Reapply "[analyzer] Added valist related checkers."
Differential Revision: https://reviews.llvm.org/D15227
llvm-svn: 279427
diff --git a/clang/test/Analysis/Inputs/system-header-simulator-for-valist.h b/clang/test/Analysis/Inputs/system-header-simulator-for-valist.h
new file mode 100644
index 0000000..7299b61
--- /dev/null
+++ b/clang/test/Analysis/Inputs/system-header-simulator-for-valist.h
@@ -0,0 +1,30 @@
+// Like the compiler, the static analyzer treats some functions differently if
+// they come from a system header -- for example, it is assumed that system
+// functions do not arbitrarily free() their parameters, and that some bugs
+// found in system headers cannot be fixed by the user and should be
+// suppressed.
+
+#pragma clang system_header
+
+#ifdef __cplusplus
+#define restrict /*restrict*/
+#endif
+
+typedef __builtin_va_list va_list;
+
+#define va_start(ap, param) __builtin_va_start(ap, param)
+#define va_end(ap) __builtin_va_end(ap)
+#define va_arg(ap, type) __builtin_va_arg(ap, type)
+#define va_copy(dst, src) __builtin_va_copy(dst, src)
+
+int vprintf (const char *restrict format, va_list arg);
+
+int vsprintf (char *restrict s, const char *restrict format, va_list arg);
+
+int some_library_function(int n, va_list arg);
+
+// No warning from system header.
+inline void __impl_detail(int fst, ...) {
+ va_list va;
+ (void)va_arg(va, int);
+}
diff --git a/clang/test/Analysis/valist-uninitialized.c b/clang/test/Analysis/valist-uninitialized.c
new file mode 100644
index 0000000..b1f11d1
--- /dev/null
+++ b/clang/test/Analysis/valist-uninitialized.c
@@ -0,0 +1,178 @@
+// RUN: %clang_cc1 -triple x86_64-pc-linux-gnu -analyze -analyzer-checker=core,alpha.valist.Uninitialized,alpha.valist.CopyToSelf -analyzer-output=text -analyzer-store=region -verify %s
+
+#include "Inputs/system-header-simulator-for-valist.h"
+
+void f1(int fst, ...) {
+ va_list va;
+ (void)va_arg(va, int); //expected-warning{{va_arg() is called on an uninitialized va_list}} expected-note{{va_arg() is called on an uninitialized va_list}}
+}
+
+int f2(int fst, ...) {
+ va_list va;
+ va_start(va, fst); // expected-note{{Initialized va_list}}
+ va_end(va); // expected-note{{Ended va_list}}
+ return va_arg(va, int); //expected-warning{{va_arg() is called on an uninitialized va_list}} expected-note{{va_arg() is called on an uninitialized va_list}}
+}
+
+void f3(int fst, ...) {
+ va_list va, va2;
+ va_start(va, fst);
+ va_copy(va2, va);
+ va_end(va);
+ (void)va_arg(va2, int);
+ va_end(va2);
+} //no-warning
+
+void f4(int cond, ...) {
+ va_list va;
+ if (cond) { // expected-note{{Assuming 'cond' is 0}} expected-note{{Taking false branch}}
+ va_start(va, cond);
+ (void)va_arg(va,int);
+ }
+ va_end(va); //expected-warning{{va_end() is called on an uninitialized va_list}} expected-note{{va_end() is called on an uninitialized va_list}}
+}
+
+void f5(va_list fst, ...) {
+ va_start(fst, fst);
+ (void)va_arg(fst, int);
+ va_end(fst);
+} // no-warning
+
+//FIXME: this should not cause a warning
+void f6(va_list *fst, ...) {
+ va_start(*fst, fst);
+ (void)va_arg(*fst, int); //expected-warning{{va_arg() is called on an uninitialized va_list}} expected-note{{va_arg() is called on an uninitialized va_list}}
+ va_end(*fst);
+}
+
+void f7(int *fst, ...) {
+ va_list x;
+ va_list *y = &x;
+ va_start(*y,fst);
+ (void)va_arg(x, int);
+ va_end(x);
+} // no-warning
+
+void f8(int *fst, ...) {
+ va_list x;
+ va_list *y = &x;
+ va_start(*y,fst); // expected-note{{Initialized va_list}}
+ va_end(x); // expected-note{{Ended va_list}}
+ (void)va_arg(*y, int); //expected-warning{{va_arg() is called on an uninitialized va_list}} expected-note{{va_arg() is called on an uninitialized va_list}}
+} // no-warning
+
+// This only contains problems which are handled by varargs.Unterminated.
