1cdc3a89d5de90b2299c56f4a46c3de590c5184d1Ted Kremenek// RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.cstring,alpha.unix.cstring,debug.ExprInspection -analyzer-store=region -verify %s 2cdc3a89d5de90b2299c56f4a46c3de590c5184d1Ted Kremenek// RUN: %clang_cc1 -analyze -DUSE_BUILTINS -analyzer-checker=core,unix.cstring,alpha.unix.cstring,debug.ExprInspection -analyzer-store=region -verify %s 3cdc3a89d5de90b2299c56f4a46c3de590c5184d1Ted Kremenek// RUN: %clang_cc1 -analyze -DVARIANT -analyzer-checker=core,unix.cstring,alpha.unix.cstring,debug.ExprInspection -analyzer-store=region -verify %s 4cdc3a89d5de90b2299c56f4a46c3de590c5184d1Ted Kremenek// RUN: %clang_cc1 -analyze -DUSE_BUILTINS -DVARIANT -analyzer-checker=core,unix.cstring,alpha.unix.cstring,debug.ExprInspection -analyzer-store=region -verify %s 5ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 6ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose//===----------------------------------------------------------------------=== 7ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose// Declarations 8ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose//===----------------------------------------------------------------------=== 9ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 10a6b808c6ba57723b997da2ef7a4a8cf48fbc2ba8Jordy Rose// Some functions are so similar to each other that they follow the same code 11bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose// path, such as memcpy and __memcpy_chk, or memcmp and bcmp. If VARIANT is 12bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose// defined, make sure to use the variants instead to make sure they are still 13bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose// checked by the analyzer. 14ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 15ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose// Some functions are implemented as builtins. These should be #defined as 16ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose// BUILTIN(f), which will prepend "__builtin_" if USE_BUILTINS is defined. 17ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 18fc8f0e14ad142ed811e90fbd9a30e419e301c717Chris Lattner// Functions that have variants and are also available as builtins should be 19a6b808c6ba57723b997da2ef7a4a8cf48fbc2ba8Jordy Rose// declared carefully! See memcpy() for an example. 20ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 21ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose#ifdef USE_BUILTINS 22ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose# define BUILTIN(f) __builtin_ ## f 23ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose#else /* USE_BUILTINS */ 24ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose# define BUILTIN(f) f 25ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose#endif /* USE_BUILTINS */ 26ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 27ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rosetypedef typeof(sizeof(int)) size_t; 28ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 2943d9f0d4e9b88dcab473a359a7b5579c2a619b22Jordy Rosevoid clang_analyzer_eval(int); 3043d9f0d4e9b88dcab473a359a7b5579c2a619b22Jordy Rose 31ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose//===----------------------------------------------------------------------=== 32ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose// memcpy() 33ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose//===----------------------------------------------------------------------=== 34ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 35a6b808c6ba57723b997da2ef7a4a8cf48fbc2ba8Jordy Rose#ifdef VARIANT 36ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 37ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose#define __memcpy_chk BUILTIN(__memcpy_chk) 38ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rosevoid *__memcpy_chk(void *restrict s1, const void *restrict s2, size_t n, 39ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose size_t destlen); 40ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 41ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose#define memcpy(a,b,c) __memcpy_chk(a,b,c,(size_t)-1) 42ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 43a6b808c6ba57723b997da2ef7a4a8cf48fbc2ba8Jordy Rose#else /* VARIANT */ 44ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 45ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose#define memcpy BUILTIN(memcpy) 46ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rosevoid *memcpy(void *restrict s1, const void *restrict s2, size_t n); 47ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 48a6b808c6ba57723b997da2ef7a4a8cf48fbc2ba8Jordy Rose#endif /* VARIANT */ 49ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 50ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 51ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rosevoid memcpy0 () { 52ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose char src[] = {1, 2, 3, 4}; 53e64f311c11a8751867c2538807054f4817c1f5cbJordy Rose char dst[4] = {0}; 54ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 55ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose memcpy(dst, src, 4); // no-warning 56ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 5743d9f0d4e9b88dcab473a359a7b5579c2a619b22Jordy Rose clang_analyzer_eval(memcpy(dst, src, 4) == dst); // expected-warning{{TRUE}} 58e64f311c11a8751867c2538807054f4817c1f5cbJordy Rose 5943d9f0d4e9b88dcab473a359a7b5579c2a619b22Jordy Rose // If we actually model the copy, we can make this known. 