}
else {
SVal V = state->getSVal(cast<Loc>(location), Ex->getType());
+
+ // Casts can create weird scenarios where a location must be implicitly
+ // converted to something else. For example:
+ //
+ // void *x;
+ // int *y = (int*) &x; // void** -> int* cast.
+ // invalidate(y); // 'x' now binds to a symbolic region
+ // int z = *y;
+ //
+ if (isa<Loc>(V) && !Loc::IsLocType(Ex->getType())) {
+ V = EvalCast(V, Ex->getType());
+ }
+
MakeNode(Dst, Ex, Pred, state->bindExpr(Ex, V), K, tag);
}
}
return;
}
+// RegionStoreManager previously crashed on this example. The problem is that
+// the value bound to the field of b->grue after the call to testB_aux is
+// a symbolic region. The second '*__gruep__' involves performing a load
+// from a 'int*' that really is a 'void**'. The loaded location must be
+// implicitly converted to an integer that wraps a location. Previosly we would
+// get a crash here due to an assertion failure.
+typedef struct _BStruct { void *grue; } BStruct;
+void testB_aux(void *ptr);
+void testB(BStruct *b) {
+ {
+ int *__gruep__ = ((int *)&((b)->grue));
+ int __gruev__ = *__gruep__;
+ testB_aux(__gruep__);
+ }
+ {
+ int *__gruep__ = ((int *)&((b)->grue));
+ int __gruev__ = *__gruep__;
+ if (~0 != __gruev__) {}
+ }
+}
+
projects / clang / commitdiff