From: Ted Kremenek <kremenek@apple.com>
Date: Thu, 5 Mar 2009 22:47:06 +0000 (+0000)
Subject: Fix another GRExprEngine::VisitCast regression: handle casts of void* to function... 
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=5c42f9ba44094eb1a05f8d36c5479645ffbb3c7b;p=clang

Fix another GRExprEngine::VisitCast regression: handle casts of void* to function pointers.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66211 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/lib/Analysis/GRExprEngine.cpp b/lib/Analysis/GRExprEngine.cpp
index c2e898abe3..a4163bdeaf 100644
--- a/lib/Analysis/GRExprEngine.cpp
+++ b/lib/Analysis/GRExprEngine.cpp
@@ -1818,7 +1818,14 @@ void GRExprEngine::VisitCast(Expr* CastE, Expr* Ex, NodeTy* Pred, NodeSet& Dst){
     }
 
     // Check for casts from a region to a specific type.
-    if (loc::MemRegionVal *RV = dyn_cast<loc::MemRegionVal>(&V)) {
+    if (loc::MemRegionVal *RV = dyn_cast<loc::MemRegionVal>(&V)) {      
+      // FIXME: For TypedViewRegions, we should handle the case where the
+      //  underlying symbolic pointer is a function pointer or
+      //  block pointer.
+      
+      // FIXME: We should handle the case where we strip off view layers to get
+      //  to a desugared type.
+      
       assert(Loc::IsLocType(T));
       assert(Loc::IsLocType(ExTy));
 
@@ -1848,6 +1855,14 @@ void GRExprEngine::VisitCast(Expr* CastE, Expr* Ex, NodeTy* Pred, NodeSet& Dst){
       // Just pass through symbols that are function or block pointers.
       if (SymTy->isFunctionPointerType() || SymTy->isBlockPointerType())
         goto PassThrough;
+      
+      // Are we casting to a function or block pointer?
+      if (T->isFunctionPointerType() || T->isBlockPointerType()) {
+        // FIXME: We should verify that the underlying type of the symbolic 
+        // pointer is a void* (or maybe char*).  Other things are an abuse
+        // of the type system.
+        goto PassThrough;        
+      }
 
       StoreManager& StoreMgr = getStoreManager();
       const MemRegion* R =
diff --git a/test/Analysis/casts.m b/test/Analysis/casts.m
index 37b8e3d122..68de2c8ef7 100644
--- a/test/Analysis/casts.m
+++ b/test/Analysis/casts.m
@@ -4,8 +4,7 @@
 // Test function pointer casts.  Currently we track function addresses using
 // loc::FunctionVal.  Because casts can be arbitrary, do we need to model
 // functions with regions?
-
-typedef void (*MyFuncTest1)(void);
+typedef void* (*MyFuncTest1)(void);
 
 MyFuncTest1 test1_aux(void);
 void test1(void) {
@@ -14,3 +13,10 @@ void test1(void) {
   p = ((void*) test1_aux());
   if (p != ((void*) 0)) x = (*p)();
 }
+
+// Test casts from void* to function pointers.  Same issue as above:
+// should we eventually model function pointers using regions?
+void* test2(void *p) {
+  MyFuncTest1 fp = (MyFuncTest1) p;
+  return (*fp)();
+}