This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
lib/StaticAnalyzer/Checkers/
-
StaticAnalyzer/
-
Checkers/
14/16
ConversionChecker.cpp
-
test/Analysis/
-
Analysis/
2/4
conversion.c

Differential D52730

[analyzer] ConversionChecker: handle floating point
ClosedPublic

Authored by donat.nagy on Oct 1 2018, 9:53 AM.

Download Raw Diff

Details

Reviewers

NoQ
george.karpenkov
rnkovacs
baloghadamsoftware
mikhail.ramalho
xazax.hun

Commits

rG9d6c4402c667: [analyzer] ConversionChecker: handle floating point
rL347006: [analyzer] ConversionChecker: handle floating point
rC347006: [analyzer] ConversionChecker: handle floating point

Summary

Extend the alpha.core.Conversion checker to handle implicit converions
where a too large integer value is converted to a floating point type. Each
floating point type has a range where it can exactly represent all integers; we
emit a warning when the integer value is above this range. Although it is
possible to exactly represent some integers which are outside of this range
(those that are divisible by a large enough power of 2); we still report cast
involving those, because their usage may lead to bugs. (For example, if 1<<24
is stored in a float variable x, then x==x+1 holds.)

Diff Detail

Repository: rC Clang

Event Timeline

donat.nagy created this revision.Oct 1 2018, 9:53 AM

Herald added subscribers: cfe-commits, Szelethus. · View Herald TranscriptOct 1 2018, 9:53 AM

Harbormaster completed remote builds in B23310: Diff 167756.Oct 1 2018, 9:54 AM

Szelethus added inline comments.Oct 1 2018, 10:29 AM

lib/StaticAnalyzer/Checkers/ConversionChecker.cpp
176	How about `AC.getSizeType(AC.UnsignedLongLongTy))`?
test/Analysis/conversion.c
190	Need formatting.
193	This too -- how about running clang-format on this file?

Szelethus added a subscriber: whisperity.Oct 1 2018, 3:13 PM

Szelethus added inline comments.

lib/StaticAnalyzer/Checkers/ConversionChecker.cpp
176	I'm actually not too sure about this. @whisperity?

NoQ added inline comments.Oct 1 2018, 3:29 PM

lib/StaticAnalyzer/Checkers/ConversionChecker.cpp
176	Yeah, i suspect it's a host machine check (to prevent our own overflow on line 189) rather than a target machine check.

donat.nagy retitled this revision from [analysis] ConversionChecker: handle floating point to [analyzer] ConversionChecker: handle floating point.Oct 2 2018, 2:49 AM

Herald added subscribers: a.sidorin, szepet, xazax.hun. · View Herald TranscriptOct 2 2018, 2:49 AM

Szelethus added inline comments.Oct 2 2018, 3:22 AM

lib/StaticAnalyzer/Checkers/ConversionChecker.cpp
176	Oh right, thanks for clarifying that. I looked it up, and the number of bits in a `char` can be acquired from `CHAR_BITS`, maybe use that instead of hard coding 8? https://en.cppreference.com/w/c/types/limits

Fix formatting in tests; add a comment.

donat.nagy marked 6 inline comments as done.Oct 2 2018, 5:54 AM

donat.nagy added inline comments.

lib/StaticAnalyzer/Checkers/ConversionChecker.cpp
176	Yes, this is intended to be a host machine check (corresponding to the `W >= 64U` in the old version). I will add a comment to clarify this.

polite ping

Herald added a subscriber: dkrupp. · View Herald TranscriptOct 18 2018, 1:49 AM

xazax.hun added inline comments.Oct 18 2018, 2:09 AM

lib/StaticAnalyzer/Checkers/ConversionChecker.cpp
163	A link to the source of these number would be useful. How are these calculated. Also, as far as I know the current C++ standard does not require anything about how floating points are represented in an implementation. So it would be great to somehow refer to the representation used by clang rather than hardcoding these values. (Note that I am perfectly fine with warning for implementation defined behavior as the original version also warn for such in case of integers.)
171	Comment should be full sentences with a full stop at the end.
172	Do not add redundant braces when we only guard one line. It is perfectly ok when the one statements spans over multiple lines (maybe due to comments).

