diff options
author | David Malcolm <dmalcolm@redhat.com> | 2019-12-19 16:10:41 -0500 |
---|---|---|
committer | David Malcolm <dmalcolm@redhat.com> | 2020-01-14 21:10:45 -0500 |
commit | 24918a9b20c771984f41f90c3352c3ebee8b5e6f (patch) | |
tree | c43e7b6c06c3183bee103da0ff484e6846c7454c | |
parent | d666ae9862a06cab12108607c516a8475b4fb766 (diff) | |
download | gcc-devel/analyzer.zip gcc-devel/analyzer.tar.gz gcc-devel/analyzer.tar.bz2 |
analyzer: add -Wanalyzer-use-of-closed-filedevel/analyzer
gcc/analyzer/ChangeLog:
* analyzer.opt (Wanalyzer-use-of-closed-file): New option.
* sm-file.cc (class use_of_closed_file): New file_diagnostic subclass.
(find_file_param): New function.
(fileptr_state_machine::on_stmt): Complain about operations on
closed files.
gcc/ChangeLog:
* doc/invoke.texi (-Wanalyzer-use-of-closed-file): Document new
option.
gcc/testsuite/ChangeLog:
* gcc.dg/analyzer/file-1.c (test_5): New test.
-rw-r--r-- | gcc/analyzer/analyzer.opt | 4 | ||||
-rw-r--r-- | gcc/analyzer/sm-file.cc | 92 | ||||
-rw-r--r-- | gcc/doc/invoke.texi | 13 | ||||
-rw-r--r-- | gcc/testsuite/gcc.dg/analyzer/file-1.c | 8 |
4 files changed, 116 insertions, 1 deletions
diff --git a/gcc/analyzer/analyzer.opt b/gcc/analyzer/analyzer.opt index af8d81d..3311e97 100644 --- a/gcc/analyzer/analyzer.opt +++ b/gcc/analyzer/analyzer.opt @@ -94,6 +94,10 @@ Wanalyzer-use-after-free Common Var(warn_analyzer_use_after_free) Init(1) Warning Warn about code paths in which a freed value is used. +Wanalyzer-use-of-closed-file +Common Var(warn_analyzer_use_of_closed_file) Init(1) Warning +Warn about code paths in which a FILE * is used after being closed. + Wanalyzer-use-of-pointer-in-stale-stack-frame Common Var(warn_analyzer_use_of_pointer_in_stale_stack_frame) Init(1) Warning Warn about code paths in which a pointer to a stale stack frame is used. diff --git a/gcc/analyzer/sm-file.cc b/gcc/analyzer/sm-file.cc index f731981..e7fb0f0 100644 --- a/gcc/analyzer/sm-file.cc +++ b/gcc/analyzer/sm-file.cc @@ -161,6 +161,46 @@ private: diagnostic_event_id_t m_first_fclose_event; }; +class use_of_closed_file : public file_diagnostic +{ +public: + use_of_closed_file (const fileptr_state_machine &sm, tree arg) + : file_diagnostic (sm, arg) + {} + + const char *get_kind () const FINAL OVERRIDE { return "use_of_closed_file"; } + + bool emit (rich_location *rich_loc) FINAL OVERRIDE + { + // FIXME: CWE? + return warning_at (rich_loc, OPT_Wanalyzer_use_of_closed_file, + "use of closed FILE %qE", + m_arg); + } + + label_text describe_state_change (const evdesc::state_change &change) + OVERRIDE + { + if (change.m_new_state == m_sm.m_closed) + { + m_fclose_event = change.m_event_id; + return change.formatted_print ("file closed here"); + } + return file_diagnostic::describe_state_change (change); + } + + label_text describe_final_event (const evdesc::final_event &ev) FINAL OVERRIDE + { + if (m_fclose_event.known_p ()) + return ev.formatted_print ("use of closed FILE %qE; closed at %@", + ev.m_expr, &m_fclose_event); + return ev.formatted_print ("use of closed FILE %qE", ev.m_expr); + } + +private: + diagnostic_event_id_t m_fclose_event; +}; + class file_leak : public file_diagnostic { public: @@ -294,6 +334,41 @@ is_file_using_fn_p (tree fndecl) return fs.contains_decl_p (fndecl); } +/* If FNDECL takes a FILE * param, write the 0-based index of the first + such param to *OUT_IDX and return true. */ + +static bool +find_file_param (tree fndecl, int *out_idx) +{ + int idx = 0; + for (tree iter_param_types = TYPE_ARG_TYPES (TREE_TYPE (fndecl)); + iter_param_types; + iter_param_types = TREE_CHAIN (iter_param_types), idx++) + { + tree param_type = TREE_VALUE (iter_param_types); + + /* Looks like we can't rely on fileptr_type_node being set