1846eabd187be4bfe992e8bca131166b734d86e0dTed Kremenek// SValBuilder.cpp - Basic class for all SValBuilder implementations -*- C++ -*- 232c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek// 332c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek// The LLVM Compiler Infrastructure 432c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek// 532c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek// This file is distributed under the University of Illinois Open Source 632c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek// License. See LICENSE.TXT for details. 732c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek// 832c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek//===----------------------------------------------------------------------===// 932c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek// 10846eabd187be4bfe992e8bca131166b734d86e0dTed Kremenek// This file defines SValBuilder, the base class for all (complete) SValBuilder 1132c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek// implementations. 1232c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek// 1332c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek//===----------------------------------------------------------------------===// 1432c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek 15c35fb7d67d515659ad2325b4f6ec97c9fe64fb63Benjamin Kramer#include "clang/AST/ExprCXX.h" 1610f77ad7fc5e5cf3f37a9b14ff5843468b8b84d2Ted Kremenek#include "clang/AST/DeclCXX.h" 179b663716449b618ba0390b1dbebc54fa8e971124Ted Kremenek#include "clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h" 189b663716449b618ba0390b1dbebc54fa8e971124Ted Kremenek#include "clang/StaticAnalyzer/Core/PathSensitive/SVals.h" 199b663716449b618ba0390b1dbebc54fa8e971124Ted Kremenek#include "clang/StaticAnalyzer/Core/PathSensitive/SValBuilder.h" 2018c66fdc3c4008d335885695fe36fb5353c5f672Ted Kremenek#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h" 219b663716449b618ba0390b1dbebc54fa8e971124Ted Kremenek#include "clang/StaticAnalyzer/Core/PathSensitive/BasicValueFactory.h" 2232c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek 2332c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenekusing namespace clang; 249ef6537a894c33003359b1f9b9676e9178e028b7Ted Kremenekusing namespace ento; 2532c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek 26c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek//===----------------------------------------------------------------------===// 27c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek// Basic SVal creation. 28c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek//===----------------------------------------------------------------------===// 29c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek 3099ba9e3bd70671f3441fb974895f226a83ce0e66David Blaikievoid SValBuilder::anchor() { } 3199ba9e3bd70671f3441fb974895f226a83ce0e66David Blaikie 329f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong WanDefinedOrUnknownSVal SValBuilder::makeZeroVal(QualType type) { 339f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan if (Loc::isLocType(type)) 34c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek return makeNull(); 35c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek 369f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan if (type->isIntegerType()) 379f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan return makeIntVal(0, type); 38c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek 39c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek // FIXME: Handle floats. 40c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek // FIXME: Handle structs. 41c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek return UnknownVal(); 42c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek} 43c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek 44c8413fd03f73084a5c93028f8b4db619fc388087Ted KremenekNonLoc SValBuilder::makeNonLoc(const SymExpr *lhs, BinaryOperator::Opcode op, 459f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan const llvm::APSInt& rhs, QualType type) { 46c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek // The Environment ensures we always get a persistent APSInt in 47c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek // BasicValueFactory, so we don't need to get the APSInt from 48c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek // BasicValueFactory again. 