Regionstore: support derived-to-base cast by creating a CXXBaseObjectRegion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@120173 91177308-0d34-0410-b5e6-96231b3b80d8
diff --git a/lib/Checker/GRExprEngine.cpp b/lib/Checker/GRExprEngine.cpp
index 4121144..f541a7e 100644
--- a/lib/Checker/GRExprEngine.cpp
+++ b/lib/Checker/GRExprEngine.cpp
@@ -2688,8 +2688,7 @@
case CK_IntegralComplexToFloatingComplex:
case CK_AnyPointerToObjCPointerCast:
case CK_AnyPointerToBlockPointerCast:
- case CK_DerivedToBase:
- case CK_UncheckedDerivedToBase:
+
case CK_ObjCObjectLValueCast: {
// Delegate to SValuator to process.
for (ExplodedNodeSet::iterator I = S2.begin(), E = S2.end(); I != E; ++I) {
@@ -2702,7 +2701,20 @@
}
return;
}
-
+
+ case CK_DerivedToBase:
+ case CK_UncheckedDerivedToBase:
+ // For DerivedToBase cast, delegate to the store manager.
+ for (ExplodedNodeSet::iterator I = S2.begin(), E = S2.end(); I != E; ++I) {
+ ExplodedNode *node = *I;
+ const GRState *state = GetState(node);
+ SVal val = state->getSVal(Ex);
+ val = getStoreManager().evalDerivedToBase(val, T);
+ state = state->BindExpr(CastE, val);
+ MakeNode(Dst, CastE, node, state);
+ }
+ return;
+
// Various C++ casts that are not handled yet.
case CK_Dynamic:
case CK_ToUnion:
diff --git a/lib/Checker/MemRegion.cpp b/lib/Checker/MemRegion.cpp
index 4414c1a..366a574 100644
--- a/lib/Checker/MemRegion.cpp
+++ b/lib/Checker/MemRegion.cpp
@@ -218,6 +218,10 @@
return ValMgr.makeIntVal(getStringLiteral()->getByteLength()+1, SizeTy);
}
+QualType CXXBaseObjectRegion::getValueType() const {
+ return QualType(decl->getTypeForDecl(), 0);
+}
+
//===----------------------------------------------------------------------===//
// FoldingSet profiling.
//===----------------------------------------------------------------------===//
@@ -367,6 +371,17 @@
ProfileRegion(ID, Ex, getSuperRegion());
}
+void CXXBaseObjectRegion::ProfileRegion(llvm::FoldingSetNodeID &ID,
+ const CXXRecordDecl *decl,
+ const MemRegion *sReg) {
+ ID.AddPointer(decl);
+ ID.AddPointer(sReg);
+}
+
+void CXXBaseObjectRegion::Profile(llvm::FoldingSetNodeID &ID) const {
+ ProfileRegion(ID, decl, superRegion);
+}
+
//===----------------------------------------------------------------------===//
// Region pretty-printing.
//===----------------------------------------------------------------------===//
@@ -411,6 +426,10 @@
os << "temp_object";
}
+void CXXBaseObjectRegion::dumpToStream(llvm::raw_ostream &os) const {
+ os << "base " << decl->getName();
+}
+
void CXXThisRegion::dumpToStream(llvm::raw_ostream &os) const {
os << "this";
}
@@ -687,6 +706,12 @@
return getSubRegion<CXXObjectRegion>(E, getStackLocalsRegion(SFC));
}
+const CXXBaseObjectRegion *
+MemRegionManager::getCXXBaseObjectRegion(const CXXRecordDecl *decl,
+ const MemRegion *superRegion) {
+ return getSubRegion<CXXBaseObjectRegion>(decl, superRegion);
+}
+
const CXXThisRegion*
MemRegionManager::getCXXThisRegion(QualType thisPointerTy,
const LocationContext *LC) {
diff --git a/lib/Checker/RegionStore.cpp b/lib/Checker/RegionStore.cpp
index e5b1bca..59c8730 100644
--- a/lib/Checker/RegionStore.cpp
+++ b/lib/Checker/RegionStore.cpp
@@ -224,6 +224,9 @@
/// casts from arrays to pointers.
SVal ArrayToPointer(Loc Array);
+ /// For DerivedToBase casts, create a CXXBaseObjectRegion and return it.
+ virtual SVal evalDerivedToBase(SVal derived, QualType basePtrType);
+
SVal EvalBinOp(BinaryOperator::Opcode Op,Loc L, NonLoc R, QualType resultTy);
Store getInitialStore(const LocationContext *InitLoc) {
@@ -804,6 +807,14 @@
return loc::MemRegionVal(MRMgr.getElementRegion(T, ZeroIdx, ArrayR, Ctx));
}
+SVal RegionStoreManager::evalDerivedToBase(SVal derived, QualType basePtrType) {
+ const CXXRecordDecl *baseDecl = basePtrType->getCXXRecordDeclForPointerType();
+ assert(baseDecl && "not a CXXRecordDecl?");
+ loc::MemRegionVal &derivedRegVal = cast<loc::MemRegionVal>(derived);
+ const MemRegion *baseReg =
+ MRMgr.getCXXBaseObjectRegion(baseDecl, derivedRegVal.getRegion());
+ return loc::MemRegionVal(baseReg);
+}
//===----------------------------------------------------------------------===//
// Pointer arithmetic.
//===----------------------------------------------------------------------===//
@@ -869,6 +880,7 @@
case MemRegion::FieldRegionKind:
case MemRegion::ObjCIvarRegionKind:
case MemRegion::CXXObjectRegionKind:
+ case MemRegion::CXXBaseObjectRegionKind:
return UnknownVal();
case MemRegion::FunctionTextRegionKind: