnAVC6vH8x9hG2iMUVAHjD48yTFEcgr3mIKoEGTRYnICIDsgbHmeBrLYkMUGCMuvzV-MnVZcewqCtNmT1dNGky5hy4uxG1LcvUoZYbcXiMSJiCmgR9uv63ate8nauYVu_snzuitp_TCikJ0UXKmXkOgpRHHs-bzK8oz-op_nIIISYWvC1nBzwxMzgEfnMzGOhNZXCqSogbCdNcYTtlPqeX8zWvMNRfg96u2UbAjbJaY5EQ1hu42xSNhuPfUpVWgfpZPeWBf9FHXOqhBlwoB077X0kiv5gwc--l_3yEMpEnKTq6ImRY3amzS6-z4q02L7ybRIWB3S8Bfaj9zeYy-NjqpVcFyfyA_ILX28P4Jgi0IlDIQJ6dLGPhjB1QUaAR2EMW30jUsU6zwXTwqdgytPjLAFdFwqbDNC688f7uqHO3BTs5ceODRTDzYmB7yBwfsx0nBETC_9MDWZMPtj5t8WQDo3oQvo4roFqYWaWozkHw8CaLh48pYLDKkZLY7WCHQOW3Bmsmk6rOTOGSG5xxbspMEJK0efxV7JsizB5i0ESbl-Z9rGKA9K6idSbglbvtpDkmfGBpz8IGz3zE3x_Fl_QcKqLNnZfbkPgaTjCEJGw6EUzyQQZj9KFeC0AekDqzng4FA72SiEA7c64L6zZh_3zU_w-23wn4dFzXJS1MsAlKOfMNxwpbCFzdGGaUItYDRSe7QgHehJKSDlWhiLWdCudfsRneM9hhRFumJ5oDT4t6goHWDRYBqWd___s4fQOj_nrEeNNtT8lwX-YMxT0PSDNVM_wBAuHzbSzXtwiKEiI494isUL6IQqoydYnW4jDfZSR58XtZxmNJu1q6KtiorPcJUvimW-pLSaz4ZV2d2yDsVy0cxp21VdUbbVbZXndFEtmkVRzOSKUVbSnFV5NV_m86yrilwUjJXN7XLBBSVzinsuVRa8BfzNYrOscjavFuVM8QaVi9crxjQeIEpDv5bbmV3FPmum3pE5VdJ5dzHjpVfxXnaGWrn9W0yQ0jGbrFr9fqMfw39esT8CAAD__7JMCW0">