This is an archive of the discontinued LLVM Phabricator instance.

Differential D132851

Further update -Wbitfield-constant-conversion for 1-bit bitfield
ClosedPublic

Authored by aaron.ballman on Aug 29 2022, 7:11 AM.

Details

Reviewers
ShawnZhong
thakis
erichkeane
Group Reviewers
Restricted Project
Commits
rG3b00e486797c: Further update -Wbitfield-constant-conversion for 1-bit bitfield
Summary

https://reviews.llvm.org/D131255 (82afc9b169a67e8b8a1862fb9c41a2cd974d6691) began warning about conversion causing data loss for a single-bit bit-field. However, after landing the changes, there were reports about significant false positives from some code bases.

This alters the approach taken in that patch by introducing a new warning group (-Wsingle-bit-bitfield-constant-conversion) which is grouped under -Wbitfield-constant-conversion to allow users to selectively disable the single-bit warning without losing the other constant conversion warnings.

Diff Detail

Event Timeline

aaron.ballman created this revision.Aug 29 2022, 7:11 AM
Herald added a project: Restricted Project. · View Herald TranscriptAug 29 2022, 7:11 AM
aaron.ballman requested review of this revision.Aug 29 2022, 7:11 AM
Herald added a project: Restricted Project. · View Herald TranscriptAug 29 2022, 7:11 AM
aaron.ballman mentioned this in D131255: Fix Wbitfield-constant-conversion on 1-bit signed bitfield.Aug 29 2022, 7:11 AM
erichkeane added a comment.Aug 29 2022, 7:24 AM

LGTM, questioning whether we want to do some macro introspection in C mode (as the CORRECT way to use these 1 bit-bitfields is as a bool), but at least this gives the person the ability to disable this warning.

clang/test/Sema/constant-conversion.c
24–25

Can you add a test that shows this isn't diagnosed:

s.b = true;?

Thanks to stdbool.h, this of course might have to be in the C++ test (or C23). Makes me question whether we need to do some detection to see if someone has written the above.

aaron.ballman updated this revision to Diff 456343.Aug 29 2022, 7:53 AM

Added a test case for true in C++, and added similar logic for C to reduce the chance for false positives. If the user uses true (the macro from stdbool.h), they're signaling an intent that the field is used in boolean contexts. The macro expands to 1 (per spec) but should not be diagnosed because the actual value stored only needs to be nonzero to have the correct boolean semantics.

erichkeane accepted this revision.Aug 29 2022, 8:34 AM

2 nits, otherwise LGTM.

clang/lib/Sema/SemaChecking.cpp
13080

Might consider hoisting this line above the macro-checking, and just use it in both cases. Also, perhaps a more descriptive name? IsInvalidSignedOneBitAssignment ?

This revision is now accepted and ready to land.Aug 29 2022, 8:34 AM
Harbormaster completed remote builds in B183928: Diff 456343.Aug 29 2022, 9:03 AM
aaron.ballman updated this revision to Diff 456366.Aug 29 2022, 9:03 AM

Update based on review feedback.

erichkeane accepted this revision.Aug 29 2022, 9:13 AM

Still LGTM.

Harbormaster completed remote builds in B183944: Diff 456366.Aug 29 2022, 9:54 AM
uabelho added a subscriber: uabelho.Aug 29 2022, 10:29 PM
Closed by commit rG3b00e486797c: Further update -Wbitfield-constant-conversion for 1-bit bitfield (authored by aaron.ballman). · Explain WhyAug 31 2022, 6:25 AM
This revision was automatically updated to reflect the committed changes.
aaron.ballman added a commit: rG3b00e486797c: Further update -Wbitfield-constant-conversion for 1-bit bitfield.
bjope added a subscriber: bjope.Sep 1 2022, 4:58 AM
bjope added inline comments.
clang/test/Sema/constant-conversion.c
30

(Sorry for being late to the party, with post commit comments. I'm just trying to understand the reasoning about always suppressing the warning based on "true".)

Isn't the code a bit suspicious when using true/false from stdbool.h, while using a signed bitfield?