490d339d06f8721d14befd6311bd306ac485772188Anna Zaks assert(lhs); 509f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan assert(!Loc::isLocType(type)); 515344baa704f42b22d9df25c24ffbbf6b4716603bAnna Zaks return nonloc::SymbolVal(SymMgr.getSymIntExpr(lhs, op, rhs, type)); 52c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek} 53c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek 5424d052cdb75d3c1afa5bef32eacaa224e9d0b85dAnna ZaksNonLoc SValBuilder::makeNonLoc(const llvm::APSInt& lhs, 5524d052cdb75d3c1afa5bef32eacaa224e9d0b85dAnna Zaks BinaryOperator::Opcode op, const SymExpr *rhs, 5624d052cdb75d3c1afa5bef32eacaa224e9d0b85dAnna Zaks QualType type) { 5724d052cdb75d3c1afa5bef32eacaa224e9d0b85dAnna Zaks assert(rhs); 5824d052cdb75d3c1afa5bef32eacaa224e9d0b85dAnna Zaks assert(!Loc::isLocType(type)); 5924d052cdb75d3c1afa5bef32eacaa224e9d0b85dAnna Zaks return nonloc::SymbolVal(SymMgr.getIntSymExpr(lhs, op, rhs, type)); 6024d052cdb75d3c1afa5bef32eacaa224e9d0b85dAnna Zaks} 6124d052cdb75d3c1afa5bef32eacaa224e9d0b85dAnna Zaks 62c8413fd03f73084a5c93028f8b4db619fc388087Ted KremenekNonLoc SValBuilder::makeNonLoc(const SymExpr *lhs, BinaryOperator::Opcode op, 639f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan const SymExpr *rhs, QualType type) { 640d339d06f8721d14befd6311bd306ac485772188Anna Zaks assert(lhs && rhs); 659f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan assert(!Loc::isLocType(type)); 665344baa704f42b22d9df25c24ffbbf6b4716603bAnna Zaks return nonloc::SymbolVal(SymMgr.getSymSymExpr(lhs, op, rhs, type)); 67c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek} 68c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek 69aace9ef279be3dadd53b481aee568bd7701178b4Anna ZaksNonLoc SValBuilder::makeNonLoc(const SymExpr *operand, 70aace9ef279be3dadd53b481aee568bd7701178b4Anna Zaks QualType fromTy, QualType toTy) { 71aace9ef279be3dadd53b481aee568bd7701178b4Anna Zaks assert(operand); 72aace9ef279be3dadd53b481aee568bd7701178b4Anna Zaks assert(!Loc::isLocType(toTy)); 73aace9ef279be3dadd53b481aee568bd7701178b4Anna Zaks return nonloc::SymbolVal(SymMgr.getCastSymbol(operand, fromTy, toTy)); 74aace9ef279be3dadd53b481aee568bd7701178b4Anna Zaks} 75c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek 769f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong WanSVal SValBuilder::convertToArrayIndex(SVal val) { 779f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan if (val.isUnknownOrUndef()) 789f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan return val; 79c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek 80c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek // Common case: we have an appropriately sized integer. 819f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan if (nonloc::ConcreteInt* CI = dyn_cast<nonloc::ConcreteInt>(&val)) { 82c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek const llvm::APSInt& I = CI->getValue(); 83c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek if (I.getBitWidth() == ArrayIndexWidth && I.isSigned()) 849f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan return val; 85c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek } 86c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek 879f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan return evalCastFromNonLoc(cast<NonLoc>(val), ArrayIndexTy); 88c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek} 89c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek 90c35fb7d67d515659ad2325b4f6ec97c9fe64fb63Benjamin Kramernonloc::ConcreteInt SValBuilder::makeBoolVal(const CXXBoolLiteralExpr *boolean){ 91c35fb7d67d515659ad2325b4f6ec97c9fe64fb63Benjamin Kramer return makeTruthVal(boolean->getValue()); 92c35fb7d67d515659ad2325b4f6ec97c9fe64fb63Benjamin Kramer} 93c35fb7d67d515659ad2325b4f6ec97c9fe64fb63Benjamin Kramer 94c8413fd03f73084a5c93028f8b4db619fc388087Ted KremenekDefinedOrUnknownSVal 959697934650354bed2e509d8e7e44f21a1fb00f76Ted KremenekSValBuilder::getRegionValueSymbolVal(const TypedValueRegion* region) { 969f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan QualType T = region->getValueType(); 97c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek 98c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek if (!SymbolManager::canSymbolicate(T)) 99c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek return UnknownVal(); 100c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek 1019f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan SymbolRef sym = SymMgr.getRegionValueSymbol(region); 102c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek 1037dfc9420babe83e236a47e752f8723bd06070d9dZhanyong Wan if (Loc::isLocType(T)) 104c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek return loc::MemRegionVal(MemMgr.getSymbolicRegion(sym)); 