mirror of
https://github.com/llvm/llvm-project.git
synced 2025-04-30 00:16:04 +00:00
501faaa0d6
Support for functions wmempcpy, wmemmove, wmemcmp is added to the checker. The same tests are copied that exist for the non-wide versions, with non-wide functions and character types changed to the wide version. Reviewed By: martong Differential Revision: https://reviews.llvm.org/D130470
639 lines
18 KiB
C
639 lines
18 KiB
C
// RUN: %clang_analyze_cc1 -verify %s \
|
|
// RUN: -analyzer-checker=core \
|
|
// RUN: -analyzer-checker=unix.cstring \
|
|
// RUN: -analyzer-checker=alpha.unix.cstring \
|
|
// RUN: -analyzer-disable-checker=alpha.unix.cstring.UninitializedRead \
|
|
// RUN: -analyzer-checker=debug.ExprInspection \
|
|
// RUN: -analyzer-config eagerly-assume=false
|
|
//
|
|
// RUN: %clang_analyze_cc1 -verify %s -DUSE_BUILTINS \
|
|
// RUN: -analyzer-checker=core \
|
|
// RUN: -analyzer-checker=unix.cstring \
|
|
// RUN: -analyzer-checker=alpha.unix.cstring \
|
|
// RUN: -analyzer-disable-checker=alpha.unix.cstring.UninitializedRead \
|
|
// RUN: -analyzer-checker=debug.ExprInspection \
|
|
// RUN: -analyzer-config eagerly-assume=false
|
|
|
|
//===----------------------------------------------------------------------===
|
|
// Declarations
|
|
//===----------------------------------------------------------------------===
|
|
|
|
// Some functions are implemented as builtins. These should be #defined as
|
|
// BUILTIN(f), which will prepend "__builtin_" if USE_BUILTINS is defined.
|
|
|
|
#ifdef USE_BUILTINS
|
|
# define BUILTIN(f) __builtin_ ## f
|
|
#else /* USE_BUILTINS */
|
|
# define BUILTIN(f) f
|
|
#endif /* USE_BUILTINS */
|
|
|
|
typedef __SIZE_TYPE__ size_t;
|
|
typedef __WCHAR_TYPE__ wchar_t;
|
|
|
|
void clang_analyzer_eval(int);
|
|
|
|
//===----------------------------------------------------------------------===
|
|
// wmemcpy()
|
|
//===----------------------------------------------------------------------===
|
|
|
|
#define wmemcpy BUILTIN(wmemcpy)
|
|
wchar_t *wmemcpy(wchar_t *restrict s1, const wchar_t *restrict s2, size_t n);
|
|
|
|
void wmemcpy0 (void) {
|
|
wchar_t src[] = {1, 2, 3, 4};
|
|
wchar_t dst[4] = {0};
|
|
|
|
wmemcpy(dst, src, 4); // no-warning
|
|
|
|
clang_analyzer_eval(wmemcpy(dst, src, 4) == dst); // expected-warning{{TRUE}}
|
|
|
|
// If we actually model the copy, we can make this known.
|
|
// The important thing for now is that the old value has been invalidated.
