diff options
| author | Jordan Rose <jordan_rose@apple.com> | 2012-09-06 23:44:36 +0000 |
|---|---|---|
| committer | Jordan Rose <jordan_rose@apple.com> | 2012-09-06 23:44:36 +0000 |
| commit | 7e97996f4e6a9a1146ed2bbb7fc84c45455e1729 (patch) | |
| tree | 6285133d7ab13e37ae74e97e94869960e904510f /clang/lib/StaticAnalyzer/Core/ExprEngineObjC.cpp | |
| parent | 026f833368d40969f196680abf888a945d8c5621 (diff) | |
| download | bcm5719-llvm-7e97996f4e6a9a1146ed2bbb7fc84c45455e1729.tar.gz bcm5719-llvm-7e97996f4e6a9a1146ed2bbb7fc84c45455e1729.zip | |
[analyzer] Don't crash if we cache out while evaluating an ObjC message.
A bizarre series of coincidences led us to generate a previously-seen
node in the middle of processing an Objective-C message, where we assume
the receiver is non-nil. We were assuming that such an assumption would
never "cache out" like this, and blithely went on using a null ExplodedNode
as the predecessor for the next step in evaluation.
Although the test case committed here is complicated, this could in theory
happen in other ways as well, so the correct fix is just to test if the
non-nil assumption results in an ExplodedNode we've seen before.
<rdar://problem/12243648>
llvm-svn: 163361
Diffstat (limited to 'clang/lib/StaticAnalyzer/Core/ExprEngineObjC.cpp')
| -rw-r--r-- | clang/lib/StaticAnalyzer/Core/ExprEngineObjC.cpp | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngineObjC.cpp b/clang/lib/StaticAnalyzer/Core/ExprEngineObjC.cpp index 2b787b64f93..abe18bf835d 100644 --- a/clang/lib/StaticAnalyzer/Core/ExprEngineObjC.cpp +++ b/clang/lib/StaticAnalyzer/Core/ExprEngineObjC.cpp @@ -245,8 +245,9 @@ void ExprEngine::VisitObjCMessage(const ObjCMessageExpr *ME, } } - // Evaluate the call. - defaultEvalCall(Bldr, Pred, *UpdatedMsg); + // Evaluate the call if we haven't cached out. + if (Pred) + defaultEvalCall(Bldr, Pred, *UpdatedMsg); } ExplodedNodeSet dstPostvisit; |
