1*f4a2713aSLionel Sambuc // RUN: %clang_cc1 -triple x86_64-apple-darwin10 -analyze -disable-free -analyzer-eagerly-assume -analyzer-checker=core,deadcode,debug.ExprInspection -verify %s
2*f4a2713aSLionel Sambuc
3*f4a2713aSLionel Sambuc void clang_analyzer_eval(int);
4*f4a2713aSLionel Sambuc
5*f4a2713aSLionel Sambuc int size_rdar9373039 = 1;
6*f4a2713aSLionel Sambuc int foo_rdar9373039(const char *);
7*f4a2713aSLionel Sambuc
rdar93730392()8*f4a2713aSLionel Sambuc int rdar93730392() {
9*f4a2713aSLionel Sambuc int x;
10*f4a2713aSLionel Sambuc int j = 0;
11*f4a2713aSLionel Sambuc
12*f4a2713aSLionel Sambuc for (int i = 0 ; i < size_rdar9373039 ; ++i)
13*f4a2713aSLionel Sambuc x = 1;
14*f4a2713aSLionel Sambuc
15*f4a2713aSLionel Sambuc int extra = (2 + foo_rdar9373039 ("Clang") + ((4 - ((unsigned int) (2 + foo_rdar9373039 ("Clang")) % 4)) % 4)) + (2 + foo_rdar9373039 ("1.0") + ((4 - ((unsigned int) (2 + foo_rdar9373039 ("1.0")) % 4)) % 4)); // expected-warning {{never read}}
16*f4a2713aSLionel Sambuc
17*f4a2713aSLionel Sambuc for (int i = 0 ; i < size_rdar9373039 ; ++i)
18*f4a2713aSLionel Sambuc j += x; // expected-warning {{garbage}}
19*f4a2713aSLionel Sambuc
20*f4a2713aSLionel Sambuc return j;
21*f4a2713aSLionel Sambuc }
22*f4a2713aSLionel Sambuc
23*f4a2713aSLionel Sambuc
PR8962(int * t)24*f4a2713aSLionel Sambuc int PR8962 (int *t) {
25*f4a2713aSLionel Sambuc // This should look through the __extension__ no-op.
26*f4a2713aSLionel Sambuc if (__extension__ (t)) return 0;
27*f4a2713aSLionel Sambuc return *t; // expected-warning {{null pointer}}
28*f4a2713aSLionel Sambuc }
29*f4a2713aSLionel Sambuc
PR8962_b(int * t)30*f4a2713aSLionel Sambuc int PR8962_b (int *t) {
31*f4a2713aSLionel Sambuc // This should still ignore the nested casts
32*f4a2713aSLionel Sambuc // which aren't handled by a single IgnoreParens()
33*f4a2713aSLionel Sambuc if (((int)((int)t))) return 0;
34*f4a2713aSLionel Sambuc return *t; // expected-warning {{null pointer}}
35*f4a2713aSLionel Sambuc }
36*f4a2713aSLionel Sambuc
PR8962_c(int * t)37*f4a2713aSLionel Sambuc int PR8962_c (int *t) {
38*f4a2713aSLionel Sambuc // If the last element in a StmtExpr was a ParenExpr, it's still live
39*f4a2713aSLionel Sambuc if (({ (t ? (_Bool)0 : (_Bool)1); })) return 0;
40*f4a2713aSLionel Sambuc return *t; // no-warning
41*f4a2713aSLionel Sambuc }
42*f4a2713aSLionel Sambuc
PR8962_d(int * t)43*f4a2713aSLionel Sambuc int PR8962_d (int *t) {
44*f4a2713aSLionel Sambuc // If the last element in a StmtExpr is an __extension__, it's still live
45*f4a2713aSLionel Sambuc if (({ __extension__(t ? (_Bool)0 : (_Bool)1); })) return 0;
46*f4a2713aSLionel Sambuc return *t; // no-warning
47*f4a2713aSLionel Sambuc }
48*f4a2713aSLionel Sambuc
PR8962_e(int * t)49*f4a2713aSLionel Sambuc int PR8962_e (int *t) {
50*f4a2713aSLionel Sambuc // Redundant casts can mess things up!
51*f4a2713aSLionel Sambuc // Environment used to skip through NoOp casts, but LiveVariables didn't!
52*f4a2713aSLionel Sambuc if (({ (t ? (int)(int)0L : (int)(int)1L); })) return 0;
53*f4a2713aSLionel Sambuc return *t; // no-warning
54*f4a2713aSLionel Sambuc }
55*f4a2713aSLionel Sambuc
PR8962_f(int * t)56*f4a2713aSLionel Sambuc int PR8962_f (int *t) {
57*f4a2713aSLionel Sambuc // The StmtExpr isn't a block-level expression here,
58*f4a2713aSLionel Sambuc // the __extension__ is. But the value should be attached to the StmtExpr
59*f4a2713aSLionel Sambuc // anyway. Make sure the block-level check is /before/ IgnoreParens.
