diff options
| author | Gabor Horvath <xazax.hun@gmail.com> | 2016-08-22 11:21:30 +0000 |
|---|---|---|
| committer | Gabor Horvath <xazax.hun@gmail.com> | 2016-08-22 11:21:30 +0000 |
| commit | b59b27040efbc1ac03427a5ff0eceec527202cc0 (patch) | |
| tree | cb0f4950612ee60dce09ea2937a298eb5ad9b655 /clang/test/Analysis | |
| parent | 8738786bc1a8655b38da7d073b635d042918139c (diff) | |
| download | bcm5719-llvm-b59b27040efbc1ac03427a5ff0eceec527202cc0.tar.gz bcm5719-llvm-b59b27040efbc1ac03427a5ff0eceec527202cc0.zip | |
Reapply "[analyzer] Added valist related checkers."
Differential Revision: https://reviews.llvm.org/D15227
llvm-svn: 279427
Diffstat (limited to 'clang/test/Analysis')
| -rw-r--r-- | clang/test/Analysis/Inputs/system-header-simulator-for-valist.h | 30 | ||||
| -rw-r--r-- | clang/test/Analysis/valist-uninitialized.c | 178 | ||||
| -rw-r--r-- | clang/test/Analysis/valist-unterminated.c | 133 |
3 files changed, 341 insertions, 0 deletions
diff --git a/clang/test/Analysis/Inputs/system-header-simulator-for-valist.h b/clang/test/Analysis/Inputs/system-header-simulator-for-valist.h new file mode 100644 index 00000000000..7299b61353d --- /dev/null +++ b/clang/test/Analysis/Inputs/system-header-simulator-for-valist.h @@ -0,0 +1,30 @@ +// Like the compiler, the static analyzer treats some functions differently if +// they come from a system header -- for example, it is assumed that system +// functions do not arbitrarily free() their parameters, and that some bugs +// found in system headers cannot be fixed by the user and should be +// suppressed. + +#pragma clang system_header + +#ifdef __cplusplus +#define restrict /*restrict*/ +#endif + +typedef __builtin_va_list va_list; + +#define va_start(ap, param) __builtin_va_start(ap, param) +#define va_end(ap) __builtin_va_end(ap) +#define va_arg(ap, type) __builtin_va_arg(ap, type) +#define va_copy(dst, src) __builtin_va_copy(dst, src) + +int vprintf (const char *restrict format, va_list arg); + +int vsprintf (char *restrict s, const char *restrict format, va_list arg); + +int some_library_function(int n, va_list arg); + +// No warning from system header. +inline void __impl_detail(int fst, ...) { + va_list va; + (void)va_arg(va, int); +} diff --git a/clang/test/Analysis/valist-uninitialized.c b/clang/test/Analysis/valist-uninitialized.c new file mode 100644 index 00000000000..b1f11d138fe --- /dev/null +++ b/clang/test/Analysis/valist-uninitialized.c @@ -0,0 +1,178 @@ +// RUN: %clang_cc1 -triple x86_64-pc-linux-gnu -analyze -analyzer-checker=core,alpha.valist.Uninitialized,alpha.valist.CopyToSelf -analyzer-output=text -analyzer-store=region -verify %s + +#include "Inputs/system-header-simulator-for-valist.h" + +void f1(int fst, ...) { + va_list va; + (void)va_arg(va, int); //expected-warning{{va_arg() is called on an uninitialized va_list}} expected-note{{va_arg() is called on an uninitialized va_list}} +} + +int f2(int fst, ...) { + va_list va; + va_start(va, fst); // expected-note{{Initialized va_list}} + va_end(va); // expected-note{{Ended va_list}} + return va_arg(va, int); //expected-warning{{va_arg() is called on an uninitialized va_list}} expected-note{{va_arg() is called on an uninitialized va_list}} +} + +void f3(int fst, ...) { + va_list va, va2; + va_start(va, fst); + va_copy(va2, va); + va_end(va); + (void)va_arg(va2, int); + va_end(va2); +} //no-warning + +void f4(int cond, ...) { + va_list va; + if (cond) { // expected-note{{Assuming 'cond' is 0}} expected-note{{Taking false branch}} + va_start(va, cond); + (void)va_arg(va,int); + } + va_end(va); //expected-warning{{va_end() is