diff options
| author | Ted Kremenek <kremenek@apple.com> | 2009-10-30 05:48:30 +0000 |
|---|---|---|
| committer | Ted Kremenek <kremenek@apple.com> | 2009-10-30 05:48:30 +0000 |
| commit | 5bbe789e1084996179bf4b103768d73cbd4446c8 (patch) | |
| tree | 10c1524fd4c4b5e88bee8760b1238abe2653f470 | |
| parent | 9e6b37a9f1d499e7ca0950edacd0b6569e491d7f (diff) | |
Handle loading of field values from LazyCompoundVals in GRExprEngine::VisitMemberExpr().
This fixes the crash reported in PR 5316.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@85578 91177308-0d34-0410-b5e6-96231b3b80d8
| -rw-r--r-- | lib/Analysis/GRExprEngine.cpp | 25 | ||||
| -rw-r--r-- | test/Analysis/misc-ps-region-store.m | 16 |
2 files changed, 35 insertions, 6 deletions
diff --git a/lib/Analysis/GRExprEngine.cpp b/lib/Analysis/GRExprEngine.cpp index c0aed2306e..99e214400e 100644 --- a/lib/Analysis/GRExprEngine.cpp +++ b/lib/Analysis/GRExprEngine.cpp @@ -1092,13 +1092,26 @@ void GRExprEngine::VisitMemberExpr(MemberExpr* M, ExplodedNode* Pred, // FIXME: Should we insert some assumption logic in here to determine // if "Base" is a valid piece of memory? Before we put this assumption // later when using FieldOffset lvals (which we no longer have). - SVal L = state->getLValue(Field, state->getSVal(Base)); + SVal BaseV = state->getSVal(Base); + + if (nonloc::LazyCompoundVal *LVC=dyn_cast<nonloc::LazyCompoundVal>(&BaseV)){ + const LazyCompoundValData *D = LVC->getCVData(); + const FieldRegion * FR = + getStateManager().getRegionManager().getFieldRegion(Field, + D->getRegion()); + + SVal V = D->getState()->getSVal(loc::MemRegionVal(FR)); + MakeNode(Dst, M, *I, state->BindExpr(M, V)); + } + else { + SVal L = state->getLValue(Field, BaseV); - if (asLValue) - MakeNode(Dst, M, *I, state->BindExpr(M, L), - ProgramPoint::PostLValueKind); - else - EvalLoad(Dst, M, *I, state, L); + if (asLValue) + MakeNode(Dst, M, *I, state->BindExpr(M, L), + ProgramPoint::PostLValueKind); + else + EvalLoad(Dst, M, *I, state, L); + } } } diff --git a/test/Analysis/misc-ps-region-store.m b/test/Analysis/misc-ps-region-store.m index 5bba63a3a2..4cde7726b4 100644 --- a/test/Analysis/misc-ps-region-store.m +++ b/test/Analysis/misc-ps-region-store.m @@ -415,3 +415,19 @@ int rdar7347252(rdar7347252_SSL1 *s) { } return 0; } + +//===----------------------------------------------------------------------===// +// PR 5316 - "crash when accessing field of lazy compound value" +// Previously this caused a crash at the MemberExpr '.chr' when loading +// a field value from a LazyCompoundVal +//===----------------------------------------------------------------------===// + +typedef unsigned int pr5316_wint_t; +typedef pr5316_wint_t pr5316_REFRESH_CHAR; +typedef struct { + pr5316_REFRESH_CHAR chr; +} +pr5316_REFRESH_ELEMENT; +static void pr5316(pr5316_REFRESH_ELEMENT *dst, const pr5316_REFRESH_ELEMENT *src) { + while ((*dst++ = *src++).chr != L'\0') ; +} |