deref-track-symbolic-region.c revision 43b82b823a6113fdbee54243b280db9c55ef72cb
1// RUN: %clang_cc1 -analyze -analyzer-checker=core -analyzer-output=text -verify %s 2// RUN: %clang_cc1 -analyze -analyzer-checker=core -analyzer-output=plist-multi-file %s -o %t.plist 3// RUN: FileCheck --input-file=%t.plist %s 4 5struct S { 6 int *x; 7 int y; 8}; 9 10int *foo(); 11 12void inlined(struct S *s, int m) { 13 if (s->x) 14 //expected-note@-1{{Taking false branch}} 15 //expected-note@-2{{Assuming pointer value is null}} 16 17 m++; 18 19} 20void test(struct S syz, int *pp) { 21 int m = 0; 22 syz.x = foo(); // expected-note{{Value assigned to 'syz.x'}} 23 inlined(&syz, m); 24 // expected-note@-1{{Calling 'inlined'}} 25 // expected-note@-2{{Returning from 'inlined'}} 26 m += *syz.x; // expected-warning{{Dereference of null pointer (loaded from field 'x')}} 27 // expected-note@-1{{Dereference of null pointer (loaded from field 'x')}} 28} 29 30// CHECK: <key>diagnostics</key> 31// CHECK-NEXT: <array> 32// CHECK-NEXT: <dict> 33// CHECK-NEXT: <key>path</key> 34// CHECK-NEXT: <array> 35// CHECK-NEXT: <dict> 36// CHECK-NEXT: <key>kind</key><string>control</string> 37// CHECK-NEXT: <key>edges</key> 38// CHECK-NEXT: <array> 39// CHECK-NEXT: <dict> 40// CHECK-NEXT: <key>start</key> 41// CHECK-NEXT: <array> 42// CHECK-NEXT: <dict> 43// CHECK-NEXT: <key>line</key><integer>21</integer> 44// CHECK-NEXT: <key>col</key><integer>3</integer> 45// CHECK-NEXT: <key>file</key><integer>0</integer> 46// CHECK-NEXT: </dict> 47// CHECK-NEXT: <dict> 48// CHECK-NEXT: <key>line</key><integer>21</integer> 49// CHECK-NEXT: <key>col</key><integer>5</integer> 50// CHECK-NEXT: <key>file</key><integer>0</integer> 51// CHECK-NEXT: </dict> 52// CHECK-NEXT: </array> 53// CHECK-NEXT: <key>end</key> 54// CHECK-NEXT: <array> 55// CHECK-NEXT: <dict> 56// CHECK-NEXT: <key>line</key><integer>22</integer> 57// CHECK-NEXT: <key>col</key><integer>3</integer> 58// CHECK-NEXT: <key>file</key><integer>0</integer> 59// CHECK-NEXT: </dict> 60// CHECK-NEXT: <dict> 61// CHECK-NEXT: <key>line</key><integer>22</integer> 62// CHECK-NEXT: <key>col</key><integer>5</integer> 63// CHECK-NEXT: <key>file</key><integer>0</integer> 64// CHECK-NEXT: </dict> 65// CHECK-NEXT: </array> 66// CHECK-NEXT: </dict> 67// CHECK-NEXT: </array> 68// CHECK-NEXT: </dict> 69// CHECK-NEXT: <dict> 70// CHECK-NEXT: <key>kind</key><string>event</string> 71// CHECK-NEXT: <key>location</key> 72// CHECK-NEXT: <dict> 73// CHECK-NEXT: <key>line</key><integer>22</integer> 74// CHECK-NEXT: <key>col</key><integer>3</integer> 75// CHECK-NEXT: <key>file</key><integer>0</integer> 76// CHECK-NEXT: </dict> 77// CHECK-NEXT: <key>ranges</key> 78// CHECK-NEXT: <array> 79// CHECK-NEXT: <array> 80// CHECK-NEXT: <dict> 81// CHECK-NEXT: <key>line</key><integer>22</integer> 82// CHECK-NEXT: <key>col</key><integer>3</integer> 83// CHECK-NEXT: <key>file</key><integer>0</integer> 84// CHECK-NEXT: </dict> 85// CHECK-NEXT: <dict> 86// CHECK-NEXT: <key>line</key><integer>22</integer> 87// CHECK-NEXT: <key>col</key><integer>15</integer> 88// CHECK-NEXT: <key>file</key><integer>0</integer> 89// CHECK-NEXT: </dict> 90// CHECK-NEXT: </array> 91// CHECK-NEXT: </array> 