[cfe-commits] r155950 - in /cfe/trunk: lib/StaticAnalyzer/Core/SValBuilder.cpp test/Analysis/malloc.c

Ted Kremenek kremenek at apple.com
Tue May 1 14:58:29 PDT 2012 

Author: kremenek
Date: Tue May  1 16:58:29 2012
New Revision: 155950

URL: http://llvm.org/viewvc/llvm-project?rev=155950&view=rev
Log:
Teach SValBuilder to handle casts of symbolic pointer values to an integer twice.  Fixes <rdar://problem/11212866>.

Modified:
    cfe/trunk/lib/StaticAnalyzer/Core/SValBuilder.cpp
    cfe/trunk/test/Analysis/malloc.c

Modified: cfe/trunk/lib/StaticAnalyzer/Core/SValBuilder.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/SValBuilder.cpp?rev=155950&r1=155949&r2=155950&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/SValBuilder.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Core/SValBuilder.cpp Tue May  1 16:58:29 2012
@@ -336,9 +336,12 @@
 
   // Check for casts from a region to a specific type.
   if (const MemRegion *R = val.getAsRegion()) {
+    // Handle other casts of locations to integers.
+    if (castTy->isIntegerType())
+      return evalCastFromLoc(loc::MemRegionVal(R), castTy);
+
     // FIXME: We should handle the case where we strip off view layers to get
     //  to a desugared type.
-
     if (!Loc::isLocType(castTy)) {
       // FIXME: There can be gross cases where one casts the result of a function
       // (that returns a pointer) to some other value that happens to fit

Modified: cfe/trunk/test/Analysis/malloc.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/malloc.c?rev=155950&r1=155949&r2=155950&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/malloc.c (original)
+++ cfe/trunk/test/Analysis/malloc.c Tue May  1 16:58:29 2012
@@ -839,3 +839,17 @@
   ArrayL[0] = p;
 }
 
+// Test double assignment through integers.
+static long glob;
+void test_double_assign_ints()
+{
+  void *ptr = malloc (16);  // no-warning
+  glob = (long)(unsigned long)ptr;
+}
+
+void test_double_assign_ints_positive()
+{
+  void *ptr = malloc(16);
+  (void*)(long)(unsigned long)ptr; // expected-warning {{unused}} expected-warning {{leak}}
+}
+

More information about the cfe-commits mailing list