1 // RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.cstring,debug.ExprInspection -triple i386-apple-darwin9 -verify %s
2 // RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.cstring,debug.ExprInspection -triple x86_64-apple-darwin9 -verify %s
4 // This file runs in C++ mode so that the comparison type is 'bool', not 'int'.
5 void clang_analyzer_eval(int);
6 typedef typeof(sizeof(int)) size_t;
8 // PR12206/12510 - When SimpleSValBuilder figures out that a symbol is fully
9 // constrained, it should cast the value to the result type in a binary
10 // operation...unless the binary operation is a comparison, in which case the
11 // two arguments should be the same type, but won't match the result type.
13 // This is not directly related to additive folding, but we use SValBuilder's
14 // additive folding to tickle the bug. ExprEngine will simplify fully-constrained
15 // symbols, so SValBuilder will only see them if they are (a) part of an evaluated
16 // SymExpr (e.g. with additive folding) or (b) generated by a checker (e.g.
17 // unix.cstring's strlen() modelling).
19 size_t comparisonSize
= sizeof(1 == 1);
21 // This test is useless if size_t isn't bigger than bool.
22 clang_analyzer_eval(sizeof(size_t) > comparisonSize
); // expected-warning{{TRUE}}
24 // Build a SymIntExpr, dependent on x.
27 // Create a value that requires more bits to store than a comparison result.
29 value
<<= 8 * comparisonSize
;
32 // Constrain the value of x.
33 if (x
!= value
) return;
35 // Constant-folding will turn (local+1) back into the symbol for x.
36 // The point of this dance is to make SValBuilder be responsible for
37 // turning the symbol into a ConcreteInt, rather than ExprEngine.
39 // Test relational operators.
40 clang_analyzer_eval((local
+ 1) >= 2); // expected-warning{{TRUE}}
41 clang_analyzer_eval(2 <= (local
+ 1)); // expected-warning{{TRUE}}
43 // Test equality operators.
44 clang_analyzer_eval((local
+ 1) != 1); // expected-warning{{TRUE}}
45 clang_analyzer_eval(1 != (local
+ 1)); // expected-warning{{TRUE}}
48 void PR12206_truncation(signed char x
) {
49 // Build a SymIntExpr, dependent on x.
50 signed char local
= x
- 1;
52 // Constrain the value of x.
55 // Constant-folding will turn (local+1) back into the symbol for x.
56 // The point of this dance is to make SValBuilder be responsible for
57 // turning the symbol into a ConcreteInt, rather than ExprEngine.
59 // Construct a value that cannot be represented by 'char',
60 // but that has the same lower bits as x.
61 signed int value
= 1 + (1 << 8);
63 // Test relational operators.
64 clang_analyzer_eval((local
+ 1) < value
); // expected-warning{{TRUE}}
65 clang_analyzer_eval(value
> (local
+ 1)); // expected-warning{{TRUE}}
67 // Test equality operators.
68 clang_analyzer_eval((local
+ 1) != value
); // expected-warning{{TRUE}}
69 clang_analyzer_eval(value
!= (local
+ 1)); // expected-warning{{TRUE}}
72 // This test is insurance in case we significantly change how SymExprs are
74 size_t strlen(const char *s
);
75 void PR12206_strlen(const char *x
) {
76 size_t comparisonSize
= sizeof(1 == 1);
78 // This test is useless if size_t isn't bigger than bool.
79 clang_analyzer_eval(sizeof(size_t) > comparisonSize
); // expected-warning{{TRUE}}
81 // Create a value that requires more bits to store than a comparison result.
83 value
<<= 8 * comparisonSize
;
86 // Constrain the length of x.
87 if (strlen(x
) != value
) return;
89 // Test relational operators.
90 clang_analyzer_eval(strlen(x
) >= 2); // expected-warning{{TRUE}}
91 clang_analyzer_eval(2 <= strlen(x
)); // expected-warning{{TRUE}}
93 // Test equality operators.
94 clang_analyzer_eval(strlen(x
) != 1); // expected-warning{{TRUE}}
95 clang_analyzer_eval(1 != strlen(x
)); // expected-warning{{TRUE}}