head 1.1; branch 1.1.1; access; symbols netbsd-11-0-RC4:1.1.1.7 netbsd-11-0-RC3:1.1.1.7 netbsd-11-0-RC2:1.1.1.7 netbsd-11-0-RC1:1.1.1.7 perseant-exfatfs-base-20250801:1.1.1.7 netbsd-11:1.1.1.7.0.10 netbsd-11-base:1.1.1.7 netbsd-10-1-RELEASE:1.1.1.7 perseant-exfatfs-base-20240630:1.1.1.7 perseant-exfatfs:1.1.1.7.0.8 perseant-exfatfs-base:1.1.1.7 netbsd-8-3-RELEASE:1.1.1.4 netbsd-9-4-RELEASE:1.1.1.6 netbsd-10-0-RELEASE:1.1.1.7 netbsd-10-0-RC6:1.1.1.7 netbsd-10-0-RC5:1.1.1.7 netbsd-10-0-RC4:1.1.1.7 netbsd-10-0-RC3:1.1.1.7 netbsd-10-0-RC2:1.1.1.7 netbsd-10-0-RC1:1.1.1.7 netbsd-10:1.1.1.7.0.6 netbsd-10-base:1.1.1.7 netbsd-9-3-RELEASE:1.1.1.6 cjep_sun2x:1.1.1.7.0.4 cjep_sun2x-base:1.1.1.7 cjep_staticlib_x-base1:1.1.1.7 netbsd-9-2-RELEASE:1.1.1.6 cjep_staticlib_x:1.1.1.7.0.2 cjep_staticlib_x-base:1.1.1.7 netbsd-9-1-RELEASE:1.1.1.6 phil-wifi-20200421:1.1.1.7 phil-wifi-20200411:1.1.1.7 phil-wifi-20200406:1.1.1.7 netbsd-8-2-RELEASE:1.1.1.4 netbsd-9-0-RELEASE:1.1.1.6 netbsd-9-0-RC2:1.1.1.6 netbsd-9-0-RC1:1.1.1.6 netbsd-9:1.1.1.6.0.2 netbsd-9-base:1.1.1.6 phil-wifi-20190609:1.1.1.6 netbsd-8-1-RELEASE:1.1.1.4 netbsd-8-1-RC1:1.1.1.4 pgoyette-compat-merge-20190127:1.1.1.5.2.1 pgoyette-compat-20190127:1.1.1.6 pgoyette-compat-20190118:1.1.1.6 pgoyette-compat-1226:1.1.1.6 pgoyette-compat-1126:1.1.1.6 pgoyette-compat-1020:1.1.1.6 pgoyette-compat-0930:1.1.1.6 pgoyette-compat-0906:1.1.1.6 netbsd-7-2-RELEASE:1.1.1.2 pgoyette-compat-0728:1.1.1.6 clang-337282:1.1.1.6 netbsd-8-0-RELEASE:1.1.1.4 phil-wifi:1.1.1.5.0.4 phil-wifi-base:1.1.1.5 pgoyette-compat-0625:1.1.1.5 netbsd-8-0-RC2:1.1.1.4 pgoyette-compat-0521:1.1.1.5 pgoyette-compat-0502:1.1.1.5 pgoyette-compat-0422:1.1.1.5 netbsd-8-0-RC1:1.1.1.4 pgoyette-compat-0415:1.1.1.5 pgoyette-compat-0407:1.1.1.5 pgoyette-compat-0330:1.1.1.5 pgoyette-compat-0322:1.1.1.5 pgoyette-compat-0315:1.1.1.5 netbsd-7-1-2-RELEASE:1.1.1.2 pgoyette-compat:1.1.1.5.0.2 pgoyette-compat-base:1.1.1.5 netbsd-7-1-1-RELEASE:1.1.1.2 clang-319952:1.1.1.5 matt-nb8-mediatek:1.1.1.4.0.10 matt-nb8-mediatek-base:1.1.1.4 clang-309604:1.1.1.5 perseant-stdc-iso10646:1.1.1.4.0.8 perseant-stdc-iso10646-base:1.1.1.4 netbsd-8:1.1.1.4.0.6 netbsd-8-base:1.1.1.4 prg-localcount2-base3:1.1.1.4 prg-localcount2-base2:1.1.1.4 prg-localcount2-base1:1.1.1.4 prg-localcount2:1.1.1.4.0.4 prg-localcount2-base:1.1.1.4 pgoyette-localcount-20170426:1.1.1.4 bouyer-socketcan-base1:1.1.1.4 pgoyette-localcount-20170320:1.1.1.4 netbsd-7-1:1.1.1.2.0.14 netbsd-7-1-RELEASE:1.1.1.2 netbsd-7-1-RC2:1.1.1.2 clang-294123:1.1.1.4 netbsd-7-nhusb-base-20170116:1.1.1.2 bouyer-socketcan:1.1.1.4.0.2 bouyer-socketcan-base:1.1.1.4 clang-291444:1.1.1.4 pgoyette-localcount-20170107:1.1.1.3 netbsd-7-1-RC1:1.1.1.2 pgoyette-localcount-20161104:1.1.1.3 netbsd-7-0-2-RELEASE:1.1.1.2 localcount-20160914:1.1.1.3 netbsd-7-nhusb:1.1.1.2.0.12 netbsd-7-nhusb-base:1.1.1.2 clang-280599:1.1.1.3 pgoyette-localcount-20160806:1.1.1.3 pgoyette-localcount-20160726:1.1.1.3 pgoyette-localcount:1.1.1.3.0.2 pgoyette-localcount-base:1.1.1.3 netbsd-7-0-1-RELEASE:1.1.1.2 clang-261930:1.1.1.3 netbsd-7-0:1.1.1.2.0.10 netbsd-7-0-RELEASE:1.1.1.2 netbsd-7-0-RC3:1.1.1.2 netbsd-7-0-RC2:1.1.1.2 netbsd-7-0-RC1:1.1.1.2 clang-237755:1.1.1.2 clang-232565:1.1.1.2 clang-227398:1.1.1.2 tls-maxphys-base:1.1.1.2 tls-maxphys:1.1.1.2.0.8 netbsd-7:1.1.1.2.0.6 netbsd-7-base:1.1.1.2 clang-215315:1.1.1.2 clang-209886:1.1.1.2 yamt-pagecache:1.1.1.2.0.4 yamt-pagecache-base9:1.1.1.2 tls-earlyentropy:1.1.1.2.0.2 tls-earlyentropy-base:1.1.1.2 riastradh-xf86-video-intel-2-7-1-pre-2-21-15:1.1.1.2 riastradh-drm2-base3:1.1.1.2 clang-202566:1.1.1.2 clang-201163:1.1.1.2 clang-199312:1.1.1.1 clang-198450:1.1.1.1 clang-196603:1.1.1.1 clang-195771:1.1.1.1 LLVM:1.1.1; locks; strict; comment @// @; 1.1 date 2013.11.28.14.14.57; author joerg; state Exp; branches 1.1.1.1; next ; commitid ow8OybrawrB1f3fx; 1.1.1.1 date 2013.11.28.14.14.57; author joerg; state Exp; branches; next 1.1.1.2; commitid ow8OybrawrB1f3fx; 1.1.1.2 date 2014.02.14.20.07.31; author joerg; state Exp; branches 1.1.1.2.4.1 1.1.1.2.8.1; next 1.1.1.3; commitid annVkZ1sc17rF6px; 1.1.1.3 date 2016.02.27.22.10.19; author joerg; state Exp; branches 1.1.1.3.2.1; next 1.1.1.4; commitid tIimz3oDlh1NpBWy; 1.1.1.4 date 2017.01.11.10.37.06; author joerg; state Exp; branches; next 1.1.1.5; commitid CNnUNfII1jgNmxBz; 1.1.1.5 date 2017.08.01.19.34.40; author joerg; state Exp; branches 1.1.1.5.2.1 1.1.1.5.4.1; next 1.1.1.6; commitid pMuDy65V0VicSx1A; 1.1.1.6 date 2018.07.17.18.31.45; author joerg; state Exp; branches; next 1.1.1.7; commitid wDzL46ALjrCZgwKA; 1.1.1.7 date 2019.11.13.22.19.39; author