array-struct-region.c revision 4e674f77150b52d8e6ae82faf64fbdac79d675d3
1// RUN: %clang_cc1 -analyze -analyzer-checker=core,alpha.core,debug.ExprInspection -analyzer-constraints=range -verify %s 2 3void clang_analyzer_eval(int); 4 5int string_literal_init() { 6 char a[] = "abc"; 7 char b[2] = "abc"; // expected-warning{{too long}} 8 char c[5] = "abc"; 9 10 clang_analyzer_eval(a[1] == 'b'); // expected-warning{{TRUE}} 11 clang_analyzer_eval(b[1] == 'b'); // expected-warning{{TRUE}} 12 clang_analyzer_eval(c[1] == 'b'); // expected-warning{{TRUE}} 13 14 clang_analyzer_eval(a[3] == 0); // expected-warning{{TRUE}} 15 clang_analyzer_eval(c[3] == 0); // expected-warning{{TRUE}} 16 17 clang_analyzer_eval(c[4] == 0); // expected-warning{{TRUE}} 18 19 return 42; 20} 21 22void nested_compound_literals(int rad) { 23 int vec[6][2] = {{0.195, 0.02}, {0.383, 0.067}, {0.55, 0.169}, // expected-warning 6 {{implicit conversion from 'double' to 'int' changes value from}} 24 {0.831, 0.45}, {0.924, 0.617}, {0.98, 0.805}}; // expected-warning 6 {{implicit conversion from 'double' to 'int' changes value from}} 25 int a; 26 27 for (a = 0; a < 6; ++a) { 28 vec[a][0] *= rad; // no-warning 29 vec[a][1] *= rad; // no-warning 30 } 31} 32 33void nested_compound_literals_float(float rad) { 34 float vec[6][2] = {{0.195, 0.02}, {0.383, 0.067}, {0.55, 0.169}, 35 {0.831, 0.45}, {0.924, 0.617}, {0.98, 0.805}}; 36 int a; 37 38 for (a = 0; a < 6; ++a) { 39 vec[a][0] *= rad; // no-warning 40 vec[a][1] *= rad; // no-warning 41 } 42} 43 44 45void struct_as_array() { 46 struct simple { int x; int y; }; 47 struct simple a; 48 struct simple *p = &a; 49 50 p->x = 5; 51 clang_analyzer_eval(a.x == 5); // expected-warning{{TRUE}} 52 clang_analyzer_eval(p[0].x == 5); // expected-warning{{TRUE}} 53 54 p[0].y = 5; 55 clang_analyzer_eval(a.y == 5); // expected-warning{{TRUE}} 56 clang_analyzer_eval(p->y == 5); // expected-warning{{TRUE}} 57} 58 59 60// PR13264 / <rdar://problem/11802440> 61struct point { int x; int y; }; 62struct circle { struct point o; int r; }; 63struct circle get_circle() { 64 struct circle result; 65 result.r = 5; 66 result.o = (struct point){0, 0}; 67 return result; 68} 69 70void struct_in_struct() { 71 struct circle c; 72 c = get_circle(); 73 // This used to think c.r was undefined because c.o is a LazyCompoundVal. 74 clang_analyzer_eval(c.r == 5); // expected-warning{{TRUE}} 75} 76 77// We also test with floats because we don't model floats right now, 78// and the original bug report used a float. 79struct circle_f { struct point o; float r; }; 80struct circle_f get_circle_f() { 81 struct circle_f result; 82 result.r = 5.0; 83 result.o = (struct point){0, 0}; 84 return result; 85} 86 87float struct_in_struct_f() { 88 struct circle_f c; 89 c = get_circle_f(); 90 91 return c.r; // no-warning 92} 93 94 95int randomInt(); 96 97int testSymbolicInvalidation(int index) { 98 int vals[10]; 99 100 vals[0] = 42; 101 clang_analyzer_eval(vals[0] == 42); // expected-warning{{TRUE}} 102 103 