From aea020f04ec86ba9165ad701ad58cc467a0906fe Mon Sep 17 00:00:00 2001
From: Jordan Rose <jordan_rose@apple.com>
Date: Sat, 26 Jan 2013 01:28:23 +0000
Subject: [PATCH] [analyzer] Track null object lvalues back through C++ method
 calls.

The expression 'a->b.c()' contains a call to the 'c' method of 'a->b'.
We emit an error if 'a' is NULL, but previously didn't actually track
the null value back through the 'a->b' expression, which caused us to
miss important false-positive-suppression cases, including
<rdar://problem/12676053>.

llvm-svn: 173547
---
 .../Checkers/CallAndMessageChecker.cpp             |  2 ++
 .../inlining/false-positive-suppression.cpp        | 36 ++++++++++++++++++++++
 2 files changed, 38 insertions(+)
 create mode 100644 clang/test/Analysis/inlining/false-positive-suppression.cpp

diff --git a/clang/lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp
index 1285d32..e32091e 100644
--- a/clang/lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp
@@ -76,6 +76,8 @@ void CallAndMessageChecker::emitBadCall(BugType *BT, CheckerContext &C,
   BugReport *R = new BugReport(*BT, BT->getName(), N);
   if (BadE) {
     R->addRange(BadE->getSourceRange());
+    if (BadE->isGLValue())
+      BadE = bugreporter::getDerefExpr(BadE);
     bugreporter::trackNullOrUndefValue(N, BadE, *R);
   }
   C.emitReport(R);
diff --git a/clang/test/Analysis/inlining/false-positive-suppression.cpp b/clang/test/Analysis/inlining/false-positive-suppression.cpp
new file mode 100644
index 0000000..6fbf739
--- /dev/null
+++ b/clang/test/Analysis/inlining/false-positive-suppression.cpp
@@ -0,0 +1,36 @@
+// RUN: %clang_cc1 -analyze -analyzer-checker=core -analyzer-config suppress-null-return-paths=false -verify %s
+// RUN: %clang_cc1 -analyze -analyzer-checker=core -verify -DSUPPRESSED=1 %s
+
+#ifdef SUPPRESSED
+// expected-no-diagnostics
+#endif
+
+namespace rdar12676053 {
+  // Delta-reduced from a preprocessed file.
+  template<class T>
+  class RefCount {
+    T *ref;
+  public:
+    T *operator->() const {
+      return ref ? ref : 0;
+    }
+  };
+
+  class string {};
+
+  class ParserInputState {
+  public:
+    string filename;
+  };
+
+  class Parser {
+    void setFilename(const string& f)  {
+      inputState->filename = f;
+#ifndef SUPPRESSED
+// expected-warning@-2 {{Called C++ object pointer is null}}
+#endif
+    }
+  protected:
+    RefCount<ParserInputState> inputState;
+  };
+}
\ No newline at end of file
-- 
2.7.4