Skip to content

Commit acf21ba

Browse files
t-rasmudt-rasmud
committed
Revert test case changes
1 parent 8163c8e commit acf21ba

File tree

5 files changed

+144
-125
lines changed

5 files changed

+144
-125
lines changed

clang/test/Analysis/ArrayBound/assumption-reporting.c

Lines changed: 38 additions & 46 deletions
Original file line numberDiff line numberDiff line change
@@ -15,8 +15,8 @@ int TenElements[10];
1515

1616
int irrelevantAssumptions(int arg) {
1717
int a = TenElements[arg];
18-
// expected-warning@-1 {{Out of bound access to memory around 'TenElements'}}
19-
// expected-note@-2 {{Access of 'TenElements' at a negative or overflowing index, while it holds only 10 'int' elements}}
18+
// Here the analyzer assumes that `arg` is in bounds, but doesn't report this
19+
// because `arg` is not interesting for the bug.
2020
int b = TenElements[13];
2121
// expected-warning@-1 {{Out of bound access to memory after the end of 'TenElements'}}
2222
// expected-note@-2 {{Access of 'TenElements' at index 13, while it holds only 10 'int' elements}}
@@ -26,10 +26,8 @@ int irrelevantAssumptions(int arg) {
2626

2727
int assumingBoth(int arg) {
2828
int a = TenElements[arg];
29-
// expected-warning@-1 {{Out of bound access to memory around 'TenElements'}}
30-
// expected-note@-2 {{Access of 'TenElements' at a negative or overflowing index, while it holds only 10 'int' elements}}
31-
int b = TenElements[arg]; // expected-warning{{Out of bound access to memory after the end of 'TenElements'}}
32-
// expected-note@-1 {{Access of 'TenElements' at an overflowing index, while it holds only 10 'int' elements}}
29+
// expected-note@-1 {{Assuming index is non-negative and less than 10, the number of 'int' elements in 'TenElements'}}
30+
int b = TenElements[arg]; // no additional note, we already assumed that 'arg' is in bounds
3331
int c = TenElements[arg + 10];
3432
// expected-warning@-1 {{Out of bound access to memory after the end of 'TenElements'}}
3533
// expected-note@-2 {{Access of 'TenElements' at an overflowing index, while it holds only 10 'int' elements}}
@@ -41,11 +39,9 @@ int assumingBothPointerToMiddle(int arg) {
4139
// will speak about the "byte offset" measured from the beginning of the TenElements.
4240
int *p = TenElements + 2;
4341
int a = p[arg];
44-
// expected-warning@-1 {{Out of bound access to memory around 'TenElements'}}
45-
// expected-note@-2 {{Access of 'TenElements' at a negative or overflowing index, while it holds only 10 'int' elements}}
42+
// expected-note@-1 {{Assuming byte offset is non-negative and less than 40, the extent of 'TenElements'}}
4643

47-
int b = TenElements[arg]; // expected-warning{{Out of bound access to memory after the end of 'TenElements'}}
48-
// expected-note@-1 {{Access of 'TenElements' at an overflowing index, while it holds only 10 'int' elements}}
44+
int b = TenElements[arg]; // This is normal access, and only the lower bound is new.
4945
int c = TenElements[arg + 10];
5046
// expected-warning@-1 {{Out of bound access to memory after the end of 'TenElements'}}
5147
// expected-note@-2 {{Access of 'TenElements' at an overflowing index, while it holds only 10 'int' elements}}
@@ -66,16 +62,15 @@ int assumingLower(int arg) {
6662
}
6763

6864
int assumingUpper(int arg) {
69-
// expected-note@+2 2{{Assuming 'arg' is >= 0}}
70-
// expected-note@+1 2{{Taking false branch}}
65+
// expected-note@+2 {{Assuming 'arg' is >= 0}}
66+
// expected-note@+1 {{Taking false branch}}
7167
if (arg < 0)
7268
return 0;
7369
int a = TenElements[arg];
74-
// expected-warning@-1 {{Out of bound access to memory after the end of 'TenElements'}}
75-
// expected-note@-2 {{Access of 'TenElements' at an overflowing index, while it holds only 10 'int' elements}}
70+
// expected-note@-1 {{Assuming index is less than 10, the number of 'int' elements in 'TenElements'}}
7671
int b = TenElements[arg - 10];
77-
// expected-warning@-1 {{Out of bound access to memory after the end of 'TenElements'}}
78-
// expected-note@-2 {{Access of 'TenElements' at an overflowing index, while it holds only 10 'int' elements}}
72+
// expected-warning@-1 {{Out of bound access to memory preceding 'TenElements'}}
73+
// expected-note@-2 {{Access of 'TenElements' at a negative index}}
7974
return a + b;
8075
}
8176

