mirrors/llvm-project
0
0
Fork 0
mirror of https://github.com/llvm/llvm-project.git synced 2025-04-16 22:46:37 +00:00
Code Issues Projects Releases Wiki Activity
llvm-project/clang/test/Analysis/flexible-array-members.c
dingfei 12559064e0 [analyzer] Fix a few size-type inconsistency relating to DynamicExtent 
Size-type inconsistency (signedness) causes confusion and even bugs.
For example when signed compared to unsigned the result might not
be expected. Summary of this commit:

Related APIs changes:
1. getDynamicExtent() returns signed version of extent;
2. Add getDynamicElementCountWithOffset() for offset version of element count;
3. getElementExtent() could be 0, add defensive checking for
   getDynamicElementCount(), if element is of zero-length, try
   ConstantArrayType::getSize() as element count;

Related checker changes:
1. ArrayBoundCheckerV2: add testcase for signed <-> unsigned comparison from
   type-inconsistency results by getDynamicExtent()
2. ExprInspection: use more general API to report more results

Fixes https://github.com/llvm/llvm-project/issues/64920

Reviewed By: donat.nagy, steakhal

Differential Revision: https://reviews.llvm.org/D158499
2023-09-01 21:03:16 +08:00

167 lines
6.0 KiB
C
Raw Permalink Blame History

// -fstrict-flex-arrays=2 means that only undefined or zero element arrays are considered as FAMs.
// RUN: %clang_analyze_cc1 -triple x86_64-linux-gnu -analyzer-checker=core,unix,debug.ExprInspection %s -verify -std=c90 \
// RUN: -fstrict-flex-arrays=2
// RUN: %clang_analyze_cc1 -triple x86_64-linux-gnu -analyzer-checker=core,unix,debug.ExprInspection %s -verify -std=c99 \
// RUN: -fstrict-flex-arrays=2
// RUN: %clang_analyze_cc1 -triple x86_64-linux-gnu -analyzer-checker=core,unix,debug.ExprInspection %s -verify -std=c11 \
// RUN: -fstrict-flex-arrays=2
// RUN: %clang_analyze_cc1 -triple x86_64-linux-gnu -analyzer-checker=core,unix,debug.ExprInspection %s -verify -std=c17 \
// RUN: -fstrict-flex-arrays=2
// RUN: %clang_analyze_cc1 -triple x86_64-linux-gnu -analyzer-checker=core,unix,debug.ExprInspection %s -verify -std=c++98 -x c++ \
// RUN: -fstrict-flex-arrays=2
// RUN: %clang_analyze_cc1 -triple x86_64-linux-gnu -analyzer-checker=core,unix,debug.ExprInspection %s -verify -std=c++03 -x c++ \
// RUN: -fstrict-flex-arrays=2
// RUN: %clang_analyze_cc1 -triple x86_64-linux-gnu -analyzer-checker=core,unix,debug.ExprInspection %s -verify -std=c++11 -x c++ \
// RUN: -fstrict-flex-arrays=2
// RUN: %clang_analyze_cc1 -triple x86_64-linux-gnu -analyzer-checker=core,unix,debug.ExprInspection %s -verify -std=c++14 -x c++ \
// RUN: -fstrict-flex-arrays=2
// RUN: %clang_analyze_cc1 -triple x86_64-linux-gnu -analyzer-checker=core,unix,debug.ExprInspection %s -verify -std=c++17 -x c++ \
// RUN: -fstrict-flex-arrays=2
// By default, -fstrict-flex-arrays=0, which means that even single element arrays are considered as FAMs.
// RUN: %clang_analyze_cc1 -triple x86_64-linux-gnu -analyzer-checker=core,unix,debug.ExprInspection %s -verify -std=c17 \
// RUN: -DSINGLE_ELEMENT_FAMS
// RUN: %clang_analyze_cc1 -triple x86_64-linux-gnu -analyzer-checker=core,unix,debug.ExprInspection %s -verify -std=c++17 -x c++ \
// RUN: -DSINGLE_ELEMENT_FAMS
typedef __typeof(sizeof(int)) size_t;
size_t clang_analyzer_getExtent(void *);
void clang_analyzer_dump(size_t);
void *alloca(size_t size);
void *malloc(size_t size);
void free(void *ptr);
void test_incomplete_array_fam(void) {
typedef struct FAM {
char c;
int data[];
} FAM;
FAM fam;
clang_analyzer_dump(clang_analyzer_getExtent(&fam));
