[analyzer] Don't try to simplify mixed Loc/NonLoc expressions.

This fix is similar to r337769 and addresses a regression caused by r337167.

When an operation between a nonloc::LocAsInteger and a non-pointer symbol
is performed, the LocAsInteger-specific part of information is lost.
When the non-pointer symbol is collapsing into a constant, we cannot easily
re-evaluate the result, because we need to recover the missing
LocAsInteger-specific information (eg., integer type, or the very fact that
this pointer was at some point converted to an integer).

Add one more defensive check to prevent crashes on trying to simplify a
SymSymExpr with different Loc-ness of operands.

Differential Revision: 

llvm-svn: 338420

Author: haoNoQ

clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp

@@ -1291,6 +1291,17 @@ SVal SimpleSValBuilder::simplifySVal(ProgramStateRef State, SVal V) {
       if (I != Cached.end())
         return I->second;
 
+      // For now don't try to simplify mixed Loc/NonLoc expressions
+      // because they often appear from LocAsInteger operations
+      // and we don't know how to combine a LocAsInteger
+      // with a concrete value.
+      if (Loc::isLocType(S->getLHS()->getType()) !=
+          Loc::isLocType(S->getRHS()->getType())) {
+        SVal V = SVB.makeSymbolVal(S);
+        Cached[S] = V;
+        return V;
+      }
+
       SVal LHS = Visit(S->getLHS());
       SVal RHS = Visit(S->getRHS());
       if (isUnchanged(S->getLHS(), LHS) && isUnchanged(S->getRHS(), RHS)) {

clang/test/Analysis/casts.c

@@ -175,3 +175,10 @@ void testCastVoidPtrToIntPtrThroughUIntTypedAssignment() {
 void testLocNonLocSymbolAssume(int a, int *b) {
   if ((int)b < a) {} // no-crash
 }
+
+void testLocNonLocSymbolRemainder(int a, int *b) {
+  int c = ((int)b) % a;
+  if (a == 1) {
+    c += 1;
+  }
+}