<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/128068>128068</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            [clang][dataflow] Crashes in getChild with incorrect "base" StorageLocation after #127338
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            clang
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          jvoung
      </td>
    </tr>
</table>

<pre>
    After #127338  we are seeing some crashes in bugprone-unchecked-optional-access checker in the dataflow framework.

New test to trigger the crash: https://github.com/llvm/llvm-project/pull/128065

Example stack:
```
 #0 0x000056125e5df14b llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (clang/unittests/Analysis/FlowSensitive
/./ClangAnalysisFlowSensitiveTests+0x53a14b)
 #1 0x000056125e5dbe16 SignalHandler(int, siginfo_t*, void*) Signals.cpp:0:0
 #2 0x00007f383c574590 (/lib/x86_64-linux-gnu/libc.so.6+0x3f590)
 #3 0x00007f383c5c33ac __pthread_kill_implementation ./nptl/pthread_kill.c:44:76
 #4 0x00007f383c5744f2 raise ./signal/../sysdeps/posix/raise.c:27:6
 #5 0x00007f383c55d4ed abort ./stdlib/abort.c:81:7
 #6 0x00007f383c55d415 _nl_load_domain ./intl/loadmsgcat.c:1177:9
 #7 0x00007f383c56d012 (/lib/x86_64-linux-gnu/libc.so.6+0x38012)
 #8 0x000056125e3d64b2 clang::dataflow::RecordStorageLocation::getChild(clang::ValueDecl const&) const (clang/unit
tests/Analysis/FlowSensitive/./ClangAnalysisFlowSensitiveTests+0x3314b2)
 #9 0x000056125ed61b55 clang::dataflow::(anonymous namespace)::TransferVisitor::VisitMemberExpr(clang::MemberExpr const*) Transfer.cpp:0:0
#10 0x000056125ed64b9a clang::dataflow::transfer(clang::dataflow::StmtToEnvMap const&, clang::Stmt const&, clang::dataflow::Environment&, clang::dataflow::Environment::ValueModel&) (/
usr/local/google/home/jvoung/w/jvoung-llvm/llvm-project/build/tools/clang/unittests/Analysis/FlowSensitive/./ClangAnalysisFlowSensitiveTests+0xcbfb9a)
#11 0x000056125ed54a30 clang::dataflow::transferCFGBlock(clang::CFGBlock const&, clang::dataflow::(anonymous namespace)::AnalysisContext&, clang::dataflow::CFGEltCallbacksTypeErased c
onst&) TypeErasedDataflowAnalysis.cpp:0:0
#12 0x000056125ed55a26 clang::dataflow::runTypeErasedDataflowAnalysis(clang::dataflow::AdornedCFG const&, clang::dataflow::TypeErasedDataflowAnalysis&, clang::dataflow::Environment co
nst&, clang::dataflow::CFGEltCallbacksTypeErased const&, int) (clang/unittests/Analysis/FlowSensitive/./ClangAnaly
sisFlowSensitiveTests+0xcb0a26)
