This is an archive of the discontinued LLVM Phabricator instance.

Differential D30341

[analyzer] clarify error messages about uninitialized function arguments
ClosedPublic

Authored by danielmarjamaki on Feb 24 2017, 8:45 AM.

Details

Reviewers
a.sidorin
zaks.anna
NoQ
Commits
rG3d8d6ed01fa0: [analyzer] Clarify 'uninitialized function argument' messages
rC297283: [analyzer] Clarify 'uninitialized function argument' messages
rL297283: [analyzer] Clarify 'uninitialized function argument' messages
Summary

This patch clarify the error messages about uninitialized function arguments.

It can be really hard to see the problem if there are 10-20 arguments like:

printf("debug:....", a, b.c, d, e, ...);

with no info about which argument is uninitialized and with a complicated path to investigate it's hard to see the bug.

Diff Detail

Repository
rL LLVM

Event Timeline

danielmarjamaki created this revision.Feb 24 2017, 8:45 AM
zaks.anna edited edge metadata.Feb 24 2017, 9:53 PM

I agree this can clarify the error message quite a bit!

lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp
160 ↗(On Diff #89677)

Let's use llvm::getOrdinalSuffix() so that we write "1st argument" instead of "argument number '1'".

211 ↗(On Diff #89677)

Have you considered using llvm::raw_svector_ostream here as well as passing it an argument to describeUninitializedArgumentInCall? For example, see MallocChecker.cpp.

danielmarjamaki updated this revision to Diff 90030.Feb 28 2017, 7:27 AM

minor updates. Use llvm::getOrdinalNumber(). Use llvm::Twine.

danielmarjamaki marked an inline comment as done.Feb 28 2017, 7:35 AM
danielmarjamaki added inline comments.
lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp
211 ↗(On Diff #89677)

I changed so describeUninitializedArgumentInCall() returns an llvm::Twine instead of std::string. hope you like it.

zaks.anna added inline comments.Mar 1 2017, 1:32 PM
lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp
211 ↗(On Diff #89677)

I do not think it's safe to use llvm:Twine here. See http://llvm.org/docs/ProgrammersManual.html#the-twine-class

How about using llvm::raw_svector_ostream as I suggested?

danielmarjamaki added inline comments.Mar 2 2017, 2:27 PM
lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp
211 ↗(On Diff #89677)

sure I can use llvm::raw_svector_ostream instead. I can try to update the patch soon.

I just wonder how it is unsafe. I did consider if llvm::Twine would be safe. Is there a particular return that you can point out? The function mostly returns constant string literals. Those should be safe right? Then the function also have a few returns like this:

return llvm::Twine(ArgumentNumber + 1) +
           llvm::getOrdinalSuffix(ArgumentNumber + 1) +
           " function call argument is an uninitialized value";

Yes we need to be careful for such code. However since llvm::getOrdinalSuffix() returns a StringRef this particular code should be safe right?

When the stream is used I have to tweak each return statement. I thought that was a bit unfortunate. But it's not a biggie.

danielmarjamaki added inline comments.Mar 2 2017, 4:00 PM
lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp
211 ↗(On Diff #89677)

After some more reading in the llvm::Twine docs I am also thinking that I misuse it. so I will change the code.

danielmarjamaki updated this revision to Diff 90471.Mar 3 2017, 6:29 AM

Fix review comment

danielmarjamaki marked 2 inline comments as done.Mar 3 2017, 6:30 AM
NoQ edited edge metadata.Mar 3 2017, 2:45 PM

The code looks good to me, but i'm expressing a tiny doubt: regardless of the output format, the user always has the relevant argument highlighted anyway (column number, tilde-underlined in command line, blue-ish box in scan-build, etc.), so the only significant clarification i see is on test files, where the column is not obvious.

If having that information duplicated to the warning message is considered useful (easier to read, catchy), i'm ok with it :)

The definitive document on this debate is https://clang.llvm.org/diagnostics.html : it begins with explicitly encouraging highlights through column numbers and underlines, but it doesn't provide an opinion on including this info in the warning message. So i'm confused.

danielmarjamaki added a comment.Mar 6 2017, 11:43 PM

No the argument is not shown with tilde/column number.

Code example:

void f(int x, ...);

void dostuff() {
  int x[10];
  f(12,3,4,5,x[3],6,7,8);
}

Output:

C:\Users\danielm>\llvm\build\Debug\bin\clang -cc1 -analyze -analyzer-checker=core test3.c
test3.c:6:3: warning: Function call argument is an uninitialized value
  f(12,3,4,5,x[3],6,7,8);
  ^~~~~~~~~~~~~~~~~~~~~~
NoQ accepted this revision.Mar 6 2017, 11:52 PM

Oh well, that's not good. Probably that's because we always highlight the current statement in path-sensitive reports. I guess we could improve upon that in the bug reporter.

This revision is now accepted and ready to land.Mar 6 2017, 11:52 PM
Closed by commit rL297283: [analyzer] Clarify 'uninitialized function argument' messages (authored by danielmarjamaki). · Explain WhyMar 8 2017, 7:34 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
cfe/
trunk/
lib/
StaticAnalyzer/
Checkers/
76 lines
test/
Analysis/
2 lines
diagnostics/
10 lines
2 lines
4 lines
4 lines
2 lines
2 lines
60 lines
24 lines
2 lines
2 lines
2 lines

