Skip to content

[clang-tidy] fix fp when modifying variant by operator[] with template in parameters #128407

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Mar 2, 2025
Merged

[clang-tidy] fix fp when modifying variant by operator[] with template in parameters #128407

merged 4 commits into from
Mar 2, 2025

Conversation

HerrCai0907
Copy link
Contributor

ArraySubscriptExpr can switch base and idx. For dependent array subscript access, we should check both base and idx conservatively.

@llvmbot llvmbot added clang Clang issues not falling into any other category clang-tools-extra clang-tidy clang:analysis labels Feb 23, 2025
@llvmbot
Copy link
Member

llvmbot commented Feb 23, 2025
edited
Loading

@llvm/pr-subscribers-clang-tools-extra
@llvm/pr-subscribers-clang

@llvm/pr-subscribers-clang-tidy

Author: Congcong Cai (HerrCai0907)

Changes

ArraySubscriptExpr can switch base and idx. For dependent array subscript access, we should check both base and idx conservatively.

Full diff: https://github.com/llvm/llvm-project/pull/128407.diff

4 Files Affected:

  • (modified) clang-tools-extra/docs/ReleaseNotes.rst (+4)
  • (modified) clang-tools-extra/test/clang-tidy/checkers/misc/const-correctness-values.cpp (+8)
  • (modified) clang/lib/Analysis/ExprMutationAnalyzer.cpp (+15-3)
  • (modified) clang/unittests/Analysis/ExprMutationAnalyzerTest.cpp (+13)
diff --git a/clang-tools-extra/docs/ReleaseNotes.rst b/clang-tools-extra/docs/ReleaseNotes.rst
index 6b8fe22242417..dc367b6b476f5 100644
--- a/clang-tools-extra/docs/ReleaseNotes.rst
+++ b/clang-tools-extra/docs/ReleaseNotes.rst
@@ -106,6 +106,10 @@ Changes in existing checks
   <clang-tidy/checks/bugprone/unsafe-functions>` check to allow specifying
   additional C++ member functions to match.
 
+- Improved :doc:`misc-const-correctness
+  <clang-tidy/checks/const-correctness>` check by fixing false positives when
+  modify variant by ``operator[]`` with template in parameters.
+
 - Improved :doc:`misc-redundant-expression
   <clang-tidy/checks/misc/redundant-expression>` check by providing additional
   examples and fixing some macro related false positives.
diff --git a/clang-tools-extra/test/clang-tidy/checkers/misc/const-correctness-values.cpp b/clang-tools-extra/test/clang-tidy/checkers/misc/const-correctness-values.cpp
index 0d1ff0db58371..e598cf9e64373 100644
--- a/clang-tools-extra/test/clang-tidy/checkers/misc/const-correctness-values.cpp
+++ b/clang-tools-extra/test/clang-tidy/checkers/misc/const-correctness-values.cpp
@@ -998,3 +998,11 @@ void member_pointer_const(Value &x, PointerToConstMemberFunction m) {
   // CHECK-MESSAGES:[[@LINE-1]]:3: warning: variable 'member_pointer_tmp' of type 'Value &' can be declared 'const'
   (member_pointer_tmp.*m)();
 }
+
+namespace gh127776_false_positive {
+template <class T> struct vector { T &operator[](int t); };
+template <typename T> void f() {
+  vector<int> x;
+  x[T{}] = 3;
+}
+} // namespace gh127776_false_positive
diff --git a/clang/lib/Analysis/ExprMutationAnalyzer.cpp b/clang/lib/Analysis/ExprMutationAnalyzer.cpp
index 8944343484e58..823d7543f085f 100644
--- a/clang/lib/Analysis/ExprMutationAnalyzer.cpp
+++ b/clang/lib/Analysis/ExprMutationAnalyzer.cpp
@@ -80,6 +80,17 @@ static bool canExprResolveTo(const Expr *Source, const Expr *Target) {
 
 namespace {
 
+// `ArraySubscriptExpr` can switch base and idx, e.g. `a[4]` is the same as
+// `4[a]`. When type is dependent, we conservatively assume both sides are base.
+AST_MATCHER_P(ArraySubscriptExpr, hasBaseConservative,
+              ast_matchers::internal::Matcher<Expr>, InnerMatcher) {
+  if (Node.isTypeDependent()) {
+    return InnerMatcher.matches(*Node.getLHS(), Finder, Builder) ||
+           InnerMatcher.matches(*Node.getRHS(), Finder, Builder);
+  }
+  return InnerMatcher.matches(*Node.getBase(), Finder, Builder);
+}
+
 AST_MATCHER(Type, isDependentType) { return Node.isDependentType(); }
 
