1 // RUN: %clang_analyze_cc1 -w -x c -analyzer-checker=core -analyzer-output=text\
2 // RUN: -verify %s
3
4 typedef __typeof(sizeof(int)) size_t;
5 void *memset(void *__s, int __c, size_t __n);
6
initializer1(int * p,int x)7 int initializer1(int *p, int x) {
8 if (x) { // expected-note{{'x' is 0}}
9 // expected-note@-1{{Taking false branch}}
10 *p = 1;
11 return 0;
12 } else {
13 return 1; // expected-note {{Returning without writing to '*p'}}
14 }
15 }
16
param_not_initialized_by_func()17 int param_not_initialized_by_func() {
18 int p; // expected-note {{'p' declared without an initial value}}
19 int out = initializer1(&p, 0); // expected-note{{Calling 'initializer1'}}
20 // expected-note@-1{{Returning from 'initializer1'}}
21 return p; // expected-note{{Undefined or garbage value returned to caller}}
22 // expected-warning@-1{{Undefined or garbage value returned to caller}}
23 }
24
param_initialized_properly()25 int param_initialized_properly() {
26 int p;
27 int out = initializer1(&p, 1);
28 return p; //no-warning
29 }
30
31 static int global;
32
initializer2(int ** p,int x)33 int initializer2(int **p, int x) {
34 if (x) { // expected-note{{'x' is 0}}
35 // expected-note@-1{{Taking false branch}}
36 *p = &global;
37 return 0;
38 } else {
39 return 1; // expected-note {{Returning without writing to '*p'}}
40 }
41 }
42
param_not_written_into_by_func()43 int param_not_written_into_by_func() {
44 int *p = 0; // expected-note{{'p' initialized to a null pointer value}}
45 int out = initializer2(&p, 0); // expected-note{{Calling 'initializer2'}}
46 // expected-note@-1{{Returning from 'initializer2'}}
47 return *p; // expected-warning{{Dereference of null pointer (loaded from variable 'p')}}
48 // expected-note@-1{{Dereference of null pointer (loaded from variable 'p')}}
49 }
50
initializer3(int * p,int param)51 void initializer3(int *p, int param) {
52 if (param) // expected-note{{'param' is 0}}
53 // expected-note@-1{{Taking false branch}}
54 *p = 0;
55 } // expected-note{{Returning without writing to '*p'}}
56
param_written_into_by_void_func()57 int param_written_into_by_void_func() {
58 int p; // expected-note{{'p' declared without an initial value}}
59 initializer3(&p, 0); // expected-note{{Calling 'initializer3'}}
60 // expected-note@-1{{Returning from 'initializer3'}}
61 return p; // expected-warning{{Undefined or garbage value returned to caller}}
62 // expected-note@-1{{Undefined or garbage value returned to caller}}
63 }
64
initializer4(int * p,int param)65 void initializer4(int *p, int param) {
66 if (param) // expected-note{{'param' is 0}}
67 // expected-note@-1{{Taking false branch}}
68 *p = 0;
69 } // expected-note{{Returning without writing to '*p'}}
70
initializer5(int * p,int param)71 void initializer5(int *p, int param) {
72 if (!param) // expected-note{{'param' is 1}}
73 // expected-note@-1{{Taking false branch}}
74 *p = 0;
75 } // expected-note{{Returning without writing to '*p'}}
76
multi_init_tries_func()77 int multi_init_tries_func() {
78 int p; // expected-note{{'p' declared without an initial value}}
79 initializer4(&p, 0); // expected-note{{Calling 'initializer4'}}
80 // expected-note@-1{{Returning from 'initializer4'}}
81 initializer5(&p, 1); // expected-note{{Calling 'initializer5'}}
82 // expected-note@-1{{Returning from 'initializer5'}}
83 return p; // expected-warning{{Undefined or garbage value returned to caller}}
84 // expected-note@-1{{Undefined or garbage value returned to caller}}
85 }
86
initializer6(const int * p)87 int initializer6(const int *p) {
88 return 0;
89 }
90
no_msg_on_const()91 int no_msg_on_const() {
92 int p; // expected-note{{'p' declared without an initial value}}
93 initializer6(&p);
94 return p; // expected-warning{{Undefined or garbage value returned to caller}}
95 // expected-note@-1{{Undefined or garbage value returned to caller}}
96 }
97
98 typedef struct {
99 int x;
100 } S;
101
initializer7(S * s,int param)102 int initializer7(S *s, int param) {
103 if (param) { // expected-note{{'param' is 0}}
104 // expected-note@-1{{Taking false branch}}
105 s->x = 0;
106 return 0;
107 }
108 return 1; // expected-note{{Returning without writing to 's->x'}}
109 }
110
initialize_struct_field()111 int initialize_struct_field() {
112 S local;
113 initializer7(&local, 0); // expected-note{{Calling 'initializer7'}}
114 // expected-note@-1{{Returning from 'initializer7'}}
115 return local.x; // expected-warning{{Undefined or garbage value returned to caller}}
116 // expected-note@-1{{Undefined or garbage value returned to caller}}
117 }
118
nullwriter(int ** p)119 void nullwriter(int **p) {
120 *p = 0; // expected-note{{Null pointer value stored to 'p'}}
121 } // no extra note
122
usage()123 int usage() {
124 int x = 0;
125 int *p = &x;
126 nullwriter(&p); // expected-note{{Calling 'nullwriter'}}
127 // expected-note@-1{{Returning from 'nullwriter'}}
128 return *p; // expected-warning{{Dereference of null pointer (loaded from variable 'p')}}
129 // expected-note@-1{{Dereference of null pointer (loaded from variable 'p')}}
130 }
131
132 typedef struct {
