[analyzer] Use evalBind for C++ new of scalar types.

These types will not have a CXXConstructExpr to do the initialization for
them. Previously we just used a simple call to ProgramState::bindLoc, but
that doesn't trigger proper checker callbacks (like pointer escape).

Found by Anton Yartsev.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178160 91177308-0d34-0410-b5e6-96231b3b80d8

1 files changed, 10 insertions, 7 deletions

diff --git a/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp b/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
index d1a591c7fe..0fedf255d6 100644
--- a/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
+++ b/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
@@ -331,20 +331,23 @@ void ExprEngine::VisitCXXNewExpr(const CXXNewExpr *CNE, ExplodedNode *Pred,
     State = State->BindExpr(CNE, LCtx, symVal);
   }
 
+  Bldr.generateNode(CNE, Pred, State);  
+
   // If the type is not a record, we won't have a CXXConstructExpr as an
   // initializer. Copy the value over.
   if (const Expr *Init = CNE->getInitializer()) {
     if (!isa<CXXConstructExpr>(Init)) {
-      QualType ObjTy = CNE->getType()->getAs<PointerType>()->getPointeeType();
-      (void)ObjTy;
-      assert(!ObjTy->isRecordType());
+      assert(Bldr.getResults().size() == 1);
+      ExplodedNode *TmpN = *Bldr.getResults().begin();
+      Bldr.takeNodes(TmpN);
+
+      assert(!CNE->getType()->getPointeeCXXRecordDecl());
+
       SVal Location = State->getSVal(CNE, LCtx);
-      if (Optional<Loc> LV = Location.getAs<Loc>())
-        State = State->bindLoc(*LV, State->getSVal(Init, LCtx));
+      bool FirstInit = (Location == symVal);
+      evalBind(Dst, CNE, TmpN, Location, State->getSVal(Init, LCtx), FirstInit);
     }
   }
-
-  Bldr.generateNode(CNE, Pred, State);
 }
 
 void ExprEngine::VisitCXXDeleteExpr(const CXXDeleteExpr *CDE,