called on an uninitialized va_list}} expected-note{{va_end() is called on an uninitialized va_list}} +} + +void f5(va_list fst, ...) { + va_start(fst, fst); + (void)va_arg(fst, int); + va_end(fst); +} // no-warning + +//FIXME: this should not cause a warning +void f6(va_list *fst, ...) { + va_start(*fst, fst); + (void)va_arg(*fst, int); //expected-warning{{va_arg() is called on an uninitialized va_list}} expected-note{{va_arg() is called on an uninitialized va_list}} + va_end(*fst); +} + +void f7(int *fst, ...) { + va_list x; + va_list *y = &x; + va_start(*y,fst); + (void)va_arg(x, int); + va_end(x); +} // no-warning + +void f8(int *fst, ...) { + va_list x; + va_list *y = &x; + va_start(*y,fst); // expected-note{{Initialized va_list}} + va_end(x); // expected-note{{Ended va_list}} + (void)va_arg(*y, int); //expected-warning{{va_arg() is called on an uninitialized va_list}} expected-note{{va_arg() is called on an uninitialized va_list}} +} // no-warning + +// This only contains problems which are handled by varargs.Unterminated. +void reinit(int *fst, ...) { + va_list va; + va_start(va, fst); + va_start(va, fst); + (void)va_arg(va, int); +} // no-warning + +void reinitOk(int *fst, ...) { + va_list va; + va_start(va, fst); + (void)va_arg(va, int); + va_end(va); + va_start(va, fst); + (void)va_arg(va, int); + va_end(va); +} // no-warning + +void reinit3(int *fst, ...) { + va_list va; + va_start(va, fst); // expected-note{{Initialized va_list}} + (void)va_arg(va, int); + va_end(va); // expected-note{{Ended va_list}} + va_start(va, fst); // expected-note{{Initialized va_list}} + (void)va_arg(va, int); + va_end(va); // expected-note{{Ended va_list}} + (void)va_arg(va, int); //expected-warning{{va_arg() is called on an uninitialized va_list}} expected-note{{va_arg() is called on an uninitialized va_list}} +} + +void copyself(int fst, ...) { + va_list va; + va_start(va, fst); // expected-note{{Initialized va_list}} + va_copy(va, va); // expected-warning{{va_list 'va' is copied onto itself}} expected-note{{va_list 'va' is copied onto itself}} + va_end(va); +} // no-warning + +void copyselfUninit(int fst, ...) { + va_list va; + va_copy(va, va); // expected-warning{{va_list 'va' is copied onto itself}} expected-note{{va_list 'va' is copied onto itself}} +} // no-warning + +void copyOverwrite(int fst, ...) { + va_list va, va2; + va_start(va, fst); // expected-note{{Initialized va_list}} + va_copy(va, va2); // expected-warning{{Initialized va_list 'va' is overwritten by an uninitialized one}} expected-note{{Initialized va_list 'va' is overwritten by an uninitialized one}} +} // no-warning + +void copyUnint(int fst, ...) { + va_list va, va2; + va_copy(va, va2); // expected-warning{{Uninitialized va_list is copied}} expected-note{{Uninitialized va_list is copied}} +} + +void g1(int fst, ...) { + va_list va; + va_end(va); // expected-warning{{va_end() is called on an uninitialized va_list}} expected-note{{va_end() is called on an uninitialized va_list}} +} + +void g2(int fst, ...) { + va_list va; + va_start(va, fst); // expected-note{{Initialized va_list}} + va_end(va); // expected-note{{Ended va_list}} + va_end(va); // expected-warning{{va_end() is called on an uninitialized va_list}} expected-note{{va_end() is called on an uninitialized va_list}} +} + +void is_sink(int fst, ...) { + va_list va; + va_end(va); // expected-warning{{va_end() is called on an uninitialized va_list}} expected-note{{va_end() is called on an uninitialized va_list}} + *((volatile int *)0) = 1; //no-warning +} + +// NOTE: this is invalid, as the man page of va_end