Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / clang / 4b662a5684d41ea4ff6b52711929e00fefb00db1 / . / test / Analysis / array-struct.c
blob: 3e46a0a62235f148da1629618becb290d1f780ed [file] [log] [blame]
Ted Kremenek565e4652010-02-05 02:06:54 +0000[diff] [blame]1// RUN: %clang_cc1 -analyze -analyzer-experimental-internal-checks -analyzer-check-objc-mem -analyzer-store=basic -analyzer-constraints=basic -verify %s
2// RUN: %clang_cc1 -analyze -analyzer-experimental-internal-checks -analyzer-check-objc-mem -analyzer-store=basic -analyzer-constraints=range -verify %s
3// RUN: %clang_cc1 -analyze -analyzer-experimental-internal-checks -analyzer-check-objc-mem -analyzer-store=region -analyzer-constraints=basic -verify %s
4// RUN: %clang_cc1 -analyze -analyzer-experimental-internal-checks -analyzer-check-objc-mem -analyzer-store=region -analyzer-constraints=range -verify %s
Zhongxing Xuef8b28e2008-10-17 05:19:52 +0000[diff] [blame]5
Zhongxing Xu72e16822008-10-24 08:51:58 +0000[diff] [blame]6struct s {
7 int data;
8 int data_array[10];
9};
Zhongxing Xuef8b28e2008-10-17 05:19:52 +0000[diff] [blame]10
Zhongxing Xu234a7d22008-10-27 09:19:25 +0000[diff] [blame]11typedef struct {
12 int data;
13} STYPE;
14
Zhongxing Xu91844122009-05-20 09:18:48 +0000[diff] [blame]15void g(char *p);
Zhongxing Xu04b90bc2008-11-02 13:17:44 +0000[diff] [blame]16void g1(struct s* p);
17
Zhongxing Xu661fc392008-11-25 01:45:11 +0000[diff] [blame]18// Array to pointer conversion. Array in the struct field.
Zhongxing Xuef8b28e2008-10-17 05:19:52 +0000[diff] [blame]19void f(void) {
20 int a[10];
21 int (*p)[10];
22 p = &a;
23 (*p)[3] = 1;
24
25 struct s d;
26 struct s *q;
27 q = &d;
Zhongxing Xu72e16822008-10-24 08:51:58 +0000[diff] [blame]28 q->data = 3;
29 d.data_array[9] = 17;
Zhongxing Xuef8b28e2008-10-17 05:19:52 +0000[diff] [blame]30}
Zhongxing Xu2e971202008-10-25 14:11:23 +0000[diff] [blame]31
Zhongxing Xu661fc392008-11-25 01:45:11 +0000[diff] [blame]32// StringLiteral in lvalue context and pointer to array type.
33// p: ElementRegion, q: StringRegion
Zhongxing Xu2e971202008-10-25 14:11:23 +0000[diff] [blame]34void f2() {
35 char *p = "/usr/local";
36 char (*q)[4];
37 q = &"abc";
38}
Zhongxing Xu234a7d22008-10-27 09:19:25 +0000[diff] [blame]39
Zhongxing Xu661fc392008-11-25 01:45:11 +0000[diff] [blame]40// Typedef'ed struct definition.
Zhongxing Xu234a7d22008-10-27 09:19:25 +0000[diff] [blame]41void f3() {
42 STYPE s;
43}
Zhongxing Xudf2aa1e2008-10-31 10:23:14 +0000[diff] [blame]44
Zhongxing Xu661fc392008-11-25 01:45:11 +0000[diff] [blame]45// Initialize array with InitExprList.
Zhongxing Xudf2aa1e2008-10-31 10:23:14 +0000[diff] [blame]46void f4() {
47 int a[] = { 1, 2, 3};
48 int b[3] = { 1, 2 };
Zhongxing Xub61f49c2009-01-23 10:23:13 +0000[diff] [blame]49 struct s c[] = {{1,{1}}};
Zhongxing Xudf2aa1e2008-10-31 10:23:14 +0000[diff] [blame]50}
Zhongxing Xu04b90bc2008-11-02 13:17:44 +0000[diff] [blame]51
Zhongxing Xu661fc392008-11-25 01:45:11 +0000[diff] [blame]52// Struct variable in lvalue context.
Zhongxing Xu5834ed62009-01-13 01:49:57 +0000[diff] [blame]53// Assign UnknownVal to the whole struct.
Zhongxing Xu04b90bc2008-11-02 13:17:44 +0000[diff] [blame]54void f5() {
55 struct s data;
56 g1(&data);
57}
Zhongxing Xub6701332008-11-13 07:59:15 +0000[diff] [blame]58
Zhongxing Xu661fc392008-11-25 01:45:11 +0000[diff] [blame]59// AllocaRegion test.
Zhongxing Xub6701332008-11-13 07:59:15 +0000[diff] [blame]60void f6() {
61 char *p;
62 p = __builtin_alloca(10);
Zhongxing Xu91844122009-05-20 09:18:48 +0000[diff] [blame]63 g(p);
64 char c = *p;
Zhongxing Xub6701332008-11-13 07:59:15 +0000[diff] [blame]65 p[1] = 'a';
Zhongxing Xu2acc3992009-05-20 09:03:10 +0000[diff] [blame]66 // Test if RegionStore::EvalBinOp converts the alloca region to element
67 // region.
