diff options
Diffstat (limited to 'test/Analysis')
| -rw-r--r-- | test/Analysis/inline.c | 4 | ||||
| -rw-r--r-- | test/Analysis/inline2.c | 3 | ||||
| -rw-r--r-- | test/Analysis/inline3.c | 4 | ||||
| -rw-r--r-- | test/Analysis/inline4.c | 4 | ||||
| -rw-r--r-- | test/Analysis/method-call.cpp | 18 | ||||
| -rw-r--r-- | test/Analysis/misc-ps-region-store.m | 59 | ||||
| -rw-r--r-- | test/Analysis/misc-ps.m | 24 | ||||
| -rw-r--r-- | test/Analysis/new.cpp | 14 | ||||
| -rw-r--r-- | test/Analysis/nil-receiver-undefined-larger-than-voidptr-ret.m | 6 | ||||
| -rw-r--r-- | test/Analysis/null-deref-ps.c | 4 | ||||
| -rw-r--r-- | test/Analysis/override-werror.c | 2 | ||||
| -rw-r--r-- | test/Analysis/unix-fns.c | 37 |
12 files changed, 164 insertions, 15 deletions
diff --git a/test/Analysis/inline.c b/test/Analysis/inline.c index 952de737f75b7..acaf74ded996a 100644 --- a/test/Analysis/inline.c +++ b/test/Analysis/inline.c @@ -1,5 +1,5 @@ -// RUN: %clang_cc1 -analyze -inline-call -analyzer-store region -analyze-function f2 -verify %s - +// RUN: false +// XFAIL: * int f1() { int y = 1; y++; diff --git a/test/Analysis/inline2.c b/test/Analysis/inline2.c index e2758c160a895..ec965a69c6447 100644 --- a/test/Analysis/inline2.c +++ b/test/Analysis/inline2.c @@ -1,4 +1,5 @@ -// RUN: %clang_cc1 -analyze -inline-call -analyzer-store region -analyze-function f2 -verify %s +// RUN: false +// XFAIL: * // Test parameter 'a' is registered to LiveVariables analysis data although it // is not referenced in the function body. diff --git a/test/Analysis/inline3.c b/test/Analysis/inline3.c index 3661263b6bae3..8f45858bb949e 100644 --- a/test/Analysis/inline3.c +++ b/test/Analysis/inline3.c @@ -1,5 +1,5 @@ -// RUN: %clang_cc1 -analyze -inline-call -analyzer-store region -analyze-function f2 -verify %s - +// RUN: false +// XFAIL: * // Test when entering f1(), we set the right AnalysisContext to Environment. // Otherwise, block-level expr '1 && a' would not be block-level. diff --git a/test/Analysis/inline4.c b/test/Analysis/inline4.c index dd2379f04381d..b2b3c346e3740 100644 --- a/test/Analysis/inline4.c +++ b/test/Analysis/inline4.c @@ -1,5 +1,5 @@ -// RUN: %clang_cc1 -analyze -inline-call -analyzer-store region -analyze-function f -verify %s - +// RUN: false +// XFAIL: * int g(int a) { return a; } diff --git a/test/Analysis/method-call.cpp b/test/Analysis/method-call.cpp new file mode 100644 index 0000000000000..dd891596c5dc7 --- /dev/null +++ b/test/Analysis/method-call.cpp @@ -0,0 +1,18 @@ +// RUN: %clang_cc1 -analyze -analyzer-check-objc-mem -analyzer-store region -verify %s +struct A { + int x; + A(int a) { x = a; } + int getx() { return x; } +}; + +void f1() { + A x(3); + if (x.getx() == 3) { + int *p = 0; + *p = 3; // expected-warning{{Dereference of null pointer}} + } else { + int *p = 0; + *p = 3; // no-warning + } +} + diff --git a/test/Analysis/misc-ps-region-store.m b/test/Analysis/misc-ps-region-store.m index d10b9fa5ded78..42551417a2a57 100644 --- a/test/Analysis/misc-ps-region-store.m +++ b/test/Analysis/misc-ps-region-store.m @@ -955,3 +955,62 @@ void pr6288_b(void) { *(px[0]) = 0; // no-warning } +// <rdar://problem/7817800> - A bug in RemoveDeadBindings was causing instance variable bindings +// to get prematurely pruned from the state. +@interface Rdar7817800 { + char *x; +} +- (void) rdar7817800_baz; +@end + +char *rdar7817800_foobar(); +void rdar7817800_qux(void*); + +@implementation Rdar7817800 +- (void) rdar7817800_baz { + if (x) + rdar7817800_qux(x); + x = rdar7817800_foobar(); + // Previously this triggered a bogus null dereference warning. + x[1] = 'a'; // no-warning +} +@end + +// PR 6036 - This test case triggered a crash inside StoreManager::CastRegion because the size +// of 'unsigned long (*)[0]' is 0. +struct pr6036_a { int pr6036_b; }; +struct pr6036_c; +void u132monitk (struct pr6036_c *pr6036_d) { + (void) ((struct pr6036_a *) (unsigned long (*)[0]) ((char *) pr6036_d - 1))->pr6036_b; // expected-warning{{Casting a non-structure type to a structure type and accessing a field can lead to memory access errors or data corruption}} +} + +// <rdar://problem/7813989> - ?