1 //=-- ExprEngineC.cpp - ExprEngine support for C expressions ----*- C++ -*-===//
3 // The LLVM Compiler Infrastructure
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
8 //===----------------------------------------------------------------------===//
10 // This file defines ExprEngine's support for C expressions.
12 //===----------------------------------------------------------------------===//
14 #include "clang/StaticAnalyzer/Core/CheckerManager.h"
15 #include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h"
16 #include "clang/Analysis/Support/SaveAndRestore.h"
18 using namespace clang;
22 void ExprEngine::VisitBinaryOperator(const BinaryOperator* B,
24 ExplodedNodeSet &Dst) {
26 Expr *LHS = B->getLHS()->IgnoreParens();
27 Expr *RHS = B->getRHS()->IgnoreParens();
29 // FIXME: Prechecks eventually go in ::Visit().
30 ExplodedNodeSet CheckedSet;
32 getCheckerManager().runCheckersForPreStmt(CheckedSet, Pred, B, *this);
34 // With both the LHS and RHS evaluated, process the operation itself.
35 for (ExplodedNodeSet::iterator it=CheckedSet.begin(), ei=CheckedSet.end();
38 const ProgramState *state = (*it)->getState();
39 SVal LeftV = state->getSVal(LHS);
40 SVal RightV = state->getSVal(RHS);
42 BinaryOperator::Opcode Op = B->getOpcode();
44 if (Op == BO_Assign) {
45 // EXPERIMENTAL: "Conjured" symbols.
46 // FIXME: Handle structs.
47 if (RightV.isUnknown() ||
48 !getConstraintManager().canReasonAbout(RightV)) {
49 unsigned Count = Builder->getCurrentBlockCount();
50 RightV = svalBuilder.getConjuredSymbolVal(NULL, B->getRHS(), Count);
52 // Simulate the effects of a "store": bind the value of the RHS
53 // to the L-Value represented by the LHS.
54 SVal ExprVal = B->isLValue() ? LeftV : RightV;
55 evalStore(Tmp2, B, LHS, *it, state->BindExpr(B, ExprVal), LeftV, RightV);
59 if (!B->isAssignmentOp()) {
60 // Process non-assignments except commas or short-circuited
61 // logical expressions (LAnd and LOr).
62 SVal Result = evalBinOp(state, Op, LeftV, RightV, B->getType());
63 if (Result.isUnknown()) {
64 MakeNode(Tmp2, B, *it, state);
68 state = state->BindExpr(B, Result);
69 MakeNode(Tmp2, B, *it, state);
73 assert (B->isCompoundAssignmentOp());
77 llvm_unreachable("Invalid opcode for compound assignment.");
78 case BO_MulAssign: Op = BO_Mul; break;
79 case BO_DivAssign: Op = BO_Div; break;
80 case BO_RemAssign: Op = BO_Rem; break;
81 case BO_AddAssign: Op = BO_Add; break;
82 case BO_SubAssign: Op = BO_Sub; break;
83 case BO_ShlAssign: Op = BO_Shl; break;
84 case BO_ShrAssign: Op = BO_Shr; break;
85 case BO_AndAssign: Op = BO_And; break;
86 case BO_XorAssign: Op = BO_Xor; break;
87 case BO_OrAssign: Op = BO_Or; break;
90 // Perform a load (the LHS). This performs the checks for
91 // null dereferences, and so on.
93 SVal location = LeftV;
94 evalLoad(Tmp, LHS, *it, state, location);
96 for (ExplodedNodeSet::iterator I = Tmp.begin(), E = Tmp.end(); I != E;
99 state = (*I)->getState();
100 SVal V = state->getSVal(LHS);
102 // Get the computation type.
104 cast<CompoundAssignOperator>(B)->getComputationResultType();
105 CTy = getContext().getCanonicalType(CTy);
108 cast<CompoundAssignOperator>(B)->getComputationLHSType();
109 CLHSTy = getContext().getCanonicalType(CLHSTy);
111 QualType LTy = getContext().getCanonicalType(LHS->getType());
114 V = svalBuilder.evalCast(V, CLHSTy, LTy);
116 // Compute the result of the operation.
117 SVal Result = svalBuilder.evalCast(evalBinOp(state, Op, V, RightV, CTy),
120 // EXPERIMENTAL: "Conjured" symbols.
121 // FIXME: Handle structs.