joerg; state dead; branches; next ; commitid QD8YATxuNG34YJKB; 1.1.1.2.4.1 date 2014.02.14.20.07.31; author yamt; state dead; branches; next 1.1.1.2.4.2; commitid WSrDtL5nYAUyiyBx; 1.1.1.2.4.2 date 2014.05.22.16.18.34; author yamt; state Exp; branches; next ; commitid WSrDtL5nYAUyiyBx; 1.1.1.2.8.1 date 2014.02.14.20.07.31; author tls; state dead; branches; next 1.1.1.2.8.2; commitid jTnpym9Qu0o4R1Nx; 1.1.1.2.8.2 date 2014.08.19.23.47.35; author tls; state Exp; branches; next ; commitid jTnpym9Qu0o4R1Nx; 1.1.1.3.2.1 date 2017.03.20.06.52.47; author pgoyette; state Exp; branches; next ; commitid jjw7cAwgyKq7RfKz; 1.1.1.5.2.1 date 2018.07.28.04.33.28; author pgoyette; state Exp; branches; next ; commitid 1UP1xAIUxv1ZgRLA; 1.1.1.5.4.1 date 2019.06.10.21.45.35; author christos; state Exp; branches; next 1.1.1.5.4.2; commitid jtc8rnCzWiEEHGqB; 1.1.1.5.4.2 date 2020.04.13.07.46.50; author martin; state dead; branches; next ; commitid X01YhRUPVUDaec4C; desc @@ 1.1 log @Initial revision @ text @// RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.Malloc,debug.ExprInspection -analyzer-config ipa=inlining -verify %s void clang_analyzer_eval(bool); void clang_analyzer_checkInlined(bool); typedef __typeof__(sizeof(int)) size_t; extern "C" void *malloc(size_t); // This is the standard placement new. inline void* operator new(size_t, void* __p) throw() { return __p; } class A { public: int getZero() { return 0; } virtual int getNum() { return 0; } }; void test(A &a) { clang_analyzer_eval(a.getZero() == 0); // expected-warning{{TRUE}} clang_analyzer_eval(a.getNum() == 0); // expected-warning{{UNKNOWN}} A copy(a); clang_analyzer_eval(copy.getZero() == 0); // expected-warning{{TRUE}} clang_analyzer_eval(copy.getNum() == 0); // expected-warning{{TRUE}} } class One : public A { public: virtual int getNum() { return 1; } }; void testPathSensitivity(int x) { A a; One b; A *ptr; switch (x) { case 0: ptr = &a; break; case 1: ptr = &b; break; default: return; } // This should be true on both branches. clang_analyzer_eval(ptr->getNum() == x); // expected-warning {{TRUE}} } namespace PureVirtualParent { class Parent { public: virtual int pureVirtual() const = 0; int callVirtual() const { return pureVirtual(); } }; class Child : public Parent { public: virtual int pureVirtual() const { clang_analyzer_checkInlined(true); // expected-warning{{TRUE}} return 42; } }; void testVirtual() { Child x; clang_analyzer_eval(x.pureVirtual() == 42); // expected-warning{{TRUE}} clang_analyzer_eval(x.callVirtual() == 42); // expected-warning{{TRUE}} } } namespace PR13569 { class Parent { protected: int m_parent; virtual int impl() const = 0; Parent() : m_parent(0) {} public: int interface() const { clang_analyzer_checkInlined(true); // expected-warning{{TRUE}} return impl(); } }; class Child : public Parent { protected: virtual int impl() const { clang_analyzer_checkInlined(true); // expected-warning{{TRUE}} return m_parent + m_child; } public: Child() : m_child(0) {} int m_child; }; void testVirtual() { Child x; x.m_child = 42; // Don't crash when inlining and devirtualizing. x.interface(); } class Grandchild : public Child {}; void testDevirtualizeToMiddle() { Grandchild x; x.m_child = 42; // Don't crash when inlining and devirtualizing. x.interface(); } } namespace PR13569_virtual { class Parent { protected: int m_parent; virtual int impl() const = 0; Parent() : m_parent(0) {} public: int interface() const { clang_analyzer_checkInlined(true); // expected-warning{{TRUE}} return impl(); } }; class Child : virtual public Parent { protected: virtual int impl() const { clang_analyzer_checkInlined(true); // expected-warning{{TRUE}} return m_parent + m_child; } public: Child() : m_child(0) {} int m_child; }; void testVirtual() { Child x; x.m_child = 42; // Don't crash when inlining and devirtualizing. x.interface(); } class Grandchild : virtual public Child {}; void testDevirtualizeToMiddle() { Grandchild x; x.m_child = 42; // Don't crash when inlining and devirtualizing. x.interface(); } } namespace Invalidation { struct X { void touch(int &x) const { x = 0; } void touch2(int &x) const; virtual void touchV(int &x) const { x = 0; } virtual void touchV2(int &x) const; int test() const { // We were accidentally not invalidating under inlining // at one point for virtual methods with visible definitions. int a, b, c, d; touch(a); touch2(b); touchV(c); touchV2(d); return a + b + c + d; // no-warning } }; } namespace DefaultArgs { int takesDefaultArgs(int i = 42) { return -i; } void