[clang] e60fe2e - [clang][analyzer] Fix InvalidatedIterator crash caused by overload operator member function with explicit this (#132581)
via cfe-commits
cfe-commits at lists.llvm.org
Mon Mar 24 05:51:14 PDT 2025
Author: flovent
Date: 2025-03-24T13:51:11+01:00
New Revision: e60fe2e5840229839e7e1e24971dd38d31b22ed8
URL: https://github.com/llvm/llvm-project/commit/e60fe2e5840229839e7e1e24971dd38d31b22ed8
DIFF: https://github.com/llvm/llvm-project/commit/e60fe2e5840229839e7e1e24971dd38d31b22ed8.diff
LOG: [clang][analyzer] Fix InvalidatedIterator crash caused by overload operator member function with explicit this (#132581)
Fixes #116372
>From this PR #83585, CSA starts to model overload operator member
function with explicit this as `SimpleFunctionCall` rather than
`CXXMemberOperatorCall` (derived from `CXXInstanceCall`), so
`CXXInstanceCall` only represents a non-static C++ member function call
`with implicit this`.
For this checker, it models `operator=` for STL containers, which always
uses implicit this, so the situation using explicit this can be skipped
directly.
Added:
Modified:
clang/lib/StaticAnalyzer/Checkers/ContainerModeling.cpp
clang/test/Analysis/invalidated-iterator.cpp
Removed:
################################################################################
diff --git a/clang/lib/StaticAnalyzer/Checkers/ContainerModeling.cpp b/clang/lib/StaticAnalyzer/Checkers/ContainerModeling.cpp
index 55ed809bfed6c..d850344db6591 100644
--- a/clang/lib/StaticAnalyzer/Checkers/ContainerModeling.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/ContainerModeling.cpp
@@ -157,8 +157,11 @@ void ContainerModeling::checkPostCall(const CallEvent &Call,
if (Func->isOverloadedOperator()) {
const auto Op = Func->getOverloadedOperator();
if (Op == OO_Equal) {
- // Overloaded 'operator=' must be a non-static member function.
- const auto *InstCall = cast<CXXInstanceCall>(&Call);
+ // Only handle the assignment operator with implicit this
+ const auto *InstCall = dyn_cast<CXXInstanceCall>(&Call);
+ if (!InstCall)
+ return;
+
if (cast<CXXMethodDecl>(Func)->isMoveAssignmentOperator()) {
handleAssignment(C, InstCall->getCXXThisVal(), Call.getOriginExpr(),
Call.getArgSVal(0));
diff --git a/clang/test/Analysis/invalidated-iterator.cpp b/clang/test/Analysis/invalidated-iterator.cpp
index c940dbf7276d3..de31a776108f0 100644
--- a/clang/test/Analysis/invalidated-iterator.cpp
+++ b/clang/test/Analysis/invalidated-iterator.cpp
@@ -1,5 +1,6 @@
// RUN: %clang_analyze_cc1 -std=c++11 -analyzer-checker=core,cplusplus,alpha.cplusplus.InvalidatedIterator -analyzer-config aggressive-binary-operation-simplification=true -analyzer-config c++-container-inlining=false %s -verify
// RUN: %clang_analyze_cc1 -std=c++11 -analyzer-checker=core,cplusplus,alpha.cplusplus.InvalidatedIterator -analyzer-config aggressive-binary-operation-simplification=true -analyzer-config c++-container-inlining=true -DINLINE=1 %s -verify
+// RUN: %clang_analyze_cc1 -std=c++23 -analyzer-checker=core,cplusplus,alpha.cplusplus.InvalidatedIterator -analyzer-config aggressive-binary-operation-simplification=true -analyzer-config c++-container-inlining=true -DINLINE=1 %s -verify
#include "Inputs/system-header-simulator-cxx.h"
@@ -204,4 +205,26 @@ void invalidated_subscript_end_ptr_iterator(cont_with_ptr_iterator<int> &C) {
auto i = C.begin();
C.erase(i);
(void) i[1]; // expected-warning{{Invalidated iterator accessed}}
-}
\ No newline at end of file
+}
+
+#if __cplusplus >= 202302L
+namespace GH116372 {
+ class ExplicitThis {
+ int f = 0;
+ public:
+ ExplicitThis();
+ ExplicitThis(ExplicitThis& other);
+
+ ExplicitThis& operator=(this ExplicitThis& self, ExplicitThis const& other) { // no crash
+ self.f = other.f;
+ return self;
+ }
+
+ ~ExplicitThis();
+ };
+
+ void func(ExplicitThis& obj1) {
+ obj1 = obj1;
+ }
+}
+#endif
More information about the cfe-commits
mailing list