diff options
Diffstat (limited to 'lib/StaticAnalyzer/Core/ExprEngine.cpp')
| -rw-r--r-- | lib/StaticAnalyzer/Core/ExprEngine.cpp | 35 |
1 files changed, 31 insertions, 4 deletions
diff --git a/lib/StaticAnalyzer/Core/ExprEngine.cpp b/lib/StaticAnalyzer/Core/ExprEngine.cpp index 06b1db564d..60fd8d019e 100644 --- a/lib/StaticAnalyzer/Core/ExprEngine.cpp +++ b/lib/StaticAnalyzer/Core/ExprEngine.cpp @@ -173,10 +173,37 @@ static ProgramStateRef createTemporaryRegionIfNeeded(ProgramStateRef State, SVal V = State->getSVal(E, LC); if (V.getAs<NonLoc>()) { - MemRegionManager &MRMgr = State->getStateManager().getRegionManager(); - const MemRegion *R = MRMgr.getCXXTempObjectRegion(E, LC); - State = State->bindLoc(loc::MemRegionVal(R), V); - State = State->BindExpr(E, LC, loc::MemRegionVal(R)); + ProgramStateManager &StateMgr = State->getStateManager(); + MemRegionManager &MRMgr = StateMgr.getRegionManager(); + StoreManager &StoreMgr = StateMgr.getStoreManager(); + + // We need to be careful about treating a derived type's value as + // bindings for a base type. Start by stripping and recording base casts. + SmallVector<const CastExpr *, 4> Casts; + const Expr *Inner = E->IgnoreParens(); + while (const CastExpr *CE = dyn_cast<CastExpr>(Inner)) { + if (CE->getCastKind() == CK_DerivedToBase || + CE->getCastKind() == CK_UncheckedDerivedToBase) + Casts.push_back(CE); + else if (CE->getCastKind() != CK_NoOp) + break; + + Inner = CE->getSubExpr()->IgnoreParens(); + } + + // Create a temporary object region for the inner expression (which may have + // a more derived type) and bind the NonLoc value into it. + SVal Reg = loc::MemRegionVal(MRMgr.getCXXTempObjectRegion(Inner, LC)); + State = State->bindLoc(Reg, V); + + // Re-apply the casts (from innermost to outermost) for type sanity. + for (SmallVectorImpl<const CastExpr *>::reverse_iterator I = Casts.rbegin(), + E = Casts.rend(); + I != E; ++I) { + Reg = StoreMgr.evalDerivedToBase(Reg, *I); + } + + State = State->BindExpr(E, LC, Reg); } return State; |