bstring.cpp
6.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.cstring,unix.Malloc,alpha.unix.cstring,debug.ExprInspection -analyzer-store=region -verify -analyzer-config eagerly-assume=false %s
// RUN: %clang_analyze_cc1 -DUSE_BUILTINS -analyzer-checker=core,unix.cstring,unix.Malloc,alpha.unix.cstring,debug.ExprInspection -analyzer-store=region -verify -analyzer-config eagerly-assume=false %s
// RUN: %clang_analyze_cc1 -DVARIANT -analyzer-checker=core,unix.cstring,alpha.unix.cstring,unix.Malloc,debug.ExprInspection -analyzer-store=region -verify -analyzer-config eagerly-assume=false %s
// RUN: %clang_analyze_cc1 -DUSE_BUILTINS -DVARIANT -analyzer-checker=core,unix.cstring,alpha.unix.cstring,unix.Malloc,debug.ExprInspection -analyzer-store=region -verify -analyzer-config eagerly-assume=false %s
// RUN: %clang_analyze_cc1 -DSUPPRESS_OUT_OF_BOUND -analyzer-checker=core,unix.cstring,unix.Malloc,alpha.unix.cstring.BufferOverlap,alpha.unix.cstring.NotNullTerminated,debug.ExprInspection -analyzer-store=region -verify -analyzer-config eagerly-assume=false %s
#include "Inputs/system-header-simulator-cxx.h"
#include "Inputs/system-header-simulator-for-malloc.h"
// This provides us with four possible mempcpy() definitions.
// See also comments in bstring.c.
#ifdef USE_BUILTINS
#define BUILTIN(f) __builtin_##f
#else /* USE_BUILTINS */
#define BUILTIN(f) f
#endif /* USE_BUILTINS */
#ifdef VARIANT
#define __mempcpy_chk BUILTIN(__mempcpy_chk)
void *__mempcpy_chk(void *__restrict__ s1, const void *__restrict__ s2,
size_t n, size_t destlen);
#define mempcpy(a,b,c) __mempcpy_chk(a,b,c,(size_t)-1)
#else /* VARIANT */
#define mempcpy BUILTIN(mempcpy)
void *mempcpy(void *__restrict__ s1, const void *__restrict__ s2, size_t n);
#endif /* VARIANT */
void clang_analyzer_eval(int);
int *testStdCopyInvalidatesBuffer(std::vector<int> v) {
int n = v.size();
int *buf = (int *)malloc(n * sizeof(int));
buf[0] = 66;
// Call to copy should invalidate buf.
std::copy(v.begin(), v.end(), buf);
int i = buf[0];
clang_analyzer_eval(i == 66); // expected-warning {{UNKNOWN}}
return buf;
}
int *testStdCopyBackwardInvalidatesBuffer(std::vector<int> v) {
int n = v.size();
int *buf = (int *)malloc(n * sizeof(int));
buf[0] = 66;
// Call to copy_backward should invalidate buf.
