2018-08-30 04:29:17 +08:00
|
|
|
// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.Malloc,debug.ExprInspection -analyzer-config ipa=inlining -analyzer-config c++-allocator-inlining=true -verify -analyzer-config eagerly-assume=false %s
|
2012-07-12 08:16:25 +08:00
|
|
|
|
|
|
|
void clang_analyzer_eval(bool);
|
2012-08-11 06:26:43 +08:00
|
|
|
void clang_analyzer_checkInlined(bool);
|
2012-07-12 08:16:25 +08:00
|
|
|
|
2012-08-28 02:39:22 +08:00
|
|
|
typedef __typeof__(sizeof(int)) size_t;
|
|
|
|
extern "C" void *malloc(size_t);
|
|
|
|
|
|
|
|
// This is the standard placement new.
|
|
|
|
inline void* operator new(size_t, void* __p) throw()
|
|
|
|
{
|
2014-02-11 10:21:06 +08:00
|
|
|
clang_analyzer_checkInlined(true);// expected-warning{{TRUE}}
|
2012-08-28 02:39:22 +08:00
|
|
|
return __p;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2012-07-12 08:16:25 +08:00
|
|
|
class A {
|
|
|
|
public:
|
|
|
|
int getZero() { return 0; }
|
|
|
|
virtual int getNum() { return 0; }
|
|
|
|
};
|
|
|
|
|
|
|
|
void test(A &a) {
|
|
|
|
clang_analyzer_eval(a.getZero() == 0); // expected-warning{{TRUE}}
|
|
|
|
clang_analyzer_eval(a.getNum() == 0); // expected-warning{{UNKNOWN}}
|
|
|
|
|
|
|
|
A copy(a);
|
|
|
|
clang_analyzer_eval(copy.getZero() == 0); // expected-warning{{TRUE}}
|
|
|
|
clang_analyzer_eval(copy.getNum() == 0); // expected-warning{{TRUE}}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
class One : public A {
|
|
|
|
public:
|
|
|
|
virtual int getNum() { return 1; }
|
|
|
|
};
|
|
|
|
|
|
|
|
void testPathSensitivity(int x) {
|
|
|
|
A a;
|
|
|
|
One b;
|
|
|
|
|
|
|
|
A *ptr;
|
|
|
|
switch (x) {
|
|
|
|
case 0:
|
|
|
|
ptr = &a;
|
|
|
|
break;
|
|
|
|
case 1:
|
|
|
|
ptr = &b;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
// This should be true on both branches.
|
|
|
|
clang_analyzer_eval(ptr->getNum() == x); // expected-warning {{TRUE}}
|
|
|
|
}
|
|
|
|
|
2012-08-11 06:26:43 +08:00
|
|
|
|
|
|
|
namespace PureVirtualParent {
|
|
|
|
class Parent {
|
|
|
|
public:
|
|
|
|
virtual int pureVirtual() const = 0;
|
|
|
|
int callVirtual() const {
|
|
|
|
return pureVirtual();
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
class Child : public Parent {
|
|
|
|
public:
|
|
|
|
virtual int pureVirtual() const {
|
|
|
|
clang_analyzer_checkInlined(true); // expected-warning{{TRUE}}
|
|
|
|
return 42;
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
void testVirtual() {
|
|
|
|
Child x;
|
|
|
|
|
|
|
|
clang_analyzer_eval(x.pureVirtual() == 42); // expected-warning{{TRUE}}
|
|
|
|
clang_analyzer_eval(x.callVirtual() == 42); // expected-warning{{TRUE}}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2012-08-11 06:26:46 +08:00
|
|
|
namespace PR13569 {
|
|
|
|
class Parent {
|
|
|
|
protected:
|
|
|
|
int m_parent;
|
|
|
|
virtual int impl() const = 0;
|
|
|
|
|
|
|
|
Parent() : m_parent(0) {}
|
|
|
|
|
|
|
|
public:
|
|
|
|
int interface() const {
|
|
|
|
clang_analyzer_checkInlined(true); // expected-warning{{TRUE}}
|
|
|
|
return impl();
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
class Child : public Parent {
|
|
|
|
protected:
|
|
|
|
virtual int impl() const {
|
|
|
|
clang_analyzer_checkInlined(true); // expected-warning{{TRUE}}
|
|
|
|
return m_parent + m_child;
|
|
|
|
}
|
|
|
|
|
|
|
|
public:
|
|
|
|
Child() : m_child(0) {}
|
|
|
|
|
|
|
|
int m_child;
|
|
|
|
};
|
|
|
|
|
|
|
|
void testVirtual() {
|
|
|
|
Child x;
|
|
|
|
x.m_child = 42;
|
|
|
|
|
|
|
|
// Don't crash when inlining and devirtualizing.