#13 0x000056125e5568d2 llvm::Error clang::dataflow::test::checkDataflow<clang::dataflow::UncheckedOptionalAccessModel>(clang::dataflow::test::AnalysisInputs<clang::dataflow::UncheckedOptionalAccessModel>, std::function<void (clang::dataflow::test::AnalysisOutputs const&)>) (clang/unittests/Analysis/FlowSensitive/./ClangAnalysisFlowSensitiveTests+0x4b18d2)
#14 0x000056125e5573d1 llvm::Error clang::dataflow::test::checkDataflow<clang::dataflow::UncheckedOptionalAccessModel>(clang::dataflow::test::AnalysisInputs<clang::dataflow::UncheckedOptionalAccessModel>, std::function<void (llvm::DenseMap<unsigned int, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, llvm::DenseMapInfo<unsigned int, void>, llvm::detail::DenseMapPair<unsigned int, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>>> const&, clang::dataflow::test::AnalysisOutputs const&)>) (clang/unittests/Analysis/FlowSensitive/./ClangAnalysisFlowSensitiveTests+0x4b23d1)
#15 0x000056125e55a2dd void UncheckedOptionalAccessTest::ExpectDiagnosticsFor<clang::ast_matchers::internal::Matcher<clang::NamedDecl>>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, clang::ast_matchers::internal::Matcher<clang::NamedDecl>, char const*, bool) (.isra.0) UncheckedOptionalAccessModelTest.cpp:0:0
#16 0x000056125e55a977 UncheckedOptionalAccessTest::ExpectDiagnosticsFor(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, bool) (.constprop.0.isra.0) UncheckedOptionalAccessModelTest.cpp:0:0
#17 0x000056125e55aa4c UncheckedOptionalAccessTest_ConstructorOtherStructField_Test::TestBody() (clang/unittests/Analysis/FlowSensitive/./ClangAnalysisFlowSensitiveTests+0x4b5a4c)
#18 0x000056125e63789e testing::Test::Run() (.part.0) gtest-all.cc:0:0
#19 0x000056125e63ecf2 testing::TestInfo::Run() (clang/unittests/Analysis/FlowSensitive/./ClangAnalysisFlowSensitiveTests+0x599cf2)
#20 0x000056125e64b2f9 testing::TestSuite::Run() (.part.0) gtest-all.cc:0:0
#21 0x000056125e64bcba testing::internal::UnitTestImpl::RunAllTests() (clang/unittests/Analysis/FlowSensitive/./ClangAnalysisFlowSensitiveTests+0x5a6cba)
#22 0x000056125e64c54e testing::UnitTest::Run() (clang/unittests/Analysis/FlowSensitive/./ClangAnalysisFlowSensitiveTests+0x5a754e)
#23 0x000056125e33eb09 main (clang/unittests/Analysis/FlowSensitive/./ClangAnalysisFlowSensitiveTests+0x299b09)
#24 0x00007f383c55ec8a __libc_start_call_main ./csu/../sysdeps/nptl/libc_start_call_main.h:74:3
#25 0x00007f383c55ed45 call_init ./csu/../csu/libc-start.c:128:20
#26 0x00007f383c55ed45 __libc_start_main ./csu/../csu/libc-start.c:347:5