125 if (Result.isUnknown() ||
126 !getConstraintManager().canReasonAbout(Result)) {
128 unsigned Count = Builder->getCurrentBlockCount();
130 // The symbolic value is actually for the type of the left-hand side
131 // expression, not the computation type, as this is the value the
132 // LValue on the LHS will bind to.
133 LHSVal = svalBuilder.getConjuredSymbolVal(NULL, B->getRHS(), LTy,
136 // However, we need to convert the symbol to the computation type.
137 Result = svalBuilder.evalCast(LHSVal, CTy, LTy);
140 // The left-hand side may bind to a different value then the
142 LHSVal = svalBuilder.evalCast(Result, LTy, CTy);
145 // In C++, assignment and compound assignment operators return an
148 state = state->BindExpr(B, location);
150 state = state->BindExpr(B, Result);
152 evalStore(Tmp2, B, LHS, *I, state, location, LHSVal);
156 // FIXME: postvisits eventually go in ::Visit()
157 getCheckerManager().runCheckersForPostStmt(Dst, Tmp2, B, *this);
160 void ExprEngine::VisitBlockExpr(const BlockExpr *BE, ExplodedNode *Pred,
161 ExplodedNodeSet &Dst) {
163 CanQualType T = getContext().getCanonicalType(BE->getType());
164 SVal V = svalBuilder.getBlockPointer(BE->getBlockDecl(), T,
165 Pred->getLocationContext());
168 MakeNode(Tmp, BE, Pred, Pred->getState()->BindExpr(BE, V),
169 ProgramPoint::PostLValueKind);
171 // FIXME: Move all post/pre visits to ::Visit().
172 getCheckerManager().runCheckersForPostStmt(Dst, Tmp, BE, *this);
175 void ExprEngine::VisitCast(const CastExpr *CastE, const Expr *Ex,
176 ExplodedNode *Pred, ExplodedNodeSet &Dst) {
178 ExplodedNodeSet dstPreStmt;
179 getCheckerManager().runCheckersForPreStmt(dstPreStmt, Pred, CastE, *this);
181 if (CastE->getCastKind() == CK_LValueToRValue ||
182 CastE->getCastKind() == CK_GetObjCProperty) {
183 for (ExplodedNodeSet::iterator I = dstPreStmt.begin(), E = dstPreStmt.end();
185 ExplodedNode *subExprNode = *I;
186 const ProgramState *state = subExprNode->getState();
187 evalLoad(Dst, CastE, subExprNode, state, state->getSVal(Ex));
193 QualType T = CastE->getType();
194 QualType ExTy = Ex->getType();
196 if (const ExplicitCastExpr *ExCast=dyn_cast_or_null<ExplicitCastExpr>(CastE))
197 T = ExCast->getTypeAsWritten();
199 for (ExplodedNodeSet::iterator I = dstPreStmt.begin(), E = dstPreStmt.end();
204 switch (CastE->getCastKind()) {
205 case CK_LValueToRValue:
206 llvm_unreachable("LValueToRValue casts handled earlier.");
207 case CK_GetObjCProperty:
208 llvm_unreachable("GetObjCProperty casts handled earlier.");
212 // The analyzer doesn't do anything special with these casts,
213 // since it understands retain/release semantics already.
214 case CK_ARCProduceObject:
215 case CK_ARCConsumeObject:
216 case CK_ARCReclaimReturnedObject:
217 case CK_ARCExtendBlockObject: // Fall-through.
220 case CK_FunctionToPointerDecay: {
221 // Copy the SVal of Ex to CastE.
222 const ProgramState *state = Pred->getState();
223 SVal V = state->getSVal(Ex);
224 state = state->BindExpr(CastE, V);
225 MakeNode(Dst, CastE, Pred, state);
229 case CK_ArrayToPointerDecay:
231 case CK_LValueBitCast:
232 case CK_IntegralCast:
233 case CK_NullToPointer:
234 case CK_IntegralToPointer:
235 case CK_PointerToIntegral:
236 case CK_PointerToBoolean:
237 case CK_IntegralToBoolean:
238 case CK_IntegralToFloating:
239 case CK_FloatingToIntegral:
240 case CK_FloatingToBoolean:
241 case CK_FloatingCast:
242 case CK_FloatingRealToComplex:
243 case CK_FloatingComplexToReal:
244 case CK_FloatingComplexToBoolean:
245 case CK_FloatingComplexCast:
246 case CK_FloatingComplexToIntegralComplex:
247 case CK_IntegralRealToComplex:
248 case CK_IntegralComplexToReal:
249 case CK_IntegralComplexToBoolean:
250 case CK_IntegralComplexCast:
251 case CK_IntegralComplexToFloatingComplex:
252 case CK_CPointerToObjCPointerCast:
253 case CK_BlockPointerToObjCPointerCast:
254 case CK_AnyPointerToBlockPointerCast:
255 case CK_ObjCObjectLValueCast: {
256 // Delegate to SValBuilder to process.
