[clang] be03d25 - [analyzer] Retain address space information in getElementRegion (#151370)

via cfe-commits cfe-commits at lists.llvm.org
Fri Aug 1 07:40:00 PDT 2025 

Author: DonĂ¡t Nagy
Date: 2025-08-01T16:39:56+02:00
New Revision: be03d257cdc29172a7b4b35f85d3242fddba1d43

URL: https://github.com/llvm/llvm-project/commit/be03d257cdc29172a7b4b35f85d3242fddba1d43
DIFF: https://github.com/llvm/llvm-project/commit/be03d257cdc29172a7b4b35f85d3242fddba1d43.diff

LOG: [analyzer] Retain address space information in getElementRegion (#151370)

The factory method `MemRegionManager::getElementRegion()` is the main
way of constructing `ElementRegion` objects, which are widespread in the
analysis and may represent array elements (as lvalues), pointer
arithmetic and type conversions.

This factory method used to strip all qualifiers from the type
associated with the element (after canonicalizing it), but the address
space qualifier can affect the size of a pointer type, so stripping it
caused an assertion failure (in `evalBinOpLL`):

clang: clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp:785: void
assertEqualBitWidths(clang::ento::ProgramStateRef, clang::ento::Loc,
clang::ento::Loc): Assertion `RhsBitwidth == LhsBitwidth && "RhsLoc and
LhsLoc bitwidth must be same!"' failed.

---------

Co-authored-by: Vince Bridgers <vince.a.bridgers at ericsson.com>

Added: 
    clang/test/Analysis/element-region-address-space.c

Modified: 
    clang/lib/StaticAnalyzer/Core/MemRegion.cpp

Removed: 
    


################################################################################
diff  --git a/clang/lib/StaticAnalyzer/Core/MemRegion.cpp b/clang/lib/StaticAnalyzer/Core/MemRegion.cpp
index 3e68373028b10..0058a0ddfb0df 100644
--- a/clang/lib/StaticAnalyzer/Core/MemRegion.cpp
+++ b/clang/lib/StaticAnalyzer/Core/MemRegion.cpp
@@ -1219,6 +1219,16 @@ MemRegionManager::getElementRegion(QualType elementType, NonLoc Idx,
                                    const ASTContext &Ctx) {
   QualType T = Ctx.getCanonicalType(elementType).getUnqualifiedType();
 
+  // The address space must be preserved because some target-specific address
+  // spaces influence the size of the pointer value which is represented by the
+  // element region.
+  LangAS AS = elementType.getAddressSpace();
+  if (AS != LangAS::Default) {
+    Qualifiers Quals;
+    Quals.setAddressSpace(AS);
+    T = Ctx.getQualifiedType(T, Quals);
+  }
+
   llvm::FoldingSetNodeID ID;
   ElementRegion::ProfileRegion(ID, T, Idx, superRegion);
 

diff  --git a/clang/test/Analysis/element-region-address-space.c b/clang/test/Analysis/element-region-address-space.c
new file mode 100644
index 0000000000000..dd7066240fef6
--- /dev/null
+++ b/clang/test/Analysis/element-region-address-space.c
@@ -0,0 +1,11 @@
+// RUN: %clang_analyze_cc1 -triple amdgcn-unknown-unknown \
+// RUN:   -analyzer-checker=core -verify %s
+
+// expected-no-diagnostics
+//
+// By default, pointers are 64-bits.
+#define ADDRESS_SPACE_32BITS __attribute__((address_space(3)))
+
+int test(ADDRESS_SPACE_32BITS int *p, ADDRESS_SPACE_32BITS void *q) {
+  return p == q; // no-crash
+}

More information about the cfe-commits mailing list