1*67e74705SXin Li// RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.Malloc,debug.ExprInspection -verify %s 2*67e74705SXin Li 3*67e74705SXin Litypedef unsigned int NSUInteger; 4*67e74705SXin Litypedef __typeof__(sizeof(int)) size_t; 5*67e74705SXin Li 6*67e74705SXin Livoid *malloc(size_t); 7*67e74705SXin Livoid *calloc(size_t nmemb, size_t size); 8*67e74705SXin Livoid free(void *); 9*67e74705SXin Li 10*67e74705SXin Livoid clang_analyzer_eval(int); 11*67e74705SXin Li 12*67e74705SXin Li@interface A 13*67e74705SXin Li- (NSUInteger)foo; 14*67e74705SXin Li@end 15*67e74705SXin Li 16*67e74705SXin LiNSUInteger f8(A* x){ 17*67e74705SXin Li const NSUInteger n = [x foo]; 18*67e74705SXin Li int* bogus; 19*67e74705SXin Li 20*67e74705SXin Li if (n > 0) { // tests const cast transfer function logic 21*67e74705SXin Li NSUInteger i; 22*67e74705SXin Li 23*67e74705SXin Li for (i = 0; i < n; ++i) 24*67e74705SXin Li bogus = 0; 25*67e74705SXin Li 26*67e74705SXin Li if (bogus) // no-warning 27*67e74705SXin Li return n+1; 28*67e74705SXin Li } 29*67e74705SXin Li 30*67e74705SXin Li return n; 31*67e74705SXin Li} 32*67e74705SXin Li 33*67e74705SXin Li 34*67e74705SXin Li// PR10163 -- don't warn for default-initialized float arrays. 35*67e74705SXin Li// (An additional test is in uninit-vals-ps-region.m) 36*67e74705SXin Livoid test_PR10163(float); 37*67e74705SXin Livoid PR10163 (void) { 38*67e74705SXin Li float x[2] = {0}; 39*67e74705SXin Li test_PR10163(x[1]); // no-warning 40*67e74705SXin Li} 41*67e74705SXin Li 42*67e74705SXin Li 43*67e74705SXin Litypedef struct { 44*67e74705SXin Li float x; 45*67e74705SXin Li float y; 46*67e74705SXin Li float z; 47*67e74705SXin Li} Point; 48*67e74705SXin Litypedef struct { 49*67e74705SXin Li Point origin; 50*67e74705SXin Li int size; 51*67e74705SXin Li} Circle; 52*67e74705SXin Li 53*67e74705SXin LiPoint makePoint(float x, float y) { 54*67e74705SXin Li Point result; 55*67e74705SXin Li result.x = x; 56*67e74705SXin Li result.y = y; 57*67e74705SXin Li result.z = 0.0; 58*67e74705SXin Li return result; 59*67e74705SXin Li} 60*67e74705SXin Li 61*67e74705SXin Livoid PR14765_test() { 62*67e74705SXin Li Circle *testObj = calloc(sizeof(Circle), 1); 63*67e74705SXin Li 64*67e74705SXin Li clang_analyzer_eval(testObj->size == 0); // expected-warning{{TRUE}} 65*67e74705SXin Li 66*67e74705SXin Li testObj->origin = makePoint(0.0, 0.0); 67*67e74705SXin Li if (testObj->size > 0) { ; } // warning occurs here 68*67e74705SXin Li 69*67e74705SXin Li // FIXME: Assigning to 'testObj->origin' kills the default binding for the 70*67e74705SXin Li // whole region, meaning that we've forgotten that testObj->size should also 71*67e74705SXin Li // default to 0. Tracked by <rdar://problem/12701038>. 