[flang] Fix crash in error recovery

[klausler]

When a TYPE(*) dummy argument is erroneously used as a component value in a structure constructor, semantics crashes if the structure constructor had been initially parsed as a potential function reference. Clean out stale typed expressions when reanalyzing the reconstructed parse subtree to ensure that errors are caught the next time around.

[llvmbot]

@llvm/pr-subscribers-flang-semantics

Author: Peter Klausler (klausler)

Changes

When a TYPE(*) dummy argument is erroneously used as a component value in a structure constructor, semantics crashes if the structure constructor had been initially parsed as a potential function reference. Clean out stale typed expressions when reanalyzing the reconstructed parse subtree to ensure that errors are caught the next time around.

---

Full diff: https://github.com/llvm/llvm-project/pull/140768.diff

2 Files Affected:

• (modified) flang/lib/Semantics/expression.cpp (+5-1)
• (added) flang/test/Semantics/bug869.f90 (+10)

diff --git a/flang/lib/Semantics/expression.cpp b/flang/lib/Semantics/expression.cpp
index b3ad608ee6744..d68e71f57f141 100644
--- a/flang/lib/Semantics/expression.cpp
+++ b/flang/lib/Semantics/expression.cpp
@@ -3376,6 +3376,10 @@ MaybeExpr ExpressionAnalyzer::Analyze(const parser::FunctionReference &funcRef,
         auto &mutableRef{const_cast<parser::FunctionReference &>(funcRef)};
         *structureConstructor =
             mutableRef.ConvertToStructureConstructor(type.derivedTypeSpec());
+        // Don't use saved typed expressions left over from argument
+        // analysis; they might not be valid structure components
+        // (e.g., a TYPE(*) argument)
+        auto restorer{DoNotUseSavedTypedExprs()};
         return Analyze(structureConstructor->value());
       }
     }
@@ -4058,7 +4062,7 @@ MaybeExpr ExpressionAnalyzer::ExprOrVariable(
       // first to be sure.
       std::optional<parser::StructureConstructor> ctor;
       result = Analyze(funcRef->value(), &ctor);
-      if (result && ctor) {
+      if (ctor) {
         // A misparsed function reference is really a structure
         // constructor.  Repair the parse tree in situ.
         const_cast<PARSED &>(x).u = std::move(*ctor);
diff --git a/flang/test/Semantics/bug869.f90 b/flang/test/Semantics/bug869.f90
new file mode 100644
index 0000000000000..ddc7dffcc2fa4
--- /dev/null
+++ b/flang/test/Semantics/bug869.f90
@@ -0,0 +1,10 @@
+! RUN: %python %S/test_errors.py %s %flang_fc1
+! Regression test for crash
+subroutine sub(xx)
+  type(*) :: xx
+  type ty
+  end type
+  type(ty) obj
+  !ERROR: TYPE(*) dummy argument may only be used as an actual argument
+  obj = ty(xx)
+end