Ted Kremenek | cdc3a89 | 2012-08-24 20:39:55 +0000 | [diff] [blame] | 1 | // RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.cstring,alpha.unix.cstring,debug.ExprInspection -analyzer-store=region -verify %s |
| 2 | // RUN: %clang_cc1 -analyze -DUSE_BUILTINS -analyzer-checker=core,unix.cstring,alpha.unix.cstring,debug.ExprInspection -analyzer-store=region -verify %s |
| 3 | // RUN: %clang_cc1 -analyze -DVARIANT -analyzer-checker=core,unix.cstring,alpha.unix.cstring,debug.ExprInspection -analyzer-store=region -verify %s |
| 4 | // RUN: %clang_cc1 -analyze -DUSE_BUILTINS -DVARIANT -analyzer-checker=core,unix.cstring,alpha.unix.cstring,debug.ExprInspection -analyzer-store=region -verify %s |
Jordy Rose | ccbf7ee | 2010-07-06 23:11:01 +0000 | [diff] [blame] | 5 | |
| 6 | //===----------------------------------------------------------------------=== |
| 7 | // Declarations |
| 8 | //===----------------------------------------------------------------------=== |
| 9 | |
Jordy Rose | a6b808c | 2010-07-07 07:48:06 +0000 | [diff] [blame] | 10 | // Some functions are so similar to each other that they follow the same code |
Jordy Rose | bc56d1f | 2010-07-07 08:15:01 +0000 | [diff] [blame] | 11 | // path, such as memcpy and __memcpy_chk, or memcmp and bcmp. If VARIANT is |
| 12 | // defined, make sure to use the variants instead to make sure they are still |
| 13 | // checked by the analyzer. |
Jordy Rose | ccbf7ee | 2010-07-06 23:11:01 +0000 | [diff] [blame] | 14 | |
| 15 | // Some functions are implemented as builtins. These should be #defined as |
| 16 | // BUILTIN(f), which will prepend "__builtin_" if USE_BUILTINS is defined. |
| 17 | |
Chris Lattner | fc8f0e1 | 2011-04-15 05:22:18 +0000 | [diff] [blame] | 18 | // Functions that have variants and are also available as builtins should be |
Jordy Rose | a6b808c | 2010-07-07 07:48:06 +0000 | [diff] [blame] | 19 | // declared carefully! See memcpy() for an example. |
Jordy Rose | ccbf7ee | 2010-07-06 23:11:01 +0000 | [diff] [blame] | 20 | |
| 21 | #ifdef USE_BUILTINS |
| 22 | # define BUILTIN(f) __builtin_ ## f |
| 23 | #else /* USE_BUILTINS */ |
| 24 | # define BUILTIN(f) f |
| 25 | #endif /* USE_BUILTINS */ |
| 26 | |
| 27 | typedef typeof(sizeof(int)) size_t; |
| 28 | |
Jordy Rose | 43d9f0d | 2012-05-16 16:01:10 +0000 | [diff] [blame] | 29 | void clang_analyzer_eval(int); |
| 30 | |
Jordy Rose | ccbf7ee | 2010-07-06 23:11:01 +0000 | [diff] [blame] | 31 | //===----------------------------------------------------------------------=== |
| 32 | // memcpy() |
| 33 | //===----------------------------------------------------------------------=== |
| 34 | |
Jordy Rose | a6b808c | 2010-07-07 07:48:06 +0000 | [diff] [blame] | 35 | #ifdef VARIANT |
Jordy Rose | ccbf7ee | 2010-07-06 23:11:01 +0000 | [diff] [blame] | 36 | |
