aboutsummaryrefslogtreecommitdiff
path: root/gcc/analyzer
AgeCommit message (Collapse)AuthorFilesLines
2023-10-09Daily bump.GCC Administrator1-0/+52
2023-10-08analyzer: improvements to out-of-bounds diagrams [PR111155]David Malcolm1-89/+341
Update out-of-bounds diagrams to show existing string values, and the initial write index within a string buffer. For example, given the out-of-bounds write in strcat in: void test (void) { char buf[10]; strcpy (buf, "hello"); strcat (buf, " world!"); } the diagram improves from: ┌─────┬─────┬────┬────┬────┐┌─────┬─────┬─────┐ │ [0] │ [1] │[2] │[3] │[4] ││ [5] │ [6] │ [7] │ ├─────┼─────┼────┼────┼────┤├─────┼─────┼─────┤ │ ' ' │ 'w' │'o' │'r' │'l' ││ 'd' │ '!' │ NUL │ ├─────┴─────┴────┴────┴────┴┴─────┴─────┴─────┤ │ string literal (type: 'char[8]') │ └─────────────────────────────────────────────┘ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ v v v v v v v v ┌─────┬────────────────────────────────────────┬────┐┌─────────────────┐ │ [0] │ ... │[9] ││ │ ├─────┴────────────────────────────────────────┴────┤│after valid range│ │ 'buf' (type: 'char[10]') ││ │ └───────────────────────────────────────────────────┘└─────────────────┘ ├─────────────────────────┬─────────────────────────┤├────────┬────────┤ │ │ ╭─────────┴────────╮ ╭─────────┴─────────╮ │capacity: 10 bytes│ │overflow of 3 bytes│ ╰──────────────────╯ ╰───────────────────╯ to: ┌────┬────┬────┬────┬────┐┌─────┬─────┬─────┐ │[0] │[1] │[2] │[3] │[4] ││ [5] │ [6] │ [7] │ ├────┼────┼────┼────┼────┤├─────┼─────┼─────┤ │' ' │'w' │'o' │'r' │'l' ││ 'd' │ '!' │ NUL │ ├────┴────┴────┴────┴────┴┴─────┴─────┴─────┤ │ string literal (type: 'char[8]') │ └───────────────────────────────────────────┘ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ v v v v v v v v ┌─────┬────────────────────┬────┬──────────────┬────┐┌─────────────────┐ │ [0] │ ... │[5] │ ... │[9] ││ │ ├─────┼────┬────┬────┬────┬┼────┼──────────────┴────┘│ │ │ 'h' │'e' │'l' │'l' │'o' ││NUL │ │after valid range│ ├─────┴────┴────┴────┴────┴┴────┴───────────────────┐│ │ │ 'buf' (type: 'char[10]') ││ │ └───────────────────────────────────────────────────┘└─────────────────┘ ├─────────────────────────┬─────────────────────────┤├────────┬────────┤ │ │ ╭─────────┴────────╮ ╭─────────┴─────────╮ │capacity: 10 bytes│ │overflow of 3 bytes│ ╰──────────────────╯ ╰───────────────────╯ gcc/analyzer/ChangeLog: PR analyzer/111155 * access-diagram.cc (boundaries::boundaries): Add logger param (boundaries::add): Add logging. (boundaries::get_hard_boundaries_in_range): New. (boundaries::m_logger): New field. (boundaries::get_table_x_for_offset): Make public. (class svalue_spatial_item): New. (class compound_svalue_spatial_item): New. (add_ellipsis_to_gaps): New. (valid_region_spatial_item::valid_region_spatial_item): Add theme param. Initialize m_boundaries, m_existing_sval, and m_existing_sval_spatial_item. (valid_region_spatial_item::add_boundaries): Set m_boundaries. Add boundaries for any m_existing_sval_spatial_item. (valid_region_spatial_item::add_array_elements_to_table): Rewrite creation of min/max index in terms of maybe_add_array_index_to_table. Rewrite ellipsis code using add_ellipsis_to_gaps. Add index values for any hard boundaries within the valid region. (valid_region_spatial_item::maybe_add_array_index_to_table): New, based on code formerly in add_array_elements_to_table. (valid_region_spatial_item::make_table): Make use of m_existing_sval_spatial_item, if any. (valid_region_spatial_item::m_boundaries): New field. (valid_region_spatial_item::m_existing_sval): New field. (valid_region_spatial_item::m_existing_sval_spatial_item): New field. (class svalue_spatial_item): Rename to... (class written_svalue_spatial_item): ...this. (class string_region_spatial_item): Rename to.. (class string_literal_spatial_item): ...this. Add "kind". (string_literal_spatial_item::add_boundaries): Use m_kind to determine kind of boundary. Update for renaming of m_actual_bits to m_bits. (string_literal_spatial_item::make_table): Likewise. Support not displaying a row for byte indexes, and not displaying a row for the type. (string_literal_spatial_item::add_column_for_byte): Make byte index row optional. (svalue_spatial_item::make): Convert to... (make_written_svalue_spatial_item): ...this. (make_existing_svalue_spatial_item): New. (access_diagram_impl::access_diagram_impl): Pass theme to m_valid_region_spatial_item ctor. Update for renaming of m_svalue_spatial_item. (access_diagram_impl::find_boundaries): Pass logger to boundaries. Update for renaming of... (access_diagram_impl::m_svalue_spatial_item): Rename to... (access_diagram_impl::m_written_svalue_spatial_item): ...this. gcc/testsuite/ChangeLog: PR analyzer/111155 * c-c++-common/analyzer/out-of-bounds-diagram-strcat-2.c: New test. * c-c++-common/analyzer/out-of-bounds-diagram-strcat.c: New test. * gcc.dg/analyzer/out-of-bounds-diagram-17.c: Update expected result to show the existing content of "buf" and the index at which the write starts. * gcc.dg/analyzer/out-of-bounds-diagram-18.c: Likewise. * gcc.dg/analyzer/out-of-bounds-diagram-19.c: Likewise. * gcc.dg/analyzer/out-of-bounds-diagram-6.c: Update expected output. gcc/ChangeLog: PR analyzer/111155 * text-art/table.cc (table::maybe_set_cell_span): New. (table::add_other_table): New. * text-art/table.h (class table::cell_placement): Add class table as a friend. (table::add_rows): New. (table::add_row): Reimplement in terms of add_rows. (table::maybe_set_cell_span): New decl. (table::add_other_table): New decl. * text-art/types.h (operator+): New operator for rect + coord. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-10-04Daily bump.GCC Administrator1-0/+9
2023-10-03diagnostics: add ctors to text_info; add m_ prefixes to fieldsDavid Malcolm3-23/+4
No functional change intended. gcc/ada/ChangeLog: * gcc-interface/misc.cc: Use text_info ctor. gcc/analyzer/ChangeLog: * analyzer-logging.cc (logger::log_va_partial): Use text_info ctor. * analyzer.cc (make_label_text): Likewise. (make_label_text_n): Likewise. * pending-diagnostic.cc (evdesc::event_desc::formatted_print): Likewise. gcc/c/ChangeLog: * c-objc-common.cc (c_tree_printer): Update for "m_" prefixes to text_info fields. gcc/cp/ChangeLog: * error.cc: Update for "m_" prefixes to text_info fields. gcc/d/ChangeLog: * d-diagnostic.cc (d_diagnostic_report_diagnostic): Use text_info ctor. gcc/ChangeLog: * diagnostic.cc (diagnostic_set_info_translated): Update for "m_" prefixes to text_info fields. (diagnostic_report_diagnostic): Likewise. (verbatim): Use text_info ctor. (simple_diagnostic_path::add_event): Likewise. (simple_diagnostic_path::add_thread_event): Likewise. * dumpfile.cc (dump_pretty_printer::decode_format): Update for "m_" prefixes to text_info fields. (dump_context::dump_printf_va): Use text_info ctor. * graphviz.cc (graphviz_out::graphviz_out): Use text_info ctor. (graphviz_out::print): Likewise. * opt-problem.cc (opt_problem::opt_problem): Likewise. * pretty-print.cc (pp_format): Update for "m_" prefixes to text_info fields. (pp_printf): Use text_info ctor. (pp_verbatim): Likewise. (assert_pp_format_va): Likewise. * pretty-print.h (struct text_info): Add ctors. Add "m_" prefix to all fields. * text-art/styled-string.cc (styled_string::from_fmt_va): Use text_info ctor. * tree-diagnostic.cc (default_tree_printer): Update for "m_" prefixes to text_info fields. * tree-pretty-print.h (pp_ti_abstract_origin): Likewise. gcc/fortran/ChangeLog: * error.cc (gfc_format_decoder): Update for "m_" prefixes to text_info fields. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-10-03Daily bump.GCC Administrator1-0/+5
2023-10-02diagnostics: group together source printing fields of diagnostic_contextDavid Malcolm1-2/+2
