[clang] aa454dd - [analyzer] LValueToRValueBitCasts should evaluate to an r-value
Balazs Benics via cfe-commits
cfe-commits at lists.llvm.org
Thu Jul 1 01:44:10 PDT 2021
Author: Balazs Benics
Date: 2021-07-01T10:54:22+02:00
New Revision: aa454dda2eed4e71081bc57b1f32dfce2486b177
URL: https://github.com/llvm/llvm-project/commit/aa454dda2eed4e71081bc57b1f32dfce2486b177
DIFF: https://github.com/llvm/llvm-project/commit/aa454dda2eed4e71081bc57b1f32dfce2486b177.diff
LOG: [analyzer] LValueToRValueBitCasts should evaluate to an r-value
Previously `LValueToRValueBitCast`s were modeled in the same way how
a regular `BitCast` was. However, this should not produce an l-value.
Modeling bitcasts accurately is tricky, so it's probably better to
model this expression by binding a fresh conjured value.
The following code should not result in a diagnostic:
```lang=C++
__attribute__((always_inline))
static inline constexpr unsigned int_castf32_u32(float __A) {
return __builtin_bit_cast(unsigned int, __A); // no-warning
}
```
Previously, it reported
`Address of stack memory associated with local variable '__A' returned
to caller [core.StackAddressEscape]`.
Differential Revision: https://reviews.llvm.org/D105017
Reviewed by: NoQ, vsavchenko
Added:
clang/test/Analysis/builtin_bitcast.cpp
Modified:
clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
Removed:
################################################################################
diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp b/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
index a1c8128f1650a..bf3f8dfd0877a 100644
--- a/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
+++ b/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
@@ -304,7 +304,8 @@ void ExprEngine::VisitCast(const CastExpr *CastE, const Expr *Ex,
ExplodedNodeSet dstPreStmt;
getCheckerManager().runCheckersForPreStmt(dstPreStmt, Pred, CastE, *this);
- if (CastE->getCastKind() == CK_LValueToRValue) {
+ if (CastE->getCastKind() == CK_LValueToRValue ||
+ CastE->getCastKind() == CK_LValueToRValueBitCast) {
for (ExplodedNodeSet::iterator I = dstPreStmt.begin(), E = dstPreStmt.end();
I!=E; ++I) {
ExplodedNode *subExprNode = *I;
@@ -332,6 +333,7 @@ void ExprEngine::VisitCast(const CastExpr *CastE, const Expr *Ex,
switch (CastE->getCastKind()) {
case CK_LValueToRValue:
+ case CK_LValueToRValueBitCast:
llvm_unreachable("LValueToRValue casts handled earlier.");
case CK_ToVoid:
continue;
@@ -380,7 +382,6 @@ void ExprEngine::VisitCast(const CastExpr *CastE, const Expr *Ex,
case CK_Dependent:
case CK_ArrayToPointerDecay:
case CK_BitCast:
- case CK_LValueToRValueBitCast:
case CK_AddressSpaceConversion:
case CK_BooleanToSignedIntegral:
case CK_IntegralToPointer:
diff --git a/clang/test/Analysis/builtin_bitcast.cpp b/clang/test/Analysis/builtin_bitcast.cpp
new file mode 100644
index 0000000000000..396e7caa45f6a
--- /dev/null
+++ b/clang/test/Analysis/builtin_bitcast.cpp
@@ -0,0 +1,32 @@
+// RUN: %clang_analyze_cc1 -triple x86_64-unknown-unknown -verify %s \
+// RUN: -analyzer-checker=core,debug.ExprInspection
+
+template <typename T> void clang_analyzer_dump(T);
+
+__attribute__((always_inline)) static inline constexpr unsigned int _castf32_u32(float __A) {
+ return __builtin_bit_cast(unsigned int, __A); // no-warning
+}
+
+void test(int i) {
+ _castf32_u32(42);
+
+ float f = 42;
+
+ // Loading from a floating point value results in unknown,
+ // which later materializes as a conjured value.
+ auto g = __builtin_bit_cast(unsigned int, f);
+ clang_analyzer_dump(g);
+ // expected-warning-re at -1 {{{{^conj_\$[0-9]+{unsigned int,}}}}
+
+ auto g2 = __builtin_bit_cast(unsigned int, 42.0f);
+ clang_analyzer_dump(g2);
+ // expected-warning-re at -1 {{{{^conj_\$[0-9]+{unsigned int,}}}}
+
+ auto g3 = __builtin_bit_cast(unsigned int, i);
+ clang_analyzer_dump(g3);
+ // expected-warning-re at -1 {{{{^reg_\$[0-9]+<int i>}}}}
+
+ auto g4 = __builtin_bit_cast(unsigned long, &i);
+ clang_analyzer_dump(g4);
+ // expected-warning at -1 {{&i [as 64 bit integer]}}
+}
More information about the cfe-commits
mailing list