annotate clang/test/Analysis/out-of-bounds.c @ 150:1d019706d866

LLVM10
author anatofuz
date Thu, 13 Feb 2020 15:10:13 +0900
parents
children c4bab56944e8
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
150
anatofuz
parents:
diff changeset
1 // RUN: %clang_analyze_cc1 -Wno-array-bounds -analyzer-checker=core,alpha.security.ArrayBoundV2,debug.ExprInspection -verify %s
anatofuz
parents:
diff changeset
2
anatofuz
parents:
diff changeset
3 void clang_analyzer_eval(int);
anatofuz
parents:
diff changeset
4
anatofuz
parents:
diff changeset
5 // Tests doing an out-of-bounds access after the end of an array using:
anatofuz
parents:
diff changeset
6 // - constant integer index
anatofuz
parents:
diff changeset
7 // - constant integer size for buffer
anatofuz
parents:
diff changeset
8 void test1(int x) {
anatofuz
parents:
diff changeset
9 int buf[100];
anatofuz
parents:
diff changeset
10 buf[100] = 1; // expected-warning{{Out of bound memory access}}
anatofuz
parents:
diff changeset
11 }
anatofuz
parents:
diff changeset
12
anatofuz
parents:
diff changeset
13 void test1_ok(int x) {
anatofuz
parents:
diff changeset
14 int buf[100];
anatofuz
parents:
diff changeset
15 buf[99] = 1; // no-warning
anatofuz
parents:
diff changeset
16 }
anatofuz
parents:
diff changeset
17
anatofuz
parents:
diff changeset
18 const char test1_strings_underrun(int x) {
anatofuz
parents:
diff changeset
19 const char *mystr = "mary had a little lamb";
anatofuz
parents:
diff changeset
20 return mystr[-1]; // expected-warning{{Out of bound memory access}}
anatofuz
parents:
diff changeset
21 }
anatofuz
parents:
diff changeset
22
anatofuz
parents:
diff changeset
23 const char test1_strings_overrun(int x) {
anatofuz
parents:
diff changeset
24 const char *mystr = "mary had a little lamb";
anatofuz
parents:
diff changeset
25 return mystr[1000]; // expected-warning{{Out of bound memory access}}
anatofuz
parents:
diff changeset
26 }
anatofuz
parents:
diff changeset
27
anatofuz
parents:
diff changeset
28 const char test1_strings_ok(int x) {
anatofuz
parents:
diff changeset
29 const char *mystr = "mary had a little lamb";
anatofuz
parents:
diff changeset
30 return mystr[5]; // no-warning
anatofuz
parents:
diff changeset
31 }
anatofuz
parents:
diff changeset
32
anatofuz
parents:
diff changeset
33 // Tests doing an out-of-bounds access after the end of an array using:
anatofuz
parents:
diff changeset
34 // - indirect pointer to buffer
anatofuz
parents:
diff changeset
35 // - constant integer index
anatofuz
parents:
diff changeset
36 // - constant integer size for buffer
anatofuz
parents:
diff changeset
37 void test1_ptr(int x) {
anatofuz
parents:
diff changeset
38 int buf[100];
anatofuz
parents:
diff changeset
39 int *p = buf;
anatofuz
parents:
diff changeset
40 p[101] = 1; // expected-warning{{Out of bound memory access}}
anatofuz
parents:
diff changeset
41 }
anatofuz
parents:
diff changeset
42
anatofuz
parents:
diff changeset
43 void test1_ptr_ok(int x) {
anatofuz
parents:
diff changeset
44 int buf[100];
anatofuz
parents:
diff changeset
45 int *p = buf;
anatofuz
parents:
diff changeset
46 p[99] = 1; // no-warning
anatofuz
parents:
diff changeset
47 }
anatofuz
parents:
diff changeset
48
anatofuz
parents:
diff changeset
49 // Tests doing an out-of-bounds access before the start of an array using:
anatofuz
parents:
diff changeset
50 // - indirect pointer to buffer, manipulated using simple pointer arithmetic
anatofuz
parents:
diff changeset
51 // - constant integer index
anatofuz
parents:
diff changeset
52 // - constant integer size for buffer
anatofuz
parents:
diff changeset
53 void test1_ptr_arith(int x) {
anatofuz
parents:
diff changeset
54 int buf[100];
anatofuz