@@ -87,13 +82,12 @@ int assumingUpperIrrelevant(int arg) {
8782
// filter out assumptions that are logically irrelevant but "touch"
8883
// interesting symbols; eventually it would be good to add support for this.
8984

90-
// expected-note@+2 2{{Assuming 'arg' is >= 0}}
91-
// expected-note@+1 2{{Taking false branch}}
85+
// expected-note@+2 {{Assuming 'arg' is >= 0}}
86+
// expected-note@+1 {{Taking false branch}}
9287
if (arg < 0)
9388
return 0;
9489
int a = TenElements[arg];
95-
// expected-warning@-1 {{Out of bound access to memory after the end of 'TenElements'}}
96-
// expected-note@-2 {{Access of 'TenElements' at an overflowing index, while it holds only 10 'int' elements}}
90+
// expected-note@-1 {{Assuming index is less than 10, the number of 'int' elements in 'TenElements'}}
9791
int b = TenElements[arg + 10];
9892
// expected-warning@-1 {{Out of bound access to memory after the end of 'TenElements'}}
9993
// expected-note@-2 {{Access of 'TenElements' at an overflowing index, while it holds only 10 'int' elements}}
@@ -102,11 +96,10 @@ int assumingUpperIrrelevant(int arg) {
10296

10397
int assumingUpperUnsigned(unsigned arg) {
10498
int a = TenElements[arg];
105-
// expected-warning@-1 {{Out of bound access to memory after the end of 'TenElements'}}
106-
// expected-note@-2 {{Access of 'TenElements' at an overflowing index, while it holds only 10 'int' elements}}
99+
// expected-note@-1 {{Assuming index is less than 10, the number of 'int' elements in 'TenElements'}}
107100
int b = TenElements[(int)arg - 10];
108-
// expected-warning@-1 {{Out of bound access to memory around 'TenElements'}}
109-
// expected-note@-2 {{Access of 'TenElements' at a negative or overflowing index, while it holds only 10 'int' elements}}
101+
// expected-warning@-1 {{Out of bound access to memory preceding 'TenElements'}}
102+
// expected-note@-2 {{Access of 'TenElements' at a negative index}}
110103
return a + b;
111104
}
112105

@@ -127,10 +120,8 @@ short assumingConvertedToCharP(int arg) {
127120
// result type of the subscript operator.
128121
char *cp = (char*)TenElements;
129122
char a = cp[arg];
130-
// expected-warning@-1 {{Out of bound access to memory around 'TenElements'}}
131-
// expected-note@-2 {{Access of 'TenElements' at a negative or overflowing index, while it holds only 40 'char' elements}}
132-
char b = cp[arg]; // expected-warning{{Out of bound access to memory after the end of 'TenElements'}}
133-
// expected-note@-1 {{Access of 'TenElements' at an overflowing index, while it holds only 40 'char' elements}}
123+
// expected-note@-1 {{Assuming index is non-negative and less than 40, the number of 'char' elements in 'TenElements'}}
124+
char b = cp[arg]; // no additional note, we already assumed that 'arg' is in bounds
134125
char c = cp[arg + 40];
135126
// expected-warning@-1 {{Out of bound access to memory after the end of 'TenElements'}}
136127
// expected-note@-2 {{Access of 'TenElements' at an overflowing index, while it holds only 40 'char' elements}}
@@ -147,14 +138,14 @@ int assumingConvertedToIntP(struct foo f, int arg) {
147138
// When indices are reported, the note will use the element type that's the
148139
// result type of the subscript operator.
149140
int a = ((int*)(f.a))[arg];
150-
// expected-warning@-1 {{Out of bound access to memory around 'f.a'}}
151-
// expected-note@-2 {{Access of 'f.a' at a negative or overflowing index, while it holds only 2 'int' elements}}
141+
// expected-note@-1 {{Assuming index is non-negative and less than 2, the number of 'int' elements in 'f.a'}}
142+
// However, if the extent of the memory region is not divisible by the
143+
// element size, the checker measures the offset and extent in bytes.
152144
int b = ((int*)(f.b))[arg];
153-
// expected-warning@-1 {{Out of bound access to memory after the end of 'f.b'}}
154-
// expected-note@-2 {{Access of 'f.b' at an overflowing byte offset, while it holds only 5 bytes}}
145+
// expected-note@-1 {{Assuming byte offset is less than 5, the extent of 'f.b'}}
155146
int c = TenElements[arg-2];
156-
// expected-warning@-1 {{Out of bound access to memory after the end of 'TenElements'}}
157-
// expected-note@-2 {{Access of 'TenElements' at an overflowing index, while it holds only 10 'int' elements}}
147+
// expected-warning@-1 {{Out of bound access to memory preceding 'TenElements'}}
148+
// expected-note@-2 {{Access of 'TenElements' at a negative index}}
158149
return a + b + c;
159150
}
160151

