aboutsummaryrefslogtreecommitdiff
path: root/test/Analysis
diff options
context:
space:
mode:
Diffstat (limited to 'test/Analysis')
-rw-r--r--test/Analysis/misc-ps-eager-assume.m43
-rw-r--r--test/Analysis/misc-ps-region-store.m59
-rw-r--r--test/Analysis/misc-ps.m10
-rw-r--r--test/Analysis/outofbound.c2
-rw-r--r--test/Analysis/retain-release-gc-only.m11
-rw-r--r--test/Analysis/retain-release.m26
-rw-r--r--test/Analysis/uninit-vals-ps-region.c15
-rw-r--r--test/Analysis/unused-ivars.m22
8 files changed, 183 insertions, 5 deletions
diff --git a/test/Analysis/misc-ps-eager-assume.m b/test/Analysis/misc-ps-eager-assume.m
index 818922eba925..db1a80b8efd9 100644
--- a/test/Analysis/misc-ps-eager-assume.m
+++ b/test/Analysis/misc-ps-eager-assume.m
@@ -77,3 +77,46 @@ void pr3836(int *a, int *b) {
*a = 1; // no-warning
*b = 1; // no-warning
}
+
+
+//===---------------------------------------------------------------------===//
+// <rdar://problem/7342806>
+// This false positive occured because the symbolic constraint on a short was
+// not maintained via sign extension. The analyzer doesn't properly handle
+// the sign extension, but now tracks the constraint. This particular
+// case relies on -analyzer-eagerly-assume because of the expression
+// 'Flag1 != Count > 0'.
+//===---------------------------------------------------------------------===//
+
+void rdar7342806_aux(short x);
+
+void rdar7342806() {
+ extern short Count;
+ extern short Flag1;
+
+ short *Pointer = 0;
+ short Flag2 = !!Pointer; // Flag2 is false (0).
+ short Ok = 1;
+ short Which;
+
+ if( Flag1 != Count > 0 )
+ // Static analyzer skips this so either
+ // Flag1 is true and Count > 0
+ // or
+ // Flag1 is false and Count <= 0
+ Ok = 0;
+
+ if( Flag1 != Flag2 )
+ // Analyzer skips this so Flag1 and Flag2 have the
+ // same value, both are false because Flag2 is false. And
+ // from that we know Count must be <= 0.
+ Ok = 0;
+
+ for( Which = 0;
+ Which < Count && Ok;
+ Which++ )
+ // This statement can only execute if Count > 0 which can only
+ // happen when Flag1 and Flag2 are both true and Flag2 will only
+ // be true when Pointer is not NULL.
+ rdar7342806_aux(*Pointer); // no-warning
+}
diff --git a/test/Analysis/misc-ps-region-store.m b/test/Analysis/misc-ps-region-store.m
index b6fff102a701..4cde7726b49b 100644
--- a/test/Analysis/misc-ps-region-store.m
+++ b/test/Analysis/misc-ps-region-store.m
@@ -372,3 +372,62 @@ void doSomething_7312221_with_struct(struct rdar_7312221_container *Self) {
}
}
+//===----------------------------------------------------------------------===//
+// <rdar://problem/7332673> - Just more tests cases for regions
+//===----------------------------------------------------------------------===//
+
+void rdar_7332673_test1() {
+ char value[1];
+ if ( *(value) != 1 ) {} // expected-warning{{The left operand of '!=' is a garbage value}}
+}
+void rdar_rdar_7332673_test2_aux(char *x);
+void rdar_7332673_test2() {
+ char *value;
+ if ( rdar_7332673_test2_aux(value) != 1 ) {} // expected-warning{{Pass-by-value argument in function call is undefined}}
+}
+
+//===----------------------------------------------------------------------===//
+// <rdar://problem/7347252>: Because of a bug in
+// RegionStoreManager::RemoveDeadBindings(), the symbol for s->session->p
+// would incorrectly be pruned from the state after the call to
+// rdar7347252_malloc1(), and would incorrectly result in a warning about
+// passing a null pointer to rdar7347252_memcpy().