105c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek 106c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek return nonloc::SymbolVal(sym); 107c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek} 108c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek 1093b1df8bb941a18c4a7256d7cfcbccb9de7e39995Ted KremenekDefinedOrUnknownSVal SValBuilder::conjureSymbolVal(const void *symbolTag, 1103b1df8bb941a18c4a7256d7cfcbccb9de7e39995Ted Kremenek const Expr *expr, 1113b1df8bb941a18c4a7256d7cfcbccb9de7e39995Ted Kremenek const LocationContext *LCtx, 1123b1df8bb941a18c4a7256d7cfcbccb9de7e39995Ted Kremenek unsigned count) { 1139f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan QualType T = expr->getType(); 1143b1df8bb941a18c4a7256d7cfcbccb9de7e39995Ted Kremenek return conjureSymbolVal(symbolTag, expr, LCtx, T, count); 115c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek} 116c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek 1173b1df8bb941a18c4a7256d7cfcbccb9de7e39995Ted KremenekDefinedOrUnknownSVal SValBuilder::conjureSymbolVal(const void *symbolTag, 1183b1df8bb941a18c4a7256d7cfcbccb9de7e39995Ted Kremenek const Expr *expr, 1193b1df8bb941a18c4a7256d7cfcbccb9de7e39995Ted Kremenek const LocationContext *LCtx, 1203b1df8bb941a18c4a7256d7cfcbccb9de7e39995Ted Kremenek QualType type, 1213b1df8bb941a18c4a7256d7cfcbccb9de7e39995Ted Kremenek unsigned count) { 1229f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan if (!SymbolManager::canSymbolicate(type)) 123c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek return UnknownVal(); 124c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek 1253b1df8bb941a18c4a7256d7cfcbccb9de7e39995Ted Kremenek SymbolRef sym = SymMgr.conjureSymbol(expr, LCtx, type, count, symbolTag); 126c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek 1279f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan if (Loc::isLocType(type)) 128c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek return loc::MemRegionVal(MemMgr.getSymbolicRegion(sym)); 129c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek 130c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek return nonloc::SymbolVal(sym); 131c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek} 132c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek 133337e4dbc6859589b8878146a88bebf754e916702Ted Kremenek 1343b1df8bb941a18c4a7256d7cfcbccb9de7e39995Ted KremenekDefinedOrUnknownSVal SValBuilder::conjureSymbolVal(const Stmt *stmt, 1353b1df8bb941a18c4a7256d7cfcbccb9de7e39995Ted Kremenek const LocationContext *LCtx, 1363b1df8bb941a18c4a7256d7cfcbccb9de7e39995Ted Kremenek QualType type, 1373b1df8bb941a18c4a7256d7cfcbccb9de7e39995Ted Kremenek unsigned visitCount) { 138337e4dbc6859589b8878146a88bebf754e916702Ted Kremenek if (!SymbolManager::canSymbolicate(type)) 139337e4dbc6859589b8878146a88bebf754e916702Ted Kremenek return UnknownVal(); 140337e4dbc6859589b8878146a88bebf754e916702Ted Kremenek 1413b1df8bb941a18c4a7256d7cfcbccb9de7e39995Ted Kremenek SymbolRef sym = SymMgr.conjureSymbol(stmt, LCtx, type, visitCount); 142337e4dbc6859589b8878146a88bebf754e916702Ted Kremenek 143337e4dbc6859589b8878146a88bebf754e916702Ted Kremenek if (Loc::isLocType(type)) 144337e4dbc6859589b8878146a88bebf754e916702Ted Kremenek return loc::MemRegionVal(MemMgr.getSymbolicRegion(sym)); 145337e4dbc6859589b8878146a88bebf754e916702Ted Kremenek 146337e4dbc6859589b8878146a88bebf754e916702Ted Kremenek return nonloc::SymbolVal(sym); 147337e4dbc6859589b8878146a88bebf754e916702Ted Kremenek} 148337e4dbc6859589b8878146a88bebf754e916702Ted Kremenek 149e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna ZaksDefinedOrUnknownSVal 150e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna ZaksSValBuilder::getConjuredHeapSymbolVal(const Expr *E, 151e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks const LocationContext *LCtx, 152e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks unsigned VisitCount) { 153e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks QualType T = E->getType(); 154e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks assert(Loc::isLocType(T)); 155e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks assert(SymbolManager::canSymbolicate(T)); 156e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks 1573b1df8bb941a18c4a7256d7cfcbccb9de7e39995Ted Kremenek SymbolRef sym = SymMgr.conjureSymbol(E, LCtx, T, VisitCount); 158e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks return loc::MemRegionVal(MemMgr.getSymbolicHeapRegion(sym)); 159e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks} 