// RUN: %clang_analyze_cc1 -w -analyzer-eagerly-assume -fcxx-exceptions -analyzer-checker=core -analyzer-checker=alpha.core.PointerArithm,alpha.core.CastToStruct -analyzer-max-loop 64 -verify %s
// RUN: %clang_analyze_cc1 -w -analyzer-checker=core -analyzer-checker=cplusplus -fcxx-exceptions -analyzer-checker alpha.core.PointerArithm,alpha.core.CastToStruct -analyzer-max-loop 63 -verify %s

// These tests used to hit an assertion in the bug report. Test case from http://llvm.org/PR24184.
typedef struct {
  int cbData;
  unsigned pbData;
} CRYPT_DATA_BLOB;

typedef enum { DT_NONCE_FIXED } DATA_TYPE;
int a;
typedef int *vcreate_t(int *, DATA_TYPE, int, int);
void fn1(unsigned, unsigned) {
  char b = 0;
  for (; 1; a++, &b + a * 0)
    ;
}

vcreate_t fn2;
struct A {
  CRYPT_DATA_BLOB value;
  int m_fn1() {
    int c;
    value.pbData == 0;
    fn1(0, 0);
  }
};
struct B {
  A IkeHashAlg;
  A IkeGType;
  A NoncePhase1_r;
};
class C {
  int m_fn2(B *);
  void m_fn3(B *, int, int, int);
};
int C::m_fn2(B *p1) {
  int *d;
  int e = p1->IkeHashAlg.m_fn1();
  unsigned f = p1->IkeGType.m_fn1(), h;
  int g;
  d = fn2(0, DT_NONCE_FIXED, (char)0, p1->NoncePhase1_r.value.cbData);
  h = 0 | 0;
  m_fn3(p1, 0, 0, 0);
}

// case 2:
typedef struct {
  int cbData;
  unsigned char *pbData;
} CRYPT_DATA_BLOB_1;
typedef unsigned uint32_t;
void fn1_1(void *p1, const void *p2) { p1 != p2; }

void fn2_1(uint32_t *p1, unsigned char *p2, uint32_t p3) {
  unsigned i = 0;
  for (0; i < p3; i++)
    fn1_1(p1 + i, p2 + i * 0);
}

struct A_1 {
  CRYPT_DATA_BLOB_1 value;
  uint32_t m_fn1() {
    uint32_t a;
    if (value.pbData)
      fn2_1(&a, value.pbData, value.cbData);
    return 0;
  }
};
struct {
  A_1 HashAlgId;
} *b;
void fn3() {
  uint32_t c, d;
  d = b->HashAlgId.m_fn1();
  d << 0 | 0 | 0;
  c = 0;
  0 | 1 << 0 | 0 && b;
}

// case 3:
struct ST {
  char c;
};
char *p;
int foo1(ST);
int foo2() {
  ST *p1 = (ST *)(p);      // expected-warning{{Casting a non-structure type to a structure type and accessing a field can lead to memory access errors or data corruption}}
  while (p1->c & 0x0F || p1->c & 0x07)
    p1 = p1 + foo1(*p1);
}

int foo3(int *node) {
  int i = foo2();
  if (i)
    return foo2();
}