Index: lib/StaticAnalyzer/Core/RegionStore.cpp =================================================================== --- lib/StaticAnalyzer/Core/RegionStore.cpp +++ lib/StaticAnalyzer/Core/RegionStore.cpp @@ -2085,15 +2085,12 @@ if (const ConstantArrayType* CAT = dyn_cast(AT)) Size = CAT->getSize().getZExtValue(); - // Check if the init expr is a string literal. + // Check if the init expr is a literal. If so, bind the rvalue instead. + // FIXME: It's not responsibility of the Store to transform this lvalue + // to rvalue. ExprEngine or maybe even CFG should do this before binding. if (Optional MRV = Init.getAs()) { - const StringRegion *S = cast(MRV->getRegion()); - - // Treat the string as a lazy compound value. - StoreRef store(B.asStore(), *this); - nonloc::LazyCompoundVal LCV = svalBuilder.makeLazyCompoundVal(store, S) - .castAs(); - return bindAggregate(B, R, LCV); + SVal V = getBinding(B.asStore(), *MRV, R->getValueType()); + return bindAggregate(B, R, V); } // Handle lazy compound values. Index: test/Analysis/compound-literals.c =================================================================== --- /dev/null +++ test/Analysis/compound-literals.c @@ -0,0 +1,9 @@ +// RUN: %clang_cc1 -triple=i386-apple-darwin10 -analyze -analyzer-checker=debug.ExprInspection -verify %s +void clang_analyzer_eval(int); + +// pr28449: Used to crash. +void foo(void) { + static const unsigned short array[] = (const unsigned short[]){0x0F00}; + // FIXME: Should be true. + clang_analyzer_eval(array[0] == 0x0F00); // expected-warning{{UNKNOWN}} +} Index: test/Analysis/objc-encode.m =================================================================== --- /dev/null +++ test/Analysis/objc-encode.m @@ -0,0 +1,9 @@ +// RUN: %clang_cc1 -analyze -analyzer-checker=debug.ExprInspection -verify %s +// expected-no-diagnostics + +void clang_analyzer_eval(int); + +// rdar://problem/34831581: Used to crash. +void foo(void) { + char buf1[] = @encode(int **); +}