2009-11-13 21:46:29 +03:00
// RUN: clang-cc -analyze -analyzer-experimental-internal-checks -checker-cfref -analyzer-store=basic -analyzer-constraints=basic -verify %s
// RUN: clang-cc -analyze -analyzer-experimental-internal-checks -checker-cfref -analyzer-store=basic -analyzer-constraints=range -verify %s
// RUN: clang-cc -analyze -analyzer-experimental-internal-checks -checker-cfref -analyzer-store=region -analyzer-constraints=basic -verify %s
// RUN: clang-cc -analyze -analyzer-experimental-internal-checks -checker-cfref -analyzer-store=region -analyzer-constraints=range -verify %s
2008-10-17 09:19:52 +04:00
2008-10-24 12:51:58 +04:00
struct s {
int data ;
int data_array [ 10 ] ;
} ;
2008-10-17 09:19:52 +04:00
2008-10-27 12:19:25 +03:00
typedef struct {
int data ;
} STYPE ;
2009-05-20 13:18:48 +04:00
void g ( char * p ) ;
2008-11-02 16:17:44 +03:00
void g1 ( struct s * p ) ;
2008-11-25 04:45:11 +03:00
// Array to pointer conversion. Array in the struct field.
2008-10-17 09:19:52 +04:00
void f ( void ) {
int a [ 10 ] ;
int ( * p ) [ 10 ] ;
p = & a ;
( * p ) [ 3 ] = 1 ;
struct s d ;
struct s * q ;
q = & d ;
2008-10-24 12:51:58 +04:00
q - > data = 3 ;
d . data_array [ 9 ] = 17 ;
2008-10-17 09:19:52 +04:00
}
2008-10-25 18:11:23 +04:00
2008-11-25 04:45:11 +03:00
// StringLiteral in lvalue context and pointer to array type.
// p: ElementRegion, q: StringRegion
2008-10-25 18:11:23 +04:00
void f2 ( ) {
char * p = " /usr/local " ;
char ( * q ) [ 4 ] ;
q = & " abc " ;
}
2008-10-27 12:19:25 +03:00
2008-11-25 04:45:11 +03:00
// Typedef'ed struct definition.
2008-10-27 12:19:25 +03:00
void f3 ( ) {
STYPE s ;
}
2008-10-31 13:23:14 +03:00
2008-11-25 04:45:11 +03:00
// Initialize array with InitExprList.
2008-10-31 13:23:14 +03:00
void f4 ( ) {
int a [ ] = { 1 , 2 , 3 } ;
int b [ 3 ] = { 1 , 2 } ;
2009-01-23 13:23:13 +03:00
struct s c [ ] = { { 1 , { 1 } } } ;
2008-10-31 13:23:14 +03:00
}
2008-11-02 16:17:44 +03:00
2008-11-25 04:45:11 +03:00
// Struct variable in lvalue context.
2009-01-13 04:49:57 +03:00
// Assign UnknownVal to the whole struct.
2008-11-02 16:17:44 +03:00
void f5 ( ) {
struct s data ;
g1 ( & data ) ;
}
2008-11-13 10:59:15 +03:00
2008-11-25 04:45:11 +03:00
// AllocaRegion test.
2008-11-13 10:59:15 +03:00
void f6 ( ) {
char * p ;
p = __builtin_alloca ( 10 ) ;
2009-05-20 13:18:48 +04:00
g ( p ) ;
char c = * p ;
2008-11-13 10:59:15 +03:00
p [ 1 ] = ' a ' ;
2009-05-20 13:03:10 +04:00
// Test if RegionStore::EvalBinOp converts the alloca region to element
// region.
2009-05-20 13:00:16 +04:00
p + = 2 ;
2008-11-13 10:59:15 +03:00
}
2008-11-13 11:44:52 +03:00
struct s2 ;
void g2 ( struct s2 * p ) ;
2008-11-25 04:45:11 +03:00
// Incomplete struct pointer used as function argument.
