Value sets: type casts need not be towards a pointer type

We cannot assume that the expression seen by get_value_set_rec is of
pointer type. Therefore, type cast expressions need not be towards a
pointer type, and unconditionally trying to take the subtype of the
expression type is not safe. On the other hand, any access to
NULL_object will be invalid, and fixing NULL_object to be void typed
should be safe.

Author: tautschnig

src/pointer-analysis/value_set.cpp

@@ -586,20 +586,17 @@ void value_sett::get_value_set_rec(
 
     if(op_type.id()==ID_pointer)
     {
-      // pointer-to-pointer -- we just ignore these
+      // pointer-to-something -- we just ignore the type cast
       get_value_set_rec(op, dest, suffix, original_type, ns);
     }
     else if(op_type.id()==ID_unsignedbv ||
             op_type.id()==ID_signedbv)
     {
-      // integer-to-pointer
+      // integer-to-something
 
       if(op.is_zero())
       {
-        insert(
-          dest,
-          exprt(ID_null_object, to_type_with_subtype(expr_type).subtype()),
-          mp_integer{0});
+        insert(dest, exprt(ID_null_object, empty_typet{}), mp_integer{0});
       }
       else
       {