[analyzer] Base regions may be invalid when layered on symbolic regions.
While RegionStore checks to make sure casts on TypedValueRegions are valid,
it does not do the same for SymbolicRegions, which do not have perfect type
info anyway. Additionally, MemRegion::getAsOffset does not take a
ProgramState, so it can't use dynamic type info to determine a better type
for the regions. (This could also be dangerous if the type of a super-region
changes!)
Account for this by checking that a base object region is valid on top of a
symbolic region, and falling back to "symbolic offset" mode if not.
Fixes PR15345.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176034 91177308-0d34-0410-b5e6-96231b3b80d8
diff --git a/test/Analysis/reinterpret-cast.cpp b/test/Analysis/reinterpret-cast.cpp
index d1aed80..59e6a53 100644
--- a/test/Analysis/reinterpret-cast.cpp
+++ b/test/Analysis/reinterpret-cast.cpp
@@ -64,3 +64,25 @@
clang_analyzer_eval(reinterpret_cast<IntWrapperSubclass *>(ww)->x == 42); // expected-warning{{FALSE}}
}
}
+
+namespace PR15345 {
+ class C {};
+
+ class Base {
+ public:
+ void (*f)();
+ int x;
+ };
+
+ class Derived : public Base {};
+
+ void test() {
+ Derived* p;
+ *(reinterpret_cast<void**>(&p)) = new C;
+ p->f();
+
+ // We should still be able to do some reasoning about bindings.
+ p->x = 42;
+ clang_analyzer_eval(p->x == 42); // expected-warning{{TRUE}}
+ };
+}