60*f4a2713aSLionel Sambuc if ( __extension__({
61*f4a2713aSLionel Sambuc _Bool r;
62*f4a2713aSLionel Sambuc if (t) r = 0;
63*f4a2713aSLionel Sambuc else r = 1;
64*f4a2713aSLionel Sambuc r;
65*f4a2713aSLionel Sambuc }) ) return 0;
66*f4a2713aSLionel Sambuc return *t; // no-warning
67*f4a2713aSLionel Sambuc }
68*f4a2713aSLionel Sambuc
69*f4a2713aSLionel Sambuc // This previously crashed logic in the analyzer engine when evaluating locations.
70*f4a2713aSLionel Sambuc void rdar10308201_aux(unsigned val);
rdar10308201(int valA,void * valB,unsigned valC)71*f4a2713aSLionel Sambuc void rdar10308201 (int valA, void *valB, unsigned valC) {
72*f4a2713aSLionel Sambuc unsigned actual_base, lines;
73*f4a2713aSLionel Sambuc if (valC == 0) {
74*f4a2713aSLionel Sambuc actual_base = (unsigned)valB;
75*f4a2713aSLionel Sambuc for (;;) {
76*f4a2713aSLionel Sambuc if (valA & (1<<0))
77*f4a2713aSLionel Sambuc rdar10308201_aux(actual_base);
78*f4a2713aSLionel Sambuc }
79*f4a2713aSLionel Sambuc }
80*f4a2713aSLionel Sambuc }
81*f4a2713aSLionel Sambuc
82*f4a2713aSLionel Sambuc typedef struct Struct103 {
83*f4a2713aSLionel Sambuc unsigned i;
84*f4a2713aSLionel Sambuc } Struct103;
85*f4a2713aSLionel Sambuc typedef unsigned int size_t;
86*f4a2713aSLionel Sambuc void __my_memset_chk(char*, int, size_t);
radar10367606(int t)87*f4a2713aSLionel Sambuc static int radar10367606(int t) {
88*f4a2713aSLionel Sambuc Struct103 overall;
89*f4a2713aSLionel Sambuc ((__builtin_object_size ((char *) &overall, 0) != (size_t) -1) ? __builtin___memset_chk ((char *) &overall, 0, sizeof(Struct103), __builtin_object_size ((char *) &overall, 0)) : __my_memset_chk ((char *) &overall, 0, sizeof(Struct103)));
90*f4a2713aSLionel Sambuc return 0;
91*f4a2713aSLionel Sambuc }
92*f4a2713aSLionel Sambuc
93*f4a2713aSLionel Sambuc /* Caching out on a sink node. */
94*f4a2713aSLionel Sambuc extern int fooR10376675();
95*f4a2713aSLionel Sambuc extern int* bazR10376675();
96*f4a2713aSLionel Sambuc extern int nR10376675;
barR10376675(int * x)97*f4a2713aSLionel Sambuc void barR10376675(int *x) {
98*f4a2713aSLionel Sambuc int *pm;
99*f4a2713aSLionel Sambuc if (nR10376675 * 2) {
100*f4a2713aSLionel Sambuc int *pk = bazR10376675();
101*f4a2713aSLionel Sambuc pm = pk; //expected-warning {{never read}}
102*f4a2713aSLionel Sambuc }
103*f4a2713aSLionel Sambuc do {
104*f4a2713aSLionel Sambuc *x = fooR10376675();
105*f4a2713aSLionel Sambuc } while (0);
106*f4a2713aSLionel Sambuc }
107*f4a2713aSLionel Sambuc
108*f4a2713aSLionel Sambuc // Test accesses to wide character strings doesn't break the analyzer.
109*f4a2713aSLionel Sambuc typedef int wchar_t;
110*f4a2713aSLionel Sambuc struct rdar10385775 {
111*f4a2713aSLionel Sambuc wchar_t *name;
112*f4a2713aSLionel Sambuc };
RDar10385775(struct rdar10385775 * p)113*f4a2713aSLionel Sambuc void RDar10385775(struct rdar10385775* p) {
114*f4a2713aSLionel Sambuc p->name = L"a";
115*f4a2713aSLionel Sambuc }
116*f4a2713aSLionel Sambuc
117*f4a2713aSLionel Sambuc // Test double loop of array and array literals. Previously this
118*f4a2713aSLionel Sambuc // resulted in a false positive uninitailized value warning.
rdar10686586()119*f4a2713aSLionel Sambuc void rdar10686586() {
120*f4a2713aSLionel Sambuc int array1[] = { 1, 2, 3, 0 };
121*f4a2713aSLionel Sambuc int array2[] = { 1, 2, 3, 0 };
122*f4a2713aSLionel Sambuc int *array[] = { array1, array2 };
123*f4a2713aSLionel Sambuc int sum = 0;
124*f4a2713aSLionel Sambuc for (int i = 0; i < 2; i++) {
125*f4a2713aSLionel Sambuc for (int j = 0; j < 4; j++) {
126*f4a2713aSLionel Sambuc sum += array[i][j]; // no-warning
127*f4a2713aSLionel Sambuc }
128*f4a2713aSLionel Sambuc }
129*f4a2713aSLionel Sambuc }
130*f4a2713aSLionel Sambuc
131*f4a2713aSLionel Sambuc // This example tests CFG handling of '||' nested in a ternary expression,
132*f4a2713aSLionel Sambuc // and seeing that the analyzer doesn't crash.