Diff 91012

cfe/trunk/lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp

Show All 15 Lines
#include "clang/AST/ParentMap.h" #include "clang/AST/ParentMap.h"
#include "clang/Basic/TargetInfo.h" #include "clang/Basic/TargetInfo.h"
#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h" #include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
#include "clang/StaticAnalyzer/Core/Checker.h" #include "clang/StaticAnalyzer/Core/Checker.h"
#include "clang/StaticAnalyzer/Core/CheckerManager.h" #include "clang/StaticAnalyzer/Core/CheckerManager.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h" #include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h" #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
#include "llvm/ADT/SmallString.h" #include "llvm/ADT/SmallString.h"
#include "llvm/ADT/StringExtras.h"
#include "llvm/Support/raw_ostream.h" #include "llvm/Support/raw_ostream.h"
using namespace clang; using namespace clang;
using namespace ento; using namespace ento;
namespace { namespace {
struct ChecksFilter { struct ChecksFilter {
Show All 34 Linespublic:
/// return type and architecture and diagnose if the return value will be /// return type and architecture and diagnose if the return value will be
/// garbage. /// garbage.
void checkObjCMessageNil(const ObjCMethodCall &msg, CheckerContext &C) const; void checkObjCMessageNil(const ObjCMethodCall &msg, CheckerContext &C) const;
void checkPreCall(const CallEvent &Call, CheckerContext &C) const; void checkPreCall(const CallEvent &Call, CheckerContext &C) const;
private: private:
bool PreVisitProcessArg(CheckerContext &C, SVal V, SourceRange ArgRange, bool PreVisitProcessArg(CheckerContext &C, SVal V, SourceRange ArgRange,
const Expr *ArgEx, bool IsFirstArgument, const Expr *ArgEx, int ArgumentNumber,
bool CheckUninitFields, const CallEvent &Call, bool CheckUninitFields, const CallEvent &Call,
std::unique_ptr<BugType> &BT, std::unique_ptr<BugType> &BT,
const ParmVarDecl *ParamDecl) const; const ParmVarDecl *ParamDecl) const;
static void emitBadCall(BugType *BT, CheckerContext &C, const Expr *BadE); static void emitBadCall(BugType *BT, CheckerContext &C, const Expr *BadE);
void emitNilReceiverBug(CheckerContext &C, const ObjCMethodCall &msg, void emitNilReceiverBug(CheckerContext &C, const ObjCMethodCall &msg,
ExplodedNode *N) const; ExplodedNode *N) const;
void HandleNilReceiver(CheckerContext &C, void HandleNilReceiver(CheckerContext &C,
ProgramStateRef state, ProgramStateRef state,
const ObjCMethodCall &msg) const; const ObjCMethodCall &msg) const;
void LazyInit_BT(const char *desc, std::unique_ptr<BugType> &BT) const { void LazyInit_BT(const char *desc, std::unique_ptr<BugType> &BT) const {
if (!BT) if (!BT)
BT.reset(new BuiltinBug(this, desc)); BT.reset(new BuiltinBug(this, desc));
} }
bool uninitRefOrPointer(CheckerContext &C, const SVal &V, bool uninitRefOrPointer(CheckerContext &C, const SVal &V,
SourceRange ArgRange, SourceRange ArgRange, const Expr *ArgEx,
const Expr *ArgEx, std::unique_ptr<BugType> &BT, std::unique_ptr<BugType> &BT,
const ParmVarDecl *ParamDecl, const char *BD) const; const ParmVarDecl *ParamDecl, const char *BD,
int ArgumentNumber) const;
}; };
} // end anonymous namespace } // end anonymous namespace
void CallAndMessageChecker::emitBadCall(BugType *BT, CheckerContext &C, void CallAndMessageChecker::emitBadCall(BugType *BT, CheckerContext &C,
const Expr *BadE) { const Expr *BadE) {
ExplodedNode *N = C.generateErrorNode(); ExplodedNode *N = C.generateErrorNode();
if (!N) if (!N)
return; return;
auto R = llvm::make_unique<BugReport>(*BT, BT->getName(), N); auto R = llvm::make_unique<BugReport>(*BT, BT->getName(), N);
if (BadE) { if (BadE) {
R->addRange(BadE->getSourceRange()); R->addRange(BadE->getSourceRange());
if (BadE->isGLValue()) if (BadE->isGLValue())
BadE = bugreporter::getDerefExpr(BadE); BadE = bugreporter::getDerefExpr(BadE);
bugreporter::trackNullOrUndefValue(N, BadE, *R); bugreporter::trackNullOrUndefValue(N, BadE, *R);
} }
C.emitReport(std::move(R)); C.emitReport(std::move(R));
} }
static StringRef describeUninitializedArgumentInCall(const CallEvent &Call, static void describeUninitializedArgumentInCall(const CallEvent &Call,
bool IsFirstArgument) { int ArgumentNumber,
llvm::raw_svector_ostream &Os) {
switch (Call.getKind()) { switch (Call.getKind()) {
case CE_ObjCMessage: { case CE_ObjCMessage: {
const ObjCMethodCall &Msg = cast<ObjCMethodCall>(Call); const ObjCMethodCall &Msg = cast<ObjCMethodCall>(Call);
switch (Msg.getMessageKind()) { switch (Msg.getMessageKind()) {
case OCM_Message: case OCM_Message:
return "Argument in message expression is an uninitialized value"; Os << (ArgumentNumber + 1) << llvm::getOrdinalSuffix(ArgumentNumber + 1)
<< " argument in message expression is an uninitialized value";
return;
case OCM_PropertyAccess: case OCM_PropertyAccess:
assert(Msg.isSetter() && "Getters have no args"); assert(Msg.isSetter() && "Getters have no args");
return "Argument for property setter is an uninitialized value"; Os << "Argument for property setter is an uninitialized value";
return;
case OCM_Subscript: case OCM_Subscript:
if (Msg.isSetter() && IsFirstArgument) if (Msg.isSetter() && (ArgumentNumber == 0))
return "Argument for subscript setter is an uninitialized value"; Os << "Argument for subscript setter is an uninitialized value";
return "Subscript index is an uninitialized value"; else
Os << "Subscript index is an uninitialized value";
return;
} }
llvm_unreachable("Unknown message kind."); llvm_unreachable("Unknown message kind.");
} }
case CE_Block: case CE_Block:
return "Block call argument is an uninitialized value"; Os << (ArgumentNumber + 1) << llvm::getOrdinalSuffix(ArgumentNumber + 1)
<< " block call argument is an uninitialized value";
return;
default: default:
return "Function call argument is an uninitialized value"; Os << (ArgumentNumber + 1) << llvm::getOrdinalSuffix(ArgumentNumber + 1)
<< " function call argument is an uninitialized value";
return;
} }
} }
bool CallAndMessageChecker::uninitRefOrPointer(CheckerContext &C, bool CallAndMessageChecker::uninitRefOrPointer(
const SVal &V, CheckerContext &C, const SVal &V, SourceRange ArgRange, const Expr *ArgEx,
SourceRange ArgRange, std::unique_ptr<BugType> &BT, const ParmVarDecl *ParamDecl, const char *BD,
const Expr *ArgEx, int ArgumentNumber) const {
std::unique_ptr<BugType> &BT,
const ParmVarDecl *ParamDecl,
const char *BD) const {
if (!Filter.Check_CallAndMessageUnInitRefArg) if (!Filter.Check_CallAndMessageUnInitRefArg)
return false; return false;
// No parameter declaration available, i.e. variadic function argument. // No parameter declaration available, i.e. variadic function argument.
if(!ParamDecl) if(!ParamDecl)
return false; return false;
// If parameter is declared as pointer to const in function declaration, // If parameter is declared as pointer to const in function declaration,
// then check if corresponding argument in function call is // then check if corresponding argument in function call is
// pointing to undefined symbol value (uninitialized memory). // pointing to undefined symbol value (uninitialized memory).
StringRef Message; SmallString<200> Buf;
llvm::raw_svector_ostream Os(Buf);
if (ParamDecl->getType()->isPointerType()) { if (ParamDecl->getType()->isPointerType()) {
Message = "Function call argument is a pointer to uninitialized value"; Os << (ArgumentNumber + 1) << llvm::getOrdinalSuffix(ArgumentNumber + 1)
<< " function call argument is a pointer to uninitialized value";
} else if (ParamDecl->getType()->isReferenceType()) { } else if (ParamDecl->getType()->isReferenceType()) {
Message = "Function call argument is an uninitialized value"; Os << (ArgumentNumber + 1) << llvm::getOrdinalSuffix(ArgumentNumber + 1)
<< " function call argument is an uninitialized value";
} else } else
return false; return false;
if(!ParamDecl->getType()->getPointeeType().isConstQualified()) if(!ParamDecl->getType()->getPointeeType().isConstQualified())
return false; return false;
if (const MemRegion *SValMemRegion = V.getAsRegion()) { if (const MemRegion *SValMemRegion = V.getAsRegion()) {
const ProgramStateRef State = C.getState(); const ProgramStateRef State = C.getState();
const SVal PSV = State->getSVal(SValMemRegion); const SVal PSV = State->getSVal(SValMemRegion);
if (PSV.isUndef()) { if (PSV.isUndef()) {
if (ExplodedNode *N = C.generateErrorNode()) { if (ExplodedNode *N = C.generateErrorNode()) {
LazyInit_BT(BD, BT); LazyInit_BT(BD, BT);
auto R = llvm::make_unique<BugReport>(*BT, Message, N); auto R = llvm::make_unique<BugReport>(*BT, Os.str(), N);
R->addRange(ArgRange); R->addRange(ArgRange);
if (ArgEx) { if (ArgEx) {
bugreporter::trackNullOrUndefValue(N, ArgEx, *R); bugreporter::trackNullOrUndefValue(N, ArgEx, *R);
} }
C.emitReport(std::move(R)); C.emitReport(std::move(R));
} }
return true; return true;
} }
} }
return false; return false;
} }
bool CallAndMessageChecker::PreVisitProcessArg(CheckerContext &C, bool CallAndMessageChecker::PreVisitProcessArg(CheckerContext &C,
SVal V, SVal V,
SourceRange ArgRange, SourceRange ArgRange,
const Expr *ArgEx, const Expr *ArgEx,
bool IsFirstArgument, int ArgumentNumber,
bool CheckUninitFields, bool CheckUninitFields,
const CallEvent &Call, const CallEvent &Call,
std::unique_ptr<BugType> &BT, std::unique_ptr<BugType> &BT,
const ParmVarDecl *ParamDecl const ParmVarDecl *ParamDecl
) const { ) const {
const char *BD = "Uninitialized argument value"; const char *BD = "Uninitialized argument value";
if (uninitRefOrPointer(C, V, ArgRange, ArgEx, BT, ParamDecl, BD)) if (uninitRefOrPointer(C, V, ArgRange, ArgEx, BT, ParamDecl, BD,
ArgumentNumber))
return true; return true;
if (V.isUndef()) { if (V.isUndef()) {
if (ExplodedNode *N = C.generateErrorNode()) { if (ExplodedNode *N = C.generateErrorNode()) {
LazyInit_BT(BD, BT); LazyInit_BT(BD, BT);
// Generate a report for this bug. // Generate a report for this bug.
StringRef Desc = SmallString<200> Buf;
describeUninitializedArgumentInCall(Call, IsFirstArgument); llvm::raw_svector_ostream Os(Buf);
auto R = llvm::make_unique<BugReport>(*BT, Desc, N); describeUninitializedArgumentInCall(Call, ArgumentNumber, Os);
auto R = llvm::make_unique<BugReport>(*BT, Os.str(), N);
R->addRange(ArgRange); R->addRange(ArgRange);
if (ArgEx) if (ArgEx)
bugreporter::trackNullOrUndefValue(N, ArgEx, *R); bugreporter::trackNullOrUndefValue(N, ArgEx, *R);
C.emitReport(std::move(R)); C.emitReport(std::move(R));
} }
return true; return true;
} }
▲ Show 20 LinesShow All 212 Lines▼ Show 20 Lines else
BT = &BT_call_arg; BT = &BT_call_arg;
const FunctionDecl *FD = dyn_cast_or_null<FunctionDecl>(D); const FunctionDecl *FD = dyn_cast_or_null<FunctionDecl>(D);
for (unsigned i = 0, e = Call.getNumArgs(); i != e; ++i) { for (unsigned i = 0, e = Call.getNumArgs(); i != e; ++i) {
const ParmVarDecl *ParamDecl = nullptr; const ParmVarDecl *ParamDecl = nullptr;
if(FD && i < FD->getNumParams()) if(FD && i < FD->getNumParams())
ParamDecl = FD->getParamDecl(i); ParamDecl = FD->getParamDecl(i);
if (PreVisitProcessArg(C, Call.getArgSVal(i), Call.getArgSourceRange(i), if (PreVisitProcessArg(C, Call.getArgSVal(i), Call.getArgSourceRange(i),
Call.getArgExpr(i), /*IsFirstArgument=*/i == 0, Call.getArgExpr(i), i,
checkUninitFields, Call, *BT, ParamDecl)) checkUninitFields, Call, *BT, ParamDecl))
return; return;
} }
// If we make it here, record our assumptions about the callee. // If we make it here, record our assumptions about the callee.
C.addTransition(State); C.addTransition(State);
} }
▲ Show 20 LinesShow All 157 LinesShow Last 20 Lines

