1 // RUN: %clang_analyze_cc1 -triple x86_64-apple-darwin9 -fenable-matrix -analyzer-checker=core,alpha.core,debug.ExprInspection -Wno-pointer-to-int-cast -Wno-strict-prototypes -verify -analyzer-config eagerly-assume=false %s
2 // RUN: %clang_analyze_cc1 -triple i386-apple-darwin9 -fenable-matrix -analyzer-checker=core,alpha.core,debug.ExprInspection -Wno-pointer-to-int-cast -Wno-strict-prototypes -verify -analyzer-config eagerly-assume=false %s
3 // RUN: %clang_analyze_cc1 -triple x86_64-apple-darwin9 -fenable-matrix -analyzer-checker=core,alpha.core,debug.ExprInspection -Wno-pointer-to-int-cast -Wno-strict-prototypes -verify -DEAGERLY_ASSUME=1 -w %s
4 // RUN: %clang_analyze_cc1 -triple i386-apple-darwin9 -fenable-matrix -analyzer-checker=core,alpha.core,debug.ExprInspection -Wno-pointer-to-int-cast -Wno-strict-prototypes -verify -DEAGERLY_ASSUME=1 -DBIT32=1 -w %s
6 extern void clang_analyzer_eval(_Bool
);
8 // Test if the 'storage' region gets properly initialized after it is cast to
9 // 'struct sockaddr *'.
11 typedef unsigned char __uint8_t
;
12 typedef unsigned int __uint32_t
;
13 typedef __uint32_t __darwin_socklen_t
;
14 typedef __uint8_t sa_family_t
;
15 typedef __darwin_socklen_t socklen_t
;
16 struct sockaddr
{ sa_family_t sa_family
; };
17 struct sockaddr_storage
{};
21 #ifndef EAGERLY_ASSUME
24 struct sockaddr_storage storage
;
25 struct sockaddr
* sockaddr
= (struct sockaddr
*)&storage
; // expected-warning{{Casting data to a larger structure type and accessing a field can lead to memory access errors or data corruption}}
26 socklen_t addrlen
= sizeof(storage
);
27 getsockname(sock
, sockaddr
, &addrlen
);
28 switch (sockaddr
->sa_family
) { // no-warning
38 void f1(struct s
**pval
) {
39 int *tbool
= ((void*)0);
42 tbool
= (int *)pval
; // use the cast-to type 'int *' to create element region.
43 char c
= (unsigned char) *tbool
; // Should use cast-to type to create symbol.
44 if (*tbool
== -1) // here load the element region with the correct type 'int'
48 void f2(const char *str
) {
49 unsigned char ch
, cl
, *p
;
51 p
= (unsigned char *)str
;
52 ch
= *p
++; // use cast-to type 'unsigned char' to create element region.
58 // Test cast VariableSizeArray to pointer does not crash.
59 void *memcpy(void *, void const *, unsigned long);
60 typedef unsigned char Byte
;
61 void doit(char *data
, int len
) {
64 memcpy(buf
, data
, len
);
68 // PR 6013 and 6035 - Test that a cast of a pointer to long and then to int does not crash SValuator.
69 void pr6013_6035_test(void *p
) {
75 // PR12511 - Test that we support SymCastExpr, which represents symbolic int to float cast.
76 char ttt(int intSeconds
) {
77 double seconds
= intSeconds
;
86 if ((*((void**)&p
)) == (void*)0) // Test that the cast to void preserves the symbolic region.
89 return 5/y
; // This code should be unreachable: no-warning.
94 void castsToBool(void) {
95 clang_analyzer_eval(0); // expected-warning{{FALSE}}
96 clang_analyzer_eval(0U); // expected-warning{{FALSE}}
97 clang_analyzer_eval((void *)0); // expected-warning{{FALSE}}
99 clang_analyzer_eval(1); // expected-warning{{TRUE}}
100 clang_analyzer_eval(1U); // expected-warning{{TRUE}}
101 clang_analyzer_eval(-1); // expected-warning{{TRUE}}
102 clang_analyzer_eval(0x100); // expected-warning{{TRUE}}
103 clang_analyzer_eval(0x100U
); // expected-warning{{TRUE}}
104 clang_analyzer_eval((void *)0x100); // expected-warning{{TRUE}}
106 extern int symbolicInt
;
107 clang_analyzer_eval(symbolicInt
); // expected-warning{{UNKNOWN}}
109 clang_analyzer_eval(symbolicInt
); // expected-warning{{TRUE}}
111 extern void *symbolicPointer
;
112 clang_analyzer_eval(symbolicPointer
); // expected-warning{{UNKNOWN}}
114 clang_analyzer_eval(symbolicPointer
); // expected-warning{{TRUE}}
117 int* ptr
= &localInt
;
118 clang_analyzer_eval(ptr
); // expected-warning{{TRUE}}
119 clang_analyzer_eval(&castsToBool
); // expected-warning{{TRUE}}
120 clang_analyzer_eval("abc"); // expected-warning{{TRUE}}
122 extern float globalFloat
;
123 clang_analyzer_eval(globalFloat
); // expected-warning{{UNKNOWN}}
126 void locAsIntegerCasts(void *p
) {
128 clang_analyzer_eval(++x
< 10); // no-crash // expected-warning{{UNKNOWN}}
131 void multiDimensionalArrayPointerCasts(void) {
132 static int x
[10][10];
133 int *y1
= &(x
[3][5]);
134 char *z
= ((char *) y1
) + 2;
135 int *y2
= (int *)(z
- 2);
136 int *y3
= ((int *)x
) + 35; // This is offset for [3][5].