vals[index] = randomInt(); 104 clang_analyzer_eval(vals[0] == 42); // expected-warning{{UNKNOWN}} 105 106 return vals[index]; // no-warning 107} 108 109int testConcreteInvalidation(int index) { 110 int vals[10]; 111 112 vals[index] = 42; 113 clang_analyzer_eval(vals[index] == 42); // expected-warning{{TRUE}} 114 vals[0] = randomInt(); 115 clang_analyzer_eval(vals[index] == 42); // expected-warning{{UNKNOWN}} 116 117 return vals[0]; // no-warning 118} 119 120 121typedef struct { 122 int x, y, z; 123} S; 124 125S makeS(); 126 127int testSymbolicInvalidationStruct(int index) { 128 S vals[10]; 129 130 vals[0].x = 42; 131 clang_analyzer_eval(vals[0].x == 42); // expected-warning{{TRUE}} 132 133 vals[index] = makeS(); 134 clang_analyzer_eval(vals[0].x == 42); // expected-warning{{UNKNOWN}} 135 136 return vals[index].x; // no-warning 137} 138 139int testConcreteInvalidationStruct(int index) { 140 S vals[10]; 141 142 vals[index].x = 42; 143 clang_analyzer_eval(vals[index].x == 42); // expected-warning{{TRUE}} 144 vals[0] = makeS(); 145 clang_analyzer_eval(vals[index].x == 42); // expected-warning{{UNKNOWN}} 146 147 return vals[0].x; // no-warning 148} 149 150typedef struct { 151 S a[5]; 152 S b[5]; 153} SS; 154 155int testSymbolicInvalidationDoubleStruct(int index) { 156 SS vals; 157 158 vals.a[0].x = 42; 159 vals.b[0].x = 42; 160 clang_analyzer_eval(vals.a[0].x == 42); // expected-warning{{TRUE}} 161 clang_analyzer_eval(vals.b[0].x == 42); // expected-warning{{TRUE}} 162 163 vals.a[index] = makeS(); 164 clang_analyzer_eval(vals.a[0].x == 42); // expected-warning{{UNKNOWN}} 165 clang_analyzer_eval(vals.b[0].x == 42); // expected-warning{{TRUE}} 166 167 return vals.b[index].x; // no-warning 168} 169 170int testConcreteInvalidationDoubleStruct(int index) { 171 SS vals; 172 173 vals.a[index].x = 42; 174 vals.b[index].x = 42; 175 clang_analyzer_eval(vals.a[index].x == 42); // expected-warning{{TRUE}} 176 clang_analyzer_eval(vals.b[index].x == 42); // expected-warning{{TRUE}} 177 178 vals.a[0] = makeS(); 179 clang_analyzer_eval(vals.a[index].x == 42); // expected-warning{{UNKNOWN}} 180 clang_analyzer_eval(vals.b[index].x == 42); // expected-warning{{TRUE}} 181 182 return vals.b[0].x; // no-warning 183} 184 185 186int testNonOverlappingStructFieldsSimple() { 187 S val; 188 189 val.x = 1; 190 val.y = 2; 191 clang_analyzer_eval(val.x == 1); // expected-warning{{TRUE}} 192 clang_analyzer_eval(val.y == 2); // expected-warning{{TRUE}} 193 194 return val.z; // expected-warning{{garbage}} 195} 196 197int testNonOverlappingStructFieldsSymbolicBase(int index, int anotherIndex) { 198 SS vals; 199 200 vals.a[index].x = 42; 201 vals.a[index].y = 42; 202 clang_analyzer_eval(vals.a[index].x == 42); // expected-warning{{TRUE}} 203 clang_analyzer_eval(vals.a[index].y == 42); // expected-warning{{TRUE}} 204 205 vals.a[anotherIndex].x = 42; 206 clang_analyzer_eval(vals.a[index].x == 42); // expected-warning{{UNKNOWN}} 207 clang_analyzer_eval(vals.a[index].y == 42); // expected-warning{{TRUE}} 208 209 // FIXME: False negative. No bind ever set a field 'z'. 