mirror of
https://github.com/capstone-engine/llvm-capstone.git
synced 2024-12-13 19:24:21 +00:00
1c8f999e0b
iAs listed in the summary D77846, we have 5 different categories of bugs we're checking for in CallAndMessage. I think the documentation placed in the code explains my thought process behind my decisions quite well. A non-obvious change I had here is removing the entry for CallAndMessageUnInitRefArg. In fact, I removed the CheckerNameRef typed field back in D77845 (it was dead code), so that checker didn't really exist in any meaningful way anyways. Differential Revision: https://reviews.llvm.org/D77866
173 lines
7.1 KiB
C++
173 lines
7.1 KiB
C++
// RUN: %clang_analyze_cc1 %s -verify=fn-pointer \
|
|
// RUN: -analyzer-checker=core \
|
|
// RUN: -analyzer-config core.CallAndMessage:FunctionPointer=true \
|
|
// RUN: -analyzer-config core.CallAndMessage:ParameterCount=false \
|
|
// RUN: -analyzer-config core.CallAndMessage:CXXThisMethodCall=false \
|
|
// RUN: -analyzer-config core.CallAndMessage:CXXDeallocationArg=false \
|
|
// RUN: -analyzer-config core.CallAndMessage:ArgInitializedness=false \
|
|
// RUN: -analyzer-config core.CallAndMessage:ArgPointeeInitializedness=false \
|
|
// RUN: -analyzer-config core.CallAndMessage:NilReceiver=false \
|
|
// RUN: -analyzer-config core.CallAndMessage:UndefReceiver=false
|
|
|
|
// RUN: %clang_analyze_cc1 %s -verify=param-count \
|
|
// RUN: -analyzer-checker=core \
|
|
// RUN: -analyzer-config core.CallAndMessage:FunctionPointer=false \
|
|
// RUN: -analyzer-config core.CallAndMessage:ParameterCount=true \
|
|
// RUN: -analyzer-config core.CallAndMessage:CXXThisMethodCall=false \
|
|
// RUN: -analyzer-config core.CallAndMessage:CXXDeallocationArg=false \
|
|
// RUN: -analyzer-config core.CallAndMessage:ArgInitializedness=false \
|
|
// RUN: -analyzer-config core.CallAndMessage:ArgPointeeInitializedness=false \
|
|
// RUN: -analyzer-config core.CallAndMessage:NilReceiver=false \
|
|
// RUN: -analyzer-config core.CallAndMessage:UndefReceiver=false
|
|
|
|
// RUN: %clang_analyze_cc1 %s -verify=method \
|
|
// RUN: -analyzer-checker=core \
|
|
// RUN: -analyzer-config core.CallAndMessage:FunctionPointer=false \
|
|
// RUN: -analyzer-config core.CallAndMessage:ParameterCount=false \
|
|
// RUN: -analyzer-config core.CallAndMessage:CXXThisMethodCall=true \
|
|
// RUN: -analyzer-config core.CallAndMessage:CXXDeallocationArg=false \
|
|
// RUN: -analyzer-config core.CallAndMessage:ArgInitializedness=false \
|
|
// RUN: -analyzer-config core.CallAndMessage:ArgPointeeInitializedness=false \
|
|
// RUN: -analyzer-config core.CallAndMessage:NilReceiver=false \
|
|
// RUN: -analyzer-config core.CallAndMessage:UndefReceiver=false
|
|
|
|
// RUN: %clang_analyze_cc1 %s -verify=delete \
|
|
// RUN: -analyzer-checker=core \
|
|
// RUN: -analyzer-config core.CallAndMessage:FunctionPointer=false \
|
|
// RUN: -analyzer-config core.CallAndMessage:ParameterCount=false \
|
|
// RUN: -analyzer-config core.CallAndMessage:CXXThisMethodCall=false \
|
|
// RUN: -analyzer-config core.CallAndMessage:CXXDeallocationArg=true \
|
|
// RUN: -analyzer-config core.CallAndMessage:ArgInitializedness=false \
|
|
// RUN: -analyzer-config core.CallAndMessage:ArgPointeeInitializedness=false \
|
|
// RUN: -analyzer-config core.CallAndMessage:NilReceiver=false \
|
|
// RUN: -analyzer-config core.CallAndMessage:UndefReceiver=false
|
|
|
|
// RUN: %clang_analyze_cc1 %s -verify=arg-init \
|
|
// RUN: -analyzer-checker=core \
|
|
// RUN: -analyzer-config core.CallAndMessage:FunctionPointer=false \
|
|
// RUN: -analyzer-config core.CallAndMessage:ParameterCount=false \
|
|
// RUN: -analyzer-config core.CallAndMessage:CXXThisMethodCall=false \
|
|
// RUN: -analyzer-config core.CallAndMessage:CXXDeallocationArg=false \
|
|
// RUN: -analyzer-config core.CallAndMessage:ArgInitializedness=true \
|
|
// RUN: -analyzer-config core.CallAndMessage:ArgPointeeInitializedness=false \
|
|
// RUN: -analyzer-config core.CallAndMessage:NilReceiver=false \
|
|
// RUN: -analyzer-config core.CallAndMessage:UndefReceiver=false
|
|
|
|
// Testing for ArgPointeeInitializedness is in call-and-message.c.
