1*f4a2713aSLionel Sambuc // RUN: %clang_cc1 -std=c++11 -Wno-conversion-null -analyze -analyzer-checker=core -analyzer-store region -verify %s 2*f4a2713aSLionel Sambuc 3*f4a2713aSLionel Sambuc // test to see if nullptr is detected as a null pointer foo1(void)4*f4a2713aSLionel Sambucvoid foo1(void) { 5*f4a2713aSLionel Sambuc char *np = nullptr; 6*f4a2713aSLionel Sambuc *np = 0; // expected-warning{{Dereference of null pointer}} 7*f4a2713aSLionel Sambuc } 8*f4a2713aSLionel Sambuc 9*f4a2713aSLionel Sambuc // check if comparing nullptr to nullptr is detected properly foo2(void)10*f4a2713aSLionel Sambucvoid foo2(void) { 11*f4a2713aSLionel Sambuc char *np1 = nullptr; 12*f4a2713aSLionel Sambuc char *np2 = np1; 13*f4a2713aSLionel Sambuc char c; 14*f4a2713aSLionel Sambuc if (np1 == np2) 15*f4a2713aSLionel Sambuc np1 = &c; 16*f4a2713aSLionel Sambuc *np1 = 0; // no-warning 17*f4a2713aSLionel Sambuc } 18*f4a2713aSLionel Sambuc 19*f4a2713aSLionel Sambuc // invoving a nullptr in a more complex operation should be cause a warning foo3(void)20*f4a2713aSLionel Sambucvoid foo3(void) { 21*f4a2713aSLionel Sambuc struct foo { 22*f4a2713aSLionel Sambuc int a, f; 23*f4a2713aSLionel Sambuc }; 24*f4a2713aSLionel Sambuc char *np = nullptr; 25*f4a2713aSLionel Sambuc // casting a nullptr to anything should be caught eventually 26*f4a2713aSLionel Sambuc int *ip = &(((struct foo *)np)->f); 27*f4a2713aSLionel Sambuc *ip = 0; // expected-warning{{Dereference of null pointer}} 28*f4a2713aSLionel Sambuc // should be error here too, but analysis gets stopped 29*f4a2713aSLionel Sambuc // *np = 0; 30*f4a2713aSLionel Sambuc } 31*f4a2713aSLionel Sambuc 32*f4a2713aSLionel Sambuc // nullptr is implemented as a zero integer value, so should be able to compare foo4(void)33*f4a2713aSLionel Sambucvoid foo4(void) { 34*f4a2713aSLionel Sambuc char *np = nullptr; 35*f4a2713aSLionel Sambuc if (np != 0) 36*f4a2713aSLionel Sambuc *np = 0; // no-warning 37*f4a2713aSLionel Sambuc char *cp = 0; 38*f4a2713aSLionel Sambuc if (np != cp) 39*f4a2713aSLionel Sambuc *np = 0; // no-warning 40*f4a2713aSLionel Sambuc } 41*f4a2713aSLionel Sambuc pr10372(void * & x)42*f4a2713aSLionel Sambucint pr10372(void *& x) { 43*f4a2713aSLionel Sambuc // GNU null is a pointer-sized integer, not a pointer. 44*f4a2713aSLionel Sambuc x = __null; 45*f4a2713aSLionel Sambuc // This used to crash. 46*f4a2713aSLionel Sambuc return __null; 47*f4a2713aSLionel Sambuc } 48*f4a2713aSLionel Sambuc zoo1()49*f4a2713aSLionel Sambucvoid zoo1() { 50*f4a2713aSLionel Sambuc char **p = 0; 51*f4a2713aSLionel Sambuc delete *(p + 0); // expected-warning{{Dereference of null pointer}} 52*f4a2713aSLionel Sambuc } 53*f4a2713aSLionel Sambuc zoo2()54*f4a2713aSLionel Sambucvoid zoo2() { 55*f4a2713aSLionel Sambuc int **a = 0; 56*f4a2713aSLionel Sambuc int **b = 0; 57*f4a2713aSLionel Sambuc asm ("nop" 58*f4a2713aSLionel Sambuc :"=r"(*a) 59*f4a2713aSLionel Sambuc :"0"(*b) // expected-warning{{Dereference of null pointer}} 60*f4a2713aSLionel Sambuc ); 61*f4a2713aSLionel Sambuc } 62*f4a2713aSLionel Sambuc exprWithCleanups()63*f4a2713aSLionel Sambucint exprWithCleanups() { 64*f4a2713aSLionel Sambuc struct S { 65*f4a2713aSLionel Sambuc S(int a):a(a){} 66*f4a2713aSLionel Sambuc ~S() {} 67*f4a2713aSLionel Sambuc 68*f4a2713aSLionel Sambuc int a; 69*f4a2713aSLionel Sambuc }; 70*f4a2713aSLionel Sambuc 71*f4a2713aSLionel Sambuc int *x = 0; 72*f4a2713aSLionel Sambuc return S(*x).a; // expected-warning{{Dereference of null pointer}} 73*f4a2713aSLionel Sambuc } 74*f4a2713aSLionel Sambuc materializeTempExpr()75*f4a2713aSLionel Sambucint materializeTempExpr() { 76*f4a2713aSLionel Sambuc int *n = 0; 77*f4a2713aSLionel Sambuc struct S { 78*f4a2713aSLionel Sambuc int a; 79*f4a2713aSLionel Sambuc S(int i): a(i) {} 80*f4a2713aSLionel Sambuc }; 81*f4a2713aSLionel Sambuc const S &s = S(*n); // expected-warning{{Dereference of null pointer}} 82*f4a2713aSLionel Sambuc return s.a; 83*f4a2713aSLionel Sambuc } 84*f4a2713aSLionel Sambuc 85*f4a2713aSLionel Sambuc typedef decltype(nullptr) nullptr_t; testMaterializeTemporaryExprWithNullPtr()86*f4a2713aSLionel Sambucvoid testMaterializeTemporaryExprWithNullPtr() { 87*f4a2713aSLionel Sambuc // Create MaterializeTemporaryExpr with a nullptr inside. 88*f4a2713aSLionel Sambuc const nullptr_t &r = nullptr; 89*f4a2713aSLionel Sambuc } 90