This is an archive of the discontinued LLVM Phabricator instance.

Differential D16317

[Analyzer] Fix for PR23790: bind real value returned from strcmp when modelling strcmp.
ClosedPublic

Authored by ayartsev on Jan 19 2016, 6:34 AM.

Details

Reviewers
dcoughlin
zaks.anna
Summary

The patch is a fix for PR23790. Call to StringRef::Compare() returning [1,0,-1] is replaced with the real call to strcmp to be more precise in modelling. This also may theoretically help to find defects if a tested code relays on a value returned from strcmp like
if (strcmp(x, y) == 1) { ... }

Please review!

Diff Detail

Event Timeline

ayartsev updated this revision to Diff 45253.Jan 19 2016, 6:34 AM
ayartsev retitled this revision from to [Analyzer] Fix for PR23790: bind real value returned from strcmp when modelling strcmp..
ayartsev updated this object.
ayartsev added a reviewer: zaks.anna.
ayartsev added a subscriber: cfe-commits.
NoQ added a subscriber: NoQ.Jan 19 2016, 7:27 AM

Hmm. If we want to catch bugs resulting from alternative strcmp() implementations, then probably a test case that demonstrates the improvement would be worth it, eg.:

int x = strcmp("foo", "bar"));
if (x == 1 || x == -1)
  clang_analyzer_warnIfReached(); // expected-warning{{REACHABLE}}
if (x > 1 || x < -1)
  clang_analyzer_warnIfReached(); // expected-warning{{REACHABLE}}

However, now we don't quite pass it yet, because the hardcoded implementation of strcmp() is still specific, just different depending on how the clang code was compiled (which may be similar to or different from the implementation on which the code under analysis relies).

In order to pass such test, we could conjure a symbol for return value of strcmp() and only enforce range on this symbol (such as [INT_MIN, -1] or [1, INT_MAX]), rather than returning a concrete value.

dcoughlin added a subscriber: dcoughlin.Jan 19 2016, 8:45 AM

As Artem notes, you can't defer to the host strcmp() -- doing so is just as unsound as using StringRef::compare() less predictable under optimization of the analyzer. I think his suggested approach is the way to go: create a symbol and constrain its range based on the result of StringRef::compare.

For tests, I would suggest:

int lessThanZero = strcmp("aaa", "nnn");
clang_analyzer_eval(lessThanZero < 0); // expected-warning {{TRUE}}
clang_analyzer_eval(lessThanZero >= 0); // expected-warning {{FALSE}}
clang_analyzer_eval(lessThanZero < -13); // expected-warning {{UNKNOWN}}

int greaterThanZero = strcmp("nnn", "aaa");
clang_analyzer_eval(greaterThanZero > 0); // expected-warning {{TRUE}}
clang_analyzer_eval(greaterThanZero <= 0); // expected-warning {{FALSE}}
clang_analyzer_eval(greaterThanZero > 13); // expected-warning {{UNKNOWN}}

int equalToZero = strcmp("aaa", "aaa");
clang_analyzer_eval(equalToZero == 0); // expected-warning {{TRUE}}

These show that the analyzer does assume the strongest sound postcondition and spot checks that it doesn't assume either the stronger, StringRef-implementation-specific invariant (1/-1) or an invariant from a common unoptimized memcpy() implementation ('a' - 'n' is 13).

lib/StaticAnalyzer/Checkers/CStringChecker.cpp
1873–1874

Whatever changes you make for the case-sensitive compare should also be analogously applied to the case-insensitive compare.

dcoughlin requested changes to this revision.Jan 19 2016, 8:46 AM
dcoughlin added a reviewer: dcoughlin.
dcoughlin edited edge metadata.
This revision now requires changes to proceed.Jan 19 2016, 8:46 AM
dcoughlin added a comment.Jan 19 2016, 9:05 AM

ayartsev:

This also may theoretically help to find defects if a tested code relays on a value returned from strcmp like
if (strcmp(x, y) == 1) { ... }

I think it would be useful and not that difficult to write a checker that checks for this explicitly. I don't think an AST-based/clang-tidycheck would quite be enough because I suspect programmers often store the result of strcmp() in a local before using it. One approach would be to have a path-sensitive checker keep a set of symbolic result values from strcmp() and diagnose if any is ever explicitly checked for (dis)-equality with -1 or 1.

xazax.hun added a subscriber: xazax.hun.Jan 20 2016, 6:54 PM
ayartsev updated this revision to Diff 46538.Feb 1 2016, 8:09 AM
ayartsev edited edge metadata.

