1*ffe7950eSBalazs Benics // RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.cstring,unix.Malloc,alpha.unix.cstring,debug.ExprInspection -verify -analyzer-config eagerly-assume=false %s
2*ffe7950eSBalazs Benics // RUN: %clang_analyze_cc1 -DUSE_BUILTINS -analyzer-checker=core,unix.cstring,unix.Malloc,alpha.unix.cstring,debug.ExprInspection -verify -analyzer-config eagerly-assume=false %s
3*ffe7950eSBalazs Benics // RUN: %clang_analyze_cc1 -DVARIANT -analyzer-checker=core,unix.cstring,alpha.unix.cstring,unix.Malloc,debug.ExprInspection -verify -analyzer-config eagerly-assume=false %s
4*ffe7950eSBalazs Benics // RUN: %clang_analyze_cc1 -DUSE_BUILTINS -DVARIANT -analyzer-checker=core,unix.cstring,alpha.unix.cstring,unix.Malloc,debug.ExprInspection -verify -analyzer-config eagerly-assume=false %s
5*ffe7950eSBalazs Benics // RUN: %clang_analyze_cc1 -DSUPPRESS_OUT_OF_BOUND -analyzer-checker=core,unix.cstring,unix.Malloc,alpha.unix.cstring.BufferOverlap,alpha.unix.cstring.NotNullTerminated,debug.ExprInspection -verify -analyzer-config eagerly-assume=false %s
69165df12SDevin Coughlin
79165df12SDevin Coughlin #include "Inputs/system-header-simulator-cxx.h"
89165df12SDevin Coughlin #include "Inputs/system-header-simulator-for-malloc.h"
99165df12SDevin Coughlin
10db65f969SArtem Dergachev // This provides us with four possible mempcpy() definitions.
11db65f969SArtem Dergachev // See also comments in bstring.c.
12db65f969SArtem Dergachev
13db65f969SArtem Dergachev #ifdef USE_BUILTINS
14db65f969SArtem Dergachev #define BUILTIN(f) __builtin_##f
15db65f969SArtem Dergachev #else /* USE_BUILTINS */
16db65f969SArtem Dergachev #define BUILTIN(f) f
17db65f969SArtem Dergachev #endif /* USE_BUILTINS */
18db65f969SArtem Dergachev
19db65f969SArtem Dergachev #ifdef VARIANT
20db65f969SArtem Dergachev
21db65f969SArtem Dergachev #define __mempcpy_chk BUILTIN(__mempcpy_chk)
22db65f969SArtem Dergachev void *__mempcpy_chk(void *__restrict__ s1, const void *__restrict__ s2,
23db65f969SArtem Dergachev size_t n, size_t destlen);
24db65f969SArtem Dergachev
25db65f969SArtem Dergachev #define mempcpy(a,b,c) __mempcpy_chk(a,b,c,(size_t)-1)
26db65f969SArtem Dergachev
27db65f969SArtem Dergachev #else /* VARIANT */
28db65f969SArtem Dergachev
29db65f969SArtem Dergachev #define mempcpy BUILTIN(mempcpy)
30db65f969SArtem Dergachev void *mempcpy(void *__restrict__ s1, const void *__restrict__ s2, size_t n);
31db65f969SArtem Dergachev
32db65f969SArtem Dergachev #endif /* VARIANT */
33db65f969SArtem Dergachev
349165df12SDevin Coughlin void clang_analyzer_eval(int);
359165df12SDevin Coughlin
testStdCopyInvalidatesBuffer(std::vector<int> v)369165df12SDevin Coughlin int *testStdCopyInvalidatesBuffer(std::vector<int> v) {
379165df12SDevin Coughlin int n = v.size();
389165df12SDevin Coughlin int *buf = (int *)malloc(n * sizeof(int));
399165df12SDevin Coughlin
409165df12SDevin Coughlin buf[0] = 66;
419165df12SDevin Coughlin
429165df12SDevin Coughlin // Call to copy should invalidate buf.
439165df12SDevin Coughlin std::copy(v.begin(), v.end(), buf);
449165df12SDevin Coughlin
459165df12SDevin Coughlin int i = buf[0];
469165df12SDevin Coughlin
479165df12SDevin Coughlin clang_analyzer_eval(i == 66); // expected-warning {{UNKNOWN}}
489165df12SDevin Coughlin
499165df12SDevin Coughlin return buf;
509165df12SDevin Coughlin }
519165df12SDevin Coughlin
testStdCopyBackwardInvalidatesBuffer(std::vector<int> v)529165df12SDevin Coughlin int *testStdCopyBackwardInvalidatesBuffer(std::vector<int> v) {
539165df12SDevin Coughlin int n = v.size();
549165df12SDevin Coughlin int *buf = (int *)malloc(n * sizeof(int));
559165df12SDevin Coughlin
569165df12SDevin Coughlin buf[0] = 66;
579165df12SDevin Coughlin
589165df12SDevin Coughlin // Call to copy_backward should invalidate buf.
