mirrors/llvm-project
0
0
Fork 0
mirror of https://github.com/llvm/llvm-project.git synced 2025-04-26 02:56:08 +00:00
Code Issues Projects Releases Wiki Activity
llvm-project/clang/test/Analysis/builtin_bitcast.cpp
Balazs Benics 51d15d13de
[analyzer] Fix assertion failure in CXXInstanceCall::getCXXThisVal (#70837) 
Workaround the case when the `this` pointer is actually a `NonLoc`, by
returning `Unknown` instead.
The solution isn't ideal, as `this` should be really a `Loc`, but due to
how casts work, I feel this is our easiest and best option.

As this patch presents, I'm evaluating a cast to transform the `NonLoc`.
However, given that `evalCast()` can't be cast from `NonLoc` to a
pointer type thingy (`Loc`), we end up with `Unknown`.
It is because `EvalCastVisitor::VisitNonLocSymbolVal()` only evaluates
casts that happen from NonLoc to NonLocs.

When I tried to actually implement that case, I figured:
1) Create a `SymbolicRegion` from that `nonloc::SymbolVal`; but
`SymbolRegion` ctor expects a pointer type for the symbol.
2) Okay, just have a `SymbolCast`, getting us the pointer type; but
`SymbolRegion` expects `SymbolData` symbols, not generic `SymExpr`s, as
stated:

> // Because pointer arithmetic is represented by ElementRegion layers,
> // the base symbol here should not contain any arithmetic.

3) We can't use `ElementRegion`s to perform this cast because to have an
`ElementRegion`, you already have to have a `SubRegion` that you want to
cast, but the point is that we don't have that.

At this point, I gave up, and just left a FIXME instead, while still
returning `Unknown` on that path.
IMO this is still better than having a crash.

Fixes #69922
2023-11-04 11:11:24 +01:00

54 lines
1.7 KiB
C++
Raw Blame History

// RUN: %clang_analyze_cc1 -triple x86_64-unknown-unknown -verify %s \
// RUN: -analyzer-checker=core,debug.ExprInspection
template <typename T> void clang_analyzer_dump(T);
using size_t = decltype(sizeof(int));
__attribute__((always_inline)) static inline constexpr unsigned int _castf32_u32(float __A) {
return __builtin_bit_cast(unsigned int, __A); // no-warning
}
void test(int i) {
_castf32_u32(42);
float f = 42;
// Loading from a floating point value results in unknown,
// which later materializes as a conjured value.
auto g = __builtin_bit_cast(unsigned int, f);
clang_analyzer_dump(g);
// expected-warning-re@-1 {{{{^conj_\$[0-9]+{unsigned int,}}}}
auto g2 = __builtin_bit_cast(unsigned int, 42.0f);
clang_analyzer_dump(g2);
// expected-warning-re@-1 {{{{^conj_\$[0-9]+{unsigned int,}}}}
auto g3 = __builtin_bit_cast(unsigned int, i);
clang_analyzer_dump(g3);
// expected-warning-re@-1 {{{{^reg_\$[0-9]+<int i>}}}}
auto g4 = __builtin_bit_cast(unsigned long, &i);
clang_analyzer_dump(g4);
// expected-warning@-1 {{&i [as 64 bit integer]}}
}
struct A {
int n;
void set(int x) {
n = x;
}
};
void gh_69922(size_t p) {
// expected-warning-re@+1 {{(reg_${{[0-9]+}}<size_t p>) & 1U}}
clang_analyzer_dump(__builtin_bit_cast(A*, p & 1));
__builtin_bit_cast(A*, p & 1)->set(2); // no-crash
// However, since the `this` pointer is expected to be a Loc, but we have
// NonLoc there, we simply give up and resolve it as `Unknown`.
// Then, inside the `set()` member function call we can't evaluate the
// store to the member variable `n`.
clang_analyzer_dump(__builtin_bit_cast(A*, p & 1)->n); // Ideally, this should print "2".
// expected-warning-re@-1 {{(reg_${{[0-9]+}}<size_t p>) & 1U}}
}
Reference in New Issue View Git Blame Copy Permalink