Index: lib/CodeGen/CGExpr.cpp
===================================================================
--- lib/CodeGen/CGExpr.cpp
+++ lib/CodeGen/CGExpr.cpp
@@ -530,6 +530,23 @@
       (TCK == TCK_MemberAccess || TCK == TCK_MemberCall ||
        TCK == TCK_DowncastPointer || TCK == TCK_DowncastReference) &&
       RD && RD->hasDefinition() && RD->isDynamicClass()) {
+
+    llvm::BasicBlock *VptrNullBlock = nullptr;
+    llvm::BasicBlock *VptrNotNullBlock = nullptr;
+
+    // Skip Vptr check instrumentations when the pointer value is null.
+    // FIXME: Add optional flags.
+    if (TCK_DowncastPointer && !SanOpts->Null) {
+      Cond = Builder.CreateICmpNE(
+        Address, llvm::Constant::getNullValue(Address->getType()));
+
+      VptrNullBlock = createBasicBlock("vptr_null");
+      VptrNotNullBlock = createBasicBlock("not.vptr_null");
+
+      Builder.CreateCondBr(Cond, VptrNotNullBlock, VptrNullBlock);
+      EmitBlock(VptrNotNullBlock);
+    }
+
     // Compute a hash of the mangled name of the type.
     //
     // FIXME: This is not guaranteed to be deterministic! Move to a
@@ -577,6 +594,11 @@
     EmitCheck(Builder.CreateICmpEQ(CacheVal, Hash),
               "dynamic_type_cache_miss", StaticData, DynamicData,
               CRK_AlwaysRecoverable);
+
+    if (VptrNullBlock) {
+      Builder.CreateBr(VptrNullBlock);
+      EmitBlock(VptrNullBlock);
+    }
   }
 
   if (Done) {