+//===----------------------------------------------------------------------===//
+
+struct rdar7347252_AA { char *p;};
+typedef struct {
+ struct rdar7347252_AA *session;
+ int t;
+ char *q;
+} rdar7347252_SSL1;
+
+int rdar7347252_f(rdar7347252_SSL1 *s);
+char *rdar7347252_malloc1(int);
+char *rdar7347252_memcpy1(char *d, char *s, int n) __attribute__((nonnull (1,2)));
+
+int rdar7347252(rdar7347252_SSL1 *s) {
+ rdar7347252_f(s); // the SymbolicRegion of 's' is set a default binding of conjured symbol
+ if (s->session->p == ((void*)0)) {
+ if ((s->session->p = rdar7347252_malloc1(10)) == ((void*)0)) {
+ return 0;
+ }
+ rdar7347252_memcpy1(s->session->p, "aa", 2); // no-warning
+ }
+ return 0;
+}
+
+//===----------------------------------------------------------------------===//
+// PR 5316 - "crash when accessing field of lazy compound value"
+// Previously this caused a crash at the MemberExpr '.chr' when loading
+// a field value from a LazyCompoundVal
+//===----------------------------------------------------------------------===//
+
+typedef unsigned int pr5316_wint_t;
+typedef pr5316_wint_t pr5316_REFRESH_CHAR;
+typedef struct {
+ pr5316_REFRESH_CHAR chr;
+}
+pr5316_REFRESH_ELEMENT;
+static void pr5316(pr5316_REFRESH_ELEMENT *dst, const pr5316_REFRESH_ELEMENT *src) {
+ while ((*dst++ = *src++).chr != L'\0') ;
+}
diff --git a/test/Analysis/misc-ps.m b/test/Analysis/misc-ps.m
index fcc13a39a461..947b41ae794c 100644
--- a/test/Analysis/misc-ps.m
+++ b/test/Analysis/misc-ps.m
@@ -121,12 +121,12 @@ void check_zero_sized_VLA(int x) {
if (x)
return;
- int vla[x]; // expected-warning{{Variable-length array 'vla' has zero elements (undefined behavior)}}
+ int vla[x]; // expected-warning{{Declare variable-length array (VLA) of zero size}}
}
void check_uninit_sized_VLA() {
int x;
- int vla[x]; // expected-warning{{Variable-length array 'vla' garbage value for array size}}
+ int vla[x]; // expected-warning{{Declare variable-length array (VLA) of undefined size}}
}
// sizeof(void)
@@ -154,6 +154,12 @@ void handle_sizeof_void(unsigned flag) {
*p = 1; // no-warning
}
+// check deference of undefined values
+void check_deref_undef(void) {
+ int *p;
+ *p = 0xDEADBEEF; // expected-warning{{Dereference of undefined pointer value}}
+}
+
// PR 3422
void pr3422_helper(char *p);
void pr3422() {
diff --git a/test/Analysis/outofbound.c b/test/Analysis/outofbound.c
index 568f14329e9b..e676ea3b3889 100644
--- a/test/Analysis/outofbound.c
+++ b/test/Analysis/outofbound.c
@@ -1,5 +1,5 @@
// RUN: clang-cc -analyze -checker-cfref -analyzer-store=region -verify %s
-// XFAIL
+// XFAIL: *
char f1() {
char* s = "abcd";
diff --git a/test/Analysis/retain-release-gc-only.m b/test/Analysis/retain-release-gc-only.m
index 2833b02f0771..e27cfe758aaf 100644
--- a/test/Analysis/retain-release-gc-only.m
+++ b/test/Analysis/retain-release-gc-only.m
@@ -92,6 +92,7 @@ typedef struct _NSZone NSZone;
+ (id)allocWithZone:(NSZone *)zone;
+ (id)alloc;
- (void)dealloc;
+- (void)release;
@end
@interface NSObject (NSCoderMethods)
- (id)awakeAfterUsingCoder:(NSCoder *)aDecoder;
@@ -322,6 +323,16 @@ void rdar_7174400(QCView *view, QCRenderer *renderer, CIContext *context,
}
//===----------------------------------------------------------------------===//
+// <rdar://problem/6250216> Warn against using -[NSAutoreleasePool release] in
+// GC mode
+//===----------------------------------------------------------------------===//
+
+void rdar_6250216(void) {
+ NSAutoreleasePool * pool = [[NSAutoreleasePool alloc] init];
+ [pool release]; // expected-warning{{Use -drain instead of -release when using NSAutoreleasePool and garbage collection}}
+}
+
+//===----------------------------------------------------------------------===//
// Tests of ownership attributes.
