1// RUN: %clang_cc1 -analyze -analyzer-checker=unix.Malloc,core,alpha.core.CallAndMessageUnInitRefArg -analyzer-output=text -verify %s
2
3// Passing uninitialized const data to function
4#include "Inputs/system-header-simulator.h"
5
6typedef __typeof(sizeof(int)) size_t;
7void *malloc(size_t);
8void *valloc(size_t);
9void free(void *);
10
11
12void doStuff3(const int y){}
13void doStuff2(int g){}
14void doStuff_pointerToConstInt(const int *u){};
15void doStuff_arrayOfConstInt(const int a[]){};
16
17void doStuff_constPointerToConstInt              (int const * const u){};
18void doStuff_constPointerToConstPointerToConstInt(int const * const * const u){};
19void doStuff_pointerToConstPointerToConstInt(int const * const * u){};
20void doStuff_pointerToPointerToConstInt       (int const **u){};
21void doStuff_constStaticSizedArray(const int a[static 10]) {}
22void doStuff_variadic(const int *u, ...){};
23
24void f_1(void) {
25  int t;
26  int* tp = &t;        // expected-note {{'tp' initialized here}}
27  doStuff_pointerToConstInt(tp);  // expected-warning {{Function call argument is a pointer to uninitialized value}}
28                       // expected-note@-1 {{Function call argument is a pointer to uninitialized value}}
29}
30
31void f_1_1(void) {
32  int t;
33  int* tp1 = &t;
34  int* tp2 = tp1;        // expected-note {{'tp2' initialized here}}
35  doStuff_pointerToConstInt(tp2);  // expected-warning {{Function call argument is a pointer to uninitialized value}}
36                       // expected-note@-1 {{Function call argument is a pointer to uninitialized value}}
37}
38
39
40int *f_2_sub(int *p) {
41  return p;
42}
43
44void f_2(void) {
45  int t;
46  int* p = f_2_sub(&t);
47  int* tp = p; // expected-note {{'tp' initialized here}}
48  doStuff_pointerToConstInt(tp); // expected-warning {{Function call argument is a pointer to uninitialized value}}
49                      // expected-note@-1 {{Function call argument is a pointer to uninitialized value}}
50}
51
52int z;
53void f_3(void) {
54      doStuff_pointerToConstInt(&z);  // no warning
55}
56
57void f_4(void) {
58      int x=5;
59      doStuff_pointerToConstInt(&x);  // no warning
60}
61
62void f_5(void) {
63  int ta[5];
64  int* tp = ta;        // expected-note {{'tp' initialized here}}
65  doStuff_pointerToConstInt(tp);  // expected-warning {{Function call argument is a pointer to uninitialized value}}
66                       // expected-note@-1 {{Function call argument is a pointer to uninitialized value}}
67}
68
69void f_5_1(void) {
70  int ta[5];        // expected-note {{'ta' initialized here}}
71  doStuff_pointerToConstInt(ta);  // expected-warning {{Function call argument is a pointer to uninitialized value}}
72                       // expected-note@-1 {{Function call argument is a pointer to uninitialized value}}
73}
74
75void f_6(void) {
76  int ta[5] = {1,2,3,4,5};
77  int* tp = ta;
78  doStuff_pointerToConstInt(tp); // no-warning
79}
80
81void f_6_1(void) {
82  int ta[5] = {1,2,3,4,5};
83  doStuff_pointerToConstInt(ta); // no-warning
84}
85
86void f_7(void) {
87      int z;        // expected-note {{'z' declared without an initial value}}
88      int y=z;      // expected-warning {{Assigned value is garbage or undefined}}
89                    // expected-note@-1 {{Assigned value is garbage or undefined}}
90      doStuff3(y);
91}
92
93void f_8(void) {
94      int g;       // expected-note {{'g' declared without an initial value}}
95      doStuff2(g); // expected-warning {{Function call argument is an uninitialized value}}
96                   // expected-note@-1 {{Function call argument is an uninitialized value}}
97}
98
99void f_9(void) {
100  int  a[6];
101  int const *ptau = a;             // expected-note {{'ptau' initialized here}}
102  doStuff_arrayOfConstInt(ptau);    // expected-warning {{Function call argument is a pointer to uninitialized value}}
103                                   // expected-note@-1 {{Function call argument is a pointer to uninitialized value}}
