llvm-project/clang/test/Analysis/casts.c

// RUN: %clang_analyze_cc1 -triple x86_64-apple-darwin9 -analyzer-checker=core,alpha.core,debug.ExprInspection -analyzer-store=region -verify -analyzer-config eagerly-assume=false %s
// RUN: %clang_analyze_cc1 -triple i386-apple-darwin9 -analyzer-checker=core,alpha.core,debug.ExprInspection -analyzer-store=region -verify -analyzer-config eagerly-assume=false %s
// RUN: %clang_analyze_cc1 -triple x86_64-apple-darwin9 -analyzer-checker=core,alpha.core,debug.ExprInspection -verify -DEAGERLY_ASSUME=1 -w %s
// RUN: %clang_analyze_cc1 -triple i386-apple-darwin9 -analyzer-checker=core,alpha.core,debug.ExprInspection -verify -DEAGERLY_ASSUME=1 -DBIT32=1 -w %s

extern void clang_analyzer_eval(_Bool);

// Test if the 'storage' region gets properly initialized after it is cast to
// 'struct sockaddr *'. 

typedef unsigned char __uint8_t;
typedef unsigned int __uint32_t;
typedef __uint32_t __darwin_socklen_t;
typedef __uint8_t sa_family_t;
typedef __darwin_socklen_t socklen_t;
struct sockaddr { sa_family_t sa_family; };
struct sockaddr_storage {};

void getsockname();

#ifndef EAGERLY_ASSUME

void f(int sock) {
  struct sockaddr_storage storage;
  struct sockaddr* sockaddr = (struct sockaddr*)&storage; // expected-warning{{Casting data to a larger structure type and accessing a field can lead to memory access errors or data corruption}}
  socklen_t addrlen = sizeof(storage);
  getsockname(sock, sockaddr, &addrlen);
  switch (sockaddr->sa_family) { // no-warning
  default:
    ;
  }
}

struct s {
  struct s *value;
};

void f1(struct s **pval) {
  int *tbool = ((void*)0);
  struct s *t = *pval;
  pval = &(t->value);
  tbool = (int *)pval; // use the cast-to type 'int *' to create element region.
  char c = (unsigned char) *tbool; // Should use cast-to type to create symbol.
  if (*tbool == -1) // here load the element region with the correct type 'int'
    (void)3;
}

void f2(const char *str) {
 unsigned char ch, cl, *p;

 p = (unsigned char *)str;
 ch = *p++; // use cast-to type 'unsigned char' to create element region.
 cl = *p++;
 if(!cl)
    cl = 'a';
}

// Test cast VariableSizeArray to pointer does not crash.
void *memcpy(void *, void const *, unsigned long);
typedef unsigned char Byte;
void doit(char *data, int len) {
    if (len) {
        Byte buf[len];
        memcpy(buf, data, len);
    }
}

// PR 6013 and 6035 - Test that a cast of a pointer to long and then to int does not crash SValuator.
void pr6013_6035_test(void *p) {
  unsigned int foo;
  foo = ((long)(p));
  (void) foo;
}

// PR12511 and radar://11215362 - Test that we support SymCastExpr, which represents symbolic int to float cast.
char ttt(int intSeconds) {
  double seconds = intSeconds;
  if (seconds)
    return 0;
  return 0;
}

int foo (int* p) {
  int y = 0;
  if (p == 0) {
    if ((*((void**)&p)) == (void*)0) // Test that the cast to void preserves the symbolic region.
      return 0;
    else
      return 5/y; // This code should be unreachable: no-warning.
  }
  return 0;
}

void castsToBool() {
  clang_analyzer_eval(0); // expected-warning{{FALSE}}
  clang_analyzer_eval(0U); // expected-warning{{FALSE}}
  clang_analyzer_eval((void *)0); // expected-warning{{FALSE}}

  clang_analyzer_eval(1); // expected-warning{{TRUE}}
  clang_analyzer_eval(1U); // expected-warning{{TRUE}}
  clang_analyzer_eval(-1); // expected-warning{{TRUE}}
  clang_analyzer_eval(0x100); // expected-warning{{TRUE}}
  clang_analyzer_eval(0x100U); // expected-warning{{TRUE}}
  clang_analyzer_eval((void *)0x100); // expected-warning{{TRUE}}

