Gitiles
Code Review Sign In
gerrit-public.fairphone.software / toolchain / llvm-project / 09a8c7d489d336ce78834b4fc1ba5e57f93a5d72 / . / clang / test / Analysis / reference.cpp
blob: cd0202ebcb35f09d3566450e0dd7f9c1163d7d24 [file] [log] [blame]
Richard Trieuf7432752014-06-06 21:39:26 +0000[diff] [blame]1// RUN: %clang_cc1 -analyze -analyzer-checker=core,alpha.core,debug.ExprInspection -analyzer-store=region -analyzer-constraints=range -verify -Wno-null-dereference -Wno-tautological-undefined-compare %s
Jordan Rosee8a21b72012-07-31 16:34:07 +0000[diff] [blame]2
3void clang_analyzer_eval(bool);
Zhongxing Xu7e2a9fd2010-12-19 02:26:37 +0000[diff] [blame]4
Jordy Rose2e222682010-06-04 01:14:56 +0000[diff] [blame]5typedef typeof(sizeof(int)) size_t;
6void malloc (size_t);
Zhongxing Xuf1eeb782010-01-09 09:16:47 +0000[diff] [blame]7
8void f1() {
Jordy Rose09e7c882012-05-16 16:01:14 +0000[diff] [blame]9 int const &i = 3;
Zhongxing Xuf1eeb782010-01-09 09:16:47 +0000[diff] [blame]10 int b = i;
Zhongxing Xu9635f6f2010-01-10 02:52:56 +0000[diff] [blame]11
12 int *p = 0;
13
14 if (b != 3)
15 *p = 1; // no-warning
Zhongxing Xuf1eeb782010-01-09 09:16:47 +0000[diff] [blame]16}
Zhongxing Xu41cdf582010-06-03 06:23:18 +0000[diff] [blame]17
18char* ptr();
19char& ref();
20
21// These next two tests just shouldn't crash.
22char t1 () {
23 ref() = 'c';
24 return '0';
25}
26
27// just a sanity test, the same behavior as t1()
28char t2 () {
29 *ptr() = 'c';
30 return '0';
31}
Jordy Rose2e222682010-06-04 01:14:56 +0000[diff] [blame]32
33// Each of the tests below is repeated with pointers as well as references.
34// This is mostly a sanity check, but then again, both should work!
35char t3 () {
36 char& r = ref();
37 r = 'c'; // no-warning
38 if (r) return r;
39 return *(char*)0; // no-warning
40}
41
42char t4 () {
43 char* p = ptr();
44 *p = 'c'; // no-warning
45 if (*p) return *p;
46 return *(char*)0; // no-warning
47}
48
49char t5 (char& r) {
50 r = 'c'; // no-warning
51 if (r) return r;
52 return *(char*)0; // no-warning
53}
54
55char t6 (char* p) {
56 *p = 'c'; // no-warning
57 if (*p) return *p;
58 return *(char*)0; // no-warning
59}
Jordan Rosee8a21b72012-07-31 16:34:07 +0000[diff] [blame]60
61
62// PR13440 / <rdar://problem/11977113>
63// Test that the array-to-pointer decay works for array references as well.
64// More generally, when we want an lvalue for a reference field, we still need
65// to do one level of load.
66namespace PR13440 {
67 typedef int T[1];
68 struct S {
69 T &x;
70
71 int *m() { return x; }
72 };
73
74 struct S2 {
75 int (&x)[1];
76
77 int *m() { return x; }
Anna Zaks5416ab02013-05-28 23:24:01 +0000[diff] [blame]78
79 void testArrayToPointerDecayWithNonTypedValueRegion() {
80 int *p = x;
81 int *q = x;
82 clang_analyzer_eval(p[0] == q[0]); // expected-warning{{TRUE}}
83 }
84
Jordan Rosee8a21b72012-07-31 16:34:07 +0000[diff] [blame]85 };
86
87 void test() {
88 int a[1];
89 S s = { a };
90 S2 s2 = { a };
91
92 if (s.x != a) return;
93 if (s2.x != a) return;
94
95 a[0] = 42;
96 clang_analyzer_eval(s.x[0] == 42); // expected-warning{{TRUE}}
97 clang_analyzer_eval(s2.x[0] == 42); // expected-warning{{TRUE}}
98 }
99}
Jordan Rose9a2eec32012-08-02 21:33:42 +0000[diff] [blame]100
Jordan Rose4aa80e12012-08-04 00:25:30 +0000[diff] [blame]101void testNullReference() {
Jordan Rose9a2eec32012-08-02 21:33:42 +0000[diff] [blame]102 int *x = 0;
103 int &y = *x; // expected-warning{{Dereference of null pointer}}
104 y = 5;
105}
106
Jordan Rose4aa80e12012-08-04 00:25:30 +0000[diff] [blame]107void testRetroactiveNullReference(int *x) {
108 // According to the C++ standard, there is no such thing as a
109 // "null reference". So the 'if' statement ought to be dead code.
