1 // RUN: %clang_cc1 -analyze -analyzer-checker=core -analyzer-store=region -fblocks -verify %s
2 
3 struct FPRec {
4   void (*my_func)(int * x);
5 };
6 
7 int bar(int x);
8 
f1_a(struct FPRec * foo)9 int f1_a(struct FPRec* foo) {
10   int x;
11   (*foo->my_func)(&x);
12   return bar(x)+1; // no-warning
13 }
14 
f1_b()15 int f1_b() {
16   int x;
17   return bar(x)+1;  // expected-warning{{Function call argument is an uninitialized value}}
18 }
19 
f2()20 int f2() {
21 
22   int x;
23 
24   if (x+1)  // expected-warning{{The left operand of '+' is a garbage value}}
25     return 1;
26 
27   return 2;
28 }
29 
f2_b()30 int f2_b() {
31   int x;
32 
33   return ((1+x)+2+((x))) + 1 ? 1 : 2; // expected-warning{{The right operand of '+' is a garbage value}}
34 }
35 
f3(void)36 int f3(void) {
37   int i;
38   int *p = &i;
39   if (*p > 0) // expected-warning{{The left operand of '>' is a garbage value}}
40     return 0;
41   else
42     return 1;
43 }
44 
45 void f4_aux(float* x);
f4(void)46 float f4(void) {
47   float x;
48   f4_aux(&x);
49   return x;  // no-warning
50 }
51 
52 struct f5_struct { int x; };
53 void f5_aux(struct f5_struct* s);
f5(void)54 int f5(void) {
55   struct f5_struct s;
56   f5_aux(&s);
57   return s.x; // no-warning
58 }
59 
ret_uninit()60 int ret_uninit() {
61   int i;
62   int *p = &i;
63   return *p;  // expected-warning{{Undefined or garbage value returned to caller}}
64 }
65 
66 // <rdar://problem/6451816>
67 typedef unsigned char Boolean;
68 typedef const struct __CFNumber * CFNumberRef;
69 typedef signed long CFIndex;
70 typedef CFIndex CFNumberType;
71 typedef unsigned long UInt32;
72 typedef UInt32 CFStringEncoding;
73 typedef const struct __CFString * CFStringRef;
74 extern Boolean CFNumberGetValue(CFNumberRef number, CFNumberType theType, void *valuePtr);
75 extern CFStringRef CFStringConvertEncodingToIANACharSetName(CFStringEncoding encoding);
76 
rdar_6451816(CFNumberRef nr)77 CFStringRef rdar_6451816(CFNumberRef nr) {
78   CFStringEncoding encoding;
79   // &encoding is casted to void*.  This test case tests whether or not
80   // we properly invalidate the value of 'encoding'.
81   CFNumberGetValue(nr, 9, &encoding);
82   return CFStringConvertEncodingToIANACharSetName(encoding); // no-warning
83 }
84 
85 // PR 4630 - false warning with nonnull attribute
86 //  This false positive (due to a regression) caused the analyzer to falsely
87 //  flag a "return of uninitialized value" warning in the first branch due to
88 //  the nonnull attribute.
89 void pr_4630_aux(char *x, int *y) __attribute__ ((nonnull (1)));
90 void pr_4630_aux_2(char *x, int *y);
pr_4630(char * a,int y)91 int pr_4630(char *a, int y) {
92   int x;
93   if (y) {
94     pr_4630_aux(a, &x);
95     return x;   // no-warning
96   }
97   else {
98     pr_4630_aux_2(a, &x);
99     return x;   // no-warning
100   }
101 }
102 
103 // PR 4631 - False positive with union initializer
104 //  Previously the analyzer didn't examine the compound initializers of unions,
105 //  resulting in some false positives for initializers with side-effects.
106 union u_4631 { int a; };
107 struct s_4631 { int a; };
108 int pr4631_f2(int *p);
109 int pr4631_f3(void *q);
pr4631_f1(void)110 int pr4631_f1(void)
111 {
112   int x;
113   union u_4631 m = { pr4631_f2(&x) };
114   pr4631_f3(&m); // tell analyzer that we use m
115   return x;  // no-warning
116 }
pr4631_f1_b(void)117 int pr4631_f1_b(void)
118 {
119   int x;
120   struct s_4631 m = { pr4631_f2(&x) };
121   pr4631_f3(&m); // tell analyzer that we use m
122   return x;  // no-warning
123 }
124 
125 // <rdar://problem/12278788> - FP when returning a void-valued expression from
126 // a void function...or block.
foo_radar12278788()127 void foo_radar12278788() { return; }
test_radar12278788()128 void test_radar12278788() {
129   return foo_radar12278788(); // no-warning
130 }
131 
foo_radar12278788_fp()132 void foo_radar12278788_fp() { return; }
133 typedef int (*RetIntFuncType)();
134 typedef void (*RetVoidFuncType)();
test_radar12278788_FP()135 int test_radar12278788_FP() {
136   RetVoidFuncType f = foo_radar12278788_fp;
137   return ((RetIntFuncType)f)(); //expected-warning {{Undefined or garbage value returned to caller}}
138 }
139 
rdar13665798()140 void rdar13665798() {
141   ^() {
142     return foo_radar12278788(); // no-warning
143   }();
144   ^void() {
145     return foo_radar12278788(); // no-warning
146   }();
147   ^int() {
148     RetVoidFuncType f = foo_radar12278788_fp;
149     return ((RetIntFuncType)f)(); //expected-warning {{Undefined or garbage value returned to caller}}
150   }();
151 }
152