From: Argyrios Kyrtzidis <akyrtzi@gmail.com>
Date: Sat, 19 Feb 2011 08:03:18 +0000 (+0000)
Subject: [analyzer] Fix crash when analyzing C++ code.
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b14175a5371a6c71f3b2dbe4e7aa14803ac38c54;p=clang

[analyzer] Fix crash when analyzing C++ code.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126025 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/lib/StaticAnalyzer/Core/SValBuilder.cpp b/lib/StaticAnalyzer/Core/SValBuilder.cpp
index 796613383b..b0fd497e57 100644
--- a/lib/StaticAnalyzer/Core/SValBuilder.cpp
+++ b/lib/StaticAnalyzer/Core/SValBuilder.cpp
@@ -292,7 +292,7 @@ SVal SValBuilder::evalCast(SVal val, QualType castTy, QualType originalTy) {
     //  }
 
     assert(Loc::isLocType(originalTy) || originalTy->isFunctionType() ||
-           originalTy->isBlockPointerType());
+           originalTy->isBlockPointerType() || castTy->isReferenceType());
 
     StoreManager &storeMgr = StateMgr.getStoreManager();
 
diff --git a/lib/StaticAnalyzer/Core/Store.cpp b/lib/StaticAnalyzer/Core/Store.cpp
index 379327fbb5..722517097c 100644
--- a/lib/StaticAnalyzer/Core/Store.cpp
+++ b/lib/StaticAnalyzer/Core/Store.cpp
@@ -78,7 +78,7 @@ const MemRegion *StoreManager::castRegion(const MemRegion *R, QualType CastToTy)
 
   // Now assume we are casting from pointer to pointer. Other cases should
   // already be handled.
-  QualType PointeeTy = CastToTy->getAs<PointerType>()->getPointeeType();
+  QualType PointeeTy = CastToTy->getPointeeType();
   QualType CanonPointeeTy = Ctx.getCanonicalType(PointeeTy);
 
   // Handle casts to void*.  We just pass the region through.
diff --git a/test/Analysis/cxx-crashes.cpp b/test/Analysis/cxx-crashes.cpp
index ae2f3cb5eb..c9775df7e2 100644
--- a/test/Analysis/cxx-crashes.cpp
+++ b/test/Analysis/cxx-crashes.cpp
@@ -14,6 +14,10 @@ bool f3() {
   return !false;
 }
 
+void *f4(int* w) {
+  return reinterpret_cast<void*&>(w);
+}
+
 namespace {
 
 struct A { };
@@ -27,3 +31,15 @@ A f(char *dst) {
 }
 
 }
+
+namespace {
+
+struct S {
+    void *p;
+};
+
+void *f(S* w) {
+    return &reinterpret_cast<void*&>(*w);
+}
+
+}