1 // RUN: %clang_cc1 -triple x86_64-apple-darwin10 -analyze -disable-free -analyzer-eagerly-assume -analyzer-checker=core,deadcode,debug.ExprInspection -verify %s 2 3 void clang_analyzer_eval(int); 4 5 int size_rdar9373039 = 1; 6 int foo_rdar9373039(const char *); 7 8 int rdar93730392() { 9 int x; 10 int j = 0; 11 12 for (int i = 0 ; i < size_rdar9373039 ; ++i) 13 x = 1; 14 15 int extra = (2 + foo_rdar9373039 ("Clang") + ((4 - ((unsigned int) (2 + foo_rdar9373039 ("Clang")) % 4)) % 4)) + (2 + foo_rdar9373039 ("1.0") + ((4 - ((unsigned int) (2 + foo_rdar9373039 ("1.0")) % 4)) % 4)); // expected-warning {{never read}} 16 17 for (int i = 0 ; i < size_rdar9373039 ; ++i) 18 j += x; // expected-warning {{garbage}} 19 20 return j; 21 } 22 23 24 int PR8962 (int *t) { 25 // This should look through the __extension__ no-op. 26 if (__extension__ (t)) return 0; 27 return *t; // expected-warning {{null pointer}} 28 } 29 30 int PR8962_b (int *t) { 31 // This should still ignore the nested casts 32 // which aren't handled by a single IgnoreParens() 33 if (((int)((int)t))) return 0; 34 return *t; // expected-warning {{null pointer}} 35 } 36 37 int PR8962_c (int *t) { 38 // If the last element in a StmtExpr was a ParenExpr, it's still live 39 if (({ (t ? (_Bool)0 : (_Bool)1); })) return 0; 40 return *t; // no-warning 41 } 42 43 int PR8962_d (int *t) { 44 // If the last element in a StmtExpr is an __extension__, it's still live 45 if (({ __extension__(t ? (_Bool)0 : (_Bool)1); })) return 0; 46 return *t; // no-warning 47 } 48 49 int PR8962_e (int *t) { 50 // Redundant casts can mess things up! 51 // Environment used to skip through NoOp casts, but LiveVariables didn't! 52 if (({ (t ? (int)(int)0L : (int)(int)1L); })) return 0; 53 return *t; // no-warning 54 } 55 56 int PR8962_f (int *t) { 57 // The StmtExpr isn't a block-level expression here, 58 // the __extension__ is. But the value should be attached to the StmtExpr 59 // anyway. Make sure the block-level check is /before/ IgnoreParens. 60 if ( __extension__({ 61 _Bool r; 62 if (t) r = 0; 63 else r = 1; 64 r; 65 }) ) return 0; 66 return *t; // no-warning 67 } 68 69 // This previously crashed logic in the analyzer engine when evaluating locations. 70 void rdar10308201_aux(unsigned val); 71 void rdar10308201 (int valA, void *valB, unsigned valC) { 72 unsigned actual_base, lines; 73 if (valC == 0) { 74 actual_base = (unsigned)valB; 75 for (;;) { 76 if (valA & (1<<0)) 77 rdar10308201_aux(actual_base); 78 } 79 } 80 } 81 82 typedef struct Struct103 { 83 unsigned i; 84 } Struct103; 85 typedef unsigned int size_t; 86 void __my_memset_chk(char*, int, size_t); 87 static int radar10367606(int t) { 88 Struct103 overall; 89 ((__builtin_object_size ((char *) &overall, 0) != (size_t) -1) ? __builtin___memset_chk ((char *) &overall, 0, sizeof(Struct103), __builtin_object_size ((char *) &overall, 0)) : __my_memset_chk ((char *) &overall, 0, sizeof(Struct103))); 90 return 0; 91 } 92 93 /* Caching out on a sink node. */ 94 extern int fooR10376675(); 95 extern int* bazR10376675(); 96 extern int nR10376675; 97 void barR10376675(int *x) { 98 int *pm; 99 if (nR10376675 * 2) { 100 int *pk = bazR10376675(); 101 pm = pk; //expected-warning {{never read}} 102 } 103 do { 104 *x = fooR10376675(); 105 } while (0); 106 } 107 108 // Test accesses to wide character strings doesn't break the analyzer. 109 typedef int wchar_t; 110 struct rdar10385775 { 111 wchar_t *name; 112 }; 113 void RDar10385775(struct rdar10385775* p) { 114 p->name = L"a"; 115 } 116 117 // Test double loop of array and array literals. Previously this 118 // resulted in a false positive uninitailized value warning. 119 void rdar10686586() { 120 int array1[] = { 1, 2, 3, 0 }; 121 int array2[] = { 1, 2, 3, 0 }; 122 int *array[] = { array1, array2 }; 123 int sum = 0; 124 for (int i = 0; i < 2; i++) { 125 for (int j = 0; j < 4; j++) { 126 sum += array[i][j]; // no-warning 127 } 128 } 129 } 130 131 // This example tests CFG handling of '||' nested in a ternary expression, 132 // and seeing that the analyzer doesn't crash. 133 int isctype(char c, unsigned long f) 134 { 135 return (c < 1 || c > 10) ? 0 : !!(c & f); 136 } 137 138 // Test that symbolic array offsets are modeled conservatively. 139 // This was triggering a false "use of uninitialized value" warning. 140 void rdar_12075238__aux(unsigned long y); 141 int rdar_12075238_(unsigned long count) { 142 if ((count < 3) || (count > 6)) 143 return 0; 144 145 unsigned long array[6]; 146 unsigned long i = 0; 147 for (; i <= count - 2; i++) 148 { 149 array[i] = i; 150 } 151 array[count - 1] = i; 152 rdar_12075238__aux(array[2]); // no-warning 153 return 0; 154 } 155 156 // Test that we handle an uninitialized value within a logical expression. 157 void PR14635(int *p) { 158 int a = 0, b; 159 *p = a || b; // expected-warning {{Assigned value is garbage or undefined}} 160 } 161 162 // Test handling floating point values with unary '!'. 163 int PR14634(int x) { 164 double y = (double)x; 165 return !y; 166 } 167 168 169 // PR15684: If a checker generates a sink node after generating a regular node 170 // and no state changes between the two, graph trimming would consider the two 171 // the same node, forming a loop. 172 struct PR15684 { 173 void (*callback)(int); 174 }; 175 void sinkAfterRegularNode(struct PR15684 *context) { 176 int uninitialized; 177 context->callback(uninitialized); // expected-warning {{uninitialized}} 178 } 179 180 181 // PR16131: C permits variables to be declared extern void. 182 static void PR16131(int x) { 183 extern void v; 184 185 int *ip = (int *)&v; 186 char *cp = (char *)&v; 187 clang_analyzer_eval(ip == cp); // expected-warning{{TRUE}} 188 // expected-warning@-1 {{comparison of distinct pointer types}} 189 190 *ip = 42; 191 clang_analyzer_eval(*ip == 42); // expected-warning{{TRUE}} 192 clang_analyzer_eval(*(int *)&v == 42); // expected-warning{{TRUE}} 193 } 194
