2017-03-04 02:02:02 +08:00
|
|
|
// RUN: %clang_analyze_cc1 -analyzer-checker=core -analyzer-config suppress-inlined-defensive-checks=true -verify %s
|
2013-03-02 11:20:52 +08:00
|
|
|
|
|
|
|
// Perform inline defensive checks.
|
2017-04-25 03:30:33 +08:00
|
|
|
void idc(void *p) {
|
2013-03-02 11:20:52 +08:00
|
|
|
if (p)
|
|
|
|
;
|
|
|
|
}
|
|
|
|
|
|
|
|
int test01(int *p) {
|
|
|
|
if (p)
|
|
|
|
;
|
|
|
|
return *p; // expected-warning {{Dereference of null pointer}}
|
|
|
|
}
|
|
|
|
|
|
|
|
int test02(int *p, int *x) {
|
|
|
|
if (p)
|
|
|
|
;
|
|
|
|
idc(p);
|
|
|
|
if (x)
|
|
|
|
;
|
|
|
|
return *p; // expected-warning {{Dereference of null pointer}}
|
|
|
|
}
|
|
|
|
|
|
|
|
int test03(int *p, int *x) {
|
|
|
|
idc(p);
|
|
|
|
if (p)
|
|
|
|
;
|
|
|
|
return *p; // False negative
|
|
|
|
}
|
|
|
|
|
|
|
|
int deref04(int *p) {
|
|
|
|
return *p; // expected-warning {{Dereference of null pointer}}
|
|
|
|
}
|
|
|
|
|
|
|
|
int test04(int *p) {
|
|
|
|
if (p)
|
|
|
|
;
|
|
|
|
idc(p);
|
|
|
|
return deref04(p);
|
|
|
|
}
|
|
|
|
|
|
|
|
int test11(int *q, int *x) {
|
|
|
|
int *p = q;
|
|
|
|
if (q)
|
|
|
|
;
|
|
|
|
if (x)
|
|
|
|
;
|
|
|
|
return *p; // expected-warning{{Dereference of null pointer}}
|
|
|
|
}
|
|
|
|
|
|
|
|
int test12(int *q) {
|
|
|
|
int *p = q;
|
|
|
|
idc(q);
|
|
|
|
return *p;
|
|
|
|
}
|
|
|
|
|
|
|
|
int test13(int *q) {
|
|
|
|
int *p = q;
|
|
|
|
idc(p);
|
|
|
|
return *p;
|
|
|
|
}
|
|
|
|
|
|
|
|
int test21(int *q, int *x) {
|
|
|
|
if (q)
|
|
|
|
;
|
|
|
|
if (x)
|
|
|
|
;
|
|
|
|
int *p = q;
|
|
|
|
return *p; // expected-warning{{Dereference of null pointer}}
|
|
|
|
}
|
|
|
|
|
|
|
|
int test22(int *q, int *x) {
|
|
|
|
idc(q);
|
|
|
|
if (x)
|
|
|
|
;
|
|
|
|
int *p = q;
|
|
|
|
return *p;
|
|
|
|
}
|
|
|
|
|
|
|
|
int test23(int *q, int *x) {
|
|
|
|
idc(q);
|
|
|
|
if (x)
|
|
|
|
;
|
|
|
|
int *p = q;
|
|
|
|
if (!p)
|
|
|
|
;
|
|
|
|
return *p; // False negative
|
|
|
|
}
|
|
|
|
|
|
|
|
void use(char *p) {
|
|
|
|
if (!p)
|
|
|
|
return;
|
|
|
|
p[0] = 'a';
|
|
|
|
}
|
|
|
|
|
|
|
|
void test24(char *buffer) {
|
|
|
|
use(buffer);
|
|
|
|
buffer[1] = 'b';
|
|
|
|
}
|
2013-04-20 09:15:42 +08:00
|
|
|
|
|
|
|
// Ensure idc works on pointers with constant offset.
|
|
|
|
void idcchar(const char *s2) {
|
|
|
|
if(s2)
|
|
|
|
;
|
|
|
|
}
|
|
|
|
void testConstantOffset(char *value) {
|
|
|
|
char *cursor = value + 5;
|
|
|
|
idcchar(cursor);
|
|
|
|
if (*cursor) {
|
|
|
|
cursor++;
|
|
|
|
}
|
|
|
|
}
|
2013-07-04 10:38:06 +08:00
|
|
|
|
|
|
|
// Ensure idc works for integer zero values (ex: suppressed div by zero).