  extern int symbolicInt;
  clang_analyzer_eval(symbolicInt); // expected-warning{{UNKNOWN}}
  if (symbolicInt)
    clang_analyzer_eval(symbolicInt); // expected-warning{{TRUE}}

  extern void *symbolicPointer;
  clang_analyzer_eval(symbolicPointer); // expected-warning{{UNKNOWN}}
  if (symbolicPointer)
    clang_analyzer_eval(symbolicPointer); // expected-warning{{TRUE}}

  int localInt;
  int* ptr = &localInt;
  clang_analyzer_eval(ptr); // expected-warning{{TRUE}}
  clang_analyzer_eval(&castsToBool); // expected-warning{{TRUE}}
  clang_analyzer_eval("abc"); // expected-warning{{TRUE}}

  extern float globalFloat;
  clang_analyzer_eval(globalFloat); // expected-warning{{UNKNOWN}}
}

void locAsIntegerCasts(void *p) {
  int x = (int) p;
  clang_analyzer_eval(++x < 10); // no-crash // expected-warning{{UNKNOWN}}
}

void multiDimensionalArrayPointerCasts() {
  static int x[10][10];
  int *y1 = &(x[3][5]);
  char *z = ((char *) y1) + 2;
  int *y2 = (int *)(z - 2);
  int *y3 = ((int *)x) + 35; // This is offset for [3][5].

  clang_analyzer_eval(y1 == y2); // expected-warning{{TRUE}}

  // FIXME: should be FALSE (i.e. equal pointers).
  clang_analyzer_eval(y1 - y2); // expected-warning{{UNKNOWN}}
  // FIXME: should be TRUE (i.e. same symbol).
  clang_analyzer_eval(*y1 == *y2); // expected-warning{{UNKNOWN}}

  clang_analyzer_eval(*((char *)y1) == *((char *) y2)); // expected-warning{{TRUE}}

  clang_analyzer_eval(y1 == y3); // expected-warning{{TRUE}}

  // FIXME: should be FALSE (i.e. equal pointers).
  clang_analyzer_eval(y1 - y3); // expected-warning{{UNKNOWN}}
  // FIXME: should be TRUE (i.e. same symbol).
  clang_analyzer_eval(*y1 == *y3); // expected-warning{{UNKNOWN}}

  clang_analyzer_eval(*((char *)y1) == *((char *) y3)); // expected-warning{{TRUE}}
}

void *getVoidPtr();

void testCastVoidPtrToIntPtrThroughIntTypedAssignment() {
  int *x;
  (*((int *)(&x))) = (int)getVoidPtr();
  *x = 1; // no-crash
}

void testCastUIntPtrToIntPtrThroughIntTypedAssignment() {
  unsigned u;
  int *x;
  (*((int *)(&x))) = (int)&u;
  *x = 1;
  clang_analyzer_eval(u == 1); // expected-warning{{TRUE}}
}

void testCastVoidPtrToIntPtrThroughUIntTypedAssignment() {
  int *x;
  (*((int *)(&x))) = (int)(unsigned *)getVoidPtr();
  *x = 1; // no-crash
}

void testLocNonLocSymbolAssume(int a, int *b) {
  if ((int)b < a) {} // no-crash
}

void testLocNonLocSymbolRemainder(int a, int *b) {
  int c = ((int)b) % a;
  if (a == 1) {
    c += 1;
  }
}

void testSwitchWithSizeofs() {
  switch (sizeof(char) == 1) { // expected-warning{{switch condition has boolean value}}
  case sizeof(char):; // no-crash
  }
}

#endif

#ifdef EAGERLY_ASSUME

int globalA;
extern int globalFunc();
void no_crash_on_symsym_cast_to_long() {
  char c = globalFunc() - 5;
  c == 0;
  globalA -= c;
  globalA == 3;
  (long)globalA << 48;
  #ifdef BIT32
  // expected-warning@-2{{The result of the left shift is undefined due to shifting by '48', which is greater or equal to the width of type 'long'}}
  #else
  // expected-no-diagnostics
  #endif
}

