1 // RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.core,debug.ExprInspection -verify -analyzer-config eagerly-assume=false %s
2
3 void clang_analyzer_eval(int);
4
string_literal_init()5 int string_literal_init() {
6 char a[] = "abc";
7 char b[2] = "abc"; // expected-warning{{too long}}
8 char c[5] = "abc";
9
10 clang_analyzer_eval(a[1] == 'b'); // expected-warning{{TRUE}}
11 clang_analyzer_eval(b[1] == 'b'); // expected-warning{{TRUE}}
12 clang_analyzer_eval(c[1] == 'b'); // expected-warning{{TRUE}}
13
14 clang_analyzer_eval(a[3] == 0); // expected-warning{{TRUE}}
15 clang_analyzer_eval(c[3] == 0); // expected-warning{{TRUE}}
16
17 clang_analyzer_eval(c[4] == 0); // expected-warning{{TRUE}}
18
19 return 42;
20 }
21
nested_compound_literals(int rad)22 void nested_compound_literals(int rad) {
23 int vec[6][2] = {{0.195, 0.02}, {0.383, 0.067}, {0.55, 0.169}, // expected-warning 6 {{implicit conversion from 'double' to 'int' changes value from}}
24 {0.831, 0.45}, {0.924, 0.617}, {0.98, 0.805}}; // expected-warning 6 {{implicit conversion from 'double' to 'int' changes value from}}
25 int a;
26
27 for (a = 0; a < 6; ++a) {
28 vec[a][0] *= rad; // no-warning
29 vec[a][1] *= rad; // no-warning
30 }
31 }
32
nested_compound_literals_float(float rad)33 void nested_compound_literals_float(float rad) {
34 float vec[6][2] = {{0.195, 0.02}, {0.383, 0.067}, {0.55, 0.169},
35 {0.831, 0.45}, {0.924, 0.617}, {0.98, 0.805}};
36 int a;
37
38 for (a = 0; a < 6; ++a) {
39 vec[a][0] *= rad; // no-warning
40 vec[a][1] *= rad; // no-warning
41 }
42 }
43
44
struct_as_array()45 void struct_as_array() {
46 struct simple { int x; int y; };
47 struct simple a;
48 struct simple *p = &a;
49
50 p->x = 5;
51 clang_analyzer_eval(a.x == 5); // expected-warning{{TRUE}}
52 clang_analyzer_eval(p[0].x == 5); // expected-warning{{TRUE}}
53
54 p[0].y = 5;
55 clang_analyzer_eval(a.y == 5); // expected-warning{{TRUE}}
56 clang_analyzer_eval(p->y == 5); // expected-warning{{TRUE}}
57 }
58
59
60 // PR13264 / <rdar://problem/11802440>
61 struct point { int x; int y; };
62 struct circle { struct point o; int r; };
get_circle()63 struct circle get_circle() {
64 struct circle result;
65 result.r = 5;
66 result.o = (struct point){0, 0};
67 return result;
68 }
69
struct_in_struct()70 void struct_in_struct() {
71 struct circle c;
72 c = get_circle();
73 // This used to think c.r was undefined because c.o is a LazyCompoundVal.
74 clang_analyzer_eval(c.r == 5); // expected-warning{{TRUE}}
75 }
76
77 // We also test with floats because we don't model floats right now,
78 // and the original bug report used a float.
