2009-03-24 10:24:46 +08:00
|
|
|
// RUN: clang-cc -analyze -checker-cfref --analyzer-store=basic -analyzer-constraints=basic --verify -fblocks %s &&
|
2009-07-10 08:41:58 +08:00
|
|
|
// RUN: clang-cc -analyze -checker-cfref --analyzer-store=basic-old-cast -analyzer-constraints=basic --verify -fblocks %s &&
|
2009-07-02 07:19:52 +08:00
|
|
|
// RUN: clang-cc -analyze -checker-cfref --analyzer-store=basic -analyzer-constraints=range --verify -fblocks %s &&
|
2009-07-10 08:41:58 +08:00
|
|
|
// RUN: clang-cc -analyze -checker-cfref --analyzer-store=basic-old-cast -analyzer-constraints=range --verify -fblocks %s &&
|
2009-07-02 07:19:52 +08:00
|
|
|
// RUN: clang-cc -analyze -checker-cfref --analyzer-store=region -analyzer-constraints=basic --verify -fblocks %s &&
|
|
|
|
// RUN: clang-cc -analyze -checker-cfref --analyzer-store=region -analyzer-constraints=range --verify -fblocks %s
|
2009-01-23 02:53:15 +08:00
|
|
|
|
2009-03-06 02:08:28 +08:00
|
|
|
typedef struct objc_selector *SEL;
|
|
|
|
typedef signed char BOOL;
|
|
|
|
typedef int NSInteger;
|
|
|
|
typedef unsigned int NSUInteger;
|
|
|
|
typedef struct _NSZone NSZone;
|
2009-07-09 06:42:46 +08:00
|
|
|
@class NSInvocation, NSArray, NSMethodSignature, NSCoder, NSString, NSEnumerator;
|
2009-03-06 02:08:28 +08:00
|
|
|
@protocol NSObject - (BOOL)isEqual:(id)object; @end
|
|
|
|
@protocol NSCopying - (id)copyWithZone:(NSZone *)zone; @end
|
|
|
|
@protocol NSMutableCopying - (id)mutableCopyWithZone:(NSZone *)zone; @end
|
|
|
|
@protocol NSCoding - (void)encodeWithCoder:(NSCoder *)aCoder; @end
|
|
|
|
@interface NSObject <NSObject> {} - (id)init; @end
|
|
|
|
extern id NSAllocateObject(Class aClass, NSUInteger extraBytes, NSZone *zone);
|
|
|
|
@interface NSString : NSObject <NSCopying, NSMutableCopying, NSCoding>
|
|
|
|
- (NSUInteger)length;
|
|
|
|
+ (id)stringWithUTF8String:(const char *)nullTerminatedCString;
|
|
|
|
@end extern NSString * const NSBundleDidLoadNotification;
|
|
|
|
@interface NSAssertionHandler : NSObject {}
|
|
|
|
+ (NSAssertionHandler *)currentHandler;
|
|
|
|
- (void)handleFailureInMethod:(SEL)selector object:(id)object file:(NSString *)fileName lineNumber:(NSInteger)line description:(NSString *)format,...;
|
|
|
|
@end
|
|
|
|
extern NSString * const NSConnectionReplyMode;
|
2009-03-23 23:42:58 +08:00
|
|
|
typedef float CGFloat;
|
|
|
|
typedef struct _NSPoint {
|
|
|
|
CGFloat x;
|
|
|
|
CGFloat y;
|
|
|
|
} NSPoint;
|
|
|
|
typedef struct _NSSize {
|
|
|
|
CGFloat width;
|
|
|
|
CGFloat height;
|
|
|
|
} NSSize;
|
|
|
|
typedef struct _NSRect {
|
|
|
|
NSPoint origin;
|
|
|
|
NSSize size;
|
|
|
|
} NSRect;
|
2008-10-01 13:05:46 +08:00
|
|
|
|
|
|
|
// Reduced test case from crash in <rdar://problem/6253157>
|
|
|
|
@interface A @end
|
|
|
|
@implementation A
|
|
|
|
- (void)foo:(void (^)(NSObject *x))block {
|
|
|
|
if (!((block != ((void *)0)))) {}
|
|
|
|
}
|
|
|
|
@end
|
|
|
|
|
2008-10-19 06:20:20 +08:00
|
|
|
// Reduced test case from crash in PR 2796;
|
|
|
|
// http://llvm.org/bugs/show_bug.cgi?id=2796
|
|
|
|
|
|
|
|
unsigned foo(unsigned x) { return __alignof__((x)) + sizeof(x); }
|
2008-10-21 07:14:31 +08:00
|
|
|
|
|
|
|
// Improvement to path-sensitivity involving compound assignments.
