1 // RUN: %clang_analyze_cc1 -verify %s \ 2 // RUN: -analyzer-checker=core,unix.StdCLibraryFunctions \ 3 // RUN: -analyzer-config unix.StdCLibraryFunctions:ModelPOSIX=true \ 4 // RUN: -analyzer-output=text 5 6 #include "Inputs/std-c-library-functions-POSIX.h" 7 #define NULL ((void *)0) 8 9 char *getenv(const char *); 10 int isalpha(int); 11 int isdigit(int); 12 int islower(int); 13 14 char test_getenv() { 15 char *env = getenv("VAR"); // \ 16 // expected-note{{Assuming the environment variable does not exist}} \ 17 // expected-note{{'env' initialized here}} 18 19 return env[0]; // \ 20 // expected-warning{{Array access (from variable 'env') results in a null pointer dereference}} \ 21 // expected-note {{Array access (from variable 'env') results in a null pointer dereference}} 22 } 23 24 int test_isalpha(int *x, char c, char d) { 25 int iad = isalpha(d); 26 if (isalpha(c)) {// \ 27 // expected-note{{Taking true branch}} 28 x = NULL; // \ 29 // expected-note{{Null pointer value stored to 'x'}} 30 } 31 32 return *x; // \ 33 // expected-warning{{Dereference of null pointer (loaded from variable 'x')}} \ 34 // expected-note {{Dereference of null pointer (loaded from variable 'x')}} 35 } 36 37 int test_isdigit(int *x, char c) { 38 if (!isdigit(c)) {// \ 39 // expected-note{{Taking true branch}} 40 x = NULL; // \ 41 // expected-note{{Null pointer value stored to 'x'}} 42 } 43 44 return *x; // \ 45 // expected-warning{{Dereference of null pointer (loaded from variable 'x')}} \ 46 // expected-note {{Dereference of null pointer (loaded from variable 'x')}} 47 } 48 49 int test_islower(int *x) { 50 char c = 'c'; 51 // No "Assuming..." note. We aren't assuming anything. We *know*. 52 if (islower(c)) { // \ 53 // expected-note{{Taking true branch}} 54 x = NULL; // \ 55 // expected-note{{Null pointer value stored to 'x'}} 56 } 57 58 return *x; // \ 59 // expected-warning{{Dereference of null pointer (loaded from variable 'x')}} \ 60 // expected-note {{Dereference of null pointer (loaded from variable 'x')}} 61 } 62 63 int test_bugpath_notes(FILE *f1, char c, FILE *f2) { 64 int f = fileno(f2); 65 if (f == -1) // \ 66 // expected-note{{Taking false branch}} 67 return 0; 68 int l = islower(c); 69 f = fileno(f1); // \ 70 // expected-note{{Value assigned to 'f'}} \ 71 // expected-note{{Assuming that 'fileno' fails}} 72 return dup(f); // \ 73 // expected-warning{{The 1st argument to 'dup' is -1 but should be >= 0}} \ 74 // expected-note{{The 1st argument to 'dup' is -1 but should be >= 0}} 75 } 76 77 int test_fileno_arg_note(FILE *f1) { 78 return dup(fileno(f1)); // \ 79 // expected-warning{{The 1st argument to 'dup' is < 0 but should be >= 0}} \ 80 // expected-note{{The 1st argument to 'dup' is < 0 but should be >= 0}} \ 81 // expected-note{{Assuming that 'fileno' fails}} 82 } 83