requires that "Each invocation of va_start() +// must be matched by a corresponding invocation of va_end() in the same function." +void ends_arg(va_list arg) { + va_end(arg); +} //no-warning + +void uses_arg(va_list arg) { + (void)va_arg(arg, int); +} //no-warning + +// This is the same function as the previous one, but it is called in call_uses_arg2(), +// and the warning is generated during the analysis of call_uses_arg2(). +void inlined_uses_arg(va_list arg) { + (void)va_arg(arg, int); //expected-warning{{va_arg() is called on an uninitialized va_list}} expected-note{{va_arg() is called on an uninitialized va_list}} +} + +void call_inlined_uses_arg(int fst, ...) { + va_list va; + inlined_uses_arg(va); // expected-note{{Calling 'inlined_uses_arg'}} +} + +void call_vprintf_ok(int isstring, ...) { + va_list va; + va_start(va, isstring); + vprintf(isstring ? "%s" : "%d", va); + va_end(va); +} //no-warning + +void call_vprintf_bad(int isstring, ...) { + va_list va; + vprintf(isstring ? "%s" : "%d", va); //expected-warning{{Function 'vprintf' is called with an uninitialized va_list argument}} expected-note{{Function 'vprintf' is called with an uninitialized va_list argument}} expected-note{{Assuming 'isstring' is 0}} expected-note{{'?' condition is false}} +} + +void call_vsprintf_bad(char *buffer, ...) { + va_list va; + va_start(va, buffer); // expected-note{{Initialized va_list}} + va_end(va); // expected-note{{Ended va_list}} + vsprintf(buffer, "%s %d %d %lf %03d", va); //expected-warning{{Function 'vsprintf' is called with an uninitialized va_list argument}} expected-note{{Function 'vsprintf' is called with an uninitialized va_list argument}} +} + +void call_some_other_func(int n, ...) { + va_list va; + some_library_function(n, va); +} //no-warning + diff --git a/clang/test/Analysis/valist-unterminated.c b/clang/test/Analysis/valist-unterminated.c new file mode 100644 index 00000000000..63ee992b289 --- /dev/null +++ b/clang/test/Analysis/valist-unterminated.c @@ -0,0 +1,133 @@ +// RUN: %clang_cc1 -triple x86_64-pc-linux-gnu -analyze -analyzer-checker=core,alpha.valist.Unterminated,alpha.valist.CopyToSelf -analyzer-output=text -analyzer-store=region -verify %s + +#include "Inputs/system-header-simulator-for-valist.h" + +void f1(int fst, ...) { + va_list va; + va_start(va, fst); // expected-note{{Initialized va_list}} + return; // expected-warning{{Initialized va_list 'va' is leaked}} expected-note{{Initialized va_list 'va' is leaked}} +} + +void f2(int fst, ...) { + va_list va; + va_start(va, fst); // expected-note{{Initialized va_list}} + va_end(va); // expected-note{{Ended va_list}} + va_start(va, fst); // expected-note{{Initialized va_list}} +} // expected-warning{{Initialized va_list 'va' is leaked}} expected-note{{Initialized va_list 'va' is leaked}}} + +void f3(int fst, ...) { + va_list va, va2; + va_start(va, fst); + va_copy(va2, va); // expected-note{{Initialized va_list}} + va_end(va); // expected-warning{{Initialized va_list 'va2' is leaked}} expected-note{{Initialized va_list 'va2' is leaked}} +} + +void f4(va_list *fst, ...) { + va_start(*fst, fst); // expected-note{{Initialized va_list}} + return; // expected-warning{{Initialized va_list is leaked}} expected-note{{Initialized va_list is leaked}} +} + +void f5(va_list fst, ...) { + va_start(fst, fst); + //FIXME: this should cause a warning +} // no-warning + +void f6(va_list *fst, ...) { + va_start(*fst, fst); // expected-note{{Initialized va_list}} + (void)va_arg(*fst, int); + //FIXME: this should NOT cause a warning + va_end(*fst); // expected-warning{{Initialized va_list