Skip to content

[NFC][analyzer] OOB test consolidation I: no-outofbounds.c #126539

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Feb 11, 2025
Merged

[NFC][analyzer] OOB test consolidation I: no-outofbounds.c #126539

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 0 additions & 32 deletions clang/test/Analysis/no-outofbounds.c
View file
Open in desktop

This file was deleted.

29 changes: 28 additions & 1 deletion clang/test/Analysis/out-of-bounds-diagnostics.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -231,7 +231,16 @@ int arrayOfStructsArrow(void) {
// expected-note@-2 {{Access of 'itemArray' at index 35, while it holds only 20 'struct item' elements}}
}

char convertedScalar(long long var) {
char *p = ((char*)&var);
(void) p[3]; // no-warning
return p[13];
// expected-warning@-1 {{Out of bound access to memory after the end of 'var'}}
// expected-note@-2 {{Access of 'var' at index 13, while it holds only 8 'char' elements}}
}

short convertedArray(void) {
(void) ((short*)TenElements)[17]; // no-warning
return ((short*)TenElements)[47];
// expected-warning@-1 {{Out of bound access to memory after the end of 'TenElements'}}
// expected-note@-2 {{Access of 'TenElements' at index 47, while it holds only 20 'short' elements}}
Expand Down Expand Up @@ -268,23 +277,41 @@ int intFromStringDivisible(void) {

typedef __typeof(sizeof(int)) size_t;
void *malloc(size_t size);
void free(void *mem);

int *mallocRegion(void) {
int *mem = (int*)malloc(2*sizeof(int));

mem[1] = 48; // no-warning

mem[3] = -2;
// expected-warning@-1 {{Out of bound access to memory after the end of the heap area}}
// expected-note@-2 {{Access of the heap area at index 3, while it holds only 2 'int' elements}}
return mem;
}

typedef struct { size_t len; int data[0]; } vec_t;

void mallocFlexibleArray(void) {
vec_t *v = malloc(sizeof(vec_t) + 10 * sizeof(int));
v->len = 10;
v->data[1] = 5; // no-warning
v->data[11] = 99;
// TODO: Here ideally we would expect
// {{Out of bound access to memory after the end of the heap area}}
// {{Access of the heap area at index 11, while it holds only 10 'int' elements}}
// but the analyzer cannot (yet) deduce the size of the flexible array member
// from the size of the whole allocated area.
free(v);
}

int *custom_calloc(size_t a, size_t b) {
size_t res;

return __builtin_mul_overflow(a, b, &res) ? 0 : malloc(res);
}

int *mallocRegionOverflow(void) {
int *mallocMulOverflow(void) {
int *mem = (int*)custom_calloc(10, sizeof(int));

mem[20] = 10;
Expand Down
2 changes: 1 addition & 1 deletion clang/test/Analysis/out-of-bounds.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,7 @@ void test_assume_after_access(unsigned long x) {
int *get_symbolic(void);
void test_underflow_symbolic(void) {
int *buf = get_symbolic();
buf[-1] = 0; // no-warning;
buf[-1] = 0; // no-warning
}

// But warn if we understand the internal memory layout of a symbolic region.
Expand Down