You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

545 lines
9.6 KiB

/*
* Copyright (c) 2017-present, Facebook, Inc.
*
* This source code is licensed under the MIT license found in the
* LICENSE file in the root directory of this source tree.
*/
#include <stdint.h>
void modulo_signed_Bad(int i) {
char arr[5];
arr[i % 5] = 123;
}
void modulo_signed_Good(int i) {
char arr[5];
if (i >= 0) {
arr[i % 5] = 123;
}
}
void modulo_signed_neg_Bad(int i) {
char arr[5];
arr[i % -5] = 123;
}
void modulo_signed_neg_Good(int i) {
char arr[5];
if (i >= 0) {
arr[i % -5] = 123;
}
}
void modulo_signed_Good2(int i) {
char arr[5];
int j = i % 5;
if (j >= 0) {
arr[j] = 123;
}
}
void modulo_unsigned_Good(unsigned int i) {
char arr[5];
arr[i % 5] = 123;
}
void modulo_unsigned_short_Good(uint16_t i) {
char arr[5];
arr[i % 5] = 123;
}
void modulo_signed_var_Bad_FN(unsigned int len, int i) {
char arr[len];
arr[i % len] = 123;
}
void modulo_unsigned_var_Good(unsigned int len, unsigned int i) {
char arr[len];
arr[i % len] = 123;
}
unsigned int modulo_unsigned(unsigned int a, unsigned int b) { return a % b; }
void modulo_call_Good(unsigned int len, unsigned int i) {
char arr[len];
arr[modulo_unsigned(i, len)] = 123;
}
int modulo_signed(int a, int b) { return a % b; }
void modulo_call_Bad_FN(unsigned int len, int i) {
char arr[len];
arr[modulo_signed(i, len)] = 123;
}
int division_of_zero_Good(int x) {
int i = 4 * x;
i /= 2;
i /= 2;
return i;
}
/* While the most precise return value is
- "2*i+1" if 0 <= i < 10,
- "0" o.w.
Inferbo returns [1+min(-1,s0),10+max(-10,s1)] where i is [s0,s1]. */
int plus_linear_min(int i) { /* i |-> [s0,s1] */
int linear = i + 1; /* linear |-> [s0+1,s1+1] */
if (i >= 0 && i < 10) { /* i |-> [max(0,s0),min(9,s1)] */
return linear + i; /* return |-> [s0+1,s1+10] */
}
return 0;
}
void plus_linear_min_Good() {
int a[20];
a[plus_linear_min(9)] = 1;
}
void plus_linear_min_Bad() {
int a[19];
a[plus_linear_min(9)] = 1;
}
void plus_linear_min2_Good_FP() {
int a[10];
a[plus_linear_min(4)] = 1;
}
void plus_linear_min3_Good_FP() {
int a[20];
a[plus_linear_min(15)] = 1;
}
void integer_overflow_by_addition_Bad() {
char arr[10];
int32_t x = 2000000000;
int32_t y = 2000000000;
int32_t z = x + y; // z is a negative number.
if (z < 10) {
arr[z] = 0;
}
}
void integer_overflow_by_addition_l2_Bad(int x) {
int32_t y;
if (x) {
y = 0;
} else {
y = 2000000000;
}
y = y + y;
}
void integer_overflow_by_subtraction_Bad() {
char arr[10];
int32_t x = -2000000000;
int32_t y = 2000000000;
int32_t z = x - y; // z is a big positive number.
if (z >= 0) {
arr[z] = 0;
}
}
void integer_overflow_by_multiplication_Bad() {
char arr[10];
int32_t x = 300000;
int32_t y = 300000;
int32_t z = x * y; // z is a negative number.
