1 // RUN: %clang_analyze_cc1 -std=c++11 -Wno-conversion-null -analyzer-checker=core,debug.ExprInspection -analyzer-store region -analyzer-output=text -verify %s 2 3 void clang_analyzer_eval(int); 4 5 // test to see if nullptr is detected as a null pointer 6 void foo1(void) { 7 char *np = nullptr; // expected-note{{'np' initialized to a null pointer value}} 8 *np = 0; // expected-warning{{Dereference of null pointer}} 9 // expected-note@-1{{Dereference of null pointer}} 10 } 11 12 // check if comparing nullptr to nullptr is detected properly 13 void foo2(void) { 14 char *np1 = nullptr; 15 char *np2 = np1; 16 char c; 17 if (np1 == np2) 18 np1 = &c; 19 *np1 = 0; // no-warning 20 } 21 22 // invoving a nullptr in a more complex operation should be cause a warning 23 void foo3(void) { 24 struct foo { 25 int a, f; 26 }; 27 char *np = nullptr; // expected-note{{'np' initialized to a null pointer value}} 28 // casting a nullptr to anything should be caught eventually 29 int *ip = &(((struct foo *)np)->f); // expected-note{{'ip' initialized to a null pointer value}} 30 *ip = 0; // expected-warning{{Dereference of null pointer}} 31 // expected-note@-1{{Dereference of null pointer}} 32 // should be error here too, but analysis gets stopped 33 // *np = 0; 34 } 35 36 // nullptr is implemented as a zero integer value, so should be able to compare 37 void foo4(void) { 38 char *np = nullptr; 39 if (np != 0) 40 *np = 0; // no-warning 41 char *cp = 0; 42 if (np != cp) 43 *np = 0; // no-warning 44 } 45 46 int pr10372(void *& x) { 47 // GNU null is a pointer-sized integer, not a pointer. 48 x = __null; 49 // This used to crash. 50 return __null; 51 } 52 53 void zoo1() { 54 char **p = 0; // expected-note{{'p' initialized to a null pointer value}} 55 delete *(p + 0); // expected-warning{{Dereference of null pointer}} 56 // expected-note@-1{{Dereference of null pointer}} 57 } 58 59 void zoo1backwards() { 60 char **p = 0; // expected-note{{'p' initialized to a null pointer value}} 61 delete *(0 + p); // expected-warning{{Dereference of null pointer}} 62 // expected-note@-1{{Dereference of null pointer}} 63 } 64 65 typedef __INTPTR_TYPE__ intptr_t; 66 void zoo1multiply() { 67 char **p = 0; // FIXME-should-be-note:{{'p' initialized to a null pointer value}} 68 delete *((char **)((intptr_t)p * 2)); // expected-warning{{Dereference of null pointer}} 69 // expected-note@-1{{Dereference of null pointer}} 70 } 71 72 void zoo2() { 73 int **a = 0; 74 int **b = 0; // expected-note{{'b' initialized to a null pointer value}} 75 asm ("nop" 76 :"=r"(*a) 77 :"0"(*b) // expected-warning{{Dereference of null pointer}} 78 // expected-note@-1{{Dereference of null pointer}} 79 ); 80 } 81 82 int exprWithCleanups() { 83 struct S { 84 S(int a):a(a){} 85 ~S() {} 86 87 int a; 88 }; 89 90 int *x = 0; // expected-note{{'x' initialized to a null pointer value}} 91 return S(*x).a; // expected-warning{{Dereference of null pointer}} 92 // expected-note@-1{{Dereference of null pointer}} 93 } 94 95 int materializeTempExpr() { 96 int *n = 0; // expected-note{{'n' initialized to a null pointer value}} 97 struct S { 98 int a; 99 S(int i): a(i) {} 100 }; 101 const S &s = S(*n); // expected-warning{{Dereference of null pointer}} 102 // expected-note@-1{{Dereference of null pointer}} 103 return s.a; 104 } 105 106 typedef decltype(nullptr) nullptr_t; 107 void testMaterializeTemporaryExprWithNullPtr() { 108 // Create MaterializeTemporaryExpr with a nullptr inside. 109 const nullptr_t &r = nullptr; 110 } 111 112 int getSymbol(); 113 114 struct X { 115 virtual void f() {} 116 }; 117 118 void invokeF(X* x) { 119 x->f(); // expected-warning{{Called C++ object pointer is null}} 120 // expected-note@-1{{Called C++ object pointer is null}} 121 } 122 123 struct Type { 124 decltype(nullptr) x; 125 }; 126 127 void shouldNotCrash() { 128 decltype(nullptr) p; // expected-note{{'p' declared without an initial value}} 129 if (getSymbol()) // expected-note {{Assuming the condition is false}} 130 // expected-note@-1{{Taking false branch}} 131 // expected-note@-2{{Assuming the condition is false}} 132 // expected-note@-3{{Taking false branch}} 133 // expected-note@-4{{Assuming the condition is true}} 134 // expected-note@-5{{Taking true branch}} 135 invokeF(p); // expected-warning{{1st function call argument is an uninitialized value}} 136 // expected-note@-1{{1st function call argument is an uninitialized value}} 137 if (getSymbol()) // expected-note {{Assuming the condition is false}} 138 // expected-note@-1{{Taking false branch}} 139 // expected-note@-2{{Assuming the condition is true}} 140 // expected-note@-3{{Taking true branch}} 141 invokeF(nullptr); // expected-note {{Calling 'invokeF'}} 142 // expected-note@-1{{Passing null pointer value via 1st parameter 'x'}} 143 if (getSymbol()) { // expected-note {{Assuming the condition is true}} 144 // expected-note@-1{{Taking true branch}} 145 X *xx = Type().x; // expected-note {{Null pointer value stored to field 'x'}} 146 // expected-note@-1{{'xx' initialized to a null pointer value}} 147 xx->f(); // expected-warning{{Called C++ object pointer is null}} 148 // expected-note@-1{{Called C++ object pointer is null}} 149 } 150 } 151 152 void f(decltype(nullptr) p) { 153 int *q = nullptr; 154 clang_analyzer_eval(p == 0); // expected-warning{{TRUE}} 155 // expected-note@-1{{TRUE}} 156 clang_analyzer_eval(q == 0); // expected-warning{{TRUE}} 157 // expected-note@-1{{TRUE}} 158 } 159 160 decltype(nullptr) returnsNullPtrType(); 161 void fromReturnType() { 162 ((X *)returnsNullPtrType())->f(); // expected-warning{{Called C++ object pointer is null}} 163 // expected-note@-1{{Called C++ object pointer is null}} 164 } 165 166 #define AS_ATTRIBUTE __attribute__((address_space(256))) 167 class AS1 { 168 public: 169 int x; 170 ~AS1() { 171 int AS_ATTRIBUTE *x = 0; 172 *x = 3; // no-warning 173 } 174 }; 175 void test_address_space_field_access() { 176 AS1 AS_ATTRIBUTE *pa = 0; 177 pa->x = 0; // no-warning 178 } 179 void test_address_space_bind() { 180 AS1 AS_ATTRIBUTE *pa = 0; 181 AS1 AS_ATTRIBUTE &r = *pa; 182 r.x = 0; // no-warning 183 } 184