[PATCH] D158592: [clang][dataflow] Produce pointer values for callees of member operator calls.

Martin Böhme via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Wed Aug 23 03:54:50 PDT 2023 

mboehme created this revision.
Herald added subscribers: martong, xazax.hun.
Herald added a reviewer: NoQ.
Herald added a project: All.
mboehme requested review of this revision.
Herald added a project: clang.
Herald added a subscriber: cfe-commits.

Calls to member operators are a special case in that their callees have pointer
type. The callees of non-operator non-static member functions are not pointers.
See the comments in the code for details.

This issue came up in the Crubit nullability check; the fact that we weren't
modeling the `PointerValue` caused non-convergence.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D158592

Files:
  clang/lib/Analysis/FlowSensitive/Transfer.cpp
  clang/unittests/Analysis/FlowSensitive/TransferTest.cpp


Index: clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
===================================================================
--- clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
+++ clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
@@ -5550,6 +5550,59 @@
       });
 }
 
+// Check that a callee of a member operator call is modeled as a `PointerValue`.
+// Member operator calls are unusual in that their callee is a pointer that
+// stems from a `FunctionToPointerDecay`. In calls to non-operator non-static
+// member functions, the callee is a `MemberExpr` (which does not have pointer
+// type).
+// We want to make sure that we produce a pointer value for the callee in this
+// specific scenario and that its storage location is durable (for convergence).
+TEST(TransferTest, MemberOperatorCallModelsPointerForCallee) {
+  std::string Code = R"(
+    struct S {
+      bool operator!=(S s);
+    };
+    void target() {
+      S s;
+      (void)(s != s);
+      (void)(s != s);
+      // [[p]]
+    }
+  )";
+  runDataflow(
+      Code,
+      [](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> &Results,
+         ASTContext &ASTCtx) {
+        using ast_matchers::selectFirst;
+        using ast_matchers::match;
+        using ast_matchers::traverse;
+        using ast_matchers::cxxOperatorCallExpr;
+
+        const Environment &Env = getEnvironmentAtAnnotation(Results, "p");
+
+        auto Matches = match(
+            traverse(TK_AsIs, cxxOperatorCallExpr().bind("call")), ASTCtx);
+
+        ASSERT_EQ(Matches.size(), 2);
+
+        auto *Call1 = Matches[0].getNodeAs<CXXOperatorCallExpr>("call");
+        auto *Call2 = Matches[1].getNodeAs<CXXOperatorCallExpr>("call");
+
+        ASSERT_THAT(Call1, NotNull());
+        ASSERT_THAT(Call2, NotNull());
+
+        EXPECT_EQ(cast<ImplicitCastExpr>(Call1->getCallee())->getCastKind(),
+                  CK_FunctionToPointerDecay);
+        EXPECT_EQ(cast<ImplicitCastExpr>(Call2->getCallee())->getCastKind(),
+                  CK_FunctionToPointerDecay);
+
+        auto *Ptr1 = cast<PointerValue>(Env.getValue(*Call1->getCallee()));
+        auto *Ptr2 = cast<PointerValue>(Env.getValue(*Call2->getCallee()));
+
+        ASSERT_EQ(&Ptr1->getPointeeLoc(), &Ptr2->getPointeeLoc());
+      });
+}
+
 // Check that fields of anonymous records are modeled.
 TEST(TransferTest, AnonymousStruct) {
   std::string Code = R"(
Index: clang/lib/Analysis/FlowSensitive/Transfer.cpp
===================================================================
--- clang/lib/Analysis/FlowSensitive/Transfer.cpp
+++ clang/lib/Analysis/FlowSensitive/Transfer.cpp
@@ -175,12 +175,16 @@
     const ValueDecl *VD = S->getDecl();
     assert(VD != nullptr);
 
-    // `DeclRefExpr`s to fields and non-static methods aren't glvalues, and
-    // there's also no sensible `Value` we can assign to them, so skip them.
-    if (isa<FieldDecl>(VD))
-      return;
-    if (auto *Method = dyn_cast<CXXMethodDecl>(VD);
-        Method && !Method->isStatic())
+    // Some `DeclRefExpr`s aren't glvalues, so we can't associate them with a
+    // `StorageLocation`, and there's also no sensible `Value` that we can
+    // assign to them. Examples:
+    // - Non-static member variables
+    // - Non static member functions
+    //   Note: Member operators are an exception to this, but apparently only
+    //   if the `DeclRefExpr` is used within the callee of a
+    //   `CXXOperatorCallExpr`. In other cases, for example when applying the
+    //   address-of operator, the `DeclRefExpr` is a prvalue.
+    if (!S->isGLValue())
       return;
 
     auto *DeclLoc = Env.getStorageLocation(*VD);


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D158592.552651.patch
Type: text/x-patch
Size: 3662 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20230823/b9c23c37/attachment.bin>

More information about the cfe-commits mailing list