[clang] [clang][analyzer] Handle CXXParenInitListExpr alongside InitListExpr (PR #136041)
steakhal wrote: Ah, I see now your perspective. Yes, any PRs tagged with the CSA tag will hit our inboxes. https://github.com/llvm/llvm-project/pull/136041 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Handle CXXParenInitListExpr alongside InitListExpr (PR #136041)
zwuis wrote: > FYI we usually ping once a week. Oh, I see. IIUC `@ llvm/pr-subscribers-clang-static-analyzer-1` is also a ping, which I didn't know. https://github.com/llvm/llvm-project/pull/136041 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Handle CXXParenInitListExpr alongside InitListExpr (PR #136041)
github-actions[bot] wrote: @fangyi-zhou Congratulations on having your first Pull Request (PR) merged into the LLVM Project! Your changes will be combined with recent changes from other authors, then tested by our [build bots](https://lab.llvm.org/buildbot/). If there is a problem with a build, you may receive a report in an email or a comment on this PR. Please check whether problems have been caused by your change specifically, as the builds can include changes from many authors. It is not uncommon for your change to be included in a build that fails due to someone else's changes, or infrastructure issues. How to do this, and the rest of the post-merge process, is covered in detail [here](https://llvm.org/docs/MyFirstTypoFix.html#myfirsttypofix-issues-after-landing-your-pr). If your change does cause a problem, it may be reverted, or you can revert it yourself. This is a normal part of [LLVM development](https://llvm.org/docs/DeveloperPolicy.html#patch-reversion-policy). You can fix your changes and open a new PR to merge them again. If you don't get any reports, no action is required from you. Your changes are working as expected, well done! https://github.com/llvm/llvm-project/pull/136041 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Handle CXXParenInitListExpr alongside InitListExpr (PR #136041)
https://github.com/steakhal closed https://github.com/llvm/llvm-project/pull/136041 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Handle CXXParenInitListExpr alongside InitListExpr (PR #136041)
@@ -0,0 +1,19 @@
+// RUN: %clang_analyze_cc1 -std=c++20 -analyzer-checker=core -verify %s
+
+// expected-no-diagnostics
+
+template
+struct overload : public F...
+{
+ using F::operator()...;
+};
+
+template
+overload(F&&...) -> overload;
+
+int main()
+{
+ const auto l = overload([](const int* i) {});
steakhal wrote:
```suggestion
const auto l = overload([](const int* i) {}); // no-crash
```
https://github.com/llvm/llvm-project/pull/136041
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Handle CXXParenInitListExpr alongside InitListExpr (PR #136041)
https://github.com/steakhal updated
https://github.com/llvm/llvm-project/pull/136041
>From 5dc9d55eb04d94c01dba0364b51a509f975e542a Mon Sep 17 00:00:00 2001
From: Fangyi Zhou
Date: Thu, 17 Apr 2025 23:02:37 +0100
Subject: [PATCH 1/2] [clang][analyzer] Handle CXXParenInitListExpr alongside
InitListExpr
As reported in #135665, C++20 parenthesis initializer list expressions
are not handled correctly and were causing crashes. This commit attempts
to fix the issue by handing parenthesis initializer lists along side
existing initializer lists.
---
clang/docs/ReleaseNotes.rst | 2 ++
.../Checkers/DynamicTypePropagation.cpp | 6 +++---
.../lib/StaticAnalyzer/Core/ExprEngineCXX.cpp | 10 ++
clang/test/Analysis/PR135665.cpp | 19 +++
4 files changed, 30 insertions(+), 7 deletions(-)
create mode 100644 clang/test/Analysis/PR135665.cpp
diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index c75d83a6d1a7a..85e095e6b1acc 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -667,6 +667,8 @@ Code Completion
Static Analyzer
---
+- Fixed a crash when C++20 parenthesized initializer lists are used. This issue
+ was causing a crash in clang-tidy. (#GH136041)
New features
diff --git a/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
b/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
index a0bf776b11f53..e58329817d7cd 100644
--- a/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
@@ -379,9 +379,9 @@ void DynamicTypePropagation::checkPostCall(const CallEvent
&Call,
// aggregates, and in such case no top-frame constructor will be
called.
// Figure out if we need to do anything in this case.
// FIXME: Instead of relying on the ParentMap, we should have the
-// trigger-statement (InitListExpr in this case) available in this
-// callback, ideally as part of CallEvent.
-if (isa_and_nonnull(
+// trigger-statement (InitListExpr or CXXParenListInitExpr in this
case)
+// available in this callback, ideally as part of CallEvent.
+if (isa_and_nonnull(
LCtx->getParentMap().getParent(Ctor->getOriginExpr(
return;
diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
b/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
index 7e878f922a939..92ce3fa2225c8 100644
--- a/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
+++ b/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
@@ -644,9 +644,10 @@ void ExprEngine::handleConstructor(const Expr *E,
// FIXME: For now this code essentially bails out. We need to find the
// correct target region and set it.
// FIXME: Instead of relying on the ParentMap, we should have the
-// trigger-statement (InitListExpr in this case) passed down from CFG or
-// otherwise always available during construction.
-if (isa_and_nonnull(LCtx->getParentMap().getParent(E))) {
+// trigger-statement (InitListExpr or CXXParenListInitExpr in this case)
+// passed down from CFG or otherwise always available during construction.