72*67e74705SXin Li // This should be TRUE. 73*67e74705SXin Li clang_analyzer_eval(testObj->size == 0); // expected-warning{{UNKNOWN}} 74*67e74705SXin Li 75*67e74705SXin Li free(testObj); 76*67e74705SXin Li} 77*67e74705SXin Li 78*67e74705SXin Livoid PR14765_argument(Circle *testObj) { 79*67e74705SXin Li int oldSize = testObj->size; 80*67e74705SXin Li clang_analyzer_eval(testObj->size == oldSize); // expected-warning{{TRUE}} 81*67e74705SXin Li 82*67e74705SXin Li testObj->origin = makePoint(0.0, 0.0); 83*67e74705SXin Li clang_analyzer_eval(testObj->size == oldSize); // expected-warning{{TRUE}} 84*67e74705SXin Li} 85*67e74705SXin Li 86*67e74705SXin Li 87*67e74705SXin Litypedef struct { 88*67e74705SXin Li int x; 89*67e74705SXin Li int y; 90*67e74705SXin Li int z; 91*67e74705SXin Li} IntPoint; 92*67e74705SXin Litypedef struct { 93*67e74705SXin Li IntPoint origin; 94*67e74705SXin Li int size; 95*67e74705SXin Li} IntCircle; 96*67e74705SXin Li 97*67e74705SXin LiIntPoint makeIntPoint(int x, int y) { 98*67e74705SXin Li IntPoint result; 99*67e74705SXin Li result.x = x; 100*67e74705SXin Li result.y = y; 101*67e74705SXin Li result.z = 0; 102*67e74705SXin Li return result; 103*67e74705SXin Li} 104*67e74705SXin Li 105*67e74705SXin Livoid PR14765_test_int() { 106*67e74705SXin Li IntCircle *testObj = calloc(sizeof(IntCircle), 1); 107*67e74705SXin Li 108*67e74705SXin Li clang_analyzer_eval(testObj->size == 0); // expected-warning{{TRUE}} 109*67e74705SXin Li clang_analyzer_eval(testObj->origin.x == 0); // expected-warning{{TRUE}} 110*67e74705SXin Li clang_analyzer_eval(testObj->origin.y == 0); // expected-warning{{TRUE}} 111*67e74705SXin Li clang_analyzer_eval(testObj->origin.z == 0); // expected-warning{{TRUE}} 112*67e74705SXin Li 113*67e74705SXin Li testObj->origin = makeIntPoint(1, 2); 114*67e74705SXin Li if (testObj->size > 0) { ; } // warning occurs here 115*67e74705SXin Li 116*67e74705SXin Li // FIXME: Assigning to 'testObj->origin' kills the default binding for the 117*67e74705SXin Li // whole region, meaning that we've forgotten that testObj->size should also 118*67e74705SXin Li // default to 0. Tracked by <rdar://problem/12701038>. 119*67e74705SXin Li // This should be TRUE. 120*67e74705SXin Li clang_analyzer_eval(testObj->size == 0); // expected-warning{{UNKNOWN}} 121*67e74705SXin Li clang_analyzer_eval(testObj->origin.x == 1); // expected-warning{{TRUE}} 122*67e74705SXin Li clang_analyzer_eval(testObj->origin.y == 2); // expected-warning{{TRUE}} 123*67e74705SXin Li clang_analyzer_eval(testObj->origin.z == 0); // expected-warning{{TRUE}} 124*67e74705SXin Li 125*67e74705SXin Li free(testObj); 126*67e74705SXin Li} 127*67e74705SXin Li 128*67e74705SXin Livoid PR14765_argument_int(IntCircle *testObj) { 129*67e74705SXin Li int oldSize = testObj->size; 130*67e74705SXin Li clang_analyzer_eval(testObj->size == oldSize); // expected-warning{{TRUE}} 131*67e74705SXin Li 132*67e74705SXin Li testObj->origin = makeIntPoint(1, 2); 133*67e74705SXin Li clang_analyzer_eval(testObj->size == oldSize); // expected-warning{{TRUE}} 134*67e74705SXin Li clang_analyzer_eval(testObj->origin.x == 1); // expected-warning{{TRUE}} 135*67e74705SXin Li clang_analyzer_eval(testObj->origin.y == 2); // expected-warning{{TRUE}} 136*67e74705SXin Li clang_analyzer_eval(testObj->origin.z == 0); // expected-warning{{TRUE}} 137*67e74705SXin Li} 138*67e74705SXin Li 139*67e74705SXin Li 140*67e74705SXin Livoid rdar13292559(Circle input) { 141*67e74705SXin Li extern void useCircle(Circle); 142*67e74705SXin Li 143*67e74705SXin Li Circle obj = input; 144*67e74705SXin Li useCircle(obj); // no-warning 145*67e74705SXin Li 146*67e74705SXin Li // This generated an "uninitialized 'size' field" warning for a (short) while. 