[clang] [analyzer] Fix false positive for bitfield read after cast-pointer write (PR #188387)
Balázs Benics via cfe-commits
cfe-commits at lists.llvm.org
Thu Mar 26 03:55:20 PDT 2026
================
@@ -2554,6 +2638,11 @@ RegionStoreManager::bind(LimitedRegionBindingsConstRef B, Loc L, SVal V) {
// Clear out bindings that may overlap with this binding.
auto NewB = removeSubRegionBindings(B, cast<SubRegion>(R));
+ // When writing a scalar through a cast pointer to a record region
+ // (e.g. *(unsigned*)&struct_var = val), track which bits of each
+ // overlapping bitfield have been written using a per-field bitmask.
+ NewB = updateBitfieldCoverage(B, NewB, R, V);
+
----------------
steakhal wrote:
One reason for why we should not change how `bind` works is because of the following invariant:
If we store something somewhere, and then right after that we load it back; we should get the value we stored there.
This applies to writes and stores to unaligned, type-punned storage.
This means that the value we store, should not care if the memory beneath is a bitfield or anything else - given that there is actually some memory.
https://github.com/llvm/llvm-project/pull/188387
More information about the cfe-commits
mailing list