================
@@ -392,19 +393,26 @@ void DynamicTypePropagation::checkPostCall(const
CallEvent &Call,
}
}
-/// TODO: Handle explicit casts.
-/// Handle C++ casts.
-///
-/// Precondition: the cast is between ObjCObjectPointers.
ExplodedNode *DynamicTypePropagation::dynamicTypePropagationOnCasts(
const CastExpr *CE, ProgramStateRef &State, CheckerContext &C) const {
// We only track type info for regions.
const MemRegion *ToR = C.getSVal(CE).getAsRegion();
if (!ToR)
return C.getPredecessor();
- if (isa<ExplicitCastExpr>(CE))
+ if (CE->getCastKind() == CK_BaseToDerived) {
+ bool CastSucceeds = true;
----------------
haoNoQ wrote:
Yeah looks like `setDynamicTypeAndCastInfo()` is a very low-level primitive
that blindly sets the state to whatever you think it should be. Judging by
CastValueChecker's `addCastTransition()`, the caller is supposed to fully
figure out whether the cast succeeds, judging by the rest of the dynamic type
map state, the static types in the AST and in regions, and the nature of the
cast, and there's no reusable utility provided for that.
In our case this means that if we know the cast fails (eg., the dynamic type is
already incompatible, or a similar cast has failed on the same object
previously), we should probably sink the analysis. (Ideally we'd emit a warning
about it.) I'm not sure how urgent such improvement is, but it's quite likely
that lack of support for failed casts may leave the cast maps in an
inconsistent state which would produce more weird issues later in the analysis.
https://github.com/llvm/llvm-project/pull/69057
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
