analyzer: initial implementation of exception handling [PR97111]

This patch adds initial support for exception-handling to -fanalyzer,
handling eh_dispatch for regions of type ERT_TRY and
ERT_ALLOWED_EXCEPTIONS.   I haven't managed yet seen eh_dispatch for
regions of type ERT_CLEANUP and ERT_MUST_NOT_THROW in the analyzer; with
this patch it will ICE if it sees those.

Additionally, this patch only checks for exact matches of exception
types, rather than supporting subclasses and references.  I'm deferring
fixing this for now whilst figuring out how best to interact with the C++
type system; I'm tracking it as PR analyzer/119697.

The patch adds event classes for throwing and catching exceptions, and
seems to generate readable warnings for the kinds of leak that might
occur due to trying to manage resources manually and forgetting about
exceptions; for example:

exception-leak-1.C: In function ‘int test()’:
exception-leak-1.C:7:9: warning: leak of ‘ptr’ [CWE-401] [-Wanalyzer-malloc-leak]
    7 |   throw 42;
      |         ^~
  ‘int test()’: events 1-3
    5 |   void *ptr = __builtin_malloc (1024);
      |               ~~~~~~~~~~~~~~~~~^~~~~~
      |                                |
      |                                (1) allocated here
    6 |
    7 |   throw 42;
      |         ~~
      |         |
      |         (2) throwing exception of type ‘int’ here...
      |         (3) ⚠️  ‘ptr’ leaks here; was allocated at (1)

Although dynamic exception specifications are only available in C++14
and earlier, the need to support them meant it seemed relatively easy to
add a warning to check them, hence the patch adds a new warning
for code paths that throw an exception that doesn't match a dynamic
exception specification:  -Wanalyzer-throw-of-unexpected-type.