257 const ProgramState *state = Pred->getState();
258 SVal V = state->getSVal(Ex);
259 V = svalBuilder.evalCast(V, T, ExTy);
260 state = state->BindExpr(CastE, V);
261 MakeNode(Dst, CastE, Pred, state);
264 case CK_DerivedToBase:
265 case CK_UncheckedDerivedToBase: {
266 // For DerivedToBase cast, delegate to the store manager.
267 const ProgramState *state = Pred->getState();
268 SVal val = state->getSVal(Ex);
269 val = getStoreManager().evalDerivedToBase(val, T);
270 state = state->BindExpr(CastE, val);
271 MakeNode(Dst, CastE, Pred, state);
274 // Various C++ casts that are not handled yet.
277 case CK_BaseToDerived:
278 case CK_NullToMemberPointer:
279 case CK_BaseToDerivedMemberPointer:
280 case CK_DerivedToBaseMemberPointer:
281 case CK_UserDefinedConversion:
282 case CK_ConstructorConversion:
284 case CK_MemberPointerToBoolean: {
285 // Recover some path-sensitivty by conjuring a new value.
286 QualType resultType = CastE->getType();
287 if (CastE->isLValue())
288 resultType = getContext().getPointerType(resultType);
291 svalBuilder.getConjuredSymbolVal(NULL, CastE, resultType,
292 Builder->getCurrentBlockCount());
294 const ProgramState *state = Pred->getState()->BindExpr(CastE, result);
295 MakeNode(Dst, CastE, Pred, state);
302 void ExprEngine::VisitCompoundLiteralExpr(const CompoundLiteralExpr *CL,
304 ExplodedNodeSet &Dst) {
305 const InitListExpr *ILE
306 = cast<InitListExpr>(CL->getInitializer()->IgnoreParens());
308 const ProgramState *state = Pred->getState();
309 SVal ILV = state->getSVal(ILE);
310 const LocationContext *LC = Pred->getLocationContext();
311 state = state->bindCompoundLiteral(CL, LC, ILV);
314 MakeNode(Dst, CL, Pred, state->BindExpr(CL, state->getLValue(CL, LC)));
316 MakeNode(Dst, CL, Pred, state->BindExpr(CL, ILV));
319 void ExprEngine::VisitDeclStmt(const DeclStmt *DS, ExplodedNode *Pred,
320 ExplodedNodeSet &Dst) {
322 // FIXME: static variables may have an initializer, but the second
323 // time a function is called those values may not be current.
324 // This may need to be reflected in the CFG.
326 // Assumption: The CFG has one DeclStmt per Decl.
327 const Decl *D = *DS->decl_begin();
329 if (!D || !isa<VarDecl>(D))
332 // FIXME: all pre/post visits should eventually be handled by ::Visit().
333 ExplodedNodeSet dstPreVisit;
334 getCheckerManager().runCheckersForPreStmt(dstPreVisit, Pred, DS, *this);
336 const VarDecl *VD = dyn_cast<VarDecl>(D);
338 for (ExplodedNodeSet::iterator I = dstPreVisit.begin(), E = dstPreVisit.end();
340 ExplodedNode *N = *I;
341 const ProgramState *state = N->getState();
343 // Decls without InitExpr are not initialized explicitly.
344 const LocationContext *LC = N->getLocationContext();
346 if (const Expr *InitEx = VD->getInit()) {
347 SVal InitVal = state->getSVal(InitEx);
349 // We bound the temp obj region to the CXXConstructExpr. Now recover
350 // the lazy compound value when the variable is not a reference.
