Handle pointer arithmetic in RegionStoreManager involving Objective-C pointers

when using the non-fragile Objective-C ABI.  This fixes <rdar://problem/7168531>.

llvm-svn: 80047

2 files changed, 27 insertions, 2 deletions

diff --git a/clang/lib/Analysis/RegionStore.cpp b/clang/lib/Analysis/RegionStore.cpp
index 9225bfbaae7..4c8610734e5 100644
--- a/clang/lib/Analysis/RegionStore.cpp
+++ b/clang/lib/Analysis/RegionStore.cpp
@@ -750,8 +750,14 @@ SVal RegionStoreManager::EvalBinOp(const GRState *state,
     case MemRegion::SymbolicRegionKind: {
       const SymbolicRegion *SR = cast<SymbolicRegion>(MR);
       SymbolRef Sym = SR->getSymbol();
-      QualType T = Sym->getType(getContext());      
-      QualType EleTy = T->getAs<PointerType>()->getPointeeType();        
+      QualType T = Sym->getType(getContext());
+      QualType EleTy;
+      
+      if (const PointerType *PT = T->getAs<PointerType>())
+        EleTy = PT->getPointeeType();
+      else
+        EleTy = T->getAsObjCObjectPointerType()->getPointeeType();
+      
       SVal ZeroIdx = ValMgr.makeZeroArrayIndex();
       ER = MRMgr.getElementRegion(EleTy, ZeroIdx, SR, getContext());
       break;        
diff --git a/clang/test/Analysis/rdar-7168531.m b/clang/test/Analysis/rdar-7168531.m
new file mode 100644
index 00000000000..bdbd22d24e2
--- /dev/null
+++ b/clang/test/Analysis/rdar-7168531.m
@@ -0,0 +1,19 @@
+// RUN: clang-cc -analyze -checker-cfref -triple i386-apple-darwin10 -analyzer-store=region &&
+// RUN: clang-cc -analyze -checker-cfref -triple i386-apple-darwin10 -analyzer-store=basic
+
+// Note that the target triple is important for this test case.  It specifies that we use the
+// fragile Objective-C ABI.
+
+@interface Foo {
+  int x;
+}
+@end
+
+@implementation Foo
+static Foo* bar(Foo *p) {
+  if (p->x)
+   return ++p;  // This is only valid for the fragile ABI.
+
+  return p;
+}
+@end