// RUN: %clang_cc1 -analyze -analyzer-checker=core,alpha.core.CastToStruct -analyzer-store=region -analyzer-constraints=range -verify %s
struct s {
int data;
int data_array[10];
};
typedef struct {
int data;
} STYPE;
void g(char *p);
void g1(struct s* p);
// Array to pointer conversion. Array in the struct field.
void f(void) {
int a[10];
int (*p)[10];
p = &a;
(*p)[3] = 1;
struct s d;
struct s *q;
q = &d;
q->data = 3;
d.data_array[9] = 17;
}
// StringLiteral in lvalue context and pointer to array type.
// p: ElementRegion, q: StringRegion
void f2() {
char *p = "/usr/local";
char (*q)[4];
q = &"abc";
}
// Typedef'ed struct definition.
void f3() {
STYPE s;
}
// Initialize array with InitExprList.
void f4() {
int a[] = { 1, 2, 3};
int b[3] = { 1, 2 };
struct s c[] = {{1,{1}}};
}
// Struct variable in lvalue context.
// Assign UnknownVal to the whole struct.
void f5() {
struct s data;
g1(&data);
}
// AllocaRegion test.
void f6() {
char *p;
p = __builtin_alloca(10);
g(p);
char c = *p;
p[1] = 'a';
// Test if RegionStore::EvalBinOp converts the alloca region to element
// region.
p += 2;
}
struct s2;
void g2(struct s2 *p);
// Incomplete struct pointer used as function argument.
void f7() {
struct s2 *p = __builtin_alloca(10);
g2(p);
}
// sizeof() is unsigned while -1 is signed in array index.
void f8() {
int a[10];
a[sizeof(a)/sizeof(int) - 1] = 1; // no-warning
}
// Initialization of struct array elements.
void f9() {
struct s a[10];
}
// Initializing array with string literal.
void f10() {
char a1[4] = "abc";
char a3[6] = "abc";
}
// Retrieve the default value of element/field region.
void f11() {
struct s a;
g1(&a);
if (a.data == 0) // no-warning
a.data = 1;
}
// Convert unsigned offset to signed when creating ElementRegion from
// SymbolicRegion.
void f12(int *list) {
unsigned i = 0;
list[i] = 1;
}
struct s1 {
struct s2 {
int d;
} e;
};
// The binding of a.e.d should not be removed. Test recursive subregion map
// building: a->e, e->d. Only then 'a' could be added to live region roots.
void f13(double timeout) {
struct s1 a;
a.e.d = (int) timeout;
if (a.e.d == 10)
a.e.d = 4;
}
struct s3 {
int a[2];
};
static struct s3 opt;
// Test if the embedded array is retrieved correctly.
void f14() {
struct s3 my_opt = opt;
}
void bar(int*);
// Test if the array is correctly invalidated.
void f15() {
int a[10];
bar(a);
if (a[1]) // no-warning
(void)1;
}
struct s3 p[1];
// Code from postgresql.
// Current cast logic of region store mistakenly leaves the final result region
// an ElementRegion of type 'char'. Then load a nonloc::SymbolVal from it and
// assigns to 'a'.
void f16(struct s3 *p) {
struct s3 a = *((struct s3*) ((char*) &p[0])); // expected-warning{{Casting a non-structure type to a structure type and accessing a field can lead to memory access errors or data corruption}}
}
void inv(struct s1 *);
// Invalidate the struct field.
void f17() {
struct s1 t;
int x;
inv(&t);
if (t.e.d)
x = 1;
}
void read(char*);
void f18() {
char *q;
char *p = (char *) __builtin_alloca(10);
read(p);
q = p;
q++;
if (*q) { // no-warning
}
}
// [PR13927] offsetof replacement macro flagged as "dereference of a null pointer"
int offset_of_data_array(void)
{
return ((char *)&(((struct s*)0)->data_array)) - ((char *)0); // no-warning
}