1 // RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.cstring,debug.ExprInspection -analyzer-store=region -verify %s
2 // RUN: %clang_cc1 -analyze -DUSE_BUILTINS -analyzer-checker=core,unix.cstring,debug.ExprInspection -analyzer-store=region -verify %s
3 // XFAIL: *
4
5 // This file is for tests that may eventually go into string.c, or may be
6 // deleted outright. At one point these tests passed, but only because we
7 // weren't correctly modelling the behavior of the relevant string functions.
8 // The tests aren't incorrect, but require the analyzer to be smarter about
9 // conjured values than it currently is.
10
11 //===----------------------------------------------------------------------===
12 // Declarations
13 //===----------------------------------------------------------------------===
14
15 // Some functions are so similar to each other that they follow the same code
16 // path, such as memcpy and __memcpy_chk, or memcmp and bcmp. If VARIANT is
17 // defined, make sure to use the variants instead to make sure they are still
18 // checked by the analyzer.
19
20 // Some functions are implemented as builtins. These should be #defined as
21 // BUILTIN(f), which will prepend "__builtin_" if USE_BUILTINS is defined.
22
23 // Functions that have variants and are also available as builtins should be
24 // declared carefully! See memcpy() for an example.
25
26 #ifdef USE_BUILTINS
27 # define BUILTIN(f) __builtin_ ## f
28 #else /* USE_BUILTINS */
29 # define BUILTIN(f) f
30 #endif /* USE_BUILTINS */
31
32 #define NULL 0
33 typedef typeof(sizeof(int)) size_t;
34
35 void clang_analyzer_eval(int);
36
37 //===----------------------------------------------------------------------===
38 // strnlen()
39 //===----------------------------------------------------------------------===
40
41 #define strnlen BUILTIN(strnlen)
42 size_t strnlen(const char *s, size_t maxlen);
43
strnlen_liveness(const char * x)44 void strnlen_liveness(const char *x) {
45 if (strnlen(x, 10) < 5)
46 return;
47 clang_analyzer_eval(strnlen(x, 10) < 5); // expected-warning{{FALSE}}
48 }
49
strnlen_subregion()50 void strnlen_subregion() {
51 struct two_stringsn { char a[2], b[2]; };
52 extern void use_two_stringsn(struct two_stringsn *);
53
54 struct two_stringsn z;
55 use_two_stringsn(&z);
56
57 size_t a = strnlen(z.a, 10);
58 z.b[0] = 5;
59 size_t b = strnlen(z.a, 10);
60 if (a == 0)
61 clang_analyzer_eval(b == 0); // expected-warning{{TRUE}}
62
63 use_two_stringsn(&z);
64
65 size_t c = strnlen(z.a, 10);
66 if (a == 0)
67 clang_analyzer_eval(c == 0); // expected-warning{{UNKNOWN}}
68 }
69
70 extern void use_stringn(char *);
strnlen_argument(char * x)71 void strnlen_argument(char *x) {
72 size_t a = strnlen(x, 10);
73 size_t b = strnlen(x, 10);
74 if (a == 0)
75 clang_analyzer_eval(b == 0); // expected-warning{{TRUE}}
76
77 use_stringn(x);
78
79 size_t c = strnlen(x, 10);
80 if (a == 0)
81 clang_analyzer_eval(c == 0); // expected-warning{{UNKNOWN}}
82 }
83
84 extern char global_strn[];
strnlen_global()85 void strnlen_global() {
86 size_t a = strnlen(global_strn, 10);
87 size_t b = strnlen(global_strn, 10);
88 if (a == 0)
89 clang_analyzer_eval(b == 0); // expected-warning{{TRUE}}
90
91 // Call a function with unknown effects, which should invalidate globals.
92 use_stringn(0);
93
94 size_t c = strnlen(global_strn, 10);
95 if (a == 0)
96 clang_analyzer_eval(c == 0); // expected-warning{{UNKNOWN}}
97 }
98
strnlen_indirect(char * x)99 void strnlen_indirect(char *x) {
100 size_t a = strnlen(x, 10);
101 char *p = x;
102 char **p2 = &p;
103 size_t b = strnlen(x, 10);
104 if (a == 0)
105 clang_analyzer_eval(b == 0); // expected-warning{{TRUE}}
106
107 extern void use_stringn_ptr(char*const*);
108 use_stringn_ptr(p2);
109
110 size_t c = strnlen(x, 10);
111 if (a == 0)
112 clang_analyzer_eval(c == 0); // expected-warning{{UNKNOWN}}
113 }
114