reference.cpp revision 86f1745be24c834175e7a8a51b12f9a0063d532e
1// RUN: %clang_cc1 -analyze -analyzer-checker=core,alpha.core,debug.ExprInspection -analyzer-store=region -analyzer-constraints=range -verify -Wno-null-dereference %s 2 3void clang_analyzer_eval(bool); 4 5typedef typeof(sizeof(int)) size_t; 6void malloc (size_t); 7 8void f1() { 9 int const &i = 3; 10 int b = i; 11 12 int *p = 0; 13 14 if (b != 3) 15 *p = 1; // no-warning 16} 17 18char* ptr(); 19char& ref(); 20 21// These next two tests just shouldn't crash. 22char t1 () { 23 ref() = 'c'; 24 return '0'; 25} 26 27// just a sanity test, the same behavior as t1() 28char t2 () { 29 *ptr() = 'c'; 30 return '0'; 31} 32 33// Each of the tests below is repeated with pointers as well as references. 34// This is mostly a sanity check, but then again, both should work! 35char t3 () { 36 char& r = ref(); 37 r = 'c'; // no-warning 38 if (r) return r; 39 return *(char*)0; // no-warning 40} 41 42char t4 () { 43 char* p = ptr(); 44 *p = 'c'; // no-warning 45 if (*p) return *p; 46 return *(char*)0; // no-warning 47} 48 49char t5 (char& r) { 50 r = 'c'; // no-warning 51 if (r) return r; 52 return *(char*)0; // no-warning 53} 54 55char t6 (char* p) { 56 *p = 'c'; // no-warning 57 if (*p) return *p; 58 return *(char*)0; // no-warning 59} 60 61 62// PR13440 / <rdar://problem/11977113> 63// Test that the array-to-pointer decay works for array references as well. 64// More generally, when we want an lvalue for a reference field, we still need 65// to do one level of load. 66namespace PR13440 { 67 typedef int T[1]; 68 struct S { 69 T &x; 70 71 int *m() { return x; } 72 }; 73 74 struct S2 { 75 int (&x)[1]; 76 77 int *m() { return x; } 78 }; 79 80 void test() { 81 int a[1]; 82 S s = { a }; 83 S2 s2 = { a }; 84 85 if (s.x != a) return; 86 if (s2.x != a) return; 87 88 a[0] = 42; 89 clang_analyzer_eval(s.x[0] == 42); // expected-warning{{TRUE}} 90 clang_analyzer_eval(s2.x[0] == 42); // expected-warning{{TRUE}} 91 } 92} 93 94void testNullReference() { 95 int *x = 0; 96 int &y = *x; // expected-warning{{Dereference of null pointer}} 97 y = 5; 98} 99 100void testRetroactiveNullReference(int *x) { 101 // According to the C++ standard, there is no such thing as a 102 // "null reference". So the 'if' statement ought to be dead code. 103 // However, Clang (and other compilers) don't actually check that a pointer 104 // value is non-null in the implementation of references, so it is possible 105 // to produce a supposed "null reference" at runtime. The analyzer should 106 // still warn when it can prove such errors. 107 int &y = *x; 108 if (x != 0) 109 return; 110 y = 5; // expected-warning{{Dereference of null pointer}} 111} 112 113void testReferenceAddress(int &x) { 114 clang_analyzer_eval(&x != 0); // expected-warning{{TRUE}} 115 clang_analyzer_eval(&ref() != 0); // expected-warning{{TRUE}} 116 117 struct S { int &x; }; 118 119 extern S getS(); 120 clang_analyzer_eval(&getS().x != 0); // expected-warning{{TRUE}} 121 122 extern S *getSP(); 123 clang_analyzer_eval(&getSP()->x != 0); // expected-warning{{TRUE}} 124} 125 126 127void testFunctionPointerReturn(void *opaque) { 128 typedef int &(*RefFn)(); 129 130 RefFn getRef = (RefFn)opaque; 131 132 // Don't crash writing to or reading from this reference. 133 int &x = getRef(); 134 x = 42; 135 clang_analyzer_eval(x == 42); // expected-warning{{TRUE}} 136} 137 138int &testReturnNullReference() { 139 int *x = 0; 140 return *x; // expected-warning{{Returning null reference}} 141} 142 143char &refFromPointer() { 144 return *ptr(); 145} 146 147void testReturnReference() { 148 clang_analyzer_eval(ptr() == 0); // expected-warning{{UNKNOWN}} 149 clang_analyzer_eval(&refFromPointer() == 0); // expected-warning{{FALSE}} 150} 151 152void intRefParam(int &r) { 153 ; 154} 155 156void test(int *ptr) { 157 clang_analyzer_eval(ptr == 0); // expected-warning{{UNKNOWN}} 158 159 extern void use(int &ref); 160 use(*ptr); 161 162 clang_analyzer_eval(ptr == 0); // expected-warning{{FALSE}} 163} 164 165void testIntRefParam() { 166 int i = 0; 167 intRefParam(i); // no-warning 168} 169 170int refParam(int &byteIndex) { 171 return byteIndex; 172} 173 174void testRefParam(int *p) { 175 if (p) 176 ; 177 refParam(*p); // expected-warning {{Forming reference to null pointer}} 178} 179 180int ptrRefParam(int *&byteIndex) { 181 return *byteIndex; // expected-warning {{Dereference of null pointer}} 182} 183void testRefParam2() { 184 int *p = 0; 185 int *&rp = p; 186 ptrRefParam(rp); 187} 188 189int *maybeNull() { 190 extern bool coin(); 191 static int x; 192 return coin() ? &x : 0; 193} 194 195void use(int &x) { 196 x = 1; // no-warning 197} 198 199void testSuppression() { 200 use(*maybeNull()); 201} 202 203namespace rdar11212286 { 204 class B{}; 205 206 B test() { 207 B *x = 0; 208 return *x; // expected-warning {{Forming reference to null pointer}} 209 } 210 211 B testif(B *x) { 212 if (x) 213 ; 214 return *x; // expected-warning {{Forming reference to null pointer}} 215 } 216 217 void idc(B *x) { 218 if (x) 219 ; 220 } 221 222 B testidc(B *x) { 223 idc(x); 224 return *x; // no-warning 225 } 226} 227 228namespace PR15694 { 229 class C { 230 bool bit : 1; 231 template <class T> void bar(const T &obj) {} 232 void foo() { 233 bar(bit); // don't crash 234 } 235 }; 236} 237