C++程序  |  403行  |  9.09 KB

// RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.Malloc,debug.ExprInspection -analyzer-config ipa=inlining -verify %s

void clang_analyzer_eval(bool);
void clang_analyzer_checkInlined(bool);

typedef __typeof__(sizeof(int)) size_t;
extern "C" void *malloc(size_t);

// This is the standard placement new.
inline void* operator new(size_t, void* __p) throw()
{
  return __p;
}


class A {
public:
  int getZero() { return 0; }
  virtual int getNum() { return 0; }
};

void test(A &a) {
  clang_analyzer_eval(a.getZero() == 0); // expected-warning{{TRUE}}
  clang_analyzer_eval(a.getNum() == 0); // expected-warning{{UNKNOWN}}

  A copy(a);
  clang_analyzer_eval(copy.getZero() == 0); // expected-warning{{TRUE}}
  clang_analyzer_eval(copy.getNum() == 0); // expected-warning{{TRUE}}
}


class One : public A {
public:
  virtual int getNum() { return 1; }
};

void testPathSensitivity(int x) {
  A a;
  One b;

  A *ptr;
  switch (x) {
  case 0:
    ptr = &a;
    break;
  case 1:
    ptr = &b;
    break;
  default:
    return;
  }

  // This should be true on both branches.
  clang_analyzer_eval(ptr->getNum() == x); // expected-warning {{TRUE}}
}


namespace PureVirtualParent {
  class Parent {
  public:
    virtual int pureVirtual() const = 0;
    int callVirtual() const {
      return pureVirtual();
    }
  };

  class Child : public Parent {
  public:
    virtual int pureVirtual() const {
      clang_analyzer_checkInlined(true); // expected-warning{{TRUE}}
      return 42;
    }
  };

  void testVirtual() {
    Child x;

    clang_analyzer_eval(x.pureVirtual() == 42); // expected-warning{{TRUE}}
    clang_analyzer_eval(x.callVirtual() == 42); // expected-warning{{TRUE}}
  }
}


namespace PR13569 {
  class Parent {
  protected:
    int m_parent;
    virtual int impl() const = 0;

    Parent() : m_parent(0) {}

  public:
    int interface() const {
      clang_analyzer_checkInlined(true); // expected-warning{{TRUE}}
      return impl();
    }
  };

  class Child : public Parent {
  protected:
    virtual int impl() const {
      clang_analyzer_checkInlined(true); // expected-warning{{TRUE}}
      return m_parent + m_child;
    }

  public:
    Child() : m_child(0) {}

    int m_child;
  };

  void testVirtual() {
    Child x;
    x.m_child = 42;

    // Don't crash when inlining and devirtualizing.
    x.interface();
  }


  class Grandchild : public Child {};

  void testDevirtualizeToMiddle() {
    Grandchild x;
    x.m_child = 42;

    // Don't crash when inlining and devirtualizing.
    x.interface();
  }
}

namespace PR13569_virtual {
  class Parent {
  protected:
    int m_parent;
    virtual int impl() const = 0;

    Parent() : m_parent(0) {}

  public:
    int interface() const {
      clang_analyzer_checkInlined(true); // expected-warning{{TRUE}}
      return impl();
    }
  };

  class Child : virtual public Parent {
  protected:
    virtual int impl() const {
      clang_analyzer_checkInlined(true); // expected-warning{{TRUE}}
      return m_parent + m_child;
    }

  public:
    Child() : m_child(0) {}

    int m_child;
  };

  void testVirtual() {
    Child x;
    x.m_child = 42;

    // Don't crash when inlining and devirtualizing.
    x.interface();
  }


  class Grandchild : virtual public Child {};

  void testDevirtualizeToMiddle() {
    Grandchild x;
    x.m_child = 42;

    // Don't crash when inlining and devirtualizing.
    x.interface();
  }
}

namespace Invalidation {
  struct X {
    void touch(int &x) const {
      x = 0;
    }

    void touch2(int &x) const;

    virtual void touchV(int &x) const {
      x = 0;
    }

    virtual void touchV2(int &x) const;

    int test() const {
      // We were accidentally not invalidating under inlining
      // at one point for virtual methods with visible definitions.
      int a, b, c, d;
      touch(a);
      touch2(b);
      touchV(c);
      touchV2(d);
      return a + b + c + d; // no-warning
    }
  };
}

namespace DefaultArgs {
  int takesDefaultArgs(int i = 42) {
    return -i;
  }

  void testFunction() {
    clang_analyzer_eval(takesDefaultArgs(1) == -1); // expected-warning{{TRUE}}
    clang_analyzer_eval(takesDefaultArgs() == -42); // expected-warning{{TRUE}}
  }

  class Secret {
  public:
    static const int value = 40 + 2;
    int get(int i = value) {
      return i;
    }
  };

  void testMethod() {
    Secret obj;
    clang_analyzer_eval(obj.get(1) == 1); // expected-warning{{TRUE}}
    clang_analyzer_eval(obj.get() == 42); // expected-warning{{TRUE}}
    clang_analyzer_eval(Secret::value == 42); // expected-warning{{TRUE}}
  }

  enum ABC {
    A = 0,
    B = 1,
    C = 2
  };

