diff options
Diffstat (limited to 'test/Analysis/bstring.c')
| -rw-r--r-- | test/Analysis/bstring.c | 89 |
1 files changed, 48 insertions, 41 deletions
diff --git a/test/Analysis/bstring.c b/test/Analysis/bstring.c index 833c917..d383d42 100644 --- a/test/Analysis/bstring.c +++ b/test/Analysis/bstring.c @@ -1,7 +1,7 @@ -// RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.cstring,experimental.unix.cstring -analyzer-store=region -Wno-null-dereference -verify %s -// RUN: %clang_cc1 -analyze -DUSE_BUILTINS -analyzer-checker=core,unix.cstring,experimental.unix.cstring -analyzer-store=region -Wno-null-dereference -verify %s -// RUN: %clang_cc1 -analyze -DVARIANT -analyzer-checker=core,unix.cstring,experimental.unix.cstring -analyzer-store=region -Wno-null-dereference -verify %s -// RUN: %clang_cc1 -analyze -DUSE_BUILTINS -DVARIANT -analyzer-checker=core,unix.cstring.NullArg,experimental.unix.cstring.OutOfBounds,experimental.unix.cstring.BufferOverlap,experimental.unix.cstring.NotNullTerminated -analyzer-store=region -Wno-null-dereference -verify %s +// RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.cstring,experimental.unix.cstring,debug.ExprInspection -analyzer-store=region -verify %s +// RUN: %clang_cc1 -analyze -DUSE_BUILTINS -analyzer-checker=core,unix.cstring,experimental.unix.cstring,debug.ExprInspection -analyzer-store=region -verify %s +// RUN: %clang_cc1 -analyze -DVARIANT -analyzer-checker=core,unix.cstring,experimental.unix.cstring,debug.ExprInspection -analyzer-store=region -verify %s +// RUN: %clang_cc1 -analyze -DUSE_BUILTINS -DVARIANT -analyzer-checker=core,unix.cstring,experimental.unix.cstring,debug.ExprInspection -analyzer-store=region -verify %s //===----------------------------------------------------------------------=== // Declarations @@ -26,6 +26,8 @@ typedef typeof(sizeof(int)) size_t; +void clang_analyzer_eval(int); + //===----------------------------------------------------------------------=== // memcpy() //===----------------------------------------------------------------------=== @@ -52,12 +54,11 @@ void memcpy0 () { memcpy(dst, src, 4); // no-warning - if (memcpy(dst, src, 4) != dst) { - (void)*(char*)0; // no-warning - } + clang_analyzer_eval(memcpy(dst, src, 4) == dst); // expected-warning{{TRUE}} - if (dst[0] != 0) - (void)*(char*)0; // expected-warning{{null}} + // If we actually model the copy, we can make this known. + // The important thing for now is that the old value has been invalidated. + clang_analyzer_eval(dst[0] != 0); // expected-warning{{UNKNOWN}} } void memcpy1 () { @@ -138,14 +139,13 @@ void memcpy13() { void memcpy_unknown_size (size_t n) { char a[4], b[4] = {1}; - if (memcpy(a, b, n) != a) - (void)*(char*)0; // no-warning + clang_analyzer_eval(memcpy(a, b, n) == a); // expected-warning{{TRUE}} } void memcpy_unknown_size_warn (size_t n) { char a[4]; - if (memcpy(a, 0, n) != a) // expected-warning{{Null pointer argument in call to memory copy function}} - (void)*(char*)0; // no-warning + void *result = memcpy(a, 0, n); // expected-warning{{Null pointer argument in call to memory copy function}} + clang_analyzer_eval(result == a); // no-warning (above is fatal) } //===----------------------------------------------------------------------=== @@ -174,12 +174,11 @@ void mempcpy0 () { mempcpy(dst, src, 4); // no-warning - if (mempcpy(dst, src, 4) != &dst[4]) { - (void)*(char*)0; // no-warning - } + clang_analyzer_eval(mempcpy(dst, src, 4) == &dst[4]); // expected-warning{{TRUE}} - if (dst[0] != 0) - (void)*(char*)0; // expected-warning{{null}} + // If