Updated the patch, please review.

ayartsev added a comment.Feb 8 2016, 9:02 AM

Ping.

ayartsev added a comment.Feb 15 2016, 3:43 PM

Ping.

dcoughlin accepted this revision.Feb 22 2016, 9:19 AM
dcoughlin edited edge metadata.

Looks great, other than some non-standard indentation.

lib/StaticAnalyzer/Checkers/CStringChecker.cpp
1886

Non-standard indentation here.

This revision is now accepted and ready to land.Feb 22 2016, 9:19 AM
NoQ closed this revision.Aug 17 2016, 8:15 AM

Committed in r270154 (long time ago).

Revision Contents

PathSize
lib/
StaticAnalyzer/
Checkers/
37 lines
test/
Analysis/
104 lines

Diff 46538

lib/StaticAnalyzer/Checkers/CStringChecker.cpp

Show First 20 LinesShow All 1,827 Lines▼ Show 20 Linesvoid CStringChecker::evalStrcmpCommon(CheckerContext &C, const CallExpr *CE,
// At this point we can go about comparing the two buffers. // At this point we can go about comparing the two buffers.
// For now, we only do this if they're both known string literals. // For now, we only do this if they're both known string literals.
// Attempt to extract string literals from both expressions. // Attempt to extract string literals from both expressions.
const StringLiteral *s1StrLiteral = getCStringLiteral(C, state, s1, s1Val); const StringLiteral *s1StrLiteral = getCStringLiteral(C, state, s1, s1Val);
const StringLiteral *s2StrLiteral = getCStringLiteral(C, state, s2, s2Val); const StringLiteral *s2StrLiteral = getCStringLiteral(C, state, s2, s2Val);
bool canComputeResult = false; bool canComputeResult = false;
SVal resultVal = svalBuilder.conjureSymbolVal(nullptr, CE, LCtx,
C.blockCount());
if (s1StrLiteral && s2StrLiteral) { if (s1StrLiteral && s2StrLiteral) {
StringRef s1StrRef = s1StrLiteral->getString(); StringRef s1StrRef = s1StrLiteral->getString();
StringRef s2StrRef = s2StrLiteral->getString(); StringRef s2StrRef = s2StrLiteral->getString();
if (isBounded) { if (isBounded) {
// Get the max number of characters to compare. // Get the max number of characters to compare.
const Expr *lenExpr = CE->getArg(2); const Expr *lenExpr = CE->getArg(2);
Show All 17 Lines if (canComputeResult) {
if (s1Term != StringRef::npos) if (s1Term != StringRef::npos)
s1StrRef = s1StrRef.substr(0, s1Term); s1StrRef = s1StrRef.substr(0, s1Term);
size_t s2Term = s2StrRef.find('\0'); size_t s2Term = s2StrRef.find('\0');
if (s2Term != StringRef::npos) if (s2Term != StringRef::npos)
s2StrRef = s2StrRef.substr(0, s2Term); s2StrRef = s2StrRef.substr(0, s2Term);
// Use StringRef's comparison methods to compute the actual result. // Use StringRef's comparison methods to compute the actual result.
int result; int compareRes = ignoreCase ? s1StrRef.compare_lower(s2StrRef)
: s1StrRef.compare(s2StrRef);
if (ignoreCase) { // The strcmp function returns an integer greater than, equal to, or less
dcoughlinUnsubmitted
Not Done
ReplyInline Actions

Whatever changes you make for the case-sensitive compare should also be analogously applied to the case-insensitive compare.

dcoughlin: Whatever changes you make for the case-sensitive compare should also be analogously applied to…
// Compare string 1 to string 2 the same way strcasecmp() does. // than zero, [c11, p7.24.4.2].
result = s1StrRef.compare_lower(s2StrRef); if (compareRes == 0) {
} else { resultVal = svalBuilder.makeIntVal(compareRes, CE->getType());
// Compare string 1 to string 2 the same way strcmp() does. }
result = s1StrRef.compare(s2StrRef); else {
DefinedSVal zeroVal = svalBuilder.makeIntVal(0, CE->getType());
// Constrain strcmp's result range based on the result of StringRef's
// comparison methods.
BinaryOperatorKind op = (compareRes == 1) ? BO_GT : BO_LT;
SVal compareWithZero =
svalBuilder.evalBinOp(state, op, resultVal, zeroVal,
svalBuilder.getConditionType());
dcoughlinUnsubmitted
Not Done
ReplyInline Actions

Non-standard indentation here.