up; + instead, look for a ptr to record called "FILE". */ + + if (!POINTER_TYPE_P (param_type)) + continue; + tree type = TREE_TYPE (param_type); + if (TREE_CODE (type) == RECORD_TYPE + && TYPE_NAME (type) + && TREE_CODE (TYPE_NAME (type)) == TYPE_DECL) + { + tree tdecl = TYPE_NAME (type); + if (DECL_NAME (tdecl) + && strcmp (IDENTIFIER_POINTER (DECL_NAME (tdecl)), "FILE") == 0) + { + *out_idx = idx; + return true; + } + } + } + return false; +} + /* Implementation of state_machine::on_stmt vfunc for fileptr_state_machine. */ bool @@ -340,12 +415,27 @@ fileptr_state_machine::on_stmt (sm_context *sm_ctxt, if (is_file_using_fn_p (callee_fndecl)) { - // TODO: operations on unchecked file + int param_idx; + if (find_file_param (callee_fndecl, ¶m_idx)) + { + /* Look up FILE * param. */ + tree arg = gimple_call_arg (call, param_idx); + arg = sm_ctxt->get_readable_tree (arg); + + // TODO: operations on unchecked file + + /* Complain about operations on closed files. */ + sm_ctxt->warn_for_state (node, stmt, arg, m_closed, + new use_of_closed_file (*this, arg)); + sm_ctxt->on_transition (node, stmt, arg, m_closed, m_stop); + } return true; } // etc } + // TODO: fcloseall() (a GNU extension) + return false; } diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi index 1374204..5438748 100644 --- a/gcc/doc/invoke.texi +++ b/gcc/doc/invoke.texi @@ -309,6 +309,7 @@ Objective-C and Objective-C++ Dialects}. -Wno-analyzer-tainted-array-index @gol -Wno-analyzer-unsafe-call-within-signal-handler @gol -Wno-analyzer-use-after-free @gol +-Wno-analyzer-use-of-closed-file @gol -Wno-analyzer-use-of-pointer-in-stale-stack-frame @gol -Wno-analyzer-use-of-uninitialized-value @gol -Wanalyzer-too-complex @gol @@ -409,6 +410,7 @@ Objective-C and Objective-C++ Dialects}. -Wanalyzer-tainted-array-index @gol -Wanalyzer-unsafe-call-within-signal-handler @gol -Wanalyzer-use-after-free @gol +-Wanalyzer-use-of-closed-file @gol -Wanalyzer-use-of-pointer-in-stale-stack-frame @gol -Wanalyzer-use-of-uninitialized-value @gol -Wanalyzer-too-complex @gol @@ -6615,6 +6617,16 @@ This warning requires @option{-fanalyzer}, which enables it; use This diagnostic warns for paths through the code in which a pointer is used after @code{free} is called on it. +@item -Wno-analyzer-use-of-closed-file +@opindex Wanalyzer-use-of-closed-file +@opindex Wno-analyzer-use-of-closed-file +This warning requires @option{-fanalyzer}, which enables it; use +@option{-Wno-analyzer-use-of-closed-file} to disable it. + +This diagnostic warns for paths through the code in which a +@code{<stdio.h>} @code{FILE *} stream object is used after +@code{fclose} is called on it. + @item -Wno-analyzer-use-of-pointer-in-stale-stack-frame @opindex Wanalyzer-use-of-pointer-in-stale-stack-frame @opindex Wno-analyzer-use-of-pointer-in-stale-stack-frame @@ -8330,6 +8342,7 @@ Enabling this option effectively enables the following warnings: -Wanalyzer-tainted-array-index @gol -Wanalyzer-unsafe-call-within-signal-handler @gol -Wanalyzer-use-after-free @gol +-Wanalyzer-use-of-closed-file @gol -Wanalyzer-use-of-uninitialized-value @gol -Wanalyzer-use-of-pointer-in-stale-stack-frame @gol } diff --git a/gcc/testsuite/gcc.dg/analyzer/file-1.c b/gcc/testsuite/gcc.dg/analyzer/file-1.c index ba516af..8531fb0 100644 --- a/gcc/testsuite/gcc.dg/analyzer/file-1.c +++ b/gcc/testsuite/gcc.dg/analyzer/file-1.c @@ -47,3 +47,11 @@ test_4 (const char *path) return; /* { dg-warning "leak of FILE 'f'" } */ } + +void +test_5 (FILE *f, const char *msg) +{ + fclose (f); /* { dg-message "\\(1\\) file closed here" } */ + fprintf (f, "foo: %s", msg); /* { dg-warning "use of closed FILE 'f'" } */ + /* { dg-message "\\(2\\) use of closed FILE 'f'; closed at \\(1\\)" "" { target *-*-* } .-1 } */ +} |