+if (isa_and_nonnull(
+LCtx->getParentMap().getParent(E))) {
MemRegionManager &MRMgr = getSValBuilder().getRegionManager();
Target = loc::MemRegionVal(MRMgr.getCXXTempObjectRegion(E, LCtx));
CallOpts.IsCtorOrDtorWithImproperlyModeledTargetRegion = true;
@@ -1017,7 +1018,8 @@ void ExprEngine::VisitCXXNewExpr(const CXXNewExpr *CNE,
ExplodedNode *Pred,
// values are properly placed inside the required region, however if an
// initializer list is used, this doesn't happen automatically.
auto *Init = CNE->getInitializer();
- bool isInitList = isa_and_nonnull(Init);
+ bool isInitList =
+ isa_and_nonnull(Init);
QualType ObjTy =
isInitList ? Init->getType() : CNE->getType()->getPointeeType();
diff --git a/clang/test/Analysis/PR135665.cpp b/clang/test/Analysis/PR135665.cpp
new file mode 100644
index 0..124b8c9b97b04
--- /dev/null
+++ b/clang/test/Analysis/PR135665.cpp
@@ -0,0 +1,19 @@
+// RUN: %clang_analyze_cc1 -std=c++20 -analyzer-checker=core -verify %s
+
+// expected-no-diagnostics
+
+template
+struct overload : public F...
+{
+ using F::operator()...;
+};
+
+template
+overload(F&&...) -> overload;
+
+int main()
+{
+ const auto l = overload([](const int* i) {});
+
+ return 0;
+}
>From 81212f05b58bc42b342ebcae0b0abd780c4d0306 Mon Sep 17 00:00:00 2001
From: Balazs Benics
Date: Sun, 20 Apr 2025 17:31:57 +0200
Subject: [PATCH 2/2] Add no-crash in test
---
clang/test/Analysis/PR135665.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/clang/test/Analysis/PR135665.cpp b/clang/test/Analysis/PR135665.cpp
index 124b8c9b97b04..c03ba551b3ae2 100644
--- a/clang/test/Analysis/PR135665.cpp
+++ b/c
[clang] [clang][analyzer] Handle CXXParenInitListExpr alongside InitListExpr (PR #136041)
https://github.com/steakhal approved this pull request. LGTM, thanks. FYI we usually ping once a week. https://github.com/llvm/llvm-project/pull/136041 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Handle CXXParenInitListExpr alongside InitListExpr (PR #136041)
https://github.com/steakhal edited https://github.com/llvm/llvm-project/pull/136041 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Handle CXXParenInitListExpr alongside InitListExpr (PR #136041)
zwuis wrote: @Xazax-hun @steakhal Please take a look. https://github.com/llvm/llvm-project/pull/136041 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Handle CXXParenInitListExpr alongside InitListExpr (PR #136041)
https://github.com/zwuis approved this pull request. https://github.com/llvm/llvm-project/pull/136041 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Handle CXXParenInitListExpr alongside InitListExpr (PR #136041)
https://github.com/fangyi-zhou updated
https://github.com/llvm/llvm-project/pull/136041
>From a0b769ee35df18418ed410e30ac6cdde9024a4f1 Mon Sep 17 00:00:00 2001
From: Fangyi Zhou
Date: Wed, 16 Apr 2025 23:52:39 +0100
Subject: [PATCH] [clang][analyzer] Handle CXXParenInitListExpr alongside
InitListExpr
As reported in #135665, C++20 parenthesis initializer list expressions
are not handled correctly and were causing crashes. This commit attempts
to fix the issue by handing parenthesis initializer lists along side
existing initializer lists.
---
.../Checkers/DynamicTypePropagation.cpp | 10 ++
.../lib/StaticAnalyzer/Core/ExprEngineCXX.cpp | 11 +++
clang/test/Analysis/PR135665.cpp | 19 +++
3 files changed, 32 insertions(+), 8 deletions(-)
create mode 100644 clang/test/Analysis/PR135665.cpp
diff --git a/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
b/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
index a0bf776b11f53..6fad0601e87ca 100644
--- a/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
@@ -379,10 +379,12 @@ void DynamicTypePropagation::checkPostCall(const
CallEvent &Call,
// aggregates, and in such case no top-frame constructor will be
called.
// Figure out if we need to do anything in this case.
// FIXME: Instead of relying on the ParentMap, we should have the
-// trigger-statement (InitListExpr in this case) available in this
-// callback, ideally as part of CallEvent.
-if (isa_and_nonnull(
-LCtx->getParentMap().getParent(Ctor->getOriginExpr(
+// trigger-statement (InitListExpr or CXXParenListInitExpr in this
case)
+// available in this callback, ideally as part of CallEvent.
+const Stmt *Parent =
+LCtx->getParentMap().getParent(Ctor->getOriginExpr());
+if (isa_and_nonnull(Parent) ||
+isa_and_nonnull(Parent))
return;
recordFixedType(Target, cast(LCtx->getDecl()), C);
diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
b/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
index 7e878f922a939..914859861b948 100644
--- a/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
+++ b/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
@@ -644,9 +644,11 @@ void ExprEngine::handleConstructor(const Expr *E,
// FIXME: For now this code essentially bails out. We need to find the
// correct target region and set it.
// FIXME: Instead of relying on the ParentMap, we should have the
-// trigger-statement (InitListExpr in this case) passed down from CFG or
-// otherwise always available during construction.
-if (isa_and_nonnull(LCtx->getParentMap().getParent(E))) {
+// trigger-statement (InitListExpr or CXXParenListInitExpr in this case)
+// passed down from CFG or otherwise always available during construction.
+if (isa_and_nonnull(LCtx->getParentMap().getParent(E)) ||
+isa_and_nonnull(
+LCtx->getParentMap().getParent(E))) {
MemRegionManager &MRMgr = getSValBuilder().getRegionManager();
Target = loc::MemRegionVal(MRMgr.getCXXTempObjectRegion(E, LCtx));
CallOpts.IsCtorOrDtorWithImproperlyModeledTargetRegion = true;
@@ -1017,7 +1019,8 @@ void ExprEngine::VisitCXXNewExpr(const CXXNewExpr *CNE,
ExplodedNode *Pred,
// values are properly placed inside the required region, however if an
// initializer list is used, this doesn't happen automatically.
auto *Init = CNE->getInitializer();
- bool isInitList = isa_and_nonnull(Init);
+ bool isInitList = isa_and_nonnull(Init) ||
+isa_and_nonnull(Init);
QualType ObjTy =
isInitList ? Init->getType() : CNE->getType()->getPointeeType();
diff --git a/clang/test/Analysis/PR135665.cpp b/clang/test/Analysis/PR135665.cpp
new file mode 100644
index 0..124b8c9b97b04
--- /dev/null
+++ b/clang/test/Analysis/PR135665.cpp
@@ -0,0 +1,19 @@
+// RUN: %clang_analyze_cc1 -std=c++20 -analyzer-checker=core -verify %s
+
+// expected-no-diagnostics
+
+template
+struct overload : public F...
