[cfe-commits] r66187 - in /cfe/trunk: lib/Analysis/GRExprEngine.cpp test/Analysis/casts.m
Ted Kremenek
kremenek at apple.com
Thu Mar 5 12:22:13 PST 2009
Author: kremenek
Date: Thu Mar 5 14:22:13 2009
New Revision: 66187
URL: http://llvm.org/viewvc/llvm-project?rev=66187&view=rev
Log:
Fix regression in GRExprEngine::VisitCast: Do not wrap symbolic function pointers with TypedViewRegions.
Added:
cfe/trunk/test/Analysis/casts.m
Modified:
cfe/trunk/lib/Analysis/GRExprEngine.cpp
Modified: cfe/trunk/lib/Analysis/GRExprEngine.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/GRExprEngine.cpp?rev=66187&r1=66186&r2=66187&view=diff
==============================================================================
--- cfe/trunk/lib/Analysis/GRExprEngine.cpp (original)
+++ cfe/trunk/lib/Analysis/GRExprEngine.cpp Thu Mar 5 14:22:13 2009
@@ -1757,6 +1757,7 @@
NodeTy* N = *I1;
const GRState* state = GetState(N);
SVal V = GetSVal(state, Ex);
+ ASTContext& C = getContext();
// Unknown?
if (V.isUnknown()) {
@@ -1765,19 +1766,13 @@
}
// Undefined?
- if (V.isUndef()) {
- MakeNode(Dst, CastE, N, BindExpr(state, CastE, V));
- continue;
- }
+ if (V.isUndef())
+ goto PassThrough;
// For const casts, just propagate the value.
- ASTContext& C = getContext();
-
if (C.getCanonicalType(T).getUnqualifiedType() ==
- C.getCanonicalType(ExTy).getUnqualifiedType()) {
- MakeNode(Dst, CastE, N, BindExpr(state, CastE, V));
- continue;
- }
+ C.getCanonicalType(ExTy).getUnqualifiedType())
+ goto PassThrough;
// Check for casts from pointers to integers.
if (T->isIntegerType() && Loc::IsLocType(ExTy)) {
@@ -1791,19 +1786,16 @@
// Just unpackage the lval and return it.
V = LV->getLoc();
MakeNode(Dst, CastE, N, BindExpr(state, CastE, V));
+ continue;
}
- MakeNode(Dst, CastE, N, BindExpr(state, CastE,
- EvalCast(V, CastE->getType())));
-
- continue;
+ goto DispatchCast;
}
// Just pass through function and block pointers.
if (ExTy->isBlockPointerType() || ExTy->isFunctionPointerType()) {
assert(Loc::IsLocType(T));
- MakeNode(Dst, CastE, N, BindExpr(state, CastE, V));
- continue;
+ goto PassThrough;
}
// Check for casts from array type to another type.
@@ -1813,10 +1805,8 @@
// Are we casting from an array to a pointer? If so just pass on
// the decayed value.
- if (T->isPointerType()) {
- MakeNode(Dst, CastE, N, BindExpr(state, CastE, V));
- continue;
- }
+ if (T->isPointerType())
+ goto PassThrough;
// Are we casting from an array to an integer? If so, cast the decayed
// pointer value to an integer.
@@ -1853,6 +1843,12 @@
// TypedViewRegion subregion.
if (loc::SymbolVal* SV = dyn_cast<loc::SymbolVal>(&V)) {
SymbolRef Sym = SV->getSymbol();
+ QualType SymTy = getSymbolManager().getType(Sym);
+
+ // Just pass through symbols that are function or block pointers.
+ if (SymTy->isFunctionPointerType() || SymTy->isBlockPointerType())
+ goto PassThrough;
+
StoreManager& StoreMgr = getStoreManager();
const MemRegion* R =
StoreMgr.getRegionManager().getSymbolicRegion(Sym, getSymbolManager());
@@ -1871,9 +1867,16 @@
continue;
}
- // All other cases.
- MakeNode(Dst, CastE, N, BindExpr(state, CastE,
- EvalCast(V, CastE->getType())));
+ // All other cases.
+ DispatchCast: {
+ MakeNode(Dst, CastE, N, BindExpr(state, CastE,
+ EvalCast(V, CastE->getType())));
+ continue;
+ }
+
+ PassThrough: {
+ MakeNode(Dst, CastE, N, BindExpr(state, CastE, V));
+ }
}
}
Added: cfe/trunk/test/Analysis/casts.m
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/casts.m?rev=66187&view=auto
==============================================================================
--- cfe/trunk/test/Analysis/casts.m (added)
+++ cfe/trunk/test/Analysis/casts.m Thu Mar 5 14:22:13 2009
@@ -0,0 +1,16 @@
+// RUN: clang -analyze -checker-cfref -analyzer-store=basic --verify %s &&
+// RUN: clang -analyze -checker-cfref -analyzer-store=region --verify %s
+
+// Test function pointer casts. Currently we track function addresses using
+// loc::FunctionVal. Because casts can be arbitrary, do we need to model
+// functions with regions?
+
+typedef void (*MyFuncTest1)(void);
+
+MyFuncTest1 test1_aux(void);
+void test1(void) {
+ void *x;
+ void* (*p)(void);
+ p = ((void*) test1_aux());
+ if (p != ((void*) 0)) x = (*p)();
+}
More information about the cfe-commits
mailing list