mirror of
https://github.com/capstone-engine/llvm-capstone.git
synced 2025-01-15 12:39:19 +00:00
6cee434ed1
Allow attaching fixit hints to Static Analyzer BugReports. Fixits are attached either to the bug report itself or to its notes (path-sensitive event notes or path-insensitive extra notes). Add support for fixits in text output (including the default text output that goes without notes, as long as the fixit "belongs" to the warning). Add support for fixits in the plist output mode. Implement a fixit for the path-insensitive DeadStores checker. Only dead initialization warning is currently covered. Implement a fixit for the path-sensitive VirtualCall checker when the virtual method is not pure virtual (in this case the "fix" is to suppress the warning by qualifying the call). Both fixits are under an off-by-default flag for now, because they require more careful testing. Differential Revision: https://reviews.llvm.org/D65182 llvm-svn: 371257
593 lines
10 KiB
XML
593 lines
10 KiB
XML
// RUN: %clang_analyze_cc1 -triple x86_64-apple-darwin10 -analyzer-checker=core,deadcode.DeadStores,osx.cocoa.RetainCount,unix.Malloc,unix.MismatchedDeallocator -analyzer-output=plist -analyzer-config deadcode.DeadStores:ShowFixIts=true -o %t -w %s
|
||
// RUN: %normalize_plist <%t | diff -ub %S/Inputs/expected-plists/edges-new.mm.plist -
|
||
|
||
//===----------------------------------------------------------------------===//
|
||
// Forward declarations (from headers).
|
||
//===----------------------------------------------------------------------===//
|
||
|
||
typedef const struct __CFNumber * CFNumberRef;
|
||
typedef const struct __CFAllocator * CFAllocatorRef;
|
||
extern const CFAllocatorRef kCFAllocatorDefault;
|
||
typedef signed long CFIndex;
|
||
enum {
|
||
kCFNumberSInt8Type = 1,
|
||
kCFNumberSInt16Type = 2,
|
||
kCFNumberSInt32Type = 3,
|
||
kCFNumberSInt64Type = 4,
|
||
kCFNumberFloat32Type = 5,
|
||
kCFNumberFloat64Type = 6,
|
||
kCFNumberCharType = 7,
|
||
kCFNumberShortType = 8,
|
||
kCFNumberIntType = 9,
|
||
kCFNumberLongType = 10,
|
||
kCFNumberLongLongType = 11,
|
||
kCFNumberFloatType = 12,
|
||
kCFNumberDoubleType = 13,
|
||
kCFNumberCFIndexType = 14,
|
||
kCFNumberNSIntegerType = 15,
|
||
kCFNumberCGFloatType = 16,
|
||
kCFNumberMaxType = 16
|
||
};
|
||
typedef CFIndex CFNumberType;
|
||
CFNumberRef CFNumberCreate(CFAllocatorRef allocator, CFNumberType theType, const void *valuePtr);
|
||
|
||
#define nil ((id)0)
|
||
|
||
__attribute__((objc_root_class))
|
||
@interface NSObject
|
||
+ (instancetype) alloc;
|
||
- (instancetype) init;
|
||
- (instancetype)retain;
|
||
- (void)release;
|
||
@end
|
||
|
||
@interface NSArray : NSObject
|
||
@end
|
||
|
||
//===----------------------------------------------------------------------===//
|
||
// Basic tracking of null and tests for null.
|
||
//===----------------------------------------------------------------------===//
|
||
|
||
void test_null_init(void) {
|
||
int *p = 0;
|
||
*p = 0xDEADBEEF;
|
||
}
|
||
|
||
void test_null_assign(void) {
|
||
int *p;
|
||
p = 0;
|
||
*p = 0xDEADBEEF;
|
||
}
|
||
|
||
void test_null_assign_transitive(void) {
|
||
int *p;
|
||
p = 0;
|
||
int *q = p;
|
||
*q = 0xDEADBEEF;
|
||
}
|
||
|
||
void test_null_cond(int *p) {
|
||
if (!p) {
|
||
*p = 0xDEADBEEF;
|
||
}
|
||
}
|
||
|
||
void test_null_cond_transitive(int *q) {
|
||
if (!q) {
|
||
int *p = q;
|
||
*p = 0xDEADBEEF;
|
||
}
|
||
}
|
||
|
||
void test_null_field(void) {
|
||
struct s { int *p; } x;
|
||
x.p = 0;
|
||
*(x.p) = 0xDEADBEEF;
|
||
}
|
||
|
||
void test_assumptions(int a, int b)
|
||
{
|
||
if (a == 0) {
|
||
return;
|
||
}
|
||
if (b != 0) {
|
||
return;
|
||
}
|
||
int *p = 0;
|
||
*p = 0xDEADBEEF;
|
||
}
|
||
|
||
int *bar_cond_assign();
|
||
int test_cond_assign() {
|
||
int *p;
|
||
if ((p = bar_cond_assign()))
|
||
return 1;
|
||
return *p;
|
||
}
|
||
|
||
//===----------------------------------------------------------------------===//
|
||
// Diagnostics for leaks and "noreturn" paths.
