Handle insidious corner case exposed by RegionStoreManager when handling void* values that are bound

to symbolic regions and then treated like integers. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75356 91177308-0d34-0410-b5e6-96231b3b80d8
author: Ted Kremenek <kremenek@apple.com> 2009-07-11 04:38:49 +0000
committer: Ted Kremenek <kremenek@apple.com> 2009-07-11 04:38:49 +0000
commit: 43d74a5a8e1b6880e6c9813930ce59ab6cadfbf1 (patch)
tree: 2058824fe60da51709b4d7bd1ac8b2177e8b0204 /lib/Analysis/GRExprEngine.cpp
parent: e07c57947599aa30e96b64626f96ce6c059783c4 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/lib/Analysis/GRExprEngine.cpp b/lib/Analysis/GRExprEngine.cpp
index d9117f5930..6bc70d5925 100644
--- a/lib/Analysis/GRExprEngine.cpp
+++ b/lib/Analysis/GRExprEngine.cpp
@@ -1110,6 +1110,19 @@ void GRExprEngine::EvalLoad(NodeSet& Dst, Expr* Ex, NodeTy* Pred,
   }
   else {
     SVal V = state->getSVal(cast<Loc>(location), Ex->getType());
+    
+    // Casts can create weird scenarios where a location must be implicitly
+    // converted to something else.  For example:
+    //
+    //  void *x;
+    //  int *y = (int*) &x; // void** -> int* cast.
+    //  invalidate(y);  // 'x' now binds to a symbolic region
+    //  int z = *y;
+    //    
+    if (isa<Loc>(V) && !Loc::IsLocType(Ex->getType())) {
+      V = EvalCast(V, Ex->getType());
+    }
+    
     MakeNode(Dst, Ex, Pred, state->bindExpr(Ex, V), K, tag);
   }
 }
author	Ted Kremenek <kremenek@apple.com>	2009-07-11 04:38:49 +0000
committer	Ted Kremenek <kremenek@apple.com>	2009-07-11 04:38:49 +0000
commit	43d74a5a8e1b6880e6c9813930ce59ab6cadfbf1 (patch)
tree	2058824fe60da51709b4d7bd1ac8b2177e8b0204 /lib/Analysis/GRExprEngine.cpp
parent	e07c57947599aa30e96b64626f96ce6c059783c4 (diff)