diff options
| author | benjamin priour <vultkayn@gcc.gnu.org> | 2023-08-27 14:36:14 +0200 |
|---|---|---|
| committer | benjamin priour <vultkayn@gcc.gnu.org> | 2023-08-27 14:50:43 +0200 |
| commit | 55f6a7d949abc708d1c6ebc01eb3053f96d1472b (patch) | |
| tree | cf251e1e9b38eb84c9cfa0fbf98404e2688779ff /gcc/analyzer/sm-malloc.cc | |
| parent | 7997f0d35efca8a24d1b0ceae5066b1019d633d7 (diff) | |
| download | gcc-55f6a7d949abc708d1c6ebc01eb3053f96d1472b.zip gcc-55f6a7d949abc708d1c6ebc01eb3053f96d1472b.tar.gz gcc-55f6a7d949abc708d1c6ebc01eb3053f96d1472b.tar.bz2 | |
analyzer: Move gcc.dg/analyzer tests to c-c++-common (1) [PR96395]
First batch of moving tests from under gcc.dg/analyzer into
c-c++-common/analyzer.
C builtins are not recognized as such by C++, therefore
this patch no longer uses tree.h:fndecl_built_in_p to recognize
a builtin function, but rather the function names.
Thus functions named as C builtins - such as calloc, sprintf ... -
are recognized as such both in C and C++ sources by the analyzer.
For user-declared functions named after builtins, the latters' function_decl
tree are now preferred over the function_decl the user declared, even
when the FE consider their declaration to mismatch
(Wbuiltin-declaration-mismatch emitted). This mainly comes into account
in the handling of these function attributes : the analyzer uses
the builtin's attributes defined in gcc/builtins.def.
Signed-off-by: benjamin priour <priour.be@gmail.com>
gcc/analyzer/ChangeLog:
PR analyzer/96395
* analyzer.h (class known_function): Add virtual casts
to builtin_known_function.
(class builtin_known_function): New subclass of known_function
for builtins.
* kf.cc (class kf_alloca): Now derived from
builtin_known_function.
(class kf_calloc): Likewise.
(class kf_free): Likewise.
(class kf_malloc): Likewise.
(class kf_memcpy_memmove): Likewise.
(class kf_memset): Likewise.
(class kf_realloc): Likewise.
(class kf_strchr): Likewise.
(class kf_sprintf): Likewise.
(class kf_strcat): Likewise.
(class kf_strcpy): Likewise.
(class kf_strdup): Likewise.
(class kf_strlen): Likewise.
(class kf_strndup): Likewise.
(register_known_functions): Builtins are now registered as
known_functions by name rather than by their BUILTIN_CODE.
* known-function-manager.cc (get_normal_builtin): New overload.
* known-function-manager.h: New overload declaration.
* region-model.cc (region_model::get_builtin_kf): New function.
* region-model.h (class region_model): Add declaration of
get_builtin_kf.
* sm-fd.cc: For called recognized as builtins, use the
attributes of that builtin as defined in gcc/builtins.def
rather than the user's.
* sm-malloc.cc (malloc_state_machine::on_stmt): Likewise.
gcc/testsuite/ChangeLog:
PR analyzer/96395
* gcc.dg/analyzer/aliasing-3.c: Moved to...
* c-c++-common/analyzer/aliasing-3.c: ...here.
* gcc.dg/analyzer/aliasing-pr106473.c: Moved to...
* c-c++-common/analyzer/aliasing-pr106473.c: ...here.
* gcc.dg/analyzer/asm-x86-dyndbg-2.c: Moved to...
* c-c++-common/analyzer/asm-x86-dyndbg-2.c: ...here.
* gcc.dg/analyzer/asm-x86-lp64-2.c: Moved to...
* c-c++-common/analyzer/asm-x86-lp64-2.c: ...here.
* gcc.dg/analyzer/atomic-builtins-haproxy-proxy.c: Moved to...
* c-c++-common/analyzer/atomic-builtins-haproxy-proxy.c: ...here.
* gcc.dg/analyzer/atomic-builtins-qemu-sockets.c: Moved to...
