[analyzer] Don't try to inline if there's no region for a message receiver.

While usually we'd use a symbolic region rather than a straight-up Unknown,
we can still generate unknowns via array subscripts with symbolic indexes.
(And if this ever changes in the future, we still shouldn't crash.)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161059 91177308-0d34-0410-b5e6-96231b3b80d8

2 files changed, 10 insertions, 1 deletions

diff --git a/lib/StaticAnalyzer/Core/CallEvent.cpp b/lib/StaticAnalyzer/Core/CallEvent.cpp
index 3b9e1e1979..fb00a226a2 100644
--- a/lib/StaticAnalyzer/Core/CallEvent.cpp
+++ b/lib/StaticAnalyzer/Core/CallEvent.cpp
@@ -681,6 +681,9 @@ const Decl *ObjCMethodCall::getRuntimeDefinition() const {
       ReceiverT = cast<ObjCObjectPointerType>(SupersType.getTypePtr());
     } else {
       const MemRegion *Receiver = getReceiverSVal().getAsRegion();
+      if (!Receiver)
+        return 0;
+
       DynamicTypeInfo TI = getState()->getDynamicTypeInfo(Receiver);
       ReceiverT = dyn_cast<ObjCObjectPointerType>(TI.getType().getTypePtr());
     }
diff --git a/test/Analysis/inlining/InlineObjCInstanceMethod.m b/test/Analysis/inlining/InlineObjCInstanceMethod.m
index 682d02aa15..8d8f28d923 100644
--- a/test/Analysis/inlining/InlineObjCInstanceMethod.m
+++ b/test/Analysis/inlining/InlineObjCInstanceMethod.m
@@ -77,4 +77,10 @@
 - (int) method2 {
   return 5/_attribute; // expected-warning {{Division by zero}}
 }
-@end
\ No newline at end of file
+@end
+
+
+// Don't crash if we don't know the receiver's region.
+void randomlyMessageAnObject(MyClass *arr[], int i) {
+  (void)[arr[i] getInt];
+}
\ No newline at end of file