210 return vals.a[index].z; // no-warning 211} 212 213int testStructFieldChains(int index, int anotherIndex) { 214 SS vals[4]; 215 216 vals[index].a[0].x = 42; 217 vals[anotherIndex].a[1].y = 42; 218 clang_analyzer_eval(vals[index].a[0].x == 42); // expected-warning{{TRUE}} 219 clang_analyzer_eval(vals[anotherIndex].a[1].y == 42); // expected-warning{{TRUE}} 220 221 // This doesn't affect anything in the 'a' array field. 222 vals[anotherIndex].b[1].x = 42; 223 clang_analyzer_eval(vals[index].a[0].x == 42); // expected-warning{{TRUE}} 224 clang_analyzer_eval(vals[anotherIndex].a[1].y == 42); // expected-warning{{TRUE}} 225 clang_analyzer_eval(vals[anotherIndex].b[1].x == 42); // expected-warning{{TRUE}} 226 227 // This doesn't affect anything in the 'b' array field. 228 vals[index].a[anotherIndex].x = 42; 229 clang_analyzer_eval(vals[index].a[0].x == 42); // expected-warning{{UNKNOWN}} 230 clang_analyzer_eval(vals[anotherIndex].a[0].x == 42); // expected-warning{{UNKNOWN}} 231 clang_analyzer_eval(vals[anotherIndex].a[1].y == 42); // expected-warning{{TRUE}} 232 clang_analyzer_eval(vals[anotherIndex].b[1].x == 42); // expected-warning{{TRUE}} 233 234 // FIXME: False negative. No bind ever set a field 'z'. 235 return vals[index].a[0].z; // no-warning 236} 237 238int testStructFieldChainsNested(int index, int anotherIndex) { 239 SS vals[4]; 240 241 vals[index].a[0].x = 42; 242 clang_analyzer_eval(vals[index].a[0].x == 42); // expected-warning{{TRUE}} 243 244 vals[index].b[0] = makeS(); 245 clang_analyzer_eval(vals[index].a[0].x == 42); // expected-warning{{TRUE}} 246 247 vals[index].a[0] = makeS(); 248 clang_analyzer_eval(vals[index].a[0].x == 42); // expected-warning{{UNKNOWN}} 249 250 vals[index].a[0].x = 42; 251 clang_analyzer_eval(vals[index].a[0].x == 42); // expected-warning{{TRUE}} 252 253 return 0; 254} 255 256 257// -------------------- 258// False positives 259// -------------------- 260 261int testMixSymbolicAndConcrete(int index, int anotherIndex) { 262 SS vals; 263 264 vals.a[index].x = 42; 265 vals.a[0].y = 42; 266 267 // FIXME: Should be TRUE. 268 clang_analyzer_eval(vals.a[index].x == 42); // expected-warning{{UNKNOWN}} 269 // Should be TRUE; we set this explicitly. 270 clang_analyzer_eval(vals.a[0].y == 42); // expected-warning{{TRUE}} 271 272 vals.a[anotherIndex].y = 42; 273 274 // Should be UNKNOWN; we set an 'x'. 275 clang_analyzer_eval(vals.a[index].x == 42); // expected-warning{{UNKNOWN}} 276 // FIXME: Should be TRUE. 277 clang_analyzer_eval(vals.a[0].y == 42); // expected-warning{{UNKNOWN}} 278 279 return vals.a[0].x; // no-warning 280} 281 282void testFieldChainIsNotEnough(int index) { 283 SS vals[4]; 284 285 vals[index].a[0].x = 42; 286 clang_analyzer_eval(vals[index].a[0].x == 42); // expected-warning{{TRUE}} 287 288 vals[index].a[1] = makeS(); 289 // FIXME: Should be TRUE. 290 clang_analyzer_eval(vals[index].a[0].x == 42); // expected-warning{{UNKNOWN}} 291} 292 293