[analyzer] Track null object lvalues back through C++ method calls.

The expression 'a->b.c()' contains a call to the 'c' method of 'a->b'.
We emit an error if 'a' is NULL, but previously didn't actually track
the null value back through the 'a->b' expression, which caused us to
miss important false-positive-suppression cases, including
<rdar://problem/12676053>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173547 91177308-0d34-0410-b5e6-96231b3b80d8

lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp

@@ -76,6 +76,8 @@ void CallAndMessageChecker::emitBadCall(BugType *BT, CheckerContext &C,
   BugReport *R = new BugReport(*BT, BT->getName(), N);
   if (BadE) {
     R->addRange(BadE->getSourceRange());
+    if (BadE->isGLValue())
+      BadE = bugreporter::getDerefExpr(BadE);
     bugreporter::trackNullOrUndefValue(N, BadE, *R);
   }
   C.emitReport(R);

test/Analysis/inlining/false-positive-suppression.cpp

@@ -0,0 +1,36 @@
+// RUN: %clang_cc1 -analyze -analyzer-checker=core -analyzer-config suppress-null-return-paths=false -verify %s
+// RUN: %clang_cc1 -analyze -analyzer-checker=core -verify -DSUPPRESSED=1 %s
+
+#ifdef SUPPRESSED
+// expected-no-diagnostics
+#endif
+
+namespace rdar12676053 {
+  // Delta-reduced from a preprocessed file.
+  template<class T>
+  class RefCount {
+    T *ref;
+  public:
+    T *operator->() const {
+      return ref ? ref : 0;
+    }
+  };
+
+  class string {};
+
+  class ParserInputState {
+  public:
+    string filename;
+  };
+
+  class Parser {
+    void setFilename(const string& f)  {
+      inputState->filename = f;
+#ifndef SUPPRESSED
+// expected-warning@-2 {{Called C++ object pointer is null}}
+#endif
+    }
+  protected:
+    RefCount<ParserInputState> inputState;
+  };
+}