[analyzer] Avoid a crash in DereferenceChecker on string literal initializers.

A hotfix for pr31592 that fixes the crash but not the root cause of the problem.
We need to update the analyzer engine further to account for AST changes
introduced in r289618. At the moment we're erroneously performing a redundant
lvalue-to-rvalue cast in this scenario, and squashing the rvalue of the object
bound to the reference into the reference itself.

rdar://problem/28832541


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@291754 91177308-0d34-0410-b5e6-96231b3b80d8

2 files changed, 13 insertions, 0 deletions

diff --git a/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp b/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
index 152b937bb0..a98d379bb8 100644
--- a/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
+++ b/lib/StaticAnalyzer/Checkers/DereferenceChecker.cpp
@@ -253,6 +253,12 @@ void DereferenceChecker::checkBind(SVal L, SVal V, const Stmt *S,
   if (!TVR->getValueType()->isReferenceType())
     return;
 
+  // FIXME: This is a hotfix for https://llvm.org/bugs/show_bug.cgi?id=31592
+  // A proper fix is very much necessary. Otherwise we would never normally bind
+  // a NonLoc to a reference.
+  if (V.getAs<NonLoc>())
+    return;
+
   ProgramStateRef State = C.getState();
 
   ProgramStateRef StNonNull, StNull;
diff --git a/test/Analysis/initializer.cpp b/test/Analysis/initializer.cpp
index b31c315ba5..09509271da 100644
--- a/test/Analysis/initializer.cpp
+++ b/test/Analysis/initializer.cpp
@@ -197,3 +197,10 @@ namespace ReferenceInitialization {
   }
 
 };
+
+namespace PR31592 {
+struct C {
+   C() : f("}") { } // no-crash
+   const char(&f)[2];
+};
+}