6043d9f0d4e9b88dcab473a359a7b5579c2a619b22Jordy Rose // The important thing for now is that the old value has been invalidated. 6143d9f0d4e9b88dcab473a359a7b5579c2a619b22Jordy Rose clang_analyzer_eval(dst[0] != 0); // expected-warning{{UNKNOWN}} 62ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose} 63ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 64ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rosevoid memcpy1 () { 65ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose char src[] = {1, 2, 3, 4}; 66ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose char dst[10]; 67ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 689e49d9fbdc861c25c2480233147dee07f5fa9660Jordy Rose memcpy(dst, src, 5); // expected-warning{{Memory copy function accesses out-of-bound array element}} 69ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose} 70ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 71ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rosevoid memcpy2 () { 72ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose char src[] = {1, 2, 3, 4}; 73ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose char dst[1]; 74ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 759e49d9fbdc861c25c2480233147dee07f5fa9660Jordy Rose memcpy(dst, src, 4); // expected-warning{{Memory copy function overflows destination buffer}} 76ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose} 77ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 78ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rosevoid memcpy3 () { 79ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose char src[] = {1, 2, 3, 4}; 80ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose char dst[3]; 81ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 82ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose memcpy(dst+1, src+2, 2); // no-warning 83ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose} 84ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 85ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rosevoid memcpy4 () { 86ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose char src[] = {1, 2, 3, 4}; 87ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose char dst[10]; 88ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 899e49d9fbdc861c25c2480233147dee07f5fa9660Jordy Rose memcpy(dst+2, src+2, 3); // expected-warning{{Memory copy function accesses out-of-bound array element}} 90ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose} 91ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 92ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rosevoid memcpy5() { 93ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose char src[] = {1, 2, 3, 4}; 94ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose char dst[3]; 95ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 969e49d9fbdc861c25c2480233147dee07f5fa9660Jordy Rose memcpy(dst+2, src+2, 2); // expected-warning{{Memory copy function overflows destination buffer}} 97ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose} 98ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 99ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rosevoid memcpy6() { 100ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose int a[4] = {0}; 101ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose memcpy(a, a, 8); // expected-warning{{overlapping}} 102ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose} 103ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 104ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rosevoid memcpy7() { 105ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose int a[4] = {0}; 106ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose memcpy(a+2, a+1, 8); // expected-warning{{overlapping}} 107ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose} 108ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 109ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rosevoid memcpy8() { 110ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose int a[4] = {0}; 111ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose memcpy(a+1, a+2, 8); // expected-warning{{overlapping}} 112ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose} 113ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 114ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rosevoid memcpy9() { 115ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose int a[4] = {0}; 116ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose memcpy(a+2, a+1, 4); // no-warning 117ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose memcpy(a+1, a+2, 4); // no-warning 118ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose} 119ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 120a6b808c6ba57723b997da2ef7a4a8cf48fbc2ba8Jordy