search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[ELF] Avoid make in elf::writeARMCmseImportLib
[llvm-project.git] / clang / test / Analysis / ptr-arith.c
blobb5ccd2c207ead12b02818c2f6861392e09860f3a
1 // RUN: %clang_analyze_cc1 -analyzer-checker=alpha.core.FixedAddr,alpha.core.PointerArithm,debug.ExprInspection -Wno-pointer-to-int-cast -verify -triple x86_64-apple-darwin9 -Wno-tautological-pointer-compare -analyzer-config eagerly-assume=false %s
2 // RUN: %clang_analyze_cc1 -analyzer-checker=alpha.core.FixedAddr,alpha.core.PointerArithm,debug.ExprInspection -Wno-pointer-to-int-cast -verify -triple i686-apple-darwin9 -Wno-tautological-pointer-compare -analyzer-config eagerly-assume=false %s
3
4 #include "Inputs/system-header-simulator.h"
5
6 void clang_analyzer_eval(int);
7 void clang_analyzer_dump(int);
8
9 void f1(void) {
10 int a[10];
11 int *p = a;
12 ++p;
13 }
14
15 char* foo(void);
16
17 void f2(void) {
18 char *p = foo();
19 ++p;
20 }
21
22 // This test case checks if we get the right rvalue type of a TypedViewRegion.
23 // The ElementRegion's type depends on the array region's rvalue type. If it was
24 // a pointer type, we would get a loc::SymbolVal for '*p'.
25 void* memchr(const void *, int, __typeof__(sizeof(0)));
26 static int
27 domain_port (const char *domain_b, const char *domain_e,
28 const char **domain_e_ptr)
29 {
30 int port = 0;
31
32 const char *p;
33 const char *colon = memchr (domain_b, ':', domain_e - domain_b);
34
35 for (p = colon + 1; p < domain_e ; p++)
36 port = 10 * port + (*p - '0');
37 return port;
38 }
39
40 #define FIXED_VALUE (int*) 0x1111
41
42 void f4(void) {
43 int *p;
44 p = (int*) 0x10000; // expected-warning{{Using a fixed address is not portable because that address will probably not be valid in all environments or platforms}}
45
46 int *p1;
47 p1 = p; // no warning
48
49 long x = 0x10100;
50 x += 10;
51 p = (int*) x; // expected-warning{{Using a fixed address is not portable because that address will probably not be valid in all environments or platforms}}
52
53 struct sigaction sa;
54 sa.sa_handler = SIG_IGN; // no warning (exclude macros defined in system header)
55 sigaction(SIGINT, &sa, NULL);
56
57 p = FIXED_VALUE; // expected-warning{{Using a fixed address is not portable because that address will probably not be valid in all environments or platforms}}
58 }
59
60 void f5(void) {
61 int x, y;
62 int *p;
63 p = &x + 1; // expected-warning{{Pointer arithmetic on non-array variables relies on memory layout, which is dangerous}}
64
65 int a[10];
66 p = a + 1; // no-warning
67 }
68
69 // Allow arithmetic on different symbolic regions.
70 void f6(int *p, int *q) {
71 int d = q - p; // no-warning
72 }
73
74 void null_operand(int *a) {
75 start:
76 // LHS is a label, RHS is NULL
77 clang_analyzer_eval(&&start != 0); // expected-warning{{TRUE}}
78 clang_analyzer_eval(&&start >= 0); // expected-warning{{TRUE}}
79 clang_analyzer_eval(&&start > 0); // expected-warning{{TRUE}}
80 clang_analyzer_eval((&&start - 0) != 0); // expected-warning{{TRUE}}
81
82 // LHS is a non-symbolic value, RHS is NULL
83 clang_analyzer_eval(&a != 0); // expected-warning{{TRUE}}
84 clang_analyzer_eval(&a >= 0); // expected-warning{{TRUE}}
85 clang_analyzer_eval(&a > 0); // expected-warning{{TRUE}}
86 clang_analyzer_eval((&a - 0) != 0); // expected-warning{{TRUE}}
87
88 // LHS is NULL, RHS is non-symbolic
89 // The same code is used for labels and non-symbolic values.