dcoughlin: Non-standard indentation here.
DefinedSVal compareWithZeroVal = compareWithZero.castAs<DefinedSVal>();
state = state->assume(compareWithZeroVal, true);
} }
// Build the SVal of the comparison and bind the return value.
SVal resultVal = svalBuilder.makeIntVal(result, CE->getType());
state = state->BindExpr(CE, LCtx, resultVal);
} }
} }
if (!canComputeResult) {
// Conjure a symbolic value. It's the best we can do.
SVal resultVal = svalBuilder.conjureSymbolVal(nullptr, CE, LCtx,
C.blockCount());
state = state->BindExpr(CE, LCtx, resultVal); state = state->BindExpr(CE, LCtx, resultVal);
}
// Record this as a possible path. // Record this as a possible path.
C.addTransition(state); C.addTransition(state);
} }
void CStringChecker::evalStrsep(CheckerContext &C, const CallExpr *CE) const { void CStringChecker::evalStrsep(CheckerContext &C, const CallExpr *CE) const {
//char *strsep(char **stringp, const char *delim); //char *strsep(char **stringp, const char *delim);
if (CE->getNumArgs() < 2) if (CE->getNumArgs() < 2)
▲ Show 20 LinesShow All 267 LinesShow Last 20 Lines

test/Analysis/string.c

Show First 20 LinesShow All 674 Lines▼ Show 20 Lines
//===----------------------------------------------------------------------=== //===----------------------------------------------------------------------===
// strcmp() // strcmp()
//===----------------------------------------------------------------------=== //===----------------------------------------------------------------------===
#define strcmp BUILTIN(strcmp) #define strcmp BUILTIN(strcmp)
int strcmp(const char * s1, const char * s2); int strcmp(const char * s1, const char * s2);
void strcmp_check_modelling() {
char *x = "aa";
char *y = "a";
clang_analyzer_eval(strcmp(x, y) > 0); // expected-warning{{TRUE}}
clang_analyzer_eval(strcmp(x, y) <= 0); // expected-warning{{FALSE}}
clang_analyzer_eval(strcmp(x, y) > 1); // expected-warning{{UNKNOWN}}
clang_analyzer_eval(strcmp(y, x) < 0); // expected-warning{{TRUE}}
clang_analyzer_eval(strcmp(y, x) >= 0); // expected-warning{{FALSE}}
clang_analyzer_eval(strcmp(y, x) < -1); // expected-warning{{UNKNOWN}}
}
void strcmp_constant0() { void strcmp_constant0() {
clang_analyzer_eval(strcmp("123", "123") == 0); // expected-warning{{TRUE}} clang_analyzer_eval(strcmp("123", "123") == 0); // expected-warning{{TRUE}}
} }
void strcmp_constant_and_var_0() { void strcmp_constant_and_var_0() {
char *x = "123"; char *x = "123";
clang_analyzer_eval(strcmp(x, "123") == 0); // expected-warning{{TRUE}} clang_analyzer_eval(strcmp(x, "123") == 0); // expected-warning{{TRUE}}
} }
void strcmp_constant_and_var_1() { void strcmp_constant_and_var_1() {
char *x = "123"; char *x = "123";
clang_analyzer_eval(strcmp("123", x) == 0); // expected-warning{{TRUE}} clang_analyzer_eval(strcmp("123", x) == 0); // expected-warning{{TRUE}}
} }
void strcmp_0() { void strcmp_0() {
char *x = "123"; char *x = "123";
char *y = "123"; char *y = "123";
clang_analyzer_eval(strcmp(x, y) == 0); // expected-warning{{TRUE}} clang_analyzer_eval(strcmp(x, y) == 0); // expected-warning{{TRUE}}
} }
void strcmp_1() { void strcmp_1() {
char *x = "234"; char *x = "234";
char *y = "123"; char *y = "123";
clang_analyzer_eval(strcmp(x, y) == 1); // expected-warning{{TRUE}} clang_analyzer_eval(strcmp(x, y) > 0); // expected-warning{{TRUE}}
} }
void strcmp_2() { void strcmp_2() {
char *x = "123"; char *x = "123";
char *y = "234"; char *y = "234";
clang_analyzer_eval(strcmp(x, y) == -1); // expected-warning{{TRUE}} clang_analyzer_eval(strcmp(x, y) < 0); // expected-warning{{TRUE}}
} }
void strcmp_null_0() { void strcmp_null_0() {