we actually model the copy, we can make this known. + // The important thing for now is that the old value has been invalidated. + clang_analyzer_eval(dst[0] != 0); // expected-warning{{UNKNOWN}} } void mempcpy1 () { @@ -260,8 +259,8 @@ void mempcpy13() { void mempcpy_unknown_size_warn (size_t n) { char a[4]; - if (mempcpy(a, 0, n) != a) // expected-warning{{Null pointer argument in call to memory copy function}} - (void)*(char*)0; // no-warning + void *result = mempcpy(a, 0, n); // expected-warning{{Null pointer argument in call to memory copy function}} + clang_analyzer_eval(result == a); // no-warning (above is fatal) } void mempcpy_unknownable_size (char *src, float n) { @@ -295,12 +294,11 @@ void memmove0 () { memmove(dst, src, 4); // no-warning - if (memmove(dst, src, 4) != dst) { - (void)*(char*)0; // no-warning - } + clang_analyzer_eval(memmove(dst, src, 4) == dst); // expected-warning{{TRUE}} - if (dst[0] != 0) - (void)*(char*)0; // expected-warning{{null}} + // If we actually model the copy, we can make this known. + // The important thing for now is that the old value has been invalidated. + clang_analyzer_eval(dst[0] != 0); // expected-warning{{UNKNOWN}} } void memmove1 () { @@ -327,7 +325,7 @@ void memmove2 () { // __builtin_bcmp is not defined with const in Builtins.def. int bcmp(/*const*/ void *s1, /*const*/ void *s2, size_t n); #define memcmp bcmp - +// #else /* VARIANT */ #define memcmp BUILTIN(memcmp) @@ -360,34 +358,32 @@ void memcmp2 () { void memcmp3 () { char a[] = {1, 2, 3, 4}; - if (memcmp(a, a, 4)) - (void)*(char*)0; // no-warning + clang_analyzer_eval(memcmp(a, a, 4) == 0); // expected-warning{{TRUE}} } void memcmp4 (char *input) { char a[] = {1, 2, 3, 4}; - if (memcmp(a, input, 4)) - (void)*(char*)0; // expected-warning{{null}} + clang_analyzer_eval(memcmp(a, input, 4) == 0); // expected-warning{{UNKNOWN}} } void memcmp5 (char *input) { char a[] = {1, 2, 3, 4}; - if (memcmp(a, 0, 0)) // no-warning - (void)*(char*)0; // no-warning - if (memcmp(0, a, 0)) // no-warning - (void)*(char*)0; // no-warning - if (memcmp(a, input, 0)) // no-warning - (void)*(char*)0; // no-warning + clang_analyzer_eval(memcmp(a, 0, 0) == 0); // expected-warning{{TRUE}} + clang_analyzer_eval(memcmp(0, a, 0) == 0); // expected-warning{{TRUE}} + clang_analyzer_eval(memcmp(a, input, 0) == 0); // expected-warning{{TRUE}} } void memcmp6 (char *a, char *b, size_t n) { int result = memcmp(a, b, n); if (result != 0) - return; - if (n == 0) - (void)*(char*)0; // expected-warning{{null}} + clang_analyzer_eval(n != 0); // expected-warning{{TRUE}} + // else + // analyzer_assert_unknown(n == 0); + + // We can't do the above comparison because n has already been constrained. + // On one path n == 0, on the other n != 0. } int memcmp7 (char *a, size_t x, size_t y, size_t n) { @@ -411,8 +407,9 @@ void bcopy0 () { bcopy(src, dst, 4); // no-warning - if (dst[0] != 0) - (void)*(char*)0; // expected-warning{{null}} + // If we actually model the copy, we can make this known. + // The important thing for now is that the old value has been invalidated. + clang_analyzer_eval(dst[0] != 0); // expected-warning{{UNKNOWN}} } void bcopy1 () { @@ -428,3 +425,13 @@ void bcopy2 () { bcopy(src, dst, 4); // expected-warning{{overflow}} } + +void *malloc(size_t); +void free(void *); +char radar_11125445_memcopythenlogfirstbyte(const char *input, size_t length) { + char *bytes = malloc(sizeof(char) * (length + 1)); + memcpy(bytes, input, length); + char x = bytes[0]; // no warning + free(bytes); + return x; +} |