#endif

char no_crash_SymbolCast_of_float_type_aux(int *p) {
  *p += 1;
  return *p;
}

void no_crash_SymbolCast_of_float_type() {
  extern float x;
  char (*f)() = no_crash_SymbolCast_of_float_type_aux;
  f(&x);
}

double no_crash_reinterpret_double_as_int(double a) {
  *(int *)&a = 1;
  return a * a;
}

double no_crash_reinterpret_double_as_ptr(double a) {
  *(void **)&a = 0;
  return a * a;
}

double no_crash_reinterpret_double_as_sym_int(double a, int b) {
  *(int *)&a = b;
  return a * a;
}

double no_crash_reinterpret_double_as_sym_ptr(double a, void * b) {
  *(void **)&a = b;
  return a * a;
}
[analyzer] Resolve the crash in ReturnUndefChecker By making sure the returned value from getKnownSVal is consistent with the value used inside expression engine. PR38427 Differential Revision: https://reviews.llvm.org/D51252 llvm-svn: 340965 2018-08-30 04:29:59 +08:00			`// RUN: %clang_analyze_cc1 -triple x86_64-apple-darwin9 -analyzer-checker=core,alpha.core,debug.ExprInspection -analyzer-store=region -verify -analyzer-config eagerly-assume=false %s`
			`// RUN: %clang_analyze_cc1 -triple i386-apple-darwin9 -analyzer-checker=core,alpha.core,debug.ExprInspection -analyzer-store=region -verify -analyzer-config eagerly-assume=false %s`
[analyzer] Fix tests on 32-bit platforms by specifying the tuple explicitly llvm-svn: 340972 2018-08-30 05:18:47 +08:00			`// RUN: %clang_analyze_cc1 -triple x86_64-apple-darwin9 -analyzer-checker=core,alpha.core,debug.ExprInspection -verify -DEAGERLY_ASSUME=1 -w %s`
			`// RUN: %clang_analyze_cc1 -triple i386-apple-darwin9 -analyzer-checker=core,alpha.core,debug.ExprInspection -verify -DEAGERLY_ASSUME=1 -DBIT32=1 -w %s`
Re-apply "[analyzer] Model casts to bool differently from other numbers." This doesn't appear to be the cause of the slowdown. I'll have to try a manual bisect to see if there's really anything there, or if it's just the bot itself taking on additional load. Meanwhile, this change helps with correctness. This changes an assertion and adds a test case, then re-applies r180638, which was reverted in r180714. <rdar://problem/13296133> and PR15863 llvm-svn: 180864 2013-05-02 02:19:59 +08:00
			`extern void clang_analyzer_eval(_Bool);`
Add test case. llvm-svn: 70294 2009-04-28 21:52:13 +08:00
Added comments to test case. llvm-svn: 70374 2009-04-29 13:59:48 +08:00			`// Test if the 'storage' region gets properly initialized after it is cast to`
			`// 'struct sockaddr *'.`

Make this test case more portable by removing its dependency on system header files. llvm-svn: 79511 2009-08-20 12:48:23 +08:00			`typedef unsigned char __uint8_t;`
			`typedef unsigned int __uint32_t;`
			`typedef __uint32_t __darwin_socklen_t;`
			`typedef __uint8_t sa_family_t;`
			`typedef __darwin_socklen_t socklen_t;`
			`struct sockaddr { sa_family_t sa_family; };`
			`struct sockaddr_storage {};`
Misc fixes to fix tests on OpenBSD, per email to cfe-commits. Patches by Jonathan Gray and Krister Walfridsson. llvm-svn: 75268 2009-07-11 04:10:06 +08:00
add a bunch of missing prototypes to tests llvm-svn: 93072 2010-01-10 04:43:19 +08:00			`void getsockname();`

[analyzer] Resolve the crash in ReturnUndefChecker By making sure the returned value from getKnownSVal is consistent with the value used inside expression engine. PR38427 Differential Revision: https://reviews.llvm.org/D51252 llvm-svn: 340965 2018-08-30 04:29:59 +08:00			`#ifndef EAGERLY_ASSUME`

Add test case. llvm-svn: 70294 2009-04-28 21:52:13 +08:00			`void f(int sock) {`
			`struct sockaddr_storage storage;`
[analyzer] Improve CastToStruct checker so it can also detect widening casts of struct data Example: struct AB { int A; int B; }; struct ABC { int A; int B; int C; }; void f() { struct AB Data; struct ABC P = (struct ABC )&Data; } Differential Revision: https://reviews.llvm.org/D23508 llvm-svn: 282411 2016-09-26 23:17:18 +08:00			`struct sockaddr* sockaddr = (struct sockaddr*)&storage; // expected-warning{{Casting data to a larger structure type and accessing a field can lead to memory access errors or data corruption}}`
Add test case. llvm-svn: 70294 2009-04-28 21:52:13 +08:00			`socklen_t addrlen = sizeof(storage);`
			`getsockname(sock, sockaddr, &addrlen);`
			`switch (sockaddr->sa_family) { // no-warning`
			`default:`
			`;`
			`}`
			`}`
When casting region, if we do not create an element region, record the cast-to type. When retrieving the region value, if we are going to create a symbol value, use the cast-to type if possible. llvm-svn: 73690 2009-06-18 14:29:10 +08:00
			`struct s {`
			`struct s *value;`
			`};`