|
||
//===----------------------------------------------------------------------===//
|
||
|
||
|
||
// <rdar://problem/8331641> leak reports should not show paths that end with exit() (but ones that don't end with exit())
|
||
|
||
void stop() __attribute__((noreturn));
|
||
|
||
void rdar8331641(int x) {
|
||
signed z = 1;
|
||
CFNumberRef value = CFNumberCreate(kCFAllocatorDefault, kCFNumberSInt32Type, &z); // expected-warning{{leak}}
|
||
if (x)
|
||
stop();
|
||
(void) value;
|
||
}
|
||
|
||
//===----------------------------------------------------------------------===//
|
||
// Test loops and control-flow.
|
||
//===----------------------------------------------------------------------===//
|
||
|
||
void test_objc_fast_enumeration(NSArray *x) {
|
||
id obj;
|
||
for (obj in x)
|
||
*(volatile int *)0 = 0;
|
||
}
|
||
|
||
void test_objc_fast_enumeration_2(id arr) {
|
||
int x;
|
||
for (id obj in arr) {
|
||
x = 1;
|
||
}
|
||
x += 1;
|
||
}
|
||
|
||
// Test that loops are documented in the path.
|
||
void rdar12280665() {
|
||
for (unsigned i = 0; i < 2; ++i) {
|
||
if (i == 1) {
|
||
int *p = 0;
|
||
*p = 0xDEADBEEF; // expected-warning {{dereference}}
|
||
}
|
||
}
|
||
}
|
||
|
||
// Test for a "loop executed 0 times" diagnostic.
|
||
int *radar12322528_bar();
|
||
|
||
void radar12322528_for(int x) {
|
||
int z;
|
||
int *p = 0;
|
||
for (unsigned i = 0; i < x; ++i) {
|
||
p = radar12322528_bar();
|
||
}
|
||
*p = 0xDEADBEEF;
|
||
}
|
||
|
||
void radar12322528_while(int x) {
|
||
int *p = 0;
|
||
unsigned i = 0;
|
||
for ( ; i < x ; ) {
|
||
++i;
|
||
p = radar12322528_bar();
|
||
}
|
||
*p = 0xDEADBEEF;
|
||
}
|
||
|
||
void radar12322528_foo_2() {
|
||
int *p = 0;
|
||
for (unsigned i = 0; i < 2; ++i) {
|
||
if (i == 0)
|
||
continue;
|
||
|
||
if (i == 1) {
|
||
|
||
break;
|
||
}
|
||
}
|
||
*p = 0xDEADBEEF;
|
||
}
|
||
|
||
void test_loop_diagnostics() {
|
||
int *p = 0;
|
||
for (int i = 0; i < 2; ++i) { p = 0; }
|
||
*p = 1;
|
||
}
|
||
|
||
void test_loop_diagnostics_2() {
|
||
int *p = 0;
|
||
|
||
for (int i = 0; i < 2; ) {
|
||
|
||
++i;
|
||
|
||
p = 0;
|
||
|
||
}
|
||
|
||
*p = 1;
|
||
}
|
||
|
||
void test_loop_diagnostics_3() {
|
||
int z;
|
||
int y;
|
||
int k;
|
||
int *p = 0;
|
||
int i = 0;
|
||
while (i < 2) {
|
||
++i;
|
||
p = 0;
|
||
}
|
||
* p = 1;
|
||
}
|
||
|
||
void test_do_while() {
|
||
unsigned i = 0;
|
||
|
||
int *p;
|
||
|
||
do {
|
||
|
||
++i;
|
||
p = 0;
|
||
|
||
} while (i< 2);
|
||
|
||
*p = 0xDEADBEEF;
|
||
}
|
||
|
||
|
||
void test_logical_and() {
|
||
int *p = 0;
|
||
if (1 && 2) {
|
||
*p = 0xDEADBEEF;
|
||
}
|
||
}
|
||
|
||
void test_logical_or() {
|
||
int *p = 0;
|
||
if (0 || 2) {
|
||
*p = 0xDEADBEEF;
|
||
}
|
||
}
|
||
|
||
void test_logical_or_call() {
|
||
extern int call(int);
|
||
int *p = 0;
|
||
if (call(0 || 2)) {
|
||
*p = 0xDEADBEEF;
|
||
}
|
||
}
|
||
|
||
void test_nested_logicals(int coin) {
|
||
int *p = 0;
|
||
|
||
if ((0 || 0) || coin) {
|
||
*p = 0xDEADBEEF;
|
||
}
|
||
|
||
if (0 || (0 || !coin)) {
|
||
*p = 0xDEADBEEF;
|
||
}
|
||
}
|
||
|
||
void test_deeply_nested_logicals() {
|
||
extern int call(int);
|
||
int *p = 0;
|
||
|
||
if ((0 || (5 && 0)) ? 0 : ((0 || 4) ? call(1 && 5) : 0)) {
|
||
|
||
*p = 0xDEADBEEF;
|
||
}
|
||
}
|
||
|
||
void test_ternary(int x, int *y) {
|
||
int z = x ? 0 : 1;
|
||
|
||
int *p = z ? y : 0;
|
||
|
||
*p = 0xDEADBEEF;
|
||
}
|
||
|
||
void testUseless(int *y) {
|
||
if (y) {
|
||
|
||
}
|
||
if (y) {
|
||
|
||
}
|
||
int *p = 0;
|
||
*p = 0xDEADBEEF;
|
||
}
|
||
|
||
//===----------------------------------------------------------------------===//
|
||
// Interprocedural tests.
