1// RUN: %clang_cc1 -analyze -analyzer-checker=core -analyzer-store=region -fblocks -verify %s 2 3struct FPRec { 4 void (*my_func)(int * x); 5}; 6 7int bar(int x); 8 9int f1_a(struct FPRec* foo) { 10 int x; 11 (*foo->my_func)(&x); 12 return bar(x)+1; // no-warning 13} 14 15int f1_b() { 16 int x; 17 return bar(x)+1; // expected-warning{{Function call argument is an uninitialized value}} 18} 19 20int f2() { 21 22 int x; 23 24 if (x+1) // expected-warning{{The left operand of '+' is a garbage value}} 25 return 1; 26 27 return 2; 28} 29 30int f2_b() { 31 int x; 32 33 return ((1+x)+2+((x))) + 1 ? 1 : 2; // expected-warning{{The right operand of '+' is a garbage value}} 34} 35 36int f3(void) { 37 int i; 38 int *p = &i; 39 if (*p > 0) // expected-warning{{The left operand of '>' is a garbage value}} 40 return 0; 41 else 42 return 1; 43} 44 45void f4_aux(float* x); 46float f4(void) { 47 float x; 48 f4_aux(&x); 49 return x; // no-warning 50} 51 52struct f5_struct { int x; }; 53void f5_aux(struct f5_struct* s); 54int f5(void) { 55 struct f5_struct s; 56 f5_aux(&s); 57 return s.x; // no-warning 58} 59 60int ret_uninit() { 61 int i; 62 int *p = &i; 63 return *p; // expected-warning{{Undefined or garbage value returned to caller}} 64} 65 66// <rdar://problem/6451816> 67typedef unsigned char Boolean; 68typedef const struct __CFNumber * CFNumberRef; 69typedef signed long CFIndex; 70typedef CFIndex CFNumberType; 71typedef unsigned long UInt32; 72typedef UInt32 CFStringEncoding; 73typedef const struct __CFString * CFStringRef; 74extern Boolean CFNumberGetValue(CFNumberRef number, CFNumberType theType, void *valuePtr); 75extern CFStringRef CFStringConvertEncodingToIANACharSetName(CFStringEncoding encoding); 76 77CFStringRef rdar_6451816(CFNumberRef nr) { 78 CFStringEncoding encoding; 79 // &encoding is casted to void*. This test case tests whether or not 80 // we properly invalidate the value of 'encoding'. 81 CFNumberGetValue(nr, 9, &encoding); 82 return CFStringConvertEncodingToIANACharSetName(encoding); // no-warning 83} 84 85// PR 4630 - false warning with nonnull attribute 86// This false positive (due to a regression) caused the analyzer to falsely 87// flag a "return of uninitialized value" warning in the first branch due to 88// the nonnull attribute. 89void pr_4630_aux(char *x, int *y) __attribute__ ((nonnull (1))); 90void pr_4630_aux_2(char *x, int *y); 91int pr_4630(char *a, int y) { 92 int x; 93 if (y) { 94 pr_4630_aux(a, &x); 95 return x; // no-warning 96 } 97 else { 98 pr_4630_aux_2(a, &x); 99 return x; // no-warning 100 } 101} 102 103// PR 4631 - False positive with union initializer 104// Previously the analyzer didn't examine the compound initializers of unions, 105// resulting in some false positives for initializers with side-effects. 106union u_4631 { int a; }; 107struct s_4631 { int a; }; 108int pr4631_f2(int *p); 109int pr4631_f3(void *q); 110int pr4631_f1(void) 111{ 112 int x; 113 union u_4631 m = { pr4631_f2(&x) }; 114 pr4631_f3(&m); // tell analyzer that we use m 115 return x; // no-warning 116} 117int pr4631_f1_b(void) 118{ 119 int x; 120 struct s_4631 m = { pr4631_f2(&x) }; 121 pr4631_f3(&m); // tell analyzer that we use m 122 return x; // no-warning 123} 124 125// <rdar://problem/12278788> - FP when returning a void-valued expression from 126// a void function...or block. 127void foo_radar12278788() { return; } 128void test_radar12278788() { 129 return foo_radar12278788(); // no-warning 130} 131 132void foo_radar12278788_fp() { return; } 133typedef int (*RetIntFuncType)(); 134typedef void (*RetVoidFuncType)(); 135int test_radar12278788_FP() { 136 RetVoidFuncType f = foo_radar12278788_fp; 137 return ((RetIntFuncType)f)(); //expected-warning {{Undefined or garbage value returned to caller}} 138} 139 140void rdar13665798() { 141 ^() { 142 return foo_radar12278788(); // no-warning 143 }(); 144 ^void() { 145 return foo_radar12278788(); // no-warning 146 }(); 147 ^int() { 148 RetVoidFuncType f = foo_radar12278788_fp; 149 return ((RetIntFuncType)f)(); //expected-warning {{Undefined or garbage value returned to caller}} 150 }(); 151} 152