donat.nagy added inline comments.Oct 18 2018, 8:40 AM

lib/StaticAnalyzer/Checkers/ConversionChecker.cpp
163	I took these magic numbers from the IEEE 754 standard; I completely agree that their introduction is far from being elegant. Unfortunately it seems that referring to the representation used by clang seems to be somewhat difficult, see e.g. this old stackoverflow answer. In the Z3 solver a similar problem was solved by defining a static function (getFloatSemantics()) which uses a switch to translate the bit width of a floating point type into an llvm::fltSemantics value (which contains the precision value as a field). I could imagine three solutions: reimplementing the logic getFloatSemantics, moving getFloatSemantics to some utility library and using it from there, keeping the current code, with comments describing my assumptions and referencing the IEEE standard. Which of these is the best? Note: According to the documentation the floating point types supported by the LLVM IR are just float, double and some high precision extension types (which are handled by the `default:` branch of my code). Unfortunately, I do not know what happens to the [[ https://clang.llvm.org/docs/LanguageExtensions.html#half-precision-floating-point \| `_Float16` ]] half-width float type.

Give a reference for the significand size values of the IEEE 754 floating point types; cleanup comments and formatting.

Harbormaster completed remote builds in B23929: Diff 170169.Oct 19 2018, 2:26 AM

donat.nagy marked 2 inline comments as done.Oct 19 2018, 2:29 AM

donat.nagy added inline comments.

lib/StaticAnalyzer/Checkers/ConversionChecker.cpp
163	I updated the patch with a comment describing my assumptions, but I will implement a different solution if that would be better.

NoQ added inline comments.Oct 19 2018, 2:45 PM

lib/StaticAnalyzer/Checkers/ConversionChecker.cpp
164	Continuing the float semantics discussion on the new revision - Did you consider `llvm::APFloat`? (http://llvm.org/doxygen/classllvm_1_1APFloat.html) This looks like something that you're trying to re-implement.

donat.nagy added inline comments.Oct 24 2018, 4:56 AM

lib/StaticAnalyzer/Checkers/ConversionChecker.cpp
164	This switch statement essentially fulfills two functions: it maps QualTypes to standardized IEEE floating point types and it immediately maps the standardized IEEE types to their precision values. The difficulty is that I don't think that the first map is available as a public function in the clang libraries. This means that although a switch over the bit width of the floating point type is certainly inelegant, I cannot avoid it. The second map is available in the APFloat library (via the llvm::fltSemantics constants, which describe the standard IEEE types). However, this map is extremely stable (e.g. I don't think that the binary structure of the IEEE double type will ever change), so I think that re-implementing it is justified by the fact that it yields shorter and cleaner code. However, as I had noted previously, I am open to using the llvm::fltSemantics constants to implement this mapping. As an additional remark, my current code supports the _Float16 type, which is currently not supported by the APFloat/fltSemantics library. If we decide to use the llvm::fltSemantics constants, then we must either extend the APFloat library or apply some workarounds for this case.

NoQ added inline comments.Oct 25 2018, 1:52 PM

lib/StaticAnalyzer/Checkers/ConversionChecker.cpp
164	The difficulty is that I don't think that the first map is available as a public function in the clang libraries. This means that although a switch over the bit width of the floating point type is certainly inelegant, I cannot avoid it. `fltSemantics` are not just enum constants, they contain a lot of fancy data: static const fltSemantics semIEEEhalf = {15, -14, 11, 16}; static const fltSemantics semIEEEsingle = {127, -126, 24, 32}; static const fltSemantics semIEEEdouble = {1023, -1022, 53, 64}; static const fltSemantics semIEEEquad = {16383, -16382, 113, 128}; static const fltSemantics semX87DoubleExtended = {16383, -16382, 64, 80};

Use APFloat to determine precision of floating point type

Additionally, fix a typo in the tests.

Harbormaster completed remote builds in B24323: Diff 171678.Oct 30 2018, 5:24 AM

LGTM!
I only wonder if this should be on by default or guarded by a config option. I do not have strong feelings about any of the options though.