cfe/trunk/test/Analysis/NewDelete-checker-test.cpp

Show First 20 LinesShow All 238 Lines▼ Show 20 Linesvoid testUninitDeleteArray() {
int *x; int *x;
int * y = new int[5]; int * y = new int[5];
delete[] y; delete[] y;
delete[] x; // expected-warning{{Argument to 'delete[]' is uninitialized}} delete[] x; // expected-warning{{Argument to 'delete[]' is uninitialized}}
} }
void testUninitFree() { void testUninitFree() {
int *x; int *x;
free(x); // expected-warning{{Function call argument is an uninitialized value}} free(x); // expected-warning{{1st function call argument is an uninitialized value}}
} }
void testUninitDeleteSink() { void testUninitDeleteSink() {
int *x; int *x;
delete x; // expected-warning{{Argument to 'delete' is uninitialized}} delete x; // expected-warning{{Argument to 'delete' is uninitialized}}
(*(volatile int *)0 = 1); // no warn (*(volatile int *)0 = 1); // no warn
} }
▲ Show 20 LinesShow All 140 LinesShow Last 20 Lines

cfe/trunk/test/Analysis/diagnostics/undef-value-param.m

Show All 39 Lines CFRelease(storeRef); //expected-warning {{Null pointer argument in call to CFRelease}}
//expected-note@-1{{Null pointer argument in call to CFRelease}} //expected-note@-1{{Null pointer argument in call to CFRelease}}
} }
- (void)test2 { - (void)test2 {
SCDynamicStoreRef storeRef; // expected-note {{'storeRef' declared without an initial value}} SCDynamicStoreRef storeRef; // expected-note {{'storeRef' declared without an initial value}}
CreateRefUndef(&storeRef, 4); CreateRefUndef(&storeRef, 4);
//expected-note@-1{{Calling 'CreateRefUndef'}} //expected-note@-1{{Calling 'CreateRefUndef'}}
//expected-note@-2{{Returning from 'CreateRefUndef'}} //expected-note@-2{{Returning from 'CreateRefUndef'}}
CFRelease(storeRef); //expected-warning {{Function call argument is an uninitialized value}} CFRelease(storeRef); //expected-warning {{1st function call argument is an uninitialized value}}
//expected-note@-1{{Function call argument is an uninitialized value}} //expected-note@-1{{1st function call argument is an uninitialized value}}
} }
@end @end
static void CreateRef(SCDynamicStoreRef *storeRef, unsigned x) { static void CreateRef(SCDynamicStoreRef *storeRef, unsigned x) {
unsigned err = 0; unsigned err = 0;
SCDynamicStoreRef ref = anotherCreateRef(&err, x); SCDynamicStoreRef ref = anotherCreateRef(&err, x);
if (err) { if (err) {
//expected-note@-1{{Assuming 'err' is not equal to 0}} //expected-note@-1{{Assuming 'err' is not equal to 0}}
▲ Show 20 LinesShow All 855 Lines▼ Show 20 Lines
// CHECK-NEXT: <key>line</key><integer>48</integer> // CHECK-NEXT: <key>line</key><integer>48</integer>
// CHECK-NEXT: <key>col</key><integer>22</integer> // CHECK-NEXT: <key>col</key><integer>22</integer>
// CHECK-NEXT: <key>file</key><integer>0</integer> // CHECK-NEXT: <key>file</key><integer>0</integer>
// CHECK-NEXT: </dict> // CHECK-NEXT: </dict>
// CHECK-NEXT: </array> // CHECK-NEXT: </array>
// CHECK-NEXT: </array> // CHECK-NEXT: </array>
// CHECK-NEXT: <key>depth</key><integer>0</integer> // CHECK-NEXT: <key>depth</key><integer>0</integer>
// CHECK-NEXT: <key>extended_message</key> // CHECK-NEXT: <key>extended_message</key>
// CHECK-NEXT: <string>Function call argument is an uninitialized value</string> // CHECK-NEXT: <string>1st function call argument is an uninitialized value</string>
// CHECK-NEXT: <key>message</key> // CHECK-NEXT: <key>message</key>
// CHECK-NEXT: <string>Function call argument is an uninitialized value</string> // CHECK-NEXT: <string>1st function call argument is an uninitialized value</string>
// CHECK-NEXT: </dict> // CHECK-NEXT: </dict>
// CHECK-NEXT: </array> // CHECK-NEXT: </array>
// CHECK-NEXT: <key>description</key><string>Function call argument is an uninitialized value</string> // CHECK-NEXT: <key>description</key><string>1st function call argument is an uninitialized value</string>
// CHECK-NEXT: <key>category</key><string>Logic error</string> // CHECK-NEXT: <key>category</key><string>Logic error</string>
// CHECK-NEXT: <key>type</key><string>Uninitialized argument value</string> // CHECK-NEXT: <key>type</key><string>Uninitialized argument value</string>
// CHECK-NEXT: <key>check_name</key><string>core.CallAndMessage</string> // CHECK-NEXT: <key>check_name</key><string>core.CallAndMessage</string>
// CHECK-NEXT: <!-- This hash is experimental and going to change! --> // CHECK-NEXT: <!-- This hash is experimental and going to change! -->
// CHECK-NEXT: <key>issue_hash_content_of_line_in_context</key><string>fe2bb14813e15196c0180196fc1cce4c</string> // CHECK-NEXT: <key>issue_hash_content_of_line_in_context</key><string>fe2bb14813e15196c0180196fc1cce4c</string>
// CHECK-NEXT: <key>issue_context_kind</key><string>Objective-C method</string> // CHECK-NEXT: <key>issue_context_kind</key><string>Objective-C method</string>
// CHECK-NEXT: <key>issue_context</key><string>test2</string> // CHECK-NEXT: <key>issue_context</key><string>test2</string>
// CHECK-NEXT: <key>issue_hash_function_offset</key><string>5</string> // CHECK-NEXT: <key>issue_hash_function_offset</key><string>5</string>
// CHECK-NEXT: <key>location</key> // CHECK-NEXT: <key>location</key>
// CHECK-NEXT: <dict> // CHECK-NEXT: <dict>
// CHECK-NEXT: <key>line</key><integer>48</integer> // CHECK-NEXT: <key>line</key><integer>48</integer>
// CHECK-NEXT: <key>col</key><integer>5</integer> // CHECK-NEXT: <key>col</key><integer>5</integer>
// CHECK-NEXT: <key>file</key><integer>0</integer> // CHECK-NEXT: <key>file</key><integer>0</integer>
// CHECK-NEXT: </dict> // CHECK-NEXT: </dict>
// CHECK-NEXT: </dict> // CHECK-NEXT: </dict>
// CHECK-NEXT: </array> // CHECK-NEXT: </array>