90 clang_analyzer_eval(0 != &a); // expected-warning{{TRUE}}
91 clang_analyzer_eval(0 <= &a); // expected-warning{{TRUE}}
92 clang_analyzer_eval(0 < &a); // expected-warning{{TRUE}}
93
94 // LHS is a symbolic value, RHS is NULL
95 clang_analyzer_eval(a != 0); // expected-warning{{UNKNOWN}}
96 clang_analyzer_eval(a >= 0); // expected-warning{{TRUE}}
97 clang_analyzer_eval(a <= 0); // expected-warning{{UNKNOWN}}
98 clang_analyzer_eval((a - 0) != 0); // expected-warning{{UNKNOWN}}
99
100 // LHS is NULL, RHS is a symbolic value
101 clang_analyzer_eval(0 != a); // expected-warning{{UNKNOWN}}
102 clang_analyzer_eval(0 <= a); // expected-warning{{TRUE}}
103 clang_analyzer_eval(0 < a); // expected-warning{{UNKNOWN}}
104 }
105
106 void const_locs(void) {
107 char *a = (char*)0x1000;
108 char *b = (char*)0x1100;
109 start:
110 clang_analyzer_eval(a != b); // expected-warning{{TRUE}}
111 clang_analyzer_eval(a < b); // expected-warning{{TRUE}}
112 clang_analyzer_eval(a <= b); // expected-warning{{TRUE}}
113 clang_analyzer_eval((b-a) == 0x100); // expected-warning{{TRUE}}
114
115 clang_analyzer_eval(&&start == a); // expected-warning{{UNKNOWN}}
116 clang_analyzer_eval(a == &&start); // expected-warning{{UNKNOWN}}
117 clang_analyzer_eval(&a == (char**)a); // expected-warning{{UNKNOWN}}
118 clang_analyzer_eval((char**)a == &a); // expected-warning{{UNKNOWN}}
119 }
120
121 void array_matching_types(void) {
122 int array[10];
123 int *a = &array[2];
124 int *b = &array[5];
125
126 clang_analyzer_eval(a != b); // expected-warning{{TRUE}}
127 clang_analyzer_eval(a < b); // expected-warning{{TRUE}}
128 clang_analyzer_eval(a <= b); // expected-warning{{TRUE}}
129 clang_analyzer_eval((b-a) != 0); // expected-warning{{TRUE}}
130 }
131
132 // This takes a different code path than array_matching_types()
133 void array_different_types(void) {
134 int array[10];
135 int *a = &array[2];
136 char *b = (char*)&array[5];
137
138 clang_analyzer_eval(a != b); // expected-warning{{TRUE}} expected-warning{{comparison of distinct pointer types}}
139 clang_analyzer_eval(a < b); // expected-warning{{TRUE}} expected-warning{{comparison of distinct pointer types}}
140 clang_analyzer_eval(a <= b); // expected-warning{{TRUE}} expected-warning{{comparison of distinct pointer types}}
141 }
142
143 struct test { int x; int y; };
144 void struct_fields(void) {
145 struct test a, b;
146
147 clang_analyzer_eval(&a.x != &a.y); // expected-warning{{TRUE}}
148 clang_analyzer_eval(&a.x < &a.y); // expected-warning{{TRUE}}
149 clang_analyzer_eval(&a.x <= &a.y); // expected-warning{{TRUE}}
150
151 clang_analyzer_eval(&a.x != &b.x); // expected-warning{{TRUE}}
152 clang_analyzer_eval(&a.x > &b.x); // expected-warning{{UNKNOWN}}
153 clang_analyzer_eval(&a.x >= &b.x); // expected-warning{{UNKNOWN}}
154 }
155
156 void mixed_region_types(void) {
157 struct test s;
158 int array[2];
159 void *a = &array, *b = &s;
160
161 clang_analyzer_eval(&a != &b); // expected-warning{{TRUE}}
162 clang_analyzer_eval(&a > &b); // expected-warning{{UNKNOWN}}
163 clang_analyzer_eval(&a >= &b); // expected-warning{{UNKNOWN}}
164 }
165