Rosevoid memcpy10() { 121a6b808c6ba57723b997da2ef7a4a8cf48fbc2ba8Jordy Rose char a[4] = {0}; 1229e49d9fbdc861c25c2480233147dee07f5fa9660Jordy Rose memcpy(0, a, 4); // expected-warning{{Null pointer argument in call to memory copy function}} 123a6b808c6ba57723b997da2ef7a4a8cf48fbc2ba8Jordy Rose} 124a6b808c6ba57723b997da2ef7a4a8cf48fbc2ba8Jordy Rose 125a6b808c6ba57723b997da2ef7a4a8cf48fbc2ba8Jordy Rosevoid memcpy11() { 126a6b808c6ba57723b997da2ef7a4a8cf48fbc2ba8Jordy Rose char a[4] = {0}; 1279e49d9fbdc861c25c2480233147dee07f5fa9660Jordy Rose memcpy(a, 0, 4); // expected-warning{{Null pointer argument in call to memory copy function}} 128a6b808c6ba57723b997da2ef7a4a8cf48fbc2ba8Jordy Rose} 129a6b808c6ba57723b997da2ef7a4a8cf48fbc2ba8Jordy Rose 130a6b808c6ba57723b997da2ef7a4a8cf48fbc2ba8Jordy Rosevoid memcpy12() { 131a6b808c6ba57723b997da2ef7a4a8cf48fbc2ba8Jordy Rose char a[4] = {0}; 132a6b808c6ba57723b997da2ef7a4a8cf48fbc2ba8Jordy Rose memcpy(0, a, 0); // no-warning 133b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani} 134b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani 135b8b875be7b2d177d755641c6212111859372d611Lenny Maioranivoid memcpy13() { 136b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani char a[4] = {0}; 137a6b808c6ba57723b997da2ef7a4a8cf48fbc2ba8Jordy Rose memcpy(a, 0, 0); // no-warning 138a6b808c6ba57723b997da2ef7a4a8cf48fbc2ba8Jordy Rose} 139a6b808c6ba57723b997da2ef7a4a8cf48fbc2ba8Jordy Rose 14022d27178bf795145439b9588e260ccceab79a088Jordy Rosevoid memcpy_unknown_size (size_t n) { 14122d27178bf795145439b9588e260ccceab79a088Jordy Rose char a[4], b[4] = {1}; 14243d9f0d4e9b88dcab473a359a7b5579c2a619b22Jordy Rose clang_analyzer_eval(memcpy(a, b, n) == a); // expected-warning{{TRUE}} 14322d27178bf795145439b9588e260ccceab79a088Jordy Rose} 14422d27178bf795145439b9588e260ccceab79a088Jordy Rose 14522d27178bf795145439b9588e260ccceab79a088Jordy Rosevoid memcpy_unknown_size_warn (size_t n) { 14622d27178bf795145439b9588e260ccceab79a088Jordy Rose char a[4]; 14743d9f0d4e9b88dcab473a359a7b5579c2a619b22Jordy Rose void *result = memcpy(a, 0, n); // expected-warning{{Null pointer argument in call to memory copy function}} 14843d9f0d4e9b88dcab473a359a7b5579c2a619b22Jordy Rose clang_analyzer_eval(result == a); // no-warning (above is fatal) 14922d27178bf795145439b9588e260ccceab79a088Jordy Rose} 15022d27178bf795145439b9588e260ccceab79a088Jordy Rose 151ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose//===----------------------------------------------------------------------=== 152b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani// mempcpy() 153b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani//===----------------------------------------------------------------------=== 154b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani 155be460d8e5364c6bffeb7b27e4c0d4d5d16e39c59Jordy Rose#ifdef VARIANT 156be460d8e5364c6bffeb7b27e4c0d4d5d16e39c59Jordy Rose 157be460d8e5364c6bffeb7b27e4c0d4d5d16e39c59Jordy Rose#define __mempcpy_chk BUILTIN(__mempcpy_chk) 158be460d8e5364c6bffeb7b27e4c0d4d5d16e39c59Jordy Rosevoid *__mempcpy_chk(void *restrict s1, const void *restrict s2, size_t n, 159be460d8e5364c6bffeb7b27e4c0d4d5d16e39c59Jordy Rose size_t destlen); 160be460d8e5364c6bffeb7b27e4c0d4d5d16e39c59Jordy Rose 161be460d8e5364c6bffeb7b27e4c0d4d5d16e39c59Jordy Rose#define mempcpy(a,b,c) __mempcpy_chk(a,b,c,(size_t)-1) 162be460d8e5364c6bffeb7b27e4c0d4d5d16e39c59Jordy Rose 163be460d8e5364c6bffeb7b27e4c0d4d5d16e39c59Jordy Rose#else /* VARIANT */ 164be460d8e5364c6bffeb7b27e4c0d4d5d16e39c59Jordy Rose 165b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani#define mempcpy BUILTIN(mempcpy) 166b8b875be7b2d177d755641c6212111859372d611Lenny Maioranivoid *mempcpy(void *restrict s1, const void *restrict s2, size_t n); 167b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani 168be460d8e5364c6bffeb7b27e4c0d4d5d16e39c59Jordy Rose#endif /* VARIANT */ 169be460d8e5364c6bffeb7b27e4c0d4d5d16e39c59Jordy Rose 170be460d8e5364c6bffeb7b27e4c0d4d5d16e39c59Jordy Rose 171b8b875be7b2d177d755641c6212111859372d611Lenny Maioranivoid mempcpy0 () { 172b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani char src[] = {1, 2, 3, 4}; 173b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani char dst[5] = {0}; 174b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani 175b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani mempcpy(dst, src, 4); // no-warning 176b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani 17743d9f0d4e9b88dcab473a359a7b5579c2a619b22Jordy Rose clang_analyzer_eval(mempcpy(dst, src, 4) == &dst[4]); // expected-warning{{TRUE}} 178b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani 17943d9f0d4e9b88dcab473a359a7b5579c2a619b22Jordy Rose // If we actually model the copy, we can make this known. 18043d9f0d4e9b88dcab473a359a7b5579c2a619b22Jordy Rose // The important thing for now is that the old value has been invalidated. 