[clang] [analyzer][NFC] Add ArrayBoundV2 testcase to document bad cast modeling (PR #108799)

Mon, 16 Sep 2024 00:27:45 -0700 

https://github.com/NagyDonat created 
https://github.com/llvm/llvm-project/pull/108799

Add a FIXME testcase which documents less than ideal behavior of the analyzer 
when a `const char *` is converted to `const unsigned char *`. This testcase is 
motivated by an ArrayBoundV2 report produced on the source file `id3v2enc.c` 
within the ffmpeg project.

From 728c3c9d8c0575acb144fb067736ab01873eb16e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Don=C3=A1t=20Nagy?= <donat.n...@ericsson.com>
Date: Mon, 16 Sep 2024 09:20:25 +0200
Subject: [PATCH] [analyzer][NFC] Add a testcase documenting a borderline FP
 report

Add a FIXME testcase which documents less than ideal behavior of the
analyzer when a `const char *` is converted to `const unsigned char *`.
This testcase is motivated by an ArrayBoundV2 report produced on the
source file `id3v2enc.c` within the ffmpeg project.
---
 clang/test/Analysis/out-of-bounds.c | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/clang/test/Analysis/out-of-bounds.c 
b/clang/test/Analysis/out-of-bounds.c
index 1f771c2b3bd138..9b9cc368af94dc 100644
--- a/clang/test/Analysis/out-of-bounds.c
+++ b/clang/test/Analysis/out-of-bounds.c
@@ -1,4 +1,4 @@
-// RUN: %clang_analyze_cc1 -Wno-array-bounds 
-analyzer-checker=core,alpha.security.ArrayBoundV2,debug.ExprInspection -verify 
%s
+// RUN: %clang_analyze_cc1 -Wno-array-bounds -Wno-pointer-sign 
-analyzer-checker=core,alpha.security.ArrayBoundV2,debug.ExprInspection -verify 
%s
 
 void clang_analyzer_eval(int);
 
@@ -194,3 +194,19 @@ char test_comparison_with_extent_symbol(struct incomplete 
*p) {
   return ((char *)p)[-1]; // no-warning
 }
 
+
+typedef unsigned char uint8_t;
+static int string_is_ascii(const uint8_t *str) {
+  while (*str && *str < 128) str++;
+  // expected-warning@-1 {{Out of bound access to memory}}
+  return !*str;
+}
+void test_charptr_ucharptr_conversion(void) {
+  const char *s = "";
+  // NOTE: This code passes a `const char *` to a `const unsigned char *`
+  // parameter, which is a bit dodgy (it would be reported by -Wpointer-sign),
+  // but works on platforms where `char` is unsigned.
+  // FIXME: The analyzer is confused by this conversion and cannot deduce that
+  // `*str` is immediately equal to zero within `string_is_ascii()`.
+  string_is_ascii(s);
+}

_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Reply via email to