diff options
Diffstat (limited to 'test/Analysis')
-rw-r--r-- | test/Analysis/misc-ps-eager-assume.m | 43 | ||||
-rw-r--r-- | test/Analysis/misc-ps-region-store.m | 59 | ||||
-rw-r--r-- | test/Analysis/misc-ps.m | 10 | ||||
-rw-r--r-- | test/Analysis/outofbound.c | 2 | ||||
-rw-r--r-- | test/Analysis/retain-release-gc-only.m | 11 | ||||
-rw-r--r-- | test/Analysis/retain-release.m | 26 | ||||
-rw-r--r-- | test/Analysis/uninit-vals-ps-region.c | 15 | ||||
-rw-r--r-- | test/Analysis/unused-ivars.m | 22 |
8 files changed, 183 insertions, 5 deletions
diff --git a/test/Analysis/misc-ps-eager-assume.m b/test/Analysis/misc-ps-eager-assume.m index 818922eba925..db1a80b8efd9 100644 --- a/test/Analysis/misc-ps-eager-assume.m +++ b/test/Analysis/misc-ps-eager-assume.m @@ -77,3 +77,46 @@ void pr3836(int *a, int *b) { *a = 1; // no-warning *b = 1; // no-warning } + + +//===---------------------------------------------------------------------===// +// <rdar://problem/7342806> +// This false positive occured because the symbolic constraint on a short was +// not maintained via sign extension. The analyzer doesn't properly handle +// the sign extension, but now tracks the constraint. This particular +// case relies on -analyzer-eagerly-assume because of the expression +// 'Flag1 != Count > 0'. +//===---------------------------------------------------------------------===// + +void rdar7342806_aux(short x); + +void rdar7342806() { + extern short Count; + extern short Flag1; + + short *Pointer = 0; + short Flag2 = !!Pointer; // Flag2 is false (0). + short Ok = 1; + short Which; + + if( Flag1 != Count > 0 ) + // Static analyzer skips this so either + // Flag1 is true and Count > 0 + // or + // Flag1 is false and Count <= 0 + Ok = 0; + + if( Flag1 != Flag2 ) + // Analyzer skips this so Flag1 and Flag2 have the + // same value, both are false because Flag2 is false. And + // from that we know Count must be <= 0. + Ok = 0; + + for( Which = 0; + Which < Count && Ok; + Which++ ) + // This statement can only execute if Count > 0 which can only + // happen when Flag1 and Flag2 are both true and Flag2 will only + // be true when Pointer is not NULL. + rdar7342806_aux(*Pointer); // no-warning +} diff --git a/test/Analysis/misc-ps-region-store.m b/test/Analysis/misc-ps-region-store.m index b6fff102a701..4cde7726b49b 100644 --- a/test/Analysis/misc-ps-region-store.m +++ b/test/Analysis/misc-ps-region-store.m @@ -372,3 +372,62 @@ void doSomething_7312221_with_struct(struct rdar_7312221_container *Self) { } } +//===----------------------------------------------------------------------===// +// <rdar://problem/7332673> - Just more tests cases for regions +//===----------------------------------------------------------------------===// + +void rdar_7332673_test1() { + char value[1]; + if ( *(value) != 1 ) {} // expected-warning{{The left operand of '!=' is a garbage value}} +} +void rdar_rdar_7332673_test2_aux(char *x); +void rdar_7332673_test2() { + char *value; + if ( rdar_7332673_test2_aux(value) != 1 ) {} // expected-warning{{Pass-by-value argument in function call is undefined}} +} + +//===----------------------------------------------------------------------===// +// <rdar://problem/7347252>: Because of a bug in +// RegionStoreManager::RemoveDeadBindings(), the symbol for s->session->p +// would incorrectly be pruned from the state after the call to +// rdar7347252_malloc1(), and would incorrectly result in a warning about +// passing a null pointer to rdar7347252_memcpy(). +//===----------------------------------------------------------------------===// + +struct rdar7347252_AA { char *p;}; +typedef