[cfe-commits] r158338 - in /cfe/trunk: lib/StaticAnalyzer/Core/ExprEngine.cpp lib/StaticAnalyzer/Core/ExprEngineC.cpp lib/StaticAnalyzer/Core/RegionStore.cpp test/Analysis/casts.cpp

Mon Jun 11 16:20:52 PDT 2012

Author: jrose
Date: Mon Jun 11 18:20:52 2012
New Revision: 158338

URL: http://llvm.org/viewvc/llvm-project?rev=158338&view=rev
Log:
[analyzer] Treat LValueBitCasts like regular pointer bit casts.

These casts only appear in very well-defined circumstances, in which the
target of a reinterpret_cast or a function formal parameter is an lvalue
reference. According to the C++ standard, the following are equivalent:

 reinterpret_cast<T&>( x)
*reinterpret_cast<T*>(&x)

[expr.reinterpret.cast]p11

Added:
    cfe/trunk/test/Analysis/casts.cpp
Modified:
    cfe/trunk/lib/StaticAnalyzer/Core/ExprEngine.cpp
    cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineC.cpp
    cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp

Modified: cfe/trunk/lib/StaticAnalyzer/Core/ExprEngine.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/ExprEngine.cpp?rev=158338&r1=158337&r2=158338&view=diff
==============================================================================

--- cfe/trunk/lib/StaticAnalyzer/Core/ExprEngine.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Core/ExprEngine.cpp Mon Jun 11 18:20:52 2012
@@ -1641,7 +1641,7 @@
   assert(!isa<NonLoc>(location) && "location cannot be a NonLoc.");
   assert(!isa<loc::ObjCPropRef>(location));
 
-  // Are we loading from a region?  This actually results in two loads; one
+  // Are we loading from a reference?  This actually results in two loads; one
   // to fetch the address of the referenced value and one to fetch the
   // referenced value.
   if (const TypedValueRegion *TR =

Modified: cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineC.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineC.cpp?rev=158338&r1=158337&r2=158338&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineC.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineC.cpp Mon Jun 11 18:20:52 2012
@@ -279,6 +279,7 @@
       case CK_Dependent:
       case CK_ArrayToPointerDecay:
       case CK_BitCast:
+      case CK_LValueBitCast:
       case CK_IntegralCast:
       case CK_NullToPointer:
       case CK_IntegralToPointer:
@@ -377,8 +378,7 @@
       case CK_UserDefinedConversion:
       case CK_ConstructorConversion:
       case CK_VectorSplat:
-      case CK_MemberPointerToBoolean:
-      case CK_LValueBitCast: {
+      case CK_MemberPointerToBoolean: {
         // Recover some path-sensitivty by conjuring a new value.
         QualType resultType = CastE->getType();
         if (CastE->isGLValue())

Modified: cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp?rev=158338&r1=158337&r2=158338&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp Mon Jun 11 18:20:52 2012
@@ -878,10 +878,15 @@
   if (!ArrayR)
     return UnknownVal();
 
-  // Strip off typedefs from the ArrayRegion's ValueType.
-  QualType T = ArrayR->getValueType().getDesugaredType(Ctx);
-  const ArrayType *AT = cast<ArrayType>(T);
-  T = AT->getElementType();
+  // Extract the element type from the array region's ValueType.
+  // Be careful about weird things happening due to user-written casts.
+  QualType T = ArrayR->getValueType();
+  if (const ArrayType *AT = Ctx.getAsArrayType(T))
+    T = AT->getElementType();
+  else if (const PointerType *PT = T->getAs<PointerType>())
+    T = PT->getPointeeType();
+  else
+    return UnknownVal();
 
   NonLoc ZeroIdx = svalBuilder.makeZeroArrayIndex();
   return loc::MemRegionVal(MRMgr.getElementRegion(T, ZeroIdx, ArrayR, Ctx));

Added: cfe/trunk/test/Analysis/casts.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/casts.cpp?rev=158338&view=auto
==============================================================================
--- cfe/trunk/test/Analysis/casts.cpp (added)
+++ cfe/trunk/test/Analysis/casts.cpp Mon Jun 11 18:20:52 2012
@@ -0,0 +1,36 @@
+// RUN: %clang_cc1 -analyze -analyzer-checker=core,experimental.core -analyzer-store=region -verify %s
+
+void fill_r (int * const &x);
+
+char testPointer () {
+  int x[8];
+  int *xp = x;
+  fill_r(xp);
+
+  return x[0]; // no-warning
+}
+
+char testArray () {
+  int x[8];
+  fill_r(x);
+
+  return x[0]; // no-warning
+}
+
+char testReferenceCast () {
+  int x[8];
+  int *xp = x;
+  fill_r(reinterpret_cast<int * const &>(xp));
+  
+  return x[0]; // no-warning
+}
+
+
+void fill (int *x);
+char testReferenceCastRValue () {
+  int x[8];
+  int *xp = x;
+  fill(reinterpret_cast<int * const &>(xp));
+
+  return x[0]; // no-warning
+}