struct diagnostic_context has > 60 fields. Try to tame some of the complexity by grouping together the 8 source-printing fields into a struct, the "m_source_printing" field. No functional change intended. gcc/ada/ChangeLog: * gcc-interface/misc.cc (gnat_post_options): Update for renaming of diagnostic_context's show_caret to m_source_printing.enabled. gcc/analyzer/ChangeLog: * program-point.cc: Update for grouping of source printing fields within diagnostic_context. gcc/c-family/ChangeLog: * c-common.cc (maybe_add_include_fixit): Update for renaming of diagnostic_context's show_caret to m_source_printing.enabled. * c-opts.cc (c_common_init_options): Update for renaming of diagnostic_context's colorize_source_p to m_source_printing.colorize_source_p. gcc/ChangeLog: * diagnostic-show-locus.cc: Update for reorganization of source-printing fields of diagnostic_context. * diagnostic.cc (diagnostic_set_caret_max_width): Likewise. (diagnostic_initialize): Likewise. * diagnostic.h (diagnostic_context::show_caret): Move to... (diagnostic_context::m_source_printing::enabled): ...here. (diagnostic_context::caret_max_width): Move to... (diagnostic_context::m_source_printing::max_width): ...here. (diagnostic_context::caret_chars): Move to... (diagnostic_context::m_source_printing::caret_chars): ...here. (diagnostic_context::colorize_source_p): Move to... (diagnostic_context::m_source_printing::colorize_source_p): ...here. (diagnostic_context::show_labels_p): Move to... (diagnostic_context::m_source_printing::show_labels_p): ...here. (diagnostic_context::show_line_numbers_p): Move to... (diagnostic_context::m_source_printing::show_line_numbers_p): ...here. (diagnostic_context::min_margin_width): Move to... (diagnostic_context::m_source_printing::min_margin_width): ...here. (diagnostic_context::show_ruler_p): Move to... (diagnostic_context::m_source_printing::show_ruler_p): ...here. (diagnostic_same_line): Update for above changes. * opts.cc (common_handle_option): Update for reorganization of source-printing fields of diagnostic_context. * selftest-diagnostic.cc (test_diagnostic_context::test_diagnostic_context): Likewise. * toplev.cc (general_init): Likewise. * tree-diagnostic-path.cc (struct event_range): Likewise. gcc/fortran/ChangeLog: * error.cc (gfc_diagnostic_starter): Update for reorganization of source-printing fields of diagnostic_context. (gfc_diagnostics_init): Likewise. (gfc_diagnostics_finish): Likewise. gcc/testsuite/ChangeLog: * gcc.dg/plugin/diagnostic_plugin_show_trees.c: Update for reorganization of source-printing fields of diagnostic_context. * gcc.dg/plugin/diagnostic_plugin_test_inlining.c: Likewise. * gcc.dg/plugin/diagnostic_plugin_test_paths.c: Likewise. * gcc.dg/plugin/diagnostic_plugin_test_show_locus.c: Likewise. * gcc.dg/plugin/diagnostic_plugin_test_string_literals.c: Likewise. * gcc.dg/plugin/diagnostic_plugin_test_tree_expression_range.c: Likewise. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-09-16Daily bump.GCC Administrator1-0/+44
2023-09-15analyzer: support diagnostics that don't have a stmtDavid Malcolm3-14/+42
gcc/analyzer/ChangeLog: * analyzer.cc (get_stmt_location): Handle null stmt. * diagnostic-manager.cc (saved_diagnostic::saved_diagnostic): Copy m_loc from ploc. (saved_diagnostic::operator==): Compare m_loc. (saved_diagnostic::calc_best_epath): Only use m_stmt_finder if m_loc is unknown. (dedupe_key::dedupe_key): Initialize m_loc. (dedupe_key::operator==): Compare m_loc. (dedupe_key::get_location): Use m_loc if it's known. (dedupe_key::m_loc): New field. (diagnostic_manager::emit_saved_diagnostic): Only call get_emission_location if m_loc is unknown, preferring to use m_loc if it's available. * diagnostic-manager.h (saved_diagnostic::m_loc): New field. (pending_location::pending_location): Initialize m_loc. Add overload taking a location_t rather than a stmt/stmt_finder. (pending_location::m_loc): New field. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-09-15analyzer: introduce pending_locationDavid Malcolm5-44/+71
No functional change intended. gcc/analyzer/ChangeLog: * analyzer.h (struct pending_location): New forward decl. * diagnostic-manager.cc (saved_diagnostic::saved_diagnostic): Replace params "enode", "snode", "stmt", and "stmt_finder" with "ploc". (diagnostic_manager::add_diagnostic): Likewise for both overloads. * diagnostic-manager.h (saved_diagnostic::saved_diagnostic): Likewise. (struct pending_location): New. (diagnostic_manager::add_diagnostic): Replace params "enode", "snode", "stmt", and "stmt_finder" with "ploc". * engine.cc (impl_region_model_context::warn): Update call to add_diagnostic for above change. (impl_sm_context::warn): Likewise. (impl_region_model_context::on_state_leak): Likewise. * infinite-recursion.cc (exploded_graph::detect_infinite_recursion): Likewise. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-09-15analyzer: handle volatile opsDavid Malcolm1-0/+11
gcc/analyzer/ChangeLog: * region-model.cc (region_model::get_gassign_result): Handle volatile ops by using a conjured_svalue. gcc/testsuite/ChangeLog: * c-c++-common/analyzer/volatile-1.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-09-15Daily bump.GCC Administrator1-0/+33
2023-09-14diagnostics: support multithreaded diagnostic pathsDavid Malcolm2-1/+20
This patch extends the existing diagnostic_path class so that as well as list of events, there is a list of named threads, with each event being associated with one of the threads. No GCC diagnostics take advantage of this, but GCC plugins may find a use for this; an example is provided in the testsuite. Given that there is still a single list of events within a diagnostic_path, the events in a diagnostic_path have a specific global ordering even if they are in multiple threads. Within the SARIF serialization, the patch adds the "executionOrder" property to threadFlowLocation objects (SARIF v2.1.0 3.38.11). This is 1-based in order to match the human-readable numbering of events shown in messages emitted by pretty-printer.cc's "%@". With -fdiagnostics-path-format=separate-events, the threads are not shown. With -fdiagnostics-path-format=inline-events, the threads and the per-thread stack activity are tracked and visalized separately. An example can be seen in the testsuite. gcc/analyzer/ChangeLog: * checker-event.h (checker_event::get_thread_id): New. * checker-path.h (class checker_path): Implement thread-related vfuncs via a single simple_diagnostic_thread instance named "main". gcc/ChangeLog: * diagnostic-event-id.h (diagnostic_thread_id_t): New typedef. * diagnostic-format-sarif.cc (class sarif_thread_flow): New. (sarif_thread_flow::sarif_thread_flow): New. (sarif_builder::make_code_flow_object): Reimplement, creating per-thread threadFlow objects, populating them with the relevant events. (sarif_builder::make_thread_flow_object): Delete, moving the code into sarif_builder::make_code_flow_object. (sarif_builder::make_thread_flow_location_object): Add "path_event_idx" param. Use it to set "executionOrder" property. * diagnostic-path.h (diagnostic_event::get_thread_id): New pure-virtual vfunc. (class diagnostic_thread): New. (diagnostic_path::num_threads): New pure-virtual vfunc. (diagnostic_path::get_thread): New pure-virtual vfunc. (diagnostic_path::multithreaded_p): New decl. (simple_diagnostic_event::simple_diagnostic_event): Add optional thread_id param. (simple_diagnostic_event::get_thread_id): New accessor. (simple_diagnostic_event::m_thread_id): New. (class simple_diagnostic_thread): New. (simple_diagnostic_path::simple_diagnostic_path): Move definition to diagnostic.cc. (simple_diagnostic_path::num_threads): New. (simple_diagnostic_path::get_thread): New. (simple_diagnostic_path::add_thread): New. (simple_diagnostic_path::add_thread_event): New. (simple_diagnostic_path::m_threads): New. * diagnostic-show-locus.cc (layout::layout): Add pretty_printer param for overriding the context's printer. (diagnostic_show_locus): Likwise. * diagnostic.cc (simple_diagnostic_path::simple_diagnostic_path): Move here from diagnostic-path.h. Add main thread. (simple_diagnostic_path::num_threads): New. (simple_diagnostic_path::get_thread): New. (simple_diagnostic_path::add_thread): New. (simple_diagnostic_path::add_thread_event): New. (simple_diagnostic_event::simple_diagnostic_event): Add thread_id param and use it to initialize m_thread_id. Reformat. * diagnostic.h: Add pretty_printer param for overriding the context's printer. * tree-diagnostic-path.cc: Add #define INCLUDE_VECTOR. (can_consolidate_events): Compare thread ids. (class per_thread_summary): New. (event_range::event_range): Add per_thread_summary arg. (event_range::print): Add "pp" param and use it rather than dc's printer. (event_range::m_thread_id): New field. (event_range::m_per_thread_summary): New field. (path_summary::multithreaded_p): New. (path_summary::get_events_for_thread_id): New. (path_summary::m_per_thread_summary): New field. (path_summary::m_thread_id_to_events): New field. (path_summary::get_or_create_events_for_thread_id): New. (path_summary::path_summary): Create per_thread_summary instances as needed and associate the event_range instances with them. (base_indent): Move here from print_path_summary_as_text. (per_frame_indent): Likewise. (class thread_event_printer): New, adapted from parts of print_path_summary_as_text. (print_path_summary_as_text): Make static. Reimplement to moving most of existing code to class thread_event_printer, capturing state as per-thread as appropriate. (default_tree_diagnostic_path_printer): Add missing 'break' on final case. gcc/testsuite/ChangeLog: * gcc.dg/plugin/diagnostic-test-paths-multithreaded-inline-events.c: New test. * gcc.dg/plugin/diagnostic-test-paths-multithreaded-sarif.c: New test. * gcc.dg/plugin/diagnostic-test-paths-multithreaded-separate-events.c: New test. * gcc.dg/plugin/diagnostic_plugin_test_paths.c: Add support for generating multithreaded paths. * gcc.dg/plugin/plugin.exp: Add the new tests. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-09-14analyzer: fix missing return in compatible_epath_pDavid Malcolm1-0/+8
gcc/analyzer/ChangeLog: * diagnostic-manager.cc (compatible_epath_p): Fix missing return. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-09-14analyzer: use unique_ptr for rejected_constraintDavid Malcolm7-45/+45
gcc/analyzer/ChangeLog: * diagnostic-manager.cc (process_worklist_item): Use std::unique_ptr rather than plain rejected_constraint *. * engine.cc (exploded_path::feasible_p): Likewise. (feasibility_state::maybe_update_for_edge): Likewise. * exploded-graph.h (feasibility_problem::feasibility_problem): Likewise. (feasibility_problem::~feasibility_problem): Delete. (feasibility_problem::m_rc): Use std::unique_ptr. (feasibility_state::maybe_update_for_edge): Likewise. * feasible-graph.cc (feasible_graph::add_feasibility_problem): Likewise. * feasible-graph.h (class infeasible_node): Likewise. (feasible_graph::add_feasibility_problem): Likewise. * region-model.cc (region_model::add_constraint): Likewise. (region_model::maybe_update_for_edge): Likewise. (region_model::apply_constraints_for_gcond): Likewise. (region_model::apply_constraints_for_gswitch): Likewise. (region_model::apply_constraints_for_exception): Likewise. * region-model.h (class region_model): Likewise for decls. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-09-10Daily bump.GCC Administrator1-0/+7
2023-09-09analyzer: Move gcc.dg/analyzer tests to c-c++-common (2) [PR96395]benjamin priour1-0/+4
Second batch of moving tests from under gcc.dg/analyzer into c-c++-common/analyzer. Prior to this patch the analyzer was not unwrapping ordering binop_svalue, such as LT_EXPR, when evaluating conditions. Therefore when an ordering conditional was stored, the analyzer was missing out on some constraints, which led to false positives. gcc/analyzer/ChangeLog: PR analyzer/96395 * region-model.cc (region_model::add_constraints_from_binop): binop_svalues around LT_EXPR, LE_EXPR, GT_EXPR, GE_EXPR are now unwrapped. gcc/testsuite/ChangeLog: PR analyzer/96395 * gcc.dg/analyzer/allocation-size-1.c: Moved to... * c-c++-common/analyzer/allocation-size-1.c: ...here. * gcc.dg/analyzer/allocation-size-2.c: Moved to... * c-c++-common/analyzer/allocation-size-2.c: ...here. * gcc.dg/analyzer/allocation-size-3.c: Moved to... * c-c++-common/analyzer/allocation-size-3.c: ...here. * gcc.dg/analyzer/allocation-size-4.c: Moved to... * c-c++-common/analyzer/allocation-size-4.c: ...here. * gcc.dg/analyzer/analyzer-verbosity-0.c: Moved to... * c-c++-common/analyzer/analyzer-verbosity-0.c: ...here. * gcc.dg/analyzer/analyzer-verbosity-1.c: Moved to... * c-c++-common/analyzer/analyzer-verbosity-1.c: ...here. * gcc.dg/analyzer/analyzer-verbosity-2.c: Moved to... * c-c++-common/analyzer/analyzer-verbosity-2.c: ...here. * gcc.dg/analyzer/analyzer-verbosity-3.c: Moved to... * c-c++-common/analyzer/analyzer-verbosity-3.c: ...here. * gcc.dg/analyzer/attr-alloc_size-1.c: Moved to... * c-c++-common/analyzer/attr-alloc_size-1.c: ...here. * gcc.dg/analyzer/attr-alloc_size-2.c: Moved to... * c-c++-common/analyzer/attr-alloc_size-2.c: ...here. * gcc.dg/analyzer/call-summaries-malloc.c: Moved to... * c-c++-common/analyzer/call-summaries-malloc.c: ...here. * gcc.dg/analyzer/call-summaries-pr107158-2.c: Moved to... * c-c++-common/analyzer/call-summaries-pr107158-2.c: ...here. * gcc.dg/analyzer/capacity-1.c: Moved to... * c-c++-common/analyzer/capacity-1.c: ...here. * gcc.dg/analyzer/dot-output.c: Moved to... * c-c++-common/analyzer/dot-output.c: ...here. * gcc.dg/analyzer/escaping-1.c: Moved to... * c-c++-common/analyzer/escaping-1.c: ...here. * gcc.dg/analyzer/expect-1.c: Moved to... * c-c++-common/analyzer/expect-1.c: ...here. * gcc.dg/analyzer/fgets-1.c: Moved to... * c-c++-common/analyzer/fgets-1.c: ...here. * gcc.dg/analyzer/file-uninit-1.c: Moved to... * c-c++-common/analyzer/file-uninit-1.c: ...here. * gcc.dg/analyzer/fileno-1.c: Moved to... * c-c++-common/analyzer/fileno-1.c: ...here. * gcc.dg/analyzer/first-field-1.c: Moved to... * c-c++-common/analyzer/first-field-1.c: ...here. * gcc.dg/analyzer/first-field-2.c: Moved to... * c-c++-common/analyzer/first-field-2.c: ...here. * gcc.dg/analyzer/flex-with-call-summaries.c: Moved to... * c-c++-common/analyzer/flex-with-call-summaries.c: ...here. * gcc.dg/analyzer/flex-without-call-summaries.c: Moved to... * c-c++-common/analyzer/flex-without-call-summaries.c: ...here. * gcc.dg/analyzer/flexible-array-member-1.c: Moved to... * c-c++-common/analyzer/flexible-array-member-1.c: ...here. * gcc.dg/analyzer/fold-string-to-char.c: Moved to... * c-c++-common/analyzer/fold-string-to-char.c: ...here. * gcc.dg/analyzer/fread-1.c: Moved to... * c-c++-common/analyzer/fread-1.c: ...here. * gcc.dg/analyzer/fread-2.c: Moved to... * c-c++-common/analyzer/fread-2.c: ...here. * gcc.dg/analyzer/fread-pr108661.c: Moved to... * c-c++-common/analyzer/fread-pr108661.c: ...here. * gcc.dg/analyzer/function-ptr-1.c: Moved to... * c-c++-common/analyzer/function-ptr-1.c: ...here. * gcc.dg/analyzer/function-ptr-2.c: Moved to... * c-c++-common/analyzer/function-ptr-2.c: ...here. * gcc.dg/analyzer/function-ptr-3.c: Moved to... * c-c++-common/analyzer/function-ptr-3.c: ...here. * gcc.dg/analyzer/function-ptr-4.c: Moved to... * c-c++-common/analyzer/function-ptr-4.c: ...here. * gcc.dg/analyzer/getc-1.c: Moved to... * c-c++-common/analyzer/getc-1.c: ...here. * gcc.dg/analyzer/getchar-1.c: Moved to... * c-c++-common/analyzer/getchar-1.c: ...here. * gcc.dg/analyzer/gzio-2.c: Moved to... * c-c++-common/analyzer/gzio-2.c: ...here. * gcc.dg/analyzer/gzio-3.c: Moved to... * c-c++-common/analyzer/gzio-3.c: ...here. * gcc.dg/analyzer/gzio-3a.c: Moved to... * c-c++-common/analyzer/gzio-3a.c: ...here. * gcc.dg/analyzer/gzio.c: Moved to... * c-c++-common/analyzer/gzio.c: ...here. * gcc.dg/analyzer/imprecise-floating-point-1.c: Moved to... * c-c++-common/analyzer/imprecise-floating-point-1.c: ...here. * gcc.dg/analyzer/infinite-recursion-2.c: Moved to... * c-c++-common/analyzer/infinite-recursion-2.c: ...here. * gcc.dg/analyzer/infinite-recursion-3.c: Moved to... * c-c++-common/analyzer/infinite-recursion-3.c: ...here. * gcc.dg/analyzer/infinite-recursion-4-limited-buggy.c: Moved to... * c-c++-common/analyzer/infinite-recursion-4-limited-buggy.c: ...here. * gcc.dg/analyzer/infinite-recursion-4-limited.c: Moved to... * c-c++-common/analyzer/infinite-recursion-4-limited.c: ...here. * gcc.dg/analyzer/infinite-recursion-4-unlimited-buggy.c: Moved to... * c-c++-common/analyzer/infinite-recursion-4-unlimited-buggy.c: ...here. * gcc.dg/analyzer/infinite-recursion-4-unlimited.c: Moved to... * c-c++-common/analyzer/infinite-recursion-4-unlimited.c: ...here. * gcc.dg/analyzer/infinite-recursion-5.c: Moved to... * c-c++-common/analyzer/infinite-recursion-5.c: ...here. * gcc.dg/analyzer/infinite-recursion-alloca.c: Moved to... * c-c++-common/analyzer/infinite-recursion-alloca.c: ...here. * gcc.dg/analyzer/infinite-recursion-inlining.c: Moved