| 37 | #define __memcpy_chk BUILTIN(__memcpy_chk) |
| 38 | void *__memcpy_chk(void *restrict s1, const void *restrict s2, size_t n, |
| 39 | size_t destlen); |
| 40 | |
| 41 | #define memcpy(a,b,c) __memcpy_chk(a,b,c,(size_t)-1) |
| 42 | |
Jordy Rose | a6b808c | 2010-07-07 07:48:06 +0000 | [diff] [blame] | 43 | #else /* VARIANT */ |
Jordy Rose | ccbf7ee | 2010-07-06 23:11:01 +0000 | [diff] [blame] | 44 | |
| 45 | #define memcpy BUILTIN(memcpy) |
| 46 | void *memcpy(void *restrict s1, const void *restrict s2, size_t n); |
| 47 | |
Jordy Rose | a6b808c | 2010-07-07 07:48:06 +0000 | [diff] [blame] | 48 | #endif /* VARIANT */ |
Jordy Rose | ccbf7ee | 2010-07-06 23:11:01 +0000 | [diff] [blame] | 49 | |
| 50 | |
| 51 | void memcpy0 () { |
| 52 | char src[] = {1, 2, 3, 4}; |
Jordy Rose | e64f311 | 2010-08-16 07:51:42 +0000 | [diff] [blame] | 53 | char dst[4] = {0}; |
Jordy Rose | ccbf7ee | 2010-07-06 23:11:01 +0000 | [diff] [blame] | 54 | |
| 55 | memcpy(dst, src, 4); // no-warning |
| 56 | |
Jordy Rose | 43d9f0d | 2012-05-16 16:01:10 +0000 | [diff] [blame] | 57 | clang_analyzer_eval(memcpy(dst, src, 4) == dst); // expected-warning{{TRUE}} |
Jordy Rose | e64f311 | 2010-08-16 07:51:42 +0000 | [diff] [blame] | 58 | |
Jordy Rose | 43d9f0d | 2012-05-16 16:01:10 +0000 | [diff] [blame] | 59 | // If we actually model the copy, we can make this known. |
| 60 | // The important thing for now is that the old value has been invalidated. |
| 61 | clang_analyzer_eval(dst[0] != 0); // expected-warning{{UNKNOWN}} |
Jordy Rose | ccbf7ee | 2010-07-06 23:11:01 +0000 | [diff] [blame] | 62 | } |
| 63 | |
| 64 | void memcpy1 () { |
| 65 | char src[] = {1, 2, 3, 4}; |
| 66 | char dst[10]; |
| 67 | |
Jordy Rose | 9e49d9f | 2011-06-20 02:06:40 +0000 | [diff] [blame] | 68 | memcpy(dst, src, 5); // expected-warning{{Memory copy function accesses out-of-bound array element}} |
Jordy Rose | ccbf7ee | 2010-07-06 23:11:01 +0000 | [diff] [blame] | 69 | } |
| 70 | |
| 71 | void memcpy2 () { |
| 72 | char src[] = {1, 2, 3, 4}; |
| 73 | char dst[1]; |
| 74 | |
Jordy Rose | 9e49d9f | 2011-06-20 02:06:40 +0000 | [diff] [blame] | 75 | memcpy(dst, src, 4); // expected-warning{{Memory copy function overflows destination buffer}} |
Jordy Rose | ccbf7ee | 2010-07-06 23:11:01 +0000 | [diff] [blame] | 76 | } |
| 77 | |
| 78 | void memcpy3 () { |
| 79 | char src[] = {1, 2, 3, 4}; |
| 80 | char dst[3]; |
| 81 | |
| 82 | memcpy(dst+1, src+2, 2); // no-warning |
| 83 | } |
| 84 | |
| 85 | void memcpy4 () { |
| 86 | char src[] = {1, 2, 3, 4}; |
| 87 | char dst[10]; |
| 88 | |
Jordy Rose | 9e49d9f | 2011-06-20 02:06:40 +0000 | [diff] [blame] | 89 | memcpy(dst+2, src+2, 3); // expected-warning{{Memory copy function accesses out-of-bound array element}} |
Jordy Rose | ccbf7ee | 2010-07-06 23:11:01 +0000 | [diff] [blame] | 90 | } |
