1// RUN: %clang_cc1 -triple x86_64-apple-darwin10 -analyze -analyzer-checker=core -analyzer-store=region -fblocks -analyzer-opt-analyze-nested-blocks -verify %s 2// RUN: %clang_cc1 -triple x86_64-apple-darwin10 -analyze -analyzer-checker=core -analyzer-store=region -fblocks -analyzer-opt-analyze-nested-blocks -verify -x objective-c++ %s 3 4//===----------------------------------------------------------------------===// 5// The following code is reduced using delta-debugging from Mac OS X headers: 6//===----------------------------------------------------------------------===// 7 8typedef __builtin_va_list va_list; 9typedef unsigned int uint32_t; 10typedef struct dispatch_queue_s *dispatch_queue_t; 11typedef struct dispatch_queue_attr_s *dispatch_queue_attr_t; 12typedef void (^dispatch_block_t)(void); 13void dispatch_async(dispatch_queue_t queue, dispatch_block_t block); 14__attribute__((visibility("default"))) __attribute__((__malloc__)) __attribute__((__warn_unused_result__)) __attribute__((__nothrow__)) dispatch_queue_t dispatch_queue_create(const char *label, dispatch_queue_attr_t attr); 15typedef long dispatch_once_t; 16void dispatch_once(dispatch_once_t *predicate, dispatch_block_t block); 17dispatch_queue_t 18dispatch_queue_create(const char *label, dispatch_queue_attr_t attr); 19 20 21typedef signed char BOOL; 22typedef unsigned long NSUInteger; 23typedef struct _NSZone NSZone; 24@class NSInvocation, NSMethodSignature, NSCoder, NSString, NSEnumerator; 25@protocol NSObject 26- (BOOL)isEqual:(id)object; 27- (oneway void)release; 28@end 29@protocol NSCopying - (id)copyWithZone:(NSZone *)zone; @end 30@protocol NSMutableCopying - (id)mutableCopyWithZone:(NSZone *)zone; @end 31@protocol NSCoding - (void)encodeWithCoder:(NSCoder *)aCoder; @end 32@interface NSObject <NSObject> {} 33+ (id)alloc; 34- (id)init; 35- (id)copy; 36@end 37extern id NSAllocateObject(Class aClass, NSUInteger extraBytes, NSZone *zone); 38@interface NSString : NSObject <NSCopying, NSMutableCopying, NSCoding> 39- (NSUInteger)length; 40- (const char *)UTF8String; 41- (id)initWithFormat:(NSString *)format arguments:(va_list)argList __attribute__((format(__NSString__, 1, 0))); 42@end 43@class NSString, NSData; 44typedef struct cssm_sample {} CSSM_SAMPLEGROUP, *CSSM_SAMPLEGROUP_PTR; 45typedef struct __aslclient *aslclient; 46typedef struct __aslmsg *aslmsg; 47aslclient asl_open(const char *ident, const char *facility, uint32_t opts); 48int asl_log(aslclient asl, aslmsg msg, int level, const char *format, ...) __attribute__((__format__ (__printf__, 4, 5))); 49 50//===----------------------------------------------------------------------===// 51// Begin actual test cases. 52//===----------------------------------------------------------------------===// 53 54// test1 - This test case exposed logic that caused the analyzer to crash because of a memory bug 55// in BlockDataRegion. It represents real code that contains two block literals. Eventually 56// via IPA 'logQueue' and 'client' should be updated after the call to 'dispatch_once'. 57void test1(NSString *format, ...) { 58 static dispatch_queue_t logQueue; 59 static aslclient client; 60 static dispatch_once_t pred; 61 do { 62 if (__builtin_expect(*(&pred), ~0l) != ~0l) 63 dispatch_once(&pred, ^{ 64 logQueue = dispatch_queue_create("com.mycompany.myproduct.asl", 0); 65 client = asl_open(((char*)0), "com.mycompany.myproduct", 0); 66 }); 67 } while (0); 68 69 va_list args; 70 __builtin_va_start(args, format); 71 72 NSString *str = [[NSString alloc] initWithFormat:format arguments:args]; 73 dispatch_async(logQueue, ^{ asl_log(client, ((aslmsg)0), 4, "%s", [str UTF8String]); }); 74 [str release]; 75 76 __builtin_va_end(args); 77} 78 79// test2 - Test that captured variables that are uninitialized are flagged 80// as such. 81void test2() { 82 static int y = 0; 83 int x; 84 ^{ y = x + 1; }(); // expected-warning{{Variable 'x' is uninitialized when captured by block}} 85} 86 87void test2_b() { 88 static int y = 0; 89 __block int x; 90 ^{ y = x + 1; }(); // expected-warning {{left operand of '+' is a garbage value}} 91} 92 93void test2_c() { 94 typedef void (^myblock)(void); 95 myblock f = ^() { f(); }; // expected-warning{{Variable 'f' is uninitialized when captured by block}} 96} 97 98 99void testMessaging() { 100 // <rdar://problem/12119814> 101 [[^(){} copy] release]; 102} 103 104 105@interface rdar12415065 : NSObject 106@end 107 108@implementation rdar12415065 109- (void)test { 110 // At one point this crashed because we created a path note at a 111 // PreStmtPurgeDeadSymbols point but only knew how to deal with PostStmt 112 // points. <rdar://problem/12687586> 113 114 extern dispatch_queue_t queue; 115 116 if (!queue) 117 return; 118 119 // This previously was a false positive with 'x' being flagged as being 120 // uninitialized when captured by the exterior block (when it is only 121 // captured by the interior block). 122 dispatch_async(queue, ^{ 123 double x = 0.0; 124 if (24.0f < x) { 125 dispatch_async(queue, ^{ (void)x; }); 126 [self test]; 127 } 128 }); 129} 130@end 131 132void testReturnVariousSignatures() { 133 (void)^int(){ 134 return 42; 135 }(); 136 137 (void)^int{ 138 return 42; 139 }(); 140 141 (void)^(){ 142 return 42; 143 }(); 144 145 (void)^{ 146 return 42; 147 }(); 148} 149 150// This test used to cause infinite loop in the region invalidation. 151void blockCapturesItselfInTheLoop(int x, int m) { 152 void (^assignData)(int) = ^(int x){ 153 x++; 154 }; 155 while (m < 0) { 156 void (^loop)(int); 157 loop = ^(int x) { 158 assignData(x); 159 }; 160 assignData = loop; 161 m++; 162 } 163 assignData(x); 164} 165