599165df12SDevin Coughlin std::copy_backward(v.begin(), v.end(), buf + n);
609165df12SDevin Coughlin
619165df12SDevin Coughlin int i = buf[0];
629165df12SDevin Coughlin
639165df12SDevin Coughlin clang_analyzer_eval(i == 66); // expected-warning {{UNKNOWN}}
649165df12SDevin Coughlin
659165df12SDevin Coughlin return buf;
669165df12SDevin Coughlin }
67db65f969SArtem Dergachev
68db65f969SArtem Dergachev namespace pr34460 {
69db65f969SArtem Dergachev short a;
70db65f969SArtem Dergachev class b {
71db65f969SArtem Dergachev int c;
72db65f969SArtem Dergachev long g;
d()73db65f969SArtem Dergachev void d() {
74db65f969SArtem Dergachev int e = c;
75db65f969SArtem Dergachev f += e;
76db65f969SArtem Dergachev mempcpy(f, &a, g);
77db65f969SArtem Dergachev }
78db65f969SArtem Dergachev unsigned *f;
79db65f969SArtem Dergachev };
80db65f969SArtem Dergachev }
81afe62cdcSHenry Wong
82afe62cdcSHenry Wong void *memset(void *dest, int ch, std::size_t count);
83afe62cdcSHenry Wong namespace memset_non_pod {
84afe62cdcSHenry Wong class Base {
85afe62cdcSHenry Wong public:
86afe62cdcSHenry Wong int b_mem;
Base()87afe62cdcSHenry Wong Base() : b_mem(1) {}
88afe62cdcSHenry Wong };
89afe62cdcSHenry Wong
90afe62cdcSHenry Wong class Derived : public Base {
91afe62cdcSHenry Wong public:
92afe62cdcSHenry Wong int d_mem;
Derived()93afe62cdcSHenry Wong Derived() : d_mem(2) {}
94afe62cdcSHenry Wong };
95afe62cdcSHenry Wong
memset1_inheritance()96afe62cdcSHenry Wong void memset1_inheritance() {
97afe62cdcSHenry Wong Derived d;
98afe62cdcSHenry Wong memset(&d, 0, sizeof(Derived));
99afe62cdcSHenry Wong clang_analyzer_eval(d.b_mem == 0); // expected-warning{{TRUE}}
100afe62cdcSHenry Wong clang_analyzer_eval(d.d_mem == 0); // expected-warning{{TRUE}}
101afe62cdcSHenry Wong }
102afe62cdcSHenry Wong
103afe62cdcSHenry Wong #ifdef SUPPRESS_OUT_OF_BOUND
memset2_inheritance_field()104afe62cdcSHenry Wong void memset2_inheritance_field() {
105afe62cdcSHenry Wong Derived d;
106afe62cdcSHenry Wong memset(&d.d_mem, 0, sizeof(Derived));
107afe62cdcSHenry Wong clang_analyzer_eval(d.b_mem == 0); // expected-warning{{UNKNOWN}}
108afe62cdcSHenry Wong clang_analyzer_eval(d.d_mem == 0); // expected-warning{{UNKNOWN}}
109afe62cdcSHenry Wong }
110afe62cdcSHenry Wong
memset3_inheritance_field()111afe62cdcSHenry Wong void memset3_inheritance_field() {
112afe62cdcSHenry Wong Derived d;
113afe62cdcSHenry Wong memset(&d.b_mem, 0, sizeof(Derived));
114afe62cdcSHenry Wong clang_analyzer_eval(d.b_mem == 0); // expected-warning{{TRUE}}
115afe62cdcSHenry Wong clang_analyzer_eval(d.d_mem == 0); // expected-warning{{TRUE}}
116afe62cdcSHenry Wong }
117afe62cdcSHenry Wong #endif
118afe62cdcSHenry Wong
memset4_array_nonpod_object()119afe62cdcSHenry Wong void memset4_array_nonpod_object() {
120afe62cdcSHenry Wong Derived array[10];
121afe62cdcSHenry Wong clang_analyzer_eval(array[1].b_mem == 1); // expected-warning{{UNKNOWN}}
122afe62cdcSHenry Wong clang_analyzer_eval(array[1].d_mem == 2); // expected-warning{{UNKNOWN}}
123afe62cdcSHenry Wong memset(&array[1], 0, sizeof(Derived));
124afe62cdcSHenry Wong clang_analyzer_eval(array[1].b_mem == 0); // expected-warning{{UNKNOWN}}
125afe62cdcSHenry Wong clang_analyzer_eval(array[1].d_mem == 0); // expected-warning{{UNKNOWN}}
126afe62cdcSHenry Wong }
127afe62cdcSHenry Wong
memset5_array_nonpod_object()128afe62cdcSHenry Wong void memset5_array_nonpod_object() {
129afe62cdcSHenry Wong Derived array[10];
130afe62cdcSHenry Wong clang_analyzer_eval(array[1].b_mem == 1); // expected-warning{{UNKNOWN}}
131afe62cdcSHenry Wong clang_analyzer_eval(array[1].d_mem == 2); // expected-warning{{UNKNOWN}}