|
|
|
|
x.interface();
|
|
|
|
}
|
2012-08-14 07:46:01 +08:00
|
|
|
|
|
|
|
|
|
|
|
class Grandchild : public Child {};
|
|
|
|
|
|
|
|
void testDevirtualizeToMiddle() {
|
|
|
|
Grandchild x;
|
|
|
|
x.m_child = 42;
|
|
|
|
|
|
|
|
// Don't crash when inlining and devirtualizing.
|
|
|
|
x.interface();
|
|
|
|
}
|
2012-08-11 06:26:46 +08:00
|
|
|
}
|
|
|
|
|
2012-08-14 07:46:01 +08:00
|
|
|
namespace PR13569_virtual {
|
|
|
|
class Parent {
|
|
|
|
protected:
|
|
|
|
int m_parent;
|
|
|
|
virtual int impl() const = 0;
|
2012-08-11 06:26:46 +08:00
|
|
|
|
2012-08-14 07:46:01 +08:00
|
|
|
Parent() : m_parent(0) {}
|
|
|
|
|
|
|
|
public:
|
|
|
|
int interface() const {
|
|
|
|
clang_analyzer_checkInlined(true); // expected-warning{{TRUE}}
|
|
|
|
return impl();
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
class Child : virtual public Parent {
|
|
|
|
protected:
|
|
|
|
virtual int impl() const {
|
|
|
|
clang_analyzer_checkInlined(true); // expected-warning{{TRUE}}
|
|
|
|
return m_parent + m_child;
|
|
|
|
}
|
|
|
|
|
|
|
|
public:
|
|
|
|
Child() : m_child(0) {}
|
|
|
|
|
|
|
|
int m_child;
|
|
|
|
};
|
|
|
|
|
|
|
|
void testVirtual() {
|
|
|
|
Child x;
|
|
|
|
x.m_child = 42;
|
|
|
|
|
|
|
|
// Don't crash when inlining and devirtualizing.
|
|
|
|
x.interface();
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
class Grandchild : virtual public Child {};
|
|
|
|
|
|
|
|
void testDevirtualizeToMiddle() {
|
|
|
|
Grandchild x;
|
|
|
|
x.m_child = 42;
|
|
|
|
|
|
|
|
// Don't crash when inlining and devirtualizing.
|
|
|
|
x.interface();
|
|
|
|
}
|
|
|
|
}
|
2012-08-16 05:05:15 +08:00
|
|
|
|
|
|
|
namespace Invalidation {
|
|
|
|
struct X {
|
|
|
|
void touch(int &x) const {
|
|
|
|
x = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
void touch2(int &x) const;
|
|
|
|
|
|
|
|
virtual void touchV(int &x) const {
|
|
|
|
x = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
virtual void touchV2(int &x) const;
|
|
|
|
|
|
|
|
int test() const {
|
2013-01-25 07:15:30 +08:00
|
|
|
// We were accidentally not invalidating under inlining
|
2012-08-16 05:05:15 +08:00
|
|
|
// at one point for virtual methods with visible definitions.
