xref: /llvm-project/clang/test/Analysis/array-bound-v2-constraint-check.c (revision 12559064e05a11e8418425de59d8745f0cfb1122) 
1 // RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.Malloc,alpha.security.ArrayBoundV2,debug.ExprInspection \
2 // RUN:   -analyzer-config eagerly-assume=false -verify %s
3 
4 void clang_analyzer_eval(int);
5 void clang_analyzer_printState(void);
6 
7 typedef typeof(sizeof(int)) size_t;
8 const char a[] = "abcd"; // extent: 5 bytes
9 
symbolic_size_t_and_int0(size_t len)10 void symbolic_size_t_and_int0(size_t len) {
11   (void)a[len + 1]; // no-warning
12   // We infered that the 'len' must be in a specific range to make the previous indexing valid.
13   // len: [0,3]
14   clang_analyzer_eval(len <= 3); // expected-warning {{TRUE}}
15   clang_analyzer_eval(len <= 2); // expected-warning {{UNKNOWN}}
16 }
17 
symbolic_size_t_and_int1(size_t len)18 void symbolic_size_t_and_int1(size_t len) {
19   (void)a[len]; // no-warning
20   // len: [0,4]
21   clang_analyzer_eval(len <= 4); // expected-warning {{TRUE}}
22   clang_analyzer_eval(len <= 3); // expected-warning {{UNKNOWN}}
23 }
24 
symbolic_size_t_and_int2(size_t len)25 void symbolic_size_t_and_int2(size_t len) {
26   (void)a[len - 1]; // no-warning
27   // len: [1,5]
28   clang_analyzer_eval(1 <= len && len <= 5); // expected-warning {{TRUE}}
29   clang_analyzer_eval(2 <= len);             // expected-warning {{UNKNOWN}}
30   clang_analyzer_eval(len <= 4);             // expected-warning {{UNKNOWN}}
31 }
32 
symbolic_uint_and_int0(unsigned len)33 void symbolic_uint_and_int0(unsigned len) {
34   (void)a[len + 1]; // no-warning
35   // len: [0,3]
36   clang_analyzer_eval(0 <= len && len <= 3); // expected-warning {{TRUE}}
37   clang_analyzer_eval(1 <= len);             // expected-warning {{UNKNOWN}}
38   clang_analyzer_eval(len <= 2);             // expected-warning {{UNKNOWN}}
39 }
40 
symbolic_uint_and_int1(unsigned len)41 void symbolic_uint_and_int1(unsigned len) {
42   (void)a[len]; // no-warning
43   // len: [0,4]
44   clang_analyzer_eval(0 <= len && len <= 4); // expected-warning {{TRUE}}
45   clang_analyzer_eval(1 <= len);             // expected-warning {{UNKNOWN}}
46   clang_analyzer_eval(len <= 3);             // expected-warning {{UNKNOWN}}
47 }
symbolic_uint_and_int2(unsigned len)48 void symbolic_uint_and_int2(unsigned len) {
49   (void)a[len - 1]; // no-warning
50   // len: [1,5]
51   clang_analyzer_eval(1 <= len && len <= 5); // expected-warning {{TRUE}}
52   clang_analyzer_eval(2 <= len);             // expected-warning {{UNKNOWN}}
53   clang_analyzer_eval(len <= 4);             // expected-warning {{UNKNOWN}}
54 }
55 
symbolic_int_and_int0(int len)56 void symbolic_int_and_int0(int len) {
57   (void)a[len + 1]; // no-warning
58   // len: [-1,3]
59   clang_analyzer_eval(-1 <= len && len <= 3); // expected-warning {{TRUE}}
60   clang_analyzer_eval(0 <= len);              // expected-warning {{UNKNOWN}}
61   clang_analyzer_eval(len <= 2);              // expected-warning {{UNKNOWN}}
62 }
symbolic_int_and_int1(int len)63 void symbolic_int_and_int1(int len) {
64   (void)a[len]; // no-warning
65   // len: [0,4]
66   clang_analyzer_eval(0 <= len && len <= 4); // expected-warning {{TRUE}}
67   clang_analyzer_eval(1 <= len);             // expected-warning {{UNKNOWN}}
68   clang_analyzer_eval(len <= 3);             // expected-warning {{UNKNOWN}}
69 }
symbolic_int_and_int2(int len)70 void symbolic_int_and_int2(int len) {
71   (void)a[len - 1]; // no-warning
72   // len: [1,5]
73   clang_analyzer_eval(1 <= len && len <= 5); // expected-warning {{TRUE}}
74   clang_analyzer_eval(2 <= len);             // expected-warning {{UNKNOWN}}
75   clang_analyzer_eval(len <= 4);             // expected-warning {{UNKNOWN}}
76 }
77 
symbolic_longlong_and_int0(long long len)78 void symbolic_longlong_and_int0(long long len) {
79   (void)a[len + 1]; // no-warning
80   // len: [-1,3]
81   clang_analyzer_eval(-1 <= len && len <= 3); // expected-warning {{TRUE}}
82   clang_analyzer_eval(0 <= len);              // expected-warning {{UNKNOWN}}
83   clang_analyzer_eval(len <= 2);              // expected-warning {{UNKNOWN}}
84 }
85 
86 void *malloc(size_t);
87 void free(void *);
symbolic_longlong_and_int0_dynamic_extent(long long len)88 void symbolic_longlong_and_int0_dynamic_extent(long long len) {
89   char *b = malloc(5);
90   (void)b[len + 1]; // no-warning
91   // len: [-1,3]
92   clang_analyzer_eval(-1 <= len && len <= 3); // expected-warning {{TRUE}}
93   clang_analyzer_eval(0 <= len);              // expected-warning {{UNKNOWN}}
94   clang_analyzer_eval(len <= 2);              // expected-warning {{UNKNOWN}}
95   free(b);
96 }
97 
symbolic_longlong_and_int1(long long len)98 void symbolic_longlong_and_int1(long long len) {
99   (void)a[len]; // no-warning
100   // len: [0,4]
101   clang_analyzer_eval(0 <= len && len <= 4); // expected-warning {{TRUE}}
102   clang_analyzer_eval(1 <= len);             // expected-warning {{UNKNOWN}}
103   clang_analyzer_eval(len <= 3);             // expected-warning {{UNKNOWN}}
104 }
105 
symbolic_longlong_and_int2(long long len)106 void symbolic_longlong_and_int2(long long len) {
107   (void)a[len - 1]; // no-warning
108   // len: [1,5]
109   clang_analyzer_eval(1 <= len && len <= 5); // expected-warning {{TRUE}}
110   clang_analyzer_eval(2 <= len);             // expected-warning {{UNKNOWN}}
111   clang_analyzer_eval(len <= 4);             // expected-warning {{UNKNOWN}}
112 }
113