diff options
Diffstat (limited to 'gcc/analyzer')
67 files changed, 4290 insertions, 2391 deletions
diff --git a/gcc/analyzer/ChangeLog b/gcc/analyzer/ChangeLog index 443dc6d..40d1ff1 100644 --- a/gcc/analyzer/ChangeLog +++ b/gcc/analyzer/ChangeLog @@ -1,3 +1,428 @@ +2025-04-29 Marc Poulhiès <dkm@kataplop.net> + + * exploded-graph.h (set_status): Rename parameter. + * constraint-manager.cc (bound::ensure_closed): Likewise. + (range::add_bound): Likewise. + +2025-04-28 David Malcolm <dmalcolm@redhat.com> + + PR analyzer/111536 + * engine.cc (maybe_update_for_edge): Update for new call_stmt + param to region_model::push_frame. + * program-state.cc (program_state::push_frame): Likewise. + * region-model.cc (region_model::update_for_gcall): Likewise. + (region_model::push_frame): Add "call_stmt" param. + Handle DECL_RESULT with DECL_BY_REFERENCE set on it by stashing + the region of the lhs of the call_stmt in the caller frame, + and writing a reference to it within the "result" in the callee + frame. + (region_model::pop_frame): Don't write back to the LHS for + DECL_BY_REFERENCE results. + (selftest::test_stack_frames): Update for new call_stmt param to + region_model::push_frame. + (selftest::test_get_representative_path_var): Likewise. + (selftest::test_state_merging): Likewise. + (selftest::test_alloca): Likewise. + * region-model.h (region_model::push_frame): Add "call_stmt" + param. + * region.cc: Include "tree-ssa.h". + (region::can_have_initial_svalue_p): Use ssa_defined_default_def_p + for ssa names, rather than special-casing it for just parameters. + This should now also cover DECL_RESULT with DECL_BY_REFERENCE and + hard registers. + * sm-signal.cc (update_model_for_signal_handler): Update for new + call_stmt param to region_model::push_frame. + * state-purge.cc (state_purge_per_decl::process_worklists): + Likewise. + +2025-04-28 David Malcolm <dmalcolm@redhat.com> + + PR analyzer/109366 + * region-model-manager.cc + (region_model_manager::maybe_fold_sub_svalue): Sub-values of zero + constants are zero. + +2025-04-28 David Malcolm <dmalcolm@redhat.com> + + PR analyzer/97111 + * analyzer.cc (is_cxa_throw_p): New. + (is_cxa_rethrow_p): New. + * analyzer.opt (Wanalyzer-throw-of-unexpected-type): New. + * analyzer.opt.urls: Regenerate. + * call-info.cc (custom_edge_info::create_enode): New. + * call-info.h (call_info::print): Drop "final". + (call_info::add_events_to_path): Likewise. + * checker-event.cc (event_kind_to_string): Add cases for + event_kind::catch_, event_kind::throw_, and event_kind::unwind. + (explicit_throw_event::print_desc): New. + (throw_from_call_to_external_fn_event::print_desc): New. + (unwind_event::print_desc): New. + * checker-event.h (enum class event_kind): Add catch_, throw_, + and unwind. + (class catch_cfg_edge_event): New. + (class throw_event): New. + (class explicit_throw_event): New. + (class throw_from_call_to_external_fn_event): New. + (class unwind_event): New. + * common.h (class eh_dispatch_cfg_superedge): New forward decl. + (class eh_dispatch_try_cfg_superedge): New forward decl. + (class eh_dispatch_allowed_cfg_superedge): New forward decl. + (custom_edge_info::create_enode): New vfunc decl. + (is_cxa_throw_p): New decl. + (is_cxa_rethrow_p): New decl. + * diagnostic-manager.cc + (diagnostic_manager::add_events_for_superedge): Special-case edges + for eh_dispach_try. + (diagnostic_manager::prune_path): Call consolidate_unwind_events. + (diagnostic_manager::prune_for_sm_diagnostic): Don't filter the new + event_kinds. + (diagnostic_manager::consolidate_unwind_events): New. + * diagnostic-manager.h + (diagnostic_manager::consolidate_unwind_events): New decl. + * engine.cc (exploded_node::on_stmt_pre): Handle "__cxa_throw", + "__cxa_rethrow", and resx statements. + (class throw_custom_edge): New. + (class unwind_custom_edge): New. + (get_eh_outedge): New. + (exploded_graph::unwind_from_exception): New. + (exploded_node::on_throw): New. + (exploded_node::on_resx): New. + (exploded_graph::get_or_create_node): Add "add_to_worklist" param + and use it. + (exploded_graph::process_node): Use edge_info's create_enode vfunc + to create enodes, rather than calling get_or_create_node directly. + Ignore CFG edges in the sgraph flagged with EH whilst we're + exploring the egraph. + (exploded_graph_annotator::print_enode): Handle case + exploded_node::status::special. + * exploded-graph.h (exploded_node::status): Add value "special". + (exploded_node::on_throw): New decl. + (exploded_node::on_resx): New decl. + (exploded_graph::get_or_create_node): Add optional + "add_to_worklist" param. + (exploded_graph::unwind_from_exception): New decl. + * kf-lang-cp.cc (class kf_cxa_allocate_exception): New. + (class kf_cxa_begin_catch): New. + (class kf_cxa_end_catch): New. + (class throw_of_unexpected_type): New. + (class kf_cxa_call_unexpected): New. + (register_known_functions_lang_cp): Register known functions + "__cxa_allocate_exception", "__cxa_begin_catch", + "__cxa_end_catch", and "__cxa_call_unexpected". + * kf.cc (class kf_eh_pointer): New. + (register_known_functions): Register it for BUILT_IN_EH_POINTER. + * region-model.cc: Include "analyzer/function-set.h". + (exception_node::operator==): New. + (exception_node::dump_to_pp): New. + (exception_node::dump): New. + (exception_node::to_json): New. + (exception_node::make_dump_widget): New. + (exception_node::maybe_get_type): New. + (exception_node::add_to_reachable_regions): New. + (region_model::region_model): Initialize + m_thrown_exceptions_stack and m_caught_exceptions_stack. + (region_model::operator=): Likewise. + (region_model::operator==): Compare them. + (region_model::dump_to_pp): Dump exception stacks. + (region_model::to_json): Add exception stacks. + (region_model::make_dump_widget): Likewise. + (class exception_thrown_from_unrecognized_call): New. + (get_fns_assumed_not_to_throw): New. + (can_throw_p): New. + (region_model::check_for_throw_inside_call): New. + (region_model::on_call_pre): Call check_for_throw_inside_call + on unknown fns or those we don't have a body for. + (region_model::maybe_update_for_edge): Handle eh_dispatch_stmt + statements. Drop old code that called + apply_constraints_for_exception on EDGE_EH edges. + (class rejected_eh_dispatch): New. + (exception_matches_type_p): New. + (matches_any_exception_type_p): New. + (region_model::apply_constraints_for_eh_dispatch): New. + (region_model::apply_constraints_for_eh_dispatch_try): New. + (region_model::apply_constraints_for_eh_dispatch_allowed): New. + (region_model::apply_constraints_for_exception): Delete. + (region_model::can_merge_with_p): Don't merge models with + non-equal exception stacks. + (region_model::get_referenced_base_regions): Add regions from + exception stacks. + * region-model.h (struct exception_node): New. + (region_model::push_thrown_exception): New. + (region_model::get_current_thrown_exception): New. + (region_model::pop_thrown_exception): New. + (region_model::push_caught_exception): New. + (region_model::get_current_caught_exception): New. + (region_model::pop_caught_exception): New. + (region_model::apply_constraints_for_eh_dispatch_try): New decl. + (region_model::apply_constraints_for_eh_dispatch_allowed) New decl. + (region_model::apply_constraints_for_exception): Delete. + (region_model::apply_constraints_for_eh_dispatch): New decl. + (region_model::check_for_throw_inside_call): New decl. + (region_model::m_thrown_exceptions_stack): New field. + (region_model::m_caught_exceptions_stack): New field. + * supergraph.cc: Include "except.h" and "analyzer/region-model.h". + (supergraph::add_cfg_edge): Special-case eh_dispatch edges. + (superedge::get_description): Use default_tree_printer. + (get_catch): New. + (eh_dispatch_cfg_superedge::make): New. + (eh_dispatch_cfg_superedge::eh_dispatch_cfg_superedge): New. + (eh_dispatch_cfg_superedge::get_eh_status): New. + (eh_dispatch_try_cfg_superedge::dump_label_to_pp): New. + (eh_dispatch_try_cfg_superedge::apply_constraints): New. + (eh_dispatch_allowed_cfg_superedge::eh_dispatch_allowed_cfg_superedge): + New. + (eh_dispatch_allowed_cfg_superedge::dump_label_to_pp): New. + (eh_dispatch_allowed_cfg_superedge::apply_constraints): New. + * supergraph.h: Include "except.h". + (superedge::dyn_cast_eh_dispatch_cfg_superedge): New vfunc. + (superedge::dyn_cast_eh_dispatch_try_cfg_superedge): New vfunc. + (superedge::dyn_cast_eh_dispatch_allowed_cfg_superedge): New + vfunc. + (class eh_dispatch_cfg_superedge): New. + (is_a_helper <const eh_dispatch_cfg_superedge *>::test): New. + (class eh_dispatch_try_cfg_superedge): New. + (is_a_helper <const eh_dispatch_try_cfg_superedge *>::test): New. + (class eh_dispatch_allowed_cfg_superedge): New. + (is_a_helper <const eh_dispatch_allowed_cfg_superedge *>::test): + New. + * svalue.cc (svalue::maybe_get_type_from_typeinfo): New. + * svalue.h (svalue::maybe_get_type_from_typeinfo): New decl. + +2025-04-28 David Malcolm <dmalcolm@redhat.com> + + * access-diagram.cc: Replace uses of ::make_unique with + std::make_unique. + * analyzer.cc: Likewise. + * bounds-checking.cc: Likewise. + * call-details.cc: Likewise. + * call-info.cc: Likewise. + * call-string.cc: Likewise. + * checker-path.cc: Likewise. + * common.h: Drop include of "make-unique.h". + * constraint-manager.cc: Replace uses of ::make_unique with + std::make_unique. + * diagnostic-manager.cc: Likewise. + * engine.cc: Likewise. + * infinite-loop.cc: Likewise. + * infinite-recursion.cc: Likewise. + * kf-analyzer.cc: Likewise. + * kf-lang-cp.cc: Likewise. + * kf.cc: Likewise. + * pending-diagnostic.cc: Likewise. + * program-point.cc: Likewise; drop #include. + * program-state.cc: Likewise. + * ranges.cc: Likewise. + * region-model.cc: Likewise. + * region.cc: Likewise; drop #include. + * sm-fd.cc: Likewise. + * sm-file.cc: Likewise. + * sm-malloc.cc: Likewise. + * sm-pattern-test.cc: Likewise. + * sm-sensitive.cc: Likewise. + * sm-signal.cc: Likewise. + * sm-taint.cc: Likewise. + * sm.cc: Likewise. + * store.cc: Likewise. + * supergraph.cc: Likewise. + * svalue.cc: Likewise; drop #include. + * varargs.cc: Likewise. + +2025-04-28 David Malcolm <dmalcolm@redhat.com> + + * engine.cc (class plugin_analyzer_init_impl): Convert + "m_checkers" to use std::vector of std::unique_ptr. Convert + "m_known_fn_mgr" to a reference. + (impl_run_checkers): Convert "checkers" to use std::vector of + std::unique_ptr and move it into the extrinsic_state. + * program-state.cc (extrinsic_state::dump_to_pp): Update for + changes to m_checkers. + (extrinsic_state::to_json): Likewise. + (extrinsic_state::get_sm_idx_by_name): Likewise. + (selftest::test_sm_state_map): Update to use std::unique_ptr + for state machines. + (selftest::test_program_state_1): Likewise. + (selftest::test_program_state_2): Likewise. + (selftest::test_program_state_merging): Likewise. + (selftest::test_program_state_merging_2): Likewise. + * program-state.h (class extrinsic_state): Convert "m_checkers" to + use std::vector of std::unique_ptr and to be owned by this object, + rather than a reference. Add ctor for use in selftests. + * sm-fd.cc (make_fd_state_machine): Update to use std::unique_ptr. + * sm-file.cc (make_fileptr_state_machine): Likewise. + * sm-malloc.cc (make_malloc_state_machine): Likewise. + * sm-pattern-test.cc (make_pattern_test_state_machine): Likewise. + * sm-sensitive.cc (make_sensitive_state_machine): Likewise. + * sm-signal.cc (make_signal_state_machine): Likewise. + * sm-taint.cc (make_taint_state_machine): Likewise. + * sm.cc: Define INCLUDE_LIST. + (make_checkers): Return the vector directly, rather than pass it + in by reference. Update to use std::unique_ptr throughout. Use + an intermediate list, and use that to filter with + flag_analyzer_checker, fixing memory leak for this case. + * sm.h: (make_checkers): Return the vector directly, rather than + pass it in by reference, and use std::vector of std::unique_ptr. + (make_malloc_state_machine): Convert return type to use std::unique_ptr. + (make_fileptr_state_machine): Likewise. + (make_taint_state_machine): Likewise. + (make_sensitive_state_machine): Likewise. + (make_signal_state_machine): Likewise. + (make_pattern_test_state_machine): Likewise. + (make_va_list_state_machine): Likewise. + (make_fd_state_machine): Likewise. + * varargs.cc (make_va_list_state_machine): Update to use + std::unique_ptr. + +2025-04-28 David Malcolm <dmalcolm@redhat.com> + + * call-summary.cc (call_summary_replay::call_summary_replay): + Convert "summary" from call_summary * to call_summary &. + (call_summary_replay::dump_to_pp): Likewise for m_summary. + * call-summary.h (call_summary_replay::call_summary_replay): + Likewise for "summary". + (call_summary_replay::m_summary): Likewise. + * engine.cc (call_summary_edge_info::call_summary_edge_info): + Likewise. + (call_summary_edge_info::update_state): Likewise. + (call_summary_edge_info::update_model): Likewise. + (call_summary_edge_info::print_desc): Likewise for m_summary. + (call_summary_edge_info::m_summary): Likewise. + (exploded_node::replay_call_summaries): Update for change to + replay_call_summary. + (exploded_node::replay_call_summary): Convert "summary" from + call_summary * to call_summary &. + * exploded-graph.h (exploded_node::replay_call_summary): Likewise. + +2025-04-28 David Malcolm <dmalcolm@redhat.com> + + * analyzer.cc: Convert gcall * to gcall & where we know the + pointer must be non-null. + * call-details.cc: Likewise. + * call-details.h: Likewise. + * call-info.cc: Likewise. + * call-info.h: Likewise. + * call-summary.h: Likewise. + * checker-event.cc: Likewise. + * checker-event.h: Likewise. + * common.h: Likewise. + * diagnostic-manager.cc: Likewise. + * engine.cc: Likewise. + * exploded-graph.h: Likewise. + * kf-analyzer.cc: Likewise. + * kf-lang-cp.cc: Likewise. + * kf.cc: Likewise. + * known-function-manager.cc: Likewise. + * program-state.cc: Likewise. + * program-state.h: Likewise. + * region-model.cc: Likewise. + * region-model.h: Likewise. + * sm-fd.cc: Likewise. + * sm-file.cc: Likewise. + * sm-malloc.cc: Likewise. + * sm-sensitive.cc: Likewise. + * sm-signal.cc: Likewise. + * sm-taint.cc: Likewise. + * sm.h: Likewise. + * store.cc: Likewise. + * store.h: Likewise. + * supergraph.cc: Likewise. + * supergraph.h: Likewise. + * svalue.h: Likewise. + * varargs.cc: Likewise. + +2025-04-28 David Malcolm <dmalcolm@redhat.com> + + * access-diagram.cc: Convert enum access_direction to + "enum class". + * bounds-checking.cc: Likewise. + * checker-event.cc: Convert enum event_kind to "enum class". + * checker-event.h: Likewise. + * checker-path.cc: Likewise. + * common.h: Convert enum access_direction to "enum class". + * constraint-manager.cc: Convert enum bound_kind to "enum class". + * constraint-manager.h: Likewise. + * diagnostic-manager.cc: Convert enum event_kind to "enum class". + * engine.cc: Convert enum status to "enum class". + * exploded-graph.h: Likewise. + * infinite-loop.cc: Likewise. + * kf-lang-cp.cc: Convert enum poison_kind to "enum class". + * kf.cc: Likewise. + * region-model-manager.cc: Likewise. + * region-model.cc: Likewise; also for enum access_direction. + * svalue.cc: Likewise. + * svalue.h: Likewise. + +2025-04-28 David Malcolm <dmalcolm@redhat.com> + + * analyzer.h: Rename to... + * common.h: ...this. Add define of INCLUDE_VECTOR, includes of + "config.h", "system.h", "coretypes.h", "make-unique.h", "tree.h", + "function.h", "basic-block.h", "gimple.h", "options.h", + "bitmap.h", "diagnostic-core.h", and "diagnostic-path.h". + * access-diagram.h: Don't include "analyzer/analyzer.h". + * access-diagram.cc: Reorganize includes to #include + "analyzer/common.h" first, then group by subsystem, dropping + redundant headers. + * analysis-plan.cc: Likewise. + * analyzer-language.cc: Likewise. + * analyzer-pass.cc: Likewise. + * analyzer-selftests.cc: Likewise. + * analyzer.cc: Likewise. + * bounds-checking.cc: Likewise. + * call-details.cc: Likewise. + * call-info.cc: Likewise. + * call-string.cc: Likewise. + * call-summary.cc: Likewise. + * checker-event.cc: Likewise. + * checker-path.cc: Likewise. + * complexity.cc: Likewise. + * constraint-manager.cc: Likewise. + * diagnostic-manager.cc: Likewise. + * engine.cc: Likewise. + * feasible-graph.cc: Likewise. + * infinite-loop.cc: Likewise. + * infinite-recursion.cc: Likewise. + * kf-analyzer.cc: Likewise. + * kf-lang-cp.cc: Likewise. + * kf.cc: Likewise. + * known-function-manager.cc: Likewise. + * pending-diagnostic.cc: Likewise. + * program-point.cc: Likewise. + * program-state.cc: Likewise. + * ranges.cc: Likewise. + * record-layout.cc: Likewise. + * region-model-asm.cc: Likewise. + * region-model-manager.cc: Likewise. + * region-model-reachability.cc: Likewise. + * region-model.cc: Likewise. + * region.cc: Likewise. + * sm-fd.cc: Likewise. + * sm-file.cc: Likewise. + * sm-malloc.cc: Likewise. + * sm-pattern-test.cc: Likewise. + * sm-sensitive.cc: Likewise. + * sm-signal.cc: Likewise. + * sm-taint.cc: Likewise. + * sm.cc: Likewise. + * state-purge.cc: Likewise. + * store.cc: Likewise. + * supergraph.cc: Likewise. + * svalue.cc: Likewise. + * symbol.cc: Likewise. + * trimmed-graph.cc: Likewise. + * varargs.cc: Likewise. + +2025-04-28 David Malcolm <dmalcolm@redhat.com> + + * region-model.cc (region_model::on_stmt_pre): Use internal_error + if we see an unexpected gimple stmt code. + +2025-04-28 David Malcolm <dmalcolm@redhat.com> + + * call-details.cc (call_details::dump): New overload. + (call_details::make_dump_widget): New. + * call-details.h (call_details::dump): Declare new overload. + (call_details::make_dump_widget): New decl. + 2025-03-14 Jakub Jelinek <jakub@redhat.com> PR analyzer/119278 diff --git a/gcc/analyzer/access-diagram.cc b/gcc/analyzer/access-diagram.cc index e1596bb..4283360 100644 --- a/gcc/analyzer/access-diagram.cc +++ b/gcc/analyzer/access-diagram.cc @@ -17,28 +17,18 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" #define INCLUDE_ALGORITHM #define INCLUDE_MAP #define INCLUDE_SET -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "coretypes.h" -#include "tree.h" -#include "function.h" -#include "basic-block.h" -#include "gimple.h" -#include "diagnostic-core.h" -#include "diagnostic.h" +#include "analyzer/common.h" + +#include "fold-const.h" #include "intl.h" -#include "make-unique.h" -#include "tree-diagnostic.h" /* for default_tree_printer. */ -#include "analyzer/analyzer.h" + +#include "text-art/ruler.h" + #include "analyzer/region-model.h" #include "analyzer/access-diagram.h" -#include "text-art/ruler.h" -#include "fold-const.h" #include "analyzer/analyzer-selftests.h" #if ENABLE_ANALYZER @@ -245,7 +235,7 @@ get_access_size_str (style_manager &sm, pp_format_decoder (&pp) = default_tree_printer; if (num_bits.maybe_print_for_user (&pp, op.m_model)) { - if (op.m_dir == DIR_READ) + if (op.m_dir == access_direction::read) return fmt_styled_string (sm, _("read of %qT (%s)"), type, @@ -257,7 +247,7 @@ get_access_size_str (style_manager &sm, pp_formatted_text (&pp)); } } - if (op.m_dir == DIR_READ) + if (op.m_dir == access_direction::read) { if (auto p = num_bits.maybe_get_formatted_str (sm, op.m_model, @@ -284,13 +274,13 @@ get_access_size_str (style_manager &sm, if (type) { - if (op.m_dir == DIR_READ) + if (op.m_dir == access_direction::read) return fmt_styled_string (sm, _("read of %qT"), type); else return fmt_styled_string (sm, _("write of %qT"), type); } - if (op.m_dir == DIR_READ) + if (op.m_dir == access_direction::read) return styled_string (sm, _("read")); else return styled_string (sm, _("write")); @@ -375,11 +365,11 @@ bit_size_expr::maybe_get_formatted_str (text_art::style_manager &sm, if (!wi::fits_uhwi_p (concrete_num_bytes)) return nullptr; if (concrete_num_bytes == 1) - return ::make_unique <text_art::styled_string> + return std::make_unique <text_art::styled_string> (fmt_styled_string (sm, concrete_single_byte_fmt, concrete_num_bytes.to_uhwi ())); else - return ::make_unique <text_art::styled_string> + return std::make_unique <text_art::styled_string> (fmt_styled_string (sm, concrete_plural_bytes_fmt, concrete_num_bytes.to_uhwi ())); } @@ -389,7 +379,7 @@ bit_size_expr::maybe_get_formatted_str (text_art::style_manager &sm, pp_format_decoder (&pp) = default_tree_printer; if (!num_bytes->maybe_print_for_user (&pp, model)) return nullptr; - return ::make_unique <text_art::styled_string> + return std::make_unique <text_art::styled_string> (fmt_styled_string (sm, symbolic_bytes_fmt, pp_formatted_text (&pp))); } @@ -400,11 +390,11 @@ bit_size_expr::maybe_get_formatted_str (text_art::style_manager &sm, if (!wi::fits_uhwi_p (concrete_num_bits)) return nullptr; if (concrete_num_bits == 1) - return ::make_unique <text_art::styled_string> + return std::make_unique <text_art::styled_string> (fmt_styled_string (sm, concrete_single_bit_fmt, concrete_num_bits.to_uhwi ())); else - return ::make_unique <text_art::styled_string> + return std::make_unique <text_art::styled_string> (fmt_styled_string (sm, concrete_plural_bits_fmt, concrete_num_bits.to_uhwi ())); } @@ -414,7 +404,7 @@ bit_size_expr::maybe_get_formatted_str (text_art::style_manager &sm, pp_format_decoder (&pp) = default_tree_printer; if (!m_num_bits.maybe_print_for_user (&pp, model)) return nullptr; - return ::make_unique <text_art::styled_string> + return std::make_unique <text_art::styled_string> (fmt_styled_string (sm, symbolic_bits_fmt, pp_formatted_text (&pp))); } @@ -1975,11 +1965,11 @@ make_written_svalue_spatial_item (const access_operation &op, if (const initial_svalue *initial_sval = sval.dyn_cast_initial_svalue ()) if (const string_region *string_reg = initial_sval->get_region ()->dyn_cast_string_region ()) - return make_unique <string_literal_spatial_item> + return std::make_unique <string_literal_spatial_item> (sval, actual_bits, *string_reg, theme, svalue_spatial_item::kind::WRITTEN); - return make_unique <written_svalue_spatial_item> (op, sval, actual_bits); + return std::make_unique <written_svalue_spatial_item> (op, sval, actual_bits); } static std::unique_ptr<spatial_item> @@ -2000,7 +1990,7 @@ make_existing_svalue_spatial_item (const svalue *sval, const initial_svalue *initial_sval = (const initial_svalue *)sval; if (const string_region *string_reg = initial_sval->get_region ()->dyn_cast_string_region ()) - return make_unique <string_literal_spatial_item> + return std::make_unique <string_literal_spatial_item> (*sval, bits, *string_reg, theme, svalue_spatial_item::kind::EXISTING); @@ -2008,7 +1998,7 @@ make_existing_svalue_spatial_item (const svalue *sval, } case SK_COMPOUND: - return make_unique<compound_svalue_spatial_item> + return std::make_unique<compound_svalue_spatial_item> (*((const compound_svalue *)sval), bits, svalue_spatial_item::kind::EXISTING, @@ -2116,7 +2106,7 @@ public: } m_col_widths - = make_unique <table_dimension_sizes> (m_btm.get_num_columns ()); + = std::make_unique <table_dimension_sizes> (m_btm.get_num_columns ()); /* Now create child widgets. */ @@ -2211,8 +2201,8 @@ private: std::unique_ptr<boundaries> find_boundaries () const { - std::unique_ptr<boundaries> result - = make_unique<boundaries> (*m_op.m_base_region, m_logger); + auto result + = std::make_unique<boundaries> (*m_op.m_base_region, m_logger); m_valid_region_spatial_item.add_boundaries (*result, m_logger); m_accessed_region_spatial_item.add_boundaries (*result, m_logger); @@ -2271,7 +2261,7 @@ private: void add_direction_widget () { - add_child (::make_unique<direction_widget> (*this, m_btm)); + add_child (std::make_unique<direction_widget> (*this, m_btm)); } void add_invalid_accesses_to_region_table (table &t_region) @@ -2382,7 +2372,7 @@ private: bit_size_expr num_before_bits (invalid_before_bits.get_size (m_op.get_manager ())); std::unique_ptr<styled_string> label; - if (m_op.m_dir == DIR_READ) + if (m_op.m_dir == access_direction::read) label = num_before_bits.maybe_get_formatted_str (m_sm, m_op.m_model, _("under-read of %wi bit"), @@ -2423,7 +2413,7 @@ private: maybe_add_gap (w, invalid_before_bits, valid_bits); std::unique_ptr<styled_string> label; - if (m_op.m_dir == DIR_READ) + if (m_op.m_dir == access_direction::read) label = num_valid_bits.maybe_get_formatted_str (m_sm, m_op.m_model, _("size: %wi bit"), @@ -2459,7 +2449,7 @@ private: bit_size_expr num_after_bits (invalid_after_bits.get_size (m_op.get_manager ())); std::unique_ptr<styled_string> label; - if (m_op.m_dir == DIR_READ) + if (m_op.m_dir == access_direction::read) label = num_after_bits.maybe_get_formatted_str (m_sm, m_op.m_model, _("over-read of %wi bit"), @@ -2658,7 +2648,7 @@ direction_widget::paint_to_canvas (canvas &canvas) (canvas, canvas_x, canvas::range_t (get_y_range ()), - (m_dia_impl.get_op ().m_dir == DIR_READ + (m_dia_impl.get_op ().m_dir == access_direction::read ? theme::y_arrow_dir::UP : theme::y_arrow_dir::DOWN), style_id); @@ -2676,11 +2666,12 @@ access_diagram::access_diagram (const access_operation &op, style_manager &sm, const theme &theme, logger *logger) -: wrapper_widget (make_unique <access_diagram_impl> (op, - region_creation_event_id, - sm, - theme, - logger)) +: wrapper_widget + (std::make_unique <access_diagram_impl> (op, + region_creation_event_id, + sm, + theme, + logger)) { } diff --git a/gcc/analyzer/access-diagram.h b/gcc/analyzer/access-diagram.h index ba4649a..e31dd28 100644 --- a/gcc/analyzer/access-diagram.h +++ b/gcc/analyzer/access-diagram.h @@ -24,7 +24,7 @@ along with GCC; see the file COPYING3. If not see #include "text-art/canvas.h" #include "text-art/theme.h" #include "text-art/widget.h" -#include "analyzer/analyzer.h" + #include "analyzer/store.h" namespace ana { diff --git a/gcc/analyzer/analysis-plan.cc b/gcc/analyzer/analysis-plan.cc index 7ae01c0..c563554 100644 --- a/gcc/analyzer/analysis-plan.cc +++ b/gcc/analyzer/analysis-plan.cc @@ -18,27 +18,19 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#include "system.h" -#include "coretypes.h" -#include "tree.h" -#include "options.h" -#include "cgraph.h" +#include "analyzer/common.h" + #include "timevar.h" -#include "ipa-utils.h" -#include "function.h" -#include "analyzer/analyzer.h" -#include "diagnostic-core.h" -#include "analyzer/analyzer-logging.h" -#include "analyzer/analysis-plan.h" #include "ordered-hash-map.h" #include "options.h" #include "cgraph.h" #include "cfg.h" -#include "basic-block.h" -#include "gimple.h" #include "gimple-iterator.h" #include "digraph.h" +#include "ipa-utils.h" + +#include "analyzer/analyzer-logging.h" +#include "analyzer/analysis-plan.h" #include "analyzer/supergraph.h" #if ENABLE_ANALYZER diff --git a/gcc/analyzer/analyzer-language.cc b/gcc/analyzer/analyzer-language.cc index a0fa9f5..9a25baf 100644 --- a/gcc/analyzer/analyzer-language.cc +++ b/gcc/analyzer/analyzer-language.cc @@ -18,15 +18,13 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#include "system.h" -#include "coretypes.h" -#include "tree.h" +#include "analyzer/common.h" + +#include "diagnostic.h" #include "stringpool.h" -#include "analyzer/analyzer.h" + #include "analyzer/analyzer-language.h" #include "analyzer/analyzer-logging.h" -#include "diagnostic.h" /* Map from identifier to INTEGER_CST. */ static GTY (()) hash_map <tree, tree> *analyzer_stashed_constants; diff --git a/gcc/analyzer/analyzer-pass.cc b/gcc/analyzer/analyzer-pass.cc index ab41de4..b3a0dfd 100644 --- a/gcc/analyzer/analyzer-pass.cc +++ b/gcc/analyzer/analyzer-pass.cc @@ -18,15 +18,10 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#include "system.h" -#include "coretypes.h" -#include "context.h" +#include "analyzer/common.h" + #include "tree-pass.h" -#include "diagnostic.h" -#include "options.h" -#include "tree.h" -#include "analyzer/analyzer.h" + #include "analyzer/engine.h" namespace { diff --git a/gcc/analyzer/analyzer-selftests.cc b/gcc/analyzer/analyzer-selftests.cc index 0f131f0..334c355 100644 --- a/gcc/analyzer/analyzer-selftests.cc +++ b/gcc/analyzer/analyzer-selftests.cc @@ -18,12 +18,10 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#include "system.h" -#include "coretypes.h" -#include "tree.h" +#include "analyzer/common.h" + #include "stringpool.h" -#include "analyzer/analyzer.h" + #include "analyzer/analyzer-selftests.h" #if CHECKING_P diff --git a/gcc/analyzer/analyzer.cc b/gcc/analyzer/analyzer.cc index da7491b..56cb370 100644 --- a/gcc/analyzer/analyzer.cc +++ b/gcc/analyzer/analyzer.cc @@ -18,20 +18,12 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#include "system.h" -#include "coretypes.h" -#include "tree.h" -#include "function.h" -#include "basic-block.h" -#include "gimple.h" -#include "diagnostic.h" -#include "intl.h" -#include "analyzer/analyzer.h" +#include "analyzer/common.h" + #include "tree-pretty-print.h" #include "diagnostic-event-id.h" #include "tree-dfa.h" -#include "make-unique.h" +#include "intl.h" #if ENABLE_ANALYZER @@ -227,11 +219,11 @@ std::unique_ptr<json::value> tree_to_json (tree node) { if (!node) - return ::make_unique<json::literal> (json::JSON_NULL); + return std::make_unique<json::literal> (json::JSON_NULL); pretty_printer pp; dump_generic_node (&pp, node, 0, TDF_VOPS|TDF_MEMSYMS, false); - return ::make_unique<json::string> (pp_formatted_text (&pp)); + return std::make_unique<json::string> (pp_formatted_text (&pp)); } /* Generate a JSON value for EVENT_ID. @@ -246,10 +238,10 @@ diagnostic_event_id_to_json (const diagnostic_event_id_t &event_id) { pretty_printer pp; pp_printf (&pp, "%@", &event_id); - return ::make_unique<json::string> (pp_formatted_text (&pp)); + return std::make_unique<json::string> (pp_formatted_text (&pp)); } else - return ::make_unique<json::literal> (json::JSON_NULL); + return std::make_unique<json::literal> (json::JSON_NULL); } /* Generate a JSON value for OFFSET. @@ -261,7 +253,7 @@ bit_offset_to_json (const bit_offset_t &offset) { pretty_printer pp; pp_wide_int_large (&pp, offset, SIGNED); - return ::make_unique<json::string> (pp_formatted_text (&pp)); + return std::make_unique<json::string> (pp_formatted_text (&pp)); } /* Generate a JSON value for OFFSET. @@ -273,7 +265,7 @@ byte_offset_to_json (const byte_offset_t &offset) { pretty_printer pp; pp_wide_int_large (&pp, offset, SIGNED); - return ::make_unique<json::string> (pp_formatted_text (&pp)); + return std::make_unique<json::string> (pp_formatted_text (&pp)); } /* Workaround for lack of const-correctness of ssa_default_def. */ @@ -298,12 +290,12 @@ get_ssa_default_def (const function &fun, tree var) If LOOK_IN_STD is true, then also look for within std:: for the name. */ bool -is_special_named_call_p (const gcall *call, const char *funcname, +is_special_named_call_p (const gcall &call, const char *funcname, unsigned int num_args, bool look_in_std) { gcc_assert (funcname); - tree fndecl = gimple_call_fndecl (call); + tree fndecl = gimple_call_fndecl (&call); if (!fndecl) return false; @@ -396,7 +388,7 @@ is_std_named_call_p (const_tree fndecl, const char *funcname) bool is_named_call_p (const_tree fndecl, const char *funcname, - const gcall *call, unsigned int num_args) + const gcall &call, unsigned int num_args) { gcc_assert (fndecl); gcc_assert (funcname); @@ -404,7 +396,7 @@ is_named_call_p (const_tree fndecl, const char *funcname, if (!is_named_call_p (fndecl, funcname)) return false; - if (gimple_call_num_args (call) != num_args) + if (gimple_call_num_args (&call) != num_args) return false; return true; @@ -414,7 +406,7 @@ is_named_call_p (const_tree fndecl, const char *funcname, bool is_std_named_call_p (const_tree fndecl, const char *funcname, - const gcall *call, unsigned int num_args) + const gcall &call, unsigned int num_args) { gcc_assert (fndecl); gcc_assert (funcname); @@ -422,7 +414,7 @@ is_std_named_call_p (const_tree fndecl, const char *funcname, if (!is_std_named_call_p (fndecl, funcname)) return false; - if (gimple_call_num_args (call) != num_args) + if (gimple_call_num_args (&call) != num_args) return false; return true; @@ -431,12 +423,12 @@ is_std_named_call_p (const_tree fndecl, const char *funcname, /* Return true if stmt is a setjmp or sigsetjmp call. */ bool -is_setjmp_call_p (const gcall *call) +is_setjmp_call_p (const gcall &call) { if (is_special_named_call_p (call, "setjmp", 1) || is_special_named_call_p (call, "sigsetjmp", 2)) /* region_model::on_setjmp requires a pointer. */ - if (POINTER_TYPE_P (TREE_TYPE (gimple_call_arg (call, 0)))) + if (POINTER_TYPE_P (TREE_TYPE (gimple_call_arg (&call, 0)))) return true; return false; @@ -445,26 +437,46 @@ is_setjmp_call_p (const gcall *call) /* Return true if stmt is a longjmp or siglongjmp call. */ bool -is_longjmp_call_p (const gcall *call) +is_longjmp_call_p (const gcall &call) { if (is_special_named_call_p (call, "longjmp", 2) || is_special_named_call_p (call, "siglongjmp", 2)) /* exploded_node::on_longjmp requires a pointer for the initial argument. */ - if (POINTER_TYPE_P (TREE_TYPE (gimple_call_arg (call, 0)))) + if (POINTER_TYPE_P (TREE_TYPE (gimple_call_arg (&call, 0)))) return true; return false; } +bool +is_cxa_throw_p (const gcall &call) +{ + tree fndecl = gimple_call_fndecl (&call); + if (!fndecl) + return false; + + return is_named_call_p (fndecl, "__cxa_throw"); +} + +bool +is_cxa_rethrow_p (const gcall &call) +{ + tree fndecl = gimple_call_fndecl (&call); + if (!fndecl) + return false; + + return is_named_call_p (fndecl, "__cxa_rethrow"); +} + /* For a CALL that matched is_special_named_call_p or is_named_call_p for some name, return a name for the called function suitable for use in diagnostics (stripping the leading underscores). */ const char * -get_user_facing_name (const gcall *call) +get_user_facing_name (const gcall &call) { - tree fndecl = gimple_call_fndecl (call); + tree fndecl = gimple_call_fndecl (&call); gcc_assert (fndecl); tree identifier = DECL_NAME (fndecl); diff --git a/gcc/analyzer/analyzer.opt b/gcc/analyzer/analyzer.opt index d5f82c6..2ca9058 100644 --- a/gcc/analyzer/analyzer.opt +++ b/gcc/analyzer/analyzer.opt @@ -222,6 +222,10 @@ Wanalyzer-tainted-size Common Var(warn_analyzer_tainted_size) Init(1) Warning Warn about code paths in which an unsanitized value is used as a size. +Wanalyzer-throw-of-unexpected-type +Common Var(warn_analyzer_throw_of_unexpected_type) Init(1) Warning +Warn about code paths in which an exception of unexpected type is thrown. + Wanalyzer-undefined-behavior-ptrdiff Common Var(warn_analyzer_undefined_behavior_ptrdiff) Init(1) Warning Warn about code paths in which pointer subtraction involves undefined behavior. diff --git a/gcc/analyzer/analyzer.opt.urls b/gcc/analyzer/analyzer.opt.urls index 18a0d69..e76e6e5 100644 --- a/gcc/analyzer/analyzer.opt.urls +++ b/gcc/analyzer/analyzer.opt.urls @@ -114,6 +114,9 @@ UrlSuffix(gcc/Static-Analyzer-Options.html#index-Wanalyzer-tainted-offset) Wanalyzer-tainted-size UrlSuffix(gcc/Static-Analyzer-Options.html#index-Wanalyzer-tainted-size) +Wanalyzer-throw-of-unexpected-type +UrlSuffix(gcc/Static-Analyzer-Options.html#index-Wanalyzer-throw-of-unexpected-type) + Wanalyzer-undefined-behavior-ptrdiff UrlSuffix(gcc/Static-Analyzer-Options.html#index-Wanalyzer-undefined-behavior-ptrdiff) diff --git a/gcc/analyzer/bounds-checking.cc b/gcc/analyzer/bounds-checking.cc index c83b419..a3b1345 100644 --- a/gcc/analyzer/bounds-checking.cc +++ b/gcc/analyzer/bounds-checking.cc @@ -17,21 +17,12 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "make-unique.h" -#include "tree.h" -#include "function.h" -#include "basic-block.h" +#include "analyzer/common.h" + #include "intl.h" -#include "gimple.h" -#include "gimple-iterator.h" -#include "diagnostic-core.h" #include "diagnostic-diagram.h" #include "diagnostic-format-sarif.h" -#include "analyzer/analyzer.h" + #include "analyzer/analyzer-logging.h" #include "analyzer/region-model.h" #include "analyzer/checker-event.h" @@ -105,9 +96,9 @@ public: so we don't need an event for that. */ if (byte_capacity) emission_path.add_event - (make_unique<oob_region_creation_event_capacity> (byte_capacity, - loc_info, - *this)); + (std::make_unique<oob_region_creation_event_capacity> (byte_capacity, + loc_info, + *this)); } void maybe_add_sarif_properties (sarif_object &result_obj) @@ -116,7 +107,7 @@ public: sarif_property_bag &props = result_obj.get_or_create_properties (); #define PROPERTY_PREFIX "gcc/analyzer/out_of_bounds/" props.set_string (PROPERTY_PREFIX "dir", - get_dir () == DIR_READ ? "read" : "write"); + get_dir () == access_direction::read ? "read" : "write"); props.set (PROPERTY_PREFIX "model", m_model.to_json ()); props.set (PROPERTY_PREFIX "region", m_reg->to_json ()); props.set (PROPERTY_PREFIX "diag_arg", tree_to_json (m_diag_arg)); @@ -298,9 +289,9 @@ public: { if (m_byte_bound && TREE_CODE (m_byte_bound) == INTEGER_CST) emission_path.add_event - (make_unique<oob_region_creation_event_capacity> (m_byte_bound, - loc_info, - *this)); + (std::make_unique<oob_region_creation_event_capacity> (m_byte_bound, + loc_info, + *this)); } void maybe_add_sarif_properties (sarif_object &result_obj) @@ -505,7 +496,7 @@ public: } } - enum access_direction get_dir () const final override { return DIR_WRITE; } + enum access_direction get_dir () const final override { return access_direction::write; } }; /* Concrete subclass to complain about buffer over-reads. */ @@ -689,7 +680,7 @@ public: } } - enum access_direction get_dir () const final override { return DIR_READ; } + enum access_direction get_dir () const final override { return access_direction::read; } }; /* Concrete subclass to complain about buffer underwrites. */ @@ -817,7 +808,7 @@ public: } } - enum access_direction get_dir () const final override { return DIR_WRITE; } + enum access_direction get_dir () const final override { return access_direction::write; } }; /* Concrete subclass to complain about buffer under-reads. */ @@ -945,7 +936,7 @@ public: } } - enum access_direction get_dir () const final override { return DIR_READ; } + enum access_direction get_dir () const final override { return access_direction::read; } }; /* Abstract class to complain about out-of-bounds read/writes where @@ -1116,7 +1107,7 @@ public: return true; } - enum access_direction get_dir () const final override { return DIR_WRITE; } + enum access_direction get_dir () const final override { return access_direction::write; } }; /* Concrete subclass to complain about over-reads with symbolic values. */ @@ -1243,7 +1234,7 @@ public: return true; } - enum access_direction get_dir () const final override { return DIR_READ; } + enum access_direction get_dir () const final override { return access_direction::read; } }; const svalue * @@ -1427,24 +1418,26 @@ region_model::check_symbolic_bounds (const region *base_reg, default: gcc_unreachable (); break; - case DIR_READ: + case access_direction::read: gcc_assert (sval_hint == nullptr); - ctxt->warn (make_unique<symbolic_buffer_over_read> (*this, - sized_offset_reg, - diag_arg, - offset_tree, - num_bytes_tree, - capacity_tree)); + ctxt->warn + (std::make_unique<symbolic_buffer_over_read> (*this, + sized_offset_reg, + diag_arg, + offset_tree, + num_bytes_tree, + capacity_tree)); return false; break; - case DIR_WRITE: - ctxt->warn (make_unique<symbolic_buffer_overflow> (*this, - sized_offset_reg, - diag_arg, - offset_tree, - num_bytes_tree, - capacity_tree, - sval_hint)); + case access_direction::write: + ctxt->warn + (std::make_unique<symbolic_buffer_overflow> (*this, + sized_offset_reg, + diag_arg, + offset_tree, + num_bytes_tree, + capacity_tree, + sval_hint)); return false; break; } @@ -1535,18 +1528,20 @@ region_model::check_region_bounds (const region *reg, default: gcc_unreachable (); break; - case DIR_READ: + case access_direction::read: gcc_assert (sval_hint == nullptr); - ctxt->warn (make_unique<concrete_buffer_under_read> (*this, reg, - diag_arg, - bits_outside)); + ctxt->warn + (std::make_unique<concrete_buffer_under_read> (*this, reg, + diag_arg, + bits_outside)); oob_safe = false; break; - case DIR_WRITE: - ctxt->warn (make_unique<concrete_buffer_underwrite> (*this, - reg, diag_arg, - bits_outside, - sval_hint)); + case access_direction::write: + ctxt->warn + (std::make_unique<concrete_buffer_underwrite> (*this, + reg, diag_arg, + bits_outside, + sval_hint)); oob_safe = false; break; } @@ -1571,20 +1566,22 @@ region_model::check_region_bounds (const region *reg, default: gcc_unreachable (); break; - case DIR_READ: + case access_direction::read: gcc_assert (sval_hint == nullptr); - ctxt->warn (make_unique<concrete_buffer_over_read> (*this, - reg, diag_arg, - bits_outside, - bit_bound)); + ctxt->warn + (std::make_unique<concrete_buffer_over_read> (*this, + reg, diag_arg, + bits_outside, + bit_bound)); oob_safe = false; break; - case DIR_WRITE: - ctxt->warn (make_unique<concrete_buffer_overflow> (*this, - reg, diag_arg, - bits_outside, - bit_bound, - sval_hint)); + case access_direction::write: + ctxt->warn + (std::make_unique<concrete_buffer_overflow> (*this, + reg, diag_arg, + bits_outside, + bit_bound, + sval_hint)); oob_safe = false; break; } diff --git a/gcc/analyzer/call-details.cc b/gcc/analyzer/call-details.cc index 4122f84..bca8658 100644 --- a/gcc/analyzer/call-details.cc +++ b/gcc/analyzer/call-details.cc @@ -18,28 +18,20 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "tree.h" -#include "function.h" -#include "basic-block.h" -#include "gimple.h" -#include "diagnostic-core.h" -#include "analyzer/analyzer.h" -#include "analyzer/analyzer-logging.h" +#include "analyzer/common.h" + #include "diagnostic.h" #include "tree-diagnostic.h" /* for default_tree_printer. */ #include "gimple-pretty-print.h" -#include "analyzer/region-model.h" -#include "analyzer/call-details.h" -#include "analyzer/ranges.h" #include "stringpool.h" #include "attribs.h" -#include "make-unique.h" #include "diagnostic-format-sarif.h" +#include "analyzer/analyzer-logging.h" +#include "analyzer/region-model.h" +#include "analyzer/call-details.h" +#include "analyzer/ranges.h" + #if ENABLE_ANALYZER namespace ana { @@ -48,13 +40,13 @@ namespace ana { /* call_details's ctor. */ -call_details::call_details (const gcall *call, region_model *model, +call_details::call_details (const gcall &call, region_model *model, region_model_context *ctxt) : m_call (call), m_model (model), m_ctxt (ctxt), m_lhs_type (NULL_TREE), m_lhs_region (NULL) { m_lhs_type = NULL_TREE; - if (tree lhs = gimple_call_lhs (call)) + if (tree lhs = gimple_call_lhs (&call)) { m_lhs_region = model->get_lvalue (lhs, ctxt); m_lhs_type = TREE_TYPE (lhs); @@ -66,9 +58,11 @@ call_details::call_details (const gcall *call, region_model *model, call_details::call_details (const call_details &cd, region_model_context *ctxt) +: m_call (cd.m_call), m_model (cd.m_model), + m_ctxt (ctxt), + m_lhs_type (cd.m_lhs_type), + m_lhs_region (cd.m_lhs_region) { - *this = cd; - m_ctxt = ctxt; } /* Get the manager from m_model. */ @@ -252,7 +246,7 @@ call_details::set_any_lhs_with_defaults () const unsigned call_details::num_args () const { - return gimple_call_num_args (m_call); + return gimple_call_num_args (&m_call); } /* Return true if argument IDX is a size_t (or compatible with it). */ @@ -268,7 +262,7 @@ call_details::arg_is_size_p (unsigned idx) const location_t call_details::get_location () const { - return m_call->location; + return m_call.location; } /* Get argument IDX at the callsite as a tree. */ @@ -276,7 +270,7 @@ call_details::get_location () const tree call_details::get_arg_tree (unsigned idx) const { - return gimple_call_arg (m_call, idx); + return gimple_call_arg (&m_call, idx); } /* Get the type of argument IDX. */ @@ -284,7 +278,7 @@ call_details::get_arg_tree (unsigned idx) const tree call_details::get_arg_type (unsigned idx) const { - return TREE_TYPE (gimple_call_arg (m_call, idx)); + return TREE_TYPE (gimple_call_arg (&m_call, idx)); } /* Get argument IDX at the callsite as an svalue. */ @@ -340,7 +334,7 @@ void call_details::dump_to_pp (pretty_printer *pp, bool simple) const { pp_string (pp, "gcall: "); - pp_gimple_stmt_1 (pp, m_call, 0 /* spc */, TDF_NONE /* flags */); + pp_gimple_stmt_1 (pp, &m_call, 0 /* spc */, TDF_NONE /* flags */); pp_newline (pp); pp_string (pp, "return region: "); if (m_lhs_region) @@ -348,7 +342,7 @@ call_details::dump_to_pp (pretty_printer *pp, bool simple) const else pp_string (pp, "NULL"); pp_newline (pp); - for (unsigned i = 0; i < gimple_call_num_args (m_call); i++) + for (unsigned i = 0; i < gimple_call_num_args (&m_call); i++) { const svalue *arg_sval = get_arg_svalue (i); pp_printf (pp, "arg %i: ", i); @@ -366,6 +360,65 @@ call_details::dump (bool simple) const dump_to_pp (&pp, simple); } +/* Dump a tree-like representation of this call to stderr. */ + +DEBUG_FUNCTION void +call_details::dump () const +{ + text_art::dump (*this); +} + +std::unique_ptr<text_art::tree_widget> +call_details::make_dump_widget (const text_art::dump_widget_info &dwi) const +{ + using text_art::tree_widget; + std::unique_ptr<tree_widget> cd_widget + (tree_widget::from_fmt (dwi, nullptr, "Call Details")); + + { + pretty_printer the_pp; + pretty_printer * const pp = &the_pp; + pp_format_decoder (pp) = default_tree_printer; + pp_string (pp, "gcall: "); + pp_gimple_stmt_1 (pp, &m_call, 0 /* spc */, TDF_NONE /* flags */); + cd_widget->add_child (tree_widget::make (dwi, pp)); + } + { + pretty_printer the_pp; + pretty_printer * const pp = &the_pp; + pp_format_decoder (pp) = default_tree_printer; + pp_string (pp, "return region: "); + if (m_lhs_region) + m_lhs_region->dump_to_pp (pp, true); + else + pp_string (pp, "NULL"); + auto w = tree_widget::make (dwi, pp); + if (m_lhs_region) + w->add_child (m_lhs_region->make_dump_widget (dwi)); + cd_widget->add_child (std::move (w)); + } + if (gimple_call_num_args (&m_call) > 0) + { + std::unique_ptr<tree_widget> args_widget + (tree_widget::from_fmt (dwi, nullptr, "Arguments")); + for (unsigned i = 0; i < gimple_call_num_args (&m_call); i++) + { + pretty_printer the_pp; + pretty_printer * const pp = &the_pp; + pp_format_decoder (pp) = default_tree_printer; + const svalue *arg_sval = get_arg_svalue (i); + pp_printf (pp, "%i: ", i); + arg_sval->dump_to_pp (pp, true); + auto w = tree_widget::make (dwi, pp); + w->add_child (arg_sval->make_dump_widget (dwi)); + args_widget->add_child (std::move (w)); + } + cd_widget->add_child (std::move (args_widget)); + } + + return cd_widget; +} + /* Get a conjured_svalue for this call for REG, and purge any state already relating to that conjured_svalue. */ @@ -373,7 +426,7 @@ const svalue * call_details::get_or_create_conjured_svalue (const region *reg) const { region_model_manager *mgr = m_model->get_manager (); - return mgr->get_or_create_conjured_svalue (reg->get_type (), m_call, reg, + return mgr->get_or_create_conjured_svalue (reg->get_type (), &m_call, reg, conjured_purge (m_model, m_ctxt)); } @@ -388,7 +441,7 @@ call_details::lookup_function_attribute (const char *attr_name) const if (tree fndecl = get_fndecl_for_call ()) allocfntype = TREE_TYPE (fndecl); else - allocfntype = gimple_call_fntype (m_call); + allocfntype = gimple_call_fntype (&m_call); if (!allocfntype) return NULL_TREE; @@ -540,10 +593,10 @@ call_details::complain_about_overlap (unsigned arg_idx_a, if (!byte_range_a.intersection (byte_range_b, *model).is_true ()) return; - ctxt->warn (make_unique<overlapping_buffers> (get_fndecl_for_call (), - byte_range_a, - byte_range_b, - num_bytes_read_sval)); + ctxt->warn (std::make_unique<overlapping_buffers> (get_fndecl_for_call (), + byte_range_a, + byte_range_b, + num_bytes_read_sval)); } } // namespace ana diff --git a/gcc/analyzer/call-details.h b/gcc/analyzer/call-details.h index fee7ad4..c0a9118 100644 --- a/gcc/analyzer/call-details.h +++ b/gcc/analyzer/call-details.h @@ -28,7 +28,7 @@ namespace ana { class call_details { public: - call_details (const gcall *call, region_model *model, + call_details (const gcall &call, region_model *model, region_model_context *ctxt); call_details (const call_details &cd, region_model_context *ctxt); @@ -55,7 +55,7 @@ public: return INTEGRAL_TYPE_P (get_arg_type (idx)); } - const gcall *get_call_stmt () const { return m_call; } + const gcall &get_call_stmt () const { return m_call; } location_t get_location () const; tree get_arg_tree (unsigned idx) const; @@ -68,6 +68,10 @@ public: void dump_to_pp (pretty_printer *pp, bool simple) const; void dump (bool simple) const; + void dump () const; + + std::unique_ptr<text_art::tree_widget> + make_dump_widget (const text_art::dump_widget_info &dwi) const; const svalue *get_or_create_conjured_svalue (const region *) const; @@ -86,7 +90,7 @@ public: const svalue *num_bytes_read_sval) const; private: - const gcall *m_call; + const gcall &m_call; region_model *m_model; region_model_context *m_ctxt; tree m_lhs_type; @@ -110,13 +114,13 @@ public: bool operator== (const call_arg_details &other) const { - return (m_call == other.m_call + return (&m_call == &other.m_call && m_called_fndecl == other.m_called_fndecl && m_arg_idx == other.m_arg_idx && pending_diagnostic::same_tree_p (m_arg_expr, other.m_arg_expr)); } - const gcall *m_call; + const gcall &m_call; tree m_called_fndecl; unsigned m_arg_idx; // 0-based tree m_arg_expr; diff --git a/gcc/analyzer/call-info.cc b/gcc/analyzer/call-info.cc index 1adbf64..9a698ef 100644 --- a/gcc/analyzer/call-info.cc +++ b/gcc/analyzer/call-info.cc @@ -18,45 +18,31 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "tree.h" -#include "function.h" -#include "basic-block.h" -#include "gimple.h" -#include "gimple-iterator.h" -#include "diagnostic-core.h" -#include "options.h" -#include "cgraph.h" -#include "tree-pretty-print.h" -#include "bitmap.h" -#include "analyzer/analyzer.h" -#include "analyzer/analyzer-logging.h" +#include "analyzer/common.h" + #include "ordered-hash-map.h" #include "cfg.h" #include "digraph.h" -#include "analyzer/supergraph.h" #include "sbitmap.h" +#include "diagnostic-event-id.h" + +#include "analyzer/analyzer-logging.h" +#include "analyzer/supergraph.h" #include "analyzer/call-string.h" #include "analyzer/program-point.h" #include "analyzer/store.h" #include "analyzer/region-model.h" #include "analyzer/constraint-manager.h" -#include "diagnostic-event-id.h" #include "analyzer/sm.h" #include "analyzer/pending-diagnostic.h" #include "analyzer/region-model-reachability.h" #include "analyzer/analyzer-selftests.h" #include "analyzer/program-state.h" -#include "diagnostic-path.h" #include "analyzer/checker-path.h" #include "analyzer/diagnostic-manager.h" #include "analyzer/exploded-graph.h" #include "analyzer/call-details.h" #include "analyzer/call-info.h" -#include "make-unique.h" #if ENABLE_ANALYZER @@ -72,6 +58,18 @@ custom_edge_info::update_state (program_state *state, return update_model (state->m_region_model, eedge, ctxt); } +/* Base implementation of custom_edge_info::create_enode vfunc. */ + +exploded_node * +custom_edge_info::create_enode (exploded_graph &eg, + const program_point &point, + program_state &&state, + exploded_node *enode_for_diag, + region_model_context *) const +{ + return eg.get_or_create_node (point, state, enode_for_diag); +} + /* class call_info : public custom_edge_info. */ /* Implementation of custom_edge_info::print vfunc for call_info. */ @@ -115,7 +113,7 @@ call_info::add_events_to_path (checker_path *emission_path, const int stack_depth = src_point.get_stack_depth (); emission_path->add_event - (make_unique<call_event> (event_loc_info (get_call_stmt ()->location, + (std::make_unique<call_event> (event_loc_info (get_call_stmt ().location, caller_fndecl, stack_depth), this)); diff --git a/gcc/analyzer/call-info.h b/gcc/analyzer/call-info.h index ec304d8..6548d86 100644 --- a/gcc/analyzer/call-info.h +++ b/gcc/analyzer/call-info.h @@ -30,11 +30,11 @@ namespace ana { class call_info : public custom_edge_info { public: - void print (pretty_printer *pp) const final override; + void print (pretty_printer *pp) const override; void add_events_to_path (checker_path *emission_path, - const exploded_edge &eedge) const final override; + const exploded_edge &eedge) const override; - const gcall *get_call_stmt () const { return m_call_stmt; } + const gcall &get_call_stmt () const { return m_call_stmt; } tree get_fndecl () const { return m_fndecl; } virtual void print_desc (pretty_printer &pp) const = 0; @@ -47,7 +47,7 @@ protected: call_info (const call_details &cd, const function &called_fn); private: - const gcall *m_call_stmt; + const gcall &m_call_stmt; tree m_fndecl; }; diff --git a/gcc/analyzer/call-string.cc b/gcc/analyzer/call-string.cc index 5099986..afa8004 100644 --- a/gcc/analyzer/call-string.cc +++ b/gcc/analyzer/call-string.cc @@ -18,26 +18,11 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#include "system.h" -#include "coretypes.h" -#include "pretty-print.h" -#include "tree.h" -#include "options.h" -#include "ordered-hash-map.h" -#include "options.h" -#include "cgraph.h" -#include "function.h" -#include "cfg.h" -#include "basic-block.h" -#include "gimple.h" -#include "gimple-iterator.h" -#include "digraph.h" -#include "analyzer/analyzer.h" +#include "analyzer/common.h" + #include "analyzer/analyzer-logging.h" #include "analyzer/call-string.h" #include "analyzer/supergraph.h" -#include "make-unique.h" #if ENABLE_ANALYZER @@ -106,11 +91,11 @@ call_string::print (pretty_printer *pp) const std::unique_ptr<json::value> call_string::to_json () const { - auto arr = ::make_unique<json::array> (); + auto arr = std::make_unique<json::array> (); for (const call_string::element_t &e : m_elements) { - auto e_obj = ::make_unique<json::object> (); + auto e_obj = std::make_unique<json::object> (); e_obj->set_integer ("src_snode_idx", e.m_callee->m_index); e_obj->set_integer ("dst_snode_idx", e.m_caller->m_index); e_obj->set_string ("funcname", function_name (e.m_caller->m_fun)); diff --git a/gcc/analyzer/call-summary.cc b/gcc/analyzer/call-summary.cc index 27fb575..33de3d6 100644 --- a/gcc/analyzer/call-summary.cc +++ b/gcc/analyzer/call-summary.cc @@ -17,16 +17,8 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "tree.h" -#include "tree-dfa.h" -#include "diagnostic-core.h" -#include "diagnostic.h" -#include "tree-diagnostic.h" -#include "analyzer/analyzer.h" +#include "analyzer/common.h" + #include "analyzer/region-model.h" #include "analyzer/call-summary.h" #include "analyzer/exploded-graph.h" @@ -165,7 +157,7 @@ call_summary::dump (const extrinsic_state &ext_state, bool simple) const call_summary_replay::call_summary_replay (const call_details &cd, const function &called_fn, - call_summary *summary, + call_summary &summary, const extrinsic_state &ext_state) : m_cd (cd), m_summary (summary), @@ -816,7 +808,7 @@ call_summary_replay::dump_to_pp (pretty_printer *pp, bool simple) const pp_newline (pp); pp_string (pp, "CALLEE SUMMARY:"); pp_newline (pp); - m_summary->dump_to_pp (m_ext_state, pp, simple); + m_summary.dump_to_pp (m_ext_state, pp, simple); /* Current state of caller (could be in mid-update). */ pp_newline (pp); diff --git a/gcc/analyzer/call-summary.h b/gcc/analyzer/call-summary.h index 220dd083..7280cca 100644 --- a/gcc/analyzer/call-summary.h +++ b/gcc/analyzer/call-summary.h @@ -69,11 +69,11 @@ class call_summary_replay public: call_summary_replay (const call_details &cd, const function &called_fn, - call_summary *m_summary, + call_summary &summary, const extrinsic_state &ext_state); const call_details &get_call_details () const { return m_cd; } - const gcall *get_call_stmt () const { return m_cd.get_call_stmt (); } + const gcall &get_call_stmt () const { return m_cd.get_call_stmt (); } region_model_manager *get_manager () const { return m_cd.get_manager (); } store_manager *get_store_manager () const { @@ -102,7 +102,7 @@ private: const region *convert_region_from_summary_1 (const region *); const call_details &m_cd; - call_summary *m_summary; + call_summary &m_summary; const extrinsic_state &m_ext_state; // Mapping from svalues in summary to svalues for callsite: diff --git a/gcc/analyzer/checker-event.cc b/gcc/analyzer/checker-event.cc index 5d7647c..958cdbf 100644 --- a/gcc/analyzer/checker-event.cc +++ b/gcc/analyzer/checker-event.cc @@ -18,45 +18,31 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "tree.h" -#include "function.h" -#include "basic-block.h" -#include "gimple.h" -#include "diagnostic-core.h" +#include "analyzer/common.h" + #include "gimple-pretty-print.h" +#include "sbitmap.h" +#include "ordered-hash-map.h" #include "fold-const.h" -#include "diagnostic-path.h" -#include "options.h" -#include "cgraph.h" -#include "cfg.h" -#include "digraph.h" -#include "diagnostic-event-id.h" -#include "analyzer/analyzer.h" +#include "gimple-iterator.h" +#include "inlining-iterator.h" +#include "tree-logical-location.h" +#include "diagnostic-format-sarif.h" + #include "analyzer/analyzer-logging.h" #include "analyzer/sm.h" -#include "sbitmap.h" -#include "bitmap.h" -#include "ordered-hash-map.h" #include "analyzer/call-string.h" #include "analyzer/program-point.h" #include "analyzer/store.h" #include "analyzer/region-model.h" #include "analyzer/program-state.h" #include "analyzer/checker-path.h" -#include "gimple-iterator.h" -#include "inlining-iterator.h" #include "analyzer/supergraph.h" #include "analyzer/pending-diagnostic.h" #include "analyzer/diagnostic-manager.h" #include "analyzer/constraint-manager.h" #include "analyzer/checker-event.h" #include "analyzer/exploded-graph.h" -#include "diagnostic-format-sarif.h" -#include "tree-logical-location.h" #if ENABLE_ANALYZER @@ -71,40 +57,46 @@ event_kind_to_string (enum event_kind ek) { default: gcc_unreachable (); - case EK_DEBUG: - return "EK_DEBUG"; - case EK_CUSTOM: - return "EK_CUSTOM"; - case EK_STMT: - return "EK_STMT"; - case EK_REGION_CREATION: - return "EK_REGION_CREATION"; - case EK_FUNCTION_ENTRY: - return "EK_FUNCTION_ENTRY"; - case EK_STATE_CHANGE: - return "EK_STATE_CHANGE"; - case EK_START_CFG_EDGE: - return "EK_START_CFG_EDGE"; - case EK_END_CFG_EDGE: - return "EK_END_CFG_EDGE"; - case EK_CALL_EDGE: - return "EK_CALL_EDGE"; - case EK_RETURN_EDGE: - return "EK_RETURN_EDGE"; - case EK_START_CONSOLIDATED_CFG_EDGES: - return "EK_START_CONSOLIDATED_CFG_EDGES"; - case EK_END_CONSOLIDATED_CFG_EDGES: - return "EK_END_CONSOLIDATED_CFG_EDGES"; - case EK_INLINED_CALL: - return "EK_INLINED_CALL"; - case EK_SETJMP: - return "EK_SETJMP"; - case EK_REWIND_FROM_LONGJMP: - return "EK_REWIND_FROM_LONGJMP"; - case EK_REWIND_TO_SETJMP: - return "EK_REWIND_TO_SETJMP"; - case EK_WARNING: - return "EK_WARNING"; + case event_kind::debug: + return "debug"; + case event_kind::custom: + return "custom"; + case event_kind::stmt: + return "stmt"; + case event_kind::region_creation: + return "region_creation"; + case event_kind::function_entry: + return "function_entry"; + case event_kind::state_change: + return "state_change"; + case event_kind::start_cfg_edge: + return "start_cfg_edge"; + case event_kind::end_cfg_edge: + return "end_cfg_edge"; + case event_kind::catch_: + return "catch"; + case event_kind::call_edge: + return "call_edge"; + case event_kind::return_edge: + return "return_edge"; + case event_kind::start_consolidated_cfg_edges: + return "start_consolidated_cfg_edges"; + case event_kind::end_consolidated_cfg_edges: + return "end_consolidated_cfg_edges"; + case event_kind::inlined_call: + return "inlined_call"; + case event_kind::setjmp_: + return "setjmp"; + case event_kind::rewind_from_longjmp: + return "rewind_from_longjmp"; + case event_kind::rewind_to_setjmp: + return "rewind_to_setjmp"; + case event_kind::throw_: + return "throw"; + case event_kind::unwind: + return "unwind"; + case event_kind::warning: + return "warning"; } } @@ -258,7 +250,7 @@ precanned_custom_event::print_desc (pretty_printer &pp) const statement_event::statement_event (const gimple *stmt, tree fndecl, int depth, const program_state &dst_state) -: checker_event (EK_STMT, +: checker_event (event_kind::stmt, event_loc_info (gimple_location (stmt), fndecl, depth)), m_stmt (stmt), m_dst_state (dst_state) @@ -279,7 +271,7 @@ statement_event::print_desc (pretty_printer &pp) const /* class region_creation_event : public checker_event. */ region_creation_event::region_creation_event (const event_loc_info &loc_info) -: checker_event (EK_REGION_CREATION, loc_info) +: checker_event (event_kind::region_creation, loc_info) { } @@ -351,7 +343,7 @@ region_creation_event_debug::print_desc (pretty_printer &pp) const /* class function_entry_event : public checker_event. */ function_entry_event::function_entry_event (const program_point &dst_point) -: checker_event (EK_FUNCTION_ENTRY, +: checker_event (event_kind::function_entry, event_loc_info (dst_point.get_supernode ()->get_start_location (), dst_point.get_fndecl (), @@ -393,7 +385,7 @@ state_change_event::state_change_event (const supernode *node, const svalue *origin, const program_state &dst_state, const exploded_node *enode) -: checker_event (EK_STATE_CHANGE, +: checker_event (event_kind::state_change, event_loc_info (stmt->location, node->m_fun->decl, stack_depth)), @@ -741,7 +733,7 @@ start_cfg_edge_event::maybe_describe_condition (bool can_colorize, && zerop (rhs)) { if (gcall *call = dyn_cast <gcall *> (SSA_NAME_DEF_STMT (lhs))) - if (is_special_named_call_p (call, "strcmp", 2)) + if (is_special_named_call_p (*call, "strcmp", 2)) { if (op == EQ_EXPR) return label_text::borrow ("when the strings are equal"); @@ -804,7 +796,7 @@ start_cfg_edge_event::should_print_expr_p (tree expr) call_event::call_event (const exploded_edge &eedge, const event_loc_info &loc_info) -: superedge_event (EK_CALL_EDGE, eedge, loc_info) +: superedge_event (event_kind::call_edge, eedge, loc_info) { if (eedge.m_sedge) gcc_assert (eedge.m_sedge->m_kind == SUPEREDGE_CALL); @@ -880,7 +872,7 @@ call_event::get_callee_fndecl () const return_event::return_event (const exploded_edge &eedge, const event_loc_info &loc_info) -: superedge_event (EK_RETURN_EDGE, eedge, loc_info) +: superedge_event (event_kind::return_edge, eedge, loc_info) { if (eedge.m_sedge) gcc_assert (eedge.m_sedge->m_kind == SUPEREDGE_RETURN); @@ -1118,6 +1110,50 @@ rewind_to_setjmp_event::prepare_for_emission (checker_path *path, &m_original_setjmp_event_id); } +/* class throw_event : public checker_event. */ + +/* class explicit_throw_event : public throw_event. */ +void +explicit_throw_event::print_desc (pretty_printer &pp) const +{ + if (m_is_rethrow) + { + if (m_type) + pp_printf (&pp, "rethrowing exception of type %qT here...", m_type); + else + pp_printf (&pp, "rethrowing exception here..."); + } + else + { + if (m_type) + pp_printf (&pp, "throwing exception of type %qT here...", m_type); + else + pp_printf (&pp, "throwing exception here..."); + } +} + +/* class throw_from_call_to_external_fn_event : public throw_event. */ + +void +throw_from_call_to_external_fn_event::print_desc (pretty_printer &pp) const +{ + if (m_fndecl) + pp_printf (&pp, "if %qD throws an exception...", m_fndecl); + else + pp_printf (&pp, "if the called function throws an exception..."); +} + +// class unwind_event : public checker_event + +void +unwind_event::print_desc (pretty_printer &pp) const +{ + if (m_num_frames > 1) + pp_printf (&pp, "unwinding %i stack frames", m_num_frames); + else + pp_printf (&pp, "unwinding stack frame"); +} + /* class warning_event : public checker_event. */ /* Implementation of diagnostic_event::print_desc vfunc for diff --git a/gcc/analyzer/checker-event.h b/gcc/analyzer/checker-event.h index f92f514..f3ab899 100644 --- a/gcc/analyzer/checker-event.h +++ b/gcc/analyzer/checker-event.h @@ -30,25 +30,28 @@ namespace ana { /* An enum for discriminating between the concrete subclasses of checker_event. */ -enum event_kind -{ - EK_DEBUG, - EK_CUSTOM, - EK_STMT, - EK_REGION_CREATION, - EK_FUNCTION_ENTRY, - EK_STATE_CHANGE, - EK_START_CFG_EDGE, - EK_END_CFG_EDGE, - EK_CALL_EDGE, - EK_RETURN_EDGE, - EK_START_CONSOLIDATED_CFG_EDGES, - EK_END_CONSOLIDATED_CFG_EDGES, - EK_INLINED_CALL, - EK_SETJMP, - EK_REWIND_FROM_LONGJMP, - EK_REWIND_TO_SETJMP, - EK_WARNING +enum class event_kind +{ + debug, + custom, + stmt, + region_creation, + function_entry, + state_change, + start_cfg_edge, + end_cfg_edge, + catch_, + call_edge, + return_edge, + start_consolidated_cfg_edges, + end_consolidated_cfg_edges, + inlined_call, + setjmp_, + rewind_from_longjmp, + rewind_to_setjmp, + throw_, + unwind, + warning }; extern const char *event_kind_to_string (enum event_kind ek); @@ -60,27 +63,32 @@ extern const char *event_kind_to_string (enum event_kind ek); diagnostic_event checker_event - debug_event (EK_DEBUG) - custom_event (EK_CUSTOM) + debug_event (event_kind::debug) + custom_event (event_kind::custom) precanned_custom_event - statement_event (EK_STMT) - region_creation_event (EK_REGION_CREATION) - function_entry_event (EK_FUNCTION_ENTRY) - state_change_event (EK_STATE_CHANGE) + statement_event (event_kind::stmt) + region_creation_event (event_kind::region_creation) + function_entry_event (event_kind::function_entry) + state_change_event (event_kind::state_change) superedge_event cfg_edge_event - start_cfg_edge_event (EK_START_CFG_EDGE) - end_cfg_edge_event (EK_END_CFG_EDGE) - call_event (EK_CALL_EDGE) - return_edge (EK_RETURN_EDGE) - start_consolidated_cfg_edges_event (EK_START_CONSOLIDATED_CFG_EDGES) - end_consolidated_cfg_edges_event (EK_END_CONSOLIDATED_CFG_EDGES) - inlined_call_event (EK_INLINED_CALL) - setjmp_event (EK_SETJMP) + start_cfg_edge_event (event_kind::start_cfg_edge) + end_cfg_edge_event (event_kind::end_cfg_edge) + catch_cfg_edge_event (event_kind::catch_cfg_edge) + call_event (event_kind::call_edge) + return_edge (event_kind::return_edge) + start_consolidated_cfg_edges_event (event_kind::start_consolidated_cfg_edges) + end_consolidated_cfg_edges_event (event_kind::end_consolidated_cfg_edges) + inlined_call_event (event_kind::inlined_call) + setjmp_event (event_kind::setjmp_) rewind_event - rewind_from_longjmp_event (EK_REWIND_FROM_LONGJMP) - rewind_to_setjmp_event (EK_REWIND_TO_SETJMP) - warning_event (EK_WARNING). */ + rewind_from_longjmp_event (event_kind::rewind_from_longjmp) + rewind_to_setjmp_event (event_kind::rewind_to_setjmp) + throw_event (event_kind:throw_) + explicit_throw_event + throw_from_call_to_external_fn_event + unwind_event (event_kind::unwind) + warning_event (event_kind::warning). */ /* Abstract subclass of diagnostic_event; the base class for use in checker_path (the analyzer's diagnostic_path subclass). */ @@ -158,7 +166,7 @@ public: debug_event (const event_loc_info &loc_info, const char *desc) - : checker_event (EK_DEBUG, loc_info), + : checker_event (event_kind::debug, loc_info), m_desc (xstrdup (desc)) { } @@ -180,7 +188,7 @@ class custom_event : public checker_event { protected: custom_event (const event_loc_info &loc_info) - : checker_event (EK_CUSTOM, loc_info) + : checker_event (event_kind::custom, loc_info) { } }; @@ -329,7 +337,7 @@ class function_entry_event : public checker_event { public: function_entry_event (const event_loc_info &loc_info) - : checker_event (EK_FUNCTION_ENTRY, loc_info) + : checker_event (event_kind::function_entry, loc_info) { } @@ -435,7 +443,7 @@ class start_cfg_edge_event : public cfg_edge_event public: start_cfg_edge_event (const exploded_edge &eedge, const event_loc_info &loc_info) - : cfg_edge_event (EK_START_CFG_EDGE, eedge, loc_info) + : cfg_edge_event (event_kind::start_cfg_edge, eedge, loc_info) { } @@ -461,7 +469,7 @@ class end_cfg_edge_event : public cfg_edge_event public: end_cfg_edge_event (const exploded_edge &eedge, const event_loc_info &loc_info) - : cfg_edge_event (EK_END_CFG_EDGE, eedge, loc_info) + : cfg_edge_event (event_kind::end_cfg_edge, eedge, loc_info) { } @@ -471,6 +479,32 @@ public: } }; +/* A concrete event subclass for catching an exception + e.g. "...catching 'struct io_error' here". */ + +class catch_cfg_edge_event : public cfg_edge_event +{ +public: + catch_cfg_edge_event (const exploded_edge &eedge, + const event_loc_info &loc_info, + tree type) + : cfg_edge_event (event_kind::catch_, eedge, loc_info), + m_type (type) + { + } + + void print_desc (pretty_printer &pp) const final override + { + if (m_type) + pp_printf (&pp, "...catching exception of type %qT here", m_type); + else + pp_string (&pp, "...catching exception here"); + } + +private: + tree m_type; +}; + /* A concrete event subclass for an interprocedural call. */ class call_event : public superedge_event @@ -517,7 +551,7 @@ class start_consolidated_cfg_edges_event : public checker_event public: start_consolidated_cfg_edges_event (const event_loc_info &loc_info, bool edge_sense) - : checker_event (EK_START_CONSOLIDATED_CFG_EDGES, loc_info), + : checker_event (event_kind::start_consolidated_cfg_edges, loc_info), m_edge_sense (edge_sense) { } @@ -537,7 +571,7 @@ class end_consolidated_cfg_edges_event : public checker_event { public: end_consolidated_cfg_edges_event (const event_loc_info &loc_info) - : checker_event (EK_END_CONSOLIDATED_CFG_EDGES, loc_info) + : checker_event (event_kind::end_consolidated_cfg_edges, loc_info) { } @@ -558,7 +592,7 @@ public: tree apparent_caller_fndecl, int actual_depth, int stack_depth_adjustment) - : checker_event (EK_INLINED_CALL, + : checker_event (event_kind::inlined_call, event_loc_info (loc, apparent_caller_fndecl, actual_depth + stack_depth_adjustment)), @@ -583,8 +617,8 @@ class setjmp_event : public checker_event public: setjmp_event (const event_loc_info &loc_info, const exploded_node *enode, - const gcall *setjmp_call) - : checker_event (EK_SETJMP, loc_info), + const gcall &setjmp_call) + : checker_event (event_kind::setjmp_, loc_info), m_enode (enode), m_setjmp_call (setjmp_call) { } @@ -597,7 +631,7 @@ public: private: const exploded_node *m_enode; - const gcall *m_setjmp_call; + const gcall &m_setjmp_call; }; /* An abstract event subclass for rewinding from a longjmp to a setjmp @@ -633,7 +667,7 @@ public: rewind_from_longjmp_event (const exploded_edge *eedge, const event_loc_info &loc_info, const rewind_info_t *rewind_info) - : rewind_event (eedge, EK_REWIND_FROM_LONGJMP, loc_info, + : rewind_event (eedge, event_kind::rewind_from_longjmp, loc_info, rewind_info) { } @@ -650,7 +684,7 @@ public: rewind_to_setjmp_event (const exploded_edge *eedge, const event_loc_info &loc_info, const rewind_info_t *rewind_info) - : rewind_event (eedge, EK_REWIND_TO_SETJMP, loc_info, + : rewind_event (eedge, event_kind::rewind_to_setjmp, loc_info, rewind_info) { } @@ -665,6 +699,88 @@ private: diagnostic_event_id_t m_original_setjmp_event_id; }; +/* An abstract subclass for throwing/rethrowing an exception. */ + +class throw_event : public checker_event +{ +public: + throw_event (const event_loc_info &loc_info, + const exploded_node *enode, + const gcall &throw_call) + : checker_event (event_kind::throw_, loc_info), + m_enode (enode), + m_throw_call (throw_call) + { + } + +protected: + const exploded_node *m_enode; + const gcall &m_throw_call; +}; + +/* A concrete event subclass for an explicit "throw EXC;" + or "throw;" (actually, a call to __cxa_throw or __cxa_rethrow). */ + +class explicit_throw_event : public throw_event +{ +public: + explicit_throw_event (const event_loc_info &loc_info, + const exploded_node *enode, + const gcall &throw_call, + tree type, + bool is_rethrow) + : throw_event (loc_info, enode, throw_call), + m_type (type), + m_is_rethrow (is_rethrow) + { + } + + void print_desc (pretty_printer &pp) const final override; + +private: + tree m_type; + bool m_is_rethrow; +}; + +/* A concrete event subclass for an exception being thrown + from within a call to a function we don't have the body of, + or where we don't know what function was called. */ + +class throw_from_call_to_external_fn_event : public throw_event +{ +public: + throw_from_call_to_external_fn_event (const event_loc_info &loc_info, + const exploded_node *enode, + const gcall &throw_call, + tree fndecl) + : throw_event (loc_info, enode, throw_call), + m_fndecl (fndecl) + { + } + + void print_desc (pretty_printer &pp) const final override; + +private: + tree m_fndecl; +}; + +/* A concrete event subclass for unwinding a stack frame when + processing an exception. */ + +class unwind_event : public checker_event +{ +public: + unwind_event (const event_loc_info &loc_info) + : checker_event (event_kind::unwind, loc_info), + m_num_frames (1) + { + } + + void print_desc (pretty_printer &pp) const final override; + + int m_num_frames; +}; + /* Concrete subclass of checker_event for use at the end of a path: a repeat of the warning message at the end of the path (perhaps with references to pertinent events that occurred on the way), at the point @@ -677,7 +793,7 @@ public: const exploded_node *enode, const state_machine *sm, tree var, state_machine::state_t state) - : checker_event (EK_WARNING, loc_info), + : checker_event (event_kind::warning, loc_info), m_enode (enode), m_sm (sm), m_var (var), m_state (state) { diff --git a/gcc/analyzer/checker-path.cc b/gcc/analyzer/checker-path.cc index d97378e..9bde6f2 100644 --- a/gcc/analyzer/checker-path.cc +++ b/gcc/analyzer/checker-path.cc @@ -18,37 +18,22 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "tree.h" -#include "function.h" -#include "basic-block.h" -#include "gimple.h" -#include "diagnostic-core.h" -#include "gimple-pretty-print.h" -#include "fold-const.h" -#include "diagnostic-path.h" -#include "options.h" -#include "cgraph.h" -#include "cfg.h" -#include "digraph.h" -#include "diagnostic-event-id.h" -#include "analyzer/analyzer.h" -#include "analyzer/analyzer-logging.h" -#include "analyzer/sm.h" +#include "analyzer/common.h" + +#include "tree-pretty-print.h" #include "sbitmap.h" -#include "bitmap.h" #include "ordered-hash-map.h" +#include "gimple-iterator.h" +#include "inlining-iterator.h" + +#include "analyzer/analyzer-logging.h" +#include "analyzer/sm.h" #include "analyzer/call-string.h" #include "analyzer/program-point.h" #include "analyzer/store.h" #include "analyzer/region-model.h" #include "analyzer/program-state.h" #include "analyzer/checker-path.h" -#include "gimple-iterator.h" -#include "inlining-iterator.h" #include "analyzer/supergraph.h" #include "analyzer/pending-diagnostic.h" #include "analyzer/diagnostic-manager.h" @@ -56,7 +41,6 @@ along with GCC; see the file COPYING3. If not see #include "analyzer/diagnostic-manager.h" #include "analyzer/checker-path.h" #include "analyzer/exploded-graph.h" -#include "make-unique.h" #if ENABLE_ANALYZER @@ -164,8 +148,8 @@ checker_path::add_region_creation_events (pending_diagnostic *pd, pd->add_region_creation_events (reg, capacity, loc_info, *this); if (debug) - add_event (make_unique<region_creation_event_debug> (reg, capacity, - loc_info)); + add_event (std::make_unique<region_creation_event_debug> (reg, capacity, + loc_info)); } void @@ -183,8 +167,8 @@ checker_path::cfg_edge_pair_at_p (unsigned idx) const { if (m_events.length () < idx + 1) return false; - return (m_events[idx]->m_kind == EK_START_CFG_EDGE - && m_events[idx + 1]->m_kind == EK_END_CFG_EDGE); + return (m_events[idx]->m_kind == event_kind::start_cfg_edge + && m_events[idx + 1]->m_kind == event_kind::end_cfg_edge); } /* Consider a call from "outer" to "middle" which calls "inner", @@ -202,38 +186,38 @@ checker_path::cfg_edge_pair_at_p (unsigned idx) const (for gcc.dg/analyzer/inlining-4.c): before[0]: - EK_FUNCTION_ENTRY "entry to ‘outer’" + event_kind::function_entry "entry to ‘outer’" (depth 1, fndecl ‘outer’, m_loc=511c4) before[1]: - EK_START_CFG_EDGE "following ‘true’ branch (when ‘flag != 0’)..." + event_kind::start_cfg_edge "following ‘true’ branch (when ‘flag != 0’)..." (depth 3 corrected from 1, fndecl ‘inner’ corrected from ‘outer’, m_loc=8000000f) before[2]: - EK_END_CFG_EDGE "...to here" + event_kind::end_cfg_edge "...to here" (depth 1, fndecl ‘outer’, m_loc=0) before[3]: - EK_WARNING "here (‘<unknown>’ is in state ‘null’)" + event_kind::warning "here (‘<unknown>’ is in state ‘null’)" (depth 1, fndecl ‘outer’, m_loc=80000004) We want to add inlined_call_events showing the calls, so that the above becomes: after[0]: - EK_FUNCTION_ENTRY "entry to ‘outer’" + event_kind::function_entry "entry to ‘outer’" (depth 1, fndecl ‘outer’, m_loc=511c4) after[1]: - EK_INLINED_CALL "inlined call to ‘middle’ from ‘outer’" + event_kind::inlined_call "inlined call to ‘middle’ from ‘outer’" (depth 1, fndecl ‘outer’, m_loc=53300) after[2]: - EK_INLINED_CALL "inlined call to ‘inner’ from ‘middle’" + event_kind::inlined_call "inlined call to ‘inner’ from ‘middle’" (depth 2, fndecl ‘middle’, m_loc=4d2e0) after[3]: - EK_START_CFG_EDGE "following ‘true’ branch (when ‘flag != 0’)..." + event_kind::start_cfg_edge "following ‘true’ branch (when ‘flag != 0’)..." (depth 3 corrected from 1, fndecl ‘inner’ corrected from ‘outer’, m_loc=8000000f) - after[4]: EK_END_CFG_EDGE "...to here" + after[4]: event_kind::end_cfg_edge "...to here" (depth 1, fndecl ‘outer’, m_loc=0) - after[5]: EK_WARNING "here (‘<unknown>’ is in state ‘null’)" + after[5]: event_kind::warning "here (‘<unknown>’ is in state ‘null’)" (depth 1, fndecl ‘outer’, m_loc=80000004) where we've added events between before[0] and before[1] to show diff --git a/gcc/analyzer/analyzer.h b/gcc/analyzer/common.h index 4843d99..cb03004 100644 --- a/gcc/analyzer/analyzer.h +++ b/gcc/analyzer/common.h @@ -1,4 +1,4 @@ -/* Utility functions for the analyzer. +/* Base header for the analyzer, plus utility functions. Copyright (C) 2019-2025 Free Software Foundation, Inc. Contributed by David Malcolm <dmalcolm@redhat.com>. @@ -18,9 +18,21 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#ifndef GCC_ANALYZER_ANALYZER_H -#define GCC_ANALYZER_ANALYZER_H +#ifndef GCC_ANALYZER_COMMON_H +#define GCC_ANALYZER_COMMON_H +#include "config.h" +#define INCLUDE_VECTOR +#include "system.h" +#include "coretypes.h" +#include "tree.h" +#include "function.h" +#include "basic-block.h" +#include "gimple.h" +#include "options.h" +#include "bitmap.h" +#include "diagnostic-core.h" +#include "diagnostic-path.h" #include "rich-location.h" #include "function.h" #include "json.h" @@ -37,6 +49,9 @@ class supernode; class superedge; class cfg_superedge; class switch_cfg_superedge; + class eh_dispatch_cfg_superedge; + class eh_dispatch_try_cfg_superedge; + class eh_dispatch_allowed_cfg_superedge; class callgraph_superedge; class call_superedge; class return_superedge; @@ -350,10 +365,10 @@ public: /* An enum for describing the direction of an access to memory. */ -enum access_direction +enum class access_direction { - DIR_READ, - DIR_WRITE + read, + write }; /* Abstract base class for associating custom data with an @@ -384,6 +399,12 @@ public: virtual void add_events_to_path (checker_path *emission_path, const exploded_edge &eedge) const = 0; + + virtual exploded_node *create_enode (exploded_graph &eg, + const program_point &point, + program_state &&state, + exploded_node *enode_for_diag, + region_model_context *ctxt) const; }; /* Abstract base class for splitting state. @@ -447,21 +468,23 @@ extern tree remove_ssa_names (tree expr); } // namespace ana -extern bool is_special_named_call_p (const gcall *call, const char *funcname, +extern bool is_special_named_call_p (const gcall &call, const char *funcname, unsigned int num_args, bool look_in_std = false); extern bool is_named_call_p (const_tree fndecl, const char *funcname); extern bool is_named_call_p (const_tree fndecl, const char *funcname, - const gcall *call, unsigned int num_args); + const gcall &call, unsigned int num_args); extern bool is_std_function_p (const_tree fndecl); extern bool is_std_named_call_p (const_tree fndecl, const char *funcname); extern bool is_std_named_call_p (const_tree fndecl, const char *funcname, - const gcall *call, unsigned int num_args); -extern bool is_setjmp_call_p (const gcall *call); -extern bool is_longjmp_call_p (const gcall *call); -extern bool is_placement_new_p (const gcall *call); + const gcall &call, unsigned int num_args); +extern bool is_setjmp_call_p (const gcall &call); +extern bool is_longjmp_call_p (const gcall &call); +extern bool is_placement_new_p (const gcall &call); +extern bool is_cxa_throw_p (const gcall &call); +extern bool is_cxa_rethrow_p (const gcall &call); -extern const char *get_user_facing_name (const gcall *call); +extern const char *get_user_facing_name (const gcall &call); extern void register_analyzer_pass (); @@ -577,4 +600,4 @@ private: extern void sorry_no_analyzer (); #endif /* #if !ENABLE_ANALYZER */ -#endif /* GCC_ANALYZER_ANALYZER_H */ +#endif /* GCC_ANALYZER_COMMON_H */ diff --git a/gcc/analyzer/complexity.cc b/gcc/analyzer/complexity.cc index cb88f60..4a0a156 100644 --- a/gcc/analyzer/complexity.cc +++ b/gcc/analyzer/complexity.cc @@ -18,34 +18,14 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "tree.h" -#include "diagnostic-core.h" -#include "gimple-pretty-print.h" -#include "function.h" -#include "basic-block.h" -#include "gimple.h" -#include "gimple-iterator.h" -#include "diagnostic-core.h" -#include "graphviz.h" -#include "options.h" -#include "cgraph.h" -#include "tree-dfa.h" -#include "stringpool.h" -#include "convert.h" -#include "target.h" -#include "fold-const.h" -#include "tree-pretty-print.h" -#include "bitmap.h" -#include "analyzer/analyzer.h" -#include "analyzer/analyzer-logging.h" +#include "analyzer/common.h" + #include "options.h" #include "cgraph.h" #include "cfg.h" #include "digraph.h" + +#include "analyzer/analyzer-logging.h" #include "analyzer/call-string.h" #include "analyzer/program-point.h" #include "analyzer/store.h" diff --git a/gcc/analyzer/constraint-manager.cc b/gcc/analyzer/constraint-manager.cc index 55d8996..869e437 100644 --- a/gcc/analyzer/constraint-manager.cc +++ b/gcc/analyzer/constraint-manager.cc @@ -18,28 +18,17 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "tree.h" -#include "function.h" -#include "basic-block.h" -#include "gimple.h" -#include "gimple-iterator.h" +#include "analyzer/common.h" + #include "fold-const.h" -#include "selftest.h" -#include "diagnostic-core.h" -#include "graphviz.h" -#include "analyzer/analyzer.h" #include "ordered-hash-map.h" -#include "options.h" #include "cgraph.h" #include "cfg.h" #include "digraph.h" -#include "analyzer/supergraph.h" #include "sbitmap.h" -#include "bitmap.h" +#include "tree-pretty-print.h" + +#include "analyzer/supergraph.h" #include "analyzer/analyzer-logging.h" #include "analyzer/call-string.h" #include "analyzer/program-point.h" @@ -48,8 +37,6 @@ along with GCC; see the file COPYING3. If not see #include "analyzer/constraint-manager.h" #include "analyzer/call-summary.h" #include "analyzer/analyzer-selftests.h" -#include "tree-pretty-print.h" -#include "make-unique.h" #if ENABLE_ANALYZER @@ -117,7 +104,7 @@ minus_one (tree cst) closed one. */ void -bound::ensure_closed (enum bound_kind bound_kind) +bound::ensure_closed (enum bound_kind bnd_kind) { if (!m_closed) { @@ -126,7 +113,7 @@ bound::ensure_closed (enum bound_kind bound_kind) and convert x < 5 into x <= 4. */ gcc_assert (CONSTANT_CLASS_P (m_constant)); gcc_assert (INTEGRAL_TYPE_P (TREE_TYPE (m_constant))); - m_constant = fold_build2 (bound_kind == BK_UPPER ? MINUS_EXPR : PLUS_EXPR, + m_constant = fold_build2 (bnd_kind == bound_kind::upper ? MINUS_EXPR : PLUS_EXPR, TREE_TYPE (m_constant), m_constant, integer_one_node); gcc_assert (CONSTANT_CLASS_P (m_constant)); @@ -203,8 +190,8 @@ range::constrained_to_single_element () return NULL_TREE; /* Convert any open bounds to closed bounds. */ - m_lower_bound.ensure_closed (BK_LOWER); - m_upper_bound.ensure_closed (BK_UPPER); + m_lower_bound.ensure_closed (bound_kind::lower); + m_upper_bound.ensure_closed (bound_kind::upper); // Are they equal? tree comparison = fold_binary (EQ_EXPR, boolean_type_node, @@ -303,30 +290,30 @@ range::above_upper_bound (tree rhs_const) const Return true if feasible; false if infeasible. */ bool -range::add_bound (bound b, enum bound_kind bound_kind) +range::add_bound (bound b, enum bound_kind bnd_kind) { /* Bail out on floating point constants. */ if (!INTEGRAL_TYPE_P (TREE_TYPE (b.m_constant))) return true; - b.ensure_closed (bound_kind); + b.ensure_closed (bnd_kind); - switch (bound_kind) + switch (bnd_kind) { default: gcc_unreachable (); - case BK_LOWER: + case bound_kind::lower: /* Discard redundant bounds. */ if (m_lower_bound.m_constant) { - m_lower_bound.ensure_closed (BK_LOWER); + m_lower_bound.ensure_closed (bound_kind::lower); if (tree_int_cst_le (b.m_constant, m_lower_bound.m_constant)) return true; } if (m_upper_bound.m_constant) { - m_upper_bound.ensure_closed (BK_UPPER); + m_upper_bound.ensure_closed (bound_kind::upper); /* Reject B <= V <= UPPER when B > UPPER. */ if (!tree_int_cst_le (b.m_constant, m_upper_bound.m_constant)) @@ -335,18 +322,18 @@ range::add_bound (bound b, enum bound_kind bound_kind) m_lower_bound = b; break; - case BK_UPPER: + case bound_kind::upper: /* Discard redundant bounds. */ if (m_upper_bound.m_constant) { - m_upper_bound.ensure_closed (BK_UPPER); + m_upper_bound.ensure_closed (bound_kind::upper); if (!tree_int_cst_lt (b.m_constant, m_upper_bound.m_constant)) return true; } if (m_lower_bound.m_constant) { - m_lower_bound.ensure_closed (BK_LOWER); + m_lower_bound.ensure_closed (bound_kind::lower); /* Reject LOWER <= V <= B when LOWER > B. */ if (!tree_int_cst_le (m_lower_bound.m_constant, b.m_constant)) @@ -371,16 +358,16 @@ range::add_bound (enum tree_code op, tree rhs_const) return true; case LT_EXPR: /* "V < RHS_CONST" */ - return add_bound (bound (rhs_const, false), BK_UPPER); + return add_bound (bound (rhs_const, false), bound_kind::upper); case LE_EXPR: /* "V <= RHS_CONST" */ - return add_bound (bound (rhs_const, true), BK_UPPER); + return add_bound (bound (rhs_const, true), bound_kind::upper); case GE_EXPR: /* "V >= RHS_CONST" */ - return add_bound (bound (rhs_const, true), BK_LOWER); + return add_bound (bound (rhs_const, true), bound_kind::lower); case GT_EXPR: /* "V > RHS_CONST" */ - return add_bound (bound (rhs_const, false), BK_LOWER); + return add_bound (bound (rhs_const, false), bound_kind::lower); } } @@ -449,7 +436,7 @@ bounded_range::dump (bool show_types) const std::unique_ptr<json::object> bounded_range::to_json () const { - auto range_obj = ::make_unique<json::object> (); + auto range_obj = std::make_unique<json::object> (); set_json_attr (*range_obj, "lower", m_lower); set_json_attr (*range_obj, "upper", m_upper); return range_obj; @@ -718,7 +705,7 @@ bounded_ranges::dump (bool show_types) const std::unique_ptr<json::value> bounded_ranges::to_json () const { - auto arr_obj = ::make_unique<json::array> (); + auto arr_obj = std::make_unique<json::array> (); for (unsigned i = 0; i < m_ranges.length (); ++i) arr_obj->append (m_ranges[i].to_json ()); @@ -1116,9 +1103,9 @@ equiv_class::print (pretty_printer *pp) const std::unique_ptr<json::object> equiv_class::to_json () const { - auto ec_obj = ::make_unique<json::object> (); + auto ec_obj = std::make_unique<json::object> (); - auto sval_arr = ::make_unique<json::array> (); + auto sval_arr = std::make_unique<json::array> (); for (const svalue *sval : m_vars) sval_arr->append (sval->to_json ()); ec_obj->set ("svals", std::move (sval_arr)); @@ -1383,7 +1370,7 @@ constraint::print (pretty_printer *pp, const constraint_manager &cm) const std::unique_ptr<json::object> constraint::to_json () const { - auto con_obj = ::make_unique<json::object> (); + auto con_obj = std::make_unique<json::object> (); con_obj->set_integer ("lhs", m_lhs.as_int ()); con_obj->set_string ("op", constraint_op_code (m_op)); @@ -1471,7 +1458,7 @@ bounded_ranges_constraint::print (pretty_printer *pp, std::unique_ptr<json::object> bounded_ranges_constraint::to_json () const { - auto con_obj = ::make_unique<json::object> (); + auto con_obj = std::make_unique<json::object> (); con_obj->set_integer ("ec", m_ec_id.as_int ()); con_obj->set ("ranges", m_ranges->to_json ()); @@ -1784,11 +1771,11 @@ debug (const constraint_manager &cm) std::unique_ptr<json::object> constraint_manager::to_json () const { - auto cm_obj = ::make_unique<json::object> (); + auto cm_obj = std::make_unique<json::object> (); /* Equivalence classes. */ { - auto ec_arr = ::make_unique<json::array> (); + auto ec_arr = std::make_unique<json::array> (); for (const equiv_class *ec : m_equiv_classes) ec_arr->append (ec->to_json ()); cm_obj->set ("ecs", std::move (ec_arr)); @@ -1796,7 +1783,7 @@ constraint_manager::to_json () const /* Constraints. */ { - auto con_arr = ::make_unique<json::array> (); + auto con_arr = std::make_unique<json::array> (); for (const constraint &c : m_constraints) con_arr->append (c.to_json ()); cm_obj->set ("constraints", std::move (con_arr)); @@ -1804,7 +1791,7 @@ constraint_manager::to_json () const /* m_bounded_ranges_constraints. */ { - auto con_arr = ::make_unique<json::array> (); + auto con_arr = std::make_unique<json::array> (); for (const auto &c : m_bounded_ranges_constraints) con_arr->append (c.to_json ()); cm_obj->set ("bounded_ranges_constraints", std::move (con_arr)); @@ -2578,12 +2565,12 @@ constraint_manager::get_ec_bounds (equiv_class_id ec_id) const case CONSTRAINT_LT: /* We have "EC_ID < OTHER_CST". */ - result.add_bound (bound (other_cst, false), BK_UPPER); + result.add_bound (bound (other_cst, false), bound_kind::upper); break; case CONSTRAINT_LE: /* We have "EC_ID <= OTHER_CST". */ - result.add_bound (bound (other_cst, true), BK_UPPER); + result.add_bound (bound (other_cst, true), bound_kind::upper); break; } } @@ -2600,13 +2587,13 @@ constraint_manager::get_ec_bounds (equiv_class_id ec_id) const case CONSTRAINT_LT: /* We have "OTHER_CST < EC_ID" i.e. "EC_ID > OTHER_CST". */ - result.add_bound (bound (other_cst, false), BK_LOWER); + result.add_bound (bound (other_cst, false), bound_kind::lower); break; case CONSTRAINT_LE: /* We have "OTHER_CST <= EC_ID" i.e. "EC_ID >= OTHER_CST". */ - result.add_bound (bound (other_cst, true), BK_LOWER); + result.add_bound (bound (other_cst, true), bound_kind::lower); break; } } diff --git a/gcc/analyzer/constraint-manager.h b/gcc/analyzer/constraint-manager.h index c22b99e..a26b48d 100644 --- a/gcc/analyzer/constraint-manager.h +++ b/gcc/analyzer/constraint-manager.h @@ -25,10 +25,10 @@ namespace ana { class constraint_manager; -enum bound_kind +enum class bound_kind { - BK_LOWER, - BK_UPPER + lower, + upper }; /* One of the end-points of a range. */ diff --git a/gcc/analyzer/diagnostic-manager.cc b/gcc/analyzer/diagnostic-manager.cc index 4bf1dce..7575b16 100644 --- a/gcc/analyzer/diagnostic-manager.cc +++ b/gcc/analyzer/diagnostic-manager.cc @@ -18,22 +18,19 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "tree.h" -#include "input.h" -#include "diagnostic-core.h" -#include "pretty-print.h" -#include "gcc-rich-location.h" +#include "analyzer/common.h" + +#include "cfg.h" +#include "basic-block.h" +#include "gimple.h" #include "gimple-pretty-print.h" -#include "function.h" -#include "diagnostic-event-id.h" -#include "diagnostic-path.h" -#include "bitmap.h" -#include "ordered-hash-map.h" -#include "analyzer/analyzer.h" +#include "gimple-iterator.h" +#include "inlining-iterator.h" +#include "cgraph.h" +#include "digraph.h" +#include "gcc-rich-location.h" +#include "diagnostic-format-sarif.h" + #include "analyzer/analyzer-logging.h" #include "analyzer/sm.h" #include "analyzer/pending-diagnostic.h" @@ -43,13 +40,6 @@ along with GCC; see the file COPYING3. If not see #include "analyzer/store.h" #include "analyzer/region-model.h" #include "analyzer/constraint-manager.h" -#include "cfg.h" -#include "basic-block.h" -#include "gimple.h" -#include "gimple-iterator.h" -#include "inlining-iterator.h" -#include "cgraph.h" -#include "digraph.h" #include "analyzer/supergraph.h" #include "analyzer/program-state.h" #include "analyzer/exploded-graph.h" @@ -57,8 +47,6 @@ along with GCC; see the file COPYING3. If not see #include "analyzer/feasible-graph.h" #include "analyzer/checker-path.h" #include "analyzer/reachability.h" -#include "make-unique.h" -#include "diagnostic-format-sarif.h" #if ENABLE_ANALYZER @@ -203,7 +191,7 @@ epath_finder::get_best_epath (const exploded_node *enode, logger->log ("trying to find shortest path ignoring feasibility"); gcc_assert (m_sep); std::unique_ptr<exploded_path> epath - = make_unique<exploded_path> (m_sep->get_shortest_path (enode)); + = std::make_unique<exploded_path> (m_sep->get_shortest_path (enode)); if (epath->feasible_p (logger, out_problem, m_eg.get_engine (), &m_eg)) { if (logger) @@ -742,7 +730,7 @@ saved_diagnostic::add_event (std::unique_ptr<checker_event> event) std::unique_ptr<json::object> saved_diagnostic::to_json () const { - auto sd_obj = ::make_unique<json::object> (); + auto sd_obj = std::make_unique<json::object> (); if (m_sm) sd_obj->set_string ("sm", m_sm->get_name ()); @@ -1048,10 +1036,10 @@ saved_diagnostic::maybe_add_sarif_properties (sarif_object &result_obj) const props.set_integer (PROPERTY_PREFIX "idx", m_idx); if (m_duplicates.length () > 0) { - auto duplicates_arr = ::make_unique<json::array> (); + auto duplicates_arr = std::make_unique<json::array> (); for (auto iter : m_duplicates) { - auto sd_obj = ::make_unique<sarif_object> (); + auto sd_obj = std::make_unique<sarif_object> (); iter->maybe_add_sarif_properties (*sd_obj); duplicates_arr->append (std::move (sd_obj)); } @@ -1242,10 +1230,10 @@ diagnostic_manager::add_event (std::unique_ptr<checker_event> event) std::unique_ptr<json::object> diagnostic_manager::to_json () const { - auto dm_obj = ::make_unique<json::object> (); + auto dm_obj = std::make_unique<json::object> (); { - auto sd_arr = ::make_unique<json::array> (); + auto sd_arr = std::make_unique<json::array> (); int i; saved_diagnostic *sd; FOR_EACH_VEC_ELT (m_saved_diagnostics, i, sd) @@ -1816,16 +1804,16 @@ public: int stack_depth = src_stack_depth; m_emission_path->add_event - (make_unique<state_change_event> (supernode, - stmt, - stack_depth, - sm, - nullptr, - src_sm_val, - dst_sm_val, - nullptr, - dst_state, - src_node)); + (std::make_unique<state_change_event> (supernode, + stmt, + stack_depth, + sm, + nullptr, + src_sm_val, + dst_sm_val, + nullptr, + dst_state, + src_node)); return false; } @@ -1861,16 +1849,16 @@ public: return false; m_emission_path->add_event - (make_unique<state_change_event> (supernode, - stmt, - stack_depth, - sm, - sval, - src_sm_val, - dst_sm_val, - dst_origin_sval, - dst_state, - src_node)); + (std::make_unique<state_change_event> (supernode, + stmt, + stack_depth, + sm, + sval, + src_sm_val, + dst_sm_val, + dst_origin_sval, + dst_state, + src_node)); return false; } @@ -1963,7 +1951,7 @@ struct null_assignment_sm_context : public sm_context { } - tree get_fndecl_for_call (const gcall */*call*/) final override + tree get_fndecl_for_call (const gcall &/*call*/) final override { return NULL_TREE; } @@ -2007,15 +1995,15 @@ struct null_assignment_sm_context : public sm_context int stack_depth = m_point->get_stack_depth (); m_emission_path->add_event - (make_unique<state_change_event> (supernode, - m_stmt, - stack_depth, - m_sm, - var_new_sval, - from, to, - nullptr, - *m_new_state, - nullptr)); + (std::make_unique<state_change_event> (supernode, + m_stmt, + stack_depth, + m_sm, + var_new_sval, + from, to, + nullptr, + *m_new_state, + nullptr)); } void set_next_state (const gimple *stmt, @@ -2033,15 +2021,15 @@ struct null_assignment_sm_context : public sm_context int stack_depth = m_point->get_stack_depth (); m_emission_path->add_event - (make_unique<state_change_event> (supernode, - m_stmt, - stack_depth, - m_sm, - sval, - from, to, - nullptr, - *m_new_state, - nullptr)); + (std::make_unique<state_change_event> (supernode, + m_stmt, + stack_depth, + m_sm, + sval, + from, to, + nullptr, + *m_new_state, + nullptr)); } void warn (const supernode *, const gimple *, @@ -2220,18 +2208,19 @@ diagnostic_manager::add_events_for_eedge (const path_builder &pb, { const gimple *stmt = dst_point.get_stmt (); const gcall *call = dyn_cast <const gcall *> (stmt); - if (call && is_setjmp_call_p (call)) + if (call && is_setjmp_call_p (*call)) emission_path->add_event - (make_unique<setjmp_event> (event_loc_info (stmt->location, - dst_point.get_fndecl (), - dst_stack_depth), - dst_node, - call)); + (std::make_unique<setjmp_event> + (event_loc_info (stmt->location, + dst_point.get_fndecl (), + dst_stack_depth), + dst_node, + *call)); else emission_path->add_event - (make_unique<statement_event> (stmt, - dst_point.get_fndecl (), - dst_stack_depth, dst_state)); + (std::make_unique<statement_event> (stmt, + dst_point.get_fndecl (), + dst_stack_depth, dst_state)); /* Create state change events for assignment to NULL. Iterate through the stmts in dst_enode, adding state change @@ -2324,11 +2313,11 @@ diagnostic_manager::add_events_for_eedge (const path_builder &pb, " at this edge: "); pb.get_feasibility_problem ()->dump_to_pp (&pp); emission_path->add_event - (make_unique<precanned_custom_event> - (event_loc_info (dst_point.get_location (), - dst_point.get_fndecl (), - dst_stack_depth), - pp_formatted_text (&pp))); + (std::make_unique<precanned_custom_event> + (event_loc_info (dst_point.get_location (), + dst_point.get_fndecl (), + dst_stack_depth), + pp_formatted_text (&pp))); } } @@ -2438,18 +2427,48 @@ diagnostic_manager::add_events_for_superedge (const path_builder &pb, { case SUPEREDGE_CFG_EDGE: { + if (auto eh_dispatch_try_sedge + = eedge.m_sedge->dyn_cast_eh_dispatch_try_cfg_superedge ()) + { + if (eh_dispatch_try_sedge->get_eh_catch ()) + { + const region_model *model = src_node->get_state ().m_region_model; + auto curr_thrown_exception_node + = model->get_current_thrown_exception (); + gcc_assert (curr_thrown_exception_node); + tree type = curr_thrown_exception_node->maybe_get_type (); + emission_path->add_event + (std::make_unique<catch_cfg_edge_event> + (eedge, + event_loc_info (dst_point.get_supernode ()->get_start_location (), + dst_point.get_fndecl (), + dst_stack_depth), + type)); + return; + } + else + { + /* We have the "uncaught exception" sedge, from eh_dispatch + to a block containing resx. + Don't add any events for this, so that we can consolidate + adjacent stack unwinding events. */ + return; + } + } + emission_path->add_event - (make_unique<start_cfg_edge_event> - (eedge, - event_loc_info (last_stmt ? last_stmt->location : UNKNOWN_LOCATION, - src_point.get_fndecl (), - src_stack_depth))); + (std::make_unique<start_cfg_edge_event> + (eedge, + event_loc_info + (last_stmt ? last_stmt->location : UNKNOWN_LOCATION, + src_point.get_fndecl (), + src_stack_depth))); emission_path->add_event - (make_unique<end_cfg_edge_event> - (eedge, - event_loc_info (dst_point.get_supernode ()->get_start_location (), - dst_point.get_fndecl (), - dst_stack_depth))); + (std::make_unique<end_cfg_edge_event> + (eedge, + event_loc_info (dst_point.get_supernode ()->get_start_location (), + dst_point.get_fndecl (), + dst_stack_depth))); } break; @@ -2462,12 +2481,13 @@ diagnostic_manager::add_events_for_superedge (const path_builder &pb, /* TODO: add a subclass for this, or generate events for the summary. */ emission_path->add_event - (make_unique<debug_event> (event_loc_info (last_stmt - ? last_stmt->location - : UNKNOWN_LOCATION, - src_point.get_fndecl (), - src_stack_depth), - "call summary")); + (std::make_unique<debug_event> + (event_loc_info (last_stmt + ? last_stmt->location + : UNKNOWN_LOCATION, + src_point.get_fndecl (), + src_stack_depth), + "call summary")); } break; @@ -2476,14 +2496,13 @@ diagnostic_manager::add_events_for_superedge (const path_builder &pb, const return_superedge *return_edge = as_a <const return_superedge *> (eedge.m_sedge); - const gcall *call_stmt = return_edge->get_call_stmt (); + const gcall &call_stmt = return_edge->get_call_stmt (); emission_path->add_event - (make_unique<return_event> (eedge, - event_loc_info (call_stmt - ? call_stmt->location - : UNKNOWN_LOCATION, - dst_point.get_fndecl (), - dst_stack_depth))); + (std::make_unique<return_event> + (eedge, + event_loc_info (call_stmt.location, + dst_point.get_fndecl (), + dst_stack_depth))); } break; } @@ -2512,6 +2531,7 @@ diagnostic_manager::prune_path (checker_path *path, if (! flag_analyzer_show_events_in_system_headers) prune_system_headers (path); consolidate_conditions (path); + consolidate_unwind_events (path); finish_pruning (path); path->maybe_log (get_logger (), "pruned"); } @@ -2586,7 +2606,7 @@ diagnostic_manager::prune_for_sm_diagnostic (checker_path *path, default: gcc_unreachable (); - case EK_DEBUG: + case event_kind::debug: if (m_verbosity < 4) { log ("filtering event %i: debug event", idx); @@ -2594,11 +2614,11 @@ diagnostic_manager::prune_for_sm_diagnostic (checker_path *path, } break; - case EK_CUSTOM: + case event_kind::custom: /* Don't filter custom events. */ break; - case EK_STMT: + case event_kind::stmt: { if (m_verbosity < 4) { @@ -2608,11 +2628,11 @@ diagnostic_manager::prune_for_sm_diagnostic (checker_path *path, } break; - case EK_REGION_CREATION: + case event_kind::region_creation: /* Don't filter these. */ break; - case EK_FUNCTION_ENTRY: + case event_kind::function_entry: if (m_verbosity < 1) { log ("filtering event %i: function entry", idx); @@ -2620,7 +2640,7 @@ diagnostic_manager::prune_for_sm_diagnostic (checker_path *path, } break; - case EK_STATE_CHANGE: + case event_kind::state_change: { state_change_event *state_change = (state_change_event *)base_event; gcc_assert (state_change->m_dst_state.m_region_model); @@ -2674,7 +2694,7 @@ diagnostic_manager::prune_for_sm_diagnostic (checker_path *path, } break; - case EK_START_CFG_EDGE: + case event_kind::start_cfg_edge: { cfg_edge_event *event = (cfg_edge_event *)base_event; @@ -2687,20 +2707,26 @@ diagnostic_manager::prune_for_sm_diagnostic (checker_path *path, { log ("filtering events %i and %i: CFG edge", idx, idx + 1); path->delete_event (idx); - /* Also delete the corresponding EK_END_CFG_EDGE. */ + /* Also delete the corresponding event_kind::end_cfg_edge. */ gcc_assert (path->get_checker_event (idx)->m_kind - == EK_END_CFG_EDGE); + == event_kind::end_cfg_edge); path->delete_event (idx); } } break; - case EK_END_CFG_EDGE: - /* These come in pairs with EK_START_CFG_EDGE events and are + case event_kind::end_cfg_edge: + /* These come in pairs with event_kind::start_cfg_edge events and are filtered when their start event is filtered. */ break; - case EK_CALL_EDGE: + case event_kind::catch_: + case event_kind::throw_: + case event_kind::unwind: + /* Don't filter these. */ + break; + + case event_kind::call_edge: { call_event *event = (call_event *)base_event; const region_model *callee_model @@ -2741,7 +2767,7 @@ diagnostic_manager::prune_for_sm_diagnostic (checker_path *path, } break; - case EK_RETURN_EDGE: + case event_kind::return_edge: { if (sval) { @@ -2785,19 +2811,19 @@ diagnostic_manager::prune_for_sm_diagnostic (checker_path *path, } break; - case EK_INLINED_CALL: + case event_kind::inlined_call: /* We don't expect to see these yet, as they're added later. We'd want to keep them around. */ break; - case EK_SETJMP: + case event_kind::setjmp_: /* TODO: only show setjmp_events that matter i.e. those for which there is a later rewind event using them. */ - case EK_REWIND_FROM_LONGJMP: - case EK_REWIND_TO_SETJMP: + case event_kind::rewind_from_longjmp: + case event_kind::rewind_to_setjmp: break; - case EK_WARNING: + case event_kind::warning: /* Always show the final "warning" event in the path. */ break; } @@ -3073,7 +3099,7 @@ diagnostic_manager::consolidate_conditions (checker_path *path) const continue; /* Are we looking for a run of all TRUE edges, or all FALSE edges? */ - gcc_assert (old_start_ev->m_kind == EK_START_CFG_EDGE); + gcc_assert (old_start_ev->m_kind == event_kind::start_cfg_edge); const start_cfg_edge_event *old_start_cfg_ev = (const start_cfg_edge_event *)old_start_ev; const cfg_superedge& first_cfg_sedge @@ -3096,7 +3122,7 @@ diagnostic_manager::consolidate_conditions (checker_path *path) const { const checker_event *iter_ev = path->get_checker_event (next_idx); - gcc_assert (iter_ev->m_kind == EK_START_CFG_EDGE); + gcc_assert (iter_ev->m_kind == event_kind::start_cfg_edge); const start_cfg_edge_event *iter_cfg_ev = (const start_cfg_edge_event *)iter_ev; const cfg_superedge& iter_cfg_sedge @@ -3140,6 +3166,48 @@ diagnostic_manager::consolidate_conditions (checker_path *path) const } } +/* Consolidate runs of consecutive unwind_event. */ + +void +diagnostic_manager::consolidate_unwind_events (checker_path *path) const +{ + /* Don't simplify edges if we're debugging them. */ + if (flag_analyzer_verbose_edges) + return; + + for (int start_idx = 0; + start_idx < (signed)path->num_events () - 1; + start_idx++) + { + /* Find a run of consecutive unwind_event instances. */ + if (path->get_checker_event (start_idx)->m_kind != event_kind::unwind) + continue; + int iter_idx = start_idx + 1; + while (iter_idx < (int)path->num_events ()) + if (path->get_checker_event (iter_idx)->m_kind == event_kind::unwind) + ++iter_idx; + else + break; + + /* iter_idx should now be one after the last unwind_event in the run. */ + const int last_idx = iter_idx - 1; + if (last_idx == start_idx) + continue; + + gcc_assert (last_idx > start_idx); + + log ("consolidating unwind events %i-%i into %i", + start_idx, last_idx, start_idx); + + unwind_event *first_event + = (unwind_event *)path->get_checker_event (start_idx); + const unwind_event *last_event + = (const unwind_event *)path->get_checker_event (last_idx); + first_event->m_num_frames += last_event->m_num_frames; + path->delete_events (start_idx + 1, last_idx - start_idx); + } +} + /* Final pass of diagnostic_manager::prune_path. If all we're left with is in one function, then filter function entry @@ -3154,7 +3222,7 @@ diagnostic_manager::finish_pruning (checker_path *path) const while (idx >= 0 && idx < (signed)path->num_events ()) { checker_event *base_event = path->get_checker_event (idx); - if (base_event->m_kind == EK_FUNCTION_ENTRY) + if (base_event->m_kind == event_kind::function_entry) { log ("filtering event %i:" " function entry for purely intraprocedural path", idx); diff --git a/gcc/analyzer/diagnostic-manager.h b/gcc/analyzer/diagnostic-manager.h index 06a8233..b62fc7a 100644 --- a/gcc/analyzer/diagnostic-manager.h +++ b/gcc/analyzer/diagnostic-manager.h @@ -229,6 +229,7 @@ private: void prune_interproc_events (checker_path *path) const; void prune_system_headers (checker_path *path) const; void consolidate_conditions (checker_path *path) const; + void consolidate_unwind_events (checker_path *path) const; void finish_pruning (checker_path *path) const; engine *m_eng; diff --git a/gcc/analyzer/engine.cc b/gcc/analyzer/engine.cc index 71d7ed7..c3e4800 100644 --- a/gcc/analyzer/engine.cc +++ b/gcc/analyzer/engine.cc @@ -18,23 +18,27 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "make-unique.h" -#include "tree.h" -#include "fold-const.h" +#include "analyzer/common.h" + +#include <zlib.h> + +#include "cfg.h" +#include "basic-block.h" #include "gcc-rich-location.h" -#include "diagnostic-core.h" -#include "diagnostic-event-id.h" -#include "diagnostic-path.h" -#include "function.h" -#include "pretty-print.h" -#include "sbitmap.h" -#include "bitmap.h" -#include "ordered-hash-map.h" -#include "analyzer/analyzer.h" +#include "gimple.h" +#include "gimple-iterator.h" +#include "gimple-pretty-print.h" +#include "cgraph.h" +#include "fold-const.h" +#include "digraph.h" +#include "plugin.h" +#include "target.h" +#include "stringpool.h" +#include "attribs.h" +#include "tree-dfa.h" + +#include "text-art/dump.h" + #include "analyzer/analyzer-logging.h" #include "analyzer/call-string.h" #include "analyzer/program-point.h" @@ -44,13 +48,6 @@ along with GCC; see the file COPYING3. If not see #include "analyzer/sm.h" #include "analyzer/pending-diagnostic.h" #include "analyzer/diagnostic-manager.h" -#include "cfg.h" -#include "basic-block.h" -#include "gimple.h" -#include "gimple-iterator.h" -#include "gimple-pretty-print.h" -#include "cgraph.h" -#include "digraph.h" #include "analyzer/supergraph.h" #include "analyzer/program-state.h" #include "analyzer/exploded-graph.h" @@ -59,16 +56,8 @@ along with GCC; see the file COPYING3. If not see #include "analyzer/state-purge.h" #include "analyzer/bar-chart.h" #include "analyzer/call-info.h" -#include <zlib.h> -#include "plugin.h" -#include "target.h" -#include <memory> -#include "stringpool.h" -#include "attribs.h" -#include "tree-dfa.h" #include "analyzer/known-function-manager.h" #include "analyzer/call-summary.h" -#include "text-art/dump.h" /* For an overview, see gcc/doc/analyzer.texi. */ @@ -322,11 +311,11 @@ public: logger *get_logger () const { return m_logger.get_logger (); } - tree get_fndecl_for_call (const gcall *call) final override + tree get_fndecl_for_call (const gcall &call) final override { impl_region_model_context old_ctxt (m_eg, m_enode_for_diag, NULL, NULL, NULL/*m_enode->get_state ()*/, - NULL, call); + NULL, &call); region_model *model = m_new_state->m_region_model; return model->get_fndecl_for_call (call, &old_ctxt); } @@ -583,17 +572,17 @@ get_state_map_by_name (const char *name, { const sm_state_map *old_smap = m_old_state->m_checker_states[sm_idx]; *out_sm_context - = make_unique<impl_sm_context> (*m_eg, - sm_idx, - *sm, - m_enode_for_diag, - m_old_state, - m_new_state, - old_smap, - new_smap, - m_path_ctxt, - m_stmt_finder, - false); + = std::make_unique<impl_sm_context> (*m_eg, + sm_idx, + *sm, + m_enode_for_diag, + m_old_state, + m_new_state, + old_smap, + new_smap, + m_path_ctxt, + m_stmt_finder, + false); } return true; } @@ -609,7 +598,7 @@ public: std::unique_ptr<stmt_finder> clone () const final override { - return make_unique<leak_stmt_finder> (m_eg, m_var); + return std::make_unique<leak_stmt_finder> (m_eg, m_var); } const gimple *find_stmt (const exploded_path &epath) @@ -1207,10 +1196,10 @@ exploded_node::status_to_str (enum status s) switch (s) { default: gcc_unreachable (); - case STATUS_WORKLIST: return "WORKLIST"; - case STATUS_PROCESSED: return "PROCESSED"; - case STATUS_MERGER: return "MERGER"; - case STATUS_BULK_MERGED: return "BULK_MERGED"; + case status::worklist: return "worklist"; + case status::processed: return "processed"; + case status::merger: return "merger"; + case status::bulk_merged: return "bulk_merged"; } } @@ -1218,7 +1207,7 @@ exploded_node::status_to_str (enum status s) exploded_node::exploded_node (const point_and_state &ps, int index) -: m_ps (ps), m_status (STATUS_WORKLIST), m_index (index), +: m_ps (ps), m_status (status::worklist), m_index (index), m_num_processed_stmts (0) { gcc_checking_assert (ps.get_state ().m_region_model->canonicalized_p ()); @@ -1296,9 +1285,9 @@ exploded_node::dump_dot (graphviz_out *gv, const dump_args_t &args) const pp_write_text_to_stream (pp); pp_printf (pp, "EN: %i", m_index); - if (m_status == STATUS_MERGER) + if (m_status == status::merger) pp_string (pp, " (merger)"); - else if (m_status == STATUS_BULK_MERGED) + else if (m_status == status::bulk_merged) pp_string (pp, " (bulk merged)"); pp_newline (pp); @@ -1440,7 +1429,7 @@ exploded_node::dump (const extrinsic_state &ext_state) const std::unique_ptr<json::object> exploded_node::to_json (const extrinsic_state &ext_state) const { - auto enode_obj = ::make_unique<json::object> (); + auto enode_obj = std::make_unique<json::object> (); enode_obj->set ("point", get_point ().to_json ()); enode_obj->set ("state", get_state ().to_json (ext_state)); @@ -1522,7 +1511,7 @@ exploded_node::on_stmt (exploded_graph &eg, gcc_assert (called_fn); return replay_call_summaries (eg, snode, - as_a <const gcall *> (stmt), + *as_a <const gcall *> (stmt), state, path_ctxt, *called_fn, @@ -1579,8 +1568,9 @@ exploded_node::on_stmt_pre (exploded_graph &eg, region_model_context *ctxt) { /* Handle special-case calls that require the full program_state. */ - if (const gcall *call = dyn_cast <const gcall *> (stmt)) + if (const gcall *call_stmt = dyn_cast <const gcall *> (stmt)) { + const gcall &call = *call_stmt; if (is_special_named_call_p (call, "__analyzer_dump", 0)) { /* Handle the builtin "__analyzer_dump" by dumping state @@ -1609,6 +1599,24 @@ exploded_node::on_stmt_pre (exploded_graph &eg, ctxt->maybe_did_work (); return; } + else if (is_cxa_throw_p (call)) + { + on_throw (eg, call, state, false, ctxt); + *out_terminate_path = true; + return; + } + else if (is_cxa_rethrow_p (call)) + { + on_throw (eg, call, state, true, ctxt); + *out_terminate_path = true; + return; + } + } + else if (const gresx *resx = dyn_cast <const gresx *> (stmt)) + { + on_resx (eg, *resx, state, ctxt); + *out_terminate_path = true; + return; } /* Otherwise, defer to m_region_model. */ @@ -1626,7 +1634,7 @@ exploded_node::on_stmt_post (const gimple *stmt, region_model_context *ctxt) { if (const gcall *call = dyn_cast <const gcall *> (stmt)) - state->m_region_model->on_call_post (call, unknown_side_effects, ctxt); + state->m_region_model->on_call_post (*call, unknown_side_effects, ctxt); } /* A concrete call_info subclass representing a replay of a call summary. */ @@ -1636,7 +1644,7 @@ class call_summary_edge_info : public call_info public: call_summary_edge_info (const call_details &cd, const function &called_fn, - call_summary *summary, + call_summary &summary, const extrinsic_state &ext_state) : call_info (cd, called_fn), m_called_fn (called_fn), @@ -1651,7 +1659,7 @@ public: /* Update STATE based on summary_end_state. */ call_details cd (get_call_details (state->m_region_model, ctxt)); call_summary_replay r (cd, m_called_fn, m_summary, m_ext_state); - const program_state &summary_end_state = m_summary->get_state (); + const program_state &summary_end_state = m_summary.get_state (); return state->replay_call_summary (r, summary_end_state); } @@ -1662,19 +1670,19 @@ public: /* Update STATE based on summary_end_state. */ call_details cd (get_call_details (model, ctxt)); call_summary_replay r (cd, m_called_fn, m_summary, m_ext_state); - const program_state &summary_end_state = m_summary->get_state (); + const program_state &summary_end_state = m_summary.get_state (); model->replay_call_summary (r, *summary_end_state.m_region_model); return true; } void print_desc (pretty_printer &pp) const final override { - pp_string (&pp, m_summary->get_desc ().get ()); + pp_string (&pp, m_summary.get_desc ().get ()); } private: const function &m_called_fn; - call_summary *m_summary; + call_summary &m_summary; const extrinsic_state &m_ext_state; }; @@ -1684,7 +1692,7 @@ private: exploded_node::on_stmt_flags exploded_node::replay_call_summaries (exploded_graph &eg, const supernode *snode, - const gcall *call_stmt, + const gcall &call_stmt, program_state *state, path_context *path_ctxt, const function &called_fn, @@ -1696,8 +1704,11 @@ exploded_node::replay_call_summaries (exploded_graph &eg, /* Each summary will call bifurcate on the PATH_CTXT. */ for (auto summary : called_fn_data.m_summaries) - replay_call_summary (eg, snode, call_stmt, state, - path_ctxt, called_fn, summary, ctxt); + { + gcc_assert (summary); + replay_call_summary (eg, snode, call_stmt, state, + path_ctxt, called_fn, *summary, ctxt); + } path_ctxt->terminate_path (); return on_stmt_flags (); @@ -1710,27 +1721,25 @@ exploded_node::replay_call_summaries (exploded_graph &eg, void exploded_node::replay_call_summary (exploded_graph &eg, const supernode *snode, - const gcall *call_stmt, + const gcall &call_stmt, program_state *old_state, path_context *path_ctxt, const function &called_fn, - call_summary *summary, + call_summary &summary, region_model_context *ctxt) { logger *logger = eg.get_logger (); LOG_SCOPE (logger); gcc_assert (snode); - gcc_assert (call_stmt); gcc_assert (old_state); - gcc_assert (summary); if (logger) logger->log ("using %s as summary for call to %qE from %qE", - summary->get_desc ().get (), + summary.get_desc ().get (), called_fn.decl, snode->get_function ()->decl); const extrinsic_state &ext_state = eg.get_ext_state (); - const program_state &summary_end_state = summary->get_state (); + const program_state &summary_end_state = summary.get_state (); if (logger) { pretty_printer *pp = logger->get_printer (); @@ -1752,10 +1761,11 @@ exploded_node::replay_call_summary (exploded_graph &eg, call_summary_replay r (cd, called_fn, summary, ext_state); if (path_ctxt) - path_ctxt->bifurcate (make_unique<call_summary_edge_info> (cd, - called_fn, - summary, - ext_state)); + path_ctxt->bifurcate + (std::make_unique<call_summary_edge_info> (cd, + called_fn, + summary, + ext_state)); } @@ -1826,7 +1836,7 @@ valid_longjmp_stack_p (const program_point &longjmp_point, class stale_jmp_buf : public pending_diagnostic_subclass<stale_jmp_buf> { public: - stale_jmp_buf (const gcall *setjmp_call, const gcall *longjmp_call, + stale_jmp_buf (const gcall &setjmp_call, const gcall &longjmp_call, const program_point &setjmp_point) : m_setjmp_call (setjmp_call), m_longjmp_call (longjmp_call), m_setjmp_point (setjmp_point), m_stack_pop_event (NULL) @@ -1849,8 +1859,8 @@ public: bool operator== (const stale_jmp_buf &other) const { - return (m_setjmp_call == other.m_setjmp_call - && m_longjmp_call == other.m_longjmp_call); + return (&m_setjmp_call == &other.m_setjmp_call + && &m_longjmp_call == &other.m_longjmp_call); } bool @@ -1903,8 +1913,8 @@ public: private: - const gcall *m_setjmp_call; - const gcall *m_longjmp_call; + const gcall &m_setjmp_call; + const gcall &m_longjmp_call; program_point m_setjmp_point; custom_event *m_stack_pop_event; }; @@ -1917,11 +1927,11 @@ private: void exploded_node::on_longjmp (exploded_graph &eg, - const gcall *longjmp_call, + const gcall &longjmp_call, program_state *new_state, region_model_context *ctxt) { - tree buf_ptr = gimple_call_arg (longjmp_call, 0); + tree buf_ptr = gimple_call_arg (&longjmp_call, 0); gcc_assert (POINTER_TYPE_P (TREE_TYPE (buf_ptr))); region_model *new_region_model = new_state->m_region_model; @@ -1942,7 +1952,7 @@ exploded_node::on_longjmp (exploded_graph &eg, call back to the setjmp/sigsetjmp. */ rewind_info_t rewind_info (tmp_setjmp_record, longjmp_call); - const gcall *setjmp_call = rewind_info.get_setjmp_call (); + const gcall &setjmp_call = rewind_info.get_setjmp_call (); const program_point &setjmp_point = rewind_info.get_setjmp_point (); const program_point &longjmp_point = get_point (); @@ -1950,9 +1960,9 @@ exploded_node::on_longjmp (exploded_graph &eg, /* Verify that the setjmp's call_stack hasn't been popped. */ if (!valid_longjmp_stack_p (longjmp_point, setjmp_point)) { - ctxt->warn (make_unique<stale_jmp_buf> (setjmp_call, - longjmp_call, - setjmp_point)); + ctxt->warn (std::make_unique<stale_jmp_buf> (setjmp_call, + longjmp_call, + setjmp_point)); return; } @@ -1986,8 +1996,8 @@ exploded_node::on_longjmp (exploded_graph &eg, { exploded_edge *eedge = eg.add_edge (const_cast<exploded_node *> (this), next, NULL, true, - make_unique<rewind_info_t> (tmp_setjmp_record, - longjmp_call)); + std::make_unique<rewind_info_t> (tmp_setjmp_record, + longjmp_call)); /* For any diagnostics that were queued here (such as leaks) we want the checker_path to show the rewinding events after the "final event" @@ -2025,6 +2035,332 @@ exploded_node::on_longjmp (exploded_graph &eg, } } +/* Subclass of call_info for exploded edges that express + a throw or rethrow of an exception (actually a call + to __cxa_throw or __cxa_rethrow). */ + +class throw_custom_edge : public call_info +{ +public: + throw_custom_edge (const call_details &cd, + tree type, + bool is_rethrow) + : call_info (cd), + m_type (type), + m_is_rethrow (is_rethrow) + { + } + + void print (pretty_printer *pp) const final override + { + if (m_is_rethrow) + { + if (m_type) + pp_printf (pp, "rethrowing %qT", m_type); + else + pp_printf (pp, "rethrowing"); + } + else + { + if (m_type) + pp_printf (pp, "throwing %qT", m_type); + else + pp_printf (pp, "throwing"); + } + } + + void print_desc (pretty_printer &pp) const final override + { + print (&pp); + } + + bool update_model (region_model *model, + const exploded_edge *, + region_model_context *ctxt) const final override + { + if (m_is_rethrow) + { + auto eh_node = model->get_current_caught_exception (); + gcc_assert (eh_node); + model->push_thrown_exception (*eh_node); + } + else + { + call_details cd (get_call_details (model, ctxt)); + + const svalue *exception_sval = cd.get_arg_svalue (0); + const svalue *tinfo_sval = cd.get_arg_svalue (1); + const svalue *destructor_sval = cd.get_arg_svalue (2); + + /* Push a new exception_node on the model's m_exception_stack. */ + exception_node eh_node (exception_sval, tinfo_sval, destructor_sval); + model->push_thrown_exception (eh_node); + } + + return true; + } + + void add_events_to_path (checker_path *emission_path, + const exploded_edge &eedge) const final override + { + const exploded_node *dst_node = eedge.m_dest; + const program_point &dst_point = dst_node->get_point (); + const int dst_stack_depth = dst_point.get_stack_depth (); + + const gcall &call = get_call_stmt (); + + emission_path->add_event + (std::make_unique<explicit_throw_event> + (event_loc_info (call.location, + dst_point.get_fndecl (), + dst_stack_depth), + dst_node, + call, + m_type, + m_is_rethrow)); + } + +private: + tree m_type; + bool m_is_rethrow; +}; + +/* Subclass of custom_edge_info for an exploded edge that expresses + unwinding one stack frame during exception handling. */ + +class unwind_custom_edge : public custom_edge_info +{ +public: + unwind_custom_edge (location_t loc) + : m_loc (loc) + { + } + + void print (pretty_printer *pp) const final override + { + pp_printf (pp, "unwinding frame"); + } + + bool update_model (region_model *model, + const exploded_edge *, + region_model_context *ctxt) const final override + { + model->pop_frame (NULL_TREE, nullptr, ctxt, nullptr, false); + return true; + } + + void add_events_to_path (checker_path *emission_path, + const exploded_edge &eedge) const final override + { + const exploded_node *src_node = eedge.m_src; + const program_point &src_point = src_node->get_point (); + const int src_stack_depth = src_point.get_stack_depth (); + emission_path->add_event + (std::make_unique<unwind_event> (event_loc_info (m_loc, + src_point.get_fndecl (), + src_stack_depth))); + } + +private: + location_t m_loc; +}; + +/* Locate an SNODE that's a CFG edge with the EH flag, + or return nullptr. */ + +static const superedge * +get_eh_outedge (const supernode &snode) +{ + for (auto out_sedge : snode.m_succs) + if (::edge cfg_edge = out_sedge->get_any_cfg_edge ()) + if (cfg_edge->flags & EDGE_EH) + return out_sedge; + + // Not found + return nullptr; +} + +/* Given THROWN_ENODE, which expreses a throw or rethrow occurring at + THROW_STMT, unwind intraprocedurally and interprocedurally to find + the next eh_dispatch statement to handle exceptions, if any. + + Add eedges and enodes to this graph expressing the actions taken + to reach an enode containing the eh_dispatch stmt, if any. + Only the final enode is added to this graph's worklist. + + Use CTXT to warn about problems e.g. memory leaks due to stack frames + being unwound. */ + +void +exploded_graph::unwind_from_exception (exploded_node &thrown_enode, + const gimple *throw_stmt, + region_model_context *ctxt) +{ + logger * const logger = get_logger (); + LOG_FUNC_1 (logger, "thrown EN: %i", thrown_enode.m_index); + + /* Iteratively unwind the stack looking for an out-cfg-edge + flagged EH. */ + exploded_node *iter_enode = &thrown_enode; + while (iter_enode) + { + /* If we have an out-cfg-edge flagged EH, follow that, + presumably to a bb with a label and an eh_dispatch stmt. + Otherwise assume no out-cfgs-edges, and we are unwinding to the + caller. */ + if (auto sedge = get_eh_outedge (*iter_enode->get_supernode ())) + { + /* Intraprocedural case. + Assume we have an out-edge flagged with EH leading to + code for dispatch to catch handlers. */ + const program_point next_point + = program_point::before_supernode (sedge->m_dest, + sedge, + iter_enode->get_point ().get_call_string ()); + exploded_node *next_enode + = get_or_create_node (next_point, + iter_enode->get_state (), + iter_enode, + /* Add this enode to the worklist. */ + true); + if (!next_enode) + return; + + add_edge (iter_enode, next_enode, NULL, false, nullptr); + return; + } + else + { + /* Interprocedural case. + No out-cfg-edge. Unwind one stack frame. */ + program_state unwound_state (iter_enode->get_state ()); + location_t loc = throw_stmt ? throw_stmt->location : UNKNOWN_LOCATION; + auto unwind_edge_info + = std::make_unique<unwind_custom_edge> (loc); + unwind_edge_info->update_model (unwound_state.m_region_model, nullptr, + ctxt); + + /* Detect leaks in the new state relative to the old state. + Use an alternate ctxt that uses the original enode and the stmt + (if any) for the location of any diagnostics. */ + { + uncertainty_t uncertainty; + impl_region_model_context ctxt (*this, + &thrown_enode, + &iter_enode->get_state (), + &unwound_state, + &uncertainty, + nullptr, + throw_stmt); + program_state::detect_leaks (iter_enode->get_state (), + unwound_state, + NULL, + get_ext_state (), &ctxt); + } + const call_string &cs = iter_enode->get_point ().get_call_string (); + if (cs.empty_p ()) + { + /* Top-level stack frame in analysis: unwinding + to the outside world that called us. */ + return; + } + else + { + /* Nested function in analysis: unwinding to + the callsite in the analysis (or beyond). */ + program_point unwound_point + = program_point::after_supernode (cs.get_caller_node (), cs); + unwound_point.pop_from_call_stack (); + + exploded_node *after_unwind_enode + = get_or_create_node (unwound_point, + std::move (unwound_state), + iter_enode, + /* Don't add this enode to the + worklist; we will process it + on the next iteration. */ + false); + + if (!after_unwind_enode) + return; + + add_edge (iter_enode, after_unwind_enode, NULL, true, + std::move (unwind_edge_info)); + iter_enode = after_unwind_enode; + } + } + } +} + +/* Handle THROW_CALL, a call to __cxa_throw or __cxa_rethrow. + + Create an eedge and destination enode for the throw/rethrow, adding + them to this egraph. The new enode isn't added to the worklist, but + instead exploded_graph::unwind_from_exception is immediately called + on it, potentially creating more eedges and enodes leading to an + eh_handler stmt. */ + +void +exploded_node::on_throw (exploded_graph &eg, + const gcall &throw_call, + program_state *new_state, + bool is_rethrow, + region_model_context *ctxt) +{ + region_model *model = new_state->m_region_model; + call_details cd (throw_call, model, ctxt); + + /* Create an enode and eedge for the "throw". */ + tree type = NULL_TREE; + if (is_rethrow) + { + const exception_node *eh_node = model->get_current_caught_exception (); + gcc_assert (eh_node); + type = eh_node->maybe_get_type (); + } + else + { + const svalue *tinfo_sval = cd.get_arg_svalue (1); + type = tinfo_sval->maybe_get_type_from_typeinfo (); + } + auto throw_edge_info + = std::make_unique<throw_custom_edge> (cd, type, is_rethrow); + throw_edge_info->update_model (model, nullptr, ctxt); + + program_point after_throw_point = get_point ().get_next (); + + exploded_node *after_throw_enode + = eg.get_or_create_node (after_throw_point, *new_state, this, + /* Don't add to worklist; we process + this immediately below. */ + false); + + if (!after_throw_enode) + return; + + /* Create custom exploded_edge for a throw. */ + eg.add_edge (this, after_throw_enode, NULL, true, + std::move (throw_edge_info)); + + eg.unwind_from_exception (*after_throw_enode, &throw_call, ctxt); +} + +/* Handle a gimple "resx" statement by adding eedges and enode. + that unwind to the next eh_dispatch statement, if any. Only + the final enode is added to the worklist. */ + +void +exploded_node::on_resx (exploded_graph &eg, + const gresx &/*resx*/, + program_state */*new_state*/, + region_model_context *ctxt) +{ + eg.unwind_from_exception (*this, + nullptr, + ctxt); +} + + /* Subroutine of exploded_graph::process_node for finding the successors of the supernode for a function exit basic block. @@ -2131,20 +2467,16 @@ dynamic_call_info_t::add_events_to_path (checker_path *emission_path, if (m_is_returning_call) emission_path->add_event - (make_unique<return_event> (eedge, - event_loc_info (m_dynamic_call - ? m_dynamic_call->location - : UNKNOWN_LOCATION, - dest_point.get_fndecl (), - dest_stack_depth))); + (std::make_unique<return_event> (eedge, + event_loc_info (m_dynamic_call.location, + dest_point.get_fndecl (), + dest_stack_depth))); else emission_path->add_event - (make_unique<call_event> (eedge, - event_loc_info (m_dynamic_call - ? m_dynamic_call->location - : UNKNOWN_LOCATION, - src_point.get_fndecl (), - src_stack_depth))); + (std::make_unique<call_event> (eedge, + event_loc_info (m_dynamic_call.location, + src_point.get_fndecl (), + src_stack_depth))); } /* class rewind_info_t : public custom_edge_info. */ @@ -2189,19 +2521,19 @@ rewind_info_t::add_events_to_path (checker_path *emission_path, const int dst_stack_depth = dst_point.get_stack_depth (); emission_path->add_event - (make_unique<rewind_from_longjmp_event> - (&eedge, - event_loc_info (get_longjmp_call ()->location, - src_point.get_fndecl (), - src_stack_depth), - this)); + (std::make_unique<rewind_from_longjmp_event> + (&eedge, + event_loc_info (get_longjmp_call ().location, + src_point.get_fndecl (), + src_stack_depth), + this)); emission_path->add_event - (make_unique<rewind_to_setjmp_event> - (&eedge, - event_loc_info (get_setjmp_call ()->location, - dst_point.get_fndecl (), - dst_stack_depth), - this)); + (std::make_unique<rewind_to_setjmp_event> + (&eedge, + event_loc_info (get_setjmp_call ().location, + dst_point.get_fndecl (), + dst_stack_depth), + this)); } /* class exploded_edge : public dedge<eg_traits>. */ @@ -2294,7 +2626,7 @@ exploded_edge::dump_dot_label (pretty_printer *pp) const std::unique_ptr<json::object> exploded_edge::to_json () const { - auto eedge_obj = ::make_unique<json::object> (); + auto eedge_obj = std::make_unique<json::object> (); eedge_obj->set_integer ("src_idx", m_src->m_index); eedge_obj->set_integer ("dst_idx", m_dest->m_index); if (m_sedge) @@ -2420,9 +2752,9 @@ strongly_connected_components::dump () const std::unique_ptr<json::array> strongly_connected_components::to_json () const { - auto scc_arr = ::make_unique<json::array> (); + auto scc_arr = std::make_unique<json::array> (); for (int i = 0; i < m_sg.num_nodes (); i++) - scc_arr->append (::make_unique<json::integer_number> (get_scc_id (i))); + scc_arr->append (std::make_unique<json::integer_number> (get_scc_id (i))); return scc_arr; } @@ -2518,7 +2850,7 @@ worklist::peek_next () void worklist::add_node (exploded_node *enode) { - gcc_assert (enode->get_status () == exploded_node::STATUS_WORKLIST); + gcc_assert (enode->get_status () == exploded_node::status::worklist); m_queue.insert (key_t (*this, enode), enode); } @@ -2641,7 +2973,7 @@ worklist::key_t::cmp (const worklist::key_t &ka, const worklist::key_t &kb) std::unique_ptr<json::object> worklist::to_json () const { - auto worklist_obj = ::make_unique<json::object> (); + auto worklist_obj = std::make_unique<json::object> (); worklist_obj->set ("scc", m_scc.to_json ()); @@ -2791,8 +3123,8 @@ public: const exploded_edge &) const final override { emission_path->add_event - (make_unique<tainted_args_function_custom_event> - (event_loc_info (DECL_SOURCE_LOCATION (m_fndecl), m_fndecl, 0))); + (std::make_unique<tainted_args_function_custom_event> + (event_loc_info (DECL_SOURCE_LOCATION (m_fndecl), m_fndecl, 0))); } private: @@ -2833,7 +3165,7 @@ exploded_graph::add_function_entry (const function &fun) if (lookup_attribute ("tainted_args", DECL_ATTRIBUTES (fun.decl))) { if (mark_params_as_tainted (&state, fun.decl, m_ext_state)) - edge_info = make_unique<tainted_args_function_info> (fun.decl); + edge_info = std::make_unique<tainted_args_function_info> (fun.decl); } if (!state.m_valid) @@ -2851,7 +3183,8 @@ exploded_graph::add_function_entry (const function &fun) } /* Get or create an exploded_node for (POINT, STATE). - If a new node is created, it is added to the worklist. + If a new node is created and ADD_TO_WORKLIST is true, + it is added to the worklist. Use ENODE_FOR_DIAG, a pre-existing enode, for any diagnostics that need to be emitted (e.g. when purging state *before* we have @@ -2860,7 +3193,8 @@ exploded_graph::add_function_entry (const function &fun) exploded_node * exploded_graph::get_or_create_node (const program_point &point, const program_state &state, - exploded_node *enode_for_diag) + exploded_node *enode_for_diag, + bool add_to_worklist) { logger * const logger = get_logger (); LOG_FUNC (logger); @@ -3035,7 +3369,10 @@ exploded_graph::get_or_create_node (const program_point &point, } /* Add the new node to the worlist. */ - m_worklist.add_node (node); + if (add_to_worklist) + m_worklist.add_node (node); + else + node->set_status (exploded_node::status::special); return node; } @@ -3238,16 +3575,16 @@ public: /* Show the field in the struct declaration, e.g. "(1) field 'store' is marked with '__attribute__((tainted_args))'" */ emission_path->add_event - (make_unique<tainted_args_field_custom_event> (m_field)); + (std::make_unique<tainted_args_field_custom_event> (m_field)); /* Show the callback in the initializer e.g. "(2) function 'gadget_dev_desc_UDC_store' used as initializer for field 'store' marked with '__attribute__((tainted_args))'". */ emission_path->add_event - (make_unique<tainted_args_callback_custom_event> - (event_loc_info (m_loc, m_fndecl, 0), - m_field)); + (std::make_unique<tainted_args_callback_custom_event> + (event_loc_info (m_loc, m_fndecl, 0), + m_field)); } private: @@ -3304,7 +3641,7 @@ add_tainted_args_callback (exploded_graph *eg, tree field, tree fndecl, } eg->add_edge (eg->get_origin (), enode, NULL, false, - make_unique<tainted_args_call_info> (field, fndecl, loc)); + std::make_unique<tainted_args_call_info> (field, fndecl, loc)); } /* Callback for walk_tree for finding callbacks within initializers; @@ -3397,7 +3734,7 @@ exploded_graph::process_worklist () while (m_worklist.length () > 0) { exploded_node *node = m_worklist.take_next (); - gcc_assert (node->get_status () == exploded_node::STATUS_WORKLIST); + gcc_assert (node->get_status () == exploded_node::status::worklist); gcc_assert (node->m_succs.length () == 0 || node == m_origin); @@ -3417,7 +3754,7 @@ exploded_graph::process_worklist () if (exploded_node *node_2 = m_worklist.peek_next ()) { gcc_assert (node_2->get_status () - == exploded_node::STATUS_WORKLIST); + == exploded_node::status::worklist); gcc_assert (node->m_succs.length () == 0); gcc_assert (node_2->m_succs.length () == 0); @@ -3462,7 +3799,7 @@ exploded_graph::process_worklist () /* Remove node_2 from the worklist. */ m_worklist.take_next (); - node_2->set_status (exploded_node::STATUS_MERGER); + node_2->set_status (exploded_node::status::merger); /* Continue processing "node" below. */ } @@ -3472,7 +3809,7 @@ exploded_graph::process_worklist () in the worklist, to be processed on the next iteration. */ add_edge (node, node_2, NULL, false); - node->set_status (exploded_node::STATUS_MERGER); + node->set_status (exploded_node::status::merger); continue; } else @@ -3517,7 +3854,7 @@ exploded_graph::process_worklist () else { add_edge (node, merged_enode, NULL, false); - node->set_status (exploded_node::STATUS_MERGER); + node->set_status (exploded_node::status::merger); } if (merged_enode == node_2) @@ -3525,7 +3862,7 @@ exploded_graph::process_worklist () else { add_edge (node_2, merged_enode, NULL, false); - node_2->set_status (exploded_node::STATUS_MERGER); + node_2->set_status (exploded_node::status::merger); } continue; @@ -3575,7 +3912,7 @@ exploded_graph::process_worklist () If ENODE's point is of the form (before-supernode, SNODE) and the next nodes in the worklist are a consecutive run of enodes of the same form, for the same supernode as ENODE (but potentially from different in-edges), - process them all together, setting their status to STATUS_BULK_MERGED, + process them all together, setting their status to status::bulk_merged, and return true. Otherwise, return false, in which case ENODE must be processed in the normal way. @@ -3614,7 +3951,7 @@ maybe_process_run_of_before_supernode_enodes (exploded_node *enode) int m_merger_idx; }; - gcc_assert (enode->get_status () == exploded_node::STATUS_WORKLIST); + gcc_assert (enode->get_status () == exploded_node::status::worklist); gcc_assert (enode->m_succs.length () == 0); const program_point &point = enode->get_point (); @@ -3634,7 +3971,7 @@ maybe_process_run_of_before_supernode_enodes (exploded_node *enode) while (exploded_node *enode_2 = m_worklist.peek_next ()) { gcc_assert (enode_2->get_status () - == exploded_node::STATUS_WORKLIST); + == exploded_node::status::worklist); gcc_assert (enode_2->m_succs.length () == 0); const program_point &point_2 = enode_2->get_point (); @@ -3761,7 +4098,7 @@ maybe_process_run_of_before_supernode_enodes (exploded_node *enode) if (next) add_edge (it->m_input_enode, next, NULL, false); /* no "work" is done during merger. */ - it->m_input_enode->set_status (exploded_node::STATUS_BULK_MERGED); + it->m_input_enode->set_status (exploded_node::status::bulk_merged); } if (logger) @@ -3779,8 +4116,9 @@ static bool stmt_requires_new_enode_p (const gimple *stmt, const gimple *prev_stmt) { - if (const gcall *call = dyn_cast <const gcall *> (stmt)) + if (const gcall *call_stmt = dyn_cast <const gcall *> (stmt)) { + const gcall &call = *call_stmt; /* Stop consolidating at calls to "__analyzer_dump_exploded_nodes", so they always appear at the start of an exploded_node. */ @@ -3849,7 +4187,7 @@ state_change_requires_new_enode_p (const program_state &old_state, functions or calls that happen via function pointer. */ bool -exploded_graph::maybe_create_dynamic_call (const gcall *call, +exploded_graph::maybe_create_dynamic_call (const gcall &call, tree fn_decl, exploded_node *node, program_state next_state, @@ -3904,7 +4242,7 @@ exploded_graph::maybe_create_dynamic_call (const gcall *call, if (enode) add_edge (node,enode, NULL, false, /* No work is done by the call itself. */ - make_unique<dynamic_call_info_t> (call)); + std::make_unique<dynamic_call_info_t> (call)); return true; } } @@ -3992,7 +4330,7 @@ private: class jump_through_null : public pending_diagnostic_subclass<jump_through_null> { public: - jump_through_null (const gcall *call) + jump_through_null (const gcall &call) : m_call (call) {} @@ -4003,7 +4341,7 @@ public: bool operator== (const jump_through_null &other) const { - return m_call == other.m_call; + return &m_call == &other.m_call; } int get_controlling_option () const final override @@ -4024,7 +4362,7 @@ public: } private: - const gcall *m_call; + const gcall &m_call; }; /* The core of exploded_graph::process_worklist (the main analysis loop), @@ -4041,7 +4379,7 @@ exploded_graph::process_node (exploded_node *node) logger * const logger = get_logger (); LOG_FUNC_1 (logger, "EN: %i", node->m_index); - node->set_status (exploded_node::STATUS_PROCESSED); + node->set_status (exploded_node::status::processed); const program_point &point = node->get_point (); @@ -4269,12 +4607,18 @@ exploded_graph::process_node (exploded_node *node) NULL, /* no exploded_edge yet. */ &bifurcation_ctxt)) { - exploded_node *next2 - = get_or_create_node (next_point, bifurcated_new_state, node); - if (next2) - add_edge (node, next2, NULL, - true /* assume that work could be done */, - std::move (edge_info)); + if (exploded_node *next2 + = edge_info->create_enode + (*this, + next_point, + std::move (bifurcated_new_state), + node, + &bifurcation_ctxt)) + { + add_edge (node, next2, NULL, + true /* assume that work could be done */, + std::move (edge_info)); + } } else { @@ -4344,8 +4688,8 @@ exploded_graph::process_node (exploded_node *node) if (succ->m_kind == SUPEREDGE_INTRAPROCEDURAL_CALL && !(succ->get_any_callgraph_edge ())) { - const gcall *call - = point.get_supernode ()->get_final_call (); + const gcall &call + = *point.get_supernode ()->get_final_call (); impl_region_model_context ctxt (*this, node, @@ -4369,12 +4713,13 @@ exploded_graph::process_node (exploded_node *node) if (!call_discovered) { /* Check for jump through NULL. */ - if (tree fn_ptr = gimple_call_fn (call)) + if (tree fn_ptr = gimple_call_fn (&call)) { const svalue *fn_ptr_sval = model->get_rvalue (fn_ptr, &ctxt); if (fn_ptr_sval->all_zeroes_p ()) - ctxt.warn (make_unique<jump_through_null> (call)); + ctxt.warn + (std::make_unique<jump_through_null> (call)); } /* An unknown function or a special function was called @@ -4394,6 +4739,18 @@ exploded_graph::process_node (exploded_node *node) } } + /* Ignore CFG edges in the sgraph flagged with EH whilst + we're exploring the egraph. + We only use these sedges in special-case logic for + dealing with exception-handling. */ + if (auto cfg_sedge = succ->dyn_cast_cfg_superedge ()) + if (cfg_sedge->get_flags () & EDGE_EH) + { + if (logger) + logger->log ("rejecting EH edge"); + continue; + } + if (!node->on_edge (*this, succ, &next_point, &next_state, &uncertainty)) { @@ -4431,7 +4788,7 @@ exploded_graph::process_node (exploded_node *node) = next_point.get_supernode ()->get_returning_call (); if (call) - next_state.returning_call (*this, node, call, &uncertainty); + next_state.returning_call (*this, node, *call, &uncertainty); if (next_state.m_valid) { @@ -4441,7 +4798,7 @@ exploded_graph::process_node (exploded_node *node) node); if (enode) add_edge (node, enode, NULL, false, - make_unique<dynamic_call_info_t> (call, true)); + std::make_unique<dynamic_call_info_t> (*call, true)); } } } @@ -4660,11 +5017,11 @@ exploded_graph::dump_states_for_supernode (FILE *out, std::unique_ptr<json::object> exploded_graph::to_json () const { - auto egraph_obj = ::make_unique<json::object> (); + auto egraph_obj = std::make_unique<json::object> (); /* Nodes. */ { - auto nodes_arr = ::make_unique<json::array> (); + auto nodes_arr = std::make_unique<json::array> (); unsigned i; exploded_node *n; FOR_EACH_VEC_ELT (m_nodes, i, n) @@ -4674,7 +5031,7 @@ exploded_graph::to_json () const /* Edges. */ { - auto edges_arr = ::make_unique<json::array> (); + auto edges_arr = std::make_unique<json::array> (); unsigned i; exploded_edge *n; FOR_EACH_VEC_ELT (m_edges, i, n) @@ -4780,9 +5137,9 @@ exploded_path::feasible_p (logger *logger, const program_point &src_point = src_enode.get_point (); const gimple *last_stmt = src_point.get_supernode ()->get_last_stmt (); - *out = ::make_unique<feasibility_problem> (edge_idx, *eedge, - last_stmt, - std::move (rc)); + *out = std::make_unique<feasibility_problem> (edge_idx, *eedge, + last_stmt, + std::move (rc)); } return false; } @@ -4986,7 +5343,7 @@ maybe_update_for_edge (logger *logger, == PK_BEFORE_SUPERNODE); function *fun = eedge->m_dest->get_function (); gcc_assert (fun); - m_model.push_frame (*fun, NULL, ctxt); + m_model.push_frame (*fun, nullptr, nullptr, ctxt); if (logger) logger->log (" pushing frame for %qD", fun->decl); } @@ -5037,8 +5394,8 @@ feasibility_state::update_for_stmt (const gimple *stmt) m_model.on_asm_stmt (asm_stmt, NULL); else if (const gcall *call = dyn_cast <const gcall *> (stmt)) { - bool unknown_side_effects = m_model.on_call_pre (call, NULL); - m_model.on_call_post (call, unknown_side_effects, NULL); + bool unknown_side_effects = m_model.on_call_pre (*call, NULL); + m_model.on_call_post (*call, unknown_side_effects, NULL); } else if (const greturn *return_ = dyn_cast <const greturn *> (stmt)) m_model.on_return (return_, NULL); @@ -5499,7 +5856,7 @@ exploded_graph::dump_exploded_nodes () const if (const gimple *stmt = enode->get_stmt ()) if (const gcall *call = dyn_cast <const gcall *> (stmt)) - if (is_special_named_call_p (call, "__analyzer_dump_exploded_nodes", + if (is_special_named_call_p (*call, "__analyzer_dump_exploded_nodes", 1)) { if (seen.contains (stmt)) @@ -5520,13 +5877,13 @@ exploded_graph::dump_exploded_nodes () const { default: gcc_unreachable (); - case exploded_node::STATUS_WORKLIST: + case exploded_node::status::worklist: worklist_enodes.safe_push (other_enode); break; - case exploded_node::STATUS_PROCESSED: + case exploded_node::status::processed: processed_enodes.safe_push (other_enode); break; - case exploded_node::STATUS_MERGER: + case exploded_node::status::merger: merger_enodes.safe_push (other_enode); break; } @@ -6007,15 +6364,18 @@ private: { default: gcc_unreachable (); - case exploded_node::STATUS_WORKLIST: + case exploded_node::status::worklist: pp_string (pp, "(W)"); break; - case exploded_node::STATUS_PROCESSED: + case exploded_node::status::processed: + break; + case exploded_node::status::special: + pp_string (pp, "(S)"); break; - case exploded_node::STATUS_MERGER: + case exploded_node::status::merger: pp_string (pp, "(M)"); break; - case exploded_node::STATUS_BULK_MERGED: + case exploded_node::status::bulk_merged: pp_string (pp, "(BM)"); break; } @@ -6094,7 +6454,7 @@ dump_analyzer_json (const supergraph &sg, return; } - auto toplev_obj = ::make_unique<json::object> (); + auto toplev_obj = std::make_unique<json::object> (); toplev_obj->set ("sgraph", sg.to_json ()); toplev_obj->set ("egraph", eg.to_json ()); @@ -6115,8 +6475,8 @@ dump_analyzer_json (const supergraph &sg, class plugin_analyzer_init_impl : public plugin_analyzer_init_iface { public: - plugin_analyzer_init_impl (auto_delete_vec <state_machine> *checkers, - known_function_manager *known_fn_mgr, + plugin_analyzer_init_impl (std::vector<std::unique_ptr<state_machine>> &checkers, + known_function_manager &known_fn_mgr, logger *logger) : m_checkers (checkers), m_known_fn_mgr (known_fn_mgr), @@ -6126,14 +6486,14 @@ public: void register_state_machine (std::unique_ptr<state_machine> sm) final override { LOG_SCOPE (m_logger); - m_checkers->safe_push (sm.release ()); + m_checkers.push_back (std::move (sm)); } void register_known_function (const char *name, std::unique_ptr<known_function> kf) final override { LOG_SCOPE (m_logger); - m_known_fn_mgr->add (name, std::move (kf)); + m_known_fn_mgr.add (name, std::move (kf)); } logger *get_logger () const final override @@ -6142,8 +6502,8 @@ public: } private: - auto_delete_vec <state_machine> *m_checkers; - known_function_manager *m_known_fn_mgr; + std::vector<std::unique_ptr<state_machine>> &m_checkers; + known_function_manager &m_known_fn_mgr; logger *m_logger; }; @@ -6197,27 +6557,25 @@ impl_run_checkers (logger *logger) free (filename); } - auto_delete_vec <state_machine> checkers; - make_checkers (checkers, logger); + auto checkers = make_checkers (logger); register_known_functions (*eng.get_known_function_manager (), *eng.get_model_manager ()); - plugin_analyzer_init_impl data (&checkers, - eng.get_known_function_manager (), + plugin_analyzer_init_impl data (checkers, + *eng.get_known_function_manager (), logger); invoke_plugin_callbacks (PLUGIN_ANALYZER_INIT, &data); if (logger) { - int i; - state_machine *sm; - FOR_EACH_VEC_ELT (checkers, i, sm) - logger->log ("checkers[%i]: %s", i, sm->get_name ()); + int i = 0; + for (auto &sm : checkers) + logger->log ("checkers[%i]: %s", ++i, sm->get_name ()); } /* Extrinsic state shared by nodes in the graph. */ - const extrinsic_state ext_state (checkers, &eng, logger); + const extrinsic_state ext_state (std::move (checkers), &eng, logger); const analysis_plan plan (sg, logger); diff --git a/gcc/analyzer/exploded-graph.h b/gcc/analyzer/exploded-graph.h index 6148ed7..23e344d 100644 --- a/gcc/analyzer/exploded-graph.h +++ b/gcc/analyzer/exploded-graph.h @@ -206,20 +206,24 @@ class exploded_node : public dnode<eg_traits> This allows us to distinguish enodes that were merged during worklist-handling, and thus never had process_node called on them (in favor of processing the merged node). */ - enum status + enum class status { /* Node is in the worklist. */ - STATUS_WORKLIST, + worklist, /* Node has had exploded_graph::process_node called on it. */ - STATUS_PROCESSED, + processed, + + /* Node was excluded from worklist on creation. + e.g. for handling exception-unwinding. */ + special, /* Node was left unprocessed due to merger; it won't have had exploded_graph::process_node called on it. */ - STATUS_MERGER, + merger, /* Node was processed by maybe_process_run_of_before_supernode_enodes. */ - STATUS_BULK_MERGED + bulk_merged }; static const char * status_to_str (enum status s); @@ -282,7 +286,7 @@ class exploded_node : public dnode<eg_traits> on_stmt_flags replay_call_summaries (exploded_graph &eg, const supernode *snode, - const gcall *call_stmt, + const gcall &call_stmt, program_state *state, path_context *path_ctxt, const function &called_fn, @@ -290,11 +294,11 @@ class exploded_node : public dnode<eg_traits> region_model_context *ctxt); void replay_call_summary (exploded_graph &eg, const supernode *snode, - const gcall *call_stmt, + const gcall &call_stmt, program_state *state, path_context *path_ctxt, const function &called_fn, - call_summary *summary, + call_summary &summary, region_model_context *ctxt); bool on_edge (exploded_graph &eg, @@ -303,9 +307,18 @@ class exploded_node : public dnode<eg_traits> program_state *next_state, uncertainty_t *uncertainty); void on_longjmp (exploded_graph &eg, - const gcall *call, + const gcall &call, program_state *new_state, region_model_context *ctxt); + void on_throw (exploded_graph &eg, + const gcall &call, + program_state *new_state, + bool is_rethrow, + region_model_context *ctxt); + void on_resx (exploded_graph &eg, + const gresx &resx, + program_state *new_state, + region_model_context *ctxt); void detect_leaks (exploded_graph &eg); @@ -333,10 +346,10 @@ class exploded_node : public dnode<eg_traits> void dump_succs_and_preds (FILE *outf) const; enum status get_status () const { return m_status; } - void set_status (enum status status) + void set_status (enum status s) { - gcc_assert (m_status == STATUS_WORKLIST); - m_status = status; + gcc_assert (m_status == status::worklist); + m_status = s; } void add_diagnostic (const saved_diagnostic *sd) @@ -424,7 +437,7 @@ private: class dynamic_call_info_t : public custom_edge_info { public: - dynamic_call_info_t (const gcall *dynamic_call, + dynamic_call_info_t (const gcall &dynamic_call, const bool is_returning_call = false) : m_dynamic_call (dynamic_call), m_is_returning_call (is_returning_call) @@ -445,7 +458,7 @@ public: void add_events_to_path (checker_path *emission_path, const exploded_edge &eedge) const final override; private: - const gcall *m_dynamic_call; + const gcall &m_dynamic_call; const bool m_is_returning_call; }; @@ -457,7 +470,7 @@ class rewind_info_t : public custom_edge_info { public: rewind_info_t (const setjmp_record &setjmp_record, - const gcall *longjmp_call) + const gcall &longjmp_call) : m_setjmp_record (setjmp_record), m_longjmp_call (longjmp_call) {} @@ -486,12 +499,12 @@ public: return origin_point; } - const gcall *get_setjmp_call () const + const gcall &get_setjmp_call () const { - return m_setjmp_record.m_setjmp_call; + return *m_setjmp_record.m_setjmp_call; } - const gcall *get_longjmp_call () const + const gcall &get_longjmp_call () const { return m_longjmp_call; } @@ -503,7 +516,7 @@ public: private: setjmp_record m_setjmp_record; - const gcall *m_longjmp_call; + const gcall &m_longjmp_call; }; /* Statistics about aspects of an exploded_graph. */ @@ -817,7 +830,7 @@ public: bool maybe_process_run_of_before_supernode_enodes (exploded_node *node); void process_node (exploded_node *node); - bool maybe_create_dynamic_call (const gcall *call, + bool maybe_create_dynamic_call (const gcall &call, tree fn_decl, exploded_node *node, program_state next_state, @@ -827,7 +840,8 @@ public: exploded_node *get_or_create_node (const program_point &point, const program_state &state, - exploded_node *enode_for_diag); + exploded_node *enode_for_diag, + bool add_to_worklist = true); exploded_edge *add_edge (exploded_node *src, exploded_node *dest, const superedge *sedge, bool could_do_work, std::unique_ptr<custom_edge_info> custom = NULL); @@ -881,6 +895,10 @@ public: void on_escaped_function (tree fndecl); + void unwind_from_exception (exploded_node &enode, + const gimple *stmt, + region_model_context *ctxt); + /* In infinite-loop.cc */ void detect_infinite_loops (); diff --git a/gcc/analyzer/feasible-graph.cc b/gcc/analyzer/feasible-graph.cc index f8d28ac..25a97e7 100644 --- a/gcc/analyzer/feasible-graph.cc +++ b/gcc/analyzer/feasible-graph.cc @@ -18,21 +18,13 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "tree.h" -#include "pretty-print.h" -#include "gcc-rich-location.h" -#include "gimple-pretty-print.h" -#include "function.h" -#include "diagnostic-core.h" -#include "diagnostic-event-id.h" -#include "diagnostic-path.h" -#include "bitmap.h" -#include "ordered-hash-map.h" -#include "analyzer/analyzer.h" +#include "analyzer/common.h" + +#include "cfg.h" +#include "gimple-iterator.h" +#include "cgraph.h" +#include "digraph.h" + #include "analyzer/analyzer-logging.h" #include "analyzer/sm.h" #include "analyzer/pending-diagnostic.h" @@ -42,12 +34,6 @@ along with GCC; see the file COPYING3. If not see #include "analyzer/store.h" #include "analyzer/region-model.h" #include "analyzer/constraint-manager.h" -#include "cfg.h" -#include "basic-block.h" -#include "gimple.h" -#include "gimple-iterator.h" -#include "cgraph.h" -#include "digraph.h" #include "analyzer/supergraph.h" #include "analyzer/program-state.h" #include "analyzer/exploded-graph.h" diff --git a/gcc/analyzer/infinite-loop.cc b/gcc/analyzer/infinite-loop.cc index d6f05d8..ec0b079 100644 --- a/gcc/analyzer/infinite-loop.cc +++ b/gcc/analyzer/infinite-loop.cc @@ -18,28 +18,15 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "tree.h" -#include "fold-const.h" -#include "gcc-rich-location.h" -#include "alloc-pool.h" -#include "fibonacci_heap.h" -#include "shortest-paths.h" -#include "diagnostic-core.h" -#include "diagnostic-event-id.h" -#include "diagnostic-path.h" -#include "function.h" -#include "pretty-print.h" -#include "sbitmap.h" -#include "bitmap.h" -#include "tristate.h" -#include "ordered-hash-map.h" -#include "selftest.h" -#include "json.h" -#include "analyzer/analyzer.h" +#include "analyzer/common.h" + +#include "cfg.h" +#include "gimple-iterator.h" +#include "gimple-pretty-print.h" +#include "cgraph.h" +#include "digraph.h" +#include "diagnostic-format-sarif.h" + #include "analyzer/analyzer-logging.h" #include "analyzer/call-string.h" #include "analyzer/program-point.h" @@ -49,20 +36,11 @@ along with GCC; see the file COPYING3. If not see #include "analyzer/sm.h" #include "analyzer/pending-diagnostic.h" #include "analyzer/diagnostic-manager.h" -#include "cfg.h" -#include "basic-block.h" -#include "gimple.h" -#include "gimple-iterator.h" -#include "gimple-pretty-print.h" -#include "cgraph.h" -#include "digraph.h" #include "analyzer/supergraph.h" #include "analyzer/program-state.h" #include "analyzer/exploded-graph.h" #include "analyzer/checker-path.h" #include "analyzer/feasible-graph.h" -#include "make-unique.h" -#include "diagnostic-format-sarif.h" /* A bundle of data characterizing a particular infinite loop identified within the exploded graph. */ @@ -108,9 +86,9 @@ struct infinite_loop std::unique_ptr<json::object> to_json () const { - auto loop_obj = ::make_unique<json::object> (); + auto loop_obj = std::make_unique<json::object> (); loop_obj->set_integer ("enode", m_enode.m_index); - auto edge_arr = ::make_unique<json::array> (); + auto edge_arr = std::make_unique<json::array> (); for (auto eedge : m_eedge_vec) edge_arr->append (eedge->to_json ()); loop_obj->set ("eedges", std::move (edge_arr)); @@ -237,7 +215,7 @@ public: checker_path *emission_path) final override { emission_path->add_event - (make_unique<warning_event> + (std::make_unique<warning_event> (event_loc_info (m_inf_loop->m_loc, enode->get_function ()->decl, enode->get_stack_depth ()), @@ -285,43 +263,46 @@ public: if (switch_cfg_sedge->implicitly_created_default_p ()) { emission_path->add_event - (make_unique<perpetual_start_cfg_edge_event> (*eedge, - loc_info_from)); + (std::make_unique<perpetual_start_cfg_edge_event> + (*eedge, + loc_info_from)); emission_path->add_event - (make_unique<end_cfg_edge_event> - (*eedge, - loc_info_to)); + (std::make_unique<end_cfg_edge_event> + (*eedge, + loc_info_to)); } } if (cfg_sedge->true_value_p ()) { emission_path->add_event - (make_unique<perpetual_start_cfg_edge_event> (*eedge, - loc_info_from)); + (std::make_unique<perpetual_start_cfg_edge_event> + (*eedge, + loc_info_from)); emission_path->add_event - (make_unique<end_cfg_edge_event> - (*eedge, - loc_info_to)); + (std::make_unique<end_cfg_edge_event> + (*eedge, + loc_info_to)); } else if (cfg_sedge->false_value_p ()) { emission_path->add_event - (make_unique<perpetual_start_cfg_edge_event> (*eedge, - loc_info_from)); + (std::make_unique<perpetual_start_cfg_edge_event> + (*eedge, + loc_info_from)); emission_path->add_event - (make_unique<end_cfg_edge_event> - (*eedge, - loc_info_to)); + (std::make_unique<end_cfg_edge_event> + (*eedge, + loc_info_to)); } else if (cfg_sedge->back_edge_p ()) { emission_path->add_event - (make_unique<looping_back_event> (*eedge, loc_info_from)); + (std::make_unique<looping_back_event> (*eedge, loc_info_from)); emission_path->add_event - (make_unique<end_cfg_edge_event> - (*eedge, - loc_info_to)); + (std::make_unique<end_cfg_edge_event> + (*eedge, + loc_info_to)); } } } @@ -415,7 +396,7 @@ starts_infinite_loop_p (const exploded_node &enode, feasible_node *curr_fnode = nullptr; if (flag_dump_analyzer_infinite_loop) - fg = ::make_unique<feasible_graph> (); + fg = std::make_unique<feasible_graph> (); location_t first_loc = UNKNOWN_LOCATION; const exploded_node *iter = &enode; @@ -432,7 +413,7 @@ starts_infinite_loop_p (const exploded_node &enode, if (logger) logger->log ("iter: EN: %i", iter->m_index); /* Analysis bailed out before processing this node. */ - if (iter->get_status () == exploded_node::STATUS_WORKLIST) + if (iter->get_status () == exploded_node::status::worklist) { if (logger) logger->log ("rejecting: EN: %i is still in worklist", @@ -460,10 +441,10 @@ starts_infinite_loop_p (const exploded_node &enode, fg->dump_dot (filename, nullptr, dump_args); free (filename); } - return ::make_unique<infinite_loop> (enode, - first_loc, - std::move (eedges), - logger); + return std::make_unique<infinite_loop> (enode, + first_loc, + std::move (eedges), + logger); } else { @@ -593,7 +574,7 @@ exploded_graph::detect_infinite_loops () pending_location ploc (enode, snode, inf_loop->m_loc); auto d - = ::make_unique<infinite_loop_diagnostic> (std::move (inf_loop)); + = std::make_unique<infinite_loop_diagnostic> (std::move (inf_loop)); get_diagnostic_manager ().add_diagnostic (ploc, std::move (d)); } } diff --git a/gcc/analyzer/infinite-recursion.cc b/gcc/analyzer/infinite-recursion.cc index 42f87ed..0641117 100644 --- a/gcc/analyzer/infinite-recursion.cc +++ b/gcc/analyzer/infinite-recursion.cc @@ -18,28 +18,14 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "tree.h" -#include "fold-const.h" -#include "gcc-rich-location.h" -#include "alloc-pool.h" -#include "fibonacci_heap.h" -#include "shortest-paths.h" -#include "diagnostic-core.h" -#include "diagnostic-event-id.h" -#include "diagnostic-path.h" -#include "function.h" -#include "pretty-print.h" -#include "sbitmap.h" -#include "bitmap.h" -#include "tristate.h" -#include "ordered-hash-map.h" -#include "selftest.h" -#include "json.h" -#include "analyzer/analyzer.h" +#include "analyzer/common.h" + +#include "cfg.h" +#include "gimple-iterator.h" +#include "gimple-pretty-print.h" +#include "cgraph.h" +#include "digraph.h" + #include "analyzer/analyzer-logging.h" #include "analyzer/call-string.h" #include "analyzer/program-point.h" @@ -49,17 +35,9 @@ along with GCC; see the file COPYING3. If not see #include "analyzer/sm.h" #include "analyzer/pending-diagnostic.h" #include "analyzer/diagnostic-manager.h" -#include "cfg.h" -#include "basic-block.h" -#include "gimple.h" -#include "gimple-iterator.h" -#include "gimple-pretty-print.h" -#include "cgraph.h" -#include "digraph.h" #include "analyzer/supergraph.h" #include "analyzer/program-state.h" #include "analyzer/exploded-graph.h" -#include "make-unique.h" #include "analyzer/checker-path.h" #include "analyzer/feasible-graph.h" #include "diagnostic-format-sarif.h" @@ -170,14 +148,15 @@ public: { gcc_assert (m_prev_entry_event == NULL); std::unique_ptr<checker_event> prev_entry_event - = make_unique <recursive_function_entry_event> (dst_point, - *this, false); + = std::make_unique <recursive_function_entry_event> (dst_point, + *this, false); m_prev_entry_event = prev_entry_event.get (); emission_path->add_event (std::move (prev_entry_event)); } else if (eedge.m_dest == m_new_entry_enode) emission_path->add_event - (make_unique<recursive_function_entry_event> (dst_point, *this, true)); + (std::make_unique<recursive_function_entry_event> + (dst_point, *this, true)); else pending_diagnostic::add_function_entry_event (eedge, emission_path); } @@ -193,7 +172,7 @@ public: { gcc_assert (m_new_entry_enode); emission_path->add_event - (make_unique<warning_event> + (std::make_unique<warning_event> (event_loc_info (m_new_entry_enode->get_supernode ()->get_start_location (), m_callee_fndecl, @@ -645,7 +624,7 @@ exploded_graph::detect_infinite_recursion (exploded_node *enode) nullptr); get_diagnostic_manager ().add_diagnostic (ploc, - make_unique<infinite_recursion_diagnostic> (prev_entry_enode, - enode, - fndecl)); + std::make_unique<infinite_recursion_diagnostic> (prev_entry_enode, + enode, + fndecl)); } diff --git a/gcc/analyzer/kf-analyzer.cc b/gcc/analyzer/kf-analyzer.cc index 54f85a4..3e671e5 100644 --- a/gcc/analyzer/kf-analyzer.cc +++ b/gcc/analyzer/kf-analyzer.cc @@ -18,24 +18,16 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "tree.h" -#include "function.h" -#include "basic-block.h" -#include "gimple.h" -#include "diagnostic-core.h" -#include "analyzer/analyzer.h" -#include "analyzer/analyzer-logging.h" +#include "analyzer/common.h" + #include "diagnostic.h" #include "tree-diagnostic.h" /* for default_tree_printer. */ +#include "pretty-print-markup.h" + +#include "analyzer/analyzer-logging.h" #include "analyzer/region-model.h" #include "analyzer/pending-diagnostic.h" #include "analyzer/call-details.h" -#include "make-unique.h" -#include "pretty-print-markup.h" #if ENABLE_ANALYZER @@ -110,7 +102,7 @@ public: const region *base_reg = reg->get_base_region (); const svalue *capacity = model->get_capacity (base_reg); label_text desc = capacity->get_desc (true); - warning_at (cd.get_call_stmt ()->location, 0, + warning_at (cd.get_call_stmt ().location, 0, "capacity: %qs", desc.get ()); } }; @@ -305,7 +297,7 @@ public: region_model_context *ctxt = cd.get_ctxt (); if (!ctxt) return; - ctxt->warn (make_unique<dump_path_diagnostic> ()); + ctxt->warn (std::make_unique<dump_path_diagnostic> ()); } }; @@ -382,22 +374,28 @@ public: void register_known_analyzer_functions (known_function_manager &kfm) { - kfm.add ("__analyzer_break", make_unique<kf_analyzer_break> ()); - kfm.add ("__analyzer_describe", make_unique<kf_analyzer_describe> ()); + kfm.add ("__analyzer_break", + std::make_unique<kf_analyzer_break> ()); + kfm.add ("__analyzer_describe", + std::make_unique<kf_analyzer_describe> ()); kfm.add ("__analyzer_dump_capacity", - make_unique<kf_analyzer_dump_capacity> ()); - kfm.add ("__analyzer_dump_escaped", make_unique<kf_analyzer_dump_escaped> ()); + std::make_unique<kf_analyzer_dump_capacity> ()); + kfm.add ("__analyzer_dump_escaped", + std::make_unique<kf_analyzer_dump_escaped> ()); kfm.add ("__analyzer_dump_exploded_nodes", - make_unique<kf_analyzer_dump_exploded_nodes> ()); + std::make_unique<kf_analyzer_dump_exploded_nodes> ()); kfm.add ("__analyzer_dump_named_constant", - make_unique<kf_analyzer_dump_named_constant> ()); - kfm.add ("__analyzer_dump_path", make_unique<kf_analyzer_dump_path> ()); + std::make_unique<kf_analyzer_dump_named_constant> ()); + kfm.add ("__analyzer_dump_path", + std::make_unique<kf_analyzer_dump_path> ()); kfm.add ("__analyzer_dump_region_model", - make_unique<kf_analyzer_dump_region_model> ()); - kfm.add ("__analyzer_eval", make_unique<kf_analyzer_eval> ()); + std::make_unique<kf_analyzer_dump_region_model> ()); + kfm.add ("__analyzer_eval", + std::make_unique<kf_analyzer_eval> ()); kfm.add ("__analyzer_get_unknown_ptr", - make_unique<kf_analyzer_get_unknown_ptr> ()); - kfm.add ("__analyzer_get_strlen", make_kf_strlen ()); + std::make_unique<kf_analyzer_get_unknown_ptr> ()); + kfm.add ("__analyzer_get_strlen", + make_kf_strlen ()); } } // namespace ana diff --git a/gcc/analyzer/kf-lang-cp.cc b/gcc/analyzer/kf-lang-cp.cc index b2b0c9b..01a98b0 100644 --- a/gcc/analyzer/kf-lang-cp.cc +++ b/gcc/analyzer/kf-lang-cp.cc @@ -18,20 +18,13 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "tree.h" -#include "function.h" -#include "basic-block.h" -#include "gimple.h" -#include "analyzer/analyzer.h" -#include "analyzer/analyzer-logging.h" +#include "analyzer/common.h" + #include "diagnostic.h" + +#include "analyzer/analyzer-logging.h" #include "analyzer/region-model.h" #include "analyzer/call-details.h" -#include "make-unique.h" #if ENABLE_ANALYZER @@ -43,10 +36,9 @@ along with GCC; see the file COPYING3. If not see See https://en.cppreference.com/w/cpp/memory/new/operator_new. */ -bool is_placement_new_p (const gcall *call) +bool is_placement_new_p (const gcall &call) { - gcc_assert (call); - tree fndecl = gimple_call_fndecl (call); + tree fndecl = gimple_call_fndecl (&call); if (!fndecl || TREE_CODE (TREE_TYPE (fndecl)) == METHOD_TYPE) /* Give up on overloaded operator new. */ @@ -91,7 +83,7 @@ public: region_model_manager *mgr = cd.get_manager (); const svalue *size_sval = cd.get_arg_svalue (0); region_model_context *ctxt = cd.get_ctxt (); - const gcall *call = cd.get_call_stmt (); + const gcall &call = cd.get_call_stmt (); /* If the call was actually a placement new, check that accessing the buffer lhs is placed into does not result in out-of-bounds. */ @@ -169,10 +161,165 @@ public: /* If the ptr points to an underlying heap region, delete it, poisoning pointers. */ model->unbind_region_and_descendents (freed_reg, - POISON_KIND_DELETED); + poison_kind::deleted); + } + } + +}; + +class kf_cxa_allocate_exception : public known_function +{ +public: + bool matches_call_types_p (const call_details &cd) const final override + { + return cd.num_args () == 1 && cd.arg_is_size_p (0); + } + + void impl_call_pre (const call_details &cd) const final override + { + region_model *model = cd.get_model (); + region_model_manager *mgr = cd.get_manager (); + const svalue *size_sval = cd.get_arg_svalue (0); + region_model_context *ctxt = cd.get_ctxt (); + + /* Create a heap allocated region. */ + const region *new_reg + = model->get_or_create_region_for_heap_alloc (size_sval, ctxt); + if (cd.get_lhs_type ()) + { + const svalue *ptr_sval + = mgr->get_ptr_svalue (cd.get_lhs_type (), new_reg); + cd.maybe_set_lhs (ptr_sval); + } + } +}; + +class kf_cxa_begin_catch : public known_function +{ +public: + bool matches_call_types_p (const call_details &cd) const final override + { + return (cd.num_args () == 1 + && POINTER_TYPE_P (cd.get_arg_type (0))); + } + + void impl_call_pre (const call_details &cd) const final override + { + region_model *model = cd.get_model (); + + auto node = model->pop_thrown_exception (); + model->push_caught_exception (node); + cd.maybe_set_lhs (node.m_exception_sval); + } +}; + +class kf_cxa_end_catch : public known_function +{ +public: + bool matches_call_types_p (const call_details &cd) const final override + { + return cd.num_args () == 0; + } + + void impl_call_pre (const call_details &cd) const final override + { + region_model *model = cd.get_model (); + model->pop_caught_exception (); + } +}; + +/* A subclass of pending_diagnostic for complaining about an exception + of an unexpected type being thrown (due to a call to + __cxa_call_unexpected). + See https://en.cppreference.com/w/cpp/language/except_spec */ + +class throw_of_unexpected_type +: public pending_diagnostic_subclass<throw_of_unexpected_type> +{ +public: + throw_of_unexpected_type (tree exception_type, + tree thrown_from_fndecl) + : m_exception_type (exception_type), + m_thrown_from_fndecl (thrown_from_fndecl) + { + gcc_assert (m_exception_type); + gcc_assert (m_thrown_from_fndecl); + } + + const char *get_kind () const final override + { + return "throw_of_unexpected_type"; + } + + bool operator== (const throw_of_unexpected_type &other) const + { + return (m_exception_type == other.m_exception_type + && m_thrown_from_fndecl == other.m_thrown_from_fndecl); + } + + int get_controlling_option () const final override + { + return OPT_Wanalyzer_throw_of_unexpected_type; + } + + bool emit (diagnostic_emission_context &ctxt) final override + { + auto_diagnostic_group d; + + bool warned + = ctxt.warn ("throwing exception of unexpected type %qT from %qE", + m_exception_type, m_thrown_from_fndecl); + if (warned) + { + inform (DECL_SOURCE_LOCATION (m_thrown_from_fndecl), + "%qE declared here", m_thrown_from_fndecl); + // TODO: show specified types? } + return warned; + } + + bool + describe_final_event (pretty_printer &pp, + const evdesc::final_event &) final override + { + pp_printf (&pp, + "exception of unexpected type %qT thrown from %qE", + m_exception_type, m_thrown_from_fndecl); + return true; + } + +private: + tree m_exception_type; + tree m_thrown_from_fndecl; +}; + +/* See https://en.cppreference.com/w/cpp/language/except_spec */ + +class kf_cxa_call_unexpected : public known_function +{ +public: + bool matches_call_types_p (const call_details &cd) const final override + { + return (cd.num_args () == 1 + && POINTER_TYPE_P (cd.get_arg_type (0))); } + void impl_call_pre (const call_details &cd) const final override + { + if (region_model_context *ctxt = cd.get_ctxt ()) + { + region_model *model = cd.get_model (); + tree thrown_from_fndecl = model->get_current_function ()->decl; + /* We must have a thrown exception. */ + auto eh_node = model->get_current_thrown_exception (); + gcc_assert (eh_node); + tree exception_type = eh_node->maybe_get_type (); + ctxt->warn + (std::make_unique<throw_of_unexpected_type> (exception_type, + thrown_from_fndecl)); + ctxt->terminate_path (); + } + } }; /* Populate KFM with instances of known functions relating to C++. */ @@ -180,10 +327,21 @@ public: void register_known_functions_lang_cp (known_function_manager &kfm) { - kfm.add ("operator new", make_unique<kf_operator_new> ()); - kfm.add ("operator new []", make_unique<kf_operator_new> ()); - kfm.add ("operator delete", make_unique<kf_operator_delete> ()); - kfm.add ("operator delete []", make_unique<kf_operator_delete> ()); + kfm.add ("operator new", std::make_unique<kf_operator_new> ()); + kfm.add ("operator new []", std::make_unique<kf_operator_new> ()); + kfm.add ("operator delete", std::make_unique<kf_operator_delete> ()); + kfm.add ("operator delete []", std::make_unique<kf_operator_delete> ()); + + /* Functions mentioned in "Itanium C++ ABI: Exception Handling"'s + "Level II: C++ ABI" + https://itanium-cxx-abi.github.io/cxx-abi/abi-eh.html#cxx-abi */ + kfm.add ("__cxa_allocate_exception", + std::make_unique<kf_cxa_allocate_exception> ()); + // We treat __cxa_throw and __cxa_rethrow as special cases + kfm.add ("__cxa_begin_catch", std::make_unique<kf_cxa_begin_catch> ()); + kfm.add ("__cxa_end_catch", std::make_unique<kf_cxa_end_catch> ()); + kfm.add ("__cxa_call_unexpected", + std::make_unique<kf_cxa_call_unexpected> ()); } } // namespace ana diff --git a/gcc/analyzer/kf.cc b/gcc/analyzer/kf.cc index dceedd4..75b6279 100644 --- a/gcc/analyzer/kf.cc +++ b/gcc/analyzer/kf.cc @@ -18,23 +18,14 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "tree.h" -#include "function.h" -#include "basic-block.h" -#include "gimple.h" -#include "diagnostic-core.h" -#include "diagnostic-metadata.h" -#include "analyzer/analyzer.h" -#include "analyzer/analyzer-logging.h" +#include "analyzer/common.h" + #include "diagnostic.h" + +#include "analyzer/analyzer-logging.h" #include "analyzer/region-model.h" #include "analyzer/call-details.h" #include "analyzer/call-info.h" -#include "make-unique.h" #if ENABLE_ANALYZER @@ -50,7 +41,6 @@ public: : m_call_stmt (cd.get_call_stmt ()), m_callee_fndecl (cd.get_fndecl_for_call ()) { - gcc_assert (m_call_stmt); gcc_assert (m_callee_fndecl); } @@ -61,7 +51,7 @@ public: bool operator== (const undefined_function_behavior &other) const { - return (m_call_stmt == other.m_call_stmt + return (&m_call_stmt == &other.m_call_stmt && m_callee_fndecl == other.m_callee_fndecl); } @@ -70,7 +60,7 @@ public: tree get_callee_fndecl () const { return m_callee_fndecl; } private: - const gimple *m_call_stmt; + const gimple &m_call_stmt; tree m_callee_fndecl; }; @@ -596,7 +586,7 @@ kf_free::impl_call_post (const call_details &cd) const /* If the ptr points to an underlying heap region, delete it, poisoning pointers. */ region_model *model = cd.get_model (); - model->unbind_region_and_descendents (freed_reg, POISON_KIND_FREED); + model->unbind_region_and_descendents (freed_reg, poison_kind::freed); model->unset_dynamic_extents (freed_reg); } } @@ -881,7 +871,7 @@ public: break; case MEMSPACE_STACK: if (ctxt) - ctxt->warn (make_unique<putenv_of_auto_var> (fndecl, reg)); + ctxt->warn (std::make_unique<putenv_of_auto_var> (fndecl, reg)); break; } cd.set_any_lhs_with_defaults (); @@ -1084,7 +1074,7 @@ kf_realloc::impl_call_post (const call_details &cd) const /* If the ptr points to an underlying heap region, delete it, poisoning pointers. */ - model->unbind_region_and_descendents (freed_reg, POISON_KIND_FREED); + model->unbind_region_and_descendents (freed_reg, poison_kind::freed); model->unset_dynamic_extents (freed_reg); } @@ -1129,9 +1119,9 @@ kf_realloc::impl_call_post (const call_details &cd) const if (cd.get_ctxt ()) { - cd.get_ctxt ()->bifurcate (make_unique<failure> (cd)); - cd.get_ctxt ()->bifurcate (make_unique<success_no_move> (cd)); - cd.get_ctxt ()->bifurcate (make_unique<success_with_move> (cd)); + cd.get_ctxt ()->bifurcate (std::make_unique<failure> (cd)); + cd.get_ctxt ()->bifurcate (std::make_unique<success_no_move> (cd)); + cd.get_ctxt ()->bifurcate (std::make_unique<success_with_move> (cd)); cd.get_ctxt ()->terminate_path (); } } @@ -1200,7 +1190,7 @@ kf_strchr::impl_call_post (const call_details &cd) const using the str_reg as the id of the conjured_svalue. */ const svalue *offset = mgr->get_or_create_conjured_svalue (size_type_node, - cd.get_call_stmt (), + &cd.get_call_stmt (), str_reg, conjured_purge (model, ctxt)); @@ -1220,8 +1210,8 @@ kf_strchr::impl_call_post (const call_details &cd) const /* Body of kf_strchr::impl_call_post. */ if (cd.get_ctxt ()) { - cd.get_ctxt ()->bifurcate (make_unique<strchr_call_info> (cd, false)); - cd.get_ctxt ()->bifurcate (make_unique<strchr_call_info> (cd, true)); + cd.get_ctxt ()->bifurcate (std::make_unique<strchr_call_info> (cd, false)); + cd.get_ctxt ()->bifurcate (std::make_unique<strchr_call_info> (cd, true)); cd.get_ctxt ()->terminate_path (); } } @@ -1286,6 +1276,27 @@ public: /* Currently a no-op. */ }; +/* Handler for "__builtin_eh_pointer". */ + +class kf_eh_pointer : public builtin_known_function +{ +public: + bool matches_call_types_p (const call_details &) const final override + { + return true; + } + + enum built_in_function builtin_code () const final override + { + return BUILT_IN_EH_POINTER; + } + + void impl_call_pre (const call_details &cd) const final override + { + cd.set_any_lhs_with_defaults (); + } +}; + /* Handler for "strcat" and "__builtin_strcat_chk". */ class kf_strcat : public builtin_known_function @@ -1476,7 +1487,7 @@ public: std::unique_ptr<known_function> make_kf_strlen () { - return make_unique<kf_strlen> (); + return std::make_unique<kf_strlen> (); } /* Handler for "strncpy" and "__builtin_strncpy". @@ -1650,11 +1661,13 @@ kf_strncpy::impl_call_post (const call_details &cd) const nullptr, nullptr); cd.get_ctxt ()->bifurcate - (make_unique<strncpy_call_info> (cd, num_bytes_with_terminator_sval, - false)); + (std::make_unique<strncpy_call_info> + (cd, num_bytes_with_terminator_sval, + false)); cd.get_ctxt ()->bifurcate - (make_unique<strncpy_call_info> (cd, num_bytes_with_terminator_sval, - true)); + (std::make_unique<strncpy_call_info> + (cd, num_bytes_with_terminator_sval, + true)); cd.get_ctxt ()->terminate_path (); } }; @@ -1757,7 +1770,7 @@ kf_strstr::impl_call_post (const call_details &cd) const using the str_reg as the id of the conjured_svalue. */ const svalue *offset = mgr->get_or_create_conjured_svalue (size_type_node, - cd.get_call_stmt (), + &cd.get_call_stmt (), str_reg, conjured_purge (model, ctxt)); @@ -1777,8 +1790,8 @@ kf_strstr::impl_call_post (const call_details &cd) const /* Body of kf_strstr::impl_call_post. */ if (cd.get_ctxt ()) { - cd.get_ctxt ()->bifurcate (make_unique<strstr_call_info> (cd, false)); - cd.get_ctxt ()->bifurcate (make_unique<strstr_call_info> (cd, true)); + cd.get_ctxt ()->bifurcate (std::make_unique<strstr_call_info> (cd, false)); + cd.get_ctxt ()->bifurcate (std::make_unique<strstr_call_info> (cd, true)); cd.get_ctxt ()->terminate_path (); } } @@ -1924,7 +1937,7 @@ public: if (cd.get_arg_svalue (0)->all_zeroes_p ()) { if (ctxt) - ctxt->warn (::make_unique<undefined_behavior> (cd)); + ctxt->warn (::std::make_unique<undefined_behavior> (cd)); } /* Assume that "str" was actually non-null; terminate @@ -1958,14 +1971,14 @@ public: using the str_reg as the id of the conjured_svalue. */ const svalue *start_offset = mgr->get_or_create_conjured_svalue (size_type_node, - cd.get_call_stmt (), + &cd.get_call_stmt (), str_reg, conjured_purge (model, ctxt), 0); const svalue *nul_offset = mgr->get_or_create_conjured_svalue (size_type_node, - cd.get_call_stmt (), + &cd.get_call_stmt (), str_reg, conjured_purge (model, ctxt), @@ -2042,13 +2055,13 @@ public: Typically the str is either null or non-null at a particular site, so hopefully this will generally just lead to two out-edges. */ cd.get_ctxt ()->bifurcate - (make_unique<strtok_call_info> (cd, m_private_reg, false, false)); + (std::make_unique<strtok_call_info> (cd, m_private_reg, false, false)); cd.get_ctxt ()->bifurcate - (make_unique<strtok_call_info> (cd, m_private_reg, false, true)); + (std::make_unique<strtok_call_info> (cd, m_private_reg, false, true)); cd.get_ctxt ()->bifurcate - (make_unique<strtok_call_info> (cd, m_private_reg, true, false)); + (std::make_unique<strtok_call_info> (cd, m_private_reg, true, false)); cd.get_ctxt ()->bifurcate - (make_unique<strtok_call_info> (cd, m_private_reg, true, true)); + (std::make_unique<strtok_call_info> (cd, m_private_reg, true, true)); cd.get_ctxt ()->terminate_path (); } } @@ -2074,127 +2087,127 @@ region_model::impl_deallocation_call (const call_details &cd) static void register_atomic_builtins (known_function_manager &kfm) { - kfm.add (BUILT_IN_ATOMIC_EXCHANGE, make_unique<kf_atomic_exchange> ()); - kfm.add (BUILT_IN_ATOMIC_EXCHANGE_N, make_unique<kf_atomic_exchange_n> ()); - kfm.add (BUILT_IN_ATOMIC_EXCHANGE_1, make_unique<kf_atomic_exchange_n> ()); - kfm.add (BUILT_IN_ATOMIC_EXCHANGE_2, make_unique<kf_atomic_exchange_n> ()); - kfm.add (BUILT_IN_ATOMIC_EXCHANGE_4, make_unique<kf_atomic_exchange_n> ()); - kfm.add (BUILT_IN_ATOMIC_EXCHANGE_8, make_unique<kf_atomic_exchange_n> ()); - kfm.add (BUILT_IN_ATOMIC_EXCHANGE_16, make_unique<kf_atomic_exchange_n> ()); - kfm.add (BUILT_IN_ATOMIC_LOAD, make_unique<kf_atomic_load> ()); - kfm.add (BUILT_IN_ATOMIC_LOAD_N, make_unique<kf_atomic_load_n> ()); - kfm.add (BUILT_IN_ATOMIC_LOAD_1, make_unique<kf_atomic_load_n> ()); - kfm.add (BUILT_IN_ATOMIC_LOAD_2, make_unique<kf_atomic_load_n> ()); - kfm.add (BUILT_IN_ATOMIC_LOAD_4, make_unique<kf_atomic_load_n> ()); - kfm.add (BUILT_IN_ATOMIC_LOAD_8, make_unique<kf_atomic_load_n> ()); - kfm.add (BUILT_IN_ATOMIC_LOAD_16, make_unique<kf_atomic_load_n> ()); - kfm.add (BUILT_IN_ATOMIC_STORE, make_unique<kf_atomic_store> ()); - kfm.add (BUILT_IN_ATOMIC_STORE_N, make_unique<kf_atomic_store_n> ()); - kfm.add (BUILT_IN_ATOMIC_STORE_1, make_unique<kf_atomic_store_n> ()); - kfm.add (BUILT_IN_ATOMIC_STORE_2, make_unique<kf_atomic_store_n> ()); - kfm.add (BUILT_IN_ATOMIC_STORE_4, make_unique<kf_atomic_store_n> ()); - kfm.add (BUILT_IN_ATOMIC_STORE_8, make_unique<kf_atomic_store_n> ()); - kfm.add (BUILT_IN_ATOMIC_STORE_16, make_unique<kf_atomic_store_n> ()); + kfm.add (BUILT_IN_ATOMIC_EXCHANGE, std::make_unique<kf_atomic_exchange> ()); + kfm.add (BUILT_IN_ATOMIC_EXCHANGE_N, std::make_unique<kf_atomic_exchange_n> ()); + kfm.add (BUILT_IN_ATOMIC_EXCHANGE_1, std::make_unique<kf_atomic_exchange_n> ()); + kfm.add (BUILT_IN_ATOMIC_EXCHANGE_2, std::make_unique<kf_atomic_exchange_n> ()); + kfm.add (BUILT_IN_ATOMIC_EXCHANGE_4, std::make_unique<kf_atomic_exchange_n> ()); + kfm.add (BUILT_IN_ATOMIC_EXCHANGE_8, std::make_unique<kf_atomic_exchange_n> ()); + kfm.add (BUILT_IN_ATOMIC_EXCHANGE_16, std::make_unique<kf_atomic_exchange_n> ()); + kfm.add (BUILT_IN_ATOMIC_LOAD, std::make_unique<kf_atomic_load> ()); + kfm.add (BUILT_IN_ATOMIC_LOAD_N, std::make_unique<kf_atomic_load_n> ()); + kfm.add (BUILT_IN_ATOMIC_LOAD_1, std::make_unique<kf_atomic_load_n> ()); + kfm.add (BUILT_IN_ATOMIC_LOAD_2, std::make_unique<kf_atomic_load_n> ()); + kfm.add (BUILT_IN_ATOMIC_LOAD_4, std::make_unique<kf_atomic_load_n> ()); + kfm.add (BUILT_IN_ATOMIC_LOAD_8, std::make_unique<kf_atomic_load_n> ()); + kfm.add (BUILT_IN_ATOMIC_LOAD_16, std::make_unique<kf_atomic_load_n> ()); + kfm.add (BUILT_IN_ATOMIC_STORE, std::make_unique<kf_atomic_store> ()); + kfm.add (BUILT_IN_ATOMIC_STORE_N, std::make_unique<kf_atomic_store_n> ()); + kfm.add (BUILT_IN_ATOMIC_STORE_1, std::make_unique<kf_atomic_store_n> ()); + kfm.add (BUILT_IN_ATOMIC_STORE_2, std::make_unique<kf_atomic_store_n> ()); + kfm.add (BUILT_IN_ATOMIC_STORE_4, std::make_unique<kf_atomic_store_n> ()); + kfm.add (BUILT_IN_ATOMIC_STORE_8, std::make_unique<kf_atomic_store_n> ()); + kfm.add (BUILT_IN_ATOMIC_STORE_16, std::make_unique<kf_atomic_store_n> ()); kfm.add (BUILT_IN_ATOMIC_ADD_FETCH_1, - make_unique<kf_atomic_op_fetch> (PLUS_EXPR)); + std::make_unique<kf_atomic_op_fetch> (PLUS_EXPR)); kfm.add (BUILT_IN_ATOMIC_ADD_FETCH_2, - make_unique<kf_atomic_op_fetch> (PLUS_EXPR)); + std::make_unique<kf_atomic_op_fetch> (PLUS_EXPR)); kfm.add (BUILT_IN_ATOMIC_ADD_FETCH_4, - make_unique<kf_atomic_op_fetch> (PLUS_EXPR)); + std::make_unique<kf_atomic_op_fetch> (PLUS_EXPR)); kfm.add (BUILT_IN_ATOMIC_ADD_FETCH_8, - make_unique<kf_atomic_op_fetch> (PLUS_EXPR)); + std::make_unique<kf_atomic_op_fetch> (PLUS_EXPR)); kfm.add (BUILT_IN_ATOMIC_ADD_FETCH_16, - make_unique<kf_atomic_op_fetch> (PLUS_EXPR)); + std::make_unique<kf_atomic_op_fetch> (PLUS_EXPR)); kfm.add (BUILT_IN_ATOMIC_SUB_FETCH_1, - make_unique<kf_atomic_op_fetch> (MINUS_EXPR)); + std::make_unique<kf_atomic_op_fetch> (MINUS_EXPR)); kfm.add (BUILT_IN_ATOMIC_SUB_FETCH_2, - make_unique<kf_atomic_op_fetch> (MINUS_EXPR)); + std::make_unique<kf_atomic_op_fetch> (MINUS_EXPR)); kfm.add (BUILT_IN_ATOMIC_SUB_FETCH_4, - make_unique<kf_atomic_op_fetch> (MINUS_EXPR)); + std::make_unique<kf_atomic_op_fetch> (MINUS_EXPR)); kfm.add (BUILT_IN_ATOMIC_SUB_FETCH_8, - make_unique<kf_atomic_op_fetch> (MINUS_EXPR)); + std::make_unique<kf_atomic_op_fetch> (MINUS_EXPR)); kfm.add (BUILT_IN_ATOMIC_SUB_FETCH_16, - make_unique<kf_atomic_op_fetch> (MINUS_EXPR)); + std::make_unique<kf_atomic_op_fetch> (MINUS_EXPR)); kfm.add (BUILT_IN_ATOMIC_AND_FETCH_1, - make_unique<kf_atomic_op_fetch> (BIT_AND_EXPR)); + std::make_unique<kf_atomic_op_fetch> (BIT_AND_EXPR)); kfm.add (BUILT_IN_ATOMIC_AND_FETCH_2, - make_unique<kf_atomic_op_fetch> (BIT_AND_EXPR)); + std::make_unique<kf_atomic_op_fetch> (BIT_AND_EXPR)); kfm.add (BUILT_IN_ATOMIC_AND_FETCH_4, - make_unique<kf_atomic_op_fetch> (BIT_AND_EXPR)); + std::make_unique<kf_atomic_op_fetch> (BIT_AND_EXPR)); kfm.add (BUILT_IN_ATOMIC_AND_FETCH_8, - make_unique<kf_atomic_op_fetch> (BIT_AND_EXPR)); + std::make_unique<kf_atomic_op_fetch> (BIT_AND_EXPR)); kfm.add (BUILT_IN_ATOMIC_AND_FETCH_16, - make_unique<kf_atomic_op_fetch> (BIT_AND_EXPR)); + std::make_unique<kf_atomic_op_fetch> (BIT_AND_EXPR)); kfm.add (BUILT_IN_ATOMIC_XOR_FETCH_1, - make_unique<kf_atomic_op_fetch> (BIT_XOR_EXPR)); + std::make_unique<kf_atomic_op_fetch> (BIT_XOR_EXPR)); kfm.add (BUILT_IN_ATOMIC_XOR_FETCH_2, - make_unique<kf_atomic_op_fetch> (BIT_XOR_EXPR)); + std::make_unique<kf_atomic_op_fetch> (BIT_XOR_EXPR)); kfm.add (BUILT_IN_ATOMIC_XOR_FETCH_4, - make_unique<kf_atomic_op_fetch> (BIT_XOR_EXPR)); + std::make_unique<kf_atomic_op_fetch> (BIT_XOR_EXPR)); kfm.add (BUILT_IN_ATOMIC_XOR_FETCH_8, - make_unique<kf_atomic_op_fetch> (BIT_XOR_EXPR)); + std::make_unique<kf_atomic_op_fetch> (BIT_XOR_EXPR)); kfm.add (BUILT_IN_ATOMIC_XOR_FETCH_16, - make_unique<kf_atomic_op_fetch> (BIT_XOR_EXPR)); + std::make_unique<kf_atomic_op_fetch> (BIT_XOR_EXPR)); kfm.add (BUILT_IN_ATOMIC_OR_FETCH_1, - make_unique<kf_atomic_op_fetch> (BIT_IOR_EXPR)); + std::make_unique<kf_atomic_op_fetch> (BIT_IOR_EXPR)); kfm.add (BUILT_IN_ATOMIC_OR_FETCH_2, - make_unique<kf_atomic_op_fetch> (BIT_IOR_EXPR)); + std::make_unique<kf_atomic_op_fetch> (BIT_IOR_EXPR)); kfm.add (BUILT_IN_ATOMIC_OR_FETCH_4, - make_unique<kf_atomic_op_fetch> (BIT_IOR_EXPR)); + std::make_unique<kf_atomic_op_fetch> (BIT_IOR_EXPR)); kfm.add (BUILT_IN_ATOMIC_OR_FETCH_8, - make_unique<kf_atomic_op_fetch> (BIT_IOR_EXPR)); + std::make_unique<kf_atomic_op_fetch> (BIT_IOR_EXPR)); kfm.add (BUILT_IN_ATOMIC_OR_FETCH_16, - make_unique<kf_atomic_op_fetch> (BIT_IOR_EXPR)); + std::make_unique<kf_atomic_op_fetch> (BIT_IOR_EXPR)); kfm.add (BUILT_IN_ATOMIC_FETCH_ADD_1, - make_unique<kf_atomic_fetch_op> (PLUS_EXPR)); + std::make_unique<kf_atomic_fetch_op> (PLUS_EXPR)); kfm.add (BUILT_IN_ATOMIC_FETCH_ADD_2, - make_unique<kf_atomic_fetch_op> (PLUS_EXPR)); + std::make_unique<kf_atomic_fetch_op> (PLUS_EXPR)); kfm.add (BUILT_IN_ATOMIC_FETCH_ADD_4, - make_unique<kf_atomic_fetch_op> (PLUS_EXPR)); + std::make_unique<kf_atomic_fetch_op> (PLUS_EXPR)); kfm.add (BUILT_IN_ATOMIC_FETCH_ADD_8, - make_unique<kf_atomic_fetch_op> (PLUS_EXPR)); + std::make_unique<kf_atomic_fetch_op> (PLUS_EXPR)); kfm.add (BUILT_IN_ATOMIC_FETCH_ADD_16, - make_unique<kf_atomic_fetch_op> (PLUS_EXPR)); + std::make_unique<kf_atomic_fetch_op> (PLUS_EXPR)); kfm.add (BUILT_IN_ATOMIC_FETCH_SUB_1, - make_unique<kf_atomic_fetch_op> (MINUS_EXPR)); + std::make_unique<kf_atomic_fetch_op> (MINUS_EXPR)); kfm.add (BUILT_IN_ATOMIC_FETCH_SUB_2, - make_unique<kf_atomic_fetch_op> (MINUS_EXPR)); + std::make_unique<kf_atomic_fetch_op> (MINUS_EXPR)); kfm.add (BUILT_IN_ATOMIC_FETCH_SUB_4, - make_unique<kf_atomic_fetch_op> (MINUS_EXPR)); + std::make_unique<kf_atomic_fetch_op> (MINUS_EXPR)); kfm.add (BUILT_IN_ATOMIC_FETCH_SUB_8, - make_unique<kf_atomic_fetch_op> (MINUS_EXPR)); + std::make_unique<kf_atomic_fetch_op> (MINUS_EXPR)); kfm.add (BUILT_IN_ATOMIC_FETCH_SUB_16, - make_unique<kf_atomic_fetch_op> (MINUS_EXPR)); + std::make_unique<kf_atomic_fetch_op> (MINUS_EXPR)); kfm.add (BUILT_IN_ATOMIC_FETCH_AND_1, - make_unique<kf_atomic_fetch_op> (BIT_AND_EXPR)); + std::make_unique<kf_atomic_fetch_op> (BIT_AND_EXPR)); kfm.add (BUILT_IN_ATOMIC_FETCH_AND_2, - make_unique<kf_atomic_fetch_op> (BIT_AND_EXPR)); + std::make_unique<kf_atomic_fetch_op> (BIT_AND_EXPR)); kfm.add (BUILT_IN_ATOMIC_FETCH_AND_4, - make_unique<kf_atomic_fetch_op> (BIT_AND_EXPR)); + std::make_unique<kf_atomic_fetch_op> (BIT_AND_EXPR)); kfm.add (BUILT_IN_ATOMIC_FETCH_AND_8, - make_unique<kf_atomic_fetch_op> (BIT_AND_EXPR)); + std::make_unique<kf_atomic_fetch_op> (BIT_AND_EXPR)); kfm.add (BUILT_IN_ATOMIC_FETCH_AND_16, - make_unique<kf_atomic_fetch_op> (BIT_AND_EXPR)); + std::make_unique<kf_atomic_fetch_op> (BIT_AND_EXPR)); kfm.add (BUILT_IN_ATOMIC_FETCH_XOR_1, - make_unique<kf_atomic_fetch_op> (BIT_XOR_EXPR)); + std::make_unique<kf_atomic_fetch_op> (BIT_XOR_EXPR)); kfm.add (BUILT_IN_ATOMIC_FETCH_XOR_2, - make_unique<kf_atomic_fetch_op> (BIT_XOR_EXPR)); + std::make_unique<kf_atomic_fetch_op> (BIT_XOR_EXPR)); kfm.add (BUILT_IN_ATOMIC_FETCH_XOR_4, - make_unique<kf_atomic_fetch_op> (BIT_XOR_EXPR)); + std::make_unique<kf_atomic_fetch_op> (BIT_XOR_EXPR)); kfm.add (BUILT_IN_ATOMIC_FETCH_XOR_8, - make_unique<kf_atomic_fetch_op> (BIT_XOR_EXPR)); + std::make_unique<kf_atomic_fetch_op> (BIT_XOR_EXPR)); kfm.add (BUILT_IN_ATOMIC_FETCH_XOR_16, - make_unique<kf_atomic_fetch_op> (BIT_XOR_EXPR)); + std::make_unique<kf_atomic_fetch_op> (BIT_XOR_EXPR)); kfm.add (BUILT_IN_ATOMIC_FETCH_OR_1, - make_unique<kf_atomic_fetch_op> (BIT_IOR_EXPR)); + std::make_unique<kf_atomic_fetch_op> (BIT_IOR_EXPR)); kfm.add (BUILT_IN_ATOMIC_FETCH_OR_2, - make_unique<kf_atomic_fetch_op> (BIT_IOR_EXPR)); + std::make_unique<kf_atomic_fetch_op> (BIT_IOR_EXPR)); kfm.add (BUILT_IN_ATOMIC_FETCH_OR_4, - make_unique<kf_atomic_fetch_op> (BIT_IOR_EXPR)); + std::make_unique<kf_atomic_fetch_op> (BIT_IOR_EXPR)); kfm.add (BUILT_IN_ATOMIC_FETCH_OR_8, - make_unique<kf_atomic_fetch_op> (BIT_IOR_EXPR)); + std::make_unique<kf_atomic_fetch_op> (BIT_IOR_EXPR)); kfm.add (BUILT_IN_ATOMIC_FETCH_OR_16, - make_unique<kf_atomic_fetch_op> (BIT_IOR_EXPR)); + std::make_unique<kf_atomic_fetch_op> (BIT_IOR_EXPR)); } /* Handle calls to the various IFN_UBSAN_* with no return value. @@ -2224,14 +2237,14 @@ register_sanitizer_builtins (known_function_manager &kfm) /* Handle calls to the various IFN_UBSAN_* with no return value. For now, treat these as no-ops. */ kfm.add (IFN_UBSAN_NULL, - make_unique<kf_ubsan_noop> ()); + std::make_unique<kf_ubsan_noop> ()); kfm.add (IFN_UBSAN_BOUNDS, - make_unique<kf_ubsan_noop> ()); + std::make_unique<kf_ubsan_noop> ()); kfm.add (IFN_UBSAN_PTR, - make_unique<kf_ubsan_noop> ()); + std::make_unique<kf_ubsan_noop> ()); kfm.add (BUILT_IN_UBSAN_HANDLE_NONNULL_ARG, - make_unique<kf_ubsan_handler> ()); + std::make_unique<kf_ubsan_handler> ()); } /* Populate KFM with instances of known functions supported by the core of the @@ -2246,17 +2259,19 @@ register_known_functions (known_function_manager &kfm, /* Internal fns the analyzer has known_functions for. */ { - kfm.add (IFN_BUILTIN_EXPECT, make_unique<kf_expect> ()); + kfm.add (IFN_BUILTIN_EXPECT, std::make_unique<kf_expect> ()); } /* GCC built-ins that do not correspond to a function in the standard library. */ { - kfm.add (BUILT_IN_EXPECT, make_unique<kf_expect> ()); - kfm.add (BUILT_IN_EXPECT_WITH_PROBABILITY, make_unique<kf_expect> ()); - kfm.add (BUILT_IN_ALLOCA_WITH_ALIGN, make_unique<kf_alloca> ()); - kfm.add (BUILT_IN_STACK_RESTORE, make_unique<kf_stack_restore> ()); - kfm.add (BUILT_IN_STACK_SAVE, make_unique<kf_stack_save> ()); + kfm.add (BUILT_IN_EXPECT, std::make_unique<kf_expect> ()); + kfm.add (BUILT_IN_EXPECT_WITH_PROBABILITY, std::make_unique<kf_expect> ()); + kfm.add (BUILT_IN_ALLOCA_WITH_ALIGN, std::make_unique<kf_alloca> ()); + kfm.add (BUILT_IN_STACK_RESTORE, std::make_unique<kf_stack_restore> ()); + kfm.add (BUILT_IN_STACK_SAVE, std::make_unique<kf_stack_save> ()); + + kfm.add (BUILT_IN_EH_POINTER, std::make_unique<kf_eh_pointer> ()); register_atomic_builtins (kfm); register_sanitizer_builtins (kfm); @@ -2266,58 +2281,58 @@ register_known_functions (known_function_manager &kfm, /* Known builtins and C standard library functions the analyzer has known functions for. */ { - kfm.add ("alloca", make_unique<kf_alloca> ()); - kfm.add ("__builtin_alloca", make_unique<kf_alloca> ()); - kfm.add ("calloc", make_unique<kf_calloc> ()); - kfm.add ("__builtin_calloc", make_unique<kf_calloc> ()); - kfm.add ("free", make_unique<kf_free> ()); - kfm.add ("__builtin_free", make_unique<kf_free> ()); - kfm.add ("malloc", make_unique<kf_malloc> ()); - kfm.add ("__builtin_malloc", make_unique<kf_malloc> ()); + kfm.add ("alloca", std::make_unique<kf_alloca> ()); + kfm.add ("__builtin_alloca", std::make_unique<kf_alloca> ()); + kfm.add ("calloc", std::make_unique<kf_calloc> ()); + kfm.add ("__builtin_calloc", std::make_unique<kf_calloc> ()); + kfm.add ("free", std::make_unique<kf_free> ()); + kfm.add ("__builtin_free", std::make_unique<kf_free> ()); + kfm.add ("malloc", std::make_unique<kf_malloc> ()); + kfm.add ("__builtin_malloc", std::make_unique<kf_malloc> ()); kfm.add ("memcpy", - make_unique<kf_memcpy_memmove> (kf_memcpy_memmove::KF_MEMCPY)); + std::make_unique<kf_memcpy_memmove> (kf_memcpy_memmove::KF_MEMCPY)); kfm.add ("__builtin_memcpy", - make_unique<kf_memcpy_memmove> (kf_memcpy_memmove::KF_MEMCPY)); - kfm.add ("__memcpy_chk", make_unique<kf_memcpy_memmove> + std::make_unique<kf_memcpy_memmove> (kf_memcpy_memmove::KF_MEMCPY)); + kfm.add ("__memcpy_chk", std::make_unique<kf_memcpy_memmove> (kf_memcpy_memmove::KF_MEMCPY_CHK)); - kfm.add ("__builtin___memcpy_chk", make_unique<kf_memcpy_memmove> + kfm.add ("__builtin___memcpy_chk", std::make_unique<kf_memcpy_memmove> (kf_memcpy_memmove::KF_MEMCPY_CHK)); kfm.add ("memmove", - make_unique<kf_memcpy_memmove> (kf_memcpy_memmove::KF_MEMMOVE)); + std::make_unique<kf_memcpy_memmove> (kf_memcpy_memmove::KF_MEMMOVE)); kfm.add ("__builtin_memmove", - make_unique<kf_memcpy_memmove> (kf_memcpy_memmove::KF_MEMMOVE)); - kfm.add ("__memmove_chk", make_unique<kf_memcpy_memmove> + std::make_unique<kf_memcpy_memmove> (kf_memcpy_memmove::KF_MEMMOVE)); + kfm.add ("__memmove_chk", std::make_unique<kf_memcpy_memmove> (kf_memcpy_memmove::KF_MEMMOVE_CHK)); - kfm.add ("__builtin___memmove_chk", make_unique<kf_memcpy_memmove> + kfm.add ("__builtin___memmove_chk", std::make_unique<kf_memcpy_memmove> (kf_memcpy_memmove::KF_MEMMOVE_CHK)); - kfm.add ("memset", make_unique<kf_memset> (false)); - kfm.add ("__builtin_memset", make_unique<kf_memset> (false)); - kfm.add ("__memset_chk", make_unique<kf_memset> (true)); - kfm.add ("__builtin___memset_chk", make_unique<kf_memset> (true)); - kfm.add ("realloc", make_unique<kf_realloc> ()); - kfm.add ("__builtin_realloc", make_unique<kf_realloc> ()); - kfm.add ("sprintf", make_unique<kf_sprintf> ()); - kfm.add ("__builtin_sprintf", make_unique<kf_sprintf> ()); - kfm.add ("strchr", make_unique<kf_strchr> ()); - kfm.add ("__builtin_strchr", make_unique<kf_strchr> ()); - kfm.add ("strcpy", make_unique<kf_strcpy> (2, false)); - kfm.add ("__builtin_strcpy", make_unique<kf_strcpy> (2, false)); - kfm.add ("__strcpy_chk", make_unique<kf_strcpy> (3, true)); - kfm.add ("__builtin___strcpy_chk", make_unique<kf_strcpy> (3, true)); - kfm.add ("strcat", make_unique<kf_strcat> (2, false)); - kfm.add ("__builtin_strcat", make_unique<kf_strcat> (2, false)); - kfm.add ("__strcat_chk", make_unique<kf_strcat> (3, true)); - kfm.add ("__builtin___strcat_chk", make_unique<kf_strcat> (3, true)); - kfm.add ("strdup", make_unique<kf_strdup> ()); - kfm.add ("__builtin_strdup", make_unique<kf_strdup> ()); - kfm.add ("strncpy", make_unique<kf_strncpy> ()); - kfm.add ("__builtin_strncpy", make_unique<kf_strncpy> ()); - kfm.add ("strndup", make_unique<kf_strndup> ()); - kfm.add ("__builtin_strndup", make_unique<kf_strndup> ()); - kfm.add ("strlen", make_unique<kf_strlen> ()); - kfm.add ("__builtin_strlen", make_unique<kf_strlen> ()); - kfm.add ("strstr", make_unique<kf_strstr> ()); - kfm.add ("__builtin_strstr", make_unique<kf_strstr> ()); + kfm.add ("memset", std::make_unique<kf_memset> (false)); + kfm.add ("__builtin_memset", std::make_unique<kf_memset> (false)); + kfm.add ("__memset_chk", std::make_unique<kf_memset> (true)); + kfm.add ("__builtin___memset_chk", std::make_unique<kf_memset> (true)); + kfm.add ("realloc", std::make_unique<kf_realloc> ()); + kfm.add ("__builtin_realloc", std::make_unique<kf_realloc> ()); + kfm.add ("sprintf", std::make_unique<kf_sprintf> ()); + kfm.add ("__builtin_sprintf", std::make_unique<kf_sprintf> ()); + kfm.add ("strchr", std::make_unique<kf_strchr> ()); + kfm.add ("__builtin_strchr", std::make_unique<kf_strchr> ()); + kfm.add ("strcpy", std::make_unique<kf_strcpy> (2, false)); + kfm.add ("__builtin_strcpy", std::make_unique<kf_strcpy> (2, false)); + kfm.add ("__strcpy_chk", std::make_unique<kf_strcpy> (3, true)); + kfm.add ("__builtin___strcpy_chk", std::make_unique<kf_strcpy> (3, true)); + kfm.add ("strcat", std::make_unique<kf_strcat> (2, false)); + kfm.add ("__builtin_strcat", std::make_unique<kf_strcat> (2, false)); + kfm.add ("__strcat_chk", std::make_unique<kf_strcat> (3, true)); + kfm.add ("__builtin___strcat_chk", std::make_unique<kf_strcat> (3, true)); + kfm.add ("strdup", std::make_unique<kf_strdup> ()); + kfm.add ("__builtin_strdup", std::make_unique<kf_strdup> ()); + kfm.add ("strncpy", std::make_unique<kf_strncpy> ()); + kfm.add ("__builtin_strncpy", std::make_unique<kf_strncpy> ()); + kfm.add ("strndup", std::make_unique<kf_strndup> ()); + kfm.add ("__builtin_strndup", std::make_unique<kf_strndup> ()); + kfm.add ("strlen", std::make_unique<kf_strlen> ()); + kfm.add ("__builtin_strlen", std::make_unique<kf_strlen> ()); + kfm.add ("strstr", std::make_unique<kf_strstr> ()); + kfm.add ("__builtin_strstr", std::make_unique<kf_strstr> ()); register_atomic_builtins (kfm); register_varargs_builtins (kfm); @@ -2325,9 +2340,9 @@ register_known_functions (known_function_manager &kfm, /* Known POSIX functions, and some non-standard extensions. */ { - kfm.add ("fopen", make_unique<kf_fopen> ()); - kfm.add ("putenv", make_unique<kf_putenv> ()); - kfm.add ("strtok", make_unique<kf_strtok> (rmm)); + kfm.add ("fopen", std::make_unique<kf_fopen> ()); + kfm.add ("putenv", std::make_unique<kf_putenv> ()); + kfm.add ("strtok", std::make_unique<kf_strtok> (rmm)); register_known_fd_functions (kfm); register_known_file_functions (kfm); @@ -2335,13 +2350,13 @@ register_known_functions (known_function_manager &kfm, /* glibc functions. */ { - kfm.add ("__errno_location", make_unique<kf_errno_location> ()); - kfm.add ("error", make_unique<kf_error> (3)); - kfm.add ("error_at_line", make_unique<kf_error> (5)); + kfm.add ("__errno_location", std::make_unique<kf_errno_location> ()); + kfm.add ("error", std::make_unique<kf_error> (3)); + kfm.add ("error_at_line", std::make_unique<kf_error> (5)); /* Variants of "error" and "error_at_line" seen by the analyzer at -O0 (PR analyzer/115724). */ - kfm.add ("__error_alias", make_unique<kf_error> (3)); - kfm.add ("__error_at_line_alias", make_unique<kf_error> (5)); + kfm.add ("__error_alias", std::make_unique<kf_error> (3)); + kfm.add ("__error_at_line_alias", std::make_unique<kf_error> (5)); } /* Other implementations of C standard library. */ @@ -2355,9 +2370,9 @@ register_known_functions (known_function_manager &kfm, #define errno (*__error()) and similarly __errno for newlib. Add these as synonyms for "__errno_location". */ - kfm.add ("___errno", make_unique<kf_errno_location> ()); - kfm.add ("__error", make_unique<kf_errno_location> ()); - kfm.add ("__errno", make_unique<kf_errno_location> ()); + kfm.add ("___errno", std::make_unique<kf_errno_location> ()); + kfm.add ("__error", std::make_unique<kf_errno_location> ()); + kfm.add ("__errno", std::make_unique<kf_errno_location> ()); } /* Language-specific