llvm/clang/test/Analysis/vla.c

// RUN: %clang_analyze_cc1 -analyzer-checker=core -analyzer-checker=debug.ExprInspection -verify %s

typedef unsigned long size_t;
size_t clang_analyzer_getExtent(void *);
void clang_analyzer_eval(int);

// Zero-sized VLAs.
void check_zero_sized_VLA(int x) {
  if (x)
    return;

  int vla[x]; // expected-warning{{Declared variable-length array (VLA) has zero size}}
}

void check_uninit_sized_VLA(void) {
  int x;
  int vla[x]; // expected-warning{{Declared variable-length array (VLA) uses a garbage value as its size}}
}

// Negative VLAs.
static void vla_allocate_signed(short x) {
  int vla[x]; // expected-warning{{Declared variable-length array (VLA) has negative size}}
}

static void vla_allocate_unsigned(unsigned short x) {
  int vla[x]; // no-warning
}

void check_negative_sized_VLA_1(void) {
  vla_allocate_signed(-1);
}

void check_negative_sized_VLA_2(void) {
  vla_allocate_unsigned(-1);
}

void check_negative_sized_VLA_3(void) {
  short x = -1;
  int vla[x]; // expected-warning{{Declared variable-length array (VLA) has negative size}}
}

void check_negative_sized_VLA_4(void) {
  unsigned short x = -1;
  int vla[x]; // no-warning
}

void check_negative_sized_VLA_5(void) {
  signed char x = -1;
  int vla[x]; // expected-warning{{Declared variable-length array (VLA) has negative size}}
}

void check_negative_sized_VLA_6(void) {
  unsigned char x = -1;
  int vla[x]; // no-warning
}

void check_negative_sized_VLA_7(void) {
  signed char x = -1;
  int vla[x + 2]; // no-warning
}

void check_negative_sized_VLA_8(void) {
  signed char x = 1;
  int vla[x - 2]; // expected-warning{{Declared variable-length array (VLA) has negative size}}
}

void check_negative_sized_VLA_9(void) {
  int x = 1;
  int vla[x]; // no-warning
}

static void check_negative_sized_VLA_10_sub(int x)
{
  int vla[x]; // expected-warning{{Declared variable-length array (VLA) has negative size}}
}

void check_negative_sized_VLA_10(int x) {
  if (x < 0)
    check_negative_sized_VLA_10_sub(x);
}

static void check_negative_sized_VLA_11_sub(short x)
{
  int vla[x]; // no-warning
}

void check_negative_sized_VLA_11(short x) {
  if (x > 0)
    check_negative_sized_VLA_11_sub(x);
}

void check_VLA_typedef(void) {
  int x = -1;
  typedef int VLA[x]; // expected-warning{{Declared variable-length array (VLA) has negative size}}
}

size_t check_VLA_sizeof(void) {
  int x = -1;
  size_t s = sizeof(int[x]); // expected-warning{{Declared variable-length array (VLA) has negative size}}
  return s;
}

// Multi-dimensional arrays.

void check_zero_sized_VLA_multi1(int x) {
  if (x)
    return;

  int vla[10][x]; // expected-warning{{Declared variable-length array (VLA) has zero size}}
}

void check_zero_sized_VLA_multi2(int x, int y) {
  if (x)
    return;

  int vla[y][x]; // expected-warning{{Declared variable-length array (VLA) has zero size}}
}

// Check the extent.

void check_VLA_extent(void) {
  int x = 3;

  int vla1[x];
  clang_analyzer_eval(clang_analyzer_getExtent(&vla1) == x * sizeof(int));
  // expected-warning@-1{{TRUE}}

  int vla2[x][2];
  clang_analyzer_eval(clang_analyzer_getExtent(&vla2) == x * 2 * sizeof(int));
  // expected-warning@-1{{TRUE}}

  int vla2m[2][x];
  clang_analyzer_eval(clang_analyzer_getExtent(&vla2m) == 2 * x * sizeof(int));
  // expected-warning@-1{{TRUE}}

  int vla3m[2][x][4];
  clang_analyzer_eval(clang_analyzer_getExtent(&vla3m) == 2 * x * 4 * sizeof(int));
  // expected-warning@-1{{TRUE}}
}

// https://bugs.llvm.org/show_bug.cgi?id=46128
// analyzer doesn't handle more than simple symbolic expressions.
// Just don't crash.
extern void foo(void);
int a;
void b(void) {
  int c = a + 1;
  for (;;) {
    int d[c];
    for (; 0 < c;)
      foo();
  }
} // no-crash