1 // RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.core,debug.ExprInspection -verify -Wno-null-dereference -Wno-tautological-undefined-compare -analyzer-config eagerly-assume=false %s 2 3 void clang_analyzer_eval(bool); 4 5 typedef typeof(sizeof(int)) size_t; 6 void malloc (size_t); 7 8 void f1() { 9 int const &i = 3; 10 int b = i; 11 12 int *p = 0; 13 14 if (b != 3) 15 *p = 1; // no-warning 16 } 17 18 char* ptr(); 19 char& ref(); 20 21 // These next two tests just shouldn't crash. 22 char t1 () { 23 ref() = 'c'; 24 return '0'; 25 } 26 27 // just a basic correctness test, the same behavior as t1() 28 char t2 () { 29 *ptr() = 'c'; 30 return '0'; 31 } 32 33 // Each of the tests below is repeated with pointers as well as references. 34 // This is mostly a basic correctness check, but then again, both should work! 35 char t3 () { 36 char& r = ref(); 37 r = 'c'; // no-warning 38 if (r) return r; 39 return *(char*)0; // no-warning 40 } 41 42 char t4 () { 43 char* p = ptr(); 44 *p = 'c'; // no-warning 45 if (*p) return *p; 46 return *(char*)0; // no-warning 47 } 48 49 char t5 (char& r) { 50 r = 'c'; // no-warning 51 if (r) return r; 52 return *(char*)0; // no-warning 53 } 54 55 char t6 (char* p) { 56 *p = 'c'; // no-warning 57 if (*p) return *p; 58 return *(char*)0; // no-warning 59 } 60 61 62 // PR13440 63 // Test that the array-to-pointer decay works for array references as well. 64 // More generally, when we want an lvalue for a reference field, we still need 65 // to do one level of load. 66 namespace PR13440 { 67 typedef int T[1]; 68 struct S { 69 T &x; 70 71 int *m() { return x; } 72 }; 73 74 struct S2 { 75 int (&x)[1]; 76 77 int *m() { return x; } 78 79 void testArrayToPointerDecayWithNonTypedValueRegion() { 80 int *p = x; 81 int *q = x; 82 clang_analyzer_eval(p[0] == q[0]); // expected-warning{{TRUE}} 83 } 84 85 }; 86 87 void test() { 88 int a[1]; 89 S s = { a }; 90 S2 s2 = { a }; 91 92 if (s.x != a) return; // expected-warning {{comparison between two arrays}} 93 if (s2.x != a) return; // expected-warning {{comparison between two arrays}} 94 95 a[0] = 42; 96 clang_analyzer_eval(s.x[0] == 42); // expected-warning{{TRUE}} 97 clang_analyzer_eval(s2.x[0] == 42); // expected-warning{{TRUE}} 98 } 99 } 100 101 void testNullReference() { 102 int *x = 0; 103 int &y = *x; // expected-warning{{Dereference of null pointer}} 104 y = 5; 105 } 106 107 void testRetroactiveNullReference(int *x) { 108 // According to the C++ standard, there is no such thing as a 109 // "null reference". So the 'if' statement ought to be dead code. 110 // However, Clang (and other compilers) don't actually check that a pointer 111 // value is non-null in the implementation of references, so it is possible 112 // to produce a supposed "null reference" at runtime. The analyzer should 113 // still warn when it can prove such errors. 114 int &y = *x; 115 if (x != 0) 116 return; 117 y = 5; // expected-warning{{Dereference of null pointer}} 118 } 119 120 namespace TestReferenceAddress { 121 struct S { int &x; }; 122 S getS(); 123 S *getSP(); 124 125 void testReferenceAddress(int &x) { 126 // FIXME: Move non-zero reference assumption out of RangeConstraintManager.cpp:422 127 #ifdef ANALYZER_CM_Z3 128 clang_analyzer_eval(&x != 0); // expected-warning{{UNKNOWN}} 129 clang_analyzer_eval(&ref() != 0); // expected-warning{{UNKNOWN}} 130 #else 131 clang_analyzer_eval(&x != 0); // expected-warning{{TRUE}} 132 clang_analyzer_eval(&ref() != 0); // expected-warning{{TRUE}} 133 #endif 134 135 #ifdef ANALYZER_CM_Z3 136 clang_analyzer_eval(&getS().x != 0); // expected-warning{{UNKNOWN}} 137 #else 138 clang_analyzer_eval(&getS().x != 0); // expected-warning{{TRUE}} 139 #endif 140 141 #ifdef ANALYZER_CM_Z3 142 clang_analyzer_eval(&getSP()->x != 0); // expected-warning{{UNKNOWN}} 143 #else 144 clang_analyzer_eval(&getSP()->x != 0); // expected-warning{{TRUE}} 145 #endif 146 } 147 } 148 149 void testFunctionPointerReturn(void *opaque) { 150 typedef int &(*RefFn)(); 151 152 RefFn getRef = (RefFn)opaque; 153 154 // Don't crash writing to or reading from this reference. 155 int &x = getRef(); 156 x = 42; 157 clang_analyzer_eval(x == 42); // expected-warning{{TRUE}} 158 } 159 160 int &testReturnNullReference() { 161 int *x = 0; 162 return *x; // expected-warning{{Returning null reference}} 163 } 164 165 char &refFromPointer() { 166 return *ptr(); 167 } 168 169 void testReturnReference() { 170 clang_analyzer_eval(ptr() == 0); // expected-warning{{UNKNOWN}} 171 clang_analyzer_eval(&refFromPointer() == 0); // expected-warning{{FALSE}} 172 } 173 174 void intRefParam(int &r) { 175 ; 176 } 177 178 void test(int *ptr) { 179 clang_analyzer_eval(ptr == 0); // expected-warning{{UNKNOWN}} 180 181 extern void use(int &ref); 182 use(*ptr); 183 184 clang_analyzer_eval(ptr == 0); // expected-warning{{FALSE}} 185 } 186 187 void testIntRefParam() { 188 int i = 0; 189 intRefParam(i); // no-warning 190 } 191 192 int refParam(int &byteIndex) { 193 return byteIndex; 194 } 195 196 void testRefParam(int *p) { 197 if (p) 198 ; 199 refParam(*p); // expected-warning {{Forming reference to null pointer}} 200 } 201 202 int ptrRefParam(int *&byteIndex) { 203 return *byteIndex; // expected-warning {{Dereference of null pointer}} 204 } 205 void testRefParam2() { 206 int *p = 0; 207 int *&rp = p; 208 ptrRefParam(rp); 209 } 210 211 int *maybeNull() { 212 extern bool coin(); 213 static int x; 214 return coin() ? &x : 0; 215 } 216 217 void use(int &x) { 218 x = 1; // no-warning 219 } 220 221 void testSuppression() { 222 use(*maybeNull()); 223 } 224 225 namespace rdar11212286 { 226 class B{}; 227 228 B test() { 229 B *x = 0; 230 return *x; // expected-warning {{Forming reference to null pointer}} 231 } 232 233 B testif(B *x) { 234 if (x) 235 ; 236 return *x; // expected-warning {{Forming reference to null pointer}} 237 } 238 239 void idc(B *x) { 240 if (x) 241 ; 242 } 243 244 B testidc(B *x) { 245 idc(x); 246 return *x; // no-warning 247 } 248 } 249 250 namespace PR15694 { 251 class C { 252 bool bit : 1; 253 template <class T> void bar(const T &obj) {} 254 void foo() { 255 bar(bit); // don't crash 256 } 257 }; 258 } 259