Prep for new warning. llvm-svn: 76607 2009-07-22 02:45:53 +08:00			`void f1(struct s **pval) {`
When casting region, if we do not create an element region, record the cast-to type. When retrieving the region value, if we are going to create a symbol value, use the cast-to type if possible. llvm-svn: 73690 2009-06-18 14:29:10 +08:00			`int tbool = ((void)0);`
			`struct s t = pval;`
			`pval = &(t->value);`
Add comments to test. llvm-svn: 84078 2009-10-14 14:05:09 +08:00			`tbool = (int )pval; // use the cast-to type 'int ' to create element region.`
Modify test case comments. llvm-svn: 73691 2009-06-18 14:49:35 +08:00			`char c = (unsigned char) *tbool; // Should use cast-to type to create symbol.`
Add comments to test. llvm-svn: 84078 2009-10-14 14:05:09 +08:00			`if (*tbool == -1) // here load the element region with the correct type 'int'`
Add casts to avoid a bunch of unused expr warnings. (They aren't reported right now due to a bug that I intend to fix). Ted, please review. llvm-svn: 77630 2009-07-31 06:37:41 +08:00			`(void)3;`
When casting region, if we do not create an element region, record the cast-to type. When retrieving the region value, if we are going to create a symbol value, use the cast-to type if possible. llvm-svn: 73690 2009-06-18 14:29:10 +08:00			`}`

If the SymbolicRegion was cast to another type, use that type to create the ElementRegion. llvm-svn: 73754 2009-06-19 12:51:14 +08:00			`void f2(const char *str) {`
			`unsigned char ch, cl, *p;`

			`p = (unsigned char *)str;`
			`ch = *p++; // use cast-to type 'unsigned char' to create element region.`
			`cl = *p++;`
			`if(!cl)`
			`cl = 'a';`
			`}`
Move test case to a more appropriate file. llvm-svn: 92725 2010-01-05 19:49:21 +08:00
			`// Test cast VariableSizeArray to pointer does not crash.`
			`void memcpy(void , void const *, unsigned long);`
			`typedef unsigned char Byte;`
			`void doit(char *data, int len) {`
			`if (len) {`
			`Byte buf[len];`
			`memcpy(buf, data, len);`
			`}`
			`}`
Fix pr6035. llvm-svn: 93422 2010-01-14 11:45:06 +08:00
Simplify test case. This test case also applies to PR 6013. llvm-svn: 93444 2010-01-15 03:47:50 +08:00			`// PR 6013 and 6035 - Test that a cast of a pointer to long and then to int does not crash SValuator.`
			`void pr6013_6035_test(void *p) {`
			`unsigned int foo;`
			`foo = ((long)(p));`
			`(void) foo;`
Fix pr6035. llvm-svn: 93422 2010-01-14 11:45:06 +08:00			`}`
[analyzer] Exit early if constraint solver is given a non-integer symbol to reason about. As part of taint propagation, we now allow creation of non-integer symbolic expressions like a cast from int to float. Addresses PR12511 (radar://11215362). llvm-svn: 156578 2012-05-11 05:49:52 +08:00
			`// PR12511 and radar://11215362 - Test that we support SymCastExpr, which represents symbolic int to float cast.`
			`char ttt(int intSeconds) {`
			`double seconds = intSeconds;`
			`if (seconds)`
			`return 0;`
			`return 0;`
			`}`
[analyzer] Teach the analyzer to use a symbol for p when evaluating (void*)p. Addresses the false positives similar to the test case. llvm-svn: 174436 2013-02-06 03:52:28 +08:00
			`int foo (int* p) {`
			`int y = 0;`
			`if (p == 0) {`
			`if ((((void)&p)) == (void)0) // Test that the cast to void preserves the symbolic region.`
			`return 0;`
			`else`
			`return 5/y; // This code should be unreachable: no-warning.`
			`}`
			`return 0;`
			`}`
Re-apply "[analyzer] Model casts to bool differently from other numbers." This doesn't appear to be the cause of the slowdown. I'll have to try a manual bisect to see if there's really anything there, or if it's just the bot itself taking on additional load. Meanwhile, this change helps with correctness. This changes an assertion and adds a test case, then re-applies r180638, which was reverted in r180714. <rdar://problem/13296133> and PR15863 llvm-svn: 180864 2013-05-02 02:19:59 +08:00
			`void castsToBool() {`
			`clang_analyzer_eval(0); // expected-warning{{FALSE}}`
			`clang_analyzer_eval(0U); // expected-warning{{FALSE}}`
			`clang_analyzer_eval((void *)0); // expected-warning{{FALSE}}`