110 // However, Clang (and other compilers) don't actually check that a pointer
111 // value is non-null in the implementation of references, so it is possible
Anna Zaks05139ff2013-04-18 00:15:15 +0000[diff] [blame]112 // to produce a supposed "null reference" at runtime. The analyzer should
Jordan Rose4aa80e12012-08-04 00:25:30 +0000[diff] [blame]113 // still warn when it can prove such errors.
114 int &y = *x;
115 if (x != 0)
116 return;
117 y = 5; // expected-warning{{Dereference of null pointer}}
118}
119
Jordan Rose075d5d22012-08-21 00:27:33 +0000[diff] [blame]120void testReferenceAddress(int &x) {
121 clang_analyzer_eval(&x != 0); // expected-warning{{TRUE}}
122 clang_analyzer_eval(&ref() != 0); // expected-warning{{TRUE}}
123
124 struct S { int &x; };
125
Jordan Rosefcdda362012-09-05 17:11:26 +0000[diff] [blame]126 extern S getS();
Jordan Rose29fc2612012-10-17 19:35:37 +0000[diff] [blame]127 clang_analyzer_eval(&getS().x != 0); // expected-warning{{TRUE}}
Jordan Rosefcdda362012-09-05 17:11:26 +0000[diff] [blame]128
129 extern S *getSP();
130 clang_analyzer_eval(&getSP()->x != 0); // expected-warning{{TRUE}}
Jordan Rose075d5d22012-08-21 00:27:33 +0000[diff] [blame]131}
132
Jordan Rose9a2eec32012-08-02 21:33:42 +0000[diff] [blame]133
Jordan Rose2da56432012-09-01 17:39:00 +0000[diff] [blame]134void testFunctionPointerReturn(void *opaque) {
135 typedef int &(*RefFn)();
136
137 RefFn getRef = (RefFn)opaque;
138
139 // Don't crash writing to or reading from this reference.
140 int &x = getRef();
141 x = 42;
142 clang_analyzer_eval(x == 42); // expected-warning{{TRUE}}
143}
144
Jordan Roseb41977f2013-03-07 01:23:25 +0000[diff] [blame]145int &testReturnNullReference() {
146 int *x = 0;
147 return *x; // expected-warning{{Returning null reference}}
148}
149
150char &refFromPointer() {
151 return *ptr();
152}
153
154void testReturnReference() {
155 clang_analyzer_eval(ptr() == 0); // expected-warning{{UNKNOWN}}
156 clang_analyzer_eval(&refFromPointer() == 0); // expected-warning{{FALSE}}
157}
158
Anna Zaks9e0da9e02013-03-07 03:02:36 +0000[diff] [blame]159void intRefParam(int &r) {
160 ;
161}
Jordan Rose2da56432012-09-01 17:39:00 +0000[diff] [blame]162
Anna Zaks9e0da9e02013-03-07 03:02:36 +0000[diff] [blame]163void test(int *ptr) {
164 clang_analyzer_eval(ptr == 0); // expected-warning{{UNKNOWN}}
165
166 extern void use(int &ref);
167 use(*ptr);
168
169 clang_analyzer_eval(ptr == 0); // expected-warning{{FALSE}}
170}
171
172void testIntRefParam() {
173 int i = 0;
174 intRefParam(i); // no-warning
175}
176
177int refParam(int &byteIndex) {
178 return byteIndex;
179}
180
181void testRefParam(int *p) {
182 if (p)
183 ;
184 refParam(*p); // expected-warning {{Forming reference to null pointer}}
185}
186
187int ptrRefParam(int *&byteIndex) {
188 return *byteIndex; // expected-warning {{Dereference of null pointer}}
189}
190void testRefParam2() {
191 int *p = 0;
192 int *&rp = p;
193 ptrRefParam(rp);
194}
195
196int *maybeNull() {
197 extern bool coin();
198 static int x;
199 return coin() ? &x : 0;
200}
201
202void use(int &x) {
203 x = 1; // no-warning
204}
205
206void testSuppression() {
207 use(*maybeNull());
208}
Jordan Rose9a2eec32012-08-02 21:33:42 +0000[diff] [blame]209
210namespace rdar11212286 {
211 class B{};
212
213 B test() {
214 B *x = 0;
Anna Zaks9e0da9e02013-03-07 03:02:36 +0000[diff] [blame]215 return *x; // expected-warning {{Forming reference to null pointer}}
216 }
217
218 B testif(B *x) {
219 if (x)
220 ;
221 return *x; // expected-warning {{Forming reference to null pointer}}
222 }
223
224 void idc(B *x) {
225 if (x)
226 ;
227 }
228
229 B testidc(B *x) {
230 idc(x);
231 return *x; // no-warning
Jordan Rose9a2eec32012-08-02 21:33:42 +0000[diff] [blame]232 }
Jordan Rose075d5d22012-08-21 00:27:33 +0000[diff] [blame]233}
Jordan Roseb1312a52013-04-11 00:58:58 +0000[diff] [blame]234
235namespace PR15694 {
236 class C {
237 bool bit : 1;
238 template <class T> void bar(const T &obj) {}
239 void foo() {
240 bar(bit); // don't crash
241 }
242 };
243}