about summary refs log tree commit diff homepage
diff options
context:
space:
mode:
authorMartin Nowack <m.nowack@imperial.ac.uk>2018-10-18 14:01:51 +0100
committerCristian Cadar <c.cadar@imperial.ac.uk>2018-10-23 18:53:46 +0300
commitbcd0cf245e9638a5f39c9340a28313dc6a3814c4 (patch)
tree0ce2de11fe43dd8bca86b1a59945cc2120e68904
parent8bfd97d583e932973f0d363f8cfd695ecb5e002e (diff)
downloadklee-bcd0cf245e9638a5f39c9340a28313dc6a3814c4.tar.gz
Avoid unsafe static downcasts
-rw-r--r--lib/Expr/ArrayExprOptimizer.cpp20
-rw-r--r--lib/Expr/ArrayExprRewriter.cpp12
2 files changed, 20 insertions, 12 deletions
diff --git a/lib/Expr/ArrayExprOptimizer.cpp b/lib/Expr/ArrayExprOptimizer.cpp
index cadd9588..94bf2487 100644
--- a/lib/Expr/ArrayExprOptimizer.cpp
+++ b/lib/Expr/ArrayExprOptimizer.cpp
@@ -163,9 +163,10 @@ bool ExprOptimizer::computeIndexes(array2idx_ty &arrays, const ref<Expr> &e,
       // skipping all those indexes that are not multiple of such value.
       // In fact, they will be rejected by the MulExpr interpreter since it
       // will not find any integer solution
-      Expr &e = *idxt_v.getMul();
-      auto &ce = static_cast<ConstantExpr &>(e);
-      uint64_t mulVal = (*ce.getAPValue().getRawData());
+      auto e = idxt_v.getMul();
+      auto ce = dyn_cast<ConstantExpr>(e);
+      assert(ce && "Not a constant expression");
+      uint64_t mulVal = (*ce->getAPValue().getRawData());
       // So far we try to limit this optimization, but we may try some more
       // aggressive conditions (i.e. mulVal > width)
       if (width == 1 && mulVal > 1)
@@ -234,10 +235,12 @@ ref<Expr> ExprOptimizer::getSelectOptExpr(
              "Expected concrete array, found symbolic array");
       auto arrayConstValues = read->updates.root->constantValues;
       for (const UpdateNode *un = read->updates.head; un; un = un->next) {
-        auto *ce = static_cast<ConstantExpr *>(un->index.get());
+        auto ce = dyn_cast<ConstantExpr>(un->index);
+        assert(ce && "Not a constant expression");
         uint64_t index = ce->getAPValue().getZExtValue();
         assert(index < arrayConstValues.size());
-        auto *arrayValue = static_cast<ConstantExpr *>(un->value.get());
+        auto arrayValue = dyn_cast<ConstantExpr>(un->value);
+        assert(arrayValue && "Not a constant expression");
         arrayConstValues[index] = arrayValue;
       }
       std::vector<uint64_t> arrayValues;
@@ -307,13 +310,16 @@ ref<Expr> ExprOptimizer::getSelectOptExpr(
         }
       }
       for (const UpdateNode *un = read->updates.head; un; un = un->next) {
-        auto *ce = static_cast<ConstantExpr *>(un->index.get());
+        auto ce = dyn_cast<ConstantExpr>(un->index);
+        assert(ce && "Not a constant expression");
         uint64_t index = ce->getAPValue().getLimitedValue();
         if (!isa<ConstantExpr>(un->value)) {
           ba.set(index);
         } else {
           ba.unset(index);
-          auto *arrayValue = static_cast<ConstantExpr *>(un->value.get());
+          auto arrayValue =
+              dyn_cast<ConstantExpr>(un->value);
+          assert(arrayValue && "Not a constant expression");
           arrayConstValues[index] = arrayValue;
         }
       }
diff --git a/lib/Expr/ArrayExprRewriter.cpp b/lib/Expr/ArrayExprRewriter.cpp
index 7bbadd61..8306e20a 100644
--- a/lib/Expr/ArrayExprRewriter.cpp
+++ b/lib/Expr/ArrayExprRewriter.cpp
@@ -48,9 +48,11 @@ ref<Expr> ExprRewriter::rewrite(const ref<Expr> &e, const array2idx_ty &arrays,
       // skipping all those indexes that are not multiple of such value.
       // In fact, they will be rejected by the MulExpr interpreter since it
       // will not find any integer solution
-      Expr &e = *idxt_v.getMul();
-      auto &ce = static_cast<ConstantExpr &>(e);
-      llvm::APInt val = ce.getAPValue();
+      auto e = idxt_v.getMul();
+      auto ce = dyn_cast<ConstantExpr>(e);
+      assert(ce && "Not a constant expression");
+
+      llvm::APInt val = ce->getAPValue();
       uint64_t mulVal = val.getZExtValue();
       // So far we try to limit this optimization, but we may try some more
       // aggressive conditions (i.e. mulVal > width)
@@ -76,8 +78,8 @@ ref<Expr> ExprRewriter::rewrite(const ref<Expr> &e, const array2idx_ty &arrays,
         unsigned set = 0;
         BitArray ba(arr->size / width);
         for (auto &vals : opt_indexes) {
-          auto &ce = static_cast<ConstantExpr &>(*vals);
-          llvm::APInt v = ce.getAPValue();
+          auto ce = dyn_cast<ConstantExpr>(vals);
+          llvm::APInt v = ce->getAPValue();
           ba.set(v.getZExtValue() / width);
           set++;
         }