Fix static analyzer crash when casting from an incomplete type

Summary:
When doing a reinterpret+dynamic cast from an incomplete type, the analyzer
would crash (bug #16308). This fix makes the dynamic cast evaluator ignore
incomplete types, as they can never be used in a dynamic_cast. Also adding a
regression test.

CC: cfe-commits

Differential Revision: http://llvm-reviews.chandlerc.com/D1006

llvm-svn: 184403

1 files changed, 4 insertions, 1 deletions

diff --git a/clang/lib/StaticAnalyzer/Core/Store.cpp b/clang/lib/StaticAnalyzer/Core/Store.cpp
index 690ed08ffc7..0beb9dbbc5b 100644
--- a/clang/lib/StaticAnalyzer/Core/Store.cpp
+++ b/clang/lib/StaticAnalyzer/Core/Store.cpp
@@ -325,7 +325,10 @@ SVal StoreManager::evalDynamicCast(SVal Base, QualType TargetType,
     if (MRClass == TargetClass)
       return loc::MemRegionVal(MR);
 
-    if (!TargetType->isVoidType()) {
+    // We skip over incomplete types. They must be the result of an earlier
+    // reinterpret_cast, as one can only dynamic_cast between types in the same
+    // class hierarchy.
+    if (!TargetType->isVoidType() && MRClass->hasDefinition()) {
       // Static upcasts are marked as DerivedToBase casts by Sema, so this will
       // only happen when multiple or virtual inheritance is involved.
       CXXBasePaths Paths(/*FindAmbiguities=*/false, /*RecordPaths=*/true,