char *x = NULL; char *x = NULL;
char *y = "123"; char *y = "123";
strcmp(x, y); // expected-warning{{Null pointer argument in call to string comparison function}} strcmp(x, y); // expected-warning{{Null pointer argument in call to string comparison function}}
} }
void strcmp_null_1() { void strcmp_null_1() {
char *x = "123"; char *x = "123";
char *y = NULL; char *y = NULL;
strcmp(x, y); // expected-warning{{Null pointer argument in call to string comparison function}} strcmp(x, y); // expected-warning{{Null pointer argument in call to string comparison function}}
} }
void strcmp_diff_length_0() { void strcmp_diff_length_0() {
char *x = "12345"; char *x = "12345";
char *y = "234"; char *y = "234";
clang_analyzer_eval(strcmp(x, y) == -1); // expected-warning{{TRUE}} clang_analyzer_eval(strcmp(x, y) < 0); // expected-warning{{TRUE}}
} }
void strcmp_diff_length_1() { void strcmp_diff_length_1() {
char *x = "123"; char *x = "123";
char *y = "23456"; char *y = "23456";
clang_analyzer_eval(strcmp(x, y) == -1); // expected-warning{{TRUE}} clang_analyzer_eval(strcmp(x, y) < 0); // expected-warning{{TRUE}}
} }
void strcmp_diff_length_2() { void strcmp_diff_length_2() {
char *x = "12345"; char *x = "12345";
char *y = "123"; char *y = "123";
clang_analyzer_eval(strcmp(x, y) == 1); // expected-warning{{TRUE}} clang_analyzer_eval(strcmp(x, y) > 0); // expected-warning{{TRUE}}
} }
void strcmp_diff_length_3() { void strcmp_diff_length_3() {
char *x = "123"; char *x = "123";
char *y = "12345"; char *y = "12345";
clang_analyzer_eval(strcmp(x, y) == -1); // expected-warning{{TRUE}} clang_analyzer_eval(strcmp(x, y) < 0); // expected-warning{{TRUE}}
} }
void strcmp_embedded_null () { void strcmp_embedded_null () {
clang_analyzer_eval(strcmp("\0z", "\0y") == 0); // expected-warning{{TRUE}} clang_analyzer_eval(strcmp("\0z", "\0y") == 0); // expected-warning{{TRUE}}
} }
void strcmp_unknown_arg (char *unknown) { void strcmp_unknown_arg (char *unknown) {
clang_analyzer_eval(strcmp(unknown, unknown) == 0); // expected-warning{{TRUE}} clang_analyzer_eval(strcmp(unknown, unknown) == 0); // expected-warning{{TRUE}}
} }
//===----------------------------------------------------------------------=== //===----------------------------------------------------------------------===
// strncmp() // strncmp()
//===----------------------------------------------------------------------=== //===----------------------------------------------------------------------===
#define strncmp BUILTIN(strncmp) #define strncmp BUILTIN(strncmp)
int strncmp(const char *s1, const char *s2, size_t n); int strncmp(const char *s1, const char *s2, size_t n);
void strncmp_check_modelling() {
char *x = "aa";
char *y = "a";
clang_analyzer_eval(strncmp(x, y, 2) > 0); // expected-warning{{TRUE}}
clang_analyzer_eval(strncmp(x, y, 2) <= 0); // expected-warning{{FALSE}}
clang_analyzer_eval(strncmp(x, y, 2) > 1); // expected-warning{{UNKNOWN}}
clang_analyzer_eval(strncmp(y, x, 2) < 0); // expected-warning{{TRUE}}
clang_analyzer_eval(strncmp(y, x, 2) >= 0); // expected-warning{{FALSE}}
clang_analyzer_eval(strncmp(y, x, 2) < -1); // expected-warning{{UNKNOWN}}
}
void strncmp_constant0() { void strncmp_constant0() {
clang_analyzer_eval(strncmp("123", "123", 3) == 0); // expected-warning{{TRUE}} clang_analyzer_eval(strncmp("123", "123", 3) == 0); // expected-warning{{TRUE}}
} }
void strncmp_constant_and_var_0() { void strncmp_constant_and_var_0() {
char *x = "123"; char *x = "123";
clang_analyzer_eval(strncmp(x, "123", 3) == 0); // expected-warning{{TRUE}} clang_analyzer_eval(strncmp(x, "123", 3) == 0); // expected-warning{{TRUE}}