cfe/trunk/test/Analysis/malloc.m

Show All 23 Lines+ (NSString *)foobar
NSString *error = ((void*)0); NSString *error = ((void*)0);
if ((buffer = malloc(sizeof(struct rdar0579586_str))) == ((void*)0)) if ((buffer = malloc(sizeof(struct rdar0579586_str))) == ((void*)0))
error = @"buffer allocation failure"; error = @"buffer allocation failure";
if (error != ((void*)0)) if (error != ((void*)0))
return error; return error;
rdar10579586(buffer->str_c); // expected-warning {{Function call argument is an uninitialized value}} rdar10579586(buffer->str_c); // expected-warning {{1st function call argument is an uninitialized value}}
free(buffer); free(buffer);
return ((void*)0); return ((void*)0);
} }
@end @end
@interface MyArray : NSObject { @interface MyArray : NSObject {
id * objects; id * objects;
} }
Show All 9 Linesvoid testNSDataTruePositiveLeak() {
char *b = (char *)malloc(12); char *b = (char *)malloc(12);
NSData *d = [[NSData alloc] initWithBytes: b length: 12]; // expected-warning {{Potential leak of memory pointed to by 'b'}} NSData *d = [[NSData alloc] initWithBytes: b length: 12]; // expected-warning {{Potential leak of memory pointed to by 'b'}}
} }
id wrapInNSValue() { id wrapInNSValue() {
void *buffer = malloc(4); void *buffer = malloc(4);
return [NSValue valueWithPointer:buffer]; // no-warning return [NSValue valueWithPointer:buffer]; // no-warning
} }
No newline at end of file No newline at end of file

cfe/trunk/test/Analysis/misc-ps-region-store.m

Show First 20 LinesShow All 390 Lines▼ Show 20 Lines
void rdar_7332673_test1() { void rdar_7332673_test1() {
char value[1]; char value[1];
if ( *(value) != 1 ) {} // expected-warning{{The left operand of '!=' is a garbage value}} if ( *(value) != 1 ) {} // expected-warning{{The left operand of '!=' is a garbage value}}
} }
int rdar_7332673_test2_aux(char *x); int rdar_7332673_test2_aux(char *x);
void rdar_7332673_test2() { void rdar_7332673_test2() {
char *value; char *value;
if ( rdar_7332673_test2_aux(value) != 1 ) {} // expected-warning{{Function call argument is an uninitialized value}} if ( rdar_7332673_test2_aux(value) != 1 ) {} // expected-warning{{1st function call argument is an uninitialized value}}
} }
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// <rdar://problem/7347252>: Because of a bug in // <rdar://problem/7347252>: Because of a bug in
// RegionStoreManager::RemoveDeadBindings(), the symbol for s->session->p // RegionStoreManager::RemoveDeadBindings(), the symbol for s->session->p
// would incorrectly be pruned from the state after the call to // would incorrectly be pruned from the state after the call to
// rdar7347252_malloc1(), and would incorrectly result in a warning about // rdar7347252_malloc1(), and would incorrectly result in a warning about
// passing a null pointer to rdar7347252_memcpy(). // passing a null pointer to rdar7347252_memcpy().
▲ Show 20 LinesShow All 260 Lines▼ Show 20 Lines- (void) foo:(id)target {
}; };
builder(target); builder(target);
} }
- (void) foo_positive:(id)target { - (void) foo_positive:(id)target {
__block RDar_7462324_Callback builder = ((void*) 0); __block RDar_7462324_Callback builder = ((void*) 0);
builder = ^(id object) { builder = ^(id object) {
id x; id x;
if (object) { if (object) {
builder(x); // expected-warning{{Block call argument is an uninitialized value}} builder(x); // expected-warning{{1st block call argument is an uninitialized value}}
} }
}; };
builder(target); builder(target);
} }
@end @end
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// <rdar://problem/7468209> - Scanning for live variables within a block should // <rdar://problem/7468209> - Scanning for live variables within a block should
▲ Show 20 LinesShow All 682 LinesShow Last 20 Lines

cfe/trunk/test/Analysis/misc-ps.m

Show First 20 LinesShow All 790 Lines▼ Show 20 Lines
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// Test passing an undefined value in a message or function call. // Test passing an undefined value in a message or function call.
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
void test_bad_call_aux(int x); void test_bad_call_aux(int x);
void test_bad_call(void) { void test_bad_call(void) {
int y; int y;
test_bad_call_aux(y); // expected-warning{{Function call argument is an uninitialized value}} test_bad_call_aux(y); // expected-warning{{1st function call argument is an uninitialized value}}
} }
@interface TestBadArg {} @interface TestBadArg {}
- (void) testBadArg:(int) x; - (void) testBadArg:(int) x;
@end @end
void test_bad_msg(TestBadArg *p) { void test_bad_msg(TestBadArg *p) {
int y; int y;
[p testBadArg:y]; // expected-warning{{Argument in message expression is an uninitialized value}} [p testBadArg:y]; // expected-warning{{1st argument in message expression is an uninitialized value}}
} }
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// PR 6033 - Test emitting the correct output in a warning where we use '%' // PR 6033 - Test emitting the correct output in a warning where we use '%'
// with operands that are undefined. // with operands that are undefined.
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
int pr6033(int x) { int pr6033(int x) {
▲ Show 20 LinesShow All 544 LinesShow Last 20 Lines

cfe/trunk/test/Analysis/null-deref-ps.c

Show First 20 LinesShow All 280 Lines▼ Show 20 Lines
} }
// PR 4759 - Attribute non-null checking by the analyzer was not correctly // PR 4759 - Attribute non-null checking by the analyzer was not correctly
// handling pointer values that were undefined. // handling pointer values that were undefined.
void pr4759_aux(int *p) __attribute__((nonnull)); void pr4759_aux(int *p) __attribute__((nonnull));
void pr4759() { void pr4759() {
int *p; int *p;
pr4759_aux(p); // expected-warning{{Function call argument is an uninitialized value}} pr4759_aux(p); // expected-warning{{1st function call argument is an uninitialized value}}
} }
// Relax function call arguments invalidation to be aware of const // Relax function call arguments invalidation to be aware of const
// arguments. Test with function pointers. radar://10595327 // arguments. Test with function pointers. radar://10595327
void ttt(const int *nptr); void ttt(const int *nptr);
void ttt2(const int *nptr); void ttt2(const int *nptr);
typedef void (*NoConstType)(int*); typedef void (*NoConstType)(int*);
int foo10595327(int b) { int foo10595327(int b) {
Show All 34 Lines

cfe/trunk/test/Analysis/nullptr.cpp

Show First 20 LinesShow All 101 Lines▼ Show 20 Lines
struct Type { struct Type {
decltype(nullptr) x; decltype(nullptr) x;
}; };
void shouldNotCrash() { void shouldNotCrash() {
decltype(nullptr) p; decltype(nullptr) p;
if (getSymbol()) if (getSymbol())
invokeF(p); // expected-warning{{Function call argument is an uninit}} invokeF(p); // expected-warning{{1st function call argument is an uninit}}
if (getSymbol()) if (getSymbol())
invokeF(nullptr); invokeF(nullptr);
if (getSymbol()) { if (getSymbol()) {
X *x = Type().x; X *x = Type().x;
x->f(); // expected-warning{{Called C++ object pointer is null}} x->f(); // expected-warning{{Called C++ object pointer is null}}
} }
} }
Show All 29 Lines