104}
105
106void f_10(void) {
107  int  a[6];                     // expected-note {{'a' initialized here}}
108  doStuff_arrayOfConstInt(a);    // expected-warning {{Function call argument is a pointer to uninitialized value}}
109                                 // expected-note@-1 {{Function call argument is a pointer to uninitialized value}}
110}
111
112void f_11(void) {
113  int t[10];                    //expected-note {{'t' initialized here}}
114  doStuff_constStaticSizedArray(t);  // expected-warning {{Function call argument is a pointer to uninitialized value}}
115                                // expected-note@-1 {{Function call argument is a pointer to uninitialized value}}
116}
117
118void f_12(void) {
119  int t[10] = {0,1,2,3,4,5,6,7,8,9};
120  doStuff_constStaticSizedArray(t);  // no-warning
121
122}
123
124int f_malloc_1(void) {
125  int *ptr;
126
127  ptr = (int *)malloc(sizeof(int)); // expected-note {{Value assigned to 'ptr'}}
128
129  doStuff_pointerToConstInt(ptr); // expected-warning {{Function call argument is a pointer to uninitialized value}}
130                       // expected-note@-1 {{Function call argument is a pointer to uninitialized value}}
131  free(ptr);
132  return 0;
133}
134
135int f_malloc_2(void) {
136  int *ptr;
137
138  ptr = (int *)malloc(sizeof(int));
139  *ptr = 25;
140
141  doStuff_pointerToConstInt(ptr); // no warning
142  free(ptr);
143  return 0;
144}
145
146// uninit pointer, uninit val
147void f_variadic_unp_unv(void) {
148  int t;
149  int v;
150  int* tp = &t;           // expected-note {{'tp' initialized here}}
151  doStuff_variadic(tp,v);  // expected-warning {{Function call argument is a pointer to uninitialized value}}
152                          // expected-note@-1 {{Function call argument is a pointer to uninitialized value}}
153}
154// uninit pointer, init val
155void f_variadic_unp_inv(void) {
156  int t;
157  int v = 3;
158  int* tp = &t;           // expected-note {{'tp' initialized here}}
159  doStuff_variadic(tp,v);  // expected-warning {{Function call argument is a pointer to uninitialized value}}
160                          // expected-note@-1 {{Function call argument is a pointer to uninitialized value}}
161}
162
163// init pointer, uninit val
164void f_variadic_inp_unv(void) {
165  int t=5;
166  int v;                  // expected-note {{'v' declared without an initial value}}
167  int* tp = &t;
168  doStuff_variadic(tp,v);// expected-warning {{Function call argument is an uninitialized value}}
169                          // expected-note@-1 {{Function call argument is an uninitialized value}}
170}
171
172// init pointer, init val
173void f_variadic_inp_inv(void) {
174  int t=5;
175  int v = 3;
176  int* tp = &t;
177  doStuff_variadic(tp,v); // no-warning
178}
179
180// init pointer, init pointer
181void f_variadic_inp_inp(void) {
182  int t=5;
183  int u=3;
184  int *vp = &u ;
185  int *tp = &t;
186  doStuff_variadic(tp,vp); // no-warning
187}
188
189//uninit pointer, init pointer
190void f_variadic_unp_inp(void) {
191  int t;
192  int u=3;
193  int *vp = &u ;
194  int *tp = &t;             // expected-note {{'tp' initialized here}}
195  doStuff_variadic(tp,vp); // expected-warning {{Function call argument is a pointer to uninitialized value}}
196                            // expected-note@-1 {{Function call argument is a pointer to uninitialized value}}
197}
198
199//init pointer, uninit pointer
200void f_variadic_inp_unp(void) {
201  int t=5;
202  int u;
203  int *vp = &u ;
204  int *tp = &t;
205  doStuff_variadic(tp,vp); // no-warning
206}
207
208//uninit pointer, uninit pointer
209void f_variadic_unp_unp(void) {
210  int t;
211  int u;
212  int *vp = &u ;
213  int *tp = &t;             // expected-note {{'tp' initialized here}}
214  doStuff_variadic(tp,vp); // expected-warning {{Function call argument is a pointer to uninitialized value}}
215                            // expected-note@-1 {{Function call argument is a pointer to uninitialized value}}
216}
217