160e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks 1619f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong WanDefinedSVal SValBuilder::getMetadataSymbolVal(const void *symbolTag, 1629f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan const MemRegion *region, 1639f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan const Expr *expr, QualType type, 1649f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan unsigned count) { 1659f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan assert(SymbolManager::canSymbolicate(type) && "Invalid metadata symbol type"); 166c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek 1679f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan SymbolRef sym = 1689f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan SymMgr.getMetadataSymbol(region, expr, type, count, symbolTag); 169c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek 1709f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan if (Loc::isLocType(type)) 171c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek return loc::MemRegionVal(MemMgr.getSymbolicRegion(sym)); 172c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek 173c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek return nonloc::SymbolVal(sym); 174c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek} 175c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek 176c8413fd03f73084a5c93028f8b4db619fc388087Ted KremenekDefinedOrUnknownSVal 177c8413fd03f73084a5c93028f8b4db619fc388087Ted KremenekSValBuilder::getDerivedRegionValueSymbolVal(SymbolRef parentSymbol, 1789697934650354bed2e509d8e7e44f21a1fb00f76Ted Kremenek const TypedValueRegion *region) { 1799f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan QualType T = region->getValueType(); 180c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek 181c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek if (!SymbolManager::canSymbolicate(T)) 182c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek return UnknownVal(); 183c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek 1849f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan SymbolRef sym = SymMgr.getDerivedSymbol(parentSymbol, region); 185c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek 1867dfc9420babe83e236a47e752f8723bd06070d9dZhanyong Wan if (Loc::isLocType(T)) 187c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek return loc::MemRegionVal(MemMgr.getSymbolicRegion(sym)); 188c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek 189c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek return nonloc::SymbolVal(sym); 190c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek} 191c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek 1929c378f705405d37f49795d5e915989de774fe11fTed KremenekDefinedSVal SValBuilder::getFunctionPointer(const FunctionDecl *func) { 1939f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan return loc::MemRegionVal(MemMgr.getFunctionTextRegion(func)); 194c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek} 195c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek 1969f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong WanDefinedSVal SValBuilder::getBlockPointer(const BlockDecl *block, 1979f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan CanQualType locTy, 1989f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan const LocationContext *locContext) { 199c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek const BlockTextRegion *BC = 2001d26f48dc2eea1c07431ca1519d7034a21b9bcffTed Kremenek MemMgr.getBlockTextRegion(block, locTy, locContext->getAnalysisDeclContext()); 2019f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan const BlockDataRegion *BD = MemMgr.getBlockDataRegion(BC, locContext); 202c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek return loc::MemRegionVal(BD); 203c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek} 204c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek 20510f77ad7fc5e5cf3f37a9b14ff5843468b8b84d2Ted Kremenek/// Return a memory region for the 'this' object reference. 20610f77ad7fc5e5cf3f37a9b14ff5843468b8b84d2Ted Kremenekloc::MemRegionVal SValBuilder::getCXXThis(const CXXMethodDecl *D, 20710f77ad7fc5e5cf3f37a9b14ff5843468b8b84d2Ted Kremenek const StackFrameContext *SFC) { 20810f77ad7fc5e5cf3f37a9b14ff5843468b8b84d2Ted Kremenek return loc::MemRegionVal(getRegionManager(). 20910f77ad7fc5e5cf3f37a9b14ff5843468b8b84d2Ted Kremenek getCXXThisRegion(D->getThisType(getContext()), SFC)); 21010f77ad7fc5e5cf3f37a9b14ff5843468b8b84d2Ted Kremenek} 21110f77ad7fc5e5cf3f37a9b14ff5843468b8b84d2Ted Kremenek 21210f77ad7fc5e5cf3f37a9b14ff5843468b8b84d2Ted Kremenek/// Return a memory region for the 'this' object reference. 