diff options
| author | David Malcolm <dmalcolm@redhat.com> | 2022-12-08 21:19:23 -0500 |
|---|---|---|
| committer | David Malcolm <dmalcolm@redhat.com> | 2022-12-08 21:19:23 -0500 |
| commit | cf80a23e19db83b7cb2220371d21642aa08261e0 (patch) | |
| tree | e6ca2dd6f4cb71f17a3e407e4c6cc1c3c0a8fe12 /gcc/analyzer | |
| parent | 2996b5c053d38d4543c9491258b051d6c032a011 (diff) | |
| download | gcc-cf80a23e19db83b7cb2220371d21642aa08261e0.zip gcc-cf80a23e19db83b7cb2220371d21642aa08261e0.tar.gz gcc-cf80a23e19db83b7cb2220371d21642aa08261e0.tar.bz2 | |
analyzer: handle memmove like memcpy
gcc/analyzer/ChangeLog:
* region-model-impl-calls.cc (class kf_memcpy): Rename to...
(class kf_memcpy_memmove): ...this.
(kf_memcpy::impl_call_pre): Rename to...
(kf_memcpy_memmove::impl_call_pre): ...this, and check the src for
poison.
(register_known_functions): Update for above renaming, and
register BUILT_IN_MEMMOVE and BUILT_IN_MEMMOVE_CHK.
gcc/testsuite/ChangeLog:
* gcc.dg/analyzer/memcpy-1.c (test_8a, test_8b): New tests.
* gcc.dg/analyzer/memmove-1.c: New test, based on memcpy-1.c
* gcc.dg/analyzer/out-of-bounds-1.c (test7): Update expected
result for uninit srcBuf.
* gcc.dg/analyzer/out-of-bounds-5.c (test8, test9): Add
dg-warnings for memcpy from uninit src vla.
* gcc.dg/analyzer/pr104308.c (test_memmove_within_uninit):
Expect creation point note to be missing on riscv*-*-*.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
Diffstat (limited to 'gcc/analyzer')
| -rw-r--r-- | gcc/analyzer/region-model-impl-calls.cc | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/gcc/analyzer/region-model-impl-calls.cc b/gcc/analyzer/region-model-impl-calls.cc index 6aeb9281..ff2f1b1 100644 --- a/gcc/analyzer/region-model-impl-calls.cc +++ b/gcc/analyzer/region-model-impl-calls.cc @@ -246,10 +246,12 @@ kf_malloc::impl_call_pre (const call_details &cd) const } } -/* Handler for "memcpy" and "__builtin_memcpy". */ -// TODO: complain about overlapping src and dest. +/* Handler for "memcpy" and "__builtin_memcpy", + "memmove", and "__builtin_memmove". */ +/* TODO: complain about overlapping src and dest for the memcpy + variants. */ -class kf_memcpy : public known_function +class kf_memcpy_memmove : public known_function { public: bool matches_call_types_p (const call_details &cd) const final override @@ -263,7 +265,7 @@ public: }; void -kf_memcpy::impl_call_pre (const call_details &cd) const +kf_memcpy_memmove::impl_call_pre (const call_details &cd) const { const svalue *dest_ptr_sval = cd.get_arg_svalue (0); const svalue *src_ptr_sval = cd.get_arg_svalue (1); @@ -285,6 +287,8 @@ kf_memcpy::impl_call_pre (const call_details &cd) const = mgr->get_sized_region (dest_reg, NULL_TREE, num_bytes_sval); const svalue *src_contents_sval = model->get_store_value (sized_src_reg, cd.get_ctxt ()); + model->check_for_poison (src_contents_sval, cd.get_arg_tree (1), + cd.get_ctxt ()); model->set_value (sized_dest_reg, src_contents_sval, cd.get_ctxt ()); } @@ -927,8 +931,10 @@ register_known_functions (known_function_manager &kfm) kfm.add (BUILT_IN_EXPECT_WITH_PROBABILITY, make_unique<kf_expect> ()); kfm.add (BUILT_IN_FREE, make_unique<kf_free> ()); kfm.add (BUILT_IN_MALLOC, make_unique<kf_malloc> ()); - kfm.add (BUILT_IN_MEMCPY, make_unique<kf_memcpy> ()); - kfm.add (BUILT_IN_MEMCPY_CHK, make_unique<kf_memcpy> ()); + kfm.add (BUILT_IN_MEMCPY, make_unique<kf_memcpy_memmove> ()); + kfm.add (BUILT_IN_MEMCPY_CHK, make_unique<kf_memcpy_memmove> ()); + kfm.add (BUILT_IN_MEMMOVE, make_unique<kf_memcpy_memmove> ()); + kfm.add (BUILT_IN_MEMMOVE_CHK, make_unique<kf_memcpy_memmove> ()); kfm.add (BUILT_IN_MEMSET, make_unique<kf_memset> ()); kfm.add (BUILT_IN_MEMSET_CHK, make_unique<kf_memset> ()); kfm.add (BUILT_IN_REALLOC, make_unique<kf_realloc> ()); |