When doing things like

(s.b == true) ? 1 : 0

the result would always be zero if s.b is a signed 1-bit bitfield.

So wouldn't it make more sense to actually use an unsigned bitfield (such as the bool type from stdbool.h) when the intent is to store a boolean value and using defines from stdbool.h?

Is perhaps the idea that we will get warnings about (s.b == true) being redundant in situations like this, and then we do not need a warning on the bitfield assignment? Such a reasoning would actually make some sense, since (s.b == true) never would be true even when the bitfield is assigned a non-constant value, so we can't rely on catching the problem by only looking at bitfield assignments involving true/false.

aaron.ballman added inline comments.Sep 1 2022, 10:28 AM
clang/test/Sema/constant-conversion.c
30

Isn't the code a bit suspicious when using true/false from stdbool.h, while using a signed bitfield?

Yes and no...

When doing things like

(s.b == true) ? 1 : 0

the result would always be zero if s.b is a signed 1-bit bitfield.

You're correct, but that's a bit of a code smell because of == true.

So wouldn't it make more sense to actually use an unsigned bitfield (such as the bool type from stdbool.h) when the intent is to store a boolean value and using defines from stdbool.h?

Yes, ideally.

Is perhaps the idea that we will get warnings about (s.b == true) being redundant in situations like this, and then we do not need a warning on the bitfield assignment? Such a reasoning would actually make some sense, since (s.b == true) never would be true even when the bitfield is assigned a non-constant value, so we can't rely on catching the problem by only looking at bitfield assignments involving true/false.

The idea is more that someone using true is more likely to be treating the field as a boolean and so they won't be comparing the bit-field against a specific value, but instead testing it for its boolean value. This also unifies the behavior between C and C++: https://godbolt.org/z/WKP4xcPzT

We don't currently issue a diagnostic on == true, but that sure seems like something -Wtautological-compare should pick up on (for bit-fields in general, not just for one-bit bit-fields): https://godbolt.org/z/Tj4711Ysc

(Note, godbolt seems to have a Clang trunk that's ~8 days old, so diagnostic behavior doesn't match actual trunk yet. That caught me by surprise.)

bjope added inline comments.Sep 2 2022, 4:12 AM
clang/test/Sema/constant-conversion.c
30

Ok, thanks! Sounds reasonable to me.

aaron.ballman added inline comments.Sep 2 2022, 5:44 AM
clang/test/Sema/constant-conversion.c
30

Great! Thank you for the discussion! (FWIW, it's *totally* fine to give post commit feedback, so no need to apologize. You're never late to the "why does this work that way?" party.)

Revision Contents

PathSize
clang/
docs/
10 lines
include/
clang/
Basic/
5 lines
3 lines
lib/
Sema/
20 lines
test/
CXX/
drs/
6 lines
Sema/
19 lines
SemaCXX/
9 lines