18143d9f0d4e9b88dcab473a359a7b5579c2a619b22Jordy Rose clang_analyzer_eval(dst[0] != 0); // expected-warning{{UNKNOWN}} 182b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani} 183b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani 184b8b875be7b2d177d755641c6212111859372d611Lenny Maioranivoid mempcpy1 () { 185b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani char src[] = {1, 2, 3, 4}; 186b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani char dst[10]; 187b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani 1889e49d9fbdc861c25c2480233147dee07f5fa9660Jordy Rose mempcpy(dst, src, 5); // expected-warning{{Memory copy function accesses out-of-bound array element}} 189b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani} 190b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani 191b8b875be7b2d177d755641c6212111859372d611Lenny Maioranivoid mempcpy2 () { 192b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani char src[] = {1, 2, 3, 4}; 193b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani char dst[1]; 194b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani 1959e49d9fbdc861c25c2480233147dee07f5fa9660Jordy Rose mempcpy(dst, src, 4); // expected-warning{{Memory copy function overflows destination buffer}} 196b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani} 197b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani 198b8b875be7b2d177d755641c6212111859372d611Lenny Maioranivoid mempcpy3 () { 199b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani char src[] = {1, 2, 3, 4}; 200b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani char dst[3]; 201b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani 202b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani mempcpy(dst+1, src+2, 2); // no-warning 203b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani} 204b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani 205b8b875be7b2d177d755641c6212111859372d611Lenny Maioranivoid mempcpy4 () { 206b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani char src[] = {1, 2, 3, 4}; 207b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani char dst[10]; 208b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani 2099e49d9fbdc861c25c2480233147dee07f5fa9660Jordy Rose mempcpy(dst+2, src+2, 3); // expected-warning{{Memory copy function accesses out-of-bound array element}} 210b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani} 211b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani 212b8b875be7b2d177d755641c6212111859372d611Lenny Maioranivoid mempcpy5() { 213b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani char src[] = {1, 2, 3, 4}; 214b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani char dst[3]; 215b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani 2169e49d9fbdc861c25c2480233147dee07f5fa9660Jordy Rose mempcpy(dst+2, src+2, 2); // expected-warning{{Memory copy function overflows destination buffer}} 217b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani} 218b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani 219b8b875be7b2d177d755641c6212111859372d611Lenny Maioranivoid mempcpy6() { 220b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani int a[4] = {0}; 221b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani mempcpy(a, a, 8); // expected-warning{{overlapping}} 222b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani} 223b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani 224b8b875be7b2d177d755641c6212111859372d611Lenny Maioranivoid mempcpy7() { 225b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani int a[4] = {0}; 226b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani mempcpy(a+2, a+1, 8); // expected-warning{{overlapping}} 227b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani} 228b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani 229b8b875be7b2d177d755641c6212111859372d611Lenny Maioranivoid mempcpy8() { 230b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani int a[4] = {0}; 231b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani mempcpy(a+1, a+2, 8); // expected-warning{{overlapping}} 232b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani} 233b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani 234b8b875be7b2d177d755641c6212111859372d611Lenny Maioranivoid mempcpy9() { 235b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani int a[4] = {0}; 236b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani mempcpy(a+2, a+1, 4); // no-warning 237b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani mempcpy(a+1, a+2, 4); // no-warning 238b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani} 239b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani 240b8b875be7b2d177d755641c6212111859372d611Lenny Maioranivoid mempcpy10() { 241b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani char a[4] = {0}; 2429e49d9fbdc861c25c2480233147dee07f5fa9660Jordy Rose mempcpy(0, a, 4); // expected-warning{{Null pointer argument in call to memory copy function}} 243b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani} 244b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani 245b8b875be7b2d177d755641c6212111859372d611Lenny Maioranivoid mempcpy11() { 246b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani char a[4] = {0}; 2479e49d9fbdc861c25c2480233147dee07f5fa9660Jordy Rose mempcpy(a, 0, 4); // expected-warning{{Null