1*67e74705SXin Li // RUN: %clang_cc1 -triple x86_64-apple-darwin10 -analyze -disable-free -analyzer-eagerly-assume -analyzer-checker=core,deadcode,debug.ExprInspection -verify %s
2*67e74705SXin Li
3*67e74705SXin Li void clang_analyzer_eval(int);
4*67e74705SXin Li
5*67e74705SXin Li int size_rdar9373039 = 1;
6*67e74705SXin Li int foo_rdar9373039(const char *);
7*67e74705SXin Li
rdar93730392()8*67e74705SXin Li int rdar93730392() {
9*67e74705SXin Li int x;
10*67e74705SXin Li int j = 0;
11*67e74705SXin Li
12*67e74705SXin Li for (int i = 0 ; i < size_rdar9373039 ; ++i)
13*67e74705SXin Li x = 1;
14*67e74705SXin Li
15*67e74705SXin Li int extra = (2 + foo_rdar9373039 ("Clang") + ((4 - ((unsigned int) (2 + foo_rdar9373039 ("Clang")) % 4)) % 4)) + (2 + foo_rdar9373039 ("1.0") + ((4 - ((unsigned int) (2 + foo_rdar9373039 ("1.0")) % 4)) % 4)); // expected-warning {{never read}}
16*67e74705SXin Li
17*67e74705SXin Li for (int i = 0 ; i < size_rdar9373039 ; ++i)
18*67e74705SXin Li j += x; // expected-warning {{garbage}}
19*67e74705SXin Li
20*67e74705SXin Li return j;
21*67e74705SXin Li }
22*67e74705SXin Li
23*67e74705SXin Li
PR8962(int * t)24*67e74705SXin Li int PR8962 (int *t) {
25*67e74705SXin Li // This should look through the __extension__ no-op.
26*67e74705SXin Li if (__extension__ (t)) return 0;
27*67e74705SXin Li return *t; // expected-warning {{null pointer}}
28*67e74705SXin Li }
29*67e74705SXin Li
PR8962_b(int * t)30*67e74705SXin Li int PR8962_b (int *t) {
31*67e74705SXin Li // This should still ignore the nested casts
32*67e74705SXin Li // which aren't handled by a single IgnoreParens()
33*67e74705SXin Li if (((int)((int)t))) return 0;
34*67e74705SXin Li return *t; // expected-warning {{null pointer}}
35*67e74705SXin Li }
36*67e74705SXin Li
PR8962_c(int * t)37*67e74705SXin Li int PR8962_c (int *t) {
38*67e74705SXin Li // If the last element in a StmtExpr was a ParenExpr, it's still live
39*67e74705SXin Li if (({ (t ? (_Bool)0 : (_Bool)1); })) return 0;
40*67e74705SXin Li return *t; // no-warning
41*67e74705SXin Li }
42*67e74705SXin Li
PR8962_d(int * t)43*67e74705SXin Li int PR8962_d (int *t) {
44*67e74705SXin Li // If the last element in a StmtExpr is an __extension__, it's still live
45*67e74705SXin Li if (({ __extension__(t ? (_Bool)0 : (_Bool)1); })) return 0;
46*67e74705SXin Li return *t; // no-warning
47*67e74705SXin Li }
48*67e74705SXin Li
PR8962_e(int * t)49*67e74705SXin Li int PR8962_e (int *t) {
50*67e74705SXin Li // Redundant casts can mess things up!
51*67e74705SXin Li // Environment used to skip through NoOp casts, but LiveVariables didn't!
52*67e74705SXin Li if (({ (t ? (int)(int)0L : (int)(int)1L); })) return 0;
53*67e74705SXin Li return *t; // no-warning
54*67e74705SXin Li }
55*67e74705SXin Li
PR8962_f(int * t)56*67e74705SXin Li int PR8962_f (int *t) {
57*67e74705SXin Li // The StmtExpr isn't a block-level expression here,
58*67e74705SXin Li // the __extension__ is. But the value should be attached to the StmtExpr
59*67e74705SXin Li // anyway. Make sure the block-level check is /before/ IgnoreParens.
