llvm-project/clang/test/Analysis/vla.c

// RUN: %clang_analyze_cc1 -analyzer-checker=core -analyzer-checker=debug.ExprInspection -verify %s

typedef unsigned long size_t;
size_t clang_analyzer_getExtent(void *);
void clang_analyzer_eval(int);

// Zero-sized VLAs.
void check_zero_sized_VLA(int x) {
  if (x)
    return;

  int vla[x]; // expected-warning{{Declared variable-length array (VLA) has zero size}}
}

void check_uninit_sized_VLA() {
  int x;
  int vla[x]; // expected-warning{{Declared variable-length array (VLA) uses a garbage value as its size}}
}

// Negative VLAs.
static void vla_allocate_signed(short x) {
  int vla[x]; // expected-warning{{Declared variable-length array (VLA) has negative size}}
}

static void vla_allocate_unsigned(unsigned short x) {
  int vla[x]; // no-warning
}

void check_negative_sized_VLA_1() {
  vla_allocate_signed(-1);
}

void check_negative_sized_VLA_2() {
  vla_allocate_unsigned(-1);
}

void check_negative_sized_VLA_3() {
  short x = -1;
  int vla[x]; // expected-warning{{Declared variable-length array (VLA) has negative size}}
}

void check_negative_sized_VLA_4() {
  unsigned short x = -1;
  int vla[x]; // no-warning
}

void check_negative_sized_VLA_5() {
  signed char x = -1;
  int vla[x]; // expected-warning{{Declared variable-length array (VLA) has negative size}}
}

void check_negative_sized_VLA_6() {
  unsigned char x = -1;
  int vla[x]; // no-warning
}

void check_negative_sized_VLA_7() {
  signed char x = -1;
  int vla[x + 2]; // no-warning
}

void check_negative_sized_VLA_8() {
  signed char x = 1;
  int vla[x - 2]; // expected-warning{{Declared variable-length array (VLA) has negative size}}
}

void check_negative_sized_VLA_9() {
  int x = 1;
  int vla[x]; // no-warning
}

static void check_negative_sized_VLA_10_sub(int x)
{
  int vla[x]; // expected-warning{{Declared variable-length array (VLA) has negative size}}
}

void check_negative_sized_VLA_10(int x) {
  if (x < 0)
    check_negative_sized_VLA_10_sub(x);
}

static void check_negative_sized_VLA_11_sub(short x)
{
  int vla[x]; // no-warning
}

void check_negative_sized_VLA_11(short x) {
  if (x > 0)
    check_negative_sized_VLA_11_sub(x);
}

void check_VLA_typedef() {
  int x = -1;
  typedef int VLA[x]; // expected-warning{{Declared variable-length array (VLA) has negative size}}
}

size_t check_VLA_sizeof() {
  int x = -1;
  size_t s = sizeof(int[x]); // expected-warning{{Declared variable-length array (VLA) has negative size}}
  return s;
}

// Multi-dimensional arrays.

void check_zero_sized_VLA_multi1(int x) {
  if (x)
    return;

  int vla[10][x]; // expected-warning{{Declared variable-length array (VLA) has zero size}}
}

void check_zero_sized_VLA_multi2(int x, int y) {
  if (x)
    return;

  int vla[y][x]; // expected-warning{{Declared variable-length array (VLA) has zero size}}
}

// Check the extent.

void check_VLA_extent() {
  int x = 3;

  int vla1[x];
  clang_analyzer_eval(clang_analyzer_getExtent(&vla1) == x * sizeof(int));
  // expected-warning@-1{{TRUE}}

  int vla2[x][2];
  clang_analyzer_eval(clang_analyzer_getExtent(&vla2) == x * 2 * sizeof(int));
  // expected-warning@-1{{TRUE}}

  int vla2m[2][x];
  clang_analyzer_eval(clang_analyzer_getExtent(&vla2m) == 2 * x * sizeof(int));
  // expected-warning@-1{{TRUE}}

  int vla3m[2][x][4];
  clang_analyzer_eval(clang_analyzer_getExtent(&vla3m) == 2 * x * 4 * sizeof(int));
  // expected-warning@-1{{TRUE}}
}

// https://bugs.llvm.org/show_bug.cgi?id=46128
// analyzer doesn't handle more than simple symbolic expressions.
// Just don't crash.
extern void foo(void);
int a;
void b() {
  int c = a + 1;
  for (;;) {
    int d[c];
    for (; 0 < c;)
      foo();
  }
} // no-crash
[Analyzer][VLASize] Support multi-dimensional arrays. Summary: Check the size constraints for every (variable) dimension of the array. Try to compute array size by multiplying size for every dimension. Reviewers: Szelethus, martong, baloghadamsoftware, gamesh411 Reviewed By: Szelethus, martong Subscribers: rnkovacs, xazax.hun, baloghadamsoftware, szepet, a.sidorin, mikhail.ramalho, Szelethus, donat.nagy, dkrupp, gamesh411, Charusso, martong, ASDenysPetrov, cfe-commits Tags: #clang Differential Revision: https://reviews.llvm.org/D77305 2020-04-14 15:20:22 +08:00			`// RUN: %clang_analyze_cc1 -analyzer-checker=core -analyzer-checker=debug.ExprInspection -verify %s`

