steakhal created this revision.
steakhal added reviewers: NoQ, martong, Szelethus, xazax.hun.
Herald added subscribers: manas, ASDenysPetrov, dkrupp, donat.nagy,
mikhail.ramalho, a.sidorin, rnkovacs, szepet, baloghadamsoftware.
Herald added a project: All.
steakhal requested review of this revision.
Herald added a project: clang.
Herald added a subscriber: cfe-commits.
The Clang Static Analyzer will crash on this code:
struct Box {
int value;
};
template <Box V> int get() {
return V.value;
}
template int get<Box{-1}>();
https://godbolt.org/z/5Yb1sMMMb
The problem is that we don't account for encountering `TemplateParamObjectDecl`s
within the `DeclRefExpr` handler in the `ExprEngine`.
IMO we should create a new memregion for representing such template
param objects, to model their language semantics.
Such as:
- it should have global static storage
- for two identical values, their addresses should be identical as well
http://eel.is/c%2B%2Bdraft/temp.param#8
I was thinking of introducing a `TemplateParamObjectRegion` under `DeclRegion`
for this purpose. It could have `TemplateParamObjectDecl` as a field.
The `TemplateParamObjectDecl::getValue()` returns `APValue`, which might
represent multiple levels of structures, unions and other goodies -
making the transformation from `APValue` to `SVal` a bit complicated.
That being said, for now, I think having `Unknowns` for such cases is
definitely an improvement to crashing, hence I'm proposing this patch.
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D135763
Files:
clang/lib/StaticAnalyzer/Core/ExprEngine.cpp
clang/test/Analysis/template-param-objects.cpp
Index: clang/test/Analysis/template-param-objects.cpp
===================================================================
--- /dev/null
+++ clang/test/Analysis/template-param-objects.cpp
@@ -0,0 +1,33 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection \
+// RUN: -analyzer-config eagerly-assume=false -std=c++20 -verify %s
+
+template <class T> void clang_analyzer_dump(T);
+void clang_analyzer_eval(bool);
+
+struct Box {
+ int value;
+};
+bool operator ==(Box lhs, Box rhs) {
+ return lhs.value == rhs.value;
+}
+template <Box V> void dumps() {
+ clang_analyzer_dump(V); // expected-warning {{lazyCompoundVal}}
+ clang_analyzer_dump(&V); // expected-warning {{Unknown}}
+ clang_analyzer_dump(V.value); // expected-warning {{Unknown}} FIXME: It
should be '6 S32b'.
+ clang_analyzer_dump(&V.value); // expected-warning {{Unknown}}
+}
+template void dumps<Box{6}>();
+
+// [temp.param].7.3.2:
+// "All such template parameters in the program of the same type with the
+// same value denote the same template parameter object."
+template <Box A1, Box A2, Box B1, Box B2> void stable_addresses() {
+ clang_analyzer_eval(&A1 == &A2); // expected-warning {{UNKNOWN}} FIXME: It
should be TRUE.
+ clang_analyzer_eval(&B1 == &B2); // expected-warning {{UNKNOWN}} FIXME: It
should be TRUE.
+ clang_analyzer_eval(&A1 == &B2); // expected-warning {{UNKNOWN}} FIXME: It
should be FALSE.
+
+ clang_analyzer_eval(A1 == A2); // expected-warning {{UNKNOWN}} FIXME: It
should be TRUE.
+ clang_analyzer_eval(B1 == B2); // expected-warning {{UNKNOWN}} FIXME: It
should be TRUE.
+ clang_analyzer_eval(A1 == B2); // expected-warning {{UNKNOWN}} FIXME: It
should be FALSE.
+}
+template void stable_addresses<Box{1}, Box{1}, Box{2}, Box{2}>();
Index: clang/lib/StaticAnalyzer/Core/ExprEngine.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Core/ExprEngine.cpp
+++ clang/lib/StaticAnalyzer/Core/ExprEngine.cpp
@@ -3158,6 +3158,12 @@
return;
}
+ if (const auto *TPO = dyn_cast<TemplateParamObjectDecl>(D)) {
+ // FIXME: We should meaningfully implement this.
+ (void)TPO;
+ return;
+ }
+
llvm_unreachable("Support for this Decl not implemented.");
}
Index: clang/test/Analysis/template-param-objects.cpp
===================================================================
--- /dev/null
+++ clang/test/Analysis/template-param-objects.cpp
@@ -0,0 +1,33 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection \
+// RUN: -analyzer-config eagerly-assume=false -std=c++20 -verify %s
+
+template <class T> void clang_analyzer_dump(T);
+void clang_analyzer_eval(bool);
+
+struct Box {
+ int value;
+};
+bool operator ==(Box lhs, Box rhs) {
+ return lhs.value == rhs.value;
+}
+template <Box V> void dumps() {
+ clang_analyzer_dump(V); // expected-warning {{lazyCompoundVal}}
+ clang_analyzer_dump(&V); // expected-warning {{Unknown}}
+ clang_analyzer_dump(V.value); // expected-warning {{Unknown}} FIXME: It should be '6 S32b'.
+ clang_analyzer_dump(&V.value); // expected-warning {{Unknown}}
+}
+template void dumps<Box{6}>();
+
+// [temp.param].7.3.2:
+// "All such template parameters in the program of the same type with the
+// same value denote the same template parameter object."
+template <Box A1, Box A2, Box B1, Box B2> void stable_addresses() {
+ clang_analyzer_eval(&A1 == &A2); // expected-warning {{UNKNOWN}} FIXME: It should be TRUE.
+ clang_analyzer_eval(&B1 == &B2); // expected-warning {{UNKNOWN}} FIXME: It should be TRUE.
+ clang_analyzer_eval(&A1 == &B2); // expected-warning {{UNKNOWN}} FIXME: It should be FALSE.
+
+ clang_analyzer_eval(A1 == A2); // expected-warning {{UNKNOWN}} FIXME: It should be TRUE.
+ clang_analyzer_eval(B1 == B2); // expected-warning {{UNKNOWN}} FIXME: It should be TRUE.
+ clang_analyzer_eval(A1 == B2); // expected-warning {{UNKNOWN}} FIXME: It should be FALSE.
+}
+template void stable_addresses<Box{1}, Box{1}, Box{2}, Box{2}>();
Index: clang/lib/StaticAnalyzer/Core/ExprEngine.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Core/ExprEngine.cpp
+++ clang/lib/StaticAnalyzer/Core/ExprEngine.cpp
@@ -3158,6 +3158,12 @@
return;
}
+ if (const auto *TPO = dyn_cast<TemplateParamObjectDecl>(D)) {
+ // FIXME: We should meaningfully implement this.
+ (void)TPO;
+ return;
+ }
+
llvm_unreachable("Support for this Decl not implemented.");
}
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