Diff 456946

clang/docs/ReleaseNotes.rst

Show First 20 LinesShow All 100 Lines▼ Show 20 Lines- Clang will now correctly diagnose as ill-formed a constant expression where an
to provide a transition period for users. This diagnostic is expected to turn to provide a transition period for users. This diagnostic is expected to turn
into an error-only diagnostic in the next Clang release. Fixes into an error-only diagnostic in the next Clang release. Fixes
`Issue 50055: <https://github.com/llvm/llvm-project/issues/50055>`_. `Issue 50055: <https://github.com/llvm/llvm-project/issues/50055>`_.
- Clang will now check compile-time determinable string literals as format strings. - Clang will now check compile-time determinable string literals as format strings.
Fixes `Issue 55805: <https://github.com/llvm/llvm-project/issues/55805>`_. Fixes `Issue 55805: <https://github.com/llvm/llvm-project/issues/55805>`_.
- ``-Wformat`` now recognizes ``%b`` for the ``printf``/``scanf`` family of - ``-Wformat`` now recognizes ``%b`` for the ``printf``/``scanf`` family of
functions and ``%B`` for the ``printf`` family of functions. Fixes functions and ``%B`` for the ``printf`` family of functions. Fixes
`Issue 56885: <https://github.com/llvm/llvm-project/issues/56885>`_. `Issue 56885: <https://github.com/llvm/llvm-project/issues/56885>`_.
- ``-Wbitfield-constant-conversion`` now diagnoses implicit truncation when 1 is - Introduced ``-Wsingle-bit-bitfield-constant-conversion``, grouped under
assigned to a 1-bit signed integer bitfield. This fixes ``-Wbitfield-constant-conversion``, which diagnoses implicit truncation when
`Issue 53253 <https://github.com/llvm/llvm-project/issues/53253>`_. ``1`` is assigned to a 1-bit signed integer bitfield. This fixes
`Issue 53253 <https://github.com/llvm/llvm-project/issues/53253>`_. To reduce
potential false positives, this diagnostic will not diagnose use of the
``true`` macro (from ``<stdbool.h>>`) in C language mode despite the macro
being defined to expand to ``1``.
- ``-Wincompatible-function-pointer-types`` now defaults to an error in all C - ``-Wincompatible-function-pointer-types`` now defaults to an error in all C
language modes. It may be downgraded to a warning with language modes. It may be downgraded to a warning with
``-Wno-error=incompatible-function-pointer-types`` or disabled entirely with ``-Wno-error=incompatible-function-pointer-types`` or disabled entirely with
``-Wno-implicit-function-pointer-types``. ``-Wno-implicit-function-pointer-types``.
- Clang will now print more information about failed static assertions. In - Clang will now print more information about failed static assertions. In
particular, simple static assertion expressions are evaluated to their particular, simple static assertion expressions are evaluated to their
compile-time value and printed out if the assertion fails. compile-time value and printed out if the assertion fails.
- Diagnostics about uninitialized ``constexpr`` varaibles have been improved - Diagnostics about uninitialized ``constexpr`` varaibles have been improved
▲ Show 20 LinesShow All 205 LinesShow Last 20 Lines

clang/include/clang/Basic/DiagnosticGroups.td

Show First 20 LinesShow All 41 Lines▼ Show 20 Lines
def FrameworkHdrAtImport : DiagGroup<"atimport-in-framework-header">; def FrameworkHdrAtImport : DiagGroup<"atimport-in-framework-header">;
def CXX14BinaryLiteral : DiagGroup<"c++14-binary-literal">; def CXX14BinaryLiteral : DiagGroup<"c++14-binary-literal">;
def CXXPre14CompatBinaryLiteral : DiagGroup<"c++98-c++11-compat-binary-literal">; def CXXPre14CompatBinaryLiteral : DiagGroup<"c++98-c++11-compat-binary-literal">;
def GNUBinaryLiteral : DiagGroup<"gnu-binary-literal">; def GNUBinaryLiteral : DiagGroup<"gnu-binary-literal">;
def BinaryLiteral : DiagGroup<"binary-literal", [CXX14BinaryLiteral, def BinaryLiteral : DiagGroup<"binary-literal", [CXX14BinaryLiteral,
CXXPre14CompatBinaryLiteral, CXXPre14CompatBinaryLiteral,
GNUBinaryLiteral]>; GNUBinaryLiteral]>;
def GNUCompoundLiteralInitializer : DiagGroup<"gnu-compound-literal-initializer">; def GNUCompoundLiteralInitializer : DiagGroup<"gnu-compound-literal-initializer">;
def BitFieldConstantConversion : DiagGroup<"bitfield-constant-conversion">; def SingleBitBitFieldConstantConversion :
DiagGroup<"single-bit-bitfield-constant-conversion">;
def BitFieldConstantConversion : DiagGroup<"bitfield-constant-conversion",
[SingleBitBitFieldConstantConversion]>;
def BitFieldEnumConversion : DiagGroup<"bitfield-enum-conversion">; def BitFieldEnumConversion : DiagGroup<"bitfield-enum-conversion">;
def BitFieldWidth : DiagGroup<"bitfield-width">; def BitFieldWidth : DiagGroup<"bitfield-width">;
def CompoundTokenSplitByMacro : DiagGroup<"compound-token-split-by-macro">; def CompoundTokenSplitByMacro : DiagGroup<"compound-token-split-by-macro">;
def CompoundTokenSplitBySpace : DiagGroup<"compound-token-split-by-space">; def CompoundTokenSplitBySpace : DiagGroup<"compound-token-split-by-space">;
def CompoundTokenSplit : DiagGroup<"compound-token-split", def CompoundTokenSplit : DiagGroup<"compound-token-split",
[CompoundTokenSplitByMacro, [CompoundTokenSplitByMacro,
CompoundTokenSplitBySpace]>; CompoundTokenSplitBySpace]>;
def CoroutineMissingUnhandledException : def CoroutineMissingUnhandledException :
▲ Show 20 LinesShow All 1,325 LinesShow Last 20 Lines

