diff options
| author | Ted Kremenek <kremenek@apple.com> | 2009-05-04 06:35:49 +0000 |
|---|---|---|
| committer | Ted Kremenek <kremenek@apple.com> | 2009-05-04 06:35:49 +0000 |
| commit | fd6b4f3de2ef7bb7b9b33dd252078c53ada43977 (patch) | |
| tree | b69227022d7ab74074d83899e07e087e97b1db00 /lib/Analysis/Store.cpp | |
| parent | cfe1f9d86d4d3b2538ed41a9f5ff313dcd20c6a9 (diff) | |
Handle 'long x = 0; char *y = (char *) x;' by layering an
'ElementRegion' on top of the VarRegion for 'x'. This causes the test
case xfail_wine_crash.c to now pass for BasicStoreManager. It doesn't
crash for RegionStoreManager either, but reports a bogus unintialized
value warning.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70832 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'lib/Analysis/Store.cpp')
| -rw-r--r-- | lib/Analysis/Store.cpp | 25 |
1 files changed, 20 insertions, 5 deletions
diff --git a/lib/Analysis/Store.cpp b/lib/Analysis/Store.cpp index 65e90dec33..e9b8f6a27f 100644 --- a/lib/Analysis/Store.cpp +++ b/lib/Analysis/Store.cpp @@ -23,7 +23,7 @@ StoreManager::StoreManager(GRStateManager &stateMgr) StoreManager::CastResult StoreManager::CastRegion(const GRState* state, const MemRegion* R, - QualType CastToTy) { + QualType CastToTy) { ASTContext& Ctx = StateMgr.getContext(); @@ -38,10 +38,11 @@ StoreManager::CastRegion(const GRState* state, const MemRegion* R, return CastResult(state, R); } - // Check if we are casting to 'void*'. - // FIXME: Handle arbitrary upcasts. - if (const PointerType* PTy = dyn_cast<PointerType>(ToTy.getTypePtr())) - if (PTy->getPointeeType()->isVoidType()) { + if (const PointerType* PTy = dyn_cast<PointerType>(ToTy.getTypePtr())) { + // Check if we are casting to 'void*'. + // FIXME: Handle arbitrary upcasts. + QualType Pointee = PTy->getPointeeType(); + if (Pointee->isVoidType()) { // Casts to void* only removes TypedViewRegion. If there is no // TypedViewRegion, leave the region untouched. This happens when: @@ -58,6 +59,20 @@ StoreManager::CastRegion(const GRState* state, const MemRegion* R, return CastResult(state, R); } + else if (Pointee->isIntegerType()) { + // FIXME: At some point, it stands to reason that this 'dyn_cast' should + // become a 'cast' and that 'R' will always be a TypedRegion. + if (const TypedRegion *TR = dyn_cast<TypedRegion>(R)) { + // Check if we are casting to a region with an integer type. We now + // the types aren't the same, so we construct an ElementRegion. + // FIXME: We should have a standard query function to get the size + // of the array index. + SVal Idx = ValMgr.makeZeroVal(ValMgr.getContext().VoidPtrTy); + ElementRegion* ER = MRMgr.getElementRegion(Pointee, Idx, TR); + return CastResult(state, ER); + } + } + } // FIXME: Need to handle arbitrary downcasts. // FIXME: Handle the case where a TypedViewRegion (layering a SymbolicRegion |