1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.security.ArrayBoundV2,debug.ExprInspection \
// RUN: -analyzer-config eagerly-assume=false -verify %s
void clang_analyzer_eval(int);
void clang_analyzer_printState();
typedef unsigned long long size_t;
const char a[] = "abcd"; // extent: 5 bytes
void symbolic_size_t_and_int0(size_t len) {
// FIXME: Should not warn for this.
(void)a[len + 1]; // expected-warning {{Out of bound memory access}}
// We infered that the 'len' must be in a specific range to make the previous indexing valid.
// len: [0,3]
clang_analyzer_eval(len <= 3); // expected - warning {{TRUE}}
clang_analyzer_eval(len <= 2); // expected - warning {{UNKNOWN}}
}
void symbolic_size_t_and_int1(size_t len) {
(void)a[len]; // no-warning
// len: [0,4]
clang_analyzer_eval(len <= 4); // expected-warning {{TRUE}}
clang_analyzer_eval(len <= 3); // expected-warning {{UNKNOWN}}
}
void symbolic_size_t_and_int2(size_t len) {
(void)a[len - 1]; // no-warning
// len: [1,5]
clang_analyzer_eval(1 <= len && len <= 5); // expected-warning {{TRUE}}
clang_analyzer_eval(2 <= len); // expected-warning {{UNKNOWN}}
clang_analyzer_eval(len <= 4); // expected-warning {{UNKNOWN}}
}
void symbolic_uint_and_int0(unsigned len) {
(void)a[len + 1]; // no-warning
// len: [0,3]
clang_analyzer_eval(0 <= len && len <= 3); // expected-warning {{TRUE}}
clang_analyzer_eval(1 <= len); // expected-warning {{UNKNOWN}}
clang_analyzer_eval(len <= 2); // expected-warning {{UNKNOWN}}
}
void symbolic_uint_and_int1(unsigned len) {
(void)a[len]; // no-warning
// len: [0,4]
clang_analyzer_eval(0 <= len && len <= 4); // expected-warning {{TRUE}}
clang_analyzer_eval(1 <= len); // expected-warning {{UNKNOWN}}
clang_analyzer_eval(len <= 3); // expected-warning {{UNKNOWN}}
}
void symbolic_uint_and_int2(unsigned len) {
(void)a[len - 1]; // no-warning
// len: [1,5]
clang_analyzer_eval(1 <= len && len <= 5); // expected-warning {{TRUE}}
clang_analyzer_eval(2 <= len); // expected-warning {{UNKNOWN}}
clang_analyzer_eval(len <= 4); // expected-warning {{UNKNOWN}}
}
void symbolic_int_and_int0(int len) {
(void)a[len + 1]; // no-warning
// len: [-1,3]
clang_analyzer_eval(-1 <= len && len <= 3); // expected-warning {{TRUE}}
clang_analyzer_eval(0 <= len); // expected-warning {{UNKNOWN}}
clang_analyzer_eval(len <= 2); // expected-warning {{UNKNOWN}}
}
void symbolic_int_and_int1(int len) {
(void)a[len]; // no-warning
// len: [0,4]
clang_analyzer_eval(0 <= len && len <= 4); // expected-warning {{TRUE}}
clang_analyzer_eval(1 <= len); // expected-warning {{UNKNOWN}}
clang_analyzer_eval(len <= 3); // expected-warning {{UNKNOWN}}
}
void symbolic_int_and_int2(int len) {
(void)a[len - 1]; // no-warning
// len: [1,5]
clang_analyzer_eval(1 <= len && len <= 5); // expected-warning {{TRUE}}
clang_analyzer_eval(2 <= len); // expected-warning {{UNKNOWN}}
clang_analyzer_eval(len <= 4); // expected-warning {{UNKNOWN}}
}
void symbolic_longlong_and_int0(long long len) {
(void)a[len + 1]; // no-warning
// len: [-1,3]
clang_analyzer_eval(-1 <= len && len <= 3); // expected-warning {{TRUE}}
clang_analyzer_eval(0 <= len); // expected-warning {{UNKNOWN}}
clang_analyzer_eval(len <= 2); // expected-warning {{UNKNOWN}}
}
void symbolic_longlong_and_int1(long long len) {
(void)a[len]; // no-warning
// len: [0,4]
clang_analyzer_eval(0 <= len && len <= 4); // expected-warning {{TRUE}}
clang_analyzer_eval(1 <= len); // expected-warning {{UNKNOWN}}
clang_analyzer_eval(len <= 3); // expected-warning {{UNKNOWN}}
}
void symbolic_longlong_and_int2(long long len) {
(void)a[len - 1]; // no-warning
// len: [1,5]
clang_analyzer_eval(1 <= len && len <= 5); // expected-warning {{TRUE}}
clang_analyzer_eval(2 <= len); // expected-warning {{UNKNOWN}}
clang_analyzer_eval(len <= 4); // expected-warning {{UNKNOWN}}
}
|
