1 // RUN: %clang_analyze_cc1 -std=c++20 \ 2 // RUN: -analyzer-checker=core,unix,cplusplus,debug.ExprInspection \ 3 // RUN: -triple x86_64-unknown-linux-gnu \ 4 // RUN: -verify %s 5 6 #include "Inputs/system-header-simulator-cxx.h" 7 8 typedef __SIZE_TYPE__ size_t; 9 void *malloc(size_t); 10 void *alloca(size_t); 11 void *realloc(void *ptr, size_t size); 12 void *calloc(size_t number, size_t size); 13 void free(void *); 14 15 struct S { 16 int f; 17 }; 18 19 void clang_analyzer_dump(int); 20 void clang_analyzer_dump(const void *); 21 void clang_analyzer_dumpExtent(int); 22 void clang_analyzer_dumpExtent(const void *); 23 void clang_analyzer_dumpElementCount(int); 24 void clang_analyzer_dumpElementCount(const void *); 25 26 int clang_analyzer_getExtent(void *); 27 void clang_analyzer_eval(bool); 28 29 void var_simple_ref() { 30 int a = 13; 31 clang_analyzer_dump(&a); // expected-warning {{a}} 32 clang_analyzer_dumpExtent(&a); // expected-warning {{4 S64b}} 33 clang_analyzer_dumpElementCount(&a); // expected-warning {{1 S64b}} 34 } 35 36 void var_simple_ptr(int *a) { 37 clang_analyzer_dump(a); // expected-warning {{SymRegion{reg_$0<int * a>}}} 38 clang_analyzer_dumpExtent(a); // expected-warning {{extent_$1{SymRegion{reg_$0<int * a>}}}} 39 clang_analyzer_dumpElementCount(a); // expected-warning {{(extent_$1{SymRegion{reg_$0<int * a>}}) / 4}} 40 } 41 42 void var_array() { 43 int a[] = {1, 2, 3}; 44 clang_analyzer_dump(a); // expected-warning {{Element{a,0 S64b,int}}} 45 clang_analyzer_dumpExtent(a); // expected-warning {{12 S64b}} 46 clang_analyzer_dumpElementCount(a); // expected-warning {{3 S64b}} 47 } 48 49 void string() { 50 clang_analyzer_dump("foo"); // expected-warning {{Element{"foo",0 S64b,char}}} 51 clang_analyzer_dumpExtent("foo"); // expected-warning {{4 S64b}} 52 clang_analyzer_dumpElementCount("foo"); // expected-warning {{4 S64b}} 53 } 54 55 void struct_simple_ptr(S *a) { 56 clang_analyzer_dump(a); // expected-warning {{SymRegion{reg_$0<struct S * a>}}} 57 clang_analyzer_dumpExtent(a); // expected-warning {{extent_$1{SymRegion{reg_$0<struct S * a>}}}} 58 clang_analyzer_dumpElementCount(a); // expected-warning {{(extent_$1{SymRegion{reg_$0<struct S * a>}}) / 4}} 59 } 60 61 void field_ref(S a) { 62 clang_analyzer_dump(&a.f); // expected-warning {{a.f}} 63 clang_analyzer_dumpExtent(&a.f); // expected-warning {{4 S64b}} 64 clang_analyzer_dumpElementCount(&a.f); // expected-warning {{1 S64b}} 65 } 66 67 void field_ptr(S *a) { 68 clang_analyzer_dump(&a->f); // expected-warning {{SymRegion{reg_$0<struct S * a>}.f}} 69 clang_analyzer_dumpExtent(&a->f); // expected-warning {{4 S64b}} 70 clang_analyzer_dumpElementCount(&a->f); // expected-warning {{1 S64b}} 71 } 72 73 void symbolic_array() { 74 int *a = new int[3]; 75 clang_analyzer_dump(a); // expected-warning {{Element{HeapSymRegion{conj}} 76 clang_analyzer_dumpExtent(a); // expected-warning {{12 S64b}} 77 