gcc/analyzer/ChangeLog:
	PR analyzer/97111
	* analyzer.cc (is_cxa_throw_p): New.
	(is_cxa_rethrow_p): New.
	* analyzer.opt (Wanalyzer-throw-of-unexpected-type): New.
	* analyzer.opt.urls: Regenerate.
	* call-info.cc (custom_edge_info::create_enode): New.
	* call-info.h (call_info::print): Drop "final".
	(call_info::add_events_to_path): Likewise.
	* checker-event.cc (event_kind_to_string): Add cases for
	event_kind::catch_, event_kind::throw_, and event_kind::unwind.
	(explicit_throw_event::print_desc): New.
	(throw_from_call_to_external_fn_event::print_desc): New.
	(unwind_event::print_desc): New.
	* checker-event.h (enum class event_kind): Add catch_, throw_,
	and unwind.
	(class catch_cfg_edge_event): New.
	(class throw_event): New.
	(class explicit_throw_event): New.
	(class throw_from_call_to_external_fn_event): New.
	(class unwind_event): New.
	* common.h (class eh_dispatch_cfg_superedge): New forward decl.
	(class eh_dispatch_try_cfg_superedge): New forward decl.
	(class eh_dispatch_allowed_cfg_superedge): New forward decl.
	(custom_edge_info::create_enode): New vfunc decl.
	(is_cxa_throw_p): New decl.
	(is_cxa_rethrow_p): New decl.
	* diagnostic-manager.cc
	(diagnostic_manager::add_events_for_superedge): Special-case edges
	for eh_dispach_try.
	(diagnostic_manager::prune_path): Call consolidate_unwind_events.
	(diagnostic_manager::prune_for_sm_diagnostic): Don't filter the new
	event_kinds.
	(diagnostic_manager::consolidate_unwind_events): New.
	* diagnostic-manager.h
	(diagnostic_manager::consolidate_unwind_events): New decl.
	* engine.cc (exploded_node::on_stmt_pre): Handle "__cxa_throw",
	"__cxa_rethrow", and resx statements.
	(class throw_custom_edge): New.
	(class unwind_custom_edge): New.
	(get_eh_outedge): New.
	(exploded_graph::unwind_from_exception): New.
	(exploded_node::on_throw): New.
	(exploded_node::on_resx): New.
	(exploded_graph::get_or_create_node): Add "add_to_worklist" param
	and use it.
	(exploded_graph::process_node): Use edge_info's create_enode vfunc
	to create enodes, rather than calling get_or_create_node directly.
	Ignore CFG edges in the sgraph flagged with EH whilst we're
	exploring the egraph.
	(exploded_graph_annotator::print_enode): Handle case
	exploded_node::status::special.
	* exploded-graph.h (exploded_node::status): Add value "special".
	(exploded_node::on_throw): New decl.
	(exploded_node::on_resx): New decl.
	(exploded_graph::get_or_create_node): Add optional
	"add_to_worklist" param.
	(exploded_graph::unwind_from_exception): New decl.
	* kf-lang-cp.cc (class kf_cxa_allocate_exception): New.
	(class kf_cxa_begin_catch): New.
	(class kf_cxa_end_catch): New.
	(class throw_of_unexpected_type): New.
	(class kf_cxa_call_unexpected): New.
	(register_known_functions_lang_cp): Register known functions
	"__cxa_allocate_exception", "__cxa_begin_catch",
	"__cxa_end_catch", and "__cxa_call_unexpected".
	* kf.cc (class kf_eh_pointer): New.
	(register_known_functions): Register it for BUILT_IN_EH_POINTER.
	* region-model.cc: Include "analyzer/function-set.h".
	(exception_node::operator==): New.
	(exception_node::dump_to_pp): New.
	(exception_node::dump): New.
	(exception_node::to_json): New.
	(exception_node::make_dump_widget): New.
	(exception_node::maybe_get_type): New.
	(exception_node::add_to_reachable_regions): New.
	(region_model::region_model): Initialize
