diff options
| -rw-r--r-- | gcc/analyzer/sm-fd.cc | 6 | ||||
| -rw-r--r-- | gcc/analyzer/sm-fd.dot | 6 | ||||
| -rw-r--r-- | gcc/testsuite/gcc.dg/analyzer/fd-bind-pr107928.c | 10 | ||||
| -rw-r--r-- | gcc/testsuite/gcc.dg/analyzer/fd-connect-pr107928.c | 10 | ||||
| -rw-r--r-- | gcc/testsuite/gcc.dg/analyzer/fd-stream-socket-active-open.c | 31 | ||||
| -rw-r--r-- | gcc/testsuite/gcc.dg/analyzer/fd-stream-socket-passive-open.c | 98 |
6 files changed, 159 insertions, 2 deletions
diff --git a/gcc/analyzer/sm-fd.cc b/gcc/analyzer/sm-fd.cc index 794733e..799847c 100644 --- a/gcc/analyzer/sm-fd.cc +++ b/gcc/analyzer/sm-fd.cc @@ -1861,7 +1861,8 @@ fd_state_machine::on_bind (const call_details &cd, next_state = m_bound_datagram_socket; else if (old_state == m_new_unknown_socket) next_state = m_bound_unknown_socket; - else if (old_state == m_start) + else if (old_state == m_start + || old_state == m_constant_fd) next_state = m_bound_unknown_socket; else if (old_state == m_stop) next_state = m_stop; @@ -2116,7 +2117,8 @@ fd_state_machine::on_connect (const call_details &cd, next_state = m_new_datagram_socket; else if (old_state == m_new_unknown_socket) next_state = m_stop; - else if (old_state == m_start) + else if (old_state == m_start + || old_state == m_constant_fd) next_state = m_stop; else if (old_state == m_stop) next_state = m_stop; diff --git a/gcc/analyzer/sm-fd.dot b/gcc/analyzer/sm-fd.dot index da925b0..d7676b1 100644 --- a/gcc/analyzer/sm-fd.dot +++ b/gcc/analyzer/sm-fd.dot @@ -27,6 +27,9 @@ digraph "fd" { /* Start state. */ start; + /* State for a constant file descriptor (>= 0). */ + constant_fd; + /* States representing a file descriptor that hasn't yet been checked for validity after opening, for three different access modes. */ @@ -129,6 +132,7 @@ digraph "fd" { /* On "bind". */ start -> bound_unknown_socket [label="when 'bind(X, ...)' succeeds"]; + constant_fd -> bound_unknown_socket [label="when 'bind(X, ...)' succeeds"]; new_stream_socket -> bound_stream_socket [label="when 'bind(X, ...)' succeeds"]; new_datagram_socket -> bound_datagram_socket [label="when 'bind(X, ...)' succeeds"]; new_unknown_socket -> bound_unknown_socket [label="when 'bind(X, ...)' succeeds"]; @@ -140,12 +144,14 @@ digraph "fd" { /* On "accept". */ start -> connected_stream_socket [label="when 'accept(OTHER, ...)' succeeds on a listening_stream_socket"]; + constant_fd -> connected_stream_socket [label="when 'accept(OTHER, ...)' succeeds on a listening_stream_socket"]; /* On "connect". */ new_stream_socket -> connected_stream_socket [label="when 'connect(X, ...)' succeeds"]; new_datagram_socket -> new_datagram_socket [label="when 'connect(X, ...)' succeeds"]; new_unknown_socket -> stop [label="when 'connect(X, ...)' succeeds"]; start -> stop [label="when 'connect(X, ...)' succeeds"]; + constant_fd -> stop [label="when 'connect(X, ...)' succeeds"]; /* on_condition. */ unchecked_read_write -> valid_read_write [label="on 'X >= 0'"]; diff --git a/gcc/testsuite/gcc.dg/analyzer/fd-bind-pr107928.c b/gcc/testsuite/gcc.dg/analyzer/fd-bind-pr107928.c new file mode 100644 index 0000000..acc1a1d --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/fd-bind-pr107928.c @@ -0,0 +1,10 @@ +struct sa {}; + +int +bind (int, struct sa *, int); + +int +foo (struct sa sa) +{ + return bind (1, &sa, sizeof sa); +} diff --git a/gcc/testsuite/gcc.dg/analyzer/fd-connect-pr107928.c b/gcc/testsuite/gcc.dg/analyzer/fd-connect-pr107928.c new file mode 100644 index 0000000..f3bdc87 --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/fd-connect-pr107928.c @@ -0,0 +1,10 @@ +struct sa {}; + +int +connect (int, struct sa *, int); + +int +foo (struct sa sa) +{ + return connect (1, &sa, sizeof sa); +} diff --git a/gcc/testsuite/gcc.dg/analyzer/fd-stream-socket-active-open.c b/gcc/testsuite/gcc.dg/analyzer/fd-stream-socket-active-open.c index 841894c..89ea82e 100644 --- a/gcc/testsuite/gcc.dg/analyzer/fd-stream-socket-active-open.c +++ b/gcc/testsuite/gcc.dg/analyzer/fd-stream-socket-active-open.c @@ -74,3 +74,34 @@ void test_active_open_from_connect (int fd, const char *sockname, void *buf) close (fd); __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-stop'" } */ } + +void test_active_open_from_connect_constant (const char *sockname, void *buf) +{ + const int fd = 42; + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-constant'" } */ + + struct sockaddr_un addr; + memset (&addr, 0, sizeof (addr)); + addr.sun_family = AF_UNIX; + strncpy (addr.sun_path, sockname, sizeof(addr.sun_path) - 1); + + errno = 0; + if (connect (fd, (struct sockaddr *)&addr, sizeof (addr)) == -1) + { + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-constant'" } */ + __analyzer_eval (errno > 0); /* { dg-warning "TRUE" } */ + close (fd); + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-closed'" } */ + return; + } + + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-stop'" } */ + __analyzer_eval (errno == 0); /* { dg-warning "TRUE" } */ + __analyzer_eval (fd >= 0); /* { dg-warning "TRUE" } */ + + write (fd, "hello", 6); + read (fd, buf, 100); + + close (fd); + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-stop'" } */ +} diff --git a/gcc/testsuite/gcc.dg/analyzer/fd-stream-socket-passive-open.c b/gcc/testsuite/gcc.dg/analyzer/fd-stream-socket-passive-open.c index a610911..8af5290 100644 --- a/gcc/testsuite/gcc.dg/analyzer/fd-stream-socket-passive-open.c +++ b/gcc/testsuite/gcc.dg/analyzer/fd-stream-socket-passive-open.c @@ -129,6 +129,62 @@ void test_passive_open_from_bind (int fd, const char *sockname, void *buf) __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-closed'" } */ } +void test_passive_open_from_bind_constant (const char *sockname, void *buf) +{ + const int fd = 42; + struct sockaddr_un addr; + int afd; + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-constant'" } */ + memset (&addr, 0, sizeof (addr)); + addr.sun_family = AF_UNIX; + strncpy (addr.sun_path, sockname, sizeof(addr.sun_path) - 1); + errno = 0; + if (bind (fd, (struct sockaddr *)&addr, sizeof (addr)) == -1) + { + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-constant'" } */ + __analyzer_eval (errno > 0); /* { dg-warning "TRUE" } */ + close (fd); + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-closed'" } */ + return; + } + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-bound-unknown-socket'" } */ + __analyzer_eval (errno == 0); /* { dg-warning "TRUE" } */ + __analyzer_eval (fd >= 0); /* { dg-warning "TRUE" } */ + if (listen (fd, 5) == -1) + { + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-bound-unknown-socket'" } */ + __analyzer_eval (errno > 0); /* { dg-warning "TRUE" } */ + close (fd); + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-closed'" } */ + return; + } + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-listening-stream-socket'" } */ + __analyzer_eval (errno == 0); /* { dg-warning "TRUE" } */ + __analyzer_eval (fd >= 0); /* { dg-warning "TRUE" } */ + afd = accept (fd, NULL, NULL); + if (afd == -1) + { + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-listening-stream-socket'" } */ + __analyzer_eval (errno > 0); /* { dg-warning "TRUE" } */ + close (fd); + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-closed'" } */ + return; + } + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-listening-stream-socket'" } */ + __analyzer_dump_state ("file-descriptor", afd); /* { dg-warning "state: 'fd-connected-stream-socket'" } */ + __analyzer_eval (errno == 0); /* { dg-warning "TRUE" } */ + __analyzer_eval (fd >= 0); /* { dg-warning "TRUE" } */ + __analyzer_eval (afd >= 0); /* { dg-warning "TRUE" } */ + + write (afd, "hello", 6); + read (afd, buf, 100); + + close (afd); + close (fd); + __analyzer_dump_state ("file-descriptor", afd); /* { dg-warning "state: 'fd-closed'" } */ + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-closed'" } */ +} + void test_passive_open_from_listen (int fd, void *buf) { int afd; @@ -169,6 +225,48 @@ void test_passive_open_from_listen (int fd, void *buf) __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-closed'" } */ } + +void test_passive_open_from_listen_constant (void *buf) +{ + const int fd = 42; + int afd; + errno = 0; + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-constant'" } */ + if (listen (fd, 5) == -1) + { + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-constant'" } */ + __analyzer_eval (errno > 0); /* { dg-warning "TRUE" } */ + close (fd); + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-closed'" } */ + return; + } + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-listening-stream-socket'" } */ + __analyzer_eval (errno == 0); /* { dg-warning "TRUE" } */ + __analyzer_eval (fd >= 0); /* { dg-warning "TRUE" } */ + afd = accept (fd, NULL, NULL); + if (afd == -1) + { + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-listening-stream-socket'" } */ + __analyzer_eval (errno > 0); /* { dg-warning "TRUE" } */ + close (fd); + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-closed'" } */ + return; + } + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-listening-stream-socket'" } */ + __analyzer_dump_state ("file-descriptor", afd); /* { dg-warning "state: 'fd-connected-stream-socket'" } */ + __analyzer_eval (errno == 0); /* { dg-warning "TRUE" } */ + __analyzer_eval (fd >= 0); /* { dg-warning "TRUE" } */ + __analyzer_eval (afd >= 0); /* { dg-warning "TRUE" } */ + + write (afd, "hello", 6); + read (afd, buf, 100); + + close (afd); + close (fd); + __analyzer_dump_state ("file-descriptor", afd); /* { dg-warning "state: 'fd-closed'" } */ + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-closed'" } */ +} + void test_passive_open_from_accept (int fd, void *buf) { int afd; |