21310f77ad7fc5e5cf3f37a9b14ff5843468b8b84d2Ted Kremenekloc::MemRegionVal SValBuilder::getCXXThis(const CXXRecordDecl *D, 21410f77ad7fc5e5cf3f37a9b14ff5843468b8b84d2Ted Kremenek const StackFrameContext *SFC) { 21510f77ad7fc5e5cf3f37a9b14ff5843468b8b84d2Ted Kremenek const Type *T = D->getTypeForDecl(); 21610f77ad7fc5e5cf3f37a9b14ff5843468b8b84d2Ted Kremenek QualType PT = getContext().getPointerType(QualType(T, 0)); 21710f77ad7fc5e5cf3f37a9b14ff5843468b8b84d2Ted Kremenek return loc::MemRegionVal(getRegionManager().getCXXThisRegion(PT, SFC)); 21810f77ad7fc5e5cf3f37a9b14ff5843468b8b84d2Ted Kremenek} 21910f77ad7fc5e5cf3f37a9b14ff5843468b8b84d2Ted Kremenek 220c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek//===----------------------------------------------------------------------===// 221ff4264dae31cf42807b64ecc114906b0b835690aTed Kremenek 222e2241cbb0455a60ba27d6c4b9d601ffef3ed103fAnna ZaksSVal SValBuilder::makeSymExprValNN(ProgramStateRef State, 2232a6e30d9ec947e26df55b4ea4eb5b583bb85ee96Anna Zaks BinaryOperator::Opcode Op, 2242a6e30d9ec947e26df55b4ea4eb5b583bb85ee96Anna Zaks NonLoc LHS, NonLoc RHS, 2252a6e30d9ec947e26df55b4ea4eb5b583bb85ee96Anna Zaks QualType ResultTy) { 22631595e22b7e0d21b0b7c4c4fb196e97d3edc2a08Anna Zaks if (!State->isTainted(RHS) && !State->isTainted(LHS)) 22731595e22b7e0d21b0b7c4c4fb196e97d3edc2a08Anna Zaks return UnknownVal(); 22831595e22b7e0d21b0b7c4c4fb196e97d3edc2a08Anna Zaks 2292a6e30d9ec947e26df55b4ea4eb5b583bb85ee96Anna Zaks const SymExpr *symLHS = LHS.getAsSymExpr(); 2302a6e30d9ec947e26df55b4ea4eb5b583bb85ee96Anna Zaks const SymExpr *symRHS = RHS.getAsSymExpr(); 231baeaa9ad120f60b1c5b6f1a84286b507dbe2b55dAnna Zaks // TODO: When the Max Complexity is reached, we should conjure a symbol 232baeaa9ad120f60b1c5b6f1a84286b507dbe2b55dAnna Zaks // instead of generating an Unknown value and propagate the taint info to it. 233baeaa9ad120f60b1c5b6f1a84286b507dbe2b55dAnna Zaks const unsigned MaxComp = 10000; // 100000 28X 234e2241cbb0455a60ba27d6c4b9d601ffef3ed103fAnna Zaks 235baeaa9ad120f60b1c5b6f1a84286b507dbe2b55dAnna Zaks if (symLHS && symRHS && 236baeaa9ad120f60b1c5b6f1a84286b507dbe2b55dAnna Zaks (symLHS->computeComplexity() + symRHS->computeComplexity()) < MaxComp) 2372a6e30d9ec947e26df55b4ea4eb5b583bb85ee96Anna Zaks return makeNonLoc(symLHS, Op, symRHS, ResultTy); 2382a6e30d9ec947e26df55b4ea4eb5b583bb85ee96Anna Zaks 239baeaa9ad120f60b1c5b6f1a84286b507dbe2b55dAnna Zaks if (symLHS && symLHS->computeComplexity() < MaxComp) 2402a6e30d9ec947e26df55b4ea4eb5b583bb85ee96Anna Zaks if (const nonloc::ConcreteInt *rInt = dyn_cast<nonloc::ConcreteInt>(&RHS)) 2412a6e30d9ec947e26df55b4ea4eb5b583bb85ee96Anna Zaks return makeNonLoc(symLHS, Op, rInt->getValue(), ResultTy); 242e2241cbb0455a60ba27d6c4b9d601ffef3ed103fAnna Zaks 243baeaa9ad120f60b1c5b6f1a84286b507dbe2b55dAnna Zaks if (symRHS && symRHS->computeComplexity() < MaxComp) 2442a6e30d9ec947e26df55b4ea4eb5b583bb85ee96Anna Zaks if (const nonloc::ConcreteInt *lInt = dyn_cast<nonloc::ConcreteInt>(&LHS)) 2452a6e30d9ec947e26df55b4ea4eb5b583bb85ee96Anna Zaks return makeNonLoc(lInt->getValue(), Op, symRHS, ResultTy); 2462a6e30d9ec947e26df55b4ea4eb5b583bb85ee96Anna Zaks 2472a6e30d9ec947e26df55b4ea4eb5b583bb85ee96Anna Zaks return UnknownVal(); 2480d339d06f8721d14befd6311bd306ac485772188Anna Zaks} 2490d339d06f8721d14befd6311bd306ac485772188Anna Zaks 2500d339d06f8721d14befd6311bd306ac485772188Anna Zaks 2518bef8238181a30e52dea380789a7e2d760eac532Ted KremenekSVal SValBuilder::evalBinOp(ProgramStateRef state, BinaryOperator::Opcode op, 2529f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan SVal lhs, SVal rhs, QualType type) { 253ff4264dae31cf42807b64ecc114906b0b835690aTed Kremenek 2549f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan if (lhs.isUndef() || rhs.isUndef()) 255ff4264dae31cf42807b64ecc114906b0b835690aTed Kremenek return UndefinedVal(); 2561eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 2579f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan if (lhs.isUnknown() || rhs.isUnknown()) 258ff4264dae31cf42807b64ecc114906b0b835690aTed Kremenek return UnknownVal(); 2591eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 2609f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan if (isa<Loc>(lhs)) { 2619f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan if (isa<Loc>(rhs)) 2629f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan return evalBinOpLL(state, op, cast<Loc>(lhs), cast<Loc>(rhs), type); 263ff4264dae31cf42807b64ecc114906b0b835690aTed Kremenek 2649f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan return evalBinOpLN(state, op, cast<Loc>(lhs), cast<NonLoc>(rhs), type); 265ff4264dae31cf42807b64ecc114906b0b835690aTed Kremenek } 2661eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 2679f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan if (isa<Loc>(rhs)) { 268eac4a00e1d93aa963903031ed76425c231f0f0b9Jordy Rose // Support pointer arithmetic where the addend is on the left 269eac4a00e1d93aa963903031ed76425c231f0f0b9Jordy Rose // and the pointer on the right. 