|
|
clang_analyzer_eval(dst[0] != 0); // expected-warning{{UNKNOWN}}
|
|
}
|
|
|
|
void wmemcpy1 (void) {
|
|
wchar_t src[] = {1, 2, 3, 4};
|
|
wchar_t dst[10];
|
|
|
|
wmemcpy(dst, src, 5); // expected-warning{{Memory copy function accesses out-of-bound array element}}
|
|
}
|
|
|
|
void wmemcpy2 (void) {
|
|
wchar_t src[] = {1, 2, 3, 4};
|
|
wchar_t dst[1];
|
|
|
|
wmemcpy(dst, src, 4); // expected-warning {{Memory copy function overflows the destination buffer}}
|
|
}
|
|
|
|
void wmemcpy3 (void) {
|
|
wchar_t src[] = {1, 2, 3, 4};
|
|
wchar_t dst[3];
|
|
|
|
wmemcpy(dst+1, src+2, 2); // no-warning
|
|
}
|
|
|
|
void wmemcpy4 (void) {
|
|
wchar_t src[] = {1, 2, 3, 4};
|
|
wchar_t dst[10];
|
|
|
|
wmemcpy(dst+2, src+2, 3); // expected-warning{{Memory copy function accesses out-of-bound array element}}
|
|
}
|
|
|
|
void wmemcpy5(void) {
|
|
wchar_t src[] = {1, 2, 3, 4};
|
|
wchar_t dst[3];
|
|
|
|
wmemcpy(dst + 2, src + 2, 2); // expected-warning{{Memory copy function overflows the destination buffer}}
|
|
}
|
|
|
|
void wmemcpy6(void) {
|
|
wchar_t a[4] = {0};
|
|
wmemcpy(a, a, 2); // expected-warning{{overlapping}}
|
|
}
|
|
|
|
void wmemcpy7(void) {
|
|
wchar_t a[4] = {0};
|
|
wmemcpy(a+2, a+1, 2); // expected-warning{{overlapping}}
|
|
}
|
|
|
|
void wmemcpy8(void) {
|
|
wchar_t a[4] = {0};
|
|
wmemcpy(a+1, a+2, 2); // expected-warning{{overlapping}}
|
|
}
|
|
|
|
void wmemcpy9(void) {
|
|
wchar_t a[4] = {0};
|
|
wmemcpy(a+2, a+1, 1); // no-warning
|
|
wmemcpy(a+1, a+2, 1); // no-warning
|
|
}
|
|
|
|
void wmemcpy10(void) {
|
|
wchar_t a[4] = {0};
|
|
wmemcpy(0, a, 1); // expected-warning{{Null pointer passed as 1st argument to memory copy function}}
|
|
}
|
|
|
|
void wmemcpy11(void) {
|
|
wchar_t a[4] = {0};
|
|
wmemcpy(a, 0, 1); // expected-warning{{Null pointer passed as 2nd argument to memory copy function}}
|
|
}
|
|
|
|
void wmemcpy12(void) {
|
|
wchar_t a[4] = {0};
|
|
wmemcpy(0, a, 0); // no-warning
|
|
}
|
|
|
|
void wmemcpy13(void) {
|
|
wchar_t a[4] = {0};
|
|
wmemcpy(a, 0, 0); // no-warning
|
|
}
|
|
|
|
void wmemcpy_unknown_size (size_t n) {
|
|
wchar_t a[4], b[4] = {1};
|
|
clang_analyzer_eval(wmemcpy(a, b, n) == a); // expected-warning{{TRUE}}
|
|
}
|
|
|
|
void wmemcpy_unknown_size_warn (size_t n) {
|
|
wchar_t a[4];
|
|
void *result = wmemcpy(a, 0, n); // expected-warning{{Null pointer passed as 2nd argument to memory copy function}}
|
|
clang_analyzer_eval(result == a); // no-warning (above is fatal)
|
|
}
|
|
|
|
//===----------------------------------------------------------------------===
|
|
// wmempcpy()
|
|
//===----------------------------------------------------------------------===
|
|
|
|
wchar_t *wmempcpy(wchar_t *restrict s1, const wchar_t *restrict s2, size_t n);
|
|
|
|
void wmempcpy0 (void) {
|
|
wchar_t src[] = {1, 2, 3, 4};
|
|
wchar_t dst[5] = {0};
|
|
|
|
wmempcpy(dst, src, 4); // no-warning
|
|
|
|
clang_analyzer_eval(wmempcpy(dst, src, 4) == &dst[4]); // expected-warning{{TRUE}}
|
|
|
|
// If we actually model the copy, we can make this known.
|
|
// The important thing for now is that the old value has been invalidated.