} }
void strncmp_constant_and_var_1() { void strncmp_constant_and_var_1() {
char *x = "123"; char *x = "123";
clang_analyzer_eval(strncmp("123", x, 3) == 0); // expected-warning{{TRUE}} clang_analyzer_eval(strncmp("123", x, 3) == 0); // expected-warning{{TRUE}}
} }
void strncmp_0() { void strncmp_0() {
char *x = "123"; char *x = "123";
char *y = "123"; char *y = "123";
clang_analyzer_eval(strncmp(x, y, 3) == 0); // expected-warning{{TRUE}} clang_analyzer_eval(strncmp(x, y, 3) == 0); // expected-warning{{TRUE}}
} }
void strncmp_1() { void strncmp_1() {
char *x = "234"; char *x = "234";
char *y = "123"; char *y = "123";
clang_analyzer_eval(strncmp(x, y, 3) == 1); // expected-warning{{TRUE}} clang_analyzer_eval(strncmp(x, y, 3) > 0); // expected-warning{{TRUE}}
} }
void strncmp_2() { void strncmp_2() {
char *x = "123"; char *x = "123";
char *y = "234"; char *y = "234";
clang_analyzer_eval(strncmp(x, y, 3) == -1); // expected-warning{{TRUE}} clang_analyzer_eval(strncmp(x, y, 3) < 0); // expected-warning{{TRUE}}
} }
void strncmp_null_0() { void strncmp_null_0() {
char *x = NULL; char *x = NULL;
char *y = "123"; char *y = "123";
strncmp(x, y, 3); // expected-warning{{Null pointer argument in call to string comparison function}} strncmp(x, y, 3); // expected-warning{{Null pointer argument in call to string comparison function}}
} }
void strncmp_null_1() { void strncmp_null_1() {
char *x = "123"; char *x = "123";
char *y = NULL; char *y = NULL;
strncmp(x, y, 3); // expected-warning{{Null pointer argument in call to string comparison function}} strncmp(x, y, 3); // expected-warning{{Null pointer argument in call to string comparison function}}
} }
void strncmp_diff_length_0() { void strncmp_diff_length_0() {
char *x = "12345"; char *x = "12345";
char *y = "234"; char *y = "234";
clang_analyzer_eval(strncmp(x, y, 5) == -1); // expected-warning{{TRUE}} clang_analyzer_eval(strncmp(x, y, 5) < 0); // expected-warning{{TRUE}}
} }
void strncmp_diff_length_1() { void strncmp_diff_length_1() {
char *x = "123"; char *x = "123";
char *y = "23456"; char *y = "23456";
clang_analyzer_eval(strncmp(x, y, 5) == -1); // expected-warning{{TRUE}} clang_analyzer_eval(strncmp(x, y, 5) < 0); // expected-warning{{TRUE}}
} }
void strncmp_diff_length_2() { void strncmp_diff_length_2() {
char *x = "12345"; char *x = "12345";
char *y = "123"; char *y = "123";
clang_analyzer_eval(strncmp(x, y, 5) == 1); // expected-warning{{TRUE}} clang_analyzer_eval(strncmp(x, y, 5) > 0); // expected-warning{{TRUE}}
} }
void strncmp_diff_length_3() { void strncmp_diff_length_3() {
char *x = "123"; char *x = "123";
char *y = "12345"; char *y = "12345";
clang_analyzer_eval(strncmp(x, y, 5) == -1); // expected-warning{{TRUE}} clang_analyzer_eval(strncmp(x, y, 5) < 0); // expected-warning{{TRUE}}
} }
void strncmp_diff_length_4() { void strncmp_diff_length_4() {
char *x = "123"; char *x = "123";
char *y = "12345"; char *y = "12345";
clang_analyzer_eval(strncmp(x, y, 3) == 0); // expected-warning{{TRUE}} clang_analyzer_eval(strncmp(x, y, 3) == 0); // expected-warning{{TRUE}}
} }
void strncmp_diff_length_5() { void strncmp_diff_length_5() {
char *x = "012"; char *x = "012";
char *y = "12345"; char *y = "12345";
clang_analyzer_eval(strncmp(x, y, 3) == -1); // expected-warning{{TRUE}} clang_analyzer_eval(strncmp(x, y, 3) < 0); // expected-warning{{TRUE}}
} }
void strncmp_diff_length_6() { void strncmp_diff_length_6() {
char *x = "234"; char *x = "234";
char *y = "12345"; char *y = "12345";
clang_analyzer_eval(strncmp(x, y, 3) == 1); // expected-warning{{TRUE}} clang_analyzer_eval(strncmp(x, y, 3) > 0); // expected-warning{{TRUE}}