2709f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan assert(op == BO_Add); 2711eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 272ff4264dae31cf42807b64ecc114906b0b835690aTed Kremenek // Commute the operands. 2739f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan return evalBinOpLN(state, op, cast<Loc>(rhs), cast<NonLoc>(lhs), type); 274ff4264dae31cf42807b64ecc114906b0b835690aTed Kremenek } 275ff4264dae31cf42807b64ecc114906b0b835690aTed Kremenek 2769f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan return evalBinOpNN(state, op, cast<NonLoc>(lhs), cast<NonLoc>(rhs), type); 277ff4264dae31cf42807b64ecc114906b0b835690aTed Kremenek} 278ff4264dae31cf42807b64ecc114906b0b835690aTed Kremenek 2798bef8238181a30e52dea380789a7e2d760eac532Ted KremenekDefinedOrUnknownSVal SValBuilder::evalEQ(ProgramStateRef state, 2809f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan DefinedOrUnknownSVal lhs, 2819f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan DefinedOrUnknownSVal rhs) { 2829f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan return cast<DefinedOrUnknownSVal>(evalBinOp(state, BO_EQ, lhs, rhs, 283c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek Context.IntTy)); 2845b9bd2137ebef350af803c634e3fdf5d74678100Ted Kremenek} 2855b9bd2137ebef350af803c634e3fdf5d74678100Ted Kremenek 286b71d1570417d81de7b064ad788bea690e2c89111Anna Zaks/// Recursively check if the pointer types are equal modulo const, volatile, 287b71d1570417d81de7b064ad788bea690e2c89111Anna Zaks/// and restrict qualifiers. Assumes the input types are canonical. 288b71d1570417d81de7b064ad788bea690e2c89111Anna Zaks/// TODO: This is based off of code in SemaCast; can we reuse it. 289b71d1570417d81de7b064ad788bea690e2c89111Anna Zaksstatic bool haveSimilarTypes(ASTContext &Context, QualType T1, 290b71d1570417d81de7b064ad788bea690e2c89111Anna Zaks QualType T2) { 291b71d1570417d81de7b064ad788bea690e2c89111Anna Zaks while (Context.UnwrapSimilarPointerTypes(T1, T2)) { 292b71d1570417d81de7b064ad788bea690e2c89111Anna Zaks Qualifiers Quals1, Quals2; 293b71d1570417d81de7b064ad788bea690e2c89111Anna Zaks T1 = Context.getUnqualifiedArrayType(T1, Quals1); 294b71d1570417d81de7b064ad788bea690e2c89111Anna Zaks T2 = Context.getUnqualifiedArrayType(T2, Quals2); 295b71d1570417d81de7b064ad788bea690e2c89111Anna Zaks 296b71d1570417d81de7b064ad788bea690e2c89111Anna Zaks // Make sure that non cvr-qualifiers the other qualifiers (e.g., address 297b71d1570417d81de7b064ad788bea690e2c89111Anna Zaks // spaces) are identical. 298b71d1570417d81de7b064ad788bea690e2c89111Anna Zaks Quals1.removeCVRQualifiers(); 299b71d1570417d81de7b064ad788bea690e2c89111Anna Zaks Quals2.removeCVRQualifiers(); 300b71d1570417d81de7b064ad788bea690e2c89111Anna Zaks if (Quals1 != Quals2) 301b71d1570417d81de7b064ad788bea690e2c89111Anna Zaks return false; 302b71d1570417d81de7b064ad788bea690e2c89111Anna Zaks } 303b71d1570417d81de7b064ad788bea690e2c89111Anna Zaks 304b71d1570417d81de7b064ad788bea690e2c89111Anna Zaks if (T1 != T2) 305b71d1570417d81de7b064ad788bea690e2c89111Anna Zaks return false; 306b71d1570417d81de7b064ad788bea690e2c89111Anna Zaks 307b71d1570417d81de7b064ad788bea690e2c89111Anna Zaks return true; 308b71d1570417d81de7b064ad788bea690e2c89111Anna Zaks} 309b71d1570417d81de7b064ad788bea690e2c89111Anna Zaks 310dc1ad2ce2acbf9d99061a40980c83715ad39f0f0Zhongxing Xu// FIXME: should rewrite according to the cast kind. 3119c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed KremenekSVal SValBuilder::evalCast(SVal val, QualType castTy, QualType originalTy) { 312b71d1570417d81de7b064ad788bea690e2c89111Anna Zaks castTy = Context.getCanonicalType(castTy); 313b71d1570417d81de7b064ad788bea690e2c89111Anna Zaks originalTy = Context.getCanonicalType(originalTy); 31432c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek if (val.isUnknownOrUndef() || castTy == originalTy) 315814e6b915450456eb2a1ba15d82fc7f8ae3bc8a6Zhongxing Xu return val; 3161eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 31732c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek // For const casts, just propagate the value. 