deref-track-symbolic-region.c revision 43b82b823a6113fdbee54243b280db9c55ef72cb
1// RUN: %clang_cc1 -analyze -analyzer-checker=core -analyzer-output=text -verify %s
2// RUN: %clang_cc1 -analyze -analyzer-checker=core -analyzer-output=plist-multi-file %s -o %t.plist
3// RUN: FileCheck --input-file=%t.plist %s
4
5struct S {
6  int *x;
7  int y;
8};
9
10int *foo();
11
12void inlined(struct S *s, int m) {
13  if (s->x)
14    //expected-note@-1{{Taking false branch}}
15    //expected-note@-2{{Assuming pointer value is null}}
16
17    m++;
18
19}
20void test(struct S syz, int *pp) {
21  int m = 0;
22  syz.x = foo(); // expected-note{{Value assigned to 'syz.x'}}
23  inlined(&syz, m);
24               // expected-note@-1{{Calling 'inlined'}}
25               // expected-note@-2{{Returning from 'inlined'}}
26  m += *syz.x; // expected-warning{{Dereference of null pointer (loaded from field 'x')}}
27               // expected-note@-1{{Dereference of null pointer (loaded from field 'x')}}
28}
29
30// CHECK:  <key>diagnostics</key>
31// CHECK-NEXT:  <array>
32// CHECK-NEXT:   <dict>
33// CHECK-NEXT:    <key>path</key>
34// CHECK-NEXT:    <array>
35// CHECK-NEXT:     <dict>
36// CHECK-NEXT:      <key>kind</key><string>control</string>
37// CHECK-NEXT:      <key>edges</key>
38// CHECK-NEXT:       <array>
39// CHECK-NEXT:        <dict>
40// CHECK-NEXT:         <key>start</key>
41// CHECK-NEXT:          <array>
42// CHECK-NEXT:           <dict>
43// CHECK-NEXT:            <key>line</key><integer>21</integer>
44// CHECK-NEXT:            <key>col</key><integer>3</integer>
45// CHECK-NEXT:            <key>file</key><integer>0</integer>
46// CHECK-NEXT:           </dict>
47// CHECK-NEXT:           <dict>
48// CHECK-NEXT:            <key>line</key><integer>21</integer>
49// CHECK-NEXT:            <key>col</key><integer>5</integer>
50// CHECK-NEXT:            <key>file</key><integer>0</integer>
51// CHECK-NEXT:           </dict>
52// CHECK-NEXT:          </array>
53// CHECK-NEXT:         <key>end</key>
54// CHECK-NEXT:          <array>
55// CHECK-NEXT:           <dict>
56// CHECK-NEXT:            <key>line</key><integer>22</integer>
57// CHECK-NEXT:            <key>col</key><integer>3</integer>
58// CHECK-NEXT:            <key>file</key><integer>0</integer>
59// CHECK-NEXT:           </dict>
60// CHECK-NEXT:           <dict>
61// CHECK-NEXT:            <key>line</key><integer>22</integer>
62// CHECK-NEXT:            <key>col</key><integer>5</integer>
63// CHECK-NEXT:            <key>file</key><integer>0</integer>
64// CHECK-NEXT:           </dict>
65// CHECK-NEXT:          </array>
66// CHECK-NEXT:        </dict>
67// CHECK-NEXT:       </array>
68// CHECK-NEXT:     </dict>
69// CHECK-NEXT:     <dict>
70// CHECK-NEXT:      <key>kind</key><string>event</string>
71// CHECK-NEXT:      <key>location</key>
72// CHECK-NEXT:      <dict>
73// CHECK-NEXT:       <key>line</key><integer>22</integer>
74// CHECK-NEXT:       <key>col</key><integer>3</integer>
75// CHECK-NEXT:       <key>file</key><integer>0</integer>
76// CHECK-NEXT:      </dict>
77// CHECK-NEXT:      <key>ranges</key>
78// CHECK-NEXT:      <array>
79// CHECK-NEXT:        <array>
