| Ted Kremenek | e1cea75 | 2009-07-06 21:58:46 +0000 | [diff] [blame] | 1 | // RUN: clang-cc -analyze -checker-cfref -analyzer-store=basic -verify %s && |
| Daniel Dunbar | d7d5f02 | 2009-03-24 02:24:46 +0000 | [diff] [blame] | 2 | // RUN: clang-cc -analyze -checker-cfref -analyzer-store=region -verify %s |
| Ted Kremenek | 43ae4b0 | 2008-04-24 18:28:14 +0000 | [diff] [blame] | 3 | |
| 4 | struct FPRec { |
| 5 | void (*my_func)(int * x); |
| 6 | }; |
| 7 | |
| 8 | int bar(int x); |
| 9 | |
| 10 | int f1_a(struct FPRec* foo) { |
| 11 | int x; |
| 12 | (*foo->my_func)(&x); |
| 13 | return bar(x)+1; // no-warning |
| 14 | } |
| 15 | |
| 16 | int f1_b() { |
| 17 | int x; |
| Douglas Gregor | ed8a93d | 2009-03-01 17:12:46 +0000 | [diff] [blame] | 18 | return bar(x)+1; // expected-warning{{Pass-by-value argument in function call is undefined.}} |
| Ted Kremenek | 43ae4b0 | 2008-04-24 18:28:14 +0000 | [diff] [blame] | 19 | } |
| Ted Kremenek | 5c454ab | 2008-05-05 15:56:53 +0000 | [diff] [blame] | 20 | |
| 21 | int f2() { |
| 22 | |
| 23 | int x; |
| 24 | |
| Ted Kremenek | 5b9bd21 | 2009-09-11 22:07:28 +0000 | [diff] [blame^] | 25 | if (x+1) // expected-warning{{The left operand of the '+' expression is an undefined or otherwise garbage value}} |
| Ted Kremenek | 5c454ab | 2008-05-05 15:56:53 +0000 | [diff] [blame] | 26 | return 1; |
| 27 | |
| 28 | return 2; |
| 29 | } |
| 30 | |
| 31 | int f2_b() { |
| 32 | int x; |
| 33 | |
| Ted Kremenek | 5b9bd21 | 2009-09-11 22:07:28 +0000 | [diff] [blame^] | 34 | return ((1+x)+2+((x))) + 1 ? 1 : 2; // expected-warning{{The right operand of the '+' expression is an undefined or otherwise garbage value}} |
| Ted Kremenek | 5c454ab | 2008-05-05 15:56:53 +0000 | [diff] [blame] | 35 | } |
| 36 | |
| Ted Kremenek | 5c96c27 | 2008-05-21 15:48:33 +0000 | [diff] [blame] | 37 | int f3(void) { |
| 38 | int i; |
| 39 | int *p = &i; |
| Ted Kremenek | 5b9bd21 | 2009-09-11 22:07:28 +0000 | [diff] [blame^] | 40 | if (*p > 0) // expected-warning{{The left operand of the '>' expression is an undefined or otherwise garbage value}} |
| Ted Kremenek | 5c96c27 | 2008-05-21 15:48:33 +0000 | [diff] [blame] | 41 | return 0; |
| 42 | else |
| 43 | return 1; |
| 44 | } |
| Zhongxing Xu | 89e8a07 | 2008-11-19 11:10:42 +0000 | [diff] [blame] | 45 | |
| Ted Kremenek | ef77d54 | 2009-04-02 17:25:00 +0000 | [diff] [blame] | 46 | void f4_aux(float* x); |
| 47 | float f4(void) { |
| 48 | float x; |
| 49 | f4_aux(&x); |
| 50 | return x; // no-warning |
| 51 | } |
| 52 | |
| 53 | struct f5_struct { int x; }; |
| 54 | void f5_aux(struct f5_struct* s); |
| 55 | int f5(void) { |
| 56 | struct f5_struct s; |
| 57 | f5_aux(&s); |
| 58 | return s.x; // no-warning |
| 59 | } |
| 60 | |
| Ted Kremenek | 7c68666 | 2008-11-21 00:28:47 +0000 | [diff] [blame] | 61 | int ret_uninit() { |
| 62 | int i; |
| 63 | int *p = &i; |
