clang/test/Analysis/bitwise-shift-common.c

   1 // RUN: %clang_analyze_cc1 -analyzer-checker=core.BitwiseShift \
   2 // RUN:    -analyzer-output=text -verify \
   3 // RUN:    -triple x86_64-pc-linux-gnu -x c %s \
   4 // RUN:    -Wno-shift-count-negative -Wno-shift-negative-value \
   5 // RUN:    -Wno-shift-count-overflow -Wno-shift-overflow \
   6 // RUN:    -Wno-shift-sign-overflow
   7 //
   8 // RUN: %clang_analyze_cc1 -analyzer-checker=core.BitwiseShift \
   9 // RUN:    -analyzer-config core.BitwiseShift:Pedantic=true \
  10 // RUN:    -analyzer-output=text -verify \
  11 // RUN:    -triple x86_64-pc-linux-gnu -x c++ -std=c++20 %s \
  12 // RUN:    -Wno-shift-count-negative -Wno-shift-negative-value \
  13 // RUN:    -Wno-shift-count-overflow -Wno-shift-overflow \
  14 // RUN:    -Wno-shift-sign-overflow
  15 //
  16 // This test file verifies the default behavior of the BitwiseShift checker,
  17 // which reports the serious logical defects, but doesn't warn on code that's
  18 // legal under C++20 (or later) and widely accepted (but theoretically
  19 // undefined) in other compilation modes.
  20
  21 // TEST NEGATIVE RIGHT OPERAND
  22 //===----------------------------------------------------------------------===//
  23
  24 int negative_right_operand_literal(void) {
  25   return 2 << -2;
  26   // expected-warning@-1 {{Right operand is negative in left shift}}
  27   // expected-note@-2 {{The result of left shift is undefined because the right operand is negative}}
  28 }
  29
  30 int negative_right_operand_symbolic(int left, int right) {
  31   // expected-note@+2 {{Assuming 'right' is < 0}}
  32   // expected-note@+1 {{Taking false branch}}
  33   if (right >= 0)
  34     return 0;
  35   return left >> right;
  36   // expected-warning@-1 {{Right operand is negative in right shift}}
  37   // expected-note@-2 {{The result of right shift is undefined because the right operand is negative}}
  38 }
  39
  40 int negative_right_operand_compound(short arg) {
  41   // expected-note@+2 {{Assuming 'arg' is < 2}}
  42   // expected-note@+1 {{Taking false branch}}
  43   if (arg >= 2 )
  44     return 0;
  45   return 2 << (arg - 1 - 1 - 1);
  46   // expected-warning@-1 {{Right operand is negative in left shift}}
  47   // expected-note@-2 {{The result of left shift is undefined because the right operand is negative}}
  48 }
  49
  50 // TEST TOO LARGE RIGHT OPERAND
  51 //===----------------------------------------------------------------------===//
  52
  53 int too_large_right_operand_literal(void) {
  54   return 2 << 32;
  55   // expected-warning@-1 {{Left shift by '32' overflows the capacity of 'int'}}
  56   // expected-note@-2 {{The result of left shift is undefined because the right operand '32' is not smaller than 32, the capacity of 'int'}}
  57 }
  58
  59 int too_large_right_operand_exact_symbolic(int arg) {
  60   // expected-note@+4 {{Assuming 'arg' is > 33}}
  61   // expected-note@+3 {{Left side of '||' is false}}
  62   // expected-note@+2 {{Assuming 'arg' is < 35}}
  63   // expected-note@+1 {{Taking false branch}}
  64   if (arg <= 33 || arg >= 35)
  65     return 0;
  66   return 3 << arg;
  67   // expected-warning@-1 {{Left shift by '34' overflows the capacity of 'int'}}
  68   // expected-note@-2 {{The result of left shift is undefined because the right operand '34' is not smaller than 32, the capacity of 'int'}}
  69 }
  70
  71 int too_large_right_operand_exact_symbolic_2(char arg) {
  72   // expected-note@+2 {{Assuming the condition is false}}
  73   // expected-note@+1 {{Taking false branch}}
  74   if (arg != ' ')
  75     return 0;
  76   return 3 << arg;
  77   // expected-warning@-1 {{Left shift by '32' overflows the capacity of 'int'}}
  78   // expected-note@-2 {{The result of left shift is undefined because the right operand '32' is not smaller than 32, the capacity of 'int'}}
  79 }
  80
  81 int too_large_right_operand_symbolic(int left, int right) {
  82   // expected-note@+2 {{Assuming 'right' is > 31}}
  83   // expected-note@+1 {{Taking false branch}}
  84   if (right <= 31)
  85     return 0;
  86   return left >> right;
  87   // expected-warning@-1 {{Right shift overflows the capacity of 'int'}}
  88   // expected-note@-2 {{The result of right shift is undefined because the right operand is not smaller than 32, the capacity of 'int'}}
  89   // NOTE: the messages of the checker are a bit vague in this case, but the
  90   // tracking of the variables reveals our knowledge about them.