@@ -163,14 +154,16 @@ int assumingPlainOffset(struct foo f, int arg) {
163154
// shorter "offset" instead of "byte offset" when it's irrelevant that the
164155
// offset is measured in bytes.
165156

166-
// expected-note@+2 2{{Assuming 'arg' is < 2}}
167-
// expected-note@+1 2{{Taking false branch}}
157+
// expected-note@+2 {{Assuming 'arg' is < 2}}
158+
// expected-note@+1 {{Taking false branch}}
168159
if (arg >= 2)
169160
return 0;
170161

171162
int b = ((int*)(f.b))[arg];
172-
// expected-warning@-1 {{Out of bound access to memory around 'f.b'}}
173-
// expected-note@-2 {{Access of 'f.b' at a negative or overflowing byte offset, while it holds only 5 bytes}}
163+
// expected-note@-1 {{Assuming byte offset is non-negative and less than 5, the extent of 'f.b'}}
164+
// FIXME: this should be {{Assuming offset is non-negative}}
165+
// but the current simplification algorithm doesn't realize that arg <= 1
166+
// implies that the byte offset arg*4 will be less than 5.
174167

175168
int c = TenElements[arg+10];
176169
// expected-warning@-1 {{Out of bound access to memory after the end of 'TenElements'}}
@@ -188,14 +181,13 @@ int assumingExtent(int arg) {
188181
int *mem = (int*)malloc(arg);
189182

190183
mem[12] = 123;
191-
// expected-warning@-1 {{Out of bound access to memory after the end of the heap area}}
192-
// expected-note@-2 {{Access of 'int' element in the heap area at index 12}}
184+
// expected-note@-1 {{Assuming index '12' is less than the number of 'int' elements in the heap area}}
193185

194186
free(mem);
195187

196188
return TenElements[arg];
197-
// expected-warning@-1 {{Out of bound access to memory around 'TenElements'}}
198-
// expected-note@-2 {{Access of 'TenElements' at a negative or overflowing index, while it holds only 10 'int' elements}}
189+
// expected-warning@-1 {{Out of bound access to memory after the end of 'TenElements'}}
190+
// expected-note@-2 {{Access of 'TenElements' at an overflowing index, while it holds only 10 'int' elements}}
199191
}
200192

201193
int *extentInterestingness(int arg) {
@@ -204,8 +196,7 @@ int *extentInterestingness(int arg) {
204196
int *mem = (int*)malloc(arg);
205197

206198
TenElements[arg] = 123;
207-
// expected-warning@-1 {{Out of bound access to memory around 'TenElements'}}
208-
// expected-note@-2 {{Access of 'TenElements' at a negative or overflowing index, while it holds only 10 'int' elements}}
199+
// expected-note@-1 {{Assuming index is non-negative and less than 10, the number of 'int' elements in 'TenElements'}}
209200