+{
+ using F::operator()...;
+};
+
+template
+overload(F&&...) -> overload;
+
+int main()
+{
+ const auto l = overload([](const int* i) {});
+
+ return 0;
+}
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Handle CXXParenInitListExpr alongside InitListExpr (PR #136041)
https://github.com/fangyi-zhou updated
https://github.com/llvm/llvm-project/pull/136041
>From a0b769ee35df18418ed410e30ac6cdde9024a4f1 Mon Sep 17 00:00:00 2001
From: Fangyi Zhou
Date: Wed, 16 Apr 2025 23:52:39 +0100
Subject: [PATCH 1/4] [clang][analyzer] Handle CXXParenInitListExpr alongside
InitListExpr
As reported in #135665, C++20 parenthesis initializer list expressions
are not handled correctly and were causing crashes. This commit attempts
to fix the issue by handing parenthesis initializer lists along side
existing initializer lists.
---
.../Checkers/DynamicTypePropagation.cpp | 10 ++
.../lib/StaticAnalyzer/Core/ExprEngineCXX.cpp | 11 +++
clang/test/Analysis/PR135665.cpp | 19 +++
3 files changed, 32 insertions(+), 8 deletions(-)
create mode 100644 clang/test/Analysis/PR135665.cpp
diff --git a/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
b/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
index a0bf776b11f53..6fad0601e87ca 100644
--- a/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
@@ -379,10 +379,12 @@ void DynamicTypePropagation::checkPostCall(const
CallEvent &Call,
// aggregates, and in such case no top-frame constructor will be
called.
// Figure out if we need to do anything in this case.
// FIXME: Instead of relying on the ParentMap, we should have the
-// trigger-statement (InitListExpr in this case) available in this
-// callback, ideally as part of CallEvent.
-if (isa_and_nonnull(
-LCtx->getParentMap().getParent(Ctor->getOriginExpr(
+// trigger-statement (InitListExpr or CXXParenListInitExpr in this
case)
+// available in this callback, ideally as part of CallEvent.
+const Stmt *Parent =
+LCtx->getParentMap().getParent(Ctor->getOriginExpr());
+if (isa_and_nonnull(Parent) ||
+isa_and_nonnull(Parent))
return;
recordFixedType(Target, cast(LCtx->getDecl()), C);
diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
b/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
index 7e878f922a939..914859861b948 100644
--- a/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
+++ b/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
@@ -644,9 +644,11 @@ void ExprEngine::handleConstructor(const Expr *E,
// FIXME: For now this code essentially bails out. We need to find the
// correct target region and set it.
// FIXME: Instead of relying on the ParentMap, we should have the
-// trigger-statement (InitListExpr in this case) passed down from CFG or
-// otherwise always available during construction.
-if (isa_and_nonnull(LCtx->getParentMap().getParent(E))) {
+// trigger-statement (InitListExpr or CXXParenListInitExpr in this case)
+// passed down from CFG or otherwise always available during construction.
+if (isa_and_nonnull(LCtx->getParentMap().getParent(E)) ||
+isa_and_nonnull(
+LCtx->getParentMap().getParent(E))) {
MemRegionManager &MRMgr = getSValBuilder().getRegionManager();
Target = loc::MemRegionVal(MRMgr.getCXXTempObjectRegion(E, LCtx));
CallOpts.IsCtorOrDtorWithImproperlyModeledTargetRegion = true;
@@ -1017,7 +1019,8 @@ void ExprEngine::VisitCXXNewExpr(const CXXNewExpr *CNE,
ExplodedNode *Pred,
// values are properly placed inside the required region, however if an
// initializer list is used, this doesn't happen automatically.
auto *Init = CNE->getInitializer();
- bool isInitList = isa_and_nonnull(Init);
+ bool isInitList = isa_and_nonnull(Init) ||
+isa_and_nonnull(Init);
QualType ObjTy =
isInitList ? Init->getType() : CNE->getType()->getPointeeType();
diff --git a/clang/test/Analysis/PR135665.cpp b/clang/test/Analysis/PR135665.cpp
new file mode 100644
index 0..124b8c9b97b04
--- /dev/null
+++ b/clang/test/Analysis/PR135665.cpp
@@ -0,0 +1,19 @@
+// RUN: %clang_analyze_cc1 -std=c++20 -analyzer-checker=core -verify %s
+
+// expected-no-diagnostics
+
+template
+struct overload : public F...
+{
+ using F::operator()...;
+};
+
+template
+overload(F&&...) -> overload;
+
+int main()
+{
+ const auto l = overload([](const int* i) {});
+
+ return 0;
+}
>From 8b915918692b49b9eb4fb06bd5d9ee863354 Mon Sep 17 00:00:00 2001
From: Fangyi Zhou
Date: Thu, 17 Apr 2025 17:43:07 +0100
Subject: [PATCH 2/4] Fix isa_and_nonnull calls
---
.../lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp | 6 ++
clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp | 3 +--
2 files changed, 3 insertions(+), 6 deletions(-)
diff --git a/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
b/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
index 6fad0601e87ca..e58329817d7cd 100644
--- a/clang/lib/StaticAnalyzer/Che
[clang] [clang][analyzer] Handle CXXParenInitListExpr alongside InitListExpr (PR #136041)
https://github.com/fangyi-zhou updated
https://github.com/llvm/llvm-project/pull/136041
>From a0b769ee35df18418ed410e30ac6cdde9024a4f1 Mon Sep 17 00:00:00 2001
From: Fangyi Zhou
Date: Wed, 16 Apr 2025 23:52:39 +0100
Subject: [PATCH 1/3] [clang][analyzer] Handle CXXParenInitListExpr alongside
InitListExpr
As reported in #135665, C++20 parenthesis initializer list expressions
are not handled correctly and were causing crashes. This commit attempts
to fix the issue by handing parenthesis initializer lists along side
existing initializer lists.