| 91 | |
| 92 | void memcpy5() { |
| 93 | char src[] = {1, 2, 3, 4}; |
| 94 | char dst[3]; |
| 95 | |
Jordy Rose | 9e49d9f | 2011-06-20 02:06:40 +0000 | [diff] [blame] | 96 | memcpy(dst+2, src+2, 2); // expected-warning{{Memory copy function overflows destination buffer}} |
Jordy Rose | ccbf7ee | 2010-07-06 23:11:01 +0000 | [diff] [blame] | 97 | } |
| 98 | |
| 99 | void memcpy6() { |
| 100 | int a[4] = {0}; |
| 101 | memcpy(a, a, 8); // expected-warning{{overlapping}} |
| 102 | } |
| 103 | |
| 104 | void memcpy7() { |
| 105 | int a[4] = {0}; |
| 106 | memcpy(a+2, a+1, 8); // expected-warning{{overlapping}} |
| 107 | } |
| 108 | |
| 109 | void memcpy8() { |
| 110 | int a[4] = {0}; |
| 111 | memcpy(a+1, a+2, 8); // expected-warning{{overlapping}} |
| 112 | } |
| 113 | |
| 114 | void memcpy9() { |
| 115 | int a[4] = {0}; |
| 116 | memcpy(a+2, a+1, 4); // no-warning |
| 117 | memcpy(a+1, a+2, 4); // no-warning |
| 118 | } |
| 119 | |
Jordy Rose | a6b808c | 2010-07-07 07:48:06 +0000 | [diff] [blame] | 120 | void memcpy10() { |
| 121 | char a[4] = {0}; |
Jordy Rose | 9e49d9f | 2011-06-20 02:06:40 +0000 | [diff] [blame] | 122 | memcpy(0, a, 4); // expected-warning{{Null pointer argument in call to memory copy function}} |
Jordy Rose | a6b808c | 2010-07-07 07:48:06 +0000 | [diff] [blame] | 123 | } |
| 124 | |
| 125 | void memcpy11() { |
| 126 | char a[4] = {0}; |
Jordy Rose | 9e49d9f | 2011-06-20 02:06:40 +0000 | [diff] [blame] | 127 | memcpy(a, 0, 4); // expected-warning{{Null pointer argument in call to memory copy function}} |
Jordy Rose | a6b808c | 2010-07-07 07:48:06 +0000 | [diff] [blame] | 128 | } |
| 129 | |
| 130 | void memcpy12() { |
| 131 | char a[4] = {0}; |
| 132 | memcpy(0, a, 0); // no-warning |
Lenny Maiorani | b8b875b | 2011-03-31 21:36:53 +0000 | [diff] [blame] | 133 | } |
| 134 | |
| 135 | void memcpy13() { |
| 136 | char a[4] = {0}; |
Jordy Rose | a6b808c | 2010-07-07 07:48:06 +0000 | [diff] [blame] | 137 | memcpy(a, 0, 0); // no-warning |
| 138 | } |
| 139 | |
Jordy Rose | 22d2717 | 2011-06-04 00:04:22 +0000 | [diff] [blame] | 140 | void memcpy_unknown_size (size_t n) { |
| 141 | char a[4], b[4] = {1}; |
Jordy Rose | 43d9f0d | 2012-05-16 16:01:10 +0000 | [diff] [blame] | 142 | clang_analyzer_eval(memcpy(a, b, n) == a); // expected-warning{{TRUE}} |
Jordy Rose | 22d2717 | 2011-06-04 00:04:22 +0000 | [diff] [blame] | 143 | } |
| 144 | |
| 145 | void memcpy_unknown_size_warn (size_t n) { |
| 146 | char a[4]; |
Jordy Rose | 43d9f0d | 2012-05-16 16:01:10 +0000 | [diff] [blame] | 147 | void *result = memcpy(a, 0, n); // expected-warning{{Null pointer argument in call to memory copy function}} |
| 148 | clang_analyzer_eval(result == a); // no-warning (above is fatal) |
Jordy Rose | 22d2717 | 2011-06-04 00:04:22 +0000 | [diff] [blame] | 149 | } |