* c-c++-common/analyzer/atomic-builtins-qemu-sockets.c: ...here.
* gcc.dg/analyzer/attr-malloc-6.c: Moved to...
* c-c++-common/analyzer/attr-malloc-6.c: ...here.
* gcc.dg/analyzer/attr-malloc-CVE-2019-19078-usb-leak.c: Moved to...
* c-c++-common/analyzer/attr-malloc-CVE-2019-19078-usb-leak.c: ...here.
* gcc.dg/analyzer/attr-tainted_args-1.c: Moved to...
* c-c++-common/analyzer/attr-tainted_args-1.c: ...here.
* gcc.dg/analyzer/call-summaries-pr107158.c: Moved to...
* c-c++-common/analyzer/call-summaries-pr107158.c: ...here.
* gcc.dg/analyzer/calloc-1.c: Moved to...
* c-c++-common/analyzer/calloc-1.c: ...here.
* gcc.dg/analyzer/compound-assignment-5.c: Moved to...
* c-c++-common/analyzer/compound-assignment-5.c: ...here.
* gcc.dg/analyzer/coreutils-cksum-pr108664.c: Moved to...
* c-c++-common/analyzer/coreutils-cksum-pr108664.c: ...here.
* gcc.dg/analyzer/coreutils-sum-pr108666.c: Moved to...
* c-c++-common/analyzer/coreutils-sum-pr108666.c: ...here.
* gcc.dg/analyzer/deref-before-check-pr108455-1.c: Moved to...
* c-c++-common/analyzer/deref-before-check-pr108455-1.c: ...here.
* gcc.dg/analyzer/deref-before-check-pr108455-git-pack-revindex.c: Moved to...
* c-c++-common/analyzer/deref-before-check-pr108455-git-pack-revindex.c: ...here.
* gcc.dg/analyzer/deref-before-check-pr108475-1.c: Moved to...
* c-c++-common/analyzer/deref-before-check-pr108475-1.c: ...here.
* gcc.dg/analyzer/deref-before-check-pr108475-haproxy-tcpcheck.c: Moved to...
* c-c++-common/analyzer/deref-before-check-pr108475-haproxy-tcpcheck.c: ...here.
* gcc.dg/analyzer/deref-before-check-pr109060-haproxy-cfgparse.c: Moved to...
* c-c++-common/analyzer/deref-before-check-pr109060-haproxy-cfgparse.c: ...here.
* gcc.dg/analyzer/deref-before-check-pr109239-linux-bus.c: Moved to...
* c-c++-common/analyzer/deref-before-check-pr109239-linux-bus.c: ...here.
* gcc.dg/analyzer/deref-before-check-pr77425.c: Moved to...
* c-c++-common/analyzer/deref-before-check-pr77425.c: ...here.
* gcc.dg/analyzer/exec-1.c: Moved to...
* c-c++-common/analyzer/exec-1.c: ...here.
* gcc.dg/analyzer/feasibility-3.c: Moved to...
* c-c++-common/analyzer/feasibility-3.c: ...here.
* gcc.dg/analyzer/fields.c: Moved to...
* c-c++-common/analyzer/fields.c: ...here.
* gcc.dg/analyzer/function-ptr-5.c: Moved to...
* c-c++-common/analyzer/function-ptr-5.c: ...here.
* gcc.dg/analyzer/infinite-recursion-pr108524-1.c: Moved to...
* c-c++-common/analyzer/infinite-recursion-pr108524-1.c: ...here.
* gcc.dg/analyzer/infinite-recursion-pr108524-2.c: Moved to...
* c-c++-common/analyzer/infinite-recursion-pr108524-2.c: ...here.
* gcc.dg/analyzer/infinite-recursion-pr108524-qobject-json-parser.c: Moved to...
* c-c++-common/analyzer/infinite-recursion-pr108524-qobject-json-parser.c: ...here.
* gcc.dg/analyzer/init.c: Moved to...
* c-c++-common/analyzer/init.c: ...here.
* gcc.dg/analyzer/inlining-3-multiline.c: Moved to...
* c-c++-common/analyzer/inlining-3-multiline.c: ...here.