---
.../Checkers/DynamicTypePropagation.cpp | 10 ++
.../lib/StaticAnalyzer/Core/ExprEngineCXX.cpp | 11 +++
clang/test/Analysis/PR135665.cpp | 19 +++
3 files changed, 32 insertions(+), 8 deletions(-)
create mode 100644 clang/test/Analysis/PR135665.cpp
diff --git a/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
b/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
index a0bf776b11f53..6fad0601e87ca 100644
--- a/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
@@ -379,10 +379,12 @@ void DynamicTypePropagation::checkPostCall(const
CallEvent &Call,
// aggregates, and in such case no top-frame constructor will be
called.
// Figure out if we need to do anything in this case.
// FIXME: Instead of relying on the ParentMap, we should have the
-// trigger-statement (InitListExpr in this case) available in this
-// callback, ideally as part of CallEvent.
-if (isa_and_nonnull(
-LCtx->getParentMap().getParent(Ctor->getOriginExpr(
+// trigger-statement (InitListExpr or CXXParenListInitExpr in this
case)
+// available in this callback, ideally as part of CallEvent.
+const Stmt *Parent =
+LCtx->getParentMap().getParent(Ctor->getOriginExpr());
+if (isa_and_nonnull(Parent) ||
+isa_and_nonnull(Parent))
return;
recordFixedType(Target, cast(LCtx->getDecl()), C);
diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
b/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
index 7e878f922a939..914859861b948 100644
--- a/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
+++ b/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
@@ -644,9 +644,11 @@ void ExprEngine::handleConstructor(const Expr *E,
// FIXME: For now this code essentially bails out. We need to find the
// correct target region and set it.
// FIXME: Instead of relying on the ParentMap, we should have the
-// trigger-statement (InitListExpr in this case) passed down from CFG or
-// otherwise always available during construction.
-if (isa_and_nonnull(LCtx->getParentMap().getParent(E))) {
+// trigger-statement (InitListExpr or CXXParenListInitExpr in this case)
+// passed down from CFG or otherwise always available during construction.
+if (isa_and_nonnull(LCtx->getParentMap().getParent(E)) ||
+isa_and_nonnull(
+LCtx->getParentMap().getParent(E))) {
MemRegionManager &MRMgr = getSValBuilder().getRegionManager();
Target = loc::MemRegionVal(MRMgr.getCXXTempObjectRegion(E, LCtx));
CallOpts.IsCtorOrDtorWithImproperlyModeledTargetRegion = true;
@@ -1017,7 +1019,8 @@ void ExprEngine::VisitCXXNewExpr(const CXXNewExpr *CNE,
ExplodedNode *Pred,
// values are properly placed inside the required region, however if an
// initializer list is used, this doesn't happen automatically.
auto *Init = CNE->getInitializer();
- bool isInitList = isa_and_nonnull(Init);
+ bool isInitList = isa_and_nonnull(Init) ||
+isa_and_nonnull(Init);
QualType ObjTy =
isInitList ? Init->getType() : CNE->getType()->getPointeeType();
diff --git a/clang/test/Analysis/PR135665.cpp b/clang/test/Analysis/PR135665.cpp
new file mode 100644
index 0..124b8c9b97b04
--- /dev/null
+++ b/clang/test/Analysis/PR135665.cpp
@@ -0,0 +1,19 @@
+// RUN: %clang_analyze_cc1 -std=c++20 -analyzer-checker=core -verify %s
+
+// expected-no-diagnostics
+
+template
+struct overload : public F...
+{
+ using F::operator()...;
+};
+
+template
+overload(F&&...) -> overload;
+
+int main()
+{
+ const auto l = overload([](const int* i) {});
+
+ return 0;
+}
>From 8b915918692b49b9eb4fb06bd5d9ee863354 Mon Sep 17 00:00:00 2001
From: Fangyi Zhou
Date: Thu, 17 Apr 2025 17:43:07 +0100
Subject: [PATCH 2/3] Fix isa_and_nonnull calls
---
.../lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp | 6 ++
clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp | 3 +--
2 files changed, 3 insertions(+), 6 deletions(-)
diff --git a/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
b/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
index 6fad0601e87ca..e58329817d7cd 100644
--- a/clang/lib/StaticAnalyzer/Che
[clang] [clang][analyzer] Handle CXXParenInitListExpr alongside InitListExpr (PR #136041)
fangyi-zhou wrote: Sorry I didn't notice, will fix. https://github.com/llvm/llvm-project/pull/136041 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Handle CXXParenInitListExpr alongside InitListExpr (PR #136041)
https://github.com/fangyi-zhou updated
https://github.com/llvm/llvm-project/pull/136041
>From 5dc9d55eb04d94c01dba0364b51a509f975e542a Mon Sep 17 00:00:00 2001
From: Fangyi Zhou
Date: Thu, 17 Apr 2025 23:02:37 +0100
Subject: [PATCH] [clang][analyzer] Handle CXXParenInitListExpr alongside
InitListExpr
As reported in #135665, C++20 parenthesis initializer list expressions
are not handled correctly and were causing crashes. This commit attempts
to fix the issue by handing parenthesis initializer lists along side
existing initializer lists.
---
clang/docs/ReleaseNotes.rst | 2 ++
.../Checkers/DynamicTypePropagation.cpp | 6 +++---
.../lib/StaticAnalyzer/Core/ExprEngineCXX.cpp | 10 ++
clang/test/Analysis/PR135665.cpp | 19 +++
4 files changed, 30 insertions(+), 7 deletions(-)
create mode 100644 clang/test/Analysis/PR135665.cpp
diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index c75d83a6d1a7a..85e095e6b1acc 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -667,6 +667,8 @@ Code Completion
Static Analyzer
---
+- Fixed a crash when C++20 parenthesized initializer lists are used. This issue
+ was causing a crash in clang-tidy. (#GH136041)
New features
diff --git a/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
b/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
index a0bf776b11f53..e58329817d7cd 100644
--- a/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
@@ -379,9 +379,9 @@ void DynamicTypePropagation::checkPostCall(const CallEvent
&Call,
// aggregates, and in such case no top-frame constructor will be
called.
