[analyzer] pr37209: Fix casts of glvalues to references.

Many glvalue expressions aren't of their respective reference type - they are simply glvalues of their value type. This was causing problems when we were trying to obtain type of the original expression while evaluating certain glvalue bit-casts. Fixed by artificially forging a reference type to provide to the casting procedure. Differential Revision: https://reviews.llvm.org/D46224 llvm-svn: 331558
2018-05-04 21:39:25 +00:00 · 2018-05-04 21:39:25 +00:00 · 2fd6aa7d56
parent 5b39acd111
commit 2fd6aa7d56
2 changed files with 21 additions and 0 deletions
--- a/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
+++ b/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
@ -257,6 +257,13 @@ ProgramStateRef ExprEngine::handleLValueBitCast(
    ProgramStateRef state, const Expr* Ex, const LocationContext* LCtx,
    QualType T, QualType ExTy, const CastExpr* CastE, StmtNodeBuilder& Bldr,
    ExplodedNode* Pred) {
+  if (T->isLValueReferenceType()) {
+    assert(!CastE->getType()->isLValueReferenceType());
+    ExTy = getContext().getLValueReferenceType(ExTy);
+  } else if (T->isRValueReferenceType()) {
+    assert(!CastE->getType()->isRValueReferenceType());
+    ExTy = getContext().getRValueReferenceType(ExTy);
+  }
  // Delegate to SValBuilder to process.
  SVal OrigV = state->getSVal(Ex, LCtx);
  SVal V = svalBuilder.evalCast(OrigV, T, ExTy);
--- a/clang/test/Analysis/casts.cpp
+++ b/clang/test/Analysis/casts.cpp
@ -21,3 +21,17 @@ void intAsBoolAsSwitchCondition(int c) {
      break;
  }
 }
+
+int *&castToIntPtrLValueRef(char *p) {
+  return (int *&)*(int *)p;
+}
+bool testCastToIntPtrLValueRef(char *p, int *s) {
+  return castToIntPtrLValueRef(p) != s; // no-crash
+}
+
+int *&&castToIntPtrRValueRef(char *p) {
+  return (int *&&)*(int *)p;
+}
+bool testCastToIntPtrRValueRef(char *p, int *s) {
+  return castToIntPtrRValueRef(p) != s; // no-crash
+}