cfe/trunk/test/Analysis/uninit-const.c

Show All 18 Lines
void doStuff_pointerToConstPointerToConstInt(int const * const * u){}; void doStuff_pointerToConstPointerToConstInt(int const * const * u){};
void doStuff_pointerToPointerToConstInt (int const **u){}; void doStuff_pointerToPointerToConstInt (int const **u){};
void doStuff_constStaticSizedArray(const int a[static 10]) {} void doStuff_constStaticSizedArray(const int a[static 10]) {}
void doStuff_variadic(const int *u, ...){}; void doStuff_variadic(const int *u, ...){};
void f_1(void) { void f_1(void) {
int t; int t;
int* tp = &t; // expected-note {{'tp' initialized here}} int* tp = &t; // expected-note {{'tp' initialized here}}
doStuff_pointerToConstInt(tp); // expected-warning {{Function call argument is a pointer to uninitialized value}} doStuff_pointerToConstInt(tp); // expected-warning {{1st function call argument is a pointer to uninitialized value}}
// expected-note@-1 {{Function call argument is a pointer to uninitialized value}} // expected-note@-1 {{1st function call argument is a pointer to uninitialized value}}
} }
void f_1_1(void) { void f_1_1(void) {
int t; int t;
int* tp1 = &t; int* tp1 = &t;
int* tp2 = tp1; // expected-note {{'tp2' initialized here}} int* tp2 = tp1; // expected-note {{'tp2' initialized here}}
doStuff_pointerToConstInt(tp2); // expected-warning {{Function call argument is a pointer to uninitialized value}} doStuff_pointerToConstInt(tp2); // expected-warning {{1st function call argument is a pointer to uninitialized value}}
// expected-note@-1 {{Function call argument is a pointer to uninitialized value}} // expected-note@-1 {{1st function call argument is a pointer to uninitialized value}}
} }
int *f_2_sub(int *p) { int *f_2_sub(int *p) {
return p; return p;
} }
void f_2(void) { void f_2(void) {
int t; int t;
int* p = f_2_sub(&t); int* p = f_2_sub(&t);
int* tp = p; // expected-note {{'tp' initialized here}} int* tp = p; // expected-note {{'tp' initialized here}}
doStuff_pointerToConstInt(tp); // expected-warning {{Function call argument is a pointer to uninitialized value}} doStuff_pointerToConstInt(tp); // expected-warning {{1st function call argument is a pointer to uninitialized value}}
// expected-note@-1 {{Function call argument is a pointer to uninitialized value}} // expected-note@-1 {{1st function call argument is a pointer to uninitialized value}}
} }
int z; int z;
void f_3(void) { void f_3(void) {
doStuff_pointerToConstInt(&z); // no warning doStuff_pointerToConstInt(&z); // no warning
} }
void f_4(void) { void f_4(void) {
int x=5; int x=5;
doStuff_pointerToConstInt(&x); // no warning doStuff_pointerToConstInt(&x); // no warning
} }
void f_5(void) { void f_5(void) {
int ta[5]; int ta[5];
int* tp = ta; // expected-note {{'tp' initialized here}} int* tp = ta; // expected-note {{'tp' initialized here}}
doStuff_pointerToConstInt(tp); // expected-warning {{Function call argument is a pointer to uninitialized value}} doStuff_pointerToConstInt(tp); // expected-warning {{1st function call argument is a pointer to uninitialized value}}
// expected-note@-1 {{Function call argument is a pointer to uninitialized value}} // expected-note@-1 {{1st function call argument is a pointer to uninitialized value}}
} }
void f_5_1(void) { void f_5_1(void) {
int ta[5]; // expected-note {{'ta' initialized here}} int ta[5]; // expected-note {{'ta' initialized here}}
doStuff_pointerToConstInt(ta); // expected-warning {{Function call argument is a pointer to uninitialized value}} doStuff_pointerToConstInt(ta); // expected-warning {{1st function call argument is a pointer to uninitialized value}}
// expected-note@-1 {{Function call argument is a pointer to uninitialized value}} // expected-note@-1 {{1st function call argument is a pointer to uninitialized value}}
} }
void f_6(void) { void f_6(void) {
int ta[5] = {1,2,3,4,5}; int ta[5] = {1,2,3,4,5};
int* tp = ta; int* tp = ta;
doStuff_pointerToConstInt(tp); // no-warning doStuff_pointerToConstInt(tp); // no-warning
} }
void f_6_1(void) { void f_6_1(void) {
int ta[5] = {1,2,3,4,5}; int ta[5] = {1,2,3,4,5};
doStuff_pointerToConstInt(ta); // no-warning doStuff_pointerToConstInt(ta); // no-warning
} }
void f_7(void) { void f_7(void) {
int z; // expected-note {{'z' declared without an initial value}} int z; // expected-note {{'z' declared without an initial value}}
int y=z; // expected-warning {{Assigned value is garbage or undefined}} int y=z; // expected-warning {{Assigned value is garbage or undefined}}
// expected-note@-1 {{Assigned value is garbage or undefined}} // expected-note@-1 {{Assigned value is garbage or undefined}}
doStuff3(y); doStuff3(y);
} }
void f_8(void) { void f_8(void) {
int g; // expected-note {{'g' declared without an initial value}} int g; // expected-note {{'g' declared without an initial value}}
doStuff2(g); // expected-warning {{Function call argument is an uninitialized value}} doStuff2(g); // expected-warning {{1st function call argument is an uninitialized value}}
// expected-note@-1 {{Function call argument is an uninitialized value}} // expected-note@-1 {{1st function call argument is an uninitialized value}}
} }
void f_9(void) { void f_9(void) {
int a[6]; int a[6];
int const *ptau = a; // expected-note {{'ptau' initialized here}} int const *ptau = a; // expected-note {{'ptau' initialized here}}
doStuff_arrayOfConstInt(ptau); // expected-warning {{Function call argument is a pointer to uninitialized value}} doStuff_arrayOfConstInt(ptau); // expected-warning {{1st function call argument is a pointer to uninitialized value}}
// expected-note@-1 {{Function call argument is a pointer to uninitialized value}} // expected-note@-1 {{1st function call argument is a pointer to uninitialized value}}
} }
void f_10(void) { void f_10(void) {
int a[6]; // expected-note {{'a' initialized here}} int a[6]; // expected-note {{'a' initialized here}}
doStuff_arrayOfConstInt(a); // expected-warning {{Function call argument is a pointer to uninitialized value}} doStuff_arrayOfConstInt(a); // expected-warning {{1st function call argument is a pointer to uninitialized value}}
// expected-note@-1 {{Function call argument is a pointer to uninitialized value}} // expected-note@-1 {{1st function call argument is a pointer to uninitialized value}}
} }
void f_11(void) { void f_11(void) {
int t[10]; //expected-note {{'t' initialized here}} int t[10]; //expected-note {{'t' initialized here}}
doStuff_constStaticSizedArray(t); // expected-warning {{Function call argument is a pointer to uninitialized value}} doStuff_constStaticSizedArray(t); // expected-warning {{1st function call argument is a pointer to uninitialized value}}
// expected-note@-1 {{Function call argument is a pointer to uninitialized value}} // expected-note@-1 {{1st function call argument is a pointer to uninitialized value}}
} }
void f_12(void) { void f_12(void) {
int t[10] = {0,1,2,3,4,5,6,7,8,9}; int t[10] = {0,1,2,3,4,5,6,7,8,9};
doStuff_constStaticSizedArray(t); // no-warning doStuff_constStaticSizedArray(t); // no-warning
} }
int f_malloc_1(void) { int f_malloc_1(void) {
int *ptr; int *ptr;
ptr = (int *)malloc(sizeof(int)); // expected-note {{Value assigned to 'ptr'}} ptr = (int *)malloc(sizeof(int)); // expected-note {{Value assigned to 'ptr'}}
doStuff_pointerToConstInt(ptr); // expected-warning {{Function call argument is a pointer to uninitialized value}} doStuff_pointerToConstInt(ptr); // expected-warning {{1st function call argument is a pointer to uninitialized value}}
// expected-note@-1 {{Function call argument is a pointer to uninitialized value}} // expected-note@-1 {{1st function call argument is a pointer to uninitialized value}}
free(ptr); free(ptr);
return 0; return 0;
} }
int f_malloc_2(void) { int f_malloc_2(void) {
int *ptr; int *ptr;
ptr = (int *)malloc(sizeof(int)); ptr = (int *)malloc(sizeof(int));
*ptr = 25; *ptr = 25;
doStuff_pointerToConstInt(ptr); // no warning doStuff_pointerToConstInt(ptr); // no warning
free(ptr); free(ptr);
return 0; return 0;
} }
// uninit pointer, uninit val // uninit pointer, uninit val
void f_variadic_unp_unv(void) { void f_variadic_unp_unv(void) {
int t; int t;
int v; int v;
int* tp = &t; // expected-note {{'tp' initialized here}} int* tp = &t; // expected-note {{'tp' initialized here}}
doStuff_variadic(tp,v); // expected-warning {{Function call argument is a pointer to uninitialized value}} doStuff_variadic(tp,v); // expected-warning {{1st function call argument is a pointer to uninitialized value}}
// expected-note@-1 {{Function call argument is a pointer to uninitialized value}} // expected-note@-1 {{1st function call argument is a pointer to uninitialized value}}
} }
// uninit pointer, init val // uninit pointer, init val
void f_variadic_unp_inv(void) { void f_variadic_unp_inv(void) {
int t; int t;
int v = 3; int v = 3;
int* tp = &t; // expected-note {{'tp' initialized here}} int* tp = &t; // expected-note {{'tp' initialized here}}
doStuff_variadic(tp,v); // expected-warning {{Function call argument is a pointer to uninitialized value}} doStuff_variadic(tp,v); // expected-warning {{1st function call argument is a pointer to uninitialized value}}
// expected-note@-1 {{Function call argument is a pointer to uninitialized value}} // expected-note@-1 {{1st function call argument is a pointer to uninitialized value}}
} }
// init pointer, uninit val // init pointer, uninit val
void f_variadic_inp_unv(void) { void f_variadic_inp_unv(void) {
int t=5; int t=5;
int v; // expected-note {{'v' declared without an initial value}} int v; // expected-note {{'v' declared without an initial value}}
int* tp = &t; int* tp = &t;
doStuff_variadic(tp,v);// expected-warning {{Function call argument is an uninitialized value}} doStuff_variadic(tp,v);// expected-warning {{2nd function call argument is an uninitialized value}}
// expected-note@-1 {{Function call argument is an uninitialized value}} // expected-note@-1 {{2nd function call argument is an uninitialized value}}
} }
// init pointer, init val // init pointer, init val
void f_variadic_inp_inv(void) { void f_variadic_inp_inv(void) {
int t=5; int t=5;
int v = 3; int v = 3;
int* tp = &t; int* tp = &t;
doStuff_variadic(tp,v); // no-warning doStuff_variadic(tp,v); // no-warning
Show All 9 Lines
} }
//uninit pointer, init pointer //uninit pointer, init pointer
void f_variadic_unp_inp(void) { void f_variadic_unp_inp(void) {
int t; int t;
int u=3; int u=3;
int *vp = &u ; int *vp = &u ;
int *tp = &t; // expected-note {{'tp' initialized here}} int *tp = &t; // expected-note {{'tp' initialized here}}
doStuff_variadic(tp,vp); // expected-warning {{Function call argument is a pointer to uninitialized value}} doStuff_variadic(tp,vp); // expected-warning {{1st function call argument is a pointer to uninitialized value}}
// expected-note@-1 {{Function call argument is a pointer to uninitialized value}} // expected-note@-1 {{1st function call argument is a pointer to uninitialized value}}
} }
//init pointer, uninit pointer //init pointer, uninit pointer
void f_variadic_inp_unp(void) { void f_variadic_inp_unp(void) {
int t=5; int t=5;
int u; int u;
int *vp = &u ; int *vp = &u ;
int *tp = &t; int *tp = &t;
doStuff_variadic(tp,vp); // no-warning doStuff_variadic(tp,vp); // no-warning
} }
//uninit pointer, uninit pointer //uninit pointer, uninit pointer
void f_variadic_unp_unp(void) { void f_variadic_unp_unp(void) {
int t; int t;
int u; int u;
int *vp = &u ; int *vp = &u ;
int *tp = &t; // expected-note {{'tp' initialized here}} int *tp = &t; // expected-note {{'tp' initialized here}}
doStuff_variadic(tp,vp); // expected-warning {{Function call argument is a pointer to uninitialized value}} doStuff_variadic(tp,vp); // expected-warning {{1st function call argument is a pointer to uninitialized value}}
// expected-note@-1 {{Function call argument is a pointer to uninitialized value}} // expected-note@-1 {{1st function call argument is a pointer to uninitialized value}}
} }

cfe/trunk/test/Analysis/uninit-const.cpp

Show First 20 LinesShow All 60 Lines▼ Show 20 Linesvoid f6_1(void) {
doStuff6(q); doStuff6(q);
} }
void f6_2(void) { void f6_2(void) {
int t; //expected-note {{'t' declared without an initial value}} int t; //expected-note {{'t' declared without an initial value}}
int &p = t; int &p = t;
int &s = p; int &s = p;
int &q = s; //expected-note {{'q' initialized here}} int &q = s; //expected-note {{'q' initialized here}}
doStuff6(q); //expected-warning {{Function call argument is an uninitialized value}} doStuff6(q); //expected-warning {{1st function call argument is an uninitialized value}}
//expected-note@-1 {{Function call argument is an uninitialized value}} //expected-note@-1 {{1st function call argument is an uninitialized value}}
} }
void doStuff6_3(int& q_, int *ptr_) {} void doStuff6_3(int& q_, int *ptr_) {}
void f6_3(void) { void f6_3(void) {
int *ptr; //expected-note {{'ptr' declared without an initial value}} int *ptr; //expected-note {{'ptr' declared without an initial value}}
int t; int t;
int &p = t; int &p = t;
int &s = p; int &s = p;
int &q = s; int &q = s;
doStuff6_3(q,ptr); //expected-warning {{Function call argument is an uninitialized value}} doStuff6_3(q,ptr); //expected-warning {{2nd function call argument is an uninitialized value}}
//expected-note@-1 {{Function call argument is an uninitialized value}} //expected-note@-1 {{2nd function call argument is an uninitialized value}}
} }
void f6(void) { void f6(void) {
int k; // expected-note {{'k' declared without an initial value}} int k; // expected-note {{'k' declared without an initial value}}
doStuff6(k); // expected-warning {{Function call argument is an uninitialized value}} doStuff6(k); // expected-warning {{1st function call argument is an uninitialized value}}
// expected-note@-1 {{Function call argument is an uninitialized value}} // expected-note@-1 {{1st function call argument is an uninitialized value}}
} }
void f5(void) { void f5(void) {
int t; int t;
int* tp = &t; // expected-note {{'tp' initialized here}} int* tp = &t; // expected-note {{'tp' initialized here}}
doStuff_uninit(tp); // expected-warning {{Function call argument is a pointer to uninitialized value}} doStuff_uninit(tp); // expected-warning {{1st function call argument is a pointer to uninitialized value}}
// expected-note@-1 {{Function call argument is a pointer to uninitialized value}} // expected-note@-1 {{1st function call argument is a pointer to uninitialized value}}
} }
void f4(void) { void f4(void) {
int y; // expected-note {{'y' declared without an initial value}} int y; // expected-note {{'y' declared without an initial value}}
doStuff4(y); // expected-warning {{Function call argument is an uninitialized value}} doStuff4(y); // expected-warning {{1st function call argument is an uninitialized value}}
// expected-note@-1 {{Function call argument is an uninitialized value}} // expected-note@-1 {{1st function call argument is an uninitialized value}}
} }
void f3(void) { void f3(void) {
int g; int g;
doStuff3(g); // no warning doStuff3(g); // no warning
} }
int z; int z;
void f2(void) { void f2(void) {
doStuff_uninit(&z); // no warning doStuff_uninit(&z); // no warning
} }
void f1(void) { void f1(void) {
int x_=5; int x_=5;
doStuff_uninit(&x_); // no warning doStuff_uninit(&x_); // no warning
} }
void f_uninit(void) { void f_uninit(void) {
int x; int x;
doStuff_uninit(&x); // expected-warning {{Function call argument is a pointer to uninitialized value}} doStuff_uninit(&x); // expected-warning {{1st function call argument is a pointer to uninitialized value}}
// expected-note@-1 {{Function call argument is a pointer to uninitialized value}} // expected-note@-1 {{1st function call argument is a pointer to uninitialized value}}
} }

cfe/trunk/test/Analysis/uninit-msg-expr.m

Show First 20 LinesShow All 46 Lines▼ Show 20 Lines
unsigned f2() { unsigned f2() {
NSString *aString = 0; NSString *aString = 0;
return [aString length]; // no-warning return [aString length]; // no-warning
} }
void f3() { void f3() {
NSMutableArray *aArray = [NSArray array]; NSMutableArray *aArray = [NSArray array];
NSString *aString; NSString *aString;
[aArray addObject:aString]; // expected-warning {{Argument in message expression is an uninitialized value}} [aArray addObject:aString]; // expected-warning {{1st argument in message expression is an uninitialized value}}
} }

cfe/trunk/test/Analysis/uninit-vals-ps.c

// RUN: %clang_analyze_cc1 -analyzer-checker=core -analyzer-store=region -fblocks -verify %s // RUN: %clang_analyze_cc1 -analyzer-checker=core -analyzer-store=region -fblocks -verify %s
struct FPRec { struct FPRec {
void (*my_func)(int * x); void (*my_func)(int * x);
}; };
int bar(int x); int bar(int x);
int f1_a(struct FPRec* foo) { int f1_a(struct FPRec* foo) {
int x; int x;
(*foo->my_func)(&x); (*foo->my_func)(&x);
return bar(x)+1; // no-warning return bar(x)+1; // no-warning
} }
int f1_b() { int f1_b() {
int x; int x;
return bar(x)+1; // expected-warning{{Function call argument is an uninitialized value}} return bar(x)+1; // expected-warning{{1st function call argument is an uninitialized value}}
} }
int f2() { int f2() {
int x; int x;
if (x+1) // expected-warning{{The left operand of '+' is a garbage value}} if (x+1) // expected-warning{{The left operand of '+' is a garbage value}}
return 1; return 1;
▲ Show 20 LinesShow All 132 LinesShow Last 20 Lines

cfe/trunk/test/Analysis/uninit-vals.cpp

Show All 21 Linesvoid foo() {
C c1; C c1;
C *c2; C *c2;
#ifdef CHECK_FOR_CRASH #ifdef CHECK_FOR_CRASH
// If the value of variable is not defined and checkers that check undefined // If the value of variable is not defined and checkers that check undefined
// values are not enabled, performTrivialCopy should be able to handle the // values are not enabled, performTrivialCopy should be able to handle the
// case with undefined values, too. // case with undefined values, too.
c1.b.a = c2->b.a; c1.b.a = c2->b.a;
#else #else
c1.b.a = c2->b.a; // expected-warning{{Function call argument is an uninitialized value}} c1.b.a = c2->b.a; // expected-warning{{1st function call argument is an uninitialized value}}
#endif #endif
} }
} }