struct { + struct rdar7347252_AA *session; + int t; + char *q; +} rdar7347252_SSL1; + +int rdar7347252_f(rdar7347252_SSL1 *s); +char *rdar7347252_malloc1(int); +char *rdar7347252_memcpy1(char *d, char *s, int n) __attribute__((nonnull (1,2))); + +int rdar7347252(rdar7347252_SSL1 *s) { + rdar7347252_f(s); // the SymbolicRegion of 's' is set a default binding of conjured symbol + if (s->session->p == ((void*)0)) { + if ((s->session->p = rdar7347252_malloc1(10)) == ((void*)0)) { + return 0; + } + rdar7347252_memcpy1(s->session->p, "aa", 2); // no-warning + } + return 0; +} + +//===----------------------------------------------------------------------===// +// PR 5316 - "crash when accessing field of lazy compound value" +// Previously this caused a crash at the MemberExpr '.chr' when loading +// a field value from a LazyCompoundVal +//===----------------------------------------------------------------------===// + +typedef unsigned int pr5316_wint_t; +typedef pr5316_wint_t pr5316_REFRESH_CHAR; +typedef struct { + pr5316_REFRESH_CHAR chr; +} +pr5316_REFRESH_ELEMENT; +static void pr5316(pr5316_REFRESH_ELEMENT *dst, const pr5316_REFRESH_ELEMENT *src) { + while ((*dst++ = *src++).chr != L'\0') ; +} diff --git a/test/Analysis/misc-ps.m b/test/Analysis/misc-ps.m index fcc13a39a461..947b41ae794c 100644 --- a/test/Analysis/misc-ps.m +++ b/test/Analysis/misc-ps.m @@ -121,12 +121,12 @@ void check_zero_sized_VLA(int x) { if (x) return; - int vla[x]; // expected-warning{{Variable-length array 'vla' has zero elements (undefined behavior)}} + int vla[x]; // expected-warning{{Declare variable-length array (VLA) of zero size}} } void check_uninit_sized_VLA() { int x; - int vla[x]; // expected-warning{{Variable-length array 'vla' garbage value for array size}} + int vla[x]; // expected-warning{{Declare variable-length array (VLA) of undefined size}} } // sizeof(void) @@ -154,6 +154,12 @@ void handle_sizeof_void(unsigned flag) { *p = 1; // no-warning } +// check deference of undefined values +void check_deref_undef(void) { + int *p; + *p = 0xDEADBEEF; // expected-warning{{Dereference of undefined pointer value}} +} + // PR 3422 void pr3422_helper(char *p); void pr3422() { diff --git a/test/Analysis/outofbound.c b/test/Analysis/outofbound.c index 568f14329e9b..e676ea3b3889 100644 --- a/test/Analysis/outofbound.c +++ b/test/Analysis/outofbound.c @@ -1,5 +1,5 @@ // RUN: clang-cc -analyze -checker-cfref -analyzer-store=region -verify %s -// XFAIL +// XFAIL: * char f1() { char* s = "abcd"; diff --git a/test/Analysis/retain-release-gc-only.m b/test/Analysis/retain-release-gc-only.m index 2833b02f0771..e27cfe758aaf 100644 --- a/test/Analysis/retain-release-gc-only.m +++ b/test/Analysis/retain-release-gc-only.m @@ -92,6 +92,7 @@ typedef struct _NSZone NSZone; + (id)allocWithZone:(NSZone *)zone; + (id)alloc; - (void)dealloc; +- (void)release; @end @interface NSObject (NSCoderMethods) - (id)awakeAfterUsingCoder:(NSCoder *)aDecoder; @@ -322,6 +323,16 @@ void rdar_7174400(QCView *view, QCRenderer *renderer, CIContext *context, } //===----------------------------------------------------------------------===// +// <rdar://problem/6250216> Warn against using -[NSAutoreleasePool release] in +// GC mode +//===----------------------------------------------------------------------===// + +void rdar_6250216(void) { + NSAutoreleasePool * pool = [[NSAutoreleasePool alloc] init]; + [pool release]; // expected-warning{{Use -drain instead of -release when using NSAutoreleasePool and garbage collection}} +} + +//===----------------------------------------------------------------------===// // Tests of ownership