xref: /llvm-project/clang/test/Analysis/casts.c (revision 0d384fe978f9675be9fe960940daa2fd599104ed) 
1 // RUN: %clang_analyze_cc1 -triple x86_64-apple-darwin9 -fenable-matrix -analyzer-checker=core,alpha.core,debug.ExprInspection -Wno-pointer-to-int-cast -Wno-strict-prototypes -verify -analyzer-config eagerly-assume=false %s
2 // RUN: %clang_analyze_cc1 -triple i386-apple-darwin9 -fenable-matrix -analyzer-checker=core,alpha.core,debug.ExprInspection -Wno-pointer-to-int-cast -Wno-strict-prototypes -verify -analyzer-config eagerly-assume=false %s
3 // RUN: %clang_analyze_cc1 -triple x86_64-apple-darwin9 -fenable-matrix -analyzer-checker=core,alpha.core,debug.ExprInspection -Wno-pointer-to-int-cast -Wno-strict-prototypes -verify -DEAGERLY_ASSUME=1 -w %s
4 // RUN: %clang_analyze_cc1 -triple i386-apple-darwin9 -fenable-matrix -analyzer-checker=core,alpha.core,debug.ExprInspection -Wno-pointer-to-int-cast -Wno-strict-prototypes -verify -DEAGERLY_ASSUME=1 -DBIT32=1 -w %s
5 
6 extern void clang_analyzer_eval(_Bool);
7 
8 // Test if the 'storage' region gets properly initialized after it is cast to
9 // 'struct sockaddr *'.
10 
11 typedef unsigned char __uint8_t;
12 typedef unsigned int __uint32_t;
13 typedef __uint32_t __darwin_socklen_t;
14 typedef __uint8_t sa_family_t;
15 typedef __darwin_socklen_t socklen_t;
16 struct sockaddr { sa_family_t sa_family; };
17 struct sockaddr_storage {};
18 
19 void getsockname();
20 
21 #ifndef EAGERLY_ASSUME
22 
23 void f(int sock) {
24   struct sockaddr_storage storage;
25   struct sockaddr* sockaddr = (struct sockaddr*)&storage; // expected-warning{{Casting data to a larger structure type and accessing a field can lead to memory access errors or data corruption}}
26   socklen_t addrlen = sizeof(storage);
27   getsockname(sock, sockaddr, &addrlen);
28   switch (sockaddr->sa_family) { // no-warning
29   default:
30     ;
31   }
32 }
33 
34 struct s {
35   struct s *value;
36 };
37 
38 void f1(struct s **pval) {
39   int *tbool = ((void*)0);
40   struct s *t = *pval;
41   pval = &(t->value);
42   tbool = (int *)pval; // use the cast-to type 'int *' to create element region.
43   char c = (unsigned char) *tbool; // Should use cast-to type to create symbol.
44   if (*tbool == -1) // here load the element region with the correct type 'int'
45     (void)3;
46 }
47 
48 void f2(const char *str) {
49  unsigned char ch, cl, *p;
50 
51  p = (unsigned char *)str;
52  ch = *p++; // use cast-to type 'unsigned char' to create element region.
53  cl = *p++;
54  if(!cl)
55     cl = 'a';
56 }
57 
58 // Test cast VariableSizeArray to pointer does not crash.
59 void *memcpy(void *, void const *, unsigned long);
60 typedef unsigned char Byte;
61 void doit(char *data, int len) {
62     if (len) {
63         Byte buf[len];
64         memcpy(buf, data, len);
65     }
66 }
67 
68 // PR 6013 and 6035 - Test that a cast of a pointer to long and then to int does not crash SValuator.
69 void pr6013_6035_test(void *p) {
70   unsigned int foo;
71   foo = ((long)(p));
72   (void) foo;
73 }
74 
75 // PR12511 - Test that we support SymCastExpr, which represents symbolic int to float cast.