351 if (AMgr.getLangOptions().CPlusPlus && VD->getType()->isRecordType() &&
352 !VD->getType()->isReferenceType() && isa<loc::MemRegionVal>(InitVal)){
353 InitVal = state->getSVal(cast<loc::MemRegionVal>(InitVal).getRegion());
354 assert(isa<nonloc::LazyCompoundVal>(InitVal));
357 // Recover some path-sensitivity if a scalar value evaluated to
359 if ((InitVal.isUnknown() ||
360 !getConstraintManager().canReasonAbout(InitVal)) &&
361 !VD->getType()->isReferenceType()) {
362 InitVal = svalBuilder.getConjuredSymbolVal(NULL, InitEx,
363 Builder->getCurrentBlockCount());
366 evalBind(Dst, DS, N, state->getLValue(VD, LC), InitVal, true);
369 MakeNode(Dst, DS, N, state->bindDeclWithNoInit(state->getRegion(VD, LC)));
374 void ExprEngine::VisitLogicalExpr(const BinaryOperator* B, ExplodedNode *Pred,
375 ExplodedNodeSet &Dst) {
377 assert(B->getOpcode() == BO_LAnd ||
378 B->getOpcode() == BO_LOr);
380 const ProgramState *state = Pred->getState();
381 SVal X = state->getSVal(B);
384 const Expr *Ex = (const Expr*) cast<UndefinedVal>(X).getData();
387 if (Ex == B->getRHS()) {
388 X = state->getSVal(Ex);
390 // Handle undefined values.
392 MakeNode(Dst, B, Pred, state->BindExpr(B, X));
396 DefinedOrUnknownSVal XD = cast<DefinedOrUnknownSVal>(X);
398 // We took the RHS. Because the value of the '&&' or '||' expression must
399 // evaluate to 0 or 1, we must assume the value of the RHS evaluates to 0
400 // or 1. Alternatively, we could take a lazy approach, and calculate this
401 // value later when necessary. We don't have the machinery in place for
402 // this right now, and since most logical expressions are used for branches,
403 // the payoff is not likely to be large. Instead, we do eager evaluation.
404 if (const ProgramState *newState = state->assume(XD, true))
405 MakeNode(Dst, B, Pred,
406 newState->BindExpr(B, svalBuilder.makeIntVal(1U, B->getType())));
408 if (const ProgramState *newState = state->assume(XD, false))
409 MakeNode(Dst, B, Pred,
410 newState->BindExpr(B, svalBuilder.makeIntVal(0U, B->getType())));
413 // We took the LHS expression. Depending on whether we are '&&' or
414 // '||' we know what the value of the expression is via properties of
415 // the short-circuiting.
416 X = svalBuilder.makeIntVal(B->getOpcode() == BO_LAnd ? 0U : 1U,
418 MakeNode(Dst, B, Pred, state->BindExpr(B, X));
422 void ExprEngine::VisitInitListExpr(const InitListExpr *IE,
424 ExplodedNodeSet &Dst) {
426 const ProgramState *state = Pred->getState();
427 QualType T = getContext().getCanonicalType(IE->getType());
428 unsigned NumInitElements = IE->getNumInits();
430 if (T->isArrayType() || T->isRecordType() || T->isVectorType()) {
431 llvm::ImmutableList<SVal> vals = getBasicVals().getEmptySValList();
433 // Handle base case where the initializer has no elements.
434 // e.g: static int* myArray[] = {};
435 if (NumInitElements == 0) {
436 SVal V = svalBuilder.makeCompoundVal(T, vals);
437 MakeNode(Dst, IE, Pred, state->BindExpr(IE, V));
441 for (InitListExpr::const_reverse_iterator it = IE->rbegin(),
442 ei = IE->rend(); it != ei; ++it) {
443 vals = getBasicVals().consVals(state->getSVal(cast<Expr>(*it)), vals);
446 MakeNode(Dst, IE, Pred,
447 state->BindExpr(IE, svalBuilder.makeCompoundVal(T, vals)));
451 if (Loc::isLocType(T) || T->isIntegerType()) {
452 assert(IE->getNumInits() == 1);
453 const Expr *initEx = IE->getInit(0);
454 MakeNode(Dst, IE, Pred, state->BindExpr(IE, state->getSVal(initEx)));
458 llvm_unreachable("unprocessed InitListExpr type");
461 void ExprEngine::VisitGuardedExpr(const Expr *Ex,
465 ExplodedNodeSet &Dst) {
467 const ProgramState *state = Pred->getState();
468 SVal X = state->getSVal(Ex);
469 assert (X.isUndef());
470 const Expr *SE = (Expr*) cast<UndefinedVal>(X).getData();
472 X = state->getSVal(SE);
474 // Make sure that we invalidate the previous binding.