parents:
diff changeset
55 int *p = buf;
anatofuz
parents:
diff changeset
56 p = p + 100;
anatofuz
parents:
diff changeset
57 p[0] = 1; // expected-warning{{Out of bound memory access}}
anatofuz
parents:
diff changeset
58 }
anatofuz
parents:
diff changeset
59
anatofuz
parents:
diff changeset
60 void test1_ptr_arith_ok(int x) {
anatofuz
parents:
diff changeset
61 int buf[100];
anatofuz
parents:
diff changeset
62 int *p = buf;
anatofuz
parents:
diff changeset
63 p = p + 99;
anatofuz
parents:
diff changeset
64 p[0] = 1; // no-warning
anatofuz
parents:
diff changeset
65 }
anatofuz
parents:
diff changeset
66
anatofuz
parents:
diff changeset
67 void test1_ptr_arith_bad(int x) {
anatofuz
parents:
diff changeset
68 int buf[100];
anatofuz
parents:
diff changeset
69 int *p = buf;
anatofuz
parents:
diff changeset
70 p = p + 99;
anatofuz
parents:
diff changeset
71 p[1] = 1; // expected-warning{{Out of bound memory access}}
anatofuz
parents:
diff changeset
72 }
anatofuz
parents:
diff changeset
73
anatofuz
parents:
diff changeset
74 void test1_ptr_arith_ok2(int x) {
anatofuz
parents:
diff changeset
75 int buf[100];
anatofuz
parents:
diff changeset
76 int *p = buf;
anatofuz
parents:
diff changeset
77 p = p + 99;
anatofuz
parents:
diff changeset
78 p[-1] = 1; // no-warning
anatofuz
parents:
diff changeset
79 }
anatofuz
parents:
diff changeset
80
anatofuz
parents:
diff changeset
81 // Tests doing an out-of-bounds access before the start of an array using:
anatofuz
parents:
diff changeset
82 // - constant integer index
anatofuz
parents:
diff changeset
83 // - constant integer size for buffer
anatofuz
parents:
diff changeset
84 void test2(int x) {
anatofuz
parents:
diff changeset
85 int buf[100];
anatofuz
parents:
diff changeset
86 buf[-1] = 1; // expected-warning{{Out of bound memory access}}
anatofuz
parents:
diff changeset
87 }
anatofuz
parents:
diff changeset
88
anatofuz
parents:
diff changeset
89 // Tests doing an out-of-bounds access before the start of an array using:
anatofuz
parents:
diff changeset
90 // - indirect pointer to buffer
anatofuz
parents:
diff changeset
91 // - constant integer index
anatofuz
parents:
diff changeset
92 // - constant integer size for buffer
anatofuz
parents:
diff changeset
93 void test2_ptr(int x) {
anatofuz
parents:
diff changeset
94 int buf[100];
anatofuz
parents:
diff changeset
95 int *p = buf;
anatofuz
parents:
diff changeset
96 p[-1] = 1; // expected-warning{{Out of bound memory access}}
anatofuz
parents:
diff changeset
97 }
anatofuz
parents:
diff changeset
98
anatofuz
parents:
diff changeset
99 // Tests doing an out-of-bounds access before the start of an array using:
anatofuz
parents:
diff changeset
100 // - indirect pointer to buffer, manipulated using simple pointer arithmetic
anatofuz
parents:
diff changeset
101 // - constant integer index
anatofuz
parents:
diff changeset
102 // - constant integer size for buffer
anatofuz
parents:
diff changeset
103 void test2_ptr_arith(int x) {
anatofuz
parents:
diff changeset
104 int buf[100];
anatofuz
parents:
diff changeset
105 int *p = buf;
anatofuz
parents:
diff changeset
106 --p;
anatofuz
parents:
diff changeset
107 p[0] = 1; // expected-warning {{Out of bound memory access (accessed memory precedes memory block)}}
anatofuz
parents:
diff changeset
108 }
anatofuz
parents:
diff changeset
109
anatofuz
parents:
diff changeset
110 // Tests doing an out-of-bounds access before the start of a multi-dimensional
anatofuz
parents:
diff changeset
111 // array using:
anatofuz
parents:
diff changeset
112 // - constant integer indices
anatofuz
parents:
diff changeset
113 // - constant integer sizes for the array
anatofuz
parents:
diff changeset
