RESOLVED FIXED317509
[WTF] Work-around for clang static analyzer crash on 128-bit overflow builtins
https://bugs.webkit.org/show_bug.cgi?id=317509
Summary [WTF] Work-around for clang static analyzer crash on 128-bit overflow builtins
David Kilzer (:ddkilzer)
Reported 2026-06-19 17:56:19 PDT
The clang static analyzer (`clang --analyze`) crashes with a segmentation fault (null-pointer dereference) when it models a `__builtin_add_overflow`, `__builtin_sub_overflow`, or `__builtin_mul_overflow` call whose overflow result type is a 128-bit integer (`__int128` / `unsigned __int128`). WTF's `Checked<>` arithmetic in `CheckedArithmetic.h` emits these builtins, so analyzing any WebKit code that performs 128-bit checked arithmetic (for example `CheckedInt128` in JavaScriptCore's Temporal core) crashes the analyzer. Steps to reproduce: 1. Build WebKit for static analysis with an Apple clang older than clang-2100.3.6.4 from Xcode 27. 2. Observe the analyzer crash on the JavaScriptCore unified source that bundles the Temporal core files. Expected Results: The analyze action completes successfully without crashing. Actual Results: The analyze action reports "ANALYZE FAILED" and stops before analyzing WebCore.
Attachments
Radar WebKit Bug Importer
Comment 1 2026-06-19 18:19:34 PDT
David Kilzer (:ddkilzer)
Comment 2 2026-06-19 20:22:00 PDT
EWS
Comment 3 2026-06-19 20:51:36 PDT
Committed 315555@main (fe014f0ddd45): <https://commits.webkit.org/315555@main> Reviewed commits have been landed. Closing PR #67525 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.