1 // RUN: %clang_analyze_cc1 -analyzer-output=text -verify %s \
2 // RUN: -analyzer-checker=core \
3 // RUN: -analyzer-checker=unix.Malloc \
4 // RUN: -analyzer-checker=debug.ExprInspection \
5 // RUN: -analyzer-config core.CallAndMessage:ArgPointeeInitializedness=true
6
7 void clang_analyzer_warnIfReached();
8
9 // Passing uninitialized const data to function
10 #include "Inputs/system-header-simulator.h"
11
12 typedef __typeof(sizeof(int)) size_t;
13 void *malloc(size_t);
14 void *valloc(size_t);
15 void free(void *);
16
17
doStuff3(const int y)18 void doStuff3(const int y){}
doStuff2(int g)19 void doStuff2(int g){}
doStuff_pointerToConstInt(const int * u)20 void doStuff_pointerToConstInt(const int *u){};
doStuff_arrayOfConstInt(const int a[])21 void doStuff_arrayOfConstInt(const int a[]){};
22
doStuff_constPointerToConstInt(int const * const u)23 void doStuff_constPointerToConstInt (int const * const u){};
doStuff_constPointerToConstPointerToConstInt(int const * const * const u)24 void doStuff_constPointerToConstPointerToConstInt(int const * const * const u){};
doStuff_pointerToConstPointerToConstInt(int const * const * u)25 void doStuff_pointerToConstPointerToConstInt(int const * const * u){};
doStuff_pointerToPointerToConstInt(int const ** u)26 void doStuff_pointerToPointerToConstInt (int const **u){};
doStuff_constStaticSizedArray(const int a[static10])27 void doStuff_constStaticSizedArray(const int a[static 10]) {}
doStuff_variadic(const int * u,...)28 void doStuff_variadic(const int *u, ...){};
29
f_1(void)30 void f_1(void) {
31 int t; // expected-note {{'t' declared without an initial value}}
32 int* tp = &t; // expected-note {{'tp' initialized here}}
33 doStuff_pointerToConstInt(tp); // expected-warning {{1st function call argument is a pointer to uninitialized value}}
34 // expected-note@-1 {{1st function call argument is a pointer to uninitialized value}}
35 }
36
f_1_1(void)37 void f_1_1(void) {
38 int t; // expected-note {{'t' declared without an initial value}}
39 int *tp1 = &t; // expected-note {{'tp1' initialized here}}
40 int* tp2 = tp1; // expected-note {{'tp2' initialized here}}
41 doStuff_pointerToConstInt(tp2); // expected-warning {{1st function call argument is a pointer to uninitialized value}}
42 // expected-note@-1 {{1st function call argument is a pointer to uninitialized value}}
43 }
44
45
f_2_sub(int * p)46 int *f_2_sub(int *p) {
47 return p; // expected-note {{Returning pointer (loaded from 'p')}}
48 }
49
f_2(void)50 void f_2(void) {
51 int t; // expected-note {{'t' declared without an initial value}}
52 int *p = f_2_sub(&t); // expected-note {{Passing value via 1st parameter 'p'}}
53 // expected-note@-1{{Calling 'f_2_sub'}}
54 // expected-note@-2{{Returning from 'f_2_sub'}}
55 // expected-note@-3{{'p' initialized here}}
56 int* tp = p; // expected-note {{'tp' initialized here}}
57 doStuff_pointerToConstInt(tp); // expected-warning {{1st function call argument is a pointer to uninitialized value}}
58 // expected-note@-1 {{1st function call argument is a pointer to uninitialized value}}
59 }
60
61 int z;
f_3(void)62 void f_3(void) {
63 doStuff_pointerToConstInt(&z); // no warning
64 }
65
f_4(void)66 void f_4(void) {
67 int x=5;
68 doStuff_pointerToConstInt(&x); // no warning
69 }
70
f_5(void)71 void f_5(void) {
72 int ta[5]; // expected-note {{'ta' initialized here}}
73 int* tp = ta; // expected-note {{'tp' initialized here}}
74 doStuff_pointerToConstInt(tp); // expected-warning {{1st function call argument is a pointer to uninitialized value}}
75 // expected-note@-1 {{1st function call argument is a pointer to uninitialized value}}
76 }
77
