Index: lib/StaticAnalyzer/Core/CallEvent.cpp =================================================================== --- lib/StaticAnalyzer/Core/CallEvent.cpp +++ lib/StaticAnalyzer/Core/CallEvent.cpp @@ -387,23 +387,24 @@ RuntimeDefinition AnyFunctionCall::getRuntimeDefinition() const { const FunctionDecl *FD = getDecl(); + if (!FD) + return {}; + // Note that the AnalysisDeclContext will have the FunctionDecl with // the definition (if one exists). - if (FD) { - AnalysisDeclContext *AD = - getLocationContext()->getAnalysisDeclContext()-> - getManager()->getContext(FD); - bool IsAutosynthesized; - Stmt* Body = AD->getBody(IsAutosynthesized); - DEBUG({ - if (IsAutosynthesized) - llvm::dbgs() << "Using autosynthesized body for " << FD->getName() - << "\n"; - }); - if (Body) { - const Decl* Decl = AD->getDecl(); - return RuntimeDefinition(Decl); - } + AnalysisDeclContext *AD = + getLocationContext()->getAnalysisDeclContext()-> + getManager()->getContext(FD); + bool IsAutosynthesized; + Stmt* Body = AD->getBody(IsAutosynthesized); + DEBUG({ + if (IsAutosynthesized) + llvm::dbgs() << "Using autosynthesized body for " << FD->getName() + << "\n"; + }); + if (Body) { + const Decl* Decl = AD->getDecl(); + return RuntimeDefinition(Decl); } SubEngine *Engine = getState()->getStateManager().getOwningEngine(); @@ -411,7 +412,7 @@ // Try to get CTU definition only if CTUDir is provided. if (!Opts.naiveCTUEnabled()) - return RuntimeDefinition(); + return {}; cross_tu::CrossTranslationUnitContext &CTUCtx = *Engine->getCrossTranslationUnitContext(); Index: test/Analysis/undef-call.c =================================================================== --- test/Analysis/undef-call.c +++ test/Analysis/undef-call.c @@ -0,0 +1,14 @@ +// RUN: %clang_cc1 -fsyntax-only -analyze -analyzer-checker=debug.ExprInspection -analyzer-config experimental-enable-naive-ctu-analysis=true -analyzer-config ctu-dir=%T/ctudir -verify %s +// expected-no-diagnostics + +struct S { + void (*fp)(); +}; + +int main() { + struct S s; + // This will cause the analyzer to look for a function definition that has + // no FunctionDecl. It used to cause a crash in AnyFunctionCall::getRuntimeDefinition. + // It would only occur when CTU analysis is enabled. + s.fp(); +}