Static analyzer: Don't crash when casting a symbolic region address to a float. Fixes PR 6854.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@101499 91177308-0d34-0410-b5e6-96231b3b80d8

lib/Checker/SimpleSValuator.cpp

@@ -113,16 +113,22 @@ SVal SimpleSValuator::EvalCastL(Loc val, QualType castTy) {
   if (castTy->isUnionType())
     return UnknownVal();
 
-  assert(castTy->isIntegerType());
-  unsigned BitWidth = ValMgr.getContext().getTypeSize(castTy);
+  if (castTy->isIntegerType()) {
+    unsigned BitWidth = ValMgr.getContext().getTypeSize(castTy);
 
-  if (!isa<loc::ConcreteInt>(val))
-    return ValMgr.makeLocAsInteger(val, BitWidth);
+    if (!isa<loc::ConcreteInt>(val))
+      return ValMgr.makeLocAsInteger(val, BitWidth);
 
-  llvm::APSInt i = cast<loc::ConcreteInt>(val).getValue();
-  i.setIsUnsigned(castTy->isUnsignedIntegerType() || Loc::IsLocType(castTy));
-  i.extOrTrunc(BitWidth);
-  return ValMgr.makeIntVal(i);
+    llvm::APSInt i = cast<loc::ConcreteInt>(val).getValue();
+    i.setIsUnsigned(castTy->isUnsignedIntegerType() || Loc::IsLocType(castTy));
+    i.extOrTrunc(BitWidth);
+    return ValMgr.makeIntVal(i);
+  }
+
+  // All other cases: return 'UnknownVal'.  This includes casting pointers
+  // to floats, which is probably badness it itself, but this is a good
+  // intermediate solution until we do something better.
+  return UnknownVal();
 }
 
 //===----------------------------------------------------------------------===//

test/Analysis/misc-ps-region-store.m

@@ -1004,3 +1004,13 @@ void map(int srcID, ...) {
   }
 }
 
+// PR 6854 - crash when casting symbolic memory address to a float
+// Handle casting from a symbolic region to a 'float'.  This isn't
+// really all that intelligent, but previously this caused a crash
+// in SimpleSValuator.
+void pr6854(void * arg) {
+  void * a = arg;
+  *(void**)a = arg;
+  float f = *(float*) a;
+}
+