Support for more smart-pointer-like class caching (classes with * and -> returning the expected type)

Use the smart pointer caching utilities (matcher and transfer function) from clang::dataflow (llvm/llvm-project#120249) to handle some more accessor caching cases.

This is similar to the `transferValue_OptionalOperatorArrowCall` in that it can treat the non-const overload as const, but it also allows mixing the operator * vs -> vs value() between the check and the deref. It also handles more classes like absl::StatusOr.

Change the test stub in `OptionalOperatorArrowCall` a bit, because the heuristic for matching smart pointers classes requires `*` and `->` (which the real version of std::optional would have).

PiperOrigin-RevId: 718973436
Change-Id: I1bdf3061ce5658e38e7f6b0225bdbed512ccc301

Author: Googler

bazel/llvm.bzl

@@ -53,7 +53,7 @@ def _llvm_loader_repository(repository_ctx):
             executable = False,
         )
 
-LLVM_COMMIT_SHA = "c6e7b4a61ab8718d9ac9d1d32f7d2d0cd0b19a7f"
+LLVM_COMMIT_SHA = "4f26edd5e9eb3b6cea19e15ca8fb2c8416b82fa8"
 
 def llvm_loader_repository_dependencies():
     # This *declares* the dependency, but it won't actually be *downloaded* unless it's used.

nullability/pointer_nullability_analysis.cc

@@ -40,6 +40,7 @@
 #include "clang/Analysis/FlowSensitive/Formula.h"
 #include "clang/Analysis/FlowSensitive/MatchSwitch.h"
 #include "clang/Analysis/FlowSensitive/RecordOps.h"
+#include "clang/Analysis/FlowSensitive/SmartPointerAccessorCaching.h"
 #include "clang/Analysis/FlowSensitive/StorageLocation.h"
 #include "clang/Analysis/FlowSensitive/Value.h"
 #include "clang/Basic/Builtins.h"
@@ -1245,6 +1246,19 @@ void transferValue_AccessorCall(
   }
 }
 
+std::function<void(StorageLocation &)>
+initCallbackForStorageLocationIfSmartPointer(absl::Nonnull<const CallExpr *> CE,
+                                             dataflow::Environment &Env) {
+  if (!isSupportedSmartPointerType(CE->getType()))
+    return [](StorageLocation &Loc) {};
+  return [CE, &Env](StorageLocation &Loc) {
+    setSmartPointerValue(cast<RecordStorageLocation>(Loc),
+                         cast<PointerValue>(Env.createValue(
+                             underlyingRawPointerType(CE->getType()))),
+                         Env);
+  };
+}
+
 void handleConstMemberCall(
     absl::Nonnull<const CallExpr *> CE,
     absl::Nullable<dataflow::RecordStorageLocation *> RecordLoc,
@@ -1257,13 +1271,8 @@ void handleConstMemberCall(
   if (RecordLoc != nullptr && isSupportedSmartPointerType(CE->getType())) {
     StorageLocation *Loc =
         State.Lattice.getOrCreateConstMethodReturnStorageLocation(
-            *RecordLoc, CE, State.Env, [&](StorageLocation &Loc) {
-              setSmartPointerValue(
-                  cast<RecordStorageLocation>(Loc),
-                  cast<PointerValue>(State.Env.createValue(
-                      underlyingRawPointerType(CE->getType()))),
-                  State.Env);
-            });
+            *RecordLoc, CE, State.Env,
+            initCallbackForStorageLocationIfSmartPointer(CE, State.Env));
     if (Loc == nullptr) return;
 
     if (CE->isGLValue()) {
@@ -1316,18 +1325,6 @@ void transferValue_ConstMemberOperatorCall(
   handleConstMemberCall(OCE, RecordLoc, Result, State);
 }
 
