Teach SValBuilder to handle casts of symbolic pointer values to an integer twice...

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155950 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/StaticAnalyzer/Core/SValBuilder.cpp b/lib/StaticAnalyzer/Core/SValBuilder.cpp
index c1217e1174a068b044310544fd5965f637ae8229..4ce9d09280f80ed32850f7c34fb812ed79f9d519 100644 (file)
--- a/lib/StaticAnalyzer/Core/SValBuilder.cpp
+++ b/lib/StaticAnalyzer/Core/SValBuilder.cpp
@@ -336,9 +336,12 @@ SVal SValBuilder::evalCast(SVal val, QualType castTy, QualType originalTy) {
 
   // Check for casts from a region to a specific type.
   if (const MemRegion *R = val.getAsRegion()) {
+    // Handle other casts of locations to integers.
+    if (castTy->isIntegerType())
+      return evalCastFromLoc(loc::MemRegionVal(R), castTy);
+
     // FIXME: We should handle the case where we strip off view layers to get
     //  to a desugared type.
-
     if (!Loc::isLocType(castTy)) {
       // FIXME: There can be gross cases where one casts the result of a function
       // (that returns a pointer) to some other value that happens to fit

diff --git a/test/Analysis/malloc.c b/test/Analysis/malloc.c
index c19ee3259ca98376a3b62e810a8b870eff5606df..c7ac56a3d07b2063de4b2280e9727088f3b5670c 100644 (file)
--- a/test/Analysis/malloc.c
+++ b/test/Analysis/malloc.c
@@ -839,3 +839,17 @@ void localArrayTest() {
   ArrayL[0] = p;
 }
 
+// Test double assignment through integers.
+static long glob;
+void test_double_assign_ints()
+{
+  void *ptr = malloc (16);  // no-warning
+  glob = (long)(unsigned long)ptr;
+}
+
+void test_double_assign_ints_positive()
+{
+  void *ptr = malloc(16);
+  (void*)(long)(unsigned long)ptr; // expected-warning {{unused}} expected-warning {{leak}}
+}
+