| Ted Kremenek | 5b9bd21 | 2009-09-11 22:07:28 +0000 | [diff] [blame^] | 64 | return *p; // expected-warning{{Undefined or garbage value returned to caller}} |
| Ted Kremenek | 7c68666 | 2008-11-21 00:28:47 +0000 | [diff] [blame] | 65 | } |
| 66 | |
| Ted Kremenek | 90b3236 | 2008-12-17 19:42:34 +0000 | [diff] [blame] | 67 | // <rdar://problem/6451816> |
| 68 | typedef unsigned char Boolean; |
| 69 | typedef const struct __CFNumber * CFNumberRef; |
| 70 | typedef signed long CFIndex; |
| 71 | typedef CFIndex CFNumberType; |
| 72 | typedef unsigned long UInt32; |
| 73 | typedef UInt32 CFStringEncoding; |
| 74 | typedef const struct __CFString * CFStringRef; |
| 75 | extern Boolean CFNumberGetValue(CFNumberRef number, CFNumberType theType, void *valuePtr); |
| 76 | extern CFStringRef CFStringConvertEncodingToIANACharSetName(CFStringEncoding encoding); |
| 77 | |
| 78 | CFStringRef rdar_6451816(CFNumberRef nr) { |
| 79 | CFStringEncoding encoding; |
| 80 | // &encoding is casted to void*. This test case tests whether or not |
| 81 | // we properly invalidate the value of 'encoding'. |
| 82 | CFNumberGetValue(nr, 9, &encoding); |
| 83 | return CFStringConvertEncodingToIANACharSetName(encoding); // no-warning |
| 84 | } |
| Ted Kremenek | 7c68666 | 2008-11-21 00:28:47 +0000 | [diff] [blame] | 85 | |
| Ted Kremenek | bb97722 | 2009-07-28 19:24:31 +0000 | [diff] [blame] | 86 | // PR 4630 - false warning with nonnull attribute |
| 87 | // This false positive (due to a regression) caused the analyzer to falsely |
| 88 | // flag a "return of uninitialized value" warning in the first branch due to |
| 89 | // the nonnull attribute. |
| 90 | void pr_4630_aux(char *x, int *y) __attribute__ ((nonnull (1))); |
| 91 | void pr_4630_aux_2(char *x, int *y); |
| 92 | int pr_4630(char *a, int y) { |
| 93 | int x; |
| 94 | if (y) { |
| 95 | pr_4630_aux(a, &x); |
| 96 | return x; // no-warning |
| 97 | } |
| 98 | else { |
| 99 | pr_4630_aux_2(a, &x); |
| 100 | return x; // no-warning |
| 101 | } |
| 102 | } |
| 103 | |
| Ted Kremenek | f3bfa21 | 2009-07-28 20:46:55 +0000 | [diff] [blame] | 104 | // PR 4631 - False positive with union initializer |
| 105 | // Previously the analyzer didn't examine the compound initializers of unions, |
| 106 | // resulting in some false positives for initializers with side-effects. |
| 107 | union u_4631 { int a; }; |
| 108 | struct s_4631 { int a; }; |
| 109 | int pr4631_f2(int *p); |
| 110 | int pr4631_f3(void *q); |
| 111 | int pr4631_f1(void) |
| 112 | { |
| 113 | int x; |
| 114 | union u_4631 m = { pr4631_f2(&x) }; |
| 115 | pr4631_f3(&m); // tell analyzer that we use m |
| 116 | return x; // no-warning |
| 117 | } |
| 118 | int pr4631_f1_b(void) |
| 119 | { |
| 120 | int x; |
| 121 | struct s_4631 m = { pr4631_f2(&x) }; |
| 122 | pr4631_f3(&m); // tell analyzer that we use m |
| 123 | return x; // no-warning |
| 124 | } |
| 125 | |