to... * c-c++-common/analyzer/infinite-recursion-inlining.c: ...here. * gcc.dg/analyzer/infinite-recursion-multiline-1.c: Moved to... * c-c++-common/analyzer/infinite-recursion-multiline-1.c: ...here. * gcc.dg/analyzer/infinite-recursion-multiline-2.c: Moved to... * c-c++-common/analyzer/infinite-recursion-multiline-2.c: ...here. * gcc.dg/analyzer/infinite-recursion-pr108935-1.c: Moved to... * c-c++-common/analyzer/infinite-recursion-pr108935-1.c: ...here. * gcc.dg/analyzer/infinite-recursion-pr108935-1a.c: Moved to... * c-c++-common/analyzer/infinite-recursion-pr108935-1a.c: ...here. * gcc.dg/analyzer/infinite-recursion-pr108935-2.c: Moved to... * c-c++-common/analyzer/infinite-recursion-pr108935-2.c: ...here. * gcc.dg/analyzer/infinite-recursion-variadic.c: Moved to... * c-c++-common/analyzer/infinite-recursion-variadic.c: ...here. * gcc.dg/analyzer/infinite-recursion.c: Moved to... * c-c++-common/analyzer/infinite-recursion.c: ...here. * gcc.dg/analyzer/inlining-1-multiline.c: Moved to... * c-c++-common/analyzer/inlining-1-multiline.c: ...here. * gcc.dg/analyzer/inlining-1-no-undo.c: Moved to... * c-c++-common/analyzer/inlining-1-no-undo.c: ...here. * gcc.dg/analyzer/inlining-2-multiline.c: Moved to... * c-c++-common/analyzer/inlining-2-multiline.c: ...here. * gcc.dg/analyzer/inlining-5-multiline.c: Moved to... * c-c++-common/analyzer/inlining-5-multiline.c: ...here. * gcc.dg/analyzer/inlining-6-multiline.c: Moved to... * c-c++-common/analyzer/inlining-6-multiline.c: ...here. * gcc.dg/analyzer/inlining-6.c: Moved to... * c-c++-common/analyzer/inlining-6.c: ...here. * gcc.dg/analyzer/inlining-7-multiline.c: Moved to... * c-c++-common/analyzer/inlining-7-multiline.c: ...here. * gcc.dg/analyzer/invalid-shift-1.c: Moved to... * c-c++-common/analyzer/invalid-shift-1.c: ...here. * gcc.dg/analyzer/isatty-1.c: Moved to... * c-c++-common/analyzer/isatty-1.c: ...here. * gcc.dg/analyzer/leak-2.c: Moved to... * c-c++-common/analyzer/leak-2.c: ...here. * gcc.dg/analyzer/leak-3.c: Moved to... * c-c++-common/analyzer/leak-3.c: ...here. * gcc.dg/analyzer/leak-4.c: Moved to... * c-c++-common/analyzer/leak-4.c: ...here. * gcc.dg/analyzer/loop-0-up-to-n-by-1-with-iter-obj.c: Moved to... * c-c++-common/analyzer/loop-0-up-to-n-by-1-with-iter-obj.c: ...here. * gcc.dg/analyzer/loop-0-up-to-n-by-1.c: Moved to... * c-c++-common/analyzer/loop-0-up-to-n-by-1.c: ...here. * gcc.dg/analyzer/loop-2.c: Moved to... * c-c++-common/analyzer/loop-2.c: ...here. * gcc.dg/analyzer/loop-2a.c: Moved to... * c-c++-common/analyzer/loop-2a.c: ...here. * gcc.dg/analyzer/loop-3.c: Moved to... * c-c++-common/analyzer/loop-3.c: ...here. * gcc.dg/analyzer/loop-4.c: Moved to... * c-c++-common/analyzer/loop-4.c: ...here. * gcc.dg/analyzer/loop-n-down-to-1-by-1.c: Moved to... * c-c++-common/analyzer/loop-n-down-to-1-by-1.c: ...here. * gcc.dg/analyzer/loop-start-down-to-end-by-1.c: Moved to... * c-c++-common/analyzer/loop-start-down-to-end-by-1.c: ...here. * gcc.dg/analyzer/loop-start-down-to-end-by-step.c: Moved to... * c-c++-common/analyzer/loop-start-down-to-end-by-step.c: ...here. * gcc.dg/analyzer/loop-start-to-end-by-step.c: Moved to... * c-c++-common/analyzer/loop-start-to-end-by-step.c: ...here. * gcc.dg/analyzer/loop-start-up-to-end-by-1.c: Moved to... * c-c++-common/analyzer/loop-start-up-to-end-by-1.c: ...here. * gcc.dg/analyzer/loop.c: Moved to... * c-c++-common/analyzer/loop.c: ...here. * gcc.dg/analyzer/malloc-3.c: Moved to... * c-c++-common/analyzer/malloc-3.c: ...here. * gcc.dg/analyzer/malloc-5.c: Moved to... * c-c++-common/analyzer/malloc-5.c: ...here. * gcc.dg/analyzer/malloc-CWE-401-example.c: Moved to... * c-c++-common/analyzer/malloc-CWE-401-example.c: ...here. * gcc.dg/analyzer/malloc-CWE-415-examples.c: Moved to... * c-c++-common/analyzer/malloc-CWE-415-examples.c: ...here. * gcc.dg/analyzer/malloc-CWE-416-examples.c: Moved to... * c-c++-common/analyzer/malloc-CWE-416-examples.c: ...here. * gcc.dg/analyzer/malloc-CWE-590-examples.c: Moved to... * c-c++-common/analyzer/malloc-CWE-590-examples.c: ...here. * gcc.dg/analyzer/malloc-callbacks.c: Moved to... * c-c++-common/analyzer/malloc-callbacks.c: ...here. * gcc.dg/analyzer/malloc-dce.c: Moved to... * c-c++-common/analyzer/malloc-dce.c: ...here. * gcc.dg/analyzer/malloc-dedupe-1.c: Moved to... * c-c++-common/analyzer/malloc-dedupe-1.c: ...here. * gcc.dg/analyzer/malloc-in-loop.c: Moved to... * c-c++-common/analyzer/malloc-in-loop.c: ...here. * gcc.dg/analyzer/malloc-ipa-1.c: Moved to... * c-c++-common/analyzer/malloc-ipa-1.c: ...here. * gcc.dg/analyzer/malloc-ipa-11.c: Moved to... * c-c++-common/analyzer/malloc-ipa-11.c: ...here. * gcc.dg/analyzer/malloc-ipa-2.c: Moved to... * c-c++-common/analyzer/malloc-ipa-2.c: ...here. * gcc.dg/analyzer/malloc-ipa-3.c: Moved to... * c-c++-common/analyzer/malloc-ipa-3.c: ...here. * gcc.dg/analyzer/malloc-ipa-4.c: Moved to... * c-c++-common/analyzer/malloc-ipa-4.c: ...here. * gcc.dg/analyzer/malloc-ipa-5.c: Moved to... * c-c++-common/analyzer/malloc-ipa-5.c: ...here. * gcc.dg/analyzer/malloc-ipa-6.c: Moved to... * c-c++-common/analyzer/malloc-ipa-6.c: ...here. * gcc.dg/analyzer/malloc-ipa-7.c: Moved to... * c-c++-common/analyzer/malloc-ipa-7.c: ...here. * gcc.dg/analyzer/malloc-ipa-8-unchecked.c: Moved to... * c-c++-common/analyzer/malloc-ipa-8-unchecked.c: ...here. * gcc.dg/analyzer/malloc-macro-inline-events.c: Moved to... * c-c++-common/analyzer/malloc-macro-inline-events.c: ...here. * gcc.dg/analyzer/malloc-macro-separate-events.c: Moved to... * c-c++-common/analyzer/malloc-macro-separate-events.c: ...here. * gcc.dg/analyzer/malloc-macro.h: Moved to... * c-c++-common/analyzer/malloc-macro.h: ...here. * gcc.dg/analyzer/null-deref-pr108400-SoftEtherVPN-WebUi.c: Moved to... * c-c++-common/analyzer/null-deref-pr108400-SoftEtherVPN-WebUi.c: ...here. * gcc.dg/analyzer/out-of-bounds-1.c: Moved to... * c-c++-common/analyzer/out-of-bounds-1.c: ...here. * gcc.dg/analyzer/out-of-bounds-2.c: Moved to... * c-c++-common/analyzer/out-of-bounds-2.c: ...here. * gcc.dg/analyzer/out-of-bounds-5.c: Moved to... * c-c++-common/analyzer/out-of-bounds-5.c: ...here. * gcc.dg/analyzer/out-of-bounds-diagram-11.c: Moved to... * c-c++-common/analyzer/out-of-bounds-diagram-11.c: ...here. * gcc.dg/analyzer/out-of-bounds-diagram-3.c: Moved to... * c-c++-common/analyzer/out-of-bounds-diagram-3.c: ...here. * gcc.dg/analyzer/out-of-bounds-diagram-8.c: Moved to... * c-c++-common/analyzer/out-of-bounds-diagram-8.c: ...here. * gcc.dg/analyzer/phi-1.c: Moved to... * c-c++-common/analyzer/phi-1.c: ...here. * gcc.dg/analyzer/pr100615.c: Moved to... * c-c++-common/analyzer/pr100615.c: ...here. * gcc.dg/analyzer/pr103526.c: Moved to... * c-c++-common/analyzer/pr103526.c: ...here. * gcc.dg/analyzer/pr94362-1.c: Moved to... * c-c++-common/analyzer/pr94362-1.c: ...here. * gcc.dg/analyzer/pr97074.c: Moved to... * c-c++-common/analyzer/pr97074.c: ...here. * c-c++-common/analyzer/pr99193-2.c: Added include. * c-c++-common/analyzer/realloc-1.c: Added include. * gcc.dg/analyzer/scope-1.c: Moved to... * c-c++-common/analyzer/scope-1.c: ...here. * gcc.dg/analyzer/setjmp-2.c: Moved to... * c-c++-common/analyzer/setjmp-2.c: ...here. * gcc.dg/analyzer/setjmp-5.c: Moved to... * c-c++-common/analyzer/setjmp-5.c: ...here. * gcc.dg/analyzer/setjmp-9.c: Moved to... * c-c++-common/analyzer/setjmp-9.c: ...here. * gcc.dg/analyzer/signal-4a.c: Moved to... * c-c++-common/analyzer/signal-4a.c: ...here. * gcc.dg/analyzer/signal-4b.c: Moved to... * c-c++-common/analyzer/signal-4b.c: ...here. * gcc.dg/analyzer/file-pr58237.c: C only. * gcc.dg/analyzer/fopen-1.c: C only. * gcc.dg/analyzer/malloc-4.c: C only. * gcc.dg/analyzer/malloc-paths-9.c: C only. * gcc.dg/analyzer/pr103892.c: C only. * gcc.dg/analyzer/pr109577.c: C only. * gcc.dg/analyzer/pr93355-localealias-feasibility.c: C only. * gcc.dg/analyzer/pr99193-1.c: C only. * gcc.dg/analyzer/compound-assignment-1.c: Removed. * gcc.dg/analyzer/inlining-1.c: Removed. * gcc.dg/analyzer/inlining-2.c: Removed. * gcc.dg/analyzer/inlining-5.c: Removed. * gcc.dg/analyzer/inlining-7.c: Removed. * c-c++-common/analyzer/compound-assignment-1.c: New test. * c-c++-common/analyzer/file-pr58237-noexcept.c: Duplicate of gcc.dg/analyzer/file-pr58237.c with exceptions disabled. * c-c++-common/analyzer/fopen-2.c: C++ compatible parts from gcc.dg/analyzer/fopen-1.c. * c-c++-common/analyzer/inlining-1.c: New test. * c-c++-common/analyzer/inlining-2.c: New test. * c-c++-common/analyzer/inlining-5.c: New test. * c-c++-common/analyzer/inlining-7.c: New test. * c-c++-common/analyzer/malloc-paths-9-noexcept.c: Duplicate of gcc.dg/analyzer/malloc-paths-9.c with exceptions disabled. * c-c++-common/analyzer/pr109577-noexcept.c: Duplicate of gcc.dg/analyzer/pr109577.c with exceptions disabled. * c-c++-common/analyzer/pr93355-localealias-feasibility-noexcept.c: Duplicate of gcc.dg/analyzer/pr93355-localealias-feasibility.c with exceptions disabled. * c-c++-common/analyzer/pr99193-1-noexcept.c: Duplicate of gcc.dg/analyzer/pr99193-1.c with exceptions disabled. Signed-off-by: benjamin priour <vultkayn@gcc.gnu.org>
