[analyzer] Avoid a crash in DereferenceChecker on string literal initializers.

A hotfix for pr31592 that fixes the crash but not the root cause of the problem.
We need to update the analyzer engine further to account for AST changes
introduced in r289618. At the moment we're erroneously performing a redundant
lvalue-to-rvalue cast in this scenario, and squashing the rvalue of the object
bound to the reference into the reference itself.

rdar://problem/28832541

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@291754 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp b/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
index 152b937bb03f4061f578f5a6b2b544f991adab85..a98d379bb84ed86fa59e1d74175afe9c54761494 100644 (file)
--- a/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
+++ b/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
@@ -253,6 +253,12 @@ void DereferenceChecker::checkBind(SVal L, SVal V, const Stmt *S,
   if (!TVR->getValueType()->isReferenceType())
     return;
 
+  // FIXME: This is a hotfix for https://llvm.org/bugs/show_bug.cgi?id=31592
+  // A proper fix is very much necessary. Otherwise we would never normally bind
+  // a NonLoc to a reference.
+  if (V.getAs<NonLoc>())
+    return;
+
   ProgramStateRef State = C.getState();
 
   ProgramStateRef StNonNull, StNull;

diff --git a/test/Analysis/initializer.cpp b/test/Analysis/initializer.cpp
index b31c315ba524b2aa4580e449566301858d0670b4..09509271dae0c27b559461f7b57ef1d2268511dd 100644 (file)
--- a/test/Analysis/initializer.cpp
+++ b/test/Analysis/initializer.cpp
@@ -197,3 +197,10 @@ namespace ReferenceInitialization {
   }
 
 };
+
+namespace PR31592 {
+struct C {
+   C() : f("}") { } // no-crash
+   const char(&f)[2];
+};
+}