deref-track-symbolic-region.c revision cc5dbdae70c6eb2423921f52a35ba4686d2969cf
1// RUN: %clang_cc1 -analyze -analyzer-checker=core -analyzer-output=text -verify %s 2// RUN: %clang_cc1 -analyze -analyzer-checker=core -analyzer-output=plist-multi-file %s -o %t.plist 3// RUN: FileCheck --input-file=%t.plist %s 4 5struct S { 6 int *x; 7 int y; 8}; 9 10int *foo(); 11 12void test(struct S syz, int *pp) { 13 int m = 0; 14 syz.x = foo(); // expected-note{{Value assigned to 'syz.x'}} 15 16 struct S *ps = &syz; 17 if (ps->x) 18 //expected-note@-1{{Taking false branch}} 19 //expected-note@-2{{Assuming pointer value is null}} 20 21 m++; 22 23 m += *syz.x; // expected-warning{{Dereference of null pointer (loaded from field 'x')}} 24 // expected-note@-1{{Dereference of null pointer (loaded from field 'x')}} 25} 26 27// CHECK: <key>diagnostics</key> 28// CHECK-NEXT: <array> 29// CHECK-NEXT: <dict> 30// CHECK-NEXT: <key>path</key> 31// CHECK-NEXT: <array> 32// CHECK-NEXT: <dict> 33// CHECK-NEXT: <key>kind</key><string>control</string> 34// CHECK-NEXT: <key>edges</key> 35// CHECK-NEXT: <array> 36// CHECK-NEXT: <dict> 37// CHECK-NEXT: <key>start</key> 38// CHECK-NEXT: <array> 39// CHECK-NEXT: <dict> 40// CHECK-NEXT: <key>line</key><integer>13</integer> 41// CHECK-NEXT: <key>col</key><integer>3</integer> 42// CHECK-NEXT: <key>file</key><integer>0</integer> 43// CHECK-NEXT: </dict> 44// CHECK-NEXT: <dict> 45// CHECK-NEXT: <key>line</key><integer>13</integer> 46// CHECK-NEXT: <key>col</key><integer>5</integer> 47// CHECK-NEXT: <key>file</key><integer>0</integer> 48// CHECK-NEXT: </dict> 49// CHECK-NEXT: </array> 50// CHECK-NEXT: <key>end</key> 51// CHECK-NEXT: <array> 52// CHECK-NEXT: <dict> 53// CHECK-NEXT: <key>line</key><integer>14</integer> 54// CHECK-NEXT: <key>col</key><integer>3</integer> 55// CHECK-NEXT: <key>file</key><integer>0</integer> 56// CHECK-NEXT: </dict> 57// CHECK-NEXT: <dict> 58// CHECK-NEXT: <key>line</key><integer>14</integer> 59// CHECK-NEXT: <key>col</key><integer>5</integer> 60// CHECK-NEXT: <key>file</key><integer>0</integer> 61// CHECK-NEXT: </dict> 62// CHECK-NEXT: </array> 63// CHECK-NEXT: </dict> 64// CHECK-NEXT: </array> 65// CHECK-NEXT: </dict> 66// CHECK-NEXT: <dict> 67// CHECK-NEXT: <key>kind</key><string>event</string> 68// CHECK-NEXT: <key>location</key> 69// CHECK-NEXT: <dict> 70// CHECK-NEXT: <key>line</key><integer>14</integer> 71// CHECK-NEXT: <key>col</key><integer>3</integer> 72// CHECK-NEXT: <key>file</key><integer>0</integer> 73// CHECK-NEXT: </dict> 74// CHECK-NEXT: <key>ranges</key> 75// CHECK-NEXT: <array> 76// CHECK-NEXT: <array> 77// CHECK-NEXT: <dict> 78// CHECK-NEXT: <key>line</key><integer>14</integer> 79// CHECK-NEXT: <key>col</key><integer>3</integer> 80// CHECK-NEXT: <key>file</key><integer>0</integer> 81// CHECK-NEXT: </dict> 82// CHECK-NEXT: <dict> 83// CHECK-NEXT: <key>line</key><integer>14</integer> 84// CHECK-NEXT: <key>col</key><integer>15</integer> 