xref: /aosp_15_r20/external/clang/test/Analysis/uninit-vals-ps.c (revision 67e74705e28f6214e480b399dd47ea732279e315) 
1*67e74705SXin Li // RUN: %clang_cc1 -analyze -analyzer-checker=core -analyzer-store=region -fblocks -verify %s
2*67e74705SXin Li 
3*67e74705SXin Li struct FPRec {
4*67e74705SXin Li   void (*my_func)(int * x);
5*67e74705SXin Li };
6*67e74705SXin Li 
7*67e74705SXin Li int bar(int x);
8*67e74705SXin Li 
f1_a(struct FPRec * foo)9*67e74705SXin Li int f1_a(struct FPRec* foo) {
10*67e74705SXin Li   int x;
11*67e74705SXin Li   (*foo->my_func)(&x);
12*67e74705SXin Li   return bar(x)+1; // no-warning
13*67e74705SXin Li }
14*67e74705SXin Li 
f1_b()15*67e74705SXin Li int f1_b() {
16*67e74705SXin Li   int x;
17*67e74705SXin Li   return bar(x)+1;  // expected-warning{{Function call argument is an uninitialized value}}
18*67e74705SXin Li }
19*67e74705SXin Li 
f2()20*67e74705SXin Li int f2() {
21*67e74705SXin Li 
22*67e74705SXin Li   int x;
23*67e74705SXin Li 
24*67e74705SXin Li   if (x+1)  // expected-warning{{The left operand of '+' is a garbage value}}
25*67e74705SXin Li     return 1;
26*67e74705SXin Li 
27*67e74705SXin Li   return 2;
28*67e74705SXin Li }
29*67e74705SXin Li 
f2_b()30*67e74705SXin Li int f2_b() {
31*67e74705SXin Li   int x;
32*67e74705SXin Li 
33*67e74705SXin Li   return ((1+x)+2+((x))) + 1 ? 1 : 2; // expected-warning{{The right operand of '+' is a garbage value}}
34*67e74705SXin Li }
35*67e74705SXin Li 
f3(void)36*67e74705SXin Li int f3(void) {
37*67e74705SXin Li   int i;
38*67e74705SXin Li   int *p = &i;
39*67e74705SXin Li   if (*p > 0) // expected-warning{{The left operand of '>' is a garbage value}}
40*67e74705SXin Li     return 0;
41*67e74705SXin Li   else
42*67e74705SXin Li     return 1;
43*67e74705SXin Li }
44*67e74705SXin Li 
45*67e74705SXin Li void f4_aux(float* x);
f4(void)46*67e74705SXin Li float f4(void) {
47*67e74705SXin Li   float x;
48*67e74705SXin Li   f4_aux(&x);
49*67e74705SXin Li   return x;  // no-warning
50*67e74705SXin Li }
51*67e74705SXin Li 
52*67e74705SXin Li struct f5_struct { int x; };
53*67e74705SXin Li void f5_aux(struct f5_struct* s);
f5(void)54*67e74705SXin Li int f5(void) {
55*67e74705SXin Li   struct f5_struct s;
56*67e74705SXin Li   f5_aux(&s);
57*67e74705SXin Li   return s.x; // no-warning
58*67e74705SXin Li }
59*67e74705SXin Li 
ret_uninit()60*67e74705SXin Li int ret_uninit() {
61*67e74705SXin Li   int i;
62*67e74705SXin Li   int *p = &i;
63*67e74705SXin Li   return *p;  // expected-warning{{Undefined or garbage value returned to caller}}
64*67e74705SXin Li }
65*67e74705SXin Li 
66*67e74705SXin Li // <rdar://problem/6451816>
67*67e74705SXin Li typedef unsigned char Boolean;
68*67e74705SXin Li typedef const struct __CFNumber * CFNumberRef;
69*67e74705SXin Li typedef signed long CFIndex;
70*67e74705SXin Li typedef CFIndex CFNumberType;
71*67e74705SXin Li typedef unsigned long UInt32;
72*67e74705SXin Li typedef UInt32 CFStringEncoding;
73*67e74705SXin Li typedef const struct __CFString * CFStringRef;
74*67e74705SXin Li extern Boolean CFNumberGetValue(CFNumberRef number, CFNumberType theType, void *valuePtr);
75*67e74705SXin Li extern CFStringRef CFStringConvertEncodingToIANACharSetName(CFStringEncoding encoding);
76*67e74705SXin Li 
rdar_6451816(CFNumberRef nr)77*67e74705SXin Li CFStringRef rdar_6451816(CFNumberRef nr) {
78*67e74705SXin Li   CFStringEncoding encoding;
79*67e74705SXin Li   // &encoding is casted to void*.  This test case tests whether or not
80*67e74705SXin Li   // we properly invalidate the value of 'encoding'.
