2017-03-04 02:02:02 +08:00
|
|
|
// RUN: %clang_analyze_cc1 -analyzer-checker=core -analyzer-store=region -fblocks -verify %s
|
2008-04-25 02:28:14 +08:00
|
|
|
|
|
|
|
struct FPRec {
|
|
|
|
void (*my_func)(int * x);
|
|
|
|
};
|
|
|
|
|
|
|
|
int bar(int x);
|
|
|
|
|
|
|
|
int f1_a(struct FPRec* foo) {
|
|
|
|
int x;
|
|
|
|
(*foo->my_func)(&x);
|
|
|
|
return bar(x)+1; // no-warning
|
|
|
|
}
|
|
|
|
|
|
|
|
int f1_b() {
|
|
|
|
int x;
|
2017-03-08 23:22:24 +08:00
|
|
|
return bar(x)+1; // expected-warning{{1st function call argument is an uninitialized value}}
|
2008-04-25 02:28:14 +08:00
|
|
|
}
|
2008-05-05 23:56:53 +08:00
|
|
|
|
|
|
|
int f2() {
|
|
|
|
|
|
|
|
int x;
|
|
|
|
|
2009-09-24 08:44:26 +08:00
|
|
|
if (x+1) // expected-warning{{The left operand of '+' is a garbage value}}
|
2008-05-05 23:56:53 +08:00
|
|
|
return 1;
|
|
|
|
|
|
|
|
return 2;
|
|
|
|
}
|
|
|
|
|
|
|
|
int f2_b() {
|
|
|
|
int x;
|
|
|
|
|
2009-09-24 08:44:26 +08:00
|
|
|
return ((1+x)+2+((x))) + 1 ? 1 : 2; // expected-warning{{The right operand of '+' is a garbage value}}
|
2008-05-05 23:56:53 +08:00
|
|
|
}
|
|
|
|
|
2008-05-21 23:48:33 +08:00
|
|
|
int f3(void) {
|
|
|
|
int i;
|
|
|
|
int *p = &i;
|
2009-09-24 08:44:26 +08:00
|
|
|
if (*p > 0) // expected-warning{{The left operand of '>' is a garbage value}}
|
2008-05-21 23:48:33 +08:00
|
|
|
return 0;
|
|
|
|
else
|
|
|
|
return 1;
|
|
|
|
}
|
2008-11-19 19:10:42 +08:00
|
|
|
|
2009-04-03 01:25:00 +08:00
|
|
|
void f4_aux(float* x);
|
|
|
|
float f4(void) {
|
|
|
|
float x;
|
|
|
|
f4_aux(&x);
|
|
|
|
return x; // no-warning
|
|
|
|
}
|
|
|
|
|
|
|
|
struct f5_struct { int x; };
|
|
|
|
void f5_aux(struct f5_struct* s);
|
|
|
|
int f5(void) {
|
|
|
|
struct f5_struct s;
|
|
|
|
f5_aux(&s);
|
|
|
|
return s.x; // no-warning
|
|
|
|
}
|
|
|
|
|
2017-02-27 18:44:24 +08:00
|
|
|
void f6(int x) {
|
|
|
|
int a[20];
|
|
|
|
if (x == 25) {}
|
|
|
|
if (a[x] == 123) {} // expected-warning{{The left operand of '==' is a garbage value due to array index out of bounds}}
|
|
|
|
}
|
|
|
|
|
2008-11-21 08:28:47 +08:00
|
|
|
int ret_uninit() {
|
|
|
|
int i;
|
|
|
|
int *p = &i;
|
2009-09-12 06:07:28 +08:00
|
|
|
return *p; // expected-warning{{Undefined or garbage value returned to caller}}
|
2008-11-21 08:28:47 +08:00
|
|
|
}
|
|
|
|
|
2008-12-18 03:42:34 +08:00
|
|
|
// <rdar://problem/6451816>
|
|
|
|
typedef unsigned char Boolean;
|
|
|
|
typedef const struct __CFNumber * CFNumberRef;
|
|
|
|
typedef signed long CFIndex;
|
|
|
|
typedef CFIndex CFNumberType;
|
|
|
|
typedef unsigned long UInt32;
|
|
|
|
typedef UInt32 CFStringEncoding;
|
|
|
|
typedef const struct __CFString * CFStringRef;
|
|
|
|
extern Boolean CFNumberGetValue(CFNumberRef number, CFNumberType theType, void *valuePtr);
|
|
|
|
extern CFStringRef CFStringConvertEncodingToIANACharSetName(CFStringEncoding encoding);
|
|
|
|
|
|
|
|
CFStringRef rdar_6451816(CFNumberRef nr) {
|
|
|
|
CFStringEncoding encoding;
|
|
|
|
// &encoding is casted to void*. This test case tests whether or not
|
|
|
|
// we properly invalidate the value of 'encoding'.
