-
Notifications
You must be signed in to change notification settings - Fork 15.4k
[NFC][analyzer] OOB test consolidation II: constraint checking #126748
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
NagyDonat
merged 4 commits into
llvm:main
from
Ericsson:consolidate-oob-constraint-check
Feb 12, 2025
Merged
Changes from all commits
Commits
Show all changes
4 commits
Select commit
Hold shift + click to select a range
df63943
[NFC][analyzer] OOB test consolidation II: constraint checking
NagyDonat 39253b4
Use extern to declare an array
NagyDonat 0f1d733
Don't delete '-Wno-array-bounds'
NagyDonat 16423d5
Don't match the type from clang_analyzer_value calls
NagyDonat File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,112 +1,163 @@ | ||
| // RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.Malloc,security.ArrayBound,debug.ExprInspection \ | ||
| // RUN: -analyzer-config eagerly-assume=false -verify %s | ||
|
|
||
| void clang_analyzer_eval(int); | ||
| void clang_analyzer_printState(void); | ||
|
|
||
| typedef typeof(sizeof(int)) size_t; | ||
| const char a[] = "abcd"; // extent: 5 bytes | ||
|
|
||
| void symbolic_size_t_and_int0(size_t len) { | ||
| (void)a[len + 1]; // no-warning | ||
| // We infered that the 'len' must be in a specific range to make the previous indexing valid. | ||
| // len: [0,3] | ||
| clang_analyzer_eval(len <= 3); // expected-warning {{TRUE}} | ||
| clang_analyzer_eval(len <= 2); // expected-warning {{UNKNOWN}} | ||
| } | ||
|
|
||
| void symbolic_size_t_and_int1(size_t len) { | ||
| (void)a[len]; // no-warning | ||
| // len: [0,4] | ||
| clang_analyzer_eval(len <= 4); // expected-warning {{TRUE}} | ||
| clang_analyzer_eval(len <= 3); // expected-warning {{UNKNOWN}} | ||
| } | ||
|
|
||
| void symbolic_size_t_and_int2(size_t len) { | ||
| (void)a[len - 1]; // no-warning | ||
| // len: [1,5] | ||
| clang_analyzer_eval(1 <= len && len <= 5); // expected-warning {{TRUE}} | ||
| clang_analyzer_eval(2 <= len); // expected-warning {{UNKNOWN}} | ||
| clang_analyzer_eval(len <= 4); // expected-warning {{UNKNOWN}} | ||
| } | ||
|
|
||
| void symbolic_uint_and_int0(unsigned len) { | ||
| (void)a[len + 1]; // no-warning | ||
| // len: [0,3] | ||
| clang_analyzer_eval(0 <= len && len <= 3); // expected-warning {{TRUE}} | ||
| clang_analyzer_eval(1 <= len); // expected-warning {{UNKNOWN}} | ||
| clang_analyzer_eval(len <= 2); // expected-warning {{UNKNOWN}} | ||
| } | ||
|
|
||
| void symbolic_uint_and_int1(unsigned len) { | ||
| (void)a[len]; // no-warning | ||
| // len: [0,4] | ||
| clang_analyzer_eval(0 <= len && len <= 4); // expected-warning {{TRUE}} | ||
| clang_analyzer_eval(1 <= len); // expected-warning {{UNKNOWN}} | ||
| clang_analyzer_eval(len <= 3); // expected-warning {{UNKNOWN}} | ||
| } | ||
| void symbolic_uint_and_int2(unsigned len) { | ||
| (void)a[len - 1]; // no-warning | ||
| // len: [1,5] | ||
| clang_analyzer_eval(1 <= len && len <= 5); // expected-warning {{TRUE}} | ||
| clang_analyzer_eval(2 <= len); // expected-warning {{UNKNOWN}} | ||
| clang_analyzer_eval(len <= 4); // expected-warning {{UNKNOWN}} | ||
| } | ||
|
|
||
| void symbolic_int_and_int0(int len) { | ||
| (void)a[len + 1]; // no-warning | ||
| // len: [-1,3] | ||
| clang_analyzer_eval(-1 <= len && len <= 3); // expected-warning {{TRUE}} | ||
| clang_analyzer_eval(0 <= len); // expected-warning {{UNKNOWN}} | ||
| clang_analyzer_eval(len <= 2); // expected-warning {{UNKNOWN}} | ||
| } | ||
| void symbolic_int_and_int1(int len) { | ||
| (void)a[len]; // no-warning | ||
| // len: [0,4] | ||
| clang_analyzer_eval(0 <= len && len <= 4); // expected-warning {{TRUE}} | ||
