[clang] [clang][dataflow] Skip array types when handling InitListExprs. (PR #83013)

[Samira Bazuzi via cfe-commits]

https://github.com/bazuzi updated https://github.com/llvm/llvm-project/pull/83013

>From ee395ff3555efa5cbeae4d874f3ad39c52b85faf Mon Sep 17 00:00:00 2001
From: Samira Bazuzi <bazuzi at google.com>
Date: Mon, 26 Feb 2024 10:00:48 -0500
Subject: [PATCH 1/2] [clang][dataflow] Skip array types when handling
 InitListExprs.

Crashes resulted from single-element InitListExprs for arrays with
elements of a record type after #80970.
---
 clang/lib/Analysis/FlowSensitive/Transfer.cpp   |  6 +++---
 .../Analysis/FlowSensitive/TransferTest.cpp     | 17 ++++++++++++++++-
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/clang/lib/Analysis/FlowSensitive/Transfer.cpp b/clang/lib/Analysis/FlowSensitive/Transfer.cpp
index fe13e919bddcd8..a5b8e9cbc18e64 100644
--- a/clang/lib/Analysis/FlowSensitive/Transfer.cpp
+++ b/clang/lib/Analysis/FlowSensitive/Transfer.cpp
@@ -671,9 +671,9 @@ class TransferVisitor : public ConstStmtVisitor<TransferVisitor> {
     }
 
     if (!Type->isStructureOrClassType()) {
-      // Until array initialization is implemented, we don't need to care about
-      // cases where `getNumInits() > 1`.
-      if (S->getNumInits() == 1)
+      // Until array initialization is implemented, we skip arrays and don't need
+      // to care about cases where `getNumInits() > 1`.
+      if (!Type->isArrayType() && S->getNumInits() == 1)
         propagateValueOrStorageLocation(*S->getInit(0), *S, Env);
       return;
     }
diff --git a/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp b/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
index a65b0446ac7818..2be899f5b6da91 100644
--- a/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
+++ b/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
@@ -2367,6 +2367,21 @@ TEST(TransferTest, InitListExprAsXValue) {
       });
 }
 
+TEST(TransferTest, ArrayInitListExprOneRecordElement) {
+  // This is a crash repro.
+  std::string Code = R"cc(
+    struct S {};
+
+    void target() { S foo[] = {S()}; }
+  )cc";
+  runDataflow(
+      Code,
+      [](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> &Results,
+         ASTContext &ASTCtx) {
+        // Just verify that it doesn't crash.
+      });
+}
+
 TEST(TransferTest, InitListExprAsUnion) {
   // This is a crash repro.
   std::string Code = R"cc(
@@ -3414,7 +3429,7 @@ TEST(TransferTest, AggregateInitializationFunctionPointer) {
     struct S {
       void (*const Field)();
     };
-    
+
     void target() {
       S s{nullptr};
     }

>From 00d1d53a1c52850042e1d09250833355a140ea4c Mon Sep 17 00:00:00 2001
From: Samira Bazuzi <bazuzi at google.com>
Date: Mon, 26 Feb 2024 10:00:48 -0500
Subject: [PATCH 2/2] [clang][dataflow] Skip array types when handling
 InitListExprs.

Crashes resulted from single-element InitListExprs for arrays with
elements of a record type after #80970.
---
 clang/lib/Analysis/FlowSensitive/Transfer.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/clang/lib/Analysis/FlowSensitive/Transfer.cpp b/clang/lib/Analysis/FlowSensitive/Transfer.cpp
index a5b8e9cbc18e64..089854264f483a 100644
--- a/clang/lib/Analysis/FlowSensitive/Transfer.cpp
+++ b/clang/lib/Analysis/FlowSensitive/Transfer.cpp
@@ -671,8 +671,8 @@ class TransferVisitor : public ConstStmtVisitor<TransferVisitor> {
     }
 
     if (!Type->isStructureOrClassType()) {
-      // Until array initialization is implemented, we skip arrays and don't need
-      // to care about cases where `getNumInits() > 1`.
+      // Until array initialization is implemented, we skip arrays and don't
+      // need to care about cases where `getNumInits() > 1`.
       if (!Type->isArrayType() && S->getNumInits() == 1)
         propagateValueOrStorageLocation(*S->getInit(0), *S, Env);
       return;