|
|
clang_analyzer_eval(dst[0] != 0); // expected-warning{{UNKNOWN}}
|
|
}
|
|
|
|
void wmempcpy1 (void) {
|
|
wchar_t src[] = {1, 2, 3, 4};
|
|
wchar_t dst[10];
|
|
|
|
wmempcpy(dst, src, 5); // expected-warning{{Memory copy function accesses out-of-bound array element}}
|
|
}
|
|
|
|
void wmempcpy2 (void) {
|
|
wchar_t src[] = {1, 2, 3, 4};
|
|
wchar_t dst[1];
|
|
|
|
wmempcpy(dst, src, 4); // expected-warning{{Memory copy function overflows the destination buffer}}
|
|
}
|
|
|
|
void wmempcpy3 (void) {
|
|
wchar_t src[] = {1, 2, 3, 4};
|
|
wchar_t dst[3];
|
|
|
|
wmempcpy(dst+1, src+2, 2); // no-warning
|
|
}
|
|
|
|
void wmempcpy4 (void) {
|
|
wchar_t src[] = {1, 2, 3, 4};
|
|
wchar_t dst[10];
|
|
|
|
wmempcpy(dst+2, src+2, 3); // expected-warning{{Memory copy function accesses out-of-bound array element}}
|
|
}
|
|
|
|
void wmempcpy5(void) {
|
|
wchar_t src[] = {1, 2, 3, 4};
|
|
wchar_t dst[3];
|
|
|
|
wmempcpy(dst + 2, src + 2, 2); // expected-warning{{Memory copy function overflows the destination buffer}}
|
|
}
|
|
|
|
void wmempcpy6(void) {
|
|
wchar_t a[4] = {0};
|
|
wmempcpy(a, a, 2); // expected-warning{{overlapping}}
|
|
}
|
|
|
|
void wmempcpy7(void) {
|
|
wchar_t a[4] = {0};
|
|
wmempcpy(a+2, a+1, 2); // expected-warning{{overlapping}}
|
|
}
|
|
|
|
void wmempcpy8(void) {
|
|
wchar_t a[4] = {0};
|
|
wmempcpy(a+1, a+2, 2); // expected-warning{{overlapping}}
|
|
}
|
|
|
|
void wmempcpy9(void) {
|
|
wchar_t a[4] = {0};
|
|
wmempcpy(a+2, a+1, 1); // no-warning
|
|
wmempcpy(a+1, a+2, 1); // no-warning
|
|
}
|
|
|
|
void wmempcpy10(void) {
|
|
wchar_t a[4] = {0};
|
|
wmempcpy(0, a, 1); // expected-warning{{Null pointer passed as 1st argument to memory copy function}}
|
|
}
|
|
|
|
void wmempcpy11(void) {
|
|
wchar_t a[4] = {0};
|
|
wmempcpy(a, 0, 1); // expected-warning{{Null pointer passed as 2nd argument to memory copy function}}
|
|
}
|
|
|
|
void wmempcpy12(void) {
|
|
wchar_t a[4] = {0};
|
|
wmempcpy(0, a, 0); // no-warning
|
|
}
|
|
|
|
void wmempcpy13(void) {
|
|
wchar_t a[4] = {0};
|
|
wmempcpy(a, 0, 0); // no-warning
|
|
}
|
|
|
|
void wmempcpy14(void) {
|
|
wchar_t src[] = {1, 2, 3, 4};
|
|
wchar_t dst[5] = {0};
|
|
wchar_t *p;
|
|
|
|
p = wmempcpy(dst, src, 4);
|
|
|
|
clang_analyzer_eval(p == &dst[4]); // expected-warning{{TRUE}}
|
|
}
|
|
|
|
struct st {
|
|
wchar_t i;
|
|
wchar_t j;
|
|
};
|
|
|
|
void wmempcpy15(void) {
|
|
struct st s1 = {0};
|
|
struct st s2;
|
|
struct st *p1;
|
|
struct st *p2;
|
|
|
|
p1 = (&s2) + 1;
|
|
p2 = (struct st *)wmempcpy((wchar_t *)&s2, (wchar_t *)&s1, 2);
|
|
|
|
clang_analyzer_eval(p1 == p2); // expected-warning{{TRUE}}
|
|
}
|
|
|
|
void wmempcpy16(void) {
|
|
struct st s1[10] = {{0}};
|
|
struct st s2[10];
|
|
struct st *p1;
|
|
struct st *p2;
|
|
|
|
p1 = (&s2[0]) + 5;
|
|
p2 = (struct st *)wmempcpy((wchar_t *)&s2[0], (wchar_t *)&s1[0], 5 * 2);
|
|
|
|
clang_analyzer_eval(p1 == p2); // expected-warning{{TRUE}}
|
|
}
|
|
|
|
void wmempcpy_unknown_size_warn (size_t n) {
|
|
wchar_t a[4];
|
|
void *result = wmempcpy(a, 0, n); // expected-warning{{Null pointer passed as 2nd argument to memory copy function}}
|
|
clang_analyzer_eval(result == a); // no-warning (above is fatal)
|
|
}
|
|
|
|
void wmempcpy_unknownable_size (wchar_t *src, float n) {
|
|
wchar_t a[4];
|
|
// This used to crash because we don't model floats.
