diff options
| author | David Malcolm <dmalcolm@redhat.com> | 2023-11-14 15:51:52 -0500 |
|---|---|---|
| committer | David Malcolm <dmalcolm@redhat.com> | 2023-11-14 15:51:52 -0500 |
| commit | cfaaa8b11b8429eed5ec44426fc6a20ad5d53d30 (patch) | |
| tree | 97d6811e7c4b36c116afa01a971db73552c8b147 | |
| parent | c6560525ca4e59598625c7586290c0f829cd6598 (diff) | |
| download | gcc-cfaaa8b11b8429eed5ec44426fc6a20ad5d53d30.zip gcc-cfaaa8b11b8429eed5ec44426fc6a20ad5d53d30.tar.gz gcc-cfaaa8b11b8429eed5ec44426fc6a20ad5d53d30.tar.bz2 | |
analyzer: enable taint state machine by default [PR103533]
gcc/analyzer/ChangeLog:
PR analyzer/103533
* sm-taint.cc: Remove "experimental" from comment.
* sm.cc (make_checkers): Always add taint state machine.
gcc/ChangeLog:
PR analyzer/103533
* doc/invoke.texi (Static Analyzer Options): Add the six
-Wanalyzer-tainted-* warnings. Update documentation of each
warning to reflect removed requirement to use
-fanalyzer-checker=taint. Remove discussion of
-fanalyzer-checker=taint.
gcc/testsuite/ChangeLog:
PR analyzer/103533
* c-c++-common/analyzer/attr-tainted_args-1.c: Remove use of
-fanalyzer-checker=taint.
* c-c++-common/analyzer/fread-1.c: Likewise.
* c-c++-common/analyzer/pr104029.c: Likewise.
* gcc.dg/analyzer/pr93032-mztools-signed-char.c: Add params to
work around state explosion.
* gcc.dg/analyzer/pr93032-mztools-unsigned-char.c: Likewise.
* gcc.dg/analyzer/pr93382.c: Remove use of
-fanalyzer-checker=taint.
* gcc.dg/analyzer/switch-enum-taint-1.c: Likewise.
* gcc.dg/analyzer/taint-CVE-2011-2210-1.c: Likewise.
* gcc.dg/analyzer/taint-CVE-2020-13143-1.c: Likewise.
* gcc.dg/analyzer/taint-CVE-2020-13143-2.c: Likewise.
* gcc.dg/analyzer/taint-CVE-2020-13143.h: Likewise.
* gcc.dg/analyzer/taint-alloc-1.c: Likewise.
* gcc.dg/analyzer/taint-alloc-2.c: Likewise.
* gcc.dg/analyzer/taint-alloc-3.c: Likewise.
* gcc.dg/analyzer/taint-alloc-4.c: Likewise.
* gcc.dg/analyzer/taint-alloc-5.c: Likewise.
* gcc.dg/analyzer/taint-assert-BUG_ON.c: Likewise.
* gcc.dg/analyzer/taint-assert-macro-expansion.c: Likewise.
* gcc.dg/analyzer/taint-assert-system-header.c: Likewise.
* gcc.dg/analyzer/taint-assert.c: Likewise.
* gcc.dg/analyzer/taint-divisor-1.c: Likewise.
* gcc.dg/analyzer/taint-divisor-2.c: Likewise.
* gcc.dg/analyzer/taint-merger.c: Likewise.
* gcc.dg/analyzer/taint-ops.c: Delete this test: it was a
duplicate of material in operations.c and data-model-1.c, with
-fanalyzer-checker=taint added.
* gcc.dg/analyzer/taint-read-index-1.c: Remove use of
-fanalyzer-checker=taint.
* gcc.dg/analyzer/taint-read-offset-1.c: Likewise.
* gcc.dg/analyzer/taint-realloc.c: Likewise. Add missing
dg-warning for leak now that the malloc state machine is also
active.
* gcc.dg/analyzer/taint-size-1.c: Remove use of
-fanalyzer-checker=taint.
* gcc.dg/analyzer/taint-size-access-attr-1.c: Likewise.
* gcc.dg/analyzer/taint-write-index-1.c: Likewise.
* gcc.dg/analyzer/taint-write-offset-1.c: Likewise.
* gcc.dg/analyzer/torture/taint-read-index-2.c: Likewise.
* gcc.dg/analyzer/torture/taint-read-index-3.c: Likewise.
* gcc.dg/plugin/taint-CVE-2011-0521-1-fixed.c: Likewise. Add
-Wno-pedantic.
* gcc.dg/plugin/taint-CVE-2011-0521-1.c: Likewise.
* gcc.dg/plugin/taint-CVE-2011-0521-2-fixed.c: Likewise.
* gcc.dg/plugin/taint-CVE-2011-0521-2.c: Likewise.
* gcc.dg/plugin/taint-CVE-2011-0521-3-fixed.c: Likewise.
* gcc.dg/plugin/taint-CVE-2011-0521-3.c: Likewise. Fix C++-style
comment.
* gcc.dg/plugin/taint-CVE-2011-0521-4.c: Remove use of
-fanalyzer-checker=taint and add -Wno-pedantic. Remove xfail and
add missing dg-warning.
* gcc.dg/plugin/taint-CVE-2011-0521-5-fixed.c: Remove use of
-fanalyzer-checker=taint and add -Wno-pedantic.
* gcc.dg/plugin/taint-CVE-2011-0521-5.c: Likewise.
