From: Jordan Rose Date: Sat, 8 Sep 2012 01:24:38 +0000 (+0000) Subject: [analyzer] Cast the result of a placement new-expression to the correct type. X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=9874f597ef5d5748695c88daaa9a3208f95c2032;p=clang [analyzer] Cast the result of a placement new-expression to the correct type. This is necessary because further analysis will assume that the SVal's type matches the AST type. This caused a crash when trying to perform a derived-to-base cast on a C++ object that had been new'd to be another object type. Yet another crash in PR13763. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163442 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp b/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp index 10ecb3b9a9..60c73c6296 100644 --- a/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp +++ b/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp @@ -250,7 +250,9 @@ void ExprEngine::VisitCXXNewExpr(const CXXNewExpr *CNE, ExplodedNode *Pred, if (FD && FD->isReservedGlobalPlacementOperator()) { // Non-array placement new should always return the placement location. SVal PlacementLoc = State->getSVal(CNE->getPlacementArg(0), LCtx); - State = State->BindExpr(CNE, LCtx, PlacementLoc); + SVal Result = svalBuilder.evalCast(PlacementLoc, CNE->getType(), + CNE->getPlacementArg(0)->getType()); + State = State->BindExpr(CNE, LCtx, Result); } else { State = State->BindExpr(CNE, LCtx, symVal); } diff --git a/test/Analysis/inline.cpp b/test/Analysis/inline.cpp index 6491b12c58..6c7cfc14e8 100644 --- a/test/Analysis/inline.cpp +++ b/test/Analysis/inline.cpp @@ -270,8 +270,13 @@ namespace OperatorNew { namespace VirtualWithSisterCasts { + // This entire set of tests exercises casts from sister classes and + // from classes outside the hierarchy, which can very much confuse + // code that uses DynamicTypeInfo or needs to construct CXXBaseObjectRegions. + // These examples used to cause crashes in +Asserts builds. struct Parent { virtual int foo(); + int x; }; struct A : Parent { @@ -282,20 +287,41 @@ namespace VirtualWithSisterCasts { virtual int foo(); }; + struct Grandchild : public A {}; + struct Unrelated {}; void testDowncast(Parent *b) { A *a = (A *)(void *)b; clang_analyzer_eval(a->foo() == 42); // expected-warning{{UNKNOWN}} + + a->x = 42; + clang_analyzer_eval(a->x == 42); // expected-warning{{TRUE}} } void testRelated(B *b) { A *a = (A *)(void *)b; clang_analyzer_eval(a->foo() == 42); // expected-warning{{UNKNOWN}} + + a->x = 42; + clang_analyzer_eval(a->x == 42); // expected-warning{{TRUE}} } void testUnrelated(Unrelated *b) { A *a = (A *)(void *)b; clang_analyzer_eval(a->foo() == 42); // expected-warning{{UNKNOWN}} + + a->x = 42; + clang_analyzer_eval(a->x == 42); // expected-warning{{TRUE}} + } + + void testCastViaNew(B *b) { + Grandchild *g = new (b) Grandchild(); + // FIXME: We actually now have perfect type info because of 'new'. + // This should be TRUE. + clang_analyzer_eval(g->foo() == 42); // expected-warning{{UNKNOWN}} + + g->x = 42; + clang_analyzer_eval(g->x == 42); // expected-warning{{TRUE}} } }