diff options
| author | Luc Van Oostenryck <luc.vanoostenryck@gmail.com> | 2017-11-25 09:58:20 +0100 |
|---|---|---|
| committer | Luc Van Oostenryck <luc.vanoostenryck@gmail.com> | 2017-12-21 00:33:43 +0100 |
| commit | 26d547eeb3dff8cad58d314fcc7805b9862eadf5 (patch) | |
| tree | 0c3281d0fd610f71f726fc02953db6f691e26ba1 /validation | |
| parent | 178f19ad47c916ce02b286ec9cf831950340a4ac (diff) | |
| download | sparse-dev-26d547eeb3dff8cad58d314fcc7805b9862eadf5.tar.gz | |
add testcases for unexamined base type
evaluate_dereference() lacks an explicit examination of the
base type. Most of the time, the base type has already been
examined via another path, but in some case, it's not.
The symptom here is the dereferenced value having a null size.
Signed-off-by: Luc Van Oostenryck <luc.vanoostenryck@gmail.com>
Diffstat (limited to 'validation')
| -rw-r--r-- | validation/linear/deref-ptr-ptr.c | 27 | ||||
| -rw-r--r-- | validation/linear/unexamined-base-type.c | 37 |
2 files changed, 64 insertions, 0 deletions
diff --git a/validation/linear/deref-ptr-ptr.c b/validation/linear/deref-ptr-ptr.c new file mode 100644 index 00000000..022595d7 --- /dev/null +++ b/validation/linear/deref-ptr-ptr.c @@ -0,0 +1,27 @@ +char *foo(char **pfmt) +{ + return ++*pfmt; +} + +/* + * check-name: deref-ptr-ptr + * check-command: test-linearize -m64 -Wno-decl $file + * check-known-to-fail + * + * check-output-excludes: load[^.] + * check-output-contains: load\. + * check-output-excludes: store[^.] + * check-output-contains: store\. + * + * check-output-start +foo: +.L0: + <entry-point> + load.64 %r2 <- 0[%arg1] + add.64 %r3 <- %r2, $1 + store.64 %r3 -> 0[%arg1] + ret.64 %r3 + + + * check-output-end + */ diff --git a/validation/linear/unexamined-base-type.c b/validation/linear/unexamined-base-type.c new file mode 100644 index 00000000..a138ba13 --- /dev/null +++ b/validation/linear/unexamined-base-type.c @@ -0,0 +1,37 @@ +# define __force __attribute__((force)) + +struct s { + int a; +}; + +static int foo(struct s *s) +{ + return (*((typeof(s->a) __force *) &s->a)) & 1; +} + +static void bar(struct s *d, struct s *s1, struct s *s2) +{ + *d = *s1, *d = *s2; +} + +/* + * check-name: unexamined base type + * check-command: test-linearize -Wno-decl $file + * check-description: + * Test case for missing examine in evaluate_dereference()'s + * target base type. In this case, the loaded value has a + * a null size, giving the wrongly generated code for foo(): + * ptrcast.64 %r3 <- (64) %arg1 + * load %r4 <- 0[%r3] + * ^^^ !! WRONG !! + * cast.32 %r5 <- (0) %r4 + * ^^^ !! WRONG !! + * and.32 %r6 <- %r5, $1 + * ret.32 %r6 + * check-known-to-fail + * + * check-output-ignore + * check-output-excludes: load[^.] + * check-output-excludes: cast\..*(0) + * check-output-excludes: store[^.] + */ |