testFunction() { clang_analyzer_eval(takesDefaultArgs(1) == -1); // expected-warning{{TRUE}} clang_analyzer_eval(takesDefaultArgs() == -42); // expected-warning{{TRUE}} } class Secret { public: static const int value = 40 + 2; int get(int i = value) { return i; } }; void testMethod() { Secret obj; clang_analyzer_eval(obj.get(1) == 1); // expected-warning{{TRUE}} clang_analyzer_eval(obj.get() == 42); // expected-warning{{TRUE}} clang_analyzer_eval(Secret::value == 42); // expected-warning{{TRUE}} } enum ABC { A = 0, B = 1, C = 2 }; int enumUser(ABC input = B) { return static_cast(input); } void testEnum() { clang_analyzer_eval(enumUser(C) == 2); // expected-warning{{TRUE}} clang_analyzer_eval(enumUser() == 1); // expected-warning{{TRUE}} } int exprUser(int input = 2 * 4) { return input; } int complicatedExprUser(int input = 2 * Secret::value) { return input; } void testExprs() { clang_analyzer_eval(exprUser(1) == 1); // expected-warning{{TRUE}} clang_analyzer_eval(exprUser() == 8); // expected-warning{{TRUE}} clang_analyzer_eval(complicatedExprUser(1) == 1); // expected-warning{{TRUE}} clang_analyzer_eval(complicatedExprUser() == 84); // expected-warning{{TRUE}} } int defaultReference(const int &input = 42) { return -input; } int defaultReferenceZero(const int &input = 0) { return -input; } void testReference() { clang_analyzer_eval(defaultReference(1) == -1); // expected-warning{{TRUE}} clang_analyzer_eval(defaultReference() == -42); // expected-warning{{TRUE}} clang_analyzer_eval(defaultReferenceZero(1) == -1); // expected-warning{{TRUE}} clang_analyzer_eval(defaultReferenceZero() == 0); // expected-warning{{TRUE}} } double defaultFloatReference(const double &i = 42) { return -i; } double defaultFloatReferenceZero(const double &i = 0) { return -i; } void testFloatReference() { clang_analyzer_eval(defaultFloatReference(1) == -1); // expected-warning{{UNKNOWN}} clang_analyzer_eval(defaultFloatReference() == -42); // expected-warning{{UNKNOWN}} clang_analyzer_eval(defaultFloatReferenceZero(1) == -1); // expected-warning{{UNKNOWN}} clang_analyzer_eval(defaultFloatReferenceZero() == 0); // expected-warning{{UNKNOWN}} } char defaultString(const char *s = "abc") { return s[1]; } void testString() { clang_analyzer_eval(defaultString("xyz") == 'y'); // expected-warning{{TRUE}} clang_analyzer_eval(defaultString() == 'b'); // expected-warning{{TRUE}} } } namespace OperatorNew { class IntWrapper { public: int value; IntWrapper(int input) : value(input) { // We don't want this constructor to be inlined unless we can actually // use the proper region for operator new. // See PR12014 and . clang_analyzer_checkInlined(false); // no-warning } }; void test() { IntWrapper *obj = new IntWrapper(42); // should be TRUE clang_analyzer_eval(obj->value == 42); // expected-warning{{UNKNOWN}} delete obj; } void testPlacement() { IntWrapper *obj = static_cast(malloc(sizeof(IntWrapper))); IntWrapper *alias = new (obj) IntWrapper(42); clang_analyzer_eval(alias == obj); // expected-warning{{TRUE}} // should be TRUE clang_analyzer_eval(obj->value == 42); // expected-warning{{UNKNOWN}} } } namespace VirtualWithSisterCasts { // This entire set of tests exercises casts from sister classes and // from classes outside the hierarchy, which can very much confuse // code that uses DynamicTypeInfo or needs to construct CXXBaseObjectRegions. // These examples used to cause crashes in +Asserts builds. struct Parent { virtual int foo(); int x; }; struct A : Parent { virtual int foo() { return 42; } }; struct B : Parent { virtual int foo(); }; struct Grandchild : public A {}; struct Unrelated {}; void testDowncast(Parent *b) { A *a = (A *)(void *)b; clang_analyzer_eval(a->foo() == 42); // expected-warning{{UNKNOWN}} a->x = 42; clang_analyzer_eval(a->x == 42); // expected-warning{{TRUE}} } void testRelated(B *b) { A *a = (A *)(void *)b; clang_analyzer_eval(a->foo() == 42); // expected-warning{{UNKNOWN}} a->x = 42; clang_analyzer_eval(a->x == 42); // expected-warning{{TRUE}} } void testUnrelated(Unrelated *b) { A *a = (A *)(void *)b; clang_analyzer_eval(a->foo() == 42); // expected-warning{{UNKNOWN}} a->x = 42; clang_analyzer_eval(a->x == 42); // expected-warning{{TRUE}} } void testCastViaNew(B *b) { Grandchild *g = new (b) Grandchild(); clang_analyzer_eval(g->foo() == 42); // expected-warning{{TRUE}} g->x = 42; clang_analyzer_eval(g->x == 42); // expected-warning{{TRUE}} } } namespace QualifiedCalls { void test(One *object) { // This uses the One class from the top of the file. clang_analyzer_eval(object->getNum() == 1); // expected-warning{{UNKNOWN}} clang_analyzer_eval(object->One::getNum() == 1); // expected-warning{{TRUE}} clang_analyzer_eval(object->A::getNum() == 