|
|
|
|
int a, b, c, d;
|
|
|
|
touch(a);
|
|
|
|
touch2(b);
|
|
|
|
touchV(c);
|
|
|
|
touchV2(d);
|
|
|
|
return a + b + c + d; // no-warning
|
|
|
|
}
|
|
|
|
};
|
|
|
|
}
|
2012-08-24 02:10:53 +08:00
|
|
|
|
|
|
|
namespace DefaultArgs {
|
|
|
|
int takesDefaultArgs(int i = 42) {
|
|
|
|
return -i;
|
|
|
|
}
|
|
|
|
|
|
|
|
void testFunction() {
|
|
|
|
clang_analyzer_eval(takesDefaultArgs(1) == -1); // expected-warning{{TRUE}}
|
|
|
|
clang_analyzer_eval(takesDefaultArgs() == -42); // expected-warning{{TRUE}}
|
|
|
|
}
|
|
|
|
|
|
|
|
class Secret {
|
|
|
|
public:
|
2013-02-13 11:11:06 +08:00
|
|
|
static const int value = 40 + 2;
|
2012-08-24 02:10:53 +08:00
|
|
|
int get(int i = value) {
|
|
|
|
return i;
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
void testMethod() {
|
|
|
|
Secret obj;
|
|
|
|
clang_analyzer_eval(obj.get(1) == 1); // expected-warning{{TRUE}}
|
2013-02-13 11:11:06 +08:00
|
|
|
clang_analyzer_eval(obj.get() == 42); // expected-warning{{TRUE}}
|
|
|
|
clang_analyzer_eval(Secret::value == 42); // expected-warning{{TRUE}}
|
|
|
|
}
|
2012-08-24 02:10:53 +08:00
|
|
|
|
2013-02-13 11:11:06 +08:00
|
|
|
enum ABC {
|
|
|
|
A = 0,
|
|
|
|
B = 1,
|
|
|
|
C = 2
|
|
|
|
};
|
2012-08-24 02:10:53 +08:00
|
|
|
|
2013-02-13 11:11:06 +08:00
|
|
|
int enumUser(ABC input = B) {
|
|
|
|
return static_cast<int>(input);
|
|
|
|
}
|
|
|
|
|
|
|
|
void testEnum() {
|
|
|
|
clang_analyzer_eval(enumUser(C) == 2); // expected-warning{{TRUE}}
|
|
|
|
clang_analyzer_eval(enumUser() == 1); // expected-warning{{TRUE}}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int exprUser(int input = 2 * 4) {
|
|
|
|
return input;
|
|
|
|
}
|
|
|
|
|
|
|
|
int complicatedExprUser(int input = 2 * Secret::value) {
|
|
|
|
return input;
|
|
|
|
}
|
|
|
|
|
|
|
|
void testExprs() {
|
|
|
|
clang_analyzer_eval(exprUser(1) == 1); // expected-warning{{TRUE}}
|
|
|
|
clang_analyzer_eval(exprUser() == 8); // expected-warning{{TRUE}}
|
|
|
|
|
|
|
|
clang_analyzer_eval(complicatedExprUser(1) == 1); // expected-warning{{TRUE}}
|
|
|
|
clang_analyzer_eval(complicatedExprUser() == 84); // expected-warning{{TRUE}}
|
2012-08-24 02:10:53 +08:00
|
|
|
}
|
2013-02-26 03:45:34 +08:00
|
|
|
|
|
|
|
int defaultReference(const int &input = 42) {
|
2013-05-03 03:51:20 +08:00
|
|
|
return -input;
|
|
|
|
}
|
|
|
|
int defaultReferenceZero(const int &input = 0) {
|
|
|
|
return -input;
|
2013-02-26 03:45:34 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
void testReference() {
|
2013-05-03 03:51:20 +08:00
|
|
|
clang_analyzer_eval(defaultReference(1) == -1); // expected-warning{{TRUE}}
|
|
|
|
clang_analyzer_eval(defaultReference() == -42); // expected-warning{{TRUE}}
|
|
|
|
|
|
|
|
clang_analyzer_eval(defaultReferenceZero(1) == -1); // expected-warning{{TRUE}}
|
|
|
|
clang_analyzer_eval(defaultReferenceZero() == 0); // expected-warning{{TRUE}}
|
2015-11-19 09:25:28 +08:00
|
|
|
}
|
2013-05-03 03:51:20 +08:00
|
|
|
|
|
|
|
double defaultFloatReference(const double &i = 42) {
|
|
|
|
return -i;
|
|
|
|
}
|
|
|
|
double defaultFloatReferenceZero(const double &i = 0) {
|
|
|
|
return -i;
|
|
|
|
}
|
|
|
|
|
|
|
|
void testFloatReference() {
|
|
|
|
clang_analyzer_eval(defaultFloatReference(1) == -1); // expected-warning{{UNKNOWN}}
|
|
|
|
clang_analyzer_eval(defaultFloatReference() == -42); // expected-warning{{UNKNOWN}}
|
|
|
|
|
|
|
|
clang_analyzer_eval(defaultFloatReferenceZero(1) == -1); // expected-warning{{UNKNOWN}}
|
|
|
|
clang_analyzer_eval(defaultFloatReferenceZero() == 0); // expected-warning{{UNKNOWN}}
|
2013-02-26 03:45:34 +08:00
|
|
|
}
|
2013-07-18 01:16:38 +08:00
|
|
|
|
|
|
|
char defaultString(const char *s = "abc") {
|
|
|
|
return s[1];
|
|
|
|
}
|
|
|
|
|
|
|
|
void testString() {
|
|
|
|
clang_analyzer_eval(defaultString("xyz") == 'y'); // expected-warning{{TRUE}}
|
|
|
|
clang_analyzer_eval(defaultString() == 'b'); // expected-warning{{TRUE}}