if (z < 10) {
arr[z] = 0;
}
}
void use_int64_max_Good() {
char arr[10];
int64_t x = INT64_MAX;
int64_t y = INT64_MAX - 5;
arr[x - y] = 0;
}
void use_int64_max_Bad() {
char arr[10];
int64_t x = INT64_MAX;
int64_t y = INT64_MAX - 15;
arr[x - y] = 0;
}
void use_uint64_max_Good() {
char arr[10];
uint64_t x = UINT64_MAX;
uint64_t y = UINT64_MAX - 5;
arr[x - y] = 0;
}
void use_uint64_max_Bad() {
char arr[10];
uint64_t x = UINT64_MAX;
uint64_t y = UINT64_MAX - 15;
arr[x - y] = 0;
}
uint64_t unknown_uint();
void muliply_one_Good() {
uint64_t x = unknown_uint();
uint64_t y = x * 1;
}
void muliply_two_Bad() {
uint64_t x = unknown_uint();
uint64_t y = x * 2;
}
void minus_one_Good() {
uint64_t x = unknown_uint();
if (x > 0) {
uint64_t y = x - 1;
}
}
void minus_one_Bad() {
uint64_t x = unknown_uint();
if (x >= 0) {
uint64_t y = x - 1;
}
}
int64_t unknown_int();
void plus_one_Good() {
int64_t x = unknown_int();
if (x < INT64_MAX) {
int64_t y = x + 1;
}
}
void plus_one_Bad() {
int64_t x = unknown_int();
if (x <= INT64_MAX) {
int64_t y = x + 1;
}
}
void minus_minimum_Good() {
int64_t x = -1;
int64_t y = x - INT64_MIN;
}
void minus_minimum_Bad() {
int64_t x = 0;
int64_t y = x - INT64_MIN;
}
void mult_minimum_Good() {
int64_t x = 1;
int64_t y = x * INT64_MIN;
}
void mult_minimum_Bad() {
int64_t x = -1;
int64_t y = x * INT64_MIN;
}
void unsigned_prune_zero1_Good(unsigned int x) {
if (x != 0) {
unsigned int y = x - 1;
}
}
void call_unsigned_prune_zero1_Good() { unsigned_prune_zero1_Good(0); }
void unsigned_prune_zero2_Good(unsigned int y) {
unsigned int x = y;
for (; x; --x) {
}
}
void call_unsigned_prune_zero2_Good() { unsigned_prune_zero2_Good(0); }
void unsigned_prune_ge1_Good(unsigned int x, unsigned int y) {
if (x >= y) {
unsigned int z = x - y;
}
}
void call_unsigned_prune_ge1_Good_FP() { unsigned_prune_ge1_Good(0, 1); }
void unsigned_prune_ge2_Good(unsigned int x, unsigned int y) {
if (y > 0) {
if (x >= y) {
unsigned int z = x - 1;
}
}
}
void call_unsigned_prune_ge2_Good() { unsigned_prune_ge2_Good(0, 1); }
void unsigned_prune_ge3_Good(unsigned int x, unsigned int y) {
if (y > 0) {
if (x >= y + 1) {
unsigned int z = x - 1;
}
}
}
void call_unsigned_prune_ge3_Good() { unsigned_prune_ge3_Good(0, 1); }
void unsigned_prune_gt(unsigned int x, unsigned int y) {
if (x > 0) {
unsigned int z = x - y;
}
}
void call_unsigned_prune_gt_Good() { unsigned_prune_gt(0, 3); }
void minmax_div_const_Good(int n) {
int a[9];
if (0 < n && n < 65) {
int x = a[n / 8];
}
}
void minmax_div_const_Bad(int n) {
int a[7];
if (0 < n && n < 65) {
int x = a[n / 8];
}
}
void div_const_Good() {
int a[3];
int x = 5 / 2;
a[x] = 0;
}
void div_const_Bad() {
int a[2];
int x = 5 / 2;
a[x] = 0;
}
void div_const2_FP(int n) {
int a[1];
int x = (n * 2 + 1) / 2;
a[x] = 0;
}
void minmax_div_const2_Good() {
div_const2(-1);
div_const2(0);
}
void minmax_div_const2_Bad_FN() {
div_const2(1);
div_const2(-2);
}
uint32_t unknown_nat() {
uint32_t x = unknown_function();
if (x >= 0) {
return x;
} else {
return 0;
}
}
void two_safety_conditions2_Bad(uint32_t s) {
uint32_t x = unknown_nat();
uint32_t y, z;
if (unknown_function()) {
y = 0;
} else {
y = 80;
}