0); // expected-warning{{TRUE}} // getZero is non-virtual. clang_analyzer_eval(object->getZero() == 0); // expected-warning{{TRUE}} clang_analyzer_eval(object->One::getZero() == 0); // expected-warning{{TRUE}} clang_analyzer_eval(object->A::getZero() == 0); // expected-warning{{TRUE}} } } namespace rdar12409977 { struct Base { int x; }; struct Parent : public Base { virtual Parent *vGetThis(); Parent *getThis() { return vGetThis(); } }; struct Child : public Parent { virtual Child *vGetThis() { return this; } }; void test() { Child obj; obj.x = 42; // Originally, calling a devirtualized method with a covariant return type // caused a crash because the return value had the wrong type. When we then // go to layer a CXXBaseObjectRegion on it, the base isn't a direct base of // the object region and we get an assertion failure. clang_analyzer_eval(obj.getThis()->x == 42); // expected-warning{{TRUE}} } } namespace bug16307 { void one_argument(int a) { } void call_with_less() { reinterpret_cast(one_argument)(); // expected-warning{{Function taking 1 argument}} } } @ 1.1.1.1 log @Import Clang 3.4rc1 r195771. @ text @@ 1.1.1.2 log @Import Clang 3.5svn r201163. @ text @d1 1 a1 1 // RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.Malloc,debug.ExprInspection -analyzer-config ipa=inlining -analyzer-config c++-allocator-inlining=true -verify %s a11 1 clang_analyzer_checkInlined(true);// expected-warning{{TRUE}} @ 1.1.1.3 log @Import Clang 3.8.0rc3 r261930. @ text @d278 1 a278 1 } a302 7 const void * const void_string = "abc"; void testBitcastedString() { clang_analyzer_eval(0 != void_string); // expected-warning{{TRUE}} clang_analyzer_eval('b' == ((char *)void_string)[1]); // expected-warning{{TRUE}} } @ 1.1.1.3.2.1 log @Sync with HEAD @ text @d444 1 a444 1 reinterpret_cast(one_argument)(); // expected-warning{{Function taking 1 argument is called with fewer (0)}} @ 1.1.1.4 log @Import Clang pre-4.0.0 r291444. @ text @d444 1 a444 1 reinterpret_cast(one_argument)(); // expected-warning{{Function taking 1 argument is called with fewer (0)}} @ 1.1.1.5 log @Import clang r309604 from branches/release_50 @ text @d1 1 a1 1 // RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.Malloc,debug.ExprInspection -analyzer-config ipa=inlining -analyzer-config c++-allocator-inlining=true -verify %s @ 1.1.1.5.4.1 log @Sync with HEAD @ text @d318 4 a321 1 clang_analyzer_checkInlined(true); // expected-warning{{TRUE}} d327 2 a328 1 clang_analyzer_eval(obj->value == 42); // expected-warning{{TRUE}} d338 2 a339 3 clang_analyzer_eval(obj->value == 42); // expected-warning{{TRUE}} // Because malloc() was never free()d: // expected-warning@@-2{{Potential leak of memory pointed to by 'alias'}} @ 1.1.1.5.4.2 log @Mostly merge changes from HEAD upto 20200411 @ text @@ 1.1.1.5.2.1 log @Sync with HEAD @ text @d318 4 a321 1 clang_analyzer_checkInlined(true); // expected-warning{{TRUE}} d327 2 a328 1 clang_analyzer_eval(obj->value == 42); // expected-warning{{TRUE}} d338 2 a339 3 clang_analyzer_eval(obj->value == 42); // expected-warning{{TRUE}} // Because malloc() was never free()d: // expected-warning@@-2{{Potential leak of memory pointed to by 'alias'}} @ 1.1.1.6 log @Import clang r337282 from trunk @ text @d318 4 a321 1 clang_analyzer_checkInlined(true); // expected-warning{{TRUE}} d327 2 a328 1 clang_analyzer_eval(obj->value == 42); // expected-warning{{TRUE}} d338 2 a339 3 clang_analyzer_eval(obj->value == 42); // expected-warning{{TRUE}} // Because malloc() was never free()d: // expected-warning@@-2{{Potential leak of memory pointed to by 'alias'}} @ 1.1.1.7 log @Mark old LLVM instance as dead. @ text @@ 1.1.1.2.8.1 log @file inline.cpp was added on branch tls-maxphys on 2014-08-19 23:47:35 +0000 @ text @d1 439 @ 1.1.1.2.8.2 log @Rebase to HEAD as of a few days ago. @ text @a0 439 // RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.Malloc,debug.ExprInspection -analyzer-config ipa=inlining -analyzer-config c++-allocator-inlining=true -verify %s void clang_analyzer_eval(bool); void clang_analyzer_checkInlined(bool); typedef __typeof__(sizeof(int)) size_t; extern "C" void *malloc(size_t); // This is the standard placement new. inline void* operator new(size_t, void* __p) throw() { clang_analyzer_checkInlined(true);// expected-warning{{TRUE}} return __p; } class A { public: int getZero() { return 0; } virtual int getNum() { return 0; } }; void test(A &a) { clang_analyzer_eval(a.getZero() == 0); // expected-warning{{TRUE}} clang_analyzer_eval(a.getNum() == 0); // expected-warning{{UNKNOWN}} A copy(a); clang_analyzer_eval(copy.getZero() == 