| 150 | |
Jordy Rose | ccbf7ee | 2010-07-06 23:11:01 +0000 | [diff] [blame] | 151 | //===----------------------------------------------------------------------=== |
Lenny Maiorani | b8b875b | 2011-03-31 21:36:53 +0000 | [diff] [blame] | 152 | // mempcpy() |
| 153 | //===----------------------------------------------------------------------=== |
| 154 | |
Jordy Rose | be460d8 | 2011-06-03 23:42:56 +0000 | [diff] [blame] | 155 | #ifdef VARIANT |
| 156 | |
| 157 | #define __mempcpy_chk BUILTIN(__mempcpy_chk) |
| 158 | void *__mempcpy_chk(void *restrict s1, const void *restrict s2, size_t n, |
| 159 | size_t destlen); |
| 160 | |
| 161 | #define mempcpy(a,b,c) __mempcpy_chk(a,b,c,(size_t)-1) |
| 162 | |
| 163 | #else /* VARIANT */ |
| 164 | |
Lenny Maiorani | b8b875b | 2011-03-31 21:36:53 +0000 | [diff] [blame] | 165 | #define mempcpy BUILTIN(mempcpy) |
| 166 | void *mempcpy(void *restrict s1, const void *restrict s2, size_t n); |
| 167 | |
Jordy Rose | be460d8 | 2011-06-03 23:42:56 +0000 | [diff] [blame] | 168 | #endif /* VARIANT */ |
| 169 | |
| 170 | |
Lenny Maiorani | b8b875b | 2011-03-31 21:36:53 +0000 | [diff] [blame] | 171 | void mempcpy0 () { |
| 172 | char src[] = {1, 2, 3, 4}; |
| 173 | char dst[5] = {0}; |
| 174 | |
| 175 | mempcpy(dst, src, 4); // no-warning |
| 176 | |
Jordy Rose | 43d9f0d | 2012-05-16 16:01:10 +0000 | [diff] [blame] | 177 | clang_analyzer_eval(mempcpy(dst, src, 4) == &dst[4]); // expected-warning{{TRUE}} |
Lenny Maiorani | b8b875b | 2011-03-31 21:36:53 +0000 | [diff] [blame] | 178 | |
Jordy Rose | 43d9f0d | 2012-05-16 16:01:10 +0000 | [diff] [blame] | 179 | // If we actually model the copy, we can make this known. |
| 180 | // The important thing for now is that the old value has been invalidated. |
| 181 | clang_analyzer_eval(dst[0] != 0); // expected-warning{{UNKNOWN}} |
Lenny Maiorani | b8b875b | 2011-03-31 21:36:53 +0000 | [diff] [blame] | 182 | } |
| 183 | |
| 184 | void mempcpy1 () { |
| 185 | char src[] = {1, 2, 3, 4}; |
| 186 | char dst[10]; |
| 187 | |
Jordy Rose | 9e49d9f | 2011-06-20 02:06:40 +0000 | [diff] [blame] | 188 | mempcpy(dst, src, 5); // expected-warning{{Memory copy function accesses out-of-bound array element}} |
Lenny Maiorani | b8b875b | 2011-03-31 21:36:53 +0000 | [diff] [blame] | 189 | } |
| 190 | |
| 191 | void mempcpy2 () { |
| 192 | char src[] = {1, 2, 3, 4}; |
| 193 | char dst[1]; |
| 194 | |
Jordy Rose | 9e49d9f | 2011-06-20 02:06:40 +0000 | [diff] [blame] | 195 | mempcpy(dst, src, 4); // expected-warning{{Memory copy function overflows destination buffer}} |
Lenny Maiorani | b8b875b | 2011-03-31 21:36:53 +0000 | [diff] [blame] | 196 | } |
| 197 | |
| 198 | void mempcpy3 () { |
| 199 | char src[] = {1, 2, 3, 4}; |
| 200 | char dst[3]; |
| 201 | |
| 202 | mempcpy(dst+1, src+2, 2); // no-warning |
