granicus.if.org Git - clang/commit

author	Artem Dergachev <artem.dergachev@gmail.com>
	Tue, 27 Feb 2018 20:54:40 +0000 (20:54 +0000)
committer	Artem Dergachev <artem.dergachev@gmail.com>
	Tue, 27 Feb 2018 20:54:40 +0000 (20:54 +0000)
commit	e11b115b52b525756931b0d7f125a28166702791
tree	2cfe5ca2140bbb054114e2d72d940ca27ea446df	tree \| snapshot
parent	9b8c64d519e6da48b31adb9a286661c8f4b6f096	commit \| diff

[analyzer] Don't crash when dynamic type of a variable is set via placement new.

If a variable or an otherwise a concrete typed-value region is being
placement-new'ed into, its dynamic type may change in arbitrary manners. And
when the region is used, there may be a third type that's different from both
the static and the dynamic type. It cannot be *completely* different from the
dynamic type, but it may be a base class of the dynamic type - and in this case
there isn't (and shouldn't be) any indication anywhere in the AST that there is
a derived-to-base cast from the dynamic type to the third type.

Perform a generic cast (evalCast()) from the third type to the dynamic type
in this case. From the point of view of the SVal hierarchy, this would have
produced non-canonical SVals if we used such generic cast in the normal case,
but in this case there doesn't seem to be a better option.

Differential Revision: https://reviews.llvm.org/D43659

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@326245 91177308-0d34-0410-b5e6-96231b3b80d8

lib/StaticAnalyzer/Core/CallEvent.cpp		diff \| blob \| history
test/Analysis/new-dynamic-types.cpp	[new file with mode: 0644]	blob