-expressions used as a base of a member expression should be treated as an lvalue +typedef struct rdar7813989_NestedVal { int w; } rdar7813989_NestedVal; +typedef struct rdar7813989_Val { rdar7813989_NestedVal nv; } rdar7813989_Val; + +int rdar7813989(int x, rdar7813989_Val *a, rdar7813989_Val *b) { + // This previously crashed with an assertion failure. + int z = (x ? a->nv : b->nv).w; + return z + 1; +} + +// PR 6844 - Don't crash on vaarg expression. +typedef __builtin_va_list va_list; +void map(int srcID, ...) { + va_list ap; + int i; + for (i = 0; i < srcID; i++) { + int v = __builtin_va_arg(ap, int); + } +} + +// PR 6854 - crash when casting symbolic memory address to a float +// Handle casting from a symbolic region to a 'float'. This isn't +// really all that intelligent, but previously this caused a crash +// in SimpleSValuator. +void pr6854(void * arg) { + void * a = arg; + *(void**)a = arg; + float f = *(float*) a; +} + diff --git a/test/Analysis/misc-ps.m b/test/Analysis/misc-ps.m index fa05f6f603088..2b21eec18cd73 100644 --- a/test/Analysis/misc-ps.m +++ b/test/Analysis/misc-ps.m @@ -933,3 +933,27 @@ void foo_rev95547_b(struct s_rev95547 w) { struct s_rev95547 w2 = w; w2.z1.x += 20.0; // no-warning } + +//===----------------------------------------------------------------------===// +// Test handling statement expressions that don't populate a CFG block that +// is used to represent the computation of the RHS of a logical operator. +// This previously triggered a crash. +//===----------------------------------------------------------------------===// + +void pr6938() { + if (1 && ({ + while (0); + 0; + }) == 0) { + } +} + +void pr6938_b() { + if (1 && *({ // expected-warning{{Dereference of null pointer}} + while (0) {} + ({ + (int *) 0; + }); + }) == 0) { + } +} diff --git a/test/Analysis/new.cpp b/test/Analysis/new.cpp new file mode 100644 index 0000000000000..f26eecd4b196a --- /dev/null +++ b/test/Analysis/new.cpp @@ -0,0 +1,14 @@ +// RUN: %clang_cc1 -analyze -analyzer-check-objc-mem -analyzer-store region -verify %s + +void f1() { + int *n = new int; + if (*n) { // expected-warning {{Branch condition evaluates to a garbage value}} + } +} + +void f2() { + int *n = new int(3); + if (*n) { // no-warning + } +} + diff --git a/test/Analysis/nil-receiver-undefined-larger-than-voidptr-ret.m b/test/Analysis/nil-receiver-undefined-larger-than-voidptr-ret.m index 5722a04aa2ddf..5f5187194dab5 100644 --- a/test/Analysis/nil-receiver-undefined-larger-than-voidptr-ret.m +++ b/test/Analysis/nil-receiver-undefined-larger-than-voidptr-ret.m @@ -72,11 +72,11 @@ int handleVoidInComma() { int marker(void) { // control reaches end of non-void function } +// CHECK-darwin8: control reaches end of non-void function // CHECK-darwin8: warning: The receiver of message 'longDoubleM' is nil and returns a value of type 'long double' that will be garbage // CHECK-darwin8: warning: The receiver of message 'longlongM' is nil and returns a value of type 'long long' that will be garbage // CHECK-darwin8: warning: The receiver of message 'doubleM' is nil and returns a value of type 'double' that