* gcc.dg/plugin/taint-CVE-2011-0521-6.c: Likewise.
* gcc.dg/plugin/taint-antipatterns-1.c: : Remove use of
-fanalyzer-checker=taint.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
47 files changed, 41 insertions, 281 deletions
diff --git a/gcc/analyzer/sm-taint.cc b/gcc/analyzer/sm-taint.cc index 09c1e93..dfd5f7f 100644 --- a/gcc/analyzer/sm-taint.cc +++ b/gcc/analyzer/sm-taint.cc @@ -1,4 +1,4 @@ -/* An experimental state machine, for tracking "taint": unsanitized uses +/* A state machine for tracking "taint": unsanitized uses of data potentially under an attacker's control. Copyright (C) 2019-2023 Free Software Foundation, Inc. diff --git a/gcc/analyzer/sm.cc b/gcc/analyzer/sm.cc index 2b88430..c030c27 100644 --- a/gcc/analyzer/sm.cc +++ b/gcc/analyzer/sm.cc @@ -188,10 +188,7 @@ make_checkers (auto_delete_vec <state_machine> &out, logger *logger) out.safe_push (make_malloc_state_machine (logger)); out.safe_push (make_fileptr_state_machine (logger)); out.safe_push (make_fd_state_machine (logger)); - /* The "taint" checker must be explicitly enabled (as it currently - leads to state explosions that stop the other checkers working). */ - if (flag_analyzer_checker) - out.safe_push (make_taint_state_machine (logger)); + out.safe_push (make_taint_state_machine (logger)); out.safe_push (make_sensitive_state_machine (logger)); out.safe_push (make_signal_state_machine (logger)); out.safe_push (make_va_list_state_machine (logger)); diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi index 2d30a5d..1748afd 100644 --- a/gcc/doc/invoke.texi +++ b/gcc/doc/invoke.texi @@ -10415,6 +10415,12 @@ Enabling this option effectively enables the following warnings: -Wanalyzer-shift-count-negative -Wanalyzer-shift-count-overflow -Wanalyzer-stale-setjmp-buffer +-Wanalyzer-tainted-allocation-size +-Wanalyzer-tainted-array-index +-Wanalyzer-tainted-assertion +-Wanalyzer-tainted-divisor +-Wanalyzer-tainted-offset +-Wanalyzer-tainted-size -Wanalyzer-unsafe-call-within-signal-handler -Wanalyzer-use-after-free -Wanalyzer-use-of-pointer-in-stale-stack-frame @@ -10426,13 +10432,6 @@ Enabling this option effectively enables the following warnings: -Wanalyzer-write-to-const -Wanalyzer-write-to-string-literal } -@ignore --Wanalyzer-tainted-allocation-size --Wanalyzer-tainted-array-index --Wanalyzer-tainted-divisor --Wanalyzer-tainted-offset --Wanalyzer-tainted-size -@end ignore This option is only available if GCC was configured with analyzer support enabled. @@ -10880,8 +10879,7 @@ no longer exists, and likely lead to a crash (or worse). @opindex Wanalyzer-tainted-allocation-size @opindex Wno-analyzer-tainted-allocation-size @item -Wno-analyzer-tainted-allocation-size -This warning requires both @option{-fanalyzer} and -@option{-fanalyzer-checker=taint} to enable it; +This warning requires @option{-fanalyzer} which enables it; use @option{-Wno-analyzer-tainted-allocation-size} to disable it. This diagnostic warns for paths through the code in which a value @@ -10896,8 +10894,7 @@ See @uref{https://cwe.mitre.org/data/definitions/789.html, CWE-789: Memory Alloc @opindex Wno-analyzer-tainted-assertion @item -Wno-analyzer-tainted-assertion -This warning requires both @option{-fanalyzer} and -@option{-fanalyzer-checker=taint} to enable it; +This warning requires @option{-fanalyzer} which enables it; use @option{-Wno-analyzer-tainted-assertion} to disable it. This diagnostic warns for paths through the code in which a value @@ -10958,8 +10955,7 @@ despite the above not being an assertion failure, strictly speaking. @opindex Wanalyzer-tainted-array-index @opindex Wno-analyzer-tainted-array-index @item -Wno-analyzer-tainted-array-index -This warning requires both @option{-fanalyzer} and -@option{-fanalyzer-checker=taint} to enable it; +This warning requires @option{-fanalyzer} which enables it; use @option{-Wno-analyzer-tainted-array-index} to disable it. This diagnostic warns for paths through the code in which a value @@ -10972,8 +10968,7 @@ See @uref{https://cwe.mitre.org/data/definitions/129.html, CWE-129: Improper Val @opindex Wanalyzer-tainted-divisor @opindex Wno-analyzer-tainted-divisor @item -Wno-analyzer-tainted-divisor -This warning requires both @option{-fanalyzer} and -@option{-fanalyzer-checker=taint} to enable it; +This warning requires @option{-fanalyzer} which enables it; use @option{-Wno-analyzer-tainted-divisor} to disable it. This diagnostic warns for paths through the code in which a value @@ -10986,8 +10981,7 @@ See @uref{https://cwe.mitre.org/data/definitions/369.html, CWE-369: Divide By Ze @opindex Wanalyzer-tainted-offset @opindex Wno-analyzer-tainted-offset @item -Wno-analyzer-tainted-offset -This warning requires both @option{-fanalyzer} and -@option{-fanalyzer-checker=taint} to enable it; +This warning requires @option{-fanalyzer} which enables it; use @option{-Wno-analyzer-tainted-offset} to disable it. This diagnostic warns for paths through the code in which a value @@ -11000,8 +10994,7 @@ See @uref{https://cwe.mitre.org/data/definitions/823.html, CWE-823: Use of Out-o @opindex Wanalyzer-tainted-size @opindex Wno-analyzer-tainted-size @item -Wno-analyzer-tainted-size -This warning requires both @option{-fanalyzer} and -@option{-fanalyzer-checker=taint} to