[analyzer] pr37209: Fix casts of glvalues to references.

Many glvalue expressions aren't of their respective reference type - they are simply glvalues of their value type. This was causing problems when we were trying to obtain type of the original expression while evaluating certain glvalue bit-casts. Fixed by artificially forging a reference type to provide to the casting procedure. Differential Revision: https://reviews.llvm.org/D46224 llvm-svn: 331558
llvm · May 4, 2018 · 2fd6aa7 · 2fd6aa7
1 parent 5b39acd
commit 2fd6aa7
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 0 deletions.
diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp b/clang/lib/StaticAnalyzer/Core/ExprEngineC.cpp
@@ -257,6 +257,13 @@ ProgramStateRef ExprEngine::handleLValueBitCast(
     ProgramStateRef state, const Expr* Ex, const LocationContext* LCtx,
     QualType T, QualType ExTy, const CastExpr* CastE, StmtNodeBuilder& Bldr,
     ExplodedNode* Pred) {
+  if (T->isLValueReferenceType()) {
+    assert(!CastE->getType()->isLValueReferenceType());
+    ExTy = getContext().getLValueReferenceType(ExTy);
+  } else if (T->isRValueReferenceType()) {
+    assert(!CastE->getType()->isRValueReferenceType());
+    ExTy = getContext().getRValueReferenceType(ExTy);
+  }
   // Delegate to SValBuilder to process.
   SVal OrigV = state->getSVal(Ex, LCtx);
   SVal V = svalBuilder.evalCast(OrigV, T, ExTy);

diff --git a/clang/test/Analysis/casts.cpp b/clang/test/Analysis/casts.cpp
@@ -21,3 +21,17 @@ void intAsBoolAsSwitchCondition(int c) {
       break;
   }
 }
+
+int *&castToIntPtrLValueRef(char *p) {
+  return (int *&)*(int *)p;
+}
+bool testCastToIntPtrLValueRef(char *p, int *s) {
+  return castToIntPtrLValueRef(p) != s; // no-crash
+}
+
+int *&&castToIntPtrRValueRef(char *p) {
+  return (int *&&)*(int *)p;
+}
+bool testCastToIntPtrRValueRef(char *p, int *s) {
+  return castToIntPtrRValueRef(p) != s; // no-crash
+}