166 void symbolic_region(int *p) {
167 int a;
168
169 clang_analyzer_eval(&a != p); // expected-warning{{TRUE}}
170 clang_analyzer_eval(&a > p); // expected-warning{{UNKNOWN}}
171 clang_analyzer_eval(&a >= p); // expected-warning{{UNKNOWN}}
172 }
173
174 void PR7527 (int *p) {
175 if (((int) p) & 1) // not crash
176 return;
177 }
178
179 void use_symbols(int *lhs, int *rhs) {
180 clang_analyzer_eval(lhs < rhs); // expected-warning{{UNKNOWN}}
181 if (lhs < rhs)
182 return;
183 clang_analyzer_eval(lhs < rhs); // expected-warning{{FALSE}}
184
185 clang_analyzer_eval(lhs - rhs); // expected-warning{{UNKNOWN}}
186 if ((lhs - rhs) != 5)
187 return;
188 clang_analyzer_eval((lhs - rhs) == 5); // expected-warning{{TRUE}}
189 }
190
191 void equal_implies_zero(int *lhs, int *rhs) {
192 clang_analyzer_eval(lhs == rhs); // expected-warning{{UNKNOWN}}
193 if (lhs == rhs) {
194 clang_analyzer_eval(lhs != rhs); // expected-warning{{FALSE}}
195 clang_analyzer_eval((rhs - lhs) == 0); // expected-warning{{TRUE}}
196 return;
197 }
198 clang_analyzer_eval(lhs == rhs); // expected-warning{{FALSE}}
199 clang_analyzer_eval(lhs != rhs); // expected-warning{{TRUE}}
200 clang_analyzer_eval((rhs - lhs) == 0); // expected-warning{{FALSE}}
201 }
202
203 void zero_implies_equal(int *lhs, int *rhs) {
204 clang_analyzer_eval((rhs - lhs) == 0); // expected-warning{{UNKNOWN}}
205 if ((rhs - lhs) == 0) {
206 clang_analyzer_eval(lhs != rhs); // expected-warning{{FALSE}}
207 clang_analyzer_eval(lhs == rhs); // expected-warning{{TRUE}}
208 return;
209 }
210 clang_analyzer_eval((rhs - lhs) == 0); // expected-warning{{FALSE}}
211 clang_analyzer_eval(lhs == rhs); // expected-warning{{FALSE}}
212 clang_analyzer_eval(lhs != rhs); // expected-warning{{TRUE}}
213 }
214
215 void comparisons_imply_size(int *lhs, int *rhs) {
216 clang_analyzer_eval(lhs <= rhs); // expected-warning{{UNKNOWN}}
217
218 if (lhs > rhs) {
219 clang_analyzer_eval((rhs - lhs) == 0); // expected-warning{{FALSE}}
220 return;
221 }
222
223 clang_analyzer_eval(lhs <= rhs); // expected-warning{{TRUE}}
224 // FIXME: In Z3ConstraintManager, ptrdiff_t is mapped to signed bitvector. However, this does not directly imply the unsigned comparison.
225 #ifdef ANALYZER_CM_Z3
226 clang_analyzer_eval((rhs - lhs) >= 0); // expected-warning{{UNKNOWN}}
227 #else
228 clang_analyzer_eval((rhs - lhs) >= 0); // expected-warning{{TRUE}}
229 #endif
230 clang_analyzer_eval((rhs - lhs) > 0); // expected-warning{{UNKNOWN}}
231
232 if (lhs >= rhs) {
233 clang_analyzer_eval((rhs - lhs) == 0); // expected-warning{{TRUE}}
234 return;
235 }
236
237 clang_analyzer_eval(lhs == rhs); // expected-warning{{FALSE}}
238 clang_analyzer_eval(lhs < rhs); // expected-warning{{TRUE}}
239 #ifdef ANALYZER_CM_Z3
240 clang_analyzer_eval((rhs - lhs) > 0); // expected-warning{{UNKNOWN}}
241 #else
242 clang_analyzer_eval((rhs - lhs) > 0); // expected-warning{{TRUE}}
243 #endif
244 }
245
246 void size_implies_comparison(int *lhs, int *rhs) {
247 clang_analyzer_eval(lhs <= rhs); // expected-warning{{UNKNOWN}}
248
249 if ((rhs - lhs) < 0) {
250 clang_analyzer_eval(lhs == rhs); // expected-warning{{FALSE}}