This revision is now accepted and ready to land.Oct 30 2018, 5:27 AM

I found a solution for determining the precision value of a floating point type. Is this acceptable?

lib/StaticAnalyzer/Checkers/ConversionChecker.cpp
164	I knew about the data members of fltSemantics, but I did not see a way to use them elegantly (although fltSemantics has sizeInBits as a member, the possible fltSemantics values are not collected into one data structure, so I could not look up the precision field). However, as I examined the APFloat.h source again, I found the function llvm::APFloat::getAllOnesValue which allows me to map bit width to semantics. While this is a somewhat indirect solution, it avoids using a switch. The `missing _Float16' problem mentioned in my previous comments was my mistake, somehow I managed to overlook semIEEEhalf.

The new addition makes perfect sense, please feel free to commit :) Eventually i guess we'll need to declare where is this checker going and what specific lint rule is this checker designed to check, document this rule, and move it to optin once it has no false positives with respect to that rule and warning messages are improved. I suspect that it would need trackNullOrUndefValue() aka trackExpressionValue() and the currently discussed constraint tracking so that to explain why does the checker thinks that the input value of the cast is constrained to be losing precision on the current path.

I only wonder if this should be on by default or guarded by a config option.

Off-by-default flags mostly make sense when the newly added feature is somehow more opt-in than the rest of the checker, and for now i don't see any indication of that. If it turns out that this part of the checker has its own specific problems, i guess we can put it behind a flag, otherwise kinda why bother?

lib/StaticAnalyzer/Checkers/ConversionChecker.cpp
158–162	Hmm, so the remaining problem is how to extract float semantics from a float `QualType`? Would `ASTContext::getFloatTypeSemantics(DestType)` make sense?
test/Analysis/conversion.c
193	Tests are often unformatted and we usually don't care. Additionally, they are almost always violating LLVM's camelCase vs. under_score conventions.

whisperity mentioned this in D53974: [clang-tidy] new check: bugprone-too-small-loop-variable.Nov 2 2018, 10:45 AM

Use ASTContext::getFloatTypeSemantics()

Harbormaster completed remote builds in B24660: Diff 172922.Nov 7 2018, 4:23 AM

donat.nagy marked an inline comment as done.Nov 7 2018, 4:23 AM

Could someone with commit rights commit this patch (if it is acceptable)? I don't have commit rights myself.

lib/StaticAnalyzer/Checkers/ConversionChecker.cpp
158–162	Thank you, that is the method I was looking for!

Szelethus added inline comments.Nov 7 2018, 5:18 AM

test/Analysis/conversion.c
193	Hmm, okay :)

In D52730#1289989, @donat.nagy wrote:

Could someone with commit rights commit this patch (if it is acceptable)? I don't have commit rights myself.

I'll do the honors. Thanks!

Herald added a subscriber: gamesh411. · View Herald TranscriptNov 15 2018, 4:39 PM

Closed by commit rC347006: [analyzer] ConversionChecker: handle floating point (authored by Szelethus). · Explain WhyNov 15 2018, 5:04 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents

Path

Size

lib/

StaticAnalyzer/

Checkers/

ConversionChecker.cpp

55 lines

test/

Analysis/

conversion.c

31 lines

Diff 174306

lib/StaticAnalyzer/Checkers/ConversionChecker.cpp

//=== ConversionChecker.cpp -------------------------------------- C++ --===//		//=== ConversionChecker.cpp -------------------------------------- C++ --===//
//		//
// The LLVM Compiler Infrastructure		// The LLVM Compiler Infrastructure
//		//
// This file is distributed under the University of Illinois Open Source		// This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details.		// License. See LICENSE.TXT for details.
//		//
//===----------------------------------------------------------------------===//		//===----------------------------------------------------------------------===//
//		//
// Check that there is no loss of sign/precision in assignments, comparisons		// Check that there is no loss of sign/precision in assignments, comparisons
// and multiplications.		// and multiplications.
//		//
// ConversionChecker uses path sensitive analysis to determine possible values		// ConversionChecker uses path sensitive analysis to determine possible values
// of expressions. A warning is reported when:		// of expressions. A warning is reported when:
// * a negative value is implicitly converted to an unsigned value in an		// * a negative value is implicitly converted to an unsigned value in an
// assignment, comparison or multiplication.		// assignment, comparison or multiplication.
// * assignment / initialization when source value is greater than the max		// * assignment / initialization when the source value is greater than the max
// value of target		// value of the target integer type
		// * assignment / initialization when the source integer is above the range
		// where the target floating point type can represent all integers
//		//
// Many compilers and tools have similar checks that are based on semantic		// Many compilers and tools have similar checks that are based on semantic
// analysis. Those checks are sound but have poor precision. ConversionChecker		// analysis. Those checks are sound but have poor precision. ConversionChecker
// is an alternative to those checks.		// is an alternative to those checks.
//		//
//===----------------------------------------------------------------------===//		//===----------------------------------------------------------------------===//
#include "ClangSACheckers.h"		#include "ClangSACheckers.h"
#include "clang/AST/ParentMap.h"		#include "clang/AST/ParentMap.h"
#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"		#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
#include "clang/StaticAnalyzer/Core/Checker.h"		#include "clang/StaticAnalyzer/Core/Checker.h"
#include "clang/StaticAnalyzer/Core/CheckerManager.h"		#include "clang/StaticAnalyzer/Core/CheckerManager.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"		#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
		#include "llvm/ADT/APFloat.h"