| 203 | } |
| 204 | |
| 205 | void mempcpy4 () { |
| 206 | char src[] = {1, 2, 3, 4}; |
| 207 | char dst[10]; |
| 208 | |
Jordy Rose | 9e49d9f | 2011-06-20 02:06:40 +0000 | [diff] [blame] | 209 | mempcpy(dst+2, src+2, 3); // expected-warning{{Memory copy function accesses out-of-bound array element}} |
Lenny Maiorani | b8b875b | 2011-03-31 21:36:53 +0000 | [diff] [blame] | 210 | } |
| 211 | |
| 212 | void mempcpy5() { |
| 213 | char src[] = {1, 2, 3, 4}; |
| 214 | char dst[3]; |
| 215 | |
Jordy Rose | 9e49d9f | 2011-06-20 02:06:40 +0000 | [diff] [blame] | 216 | mempcpy(dst+2, src+2, 2); // expected-warning{{Memory copy function overflows destination buffer}} |
Lenny Maiorani | b8b875b | 2011-03-31 21:36:53 +0000 | [diff] [blame] | 217 | } |
| 218 | |
| 219 | void mempcpy6() { |
| 220 | int a[4] = {0}; |
| 221 | mempcpy(a, a, 8); // expected-warning{{overlapping}} |
| 222 | } |
| 223 | |
| 224 | void mempcpy7() { |
| 225 | int a[4] = {0}; |
| 226 | mempcpy(a+2, a+1, 8); // expected-warning{{overlapping}} |
| 227 | } |
| 228 | |
| 229 | void mempcpy8() { |
| 230 | int a[4] = {0}; |
| 231 | mempcpy(a+1, a+2, 8); // expected-warning{{overlapping}} |
| 232 | } |
| 233 | |
| 234 | void mempcpy9() { |
| 235 | int a[4] = {0}; |
| 236 | mempcpy(a+2, a+1, 4); // no-warning |
| 237 | mempcpy(a+1, a+2, 4); // no-warning |
| 238 | } |
| 239 | |
| 240 | void mempcpy10() { |
| 241 | char a[4] = {0}; |
Jordy Rose | 9e49d9f | 2011-06-20 02:06:40 +0000 | [diff] [blame] | 242 | mempcpy(0, a, 4); // expected-warning{{Null pointer argument in call to memory copy function}} |
Lenny Maiorani | b8b875b | 2011-03-31 21:36:53 +0000 | [diff] [blame] | 243 | } |
| 244 | |
| 245 | void mempcpy11() { |
| 246 | char a[4] = {0}; |
Jordy Rose | 9e49d9f | 2011-06-20 02:06:40 +0000 | [diff] [blame] | 247 | mempcpy(a, 0, 4); // expected-warning{{Null pointer argument in call to memory copy function}} |
Lenny Maiorani | b8b875b | 2011-03-31 21:36:53 +0000 | [diff] [blame] | 248 | } |
| 249 | |
| 250 | void mempcpy12() { |
| 251 | char a[4] = {0}; |
| 252 | mempcpy(0, a, 0); // no-warning |
| 253 | } |
| 254 | |
| 255 | void mempcpy13() { |
| 256 | char a[4] = {0}; |
| 257 | mempcpy(a, 0, 0); // no-warning |
| 258 | } |
| 259 | |
Jordy Rose | 22d2717 | 2011-06-04 00:04:22 +0000 | [diff] [blame] | 260 | void mempcpy_unknown_size_warn (size_t n) { |
| 261 | char a[4]; |
Jordy Rose | 43d9f0d | 2012-05-16 16:01:10 +0000 | [diff] [blame] | 262 | void *result = mempcpy(a, 0, n); // expected-warning{{Null pointer argument in call to memory copy function}} |
| 263 | clang_analyzer_eval(result == a); // no-warning (above is fatal) |
Jordy Rose | 22d2717 | 2011-06-04 00:04:22 +0000 | [diff] [blame] | 264 | } |
| 265 | |
Jordy Rose | 3f8bb2f | 2011-06-04 01:47:27 +0000 | [diff] [blame] | 266 | void mempcpy_unknownable_size (char *src, float n) { |
