[analyzer] Toning down invalidation a bit
When a function takes the address of a field the analyzer will no longer
assume that the function will change other fields of the enclosing structs.
Differential Revision: https://reviews.llvm.org/D57230
llvm-svn: 352473
diff --git a/clang/test/Analysis/call-invalidation.cpp b/clang/test/Analysis/call-invalidation.cpp
index c107e10..dade8db 100644
--- a/clang/test/Analysis/call-invalidation.cpp
+++ b/clang/test/Analysis/call-invalidation.cpp
@@ -132,18 +132,21 @@
PlainStruct s1;
s1.x = 1;
s1.z = 1;
+ s1.y = 1;
clang_analyzer_eval(s1.x == 1); // expected-warning{{TRUE}}
clang_analyzer_eval(s1.z == 1); // expected-warning{{TRUE}}
// Not only passing a structure pointer through const pointer parameter,
// but also passing a field pointer through const pointer parameter
// should preserve the contents of the structure.
useAnythingConst(&(s1.y));
+ clang_analyzer_eval(s1.y == 1); // expected-warning{{TRUE}}
clang_analyzer_eval(s1.x == 1); // expected-warning{{TRUE}}
// FIXME: Should say "UNKNOWN", because it is not uncommon to
// modify a mutable member variable through const pointer.
clang_analyzer_eval(s1.z == 1); // expected-warning{{TRUE}}
useAnything(&(s1.y));
- clang_analyzer_eval(s1.x == 1); // expected-warning{{UNKNOWN}}
+ clang_analyzer_eval(s1.x == 1); // expected-warning{{TRUE}}
+ clang_analyzer_eval(s1.y == 1); // expected-warning{{UNKNOWN}}
}
diff --git a/clang/test/Analysis/cxx-uninitialized-object.cpp b/clang/test/Analysis/cxx-uninitialized-object.cpp
index 07006be..93a02a4 100644
--- a/clang/test/Analysis/cxx-uninitialized-object.cpp
+++ b/clang/test/Analysis/cxx-uninitialized-object.cpp
@@ -358,7 +358,7 @@
void wontInitialize(const T &);
class PassingToUnknownFunctionTest1 {
- int a, b;
+ int a, b; // expected-note{{uninitialized field 'this->b'}}
public:
PassingToUnknownFunctionTest1() {
@@ -368,8 +368,7 @@
}
PassingToUnknownFunctionTest1(int) {
- mayInitialize(a);
- // All good!
+ mayInitialize(a); // expected-warning{{1 uninitialized field at the end of the constructor call}}
}
PassingToUnknownFunctionTest1(int, int) {
diff --git a/clang/test/Analysis/malloc.c b/clang/test/Analysis/malloc.c
index 8e0f5c0..d4a44c5 100644
--- a/clang/test/Analysis/malloc.c
+++ b/clang/test/Analysis/malloc.c
@@ -1758,8 +1758,8 @@
void testConstEscapeThroughAnotherField() {
struct IntAndPtr s;
s.p = malloc(sizeof(int));
- constEscape(&(s.x)); // could free s->p!
-} // no-warning
+ constEscape(&(s.x));
+} // expected-warning {{Potential leak of memory pointed to by 's.p'}}
// PR15623
int testNoCheckerDataPropogationFromLogicalOpOperandToOpResult(void) {
diff --git a/clang/test/Analysis/taint-generic.c b/clang/test/Analysis/taint-generic.c
index 2717e91..3052950 100644
--- a/clang/test/Analysis/taint-generic.c
+++ b/clang/test/Analysis/taint-generic.c
@@ -231,6 +231,7 @@
int sock = socket(AF_INET, SOCK_STREAM, 0);
read(sock, &tainted.y, sizeof(tainted.y));
+ tainted.x = 0;
// FIXME: overlapping regions aren't detected by isTainted yet
__builtin_memcpy(buffer, tainted.y, tainted.x);
}
diff --git a/clang/test/Analysis/taint-tester.c b/clang/test/Analysis/taint-tester.c
index 3a8cc18..b072eb84 100644
--- a/clang/test/Analysis/taint-tester.c
+++ b/clang/test/Analysis/taint-tester.c
@@ -51,7 +51,7 @@
scanf("%d", &xy.y);
scanf("%d", &xy.x);
int tx = xy.x; // expected-warning + {{tainted}}
- int ty = xy.y; // FIXME: This should be tainted as well.
+ int ty = xy.y; // expected-warning + {{tainted}}
char ntz = xy.z;// no warning
// Now, scanf scans both.
scanf("%d %d", &xy.y, &xy.x);