================
@@ -0,0 +1,62 @@
+// RUN: %clang_analyze_cc1 %s \
+// RUN: -analyzer-checker=core \
+// RUN: -analyzer-checker=unix.StdCLibraryFunctions \
+// RUN: -analyzer-checker=debug.ExprInspection \
+// RUN: -triple x86_64-unknown-linux-gnu \
+// RUN: -verify
+
+#include "Inputs/std-c-library-functions-POSIX.h"
+#define NULL ((void*)0)
+
+void clang_analyzer_eval(int);
+void clang_analyzer_warnIfReached();
+
+
+// An opaque function that returns a symbolic pointer in unknown space.
+int *opaque_function(int *p);
+
+void test_simple(void) {
+ // Validate that the analyzer doesn't rule out the equality (or disequality)
+ // of a pointer to the stack (&x) and a symbolic pointer in unknown space.
+ // Previously the analyzer incorrectly assumed that stack pointers cannot be
+ // equal to symbolic pointers, which is obviously nonsense. It is true that
+ // functions cannot validly return pointers to _their own stack frame_, but
+ // they can easily return a pointer to some other stack frame (e.g. in this
+ // example 'opaque_function' could return its argument).
+ int x = 0;
+ if (&x == opaque_function(&x)) {
+ clang_analyzer_warnIfReached(); // expected-warning {{REACHABLE}}
+ } else {
+ clang_analyzer_warnIfReached(); // expected-warning {{REACHABLE}}
+ }
+}
+
+void test_local_not_leaked(void) {
+ // In this situation a very smart analyzer could theoretically deduce that
+ // the address of the local 'x' cannot leak from this function, so the
+ // call to 'opaque_function' cannot return it.
+ int x = 0;
+ if (&x == opaque_function(NULL)) {
+ // This branch is practically unreachable; however, we cannot fault the
----------------
steakhal wrote:
How about using "blame" instead of "fault"?
https://github.com/llvm/llvm-project/pull/187080
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