|
|
wmempcpy(a, src, (size_t)n);
|
|
}
|
|
|
|
//===----------------------------------------------------------------------===
|
|
// wmemmove()
|
|
//===----------------------------------------------------------------------===
|
|
|
|
#define wmemmove BUILTIN(wmemmove)
|
|
wchar_t *wmemmove(wchar_t *s1, const wchar_t *s2, size_t n);
|
|
|
|
void wmemmove0 (void) {
|
|
wchar_t src[] = {1, 2, 3, 4};
|
|
wchar_t dst[4] = {0};
|
|
|
|
wmemmove(dst, src, 4); // no-warning
|
|
|
|
clang_analyzer_eval(wmemmove(dst, src, 4) == dst); // expected-warning{{TRUE}}
|
|
|
|
clang_analyzer_eval(dst[0] != 0); // expected-warning{{UNKNOWN}}
|
|
}
|
|
|
|
void wmemmove1 (void) {
|
|
wchar_t src[] = {1, 2, 3, 4};
|
|
wchar_t dst[10];
|
|
|
|
wmemmove(dst, src, 5); // expected-warning{{out-of-bound}}
|
|
}
|
|
|
|
void wmemmove2 (void) {
|
|
wchar_t src[] = {1, 2, 3, 4};
|
|
wchar_t dst[1];
|
|
|
|
wmemmove(dst, src, 4); // expected-warning{{Memory copy function overflows the destination buffer}}
|
|
}
|
|
|
|
//===----------------------------------------------------------------------===
|
|
// wmemcmp()
|
|
//===----------------------------------------------------------------------===
|
|
|
|
#define wmemcmp BUILTIN(wmemcmp)
|
|
int wmemcmp(const wchar_t *s1, const wchar_t *s2, size_t n);
|
|
|
|
void wmemcmp0 (void) {
|
|
wchar_t a[] = {1, 2, 3, 4};
|
|
wchar_t b[4] = { 0 };
|
|
|
|
wmemcmp(a, b, 4); // no-warning
|
|
}
|
|
|
|
void wmemcmp1 (void) {
|
|
wchar_t a[] = {1, 2, 3, 4};
|
|
wchar_t b[10] = { 0 };
|
|
|
|
wmemcmp(a, b, 5); // expected-warning{{out-of-bound}}
|
|
}
|
|
|
|
void wmemcmp2 (void) {
|
|
wchar_t a[] = {1, 2, 3, 4};
|
|
wchar_t b[1] = { 0 };
|
|
|
|
wmemcmp(a, b, 4); // expected-warning{{out-of-bound}}
|
|
}
|
|
|
|
void wmemcmp3 (void) {
|
|
wchar_t a[] = {1, 2, 3, 4};
|
|
|
|
clang_analyzer_eval(wmemcmp(a, a, 4) == 0); // expected-warning{{TRUE}}
|
|
}
|
|
|
|
void wmemcmp4 (wchar_t *input) {
|
|
wchar_t a[] = {1, 2, 3, 4};
|
|
|
|
clang_analyzer_eval(wmemcmp(a, input, 4) == 0); // expected-warning{{UNKNOWN}}
|
|
}
|
|
|
|
void wmemcmp5 (wchar_t *input) {
|
|
wchar_t a[] = {1, 2, 3, 4};
|
|
|
|
clang_analyzer_eval(wmemcmp(a, 0, 0) == 0); // expected-warning{{TRUE}}
|
|
clang_analyzer_eval(wmemcmp(0, a, 0) == 0); // expected-warning{{TRUE}}
|
|
clang_analyzer_eval(wmemcmp(a, input, 0) == 0); // expected-warning{{TRUE}}
|
|
}
|
|
|
|
void wmemcmp6 (wchar_t *a, wchar_t *b, size_t n) {
|
|
int result = wmemcmp(a, b, n);
|
|
if (result != 0)
|
|
clang_analyzer_eval(n != 0); // expected-warning{{TRUE}}
|
|
// else
|
|
// analyzer_assert_unknown(n == 0);
|
|
|
|
// We can't do the above comparison because n has already been constrained.