81*67e74705SXin Li   CFNumberGetValue(nr, 9, &encoding);
82*67e74705SXin Li   return CFStringConvertEncodingToIANACharSetName(encoding); // no-warning
83*67e74705SXin Li }
84*67e74705SXin Li 
85*67e74705SXin Li // PR 4630 - false warning with nonnull attribute
86*67e74705SXin Li //  This false positive (due to a regression) caused the analyzer to falsely
87*67e74705SXin Li //  flag a "return of uninitialized value" warning in the first branch due to
88*67e74705SXin Li //  the nonnull attribute.
89*67e74705SXin Li void pr_4630_aux(char *x, int *y) __attribute__ ((nonnull (1)));
90*67e74705SXin Li void pr_4630_aux_2(char *x, int *y);
pr_4630(char * a,int y)91*67e74705SXin Li int pr_4630(char *a, int y) {
92*67e74705SXin Li   int x;
93*67e74705SXin Li   if (y) {
94*67e74705SXin Li     pr_4630_aux(a, &x);
95*67e74705SXin Li     return x;   // no-warning
96*67e74705SXin Li   }
97*67e74705SXin Li   else {
98*67e74705SXin Li     pr_4630_aux_2(a, &x);
99*67e74705SXin Li     return x;   // no-warning
100*67e74705SXin Li   }
101*67e74705SXin Li }
102*67e74705SXin Li 
103*67e74705SXin Li // PR 4631 - False positive with union initializer
104*67e74705SXin Li //  Previously the analyzer didn't examine the compound initializers of unions,
105*67e74705SXin Li //  resulting in some false positives for initializers with side-effects.
106*67e74705SXin Li union u_4631 { int a; };
107*67e74705SXin Li struct s_4631 { int a; };
108*67e74705SXin Li int pr4631_f2(int *p);
109*67e74705SXin Li int pr4631_f3(void *q);
pr4631_f1(void)110*67e74705SXin Li int pr4631_f1(void)
111*67e74705SXin Li {
112*67e74705SXin Li   int x;
113*67e74705SXin Li   union u_4631 m = { pr4631_f2(&x) };
114*67e74705SXin Li   pr4631_f3(&m); // tell analyzer that we use m
115*67e74705SXin Li   return x;  // no-warning
116*67e74705SXin Li }
pr4631_f1_b(void)117*67e74705SXin Li int pr4631_f1_b(void)
118*67e74705SXin Li {
119*67e74705SXin Li   int x;
120*67e74705SXin Li   struct s_4631 m = { pr4631_f2(&x) };
121*67e74705SXin Li   pr4631_f3(&m); // tell analyzer that we use m
122*67e74705SXin Li   return x;  // no-warning
123*67e74705SXin Li }
124*67e74705SXin Li 
125*67e74705SXin Li // <rdar://problem/12278788> - FP when returning a void-valued expression from
126*67e74705SXin Li // a void function...or block.
foo_radar12278788()127*67e74705SXin Li void foo_radar12278788() { return; }
test_radar12278788()128*67e74705SXin Li void test_radar12278788() {
129*67e74705SXin Li   return foo_radar12278788(); // no-warning
130*67e74705SXin Li }
131*67e74705SXin Li 
foo_radar12278788_fp()132*67e74705SXin Li void foo_radar12278788_fp() { return; }
133*67e74705SXin Li typedef int (*RetIntFuncType)();
134*67e74705SXin Li typedef void (*RetVoidFuncType)();
test_radar12278788_FP()135*67e74705SXin Li int test_radar12278788_FP() {
136*67e74705SXin Li   RetVoidFuncType f = foo_radar12278788_fp;
137*67e74705SXin Li   return ((RetIntFuncType)f)(); //expected-warning {{Undefined or garbage value returned to caller}}
138*67e74705SXin Li }
139*67e74705SXin Li 
rdar13665798()140*67e74705SXin Li void rdar13665798() {
141*67e74705SXin Li   ^() {
142*67e74705SXin Li     return foo_radar12278788(); // no-warning
143*67e74705SXin Li   }();
144*67e74705SXin Li   ^void() {
145*67e74705SXin Li     return foo_radar12278788(); // no-warning
146*67e74705SXin Li   }();
147*67e74705SXin Li   ^int() {
148*67e74705SXin Li     RetVoidFuncType f = foo_radar12278788_fp;
149*67e74705SXin Li     return ((RetIntFuncType)f)(); //expected-warning {{Undefined or garbage value returned to caller}}
150*67e74705SXin Li   }();
151*67e74705SXin Li }
152