79 struct circle_f { struct point o; float r; };
get_circle_f()80 struct circle_f get_circle_f() {
81 struct circle_f result;
82 result.r = 5.0;
83 result.o = (struct point){0, 0};
84 return result;
85 }
86
struct_in_struct_f()87 float struct_in_struct_f() {
88 struct circle_f c;
89 c = get_circle_f();
90
91 return c.r; // no-warning
92 }
93
94
95 int randomInt();
96
testSymbolicInvalidation(int index)97 int testSymbolicInvalidation(int index) {
98 int vals[10];
99
100 vals[0] = 42;
101 clang_analyzer_eval(vals[0] == 42); // expected-warning{{TRUE}}
102
103 vals[index] = randomInt();
104 clang_analyzer_eval(vals[0] == 42); // expected-warning{{UNKNOWN}}
105
106 return vals[index]; // no-warning
107 }
108
testConcreteInvalidation(int index)109 int testConcreteInvalidation(int index) {
110 int vals[10];
111
112 vals[index] = 42;
113 clang_analyzer_eval(vals[index] == 42); // expected-warning{{TRUE}}
114 vals[0] = randomInt();
115 clang_analyzer_eval(vals[index] == 42); // expected-warning{{UNKNOWN}}
116
117 return vals[0]; // no-warning
118 }
119
120
121 typedef struct {
122 int x, y, z;
123 } S;
124
125 S makeS();
126
testSymbolicInvalidationStruct(int index)127 int testSymbolicInvalidationStruct(int index) {
128 S vals[10];
129
130 vals[0].x = 42;
131 clang_analyzer_eval(vals[0].x == 42); // expected-warning{{TRUE}}
132
133 vals[index] = makeS();
134 clang_analyzer_eval(vals[0].x == 42); // expected-warning{{UNKNOWN}}
135
136 return vals[index].x; // no-warning
137 }
138
testConcreteInvalidationStruct(int index)139 int testConcreteInvalidationStruct(int index) {
140 S vals[10];
141
142 vals[index].x = 42;
143 clang_analyzer_eval(vals[index].x == 42); // expected-warning{{TRUE}}
144 vals[0] = makeS();
145 clang_analyzer_eval(vals[index].x == 42); // expected-warning{{UNKNOWN}}
146
147 return vals[0].x; // no-warning
148 }
149
150 typedef struct {
151 S a[5];
152 S b[5];
153 } SS;
154
testSymbolicInvalidationDoubleStruct(int index)155 int testSymbolicInvalidationDoubleStruct(int index) {
156 SS vals;
157
158 vals.a[0].x = 42;
159 vals.b[0].x = 42;
160 clang_analyzer_eval(vals.a[0].x == 42); // expected-warning{{TRUE}}
161 clang_analyzer_eval(vals.b[0].x == 42); // expected-warning{{TRUE}}
162
163 vals.a[index] = makeS();
164 clang_analyzer_eval(vals.a[0].x == 42); // expected-warning{{UNKNOWN}}
165 clang_analyzer_eval(vals.b[0].x == 42); // expected-warning{{TRUE}}
166
167 return vals.b[index].x; // no-warning
168 }
169
testConcreteInvalidationDoubleStruct(int index)170 int testConcreteInvalidationDoubleStruct(int index) {
171 SS vals;
172
173 vals.a[index].x = 42;
174 vals.b[index].x = 42;
175 clang_analyzer_eval(vals.a[index].x == 42); // expected-warning{{TRUE}}
176 clang_analyzer_eval(vals.b[index].x == 42); // expected-warning{{TRUE}}
177
178 vals.a[0] = makeS();
179 clang_analyzer_eval(vals.a[index].x == 42); // expected-warning{{UNKNOWN}}
180 clang_analyzer_eval(vals.b[index].x == 42); // expected-warning{{TRUE}}
181
182 return vals.b[0].x; // no-warning
183 }
184
185
testNonOverlappingStructFieldsSimple()186 int testNonOverlappingStructFieldsSimple() {
187 S val;
188
189 val.x = 1;
190 val.y = 2;
191 clang_analyzer_eval(val.x == 1); // expected-warning{{TRUE}}
192 clang_analyzer_eval(val.y == 2); // expected-warning{{TRUE}}
193
194 return val.z; // expected-warning{{garbage}}
195 }
196
testNonOverlappingStructFieldsSymbolicBase(int index,int anotherIndex)197 int testNonOverlappingStructFieldsSymbolicBase(int index, int anotherIndex) {
198 SS vals;
199
200 vals.a[index].x = 42;
201 vals.a[index].y = 42;
202 clang_analyzer_eval(vals.a[index].x == 42); // expected-warning{{TRUE}}
203 clang_analyzer_eval(vals.a[index].y == 42); // expected-warning{{TRUE}}
204
205 vals.a[anotherIndex].x = 42;
206 clang_analyzer_eval(vals.a[index].x == 42); // expected-warning{{UNKNOWN}}
207 clang_analyzer_eval(vals.a[index].y == 42); // expected-warning{{TRUE}}
208
209 // FIXME: False negative. No bind ever set a field 'z'.