80// CHECK-NEXT:         <dict>
81// CHECK-NEXT:          <key>line</key><integer>22</integer>
82// CHECK-NEXT:          <key>col</key><integer>3</integer>
83// CHECK-NEXT:          <key>file</key><integer>0</integer>
84// CHECK-NEXT:         </dict>
85// CHECK-NEXT:         <dict>
86// CHECK-NEXT:          <key>line</key><integer>22</integer>
87// CHECK-NEXT:          <key>col</key><integer>15</integer>
88// CHECK-NEXT:          <key>file</key><integer>0</integer>
89// CHECK-NEXT:         </dict>
90// CHECK-NEXT:        </array>
91// CHECK-NEXT:      </array>
92// CHECK-NEXT:      <key>depth</key><integer>0</integer>
93// CHECK-NEXT:      <key>extended_message</key>
94// CHECK-NEXT:      <string>Value assigned to &apos;syz.x&apos;</string>
95// CHECK-NEXT:      <key>message</key>
96// CHECK-NEXT:      <string>Value assigned to &apos;syz.x&apos;</string>
97// CHECK-NEXT:     </dict>
98// CHECK-NEXT:     <dict>
99// CHECK-NEXT:      <key>kind</key><string>control</string>
100// CHECK-NEXT:      <key>edges</key>
101// CHECK-NEXT:       <array>
102// CHECK-NEXT:        <dict>
103// CHECK-NEXT:         <key>start</key>
104// CHECK-NEXT:          <array>
105// CHECK-NEXT:           <dict>
106// CHECK-NEXT:            <key>line</key><integer>22</integer>
107// CHECK-NEXT:            <key>col</key><integer>3</integer>
108// CHECK-NEXT:            <key>file</key><integer>0</integer>
109// CHECK-NEXT:           </dict>
110// CHECK-NEXT:           <dict>
111// CHECK-NEXT:            <key>line</key><integer>22</integer>
112// CHECK-NEXT:            <key>col</key><integer>5</integer>
113// CHECK-NEXT:            <key>file</key><integer>0</integer>
114// CHECK-NEXT:           </dict>
115// CHECK-NEXT:          </array>
116// CHECK-NEXT:         <key>end</key>
117// CHECK-NEXT:          <array>
118// CHECK-NEXT:           <dict>
119// CHECK-NEXT:            <key>line</key><integer>23</integer>
120// CHECK-NEXT:            <key>col</key><integer>3</integer>
121// CHECK-NEXT:            <key>file</key><integer>0</integer>
122// CHECK-NEXT:           </dict>
123// CHECK-NEXT:           <dict>
124// CHECK-NEXT:            <key>line</key><integer>23</integer>
125// CHECK-NEXT:            <key>col</key><integer>9</integer>
126// CHECK-NEXT:            <key>file</key><integer>0</integer>
127// CHECK-NEXT:           </dict>
128// CHECK-NEXT:          </array>
129// CHECK-NEXT:        </dict>
130// CHECK-NEXT:       </array>
131// CHECK-NEXT:     </dict>
132// CHECK-NEXT:     <dict>
133// CHECK-NEXT:      <key>kind</key><string>event</string>
134// CHECK-NEXT:      <key>location</key>
135// CHECK-NEXT:      <dict>
136// CHECK-NEXT:       <key>line</key><integer>23</integer>
137// CHECK-NEXT:       <key>col</key><integer>3</integer>
138// CHECK-NEXT:       <key>file</key><integer>0</integer>
139// CHECK-NEXT:      </dict>
140// CHECK-NEXT:      <key>ranges</key>
141// CHECK-NEXT:      <array>
142// CHECK-NEXT:        <array>
143// CHECK-NEXT:         <dict>
144// CHECK-NEXT:          <key>line</key><integer>23</integer>
145// CHECK-NEXT:          <key>col</key><integer>3</integer>
146// CHECK-NEXT:          <key>file</key><integer>0</integer>
147// CHECK-NEXT:         </dict>
