[clang] [clang][analyzer] Correct SMT Layer for _BitInt cases refutations (PR #143310)
Balazs Benics via cfe-commits
cfe-commits at lists.llvm.org
Wed Jun 11 01:15:46 PDT 2025
================
@@ -0,0 +1,23 @@
+// RUN: %clang_cc1 -analyze -analyzer-checker=core -w -DNO_CROSSCHECK -verify %s
+// RUN: %clang_cc1 -analyze -analyzer-checker=core -w -analyzer-config crosscheck-with-z3=true -verify %s
+// REQUIRES: z3
+
+// The SMTConv layer did not comprehend _BitInt types (because this was an
+// evolved feature) and was crashing due to needed updates in 2 places.
+// Analysis is expected to find these cases using _BitInt without crashing.
+
+_BitInt(35) a;
+int b;
+void c() {
+ int d;
+ if (a)
+ b = d; // expected-warning{{Assigned value is uninitialized [core.uninitialized.Assign]}}
+}
+
+int *d;
+_BitInt(3) e;
+void f() {
+ int g;
+ d = &g;
+ e ?: 0; // expected-warning{{Address of stack memory associated with local variable 'g' is still referred to by the global variable 'd' upon returning to the caller. This will be a dangling reference [core.StackAddressEscape]}}
----------------
steakhal wrote:
Here if I'm not mistaken, the only thing we need is some bug report. Thus we could swap the bug into a warnIfReached to create one report. That should allow simplifications to this test, including the use of the global variable.
https://github.com/llvm/llvm-project/pull/143310
More information about the cfe-commits
mailing list