147*67e74705SXin Li obj.origin = makePoint(0.0, 0.0); 148*67e74705SXin Li useCircle(obj); // no-warning 149*67e74705SXin Li} 150*67e74705SXin Li 151*67e74705SXin Li 152*67e74705SXin Litypedef struct { 153*67e74705SXin Li int x; 154*67e74705SXin Li int y; 155*67e74705SXin Li} IntPoint2D; 156*67e74705SXin Litypedef struct { 157*67e74705SXin Li IntPoint2D origin; 158*67e74705SXin Li int size; 159*67e74705SXin Li} IntCircle2D; 160*67e74705SXin Li 161*67e74705SXin LiIntPoint2D makeIntPoint2D(int x, int y) { 162*67e74705SXin Li IntPoint2D result; 163*67e74705SXin Li result.x = x; 164*67e74705SXin Li result.y = y; 165*67e74705SXin Li return result; 166*67e74705SXin Li} 167*67e74705SXin Li 168*67e74705SXin Livoid testSmallStructsCopiedPerField() { 169*67e74705SXin Li IntPoint2D a; 170*67e74705SXin Li a.x = 0; 171*67e74705SXin Li 172*67e74705SXin Li IntPoint2D b = a; 173*67e74705SXin Li extern void useInt(int); 174*67e74705SXin Li useInt(b.x); // no-warning 175*67e74705SXin Li useInt(b.y); // expected-warning{{uninitialized}} 176*67e74705SXin Li} 177*67e74705SXin Li 178*67e74705SXin Livoid testLargeStructsNotCopiedPerField() { 179*67e74705SXin Li IntPoint a; 180*67e74705SXin Li a.x = 0; 181*67e74705SXin Li 182*67e74705SXin Li IntPoint b = a; 183*67e74705SXin Li extern void useInt(int); 184*67e74705SXin Li useInt(b.x); // no-warning 185*67e74705SXin Li useInt(b.y); // no-warning 186*67e74705SXin Li} 187*67e74705SXin Li 188*67e74705SXin Livoid testSmallStructInLargerStruct() { 189*67e74705SXin Li IntCircle2D *testObj = calloc(sizeof(IntCircle2D), 1); 190*67e74705SXin Li 191*67e74705SXin Li clang_analyzer_eval(testObj->size == 0); // expected-warning{{TRUE}} 192*67e74705SXin Li clang_analyzer_eval(testObj->origin.x == 0); // expected-warning{{TRUE}} 193*67e74705SXin Li clang_analyzer_eval(testObj->origin.y == 0); // expected-warning{{TRUE}} 194*67e74705SXin Li 195*67e74705SXin Li testObj->origin = makeIntPoint2D(1, 2); 196*67e74705SXin Li if (testObj->size > 0) { ; } // warning occurs here 197*67e74705SXin Li 198*67e74705SXin Li clang_analyzer_eval(testObj->size == 0); // expected-warning{{TRUE}} 199*67e74705SXin Li clang_analyzer_eval(testObj->origin.x == 1); // expected-warning{{TRUE}} 200*67e74705SXin Li clang_analyzer_eval(testObj->origin.y == 2); // expected-warning{{TRUE}} 201*67e74705SXin Li 202*67e74705SXin Li free(testObj); 203*67e74705SXin Li} 204*67e74705SXin Li 205*67e74705SXin Livoid testCopySmallStructIntoArgument(IntCircle2D *testObj) { 206*67e74705SXin Li int oldSize = testObj->size; 207*67e74705SXin