src/third_party/llvm-project/clang/test/Analysis/cast-to-struct.cpp - cobalt - Git at Google

 // RUN: %clang_analyze_cc1 -analyzer-checker=alpha.core.CastToStruct,core -verify %s

 struct AB {
   int A;
   int B;
 };

 struct ABC {
   int A;
   int B;
   int C;
 };

 struct Base {
   Base() : A(0), B(0) {}
   virtual ~Base() {}

   int A;
   int B;
 };

 struct Derived : public Base {
   Derived() : Base(), C(0) {}
   int C;
 };

 void structToStruct(struct AB *P) {
   struct AB Ab;
   struct ABC *Abc;
   Abc = (struct ABC *)&Ab; // expected-warning {{Casting data to a larger structure type and accessing a field can lead to memory access errors or data corruption}}
   Abc = (struct ABC *)P; // No warning; It is not known what data P points at.
   Abc = (struct ABC *)&*P;

   // Don't warn when the cast is not widening.
   P = (struct AB *)&Ab; // struct AB * => struct AB *
   struct ABC Abc2;
   P = (struct AB *)&Abc2; // struct ABC * => struct AB *

   // True negatives when casting from Base to Derived.
   Derived D1, *D2;
   Base &B1 = D1;
   D2 = (Derived *)&B1;
   D2 = dynamic_cast<Derived *>(&B1);
   D2 = static_cast<Derived *>(&B1);

   // True positives when casting from Base to Derived.
   Base B2;
   D2 = (Derived *)&B2;// expected-warning {{Casting data to a larger structure type and accessing a field can lead to memory access errors or data corruption}}
   D2 = dynamic_cast<Derived *>(&B2);// expected-warning {{Casting data to a larger structure type and accessing a field can lead to memory access errors or data corruption}}
   D2 = static_cast<Derived *>(&B2);// expected-warning {{Casting data to a larger structure type and accessing a field can lead to memory access errors or data corruption}}

   // False negatives, cast from Base to Derived. With path sensitive analysis
   // these false negatives could be fixed.
   Base *B3 = &B2;
   D2 = (Derived *)B3;
   D2 = dynamic_cast<Derived *>(B3);
   D2 = static_cast<Derived *>(B3);
 }

 void intToStruct(int *P) {
   struct ABC *Abc;
   Abc = (struct ABC *)P; // expected-warning {{Casting a non-structure type to a structure type and accessing a field can lead to memory access errors or data corruption}}

   // Cast from void *.
   void *VP = P;
   Abc = (struct ABC *)VP;
 }

 // https://llvm.org/bugs/show_bug.cgi?id=31173
 void dontCrash1(struct AB X) {
   struct UndefS *S = (struct UndefS *)&X;
 }

 struct S;
 struct T {
   struct S *P;
 };
 extern struct S Var1, Var2;
 void dontCrash2() {
   ((struct T *) &Var1)->P = &Var2;
 }
	// RUN: %clang_analyze_cc1 -analyzer-checker=alpha.core.CastToStruct,core -verify %s

	struct AB {
	int A;
	int B;
	};

	struct ABC {
	int A;
	int B;
	int C;
	};

	struct Base {
	Base() : A(0), B(0) {}
	virtual ~Base() {}

	int A;
	int B;
	};

	struct Derived : public Base {
	Derived() : Base(), C(0) {}
	int C;
	};

	void structToStruct(struct AB *P) {
	struct AB Ab;
	struct ABC *Abc;
	Abc = (struct ABC *)&Ab; // expected-warning {{Casting data to a larger structure type and accessing a field can lead to memory access errors or data corruption}}
	Abc = (struct ABC *)P; // No warning; It is not known what data P points at.
	Abc = (struct ABC )&P;

	// Don't warn when the cast is not widening.
	P = (struct AB )&Ab; // struct AB => struct AB *
	struct ABC Abc2;
	P = (struct AB )&Abc2; // struct ABC => struct AB *

	// True negatives when casting from Base to Derived.
	Derived D1, *D2;
	Base &B1 = D1;
	D2 = (Derived *)&B1;
	D2 = dynamic_cast<Derived *>(&B1);
	D2 = static_cast<Derived *>(&B1);

	// True positives when casting from Base to Derived.
	Base B2;
	D2 = (Derived *)&B2;// expected-warning {{Casting data to a larger structure type and accessing a field can lead to memory access errors or data corruption}}
	D2 = dynamic_cast<Derived *>(&B2);// expected-warning {{Casting data to a larger structure type and accessing a field can lead to memory access errors or data corruption}}
	D2 = static_cast<Derived *>(&B2);// expected-warning {{Casting data to a larger structure type and accessing a field can lead to memory access errors or data corruption}}

	// False negatives, cast from Base to Derived. With path sensitive analysis
	// these false negatives could be fixed.
	Base *B3 = &B2;
	D2 = (Derived *)B3;
	D2 = dynamic_cast<Derived *>(B3);
	D2 = static_cast<Derived *>(B3);
	}

	void intToStruct(int *P) {
	struct ABC *Abc;
	Abc = (struct ABC *)P; // expected-warning {{Casting a non-structure type to a structure type and accessing a field can lead to memory access errors or data corruption}}

	// Cast from void *.
	void *VP = P;
	Abc = (struct ABC *)VP;
	}

	// https://llvm.org/bugs/show_bug.cgi?id=31173
	void dontCrash1(struct AB X) {
	struct UndefS S = (struct UndefS )&X;
	}

	struct S;
	struct T {
	struct S *P;
	};
	extern struct S Var1, Var2;
	void dontCrash2() {
	((struct T *) &Var1)->P = &Var2;
	}