isctype(char c,unsigned long f)133*f4a2713aSLionel Sambuc int isctype(char c, unsigned long f)
134*f4a2713aSLionel Sambuc {
135*f4a2713aSLionel Sambuc return (c < 1 || c > 10) ? 0 : !!(c & f);
136*f4a2713aSLionel Sambuc }
137*f4a2713aSLionel Sambuc
138*f4a2713aSLionel Sambuc // Test that symbolic array offsets are modeled conservatively.
139*f4a2713aSLionel Sambuc // This was triggering a false "use of uninitialized value" warning.
140*f4a2713aSLionel Sambuc void rdar_12075238__aux(unsigned long y);
rdar_12075238_(unsigned long count)141*f4a2713aSLionel Sambuc int rdar_12075238_(unsigned long count) {
142*f4a2713aSLionel Sambuc if ((count < 3) || (count > 6))
143*f4a2713aSLionel Sambuc return 0;
144*f4a2713aSLionel Sambuc
145*f4a2713aSLionel Sambuc unsigned long array[6];
146*f4a2713aSLionel Sambuc unsigned long i = 0;
147*f4a2713aSLionel Sambuc for (; i <= count - 2; i++)
148*f4a2713aSLionel Sambuc {
149*f4a2713aSLionel Sambuc array[i] = i;
150*f4a2713aSLionel Sambuc }
151*f4a2713aSLionel Sambuc array[count - 1] = i;
152*f4a2713aSLionel Sambuc rdar_12075238__aux(array[2]); // no-warning
153*f4a2713aSLionel Sambuc return 0;
154*f4a2713aSLionel Sambuc }
155*f4a2713aSLionel Sambuc
156*f4a2713aSLionel Sambuc // Test that we handle an uninitialized value within a logical expression.
PR14635(int * p)157*f4a2713aSLionel Sambuc void PR14635(int *p) {
158*f4a2713aSLionel Sambuc int a = 0, b;
159*f4a2713aSLionel Sambuc *p = a || b; // expected-warning {{Assigned value is garbage or undefined}}
160*f4a2713aSLionel Sambuc }
161*f4a2713aSLionel Sambuc
162*f4a2713aSLionel Sambuc // Test handling floating point values with unary '!'.
PR14634(int x)163*f4a2713aSLionel Sambuc int PR14634(int x) {
164*f4a2713aSLionel Sambuc double y = (double)x;
165*f4a2713aSLionel Sambuc return !y;
166*f4a2713aSLionel Sambuc }
167*f4a2713aSLionel Sambuc
168*f4a2713aSLionel Sambuc
169*f4a2713aSLionel Sambuc // PR15684: If a checker generates a sink node after generating a regular node
170*f4a2713aSLionel Sambuc // and no state changes between the two, graph trimming would consider the two
171*f4a2713aSLionel Sambuc // the same node, forming a loop.
172*f4a2713aSLionel Sambuc struct PR15684 {
173*f4a2713aSLionel Sambuc void (*callback)(int);
174*f4a2713aSLionel Sambuc };
sinkAfterRegularNode(struct PR15684 * context)175*f4a2713aSLionel Sambuc void sinkAfterRegularNode(struct PR15684 *context) {
176*f4a2713aSLionel Sambuc int uninitialized;
177*f4a2713aSLionel Sambuc context->callback(uninitialized); // expected-warning {{uninitialized}}
178*f4a2713aSLionel Sambuc }
179*f4a2713aSLionel Sambuc
180*f4a2713aSLionel Sambuc
181*f4a2713aSLionel Sambuc // PR16131: C permits variables to be declared extern void.
PR16131(int x)182*f4a2713aSLionel Sambuc static void PR16131(int x) {
183*f4a2713aSLionel Sambuc extern void v;
184*f4a2713aSLionel Sambuc
185*f4a2713aSLionel Sambuc int *ip = (int *)&v;
186*f4a2713aSLionel Sambuc char *cp = (char *)&v;
187*f4a2713aSLionel Sambuc clang_analyzer_eval(ip == cp); // expected-warning{{TRUE}}
188*f4a2713aSLionel Sambuc // expected-warning@-1 {{comparison of distinct pointer types}}
189*f4a2713aSLionel Sambuc
190*f4a2713aSLionel Sambuc *ip = 42;
191*f4a2713aSLionel Sambuc clang_analyzer_eval(*ip == 42); // expected-warning{{TRUE}}
192*f4a2713aSLionel Sambuc clang_analyzer_eval(*(int *)&v == 42); // expected-warning{{TRUE}}
193*f4a2713aSLionel Sambuc }
194