File: array-bound-v2-constraint-check.c

package info (click to toggle)
llvm-toolchain-19 1%3A19.1.7-3
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 1,998,520 kB
  • sloc: cpp: 6,951,680; ansic: 1,486,157; asm: 913,598; python: 232,024; f90: 80,126; objc: 75,281; lisp: 37,276; pascal: 16,990; sh: 10,009; ml: 5,058; perl: 4,724; awk: 3,523; makefile: 3,167; javascript: 2,504; xml: 892; fortran: 664; cs: 573
file content (112 lines) | stat: -rw-r--r-- 4,527 bytes parent folder | download | duplicates (5) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
 
// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.Malloc,alpha.security.ArrayBoundV2,debug.ExprInspection \
// RUN:   -analyzer-config eagerly-assume=false -verify %s

void clang_analyzer_eval(int);
void clang_analyzer_printState(void);

typedef typeof(sizeof(int)) size_t;
const char a[] = "abcd"; // extent: 5 bytes

void symbolic_size_t_and_int0(size_t len) {
  (void)a[len + 1]; // no-warning
  // We infered that the 'len' must be in a specific range to make the previous indexing valid.
  // len: [0,3]
  clang_analyzer_eval(len <= 3); // expected-warning {{TRUE}}
  clang_analyzer_eval(len <= 2); // expected-warning {{UNKNOWN}}
}

void symbolic_size_t_and_int1(size_t len) {
  (void)a[len]; // no-warning
  // len: [0,4]
  clang_analyzer_eval(len <= 4); // expected-warning {{TRUE}}
  clang_analyzer_eval(len <= 3); // expected-warning {{UNKNOWN}}
}

void symbolic_size_t_and_int2(size_t len) {
  (void)a[len - 1]; // no-warning
  // len: [1,5]
  clang_analyzer_eval(1 <= len && len <= 5); // expected-warning {{TRUE}}
  clang_analyzer_eval(2 <= len);             // expected-warning {{UNKNOWN}}
  clang_analyzer_eval(len <= 4);             // expected-warning {{UNKNOWN}}
}

void symbolic_uint_and_int0(unsigned len) {
  (void)a[len + 1]; // no-warning
  // len: [0,3]
  clang_analyzer_eval(0 <= len && len <= 3); // expected-warning {{TRUE}}
  clang_analyzer_eval(1 <= len);             // expected-warning {{UNKNOWN}}
  clang_analyzer_eval(len <= 2);             // expected-warning {{UNKNOWN}}
}

void symbolic_uint_and_int1(unsigned len) {
  (void)a[len]; // no-warning
  // len: [0,4]
  clang_analyzer_eval(0 <= len && len <= 4); // expected-warning {{TRUE}}
  clang_analyzer_eval(1 <= len);             // expected-warning {{UNKNOWN}}
  clang_analyzer_eval(len <= 3);             // expected-warning {{UNKNOWN}}
}
void symbolic_uint_and_int2(unsigned len) {
  (void)a[len - 1]; // no-warning
  // len: [1,5]
  clang_analyzer_eval(1 <= len && len <= 5); // expected-warning {{TRUE}}
  clang_analyzer_eval(2 <= len);             // expected-warning {{UNKNOWN}}
  clang_analyzer_eval(len <= 4);             // expected-warning {{UNKNOWN}}
}

void symbolic_int_and_int0(int len) {
  (void)a[len + 1]; // no-warning
  // len: [-1,3]
  clang_analyzer_eval(-1 <= len && len <= 3); // expected-warning {{TRUE}}
  clang_analyzer_eval(0 <= len);              // expected-warning {{UNKNOWN}}
  clang_analyzer_eval(len <= 2);              // expected-warning {{UNKNOWN}}
}
void symbolic_int_and_int1(int len) {
  (void)a[len]; // no-warning
  // len: [0,4]
  clang_analyzer_eval(0 <= len && len <= 4); // expected-warning {{TRUE}}
  clang_analyzer_eval(1 <= len);             // expected-warning {{UNKNOWN}}
  clang_analyzer_eval(len <= 3);             // expected-warning {{UNKNOWN}}
}
void symbolic_int_and_int2(int len) {
  (void)a[len - 1]; // no-warning
  // len: [1,5]
  clang_analyzer_eval(1 <= len && len <= 5); // expected-warning {{TRUE}}
  clang_analyzer_eval(2 <= len);             // expected-warning {{UNKNOWN}}
  clang_analyzer_eval(len <= 4);             // expected-warning {{UNKNOWN}}
}

void symbolic_longlong_and_int0(long long len) {
  (void)a[len + 1]; // no-warning
  // len: [-1,3]
  clang_analyzer_eval(-1 <= len && len <= 3); // expected-warning {{TRUE}}
  clang_analyzer_eval(0 <= len);              // expected-warning {{UNKNOWN}}
  clang_analyzer_eval(len <= 2);              // expected-warning {{UNKNOWN}}
}

void *malloc(size_t);
void free(void *);
void symbolic_longlong_and_int0_dynamic_extent(long long len) {
  char *b = malloc(5);
  (void)b[len + 1]; // no-warning
  // len: [-1,3]
  clang_analyzer_eval(-1 <= len && len <= 3); // expected-warning {{TRUE}}
  clang_analyzer_eval(0 <= len);              // expected-warning {{UNKNOWN}}
  clang_analyzer_eval(len <= 2);              // expected-warning {{UNKNOWN}}
  free(b);
}

void symbolic_longlong_and_int1(long long len) {
  (void)a[len]; // no-warning
  // len: [0,4]
  clang_analyzer_eval(0 <= len && len <= 4); // expected-warning {{TRUE}}
  clang_analyzer_eval(1 <= len);             // expected-warning {{UNKNOWN}}
  clang_analyzer_eval(len <= 3);             // expected-warning {{UNKNOWN}}
}

void symbolic_longlong_and_int2(long long len) {
  (void)a[len - 1]; // no-warning
  // len: [1,5]
  clang_analyzer_eval(1 <= len && len <= 5); // expected-warning {{TRUE}}
  clang_analyzer_eval(2 <= len);             // expected-warning {{UNKNOWN}}
  clang_analyzer_eval(len <= 4);             // expected-warning {{UNKNOWN}}
}