clang/include/clang/Basic/DiagnosticSemaKinds.td

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 3,840 Lines▼ Show 20 Linesdef warn_impcast_nonnegative_result : Warning<
"the resulting value is always non-negative after implicit conversion">, "the resulting value is always non-negative after implicit conversion">,
InGroup<SignConversion>, DefaultIgnore; InGroup<SignConversion>, DefaultIgnore;
def warn_impcast_integer_64_32 : Warning< def warn_impcast_integer_64_32 : Warning<
"implicit conversion loses integer precision: %0 to %1">, "implicit conversion loses integer precision: %0 to %1">,
InGroup<Shorten64To32>, DefaultIgnore; InGroup<Shorten64To32>, DefaultIgnore;
def warn_impcast_integer_precision_constant : Warning< def warn_impcast_integer_precision_constant : Warning<
"implicit conversion from %2 to %3 changes value from %0 to %1">, "implicit conversion from %2 to %3 changes value from %0 to %1">,
InGroup<ConstantConversion>; InGroup<ConstantConversion>;
def warn_impcast_single_bit_bitield_precision_constant : Warning<
"implicit truncation from %2 to a one-bit wide bit-field changes value from "
"%0 to %1">, InGroup<SingleBitBitFieldConstantConversion>;
def warn_impcast_bitfield_precision_constant : Warning< def warn_impcast_bitfield_precision_constant : Warning<
"implicit truncation from %2 to bit-field changes value from %0 to %1">, "implicit truncation from %2 to bit-field changes value from %0 to %1">,
InGroup<BitFieldConstantConversion>; InGroup<BitFieldConstantConversion>;
def warn_impcast_constant_value_to_objc_bool : Warning< def warn_impcast_constant_value_to_objc_bool : Warning<
"implicit conversion from constant value %0 to 'BOOL'; " "implicit conversion from constant value %0 to 'BOOL'; "
"the only well defined values for 'BOOL' are YES and NO">, "the only well defined values for 'BOOL' are YES and NO">,
InGroup<ObjCBoolConstantConversion>; InGroup<ObjCBoolConstantConversion>;
▲ Show 20 LinesShow All 7,805 LinesShow Last 20 Lines