* gcc.dg/analyzer/inlining-3.c: Moved to...
* c-c++-common/analyzer/inlining-3.c: ...here.
* gcc.dg/analyzer/inlining-4-multiline.c: Moved to...
* c-c++-common/analyzer/inlining-4-multiline.c: ...here.
* gcc.dg/analyzer/inlining-4.c: Moved to...
* c-c++-common/analyzer/inlining-4.c: ...here.
* gcc.dg/analyzer/leak-pr105906.c: Moved to...
* c-c++-common/analyzer/leak-pr105906.c: ...here.
* gcc.dg/analyzer/leak-pr108045-with-call-summaries.c: Moved to...
* c-c++-common/analyzer/leak-pr108045-with-call-summaries.c: ...here.
* gcc.dg/analyzer/leak-pr108045-without-call-summaries.c: Moved to...
* c-c++-common/analyzer/leak-pr108045-without-call-summaries.c: ...here.
* gcc.dg/analyzer/leak-pr109059-1.c: Moved to...
* c-c++-common/analyzer/leak-pr109059-1.c: ...here.
* gcc.dg/analyzer/leak-pr109059-2.c: Moved to...
* c-c++-common/analyzer/leak-pr109059-2.c: ...here.
* gcc.dg/analyzer/malloc-2.c: Moved to...
* c-c++-common/analyzer/malloc-2.c: ...here.
* gcc.dg/analyzer/memcpy-2.c: Moved to...
* c-c++-common/analyzer/memcpy-2.c: ...here.
* gcc.dg/analyzer/null-deref-pr108251-smp_fetch_ssl_fc_has_early-O2.c: Moved to...
* c-c++-common/analyzer/null-deref-pr108251-smp_fetch_ssl_fc_has_early-O2.c: ...here.
* gcc.dg/analyzer/null-deref-pr108251-smp_fetch_ssl_fc_has_early.c: Moved to...
* c-c++-common/analyzer/null-deref-pr108251-smp_fetch_ssl_fc_has_early.c: ...here.
* gcc.dg/analyzer/null-deref-pr108806-qemu.c: Moved to...
* c-c++-common/analyzer/null-deref-pr108806-qemu.c: ...here.
* gcc.dg/analyzer/null-deref-pr108830.c: Moved to...
* c-c++-common/analyzer/null-deref-pr108830.c: ...here.
* gcc.dg/analyzer/pr101962.c: Moved to...
* c-c++-common/analyzer/pr101962.c: ...here.
* gcc.dg/analyzer/pr103217-2.c: Moved to...
* c-c++-common/analyzer/pr103217-2.c: ...here.
* gcc.dg/analyzer/pr103217.c: Moved to...
* c-c++-common/analyzer/pr103217.c: ...here.
* gcc.dg/analyzer/pr104029.c: Moved to...
* c-c++-common/analyzer/pr104029.c: ...here.
* gcc.dg/analyzer/pr104062.c: Moved to...
* c-c++-common/analyzer/pr104062.c: ...here.
* gcc.dg/analyzer/pr105783.c: Moved to...
* c-c++-common/analyzer/pr105783.c: ...here.
* gcc.dg/analyzer/pr107345.c: Moved to...
* c-c++-common/analyzer/pr107345.c: ...here.
* gcc.dg/analyzer/pr93695-1.c: Moved to...
* c-c++-common/analyzer/pr93695-1.c: ...here.
* gcc.dg/analyzer/pr94596.c: Moved to...
* c-c++-common/analyzer/pr94596.c: ...here.
* gcc.dg/analyzer/pr94839.c: Moved to...
* c-c++-common/analyzer/pr94839.c: ...here.
* gcc.dg/analyzer/pr95152-4.c: C only.
* gcc.dg/analyzer/pr95152-5.c: C only.
* gcc.dg/analyzer/pr95240.c: Moved to...
* c-c++-common/analyzer/pr95240.c: ...here.
* gcc.dg/analyzer/pr96639.c: Moved to...
* c-c++-common/analyzer/pr96639.c: ...here.
* gcc.dg/analyzer/pr96653.c: Moved to...
