1// RUN: %clang_analyze_cc1 %s -verify \
2// RUN:   -Wno-objc-root-class \
3// RUN:   -analyzer-checker=core \
4// RUN:   -analyzer-config core.CallAndMessage:FunctionPointer=false \
5// RUN:   -analyzer-config core.CallAndMessage:ParameterCount=false \
6// RUN:   -analyzer-config core.CallAndMessage:CXXThisMethodCall=false \
7// RUN:   -analyzer-config core.CallAndMessage:CXXDeallocationArg=false \
8// RUN:   -analyzer-config core.CallAndMessage:ArgInitializedness=false \
9// RUN:   -analyzer-config core.CallAndMessage:ArgPointeeInitializedness=false \
10// RUN:   -analyzer-config core.CallAndMessage:NilReceiver=false \
11// RUN:   -analyzer-config core.CallAndMessage:UndefReceiver=true \
12// RUN:   -analyzer-output=plist -o %t.plist
13// RUN: cat %t.plist | FileCheck %s
14
15//===----------------------------------------------------------------------===//
16// The following code is reduced using delta-debugging from
17// Foundation.h (Mac OS X).
18//
19// It includes the basic definitions for the test cases below.
20// Not directly including Foundation.h directly makes this test case
21// both svelte and portable to non-Mac platforms.
22//===----------------------------------------------------------------------===//
23
24typedef signed char BOOL;
25typedef unsigned int NSUInteger;
26typedef struct _NSZone NSZone;
27@class NSInvocation, NSMethodSignature, NSCoder, NSString, NSEnumerator;
28@protocol NSObject
29- (BOOL)isEqual:(id)object;
30@end
31@protocol NSCopying
32- (id)copyWithZone:(NSZone *)zone;
33@end
34@protocol NSMutableCopying
35- (id)mutableCopyWithZone:(NSZone *)zone;
36@end
37@protocol NSCoding
38- (void)encodeWithCoder:(NSCoder *)aCoder;
39@end
40@interface NSObject <NSObject> {
41}
42@end
43@class NSString, NSData;
44@class NSString, NSData, NSMutableData, NSMutableDictionary, NSMutableArray;
45typedef struct {
46} NSFastEnumerationState;
47@protocol NSFastEnumeration
48- (NSUInteger)countByEnumeratingWithState:(NSFastEnumerationState *)state objects:(id *)stackbuf count:(NSUInteger)len;
49@end
50@class NSData, NSIndexSet, NSString, NSURL;
51@interface NSArray : NSObject <NSCopying, NSMutableCopying, NSCoding, NSFastEnumeration>
52- (NSUInteger)count;
53@end
54@interface NSArray (NSArrayCreation)
55+ (id)array;
56- (NSUInteger)length;
57- (void)addObject:(id)object;
58@end
59extern NSString *const NSUndoManagerCheckpointNotification;
60
61//===----------------------------------------------------------------------===//
62// Test cases.
63//===----------------------------------------------------------------------===//
64
65unsigned f1() {
66  NSString *aString;
67  return [aString length]; // expected-warning {{Receiver in message expression is an uninitialized value [core.CallAndMessage]}}
68}
69
70// TODO: If this hash ever changes, turn core.CallAndMessage:UndefReceiver from
71// a checker option into a checker, as described in the CallAndMessage comments!
72// CHECK: <key>issue_hash_content_of_line_in_context</key>
73// CHECK-SAME: <string>29873175e1cc0a98f7040057279925a0</string>
74
75@interface RDar9241180
76@property(readwrite, assign) id x;
77- (id)testAnalyzer1:(int)y;
78@end
79
80@implementation RDar9241180
81@synthesize x;
82- (id)testAnalyzer1:(int)y {
83  RDar9241180 *o;
84  if (y && o.x) // expected-warning {{Property access on an uninitialized object pointer [core.CallAndMessage]}}
85    return o;
86
87  // TODO: If this hash ever changes, turn core.CallAndMessage:UndefReceiver from
88  // a checker option into a checker, as described in the CallAndMessage comments!
89  // CHECK: <key>issue_hash_content_of_line_in_context</key>
90  // CHECK-SAME: <string>00ddd30796a283de33e662da8449c796</string>
91
92  return o; // expected-warning {{Undefined or garbage value returned to caller [core.uninitialized.UndefReturn]}}
93}
94@end
95
96// CHECK: <key>issue_hash_content_of_line_in_context</key>
97// CHECK-SAME: <string>8d468e24df7d887f4182bf49f5dd8b71</string>
98
99typedef signed char BOOL;
100typedef unsigned int NSUInteger;
101
102@interface Subscriptable : NSObject
103- (void)setObject:(id)obj atIndexedSubscript:(NSUInteger)index;
104- (id)objectAtIndexedSubscript:(NSUInteger)index;
105
106- (void)setObject:(id)obj forKeyedSubscript:(id)key;
107- (id)objectForKeyedSubscript:(id)key;
108@end
109
110@interface Test : Subscriptable
111@end
112
113@implementation Test
114
115// <rdar://problem/9241180> for subscripting
116- (id)testUninitializedObject:(BOOL)keyed {
117  Test *o;
118  if (keyed) {
119    if (o[self]) // expected-warning {{Subscript access on an uninitialized object pointer [core.CallAndMessage]}}
120      return o;  // no-warning (sink)
121  } else {
122    if (o[0])   // expected-warning {{Subscript access on an uninitialized object pointer [core.CallAndMessage]}}
123      return o; // no-warning (sink)
124  }
125  return self;
126}
127@end
128
129// TODO: If this hash ever changes, turn core.CallAndMessage:UndefReceiver from
130// a checker option into a checker, as described in the CallAndMessage comments!
131// CHECK: <key>issue_hash_content_of_line_in_context</key>
132// CHECK-SAME: <string>8d943563d78377fc5dfcd4fdde904e5e</string>
133// CHECK: <key>issue_hash_content_of_line_in_context</key>
134// CHECK-SAME: <string>9a2a9698763d62bed38d91fe5fb4aefd</string>
135