251 return;
252 }
253
254 #ifdef ANALYZER_CM_Z3
255 clang_analyzer_eval(lhs <= rhs); // expected-warning{{UNKNOWN}}
256 #else
257 clang_analyzer_eval(lhs <= rhs); // expected-warning{{TRUE}}
258 #endif
259 clang_analyzer_eval((rhs - lhs) >= 0); // expected-warning{{TRUE}}
260 clang_analyzer_eval((rhs - lhs) > 0); // expected-warning{{UNKNOWN}}
261
262 if ((rhs - lhs) <= 0) {
263 clang_analyzer_eval(lhs == rhs); // expected-warning{{TRUE}}
264 return;
265 }
266
267 clang_analyzer_eval(lhs == rhs); // expected-warning{{FALSE}}
268 #ifdef ANALYZER_CM_Z3
269 clang_analyzer_eval(lhs < rhs); // expected-warning{{UNKNOWN}}
270 #else
271 clang_analyzer_eval(lhs < rhs); // expected-warning{{TRUE}}
272 #endif
273 clang_analyzer_eval((rhs - lhs) > 0); // expected-warning{{TRUE}}
274 }
275
276 void zero_implies_reversed_equal(int *lhs, int *rhs) {
277 clang_analyzer_eval((rhs - lhs) == 0); // expected-warning{{UNKNOWN}}
278 if ((rhs - lhs) == 0) {
279 clang_analyzer_eval(rhs != lhs); // expected-warning{{FALSE}}
280 clang_analyzer_eval(rhs == lhs); // expected-warning{{TRUE}}
281 return;
282 }
283 clang_analyzer_eval((rhs - lhs) == 0); // expected-warning{{FALSE}}
284 clang_analyzer_eval(rhs == lhs); // expected-warning{{FALSE}}
285 clang_analyzer_eval(rhs != lhs); // expected-warning{{TRUE}}
286 }
287
288 void canonical_equal(int *lhs, int *rhs) {
289 clang_analyzer_eval(lhs == rhs); // expected-warning{{UNKNOWN}}
290 if (lhs == rhs) {
291 clang_analyzer_eval(rhs == lhs); // expected-warning{{TRUE}}
292 return;
293 }
294 clang_analyzer_eval(lhs == rhs); // expected-warning{{FALSE}}
295 clang_analyzer_eval(rhs == lhs); // expected-warning{{FALSE}}
296 }
297
298 void compare_element_region_and_base(int *p) {
299 int *q = p - 1;
300 clang_analyzer_eval(p == q); // expected-warning{{FALSE}}
301 }
302
303 struct Point {
304 int x;
305 int y;
306 };
307 void symbolicFieldRegion(struct Point *points, int i, int j) {
308 clang_analyzer_eval(&points[i].x == &points[j].x);// expected-warning{{UNKNOWN}}
309 clang_analyzer_eval(&points[i].x == &points[i].y);// expected-warning{{FALSE}}
310 clang_analyzer_eval(&points[i].x < &points[i].y);// expected-warning{{TRUE}}
311 }
312
313 void negativeIndex(char *str) {
314 *(str + 1) = 'a';
315 clang_analyzer_eval(*(str + 1) == 'a'); // expected-warning{{TRUE}}
316 clang_analyzer_eval(*(str - 1) == 'a'); // expected-warning{{UNKNOWN}}
317
318 char *ptr1 = str - 1;
319 clang_analyzer_eval(*ptr1 == 'a'); // expected-warning{{UNKNOWN}}
320
321 char *ptr2 = str;
322 ptr2 -= 1;
323 clang_analyzer_eval(*ptr2 == 'a'); // expected-warning{{UNKNOWN}}
324
325 char *ptr3 = str;
326 --ptr3;
327 clang_analyzer_eval(*ptr3 == 'a'); // expected-warning{{UNKNOWN}}
328 }
329
330 void test_no_crash_on_pointer_to_label(void) {
331 char *a = &&label;
332 a[0] = 0;
333 label:;
334 }
335
336 typedef __attribute__((__ext_vector_type__(2))) float simd_float2;
337 float test_nowarning_on_vector_deref(void) {
338 simd_float2 x = {0, 1};
339 return x[1]; // no-warning
340 }
341
342 struct s {
343 int v;
344 };
345
346 // These three expressions should produce the same sym vals.
