From: Ted Kremenek <kremenek@apple.com>
Date: Thu, 23 Dec 2010 02:42:49 +0000 (+0000)
Subject: It's amazing what you find when you actually
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=15a467e9e8e9bee54c9d03305b4009e530c6ba4a;p=clang

It's amazing what you find when you actually
set the RUN line correctly in a test file!

Mark a bunch of tests for ArrayBoundCheckerV2
as FIXME's, as our current lack of pointer
arithmetic handling causes these to be all
false positives/negatives.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@122471 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/test/Analysis/out-of-bounds.c b/test/Analysis/out-of-bounds.c
index 79a2ca0605..598e165376 100644
--- a/test/Analysis/out-of-bounds.c
+++ b/test/Analysis/out-of-bounds.c
@@ -1,4 +1,4 @@
-// RUN: %clang_cc1 -analyze -analyzer-check-objc-mem -analyzer-check-buffer-overflows -verify
+// RUN: %clang_cc1 -analyze -analyzer-check-objc-mem -analyzer-check-buffer-overflows -verify %s
 
 // Tests doing an out-of-bounds access after the end of an array using:
 // - constant integer index
@@ -13,6 +13,21 @@ void test1_ok(int x) {
   buf[99] = 1; // no-warning
 }
 
+const char test1_strings_underrun(int x) {
+  const char *mystr = "mary had a little lamb";
+  return mystr[-1]; // expected-warning{{Out of bound memory access}}
+}
+
+const char test1_strings_overrun(int x) {
+  const char *mystr = "mary had a little lamb";
+  return mystr[1000];  // expected-warning{{Out of bound memory access}}
+}
+
+const char test1_strings_ok(int x) {
+  const char *mystr = "mary had a little lamb";
+  return mystr[5]; // no-warning
+}
+
 // Tests doing an out-of-bounds access after the end of an array using:
 // - indirect pointer to buffer
 // - constant integer index
@@ -26,9 +41,10 @@ void test1_ptr(int x) {
 void test1_ptr_ok(int x) {
   int buf[100];
   int *p = buf;
-  p[99] = 1; // expected-warning{{Out of bound memory access}}
+  p[99] = 1; // no-warning
 }
 
+// ** FIXME **  Doesn't work yet because we don't support pointer arithmetic.
 // Tests doing an out-of-bounds access before the start of an array using:
 // - indirect pointer to buffer, manipulated using simple pointer arithmetic
 // - constant integer index
@@ -37,7 +53,7 @@ void test1_ptr_arith(int x) {
   int buf[100];
   int *p = buf;
   p = p + 100;
-  p[0] = 1; // expected-warning{{Out of bound memory access}}
+  p[0] = 1; // no-warning
 }
 
 void test1_ptr_arith_ok(int x) {
@@ -47,18 +63,21 @@ void test1_ptr_arith_ok(int x) {
   p[0] = 1; // no-warning
 }
 
+// ** FIXME **  Doesn't work yet because we don't support pointer arithmetic.
 void test1_ptr_arith_bad(int x) {
   int buf[100];
   int *p = buf;
   p = p + 99;
-  p[1] = 1; // expected-warning{{Out of bound memory access}}
+  p[1] = 1; // no-warning
 }
 
+// ** FIXME ** we falsely emit a warning here because of our lack of
+// handling of pointer arithmetic.
 void test1_ptr_arith_ok2(int x) {
   int buf[100];
   int *p = buf;
-  p = p + 100;
-  p[-1] = 1; // no-warning
+  p = p + 99;
+  p[-1] = 1; // expected-warning{{Out of bound}}
 }
 
 // Tests doing an out-of-bounds access before the start of an array using:
@@ -79,6 +98,7 @@ void test2_ptr(int x) {
   p[-1] = 1; // expected-warning{{Out of bound memory access}}
 }
 
+// ** FIXME ** Doesn't work yet because we don't support pointer arithmetic.
 // Tests doing an out-of-bounds access before the start of an array using:
 // - indirect pointer to buffer, manipulated using simple pointer arithmetic
 // - constant integer index
@@ -87,7 +107,7 @@ void test2_ptr_arith(int x) {
   int buf[100];
   int *p = buf;
   --p;
-  p[0] = 1; // expected-warning{{Out of bound memory access}}
+  p[0] = 1; // no-warning
 }
 
 // Tests doing an out-of-bounds access before the start of a multi-dimensional