| Daniel Dunbar | ffd408a | 2009-03-24 02:24:46 +0000 | [diff] [blame] | 1 | // RUN: clang-cc -analyze -checker-simple -analyzer-store=basic -analyzer-constraints=basic -verify %s && |
| 2 | // RUN: clang-cc -analyze -checker-cfref -analyzer-store=basic -analyzer-constraints=basic -verify %s && |
| Ted Kremenek | af81ece | 2009-05-04 06:18:28 +0000 | [diff] [blame] | 3 | // RUN: clang-cc -analyze -checker-cfref -analyzer-store=basic -analyzer-constraints=range -verify %s |
| 4 | |
| 5 | // RegionStore now has an infinite recursion with this test case. |
| 6 | // NOWORK: clang-cc -analyze -checker-cfref -analyzer-store=region -analyzer-constraints=basic -verify %s && |
| 7 | // NOWORK: clang-cc -analyze -checker-cfref -analyzer-store=region -analyzer-constraints=range -verify %s |
| Zhongxing Xu | bcec9d5 | 2008-10-17 05:19:52 +0000 | [diff] [blame] | 8 | |
| Zhongxing Xu | 84b043e | 2008-10-24 08:51:58 +0000 | [diff] [blame] | 9 | struct s { |
| 10 | int data; |
| 11 | int data_array[10]; |
| 12 | }; |
| Zhongxing Xu | bcec9d5 | 2008-10-17 05:19:52 +0000 | [diff] [blame] | 13 | |
| Zhongxing Xu | 305ea6c | 2008-10-27 09:19:25 +0000 | [diff] [blame] | 14 | typedef struct { |
| 15 | int data; |
| 16 | } STYPE; |
| 17 | |
| Zhongxing Xu | 29c87a2 | 2008-11-02 13:17:44 +0000 | [diff] [blame] | 18 | void g1(struct s* p); |
| 19 | |
| Zhongxing Xu | cb9ca8d | 2008-11-25 01:45:11 +0000 | [diff] [blame] | 20 | // Array to pointer conversion. Array in the struct field. |
| Zhongxing Xu | bcec9d5 | 2008-10-17 05:19:52 +0000 | [diff] [blame] | 21 | void f(void) { |
| 22 | int a[10]; |
| 23 | int (*p)[10]; |
| 24 | p = &a; |
| 25 | (*p)[3] = 1; |
| 26 | |
| 27 | struct s d; |
| 28 | struct s *q; |
| 29 | q = &d; |
| Zhongxing Xu | 84b043e | 2008-10-24 08:51:58 +0000 | [diff] [blame] | 30 | q->data = 3; |
| 31 | d.data_array[9] = 17; |
| Zhongxing Xu | bcec9d5 | 2008-10-17 05:19:52 +0000 | [diff] [blame] | 32 | } |
| Zhongxing Xu | bbef705 | 2008-10-25 14:11:23 +0000 | [diff] [blame] | 33 | |
| Zhongxing Xu | cb9ca8d | 2008-11-25 01:45:11 +0000 | [diff] [blame] | 34 | // StringLiteral in lvalue context and pointer to array type. |
| 35 | // p: ElementRegion, q: StringRegion |
| Zhongxing Xu | bbef705 | 2008-10-25 14:11:23 +0000 | [diff] [blame] | 36 | void f2() { |
| 37 | char *p = "/usr/local"; |
| 38 | char (*q)[4]; |
| 39 | q = &"abc"; |
| 40 | } |
| Zhongxing Xu | 305ea6c | 2008-10-27 09:19:25 +0000 | [diff] [blame] | 41 | |
| Zhongxing Xu | cb9ca8d | 2008-11-25 01:45:11 +0000 | [diff] [blame] | 42 | // Typedef'ed struct definition. |
| Zhongxing Xu | 305ea6c | 2008-10-27 09:19:25 +0000 | [diff] [blame] | 43 | void f3() { |
| 44 | STYPE s; |
| 45 | } |
| Zhongxing Xu | aeef061 | 2008-10-31 10:23:14 +0000 | [diff] [blame] | 46 | |
| Zhongxing Xu | cb9ca8d | 2008-11-25 01:45:11 +0000 | [diff] [blame] | 47 | // Initialize array with InitExprList. |
| Zhongxing Xu | aeef061 | 2008-10-31 10:23:14 +0000 | [diff] [blame] | 48 | void f4() { |
| 49 | int a[] = { 1, 2, 3}; |
| 50 | int b[3] = { 1, 2 }; |
| Zhongxing Xu | f84c31b | 2009-01-23 10:23:13 +0000 | [diff] [blame] | 51 | struct s c[] = {{1,{1}}}; |
| Zhongxing Xu | aeef061 | 2008-10-31 10:23:14 +0000 | [diff] [blame] | 52 | } |
| Zhongxing Xu | 29c87a2 | 2008-11-02 13:17:44 +0000 | [diff] [blame] | 53 | |
| Zhongxing Xu | cb9ca8d | 2008-11-25 01:45:11 +0000 | [diff] [blame] | 54 | // Struct variable in lvalue context. |
| Zhongxing Xu | 85adc92 | 2009-01-13 01:49:57 +0000 | [diff] [blame] | 55 | // Assign UnknownVal to the whole struct. |
| Zhongxing Xu | 29c87a2 | 2008-11-02 13:17:44 +0000 | [diff] [blame] | 56 | void f5() { |
| 57 | struct s data; |
| 58 | g1(&data); |
| 59 | } |
| Zhongxing Xu | 05ce9aa | 2008-11-13 07:59:15 +0000 | [diff] [blame] | 60 | |
| Zhongxing Xu | cb9ca8d | 2008-11-25 01:45:11 +0000 | [diff] [blame] | 61 | // AllocaRegion test. |