|
|
|
|
// RUN: %clang_analyze_cc1 %s \
|
|
// RUN: -verify=fn-pointer,param-count,method,delete,arg-init \
|
|
// RUN: -analyzer-checker=core \
|
|
// RUN: -analyzer-output=plist -o %t.plist
|
|
// RUN: cat %t.plist | FileCheck %s
|
|
|
|
namespace function_pointer {
|
|
using Fn = void (*)();
|
|
|
|
void uninit() {
|
|
Fn f;
|
|
f(); // fn-pointer-warning{{Called function pointer is an uninitialized pointer value [core.CallAndMessage]}}
|
|
}
|
|
|
|
void null() {
|
|
Fn f = nullptr;
|
|
f(); // fn-pointer-warning{{Called function pointer is null (null dereference) [core.CallAndMessage]}}
|
|
}
|
|
|
|
// TODO: If this hash ever changes, turn
|
|
// core.CallAndMessage:FunctionPointer from a checker option into a
|
|
// checker, as described in the CallAndMessage comments!
|
|
// CHECK: <key>issue_hash_content_of_line_in_context</key>
|
|
// CHECK-SAME: <string>eb2083c01775eef452afa75728dd4d8f</string>
|
|
// CHECK: <key>issue_hash_content_of_line_in_context</key>
|
|
// CHECK-SAME: <string>407c50d9bedd8db28bf34f9411308100</string>
|
|
|
|
} // namespace function_pointer
|
|
|
|
namespace wrong_param_count {
|
|
using FnOneParam = void (*)(int);
|
|
using FnTwoParam = void (*)(int, int);
|
|
|
|
void f(int, int) {}
|
|
|
|
void wrong_cast() {
|
|
FnTwoParam f1 = f;
|
|
FnOneParam f2 = reinterpret_cast<FnOneParam>(f1);
|
|
f2(5); // param-count-warning{{Function taking 2 arguments is called with fewer (1) [core.CallAndMessage]}}
|
|
}
|
|
|
|
// TODO: If this hash ever changes, turn
|
|
// core.CallAndMessage:ParameterCount from a checker option into a
|
|
// checker, as described in the CallAndMessage comments!
|
|
// CHECK: <key>issue_hash_content_of_line_in_context</key>
|
|
// CHECK-SAME: <string>9ff0e9b728422017945c9d5a673de223</string>
|
|
} // namespace wrong_param_count
|
|
|
|
namespace method_call {
|
|
struct A {
|
|
void m();
|
|
};
|
|
|
|
void uninit() {
|
|
A *a;
|
|
a->m(); // method-warning{{Called C++ object pointer is uninitialized [core.CallAndMessage]}}
|
|
}
|
|
|
|
// TODO: If this hash ever changes, turn
|
|
// core.CallAndMessage:CXXThisMethodCall from a checker option into a
|
|
// checker, as described in the CallAndMessage comments!
|
|
// CHECK: <key>issue_hash_content_of_line_in_context</key>
|
|
// CHECK-SAME: <string>7bc35c70465837948a3f5018f27b21cd</string>
|
|
|
|
void null() {
|
|
A *a = nullptr;
|
|
a->m(); // method-warning{{Called C++ object pointer is null [core.CallAndMessage]}}
|
|
}
|
|
|
|
// TODO: If this hash ever changes, turn
|
|
// core.CallAndMessage:CXXThisMethodCall from a checker option into a
|
|
// checker, as described in the CallAndMessage comments!
|
|
// CHECK: <key>issue_hash_content_of_line_in_context</key>
|
|
// CHECK-SAME: <string>8ec260c9ef11d7c51fa872212df1163f</string>
|
|
} // namespace method_call
|
|
|
|
namespace operator_delete {
|
|
void f() {
|
|
int *i;
|
|
delete i; // delete-warning{{Argument to 'delete' is uninitialized [core.CallAndMessage]}}
|
|
}
|
|
|
|
// TODO: If this hash ever changes, turn
|
|
// core.CallAndMessage:CXXDeallocationArg from a checker option into a
|
|
// checker, as described in the CallAndMessage comments!
|
|
// CHECK: <key>issue_hash_content_of_line_in_context</key>
|
|
// CHECK-SAME: <string>a8ff99ebaa8746457d3e14af8ef7e75c</string>
|
|
} // namespace operator_delete
|
|
|
|
namespace uninit_arg {
|
|
template <class T>
|
|
void consume(T);
|
|
|
|
void fundamental_uninit() {
|
|
int i;
|
|
consume(i); // arg-init-warning{{1st function call argument is an uninitialized value [core.CallAndMessage]}}
|
|
}
|
|
|
|
struct A {
|
|
int i;
|
|
};
|
|
|
|
void record_uninit() {
|
|
A a;
|
|
consume(a); // arg-init-warning{{Passed-by-value struct argument contains uninitialized data (e.g., field: 'i') [core.CallAndMessage]}}
|
|
}
|
|
|
|
// TODO: If this hash ever changes, turn
|
|
// core.CallAndMessage:ArgInitializedness from a checker option into a
|
|
// checker, as described in the CallAndMessage comments!
|
|
// CHECK: <key>issue_hash_content_of_line_in_context</key>
|
|
// CHECK-SAME: <string>a46bb5c1ee44d4611ffeb13f7f499605</string>
|
|
// CHECK: <key>issue_hash_content_of_line_in_context</key>
|
|
// CHECK-SAME: <string>e0e0d30ea5a7b2e3a71e1931fa0768a5</string>
|
|
} // namespace uninit_arg
|