347 void struct_pointer_canon(struct s *ps) {
348 struct s ss = *ps;
349 clang_analyzer_dump((*ps).v);
350 // expected-warning-re@-1{{reg_${{[[:digit:]]+}}<int Element{SymRegion{reg_${{[[:digit:]]+}}<struct s * ps>},0 S64b,struct s}.v>}}
351 clang_analyzer_dump(ps[0].v);
352 // expected-warning-re@-1{{reg_${{[[:digit:]]+}}<int Element{SymRegion{reg_${{[[:digit:]]+}}<struct s * ps>},0 S64b,struct s}.v>}}
353 clang_analyzer_dump(ps->v);
354 // expected-warning-re@-1{{reg_${{[[:digit:]]+}}<int Element{SymRegion{reg_${{[[:digit:]]+}}<struct s * ps>},0 S64b,struct s}.v>}}
355 clang_analyzer_eval((*ps).v == ps[0].v); // expected-warning{{TRUE}}
356 clang_analyzer_eval((*ps).v == ps->v); // expected-warning{{TRUE}}
357 clang_analyzer_eval(ps[0].v == ps->v); // expected-warning{{TRUE}}
358 }
359
360 void struct_pointer_canon_bidim(struct s **ps) {
361 struct s ss = **ps;
362 clang_analyzer_eval(&(ps[0][0].v) == &((*ps)->v)); // expected-warning{{TRUE}}
363 }
364
365 typedef struct s T1;
366 typedef struct s T2;
367 void struct_pointer_canon_typedef(T1 *ps) {
368 T2 ss = *ps;
369 clang_analyzer_dump((*ps).v);
370 // expected-warning-re@-1{{reg_${{[[:digit:]]+}}<int Element{SymRegion{reg_${{[[:digit:]]+}}<T1 * ps>},0 S64b,struct s}.v>}}
371 clang_analyzer_dump(ps[0].v);
372 // expected-warning-re@-1{{reg_${{[[:digit:]]+}}<int Element{SymRegion{reg_${{[[:digit:]]+}}<T1 * ps>},0 S64b,struct s}.v>}}
373 clang_analyzer_dump(ps->v);
374 // expected-warning-re@-1{{reg_${{[[:digit:]]+}}<int Element{SymRegion{reg_${{[[:digit:]]+}}<T1 * ps>},0 S64b,struct s}.v>}}
375 clang_analyzer_eval((*ps).v == ps[0].v); // expected-warning{{TRUE}}
376 clang_analyzer_eval((*ps).v == ps->v); // expected-warning{{TRUE}}
377 clang_analyzer_eval(ps[0].v == ps->v); // expected-warning{{TRUE}}
378 }
379
380 void struct_pointer_canon_bidim_typedef(T1 **ps) {
381 T2 ss = **ps;
382 clang_analyzer_eval(&(ps[0][0].v) == &((*ps)->v)); // expected-warning{{TRUE}}
383 }
384
385 void struct_pointer_canon_const(const struct s *ps) {
386 struct s ss = *ps;
387 clang_analyzer_dump((*ps).v);
388 // expected-warning-re@-1{{reg_${{[[:digit:]]+}}<int Element{SymRegion{reg_${{[[:digit:]]+}}<const struct s * ps>},0 S64b,struct s}.v>}}
389 clang_analyzer_dump(ps[0].v);
390 // expected-warning-re@-1{{reg_${{[[:digit:]]+}}<int Element{SymRegion{reg_${{[[:digit:]]+}}<const struct s * ps>},0 S64b,struct s}.v>}}
391 clang_analyzer_dump(ps->v);
392 // expected-warning-re@-1{{reg_${{[[:digit:]]+}}<int Element{SymRegion{reg_${{[[:digit:]]+}}<const struct s * ps>},0 S64b,struct s}.v>}}
393 clang_analyzer_eval((*ps).v == ps[0].v); // expected-warning{{TRUE}}
394 clang_analyzer_eval((*ps).v == ps->v); // expected-warning{{TRUE}}
395 clang_analyzer_eval(ps[0].v == ps->v); // expected-warning{{TRUE}}
396 }
LLVM monorepo