-void transferValue_OptionalOperatorArrowCall(
-    absl::Nonnull<const CXXOperatorCallExpr *> OCE,
-    const MatchFinder::MatchResult &Result,
-    TransferState<PointerNullabilityLattice> &State) {
-  auto *RecordLoc = cast_or_null<dataflow::RecordStorageLocation>(
-      State.Env.getStorageLocation(*OCE->getArg(0)));
-  // `optional::operator->` isn't necessarily const, but it behaves the way we
-  // model "const member calls": It always returns the same pointer if the
-  // optional wasn't mutated in the meantime.
-  handleConstMemberCall(OCE, RecordLoc, Result, State);
-}
-
 void handleNonConstMemberCall(absl::Nonnull<const CallExpr *> CE,
                               dataflow::RecordStorageLocation *RecordLoc,
                               const MatchFinder::MatchResult &Result,
@@ -1841,13 +1838,50 @@ auto buildValueTransferer() {
                                         transferValue_WeakPtrLockCall)
       .CaseOfCFGStmt<CXXMemberCallExpr>(isSupportedPointerAccessorCall(),
                                         transferValue_AccessorCall)
+      .CaseOfCFGStmt<CXXOperatorCallExpr>(
+          dataflow::isSmartPointerLikeOperatorStar(),
+          [](const CXXOperatorCallExpr *CE,
+             const MatchFinder::MatchResult &Result,
+             TransferState<PointerNullabilityLattice> &State) {
+            auto *RecordLoc = cast_or_null<dataflow::RecordStorageLocation>(
+                State.Env.getStorageLocation(*CE->getArg(0)));
+            dataflow::transferSmartPointerLikeCachedDeref(
+                CE, RecordLoc, State,
+                initCallbackForStorageLocationIfSmartPointer(CE, State.Env));
+          })
+      .CaseOfCFGStmt<CXXOperatorCallExpr>(
+          dataflow::isSmartPointerLikeOperatorArrow(),
+          [](const CXXOperatorCallExpr *CE,
+             const MatchFinder::MatchResult &Result,
+             TransferState<PointerNullabilityLattice> &State) {
+            auto *RecordLoc = cast_or_null<dataflow::RecordStorageLocation>(
+                State.Env.getStorageLocation(*CE->getArg(0)));
+            dataflow::transferSmartPointerLikeCachedGet(
+                CE, RecordLoc, State,
+                initCallbackForStorageLocationIfSmartPointer(CE, State.Env));
+          })
+      .CaseOfCFGStmt<CXXMemberCallExpr>(
+          dataflow::isSmartPointerLikeValueMethodCall(),
+          [](const CXXMemberCallExpr *CE,
+             const MatchFinder::MatchResult &Result,
+             TransferState<PointerNullabilityLattice> &State) {
+            dataflow::transferSmartPointerLikeCachedDeref(
+                CE, getImplicitObjectLocation(*CE, State.Env), State,
+                initCallbackForStorageLocationIfSmartPointer(CE, State.Env));
+          })
+      .CaseOfCFGStmt<CXXMemberCallExpr>(
+          dataflow::isSmartPointerLikeGetMethodCall(),
+          [](const CXXMemberCallExpr *CE,
+             const MatchFinder::MatchResult &Result,
+             TransferState<PointerNullabilityLattice> &State) {
+            dataflow::transferSmartPointerLikeCachedGet(
+                CE, getImplicitObjectLocation(*CE, State.Env), State,
+                initCallbackForStorageLocationIfSmartPointer(CE, State.Env));
+          })
       .CaseOfCFGStmt<CXXMemberCallExpr>(isZeroParamConstMemberCall(),
                                         transferValue_ConstMemberCall)
       .CaseOfCFGStmt<CXXOperatorCallExpr>(isZeroParamConstMemberOperatorCall(),
                                           transferValue_ConstMemberOperatorCall)
-      .CaseOfCFGStmt<CXXOperatorCallExpr>(
-          isOptionalOperatorArrowCall(),
-          transferValue_OptionalOperatorArrowCall)
       .CaseOfCFGStmt<CXXMemberCallExpr>(isNonConstMemberCall(),
                                         transferValue_NonConstMemberCall)
       .CaseOfCFGStmt<CXXOperatorCallExpr>(

nullability/pointer_nullability_matchers.cc

@@ -118,13 +118,6 @@ Matcher<Stmt> isZeroParamConstMemberOperatorCall() {
       callee(cxxMethodDecl(parameterCountIs(0), isConst())));
 }
 
-Matcher<Stmt> isOptionalOperatorArrowCall() {
-  return cxxOperatorCallExpr(
-      hasOverloadedOperatorName("->"),
-      callee(cxxMethodDecl(ofClass(hasAnyName(
-          "::std::optional", "::absl::optional", "::folly::Optional")))));
-}
-
 Matcher<Stmt> isNonConstMemberCall() {
   return cxxMemberCallExpr(callee(cxxMethodDecl(unless(isConst()))));
 }

nullability/pointer_nullability_matchers.h

@@ -51,7 +51,6 @@ ast_matchers::internal::Matcher<Stmt> isPointerReturn();
 ast_matchers::internal::Matcher<CXXCtorInitializer> isCtorMemberInitializer();
 ast_matchers::internal::Matcher<Stmt> isZeroParamConstMemberCall();
 ast_matchers::internal::Matcher<Stmt> isZeroParamConstMemberOperatorCall();
-ast_matchers::internal::Matcher<Stmt> isOptionalOperatorArrowCall();
 ast_matchers::internal::Matcher<Stmt> isNonConstMemberCall();
 ast_matchers::internal::Matcher<Stmt> isNonConstMemberOperatorCall();
 ast_matchers::internal::Matcher<Stmt> isSmartPointerArrowMemberExpr();

nullability/pointer_nullability_matchers_test.cc

@@ -159,62 +159,5 @@ TEST(PointerNullabilityTest, MatchSmartPointerBoolConversionCall) {
               isSmartPointerBoolConversionCall()));
 }
 
