array-struct-region.c   [plain text]

// RUN: %clang_cc1 -analyze -analyzer-checker=core,alpha.core,debug.ExprInspection -analyzer-constraints=range -verify %s

void clang_analyzer_eval(int);

int string_literal_init() {
  char a[] = "abc";
  char b[2] = "abc"; // expected-warning{{too long}}
  char c[5] = "abc";

  clang_analyzer_eval(a[1] == 'b'); // expected-warning{{TRUE}}
  clang_analyzer_eval(b[1] == 'b'); // expected-warning{{TRUE}}
  clang_analyzer_eval(c[1] == 'b'); // expected-warning{{TRUE}}

  clang_analyzer_eval(a[3] == 0); // expected-warning{{TRUE}}
  clang_analyzer_eval(c[3] == 0); // expected-warning{{TRUE}}

  clang_analyzer_eval(c[4] == 0); // expected-warning{{TRUE}}

  return 42;
}

void nested_compound_literals(int rad) {
  int vec[6][2] = {{0.195, 0.02}, {0.383, 0.067}, {0.55, 0.169},  // expected-warning 6 {{implicit conversion from 'double' to 'int' changes value from}}
                   {0.831, 0.45}, {0.924, 0.617}, {0.98, 0.805}}; // expected-warning 6 {{implicit conversion from 'double' to 'int' changes value from}}
  int a;

  for (a = 0; a < 6; ++a) {
      vec[a][0] *= rad; // no-warning
      vec[a][1] *= rad; // no-warning
  }
}

void nested_compound_literals_float(float rad) {
  float vec[6][2] = {{0.195, 0.02}, {0.383, 0.067}, {0.55, 0.169},
                     {0.831, 0.45}, {0.924, 0.617}, {0.98, 0.805}};
  int a;

  for (a = 0; a < 6; ++a) {
      vec[a][0] *= rad; // no-warning
      vec[a][1] *= rad; // no-warning
  }
}


void struct_as_array() {
  struct simple { int x; int y; };
  struct simple a;
  struct simple *p = &a;

  p->x = 5;
  clang_analyzer_eval(a.x == 5); // expected-warning{{TRUE}}
  clang_analyzer_eval(p[0].x == 5); // expected-warning{{TRUE}}

  p[0].y = 5;
  clang_analyzer_eval(a.y == 5); // expected-warning{{TRUE}}
  clang_analyzer_eval(p->y == 5); // expected-warning{{TRUE}}
}


// PR13264 / <rdar://problem/11802440>
struct point { int x; int y; };
struct circle { struct point o; int r; };
struct circle get_circle() {
  struct circle result;
  result.r = 5;
  result.o = (struct point){0, 0};
  return result;
}

void struct_in_struct() {
  struct circle c;
  c = get_circle();
  // This used to think c.r was undefined because c.o is a LazyCompoundVal.
  clang_analyzer_eval(c.r == 5); // expected-warning{{TRUE}}
}

// We also test with floats because we don't model floats right now,
// and the original bug report used a float.
struct circle_f { struct point o; float r; };
struct circle_f get_circle_f() {
  struct circle_f result;
  result.r = 5.0;
  result.o = (struct point){0, 0};
  return result;
}

float struct_in_struct_f() {
  struct circle_f c;
  c = get_circle_f();

  return c.r; // no-warning
}


int randomInt();

int testSymbolicInvalidation(int index) {
  int vals[10];

  vals[0] = 42;
  clang_analyzer_eval(vals[0] == 42); // expected-warning{{TRUE}}

  vals[index] = randomInt();
  clang_analyzer_eval(vals[0] == 42); // expected-warning{{UNKNOWN}}

  return vals[index]; // no-warning
}

int testConcreteInvalidation(int index) {
  int vals[10];

  vals[index] = 42;
  clang_analyzer_eval(vals[index] == 42); // expected-warning{{TRUE}}
  vals[0] = randomInt();
  clang_analyzer_eval(vals[index] == 42); // expected-warning{{UNKNOWN}}

  return vals[0]; // no-warning
}


typedef struct {
  int x, y, z;
} S;

S makeS();

int testSymbolicInvalidationStruct(int index) {
  S vals[10];

  vals[0].x = 42;
  clang_analyzer_eval(vals[0].x == 42); // expected-warning{{TRUE}}

  vals[index] = makeS();
  clang_analyzer_eval(vals[0].x == 42); // expected-warning{{UNKNOWN}}

  return vals[index].x; // no-warning
}

int testConcreteInvalidationStruct(int index) {
  S vals[10];

  vals[index].x = 42;
  clang_analyzer_eval(vals[index].x == 42); // expected-warning{{TRUE}}
  vals[0] = makeS();
  clang_analyzer_eval(vals[index].x == 42); // expected-warning{{UNKNOWN}}

  return vals[0].x; // no-warning
}

typedef struct {
  S a[5];
  S b[5];
} SS;

int testSymbolicInvalidationDoubleStruct(int index) {
  SS vals;

  vals.a[0].x = 42;
  vals.b[0].x = 42;
  clang_analyzer_eval(vals.a[0].x == 42); // expected-warning{{TRUE}}
  clang_analyzer_eval(vals.b[0].x == 42); // expected-warning{{TRUE}}

  vals.a[index] = makeS();
  clang_analyzer_eval(vals.a[0].x == 42); // expected-warning{{UNKNOWN}}
  clang_analyzer_eval(vals.b[0].x == 42); // expected-warning{{TRUE}}