148// CHECK-NEXT:         <dict>
149// CHECK-NEXT:          <key>line</key><integer>23</integer>
150// CHECK-NEXT:          <key>col</key><integer>18</integer>
151// CHECK-NEXT:          <key>file</key><integer>0</integer>
152// CHECK-NEXT:         </dict>
153// CHECK-NEXT:        </array>
154// CHECK-NEXT:      </array>
155// CHECK-NEXT:      <key>depth</key><integer>0</integer>
156// CHECK-NEXT:      <key>extended_message</key>
157// CHECK-NEXT:      <string>Calling &apos;inlined&apos;</string>
158// CHECK-NEXT:      <key>message</key>
159// CHECK-NEXT:      <string>Calling &apos;inlined&apos;</string>
160// CHECK-NEXT:     </dict>
161// CHECK-NEXT:     <dict>
162// CHECK-NEXT:      <key>kind</key><string>event</string>
163// CHECK-NEXT:      <key>location</key>
164// CHECK-NEXT:      <dict>
165// CHECK-NEXT:       <key>line</key><integer>12</integer>
166// CHECK-NEXT:       <key>col</key><integer>1</integer>
167// CHECK-NEXT:       <key>file</key><integer>0</integer>
168// CHECK-NEXT:      </dict>
169// CHECK-NEXT:      <key>depth</key><integer>1</integer>
170// CHECK-NEXT:      <key>extended_message</key>
171// CHECK-NEXT:      <string>Entered call from &apos;test&apos;</string>
172// CHECK-NEXT:      <key>message</key>
173// CHECK-NEXT:      <string>Entered call from &apos;test&apos;</string>
174// CHECK-NEXT:     </dict>
175// CHECK-NEXT:     <dict>
176// CHECK-NEXT:      <key>kind</key><string>control</string>
177// CHECK-NEXT:      <key>edges</key>
178// CHECK-NEXT:       <array>
179// CHECK-NEXT:        <dict>
180// CHECK-NEXT:         <key>start</key>
181// CHECK-NEXT:          <array>
182// CHECK-NEXT:           <dict>
183// CHECK-NEXT:            <key>line</key><integer>12</integer>
184// CHECK-NEXT:            <key>col</key><integer>1</integer>
185// CHECK-NEXT:            <key>file</key><integer>0</integer>
186// CHECK-NEXT:           </dict>
187// CHECK-NEXT:           <dict>
188// CHECK-NEXT:            <key>line</key><integer>12</integer>
189// CHECK-NEXT:            <key>col</key><integer>4</integer>
190// CHECK-NEXT:            <key>file</key><integer>0</integer>
191// CHECK-NEXT:           </dict>
192// CHECK-NEXT:          </array>
193// CHECK-NEXT:         <key>end</key>
194// CHECK-NEXT:          <array>
195// CHECK-NEXT:           <dict>
196// CHECK-NEXT:            <key>line</key><integer>13</integer>
197// CHECK-NEXT:            <key>col</key><integer>3</integer>
198// CHECK-NEXT:            <key>file</key><integer>0</integer>
199// CHECK-NEXT:           </dict>
200// CHECK-NEXT:           <dict>
201// CHECK-NEXT:            <key>line</key><integer>13</integer>
202// CHECK-NEXT:            <key>col</key><integer>4</integer>
203// CHECK-NEXT:            <key>file</key><integer>0</integer>
204// CHECK-NEXT:           </dict>
205// CHECK-NEXT:          </array>
206// CHECK-NEXT:        </dict>
207// CHECK-NEXT:       </array>
208// CHECK-NEXT:     </dict>
209// CHECK-NEXT:     <dict>
210// CHECK-NEXT:      <key>kind</key><string>control</string>
211// CHECK-NEXT:      <key>edges</key>
212// CHECK-NEXT:       <array>
213// CHECK-NEXT:        <dict>
214// CHECK-NEXT:         <key>start</key>