is leaked}} expected-note{{Initialized va_list is leaked}} +} + +void f7(int *fst, ...) { + va_list x; + va_list *y = &x; + va_start(*y,fst); // expected-note{{Initialized va_list}} +} // expected-warning{{Initialized va_list 'x' is leaked}} expected-note{{Initialized va_list 'x' is leaked}} + +void f8(int *fst, ...) { + va_list x; + va_list *y = &x; + va_start(*y,fst); + va_end(x); +} // no-warning + +void reinit(int *fst, ...) { + va_list va; + va_start(va, fst); // expected-note{{Initialized va_list}} expected-note{{Initialized va_list}} + va_start(va, fst); // expected-warning{{Initialized va_list 'va' is initialized again}} expected-note{{Initialized va_list 'va' is initialized again}} +} // expected-warning{{Initialized va_list 'va' is leaked}} expected-note{{Initialized va_list 'va' is leaked}} + +void reinitOk(int *fst, ...) { + va_list va; + va_start(va, fst); + va_end(va); + va_start(va, fst); + va_end(va); +} // no-warning + +void copyself(int fst, ...) { + va_list va; + va_start(va, fst); // expected-note{{Initialized va_list}} + va_copy(va, va); // expected-warning{{va_list 'va' is copied onto itself}} expected-note{{va_list 'va' is copied onto itself}} + va_end(va); +} // no-warning + +void copyselfUninit(int fst, ...) { + va_list va; + va_copy(va, va); // expected-warning{{va_list 'va' is copied onto itself}} expected-note{{va_list 'va' is copied onto itself}} +} // no-warning + +void copyOverwrite(int fst, ...) { + va_list va, va2; + va_start(va, fst); // expected-note{{Initialized va_list}} + va_copy(va, va2); // expected-warning{{Initialized va_list 'va' is overwritten by an uninitialized one}} expected-note{{Initialized va_list 'va' is overwritten by an uninitialized one}} +} // no-warning + +//This only generates a warning for the valist.Uninitialized checker +void copyUnint(int fst, ...) { + va_list va, va2; + va_copy(va, va2); +} // no-warning + +void recopy(int fst, ...) { + va_list va, va2; + va_start(va, fst); + va_copy(va2, va); // expected-note{{Initialized va_list}} + va_copy(va2, va); // expected-warning{{Initialized va_list 'va2' is initialized again}} expected-note{{Initialized va_list 'va2' is initialized again}} + va_end(va); + va_end(va2); +} //no-warning + +void doublemsg(int fst, ...) { + va_list va, va2; + va_start(va, fst), va_start(va2, fst); // expected-warning{{Initialized va_list 'va' is leaked}} expected-warning{{Initialized va_list 'va2' is leaked}} expected-note{{Initialized va_list}} expected-note{{Initialized va_list}} expected-note{{Initialized va_list}} expected-note{{Initialized va_list 'va' is leaked}} +} + +void in_array(int fst, ...) { + va_list va_array[8]; + va_start(va_array[3], fst); // expected-note{{Initialized va_list}} +} // expected-warning{{Initialized va_list 'va_array[3]' is leaked}} expected-note{{Initialized va_list 'va_array[3]' is leaked}} + +struct containing_a_valist { + va_list vafield; + int foobar; +}; + +void in_struct(int fst, ...) { + struct containing_a_valist s; + va_start(s.vafield, fst); // expected-note{{Initialized va_list}} +} // expected-warning{{Initialized va_list 's.vafield' is leaked}} expected-note{{Initialized va_list 's.vafield' is leaked}} + +void casting(int fst, ...) { + char mem[sizeof(va_list)]; + va_start(*(va_list *) mem, fst); // expected-note{{Initialized va_list}} +} // expected-warning{{Initialized va_list 'mem[0]' is leaked}} expected-note{{Initialized va_list 'mem[0]' is leaked}} + + +void castingOk(int fst, ...) { + char mem[sizeof(va_list)]; + va_start(*(va_list *) mem, fst); + va_end(*(va_list *) mem); +} // no-warning + |