2008-11-13 11:44:52 +03:00
void f7 ( ) {
struct s2 * p = __builtin_alloca ( 10 ) ;
g2 ( p ) ;
}
2008-11-13 12:20:05 +03:00
2008-11-25 04:45:11 +03:00
// sizeof() is unsigned while -1 is signed in array index.
2008-11-13 12:20:05 +03:00
void f8 ( ) {
int a [ 10 ] ;
2008-11-25 02:45:56 +03:00
a [ sizeof ( a ) / sizeof ( int ) - 1 ] = 1 ; // no-warning
2008-11-13 12:20:05 +03:00
}
2008-11-18 16:30:46 +03:00
2008-11-25 04:45:11 +03:00
// Initialization of struct array elements.
2008-11-18 16:30:46 +03:00
void f9 ( ) {
struct s a [ 10 ] ;
}
2008-11-30 08:51:19 +03:00
// Initializing array with string literal.
void f10 ( ) {
char a1 [ 4 ] = " abc " ;
char a3 [ 6 ] = " abc " ;
}
2009-01-23 14:22:12 +03:00
// Retrieve the default value of element/field region.
void f11 ( ) {
struct s a ;
2009-05-20 13:18:48 +04:00
g1 ( & a ) ;
2009-01-23 14:22:12 +03:00
if ( a . data = = 0 ) // no-warning
a . data = 1 ;
}
2009-02-19 11:42:43 +03:00
// Convert unsigned offset to signed when creating ElementRegion from
// SymbolicRegion.
void f12 ( int * list ) {
unsigned i = 0 ;
list [ i ] = 1 ;
}
2009-03-18 05:07:30 +03:00
struct s1 {
struct s2 {
int d ;
} e ;
} ;
// The binding of a.e.d should not be removed. Test recursive subregion map
// building: a->e, e->d. Only then 'a' could be added to live region roots.
void f13 ( double timeout ) {
struct s1 a ;
2009-11-07 06:30:10 +03:00
a . e . d = ( int ) timeout ;
2009-03-18 05:07:30 +03:00
if ( a . e . d = = 10 )
a . e . d = 4 ;
}
2009-05-03 04:27:40 +04:00
struct s3 {
int a [ 2 ] ;
} ;
static struct s3 opt ;
// Test if the embedded array is retrieved correctly.
void f14 ( ) {
struct s3 my_opt = opt ;
}
2009-05-12 14:10:00 +04:00
void bar ( int * ) ;
// Test if the array is correctly invalidated.
void f15 ( ) {
int a [ 10 ] ;
bar ( a ) ;
if ( a [ 1 ] ) // no-warning
2009-07-31 02:37:41 +04:00
( void ) 1 ;
2009-05-12 14:10:00 +04:00
}
2009-06-11 13:11:27 +04:00
struct s3 p [ 1 ] ;
// Code from postgresql.
// Current cast logic of region store mistakenly leaves the final result region
// an ElementRegion of type 'char'. Then load a nonloc::SymbolVal from it and
// assigns to 'a'.
void f16 ( struct s3 * p ) {
2009-11-09 11:07:38 +03:00
struct s3 a = * ( ( struct s3 * ) ( ( char * ) & p [ 0 ] ) ) ; // expected-warning{{Casting a non-structure type to a structure type and accessing a field can lead to memory access errors or data corruption.}}
2009-06-11 13:11:27 +04:00
}
2009-06-28 17:59:24 +04:00
void inv ( struct s1 * ) ;
// Invalidate the struct field.
void f17 ( ) {
struct s1 t ;
int x ;
inv ( & t ) ;
if ( t . e . d )
x = 1 ;
}
2009-06-29 10:43:40 +04:00
void read ( char * ) ;
void f18 ( ) {
char * q ;
char * p = ( char * ) __builtin_alloca ( 10 ) ;
read ( p ) ;
q = p ;
q + + ;
if ( * q ) { // no-warning
}
}