1 // RUN: %clang_cc1 -triple x86_64-apple-darwin10 -analyze -disable-free -analyzer-eagerly-assume -analyzer-checker=core,deadcode,debug.ExprInspection -verify %s
2
3 void clang_analyzer_eval(int);
4
5 int size_rdar9373039 = 1;
6 int foo_rdar9373039(const char *);
7
rdar93730392()8 int rdar93730392() {
9 int x;
10 int j = 0;
11
12 for (int i = 0 ; i < size_rdar9373039 ; ++i)
13 x = 1;
14
15 int extra = (2 + foo_rdar9373039 ("Clang") + ((4 - ((unsigned int) (2 + foo_rdar9373039 ("Clang")) % 4)) % 4)) + (2 + foo_rdar9373039 ("1.0") + ((4 - ((unsigned int) (2 + foo_rdar9373039 ("1.0")) % 4)) % 4)); // expected-warning {{never read}}
16
17 for (int i = 0 ; i < size_rdar9373039 ; ++i)
18 j += x; // expected-warning {{garbage}}
19
20 return j;
21 }
22
23
PR8962(int * t)24 int PR8962 (int *t) {
25 // This should look through the __extension__ no-op.
26 if (__extension__ (t)) return 0;
27 return *t; // expected-warning {{null pointer}}
28 }
29
PR8962_b(int * t)30 int PR8962_b (int *t) {
31 // This should still ignore the nested casts
32 // which aren't handled by a single IgnoreParens()
33 if (((int)((int)t))) return 0;
34 return *t; // expected-warning {{null pointer}}
35 }
36
PR8962_c(int * t)37 int PR8962_c (int *t) {
38 // If the last element in a StmtExpr was a ParenExpr, it's still live
39 if (({ (t ? (_Bool)0 : (_Bool)1); })) return 0;
40 return *t; // no-warning
41 }
42
PR8962_d(int * t)43 int PR8962_d (int *t) {
44 // If the last element in a StmtExpr is an __extension__, it's still live
45 if (({ __extension__(t ? (_Bool)0 : (_Bool)1); })) return 0;
46 return *t; // no-warning
47 }
48
PR8962_e(int * t)49 int PR8962_e (int *t) {
50 // Redundant casts can mess things up!
51 // Environment used to skip through NoOp casts, but LiveVariables didn't!
52 if (({ (t ? (int)(int)0L : (int)(int)1L); })) return 0;
53 return *t; // no-warning
54 }
55
PR8962_f(int * t)56 int PR8962_f (int *t) {
57 // The StmtExpr isn't a block-level expression here,
58 // the __extension__ is. But the value should be attached to the StmtExpr
59 // anyway. Make sure the block-level check is /before/ IgnoreParens.
60 if ( __extension__({
61 _Bool r;
62 if (t) r = 0;
63 else r = 1;
64 r;
65 }) ) return 0;
66 return *t; // no-warning
67 }
68
69 // This previously crashed logic in the analyzer engine when evaluating locations.
70 void rdar10308201_aux(unsigned val);
rdar10308201(int valA,void * valB,unsigned valC)71 void rdar10308201 (int valA, void *valB, unsigned valC) {
72 unsigned actual_base, lines;
73 if (valC == 0) {
74 actual_base = (unsigned)valB;
75 for (;;) {
76 if (valA & (1<<0))
77 rdar10308201_aux(actual_base);
78 }
79 }
80 }
81
82 typedef struct Struct103 {
83 unsigned i;
84 } Struct103;
85 typedef unsigned int size_t;
86 void __my_memset_chk(char*, int, size_t);
radar10367606(int t)87 static int radar10367606(int t) {
88 Struct103 overall;
89 ((__builtin_object_size ((char *) &overall, 0) != (size_t) -1) ? __builtin___memset_chk ((char *) &overall, 0, sizeof(Struct103), __builtin_object_size ((char *) &overall, 0)) : __my_memset_chk ((char *) &overall, 0, sizeof(Struct103)));
90 return 0;
91 }
92
93 /* Caching out on a sink node. */
94 extern int fooR10376675();
95 extern int* bazR10376675();
96 extern int nR10376675;
barR10376675(int * x)97 void barR10376675(int *x) {
98 int *pm;
99 if (nR10376675 * 2) {
100 int *pk = bazR10376675();
101 pm = pk; //expected-warning {{never read}}
102 }
103 do {
104 *x = fooR10376675();
105 } while (0);
106 }
107
108 // Test accesses to wide character strings doesn't break the analyzer.
109 typedef int wchar_t;
110 struct rdar10385775 {
111 wchar_t *name;
112 };
RDar10385775(struct rdar10385775 * p)113 void RDar10385775(struct rdar10385775* p) {
114 p->name = L"a";
115 }
116
117 // Test double loop of array and array literals. Previously this
118 // resulted in a false positive uninitailized value warning.
rdar10686586()119 void rdar10686586() {
120 int array1[] = { 1, 2, 3, 0 };
121 int array2[] = { 1, 2, 3, 0 };
122 int *array[] = { array1, array2 };
123 int sum = 0;
124 for (int i = 0; i < 2; i++) {
125 for (int j = 0; j < 4; j++) {
126 sum += array[i][j]; // no-warning
127 }
128 }
129 }
130
131 // This example tests CFG handling of '||' nested in a ternary expression,
132 // and seeing that the analyzer doesn't crash.
isctype(char c,unsigned long f)133 int isctype(char c, unsigned long f)
134 {
135 return (c < 1 || c > 10) ? 0 : !!(c & f);
136 }
137
138 // Test that symbolic array offsets are modeled conservatively.
139 // This was triggering a false "use of uninitialized value" warning.
140 void rdar_12075238__aux(unsigned long y);
rdar_12075238_(unsigned long count)141 int rdar_12075238_(unsigned long count) {
142 if ((count < 3) || (count > 6))
143 return 0;
144
145 unsigned long array[6];
146 unsigned long i = 0;
147 for (; i <= count - 2; i++)
148 {
149 array[i] = i;
150 }
151 array[count - 1] = i;
152 rdar_12075238__aux(array[2]); // no-warning
153 return 0;
154 }
155
156 // Test that we handle an uninitialized value within a logical expression.
PR14635(int * p)157 void PR14635(int *p) {
158 int a = 0, b;
159 *p = a || b; // expected-warning {{Assigned value is garbage or undefined}}
160 }
161
162 // Test handling floating point values with unary '!'.
PR14634(int x)163 int PR14634(int x) {
164 double y = (double)x;
165 return !y;
166 }
167
168
169 // PR15684: If a checker generates a sink node after generating a regular node
170 // and no state changes between the two, graph trimming would consider the two
171 // the same node, forming a loop.
172 struct PR15684 {
173 void (*callback)(int);
174 };
sinkAfterRegularNode(struct PR15684 * context)175 void sinkAfterRegularNode(struct PR15684 *context) {
176 int uninitialized;
177 context->callback(uninitialized); // expected-warning {{uninitialized}}
178 }
179
180
181 // PR16131: C permits variables to be declared extern void.
PR16131(int x)182 static void PR16131(int x) {
183 extern void v;
184
185 int *ip = (int *)&v;
186 char *cp = (char *)&v;
187 clang_analyzer_eval(ip == cp); // expected-warning{{TRUE}}
188 // expected-warning@-1 {{comparison of distinct pointer types}}
189
190 *ip = 42;
191 clang_analyzer_eval(*ip == 42); // expected-warning{{TRUE}}
192 clang_analyzer_eval(*(int *)&v == 42); // expected-warning{{TRUE}}
193 }
194