[CHERI CSA] Extend inference of increase alignment to fields other than the first field of a struct.

resistor · resistor · commit ee7ef8275151 · 2025-07-29T11:54:14.000+08:00
diff --git a/clang/lib/StaticAnalyzer/Checkers/PointerAlignmentChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/PointerAlignmentChecker.cpp
@@ -191,15 +191,22 @@ int getTrailingZerosCount(const MemRegion *R, ProgramStateRef State,
     unsigned NaturalAlign = ASTCtx.getTypeAlignInChars(PT).getQuantity();
 
     if (const FieldRegion *FR = R->getAs<FieldRegion>()) {
-      // If this is the first field of a larger struct, we can use the alignment
-      // of the containing struct try to increase the assumed alignment.
+      // If this is the a field of a larger struct, we can use the alignment
+      // of the containing struct combined with the offset to try to increase
+      // the assumed alignment.
       const RegionOffset &Offset = FR->getAsOffset();
-      if (!Offset.hasSymbolicOffset() && Offset.getOffset() == 0) {
+      if (!Offset.hasSymbolicOffset()) {
         if (const auto *Base =
                 FR->getSuperRegion()->getAs<TypedValueRegion>()) {
           auto BaseTy = Base->getValueType();
           unsigned BaseAlign = ASTCtx.getTypeAlignInChars(BaseTy).getQuantity();
-          NaturalAlign = std::max(NaturalAlign, BaseAlign);
+          uint64_t FieldOffsetBits = Offset.getOffset();
+          unsigned Offset =
+              ASTCtx.toCharUnitsFromBits(FieldOffsetBits).getQuantity();
+          unsigned OffsetAlign =
+              (Offset == 0) ? BaseAlign : (1ULL << llvm::countr_zero(Offset));
+          unsigned InferredAlign = std::min(BaseAlign, OffsetAlign);
+          NaturalAlign = std::max(NaturalAlign, InferredAlign);
         }
       }
     }
diff --git a/clang/test/Analysis/pointer-alignment.c b/clang/test/Analysis/pointer-alignment.c
@@ -207,10 +207,16 @@ void cast_and_assign(void) {
 struct __attribute__((aligned(8))) AlignedParentStruct {
     int a;
     int b;
+    int c;
+    int d;
 };
 
 void write_to_first_member(struct AlignedParentStruct *chunk) {
   // No warning because alignment of is inferred from the parent struct.
   *(long long*)(&chunk->a) = 0;
 }
 
+void write_to_second_member(struct AlignedParentStruct *chunk) {
+  // No warning because alignment of is inferred from the parent struct.
+  *(long long*)(&chunk->c) = 0;
+}