475 MakeNode(Dst, Ex, Pred, state->BindExpr(Ex, X, true));
479 VisitOffsetOfExpr(const OffsetOfExpr *OOE,
480 ExplodedNode *Pred, ExplodedNodeSet &Dst) {
481 Expr::EvalResult Res;
482 if (OOE->Evaluate(Res, getContext()) && Res.Val.isInt()) {
483 const APSInt &IV = Res.Val.getInt();
484 assert(IV.getBitWidth() == getContext().getTypeSize(OOE->getType()));
485 assert(OOE->getType()->isIntegerType());
486 assert(IV.isSigned() == OOE->getType()->isSignedIntegerOrEnumerationType());
487 SVal X = svalBuilder.makeIntVal(IV);
488 MakeNode(Dst, OOE, Pred, Pred->getState()->BindExpr(OOE, X));
491 // FIXME: Handle the case where __builtin_offsetof is not a constant.
497 VisitUnaryExprOrTypeTraitExpr(const UnaryExprOrTypeTraitExpr *Ex,
499 ExplodedNodeSet &Dst) {
501 QualType T = Ex->getTypeOfArgument();
503 if (Ex->getKind() == UETT_SizeOf) {
504 if (!T->isIncompleteType() && !T->isConstantSizeType()) {
505 assert(T->isVariableArrayType() && "Unknown non-constant-sized type.");
507 // FIXME: Add support for VLA type arguments and VLA expressions.
508 // When that happens, we should probably refactor VLASizeChecker's code.
512 else if (T->getAs<ObjCObjectType>()) {
513 // Some code tries to take the sizeof an ObjCObjectType, relying that
514 // the compiler has laid out its representation. Just report Unknown
521 Expr::EvalResult Result;
522 Ex->Evaluate(Result, getContext());
523 CharUnits amt = CharUnits::fromQuantity(Result.Val.getInt().getZExtValue());
525 const ProgramState *state = Pred->getState();
526 state = state->BindExpr(Ex, svalBuilder.makeIntVal(amt.getQuantity(),
528 MakeNode(Dst, Ex, Pred, state);
531 void ExprEngine::VisitUnaryOperator(const UnaryOperator* U,
533 ExplodedNodeSet &Dst) {
534 switch (U->getOpcode()) {
538 const Expr *Ex = U->getSubExpr()->IgnoreParens();
540 Visit(Ex, Pred, Tmp);
542 for (ExplodedNodeSet::iterator I=Tmp.begin(), E=Tmp.end(); I!=E; ++I) {
544 // FIXME: We don't have complex SValues yet.
545 if (Ex->getType()->isAnyComplexType()) {
546 // Just report "Unknown."
551 // For all other types, UO_Real is an identity operation.
552 assert (U->getType() == Ex->getType());
553 const ProgramState *state = (*I)->getState();
554 MakeNode(Dst, U, *I, state->BindExpr(U, state->getSVal(Ex)));
562 const Expr *Ex = U->getSubExpr()->IgnoreParens();
564 Visit(Ex, Pred, Tmp);
566 for (ExplodedNodeSet::iterator I=Tmp.begin(), E=Tmp.end(); I!=E; ++I) {
567 // FIXME: We don't have complex SValues yet.
568 if (Ex->getType()->isAnyComplexType()) {
569 // Just report "Unknown."
574 // For all other types, UO_Imag returns 0.
575 const ProgramState *state = (*I)->getState();
576 SVal X = svalBuilder.makeZeroVal(Ex->getType());
577 MakeNode(Dst, U, *I, state->BindExpr(U, X));
584 assert(!U->isLValue());
590 // Unary "+" is a no-op, similar to a parentheses. We still have places
591 // where it may be a block-level expression, so we need to
592 // generate an extra node that just propagates the value of the
595 const Expr *Ex = U->getSubExpr()->IgnoreParens();
597 Visit(Ex, Pred, Tmp);
599 for (ExplodedNodeSet::iterator I=Tmp.begin(), E=Tmp.end(); I!=E; ++I) {
600 const ProgramState *state = (*I)->getState();
601 MakeNode(Dst, U, *I, state->BindExpr(U, state->getSVal(Ex)));
610 assert (!U->isLValue());
611 const Expr *Ex = U->getSubExpr()->IgnoreParens();
613 Visit(Ex, Pred, Tmp);
615 for (ExplodedNodeSet::iterator I=Tmp.begin(), E=Tmp.end(); I!=E; ++I) {
616 const ProgramState *state = (*I)->getState();
618 // Get the value of the subexpression.
