187d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar// RUN: %clang_cc1 -w -analyze -analyzer-eagerly-assume -fcxx-exceptions -analyzer-checker=core -analyzer-checker=alpha.core.PointerArithm,alpha.core.CastToStruct -analyzer-max-loop 64 -verify %s 287d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar// RUN: %clang_cc1 -w -analyze -analyzer-checker=core -analyzer-checker=cplusplus -fcxx-exceptions -analyzer-checker alpha.core.PointerArithm,alpha.core.CastToStruct -analyzer-max-loop 63 -verify %s 387d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar 487d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar// These tests used to hit an assertion in the bug report. Test case from http://llvm.org/PR24184. 587d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainartypedef struct { 687d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar int cbData; 787d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar unsigned pbData; 887d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar} CRYPT_DATA_BLOB; 987d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar 1087d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainartypedef enum { DT_NONCE_FIXED } DATA_TYPE; 1187d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainarint a; 1287d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainartypedef int *vcreate_t(int *, DATA_TYPE, int, int); 1387d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainarvoid fn1(unsigned, unsigned) { 1487d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar char b = 0; 154967a710c84587c654b56c828382219c3937dacbPirama Arumuga Nainar for (; 1; a++, &b + a * 0) 1687d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar ; 1787d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar} 1887d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar 1987d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainarvcreate_t fn2; 2087d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainarstruct A { 2187d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar CRYPT_DATA_BLOB value; 2287d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar int m_fn1() { 2387d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar int c; 2487d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar value.pbData == 0; 2587d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar fn1(0, 0); 2687d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar } 2787d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar}; 2887d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainarstruct B { 2987d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar A IkeHashAlg; 3087d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar A IkeGType; 3187d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar A NoncePhase1_r; 3287d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar}; 3387d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainarclass C { 3487d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar int m_fn2(B *); 3587d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar void m_fn3(B *, int, int, int); 3687d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar}; 3787d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainarint C::m_fn2(B *p1) { 3887d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar int *d; 3987d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar int e = p1->IkeHashAlg.m_fn1(); 4087d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar unsigned f = p1->IkeGType.m_fn1(), h; 4187d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar int g; 4287d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar d = fn2(0, DT_NONCE_FIXED, (char)0, p1->NoncePhase1_r.value.cbData); 4387d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar h = 0 | 0; 4487d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar m_fn3(p1, 0, 0, 0); 4587d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar} 4687d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar 4787d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar// case 2: 4887d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainartypedef struct { 4987d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar int cbData; 5087d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar unsigned char *pbData; 5187d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar} CRYPT_DATA_BLOB_1; 5287d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainartypedef unsigned uint32_t; 5387d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainarvoid fn1_1(void *p1, const void *p2) { p1 != p2; } 5487d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar 5587d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainarvoid fn2_1(uint32_t *p1, unsigned char *p2, uint32_t p3) { 5687d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar unsigned i = 0; 5787d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar for (0; i < p3; i++) 584967a710c84587c654b56c828382219c3937dacbPirama Arumuga Nainar fn1_1(p1 + i, p2 + i * 0); 5987d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar} 6087d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar 6187d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainarstruct A_1 { 6287d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar CRYPT_DATA_BLOB_1 value; 6387d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar uint32_t m_fn1() { 6487d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar uint32_t a; 6587d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar if (value.pbData) 6687d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar fn2_1(&a, value.pbData, value.cbData); 6787d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar return 0; 6887d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar } 6987d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar}; 7087d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainarstruct { 7187d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar A_1 HashAlgId; 7287d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar} *b; 7387d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainarvoid fn3() { 7487d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar uint32_t c, d; 7587d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar d = b->HashAlgId.m_fn1(); 7687d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar d << 0 | 0 | 0; 7787d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar c = 0; 7887d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar 0 | 1 << 0 | 0 && b; 7987d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar} 8087d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar 8187d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar// case 3: 8287d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainarstruct ST { 8387d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar char c; 8487d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar}; 8587d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainarchar *p; 8687d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainarint foo1(ST); 8787d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainarint foo2() { 8887d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar ST *p1 = (ST *)(p); // expected-warning{{Casting a non-structure type to a structure type and accessing a field can lead to memory access errors or data corruption}} 8987d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar while (p1->c & 0x0F || p1->c & 0x07) 9087d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar p1 = p1 + foo1(*p1); 9187d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar} 9287d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar 9387d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainarint foo3(int *node) { 9487d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar int i = foo2(); 9587d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar if (i) 9687d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar return foo2(); 9787d948ecccffea9e9e37d0d053b246e2d6d6c47bPirama Arumuga Nainar} 98