} }
void strncmp_embedded_null () { void strncmp_embedded_null () {
clang_analyzer_eval(strncmp("ab\0zz", "ab\0yy", 4) == 0); // expected-warning{{TRUE}} clang_analyzer_eval(strncmp("ab\0zz", "ab\0yy", 4) == 0); // expected-warning{{TRUE}}
} }
//===----------------------------------------------------------------------=== //===----------------------------------------------------------------------===
// strcasecmp() // strcasecmp()
//===----------------------------------------------------------------------=== //===----------------------------------------------------------------------===
#define strcasecmp BUILTIN(strcasecmp) #define strcasecmp BUILTIN(strcasecmp)
int strcasecmp(const char *s1, const char *s2); int strcasecmp(const char *s1, const char *s2);
void strcasecmp_check_modelling() {
char *x = "aa";
char *y = "a";
clang_analyzer_eval(strcasecmp(x, y) > 0); // expected-warning{{TRUE}}
clang_analyzer_eval(strcasecmp(x, y) <= 0); // expected-warning{{FALSE}}
clang_analyzer_eval(strcasecmp(x, y) > 1); // expected-warning{{UNKNOWN}}
clang_analyzer_eval(strcasecmp(y, x) < 0); // expected-warning{{TRUE}}
clang_analyzer_eval(strcasecmp(y, x) >= 0); // expected-warning{{FALSE}}
clang_analyzer_eval(strcasecmp(y, x) < -1); // expected-warning{{UNKNOWN}}
}
void strcasecmp_constant0() { void strcasecmp_constant0() {
clang_analyzer_eval(strcasecmp("abc", "Abc") == 0); // expected-warning{{TRUE}} clang_analyzer_eval(strcasecmp("abc", "Abc") == 0); // expected-warning{{TRUE}}
} }
void strcasecmp_constant_and_var_0() { void strcasecmp_constant_and_var_0() {
char *x = "abc"; char *x = "abc";
clang_analyzer_eval(strcasecmp(x, "Abc") == 0); // expected-warning{{TRUE}} clang_analyzer_eval(strcasecmp(x, "Abc") == 0); // expected-warning{{TRUE}}
} }
void strcasecmp_constant_and_var_1() { void strcasecmp_constant_and_var_1() {
char *x = "abc"; char *x = "abc";
clang_analyzer_eval(strcasecmp("Abc", x) == 0); // expected-warning{{TRUE}} clang_analyzer_eval(strcasecmp("Abc", x) == 0); // expected-warning{{TRUE}}
} }
void strcasecmp_0() { void strcasecmp_0() {
char *x = "abc"; char *x = "abc";
char *y = "Abc"; char *y = "Abc";
clang_analyzer_eval(strcasecmp(x, y) == 0); // expected-warning{{TRUE}} clang_analyzer_eval(strcasecmp(x, y) == 0); // expected-warning{{TRUE}}
} }
void strcasecmp_1() { void strcasecmp_1() {
char *x = "Bcd"; char *x = "Bcd";
char *y = "abc"; char *y = "abc";
clang_analyzer_eval(strcasecmp(x, y) == 1); // expected-warning{{TRUE}} clang_analyzer_eval(strcasecmp(x, y) > 0); // expected-warning{{TRUE}}
} }
void strcasecmp_2() { void strcasecmp_2() {
char *x = "abc"; char *x = "abc";
char *y = "Bcd"; char *y = "Bcd";
clang_analyzer_eval(strcasecmp(x, y) == -1); // expected-warning{{TRUE}} clang_analyzer_eval(strcasecmp(x, y) < 0); // expected-warning{{TRUE}}
} }
void strcasecmp_null_0() { void strcasecmp_null_0() {
char *x = NULL; char *x = NULL;
char *y = "123"; char *y = "123";
strcasecmp(x, y); // expected-warning{{Null pointer argument in call to string comparison function}} strcasecmp(x, y); // expected-warning{{Null pointer argument in call to string comparison function}}
} }
void strcasecmp_null_1() { void strcasecmp_null_1() {
char *x = "123"; char *x = "123";
char *y = NULL; char *y = NULL;
strcasecmp(x, y); // expected-warning{{Null pointer argument in call to string comparison function}} strcasecmp(x, y); // expected-warning{{Null pointer argument in call to string comparison function}}
} }
void strcasecmp_diff_length_0() { void strcasecmp_diff_length_0() {
char *x = "abcde"; char *x = "abcde";
