You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

152 lines
3.8 KiB

// RUN: %clang_cc1 -analyze -analyzer-checker=core -analyzer-store=region -fblocks -verify %s
struct FPRec {
void (*my_func)(int * x);
};
int bar(int x);
int f1_a(struct FPRec* foo) {
int x;
(*foo->my_func)(&x);
return bar(x)+1; // no-warning
}
int f1_b() {
int x;
return bar(x)+1; // expected-warning{{Function call argument is an uninitialized value}}
}
int f2() {
int x;
if (x+1) // expected-warning{{The left operand of '+' is a garbage value}}
return 1;
return 2;
}
int f2_b() {
int x;
return ((1+x)+2+((x))) + 1 ? 1 : 2; // expected-warning{{The right operand of '+' is a garbage value}}
}
int f3(void) {
int i;
int *p = &i;
if (*p > 0) // expected-warning{{The left operand of '>' is a garbage value}}
return 0;
else
return 1;
}
void f4_aux(float* x);
float f4(void) {
float x;
f4_aux(&x);
return x; // no-warning
}
struct f5_struct { int x; };
void f5_aux(struct f5_struct* s);
int f5(void) {
struct f5_struct s;
f5_aux(&s);
return s.x; // no-warning
}
int ret_uninit() {
int i;
int *p = &i;
return *p; // expected-warning{{Undefined or garbage value returned to caller}}
}
// <rdar://problem/6451816>
typedef unsigned char Boolean;
typedef const struct __CFNumber * CFNumberRef;
typedef signed long CFIndex;
typedef CFIndex CFNumberType;
typedef unsigned long UInt32;
typedef UInt32 CFStringEncoding;
typedef const struct __CFString * CFStringRef;
extern Boolean CFNumberGetValue(CFNumberRef number, CFNumberType theType, void *valuePtr);
extern CFStringRef CFStringConvertEncodingToIANACharSetName(CFStringEncoding encoding);
CFStringRef rdar_6451816(CFNumberRef nr) {
CFStringEncoding encoding;
// &encoding is casted to void*. This test case tests whether or not
// we properly invalidate the value of 'encoding'.
CFNumberGetValue(nr, 9, &encoding);
return CFStringConvertEncodingToIANACharSetName(encoding); // no-warning
}
// PR 4630 - false warning with nonnull attribute
// This false positive (due to a regression) caused the analyzer to falsely
// flag a "return of uninitialized value" warning in the first branch due to
// the nonnull attribute.
void pr_4630_aux(char *x, int *y) __attribute__ ((nonnull (1)));
void pr_4630_aux_2(char *x, int *y);
int pr_4630(char *a, int y) {
int x;
if (y) {
pr_4630_aux(a, &x);
return x; // no-warning
}
else {
pr_4630_aux_2(a, &x);
return x; // no-warning
}
}
// PR 4631 - False positive with union initializer
// Previously the analyzer didn't examine the compound initializers of unions,
// resulting in some false positives for initializers with side-effects.
union u_4631 { int a; };
struct s_4631 { int a; };
int pr4631_f2(int *p);
int pr4631_f3(void *q);
int pr4631_f1(void)
{
int x;
union u_4631 m = { pr4631_f2(&x) };
pr4631_f3(&m); // tell analyzer that we use m
return x; // no-warning
}
int pr4631_f1_b(void)
{
int x;
struct s_4631 m = { pr4631_f2(&x) };
pr4631_f3(&m); // tell analyzer that we use m
return x; // no-warning
}
// <rdar://problem/12278788> - FP when returning a void-valued expression from
// a void function...or block.
void foo_radar12278788() { return; }
void test_radar12278788() {
return foo_radar12278788(); // no-warning
}
void foo_radar12278788_fp() { return; }
typedef int (*RetIntFuncType)();
typedef void (*RetVoidFuncType)();
int test_radar12278788_FP() {
RetVoidFuncType f = foo_radar12278788_fp;
return ((RetIntFuncType)f)(); //expected-warning {{Undefined or garbage value returned to caller}}
}
void rdar13665798() {
^() {
return foo_radar12278788(); // no-warning
}();
^void() {
return foo_radar12278788(); // no-warning
}();
^int() {
RetVoidFuncType f = foo_radar12278788_fp;
return ((RetIntFuncType)f)(); //expected-warning {{Undefined or garbage value returned to caller}}
}();
}