114 void test2_multi(int x) {
anatofuz
parents:
diff changeset
115 int buf[100][100];
anatofuz
parents:
diff changeset
116 buf[0][-1] = 1; // expected-warning{{Out of bound memory access}}
anatofuz
parents:
diff changeset
117 }
anatofuz
parents:
diff changeset
118
anatofuz
parents:
diff changeset
119 // Tests doing an out-of-bounds access before the start of a multi-dimensional
anatofuz
parents:
diff changeset
120 // array using:
anatofuz
parents:
diff changeset
121 // - constant integer indices
anatofuz
parents:
diff changeset
122 // - constant integer sizes for the array
anatofuz
parents:
diff changeset
123 void test2_multi_b(int x) {
anatofuz
parents:
diff changeset
124 int buf[100][100];
anatofuz
parents:
diff changeset
125 buf[-1][0] = 1; // expected-warning{{Out of bound memory access}}
anatofuz
parents:
diff changeset
126 }
anatofuz
parents:
diff changeset
127
anatofuz
parents:
diff changeset
128 void test2_multi_ok(int x) {
anatofuz
parents:
diff changeset
129 int buf[100][100];
anatofuz
parents:
diff changeset
130 buf[0][0] = 1; // no-warning
anatofuz
parents:
diff changeset
131 }
anatofuz
parents:
diff changeset
132
anatofuz
parents:
diff changeset
133 void test3(int x) {
anatofuz
parents:
diff changeset
134 int buf[100];
anatofuz
parents:
diff changeset
135 if (x < 0)
anatofuz
parents:
diff changeset
136 buf[x] = 1; // expected-warning{{Out of bound memory access}}
anatofuz
parents:
diff changeset
137 }
anatofuz
parents:
diff changeset
138
anatofuz
parents:
diff changeset
139 void test4(int x) {
anatofuz
parents:
diff changeset
140 int buf[100];
anatofuz
parents:
diff changeset
141 if (x > 99)
anatofuz
parents:
diff changeset
142 buf[x] = 1; // expected-warning{{Out of bound memory access}}
anatofuz
parents:
diff changeset
143 }
anatofuz
parents:
diff changeset
144
anatofuz
parents:
diff changeset
145 void test_assume_after_access(unsigned long x) {
anatofuz
parents:
diff changeset
146 int buf[100];
anatofuz
parents:
diff changeset
147 buf[x] = 1;
anatofuz
parents:
diff changeset
148 clang_analyzer_eval(x <= 99); // expected-warning{{TRUE}}
anatofuz
parents:
diff changeset
149 }
anatofuz
parents:
diff changeset
150
anatofuz
parents:
diff changeset
151 // Don't warn when indexing below the start of a symbolic region's whose
anatofuz
parents:
diff changeset
152 // base extent we don't know.
anatofuz
parents:
diff changeset
153 int *get_symbolic();
anatofuz
parents:
diff changeset
154 void test_index_below_symboloc() {
anatofuz
parents:
diff changeset
155 int *buf = get_symbolic();
anatofuz
parents:
diff changeset
156 buf[-1] = 0; // no-warning;
anatofuz
parents:
diff changeset
157 }
anatofuz
parents:
diff changeset
158
anatofuz
parents:
diff changeset
159 void test_incomplete_struct() {
anatofuz
parents:
diff changeset
160 extern struct incomplete incomplete;
anatofuz
parents:
diff changeset
161 int *p = (int *)&incomplete;
anatofuz
parents:
diff changeset
162 p[1] = 42; // no-warning
anatofuz
parents:
diff changeset
163 }
anatofuz
parents:
diff changeset
164
anatofuz
parents:
diff changeset
165 void test_extern_void() {
anatofuz
parents:
diff changeset
166 extern void v;
anatofuz
parents:
diff changeset
167 int *p = (int *)&v;
anatofuz
parents:
diff changeset
168 p[1] = 42; // no-warning
anatofuz
parents:
diff changeset
169 }
anatofuz
parents:
diff changeset
170
anatofuz
parents:
diff changeset
171 void test_assume_after_access2(unsigned long x) {
anatofuz
parents:
diff changeset
172 char buf[100];
anatofuz
parents:
diff changeset
173 buf[x] = 1;
anatofuz
parents:
diff changeset
174 clang_analyzer_eval(x <= 99); // expected-warning{{TRUE}}
anatofuz
parents:
diff changeset
175 }
anatofuz
parents:
diff changeset
176