<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/152952>152952</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            [clang][bytecode] crash with --std=c++26 --analyze -fexperimental-new-constant-interpreter
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            clang
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          k-arrows
      </td>
    </tr>
</table>

<pre>
    When compiling the following reproducer with clang++ using --std=c++26 --analyze -fexperimental-new-constant-interpreter, the compiler crashes. The crash occurs only when all of these options are present. Removing any single option avoids the crash.

Reproducer:
https://godbolt.org/z/rG3b6vnej
```cpp
#include <new>

struct S {
private:
  ~S();
};

template<class T>
T& create();

void f()
{
  S* sp = new (((void*) 0)) S(create<S>());
}
```

Backtrace:
```console
clang++: warning: argument unused during compilation: '-S' [-Wunused-command-line-argument]
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.      Program arguments: /opt/compiler-explorer/clang-trunk/bin/clang++ -gdwarf-4 -g -o /app/output.s -mllvm --x86-asm-syntax=intel -fno-verbose-asm -S --gcc-toolchain=/opt/compiler-explorer/gcc-snapshot -fcolor-diagnostics -fno-crash-diagnostics --std=c++26 --analyze -fexperimental-new-constant-interpreter <source>
1.      <eof> parser at end of file
 #0 0x0000000003cdc778 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/opt/compiler-explorer/clang-trunk/bin/clang+++0x3cdc778)
 #1 0x0000000003cda14c llvm::sys::CleanupOnSignal(unsigned long) (/opt/compiler-explorer/clang-trunk/bin/clang+++0x3cda14c)
 #2 0x0000000003c2a4e8 CrashRecoverySignalHandler(int) CrashRecoveryContext.cpp:0:0
 #3 0x0000778bfb842520 (/lib/x86_64-linux-gnu/libc.so.6+0x42520)
 #4 0x0000000007668604 clang::interp::startLifetimeRecurse(clang::interp::Pointer const&) Interp.cpp:0:0
 #5 0x000000000766f0a6 clang::interp::StartLifetime(clang::interp::InterpState&, clang::interp::CodePtr) (/opt/compiler-explorer/clang-trunk/bin/clang+++0x766f0a6)
 #6 0x0000000007905d34 clang::interp::Compiler<clang::interp::EvalEmitter>::VisitCXXNewExpr(clang::CXXNewExpr const*) (/opt/compiler-explorer/clang-trunk/bin/clang+++0x7905d34)
 #7 0x000000000790a968 clang::interp::Compiler<clang::interp::EvalEmitter>::visit(clang::Expr const*) (/opt/compiler-explorer/clang-trunk/bin/clang+++0x790a968)
 #8 0x0000000007900acf clang::interp::Compiler<clang::interp::EvalEmitter>::visitExpr(clang::Expr const*, bool) (/opt/compiler-explorer/clang-trunk/bin/clang+++0x7900acf)
 #9 0x00000000075319a3 clang::interp::EvalEmitter::interpretExpr(clang::Expr const*, bool, bool) (/opt/compiler-explorer/clang-trunk/bin/clang+++0x75319a3)