215// CHECK-NEXT:          <array>
216// CHECK-NEXT:           <dict>
217// CHECK-NEXT:            <key>line</key><integer>13</integer>
218// CHECK-NEXT:            <key>col</key><integer>3</integer>
219// CHECK-NEXT:            <key>file</key><integer>0</integer>
220// CHECK-NEXT:           </dict>
221// CHECK-NEXT:           <dict>
222// CHECK-NEXT:            <key>line</key><integer>13</integer>
223// CHECK-NEXT:            <key>col</key><integer>4</integer>
224// CHECK-NEXT:            <key>file</key><integer>0</integer>
225// CHECK-NEXT:           </dict>
226// CHECK-NEXT:          </array>
227// CHECK-NEXT:         <key>end</key>
228// CHECK-NEXT:          <array>
229// CHECK-NEXT:           <dict>
230// CHECK-NEXT:            <key>line</key><integer>13</integer>
231// CHECK-NEXT:            <key>col</key><integer>7</integer>
232// CHECK-NEXT:            <key>file</key><integer>0</integer>
233// CHECK-NEXT:           </dict>
234// CHECK-NEXT:           <dict>
235// CHECK-NEXT:            <key>line</key><integer>13</integer>
236// CHECK-NEXT:            <key>col</key><integer>7</integer>
237// CHECK-NEXT:            <key>file</key><integer>0</integer>
238// CHECK-NEXT:           </dict>
239// CHECK-NEXT:          </array>
240// CHECK-NEXT:        </dict>
241// CHECK-NEXT:       </array>
242// CHECK-NEXT:     </dict>
243// CHECK-NEXT:     <dict>
244// CHECK-NEXT:      <key>kind</key><string>event</string>
245// CHECK-NEXT:      <key>location</key>
246// CHECK-NEXT:      <dict>
247// CHECK-NEXT:       <key>line</key><integer>13</integer>
248// CHECK-NEXT:       <key>col</key><integer>7</integer>
249// CHECK-NEXT:       <key>file</key><integer>0</integer>
250// CHECK-NEXT:      </dict>
251// CHECK-NEXT:      <key>ranges</key>
252// CHECK-NEXT:      <array>
253// CHECK-NEXT:        <array>
254// CHECK-NEXT:         <dict>
255// CHECK-NEXT:          <key>line</key><integer>13</integer>
256// CHECK-NEXT:          <key>col</key><integer>7</integer>
257// CHECK-NEXT:          <key>file</key><integer>0</integer>
258// CHECK-NEXT:         </dict>
259// CHECK-NEXT:         <dict>
260// CHECK-NEXT:          <key>line</key><integer>13</integer>
261// CHECK-NEXT:          <key>col</key><integer>10</integer>
262// CHECK-NEXT:          <key>file</key><integer>0</integer>
263// CHECK-NEXT:         </dict>
264// CHECK-NEXT:        </array>
265// CHECK-NEXT:      </array>
266// CHECK-NEXT:      <key>depth</key><integer>1</integer>
267// CHECK-NEXT:      <key>extended_message</key>
268// CHECK-NEXT:      <string>Assuming pointer value is null</string>
269// CHECK-NEXT:      <key>message</key>
270// CHECK-NEXT:      <string>Assuming pointer value is null</string>
271// CHECK-NEXT:     </dict>
272// CHECK-NEXT:     <dict>
273// CHECK-NEXT:      <key>kind</key><string>event</string>
274// CHECK-NEXT:      <key>location</key>
275// CHECK-NEXT:      <dict>
276// CHECK-NEXT:       <key>line</key><integer>23</integer>
277// CHECK-NEXT:       <key>col</key><integer>3</integer>
278// CHECK-NEXT:       <key>file</key><integer>0</integer>
279// CHECK-NEXT:      </dict>
280// CHECK-NEXT:      <key>ranges</key>
281// CHECK-NEXT:      <array>
