Fix type checking of ?: when one operand is void*

tautschnig · tautschnig · commit 01572811aabb · 2016-06-21T18:01:21.000Z
The C standard requires that types are compatible. For the case of void* vs. some other pointer type, GCC uses the other pointer type if, and only if, the void* operand is NULL. Fixes #134
diff --git a/regression/ansi-c/gcc_builtins2/test.desc b/regression/ansi-c/gcc_builtins2/test.desc
@@ -1,4 +1,4 @@
-KNOWNBUG
+CORE
 main.c
 
 ^EXIT=0$
diff --git a/regression/ansi-c/gcc_builtins5/main.c b/regression/ansi-c/gcc_builtins5/main.c
@@ -0,0 +1,56 @@
+typedef unsigned long int uintptr_t;
+typedef unsigned long int uint64_t;
+typedef long int __intptr_t;
+
+typedef struct
+{
+  uintptr_t stack_guard;
+} tcbhead_t;
+
+struct pthread
+{
+  union
+  {
+    tcbhead_t header;
+  };
+};
+
+#define STATIC_ASSERT(a) int __dummy__[(a)?1:-1]
+
+int main()
+{
+  uintptr_t stack_chk_guard;
+  STATIC_ASSERT(!(__builtin_classify_type ((__typeof__ (stack_chk_guard)) 0) == 5));
+
+  __typeof__((__typeof__ (
+                0 ?
+                (__typeof__ (
+                    (__typeof__ (stack_chk_guard)) 0) *) 0 :
+                (void *) (
+                  (__builtin_classify_type (
+                      (__typeof__ (stack_chk_guard)) 0) == 5))
+                )) 0) p1;
+  if(*p1<0)
+    return 0;
+
+  asm volatile ("movq %q0,%%fs:%P1" : :
+  "ir" ((uint64_t) (
+      (__typeof__ (
+          *(0 ?
+            (__typeof__ (
+                0 ?
+                (__typeof__ (
+                    (__typeof__ (stack_chk_guard)) 0) *) 0 :
+                (void *) (
+                  (__builtin_classify_type (
+                      (__typeof__ (stack_chk_guard)) 0) == 5))
+                )) 0 :
+            (__typeof__ (
+                0 ?
+                (__intptr_t *) 0 :
+                (void *) (
+                  !((__builtin_classify_type ((__typeof__ (stack_chk_guard)) 0) == 5))
+                  ))
+              ) 0))) (stack_chk_guard))),
+  "i" (__builtin_offsetof (struct pthread, header.stack_guard)));
+}
diff --git a/regression/ansi-c/gcc_builtins5/test.desc b/regression/ansi-c/gcc_builtins5/test.desc
@@ -0,0 +1,8 @@
+CORE
+main.c
+
+^EXIT=0$
+^SIGNAL=0$
+--
+^warning: ignoring
+^CONVERSION ERROR$
diff --git a/src/ansi-c/c_typecast.cpp b/src/ansi-c/c_typecast.cpp
@@ -794,6 +794,9 @@ void c_typecastt::implicit_typecast_arithmetic(
   implicit_typecast_arithmetic(expr1, max_type);
   implicit_typecast_arithmetic(expr2, max_type);
 
+  // arithmetic typecasts only, otherwise this can't be used from
+  // typecheck_expr_trinary
+  #if 0
   if(max_type==PTR)
   {
     if(c_type1==VOIDPTR)
@@ -802,6 +805,7 @@ void c_typecastt::implicit_typecast_arithmetic(
     if(c_type2==VOIDPTR)
       do_typecast(expr2, expr1.type());
   }
+  #endif
 }
 
 /*******************************************************************\
diff --git a/src/ansi-c/c_typecheck_expr.cpp b/src/ansi-c/c_typecheck_expr.cpp
@@ -1762,10 +1762,18 @@ void c_typecheck_baset::typecheck_expr_trinary(if_exprt &expr)
      operands[2].type().id()==ID_pointer &&
      operands[1].type()!=operands[2].type())
   {
-    // is one of them void *? Convert that to the other.
-    if(operands[1].type().subtype().id()==ID_empty)
+    exprt tmp1=simplify_expr(operands[1], *this);
+    exprt tmp2=simplify_expr(operands[2], *this);
+
+    // is one of them void * AND null? Convert that to the other.
+    // (at least that's how GCC behaves)
+    if(operands[1].type().subtype().id()==ID_empty &&
+       tmp1.is_constant() &&
+       to_constant_expr(tmp1).get_value()==ID_NULL)
       implicit_typecast(operands[1], operands[2].type());
-    else if(operands[2].type().subtype().id()==ID_empty)
+    else if(operands[2].type().subtype().id()==ID_empty &&
+            tmp2.is_constant() &&
+            to_constant_expr(tmp2).get_value()==ID_NULL)
       implicit_typecast(operands[2], operands[1].type());
     else if(operands[1].type().subtype().id()!=ID_code ||
             operands[2].type().subtype().id()!=ID_code)
diff --git a/src/util/simplify_expr.cpp b/src/util/simplify_expr.cpp
@@ -534,6 +534,14 @@ bool simplify_exprt::simplify_typecast(exprt &expr)
           return false;
         }
       }
+      else if(expr_type_id==ID_pointer &&
+              operand.is_false() &&
+              config.ansi_c.NULL_is_zero)
+      {
+        expr=gen_zero(expr_type);
+        assert(expr.is_not_nil());
+        return false;
+      }
     }
     else if(op_type_id==ID_unsignedbv ||
             op_type_id==ID_signedbv ||

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-KNOWNBUG`
	`1`	`+CORE`
`2`	`2`	`main.c`
`3`	`3`
`4`	`4`	`^EXIT=0$`
Original file line number	Diff line number	Diff line change
`@@ -794,6 +794,9 @@ void c_typecastt::implicit_typecast_arithmetic(`
`794`	`794`	`implicit_typecast_arithmetic(expr1, max_type);`
`795`	`795`	`implicit_typecast_arithmetic(expr2, max_type);`
`796`	`796`
	`797`	`+ // arithmetic typecasts only, otherwise this can't be used from`
	`798`	`+ // typecheck_expr_trinary`
	`799`	`+ #if 0`
`797`	`800`	`if(max_type==PTR)`
`798`	`801`	`{`
`799`	`802`	`if(c_type1==VOIDPTR)`
`@@ -802,6 +805,7 @@ void c_typecastt::implicit_typecast_arithmetic(`
`802`	`805`	`if(c_type2==VOIDPTR)`
`803`	`806`	`do_typecast(expr2, expr1.type());`
`804`	`807`	`}`
	`808`	`+ #endif`
`805`	`809`	`}`
`806`	`810`
`807`	`811`	`/*******************************************************************\`
Original file line number	Diff line number	Diff line change
`@@ -534,6 +534,14 @@ bool simplify_exprt::simplify_typecast(exprt &expr)`
`534`	`534`	`return false;`
`535`	`535`	`}`
`536`	`536`	`}`
	`537`	`+ else if(expr_type_id==ID_pointer &&`
	`538`	`+ operand.is_false() &&`
	`539`	`+ config.ansi_c.NULL_is_zero)`
	`540`	`+ {`
	`541`	`+ expr=gen_zero(expr_type);`
	`542`	`+ assert(expr.is_not_nil());`
	`543`	`+ return false;`
	`544`	`+ }`
`537`	`545`	`}`
`538`	`546`	`else if(op_type_id==ID_unsignedbv \|\|`
`539`	`547`	`op_type_id==ID_signedbv \|\|`