False positive from Sanitizer: undefined-behavior

[Fedr]

In the program:

struct A {
    constexpr A();
    virtual void f() {}
};

struct B : A {};

constexpr A::A() { 
    (void)static_cast<B*>(this);
}

int main() {
    B b;
}

compiled with -fsanitize=undefined flag, Clang reports:

/app/example.cpp:9:11: runtime error: downcast of address 0x7ffca2ddc908 which does not point to an object of type 'B'
0x7ffca2ddc908: note: object is of type 'A'
 fc 7f 00 00  a8 4c df bc 66 55 00 00  00 00 00 00 00 00 00 00  83 e0 7c 61 10 7f 00 00  b0 ca c9 61
              ^~~~~~~~~~~~~~~~~~~~~~~
              vptr for 'A'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /app/example.cpp:9:11 in 

Online demo: https://godbolt.org/z/axEPzczs8

But it does not look right, since the pointer after the cast is not used, and it can be used after finishing of B constructor.

[comex]

See also: discussions of whether this is legal:

• https://stackoverflow.com/questions/73172193/can-you-static-cast-this-to-a-derived-class-in-a-base-class-constructor-then-u
• https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96765

[hexagonrecursion]

• See also -fsanitize=vptr false positive when pointer is not dereferenced #36048

[pitrou]

A similar issue was reported (in the wrong repo, but it's not archived) here:
google/sanitizers#1773

This affects real-world usage of the CRTP pattern, for example:
aws/aws-sdk-cpp#3464

[niekbouman]

@Fedr This is fixed in Clang 21 (I just verified this with the above Godbolt Compiler Explorer link)
I guess this issue can be closed.

Edit: I was mistaken here.
I turns out that Clang 21 splits off the vptr sanitizer from the undefined behavior sanitizer:

https://releases.llvm.org/21.1.0/tools/clang/docs/ReleaseNotes.html

-fsanitize=vptr is no longer a part of -fsanitize=undefined.

With -fsanitize=vptr the error is still being reported.
(I actually doubt myself whether it is a false positive or whether the diagnostic is in fact correct; I worked around the issue in my code.)