mirrors/llvm-project
0
0
Fork 0
mirror of https://github.com/llvm/llvm-project.git synced 2025-04-18 12:46:51 +00:00
Code Issues Projects Releases Wiki Activity
llvm-project/clang/test/Analysis/exercise-ps.c
Pavel Skripkin d96569ecc2
[analyzer] Fix crash on using bitcast(<type>, <array>) as array subscript (#101647) 
Current CSA logic does not expect `LazyCompoundValKind` as array index.
This may happen if array is used as subscript to another, in case of
bitcast to integer type.

Catch such cases and return `UnknownVal`, since CSA cannot model
array -> int casts.

Closes #94496
2024-08-02 17:04:57 +02:00

49 lines
1.9 KiB
C
Raw Permalink Blame History

// RUN: %clang_analyze_cc1 %s -triple=x86_64-unknown-linux \
// RUN: -verify -Wno-error=implicit-function-declaration \
// RUN: -analyzer-checker=core,unix.Malloc,debug.ExprInspection \
// RUN: -analyzer-config core.CallAndMessage:ArgPointeeInitializedness=true
//
// Just exercise the analyzer on code that has at one point caused issues
// (i.e., no assertions or crashes).
void clang_analyzer_dump_int(int);
static void f1(const char *x, char *y) {
while (*x != 0) {
*y++ = *x++;
}
}
// This following case checks that we properly handle typedefs when getting
// the RvalueType of an ElementRegion.
typedef struct F12_struct {} F12_typedef;
typedef void* void_typedef;
void_typedef f2_helper(void);
static void f2(void *buf) {
F12_typedef* x;
x = f2_helper();
memcpy((&x[1]), (buf), 1); // expected-warning{{call to undeclared library function 'memcpy' with type 'void *(void *, const void *}} \
// expected-note{{include the header <string.h> or explicitly provide a declaration for 'memcpy'}}
}
// AllocaRegion is untyped. Void pointer isn't of much help either. Before
// realizing that the value is undefined, we need to somehow figure out
// what type of value do we expect.
void f3(void *dest) {
void *src = __builtin_alloca(5);
memcpy(dest, src, 1); // expected-warning{{2nd function call argument is a pointer to uninitialized value}}
}
// Reproduce crash from GH#94496. When array is used as subcript to another array, CSA cannot model it
// and should just assume it's unknown and do not crash.
void f4(char *array) {
char b[4] = {0};
_Static_assert(sizeof(int) == 4, "Wrong triple for the test");
clang_analyzer_dump_int(__builtin_bit_cast(int, b)); // expected-warning {{lazyCompoundVal}}
clang_analyzer_dump_int(array[__builtin_bit_cast(int, b)]); // expected-warning {{Unknown}}
array[__builtin_bit_cast(int, b)] = 0x10; // no crash
}
Reference in New Issue View Git Blame Copy Permalink