282// CHECK-NEXT:        <array>
283// CHECK-NEXT:         <dict>
284// CHECK-NEXT:          <key>line</key><integer>23</integer>
285// CHECK-NEXT:          <key>col</key><integer>3</integer>
286// CHECK-NEXT:          <key>file</key><integer>0</integer>
287// CHECK-NEXT:         </dict>
288// CHECK-NEXT:         <dict>
289// CHECK-NEXT:          <key>line</key><integer>23</integer>
290// CHECK-NEXT:          <key>col</key><integer>18</integer>
291// CHECK-NEXT:          <key>file</key><integer>0</integer>
292// CHECK-NEXT:         </dict>
293// CHECK-NEXT:        </array>
294// CHECK-NEXT:      </array>
295// CHECK-NEXT:      <key>depth</key><integer>1</integer>
296// CHECK-NEXT:      <key>extended_message</key>
297// CHECK-NEXT:      <string>Returning from &apos;inlined&apos;</string>
298// CHECK-NEXT:      <key>message</key>
299// CHECK-NEXT:      <string>Returning from &apos;inlined&apos;</string>
300// CHECK-NEXT:     </dict>
301// CHECK-NEXT:     <dict>
302// CHECK-NEXT:      <key>kind</key><string>control</string>
303// CHECK-NEXT:      <key>edges</key>
304// CHECK-NEXT:       <array>
305// CHECK-NEXT:        <dict>
306// CHECK-NEXT:         <key>start</key>
307// CHECK-NEXT:          <array>
308// CHECK-NEXT:           <dict>
309// CHECK-NEXT:            <key>line</key><integer>23</integer>
310// CHECK-NEXT:            <key>col</key><integer>3</integer>
311// CHECK-NEXT:            <key>file</key><integer>0</integer>
312// CHECK-NEXT:           </dict>
313// CHECK-NEXT:           <dict>
314// CHECK-NEXT:            <key>line</key><integer>23</integer>
315// CHECK-NEXT:            <key>col</key><integer>9</integer>
316// CHECK-NEXT:            <key>file</key><integer>0</integer>
317// CHECK-NEXT:           </dict>
318// CHECK-NEXT:          </array>
319// CHECK-NEXT:         <key>end</key>
320// CHECK-NEXT:          <array>
321// CHECK-NEXT:           <dict>
322// CHECK-NEXT:            <key>line</key><integer>26</integer>
323// CHECK-NEXT:            <key>col</key><integer>3</integer>
324// CHECK-NEXT:            <key>file</key><integer>0</integer>
325// CHECK-NEXT:           </dict>
326// CHECK-NEXT:           <dict>
327// CHECK-NEXT:            <key>line</key><integer>26</integer>
328// CHECK-NEXT:            <key>col</key><integer>3</integer>
329// CHECK-NEXT:            <key>file</key><integer>0</integer>
330// CHECK-NEXT:           </dict>
331// CHECK-NEXT:          </array>
332// CHECK-NEXT:        </dict>
333// CHECK-NEXT:       </array>
334// CHECK-NEXT:     </dict>
335// CHECK-NEXT:     <dict>
336// CHECK-NEXT:      <key>kind</key><string>control</string>
337// CHECK-NEXT:      <key>edges</key>
338// CHECK-NEXT:       <array>
339// CHECK-NEXT:        <dict>
340// CHECK-NEXT:         <key>start</key>
341// CHECK-NEXT:          <array>
342// CHECK-NEXT:           <dict>
343// CHECK-NEXT:            <key>line</key><integer>26</integer>
344// CHECK-NEXT:            <key>col</key><integer>3</integer>
345// CHECK-NEXT:            <key>file</key><integer>0</integer>
346// CHECK-NEXT:           </dict>
347// CHECK-NEXT:           <dict>
348// CHECK-NEXT:            <key>line</key><integer>26</integer>