		#include <climits>

using namespace clang;		using namespace clang;
using namespace ento;		using namespace ento;

namespace {		namespace {
class ConversionChecker : public Checker<check::PreStmt<ImplicitCastExpr>> {		class ConversionChecker : public Checker<check::PreStmt<ImplicitCastExpr>> {
public:		public:
void checkPreStmt(const ImplicitCastExpr *Cast, CheckerContext &C) const;		void checkPreStmt(const ImplicitCastExpr *Cast, CheckerContext &C) const;

private:		private:
mutable std::unique_ptr<BuiltinBug> BT;		mutable std::unique_ptr<BuiltinBug> BT;

// Is there loss of precision
bool isLossOfPrecision(const ImplicitCastExpr *Cast, QualType DestType,		bool isLossOfPrecision(const ImplicitCastExpr *Cast, QualType DestType,
CheckerContext &C) const;		CheckerContext &C) const;

// Is there loss of sign
bool isLossOfSign(const ImplicitCastExpr *Cast, CheckerContext &C) const;		bool isLossOfSign(const ImplicitCastExpr *Cast, CheckerContext &C) const;

void reportBug(ExplodedNode *N, CheckerContext &C, const char Msg[]) const;		void reportBug(ExplodedNode *N, CheckerContext &C, const char Msg[]) const;
};		};
}		}

void ConversionChecker::checkPreStmt(const ImplicitCastExpr *Cast,		void ConversionChecker::checkPreStmt(const ImplicitCastExpr *Cast,
CheckerContext &C) const {		CheckerContext &C) const {
▲ Show 20 Lines • Show All 71 Lines • ▼ Show 20 Lines	bool ConversionChecker::isLossOfPrecision(const ImplicitCastExpr *Cast,
QualType DestType,		QualType DestType,
CheckerContext &C) const {		CheckerContext &C) const {
// Don't warn about explicit loss of precision.		// Don't warn about explicit loss of precision.
if (Cast->isEvaluatable(C.getASTContext()))		if (Cast->isEvaluatable(C.getASTContext()))
return false;		return false;

QualType SubType = Cast->IgnoreParenImpCasts()->getType();		QualType SubType = Cast->IgnoreParenImpCasts()->getType();

if (!DestType->isIntegerType() \|\| !SubType->isIntegerType())		if (!DestType->isRealType() \|\| !SubType->isIntegerType())
return false;		return false;

if (C.getASTContext().getIntWidth(DestType) >=		const bool isFloat = DestType->isFloatingType();
C.getASTContext().getIntWidth(SubType))
		const auto &AC = C.getASTContext();

		// We will find the largest RepresentsUntilExp value such that the DestType
		// can exactly represent all nonnegative integers below 2^RepresentsUntilExp.
		unsigned RepresentsUntilExp;

		if (isFloat) {
		const llvm::fltSemantics &Sema = AC.getFloatTypeSemantics(DestType);
		RepresentsUntilExp = llvm::APFloat::semanticsPrecision(Sema);
		} else {
		RepresentsUntilExp = AC.getIntWidth(DestType);
		if (RepresentsUntilExp == 1) {
		// This is just casting a number to bool, probably not a bug.
return false;		return false;
		}
		if (DestType->isSignedIntegerType())
		RepresentsUntilExp--;
		}

