path-notes.m
6.02 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
// RUN: %clang_analyze_cc1 -analyzer-checker=core,osx.cocoa.NilArg,osx.cocoa.RetainCount -analyzer-output=text -analyzer-config suppress-null-return-paths=false -fblocks -verify %s
// RUN: %clang_analyze_cc1 -analyzer-checker=core,osx.cocoa.NilArg,osx.cocoa.RetainCount -analyzer-output=plist-multi-file -analyzer-config suppress-null-return-paths=false -fblocks %s -o %t.plist
// RUN: %normalize_plist <%t.plist | diff -ub %S/Inputs/expected-plists/path-notes.m.plist -
typedef struct dispatch_queue_s *dispatch_queue_t;
typedef void (^dispatch_block_t)(void);
void dispatch_sync(dispatch_queue_t, dispatch_block_t);
typedef long dispatch_once_t;
// Note: The real dispatch_once has all parameters marked nonnull.
// We don't do that here so that we can trigger a null dereference inside
// the synthesized body.
void dispatch_once(dispatch_once_t *predicate, dispatch_block_t block);
@interface Test
@property int *p;
@end
typedef unsigned long NSUInteger;
typedef signed char BOOL;
typedef struct _NSZone NSZone;
@class NSInvocation, NSMethodSignature, NSCoder, NSString, NSEnumerator;
@protocol NSObject
@end
@protocol NSCopying
- (id)copyWithZone:(NSZone *)zone;
@end
@protocol NSMutableCopying
- (id)mutableCopyWithZone:(NSZone *)zone;
@end
@protocol NSCoding
- (void)encodeWithCoder:(NSCoder *)aCoder;
@end
@protocol NSFastEnumeration
@end
@protocol NSSecureCoding <NSCoding>
@required
+ (BOOL)supportsSecureCoding;
@end
@interface NSObject <NSObject> {}
- (id)init;
+ (id)alloc;
- (id)autorelease;
@end
@interface NSArray : NSObject <NSCopying, NSMutableCopying, NSSecureCoding, NSFastEnumeration>
- (NSUInteger)count;
- (id)objectAtIndex:(NSUInteger)index;
@end
@interface NSArray (NSExtendedArray)
- (NSArray *)arrayByAddingObject:(id)anObject;
- (void)setObject:(id)obj atIndexedSubscript:(NSUInteger)idx __attribute__((availability(macosx,introduced=10.8)));
@end
@interface NSArray (NSArrayCreation)
+ (instancetype)arrayWithObjects:(const id [])objects count:(NSUInteger)cnt;
@end
@interface NSMutableArray : NSArray
- (void)addObject:(id)anObject;
- (void)insertObject:(id)anObject atIndex:(NSUInteger)index;
- (void)removeLastObject;
- (void)removeObjectAtIndex:(NSUInteger)index;
- (void)replaceObjectAtIndex:(NSUInteger)index withObject:(id)anObject;
@end
int *getZeroIfNil(Test *x) {
return x.p;
// expected-note@-1 {{'p' not called because the receiver is nil}}
// expected-note@-2 {{Returning null pointer}}
}
void testReturnZeroIfNil() {
*getZeroIfNil(0) = 1; // expected-warning{{Dereference of null pointer}}
// expected-note@-1 {{Calling 'getZeroIfNil'}}
// expected-note@-2 {{Passing nil object reference via 1st parameter 'x'}}
// expected-note@-3 {{Returning from 'getZeroIfNil'}}
// expected-note@-4 {{Dereference of null pointer}}
}
int testDispatchSyncInlining() {
extern dispatch_queue_t globalQueue;
__block int x;
// expected-note@+2 {{Calling 'dispatch_sync'}}
// expected-note@+1 {{Returning from 'dispatch_sync'}}
dispatch_sync(globalQueue, ^{
// expected-note@-1 {{Calling anonymous block}}
// expected-note@-2 {{Returning to caller}}
x = 0;
// expected-note@-1 {{The value 0 is assigned to 'x'}}
});
return 1 / x; // expected-warning{{Division by zero}}
// expected-note@-1 {{Division by zero}}
}
int testDispatchSyncInliningNoPruning(int coin) {
// This tests exactly the same case as above, except on a bug report where
// path pruning is disabled (an uninitialized variable capture).
// In this case
extern dispatch_queue_t globalQueue;
__block int y;
// expected-note@+1 {{Calling 'dispatch_sync'}}
dispatch_sync(globalQueue, ^{
// expected-note@-1 {{Calling anonymous block}}
int x;
// expected-note@-1 {{'x' declared without an initial value}}
^{ y = x; }(); // expected-warning{{Variable 'x' is uninitialized when captured by block}}
// expected-note@-1 {{'x' is uninitialized when captured by block}}
});
return y;
}
@interface PointerWrapper
- (int *)getPtr;
@end
id getNil() {
return 0;
}
void testNilReceiverHelper(int *x) {
*x = 1; // expected-warning {{Dereference of null pointer}}
// expected-note@-1 {{Dereference of null pointer (loaded from variable 'x')}}
}
void testNilReceiver(id *x, id *y, id *z) {
// FIXME: Should say "Assuming pointer value is null" instead.
// For some reason we're displaying different notes for
// tracked and untracked pointers.
if (*y) {} // expected-note {{Assuming the condition is false}}
// expected-note@-1 {{Taking false branch}}
if (*x) { // expected-note {{Assuming pointer value is null}}
// expected-note@-1 {{Taking false branch}}
return;
}
// FIXME: Should say "Assuming pointer value is null" instead.
if (*z) {} // expected-note {{Assuming the condition is false}}
// expected-note@-1 {{Taking false branch}}
testNilReceiverHelper([*x getPtr]);
// expected-note@-1 {{'getPtr' not called because the receiver is nil}}
// expected-note@-2 {{Passing null pointer value via 1st parameter 'x'}}
// expected-note@-3 {{Calling 'testNilReceiverHelper'}}
}
id testCreateArrayLiteral(id myNil) {
if (myNil) // expected-note {{Assuming 'myNil' is nil}}
; // expected-note@-1 {{Taking false branch}}
return @[ @"a", myNil, @"c" ]; // expected-warning {{Array element cannot be nil}}
//expected-note@-1 {{Array element cannot be nil}}
}
// <rdar://problem/14611722>
id testAutoreleaseTakesEffectInDispatch() {
static dispatch_once_t token = 0;
dispatch_once(&token, ^{});
id x = [[[[NSObject alloc] init] autorelease] autorelease];
// expected-note@-1 {{Method returns an instance of NSObject with a +1 retain count}}
// expected-note@-2 {{Object autoreleased}}
// expected-note@-3 {{Object autoreleased}}
dispatch_once(&token, ^{}); // don't crash, don't warn here
return x; // expected-warning{{Object autoreleased too many times}}
// expected-note@-1 {{Object was autoreleased 2 times but the object has a +0 retain count}}
}
void testNullDereferenceInDispatch() {
dispatch_once(0, ^{}); // no-warning, don't crash
}