138 clang_analyzer_eval(y1
== y2
); // expected-warning{{TRUE}}
140 // FIXME: should be FALSE (i.e. equal pointers).
141 clang_analyzer_eval(y1
- y2
); // expected-warning{{UNKNOWN}}
142 // FIXME: should be TRUE (i.e. same symbol).
143 clang_analyzer_eval(*y1
== *y2
); // expected-warning{{UNKNOWN}}
145 clang_analyzer_eval(*((char *)y1
) == *((char *) y2
)); // expected-warning{{TRUE}}
147 clang_analyzer_eval(y1
== y3
); // expected-warning{{TRUE}}
149 // FIXME: should be FALSE (i.e. equal pointers).
150 clang_analyzer_eval(y1
- y3
); // expected-warning{{UNKNOWN}}
151 // FIXME: should be TRUE (i.e. same symbol).
152 clang_analyzer_eval(*y1
== *y3
); // expected-warning{{UNKNOWN}}
154 clang_analyzer_eval(*((char *)y1
) == *((char *) y3
)); // expected-warning{{TRUE}}
157 void *getVoidPtr(void);
159 void testCastVoidPtrToIntPtrThroughIntTypedAssignment(void) {
161 (*((int *)(&x
))) = (int)getVoidPtr();
165 void testCastUIntPtrToIntPtrThroughIntTypedAssignment(void) {
168 (*((int *)(&x
))) = (int)&u
;
170 clang_analyzer_eval(u
== 1); // expected-warning{{TRUE}}
173 void testCastVoidPtrToIntPtrThroughUIntTypedAssignment(void) {
175 (*((int *)(&x
))) = (int)(unsigned *)getVoidPtr();
179 void testLocNonLocSymbolAssume(int a
, int *b
) {
180 if ((int)b
< a
) {} // no-crash
183 void testLocNonLocSymbolRemainder(int a
, int *b
) {
184 int c
= ((int)b
) % a
;
190 void testSwitchWithSizeofs(void) {
191 switch (sizeof(char) == 1) { // expected-warning{{switch condition has boolean value}}
192 case sizeof(char):; // no-crash
196 void test_ToUnion_cast(unsigned long long x
) {
198 unsigned long long data
;
200 void clang_analyzer_dump_union(union Key
);
201 clang_analyzer_dump_union((union Key
)x
); // expected-warning {{Unknown}}
204 typedef char cx5x5
__attribute__((matrix_type(5, 5)));
205 typedef int ix5x5
__attribute__((matrix_type(5, 5)));
206 void test_MatrixCast_cast(cx5x5 c
) {
207 void clang_analyzer_dump_ix5x5(ix5x5
);
208 clang_analyzer_dump_ix5x5((ix5x5
)c
); // expected-warning {{Unknown}}
211 void test_VectorSplat_cast(long x
) {
212 typedef int __attribute__((ext_vector_type(2))) V
;
213 void clang_analyzer_dump_V(V
);
214 clang_analyzer_dump_V((V
)x
); // expected-warning {{Unknown}}
219 #ifdef EAGERLY_ASSUME
222 extern int globalFunc(void);
223 void no_crash_on_symsym_cast_to_long(void) {
224 char c
= globalFunc() - 5;
230 // expected-warning@-2{{Left shift by '48' overflows the capacity of 'long'}}
232 // expected-no-diagnostics
238 char no_crash_SymbolCast_of_float_type_aux(int *p
) {
243 void no_crash_SymbolCast_of_float_type(void) {
245 char (*f
)() = no_crash_SymbolCast_of_float_type_aux
;
249 double no_crash_reinterpret_double_as_int(double a
) {
254 double no_crash_reinterpret_double_as_ptr(double a
) {
259 double no_crash_reinterpret_double_as_sym_int(double a
, int b
) {
264 double no_crash_reinterpret_double_as_sym_ptr(double a
, void * b
) {
269 void no_crash_reinterpret_char_as_uchar(char ***a
, int *b
) {
270 *(unsigned char **)a
= (unsigned char *)b
;
271 if (**a
== 0) // no-crash
277 void symbolic_offset(struct S
*ptr
, int i
) {
278 const struct S
*pS
= ptr
+ i
;
279 struct S s
= *pS
; // no-crash