210 return vals.a[index].z; // no-warning
211 }
212
testStructFieldChains(int index,int anotherIndex)213 int testStructFieldChains(int index, int anotherIndex) {
214 SS vals[4];
215
216 vals[index].a[0].x = 42;
217 vals[anotherIndex].a[1].y = 42;
218 clang_analyzer_eval(vals[index].a[0].x == 42); // expected-warning{{TRUE}}
219 clang_analyzer_eval(vals[anotherIndex].a[1].y == 42); // expected-warning{{TRUE}}
220
221 // This doesn't affect anything in the 'a' array field.
222 vals[anotherIndex].b[1].x = 42;
223 clang_analyzer_eval(vals[index].a[0].x == 42); // expected-warning{{TRUE}}
224 clang_analyzer_eval(vals[anotherIndex].a[1].y == 42); // expected-warning{{TRUE}}
225 clang_analyzer_eval(vals[anotherIndex].b[1].x == 42); // expected-warning{{TRUE}}
226
227 // This doesn't affect anything in the 'b' array field.
228 vals[index].a[anotherIndex].x = 42;
229 clang_analyzer_eval(vals[index].a[0].x == 42); // expected-warning{{UNKNOWN}}
230 clang_analyzer_eval(vals[anotherIndex].a[0].x == 42); // expected-warning{{UNKNOWN}}
231 clang_analyzer_eval(vals[anotherIndex].a[1].y == 42); // expected-warning{{TRUE}}
232 clang_analyzer_eval(vals[anotherIndex].b[1].x == 42); // expected-warning{{TRUE}}
233
234 // FIXME: False negative. No bind ever set a field 'z'.
235 return vals[index].a[0].z; // no-warning
236 }
237
testStructFieldChainsNested(int index,int anotherIndex)238 int testStructFieldChainsNested(int index, int anotherIndex) {
239 SS vals[4];
240
241 vals[index].a[0].x = 42;
242 clang_analyzer_eval(vals[index].a[0].x == 42); // expected-warning{{TRUE}}
243
244 vals[index].b[0] = makeS();
245 clang_analyzer_eval(vals[index].a[0].x == 42); // expected-warning{{TRUE}}
246
247 vals[index].a[0] = makeS();
248 clang_analyzer_eval(vals[index].a[0].x == 42); // expected-warning{{UNKNOWN}}
249
250 vals[index].a[0].x = 42;
251 clang_analyzer_eval(vals[index].a[0].x == 42); // expected-warning{{TRUE}}
252
253 return 0;
254 }
255
256 typedef struct {
257 int zoomLevel;
258 struct point center;
259 } Outer;
260
261 extern int test13116945(struct point x);
radar13116945(struct point centerCoordinate)262 static void radar13116945(struct point centerCoordinate) {
263 Outer zoomRegion;
264 zoomRegion.zoomLevel = 0;
265 zoomRegion.center = centerCoordinate;
266 Outer r = zoomRegion;
267 test13116945(r.center); // no-warning
268 }
269
270
271 typedef struct {
272 char data[4];
273 } ShortString;
274
275 typedef struct {
276 ShortString str;
277 int length;
278 } ShortStringWrapper;
279
testArrayStructCopy()280 void testArrayStructCopy() {
281 ShortString s = { "abc" };
282 ShortString s2 = s;
283 ShortString s3 = s2;
284
285 clang_analyzer_eval(s3.data[0] == 'a'); // expected-warning{{TRUE}}
