From b120ff1b954cf1cc2e9cc4bc5d8118f92162f85d Mon Sep 17 00:00:00 2001
From: Ted Kremenek <kremenek@apple.com>
Date: Wed, 21 May 2008 15:48:33 +0000
Subject: [PATCH] Fixed bug in the transfer function for dereferences: the
 loaded value from EvalLoad should bind to the UnaryOperator*, not its
 subexpression.

Added test case to exercise this fix when checking for uses of uninitialized values.

Patch by Zhongxing Xu!

llvm-svn: 51377
---
 clang/lib/Analysis/GRExprEngine.cpp  | 2 +-
 clang/test/Analysis/uninit-vals-ps.c | 8 ++++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/clang/lib/Analysis/GRExprEngine.cpp b/clang/lib/Analysis/GRExprEngine.cpp
index 71d7ed340355..ce64875797c6 100644
--- a/clang/lib/Analysis/GRExprEngine.cpp
+++ b/clang/lib/Analysis/GRExprEngine.cpp
@@ -1596,7 +1596,7 @@ void GRExprEngine::VisitUnaryOperator(UnaryOperator* U, NodeTy* Pred,
         if (asLVal)
           MakeNode(Dst, U, *I, SetRVal(St, U, location));
         else
-          EvalLoad(Dst, Ex, *I, St, location);
+          EvalLoad(Dst, U, *I, St, location);
       } 
 
       return;
diff --git a/clang/test/Analysis/uninit-vals-ps.c b/clang/test/Analysis/uninit-vals-ps.c
index 503ab1abbccf..707f78a96bd4 100644
--- a/clang/test/Analysis/uninit-vals-ps.c
+++ b/clang/test/Analysis/uninit-vals-ps.c
@@ -33,3 +33,11 @@ int f2_b() {
   return ((x+1)+2+((x))) + 1 ? 1 : 2; // expected-warning{{Branch}}
 }
 
+int f3(void) {
+  int i;
+  int *p = &i;
+  if (*p > 0) // expected-warning{{Branch condition evaluates to an uninitialized value}}
+    return 0;
+  else
+    return 1;
+}