Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / clang / 70d38f3179251bb3e7253a52bf54f8fa2314590a / . / test / Analysis / reference.cpp
blob: ce0ee8ed57d07139335319c299e0f927e8cec154 [file] [log] [blame]
// RUN: %clang_cc1 -analyze -analyzer-checker=core,alpha.core,debug.ExprInspection -analyzer-store=region -analyzer-constraints=range -verify -Wno-null-dereference %s
void clang_analyzer_eval(bool);
typedef typeof(sizeof(int)) size_t;
void malloc (size_t);
void f1() {
int const &i = 3;
int b = i;
int *p = 0;
if (b != 3)
*p = 1; // no-warning
}
char* ptr();
char& ref();
// These next two tests just shouldn't crash.
char t1 () {
ref() = 'c';
return '0';
}
// just a sanity test, the same behavior as t1()
char t2 () {
*ptr() = 'c';
return '0';
}
// Each of the tests below is repeated with pointers as well as references.
// This is mostly a sanity check, but then again, both should work!
char t3 () {
char& r = ref();
r = 'c'; // no-warning
if (r) return r;
return *(char*)0; // no-warning
}
char t4 () {
char* p = ptr();
*p = 'c'; // no-warning
if (*p) return *p;
return *(char*)0; // no-warning
}
char t5 (char& r) {
r = 'c'; // no-warning
if (r) return r;
return *(char*)0; // no-warning
}
char t6 (char* p) {
*p = 'c'; // no-warning
if (*p) return *p;
return *(char*)0; // no-warning
}
// PR13440 / <rdar://problem/11977113>
// Test that the array-to-pointer decay works for array references as well.
// More generally, when we want an lvalue for a reference field, we still need
// to do one level of load.
namespace PR13440 {
typedef int T[1];
struct S {
T &x;
int *m() { return x; }
};
struct S2 {
int (&x)[1];
int *m() { return x; }
};
void test() {
int a[1];
S s = { a };
S2 s2 = { a };
if (s.x != a) return;
if (s2.x != a) return;
a[0] = 42;
clang_analyzer_eval(s.x[0] == 42); // expected-warning{{TRUE}}
clang_analyzer_eval(s2.x[0] == 42); // expected-warning{{TRUE}}
}
}
void testNullReference() {
int *x = 0;
int &y = *x; // expected-warning{{Dereference of null pointer}}
y = 5;
}
void testRetroactiveNullReference(int *x) {
// According to the C++ standard, there is no such thing as a
// "null reference". So the 'if' statement ought to be dead code.
// However, Clang (and other compilers) don't actually check that a pointer
// value is non-null in the implementation of references, so it is possible
// to produce a supposed "null reference" at runtime. The analyzer shoeuld
// still warn when it can prove such errors.
int &y = *x;
if (x != 0)
return;
y = 5; // expected-warning{{Dereference of null pointer}}
}
void testReferenceAddress(int &x) {
clang_analyzer_eval(&x != 0); // expected-warning{{TRUE}}
clang_analyzer_eval(&ref() != 0); // expected-warning{{TRUE}}
struct S { int &x; };
extern S getS();
clang_analyzer_eval(&getS().x != 0); // expected-warning{{TRUE}}
extern S *getSP();
clang_analyzer_eval(&getSP()->x != 0); // expected-warning{{TRUE}}
}
void testFunctionPointerReturn(void *opaque) {
typedef int &(*RefFn)();
RefFn getRef = (RefFn)opaque;
// Don't crash writing to or reading from this reference.
int &x = getRef();
x = 42;
clang_analyzer_eval(x == 42); // expected-warning{{TRUE}}
}
// ------------------------------------
// False negatives
// ------------------------------------
namespace rdar11212286 {
class B{};
B test() {
B *x = 0;
return *x; // should warn here!
}
B &testRef() {
B *x = 0;
return *x; // should warn here!
}
}