|
||
//===----------------------------------------------------------------------===//
|
||
|
||
@interface IPA_Foo
|
||
- (int *) returnsPointer;
|
||
@end
|
||
|
||
int testFoo(IPA_Foo *x) {
|
||
if (x)
|
||
return 1;
|
||
return *[x returnsPointer];
|
||
}
|
||
|
||
@interface IPA_X : NSObject
|
||
- (int *)getPointer;
|
||
@end
|
||
|
||
void test1_IPA_X() {
|
||
IPA_X *x = nil;
|
||
*[x getPointer] = 1; // here
|
||
}
|
||
|
||
|
||
@interface IPA_Y : NSObject
|
||
- (IPA_Y *)opaque;
|
||
- (IPA_X *)getX;
|
||
@end
|
||
|
||
@implementation IPA_Y
|
||
- (IPA_X *)getX {
|
||
return nil;
|
||
}
|
||
@end
|
||
|
||
void test_IPA_Y(IPA_Y *y) {
|
||
if (y)
|
||
return;
|
||
|
||
IPA_X *x = [[y opaque] getX]; // here
|
||
*[x getPointer] = 1;
|
||
}
|
||
|
||
// From diagnostics/report-issues-within-main-file.cpp:
|
||
void causeDivByZeroInMain(int in) {
|
||
int m = 0;
|
||
m = in/m;
|
||
m++;
|
||
}
|
||
|
||
void mainPlusMain() {
|
||
int i = 0;
|
||
i++;
|
||
causeDivByZeroInMain(i);
|
||
i++;
|
||
}
|
||
|
||
// From inlining/path-notes.c:
|
||
int *getZero() {
|
||
int *p = 0;
|
||
return p;
|
||
}
|
||
|
||
void usePointer(int *p) {
|
||
*p = 1;
|
||
}
|
||
|
||
void testUseOfNullPointer() {
|
||
// Test the case where an argument expression is itself a call.
|
||
usePointer(getZero());
|
||
}
|
||
|
||
|
||
//===----------------------------------------------------------------------===//
|
||
// Misc. tests.
|
||
//===----------------------------------------------------------------------===//
|
||
|
||
// Test for tracking null state of ivars.
|
||
@interface RDar12114812 : NSObject { char *p; }
|
||
@end
|
||
@implementation RDar12114812
|
||
- (void)test {
|
||
p = 0;
|
||
*p = 1;
|
||
}
|
||
@end
|
||
|
||
// Test diagnostics for initialization of structs.
|
||
void RDar13295437_f(void *i) __attribute__((__nonnull__));
|
||
struct RDar13295437_S { int *i; };
|
||
int RDar13295437() {
|
||
struct RDar13295437_S s = {0};
|
||
struct RDar13295437_S *sp = &s;
|
||
RDar13295437_f(sp->i);
|
||
return 0;
|
||
}
|
||
|
||
|
||
void testCast(int coin) {
|
||
if (coin) {
|
||
(void)(1+2);
|
||
(void)(2+3);
|
||
(void)(3+4);
|
||
*(volatile int *)0 = 1;
|
||
}
|
||
}
|
||
|
||
// The following previously crashed when generating extensive diagnostics.