			`clang_analyzer_eval(1); // expected-warning{{TRUE}}`
			`clang_analyzer_eval(1U); // expected-warning{{TRUE}}`
			`clang_analyzer_eval(-1); // expected-warning{{TRUE}}`
			`clang_analyzer_eval(0x100); // expected-warning{{TRUE}}`
			`clang_analyzer_eval(0x100U); // expected-warning{{TRUE}}`
			`clang_analyzer_eval((void *)0x100); // expected-warning{{TRUE}}`

			`extern int symbolicInt;`
			`clang_analyzer_eval(symbolicInt); // expected-warning{{UNKNOWN}}`
			`if (symbolicInt)`
			`clang_analyzer_eval(symbolicInt); // expected-warning{{TRUE}}`

			`extern void *symbolicPointer;`
			`clang_analyzer_eval(symbolicPointer); // expected-warning{{UNKNOWN}}`
			`if (symbolicPointer)`
			`clang_analyzer_eval(symbolicPointer); // expected-warning{{TRUE}}`

			`int localInt;`
PR16074, implement warnings to catch pointer to boolean true and pointer to null comparison when the pointer is known to be non-null. This catches the array to pointer decay, function to pointer decay and address of variables. This does not catch address of function since this has been previously used to silence a warning. Pointer to bool conversion is under -Wbool-conversion. Pointer to null comparison is under -Wtautological-pointer-compare, a sub-group of -Wtautological-compare. void foo() { int arr[5]; int x; // warn on these conditionals if (foo); if (arr); if (&x); if (foo == null); if (arr == null); if (&x == null); if (&foo); // no warning } llvm-svn: 202216 2014-02-26 10:36:06 +08:00			`int* ptr = &localInt;`
			`clang_analyzer_eval(ptr); // expected-warning{{TRUE}}`
Re-apply "[analyzer] Model casts to bool differently from other numbers." This doesn't appear to be the cause of the slowdown. I'll have to try a manual bisect to see if there's really anything there, or if it's just the bot itself taking on additional load. Meanwhile, this change helps with correctness. This changes an assertion and adds a test case, then re-applies r180638, which was reverted in r180714. <rdar://problem/13296133> and PR15863 llvm-svn: 180864 2013-05-02 02:19:59 +08:00			`clang_analyzer_eval(&castsToBool); // expected-warning{{TRUE}}`
			`clang_analyzer_eval("abc"); // expected-warning{{TRUE}}`

			`extern float globalFloat;`
			`clang_analyzer_eval(globalFloat); // expected-warning{{UNKNOWN}}`
			`}`
[analyzer] Fix symbolication for unknown unary increment/decrement results. If the value is known, but we cannot increment it, conjure a symbol to represent the result of the operation based on the operator expression, not on the sub-expression. In particular, no longer crash on comparing a result of a LocAsInteger increment to a constant integer. rdar://problem/31067356 Differential Revision: https://reviews.llvm.org/D31289 llvm-svn: 298927 2017-03-28 23:57:12 +08:00
			`void locAsIntegerCasts(void *p) {`
			`int x = (int) p;`
			`clang_analyzer_eval(++x < 10); // no-crash // expected-warning{{UNKNOWN}}`
			`}`
[analyzer] CStringChecker: pr34460: Avoid a crash when a cast is not modeled. The checker used to crash when a mempcpy's length argument is symbolic. In this case the cast from 'void ' to 'char ' failed because the respective ElementRegion that represents cast is hard to add on top of the existing ElementRegion that represents the offset to the last copied byte, while preseving a sane memory region structure. Additionally, a few test cases are added (to casts.c) which demonstrate problems caused by existing sloppy work we do with multi-layer ElementRegions. If said cast would be modeled properly in the future, these tests would need to be taken into account. Differential Revision: https://reviews.llvm.org/D38797 llvm-svn: 315742 2017-10-14 04:11:00 +08:00
			`void multiDimensionalArrayPointerCasts() {`
			`static int x[10][10];`
			`int *y1 = &(x[3][5]);`
			`char z = ((char ) y1) + 2;`
			`int y2 = (int )(z - 2);`
			`int y3 = ((int )x) + 35; // This is offset for [3][5].`

