From ddeea3e3738081e1d58cc026188278c1b6512c8c Mon Sep 17 00:00:00 2001 From: Owen Anderson Date: Tue, 29 Jul 2025 11:35:55 +0800 Subject: [PATCH] [CHERI CSA] Disable pointer alignment checker for sealed capabilities. Sealed capabilities can't be dereferenced without unsealing, which effectively verifies that the type was dynamically correct. --- .../lib/StaticAnalyzer/Checkers/PointerAlignmentChecker.cpp | 5 +++++ clang/test/Analysis/pointer-alignment.c | 6 ++++++ 2 files changed, 11 insertions(+) diff --git a/clang/lib/StaticAnalyzer/Checkers/PointerAlignmentChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/PointerAlignmentChecker.cpp index bbe4e9e6a9243..f45cd0b121ac3 100644 --- a/clang/lib/StaticAnalyzer/Checkers/PointerAlignmentChecker.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/PointerAlignmentChecker.cpp @@ -259,6 +259,11 @@ int getTrailingZerosCount(const SVal &V, ProgramStateRef State, if (V.isUnknownOrUndef()) return -1; + // Sealed capabilities cannot be dereferenced, and any type-punning + // will be dynamically checked during unsealing. + if (V.getType(ASTCtx)->isCHERISealedCapabilityType(ASTCtx)) + return -1; + if (V.isConstant()) { if (auto LV = V.getAs()) return LV->getValue()->countTrailingZeros(); diff --git a/clang/test/Analysis/pointer-alignment.c b/clang/test/Analysis/pointer-alignment.c index 4accc82c80a49..5e6fbbb7d1f13 100644 --- a/clang/test/Analysis/pointer-alignment.c +++ b/clang/test/Analysis/pointer-alignment.c @@ -214,3 +214,9 @@ void write_to_first_member(struct AlignedParentStruct *chunk) { *(long long*)(&chunk->a) = 0; } +// ---- +long long * __sealed_capability sealed_cast(int * __sealed_capability in) { + // No warnings for sealed capabilities, since they will be effectively dynamically + // verified when unsealed. + return (long long * __sealed_capability)in; +} \ No newline at end of file