+void reinit(int *fst, ...) {
+ va_list va;
+ va_start(va, fst);
+ va_start(va, fst);
+ (void)va_arg(va, int);
+} // no-warning
+
+void reinitOk(int *fst, ...) {
+ va_list va;
+ va_start(va, fst);
+ (void)va_arg(va, int);
+ va_end(va);
+ va_start(va, fst);
+ (void)va_arg(va, int);
+ va_end(va);
+} // no-warning
+
+void reinit3(int *fst, ...) {
+ va_list va;
+ va_start(va, fst); // expected-note{{Initialized va_list}}
+ (void)va_arg(va, int);
+ va_end(va); // expected-note{{Ended va_list}}
+ va_start(va, fst); // expected-note{{Initialized va_list}}
+ (void)va_arg(va, int);
+ va_end(va); // expected-note{{Ended va_list}}
+ (void)va_arg(va, int); //expected-warning{{va_arg() is called on an uninitialized va_list}} expected-note{{va_arg() is called on an uninitialized va_list}}
+}
+
+void copyself(int fst, ...) {
+ va_list va;
+ va_start(va, fst); // expected-note{{Initialized va_list}}
+ va_copy(va, va); // expected-warning{{va_list 'va' is copied onto itself}} expected-note{{va_list 'va' is copied onto itself}}
+ va_end(va);
+} // no-warning
+
+void copyselfUninit(int fst, ...) {
+ va_list va;
+ va_copy(va, va); // expected-warning{{va_list 'va' is copied onto itself}} expected-note{{va_list 'va' is copied onto itself}}
+} // no-warning
+
+void copyOverwrite(int fst, ...) {
+ va_list va, va2;
+ va_start(va, fst); // expected-note{{Initialized va_list}}
+ va_copy(va, va2); // expected-warning{{Initialized va_list 'va' is overwritten by an uninitialized one}} expected-note{{Initialized va_list 'va' is overwritten by an uninitialized one}}
+} // no-warning
+
+void copyUnint(int fst, ...) {
+ va_list va, va2;
+ va_copy(va, va2); // expected-warning{{Uninitialized va_list is copied}} expected-note{{Uninitialized va_list is copied}}
+}
+
+void g1(int fst, ...) {
+ va_list va;
+ va_end(va); // expected-warning{{va_end() is called on an uninitialized va_list}} expected-note{{va_end() is called on an uninitialized va_list}}
+}
+
+void g2(int fst, ...) {
+ va_list va;
+ va_start(va, fst); // expected-note{{Initialized va_list}}
+ va_end(va); // expected-note{{Ended va_list}}
+ va_end(va); // expected-warning{{va_end() is called on an uninitialized va_list}} expected-note{{va_end() is called on an uninitialized va_list}}
+}
+
+void is_sink(int fst, ...) {
+ va_list va;
+ va_end(va); // expected-warning{{va_end() is called on an uninitialized va_list}} expected-note{{va_end() is called on an uninitialized va_list}}
+ *((volatile int *)0) = 1; //no-warning
+}
+
+// NOTE: this is invalid, as the man page of va_end requires that "Each invocation of va_start()
+// must be matched by a corresponding invocation of va_end() in the same function."
+void ends_arg(va_list arg) {
+ va_end(arg);
+} //no-warning
+
+void uses_arg(va_list arg) {
+ (void)va_arg(arg, int);
+} //no-warning
+
+// This is the same function as the previous one, but it is called in call_uses_arg2(),
+// and the warning is generated during the analysis of call_uses_arg2().