133 int x;
134 int y;
135 } A;
136
partial_initializer(A * a)137 void partial_initializer(A *a) {
138 a->x = 0;
139 } // expected-note{{Returning without writing to 'a->y'}}
140
use_partial_initializer()141 int use_partial_initializer() {
142 A a;
143 partial_initializer(&a); // expected-note{{Calling 'partial_initializer'}}
144 // expected-note@-1{{Returning from 'partial_initializer'}}
145 return a.y; // expected-warning{{Undefined or garbage value returned to caller}}
146 // expected-note@-1{{Undefined or garbage value returned to caller}}
147 }
148
149 typedef struct {
150 int x;
151 int y;
152 } B;
153
154 typedef struct {
155 B b;
156 } C;
157
partial_nested_initializer(C * c)158 void partial_nested_initializer(C *c) {
159 c->b.x = 0;
160 } // expected-note{{Returning without writing to 'c->b.y'}}
161
use_partial_nested_initializer()162 int use_partial_nested_initializer() {
163 B localB;
164 C localC;
165 localC.b = localB;
166 partial_nested_initializer(&localC); // expected-note{{Calling 'partial_nested_initializer'}}
167 // expected-note@-1{{Returning from 'partial_nested_initializer'}}
168 return localC.b.y; // expected-warning{{Undefined or garbage value returned to caller}}
169 // expected-note@-1{{Undefined or garbage value returned to caller}}
170 }
171
test_subregion_assignment(C * c)172 void test_subregion_assignment(C* c) {
173 B b;
174 c->b = b;
175 }
176
use_subregion_assignment()177 int use_subregion_assignment() {
178 C c;
179 test_subregion_assignment(&c); // expected-note{{Calling 'test_subregion_assignment'}}
180 // expected-note@-1{{Returning from 'test_subregion_assignment'}}
181 return c.b.x; // expected-warning{{Undefined or garbage value returned to caller}}
182 // expected-note@-1{{Undefined or garbage value returned to caller}}
183 }
184
185 int confusing_signature(int *);
confusing_signature(int * p)186 int confusing_signature(int *p) {
187 return 0; // expected-note{{Returning without writing to '*p'}}
188 }
189
use_confusing_signature()190 int use_confusing_signature() {
191 int a; // expected-note {{'a' declared without an initial value}}
192 confusing_signature(&a); // expected-note{{Calling 'confusing_signature'}}
193 // expected-note@-1{{Returning from 'confusing_signature'}}
194 return a; // expected-note{{Undefined or garbage value returned to caller}}
195 // expected-warning@-1{{Undefined or garbage value returned to caller}}
196 }
197
198 int coin();
199
multiindirection(int ** p)200 int multiindirection(int **p) {
201 if (coin()) // expected-note{{Assuming the condition is true}}
202 // expected-note@-1{{Taking true branch}}
203 return 1; // expected-note{{Returning without writing to '**p'}}
204 *(*p) = 0;
205 return 0;
206 }
207
usemultiindirection()208 int usemultiindirection() {
209 int a; // expected-note {{'a' declared without an initial value}}
210 int *b = &a;
211 multiindirection(&b); // expected-note{{Calling 'multiindirection'}}
212 // expected-note@-1{{Returning from 'multiindirection'}}
213 return a; // expected-note{{Undefined or garbage value returned to caller}}
214 // expected-warning@-1{{Undefined or garbage value returned to caller}}
215 }
216
indirectingstruct(S ** s)217 int indirectingstruct(S** s) {
218 if (coin()) // expected-note{{Assuming the condition is true}}
219 // expected-note@-1{{Taking true branch}}
220 return 1; // expected-note{{Returning without writing to '(*s)->x'}}
221
222 (*s)->x = 0;
223 return 0;
224 }
225
useindirectingstruct()226 int useindirectingstruct() {
227 S s;
228 S* p = &s;
229 indirectingstruct(&p); //expected-note{{Calling 'indirectingstruct'}}
230 //expected-note@-1{{Returning from 'indirectingstruct'}}
231 return s.x; // expected-warning{{Undefined or garbage value returned to caller}}
232 // expected-note@-1{{Undefined or garbage value returned to caller}}
233 }
234
235 typedef struct {
236 int *x;
237 } D;
238
initializeMaybeInStruct(D * pD)239 void initializeMaybeInStruct(D* pD) {
240 if (coin()) // expected-note{{Assuming the condition is false}}
241 // expected-note@-1{{Taking false branch}}
242 *pD->x = 120;
243 } // expected-note{{Returning without writing to 'pD->x'}}
244
useInitializeMaybeInStruct()245 int useInitializeMaybeInStruct() {
246 int z; // expected-note{{'z' declared without an initial value}}
247 D d;
248 d.x = &z;
249 initializeMaybeInStruct(&d); // expected-note{{Calling 'initializeMaybeInStruct'}}
250 // expected-note@-1{{Returning from 'initializeMaybeInStruct'}}
251 return z; // expected-warning{{Undefined or garbage value returned to caller}}
252 // expected-note@-1{{Undefined or garbage value returned to caller}}
253 }
254
test_implicit_function_decl(int * x)255 void test_implicit_function_decl(int *x) {
256 if (x) {} // expected-note{{Assuming 'x' is null}}
257 // expected-note@-1{{Taking false branch}}
258 implicit_function(x);
259 *x = 4; // expected-warning{{Dereference of null pointer (loaded from variable 'x')}}
260 // expected-note@-1{{Dereference of null pointer (loaded from variable 'x')}}
261 }
implicit_function(int * y)262 int implicit_function(int *y) {}
263