2023-09-08Daily bump.GCC Administrator1-0/+26
2023-09-07analyzer: basic support for computed gotos (PR analyzer/110529)David Malcolm5-3/+71
PR analyzer/110529 notes that -fanalyzer was giving up on execution paths that follow a computed goto, due to ignoring CFG edges with the flag EDGE_ABNORMAL set. This patch implements enough handling for them to allow analysis of such execution paths to continue. gcc/analyzer/ChangeLog: PR analyzer/110529 * program-point.cc (program_point::on_edge): Don't reject EDGE_ABNORMAL for computed gotos. * region-model.cc (region_model::maybe_update_for_edge): Handle computed goto statements. (region_model::apply_constraints_for_ggoto): New. * region-model.h (region_model::apply_constraints_for_ggoto): New decl. * supergraph.cc (supernode::get_label): New. * supergraph.h (supernode::get_label): New decl. gcc/testsuite/ChangeLog: PR analyzer/110529 * c-c++-common/analyzer/computed-goto-1.c: New test. * gcc.dg/analyzer/computed-goto-pr110529.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-09-07analyzer: Call off a superseding when diagnostics are unrelated [PR110830]benjamin priour1-1/+89
Before this patch, a saved_diagnostic would supersede another at the same statement if and only its vfunc supercedes_p returned true for the other diagnostic's kind. That both warning were unrelated - i.e. resolving one would not fix the other - was not considered in making the above choice. This patch makes it so that two saved_diagnostics taking a different outcome of at least one common conditional branching cannot supersede each other. Signed-off-by: Benjamin Priour <vultkayn@gcc.gnu.org> Co-authored-by: David Malcolm <dmalcolm@redhat.com> Signed-off-by: David Malcolm <dmalcolm@redhat.com> gcc/analyzer/ChangeLog: PR analyzer/110830 * diagnostic-manager.cc (compatible_epaths_p): New function. (saved_diagnostic::supercedes_p): Now calls the above to determine if the diagnostics do overlap and the superseding may proceed. gcc/testsuite/ChangeLog: PR analyzer/110830 * c-c++-common/analyzer/pr110830.c: New test.
2023-09-07analyzer: fix -Wunused-parameter warningsDavid Malcolm1-3/+3
gcc/analyzer/ChangeLog: * region-model.h: fix -Wunused-parameter warnings Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-09-07Daily bump.GCC Administrator1-0/+29
2023-09-06analyzer: implement kf_strstr [PR105899]David Malcolm1-0/+96
gcc/analyzer/ChangeLog: PR analyzer/105899 * kf.cc (class kf_strstr): New. (kf_strstr::impl_call_post): New. (register_known_functions): Register it. gcc/testsuite/ChangeLog: PR analyzer/105899 * c-c++-common/analyzer/strstr-1.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-09-06analyzer: implement kf_strncpy [PR105899]David Malcolm2-0/+184
gcc/analyzer/ChangeLog: PR analyzer/105899 * kf.cc (class kf_strncpy): New. (kf_strncpy::impl_call_post): New. (register_known_functions): Register it. * region-model.cc (region_model::read_bytes): Handle unknown number of bytes. gcc/testsuite/ChangeLog: PR analyzer/105899 * c-c++-common/analyzer/null-terminated-strings-2.c: New test. * c-c++-common/analyzer/overlapping-buffers.c: Update dg-bogus directives to avoid clashing with note from <string.h> that might happen to have the same line number. Add strpncpy test coverage. * c-c++-common/analyzer/strncpy-1.c: New test. * gcc.dg/analyzer/null-terminated-strings-1.c (test_filled_nonzero): New. (void test_filled_zero): New. (test_filled_symbolic): New. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-09-06analyzer: add ctxt to fill_region/zero_fill_regionDavid Malcolm3-12/+21
I noticed that region_model's fill_region/zero_fill_region member functions weren't checking that the write to the region was valid. Fixed thusly. gcc/analyzer/ChangeLog: * kf.cc (kf_calloc::impl_call_pre): Pass ctxt to zero_fill_region. (kf_memset::impl_call_pre): Move responsibility for calling check_region_for_write to fill_region. * region-model.cc (region_model::on_assignment): Pass ctxt to zero_fill_region. (region_model::fill_region): Add "ctxt" param, using it to call check_region_for_write. (region_model::zero_fill_region): Likewise. * region-model.h (region_model::fill_region): Add "ctxt" param. (region_model::zero_fill_region): Likewise. gcc/testsuite/ChangeLog: * gcc.dg/plugin/analyzer_cpython_plugin.c: Pass ctxt to zero_fill_region. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-09-02Daily bump.GCC Administrator1-0/+24
2023-09-01analyzer: Add support of placement new and improved operator new ↵benjamin priour8-25/+182
[PR105948,PR94355] Fixed spurious possibly-NULL warning always tagging along throwing operator new despite it never returning NULL. Now operator new is correctly recognized as possibly returning NULL if and only if it is non-throwing or exceptions have been disabled. Different standard signatures of operator new are now properly recognized. Added support of placement new, so that it is now properly recognized, and a 'heap_allocated' region is no longer created for it. Placement new size is also checked and a 'Wanalyzer-allocation-size' is emitted when relevant, as well as always a 'Wanalyzer-out-of-bounds'. 'operator new' non-throwing variants are detected y checking the types of the parameters. Indeed, in a call to new (std::nothrow) () the chosen overload has signature 'operator new (void*, std::nothrow_t&)', where the second parameter is a reference. In a placement new, the second parameter will always be a void pointer. Prior to this patch, some buffers first allocated with 'new', then deleted an thereafter used would result in a 'Wanalyzer-user-after-free' warning. However the wording was "use after 'free'" instead of the expected "use after 'delete'". This patch fixes this by introducing a new kind of poisoned value, namely POISON_KIND_DELETED. Due to how the analyzer sees calls to non-throwing variants of operator new, dereferencing a pointer freshly allocated in this fashion caused both a 'Wanalyzer-use-of-uninitialized-value' and a 'Wanalyzer-null-dereference' to be emitted, while only the latter was relevant. As a result, 'null-dereference' now supersedes 'use-of-uninitialized'. Signed-off-by: benjamin priour <vultkayn@gcc.gnu.org> gcc/analyzer/ChangeLog: PR analyzer/105948 PR analyzer/94355 * analyzer.h (is_placement_new_p): New declaration. * call-details.cc (call_details::deref_ptr_arg): New function. Dereference the argument at given index if possible. * call-details.h: Declaration of the above function. * kf-lang-cp.cc (is_placement_new_p): Returns true if the gcall is recognized as a placement new. (kf_operator_delete::impl_call_post): Unbinding a region and its descendents now poisons with POISON_KIND_DELETED. (register_known_functions_lang_cp): Known function "operator delete" is now registered only once independently of its number of arguments. * region-model.cc (region_model::eval_condition): Now recursively calls itself if any of the operand is wrapped in a cast. * sm-malloc.cc (malloc_state_machine::on_stmt): Add placement new recognition. * svalue.cc (poison_kind_to_str): Wording for the new PK. * svalue.h (enum poison_kind): Add value POISON_KIND_DELETED. gcc/testsuite/ChangeLog: PR analyzer/105948 PR analyzer/94355 * g++.dg/analyzer/out-of-bounds-placement-new.C: Added a directive. * g++.dg/analyzer/placement-new.C: Added tests. * g++.dg/analyzer/new-2.C: New test. * g++.dg/analyzer/noexcept-new.C: New test. * g++.dg/analyzer/placement-new-size.C: New test.