85// CHECK-NEXT: <key>file</key><integer>0</integer> 86// CHECK-NEXT: </dict> 87// CHECK-NEXT: </array> 88// CHECK-NEXT: </array> 89// CHECK-NEXT: <key>depth</key><integer>0</integer> 90// CHECK-NEXT: <key>extended_message</key> 91// CHECK-NEXT: <string>Value assigned to 'syz.x'</string> 92// CHECK-NEXT: <key>message</key> 93// CHECK-NEXT: <string>Value assigned to 'syz.x'</string> 94// CHECK-NEXT: </dict> 95// CHECK-NEXT: <dict> 96// CHECK-NEXT: <key>kind</key><string>control</string> 97// CHECK-NEXT: <key>edges</key> 98// CHECK-NEXT: <array> 99// CHECK-NEXT: <dict> 100// CHECK-NEXT: <key>start</key> 101// CHECK-NEXT: <array> 102// CHECK-NEXT: <dict> 103// CHECK-NEXT: <key>line</key><integer>14</integer> 104// CHECK-NEXT: <key>col</key><integer>3</integer> 105// CHECK-NEXT: <key>file</key><integer>0</integer> 106// CHECK-NEXT: </dict> 107// CHECK-NEXT: <dict> 108// CHECK-NEXT: <key>line</key><integer>14</integer> 109// CHECK-NEXT: <key>col</key><integer>5</integer> 110// CHECK-NEXT: <key>file</key><integer>0</integer> 111// CHECK-NEXT: </dict> 112// CHECK-NEXT: </array> 113// CHECK-NEXT: <key>end</key> 114// CHECK-NEXT: <array> 115// CHECK-NEXT: <dict> 116// CHECK-NEXT: <key>line</key><integer>17</integer> 117// CHECK-NEXT: <key>col</key><integer>3</integer> 118// CHECK-NEXT: <key>file</key><integer>0</integer> 119// CHECK-NEXT: </dict> 120// CHECK-NEXT: <dict> 121// CHECK-NEXT: <key>line</key><integer>17</integer> 122// CHECK-NEXT: <key>col</key><integer>4</integer> 123// CHECK-NEXT: <key>file</key><integer>0</integer> 124// CHECK-NEXT: </dict> 125// CHECK-NEXT: </array> 126// CHECK-NEXT: </dict> 127// CHECK-NEXT: </array> 128// CHECK-NEXT: </dict> 129// CHECK-NEXT: <dict> 130// CHECK-NEXT: <key>kind</key><string>control</string> 131// CHECK-NEXT: <key>edges</key> 132// CHECK-NEXT: <array> 133// CHECK-NEXT: <dict> 134// CHECK-NEXT: <key>start</key> 135// CHECK-NEXT: <array> 136// CHECK-NEXT: <dict> 137// CHECK-NEXT: <key>line</key><integer>17</integer> 138// CHECK-NEXT: <key>col</key><integer>3</integer> 139// CHECK-NEXT: <key>file</key><integer>0</integer> 140// CHECK-NEXT: </dict> 141// CHECK-NEXT: <dict> 142// CHECK-NEXT: <key>line</key><integer>17</integer> 143// CHECK-NEXT: <key>col</key><integer>4</integer> 144// CHECK-NEXT: <key>file</key><integer>0</integer> 145// CHECK-NEXT: </dict> 146// CHECK-NEXT: </array> 147// CHECK-NEXT: <key>end</key> 148// CHECK-NEXT: <array> 149// CHECK-NEXT: <dict> 150// CHECK-NEXT: <key>line</key><integer>17</integer> 151// CHECK-NEXT: <key>col</key><integer>7</integer> 152// CHECK-NEXT: <key>file</key><integer>0</integer> 153// CHECK-NEXT: </dict> 154// CHECK-NEXT: <dict> 155// CHECK-NEXT: <key>line</key><integer>17</integer> 156// CHECK-NEXT: <key>col</key><integer>8</integer> 157// CHECK-NEXT: <key>file</key><integer>0</integer> 158// CHECK-NEXT: </dict> 159// CHECK-NEXT: </array> 160// CHECK-NEXT: </dict> 161// CHECK-NEXT: </array> 162// CHECK-NEXT: </dict> 163// CHECK-NEXT: <dict> 164// CHECK-NEXT: <key>kind</key><string>event</string> 165// CHECK-NEXT: <key>location</key> 166// CHECK-NEXT: <dict> 167// CHECK-NEXT: <key>line</key><integer>17</integer> 168// CHECK-NEXT: <key>col</key><integer>7</integer> 169// CHECK-NEXT: <key>file</key><integer>0</integer> 170// CHECK-NEXT: </dict> 171// CHECK-NEXT: <key>ranges</key> 172// CHECK-NEXT: <array> 173// CHECK-NEXT: <array> 174// CHECK-NEXT: <dict> 175// CHECK-NEXT: <key>line</key><integer>17</integer> 176// CHECK-NEXT: <key>col</key><integer>7</integer> 177// CHECK-NEXT: <key>file</key><integer>0</integer> 178// CHECK-NEXT: </dict> 179// CHECK-NEXT: <dict> 180// CHECK-NEXT: <key>line</key><integer>17</integer> 181// CHECK-NEXT: <key>col</key><integer>11</integer> 182// CHECK-NEXT: <key>file</key><integer>0</integer> 183// CHECK-NEXT: </dict> 184// CHECK-NEXT: </array> 185// CHECK-NEXT: </array> 186// CHECK-NEXT: <key>depth</key><integer>0</integer> 187// CHECK-NEXT: <key>extended_message</key> 188// CHECK-NEXT: <string>Assuming pointer value is null</string> 189// CHECK-NEXT: <key>message</key> 190// CHECK-NEXT: <string>Assuming pointer value is null</string> 191// CHECK-NEXT: </dict> 192// CHECK-NEXT: <dict> 193// CHECK-NEXT: <key>kind</key><string>control</string> 194// CHECK-NEXT: <key>edges</key> 195// CHECK-NEXT: <array> 196// CHECK-NEXT: <dict> 197// CHECK-NEXT: <key>start</key> 198// CHECK-NEXT: <array> 199// CHECK-NEXT: <dict> 200// CHECK-NEXT: <key>line</key><integer>17</integer> 201// CHECK-NEXT: <key>col</key><integer>7</integer> 202// CHECK-NEXT: <key>file</key><integer>0</integer> 203// CHECK-NEXT: </dict> 204// CHECK-NEXT: <dict> 205// CHECK-NEXT: <key>line</key><integer>17</integer> 206// CHECK-NEXT: <key>col</key><integer>8</integer> 207// CHECK-NEXT: <key>file</key><integer>0</integer> 208// CHECK-NEXT: </dict> 209// CHECK-NEXT: </array> 210// CHECK-NEXT: <key>end</key> 211// CHECK-NEXT: <array> 212// CHECK-NEXT: <dict> 213// CHECK-NEXT: <key>line</key><integer>23</integer> 214// CHECK-NEXT: <key>col</key><integer>3</integer> 215// CHECK-NEXT: <key>file</key><integer>0</integer> 216// CHECK-NEXT: </dict> 217// CHECK-NEXT: <dict> 218// CHECK-NEXT: <key>line</key><integer>23</integer> 219// CHECK-NEXT: <key>col</key><integer>3</integer> 220// CHECK-NEXT: <key>file</key><integer>0</integer> 221// CHECK-NEXT: </dict> 222// CHECK-NEXT: </array> 223// CHECK-NEXT: </dict> 224// CHECK-NEXT: </array> 225// CHECK-NEXT: </dict> 226// CHECK-NEXT: <dict> 227// CHECK-NEXT: <key>kind</key><string>control</string> 228// CHECK-NEXT: <key>edges</key> 229// CHECK-NEXT: <array> 230// CHECK-NEXT: <dict> 231// CHECK-NEXT: <key>start</key> 232// CHECK-NEXT: <array> 233// CHECK-NEXT: <dict> 234// CHECK-NEXT: <key>line</key><integer>23</integer> 235// CHECK-NEXT: <key>col</key><integer>3</integer> 236// CHECK-NEXT: <key>file</key><integer>0</integer> 