  91 }
  92
  93 int too_large_right_operand_compound(unsigned short arg) {
  94   // Note: this would be valid code with an 'unsigned int' because
  95   // unsigned addition is allowed to overflow.
  96   return 1 << (32 + arg);
  97   // expected-warning@-1 {{Left shift overflows the capacity of 'int'}}
  98   // expected-note@-2 {{The result of left shift is undefined because the right operand is not smaller than 32, the capacity of 'int'}}
  99 }
 100
 101 // TEST STATE UPDATES
 102 //===----------------------------------------------------------------------===//
 103
 104 void state_update(char a, int *p) {
 105   // NOTE: with 'int a' this would not produce a bug report because the engine
 106   // would not rule out an overflow.
 107   *p += 1 << a;
 108   // expected-note@-1 {{Assuming right operand of bit shift is non-negative but less than 32}}
 109   *p += 1 << (a + 32);
 110   // expected-warning@-1 {{Left shift overflows the capacity of 'int'}}
 111   // expected-note@-2 {{The result of left shift is undefined because the right operand is not smaller than 32, the capacity of 'int'}}
 112 }
 113
 114 void state_update_2(char a, int *p) {
 115   *p += 1234 >> (a + 32);
 116   // expected-note@-1 {{Assuming right operand of bit shift is non-negative but less than 32}}
 117   *p += 1234 >> a;
 118   // expected-warning@-1 {{Right operand is negative in right shift}}
 119   // expected-note@-2 {{The result of right shift is undefined because the right operand is negative}}
 120 }
 121
 122 // TEST EXPRESSION TRACKING
 123 //===----------------------------------------------------------------------===//
 124 // Expression tracking a "generic" tool that's used by many other checkers,
 125 // so this is just a minimal test to see that it's activated.
 126
 127 void setValue(unsigned *p, unsigned newval) {
 128   *p = newval;
 129   // expected-note@-1 {{The value 33 is assigned to 'right'}}
 130 }
 131
 132 int expression_tracked_back(void) {
 133   unsigned left = 115; // expected-note {{'left' initialized to 115}}
 134   unsigned right;
 135   setValue(&right, 33);
 136   // expected-note@-1 {{Calling 'setValue'}}
 137   // expected-note@-2 {{Passing the value 33 via 2nd parameter 'newval'}}
 138   // expected-note@-3 {{Returning from 'setValue'}}
 139
 140   return left << right;
 141   // expected-warning@-1 {{Left shift by '33' overflows the capacity of 'unsigned int'}}
 142   // expected-note@-2 {{The result of left shift is undefined because the right operand '33' is not smaller than 32, the capacity of 'unsigned int'}}
 143 }
 144
 145 // TEST PERMISSIVENESS
 146 //===----------------------------------------------------------------------===//
 147
 148 int allow_overflows_and_negative_operands(void) {
 149   // These are all legal under C++ 20 and many compilers accept them under
 150   // earlier standards as well.
 151   int int_min = 1 << 31; // no-warning
 152   int this_overflows = 1027 << 30; // no-warning
 153   return (-2 << 5) + (-3 >> 4); // no-warning
 154 }
 155
 156 int double_negative(void) {
 157   return -2 >> -2;
 158   // expected-warning@-1 {{Right operand is negative in right shift}}
 159   // expected-note@-2 {{The result of right shift is undefined because the right operand is negative}}
 160 }