unsigned W = C.getASTContext().getIntWidth(DestType);		if (RepresentsUntilExp >= sizeof(unsigned long long) * CHAR_BIT) {
		NoQUnsubmitted Done Reply Inline Actions Hmm, so the remaining problem is how to extract float semantics from a float `QualType`? Would `ASTContext::getFloatTypeSemantics(DestType)` make sense? NoQ: Hmm, so the remaining problem is how to extract float semantics from a float `QualType`? Would…
		donat.nagyAuthorUnsubmitted Not Done Reply Inline Actions Thank you, that is the method I was looking for! donat.nagy: Thank you, that is the method I was looking for!
if (W == 1 \|\| W >= 64U)		// Avoid overflow in our later calculations.
		xazax.hunUnsubmitted Done Reply Inline Actions A link to the source of these number would be useful. How are these calculated. Also, as far as I know the current C++ standard does not require anything about how floating points are represented in an implementation. So it would be great to somehow refer to the representation used by clang rather than hardcoding these values. (Note that I am perfectly fine with warning for implementation defined behavior as the original version also warn for such in case of integers.) xazax.hun: A link to the source of these number would be useful. How are these calculated. Also, as far…
		donat.nagyAuthorUnsubmitted Done Reply Inline Actions I took these magic numbers from the IEEE 754 standard; I completely agree that their introduction is far from being elegant. Unfortunately it seems that referring to the representation used by clang seems to be somewhat difficult, see e.g. this old stackoverflow answer. In the Z3 solver a similar problem was solved by defining a static function (getFloatSemantics()) which uses a switch to translate the bit width of a floating point type into an llvm::fltSemantics value (which contains the precision value as a field). I could imagine three solutions: reimplementing the logic getFloatSemantics, moving getFloatSemantics to some utility library and using it from there, keeping the current code, with comments describing my assumptions and referencing the IEEE standard. Which of these is the best? Note: According to the documentation the floating point types supported by the LLVM IR are just float, double and some high precision extension types (which are handled by the `default:` branch of my code). Unfortunately, I do not know what happens to the [[ https://clang.llvm.org/docs/LanguageExtensions.html#half-precision-floating-point \| `_Float16` ]] half-width float type. donat.nagy: I took these magic numbers from the IEEE 754 standard; I completely agree that their…
		donat.nagyAuthorUnsubmitted Done Reply Inline Actions I updated the patch with a comment describing my assumptions, but I will implement a different solution if that would be better. donat.nagy: I updated the patch with a comment describing my assumptions, but I will implement a different…
return false;		return false;
		NoQUnsubmitted Done Reply Inline Actions Continuing the float semantics discussion on the new revision - Did you consider `llvm::APFloat`? (http://llvm.org/doxygen/classllvm_1_1APFloat.html) This looks like something that you're trying to re-implement. NoQ: Continuing the float semantics discussion on the new revision - Did you consider `llvm…
		donat.nagyAuthorUnsubmitted Done Reply Inline Actions This switch statement essentially fulfills two functions: it maps QualTypes to standardized IEEE floating point types and it immediately maps the standardized IEEE types to their precision values. The difficulty is that I don't think that the first map is available as a public function in the clang libraries. This means that although a switch over the bit width of the floating point type is certainly inelegant, I cannot avoid it. The second map is available in the APFloat library (via the llvm::fltSemantics constants, which describe the standard IEEE types). However, this map is extremely stable (e.g. I don't think that the binary structure of the IEEE double type will ever change), so I think that re-implementing it is justified by the fact that it yields shorter and cleaner code. However, as I had noted previously, I am open to using the llvm::fltSemantics constants to implement this mapping. As an additional remark, my current code supports the _Float16 type, which is currently not supported by the APFloat/fltSemantics library. If we decide to use the llvm::fltSemantics constants, then we must either extend the APFloat library or apply some workarounds for this case. donat.nagy: This switch statement essentially fulfills two functions: it maps QualTypes to standardized…
		NoQUnsubmitted Done Reply Inline Actions The difficulty is that I don't think that the first map is available as a public function in the clang libraries. This means that although a switch over the bit width of the floating point type is certainly inelegant, I cannot avoid it. `fltSemantics` are not just enum constants, they contain a lot of fancy data: static const fltSemantics semIEEEhalf = {15, -14, 11, 16}; static const fltSemantics semIEEEsingle = {127, -126, 24, 32}; static const fltSemantics semIEEEdouble = {1023, -1022, 53, 64}; static const fltSemantics semIEEEquad = {16383, -16382, 113, 128}; static const fltSemantics semX87DoubleExtended = {16383, -16382, 64, 80}; NoQ: > The difficulty is that I don't think that the first map is available as a public function in…
		donat.nagyAuthorUnsubmitted Not Done Reply Inline Actions I knew about the data members of fltSemantics, but I did not see a way to use them elegantly (although fltSemantics has sizeInBits as a member, the possible fltSemantics values are not collected into one data structure, so I could not look up the precision field). However, as I examined the APFloat.h source again, I found the function llvm::APFloat::getAllOnesValue which allows me to map bit width to semantics. While this is a somewhat indirect solution, it avoids using a switch. The `missing _Float16' problem mentioned in my previous comments was my mistake, somehow I managed to overlook semIEEEhalf. donat.nagy: I knew about the data members of fltSemantics, but I did not see a way to use them elegantly…
		}

