2 files changed, 16 insertions, 1 deletions

diff --git a/lib/StaticAnalyzer/Core/CFRefCount.cpp b/lib/StaticAnalyzer/Core/CFRefCount.cpp
index 5131c73925..df82c58204 100644
--- a/lib/StaticAnalyzer/Core/CFRefCount.cpp
+++ b/lib/StaticAnalyzer/Core/CFRefCount.cpp
@@ -2529,6 +2529,14 @@ void CFRefCount::evalSummary(ExplodedNodeSet& Dst,
       RegionsToInvalidate.push_back(region);
   }
   
+  // Invalidate all instance variables for the callee of a C++ method call.
+  // FIXME: We should be able to do better with inter-procedural analysis.
+  // FIXME: we can probably do better for const versus non-const methods.
+  if (callOrMsg.isCXXCall()) {
+    if (const MemRegion *callee = callOrMsg.getCXXCallee().getAsRegion())
+      RegionsToInvalidate.push_back(callee);
+  }
+  
   for (unsigned idx = 0, e = callOrMsg.getNumArgs(); idx != e; ++idx) {
     SVal V = callOrMsg.getArgSValAsScalarOrLoc(idx);
     SymbolRef Sym = V.getAsLocSymbol();
diff --git a/lib/StaticAnalyzer/Core/ObjCMessage.cpp b/lib/StaticAnalyzer/Core/ObjCMessage.cpp
index c44d36ae49..c005819c9c 100644
--- a/lib/StaticAnalyzer/Core/ObjCMessage.cpp
+++ b/lib/StaticAnalyzer/Core/ObjCMessage.cpp
@@ -111,7 +111,7 @@ const Expr *ObjCMessage::getArgExpr(unsigned i) const {
 QualType CallOrObjCMessage::getResultType(ASTContext &ctx) const {
   QualType resultTy;
   bool isLVal = false;
-  
+
   if (CallE) {
     isLVal = CallE->isLValue();
     const Expr *Callee = CallE->getCallee();
@@ -140,3 +140,10 @@ SVal CallOrObjCMessage::getArgSValAsScalarOrLoc(unsigned i) const {
     return Msg.getArgSVal(i, State);
   return UnknownVal();
 }
+
+SVal CallOrObjCMessage::getCXXCallee() const {
+  assert(isCXXCall());
+  const Expr *callee =
+    cast<CXXMemberCallExpr>(CallE)->getImplicitObjectArgument();
+  return State->getSVal(callee);  
+}