clang/lib/Sema/SemaChecking.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 13,041 Lines▼ Show 20 Lines if (!OriginalInit->EvaluateAsInt(Result, S.Context,
return false; return false;
} }
llvm::APSInt Value = Result.Val.getInt(); llvm::APSInt Value = Result.Val.getInt();
unsigned OriginalWidth = Value.getBitWidth(); unsigned OriginalWidth = Value.getBitWidth();
// In C, the macro 'true' from stdbool.h will evaluate to '1'; To reduce
// false positives where the user is demonstrating they intend to use the
// bit-field as a Boolean, check to see if the value is 1 and we're assigning
// to a one-bit bit-field to see if the value came from a macro named 'true'.
bool OneAssignedToOneBitBitfield = FieldWidth == 1 && Value == 1;
if (OneAssignedToOneBitBitfield && !S.LangOpts.CPlusPlus) {
SourceLocation MaybeMacroLoc = OriginalInit->getBeginLoc();
if (S.SourceMgr.isInSystemMacro(MaybeMacroLoc) &&
S.findMacroSpelling(MaybeMacroLoc, "true"))
return false;
}
if (!Value.isSigned() || Value.isNegative()) if (!Value.isSigned() || Value.isNegative())
if (UnaryOperator *UO = dyn_cast<UnaryOperator>(OriginalInit)) if (UnaryOperator *UO = dyn_cast<UnaryOperator>(OriginalInit))
if (UO->getOpcode() == UO_Minus || UO->getOpcode() == UO_Not) if (UO->getOpcode() == UO_Minus || UO->getOpcode() == UO_Not)
OriginalWidth = Value.getMinSignedBits(); OriginalWidth = Value.getMinSignedBits();
if (OriginalWidth <= FieldWidth) if (OriginalWidth <= FieldWidth)
return false; return false;
// Compute the value which the bitfield will contain. // Compute the value which the bitfield will contain.
llvm::APSInt TruncatedValue = Value.trunc(FieldWidth); llvm::APSInt TruncatedValue = Value.trunc(FieldWidth);
TruncatedValue.setIsSigned(BitfieldType->isSignedIntegerType()); TruncatedValue.setIsSigned(BitfieldType->isSignedIntegerType());
// Check whether the stored value is equal to the original value. // Check whether the stored value is equal to the original value.
TruncatedValue = TruncatedValue.extend(OriginalWidth); TruncatedValue = TruncatedValue.extend(OriginalWidth);
if (llvm::APSInt::isSameValue(Value, TruncatedValue)) if (llvm::APSInt::isSameValue(Value, TruncatedValue))
return false; return false;
std::string PrettyValue = toString(Value, 10); std::string PrettyValue = toString(Value, 10);
std::string PrettyTrunc = toString(TruncatedValue, 10); std::string PrettyTrunc = toString(TruncatedValue, 10);
erichkeaneUnsubmitted
Not Done
ReplyInline Actions

Might consider hoisting this line above the macro-checking, and just use it in both cases. Also, perhaps a more descriptive name? IsInvalidSignedOneBitAssignment ?

erichkeane: Might consider hoisting this line above the macro-checking, and just use it in both cases.
S.Diag(InitLoc, diag::warn_impcast_bitfield_precision_constant) S.Diag(InitLoc, OneAssignedToOneBitBitfield
? diag::warn_impcast_single_bit_bitield_precision_constant
: diag::warn_impcast_bitfield_precision_constant)
<< PrettyValue << PrettyTrunc << OriginalInit->getType() << PrettyValue << PrettyTrunc << OriginalInit->getType()
<< Init->getSourceRange(); << Init->getSourceRange();
return true; return true;
} }
/// Analyze the given simple or compound assignment for warning-worthy /// Analyze the given simple or compound assignment for warning-worthy
/// operations. /// operations.
static void AnalyzeAssignment(Sema &S, BinaryOperator *E) { static void AnalyzeAssignment(Sema &S, BinaryOperator *E) {
// Just recurse on the LHS. // Just recurse on the LHS.
▲ Show 20 LinesShow All 4,822 LinesShow Last 20 Lines

clang/test/CXX/drs/dr6xx.cpp

Show First 20 LinesShow All 905 Lines▼ Show 20 Linesnamespace dr674 { // dr674: 8
template int Y::f<>(int); template int Y::f<>(int);
template int Y::g<>(int); // expected-note {{in instantiation of}} template int Y::g<>(int); // expected-note {{in instantiation of}}
template int Y::h<>(int); template int Y::h<>(int);
} }
namespace dr675 { // dr675: dup 739 namespace dr675 { // dr675: dup 739
template<typename T> struct A { T n : 1; }; template<typename T> struct A { T n : 1; };
#if __cplusplus >= 201103L #if __cplusplus >= 201103L
static_assert(A<char>{1}.n < 0, ""); // expected-warning {{implicit truncation from 'int' to bit-field changes value from 1 to -1}} static_assert(A<char>{1}.n < 0, ""); // expected-warning {{implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1}}
static_assert(A<int>{1}.n < 0, ""); // expected-warning {{implicit truncation from 'int' to bit-field changes value from 1 to -1}} static_assert(A<int>{1}.n < 0, ""); // expected-warning {{implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1}}
static_assert(A<long long>{1}.n < 0, ""); // expected-warning {{implicit truncation from 'int' to bit-field changes value from 1 to -1}} static_assert(A<long long>{1}.n < 0, ""); // expected-warning {{implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1}}
#endif #endif
} }
// dr676: na // dr676: na
namespace dr677 { // dr677: no namespace dr677 { // dr677: no
struct A { struct A {
void *operator new(std::size_t); void *operator new(std::size_t);
▲ Show 20 LinesShow All 231 LinesShow Last 20 Lines