619 SVal V = state->getSVal(Ex);
621 if (V.isUnknownOrUndef()) {
622 MakeNode(Dst, U, *I, state->BindExpr(U, V));
626 switch (U->getOpcode()) {
628 llvm_unreachable("Invalid Opcode.");
631 // FIXME: Do we need to handle promotions?
632 state = state->BindExpr(U, evalComplement(cast<NonLoc>(V)));
636 // FIXME: Do we need to handle promotions?
637 state = state->BindExpr(U, evalMinus(cast<NonLoc>(V)));
642 // C99 6.5.3.3: "The expression !E is equivalent to (0==E)."
644 // Note: technically we do "E == 0", but this is the same in the
645 // transfer functions as "0 == E".
649 Loc X = svalBuilder.makeNull();
650 Result = evalBinOp(state, BO_EQ, cast<Loc>(V), X,
654 nonloc::ConcreteInt X(getBasicVals().getValue(0, Ex->getType()));
655 Result = evalBinOp(state, BO_EQ, cast<NonLoc>(V), X,
659 state = state->BindExpr(U, Result);
664 MakeNode(Dst, U, *I, state);
671 // Handle ++ and -- (both pre- and post-increment).
672 assert (U->isIncrementDecrementOp());
674 const Expr *Ex = U->getSubExpr()->IgnoreParens();
675 Visit(Ex, Pred, Tmp);
677 for (ExplodedNodeSet::iterator I = Tmp.begin(), E = Tmp.end(); I!=E; ++I) {
679 const ProgramState *state = (*I)->getState();
680 SVal loc = state->getSVal(Ex);
683 ExplodedNodeSet Tmp2;
684 evalLoad(Tmp2, Ex, *I, state, loc);
686 for (ExplodedNodeSet::iterator I2=Tmp2.begin(), E2=Tmp2.end();I2!=E2;++I2) {
688 state = (*I2)->getState();
689 SVal V2_untested = state->getSVal(Ex);
691 // Propagate unknown and undefined values.
692 if (V2_untested.isUnknownOrUndef()) {
693 MakeNode(Dst, U, *I2, state->BindExpr(U, V2_untested));
696 DefinedSVal V2 = cast<DefinedSVal>(V2_untested);
698 // Handle all other values.
699 BinaryOperator::Opcode Op = U->isIncrementOp() ? BO_Add
702 // If the UnaryOperator has non-location type, use its type to create the
703 // constant value. If the UnaryOperator has location type, create the
704 // constant with int type and pointer width.
707 if (U->getType()->isAnyPointerType())
708 RHS = svalBuilder.makeArrayIndex(1);
710 RHS = svalBuilder.makeIntVal(1, U->getType());
712 SVal Result = evalBinOp(state, Op, V2, RHS, U->getType());
714 // Conjure a new symbol if necessary to recover precision.
715 if (Result.isUnknown() || !getConstraintManager().canReasonAbout(Result)){
716 DefinedOrUnknownSVal SymVal =
717 svalBuilder.getConjuredSymbolVal(NULL, Ex,
718 Builder->getCurrentBlockCount());
721 // If the value is a location, ++/-- should always preserve
722 // non-nullness. Check if the original value was non-null, and if so
723 // propagate that constraint.
724 if (Loc::isLocType(U->getType())) {
725 DefinedOrUnknownSVal Constraint =
726 svalBuilder.evalEQ(state, V2,svalBuilder.makeZeroVal(U->getType()));
728 if (!state->assume(Constraint, true)) {
729 // It isn't feasible for the original value to be null.
730 // Propagate this constraint.
731 Constraint = svalBuilder.evalEQ(state, SymVal,
732 svalBuilder.makeZeroVal(U->getType()));
735 state = state->assume(Constraint, false);
741 // Since the lvalue-to-rvalue conversion is explicit in the AST,
742 // we bind an l-value if the operator is prefix and an lvalue (in C++).
744 state = state->BindExpr(U, loc);
746 state = state->BindExpr(U, U->isPostfix() ? V2 : Result);
748 // Perform the store.
749 evalStore(Dst, NULL, U, *I2, state, loc, Result);
projects / FreeBSD / releng / 9.0.git / blob