z = x + y; // integer overflow L5: [0, +oo] + [0, 80]
if (s >= 10 && s <= 20) {
z = x + s; // [0, +oo] + [max(10, s.lb), min(20, s.ub)]
}
}
void call_two_safety_conditions2_Bad() {
two_safety_conditions2_Bad(15); // integer overflow L5: [0, +oo] + 15
}
void band_positive_constant_Good() {
char a[3];
int x = 6 & 2; // y is 2
a[x] = 0;
}
void band_positive_constant_Bad() {
char a[2];
int x = 6 & 2; // y is 2
a[x] = 0;
}
void band_negative_constant_Good() {
char a[1];
int x = (-3) & (-2); // x is -4
a[x + 4] = 0;
}
void band_negative_constant_Bad() {
char a[1];
int x = (-3) & (-2); // x is -4
a[x + 5] = 0;
}
void band_constant_Good() {
char a[2];
int x = (-3) & 1; // x is 1
a[x] = 0;
}
void band_constant_Bad() {
char a[1];
int x = (-3) & 1; // x is 1
a[x] = 0;
}
void band_positive_Good() {
char a[9];
int x = unknown_nat();
int y = unknown_nat();
if (x <= 10 && y <= 8) {
int z = x & y; // z is [0, 8]
a[z] = 0;
}
}
void band_positive_Bad() {
char a[5];
int x = unknown_nat();
int y = unknown_nat();
if (x <= 10 && y <= 8) {
int z = x & y; // z is [0, 8]
a[z] = 0;
}
}
void band_negative_Good() {
char a[3];
int x = unknown_function();
int y = unknown_function();
if (x <= -3 && y <= -2) {
int z = x & y; // z is [-oo, -3]
z = z + 5; // z is [-oo, 2]
if (z >= 0) {
a[z] = 0;
}
}
}
void band_negative_Bad() {
char a[2];
int x = unknown_function();
int y = unknown_function();
if (x <= -3 && y <= -2) {
int z = x & y; // z is [-oo, -3]
z = z + 5; // z is [-oo, 2]
if (z >= 0) {
a[z] = 0;
}
}
}
#define FOUR_GIGABYTES 0xFFFFFFFF
#define ALMOST_FOUR_GIGABYTES (85 * FOUR_GIGABYTES / 100)
void simple_overflow_Bad() { auto x = ALMOST_FOUR_GIGABYTES; }
unsigned int unused_integer_underflow_Good_FP() {
unsigned int n = 0;
if (n-- == 0) {
return 0;
} else {
return n;
}
}
unsigned int unused_integer_underflow_Bad() {
unsigned int n = 0;
if (n-- == 0) {
return n;
} else {
return n;
}
}
unsigned int unused_integer_underflow2_Good_FP() {
unsigned int n = 0;
return n--;
}
unsigned int unused_integer_underflow2_Bad() {
unsigned int n = 0;
return --n;
}
void recover_integer_underflow_Good_FP() {
for (unsigned int i = 0; i < 10; i++) {
if (unknown_function()) {
i--; // right after this, i++ will be called.
}
}
}
void recover_integer_underflow_Bad() {
for (unsigned int i = 0; i < 10; i++) {
if (unknown_function()) {
i -= 2;
}
}
}
unsigned long scan_hex_Good(char* cp) {
unsigned long num_digits = 0, digit, val = 0;
while (1) {
digit = *cp;
if ((digit - '0') <= 9)
digit -= '0';
else if ((digit - 'a') < 6)
digit -= 'a' - 10;
else if ((digit - 'A') < 6)
digit -= 'A' - 10;
else
break;
val = (val << 4) | digit;
++cp;
}
return val;
}
void call_scan_hex_Good_FP() {
char* cp = "\0";
scan_hex_Good(cp);
}
void call_scan_hex2_Good_FP() {
char* cp = "0aA";
scan_hex_Good(cp);
}
int check_addition_overflow_Good(unsigned int x, unsigned int y) {
if (((unsigned int)-1) - x < y) {
return 1;
} else {
return 0;
}
}
void shift_right_zero_Good(int x) {
int arr[1];
arr[0 >> x] = 1;
}
/* This also exhibits an overapproximation of traces, here [x] doesn't influence
* the result */
void shift_right_zero_Bad(int x) {
int arr[1];
arr[1 + (0 >> x)] = 1;
}