| 267 | char a[4]; |
| 268 | // This used to crash because we don't model floats. |
| 269 | mempcpy(a, src, (size_t)n); |
| 270 | } |
| 271 | |
Lenny Maiorani | b8b875b | 2011-03-31 21:36:53 +0000 | [diff] [blame] | 272 | //===----------------------------------------------------------------------=== |
Jordy Rose | ccbf7ee | 2010-07-06 23:11:01 +0000 | [diff] [blame] | 273 | // memmove() |
| 274 | //===----------------------------------------------------------------------=== |
| 275 | |
Jordy Rose | a6b808c | 2010-07-07 07:48:06 +0000 | [diff] [blame] | 276 | #ifdef VARIANT |
Jordy Rose | ccbf7ee | 2010-07-06 23:11:01 +0000 | [diff] [blame] | 277 | |
| 278 | #define __memmove_chk BUILTIN(__memmove_chk) |
| 279 | void *__memmove_chk(void *s1, const void *s2, size_t n, size_t destlen); |
| 280 | |
| 281 | #define memmove(a,b,c) __memmove_chk(a,b,c,(size_t)-1) |
| 282 | |
Jordy Rose | a6b808c | 2010-07-07 07:48:06 +0000 | [diff] [blame] | 283 | #else /* VARIANT */ |
Jordy Rose | ccbf7ee | 2010-07-06 23:11:01 +0000 | [diff] [blame] | 284 | |
| 285 | #define memmove BUILTIN(memmove) |
| 286 | void *memmove(void *s1, const void *s2, size_t n); |
| 287 | |
Jordy Rose | a6b808c | 2010-07-07 07:48:06 +0000 | [diff] [blame] | 288 | #endif /* VARIANT */ |
Jordy Rose | ccbf7ee | 2010-07-06 23:11:01 +0000 | [diff] [blame] | 289 | |
| 290 | |
| 291 | void memmove0 () { |
| 292 | char src[] = {1, 2, 3, 4}; |
Jordy Rose | e64f311 | 2010-08-16 07:51:42 +0000 | [diff] [blame] | 293 | char dst[4] = {0}; |
Jordy Rose | ccbf7ee | 2010-07-06 23:11:01 +0000 | [diff] [blame] | 294 | |
| 295 | memmove(dst, src, 4); // no-warning |
| 296 | |
Jordy Rose | 43d9f0d | 2012-05-16 16:01:10 +0000 | [diff] [blame] | 297 | clang_analyzer_eval(memmove(dst, src, 4) == dst); // expected-warning{{TRUE}} |
Jordy Rose | e64f311 | 2010-08-16 07:51:42 +0000 | [diff] [blame] | 298 | |
Jordy Rose | 43d9f0d | 2012-05-16 16:01:10 +0000 | [diff] [blame] | 299 | // If we actually model the copy, we can make this known. |
| 300 | // The important thing for now is that the old value has been invalidated. |
| 301 | clang_analyzer_eval(dst[0] != 0); // expected-warning{{UNKNOWN}} |
Jordy Rose | ccbf7ee | 2010-07-06 23:11:01 +0000 | [diff] [blame] | 302 | } |
| 303 | |
| 304 | void memmove1 () { |
| 305 | char src[] = {1, 2, 3, 4}; |
| 306 | char dst[10]; |
| 307 | |
| 308 | memmove(dst, src, 5); // expected-warning{{out-of-bound}} |
| 309 | } |
| 310 | |
| 311 | void memmove2 () { |
| 312 | char src[] = {1, 2, 3, 4}; |
| 313 | char dst[1]; |
| 314 | |
Jordy Rose | e64f311 | 2010-08-16 07:51:42 +0000 | [diff] [blame] | 315 | memmove(dst, src, 4); // expected-warning{{overflow}} |
Jordy Rose | ccbf7ee | 2010-07-06 23:11:01 +0000 | [diff] [blame] | 316 | } |
| 317 | |