support functions. */ @@ -2367,22 +2382,22 @@ register_known_functions (known_function_manager &kfm, from <cstdlib> etc for the C spellings of these headers (e.g. <stdlib.h>), so we must match against these too. */ { - kfm.add_std_ns ("malloc", make_unique<kf_malloc> ()); - kfm.add_std_ns ("free", make_unique<kf_free> ()); - kfm.add_std_ns ("realloc", make_unique<kf_realloc> ()); - kfm.add_std_ns ("calloc", make_unique<kf_calloc> ()); + kfm.add_std_ns ("malloc", std::make_unique<kf_malloc> ()); + kfm.add_std_ns ("free", std::make_unique<kf_free> ()); + kfm.add_std_ns ("realloc", std::make_unique<kf_realloc> ()); + kfm.add_std_ns ("calloc", std::make_unique<kf_calloc> ()); kfm.add_std_ns ("memcpy", - make_unique<kf_memcpy_memmove> (kf_memcpy_memmove::KF_MEMCPY)); + std::make_unique<kf_memcpy_memmove> (kf_memcpy_memmove::KF_MEMCPY)); kfm.add_std_ns ("memmove", - make_unique<kf_memcpy_memmove> (kf_memcpy_memmove::KF_MEMMOVE)); - kfm.add_std_ns ("memset", make_unique<kf_memset> (false)); - kfm.add_std_ns ("strcat", make_unique<kf_strcat> (2, false)); - kfm.add_std_ns ("strcpy", make_unique<kf_strcpy> (2, false)); - kfm.add_std_ns ("strlen", make_unique<kf_strlen> ()); - kfm.add_std_ns ("strncpy", make_unique<kf_strncpy> ()); - kfm.add_std_ns ("strtok", make_unique<kf_strtok> (rmm)); + std::make_unique<kf_memcpy_memmove> (kf_memcpy_memmove::KF_MEMMOVE)); + kfm.add_std_ns ("memset", std::make_unique<kf_memset> (false)); + kfm.add_std_ns ("strcat", std::make_unique<kf_strcat> (2, false)); + kfm.add_std_ns ("strcpy", std::make_unique<kf_strcpy> (2, false)); + kfm.add_std_ns ("strlen", std::make_unique<kf_strlen> ()); + kfm.add_std_ns ("strncpy", std::make_unique<kf_strncpy> ()); + kfm.add_std_ns ("strtok", std::make_unique<kf_strtok> (rmm)); } } diff --git a/gcc/analyzer/known-function-manager.cc b/gcc/analyzer/known-function-manager.cc index db670b8..1a2930e 100644 --- a/gcc/analyzer/known-function-manager.cc +++ b/gcc/analyzer/known-function-manager.cc @@ -18,17 +18,12 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "tree.h" -#include "analyzer/analyzer.h" +#include "analyzer/common.h" + #include "diagnostic-core.h" -#include "analyzer/analyzer-logging.h" #include "stringpool.h" -#include "basic-block.h" -#include "gimple.h" + +#include "analyzer/analyzer-logging.h" #include "analyzer/known-function-manager.h" #include "analyzer/region-model.h" #include "analyzer/call-details.h" @@ -108,7 +103,7 @@ known_function_manager::get_match (tree fndecl, const call_details &cd) const { if (const known_function *candidate = get_normal_builtin (DECL_FUNCTION_CODE (fndecl))) - if (gimple_builtin_call_types_compatible_p (cd.get_call_stmt (), + if (gimple_builtin_call_types_compatible_p (&cd.get_call_stmt (), fndecl)) return candidate; } diff --git a/gcc/analyzer/pending-diagnostic.cc b/gcc/analyzer/pending-diagnostic.cc index 0f69d02..70dc815 100644 --- a/gcc/analyzer/pending-diagnostic.cc +++ b/gcc/analyzer/pending-diagnostic.cc @@ -18,18 +18,18 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "tree.h" -#include "intl.h" -#include "diagnostic.h" -#include "analyzer/analyzer.h" +#include "analyzer/common.h" + #include "diagnostic-event-id.h" +#include "cpplib.h" +#include "digraph.h" +#include "ordered-hash-map.h" +#include "cfg.h" +#include "gimple-iterator.h" +#include "cgraph.h" + #include "analyzer/analyzer-logging.h" #include "analyzer/sm.h" -#include "diagnostic-event-id.h" #include "analyzer/sm.h" #include "analyzer/pending-diagnostic.h" #include "analyzer/diagnostic-manager.h" @@ -37,20 +37,10 @@ along with GCC; see the file COPYING3. If not see #include "analyzer/program-point.h" #include "analyzer/store.h" #include "analyzer/region-model.h" -#include "cpplib.h" -#include "digraph.h" -#include "ordered-hash-map.h" -#include "cfg.h" -#include "basic-block.h" -#include "gimple.h" -#include "gimple-iterator.h" -#include "cgraph.h" #include "analyzer/supergraph.h" #include "analyzer/program-state.h" #include "analyzer/exploded-graph.h" -#include "diagnostic-path.h" #include "analyzer/checker-path.h" -#include "make-unique.h" #if ENABLE_ANALYZER @@ -195,7 +185,7 @@ pending_diagnostic::add_function_entry_event (const exploded_edge &eedge, { const exploded_node *dst_node = eedge.m_dest; const program_point &dst_point = dst_node->get_point (); - emission_path->add_event (make_unique<function_entry_event> (dst_point)); + emission_path->add_event (std::make_unique<function_entry_event> (dst_point)); } /* Base implementation of pending_diagnostic::add_call_event. @@ -210,12 +200,12 @@ pending_diagnostic::add_call_event (const exploded_edge &eedge, const int src_stack_depth = src_point.get_stack_depth (); const gimple *last_stmt = src_point.get_supernode ()->get_last_stmt (); emission_path->add_event - (make_unique<call_event> (eedge, - event_loc_info (last_stmt - ? last_stmt->location - : UNKNOWN_LOCATION, - src_point.get_fndecl (), - src_stack_depth))); + (std::make_unique<call_event> (eedge, + event_loc_info (last_stmt + ? last_stmt->location + : UNKNOWN_LOCATION, + src_point.get_fndecl (), + src_stack_depth))); } /* Base implementation of pending_diagnostic::add_region_creation_events. @@ -228,12 +218,13 @@ pending_diagnostic::add_region_creation_events (const region *reg, checker_path &emission_path) { emission_path.add_event - (make_unique<region_creation_event_memory_space> (reg->get_memory_space (), - loc_info)); + (std::make_unique<region_creation_event_memory_space> + (reg->get_memory_space (), + loc_info)); if (capacity) emission_path.add_event - (make_unique<region_creation_event_capacity> (capacity, loc_info)); + (std::make_unique<region_creation_event_capacity> (capacity, loc_info)); } /* Base implementation of pending_diagnostic::add_final_event. @@ -247,7 +238,7 @@ pending_diagnostic::add_final_event (const state_machine *sm, checker_path *emission_path) { emission_path->add_event - (make_unique<warning_event> + (std::make_unique<warning_event> (loc_info, enode, sm, var, state)); diff --git a/gcc/analyzer/program-point.cc b/gcc/analyzer/program-point.cc index 473c102..c95f863 100644 --- a/gcc/analyzer/program-point.cc +++ b/gcc/analyzer/program-point.cc @@ -18,42 +18,28 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "tree.h" -#include "gimple-pretty-print.h" +#include "analyzer/common.h" + +#include "diagnostic-event-id.h" #include "gcc-rich-location.h" -#include "ordered-hash-map.h" -#include "options.h" -#include "cgraph.h" -#include "function.h" -#include "cfg.h" -#include "basic-block.h" -#include "gimple.h" -#include "gimple-iterator.h" -#include "digraph.h" -#include "analyzer/analyzer.h" +#include "gimple-pretty-print.h" +#include "sbitmap.h" +#include "selftest.h" +#include "shortest-paths.h" + #include "analyzer/analyzer-logging.h" #include "analyzer/call-string.h" #include "analyzer/supergraph.h" #include "analyzer/program-point.h" -#include "sbitmap.h" -#include "bitmap.h" -#include "selftest.h" #include "analyzer/store.h" #include "analyzer/region-model.h" #include "analyzer/sm.h" #include "analyzer/program-state.h" -#include "diagnostic-event-id.h" #include "analyzer/pending-diagnostic.h" #include "analyzer/diagnostic-manager.h" -#include "shortest-paths.h" #include "analyzer/exploded-graph.h" #include "analyzer/analysis-plan.h" #include "analyzer/inlining-iterator.h" -#include "make-unique.h" #if ENABLE_ANALYZER @@ -316,7 +302,7 @@ program_point::dump () const std::unique_ptr<json::object> program_point::to_json () const { - auto point_obj = ::make_unique<json::object> (); + auto point_obj = std::make_unique<json::object> (); point_obj->set_string ("kind", point_kind_to_string (get_kind ())); diff --git a/gcc/analyzer/program-state.cc b/gcc/analyzer/program-state.cc index ec96900..21f78e5 100644 --- a/gcc/analyzer/program-state.cc +++ b/gcc/analyzer/program-state.cc @@ -18,44 +18,36 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "tree.h" -#include "diagnostic-core.h" -#include "diagnostic.h" -#include "analyzer/analyzer.h" -#include "analyzer/analyzer-logging.h" -#include "analyzer/sm.h" +#include "analyzer/common.h" + #include "sbitmap.h" -#include "bitmap.h" #include "ordered-hash-map.h" #include "selftest.h" +#include "cfg.h" +#include "gimple-iterator.h" +#include "cgraph.h" +#include "digraph.h" +#include "diagnostic-event-id.h" + +#include "text-art/tree-widget.h" +#include "text-art/dump.h" + +#include "analyzer/analyzer-logging.h" +#include "analyzer/sm.h" #include "analyzer/call-string.h" #include "analyzer/program-point.h" #include "analyzer/store.h" #include "analyzer/region-model.h" #include "analyzer/program-state.h" #include "analyzer/constraint-manager.h" -#include "diagnostic-event-id.h" #include "analyzer/pending-diagnostic.h" #include "analyzer/diagnostic-manager.h" -#include "cfg.h" -#include "basic-block.h" -#include "gimple.h" -#include "gimple-iterator.h" -#include "cgraph.h" -#include "digraph.h" #include "analyzer/supergraph.h" #include "analyzer/program-state.h" #include "analyzer/exploded-graph.h" #include "analyzer/state-purge.h" #include "analyzer/call-summary.h" #include "analyzer/analyzer-selftests.h" -#include "text-art/tree-widget.h" -#include "text-art/dump.h" -#include "make-unique.h" #if ENABLE_ANALYZER @@ -69,11 +61,10 @@ void extrinsic_state::dump_to_pp (pretty_printer *pp) const { pp_printf (pp, "extrinsic_state: %i checker(s)\n", get_num_checkers ()); - unsigned i; - state_machine *checker; - FOR_EACH_VEC_ELT (m_checkers, i, checker) + unsigned i = 0; + for (auto &checker : m_checkers) { - pp_printf (pp, "m_checkers[%i]: %qs\n", i, checker->get_name ()); + pp_printf (pp, "m_checkers[%i]: %qs\n", ++i, checker->get_name ()); checker->dump_to_pp (pp); } } @@ -101,13 +92,11 @@ extrinsic_state::dump () const std::unique_ptr<json::object> extrinsic_state::to_json () const { - auto ext_state_obj = ::make_unique<json::object> (); + auto ext_state_obj = std::make_unique<json::object> (); { - auto checkers_arr = ::make_unique<json::array> (); - unsigned i; - state_machine *sm; - FOR_EACH_VEC_ELT (m_checkers, i, sm) + auto checkers_arr = std::make_unique<json::array> (); + for (auto &sm : m_checkers) checkers_arr->append (sm->to_json ()); ext_state_obj->set ("checkers", std::move (checkers_arr)); } @@ -133,10 +122,8 @@ extrinsic_state::get_model_manager () const bool extrinsic_state::get_sm_idx_by_name (const char *name, unsigned *out) const { - unsigned i; - state_machine *sm; - FOR_EACH_VEC_ELT (m_checkers, i, sm) - if (0 == strcmp (name, sm->get_name ())) + for (size_t i = 0; i < m_checkers.size (); ++i) + if (0 == strcmp (name, m_checkers[i]->get_name ())) { /* Found NAME. */ *out = i; @@ -279,7 +266,7 @@ sm_state_map::dump (bool simple) const std::unique_ptr<json::object> sm_state_map::to_json () const { - auto map_obj = ::make_unique<json::object> (); + auto map_obj = std::make_unique<json::object> (); if (m_global_state != m_sm.get_start_state ()) map_obj->set ("global", m_global_state->to_json ()); @@ -1188,7 +1175,7 @@ program_state::dump () const std::unique_ptr<json::object> program_state::to_json (const extrinsic_state &ext_state) const { - auto state_obj = ::make_unique<json::object> (); + auto state_obj = std::make_unique<json::object> (); state_obj->set ("store", m_region_model->get_store ()->to_json ()); state_obj->set ("constraints", @@ -1199,7 +1186,7 @@ program_state::to_json (const extrinsic_state &ext_state) const /* Provide m_checker_states as an object, using names as keys. */ { - auto checkers_obj = ::make_unique<json::object> (); + auto checkers_obj = std::make_unique<json::object> (); int i; sm_state_map *smap; @@ -1244,7 +1231,7 @@ void program_state::push_frame (const extrinsic_state &ext_state ATTRIBUTE_UNUSED, const function &fun) { - m_region_model->push_frame (fun, NULL, NULL); + m_region_model->push_frame (fun, nullptr, nullptr, nullptr); } /* Get the current function of this state. */ @@ -1348,7 +1335,7 @@ program_state::on_edge (exploded_graph &eg, void program_state::push_call (exploded_graph &eg, exploded_node *enode, - const gcall *call_stmt, + const gcall &call_stmt, uncertainty_t *uncertainty) { /* Update state. */ @@ -1371,7 +1358,7 @@ program_state::push_call (exploded_graph &eg, void program_state::returning_call (exploded_graph &eg, exploded_node *enode, - const gcall *call_stmt, + const gcall &call_stmt, uncertainty_t *uncertainty) { /* Update state. */ @@ -1749,7 +1736,7 @@ program_state::replay_call_summary (call_summary_replay &r, /* Handle calls to "__analyzer_dump_state". */ void -program_state::impl_call_analyzer_dump_state (const gcall *call, +program_state::impl_call_analyzer_dump_state (const gcall &call, const extrinsic_state &ext_state, region_model_context *ctxt) { @@ -1757,13 +1744,13 @@ program_state::impl_call_analyzer_dump_state (const gcall *call, const char *sm_name = cd.get_arg_string_literal (0); if (!sm_name) { - error_at (call->location, "cannot determine state machine"); + error_at (call.location, "cannot determine state machine"); return; } unsigned sm_idx; if (!ext_state.get_sm_idx_by_name (sm_name, &sm_idx)) { - error_at (call->location, "unrecognized state machine %qs", sm_name); + error_at (call.location, "unrecognized state machine %qs", sm_name); return; } const sm_state_map *smap = m_checker_states[sm_idx]; @@ -1775,7 +1762,7 @@ program_state::impl_call_analyzer_dump_state (const gcall *call, sval = cast; state_machine::state_t state = smap->get_state (sval, ext_state); - warning_at (call->location, 0, "state: %qs", state->get_name ()); + warning_at (call.location, 0, "state: %qs", state->get_name ()); } #if CHECKING_P @@ -1791,12 +1778,13 @@ test_sm_state_map () tree y = build_global_decl ("y", integer_type_node); tree z = build_global_decl ("z", integer_type_node); - state_machine *sm = make_malloc_state_machine (NULL); - auto_delete_vec <state_machine> checkers; - checkers.safe_push (sm); - engine eng; - extrinsic_state ext_state (checkers, &eng); + std::unique_ptr<state_machine> sm = make_malloc_state_machine (NULL); state_machine::state_t start = sm->get_start_state (); + std::vector<std::unique_ptr<state_machine>> checkers; + const state_machine &borrowed_sm = *sm.get (); + checkers.push_back (std::move (sm)); + engine eng; + extrinsic_state ext_state (std::move (checkers), &eng); /* Test setting states on svalue_id instances directly. */ { @@ -1808,7 +1796,7 @@ test_sm_state_map () const svalue *y_sval = model.get_rvalue (y, NULL); const svalue *z_sval = model.get_rvalue (z, NULL); - sm_state_map map (*sm); + sm_state_map map (borrowed_sm); ASSERT_TRUE (map.is_empty_p ()); ASSERT_EQ (map.get_state (x_sval, ext_state), start); @@ -1837,7 +1825,7 @@ test_sm_state_map () const svalue *y_sval = model.get_rvalue (y, NULL); const svalue *z_sval = model.get_rvalue (z, NULL); - sm_state_map map (*sm); + sm_state_map map (borrowed_sm); ASSERT_TRUE (map.is_empty_p ()); ASSERT_EQ (map.get_state (x_sval, ext_state), start); ASSERT_EQ (map.get_state (y_sval, ext_state), start); @@ -1860,9 +1848,9 @@ test_sm_state_map () const svalue *y_sval = model.get_rvalue (y, NULL); const svalue *z_sval = model.get_rvalue (z, NULL); - sm_state_map map0 (*sm); - sm_state_map map1 (*sm); - sm_state_map map2 (*sm); + sm_state_map map0 (borrowed_sm); + sm_state_map map1 (borrowed_sm); + sm_state_map map2 (borrowed_sm); ASSERT_EQ (map0.hash (), map1.hash ()); ASSERT_EQ (map0, map1); @@ -1883,9 +1871,9 @@ test_sm_state_map () const state_machine::state_t TEST_STATE_2 = &test_state_2; const state_machine::state test_state_3 ("test state 3", 3); const state_machine::state_t TEST_STATE_3 = &test_state_3; - sm_state_map map0 (*sm); - sm_state_map map1 (*sm); - sm_state_map map2 (*sm); + sm_state_map map0 (borrowed_sm); + sm_state_map map1 (borrowed_sm); + sm_state_map map2 (borrowed_sm); ASSERT_EQ (map0.hash (), map1.hash ()); ASSERT_EQ (map0, map1); @@ -1920,14 +1908,12 @@ test_program_state_1 () malloc sm-state, pointing to a region on the heap. */ tree p = build_global_decl ("p", ptr_type_node); - state_machine *sm = make_malloc_state_machine (NULL); + std::unique_ptr<state_machine> sm = make_malloc_state_machine (NULL); const state_machine::state_t UNCHECKED_STATE = sm->get_state_by_name ("unchecked"); - auto_delete_vec <state_machine> checkers; - checkers.safe_push (sm); engine eng; - extrinsic_state ext_state (checkers, &eng); + extrinsic_state ext_state (std::move (sm), &eng); region_model_manager *mgr = eng.get_model_manager (); program_state s (ext_state); region_model *model = s.m_region_model; @@ -1955,9 +1941,9 @@ test_program_state_2 () tree string_cst_ptr = build_string_literal (4, "foo"); - auto_delete_vec <state_machine> checkers; + std::vector<std::unique_ptr<state_machine>> checkers; engine eng; - extrinsic_state ext_state (checkers, &eng); + extrinsic_state ext_state (std::move (checkers), &eng); program_state s (ext_state); region_model *model = s.m_region_model; @@ -1979,9 +1965,8 @@ test_program_state_merging () engine eng; region_model_manager *mgr = eng.get_model_manager (); program_point point (program_point::origin (*mgr)); - auto_delete_vec <state_machine> checkers; - checkers.safe_push (make_malloc_state_machine (NULL)); - extrinsic_state ext_state (checkers, &eng); + extrinsic_state ext_state (make_malloc_state_machine (NULL), + &eng); program_state s0 (ext_state); uncertainty_t uncertainty; @@ -2047,9 +2032,7 @@ test_program_state_merging_2 () engine eng; region_model_manager *mgr = eng.get_model_manager (); program_point point (program_point::origin (*mgr)); - auto_delete_vec <state_machine> checkers; - checkers.safe_push (make_signal_state_machine (NULL)); - extrinsic_state ext_state (checkers, &eng); + extrinsic_state ext_state (make_signal_state_machine (NULL), &eng); const state_machine::state test_state_0 ("test state 0", 0); const state_machine::state test_state_1 ("test state 1", 1); diff --git a/gcc/analyzer/program-state.h b/gcc/analyzer/program-state.h index e0f4ee8..269ffde 100644 --- a/gcc/analyzer/program-state.h +++ b/gcc/analyzer/program-state.h @@ -30,13 +30,25 @@ namespace ana { class extrinsic_state { public: - extrinsic_state (auto_delete_vec <state_machine> &checkers, + extrinsic_state (std::vector<std::unique_ptr<state_machine>> &&checkers, engine *eng, logger *logger = NULL) - : m_checkers (checkers), m_logger (logger), m_engine (eng) + : m_checkers (std::move (checkers)), + m_logger (logger), + m_engine (eng) { } + // For use in selftests that use just one state machine + extrinsic_state (std::unique_ptr<state_machine> sm, + engine *eng, + logger *logger = NULL) + : m_logger (logger), + m_engine (eng) + { + m_checkers.push_back (std::move (sm)); + } + const state_machine &get_sm (int idx) const { return *m_checkers[idx]; @@ -47,7 +59,7 @@ public: return m_checkers[idx]->get_name (); } - unsigned get_num_checkers () const { return m_checkers.length (); } + unsigned get_num_checkers () const { return m_checkers.size (); } logger *get_logger () const { return m_logger; } @@ -64,7 +76,7 @@ public: private: /* The state machines. */ - auto_delete_vec <state_machine> &m_checkers; + std::vector<std::unique_ptr<state_machine>> m_checkers; logger *m_logger; engine *m_engine; @@ -242,12 +254,12 @@ public: void push_call (exploded_graph &eg, exploded_node *enode, - const gcall *call_stmt, + const gcall &call_stmt, uncertainty_t *uncertainty); void returning_call (exploded_graph &eg, exploded_node *enode, - const gcall *call_stmt, + const gcall &call_stmt, uncertainty_t *uncertainty); @@ -298,7 +310,7 @@ public: bool replay_call_summary (call_summary_replay &r, const program_state &summary); - void impl_call_analyzer_dump_state (const gcall *call, + void impl_call_analyzer_dump_state (const gcall &call, const extrinsic_state &ext_state, region_model_context *ctxt); diff --git a/gcc/analyzer/ranges.cc b/gcc/analyzer/ranges.cc index 4c63ecc..1a960fa 100644 --- a/gcc/analyzer/ranges.cc +++ b/gcc/analyzer/ranges.cc @@ -18,34 +18,13 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "tree.h" -#include "diagnostic-core.h" -#include "gimple-pretty-print.h" -#include "function.h" -#include "basic-block.h" -#include "gimple.h" -#include "gimple-iterator.h" -#include "diagnostic-core.h" -#include "graphviz.h" -#include "options.h" -#include "cgraph.h" -#include "tree-dfa.h" -#include "stringpool.h" -#include "convert.h" -#include "target.h" -#include "fold-const.h" -#include "tree-pretty-print.h" -#include "bitmap.h" -#include "analyzer/analyzer.h" -#include "analyzer/analyzer-logging.h" +#include "analyzer/common.h" + +#include "sbitmap.h" #include "ordered-hash-map.h" -#include "options.h" + +#include "analyzer/analyzer-logging.h" #include "analyzer/supergraph.h" -#include "sbitmap.h" #include "analyzer/call-string.h" #include "analyzer/program-point.h" #include "analyzer/store.h" @@ -53,7 +32,6 @@ along with GCC; see the file COPYING3. If not see #include "analyzer/constraint-manager.h" #include "analyzer/analyzer-selftests.h" #include "analyzer/ranges.h" -#include "make-unique.h" #if ENABLE_ANALYZER @@ -158,7 +136,7 @@ symbolic_byte_range::dump (bool simple, region_model_manager &mgr) const std::unique_ptr<json::value> symbolic_byte_range::to_json () const { - auto obj = ::make_unique<json::object> (); + auto obj = std::make_unique<json::object> (); obj->set ("start", m_start.to_json ()); obj->set ("size", m_size.to_json ()); return obj; diff --git a/gcc/analyzer/record-layout.cc b/gcc/analyzer/record-layout.cc index 2eb3444..aaf8ccd 100644 --- a/gcc/analyzer/record-layout.cc +++ b/gcc/analyzer/record-layout.cc @@ -18,18 +18,10 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "tree.h" -#include "function.h" -#include "basic-block.h" -#include "gimple.h" -#include "diagnostic-core.h" -#include "diagnostic.h" +#include "analyzer/common.h" + #include "tree-diagnostic.h" -#include "analyzer/analyzer.h" + #include "analyzer/record-layout.h" #if ENABLE_ANALYZER diff --git a/gcc/analyzer/region-model-asm.cc b/gcc/analyzer/region-model-asm.cc index 0da5cc5..7d7e3b9 100644 --- a/gcc/analyzer/region-model-asm.cc +++ b/gcc/analyzer/region-model-asm.cc @@ -18,26 +18,16 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "tree.h" -#include "function.h" -#include "basic-block.h" -#include "gimple.h" -#include "gimple-iterator.h" -#include "diagnostic-core.h" -#include "pretty-print.h" -#include "analyzer/analyzer.h" +#include "analyzer/common.h" + +#include "stmt.h" + #include "analyzer/analyzer-logging.h" -#include "options.h" #include "analyzer/call-string.h" #include "analyzer/program-point.h" #include "analyzer/store.h" #include "analyzer/region-model.h" #include "analyzer/region-model-reachability.h" -#include "stmt.h" #if ENABLE_ANALYZER diff --git a/gcc/analyzer/region-model-manager.cc b/gcc/analyzer/region-model-manager.cc index dfce420..df92503 100644 --- a/gcc/analyzer/region-model-manager.cc +++ b/gcc/analyzer/region-model-manager.cc @@ -18,34 +18,16 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "tree.h" -#include "diagnostic-core.h" -#include "gimple-pretty-print.h" -#include "function.h" -#include "basic-block.h" -#include "gimple.h" -#include "gimple-iterator.h" -#include "diagnostic-core.h" -#include "graphviz.h" -#include "options.h" -#include "cgraph.h" -#include "tree-dfa.h" -#include "stringpool.h" -#include "convert.h" -#include "target.h" +#include "analyzer/common.h" + #include "fold-const.h" -#include "tree-pretty-print.h" -#include "bitmap.h" -#include "analyzer/analyzer.h" -#include "analyzer/analyzer-logging.h" #include "ordered-hash-map.h" #include "options.h" #include "analyzer/supergraph.h" #include "sbitmap.h" +#include "target.h" + +#include "analyzer/analyzer-logging.h" #include "analyzer/call-string.h" #include "analyzer/program-point.h" #include "analyzer/store.h" @@ -325,7 +307,7 @@ region_model_manager::get_or_create_initial_value (const region *reg, bool check_poisoned) { if (!reg->can_have_initial_svalue_p () && check_poisoned) - return get_or_create_poisoned_svalue (POISON_KIND_UNINIT, + return get_or_create_poisoned_svalue (poison_kind::uninit, reg->get_type ()); /* The initial value of a cast is a cast of the initial value. */ @@ -962,6 +944,12 @@ region_model_manager::maybe_fold_sub_svalue (tree type, if (!parent_svalue->can_have_associated_state_p ()) return get_or_create_unknown_svalue (type); + /* If we have a subvalue of a zero constant, it's zero. */ + if (tree cst = parent_svalue->maybe_get_constant ()) + if (TREE_CODE (cst) == INTEGER_CST) + if (zerop (cst)) + return get_or_create_cast (type, parent_svalue); + /* If we have a subregion of a zero-fill, it's zero. */ if (const unaryop_svalue *unary = parent_svalue->dyn_cast_unaryop_svalue ()) diff --git a/gcc/analyzer/region-model-reachability.cc b/gcc/analyzer/region-model-reachability.cc index 4799ba8..d3bfeb7 100644 --- a/gcc/analyzer/region-model-reachability.cc +++ b/gcc/analyzer/region-model-reachability.cc @@ -18,37 +18,18 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "tree.h" -#include "function.h" -#include "basic-block.h" -#include "gimple.h" -#include "gimple-iterator.h" -#include "diagnostic-core.h" -#include "graphviz.h" -#include "options.h" -#include "cgraph.h" -#include "tree-dfa.h" -#include "stringpool.h" -#include "convert.h" -#include "target.h" -#include "fold-const.h" -#include "tree-pretty-print.h" -#include "bitmap.h" -#include "analyzer/analyzer.h" -#include "analyzer/analyzer-logging.h" +#include "analyzer/common.h" + #include "ordered-hash-map.h" -#include "options.h" +#include "diagnostic.h" +#include "tree-diagnostic.h" + +#include "analyzer/analyzer-logging.h" #include "analyzer/call-string.h" #include "analyzer/program-point.h" #include "analyzer/store.h" #include "analyzer/region-model.h" #include "analyzer/region-model-reachability.h" -#include "diagnostic.h" -#include "tree-diagnostic.h" #if ENABLE_ANALYZER diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc index 84b81e9..1ee882c 100644 --- a/gcc/analyzer/region-model.cc +++ b/gcc/analyzer/region-model.cc @@ -18,70 +18,53 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" #define INCLUDE_ALGORITHM -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "make-unique.h" -#include "tree.h" -#include "function.h" -#include "basic-block.h" -#include "gimple.h" -#include "gimple-iterator.h" -#include "diagnostic-core.h" -#include "graphviz.h" +#include "analyzer/common.h" + +#include "ordered-hash-map.h" #include "options.h" #include "cgraph.h" -#include "tree-dfa.h" +#include "cfg.h" +#include "sbitmap.h" +#include "diagnostic-event-id.h" +#include "stor-layout.h" #include "stringpool.h" -#include "convert.h" +#include "attribs.h" +#include "tree-object-size.h" +#include "gimple-ssa.h" +#include "tree-phinodes.h" +#include "tree-ssa-operands.h" +#include "ssa-iterators.h" #include "target.h" -#include "fold-const.h" +#include "calls.h" +#include "is-a.h" +#include "gcc-rich-location.h" +#include "gcc-urlifier.h" +#include "diagnostic-format-sarif.h" #include "tree-pretty-print.h" -#include "diagnostic-color.h" -#include "bitmap.h" -#include "selftest.h" +#include "fold-const.h" #include "selftest-tree.h" -#include "analyzer/analyzer.h" + +#include "text-art/tree-widget.h" + #include "analyzer/analyzer-logging.h" -#include "ordered-hash-map.h" -#include "options.h" -#include "cgraph.h" -#include "cfg.h" #include "analyzer/supergraph.h" -#include "sbitmap.h" #include "analyzer/call-string.h" #include "analyzer/program-point.h" #include "analyzer/store.h" #include "analyzer/region-model.h" #include "analyzer/constraint-manager.h" -#include "diagnostic-event-id.h" -#include "analyzer/sm.h" -#include "diagnostic-event-id.h" #include "analyzer/sm.h" #include "analyzer/pending-diagnostic.h" #include "analyzer/region-model-reachability.h" #include "analyzer/analyzer-selftests.h" #include "analyzer/program-state.h" #include "analyzer/call-summary.h" -#include "stor-layout.h" -#include "attribs.h" -#include "tree-object-size.h" -#include "gimple-ssa.h" -#include "tree-phinodes.h" -#include "tree-ssa-operands.h" -#include "ssa-iterators.h" -#include "calls.h" -#include "is-a.h" -#include "gcc-rich-location.h" #include "analyzer/checker-event.h" #include "analyzer/checker-path.h" #include "analyzer/feasible-graph.h" #include "analyzer/record-layout.h" -#include "diagnostic-format-sarif.h" -#include "text-art/tree-widget.h" -#include "gcc-urlifier.h" +#include "analyzer/function-set.h" #if ENABLE_ANALYZER @@ -235,7 +218,7 @@ region_to_value_map::dump (bool simple) const std::unique_ptr<json::object> region_to_value_map::to_json () const { - auto map_obj = ::make_unique<json::object> (); + auto map_obj = std::make_unique<json::object> (); auto_vec<const region *> regs; for (iterator iter = begin (); iter != end (); ++iter) @@ -332,12 +315,97 @@ region_to_value_map::purge_state_involving (const svalue *sval) m_hash_map.remove (iter); } +// struct exception_node + +bool +exception_node::operator== (const exception_node &other) const +{ + return (m_exception_sval == other.m_exception_sval + && m_typeinfo_sval == other.m_typeinfo_sval + && m_destructor_sval == other.m_destructor_sval); +} + +void +exception_node::dump_to_pp (pretty_printer *pp, + bool simple) const +{ + pp_printf (pp, "{exception: "); + m_exception_sval->dump_to_pp (pp, simple); + pp_string (pp, ", typeinfo: "); + m_typeinfo_sval->dump_to_pp (pp, simple); + pp_string (pp, ", destructor: "); + m_destructor_sval->dump_to_pp (pp, simple); + pp_string (pp, "}"); +} + +void +exception_node::dump (FILE *fp, bool simple) const +{ + tree_dump_pretty_printer pp (fp); + dump_to_pp (&pp, simple); + pp_newline (&pp); +} + +/* Dump a multiline representation of this model to stderr. */ + +DEBUG_FUNCTION void +exception_node::dump (bool simple) const +{ + dump (stderr, simple); +} + +DEBUG_FUNCTION void +exception_node::dump () const +{ + text_art::dump (*this); +} + +std::unique_ptr<json::object> +exception_node::to_json () const +{ + auto obj = std::make_unique<json::object> (); + obj->set ("exception", m_exception_sval->to_json ()); + obj->set ("typeinfo", m_typeinfo_sval->to_json ()); + obj->set ("destructor", m_destructor_sval->to_json ()); + return obj; +} + +std::unique_ptr<text_art::tree_widget> +exception_node::make_dump_widget (const text_art::dump_widget_info &dwi) const +{ + using text_art::tree_widget; + std::unique_ptr<tree_widget> w + (tree_widget::from_fmt (dwi, nullptr, "Exception Node")); + + w->add_child (m_exception_sval->make_dump_widget (dwi, "exception")); + w->add_child (m_typeinfo_sval->make_dump_widget (dwi, "typeinfo")); + w->add_child (m_destructor_sval->make_dump_widget (dwi, "destructor")); + + return w; +} + +tree +exception_node::maybe_get_type () const +{ + return m_typeinfo_sval->maybe_get_type_from_typeinfo (); +} + +void +exception_node::add_to_reachable_regions (reachable_regions ®s) const +{ + regs.handle_sval (m_exception_sval); + regs.handle_sval (m_typeinfo_sval); + regs.handle_sval (m_destructor_sval); +} + /* class region_model. */ /* Ctor for region_model: construct an "empty" model. */ region_model::region_model (region_model_manager *mgr) : m_mgr (mgr), m_store (), m_current_frame (NULL), + m_thrown_exceptions_stack (), + m_caught_exceptions_stack (), m_dynamic_extents () { m_constraints = new constraint_manager (mgr); @@ -349,6 +417,8 @@ region_model::region_model (const region_model &other) : m_mgr (other.m_mgr), m_store (other.m_store), m_constraints (new constraint_manager (*other.m_constraints)), m_current_frame (other.m_current_frame), + m_thrown_exceptions_stack (other.m_thrown_exceptions_stack), + m_caught_exceptions_stack (other.m_caught_exceptions_stack), m_dynamic_extents (other.m_dynamic_extents) { } @@ -375,6 +445,9 @@ region_model::operator= (const region_model &other) m_current_frame = other.m_current_frame; + m_thrown_exceptions_stack = other.m_thrown_exceptions_stack; + m_caught_exceptions_stack = other.m_caught_exceptions_stack; + m_dynamic_extents = other.m_dynamic_extents; return *this; @@ -401,6 +474,11 @@ region_model::operator== (const region_model &other) const if (m_current_frame != other.m_current_frame) return false; + if (m_thrown_exceptions_stack != other.m_thrown_exceptions_stack) + return false; + if (m_caught_exceptions_stack != other.m_caught_exceptions_stack) + return false; + if (m_dynamic_extents != other.m_dynamic_extents) return false; @@ -427,7 +505,7 @@ void region_model::dump_to_pp (pretty_printer *pp, bool simple, bool multiline) const { - /* Dump stack. */ + /* Dump frame stack. */ pp_printf (pp, "stack depth: %i", get_stack_depth ()); if (multiline) pp_newline (pp); @@ -448,6 +526,50 @@ region_model::dump_to_pp (pretty_printer *pp, bool simple, if (!multiline) pp_string (pp, "}"); + /* Dump exception stacks. */ + if (m_thrown_exceptions_stack.size () > 0) + { + pp_printf (pp, "thrown exceptions: %i", (int)m_thrown_exceptions_stack.size ()); + if (multiline) + pp_newline (pp); + else + pp_string (pp, " {"); + for (size_t idx = 0; idx < m_thrown_exceptions_stack.size (); ++idx) + { + if (multiline) + pp_string (pp, " "); + else if (idx > 0) + pp_string (pp, ", "); + pp_printf (pp, "exception (index %i): ", (int)idx); + m_thrown_exceptions_stack[idx].dump_to_pp (pp, simple); + if (multiline) + pp_newline (pp); + } + if (!multiline) + pp_string (pp, "}"); + } + if (m_caught_exceptions_stack.size () > 0) + { + pp_printf (pp, "caught exceptions: %i", (int)m_caught_exceptions_stack.size ()); + if (multiline) + pp_newline (pp); + else + pp_string (pp, " {"); + for (size_t idx = 0; idx < m_caught_exceptions_stack.size (); ++idx) + { + if (multiline) + pp_string (pp, " "); + else if (idx > 0) + pp_string (pp, ", "); + pp_printf (pp, "exception (index %i): ", (int)idx); + m_caught_exceptions_stack[idx].dump_to_pp (pp, simple); + if (multiline) + pp_newline (pp); + } + if (!multiline) + pp_string (pp, "}"); + } + /* Dump store. */ if (!multiline) pp_string (pp, ", {"); @@ -515,11 +637,22 @@ region_model::debug () const std::unique_ptr<json::object> region_model::to_json () const { - auto model_obj = ::make_unique<json::object> (); + auto model_obj = std::make_unique<json::object> (); model_obj->set ("store", m_store.to_json ()); model_obj->set ("constraints", m_constraints->to_json ()); if (m_current_frame) model_obj->set ("current_frame", m_current_frame->to_json ()); + + auto thrown_exceptions_arr = std::make_unique<json::array> (); + for (auto &node : m_thrown_exceptions_stack) + thrown_exceptions_arr->append (node.to_json ()); + model_obj->set ("thrown_exception_stack", std::move (thrown_exceptions_arr)); + + auto caught_exceptions_arr = std::make_unique<json::array> (); + for (auto &node : m_caught_exceptions_stack) + caught_exceptions_arr->append (node.to_json ()); + model_obj->set ("caught_exception_stack", std::move (caught_exceptions_arr)); + model_obj->set ("dynamic_extents", m_dynamic_extents.to_json ()); return model_obj; } @@ -543,6 +676,26 @@ region_model::make_dump_widget (const text_art::dump_widget_info &dwi) const m_current_frame->dump_to_pp (pp, simple); model_widget->add_child (tree_widget::make (dwi, pp)); } + + if (m_thrown_exceptions_stack.size () > 0) + { + auto thrown_exceptions_widget + = tree_widget::make (dwi, "Thrown Exceptions"); + for (auto &thrown_exception : m_thrown_exceptions_stack) + thrown_exceptions_widget->add_child + (thrown_exception.make_dump_widget (dwi)); + model_widget->add_child (std::move (thrown_exceptions_widget)); + } + if (m_caught_exceptions_stack.size () > 0) + { + auto caught_exceptions_widget + = tree_widget::make (dwi, "Caught Exceptions"); + for (auto &caught_exception : m_caught_exceptions_stack) + caught_exceptions_widget->add_child + (caught_exception.make_dump_widget (dwi)); + model_widget->add_child (std::move (caught_exceptions_widget)); + } + model_widget->add_child (m_store.make_dump_widget (dwi, m_mgr->get_store_manager ())); @@ -606,7 +759,7 @@ public: bool use_of_uninit_p () const final override { - return m_pkind == POISON_KIND_UNINIT; + return m_pkind == poison_kind::uninit; } bool operator== (const poisoned_value_diagnostic &other) const @@ -622,12 +775,12 @@ public: { default: gcc_unreachable (); - case POISON_KIND_UNINIT: + case poison_kind::uninit: return OPT_Wanalyzer_use_of_uninitialized_value; - case POISON_KIND_FREED: - case POISON_KIND_DELETED: + case poison_kind::freed: + case poison_kind::deleted: return OPT_Wanalyzer_use_after_free; - case POISON_KIND_POPPED_STACK: + case poison_kind::popped_stack: return OPT_Wanalyzer_use_of_pointer_in_stale_stack_frame; } } @@ -640,28 +793,28 @@ public: { default: gcc_unreachable (); - case POISON_KIND_UNINIT: + case poison_kind::uninit: { ctxt.add_cwe (457); /* "CWE-457: Use of Uninitialized Variable". */ return ctxt.warn ("use of uninitialized value %qE", m_expr); } break; - case POISON_KIND_FREED: + case poison_kind::freed: { ctxt.add_cwe (416); /* "CWE-416: Use After Free". */ return ctxt.warn ("use after %<free%> of %qE", m_expr); } break; - case POISON_KIND_DELETED: + case poison_kind::deleted: { ctxt.add_cwe (416); /* "CWE-416: Use After Free". */ return ctxt.warn ("use after %<delete%> of %qE", m_expr); } break; - case POISON_KIND_POPPED_STACK: + case poison_kind::popped_stack: { /* TODO: which CWE? */ return ctxt.warn @@ -680,28 +833,28 @@ public: { default: gcc_unreachable (); - case POISON_KIND_UNINIT: + case poison_kind::uninit: { pp_printf (&pp, "use of uninitialized value %qE here", m_expr); return true; } - case POISON_KIND_FREED: + case poison_kind::freed: { pp_printf (&pp, "use after %<free%> of %qE here", m_expr); return true; } - case POISON_KIND_DELETED: + case poison_kind::deleted: { pp_printf (&pp, "use after %<delete%> of %qE here", m_expr); return true; } - case POISON_KIND_POPPED_STACK: + case poison_kind::popped_stack: { pp_printf (&pp, "dereferencing pointer %qE to within stale stack frame", @@ -956,10 +1109,10 @@ public: { if (reg == m_base_reg_a) emission_path.add_event - (make_unique<ptrdiff_region_creation_event> (loc_info, true)); + (std::make_unique<ptrdiff_region_creation_event> (loc_info, true)); else if (reg == m_base_reg_b) emission_path.add_event - (make_unique<ptrdiff_region_creation_event> (loc_info, false)); + (std::make_unique<ptrdiff_region_creation_event> (loc_info, false)); } bool @@ -1009,11 +1162,12 @@ check_for_invalid_ptrdiff (const gassign *assign, if (base_reg_b->get_kind () == RK_SYMBOLIC) return; - ctxt.warn (make_unique<undefined_ptrdiff_diagnostic> (assign, - sval_a, - sval_b, - base_reg_a, - base_reg_b)); + ctxt.warn + (std::make_unique<undefined_ptrdiff_diagnostic> (assign, + sval_a, + sval_b, + base_reg_a, + base_reg_b)); } /* If ASSIGN is a stmt that can be modelled via @@ -1192,13 +1346,13 @@ region_model::get_gassign_result (const gassign *assign, { if (tree_int_cst_sgn (rhs2_cst) < 0) ctxt->warn - (make_unique<shift_count_negative_diagnostic> + (std::make_unique<shift_count_negative_diagnostic> (assign, rhs2_cst)); else if (compare_tree_int (rhs2_cst, TYPE_PRECISION (TREE_TYPE (rhs1))) >= 0) ctxt->warn - (make_unique<shift_count_overflow_diagnostic> + (std::make_unique<shift_count_overflow_diagnostic> (assign, int (TYPE_PRECISION (TREE_TYPE (rhs1))), rhs2_cst)); @@ -1392,12 +1546,12 @@ region_model::check_for_poison (const svalue *sval, /* Ignore uninitialized uses of empty types; there's nothing to initialize. */ - if (pkind == POISON_KIND_UNINIT + if (pkind == poison_kind::uninit && sval->get_type () && is_empty_type (sval->get_type ())) return sval; - if (pkind == POISON_KIND_UNINIT) + if (pkind == poison_kind::uninit) if (const gimple *curr_stmt = ctxt->get_stmt ()) if (const gassign *assign_stmt = dyn_cast <const gassign *> (curr_stmt)) @@ -1418,7 +1572,7 @@ region_model::check_for_poison (const svalue *sval, the tree other than via the def stmts, using fixup_tree_for_diagnostic. */ tree diag_arg = fixup_tree_for_diagnostic (expr); - if (src_region == NULL && pkind == POISON_KIND_UNINIT) + if (src_region == NULL && pkind == poison_kind::uninit) src_region = get_region_for_poisoned_expr (expr); /* Can we reliably get the poisoned value from "expr"? @@ -1432,10 +1586,11 @@ region_model::check_for_poison (const svalue *sval, check_expr = expr; else check_expr = NULL; - if (ctxt->warn (make_unique<poisoned_value_diagnostic> (diag_arg, - pkind, - src_region, - check_expr))) + if (ctxt->warn + (std::make_unique<poisoned_value_diagnostic> (diag_arg, + pkind, + src_region, + check_expr))) { /* We only want to report use of a poisoned value at the first place it gets used; return an unknown value to avoid generating @@ -1570,13 +1725,15 @@ region_model::on_stmt_pre (const gimple *stmt, { switch (gimple_code (stmt)) { - default: - /* No-op for now. */ - break; - - case GIMPLE_DEBUG: - /* We should have stripped these out when building the supergraph. */ - gcc_unreachable (); + case GIMPLE_COND: + case GIMPLE_EH_DISPATCH: + case GIMPLE_GOTO: + case GIMPLE_LABEL: + case GIMPLE_NOP: + case GIMPLE_PREDICT: + case GIMPLE_RESX: + case GIMPLE_SWITCH: + /* No-ops here. */ break; case GIMPLE_ASSIGN: @@ -1601,7 +1758,7 @@ region_model::on_stmt_pre (const gimple *stmt, anything, for which we don't have a function body, or for which we don't know the fndecl. */ const gcall *call = as_a <const gcall *> (stmt); - *out_unknown_side_effects = on_call_pre (call, ctxt); + *out_unknown_side_effects = on_call_pre (*call, ctxt); } break; @@ -1611,6 +1768,13 @@ region_model::on_stmt_pre (const gimple *stmt, on_return (return_, ctxt); } break; + + /* We don't expect to see any other statement kinds in the analyzer. */ + case GIMPLE_DEBUG: // should have stripped these out when building the supergraph + default: + internal_error ("unexpected gimple stmt code: %qs", + gimple_code_name[gimple_code (stmt)]); + break; } } @@ -1689,7 +1853,7 @@ region_model::check_call_format_attr (const call_details &cd, }; call_arg_details arg_details (m_cd, m_fmt_param_idx); - add_note (make_unique<reason_format_attr> (arg_details)); + add_note (std::make_unique<reason_format_attr> (arg_details)); } private: const call_details &m_cd; @@ -1898,7 +2062,7 @@ region_model::get_known_function (enum internal_fn ifn) const attributes. */ const builtin_known_function * -region_model::get_builtin_kf (const gcall *call, +region_model::get_builtin_kf (const gcall &call, region_model_context *ctxt /* = NULL */) const { region_model *mut_this = const_cast <region_model *> (this); @@ -1913,6 +2077,170 @@ region_model::get_builtin_kf (const gcall *call, return NULL; } +/* Subclass of custom_edge_info for use by exploded_edges that represent + an exception being thrown from a call we don't have the code for. */ + +class exception_thrown_from_unrecognized_call : public custom_edge_info +{ +public: + exception_thrown_from_unrecognized_call (const gcall &call, + tree fndecl) + : m_call (call), + m_fndecl (fndecl) + { + } + + void print (pretty_printer *pp) const + { + if (m_fndecl) + pp_printf (pp, "if %qD throws an exception...", m_fndecl); + else + pp_printf (pp, "if the called function throws an exception..."); + }; + + bool + update_model (region_model *model, + const exploded_edge *, + region_model_context *ctxt) const final override + { + /* Allocate an exception and set it as the current exception. */ + const region *exception_reg + = model->get_or_create_region_for_heap_alloc + (nullptr, /* We don't know the size of the region. */ + ctxt); + + region_model_manager *mgr = model->get_manager (); + conjured_purge p (model, ctxt); + + /* The contents of the region are some conjured svalue. */ + const svalue *exception_sval + = mgr->get_or_create_conjured_svalue (NULL_TREE, + &m_call, + exception_reg, p, 0); + model->set_value (exception_reg, exception_sval, ctxt); + const svalue *exception_ptr_sval + = mgr->get_ptr_svalue (ptr_type_node, exception_reg); + const svalue *tinfo_sval + = mgr->get_or_create_conjured_svalue (ptr_type_node, + &m_call, + exception_reg, p, 1); + const svalue *destructor_sval + = mgr->get_or_create_conjured_svalue (ptr_type_node, + &m_call, + exception_reg, p, 2); + + /* Push a new exception_node on the model's thrown exception stack. */ + exception_node eh_node (exception_ptr_sval, tinfo_sval, destructor_sval); + model->push_thrown_exception (eh_node); + + return true; + } + + void + add_events_to_path (checker_path *emission_path, + const exploded_edge &eedge) const final override + { + const exploded_node *dst_node = eedge.m_dest; + const program_point &dst_point = dst_node->get_point (); + const int dst_stack_depth = dst_point.get_stack_depth (); + + emission_path->add_event + (std::make_unique<throw_from_call_to_external_fn_event> + (event_loc_info (m_call.location, + dst_point.get_fndecl (), + dst_stack_depth), + dst_node, + m_call, + m_fndecl)); + } + + exploded_node * + create_enode (exploded_graph &eg, + const program_point &point, + program_state &&state, + exploded_node *enode_for_diag, + region_model_context *ctxt) const final override + { + exploded_node *thrown_enode + = eg.get_or_create_node (point, state, enode_for_diag, + /* Don't add to worklist. */ + false); + if (!thrown_enode) + return nullptr; + + /* Add successor edges for thrown_enode "by hand" for the exception. */ + eg.unwind_from_exception (*thrown_enode, + &m_call, + ctxt); + return thrown_enode; + } + +private: + const gcall &m_call; + tree m_fndecl; // could be null +}; + +/* Get a set of functions that are assumed to not throw exceptions. */ + +static function_set +get_fns_assumed_not_to_throw () +{ + // TODO: populate this list more fully + static const char * const fn_names[] = { + /* This array must be kept sorted. */ + + "fclose" + }; + const size_t count = ARRAY_SIZE (fn_names); + function_set fs (fn_names, count); + return fs; +} + +/* Return true if CALL could throw an exception. + FNDECL could be NULL_TREE. */ + +static bool +can_throw_p (const gcall &call, tree fndecl) +{ + if (!flag_exceptions) + return false; + + if (gimple_call_nothrow_p (&call)) + return false; + + if (fndecl) + { + const function_set fs = get_fns_assumed_not_to_throw (); + if (fs.contains_decl_p (fndecl)) + return false; + } + + return true; +} + +/* Given CALL where we don't know what code is being called + (by not having the body of FNDECL, or having NULL_TREE for FNDECL), + potentially bifurcate control flow to simulate the call throwing + an exception. */ + +void +region_model::check_for_throw_inside_call (const gcall &call, + tree fndecl, + region_model_context *ctxt) +{ + if (!ctxt) + return; + + /* Could this function throw an exception? + If so, add an extra e-edge for that. */ + if (!can_throw_p (call, fndecl)) + return; + + auto throws_exception + = std::make_unique<exception_thrown_from_unrecognized_call> (call, fndecl); + ctxt->bifurcate (std::move (throws_exception)); +} + /* Update this model for the CALL stmt, using CTXT to report any diagnostics - the first half. @@ -1925,7 +2253,7 @@ region_model::get_builtin_kf (const gcall *call, fndecl it is). */ bool -region_model::on_call_pre (const gcall *call, region_model_context *ctxt) +region_model::on_call_pre (const gcall &call, region_model_context *ctxt) { call_details cd (call, this, ctxt); @@ -1935,8 +2263,8 @@ region_model::on_call_pre (const gcall *call, region_model_context *ctxt) Handle IFN_DEFERRED_INIT by treating it as no-op: don't touch the lhs of the call, so that it is still uninitialized from the point of view of the analyzer. */ - if (gimple_call_internal_p (call) - && gimple_call_internal_fn (call) == IFN_DEFERRED_INIT) + if (gimple_call_internal_p (&call) + && gimple_call_internal_fn (&call) == IFN_DEFERRED_INIT) return false; /* No side effects. */ /* Get svalues for all of the arguments at the callsite, to ensure that we @@ -1948,9 +2276,9 @@ region_model::on_call_pre (const gcall *call, region_model_context *ctxt) tree callee_fndecl = get_fndecl_for_call (call, ctxt); - if (gimple_call_internal_p (call)) + if (gimple_call_internal_p (&call)) if (const known_function *kf - = get_known_function (gimple_call_internal_fn (call))) + = get_known_function (gimple_call_internal_fn (&call))) { kf->impl_call_pre (cd); return false; /* No further side effects. */ @@ -1958,6 +2286,7 @@ region_model::on_call_pre (const gcall *call, region_model_context *ctxt) if (!callee_fndecl) { + check_for_throw_inside_call (call, NULL_TREE, ctxt); cd.set_any_lhs_with_defaults (); return true; /* Unknown side effects. */ } @@ -1978,7 +2307,10 @@ region_model::on_call_pre (const gcall *call, region_model_context *ctxt) return true; /* Unknown side effects. */ if (!fndecl_has_gimple_body_p (callee_fndecl)) - return true; /* Unknown side effects. */ + { + check_for_throw_inside_call (call, callee_fndecl, ctxt); + return true; /* Unknown side effects. */ + } return false; /* No side effects. */ } @@ -1994,7 +2326,7 @@ region_model::on_call_pre (const gcall *call, region_model_context *ctxt) to purge state. */ void -region_model::on_call_post (const gcall *call, +region_model::on_call_post (const gcall &call, bool unknown_side_effects, region_model_context *ctxt) { @@ -2102,12 +2434,11 @@ private: attribute. */ void -region_model::check_function_attr_access (const gcall *call, +region_model::check_function_attr_access (const gcall &call, tree callee_fndecl, region_model_context *ctxt, rdwr_map &rdwr_idx) const { - gcc_assert (call); gcc_assert (callee_fndecl); gcc_assert (ctxt); @@ -2145,8 +2476,8 @@ region_model::check_function_attr_access (const gcall *call, } void add_annotations () final override { - add_note (make_unique<reason_attr_access> - (m_callee_fndecl, m_access)); + add_note (std::make_unique<reason_attr_access> + (m_callee_fndecl, m_access)); } private: tree