Fix a bug found by Thomas Clement where 'return [[[NSString alloc] init] autorelease]' would emit a false 'too many overreleases' error.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71432 91177308-0d34-0410-b5e6-96231b3b80d8

1 files changed, 10 insertions, 2 deletions

diff --git a/lib/Analysis/CFRefCount.cpp b/lib/Analysis/CFRefCount.cpp
index d3702ec8eb..ebc4dcc6ff 100644
--- a/lib/Analysis/CFRefCount.cpp
+++ b/lib/Analysis/CFRefCount.cpp
@@ -3314,12 +3314,20 @@ CFRefCount::HandleAutoreleaseCounts(GRStateRef state, GenericNodeBuilder Bd,
   assert(!isGCEnabled() && "Autorelease counts in GC mode?");  
   unsigned Cnt = V.getCount();
   
+  // FIXME: Handle sending 'autorelease' to already released object.
+
+  if (V.getKind() == RefVal::ReturnedOwned)
+    ++Cnt;
+  
   if (ACnt <= Cnt) {
     if (ACnt == Cnt) {
       V.clearCounts();
-      V = V ^ RefVal::NotOwned;
+      if (V.getKind() == RefVal::ReturnedOwned)
+        V = V ^ RefVal::ReturnedNotOwned;
+      else
+        V = V ^ RefVal::NotOwned;
     }
-    else {      
+    else {
       V.setCount(Cnt - ACnt);
       V.setAutoreleaseCount(0);
     }