diff options
| -rw-r--r-- | clang/lib/Analysis/GRExprEngine.cpp | 17 | ||||
| -rw-r--r-- | clang/test/Analysis/casts.m | 10 |
2 files changed, 24 insertions, 3 deletions
diff --git a/clang/lib/Analysis/GRExprEngine.cpp b/clang/lib/Analysis/GRExprEngine.cpp index c2e898abe3b..a4163bdeaf3 100644 --- a/clang/lib/Analysis/GRExprEngine.cpp +++ b/clang/lib/Analysis/GRExprEngine.cpp @@ -1818,7 +1818,14 @@ void GRExprEngine::VisitCast(Expr* CastE, Expr* Ex, NodeTy* Pred, NodeSet& Dst){ } // Check for casts from a region to a specific type. - if (loc::MemRegionVal *RV = dyn_cast<loc::MemRegionVal>(&V)) { + if (loc::MemRegionVal *RV = dyn_cast<loc::MemRegionVal>(&V)) { + // FIXME: For TypedViewRegions, we should handle the case where the + // underlying symbolic pointer is a function pointer or + // block pointer. + + // FIXME: We should handle the case where we strip off view layers to get + // to a desugared type. + assert(Loc::IsLocType(T)); assert(Loc::IsLocType(ExTy)); @@ -1848,6 +1855,14 @@ void GRExprEngine::VisitCast(Expr* CastE, Expr* Ex, NodeTy* Pred, NodeSet& Dst){ // Just pass through symbols that are function or block pointers. if (SymTy->isFunctionPointerType() || SymTy->isBlockPointerType()) goto PassThrough; + + // Are we casting to a function or block pointer? + if (T->isFunctionPointerType() || T->isBlockPointerType()) { + // FIXME: We should verify that the underlying type of the symbolic + // pointer is a void* (or maybe char*). Other things are an abuse + // of the type system. + goto PassThrough; + } StoreManager& StoreMgr = getStoreManager(); const MemRegion* R = diff --git a/clang/test/Analysis/casts.m b/clang/test/Analysis/casts.m index 37b8e3d122b..68de2c8ef7c 100644 --- a/clang/test/Analysis/casts.m +++ b/clang/test/Analysis/casts.m @@ -4,8 +4,7 @@ // Test function pointer casts. Currently we track function addresses using // loc::FunctionVal. Because casts can be arbitrary, do we need to model // functions with regions? - -typedef void (*MyFuncTest1)(void); +typedef void* (*MyFuncTest1)(void); MyFuncTest1 test1_aux(void); void test1(void) { @@ -14,3 +13,10 @@ void test1(void) { p = ((void*) test1_aux()); if (p != ((void*) 0)) x = (*p)(); } + +// Test casts from void* to function pointers. Same issue as above: +// should we eventually model function pointers using regions? +void* test2(void *p) { + MyFuncTest1 fp = (MyFuncTest1) p; + return (*fp)(); +} |