|
|
// On one path n == 0, on the other n != 0.
|
|
}
|
|
|
|
int wmemcmp7 (wchar_t *a, size_t x, size_t y, size_t n) {
|
|
// We used to crash when either of the arguments was unknown.
|
|
return wmemcmp(a, &a[x*y], n) +
|
|
wmemcmp(&a[x*y], a, n);
|
|
}
|
|
|
|
int wmemcmp8(wchar_t *a, size_t n) {
|
|
wchar_t *b = 0;
|
|
// Do not warn about the first argument!
|
|
return wmemcmp(a, b, n); // expected-warning{{Null pointer passed as 2nd argument to memory comparison function}}
|
|
}
|
|
|
|
//===----------------------------------------------------------------------===
|
|
// wcslen()
|
|
//===----------------------------------------------------------------------===
|
|
|
|
#define wcslen BUILTIN(wcslen)
|
|
size_t wcslen(const wchar_t *s);
|
|
|
|
void wcslen_constant0(void) {
|
|
clang_analyzer_eval(wcslen(L"123") == 3); // expected-warning{{TRUE}}
|
|
}
|
|
|
|
void wcslen_constant1(void) {
|
|
const wchar_t *a = L"123";
|
|
clang_analyzer_eval(wcslen(a) == 3); // expected-warning{{TRUE}}
|
|
}
|
|
|
|
void wcslen_constant2(wchar_t x) {
|
|
wchar_t a[] = L"123";
|
|
clang_analyzer_eval(wcslen(a) == 3); // expected-warning{{TRUE}}
|
|
|
|
a[0] = x;
|
|
clang_analyzer_eval(wcslen(a) == 3); // expected-warning{{UNKNOWN}}
|
|
}
|
|
|
|
size_t wcslen_null(void) {
|
|
return wcslen(0); // expected-warning{{Null pointer passed as 1st argument to string length function}}
|
|
}
|
|
|
|
size_t wcslen_fn(void) {
|
|
return wcslen((wchar_t*)&wcslen_fn); // expected-warning{{Argument to string length function is the address of the function 'wcslen_fn', which is not a null-terminated string}}
|
|
}
|
|
|
|
size_t wcslen_nonloc(void) {
|
|
label:
|
|
return wcslen((wchar_t*)&&label); // expected-warning{{Argument to string length function is the address of the label 'label', which is not a null-terminated string}}
|
|
}
|
|
|
|
void wcslen_subregion(void) {
|
|
struct two_strings { wchar_t a[2], b[2]; };
|
|
extern void use_two_strings(struct two_strings *);
|
|
|
|
struct two_strings z;
|
|
use_two_strings(&z);
|
|
|
|
size_t a = wcslen(z.a);
|
|
z.b[0] = 5;
|
|
size_t b = wcslen(z.a);
|
|
if (a == 0)
|
|
clang_analyzer_eval(b == 0); // expected-warning{{TRUE}}
|
|
|
|
use_two_strings(&z);
|
|
|
|
size_t c = wcslen(z.a);
|
|
if (a == 0)
|
|
clang_analyzer_eval(c == 0); // expected-warning{{UNKNOWN}}
|
|
}
|
|
|
|
extern void use_string(wchar_t *);
|
|
void wcslen_argument(wchar_t *x) {
|
|
size_t a = wcslen(x);
|
|
size_t b = wcslen(x);
|
|
if (a == 0)
|
|
clang_analyzer_eval(b == 0); // expected-warning{{TRUE}}
|
|
|
|
use_string(x);
|
|
|
|
size_t c = wcslen(x);
|
|
if (a == 0)
|
|
clang_analyzer_eval(c == 0); // expected-warning{{UNKNOWN}}
|
|
}
|
|
|
|
extern wchar_t global_str[];
|
|
void wcslen_global(void) {
|
|
size_t a = wcslen(global_str);
|
|
size_t b = wcslen(global_str);
|
|
if (a == 0) {
|
|
clang_analyzer_eval(b == 0); // expected-warning{{TRUE}}
|
|
// Make sure clang_analyzer_eval does not invalidate globals.