m_callee_fndecl; @@ -2157,7 +2488,7 @@ region_model::check_function_attr_access (const gcall *call, note added to them. */ annotating_ctxt my_ctxt (callee_fndecl, *access, ctxt); - tree ptr_tree = gimple_call_arg (call, access->ptrarg); + tree ptr_tree = gimple_call_arg (&call, access->ptrarg); const svalue *ptr_sval = get_rvalue (ptr_tree, &my_ctxt); const region *reg = deref_rvalue (ptr_sval, ptr_tree, &my_ctxt); check_region_for_write (reg, nullptr, &my_ctxt); @@ -2171,13 +2502,12 @@ region_model::check_function_attr_access (const gcall *call, void region_model:: -check_one_function_attr_null_terminated_string_arg (const gcall *call, +check_one_function_attr_null_terminated_string_arg (const gcall &call, tree callee_fndecl, region_model_context *ctxt, rdwr_map &rdwr_idx, tree attr) { - gcc_assert (call); gcc_assert (callee_fndecl); gcc_assert (ctxt); gcc_assert (attr); @@ -2245,12 +2575,11 @@ check_one_function_attr_null_terminated_string_arg (const gcall *call, void region_model:: -check_function_attr_null_terminated_string_arg (const gcall *call, +check_function_attr_null_terminated_string_arg (const gcall &call, tree callee_fndecl, region_model_context *ctxt, rdwr_map &rdwr_idx) { - gcc_assert (call); gcc_assert (callee_fndecl); gcc_assert (ctxt); @@ -2275,11 +2604,10 @@ check_function_attr_null_terminated_string_arg (const gcall *call, function attributes, complaining to CTXT about any issues. */ void -region_model::check_function_attrs (const gcall *call, +region_model::check_function_attrs (const gcall &call, tree callee_fndecl, region_model_context *ctxt) { - gcc_assert (call); gcc_assert (callee_fndecl); gcc_assert (ctxt); @@ -2310,7 +2638,7 @@ region_model::check_function_attrs (const gcall *call, from their values, and from values that point to them. */ void -region_model::handle_unrecognized_call (const gcall *call, +region_model::handle_unrecognized_call (const gcall &call, region_model_context *ctxt) { tree fndecl = get_fndecl_for_call (call, ctxt); @@ -2331,7 +2659,8 @@ region_model::handle_unrecognized_call (const gcall *call, tree iter_param_types = NULL_TREE; if (fndecl) iter_param_types = TYPE_ARG_TYPES (TREE_TYPE (fndecl)); - for (unsigned arg_idx = 0; arg_idx < gimple_call_num_args (call); arg_idx++) + for (unsigned arg_idx = 0; arg_idx < gimple_call_num_args (&call); + arg_idx++) { /* Track expected param type, where available. */ tree param_type = NULL_TREE; @@ -2342,7 +2671,7 @@ region_model::handle_unrecognized_call (const gcall *call, iter_param_types = TREE_CHAIN (iter_param_types); } - tree parm = gimple_call_arg (call, arg_idx); + tree parm = gimple_call_arg (&call, arg_idx); const svalue *parm_sval = get_rvalue (parm, ctxt); reachable_regs.handle_parm (parm_sval, param_type); } @@ -2466,11 +2795,11 @@ region_model::on_return (const greturn *return_stmt, region_model_context *ctxt) 0), as opposed to any second return due to longjmp/sigsetjmp. */ void -region_model::on_setjmp (const gcall *call, const exploded_node *enode, +region_model::on_setjmp (const gcall &call, const exploded_node *enode, region_model_context *ctxt) { - const svalue *buf_ptr = get_rvalue (gimple_call_arg (call, 0), ctxt); - const region *buf_reg = deref_rvalue (buf_ptr, gimple_call_arg (call, 0), + const svalue *buf_ptr = get_rvalue (gimple_call_arg (&call, 0), ctxt); + const region *buf_reg = deref_rvalue (buf_ptr, gimple_call_arg (&call, 0), ctxt); /* Create a setjmp_svalue for this call and store it in BUF_REG's @@ -2484,7 +2813,7 @@ region_model::on_setjmp (const gcall *call, const exploded_node *enode, } /* Direct calls to setjmp return 0. */ - if (tree lhs = gimple_call_lhs (call)) + if (tree lhs = gimple_call_lhs (&call)) { const svalue *new_sval = m_mgr->get_or_create_int_cst (TREE_TYPE (lhs), 0); @@ -2499,11 +2828,11 @@ region_model::on_setjmp (const gcall *call, const exploded_node *enode, done, and should be done by the caller. */ void -region_model::on_longjmp (const gcall *longjmp_call, const gcall *setjmp_call, +region_model::on_longjmp (const gcall &longjmp_call, const gcall &setjmp_call, int setjmp_stack_depth, region_model_context *ctxt) { /* Evaluate the val, using the frame of the "longjmp". */ - tree fake_retval = gimple_call_arg (longjmp_call, 1); + tree fake_retval = gimple_call_arg (&longjmp_call, 1); const svalue *fake_retval_sval = get_rvalue (fake_retval, ctxt); /* Pop any frames until we reach the stack depth of the function where @@ -2515,7 +2844,7 @@ region_model::on_longjmp (const gcall *longjmp_call, const gcall *setjmp_call, gcc_assert (get_stack_depth () == setjmp_stack_depth); /* Assign to LHS of "setjmp" in new_state. */ - if (tree lhs = gimple_call_lhs (setjmp_call)) + if (tree lhs = gimple_call_lhs (&setjmp_call)) { /* Passing 0 as the val to longjmp leads to setjmp returning 1. */ const svalue *zero_sval @@ -3092,7 +3421,7 @@ region_model::deref_rvalue (const svalue *ptr_sval, tree ptr_tree, const poisoned_svalue *poisoned_sval = as_a <const poisoned_svalue *> (ptr_sval); enum poison_kind pkind = poisoned_sval->get_poison_kind (); - ctxt->warn (::make_unique<poisoned_value_diagnostic> + ctxt->warn (std::make_unique<poisoned_value_diagnostic> (ptr, pkind, nullptr, nullptr)); } } @@ -3263,16 +3592,18 @@ region_model::check_for_writable_region (const region* dest_reg, { const function_region *func_reg = as_a <const function_region *> (base_reg); tree fndecl = func_reg->get_fndecl (); - ctxt->warn (make_unique<write_to_const_diagnostic> - (func_reg, fndecl)); + ctxt->warn + (std::make_unique<write_to_const_diagnostic> + (func_reg, fndecl)); } break; case RK_LABEL: { const label_region *label_reg = as_a <const label_region *> (base_reg); tree label = label_reg->get_label (); - ctxt->warn (make_unique<write_to_const_diagnostic> - (label_reg, label)); + ctxt->warn + (std::make_unique<write_to_const_diagnostic> + (label_reg, label)); } break; case RK_DECL: @@ -3285,11 +3616,13 @@ region_model::check_for_writable_region (const region* dest_reg, "this" param is "T* const"). */ if (TREE_READONLY (decl) && is_global_var (decl)) - ctxt->warn (make_unique<write_to_const_diagnostic> (dest_reg, decl)); + ctxt->warn + (std::make_unique<write_to_const_diagnostic> (dest_reg, decl)); } break; case RK_STRING: - ctxt->warn (make_unique<write_to_string_literal_diagnostic> (dest_reg)); + ctxt->warn + (std::make_unique<write_to_string_literal_diagnostic> (dest_reg)); break; } } @@ -3367,10 +3700,10 @@ region_model::check_region_access (const region *reg, { default: gcc_unreachable (); - case DIR_READ: + case access_direction::read: /* Currently a no-op. */ break; - case DIR_WRITE: + case access_direction::write: check_for_writable_region (reg, ctxt); break; } @@ -3384,7 +3717,7 @@ region_model::check_region_for_write (const region *dest_reg, const svalue *sval_hint, region_model_context *ctxt) const { - check_region_access (dest_reg, DIR_WRITE, sval_hint, ctxt); + check_region_access (dest_reg, access_direction::write, sval_hint, ctxt); } /* If CTXT is non-NULL, use it to warn about any problems reading from REG. @@ -3394,7 +3727,7 @@ bool region_model::check_region_for_read (const region *src_reg, region_model_context *ctxt) const { - return check_region_access (src_reg, DIR_READ, NULL, ctxt); + return check_region_access (src_reg, access_direction::read, NULL, ctxt); } /* Concrete subclass for casts of pointers that lead to trailing bytes. */ @@ -3491,7 +3824,8 @@ public: checker_path &emission_path) final override { emission_path.add_event - (make_unique<region_creation_event_allocation_size> (capacity, loc_info)); + (std::make_unique<region_creation_event_allocation_size> + (capacity, loc_info)); m_has_allocation_event = true; } @@ -3827,9 +4161,10 @@ region_model::check_region_size (const region *lhs_reg, const svalue *rhs_sval, if (TREE_CODE (cst_cap) == INTEGER_CST && !capacity_compatible_with_type (cst_cap, pointee_size_tree, is_struct)) - ctxt->warn (make_unique <dubious_allocation_size> (lhs_reg, rhs_reg, - capacity, cst_cap, - ctxt->get_stmt ())); + ctxt->warn + (std::make_unique <dubious_allocation_size> (lhs_reg, rhs_reg, + capacity, cst_cap, + ctxt->get_stmt ())); } break; default: @@ -3841,10 +4176,11 @@ region_model::check_region_size (const region *lhs_reg, const svalue *rhs_sval, m_constraints)) { tree expr = get_representative_tree (capacity); - ctxt->warn (make_unique <dubious_allocation_size> (lhs_reg, - rhs_reg, - capacity, expr, - ctxt->get_stmt ())); + ctxt->warn + (std::make_unique <dubious_allocation_size> (lhs_reg, + rhs_reg, + capacity, expr, + ctxt->get_stmt ())); } } break; @@ -4637,9 +4973,11 @@ region_model::check_for_null_terminated_string_arg (const call_details &cd, m_cd.get_model ()->get_current_function ()->decl, m_cd.get_model ()->get_stack_depth ()); - add_event (make_unique<null_terminator_check_event> (loc_info, - arg_details)); - add_note (make_unique <null_terminator_check_decl_note> (arg_details)); + add_event + (std::make_unique<null_terminator_check_event> (loc_info, + arg_details)); + add_note + (std::make_unique <null_terminator_check_decl_note> (arg_details)); } private: const call_details &m_cd; @@ -5385,7 +5723,7 @@ region_model::add_constraint (tree lhs, enum tree_code op, tree rhs, { bool sat = add_constraint (lhs, op, rhs, ctxt); if (!sat && out) - *out = make_unique <rejected_op_constraint> (*this, lhs, op, rhs); + *out = std::make_unique <rejected_op_constraint> (*this, lhs, op, rhs); return sat; } @@ -5885,17 +6223,22 @@ region_model::maybe_update_for_edge (const superedge &edge, ctxt, out); } + if (const geh_dispatch *eh_dispatch_stmt + = dyn_cast <const geh_dispatch *> (last_stmt)) + { + const eh_dispatch_cfg_superedge *eh_dispatch_cfg_sedge + = as_a <const eh_dispatch_cfg_superedge *> (&edge); + return apply_constraints_for_eh_dispatch (*eh_dispatch_cfg_sedge, + eh_dispatch_stmt, + ctxt, out); + } + if (const ggoto *goto_stmt = dyn_cast <const ggoto *> (last_stmt)) { const cfg_superedge *cfg_sedge = as_a <const cfg_superedge *> (&edge); return apply_constraints_for_ggoto (*cfg_sedge, goto_stmt, ctxt); } - /* Apply any constraints due to an exception being thrown. */ - if (const cfg_superedge *cfg_sedge = dyn_cast <const cfg_superedge *> (&edge)) - if (cfg_sedge->get_flags () & EDGE_EH) - return apply_constraints_for_exception (last_stmt, ctxt, out); - return true; } @@ -5905,29 +6248,29 @@ region_model::maybe_update_for_edge (const superedge &edge, caller's frame. */ void -region_model::update_for_gcall (const gcall *call_stmt, +region_model::update_for_gcall (const gcall &call_stmt, region_model_context *ctxt, function *callee) { /* Build a vec of argument svalues, using the current top frame for resolving tree expressions. */ - auto_vec<const svalue *> arg_svals (gimple_call_num_args (call_stmt)); + auto_vec<const svalue *> arg_svals (gimple_call_num_args (&call_stmt)); - for (unsigned i = 0; i < gimple_call_num_args (call_stmt); i++) + for (unsigned i = 0; i < gimple_call_num_args (&call_stmt); i++) { - tree arg = gimple_call_arg (call_stmt, i); + tree arg = gimple_call_arg (&call_stmt, i); arg_svals.quick_push (get_rvalue (arg, ctxt)); } if(!callee) { /* Get the function * from the gcall. */ - tree fn_decl = get_fndecl_for_call (call_stmt,ctxt); + tree fn_decl = get_fndecl_for_call (call_stmt, ctxt); callee = DECL_STRUCT_FUNCTION (fn_decl); } gcc_assert (callee); - push_frame (*callee, &arg_svals, ctxt); + push_frame (*callee, &call_stmt, &arg_svals, ctxt); } /* Pop the top-most frame_region from the stack, and copy the return @@ -5935,14 +6278,14 @@ region_model::update_for_gcall (const gcall *call_stmt, the call (if any). */ void -region_model::update_for_return_gcall (const gcall *call_stmt, +region_model::update_for_return_gcall (const gcall &call_stmt, region_model_context *ctxt) { /* Get the lvalue for the result of the call, passing it to pop_frame, so that pop_frame can determine the region with respect to the *caller* frame. */ - tree lhs = gimple_call_lhs (call_stmt); - pop_frame (lhs, NULL, ctxt, call_stmt); + tree lhs = gimple_call_lhs (&call_stmt); + pop_frame (lhs, NULL, ctxt, &call_stmt); } /* Extract calling information from the superedge and update the model for the @@ -5952,7 +6295,7 @@ void region_model::update_for_call_superedge (const call_superedge &call_edge, region_model_context *ctxt) { - const gcall *call_stmt = call_edge.get_call_stmt (); + const gcall &call_stmt = call_edge.get_call_stmt (); update_for_gcall (call_stmt, ctxt, call_edge.get_callee_function ()); } @@ -5963,7 +6306,7 @@ void region_model::update_for_return_superedge (const return_superedge &return_edge, region_model_context *ctxt) { - const gcall *call_stmt = return_edge.get_call_stmt (); + const gcall &call_stmt = return_edge.get_call_stmt (); update_for_return_gcall (call_stmt, ctxt); } @@ -6156,7 +6499,7 @@ apply_constraints_for_gswitch (const switch_cfg_superedge &edge, && !ctxt->possibly_tainted_p (index_sval)) { if (out) - *out = make_unique <rejected_default_case> (*this); + *out = std::make_unique <rejected_default_case> (*this); return false; } @@ -6165,12 +6508,180 @@ apply_constraints_for_gswitch (const switch_cfg_superedge &edge, = ranges_mgr->get_or_create_ranges_for_switch (&edge, switch_stmt); bool sat = m_constraints->add_bounded_ranges (index_sval, all_cases_ranges); if (!sat && out) - *out = make_unique <rejected_ranges_constraint> (*this, index, all_cases_ranges); + *out = std::make_unique <rejected_ranges_constraint> + (*this, index, all_cases_ranges); if (sat && ctxt && !all_cases_ranges->empty_p ()) ctxt->on_bounded_ranges (*index_sval, *all_cases_ranges); return sat; } +class rejected_eh_dispatch : public rejected_constraint +{ +public: + rejected_eh_dispatch (const region_model &model) + : rejected_constraint (model) + {} + + void dump_to_pp (pretty_printer *pp) const final override + { + pp_printf (pp, "rejected_eh_dispatch"); + } +}; + +static bool +exception_matches_type_p (tree exception_type, + tree catch_type) +{ + if (catch_type == exception_type) + return true; + + /* TODO (PR analyzer/119697): we should also handle subclasses etc; + see the rules in https://en.cppreference.com/w/cpp/language/catch + + It looks like we should be calling (or emulating) + can_convert_eh from the C++ FE, but that's specific to the C++ FE. */ + + return false; +} + +static bool +matches_any_exception_type_p (eh_catch ehc, tree exception_type) +{ + if (ehc->type_list == NULL_TREE) + /* All exceptions are caught here. */ + return true; + + for (tree iter = ehc->type_list; iter; iter = TREE_CHAIN (iter)) + if (exception_matches_type_p (TREE_VALUE (iter), + exception_type)) + return true; + return false; +} + +bool +region_model:: +apply_constraints_for_eh_dispatch (const eh_dispatch_cfg_superedge &edge, + const geh_dispatch *, + region_model_context *ctxt, + std::unique_ptr<rejected_constraint> *out) +{ + const exception_node *current_node = get_current_thrown_exception (); + gcc_assert (current_node); + tree curr_exception_type = current_node->maybe_get_type (); + if (!curr_exception_type) + /* We don't know the specific type. */ + return true; + + return edge.apply_constraints (this, ctxt, curr_exception_type, out); +} + +bool +region_model:: +apply_constraints_for_eh_dispatch_try (const eh_dispatch_try_cfg_superedge &edge, + region_model_context */*ctxt*/, + tree exception_type, + std::unique_ptr<rejected_constraint> *out) +{ + /* TODO: can we rely on this ordering? + or do we need to iterate through prev_catch ? */ + /* The exception must not match any of the previous edges. */ + for (auto sibling_sedge : edge.m_src->m_succs) + { + if (sibling_sedge == &edge) + break; + + const eh_dispatch_try_cfg_superedge *sibling_eh_sedge + = as_a <const eh_dispatch_try_cfg_superedge *> (sibling_sedge); + if (eh_catch ehc = sibling_eh_sedge->get_eh_catch ()) + if (matches_any_exception_type_p (ehc, exception_type)) + { + /* The earlier sibling matches, so the "unhandled" edge is + not taken. */ + if (out) + *out = std::make_unique<rejected_eh_dispatch> (*this); + return false; + } + } + + if (eh_catch ehc = edge.get_eh_catch ()) + { + /* We have an edge that tried to match one or more types. */ + + /* The exception must not match any of the previous edges. */ + + /* It must match this type. */ + if (matches_any_exception_type_p (ehc, exception_type)) + return true; + else + { + /* Exception type doesn't match. */ + if (out) + *out = std::make_unique<rejected_eh_dispatch> (*this); + return false; + } + } + else + { + /* This is the "unhandled exception" edge. + If we get here then no sibling edges matched; + we will follow this edge. */ + return true; + } +} + +bool +region_model:: +apply_constraints_for_eh_dispatch_allowed (const eh_dispatch_allowed_cfg_superedge &edge, + region_model_context */*ctxt*/, + tree exception_type, + std::unique_ptr<rejected_constraint> *out) +{ + auto curr_thrown_exception_node = get_current_thrown_exception (); + gcc_assert (curr_thrown_exception_node); + tree curr_exception_type = curr_thrown_exception_node->maybe_get_type (); + eh_region eh_reg = edge.get_eh_region (); + tree type_list = eh_reg->u.allowed.type_list; + + switch (edge.get_eh_kind ()) + { + default: + gcc_unreachable (); + case eh_dispatch_allowed_cfg_superedge::eh_kind::expected: + if (!curr_exception_type) + { + /* We don't know the specific type; + assume we have one of an expected type. */ + return true; + } + for (tree iter = type_list; iter; iter = TREE_CHAIN (iter)) + if (exception_matches_type_p (TREE_VALUE (iter), + exception_type)) + return true; + if (out) + *out = std::make_unique<rejected_eh_dispatch> (*this); + return false; + + case eh_dispatch_allowed_cfg_superedge::eh_kind::unexpected: + if (!curr_exception_type) + { + /* We don't know the specific type; + assume we don't have one of an expected type. */ + if (out) + *out = std::make_unique<rejected_eh_dispatch> (*this); + return false; + } + for (tree iter = type_list; iter; iter = TREE_CHAIN (iter)) + if (exception_matches_type_p (TREE_VALUE (iter), + exception_type)) + { + if (out) + *out = std::make_unique<rejected_eh_dispatch> (*this); + return false; + } + return true; + } +} + /* Given an edge reached by GOTO_STMT, determine appropriate constraints for the edge to be taken. @@ -6202,38 +6713,6 @@ region_model::apply_constraints_for_ggoto (const cfg_superedge &edge, return true; } -/* Apply any constraints due to an exception being thrown at LAST_STMT. - - If they are feasible, add the constraints and return true. - - Return false if the constraints contradict existing knowledge - (and so the edge should not be taken). - When returning false, if OUT is non-NULL, write a new rejected_constraint - to it. */ - -bool -region_model:: -apply_constraints_for_exception (const gimple *last_stmt, - region_model_context *ctxt, - std::unique_ptr<rejected_constraint> *out) -{ - gcc_assert (last_stmt); - if (const gcall *call = dyn_cast <const gcall *> (last_stmt)) - if (tree callee_fndecl = get_fndecl_for_call (call, ctxt)) - if (is_named_call_p (callee_fndecl, "operator new", call, 1) - || is_named_call_p (callee_fndecl, "operator new []", call, 1)) - { - /* We have an exception thrown from operator new. - Add a constraint that the result was NULL, to avoid a false - leak report due to the result being lost when following - the EH edge. */ - if (tree lhs = gimple_call_lhs (call)) - return add_constraint (lhs, EQ_EXPR, null_pointer_node, ctxt, out); - return true; - } - return true; -} - /* For use with push_frame when handling a top-level call within the analysis. PARAM has a defined but unknown initial value. Anything it points to has escaped, since the calling context "knows" @@ -6265,6 +6744,10 @@ region_model::on_top_level_param (tree param, /* Update this region_model to reflect pushing a frame onto the stack for a call to FUN. + If CALL_STMT is non-NULL, this is for the interprocedural case where + we already have an execution path into the caller. It can be NULL for + top-level entrypoints into the analysis, or in selftests. + If ARG_SVALS is non-NULL, use it to populate the parameters in the new frame. Otherwise, the params have their initial_svalues. @@ -6273,14 +6756,32 @@ region_model::on_top_level_param (tree param, const region * region_model::push_frame (const function &fun, + const gcall *call_stmt, const vec<const svalue *> *arg_svals, region_model_context *ctxt) { - m_current_frame = m_mgr->get_frame_region (m_current_frame, fun); + tree fndecl = fun.decl; if (arg_svals) { + /* If the result of the callee is DECL_BY_REFERENCE, then + we'll need to store a reference to the caller's lhs of + CALL_STMT within callee's result. + If so, determine the region of CALL_STMT's lhs within + the caller's frame before updating m_current_frame. */ + const region *caller_return_by_reference_reg = nullptr; + if (tree result = DECL_RESULT (fndecl)) + if (DECL_BY_REFERENCE (result)) + { + gcc_assert (call_stmt); + tree lhs = gimple_call_lhs (call_stmt); + gcc_assert (lhs); + caller_return_by_reference_reg = get_lvalue (lhs, ctxt); + } + + /* Update m_current_frame. */ + m_current_frame = m_mgr->get_frame_region (m_current_frame, fun); + /* Arguments supplied from a caller frame. */ - tree fndecl = fun.decl; unsigned idx = 0; for (tree iter_parm = DECL_ARGUMENTS (fndecl); iter_parm; iter_parm = DECL_CHAIN (iter_parm), ++idx) @@ -6308,13 +6809,39 @@ region_model::push_frame (const function &fun, va_arg_idx); set_value (var_arg_reg, arg_sval, ctxt); } + + /* If the result of the callee is DECL_BY_REFERENCE, then above + we should have determined the region within the + caller's frame that the callee will be writing back to. + Use this now to initialize the reference in callee's frame. */ + if (tree result = DECL_RESULT (fndecl)) + if (DECL_BY_REFERENCE (result)) + { + /* Get reference to the caller lhs. */ + gcc_assert (caller_return_by_reference_reg); + const svalue *ref_sval + = m_mgr->get_ptr_svalue (TREE_TYPE (result), + caller_return_by_reference_reg); + + /* Get region for default val of DECL_RESULT within the + callee. */ + tree result_default_ssa = get_ssa_default_def (fun, result); + gcc_assert (result_default_ssa); + const region *callee_result_reg + = get_lvalue (result_default_ssa, ctxt); + + /* Set the callee's reference to refer to the caller's lhs. */ + set_value (callee_result_reg, ref_sval, ctxt); + } } else { /* Otherwise we have a top-level call within the analysis. The params have defined but unknown initial values. Anything they point to has escaped. */ - tree fndecl = fun.decl; + + /* Update m_current_frame. */ + m_current_frame = m_mgr->get_frame_region (m_current_frame, fun); /* Handle "__attribute__((nonnull))". */ tree fntype = TREE_TYPE (fndecl); @@ -6382,7 +6909,7 @@ public: {} std::unique_ptr<stmt_finder> clone () const override { - return ::make_unique<my_finder> (m_call_stmt, m_caller_frame); + return std::make_unique<my_finder> (m_call_stmt, m_caller_frame); } const gimple *find_stmt (const exploded_path &) override { @@ -6433,7 +6960,7 @@ private: Purge the frame region and all its descendent regions. Convert any pointers that point into such regions into - POISON_KIND_POPPED_STACK svalues. */ + poison_kind::popped_stack svalues. */ void region_model::pop_frame (tree result_lvalue, @@ -6467,7 +6994,11 @@ region_model::pop_frame (tree result_lvalue, /* Pop the frame. */ m_current_frame = m_current_frame->get_calling_frame (); - if (result_lvalue && retval) + if (result_lvalue + && retval + /* Don't write back for DECL_BY_REFERENCE; the writes + should have happened within the callee already. */ + && !DECL_BY_REFERENCE (result)) { gcc_assert (eval_return_svalue); @@ -6483,7 +7014,7 @@ region_model::pop_frame (tree result_lvalue, set_value (result_dst_reg, retval, call_stmt ? &caller_ctxt : ctxt); } - unbind_region_and_descendents (frame_reg,POISON_KIND_POPPED_STACK); + unbind_region_and_descendents (frame_reg,poison_kind::popped_stack); notify_on_pop_frame (this, &pre_popped_model, retval, ctxt); } @@ -6640,6 +7171,14 @@ region_model::can_merge_with_p (const region_model &other_model, for (auto iter : m.m_svals_changing_meaning) out_model->m_constraints->purge_state_involving (iter); + if (m_thrown_exceptions_stack != other_model.m_thrown_exceptions_stack) + return false; + out_model->m_thrown_exceptions_stack = m_thrown_exceptions_stack; + + if (m_caught_exceptions_stack != other_model.m_caught_exceptions_stack) + return false; + out_model->m_caught_exceptions_stack = m_caught_exceptions_stack; + return true; } @@ -6647,10 +7186,10 @@ region_model::can_merge_with_p (const region_model &other_model, otherwise. */ tree -region_model::get_fndecl_for_call (const gcall *call, +region_model::get_fndecl_for_call (const gcall &call, region_model_context *ctxt) { - tree fn_ptr = gimple_call_fn (call); + tree fn_ptr = gimple_call_fn (&call); if (fn_ptr == NULL_TREE) return NULL_TREE; const svalue *fn_ptr_sval = get_rvalue (fn_ptr, ctxt); @@ -6825,7 +7364,7 @@ region_model::check_dynamic_size_for_floats (const svalue *size_in_bytes, if (const svalue *float_sval = v.get_svalue_to_report ()) { tree diag_arg = get_representative_tree (float_sval); - ctxt->warn (make_unique<float_as_size_arg> (diag_arg)); + ctxt->warn (std::make_unique<float_as_size_arg> (diag_arg)); } } @@ -6894,6 +7433,12 @@ region_model::get_referenced_base_regions (auto_bitmap &out_ids) const reachable_regs.add (base_reg, false); } + for (auto &eh_node : m_thrown_exceptions_stack) + eh_node.add_to_reachable_regions (reachable_regs); + for (auto &eh_node : m_caught_exceptions_stack) + eh_node.add_to_reachable_regions (reachable_regs); + + bitmap_clear (out_ids); for (auto iter_reg : reachable_regs) bitmap_set_bit (out_ids, iter_reg->get_id ()); @@ -7077,7 +7622,7 @@ private: { const poisoned_svalue *poisoned_sval = as_a <const poisoned_svalue *> (m_copied_sval); - gcc_assert (poisoned_sval->get_poison_kind () == POISON_KIND_UNINIT); + gcc_assert (poisoned_sval->get_poison_kind () == poison_kind::uninit); /* Give up if don't have type information. */ if (m_copied_sval->get_type () == NULL_TREE) @@ -7102,7 +7647,7 @@ private: const svalue *sval = iter.second; if (const poisoned_svalue *psval = sval->dyn_cast_poisoned_svalue ()) - if (psval->get_poison_kind () == POISON_KIND_UNINIT) + if (psval->get_poison_kind () == poison_kind::uninit) { const binding_key *key = iter.first; const concrete_binding *ckey @@ -7154,7 +7699,7 @@ private: const svalue *sval = iter.second; if (const poisoned_svalue *psval = sval->dyn_cast_poisoned_svalue ()) - if (psval->get_poison_kind () == POISON_KIND_UNINIT) + if (psval->get_poison_kind () == poison_kind::uninit) { const binding_key *key = iter.first; const concrete_binding *ckey @@ -7171,8 +7716,7 @@ private: tree type = m_copied_sval->get_type (); if (type && TREE_CODE (type) == RECORD_TYPE) { - // (std::make_unique is C++14) - layout = std::unique_ptr<record_layout> (new record_layout (type)); + layout = std::make_unique<record_layout> (type); if (0) layout->dump (); @@ -7358,7 +7902,7 @@ contains_uninit_p (const svalue *sval) { const poisoned_svalue *psval = as_a <const poisoned_svalue *> (sval); - return psval->get_poison_kind () == POISON_KIND_UNINIT; + return psval->get_poison_kind () == poison_kind::uninit; } case SK_COMPOUND: { @@ -7370,7 +7914,7 @@ contains_uninit_p (const svalue *sval) const svalue *sval = iter.second; if (const poisoned_svalue *psval = sval->dyn_cast_poisoned_svalue ()) - if (psval->get_poison_kind () == POISON_KIND_UNINIT) + if (psval->get_poison_kind () == poison_kind::uninit) return true; } @@ -7397,9 +7941,10 @@ region_model::maybe_complain_about_infoleak (const region *dst_reg, { /* Check for exposure. */ if (contains_uninit_p (copied_sval)) - ctxt->warn (make_unique<exposure_through_uninit_copy> (src_reg, - dst_reg, - copied_sval)); + ctxt->warn + (std::make_unique<exposure_through_uninit_copy> (src_reg, + dst_reg, + copied_sval)); } /* Set errno to a positive symbolic int, as if some error has occurred. */ @@ -7411,7 +7956,7 @@ region_model::set_errno (const call_details &cd) conjured_purge p (this, cd.get_ctxt ()); const svalue *new_errno_sval = m_mgr->get_or_create_conjured_svalue (integer_type_node, - cd.get_call_stmt (), + &cd.get_call_stmt (), errno_reg, p); const svalue *zero = m_mgr->get_or_create_int_cst (integer_type_node, 0); @@ -8432,7 +8977,7 @@ test_stack_frames () /* Push stack frame for "parent_fn". */ const region *parent_frame_reg = model.push_frame (*DECL_STRUCT_FUNCTION (parent_fndecl), - NULL, &ctxt); + nullptr, nullptr, &ctxt); ASSERT_EQ (model.get_current_frame (), parent_frame_reg); ASSERT_TRUE (model.region_exists_p (parent_frame_reg)); const region *a_in_parent_reg = model.get_lvalue (a, &ctxt); @@ -8447,7 +8992,8 @@ test_stack_frames () /* Push stack frame for "child_fn". */ const region *child_frame_reg - = model.push_frame (*DECL_STRUCT_FUNCTION (child_fndecl), NULL, &ctxt); + = model.push_frame (*DECL_STRUCT_FUNCTION (child_fndecl), + nullptr, nullptr, &ctxt); ASSERT_EQ (model.get_current_frame (), child_frame_reg); ASSERT_TRUE (model.region_exists_p (child_frame_reg)); const region *x_in_child_reg = model.get_lvalue (x, &ctxt); @@ -8488,7 +9034,7 @@ test_stack_frames () const svalue *new_p_sval = model.get_rvalue (p, NULL); ASSERT_EQ (new_p_sval->get_kind (), SK_POISONED); ASSERT_EQ (new_p_sval->dyn_cast_poisoned_svalue ()->get_poison_kind (), - POISON_KIND_POPPED_STACK); + poison_kind::popped_stack); /* Verify that q still points to p, in spite of the region renumbering. */ @@ -8540,7 +9086,8 @@ test_get_representative_path_var () for (int depth = 0; depth < 5; depth++) { const region *frame_n_reg - = model.push_frame (*DECL_STRUCT_FUNCTION (fndecl), NULL, &ctxt); + = model.push_frame (*DECL_STRUCT_FUNCTION (fndecl), + nullptr, nullptr, &ctxt); const region *parm_n_reg = model.get_lvalue (path_var (n, depth), &ctxt); parm_regs.safe_push (parm_n_reg); @@ -8786,9 +9333,11 @@ test_state_merging () region_model model0 (&mgr); region_model model1 (&mgr); ASSERT_EQ (model0.get_stack_depth (), 0); - model0.push_frame (*DECL_STRUCT_FUNCTION (test_fndecl), NULL, &ctxt); + model0.push_frame (*DECL_STRUCT_FUNCTION (test_fndecl), + nullptr, nullptr, &ctxt); ASSERT_EQ (model0.get_stack_depth (), 1); - model1.push_frame (*DECL_STRUCT_FUNCTION (test_fndecl), NULL, &ctxt); + model1.push_frame (*DECL_STRUCT_FUNCTION (test_fndecl), + nullptr, nullptr, &ctxt); placeholder_svalue test_sval (mgr.alloc_symbol_id (), integer_type_node, "test sval"); @@ -8880,7 +9429,8 @@ test_state_merging () /* Pointers: non-NULL and non-NULL: ptr to a local. */ { region_model model0 (&mgr); - model0.push_frame (*DECL_STRUCT_FUNCTION (test_fndecl), NULL, NULL); + model0.push_frame (*DECL_STRUCT_FUNCTION (test_fndecl), + nullptr, nullptr, nullptr); model0.set_value (model0.get_lvalue (p, NULL), model0.get_rvalue (addr_of_a, NULL), NULL); @@ -9019,12 +9569,14 @@ test_state_merging () frame points to a local in a more recent stack frame. */ { region_model model0 (&mgr); - model0.push_frame (*DECL_STRUCT_FUNCTION (test_fndecl), NULL, NULL); + model0.push_frame (*DECL_STRUCT_FUNCTION (test_fndecl), + nullptr, nullptr, nullptr); const region *q_in_first_frame = model0.get_lvalue (q, NULL); /* Push a second frame. */ const region *reg_2nd_frame - = model0.push_frame (*DECL_STRUCT_FUNCTION (test_fndecl), NULL, NULL); + = model0.push_frame (*DECL_STRUCT_FUNCTION (test_fndecl), + nullptr, nullptr, nullptr); /* Have a pointer in the older frame point to a local in the more recent frame. */ @@ -9051,7 +9603,8 @@ test_state_merging () /* Verify that we can merge a model in which a local points to a global. */ { region_model model0 (&mgr); - model0.push_frame (*DECL_STRUCT_FUNCTION (test_fndecl), NULL, NULL); + model0.push_frame (*DECL_STRUCT_FUNCTION (test_fndecl), + nullptr, nullptr, nullptr); model0.set_value (model0.get_lvalue (q, NULL), model0.get_rvalue (addr_of_y, NULL), NULL); @@ -9583,7 +10136,7 @@ test_alloca () /* Push stack frame. */ const region *frame_reg = model.push_frame (*DECL_STRUCT_FUNCTION (fndecl), - NULL, &ctxt); + nullptr, nullptr, &ctxt); /* "p = alloca (n * 4);". */ const svalue *size_sval = model.get_rvalue (n_times_4, &ctxt); const region *reg = model.create_region_for_alloca (size_sval, &ctxt); diff --git a/gcc/analyzer/region-model.h b/gcc/analyzer/region-model.h index d8e508d..2c7f737 100644 --- a/gcc/analyzer/region-model.h +++ b/gcc/analyzer/region-model.h @@ -250,6 +250,41 @@ typedef void (*pop_frame_callback) (const region_model *model, const svalue *retval, region_model_context *ctxt); +/* Roughly equivalent to a struct __cxa_exception, except we store a std::vector + rather than a linked list. */ + +struct exception_node +{ + exception_node (const svalue *exception_sval, + const svalue *typeinfo_sval, + const svalue *destructor_sval) + : m_exception_sval (exception_sval), + m_typeinfo_sval (typeinfo_sval), + m_destructor_sval (destructor_sval) + { + } + + bool operator== (const exception_node &other) const; + + void dump_to_pp (pretty_printer *pp, bool simple) const; + void dump (FILE *fp, bool simple) const; + void dump (bool simple) const; + void dump () const; + + std::unique_ptr<json::object> to_json () const; + + std::unique_ptr<text_art::tree_widget> + make_dump_widget (const text_art::dump_widget_info &dwi) const; + + tree maybe_get_type () const; + + void add_to_reachable_regions (reachable_regions &) const; + + const svalue *m_exception_sval; + const svalue *m_typeinfo_sval; + const svalue *m_destructor_sval; +}; + /* A region_model encapsulates a representation of the state of memory, with a tree of regions, along with their associated values. The representation is graph-like because values can be pointers to @@ -305,8 +340,8 @@ class region_model const svalue *get_gassign_result (const gassign *assign, region_model_context *ctxt); void on_asm_stmt (const gasm *asm_stmt, region_model_context *ctxt); - bool on_call_pre (const gcall *stmt, region_model_context *ctxt); - void on_call_post (const gcall *stmt, + bool on_call_pre (const gcall &stmt, region_model_context *ctxt); + void on_call_post (const gcall &stmt, bool unknown_side_effects, region_model_context *ctxt); @@ -323,16 +358,16 @@ class region_model bool unmergeable); void update_for_nonzero_return (const call_details &cd); - void handle_unrecognized_call (const gcall *call, + void handle_unrecognized_call (const gcall &call, region_model_context *ctxt); void get_reachable_svalues (svalue_set *out, const svalue *extra_sval, const uncertainty_t *uncertainty); void on_return (const greturn *stmt, region_model_context *ctxt); - void on_setjmp (const gcall *stmt, const exploded_node *enode, + void on_setjmp (const gcall &stmt, const exploded_node *enode, region_model_context *ctxt); - void on_longjmp (const gcall *longjmp_call, const gcall *setjmp_call, + void on_longjmp (const gcall &longjmp_call, const gcall &setjmp_call, int setjmp_stack_depth, region_model_context *ctxt); void update_for_phis (const supernode *snode, @@ -349,14 +384,16 @@ class region_model region_model_context *ctxt, std::unique_ptr<rejected_constraint> *out); - void update_for_gcall (const gcall *call_stmt, + void update_for_gcall (const gcall &call_stmt, region_model_context *ctxt, function *callee = NULL); - void update_for_return_gcall (const gcall *call_stmt, + void update_for_return_gcall (const gcall &call_stmt, region_model_context *ctxt); - const region *push_frame (const function &fun, const vec<const svalue *> *arg_sids, + const region *push_frame (const function &fun, + const gcall *call_stmt, + const vec<const svalue *> *arg_sids, region_model_context *ctxt); const frame_region *get_current_frame () const { return m_current_frame; } const function *get_current_function () const; @@ -484,7 +521,7 @@ class region_model const program_state *state_a = NULL, const program_state *state_b = NULL) const; - tree get_fndecl_for_call (const gcall *call, + tree get_fndecl_for_call (const gcall &call, region_model_context *ctxt); void get_regions_for_current_frame (auto_vec<const decl_region *> *out) const; @@ -562,7 +599,7 @@ class region_model const svalue **out_sval) const; const builtin_known_function * - get_builtin_kf (const gcall *call, + get_builtin_kf (const gcall &call, region_model_context *ctxt = NULL) const; static void @@ -583,6 +620,56 @@ class region_model bool called_from_main_p () const; + void push_thrown_exception (const exception_node &node) + { + m_thrown_exceptions_stack.push_back (node); + } + const exception_node *get_current_thrown_exception () const + { + if (m_thrown_exceptions_stack.empty ()) + return nullptr; + return &m_thrown_exceptions_stack.back (); + } + exception_node pop_thrown_exception () + { + gcc_assert (!m_thrown_exceptions_stack.empty ()); + const exception_node retval = m_thrown_exceptions_stack.back (); + m_thrown_exceptions_stack.pop_back (); + return retval; + } + + void push_caught_exception (const exception_node &node) + { + m_caught_exceptions_stack.push_back (node); + } + const exception_node *get_current_caught_exception () const + { + if (m_caught_exceptions_stack.empty ()) + return nullptr; + return &m_caught_exceptions_stack.back (); + } + exception_node pop_caught_exception () + { + gcc_assert (!m_caught_exceptions_stack.empty ()); + const exception_node retval = m_caught_exceptions_stack.back (); + m_caught_exceptions_stack.pop_back (); + return retval; + } + + bool + apply_constraints_for_eh_dispatch_try + (const eh_dispatch_try_cfg_superedge &edge, + region_model_context *ctxt, + tree exception_type, + std::unique_ptr<rejected_constraint> *out); + + bool + apply_constraints_for_eh_dispatch_allowed + (const eh_dispatch_allowed_cfg_superedge &edge, + region_model_context *ctxt, + tree exception_type, + std::unique_ptr<rejected_constraint> *out); + private: const region *get_lvalue_1 (path_var pv, region_model_context *ctxt) const; const svalue *get_rvalue_1 (path_var pv, region_model_context *ctxt) const; @@ -621,9 +708,12 @@ private: bool apply_constraints_for_ggoto (const cfg_superedge &edge, const ggoto *goto_stmt, region_model_context *ctxt); - bool apply_constraints_for_exception (const gimple *last_stmt, - region_model_context *ctxt, - std::unique_ptr<rejected_constraint> *out); + + bool + apply_constraints_for_eh_dispatch (const eh_dispatch_cfg_superedge &edge, + const geh_dispatch *eh_dispatch_stmt, + region_model_context *ctxt, + std::unique_ptr<rejected_constraint> *out); int poison_any_pointers_to_descendents (const region *reg, enum poison_kind pkind); @@ -672,23 +762,27 @@ private: void check_call_args (const call_details &cd) const; void check_call_format_attr (const call_details &cd, tree format_attr) const; - void check_function_attr_access (const gcall *call, + void check_function_attr_access (const gcall &call, tree callee_fndecl, region_model_context *ctxt, rdwr_map &rdwr_idx) const; - void check_function_attr_null_terminated_string_arg (const gcall *call, + void check_function_attr_null_terminated_string_arg (const gcall &call, tree callee_fndecl, region_model_context *ctxt, rdwr_map &rdwr_idx); - void check_one_function_attr_null_terminated_string_arg (const gcall *call, + void check_one_function_attr_null_terminated_string_arg (const gcall &call, tree callee_fndecl, region_model_context *ctxt, rdwr_map &rdwr_idx, tree attr); - void check_function_attrs (const gcall *call, + void check_function_attrs (const gcall &call, tree callee_fndecl, region_model_context *ctxt); + void check_for_throw_inside_call (const gcall &call, + tree fndecl, + region_model_context *ctxt); + static auto_vec<pop_frame_callback> pop_frame_callbacks; /* Storing this here to avoid passing it around everywhere. */ region_model_manager *const m_mgr; @@ -699,6 +793,9 @@ private: const frame_region *m_current_frame; + std::vector<exception_node> m_thrown_exceptions_stack; + std::vector<exception_node> m_caught_exceptions_stack; + /* Map from base region to size in bytes, for tracking the sizes of dynamically-allocated regions. This is part of the region_model rather than the region to allow for diff --git a/gcc/analyzer/region.cc b/gcc/analyzer/region.cc index d464153..efbbca0 100644 --- a/gcc/analyzer/region.cc +++ b/gcc/analyzer/region.cc @@ -18,38 +18,19 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "tree.h" -#include "diagnostic-core.h" -#include "gimple-pretty-print.h" -#include "function.h" -#include "basic-block.h" -#include "gimple.h" -#include "gimple-iterator.h" -#include "diagnostic-core.h" -#include "graphviz.h" -#include "options.h" -#include "cgraph.h" -#include "tree-dfa.h" -#include "stringpool.h" -#include "convert.h" -#include "target.h" -#include "fold-const.h" -#include "tree-pretty-print.h" -#include "diagnostic-color.h" -#include "bitmap.h" -#include "analyzer/analyzer.h" -#include "analyzer/analyzer-logging.h" +#include "analyzer/common.h" + #include "ordered-hash-map.h" #include "options.h" #include "cgraph.h" #include "cfg.h" #include "digraph.h" -#include "analyzer/supergraph.h" #include "sbitmap.h" +#include "fold-const.h" +#include "tree-ssa.h" + +#include "analyzer/analyzer-logging.h" +#include "analyzer/supergraph.h" #include "analyzer/call-string.h" #include "analyzer/program-point.h" #include "analyzer/store.h" @@ -58,7 +39,6 @@ along with GCC; see the file COPYING3. If not see #include "analyzer/sm.h" #include "analyzer/program-state.h" #include "text-art/dump.h" -#include "make-unique.h" #if ENABLE_ANALYZER @@ -567,15 +547,12 @@ region::can_have_initial_svalue_p () const case SSA_NAME: { + /* Some SSA names have an implicit default defined value. */ tree ssa_name = decl; - /* SSA names that are the default defn of a PARM_DECL - have initial_svalues; other SSA names don't. */ - if (SSA_NAME_IS_DEFAULT_DEF (ssa_name) - && SSA_NAME_VAR (ssa_name) - && TREE_CODE (SSA_NAME_VAR (ssa_name)) == PARM_DECL) - return true; - else - return false; + if (SSA_NAME_IS_DEFAULT_DEF (ssa_name)) + return ssa_defined_default_def_p (ssa_name); + /* Others don't. */ + return false; } } } @@ -1039,7 +1016,7 @@ std::unique_ptr<json::value> region::to_json () const { label_text desc = get_desc (true); - auto reg_js = ::make_unique<json::string> (desc.get ()); + auto reg_js = std::make_unique<json::string> (desc.get ()); return reg_js; } diff --git a/gcc/analyzer/sm-fd.cc b/gcc/analyzer/sm-fd.cc index e9016f1..cee8d2d 100644 --- a/gcc/analyzer/sm-fd.cc +++ b/gcc/analyzer/sm-fd.cc @@ -18,32 +18,21 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "make-unique.h" -#include "tree.h" -#include "function.h" -#include "basic-block.h" -#include "gimple.h" -#include "options.h" -#include "diagnostic-core.h" -#include "diagnostic-path.h" -#include "analyzer/analyzer.h" +#include "analyzer/common.h" + #include "diagnostic-event-id.h" +#include "stringpool.h" +#include "attribs.h" + #include "analyzer/analyzer-logging.h" #include "analyzer/sm.h" #include "analyzer/pending-diagnostic.h" #include "analyzer/function-set.h" #include "analyzer/analyzer-selftests.h" -#include "stringpool.h" -#include "attribs.h" #include "analyzer/call-string.h" #include "analyzer/program-point.h" #include "analyzer/store.h" #include "analyzer/region-model.h" -#include "bitmap.h" #include "analyzer/program-state.h" #include "analyzer/supergraph.h" #include "analyzer/analyzer-language.h" @@ -230,17 +219,17 @@ public: private: void on_open (sm_context &sm_ctxt, const supernode *node, const gimple *stmt, - const gcall *call) const; + const gcall &call) const; void on_creat (sm_context &sm_ctxt, const supernode *node, const gimple *stmt, - const gcall *call) const; + const gcall &call) const; void on_close (sm_context &sm_ctxt, const supernode *node, const gimple *stmt, - const gcall *call) const; + const gcall &call) const; void on_read (sm_context &sm_ctxt, const supernode *node, const gimple *stmt, - const gcall *call, const tree callee_fndecl) const; + const gcall &call, const tree callee_fndecl) const; void on_write (sm_context &sm_ctxt, const supernode *node, const gimple *stmt, - const gcall *call, const tree callee_fndecl) const; + const gcall &call, const tree callee_fndecl) const; void check_for_open_fd (sm_context &sm_ctxt, const supernode *node, - const gimple *stmt, const gcall *call, + const gimple *stmt, const gcall &call, const tree callee_fndecl, enum access_directions access_fn) const; @@ -253,11 +242,11 @@ private: const gimple *stmt, const svalue *lhs) const; void check_for_fd_attrs (sm_context &sm_ctxt, const supernode *node, - const gimple *stmt, const gcall *call, + const gimple *stmt, const gcall &call, const tree callee_fndecl, const char *attr_name, access_directions fd_attr_access_dir) const; void check_for_dup (sm_context &sm_ctxt, const supernode *node, - const gimple *stmt, const gcall *call, const tree callee_fndecl, + const gimple *stmt, const gcall &call, const tree callee_fndecl, enum dup kind) const; state_t get_state_for_socket_type (const svalue *socket_type_sval) const; @@ -1324,70 +1313,70 @@ fd_state_machine::on_stmt (sm_context &sm_ctxt, const supernode *node, const gimple *stmt) const { if (const gcall *call = dyn_cast<const gcall *> (stmt)) - if (tree callee_fndecl = sm_ctxt.get_fndecl_for_call (call)) + if (tree callee_fndecl = sm_ctxt.get_fndecl_for_call (*call)) { - if (is_named_call_p (callee_fndecl, "open", call, 2)) + if (is_named_call_p (callee_fndecl, "open", *call, 2)) { - on_open (sm_ctxt, node, stmt, call); + on_open (sm_ctxt, node, stmt, *call); return true; } // "open" - if (is_named_call_p (callee_fndecl, "creat", call, 2)) + if (is_named_call_p (callee_fndecl, "creat", *call, 2)) { - on_creat (sm_ctxt, node, stmt, call); + on_creat (sm_ctxt, node, stmt, *call); return true; } // "creat" - if (is_named_call_p (callee_fndecl, "close", call, 1)) + if (is_named_call_p (callee_fndecl, "close", *call, 1)) { - on_close (sm_ctxt, node, stmt, call); + on_close (sm_ctxt, node, stmt, *call); return true; } // "close" - if (is_named_call_p (callee_fndecl, "write", call, 3)) + if (is_named_call_p (callee_fndecl, "write", *call, 3)) { - on_write (sm_ctxt, node, stmt, call, callee_fndecl); + on_write (sm_ctxt, node, stmt, *call, callee_fndecl); return true; } // "write" - if (is_named_call_p (callee_fndecl, "read", call, 3)) + if (is_named_call_p (callee_fndecl, "read", *call, 3)) { - on_read (sm_ctxt, node, stmt, call, callee_fndecl); + on_read (sm_ctxt, node, stmt, *call, callee_fndecl); return true; } // "read" - if (is_named_call_p (callee_fndecl, "dup", call, 1)) + if (is_named_call_p (callee_fndecl, "dup", *call, 1)) { - check_for_dup (sm_ctxt, node, stmt, call, callee_fndecl, DUP_1); + check_for_dup (sm_ctxt, node, stmt, *call, callee_fndecl, DUP_1); return true; } - if (is_named_call_p (callee_fndecl, "dup2", call, 2)) + if (is_named_call_p (callee_fndecl, "dup2", *call, 2)) { - check_for_dup (sm_ctxt, node, stmt, call, callee_fndecl, DUP_2); + check_for_dup (sm_ctxt, node, stmt, *call, callee_fndecl, DUP_2); return true; } - if (is_named_call_p (callee_fndecl, "dup3", call, 3)) + if (is_named_call_p (callee_fndecl, "dup3", *call, 3)) { - check_for_dup (sm_ctxt, node, stmt, call, callee_fndecl, DUP_3); + check_for_dup (sm_ctxt, node, stmt, *call, callee_fndecl, DUP_3); return true; } { // Handle __attribute__((fd_arg)) - check_for_fd_attrs (sm_ctxt, node, stmt, call, callee_fndecl, + check_for_fd_attrs (sm_ctxt, node, stmt, *call, callee_fndecl, "fd_arg", DIRS_READ_WRITE); // Handle __attribute__((fd_arg_read)) - check_for_fd_attrs (sm_ctxt, node, stmt, call, callee_fndecl, + check_for_fd_attrs (sm_ctxt, node, stmt, *call, callee_fndecl, "fd_arg_read", DIRS_READ); // Handle __attribute__((fd_arg_write)) - check_for_fd_attrs (sm_ctxt, node, stmt, call, callee_fndecl, + check_for_fd_attrs (sm_ctxt, node, stmt, *call, callee_fndecl, "fd_arg_write", DIRS_WRITE); } } @@ -1398,7 +1387,7 @@ fd_state_machine::on_stmt (sm_context &sm_ctxt, const supernode *node, void fd_state_machine::check_for_fd_attrs ( sm_context &sm_ctxt, const supernode *node, const gimple *stmt, - const gcall *call, const tree callee_fndecl, const char *attr_name, + const gcall &call, const tree callee_fndecl, const char *attr_name, access_directions fd_attr_access_dir) const { /* Handle interesting fd attributes of the callee_fndecl, @@ -1431,9 +1420,9 @@ fd_state_machine::check_for_fd_attrs ( if (bitmap_empty_p (argmap)) return; - for (unsigned arg_idx = 0; arg_idx < gimple_call_num_args (call); arg_idx++) + for (unsigned arg_idx = 0; arg_idx < gimple_call_num_args (&call); arg_idx++) { - tree arg = gimple_call_arg (call, arg_idx); + tree arg = gimple_call_arg (&call, arg_idx); tree diag_arg = sm_ctxt.get_diagnostic_tree (arg); state_t state = sm_ctxt.get_state (stmt, arg); bool bit_set = bitmap_bit_p (argmap, arg_idx); @@ -1449,7 +1438,7 @@ fd_state_machine::check_for_fd_attrs ( { sm_ctxt.warn (node, stmt, arg, - make_unique<fd_use_after_close> + std::make_unique<fd_use_after_close> (*this, diag_arg, fndecl, attr_name, arg_idx)); @@ -1461,7 +1450,7 @@ fd_state_machine::check_for_fd_attrs ( if (!is_constant_fd_p (state)) { sm_ctxt.warn (node, stmt, arg, - make_unique<fd_use_without_check> + std::make_unique<fd_use_without_check> (*this, diag_arg, fndecl, attr_name, arg_idx)); @@ -1477,13 +1466,13 @@ fd_state_machine::check_for_fd_attrs ( if (is_writeonly_fd_p (state)) { - sm_ctxt.warn ( - node, stmt, arg, - make_unique<fd_access_mode_mismatch> (*this, diag_arg, - DIRS_WRITE, - fndecl, - attr_name, - arg_idx)); + sm_ctxt.warn + (node, stmt, arg, + std::make_unique<fd_access_mode_mismatch> (*this, diag_arg, + DIRS_WRITE, + fndecl, + attr_name, + arg_idx)); } break; @@ -1491,13 +1480,13 @@ fd_state_machine::check_for_fd_attrs ( if (is_readonly_fd_p (state)) { - sm_ctxt.warn ( - node, stmt, arg, - make_unique<fd_access_mode_mismatch> (*this, diag_arg, - DIRS_READ, - fndecl, - attr_name, - arg_idx)); + sm_ctxt.warn + (node, stmt, arg, + std::make_unique<fd_access_mode_mismatch> (*this, diag_arg, + DIRS_READ, + fndecl, + attr_name, + arg_idx)); } break; @@ -1509,12 +1498,12 @@ fd_state_machine::check_for_fd_attrs ( void fd_state_machine::on_open (sm_context &sm_ctxt, const supernode *node, - const gimple *stmt, const gcall *call) const + const gimple *stmt, const gcall &call) const { - tree lhs = gimple_call_lhs (call); + tree lhs = gimple_call_lhs (&call); if (lhs) { - tree arg = gimple_call_arg (call, 1); + tree arg = gimple_call_arg (&call, 1); enum access_mode mode = READ_WRITE; if (TREE_CODE (arg) == INTEGER_CST) { @@ -1539,29 +1528,29 @@ fd_state_machine::on_open (sm_context &sm_ctxt, const supernode *node, else { sm_ctxt.warn (node, stmt, NULL_TREE, - make_unique<fd_leak> (*this, NULL_TREE)); + std::make_unique<fd_leak> (*this, NULL_TREE)); } } void fd_state_machine::on_creat (sm_context &sm_ctxt, const supernode *node, - const gimple *stmt, const gcall *call) const + const gimple *stmt, const gcall &call) const { - tree lhs = gimple_call_lhs (call); + tree lhs = gimple_call_lhs (&call); if (lhs) sm_ctxt.on_transition (node, stmt, lhs, m_start, m_unchecked_write_only); else sm_ctxt.warn (node, stmt, NULL_TREE, - make_unique<fd_leak> (*this, NULL_TREE)); + std::make_unique<fd_leak> (*this, NULL_TREE)); } void fd_state_machine::check_for_dup (sm_context &sm_ctxt, const supernode *node, - const gimple *stmt, const gcall *call, + const gimple *stmt, const gcall &call, const tree callee_fndecl, enum dup kind) const { - tree lhs = gimple_call_lhs (call); - tree arg_1 = gimple_call_arg (call, 0); + tree lhs = gimple_call_lhs (&call); + tree arg_1 = gimple_call_arg (&call, 0); state_t state_arg_1 = sm_ctxt.get_state (stmt, arg_1); if (state_arg_1 == m_stop) return; @@ -1587,7 +1576,7 @@ fd_state_machine::check_for_dup (sm_context &sm_ctxt, const supernode *node, case DUP_2: case DUP_3: - tree arg_2 = gimple_call_arg (call, 1); + tree arg_2 = gimple_call_arg (&call, 1); state_t state_arg_2 = sm_ctxt.get_state (stmt, arg_2); tree diag_arg_2 = sm_ctxt.get_diagnostic_tree (arg_2); if (state_arg_2 == m_stop) @@ -1598,8 +1587,8 @@ fd_state_machine::check_for_dup (sm_context &sm_ctxt, const supernode *node, { sm_ctxt.warn ( node, stmt, arg_2, - make_unique<fd_use_without_check> (*this, diag_arg_2, - callee_fndecl)); + std::make_unique<fd_use_without_check> (*this, diag_arg_2, + callee_fndecl)); return; } /* dup2 returns value of its second argument on success.But, the @@ -1620,9 +1609,9 @@ fd_state_machine::check_for_dup (sm_context &sm_ctxt, const supernode *node, void fd_state_machine::on_close (sm_context &sm_ctxt, const supernode *node, - const gimple *stmt, const gcall *call) const + const gimple *stmt, const gcall &call) const { - tree arg = gimple_call_arg (call, 0); + tree arg = gimple_call_arg (&call, 0); state_t state = sm_ctxt.get_state (stmt, arg); tree diag_arg = sm_ctxt.get_diagnostic_tree (arg); @@ -1646,20 +1635,20 @@ fd_state_machine::on_close (sm_context &sm_ctxt, const supernode *node, if (is_closed_fd_p (state)) { sm_ctxt.warn (node, stmt, arg, - make_unique<fd_double_close> (*this, diag_arg)); + std::make_unique<fd_double_close> (*this, diag_arg)); sm_ctxt.set_next_state (stmt, arg, m_stop); } } void fd_state_machine::on_read (sm_context &sm_ctxt, const supernode *node, - const gimple *stmt, const gcall *call, + const gimple *stmt, const gcall &call, const tree callee_fndecl) const { check_for_open_fd (sm_ctxt, node, stmt, call, callee_fndecl, DIRS_READ); } void fd_state_machine::on_write (sm_context &sm_ctxt, const supernode *node, - const gimple *stmt, const gcall *call, + const gimple *stmt, const gcall &call, const tree callee_fndecl) const { check_for_open_fd (sm_ctxt, node, stmt, call, callee_fndecl, DIRS_WRITE); @@ -1668,18 +1657,18 @@ fd_state_machine::on_write (sm_context &sm_ctxt, const supernode *node, void fd_state_machine::check_for_open_fd ( sm_context &sm_ctxt, const supernode *node, const gimple *stmt, - const gcall *call, const tree callee_fndecl, + const gcall &call, const tree callee_fndecl, enum access_directions callee_fndecl_dir) const { - tree arg = gimple_call_arg (call, 0); + tree arg = gimple_call_arg (&call, 0); tree diag_arg = sm_ctxt.get_diagnostic_tree (arg); state_t state = sm_ctxt.get_state (stmt, arg); if (is_closed_fd_p (state)) { sm_ctxt.warn (node, stmt, arg, - make_unique<fd_use_after_close> (*this, diag_arg, - callee_fndecl)); + std::make_unique<fd_use_after_close> (*this, diag_arg, + callee_fndecl)); } else @@ -1690,10 +1679,10 @@ fd_state_machine::check_for_open_fd ( /* Complain about fncall on socket in wrong phase. */ sm_ctxt.warn (node, stmt, arg, - make_unique<fd_phase_mismatch> (*this, diag_arg, - callee_fndecl, - state, - EXPECTED_PHASE_CAN_TRANSFER)); + std::make_unique<fd_phase_mismatch> (*this, diag_arg, + callee_fndecl, + state, + EXPECTED_PHASE_CAN_TRANSFER)); else if (!