[llvm-branch-commits] [cfe-branch] r119269 - in /cfe/branches/Apple/whitney: lib/Checker/SValuator.cpp test/Analysis/misc-ps.m

[Daniel Dunbar]

Author: ddunbar
Date: Mon Nov 15 15:47:14 2010
New Revision: 119269

URL: http://llvm.org/viewvc/llvm-project?rev=119269&view=rev
Log:
Merge r119177:
--
Author: Ted Kremenek <kremenek at apple.com>
Date:   Mon Nov 15 20:09:42 2010 +0000

    Relax assertion in SValuator so that we don't crash when analyzing a call via a function pointer that
    casts the return value to something completely different.  While we need better reasoning here,
    we should definately not crash.

Modified:
    cfe/branches/Apple/whitney/lib/Checker/SValuator.cpp
    cfe/branches/Apple/whitney/test/Analysis/misc-ps.m

Modified: cfe/branches/Apple/whitney/lib/Checker/SValuator.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/branches/Apple/whitney/lib/Checker/SValuator.cpp?rev=119269&r1=119268&r2=119269&view=diff
==============================================================================
--- cfe/branches/Apple/whitney/lib/Checker/SValuator.cpp (original)
+++ cfe/branches/Apple/whitney/lib/Checker/SValuator.cpp Mon Nov 15 15:47:14 2010
@@ -122,7 +122,18 @@
     // FIXME: We should handle the case where we strip off view layers to get
     //  to a desugared type.
 
-    assert(Loc::IsLocType(castTy));
+    if (!Loc::IsLocType(castTy)) {
+      // FIXME: There can be gross cases where one casts the result of a function
+      // (that returns a pointer) to some other value that happens to fit
+      // within that pointer value.  We currently have no good way to
+      // model such operations.  When this happens, the underlying operation
+      // is that the caller is reasoning about bits.  Conceptually we are
+      // layering a "view" of a location on top of those bits.  Perhaps
+      // we need to be more lazy about mutual possible views, even on an
+      // SVal?  This may be necessary for bit-level reasoning as well.
+      return UnknownVal();
+    }
+
     // We get a symbolic function pointer for a dereference of a function
     // pointer, but it is of function type. Example:
 

Modified: cfe/branches/Apple/whitney/test/Analysis/misc-ps.m
URL: http://llvm.org/viewvc/llvm-project/cfe/branches/Apple/whitney/test/Analysis/misc-ps.m?rev=119269&r1=119268&r2=119269&view=diff
==============================================================================
--- cfe/branches/Apple/whitney/test/Analysis/misc-ps.m (original)
+++ cfe/branches/Apple/whitney/test/Analysis/misc-ps.m Mon Nov 15 15:47:14 2010
@@ -1193,3 +1193,13 @@
   (*(struct pr5272*)0xBC000000).var2 += 2; // no-warning
 }
 
+// Support casting the return value of function to another different type
+// This previously caused a crash, although we likely need more precise
+// reasoning here. <rdar://problem/8663544>
+void* rdar8663544();
+typedef struct {} Val8663544;
+Val8663544 bazR8663544() {
+  Val8663544(*func) () = (Val8663544(*) ()) rdar8663544;
+  return func();
+}
+