349// CHECK-NEXT:            <key>col</key><integer>3</integer>
350// CHECK-NEXT:            <key>file</key><integer>0</integer>
351// CHECK-NEXT:           </dict>
352// CHECK-NEXT:          </array>
353// CHECK-NEXT:         <key>end</key>
354// CHECK-NEXT:          <array>
355// CHECK-NEXT:           <dict>
356// CHECK-NEXT:            <key>line</key><integer>26</integer>
357// CHECK-NEXT:            <key>col</key><integer>8</integer>
358// CHECK-NEXT:            <key>file</key><integer>0</integer>
359// CHECK-NEXT:           </dict>
360// CHECK-NEXT:           <dict>
361// CHECK-NEXT:            <key>line</key><integer>26</integer>
362// CHECK-NEXT:            <key>col</key><integer>8</integer>
363// CHECK-NEXT:            <key>file</key><integer>0</integer>
364// CHECK-NEXT:           </dict>
365// CHECK-NEXT:          </array>
366// CHECK-NEXT:        </dict>
367// CHECK-NEXT:       </array>
368// CHECK-NEXT:     </dict>
369// CHECK-NEXT:     <dict>
370// CHECK-NEXT:      <key>kind</key><string>event</string>
371// CHECK-NEXT:      <key>location</key>
372// CHECK-NEXT:      <dict>
373// CHECK-NEXT:       <key>line</key><integer>26</integer>
374// CHECK-NEXT:       <key>col</key><integer>8</integer>
375// CHECK-NEXT:       <key>file</key><integer>0</integer>
376// CHECK-NEXT:      </dict>
377// CHECK-NEXT:      <key>ranges</key>
378// CHECK-NEXT:      <array>
379// CHECK-NEXT:        <array>
380// CHECK-NEXT:         <dict>
381// CHECK-NEXT:          <key>line</key><integer>26</integer>
382// CHECK-NEXT:          <key>col</key><integer>13</integer>
383// CHECK-NEXT:          <key>file</key><integer>0</integer>
384// CHECK-NEXT:         </dict>
385// CHECK-NEXT:         <dict>
386// CHECK-NEXT:          <key>line</key><integer>26</integer>
387// CHECK-NEXT:          <key>col</key><integer>13</integer>
388// CHECK-NEXT:          <key>file</key><integer>0</integer>
389// CHECK-NEXT:         </dict>
390// CHECK-NEXT:        </array>
391// CHECK-NEXT:      </array>
392// CHECK-NEXT:      <key>depth</key><integer>0</integer>
393// CHECK-NEXT:      <key>extended_message</key>
394// CHECK-NEXT:      <string>Dereference of null pointer (loaded from field &apos;x&apos;)</string>
395// CHECK-NEXT:      <key>message</key>
396// CHECK-NEXT:      <string>Dereference of null pointer (loaded from field &apos;x&apos;)</string>
397// CHECK-NEXT:     </dict>
398// CHECK-NEXT:    </array>
399// CHECK-NEXT:    <key>description</key><string>Dereference of null pointer (loaded from field &apos;x&apos;)</string>
400// CHECK-NEXT:    <key>category</key><string>Logic error</string>
401// CHECK-NEXT:    <key>type</key><string>Dereference of null pointer</string>
402// CHECK-NEXT:   <key>issue_context_kind</key><string>function</string>
403// CHECK-NEXT:   <key>issue_context</key><string>test</string>
404// CHECK-NEXT:   <key>issue_hash</key><string>6</string>
405// CHECK-NEXT:   <key>location</key>
406// CHECK-NEXT:   <dict>
407// CHECK-NEXT:    <key>line</key><integer>26</integer>
408// CHECK-NEXT:    <key>col</key><integer>8</integer>
409// CHECK-NEXT:    <key>file</key><integer>0</integer>
410// CHECK-NEXT:   </dict>
411// CHECK-NEXT:   </dict>
412// CHECK-NEXT:  </array>
413