[analyzer] Improve modeling of static initializers.

Conversions between unrelated pointer types (e.g. char * and void *) involve bitcasts which were not properly modeled in case of static initializers. The patch fixes this problem. The problem was originally spotted by Artem Dergachev. Patched by Yuri Gribov! Differential Revision: http://reviews.llvm.org/D14652 llvm-svn: 253532
2015-11-19 01:25:28 +00:00 · 2015-11-19 01:25:28 +00:00 · 61fcb521fa
parent d4129b47d0
commit 61fcb521fa
2 changed files with 18 additions and 5 deletions
--- a/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
+++ b/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
@ -275,11 +275,17 @@ Optional<SVal> SValBuilder::getConstantVal(const Expr *E) {

  case Stmt::ImplicitCastExprClass: {
    const CastExpr *CE = cast<CastExpr>(E);
-    if (CE->getCastKind() == CK_ArrayToPointerDecay) {
-      Optional<SVal> ArrayVal = getConstantVal(CE->getSubExpr());
-      if (!ArrayVal)
+    switch (CE->getCastKind()) {
+    default:
+      break;
+    case CK_ArrayToPointerDecay:
+    case CK_BitCast: {
+      const Expr *SE = CE->getSubExpr();
+      Optional<SVal> Val = getConstantVal(SE);
+      if (!Val)
        return None;
-      return evalCast(*ArrayVal, CE->getType(), CE->getSubExpr()->getType());
+      return evalCast(*Val, CE->getType(), SE->getType());
+    }
    }
    // FALLTHROUGH
  }
--- a/clang/test/Analysis/inline.cpp
+++ b/clang/test/Analysis/inline.cpp
@ -300,6 +300,13 @@ namespace DefaultArgs {
    clang_analyzer_eval(defaultString("xyz") == 'y'); // expected-warning{{TRUE}}
    clang_analyzer_eval(defaultString() == 'b'); // expected-warning{{TRUE}}
  }
+
+  const void * const void_string = "abc";
+
+  void testBitcastedString() {
+    clang_analyzer_eval(0 != void_string); // expected-warning{{TRUE}}
+    clang_analyzer_eval('b' == ((char *)void_string)[1]); // expected-warning{{TRUE}}
+  }
 }

 namespace OperatorNew {