https://github.com/NagyDonat created
https://github.com/llvm/llvm-project/pull/126539
Before commit 6e17ed9b04e5523cc910bf171c3122dcc64b86db the test file
`no-outofbounds.c` tested the behavior of the old alpha checker
`alpha.security.ArrayBound` (V1); then that commit converted it into a test for
the checker `security.ArrayBound` which was previously called
`alpha.security.ArrayBoundV2`.
This commit removes this small separate test file and adds some tests to the
"native" test files of `security.ArrayBound` to ensure that the same
functionality is still tested.
This is intended as the first commit in a series that reorganizes the tests of
`security.ArrayBound` to system that's easier to understand and maintain.
From 2f5c134c9d03c852eeadf129b264da1ce3354a06 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Don=C3=A1t=20Nagy?= <donat.n...@ericsson.com>
Date: Mon, 10 Feb 2025 17:19:19 +0100
Subject: [PATCH] [NFC][analyzer] OOB test consolidation I: no-outofbounds.c
Before commit 6e17ed9b04e5523cc910bf171c3122dcc64b86db the test file
`no-outofbounds.c` tested the behavior of the old alpha checker
`alpha.security.ArrayBound` (V1); then that commit converted it into a
test for the checker `security.ArrayBound` which was previously called
`alpha.security.ArrayBoundV2`.
This commit removes this small separate test file and adds some tests to
the "native" test files of `security.ArrayBound` to ensure that the same
functionality is still tested.
This is intended as the first commit in a series that reorganizes the
tests of `security.ArrayBound` to system that's easier to understand and
maintain.
---
clang/test/Analysis/no-outofbounds.c | 32 -------------------
.../test/Analysis/out-of-bounds-diagnostics.c | 29 ++++++++++++++++-
clang/test/Analysis/out-of-bounds.c | 2 +-
3 files changed, 29 insertions(+), 34 deletions(-)
delete mode 100644 clang/test/Analysis/no-outofbounds.c
diff --git a/clang/test/Analysis/no-outofbounds.c
b/clang/test/Analysis/no-outofbounds.c
deleted file mode 100644
index c6219ae74ab42ca..000000000000000
--- a/clang/test/Analysis/no-outofbounds.c
+++ /dev/null
@@ -1,32 +0,0 @@
-// RUN: %clang_analyze_cc1
-analyzer-checker=core,alpha.core,alpha.unix,security.ArrayBound -verify %s
-// expected-no-diagnostics
-
-//===----------------------------------------------------------------------===//
-// This file tests cases where we should not flag out-of-bounds warnings.
-//===----------------------------------------------------------------------===//
-
-void f(void) {
- long x = 0;
- char *y = (char*) &x;
- char c = y[0] + y[1] + y[2]; // no-warning
- short *z = (short*) &x;
- short s = z[0] + z[1]; // no-warning
-}
-
-void g(void) {
- int a[2];
- char *b = (char*)a;
- b[3] = 'c'; // no-warning
-}
-
-typedef typeof(sizeof(int)) size_t;
-void *malloc(size_t);
-void free(void *);
-
-void field(void) {
- struct vec { size_t len; int data[0]; };
- struct vec *a = malloc(sizeof(struct vec) + 10*sizeof(int));
- a->len = 10;
- a->data[1] = 5; // no-warning
- free(a);
-}
diff --git a/clang/test/Analysis/out-of-bounds-diagnostics.c
b/clang/test/Analysis/out-of-bounds-diagnostics.c
index 1db01251148e14b..524fa4e2aaaf769 100644
--- a/clang/test/Analysis/out-of-bounds-diagnostics.c
+++ b/clang/test/Analysis/out-of-bounds-diagnostics.c
@@ -231,7 +231,16 @@ int arrayOfStructsArrow(void) {
// expected-note@-2 {{Access of 'itemArray' at index 35, while it holds only
20 'struct item' elements}}
}
+char convertedScalar(long long var) {
+ char *p = ((char*)&var);
+ (void) p[3]; // no-warning
+ return p[13];
+ // expected-warning@-1 {{Out of bound access to memory after the end of
'var'}}
+ // expected-note@-2 {{Access of 'var' at index 13, while it holds only 8
'char' elements}}
+}
+
short convertedArray(void) {
+ (void) ((short*)TenElements)[17]; // no-warning
return ((short*)TenElements)[47];
// expected-warning@-1 {{Out of bound access to memory after the end of
'TenElements'}}
// expected-note@-2 {{Access of 'TenElements' at index 47, while it holds
only 20 'short' elements}}
@@ -268,23 +277,41 @@ int intFromStringDivisible(void) {
typedef __typeof(sizeof(int)) size_t;
void *malloc(size_t size);
+void free(void *mem);
int *mallocRegion(void) {
int *mem = (int*)malloc(2*sizeof(int));
+ mem[1] = 48; // no-warning
+
mem[3] = -2;
// expected-warning@-1 {{Out of bound access to memory after the end of the
heap area}}
// expected-note@-2 {{Access of the heap area at index 3, while it holds
only 2 'int' elements}}
return mem;
}
+typedef struct { size_t len; int data[0]; } vec_t;
+
+void mallocFlexibleArray(void) {
+ vec_t *v = malloc(sizeof(vec_t) + 10 * sizeof(int));
+ v->len = 10;
+ v->data[1] = 5; // no-warning
+ v->data[11] = 99;
+ // TODO: Here ideally we would expect
+ // {{Out of bound access to memory after the end of the heap area}}
+ // {{Access of the heap area at index 11, while it holds only 10 'int'
elements}}
+ // but the analyzer cannot (yet) deduce the size of the flexible array member
+ // from the size of the whole allocated area.
+ free(v);
+}
+
int *custom_calloc(size_t a, size_t b) {
size_t res;
return __builtin_mul_overflow(a, b, &res) ? 0 : malloc(res);
}
-int *mallocRegionOverflow(void) {
+int *mallocMulOverflow(void) {
int *mem = (int*)custom_calloc(10, sizeof(int));
mem[20] = 10;
diff --git a/clang/test/Analysis/out-of-bounds.c
b/clang/test/Analysis/out-of-bounds.c
index 734a56602e2aa40..923797200d0b403 100644
--- a/clang/test/Analysis/out-of-bounds.c
+++ b/clang/test/Analysis/out-of-bounds.c
@@ -153,7 +153,7 @@ void test_assume_after_access(unsigned long x) {
int *get_symbolic(void);
void test_underflow_symbolic(void) {
int *buf = get_symbolic();
- buf[-1] = 0; // no-warning;
+ buf[-1] = 0; // no-warning
}
// But warn if we understand the internal memory layout of a symbolic region.
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