+void inlined_uses_arg(va_list arg) {
+ (void)va_arg(arg, int); //expected-warning{{va_arg() is called on an uninitialized va_list}} expected-note{{va_arg() is called on an uninitialized va_list}}
+}
+
+void call_inlined_uses_arg(int fst, ...) {
+ va_list va;
+ inlined_uses_arg(va); // expected-note{{Calling 'inlined_uses_arg'}}
+}
+
+void call_vprintf_ok(int isstring, ...) {
+ va_list va;
+ va_start(va, isstring);
+ vprintf(isstring ? "%s" : "%d", va);
+ va_end(va);
+} //no-warning
+
+void call_vprintf_bad(int isstring, ...) {
+ va_list va;
+ vprintf(isstring ? "%s" : "%d", va); //expected-warning{{Function 'vprintf' is called with an uninitialized va_list argument}} expected-note{{Function 'vprintf' is called with an uninitialized va_list argument}} expected-note{{Assuming 'isstring' is 0}} expected-note{{'?' condition is false}}
+}
+
+void call_vsprintf_bad(char *buffer, ...) {
+ va_list va;
+ va_start(va, buffer); // expected-note{{Initialized va_list}}
+ va_end(va); // expected-note{{Ended va_list}}
+ vsprintf(buffer, "%s %d %d %lf %03d", va); //expected-warning{{Function 'vsprintf' is called with an uninitialized va_list argument}} expected-note{{Function 'vsprintf' is called with an uninitialized va_list argument}}
+}
+
+void call_some_other_func(int n, ...) {
+ va_list va;
+ some_library_function(n, va);
+} //no-warning
+
diff --git a/clang/test/Analysis/valist-unterminated.c b/clang/test/Analysis/valist-unterminated.c
new file mode 100644
index 0000000..63ee992
--- /dev/null
+++ b/clang/test/Analysis/valist-unterminated.c
@@ -0,0 +1,133 @@
+// RUN: %clang_cc1 -triple x86_64-pc-linux-gnu -analyze -analyzer-checker=core,alpha.valist.Unterminated,alpha.valist.CopyToSelf -analyzer-output=text -analyzer-store=region -verify %s
+
+#include "Inputs/system-header-simulator-for-valist.h"
+
+void f1(int fst, ...) {
+ va_list va;
+ va_start(va, fst); // expected-note{{Initialized va_list}}
+ return; // expected-warning{{Initialized va_list 'va' is leaked}} expected-note{{Initialized va_list 'va' is leaked}}
+}
+
+void f2(int fst, ...) {
+ va_list va;
+ va_start(va, fst); // expected-note{{Initialized va_list}}
+ va_end(va); // expected-note{{Ended va_list}}
+ va_start(va, fst); // expected-note{{Initialized va_list}}
+} // expected-warning{{Initialized va_list 'va' is leaked}} expected-note{{Initialized va_list 'va' is leaked}}}
+
+void f3(int fst, ...) {
+ va_list va, va2;
+ va_start(va, fst);
+ va_copy(va2, va); // expected-note{{Initialized va_list}}
+ va_end(va); // expected-warning{{Initialized va_list 'va2' is leaked}} expected-note{{Initialized va_list 'va2' is leaked}}
+}
+
+void f4(va_list *fst, ...) {
+ va_start(*fst, fst); // expected-note{{Initialized va_list}}
+ return; // expected-warning{{Initialized va_list is leaked}} expected-note{{Initialized va_list is leaked}}
+}
+
+void f5(va_list fst, ...) {
+ va_start(fst, fst);
+ //FIXME: this should cause a warning
+} // no-warning
+
+void f6(va_list *fst, ...) {
+ va_start(*fst, fst); // expected-note{{Initialized va_list}}
+ (void)va_arg(*fst, int);
+ //FIXME: this should NOT cause a warning
+ va_end(*fst); // expected-warning{{Initialized va_list is leaked}} expected-note{{Initialized va_list is leaked}}
+}
+
+void f7(int *fst, ...) {
+ va_list x;
+ va_list *y = &x;
+ va_start(*y,fst); // expected-note{{Initialized va_list}}