|
|
|
|
// Addresses false positive in <rdar://problem/6268365>
|
|
|
|
//
|
|
|
|
|
|
|
|
unsigned r6268365Aux();
|
|
|
|
|
|
|
|
void r6268365() {
|
|
|
|
unsigned x = 0;
|
|
|
|
x &= r6268365Aux();
|
|
|
|
unsigned j = 0;
|
|
|
|
|
|
|
|
if (x == 0) ++j;
|
|
|
|
if (x == 0) x = x / j; // no-warning
|
|
|
|
}
|
|
|
|
|
2008-10-21 07:40:25 +08:00
|
|
|
void divzeroassume(unsigned x, unsigned j) {
|
|
|
|
x /= j;
|
|
|
|
if (j == 0) x /= 0; // no-warning
|
|
|
|
if (j == 0) x /= j; // no-warning
|
|
|
|
if (j == 0) x = x / 0; // no-warning
|
|
|
|
}
|
|
|
|
|
|
|
|
void divzeroassumeB(unsigned x, unsigned j) {
|
|
|
|
x = x / j;
|
|
|
|
if (j == 0) x /= 0; // no-warning
|
|
|
|
if (j == 0) x /= j; // no-warning
|
|
|
|
if (j == 0) x = x / 0; // no-warning
|
|
|
|
}
|
|
|
|
|
2008-11-13 13:05:34 +08:00
|
|
|
// InitListExpr processing
|
|
|
|
|
|
|
|
typedef float __m128 __attribute__((__vector_size__(16), __may_alias__));
|
|
|
|
__m128 return128() {
|
2008-11-13 14:10:40 +08:00
|
|
|
// This compound literal has a Vector type. We currently just
|
|
|
|
// return UnknownVal.
|
2008-11-13 13:05:34 +08:00
|
|
|
return __extension__(__m128) { 0.0f, 0.0f, 0.0f, 0.0f };
|
|
|
|
}
|
|
|
|
|
2008-11-13 14:10:40 +08:00
|
|
|
typedef long long __v2di __attribute__ ((__vector_size__ (16)));
|
|
|
|
typedef long long __m128i __attribute__ ((__vector_size__ (16), __may_alias__));
|
|
|
|
__m128i vec128i(long long __q1, long long __q0) {
|
|
|
|
// This compound literal returns true for both isVectorType() and
|
|
|
|
// isIntegerType().
|
|
|
|
return __extension__ (__m128i)(__v2di){ __q0, __q1 };
|
|
|
|
}
|
|
|
|
|
2008-12-09 08:14:48 +08:00
|
|
|
// Zero-sized VLAs.
|
|
|
|
void check_zero_sized_VLA(int x) {
|
|
|
|
if (x)
|
|
|
|
return;
|
|
|
|
|
2009-05-10 13:11:21 +08:00
|
|
|
int vla[x]; // expected-warning{{Variable-length array 'vla' has zero elements (undefined behavior)}}
|
2008-12-09 08:44:16 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
void check_uninit_sized_VLA() {
|
|
|
|
int x;
|
2009-05-10 13:11:21 +08:00
|
|
|
int vla[x]; // expected-warning{{Variable-length array 'vla' garbage value for array size}}
|
2008-12-09 08:14:48 +08:00
|
|
|
}
|
2008-11-13 14:10:40 +08:00
|
|
|
|
2008-12-16 02:51:00 +08:00
|
|
|
// sizeof(void)
|
|
|
|
// - Tests a regression reported in PR 3211: http://llvm.org/bugs/show_bug.cgi?id=3211
|
|
|
|
void handle_sizeof_void(unsigned flag) {
|
|
|
|
int* p = 0;
|
|
|
|
|
|
|
|
if (flag) {
|
|
|
|
if (sizeof(void) == 1)
|
|
|
|
return;
|
|
|
|
// Infeasible.
