[analyzer] Don't canonicalize the RecordDecl used in CXXBaseObjectRegion.

This Decl shouldn't be the canonical Decl; it should be the Decl used by
the CXXBaseSpecifier in the subclass. Unfortunately, that means continuing
to throw getCanonicalDecl() on all comparisons.

This fixes MemRegion::getAsOffset's use of ASTRecordLayout when redeclarations
are involved.

llvm-svn: 175913

diff --git a/clang/lib/StaticAnalyzer/Core/MemRegion.cpp b/clang/lib/StaticAnalyzer/Core/MemRegion.cpp
index e67297d..a3e42ea 100644 (file)
--- a/clang/lib/StaticAnalyzer/Core/MemRegion.cpp
+++ b/clang/lib/StaticAnalyzer/Core/MemRegion.cpp
@@ -892,6 +892,8 @@ MemRegionManager::getCXXTempObjectRegion(Expr const *E,
 static bool isValidBaseClass(const CXXRecordDecl *BaseClass,
                              const TypedValueRegion *Super,
                              bool IsVirtual) {
+  BaseClass = BaseClass->getCanonicalDecl();
+
   const CXXRecordDecl *Class = Super->getValueType()->getAsCXXRecordDecl();
   if (!Class)
     return true;
@@ -913,8 +915,6 @@ const CXXBaseObjectRegion *
 MemRegionManager::getCXXBaseObjectRegion(const CXXRecordDecl *RD,
                                          const MemRegion *Super,
                                          bool IsVirtual) {
-  RD = RD->getCanonicalDecl();
-
   if (isa<TypedValueRegion>(Super)) {
     assert(isValidBaseClass(RD, dyn_cast<TypedValueRegion>(Super), IsVirtual));
     (void)isValidBaseClass;

diff --git a/clang/test/Analysis/derived-to-base.cpp b/clang/test/Analysis/derived-to-base.cpp
index 6e4a3fa..b846d2c 100644 (file)
--- a/clang/test/Analysis/derived-to-base.cpp
+++ b/clang/test/Analysis/derived-to-base.cpp
@@ -333,3 +333,33 @@ namespace LazyBindings {
   }
 #endif
 }
+
+namespace Redeclaration {
+  class Base;
+
+  class Base {
+  public:
+    virtual int foo();
+    int get() { return value; }
+
+    int value;
+  };
+
+  class Derived : public Base {
+  public:
+    virtual int bar();
+  };
+
+  void test(Derived d) {
+    d.foo(); // don't crash
+    d.bar(); // sanity check
+
+    Base &b = d;
+    b.foo(); // don't crash
+
+    d.value = 42; // don't crash
+    clang_analyzer_eval(d.get() == 42); // expected-warning{{TRUE}}
+    clang_analyzer_eval(b.get() == 42); // expected-warning{{TRUE}}
+  }
+};
+