2023-09-01Daily bump.GCC Administrator1-0/+4
2023-08-31Darwin: homogenize spelling of macOSFrancois-Xavier Coudert1-1/+1
gcc/ChangeLog: * config.in: Regenerate. * config/darwin-c.cc: Change spelling to macOS. * config/darwin-driver.cc: Likewise. * config/darwin.h: Likewise. * configure.ac: Likewise. * doc/contrib.texi: Likewise. * doc/extend.texi: Likewise. * doc/invoke.texi: Likewise. * doc/plugins.texi: Likewise. * doc/tm.texi: Regenerate. * doc/tm.texi.in: Change spelling to macOS. * plugin.cc: Likewise. gcc/analyzer/ChangeLog: * kf.cc: Change spelling to macOS. gcc/c-family/ChangeLog: * c.opt: Change spelling to macOS. gcc/fortran/ChangeLog: * gfortran.texi: Likewise. gcc/jit/ChangeLog: * jit-playback.cc: Change spelling to macOS. gcc/objc/ChangeLog: * objc-act.cc: Change spelling to macOS.
2023-08-31Daily bump.GCC Administrator1-0/+17
2023-08-30analyzer: implement reference count checking for CPython plugin [PR107646]Eric Feng4-12/+59
This patch introduces initial support for reference count checking of PyObjects in relation to the Python/C API for the CPython plugin. Additionally, the core analyzer underwent several modifications to accommodate this feature. These include: - Introducing support for callbacks at the end of region_model::pop_frame. This is our current point of validation for the reference count of PyObjects. - An added optional custom stmt_finder parameter to region_model_context::warn. This aids in emitting a diagnostic concerning the reference count, especially when the stmt_finder is NULL, which is currently the case during region_model::pop_frame. The current diagnostic we emit relating to the reference count appears as follows: rc3.c:23:10: warning: expected ‘item’ to have reference count: ‘1’ but ob_refcnt field is: ‘2’ 23 | return list; | ^~~~ ‘create_py_object’: events 1-4 | | 4 | PyObject* item = PyLong_FromLong(3); | | ^~~~~~~~~~~~~~~~~~ | | | | | (1) when ‘PyLong_FromLong’ succeeds | 5 | PyObject* list = PyList_New(1); | | ~~~~~~~~~~~~~ | | | | | (2) when ‘PyList_New’ succeeds |...... | 14 | PyList_Append(list, item); | | ~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (3) when ‘PyList_Append’ succeeds, moving buffer |...... | 23 | return list; | | ~~~~ | | | | | (4) here | This is a WIP in several ways: - Currently, functions returning PyObject * are assumed to always produce a new reference. - The validation of reference count is only for PyObjects created within a function body. Verifying reference counts for PyObjects passed as parameters is not supported in this patch. gcc/analyzer/ChangeLog: PR analyzer/107646 * engine.cc (impl_region_model_context::warn): New optional parameter. * exploded-graph.h (class impl_region_model_context): Likewise. * region-model.cc (region_model::pop_frame): New callback feature for region_model::pop_frame. * region-model.h (struct append_regions_cb_data): Likewise. (class region_model): Likewise. (class region_model_context): New optional parameter. (class region_model_context_decorator): Likewise. gcc/testsuite/ChangeLog: PR analyzer/107646 * gcc.dg/plugin/analyzer_cpython_plugin.c: Implements reference count checking for PyObjects. * gcc.dg/plugin/cpython-plugin-test-2.c: Moved to... * gcc.dg/plugin/cpython-plugin-test-PyList_Append.c: ...here (and added more tests). * gcc.dg/plugin/cpython-plugin-test-1.c: Moved to... * gcc.dg/plugin/cpython-plugin-test-no-Python-h.c: ...here (and added more tests). * gcc.dg/plugin/plugin.exp: New tests. * gcc.dg/plugin/cpython-plugin-test-PyList_New.c: New test. * gcc.dg/plugin/cpython-plugin-test-PyLong_FromLong.c: New test. Signed-off-by: Eric Feng <ef2648@columbia.edu>
2023-08-30Analyzer: include algorithm headerFrancois-Xavier Coudert1-0/+1
gcc/analyzer/ChangeLog: * region-model.cc: Define INCLUDE_ALGORITHM.
2023-08-30Daily bump.GCC Administrator1-0/+26
2023-08-29analyzer: new warning: -Wanalyzer-overlapping-buffers [PR99860]David Malcolm8-2/+554
gcc/ChangeLog: PR analyzer/99860 * Makefile.in (ANALYZER_OBJS): Add analyzer/ranges.o. gcc/analyzer/ChangeLog: PR analyzer/99860 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call selftest::analyzer_ranges_cc_tests. * analyzer-selftests.h (selftest::run_analyzer_selftests): New decl. * analyzer.opt (Wanalyzer-overlapping-buffers): New option. * call-details.cc: Include "analyzer/ranges.h" and "make-unique.h". (class overlapping_buffers): New. (call_details::complain_about_overlap): New. * call-details.h (call_details::complain_about_overlap): New decl. * kf.cc (kf_memcpy_memmove::impl_call_pre): Call cd.complain_about_overlap for memcpy and memcpy_chk. (kf_strcat::impl_call_pre): Call cd.complain_about_overlap. (kf_strcpy::impl_call_pre): Likewise. * ranges.cc: New file. * ranges.h: New file. gcc/ChangeLog: PR analyzer/99860 * doc/invoke.texi: Add -Wanalyzer-overlapping-buffers. gcc/testsuite/ChangeLog: PR analyzer/99860 * c-c++-common/analyzer/overlapping-buffers.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-08-29analyzer: improve strdup handling [PR105899]David Malcolm1-9/+19
gcc/analyzer/ChangeLog: PR analyzer/105899 * kf.cc (kf_strdup::impl_call_pre): Set size of dynamically-allocated buffer. Simulate copying the string from the source region to the new buffer. gcc/testsuite/ChangeLog: PR analyzer/105899 * c-c++-common/analyzer/pr99193-2.c: Add -Wno-analyzer-too-complex. * gcc.dg/analyzer/strdup-1.c: Include "analyzer-decls.h". (test_concrete_strlen): New. (test_symbolic_strlen): New. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-08-28Daily bump.GCC Administrator1-0/+34
2023-08-27analyzer: Move gcc.dg/analyzer tests to c-c++-common (1) [PR96395]benjamin priour8-108/+351
First batch of moving tests from under gcc.dg/analyzer into c-c++-common/analyzer. C builtins are not recognized as such by C++, therefore this patch no longer uses tree.h:fndecl_built_in_p to recognize a builtin function, but rather the function names. Thus functions named as C builtins - such as calloc, sprintf ... - are recognized as such both in C and C++ sources by the analyzer. For user-declared functions named after builtins, the latters' function_decl tree are now preferred over the function_decl the user declared, even when the FE consider their declaration to mismatch (Wbuiltin-declaration-mismatch emitted). This mainly comes into account in the handling of these function attributes : the analyzer uses the builtin's attributes defined in gcc/builtins.def. Signed-off-by: benjamin priour <priour.be@gmail.com> gcc/analyzer/ChangeLog: PR analyzer/96395 * analyzer.h (class known_function): Add virtual casts to builtin_known_function. (class builtin_known_function): New subclass of known_function for builtins. * kf.cc (class kf_alloca): Now derived from builtin_known_function. (class kf_calloc): Likewise. (class kf_free): Likewise. (class kf_malloc): Likewise. (class kf_memcpy_memmove): Likewise. (class kf_memset): Likewise. (class kf_realloc): Likewise. (class kf_strchr): Likewise. (class kf_sprintf): Likewise. (class kf_strcat): Likewise. (class kf_strcpy): Likewise. (class kf_strdup): Likewise. (class kf_strlen): Likewise. (class