[PATCH] D124349: [analyzer] Get direct binding for specific punned case
Vince Bridgers via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Wed May 4 12:33:02 PDT 2022
vabridgers updated this revision to Diff 427106.
vabridgers added a comment.
Address comments from @martong
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D124349/new/
https://reviews.llvm.org/D124349
Files:
clang/lib/StaticAnalyzer/Core/RegionStore.cpp
clang/test/Analysis/array-punned-region.c
Index: clang/test/Analysis/array-punned-region.c
===================================================================
--- /dev/null
+++ clang/test/Analysis/array-punned-region.c
@@ -0,0 +1,39 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.core,debug.ExprInspection -verify -analyzer-config eagerly-assume=false -triple x86_64-pc-linux-gnu %s
+
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.core,debug.ExprInspection -verify -analyzer-config eagerly-assume=false -triple i386-pc-linux-gnu %s
+
+int clang_analyzer_eval(int);
+
+typedef struct {
+ int a : 1;
+ int b[2];
+} BITFIELD_CAST;
+
+void array_struct_bitfield_1() {
+ BITFIELD_CAST ff = {0};
+ BITFIELD_CAST *pff = &ff;
+ clang_analyzer_eval(*((int *)pff + 1) == 0); // expected-warning{{TRUE}}
+ ff.b[0] = 3;
+ clang_analyzer_eval(*((int *)pff + 1) == 3); // expected-warning{{TRUE}}
+}
+
+int array_struct_bitfield_2() {
+ BITFIELD_CAST ff = {0};
+ BITFIELD_CAST *pff = &ff;
+ int a = *((int *)pff + 2); // expected-warning{{Assigned value is garbage or undefined [core.uninitialized.Assign]}}
+ return a;
+}
+
+typedef struct {
+ unsigned int a : 1;
+ unsigned int x : 31;
+ unsigned int c : 1;
+ int b[2];
+} mystruct;
+
+void array_struct_bitfield_3() {
+ mystruct ff;
+ mystruct *pff = &ff;
+ ff.b[0] = 3;
+ clang_analyzer_eval(*((int *)pff + 2) == 3); // expected-warning{{TRUE}} // Or should this be `pff + 3` ???
+}
Index: clang/lib/StaticAnalyzer/Core/RegionStore.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Core/RegionStore.cpp
+++ clang/lib/StaticAnalyzer/Core/RegionStore.cpp
@@ -2147,8 +2147,13 @@
return UnknownVal();
// Additionally allow introspection of a block's internal layout.
- if (!hasPartialLazyBinding && !isa<BlockDataRegion>(R->getBaseRegion()))
+ // Try to get direct binding if all other attempts failed thus far.
+ // Else, return UndefinedVal()
+ if (!hasPartialLazyBinding && !isa<BlockDataRegion>(R->getBaseRegion())) {
+ if (const Optional<SVal> &V = B.getDefaultBinding(R))
+ return *V;
return UndefinedVal();
+ }
}
// All other values are symbolic.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D124349.427106.patch
Type: text/x-patch
Size: 2200 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20220504/bf299c01/attachment-0001.bin>
More information about the cfe-commits
mailing list