| Daniel Dunbar | d7d5f02 | 2009-03-24 02:24:46 +0000 | [diff] [blame] | 1 | // RUN: clang-cc -analyze -checker-simple -analyzer-store=basic -analyzer-constraints=basic -verify %s && |
| 2 | // RUN: clang-cc -analyze -checker-cfref -analyzer-store=basic -analyzer-constraints=basic -verify %s && |
| Ted Kremenek | f936f45 | 2009-05-04 06:18:28 +0000 | [diff] [blame] | 3 | // RUN: clang-cc -analyze -checker-cfref -analyzer-store=basic -analyzer-constraints=range -verify %s |
| 4 | |
| 5 | // RegionStore now has an infinite recursion with this test case. |
| 6 | // NOWORK: clang-cc -analyze -checker-cfref -analyzer-store=region -analyzer-constraints=basic -verify %s && |
| 7 | // NOWORK: clang-cc -analyze -checker-cfref -analyzer-store=region -analyzer-constraints=range -verify %s |
| Zhongxing Xu | ef8b28e | 2008-10-17 05:19:52 +0000 | [diff] [blame] | 8 | |
| Zhongxing Xu | 72e1682 | 2008-10-24 08:51:58 +0000 | [diff] [blame] | 9 | struct s { |
| 10 | int data; |
| 11 | int data_array[10]; |
| 12 | }; |
| Zhongxing Xu | ef8b28e | 2008-10-17 05:19:52 +0000 | [diff] [blame] | 13 | |
| Zhongxing Xu | 234a7d2 | 2008-10-27 09:19:25 +0000 | [diff] [blame] | 14 | typedef struct { |
| 15 | int data; |
| 16 | } STYPE; |
| 17 | |
| Zhongxing Xu | 9184412 | 2009-05-20 09:18:48 +0000 | [diff] [blame] | 18 | void g(char *p); |
| Zhongxing Xu | 04b90bc | 2008-11-02 13:17:44 +0000 | [diff] [blame] | 19 | void g1(struct s* p); |
| 20 | |
| Zhongxing Xu | 661fc39 | 2008-11-25 01:45:11 +0000 | [diff] [blame] | 21 | // Array to pointer conversion. Array in the struct field. |
| Zhongxing Xu | ef8b28e | 2008-10-17 05:19:52 +0000 | [diff] [blame] | 22 | void f(void) { |
| 23 | int a[10]; |
| 24 | int (*p)[10]; |
| 25 | p = &a; |
| 26 | (*p)[3] = 1; |
| 27 | |
| 28 | struct s d; |
| 29 | struct s *q; |
| 30 | q = &d; |
| Zhongxing Xu | 72e1682 | 2008-10-24 08:51:58 +0000 | [diff] [blame] | 31 | q->data = 3; |
| 32 | d.data_array[9] = 17; |
| Zhongxing Xu | ef8b28e | 2008-10-17 05:19:52 +0000 | [diff] [blame] | 33 | } |
| Zhongxing Xu | 2e97120 | 2008-10-25 14:11:23 +0000 | [diff] [blame] | 34 | |
| Zhongxing Xu | 661fc39 | 2008-11-25 01:45:11 +0000 | [diff] [blame] | 35 | // StringLiteral in lvalue context and pointer to array type. |
| 36 | // p: ElementRegion, q: StringRegion |
| Zhongxing Xu | 2e97120 | 2008-10-25 14:11:23 +0000 | [diff] [blame] | 37 | void f2() { |
| 38 | char *p = "/usr/local"; |
| 39 | char (*q)[4]; |
| 40 | q = &"abc"; |
| 41 | } |
| Zhongxing Xu | 234a7d2 | 2008-10-27 09:19:25 +0000 | [diff] [blame] | 42 | |
| Zhongxing Xu | 661fc39 | 2008-11-25 01:45:11 +0000 | [diff] [blame] | 43 | // Typedef'ed struct definition. |