			`typedef unsigned long size_t;`
			`size_t clang_analyzer_getExtent(void *);`
			`void clang_analyzer_eval(int);`
[analyzer] Check for negative values used as the size of a C variable-length array. Patch by Daniel Fahlgren! llvm-svn: 215456 2014-08-13 00:44:22 +08:00
			`// Zero-sized VLAs.`
			`void check_zero_sized_VLA(int x) {`
			`if (x)`
			`return;`

			`int vla[x]; // expected-warning{{Declared variable-length array (VLA) has zero size}}`
			`}`

			`void check_uninit_sized_VLA() {`
			`int x;`
			`int vla[x]; // expected-warning{{Declared variable-length array (VLA) uses a garbage value as its size}}`
			`}`

			`// Negative VLAs.`
[Analyzer][VLASizeChecker] Try to fix vla.c test problems. 2020-05-19 18:12:28 +08:00			`static void vla_allocate_signed(short x) {`
[analyzer] Check for negative values used as the size of a C variable-length array. Patch by Daniel Fahlgren! llvm-svn: 215456 2014-08-13 00:44:22 +08:00			`int vla[x]; // expected-warning{{Declared variable-length array (VLA) has negative size}}`
			`}`

[Analyzer][VLASizeChecker] Try to fix vla.c test problems. 2020-05-19 18:12:28 +08:00			`static void vla_allocate_unsigned(unsigned short x) {`
[analyzer] Check for negative values used as the size of a C variable-length array. Patch by Daniel Fahlgren! llvm-svn: 215456 2014-08-13 00:44:22 +08:00			`int vla[x]; // no-warning`
			`}`

			`void check_negative_sized_VLA_1() {`
			`vla_allocate_signed(-1);`
			`}`

			`void check_negative_sized_VLA_2() {`
			`vla_allocate_unsigned(-1);`
			`}`

			`void check_negative_sized_VLA_3() {`
[Analyzer][VLASizeChecker] Try to fix vla.c test problems. 2020-05-19 18:12:28 +08:00			`short x = -1;`
[analyzer] Check for negative values used as the size of a C variable-length array. Patch by Daniel Fahlgren! llvm-svn: 215456 2014-08-13 00:44:22 +08:00			`int vla[x]; // expected-warning{{Declared variable-length array (VLA) has negative size}}`
			`}`

			`void check_negative_sized_VLA_4() {`
[Analyzer][VLASizeChecker] Try to fix vla.c test problems. 2020-05-19 18:12:28 +08:00			`unsigned short x = -1;`
[analyzer] Check for negative values used as the size of a C variable-length array. Patch by Daniel Fahlgren! llvm-svn: 215456 2014-08-13 00:44:22 +08:00			`int vla[x]; // no-warning`
			`}`

			`void check_negative_sized_VLA_5() {`
			`signed char x = -1;`
			`int vla[x]; // expected-warning{{Declared variable-length array (VLA) has negative size}}`
			`}`

			`void check_negative_sized_VLA_6() {`
			`unsigned char x = -1;`
			`int vla[x]; // no-warning`
			`}`

			`void check_negative_sized_VLA_7() {`
			`signed char x = -1;`
			`int vla[x + 2]; // no-warning`
			`}`

			`void check_negative_sized_VLA_8() {`
			`signed char x = 1;`
			`int vla[x - 2]; // expected-warning{{Declared variable-length array (VLA) has negative size}}`
			`}`

			`void check_negative_sized_VLA_9() {`
			`int x = 1;`
			`int vla[x]; // no-warning`
			`}`

			`static void check_negative_sized_VLA_10_sub(int x)`
			`{`
			`int vla[x]; // expected-warning{{Declared variable-length array (VLA) has negative size}}`
			`}`

			`void check_negative_sized_VLA_10(int x) {`
			`if (x < 0)`
			`check_negative_sized_VLA_10_sub(x);`
			`}`

[Analyzer][VLASizeChecker] Try to fix vla.c test problems. 2020-05-19 18:12:28 +08:00			`static void check_negative_sized_VLA_11_sub(short x)`
[analyzer] Check for negative values used as the size of a C variable-length array. Patch by Daniel Fahlgren! llvm-svn: 215456 2014-08-13 00:44:22 +08:00			`{`
			`int vla[x]; // no-warning`
			`}`