f_5_1(void)78 void f_5_1(void) {
79 int ta[5]; // expected-note {{'ta' initialized here}}
80 doStuff_pointerToConstInt(ta); // expected-warning {{1st function call argument is a pointer to uninitialized value}}
81 // expected-note@-1 {{1st function call argument is a pointer to uninitialized value}}
82 }
83
f_6(void)84 void f_6(void) {
85 int ta[5] = {1,2,3,4,5};
86 int* tp = ta;
87 doStuff_pointerToConstInt(tp); // no-warning
88 }
89
f_6_1(void)90 void f_6_1(void) {
91 int ta[5] = {1,2,3,4,5};
92 doStuff_pointerToConstInt(ta); // no-warning
93 }
94
f_7(void)95 void f_7(void) {
96 int z; // expected-note {{'z' declared without an initial value}}
97 int y=z; // expected-warning {{Assigned value is garbage or undefined}}
98 // expected-note@-1 {{Assigned value is garbage or undefined}}
99 doStuff3(y);
100 }
101
f_8(void)102 void f_8(void) {
103 int g; // expected-note {{'g' declared without an initial value}}
104 doStuff2(g); // expected-warning {{1st function call argument is an uninitialized value}}
105 // expected-note@-1 {{1st function call argument is an uninitialized value}}
106 }
107
f_9(void)108 void f_9(void) {
109 int a[6]; // expected-note {{'a' initialized here}}
110 int const *ptau = a; // expected-note {{'ptau' initialized here}}
111 doStuff_arrayOfConstInt(ptau); // expected-warning {{1st function call argument is a pointer to uninitialized value}}
112 // expected-note@-1 {{1st function call argument is a pointer to uninitialized value}}
113 }
114
f_10(void)115 void f_10(void) {
116 int a[6]; // expected-note {{'a' initialized here}}
117 doStuff_arrayOfConstInt(a); // expected-warning {{1st function call argument is a pointer to uninitialized value}}
118 // expected-note@-1 {{1st function call argument is a pointer to uninitialized value}}
119 }
120
f_11(void)121 void f_11(void) {
122 int t[10]; //expected-note {{'t' initialized here}}
123 doStuff_constStaticSizedArray(t); // expected-warning {{1st function call argument is a pointer to uninitialized value}}
124 // expected-note@-1 {{1st function call argument is a pointer to uninitialized value}}
125 }
126
f_12(void)127 void f_12(void) {
128 int t[10] = {0,1,2,3,4,5,6,7,8,9};
129 doStuff_constStaticSizedArray(t); // no-warning
130
131 }
132
133 // https://bugs.llvm.org/show_bug.cgi?id=35419
f11_0(void)134 void f11_0(void) {
135 int x; // expected-note {{'x' declared without an initial value}}
136 x++; // expected-warning {{The expression is an uninitialized value. The computed value will also be garbage}}
137 // expected-note@-1 {{The expression is an uninitialized value. The computed value will also be garbage}}
138 clang_analyzer_warnIfReached(); // no-warning
139 }
f11_1(void)140 void f11_1(void) {
141 int x; // expected-note {{'x' declared without an initial value}}
142 ++x; // expected-warning {{The expression is an uninitialized value. The computed value will also be garbage}}
143 // expected-note@-1 {{The expression is an uninitialized value. The computed value will also be garbage}}
144 clang_analyzer_warnIfReached(); // no-warning
145 }
f11_2(void)146 void f11_2(void) {
147 int x; // expected-note {{'x' declared without an initial value}}
148 x--; // expected-warning {{The expression is an uninitialized value. The computed value will also be garbage}}
149 // expected-note@-1 {{The expression is an uninitialized value. The computed value will also be garbage}}
150 clang_analyzer_warnIfReached(); // no-warning
151 }
f11_3(void)152 void f11_3(void) {
153 int x; // expected-note {{'x' declared without an initial value}}
154 --x; // expected-warning {{The expression is an uninitialized value. The computed value will also be garbage}}
