Enhance return-stack-address check (in Sema) to handle fields that themselves are references. (Fixes PR 7999; fix by Chandler Carruth).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@112792 91177308-0d34-0410-b5e6-96231b3b80d8

2 files changed, 19 insertions, 3 deletions

diff --git a/lib/Sema/SemaChecking.cpp b/lib/Sema/SemaChecking.cpp
index caef9fb9ed..a0b4b988db 100644
--- a/lib/Sema/SemaChecking.cpp
+++ b/lib/Sema/SemaChecking.cpp
@@ -2029,10 +2029,15 @@ do {
     MemberExpr *M = cast<MemberExpr>(E);
 
     // Check for indirect access.  We only want direct field accesses.
-    if (!M->isArrow())
-      return EvalVal(M->getBase());
-    else
+    if (M->isArrow())
+      return NULL;
+
+    // Check whether the member type is itself a reference, in which case
+    // we're not going to refer to the member, but to what the member refers to.
+    if (M->getMemberDecl()->getType()->isReferenceType())
       return NULL;
+
+    return EvalVal(M->getBase());
   }
 
   // Everything else: we simply don't reason about them.
diff --git a/test/SemaCXX/return-stack-addr.cpp b/test/SemaCXX/return-stack-addr.cpp
index ba64765603..7d4cb96402 100644
--- a/test/SemaCXX/return-stack-addr.cpp
+++ b/test/SemaCXX/return-stack-addr.cpp
@@ -108,5 +108,16 @@ int* ret_cpp_const_cast(const int x) {
   return const_cast<int*>(&x);  // expected-warning {{address of stack memory}}
 }
 
+// PR 7999 - handle the case where a field is itself a reference.
+template <typename T> struct PR7999 {
+  PR7999(T& t) : value(t) {}
+  T& value;
+};
+
+struct PR7999_X {};
+
+PR7999_X& PR7999_f(PR7999<PR7999_X> s) { return s.value; } // no-warning
+void test_PR7999(PR7999_X& x) { (void)PR7999_f(x); } // no-warning
+
 // TODO: test case for dynamic_cast.  clang does not yet have
 // support for C++ classes to write such a test case.