WebKit Bugzilla
New
Browse
Search+
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
317509
[WTF] Work-around for clang static analyzer crash on 128-bit overflow builtins
https://bugs.webkit.org/show_bug.cgi?id=317509
Summary
[WTF] Work-around for clang static analyzer crash on 128-bit overflow builtins
David Kilzer (:ddkilzer)
Reported
2026-06-19 17:56:19 PDT
The clang static analyzer (`clang --analyze`) crashes with a segmentation fault (null-pointer dereference) when it models a `__builtin_add_overflow`, `__builtin_sub_overflow`, or `__builtin_mul_overflow` call whose overflow result type is a 128-bit integer (`__int128` / `unsigned __int128`). WTF's `Checked<>` arithmetic in `CheckedArithmetic.h` emits these builtins, so analyzing any WebKit code that performs 128-bit checked arithmetic (for example `CheckedInt128` in JavaScriptCore's Temporal core) crashes the analyzer. Steps to reproduce: 1. Build WebKit for static analysis with an Apple clang older than clang-2100.3.6.4 from Xcode 27. 2. Observe the analyzer crash on the JavaScriptCore unified source that bundles the Temporal core files. Expected Results: The analyze action completes successfully without crashing. Actual Results: The analyze action reports "ANALYZE FAILED" and stops before analyzing WebCore.
Attachments
Add attachment
proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1
2026-06-19 18:19:34 PDT
<
rdar://problem/180158368
>
David Kilzer (:ddkilzer)
Comment 2
2026-06-19 20:22:00 PDT
Pull request:
https://github.com/WebKit/WebKit/pull/67525
EWS
Comment 3
2026-06-19 20:51:36 PDT
Committed
315555@main
(fe014f0ddd45): <
https://commits.webkit.org/315555@main
> Reviewed commits have been landed. Closing PR #67525 and removing active labels.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug