1 // RUN: %clang_analyze_cc1 -analyzer-output=text -verify %s \
2 // RUN:   -analyzer-checker=core \
3 // RUN:   -analyzer-checker=cplusplus.NewDelete \
4 // RUN:   -analyzer-config core.CallAndMessage:ArgPointeeInitializedness=true
5 
6 // RUN: %clang_analyze_cc1 -analyzer-output=text -verify %s \
7 // RUN:   -DTEST_INLINABLE_ALLOCATORS \
8 // RUN:   -analyzer-checker=core \
9 // RUN:   -analyzer-checker=cplusplus.NewDelete \
10 // RUN:   -analyzer-config core.CallAndMessage:ArgPointeeInitializedness=true
11 
12 // Passing uninitialized const data to unknown function
13 
14 #include "Inputs/system-header-simulator-cxx.h"
15 
16 void doStuff6(const int& c);
17 void doStuff4(const int y);
18 void doStuff3(int& g);
19 void doStuff_uninit(const int *u);
20 
21 
f10(void)22 int f10(void) {
23   int *ptr;
24 
25   ptr = new int; //
26   if(*ptr) {
27     doStuff4(*ptr);
28   }
29   delete ptr;
30   return 0;
31 }
32 
f9(void)33 int f9(void) {
34   int *ptr;
35 
36   ptr = new int; //
37 
38   doStuff_uninit(ptr); // no warning
39   delete ptr;
40   return 0;
41 }
42 
f8(void)43 int f8(void) {
44   int *ptr;
45 
46   ptr = new int;
47   *ptr = 25;
48 
49   doStuff_uninit(ptr); // no warning?
50   delete ptr;
51   return 0;
52 }
53 
f7(void)54 void f7(void) {
55   int m = 3;
56   doStuff6(m); // no warning
57 }
58 
59 
f6_1_sub(int & p)60 int& f6_1_sub(int &p) {
61   return p; // expected-note{{Returning without writing to 'p'}}
62             // expected-note@-1{{Returning pointer (reference to 't')}}
63 }
64 
f6_1(void)65 void f6_1(void) {
66   int t;               // expected-note{{'t' declared without an initial value}}
67   int p = f6_1_sub(t); //expected-warning {{Assigned value is garbage or undefined}}
68                        //expected-note@-1 {{Passing value via 1st parameter 'p'}}
69                        //expected-note@-2 {{Calling 'f6_1_sub'}}
70                        //expected-note@-3 {{Returning from 'f6_1_sub'}}
71                        //expected-note@-4 {{Assigned value is garbage or undefined}}
72   int q = p;
73   doStuff6(q);
74 }
75 
f6_2(void)76 void f6_2(void) {
77   int t;       //expected-note {{'t' declared without an initial value}}
78   int &p = t;  //expected-note {{'p' initialized here}}
79   int &s = p;  //expected-note {{'s' initialized to the value of 'p'}}
80   int &q = s;  //expected-note {{'q' initialized to the value of 's'}}
81   doStuff6(q); //expected-warning {{1st function call argument is an uninitialized value}}
82                //expected-note@-1 {{1st function call argument is an uninitialized value}}
83 }
84 
doStuff6_3(int & q_,int * ptr_)85 void doStuff6_3(int& q_, int *ptr_) {}
86 
f6_3(void)87 void f6_3(void) {
88   int *ptr;    //expected-note {{'ptr' declared without an initial value}}
89   int t;
90   int &p = t;
91   int &s = p;
92   int &q = s;
93   doStuff6_3(q,ptr); //expected-warning {{2nd function call argument is an uninitialized value}}
94                //expected-note@-1 {{2nd function call argument is an uninitialized value}}
95 
96 }
97 
f6(void)98 void f6(void) {
99   int k;       // expected-note {{'k' declared without an initial value}}
100   doStuff6(k); // expected-warning {{1st function call argument is an uninitialized value}}
101                // expected-note@-1 {{1st function call argument is an uninitialized value}}
102 
103 }
104 
105 
106 
f5(void)107 void f5(void) {
108   int t;               // expected-note {{'t' declared without an initial value}}
109   int* tp = &t;        // expected-note {{'tp' initialized here}}
110   doStuff_uninit(tp);  // expected-warning {{1st function call argument is a pointer to uninitialized value}}
111                        // expected-note@-1 {{1st function call argument is a pointer to uninitialized value}}
112 }
113 
114 
f4(void)115 void f4(void) {
116       int y;        // expected-note {{'y' declared without an initial value}}
117       doStuff4(y);  // expected-warning {{1st function call argument is an uninitialized value}}
118                     // expected-note@-1 {{1st function call argument is an uninitialized value}}
119 }
120 
f3(void)121 void f3(void) {
122       int g;
123       doStuff3(g); // no warning
124 }
125 
126 int z;
f2(void)127 void f2(void) {
128       doStuff_uninit(&z);  // no warning
129 }
130 
f1(void)131 void f1(void) {
132       int x_=5;
133       doStuff_uninit(&x_);  // no warning
134 }
135 
f_uninit(void)136 void f_uninit(void) {
137       int x;               // expected-note {{'x' declared without an initial value}}
138       doStuff_uninit(&x);  // expected-warning {{1st function call argument is a pointer to uninitialized value}}
139                            // expected-note@-1 {{1st function call argument is a pointer to uninitialized value}}
140 }
141