[clang][dataflow] Don't crash if copy constructor arg doesn't have a storage location.

I accidentally used `cast` instead of `cast_or_null`.

Reviewed By: sammccall, xazax.hun

Differential Revision: https://reviews.llvm.org/D153956

diff --git a/clang/lib/Analysis/FlowSensitive/Transfer.cpp b/clang/lib/Analysis/FlowSensitive/Transfer.cpp
index c09b6b9..54b8b3a 100644 (file)
--- a/clang/lib/Analysis/FlowSensitive/Transfer.cpp
+++ b/clang/lib/Analysis/FlowSensitive/Transfer.cpp
@@ -598,7 +598,7 @@ public:
       const Expr *Arg = S->getArg(0);
       assert(Arg != nullptr);
 
-      auto *ArgLoc = cast<AggregateStorageLocation>(
+      auto *ArgLoc = cast_or_null<AggregateStorageLocation>(
           Env.getStorageLocation(*Arg, SkipPast::Reference));
       if (ArgLoc == nullptr)
         return;

diff --git a/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp b/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
index 51550ad..f41c3f2 100644 (file)
--- a/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
+++ b/clang/unittests/Analysis/FlowSensitive/TransferTest.cpp
@@ -2237,6 +2237,21 @@ TEST(TransferTest, CopyConstructorWithParens) {
       });
 }
 
+TEST(TransferTest, CopyConstructorArgIsRefReturnedByFunction) {
+  // This is a crash repro.
+  std::string Code = R"(
+    struct S {};
+    const S &returnsSRef();
+    void target() {
+      S s(returnsSRef());
+    }
+  )";
+  runDataflow(
+      Code,
+      [](const llvm::StringMap<DataflowAnalysisState<NoopLattice>> &Results,
+         ASTContext &ASTCtx) {});
+}
+
 TEST(TransferTest, MoveConstructor) {
   std::string Code = R"(
     namespace std {