[clang] [LifetimeSafety] Model pointer-to-data-member access in the fact generator (PR #204612)

Gábor Horváth via cfe-commits cfe-commits at lists.llvm.org
Mon Jun 22 09:43:36 PDT 2026


================
@@ -468,6 +468,20 @@ void FactsGenerator::handlePointerArithmetic(const BinaryOperator *BO) {
 }
 
 void FactsGenerator::VisitBinaryOperator(const BinaryOperator *BO) {
+  if (BO->getOpcode() == BO_PtrMemD || BO->getOpcode() == BO_PtrMemI) {
+    // `obj.*pm` / `objptr->*pm` names a member of the object, so a borrow of it
+    // borrows the object; flow the object's origin into the result. For `.*`
+    // the object is the LHS; for `->*` it is the LHS pointer's pointee.
+    OriginList *Dst = getOriginsList(*BO);
+    OriginList *ObjSrc =
+        BO->getOpcode() == BO_PtrMemD
+            ? getOriginsList(*BO->getLHS())
+            : getRValueOrigins(BO->getLHS(), getOriginsList(*BO->getLHS()));
+    if (Dst && ObjSrc && Dst->getLength() == ObjSrc->getLength())
----------------
Xazax-hun wrote:

Really good question! While I was looking into this a bit deeper I discovered that this was not the right thing to do. The length can differ when the target field of the pointer-to-member is an indirection. But we still want to do the tracking here, we only want to flow the outer origin. I added a comment and updated the code. 

https://github.com/llvm/llvm-project/pull/204612


More information about the cfe-commits mailing list