__builtin_constant_p: properly test, fix behaviour

tautschnig · tautschnig · commit 0846117afdf3 · 2025-07-29T15:45:03.000Z
We previously only compile-time tested what required a run-time check of
assertions, so move this to the "cbmc" regression test suite. Also,
extend it by behaviour that distinguishes it from actual C-standard
specified constant expressions. Finally, fix the behaviour for string
literals.
diff --git a/regression/ansi-c/gcc_builtin_constant_p1/main.c b/regression/ansi-c/gcc_builtin_constant_p1/main.c
diff --git a/regression/cbmc/gcc_builtin_constant_p1/main.c b/regression/cbmc/gcc_builtin_constant_p1/main.c
@@ -0,0 +1,47 @@
+#include <assert.h>
+
+#ifdef __GNUC__
+enum
+{
+  E1 = 1
+} var;
+
+struct whatnot
+{
+} whatnot_var;
+#endif
+
+int main()
+{
+  // this is gcc only
+
+#ifdef __GNUC__
+  assert(__builtin_constant_p("some string"));
+  assert(__builtin_constant_p(1.0f));
+  assert(__builtin_constant_p(E1));
+  assert(!__builtin_constant_p(var));
+  assert(!__builtin_constant_p(main));
+  assert(!__builtin_constant_p(whatnot_var));
+  assert(!__builtin_constant_p(&var));
+  assert(__builtin_constant_p(__builtin_constant_p(var)));
+
+  // The following are not constant expressions in the sense of the C standard
+  // and GCC wouldn't deem them constant expressions either, but they are
+  // subject to GCC's constant folding. See also regression test ansi-c/sizeof6.
+  // Clang's behaviour, however, is somewhat different. See
+  // https://github.com/llvm/llvm-project/issues/55946 for further examples of
+  // where they differ.
+  int j;
+#  ifndef __clang__
+  assert(__builtin_constant_p(j * 0));
+  assert(__builtin_constant_p(j - j));
+  assert(__builtin_constant_p(j ? 0ll : 0ll));
+#  endif
+  assert(__builtin_constant_p(0 ? j : 0ll));
+
+  // side-effects are _not_ evaluated
+  int i = 0;
+  assert(!__builtin_constant_p(i++));
+  assert(i == 0);
+#endif
+}
diff --git a/regression/cbmc/gcc_builtin_constant_p1/test.desc b/regression/cbmc/gcc_builtin_constant_p1/test.desc
@@ -1,6 +1,7 @@
-CORE gcc-only broken-test-c++-front-end
+CORE
 main.c
 
+^VERIFICATION SUCCESSFUL$
 ^EXIT=0$
 ^SIGNAL=0$
 --
diff --git a/src/ansi-c/c_typecheck_expr.cpp b/src/ansi-c/c_typecheck_expr.cpp
@@ -65,14 +65,14 @@ class is_compile_time_constantt
 
   /// This function determines what expressions are to be propagated as
   /// "constants"
-  bool is_constant(const exprt &e) const
+  virtual bool is_constant(const exprt &e) const
   {
     // non-standard numeric constant
     if(e.id() == ID_infinity)
       return true;
 
     // numeric, character, or pointer-typed constant
-    if(e.is_constant())
+    if(e.is_constant() || e.id() == ID_string_constant)
       return true;
 
     // possibly an address constant
@@ -137,6 +137,54 @@ class is_compile_time_constantt
   }
 };
 
