diff options
| author | David Malcolm <dmalcolm@redhat.com> | 2023-01-18 11:41:47 -0500 |
|---|---|---|
| committer | David Malcolm <dmalcolm@redhat.com> | 2023-01-18 11:41:47 -0500 |
| commit | c6a011119bfa038ccbfc9f123ede14a3d6237fab (patch) | |
| tree | baae1550f38ae7b4cb3269475597a347b72a9b23 /gcc/selftest.h | |
| parent | db959e250077ae6b4fc08f53fb322719582c5de6 (diff) | |
| download | gcc-c6a011119bfa038ccbfc9f123ede14a3d6237fab.zip gcc-c6a011119bfa038ccbfc9f123ede14a3d6237fab.tar.gz gcc-c6a011119bfa038ccbfc9f123ede14a3d6237fab.tar.bz2 | |
analyzer: add SARD testsuite 81
A 2013 paper [1] proposed 5 simple tests for evaluating the
effectiveness of static analysis tools at detecting
CWE-121 ("Stack-based Buffer Overflow").
The tests can be found in:
https://samate.nist.gov/SARD/test-suites/81
This patch adds theses 5 tests to -fanalyzer's testsuite, lightly
modified to add DejaGnu directives.
This is for unit-testing; for broader testing of -fanalyzer I'm working
on a separate integration testing suite that builds various real-world C
projects with -fanalyzer, currently here:
https://github.com/davidmalcolm/gcc-analyzer-integration-tests
[1] Black, P. , Koo, H. and Irish, T. (2013), A Basic CWE-121 Buffer Overflow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Dependable Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=913117 (Accessed January 17, 2023)
gcc/testsuite/ChangeLog:
* gcc.dg/analyzer/SARD-tc117-basic-00001-min.c: New test, adapted
from https://samate.nist.gov/SARD/test-suites/81.
* gcc.dg/analyzer/SARD-tc1909-stack_overflow_loop.c: Likewise.
* gcc.dg/analyzer/SARD-tc249-basic-00034-min.c: Likewise.
* gcc.dg/analyzer/SARD-tc293-basic-00045-min.c: Likewise.
* gcc.dg/analyzer/SARD-tc841-basic-00182-min.c: Likewise.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
Diffstat (limited to 'gcc/selftest.h')
0 files changed, 0 insertions, 0 deletions