1 // RUN: %clang_analyze_cc1 %s -analyzer-checker=core.NullDereference,core.DivideZero -fblocks -analyzer-output=text -analyzer-config suppress-null-return-paths=false -verify -analyzer-config eagerly-assume=false %s
2 // RUN: %clang_analyze_cc1 -analyzer-config eagerly-assume=false %s -analyzer-checker=core.NullDereference,core.DivideZero -fblocks -analyzer-output=plist -analyzer-config suppress-null-return-paths=false -o %t
3 // RUN: %normalize_plist <%t | diff -ub %S/Inputs/expected-plists/inline-plist.c.plist -
4
5 // <rdar://problem/10967815>
mmm(int y)6 void mmm(int y) {
7 if (y != 0)
8 y++;
9 }
10
foo(int x,int y)11 int foo(int x, int y) {
12 mmm(y);
13 if (x != 0) {
14 // expected-note@-1 {{Assuming 'x' is equal to 0}}
15 // expected-note@-2 {{Taking false branch}}
16 x++;
17 }
18 return 5/x; // expected-warning{{Division by zero}} expected-note{{Division by zero}}
19 }
20
21 // Test a bug triggering only when inlined.
has_bug(int * p)22 void has_bug(int *p) {
23 *p = 0xDEADBEEF; // expected-warning{{Dereference of null pointer (loaded from variable 'p')}} expected-note{{Dereference of null pointer (loaded from variable 'p')}}
24 }
25
test_has_bug()26 void test_has_bug() {
27 has_bug(0);
28 // expected-note@-1 {{Passing null pointer value via 1st parameter 'p'}}
29 // expected-note@-2 {{Calling 'has_bug'}}
30 }
31
triggers_bug(int * p)32 void triggers_bug(int *p) {
33 *p = 0xDEADBEEF; // expected-warning{{Dereference of null pointer (loaded from variable 'p')}} expected-note{{Dereference of null pointer (loaded from variable 'p')}}
34 }
35
36 // This function triggers a bug by calling triggers_bug(). The diagnostics
37 // should show when p is assumed to be null.
bar(int * p)38 void bar(int *p) {
39 if (!!p) {
40 // expected-note@-1 {{Assuming 'p' is null}}
41 // expected-note@-2 {{Taking false branch}}
42 return;
43 }
44
45 if (p == 0) {
46 // expected-note@-1 {{'p' is equal to null}}
47 // expected-note@-2 {{Taking true branch}}
48 triggers_bug(p);
49 // expected-note@-1 {{Passing null pointer value via 1st parameter 'p'}}
50 // expected-note@-2 {{Calling 'triggers_bug'}}
51 }
52 }
53
54 // ========================================================================== //
55 // Test inlining of blocks.
56 // ========================================================================== //
57
test_block__capture_null()58 void test_block__capture_null() {
59 int *p = 0; // expected-note{{'p' initialized to a null pointer value}}
60 ^(){ // expected-note {{Calling anonymous block}}
61 *p = 1; // expected-warning{{Dereference of null pointer (loaded from variable 'p')}} expected-note{{Dereference of null pointer (loaded from variable 'p')}}
62 }();
63
64 }
65
test_block_ret()66 void test_block_ret() {
67 int *p = ^int*(){ // expected-note {{Calling anonymous block}} expected-note{{Returning to caller}} expected-note {{'p' initialized to a null pointer value}}
68 int *q = 0; // expected-note {{'q' initialized to a null pointer value}}
69 return q; // expected-note {{Returning null pointer (loaded from 'q')}}
70 }();
71 *p = 1; // expected-warning{{Dereference of null pointer (loaded from variable 'p')}} expected-note{{Dereference of null pointer (loaded from variable 'p')}}
72 }
73
test_block_blockvar()74 void test_block_blockvar() {
75 __block int *p;
76 ^(){ // expected-note{{Calling anonymous block}} expected-note{{Returning to caller}}
77 p = 0; // expected-note{{Null pointer value stored to 'p'}}
78 }();
79 *p = 1; // expected-warning{{Dereference of null pointer (loaded from variable 'p')}} expected-note{{Dereference of null pointer (loaded from variable 'p')}}
80 }
81
test_block_arg()82 void test_block_arg() {
83 int *p;
84 ^(int **q){ // expected-note{{Calling anonymous block}} expected-note{{Returning to caller}}
85 *q = 0; // expected-note{{Null pointer value stored to 'p'}}
86 }(&p);
87 *p = 1; // expected-warning{{Dereference of null pointer (loaded from variable 'p')}} expected-note{{Dereference of null pointer (loaded from variable 'p')}}
88 }
89
90