+} // expected-warning{{Initialized va_list 'x' is leaked}} expected-note{{Initialized va_list 'x' is leaked}}
+
+void f8(int *fst, ...) {
+ va_list x;
+ va_list *y = &x;
+ va_start(*y,fst);
+ va_end(x);
+} // no-warning
+
+void reinit(int *fst, ...) {
+ va_list va;
+ va_start(va, fst); // expected-note{{Initialized va_list}} expected-note{{Initialized va_list}}
+ va_start(va, fst); // expected-warning{{Initialized va_list 'va' is initialized again}} expected-note{{Initialized va_list 'va' is initialized again}}
+} // expected-warning{{Initialized va_list 'va' is leaked}} expected-note{{Initialized va_list 'va' is leaked}}
+
+void reinitOk(int *fst, ...) {
+ va_list va;
+ va_start(va, fst);
+ va_end(va);
+ va_start(va, fst);
+ va_end(va);
+} // no-warning
+
+void copyself(int fst, ...) {
+ va_list va;
+ va_start(va, fst); // expected-note{{Initialized va_list}}
+ va_copy(va, va); // expected-warning{{va_list 'va' is copied onto itself}} expected-note{{va_list 'va' is copied onto itself}}
+ va_end(va);
+} // no-warning
+
+void copyselfUninit(int fst, ...) {
+ va_list va;
+ va_copy(va, va); // expected-warning{{va_list 'va' is copied onto itself}} expected-note{{va_list 'va' is copied onto itself}}
+} // no-warning
+
+void copyOverwrite(int fst, ...) {
+ va_list va, va2;
+ va_start(va, fst); // expected-note{{Initialized va_list}}
+ va_copy(va, va2); // expected-warning{{Initialized va_list 'va' is overwritten by an uninitialized one}} expected-note{{Initialized va_list 'va' is overwritten by an uninitialized one}}
+} // no-warning
+
+//This only generates a warning for the valist.Uninitialized checker
+void copyUnint(int fst, ...) {
+ va_list va, va2;
+ va_copy(va, va2);
+} // no-warning
+
+void recopy(int fst, ...) {
+ va_list va, va2;
+ va_start(va, fst);
+ va_copy(va2, va); // expected-note{{Initialized va_list}}
+ va_copy(va2, va); // expected-warning{{Initialized va_list 'va2' is initialized again}} expected-note{{Initialized va_list 'va2' is initialized again}}
+ va_end(va);
+ va_end(va2);
+} //no-warning
+
+void doublemsg(int fst, ...) {
+ va_list va, va2;
+ va_start(va, fst), va_start(va2, fst); // expected-warning{{Initialized va_list 'va' is leaked}} expected-warning{{Initialized va_list 'va2' is leaked}} expected-note{{Initialized va_list}} expected-note{{Initialized va_list}} expected-note{{Initialized va_list}} expected-note{{Initialized va_list 'va' is leaked}}
+}
+
+void in_array(int fst, ...) {
+ va_list va_array[8];
+ va_start(va_array[3], fst); // expected-note{{Initialized va_list}}
+} // expected-warning{{Initialized va_list 'va_array[3]' is leaked}} expected-note{{Initialized va_list 'va_array[3]' is leaked}}
+
+struct containing_a_valist {
+ va_list vafield;
+ int foobar;
+};
+
+void in_struct(int fst, ...) {
+ struct containing_a_valist s;
+ va_start(s.vafield, fst); // expected-note{{Initialized va_list}}
+} // expected-warning{{Initialized va_list 's.vafield' is leaked}} expected-note{{Initialized va_list 's.vafield' is leaked}}
+
+void casting(int fst, ...) {
+ char mem[sizeof(va_list)];
+ va_start(*(va_list *) mem, fst); // expected-note{{Initialized va_list}}
+} // expected-warning{{Initialized va_list 'mem[0]' is leaked}} expected-note{{Initialized va_list 'mem[0]' is leaked}}
+
+
+void castingOk(int fst, ...) {
+ char mem[sizeof(va_list)];
+ va_start(*(va_list *) mem, fst);
+ va_end(*(va_list *) mem);
+} // no-warning
+