			`clang_analyzer_eval(y1 == y2); // expected-warning{{TRUE}}`

			`// FIXME: should be FALSE (i.e. equal pointers).`
			`clang_analyzer_eval(y1 - y2); // expected-warning{{UNKNOWN}}`
			`// FIXME: should be TRUE (i.e. same symbol).`
			`clang_analyzer_eval(y1 == y2); // expected-warning{{UNKNOWN}}`

			`clang_analyzer_eval(((char )y1) == ((char ) y2)); // expected-warning{{TRUE}}`

			`clang_analyzer_eval(y1 == y3); // expected-warning{{TRUE}}`

			`// FIXME: should be FALSE (i.e. equal pointers).`
			`clang_analyzer_eval(y1 - y3); // expected-warning{{UNKNOWN}}`
			`// FIXME: should be TRUE (i.e. same symbol).`
			`clang_analyzer_eval(y1 == y3); // expected-warning{{UNKNOWN}}`

			`clang_analyzer_eval(((char )y1) == ((char ) y3)); // expected-warning{{TRUE}}`
			`}`
[analyzer] pr36458: Fix retrieved value cast for symbolic void pointers. C allows us to write any bytes into any memory region. When loading weird bytes from memory regions of known types, the analyzer is required to make sure that the loaded value makes sense by casting it to an appropriate type. Fix such cast for loading values that represent void pointers from non-void pointer type places. Differential Revision: https://reviews.llvm.org/D46415 llvm-svn: 331562 2018-05-05 06:11:12 +08:00
			`void *getVoidPtr();`

			`void testCastVoidPtrToIntPtrThroughIntTypedAssignment() {`
			`int *x;`
			`(((int )(&x))) = (int)getVoidPtr();`
			`*x = 1; // no-crash`
			`}`

			`void testCastUIntPtrToIntPtrThroughIntTypedAssignment() {`
			`unsigned u;`
			`int *x;`
			`(((int )(&x))) = (int)&u;`
			`*x = 1;`
			`clang_analyzer_eval(u == 1); // expected-warning{{TRUE}}`
			`}`

			`void testCastVoidPtrToIntPtrThroughUIntTypedAssignment() {`
			`int *x;`
			`(((int )(&x))) = (int)(unsigned *)getVoidPtr();`
			`*x = 1; // no-crash`
			`}`
[analyzer] pr38273: Legalize Loc<>NonLoc comparison symbols. Remove an assertion in RangeConstraintManager that expects such symbols to never appear, while admitting that the constraint manager doesn't yet handle them. Differential Revision: https://reviews.llvm.org/D49703 llvm-svn: 337769 2018-07-24 07:09:44 +08:00
			`void testLocNonLocSymbolAssume(int a, int *b) {`
[analyzer] Add a no-crash to a recently added test. No functional change intended. llvm-svn: 337776 2018-07-24 07:48:13 +08:00			`if ((int)b < a) {} // no-crash`
[analyzer] pr38273: Legalize Loc<>NonLoc comparison symbols. Remove an assertion in RangeConstraintManager that expects such symbols to never appear, while admitting that the constraint manager doesn't yet handle them. Differential Revision: https://reviews.llvm.org/D49703 llvm-svn: 337769 2018-07-24 07:09:44 +08:00			`}`
[analyzer] Don't try to simplify mixed Loc/NonLoc expressions. This fix is similar to r337769 and addresses a regression caused by r337167. When an operation between a nonloc::LocAsInteger and a non-pointer symbol is performed, the LocAsInteger-specific part of information is lost. When the non-pointer symbol is collapsing into a constant, we cannot easily re-evaluate the result, because we need to recover the missing LocAsInteger-specific information (eg., integer type, or the very fact that this pointer was at some point converted to an integer). Add one more defensive check to prevent crashes on trying to simplify a SymSymExpr with different Loc-ness of operands. Differential Revision: llvm-svn: 338420 2018-08-01 03:26:34 +08:00
			`void testLocNonLocSymbolRemainder(int a, int *b) {`
			`int c = ((int)b) % a;`
			`if (a == 1) {`
			`c += 1;`
			`}`
			`}`
[analyzer] pr37204: Take signedness into account in getTruthValue(). It now actually produces a signed APSInt when the QualType passed into it is signed, which is what any caller would expect. Fixes a couple of crashes. Differential Revision: https://reviews.llvm.org/D50363 llvm-svn: 339088 2018-08-07 10:27:38 +08:00
			`void testSwitchWithSizeofs() {`
			`switch (sizeof(char) == 1) { // expected-warning{{switch condition has boolean value}}`
			`case sizeof(char):; // no-crash`
			`}`
			`}`
[analyzer] Resolve the crash in ReturnUndefChecker By making sure the returned value from getKnownSVal is consistent with the value used inside expression engine. PR38427 Differential Revision: https://reviews.llvm.org/D51252 llvm-svn: 340965 2018-08-30 04:29:59 +08:00
			`#endif`