clang_analyzer_dump(clang_analyzer_getExtent(fam.data));
// expected-warning@-2 {{4 S64b}}
// expected-warning@-2 {{0 S64b}}
FAM *p = (FAM *)alloca(sizeof(FAM));
clang_analyzer_dump(clang_analyzer_getExtent(p));
clang_analyzer_dump(clang_analyzer_getExtent(p->data));
// expected-warning@-2 {{4 S64b}}
// expected-warning@-2 {{0 S64b}}
FAM *q = (FAM *)malloc(sizeof(FAM));
clang_analyzer_dump(clang_analyzer_getExtent(q));
clang_analyzer_dump(clang_analyzer_getExtent(q->data));
// expected-warning@-2 {{4 S64b}}
// expected-warning@-2 {{0 S64b}}
free(q);
q = (FAM *)malloc(sizeof(FAM) + sizeof(int) * 2);
clang_analyzer_dump(clang_analyzer_getExtent(q));
clang_analyzer_dump(clang_analyzer_getExtent(q->data));
// expected-warning@-2 {{12 S64b}}
// expected-warning@-2 {{8 S64b}}
free(q);
typedef struct __attribute__((packed)) {
char c;
int data[];
} PackedFAM;
PackedFAM *t = (PackedFAM *)malloc(sizeof(PackedFAM) + sizeof(int) * 2);
clang_analyzer_dump(clang_analyzer_getExtent(t));
clang_analyzer_dump(clang_analyzer_getExtent(t->data));
// expected-warning@-2 {{9 S64b}}
// expected-warning@-2 {{8 S64b}}
free(t);
}
void test_too_small_base(void) {
typedef struct FAM {
long c;
int data[];
} FAM;
short s = 0;
FAM *p = (FAM *) &s;
clang_analyzer_dump(clang_analyzer_getExtent(p));
clang_analyzer_dump(clang_analyzer_getExtent(p->data));
// expected-warning@-2 {{2 S64b}}
// expected-warning@-2 {{-6 S64b}}
}
void test_zero_length_array_fam(void) {
typedef struct FAM {
char c;
int data[0];
} FAM;
FAM fam;
clang_analyzer_dump(clang_analyzer_getExtent(&fam));
clang_analyzer_dump(clang_analyzer_getExtent(fam.data));
// expected-warning@-2 {{4 S64b}}
// expected-warning@-2 {{0 S64b}}
FAM *p = (FAM *)alloca(sizeof(FAM));
clang_analyzer_dump(clang_analyzer_getExtent(p));
clang_analyzer_dump(clang_analyzer_getExtent(p->data));
// expected-warning@-2 {{4 S64b}}
// expected-warning@-2 {{0 S64b}}
FAM *q = (FAM *)malloc(sizeof(FAM));
clang_analyzer_dump(clang_analyzer_getExtent(q));
clang_analyzer_dump(clang_analyzer_getExtent(q->data));
// expected-warning@-2 {{4 S64b}}
// expected-warning@-2 {{0 S64b}}
free(q);
}
void test_single_element_array_possible_fam(void) {
typedef struct FAM {
char c;
int data[1];
} FAM;
#ifdef SINGLE_ELEMENT_FAMS
FAM likely_fam;
clang_analyzer_dump(clang_analyzer_getExtent(&likely_fam));
clang_analyzer_dump(clang_analyzer_getExtent(likely_fam.data));
// expected-warning@-2 {{8 S64b}}
// expected-warning@-2 {{4 S64b}}
FAM *p = (FAM *)alloca(sizeof(FAM));
clang_analyzer_dump(clang_analyzer_getExtent(p));
clang_analyzer_dump(clang_analyzer_getExtent(p->data));
// expected-warning@-2 {{8 S64b}}
// expected-warning@-2 {{4 S64b}}
FAM *q = (FAM *)malloc(sizeof(FAM));
clang_analyzer_dump(clang_analyzer_getExtent(q));
clang_analyzer_dump(clang_analyzer_getExtent(q->data));
// expected-warning@-2 {{8 S64b}}
// expected-warning@-2 {{4 S64b}}
free(q);
#else
FAM likely_fam;
clang_analyzer_dump(clang_analyzer_getExtent(&likely_fam));
clang_analyzer_dump(clang_analyzer_getExtent(likely_fam.data));
// expected-warning@-2 {{8 S64b}}
// expected-warning@-2 {{4 S64b}}
FAM *p = (FAM *)alloca(sizeof(FAM));
clang_analyzer_dump(clang_analyzer_getExtent(p));
clang_analyzer_dump(clang_analyzer_getExtent(p->data));
// expected-warning@-2 {{8 S64b}}
// expected-warning@-2 {{4 S64b}}
FAM *q = (FAM *)malloc(sizeof(FAM));
clang_analyzer_dump(clang_analyzer_getExtent(q));
clang_analyzer_dump(clang_analyzer_getExtent(q->data));
// expected-warning@-2 {{8 S64b}}
// expected-warning@-2 {{4 S64b}}
free(q);
#endif
}
Reference in New Issue View Git Blame Copy Permalink