[PATCH] D124349: [analyzer] Get direct binding for specific punned case

Wed May 4 03:27:15 PDT 2022

steakhal added a comment.

In D124349#3490524 <https://reviews.llvm.org/D124349#3490524>, @martong wrote:

> Can we have a test for this, got idea from here (https://stackoverflow.com/questions/4129961/how-is-the-size-of-a-struct-with-bit-fields-determined-measured)
>
>   typedef struct
>   {
>           unsigned int a:1;
>           unsigned int x:31;
>           unsigned int c:1;
>           int b[2];
>   } mystruct;
>   ...
>   ff.b[0] = 3;
>   clang_analyzer_eval(*((int *)pff + 2) == 3); // expected-warning{{TRUE}}  // Or should this be `pff + 3` ???

Generally, you are right. But in this case, we are talking about a *single bit* bitfield.
That bitfield cannot span across multiple `unsigned` objects. And `int` is supposed to be at least one byte large, hence there is plenty of room for an additional `CHAR_BIT - 1` bits along with this one and we would be still portable.

================
Comment at: clang/test/Analysis/array-struct-region.c:1
 // RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.core,debug.ExprInspection -verify -analyzer-config eagerly-assume=false %s

----------------
martong wrote:
> Should we pin the target, shouldn't we?
There is no need for that.
The `sizeof(int)` might change, but the `operator+` will accommodate for that in the pointer arithmetic. And the field after bitfields is by default aligned to its preferred alignment.

Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D124349/new/

https://reviews.llvm.org/D124349