			`#ifdef EAGERLY_ASSUME`

[analyzer] Fix tests on 32-bit platforms by specifying the tuple explicitly llvm-svn: 340972 2018-08-30 05:18:47 +08:00			`int globalA;`
[analyzer] Resolve the crash in ReturnUndefChecker By making sure the returned value from getKnownSVal is consistent with the value used inside expression engine. PR38427 Differential Revision: https://reviews.llvm.org/D51252 llvm-svn: 340965 2018-08-30 04:29:59 +08:00			`extern int globalFunc();`
			`void no_crash_on_symsym_cast_to_long() {`
			`char c = globalFunc() - 5;`
			`c == 0;`
			`globalA -= c;`
			`globalA == 3;`
[analyzer] Fix tests on 32-bit platforms by specifying the tuple explicitly llvm-svn: 340972 2018-08-30 05:18:47 +08:00			`(long)globalA << 48;`
			`#ifdef BIT32`
			`// expected-warning@-2{{The result of the left shift is undefined due to shifting by '48', which is greater or equal to the width of type 'long'}}`
			`#else`
			`// expected-no-diagnostics`
			`#endif`
[analyzer] Resolve the crash in ReturnUndefChecker By making sure the returned value from getKnownSVal is consistent with the value used inside expression engine. PR38427 Differential Revision: https://reviews.llvm.org/D51252 llvm-svn: 340965 2018-08-30 04:29:59 +08:00			`}`

			`#endif`
[analyzer] pr38668: Do not attempt to cast loaded integers to floats. This patch is a different approach to landing the reverted r349701. It is expected to have the same object (memory region) treated as if it has different types in different program points. The correct behavior for RegionStore when an object is stored as an object of type T1 but loaded as an object of type T2 is to store the object as if it has type T1 but cast it to T2 during load. Note that the cast here is some sort of a "reinterpret_cast" (even in C). For instance, if you store an integer and load a float, you won't get your integer represented as a float; instead, you will get garbage. Admit that we cannot perform the cast and return an unknown value. Differential Revision: https://reviews.llvm.org/D55875 rdar://problem/45062567 llvm-svn: 349984 2018-12-22 10:06:51 +08:00
			`char no_crash_SymbolCast_of_float_type_aux(int *p) {`
			`*p += 1;`
			`return *p;`
			`}`

			`void no_crash_SymbolCast_of_float_type() {`
			`extern float x;`
			`char (*f)() = no_crash_SymbolCast_of_float_type_aux;`
			`f(&x);`
			`}`

			`double no_crash_reinterpret_double_as_int(double a) {`
			`(int )&a = 1;`
			`return a * a;`
			`}`

			`double no_crash_reinterpret_double_as_ptr(double a) {`
			`(void *)&a = 0;`
			`return a * a;`
			`}`

			`double no_crash_reinterpret_double_as_sym_int(double a, int b) {`
			`(int )&a = b;`
			`return a * a;`
			`}`

			`double no_crash_reinterpret_double_as_sym_ptr(double a, void * b) {`
			`(void *)&a = b;`
			`return a * a;`
			`}`