210201
return &mem[12];
211202
// expected-warning@-1 {{Out of bound access to memory after the end of the heap area}}
@@ -217,7 +208,8 @@ int triggeredByAnyReport(int arg) {
217208
// not limited to ArrayBound reports but will appear on any bug report (that
218209
// marks the relevant symbol as interesting).
219210
TenElements[arg + 10] = 8;
220-
// expected-warning@-1 {{Out of bound access to memory around 'TenElements'}}
221-
// expected-note@-2 {{Access of 'TenElements' at a negative or overflowing index, while it holds only 10 'int' elements}}
211+
// expected-note@-1 {{Assuming index is non-negative and less than 10, the number of 'int' elements in 'TenElements'}}
222212
return 1024 >> arg;
213+
// expected-warning@-1 {{Right operand is negative in right shift}}
214+
// expected-note@-2 {{The result of right shift is undefined because the right operand is negative}}
223215
}

clang/test/Analysis/ArrayBound/assumptions.c

Lines changed: 48 additions & 48 deletions
Original file line numberDiff line numberDiff line change
@@ -12,63 +12,63 @@ void clang_analyzer_value(int);
1212
extern int FiveInts[5];
1313

1414
void int_plus_one(int len) {
15-
(void)FiveInts[len + 1]; // expected-warning {{Out of bound access to memory around 'FiveInts'}}
16-
clang_analyzer_value(len); // expected-warning {{32s:{ [4, 2147483647] }}}
15+
(void)FiveInts[len + 1]; // no-warning
16+
clang_analyzer_value(len); // expected-warning {{{ [-1, 3] }}}
1717
}
1818

1919
void int_neutral(int len) {
20-
(void)FiveInts[len]; // expected-warning {{Out of bound access to memory around 'FiveInts'}}
21-
clang_analyzer_value(len); // expected-warning {{32s:{ [5, 2147483647] }}}
20+
(void)FiveInts[len]; // no-warning
21+
clang_analyzer_value(len); // expected-warning {{{ [0, 4] }}}
2222
}
2323

2424
void int_minus_one(int len) {
25-
(void)FiveInts[len - 1]; // expected-warning {{Out of bound access to memory around 'FiveInts'}}
26-
clang_analyzer_value(len); // expected-warning {{32s:{ [-2147483648, -2147483648], [6, 2147483647] }}}
25+
(void)FiveInts[len - 1]; // no-warning
26+
clang_analyzer_value(len); // expected-warning {{{ [1, 5] }}}
2727
}
2828

2929
void unsigned_plus_one(unsigned len) {
30-
(void)FiveInts[len + 1]; // expected-warning {{Out of bound access to memory after the end of 'FiveInts'}}
31-
clang_analyzer_value(len); // expected-warning {{32u:{ [4, 4294967295] }}}
30+
(void)FiveInts[len + 1]; // no-warning
31+
clang_analyzer_value(len); // expected-warning {{{ [0, 3] }}}
3232
}
3333

3434
void unsigned_neutral(unsigned len) {
35-
(void)FiveInts[len]; // expected-warning {{Out of bound access to memory after the end of 'FiveInts'}}
36-
clang_analyzer_value(len); // expected-warning {{32u:{ [5, 4294967295] }}}
35+
(void)FiveInts[len]; // no-warning
36+
clang_analyzer_value(len); // expected-warning {{{ [0, 4] }}}
3737
}
3838

3939
void unsigned_minus_one(unsigned len) {
40-
(void)FiveInts[len - 1]; // expected-warning {{Out of bound access to memory after the end of 'FiveInts'}}
41-
clang_analyzer_value(len); // expected-warning {{32u:{ [0, 0], [6, 4294967295] }}
40+
(void)FiveInts[len - 1]; // no-warning
41+
clang_analyzer_value(len); // expected-warning {{{ [1, 5] }}}
4242
}
4343

4444
void ll_plus_one(long long len) {
45-
(void)FiveInts[len + 1]; // expected-warning {{Out of bound access to memory around 'FiveInts'}}
46-
clang_analyzer_value(len); // expected-warning {{64s:{ [4, 9223372036854775807] }}}
45+
(void)FiveInts[len + 1]; // no-warning
46+
clang_analyzer_value(len); // expected-warning {{{ [-1, 3] }}}
4747
}
4848

