diff options
| author | Jordan Rose <jordan_rose@apple.com> | 2012-09-08 01:24:38 +0000 |
|---|---|---|
| committer | Jordan Rose <jordan_rose@apple.com> | 2012-09-08 01:24:38 +0000 |
| commit | 9874f597ef5d5748695c88daaa9a3208f95c2032 (patch) | |
| tree | 0f5284de4c23521ce35592aedfa91fbd3342f557 | |
| parent | 9f6ec8253e3ec3e9722ca7e4599f977db2f786ef (diff) | |
[analyzer] Cast the result of a placement new-expression to the correct type.
This is necessary because further analysis will assume that the SVal's
type matches the AST type. This caused a crash when trying to perform
a derived-to-base cast on a C++ object that had been new'd to be another
object type.
Yet another crash in PR13763.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163442 91177308-0d34-0410-b5e6-96231b3b80d8
| -rw-r--r-- | lib/StaticAnalyzer/Core/ExprEngineCXX.cpp | 4 | ||||
| -rw-r--r-- | test/Analysis/inline.cpp | 26 |
2 files changed, 29 insertions, 1 deletions
diff --git a/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp b/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp index 10ecb3b9a9..60c73c6296 100644 --- a/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp +++ b/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp @@ -250,7 +250,9 @@ void ExprEngine::VisitCXXNewExpr(const CXXNewExpr *CNE, ExplodedNode *Pred, if (FD && FD->isReservedGlobalPlacementOperator()) { // Non-array placement new should always return the placement location. SVal PlacementLoc = State->getSVal(CNE->getPlacementArg(0), LCtx); - State = State->BindExpr(CNE, LCtx, PlacementLoc); + SVal Result = svalBuilder.evalCast(PlacementLoc, CNE->getType(), + CNE->getPlacementArg(0)->getType()); + State = State->BindExpr(CNE, LCtx, Result); } else { State = State->BindExpr(CNE, LCtx, symVal); } diff --git a/test/Analysis/inline.cpp b/test/Analysis/inline.cpp index 6491b12c58..6c7cfc14e8 100644 --- a/test/Analysis/inline.cpp +++ b/test/Analysis/inline.cpp @@ -270,8 +270,13 @@ namespace OperatorNew { namespace VirtualWithSisterCasts { + // This entire set of tests exercises casts from sister classes and + // from classes outside the hierarchy, which can very much confuse + // code that uses DynamicTypeInfo or needs to construct CXXBaseObjectRegions. + // These examples used to cause crashes in +Asserts builds. struct Parent { virtual int foo(); + int x; }; struct A : Parent { @@ -282,20 +287,41 @@ namespace VirtualWithSisterCasts { virtual int foo(); }; + struct Grandchild : public A {}; + struct Unrelated {}; void testDowncast(Parent *b) { A *a = (A *)(void *)b; clang_analyzer_eval(a->foo() == 42); // expected-warning{{UNKNOWN}} + + a->x = 42; + clang_analyzer_eval(a->x == 42); // expected-warning{{TRUE}} } void testRelated(B *b) { A *a = (A *)(void *)b; clang_analyzer_eval(a->foo() == 42); // expected-warning{{UNKNOWN}} + + a->x = 42; + clang_analyzer_eval(a->x == 42); // expected-warning{{TRUE}} } void testUnrelated(Unrelated *b) { A *a = (A *)(void *)b; clang_analyzer_eval(a->foo() == 42); // expected-warning{{UNKNOWN}} + + a->x = 42; + clang_analyzer_eval(a->x == 42); // expected-warning{{TRUE}} + } + + void testCastViaNew(B *b) { + Grandchild *g = new (b) Grandchild(); + // FIXME: We actually now have perfect type info because of 'new'. + // This should be TRUE. + clang_analyzer_eval(g->foo() == 42); // expected-warning{{UNKNOWN}} + + g->x = 42; + clang_analyzer_eval(g->x == 42); // expected-warning{{TRUE}} } } |