clang_analyzer_dumpElementCount(a); // expected-warning {{3 S64b}} 78 delete[] a; 79 } 80 81 void symbolic_placement_new() { 82 char *buf = new char[sizeof(int) * 3]; 83 int *a = new (buf) int(12); 84 clang_analyzer_dump(a); // expected-warning {{Element{HeapSymRegion{conj}} 85 clang_analyzer_dumpExtent(a); // expected-warning {{12 S64b}} 86 clang_analyzer_dumpElementCount(a); // expected-warning {{3 S64b}} 87 delete[] buf; 88 } 89 90 void symbolic_malloc() { 91 int *a = (int *)malloc(12); 92 clang_analyzer_dump(a); // expected-warning {{Element{HeapSymRegion{conj}} 93 clang_analyzer_dumpExtent(a); // expected-warning {{12 U64b}} 94 clang_analyzer_dumpElementCount(a); // expected-warning {{3 S64b}} 95 free(a); 96 } 97 98 void symbolic_alloca() { 99 int *a = (int *)alloca(12); 100 clang_analyzer_dump(a); // expected-warning {{Element{HeapSymRegion{conj}} 101 clang_analyzer_dumpExtent(a); // expected-warning {{12 U64b}} 102 clang_analyzer_dumpElementCount(a); // expected-warning {{3 S64b}} 103 } 104 105 void symbolic_complex() { 106 int *a = (int *)malloc(4); 107 clang_analyzer_dumpExtent(a); // expected-warning {{4 U64b}} 108 clang_analyzer_dumpElementCount(a); // expected-warning {{1 S64b}} 109 110 int *b = (int *)realloc(a, sizeof(int) * 2); 111 clang_analyzer_dumpExtent(b); // expected-warning {{8 U64b}} 112 clang_analyzer_dumpElementCount(b); // expected-warning {{2 S64b}} 113 free(b); 114 115 int *c = (int *)calloc(3, 4); 116 clang_analyzer_dumpExtent(c); // expected-warning {{12 U64b}} 117 clang_analyzer_dumpElementCount(c); // expected-warning {{3 S64b}} 118 free(c); 119 } 120 121 void signedness_equality() { 122 char *a = new char[sizeof(char) * 13]; 123 char *b = (char *)malloc(13); 124 125 clang_analyzer_dump(clang_analyzer_getExtent(a)); // expected-warning {{13 S64b}} 126 clang_analyzer_dump(clang_analyzer_getExtent(b)); // expected-warning {{13 U64b}} 127 clang_analyzer_eval(clang_analyzer_getExtent(a) == 128 clang_analyzer_getExtent(b)); 129 // expected-warning@-2 {{TRUE}} 130 131 delete[] a; 132 free(b); 133 } 134 135 void default_new_aligned() { 136 struct alignas(32) S {}; 137 138 S *a = new S[10]; 139 140 clang_analyzer_dump(a); // expected-warning {{Element{HeapSymRegion{conj}} 141 clang_analyzer_dumpExtent(a); // expected-warning {{320 S64b}} 142 clang_analyzer_dumpElementCount(a); // expected-warning {{10 S64b}} 143 144 delete[] a; 145 } 146 147 void *operator new[](std::size_t, std::align_val_t, bool hack) throw(); 148 149 void user_defined_new() { 150 int *a = new (std::align_val_t(32), true) int[10]; 151 152 clang_analyzer_dump(a); // expected-warning {{Element{SymRegion{conj}} 153 clang_analyzer_dumpExtent(a); // expected-warning-re {{{{^extent_\$[0-9]\{SymRegion{conj}}}} 154 clang_analyzer_dumpElementCount(a); // expected-warning-re {{{{^\(extent_\$[0-9]\{SymRegion{conj.*\) / 4}}}} 155 156 operator delete[](a, std::align_val_t(32)); 157 } 158