From ca00b28a47cf42fa73809dd9a91eda9ce4644dff Mon Sep 17 00:00:00 2001 From: Jordan Rose Date: Mon, 11 Jun 2012 23:20:52 +0000 Subject: [analyzer] Treat LValueBitCasts like regular pointer bit casts. These casts only appear in very well-defined circumstances, in which the target of a reinterpret_cast or a function formal parameter is an lvalue reference. According to the C++ standard, the following are equivalent: reinterpret_cast( x) *reinterpret_cast(&x) [expr.reinterpret.cast]p11 llvm-svn: 158338 --- clang/lib/StaticAnalyzer/Core/ExprEngine.cpp | 2 +- clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp | 4 ++-- clang/lib/StaticAnalyzer/Core/RegionStore.cpp | 13 +++++++++---- 3 files changed, 12 insertions(+), 7 deletions(-) (limited to 'clang/lib/StaticAnalyzer') diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp b/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp index a95f565b6c9..fb41a9384c8 100644 --- a/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp +++ b/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp @@ -1641,7 +1641,7 @@ void ExprEngine::evalLoad(ExplodedNodeSet &Dst, assert(!isa(location) && "location cannot be a NonLoc."); assert(!isa(location)); - // Are we loading from a region? This actually results in two loads; one + // Are we loading from a reference? This actually results in two loads; one // to fetch the address of the referenced value and one to fetch the // referenced value. if (const TypedValueRegion *TR = diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp b/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp index 67078600093..2e3e9f51e7d 100644 --- a/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp +++ b/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp @@ -279,6 +279,7 @@ void ExprEngine::VisitCast(const CastExpr *CastE, const Expr *Ex, case CK_Dependent: case CK_ArrayToPointerDecay: case CK_BitCast: + case CK_LValueBitCast: case CK_IntegralCast: case CK_NullToPointer: case CK_IntegralToPointer: @@ -377,8 +378,7 @@ void ExprEngine::VisitCast(const CastExpr *CastE, const Expr *Ex, case CK_UserDefinedConversion: case CK_ConstructorConversion: case CK_VectorSplat: - case CK_MemberPointerToBoolean: - case CK_LValueBitCast: { + case CK_MemberPointerToBoolean: { // Recover some path-sensitivty by conjuring a new value. QualType resultType = CastE->getType(); if (CastE->isGLValue()) diff --git a/clang/lib/StaticAnalyzer/Core/RegionStore.cpp b/clang/lib/StaticAnalyzer/Core/RegionStore.cpp index 9c00d963432..86a68a6b3a5 100644 --- a/clang/lib/StaticAnalyzer/Core/RegionStore.cpp +++ b/clang/lib/StaticAnalyzer/Core/RegionStore.cpp @@ -878,10 +878,15 @@ SVal RegionStoreManager::ArrayToPointer(Loc Array) { if (!ArrayR) return UnknownVal(); - // Strip off typedefs from the ArrayRegion's ValueType. - QualType T = ArrayR->getValueType().getDesugaredType(Ctx); - const ArrayType *AT = cast(T); - T = AT->getElementType(); + // Extract the element type from the array region's ValueType. + // Be careful about weird things happening due to user-written casts. + QualType T = ArrayR->getValueType(); + if (const ArrayType *AT = Ctx.getAsArrayType(T)) + T = AT->getElementType(); + else if (const PointerType *PT = T->getAs()) + T = PT->getPointeeType(); + else + return UnknownVal(); NonLoc ZeroIdx = svalBuilder.makeZeroArrayIndex(); return loc::MemRegionVal(MRMgr.getElementRegion(T, ZeroIdx, ArrayR, Ctx)); -- cgit v1.2.3