enable it; +This warning requires @option{-fanalyzer} which enables it; use @option{-Wno-analyzer-tainted-size} to disable it. This diagnostic warns for paths through the code in which a value @@ -11251,38 +11244,6 @@ call site, and that are sufficiently complicated (as per @item -fanalyzer-checker=@var{name} Restrict the analyzer to run just the named checker, and enable it. -Some checkers are disabled by default (even with @option{-fanalyzer}), -such as the @code{taint} checker that implements -@option{-Wanalyzer-tainted-array-index}, and this option is required -to enable them. - -@emph{Note:} currently, @option{-fanalyzer-checker=taint} disables the -following warnings from @option{-fanalyzer}: - -@gccoptlist{ --Wanalyzer-deref-before-check --Wanalyzer-double-fclose --Wanalyzer-double-free --Wanalyzer-exposure-through-output-file --Wanalyzer-fd-access-mode-mismatch --Wanalyzer-fd-double-close --Wanalyzer-fd-leak --Wanalyzer-fd-use-after-close --Wanalyzer-fd-use-without-check --Wanalyzer-file-leak --Wanalyzer-free-of-non-heap --Wanalyzer-malloc-leak --Wanalyzer-mismatching-deallocation --Wanalyzer-null-argument --Wanalyzer-null-dereference --Wanalyzer-possible-null-argument --Wanalyzer-possible-null-dereference --Wanalyzer-unsafe-call-within-signal-handler --Wanalyzer-use-after-free --Wanalyzer-va-list-leak --Wanalyzer-va-list-use-after-va-end -} - @opindex fanalyzer-debug-text-art @opindex fno-analyzer-debug-text-art @item -fanalyzer-debug-text-art-headings diff --git a/gcc/testsuite/c-c++-common/analyzer/attr-tainted_args-1.c b/gcc/testsuite/c-c++-common/analyzer/attr-tainted_args-1.c index 0ff3446..3525e84 100644 --- a/gcc/testsuite/c-c++-common/analyzer/attr-tainted_args-1.c +++ b/gcc/testsuite/c-c++-common/analyzer/attr-tainted_args-1.c @@ -1,6 +1,3 @@ -// TODO: remove need for this option -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - #include "../../gcc.dg/analyzer/analyzer-decls.h" struct arg_buf diff --git a/gcc/testsuite/c-c++-common/analyzer/fread-1.c b/gcc/testsuite/c-c++-common/analyzer/fread-1.c index 593cb7f..467467e 100644 --- a/gcc/testsuite/c-c++-common/analyzer/fread-1.c +++ b/gcc/testsuite/c-c++-common/analyzer/fread-1.c @@ -1,5 +1,3 @@ -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - typedef __SIZE_TYPE__ size_t; extern size_t fread (void *, size_t, size_t, void *); diff --git a/gcc/testsuite/c-c++-common/analyzer/pr104029.c b/gcc/testsuite/c-c++-common/analyzer/pr104029.c index 873f0eb..04b9ef8 100644 --- a/gcc/testsuite/c-c++-common/analyzer/pr104029.c +++ b/gcc/testsuite/c-c++-common/analyzer/pr104029.c @@ -1,6 +1,3 @@ -// TODO: remove need for this option -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - typedef __SIZE_TYPE__ size_t; typedef const void *t_comptype; typedef int (*t_compfunc)(t_comptype, t_comptype); diff --git a/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools-signed-char.c b/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools-signed-char.c index 1f3df7c..45599e2 100644 --- a/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools-signed-char.c +++ b/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools-signed-char.c @@ -6,6 +6,9 @@ /* { dg-do "compile" } */ /* { dg-additional-options "-fsigned-char" } */ +/* TODO (PR analyzer/112528): remove need for this. */ +/* { dg-additional-options "--param analyzer-max-enodes-per-program-point=40 --param analyzer-bb-explosion-factor=10" } */ + /* Minimal replacement of system headers. */ typedef __SIZE_TYPE__ size_t; diff --git a/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools-unsigned-char.c b/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools-unsigned-char.c index db9678d..a59fc49 100644 --- a/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools-unsigned-char.c +++ b/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools-unsigned-char.c @@ -6,6 +6,9 @@ /* { dg-do "compile" } */ /* { dg-additional-options "-funsigned-char" } */ +/* TODO (PR analyzer/112528): remove need for this. */ +/* { dg-additional-options "--param analyzer-max-enodes-per-program-point=40 --param analyzer-bb-explosion-factor=10" } */ + /* Minimal replacement of system headers. */ typedef __SIZE_TYPE__ size_t; diff --git a/gcc/testsuite/gcc.dg/analyzer/pr93382.c b/gcc/testsuite/gcc.dg/analyzer/pr93382.c index 1e6612d..91eab21 100644 --- a/gcc/testsuite/gcc.dg/analyzer/pr93382.c +++ b/gcc/testsuite/gcc.dg/analyzer/pr93382.c @@ -1,5 +1,3 @@ -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - typedef __SIZE_TYPE__ size_t; int idx; diff --git a/gcc/testsuite/gcc.dg/analyzer/switch-enum-taint-1.c b/gcc/testsuite/gcc.dg/analyzer/switch-enum-taint-1.c index db3bb5b..d20b33e 100644 --- a/gcc/testsuite/gcc.dg/analyzer/switch-enum-taint-1.c +++ b/gcc/testsuite/gcc.dg/analyzer/switch-enum-taint-1.c @@ -1,6 +1,3 @@ -// TODO: remove need for this option -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - #include "analyzer-decls.h" /* Verify the handling of "switch (enum_value)". */ diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-CVE-2011-2210-1.c b/gcc/testsuite/gcc.dg/analyzer/taint-CVE-2011-2210-1.c index b44be99..fa89bda 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-CVE-2011-2210-1.