[clang] [analyzer] Fix false positive for bitfield read after cast-pointer write (PR #188387)
Balázs Benics via cfe-commits
cfe-commits at lists.llvm.org
Thu Mar 26 03:42:30 PDT 2026
================
@@ -2554,6 +2638,11 @@ RegionStoreManager::bind(LimitedRegionBindingsConstRef B, Loc L, SVal V) {
// Clear out bindings that may overlap with this binding.
auto NewB = removeSubRegionBindings(B, cast<SubRegion>(R));
+ // When writing a scalar through a cast pointer to a record region
+ // (e.g. *(unsigned*)&struct_var = val), track which bits of each
+ // overlapping bitfield have been written using a per-field bitmask.
+ NewB = updateBitfieldCoverage(B, NewB, R, V);
+
----------------
steakhal wrote:
The new code appears to hook the Store in the `bind` - which is the write operation.
But I think the write is correct - at least from what I could see from the `printState` dump.
To quote what I earlier wrote: after the assignment, we have a single direct binding at bit offset 0 binding the value we assign. And that is correct.
Consequently, I'm puzzled why we need to change how `bind` is modelled.
To me, what needs patching is under `getBinding` - which is for modeling reads. Consequently, also the read of the bitfield.
Likely that its `getBindingForField` that needs some fixing. In fact, it already has some bitfield handling stuff. Probably the git blame should give you hints about the bigger picture if any.
https://github.com/llvm/llvm-project/pull/188387
More information about the cfe-commits
mailing list