| Zhongxing Xu | 234a7d2 | 2008-10-27 09:19:25 +0000 | [diff] [blame] | 44 | void f3() { |
| 45 | STYPE s; |
| 46 | } |
| Zhongxing Xu | df2aa1e | 2008-10-31 10:23:14 +0000 | [diff] [blame] | 47 | |
| Zhongxing Xu | 661fc39 | 2008-11-25 01:45:11 +0000 | [diff] [blame] | 48 | // Initialize array with InitExprList. |
| Zhongxing Xu | df2aa1e | 2008-10-31 10:23:14 +0000 | [diff] [blame] | 49 | void f4() { |
| 50 | int a[] = { 1, 2, 3}; |
| 51 | int b[3] = { 1, 2 }; |
| Zhongxing Xu | b61f49c | 2009-01-23 10:23:13 +0000 | [diff] [blame] | 52 | struct s c[] = {{1,{1}}}; |
| Zhongxing Xu | df2aa1e | 2008-10-31 10:23:14 +0000 | [diff] [blame] | 53 | } |
| Zhongxing Xu | 04b90bc | 2008-11-02 13:17:44 +0000 | [diff] [blame] | 54 | |
| Zhongxing Xu | 661fc39 | 2008-11-25 01:45:11 +0000 | [diff] [blame] | 55 | // Struct variable in lvalue context. |
| Zhongxing Xu | 5834ed6 | 2009-01-13 01:49:57 +0000 | [diff] [blame] | 56 | // Assign UnknownVal to the whole struct. |
| Zhongxing Xu | 04b90bc | 2008-11-02 13:17:44 +0000 | [diff] [blame] | 57 | void f5() { |
| 58 | struct s data; |
| 59 | g1(&data); |
| 60 | } |
| Zhongxing Xu | b670133 | 2008-11-13 07:59:15 +0000 | [diff] [blame] | 61 | |
| Zhongxing Xu | 661fc39 | 2008-11-25 01:45:11 +0000 | [diff] [blame] | 62 | // AllocaRegion test. |
| Zhongxing Xu | b670133 | 2008-11-13 07:59:15 +0000 | [diff] [blame] | 63 | void f6() { |
| 64 | char *p; |
| 65 | p = __builtin_alloca(10); |
| Zhongxing Xu | 9184412 | 2009-05-20 09:18:48 +0000 | [diff] [blame] | 66 | g(p); |
| 67 | char c = *p; |
| Zhongxing Xu | b670133 | 2008-11-13 07:59:15 +0000 | [diff] [blame] | 68 | p[1] = 'a'; |
| Zhongxing Xu | 2acc399 | 2009-05-20 09:03:10 +0000 | [diff] [blame] | 69 | // Test if RegionStore::EvalBinOp converts the alloca region to element |
| 70 | // region. |
| Zhongxing Xu | 262fd03 | 2009-05-20 09:00:16 +0000 | [diff] [blame] | 71 | p += 2; |
| Zhongxing Xu | b670133 | 2008-11-13 07:59:15 +0000 | [diff] [blame] | 72 | } |
| Zhongxing Xu | fb75b25 | 2008-11-13 08:44:52 +0000 | [diff] [blame] | 73 | |
| 74 | struct s2; |
| 75 | |
| 76 | void g2(struct s2 *p); |
| 77 | |
| Zhongxing Xu | 661fc39 | 2008-11-25 01:45:11 +0000 | [diff] [blame] | 78 | // Incomplete struct pointer used as function argument. |
| Zhongxing Xu | fb75b25 | 2008-11-13 08:44:52 +0000 | [diff] [blame] | 79 | void f7() { |
| 80 | struct s2 *p = __builtin_alloca(10); |
| 81 | g2(p); |
| 82 | } |
| Zhongxing Xu | 26134a1 | 2008-11-13 09:20:05 +0000 | [diff] [blame] | 83 | |
| Zhongxing Xu | 661fc39 | 2008-11-25 01:45:11 +0000 | [diff] [blame] | 84 | // sizeof() is unsigned while -1 is signed in array index. |
| Zhongxing Xu | 26134a1 | 2008-11-13 09:20:05 +0000 | [diff] [blame] | 85 | void f8() { |