#10 0x000000000751787e clang::interp::Context::evaluateAsRValue(clang::interp::State&, clang::Expr const*, clang::APValue&) (/opt/compiler-explorer/clang-trunk/bin/clang+++0x751787e)
#11 0x00000000074984ea EvaluateAsRValue((anonymous namespace)::EvalInfo&, clang::Expr const*, clang::APValue&) (.part.0) ExprConstant.cpp:0:0
#12 0x000000000749c7d8 clang::Expr::EvaluateAsRValue(clang::Expr::EvalResult&, clang::ASTContext const&, bool) const (/opt/compiler-explorer/clang-trunk/bin/clang+++0x749c7d8)
#13 0x000000000749c959 clang::Expr::isEvaluatable(clang::ASTContext const&, clang::Expr::SideEffectsKind) const (/opt/compiler-explorer/clang-trunk/bin/clang+++0x749c959)
#14 0x0000000005d6376b (anonymous namespace)::DeadStoreObs::observeStmt(clang::Stmt const*, clang::CFGBlock const*, clang::LiveVariables::LivenessValues const&) DeadStoresChecker.cpp:0:0
#15 0x0000000006fe1722 (anonymous namespace)::TransferFunctions::Visit(clang::Stmt*) LiveVariables.cpp:0:0
#16 0x0000000006fe446b (anonymous namespace)::LiveVariablesImpl::runOnBlock(clang::CFGBlock const*, clang::LiveVariables::LivenessValues, clang::LiveVariables::Observer*) LiveVariables.cpp:0:0
#17 0x0000000006fe473e clang::LiveVariables::runOnAllBlocks(clang::LiveVariables::Observer&) (/opt/compiler-explorer/clang-trunk/bin/clang+++0x6fe473e)
#18 0x0000000005d60f37 (anonymous namespace)::DeadStoresChecker::checkASTCodeBody(clang::Decl const*, clang::ento::AnalysisManager&, clang::ento::BugReporter&) const DeadStoresChecker.cpp:0:0
#19 0x00000000060f0af7 clang::ento::CheckerManager::runCheckersOnASTBody(clang::Decl const*, clang::ento::AnalysisManager&, clang::ento::BugReporter&) (/opt/compiler-explorer/clang-trunk/bin/clang+++0x60f0af7)
#20 0x0000000005cb9520 (anonymous namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int, clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*, llvm::DenseMapInfo<clang::Decl const*, void>>*) AnalysisConsumer.cpp:0:0
#21 0x0000000005cba367 non-virtual thunk to (anonymous namespace)::AnalysisConsumer::VisitFunctionDecl(clang::FunctionDecl*) AnalysisConsumer.cpp:0:0
#22 0x00000000073d48f5 clang::DynamicRecursiveASTVisitorBase<false>::TraverseFunctionDecl(clang::FunctionDecl*) (/opt/compiler-explorer/clang-trunk/bin/clang+++0x73d48f5)
#23 0x0000000005cba739 (anonymous namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&) AnalysisConsumer.cpp:0:0
#24 0x0000000006293cdc clang::ParseAST(clang::Sema&, bool, bool) (/opt/compiler-explorer/clang-trunk/bin/clang+++0x6293cdc)
#25 0x000000000492f13a clang::FrontendAction::Execute() (/opt/compiler-explorer/clang-trunk/bin/clang+++0x492f13a)
#26 0x00000000048a86bb clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/opt/compiler-explorer/clang-trunk/bin/clang+++0x48a86bb)
#27 0x0000000004a1fd63 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/opt/compiler-explorer/clang-trunk/bin/clang+++0x4a1fd63)
