================
@@ -155,21 +207,35 @@ void FactsGenerator::VisitUnaryOperator(const
UnaryOperator *UO) {
void FactsGenerator::VisitReturnStmt(const ReturnStmt *RS) {
if (const Expr *RetExpr = RS->getRetValue()) {
- if (hasOrigin(RetExpr)) {
- OriginID OID = FactMgr.getOriginMgr().getOrCreate(*RetExpr);
- EscapesInCurrentBlock.push_back(
- FactMgr.createFact<OriginEscapesFact>(OID, RetExpr));
- }
+ if (OriginTree *Tree = getTree(*RetExpr))
+ for (OriginTree *T = Tree; T; T = T->Pointee)
+ EscapesInCurrentBlock.push_back(
+ FactMgr.createFact<OriginEscapesFact>(T->OID, RetExpr));
}
}
void FactsGenerator::VisitBinaryOperator(const BinaryOperator *BO) {
- if (BO->isAssignmentOp())
- handleAssignment(BO->getLHS(), BO->getRHS());
+ if (BO->isCompoundAssignmentOp())
+ return;
+ if (BO->isAssignmentOp()) {
+ const Expr *LHSExpr = BO->getLHS();
+ const Expr *RHSExpr = BO->getRHS();
+
+ if (const auto *DRE_LHS =
+ dyn_cast<DeclRefExpr>(LHSExpr->IgnoreParenImpCasts())) {
+ OriginTree *LHSTree = getTree(*DRE_LHS);
+ OriginTree *RHSTree = getTree(*RHSExpr);
+ // TODO: Handle reference types.
+ markUseAsWrite(DRE_LHS);
+ // Kill the old loans of the destination origin and flow the new loans
+ // from the source origin.
+ flow(LHSTree->Pointee, RHSTree, /*Kill=*/true);
----------------
graphite-app[bot] wrote:
Missing null checks before dereferencing origin trees. Both `LHSTree` and
`RHSTree` could be null (if the expressions don't have origins), and
`LHSTree->Pointee` could also be null (for depth 1 trees). This will cause null
pointer dereferences.
```cpp
OriginTree *LHSTree = getTree(*DRE_LHS);
OriginTree *RHSTree = getTree(*RHSExpr);
if (!LHSTree || !RHSTree || !LHSTree->Pointee)
return; // or continue, depending on control flow
markUseAsWrite(DRE_LHS);
flow(LHSTree->Pointee, RHSTree, /*Kill=*/true);
```
```suggestion
if (const auto *DRE_LHS =
dyn_cast<DeclRefExpr>(LHSExpr->IgnoreParenImpCasts())) {
OriginTree *LHSTree = getTree(*DRE_LHS);
OriginTree *RHSTree = getTree(*RHSExpr);
if (!LHSTree || !RHSTree || !LHSTree->Pointee)
return;
// TODO: Handle reference types.
markUseAsWrite(DRE_LHS);
// Kill the old loans of the destination origin and flow the new loans
// from the source origin.
flow(LHSTree->Pointee, RHSTree, /*Kill=*/true);
```
*Spotted by [Graphite
Agent](https://app.graphite.com/diamond/?org=llvm&ref=ai-review-comment)*<i
class='graphite__hidden'><br /><br /><a
href="https://app.graphite.com/github/pr/llvm/llvm-project/168344?chatWithGeneratedComment=b1c5f64c-1588-48c3-9435-a96d04d39715";><picture><source
media="(prefers-color-scheme: dark)"
srcset="https://static.graphite.dev/github-diamond-fix-in-graphite-dark.svg";><source
media="(prefers-color-scheme: light)"
srcset="https://static.graphite.dev/github-diamond-fix-in-graphite-light.svg";><img
alt="Fix in Graphite"
src="https://static.graphite.dev/github-diamond-fix-in-graphite-dark.svg";></picture></a></i><i
class='graphite__hidden'><br /><br />Is this helpful? React đź‘Ť or đź‘Ž to let us
know.</i>
https://github.com/llvm/llvm-project/pull/168344
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
![https://static.graphite.dev/github-diamond-fix-in-graphite-dark.svg"](https://static.graphite.dev/github-diamond-fix-in-graphite-dark.svg"){kind=link}
![https://static.graphite.dev/github-diamond-fix-in-graphite-light.svg"](https://static.graphite.dev/github-diamond-fix-in-graphite-light.svg"){kind=link}