Home | History | Annotate | Download | only in Analysis 
      1 // RUN: %clang_cc1 -w -analyze -analyzer-eagerly-assume -fcxx-exceptions -analyzer-checker=core -analyzer-checker=alpha.core.PointerArithm,alpha.core.CastToStruct -analyzer-max-loop 64 -verify %s
      2 // RUN: %clang_cc1 -w -analyze -analyzer-checker=core -analyzer-checker=cplusplus -fcxx-exceptions -analyzer-checker alpha.core.PointerArithm,alpha.core.CastToStruct -analyzer-max-loop 63 -verify %s
      3 
      4 // These tests used to hit an assertion in the bug report. Test case from http://llvm.org/PR24184.
      5 typedef struct {
      6   int cbData;
      7   unsigned pbData;
      8 } CRYPT_DATA_BLOB;
      9 
     10 typedef enum { DT_NONCE_FIXED } DATA_TYPE;
     11 int a;
     12 typedef int *vcreate_t(int *, DATA_TYPE, int, int);
     13 void fn1(unsigned, unsigned) {
     14   char b = 0;
     15   for (; 1; a++, &b + a * 0)
     16     ;
     17 }
     18 
     19 vcreate_t fn2;
     20 struct A {
     21   CRYPT_DATA_BLOB value;
     22   int m_fn1() {
     23     int c;
     24     value.pbData == 0;
     25     fn1(0, 0);
     26   }
     27 };
     28 struct B {
     29   A IkeHashAlg;
     30   A IkeGType;
     31   A NoncePhase1_r;
     32 };
     33 class C {
     34   int m_fn2(B *);
     35   void m_fn3(B *, int, int, int);
     36 };
     37 int C::m_fn2(B *p1) {
     38   int *d;
     39   int e = p1->IkeHashAlg.m_fn1();
     40   unsigned f = p1->IkeGType.m_fn1(), h;
     41   int g;
     42   d = fn2(0, DT_NONCE_FIXED, (char)0, p1->NoncePhase1_r.value.cbData);
     43   h = 0 | 0;
     44   m_fn3(p1, 0, 0, 0);
     45 }
     46 
     47 // case 2:
     48 typedef struct {
     49   int cbData;
     50   unsigned char *pbData;
     51 } CRYPT_DATA_BLOB_1;
     52 typedef unsigned uint32_t;
     53 void fn1_1(void *p1, const void *p2) { p1 != p2; }
     54 
     55 void fn2_1(uint32_t *p1, unsigned char *p2, uint32_t p3) {
     56   unsigned i = 0;
     57   for (0; i < p3; i++)
     58     fn1_1(p1 + i, p2 + i * 0);
     59 }
     60 
     61 struct A_1 {
     62   CRYPT_DATA_BLOB_1 value;
     63   uint32_t m_fn1() {
     64     uint32_t a;
     65     if (value.pbData)
     66       fn2_1(&a, value.pbData, value.cbData);
     67     return 0;
     68   }
     69 };
     70 struct {
     71   A_1 HashAlgId;
     72 } *b;
     73 void fn3() {
     74   uint32_t c, d;
     75   d = b->HashAlgId.m_fn1();
     76   d << 0 | 0 | 0;
     77   c = 0;
     78   0 | 1 << 0 | 0 && b;
     79 }
     80 
     81 // case 3:
     82 struct ST {
     83   char c;
     84 };
     85 char *p;
     86 int foo1(ST);
     87 int foo2() {
     88   ST *p1 = (ST *)(p);      // expected-warning{{Casting a non-structure type to a structure type and accessing a field can lead to memory access errors or data corruption}}
     89   while (p1->c & 0x0F || p1->c & 0x07)
     90     p1 = p1 + foo1(*p1);
     91 }
     92 
     93 int foo3(int *node) {
     94   int i = foo2();
     95   if (i)
     96     return foo2();
     97 }
     98