(is_valid_fd_p (state) || state == m_new_datagram_socket || state == m_bound_unknown_socket @@ -1704,8 +1693,8 @@ fd_state_machine::check_for_open_fd ( if (!is_constant_fd_p (state)) sm_ctxt.warn ( node, stmt, arg, - make_unique<fd_use_without_check> (*this, diag_arg, - callee_fndecl)); + std::make_unique<fd_use_without_check> (*this, diag_arg, + callee_fndecl)); } switch (callee_fndecl_dir) { @@ -1716,8 +1705,8 @@ fd_state_machine::check_for_open_fd ( { tree diag_arg = sm_ctxt.get_diagnostic_tree (arg); sm_ctxt.warn (node, stmt, arg, - make_unique<fd_access_mode_mismatch> ( - *this, diag_arg, DIRS_WRITE, callee_fndecl)); + std::make_unique<fd_access_mode_mismatch> + (*this, diag_arg, DIRS_WRITE, callee_fndecl)); } break; @@ -1727,8 +1716,8 @@ fd_state_machine::check_for_open_fd ( { tree diag_arg = sm_ctxt.get_diagnostic_tree (arg); sm_ctxt.warn (node, stmt, arg, - make_unique<fd_access_mode_mismatch> ( - *this, diag_arg, DIRS_READ, callee_fndecl)); + std::make_unique<fd_access_mode_mismatch> + (*this, diag_arg, DIRS_READ, callee_fndecl)); } break; } @@ -1775,21 +1764,21 @@ fd_state_machine::on_socket (const call_details &cd, sm_context &sm_ctxt, const extrinsic_state &ext_state) const { - const gcall *stmt = cd.get_call_stmt (); + const gcall &call = cd.get_call_stmt (); engine *eng = ext_state.get_engine (); const supergraph *sg = eng->get_supergraph (); - const supernode *node = sg->get_supernode_for_stmt (stmt); + const supernode *node = sg->get_supernode_for_stmt (&call); region_model *model = cd.get_model (); if (successful) { - if (gimple_call_lhs (stmt)) + if (gimple_call_lhs (&call)) { conjured_purge p (model, cd.get_ctxt ()); region_model_manager *mgr = model->get_manager (); const svalue *new_fd = mgr->get_or_create_conjured_svalue (integer_type_node, - stmt, + &call, cd.get_lhs_region (), p); if (!add_constraint_ge_zero (model, new_fd, cd.get_ctxt ())) @@ -1798,12 +1787,12 @@ fd_state_machine::on_socket (const call_details &cd, const svalue *socket_type_sval = cd.get_arg_svalue (1); state_machine::state_t new_state = get_state_for_socket_type (socket_type_sval); - sm_ctxt.on_transition (node, stmt, new_fd, m_start, new_state); + sm_ctxt.on_transition (node, &call, new_fd, m_start, new_state); model->set_value (cd.get_lhs_region (), new_fd, cd.get_ctxt ()); } else - sm_ctxt.warn (node, stmt, NULL_TREE, - make_unique<fd_leak> (*this, NULL_TREE)); + sm_ctxt.warn (node, &call, NULL_TREE, + std::make_unique<fd_leak> (*this, NULL_TREE)); } else { @@ -1833,15 +1822,15 @@ fd_state_machine::check_for_socket_fd (const call_details &cd, state_t old_state, bool *complained) const { - const gcall *stmt = cd.get_call_stmt (); + const gcall &call = cd.get_call_stmt (); if (is_closed_fd_p (old_state)) { tree diag_arg = sm_ctxt.get_diagnostic_tree (fd_sval); sm_ctxt.warn - (node, stmt, fd_sval, - make_unique<fd_use_after_close> (*this, diag_arg, - cd.get_fndecl_for_call ())); + (node, &call, fd_sval, + std::make_unique<fd_use_after_close> (*this, diag_arg, + cd.get_fndecl_for_call ())); if (complained) *complained = true; if (successful) @@ -1852,11 +1841,11 @@ fd_state_machine::check_for_socket_fd (const call_details &cd, /* Complain about non-socket. */ tree diag_arg = sm_ctxt.get_diagnostic_tree (fd_sval); sm_ctxt.warn - (node, stmt, fd_sval, - make_unique<fd_type_mismatch> (*this, diag_arg, - cd.get_fndecl_for_call (), - old_state, - EXPECTED_TYPE_SOCKET)); + (node, &call, fd_sval, + std::make_unique<fd_type_mismatch> (*this, diag_arg, + cd.get_fndecl_for_call (), + old_state, + EXPECTED_TYPE_SOCKET)); if (complained) *complained = true; if (successful) @@ -1866,9 +1855,9 @@ fd_state_machine::check_for_socket_fd (const call_details &cd, { tree diag_arg = sm_ctxt.get_diagnostic_tree (fd_sval); sm_ctxt.warn - (node, stmt, fd_sval, - make_unique<fd_use_without_check> (*this, diag_arg, - cd.get_fndecl_for_call ())); + (node, &call, fd_sval, + std::make_unique<fd_use_without_check> (*this, diag_arg, + cd.get_fndecl_for_call ())); if (complained) *complained = true; if (successful) @@ -1929,11 +1918,11 @@ fd_state_machine::check_for_new_socket_fd (const call_details &cd, /* Complain about "bind" or "connect" in wrong phase. */ tree diag_arg = sm_ctxt.get_diagnostic_tree (fd_sval); sm_ctxt.warn - (node, cd.get_call_stmt (), fd_sval, - make_unique<fd_phase_mismatch> (*this, diag_arg, - cd.get_fndecl_for_call (), - old_state, - expected_phase)); + (node, &cd.get_call_stmt (), fd_sval, + std::make_unique<fd_phase_mismatch> (*this, diag_arg, + cd.get_fndecl_for_call (), + old_state, + expected_phase)); if (successful) return false; } @@ -1941,7 +1930,7 @@ fd_state_machine::check_for_new_socket_fd (const call_details &cd, { /* If we were in the start state, assume we had a new socket. */ if (old_state == m_start) - sm_ctxt.set_next_state (cd.get_call_stmt (), fd_sval, + sm_ctxt.set_next_state (&cd.get_call_stmt (), fd_sval, m_new_unknown_socket); } @@ -1963,13 +1952,13 @@ fd_state_machine::on_bind (const call_details &cd, sm_context &sm_ctxt, const extrinsic_state &ext_state) const { - const gcall *stmt = cd.get_call_stmt (); + const gcall &call = cd.get_call_stmt (); engine *eng = ext_state.get_engine (); const supergraph *sg = eng->get_supergraph (); - const supernode *node = sg->get_supernode_for_stmt (stmt); + const supernode *node = sg->get_supernode_for_stmt (&call); const svalue *fd_sval = cd.get_arg_svalue (0); region_model *model = cd.get_model (); - state_t old_state = sm_ctxt.get_state (stmt, fd_sval); + state_t old_state = sm_ctxt.get_state (&call, fd_sval); if (!check_for_new_socket_fd (cd, successful, sm_ctxt, fd_sval, node, old_state, @@ -1992,7 +1981,7 @@ fd_state_machine::on_bind (const call_details &cd, next_state = m_stop; else gcc_unreachable (); - sm_ctxt.set_next_state (cd.get_call_stmt (), fd_sval, next_state); + sm_ctxt.set_next_state (&cd.get_call_stmt (), fd_sval, next_state); model->update_for_zero_return (cd, true); } else @@ -2015,13 +2004,13 @@ fd_state_machine::on_listen (const call_details &cd, sm_context &sm_ctxt, const extrinsic_state &ext_state) const { - const gcall *stmt = cd.get_call_stmt (); + const gcall &call = cd.get_call_stmt (); engine *eng = ext_state.get_engine (); const supergraph *sg = eng->get_supergraph (); - const supernode *node = sg->get_supernode_for_stmt (cd.get_call_stmt ()); + const supernode *node = sg->get_supernode_for_stmt (&cd.get_call_stmt ()); const svalue *fd_sval = cd.get_arg_svalue (0); region_model *model = cd.get_model (); - state_t old_state = sm_ctxt.get_state (stmt, fd_sval); + state_t old_state = sm_ctxt.get_state (&call, fd_sval); /* We expect a stream socket that's had "bind" called on it. */ if (!check_for_socket_fd (cd, successful, sm_ctxt, fd_sval, node, old_state)) @@ -2039,18 +2028,18 @@ fd_state_machine::on_listen (const call_details &cd, tree diag_arg = sm_ctxt.get_diagnostic_tree (fd_sval); if (is_stream_socket_fd_p (old_state)) sm_ctxt.warn - (node, stmt, fd_sval, - make_unique<fd_phase_mismatch> (*this, diag_arg, - cd.get_fndecl_for_call (), - old_state, - EXPECTED_PHASE_CAN_LISTEN)); + (node, &call, fd_sval, + std::make_unique<fd_phase_mismatch> (*this, diag_arg, + cd.get_fndecl_for_call (), + old_state, + EXPECTED_PHASE_CAN_LISTEN)); else sm_ctxt.warn - (node, stmt, fd_sval, - make_unique<fd_type_mismatch> (*this, diag_arg, - cd.get_fndecl_for_call (), - old_state, - EXPECTED_TYPE_STREAM_SOCKET)); + (node, &call, fd_sval, + std::make_unique<fd_type_mismatch> (*this, diag_arg, + cd.get_fndecl_for_call (), + old_state, + EXPECTED_TYPE_STREAM_SOCKET)); if (successful) return false; } @@ -2058,7 +2047,7 @@ fd_state_machine::on_listen (const call_details &cd, if (successful) { model->update_for_zero_return (cd, true); - sm_ctxt.set_next_state (cd.get_call_stmt (), fd_sval, + sm_ctxt.set_next_state (&cd.get_call_stmt (), fd_sval, m_listening_stream_socket); } else @@ -2067,7 +2056,7 @@ fd_state_machine::on_listen (const call_details &cd, model->update_for_int_cst_return (cd, -1, true); model->set_errno (cd); if (old_state == m_start) - sm_ctxt.set_next_state (cd.get_call_stmt (), fd_sval, + sm_ctxt.set_next_state (&cd.get_call_stmt (), fd_sval, m_bound_stream_socket); } @@ -2084,15 +2073,15 @@ fd_state_machine::on_accept (const call_details &cd, sm_context &sm_ctxt, const extrinsic_state &ext_state) const { - const gcall *stmt = cd.get_call_stmt (); + const gcall &call = cd.get_call_stmt (); engine *eng = ext_state.get_engine (); const supergraph *sg = eng->get_supergraph (); - const supernode *node = sg->get_supernode_for_stmt (stmt); + const supernode *node = sg->get_supernode_for_stmt (&call); const svalue *fd_sval = cd.get_arg_svalue (0); const svalue *address_sval = cd.get_arg_svalue (1); const svalue *len_ptr_sval = cd.get_arg_svalue (2); region_model *model = cd.get_model (); - state_t old_state = sm_ctxt.get_state (stmt, fd_sval); + state_t old_state = sm_ctxt.get_state (&call, fd_sval); if (!address_sval->all_zeroes_p ()) { @@ -2127,14 +2116,14 @@ fd_state_machine::on_accept (const call_details &cd, old_len_sval); const svalue *new_addr_sval = mgr->get_or_create_conjured_svalue (NULL_TREE, - stmt, + &call, old_sized_address_reg, p); model->set_value (old_sized_address_reg, new_addr_sval, cd.get_ctxt ()); const svalue *new_addr_len = mgr->get_or_create_conjured_svalue (NULL_TREE, - stmt, + &call, len_reg, p); model->set_value (len_reg, new_addr_len, cd.get_ctxt ()); @@ -2148,7 +2137,7 @@ fd_state_machine::on_accept (const call_details &cd, if (old_state == m_start || old_state == m_constant_fd) /* If we were in the start state (or a constant), assume we had the expected state. */ - sm_ctxt.set_next_state (cd.get_call_stmt (), fd_sval, + sm_ctxt.set_next_state (&cd.get_call_stmt (), fd_sval, m_listening_stream_socket); else if (old_state == m_stop) { @@ -2160,18 +2149,18 @@ fd_state_machine::on_accept (const call_details &cd, tree diag_arg = sm_ctxt.get_diagnostic_tree (fd_sval); if (is_stream_socket_fd_p (old_state)) sm_ctxt.warn - (node, stmt, fd_sval, - make_unique<fd_phase_mismatch> (*this, diag_arg, - cd.get_fndecl_for_call (), - old_state, - EXPECTED_PHASE_CAN_ACCEPT)); + (node, &call, fd_sval, + std::make_unique<fd_phase_mismatch> (*this, diag_arg, + cd.get_fndecl_for_call (), + old_state, + EXPECTED_PHASE_CAN_ACCEPT)); else sm_ctxt.warn - (node, stmt, fd_sval, - make_unique<fd_type_mismatch> (*this, diag_arg, - cd.get_fndecl_for_call (), - old_state, - EXPECTED_TYPE_STREAM_SOCKET)); + (node, &call, fd_sval, + std::make_unique<fd_type_mismatch> (*this, diag_arg, + cd.get_fndecl_for_call (), + old_state, + EXPECTED_TYPE_STREAM_SOCKET)); if (successful) return false; } @@ -2179,24 +2168,24 @@ fd_state_machine::on_accept (const call_details &cd, if (successful) { /* Return new conjured FD in "connected" state. */ - if (gimple_call_lhs (stmt)) + if (gimple_call_lhs (&call)) { conjured_purge p (model, cd.get_ctxt ()); region_model_manager *mgr = model->get_manager (); const svalue *new_fd = mgr->get_or_create_conjured_svalue (integer_type_node, - stmt, + &call, cd.get_lhs_region (), p); if (!add_constraint_ge_zero (model, new_fd, cd.get_ctxt ())) return false; - sm_ctxt.on_transition (node, stmt, new_fd, + sm_ctxt.on_transition (node, &call, new_fd, m_start, m_connected_stream_socket); model->set_value (cd.get_lhs_region (), new_fd, cd.get_ctxt ()); } else - sm_ctxt.warn (node, stmt, NULL_TREE, - make_unique<fd_leak> (*this, NULL_TREE)); + sm_ctxt.warn (node, &call, NULL_TREE, + std::make_unique<fd_leak> (*this, NULL_TREE)); } else { @@ -2218,13 +2207,13 @@ fd_state_machine::on_connect (const call_details &cd, sm_context &sm_ctxt, const extrinsic_state &ext_state) const { - const gcall *stmt = cd.get_call_stmt (); + const gcall &call = cd.get_call_stmt (); engine *eng = ext_state.get_engine (); const supergraph *sg = eng->get_supergraph (); - const supernode *node = sg->get_supernode_for_stmt (stmt); + const supernode *node = sg->get_supernode_for_stmt (&call); const svalue *fd_sval = cd.get_arg_svalue (0); region_model *model = cd.get_model (); - state_t old_state = sm_ctxt.get_state (stmt, fd_sval); + state_t old_state = sm_ctxt.get_state (&call, fd_sval); if (!check_for_new_socket_fd (cd, successful, sm_ctxt, fd_sval, node, old_state, @@ -2250,7 +2239,7 @@ fd_state_machine::on_connect (const call_details &cd, next_state = m_stop; else gcc_unreachable (); - sm_ctxt.set_next_state (cd.get_call_stmt (), fd_sval, next_state); + sm_ctxt.set_next_state (&cd.get_call_stmt (), fd_sval, next_state); } else { @@ -2334,14 +2323,14 @@ fd_state_machine::can_purge_p (state_t s) const std::unique_ptr<pending_diagnostic> fd_state_machine::on_leak (tree var) const { - return make_unique<fd_leak> (*this, var); + return std::make_unique<fd_leak> (*this, var); } } // namespace -state_machine * +std::unique_ptr<state_machine> make_fd_state_machine (logger *logger) { - return new fd_state_machine (logger); + return std::make_unique<fd_state_machine> (logger); } static bool @@ -2426,8 +2415,10 @@ public: { if (cd.get_ctxt ()) { - cd.get_ctxt ()->bifurcate (make_unique<outcome_of_socket> (cd, false)); - cd.get_ctxt ()->bifurcate (make_unique<outcome_of_socket> (cd, true)); + cd.get_ctxt ()->bifurcate + (std::make_unique<outcome_of_socket> (cd, false)); + cd.get_ctxt ()->bifurcate + (std::make_unique<outcome_of_socket> (cd, true)); cd.get_ctxt ()->terminate_path (); } } @@ -2478,8 +2469,10 @@ public: { if (cd.get_ctxt ()) { - cd.get_ctxt ()->bifurcate (make_unique<outcome_of_bind> (cd, false)); - cd.get_ctxt ()->bifurcate (make_unique<outcome_of_bind> (cd, true)); + cd.get_ctxt ()->bifurcate + (std::make_unique<outcome_of_bind> (cd, false)); + cd.get_ctxt ()->bifurcate + (std::make_unique<outcome_of_bind> (cd, true)); cd.get_ctxt ()->terminate_path (); } } @@ -2530,8 +2523,10 @@ class kf_listen : public known_function { if (cd.get_ctxt ()) { - cd.get_ctxt ()->bifurcate (make_unique<outcome_of_listen> (cd, false)); - cd.get_ctxt ()->bifurcate (make_unique<outcome_of_listen> (cd, true)); + cd.get_ctxt ()->bifurcate + (std::make_unique<outcome_of_listen> (cd, false)); + cd.get_ctxt ()->bifurcate + (std::make_unique<outcome_of_listen> (cd, true)); cd.get_ctxt ()->terminate_path (); } } @@ -2584,8 +2579,10 @@ class kf_accept : public known_function { if (cd.get_ctxt ()) { - cd.get_ctxt ()->bifurcate (make_unique<outcome_of_accept> (cd, false)); - cd.get_ctxt ()->bifurcate (make_unique<outcome_of_accept> (cd, true)); + cd.get_ctxt ()->bifurcate + (std::make_unique<outcome_of_accept> (cd, false)); + cd.get_ctxt ()->bifurcate + (std::make_unique<outcome_of_accept> (cd, true)); cd.get_ctxt ()->terminate_path (); } } @@ -2638,8 +2635,10 @@ public: { if (cd.get_ctxt ()) { - cd.get_ctxt ()->bifurcate (make_unique<outcome_of_connect> (cd, false)); - cd.get_ctxt ()->bifurcate (make_unique<outcome_of_connect> (cd, true)); + cd.get_ctxt ()->bifurcate + (std::make_unique<outcome_of_connect> (cd, false)); + cd.get_ctxt ()->bifurcate + (std::make_unique<outcome_of_connect> (cd, true)); cd.get_ctxt ()->terminate_path (); } } @@ -2696,7 +2695,7 @@ class kf_isatty : public known_function const svalue *fd_sval = cd.get_arg_svalue (0); state_machine::state_t old_state - = sm_ctxt->get_state (cd.get_call_stmt (), fd_sval); + = sm_ctxt->get_state (&cd.get_call_stmt (), fd_sval); if (fd_sm->is_closed_fd_p (old_state) || old_state == fd_sm->m_invalid) @@ -2716,8 +2715,10 @@ public: { if (cd.get_ctxt ()) { - cd.get_ctxt ()->bifurcate (make_unique<outcome_of_isatty> (cd, false)); - cd.get_ctxt ()->bifurcate (make_unique<outcome_of_isatty> (cd, true)); + cd.get_ctxt ()->bifurcate + (std::make_unique<outcome_of_isatty> (cd, false)); + cd.get_ctxt ()->bifurcate + (std::make_unique<outcome_of_isatty> (cd, true)); cd.get_ctxt ()->terminate_path (); } } @@ -2773,7 +2774,7 @@ class kf_pipe : public known_function conjured_purge p (model, cd.get_ctxt ()); const svalue *fd_sval = mgr->get_or_create_conjured_svalue (integer_type_node, - cd.get_call_stmt (), + &cd.get_call_stmt (), element_reg, p); model->set_value (element_reg, fd_sval, cd.get_ctxt ()); @@ -2799,8 +2800,10 @@ public: { if (cd.get_ctxt ()) { - cd.get_ctxt ()->bifurcate (make_unique<failure> (cd)); - cd.get_ctxt ()->bifurcate (make_unique<success> (cd)); + cd.get_ctxt ()->bifurcate + (std::make_unique<failure> (cd)); + cd.get_ctxt ()->bifurcate + (std::make_unique<success> (cd)); cd.get_ctxt ()->terminate_path (); } } @@ -2848,15 +2851,15 @@ public: void register_known_fd_functions (known_function_manager &kfm) { - kfm.add ("accept", make_unique<kf_accept> ()); - kfm.add ("bind", make_unique<kf_bind> ()); - kfm.add ("connect", make_unique<kf_connect> ()); - kfm.add ("isatty", make_unique<kf_isatty> ()); - kfm.add ("listen", make_unique<kf_listen> ()); - kfm.add ("pipe", make_unique<kf_pipe> (1)); - kfm.add ("pipe2", make_unique<kf_pipe> (2)); - kfm.add ("read", make_unique<kf_read> ()); - kfm.add ("socket", make_unique<kf_socket> ()); + kfm.add ("accept", std::make_unique<kf_accept> ()); + kfm.add ("bind", std::make_unique<kf_bind> ()); + kfm.add ("connect", std::make_unique<kf_connect> ()); + kfm.add ("isatty", std::make_unique<kf_isatty> ()); + kfm.add ("listen", std::make_unique<kf_listen> ()); + kfm.add ("pipe", std::make_unique<kf_pipe> (1)); + kfm.add ("pipe2", std::make_unique<kf_pipe> (2)); + kfm.add ("read", std::make_unique<kf_read> ()); + kfm.add ("socket", std::make_unique<kf_socket> ()); } } // namespace ana diff --git a/gcc/analyzer/sm-file.cc b/gcc/analyzer/sm-file.cc index 1e41dc9..d7dbe2f 100644 --- a/gcc/analyzer/sm-file.cc +++ b/gcc/analyzer/sm-file.cc @@ -18,26 +18,16 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "make-unique.h" -#include "tree.h" -#include "function.h" -#include "basic-block.h" -#include "gimple.h" -#include "options.h" -#include "diagnostic-core.h" -#include "diagnostic-path.h" -#include "analyzer/analyzer.h" +#include "analyzer/common.h" + #include "diagnostic-event-id.h" +#include "selftest.h" + #include "analyzer/analyzer-logging.h" #include "analyzer/sm.h" #include "analyzer/pending-diagnostic.h" #include "analyzer/function-set.h" #include "analyzer/analyzer-selftests.h" -#include "selftest.h" #include "analyzer/call-string.h" #include "analyzer/program-point.h" #include "analyzer/store.h" @@ -403,9 +393,9 @@ fileptr_state_machine::on_stmt (sm_context &sm_ctxt, const gimple *stmt) const { if (const gcall *call = dyn_cast <const gcall *> (stmt)) - if (tree callee_fndecl = sm_ctxt.get_fndecl_for_call (call)) + if (tree callee_fndecl = sm_ctxt.get_fndecl_for_call (*call)) { - if (is_named_call_p (callee_fndecl, "fopen", call, 2)) + if (is_named_call_p (callee_fndecl, "fopen", *call, 2)) { tree lhs = gimple_call_lhs (call); if (lhs) @@ -417,7 +407,7 @@ fileptr_state_machine::on_stmt (sm_context &sm_ctxt, return true; } - if (is_named_call_p (callee_fndecl, "fclose", call, 1)) + if (is_named_call_p (callee_fndecl, "fclose", *call, 1)) { tree arg = gimple_call_arg (call, 0); @@ -433,7 +423,8 @@ fileptr_state_machine::on_stmt (sm_context &sm_ctxt, { tree diag_arg = sm_ctxt.get_diagnostic_tree (arg); sm_ctxt.warn (node, stmt, arg, - make_unique<double_fclose> (*this, diag_arg)); + std::make_unique<double_fclose> (*this, + diag_arg)); sm_ctxt.set_next_state (stmt, arg, m_stop); } return true; @@ -503,17 +494,17 @@ fileptr_state_machine::can_purge_p (state_t s) const std::unique_ptr<pending_diagnostic> fileptr_state_machine::on_leak (tree var) const { - return make_unique<file_leak> (*this, var); + return std::make_unique<file_leak> (*this, var); } } // anonymous namespace /* Internal interface to this file. */ -state_machine * +std::unique_ptr<state_machine> make_fileptr_state_machine (logger *logger) { - return new fileptr_state_machine (logger); + return std::make_unique<fileptr_state_machine> (logger); } /* Handler for various stdio-related builtins that merely have external @@ -655,40 +646,40 @@ public: void register_known_file_functions (known_function_manager &kfm) { - kfm.add (BUILT_IN_FPRINTF, make_unique<kf_stdio_output_fn> ()); - kfm.add (BUILT_IN_FPRINTF_UNLOCKED, make_unique<kf_stdio_output_fn> ()); - kfm.add (BUILT_IN_FPUTC, make_unique<kf_stdio_output_fn> ()); - kfm.add (BUILT_IN_FPUTC_UNLOCKED, make_unique<kf_stdio_output_fn> ()); - kfm.add (BUILT_IN_FPUTS, make_unique<kf_stdio_output_fn> ()); - kfm.add (BUILT_IN_FPUTS_UNLOCKED, make_unique<kf_stdio_output_fn> ()); - kfm.add (BUILT_IN_FWRITE, make_unique<kf_stdio_output_fn> ()); - kfm.add (BUILT_IN_FWRITE_UNLOCKED, make_unique<kf_stdio_output_fn> ()); - kfm.add (BUILT_IN_PRINTF, make_unique<kf_stdio_output_fn> ()); - kfm.add (BUILT_IN_PRINTF_UNLOCKED, make_unique<kf_stdio_output_fn> ()); - kfm.add (BUILT_IN_PUTC, make_unique<kf_stdio_output_fn> ()); - kfm.add (BUILT_IN_PUTCHAR, make_unique<kf_stdio_output_fn> ()); - kfm.add (BUILT_IN_PUTCHAR_UNLOCKED, make_unique<kf_stdio_output_fn> ()); - kfm.add (BUILT_IN_PUTC_UNLOCKED, make_unique<kf_stdio_output_fn> ()); - kfm.add (BUILT_IN_PUTS, make_unique<kf_stdio_output_fn> ()); - kfm.add (BUILT_IN_PUTS_UNLOCKED, make_unique<kf_stdio_output_fn> ()); - kfm.add (BUILT_IN_VFPRINTF, make_unique<kf_stdio_output_fn> ()); - kfm.add (BUILT_IN_VPRINTF, make_unique<kf_stdio_output_fn> ()); - - kfm.add ("ferror", make_unique<kf_ferror> ()); - kfm.add ("fgets", make_unique<kf_fgets> ()); - kfm.add ("fgets_unlocked", make_unique<kf_fgets> ()); // non-standard - kfm.add ("fileno", make_unique<kf_fileno> ()); - kfm.add ("fread", make_unique<kf_fread> ()); - kfm.add ("getc", make_unique<kf_getc> ()); - kfm.add ("getchar", make_unique<kf_getchar> ()); + kfm.add (BUILT_IN_FPRINTF, std::make_unique<kf_stdio_output_fn> ()); + kfm.add (BUILT_IN_FPRINTF_UNLOCKED, std::make_unique<kf_stdio_output_fn> ()); + kfm.add (BUILT_IN_FPUTC, std::make_unique<kf_stdio_output_fn> ()); + kfm.add (BUILT_IN_FPUTC_UNLOCKED, std::make_unique<kf_stdio_output_fn> ()); + kfm.add (BUILT_IN_FPUTS, std::make_unique<kf_stdio_output_fn> ()); + kfm.add (BUILT_IN_FPUTS_UNLOCKED, std::make_unique<kf_stdio_output_fn> ()); + kfm.add (BUILT_IN_FWRITE, std::make_unique<kf_stdio_output_fn> ()); + kfm.add (BUILT_IN_FWRITE_UNLOCKED, std::make_unique<kf_stdio_output_fn> ()); + kfm.add (BUILT_IN_PRINTF, std::make_unique<kf_stdio_output_fn> ()); + kfm.add (BUILT_IN_PRINTF_UNLOCKED, std::make_unique<kf_stdio_output_fn> ()); + kfm.add (BUILT_IN_PUTC, std::make_unique<kf_stdio_output_fn> ()); + kfm.add (BUILT_IN_PUTCHAR, std::make_unique<kf_stdio_output_fn> ()); + kfm.add (BUILT_IN_PUTCHAR_UNLOCKED, std::make_unique<kf_stdio_output_fn> ()); + kfm.add (BUILT_IN_PUTC_UNLOCKED, std::make_unique<kf_stdio_output_fn> ()); + kfm.add (BUILT_IN_PUTS, std::make_unique<kf_stdio_output_fn> ()); + kfm.add (BUILT_IN_PUTS_UNLOCKED, std::make_unique<kf_stdio_output_fn> ()); + kfm.add (BUILT_IN_VFPRINTF, std::make_unique<kf_stdio_output_fn> ()); + kfm.add (BUILT_IN_VPRINTF, std::make_unique<kf_stdio_output_fn> ()); + + kfm.add ("ferror", std::make_unique<kf_ferror> ()); + kfm.add ("fgets", std::make_unique<kf_fgets> ()); + kfm.add ("fgets_unlocked", std::make_unique<kf_fgets> ()); // non-standard + kfm.add ("fileno", std::make_unique<kf_fileno> ()); + kfm.add ("fread", std::make_unique<kf_fread> ()); + kfm.add ("getc", std::make_unique<kf_getc> ()); + kfm.add ("getchar", std::make_unique<kf_getchar> ()); /* Some C++ implementations use the std:: copies of these functions from <cstdio> for <stdio.h>, so we must match against these too. */ - kfm.add_std_ns ("ferror", make_unique<kf_ferror> ()); - kfm.add_std_ns ("fgets", make_unique<kf_fgets> ()); - kfm.add_std_ns ("fread", make_unique<kf_fread> ()); - kfm.add_std_ns ("getc", make_unique<kf_getc> ()); - kfm.add_std_ns ("getchar", make_unique<kf_getchar> ()); + kfm.add_std_ns ("ferror", std::make_unique<kf_ferror> ()); + kfm.add_std_ns ("fgets", std::make_unique<kf_fgets> ()); + kfm.add_std_ns ("fread", std::make_unique<kf_fread> ()); + kfm.add_std_ns ("getc", std::make_unique<kf_getc> ()); + kfm.add_std_ns ("getchar", std::make_unique<kf_getchar> ()); } #if CHECKING_P diff --git a/gcc/analyzer/sm-malloc.cc b/gcc/analyzer/sm-malloc.cc index 6972a55..0186268 100644 --- a/gcc/analyzer/sm-malloc.cc +++ b/gcc/analyzer/sm-malloc.cc @@ -18,21 +18,12 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "make-unique.h" -#include "tree.h" -#include "function.h" -#include "basic-block.h" -#include "gimple.h" -#include "options.h" -#include "bitmap.h" -#include "diagnostic-core.h" -#include "diagnostic-path.h" -#include "analyzer/analyzer.h" +#include "analyzer/common.h" + #include "diagnostic-event-id.h" +#include "stringpool.h" +#include "attribs.h" + #include "analyzer/analyzer-logging.h" #include "analyzer/sm.h" #include "analyzer/pending-diagnostic.h" @@ -41,8 +32,6 @@ along with GCC; see the file COPYING3. If not see #include "analyzer/store.h" #include "analyzer/region-model.h" #include "analyzer/call-details.h" -#include "stringpool.h" -#include "attribs.h" #include "analyzer/function-set.h" #include "analyzer/program-state.h" #include "analyzer/checker-event.h" @@ -482,22 +471,22 @@ private: tree ptr) const; void on_allocator_call (sm_context &sm_ctxt, - const gcall *call, + const gcall &call, const deallocator_set *deallocators, bool returns_nonnull = false) const; void handle_free_of_non_heap (sm_context &sm_ctxt, const supernode *node, - const gcall *call, + const gcall &call, tree arg, const deallocator *d) const; void on_deallocator_call (sm_context &sm_ctxt, const supernode *node, - const gcall *call, + const gcall &call, const deallocator *d, unsigned argno) const; void on_realloc_call (sm_context &sm_ctxt, const supernode *node, - const gcall *call) const; + const gcall &call) const; void on_zero_assignment (sm_context &sm_ctxt, const gimple *stmt, tree lhs) const; @@ -1955,7 +1944,7 @@ get_or_create_assumed_non_null_state_for_frame (const frame_region *frame) builtin. */ static bool -known_allocator_p (const_tree fndecl, const gcall *call) +known_allocator_p (const_tree fndecl, const gcall &call) { /* Either it is a function we know by name and number of arguments... */ if (is_named_call_p (fndecl, "malloc", call, 1) @@ -2029,9 +2018,10 @@ malloc_state_machine::handle_nonnull (sm_context &sm_ctxt, if (unchecked_p (state)) { tree diag_arg = sm_ctxt.get_diagnostic_tree (arg); - sm_ctxt.warn (node, stmt, arg, - make_unique<possible_null_arg> (*this, diag_arg, fndecl, - i)); + sm_ctxt.warn + (node, stmt, arg, + std::make_unique<possible_null_arg> (*this, diag_arg, fndecl, + i)); const allocation_state *astate = as_a_allocation_state (state); sm_ctxt.set_next_state (stmt, arg, astate->get_nonnull ()); @@ -2040,7 +2030,7 @@ malloc_state_machine::handle_nonnull (sm_context &sm_ctxt, { tree diag_arg = sm_ctxt.get_diagnostic_tree (arg); sm_ctxt.warn (node, stmt, arg, - make_unique<null_arg> (*this, diag_arg, fndecl, i)); + std::make_unique<null_arg> (*this, diag_arg, fndecl, i)); sm_ctxt.set_next_state (stmt, arg, m_stop); } else if (state == m_start) @@ -2054,9 +2044,11 @@ malloc_state_machine::on_stmt (sm_context &sm_ctxt, const supernode *node, const gimple *stmt) const { - if (const gcall *call = dyn_cast <const gcall *> (stmt)) - if (tree callee_fndecl = sm_ctxt.get_fndecl_for_call (call)) + if (const gcall *call_stmt = dyn_cast <const gcall *> (stmt)) + if (tree callee_fndecl = sm_ctxt.get_fndecl_for_call (*call_stmt)) { + const gcall &call = *call_stmt; + if (known_allocator_p (callee_fndecl, call)) { on_allocator_call (sm_ctxt, call, &m_free); @@ -2092,7 +2084,7 @@ malloc_state_machine::on_stmt (sm_context &sm_ctxt, if (is_named_call_p (callee_fndecl, "alloca", call, 1) || is_named_call_p (callee_fndecl, "__builtin_alloca", call, 1)) { - tree lhs = gimple_call_lhs (call); + tree lhs = gimple_call_lhs (&call); if (lhs) sm_ctxt.on_transition (node, stmt, lhs, m_start, m_non_heap); return true; @@ -2260,8 +2252,8 @@ malloc_state_machine::on_stmt (sm_context &sm_ctxt, { tree diag_arg = sm_ctxt.get_diagnostic_tree (arg); sm_ctxt.warn (node, stmt, arg, - make_unique<possible_null_deref> (*this, - diag_arg)); + std::make_unique<possible_null_deref> (*this, + diag_arg)); const allocation_state *astate = as_a_allocation_state (state); sm_ctxt.set_next_state (stmt, arg, astate->get_nonnull ()); } @@ -2269,7 +2261,7 @@ malloc_state_machine::on_stmt (sm_context &sm_ctxt, { tree diag_arg = sm_ctxt.get_diagnostic_tree (arg); sm_ctxt.warn (node, stmt, arg, - make_unique<null_deref> (*this, diag_arg)); + std::make_unique<null_deref> (*this, diag_arg)); sm_ctxt.set_next_state (stmt, arg, m_stop); } else if (freed_p (state)) @@ -2277,7 +2269,7 @@ malloc_state_machine::on_stmt (sm_context &sm_ctxt, tree diag_arg = sm_ctxt.get_diagnostic_tree (arg); const allocation_state *astate = as_a_allocation_state (state); sm_ctxt.warn (node, stmt, arg, - make_unique<use_after_free> + std::make_unique<use_after_free> (*this, diag_arg, astate->m_deallocator)); sm_ctxt.set_next_state (stmt, arg, m_stop); } @@ -2339,7 +2331,7 @@ maybe_complain_about_deref_before_check (sm_context &sm_ctxt, if (diag_ptr) sm_ctxt.warn (node, stmt, ptr, - make_unique<deref_before_check> (*this, diag_ptr)); + std::make_unique<deref_before_check> (*this, diag_ptr)); sm_ctxt.set_next_state (stmt, ptr, m_stop); } @@ -2349,15 +2341,15 @@ maybe_complain_about_deref_before_check (sm_context &sm_ctxt, void malloc_state_machine::on_allocator_call (sm_context &sm_ctxt, - const gcall *call, + const gcall &call, const deallocator_set *deallocators, bool returns_nonnull) const { - tree lhs = gimple_call_lhs (call); + tree lhs = gimple_call_lhs (&call); if (lhs) { - if (sm_ctxt.get_state (call, lhs) == m_start) - sm_ctxt.set_next_state (call, lhs, + if (sm_ctxt.get_state (&call, lhs) == m_start) + sm_ctxt.set_next_state (&call, lhs, (returns_nonnull ? deallocators->m_nonnull : deallocators->m_unchecked)); @@ -2374,7 +2366,7 @@ malloc_state_machine::on_allocator_call (sm_context &sm_ctxt, void malloc_state_machine::handle_free_of_non_heap (sm_context &sm_ctxt, const supernode *node, - const gcall *call, + const gcall &call, tree arg, const deallocator *d) const { @@ -2386,28 +2378,28 @@ malloc_state_machine::handle_free_of_non_heap (sm_context &sm_ctxt, const svalue *ptr_sval = old_model->get_rvalue (arg, NULL); freed_reg = old_model->deref_rvalue (ptr_sval, arg, NULL); } - sm_ctxt.warn (node, call, arg, - make_unique<free_of_non_heap> + sm_ctxt.warn (node, &call, arg, + std::make_unique<free_of_non_heap> (*this, diag_arg, freed_reg, d->m_name)); - sm_ctxt.set_next_state (call, arg, m_stop); + sm_ctxt.set_next_state (&call, arg, m_stop); } void malloc_state_machine::on_deallocator_call (sm_context &sm_ctxt, const supernode *node, - const gcall *call, + const gcall &call, const deallocator *d, unsigned argno) const { - if (argno >= gimple_call_num_args (call)) + if (argno >= gimple_call_num_args (&call)) return; - tree arg = gimple_call_arg (call, argno); + tree arg = gimple_call_arg (&call, argno); - state_t state = sm_ctxt.get_state (call, arg); + state_t state = sm_ctxt.get_state (&call, arg); /* start/assumed_non_null/unchecked/nonnull -> freed. */ if (state == m_start || assumed_non_null_p (state)) - sm_ctxt.set_next_state (call, arg, d->m_freed); + sm_ctxt.set_next_state (&call, arg, d->m_freed); else if (unchecked_p (state) || nonnull_p (state)) { const allocation_state *astate = as_a_allocation_state (state); @@ -2416,13 +2408,13 @@ malloc_state_machine::on_deallocator_call (sm_context &sm_ctxt, { /* Wrong allocator. */ tree diag_arg = sm_ctxt.get_diagnostic_tree (arg); - sm_ctxt.warn (node, call, arg, - make_unique<mismatching_deallocation> + sm_ctxt.warn (node, &call, arg, + std::make_unique<mismatching_deallocation> (*this, diag_arg, astate->m_deallocators, d)); } - sm_ctxt.set_next_state (call, arg, d->m_freed); + sm_ctxt.set_next_state (&call, arg, d->m_freed); } /* Keep state "null" as-is, rather than transitioning to "freed"; @@ -2431,9 +2423,9 @@ malloc_state_machine::on_deallocator_call (sm_context &sm_ctxt, { /* freed -> stop, with warning. */ tree diag_arg = sm_ctxt.get_diagnostic_tree (arg); - sm_ctxt.warn (node, call, arg, - make_unique<double_free> (*this, diag_arg, d->m_name)); - sm_ctxt.set_next_state (call, arg, m_stop); + sm_ctxt.warn (node, &call, arg, + std::make_unique<double_free> (*this, diag_arg, d->m_name)); + sm_ctxt.set_next_state (&call, arg, m_stop); } else if (state == m_non_heap) { @@ -2453,14 +2445,14 @@ malloc_state_machine::on_deallocator_call (sm_context &sm_ctxt, void malloc_state_machine::on_realloc_call (sm_context &sm_ctxt, const supernode *node, - const gcall *call) const + const gcall &call) const { const unsigned argno = 0; const deallocator *d = &m_realloc; - tree arg = gimple_call_arg (call, argno); + tree arg = gimple_call_arg (&call, argno); - state_t state = sm_ctxt.get_state (call, arg); + state_t state = sm_ctxt.get_state (&call, arg); if (unchecked_p (state) || nonnull_p (state)) { @@ -2470,11 +2462,11 @@ malloc_state_machine::on_realloc_call (sm_context &sm_ctxt, { /* Wrong allocator. */ tree diag_arg = sm_ctxt.get_diagnostic_tree (arg); - sm_ctxt.warn (node, call, arg, - make_unique<mismatching_deallocation> + sm_ctxt.warn (node, &call, arg, + std::make_unique<mismatching_deallocation> (*this, diag_arg, astate->m_deallocators, d)); - sm_ctxt.set_next_state (call, arg, m_stop); + sm_ctxt.set_next_state (&call, arg, m_stop); if (path_context *path_ctxt = sm_ctxt.get_path_context ()) path_ctxt->terminate_path (); } @@ -2483,9 +2475,9 @@ malloc_state_machine::on_realloc_call (sm_context &sm_ctxt, { /* freed -> stop, with warning. */ tree diag_arg = sm_ctxt.get_diagnostic_tree (arg); - sm_ctxt.warn (node, call, arg, - make_unique<double_free> (*this, diag_arg, "free")); - sm_ctxt.set_next_state (call, arg, m_stop); + sm_ctxt.warn (node, &call, arg, + std::make_unique<double_free> (*this, diag_arg, "free")); + sm_ctxt.set_next_state (&call, arg, m_stop); if (path_context *path_ctxt = sm_ctxt.get_path_context ()) path_ctxt->terminate_path (); } @@ -2594,7 +2586,7 @@ malloc_state_machine::can_purge_p (state_t s) const std::unique_ptr<pending_diagnostic> malloc_state_machine::on_leak (tree var) const { - return make_unique<malloc_leak> (*this, var); + return std::make_unique<malloc_leak> (*this, var); } /* Implementation of state_machine::reset_when_passed_to_unknown_fn_p vfunc @@ -2707,10 +2699,10 @@ malloc_state_machine::transition_ptr_sval_non_null (region_model *model, /* Internal interface to this file. */ -state_machine * +std::unique_ptr<state_machine> make_malloc_state_machine (logger *logger) { - return new malloc_state_machine (logger); + return std::make_unique<malloc_state_machine> (logger); } /* Specialcase hook for handling realloc, for use by diff --git a/gcc/analyzer/sm-pattern-test.cc b/gcc/analyzer/sm-pattern-test.cc index 5b98067..f05ffe0 100644 --- a/gcc/analyzer/sm-pattern-test.cc +++ b/gcc/analyzer/sm-pattern-test.cc @@ -20,19 +20,11 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "make-unique.h" -#include "tree.h" -#include "function.h" -#include "basic-block.h" -#include "gimple.h" +#include "analyzer/common.h" + #include "tree-pretty-print.h" -#include "diagnostic-path.h" -#include "analyzer/analyzer.h" #include "diagnostic-event-id.h" + #include "analyzer/analyzer-logging.h" #include "analyzer/sm.h" #include "analyzer/pending-diagnostic.h" @@ -140,7 +132,7 @@ pattern_test_state_machine::on_condition (sm_context &sm_ctxt, if (tree lhs_expr = sm_ctxt.get_diagnostic_tree (lhs)) { sm_ctxt.warn (node, stmt, lhs_expr, - make_unique<pattern_match> (lhs_expr, op, rhs_cst)); + std::make_unique<pattern_match> (lhs_expr, op, rhs_cst)); } } @@ -154,10 +146,10 @@ pattern_test_state_machine::can_purge_p (state_t s ATTRIBUTE_UNUSED) const /* Internal interface to this file. */ -state_machine * +std::unique_ptr<state_machine> make_pattern_test_state_machine (logger *logger) { - return new pattern_test_state_machine (logger); + return std::make_unique<pattern_test_state_machine> (logger); } } // namespace ana diff --git a/gcc/analyzer/sm-sensitive.cc b/gcc/analyzer/sm-sensitive.cc index 6e185cb..7bd5ef6 100644 --- a/gcc/analyzer/sm-sensitive.cc +++ b/gcc/analyzer/sm-sensitive.cc @@ -19,19 +19,10 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#include "system.h" -#include "coretypes.h" -#include "make-unique.h" -#include "tree.h" -#include "function.h" -#include "basic-block.h" -#include "gimple.h" -#include "options.h" -#include "diagnostic-core.h" -#include "diagnostic-path.h" -#include "analyzer/analyzer.h" +#include "analyzer/common.h" + #include "diagnostic-event-id.h" + #include "analyzer/analyzer-logging.h" #include "analyzer/sm.h" #include "analyzer/pending-diagnostic.h" @@ -196,8 +187,8 @@ sensitive_state_machine::warn_for_any_exposure (sm_context &sm_ctxt, { tree diag_arg = sm_ctxt.get_diagnostic_tree (arg); sm_ctxt.warn (node, stmt, arg, - make_unique<exposure_through_output_file> (*this, - diag_arg)); + std::make_unique<exposure_through_output_file> (*this, + diag_arg)); } } @@ -210,9 +201,9 @@ sensitive_state_machine::on_stmt (sm_context &sm_ctxt, const gimple *stmt) const { if (const gcall *call = dyn_cast <const gcall *> (stmt)) - if (tree callee_fndecl = sm_ctxt.get_fndecl_for_call (call)) + if (tree callee_fndecl = sm_ctxt.get_fndecl_for_call (*call)) { - if (is_named_call_p (callee_fndecl, "getpass", call, 1)) + if (is_named_call_p (callee_fndecl, "getpass", *call, 1)) { tree lhs = gimple_call_lhs (call); if (lhs) @@ -230,7 +221,7 @@ sensitive_state_machine::on_stmt (sm_context &sm_ctxt, } return true; } - else if (is_named_call_p (callee_fndecl, "fwrite", call, 4)) + else if (is_named_call_p (callee_fndecl, "fwrite", *call, 4)) { tree arg = gimple_call_arg (call, 0); warn_for_any_exposure (sm_ctxt, node, stmt, arg); @@ -251,10 +242,10 @@ sensitive_state_machine::can_purge_p (state_t s ATTRIBUTE_UNUSED) const /* Internal interface to this file. */ -state_machine * +std::unique_ptr<state_machine> make_sensitive_state_machine (logger *logger) { - return new sensitive_state_machine (logger); + return std::make_unique<sensitive_state_machine> (logger); } } // namespace ana diff --git a/gcc/analyzer/sm-signal.cc b/gcc/analyzer/sm-signal.cc index f8b378f..83f2808 100644 --- a/gcc/analyzer/sm-signal.cc +++ b/gcc/analyzer/sm-signal.cc @@ -20,39 +20,28 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "make-unique.h" -#include "tree.h" -#include "function.h" -#include "basic-block.h" -#include "gimple.h" -#include "options.h" -#include "bitmap.h" -#include "diagnostic-core.h" -#include "diagnostic-path.h" -#include "analyzer/analyzer.h" +#include "analyzer/common.h" + #include "diagnostic-event-id.h" -#include "analyzer/analyzer-logging.h" -#include "analyzer/sm.h" -#include "analyzer/pending-diagnostic.h" #include "sbitmap.h" #include "ordered-hash-map.h" #include "selftest.h" +#include "cfg.h" +#include "gimple-iterator.h" +#include "cgraph.h" +#include "shortest-paths.h" + +#include "analyzer/analyzer-logging.h" +#include "analyzer/sm.h" +#include "analyzer/pending-diagnostic.h" #include "analyzer/call-string.h" #include "analyzer/program-point.h" #include "analyzer/store.h" #include "analyzer/region-model.h" #include "analyzer/program-state.h" #include "analyzer/checker-path.h" -#include "cfg.h" -#include "gimple-iterator.h" -#include "cgraph.h" #include "analyzer/supergraph.h" #include "analyzer/diagnostic-manager.h" -#include "shortest-paths.h" #include "analyzer/exploded-graph.h" #include "analyzer/function-set.h" #include "analyzer/analyzer-selftests.h" @@ -95,7 +84,7 @@ class signal_unsafe_call : public pending_diagnostic_subclass<signal_unsafe_call> { public: - signal_unsafe_call (const signal_state_machine &sm, const gcall *unsafe_call, + signal_unsafe_call (const signal_state_machine &sm, const gcall &unsafe_call, tree unsafe_fndecl) : m_sm (sm), m_unsafe_call (unsafe_call), m_unsafe_fndecl (unsafe_fndecl) { @@ -106,7 +95,7 @@ public: bool operator== (const signal_unsafe_call &other) const { - return m_unsafe_call == other.m_unsafe_call; + return &m_unsafe_call == &other.m_unsafe_call; } int get_controlling_option () const final override @@ -126,7 +115,7 @@ public: suggesting the replacement. */ if (const char *replacement = get_replacement_fn ()) { - location_t note_loc = gimple_location (m_unsafe_call); + location_t note_loc = gimple_location (&m_unsafe_call); /* It would be nice to add a fixit, but the gimple call location covers the whole call expression. It isn't currently possible to cut this down to just the call @@ -170,7 +159,7 @@ public: private: const signal_state_machine &m_sm; - const gcall *m_unsafe_call; + const gcall &m_unsafe_call; tree m_unsafe_fndecl; /* Returns a replacement function as text if it exists. Currently @@ -207,7 +196,7 @@ update_model_for_signal_handler (region_model *model, gcc_assert (model); /* Purge all state within MODEL. */ *model = region_model (model->get_manager ()); - model->push_frame (handler_fun, NULL, NULL); + model->push_frame (handler_fun, nullptr, nullptr, nullptr); } /* Custom exploded_edge info: entry into a signal-handler. */ @@ -236,10 +225,10 @@ public: const final override { emission_path->add_event - (make_unique<precanned_custom_event> - (event_loc_info (UNKNOWN_LOCATION, NULL_TREE, 0), - "later on," - " when the signal is delivered to the process")); + (std::make_unique<precanned_custom_event> + (event_loc_info (UNKNOWN_LOCATION, NULL_TREE, 0), + "later on," + " when the signal is delivered to the process")); } }; @@ -282,7 +271,7 @@ public: if (dst_enode) eg->add_edge (src_enode, dst_enode, NULL, /*state_change (),*/ true, /* assume does work */ - make_unique<signal_delivery_edge_info_t> ()); + std::make_unique<signal_delivery_edge_info_t> ()); } const signal_state_machine &m_sm; @@ -342,9 +331,9 @@ signal_state_machine::on_stmt (sm_context &sm_ctxt, if (global_state == m_start) { if (const gcall *call = dyn_cast <const gcall *> (stmt)) - if (tree callee_fndecl = sm_ctxt.get_fndecl_for_call (call)) - if (is_named_call_p (callee_fndecl, "signal", call, 2) - || is_std_named_call_p (callee_fndecl, "signal", call, 2)) + if (tree callee_fndecl = sm_ctxt.get_fndecl_for_call (*call)) + if (is_named_call_p (callee_fndecl, "signal", *call, 2) + || is_std_named_call_p (callee_fndecl, "signal", *call, 2)) { tree handler = gimple_call_arg (call, 1); if (TREE_CODE (handler) == ADDR_EXPR @@ -359,12 +348,12 @@ signal_state_machine::on_stmt (sm_context &sm_ctxt, else if (global_state == m_in_signal_handler) { if (const gcall *call = dyn_cast <const gcall *> (stmt)) - if (tree callee_fndecl = sm_ctxt.get_fndecl_for_call (call)) + if (tree callee_fndecl = sm_ctxt.get_fndecl_for_call (*call)) if (signal_unsafe_p (callee_fndecl)) if (sm_ctxt.get_global_state () == m_in_signal_handler) sm_ctxt.warn (node, stmt, NULL_TREE, - make_unique<signal_unsafe_call> - (*this, call, callee_fndecl)); + std::make_unique<signal_unsafe_call> + (*this, *call, callee_fndecl)); } return false; @@ -380,10 +369,10 @@ signal_state_machine::can_purge_p (state_t s ATTRIBUTE_UNUSED) const /* Internal interface to this file. */ -state_machine * +std::unique_ptr<state_machine> make_signal_state_machine (logger *logger) { - return new signal_state_machine (logger); + return std::make_unique<signal_state_machine> (logger); } #if CHECKING_P diff --git a/gcc/analyzer/sm-taint.cc b/gcc/analyzer/sm-taint.cc index 5d0aec3..e782081 100644 --- a/gcc/analyzer/sm-taint.cc +++ b/gcc/analyzer/sm-taint.cc @@ -20,20 +20,8 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "make-unique.h" -#include "tree.h" -#include "function.h" -#include "basic-block.h" -#include "gimple.h" -#include "options.h" -#include "diagnostic-core.h" -#include "diagnostic-path.h" -#include "analyzer/analyzer.h" -#include "analyzer/analyzer-logging.h" +#include "analyzer/common.h" + #include "gimple-iterator.h" #include "ordered-hash-map.h" #include "cgraph.h" @@ -42,6 +30,10 @@ along with GCC; see the file COPYING3. If not see #include "stringpool.h" #include "attribs.h" #include "fold-const.h" +#include "diagnostic-format-sarif.h" +#include "gcc-urlifier.h" + +#include "analyzer/analyzer-logging.h" #include "analyzer/supergraph.h" #include "analyzer/call-string.h" #include "analyzer/program-point.h" @@ -51,8 +43,6 @@ along with GCC; see the file COPYING3. If not see #include "analyzer/program-state.h" #include "analyzer/pending-diagnostic.h" #include "analyzer/constraint-manager.h" -#include "diagnostic-format-sarif.h" -#include "gcc-urlifier.h" #if ENABLE_ANALYZER @@ -140,7 +130,7 @@ private: void check_for_tainted_size_arg (sm_context &sm_ctxt, const supernode *node, - const gcall *call, + const gcall &call, tree callee_fndecl) const; void check_for_tainted_divisor (sm_context &sm_ctxt, const supernode *node, @@ -1099,9 +1089,9 @@ taint_state_machine::on_stmt (sm_context &sm_ctxt, const gimple *stmt) const { if (const gcall *call = dyn_cast <const gcall *> (stmt)) - if (tree callee_fndecl = sm_ctxt.get_fndecl_for_call (call)) + if (tree callee_fndecl = sm_ctxt.get_fndecl_for_call (*call)) { - if (is_named_call_p (callee_fndecl, "fread", call, 4)) + if (is_named_call_p (callee_fndecl, "fread", *call, 4)) { tree arg = gimple_call_arg (call, 0); @@ -1117,14 +1107,14 @@ taint_state_machine::on_stmt (sm_context &sm_ctxt, /* External function with "access" attribute. */ if (sm_ctxt.unknown_side_effects_p ()) - check_for_tainted_size_arg (sm_ctxt, node, call, callee_fndecl); + check_for_tainted_size_arg (sm_ctxt, node, *call, callee_fndecl); if (is_assertion_failure_handler_p (callee_fndecl) && sm_ctxt.get_global_state () == m_tainted_control_flow) { sm_ctxt.warn (node, call, NULL_TREE, - make_unique<tainted_assertion> (*this, NULL_TREE, - callee_fndecl)); + std::make_unique<tainted_assertion> (*this, NULL_TREE, + callee_fndecl)); } } // TODO: ...etc; many other sources of untrusted data @@ -1433,7 +1423,7 @@ taint_state_machine::combine_states (state_t s0, state_t s1) const void taint_state_machine::check_for_tainted_size_arg (sm_context &sm_ctxt, const supernode *node, - const gcall *call, + const gcall &call, tree callee_fndecl) const { tree fntype = TREE_TYPE (callee_fndecl); @@ -1464,17 +1454,17 @@ taint_state_machine::check_for_tainted_size_arg (sm_context &sm_ctxt, if (access->sizarg == UINT_MAX) continue; - tree size_arg = gimple_call_arg (call, access->sizarg); + tree size_arg = gimple_call_arg (&call, access->sizarg); - state_t state = sm_ctxt.get_state (call, size_arg); + state_t state = sm_ctxt.get_state (&call, size_arg); enum bounds b; if (get_taint (state, TREE_TYPE (size_arg), &b)) { const char* const access_str = TREE_STRING_POINTER (access->to_external_string ()); tree diag_size = sm_ctxt.get_diagnostic_tree (size_arg); - sm_ctxt.warn (node, call, size_arg, - make_unique<tainted_access_attrib_size> + sm_ctxt.warn (node, &call, size_arg, + std::make_unique<tainted_access_attrib_size> (*this, diag_size, b, callee_fndecl, access->sizarg, @@ -1518,8 +1508,9 @@ taint_state_machine::check_for_tainted_divisor (sm_context &sm_ctxt, return; tree diag_divisor = sm_ctxt.get_diagnostic_tree (divisor_expr); - sm_ctxt.warn (node, assign, divisor_expr, - make_unique <tainted_divisor> (*this, diag_divisor, b)); + sm_ctxt.warn + (node, assign, divisor_expr, + std::make_unique <tainted_divisor> (*this, diag_divisor, b)); sm_ctxt.set_next_state (assign, divisor_sval, m_stop); } } @@ -1528,10 +1519,10 @@ taint_state_machine::check_for_tainted_divisor (sm_context &sm_ctxt, /* Internal interface to this file. */ -state_machine * +std::unique_ptr<state_machine> make_taint_state_machine (logger *logger) { - return new taint_state_machine (logger); + return std::make_unique<taint_state_machine> (logger); } /* A closed concrete range. */ @@ -1682,8 +1673,8 @@ region_model::check_region_for_taint (const region *reg, if (index_can_be_out_of_bounds_p (element_reg)) { tree arg = get_representative_tree (index); - ctxt->warn (make_unique<tainted_array_index> (taint_sm, - arg, b)); + ctxt->warn (std::make_unique<tainted_array_index> (taint_sm, + arg, b)); } else if (ctxt->get_logger ()) ctxt->get_logger ()->log ("rejecting tainted_array_index as" @@ -1709,8 +1700,8 @@ region_model::check_region_for_taint (const region *reg, if (taint_sm.get_taint (state, effective_type, &b)) { tree arg = get_representative_tree (offset); - ctxt->warn (make_unique<tainted_offset> (taint_sm, arg, b, - offset)); + ctxt->warn (std::make_unique<tainted_offset> (taint_sm, arg, b, + offset)); } } break; @@ -1727,7 +1718,7 @@ region_model::check_region_for_taint (const region *reg, if (taint_sm.get_taint (state, size_sval->get_type (), &b)) { tree arg = get_representative_tree (size_sval); - ctxt->warn (make_unique<tainted_size> (taint_sm, arg, b)); + ctxt->warn (std::make_unique<tainted_size> (taint_sm, arg, b)); } } break; @@ -1773,7 +1764,7 @@ region_model::check_dynamic_size_for_taint (enum memory_space mem_space, if (taint_sm.get_taint (state, size_in_bytes->get_type (), &b)) { tree arg = get_representative_tree (size_in_bytes); - ctxt->warn (make_unique<tainted_allocation_size> + ctxt->warn (std::make_unique<tainted_allocation_size> (taint_sm, arg, size_in_bytes, b, mem_space)); } } diff --git a/gcc/analyzer/sm.cc b/gcc/analyzer/sm.cc index 3e7fa66..0abbdd6 100644 --- a/gcc/analyzer/sm.cc +++ b/gcc/analyzer/sm.cc @@ -18,21 +18,11 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "tree.h" -#include "function.h" -#include "basic-block.h" -#include "gimple.h" -#include "options.h" -#include "function.h" -#include "diagnostic-core.h" -#include "pretty-print.h" -#include "diagnostic.h" +#define INCLUDE_LIST +#include "analyzer/common.h" + #include "tree-diagnostic.h" -#include "analyzer/analyzer.h" + #include "analyzer/analyzer-logging.h" #include "analyzer/sm.h" #include "analyzer/call-string.h" @@ -41,7 +31,6 @@ along with GCC; see the file COPYING3. If not see #include "analyzer/svalue.h" #include "analyzer/program-state.h" #include "analyzer/pending-diagnostic.h" -#include "make-unique.h" #if ENABLE_ANALYZER @@ -83,7 +72,7 @@ state_machine::state::to_json () const pretty_printer pp; pp_format_decoder (&pp) = default_tree_printer; dump_to_pp (&pp); - return ::make_unique<json::string> (pp_formatted_text (&pp)); + return std::make_unique<json::string> (pp_formatted_text (&pp)); } /* class state_machine. */ @@ -154,11 +143,11 @@ state_machine::dump_to_pp (pretty_printer *pp) const std::unique_ptr<json::object> state_machine::to_json () const { - auto sm_obj = ::make_unique<json::object> (); + auto sm_obj = std::make_unique<json::object> (); sm_obj->set_string ("name", m_name); { - auto states_arr = ::make_unique<json::array> (); + auto states_arr = std::make_unique<json::array> (); unsigned i; state *s; FOR_EACH_VEC_ELT (m_states, i, s) @@ -181,35 +170,40 @@ sm_context::get_old_region_model () const } /* Create instances of the various state machines, each using LOGGER, - and populate OUT with them. */ + returning a vector of them. */ -void -make_checkers (auto_delete_vec <state_machine> &out, logger *logger) +std::vector<std::unique_ptr<state_machine>> +make_checkers (logger *logger) { - out.safe_push (make_malloc_state_machine (logger)); - out.safe_push (make_fileptr_state_machine (logger)); - out.safe_push (make_fd_state_machine (logger)); - out.safe_push (make_taint_state_machine (logger)); - out.safe_push (make_sensitive_state_machine (logger)); - out.safe_push (make_signal_state_machine (logger)); - out.safe_push (make_va_list_state_machine (logger)); + /* Start with a list so that we can filter it. */ + std::list<std::unique_ptr<state_machine>> out; + out.push_back (make_malloc_state_machine (logger)); + out.push_back (make_fileptr_state_machine (logger)); + out.push_back (make_fd_state_machine (logger)); + out.push_back (make_taint_state_machine (logger)); + out.push_back (make_sensitive_state_machine (logger)); + out.push_back (make_signal_state_machine (logger)); + out.push_back (make_va_list_state_machine (logger)); /* We only attempt to run the pattern tests if it might have been manually enabled (for DejaGnu purposes). */ if (flag_analyzer_checker) - out.safe_push (make_pattern_test_state_machine (logger)); + out.push_back (make_pattern_test_state_machine (logger)); if (flag_analyzer_checker) { - unsigned read_index, write_index; - state_machine **sm; - - /* TODO: this leaks the machines - Would be nice to log the things that were removed. */ - VEC_ORDERED_REMOVE_IF (out, read_index, write_index, sm, - 0 != strcmp (flag_analyzer_checker, - (*sm)->get_name ())); + out.remove_if ([] (auto &sm) + { + return 0 != strcmp (flag_analyzer_checker, + sm->get_name ()); + }); } + + std::vector<std::unique_ptr<state_machine>> out_vec; + for (auto &iter: out) + out_vec.push_back (std::move (iter)); + + return out_vec; } } // namespace ana diff --git a/gcc/analyzer/sm.h b/gcc/analyzer/sm.h index a1f96e2..a932765 100644 --- a/gcc/analyzer/sm.h +++ b/gcc/analyzer/sm.h @@ -235,7 +235,7 @@ public: Use in preference to gimple_call_fndecl (and gimple_call_addr_fndecl), since it can look through function pointer assignments and other callback handling. */ - virtual tree get_fndecl_for_call (const gcall *call) = 0; + virtual tree get_fndecl_for_call (const gcall &call) = 0; /* Get the old state of VAR at STMT. */ virtual state_machine::state_t get_state (const gimple *stmt, @@ -341,17 +341,17 @@ protected: /* The various state_machine subclasses are hidden in their respective implementation files. */ -extern void make_checkers (auto_delete_vec <state_machine> &out, - logger *logger); - -extern state_machine *make_malloc_state_machine (logger *logger); -extern state_machine *make_fileptr_state_machine (logger *logger); -extern state_machine *make_taint_state_machine (logger *logger); -extern state_machine *make_sensitive_state_machine (logger *logger); -extern state_machine *make_signal_state_machine (logger *logger); -extern state_machine *make_pattern_test_state_machine (logger *logger); -extern state_machine *make_va_list_state_machine (logger *logger); -extern state_machine *make_fd_state_machine (logger *logger); +extern std::vector<std::unique_ptr<state_machine>> +make_checkers (logger *logger); + +extern std::unique_ptr<state_machine> make_malloc_state_machine (logger *); +extern std::unique_ptr<state_machine> make_fileptr_state_machine (logger *); +extern std::unique_ptr<state_machine> make_taint_state_machine (logger *); +extern std::unique_ptr<state_machine> make_sensitive_state_machine (logger *); +extern std::unique_ptr<state_machine> make_signal_state_machine (logger *); +extern std::unique_ptr<state_machine> make_pattern_test_state_machine (logger *); +extern std::unique_ptr<state_machine> make_va_list_state_machine (logger *); +extern std::unique_ptr<state_machine> make_fd_state_machine (logger *); } // namespace ana diff --git a/gcc/analyzer/state-purge.cc b/gcc/analyzer/state-purge.cc index b7a5260..7a93cee 100644 --- a/gcc/analyzer/state-purge.cc +++ b/gcc/analyzer/state-purge.cc @@ -18,26 +18,21 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "tree.h" +#include "analyzer/common.h" + #include "timevar.h" -#include "tree-ssa-alias.h" -#include "function.h" -#include "basic-block.h" -#include "gimple.h" -#include "stringpool.h" +#include "gimple-pretty-print.h" #include "tree-vrp.h" #include "gimple-ssa.h" +#include "stringpool.h" #include "tree-ssanames.h" #include "tree-phinodes.h" #include "options.h" #include "ssa-iterators.h" -#include "diagnostic-core.h" -#include "gimple-pretty-print.h" -#include "analyzer/analyzer.h" +#include "gimple-iterator.h" +#include "gimple-walk.h" +#include "cgraph.h" + #include "analyzer/call-string.h" #include "analyzer/supergraph.h" #include "analyzer/program-point.h" @@ -45,8 +40,6 @@ along with GCC; see the file COPYING3. If not see #include "analyzer/state-purge.h" #include "analyzer/store.h" #include "analyzer/region-model.h" -#include "gimple-walk.h" -#include "cgraph.h" #if ENABLE_ANALYZER @@ -737,7 +730,7 @@ state_purge_per_decl::process_worklists (const state_purge_map &map, worklist.safe_push (iter); region_model model (mgr); - model.push_frame (get_function (), NULL, NULL); + model.push_frame (get_function (), nullptr, nullptr, nullptr); /* Process worklist by walking backwards until we reach a stmt that fully overwrites the decl. */ diff --git a/gcc/analyzer/store.cc b/gcc/analyzer/store.cc index ab469dd..e6723c7 100644 --- a/gcc/analyzer/store.cc +++ b/gcc/analyzer/store.cc @@ -18,44 +18,23 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "tree.h" -#include "function.h" -#include "basic-block.h" -#include "gimple.h" -#include "gimple-iterator.h" -#include "diagnostic-core.h" -#include "graphviz.h" -#include "options.h" -#include "cgraph.h" -#include "tree-dfa.h" -#include "stringpool.h" -#include "convert.h" -#include "target.h" -#include "fold-const.h" -#include "tree-pretty-print.h" -#include "diagnostic-color.h" -#include "bitmap.h" -#include "selftest.h" -#include "analyzer/analyzer.h" -#include "analyzer/analyzer-logging.h" +#include "analyzer/common.h" + #include "ordered-hash-map.h" -#include "options.h" #include "cfg.h" -#include "analyzer/supergraph.h" #include "sbitmap.h" +#include "stor-layout.h" + +#include "text-art/tree-widget.h" + +#include "analyzer/analyzer-logging.h" +#include "analyzer/supergraph.h" #include "analyzer/call-string.h" #include "analyzer/program-point.h" #include "analyzer/store.h" #include "analyzer/region-model.h" #include "analyzer/call-summary.h" #include "analyzer/analyzer-selftests.h" -#include "stor-layout.h" -#include "text-art/tree-widget.h" -#include "make-unique.h" #if ENABLE_ANALYZER @@ -234,7 +213,7 @@ bit_range::dump () const std::unique_ptr<json::object> bit_range::to_json () const { - auto obj = ::make_unique<json::object> (); + auto obj = std::make_unique<json::object> (); obj->set ("start_bit_offset", bit_offset_to_json (m_start_bit_offset)); obj->set ("size_in_bits", @@ -508,7 +487,7 @@ byte_range::dump () const std::unique_ptr<json::object> byte_range::to_json () const { - auto obj = ::make_unique<json::object> (); + auto obj = std::make_unique<json::object> (); obj->set ("start_byte_offset", byte_offset_to_json (m_start_byte_offset)); obj->set ("size_in_bytes", @@ -773,7 +752,7 @@ binding_map::dump (bool simple) const std::unique_ptr<json::object> binding_map::to_json () const { - auto map_obj = ::make_unique<json::object> (); + auto map_obj = std::make_unique<json::object> (); auto_vec <const binding_key *> binding_keys; for (map_t::iterator iter = m_map.begin (); @@ -1455,7 +1434,7 @@ binding_cluster::validate () const std::unique_ptr<json::object> binding_cluster::to_json () const { - auto cluster_obj = ::make_unique<json::object> (); + auto cluster_obj = std::make_unique<json::object> (); cluster_obj->set_bool ("escaped", m_escaped); cluster_obj->set_bool ("touched", m_touched); @@ -2208,7 +2187,7 @@ binding_cluster::mark_as_escaped () Use P to purge state involving conjured_svalues. */ void -binding_cluster::on_unknown_fncall (const gcall *call, +binding_cluster::on_unknown_fncall (const gcall &call, store_manager *mgr, const conjured_purge &p) { @@ -2221,7 +2200,7 @@ binding_cluster::on_unknown_fncall (const gcall *call, /* Bind it to a new "conjured" value using CALL. */ const svalue *sval = mgr->get_svalue_manager ()->get_or_create_conjured_svalue - (m_base_region->get_type (), call, m_base_region, p); + (m_base_region->get_type (), &call, m_base_region, p); bind (mgr, m_base_region, sval); } @@ -2672,7 +2651,7 @@ store::validate () const std::unique_ptr<json::object> store::to_json () const { - auto store_obj = ::make_unique<json::object> (); + auto store_obj = std::make_unique<json::object> (); /* Sort into some deterministic order. */ auto_vec<const region *> base_regions; @@ -2695,7 +2674,7 @@ store::to_json () const { gcc_assert (parent_reg); - auto clusters_in_parent_reg_obj = ::make_unique<json::object> (); + auto clusters_in_parent_reg_obj = std::make_unique<json::object> (); const region *base_reg; unsigned j; @@ -3259,7 +3238,7 @@ store::mark_as_escaped (const region *base_reg) (either in this fncall, or in a prior one). */ void -store::on_unknown_fncall (const gcall *call, store_manager *mgr, +store::on_unknown_fncall (const gcall &call, store_manager *mgr, const conjured_purge &p) { m_called_unknown_fn = true; diff --git a/gcc/analyzer/store.h b/gcc/analyzer/store.h index 6c84812..171324c 100644 --- a/gcc/analyzer/store.h +++ b/gcc/analyzer/store.h @@ -666,7 +666,7 @@ public: store_manager *mgr); void mark_as_escaped (); - void on_unknown_fncall (const gcall *call, store_manager *mgr, + void on_unknown_fncall (const gcall &call, store_manager *mgr, const conjured_purge &p); void on_asm (const gasm *stmt, store_manager *mgr, const conjured_purge &p); @@ -800,7 +800,7 @@ public: model_merger *merger); void mark_as_escaped (const region *base_reg); - void on_unknown_fncall (const gcall *call, store_manager *mgr, + void on_unknown_fncall (const gcall &call, store_manager *mgr, const conjured_purge &p); bool escaped_p (const region *reg) const; diff --git a/gcc/analyzer/supergraph.cc b/gcc/analyzer/supergraph.cc index f35adf0..de2c330 100644 --- a/gcc/analyzer/supergraph.cc +++ b/gcc/analyzer/supergraph.cc @@ -18,42 +18,23 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#include "system.h" -#include "coretypes.h" -#include "tree.h" -#include "tm.h" -#include "toplev.h" -#include "hash-table.h" -#include "vec.h" -#include "ggc.h" -#include "basic-block.h" -#include "function.h" -#include "gimple.h" -#include "gimple-iterator.h" -#include "gimple-fold.h" -#include "tree-eh.h" -#include "gimple-expr.h" -#include "is-a.h" +#include "analyzer/common.h" + #include "timevar.h" #include "gimple-pretty-print.h" -#include "tree-pretty-print.h" -#include "graphviz.h" -#include "cgraph.h" -#include "tree-dfa.h" -#include "bitmap.h" -#include "cfganal.h" -#include "function.h" -#include "analyzer/analyzer.h" #include "ordered-hash-map.h" #include "options.h" #include "cgraph.h" #include "cfg.h" #include "digraph.h" #include "tree-cfg.h" +#include "tree-dfa.h" +#include "cfganal.h" +#include "except.h" + #include "analyzer/supergraph.h" #include "analyzer/analyzer-logging.h" -#include "make-unique.h" +#include "analyzer/region-model.h" #if ENABLE_ANALYZER @@ -465,11 +446,11 @@ supergraph::dump_dot (const char *path, const dump_args_t &dump_args) const std::unique_ptr<json::object> supergraph::to_json () const { - auto sgraph_obj = ::make_unique<json::object> (); + auto sgraph_obj = std::make_unique<json::object> (); /* Nodes. */ { - auto nodes_arr = ::make_unique<json::array> (); + auto nodes_arr = std::make_unique<json::array> (); unsigned i; supernode *n; FOR_EACH_VEC_ELT (m_nodes, i, n) @@ -479,7 +460,7 @@ supergraph::to_json () const /* Edges. */ { - auto edges_arr = ::make_unique<json::array> (); + auto edges_arr = std::make_unique<json::array> (); unsigned i; superedge *n; FOR_EACH_VEC_ELT (m_edges, i, n) @@ -511,21 +492,25 @@ supergraph::add_node (function *fun, basic_block bb, gcall *returning_call, /* Create a new cfg_superedge from SRC to DEST for the underlying CFG edge E, adding it to this supergraph. - If the edge is for a switch statement, create a switch_cfg_superedge - subclass. */ + If the edge is for a switch or eh_dispatch statement, create a + switch_cfg_superedge or eh_dispatch_cfg_superedge subclass, + respectively */ cfg_superedge * supergraph::add_cfg_edge (supernode *src, supernode *dest, ::edge e) { - /* Special-case switch edges. */ + /* Special-case switch and eh_dispatch edges. */ gimple *stmt = src->get_last_stmt (); - cfg_superedge *new_edge; + std::unique_ptr<cfg_superedge> new_edge; if (stmt && stmt->code == GIMPLE_SWITCH) - new_edge = new switch_cfg_superedge (src, dest, e); + new_edge = std::make_unique<switch_cfg_superedge> (src, dest, e); + else if (stmt && stmt->code == GIMPLE_EH_DISPATCH) + new_edge = eh_dispatch_cfg_superedge::make (src, dest, e, + as_a <geh_dispatch *> (stmt)); else - new_edge = new cfg_superedge (src, dest, e); - add_edge (new_edge); - return new_edge; + new_edge = std::make_unique<cfg_superedge> (src, dest, e); + add_edge (new_edge.get ()); + return new_edge.release (); } /* Create and add a call_superedge representing an interprocedural call @@ -720,7 +705,7 @@ supernode::dump_dot_id (pretty_printer *pp) const std::unique_ptr<json::object> supernode::to_json () const { - auto snode_obj = ::make_unique<json::object> (); + auto snode_obj = std::make_unique<json::object> (); snode_obj->set_integer ("idx", m_index); snode_obj->set_integer ("bb_idx", m_bb->index); @@ -737,7 +722,7 @@ supernode::to_json () const /* Phi nodes. */ { - auto phi_arr = ::make_unique<json::array> (); + auto phi_arr = std::make_unique<json::array> (); for (gphi_iterator gpi = const_cast<supernode *> (this)->start_phis (); !gsi_end_p (gpi); gsi_next (&gpi)) { @@ -752,7 +737,7 @@ supernode::to_json () const /* Statements. */ { - auto stmt_arr = ::make_unique<json::array> (); + auto stmt_arr = std::make_unique<json::array> (); int i; gimple *stmt; FOR_EACH_VEC_ELT (m_stmts, i, stmt) @@ -983,7 +968,7 @@ superedge::dump_dot (graphviz_out *gv, const dump_args_t &) const std::unique_ptr<json::object> superedge::to_json () const { - auto sedge_obj = ::make_unique<json::object> (); + auto sedge_obj = std::make_unique<json::object> (); sedge_obj->set_string ("kind", edge_kind_to_string (m_kind)); sedge_obj->set_integer ("src_idx", m_src->m_index); sedge_obj->set_integer ("dst_idx", m_dest->m_index); @@ -1030,6 +1015,7 @@ label_text superedge::get_description (bool user_facing) const { pretty_printer pp; + pp_format_decoder (&pp) = default_tree_printer; dump_label_to_pp (&pp, user_facing); return label_text::take (xstrdup (pp_formatted_text (&pp))); } @@ -1099,6 +1085,8 @@ cfg_superedge::get_phi_arg (const gphi *phi) const return gimple_phi_arg_def (phi, index); } +/* class switch_cfg_superedge : public cfg_superedge. */ + switch_cfg_superedge::switch_cfg_superedge (supernode *src, supernode *dst, ::edge e) @@ -1206,6 +1194,203 @@ switch_cfg_superedge::implicitly_created_default_p () const return EXPR_LOCATION (case_label) == UNKNOWN_LOCATION; } +/* class eh_dispatch_cfg_superedge : public cfg_superedge. */ + +/* Given an ERT_TRY region, get the eh_catch corresponding to + the label of DST_SNODE, if any. */ + +static eh_catch +get_catch (eh_region eh_reg, supernode *dst_snode) +{ + gcc_assert (eh_reg->type == ERT_TRY); + + tree dst_snode_label = dst_snode->get_label (); + if (!dst_snode_label) + return nullptr; + + for (eh_catch iter = eh_reg->u.eh_try.first_catch; + iter; + iter = iter->next_catch) + if (iter->label == dst_snode_label) + return iter; + + return nullptr; +} + +std::unique_ptr<eh_dispatch_cfg_superedge> +eh_dispatch_cfg_superedge::make (supernode *src_snode, + supernode *dst_snode, + ::edge e, + const geh_dispatch *eh_dispatch_stmt) +{ + const eh_status *eh = src_snode->get_function ()->eh; + gcc_assert (eh); + int region_idx = gimple_eh_dispatch_region (eh_dispatch_stmt); + gcc_assert (region_idx > 0); + gcc_assert ((*eh->region_array)[region_idx]); + eh_region eh_reg = (*eh->region_array)[region_idx]; + gcc_assert (eh_reg); + switch (eh_reg->type) + { + default: + gcc_unreachable (); + case ERT_CLEANUP: + // TODO + gcc_unreachable (); + break; + case ERT_TRY: + { + eh_catch ehc = get_catch (eh_reg, dst_snode); + return std::make_unique<eh_dispatch_try_cfg_superedge> + (src_snode, dst_snode, + e, eh_dispatch_stmt, + eh_reg, ehc); + } + break; + case ERT_ALLOWED_EXCEPTIONS: + return std::make_unique<eh_dispatch_allowed_cfg_superedge> + (src_snode, dst_snode, + e, eh_dispatch_stmt, + eh_reg); + break; + case ERT_MUST_NOT_THROW: + // TODO + gcc_unreachable (); + break; + } +} + +eh_dispatch_cfg_superedge:: +eh_dispatch_cfg_superedge (supernode *src, + supernode *dst, + ::edge e, + const geh_dispatch *eh_dispatch_stmt, + eh_region eh_reg) +: cfg_superedge (src, dst, e), + m_eh_dispatch_stmt (eh_dispatch_stmt), + m_eh_region (eh_reg) +{ + gcc_assert (m_eh_region); +} + +const eh_status & +eh_dispatch_cfg_superedge::get_eh_status () const +{ + const eh_status *eh = m_src->get_function ()->eh; + gcc_assert (eh); + return *eh; +} + +// class eh_dispatch_try_cfg_superedge : public eh_dispatch_cfg_superedge + +/* Implementation of superedge::dump_label_to_pp for CFG superedges for + "eh_dispatch" statements for ERT_TRY regions. */ + +void +eh_dispatch_try_cfg_superedge::dump_label_to_pp (pretty_printer *pp, + bool user_facing) const +{ + if (!user_facing) + pp_string (pp, "ERT_TRY: "); + if (m_eh_catch) + { + bool first = true; + for (tree iter = m_eh_catch->type_list; iter; iter = TREE_CHAIN (iter)) + { + if (!first) + pp_string (pp, ", "); + pp_printf (pp, "on catch %qT", TREE_VALUE (iter)); + first = false; + } + } + else + pp_string (pp, "on uncaught exception"); +} + +bool +eh_dispatch_try_cfg_superedge:: +apply_constraints (region_model *model, + region_model_context *ctxt, + tree exception_type, + std::unique_ptr<rejected_constraint> *out) const +{ + return model->apply_constraints_for_eh_dispatch_try + (*this, ctxt, exception_type, out); +} + +// class eh_dispatch_allowed_cfg_superedge : public eh_dispatch_cfg_superedge + +eh_dispatch_allowed_cfg_superedge:: +eh_dispatch_allowed_cfg_superedge (supernode *src, supernode *dst, ::edge e, + const geh_dispatch *eh_dispatch_stmt, + eh_region eh_reg) +: eh_dispatch_cfg_superedge (src, dst, e, eh_dispatch_stmt, eh_reg) +{ + gcc_assert (eh_reg->type == ERT_ALLOWED_EXCEPTIONS); + + /* We expect two sibling out-edges at an eh_dispatch from such a region: + + - one to a bb without a gimple label, with a resx, + for exceptions of expected types + + - one to a bb with a gimple label, with a call to __cxa_unexpected, + for exceptions of unexpected types. + + Set m_kind for this edge accordingly. */ + gcc_assert (e->src->succs->length () == 2); + tree label_for_unexpected_exceptions = eh_reg->u.allowed.label; + tree label_for_dest_enode = dst->get_label (); + if (label_for_dest_enode == label_for_unexpected_exceptions) + m_kind = eh_kind::unexpected; + else + { + gcc_assert (label_for_dest_enode == nullptr); + m_kind = eh_kind::expected; + } +} + +void +eh_dispatch_allowed_cfg_superedge::dump_label_to_pp (pretty_printer *pp, + bool user_facing) const +{ + if (!user_facing) + { + switch (m_kind) + { + default: + gcc_unreachable (); + case eh_dispatch_allowed_cfg_superedge::eh_kind::expected: + pp_string (pp, "expected: "); + break; + case eh_dispatch_allowed_cfg_superedge::eh_kind::unexpected: + pp_string (pp, "unexpected: "); + break; + } + pp_string (pp, "ERT_ALLOWED_EXCEPTIONS: "); + eh_region eh_reg = get_eh_region (); + bool first = true; + for (tree iter = eh_reg->u.allowed.type_list; iter; + iter = TREE_CHAIN (iter)) + { + if (!first) + pp_string (pp, ", "); + pp_printf (pp, "%qT", TREE_VALUE (iter)); + first = false; + } + } +} + +bool +eh_dispatch_allowed_cfg_superedge:: +apply_constraints (region_model *model, + region_model_context *ctxt, + tree exception_type, + std::unique_ptr<rejected_constraint> *out) const +{ + return model->apply_constraints_for_eh_dispatch_allowed + (*this, ctxt, exception_type, out); +} + /* Implementation of superedge::dump_label_to_pp for interprocedural superedges. */ @@ -1261,13 +1446,13 @@ callgraph_superedge::get_callee_decl () const /* Get the gcall * of this interprocedural call/return edge. */ -gcall * +const gcall & callgraph_superedge::get_call_stmt () const { if (m_cedge) - return m_cedge->call_stmt; + return *m_cedge->call_stmt; - return m_src->get_final_call (); + return *m_src->get_final_call (); } /* Get the calling fndecl at this interprocedural call/return edge. */ @@ -1289,19 +1474,19 @@ callgraph_superedge::get_arg_for_parm (tree parm_to_find, gcc_assert (TREE_CODE (parm_to_find) == PARM_DECL); tree callee = get_callee_decl (); - const gcall *call_stmt = get_call_stmt (); + const gcall &call_stmt = get_call_stmt (); unsigned i = 0; for (tree iter_parm = DECL_ARGUMENTS (callee); iter_parm; iter_parm = DECL_CHAIN (iter_parm), ++i) { - if (i >= gimple_call_num_args (call_stmt)) + if (i >= gimple_call_num_args (&call_stmt)) return NULL_TREE; if (iter_parm == parm_to_find) { if (out) *out = callsite_expr::from_zero_based_param (i); - return gimple_call_arg (call_stmt, i); + return gimple_call_arg (&call_stmt, i); } } @@ -1319,15 +1504,15 @@ callgraph_superedge::get_parm_for_arg (tree arg_to_find, callsite_expr *out) const { tree callee = get_callee_decl (); - const gcall *call_stmt = get_call_stmt (); + const gcall &call_stmt = get_call_stmt (); unsigned i = 0; for (tree iter_parm = DECL_ARGUMENTS (callee); iter_parm; iter_parm = DECL_CHAIN (iter_parm), ++i) { - if (i >= gimple_call_num_args (call_stmt)) + if (i >= gimple_call_num_args (&call_stmt)) return NULL_TREE; - tree param = gimple_call_arg (call_stmt, i); + tree param = gimple_call_arg (&call_stmt, i); if (arg_to_find == param) { if (out) @@ -1353,7 +1538,7 @@ callgraph_superedge::map_expr_from_caller_to_callee (tree caller_expr, if (parm) return parm; /* Otherwise try return value. */ - if (caller_expr == gimple_call_lhs (get_call_stmt ())) + if (caller_expr == gimple_call_lhs (&get_call_stmt ())) { if (out) *out = callsite_expr::from_return_value (); @@ -1388,7 +1573,7 @@ callgraph_superedge::map_expr_from_callee_to_caller (tree callee_expr, { if (out) *out = callsite_expr::from_return_value (); - return gimple_call_lhs (get_call_stmt ()); + return gimple_call_lhs (&get_call_stmt ()); } return NULL_TREE; diff --git a/gcc/analyzer/supergraph.h b/gcc/analyzer/supergraph.h index 6f94f99..8796ab7 100644 --- a/gcc/analyzer/supergraph.h +++ b/gcc/analyzer/supergraph.h @@ -27,6 +27,7 @@ along with GCC; see the file COPYING3. If not see #include "gimple.h" #include "gimple-iterator.h" #include "digraph.h" +#include "except.h" using namespace ana; @@ -42,6 +43,9 @@ class superedge; class return_superedge; class cfg_superedge; class switch_cfg_superedge; + class eh_dispatch_cfg_superedge; + class eh_dispatch_try_cfg_superedge; + class eh_dispatch_allowed_cfg_superedge; class supercluster; class dot_annotator; @@ -126,7 +130,7 @@ public: return *const_cast <bb_to_node_t &> (m_bb_to_initial_node).get (bb); } - /* Get the supernode containing the second half of the gcall * + /* Get the supernode containing the second half of the gcall & at an interprocedural call, within the caller. */ supernode *get_caller_next_node (cgraph_edge *edge) const { @@ -330,6 +334,9 @@ class superedge : public dedge<supergraph_traits> virtual cfg_superedge *dyn_cast_cfg_superedge () { return NULL; } virtual const cfg_superedge *dyn_cast_cfg_superedge () const { return NULL; } virtual const switch_cfg_superedge *dyn_cast_switch_cfg_superedge () const { return NULL; } + virtual const eh_dispatch_cfg_superedge *dyn_cast_eh_dispatch_cfg_superedge () const { return nullptr; } + virtual const eh_dispatch_try_cfg_superedge *dyn_cast_eh_dispatch_try_cfg_superedge () const { return nullptr; } + virtual const eh_dispatch_allowed_cfg_superedge *dyn_cast_eh_dispatch_allowed_cfg_superedge () const { return nullptr; } virtual callgraph_superedge *dyn_cast_callgraph_superedge () { return NULL; } virtual const callgraph_superedge *dyn_cast_callgraph_superedge () const { return NULL; } virtual call_superedge *dyn_cast_call_superedge () { return NULL; } @@ -415,7 +422,7 @@ class callgraph_superedge : public superedge function *get_caller_function () const; tree get_callee_decl () const; tree get_caller_decl () const; - gcall *get_call_stmt () const; + const gcall &get_call_stmt () const; tree get_arg_for_parm (tree parm, callsite_expr *out) const; tree get_parm_for_arg (tree arg, callsite_expr *out) const; tree map_expr_from_caller_to_callee (tree caller_expr, @@ -592,6 +599,164 @@ is_a_helper <const switch_cfg_superedge *>::test (const superedge *sedge) namespace ana { +/* A subclass for edges from eh_dispatch statements, retaining enough + information to identify the various types being caught, vs the + "unhandled type" case, and for adding labels when rendering + via graphviz. + This is abstract; there are concrete subclasses based on the type + of the eh_region. */ + +class eh_dispatch_cfg_superedge : public cfg_superedge +{ + public: + static std::unique_ptr<eh_dispatch_cfg_superedge> + make (supernode *src, + supernode *dest, + ::edge e, + const geh_dispatch *eh_dispatch_stmt); + + const eh_dispatch_cfg_superedge *dyn_cast_eh_dispatch_cfg_superedge () const + final override + { + return this; + } + + const geh_dispatch * + get_eh_dispatch_stmt () const + { + return m_eh_dispatch_stmt; + } + + const eh_status &get_eh_status () const; + eh_region get_eh_region () const { return m_eh_region; } + + virtual bool + apply_constraints (region_model *model, + region_model_context *ctxt, + tree exception_type, + std::unique_ptr<rejected_constraint> *out) const = 0; + +protected: + eh_dispatch_cfg_superedge (supernode *src, supernode *dst, ::edge e, + const geh_dispatch *eh_dispatch_stmt, + eh_region eh_reg); + +private: + const geh_dispatch *m_eh_dispatch_stmt; + eh_region m_eh_region; +}; + +} // namespace ana + +template <> +template <> +inline bool +is_a_helper <const eh_dispatch_cfg_superedge *>::test (const superedge *sedge) +{ + return sedge->dyn_cast_eh_dispatch_cfg_superedge () != NULL; +} + +namespace ana { + +/* A concrete subclass for edges from an eh_dispatch statements + for ERT_TRY regions. */ + +class eh_dispatch_try_cfg_superedge : public eh_dispatch_cfg_superedge +{ + public: + eh_dispatch_try_cfg_superedge (supernode *src, supernode *dst, ::edge e, + const geh_dispatch *eh_dispatch_stmt, + eh_region eh_reg, + eh_catch ehc) + : eh_dispatch_cfg_superedge (src, dst, e, eh_dispatch_stmt, eh_reg), + m_eh_catch (ehc) + { + gcc_assert (eh_reg->type == ERT_TRY); + } + + const eh_dispatch_try_cfg_superedge * + dyn_cast_eh_dispatch_try_cfg_superedge () const final override + { + return this; + } + + void dump_label_to_pp (pretty_printer *pp, + bool user_facing) const final override; + + eh_catch get_eh_catch () const { return m_eh_catch; } + + bool + apply_constraints (region_model *model, + region_model_context *ctxt, + tree exception_type, + std::unique_ptr<rejected_constraint> *out) + const final override; + +private: + eh_catch m_eh_catch; +}; + +} // namespace ana + +template <> +template <> +inline bool +is_a_helper <const eh_dispatch_try_cfg_superedge *>::test (const superedge *sedge) +{ + return sedge->dyn_cast_eh_dispatch_try_cfg_superedge () != NULL; +} + +namespace ana { + +/* A concrete subclass for edges from an eh_dispatch statements + for ERT_ALLOWED_EXCEPTIONS regions. */ + +class eh_dispatch_allowed_cfg_superedge : public eh_dispatch_cfg_superedge +{ + public: + enum eh_kind + { + expected, + unexpected + }; + + eh_dispatch_allowed_cfg_superedge (supernode *src, supernode *dst, ::edge e, + const geh_dispatch *eh_dispatch_stmt, + eh_region eh_reg); + + const eh_dispatch_allowed_cfg_superedge * + dyn_cast_eh_dispatch_allowed_cfg_superedge () const final override + { + return this; + } + + void dump_label_to_pp (pretty_printer *pp, + bool user_facing) const final override; + + bool + apply_constraints (region_model *model, + region_model_context *ctxt, + tree exception_type, + std::unique_ptr<rejected_constraint> *out) + const final override; + + enum eh_kind get_eh_kind () const { return m_kind; } + +private: + enum eh_kind m_kind; +}; + +} // namespace ana + +template <> +template <> +inline bool +is_a_helper <const eh_dispatch_allowed_cfg_superedge *>::test (const superedge *sedge) +{ + return sedge->dyn_cast_eh_dispatch_allowed_cfg_superedge () != NULL; +} + +namespace ana { /* Base class for adding additional content to the .dot output for a supergraph. */ diff --git a/gcc/analyzer/svalue.cc b/gcc/analyzer/svalue.cc index 2e3f051..f3f80d1 100644 --- a/gcc/analyzer/svalue.cc +++ b/gcc/analyzer/svalue.cc @@ -18,39 +18,22 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "tree.h" -#include "diagnostic-core.h" +#include "analyzer/common.h" + +#include "tree-pretty-print.h" #include "gimple-pretty-print.h" -#include "function.h" -#include "basic-block.h" -#include "gimple.h" -#include "gimple-iterator.h" -#include "diagnostic-core.h" -#include "graphviz.h" -#include "options.h" -#include "cgraph.h" -#include "tree-dfa.h" -#include "stringpool.h" -#include "convert.h" -#include "target.h" #include "fold-const.h" -#include "tree-pretty-print.h" -#include "bitmap.h" -#include "analyzer/analyzer.h" +#include "diagnostic.h" +#include "tree-diagnostic.h" + +#include "text-art/dump.h" + #include "analyzer/analyzer-logging.h" #include "analyzer/call-string.h" #include "analyzer/program-point.h" #include "analyzer/store.h" #include "analyzer/svalue.h" #include "analyzer/region-model.h" -#include "diagnostic.h" -#include "tree-diagnostic.h" -#include "make-unique.h" -#include "text-art/dump.h" #if ENABLE_ANALYZER @@ -107,7 +90,7 @@ std::unique_ptr<json::value> svalue::to_json () const { label_text desc = get_desc (true); - auto sval_js = ::make_unique<json::string> (desc.get ()); + auto sval_js = std::make_unique<json::string> (desc.get ()); return sval_js; } @@ -572,8 +555,8 @@ svalue::cmp_ptr (const svalue *sval1, const svalue *sval2) { const poisoned_svalue *poisoned_sval1 = (const poisoned_svalue *)sval1; const poisoned_svalue *poisoned_sval2 = (const poisoned_svalue *)sval2; - return (poisoned_sval1->get_poison_kind () - - poisoned_sval2->get_poison_kind ()); + return (static_cast<int> (poisoned_sval1->get_poison_kind ()) + - static_cast<int> (poisoned_sval2->get_poison_kind ())); } break; case SK_SETJMP: @@ -877,6 +860,19 @@ svalue::maybe_get_deref_base_region () const } } +/* If this svalue is a pointer to the typeinfo instance for a particular + type, return that type. Otherwise return NULL_TREE. */ + +tree +svalue::maybe_get_type_from_typeinfo () const +{ + if (const region *reg = maybe_get_region ()) + if (const decl_region *decl_reg = reg->dyn_cast_decl_region ()) + return TREE_TYPE (DECL_NAME (decl_reg->get_decl ())); + + return NULL_TREE; +} + /* class region_svalue : public svalue. */ /* Implementation of svalue::dump_to_pp vfunc for region_svalue. */ @@ -1234,13 +1230,13 @@ poison_kind_to_str (enum poison_kind kind) { default: gcc_unreachable (); - case POISON_KIND_UNINIT: + case poison_kind::uninit: return "uninit"; - case POISON_KIND_FREED: + case poison_kind::freed: return "freed"; - case POISON_KIND_DELETED: + case poison_kind::deleted: return "deleted"; - case POISON_KIND_POPPED_STACK: + case poison_kind::popped_stack: return "popped stack"; } } diff --git a/gcc/analyzer/svalue.h b/gcc/analyzer/svalue.h index bf9e12b..7a27cb6 100644 --- a/gcc/analyzer/svalue.h +++ b/gcc/analyzer/svalue.h @@ -188,6 +188,8 @@ public: const region_model &model, const svalue *outer_sval = nullptr) const; + tree maybe_get_type_from_typeinfo () const; + protected: svalue (complexity c, symbol::id_t id, tree type) : symbol (c, id), m_type (type) @@ -421,19 +423,19 @@ public: /* An enum describing a particular kind of "poisoned" value. */ -enum poison_kind +enum class poison_kind { /* For use to describe uninitialized memory. */ - POISON_KIND_UNINIT, + uninit, /* For use to describe freed memory. */ - POISON_KIND_FREED, + freed, /* For use to describe deleted memory. */ - POISON_KIND_DELETED, + deleted, /* For use on pointers to regions within popped stack frames. */ - POISON_KIND_POPPED_STACK + popped_stack }; extern const char *poison_kind_to_str (enum poison_kind); @@ -454,7 +456,7 @@ public: hashval_t hash () const { inchash::hash hstate; - hstate.add_int (m_kind); + hstate.add_int (static_cast<int> (m_kind)); hstate.add_ptr (m_type); return hstate.end (); } @@ -528,8 +530,8 @@ namespace ana { struct setjmp_record { setjmp_record (const exploded_node *enode, - const gcall *setjmp_call) - : m_enode (enode), m_setjmp_call (setjmp_call) + const gcall &setjmp_call) + : m_enode (enode), m_setjmp_call (&setjmp_call) { } @@ -549,6 +551,7 @@ struct setjmp_record const exploded_node *m_enode; const gcall *m_setjmp_call; + // non-null, but we can't use a reference since we're putting these in a hash_map }; /* Concrete subclass of svalue representing buffers for setjmp/sigsetjmp, diff --git a/gcc/analyzer/symbol.cc b/gcc/analyzer/symbol.cc index 068801a..8643284 100644 --- a/gcc/analyzer/symbol.cc +++ b/gcc/analyzer/symbol.cc @@ -18,11 +18,8 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#include "system.h" -#include "coretypes.h" -#include "tree.h" -#include "analyzer/analyzer.h" +#include "analyzer/common.h" + #include "analyzer/symbol.h" #if ENABLE_ANALYZER diff --git a/gcc/analyzer/trimmed-graph.cc b/gcc/analyzer/trimmed-graph.cc index 993084c..bdf378a 100644 --- a/gcc/analyzer/trimmed-graph.cc +++ b/gcc/analyzer/trimmed-graph.cc @@ -18,21 +18,8 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "tree.h" -#include "pretty-print.h" -#include "gcc-rich-location.h" -#include "gimple-pretty-print.h" -#include "function.h" -#include "diagnostic-core.h" -#include "diagnostic-event-id.h" -#include "diagnostic-path.h" -#include "bitmap.h" -#include "ordered-hash-map.h" -#include "analyzer/analyzer.h" +#include "analyzer/common.h" + #include "analyzer/analyzer-logging.h" #include "analyzer/sm.h" #include "analyzer/pending-diagnostic.h" diff --git a/gcc/analyzer/varargs.cc b/gcc/analyzer/varargs.cc index 0cacc9b..6ea0d29 100644 --- a/gcc/analyzer/varargs.cc +++ b/gcc/analyzer/varargs.cc @@ -18,18 +18,8 @@ You should have received a copy of the GNU General Public License along with GCC; see the file COPYING3. If not see <http://www.gnu.org/licenses/>. */ -#include "config.h" -#define INCLUDE_VECTOR -#include "system.h" -#include "coretypes.h" -#include "make-unique.h" -#include "tree.h" -#include "function.h" -#include "basic-block.h" -#include "gimple.h" -#include "diagnostic-core.h" -#include "diagnostic-path.h" -#include "analyzer/analyzer.h" +#include "analyzer/common.h" + #include "analyzer/analyzer-logging.h" #include "analyzer/sm.h" #include "analyzer/pending-diagnostic.h" @@ -167,10 +157,10 @@ get_va_list_diag_arg (tree va_list_tree) static const svalue * get_va_copy_arg (const region_model *model, region_model_context *ctxt, - const gcall *call, + const gcall &call, unsigned arg_idx) { - tree arg = gimple_call_arg (call, arg_idx); + tree arg = gimple_call_arg (&call, arg_idx); const svalue *arg_sval = model->get_rvalue (arg, ctxt); if (const svalue *cast = arg_sval->maybe_undo_cast ()) arg_sval = cast; @@ -225,16 +215,16 @@ public: private: void on_va_start (sm_context &sm_ctxt, const supernode *node, - const gcall *call) const; + const gcall &call) const; void on_va_copy (sm_context &sm_ctxt, const supernode *node, - const gcall *call) const; + const gcall &call) const; void on_va_arg (sm_context &sm_ctxt, const supernode *node, - const gcall *call) const; + const gcall &call) const; void on_va_end (sm_context &sm_ctxt, const supernode *node, - const gcall *call) const; + const gcall &call) const; void check_for_ended_va_list (sm_context &sm_ctxt, const supernode *node, - const gcall *call, + const gcall &call, const svalue *arg, const char *usage_fnname) const; }; @@ -256,10 +246,12 @@ va_list_state_machine::on_stmt (sm_context &sm_ctxt, const supernode *node, const gimple *stmt) const { - if (const gcall *call = dyn_cast <const gcall *> (stmt)) + if (const gcall *call_stmt = dyn_cast <const gcall *> (stmt)) { - if (gimple_call_internal_p (call) - && gimple_call_internal_fn (call) == IFN_VA_ARG) + const gcall &call = *call_stmt; + + if (gimple_call_internal_p (call_stmt) + && gimple_call_internal_fn (call_stmt) == IFN_VA_ARG) { on_va_arg (sm_ctxt, node, call); return false; @@ -267,7 +259,7 @@ va_list_state_machine::on_stmt (sm_context &sm_ctxt, if (tree callee_fndecl = sm_ctxt.get_fndecl_for_call (call)) if (fndecl_built_in_p (callee_fndecl, BUILT_IN_NORMAL) - && gimple_builtin_call_types_compatible_p (call, callee_fndecl)) + && gimple_builtin_call_types_compatible_p (&call, callee_fndecl)) switch (DECL_UNCHECKED_FUNCTION_CODE (callee_fndecl)) { default: @@ -293,9 +285,9 @@ va_list_state_machine::on_stmt (sm_context &sm_ctxt, IDX to CALL. */ static const svalue * -get_stateful_arg (sm_context &sm_ctxt, const gcall *call, unsigned arg_idx) +get_stateful_arg (sm_context &sm_ctxt, const gcall &call, unsigned arg_idx) { - tree ap = gimple_call_arg (call, arg_idx); + tree ap = gimple_call_arg (&call, arg_idx); if (ap && POINTER_TYPE_P (TREE_TYPE (ap))) { @@ -542,14 +534,14 @@ private: void va_list_state_machine::on_va_start (sm_context &sm_ctxt, const supernode *, - const gcall *call) const + const gcall &call) const { const svalue *arg = get_stateful_arg (sm_ctxt, call, 0); if (arg) { /* Transition from start state to "started". */ - if (sm_ctxt.get_state (call, arg) == m_start) - sm_ctxt.set_next_state (call, arg, m_started); + if (sm_ctxt.get_state (&call, arg) == m_start) + sm_ctxt.set_next_state (&call, arg, m_started); } } @@ -558,13 +550,13 @@ va_list_state_machine::on_va_start (sm_context &sm_ctxt, void va_list_state_machine::check_for_ended_va_list (sm_context &sm_ctxt, const supernode *node, - const gcall *call, + const gcall &call, const svalue *arg, const char *usage_fnname) const { - if (sm_ctxt.get_state (call, arg) == m_ended) - sm_ctxt.warn (node, call, arg, - make_unique<va_list_use_after_va_end> + if (sm_ctxt.get_state (&call, arg) == m_ended) + sm_ctxt.warn (node, &call, arg, + std::make_unique<va_list_use_after_va_end> (*this, arg, NULL_TREE, usage_fnname)); } @@ -574,7 +566,7 @@ va_list_state_machine::check_for_ended_va_list (sm_context &sm_ctxt, static const svalue * get_stateful_va_copy_arg (sm_context &sm_ctxt, - const gcall *call, + const gcall &call, unsigned arg_idx) { if (const program_state *new_state = sm_ctxt.get_new_program_state ()) @@ -591,7 +583,7 @@ get_stateful_va_copy_arg (sm_context &sm_ctxt, void va_list_state_machine::on_va_copy (sm_context &sm_ctxt, const supernode *node, - const gcall *call) const + const gcall &call) const { const svalue *src_arg = get_stateful_va_copy_arg (sm_ctxt, call, 1); if (src_arg) @@ -601,8 +593,8 @@ va_list_state_machine::on_va_copy (sm_context &sm_ctxt, if (dst_arg) { /* Transition from start state to "started". */ - if (sm_ctxt.get_state (call, dst_arg) == m_start) - sm_ctxt.set_next_state (call, dst_arg, m_started); + if (sm_ctxt.get_state (&call, dst_arg) == m_start) + sm_ctxt.set_next_state (&call, dst_arg, m_started); } } @@ -611,7 +603,7 @@ va_list_state_machine::on_va_copy (sm_context &sm_ctxt, void va_list_state_machine::on_va_arg (sm_context &sm_ctxt, const supernode *node, - const gcall *call) const + const gcall &call) const { const svalue *arg = get_stateful_arg (sm_ctxt, call, 0); if (arg) @@ -623,15 +615,15 @@ va_list_state_machine::on_va_arg (sm_context &sm_ctxt, void va_list_state_machine::on_va_end (sm_context &sm_ctxt, const supernode *node, - const gcall *call) const + const gcall &call) const { const svalue *arg = get_stateful_arg (sm_ctxt, call, 0); if (arg) { - state_t s = sm_ctxt.get_state (call, arg); + state_t s = sm_ctxt.get_state (&call, arg); /* Transition from "started" to "ended". */ if (s == m_started) - sm_ctxt.set_next_state (call, arg, m_ended); + sm_ctxt.set_next_state (&call, arg, m_ended); else if (s == m_ended) check_for_ended_va_list (sm_ctxt, node, call, arg, "va_end"); } @@ -643,17 +635,17 @@ va_list_state_machine::on_va_end (sm_context &sm_ctxt, std::unique_ptr<pending_diagnostic> va_list_state_machine::on_leak (tree var) const { - return make_unique<va_list_leak> (*this, nullptr, var); + return std::make_unique<va_list_leak> (*this, nullptr, var); } } // anonymous namespace /* Internal interface to this file. */ -state_machine * +std::unique_ptr<state_machine> make_va_list_state_machine (logger *logger) { - return new va_list_state_machine (logger); + return std::make_unique<va_list_state_machine> (logger); } /* Handler for "__builtin_va_start". */ @@ -757,13 +749,13 @@ kf_va_copy::impl_call_pre (const call_details &cd) const static int get_num_variadic_arguments (tree callee_fndecl, - const gcall *call_stmt) + const gcall &call_stmt) { int num_positional = 0; for (tree iter_parm = DECL_ARGUMENTS (callee_fndecl); iter_parm; iter_parm = DECL_CHAIN (iter_parm)) num_positional++; - return gimple_call_num_args (call_stmt) - num_positional; + return gimple_call_num_args (&call_stmt) - num_positional; } /* An abstract subclass of pending_diagnostic for diagnostics relating @@ -817,12 +809,12 @@ public: const program_point &src_point = src_node->get_point (); const int src_stack_depth = src_point.get_stack_depth (); const gimple *last_stmt = src_point.get_supernode ()->get_last_stmt (); - const gcall *call_stmt = as_a <const gcall *> (last_stmt); + const gcall &call_stmt = *as_a <const gcall *> (last_stmt); int num_variadic_arguments = get_num_variadic_arguments (dst_node->get_function ()->decl, call_stmt); emission_path->add_event - (make_unique<va_arg_call_event> + (std::make_unique<va_arg_call_event> (eedge, event_loc_info (last_stmt ? last_stmt->location : UNKNOWN_LOCATION, src_point.get_fndecl (), @@ -1078,7 +1070,7 @@ kf_va_arg::impl_call_pre (const call_details &cd) const else { if (ctxt) - ctxt->warn (make_unique <va_arg_type_mismatch> + ctxt->warn (std::make_unique <va_arg_type_mismatch> (va_list_tree, arg_reg, lhs_type, @@ -1089,8 +1081,9 @@ kf_va_arg::impl_call_pre (const call_details &cd) const else { if (ctxt) - ctxt->warn (make_unique <va_list_exhausted> (va_list_tree, - arg_reg)); + ctxt->warn + (std::make_unique <va_list_exhausted> (va_list_tree, + arg_reg)); saw_problem = true; } } @@ -1139,10 +1132,10 @@ public: void register_varargs_builtins (known_function_manager &kfm) { - kfm.add (BUILT_IN_VA_START, make_unique<kf_va_start> ()); - kfm.add (BUILT_IN_VA_COPY, make_unique<kf_va_copy> ()); - kfm.add (IFN_VA_ARG, make_unique<kf_va_arg> ()); - kfm.add (BUILT_IN_VA_END, make_unique<kf_va_end> ()); + kfm.add (BUILT_IN_VA_START, std::make_unique<kf_va_start> ()); + kfm.add (BUILT_IN_VA_COPY, std::make_unique<kf_va_copy> ()); + kfm.add (IFN_VA_ARG, std::make_unique<kf_va_arg> ()); + kfm.add (BUILT_IN_VA_END, std::make_unique<kf_va_end> ()); } } // namespace ana |