92// CHECK-NEXT: <key>depth</key><integer>0</integer> 93// CHECK-NEXT: <key>extended_message</key> 94// CHECK-NEXT: <string>Value assigned to 'syz.x'</string> 95// CHECK-NEXT: <key>message</key> 96// CHECK-NEXT: <string>Value assigned to 'syz.x'</string> 97// CHECK-NEXT: </dict> 98// CHECK-NEXT: <dict> 99// CHECK-NEXT: <key>kind</key><string>control</string> 100// CHECK-NEXT: <key>edges</key> 101// CHECK-NEXT: <array> 102// CHECK-NEXT: <dict> 103// CHECK-NEXT: <key>start</key> 104// CHECK-NEXT: <array> 105// CHECK-NEXT: <dict> 106// CHECK-NEXT: <key>line</key><integer>22</integer> 107// CHECK-NEXT: <key>col</key><integer>3</integer> 108// CHECK-NEXT: <key>file</key><integer>0</integer> 109// CHECK-NEXT: </dict> 110// CHECK-NEXT: <dict> 111// CHECK-NEXT: <key>line</key><integer>22</integer> 112// CHECK-NEXT: <key>col</key><integer>5</integer> 113// CHECK-NEXT: <key>file</key><integer>0</integer> 114// CHECK-NEXT: </dict> 115// CHECK-NEXT: </array> 116// CHECK-NEXT: <key>end</key> 117// CHECK-NEXT: <array> 118// CHECK-NEXT: <dict> 119// CHECK-NEXT: <key>line</key><integer>23</integer> 120// CHECK-NEXT: <key>col</key><integer>3</integer> 121// CHECK-NEXT: <key>file</key><integer>0</integer> 122// CHECK-NEXT: </dict> 123// CHECK-NEXT: <dict> 124// CHECK-NEXT: <key>line</key><integer>23</integer> 125// CHECK-NEXT: <key>col</key><integer>9</integer> 126// CHECK-NEXT: <key>file</key><integer>0</integer> 127// CHECK-NEXT: </dict> 128// CHECK-NEXT: </array> 129// CHECK-NEXT: </dict> 130// CHECK-NEXT: </array> 131// CHECK-NEXT: </dict> 132// CHECK-NEXT: <dict> 133// CHECK-NEXT: <key>kind</key><string>event</string> 134// CHECK-NEXT: <key>location</key> 135// CHECK-NEXT: <dict> 136// CHECK-NEXT: <key>line</key><integer>23</integer> 137// CHECK-NEXT: <key>col</key><integer>3</integer> 138// CHECK-NEXT: <key>file</key><integer>0</integer> 139// CHECK-NEXT: </dict> 140// CHECK-NEXT: <key>ranges</key> 141// CHECK-NEXT: <array> 142// CHECK-NEXT: <array> 143// CHECK-NEXT: <dict> 144// CHECK-NEXT: <key>line</key><integer>23</integer> 145// CHECK-NEXT: <key>col</key><integer>3</integer> 146// CHECK-NEXT: <key>file</key><integer>0</integer> 147// CHECK-NEXT: </dict> 148// CHECK-NEXT: <dict> 149// CHECK-NEXT: <key>line</key><integer>23</integer> 150// CHECK-NEXT: <key>col</key><integer>18</integer> 151// CHECK-NEXT: <key>file</key><integer>0</integer> 152// CHECK-NEXT: </dict> 153// CHECK-NEXT: </array> 154// CHECK-NEXT: </array> 155// CHECK-NEXT: <key>depth</key><integer>0</integer> 156// CHECK-NEXT: <key>extended_message</key> 157// CHECK-NEXT: <string>Calling 'inlined'</string> 158// CHECK-NEXT: <key>message</key> 159// CHECK-NEXT: <string>Calling 'inlined'</string> 160// CHECK-NEXT: </dict> 161// CHECK-NEXT: <dict> 162// CHECK-NEXT: <key>kind</key><string>event</string> 163// CHECK-NEXT: <key>location</key> 164// CHECK-NEXT: <dict> 165// CHECK-NEXT: <key>line</key><integer>12</integer> 166// CHECK-NEXT: <key>col</key><integer>1</integer> 167// CHECK-NEXT: <key>file</key><integer>0</integer> 168// CHECK-NEXT: </dict> 169// CHECK-NEXT: <key>depth</key><integer>1</integer> 170// CHECK-NEXT: <key>extended_message</key> 171// CHECK-NEXT: <string>Entered call from 'test'</string> 