Li clang_analyzer_eval(testObj->size == oldSize); // expected-warning{{TRUE}} 208*67e74705SXin Li 209*67e74705SXin Li testObj->origin = makeIntPoint2D(1, 2); 210*67e74705SXin Li clang_analyzer_eval(testObj->size == oldSize); // expected-warning{{TRUE}} 211*67e74705SXin Li clang_analyzer_eval(testObj->origin.x == 1); // expected-warning{{TRUE}} 212*67e74705SXin Li clang_analyzer_eval(testObj->origin.y == 2); // expected-warning{{TRUE}} 213*67e74705SXin Li} 214*67e74705SXin Li 215*67e74705SXin Livoid testSmallStructBitfields() { 216*67e74705SXin Li struct { 217*67e74705SXin Li int x : 4; 218*67e74705SXin Li int y : 4; 219*67e74705SXin Li } a, b; 220*67e74705SXin Li 221*67e74705SXin Li a.x = 1; 222*67e74705SXin Li a.y = 2; 223*67e74705SXin Li 224*67e74705SXin Li b = a; 225*67e74705SXin Li clang_analyzer_eval(b.x == 1); // expected-warning{{TRUE}} 226*67e74705SXin Li clang_analyzer_eval(b.y == 2); // expected-warning{{TRUE}} 227*67e74705SXin Li} 228*67e74705SXin Li 229*67e74705SXin Livoid testSmallStructBitfieldsFirstUndef() { 230*67e74705SXin Li struct { 231*67e74705SXin Li int x : 4; 232*67e74705SXin Li int y : 4; 233*67e74705SXin Li } a, b; 234*67e74705SXin Li 235*67e74705SXin Li a.y = 2; 236*67e74705SXin Li 237*67e74705SXin Li b = a; 238*67e74705SXin Li clang_analyzer_eval(b.y == 2); // expected-warning{{TRUE}} 239*67e74705SXin Li clang_analyzer_eval(b.x == 1); // expected-warning{{garbage}} 240*67e74705SXin Li} 241*67e74705SXin Li 242*67e74705SXin Livoid testSmallStructBitfieldsSecondUndef() { 243*67e74705SXin Li struct { 244*67e74705SXin Li int x : 4; 245*67e74705SXin Li int y : 4; 246*67e74705SXin Li } a, b; 247*67e74705SXin Li 248*67e74705SXin Li a.x = 1; 249*67e74705SXin Li 250*67e74705SXin Li b = a; 251*67e74705SXin Li clang_analyzer_eval(b.x == 1); // expected-warning{{TRUE}} 252*67e74705SXin Li clang_analyzer_eval(b.y == 2); // expected-warning{{garbage}} 253*67e74705SXin Li} 254*67e74705SXin Li 255*67e74705SXin Livoid testSmallStructBitfieldsFirstUnnamed() { 256*67e74705SXin Li struct { 257*67e74705SXin Li int : 4; 258*67e74705SXin Li int y : 4; 259*67e74705SXin Li } a, b, c; 260*67e74705SXin Li 261*67e74705SXin Li a.y = 2; 262*67e74705SXin Li 263*67e74705SXin Li b = a; 264*67e74705SXin Li clang_analyzer_eval(b.y == 2); // expected-warning{{TRUE}} 265*67e74705SXin Li 266*67e74705SXin Li b = c; 267*67e74705SXin Li clang_analyzer_eval(b.y == 2); // expected-warning{{garbage}} 268*67e74705SXin Li} 269*67e74705SXin Li 270*67e74705SXin Livoid testSmallStructBitfieldsSecondUnnamed() { 271*67e74705SXin Li struct { 272*67e74705SXin Li int x : 4; 273*67e74705SXin Li int : 4; 274*67e74705SXin Li } a, b, c; 275*67e74705SXin Li 276*67e74705SXin Li a.x = 1; 277*67e74705SXin Li 278*67e74705SXin Li b = a; 279*67e74705SXin Li clang_analyzer_eval(b.x == 1); // expected-warning{{TRUE}} 280*67e74705SXin Li 281*67e74705SXin Li b = c; 282*67e74705SXin Li clang_analyzer_eval(b.x == 1); // expected-warning{{garbage}} 283*67e74705SXin Li} 284*67e74705SXin Li 285