From 30de950bba8765989f818cb7470b3b0672e10e29 Mon Sep 17 00:00:00 2001
From: Ted Kremenek <kremenek@apple.com>
Date: Thu, 22 Mar 2012 21:42:31 +0000
Subject: [PATCH] Fix static analyzer crash on code taking the address of a
 field.  Fixes PR 11146.

llvm-svn: 153283
---
 .../Analysis/Visitors/CFGRecStmtDeclVisitor.h    |  2 ++
 clang/lib/StaticAnalyzer/Core/ExprEngine.cpp     |  7 +++++++
 clang/test/Analysis/misc-ps-region-store.cpp     | 16 ++++++++++++++++
 3 files changed, 25 insertions(+)

diff --git a/clang/include/clang/Analysis/Visitors/CFGRecStmtDeclVisitor.h b/clang/include/clang/Analysis/Visitors/CFGRecStmtDeclVisitor.h
index b9c8b04e2887..97eb28702736 100644
--- a/clang/include/clang/Analysis/Visitors/CFGRecStmtDeclVisitor.h
+++ b/clang/include/clang/Analysis/Visitors/CFGRecStmtDeclVisitor.h
@@ -66,6 +66,7 @@ public:
         DISPATCH_CASE(Record)    // FIXME: Refine.  VisitStructDecl?
         DISPATCH_CASE(CXXRecord)
         DISPATCH_CASE(Enum)
+        DISPATCH_CASE(Field)
         DISPATCH_CASE(UsingDirective)
         DISPATCH_CASE(Using)
       default:
@@ -82,6 +83,7 @@ public:
   DEFAULT_DISPATCH(Typedef)
   DEFAULT_DISPATCH(Record)
   DEFAULT_DISPATCH(Enum)
+  DEFAULT_DISPATCH(Field)
   DEFAULT_DISPATCH(ObjCInterface)
   DEFAULT_DISPATCH(ObjCMethod)
   DEFAULT_DISPATCH(ObjCProtocol)
diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp b/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp
index 051c31a55482..1bbcf1e68927 100644
--- a/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp
+++ b/clang/lib/StaticAnalyzer/Core/ExprEngine.cpp
@@ -1384,6 +1384,13 @@ void ExprEngine::VisitCommonDeclRefExpr(const Expr *Ex, const NamedDecl *D,
                       ProgramPoint::PostLValueKind);
     return;
   }
+  if (isa<FieldDecl>(D)) {
+    // FIXME: Compute lvalue of fields.
+    Bldr.generateNode(Ex, Pred, state->BindExpr(Ex, LCtx, UnknownVal()),
+		      false, 0, ProgramPoint::PostLValueKind);
+    return;
+  }
+
   assert (false &&
           "ValueDecl support for this ValueDecl not implemented.");
 }
diff --git a/clang/test/Analysis/misc-ps-region-store.cpp b/clang/test/Analysis/misc-ps-region-store.cpp
index 00dff70480ea..e0cedcce9351 100644
--- a/clang/test/Analysis/misc-ps-region-store.cpp
+++ b/clang/test/Analysis/misc-ps-region-store.cpp
@@ -552,3 +552,19 @@ void PR11545_positive() {
   }
 }
 
+// Test handling taking the address of a field.  While the analyzer
+// currently doesn't do anything intelligent here, this previously
+// resulted in a crash.
+class PR11146 {
+public:
+  struct Entry;
+  void baz();
+};
+
+struct PR11146::Entry {
+  int x;
+};
+
+void PR11146::baz() {
+  (void) &Entry::x;
+}