char *y = "aBd"; char *y = "aBd";
clang_analyzer_eval(strcasecmp(x, y) == -1); // expected-warning{{TRUE}} clang_analyzer_eval(strcasecmp(x, y) < 0); // expected-warning{{TRUE}}
} }
void strcasecmp_diff_length_1() { void strcasecmp_diff_length_1() {
char *x = "abc"; char *x = "abc";
char *y = "aBdef"; char *y = "aBdef";
clang_analyzer_eval(strcasecmp(x, y) == -1); // expected-warning{{TRUE}} clang_analyzer_eval(strcasecmp(x, y) < 0); // expected-warning{{TRUE}}
} }
void strcasecmp_diff_length_2() { void strcasecmp_diff_length_2() {
char *x = "aBcDe"; char *x = "aBcDe";
char *y = "abc"; char *y = "abc";
clang_analyzer_eval(strcasecmp(x, y) == 1); // expected-warning{{TRUE}} clang_analyzer_eval(strcasecmp(x, y) > 0); // expected-warning{{TRUE}}
} }
void strcasecmp_diff_length_3() { void strcasecmp_diff_length_3() {
char *x = "aBc"; char *x = "aBc";
char *y = "abcde"; char *y = "abcde";
clang_analyzer_eval(strcasecmp(x, y) == -1); // expected-warning{{TRUE}} clang_analyzer_eval(strcasecmp(x, y) < 0); // expected-warning{{TRUE}}
} }
void strcasecmp_embedded_null () { void strcasecmp_embedded_null () {
clang_analyzer_eval(strcasecmp("ab\0zz", "ab\0yy") == 0); // expected-warning{{TRUE}} clang_analyzer_eval(strcasecmp("ab\0zz", "ab\0yy") == 0); // expected-warning{{TRUE}}
} }
//===----------------------------------------------------------------------=== //===----------------------------------------------------------------------===
// strncasecmp() // strncasecmp()
//===----------------------------------------------------------------------=== //===----------------------------------------------------------------------===
#define strncasecmp BUILTIN(strncasecmp) #define strncasecmp BUILTIN(strncasecmp)
int strncasecmp(const char *s1, const char *s2, size_t n); int strncasecmp(const char *s1, const char *s2, size_t n);
void strncasecmp_check_modelling() {
char *x = "aa";
char *y = "a";
clang_analyzer_eval(strncasecmp(x, y, 2) > 0); // expected-warning{{TRUE}}
clang_analyzer_eval(strncasecmp(x, y, 2) <= 0); // expected-warning{{FALSE}}
clang_analyzer_eval(strncasecmp(x, y, 2) > 1); // expected-warning{{UNKNOWN}}
clang_analyzer_eval(strncasecmp(y, x, 2) < 0); // expected-warning{{TRUE}}
clang_analyzer_eval(strncasecmp(y, x, 2) >= 0); // expected-warning{{FALSE}}
clang_analyzer_eval(strncasecmp(y, x, 2) < -1); // expected-warning{{UNKNOWN}}
}
void strncasecmp_constant0() { void strncasecmp_constant0() {
clang_analyzer_eval(strncasecmp("abc", "Abc", 3) == 0); // expected-warning{{TRUE}} clang_analyzer_eval(strncasecmp("abc", "Abc", 3) == 0); // expected-warning{{TRUE}}
} }
void strncasecmp_constant_and_var_0() { void strncasecmp_constant_and_var_0() {
char *x = "abc"; char *x = "abc";
clang_analyzer_eval(strncasecmp(x, "Abc", 3) == 0); // expected-warning{{TRUE}} clang_analyzer_eval(strncasecmp(x, "Abc", 3) == 0); // expected-warning{{TRUE}}
} }
void strncasecmp_constant_and_var_1() { void strncasecmp_constant_and_var_1() {
char *x = "abc"; char *x = "abc";
clang_analyzer_eval(strncasecmp("Abc", x, 3) == 0); // expected-warning{{TRUE}} clang_analyzer_eval(strncasecmp("Abc", x, 3) == 0); // expected-warning{{TRUE}}
} }
void strncasecmp_0() { void strncasecmp_0() {
char *x = "abc"; char *x = "abc";
char *y = "Abc"; char *y = "Abc";
clang_analyzer_eval(strncasecmp(x, y, 3) == 0); // expected-warning{{TRUE}} clang_analyzer_eval(strncasecmp(x, y, 3) == 0); // expected-warning{{TRUE}}
} }
void strncasecmp_1() { void strncasecmp_1() {
char *x = "Bcd"; char *x = "Bcd";
char *y = "abc"; char *y = "abc";