|
|
|
|
void idcZero(int assume) {
|
|
|
|
if (assume)
|
|
|
|
;
|
|
|
|
}
|
|
|
|
|
|
|
|
int idcTriggerZeroValue(int m) {
|
|
|
|
idcZero(m);
|
|
|
|
return 5/m; // no-warning
|
|
|
|
}
|
|
|
|
|
|
|
|
int idcTriggerZeroValueThroughCall(int i) {
|
|
|
|
return 5/i; // no-warning
|
|
|
|
}
|
|
|
|
void idcTrackZeroValueThroughCall(int x) {
|
|
|
|
idcZero(x);
|
|
|
|
idcTriggerZeroValueThroughCall(x);
|
|
|
|
}
|
|
|
|
|
|
|
|
int idcTriggerZeroThroughDoubleAssignemnt(int i) {
|
|
|
|
return 5/i; // no-warning
|
|
|
|
}
|
|
|
|
void idcTrackZeroThroughDoubleAssignemnt(int x) {
|
|
|
|
idcZero(x);
|
|
|
|
int y = x;
|
|
|
|
int z = y;
|
|
|
|
idcTriggerZeroValueThroughCall(z);
|
|
|
|
}
|
2017-04-25 03:30:33 +08:00
|
|
|
|
|
|
|
struct S {
|
|
|
|
int f1;
|
|
|
|
int f2;
|
|
|
|
};
|
|
|
|
|
|
|
|
void idcTrackZeroValueThroughUnaryPointerOperators(struct S *s) {
|
|
|
|
idc(s);
|
|
|
|
*(&(s->f1)) = 7; // no-warning
|
|
|
|
}
|
|
|
|
|
|
|
|
void idcTrackZeroValueThroughUnaryPointerOperatorsWithOffset1(struct S *s) {
|
|
|
|
idc(s);
|
|
|
|
int *x = &(s->f2);
|
|
|
|
*x = 7; // no-warning
|
|
|
|
}
|
|
|
|
|
|
|
|
void idcTrackZeroValueThroughUnaryPointerOperatorsWithOffset2(struct S *s) {
|
|
|
|
idc(s);
|
|
|
|
int *x = &(s->f2) - 1;
|
2018-03-31 03:27:42 +08:00
|
|
|
*x = 7; // no-warning
|
2017-04-25 03:30:33 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
void idcTrackZeroValueThroughUnaryPointerOperatorsWithAssignment(struct S *s) {
|
|
|
|
idc(s);
|
|
|
|
int *x = &(s->f1);
|
|
|
|
*x = 7; // no-warning
|
|
|
|
}
|
|
|
|
|
2017-09-27 17:50:45 +08:00
|
|
|
void idcTrackZeroValueThroughManyUnaryPointerOperatorsWithAssignment(struct S *s) {
|
|
|
|
idc(s);
|
|
|
|
int *x = &*&(s->f1);
|
|
|
|
*x = 7; // no-warning
|
|
|
|
}
|
|
|
|
|
|
|
|
void idcTrackZeroValueThroughManyUnaryPointerOperatorsWithAssignmentAndUnaryIncrement(struct S *s) {
|
|
|
|
idc(s);
|
|
|
|
int *x = &*&((++s)->f1);
|
|
|
|
*x = 7; // no-warning
|
|
|
|
}
|
|
|
|
|
2017-04-25 03:30:33 +08:00
|
|
|
|
|
|
|
struct S2 {
|
|
|
|
int a[1];
|
|
|
|
};
|
|
|
|
|
|
|
|
void idcTrackZeroValueThroughUnaryPointerOperatorsWithArrayField(struct S2 *s) {
|
|
|
|
idc(s);
|
|
|
|
*(&(s->a[0])) = 7; // no-warning
|
|
|
|
}
|
2017-12-20 08:47:17 +08:00
|
|
|
|
|
|
|
void idcTrackConstraintThroughSymbolicRegion(int **x) {
|
|
|
|
idc(*x);
|
|
|
|
// FIXME: Should not warn.
|
|
|
|
**x = 7; // expected-warning{{Dereference of null pointer}}
|
|
|
|
}
|
|
|
|
|
2017-12-20 09:03:22 +08:00
|
|
|
void idcTrackConstraintThroughSymbolicRegionAndParens(int **x) {
|
|
|
|
idc(*x);
|
|
|
|
// FIXME: Should not warn.
|
|
|
|
*(*x) = 7; // expected-warning{{Dereference of null pointer}}
|
|
|
|
}
|
|
|
|
|
2017-12-20 08:47:17 +08:00
|
|
|
int *idcPlainNull(int coin) {
|
|
|
|
if (coin)
|
|
|
|
return 0;
|
|
|
|
static int X;
|
|
|
|
return &X;
|
|
|
|
}
|
|
|
|
|
|
|
|
void idcTrackZeroValueThroughSymbolicRegion(int coin, int **x) {
|
|
|
|
*x = idcPlainNull(coin);
|
|
|
|
**x = 7; // no-warning
|
|
|
|
}
|
2017-12-20 09:03:22 +08:00
|
|
|
|
|
|
|
void idcTrackZeroValueThroughSymbolicRegionAndParens(int coin, int **x) {
|
|
|
|
*x = idcPlainNull(coin);
|
|
|
|
*(*x) = 7; // no-warning
|
|
|
|
}
|
|
|
|
|
|
|
|
struct WithInt {
|
|
|
|
int i;
|
|
|
|
};
|
|
|
|
|
|
|
|
struct WithArray {
|
|
|
|
struct WithInt arr[1];
|
|
|
|
};
|
|
|
|
|
|
|
|
struct WithArray *idcPlainNullWithArray(int coin) {
|
|
|
|
if (coin)
|
|
|
|
return 0;
|
|
|
|
static struct WithArray S;
|
|
|
|
return &S;
|
|
|
|
}
|
|
|
|
|
|
|
|
void idcTrackZeroValueThroughSymbolicRegionWithArray(int coin, struct WithArray **s) {
|
|
|
|
*s = idcPlainNullWithArray(coin);
|
|
|
|
(*s)->arr[0].i = 1; // no-warning
|
|
|
|
// Same thing.
|
|
|
|
(*s)->arr->i = 1; // no-warning
|
|
|
|
}
|