60*67e74705SXin Li if ( __extension__({
61*67e74705SXin Li _Bool r;
62*67e74705SXin Li if (t) r = 0;
63*67e74705SXin Li else r = 1;
64*67e74705SXin Li r;
65*67e74705SXin Li }) ) return 0;
66*67e74705SXin Li return *t; // no-warning
67*67e74705SXin Li }
68*67e74705SXin Li
69*67e74705SXin Li // This previously crashed logic in the analyzer engine when evaluating locations.
70*67e74705SXin Li void rdar10308201_aux(unsigned val);
rdar10308201(int valA,void * valB,unsigned valC)71*67e74705SXin Li void rdar10308201 (int valA, void *valB, unsigned valC) {
72*67e74705SXin Li unsigned actual_base, lines;
73*67e74705SXin Li if (valC == 0) {
74*67e74705SXin Li actual_base = (unsigned)valB;
75*67e74705SXin Li for (;;) {
76*67e74705SXin Li if (valA & (1<<0))
77*67e74705SXin Li rdar10308201_aux(actual_base);
78*67e74705SXin Li }
79*67e74705SXin Li }
80*67e74705SXin Li }
81*67e74705SXin Li
82*67e74705SXin Li typedef struct Struct103 {
83*67e74705SXin Li unsigned i;
84*67e74705SXin Li } Struct103;
85*67e74705SXin Li typedef unsigned int size_t;
86*67e74705SXin Li void __my_memset_chk(char*, int, size_t);
radar10367606(int t)87*67e74705SXin Li static int radar10367606(int t) {
88*67e74705SXin Li Struct103 overall;
89*67e74705SXin Li ((__builtin_object_size ((char *) &overall, 0) != (size_t) -1) ? __builtin___memset_chk ((char *) &overall, 0, sizeof(Struct103), __builtin_object_size ((char *) &overall, 0)) : __my_memset_chk ((char *) &overall, 0, sizeof(Struct103)));
90*67e74705SXin Li return 0;
91*67e74705SXin Li }
92*67e74705SXin Li
93*67e74705SXin Li /* Caching out on a sink node. */
94*67e74705SXin Li extern int fooR10376675();
95*67e74705SXin Li extern int* bazR10376675();
96*67e74705SXin Li extern int nR10376675;
barR10376675(int * x)97*67e74705SXin Li void barR10376675(int *x) {
98*67e74705SXin Li int *pm;
99*67e74705SXin Li if (nR10376675 * 2) {
100*67e74705SXin Li int *pk = bazR10376675();
101*67e74705SXin Li pm = pk; //expected-warning {{never read}}
102*67e74705SXin Li }
103*67e74705SXin Li do {
104*67e74705SXin Li *x = fooR10376675();
105*67e74705SXin Li } while (0);
106*67e74705SXin Li }
107*67e74705SXin Li
108*67e74705SXin Li // Test accesses to wide character strings doesn't break the analyzer.
109*67e74705SXin Li typedef int wchar_t;
110*67e74705SXin Li struct rdar10385775 {
111*67e74705SXin Li wchar_t *name;
112*67e74705SXin Li };
RDar10385775(struct rdar10385775 * p)113*67e74705SXin Li void RDar10385775(struct rdar10385775* p) {
114*67e74705SXin Li p->name = L"a";
115*67e74705SXin Li }
116*67e74705SXin Li
117*67e74705SXin Li // Test double loop of array and array literals. Previously this
118*67e74705SXin Li // resulted in a false positive uninitailized value warning.
rdar10686586()119*67e74705SXin Li void rdar10686586() {
120*67e74705SXin Li int array1[] = { 1, 2, 3, 0 };
121*67e74705SXin Li int array2[] = { 1, 2, 3, 0 };
122*67e74705SXin Li int *array[] = { array1, array2 };
123*67e74705SXin Li int sum = 0;
124*67e74705SXin Li for (int i = 0; i < 2; i++) {
125*67e74705SXin Li for (int j = 0; j < 4; j++) {
126*67e74705SXin Li sum += array[i][j]; // no-warning
127*67e74705SXin Li }
128*67e74705SXin Li }
129*67e74705SXin Li }
130*67e74705SXin Li
131*67e74705SXin Li // This example tests CFG handling of '||' nested in a ternary expression,
132*67e74705SXin Li // and seeing that the analyzer doesn't crash.