[Analyzer][VLASizeChecker] Try to fix vla.c test problems. 2020-05-19 18:12:28 +08:00			`void check_negative_sized_VLA_11(short x) {`
[analyzer] Check for negative values used as the size of a C variable-length array. Patch by Daniel Fahlgren! llvm-svn: 215456 2014-08-13 00:44:22 +08:00			`if (x > 0)`
			`check_negative_sized_VLA_11_sub(x);`
			`}`
[Analyzer][VLASize] Support multi-dimensional arrays. Summary: Check the size constraints for every (variable) dimension of the array. Try to compute array size by multiplying size for every dimension. Reviewers: Szelethus, martong, baloghadamsoftware, gamesh411 Reviewed By: Szelethus, martong Subscribers: rnkovacs, xazax.hun, baloghadamsoftware, szepet, a.sidorin, mikhail.ramalho, Szelethus, donat.nagy, dkrupp, gamesh411, Charusso, martong, ASDenysPetrov, cfe-commits Tags: #clang Differential Revision: https://reviews.llvm.org/D77305 2020-04-14 15:20:22 +08:00
[Analyzer][VLASizeChecker] Check VLA size in typedef and sizeof. Summary: The check of VLA size was done previously for variable declarations (of VLA type) only. Now it is done for typedef (and type-alias) and sizeof expressions with VLA too. Reviewers: Szelethus, martong Reviewed By: Szelethus, martong Subscribers: rnkovacs, xazax.hun, baloghadamsoftware, szepet, a.sidorin, mikhail.ramalho, Szelethus, donat.nagy, dkrupp, gamesh411, Charusso, martong, ASDenysPetrov, cfe-commits Tags: #clang Differential Revision: https://reviews.llvm.org/D79072 2020-05-14 15:48:15 +08:00			`void check_VLA_typedef() {`
			`int x = -1;`
			`typedef int VLA[x]; // expected-warning{{Declared variable-length array (VLA) has negative size}}`
			`}`

			`size_t check_VLA_sizeof() {`
			`int x = -1;`
			`size_t s = sizeof(int[x]); // expected-warning{{Declared variable-length array (VLA) has negative size}}`
			`return s;`
			`}`

[Analyzer][VLASize] Support multi-dimensional arrays. Summary: Check the size constraints for every (variable) dimension of the array. Try to compute array size by multiplying size for every dimension. Reviewers: Szelethus, martong, baloghadamsoftware, gamesh411 Reviewed By: Szelethus, martong Subscribers: rnkovacs, xazax.hun, baloghadamsoftware, szepet, a.sidorin, mikhail.ramalho, Szelethus, donat.nagy, dkrupp, gamesh411, Charusso, martong, ASDenysPetrov, cfe-commits Tags: #clang Differential Revision: https://reviews.llvm.org/D77305 2020-04-14 15:20:22 +08:00			`// Multi-dimensional arrays.`

			`void check_zero_sized_VLA_multi1(int x) {`
			`if (x)`
			`return;`

			`int vla[10][x]; // expected-warning{{Declared variable-length array (VLA) has zero size}}`
			`}`

			`void check_zero_sized_VLA_multi2(int x, int y) {`
			`if (x)`
			`return;`

			`int vla[y][x]; // expected-warning{{Declared variable-length array (VLA) has zero size}}`
			`}`

			`// Check the extent.`

			`void check_VLA_extent() {`
			`int x = 3;`

			`int vla1[x];`
			`clang_analyzer_eval(clang_analyzer_getExtent(&vla1) == x * sizeof(int));`
			`// expected-warning@-1{{TRUE}}`

			`int vla2[x][2];`
			`clang_analyzer_eval(clang_analyzer_getExtent(&vla2) == x * 2 * sizeof(int));`
			`// expected-warning@-1{{TRUE}}`

			`int vla2m[2][x];`
			`clang_analyzer_eval(clang_analyzer_getExtent(&vla2m) == 2 * x * sizeof(int));`
			`// expected-warning@-1{{TRUE}}`

			`int vla3m[2][x][4];`
			`clang_analyzer_eval(clang_analyzer_getExtent(&vla3m) == 2 * x * 4 * sizeof(int));`
			`// expected-warning@-1{{TRUE}}`
			`}`
[analyzer] Ignore calculated indices of <= 0 in VLASizeChecker Summary: See https://bugs.llvm.org/show_bug.cgi?id=46128. The checker does not yet comprehend constraints involving multiple symbols, so it's possible to calculate a VLA size that's negative or 0. A LIT is added to catch regressions, and this change simply bails if a VLA size of 0 or less is calculated. Reviewers: balazske, NoQ, martong, baloghadamsoftware, Szelethus, gamesh411 Reviewed By: balazske, NoQ, Szelethus Subscribers: xazax.hun, szepet, rnkovacs, a.sidorin, mikhail.ramalho, donat.nagy, Charusso, ASDenysPetrov, cfe-commits, dkrupp Tags: #clang Differential Revision: https://reviews.llvm.org/D80903 2020-06-01 08:03:16 +08:00
			`// https://bugs.llvm.org/show_bug.cgi?id=46128`
			`// analyzer doesn't handle more than simple symbolic expressions.`
			`// Just don't crash.`
			`extern void foo(void);`
			`int a;`
			`void b() {`
			`int c = a + 1;`
			`for (;;) {`
			`int d[c];`
			`for (; 0 < c;)`
			`foo();`
			`}`
			`} // no-crash`