4949
void ll_neutral(long long len) {
50-
(void)FiveInts[len]; // expected-warning {{Out of bound access to memory around 'FiveInts'}}
51-
clang_analyzer_value(len); // expected-warning {{64s:{ [5, 9223372036854775807] }}}
50+
(void)FiveInts[len]; // no-warning
51+
clang_analyzer_value(len); // expected-warning {{{ [0, 4] }}}
5252
}
5353

5454
void ll_minus_one(long long len) {
55-
(void)FiveInts[len - 1]; // expected-warning {{Out of bound access to memory around 'FiveInts'}}
56-
clang_analyzer_value(len); // expected-warning {{64s:{ [-9223372036854775808, -9223372036854775808], [6, 9223372036854775807] }}}
55+
(void)FiveInts[len - 1]; // no-warning
56+
clang_analyzer_value(len); // expected-warning {{{ [1, 5] }}}
5757
}
5858

5959
void ull_plus_one(unsigned long long len) {
60-
(void)FiveInts[len + 1]; // expected-warning {{Out of bound access to memory after the end of 'FiveInts'}}
61-
clang_analyzer_value(len); // expected-warning {{64u:{ [4, 18446744073709551615] }}}
60+
(void)FiveInts[len + 1]; // no-warning
61+
clang_analyzer_value(len); // expected-warning {{{ [0, 3] }}}
6262
}
6363

6464
void ull_neutral(unsigned long long len) {
65-
(void)FiveInts[len]; // expected-warning {{Out of bound access to memory after the end of 'FiveInts'}}
66-
clang_analyzer_value(len); // expected-warning {{64u:{ [5, 18446744073709551615] }}}
65+
(void)FiveInts[len]; // no-warning
66+
clang_analyzer_value(len); // expected-warning {{{ [0, 4] }}}
6767
}
6868

6969
void ull_minus_one(unsigned long long len) {
70-
(void)FiveInts[len - 1]; // expected-warning {{Out of bound access to memory after the end of 'FiveInts'}}
71-
clang_analyzer_value(len); // expected-warning {{64u:{ [0, 0], [6, 18446744073709551615] }}}
70+
(void)FiveInts[len - 1]; // no-warning
71+
clang_analyzer_value(len); // expected-warning {{{ [1, 5] }}}
7272
}
7373

7474
// Also try the same with a dynamically allocated memory block, because in the
@@ -80,84 +80,84 @@ void free(void *);
8080

8181
void dyn_int_plus_one(int len) {
8282
char *p = malloc(5);
83-
p[len + 1] = 1; // expected-warning {{Out of bound access to memory around the heap area}}
84-
clang_analyzer_value(len); // expected-warning {{32s:{ [4, 2147483647] }}}
83+
p[len + 1] = 1; // no-warning
84+
clang_analyzer_value(len); // expected-warning {{{ [-1, 3] }}}
8585
free(p);
8686
}
8787

8888
void dyn_int_neutral(int len) {
8989
char *p = malloc(5);
90-
p[len] = 1; // expected-warning {{Out of bound access to memory around the heap area}}
91-
clang_analyzer_value(len); // expected-warning {{32s:{ [5, 2147483647] }}}
90+
p[len] = 1; // no-warning
91+
clang_analyzer_value(len); // expected-warning {{{ [0, 4] }}}
9292
free(p);
9393
}
9494

9595
void dyn_int_minus_one(int len) {
9696
char *p = malloc(5);
97-
p[len - 1] = 1; // expected-warning {{Out of bound access to memory around the heap area}}
98-
clang_analyzer_value(len); // expected-warning {{32s:{ [6, 2147483647] }}}
97+
p[len - 1] = 1; // no-warning
98+
clang_analyzer_value(len); // expected-warning {{{ [1, 5] }}}
9999
free(p);
100100
}
101101

102102
void dyn_unsigned_plus_one(unsigned len) {
103103
char *p = malloc(5);
104-
p[len + 1] = 1; // expected-warning {{Out of bound access to memory after the end of the heap area}}
105-
clang_analyzer_value(len); // expected-warning {{32u:{ [4, 4294967295] }}}
104+
p[len + 1] = 1; // no-warning
105+
clang_analyzer_value(len); // expected-warning {{{ [0, 3] }}}
106106
free(p);
107107
}
108108