|
|
clang_analyzer_eval(wcslen(global_str) == 0); // expected-warning{{TRUE}}
|
|
}
|
|
|
|
// Call a function with unknown effects, which should invalidate globals.
|
|
use_string(0);
|
|
|
|
size_t c = wcslen(global_str);
|
|
if (a == 0)
|
|
clang_analyzer_eval(c == 0); // expected-warning{{UNKNOWN}}
|
|
}
|
|
|
|
void wcslen_indirect(wchar_t *x) {
|
|
size_t a = wcslen(x);
|
|
wchar_t *p = x;
|
|
wchar_t **p2 = &p;
|
|
size_t b = wcslen(x);
|
|
if (a == 0)
|
|
clang_analyzer_eval(b == 0); // expected-warning{{TRUE}}
|
|
|
|
extern void use_string_ptr(wchar_t*const*);
|
|
use_string_ptr(p2);
|
|
|
|
size_t c = wcslen(x);
|
|
if (a == 0)
|
|
clang_analyzer_eval(c == 0); // expected-warning{{UNKNOWN}}
|
|
}
|
|
|
|
void wcslen_indirect2(wchar_t *x) {
|
|
size_t a = wcslen(x);
|
|
wchar_t *p = x;
|
|
wchar_t **p2 = &p;
|
|
extern void use_string_ptr2(wchar_t**);
|
|
use_string_ptr2(p2);
|
|
|
|
size_t c = wcslen(x);
|
|
if (a == 0)
|
|
clang_analyzer_eval(c == 0); // expected-warning{{UNKNOWN}}
|
|
}
|
|
|
|
void wcslen_liveness(const wchar_t *x) {
|
|
if (wcslen(x) < 5)
|
|
return;
|
|
clang_analyzer_eval(wcslen(x) < 5); // expected-warning{{FALSE}}
|
|
}
|
|
|
|
|
|
size_t wcslenWrapper(const wchar_t *str) {
|
|
return wcslen(str);
|
|
}
|
|
|
|
extern void invalidate(wchar_t *s);
|
|
|
|
void testwcslenCallee(void) {
|
|
wchar_t str[42];
|
|
invalidate(str);
|
|
size_t lenBefore = wcslenWrapper(str);
|
|
invalidate(str);
|
|
size_t lenAfter = wcslenWrapper(str);
|
|
clang_analyzer_eval(lenBefore == lenAfter); // expected-warning{{UNKNOWN}}
|
|
}
|
|
|
|
//===----------------------------------------------------------------------===
|
|
// wcsnlen()
|
|
//===----------------------------------------------------------------------===
|
|
|
|
size_t wcsnlen(const wchar_t *s, size_t maxlen);
|
|
|
|
void wcsnlen_constant0(void) {
|
|
clang_analyzer_eval(wcsnlen(L"123", 10) == 3); // expected-warning{{TRUE}}
|
|
}
|
|
|
|
void wcsnlen_constant1(void) {
|
|
const wchar_t *a = L"123";
|
|
clang_analyzer_eval(wcsnlen(a, 10) == 3); // expected-warning{{TRUE}}
|
|
}
|
|
|
|
void wcsnlen_constant2(char x) {
|
|
wchar_t a[] = L"123";
|
|
clang_analyzer_eval(wcsnlen(a, 10) == 3); // expected-warning{{TRUE}}
|
|
a[0] = x;
|
|
clang_analyzer_eval(wcsnlen(a, 10) == 3); // expected-warning{{UNKNOWN}}
|
|
}
|
|
|
|
void wcsnlen_constant4(void) {
|
|
clang_analyzer_eval(wcsnlen(L"123456", 3) == 3); // expected-warning{{TRUE}}
|
|
}
|
|
|
|
void wcsnlen_constant5(void) {
|
|
const wchar_t *a = L"123456";
|
|
clang_analyzer_eval(wcsnlen(a, 3) == 3); // expected-warning{{TRUE}}
|
|
}
|
|
|
|
void wcsnlen_constant6(char x) {
|
|
wchar_t a[] = L"123456";
|
|
clang_analyzer_eval(wcsnlen(a, 3) == 3); // expected-warning{{TRUE}}
|
|
a[0] = x;
|
|
clang_analyzer_eval(wcsnlen(a, 3) == 3); // expected-warning{{UNKNOWN}}
|
|
}
|
|
|
|