Zhongxing Xu262fd032009-05-20 09:00:16 +0000[diff] [blame]68 p += 2;
Zhongxing Xub6701332008-11-13 07:59:15 +0000[diff] [blame]69}
Zhongxing Xufb75b252008-11-13 08:44:52 +0000[diff] [blame]70
71struct s2;
72
73void g2(struct s2 *p);
74
Zhongxing Xu661fc392008-11-25 01:45:11 +0000[diff] [blame]75// Incomplete struct pointer used as function argument.
Zhongxing Xufb75b252008-11-13 08:44:52 +0000[diff] [blame]76void f7() {
77 struct s2 *p = __builtin_alloca(10);
78 g2(p);
79}
Zhongxing Xu26134a12008-11-13 09:20:05 +0000[diff] [blame]80
Zhongxing Xu661fc392008-11-25 01:45:11 +0000[diff] [blame]81// sizeof() is unsigned while -1 is signed in array index.
Zhongxing Xu26134a12008-11-13 09:20:05 +0000[diff] [blame]82void f8() {
83 int a[10];
Zhongxing Xu33d7cbf2008-11-24 23:45:56 +0000[diff] [blame]84 a[sizeof(a)/sizeof(int) - 1] = 1; // no-warning
Zhongxing Xu26134a12008-11-13 09:20:05 +0000[diff] [blame]85}
Zhongxing Xu617ff312008-11-18 13:30:46 +0000[diff] [blame]86
Zhongxing Xu661fc392008-11-25 01:45:11 +0000[diff] [blame]87// Initialization of struct array elements.
Zhongxing Xu617ff312008-11-18 13:30:46 +0000[diff] [blame]88void f9() {
89 struct s a[10];
90}
Zhongxing Xu27cae9e2008-11-30 05:51:19 +0000[diff] [blame]91
92// Initializing array with string literal.
93void f10() {
94 char a1[4] = "abc";
Zhongxing Xu27cae9e2008-11-30 05:51:19 +0000[diff] [blame]95 char a3[6] = "abc";
96}
Zhongxing Xu562c4d92009-01-23 11:22:12 +0000[diff] [blame]97
98// Retrieve the default value of element/field region.
99void f11() {
100 struct s a;
Zhongxing Xu91844122009-05-20 09:18:48 +0000[diff] [blame]101 g1(&a);
Zhongxing Xu562c4d92009-01-23 11:22:12 +0000[diff] [blame]102 if (a.data == 0) // no-warning
103 a.data = 1;
104}
Zhongxing Xu3450a552009-02-19 08:42:43 +0000[diff] [blame]105
106// Convert unsigned offset to signed when creating ElementRegion from
107// SymbolicRegion.
108void f12(int *list) {
109 unsigned i = 0;
110 list[i] = 1;
111}
Zhongxing Xuc57bc592009-03-18 02:07:30 +0000[diff] [blame]112
113struct s1 {
114 struct s2 {
115 int d;
116 } e;
117};
118
119// The binding of a.e.d should not be removed. Test recursive subregion map
120// building: a->e, e->d. Only then 'a' could be added to live region roots.
121void f13(double timeout) {
122 struct s1 a;
John McCall680523a2009-11-07 03:30:10 +0000[diff] [blame]123 a.e.d = (int) timeout;
Zhongxing Xuc57bc592009-03-18 02:07:30 +0000[diff] [blame]124 if (a.e.d == 10)
125 a.e.d = 4;
126}
Zhongxing Xu3e001f32009-05-03 00:27:40 +0000[diff] [blame]127
128struct s3 {
129 int a[2];
130};
131
132static struct s3 opt;
133
134// Test if the embedded array is retrieved correctly.
135void f14() {
136 struct s3 my_opt = opt;
137}
Zhongxing Xu264e9372009-05-12 10:10:00 +0000[diff] [blame]138
139void bar(int*);
140
141// Test if the array is correctly invalidated.
142void f15() {
143 int a[10];
144 bar(a);
145 if (a[1]) // no-warning
Anders Carlsson9668b1f2009-07-30 22:37:41 +0000[diff] [blame]146 (void)1;
Zhongxing Xu264e9372009-05-12 10:10:00 +0000[diff] [blame]147}
Zhongxing Xu3f6978a2009-06-11 09:11:27 +0000[diff] [blame]148
149struct s3 p[1];
150
151// Code from postgresql.
152// Current cast logic of region store mistakenly leaves the final result region
153// an ElementRegion of type 'char'. Then load a nonloc::SymbolVal from it and
154// assigns to 'a'.
155void f16(struct s3 *p) {
Zhongxing Xu4f3dc692009-11-09 08:07:38 +0000[diff] [blame]156 struct s3 a = *((struct s3*) ((char*) &p[0])); // expected-warning{{Casting a non-structure type to a structure type and accessing a field can lead to memory access errors or data corruption.}}
Zhongxing Xu3f6978a2009-06-11 09:11:27 +0000[diff] [blame]157}
Zhongxing Xu6bd8a522009-06-28 13:59:24 +0000[diff] [blame]158
159void inv(struct s1 *);
160
161// Invalidate the struct field.
162void f17() {
163 struct s1 t;
164 int x;
165 inv(&t);
166 if (t.e.d)
167 x = 1;
168}
Zhongxing Xua03f1572009-06-29 06:43:40 +0000[diff] [blame]169
170void read(char*);
171
172void f18() {
173 char *q;
174 char *p = (char *) __builtin_alloca(10);
175 read(p);
176 q = p;
177 q++;
178 if (*q) { // no-warning
179 }
180}