attributes. //===----------------------------------------------------------------------===// diff --git a/test/Analysis/retain-release.m b/test/Analysis/retain-release.m index e620037b2c14..879e8a0413b4 100644 --- a/test/Analysis/retain-release.m +++ b/test/Analysis/retain-release.m @@ -1098,6 +1098,32 @@ CVReturn rdar_7283567_2(CFAllocatorRef allocator, size_t width, size_t height, } //===----------------------------------------------------------------------===// +// <rdar://problem/7358899> False leak associated with +// CGBitmapContextCreateWithData +//===----------------------------------------------------------------------===// +typedef uint32_t CGBitmapInfo; +typedef void (*CGBitmapContextReleaseDataCallback)(void *releaseInfo, void *data); + +CGContextRef CGBitmapContextCreateWithData(void *data, + size_t width, size_t height, size_t bitsPerComponent, + size_t bytesPerRow, CGColorSpaceRef space, CGBitmapInfo bitmapInfo, + CGBitmapContextReleaseDataCallback releaseCallback, void *releaseInfo); + +void rdar_7358899(void *data, + size_t width, size_t height, size_t bitsPerComponent, + size_t bytesPerRow, CGColorSpaceRef space, CGBitmapInfo bitmapInfo, + CGBitmapContextReleaseDataCallback releaseCallback) { + + // For the allocated object, it doesn't really matter what type it is + // for the purpose of this test. All we want to show is that + // this is freed later by the callback. + NSNumber *number = [[NSNumber alloc] initWithInt:5]; // no-warning + + CGBitmapContextCreateWithData(data, width, height, bitsPerComponent, // expected-warning{{leak}} + bytesPerRow, space, bitmapInfo, releaseCallback, number); +} + +//===----------------------------------------------------------------------===// // <rdar://problem/7265711> allow 'new', 'copy', 'alloc', 'init' prefix to // start before '_' when determining Cocoa fundamental rule // diff --git a/test/Analysis/uninit-vals-ps-region.c b/test/Analysis/uninit-vals-ps-region.c index 1561f11c9937..e927a92576e2 100644 --- a/test/Analysis/uninit-vals-ps-region.c +++ b/test/Analysis/uninit-vals-ps-region.c @@ -24,9 +24,20 @@ void test_uninit_pos() { struct TestUninit v1 = { 0, 0 }; struct TestUninit v2 = test_uninit_aux(); int z; - v1.y = z; - test_unit_aux2(v2.x + v1.y); // expected-warning{{The right operand of '+' is a garbage value}} + v1.y = z; // expected-warning{{Assigned value is garbage or undefined}} + test_unit_aux2(v2.x + v1.y); } +void test_uninit_pos_2() { + struct TestUninit v1 = { 0, 0 }; + struct TestUninit v2; + test_unit_aux2(v2.x + v1.y); // expected-warning{{The left operand of '+' is a garbage value}} +} +void test_uninit_pos_3() { + struct TestUninit v1 = { 0, 0 }; + struct TestUninit v2; + test_unit_aux2(v1.y + v2.x); // expected-warning{{The right operand of '+' is a garbage value}} +} + void test_uninit_neg() { struct TestUninit v1 = { 0, 0 }; struct TestUninit v2 = test_uninit_aux(); diff --git a/test/Analysis/unused-ivars.m b/test/Analysis/unused-ivars.m index aacd44e7e677..9e9360da50c6 100644 --- a/test/Analysis/unused-ivars.m +++ b/test/Analysis/unused-ivars.m @@ -43,3 +43,25 @@ b(); } @end + +//===----------------------------------------------------------------------===// +// <rdar://problem/6260004> Detect that ivar is in use, if used in category +// in the same file as the implementation +//===----------------------------------------------------------------------===// + +@protocol Protocol6260004 +- (id) getId; +@end + +@interface RDar6260004 { +@private + id x; // no-warning +} +@end +@implementation RDar6260004 @end +@implementation RDar6260004 (Protocol6260004) +- (id) getId { + return x; +} +@end + |