size_t wcsnlen_null(void) {
|
|
return wcsnlen(0, 3); // expected-warning{{Null pointer passed as 1st argument to string length function}}
|
|
}
|
|
|
|
size_t wcsnlen_fn(void) {
|
|
return wcsnlen((wchar_t*)&wcsnlen_fn, 3); // expected-warning{{Argument to string length function is the address of the function 'wcsnlen_fn', which is not a null-terminated string}}
|
|
}
|
|
|
|
size_t wcsnlen_nonloc(void) {
|
|
label:
|
|
return wcsnlen((wchar_t*)&&label, 3); // expected-warning{{Argument to string length function is the address of the label 'label', which is not a null-terminated string}}
|
|
}
|
|
|
|
void wcsnlen_zero(void) {
|
|
clang_analyzer_eval(wcsnlen(L"abc", 0) == 0); // expected-warning{{TRUE}}
|
|
clang_analyzer_eval(wcsnlen(0, 0) == 0); // expected-warning{{TRUE}}
|
|
}
|
|
|
|
size_t wcsnlen_compound_literal(void) {
|
|
// This used to crash because we don't model the string lengths of
|
|
// compound literals.
|
|
return wcsnlen((wchar_t[]) { 'a', 'b', 0 }, 1);
|
|
}
|
|
|
|
size_t wcsnlen_unknown_limit(float f) {
|
|
// This used to crash because we don't model the integer values of floats.
|
|
return wcsnlen(L"abc", (int)f);
|
|
}
|
|
|
|
void wcsnlen_is_not_wcslen(wchar_t *x) {
|
|
clang_analyzer_eval(wcsnlen(x, 10) == wcslen(x)); // expected-warning{{UNKNOWN}}
|
|
}
|
|
|
|
void wcsnlen_at_limit(wchar_t *x) {
|
|
size_t len = wcsnlen(x, 10);
|
|
clang_analyzer_eval(len <= 10); // expected-warning{{TRUE}}
|
|
clang_analyzer_eval(len == 10); // expected-warning{{UNKNOWN}}
|
|
clang_analyzer_eval(len < 10); // expected-warning{{UNKNOWN}}
|
|
}
|
|
|
|
void wcsnlen_at_actual(size_t limit) {
|
|
size_t len = wcsnlen(L"abc", limit);
|
|
clang_analyzer_eval(len <= 3); // expected-warning{{TRUE}}
|
|
// This is due to eager assertion in wcsnlen.
|
|
if (limit == 0) {
|
|
clang_analyzer_eval(len == 0); // expected-warning{{TRUE}}
|
|
} else {
|
|
clang_analyzer_eval(len == 3); // expected-warning{{UNKNOWN}}
|
|
clang_analyzer_eval(len < 3); // expected-warning{{UNKNOWN}}
|
|
}
|
|
}
|
|
|
|
//===----------------------------------------------------------------------===
|
|
// other tests
|
|
//===----------------------------------------------------------------------===
|
|
|
|
static const wchar_t w_str[] = L"Hello world";
|
|
|
|
void wmemcpy_sizeof(void) {
|
|
wchar_t a[32];
|
|
wmemcpy(a, w_str, sizeof(w_str) / sizeof(w_str[0]));
|
|
wmemcpy(a, w_str, (sizeof(w_str) / sizeof(w_str[0])) + 1); // expected-warning {{Memory copy function accesses out-of-bound array element}}
|
|
}
|
|
|
|
void wmemcpy_wcslen(void) {
|
|
wchar_t a[32];
|
|
// FIXME: This should work with 'w_str' instead of 'w_str1'
|
|
const wchar_t w_str1[] = L"Hello world";
|
|
wmemcpy(a, w_str1, wcslen(w_str1) + 1);
|
|
wmemcpy(a, w_str1, wcslen(w_str1) + 2); // expected-warning {{Memory copy function accesses out-of-bound array element}}
|
|
}
|