pointer argument in call to memory copy function}} 248b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani} 249b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani 250b8b875be7b2d177d755641c6212111859372d611Lenny Maioranivoid mempcpy12() { 251b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani char a[4] = {0}; 252b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani mempcpy(0, a, 0); // no-warning 253b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani} 254b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani 255b8b875be7b2d177d755641c6212111859372d611Lenny Maioranivoid mempcpy13() { 256b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani char a[4] = {0}; 257b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani mempcpy(a, 0, 0); // no-warning 258b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani} 259b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani 26022d27178bf795145439b9588e260ccceab79a088Jordy Rosevoid mempcpy_unknown_size_warn (size_t n) { 26122d27178bf795145439b9588e260ccceab79a088Jordy Rose char a[4]; 26243d9f0d4e9b88dcab473a359a7b5579c2a619b22Jordy Rose void *result = mempcpy(a, 0, n); // expected-warning{{Null pointer argument in call to memory copy function}} 26343d9f0d4e9b88dcab473a359a7b5579c2a619b22Jordy Rose clang_analyzer_eval(result == a); // no-warning (above is fatal) 26422d27178bf795145439b9588e260ccceab79a088Jordy Rose} 26522d27178bf795145439b9588e260ccceab79a088Jordy Rose 2663f8bb2fa289c956a66613b0f09e3df5e25d27c66Jordy Rosevoid mempcpy_unknownable_size (char *src, float n) { 2673f8bb2fa289c956a66613b0f09e3df5e25d27c66Jordy Rose char a[4]; 2683f8bb2fa289c956a66613b0f09e3df5e25d27c66Jordy Rose // This used to crash because we don't model floats. 2693f8bb2fa289c956a66613b0f09e3df5e25d27c66Jordy Rose mempcpy(a, src, (size_t)n); 2703f8bb2fa289c956a66613b0f09e3df5e25d27c66Jordy Rose} 2713f8bb2fa289c956a66613b0f09e3df5e25d27c66Jordy Rose 272b8b875be7b2d177d755641c6212111859372d611Lenny Maiorani//===----------------------------------------------------------------------=== 273ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose// memmove() 274ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose//===----------------------------------------------------------------------=== 275ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 276a6b808c6ba57723b997da2ef7a4a8cf48fbc2ba8Jordy Rose#ifdef VARIANT 277ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 278ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose#define __memmove_chk BUILTIN(__memmove_chk) 279ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rosevoid *__memmove_chk(void *s1, const void *s2, size_t n, size_t destlen); 280ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 281ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose#define memmove(a,b,c) __memmove_chk(a,b,c,(size_t)-1) 282ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 283a6b808c6ba57723b997da2ef7a4a8cf48fbc2ba8Jordy Rose#else /* VARIANT */ 284ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 285ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose#define memmove BUILTIN(memmove) 286ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rosevoid *memmove(void *s1, const void *s2, size_t n); 287ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 288a6b808c6ba57723b997da2ef7a4a8cf48fbc2ba8Jordy Rose#endif /* VARIANT */ 289ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 290ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 291ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rosevoid memmove0 () { 292ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose char src[] = {1, 2, 3, 4}; 293e64f311c11a8751867c2538807054f4817c1f5cbJordy Rose char dst[4] = {0}; 294ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 295ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose memmove(dst, src, 4); // no-warning 296ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 29743d9f0d4e9b88dcab473a359a7b5579c2a619b22Jordy Rose clang_analyzer_eval(memmove(dst, src, 4) == dst); // expected-warning{{TRUE}} 298e64f311c11a8751867c2538807054f4817c1f5cbJordy Rose 29943d9f0d4e9b88dcab473a359a7b5579c2a619b22Jordy Rose // If we actually model the copy, we can make this known. 30043d9f0d4e9b88dcab473a359a7b5579c2a619b22Jordy Rose // The important thing for now is that the old value has been invalidated. 