|
|
|
|
}
|
2015-11-19 09:25:28 +08:00
|
|
|
|
|
|
|
const void * const void_string = "abc";
|
|
|
|
|
|
|
|
void testBitcastedString() {
|
|
|
|
clang_analyzer_eval(0 != void_string); // expected-warning{{TRUE}}
|
|
|
|
clang_analyzer_eval('b' == ((char *)void_string)[1]); // expected-warning{{TRUE}}
|
|
|
|
}
|
2012-08-24 02:10:53 +08:00
|
|
|
}
|
2012-08-28 02:39:22 +08:00
|
|
|
|
|
|
|
namespace OperatorNew {
|
|
|
|
class IntWrapper {
|
|
|
|
public:
|
|
|
|
int value;
|
|
|
|
|
|
|
|
IntWrapper(int input) : value(input) {
|
2018-01-18 06:34:23 +08:00
|
|
|
clang_analyzer_checkInlined(true); // expected-warning{{TRUE}}
|
2012-08-28 02:39:22 +08:00
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
void test() {
|
|
|
|
IntWrapper *obj = new IntWrapper(42);
|
2018-01-18 06:34:23 +08:00
|
|
|
clang_analyzer_eval(obj->value == 42); // expected-warning{{TRUE}}
|
2013-03-25 09:35:45 +08:00
|
|
|
delete obj;
|
2012-08-28 02:39:22 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
void testPlacement() {
|
|
|
|
IntWrapper *obj = static_cast<IntWrapper *>(malloc(sizeof(IntWrapper)));
|
|
|
|
IntWrapper *alias = new (obj) IntWrapper(42);
|
|
|
|
|
|
|
|
clang_analyzer_eval(alias == obj); // expected-warning{{TRUE}}
|
|
|
|
|
2018-01-18 06:34:23 +08:00
|
|
|
clang_analyzer_eval(obj->value == 42); // expected-warning{{TRUE}}
|
|
|
|
// Because malloc() was never free()d:
|
|
|
|
// expected-warning@-2{{Potential leak of memory pointed to by 'alias'}}
|
2012-08-28 02:39:22 +08:00
|
|
|
}
|
|
|
|
}
|
2012-09-07 09:19:42 +08:00
|
|
|
|
|
|
|
|
|
|
|
namespace VirtualWithSisterCasts {
|
2012-09-08 09:24:38 +08:00
|
|
|
// This entire set of tests exercises casts from sister classes and
|
|
|
|
// from classes outside the hierarchy, which can very much confuse
|
|
|
|
// code that uses DynamicTypeInfo or needs to construct CXXBaseObjectRegions.
|
|
|
|
// These examples used to cause crashes in +Asserts builds.
|
2012-09-07 09:19:42 +08:00
|
|
|
struct Parent {
|
|
|
|
virtual int foo();
|
2012-09-08 09:24:38 +08:00
|
|
|
int x;
|
2012-09-07 09:19:42 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
struct A : Parent {
|
|
|
|
virtual int foo() { return 42; }
|
|
|
|
};
|
|
|
|
|
|
|
|
struct B : Parent {
|
|
|
|
virtual int foo();
|
|
|
|
};
|
|
|
|
|
2012-09-08 09:24:38 +08:00
|
|
|
struct Grandchild : public A {};
|
|
|
|
|
2012-09-07 09:19:42 +08:00
|
|
|
struct Unrelated {};
|
|
|
|
|
|
|
|
void testDowncast(Parent *b) {
|
|
|
|
A *a = (A *)(void *)b;
|
|
|
|
clang_analyzer_eval(a->foo() == 42); // expected-warning{{UNKNOWN}}
|
2012-09-08 09:24:38 +08:00
|
|
|
|
|
|
|
a->x = 42;
|
|
|
|
clang_analyzer_eval(a->x == 42); // expected-warning{{TRUE}}
|
2012-09-07 09:19:42 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
void testRelated(B *b) {
|
|
|
|
A *a = (A *)(void *)b;
|
|
|
|
clang_analyzer_eval(a->foo() == 42); // expected-warning{{UNKNOWN}}
|
2012-09-08 09:24:38 +08:00
|
|
|
|
|
|
|
a->x = 42;
|
|
|
|
clang_analyzer_eval(a->x == 42); // expected-warning{{TRUE}}
|
2012-09-07 09:19:42 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
void testUnrelated(Unrelated *b) {
|
|
|
|
A *a = (A *)(void *)b;
|
|
|
|
clang_analyzer_eval(a->foo() == 42); // expected-warning{{UNKNOWN}}
|
2012-09-08 09:24:38 +08:00
|
|
|
|
|
|
|
a->x = 42;
|
|
|
|
clang_analyzer_eval(a->x == 42); // expected-warning{{TRUE}}
|
|
|
|
}
|
|
|
|
|
|
|
|
void testCastViaNew(B *b) {
|
|
|
|
Grandchild *g = new (b) Grandchild();
|
2013-04-23 05:36:44 +08:00
|
|
|
clang_analyzer_eval(g->foo() == 42); // expected-warning{{TRUE}}
|
2012-09-08 09:24:38 +08:00
|
|
|
|
|
|
|
g->x = 42;
|
|
|
|
clang_analyzer_eval(g->x == 42); // expected-warning{{TRUE}}
|
2012-09-07 09:19:42 +08:00
|
|
|
}
|
|
|
|
}
|
2012-09-11 08:31:02 +08:00
|
|
|
|
|
|
|
|
|
|
|
namespace QualifiedCalls {
|
|
|
|
void test(One *object) {
|
|
|
|
// This uses the One class from the top of the file.