will be garbage // CHECK-darwin8: warning: The receiver of message 'longlongM' is nil and returns a value of type 'long long' that will be garbage -// CHECK-darwin8: control reaches end of non-void function -// CHECK-darwin8: 5 diagnostics generated +// CHECK-darwin8: 5 warnings generated // CHECK-darwin9: control reaches end of non-void function -// CHECK-darwin9: 1 diagnostic generated +// CHECK-darwin9: 1 warning generated diff --git a/test/Analysis/null-deref-ps.c b/test/Analysis/null-deref-ps.c index 5376ca0eb356c..5a1049c7d71ec 100644 --- a/test/Analysis/null-deref-ps.c +++ b/test/Analysis/null-deref-ps.c @@ -62,8 +62,8 @@ int f4(int *p) { int f4_b() { short array[2]; - uintptr_t x = array; // expected-warning{{incompatible pointer to integer conversion initializing}} - short *p = x; // expected-warning{{incompatible integer to pointer conversion initializing}} + uintptr_t x = array; // expected-warning{{incompatible pointer to integer conversion}} + short *p = x; // expected-warning{{incompatible integer to pointer conversion}} // The following branch should be infeasible. if (!(p = &array[0])) { diff --git a/test/Analysis/override-werror.c b/test/Analysis/override-werror.c index 522b9dcb94e75..f4854bb819ad9 100644 --- a/test/Analysis/override-werror.c +++ b/test/Analysis/override-werror.c @@ -6,7 +6,7 @@ // analyzer results. char* f(int *p) { - return p; // expected-warning{{incompatible pointer types returning 'int *', expected 'char *'}} + return p; // expected-warning{{incompatible pointer types}} } void g(int *p) { diff --git a/test/Analysis/unix-fns.c b/test/Analysis/unix-fns.c index 777ad197987d3..9d036ac7b5c60 100644 --- a/test/Analysis/unix-fns.c +++ b/test/Analysis/unix-fns.c @@ -1,11 +1,24 @@ -// RUN: %clang_cc1 -analyze -analyzer-check-objc-mem %s -analyzer-store=region -// RUN: %clang_cc1 -analyze -analyzer-check-objc-mem %s -analyzer-store=basic +// RUN: %clang_cc1 -triple x86_64-apple-darwin10 -analyze -analyzer-check-objc-mem %s -analyzer-store=region -fblocks -verify +// RUN: %clang_cc1 -triple x86_64-apple-darwin10 -analyze -analyzer-check-objc-mem %s -analyzer-store=basic -fblocks -verify + +struct _opaque_pthread_once_t { + long __sig; + char __opaque[8]; +}; +typedef struct _opaque_pthread_once_t __darwin_pthread_once_t; +typedef __darwin_pthread_once_t pthread_once_t; +int pthread_once(pthread_once_t *, void (*)(void)); + +typedef void (^dispatch_block_t)(void); +typedef long dispatch_once_t; +void dispatch_once(dispatch_once_t *predicate, dispatch_block_t block); #ifndef O_CREAT #define O_CREAT 0x0200 #define O_RDONLY 0x0000 #endif int open(const char *, int, ...); +int close(int fildes); void test_open(const char *path) { int fd; @@ -17,3 +30,23 @@ void test_open(const char *path) { if (!fd) close(fd); } + +void test_dispatch_once() { + dispatch_once_t pred = 0; + do { if (__builtin_expect(*(&pred), ~0l) != ~0l) dispatch_once((&pred), (^() {})); } while (0); // expected-warning{{Call to 'dispatch_once' uses the local variable 'pred' for the predicate value}} +} +void test_dispatch_once_neg() { + static dispatch_once_t pred = 0; + do { if (__builtin_expect(*(&pred), ~0l) != ~0l) dispatch_once((&pred), (^() {})); } while (0); // no-warning +} + +void test_pthread_once_aux(); + +void test_pthread_once() { + pthread_once_t pred = {0x30B1BCBA, {0}}; + pthread_once(&pred, test_pthread_once_aux); // expected-warning{{Call to 'pthread_once' uses the local variable 'pred' for the "control" value}} +} +void test_pthread_once_neg() { + static pthread_once_t pred = {0x30B1BCBA, {0}}; + pthread_once(&pred, test_pthread_once_aux); // no-warning +} |