30143d9f0d4e9b88dcab473a359a7b5579c2a619b22Jordy Rose clang_analyzer_eval(dst[0] != 0); // expected-warning{{UNKNOWN}} 302ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose} 303ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 304ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rosevoid memmove1 () { 305ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose char src[] = {1, 2, 3, 4}; 306ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose char dst[10]; 307ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 308ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose memmove(dst, src, 5); // expected-warning{{out-of-bound}} 309ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose} 310ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 311ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rosevoid memmove2 () { 312ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose char src[] = {1, 2, 3, 4}; 313ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose char dst[1]; 314ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 315e64f311c11a8751867c2538807054f4817c1f5cbJordy Rose memmove(dst, src, 4); // expected-warning{{overflow}} 316ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose} 317ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 318ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose//===----------------------------------------------------------------------=== 319bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose// memcmp() 320bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose//===----------------------------------------------------------------------=== 321bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose 322bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose#ifdef VARIANT 323bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose 324bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose#define bcmp BUILTIN(bcmp) 325bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose// __builtin_bcmp is not defined with const in Builtins.def. 326bc56d1f6e2288aea9546b2380c71288939d688caJordy Roseint bcmp(/*const*/ void *s1, /*const*/ void *s2, size_t n); 327bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose#define memcmp bcmp 32843d9f0d4e9b88dcab473a359a7b5579c2a619b22Jordy Rose// 329bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose#else /* VARIANT */ 330bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose 331bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose#define memcmp BUILTIN(memcmp) 332bc56d1f6e2288aea9546b2380c71288939d688caJordy Roseint memcmp(const void *s1, const void *s2, size_t n); 333bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose 334bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose#endif /* VARIANT */ 335bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose 336bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose 337bc56d1f6e2288aea9546b2380c71288939d688caJordy Rosevoid memcmp0 () { 338bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose char a[] = {1, 2, 3, 4}; 339bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose char b[4] = { 0 }; 340bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose 341bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose memcmp(a, b, 4); // no-warning 342bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose} 343bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose 344bc56d1f6e2288aea9546b2380c71288939d688caJordy Rosevoid memcmp1 () { 345bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose char a[] = {1, 2, 3, 4}; 346bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose char b[10] = { 0 }; 347bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose 348bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose memcmp(a, b, 5); // expected-warning{{out-of-bound}} 349bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose} 350bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose 351bc56d1f6e2288aea9546b2380c71288939d688caJordy Rosevoid memcmp2 () { 352bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose char a[] = {1, 2, 3, 4}; 353bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose char b[1] = { 0 }; 354bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose 355bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose memcmp(a, b, 4); // expected-warning{{out-of-bound}} 356bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose} 357bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose 358bc56d1f6e2288aea9546b2380c71288939d688caJordy Rosevoid memcmp3 () { 359bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose char a[] = {1, 2, 3, 4}; 360bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose 36143d9f0d4e9b88dcab473a359a7b5579c2a619b22Jordy Rose clang_analyzer_eval(memcmp(a, a, 4) == 0); // expected-warning{{TRUE}} 362bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose} 363bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose 364bc56d1f6e2288aea9546b2380c71288939d688caJordy Rosevoid memcmp4 (char *input) { 365bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose char a[] = {1, 2, 3, 4}; 366bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose 36743d9f0d4e9b88dcab473a359a7b5579c2a619b22Jordy Rose clang_analyzer_eval(memcmp(a, input, 4) == 0); // expected-warning{{UNKNOWN}} 368bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose} 369bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose 370bc56d1f6e2288aea9546b2380c71288939d688caJordy Rosevoid memcmp5 (char *input) { 371bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose char a[] = {1, 2, 3, 4}; 372bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose 37343d9f0d4e9b88dcab473a359a7b5579c2a619b22Jordy Rose clang_analyzer_eval(memcmp(a, 0, 0) == 0); // expected-warning{{TRUE}} 37443d9f0d4e9b88dcab473a359a7b5579c2a619b22Jordy Rose clang_analyzer_eval(memcmp(0, a, 0) == 0); // expected-warning{{TRUE}} 