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-CVE-2011-2210-1.c @@ -7,9 +7,6 @@ Fixed in 3d0475119d8722798db5e88f26493f6547a4bb5b on linux-2.6.39.y in linux-stable. */ -// TODO: remove need for this option: -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - #include "analyzer-decls.h" #include "test-uaccess.h" diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-CVE-2020-13143-1.c b/gcc/testsuite/gcc.dg/analyzer/taint-CVE-2020-13143-1.c index 328c579..1b81c1b 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-CVE-2020-13143-1.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-CVE-2020-13143-1.c @@ -1,9 +1,6 @@ /* See notes in this header. */ #include "taint-CVE-2020-13143.h" -// TODO: remove need for this option -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - struct configfs_attribute { /* [...snip...] */ ssize_t (*store)(struct config_item *, const char *, size_t) /* { dg-message "\\(1\\) field 'store' of 'struct configfs_attribute' is marked with '__attribute__\\(\\(tainted_args\\)\\)'" } */ diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-CVE-2020-13143-2.c b/gcc/testsuite/gcc.dg/analyzer/taint-CVE-2020-13143-2.c index c74a460..f53e42b 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-CVE-2020-13143-2.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-CVE-2020-13143-2.c @@ -1,9 +1,6 @@ /* See notes in this header. */ #include "taint-CVE-2020-13143.h" -// TODO: remove need for this option -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - struct configfs_attribute { /* [...snip...] */ ssize_t (*store)(struct config_item *, const char *, size_t) /* { dg-message "\\(1\\) field 'store' of 'struct configfs_attribute' is marked with '__attribute__\\(\\(tainted_args\\)\\)'" } */ diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-CVE-2020-13143.h b/gcc/testsuite/gcc.dg/analyzer/taint-CVE-2020-13143.h index 0ba0235..93f90d4 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-CVE-2020-13143.h +++ b/gcc/testsuite/gcc.dg/analyzer/taint-CVE-2020-13143.h @@ -8,9 +8,6 @@ Fixed by 15753588bcd4bbffae1cca33c8ced5722477fe1f on linux-5.7.y in linux-stable. */ -// TODO: remove need for this option -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - #include <stddef.h> /* Adapted from include/uapi/asm-generic/posix_types.h */ diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-alloc-1.c b/gcc/testsuite/gcc.dg/analyzer/taint-alloc-1.c index cb2db6c..dfb585b 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-alloc-1.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-alloc-1.c @@ -1,5 +1,3 @@ -// TODO: remove need for this option -/* { dg-additional-options "-fanalyzer-checker=taint" } */ /* { dg-require-effective-target alloca } */ #include "analyzer-decls.h" diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-alloc-2.c b/gcc/testsuite/gcc.dg/analyzer/taint-alloc-2.c index 72dbca5..68fbce9 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-alloc-2.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-alloc-2.c @@ -1,6 +1,3 @@ -// TODO: remove need for this option: -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - #include "analyzer-decls.h" #include <stdio.h> #include <stdlib.h> diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-alloc-3.c b/gcc/testsuite/gcc.dg/analyzer/taint-alloc-3.c index 80d8f0b..ce6a327 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-alloc-3.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-alloc-3.c @@ -1,6 +1,3 @@ -// TODO: remove need for this option: -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - #include "analyzer-decls.h" #include <stdio.h> #include <stdlib.h> diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-alloc-4.c b/gcc/testsuite/gcc.dg/analyzer/taint-alloc-4.c index bd47097..9df9422 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-alloc-4.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-alloc-4.c @@ -1,6 +1,3 @@ -// TODO: remove need for this option: -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - #include "analyzer-decls.h" #include <stdio.h> #include <stdlib.h> diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-alloc-5.c b/gcc/testsuite/gcc.dg/analyzer/taint-alloc-5.c index 9a15980..18dbff0 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-alloc-5.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-alloc-5.c @@ -1,6 +1,3 @@ -// TODO: remove need for this option -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - #include "analyzer-decls.h" struct foo diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-assert-BUG_ON.c b/gcc/testsuite/gcc.dg/analyzer/taint-assert-BUG_ON.c index 8aef0a4..328940d 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-assert-BUG_ON.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-assert-BUG_ON.c @@ -1,6 +1,3 @@ -// TODO: remove need for this option -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - /* We need this, otherwise the warnings are emitted inside the macros, which makes it hard to write the DejaGnu directives. */ /* { dg-additional-options " -ftrack-macro-expansion=0" } */ diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-assert-macro-expansion.c b/gcc/testsuite/gcc.dg/analyzer/taint-assert-macro-expansion.c index 24b175a..78357ae 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-assert-macro-expansion.