std::copy_backward(v.begin(), v.end(), buf + n);
int i = buf[0];
clang_analyzer_eval(i == 66); // expected-warning {{UNKNOWN}}
return buf;
}
namespace pr34460 {
short a;
class b {
int c;
long g;
void d() {
int e = c;
f += e;
mempcpy(f, &a, g);
}
unsigned *f;
};
}
void *memset(void *dest, int ch, std::size_t count);
namespace memset_non_pod {
class Base {
public:
int b_mem;
Base() : b_mem(1) {}
};
class Derived : public Base {
public:
int d_mem;
Derived() : d_mem(2) {}
};
void memset1_inheritance() {
Derived d;
memset(&d, 0, sizeof(Derived));
clang_analyzer_eval(d.b_mem == 0); // expected-warning{{TRUE}}
clang_analyzer_eval(d.d_mem == 0); // expected-warning{{TRUE}}
}
#ifdef SUPPRESS_OUT_OF_BOUND
void memset2_inheritance_field() {
Derived d;
memset(&d.d_mem, 0, sizeof(Derived));
clang_analyzer_eval(d.b_mem == 0); // expected-warning{{UNKNOWN}}
clang_analyzer_eval(d.d_mem == 0); // expected-warning{{UNKNOWN}}
}
void memset3_inheritance_field() {
Derived d;
memset(&d.b_mem, 0, sizeof(Derived));
clang_analyzer_eval(d.b_mem == 0); // expected-warning{{TRUE}}
clang_analyzer_eval(d.d_mem == 0); // expected-warning{{TRUE}}
}
#endif
void memset4_array_nonpod_object() {
Derived array[10];
clang_analyzer_eval(array[1].b_mem == 1); // expected-warning{{UNKNOWN}}
clang_analyzer_eval(array[1].d_mem == 2); // expected-warning{{UNKNOWN}}
memset(&array[1], 0, sizeof(Derived));
clang_analyzer_eval(array[1].b_mem == 0); // expected-warning{{UNKNOWN}}
clang_analyzer_eval(array[1].d_mem == 0); // expected-warning{{UNKNOWN}}
}
void memset5_array_nonpod_object() {
Derived array[10];
clang_analyzer_eval(array[1].b_mem == 1); // expected-warning{{UNKNOWN}}
clang_analyzer_eval(array[1].d_mem == 2); // expected-warning{{UNKNOWN}}
memset(array, 0, sizeof(array));
clang_analyzer_eval(array[1].b_mem == 0); // expected-warning{{TRUE}}
clang_analyzer_eval(array[1].d_mem == 0); // expected-warning{{TRUE}}
}
void memset6_new_array_nonpod_object() {
Derived *array = new Derived[10];
clang_analyzer_eval(array[2].b_mem == 1); // expected-warning{{UNKNOWN}}
clang_analyzer_eval(array[2].d_mem == 2); // expected-warning{{UNKNOWN}}
memset(array, 0, 10 * sizeof(Derived));
clang_analyzer_eval(array[2].b_mem == 0); // expected-warning{{TRUE}}
clang_analyzer_eval(array[2].d_mem == 0); // expected-warning{{TRUE}}
delete[] array;
}
void memset7_placement_new() {
Derived *d = new Derived();
clang_analyzer_eval(d->b_mem == 1); // expected-warning{{TRUE}}
clang_analyzer_eval(d->d_mem == 2); // expected-warning{{TRUE}}
memset(d, 0, sizeof(Derived));
clang_analyzer_eval(d->b_mem == 0); // expected-warning{{TRUE}}
clang_analyzer_eval(d->d_mem == 0); // expected-warning{{TRUE}}
Derived *d1 = new (d) Derived();
clang_analyzer_eval(d1->b_mem == 1); // expected-warning{{TRUE}}
clang_analyzer_eval(d1->d_mem == 2); // expected-warning{{TRUE}}
memset(d1, 0, sizeof(Derived));
clang_analyzer_eval(d->b_mem == 0); // expected-warning{{TRUE}}
clang_analyzer_eval(d->d_mem == 0); // expected-warning{{TRUE}}
}
class BaseVirtual {
public:
int b_mem;
virtual int get() { return 1; }
};
class DerivedVirtual : public BaseVirtual {
public:
int d_mem;
};
#ifdef SUPPRESS_OUT_OF_BOUND
void memset8_virtual_inheritance_field() {
DerivedVirtual d;
memset(&d.b_mem, 0, sizeof(Derived));
clang_analyzer_eval(d.b_mem == 0); // expected-warning{{UNKNOWN}}
clang_analyzer_eval(d.d_mem == 0); // expected-warning{{UNKNOWN}}
}
#endif
} // namespace memset_non_pod
#ifdef SUPPRESS_OUT_OF_BOUND
void memset1_new_array() {
int *array = new int[10];
memset(array, 0, 10 * sizeof(int));
clang_analyzer_eval(array[2] == 0); // expected-warning{{TRUE}}
memset(array + 1, 'a', 10 * sizeof(9));
clang_analyzer_eval(array[2] == 0); // expected-warning{{UNKNOWN}}
delete[] array;
}
#endif