diff options
| -rw-r--r-- | lib/StaticAnalyzer/Core/ExprEngine.cpp | 2 | ||||
| -rw-r--r-- | lib/StaticAnalyzer/Core/ExprEngineC.cpp | 4 | ||||
| -rw-r--r-- | lib/StaticAnalyzer/Core/RegionStore.cpp | 13 | ||||
| -rw-r--r-- | test/Analysis/casts.cpp | 36 |
4 files changed, 7 insertions, 48 deletions
diff --git a/lib/StaticAnalyzer/Core/ExprEngine.cpp b/lib/StaticAnalyzer/Core/ExprEngine.cpp index fb41a9384c..a95f565b6c 100644 --- a/lib/StaticAnalyzer/Core/ExprEngine.cpp +++ b/lib/StaticAnalyzer/Core/ExprEngine.cpp @@ -1641,7 +1641,7 @@ void ExprEngine::evalLoad(ExplodedNodeSet &Dst, assert(!isa<NonLoc>(location) && "location cannot be a NonLoc."); assert(!isa<loc::ObjCPropRef>(location)); - // Are we loading from a reference? This actually results in two loads; one + // Are we loading from a region? This actually results in two loads; one // to fetch the address of the referenced value and one to fetch the // referenced value. if (const TypedValueRegion *TR = diff --git a/lib/StaticAnalyzer/Core/ExprEngineC.cpp b/lib/StaticAnalyzer/Core/ExprEngineC.cpp index 2e3e9f51e7..6707860009 100644 --- a/lib/StaticAnalyzer/Core/ExprEngineC.cpp +++ b/lib/StaticAnalyzer/Core/ExprEngineC.cpp @@ -279,7 +279,6 @@ void ExprEngine::VisitCast(const CastExpr *CastE, const Expr *Ex, case CK_Dependent: case CK_ArrayToPointerDecay: case CK_BitCast: - case CK_LValueBitCast: case CK_IntegralCast: case CK_NullToPointer: case CK_IntegralToPointer: @@ -378,7 +377,8 @@ void ExprEngine::VisitCast(const CastExpr *CastE, const Expr *Ex, case CK_UserDefinedConversion: case CK_ConstructorConversion: case CK_VectorSplat: - case CK_MemberPointerToBoolean: { + case CK_MemberPointerToBoolean: + case CK_LValueBitCast: { // Recover some path-sensitivty by conjuring a new value. QualType resultType = CastE->getType(); if (CastE->isGLValue()) diff --git a/lib/StaticAnalyzer/Core/RegionStore.cpp b/lib/StaticAnalyzer/Core/RegionStore.cpp index 86a68a6b3a..9c00d96343 100644 --- a/lib/StaticAnalyzer/Core/RegionStore.cpp +++ b/lib/StaticAnalyzer/Core/RegionStore.cpp @@ -878,15 +878,10 @@ SVal RegionStoreManager::ArrayToPointer(Loc Array) { if (!ArrayR) return UnknownVal(); - // Extract the element type from the array region's ValueType. - // Be careful about weird things happening due to user-written casts. - QualType T = ArrayR->getValueType(); - if (const ArrayType *AT = Ctx.getAsArrayType(T)) - T = AT->getElementType(); - else if (const PointerType *PT = T->getAs<PointerType>()) - T = PT->getPointeeType(); - else - return UnknownVal(); + // Strip off typedefs from the ArrayRegion's ValueType. + QualType T = ArrayR->getValueType().getDesugaredType(Ctx); + const ArrayType *AT = cast<ArrayType>(T); + T = AT->getElementType(); NonLoc ZeroIdx = svalBuilder.makeZeroArrayIndex(); return loc::MemRegionVal(MRMgr.getElementRegion(T, ZeroIdx, ArrayR, Ctx)); diff --git a/test/Analysis/casts.cpp b/test/Analysis/casts.cpp deleted file mode 100644 index 046ffb53c8..0000000000 --- a/test/Analysis/casts.cpp +++ /dev/null @@ -1,36 +0,0 @@ -// RUN: %clang_cc1 -analyze -analyzer-checker=core,experimental.core -analyzer-store=region -verify %s - -void fill_r (int * const &x); - -char testPointer () { - int x[8]; - int *xp = x; - fill_r(xp); - - return x[0]; // no-warning -} - -char testArray () { - int x[8]; - fill_r(x); - - return x[0]; // no-warning -} - -char testReferenceCast () { - int x[8]; - int *xp = x; - fill_r(reinterpret_cast<int * const &>(xp)); - - return x[0]; // no-warning -} - - -void fill (int *x); -char testReferenceCastRValue () { - int x[8]; - int *xp = x; - fill(reinterpret_cast<int * const &>(xp)); - - return x[0]; // no-warning -} |