-TEST(PointerNullabilityTest, MatchOptionalOperatorArrowCall) {
-  llvm::StringRef Input(R"cc(
-    namespace std {
-    template <class T>
-    struct optional {
-      T* operator->();
-      T& operator*();
-    };
-    }  // namespace std
-
-    namespace absl {
-    template <class T>
-    struct optional {
-      T* operator->();
-    };
-    }  // namespace absl
-
-    namespace folly {
-    template <class T>
-    struct Optional {
-      T* operator->();
-    };
-    }  // namespace folly
-
-    // Lots of libraries that used to define their own optional now make it an
-    // alias for `std::optional`, so we want to support this too.
-    template <class T>
-    using StdOptionalAlias = std::optional<T>;
-
-    template <class T>
-    struct optional {
-      T* operator->();
-    };
-
-    struct S {
-      int i;
-    };
-  )cc");
-
-  EXPECT_TRUE(matches(Input, "void target(std::optional<S> o){ o->i; }",
-                      isOptionalOperatorArrowCall()));
-  EXPECT_TRUE(matches(Input, "void target(absl::optional<S> o){ o->i; }",
-                      isOptionalOperatorArrowCall()));
-  EXPECT_TRUE(matches(Input, "void target(folly::Optional<S> o){ o->i; }",
-                      isOptionalOperatorArrowCall()));
-  EXPECT_TRUE(matches(Input, "void target(StdOptionalAlias<S> o){ o->i; }",
-                      isOptionalOperatorArrowCall()));
-
-  // Not one of the supported optional classes.
-  EXPECT_FALSE(matches(Input, "void target(optional<S> o){ o->i; }",
-                       isOptionalOperatorArrowCall()));
-
-  // Not `operator->`.
-  EXPECT_FALSE(matches(Input, "void target(std::optional<S> o){ *o; }",
-                       isOptionalOperatorArrowCall()));
-}
-
 }  // namespace
 }  // namespace clang::tidy::nullability

nullability/test/function_calls.cc

@@ -1106,7 +1106,7 @@ TEST(PointerNullabilityTest, NonConstMethodClearsPointerMembersInExpr) {
   )cc"));
 }
 
-TEST(PointerNullabilityTest, OptionalOperatorArrowCall) {
+TEST(PointerNullabilityTest, OptionalOperatorArrowAndStarCall) {
   // Check that repeated accesses to a pointer behind an optional are considered
   // to yield the same pointer -- but only if the optional is not modified in
   // the meantime.
@@ -1116,6 +1116,9 @@ TEST(PointerNullabilityTest, OptionalOperatorArrowCall) {
     struct optional {
       bool has_value() const;
       T* operator->();
+      const T* operator->() const;
+      const T& operator*() const;
+      const T& value() const;
     };
     }  // namespace std
 
@@ -1128,13 +1131,52 @@ TEST(PointerNullabilityTest, OptionalOperatorArrowCall) {
       *opt1->p;  // [[unsafe]]
       if (opt1->p != nullptr) {
         *opt1->p;
+        *((*opt1).p);
+        *(opt1.value().p);
         opt1 = opt2;
         *opt1->p;  // [[unsafe]]
       }
     }
   )cc"));
 }
 
+TEST(PointerNullabilityTest, StatusOrOperatorArrowAndStarCall) {
+  // Check that repeated accesses to a pointer behind a StatusOr (or similar
+  // smart pointer-like class) are considered to yield the same pointer --
+  // but only if it is not modified in the meantime.
+  EXPECT_TRUE(checkDiagnostics(R"cc(
+    namespace absl {
+    template <typename T>
+    class StatusOr {
+     public:
+      bool ok() const;
+      const T& operator*() const&;
+      T& operator*() &;
+      const T* operator->() const;
+      T* operator->();
+      const T& value() const;
+      T& value();
+    };
+    }  // namespace absl
+
+    struct S {
+      int* _Nullable p;
+    };
+
+    void target(absl::StatusOr<S> sor1, absl::StatusOr<S> sor2) {
+      if (!sor1.ok() || !sor2.ok()) return;
+      *sor1->p;  // [[unsafe]]
+      if (sor1->p != nullptr) {
+        *sor1->p;
+        *((*sor1).p);
+        *(sor1.value().p);
+        sor1 = sor2;
+        *sor1->p;  // [[unsafe]]
+      }
+    }
+  )cc"));
+}
+
 TEST(PointerNullabilityTest, FieldUndefinedValue) {
   EXPECT_TRUE(checkDiagnostics(R"cc(
     struct C {