Handle pointer arithmetic in RegionStoreManager involving Objective-C pointers

when using the non-fragile Objective-C ABI.  This fixes <rdar://problem/7168531>.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80047 91177308-0d34-0410-b5e6-96231b3b80d8

lib/Analysis/RegionStore.cpp

@@ -750,8 +750,14 @@ SVal RegionStoreManager::EvalBinOp(const GRState *state,
     case MemRegion::SymbolicRegionKind: {
       const SymbolicRegion *SR = cast<SymbolicRegion>(MR);
       SymbolRef Sym = SR->getSymbol();
-      QualType T = Sym->getType(getContext());      
-      QualType EleTy = T->getAs<PointerType>()->getPointeeType();        
+      QualType T = Sym->getType(getContext());
+      QualType EleTy;
+      
+      if (const PointerType *PT = T->getAs<PointerType>())
+        EleTy = PT->getPointeeType();
+      else
+        EleTy = T->getAsObjCObjectPointerType()->getPointeeType();
+      
       SVal ZeroIdx = ValMgr.makeZeroArrayIndex();
       ER = MRMgr.getElementRegion(EleTy, ZeroIdx, SR, getContext());
       break;        

test/Analysis/rdar-7168531.m

@@ -0,0 +1,19 @@
+// RUN: clang-cc -analyze -checker-cfref -triple i386-apple-darwin10 -analyzer-store=region &&
+// RUN: clang-cc -analyze -checker-cfref -triple i386-apple-darwin10 -analyzer-store=basic
+
+// Note that the target triple is important for this test case.  It specifies that we use the
+// fragile Objective-C ABI.
+
+@interface Foo {
+  int x;
+}
+@end
+
+@implementation Foo
+static Foo* bar(Foo *p) {
+  if (p->x)
+   return ++p;  // This is only valid for the fragile ABI.
+
+  return p;
+}
+@end