109109
void dyn_unsigned_neutral(unsigned len) {
110110
char *p = malloc(5);
111-
p[len] = 1; // expected-warning {{Out of bound access to memory after the end of the heap area}}
112-
clang_analyzer_value(len); // expected-warning {{32u:{ [5, 4294967295] }}}
111+
p[len] = 1; // no-warning
112+
clang_analyzer_value(len); // expected-warning {{{ [0, 4] }}}
113113
free(p);
114114
}
115115

116116
void dyn_unsigned_minus_one(unsigned len) {
117117
char *p = malloc(5);
118-
p[len - 1] = 1; // expected-warning {{Out of bound access to memory after the end of the heap area}}
119-
clang_analyzer_value(len); // expected-warning {{32u:{ [6, 4294967295] }}}
118+
p[len - 1] = 1; // no-warning
119+
clang_analyzer_value(len); // expected-warning {{{ [1, 5] }}}
120120
free(p);
121121
}
122122

123123
void dyn_ll_plus_one(long long len) {
124124
char *p = malloc(5);
125-
p[len + 1] = 1; // expected-warning {{Out of bound access to memory around the heap area}}
126-
clang_analyzer_value(len); // expected-warning {{64s:{ [4, 9223372036854775807] }}}
125+
p[len + 1] = 1; // no-warning
126+
clang_analyzer_value(len); // expected-warning {{{ [-1, 3] }}}
127127
free(p);
128128
}
129129

130130
void dyn_ll_neutral(long long len) {
131131
char *p = malloc(5);
132-
p[len] = 1; // expected-warning {{Out of bound access to memory around the heap area}}
133-
clang_analyzer_value(len); // expected-warning {{64s:{ [5, 9223372036854775807] }}}
132+
p[len] = 1; // no-warning
133+
clang_analyzer_value(len); // expected-warning {{{ [0, 4] }}}
134134
free(p);
135135
}
136136

137137
void dyn_ll_minus_one(long long len) {
138138
char *p = malloc(5);
139-
p[len - 1] = 1; // expected-warning {{Out of bound access to memory around the heap area}}
140-
clang_analyzer_value(len); // expected-warning {{64s:{ [-9223372036854775808, -9223372036854775808], [6, 9223372036854775807] }}}
139+
p[len - 1] = 1; // no-warning
140+
clang_analyzer_value(len); // expected-warning {{{ [1, 5] }}}
141141
free(p);
142142
}
143143

144144
void dyn_ull_plus_one(unsigned long long len) {
145145
char *p = malloc(5);
146-
p[len + 1] = 1; // expected-warning {{Out of bound access to memory after the end of the heap area}}
147-
clang_analyzer_value(len); // expected-warning {{64u:{ [4, 18446744073709551615] }}}
146+
p[len + 1] = 1; // no-warning
147+
clang_analyzer_value(len); // expected-warning {{{ [0, 3] }}}
148148
free(p);
149149
}
150150

151151
void dyn_ull_neutral(unsigned long long len) {
152152
char *p = malloc(5);
153-
p[len] = 1; // expected-warning {{Out of bound access to memory after the end of the heap area}}
154-
clang_analyzer_value(len); // expected-warning {{64u:{ [5, 18446744073709551615] }}}
153+
p[len] = 1; // no-warning
154+
clang_analyzer_value(len); // expected-warning {{{ [0, 4] }}}
155155
free(p);
156156
}
157157

158158
void dyn_ull_minus_one(unsigned long long len) {
159159
char *p = malloc(5);
160-
p[len - 1] = 1; // expected-warning {{Out of bound access to memory after the end of the heap area}}
161-
clang_analyzer_value(len); // expected-warning {{64u:{ [6, 9223372036854775808] }}}
160+
p[len - 1] = 1; // no-warning
161+
clang_analyzer_value(len); // expected-warning {{{ [1, 5] }}}
162162
free(p);
163163
}

0 commit comments

Comments
 (0)