[PATCH] D105017: [analyzer] LValueToRValueBitCasts should evaluate to an r-value

Balázs Benics via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Mon Jun 28 05:48:57 PDT 2021 

steakhal created this revision.
steakhal added reviewers: NoQ, vsavchenko, martong, Szelethus, ASDenysPetrov.
Herald added subscribers: manas, dkrupp, donat.nagy, mikhail.ramalho, a.sidorin, rnkovacs, szepet, baloghadamsoftware, xazax.hun, whisperity.
steakhal requested review of this revision.
Herald added a project: clang.
Herald added a subscriber: cfe-commits.

Previously `LValueToRValueBitCast`s were modeled in the same way how
a regular `BitCast` was. However, this should not produce an l-value.
Modeling bitcasts accurately is tricky, so it's probably better to
model this expression by binding a fresh conjured value.

The following code should not result in a diagnostic:

    __attribute__((always_inline))
    static inline constexpr unsigned int_castf32_u32(float __A) {
  	return __builtin_bit_cast(unsigned int, __A); // no-warning
    }

Previously, it reported
`Address of stack memory associated with local variable '__A' returned to caller [core.StackAddressEscape]`.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D105017

Files:
  clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
  clang/test/Analysis/builtin_bitcast.cpp


Index: clang/test/Analysis/builtin_bitcast.cpp
===================================================================
--- /dev/null
+++ clang/test/Analysis/builtin_bitcast.cpp
@@ -0,0 +1,17 @@
+// RUN: %clang_analyze_cc1 -verify %s \
+// RUN:   -analyzer-checker=core,debug.ExprInspection
+
+template <typename T> void clang_analyzer_dump(T);
+
+__attribute__((always_inline)) static inline constexpr unsigned int _castf32_u32(float __A) {
+  return __builtin_bit_cast(unsigned int, __A); // no-warning
+}
+
+void test() {
+  _castf32_u32(42);
+
+  float f = 42;
+  unsigned int g = __builtin_bit_cast(unsigned int, f);
+  clang_analyzer_dump(g);
+  // expected-warning-re at -1{{{{^conj_\$[0-9]+{unsigned int, LC[0-9]+, S[0-9]+, #[0-9]+}}}}}
+}
Index: clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
+++ clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
@@ -380,7 +380,6 @@
       case CK_Dependent:
       case CK_ArrayToPointerDecay:
       case CK_BitCast:
-      case CK_LValueToRValueBitCast:
       case CK_AddressSpaceConversion:
       case CK_BooleanToSignedIntegral:
       case CK_IntegralToPointer:
@@ -538,6 +537,7 @@
         continue;
       }
       // Various C++ casts that are not handled yet.
+      case CK_LValueToRValueBitCast:
       case CK_ToUnion:
       case CK_VectorSplat: {
         state = handleLVectorSplat(state, LCtx, CastE, Bldr, Pred);


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D105017.354859.patch
Type: text/x-patch
Size: 1481 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20210628/3de14369/attachment.bin>

More information about the cfe-commits mailing list