76 char ttt(int intSeconds) {
77   double seconds = intSeconds;
78   if (seconds)
79     return 0;
80   return 0;
81 }
82 
83 int foo (int* p) {
84   int y = 0;
85   if (p == 0) {
86     if ((*((void**)&p)) == (void*)0) // Test that the cast to void preserves the symbolic region.
87       return 0;
88     else
89       return 5/y; // This code should be unreachable: no-warning.
90   }
91   return 0;
92 }
93 
94 void castsToBool(void) {
95   clang_analyzer_eval(0); // expected-warning{{FALSE}}
96   clang_analyzer_eval(0U); // expected-warning{{FALSE}}
97   clang_analyzer_eval((void *)0); // expected-warning{{FALSE}}
98 
99   clang_analyzer_eval(1); // expected-warning{{TRUE}}
100   clang_analyzer_eval(1U); // expected-warning{{TRUE}}
101   clang_analyzer_eval(-1); // expected-warning{{TRUE}}
102   clang_analyzer_eval(0x100); // expected-warning{{TRUE}}
103   clang_analyzer_eval(0x100U); // expected-warning{{TRUE}}
104   clang_analyzer_eval((void *)0x100); // expected-warning{{TRUE}}
105 
106   extern int symbolicInt;
107   clang_analyzer_eval(symbolicInt); // expected-warning{{UNKNOWN}}
108   if (symbolicInt)
109     clang_analyzer_eval(symbolicInt); // expected-warning{{TRUE}}
110 
111   extern void *symbolicPointer;
112   clang_analyzer_eval(symbolicPointer); // expected-warning{{UNKNOWN}}
113   if (symbolicPointer)
114     clang_analyzer_eval(symbolicPointer); // expected-warning{{TRUE}}
115 
116   int localInt;
117   int* ptr = &localInt;
118   clang_analyzer_eval(ptr); // expected-warning{{TRUE}}
119   clang_analyzer_eval(&castsToBool); // expected-warning{{TRUE}}
120   clang_analyzer_eval("abc"); // expected-warning{{TRUE}}
121 
122   extern float globalFloat;
123   clang_analyzer_eval(globalFloat); // expected-warning{{UNKNOWN}}
124 }
125 
126 void locAsIntegerCasts(void *p) {
127   int x = (int) p;
128   clang_analyzer_eval(++x < 10); // no-crash // expected-warning{{UNKNOWN}}
129 }
130 
131 void multiDimensionalArrayPointerCasts(void) {
132   static int x[10][10];
133   int *y1 = &(x[3][5]);
134   char *z = ((char *) y1) + 2;
135   int *y2 = (int *)(z - 2);
136   int *y3 = ((int *)x) + 35; // This is offset for [3][5].
137 
138   clang_analyzer_eval(y1 == y2); // expected-warning{{TRUE}}
139 
140   // FIXME: should be FALSE (i.e. equal pointers).
141   clang_analyzer_eval(y1 - y2); // expected-warning{{UNKNOWN}}
142   // FIXME: should be TRUE (i.e. same symbol).
143   clang_analyzer_eval(*y1 == *y2); // expected-warning{{UNKNOWN}}
144 
145   clang_analyzer_eval(*((char *)y1) == *((char *) y2)); // expected-warning{{TRUE}}
146 
147   clang_analyzer_eval(y1 == y3); // expected-warning{{TRUE}}
148 
149   // FIXME: should be FALSE (i.e. equal pointers).
150   clang_analyzer_eval(y1 - y3); // expected-warning{{UNKNOWN}}
151   // FIXME: should be TRUE (i.e. same symbol).
