[static analyzer] Fix crash in LiveVariables and Environment::getSVal…

…() when analyzing C++ pointer-to-member calls. Fixes <rdar://problem/10243398>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141312 91177308-0d34-0410-b5e6-96231b3b80d8

lib/Analysis/LiveVariables.cpp

@@ -352,9 +352,10 @@ void TransferFunctions::Visit(Stmt *S) {
     case Stmt::CXXMemberCallExprClass: {
       // Include the implicit "this" pointer as being live.
       CXXMemberCallExpr *CE = cast<CXXMemberCallExpr>(S);
-      val.liveStmts =
-        LV.SSetFact.add(val.liveStmts,
-                        CE->getImplicitObjectArgument()->IgnoreParens());
+      if (Expr *ImplicitObj = CE->getImplicitObjectArgument()) {
+        ImplicitObj = ImplicitObj->IgnoreParens();        
+        val.liveStmts = LV.SSetFact.add(val.liveStmts, ImplicitObj);
+      }
       break;
     }
     case Stmt::DeclStmtClass: {

lib/StaticAnalyzer/Core/ObjCMessage.cpp

@@ -148,7 +148,13 @@ SVal CallOrObjCMessage::getCXXCallee() const {
   const CallExpr *ActualCall = CallE.get<const CallExpr *>();
   const Expr *callee =
     cast<CXXMemberCallExpr>(ActualCall)->getImplicitObjectArgument();
-  return State->getSVal(callee);  
+
+  // FIXME: Will eventually need to cope with member pointers.  This is
+  // a limitation in getImplicitObjectArgument().
+  if (!callee)
+    return UnknownVal();
+
+  return State->getSVal(callee);
 }
 
 SVal

test/Analysis/misc-ps-cxx0x.cpp

@@ -9,3 +9,15 @@ void test_analyzer_working() {
   *p = 0xDEADBEEF; // expected-warning {{null}}
 }
 
+// Test that pointer-to-member functions don't cause the analyzer
+// to crash.
+struct RDar10243398 {
+  void bar(int x);
+};
+
+typedef void (RDar10243398::*RDar10243398MemberFn)(int x);
+
+void test_rdar10243398(RDar10243398 *p) {
+  RDar10243398MemberFn q = &RDar10243398::bar;
+  ((*p).*(q))(1);
+}