* c-c++-common/analyzer/pr96653.c: ...here.
* gcc.dg/analyzer/pr96792.c: Moved to...
* c-c++-common/analyzer/pr96792.c: ...here.
* gcc.dg/analyzer/pr96841.c: Moved to...
* c-c++-common/analyzer/pr96841.c: ...here.
* gcc.dg/analyzer/pr98564.c: Moved to...
* c-c++-common/analyzer/pr98564.c: ...here.
* gcc.dg/analyzer/pr98628.c: Moved to...
* c-c++-common/analyzer/pr98628.c: ...here.
* gcc.dg/analyzer/pr98969.c: Moved to...
* c-c++-common/analyzer/pr98969.c: ...here.
* gcc.dg/analyzer/pr99193-2.c: Moved to...
* c-c++-common/analyzer/pr99193-2.c: ...here.
* gcc.dg/analyzer/pr99193-3.c: Moved to...
* c-c++-common/analyzer/pr99193-3.c: ...here.
* gcc.dg/analyzer/pr99716-1.c: Moved to...
* c-c++-common/analyzer/pr99716-1.c: ...here.
* gcc.dg/analyzer/pr99774-1.c: Moved to...
* c-c++-common/analyzer/pr99774-1.c: ...here.
* gcc.dg/analyzer/realloc-1.c: Moved to...
* c-c++-common/analyzer/realloc-1.c: ...here.
* gcc.dg/analyzer/realloc-2.c: Moved to...
* c-c++-common/analyzer/realloc-2.c: ...here.
* gcc.dg/analyzer/realloc-3.c: Moved to...
* c-c++-common/analyzer/realloc-3.c: ...here.
* gcc.dg/analyzer/realloc-4.c: Moved to...
* c-c++-common/analyzer/realloc-4.c: ...here.
* gcc.dg/analyzer/realloc-5.c: Moved to...
* c-c++-common/analyzer/realloc-5.c: ...here.
* gcc.dg/analyzer/realloc-pr110014.c: Moved to...
* c-c++-common/analyzer/realloc-pr110014.c: ...here.
* gcc.dg/analyzer/snprintf-concat.c: Moved to...
* c-c++-common/analyzer/snprintf-concat.c: ...here.
* gcc.dg/analyzer/sock-1.c: Moved to...
* c-c++-common/analyzer/sock-1.c: ...here.
* gcc.dg/analyzer/sprintf-concat.c: Moved to...
* c-c++-common/analyzer/sprintf-concat.c: ...here.
* gcc.dg/analyzer/string-ops-concat-pair.c: Moved to...
* c-c++-common/analyzer/string-ops-concat-pair.c: ...here.
* gcc.dg/analyzer/string-ops-dup.c: Moved to...
* c-c++-common/analyzer/string-ops-dup.c: ...here.
* gcc.dg/analyzer/switch-enum-pr105273-git-vreportf-2.c: Moved to...
* c-c++-common/analyzer/switch-enum-pr105273-git-vreportf-2.c: ...here.
* gcc.dg/analyzer/symbolic-12.c: Moved to...
* c-c++-common/analyzer/symbolic-12.c: ...here.
* gcc.dg/analyzer/uninit-alloca.c: Moved to...
* c-c++-common/analyzer/uninit-alloca.c: ...here.
* gcc.dg/analyzer/untracked-2.c: Moved to...
* c-c++-common/analyzer/untracked-2.c: ...here.
* gcc.dg/analyzer/vasprintf-1.c: Moved to...
* c-c++-common/analyzer/vasprintf-1.c: ...here.
* gcc.dg/analyzer/write-to-const-1.c: Moved to...
* c-c++-common/analyzer/write-to-const-1.c: ...here.
* gcc.dg/analyzer/write-to-function-1.c: C only.
* gcc.dg/analyzer/write-to-string-literal-1.c: Moved to...
* c-c++-common/analyzer/write-to-string-literal-1.c: ...here.
* gcc.dg/analyzer/write-to-string-literal-4-disabled.c: Moved to...
* c-c++-common/analyzer/write-to-string-literal-4-disabled.c: ...here.