| clang_analyzer_eval(1 <= len); // expected-warning {{UNKNOWN}} | ||
| clang_analyzer_eval(len <= 3); // expected-warning {{UNKNOWN}} | ||
| } | ||
| void symbolic_int_and_int2(int len) { | ||
| (void)a[len - 1]; // no-warning | ||
| // len: [1,5] | ||
| clang_analyzer_eval(1 <= len && len <= 5); // expected-warning {{TRUE}} | ||
| clang_analyzer_eval(2 <= len); // expected-warning {{UNKNOWN}} | ||
| clang_analyzer_eval(len <= 4); // expected-warning {{UNKNOWN}} | ||
| } | ||
|
|
||
| void symbolic_longlong_and_int0(long long len) { | ||
| (void)a[len + 1]; // no-warning | ||
| // len: [-1,3] | ||
| clang_analyzer_eval(-1 <= len && len <= 3); // expected-warning {{TRUE}} | ||
| clang_analyzer_eval(0 <= len); // expected-warning {{UNKNOWN}} | ||
| clang_analyzer_eval(len <= 2); // expected-warning {{UNKNOWN}} | ||
| // When the checker security.ArrayBound encounters an array subscript operation | ||
| // that _may be_ in bounds, it assumes that indexing _is_ in bound. This test | ||
| // file validates these assumptions. | ||
|
|
||
| void clang_analyzer_value(int); | ||
|
|
||
| // Simple case: memory area with a static extent. | ||
|
|
||
| extern int FiveInts[5]; | ||
|
|
||
| void int_plus_one(int len) { | ||
| (void)FiveInts[len + 1]; // no-warning | ||
| clang_analyzer_value(len); // expected-warning {{{ [-1, 3] }}} | ||
| } | ||
|
|
||
| void int_neutral(int len) { | ||
| (void)FiveInts[len]; // no-warning | ||
| clang_analyzer_value(len); // expected-warning {{{ [0, 4] }}} | ||
| } | ||
|
|
||
| void int_minus_one(int len) { | ||
| (void)FiveInts[len - 1]; // no-warning | ||
| clang_analyzer_value(len); // expected-warning {{{ [1, 5] }}} | ||
| } | ||
|
|
||
| void unsigned_plus_one(unsigned len) { | ||
| (void)FiveInts[len + 1]; // no-warning | ||
| clang_analyzer_value(len); // expected-warning {{{ [0, 3] }}} | ||
| } | ||
|
|
||
| void unsigned_neutral(unsigned len) { | ||
| (void)FiveInts[len]; // no-warning | ||
| clang_analyzer_value(len); // expected-warning {{{ [0, 4] }}} | ||
| } | ||
|
|
||
| void unsigned_minus_one(unsigned len) { | ||
| (void)FiveInts[len - 1]; // no-warning | ||
| clang_analyzer_value(len); // expected-warning {{{ [1, 5] }}} | ||
| } | ||
|
|
||
| void ll_plus_one(long long len) { | ||
| (void)FiveInts[len + 1]; // no-warning | ||
| clang_analyzer_value(len); // expected-warning {{{ [-1, 3] }}} | ||
| } | ||
|
|
||
| void ll_neutral(long long len) { | ||
| (void)FiveInts[len]; // no-warning | ||
| clang_analyzer_value(len); // expected-warning {{{ [0, 4] }}} | ||
| } | ||
|
|
||
| void ll_minus_one(long long len) { | ||
| (void)FiveInts[len - 1]; // no-warning | ||
| clang_analyzer_value(len); // expected-warning {{{ [1, 5] }}} | ||
| } | ||
|
|
||
| void ull_plus_one(unsigned long long len) { | ||
| (void)FiveInts[len + 1]; // no-warning | ||
| clang_analyzer_value(len); // expected-warning {{{ [0, 3] }}} | ||
| } | ||
|
|
||
| void ull_neutral(unsigned long long len) { | ||
| (void)FiveInts[len]; // no-warning | ||
| clang_analyzer_value(len); // expected-warning {{{ [0, 4] }}} | ||
| } | ||
|
|
||
| void ull_minus_one(unsigned long long len) { | ||
| (void)FiveInts[len - 1]; // no-warning | ||
| clang_analyzer_value(len); // expected-warning {{{ [1, 5] }}} | ||
| } | ||
|
|
||
| // Also try the same with a dynamically allocated memory block, because in the | ||
| // past there were issues with the type/signedness of dynamic extent symbols. | ||
|
|
||
| typedef __typeof(sizeof(int)) size_t; | ||
| void *malloc(size_t); | ||
| void free(void *); | ||
| void symbolic_longlong_and_int0_dynamic_extent(long long len) { | ||