clang/test/Sema/constant-conversion.c

// RUN: %clang_cc1 -fsyntax-only -verify -triple x86_64-apple-darwin %s // RUN: %clang_cc1 -fsyntax-only -ffreestanding -verify=expected,one-bit -triple x86_64-apple-darwin %s
// RUN: %clang_cc1 -fsyntax-only -ffreestanding -Wno-single-bit-bitfield-constant-conversion -verify -triple x86_64-apple-darwin %s
#include <stdbool.h>
// This file tests -Wconstant-conversion, a subcategory of -Wconversion // This file tests -Wconstant-conversion, a subcategory of -Wconversion
// which is on by default. // which is on by default.
// rdar://problem/6792488 // rdar://problem/6792488
void test_6792488(void) { void test_6792488(void) {
int x = 0x3ff0000000000000U; // expected-warning {{implicit conversion from 'unsigned long' to 'int' changes value from 4607182418800017408 to 0}} int x = 0x3ff0000000000000U; // expected-warning {{implicit conversion from 'unsigned long' to 'int' changes value from 4607182418800017408 to 0}}
} }
void test_7809123(void) { void test_7809123(void) {
struct { int i5 : 5; } a; struct { int i5 : 5; } a;
a.i5 = 36; // expected-warning {{implicit truncation from 'int' to bit-field changes value from 36 to 4}} a.i5 = 36; // expected-warning {{implicit truncation from 'int' to bit-field changes value from 36 to 4}}
} }
void test(void) { void test(void) {
struct S { struct S {
int b : 1; // The only valid values are 0 and -1. int b : 1; // The only valid values are 0 and -1.
} s; } s;
s.b = -3; // expected-warning {{implicit truncation from 'int' to bit-field changes value from -3 to -1}} s.b = -3; // expected-warning {{implicit truncation from 'int' to bit-field changes value from -3 to -1}}
erichkeaneUnsubmitted
Not Done
ReplyInline Actions

Can you add a test that shows this isn't diagnosed:

s.b = true;?

Thanks to stdbool.h, this of course might have to be in the C++ test (or C23). Makes me question whether we need to do some detection to see if someone has written the above.

erichkeane: Can you add a test that shows this isn't diagnosed: `s.b = true;`? Thanks to stdbool.h, this…
s.b = -2; // expected-warning {{implicit truncation from 'int' to bit-field changes value from -2 to 0}} s.b = -2; // expected-warning {{implicit truncation from 'int' to bit-field changes value from -2 to 0}}
s.b = -1; // no-warning s.b = -1; // no-warning
s.b = 0; // no-warning s.b = 0; // no-warning
s.b = 1; // expected-warning {{implicit truncation from 'int' to bit-field changes value from 1 to -1}} s.b = 1; // one-bit-warning {{implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1}}
s.b = true; // no-warning (we suppress it manually to reduce false positives)
bjopeUnsubmitted
Not Done
ReplyInline Actions

(Sorry for being late to the party, with post commit comments. I'm just trying to understand the reasoning about always suppressing the warning based on "true".)

Isn't the code a bit suspicious when using true/false from stdbool.h, while using a signed bitfield?

When doing things like

(s.b == true) ? 1 : 0

the result would always be zero if s.b is a signed 1-bit bitfield.

So wouldn't it make more sense to actually use an unsigned bitfield (such as the bool type from stdbool.h) when the intent is to store a boolean value and using defines from stdbool.h?

