From: Ted Kremenek Date: Thu, 22 Mar 2012 21:42:31 +0000 (+0000) Subject: Fix static analyzer crash on code taking the address of a field. Fixes PR 11146. X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=5aac0b6ae95f137b1783f3e6227241fb457b8f8b;p=clang Fix static analyzer crash on code taking the address of a field. Fixes PR 11146. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153283 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/include/clang/Analysis/Visitors/CFGRecStmtDeclVisitor.h b/include/clang/Analysis/Visitors/CFGRecStmtDeclVisitor.h index b9c8b04e28..97eb287027 100644 --- a/include/clang/Analysis/Visitors/CFGRecStmtDeclVisitor.h +++ b/include/clang/Analysis/Visitors/CFGRecStmtDeclVisitor.h @@ -66,6 +66,7 @@ public: DISPATCH_CASE(Record) // FIXME: Refine. VisitStructDecl? DISPATCH_CASE(CXXRecord) DISPATCH_CASE(Enum) + DISPATCH_CASE(Field) DISPATCH_CASE(UsingDirective) DISPATCH_CASE(Using) default: @@ -82,6 +83,7 @@ public: DEFAULT_DISPATCH(Typedef) DEFAULT_DISPATCH(Record) DEFAULT_DISPATCH(Enum) + DEFAULT_DISPATCH(Field) DEFAULT_DISPATCH(ObjCInterface) DEFAULT_DISPATCH(ObjCMethod) DEFAULT_DISPATCH(ObjCProtocol) diff --git a/lib/StaticAnalyzer/Core/ExprEngine.cpp b/lib/StaticAnalyzer/Core/ExprEngine.cpp index 051c31a554..1bbcf1e689 100644 --- a/lib/StaticAnalyzer/Core/ExprEngine.cpp +++ b/lib/StaticAnalyzer/Core/ExprEngine.cpp @@ -1384,6 +1384,13 @@ void ExprEngine::VisitCommonDeclRefExpr(const Expr *Ex, const NamedDecl *D, ProgramPoint::PostLValueKind); return; } + if (isa(D)) { + // FIXME: Compute lvalue of fields. + Bldr.generateNode(Ex, Pred, state->BindExpr(Ex, LCtx, UnknownVal()), + false, 0, ProgramPoint::PostLValueKind); + return; + } + assert (false && "ValueDecl support for this ValueDecl not implemented."); } diff --git a/test/Analysis/misc-ps-region-store.cpp b/test/Analysis/misc-ps-region-store.cpp index 00dff70480..e0cedcce93 100644 --- a/test/Analysis/misc-ps-region-store.cpp +++ b/test/Analysis/misc-ps-region-store.cpp @@ -552,3 +552,19 @@ void PR11545_positive() { } } +// Test handling taking the address of a field. While the analyzer +// currently doesn't do anything intelligent here, this previously +// resulted in a crash. +class PR11146 { +public: + struct Entry; + void baz(); +}; + +struct PR11146::Entry { + int x; +}; + +void PR11146::baz() { + (void) &Entry::x; +}