clang/test/Analysis/bstring_UninitRead.c

   1 // RUN: %clang_analyze_cc1 -verify %s \
   2 // RUN: -analyzer-checker=core,alpha.unix.cstring
   3
   4
   5 // This file is generally for the alpha.unix.cstring.UninitializedRead Checker, the reason for putting it into
   6 // the separate file because the checker is break the some existing test cases in bstring.c file , so we don't
   7 // wanna mess up with some existing test case so it's better to create separate file for it, this file also include
   8 // the broken test for the reference in future about the broken tests.
   9
  10
  11 typedef typeof(sizeof(int)) size_t;
  12
  13 void clang_analyzer_eval(int);
  14
  15 void *memcpy(void *restrict s1, const void *restrict s2, size_t n);
  16
  17 void top(char *dst) {
  18   char buf[10];
  19   memcpy(dst, buf, 10); // expected-warning{{Bytes string function accesses uninitialized/garbage values}}
  20   (void)buf;
  21 }
  22
  23 //===----------------------------------------------------------------------===
  24 // mempcpy()
  25 //===----------------------------------------------------------------------===
  26
  27 void *mempcpy(void *restrict s1, const void *restrict s2, size_t n);
  28
  29 void mempcpy14() {
  30   int src[] = {1, 2, 3, 4};
  31   int dst[5] = {0};
  32   int *p;
  33
  34   p = mempcpy(dst, src, 4 * sizeof(int)); // expected-warning{{Bytes string function accesses uninitialized/garbage values}}
  35    // FIXME: This behaviour is actually surprising and needs to be fixed,
  36    // mempcpy seems to consider the very last byte of the src buffer uninitialized
  37    // and returning undef unfortunately. It should have returned unknown or a conjured value instead.
  38
  39   clang_analyzer_eval(p == &dst[4]); // no-warning (above is fatal)
  40 }
  41
  42 struct st {
  43   int i;
  44   int j;
  45 };
  46
  47
  48 void mempcpy15() {
  49   struct st s1 = {0};
  50   struct st s2;
  51   struct st *p1;
  52   struct st *p2;
  53
  54   p1 = (&s2) + 1;
  55   p2 = mempcpy(&s2, &s1, sizeof(struct st)); // expected-warning{{Bytes string function accesses uninitialized/garbage values}}
  56   // FIXME: It seems same as mempcpy14() case.
  57
  58   clang_analyzer_eval(p1 == p2); // no-warning (above is fatal)
  59 }