From: Ted Kremenek <kremenek@apple.com>
Date: Thu, 6 Oct 2011 20:53:28 +0000 (+0000)
Subject: [static analyzer] Fix crash in LiveVariables and Environment::getSVal() when analyzin... 
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c80850353f4051f36be9f5be9738cf877406311a;p=clang

[static analyzer] Fix crash in LiveVariables and Environment::getSVal() when analyzing C++ pointer-to-member calls.  Fixes <rdar://problem/10243398>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141312 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/lib/Analysis/LiveVariables.cpp b/lib/Analysis/LiveVariables.cpp
index be6e659bd9..c800c70a38 100644
--- a/lib/Analysis/LiveVariables.cpp
+++ b/lib/Analysis/LiveVariables.cpp
@@ -352,9 +352,10 @@ void TransferFunctions::Visit(Stmt *S) {
     case Stmt::CXXMemberCallExprClass: {
       // Include the implicit "this" pointer as being live.
       CXXMemberCallExpr *CE = cast<CXXMemberCallExpr>(S);
-      val.liveStmts =
-        LV.SSetFact.add(val.liveStmts,
-                        CE->getImplicitObjectArgument()->IgnoreParens());
+      if (Expr *ImplicitObj = CE->getImplicitObjectArgument()) {
+        ImplicitObj = ImplicitObj->IgnoreParens();        
+        val.liveStmts = LV.SSetFact.add(val.liveStmts, ImplicitObj);
+      }
       break;
     }
     case Stmt::DeclStmtClass: {
diff --git a/lib/StaticAnalyzer/Core/ObjCMessage.cpp b/lib/StaticAnalyzer/Core/ObjCMessage.cpp
index 112c468210..0974fe877a 100644
--- a/lib/StaticAnalyzer/Core/ObjCMessage.cpp
+++ b/lib/StaticAnalyzer/Core/ObjCMessage.cpp
@@ -148,7 +148,13 @@ SVal CallOrObjCMessage::getCXXCallee() const {
   const CallExpr *ActualCall = CallE.get<const CallExpr *>();
   const Expr *callee =
     cast<CXXMemberCallExpr>(ActualCall)->getImplicitObjectArgument();
-  return State->getSVal(callee);  
+  
+  // FIXME: Will eventually need to cope with member pointers.  This is
+  // a limitation in getImplicitObjectArgument().
+  if (!callee)
+    return UnknownVal();
+  
+  return State->getSVal(callee);
 }
 
 SVal
diff --git a/test/Analysis/misc-ps-cxx0x.cpp b/test/Analysis/misc-ps-cxx0x.cpp
index 598fea2bb7..1089fa7f9a 100644
--- a/test/Analysis/misc-ps-cxx0x.cpp
+++ b/test/Analysis/misc-ps-cxx0x.cpp
@@ -9,3 +9,15 @@ void test_analyzer_working() {
   *p = 0xDEADBEEF; // expected-warning {{null}}
 }
 
+// Test that pointer-to-member functions don't cause the analyzer
+// to crash.
+struct RDar10243398 {
+  void bar(int x);
+};
+
+typedef void (RDar10243398::*RDar10243398MemberFn)(int x);
+
+void test_rdar10243398(RDar10243398 *p) {
+  RDar10243398MemberFn q = &RDar10243398::bar;
+  ((*p).*(q))(1);
+}