[Analyzer] ConversionChecker: track back the cast expression

Gabor Marton · Gabor Marton · commit 96ec9b6ff2f0 · 2021-09-16T11:42:54.000+02:00
Adding trackExpressionValue to the checker so it tracks the value of the implicit cast's DeclRefExpression up to initialization/assignment. This way the report becomes cleaner. Differential Revision: https://reviews.llvm.org/D109836
diff --git a/clang/lib/StaticAnalyzer/Checkers/ConversionChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/ConversionChecker.cpp
@@ -49,7 +49,8 @@ class ConversionChecker : public Checker<check::PreStmt<ImplicitCastExpr>> {
 
   bool isLossOfSign(const ImplicitCastExpr *Cast, CheckerContext &C) const;
 
-  void reportBug(ExplodedNode *N, CheckerContext &C, const char Msg[]) const;
+  void reportBug(ExplodedNode *N, const Expr *E, CheckerContext &C,
+                 const char Msg[]) const;
 };
 }
 
@@ -108,20 +109,21 @@ void ConversionChecker::checkPreStmt(const ImplicitCastExpr *Cast,
     if (!N)
       return;
     if (LossOfSign)
-      reportBug(N, C, "Loss of sign in implicit conversion");
+      reportBug(N, Cast, C, "Loss of sign in implicit conversion");
     if (LossOfPrecision)
-      reportBug(N, C, "Loss of precision in implicit conversion");
+      reportBug(N, Cast, C, "Loss of precision in implicit conversion");
   }
 }
 
-void ConversionChecker::reportBug(ExplodedNode *N, CheckerContext &C,
-                                  const char Msg[]) const {
+void ConversionChecker::reportBug(ExplodedNode *N, const Expr *E,
+                                  CheckerContext &C, const char Msg[]) const {
   if (!BT)
     BT.reset(
         new BuiltinBug(this, "Conversion", "Possible loss of sign/precision."));
 
   // Generate a report for this bug.
   auto R = std::make_unique<PathSensitiveBugReport>(*BT, Msg, N);
+  bugreporter::trackExpressionValue(N, E, *R);
   C.emitReport(std::move(R));
 }
 
diff --git a/clang/test/Analysis/conversion-tracking-notes.c b/clang/test/Analysis/conversion-tracking-notes.c
@@ -0,0 +1,26 @@
+// RUN: %clang_analyze_cc1 %s \
+// RUN:   -Wno-conversion -Wno-tautological-constant-compare \
+// RUN:   -analyzer-checker=core,apiModeling,alpha.core.Conversion \
+// RUN:   -analyzer-output=text \
+// RUN:   -verify
+
+unsigned char U8;
+signed char S8;
+
+void track_assign() {
+  unsigned long L = 1000; // expected-note {{'L' initialized to 1000}}
+  int I = -1;             // expected-note {{'I' initialized to -1}}
+  U8 *= L; // expected-warning {{Loss of precision in implicit conversion}}
+           // expected-note@-1 {{Loss of precision in implicit conversion}}
+  L *= I;  // expected-warning {{Loss of sign in implicit conversion}}
+           // expected-note@-1 {{Loss of sign in implicit conversion}}
+}
+
+void track_relational(unsigned U, signed S) {
+  if (S < -10) { // expected-note    {{Taking true branch}}
+                 // expected-note@-1 {{Assuming the condition is true}}
+    if (U < S) { // expected-warning {{Loss of sign in implicit conversion}}
+                 // expected-note@-1 {{Loss of sign in implicit conversion}}
+    }
+  }
+}
diff --git a/clang/test/Analysis/conversion.c b/clang/test/Analysis/conversion.c
@@ -1,4 +1,7 @@
-// RUN: %clang_analyze_cc1 -Wno-conversion -Wno-tautological-constant-compare -analyzer-checker=core,apiModeling,alpha.core.Conversion -verify %s
+// RUN: %clang_analyze_cc1 %s \
+// RUN:   -Wno-conversion -Wno-tautological-constant-compare \
+// RUN:   -analyzer-checker=core,apiModeling,alpha.core.Conversion \
+// RUN:   -verify
 
 unsigned char U8;
 signed char S8;
