[cfe-commits] r119177 - in /cfe/trunk: lib/Checker/SValuator.cpp test/Analysis/misc-ps.m

Ted Kremenek kremenek at apple.com
Mon Nov 15 12:09:42 PST 2010 

Author: kremenek
Date: Mon Nov 15 14:09:42 2010
New Revision: 119177

URL: http://llvm.org/viewvc/llvm-project?rev=119177&view=rev
Log:
Relax assertion in SValuator so that we don't crash when analyzing a call via a function pointer that
casts the return value to something completely different.  While we need better reasoning here,
we should definately not crash.

Modified:
    cfe/trunk/lib/Checker/SValuator.cpp
    cfe/trunk/test/Analysis/misc-ps.m

Modified: cfe/trunk/lib/Checker/SValuator.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Checker/SValuator.cpp?rev=119177&r1=119176&r2=119177&view=diff
==============================================================================
--- cfe/trunk/lib/Checker/SValuator.cpp (original)
+++ cfe/trunk/lib/Checker/SValuator.cpp Mon Nov 15 14:09:42 2010
@@ -122,7 +122,18 @@
     // FIXME: We should handle the case where we strip off view layers to get
     //  to a desugared type.
 
-    assert(Loc::IsLocType(castTy));
+    if (!Loc::IsLocType(castTy)) {
+      // FIXME: There can be gross cases where one casts the result of a function
+      // (that returns a pointer) to some other value that happens to fit
+      // within that pointer value.  We currently have no good way to
+      // model such operations.  When this happens, the underlying operation
+      // is that the caller is reasoning about bits.  Conceptually we are
+      // layering a "view" of a location on top of those bits.  Perhaps
+      // we need to be more lazy about mutual possible views, even on an
+      // SVal?  This may be necessary for bit-level reasoning as well.
+      return UnknownVal();
+    }
+
     // We get a symbolic function pointer for a dereference of a function
     // pointer, but it is of function type. Example:
 

Modified: cfe/trunk/test/Analysis/misc-ps.m
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/misc-ps.m?rev=119177&r1=119176&r2=119177&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/misc-ps.m (original)
+++ cfe/trunk/test/Analysis/misc-ps.m Mon Nov 15 14:09:42 2010
@@ -1193,3 +1193,13 @@
   (*(struct pr5272*)0xBC000000).var2 += 2; // no-warning
 }
 
+// Support casting the return value of function to another different type
+// This previously caused a crash, although we likely need more precise
+// reasoning here. <rdar://problem/8663544>
+void* rdar8663544();
+typedef struct {} Val8663544;
+Val8663544 bazR8663544() {
+  Val8663544(*func) () = (Val8663544(*) ()) rdar8663544;
+  return func();
+}
+

More information about the cfe-commits mailing list