Add more tests

nuudlman · nuudlman · commit da728236d025 · 2025-02-07T09:40:06.000-06:00
diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp b/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
@@ -583,18 +583,22 @@ void ExprEngine::threadBifurcate(CallEvent const &Call, Decl const *D,
     StartRoutine->getType(),
     VK_LValue);
 
+  auto *null_expr = new (SRR->getContext()) CXXNullPtrLiteralExpr(QualType(), SourceLocation());
+
   CallExpr *srcall = CallExpr::Create(
     SRR->getContext(),
     srexpr,
-    {const_cast<Expr*>(SRInit)},
+    {const_cast<Expr*>(SRInit)  /*null_expr*/},
     StartRoutine->getType(),
     VK_LValue,
 SourceLocation(),
 FPOptionsOverride());
 
+  // TODO: bind the arguments?
   auto call = CEMgr.getSimpleCall(srcall, State, LC, getCFGElementRef());
 
   inlineCall(Engine.getWorkList(), *call, StartRoutine, Bldr, Pred, State);
+  conservativeEvalCall(*call, Bldr, Pred, State);
 }
 #pragma clang optimize on
 
diff --git a/clang/test/Analysis/SD-tests/thread-modeling-inline.c b/clang/test/Analysis/SD-tests/thread-modeling-inline.c
@@ -16,26 +16,18 @@ int pthread_create(pthread_t *thread, const pthread_attr_t *attr, void *(*start_
 
 int pthread_join(pthread_t thread, void **retval);
 
-void clang_analyzer_checkInlined(enum bool);
+void clang_analyzer_checkInlined(int);
 
 void* thread_function(void* arg){
 	// should expect to fail the test at this line if you set the checkInlined to true
 	clang_analyzer_checkInlined(true);		// expected-warning{{TRUE}}
 	return NULL;
 }
 
-int foo_no_pthread(void)
+int ok()
 {
-	// should expect to pass at this line
-	clang_analyzer_checkInlined(true);		// expected-warning{{TRUE}}
-	return 0;
-}
-
-int main(){
 	pthread_t p1;
 	pthread_create(&p1, NULL, &thread_function, NULL);
-	pthread_join(p1, NULL);
-	foo_no_pthread();
-	return 1;
+	return 0;
 }
 