155 // expected-note@-1 {{The expression is an uninitialized value. The computed value will also be garbage}}
156 clang_analyzer_warnIfReached(); // no-warning
157 }
158
f_malloc_1(void)159 int f_malloc_1(void) {
160 int *ptr;
161
162 ptr = (int *)malloc(sizeof(int)); // expected-note {{Value assigned to 'ptr'}}
163
164 doStuff_pointerToConstInt(ptr); // expected-warning {{1st function call argument is a pointer to uninitialized value}}
165 // expected-note@-1 {{1st function call argument is a pointer to uninitialized value}}
166 free(ptr);
167 return 0;
168 }
169
f_malloc_2(void)170 int f_malloc_2(void) {
171 int *ptr;
172
173 ptr = (int *)malloc(sizeof(int));
174 *ptr = 25;
175
176 doStuff_pointerToConstInt(ptr); // no warning
177 free(ptr);
178 return 0;
179 }
180
181 // uninit pointer, uninit val
f_variadic_unp_unv(void)182 void f_variadic_unp_unv(void) {
183 int t; // expected-note {{'t' declared without an initial value}}
184 int v;
185 int* tp = &t; // expected-note {{'tp' initialized here}}
186 doStuff_variadic(tp,v); // expected-warning {{1st function call argument is a pointer to uninitialized value}}
187 // expected-note@-1 {{1st function call argument is a pointer to uninitialized value}}
188 }
189 // uninit pointer, init val
f_variadic_unp_inv(void)190 void f_variadic_unp_inv(void) {
191 int t; // expected-note {{'t' declared without an initial value}}
192 int v = 3;
193 int* tp = &t; // expected-note {{'tp' initialized here}}
194 doStuff_variadic(tp,v); // expected-warning {{1st function call argument is a pointer to uninitialized value}}
195 // expected-note@-1 {{1st function call argument is a pointer to uninitialized value}}
196 }
197
198 // init pointer, uninit val
f_variadic_inp_unv(void)199 void f_variadic_inp_unv(void) {
200 int t=5;
201 int v; // expected-note {{'v' declared without an initial value}}
202 int* tp = &t;
203 doStuff_variadic(tp,v);// expected-warning {{2nd function call argument is an uninitialized value}}
204 // expected-note@-1 {{2nd function call argument is an uninitialized value}}
205 }
206
207 // init pointer, init val
f_variadic_inp_inv(void)208 void f_variadic_inp_inv(void) {
209 int t=5;
210 int v = 3;
211 int* tp = &t;
212 doStuff_variadic(tp,v); // no-warning
213 }
214
215 // init pointer, init pointer
f_variadic_inp_inp(void)216 void f_variadic_inp_inp(void) {
217 int t=5;
218 int u=3;
219 int *vp = &u ;
220 int *tp = &t;
221 doStuff_variadic(tp,vp); // no-warning
222 }
223
224 //uninit pointer, init pointer
f_variadic_unp_inp(void)225 void f_variadic_unp_inp(void) {
226 int t; // expected-note {{'t' declared without an initial value}}
227 int u=3;
228 int *vp = &u ;
229 int *tp = &t; // expected-note {{'tp' initialized here}}
230 doStuff_variadic(tp,vp); // expected-warning {{1st function call argument is a pointer to uninitialized value}}
231 // expected-note@-1 {{1st function call argument is a pointer to uninitialized value}}
232 }
233
234 //init pointer, uninit pointer
f_variadic_inp_unp(void)235 void f_variadic_inp_unp(void) {
236 int t=5;
237 int u;
238 int *vp = &u ;
239 int *tp = &t;
240 doStuff_variadic(tp,vp); // no-warning
241 }
242
243 //uninit pointer, uninit pointer
f_variadic_unp_unp(void)244 void f_variadic_unp_unp(void) {
245 int t; // expected-note {{'t' declared without an initial value}}
246 int u;
247 int *vp = &u ;
248 int *tp = &t; // expected-note {{'tp' initialized here}}
249 doStuff_variadic(tp,vp); // expected-warning {{1st function call argument is a pointer to uninitialized value}}
250 // expected-note@-1 {{1st function call argument is a pointer to uninitialized value}}
251 }
252