llvm/clang/test/Analysis/misc-ps.c

// RUN: %clang_analyze_cc1 -triple x86_64-apple-darwin10 -disable-free -analyzer-checker=core,deadcode,debug.ExprInspection -Wno-pointer-to-int-cast -verify %s

void clang_analyzer_eval(int);

int size_rdar9373039 = 1;
int foo_rdar9373039(const char *);

int rdar93730392(void) {
  int x;
  int j = 0;

  for (int i = 0 ; i < size_rdar9373039 ; ++i)
    x = 1;
    
  int extra = (2 + foo_rdar9373039 ("Clang") + ((4 - ((unsigned int) (2 + foo_rdar9373039 ("Clang")) % 4)) % 4)) + (2 + foo_rdar9373039 ("1.0") + ((4 - ((unsigned int) (2 + foo_rdar9373039 ("1.0")) % 4)) % 4)); // expected-warning {{never read}}

  for (int i = 0 ; i < size_rdar9373039 ; ++i)
    j += x; // expected-warning {{garbage}}

  return j;
}


int PR8962 (int *t) {
  // This should look through the __extension__ no-op.
  if (__extension__ (t)) return 0;
  return *t; // expected-warning {{null pointer}}
}

int PR8962_b (int *t) {
  // This should still ignore the nested casts
  // which aren't handled by a single IgnoreParens()
  if (((int)((int)t))) return 0;
  return *t; // expected-warning {{null pointer}}
}

int PR8962_c (int *t) {
  // If the last element in a StmtExpr was a ParenExpr, it's still live
  if (({ (t ? (_Bool)0 : (_Bool)1); })) return 0;
  return *t; // no-warning
}

int PR8962_d (int *t) {
  // If the last element in a StmtExpr is an __extension__, it's still live
  if (({ __extension__(t ? (_Bool)0 : (_Bool)1); })) return 0;
  return *t; // no-warning
}

int PR8962_e (int *t) {
  // Redundant casts can mess things up!
  // Environment used to skip through NoOp casts, but LiveVariables didn't!
  if (({ (t ? (int)(int)0L : (int)(int)1L); })) return 0;
  return *t; // no-warning
}

int PR8962_f (int *t) {
  // The StmtExpr isn't a block-level expression here,
  // the __extension__ is. But the value should be attached to the StmtExpr
  // anyway. Make sure the block-level check is /before/ IgnoreParens.
  if ( __extension__({
    _Bool r;
    if (t) r = 0;
    else r = 1;
    r;
  }) ) return 0;
  return *t; // no-warning
}

// This previously crashed logic in the analyzer engine when evaluating locations.
void rdar10308201_aux(unsigned val);
void rdar10308201 (int valA, void *valB, unsigned valC) {
  unsigned actual_base, lines;
  if (valC == 0) {
    actual_base = (unsigned)valB;
    for (;;) {
      if (valA & (1<<0))
        rdar10308201_aux(actual_base);
    }
  }
}

typedef struct Struct103 {
  unsigned i;
} Struct103;
typedef unsigned int size_t;
void __my_memset_chk(char*, int, size_t);
static int radar10367606(int t) {
  Struct103 overall;
  ((__builtin_object_size ((char *) &overall, 0) != (size_t) -1) ? __builtin___memset_chk ((char *) &overall, 0, sizeof(Struct103), __builtin_object_size ((char *) &overall, 0)) : __my_memset_chk ((char *) &overall, 0, sizeof(Struct103)));
  return 0;
}

/* Caching out on a sink node. */
extern int fooR10376675(void);
extern int* bazR10376675(void);
extern int nR10376675;
void barR10376675(int *x) {
  int *pm;
  if (nR10376675 * 2) {
    int *pk  = bazR10376675();
    pm = pk; //expected-warning {{never read}}
  }
  do {
    *x = fooR10376675();
  } while (0);
}

// Test accesses to wide character strings doesn't break the analyzer.
typedef int wchar_t;
struct rdar10385775 {
    wchar_t *name;
};
void RDar10385775(struct rdar10385775* p) {
    p->name = L"a";
}

// Test double loop of array and array literals.  Previously this
// resulted in a false positive uninitailized value warning.
void rdar10686586(void) {
    int array1[] = { 1, 2, 3, 0 };
    int array2[] = { 1, 2, 3, 0 };
    int *array[] = { array1, array2 };
    int sum = 0;
    for (int i = 0; i < 2; i++) {
        for (int j = 0; j < 4; j++) {
            sum += array[i][j]; // no-warning
        }
    }
}

// This example tests CFG handling of '||' nested in a ternary expression,
// and seeing that the analyzer doesn't crash.
int isctype(char c, unsigned long f)
{
  return (c < 1 || c > 10) ? 0 : !!(c & f);
}

// Test that symbolic array offsets are modeled conservatively.
// This was triggering a false "use of uninitialized value" warning.
void rdar_12075238__aux(unsigned long y);
int rdar_12075238_(unsigned long count) {
  if ((count < 3) || (count > 6))
    return 0;
	
  unsigned long array[6];
  unsigned long i = 0;
  for (; i <= count - 2; i++)
  {
	  array[i] = i;
  }
  array[count - 1] = i;
  rdar_12075238__aux(array[2]); // no-warning
  return 0;
}

// Test that we handle an uninitialized value within a logical expression.
void PR14635(int *p) {
  int a = 0, b;
  *p = a || b; // expected-warning {{Assigned value is garbage or undefined}}
}

// Test handling floating point values with unary '!'.
int PR14634(int x) {
  double y = (double)x;
  return !y;
}


// PR15684: If a checker generates a sink node after generating a regular node
// and no state changes between the two, graph trimming would consider the two
// the same node, forming a loop.
struct PR15684 {
  void (*callback)(int);
};
void sinkAfterRegularNode(struct PR15684 *context) {
  int uninitialized;
  context->callback(uninitialized); // expected-warning {{uninitialized}}
}


// PR16131: C permits variables to be declared extern void.
static void PR16131(int x) {
  extern void v;

  int *ip = (int *)&v;
  char *cp = (char *)&v;
  clang_analyzer_eval(ip == cp); // expected-warning{{TRUE}}
  // expected-warning@-1 {{comparison of distinct pointer types}}

  *ip = 42;
  clang_analyzer_eval(*ip == 42); // expected-warning{{TRUE}}
  clang_analyzer_eval(*(int *)&v == 42); // expected-warning{{TRUE}}
}

// PR15623: Currently the analyzer doesn't handle symbolic expressions of the
// form "(exp comparison_op expr) != 0" very well. We perform a simplification
// translating an assume of a constraint of the form "(exp comparison_op expr)
// != 0" to true into an assume of "exp comparison_op expr" to true.
void PR15623(int n) {
  if ((n == 0) != 0) {
    clang_analyzer_eval(n == 0); // expected-warning{{TRUE}}
  }
}