[clang] [analyzer] Simplify SVal for simple NonLoc->Loc casts (PR #66498)
Ding Fei via cfe-commits
cfe-commits at lists.llvm.org
Fri Sep 15 05:02:04 PDT 2023
https://github.com/danix800 created https://github.com/llvm/llvm-project/pull/66498
NonLoc symbolic SVal to Loc casts are not supported except for nonloc::ConcreteInt.
This change simplifies the source SVals so that the more casts can go through nonloc::ConcreteInt->loc::ConcreteInt path. For example:
void test_simplified_before_cast_add(long long t1) {
long long t2 = t1 + 3;
if (!t2) {
int *p = (int *) t2;
clang_analyzer_eval(p == 0); // expected-warning{{TRUE}}
}
}
If simplified, 't2' is 0, resulting 'p' is nullptr, otherwise 'p' is unknown.
Fixes #62232
>From 0b776deb2bbd4d03325b02680eb99c788d3bc37d Mon Sep 17 00:00:00 2001
From: dingfei <fding at feysh.com>
Date: Fri, 15 Sep 2023 14:01:26 +0800
Subject: [PATCH] [analyzer] Simplify SVal for simple NonLoc->Loc casts
NonLoc symbolic SVal to Loc casts are not supported except for
nonloc::ConcreteInt.
This change simplifies the source SVals so that the more casts can
go through nonloc::ConcreteInt->loc::ConcreteInt path. For example:
void test_simplified_before_cast_add(long long t1) {
long long t2 = t1 + 3;
if (!t2) {
int *p = (int *) t2;
clang_analyzer_eval(p == 0); // expected-warning{{TRUE}}
}
}
If simplified, 't2' is 0, resulting 'p' is nullptr, otherwise 'p'
is unknown.
Fixes #62232
---
clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp | 3 +-
.../symbol-simplification-nonloc-loc.cpp | 28 ++++++++++++++++++-
2 files changed, 29 insertions(+), 2 deletions(-)
diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp b/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
index 2a47116db55a1ad..7e431f7e598c4cb 100644
--- a/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
+++ b/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
@@ -264,7 +264,8 @@ ProgramStateRef ExprEngine::handleLValueBitCast(
}
// Delegate to SValBuilder to process.
SVal OrigV = state->getSVal(Ex, LCtx);
- SVal V = svalBuilder.evalCast(OrigV, T, ExTy);
+ SVal SimplifiedOrigV = svalBuilder.simplifySVal(state, OrigV);
+ SVal V = svalBuilder.evalCast(SimplifiedOrigV, T, ExTy);
// Negate the result if we're treating the boolean as a signed i1
if (CastE->getCastKind() == CK_BooleanToSignedIntegral && V.isValid())
V = svalBuilder.evalMinus(V.castAs<NonLoc>());
diff --git a/clang/test/Analysis/symbol-simplification-nonloc-loc.cpp b/clang/test/Analysis/symbol-simplification-nonloc-loc.cpp
index 485f68d9a5acfba..6cfe8da971429c3 100644
--- a/clang/test/Analysis/symbol-simplification-nonloc-loc.cpp
+++ b/clang/test/Analysis/symbol-simplification-nonloc-loc.cpp
@@ -1,6 +1,8 @@
-// RUN: %clang_analyze_cc1 -analyzer-checker=core %s \
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection %s \
// RUN: -triple x86_64-pc-linux-gnu -verify
+void clang_analyzer_eval(int);
+
#define BINOP(OP) [](auto x, auto y) { return x OP y; }
template <typename BinOp>
@@ -73,3 +75,27 @@ void zoo1backwards() {
*(0 + p) = nullptr; // warn
**(0 + p) = 'a'; // no-warning: this should be unreachable
}
+
+void test_simplified_before_cast_add(long t1) {
+ long t2 = t1 + 3;
+ if (!t2) {
+ int *p = (int *) t2;
+ clang_analyzer_eval(p == 0); // expected-warning{{TRUE}}
+ }
+}
+
+void test_simplified_before_cast_sub(long t1) {
+ long t2 = t1 - 3;
+ if (!t2) {
+ int *p = (int *) t2;
+ clang_analyzer_eval(p == 0); // expected-warning{{TRUE}}
+ }
+}
+
+void test_simplified_before_cast_mul(long t1) {
+ long t2 = t1 * 3;
+ if (!t2) {
+ int *p = (int *) t2;
+ clang_analyzer_eval(p == 0); // expected-warning{{TRUE}}
+ }
+}
More information about the cfe-commits
mailing list