Handle insidious corner case exposed by RegionStoreManager when handling void* values that are bound to symbolic regions and then treated like integers. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75356 91177308-0d34-0410-b5e6-96231b3b80d8

commit: 43d74a5a8e1b6880e6c9813930ce59ab6cadfbf1 [log] [tgz]
author: Ted Kremenek <kremenek@apple.com> Sat Jul 11 04:38:49 2009 +0000
committer: Ted Kremenek <kremenek@apple.com> Sat Jul 11 04:38:49 2009 +0000
tree: 2058824fe60da51709b4d7bd1ac8b2177e8b0204
parent: e07c57947599aa30e96b64626f96ce6c059783c4 [diff] [blame]
diff --git a/lib/Analysis/GRExprEngine.cpp b/lib/Analysis/GRExprEngine.cpp
index d9117f5..6bc70d5 100644
--- a/lib/Analysis/GRExprEngine.cpp
+++ b/lib/Analysis/GRExprEngine.cpp

@@ -1110,6 +1110,19 @@
   }
   else {
     SVal V = state->getSVal(cast<Loc>(location), Ex->getType());
+    
+    // Casts can create weird scenarios where a location must be implicitly
+    // converted to something else.  For example:
+    //
+    //  void *x;
+    //  int *y = (int*) &x; // void** -> int* cast.
+    //  invalidate(y);  // 'x' now binds to a symbolic region
+    //  int z = *y;
+    //    
+    if (isa<Loc>(V) && !Loc::IsLocType(Ex->getType())) {
+      V = EvalCast(V, Ex->getType());
+    }
+    
     MakeNode(Dst, Ex, Pred, state->bindExpr(Ex, V), K, tag);
   }
 }
commit	43d74a5a8e1b6880e6c9813930ce59ab6cadfbf1	[log] [tgz]
author	Ted Kremenek <kremenek@apple.com>	Sat Jul 11 04:38:49 2009 +0000
committer	Ted Kremenek <kremenek@apple.com>	Sat Jul 11 04:38:49 2009 +0000
tree	2058824fe60da51709b4d7bd1ac8b2177e8b0204
parent	e07c57947599aa30e96b64626f96ce6c059783c4 [diff] [blame]