[analyzer] Fixit for r158136.

I falsely assumed that the memory spaces are equal when we reach this
point, they might not be when memory space of one or more is stack or
Unknown. We don't want a region from Heap space alias something with
another memory space.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158165 91177308-0d34-0410-b5e6-96231b3b80d8

2 files changed, 18 insertions, 1 deletions

diff --git a/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp b/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
index 9cbbece98e..ad58a07c78 100644
--- a/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
+++ b/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
@@ -701,7 +701,7 @@ SVal SimpleSValBuilder::evalBinOpLL(ProgramStateRef state,
     // on each invocation.
     if (LeftBase != RightBase &&
         ((!isa<SymbolicRegion>(LeftBase) && !isa<SymbolicRegion>(RightBase)) ||
-         isa<HeapSpaceRegion>(LeftMS)) ){
+         (isa<HeapSpaceRegion>(LeftMS) || isa<HeapSpaceRegion>(RightMS))) ){
       switch (op) {
       default:
         return UnknownVal();
diff --git a/test/Analysis/malloc.c b/test/Analysis/malloc.c
index bdbd96e2be..7be29301fe 100644
--- a/test/Analysis/malloc.c
+++ b/test/Analysis/malloc.c
@@ -902,6 +902,23 @@ int HeapAssignment() {
   return 0;
 }
 
+int *retPtr();
+int *retPtrMightAlias(int *x);
+int cmpHeapAllocationToUnknown() {
+  int zero = 0;
+  int *yBefore = retPtr();
+  int *m = malloc(8);
+  int *yAfter = retPtrMightAlias(m);
+  if (yBefore == m) {
+    return 5/zero; // expected-warning {{This statement is never executed}}
+  }
+  if (yAfter == m) {
+    return 5/zero; // expected-warning {{This statement is never executed}}
+  }
+  free(m);
+  return 0;
+}
+
 // ----------------------------------------------------------------------------
 // False negatives.