reference.cpp revision ef8225444452a1486bd721f3285301fe84643b00
1// RUN: %clang_cc1 -analyze -analyzer-checker=core,alpha.core,debug.ExprInspection -analyzer-store=region -analyzer-constraints=range -verify -Wno-null-dereference -Wno-tautological-undefined-compare %s 2 3void clang_analyzer_eval(bool); 4 5typedef typeof(sizeof(int)) size_t; 6void malloc (size_t); 7 8void f1() { 9 int const &i = 3; 10 int b = i; 11 12 int *p = 0; 13 14 if (b != 3) 15 *p = 1; // no-warning 16} 17 18char* ptr(); 19char& ref(); 20 21// These next two tests just shouldn't crash. 22char t1 () { 23 ref() = 'c'; 24 return '0'; 25} 26 27// just a sanity test, the same behavior as t1() 28char t2 () { 29 *ptr() = 'c'; 30 return '0'; 31} 32 33// Each of the tests below is repeated with pointers as well as references. 34// This is mostly a sanity check, but then again, both should work! 35char t3 () { 36 char& r = ref(); 37 r = 'c'; // no-warning 38 if (r) return r; 39 return *(char*)0; // no-warning 40} 41 42char t4 () { 43 char* p = ptr(); 44 *p = 'c'; // no-warning 45 if (*p) return *p; 46 return *(char*)0; // no-warning 47} 48 49char t5 (char& r) { 50 r = 'c'; // no-warning 51 if (r) return r; 52 return *(char*)0; // no-warning 53} 54 55char t6 (char* p) { 56 *p = 'c'; // no-warning 57 if (*p) return *p; 58 return *(char*)0; // no-warning 59} 60 61 62// PR13440 / <rdar://problem/11977113> 63// Test that the array-to-pointer decay works for array references as well. 64// More generally, when we want an lvalue for a reference field, we still need 65// to do one level of load. 66namespace PR13440 { 67 typedef int T[1]; 68 struct S { 69 T &x; 70 71 int *m() { return x; } 72 }; 73 74 struct S2 { 75 int (&x)[1]; 76 77 int *m() { return x; } 78 79 void testArrayToPointerDecayWithNonTypedValueRegion() { 80 int *p = x; 81 int *q = x; 82 clang_analyzer_eval(p[0] == q[0]); // expected-warning{{TRUE}} 83 } 84 85 }; 86 87 void test() { 88 int a[1]; 89 S s = { a }; 90 S2 s2 = { a }; 91 92 if (s.x != a) return; 93 if (s2.x != a) return; 94 95 a[0] = 42; 96 clang_analyzer_eval(s.x[0] == 42); // expected-warning{{TRUE}} 97 clang_analyzer_eval(s2.x[0] == 42); // expected-warning{{TRUE}} 98 } 99} 100 101void testNullReference() { 102 int *x = 0; 103 int &y = *x; // expected-warning{{Dereference of null pointer}} 104 y = 5; 105} 106 107void testRetroactiveNullReference(int *x) { 108 // According to the C++ standard, there is no such thing as a 109 // "null reference". So the 'if' statement ought to be dead code. 110 // However, Clang (and other compilers) don't actually check that a pointer 111 // value is non-null in the implementation of references, so it is possible 112 // to produce a supposed "null reference" at runtime. The analyzer should 113 // still warn when it can prove such errors. 114 int &y = *x; 115 if (x != 0) 116 return; 117 y = 5; // expected-warning{{Dereference of null pointer}} 118} 119 120void testReferenceAddress(int &x) { 121 clang_analyzer_eval(&x != 0); // expected-warning{{TRUE}} 122 clang_analyzer_eval(&ref() != 0); // expected-warning{{TRUE}} 123 124 struct S { int &x; }; 125 126 extern S getS(); 127 clang_analyzer_eval(&getS().x != 0); // expected-warning{{TRUE}} 128 129 extern S *getSP(); 130 clang_analyzer_eval(&getSP()->x != 0); // expected-warning{{TRUE}} 131} 132 133 134void testFunctionPointerReturn(void *opaque) { 135 typedef int &(*RefFn)(); 136 137 RefFn getRef = (RefFn)opaque; 138 139 // Don't crash writing to or reading from this reference. 140 int &x = getRef(); 141 x = 42; 142 clang_analyzer_eval(x == 42); // expected-warning{{TRUE}} 143} 144 145int &testReturnNullReference() { 146 int *x = 0; 147 return *x; // expected-warning{{Returning null reference}} 148} 149 150char &refFromPointer() { 151 return *ptr(); 152} 153 154void testReturnReference() { 155 clang_analyzer_eval(ptr() == 0); // expected-warning{{UNKNOWN}} 156 clang_analyzer_eval(&refFromPointer() == 0); // expected-warning{{FALSE}} 157} 158 159void intRefParam(int &r) { 160 ; 161} 162 163void test(int *ptr) { 164 clang_analyzer_eval(ptr == 0); // expected-warning{{UNKNOWN}} 165 166 extern void use(int &ref); 167 use(*ptr); 168 169 clang_analyzer_eval(ptr == 0); // expected-warning{{FALSE}} 170} 171 172void testIntRefParam() { 173 int i = 0; 174 intRefParam(i); // no-warning 175} 176 177int refParam(int &byteIndex) { 178 return byteIndex; 179} 180 181void testRefParam(int *p) { 182 if (p) 183 ; 184 refParam(*p); // expected-warning {{Forming reference to null pointer}} 185} 186 187int ptrRefParam(int *&byteIndex) { 188 return *byteIndex; // expected-warning {{Dereference of null pointer}} 189} 190void testRefParam2() { 191 int *p = 0; 192 int *&rp = p; 193 ptrRefParam(rp); 194} 195 196int *maybeNull() { 197 extern bool coin(); 198 static int x; 199 return coin() ? &x : 0; 200} 201 202void use(int &x) { 203 x = 1; // no-warning 204} 205 206void testSuppression() { 207 use(*maybeNull()); 208} 209 210namespace rdar11212286 { 211 class B{}; 212 213 B test() { 214 B *x = 0; 215 return *x; // expected-warning {{Forming reference to null pointer}} 216 } 217 218 B testif(B *x) { 219 if (x) 220 ; 221 return *x; // expected-warning {{Forming reference to null pointer}} 222 } 223 224 void idc(B *x) { 225 if (x) 226 ; 227 } 228 229 B testidc(B *x) { 230 idc(x); 231 return *x; // no-warning 232 } 233} 234 235namespace PR15694 { 236 class C { 237 bool bit : 1; 238 template <class T> void bar(const T &obj) {} 239 void foo() { 240 bar(bit); // don't crash 241 } 242 }; 243} 244