// Figure out if we need to do anything in this case.
// FIXME: Instead of relying on the ParentMap, we should have the
-// trigger-statement (InitListExpr in this case) available in this
-// callback, ideally as part of CallEvent.
-if (isa_and_nonnull(
+// trigger-statement (InitListExpr or CXXParenListInitExpr in this
case)
+// available in this callback, ideally as part of CallEvent.
+if (isa_and_nonnull(
LCtx->getParentMap().getParent(Ctor->getOriginExpr(
return;
diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
b/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
index 7e878f922a939..92ce3fa2225c8 100644
--- a/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
+++ b/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
@@ -644,9 +644,10 @@ void ExprEngine::handleConstructor(const Expr *E,
// FIXME: For now this code essentially bails out. We need to find the
// correct target region and set it.
// FIXME: Instead of relying on the ParentMap, we should have the
-// trigger-statement (InitListExpr in this case) passed down from CFG or
-// otherwise always available during construction.
-if (isa_and_nonnull(LCtx->getParentMap().getParent(E))) {
+// trigger-statement (InitListExpr or CXXParenListInitExpr in this case)
+// passed down from CFG or otherwise always available during construction.
+if (isa_and_nonnull(
+LCtx->getParentMap().getParent(E))) {
MemRegionManager &MRMgr = getSValBuilder().getRegionManager();
Target = loc::MemRegionVal(MRMgr.getCXXTempObjectRegion(E, LCtx));
CallOpts.IsCtorOrDtorWithImproperlyModeledTargetRegion = true;
@@ -1017,7 +1018,8 @@ void ExprEngine::VisitCXXNewExpr(const CXXNewExpr *CNE,
ExplodedNode *Pred,
// values are properly placed inside the required region, however if an
// initializer list is used, this doesn't happen automatically.
auto *Init = CNE->getInitializer();
- bool isInitList = isa_and_nonnull(Init);
+ bool isInitList =
+ isa_and_nonnull(Init);
QualType ObjTy =
isInitList ? Init->getType() : CNE->getType()->getPointeeType();
diff --git a/clang/test/Analysis/PR135665.cpp b/clang/test/Analysis/PR135665.cpp
new file mode 100644
index 0..124b8c9b97b04
--- /dev/null
+++ b/clang/test/Analysis/PR135665.cpp
@@ -0,0 +1,19 @@
+// RUN: %clang_analyze_cc1 -std=c++20 -analyzer-checker=core -verify %s
+
+// expected-no-diagnostics
+
+template
+struct overload : public F...
+{
+ using F::operator()...;
+};
+
+template
+overload(F&&...) -> overload;
+
+int main()
+{
+ const auto l = overload([](const int* i) {});
+
+ return 0;
+}
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Handle CXXParenInitListExpr alongside InitListExpr (PR #136041)
https://github.com/fangyi-zhou updated https://github.com/llvm/llvm-project/pull/136041 >From 6379f403e0967b820f9385581f9d23dd18297831 Mon Sep 17 00:00:00 2001 From: Fangyi Zhou Date: Wed, 16 Apr 2025 23:52:39 +0100 Subject: [PATCH] [clang][analyzer] Handle CXXParenInitListExpr alongside InitListExpr As reported in #135665, C++20 parenthesis initializer list expressions are not handled correctly and were causing crashes. This commit attempts to fix the issue by handing parenthesis initializer lists along side existing initializer lists. --- clang/docs/ReleaseNotes.rst | 22 --- .../Checkers/DynamicTypePropagation.cpp | 6 ++--- .../lib/StaticAnalyzer/Core/ExprEngineCXX.cpp | 10 + clang/test/Analysis/PR135665.cpp | 19 4 files changed, 32 insertions(+), 25 deletions(-) create mode 100644 clang/test/Analysis/PR135665.cpp diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst index c75d83a6d1a7a..88259fbb8278d 100644 --- a/clang/docs/ReleaseNotes.rst +++ b/clang/docs/ReleaseNotes.rst @@ -219,12 +219,6 @@ Modified Compiler Flags - `-Wpadded` option implemented for the `x86_64-windows-msvc` target. Fixes #61702 -- The ``-mexecute-only`` and ``-mpure-code`` flags are now accepted for AArch64 targets. (#GH125688) - -- The ``-Og`` optimization flag now sets ``-fextend-variable-liveness``, - reducing performance slightly while reducing the number of optimized-out - variables. - Removed Compiler Flags - @@ -432,9 +426,6 @@ Bug Fixes in This Version using C++23 "deducing this" did not have a diagnostic location (#GH135522) - Fixed a crash when a ``friend`` function is redefined as deleted. (#GH135506) -- Fixed a crash when ``#embed`` appears as a part of a failed constant - evaluation. The crashes were happening during diagnostics emission due to - unimplemented statement printer. (#GH132641) Bug Fixes to Compiler Builtins ^^ @@ -477,11 +468,9 @@ Bug Fixes to C++ Support by template argument deduction. - Clang is now better at instantiating the function definition after its use inside of a constexpr lambda. (#GH125747) -- Fixed a local class member function instantiation bug inside dependent lambdas. (#GH59734), (#GH132208) - Clang no longer crashes when trying to unify the types of arrays with certain differences in qualifiers (this could happen during template argument deduction or when building a ternary operator). (#GH97005) -- Fixed type alias CTAD issues involving default template arguments. (#GH134471) - The initialization kind of elements of structured bindings direct-list-initialized from an array is corrected to direct-initialization. - Clang no longer crashes when a coroutine is declared ``[[noreturn]]``. (#GH127327) @@ -497,10 +486,6 @@ Bug Fixes to C++ Support - Fixes matching of nested template template parameters. (#GH130362) - Correctly diagnoses template template paramters which have a pack parameter not in the last position. -- Disallow overloading on struct vs class on dependent types, which is IFNDR, as - this makes the problem diagnosable. -- Improved preservation of the