Is perhaps the idea that we will get warnings about (s.b == true) being redundant in situations like this, and then we do not need a warning on the bitfield assignment? Such a reasoning would actually make some sense, since (s.b == true) never would be true even when the bitfield is assigned a non-constant value, so we can't rely on catching the problem by only looking at bitfield assignments involving true/false.

bjope: (Sorry for being late to the party, with post commit comments. I'm just trying to understand…
aaron.ballmanAuthorUnsubmitted
Done
ReplyInline Actions

Isn't the code a bit suspicious when using true/false from stdbool.h, while using a signed bitfield?

Yes and no...

When doing things like

(s.b == true) ? 1 : 0

the result would always be zero if s.b is a signed 1-bit bitfield.

You're correct, but that's a bit of a code smell because of == true.

So wouldn't it make more sense to actually use an unsigned bitfield (such as the bool type from stdbool.h) when the intent is to store a boolean value and using defines from stdbool.h?

Yes, ideally.

Is perhaps the idea that we will get warnings about (s.b == true) being redundant in situations like this, and then we do not need a warning on the bitfield assignment? Such a reasoning would actually make some sense, since (s.b == true) never would be true even when the bitfield is assigned a non-constant value, so we can't rely on catching the problem by only looking at bitfield assignments involving true/false.

The idea is more that someone using true is more likely to be treating the field as a boolean and so they won't be comparing the bit-field against a specific value, but instead testing it for its boolean value. This also unifies the behavior between C and C++: https://godbolt.org/z/WKP4xcPzT

We don't currently issue a diagnostic on == true, but that sure seems like something -Wtautological-compare should pick up on (for bit-fields in general, not just for one-bit bit-fields): https://godbolt.org/z/Tj4711Ysc

(Note, godbolt seems to have a Clang trunk that's ~8 days old, so diagnostic behavior doesn't match actual trunk yet. That caught me by surprise.)

aaron.ballman: > Isn't the code a bit suspicious when using true/false from stdbool.h, while using a signed…
bjopeUnsubmitted
Not Done
ReplyInline Actions

Ok, thanks! Sounds reasonable to me.

bjope: Ok, thanks! Sounds reasonable to me.
aaron.ballmanAuthorUnsubmitted
Done
ReplyInline Actions

Great! Thank you for the discussion! (FWIW, it's *totally* fine to give post commit feedback, so no need to apologize. You're never late to the "why does this work that way?" party.)

aaron.ballman: Great! Thank you for the discussion! (FWIW, it's *totally* fine to give post commit feedback…
s.b = false; // no-warning
s.b = 2; // expected-warning {{implicit truncation from 'int' to bit-field changes value from 2 to 0}} s.b = 2; // expected-warning {{implicit truncation from 'int' to bit-field changes value from 2 to 0}}
} }
enum Test2 { K_zero, K_one }; enum Test2 { K_zero, K_one };
enum Test2 test2(enum Test2 *t) { enum Test2 test2(enum Test2 *t) {
*t = 20; *t = 20;
return 10; // shouldn't warn return 10; // shouldn't warn
} }
▲ Show 20 LinesShow All 106 LinesShow Last 20 Lines

clang/test/SemaCXX/constant-conversion.cpp

Show All 16 Linesvoid too_big_for_char(int param) {
// expected-warning@-1 {{implicit conversion from 'int' to 'char' changes value from 99999 to -97}} // expected-warning@-1 {{implicit conversion from 'int' to 'char' changes value from 99999 to -97}}
char ok1 = true ? 0 : 99999; char ok1 = true ? 0 : 99999;
char ok2 = true ? 0 : nines(); char ok2 = true ? 0 : nines();
char ok3 = true ? 0 : 99999 + 1; char ok3 = true ? 0 : 99999 + 1;
char ok4 = true ? 0 : nines() + 1; char ok4 = true ? 0 : nines() + 1;
} }
void test_bitfield() {
struct S {
int one_bit : 1;
} s;
s.one_bit = 1; // expected-warning {{implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1}}
s.one_bit = true; // no-warning
}