check member narrowing in isExprNullable for nonnull argument passing

Author: cs01

clang/lib/Analysis/FlowNullability.cpp

@@ -1294,6 +1294,18 @@ class TransferFunctions {
       if (const auto *VD = dyn_cast<VarDecl>(DRE->getDecl()))
         return isVarNullable(VD);
     }
+    // Member narrowing: this->member or var.member narrowed by null check
+    if (const auto *ME = dyn_cast<MemberExpr>(E)) {
+      if (const auto *FD = dyn_cast<FieldDecl>(ME->getMemberDecl())) {
+        const Expr *Base = ME->getBase()->IgnoreParenImpCasts();
+        if (isa<CXXThisExpr>(Base) && isThisMemberNarrowed(FD))
+          return false;
+        if (const auto *BaseDRE = dyn_cast<DeclRefExpr>(Base))
+          if (const auto *BaseVD = dyn_cast<VarDecl>(BaseDRE->getDecl()))
+            if (isMemberNarrowed(BaseVD, FD))
+              return false;
+      }
+    }
     // For non-variable expressions, fall back to type-based check
     if (isNullableType(E->getType(), StrictMode, DefaultNullability))
       return true;

clang/test/SemaCXX/flow-nullability-adoption.cpp

@@ -367,6 +367,18 @@ struct MemberNarrowObj {
         if (arr == nullptr) return;
         (void)arr[getMember()]; // OK - function call as index doesn't affect base narrowing
     }
+
+    // Passing narrowed member to _Nonnull parameter
+    static void accept_nonnull(int * _Nonnull p);
+    void test_member_nonnull_arg_after_check() {
+        if (arr == nullptr) return;
+        accept_nonnull(arr); // OK - member narrowed, safe to pass to _Nonnull
+    }
+
+    void test_member_nonnull_arg_no_check() {
+        accept_nonnull(arr); // expected-warning {{nullable pointer}} \
+                             // expected-note {{add a null check}}
+    }
 };
 
 // --- sizeof/alignof don't dereference ---