presence or abscence of typename specifier when - printing types in diagnostics. - Clang now correctly parses ``if constexpr`` expressions in immediate function context. (#GH123524) - Fixed an assertion failure affecting code that uses C++23 "deducing this". (#GH130272) - Clang now properly instantiates destructors for initialized members within non-delegating constructors. (#GH93251) @@ -575,9 +560,6 @@ Arm and AArch64 Support - Support for __ptrauth type qualifier has been added. -- For AArch64, added support for generating executable-only code sections by using the - ``-mexecute-only`` or ``-mpure-code`` compiler flags. (#GH125688) - Android Support ^^^ @@ -667,6 +649,10 @@ Code Completion Static Analyzer --- +- Fixed a crash when C++20 parenthesized initializer lists are used. This issue + was causing a crash in clang-tidy. (#GH136041) + +- Fixed a crash when C++20 parenthesized initializer lists are used. (#GH136041) New features diff --git a/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp b/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp index a0bf776b11f53..e58329817d7cd 100644 --- a/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp @@ -379,9 +379,9 @@ void DynamicTypePropagation::checkPostCall(const CallEvent &Call, // aggregates, and in such case no top-frame constructor will be called. // Figure out if we need to do anything in this case. // FIXME: Instead of relying on the ParentMap, we should have the -// trigger-statement (InitListExpr in this case) available in this -// callback, ideally as part
[clang] [clang][analyzer] Handle CXXParenInitListExpr alongside InitListExpr (PR #136041)
zwuis wrote: There is a section named "Static Analyzer" in this file. https://github.com/llvm/llvm-project/pull/136041 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Handle CXXParenInitListExpr alongside InitListExpr (PR #136041)
https://github.com/fangyi-zhou updated
https://github.com/llvm/llvm-project/pull/136041
>From a0b769ee35df18418ed410e30ac6cdde9024a4f1 Mon Sep 17 00:00:00 2001
From: Fangyi Zhou
Date: Wed, 16 Apr 2025 23:52:39 +0100
Subject: [PATCH 1/4] [clang][analyzer] Handle CXXParenInitListExpr alongside
InitListExpr
As reported in #135665, C++20 parenthesis initializer list expressions
are not handled correctly and were causing crashes. This commit attempts
to fix the issue by handing parenthesis initializer lists along side
existing initializer lists.
---
.../Checkers/DynamicTypePropagation.cpp | 10 ++
.../lib/StaticAnalyzer/Core/ExprEngineCXX.cpp | 11 +++
clang/test/Analysis/PR135665.cpp | 19 +++
3 files changed, 32 insertions(+), 8 deletions(-)
create mode 100644 clang/test/Analysis/PR135665.cpp
diff --git a/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
b/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
index a0bf776b11f53..6fad0601e87ca 100644
--- a/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
@@ -379,10 +379,12 @@ void DynamicTypePropagation::checkPostCall(const
CallEvent &Call,
// aggregates, and in such case no top-frame constructor will be
called.
// Figure out if we need to do anything in this case.
// FIXME: Instead of relying on the ParentMap, we should have the
-// trigger-statement (InitListExpr in this case) available in this
-// callback, ideally as part of CallEvent.
-if (isa_and_nonnull(
-LCtx->getParentMap().getParent(Ctor->getOriginExpr(
+// trigger-statement (InitListExpr or CXXParenListInitExpr in this
case)
+// available in this callback, ideally as part of CallEvent.
+const Stmt *Parent =
+LCtx->getParentMap().getParent(Ctor->getOriginExpr());
+if (isa_and_nonnull(Parent) ||
+isa_and_nonnull(Parent))
return;
recordFixedType(Target, cast(LCtx->getDecl()), C);
diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
b/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
index 7e878f922a939..914859861b948 100644
--- a/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
+++ b/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
@@ -644,9 +644,11 @@ void ExprEngine::handleConstructor(const Expr *E,
// FIXME: For now this code essentially bails out. We need to find the
// correct target region and set it.
// FIXME: Instead of relying on the ParentMap, we should have the
-// trigger-statement (InitListExpr in this case) passed down from CFG or
-// otherwise always available during construction.
-if (isa_and_nonnull(LCtx->getParentMap().getParent(E))) {
+// trigger-statement (InitListExpr or CXXParenListInitExpr in this case)
+// passed down from CFG or otherwise always available during construction.
+if (isa_and_nonnull(LCtx->getParentMap().getParent(E)) ||
+isa_and_nonnull(
+LCtx->getParentMap().getParent(E))) {
MemRegionManager &MRMgr = getSValBuilder().getRegionManager();
Target = loc::MemRegionVal(MRMgr.getCXXTempObjectRegion(E, LCtx));
CallOpts.IsCtorOrDtorWithImproperlyModeledTargetRegion = true;
@@ -1017,7 +1019,8 @@ void ExprEngine::VisitCXXNewExpr(const CXXNewExpr *CNE,
ExplodedNode *Pred,
// values are properly placed inside the required region, however if an
// initializer list is used, this doesn't happen automatically.
auto *Init = CNE->getInitializer();
- bool isInitList = isa_and_nonnull(Init);
+ bool isInitList = isa_and_nonnull(Init) ||
+isa_and_nonnull(Init);
QualType ObjTy =
isInitList ? Init->getType() : CNE->getType()->getPointeeType();
diff --git a/clang/test/Analysis/PR135665.cpp b/clang/test/Analysis/PR135665.cpp
new file mode 100644
index 0..124b8c9b97b04
--- /dev/null
+++ b/clang/test/Analysis/PR135665.cpp
@@ -0,0 +1,19 @@
+// RUN: %clang_analyze_cc1 -std=c++20 -analyzer-checker=core -verify %s
+
+// expected-no-diagnostics
+
+template
+struct overload : public F...