3185ea95fc163e9fb4fd7506b6a0c26decd67022943Zhongxing Xu if (!castTy->isVariableArrayType() && !originalTy->isVariableArrayType()) 319b71d1570417d81de7b064ad788bea690e2c89111Anna Zaks if (haveSimilarTypes(Context, Context.getPointerType(castTy), 320b71d1570417d81de7b064ad788bea690e2c89111Anna Zaks Context.getPointerType(originalTy))) 321814e6b915450456eb2a1ba15d82fc7f8ae3bc8a6Zhongxing Xu return val; 322f68170481d4c36e1e930ee9a3bce58e2ae5a95cbTed Kremenek 32332c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek // Check for casts from pointers to integers. 3247dfc9420babe83e236a47e752f8723bd06070d9dZhanyong Wan if (castTy->isIntegerType() && Loc::isLocType(originalTy)) 3259f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan return evalCastFromLoc(cast<Loc>(val), castTy); 3261eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 32732c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek // Check for casts from integers to pointers. 3287dfc9420babe83e236a47e752f8723bd06070d9dZhanyong Wan if (Loc::isLocType(castTy) && originalTy->isIntegerType()) { 32932c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek if (nonloc::LocAsInteger *LV = dyn_cast<nonloc::LocAsInteger>(&val)) { 3305bbc8e76408af22a0c706a4199c684bf5f5a5cb3Ted Kremenek if (const MemRegion *R = LV->getLoc().getAsRegion()) { 331c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek StoreManager &storeMgr = StateMgr.getStoreManager(); 3322534528c22260211a073e192c38d0db84c70c327Ted Kremenek R = storeMgr.castRegion(R, castTy); 333814e6b915450456eb2a1ba15d82fc7f8ae3bc8a6Zhongxing Xu return R ? SVal(loc::MemRegionVal(R)) : UnknownVal(); 3345bbc8e76408af22a0c706a4199c684bf5f5a5cb3Ted Kremenek } 335814e6b915450456eb2a1ba15d82fc7f8ae3bc8a6Zhongxing Xu return LV->getLoc(); 33632c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek } 337aace9ef279be3dadd53b481aee568bd7701178b4Anna Zaks return dispatchCast(val, castTy); 33832c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek } 3391eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 34032c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek // Just pass through function and block pointers. 34132c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek if (originalTy->isBlockPointerType() || originalTy->isFunctionPointerType()) { 3427dfc9420babe83e236a47e752f8723bd06070d9dZhanyong Wan assert(Loc::isLocType(castTy)); 343814e6b915450456eb2a1ba15d82fc7f8ae3bc8a6Zhongxing Xu return val; 34432c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek } 3451eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 34632c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek // Check for casts from array type to another type. 34732c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek if (originalTy->isArrayType()) { 34832c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek // We will always decay to a pointer. 349c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek val = StateMgr.ArrayToPointer(cast<Loc>(val)); 3501eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 35132c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek // Are we casting from an array to a pointer? If so just pass on 35232c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek // the decayed value. 35317eb65f1bfcc33d2a9ecefe32368cb374155dbdcAnna Zaks if (castTy->isPointerType() || castTy->isReferenceType()) 354814e6b915450456eb2a1ba15d82fc7f8ae3bc8a6Zhongxing Xu return val; 3551eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 35632c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek // Are we casting from an array to an integer? If so, cast the decayed 35732c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek // pointer value to an integer. 35832c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek assert(castTy->isIntegerType()); 3591eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 36032c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek // FIXME: Keep these here for now in case we decide soon that we 36132c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek // need the original decayed type. 36232c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek // QualType elemTy = cast<ArrayType>(originalTy)->getElementType(); 36332c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek // QualType pointerTy = C.getPointerType(elemTy); 3649f8862aa64300ef97b8fe85034ee93bbc03e3b7bZhanyong Wan return evalCastFromLoc(cast<Loc>(val), castTy); 36532c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek } 3661eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 36732c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek // Check for casts from a region to a specific type. 36832c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek if (const MemRegion *R = val.getAsRegion()) { 369140d0c64417e2fb5fc4dd40ce0d46b037ac11b02Ted Kremenek // Handle other casts of locations to integers. 