misc-ps-region-store.m revision 60fbe8f79838bff41fe9f5ed506ea9bc89d5d1df
1// RUN: clang-cc -analyze -checker-cfref --analyzer-store=region --verify -fblocks %s 2 3typedef struct objc_selector *SEL; 4typedef signed char BOOL; 5typedef int NSInteger; 6typedef unsigned int NSUInteger; 7typedef struct _NSZone NSZone; 8@class NSInvocation, NSMethodSignature, NSCoder, NSString, NSEnumerator; 9@protocol NSObject - (BOOL)isEqual:(id)object; @end 10@protocol NSCopying - (id)copyWithZone:(NSZone *)zone; @end 11@protocol NSMutableCopying - (id)mutableCopyWithZone:(NSZone *)zone; @end 12@protocol NSCoding - (void)encodeWithCoder:(NSCoder *)aCoder; @end 13@interface NSObject <NSObject> {} - (id)init; @end 14extern id NSAllocateObject(Class aClass, NSUInteger extraBytes, NSZone *zone); 15@interface NSString : NSObject <NSCopying, NSMutableCopying, NSCoding> 16- (NSUInteger)length; 17+ (id)stringWithUTF8String:(const char *)nullTerminatedCString; 18@end extern NSString * const NSBundleDidLoadNotification; 19@interface NSAssertionHandler : NSObject {} 20+ (NSAssertionHandler *)currentHandler; 21- (void)handleFailureInMethod:(SEL)selector object:(id)object file:(NSString *)fileName lineNumber:(NSInteger)line description:(NSString *)format,...; 22@end 23extern NSString * const NSConnectionReplyMode; 24 25 26//--------------------------------------------------------------------------- 27// Test case 'checkaccess_union' differs for region store and basic store. 28// The basic store doesn't reason about compound literals, so the code 29// below won't fire an "uninitialized value" warning. 30//--------------------------------------------------------------------------- 31 32// PR 2948 (testcase; crash on VisitLValue for union types) 33// http://llvm.org/bugs/show_bug.cgi?id=2948 34 35void checkaccess_union() { 36 int ret = 0, status; 37 if (((((__extension__ (((union { // expected-warning {{ Branch condition evaluates to an uninitialized value.}} 38 __typeof (status) __in; int __i;} 39 ) 40 { 41 .__in = (status)} 42 ).__i))) & 0xff00) >> 8) == 1) 43 ret = 1; 44} 45 46 47// Check our handling of fields being invalidated by function calls. 48struct test2_struct { int x; int y; char* s; }; 49void test2_helper(struct test2_struct* p); 50 51char test2() { 52 struct test2_struct s; 53 test2_help(&s); 54 char *p = 0; 55 56 if (s.x > 1) { 57 if (s.s != 0) { 58 p = "hello"; 59 } 60 } 61 62 if (s.x > 1) { 63 if (s.s != 0) { 64 return *p; 65 } 66 } 67 68 return 'a'; 69} 70 71// BasicStore handles this case incorrectly because it doesn't reason about 72// the value pointed to by 'x' and thus creates different symbolic values 73// at the declarations of 'a' and 'b' respectively. RegionStore handles 74// it correctly. See the companion test in 'misc-ps-basic-store.m'. 75void test_trivial_symbolic_comparison_pointer_parameter(int *x) { 76 int a = *x; 77 int b = *x; 78 if (a != b) { 79 int *p = 0; 80 *p = 0xDEADBEEF; // no-warning 81 } 82} 83 84// This is a modified test from 'misc-ps.m'. Here we have the extra 85// NULL dereferences which are pruned out by RegionStore's symbolic reasoning 86// of fields. 87typedef struct _BStruct { void *grue; } BStruct; 88void testB_aux(void *ptr); 89void testB(BStruct *b) { 90 { 91 int *__gruep__ = ((int *)&((b)->grue)); 92 int __gruev__ = *__gruep__; 93 int __gruev2__ = *__gruep__; 94 if (__gruev__ != __gruev2__) { 95 int *p = 0; 96 *p = 0xDEADBEEF; 97 } 98 99 testB_aux(__gruep__); 100 } 101 { 102 int *__gruep__ = ((int *)&((b)->grue)); 103 int __gruev__ = *__gruep__; 104 int __gruev2__ = *__gruep__; 105 if (__gruev__ != __gruev2__) { 106 int *p = 0; 107 *p = 0xDEADBEEF; 108 } 109 110 if (~0 != __gruev__) {} 111 } 112} 113 114void testB_2(BStruct *b) { 115 { 116 int **__gruep__ = ((int **)&((b)->grue)); 117 int *__gruev__ = *__gruep__; 118 testB_aux(__gruep__); 119 } 120 { 121 int **__gruep__ = ((int **)&((b)->grue)); 122 int *__gruev__ = *__gruep__; 123 if ((int*)~0 != __gruev__) {} 124 } 125} 126