37543d9f0d4e9b88dcab473a359a7b5579c2a619b22Jordy Rose clang_analyzer_eval(memcmp(a, input, 0) == 0); // expected-warning{{TRUE}} 376bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose} 377bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose 378d325ffb9cbd26b6a3f219d115191d9a00b6dea8cJordy Rosevoid memcmp6 (char *a, char *b, size_t n) { 379d325ffb9cbd26b6a3f219d115191d9a00b6dea8cJordy Rose int result = memcmp(a, b, n); 380d325ffb9cbd26b6a3f219d115191d9a00b6dea8cJordy Rose if (result != 0) 38143d9f0d4e9b88dcab473a359a7b5579c2a619b22Jordy Rose clang_analyzer_eval(n != 0); // expected-warning{{TRUE}} 38243d9f0d4e9b88dcab473a359a7b5579c2a619b22Jordy Rose // else 38343d9f0d4e9b88dcab473a359a7b5579c2a619b22Jordy Rose // analyzer_assert_unknown(n == 0); 38443d9f0d4e9b88dcab473a359a7b5579c2a619b22Jordy Rose 38543d9f0d4e9b88dcab473a359a7b5579c2a619b22Jordy Rose // We can't do the above comparison because n has already been constrained. 38643d9f0d4e9b88dcab473a359a7b5579c2a619b22Jordy Rose // On one path n == 0, on the other n != 0. 387d325ffb9cbd26b6a3f219d115191d9a00b6dea8cJordy Rose} 388d325ffb9cbd26b6a3f219d115191d9a00b6dea8cJordy Rose 389b6a4026de13909c2b145166ae0b7d96cf1948f64Jordy Roseint memcmp7 (char *a, size_t x, size_t y, size_t n) { 390b6a4026de13909c2b145166ae0b7d96cf1948f64Jordy Rose // We used to crash when either of the arguments was unknown. 391b6a4026de13909c2b145166ae0b7d96cf1948f64Jordy Rose return memcmp(a, &a[x*y], n) + 392b6a4026de13909c2b145166ae0b7d96cf1948f64Jordy Rose memcmp(&a[x*y], a, n); 393b6a4026de13909c2b145166ae0b7d96cf1948f64Jordy Rose} 394b6a4026de13909c2b145166ae0b7d96cf1948f64Jordy Rose 395bc56d1f6e2288aea9546b2380c71288939d688caJordy Rose//===----------------------------------------------------------------------=== 396ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose// bcopy() 397ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose//===----------------------------------------------------------------------=== 398ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 399ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose#define bcopy BUILTIN(bcopy) 400ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose// __builtin_bcopy is not defined with const in Builtins.def. 401ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rosevoid bcopy(/*const*/ void *s1, void *s2, size_t n); 402ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 403ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 404ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rosevoid bcopy0 () { 405ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose char src[] = {1, 2, 3, 4}; 406e64f311c11a8751867c2538807054f4817c1f5cbJordy Rose char dst[4] = {0}; 407ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 408ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose bcopy(src, dst, 4); // no-warning 409e64f311c11a8751867c2538807054f4817c1f5cbJordy Rose 41043d9f0d4e9b88dcab473a359a7b5579c2a619b22Jordy Rose // If we actually model the copy, we can make this known. 41143d9f0d4e9b88dcab473a359a7b5579c2a619b22Jordy Rose // The important thing for now is that the old value has been invalidated. 41243d9f0d4e9b88dcab473a359a7b5579c2a619b22Jordy Rose clang_analyzer_eval(dst[0] != 0); // expected-warning{{UNKNOWN}} 413ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose} 414ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 415ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rosevoid bcopy1 () { 416ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose char src[] = {1, 2, 3, 4}; 417ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose char dst[10]; 418ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 419ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose bcopy(src, dst, 5); // expected-warning{{out-of-bound}} 420ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose} 421ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 422ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rosevoid bcopy2 () { 423ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose char src[] = {1, 2, 3, 4}; 424ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose char dst[1]; 425ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose 426e64f311c11a8751867c2538807054f4817c1f5cbJordy Rose bcopy(src, dst, 4); // expected-warning{{overflow}} 427ccbf7eebc8425429e8fd9f9124770f86a74864ebJordy Rose} 428dd160f3ed50def10765ed823bf4ce2a56b2cd035Anna Zaks 429dd160f3ed50def10765ed823bf4ce2a56b2cd035Anna Zaksvoid *malloc(size_t); 430dd160f3ed50def10765ed823bf4ce2a56b2cd035Anna Zaksvoid free(void *); 431dd160f3ed50def10765ed823bf4ce2a56b2cd035Anna Zakschar radar_11125445_memcopythenlogfirstbyte(const char *input, size_t length) { 432dd160f3ed50def10765ed823bf4ce2a56b2cd035Anna Zaks char *bytes = malloc(sizeof(char) * (length + 1)); 433dd160f3ed50def10765ed823bf4ce2a56b2cd035Anna Zaks memcpy(bytes, input, length); 434dd160f3ed50def10765ed823bf4ce2a56b2cd035Anna Zaks char x = bytes[0]; // no warning 435dd160f3ed50def10765ed823bf4ce2a56b2cd035Anna Zaks free(bytes); 436dd160f3ed50def10765ed823bf4ce2a56b2cd035Anna Zaks return x; 437dd160f3ed50def10765ed823bf4ce2a56b2cd035Anna Zaks} 438