llvm-project/clang/test/Analysis/bstring_UninitRead.c

// RUN: %clang_analyze_cc1 -verify %s \
// RUN: -analyzer-checker=core,alpha.unix.cstring


// This file is generally for the alpha.unix.cstring.UninitializedRead Checker, the reason for putting it into
// the separate file because the checker is break the some existing test cases in bstring.c file , so we don't 
// wanna mess up with some existing test case so it's better to create separate file for it, this file also include 
// the broken test for the reference in future about the broken tests.


typedef typeof(sizeof(int)) size_t;

void clang_analyzer_eval(int);

void *memcpy(void *restrict s1, const void *restrict s2, size_t n);

void top(char *dst) {
  char buf[10];
  memcpy(dst, buf, 10); // expected-warning{{Bytes string function accesses uninitialized/garbage values}}
  (void)buf;
}

//===----------------------------------------------------------------------===
// mempcpy()
//===----------------------------------------------------------------------===

void *mempcpy(void *restrict s1, const void *restrict s2, size_t n);

void mempcpy14() {
  int src[] = {1, 2, 3, 4};
  int dst[5] = {0};
  int *p;

  p = mempcpy(dst, src, 4 * sizeof(int)); // expected-warning{{Bytes string function accesses uninitialized/garbage values}}
   // FIXME: This behaviour is actually surprising and needs to be fixed, 
   // mempcpy seems to consider the very last byte of the src buffer uninitialized
   // and returning undef unfortunately. It should have returned unknown or a conjured value instead.

  clang_analyzer_eval(p == &dst[4]); // no-warning (above is fatal)
}

struct st {
  int i;
  int j;
};


void mempcpy15() {
  struct st s1 = {0};
  struct st s2;
  struct st *p1;
  struct st *p2;

  p1 = (&s2) + 1;
  p2 = mempcpy(&s2, &s1, sizeof(struct st)); // expected-warning{{Bytes string function accesses uninitialized/garbage values}}
  // FIXME: It seems same as mempcpy14() case.
  
  clang_analyzer_eval(p1 == p2); // no-warning (above is fatal)
}