unsigned long long MaxVal = 1ULL << W;		unsigned CorrectedSrcWidth = AC.getIntWidth(SubType);
		if (SubType->isSignedIntegerType())
		CorrectedSrcWidth--;

		if (RepresentsUntilExp >= CorrectedSrcWidth) {
		xazax.hunUnsubmitted Done Reply Inline Actions Comment should be full sentences with a full stop at the end. xazax.hun: Comment should be full sentences with a full stop at the end.
		// Simple case: the destination can store all values of the source type.
		xazax.hunUnsubmitted Done Reply Inline Actions Do not add redundant braces when we only guard one line. It is perfectly ok when the one statements spans over multiple lines (maybe due to comments). xazax.hun: Do not add redundant braces when we only guard one line. It is perfectly ok when the one…
		return false;
		}

		unsigned long long MaxVal = 1ULL << RepresentsUntilExp;
		SzelethusUnsubmitted Done Reply Inline Actions How about `AC.getSizeType(AC.UnsignedLongLongTy))`? Szelethus: How about `AC.getSizeType(AC.UnsignedLongLongTy))`?
		SzelethusUnsubmitted Done Reply Inline Actions I'm actually not too sure about this. @whisperity? Szelethus: I'm actually not too sure about this. @whisperity?
		NoQUnsubmitted Done Reply Inline Actions Yeah, i suspect it's a host machine check (to prevent our own overflow on line 189) rather than a target machine check. NoQ: Yeah, i suspect it's a host machine check (to prevent our own overflow on line 189) rather than…
		donat.nagyAuthorUnsubmitted Done Reply Inline Actions Yes, this is intended to be a host machine check (corresponding to the `W >= 64U` in the old version). I will add a comment to clarify this. donat.nagy: Yes, this is intended to be a host machine check (corresponding to the `W >= 64U` in the old…
		SzelethusUnsubmitted Done Reply Inline Actions Oh right, thanks for clarifying that. I looked it up, and the number of bits in a `char` can be acquired from `CHAR_BITS`, maybe use that instead of hard coding 8? https://en.cppreference.com/w/c/types/limits Szelethus: Oh right, thanks for clarifying that. I looked it up, and the number of bits in a `char` can be…
		if (isFloat) {
		// If this is a floating point type, it can also represent MaxVal exactly.
		MaxVal++;
		}
return C.isGreaterOrEqual(Cast->getSubExpr(), MaxVal);		return C.isGreaterOrEqual(Cast->getSubExpr(), MaxVal);
		// TODO: maybe also check negative values with too large magnitude.
}		}

bool ConversionChecker::isLossOfSign(const ImplicitCastExpr *Cast,		bool ConversionChecker::isLossOfSign(const ImplicitCastExpr *Cast,
CheckerContext &C) const {		CheckerContext &C) const {
QualType CastType = Cast->getType();		QualType CastType = Cast->getType();
QualType SubType = Cast->IgnoreParenImpCasts()->getType();		QualType SubType = Cast->IgnoreParenImpCasts()->getType();

if (!CastType->isUnsignedIntegerType() \|\| !SubType->isSignedIntegerType())		if (!CastType->isUnsignedIntegerType() \|\| !SubType->isSignedIntegerType())
return false;		return false;