|
|
|
|
*p = 1; // no-warning
|
|
|
|
}
|
|
|
|
|
|
|
|
void* q;
|
|
|
|
|
|
|
|
if (!flag) {
|
|
|
|
if (sizeof(*q) == 1)
|
|
|
|
return;
|
|
|
|
// Infeasibe.
|
|
|
|
*p = 1; // no-warning
|
|
|
|
}
|
|
|
|
|
|
|
|
// Infeasible.
|
|
|
|
*p = 1; // no-warning
|
|
|
|
}
|
|
|
|
|
2009-01-28 02:29:03 +08:00
|
|
|
// PR 3422
|
|
|
|
void pr3422_helper(char *p);
|
|
|
|
void pr3422() {
|
|
|
|
char buf[100];
|
|
|
|
char *q = &buf[10];
|
|
|
|
pr3422_helper(&q[1]);
|
|
|
|
}
|
|
|
|
|
2009-02-14 13:55:08 +08:00
|
|
|
// PR 3543 (handle empty statement expressions)
|
|
|
|
int pr_3543(void) {
|
|
|
|
({});
|
|
|
|
}
|
|
|
|
|
2009-02-24 10:23:11 +08:00
|
|
|
// <rdar://problem/6611677>
|
|
|
|
// This test case test the use of a vector type within an array subscript
|
|
|
|
// expression.
|
|
|
|
typedef long long __a64vector __attribute__((__vector_size__(8)));
|
|
|
|
typedef long long __a128vector __attribute__((__vector_size__(16)));
|
|
|
|
static inline __a64vector __attribute__((__always_inline__, __nodebug__))
|
|
|
|
my_test_mm_movepi64_pi64(__a128vector a) {
|
|
|
|
return (__a64vector)a[0];
|
|
|
|
}
|
|
|
|
|
2009-03-06 02:08:28 +08:00
|
|
|
// Test basic tracking of ivars associated with 'self'.
|
|
|
|
@interface SelfIvarTest : NSObject {
|
|
|
|
int flag;
|
|
|
|
}
|
|
|
|
- (void)test_self_tracking;
|
|
|
|
@end
|
|
|
|
|
|
|
|
@implementation SelfIvarTest
|
|
|
|
- (void)test_self_tracking {
|
|
|
|
char *p = 0;
|
|
|
|
char c;
|
|
|
|
|
|
|
|
if (flag)
|
|
|
|
p = "hello";
|
|
|
|
|
|
|
|
if (flag)
|
|
|
|
c = *p; // no-warning
|
|
|
|
}
|
|
|
|
@end
|
2009-02-14 13:55:08 +08:00
|
|
|
|
2009-03-11 10:29:48 +08:00
|
|
|
// PR 3770
|
|
|
|
char pr3770(int x) {
|
|
|
|
int y = x & 0x2;
|
|
|
|
char *p = 0;
|
|
|
|
if (y == 1)
|
|
|
|
p = "hello";
|
|
|
|
|
|
|
|
if (y == 1)
|
|
|
|
return p[0]; // no-warning
|
|
|
|
|
|
|
|
return 'a';
|
|
|
|
}
|
|
|
|
|
2009-03-12 02:17:16 +08:00
|
|
|
// PR 3772
|
2009-03-11 10:52:39 +08:00
|
|
|
// - We just want to test that this doesn't crash the analyzer.
|
|
|
|
typedef struct st ST;
|
|
|
|
struct st { char *name; };
|
|
|
|
extern ST *Cur_Pu;
|
|
|
|
|
2009-03-12 02:17:16 +08:00
|
|
|
void pr3772(void)
|
2009-03-11 10:52:39 +08:00
|
|
|
{
|
|
|
|
static ST *last_Cur_Pu;
|
|
|
|
if (last_Cur_Pu == Cur_Pu) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2009-03-12 02:17:16 +08:00
|
|
|
// PR 3780 - This tests that StmtIterator isn't broken for VLAs in DeclGroups.
|
|
|
|
void pr3780(int sz) { typedef double MAT[sz][sz]; }
|
2009-03-11 10:52:39 +08:00
|
|
|
|
2009-03-19 06:10:22 +08:00
|
|
|
// <rdar://problem/6695527> - Test that we don't symbolicate doubles before
|
|
|
|
// we are ready to do something with them.
