Index: clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp =================================================================== --- clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp +++ clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp @@ -1441,6 +1441,7 @@ if (!StoreSite) return nullptr; + Satisfied = true; // If we have an expression that provided the value, try to track where it @@ -1802,7 +1803,7 @@ if (ControlDeps.isControlDependent(OriginB, NB)) { // We don't really want to explain for range loops. Evidence suggests that // the only thing that leads to is the addition of calls to operator!=. - if (isa(NB->getTerminator())) + if (llvm::isa_and_nonnull(NB->getTerminatorStmt())) return nullptr; if (const Expr *Condition = NB->getLastCondition()) { Index: clang/lib/StaticAnalyzer/Core/PathDiagnostic.cpp =================================================================== --- clang/lib/StaticAnalyzer/Core/PathDiagnostic.cpp +++ clang/lib/StaticAnalyzer/Core/PathDiagnostic.cpp @@ -761,14 +761,18 @@ return PathDiagnosticLocation( CEB->getLocationContext()->getDecl()->getSourceRange().getEnd(), SMng); } else if (Optional BE = P.getAs()) { - CFGElement BlockFront = BE->getBlock()->front(); - if (auto StmtElt = BlockFront.getAs()) { - return PathDiagnosticLocation(StmtElt->getStmt()->getBeginLoc(), SMng); - } else if (auto NewAllocElt = BlockFront.getAs()) { - return PathDiagnosticLocation( - NewAllocElt->getAllocatorExpr()->getBeginLoc(), SMng); + if (Optional BlockFront = BE->getFirstElement()) { + if (auto StmtElt = BlockFront->getAs()) { + return PathDiagnosticLocation(StmtElt->getStmt()->getBeginLoc(), SMng); + } else if (auto NewAllocElt = BlockFront->getAs()) { + return PathDiagnosticLocation( + NewAllocElt->getAllocatorExpr()->getBeginLoc(), SMng); + } + llvm_unreachable("Unexpected CFG element at front of block"); } - llvm_unreachable("Unexpected CFG element at front of block"); + + return PathDiagnosticLocation( + BE->getBlock()->getTerminatorStmt()->getBeginLoc(), SMng); } else if (Optional FE = P.getAs()) { return PathDiagnosticLocation(FE->getStmt(), SMng, FE->getLocationContext()); Index: clang/test/Analysis/loop-widening.cpp =================================================================== --- /dev/null +++ clang/test/Analysis/loop-widening.cpp @@ -0,0 +1,27 @@ +// RUN: %clang_analyze_cc1 -verify %s \ +// RUN: -analyzer-checker=core \ +// RUN: -analyzer-config widen-loops=true \ +// RUN: -analyzer-config track-conditions=false \ +// RUN: -analyzer-max-loop 2 -analyzer-output=text + +namespace pr43102 { +class A { +public: + void m_fn1(); +}; +bool g; +void fn1() { + A a; + A *b = &a; + + for (;;) { // expected-note{{Loop condition is true. Entering loop body}} + // expected-note@-1{{Loop condition is true. Entering loop body}} + // expected-note@-2{{Value assigned to 'b'}} + // no crash during bug report construction + + g = !b; // expected-note{{Assuming 'b' is null}} + b->m_fn1(); // expected-warning{{Called C++ object pointer is null}} + // expected-note@-1{{Called C++ object pointer is null}} + } +} +} // end of namespace pr43102