Skip to content

[FlowSensitive] [StatusOr] [9/N] Make sure all StatusOr are initialized #163898

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 19 commits into from
Oct 27, 2025
Merged

[FlowSensitive] [StatusOr] [9/N] Make sure all StatusOr are initialized #163898

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
699d992
[𝘀𝗽𝗿] initial version
fmayer Oct 17, 2025
c5f05cf
[𝘀𝗽𝗿] changes to main this commit is based on
fmayer Oct 17, 2025
d2cabb8
leftover
fmayer Oct 17, 2025
6231f33
[𝘀𝗽𝗿] changes introduced through rebase
fmayer Oct 17, 2025
9ef0b79
rebase
fmayer Oct 17, 2025
f887c52
[𝘀𝗽𝗿] changes introduced through rebase
fmayer Oct 17, 2025
f7b14d4
rebase
fmayer Oct 17, 2025
a3136f1
[𝘀𝗽𝗿] changes introduced through rebase
fmayer Oct 17, 2025
cdcac11
rebase
fmayer Oct 17, 2025
87a1aa7
[𝘀𝗽𝗿] changes introduced through rebase
fmayer Oct 20, 2025
6fa1890
rebase
fmayer Oct 20, 2025
14d4fd0
[𝘀𝗽𝗿] changes introduced through rebase
fmayer Oct 22, 2025
55b0246
rebase
fmayer Oct 22, 2025
e869960
[𝘀𝗽𝗿] changes introduced through rebase
fmayer Oct 22, 2025
34bf7b2
reb
fmayer Oct 22, 2025
9307cf7
[𝘀𝗽𝗿] changes introduced through rebase
fmayer Oct 23, 2025
e7071a8
rebase
fmayer Oct 23, 2025
7fce0ce
[𝘀𝗽𝗿] changes introduced through rebase
fmayer Oct 27, 2025
e286f8e
rebaes
fmayer Oct 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 39 additions & 0 deletions clang/lib/Analysis/FlowSensitive/Models/UncheckedStatusOrAccessModel.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -202,6 +202,16 @@ static auto isStatusOrValueConstructor() {
"std::in_place_t"))))));
}

static auto isStatusOrConstructor() {
using namespace ::clang::ast_matchers; // NOLINT: Too many names
return cxxConstructExpr(hasType(statusOrType()));
}

static auto isStatusConstructor() {
using namespace ::clang::ast_matchers; // NOLINT: Too many names
return cxxConstructExpr(hasType(statusType()));
}

static auto
buildDiagnoseMatchSwitch(const UncheckedStatusOrAccessModelOptions &Options) {
return CFGMatchSwitchBuilder<const Environment,
Expand Down Expand Up @@ -574,6 +584,25 @@ static void transferValueConstructor(const CXXConstructExpr *Expr,
State.Env.assume(OkVal.formula());
}

static void transferStatusOrConstructor(const CXXConstructExpr *Expr,
const MatchFinder::MatchResult &,
LatticeTransferState &State) {
RecordStorageLocation &StatusOrLoc = State.Env.getResultObjectLocation(*Expr);
RecordStorageLocation &StatusLoc = locForStatus(StatusOrLoc);

if (State.Env.getValue(locForOk(StatusLoc)) == nullptr)
initializeStatusOr(StatusOrLoc, State.Env);
}

static void transferStatusConstructor(const CXXConstructExpr *Expr,
const MatchFinder::MatchResult &,
LatticeTransferState &State) {
RecordStorageLocation &StatusLoc = State.Env.getResultObjectLocation(*Expr);

if (State.Env.getValue(locForOk(StatusLoc)) == nullptr)
initializeStatus(StatusLoc, State.Env);
}

CFGMatchSwitch<LatticeTransferState>
buildTransferMatchSwitch(ASTContext &Ctx,
CFGMatchSwitchBuilder<LatticeTransferState> Builder) {
Expand Down Expand Up @@ -623,6 +652,16 @@ buildTransferMatchSwitch(ASTContext &Ctx,
transferValueAssignmentCall)
.CaseOfCFGStmt<CXXConstructExpr>(isStatusOrValueConstructor(),
transferValueConstructor)
// N.B. These need to come after all other CXXConstructExpr.
// These are there to make sure that every Status and StatusOr object
// have their ok boolean initialized when constructed. If we were to
// lazily initialize them when we first access them, we can produce
// false positives if that first access is in a control flow statement.
// You can comment out these two constructors and see tests fail.
.CaseOfCFGStmt<CXXConstructExpr>(isStatusOrConstructor(),
transferStatusOrConstructor)
.CaseOfCFGStmt<CXXConstructExpr>(isStatusConstructor(),
transferStatusConstructor)
.Build();
}

Expand Down
39 changes: 39 additions & 0 deletions clang/unittests/Analysis/FlowSensitive/UncheckedStatusOrAccessModelTestFixture.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3147,6 +3147,45 @@ TEST_P(UncheckedStatusOrAccessModelTest, InPlaceConstruct) {
)cc");
}

TEST_P(UncheckedStatusOrAccessModelTest, ConstructStatusOrFromReference) {
ExpectDiagnosticsFor(R"cc(
#include "unchecked_statusor_access_test_defs.h"
void target() {
const auto sor1 = Make<STATUSOR_INT&>();
const auto sor2 = Make<STATUSOR_INT&>();
if (!sor1.ok() && !sor2.ok()) return;
if (sor1.ok() && !sor2.ok()) {
} else if (!sor1.ok() && sor2.ok()) {
} else {
sor1.value();
sor2.value();
}
}
)cc");
}

TEST_P(UncheckedStatusOrAccessModelTest, ConstructStatusFromReference) {
ExpectDiagnosticsFor(R"cc(
#include "unchecked_statusor_access_test_defs.h"

void target() {
const auto sor1 = Make<STATUSOR_INT&>();
const auto sor2 = Make<STATUSOR_INT&>();
const auto s1 = Make<STATUS&>();
const auto s2 = Make<STATUS&>();

if (!s1.ok() && !s2.ok()) return;
if (s1.ok() && !s2.ok()) {
} else if (!s1.ok() && s2.ok()) {
} else {
if (s1 != sor1.status() || s2 != sor2.status()) return;
sor1.value();
sor2.value();
}
}
)cc");
}

} // namespace

std::string
Expand Down
Loading