|
|
|
|
int rdar6695527(double x) {
|
|
|
|
if (!x) { return 0; }
|
|
|
|
return 1;
|
|
|
|
}
|
2009-03-23 23:42:58 +08:00
|
|
|
|
|
|
|
// <rdar://problem/6708148> - Test that we properly invalidate structs
|
|
|
|
// passed-by-reference to a function.
|
|
|
|
void pr6708148_invalidate(NSRect *x);
|
|
|
|
void pr6708148_use(NSRect x);
|
|
|
|
void pr6708148_test(void) {
|
|
|
|
NSRect x;
|
|
|
|
pr6708148_invalidate(&x);
|
|
|
|
pr6708148_use(x); // no-warning
|
|
|
|
}
|
|
|
|
|
2009-04-10 08:01:14 +08:00
|
|
|
// Handle both kinds of noreturn attributes for pruning paths.
|
|
|
|
void rdar_6777003_noret() __attribute__((noreturn));
|
|
|
|
void rdar_6777003_analyzer_noret() __attribute__((analyzer_noreturn));
|
|
|
|
|
|
|
|
void rdar_6777003(int x) {
|
|
|
|
int *p = 0;
|
|
|
|
|
|
|
|
if (x == 1) {
|
|
|
|
rdar_6777003_noret();
|
|
|
|
*p = 1; // no-warning;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (x == 2) {
|
|
|
|
rdar_6777003_analyzer_noret();
|
|
|
|
*p = 1; // no-warning;
|
|
|
|
}
|
|
|
|
|
|
|
|
*p = 1; // expected-warning{{Dereference of null pointer}}
|
|
|
|
}
|
|
|
|
|
2009-04-22 06:38:05 +08:00
|
|
|
// For pointer arithmetic, --/++ should be treated as preserving non-nullness,
|
|
|
|
// regardless of how well the underlying StoreManager reasons about pointer
|
|
|
|
// arithmetic.
|
|
|
|
// <rdar://problem/6777209>
|
|
|
|
void rdar_6777209(char *p) {
|
|
|
|
if (p == 0)
|
|
|
|
return;
|
|
|
|
|
|
|
|
++p;
|
|
|
|
|
|
|
|
// This branch should always be infeasible.
|
|
|
|
if (p == 0)
|
|
|
|
*p = 'c'; // no-warning
|
|
|
|
}
|
2009-04-24 01:49:43 +08:00
|
|
|
|
|
|
|
// PR 4033. A symbolic 'void *' pointer can be used as the address for a
|
|
|
|
// computed goto.
|
|
|
|
typedef void *Opcode;
|
|
|
|
Opcode pr_4033_getOpcode();
|
|
|
|
void pr_4033(void) {
|
|
|
|
next_opcode:
|
|
|
|
{
|
|
|
|
Opcode op = pr_4033_getOpcode();
|
|
|
|
if (op) goto *op;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2009-05-02 07:35:18 +08:00
|
|
|
// Test invalidating pointers-to-pointers with slightly different types. This
|
|
|
|
// example came from a recent false positive due to a regression where the
|
|
|
|
// branch condition was falsely reported as being uninitialized.
|
|
|
|
void invalidate_by_ref(char **x);
|
|
|
|
int test_invalidate_by_ref() {
|
|
|
|
unsigned short y;
|
|
|
|
invalidate_by_ref((char**) &y);
|
|
|
|
if (y) // no-warning
|
|
|
|
return 1;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2009-07-03 08:10:50 +08:00
|
|
|
// Test for <rdar://problem/7027684>. This just tests that the CFG is
|
|
|
|
// constructed correctly. Previously, the successor block of the entrance
|
|
|
|
// was the block containing the merge for '?', which would trigger an
|
|
|
|
// assertion failure.
|
|
|
|
int rdar_7027684_aux();
|
|
|
|
int rdar_7027684_aux_2() __attribute__((noreturn));
|
|
|
|
void rdar_7027684(int x, int y) {
|
|
|
|
{}; // this empty compound statement is critical.
|
|
|
|
(rdar_7027684_aux() ? rdar_7027684_aux_2() : (void) 0);
|
|
|
|
}
|
|
|
|
|
2009-07-07 06:23:45 +08:00
|
|
|
// Test that we handle casts of string literals to arbitrary types.
