Handle loading of field values from LazyCompoundVals in GRExprEngine::VisitMemberExpr().

This fixes the crash reported in PR 5316.

llvm-svn: 85578

2 files changed, 35 insertions, 6 deletions

diff --git a/clang/lib/Analysis/GRExprEngine.cpp b/clang/lib/Analysis/GRExprEngine.cpp
index c0aed2306e3..99e214400ec 100644
--- a/clang/lib/Analysis/GRExprEngine.cpp
+++ b/clang/lib/Analysis/GRExprEngine.cpp
@@ -1092,13 +1092,26 @@ void GRExprEngine::VisitMemberExpr(MemberExpr* M, ExplodedNode* Pred,
     // FIXME: Should we insert some assumption logic in here to determine
     // if "Base" is a valid piece of memory?  Before we put this assumption
     // later when using FieldOffset lvals (which we no longer have).
-    SVal L = state->getLValue(Field, state->getSVal(Base));
+    SVal BaseV = state->getSVal(Base);
+    
+    if (nonloc::LazyCompoundVal *LVC=dyn_cast<nonloc::LazyCompoundVal>(&BaseV)){
+      const LazyCompoundValData *D = LVC->getCVData();
+      const FieldRegion * FR =
+        getStateManager().getRegionManager().getFieldRegion(Field,
+                                                            D->getRegion());
+
+      SVal V = D->getState()->getSVal(loc::MemRegionVal(FR));
+      MakeNode(Dst, M, *I, state->BindExpr(M, V));
+    }
+    else {
+      SVal L = state->getLValue(Field, BaseV);
 
-    if (asLValue)
-      MakeNode(Dst, M, *I, state->BindExpr(M, L),
-               ProgramPoint::PostLValueKind);
-    else
-      EvalLoad(Dst, M, *I, state, L);
+      if (asLValue)
+        MakeNode(Dst, M, *I, state->BindExpr(M, L),
+                 ProgramPoint::PostLValueKind);
+      else
+        EvalLoad(Dst, M, *I, state, L);
+    }
   }
 }
 
diff --git a/clang/test/Analysis/misc-ps-region-store.m b/clang/test/Analysis/misc-ps-region-store.m
index 5bba63a3a21..4cde7726b49 100644
--- a/clang/test/Analysis/misc-ps-region-store.m
+++ b/clang/test/Analysis/misc-ps-region-store.m
@@ -415,3 +415,19 @@ int rdar7347252(rdar7347252_SSL1 *s) {
  }
  return 0;
 }
+
+//===----------------------------------------------------------------------===//
+// PR 5316 - "crash when accessing field of lazy compound value"
+//  Previously this caused a crash at the MemberExpr '.chr' when loading
+//  a field value from a LazyCompoundVal
+//===----------------------------------------------------------------------===//
+
+typedef unsigned int pr5316_wint_t;
+typedef pr5316_wint_t pr5316_REFRESH_CHAR;
+typedef struct {
+  pr5316_REFRESH_CHAR chr;
+}
+pr5316_REFRESH_ELEMENT;
+static void pr5316(pr5316_REFRESH_ELEMENT *dst, const pr5316_REFRESH_ELEMENT *src) {
+  while ((*dst++ = *src++).chr != L'\0')  ;
+}