[clang] [clang][dataflow] fix assert in `Environment::getResultObjectLocation` (PR #79608)

Tue Jan 30 09:15:45 PST 2024

https://github.com/paulsemel updated https://github.com/llvm/llvm-project/pull/79608

>From 6af0f5971783214f6f3ce5f95aba97ed1c79824e Mon Sep 17 00:00:00 2001
From: Paul Semel <semelpaul at gmail.com>
Date: Fri, 26 Jan 2024 15:29:58 +0000
Subject: [PATCH 1/3] [dataflow] fix assert in
 `Environment::getResultObjectLocation`

When calling `Environment::getResultObjectLocation` with a
CXXOperatorCallExpr that is a prvalue, we just hit an assert because no
record was ever created.
---
 clang/lib/Analysis/FlowSensitive/Transfer.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/clang/lib/Analysis/FlowSensitive/Transfer.cpp b/clang/lib/Analysis/FlowSensitive/Transfer.cpp
index 2271a75fbcaf7..3b028a3200b72 100644
--- a/clang/lib/Analysis/FlowSensitive/Transfer.cpp
+++ b/clang/lib/Analysis/FlowSensitive/Transfer.cpp
@@ -536,6 +536,11 @@ class TransferVisitor : public ConstStmtVisitor<TransferVisitor> {
 
       copyRecord(*LocSrc, *LocDst, Env);
       Env.setStorageLocation(*S, *LocDst);
+    } else {
+      // CXXOperatorCallExpr can be prvalues, in which case we must create a
+      // record for them in order for `Environment::getResultObjectLocation()`
+      // to be able to return a value.
+      VisitCallExpr(S);
     }
   }
 

>From acca94eb5c2c3ce858a704384361f54c1ae7557c Mon Sep 17 00:00:00 2001
From: Paul Semel <paul.semel at epita.fr>
Date: Tue, 30 Jan 2024 17:43:55 +0100
Subject: [PATCH 2/3] Update clang/lib/Analysis/FlowSensitive/Transfer.cpp

Co-authored-by: martinboehme <mboehme at google.com>
---
 clang/lib/Analysis/FlowSensitive/Transfer.cpp | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/clang/lib/Analysis/FlowSensitive/Transfer.cpp b/clang/lib/Analysis/FlowSensitive/Transfer.cpp
index 3b028a3200b72..bb3aec763c29c 100644
--- a/clang/lib/Analysis/FlowSensitive/Transfer.cpp
+++ b/clang/lib/Analysis/FlowSensitive/Transfer.cpp
@@ -536,12 +536,13 @@ class TransferVisitor : public ConstStmtVisitor<TransferVisitor> {
 
       copyRecord(*LocSrc, *LocDst, Env);
       Env.setStorageLocation(*S, *LocDst);
-    } else {
-      // CXXOperatorCallExpr can be prvalues, in which case we must create a
-      // record for them in order for `Environment::getResultObjectLocation()`
-      // to be able to return a value.
-      VisitCallExpr(S);
+      return;
     }
+
+    // CXXOperatorCallExpr can be prvalues. Call `VisitCallExpr`() to create
+    // a `RecordValue` for them so that `Environment::getResultObjectLocation()`
+    // can return a value.
+    VisitCallExpr(S);
   }
 
   void VisitCXXFunctionalCastExpr(const CXXFunctionalCastExpr *S) {

>From 9a6a38339fa69baa4e4bc9dc601791dde154900c Mon Sep 17 00:00:00 2001
From: Paul Semel <semelpaul at gmail.com>
Date: Tue, 30 Jan 2024 17:05:44 +0000
Subject: [PATCH 3/3] add test

---
 .../Analysis/FlowSensitive/TransferTest.cpp   | 35 +++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp b/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
index 268ea4c7431f6..6a357c47f0f60 100644
--- a/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
+++ b/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
@@ -2735,6 +2735,41 @@ TEST(TransferTest, ResultObjectLocationForDefaultInitExpr) {
       });
 }
 
+// This test ensures that CXXOperatorCallExpr returning prvalues are correctly
+// handled by the transfer functions, especially that `getResultObjectLocation`
+// correctly returns a storage location for those.
+TEST(TransferTest, ResultObjectLocationForCXXOperatorCallExpr) {
+  std::string Code = R"(
+    struct A {
+      virtual ~A() = default;
+      A operator+(int a) { return A(); }
+    };
+
+    void target() {
+      A a;
+      a + 3;
+      (void)0; // [[p]]
+    }
+  )";
+  using ast_matchers::cxxOperatorCallExpr;
+  using ast_matchers::match;
+  using ast_matchers::selectFirst;
+  using ast_matchers::traverse;
+  runDataflow(
+      Code,
+      [](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> &Results,
+         ASTContext &ASTCtx) {
+        const Environment &Env = getEnvironmentAtAnnotation(Results, "p");
+
+        auto *CallExpr = selectFirst<CXXOperatorCallExpr>(
+            "call_expr",
+            match(traverse(TK_AsIs, cxxOperatorCallExpr().bind("call_expr")),
+                  ASTCtx));
+
+        EXPECT_NE(&Env.getResultObjectLocation(*CallExpr), nullptr);
+      });
+}
+
 TEST(TransferTest, StaticCast) {
   std::string Code = R"(
     void target(int Foo) {

