================
@@ -392,19 +393,26 @@ void DynamicTypePropagation::checkPostCall(const
CallEvent &Call,
}
}
-/// TODO: Handle explicit casts.
-/// Handle C++ casts.
-///
-/// Precondition: the cast is between ObjCObjectPointers.
ExplodedNode *DynamicTypePropagation::dynamicTypePropagationOnCasts(
const CastExpr *CE, ProgramStateRef &State, CheckerContext &C) const {
// We only track type info for regions.
const MemRegion *ToR = C.getSVal(CE).getAsRegion();
if (!ToR)
return C.getPredecessor();
- if (isa<ExplicitCastExpr>(CE))
+ if (CE->getCastKind() == CK_BaseToDerived) {
+ bool CastSucceeds = true;
----------------
steakhal wrote:
Indeed, it would make sense.
It's not currently the behavior, and I think this [TODO comment
](https://github.com/llvm/llvm-project/blob/main/clang/lib/StaticAnalyzer/Checkers/CastValueChecker.cpp#L11-L15)
might relate to this subject.
```C++
// From CastValueChecker.cpp:
// TODO list:
// - It only allows one succesful cast between two types however in the wild
// the object could be casted to multiple types.
// - It needs to check the most likely type information from the dynamic type
// map to increase precision of dynamic casting.
```
I haven't looked at the details of the dynamic type tracking either, but it
feels like my patch makes one baby step to the right direction. I added a test
demonstrating the same issue using that checker to confirm that it also
mishandles this case.
However, one important differentiating factor is that such mishandling could
happen much more frequently after this patch; on the other hand, fixing this at
a wider scope (including DynamicTypePropagation, CastValueChecker, and how they
interact with call inlining) would be a considerable amount of work.
IDK. Maybe @haoNoQ has opinions, given he was probably there when both of these
classes were developed.
https://github.com/llvm/llvm-project/pull/69057
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