|
|
|
|
clang_analyzer_eval(object->getNum() == 1); // expected-warning{{UNKNOWN}}
|
|
|
|
clang_analyzer_eval(object->One::getNum() == 1); // expected-warning{{TRUE}}
|
|
|
|
clang_analyzer_eval(object->A::getNum() == 0); // expected-warning{{TRUE}}
|
|
|
|
|
|
|
|
// getZero is non-virtual.
|
|
|
|
clang_analyzer_eval(object->getZero() == 0); // expected-warning{{TRUE}}
|
|
|
|
clang_analyzer_eval(object->One::getZero() == 0); // expected-warning{{TRUE}}
|
|
|
|
clang_analyzer_eval(object->A::getZero() == 0); // expected-warning{{TRUE}}
|
|
|
|
}
|
|
|
|
}
|
[analyzer] Adjust the return type of an inlined devirtualized method call.
In C++, overriding virtual methods are allowed to specify a covariant
return type -- that is, if the return type of the base method is an
object pointer type (or reference type), the overriding method's return
type can be a pointer to a subclass of the original type. The analyzer
was failing to take this into account when devirtualizing a method call,
and anything that relied on the return value having the proper type later
would crash.
In Objective-C, overriding methods are allowed to specify ANY return type,
meaning we can NEVER be sure that devirtualizing will give us a "safe"
return value. Of course, a program that does this will most likely crash
at runtime, but the analyzer at least shouldn't crash.
The solution is to check and see if the function/method being inlined is
the function that static binding would have picked. If not, check that
the return value has the same type. If the types don't match, see if we
can fix it with a derived-to-base cast (the C++ case). If we can't,
return UnknownVal to avoid crashing later.
<rdar://problem/12409977>
llvm-svn: 165079
2012-10-03 09:08:35 +08:00
|
|
|
|
|
|
|
|
|
|
|
namespace rdar12409977 {
|
|
|
|
struct Base {
|
|
|
|
int x;
|
|
|
|
};
|
|
|
|
|
|
|
|
struct Parent : public Base {
|
|
|
|
virtual Parent *vGetThis();
|
|
|
|
Parent *getThis() { return vGetThis(); }
|
|
|
|
};
|
|
|
|
|
|
|
|
struct Child : public Parent {
|
|
|
|
virtual Child *vGetThis() { return this; }
|
|
|
|
};
|
|
|
|
|
|
|
|
void test() {
|
|
|
|
Child obj;
|
|
|
|
obj.x = 42;
|
|
|
|
|
|
|
|
// Originally, calling a devirtualized method with a covariant return type
|
|
|
|
// caused a crash because the return value had the wrong type. When we then
|
|
|
|
// go to layer a CXXBaseObjectRegion on it, the base isn't a direct base of
|
|
|
|
// the object region and we get an assertion failure.
|
|
|
|
clang_analyzer_eval(obj.getThis()->x == 42); // expected-warning{{TRUE}}
|
|
|
|
}
|
|
|
|
}
|
2013-06-19 16:19:56 +08:00
|
|
|
|
|
|
|
namespace bug16307 {
|
|
|
|
void one_argument(int a) { }
|
|
|
|
void call_with_less() {
|
2016-11-16 02:40:46 +08:00
|
|
|
reinterpret_cast<void (*)()>(one_argument)(); // expected-warning{{Function taking 1 argument is called with fewer (0)}}
|
2013-06-19 16:19:56 +08:00
|
|
|
}
|
|
|
|
}
|