0); // expected-warning{{TRUE}} clang_analyzer_eval(copy.getNum() == 0); // expected-warning{{TRUE}} } class One : public A { public: virtual int getNum() { return 1; } }; void testPathSensitivity(int x) { A a; One b; A *ptr; switch (x) { case 0: ptr = &a; break; case 1: ptr = &b; break; default: return; } // This should be true on both branches. clang_analyzer_eval(ptr->getNum() == x); // expected-warning {{TRUE}} } namespace PureVirtualParent { class Parent { public: virtual int pureVirtual() const = 0; int callVirtual() const { return pureVirtual(); } }; class Child : public Parent { public: virtual int pureVirtual() const { clang_analyzer_checkInlined(true); // expected-warning{{TRUE}} return 42; } }; void testVirtual() { Child x; clang_analyzer_eval(x.pureVirtual() == 42); // expected-warning{{TRUE}} clang_analyzer_eval(x.callVirtual() == 42); // expected-warning{{TRUE}} } } namespace PR13569 { class Parent { protected: int m_parent; virtual int impl() const = 0; Parent() : m_parent(0) {} public: int interface() const { clang_analyzer_checkInlined(true); // expected-warning{{TRUE}} return impl(); } }; class Child : public Parent { protected: virtual int impl() const { clang_analyzer_checkInlined(true); // expected-warning{{TRUE}} return m_parent + m_child; } public: Child() : m_child(0) {} int m_child; }; void testVirtual() { Child x; x.m_child = 42; // Don't crash when inlining and devirtualizing. x.interface(); } class Grandchild : public Child {}; void testDevirtualizeToMiddle() { Grandchild x; x.m_child = 42; // Don't crash when inlining and devirtualizing. x.interface(); } } namespace PR13569_virtual { class Parent { protected: int m_parent; virtual int impl() const = 0; Parent() : m_parent(0) {} public: int interface() const { clang_analyzer_checkInlined(true); // expected-warning{{TRUE}} return impl(); } }; class Child : virtual public Parent { protected: virtual int impl() const { clang_analyzer_checkInlined(true); // expected-warning{{TRUE}} return m_parent + m_child; } public: Child() : m_child(0) {} int m_child; }; void testVirtual() { Child x; x.m_child = 42; // Don't crash when inlining and devirtualizing. x.interface(); } class Grandchild : virtual public Child {}; void testDevirtualizeToMiddle() { Grandchild x; x.m_child = 42; // Don't crash when inlining and devirtualizing. x.interface(); } } namespace Invalidation { struct X { void touch(int &x) const { x = 0; } void touch2(int &x) const; virtual void touchV(int &x) const { x = 0; } virtual void touchV2(int &x) const; int test() const { // We were accidentally not invalidating under inlining // at one point for virtual methods with visible definitions. int a, b, c, d; touch(a); touch2(b); touchV(c); touchV2(d); return a + b + c + d; // no-warning } }; } namespace DefaultArgs { int takesDefaultArgs(int i = 42) { return -i; } void testFunction() { clang_analyzer_eval(takesDefaultArgs(1) == -1); // expected-warning{{TRUE}} clang_analyzer_eval(takesDefaultArgs() == -42); // expected-warning{{TRUE}} } class Secret { public: static const int value = 40 + 2; int get(int i = value) { return i; } }; void testMethod() { Secret obj; clang_analyzer_eval(obj.get(1) == 1); // expected-warning{{TRUE}} clang_analyzer_eval(obj.get() == 42); // expected-warning{{TRUE}} clang_analyzer_eval(Secret::value == 42); // expected-warning{{TRUE}} } enum ABC { A = 0, B = 1, C = 2 }; int enumUser(ABC input = B) { return static_cast(input); } void testEnum() { clang_analyzer_eval(enumUser(C) == 2); // expected-warning{{TRUE}} clang_analyzer_eval(enumUser() == 1); // expected-warning{{TRUE}} } int exprUser(int input = 2 * 4) { return input; } int complicatedExprUser(int input = 2 * Secret::value) { return input; } void testExprs() { clang_analyzer_eval(exprUser(1) == 1); // expected-warning{{TRUE}} clang_analyzer_eval(exprUser() == 8); // expected-warning{{TRUE}} clang_analyzer_eval(complicatedExprUser(1) == 1); // expected-warning{{TRUE}} clang_analyzer_eval(complicatedExprUser() == 84); // expected-warning{{TRUE}} } int defaultReference(const int &input = 42) { return -input; } int defaultReferenceZero(const int &input = 0) { return -input; } void testReference() { clang_analyzer_eval(defaultReference(1) == -1); // expected-warning{{TRUE}} clang_analyzer_eval(defaultReference() == -42); // expected-warning{{TRUE}} clang_analyzer_eval(defaultReferenceZero(1) == -1); // expected-warning{{TRUE}} clang_analyzer_eval(defaultReferenceZero() == 0); // expected-warning{{TRUE}} } double defaultFloatReference(const double &i = 42) { return -i; } double defaultFloatReferenceZero(const