|
||
// <rdar://problem/10797980>
|
||
@interface RDar10797980_help
|
||
@property (readonly) int x;
|
||
@end
|
||
@interface RDar10797980 : NSObject {
|
||
RDar10797980_help *y;
|
||
}
|
||
- (void) test;
|
||
@end
|
||
@implementation RDar10797980
|
||
- (void) test {
|
||
if (y.x == 1) {
|
||
int *p = 0;
|
||
*p = 0xDEADBEEF; // expected-warning {{deference}}
|
||
}
|
||
}
|
||
|
||
// The original source for the above Radar contains another problem:
|
||
// if the end-of-path node is an implicit statement, it may not have a valid
|
||
// source location. <rdar://problem/12446776>
|
||
- (void)test2 {
|
||
if (bar_cond_assign()) {
|
||
id foo = [[RDar10797980 alloc] init]; // leak
|
||
}
|
||
(void)y; // first statement after the 'if' is an implicit 'self' DeclRefExpr
|
||
}
|
||
|
||
@end
|
||
|
||
void variousLoops(id input) {
|
||
extern int a();
|
||
extern int b();
|
||
extern int c();
|
||
|
||
extern int work();
|
||
|
||
while (a()) {
|
||
work();
|
||
work();
|
||
work();
|
||
*(volatile int *)0 = 1;
|
||
}
|
||
|
||
int first = 1;
|
||
do {
|
||
work();
|
||
work();
|
||
work();
|
||
if (!first)
|
||
*(volatile int *)0 = 1;
|
||
first = 0;
|
||
} while (a());
|
||
|
||
for (int i = 0; i != b(); ++i) {
|
||
work();
|
||
*(volatile int *)0 = 1;
|
||
}
|
||
|
||
for (id x in input) {
|
||
work();
|
||
work();
|
||
work();
|
||
(void)x;
|
||
*(volatile int *)0 = 1;
|
||
}
|
||
|
||
int z[] = {1,2};
|
||
for (int y : z) {
|
||
work();
|
||
work();
|
||
work();
|
||
(void)y;
|
||
}
|
||
|
||
int empty[] = {};
|
||
for (int y : empty) {
|
||
work();
|
||
work();
|
||
work();
|
||
(void)y;
|
||
}
|
||
|
||
for (int i = 0; ; ++i) {
|
||
work();
|
||
if (i == b())
|
||
break;
|
||
}
|
||
|
||
int i;
|
||
for (i = 0; i != b(); ++i) {
|
||
work();
|
||
*(volatile int *)0 = 1;
|
||
}
|
||
|
||
for (; i != b(); ++i) {
|
||
work();
|
||
*(volatile int *)0 = 1;
|
||
}
|
||
|
||
for (; i != b(); ) {
|
||
work();
|
||
if (i == b())
|
||
break;
|
||
*(volatile int *)0 = 1;
|
||
}
|
||
|
||
for (;;) {
|
||
work();
|
||
if (i == b())
|
||
break;
|
||
}
|
||
|
||
*(volatile int *)0 = 1;
|
||
}
|
||
|
||
void *malloc(unsigned long);
|
||
void *realloc(void *, unsigned long);
|
||
void free(void *);
|
||
|
||
void reallocDiagnostics() {
|
||
char * buf = (char*)malloc(100);
|
||
char * tmp;
|
||
tmp = (char*)realloc(buf, 0x1000000);
|
||
if (!tmp) {
|
||
return;// expected-warning {{leak}}
|
||
}
|
||
buf = tmp;
|
||
free(buf);
|
||
}
|
||
|
||
template <typename T>
|
||
class unique_ptr {
|
||
T *ptr;
|
||
public:
|
||
explicit unique_ptr(T *p) : ptr(p) {}
|
||
~unique_ptr() { delete ptr; }
|
||
};
|
||
|
||
void test() {
|
||
int i = 0;
|
||
++i;
|
||
|
||
unique_ptr<int> p(new int[4]);
|
||
{
|
||
++i;
|
||
}
|
||
}
|
||
|
||
void longLines() {
|
||
id foo = [[NSObject alloc] init]; // leak
|
||
id bar =
|
||
[foo retain];
|
||
[bar release];
|
||
id baz = [foo
|
||
retain];
|
||
[baz release];
|
||
// This next line is intentionally longer than 80 characters.
|
||
id garply = [foo retain];
|
||
[garply release];
|
||
}
|
||
|
||
#define POINTER(T) T*
|
||
POINTER(void) testMacroInFunctionDecl(void *q) {
|
||
int *p = 0;
|
||
*p = 1;
|
||
return q;
|
||
}
|
||
|
||
namespace rdar14960554 {
|
||
class Foo {
|
||
int a = 1;
|
||
int b = 2;
|
||
int c = 3;
|
||
|
||
Foo() :
|
||
a(0),
|
||
c(3) {
|
||
// Check that we don't have an edge to the in-class initializer for 'b'.
|
||
if (b == 2)
|
||
*(volatile int *)0 = 1;
|
||
}
|
||
};
|
||
}
|
||
|