stack-addr-ps.cpp revision f08740ba5903d089a53cc315c19286e2189f9ff3
1782f63ecd124f9384f988dc7e0cf4ae1540c15f6Jeffrey Yasskin// RUN: %clang_cc1 -analyze -analyzer-checker=core -analyzer-store=region -verify %s 268957a919084ab8bbd1f01d534db1d6f31d0f459Ted Kremenek 368957a919084ab8bbd1f01d534db1d6f31d0f459Ted Kremenek// FIXME: Only the stack-address checking in Sema catches this right now, and 468957a919084ab8bbd1f01d534db1d6f31d0f459Ted Kremenek// the stack analyzer doesn't handle the ImplicitCastExpr (lvalue). 568957a919084ab8bbd1f01d534db1d6f31d0f459Ted Kremenekconst int& g() { 668957a919084ab8bbd1f01d534db1d6f31d0f459Ted Kremenek int s; 7782f63ecd124f9384f988dc7e0cf4ae1540c15f6Jeffrey Yasskin return s; // expected-warning{{Address of stack memory associated with local variable 's' returned}} expected-warning{{reference to stack memory associated with local variable 's' returned}} 868957a919084ab8bbd1f01d534db1d6f31d0f459Ted Kremenek} 926e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis 1026e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidisconst int& g2() { 1126e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis int s1; 1226e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis int &s2 = s1; // expected-note {{binding reference variable 's2' here}} 13782f63ecd124f9384f988dc7e0cf4ae1540c15f6Jeffrey Yasskin return s2; // expected-warning{{Address of stack memory associated with local variable 's1' returned}} expected-warning {{reference to stack memory associated with local variable 's1' returned}} 1426e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis} 1526e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis 1626e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidisconst int& g3() { 1726e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis int s1; 1826e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis int &s2 = s1; // expected-note {{binding reference variable 's2' here}} 1926e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis int &s3 = s2; // expected-note {{binding reference variable 's3' here}} 20782f63ecd124f9384f988dc7e0cf4ae1540c15f6Jeffrey Yasskin return s3; // expected-warning{{Address of stack memory associated with local variable 's1' returned}} expected-warning {{reference to stack memory associated with local variable 's1' returned}} 2126e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis} 2226e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis 2326e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidisint get_value(); 2426e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis 25782f63ecd124f9384f988dc7e0cf4ae1540c15f6Jeffrey Yasskinconst int &get_reference1() { return get_value(); } // expected-warning{{Address of stack memory associated with temporary object of type 'const int' returned}} expected-warning {{returning reference to local temporary}} 2626e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis 2726e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidisconst int &get_reference2() { 2826e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis const int &x = get_value(); // expected-note {{binding reference variable 'x' here}} 29782f63ecd124f9384f988dc7e0cf4ae1540c15f6Jeffrey Yasskin return x; // expected-warning{{Address of stack memory associated with temporary object of type 'const int' returned}} expected-warning {{returning reference to local temporary}} 3026e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis} 3126e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis 3226e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidisconst int &get_reference3() { 3326e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis const int &x1 = get_value(); // expected-note {{binding reference variable 'x1' here}} 3426e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis const int &x2 = x1; // expected-note {{binding reference variable 'x2' here}} 35782f63ecd124f9384f988dc7e0cf4ae1540c15f6Jeffrey Yasskin return x2; // expected-warning{{Address of stack memory associated with temporary object of type 'const int' returned}} expected-warning {{returning reference to local temporary}} 3626e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis} 3726e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis 3826e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidisint global_var; 3926e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidisint *f1() { 4026e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis int &y = global_var; 4126e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis return &y; 4226e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis} 4326e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis 4426e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidisint *f2() { 4526e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis int x1; 4626e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis int &x2 = x1; // expected-note {{binding reference variable 'x2' here}} 47782f63ecd124f9384f988dc7e0cf4ae1540c15f6Jeffrey Yasskin return &x2; // expected-warning{{Address of stack memory associated with local variable 'x1' returned}} expected-warning {{address of stack memory associated with local variable 'x1' returned}} 4826e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis} 4926e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis 5026e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidisint *f3() { 5126e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis int x1; 5226e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis int *const &x2 = &x1; // expected-note {{binding reference variable 'x2' here}} 536a835dddf45922e71a87637fdfac0863de65123cTed Kremenek return x2; // expected-warning {{address of stack memory associated with local variable 'x1' returned}} expected-warning {{Address of stack memory associated with local variable 'x1' returned to caller}} 5426e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis} 5526e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis 5626e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidisconst int *f4() { 5726e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis const int &x1 = get_value(); // expected-note {{binding reference variable 'x1' here}} 5826e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis const int &x2 = x1; // expected-note {{binding reference variable 'x2' here}} 59782f63ecd124f9384f988dc7e0cf4ae1540c15f6Jeffrey Yasskin return &x2; // expected-warning{{Address of stack memory associated with temporary object of type 'const int' returned}} expected-warning {{returning address of local temporary}} 6026e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis} 6126e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis 6226e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidisstruct S { 6326e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis int x; 6426e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis}; 6526e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis 6626e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidisint *mf() { 6726e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis S s1; 6826e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis S &s2 = s1; // expected-note {{binding reference variable 's2' here}} 6926e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis int &x = s2.x; // expected-note {{binding reference variable 'x' here}} 70782f63ecd124f9384f988dc7e0cf4ae1540c15f6Jeffrey Yasskin return &x; // expected-warning{{Address of stack memory associated with local variable 's1' returned}} expected-warning {{address of stack memory associated with local variable 's1' returned}} 7126e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis} 7226e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis 7326e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidisvoid *lf() { 7426e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis label: 7526e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis void *const &x = &&label; // expected-note {{binding reference variable 'x' here}} 7626e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis return x; // expected-warning {{returning address of label, which is local}} 7726e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis} 7826e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis 7926e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidistemplate <typename T> 8026e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidisstruct TS { 8126e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis int *get(); 8226e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis int *m() { 8326e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis int *&x = get(); 8426e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis return x; 8526e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis } 8626e10bea3d2e9d2979194890e51b98ecea165a96Argyrios Kyrtzidis}; 87e720ce7a3b1c1bfa5f7482183caa6e31fca9a3fbArgyrios Kyrtzidis 88e720ce7a3b1c1bfa5f7482183caa6e31fca9a3fbArgyrios Kyrtzidis// rdar://11345441 89e720ce7a3b1c1bfa5f7482183caa6e31fca9a3fbArgyrios Kyrtzidisint* f5() { 905965b7c7ddf8d9635426943a05441c71cb59fef6Hans Wennborg int& i = i; // expected-warning {{Assigned value is garbage or undefined}} expected-note {{binding reference variable 'i' here}} expected-warning{{reference 'i' is not yet bound to a value when used within its own initialization}} 91e720ce7a3b1c1bfa5f7482183caa6e31fca9a3fbArgyrios Kyrtzidis return &i; // expected-warning {{address of stack memory associated with local variable 'i' returned}} 92e720ce7a3b1c1bfa5f7482183caa6e31fca9a3fbArgyrios Kyrtzidis} 93f08740ba5903d089a53cc315c19286e2189f9ff3Ted Kremenek 94f08740ba5903d089a53cc315c19286e2189f9ff3Ted Kremenekvoid *radar13226577() { 95f08740ba5903d089a53cc315c19286e2189f9ff3Ted Kremenek void *p = &p; 96f08740ba5903d089a53cc315c19286e2189f9ff3Ted Kremenek return p; // expected-warning {{stack memory associated with local variable 'p' returned to caller}} 97f08740ba5903d089a53cc315c19286e2189f9ff3Ted Kremenek} 98f08740ba5903d089a53cc315c19286e2189f9ff3Ted Kremenek 99