	m_thrown_exceptions_stack and m_caught_exceptions_stack.
	(region_model::operator=): Likewise.
	(region_model::operator==): Compare them.
	(region_model::dump_to_pp): Dump exception stacks.
	(region_model::to_json): Add exception stacks.
	(region_model::make_dump_widget): Likewise.
	(class exception_thrown_from_unrecognized_call): New.
	(get_fns_assumed_not_to_throw): New.
	(can_throw_p): New.
	(region_model::check_for_throw_inside_call): New.
	(region_model::on_call_pre): Call check_for_throw_inside_call
	on unknown fns or those we don't have a body for.
	(region_model::maybe_update_for_edge): Handle eh_dispatch_stmt
	statements.  Drop old code that called
	apply_constraints_for_exception on EDGE_EH edges.
	(class rejected_eh_dispatch): New.
	(exception_matches_type_p): New.
	(matches_any_exception_type_p): New.
	(region_model::apply_constraints_for_eh_dispatch): New.
	(region_model::apply_constraints_for_eh_dispatch_try): New.
	(region_model::apply_constraints_for_eh_dispatch_allowed): New.
	(region_model::apply_constraints_for_exception): Delete.
	(region_model::can_merge_with_p): Don't merge models with
	non-equal exception stacks.
	(region_model::get_referenced_base_regions): Add regions from
	exception stacks.
	* region-model.h (struct exception_node): New.
	(region_model::push_thrown_exception): New.
	(region_model::get_current_thrown_exception): New.
	(region_model::pop_thrown_exception): New.
	(region_model::push_caught_exception): New.
	(region_model::get_current_caught_exception): New.
	(region_model::pop_caught_exception): New.
	(region_model::apply_constraints_for_eh_dispatch_try): New decl.
	(region_model::apply_constraints_for_eh_dispatch_allowed) New decl.
	(region_model::apply_constraints_for_exception): Delete.
	(region_model::apply_constraints_for_eh_dispatch): New decl.
	(region_model::check_for_throw_inside_call): New decl.
	(region_model::m_thrown_exceptions_stack): New field.
	(region_model::m_caught_exceptions_stack): New field.
	* supergraph.cc: Include "except.h" and "analyzer/region-model.h".
	(supergraph::add_cfg_edge): Special-case eh_dispatch edges.
	(superedge::get_description): Use default_tree_printer.
	(get_catch): New.
	(eh_dispatch_cfg_superedge::make): New.
	(eh_dispatch_cfg_superedge::eh_dispatch_cfg_superedge): New.
	(eh_dispatch_cfg_superedge::get_eh_status): New.
	(eh_dispatch_try_cfg_superedge::dump_label_to_pp): New.
	(eh_dispatch_try_cfg_superedge::apply_constraints): New.
	(eh_dispatch_allowed_cfg_superedge::eh_dispatch_allowed_cfg_superedge):
	New.
	(eh_dispatch_allowed_cfg_superedge::dump_label_to_pp): New.
	(eh_dispatch_allowed_cfg_superedge::apply_constraints): New.
	* supergraph.h: Include "except.h".
	(superedge::dyn_cast_eh_dispatch_cfg_superedge): New vfunc.
	(superedge::dyn_cast_eh_dispatch_try_cfg_superedge): New vfunc.
	(superedge::dyn_cast_eh_dispatch_allowed_cfg_superedge): New
	vfunc.
	(class eh_dispatch_cfg_superedge): New.
	(is_a_helper <const eh_dispatch_cfg_superedge *>::test): New.
	(class eh_dispatch_try_cfg_superedge): New.
	(is_a_helper <const eh_dispatch_try_cfg_superedge *>::test): New.
	(class eh_dispatch_allowed_cfg_superedge): New.
	(is_a_helper <const eh_dispatch_allowed_cfg_superedge *>::test):
	New.
	* svalue.cc (svalue::maybe_get_type_from_typeinfo): New.
	* svalue.h (svalue::maybe_get_type_from_typeinfo): New decl.

