From 08780078183ae4b2534c69a3e0ded596cdb695ba Mon Sep 17 00:00:00 2001
From: Ted Kremenek <kremenek@apple.com>
Date: Mon, 24 Aug 2009 22:47:34 +0000
Subject: [PATCH] ConstraintManager::AssumeDual now accepts a 'DefinedSVal'
 instead of 'SVal' for the condition. This eliminates a source of bugs where
 the client doesn't correctly reason about undefined or unknown values. This
 fixes PR 4759.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79952 91177308-0d34-0410-b5e6-96231b3b80d8
---
 include/clang/Analysis/PathSensitive/ConstraintManager.h | 2 +-
 include/clang/Analysis/PathSensitive/SVals.h             | 2 +-
 lib/Analysis/GRExprEngineInternalChecks.cpp              | 9 +++++++--
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/include/clang/Analysis/PathSensitive/ConstraintManager.h b/include/clang/Analysis/PathSensitive/ConstraintManager.h
index 4b17f57c91..e3b6489ad0 100644
--- a/include/clang/Analysis/PathSensitive/ConstraintManager.h
+++ b/include/clang/Analysis/PathSensitive/ConstraintManager.h
@@ -37,7 +37,7 @@ public:
                                        SVal UpperBound, bool Assumption) = 0;
   
   std::pair<const GRState*, const GRState*> AssumeDual(const GRState *state,
-                                                       SVal Cond) {
+                                                       DefinedSVal Cond) {
     return std::make_pair(Assume(state, Cond, true),
                           Assume(state, Cond, false));    
   }
diff --git a/include/clang/Analysis/PathSensitive/SVals.h b/include/clang/Analysis/PathSensitive/SVals.h
index 4371e31fad..1dd690695e 100644
--- a/include/clang/Analysis/PathSensitive/SVals.h
+++ b/include/clang/Analysis/PathSensitive/SVals.h
@@ -177,7 +177,7 @@ class DefinedSVal : public SVal {
 protected:
   DefinedSVal(const void* d, bool isLoc, unsigned ValKind)
     : SVal(d, isLoc, ValKind) {}
-  
+public:
   // Implement isa<T> support.
   static inline bool classof(const SVal *V) {
     return !V->isUnknownOrUndef();
diff --git a/lib/Analysis/GRExprEngineInternalChecks.cpp b/lib/Analysis/GRExprEngineInternalChecks.cpp
index d22f276a55..1b2fd1cb9f 100644
--- a/lib/Analysis/GRExprEngineInternalChecks.cpp
+++ b/lib/Analysis/GRExprEngineInternalChecks.cpp
@@ -575,10 +575,15 @@ public:
       if (!Att->isNonNull(idx))
         continue;
       
+      const SVal &V = state->getSVal(*I);
+      const DefinedSVal *DV = dyn_cast<DefinedSVal>(&V);
+      
+      if (!DV)
+        continue;
+      
       ConstraintManager &CM = C.getConstraintManager();
       const GRState *stateNotNull, *stateNull;
-      llvm::tie(stateNotNull, stateNull) = CM.AssumeDual(state,
-                                                         state->getSVal(*I));
+      llvm::tie(stateNotNull, stateNull) = CM.AssumeDual(state, *DV);
       
       if (stateNull && !stateNotNull) {
         // Generate an error node.  Check for a null node in case
-- 
2.40.0