[PATCH] D105017: [analyzer] LValueToRValueBitCasts should evaluate to an r-value

Balázs Benics via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Tue Jun 29 07:58:15 PDT 2021 

steakhal updated this revision to Diff 355245.
steakhal marked an inline comment as done.
steakhal added a comment.

Evaluate `LValueToRValueBitCast`s the same way as we evaluate `LValueToRValue` casts.
Extended the tests accordingly.

Thanks for the hint @NoQ!
It looks much better now.


CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D105017/new/

https://reviews.llvm.org/D105017

Files:
  clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
  clang/test/Analysis/builtin_bitcast.cpp


Index: clang/test/Analysis/builtin_bitcast.cpp
===================================================================
--- /dev/null
+++ clang/test/Analysis/builtin_bitcast.cpp
@@ -0,0 +1,32 @@
+// RUN: %clang_analyze_cc1 -triple x86_64-unknown-unknown -verify %s \
+// RUN:   -analyzer-checker=core,debug.ExprInspection
+
+template <typename T> void clang_analyzer_dump(T);
+
+__attribute__((always_inline)) static inline constexpr unsigned int _castf32_u32(float __A) {
+  return __builtin_bit_cast(unsigned int, __A); // no-warning
+}
+
+void test(int i) {
+  _castf32_u32(42);
+
+  float f = 42;
+
+  // Loading from a floating point value results in unknown,
+  // which later materializes as a conjured value.
+  auto g = __builtin_bit_cast(unsigned int, f);
+  clang_analyzer_dump(g);
+  // expected-warning-re at -1 {{{{^conj_\$[0-9]+{unsigned int,}}}}
+
+  auto g2 = __builtin_bit_cast(unsigned int, 42.0f);
+  clang_analyzer_dump(g2);
+  // expected-warning-re at -1 {{{{^conj_\$[0-9]+{unsigned int,}}}}
+
+  auto g3 = __builtin_bit_cast(unsigned int, i);
+  clang_analyzer_dump(g3);
+  // expected-warning-re at -1 {{{{^reg_\$[0-9]+<int i>}}}}
+
+  auto g4 = __builtin_bit_cast(unsigned long, &i);
+  clang_analyzer_dump(g4);
+  // expected-warning at -1 {{&i [as 64 bit integer]}}
+}
Index: clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
+++ clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
@@ -304,7 +304,8 @@
   ExplodedNodeSet dstPreStmt;
   getCheckerManager().runCheckersForPreStmt(dstPreStmt, Pred, CastE, *this);
 
-  if (CastE->getCastKind() == CK_LValueToRValue) {
+  if (CastE->getCastKind() == CK_LValueToRValue ||
+      CastE->getCastKind() == CK_LValueToRValueBitCast) {
     for (ExplodedNodeSet::iterator I = dstPreStmt.begin(), E = dstPreStmt.end();
          I!=E; ++I) {
       ExplodedNode *subExprNode = *I;
@@ -332,6 +333,7 @@
 
     switch (CastE->getCastKind()) {
       case CK_LValueToRValue:
+      case CK_LValueToRValueBitCast:
         llvm_unreachable("LValueToRValue casts handled earlier.");
       case CK_ToVoid:
         continue;
@@ -380,7 +382,6 @@
       case CK_Dependent:
       case CK_ArrayToPointerDecay:
       case CK_BitCast:
-      case CK_LValueToRValueBitCast:
       case CK_AddressSpaceConversion:
       case CK_BooleanToSignedIntegral:
       case CK_IntegralToPointer:


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D105017.355245.patch
Type: text/x-patch
Size: 2434 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20210629/d4c9ffb4/attachment.bin>

More information about the cfe-commits mailing list