#28 0x0000000000dc00c5 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/opt/compiler-explorer/clang-trunk/bin/clang+++0xdc00c5)
#29 0x0000000000db806d ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&, llvm::ToolContext const&) driver.cpp:0:0
#30 0x0000000004695bc9 void llvm::function_ref<void ()>::callback_fn<clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const::'lambda'()>(long) Job.cpp:0:0
#31 0x0000000003c2a903 llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>) (/opt/compiler-explorer/clang-trunk/bin/clang+++0x3c2a903)
#32 0x0000000004695de9 clang::driver::CC1Command::Execute(llvm::ArrayRef<std::optional<llvm::StringRef>>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>*, bool*) const (.part.0) Job.cpp:0:0
#33 0x000000000465917d clang::driver::Compilation::ExecuteCommand(clang::driver::Command const&, clang::driver::Command const*&, bool) const (/opt/compiler-explorer/clang-trunk/bin/clang+++0x465917d)
#34 0x000000000465a131 clang::driver::Compilation::ExecuteJobs(clang::driver::JobList const&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&, bool) const (/opt/compiler-explorer/clang-trunk/bin/clang+++0x465a131)
#35 0x0000000004663f7c clang::driver::Driver::ExecuteCompilation(clang::driver::Compilation&, llvm::SmallVectorImpl<std::pair<int, clang::driver::Command const*>>&) (/opt/compiler-explorer/clang-trunk/bin/clang+++0x4663f7c)
#36 0x0000000000dbc8d1 clang_main(int, char**, llvm::ToolContext const&) (/opt/compiler-explorer/clang-trunk/bin/clang+++0xdbc8d1)
#37 0x0000000000c6b864 main (/opt/compiler-explorer/clang-trunk/bin/clang+++0xc6b864)
#38 0x0000778bfb829d90 (/lib/x86_64-linux-gnu/libc.so.6+0x29d90)
#39 0x0000778bfb829e40 __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e40)
#40 0x0000000000db7b05 _start (/opt/compiler-explorer/clang-trunk/bin/clang+++0xdb7b05)
clang++: error: clang frontend command failed with exit code 139 (use -v to see invocation)
Compiler returned: 139
```
</pre>
<img width="1" height="1" alt="" src="http://email.email.llvm.org/o/eJzkWk1z4zbS_jXwBUUVBYpfBx9kyco7eSc7Lss7yc0Fgk0ZMQSwAFC2c9jfvgWQMkVa8jgzmt3DppwaEZ_P83Sj0QBJjeEbCXCJ4isULy9oYx-UvnwMqNbqyVwUqny5_P0BJGZqW3PB5QbbB8CVEkI9uScNtVZlw0DjJ24fMBNUbhC5QuQKN8a1CAJjSxQtWVtKEhwEVFLx8hfgoILnGjTfgrRUBBKeAqaksVTagEsLutZgQSOy8NO2IEBjpql5ADPBd67UPWDFWKMNVlK84CeHmAqBVeX6GcCqtlxJg6kGXGswIO0E38JW7RxEKl-wwyr2DTHdKV6adlI3_ASFcxTOb1_Zosg9P1hbG_eTrBBZbVRZKGEnSm8QWf2FyEr_EhXJTsKfrnsStn-srt0jibhkoikBo2gh4QlF1-0kxuqGWbzGKL1C4bzWfEcttBNi_K81IhkiOYpcJUqX3Y9wbmFbC99ywQQ1Bt-1Q94hkmCmwVUddg3njiSuukI32JWfYo3IHJsao2iJJTxh38D9ufaIzBHJcei6kNy1zbqxo8XaTdiOdgjwgHs77xVlj1ZT1pHqlVHSKAEonB-4EYrm-IlqyeXG_aR60zh3wY1sDJS4bLQzYesa1BnPtUIkDdaIpBjFV8HvbdOAqe2WyjIQXEKwHwfFDuDN5-v5-hqbpthyiykuGu_aSltsFR6ZmduHppgwtUVkJcRu_09Qa_UnMIvIihvTgEFkhaks8d