| Zhongxing Xu | 05ce9aa | 2008-11-13 07:59:15 +0000 | [diff] [blame] | 62 | void f6() { |
| 63 | char *p; |
| 64 | p = __builtin_alloca(10); |
| 65 | p[1] = 'a'; |
| Zhongxing Xu | faacaf3 | 2009-05-20 09:03:10 +0000 | [diff] [blame^] | 66 | // Test if RegionStore::EvalBinOp converts the alloca region to element |
| 67 | // region. |
| Zhongxing Xu | c890e33 | 2009-05-20 09:00:16 +0000 | [diff] [blame] | 68 | p += 2; |
| Zhongxing Xu | 05ce9aa | 2008-11-13 07:59:15 +0000 | [diff] [blame] | 69 | } |
| Zhongxing Xu | 54f2e18 | 2008-11-13 08:44:52 +0000 | [diff] [blame] | 70 | |
| 71 | struct s2; |
| 72 | |
| 73 | void g2(struct s2 *p); |
| 74 | |
| Zhongxing Xu | cb9ca8d | 2008-11-25 01:45:11 +0000 | [diff] [blame] | 75 | // Incomplete struct pointer used as function argument. |
| Zhongxing Xu | 54f2e18 | 2008-11-13 08:44:52 +0000 | [diff] [blame] | 76 | void f7() { |
| 77 | struct s2 *p = __builtin_alloca(10); |
| 78 | g2(p); |
| 79 | } |
| Zhongxing Xu | 5950112 | 2008-11-13 09:20:05 +0000 | [diff] [blame] | 80 | |
| Zhongxing Xu | cb9ca8d | 2008-11-25 01:45:11 +0000 | [diff] [blame] | 81 | // sizeof() is unsigned while -1 is signed in array index. |
| Zhongxing Xu | 5950112 | 2008-11-13 09:20:05 +0000 | [diff] [blame] | 82 | void f8() { |
| 83 | int a[10]; |
| Zhongxing Xu | 150824e | 2008-11-24 23:45:56 +0000 | [diff] [blame] | 84 | a[sizeof(a)/sizeof(int) - 1] = 1; // no-warning |
| Zhongxing Xu | 5950112 | 2008-11-13 09:20:05 +0000 | [diff] [blame] | 85 | } |
| Zhongxing Xu | aeb9cc9 | 2008-11-18 13:30:46 +0000 | [diff] [blame] | 86 | |
| Zhongxing Xu | cb9ca8d | 2008-11-25 01:45:11 +0000 | [diff] [blame] | 87 | // Initialization of struct array elements. |
| Zhongxing Xu | aeb9cc9 | 2008-11-18 13:30:46 +0000 | [diff] [blame] | 88 | void f9() { |
| 89 | struct s a[10]; |
| 90 | } |
| Zhongxing Xu | c8f73c5 | 2008-11-30 05:51:19 +0000 | [diff] [blame] | 91 | |
| 92 | // Initializing array with string literal. |
| 93 | void f10() { |
| 94 | char a1[4] = "abc"; |
| Zhongxing Xu | c8f73c5 | 2008-11-30 05:51:19 +0000 | [diff] [blame] | 95 | char a3[6] = "abc"; |
| 96 | } |
| Zhongxing Xu | 9923499 | 2009-01-23 11:22:12 +0000 | [diff] [blame] | 97 | |
| 98 | // Retrieve the default value of element/field region. |
| 99 | void f11() { |
| 100 | struct s a; |
| 101 | g(&a); |
| 102 | if (a.data == 0) // no-warning |
| 103 | a.data = 1; |
| 104 | } |
| Zhongxing Xu | 002839e | 2009-02-19 08:42:43 +0000 | [diff] [blame] | 105 | |
| 106 | // Convert unsigned offset to signed when creating ElementRegion from |
| 107 | // SymbolicRegion. |
| 108 | void f12(int *list) { |
| 109 | unsigned i = 0; |
| 110 | list[i] = 1; |
| 111 | } |
| Zhongxing Xu | 52e23d6 | 2009-03-18 02:07:30 +0000 | [diff] [blame] | 112 | |
| 113 | struct s1 { |
| 114 | struct s2 { |
| 115 | int d; |
| 116 | } e; |
| 117 | }; |
| 118 | |
| 119 | // The binding of a.e.d should not be removed. Test recursive subregion map |
| 120 | // building: a->e, e->d. Only then 'a' could be added to live region roots. |
| 121 | void f13(double timeout) { |
| 122 | struct s1 a; |
| 123 | a.e.d = (long) timeout; |
| 124 | if (a.e.d == 10) |
| 125 | a.e.d = 4; |
| 126 | } |
| Zhongxing Xu | 0aca424 | 2009-05-03 00:27:40 +0000 | [diff] [blame] | 127 | |
| 128 | struct s3 { |
| 129 | int a[2]; |
| 130 | }; |
| 131 | |
| 132 | static struct s3 opt; |
| 133 | |
| 134 | // Test if the embedded array is retrieved correctly. |
| 135 | void f14() { |
| 136 | struct s3 my_opt = opt; |
| 137 | } |
| Zhongxing Xu | 35edd9a | 2009-05-12 10:10:00 +0000 | [diff] [blame] | 138 | |
| 139 | void bar(int*); |
| 140 | |
| 141 | // Test if the array is correctly invalidated. |
| 142 | void f15() { |
| 143 | int a[10]; |
| 144 | bar(a); |
| 145 | if (a[1]) // no-warning |
| 146 | 1; |
| 147 | } |