  int enumUser(ABC input = B) {
    return static_cast<int>(input);
  }

  void testEnum() {
    clang_analyzer_eval(enumUser(C) == 2); // expected-warning{{TRUE}}
    clang_analyzer_eval(enumUser() == 1); // expected-warning{{TRUE}}
  }


  int exprUser(int input = 2 * 4) {
    return input;
  }

  int complicatedExprUser(int input = 2 * Secret::value) {
    return input;
  }

  void testExprs() {
    clang_analyzer_eval(exprUser(1) == 1); // expected-warning{{TRUE}}
    clang_analyzer_eval(exprUser() == 8); // expected-warning{{TRUE}}

    clang_analyzer_eval(complicatedExprUser(1) == 1); // expected-warning{{TRUE}}
    clang_analyzer_eval(complicatedExprUser() == 84); // expected-warning{{TRUE}}
  }

  int defaultReference(const int &input = 42) {
    return input;
  }

  void testReference() {
    clang_analyzer_eval(defaultReference(1) == 1); // expected-warning{{TRUE}}
    clang_analyzer_eval(defaultReference() == 42); // expected-warning{{TRUE}}
  }
}

namespace OperatorNew {
  class IntWrapper {
  public:
    int value;

    IntWrapper(int input) : value(input) {
      // We don't want this constructor to be inlined unless we can actually
      // use the proper region for operator new.
      // See PR12014 and <rdar://problem/12180598>.
      clang_analyzer_checkInlined(false); // no-warning
    }
  };

  void test() {
    IntWrapper *obj = new IntWrapper(42);
    // should be TRUE
    clang_analyzer_eval(obj->value == 42); // expected-warning{{UNKNOWN}}
  }

  void testPlacement() {
    IntWrapper *obj = static_cast<IntWrapper *>(malloc(sizeof(IntWrapper)));
    IntWrapper *alias = new (obj) IntWrapper(42);

    clang_analyzer_eval(alias == obj); // expected-warning{{TRUE}}

    // should be TRUE
    clang_analyzer_eval(obj->value == 42); // expected-warning{{UNKNOWN}}
  }
}


namespace VirtualWithSisterCasts {
  // This entire set of tests exercises casts from sister classes and
  // from classes outside the hierarchy, which can very much confuse
  // code that uses DynamicTypeInfo or needs to construct CXXBaseObjectRegions.
  // These examples used to cause crashes in +Asserts builds.
  struct Parent {
    virtual int foo();
    int x;
  };

  struct A : Parent {
    virtual int foo() { return 42; }
  };

  struct B : Parent {
    virtual int foo();
  };

  struct Grandchild : public A {};

  struct Unrelated {};

  void testDowncast(Parent *b) {
    A *a = (A *)(void *)b;
    clang_analyzer_eval(a->foo() == 42); // expected-warning{{UNKNOWN}}

    a->x = 42;
    clang_analyzer_eval(a->x == 42); // expected-warning{{TRUE}}
  }

  void testRelated(B *b) {
    A *a = (A *)(void *)b;
    clang_analyzer_eval(a->foo() == 42); // expected-warning{{UNKNOWN}}

    a->x = 42;
    clang_analyzer_eval(a->x == 42); // expected-warning{{TRUE}}
  }

  void testUnrelated(Unrelated *b) {
    A *a = (A *)(void *)b;
    clang_analyzer_eval(a->foo() == 42); // expected-warning{{UNKNOWN}}

    a->x = 42;
    clang_analyzer_eval(a->x == 42); // expected-warning{{TRUE}}
  }

  void testCastViaNew(B *b) {
    Grandchild *g = new (b) Grandchild();
    // FIXME: We actually now have perfect type info because of 'new'.
    // This should be TRUE.
    clang_analyzer_eval(g->foo() == 42); // expected-warning{{UNKNOWN}}

    g->x = 42;
    clang_analyzer_eval(g->x == 42); // expected-warning{{TRUE}}
  }
}


namespace QualifiedCalls {
  void test(One *object) {
    // This uses the One class from the top of the file.
    clang_analyzer_eval(object->getNum() == 1); // expected-warning{{UNKNOWN}}
    clang_analyzer_eval(object->One::getNum() == 1); // expected-warning{{TRUE}}
    clang_analyzer_eval(object->A::getNum() == 0); // expected-warning{{TRUE}}

    // getZero is non-virtual.
    clang_analyzer_eval(object->getZero() == 0); // expected-warning{{TRUE}}
    clang_analyzer_eval(object->One::getZero() == 0); // expected-warning{{TRUE}}
    clang_analyzer_eval(object->A::getZero() == 0); // expected-warning{{TRUE}}
}
}


namespace rdar12409977  {
  struct Base {
    int x;
  };

  struct Parent : public Base {
    virtual Parent *vGetThis();
    Parent *getThis() { return vGetThis(); }
  };

  struct Child : public Parent {
    virtual Child *vGetThis() { return this; }
  };

  void test() {
    Child obj;
    obj.x = 42;

    // Originally, calling a devirtualized method with a covariant return type
    // caused a crash because the return value had the wrong type. When we then
    // go to layer a CXXBaseObjectRegion on it, the base isn't a direct base of
    // the object region and we get an assertion failure.
    clang_analyzer_eval(obj.getThis()->x == 42); // expected-warning{{TRUE}}
  }
}