#27 0x000056125e3888d1 _start (clang/unittests/Analysis/FlowSensitive/./ClangAnalysisFlowSensitiveTests+0x2e38d1)

```
</pre>
<img width="1" height="1" alt="" src="http://email.email.llvm.org/o/eJzsWV9z4ygS_zT4hYoLgWRLD37QOPHcVt3sbG2y-6pCgG02GFSAEufbX4Esy1L-TGbmsnsPV5WUJQG_7v51N2pa1Dm500KsQPYJZNcz2vq9sau_Hkyrd7Pa8KdVufXCQoBJgpeE5BA-CkitgE4IqXfQmYOAzFK3Fw5KDet211ijxVWr2V6we8GvTOOl0VRdUcaEc7B7bsNsvxeQU0-3yjzCraUH8Wjs_RygEqDyV_EIvXAeegO9lbudsHFBlAZICffeNw6QEuANwJud9Pu2njNzAHij1EP_c9VY85dgHuBN0yoF8CbBOVpknZCbIz00SkDnKbsPWKgEC3T6Q2UwHEF0RAihbJHgTGR8m6Q1jAJICUjpnlx38ZuV2t8GnDtLmQA4HyZZ-lgZ562gB4AXAK-h1B7gAgKcM0X1DuBNq6UP9jqAN6Wm6snJcLlR5vFWaCe9fBBBPbyZA7xZh1X9tNGcuw7jEzpmhCZpDXBxsiSZWFKLZAFv5U5T9S-quRIW4DwqtoZO7qTemsoDXIb7ByN5vCxOK9ycNQ0gJYr_nQB8ErDckpywbJlmBQomBlfIGuDNMV9Ui_RKSd0er3a67QbY3Jn5IqpMtlmBBo3JGJARQhmsqsbvraC8updKVTI48CC0pyHOYCBHNz44-nLanAFSpikg5XJxAk-n2qZbDC2VTkQQF80MdMe7J8dFExzSGCePAG_izAiLl4CUPWo2Rs14KjiktbG-Q_W8oyI-isvzJGh1Wr54tjzJYKVVpQzlFTcHKjsbpY42hscHt2O0w0qSZVCm5285RltwlODvdEiOEjw4JB-FEOGLtMawi-AY6H02d3e_C2Ysv_XG0p34t2HRQ93QTvj1Xip-ToD49E-qWnEtmILMaOdjrhTd9TRVACq_mS3vTxVCkrS-sLMY2ckXSZ1lr9sJcE610U8H0zqo6UG4Ju4ARTd8Z6l2W2H_lE56Y0-mhpsv4lALe3Ns7JiH4XlPRMy8HmiSeiG10UThtC7o6wr7E9BY6njOrT_4O3OjH77Q5sId60vUMOe1sTHajX6Q1uiQp98zdYiKL4YLdQqILoIBKltnYw6wmKg7Y3YqeH1vDuGne48BvHk831y9_Gao2xiKG2-MCmH0XXvy-6OM1du6oF2UBaeNN2SepZSgbzttvfn8SRl2P3Ze__R97vhGxPZ2rI324vhNtPXm843ya6pUTdm9u3tqxI2lTnDIACovMnkYuT4B9JJeCGk8YSejePG6DrbVr6O_FeclN1YLvt58fh91b0l5d2BDZgAq3yHtDWovlP3BamIauQCVbwUvotGLJ_eQcTWRLXKOL-qiG2uNfSOYhTtld6wHr8-D61eX_NGXlF9PFWUZC8puYyA3b_l4kNZz8YtuWu9-StwaOs-7udtWs-7dtg6FEvw-Xb62Pihz-c6LAn7eoa97M62TnOPBm-nEm0vCk_978-zNgYlroZ34QhtA1q2OxycO-5q5B6gqdjwmSXdTUydZ5byVQbM121M7mhweVN5S2RkQhif6UBXecLFyOI93U56r9YvemhdUi-X7dA0Xnko1Xv8blfafNy3-vW87_l9JJ0x4MqRTNkknijmPToCvBOLd2YybYyOYv5Z0p43zkrlNx85AAHW-OlDP9sKezp5Se2HDaaWrHrux8aJf6UHwUFr30ZP__eH6X7Uh4O3pZYG8hrUx6uTouXSWzsNZ8jXKY-4H3l-oPRZT_xXL5Q-67p8g-pKHyE9jTTNHP8fJcsoJTdlbnFTrINm2zBv71e-FvY03GykUrwbSwtUnw59iUf-xOZrRlA05Oj7LLsgyL0TsOMk-3gYlf2_1oN-8odZ3NO7C_Cuq1JyxCV3FBF6wLX4O3-3Xz0R8EAVZUbDt8NbH41NjOMxvi-c63rbSix_lASdTGaymYxnjzP9DSx-ZOTTqLLRU6mTFRzNEF6wejmgYT7RnWToJkl7fv9GLdJmlYtBxXIkTImpUwNgo-jgdcFHUqBh0mDTTMsFyCqtKyTrscdT6ilGlqnP7irn2eWvt1Ld7adF8D0i5TAEpyUnitNEmeJrBOF9q6adCusuAfBWRu24ZzgEpcR-p095bRBzZ8JL6LyKTdAlImZ2AxzsnyfOcJ7CD_EgXCZKfa5KLvvaMrwgvSEFnYpUsU4TyLE2K2X613aKU5nlR4LyoqRALtCRZRlKCUb7dZnwmVxjhDGGMcIIIKeYJqynmCU_S5QLXWQJSJA5UqnkoMufG7mbSuVasYss9nylaC-Xi1waMT1ZjkF3P7Co2ZOp250CKlHTeDRBeehU_UXQrsmuQfTrXgNk1XA-fH_quInyUfg-lZsZawQLJuKZOAIzhpBsJ6fgDx6y1avXdXxaila7_tpDPHlb4PwEAAP__w0r7fg">