|
|
|
|
CFNumberGetValue(nr, 9, &encoding);
|
|
|
|
return CFStringConvertEncodingToIANACharSetName(encoding); // no-warning
|
|
|
|
}
|
2008-11-21 08:28:47 +08:00
|
|
|
|
2009-07-29 03:24:31 +08:00
|
|
|
// PR 4630 - false warning with nonnull attribute
|
|
|
|
// This false positive (due to a regression) caused the analyzer to falsely
|
|
|
|
// flag a "return of uninitialized value" warning in the first branch due to
|
|
|
|
// the nonnull attribute.
|
|
|
|
void pr_4630_aux(char *x, int *y) __attribute__ ((nonnull (1)));
|
|
|
|
void pr_4630_aux_2(char *x, int *y);
|
|
|
|
int pr_4630(char *a, int y) {
|
|
|
|
int x;
|
|
|
|
if (y) {
|
|
|
|
pr_4630_aux(a, &x);
|
|
|
|
return x; // no-warning
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
pr_4630_aux_2(a, &x);
|
|
|
|
return x; // no-warning
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2009-07-29 04:46:55 +08:00
|
|
|
// PR 4631 - False positive with union initializer
|
|
|
|
// Previously the analyzer didn't examine the compound initializers of unions,
|
|
|
|
// resulting in some false positives for initializers with side-effects.
|
|
|
|
union u_4631 { int a; };
|
|
|
|
struct s_4631 { int a; };
|
|
|
|
int pr4631_f2(int *p);
|
|
|
|
int pr4631_f3(void *q);
|
|
|
|
int pr4631_f1(void)
|
|
|
|
{
|
|
|
|
int x;
|
|
|
|
union u_4631 m = { pr4631_f2(&x) };
|
|
|
|
pr4631_f3(&m); // tell analyzer that we use m
|
|
|
|
return x; // no-warning
|
|
|
|
}
|
|
|
|
int pr4631_f1_b(void)
|
|
|
|
{
|
|
|
|
int x;
|
|
|
|
struct s_4631 m = { pr4631_f2(&x) };
|
|
|
|
pr4631_f3(&m); // tell analyzer that we use m
|
|
|
|
return x; // no-warning
|
|
|
|
}
|
|
|
|
|
2013-04-18 02:03:48 +08:00
|
|
|
// <rdar://problem/12278788> - FP when returning a void-valued expression from
|
|
|
|
// a void function...or block.
|
2012-09-13 06:57:40 +08:00
|
|
|
void foo_radar12278788() { return; }
|
|
|
|
void test_radar12278788() {
|
|
|
|
return foo_radar12278788(); // no-warning
|
|
|
|
}
|
|
|
|
|
|
|
|
void foo_radar12278788_fp() { return; }
|
|
|
|
typedef int (*RetIntFuncType)();
|
|
|
|
typedef void (*RetVoidFuncType)();
|
|
|
|
int test_radar12278788_FP() {
|
|
|
|
RetVoidFuncType f = foo_radar12278788_fp;
|
|
|
|
return ((RetIntFuncType)f)(); //expected-warning {{Undefined or garbage value returned to caller}}
|
|
|
|
}
|
2013-04-18 02:03:48 +08:00
|
|
|
|
|
|
|
void rdar13665798() {
|
|
|
|
^() {
|
|
|
|
return foo_radar12278788(); // no-warning
|
|
|
|
}();
|
|
|
|
^void() {
|
|
|
|
return foo_radar12278788(); // no-warning
|
|
|
|
}();
|
|
|
|
^int() {
|
|
|
|
RetVoidFuncType f = foo_radar12278788_fp;
|
|
|
|
return ((RetIntFuncType)f)(); //expected-warning {{Undefined or garbage value returned to caller}}
|
|
|
|
}();
|
|
|
|
}
|