172// CHECK-NEXT: <key>message</key> 173// CHECK-NEXT: <string>Entered call from 'test'</string> 174// CHECK-NEXT: </dict> 175// CHECK-NEXT: <dict> 176// CHECK-NEXT: <key>kind</key><string>control</string> 177// CHECK-NEXT: <key>edges</key> 178// CHECK-NEXT: <array> 179// CHECK-NEXT: <dict> 180// CHECK-NEXT: <key>start</key> 181// CHECK-NEXT: <array> 182// CHECK-NEXT: <dict> 183// CHECK-NEXT: <key>line</key><integer>12</integer> 184// CHECK-NEXT: <key>col</key><integer>1</integer> 185// CHECK-NEXT: <key>file</key><integer>0</integer> 186// CHECK-NEXT: </dict> 187// CHECK-NEXT: <dict> 188// CHECK-NEXT: <key>line</key><integer>12</integer> 189// CHECK-NEXT: <key>col</key><integer>4</integer> 190// CHECK-NEXT: <key>file</key><integer>0</integer> 191// CHECK-NEXT: </dict> 192// CHECK-NEXT: </array> 193// CHECK-NEXT: <key>end</key> 194// CHECK-NEXT: <array> 195// CHECK-NEXT: <dict> 196// CHECK-NEXT: <key>line</key><integer>13</integer> 197// CHECK-NEXT: <key>col</key><integer>3</integer> 198// CHECK-NEXT: <key>file</key><integer>0</integer> 199// CHECK-NEXT: </dict> 200// CHECK-NEXT: <dict> 201// CHECK-NEXT: <key>line</key><integer>13</integer> 202// CHECK-NEXT: <key>col</key><integer>4</integer> 203// CHECK-NEXT: <key>file</key><integer>0</integer> 204// CHECK-NEXT: </dict> 205// CHECK-NEXT: </array> 206// CHECK-NEXT: </dict> 207// CHECK-NEXT: </array> 208// CHECK-NEXT: </dict> 209// CHECK-NEXT: <dict> 210// CHECK-NEXT: <key>kind</key><string>control</string> 211// CHECK-NEXT: <key>edges</key> 212// CHECK-NEXT: <array> 213// CHECK-NEXT: <dict> 214// CHECK-NEXT: <key>start</key> 215// CHECK-NEXT: <array> 216// CHECK-NEXT: <dict> 217// CHECK-NEXT: <key>line</key><integer>13</integer> 218// CHECK-NEXT: <key>col</key><integer>3</integer> 219// CHECK-NEXT: <key>file</key><integer>0</integer> 220// CHECK-NEXT: </dict> 221// CHECK-NEXT: <dict> 222// CHECK-NEXT: <key>line</key><integer>13</integer> 223// CHECK-NEXT: <key>col</key><integer>4</integer> 224// CHECK-NEXT: <key>file</key><integer>0</integer> 225// CHECK-NEXT: </dict> 226// CHECK-NEXT: </array> 227// CHECK-NEXT: <key>end</key> 228// CHECK-NEXT: <array> 229// CHECK-NEXT: <dict> 230// CHECK-NEXT: <key>line</key><integer>13</integer> 231// CHECK-NEXT: <key>col</key><integer>7</integer> 232// CHECK-NEXT: <key>file</key><integer>0</integer> 233// CHECK-NEXT: </dict> 234// CHECK-NEXT: <dict> 235// CHECK-NEXT: <key>line</key><integer>13</integer> 236// CHECK-NEXT: <key>col</key><integer>7</integer> 237// CHECK-NEXT: <key>file</key><integer>0</integer> 238// CHECK-NEXT: </dict> 239// CHECK-NEXT: </array> 240// CHECK-NEXT: </dict> 241// CHECK-NEXT: </array> 242// CHECK-NEXT: </dict> 243// CHECK-NEXT: <dict> 244// CHECK-NEXT: <key>kind</key><string>event</string> 245// CHECK-NEXT: <key>location</key> 246// CHECK-NEXT: <dict> 247// CHECK-NEXT: <key>line</key><integer>13</integer> 248// CHECK-NEXT: <key>col</key><integer>7</integer> 249// CHECK-NEXT: <key>file</key><integer>0</integer> 250// CHECK-NEXT: </dict> 251// CHECK-NEXT: <key>ranges</key> 252// CHECK-NEXT: <array> 253// CHECK-NEXT: <array> 254// CHECK-NEXT: <dict> 255// CHECK-NEXT: <key>line</key><integer>13</integer> 256// CHECK-NEXT: <key>col</key><integer>7</integer> 