[analyzer] Fix a crash on accessing a field within a literal-initialized union.

Because in case of unions we currently default-bind compound values in the
store, this quick fix avoids the crash for this case.

Patch by Ilya Palachev and independently by Alexander Shaposhnikov!

Differential Revision: https://reviews.llvm.org/D26442

llvm-svn: 287618

diff --git a/clang/lib/StaticAnalyzer/Core/RegionStore.cpp b/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
index 5de3af9..a19869d 100644 (file)
--- a/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
+++ b/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
@@ -1674,7 +1674,8 @@ RegionStoreManager::getBindingForDerivedDefaultValue(RegionBindingsConstRef B,
 
     // Lazy bindings are usually handled through getExistingLazyBinding().
     // We should unify these two code paths at some point.
-    if (val.getAs<nonloc::LazyCompoundVal>())
+    if (val.getAs<nonloc::LazyCompoundVal>() ||
+        val.getAs<nonloc::CompoundVal>())
       return val;
 
     llvm_unreachable("Unknown default value");

diff --git a/clang/test/Analysis/uninit-vals-union.c b/clang/test/Analysis/uninit-vals-union.c
new file mode 100644 (file)
index 0000000..927dfa2
--- /dev/null
+++ b/clang/test/Analysis/uninit-vals-union.c
@@ -0,0 +1,13 @@
+// RUN: %clang_cc1 -analyze -analyzer-checker=core.builtin -analyzer-store=region -verify -Wno-unused %s
+
+typedef union {
+  int y;
+} U;
+
+typedef struct { int x; } A;
+
+void foo() {
+  U u = {};
+  A *a = &u; // expected-warning{{incompatible pointer types}}
+  a->x;      // no-crash
+}