+{
+ using F::operator()...;
+};
+
+template
+overload(F&&...) -> overload;
+
+int main()
+{
+ const auto l = overload([](const int* i) {});
+
+ return 0;
+}
>From 8b915918692b49b9eb4fb06bd5d9ee863354 Mon Sep 17 00:00:00 2001
From: Fangyi Zhou
Date: Thu, 17 Apr 2025 17:43:07 +0100
Subject: [PATCH 2/4] Fix isa_and_nonnull calls
---
.../lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp | 6 ++
clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp | 3 +--
2 files changed, 3 insertions(+), 6 deletions(-)
diff --git a/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
b/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
index 6fad0601e87ca..e58329817d7cd 100644
--- a/clang/lib/StaticAnalyzer/Che
[clang] [clang][analyzer] Handle CXXParenInitListExpr alongside InitListExpr (PR #136041)
https://github.com/zwuis edited https://github.com/llvm/llvm-project/pull/136041 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Handle CXXParenInitListExpr alongside InitListExpr (PR #136041)
@@ -379,10 +379,12 @@ void DynamicTypePropagation::checkPostCall(const CallEvent &Call, // aggregates, and in such case no top-frame constructor will be called. // Figure out if we need to do anything in this case. // FIXME: Instead of relying on the ParentMap, we should have the -// trigger-statement (InitListExpr in this case) available in this -// callback, ideally as part of CallEvent. -if (isa_and_nonnull( -LCtx->getParentMap().getParent(Ctor->getOriginExpr( +// trigger-statement (InitListExpr or CXXParenListInitExpr in this case) +// available in this callback, ideally as part of CallEvent. +const Stmt *Parent = +LCtx->getParentMap().getParent(Ctor->getOriginExpr()); +if (isa_and_nonnull(Parent) || +isa_and_nonnull(Parent)) zwuis wrote: ```cpp isa_and_nonnull(...) ``` Ditto below. https://github.com/llvm/llvm-project/pull/136041 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Handle CXXParenInitListExpr alongside InitListExpr (PR #136041)
https://github.com/zwuis commented: Thank you for your patch! Please add a release note in clang/docs/ReleaseNotes.rst . https://github.com/llvm/llvm-project/pull/136041 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Handle CXXParenInitListExpr alongside InitListExpr (PR #136041)
llvmbot wrote:
@llvm/pr-subscribers-clang
Author: Fangyi Zhou (fangyi-zhou)
Changes
As reported in #135665, C++20 parenthesis initializer list expressions
are not handled correctly and were causing crashes. This commit attempts to fix
the issue by handing parenthesis initializer lists along side existing
initializer lists.
---
Full diff: https://github.com/llvm/llvm-project/pull/136041.diff
3 Files Affected:
- (modified) clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
(+6-4)
- (modified) clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp (+7-4)
- (added) clang/test/Analysis/PR135665.cpp (+19)
``diff
diff --git a/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
b/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
index a0bf776b11f53..6fad0601e87ca 100644
--- a/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
@@ -379,10 +379,12 @@ void DynamicTypePropagation::checkPostCall(const
CallEvent &Call,
// aggregates, and in such case no top-frame constructor will be
called.
// Figure out if we need to do anything in this case.
// FIXME: Instead of relying on the ParentMap, we should have the
-// trigger-statement (InitListExpr in this case) available in this
-// callback, ideally as part of CallEvent.
-if (isa_and_nonnull(
-LCtx->getParentMap().getParent(Ctor->getOriginExpr(
+// trigger-statement (InitListExpr or CXXParenListInitExpr in this
case)
+// available in this callback, ideally as part of CallEvent.
+const Stmt *Parent =
+LCtx->getParentMap().getParent(Ctor->getOriginExpr());
+if (isa_and_nonnull(Parent) ||
+isa_and_nonnull(Parent))
return;
recordFixedType(Target, cast(LCtx->getDecl()), C);
diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
b/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
index 7e878f922a939..914859861b948 100644
--- a/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
+++ b/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
@@ -644,9 +644,11 @@ void ExprEngine::handleConstructor(const Expr *E,
// FIXME: For now this code essentially bails out. We need to find the
// correct target region and set it.
// FIXME: Instead of relying on the ParentMap, we should have the
-// trigger-statement (InitListExpr in this case) passed down from CFG or
-// otherwise always available during construction.
-if (isa_and_nonnull(LCtx->getParentMap().getParent(E))) {
+// trigger-statement (InitListExpr or CXXParenListInitExpr in this case)
+// passed down from CFG or otherwise always available during construction.
+if (isa_and_nonnull(LCtx->getParentMap().getParent(E)) ||
+isa_and_nonnull(
+LCtx->getParentMap().getParent(E))) {
MemRegionManager &MRMgr = getSValBuilder().getRegionManager();
Target = loc::MemRegionVal(MRMgr.getCXXTempObjectRegion(E, LCtx));
CallOpts.IsCtorOrDtorWithImproperlyModeledTargetRegion = true;
@@ -1017,7 +1019,8 @@ void ExprEngine::VisitCXXNewExpr(const CXXNewExpr *CNE,
ExplodedNode *Pred,
// values are properly placed inside the required region, however if an
// initializer list is used, this doesn't happen automatically.
auto *Init = CNE->getInitializer();
- bool isInitList = isa_and_nonnull(Init);
+ bool isInitList = isa_and_nonnull(Init) ||
+isa_and_nonnull(Init);
QualType ObjTy =
isInitList ? Init->getType() : CNE->getType()->getPointeeType();
diff --git a/clang/test/Analysis/PR135665.cpp b/clang/test/Analysis/PR135665.cpp
new file mode 100644
index 0..124b8c9b97b04
--- /dev/null
+++ b/clang/test/Analysis/PR135665.cpp
@@ -0,0 +1,19 @@
+// RUN: %clang_analyze_cc1 -std=c++20 -analyzer-checker=core -verify %s
+
+// expected-no-diagnostics
+
+template
+struct overload : public F...