double &i = 0) { return -i; } void testFloatReference() { clang_analyzer_eval(defaultFloatReference(1) == -1); // expected-warning{{UNKNOWN}} clang_analyzer_eval(defaultFloatReference() == -42); // expected-warning{{UNKNOWN}} clang_analyzer_eval(defaultFloatReferenceZero(1) == -1); // expected-warning{{UNKNOWN}} clang_analyzer_eval(defaultFloatReferenceZero() == 0); // expected-warning{{UNKNOWN}} } char defaultString(const char *s = "abc") { return s[1]; } void testString() { clang_analyzer_eval(defaultString("xyz") == 'y'); // expected-warning{{TRUE}} clang_analyzer_eval(defaultString() == 'b'); // expected-warning{{TRUE}} } } namespace OperatorNew { class IntWrapper { public: int value; IntWrapper(int input) : value(input) { // We don't want this constructor to be inlined unless we can actually // use the proper region for operator new. // See PR12014 and . clang_analyzer_checkInlined(false); // no-warning } }; void test() { IntWrapper *obj = new IntWrapper(42); // should be TRUE clang_analyzer_eval(obj->value == 42); // expected-warning{{UNKNOWN}} delete obj; } void testPlacement() { IntWrapper *obj = static_cast(malloc(sizeof(IntWrapper))); IntWrapper *alias = new (obj) IntWrapper(42); clang_analyzer_eval(alias == obj); // expected-warning{{TRUE}} // should be TRUE clang_analyzer_eval(obj->value == 42); // expected-warning{{UNKNOWN}} } } namespace VirtualWithSisterCasts { // This entire set of tests exercises casts from sister classes and // from classes outside the hierarchy, which can very much confuse // code that uses DynamicTypeInfo or needs to construct CXXBaseObjectRegions. // These examples used to cause crashes in +Asserts builds. struct Parent { virtual int foo(); int x; }; struct A : Parent { virtual int foo() { return 42; } }; struct B : Parent { virtual int foo(); }; struct Grandchild : public A {}; struct Unrelated {}; void testDowncast(Parent *b) { A *a = (A *)(void *)b; clang_analyzer_eval(a->foo() == 42); // expected-warning{{UNKNOWN}} a->x = 42; clang_analyzer_eval(a->x == 42); // expected-warning{{TRUE}} } void testRelated(B *b) { A *a = (A *)(void *)b; clang_analyzer_eval(a->foo() == 42); // expected-warning{{UNKNOWN}} a->x = 42; clang_analyzer_eval(a->x == 42); // expected-warning{{TRUE}} } void testUnrelated(Unrelated *b) { A *a = (A *)(void *)b; clang_analyzer_eval(a->foo() == 42); // expected-warning{{UNKNOWN}} a->x = 42; clang_analyzer_eval(a->x == 42); // expected-warning{{TRUE}} } void testCastViaNew(B *b) { Grandchild *g = new (b) Grandchild(); clang_analyzer_eval(g->foo() == 42); // expected-warning{{TRUE}} g->x = 42; clang_analyzer_eval(g->x == 42); // expected-warning{{TRUE}} } } namespace QualifiedCalls { void test(One *object) { // This uses the One class from the top of the file. clang_analyzer_eval(object->getNum() == 1); // expected-warning{{UNKNOWN}} clang_analyzer_eval(object->One::getNum() == 1); // expected-warning{{TRUE}} clang_analyzer_eval(object->A::getNum() == 0); // expected-warning{{TRUE}} // getZero is non-virtual. clang_analyzer_eval(object->getZero() == 0); // expected-warning{{TRUE}} clang_analyzer_eval(object->One::getZero() == 0); // expected-warning{{TRUE}} clang_analyzer_eval(object->A::getZero() == 0); // expected-warning{{TRUE}} } } namespace rdar12409977 { struct Base { int x; }; struct Parent : public Base { virtual Parent *vGetThis(); Parent *getThis() { return vGetThis(); } }; struct Child : public Parent { virtual Child *vGetThis() { return this; } }; void test() { Child obj; obj.x = 42; // Originally, calling a devirtualized method with a covariant return type // caused a crash because the return value had the wrong type. When we then // go to layer a CXXBaseObjectRegion on it, the base isn't a direct base of // the object region and we get an assertion failure. clang_analyzer_eval(obj.getThis()->x == 42); // expected-warning{{TRUE}} } } namespace bug16307 { void one_argument(int a) { } void call_with_less() { reinterpret_cast(one_argument)(); // expected-warning{{Function taking 1 argument}} } } @ 1.1.1.2.4.1 log @file inline.cpp was added on branch yamt-pagecache on 2014-05-22 16:18:34 +0000 @ text @d1 439 @ 1.1.1.2.4.2 log @sync with head. for a reference, the tree before this commit was tagged as yamt-pagecache-tag8. this commit was splitted into small chunks to avoid a limitation of cvs. ("Protocol error: too many arguments") @ text @a0 439 // RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.Malloc,debug.ExprInspection -analyzer-config ipa=inlining -analyzer-config c++-allocator-inlining=true -verify %s void clang_analyzer_eval(bool); void