152   clang_analyzer_eval(*y1 == *y3); // expected-warning{{UNKNOWN}}
153 
154   clang_analyzer_eval(*((char *)y1) == *((char *) y3)); // expected-warning{{TRUE}}
155 }
156 
157 void *getVoidPtr(void);
158 
159 void testCastVoidPtrToIntPtrThroughIntTypedAssignment(void) {
160   int *x;
161   (*((int *)(&x))) = (int)getVoidPtr();
162   *x = 1; // no-crash
163 }
164 
165 void testCastUIntPtrToIntPtrThroughIntTypedAssignment(void) {
166   unsigned u;
167   int *x;
168   (*((int *)(&x))) = (int)&u;
169   *x = 1;
170   clang_analyzer_eval(u == 1); // expected-warning{{TRUE}}
171 }
172 
173 void testCastVoidPtrToIntPtrThroughUIntTypedAssignment(void) {
174   int *x;
175   (*((int *)(&x))) = (int)(unsigned *)getVoidPtr();
176   *x = 1; // no-crash
177 }
178 
179 void testLocNonLocSymbolAssume(int a, int *b) {
180   if ((int)b < a) {} // no-crash
181 }
182 
183 void testLocNonLocSymbolRemainder(int a, int *b) {
184   int c = ((int)b) % a;
185   if (a == 1) {
186     c += 1;
187   }
188 }
189 
190 void testSwitchWithSizeofs(void) {
191   switch (sizeof(char) == 1) { // expected-warning{{switch condition has boolean value}}
192   case sizeof(char):; // no-crash
193   }
194 }
195 
196 void test_ToUnion_cast(unsigned long long x) {
197   union Key {
198     unsigned long long data;
199   };
200   void clang_analyzer_dump_union(union Key);
201   clang_analyzer_dump_union((union Key)x); // expected-warning {{Unknown}}
202 }
203 
204 typedef char cx5x5 __attribute__((matrix_type(5, 5)));
205 typedef int ix5x5 __attribute__((matrix_type(5, 5)));
206 void test_MatrixCast_cast(cx5x5 c) {
207   void clang_analyzer_dump_ix5x5(ix5x5);
208   clang_analyzer_dump_ix5x5((ix5x5)c); // expected-warning {{Unknown}}
209 }
210 
211 void test_VectorSplat_cast(long x) {
212   typedef int __attribute__((ext_vector_type(2))) V;
213   void clang_analyzer_dump_V(V);
214   clang_analyzer_dump_V((V)x); // expected-warning {{Unknown}}
215 }
216 
217 #endif
218 
219 #ifdef EAGERLY_ASSUME
220 
221 int globalA;
222 extern int globalFunc(void);
223 void no_crash_on_symsym_cast_to_long(void) {
224   char c = globalFunc() - 5;
225   c == 0;
226   globalA -= c;
227   globalA == 3;
228   (long)globalA << 48;
229   #ifdef BIT32
230   // expected-warning@-2{{Left shift by '48' overflows the capacity of 'long'}}
231   #else
232   // expected-no-diagnostics
233   #endif
234 }
235 
236 #endif
237 
238 char no_crash_SymbolCast_of_float_type_aux(int *p) {
239   *p += 1;
240   return *p;
241 }
242 
243 void no_crash_SymbolCast_of_float_type(void) {
244   extern float x;
245   char (*f)() = no_crash_SymbolCast_of_float_type_aux;
246   f(&x);
247 }
248 
249 double no_crash_reinterpret_double_as_int(double a) {
250   *(int *)&a = 1;
251   return a * a;
252 }
253 
254 double no_crash_reinterpret_double_as_ptr(double a) {
255   *(void **)&a = 0;
256   return a * a;
257 }
258 
259 double no_crash_reinterpret_double_as_sym_int(double a, int b) {
260   *(int *)&a = b;
261   return a * a;
262 }
263 
264 double no_crash_reinterpret_double_as_sym_ptr(double a, void * b) {
265   *(void **)&a = b;
266   return a * a;
267 }
268 
269 void no_crash_reinterpret_char_as_uchar(char ***a, int *b) {
270   *(unsigned char **)a = (unsigned char *)b;
271   if (**a == 0) // no-crash
272     ;
273 }
274 
275 // PR50179.
276 struct S {};
277 void symbolic_offset(struct S *ptr, int i) {
278   const struct S *pS = ptr + i;
279   struct S s = *pS; // no-crash
280 }
281