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-assert-macro-expansion.c @@ -2,9 +2,6 @@ -Wanalyzer-tainted-assertion with macro-tracking enabled (the default). */ -// TODO: remove need for this option -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - /* { dg-additional-options "-fdiagnostics-show-path-depths" } */ /* { dg-additional-options "-fdiagnostics-path-format=inline-events -fdiagnostics-show-caret" } */ diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-assert-system-header.c b/gcc/testsuite/gcc.dg/analyzer/taint-assert-system-header.c index a65853c..bd47ab7 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-assert-system-header.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-assert-system-header.c @@ -3,9 +3,6 @@ (the default), where the assertion macro is defined in a system header. */ -// TODO: remove need for this option -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - /* { dg-additional-options "-fdiagnostics-show-path-depths" } */ /* { dg-additional-options "-fdiagnostics-path-format=inline-events -fdiagnostics-show-caret" } */ diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-assert.c b/gcc/testsuite/gcc.dg/analyzer/taint-assert.c index b09f8c5..855ed5f 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-assert.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-assert.c @@ -1,6 +1,3 @@ -// TODO: remove need for this option -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - /* We need this, otherwise the warnings are emitted inside the macros, which makes it hard to write the DejaGnu directives. */ /* { dg-additional-options " -ftrack-macro-expansion=0" } */ diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-divisor-1.c b/gcc/testsuite/gcc.dg/analyzer/taint-divisor-1.c index b7c1fae..438a209 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-divisor-1.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-divisor-1.c @@ -1,6 +1,3 @@ -// TODO: remove need for this option: -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - #include "analyzer-decls.h" #include <stdio.h> diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-divisor-2.c b/gcc/testsuite/gcc.dg/analyzer/taint-divisor-2.c index de9a1cb..7702584 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-divisor-2.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-divisor-2.c @@ -1,6 +1,3 @@ -// TODO: remove need for this option: -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - #include "analyzer-decls.h" __attribute__ ((tainted_args)) diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-merger.c b/gcc/testsuite/gcc.dg/analyzer/taint-merger.c index e4e48f3..b7d562b 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-merger.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-merger.c @@ -1,6 +1,3 @@ -/* { dg-additional-options "-fanalyzer-checker=taint" } */ -// TODO: remove need for this option - #include "analyzer-decls.h" int v_start; diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-ops.c b/gcc/testsuite/gcc.dg/analyzer/taint-ops.c deleted file mode 100644 index 729dbe5..0000000 --- a/gcc/testsuite/gcc.dg/analyzer/taint-ops.c +++ /dev/null @@ -1,106 +0,0 @@ -/* { dg-additional-options "-fanalyzer-checker=taint" } */ -// TODO: remove need for this option -/* This test can probably be removed when -fanalyzer enables - the taint checker by default. */ - -#include "analyzer-decls.h" - -void -test_1 (char a) -{ - char b = -a; -} - -/* Copies of code from data-model-1.c. */ - -void test_20 (int i, int j) -{ - __analyzer_eval (i + 1); /* { dg-warning "UNKNOWN" } */ - __analyzer_eval (i + j); /* { dg-warning "UNKNOWN" } */ - - __analyzer_eval (i - 1); /* { dg-warning "UNKNOWN" } */ - __analyzer_eval (i - j); /* { dg-warning "UNKNOWN" } */ - - __analyzer_eval (i * 2); /* { dg-warning "UNKNOWN" } */ - __analyzer_eval (i * j); /* { dg-warning "UNKNOWN" } */ - - __analyzer_eval (i / 2); /* { dg-warning "UNKNOWN" } */ - __analyzer_eval (i / j); /* { dg-warning "UNKNOWN" } */ - - __analyzer_eval (i % 2); /* { dg-warning "UNKNOWN" } */ - __analyzer_eval (i % j); /* { dg-warning "UNKNOWN" } */ - - __analyzer_eval (i & 1); /* { dg-warning "UNKNOWN" } */ - __analyzer_eval (i & j); /* { dg-warning "UNKNOWN" } */ - - __analyzer_eval (i | 1); /* { dg-warning "UNKNOWN" } */ - __analyzer_eval (i | j); /* { dg-warning "UNKNOWN" } */ - - __analyzer_eval (i ^ 1); /* { dg-warning "UNKNOWN" } */ - __analyzer_eval (i ^ j); /* { dg-warning "UNKNOWN" } */ - - __analyzer_eval (i >> 1); /* { dg-warning "UNKNOWN" } */ - __analyzer_eval (i >> j); /* { dg-warning "UNKNOWN" } */ - - __analyzer_eval (i << 1); /* { dg-warning "UNKNOWN" } */ - __analyzer_eval (i << j); /* { dg-warning "UNKNOWN" } */ - - __analyzer_eval (i && 0); /* { dg-warning "FALSE" } */ - __analyzer_eval (i && 1); /* { dg-warning "UNKNOWN" } */ - __analyzer_eval (i && j); /* { dg-warning "UNKNOWN" } */ - - __analyzer_eval (i || 0); /* { dg-warning "UNKNOWN" } */ - - __analyzer_eval (i || 1); /* { dg-warning "TRUE" } */ - __analyzer_eval (i || j); /* { dg-warning "UNKNOWN" } */ - - __analyzer_eval (~i); /* { dg-warning "UNKNOWN" } */ - __analyzer_eval (-i); /* { dg-warning "UNKNOWN" } */ - __analyzer_eval (+i); /* { dg-warning "UNKNOWN" } */ - - /* Anything added above should be added to the next function also. */ -} - -void test_21 (void) -{ - int i, j, zero; - int *pi = &i; - int *pj = &j; - int *pzero = &zero; - *pi = 5; - *pj = 3; - *pzero = 0; - - __analyzer_eval (i + j == 8); /* { dg-warning "TRUE" } */ - __analyzer_eval (i - j == 2); /* { dg-warning "TRUE" } */ - __analyzer_eval (i * j == 15); /* { dg-warning "TRUE" } */ - __analyzer_eval (i / j == 1); /* { dg-warning "TRUE" } */ - __analyzer_eval (i % j == 2); /* { dg-warning "TRUE" } */ - - /* Division by zero. */ - // TODO: should we warn for this? - __analyzer_eval (i / zero); /* { dg-warning "UNKNOWN" } */ - __analyzer_eval (i % zero); /* { dg-warning "UNKNOWN" } */ - - __analyzer_eval ((i & 1) == (5 & 1)); /* { dg-warning "TRUE" } */ - __analyzer_eval ((i & j) == (5 & 3)); /* { dg-warning "TRUE" } */ - __analyzer_eval ((i | 1) == (5 | 1)); /* { dg-warning "TRUE" } */ - __analyzer_eval ((i | j) == (5 | 3)); /* { dg-warning "TRUE" } */ - __analyzer_eval ((i ^ 1) == (5 ^ 1)); /* { dg-warning "TRUE" } */ - __analyzer_eval ((i ^ j) == (5 ^ 3)); /* { dg-warning "TRUE" } */ - __analyzer_eval ((i >> 1) == (5 >> 1)); /* { dg-warning "TRUE" } */ - __analyzer_eval ((i >> j) == (5 >> 3)); /* { dg-warning "TRUE" } */ - __analyzer_eval ((i << 1) == (5 << 1)); /* { dg-warning "TRUE" } */ - __analyzer_eval ((i << j) == (5 << 3)); /* { dg-warning "TRUE" } */ - __analyzer_eval (i && 0); /* { dg-warning "FALSE" } */ - __analyzer_eval (i && 1); /* { dg-warning "TRUE" } */ - __analyzer_eval (i && j); /* { dg-warning "TRUE" } */ - - __analyzer_eval (i || 0); /* { dg-warning "TRUE" } */ - __analyzer_eval (i || 1); /* { dg-warning "TRUE" } */ - __analyzer_eval (i || j); /* { dg-warning "TRUE" } */ - - __analyzer_eval (~i == ~5); /* { dg-warning "TRUE" } */ - __analyzer_eval (-i == -5); /* { dg-warning "TRUE" } */ - __analyzer_eval (+i == +5); /* { dg-warning "TRUE" } */ -} diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-read-index-1.c b/gcc/testsuite/gcc.dg/analyzer/taint-read-index-1.c index 71c0816..1ec78b5 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-read-index-1.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-read-index-1.c @@ -1,6 +1,3 @@ -// TODO: remove need for this option: -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - #include <stdio.h> #include <stdlib.h> #include <string.h> diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-read-offset-1.c b/gcc/testsuite/gcc.dg/analyzer/taint-read-offset-1.c index 6db59bc..bb5d093 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-read-offset-1.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-read-offset-1.c @@ -1,6 +1,3 @@ -// TODO: remove need for this option: -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - #include <stdio.h> #include <stdlib.h> #include <string.h> diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-realloc.c b/gcc/testsuite/gcc.dg/analyzer/taint-realloc.c index bd0ed00..aeefb7d 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-realloc.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-realloc.c @@ -1,6 +1,3 @@ -// TODO: remove need for this option: -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - #include "analyzer-decls.h" #include <stdio.h> #include <stdlib.h> @@ -18,4 +15,4 @@ test_1 (size_t sz) /* { dg-message "\\(1\\) function 'test_1' marked with '__att __analyzer_dump_state ("taint", sz); /* { dg-warning "state: 'tainted'" } */ q = realloc (p, sz); /* { dg-warning "use of attacker-controlled value 'sz' as allocation size without upper-bounds checking" } */ -} +} /* { dg-warning "leak of 'q'" } */ diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-size-1.c b/gcc/testsuite/gcc.dg/analyzer/taint-size-1.c index 1fd5fd4..36083ac 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-size-1.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-size-1.c @@ -1,6 +1,3 @@ -// TODO: remove need for this option: -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - #include "analyzer-decls.h" #include <stdio.h> #include <stdlib.h> diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-size-access-attr-1.c b/gcc/testsuite/gcc.dg/analyzer/taint-size-access-attr-1.c index 7d243a9..d4da3d7 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-size-access-attr-1.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-size-access-attr-1.c @@ -1,8 +1,7 @@ /* Passing tainted sizes to external functions with attribute ((access)) with a size-index. */ -// TODO: remove need for the explicit taint option: -/* { dg-additional-options "-fanalyzer-checker=taint -fanalyzer-show-duplicate-count" } */ +/* { dg-additional-options "-fanalyzer-show-duplicate-count" } */ #include "analyzer-decls.h" #include <stdio.h> diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-write-index-1.c b/gcc/testsuite/gcc.dg/analyzer/taint-write-index-1.c index cc7ab1c..6222206 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-write-index-1.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-write-index-1.c @@ -1,6 +1,3 @@ -// TODO: remove need for this option: -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - #include <stdio.h> #include <stdlib.h> #include <string.h> diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-write-offset-1.c b/gcc/testsuite/gcc.dg/analyzer/taint-write-offset-1.c index d0df622..21794ce 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-write-offset-1.