| 318 | //===----------------------------------------------------------------------=== |
Jordy Rose | bc56d1f | 2010-07-07 08:15:01 +0000 | [diff] [blame] | 319 | // memcmp() |
| 320 | //===----------------------------------------------------------------------=== |
| 321 | |
| 322 | #ifdef VARIANT |
| 323 | |
| 324 | #define bcmp BUILTIN(bcmp) |
| 325 | // __builtin_bcmp is not defined with const in Builtins.def. |
| 326 | int bcmp(/*const*/ void *s1, /*const*/ void *s2, size_t n); |
| 327 | #define memcmp bcmp |
Jordy Rose | 43d9f0d | 2012-05-16 16:01:10 +0000 | [diff] [blame] | 328 | // |
Jordy Rose | bc56d1f | 2010-07-07 08:15:01 +0000 | [diff] [blame] | 329 | #else /* VARIANT */ |
| 330 | |
| 331 | #define memcmp BUILTIN(memcmp) |
| 332 | int memcmp(const void *s1, const void *s2, size_t n); |
| 333 | |
| 334 | #endif /* VARIANT */ |
| 335 | |
| 336 | |
| 337 | void memcmp0 () { |
| 338 | char a[] = {1, 2, 3, 4}; |
| 339 | char b[4] = { 0 }; |
| 340 | |
| 341 | memcmp(a, b, 4); // no-warning |
| 342 | } |
| 343 | |
| 344 | void memcmp1 () { |
| 345 | char a[] = {1, 2, 3, 4}; |
| 346 | char b[10] = { 0 }; |
| 347 | |
| 348 | memcmp(a, b, 5); // expected-warning{{out-of-bound}} |
| 349 | } |
| 350 | |
| 351 | void memcmp2 () { |
| 352 | char a[] = {1, 2, 3, 4}; |
| 353 | char b[1] = { 0 }; |
| 354 | |
| 355 | memcmp(a, b, 4); // expected-warning{{out-of-bound}} |
| 356 | } |
| 357 | |
| 358 | void memcmp3 () { |
| 359 | char a[] = {1, 2, 3, 4}; |
| 360 | |
Jordy Rose | 43d9f0d | 2012-05-16 16:01:10 +0000 | [diff] [blame] | 361 | clang_analyzer_eval(memcmp(a, a, 4) == 0); // expected-warning{{TRUE}} |
Jordy Rose | bc56d1f | 2010-07-07 08:15:01 +0000 | [diff] [blame] | 362 | } |
| 363 | |
| 364 | void memcmp4 (char *input) { |
| 365 | char a[] = {1, 2, 3, 4}; |
| 366 | |
Jordy Rose | 43d9f0d | 2012-05-16 16:01:10 +0000 | [diff] [blame] | 367 | clang_analyzer_eval(memcmp(a, input, 4) == 0); // expected-warning{{UNKNOWN}} |
Jordy Rose | bc56d1f | 2010-07-07 08:15:01 +0000 | [diff] [blame] | 368 | } |
| 369 | |
| 370 | void memcmp5 (char *input) { |
| 371 | char a[] = {1, 2, 3, 4}; |
| 372 | |
Jordy Rose | 43d9f0d | 2012-05-16 16:01:10 +0000 | [diff] [blame] | 373 | clang_analyzer_eval(memcmp(a, 0, 0) == 0); // expected-warning{{TRUE}} |
| 374 | clang_analyzer_eval(memcmp(0, a, 0) == 0); // expected-warning{{TRUE}} |
| 375 | clang_analyzer_eval(memcmp(a, input, 0) == 0); // expected-warning{{TRUE}} |
Jordy Rose | bc56d1f | 2010-07-07 08:15:01 +0000 | [diff] [blame] | 376 | } |
| 377 | |
Jordy Rose | d325ffb | 2010-07-08 23:57:29 +0000 | [diff] [blame] | 378 | void memcmp6 (char *a, char *b, size_t n) { |
| 379 | int result = memcmp(a, b, n); |
| 380 | if (result != 0) |
Jordy Rose | 43d9f0d | 2012-05-16 16:01:10 +0000 | [diff] [blame] | 381 | clang_analyzer_eval(n != 0); // expected-warning{{TRUE}} |