| char *b = malloc(5); | ||
| (void)b[len + 1]; // no-warning | ||
| // len: [-1,3] | ||
| clang_analyzer_eval(-1 <= len && len <= 3); // expected-warning {{TRUE}} | ||
| clang_analyzer_eval(0 <= len); // expected-warning {{UNKNOWN}} | ||
| clang_analyzer_eval(len <= 2); // expected-warning {{UNKNOWN}} | ||
| free(b); | ||
| } | ||
|
|
||
| void symbolic_longlong_and_int1(long long len) { | ||
| (void)a[len]; // no-warning | ||
| // len: [0,4] | ||
| clang_analyzer_eval(0 <= len && len <= 4); // expected-warning {{TRUE}} | ||
| clang_analyzer_eval(1 <= len); // expected-warning {{UNKNOWN}} | ||
| clang_analyzer_eval(len <= 3); // expected-warning {{UNKNOWN}} | ||
| } | ||
|
|
||
| void symbolic_longlong_and_int2(long long len) { | ||
| (void)a[len - 1]; // no-warning | ||
| // len: [1,5] | ||
| clang_analyzer_eval(1 <= len && len <= 5); // expected-warning {{TRUE}} | ||
| clang_analyzer_eval(2 <= len); // expected-warning {{UNKNOWN}} | ||
| clang_analyzer_eval(len <= 4); // expected-warning {{UNKNOWN}} | ||
|
|
||
| void dyn_int_plus_one(int len) { | ||
| char *p = malloc(5); | ||
| p[len + 1] = 1; // no-warning | ||
| clang_analyzer_value(len); // expected-warning {{{ [-1, 3] }}} | ||
| free(p); | ||
| } | ||
|
|
||
| void dyn_int_neutral(int len) { | ||
| char *p = malloc(5); | ||
| p[len] = 1; // no-warning | ||
| clang_analyzer_value(len); // expected-warning {{{ [0, 4] }}} | ||
| free(p); | ||
| } | ||
|
|
||
| void dyn_int_minus_one(int len) { | ||
| char *p = malloc(5); | ||
| p[len - 1] = 1; // no-warning | ||
| clang_analyzer_value(len); // expected-warning {{{ [1, 5] }}} | ||
| free(p); | ||
| } | ||
|
|
||
| void dyn_unsigned_plus_one(unsigned len) { | ||
| char *p = malloc(5); | ||
| p[len + 1] = 1; // no-warning | ||
| clang_analyzer_value(len); // expected-warning {{{ [0, 3] }}} | ||
| free(p); | ||
| } | ||
|
|
||
| void dyn_unsigned_neutral(unsigned len) { | ||
| char *p = malloc(5); | ||
| p[len] = 1; // no-warning | ||
| clang_analyzer_value(len); // expected-warning {{{ [0, 4] }}} | ||
| free(p); | ||
| } | ||
|
|
||
| void dyn_unsigned_minus_one(unsigned len) { | ||
| char *p = malloc(5); | ||
| p[len - 1] = 1; // no-warning | ||
| clang_analyzer_value(len); // expected-warning {{{ [1, 5] }}} | ||
| free(p); | ||
| } | ||
|
|
||
| void dyn_ll_plus_one(long long len) { | ||
| char *p = malloc(5); | ||
| p[len + 1] = 1; // no-warning | ||
| clang_analyzer_value(len); // expected-warning {{{ [-1, 3] }}} | ||
| free(p); | ||
| } | ||
|
|
||
| void dyn_ll_neutral(long long len) { | ||
| char *p = malloc(5); | ||
| p[len] = 1; // no-warning | ||
| clang_analyzer_value(len); // expected-warning {{{ [0, 4] }}} | ||
| free(p); | ||
| } | ||
|
|
||
| void dyn_ll_minus_one(long long len) { | ||
| char *p = malloc(5); | ||
| p[len - 1] = 1; // no-warning | ||
| clang_analyzer_value(len); // expected-warning {{{ [1, 5] }}} | ||
| free(p); | ||
| } | ||
|
|
||
| void dyn_ull_plus_one(unsigned long long len) { | ||
| char *p = malloc(5); | ||
| p[len + 1] = 1; // no-warning | ||
| clang_analyzer_value(len); // expected-warning {{{ [0, 3] }}} | ||
| free(p); | ||
| } | ||
|
|
||
| void dyn_ull_neutral(unsigned long long len) { | ||
| char *p = malloc(5); | ||
| p[len] = 1; // no-warning | ||
| clang_analyzer_value(len); // expected-warning {{{ [0, 4] }}} | ||
| free(p); | ||
| } | ||
|
|
||
| void dyn_ull_minus_one(unsigned long long len) { | ||
| char *p = malloc(5); | ||
| p[len - 1] = 1; // no-warning | ||
| clang_analyzer_value(len); // expected-warning {{{ [1, 5] }}} | ||
| free(p); | ||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.