[clang][analyzer] Fix InvalidatedIterator crash caused by overload operator member function with explicit this (#132581)

flovent · web-flow · commit e60fe2e58402 · 2025-03-24T13:51:11.000+01:00
Fixes #116372 From this PR #83585, CSA starts to model overload operator member function with explicit this as `SimpleFunctionCall` rather than `CXXMemberOperatorCall` (derived from `CXXInstanceCall`), so `CXXInstanceCall` only represents a non-static C++ member function call `with implicit this`. For this checker, it models `operator=` for STL containers, which always uses implicit this, so the situation using explicit this can be skipped directly.
diff --git a/clang/lib/StaticAnalyzer/Checkers/ContainerModeling.cpp b/clang/lib/StaticAnalyzer/Checkers/ContainerModeling.cpp
@@ -157,8 +157,11 @@ void ContainerModeling::checkPostCall(const CallEvent &Call,
   if (Func->isOverloadedOperator()) {
     const auto Op = Func->getOverloadedOperator();
     if (Op == OO_Equal) {
-      // Overloaded 'operator=' must be a non-static member function.
-      const auto *InstCall = cast<CXXInstanceCall>(&Call);
+      // Only handle the assignment operator with implicit this
+      const auto *InstCall = dyn_cast<CXXInstanceCall>(&Call);
+      if (!InstCall)
+        return;
+
       if (cast<CXXMethodDecl>(Func)->isMoveAssignmentOperator()) {
         handleAssignment(C, InstCall->getCXXThisVal(), Call.getOriginExpr(),
                      Call.getArgSVal(0));
diff --git a/clang/test/Analysis/invalidated-iterator.cpp b/clang/test/Analysis/invalidated-iterator.cpp
@@ -1,5 +1,6 @@
 // RUN: %clang_analyze_cc1 -std=c++11 -analyzer-checker=core,cplusplus,alpha.cplusplus.InvalidatedIterator -analyzer-config aggressive-binary-operation-simplification=true -analyzer-config c++-container-inlining=false %s -verify
 // RUN: %clang_analyze_cc1 -std=c++11 -analyzer-checker=core,cplusplus,alpha.cplusplus.InvalidatedIterator -analyzer-config aggressive-binary-operation-simplification=true -analyzer-config c++-container-inlining=true -DINLINE=1 %s -verify
+// RUN: %clang_analyze_cc1 -std=c++23 -analyzer-checker=core,cplusplus,alpha.cplusplus.InvalidatedIterator -analyzer-config aggressive-binary-operation-simplification=true -analyzer-config c++-container-inlining=true -DINLINE=1 %s -verify
 
 #include "Inputs/system-header-simulator-cxx.h"
 
@@ -204,4 +205,26 @@ void invalidated_subscript_end_ptr_iterator(cont_with_ptr_iterator<int> &C) {
   auto i = C.begin();
   C.erase(i);
   (void) i[1]; // expected-warning{{Invalidated iterator accessed}}
-}
+}
+
+#if __cplusplus >= 202302L
+namespace GH116372 {
+  class ExplicitThis {
+    int f = 0;
+  public:
+    ExplicitThis();
+    ExplicitThis(ExplicitThis& other);
+  
+    ExplicitThis& operator=(this ExplicitThis& self, ExplicitThis const& other) { // no crash
+      self.f = other.f;
+      return self;
+    }
+  
+    ~ExplicitThis();
+  };
+  
+  void func(ExplicitThis& obj1) {
+      obj1 = obj1;
+  }
+}
+#endif