clang_analyzer_checkInlined(bool); typedef __typeof__(sizeof(int)) size_t; extern "C" void *malloc(size_t); // This is the standard placement new. inline void* operator new(size_t, void* __p) throw() { clang_analyzer_checkInlined(true);// expected-warning{{TRUE}} return __p; } class A { public: int getZero() { return 0; } virtual int getNum() { return 0; } }; void test(A &a) { clang_analyzer_eval(a.getZero() == 0); // expected-warning{{TRUE}} clang_analyzer_eval(a.getNum() == 0); // expected-warning{{UNKNOWN}} A copy(a); clang_analyzer_eval(copy.getZero() == 0); // expected-warning{{TRUE}} clang_analyzer_eval(copy.getNum() == 0); // expected-warning{{TRUE}} } class One : public A { public: virtual int getNum() { return 1; } }; void testPathSensitivity(int x) { A a; One b; A *ptr; switch (x) { case 0: ptr = &a; break; case 1: ptr = &b; break; default: return; } // This should be true on both branches. clang_analyzer_eval(ptr->getNum() == x); // expected-warning {{TRUE}} } namespace PureVirtualParent { class Parent { public: virtual int pureVirtual() const = 0; int callVirtual() const { return pureVirtual(); } }; class Child : public Parent { public: virtual int pureVirtual() const { clang_analyzer_checkInlined(true); // expected-warning{{TRUE}} return 42; } }; void testVirtual() { Child x; clang_analyzer_eval(x.pureVirtual() == 42); // expected-warning{{TRUE}} clang_analyzer_eval(x.callVirtual() == 42); // expected-warning{{TRUE}} } } namespace PR13569 { class Parent { protected: int m_parent; virtual int impl() const = 0; Parent() : m_parent(0) {} public: int interface() const { clang_analyzer_checkInlined(true); // expected-warning{{TRUE}} return impl(); } }; class Child : public Parent { protected: virtual int impl() const { clang_analyzer_checkInlined(true); // expected-warning{{TRUE}} return m_parent + m_child; } public: Child() : m_child(0) {} int m_child; }; void testVirtual() { Child x; x.m_child = 42; // Don't crash when inlining and devirtualizing. x.interface(); } class Grandchild : public Child {}; void testDevirtualizeToMiddle() { Grandchild x; x.m_child = 42; // Don't crash when inlining and devirtualizing. x.interface(); } } namespace PR13569_virtual { class Parent { protected: int m_parent; virtual int impl() const = 0; Parent() : m_parent(0) {} public: int interface() const { clang_analyzer_checkInlined(true); // expected-warning{{TRUE}} return impl(); } }; class Child : virtual public Parent { protected: virtual int impl() const { clang_analyzer_checkInlined(true); // expected-warning{{TRUE}} return m_parent + m_child; } public: Child() : m_child(0) {} int m_child; }; void testVirtual() { Child x; x.m_child = 42; // Don't crash when inlining and devirtualizing. x.interface(); } class Grandchild : virtual public Child {}; void testDevirtualizeToMiddle() { Grandchild x; x.m_child = 42; // Don't crash when inlining and devirtualizing. x.interface(); } } namespace Invalidation { struct X { void touch(int &x) const { x = 0; } void touch2(int &x) const; virtual void touchV(int &x) const { x = 0; } virtual void touchV2(int &x) const; int test() const { // We were accidentally not invalidating under inlining // at one point for virtual methods with visible definitions. int a, b, c, d; touch(a); touch2(b); touchV(c); touchV2(d); return a + b + c + d; // no-warning } }; } namespace DefaultArgs { int takesDefaultArgs(int i = 42) { return -i; } void testFunction() { clang_analyzer_eval(takesDefaultArgs(1) == -1); // expected-warning{{TRUE}} clang_analyzer_eval(takesDefaultArgs() == -42); // expected-warning{{TRUE}} } class Secret { public: static const int value = 40 + 2; int get(int i = value) { return i; } }; void testMethod() { Secret obj; clang_analyzer_eval(obj.get(1) == 1); // expected-warning{{TRUE}} clang_analyzer_eval(obj.get() == 42); // expected-warning{{TRUE}} clang_analyzer_eval(Secret::value == 42); // expected-warning{{TRUE}} } enum ABC { A = 0, B = 1, C = 2 }; int enumUser(ABC input = B) { return static_cast(input); } void testEnum() { clang_analyzer_eval(enumUser(C) == 2); // expected-warning{{TRUE}} clang_analyzer_eval(enumUser() == 1); // expected-warning{{TRUE}} } int exprUser(int input = 2 * 4) { return input; } int complicatedExprUser(int input = 2 * Secret::value) { return input; } void testExprs() { clang_analyzer_eval(exprUser(1) == 1); // expected-warning{{TRUE}} clang_analyzer_eval(exprUser() == 8); // expected-warning{{TRUE}} clang_analyzer_eval(complicatedExprUser(1) == 1); // expected-warning{{TRUE}} clang_analyzer_eval(complicatedExprUser() == 84); // expected-warning{{TRUE}} } int