[clang][analyzer] Fix InvalidatedIterator crash caused by overload operator member function with explicit this (#132581)

Fixes #116372 From this PR #83585, CSA starts to model overload operator member function with explicit this as `SimpleFunctionCall` rather than `CXXMemberOperatorCall` (derived from `CXXInstanceCall`), so `CXXInstanceCall` only represents a non-static C++ member function call `with implicit this`. For this checker, it models `operator=` for STL containers, which always uses implicit this, so the situation using explicit this can be skipped directly.
2026-01-20 10:58:11 +08:00 · 2025-03-24 20:51:11 +08:00
parent ef56f4b5a0
commit e60fe2e584
2 changed files with 29 additions and 3 deletions
--- a/clang/lib/StaticAnalyzer/Checkers/ContainerModeling.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/ContainerModeling.cpp
@@ -157,8 +157,11 @@ void ContainerModeling::checkPostCall(const CallEvent &Call,
  if (Func->isOverloadedOperator()) {
    const auto Op = Func->getOverloadedOperator();
    if (Op == OO_Equal) {
-      // Overloaded 'operator=' must be a non-static member function.
-      const auto *InstCall = cast<CXXInstanceCall>(&Call);
+      // Only handle the assignment operator with implicit this
+      const auto *InstCall = dyn_cast<CXXInstanceCall>(&Call);
+      if (!InstCall)
+        return;
+
      if (cast<CXXMethodDecl>(Func)->isMoveAssignmentOperator()) {
        handleAssignment(C, InstCall->getCXXThisVal(), Call.getOriginExpr(),
                     Call.getArgSVal(0));
--- a/clang/test/Analysis/invalidated-iterator.cpp
+++ b/clang/test/Analysis/invalidated-iterator.cpp
@@ -1,5 +1,6 @@
 // RUN: %clang_analyze_cc1 -std=c++11 -analyzer-checker=core,cplusplus,alpha.cplusplus.InvalidatedIterator -analyzer-config aggressive-binary-operation-simplification=true -analyzer-config c++-container-inlining=false %s -verify
 // RUN: %clang_analyze_cc1 -std=c++11 -analyzer-checker=core,cplusplus,alpha.cplusplus.InvalidatedIterator -analyzer-config aggressive-binary-operation-simplification=true -analyzer-config c++-container-inlining=true -DINLINE=1 %s -verify
+// RUN: %clang_analyze_cc1 -std=c++23 -analyzer-checker=core,cplusplus,alpha.cplusplus.InvalidatedIterator -analyzer-config aggressive-binary-operation-simplification=true -analyzer-config c++-container-inlining=true -DINLINE=1 %s -verify

 #include "Inputs/system-header-simulator-cxx.h"

@@ -204,4 +205,26 @@ void invalidated_subscript_end_ptr_iterator(cont_with_ptr_iterator<int> &C) {
  auto i = C.begin();
  C.erase(i);
  (void) i[1]; // expected-warning{{Invalidated iterator accessed}}
-}
+}
+
+#if __cplusplus >= 202302L
+namespace GH116372 {
+  class ExplicitThis {
+    int f = 0;
+  public:
+    ExplicitThis();
+    ExplicitThis(ExplicitThis& other);
+  
+    ExplicitThis& operator=(this ExplicitThis& self, ExplicitThis const& other) { // no crash
+      self.f = other.f;
+      return self;
+    }
+  
+    ~ExplicitThis();
+  };
+  
+  void func(ExplicitThis& obj1) {
+      obj1 = obj1;
+  }
+}
+#endif