Provide stop-gap solution to crash reported in PR 14436.

This was also covered by <rdar://problem/12753384>.  The static analyzer
evaluates a CXXConstructExpr within an initializer expression and
RegionStore doesn't know how to handle the resulting CXXTempObjectRegion
that gets created.  We need a better solution than just dropping the
value, but we need to better understand how to implement the right
semantics here.

Thanks to Jordan for his help diagnosing the behavior here.

llvm-svn: 168741

1 files changed, 10 insertions, 8 deletions

diff --git a/clang/lib/StaticAnalyzer/Core/RegionStore.cpp b/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
index aed994df411..875a7ce4d4e 100644
--- a/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
+++ b/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
@@ -1581,14 +1581,16 @@ StoreRef RegionStoreManager::BindArray(Store store, const TypedValueRegion* R,
     Size = CAT->getSize().getZExtValue();
 
   // Check if the init expr is a string literal.
-  if (loc::MemRegionVal *MRV = dyn_cast<loc::MemRegionVal>(&Init)) {
-    const StringRegion *S = cast<StringRegion>(MRV->getRegion());
-
-    // Treat the string as a lazy compound value.
-    nonloc::LazyCompoundVal LCV =
-      cast<nonloc::LazyCompoundVal>(svalBuilder.
-                                makeLazyCompoundVal(StoreRef(store, *this), S));
-    return BindAggregate(store, R, LCV);
+  if (const MemRegion *Reg = Init.getAsRegion()) {
+    if (const StringRegion *S = dyn_cast<StringRegion>(Reg)) {
+      // Treat the string as a lazy compound value.
+      NonLoc V = svalBuilder.makeLazyCompoundVal(StoreRef(store, *this), S);
+      return BindAggregate(store, R, V);
+    }
+    // FIXME: Handle CXXTempObjectRegion, which can occur in cases
+    // where a struct contains an array of structs in C++.
+    assert(isa<CXXTempObjectRegion>(Reg));
+    return BindAggregate(store, R, UnknownVal());
   }
 
   // Handle lazy compound values.