Fix static analyzer crash on code taking the address of a field. Fixes PR 11146.

author Ted Kremenek <kremenek@apple.com>

Thu, 22 Mar 2012 21:42:31 +0000 (21:42 +0000)

committer Ted Kremenek <kremenek@apple.com>

Thu, 22 Mar 2012 21:42:31 +0000 (21:42 +0000)
author Ted Kremenek <kremenek@apple.com>
Thu, 22 Mar 2012 21:42:31 +0000 (21:42 +0000)
committer Ted Kremenek <kremenek@apple.com>
Thu, 22 Mar 2012 21:42:31 +0000 (21:42 +0000)
diff --git a/include/clang/Analysis/Visitors/CFGRecStmtDeclVisitor.h b/include/clang/Analysis/Visitors/CFGRecStmtDeclVisitor.h

index b9c8b04e28871e5cd09657dc8d8f0aeb9f2f33a2..97eb28702736832eca11382b82765573bc760bde 100644 (file)
--- a/include/clang/Analysis/Visitors/CFGRecStmtDeclVisitor.h
+++ b/include/clang/Analysis/Visitors/CFGRecStmtDeclVisitor.h
@@ -66,6 +66,7 @@ public:
          DISPATCH_CASE(Record)    // FIXME: Refine.  VisitStructDecl?
          DISPATCH_CASE(CXXRecord)
          DISPATCH_CASE(Enum)
+        DISPATCH_CASE(Field)
          DISPATCH_CASE(UsingDirective)
          DISPATCH_CASE(Using)
        default:
@@ -82,6 +83,7 @@ public:
    DEFAULT_DISPATCH(Typedef)
    DEFAULT_DISPATCH(Record)
    DEFAULT_DISPATCH(Enum)
+  DEFAULT_DISPATCH(Field)
    DEFAULT_DISPATCH(ObjCInterface)
    DEFAULT_DISPATCH(ObjCMethod)
    DEFAULT_DISPATCH(ObjCProtocol)
diff --git a/lib/StaticAnalyzer/Core/ExprEngine.cpp b/lib/StaticAnalyzer/Core/ExprEngine.cpp

index 051c31a55482fb549274da54688cde145986beae..1bbcf1e68927907b28a460eacd32f181ef3fe359 100644 (file)
--- a/lib/StaticAnalyzer/Core/ExprEngine.cpp
+++ b/lib/StaticAnalyzer/Core/ExprEngine.cpp
@@ -1384,6 +1384,13 @@ void ExprEngine::VisitCommonDeclRefExpr(const Expr *Ex, const NamedDecl *D,
                        ProgramPoint::PostLValueKind);
      return;
    }
+  if (isa<FieldDecl>(D)) {
+    // FIXME: Compute lvalue of fields.
+    Bldr.generateNode(Ex, Pred, state->BindExpr(Ex, LCtx, UnknownVal()),
+                     false, 0, ProgramPoint::PostLValueKind);
+    return;
+  }
+
    assert (false &&
            "ValueDecl support for this ValueDecl not implemented.");
  }
diff --git a/test/Analysis/misc-ps-region-store.cpp b/test/Analysis/misc-ps-region-store.cpp

index 00dff70480ea2429b36d7c6f19567652736c8410..e0cedcce9351ae6b8d262fd6d77230266fc94052 100644 (file)
--- a/test/Analysis/misc-ps-region-store.cpp
+++ b/test/Analysis/misc-ps-region-store.cpp
@@ -552,3 +552,19 @@ void PR11545_positive() {
    }
  }
  
+// Test handling taking the address of a field.  While the analyzer
+// currently doesn't do anything intelligent here, this previously
+// resulted in a crash.
+class PR11146 {
+public:
+  struct Entry;
+  void baz();
+};
+
+struct PR11146::Entry {
+  int x;
+};
+
+void PR11146::baz() {
+  (void) &Entry::x;
+}
author	Ted Kremenek <kremenek@apple.com>
	Thu, 22 Mar 2012 21:42:31 +0000 (21:42 +0000)
committer	Ted Kremenek <kremenek@apple.com>
	Thu, 22 Mar 2012 21:42:31 +0000 (21:42 +0000)
include/clang/Analysis/Visitors/CFGRecStmtDeclVisitor.h		patch \| blob \| history
lib/StaticAnalyzer/Core/ExprEngine.cpp		patch \| blob \| history
test/Analysis/misc-ps-region-store.cpp		patch \| blob \| history