286 clang_analyzer_eval(s3.data[1] == 'b'); // expected-warning{{TRUE}}
287 clang_analyzer_eval(s3.data[2] == 'c'); // expected-warning{{TRUE}}
288
289 s3.data[0] = 'z';
290 ShortString s4 = s3;
291
292 clang_analyzer_eval(s4.data[0] == 'z'); // expected-warning{{TRUE}}
293 clang_analyzer_eval(s4.data[1] == 'b'); // expected-warning{{TRUE}}
294 clang_analyzer_eval(s4.data[2] == 'c'); // expected-warning{{TRUE}}
295 }
296
testArrayStructCopyNested()297 void testArrayStructCopyNested() {
298 ShortString s = { "abc" };
299 ShortString s2 = s;
300
301 ShortStringWrapper w = { s2, 0 };
302
303 clang_analyzer_eval(w.str.data[0] == 'a'); // expected-warning{{TRUE}}
304 clang_analyzer_eval(w.str.data[1] == 'b'); // expected-warning{{TRUE}}
305 clang_analyzer_eval(w.str.data[2] == 'c'); // expected-warning{{TRUE}}
306 clang_analyzer_eval(w.length == 0); // expected-warning{{TRUE}}
307
308 ShortStringWrapper w2 = w;
309 clang_analyzer_eval(w2.str.data[0] == 'a'); // expected-warning{{TRUE}}
310 clang_analyzer_eval(w2.str.data[1] == 'b'); // expected-warning{{TRUE}}
311 clang_analyzer_eval(w2.str.data[2] == 'c'); // expected-warning{{TRUE}}
312 clang_analyzer_eval(w2.length == 0); // expected-warning{{TRUE}}
313
314 ShortStringWrapper w3 = w2;
315 clang_analyzer_eval(w3.str.data[0] == 'a'); // expected-warning{{TRUE}}
316 clang_analyzer_eval(w3.str.data[1] == 'b'); // expected-warning{{TRUE}}
317 clang_analyzer_eval(w3.str.data[2] == 'c'); // expected-warning{{TRUE}}
318 clang_analyzer_eval(w3.length == 0); // expected-warning{{TRUE}}
319 }
320
321 // --------------------
322 // False positives
323 // --------------------
324
testMixSymbolicAndConcrete(int index,int anotherIndex)325 int testMixSymbolicAndConcrete(int index, int anotherIndex) {
326 SS vals;
327
328 vals.a[index].x = 42;
329 vals.a[0].y = 42;
330
331 // FIXME: Should be TRUE.
332 clang_analyzer_eval(vals.a[index].x == 42); // expected-warning{{UNKNOWN}}
333 // Should be TRUE; we set this explicitly.
334 clang_analyzer_eval(vals.a[0].y == 42); // expected-warning{{TRUE}}
335
336 vals.a[anotherIndex].y = 42;
337
338 // Should be UNKNOWN; we set an 'x'.
339 clang_analyzer_eval(vals.a[index].x == 42); // expected-warning{{UNKNOWN}}
340 // FIXME: Should be TRUE.
341 clang_analyzer_eval(vals.a[0].y == 42); // expected-warning{{UNKNOWN}}
342
343 return vals.a[0].x; // no-warning
344 }
345
testFieldChainIsNotEnough(int index)346 void testFieldChainIsNotEnough(int index) {
347 SS vals[4];
348
349 vals[index].a[0].x = 42;
350 clang_analyzer_eval(vals[index].a[0].x == 42); // expected-warning{{TRUE}}
351
352 vals[index].a[1] = makeS();
353 // FIXME: Should be TRUE.
354 clang_analyzer_eval(vals[index].a[0].x == 42); // expected-warning{{UNKNOWN}}
355 }
356