 AST_MATCHER_P(LambdaExpr, hasCaptureInit, const Expr *, E) {
@@ -513,8 +524,8 @@ ExprMutationAnalyzer::Analyzer::findArrayElementMutation(const Expr *Exp) {
   // Check whether any element of an array is mutated.
   const auto SubscriptExprs = match(
       findAll(arraySubscriptExpr(
-                  anyOf(hasBase(canResolveToExpr(Exp)),
-                        hasBase(implicitCastExpr(allOf(
+                  anyOf(hasBaseConservative(canResolveToExpr(Exp)),
+                        hasBaseConservative(implicitCastExpr(allOf(
                             hasCastKind(CK_ArrayToPointerDecay),
                             hasSourceExpression(canResolveToExpr(Exp)))))))
                   .bind(NodeID<Expr>::value)),
@@ -716,7 +727,8 @@ ExprMutationAnalyzer::Analyzer::findPointeeValueMutation(const Expr *Exp) {
                    unaryOperator(hasOperatorName("*"),
                                  hasUnaryOperand(canResolveToExprPointee(Exp))),
                    // deref by []
-                   arraySubscriptExpr(hasBase(canResolveToExprPointee(Exp)))))
+                   arraySubscriptExpr(
+                       hasBaseConservative(canResolveToExprPointee(Exp)))))
               .bind(NodeID<Expr>::value))),
       Stm, Context);
   return findExprMutation(Matches);
diff --git a/clang/unittests/Analysis/ExprMutationAnalyzerTest.cpp b/clang/unittests/Analysis/ExprMutationAnalyzerTest.cpp
index cc277d56b37a2..720999207083d 100644
--- a/clang/unittests/Analysis/ExprMutationAnalyzerTest.cpp
+++ b/clang/unittests/Analysis/ExprMutationAnalyzerTest.cpp
@@ -870,6 +870,19 @@ TEST(ExprMutationAnalyzerTest, TemplateWithArrayToPointerDecay) {
   EXPECT_THAT(mutatedBy(ResultsY, AST.get()), ElementsAre("y"));
 }
 
+TEST(ExprMutationAnalyzerTest, T1) {
+  const auto AST = buildASTFromCodeWithArgs(
+      "template <class T> struct vector { T &operator[](int t); };"
+      "template <typename T> void func() {"
+      "  vector<int> x;"
+      "  x[T{}] = 3;"
+      "}",
+      {"-fno-delayed-template-parsing"});
+  const auto Results =
+      match(withEnclosingCompound(declRefTo("x")), AST->getASTContext());
+  EXPECT_TRUE(isMutated(Results, AST.get()));
+}
+
 // section: special case: all created references are non-mutating themself
 //          and therefore all become 'const'/the value is not modified!

@HerrCai0907
Merge remote-tracking branch 'origin/main' into 127776-clang-tidy-mis…
1356048 
…c-const-correctness-false-positive-for-map-insertion-with-key-from-templated-function
@HerrCai0907
Copy link
Contributor Author

ping

@HerrCai0907 HerrCai0907 merged commit 60afce2 into llvm:main Mar 2, 2025
12 checks passed
@HerrCai0907 HerrCai0907 deleted the 127776-clang-tidy-misc-const-correctness-false-positive-for-map-insertion-with-key-from-templated-function branch March 2, 2025 11:39
jph-13 pushed a commit to jph-13/llvm-project that referenced this pull request Mar 21, 2025
@HerrCai0907 @jph-13
[clang-tidy] fix fp when modifying variant by operator[] with tem…
3f8c3f6 
…plate in parameters (llvm#128407)

`ArraySubscriptExpr` can switch base and idx. For dependent array
subscript access, we should check both base and idx conservatively.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@PiotrZSL PiotrZSL Awaiting requested review from PiotrZSL

@Discookie Discookie Awaiting requested review from Discookie

@5chmidti 5chmidti Awaiting requested review from 5chmidti

Assignees
No one assigned
Labels
clang:analysis clang Clang issues not falling into any other category clang-tidy clang-tools-extra
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@HerrCai0907 @llvmbot