//===----------------------------------------------------------------------===//
diff --git a/test/Analysis/retain-release.m b/test/Analysis/retain-release.m
index e620037b2c14..879e8a0413b4 100644
--- a/test/Analysis/retain-release.m
+++ b/test/Analysis/retain-release.m
@@ -1098,6 +1098,32 @@ CVReturn rdar_7283567_2(CFAllocatorRef allocator, size_t width, size_t height,
}
//===----------------------------------------------------------------------===//
+// <rdar://problem/7358899> False leak associated with
+// CGBitmapContextCreateWithData
+//===----------------------------------------------------------------------===//
+typedef uint32_t CGBitmapInfo;
+typedef void (*CGBitmapContextReleaseDataCallback)(void *releaseInfo, void *data);
+
+CGContextRef CGBitmapContextCreateWithData(void *data,
+ size_t width, size_t height, size_t bitsPerComponent,
+ size_t bytesPerRow, CGColorSpaceRef space, CGBitmapInfo bitmapInfo,
+ CGBitmapContextReleaseDataCallback releaseCallback, void *releaseInfo);
+
+void rdar_7358899(void *data,
+ size_t width, size_t height, size_t bitsPerComponent,
+ size_t bytesPerRow, CGColorSpaceRef space, CGBitmapInfo bitmapInfo,
+ CGBitmapContextReleaseDataCallback releaseCallback) {
+
+ // For the allocated object, it doesn't really matter what type it is
+ // for the purpose of this test. All we want to show is that
+ // this is freed later by the callback.
+ NSNumber *number = [[NSNumber alloc] initWithInt:5]; // no-warning
+
+ CGBitmapContextCreateWithData(data, width, height, bitsPerComponent, // expected-warning{{leak}}
+ bytesPerRow, space, bitmapInfo, releaseCallback, number);
+}
+
+//===----------------------------------------------------------------------===//
// <rdar://problem/7265711> allow 'new', 'copy', 'alloc', 'init' prefix to
// start before '_' when determining Cocoa fundamental rule
//
diff --git a/test/Analysis/uninit-vals-ps-region.c b/test/Analysis/uninit-vals-ps-region.c
index 1561f11c9937..e927a92576e2 100644
--- a/test/Analysis/uninit-vals-ps-region.c
+++ b/test/Analysis/uninit-vals-ps-region.c
@@ -24,9 +24,20 @@ void test_uninit_pos() {
struct TestUninit v1 = { 0, 0 };
struct TestUninit v2 = test_uninit_aux();
int z;
- v1.y = z;
- test_unit_aux2(v2.x + v1.y); // expected-warning{{The right operand of '+' is a garbage value}}
+ v1.y = z; // expected-warning{{Assigned value is garbage or undefined}}
+ test_unit_aux2(v2.x + v1.y);
}
+void test_uninit_pos_2() {
+ struct TestUninit v1 = { 0, 0 };
+ struct TestUninit v2;
+ test_unit_aux2(v2.x + v1.y); // expected-warning{{The left operand of '+' is a garbage value}}
+}
+void test_uninit_pos_3() {
+ struct TestUninit v1 = { 0, 0 };
+ struct TestUninit v2;
+ test_unit_aux2(v1.y + v2.x); // expected-warning{{The right operand of '+' is a garbage value}}
+}
+
void test_uninit_neg() {
struct TestUninit v1 = { 0, 0 };
struct TestUninit v2 = test_uninit_aux();
diff --git a/test/Analysis/unused-ivars.m b/test/Analysis/unused-ivars.m
index aacd44e7e677..9e9360da50c6 100644
--- a/test/Analysis/unused-ivars.m
+++ b/test/Analysis/unused-ivars.m
@@ -43,3 +43,25 @@
b();
}
@end
+
+//===----------------------------------------------------------------------===//
+// <rdar://problem/6260004> Detect that ivar is in use, if used in category
+// in the same file as the implementation
+//===----------------------------------------------------------------------===//
+
+@protocol Protocol6260004
+- (id) getId;
+@end
+
+@interface RDar6260004 {
+@private
+ id x; // no-warning
+}
+@end
+@implementation RDar6260004 @end
+@implementation RDar6260004 (Protocol6260004)
+- (id) getId {
+ return x;
+}
+@end
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-25 03:08:48 +0000