|
|
|
|
unsigned const char *string_literal_test1() {
|
|
|
|
return (const unsigned char*) "hello";
|
|
|
|
}
|
|
|
|
|
|
|
|
const float *string_literal_test2() {
|
|
|
|
return (const float*) "hello";
|
|
|
|
}
|
|
|
|
|
2009-07-07 07:47:19 +08:00
|
|
|
// Test that we handle casts *from* incomplete struct types.
|
|
|
|
extern const struct _FooAssertStruct _cmd;
|
|
|
|
void test_cast_from_incomplete_struct_aux(volatile const void *x);
|
|
|
|
void test_cast_from_incomplete_struct() {
|
|
|
|
test_cast_from_incomplete_struct_aux(&_cmd);
|
|
|
|
}
|
2009-07-03 08:10:50 +08:00
|
|
|
|
2009-07-09 06:42:46 +08:00
|
|
|
// Test for <rdar://problem/7034511>
|
|
|
|
// "ValueManager::makeIntVal(uint64_t X, QualType T) should return a 'Loc'
|
|
|
|
// when 'T' is a pointer"
|
|
|
|
//
|
|
|
|
// Previously this case would crash.
|
|
|
|
void test_rdar_7034511(NSArray *y) {
|
|
|
|
NSObject *x;
|
|
|
|
for (x in y) {}
|
|
|
|
if (x == ((void*) 0)) {}
|
|
|
|
}
|
|
|
|
|
2009-07-11 05:24:45 +08:00
|
|
|
// Handle casts of function pointers (CodeTextRegions) to arbitrary pointer
|
|
|
|
// types. This was previously causing a crash in CastRegion.
|
|
|
|
void handle_funcptr_voidptr_casts() {
|
2009-07-11 05:11:16 +08:00
|
|
|
void **ptr;
|
|
|
|
typedef void *PVOID;
|
2009-07-11 05:24:45 +08:00
|
|
|
typedef void *PCHAR;
|
2009-07-11 05:11:16 +08:00
|
|
|
typedef long INT_PTR, *PINT_PTR;
|
|
|
|
typedef INT_PTR (*FARPROC)();
|
2009-07-11 05:24:45 +08:00
|
|
|
FARPROC handle_funcptr_voidptr_casts_aux();
|
|
|
|
PVOID handle_funcptr_voidptr_casts_aux_2(PVOID volatile *x);
|
|
|
|
PVOID handle_funcptr_voidptr_casts_aux_3(PCHAR volatile *x);
|
2009-07-11 05:11:16 +08:00
|
|
|
|
2009-07-11 05:24:45 +08:00
|
|
|
ptr = (void**) handle_funcptr_voidptr_casts_aux();
|
|
|
|
handle_funcptr_voidptr_casts_aux_2(ptr);
|
|
|
|
handle_funcptr_voidptr_casts_aux_3(ptr);
|
2009-07-11 05:11:16 +08:00
|
|
|
}
|
|
|
|
|
2009-07-11 05:43:30 +08:00
|
|
|
// RegionStore::Retrieve previously crashed on this example. This example
|
|
|
|
// was previously in the test file 'xfail_regionstore_wine_crash.c'.
|
|
|
|
void testA() {
|
|
|
|
long x = 0;
|
|
|
|
char *y = (char *) &x;
|
|
|
|
if (!*y)
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2009-07-11 12:38:49 +08:00
|
|
|
// RegionStoreManager previously crashed on this example. The problem is that
|
|
|
|
// the value bound to the field of b->grue after the call to testB_aux is
|
|
|
|
// a symbolic region. The second '*__gruep__' involves performing a load
|
|
|
|
// from a 'int*' that really is a 'void**'. The loaded location must be
|
|
|
|
// implicitly converted to an integer that wraps a location. Previosly we would
|
|
|
|
// get a crash here due to an assertion failure.
|
|
|
|
typedef struct _BStruct { void *grue; } BStruct;
|
|
|
|
void testB_aux(void *ptr);
|
|
|
|
void testB(BStruct *b) {
|
|
|
|
{
|
|
|
|
int *__gruep__ = ((int *)&((b)->grue));
|
|
|
|
int __gruev__ = *__gruep__;
|
|
|
|
testB_aux(__gruep__);
|
|
|
|
}
|
|
|
|
{
|
|
|
|
int *__gruep__ = ((int *)&((b)->grue));
|
|
|
|
int __gruev__ = *__gruep__;
|
|
|
|
if (~0 != __gruev__) {}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|