1*bd1917c8SShivam // RUN: %clang_analyze_cc1 -verify %s \
2*bd1917c8SShivam // RUN: -analyzer-checker=core,alpha.unix.cstring
3*bd1917c8SShivam
4*bd1917c8SShivam
5*bd1917c8SShivam // This file is generally for the alpha.unix.cstring.UninitializedRead Checker, the reason for putting it into
6*bd1917c8SShivam // the separate file because the checker is break the some existing test cases in bstring.c file , so we don't
7*bd1917c8SShivam // wanna mess up with some existing test case so it's better to create separate file for it, this file also include
8*bd1917c8SShivam // the broken test for the reference in future about the broken tests.
9*bd1917c8SShivam
10*bd1917c8SShivam
11*bd1917c8SShivam typedef typeof(sizeof(int)) size_t;
12*bd1917c8SShivam
13*bd1917c8SShivam void clang_analyzer_eval(int);
14*bd1917c8SShivam
15*bd1917c8SShivam void *memcpy(void *restrict s1, const void *restrict s2, size_t n);
16*bd1917c8SShivam
top(char * dst)17*bd1917c8SShivam void top(char *dst) {
18*bd1917c8SShivam char buf[10];
19*bd1917c8SShivam memcpy(dst, buf, 10); // expected-warning{{Bytes string function accesses uninitialized/garbage values}}
20*bd1917c8SShivam (void)buf;
21*bd1917c8SShivam }
22*bd1917c8SShivam
23*bd1917c8SShivam //===----------------------------------------------------------------------===
24*bd1917c8SShivam // mempcpy()
25*bd1917c8SShivam //===----------------------------------------------------------------------===
26*bd1917c8SShivam
27*bd1917c8SShivam void *mempcpy(void *restrict s1, const void *restrict s2, size_t n);
28*bd1917c8SShivam
mempcpy14()29*bd1917c8SShivam void mempcpy14() {
30*bd1917c8SShivam int src[] = {1, 2, 3, 4};
31*bd1917c8SShivam int dst[5] = {0};
32*bd1917c8SShivam int *p;
33*bd1917c8SShivam
34*bd1917c8SShivam p = mempcpy(dst, src, 4 * sizeof(int)); // expected-warning{{Bytes string function accesses uninitialized/garbage values}}
35*bd1917c8SShivam // FIXME: This behaviour is actually surprising and needs to be fixed,
36*bd1917c8SShivam // mempcpy seems to consider the very last byte of the src buffer uninitialized
37*bd1917c8SShivam // and returning undef unfortunately. It should have returned unknown or a conjured value instead.
38*bd1917c8SShivam
39*bd1917c8SShivam clang_analyzer_eval(p == &dst[4]); // no-warning (above is fatal)
40*bd1917c8SShivam }
41*bd1917c8SShivam
42*bd1917c8SShivam struct st {
43*bd1917c8SShivam int i;
44*bd1917c8SShivam int j;
45*bd1917c8SShivam };
46*bd1917c8SShivam
47*bd1917c8SShivam
mempcpy15()48*bd1917c8SShivam void mempcpy15() {
49*bd1917c8SShivam struct st s1 = {0};
50*bd1917c8SShivam struct st s2;
51*bd1917c8SShivam struct st *p1;
52*bd1917c8SShivam struct st *p2;
53*bd1917c8SShivam
54*bd1917c8SShivam p1 = (&s2) + 1;
55*bd1917c8SShivam p2 = mempcpy(&s2, &s1, sizeof(struct st)); // expected-warning{{Bytes string function accesses uninitialized/garbage values}}
56*bd1917c8SShivam // FIXME: It seems same as mempcpy14() case.
57*bd1917c8SShivam
58*bd1917c8SShivam clang_analyzer_eval(p1 == p2); // no-warning (above is fatal)
59*bd1917c8SShivam }
60