| // RUN: %clang_analyze_cc1 -analyzer-checker=core -analyzer-store=region -fblocks -verify %s |
| |
| struct FPRec { |
| void (*my_func)(int * x); |
| }; |
| |
| int bar(int x); |
| |
| int f1_a(struct FPRec* foo) { |
| int x; |
| (*foo->my_func)(&x); |
| return bar(x)+1; // no-warning |
| } |
| |
| int f1_b() { |
| int x; |
| return bar(x)+1; // expected-warning{{1st function call argument is an uninitialized value}} |
| } |
| |
| int f2() { |
| |
| int x; |
| |
| if (x+1) // expected-warning{{The left operand of '+' is a garbage value}} |
| return 1; |
| |
| return 2; |
| } |
| |
| int f2_b() { |
| int x; |
| |
| return ((1+x)+2+((x))) + 1 ? 1 : 2; // expected-warning{{The right operand of '+' is a garbage value}} |
| } |
| |
| int f3(void) { |
| int i; |
| int *p = &i; |
| if (*p > 0) // expected-warning{{The left operand of '>' is a garbage value}} |
| return 0; |
| else |
| return 1; |
| } |
| |
| void f4_aux(float* x); |
| float f4(void) { |
| float x; |
| f4_aux(&x); |
| return x; // no-warning |
| } |
| |
| struct f5_struct { int x; }; |
| void f5_aux(struct f5_struct* s); |
| int f5(void) { |
| struct f5_struct s; |
| f5_aux(&s); |
| return s.x; // no-warning |
| } |
| |
| void f6(int x) { |
| int a[20]; |
| if (x == 25) {} |
| if (a[x] == 123) {} // expected-warning{{The left operand of '==' is a garbage value due to array index out of bounds}} |
| } |
| |
| int ret_uninit() { |
| int i; |
| int *p = &i; |
| return *p; // expected-warning{{Undefined or garbage value returned to caller}} |
| } |
| |
| // <rdar://problem/6451816> |
| typedef unsigned char Boolean; |
| typedef const struct __CFNumber * CFNumberRef; |
| typedef signed long CFIndex; |
| typedef CFIndex CFNumberType; |
| typedef unsigned long UInt32; |
| typedef UInt32 CFStringEncoding; |
| typedef const struct __CFString * CFStringRef; |
| extern Boolean CFNumberGetValue(CFNumberRef number, CFNumberType theType, void *valuePtr); |
| extern CFStringRef CFStringConvertEncodingToIANACharSetName(CFStringEncoding encoding); |
| |
| CFStringRef rdar_6451816(CFNumberRef nr) { |
| CFStringEncoding encoding; |
| // &encoding is casted to void*. This test case tests whether or not |
| // we properly invalidate the value of 'encoding'. |
| CFNumberGetValue(nr, 9, &encoding); |
| return CFStringConvertEncodingToIANACharSetName(encoding); // no-warning |
| } |
| |
| // PR 4630 - false warning with nonnull attribute |
| // This false positive (due to a regression) caused the analyzer to falsely |
| // flag a "return of uninitialized value" warning in the first branch due to |
| // the nonnull attribute. |
| void pr_4630_aux(char *x, int *y) __attribute__ ((nonnull (1))); |
| void pr_4630_aux_2(char *x, int *y); |
| int pr_4630(char *a, int y) { |
| int x; |
| if (y) { |
| pr_4630_aux(a, &x); |
| return x; // no-warning |
| } |
| else { |
| pr_4630_aux_2(a, &x); |
| return x; // no-warning |
| } |
| } |
| |
| // PR 4631 - False positive with union initializer |
| // Previously the analyzer didn't examine the compound initializers of unions, |
| // resulting in some false positives for initializers with side-effects. |
| union u_4631 { int a; }; |
| struct s_4631 { int a; }; |
| int pr4631_f2(int *p); |
| int pr4631_f3(void *q); |
| int pr4631_f1(void) |
| { |
| int x; |
| union u_4631 m = { pr4631_f2(&x) }; |
| pr4631_f3(&m); // tell analyzer that we use m |
| return x; // no-warning |
| } |
| int pr4631_f1_b(void) |
| { |
| int x; |
| struct s_4631 m = { pr4631_f2(&x) }; |
| pr4631_f3(&m); // tell analyzer that we use m |
| return x; // no-warning |
| } |
| |
| // <rdar://problem/12278788> - FP when returning a void-valued expression from |
| // a void function...or block. |
| void foo_radar12278788() { return; } |
| void test_radar12278788() { |
| return foo_radar12278788(); // no-warning |
| } |
| |
| void foo_radar12278788_fp() { return; } |
| typedef int (*RetIntFuncType)(); |
| typedef void (*RetVoidFuncType)(); |
| int test_radar12278788_FP() { |
| RetVoidFuncType f = foo_radar12278788_fp; |
| return ((RetIntFuncType)f)(); //expected-warning {{Undefined or garbage value returned to caller}} |
| } |
| |
| void rdar13665798() { |
| ^() { |
| return foo_radar12278788(); // no-warning |
| }(); |
| ^void() { |
| return foo_radar12278788(); // no-warning |
| }(); |
| ^int() { |
| RetVoidFuncType f = foo_radar12278788_fp; |
| return ((RetIntFuncType)f)(); //expected-warning {{Undefined or garbage value returned to caller}} |
| }(); |
| } |