================
@@ -285,15 +285,43 @@ void ExprEngine::VisitCast(const CastExpr *CastE, const
Expr *Ex,
ExplodedNodeSet dstPreStmt;
getCheckerManager().runCheckersForPreStmt(dstPreStmt, Pred, CastE, *this);
- if (CastE->getCastKind() == CK_LValueToRValue ||
- CastE->getCastKind() == CK_LValueToRValueBitCast) {
+ if (CastE->getCastKind() == CK_LValueToRValue) {
for (ExplodedNode *subExprNode : dstPreStmt) {
ProgramStateRef state = subExprNode->getState();
const LocationContext *LCtx = subExprNode->getLocationContext();
evalLoad(Dst, CastE, CastE, subExprNode, state, state->getSVal(Ex,
LCtx));
}
return;
}
+ if (CastE->getCastKind() == CK_LValueToRValueBitCast) {
+ // Handle `__builtin_bit_cast`:
+ ExplodedNodeSet dstEvalLoad;
+
+ // Simulate the lvalue-to-rvalue conversion on `Ex`:
+ for (ExplodedNode *subExprNode : dstPreStmt) {
+ ProgramStateRef state = subExprNode->getState();
+ const LocationContext *LCtx = subExprNode->getLocationContext();
+ evalLocation(dstEvalLoad, CastE, Ex, subExprNode, state,
+ state->getSVal(Ex, LCtx), true);
+ }
+ // Simulate the operation that actually casts the original value to a new
+ // value of the destination type :
+ StmtNodeBuilder Bldr(dstEvalLoad, Dst, *currBldrCtx);
+
+ for (ExplodedNode *Node : dstEvalLoad) {
+ ProgramStateRef state = Node->getState();
+ const LocationContext *LCtx = Node->getLocationContext();
+ // getAsRegion should always be successful since Ex is an lvalue:
----------------
ziqingluo-90 wrote:
I tried `__builtin_bit_cast(unsigned, *(reinterpret_cast<int*>(0xdeadbeef)))`
(there is a compilation error with `static_cast`).
The `core.FixedAddressDereference` checker will report it before it reaches
the point, but the analyzer crashes if I disable the checker. I think in cases
of `loc::ConcreteInt`, the bit_cast should output `Unknown`.
https://github.com/llvm/llvm-project/pull/139188
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
