[cfe-dev] fix for Clang PR 8419

[Zhanyong Wan (λx.x x)]

Hi Ted,

> Concerning ++s[0], the code that simulates pre/post-increment in
> GRExprEngine needs to be modified to understand reference types.  It assumes
> now that the result of ++s[0] is an r-value, which is the result of doing a
> load from s[0] after it's value has been incremented.

I'm not sure this is the case.  Given code:

class Foo {
 public:
  char& get() const;
};

char& get();

void Test() {
  Foo foo;
  foo.get()++;
  get()++;  // Crashes.
}

'clang --analyze' has no trouble with "foo.get()++" but crashes on
"get()++", so the culprit seems to be in how CallExpr (as opposed to
CXXMethodCallExpr) is handled.

While debugging this, I saw one thing that I don't understand:

GRExprEngine::ProcessStmt() calls Visit() as opposed to VisitLValue()
when processing the "foo.get()" subexpression of "foo.get()++".
  Is this right or a bug?  My understanding is that "foo.get()" is an
L-value and thus should be handled by VisitLValue() -- what am I
missing?  Thanks,

-- 
Zhanyong