7Or96Ei1cByML5Y60VA-PoGNXottj1pMYoxqmFEutGYsM0r63zxbWl7BGXzbZuJQwnKMxvtNpoun2VyLRKrFTtMO0XTwDPtVDaraqVlzmwupGPiKwKLvdl3QoONuUT1VUww8EGB8oNRuvaDdnYurETg4Oto46D4DlLAmq2gXmRlj6jaOnWr8BBJVWwA10oA64eB2scBBvGAquUYA-USxQt3wXpGhtJa_OgLA4qpoTSQcnpRipjOTPtHF7YYfGPBx63NDuL-KU0dTKjaAGqQtE1rqk2oDG1GGTpgk3FvfdiRKIQh8_h_r-IlSxNM-y9JZqjaG5eTPvjRnNpvTnvWofI-kaaPt0rYzXQLSKJcwourVt1fpF9v10RuQqfO0zt0neIpyPEdDpjxxAvBFDZ1F_kmm8kFYhkjfTbSImFclOcDZ9D0OMjQ3yEziDDC2f2W2BqB_qlBfR_VJbCTZN1ag3aLJS08GwnLgpH89D_344fdeOnaVZURTYjMQk7JoIXiKyes-Q-mbnw0TwHG9m0FWxi1CTxkH2XHvDsEHCaJFkSzroN0gvZOlqnrqXafuYVWL6FW3B7mfOFE61vlH_C3me9a-T4k68_wisewahCmpyCsT6EcXr-dq619VuKd8wTDReqhBurz-UTHfpe4mTALQ_jMjop8aKbtN0fj7W43lFxveXWpRzRdVv2lRtuF3_88Q94un6u9VCTvnxvivnZqLZkeqrpiCrNk-y8VHeO6pDgz6LmwPfUshG1kLLqJ1B7a78RvQUulBJnpOmI9DTzAc04muY0OkVzQKKv1PBxFmdm0-LtMkUSTcMhm2mapXDaaD7otg-wo6KhFubm9isVzTth5kSAecP3oG5-042ZnI-4p9YTH-yT6SzPZkDx9VtSiGRUKvmyVY3Bkm7B1H6Dz3sLf5KV-kF-k5pqO3G7Dnb9Fl0WM9oHHG4yws3SMhtP20M7baFhu1swjbBvSczXd53VD3ap3iV92Xns0zLp7RONeeZxfpwnNx1TWogRyRPwjw6z5iVcVxUwa_6fy_L89PI47-kNsoq4TKI0KfA3fG0JtFxbpeFL0SVxqjCgd7C221HEdyWnnG-x-uVKKPZ4qv4z38FXqrmT0_RFEozxfmQGCcsrKLN4APYI-ojPDnKXpIJpSsi3yN5pKk0FetVI5k_9Bxv5W67dvjaAfgRIMgIym31b9cGYn7a16LL6Rn6RXsdRMvGj6n67_ZfW6vqDpNMx6TSCb8zgyc2F8EzMkOC7gM4Wrzuc_YLJRgsmrKL0wwtm75ttMXMPPjSUcKXKlyG_JTBxynggreoiizuCGm5-o5JuOuYnml41m1t_CfEqUBtXPrJyBslGElYhrdLjs3Rj7PHszdgVmy9yvr77r5A9ize0zF-9gQzSlpgVeXfKe88b9izc5tps9xq150znCm-V6TR5PRj7k-gJ4m4juZYbLmF_uBJccrn5TZXtmu7P4EuQBtZgh8nvG1OMOvxGa59ovN_JX-65fPm6iw5j1m-djExHYtIoSbFUMthxbRsqsH1o5CO26vsU9iF7H8ZbWQ-FHtZ8FPMwDYrKWVbFh4ZZvki65aw9g_MdzNd3HofSV9QAihYVFQZeTxZ3mu5AG_hbMM-SGLTQe8-OxsZIo_xHPNvvo-2V6j_leOvs86NusX5A-UHmkpA8YiU7VP6GauPkHm3SsKWD5PG855oORy_jIOWY5aSaRvQQ5Uo73rKcs-6y2S9hYM3-ev0ssLqJe1iDBGSW0SwpikFu1k30yef_DAbAOqxDtxzyOF_I7cD10AdpxIxOqzKJhpm0B9kz2ClG3wJ-w_B8a6kD1UMe5AxhycKQxZix6f2WugEO7mjnWtOXW6hcdH2gB-c2F0cXeFi2D7PnQ95C64HnQ-BFFiYl3gu8mN75lXMAf72lQnwFZpVuM9QjLJLhnuLGeHs2ynGp-e7Yuh9ehc-SPC5Y7nU4GLTqguS99lL62v3bqi7SMipEQdnjfSWHW1k7cecki-mifc0zXplHTebfEPjzkH_vR50AB-JYzeXGt7zu7Pna4f6ePT9Pp-1DQQ1n98Y37yQcNHYF91ZTbs2-ejQcFcI5vdIH9d1OvI9389cEsO2CSCrotigpImkvFcn2l_C_quKIMabjW_Q8jA7scOyuvK25beSaViBeBlq-b7ezvQrwMF-9fPgqwHlUCYMj_v-cR4xugo6bPhqqFufTtDyp2uB96iBIeykHkXnU0TU4dWvyTtP5T7si6rj2_jMbKUGn0fTvKvGrKsxpGX5VxWduhpdH70XdV7PXlDuLvz0wvKtc5xs_Tz-nUK_fMEdKkqhK2Smsy4Pfg53-yBZ_Svf_oH5nSihaTXrFktG-zLKy87h9SrFH7CPF_M1J7tSue5YkwsPpwQ4StpAlRZbMsIN5ltna8frZsuF7V5KX-d987-q79APm4wFhFuL7e9fn3r9nvT_g8uEpYNZPMQtH5kyLMMbt4GeyiBuxnW_0LQxo7faEees9uOrSeNx93YIrygWU7ddY8Mydt5SAp-1ZsDGAg507kBsAzA8ybTfTPsPGGmyjJbgl5XoefqNzUV5GZR7l9AIup2k8y7IpSeKLh0symxVRUcakgowm05SWLAZSJHGSlTQpyAW_JCGJw2w6DaNwGsaTgiSMhElZRXHB0rJCsxC2lIuJ8_qJ0psL_x3N5TQmeUwuBC1AGP-pGiGdKATFywt96T-_KZqNQbNQcGNNP4TlVvjv29oe8RLFV8WLBacKipfdBzlerTN8MHLRaHH5_Z8LdUx3l-TfAQAA___1Zx90">