diff --git a/clang/test/Analysis/SD-tests/thread-modeling-inline2.c b/clang/test/Analysis/SD-tests/thread-modeling-inline2.c
@@ -0,0 +1,40 @@
+// RUN: %clang_analyze_cc1 -Wno-strict-prototypes -Wno-error=implicit-int -verify  %s \
+// RUN:   -analyzer-checker=debug.ExprInspection
+
+#define NULL ((void*) 0)
+enum bool {
+	false,
+	true
+};
+
+
+typedef unsigned long int pthread_t;
+typedef struct __pthread_attr pthread_attr_t;
+
+int pthread_create(pthread_t *thread, const pthread_attr_t *attr, void *(*start_routine)(void *), void *arg);
+
+
+int pthread_join(pthread_t thread, void **retval);
+
+void clang_analyzer_checkInlined(int);
+
+void* thread_function1(void* arg){
+	// should expect to fail the test at this line if you set the checkInlined to true
+	clang_analyzer_checkInlined(true);		// expected-warning{{TRUE}}
+	return NULL;
+}
+
+void* thread_function2(void* arg){
+  // should expect to fail the test at this line if you set the checkInlined to true
+  clang_analyzer_checkInlined(true);		// expected-warning{{TRUE}}
+  return NULL;
+}
+
+int ok()
+{
+	pthread_t p1, p2;
+	pthread_create(&p1, NULL, &thread_function1, NULL);
+	pthread_create(&p2, NULL, &thread_function2, NULL);
+	return 0;
+}
+
diff --git a/clang/test/Analysis/SD-tests/thread-modeling-leak.c b/clang/test/Analysis/SD-tests/thread-modeling-leak.c
@@ -0,0 +1,81 @@
+// RUN: %clang_analyze_cc1 -Wno-strict-prototypes -Wno-error=implicit-int -verify %s \
+// RUN:   -analyzer-checker=core \
+// RUN:   -analyzer-checker=unix \
+// RUN:   -analyzer-checker=debug.ExprInspection
+
+#define NULL ((void*) 0)
+
+enum bool {
+  false,
+  true
+};
+
+typedef struct __pthread_attr pthread_attr_t;
+
+typedef __typeof(sizeof(int)) size_t;
+
+void free (void* ptr);
+
+void *malloc(size_t sz);
+
+void clang_analyzer_checkInlined(int);
+void clang_analyzer_warnIfReached();
+void clang_analyzer_printState();
+
+typedef unsigned long int pthread_t;
+
+
+int pthread_create(pthread_t *restrict thread,
+       const pthread_attr_t *restrict attr,
+       void *(*start_routine)(void*), void *restrict arg);
+
+
+int pthread_join(pthread_t thread, void **retval);
+
+
+void *worker(void *);
+int foo(void);
+
+void *worker(void *data)
+
+{
+  clang_analyzer_checkInlined(true);		// expected-warning{{TRUE}}
+//  clang_analyzer_printState();
+
+  int *pdata = (int *)data;
+//  switch (*pdata) {
+//  case 0:
+//  case 2:
+//      free(data);
+//      break;
+//  default:
+//      break;
+//  }
+
+  return NULL;
+}
+
+
+
+int foo(void)
+{
+  pthread_t th1, th2;
+
+  int *pdata1 = (int *)malloc(sizeof(int));
+//  int *pdata2 = (int *)malloc(sizeof(int));
+
+
+  *pdata1 = 0;
+//  *pdata2 = 1;
+
+//  clang_analyzer_printState();
+  pthread_create(&th1, NULL, worker, pdata1);
+//  pthread_create(&th2, NULL, worker, pdata2);
+
+//
+//  pthread_join(th1, NULL);
+//  pthread_join(th2, NULL);
+
+  return 0; // expected-warning {{Potential leak of memory pointed to by 'pdata1'}}
+}
+
diff --git a/clang/test/Analysis/SD-tests/thread-modeling-null-deref.c b/clang/test/Analysis/SD-tests/thread-modeling-null-deref.c
@@ -0,0 +1,46 @@
+// RUN: %clang_analyze_cc1 -Wno-strict-prototypes -Wno-error=implicit-int -verify  %s \
+// RUN:   -analyzer-checker=core \
+// RUN:   -analyzer-checker=debug.ExprInspection
+
+#define NULL ((void*) 0)
+enum bool {
+	false,
+	true
+};
+
+
+typedef unsigned long int pthread_t;
+typedef struct __pthread_attr pthread_attr_t;
+
+int pthread_create(pthread_t *thread, const pthread_attr_t *attr, void *(*start_routine)(void *), void *arg);
+
+int pthread_join(pthread_t thread, void **retval);
+
+void clang_analyzer_checkInlined(int);
+
+void* thread_function(void* arg)
+{
+	// should expect to fail the test at this line if you set the checkInlined to true
+	clang_analyzer_checkInlined(true);		// expected-warning{{TRUE}}
+        int i = *(int*)arg; // expected-warning{{Dereference of null pointer}}
+	return NULL;
+}
+//
+//int fine()
+//{
+//        int i = 1;
+//	pthread_t p1;
+//	pthread_create(&p1, NULL, &thread_function, &i);
+////	pthread_join(p1, NULL);
+//	return 0;
+//}
+
+int bad()
+{
+  int i = 1;
+  pthread_t p1;
+  pthread_create(&p1, NULL, &thread_function, NULL);
+  //	pthread_join(p1, NULL);
+  return 0;
+}
+
diff --git a/clang/test/Analysis/SD-tests/thread-modeling-null-deref2.c b/clang/test/Analysis/SD-tests/thread-modeling-null-deref2.c
@@ -0,0 +1,43 @@
+// RUN: %clang_analyze_cc1 -Wno-strict-prototypes -Wno-error=implicit-int -verify  %s \
+// RUN:   -analyzer-checker=core \
+// RUN:   -analyzer-checker=debug.ExprInspection
+
+#define NULL ((void*) 0)
+enum bool {
+	false,
+	true
+};
+
+
+typedef unsigned long int pthread_t;
+typedef struct __pthread_attr pthread_attr_t;
+
+int pthread_create(pthread_t *thread, const pthread_attr_t *attr, void *(*start_routine)(void *), void *arg);
+
+
+int pthread_join(pthread_t thread, void **retval);
+
+void clang_analyzer_checkInlined(int);
+
+void* thread_function1(void* arg){
+	// should expect to fail the test at this line if you set the checkInlined to true
+	clang_analyzer_checkInlined(true);		// expected-warning{{TRUE}}
+        int i = *(int *)arg; // expected-warning{{Dereference of null pointer}}
+	return NULL;
+}
+
+void* thread_function2(void* arg){
+  // should expect to fail the test at this line if you set the checkInlined to true
+  clang_analyzer_checkInlined(true);		// expected-warning{{TRUE}}
+  int i = *(int *)arg; // expected-warning{{Dereference of null pointer}}
+  return NULL;
+}
+
+int ok()
+{
+	pthread_t p1, p2;
+	pthread_create(&p1, NULL, &thread_function1, NULL);
+	pthread_create(&p2, NULL, &thread_function2, NULL);
+	return 0;
+}
+