return C.isNegative(Cast->getSubExpr());		return C.isNegative(Cast->getSubExpr());
}		}

void ento::registerConversionChecker(CheckerManager &mgr) {		void ento::registerConversionChecker(CheckerManager &mgr) {
mgr.registerChecker<ConversionChecker>();		mgr.registerChecker<ConversionChecker>();
}		}

test/Analysis/conversion.c

	Show First 20 Lines • Show All 131 Lines • ▼ Show 20 Lines
	// don't warn for calculations			// don't warn for calculations
	// seen some fp. For instance: c2 = (c2 >= 'A' && c2 <= 'Z') ? c2 - 'A' + 'a' : c2;			// seen some fp. For instance: c2 = (c2 >= 'A' && c2 <= 'Z') ? c2 - 'A' + 'a' : c2;
	// there is a todo in the checker to handle calculations			// there is a todo in the checker to handle calculations
	void dontwarn5() {			void dontwarn5() {
	signed S = -32;			signed S = -32;
	U8 = S + 10;			U8 = S + 10;
	}			}

				char dontwarn6(long long x) {
				long long y = 42;
				y += x;
				return y == 42;
				}


	// C library functions, handled via apiModeling.StdCLibraryFunctions			// C library functions, handled via apiModeling.StdCLibraryFunctions

	int isascii(int c);			int isascii(int c);
	void libraryFunction1() {			void libraryFunction1() {
	char kb2[5];			char kb2[5];
	int X = 1000;			int X = 1000;
	if (isascii(X)) {			if (isascii(X)) {
	kb2[0] = X; // no-warning			kb2[0] = X; // no-warning
	}			}
	}			}


	typedef struct FILE {} FILE; int getc(FILE *stream);			typedef struct FILE {} FILE; int getc(FILE *stream);
	# define EOF (-1)			# define EOF (-1)
	char reply_string[8192];			char reply_string[8192];
	FILE *cin;			FILE *cin;
	extern int dostuff (void);			extern int dostuff(void);
	int libraryFunction2() {			int libraryFunction2() {
	int c, n;			int c, n;
	int dig;			int dig;
	char *cp = reply_string;			char *cp = reply_string;
	int pflag = 0;			int pflag = 0;
	int code;			int code;

	for (;;) {			for (;;) {
	dig = n = code = 0;			dig = n = code = 0;
	while ((c = getc(cin)) != '\n') {			while ((c = getc(cin)) != '\n') {
	if (dig < 4 && dostuff())			if (dig < 4 && dostuff())
	code = code * 10 + (c - '0');			code = code * 10 + (c - '0');
	if (!pflag && code == 227)			if (!pflag && code == 227)
	pflag = 1;			pflag = 1;
	if (n == 0)			if (n == 0)
	n = c;			n = c;
	if (c == EOF)			if (c == EOF)
	return(4);			return(4);
	if (cp < &reply_string[sizeof(reply_string) - 1])			if (cp < &reply_string[sizeof(reply_string) - 1])
	*cp++ = c; // no-warning			*cp++ = c; // no-warning
	}			}
	}			}
	}			}

				double floating_point(long long a, int b) {
				if (a > 1LL << 55) {
				double r = a; // expected-warning {{Loss of precision}}
				SzelethusUnsubmitted Done Reply Inline Actions Need formatting. Szelethus: Need formatting.
				return r;
				} else if (b > 1 << 25) {
				float f = b; // expected-warning {{Loss of precision}}
				SzelethusUnsubmitted Done Reply Inline Actions This too -- how about running clang-format on this file? Szelethus: This too -- how about running clang-format on this file?
				NoQUnsubmitted Not Done Reply Inline Actions Tests are often unformatted and we usually don't care. Additionally, they are almost always violating LLVM's camelCase vs. under_score conventions. NoQ: Tests are often unformatted and we usually don't care. Additionally, they are almost always…
				SzelethusUnsubmitted Not Done Reply Inline Actions Hmm, okay :) Szelethus: Hmm, okay :)
				return f;
				}
				return 137;
				}

				double floating_point2() {
				int a = 1 << 24;
				long long b = 1LL << 53;
				float f = a; // no-warning
				double d = b; // no-warning
				return d - f;
				}

				int floating_point_3(unsigned long long a) {
				double b = a; // no-warning
				return 42;
				}