[clang] [LifetimeSafety] Model pointer-to-data-member access in the fact generator (PR #204612)
Gábor Horváth via cfe-commits
cfe-commits at lists.llvm.org
Mon Jun 22 09:43:36 PDT 2026
================
@@ -468,6 +468,20 @@ void FactsGenerator::handlePointerArithmetic(const BinaryOperator *BO) {
}
void FactsGenerator::VisitBinaryOperator(const BinaryOperator *BO) {
+ if (BO->getOpcode() == BO_PtrMemD || BO->getOpcode() == BO_PtrMemI) {
+ // `obj.*pm` / `objptr->*pm` names a member of the object, so a borrow of it
+ // borrows the object; flow the object's origin into the result. For `.*`
+ // the object is the LHS; for `->*` it is the LHS pointer's pointee.
+ OriginList *Dst = getOriginsList(*BO);
+ OriginList *ObjSrc =
+ BO->getOpcode() == BO_PtrMemD
+ ? getOriginsList(*BO->getLHS())
+ : getRValueOrigins(BO->getLHS(), getOriginsList(*BO->getLHS()));
+ if (Dst && ObjSrc && Dst->getLength() == ObjSrc->getLength())
----------------
Xazax-hun wrote:
Really good question! While I was looking into this a bit deeper I discovered that this was not the right thing to do. The length can differ when the target field of the pointer-to-member is an indirection. But we still want to do the tracking here, we only want to flow the outer origin. I added a comment and updated the code.
https://github.com/llvm/llvm-project/pull/204612
More information about the cfe-commits
mailing list