share initializer list modeling between VisitInitListExpr and VisitCXXParenListInitExpr

Author: a-tarasyuk

clang/include/clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h

@@ -594,6 +594,10 @@ class ExprEngine {
                                 ExplodedNode *Pred,
                                 ExplodedNodeSet &Dst);
 
+  void CreateInitializationList(const Expr *Source, ArrayRef<Expr *> Args,
+                                bool IsTransparent, ExplodedNode *Pred,
+                                ExplodedNodeSet &Dst);
+
   /// evalEagerlyAssumeBifurcation - Given the nodes in 'Src', eagerly assume
   /// concrete boolean values for 'Ex', storing the resulting nodes in 'Dst'.
   void evalEagerlyAssumeBifurcation(ExplodedNodeSet &Dst, ExplodedNodeSet &Src,

clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp

@@ -774,49 +774,7 @@ void ExprEngine::VisitLogicalExpr(const BinaryOperator* B, ExplodedNode *Pred,
 void ExprEngine::VisitInitListExpr(const InitListExpr *IE,
                                    ExplodedNode *Pred,
                                    ExplodedNodeSet &Dst) {
-  StmtNodeBuilder B(Pred, Dst, *currBldrCtx);
-
-  ProgramStateRef state = Pred->getState();
-  const LocationContext *LCtx = Pred->getLocationContext();
-  QualType T = getContext().getCanonicalType(IE->getType());
-  unsigned NumInitElements = IE->getNumInits();
-
-  if (!IE->isGLValue() && !IE->isTransparent() &&
-      (T->isArrayType() || T->isRecordType() || T->isVectorType() ||
-       T->isAnyComplexType())) {
-    llvm::ImmutableList<SVal> vals = getBasicVals().getEmptySValList();
-
-    // Handle base case where the initializer has no elements.
-    // e.g: static int* myArray[] = {};
-    if (NumInitElements == 0) {
-      SVal V = svalBuilder.makeCompoundVal(T, vals);
-      B.generateNode(IE, Pred, state->BindExpr(IE, LCtx, V));
-      return;
-    }
-
-    for (const Stmt *S : llvm::reverse(*IE)) {
-      SVal V = state->getSVal(cast<Expr>(S), LCtx);
-      vals = getBasicVals().prependSVal(V, vals);
-    }
-
-    B.generateNode(IE, Pred,
-                   state->BindExpr(IE, LCtx,
-                                   svalBuilder.makeCompoundVal(T, vals)));
-    return;
-  }
-
-  // Handle scalars: int{5} and int{} and GLvalues.
-  // Note, if the InitListExpr is a GLvalue, it means that there is an address
-  // representing it, so it must have a single init element.
-  assert(NumInitElements <= 1);
-
-  SVal V;
-  if (NumInitElements == 0)
-    V = getSValBuilder().makeZeroVal(T);
-  else
-    V = state->getSVal(IE->getInit(0), LCtx);
-
-  B.generateNode(IE, Pred, state->BindExpr(IE, LCtx, V));
+  CreateInitializationList(IE, IE->inits(), IE->isTransparent(), Pred, Dst);
 }
 
 void ExprEngine::VisitGuardedExpr(const Expr *Ex,
@@ -1197,3 +1155,36 @@ void ExprEngine::VisitIncrementDecrementOperator(const UnaryOperator* U,
   }
   Dst.insert(Dst2);
 }
+
+void ExprEngine::CreateInitializationList(const Expr *E, ArrayRef<Expr *> Args,
+                                          bool IsTransparent,
+                                          ExplodedNode *Pred,
+                                          ExplodedNodeSet &Dst) {
+  assert((isa<InitListExpr>(E) || isa<CXXParenListInitExpr>(E)) &&
+         "Expected InitListExpr or CXXParenListInitExpr");
+
+  const LocationContext *LC = Pred->getLocationContext();
+
+  StmtNodeBuilder B(Pred, Dst, *currBldrCtx);
+  ProgramStateRef S = Pred->getState();
+  QualType T = E->getType().getCanonicalType();
+
+  bool IsCompound =
+      E->isPRValue() && (T->isArrayType() || T->isRecordType() ||
+                         T->isAnyComplexType() || T->isVectorType());
+
+  if (Args.size() > 1 || (IsCompound && !IsTransparent)) {
+    llvm::ImmutableList<SVal> ArgList = getBasicVals().getEmptySValList();
+    for (Expr *E : llvm::reverse(Args))
+      ArgList = getBasicVals().prependSVal(S->getSVal(E, LC), ArgList);
+
+    B.generateNode(E, Pred,
+                   S->BindExpr(E, LC, svalBuilder.makeCompoundVal(T, ArgList)));
+  } else {
+    B.generateNode(E, Pred,
+                   S->BindExpr(E, LC,
+                               Args.size() == 0
+                                   ? getSValBuilder().makeZeroVal(T)
+                                   : S->getSVal(Args.front(), LC)));
+  }
+}

clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp

@@ -1237,27 +1237,6 @@ void ExprEngine::VisitAttributedStmt(const AttributedStmt *A,
 void ExprEngine::VisitCXXParenListInitExpr(const CXXParenListInitExpr *E,
                                            ExplodedNode *Pred,
                                            ExplodedNodeSet &Dst) {
-  const LocationContext *LC = Pred->getLocationContext();
-
-  StmtNodeBuilder Bldr(Pred, Dst, *currBldrCtx);
-  ProgramStateRef S = Pred->getState();
-
-  QualType T = E->getType().getCanonicalType();
-  ArrayRef<Expr *> Inits = E->getInitExprs();
-
-  if (Inits.size() > 1 ||
-      (E->isPRValue() && (T->isRecordType() || T->isArrayType()))) {
-    llvm::ImmutableList<SVal> ArgList = getBasicVals().getEmptySValList();
-    for (Expr *E : llvm::reverse(Inits))
-      ArgList = getBasicVals().prependSVal(S->getSVal(E, LC), ArgList);
-
-    Bldr.generateNode(
-        E, Pred, S->BindExpr(E, LC, svalBuilder.makeCompoundVal(T, ArgList)));
-  } else {
-    Bldr.generateNode(E, Pred,
-                      S->BindExpr(E, LC,
-                                  Inits.size() == 0
-                                      ? getSValBuilder().makeZeroVal(T)
-                                      : S->getSVal(Inits.front(), LC)));
-  }
+  CreateInitializationList(E, E->getInitExprs(), /*IsTransparent*/ false, Pred,
+                           Dst);
 }

clang/test/Analysis/div-zero-cxx20.cpp

@@ -26,27 +26,27 @@ struct E {
 };
 
 int t1() {
-  A a(42);
+  A a{42};
   return 1 / (a.x - 42); // expected-warning {{Division by zero}}
 }
 
 int t2() {
-  B b;
+  B b{};
   return 1 / b.x; // expected-warning {{Division by zero}}
 }
 
 int t3() {
-  C c1(1, -1);
+  C c1{1, -1};
   return 1 / (c1.x + c1.y); // expected-warning {{Division by zero}}
 }
 
 int t4() {
-  C c2(0, 0);
+  C c2{0, 0};
   return 1 / (c2.x + c2.y); // expected-warning {{Division by zero}}
 }
 
 int t5() {
-  E e = 32;
+  E e{32};
   return 1 / (e.d.x - 32); // expected-warning {{Division by zero}}
 }
 } // namespace GH148875

clang/test/Analysis/div-zero.cpp

@@ -11,3 +11,54 @@ int fooPR10616 (int qX ) {
   return (a % (qX-1)); // expected-warning {{Division by zero}}
 
 }
+
+namespace GH148875 {
+  struct A {
+  int x;
+  A(int v) : x(v) {}
+};
+
+struct B {
+  int x;
+  B() : x(0) {}
+};
+
+struct C {
+  int x, y;
+  C(int a, int b) : x(a), y(b) {}
+};
+
+struct D {
+  int x;
+};
+
+struct E {
+  D d;
+  E(int a) : d{a} {}
+};
+
+int t1() {
+  A a{42};
+  return 1 / (a.x - 42); // expected-warning {{Division by zero}}
+}
+
+int t2() {
+  B b{};
+  return 1 / b.x; // expected-warning {{Division by zero}}
+}
+
+int t3() {
+  C c1{1, -1};
+  return 1 / (c1.x + c1.y); // expected-warning {{Division by zero}}
+}
+
+int t4() {
+  C c2{0, 0};
+  return 1 / (c2.x + c2.y); // expected-warning {{Division by zero}}
+}
+
+int t5() {
+  E e{32};
+  return 1 / (e.d.x - 32); // expected-warning {{Division by zero}}
+}
+}