third_party/llvm-project/clang/test/Analysis/null-deref-ps-region.c - cobalt - Git at Google

 // RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.core,unix,alpha.unix -std=gnu99 -analyzer-store=region -verify %s

 #include "Inputs/system-header-simulator.h"

 typedef __typeof(sizeof(int)) size_t;
 void *memset(void *__s, int __c, size_t __n);
 void *malloc(size_t __size);
 void free(void *__ptr);

 // The store for 'a[1]' should not be removed mistakenly. SymbolicRegions may
 // also be live roots.
 void f14(int *a) {
   int i;
   a[1] = 1;
   i = a[1];
   if (i != 1) {
     int *p = 0;
     i = *p; // no-warning
   }
 }

 void foo() {
   int *x = malloc(sizeof(int));
   memset(x, 0, sizeof(int));
   int n = 1 / *x; // expected-warning {{Division by zero}}
   free(x);
 }

 void bar() {
   int *x = malloc(sizeof(int));
   memset(x, 0, 1);
   int n = 1 / *x; // no-warning
   free(x);
 }

 void testConcreteNull() {
   int *x = 0;
   memset(x, 0, 1); // expected-warning {{Null pointer argument in call to memory set function}}
 }

 void testStackArray() {
   char buf[13];
   memset(buf, 0, 1); // no-warning
 }

 void testHeapSymbol() {
   char *buf = (char *)malloc(13);
   memset(buf, 0, 1); // no-warning
   free(buf);
 }

 void testStackArrayOutOfBound() {
   char buf[1];
   memset(buf, 0, 1024); // expected-warning {{Memory set function accesses out-of-bound array element}}
 }

 void testHeapSymbolOutOfBound() {
   char *buf = (char *)malloc(1);
   memset(buf, 0, 1024); // expected-warning {{Memory set function accesses out-of-bound array element}}
   free(buf);
 }

 void testStackArraySameSize() {
   char buf[1];
   memset(buf, 0, sizeof(buf)); // no-warning
 }

 void testHeapSymbolSameSize() {
   char *buf = (char *)malloc(1);
   memset(buf, 0, 1); // no-warning
   free(buf);
 }
	// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.core,unix,alpha.unix -std=gnu99 -analyzer-store=region -verify %s

	#include "Inputs/system-header-simulator.h"

	typedef __typeof(sizeof(int)) size_t;
	void memset(void __s, int __c, size_t __n);
	void *malloc(size_t __size);
	void free(void *__ptr);

	// The store for 'a[1]' should not be removed mistakenly. SymbolicRegions may
	// also be live roots.
	void f14(int *a) {
	int i;
	a[1] = 1;
	i = a[1];
	if (i != 1) {
	int *p = 0;
	i = *p; // no-warning
	}
	}

	void foo() {
	int *x = malloc(sizeof(int));
	memset(x, 0, sizeof(int));
	int n = 1 / *x; // expected-warning {{Division by zero}}
	free(x);
	}

	void bar() {
	int *x = malloc(sizeof(int));
	memset(x, 0, 1);
	int n = 1 / *x; // no-warning
	free(x);
	}

	void testConcreteNull() {
	int *x = 0;
	memset(x, 0, 1); // expected-warning {{Null pointer argument in call to memory set function}}
	}

	void testStackArray() {
	char buf[13];
	memset(buf, 0, 1); // no-warning
	}

	void testHeapSymbol() {
	char buf = (char )malloc(13);
	memset(buf, 0, 1); // no-warning
	free(buf);
	}

	void testStackArrayOutOfBound() {
	char buf[1];
	memset(buf, 0, 1024); // expected-warning {{Memory set function accesses out-of-bound array element}}
	}

	void testHeapSymbolOutOfBound() {
	char buf = (char )malloc(1);
	memset(buf, 0, 1024); // expected-warning {{Memory set function accesses out-of-bound array element}}
	free(buf);
	}

	void testStackArraySameSize() {
	char buf[1];
	memset(buf, 0, sizeof(buf)); // no-warning
	}

	void testHeapSymbolSameSize() {
	char buf = (char )malloc(1);
	memset(buf, 0, 1); // no-warning
	free(buf);
	}