clang_analyzer_eval(strncasecmp(x, y, 3) == 1); // expected-warning{{TRUE}} clang_analyzer_eval(strncasecmp(x, y, 3) > 0); // expected-warning{{TRUE}}
} }
void strncasecmp_2() { void strncasecmp_2() {
char *x = "abc"; char *x = "abc";
char *y = "Bcd"; char *y = "Bcd";
clang_analyzer_eval(strncasecmp(x, y, 3) == -1); // expected-warning{{TRUE}} clang_analyzer_eval(strncasecmp(x, y, 3) < 0); // expected-warning{{TRUE}}
} }
void strncasecmp_null_0() { void strncasecmp_null_0() {
char *x = NULL; char *x = NULL;
char *y = "123"; char *y = "123";
strncasecmp(x, y, 3); // expected-warning{{Null pointer argument in call to string comparison function}} strncasecmp(x, y, 3); // expected-warning{{Null pointer argument in call to string comparison function}}
} }
void strncasecmp_null_1() { void strncasecmp_null_1() {
char *x = "123"; char *x = "123";
char *y = NULL; char *y = NULL;
strncasecmp(x, y, 3); // expected-warning{{Null pointer argument in call to string comparison function}} strncasecmp(x, y, 3); // expected-warning{{Null pointer argument in call to string comparison function}}
} }
void strncasecmp_diff_length_0() { void strncasecmp_diff_length_0() {
char *x = "abcde"; char *x = "abcde";
char *y = "aBd"; char *y = "aBd";
clang_analyzer_eval(strncasecmp(x, y, 5) == -1); // expected-warning{{TRUE}} clang_analyzer_eval(strncasecmp(x, y, 5) < 0); // expected-warning{{TRUE}}
} }
void strncasecmp_diff_length_1() { void strncasecmp_diff_length_1() {
char *x = "abc"; char *x = "abc";
char *y = "aBdef"; char *y = "aBdef";
clang_analyzer_eval(strncasecmp(x, y, 5) == -1); // expected-warning{{TRUE}} clang_analyzer_eval(strncasecmp(x, y, 5) < 0); // expected-warning{{TRUE}}
} }
void strncasecmp_diff_length_2() { void strncasecmp_diff_length_2() {
char *x = "aBcDe"; char *x = "aBcDe";
char *y = "abc"; char *y = "abc";
clang_analyzer_eval(strncasecmp(x, y, 5) == 1); // expected-warning{{TRUE}} clang_analyzer_eval(strncasecmp(x, y, 5) > 0); // expected-warning{{TRUE}}
} }
void strncasecmp_diff_length_3() { void strncasecmp_diff_length_3() {
char *x = "aBc"; char *x = "aBc";
char *y = "abcde"; char *y = "abcde";
clang_analyzer_eval(strncasecmp(x, y, 5) == -1); // expected-warning{{TRUE}} clang_analyzer_eval(strncasecmp(x, y, 5) < 0); // expected-warning{{TRUE}}
} }
void strncasecmp_diff_length_4() { void strncasecmp_diff_length_4() {
char *x = "abcde"; char *x = "abcde";
char *y = "aBc"; char *y = "aBc";
clang_analyzer_eval(strncasecmp(x, y, 3) == 0); // expected-warning{{TRUE}} clang_analyzer_eval(strncasecmp(x, y, 3) == 0); // expected-warning{{TRUE}}
} }
void strncasecmp_diff_length_5() { void strncasecmp_diff_length_5() {
char *x = "abcde"; char *x = "abcde";
char *y = "aBd"; char *y = "aBd";
clang_analyzer_eval(strncasecmp(x, y, 3) == -1); // expected-warning{{TRUE}} clang_analyzer_eval(strncasecmp(x, y, 3) < 0); // expected-warning{{TRUE}}
} }
void strncasecmp_diff_length_6() { void strncasecmp_diff_length_6() {
char *x = "aBDe"; char *x = "aBDe";
char *y = "abc"; char *y = "abc";
clang_analyzer_eval(strncasecmp(x, y, 3) == 1); // expected-warning{{TRUE}} clang_analyzer_eval(strncasecmp(x, y, 3) > 0); // expected-warning{{TRUE}}
} }
void strncasecmp_embedded_null () { void strncasecmp_embedded_null () {
clang_analyzer_eval(strncasecmp("ab\0zz", "ab\0yy", 4) == 0); // expected-warning{{TRUE}} clang_analyzer_eval(strncasecmp("ab\0zz", "ab\0yy", 4) == 0); // expected-warning{{TRUE}}
} }
//===----------------------------------------------------------------------=== //===----------------------------------------------------------------------===
// strsep() // strsep()
▲ Show 20 LinesShow All 75 LinesShow Last 20 Lines