* gcc.dg/analyzer/write-to-string-literal-5.c: Moved to...
* c-c++-common/analyzer/write-to-string-literal-5.c: ...here.
* g++.dg/analyzer/analyzer.exp: Now also run tests under
c-c++-common/analyzer.
* gcc.dg/analyzer/analyzer-decls.h: Add NULL definition.
* gcc.dg/analyzer/analyzer.exp: Now also run tests under
c-c++-common/analyzer.
* gcc.dg/analyzer/pr104369-1.c: C only.
* gcc.dg/analyzer/pr104369-2.c: Likewise.
* gcc.dg/analyzer/pr93355-localealias-feasibility-2.c: Likewise.
* gcc.dg/analyzer/sprintf-1.c: Split into C-only and
C++-friendly bits.
* gcc.dg/analyzer/allocation-size-multiline-1.c: Removed.
* gcc.dg/analyzer/allocation-size-multiline-2.c: Removed.
* gcc.dg/analyzer/allocation-size-multiline-3.c: Removed.
* gcc.dg/analyzer/data-model-11.c: Removed.
* gcc.dg/analyzer/pr61861.c: C only.
* gcc.dg/analyzer/pr93457.c: Removed.
* gcc.dg/analyzer/pr97568.c: Removed.
* gcc.dg/analyzer/write-to-string-literal-4.c: Removed.
* c-c++-common/analyzer/allocation-size-multiline-1.c: New test.
* c-c++-common/analyzer/allocation-size-multiline-2.c: New test.
* c-c++-common/analyzer/allocation-size-multiline-3.c: New test.
* c-c++-common/analyzer/data-model-11.c: New test.
* c-c++-common/analyzer/pr93457.c: New test.
* c-c++-common/analyzer/pr97568.c: New test.
* c-c++-common/analyzer/sprintf-2.c: C++-friendly bit of
previous gcc.dg/analyzer/sprintf-1.c.
* c-c++-common/analyzer/write-to-string-literal-4.c: New test.
Diffstat (limited to 'gcc/analyzer/sm-malloc.cc')
| -rw-r--r-- | gcc/analyzer/sm-malloc.cc | 133 |
1 files changed, 75 insertions, 58 deletions
diff --git a/gcc/analyzer/sm-malloc.cc b/gcc/analyzer/sm-malloc.cc index ec76325..2ff777d 100644 --- a/gcc/analyzer/sm-malloc.cc +++ b/gcc/analyzer/sm-malloc.cc @@ -1965,71 +1965,88 @@ malloc_state_machine::on_stmt (sm_context *sm_ctxt, malloc_state_machine *mutable_this = const_cast <malloc_state_machine *> (this); - /* Handle "__attribute__((malloc(FOO)))". */ - if (const deallocator_set *deallocators + /* Handle interesting attributes of the callee_fndecl, + or prioritize those of the builtin that callee_fndecl is expected + to be. + Might want this to be controlled by a flag. */ + { + tree fndecl = callee_fndecl; + /* If call is recognized as a builtin known_function, use that + builtin's function_decl. */ + if (const region_model *old_model = sm_ctxt->get_old_region_model ()) + if (const builtin_known_function *builtin_kf + = old_model->get_builtin_kf (call)) + fndecl = builtin_kf->builtin_decl (); + + /* Handle "__attribute__((malloc(FOO)))". */ + if (const deallocator_set *deallocators = mutable_this->get_or_create_custom_deallocator_set - (callee_fndecl)) + (fndecl)) + { + tree attrs = TYPE_ATTRIBUTES (TREE_TYPE (fndecl)); + bool returns_nonnull + = lookup_attribute ("returns_nonnull", attrs); + on_allocator_call (sm_ctxt, call, deallocators, returns_nonnull); + } + { - tree attrs = TYPE_ATTRIBUTES (TREE_TYPE (callee_fndecl)); - bool returns_nonnull - = lookup_attribute ("returns_nonnull", attrs); - on_allocator_call (sm_ctxt, call, deallocators, returns_nonnull); + /* Handle "__attribute__((nonnull))". */ + tree fntype = TREE_TYPE (fndecl); + bitmap nonnull_args = get_nonnull_args (fntype); + if (nonnull_args) + { + for (unsigned i = 0; i < gimple_call_num_args (stmt); i++) + { + tree arg = gimple_call_arg (stmt, i); + if (TREE_CODE (TREE_TYPE (arg)) != POINTER_TYPE) + continue; + /* If we have a nonnull-args, and either all pointers, or + just the specified pointers. */ + if (bitmap_empty_p (nonnull_args) + || bitmap_bit_p (nonnull_args, i)) + { + state_t state = sm_ctxt->get_state (stmt, arg); + /* Can't use a switch as the states are non-const. */ + /* Do use the fndecl that caused the warning so that the + misused attributes are printed and the user not + confused. */ + if (unchecked_p (state)) + { + tree diag_arg = sm_ctxt->get_diagnostic_tree (arg); + sm_ctxt->warn (node, stmt, arg, + make_unique<possible_null_arg> + (*this, diag_arg, fndecl, i)); + const allocation_state *astate + = as_a_allocation_state (state); + sm_ctxt->set_next_state (stmt, arg, + astate->get_nonnull ()); + } + else if (state == m_null) + { + tree diag_arg = sm_ctxt->get_diagnostic_tree (arg); + sm_ctxt->warn (node, stmt, arg, + make_unique<null_arg> + (*this, diag_arg, fndecl, i)); + sm_ctxt->set_next_state (stmt, arg, m_stop); + } + else if (state == m_start) + maybe_assume_non_null (sm_ctxt, arg, stmt); + } + } + BITMAP_FREE (nonnull_args); + } } - /* Handle "__attribute__((nonnull))". */ - { - tree fntype = TREE_TYPE (callee_fndecl); - bitmap nonnull_args = get_nonnull_args (fntype); - if (nonnull_args) + /* Check for this after nonnull, so that if we have both + then we transition to "freed", rather than "checked". */ + unsigned dealloc_argno = fndecl_dealloc_argno (fndecl); + if (dealloc_argno != UINT_MAX) { - for (unsigned i = 0; i < gimple_call_num_args (stmt); i++) - { - tree arg = gimple_call_arg (stmt, i); - if (TREE_CODE (TREE_TYPE (arg)) != POINTER_TYPE) - continue; - /* If we have a nonnull-args, and either all pointers, or just - the specified pointers. */ - if (bitmap_empty_p (nonnull_args) - || bitmap_bit_p (nonnull_args, i)) - { - state_t state = sm_ctxt->get_state (stmt, arg); - /* Can't use a switch as the states are non-const. */ - if (unchecked_p (state)) - { - tree diag_arg = sm_ctxt->get_diagnostic_tree (arg); - sm_ctxt->warn (node, stmt, arg, - make_unique<possible_null_arg> - (*this, diag_arg, callee_fndecl, i)); - const allocation_state *astate - = as_a_allocation_state (state); - sm_ctxt->set_next_state (stmt, arg, - astate->get_nonnull ()); - } - else if (state == m_null) - { - tree diag_arg = sm_ctxt->get_diagnostic_tree (arg); - sm_ctxt->warn (node, stmt, arg, - make_unique<null_arg> - (*this, diag_arg, callee_fndecl, i)); - sm_ctxt->set_next_state (stmt, arg, m_stop); - } - else if (state == m_start) - maybe_assume_non_null (sm_ctxt, arg, stmt); - } - } - BITMAP_FREE (nonnull_args); + const deallocator *d + = mutable_this->get_or_create_deallocator (fndecl); + on_deallocator_call (sm_ctxt, node, call, d, dealloc_argno); } } - - /* Check for this after nonnull, so that if we have both - then we transition to "freed", rather than "checked". */ - unsigned dealloc_argno = fndecl_dealloc_argno (callee_fndecl); - if (dealloc_argno != UINT_MAX) - { - const deallocator *d - = mutable_this->get_or_create_deallocator (callee_fndecl); - on_deallocator_call (sm_ctxt, node, call, d, dealloc_argno); - } } /* Look for pointers explicitly being compared against zero |