isctype(char c,unsigned long f)133*67e74705SXin Li int isctype(char c, unsigned long f)
134*67e74705SXin Li {
135*67e74705SXin Li return (c < 1 || c > 10) ? 0 : !!(c & f);
136*67e74705SXin Li }
137*67e74705SXin Li
138*67e74705SXin Li // Test that symbolic array offsets are modeled conservatively.
139*67e74705SXin Li // This was triggering a false "use of uninitialized value" warning.
140*67e74705SXin Li void rdar_12075238__aux(unsigned long y);
rdar_12075238_(unsigned long count)141*67e74705SXin Li int rdar_12075238_(unsigned long count) {
142*67e74705SXin Li if ((count < 3) || (count > 6))
143*67e74705SXin Li return 0;
144*67e74705SXin Li
145*67e74705SXin Li unsigned long array[6];
146*67e74705SXin Li unsigned long i = 0;
147*67e74705SXin Li for (; i <= count - 2; i++)
148*67e74705SXin Li {
149*67e74705SXin Li array[i] = i;
150*67e74705SXin Li }
151*67e74705SXin Li array[count - 1] = i;
152*67e74705SXin Li rdar_12075238__aux(array[2]); // no-warning
153*67e74705SXin Li return 0;
154*67e74705SXin Li }
155*67e74705SXin Li
156*67e74705SXin Li // Test that we handle an uninitialized value within a logical expression.
PR14635(int * p)157*67e74705SXin Li void PR14635(int *p) {
158*67e74705SXin Li int a = 0, b;
159*67e74705SXin Li *p = a || b; // expected-warning {{Assigned value is garbage or undefined}}
160*67e74705SXin Li }
161*67e74705SXin Li
162*67e74705SXin Li // Test handling floating point values with unary '!'.
PR14634(int x)163*67e74705SXin Li int PR14634(int x) {
164*67e74705SXin Li double y = (double)x;
165*67e74705SXin Li return !y;
166*67e74705SXin Li }
167*67e74705SXin Li
168*67e74705SXin Li
169*67e74705SXin Li // PR15684: If a checker generates a sink node after generating a regular node
170*67e74705SXin Li // and no state changes between the two, graph trimming would consider the two
171*67e74705SXin Li // the same node, forming a loop.
172*67e74705SXin Li struct PR15684 {
173*67e74705SXin Li void (*callback)(int);
174*67e74705SXin Li };
sinkAfterRegularNode(struct PR15684 * context)175*67e74705SXin Li void sinkAfterRegularNode(struct PR15684 *context) {
176*67e74705SXin Li int uninitialized;
177*67e74705SXin Li context->callback(uninitialized); // expected-warning {{uninitialized}}
178*67e74705SXin Li }
179*67e74705SXin Li
180*67e74705SXin Li
181*67e74705SXin Li // PR16131: C permits variables to be declared extern void.
PR16131(int x)182*67e74705SXin Li static void PR16131(int x) {
183*67e74705SXin Li extern void v;
184*67e74705SXin Li
185*67e74705SXin Li int *ip = (int *)&v;
186*67e74705SXin Li char *cp = (char *)&v;
187*67e74705SXin Li clang_analyzer_eval(ip == cp); // expected-warning{{TRUE}}
188*67e74705SXin Li // expected-warning@-1 {{comparison of distinct pointer types}}
189*67e74705SXin Li
190*67e74705SXin Li *ip = 42;
191*67e74705SXin Li clang_analyzer_eval(*ip == 42); // expected-warning{{TRUE}}
192*67e74705SXin Li clang_analyzer_eval(*(int *)&v == 42); // expected-warning{{TRUE}}
193*67e74705SXin Li }
194