+/// Clang appears to have a somewhat different idea of what is/isn't to be
+/// considered a constant at compile time.
+class clang_is_constant_foldedt : public is_compile_time_constantt
+{
+public:
+  explicit clang_is_constant_foldedt(const namespacet &ns)
+    : is_compile_time_constantt(ns)
+  {
+  }
+
+protected:
+  /// This function determines what expressions are constant folded by clang
+  bool is_constant(const exprt &e) const override
+  {
+    // we need to adhere to short-circuit semantics for the following
+    if(e.id() == ID_if)
+    {
+      const if_exprt &if_expr = to_if_expr(e);
+      if(!is_constant(if_expr.cond()))
+        return false;
+      exprt const_cond = simplify_expr(if_expr.cond(), ns);
+      CHECK_RETURN(const_cond.is_constant());
+      if(const_cond.is_true())
+        return is_constant(if_expr.true_case());
+      else
+        return is_constant(if_expr.false_case());
+    }
+    else if(e.id() == ID_and || e.id() == ID_or)
+    {
+      for(const auto &op : e.operands())
+      {
+        if(!is_constant(op))
+          return false;
+        exprt const_cond = simplify_expr(op, ns);
+        CHECK_RETURN(const_cond.is_constant());
+        // stop when we hit false (for an and) or true (for an or)
+        if(const_cond == make_boolean_expr(e.id() == ID_or))
+          break;
+      }
+      return true;
+    }
+    else if(e.id() == ID_address_of)
+      return false;
+    else
+      return is_compile_time_constantt::is_constant(e);
+  }
+};
+
 void c_typecheck_baset::typecheck_expr(exprt &expr)
 {
   if(expr.id()==ID_already_typechecked)
@@ -3789,39 +3837,47 @@ exprt c_typecheck_baset::do_special_functions(
   }
   else if(identifier=="__builtin_constant_p")
   {
-    // this is a gcc extension to tell whether the argument
-    // is known to be a compile-time constant
+    // This is a gcc/clang extension to tell whether the argument
+    // is known to be a compile-time constant. The behavior of these two
+    // compiler families, however, is quite different, which we need to take
+    // care of in the below config-dependent branches.
+
     if(expr.arguments().size()!=1)
     {
       error().source_location = f_op.source_location();
       error() << "__builtin_constant_p expects one argument" << eom;
       throw 0;
     }
 
-    // do not typecheck the argument - it is never evaluated, and thus side
-    // effects must not show up either
-
-    // try to produce constant
-    exprt tmp1=expr.arguments().front();
-    simplify(tmp1, *this);
-
-    bool is_constant=false;
-
-    // Need to do some special treatment for string literals,
-    // which are (void *)&("lit"[0])
-    if(
-      tmp1.id() == ID_typecast &&
-      to_typecast_expr(tmp1).op().id() == ID_address_of &&
-      to_address_of_expr(to_typecast_expr(tmp1).op()).object().id() ==
-        ID_index &&
-      to_index_expr(to_address_of_expr(to_typecast_expr(tmp1).op()).object())
-          .array()
-          .id() == ID_string_constant)
+    bool is_constant = false;
+    if(config.ansi_c.mode == configt::ansi_ct::flavourt::CLANG)
     {
-      is_constant=true;
+      is_constant = clang_is_constant_foldedt(*this)(expr.arguments().front());
     }
     else
-      is_constant=tmp1.is_constant();
+    {
+      // try to produce constant
+      exprt tmp1 = expr.arguments().front();
+      simplify(tmp1, *this);
+
+      // Need to do some special treatment for string literals,
+      // which are (void *)&("lit"[0])
+      if(
+        tmp1.id() == ID_typecast &&
+        to_typecast_expr(tmp1).op().id() == ID_address_of &&
+        to_address_of_expr(to_typecast_expr(tmp1).op()).object().id() ==
+          ID_index &&
+        to_index_expr(to_address_of_expr(to_typecast_expr(tmp1).op()).object())
+            .array()
+            .id() == ID_string_constant)
+      {
+        is_constant = true;
+      }
+      else if(tmp1.id() == ID_string_constant)
+        is_constant = true;
+      else
+        is_constant = tmp1.is_constant();
+    }
 
     exprt tmp2=from_integer(is_constant, expr.type());
     tmp2.add_source_location()=source_location;
