1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
| // RUN: %clang_analyze_cc1 %s -analyzer-checker=core.NullDereference,core.DivideZero -fblocks -analyzer-output=text -analyzer-config suppress-null-return-paths=false -verify -analyzer-config eagerly-assume=false %s
// RUN: %clang_analyze_cc1 -analyzer-config eagerly-assume=false %s -analyzer-checker=core.NullDereference,core.DivideZero -fblocks -analyzer-output=plist -analyzer-config suppress-null-return-paths=false -o %t
// RUN: %normalize_plist <%t | diff -ub %S/Inputs/expected-plists/inline-plist.c.plist -
// <rdar://problem/10967815>
void mmm(int y) {
if (y != 0)
y++;
}
int foo(int x, int y) {
mmm(y);
if (x != 0) {
// expected-note@-1 {{Assuming 'x' is equal to 0}}
// expected-note@-2 {{Taking false branch}}
x++;
}
return 5/x; // expected-warning{{Division by zero}} expected-note{{Division by zero}}
}
// Test a bug triggering only when inlined.
void has_bug(int *p) {
*p = 0xDEADBEEF; // expected-warning{{Dereference of null pointer (loaded from variable 'p')}} expected-note{{Dereference of null pointer (loaded from variable 'p')}}
}
void test_has_bug() {
has_bug(0);
// expected-note@-1 {{Passing null pointer value via 1st parameter 'p'}}
// expected-note@-2 {{Calling 'has_bug'}}
}
void triggers_bug(int *p) {
*p = 0xDEADBEEF; // expected-warning{{Dereference of null pointer (loaded from variable 'p')}} expected-note{{Dereference of null pointer (loaded from variable 'p')}}
}
// This function triggers a bug by calling triggers_bug(). The diagnostics
// should show when p is assumed to be null.
void bar(int *p) {
if (!!p) {
// expected-note@-1 {{Assuming 'p' is null}}
// expected-note@-2 {{Taking false branch}}
return;
}
if (p == 0) {
// expected-note@-1 {{'p' is equal to null}}
// expected-note@-2 {{Taking true branch}}
triggers_bug(p);
// expected-note@-1 {{Passing null pointer value via 1st parameter 'p'}}
// expected-note@-2 {{Calling 'triggers_bug'}}
}
}
// ========================================================================== //
// Test inlining of blocks.
// ========================================================================== //
void test_block__capture_null() {
int *p = 0; // expected-note{{'p' initialized to a null pointer value}}
^(){ // expected-note {{Calling anonymous block}}
*p = 1; // expected-warning{{Dereference of null pointer (loaded from variable 'p')}} expected-note{{Dereference of null pointer (loaded from variable 'p')}}
}();
}
void test_block_ret() {
int *p = ^int*(){ // expected-note {{Calling anonymous block}} expected-note{{Returning to caller}} expected-note {{'p' initialized to a null pointer value}}
int *q = 0; // expected-note {{'q' initialized to a null pointer value}}
return q; // expected-note {{Returning null pointer (loaded from 'q')}}
}();
*p = 1; // expected-warning{{Dereference of null pointer (loaded from variable 'p')}} expected-note{{Dereference of null pointer (loaded from variable 'p')}}
}
void test_block_blockvar() {
__block int *p;
^(){ // expected-note{{Calling anonymous block}} expected-note{{Returning to caller}}
p = 0; // expected-note{{Null pointer value stored to 'p'}}
}();
*p = 1; // expected-warning{{Dereference of null pointer (loaded from variable 'p')}} expected-note{{Dereference of null pointer (loaded from variable 'p')}}
}
void test_block_arg() {
int *p;
^(int **q){ // expected-note{{Calling anonymous block}} expected-note{{Returning to caller}}
*q = 0; // expected-note{{Null pointer value stored to 'p'}}
}(&p);
*p = 1; // expected-warning{{Dereference of null pointer (loaded from variable 'p')}} expected-note{{Dereference of null pointer (loaded from variable 'p')}}
}
|