257// CHECK-NEXT: <key>file</key><integer>0</integer> 258// CHECK-NEXT: </dict> 259// CHECK-NEXT: <dict> 260// CHECK-NEXT: <key>line</key><integer>13</integer> 261// CHECK-NEXT: <key>col</key><integer>10</integer> 262// CHECK-NEXT: <key>file</key><integer>0</integer> 263// CHECK-NEXT: </dict> 264// CHECK-NEXT: </array> 265// CHECK-NEXT: </array> 266// CHECK-NEXT: <key>depth</key><integer>1</integer> 267// CHECK-NEXT: <key>extended_message</key> 268// CHECK-NEXT: <string>Assuming pointer value is null</string> 269// CHECK-NEXT: <key>message</key> 270// CHECK-NEXT: <string>Assuming pointer value is null</string> 271// CHECK-NEXT: </dict> 272// CHECK-NEXT: <dict> 273// CHECK-NEXT: <key>kind</key><string>event</string> 274// CHECK-NEXT: <key>location</key> 275// CHECK-NEXT: <dict> 276// CHECK-NEXT: <key>line</key><integer>23</integer> 277// CHECK-NEXT: <key>col</key><integer>3</integer> 278// CHECK-NEXT: <key>file</key><integer>0</integer> 279// CHECK-NEXT: </dict> 280// CHECK-NEXT: <key>ranges</key> 281// CHECK-NEXT: <array> 282// CHECK-NEXT: <array> 283// CHECK-NEXT: <dict> 284// CHECK-NEXT: <key>line</key><integer>23</integer> 285// CHECK-NEXT: <key>col</key><integer>3</integer> 286// CHECK-NEXT: <key>file</key><integer>0</integer> 287// CHECK-NEXT: </dict> 288// CHECK-NEXT: <dict> 289// CHECK-NEXT: <key>line</key><integer>23</integer> 290// CHECK-NEXT: <key>col</key><integer>18</integer> 291// CHECK-NEXT: <key>file</key><integer>0</integer> 292// CHECK-NEXT: </dict> 293// CHECK-NEXT: </array> 294// CHECK-NEXT: </array> 295// CHECK-NEXT: <key>depth</key><integer>1</integer> 296// CHECK-NEXT: <key>extended_message</key> 297// CHECK-NEXT: <string>Returning from 'inlined'</string> 298// CHECK-NEXT: <key>message</key> 299// CHECK-NEXT: <string>Returning from 'inlined'</string> 300// CHECK-NEXT: </dict> 301// CHECK-NEXT: <dict> 302// CHECK-NEXT: <key>kind</key><string>control</string> 303// CHECK-NEXT: <key>edges</key> 304// CHECK-NEXT: <array> 305// CHECK-NEXT: <dict> 306// CHECK-NEXT: <key>start</key> 307// CHECK-NEXT: <array> 308// CHECK-NEXT: <dict> 309// CHECK-NEXT: <key>line</key><integer>23</integer> 310// CHECK-NEXT: <key>col</key><integer>3</integer> 311// CHECK-NEXT: <key>file</key><integer>0</integer> 312// CHECK-NEXT: </dict> 313// CHECK-NEXT: <dict> 314// CHECK-NEXT: <key>line</key><integer>23</integer> 315// CHECK-NEXT: <key>col</key><integer>9</integer> 316// CHECK-NEXT: <key>file</key><integer>0</integer> 317// CHECK-NEXT: </dict> 318// CHECK-NEXT: </array> 319// CHECK-NEXT: <key>end</key> 320// CHECK-NEXT: <array> 321// CHECK-NEXT: <dict> 322// CHECK-NEXT: <key>line</key><integer>26</integer> 323// CHECK-NEXT: <key>col</key><integer>3</integer> 324// CHECK-NEXT: <key>file</key><integer>0</integer> 325// CHECK-NEXT: </dict> 326// CHECK-NEXT: <dict> 327// CHECK-NEXT: <key>line</key><integer>26</integer> 328// CHECK-NEXT: <key>col</key><integer>3</integer> 329// CHECK-NEXT: <key>file</key><integer>0</integer> 330// CHECK-NEXT: </dict> 331// CHECK-NEXT: </array> 332// CHECK-NEXT: </dict> 333// CHECK-NEXT: </array> 334// CHECK-NEXT: </dict> 335// CHECK-NEXT: <dict> 336// CHECK-NEXT: <key>kind</key><string>control</string> 