From 30d1b99e4429bc27a7801bab7be6c2c04e77a648 Mon Sep 17 00:00:00 2001
From: Ted Kremenek <kremenek@apple.com>
Date: Tue, 21 Apr 2009 23:31:46 +0000
Subject: [PATCH] This patch is largely due to Zhongxing Xu. I've simply
 applied it because of some refactoring I did recently to StoreManager.

StoreManager::CastRegion: Handle casts to void* by stripping TypedViewRegions.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@69751 91177308-0d34-0410-b5e6-96231b3b80d8
---
 lib/Analysis/Store.cpp | 42 +++++++++++++++++++++++++++++++-----------
 1 file changed, 31 insertions(+), 11 deletions(-)

diff --git a/lib/Analysis/Store.cpp b/lib/Analysis/Store.cpp
index edd353d0f2..6464c57df0 100644
--- a/lib/Analysis/Store.cpp
+++ b/lib/Analysis/Store.cpp
@@ -25,23 +25,43 @@ StoreManager::CastResult
 StoreManager::CastRegion(const GRState* state, const MemRegion* R,
                                QualType CastToTy) {
   
+  ASTContext& Ctx = StateMgr.getContext();
+
+  // We need to know the real type of CastToTy.
+  QualType ToTy = Ctx.getCanonicalType(CastToTy);
+
   // Return the same region if the region types are compatible.
   if (const TypedRegion* TR = dyn_cast<TypedRegion>(R)) {
-    ASTContext& Ctx = StateMgr.getContext();
     QualType Ta = Ctx.getCanonicalType(TR->getLValueType(Ctx));
-    QualType Tb = Ctx.getCanonicalType(CastToTy);
-    
-    if (Ta == Tb)
+
+    if (Ta == ToTy)
       return CastResult(state, R);
   }
   
-  // FIXME: We should handle the case when we are casting *back* to a
-  // previous type. For example:
-  //
-  //      void* x = ...;
-  //      char* y = (char*) x;
-  //      void* z = (void*) y; // <-- we should get the same region that is 
-  //                                  bound to 'x'
+  // Check if we are casting to 'void*'.
+  // FIXME: Handle arbitrary upcasts.
+  if (const PointerType* PTy = dyn_cast<PointerType>(ToTy.getTypePtr()))
+    if (PTy->getPointeeType()->isVoidType()) {
+
+      // Casts to void* only removes TypedViewRegion. If there is no
+      // TypedViewRegion, leave the region untouched. This happens when:
+      //
+      // void foo(void*);
+      // ...
+      // void bar() {
+      //   int x;
+      //   foo(&x);
+      // }
+
+      if (const TypedViewRegion *TR = dyn_cast<TypedViewRegion>(R))
+        R = TR->removeViews();
+      
+      return CastResult(state, R);
+    }
+
+  // FIXME: We don't want to layer region views.  Need to handle
+  // arbitrary downcasts.
+
   const MemRegion* ViewR = MRMgr.getTypedViewRegion(CastToTy, R);  
   return CastResult(AddRegionView(state, ViewR, R), ViewR);
 }
-- 
2.50.1