| 382 | // else |
| 383 | // analyzer_assert_unknown(n == 0); |
| 384 | |
| 385 | // We can't do the above comparison because n has already been constrained. |
| 386 | // On one path n == 0, on the other n != 0. |
Jordy Rose | d325ffb | 2010-07-08 23:57:29 +0000 | [diff] [blame] | 387 | } |
| 388 | |
Jordy Rose | b6a4026 | 2010-08-05 23:11:30 +0000 | [diff] [blame] | 389 | int memcmp7 (char *a, size_t x, size_t y, size_t n) { |
| 390 | // We used to crash when either of the arguments was unknown. |
| 391 | return memcmp(a, &a[x*y], n) + |
| 392 | memcmp(&a[x*y], a, n); |
| 393 | } |
| 394 | |
Jordy Rose | bc56d1f | 2010-07-07 08:15:01 +0000 | [diff] [blame] | 395 | //===----------------------------------------------------------------------=== |
Jordy Rose | ccbf7ee | 2010-07-06 23:11:01 +0000 | [diff] [blame] | 396 | // bcopy() |
| 397 | //===----------------------------------------------------------------------=== |
| 398 | |
| 399 | #define bcopy BUILTIN(bcopy) |
| 400 | // __builtin_bcopy is not defined with const in Builtins.def. |
| 401 | void bcopy(/*const*/ void *s1, void *s2, size_t n); |
| 402 | |
| 403 | |
| 404 | void bcopy0 () { |
| 405 | char src[] = {1, 2, 3, 4}; |
Jordy Rose | e64f311 | 2010-08-16 07:51:42 +0000 | [diff] [blame] | 406 | char dst[4] = {0}; |
Jordy Rose | ccbf7ee | 2010-07-06 23:11:01 +0000 | [diff] [blame] | 407 | |
| 408 | bcopy(src, dst, 4); // no-warning |
Jordy Rose | e64f311 | 2010-08-16 07:51:42 +0000 | [diff] [blame] | 409 | |
Jordy Rose | 43d9f0d | 2012-05-16 16:01:10 +0000 | [diff] [blame] | 410 | // If we actually model the copy, we can make this known. |
| 411 | // The important thing for now is that the old value has been invalidated. |
| 412 | clang_analyzer_eval(dst[0] != 0); // expected-warning{{UNKNOWN}} |
Jordy Rose | ccbf7ee | 2010-07-06 23:11:01 +0000 | [diff] [blame] | 413 | } |
| 414 | |
| 415 | void bcopy1 () { |
| 416 | char src[] = {1, 2, 3, 4}; |
| 417 | char dst[10]; |
| 418 | |
| 419 | bcopy(src, dst, 5); // expected-warning{{out-of-bound}} |
| 420 | } |
| 421 | |
| 422 | void bcopy2 () { |
| 423 | char src[] = {1, 2, 3, 4}; |
| 424 | char dst[1]; |
| 425 | |
Jordy Rose | e64f311 | 2010-08-16 07:51:42 +0000 | [diff] [blame] | 426 | bcopy(src, dst, 4); // expected-warning{{overflow}} |
Jordy Rose | ccbf7ee | 2010-07-06 23:11:01 +0000 | [diff] [blame] | 427 | } |
Anna Zaks | dd160f3 | 2012-05-03 18:21:28 +0000 | [diff] [blame] | 428 | |
| 429 | void *malloc(size_t); |
| 430 | void free(void *); |
| 431 | char radar_11125445_memcopythenlogfirstbyte(const char *input, size_t length) { |
| 432 | char *bytes = malloc(sizeof(char) * (length + 1)); |
| 433 | memcpy(bytes, input, length); |
| 434 | char x = bytes[0]; // no warning |
| 435 | free(bytes); |
| 436 | return x; |
| 437 | } |