| 86 | int a[10]; |
| Zhongxing Xu | 33d7cbf | 2008-11-24 23:45:56 +0000 | [diff] [blame] | 87 | a[sizeof(a)/sizeof(int) - 1] = 1; // no-warning |
| Zhongxing Xu | 26134a1 | 2008-11-13 09:20:05 +0000 | [diff] [blame] | 88 | } |
| Zhongxing Xu | 617ff31 | 2008-11-18 13:30:46 +0000 | [diff] [blame] | 89 | |
| Zhongxing Xu | 661fc39 | 2008-11-25 01:45:11 +0000 | [diff] [blame] | 90 | // Initialization of struct array elements. |
| Zhongxing Xu | 617ff31 | 2008-11-18 13:30:46 +0000 | [diff] [blame] | 91 | void f9() { |
| 92 | struct s a[10]; |
| 93 | } |
| Zhongxing Xu | 27cae9e | 2008-11-30 05:51:19 +0000 | [diff] [blame] | 94 | |
| 95 | // Initializing array with string literal. |
| 96 | void f10() { |
| 97 | char a1[4] = "abc"; |
| Zhongxing Xu | 27cae9e | 2008-11-30 05:51:19 +0000 | [diff] [blame] | 98 | char a3[6] = "abc"; |
| 99 | } |
| Zhongxing Xu | 562c4d9 | 2009-01-23 11:22:12 +0000 | [diff] [blame] | 100 | |
| 101 | // Retrieve the default value of element/field region. |
| 102 | void f11() { |
| 103 | struct s a; |
| Zhongxing Xu | 9184412 | 2009-05-20 09:18:48 +0000 | [diff] [blame] | 104 | g1(&a); |
| Zhongxing Xu | 562c4d9 | 2009-01-23 11:22:12 +0000 | [diff] [blame] | 105 | if (a.data == 0) // no-warning |
| 106 | a.data = 1; |
| 107 | } |
| Zhongxing Xu | 3450a55 | 2009-02-19 08:42:43 +0000 | [diff] [blame] | 108 | |
| 109 | // Convert unsigned offset to signed when creating ElementRegion from |
| 110 | // SymbolicRegion. |
| 111 | void f12(int *list) { |
| 112 | unsigned i = 0; |
| 113 | list[i] = 1; |
| 114 | } |
| Zhongxing Xu | c57bc59 | 2009-03-18 02:07:30 +0000 | [diff] [blame] | 115 | |
| 116 | struct s1 { |
| 117 | struct s2 { |
| 118 | int d; |
| 119 | } e; |
| 120 | }; |
| 121 | |
| 122 | // The binding of a.e.d should not be removed. Test recursive subregion map |
| 123 | // building: a->e, e->d. Only then 'a' could be added to live region roots. |
| 124 | void f13(double timeout) { |
| 125 | struct s1 a; |
| 126 | a.e.d = (long) timeout; |
| 127 | if (a.e.d == 10) |
| 128 | a.e.d = 4; |
| 129 | } |
| Zhongxing Xu | 3e001f3 | 2009-05-03 00:27:40 +0000 | [diff] [blame] | 130 | |
| 131 | struct s3 { |
| 132 | int a[2]; |
| 133 | }; |
| 134 | |
| 135 | static struct s3 opt; |
| 136 | |
| 137 | // Test if the embedded array is retrieved correctly. |
| 138 | void f14() { |
| 139 | struct s3 my_opt = opt; |
| 140 | } |
| Zhongxing Xu | 264e937 | 2009-05-12 10:10:00 +0000 | [diff] [blame] | 141 | |
| 142 | void bar(int*); |
| 143 | |
| 144 | // Test if the array is correctly invalidated. |
| 145 | void f15() { |
| 146 | int a[10]; |
| 147 | bar(a); |
| 148 | if (a[1]) // no-warning |
| 149 | 1; |
| 150 | } |