370140d0c64417e2fb5fc4dd40ce0d46b037ac11b02Ted Kremenek if (castTy->isIntegerType()) 371140d0c64417e2fb5fc4dd40ce0d46b037ac11b02Ted Kremenek return evalCastFromLoc(loc::MemRegionVal(R), castTy); 372140d0c64417e2fb5fc4dd40ce0d46b037ac11b02Ted Kremenek 37332c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek // FIXME: We should handle the case where we strip off view layers to get 37432c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek // to a desugared type. 3757dfc9420babe83e236a47e752f8723bd06070d9dZhanyong Wan if (!Loc::isLocType(castTy)) { 376948163b4986dfb5060c0dbd2e5910431640e56d1Ted Kremenek // FIXME: There can be gross cases where one casts the result of a function 377948163b4986dfb5060c0dbd2e5910431640e56d1Ted Kremenek // (that returns a pointer) to some other value that happens to fit 378948163b4986dfb5060c0dbd2e5910431640e56d1Ted Kremenek // within that pointer value. We currently have no good way to 379948163b4986dfb5060c0dbd2e5910431640e56d1Ted Kremenek // model such operations. When this happens, the underlying operation 380948163b4986dfb5060c0dbd2e5910431640e56d1Ted Kremenek // is that the caller is reasoning about bits. Conceptually we are 381948163b4986dfb5060c0dbd2e5910431640e56d1Ted Kremenek // layering a "view" of a location on top of those bits. Perhaps 382948163b4986dfb5060c0dbd2e5910431640e56d1Ted Kremenek // we need to be more lazy about mutual possible views, even on an 383948163b4986dfb5060c0dbd2e5910431640e56d1Ted Kremenek // SVal? This may be necessary for bit-level reasoning as well. 384948163b4986dfb5060c0dbd2e5910431640e56d1Ted Kremenek return UnknownVal(); 385948163b4986dfb5060c0dbd2e5910431640e56d1Ted Kremenek } 386948163b4986dfb5060c0dbd2e5910431640e56d1Ted Kremenek 38732c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek // We get a symbolic function pointer for a dereference of a function 38832c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek // pointer, but it is of function type. Example: 3891eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 39032c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek // struct FPRec { 3911eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump // void (*my_func)(int * x); 39232c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek // }; 39332c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek // 39432c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek // int bar(int x); 39532c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek // 39632c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek // int f1_a(struct FPRec* foo) { 39732c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek // int x; 39832c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek // (*foo->my_func)(&x); 39932c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek // return bar(x)+1; // no-warning 40032c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek // } 4011eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 4027dfc9420babe83e236a47e752f8723bd06070d9dZhanyong Wan assert(Loc::isLocType(originalTy) || originalTy->isFunctionType() || 403b14175a5371a6c71f3b2dbe4e7aa14803ac38c54Argyrios Kyrtzidis originalTy->isBlockPointerType() || castTy->isReferenceType()); 4041eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 405c8413fd03f73084a5c93028f8b4db619fc388087Ted Kremenek StoreManager &storeMgr = StateMgr.getStoreManager(); 4061eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 40709270cc1b9cdd4c50012cb7984df8745e05833e5Zhongxing Xu // Delegate to store manager to get the result of casting a region to a 40809270cc1b9cdd4c50012cb7984df8745e05833e5Zhongxing Xu // different type. If the MemRegion* returned is NULL, this expression 4099c14953d0c84f7cf5adfb4cd3c0f05a9b1723c1cTed Kremenek // Evaluates to UnknownVal. 4102534528c22260211a073e192c38d0db84c70c327Ted Kremenek R = storeMgr.castRegion(R, castTy); 411814e6b915450456eb2a1ba15d82fc7f8ae3bc8a6Zhongxing Xu return R ? SVal(loc::MemRegionVal(R)) : UnknownVal(); 41232c3fa4195762ba93f0b7114ab36c0941bc34432Ted Kremenek } 4131eb4433ac451dc16f4133a88af2d002ac26c58efMike Stump 414aace9ef279be3dadd53b481aee568bd7701178b4Anna Zaks return dispatchCast(val, castTy); 4155b9bd2137ebef350af803c634e3fdf5d74678100Ted Kremenek} 416