237// CHECK-NEXT: </dict> 238// CHECK-NEXT: <dict> 239// CHECK-NEXT: <key>line</key><integer>23</integer> 240// CHECK-NEXT: <key>col</key><integer>3</integer> 241// CHECK-NEXT: <key>file</key><integer>0</integer> 242// CHECK-NEXT: </dict> 243// CHECK-NEXT: </array> 244// CHECK-NEXT: <key>end</key> 245// CHECK-NEXT: <array> 246// CHECK-NEXT: <dict> 247// CHECK-NEXT: <key>line</key><integer>23</integer> 248// CHECK-NEXT: <key>col</key><integer>8</integer> 249// CHECK-NEXT: <key>file</key><integer>0</integer> 250// CHECK-NEXT: </dict> 251// CHECK-NEXT: <dict> 252// CHECK-NEXT: <key>line</key><integer>23</integer> 253// CHECK-NEXT: <key>col</key><integer>8</integer> 254// CHECK-NEXT: <key>file</key><integer>0</integer> 255// CHECK-NEXT: </dict> 256// CHECK-NEXT: </array> 257// CHECK-NEXT: </dict> 258// CHECK-NEXT: </array> 259// CHECK-NEXT: </dict> 260// CHECK-NEXT: <dict> 261// CHECK-NEXT: <key>kind</key><string>event</string> 262// CHECK-NEXT: <key>location</key> 263// CHECK-NEXT: <dict> 264// CHECK-NEXT: <key>line</key><integer>23</integer> 265// CHECK-NEXT: <key>col</key><integer>8</integer> 266// CHECK-NEXT: <key>file</key><integer>0</integer> 267// CHECK-NEXT: </dict> 268// CHECK-NEXT: <key>ranges</key> 269// CHECK-NEXT: <array> 270// CHECK-NEXT: <array> 271// CHECK-NEXT: <dict> 272// CHECK-NEXT: <key>line</key><integer>23</integer> 273// CHECK-NEXT: <key>col</key><integer>13</integer> 274// CHECK-NEXT: <key>file</key><integer>0</integer> 275// CHECK-NEXT: </dict> 276// CHECK-NEXT: <dict> 277// CHECK-NEXT: <key>line</key><integer>23</integer> 278// CHECK-NEXT: <key>col</key><integer>13</integer> 279// CHECK-NEXT: <key>file</key><integer>0</integer> 280// CHECK-NEXT: </dict> 281// CHECK-NEXT: </array> 282// CHECK-NEXT: </array> 283// CHECK-NEXT: <key>depth</key><integer>0</integer> 284// CHECK-NEXT: <key>extended_message</key> 285// CHECK-NEXT: <string>Dereference of null pointer (loaded from field 'x')</string> 286// CHECK-NEXT: <key>message</key> 287// CHECK-NEXT: <string>Dereference of null pointer (loaded from field 'x')</string> 288// CHECK-NEXT: </dict> 289// CHECK-NEXT: </array> 290// CHECK-NEXT: <key>description</key><string>Dereference of null pointer (loaded from field 'x')</string> 291// CHECK-NEXT: <key>category</key><string>Logic error</string> 292// CHECK-NEXT: <key>type</key><string>Dereference of null pointer</string> 293// CHECK-NEXT: <key>issue_context_kind</key><string>function</string> 294// CHECK-NEXT: <key>issue_context</key><string>test</string> 295// CHECK-NEXT: <key>issue_hash</key><string>11</string> 296// CHECK-NEXT: <key>location</key> 297// CHECK-NEXT: <dict> 298// CHECK-NEXT: <key>line</key><integer>23</integer> 299// CHECK-NEXT: <key>col</key><integer>8</integer> 300// CHECK-NEXT: <key>file</key><integer>0</integer> 301// CHECK-NEXT: </dict> 302// CHECK-NEXT: </dict> 303// CHECK-NEXT: </array> 304// CHECK-NEXT: </dict> 305// CHECK-NEXT: </plist> 306