1 // RUN: %clang_analyze_cc1 -analyzer-output=text -verify %s \ 2 // RUN: -analyzer-checker=core \ 3 // RUN: -analyzer-checker=cplusplus.NewDelete \ 4 // RUN: -analyzer-config core.CallAndMessage:ArgPointeeInitializedness=true 5 6 // RUN: %clang_analyze_cc1 -analyzer-output=text -verify %s \ 7 // RUN: -DTEST_INLINABLE_ALLOCATORS \ 8 // RUN: -analyzer-checker=core \ 9 // RUN: -analyzer-checker=cplusplus.NewDelete \ 10 // RUN: -analyzer-config core.CallAndMessage:ArgPointeeInitializedness=true 11 12 // Passing uninitialized const data to unknown function 13 14 #include "Inputs/system-header-simulator-cxx.h" 15 16 void doStuff6(const int& c); 17 void doStuff4(const int y); 18 void doStuff3(int& g); 19 void doStuff_uninit(const int *u); 20 21 22 int f10(void) { 23 int *ptr; 24 25 ptr = new int; // 26 if(*ptr) { 27 doStuff4(*ptr); 28 } 29 delete ptr; 30 return 0; 31 } 32 33 int f9(void) { 34 int *ptr; 35 36 ptr = new int; // 37 38 doStuff_uninit(ptr); // no warning 39 delete ptr; 40 return 0; 41 } 42 43 int f8(void) { 44 int *ptr; 45 46 ptr = new int; 47 *ptr = 25; 48 49 doStuff_uninit(ptr); // no warning? 50 delete ptr; 51 return 0; 52 } 53 54 void f7(void) { 55 int m = 3; 56 doStuff6(m); // no warning 57 } 58 59 60 int& f6_1_sub(int &p) { 61 return p; // expected-note{{Returning without writing to 'p'}} 62 // expected-note@-1{{Returning pointer (reference to 't')}} 63 } 64 65 void f6_1(void) { 66 int t; // expected-note{{'t' declared without an initial value}} 67 int p = f6_1_sub(t); //expected-warning {{Assigned value is garbage or undefined}} 68 //expected-note@-1 {{Passing value via 1st parameter 'p'}} 69 //expected-note@-2 {{Calling 'f6_1_sub'}} 70 //expected-note@-3 {{Returning from 'f6_1_sub'}} 71 //expected-note@-4 {{Assigned value is garbage or undefined}} 72 int q = p; 73 doStuff6(q); 74 } 75 76 void f6_2(void) { 77 int t; //expected-note {{'t' declared without an initial value}} 78 int &p = t; //expected-note {{'p' initialized here}} 79 int &s = p; //expected-note {{'s' initialized to the value of 'p'}} 80 int &q = s; //expected-note {{'q' initialized to the value of 's'}} 81 doStuff6(q); //expected-warning {{1st function call argument is an uninitialized value}} 82 //expected-note@-1 {{1st function call argument is an uninitialized value}} 83 } 84 85 void doStuff6_3(int& q_, int *ptr_) {} 86 87 void f6_3(void) { 88 int *ptr; //expected-note {{'ptr' declared without an initial value}} 89 int t; 90 int &p = t; 91 int &s = p; 92 int &q = s; 93 doStuff6_3(q,ptr); //expected-warning {{2nd function call argument is an uninitialized value}} 94 //expected-note@-1 {{2nd function call argument is an uninitialized value}} 95 96 } 97 98 void f6(void) { 99 int k; // expected-note {{'k' declared without an initial value}} 100 doStuff6(k); // expected-warning {{1st function call argument is an uninitialized value}} 101 // expected-note@-1 {{1st function call argument is an uninitialized value}} 102 103 } 104 105 106 107 void f5(void) { 108 int t; // expected-note {{'t' declared without an initial value}} 109 int* tp = &t; // expected-note {{'tp' initialized here}} 110 doStuff_uninit(tp); // expected-warning {{1st function call argument is a pointer to uninitialized value}} 111 // expected-note@-1 {{1st function call argument is a pointer to uninitialized value}} 112 } 113 114 115 void f4(void) { 116 int y; // expected-note {{'y' declared without an initial value}} 117 doStuff4(y); // expected-warning {{1st function call argument is an uninitialized value}} 118 // expected-note@-1 {{1st function call argument is an uninitialized value}} 119 } 120 121 void f3(void) { 122 int g; 123 doStuff3(g); // no warning 124 } 125 126 int z; 127 void f2(void) { 128 doStuff_uninit(&z); // no warning 129 } 130 131 void f1(void) { 132 int x_=5; 133 doStuff_uninit(&x_); // no warning 134 } 135 136 void f_uninit(void) { 137 int x; // expected-note {{'x' declared without an initial value}} 138 doStuff_uninit(&x); // expected-warning {{1st function call argument is a pointer to uninitialized value}} 139 // expected-note@-1 {{1st function call argument is a pointer to uninitialized value}} 140 } 141