defaultReference(const int &input = 42) { return -input; } int defaultReferenceZero(const int &input = 0) { return -input; } void testReference() { clang_analyzer_eval(defaultReference(1) == -1); // expected-warning{{TRUE}} clang_analyzer_eval(defaultReference() == -42); // expected-warning{{TRUE}} clang_analyzer_eval(defaultReferenceZero(1) == -1); // expected-warning{{TRUE}} clang_analyzer_eval(defaultReferenceZero() == 0); // expected-warning{{TRUE}} } double defaultFloatReference(const double &i = 42) { return -i; } double defaultFloatReferenceZero(const double &i = 0) { return -i; } void testFloatReference() { clang_analyzer_eval(defaultFloatReference(1) == -1); // expected-warning{{UNKNOWN}} clang_analyzer_eval(defaultFloatReference() == -42); // expected-warning{{UNKNOWN}} clang_analyzer_eval(defaultFloatReferenceZero(1) == -1); // expected-warning{{UNKNOWN}} clang_analyzer_eval(defaultFloatReferenceZero() == 0); // expected-warning{{UNKNOWN}} } char defaultString(const char *s = "abc") { return s[1]; } void testString() { clang_analyzer_eval(defaultString("xyz") == 'y'); // expected-warning{{TRUE}} clang_analyzer_eval(defaultString() == 'b'); // expected-warning{{TRUE}} } } namespace OperatorNew { class IntWrapper { public: int value; IntWrapper(int input) : value(input) { // We don't want this constructor to be inlined unless we can actually // use the proper region for operator new. // See PR12014 and . clang_analyzer_checkInlined(false); // no-warning } }; void test() { IntWrapper *obj = new IntWrapper(42); // should be TRUE clang_analyzer_eval(obj->value == 42); // expected-warning{{UNKNOWN}} delete obj; } void testPlacement() { IntWrapper *obj = static_cast(malloc(sizeof(IntWrapper))); IntWrapper *alias = new (obj) IntWrapper(42); clang_analyzer_eval(alias == obj); // expected-warning{{TRUE}} // should be TRUE clang_analyzer_eval(obj->value == 42); // expected-warning{{UNKNOWN}} } } namespace VirtualWithSisterCasts { // This entire set of tests exercises casts from sister classes and // from classes outside the hierarchy, which can very much confuse // code that uses DynamicTypeInfo or needs to construct CXXBaseObjectRegions. // These examples used to cause crashes in +Asserts builds. struct Parent { virtual int foo(); int x; }; struct A : Parent { virtual int foo() { return 42; } }; struct B : Parent { virtual int foo(); }; struct Grandchild : public A {}; struct Unrelated {}; void testDowncast(Parent *b) { A *a = (A *)(void *)b; clang_analyzer_eval(a->foo() == 42); // expected-warning{{UNKNOWN}} a->x = 42; clang_analyzer_eval(a->x == 42); // expected-warning{{TRUE}} } void testRelated(B *b) { A *a = (A *)(void *)b; clang_analyzer_eval(a->foo() == 42); // expected-warning{{UNKNOWN}} a->x = 42; clang_analyzer_eval(a->x == 42); // expected-warning{{TRUE}} } void testUnrelated(Unrelated *b) { A *a = (A *)(void *)b; clang_analyzer_eval(a->foo() == 42); // expected-warning{{UNKNOWN}} a->x = 42; clang_analyzer_eval(a->x == 42); // expected-warning{{TRUE}} } void testCastViaNew(B *b) { Grandchild *g = new (b) Grandchild(); clang_analyzer_eval(g->foo() == 42); // expected-warning{{TRUE}} g->x = 42; clang_analyzer_eval(g->x == 42); // expected-warning{{TRUE}} } } namespace QualifiedCalls { void test(One *object) { // This uses the One class from the top of the file. clang_analyzer_eval(object->getNum() == 1); // expected-warning{{UNKNOWN}} clang_analyzer_eval(object->One::getNum() == 1); // expected-warning{{TRUE}} clang_analyzer_eval(object->A::getNum() == 0); // expected-warning{{TRUE}} // getZero is non-virtual. clang_analyzer_eval(object->getZero() == 0); // expected-warning{{TRUE}} clang_analyzer_eval(object->One::getZero() == 0); // expected-warning{{TRUE}} clang_analyzer_eval(object->A::getZero() == 0); // expected-warning{{TRUE}} } } namespace rdar12409977 { struct Base { int x; }; struct Parent : public Base { virtual Parent *vGetThis(); Parent *getThis() { return vGetThis(); } }; struct Child : public Parent { virtual Child *vGetThis() { return this; } }; void test() { Child obj; obj.x = 42; // Originally, calling a devirtualized method with a covariant return type // caused a crash because the return value had the wrong type. When we then // go to layer a CXXBaseObjectRegion on it, the base isn't a direct base of // the object region and we get an assertion failure. clang_analyzer_eval(obj.getThis()->x == 42); // expected-warning{{TRUE}} } } namespace bug16307 { void one_argument(int a) { } void call_with_less() { reinterpret_cast(one_argument)(); // expected-warning{{Function taking 1 argument}} } } @