From 3056439bb175db8c46b89fb4385de8b3a8e42d0d Mon Sep 17 00:00:00 2001 From: Anna Zaks Date: Tue, 28 May 2013 22:32:08 +0000 Subject: [PATCH] [analyzer] Re-enable reasoning about CK_LValueBitCast MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit It’s important for us to reason about the cast as it is used in std::addressof. The reason we did not handle the cast previously was a crash on a test case (see commit r157478). The crash was in processing array to pointer decay when the region type was not an array. Address the issue, by just returning an unknown in that case. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@182808 91177308-0d34-0410-b5e6-96231b3b80d8 --- lib/StaticAnalyzer/Core/ExprEngineC.cpp | 6 +++--- lib/StaticAnalyzer/Core/RegionStore.cpp | 5 ++++- test/Analysis/reinterpret-cast.cpp | 17 +++++++++++++++++ 3 files changed, 24 insertions(+), 4 deletions(-) diff --git a/lib/StaticAnalyzer/Core/ExprEngineC.cpp b/lib/StaticAnalyzer/Core/ExprEngineC.cpp index 67aeab6003..8487267592 100644 --- a/lib/StaticAnalyzer/Core/ExprEngineC.cpp +++ b/lib/StaticAnalyzer/Core/ExprEngineC.cpp @@ -309,7 +309,8 @@ void ExprEngine::VisitCast(const CastExpr *CastE, const Expr *Ex, case CK_BlockPointerToObjCPointerCast: case CK_AnyPointerToBlockPointerCast: case CK_ObjCObjectLValueCast: - case CK_ZeroToOCLEvent: { + case CK_ZeroToOCLEvent: + case CK_LValueBitCast: { // Delegate to SValBuilder to process. SVal V = state->getSVal(Ex, LCtx); V = svalBuilder.evalCast(V, T, ExTy); @@ -381,8 +382,7 @@ void ExprEngine::VisitCast(const CastExpr *CastE, const Expr *Ex, case CK_BaseToDerivedMemberPointer: case CK_DerivedToBaseMemberPointer: case CK_ReinterpretMemberPointer: - case CK_VectorSplat: - case CK_LValueBitCast: { + case CK_VectorSplat: { // Recover some path-sensitivty by conjuring a new value. QualType resultType = CastE->getType(); if (CastE->isGLValue()) diff --git a/lib/StaticAnalyzer/Core/RegionStore.cpp b/lib/StaticAnalyzer/Core/RegionStore.cpp index 88c4eee4bb..729fc009fe 100644 --- a/lib/StaticAnalyzer/Core/RegionStore.cpp +++ b/lib/StaticAnalyzer/Core/RegionStore.cpp @@ -1262,7 +1262,10 @@ SVal RegionStoreManager::ArrayToPointer(Loc Array) { // Strip off typedefs from the ArrayRegion's ValueType. QualType T = ArrayR->getValueType().getDesugaredType(Ctx); - const ArrayType *AT = cast(T); + const ArrayType *AT = dyn_cast(T); + if (!AT) + return UnknownVal(); + T = AT->getElementType(); NonLoc ZeroIdx = svalBuilder.makeZeroArrayIndex(); diff --git a/test/Analysis/reinterpret-cast.cpp b/test/Analysis/reinterpret-cast.cpp index 59e6a539a1..cb7cbfd325 100644 --- a/test/Analysis/reinterpret-cast.cpp +++ b/test/Analysis/reinterpret-cast.cpp @@ -86,3 +86,20 @@ namespace PR15345 { clang_analyzer_eval(p->x == 42); // expected-warning{{TRUE}} }; } + +int trackpointer_std_addressof() { + int x; + int *p = (int*)&reinterpret_cast(x); + *p = 6; + return x; // no warning +} + +void set_x1(int *&); +void set_x2(void *&); +int radar_13146953(void) { + int *x = 0, *y = 0; + + set_x1(x); + set_x2((void *&)y); + return *x + *y; // no warning +} \ No newline at end of file -- 2.40.0