132afe62cdcSHenry Wong memset(array, 0, sizeof(array));
133afe62cdcSHenry Wong clang_analyzer_eval(array[1].b_mem == 0); // expected-warning{{TRUE}}
134afe62cdcSHenry Wong clang_analyzer_eval(array[1].d_mem == 0); // expected-warning{{TRUE}}
135afe62cdcSHenry Wong }
136afe62cdcSHenry Wong
memset6_new_array_nonpod_object()137afe62cdcSHenry Wong void memset6_new_array_nonpod_object() {
138afe62cdcSHenry Wong Derived *array = new Derived[10];
139afe62cdcSHenry Wong clang_analyzer_eval(array[2].b_mem == 1); // expected-warning{{UNKNOWN}}
140afe62cdcSHenry Wong clang_analyzer_eval(array[2].d_mem == 2); // expected-warning{{UNKNOWN}}
141afe62cdcSHenry Wong memset(array, 0, 10 * sizeof(Derived));
142afe62cdcSHenry Wong clang_analyzer_eval(array[2].b_mem == 0); // expected-warning{{TRUE}}
143afe62cdcSHenry Wong clang_analyzer_eval(array[2].d_mem == 0); // expected-warning{{TRUE}}
144afe62cdcSHenry Wong delete[] array;
145afe62cdcSHenry Wong }
146afe62cdcSHenry Wong
memset7_placement_new()147afe62cdcSHenry Wong void memset7_placement_new() {
148afe62cdcSHenry Wong Derived *d = new Derived();
149afe62cdcSHenry Wong clang_analyzer_eval(d->b_mem == 1); // expected-warning{{TRUE}}
150afe62cdcSHenry Wong clang_analyzer_eval(d->d_mem == 2); // expected-warning{{TRUE}}
151afe62cdcSHenry Wong
152afe62cdcSHenry Wong memset(d, 0, sizeof(Derived));
153afe62cdcSHenry Wong clang_analyzer_eval(d->b_mem == 0); // expected-warning{{TRUE}}
154afe62cdcSHenry Wong clang_analyzer_eval(d->d_mem == 0); // expected-warning{{TRUE}}
155afe62cdcSHenry Wong
156afe62cdcSHenry Wong Derived *d1 = new (d) Derived();
157afe62cdcSHenry Wong clang_analyzer_eval(d1->b_mem == 1); // expected-warning{{TRUE}}
158afe62cdcSHenry Wong clang_analyzer_eval(d1->d_mem == 2); // expected-warning{{TRUE}}
159afe62cdcSHenry Wong
160afe62cdcSHenry Wong memset(d1, 0, sizeof(Derived));
161afe62cdcSHenry Wong clang_analyzer_eval(d->b_mem == 0); // expected-warning{{TRUE}}
162afe62cdcSHenry Wong clang_analyzer_eval(d->d_mem == 0); // expected-warning{{TRUE}}
163afe62cdcSHenry Wong }
164afe62cdcSHenry Wong
165afe62cdcSHenry Wong class BaseVirtual {
166afe62cdcSHenry Wong public:
167afe62cdcSHenry Wong int b_mem;
get()168afe62cdcSHenry Wong virtual int get() { return 1; }
169afe62cdcSHenry Wong };
170afe62cdcSHenry Wong
171afe62cdcSHenry Wong class DerivedVirtual : public BaseVirtual {
172afe62cdcSHenry Wong public:
173afe62cdcSHenry Wong int d_mem;
174afe62cdcSHenry Wong };
175afe62cdcSHenry Wong
176afe62cdcSHenry Wong #ifdef SUPPRESS_OUT_OF_BOUND
memset8_virtual_inheritance_field()177afe62cdcSHenry Wong void memset8_virtual_inheritance_field() {
178afe62cdcSHenry Wong DerivedVirtual d;
179afe62cdcSHenry Wong memset(&d.b_mem, 0, sizeof(Derived));
180afe62cdcSHenry Wong clang_analyzer_eval(d.b_mem == 0); // expected-warning{{UNKNOWN}}
181afe62cdcSHenry Wong clang_analyzer_eval(d.d_mem == 0); // expected-warning{{UNKNOWN}}
182afe62cdcSHenry Wong }
183afe62cdcSHenry Wong #endif
184afe62cdcSHenry Wong } // namespace memset_non_pod
185afe62cdcSHenry Wong
186afe62cdcSHenry Wong #ifdef SUPPRESS_OUT_OF_BOUND
memset1_new_array()187afe62cdcSHenry Wong void memset1_new_array() {
188afe62cdcSHenry Wong int *array = new int[10];
189afe62cdcSHenry Wong memset(array, 0, 10 * sizeof(int));
190afe62cdcSHenry Wong clang_analyzer_eval(array[2] == 0); // expected-warning{{TRUE}}
191afe62cdcSHenry Wong memset(array + 1, 'a', 10 * sizeof(9));
192afe62cdcSHenry Wong clang_analyzer_eval(array[2] == 0); // expected-warning{{UNKNOWN}}
193afe62cdcSHenry Wong delete[] array;
194afe62cdcSHenry Wong }
195afe62cdcSHenry Wong #endif
196