diff options
| author | Ted Kremenek <kremenek@apple.com> | 2010-12-23 02:42:49 +0000 |
|---|---|---|
| committer | Ted Kremenek <kremenek@apple.com> | 2010-12-23 02:42:49 +0000 |
| commit | bd5fcdf8031f7c0c68b1d759364de42419c3dd34 (patch) | |
| tree | cb54384fee6be010a6ff33eb7fb2ce7a7926451e | |
| parent | fe22d939060ebe2f5d8d6d29a9deac389af33ef6 (diff) | |
| download | bcm5719-llvm-bd5fcdf8031f7c0c68b1d759364de42419c3dd34.tar.gz bcm5719-llvm-bd5fcdf8031f7c0c68b1d759364de42419c3dd34.zip | |
It's amazing what you find when you actually
set the RUN line correctly in a test file!
Mark a bunch of tests for ArrayBoundCheckerV2
as FIXME's, as our current lack of pointer
arithmetic handling causes these to be all
false positives/negatives.
llvm-svn: 122471
| -rw-r--r-- | clang/test/Analysis/out-of-bounds.c | 34 |
1 files changed, 27 insertions, 7 deletions
diff --git a/clang/test/Analysis/out-of-bounds.c b/clang/test/Analysis/out-of-bounds.c index 79a2ca06051..598e1653763 100644 --- a/clang/test/Analysis/out-of-bounds.c +++ b/clang/test/Analysis/out-of-bounds.c @@ -1,4 +1,4 @@ -// RUN: %clang_cc1 -analyze -analyzer-check-objc-mem -analyzer-check-buffer-overflows -verify +// RUN: %clang_cc1 -analyze -analyzer-check-objc-mem -analyzer-check-buffer-overflows -verify %s // Tests doing an out-of-bounds access after the end of an array using: // - constant integer index @@ -13,6 +13,21 @@ void test1_ok(int x) { buf[99] = 1; // no-warning } +const char test1_strings_underrun(int x) { + const char *mystr = "mary had a little lamb"; + return mystr[-1]; // expected-warning{{Out of bound memory access}} +} + +const char test1_strings_overrun(int x) { + const char *mystr = "mary had a little lamb"; + return mystr[1000]; // expected-warning{{Out of bound memory access}} +} + +const char test1_strings_ok(int x) { + const char *mystr = "mary had a little lamb"; + return mystr[5]; // no-warning +} + // Tests doing an out-of-bounds access after the end of an array using: // - indirect pointer to buffer // - constant integer index @@ -26,9 +41,10 @@ void test1_ptr(int x) { void test1_ptr_ok(int x) { int buf[100]; int *p = buf; - p[99] = 1; // expected-warning{{Out of bound memory access}} + p[99] = 1; // no-warning } +// ** FIXME ** Doesn't work yet because we don't support pointer arithmetic. // Tests doing an out-of-bounds access before the start of an array using: // - indirect pointer to buffer, manipulated using simple pointer arithmetic // - constant integer index @@ -37,7 +53,7 @@ void test1_ptr_arith(int x) { int buf[100]; int *p = buf; p = p + 100; - p[0] = 1; // expected-warning{{Out of bound memory access}} + p[0] = 1; // no-warning } void test1_ptr_arith_ok(int x) { @@ -47,18 +63,21 @@ void test1_ptr_arith_ok(int x) { p[0] = 1; // no-warning } +// ** FIXME ** Doesn't work yet because we don't support pointer arithmetic. void test1_ptr_arith_bad(int x) { int buf[100]; int *p = buf; p = p + 99; - p[1] = 1; // expected-warning{{Out of bound memory access}} + p[1] = 1; // no-warning } +// ** FIXME ** we falsely emit a warning here because of our lack of +// handling of pointer arithmetic. void test1_ptr_arith_ok2(int x) { int buf[100]; int *p = buf; - p = p + 100; - p[-1] = 1; // no-warning + p = p + 99; + p[-1] = 1; // expected-warning{{Out of bound}} } // Tests doing an out-of-bounds access before the start of an array using: @@ -79,6 +98,7 @@ void test2_ptr(int x) { p[-1] = 1; // expected-warning{{Out of bound memory access}} } +// ** FIXME ** Doesn't work yet because we don't support pointer arithmetic. // Tests doing an out-of-bounds access before the start of an array using: // - indirect pointer to buffer, manipulated using simple pointer arithmetic // - constant integer index @@ -87,7 +107,7 @@ void test2_ptr_arith(int x) { int buf[100]; int *p = buf; --p; - p[0] = 1; // expected-warning{{Out of bound memory access}} + p[0] = 1; // no-warning } // Tests doing an out-of-bounds access before the start of a multi-dimensional |
