diff options
Diffstat (limited to 'lib/Analysis/GRExprEngine.cpp')
| -rw-r--r-- | lib/Analysis/GRExprEngine.cpp | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/lib/Analysis/GRExprEngine.cpp b/lib/Analysis/GRExprEngine.cpp index d9117f5930..6bc70d5925 100644 --- a/lib/Analysis/GRExprEngine.cpp +++ b/lib/Analysis/GRExprEngine.cpp @@ -1110,6 +1110,19 @@ void GRExprEngine::EvalLoad(NodeSet& Dst, Expr* Ex, NodeTy* Pred, } else { SVal V = state->getSVal(cast<Loc>(location), Ex->getType()); + + // Casts can create weird scenarios where a location must be implicitly + // converted to something else. For example: + // + // void *x; + // int *y = (int*) &x; // void** -> int* cast. + // invalidate(y); // 'x' now binds to a symbolic region + // int z = *y; + // + if (isa<Loc>(V) && !Loc::IsLocType(Ex->getType())) { + V = EvalCast(V, Ex->getType()); + } + MakeNode(Dst, Ex, Pred, state->bindExpr(Ex, V), K, tag); } } |