From: Anna Zaks <ganna@apple.com>
Date: Thu, 24 May 2012 17:31:57 +0000 (+0000)
Subject: [analyzer] Treat cast of array to reference in the same way as array to
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=d0867105f4824a630f898422c4ef31708e0ad90e;p=platform%2Fupstream%2Fllvm.git

[analyzer] Treat cast of array to reference in the same way as array to
pointer.

Fixes one of the crashes reported in PR12874.

llvm-svn: 157401
---

diff --git a/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp b/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
index d005c2a..765ae48 100644
--- a/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
+++ b/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
@@ -325,7 +325,7 @@ SVal SValBuilder::evalCast(SVal val, QualType castTy, QualType originalTy) {
 
     // Are we casting from an array to a pointer?  If so just pass on
     // the decayed value.
-    if (castTy->isPointerType())
+    if (castTy->isPointerType() || castTy->isReferenceType())
       return val;
 
     // Are we casting from an array to an integer?  If so, cast the decayed
diff --git a/clang/test/Analysis/cxx11-crashes.cpp b/clang/test/Analysis/cxx11-crashes.cpp
index 2dc9b55..8c68734 100644
--- a/clang/test/Analysis/cxx11-crashes.cpp
+++ b/clang/test/Analysis/cxx11-crashes.cpp
@@ -36,3 +36,24 @@ void radar11487541() {
 void testFloatInitializer() {
   const float ysize={0.015}, xsize={0.01};
 }
+
+
+// PR12874, radar://11487525
+template<class T> struct addr_impl_ref {
+  T & v_;
+  inline addr_impl_ref( T & v ): v_( v ) {
+  }
+  inline operator T& () const {return v_;}
+};
+template<class T> struct addressof_impl {
+  static inline T * f( T & v, long )     {
+    return reinterpret_cast<T*>(&const_cast<char&>(reinterpret_cast<const volatile char &>(v)));
+  }
+};
+template<class T> T * addressof( T & v ) {
+  return addressof_impl<T>::f( addr_impl_ref<T>( v ), 0 );
+}
+void testRadar11487525_1(){
+  bool s[25];
+  addressof(s);
+}