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-write-offset-1.c @@ -1,6 +1,3 @@ -// TODO: remove need for this option: -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - #include <stdio.h> #include <stdlib.h> #include <string.h> diff --git a/gcc/testsuite/gcc.dg/analyzer/torture/taint-read-index-2.c b/gcc/testsuite/gcc.dg/analyzer/torture/taint-read-index-2.c index b3dc177..8142133 100644 --- a/gcc/testsuite/gcc.dg/analyzer/torture/taint-read-index-2.c +++ b/gcc/testsuite/gcc.dg/analyzer/torture/taint-read-index-2.c @@ -1,5 +1,3 @@ -// TODO: remove need for the taint option: -/* { dg-additional-options "-fanalyzer-checker=taint" } */ /* { dg-skip-if "" { *-*-* } { "-fno-fat-lto-objects" } { "" } } */ #define LOWER_LIMIT 5 diff --git a/gcc/testsuite/gcc.dg/analyzer/torture/taint-read-index-3.c b/gcc/testsuite/gcc.dg/analyzer/torture/taint-read-index-3.c index 8eb6061..86bdede 100644 --- a/gcc/testsuite/gcc.dg/analyzer/torture/taint-read-index-3.c +++ b/gcc/testsuite/gcc.dg/analyzer/torture/taint-read-index-3.c @@ -1,5 +1,3 @@ -// TODO: remove need for the taint option: -/* { dg-additional-options "-fanalyzer-checker=taint" } */ /* { dg-skip-if "" { *-*-* } { "-fno-fat-lto-objects" } { "" } } */ struct raw_ep { diff --git a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-1-fixed.c b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-1-fixed.c index 0ca8137..51526b8 100644 --- a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-1-fixed.c +++ b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-1-fixed.c @@ -1,7 +1,6 @@ /* { dg-do compile } */ -// TODO: remove need for -fanalyzer-checker=taint here: -/* { dg-options "-fanalyzer -fanalyzer-checker=taint" } */ /* { dg-require-effective-target analyzer } */ +/* { dg-additional-options "-Wno-pedantic" } */ /* See notes in this header. */ #include "taint-CVE-2011-0521.h" diff --git a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-1.c b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-1.c index cde12b3..3d11a75 100644 --- a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-1.c +++ b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-1.c @@ -1,6 +1,5 @@ /* { dg-do compile } */ -// TODO: remove need for -fanalyzer-checker=taint here: -/* { dg-options "-fanalyzer -fanalyzer-checker=taint" } */ +/* { dg-additional-options "-Wno-pedantic" } */ /* { dg-require-effective-target analyzer } */ /* See notes in this header. */ diff --git a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-2-fixed.c b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-2-fixed.c index 8a211ce..d035266 100644 --- a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-2-fixed.c +++ b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-2-fixed.c @@ -1,14 +1,10 @@ /* { dg-do compile } */ -// TODO: remove need for -fanalyzer-checker=taint here: -/* { dg-options "-fanalyzer -fanalyzer-checker=taint" } */ +/* { dg-additional-options "-Wno-pedantic" } */ /* { dg-require-effective-target analyzer } */ /* See notes in this header. */ #include "taint-CVE-2011-0521.h" -// TODO: remove need for this option -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - /* Adapted from drivers/media/dvb/ttpci/av7110_ca.c */ int dvb_ca_ioctl(struct file *file, unsigned int cmd, void *parg) diff --git a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-2.c b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-2.c index 30cab38..5270e22 100644 --- a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-2.c +++ b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-2.c @@ -1,7 +1,6 @@ /* { dg-do compile } */ -// TODO: remove need for -fanalyzer-checker=taint here: -/* { dg-options "-fanalyzer -fanalyzer-checker=taint" } */ /* { dg-require-effective-target analyzer } */ +/* { dg-additional-options "-Wno-pedantic" } */ /* See notes in this header. */ #include "taint-CVE-2011-0521.h" diff --git a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-3-fixed.c b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-3-fixed.c index b7852b4..b8268fa 100644 --- a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-3-fixed.c +++ b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-3-fixed.c @@ -1,14 +1,10 @@ /* { dg-do compile } */ -// TODO: remove need for -fanalyzer-checker=taint here: -/* { dg-options "-fanalyzer -fanalyzer-checker=taint" } */ /* { dg-require-effective-target analyzer } */ +/* { dg-additional-options "-Wno-pedantic" } */ /* See notes in this header. */ #include "taint-CVE-2011-0521.h" -// TODO: remove need for this option -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - /* Adapted from drivers/media/dvb/ttpci/av7110_ca.c */ int dvb_ca_ioctl(struct file *file, unsigned int cmd, void *parg) diff --git a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-3.c b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-3.c index 6b9e034..86868a0 100644 --- a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-3.c +++ b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-3.c @@ -1,7 +1,6 @@ /* { dg-do compile } */ -// TODO: remove need for -fanalyzer-checker=taint here: -/* { dg-options "-fanalyzer -fanalyzer-checker=taint" } */ /* { dg-require-effective-target analyzer } */ +/* { dg-additional-options "-Wno-pedantic" } */ /* See notes in this header. */ #include "taint-CVE-2011-0521.h" @@ -21,7 +20,7 @@ int dvb_ca_ioctl(struct file *file, unsigned int cmd, void *parg) if (info->num > 1) return -EINVAL; av7110->ci_slot[info->num].num = info->num; /* { dg-warning "attacker-controlled value" "" { xfail *-*-* } } */ - // TODO(xfail) + /* TODO(xfail). */ av7110->ci_slot[info->num].type = FW_CI_LL_SUPPORT(av7110->arm_app) ? CA_CI_LINK : CA_CI; memcpy(info, &av7110->ci_slot[info->num], sizeof(ca_slot_info_t)); diff --git a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-4.c b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-4.c index f314c64..06b3468 100644 --- a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-4.c +++ b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-4.c @@ -1,8 +1,7 @@ /* { dg-do compile } */ -// TODO: remove need for -fanalyzer-checker=taint here: // TODO: remove need for --param=analyzer-max-svalue-depth=25 here: -/* { dg-options "-fanalyzer -fanalyzer-checker=taint --param=analyzer-max-svalue-depth=25" } */ -/* { dg-options "-fanalyzer -fanalyzer-checker=taint" } */ +/* { dg-options "-fanalyzer --param=analyzer-max-svalue-depth=25" } */ +/* { dg-additional-options "-Wno-pedantic" } */ /* { dg-require-effective-target analyzer } */ /* See notes in this header. */ @@ -32,11 +31,10 @@ int test_1(struct file *file, unsigned int cmd, unsigned long arg) if (info->num > 1) return -EINVAL; - av7110->ci_slot[info->num].num = info->num; /* { dg-warning "attacker-controlled value" "" { xfail *-*-* } } */ - // TODO(xfail) - av7110->ci_slot[info->num].type = FW_CI_LL_SUPPORT(av7110->arm_app) ? + av7110->ci_slot[info->num].num = info->num; /* { dg-warning "attacker-controlled value" } */ + av7110->ci_slot[info->num].type = FW_CI_LL_SUPPORT(av7110->arm_app) ? /* { dg-warning "attacker-controlled value" } */ CA_CI_LINK : CA_CI; - memcpy(info, &av7110->ci_slot[info->num], sizeof(ca_slot_info_t)); + memcpy(info, &av7110->ci_slot[info->num], sizeof(ca_slot_info_t)); /* { dg-warning "attacker-controlled value" } */ } copy_to_user((void __user *)arg, parg, sizeof(sbuf)); diff --git a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-5-fixed.c b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-5-fixed.c index 2e74770..076ada3 100644 --- a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-5-fixed.c +++ b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-5-fixed.c @@ -1,7 +1,7 @@ /* { dg-do compile } */ -// TODO: remove need for -fanalyzer-checker=taint here: // TODO: remove need for --param=analyzer-max-svalue-depth=25 here: -/* { dg-options "-fanalyzer -fanalyzer-checker=taint --param=analyzer-max-svalue-depth=25" } */ +/* { dg-options "-fanalyzer --param=analyzer-max-svalue-depth=25" } */ +/* { dg-additional-options "-Wno-pedantic" } */ /* { dg-require-effective-target analyzer } */ /* On darwin, system headers are fortified, which defeats the analysis. Turn it off. */ diff --git a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-5.c b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-5.c index 021d458..e27ee46 100644 --- a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-5.c +++ b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-5.c @@ -1,7 +1,7 @@ /* { dg-do compile } */ -// TODO: remove need for -fanalyzer-checker=taint here: // TODO: remove need for --param=analyzer-max-svalue-depth=25 here: -/* { dg-options "-fanalyzer -fanalyzer-checker=taint --param=analyzer-max-svalue-depth=25" } */ +/* { dg-options "-fanalyzer --param=analyzer-max-svalue-depth=25" } */ +/* { dg-additional-options "-Wno-pedantic" } */ /* { dg-require-effective-target analyzer } */ /* On darwin, system headers are fortified, which defeats the analysis. Turn it off. */ diff --git a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-6.c b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-6.c index f27e9eb..fea70ee 100644 --- a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-6.c +++ b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-6.c @@ -1,7 +1,7 @@ /* { dg-do compile } */ -// TODO: remove need for -fanalyzer-checker=taint here: // TODO: remove need for --param=analyzer-max-svalue-depth=25 here: -/* { dg-options "-fanalyzer -fanalyzer-checker=taint --param=analyzer-max-svalue-depth=25" } */ +/* { dg-options "-fanalyzer --param=analyzer-max-svalue-depth=25" } */ +/* { dg-additional-options "-Wno-pedantic" } */ /* { dg-require-effective-target analyzer } */ /* On darwin, system headers are fortified, which defeats the analysis. Turn it off. */ diff --git a/gcc/testsuite/gcc.dg/plugin/taint-antipatterns-1.c b/gcc/testsuite/gcc.dg/plugin/taint-antipatterns-1.c index 6bb6f1b..cdd9a4f 100644 --- a/gcc/testsuite/gcc.dg/plugin/taint-antipatterns-1.c +++ b/gcc/testsuite/gcc.dg/plugin/taint-antipatterns-1.c @@ -1,6 +1,5 @@ /* { dg-do compile } */ -// TODO: remove need for -fanalyzer-checker=taint here: -/* { dg-options "-fanalyzer -fanalyzer-checker=taint" } */ +/* { dg-options "-fanalyzer" } */ /* { dg-require-effective-target analyzer } */ #include "test-uaccess.h" |