+{
+ using F::operator()...;
+};
+
+template
+overload(F&&...) -> overload;
+
+int main()
+{
+ const auto l = overload([](const int* i) {});
+
+ return 0;
+}
``
https://github.com/llvm/llvm-project/pull/136041
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Handle CXXParenInitListExpr alongside InitListExpr (PR #136041)
https://github.com/fangyi-zhou ready_for_review https://github.com/llvm/llvm-project/pull/136041 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Handle CXXParenInitListExpr alongside InitListExpr (PR #136041)
https://github.com/fangyi-zhou created
https://github.com/llvm/llvm-project/pull/136041
As reported in #135665, C++20 parenthesis initializer list expressions are not
handled correctly and were causing crashes. This commit attempts to fix the
issue by handing parenthesis initializer lists along side existing initializer
lists.
>From 13d4ea6b0fb61ad27f596edbdf7daf20921f6989 Mon Sep 17 00:00:00 2001
From: Fangyi Zhou
Date: Wed, 16 Apr 2025 22:51:36 +0100
Subject: [PATCH] [clang][analyzer] Handle CXXParenInitListExpr alongside
InitListExpr
As reported in #135665, C++20 parenthesis initializer list expressions
are not handled correctly and were causing crashes. This commit attempts
to fix the issue by handing parenthesis initializer lists along side
existing initializer lists.
---
.../Checkers/DynamicTypePropagation.cpp | 10 ++
clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp | 11 +++
clang/test/Analysis/PR135665.cpp| 17 +
3 files changed, 30 insertions(+), 8 deletions(-)
create mode 100644 clang/test/Analysis/PR135665.cpp
diff --git a/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
b/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
index a0bf776b11f53..6fad0601e87ca 100644
--- a/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/DynamicTypePropagation.cpp
@@ -379,10 +379,12 @@ void DynamicTypePropagation::checkPostCall(const
CallEvent &Call,
// aggregates, and in such case no top-frame constructor will be
called.
// Figure out if we need to do anything in this case.
// FIXME: Instead of relying on the ParentMap, we should have the
-// trigger-statement (InitListExpr in this case) available in this
-// callback, ideally as part of CallEvent.
-if (isa_and_nonnull(
-LCtx->getParentMap().getParent(Ctor->getOriginExpr(
+// trigger-statement (InitListExpr or CXXParenListInitExpr in this
case)
+// available in this callback, ideally as part of CallEvent.
+const Stmt *Parent =
+LCtx->getParentMap().getParent(Ctor->getOriginExpr());
+if (isa_and_nonnull(Parent) ||
+isa_and_nonnull(Parent))
return;
recordFixedType(Target, cast(LCtx->getDecl()), C);
diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
b/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
index 7e878f922a939..914859861b948 100644
--- a/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
+++ b/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
@@ -644,9 +644,11 @@ void ExprEngine::handleConstructor(const Expr *E,
// FIXME: For now this code essentially bails out. We need to find the
// correct target region and set it.
// FIXME: Instead of relying on the ParentMap, we should have the
-// trigger-statement (InitListExpr in this case) passed down from CFG or
-// otherwise always available during construction.
-if (isa_and_nonnull(LCtx->getParentMap().getParent(E))) {
+// trigger-statement (InitListExpr or CXXParenListInitExpr in this case)
+// passed down from CFG or otherwise always available during construction.
+if (isa_and_nonnull(LCtx->getParentMap().getParent(E)) ||
+isa_and_nonnull(
+LCtx->getParentMap().getParent(E))) {
MemRegionManager &MRMgr = getSValBuilder().getRegionManager();
Target = loc::MemRegionVal(MRMgr.getCXXTempObjectRegion(E, LCtx));
CallOpts.IsCtorOrDtorWithImproperlyModeledTargetRegion = true;
@@ -1017,7 +1019,8 @@ void ExprEngine::VisitCXXNewExpr(const CXXNewExpr *CNE,
ExplodedNode *Pred,
// values are properly placed inside the required region, however if an
// initializer list is used, this doesn't happen automatically.
auto *Init = CNE->getInitializer();
- bool isInitList = isa_and_nonnull(Init);
+ bool isInitList = isa_and_nonnull(Init) ||
+isa_and_nonnull(Init);
QualType ObjTy =
isInitList ? Init->getType() : CNE->getType()->getPointeeType();
diff --git a/clang/test/Analysis/PR135665.cpp b/clang/test/Analysis/PR135665.cpp
new file mode 100644
index 0..07848d9a590f5
--- /dev/null
+++ b/clang/test/Analysis/PR135665.cpp
@@ -0,0 +1,17 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core -verify %s
+
+template
+struct overload : public F...
+{
+ using F::operator()...;
+};
+
+template
+overload(F&&...) -> overload;
+
+int main()
+{
+ const auto l = overload([](const int* i) {});
+
+ return 0;
+}
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [clang][analyzer] Handle CXXParenInitListExpr alongside InitListExpr (PR #136041)
github-actions[bot] wrote: Thank you for submitting a Pull Request (PR) to the LLVM Project! This PR will be automatically labeled and the relevant teams will be notified. If you wish to, you can add reviewers by using the "Reviewers" section on this page. If this is not working for you, it is probably because you do not have write permissions for the repository. In which case you can instead tag reviewers by name in a comment by using `@` followed by their GitHub username. If you have received no comments on your PR for a week, you can request a review by "ping"ing the PR by adding a comment “Ping”. The common courtesy "ping" rate is once a week. Please remember that you are asking for valuable time from other developers. If you have further questions, they may be answered by the [LLVM GitHub User Guide](https://llvm.org/docs/GitHub.html). You can also ask questions in a comment on this PR, on the [LLVM Discord](https://discord.com/invite/xS7Z362) or on the [forums](https://discourse.llvm.org/). https://github.com/llvm/llvm-project/pull/136041 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