337// CHECK-NEXT: <key>edges</key> 338// CHECK-NEXT: <array> 339// CHECK-NEXT: <dict> 340// CHECK-NEXT: <key>start</key> 341// CHECK-NEXT: <array> 342// CHECK-NEXT: <dict> 343// CHECK-NEXT: <key>line</key><integer>26</integer> 344// CHECK-NEXT: <key>col</key><integer>3</integer> 345// CHECK-NEXT: <key>file</key><integer>0</integer> 346// CHECK-NEXT: </dict> 347// CHECK-NEXT: <dict> 348// CHECK-NEXT: <key>line</key><integer>26</integer> 349// CHECK-NEXT: <key>col</key><integer>3</integer> 350// CHECK-NEXT: <key>file</key><integer>0</integer> 351// CHECK-NEXT: </dict> 352// CHECK-NEXT: </array> 353// CHECK-NEXT: <key>end</key> 354// CHECK-NEXT: <array> 355// CHECK-NEXT: <dict> 356// CHECK-NEXT: <key>line</key><integer>26</integer> 357// CHECK-NEXT: <key>col</key><integer>8</integer> 358// CHECK-NEXT: <key>file</key><integer>0</integer> 359// CHECK-NEXT: </dict> 360// CHECK-NEXT: <dict> 361// CHECK-NEXT: <key>line</key><integer>26</integer> 362// CHECK-NEXT: <key>col</key><integer>8</integer> 363// CHECK-NEXT: <key>file</key><integer>0</integer> 364// CHECK-NEXT: </dict> 365// CHECK-NEXT: </array> 366// CHECK-NEXT: </dict> 367// CHECK-NEXT: </array> 368// CHECK-NEXT: </dict> 369// CHECK-NEXT: <dict> 370// CHECK-NEXT: <key>kind</key><string>event</string> 371// CHECK-NEXT: <key>location</key> 372// CHECK-NEXT: <dict> 373// CHECK-NEXT: <key>line</key><integer>26</integer> 374// CHECK-NEXT: <key>col</key><integer>8</integer> 375// CHECK-NEXT: <key>file</key><integer>0</integer> 376// CHECK-NEXT: </dict> 377// CHECK-NEXT: <key>ranges</key> 378// CHECK-NEXT: <array> 379// CHECK-NEXT: <array> 380// CHECK-NEXT: <dict> 381// CHECK-NEXT: <key>line</key><integer>26</integer> 382// CHECK-NEXT: <key>col</key><integer>13</integer> 383// CHECK-NEXT: <key>file</key><integer>0</integer> 384// CHECK-NEXT: </dict> 385// CHECK-NEXT: <dict> 386// CHECK-NEXT: <key>line</key><integer>26</integer> 387// CHECK-NEXT: <key>col</key><integer>13</integer> 388// CHECK-NEXT: <key>file</key><integer>0</integer> 389// CHECK-NEXT: </dict> 390// CHECK-NEXT: </array> 391// CHECK-NEXT: </array> 392// CHECK-NEXT: <key>depth</key><integer>0</integer> 393// CHECK-NEXT: <key>extended_message</key> 394// CHECK-NEXT: <string>Dereference of null pointer (loaded from field 'x')</string> 395// CHECK-NEXT: <key>message</key> 396// CHECK-NEXT: <string>Dereference of null pointer (loaded from field 'x')</string> 397// CHECK-NEXT: </dict> 398// CHECK-NEXT: </array> 399// CHECK-NEXT: <key>description</key><string>Dereference of null pointer (loaded from field 'x')</string> 400// CHECK-NEXT: <key>category</key><string>Logic error</string> 401// CHECK-NEXT: <key>type</key><string>Dereference of null pointer</string> 402// CHECK-NEXT: <key>issue_context_kind</key><string>function</string> 403// CHECK-NEXT: <key>issue_context</key><string>test</string> 404// CHECK-NEXT: <key>issue_hash</key><string>6</string> 405// CHECK-NEXT: <key>location</key> 406// CHECK-NEXT: <dict> 407// CHECK-NEXT: <key>line</key><integer>26</integer> 408// CHECK-NEXT: <key>col</key><integer>8</integer> 409// CHECK-NEXT: <key>file</key><integer>0</integer> 410// CHECK-NEXT: </dict> 411// CHECK-NEXT: </dict> 412// CHECK-NEXT: </array> 413