gcc/ChangeLog:
	PR analyzer/97111
	* doc/invoke.texi: Add -Wanalyzer-throw-of-unexpected-type.
	* gimple.h (gimple_call_nothrow_p): Make arg const.

gcc/testsuite/ChangeLog:
	PR analyzer/97111
	* c-c++-common/analyzer/analyzer-verbosity-2a.c: Add
	-fno-exceptions.
	* c-c++-common/analyzer/analyzer-verbosity-3a.c: Likewise.
	* c-c++-common/analyzer/attr-const-2.c: Add
	__attribute__((nothrow)).
	* c-c++-common/analyzer/attr-malloc-4.c: Likewise.
	* c-c++-common/analyzer/attr-malloc-5.c: Likewise.
	* c-c++-common/analyzer/attr-malloc-6.c: Add -fno-exceptions.
	* c-c++-common/analyzer/attr-malloc-CVE-2019-19078-usb-leak.c:
	Likewise.
	* c-c++-common/analyzer/attr-malloc-exception.c: New test.
	* c-c++-common/analyzer/call-summaries-pr107158-2.c: Add
	-fno-exceptions.
	* c-c++-common/analyzer/call-summaries-pr107158.c: Likewise.
	* c-c++-common/analyzer/capacity-2.c: Likewise.
	* c-c++-common/analyzer/coreutils-sum-pr108666.c: Likewise.
	* c-c++-common/analyzer/data-model-22.c: Likewise.
	* c-c++-common/analyzer/data-model-5d.c: Likewise.
	* c-c++-common/analyzer/deref-before-check-pr108455-git-pack-revindex.c:
	Likewise.
	* c-c++-common/analyzer/deref-before-check-pr108475-haproxy-tcpcheck.c:
	Likewise.
	* c-c++-common/analyzer/edges-2.c: Likewise.
	* c-c++-common/analyzer/fd-2.c: Likewise.
	* c-c++-common/analyzer/fd-3.c: Likewise.
	* c-c++-common/analyzer/fd-meaning.c: Likewise.
	* c-c++-common/analyzer/file-1.c: Likewise.
	* c-c++-common/analyzer/file-3.c: Likewise.
	* c-c++-common/analyzer/file-meaning-1.c: Likewise.
	* c-c++-common/analyzer/infinite-recursion.c: Likewise.
	* c-c++-common/analyzer/leak-3.c: Likewise.
	* c-c++-common/analyzer/malloc-dedupe-1.c: Likewise.
	* c-c++-common/analyzer/malloc-in-loop.c: Likewise.
	* c-c++-common/analyzer/malloc-many-paths-3.c: Likewise.
	* c-c++-common/analyzer/malloc-paths-5.c: Likewise.
	* c-c++-common/analyzer/malloc-paths-7.c: Likewise.
	* c-c++-common/analyzer/malloc-paths-8.c: Likewise.
	* c-c++-common/analyzer/malloc-vs-local-1a.c: Likewise.
	* c-c++-common/analyzer/malloc-vs-local-2.c: Likewise.
	* c-c++-common/analyzer/malloc-vs-local-3.c: Likewise.
	* c-c++-common/analyzer/paths-7.c: Likewise.
	* c-c++-common/analyzer/pr110830.c: Likewise.
	* c-c++-common/analyzer/pr93032-mztools-simplified.c: Likewise.
	* c-c++-common/analyzer/pr93355-localealias-feasibility-3.c:
	Likewise.
	* c-c++-common/analyzer/pr93355-localealias-simplified.c:
	Likewise.
	* c-c++-common/analyzer/pr96650-1-trans.c: Likewise.
	* c-c++-common/analyzer/pr97072.c: Add __attribute__((nothrow)).
	* c-c++-common/analyzer/pr98575-1.c: Likewise.
	* c-c++-common/analyzer/pr99716-1.c: Add -fno-exceptions.
	* c-c++-common/analyzer/pr99716-2.c: Likewise.
	* c-c++-common/analyzer/pr99716-3.c: Likewise.
	* c-c++-common/analyzer/pragma-2.c: Likewise.
	* c-c++-common/analyzer/rhbz1878600.c: Likewise.
	* c-c++-common/analyzer/strndup-1.c: Likewise.
	* c-c++-common/analyzer/write-to-string-literal-4-disabled.c:
	Likewise.
	* c-c++-common/analyzer/write-to-string-literal-4.c: Likewise.
	* c-c++-common/analyzer/write-to-string-literal-5.c: Likewise.
	* c-c++-common/analyzer/zlib-5.c: Likewise.
	* g++.dg/analyzer/exception-could-throw-1.C: New test.
	* g++.dg/analyzer/exception-could-throw-2.C: New test.
	* g++.dg/analyzer/exception-dynamic-spec.C: New test.
	* g++.dg/analyzer/exception-leak-1.C: New test.
	* g++.dg/analyzer/exception-leak-2.C: New test.
	* g++.dg/analyzer/exception-leak-3.C: New test.
	* g++.dg/analyzer/exception-leak-4.C: New test.
	* g++.dg/analyzer/exception-leak-5.C: New test.
	* g++.dg/analyzer/exception-leak-6.C: New test.
	* g++.dg/analyzer/exception-nothrow.C: New test.
	* g++.dg/analyzer/exception-path-1.C: New test.
	* g++.dg/analyzer/exception-path-catch-all-1.C: New test.
	* g++.dg/analyzer/exception-path-catch-all-2.C: New test.
	* g++.dg/analyzer/exception-path-unwind-multiple-2.C: New test.
	* g++.dg/analyzer/exception-path-unwind-multiple.C: New test.
	* g++.dg/analyzer/exception-path-unwind-single.C: New test.
	* g++.dg/analyzer/exception-path-with-cleanups.C: New test.
	* g++.dg/analyzer/exception-rethrow-1.C: New test.
	* g++.dg/analyzer/exception-rethrow-2.C: New test.
	* g++.dg/analyzer/exception-stack-1.C: New test.
	* g++.dg/analyzer/exception-stack-2.C: New test.
	* g++.dg/analyzer/exception-subclass-1.C: New test.
	* g++.dg/analyzer/exception-subclass-2.C: New test.
	* g++.dg/analyzer/exception-value-1.C: New test.
	* g++.dg/analyzer/exception-value-2.C: New test.
	* g++.dg/analyzer/fno-exception.C: New test.
	* g++.dg/analyzer/pr94028.C: Drop xfail.
	* g++.dg/analyzer/std-unexpected.C: New test.
	* g++.dg/coroutines/pr105287.C: Drop dg-excess-errors.

Signed-off-by: David Malcolm <dmalcolm@redhat.com>

0 files changed, 0 insertions, 0 deletions