  return vals.b[index].x; // no-warning
}

int testConcreteInvalidationDoubleStruct(int index) {
  SS vals;

  vals.a[index].x = 42;
  vals.b[index].x = 42;
  clang_analyzer_eval(vals.a[index].x == 42); // expected-warning{{TRUE}}
  clang_analyzer_eval(vals.b[index].x == 42); // expected-warning{{TRUE}}

  vals.a[0] = makeS();
  clang_analyzer_eval(vals.a[index].x == 42); // expected-warning{{UNKNOWN}}
  clang_analyzer_eval(vals.b[index].x == 42); // expected-warning{{TRUE}}

  return vals.b[0].x; // no-warning
}


int testNonOverlappingStructFieldsSimple() {
  S val;

  val.x = 1;
  val.y = 2;
  clang_analyzer_eval(val.x == 1); // expected-warning{{TRUE}}
  clang_analyzer_eval(val.y == 2); // expected-warning{{TRUE}}

  return val.z; // expected-warning{{garbage}}
}

int testNonOverlappingStructFieldsSymbolicBase(int index, int anotherIndex) {
  SS vals;

  vals.a[index].x = 42;
  vals.a[index].y = 42;
  clang_analyzer_eval(vals.a[index].x == 42); // expected-warning{{TRUE}}
  clang_analyzer_eval(vals.a[index].y == 42); // expected-warning{{TRUE}}

  vals.a[anotherIndex].x = 42;
  clang_analyzer_eval(vals.a[index].x == 42); // expected-warning{{UNKNOWN}}
  clang_analyzer_eval(vals.a[index].y == 42); // expected-warning{{TRUE}}

  // FIXME: False negative. No bind ever set a field 'z'.
  return vals.a[index].z; // no-warning
}

int testStructFieldChains(int index, int anotherIndex) {
  SS vals[4];

  vals[index].a[0].x = 42;
  vals[anotherIndex].a[1].y = 42;
  clang_analyzer_eval(vals[index].a[0].x == 42); // expected-warning{{TRUE}}
  clang_analyzer_eval(vals[anotherIndex].a[1].y == 42); // expected-warning{{TRUE}}

  // This doesn't affect anything in the 'a' array field.
  vals[anotherIndex].b[1].x = 42;
  clang_analyzer_eval(vals[index].a[0].x == 42); // expected-warning{{TRUE}}
  clang_analyzer_eval(vals[anotherIndex].a[1].y == 42); // expected-warning{{TRUE}}
  clang_analyzer_eval(vals[anotherIndex].b[1].x == 42); // expected-warning{{TRUE}}

  // This doesn't affect anything in the 'b' array field.
  vals[index].a[anotherIndex].x = 42;
  clang_analyzer_eval(vals[index].a[0].x == 42); // expected-warning{{UNKNOWN}}
  clang_analyzer_eval(vals[anotherIndex].a[0].x == 42); // expected-warning{{UNKNOWN}}
  clang_analyzer_eval(vals[anotherIndex].a[1].y == 42); // expected-warning{{TRUE}}
  clang_analyzer_eval(vals[anotherIndex].b[1].x == 42); // expected-warning{{TRUE}}

  // FIXME: False negative. No bind ever set a field 'z'.
  return vals[index].a[0].z; // no-warning
}

int testStructFieldChainsNested(int index, int anotherIndex) {
  SS vals[4];

  vals[index].a[0].x = 42;
  clang_analyzer_eval(vals[index].a[0].x == 42); // expected-warning{{TRUE}}

  vals[index].b[0] = makeS();
  clang_analyzer_eval(vals[index].a[0].x == 42); // expected-warning{{TRUE}}

  vals[index].a[0] = makeS();
  clang_analyzer_eval(vals[index].a[0].x == 42); // expected-warning{{UNKNOWN}}

  vals[index].a[0].x = 42;
  clang_analyzer_eval(vals[index].a[0].x == 42); // expected-warning{{TRUE}}

  return 0;
}


// --------------------
// False positives
// --------------------

int testMixSymbolicAndConcrete(int index, int anotherIndex) {
  SS vals;

  vals.a[index].x = 42;
  vals.a[0].y = 42;

  // FIXME: Should be TRUE.
  clang_analyzer_eval(vals.a[index].x == 42); // expected-warning{{UNKNOWN}}
  // Should be TRUE; we set this explicitly.
  clang_analyzer_eval(vals.a[0].y == 42); // expected-warning{{TRUE}}

  vals.a[anotherIndex].y = 42;

  // Should be UNKNOWN; we set an 'x'.
  clang_analyzer_eval(vals.a[index].x == 42); // expected-warning{{UNKNOWN}}
  // FIXME: Should be TRUE.
  clang_analyzer_eval(vals.a[0].y == 42); // expected-warning{{UNKNOWN}}

  return vals.a[0].x; // no-warning
}

void testFieldChainIsNotEnough(int index) {
  SS vals[4];

  vals[index].a[0].x = 42;
  clang_analyzer_eval(vals[index].a[0].x == 42); // expected-warning{{TRUE}}

  vals[index].a[1] = makeS();
  // FIXME: Should be TRUE.
  clang_analyzer_eval(vals[index].a[0].x == 42); // expected-warning{{UNKNOWN}}
}