r182808 - [analyzer] Re-enable reasoning about CK_LValueBitCast
Anna Zaks
ganna at apple.com
Tue May 28 15:32:08 PDT 2013
Author: zaks
Date: Tue May 28 17:32:08 2013
New Revision: 182808
URL: http://llvm.org/viewvc/llvm-project?rev=182808&view=rev
Log:
[analyzer] Re-enable reasoning about CK_LValueBitCast
It’s important for us to reason about the cast as it is used in std::addressof. The reason we did not
handle the cast previously was a crash on a test case (see commit r157478). The crash was in
processing array to pointer decay when the region type was not an array. Address the issue, by
just returning an unknown in that case.
Modified:
cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineC.cpp
cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp
cfe/trunk/test/Analysis/reinterpret-cast.cpp
Modified: cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineC.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineC.cpp?rev=182808&r1=182807&r2=182808&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineC.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineC.cpp Tue May 28 17:32:08 2013
@@ -309,7 +309,8 @@ void ExprEngine::VisitCast(const CastExp
case CK_BlockPointerToObjCPointerCast:
case CK_AnyPointerToBlockPointerCast:
case CK_ObjCObjectLValueCast:
- case CK_ZeroToOCLEvent: {
+ case CK_ZeroToOCLEvent:
+ case CK_LValueBitCast: {
// Delegate to SValBuilder to process.
SVal V = state->getSVal(Ex, LCtx);
V = svalBuilder.evalCast(V, T, ExTy);
@@ -381,8 +382,7 @@ void ExprEngine::VisitCast(const CastExp
case CK_BaseToDerivedMemberPointer:
case CK_DerivedToBaseMemberPointer:
case CK_ReinterpretMemberPointer:
- case CK_VectorSplat:
- case CK_LValueBitCast: {
+ case CK_VectorSplat: {
// Recover some path-sensitivty by conjuring a new value.
QualType resultType = CastE->getType();
if (CastE->isGLValue())
Modified: cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp?rev=182808&r1=182807&r2=182808&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp Tue May 28 17:32:08 2013
@@ -1262,7 +1262,10 @@ SVal RegionStoreManager::ArrayToPointer(
// Strip off typedefs from the ArrayRegion's ValueType.
QualType T = ArrayR->getValueType().getDesugaredType(Ctx);
- const ArrayType *AT = cast<ArrayType>(T);
+ const ArrayType *AT = dyn_cast<ArrayType>(T);
+ if (!AT)
+ return UnknownVal();
+
T = AT->getElementType();
NonLoc ZeroIdx = svalBuilder.makeZeroArrayIndex();
Modified: cfe/trunk/test/Analysis/reinterpret-cast.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/reinterpret-cast.cpp?rev=182808&r1=182807&r2=182808&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/reinterpret-cast.cpp (original)
+++ cfe/trunk/test/Analysis/reinterpret-cast.cpp Tue May 28 17:32:08 2013
@@ -86,3 +86,20 @@ namespace PR15345 {
clang_analyzer_eval(p->x == 42); // expected-warning{{TRUE}}
};
}
+
+int trackpointer_std_addressof() {
+ int x;
+ int *p = (int*)&reinterpret_cast<const volatile char&>(x);
+ *p = 6;
+ return x; // no warning
+}
+
+void set_x1(int *&);
+void set_x2(void *&);
+int radar_13146953(void) {
+ int *x = 0, *y = 0;
+
+ set_x1(x);
+ set_x2((void *&)y);
+ return *x + *y; // no warning
+}
\ No newline at end of file
More information about the cfe-commits
mailing list