summaryrefslogtreecommitdiff
path: root/lib/StaticAnalyzer
diff options
context:
space:
mode:
authorArtem Dergachev <artem.dergachev@gmail.com>2019-08-23 03:24:01 +0000
committerArtem Dergachev <artem.dergachev@gmail.com>2019-08-23 03:24:01 +0000
commit65d0c48d81b73c359f40f6c068bd89a8b91229ac (patch)
treed24e2444d66e1c3c98e1db30ee04be56ca7fbcda /lib/StaticAnalyzer
parent622a812e81dd867825c2ba42d60167866664ece3 (diff)
downloadclang-65d0c48d81b73c359f40f6c068bd89a8b91229ac.tar.gz
[analyzer] CastValueChecker: Provide DynamicTypeMap with pointer types only.
The idea to drop this requirement is good, but for now every other user of DynamicTypeInfo expects pointer types. Fixes a crash. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@369728 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'lib/StaticAnalyzer')
-rw-r--r--lib/StaticAnalyzer/Checkers/CastValueChecker.cpp45
-rw-r--r--lib/StaticAnalyzer/Core/DynamicType.cpp9
2 files changed, 26 insertions, 28 deletions
diff --git a/lib/StaticAnalyzer/Checkers/CastValueChecker.cpp b/lib/StaticAnalyzer/Checkers/CastValueChecker.cpp
index cd3b70db9a..a0cebd6ab8 100644
--- a/lib/StaticAnalyzer/Checkers/CastValueChecker.cpp
+++ b/lib/StaticAnalyzer/Checkers/CastValueChecker.cpp
@@ -92,18 +92,6 @@ private:
};
} // namespace
-static QualType getRecordType(QualType Ty) {
- Ty = Ty.getCanonicalType();
-
- if (Ty->isPointerType())
- Ty = Ty->getPointeeType();
-
- if (Ty->isReferenceType())
- Ty = Ty.getNonReferenceType();
-
- return Ty.getUnqualifiedType();
-}
-
static bool isInfeasibleCast(const DynamicCastInfo *CastInfo,
bool CastSucceeds) {
if (!CastInfo)
@@ -117,8 +105,8 @@ static const NoteTag *getNoteTag(CheckerContext &C,
QualType CastToTy, const Expr *Object,
bool CastSucceeds, bool IsKnownCast) {
std::string CastToName =
- CastInfo ? CastInfo->to()->getAsCXXRecordDecl()->getNameAsString()
- : CastToTy->getAsCXXRecordDecl()->getNameAsString();
+ CastInfo ? CastInfo->to()->getPointeeCXXRecordDecl()->getNameAsString()
+ : CastToTy->getPointeeCXXRecordDecl()->getNameAsString();
Object = Object->IgnoreParenImpCasts();
return C.getNoteTag(
@@ -160,14 +148,14 @@ static void addCastTransition(const CallEvent &Call, DefinedOrUnknownSVal DV,
const Expr *Object;
QualType CastFromTy;
- QualType CastToTy = getRecordType(Call.getResultType());
+ QualType CastToTy = Call.getResultType();
if (Call.getNumArgs() > 0) {
Object = Call.getArgExpr(0);
- CastFromTy = getRecordType(Call.parameters()[0]->getType());
+ CastFromTy = Call.parameters()[0]->getType();
} else {
Object = cast<CXXInstanceCall>(&Call)->getCXXThisExpr();
- CastFromTy = getRecordType(Object->getType());
+ CastFromTy = Object->getType();
}
const MemRegion *MR = DV.getAsRegion();
@@ -193,7 +181,7 @@ static void addCastTransition(const CallEvent &Call, DefinedOrUnknownSVal DV,
bool IsKnownCast = CastInfo || IsCheckedCast || CastFromTy == CastToTy;
if (!IsKnownCast || IsCheckedCast)
State = setDynamicTypeAndCastInfo(State, MR, CastFromTy, CastToTy,
- Call.getResultType(), CastSucceeds);
+ CastSucceeds);
SVal V = CastSucceeds ? DV : C.getSValBuilder().makeNull();
C.addTransition(
@@ -206,8 +194,20 @@ static void addInstanceOfTransition(const CallEvent &Call,
ProgramStateRef State, CheckerContext &C,
bool IsInstanceOf) {
const FunctionDecl *FD = Call.getDecl()->getAsFunction();
+ QualType CastFromTy = Call.parameters()[0]->getType();
QualType CastToTy = FD->getTemplateSpecializationArgs()->get(0).getAsType();
- QualType CastFromTy = getRecordType(Call.parameters()[0]->getType());
+ if (CastFromTy->isPointerType())
+ CastToTy = C.getASTContext().getPointerType(CastToTy);
+ else if (CastFromTy->isLValueReferenceType() &&
+ CastFromTy.isConstQualified()) {
+ CastToTy.addConst();
+ CastToTy = C.getASTContext().getLValueReferenceType(CastToTy);
+ } else if (CastFromTy->isLValueReferenceType())
+ CastToTy = C.getASTContext().getLValueReferenceType(CastToTy);
+ else if (CastFromTy->isRValueReferenceType())
+ CastToTy = C.getASTContext().getRValueReferenceType(CastToTy);
+ else
+ return;
const MemRegion *MR = DV.getAsRegion();
const DynamicCastInfo *CastInfo =
@@ -228,7 +228,7 @@ static void addInstanceOfTransition(const CallEvent &Call,
bool IsKnownCast = CastInfo || CastFromTy == CastToTy;
if (!IsKnownCast)
State = setDynamicTypeAndCastInfo(State, MR, CastFromTy, CastToTy,
- Call.getResultType(), IsInstanceOf);
+ IsInstanceOf);
C.addTransition(
State->BindExpr(Call.getOriginExpr(), C.getLocationContext(),
@@ -373,11 +373,6 @@ bool CastValueChecker::evalCall(const CallEvent &Call,
const CastCheck &Check = Lookup->first;
CallKind Kind = Lookup->second;
- // We need to obtain the record type of the call's result to model it.
- if (Kind != CallKind::InstanceOf &&
- !getRecordType(Call.getResultType())->isRecordType())
- return false;
-
Optional<DefinedOrUnknownSVal> DV;
switch (Kind) {
diff --git a/lib/StaticAnalyzer/Core/DynamicType.cpp b/lib/StaticAnalyzer/Core/DynamicType.cpp
index e4ff132c6e..a78e0e05e9 100644
--- a/lib/StaticAnalyzer/Core/DynamicType.cpp
+++ b/lib/StaticAnalyzer/Core/DynamicType.cpp
@@ -91,13 +91,16 @@ ProgramStateRef setDynamicTypeInfo(ProgramStateRef State, const MemRegion *MR,
ProgramStateRef setDynamicTypeAndCastInfo(ProgramStateRef State,
const MemRegion *MR,
QualType CastFromTy,
- QualType CastToTy, QualType ResultTy,
+ QualType CastToTy,
bool CastSucceeds) {
if (!MR)
return State;
- if (CastSucceeds)
- State = State->set<DynamicTypeMap>(MR, ResultTy);
+ if (CastSucceeds) {
+ assert((CastToTy->isAnyPointerType() || CastToTy->isReferenceType()) &&
+ "DynamicTypeInfo should always be a pointer.");
+ State = State->set<DynamicTypeMap>(MR, CastToTy);
+ }
DynamicCastInfo::CastResult ResultKind =
CastSucceeds ? DynamicCastInfo::CastResult::Success
View Lorry Controller Status