kf_strndup): Likewise. (register_known_functions): Builtins are now registered as known_functions by name rather than by their BUILTIN_CODE. * known-function-manager.cc (get_normal_builtin): New overload. * known-function-manager.h: New overload declaration. * region-model.cc (region_model::get_builtin_kf): New function. * region-model.h (class region_model): Add declaration of get_builtin_kf. * sm-fd.cc: For called recognized as builtins, use the attributes of that builtin as defined in gcc/builtins.def rather than the user's. * sm-malloc.cc (malloc_state_machine::on_stmt): Likewise. gcc/testsuite/ChangeLog: PR analyzer/96395 * gcc.dg/analyzer/aliasing-3.c: Moved to... * c-c++-common/analyzer/aliasing-3.c: ...here. * gcc.dg/analyzer/aliasing-pr106473.c: Moved to... * c-c++-common/analyzer/aliasing-pr106473.c: ...here. * gcc.dg/analyzer/asm-x86-dyndbg-2.c: Moved to... * c-c++-common/analyzer/asm-x86-dyndbg-2.c: ...here. * gcc.dg/analyzer/asm-x86-lp64-2.c: Moved to... * c-c++-common/analyzer/asm-x86-lp64-2.c: ...here. * gcc.dg/analyzer/atomic-builtins-haproxy-proxy.c: Moved to... * c-c++-common/analyzer/atomic-builtins-haproxy-proxy.c: ...here. * gcc.dg/analyzer/atomic-builtins-qemu-sockets.c: Moved to... * c-c++-common/analyzer/atomic-builtins-qemu-sockets.c: ...here. * gcc.dg/analyzer/attr-malloc-6.c: Moved to... * c-c++-common/analyzer/attr-malloc-6.c: ...here. * gcc.dg/analyzer/attr-malloc-CVE-2019-19078-usb-leak.c: Moved to... * c-c++-common/analyzer/attr-malloc-CVE-2019-19078-usb-leak.c: ...here. * gcc.dg/analyzer/attr-tainted_args-1.c: Moved to... * c-c++-common/analyzer/attr-tainted_args-1.c: ...here. * gcc.dg/analyzer/call-summaries-pr107158.c: Moved to... * c-c++-common/analyzer/call-summaries-pr107158.c: ...here. * gcc.dg/analyzer/calloc-1.c: Moved to... * c-c++-common/analyzer/calloc-1.c: ...here. * gcc.dg/analyzer/compound-assignment-5.c: Moved to... * c-c++-common/analyzer/compound-assignment-5.c: ...here. * gcc.dg/analyzer/coreutils-cksum-pr108664.c: Moved to... * c-c++-common/analyzer/coreutils-cksum-pr108664.c: ...here. * gcc.dg/analyzer/coreutils-sum-pr108666.c: Moved to... * c-c++-common/analyzer/coreutils-sum-pr108666.c: ...here. * gcc.dg/analyzer/deref-before-check-pr108455-1.c: Moved to... * c-c++-common/analyzer/deref-before-check-pr108455-1.c: ...here. * gcc.dg/analyzer/deref-before-check-pr108455-git-pack-revindex.c: Moved to... * c-c++-common/analyzer/deref-before-check-pr108455-git-pack-revindex.c: ...here. * gcc.dg/analyzer/deref-before-check-pr108475-1.c: Moved to... * c-c++-common/analyzer/deref-before-check-pr108475-1.c: ...here. * gcc.dg/analyzer/deref-before-check-pr108475-haproxy-tcpcheck.c: Moved to... * c-c++-common/analyzer/deref-before-check-pr108475-haproxy-tcpcheck.c: ...here. * gcc.dg/analyzer/deref-before-check-pr109060-haproxy-cfgparse.c: Moved to... * c-c++-common/analyzer/deref-before-check-pr109060-haproxy-cfgparse.c: ...here. * gcc.dg/analyzer/deref-before-check-pr109239-linux-bus.c: Moved to... * c-c++-common/analyzer/deref-before-check-pr109239-linux-bus.c: ...here. * gcc.dg/analyzer/deref-before-check-pr77425.c: Moved to... * c-c++-common/analyzer/deref-before-check-pr77425.c: ...here. * gcc.dg/analyzer/exec-1.c: Moved to... * c-c++-common/analyzer/exec-1.c: ...here. * gcc.dg/analyzer/feasibility-3.c: Moved to... * c-c++-common/analyzer/feasibility-3.c: ...here. * gcc.dg/analyzer/fields.c: Moved to... * c-c++-common/analyzer/fields.c: ...here. * gcc.dg/analyzer/function-ptr-5.c: Moved to... * c-c++-common/analyzer/function-ptr-5.c: ...here. * gcc.dg/analyzer/infinite-recursion-pr108524-1.c: Moved to... * c-c++-common/analyzer/infinite-recursion-pr108524-1.c: ...here. * gcc.dg/analyzer/infinite-recursion-pr108524-2.c: Moved to... * c-c++-common/analyzer/infinite-recursion-pr108524-2.c: ...here. * gcc.dg/analyzer/infinite-recursion-pr108524-qobject-json-parser.c: Moved to... * c-c++-common/analyzer/infinite-recursion-pr108524-qobject-json-parser.c: ...here. * gcc.dg/analyzer/init.c: Moved to... * c-c++-common/analyzer/init.c: ...here. * gcc.dg/analyzer/inlining-3-multiline.c: Moved to... * c-c++-common/analyzer/inlining-3-multiline.c: ...here. * gcc.dg/analyzer/inlining-3.c: Moved to... * c-c++-common/analyzer/inlining-3.c: ...here. * gcc.dg/analyzer/inlining-4-multiline.c: Moved to... * c-c++-common/analyzer/inlining-4-multiline.c: ...here. * gcc.dg/analyzer/inlining-4.c: Moved to... * c-c++-common/analyzer/inlining-4.c: ...here. * gcc.dg/analyzer/leak-pr105906.c: Moved to... * c-c++-common/analyzer/leak-pr105906.c: ...here. * gcc.dg/analyzer/leak-pr108045-with-call-summaries.c: Moved to... * c-c++-common/analyzer/leak-pr108045-with-call-summaries.c: ...here. * gcc.dg/analyzer/leak-pr108045-without-call-summaries.c: Moved to... * c-c++-common/analyzer/leak-pr108045-without-call-summaries.c: ...here. * gcc.dg/analyzer/leak-pr109059-1.c: Moved to... * c-c++-common/analyzer/leak-pr109059-1.c: ...here. * gcc.dg/analyzer/leak-pr109059-2.c: Moved to... * c-c++-common/analyzer/leak-pr109059-2.c: ...here. * gcc.dg/analyzer/malloc-2.c: Moved to... * c-c++-common/analyzer/malloc-2.c: ...here. * gcc.dg/analyzer/memcpy-2.c: Moved to... * c-c++-common/analyzer/memcpy-2.c: ...here. * gcc.dg/analyzer/null-deref-pr108251-smp_fetch_ssl_fc_has_early-O2.c: Moved to... * c-c++-common/analyzer/null-deref-pr108251-smp_fetch_ssl_fc_has_early-O2.c: ...here. * gcc.dg/analyzer/null-deref-pr108251-smp_fetch_ssl_fc_has_early.c: Moved to... * c-c++-common/analyzer/null-deref-pr108251-smp_fetch_ssl_fc_has_early.c: ...here. * gcc.dg/analyzer/null-deref-pr108806-qemu.c: Moved to... * c-c++-common/analyzer/null-deref-pr108806-qemu.c: ...here. * gcc.dg/analyzer/null-deref-pr108830.c: Moved to... * c-c++-common/analyzer/null-deref-pr108830.c: ...here. * gcc.dg/analyzer/pr101962.c: Moved to... * c-c++-common/analyzer/pr101962.c: ...here. * gcc.dg/analyzer/pr103217-2.c: Moved to... * c-c++-common/analyzer/pr103217-2.c: ...here. * gcc.dg/analyzer/pr103217.c: Moved to... * c-c++-common/analyzer/pr103217.c: ...here. * gcc.dg/analyzer/pr104029.c: Moved to... * c-c++-common/analyzer/pr104029.c: ...here. * gcc.dg/analyzer/pr104062.c: Moved to... * c-c++-common/analyzer/pr104062.c: ...here. * gcc.dg/analyzer/pr105783.c: Moved to... * c-c++-common/analyzer/pr105783.c: ...here. * gcc.dg/analyzer/pr107345.c: Moved to... * c-c++-common/analyzer/pr107345.c: ...here. * gcc.dg/analyzer/pr93695-1.c: Moved to... * c-c++-common/analyzer/pr93695-1.c: ...here. * gcc.dg/analyzer/pr94596.c: Moved to... * c-c++-common/analyzer/pr94596.c: ...here. * gcc.dg/analyzer/pr94839.c: Moved to... * c-c++-common/analyzer/pr94839.c: ...here. * gcc.dg/analyzer/pr95152-4.c: C only. * gcc.dg/analyzer/pr95152-5.c: C only. * gcc.dg/analyzer/pr95240.c: Moved to... * c-c++-common/analyzer/pr95240.c: ...here. * gcc.dg/analyzer/pr96639.c: Moved to... * c-c++-common/analyzer/pr96639.c: ...here. * gcc.dg/analyzer/pr96653.c: Moved to... * c-c++-common/analyzer/pr96653.c: ...here. * gcc.dg/analyzer/pr96792.c: Moved to... * c-c++-common/analyzer/pr96792.c: ...here. * gcc.dg/analyzer/pr96841.c: Moved to... * c-c++-common/analyzer/pr96841.c: ...here. * gcc.dg/analyzer/pr98564.c: Moved to... * c-c++-common/analyzer/pr98564.c: ...here. * gcc.dg/analyzer/pr98628.c: Moved to... * c-c++-common/analyzer/pr98628.c: ...here. * gcc.dg/analyzer/pr98969.c: Moved to... * c-c++-common/analyzer/pr98969.c: ...here. * gcc.dg/analyzer/pr99193-2.c: Moved to... * c-c++-common/analyzer/pr99193-2.c: ...here. * gcc.dg/analyzer/pr99193-3.c: Moved to... * c-c++-common/analyzer/pr99193-3.c: ...here. * gcc.dg/analyzer/pr99716-1.c: Moved to... * c-c++-common/analyzer/pr99716-1.c: ...here. * gcc.dg/analyzer/pr99774-1.c: Moved to... * c-c++-common/analyzer/pr99774-1.c: ...here. * gcc.dg/analyzer/realloc-1.c: Moved to... * c-c++-common/analyzer/realloc-1.c: ...here. * gcc.dg/analyzer/realloc-2.c: Moved to... * c-c++-common/analyzer/realloc-2.c: ...here. * gcc.dg/analyzer/realloc-3.c: Moved to... * c-c++-common/analyzer/realloc-3.c: ...here. * gcc.dg/analyzer/realloc-4.c: Moved to... * c-c++-common/analyzer/realloc-4.c: ...here. * gcc.dg/analyzer/realloc-5.c: Moved to... * c-c++-common/analyzer/realloc-5.c: ...here. * gcc.dg/analyzer/realloc-pr110014.c: Moved to... * c-c++-common/analyzer/realloc-pr110014.c: ...here. * gcc.dg/analyzer/snprintf-concat.c: Moved to... * c-c++-common/analyzer/snprintf-concat.c: ...here. * gcc.dg/analyzer/sock-1.c: Moved to... * c-c++-common/analyzer/sock-1.c: ...here. * gcc.dg/analyzer/sprintf-concat.c: Moved to... * c-c++-common/analyzer/sprintf-concat.c: ...here. * gcc.dg/analyzer/string-ops-concat-pair.c: Moved to... * c-c++-common/analyzer/string-ops-concat-pair.c: ...here. * gcc.dg/analyzer/string-ops-dup.c: Moved to... * c-c++-common/analyzer/string-ops-dup.c: ...here. * gcc.dg/analyzer/switch-enum-pr105273-git-vreportf-2.c: Moved to... * c-c++-common/analyzer/switch-enum-pr105273-git-vreportf-2.c: ...here. * gcc.dg/analyzer/symbolic-12.c: Moved to... * c-c++-common/analyzer/symbolic-12.c: ...here. * gcc.dg/analyzer/uninit-alloca.c: Moved to... * c-c++-common/analyzer/uninit-alloca.c: ...here. * gcc.dg/analyzer/untracked-2.c: Moved to... * c-c++-common/analyzer/untracked-2.c: ...here. * gcc.dg/analyzer/vasprintf-1.c: Moved to... * c-c++-common/analyzer/vasprintf-1.c: ...here. * gcc.dg/analyzer/write-to-const-1.c: Moved to... * c-c++-common/analyzer/write-to-const-1.c: ...here. * gcc.dg/analyzer/write-to-function-1.c: C only. * gcc.dg/analyzer/write-to-string-literal-1.c: Moved to... * c-c++-common/analyzer/write-to-string-literal-1.c: ...here. * gcc.dg/analyzer/write-to-string-literal-4-disabled.c: Moved to... * c-c++-common/analyzer/write-to-string-literal-4-disabled.c: ...here. * gcc.dg/analyzer/write-to-string-literal-5.c: Moved to... * c-c++-common/analyzer/write-to-string-literal-5.c: ...here. * g++.dg/analyzer/analyzer.exp: Now also run tests under c-c++-common/analyzer. * gcc.dg/analyzer/analyzer-decls.h: Add NULL definition. * gcc.dg/analyzer/analyzer.exp: Now also run tests under c-c++-common/analyzer. * gcc.dg/analyzer/pr104369-1.c: C only. * gcc.dg/analyzer/pr104369-2.c: Likewise. * gcc.dg/analyzer/pr93355-localealias-feasibility-2.c: Likewise. * gcc.dg/analyzer/sprintf-1.c: Split into C-only and C++-friendly bits. * gcc.dg/analyzer/allocation-size-multiline-1.c: Removed. * gcc.dg/analyzer/allocation-size-multiline-2.c: Removed. * gcc.dg/analyzer/allocation-size-multiline-3.c: Removed. * gcc.dg/analyzer/data-model-11.c: Removed. * gcc.dg/analyzer/pr61861.c: C only. * gcc.dg/analyzer/pr93457.c: Removed. * gcc.dg/analyzer/pr97568.c: Removed. * gcc.dg/analyzer/write-to-string-literal-4.c: Removed. * c-c++-common/analyzer/allocation-size-multiline-1.c: New test. * c-c++-common/analyzer/allocation-size-multiline-2.c: New test. * c-c++-common/analyzer/allocation-size-multiline-3.c: New test. * c-c++-common/analyzer/data-model-11.c: New test. * c-c++-common/analyzer/pr93457.c: New test. * c-c++-common/analyzer/pr97568.c: New test. * c-c++-common/analyzer/sprintf-2.c: C++-friendly bit of previous gcc.dg/analyzer/sprintf-1.c. * c-c++-common/analyzer/write-to-string-literal-4.c: New test.
2023-08-26Daily bump.GCC Administrator1-0/+5
2023-08-25analyzer: fix ICE in text art strings supportDavid Malcolm1-19/+38
gcc/analyzer/ChangeLog: * access-diagram.cc (class string_region_spatial_item): Remove assumption that the string is written to the start of the cluster. gcc/testsuite/ChangeLog: * gcc.dg/analyzer/out-of-bounds-diagram-17.c: New test. * gcc.dg/analyzer/out-of-bounds-diagram-18.c: New test. * gcc.dg/analyzer/out-of-bounds-diagram-19.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-08-25Daily bump.GCC Administrator1-0/+91
2023-08-24analyzer: implement kf_strcat [PR105899]David Malcolm5-20/+138
gcc/analyzer/ChangeLog: PR analyzer/105899 * call-details.cc (call_details::check_for_null_terminated_string_arg): Split into overloads, one taking just an arg_idx, the other a new "include_terminator" param. * call-details.h: Likewise. * kf.cc (class kf_strcat): New. (kf_strcpy::impl_call_pre): Update for change to check_for_null_terminated_string_arg. (register_known_functions): Register kf_strcat. * region-model.cc (region_model::check_for_null_terminated_string_arg): Split into overloads, one taking just an arg_idx, the other a new "include_terminator" param. When returning an svalue, handle "include_terminator" being false by subtracting one. * region-model.h (region_model::check_for_null_terminated_string_arg): Split into overloads, one taking just an arg_idx, the other a new "include_terminator" param. gcc/ChangeLog: PR analyzer/105899 * doc/invoke.texi (Static Analyzer Options): Add "strcat" to the list of functions known to the analyzer. gcc/testsuite/ChangeLog: PR analyzer/105899 * gcc.dg/analyzer/strcat-1.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-08-24analyzer: handle strlen(BITS_WITHIN) [PR105899]David Malcolm1-1/+20
gcc/analyzer/ChangeLog: PR analyzer/105899 * region-model.cc (fragment::has_null_terminator): Handle SK_BITS_WITHIN. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-08-24analyzer: handle INIT_VAL(ELEMENT_REG(STRING_REG), CONSTANT_SVAL) [PR105899]David Malcolm1-0/+19
gcc/analyzer/ChangeLog: PR analyzer/105899 * region-model-manager.cc (region_model_manager::get_or_create_initial_value): Simplify INIT_VAL(ELEMENT_REG(STRING_REG), CONSTANT_SVAL) to CONSTANT_SVAL(STRING[N]). Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-08-24analyzer: handle strlen(INIT_VAL(STRING_REG)) [PR105899]David Malcolm1-21/+47
gcc/analyzer/ChangeLog: PR analyzer/105899 * region-model.cc (fragment::has_null_terminator): Move STRING_CST handling to fragment::string_cst_has_null_terminator; also use it to handle INIT_VAL(STRING_REG). (fragment::string_cst_has_null_terminator): New, from above. gcc/testsuite/ChangeLog: PR analyzer/105899 * gcc.dg/analyzer/strcpy-3.c (test_2): New. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-08-24analyzer: reimplement kf_memcpy_memmoveDavid Malcolm3-10/+48
gcc/analyzer/ChangeLog: * kf.cc (kf_memcpy_memmove::impl_call_pre): Reimplement using region_model::copy_bytes. * region-model.cc (region_model::read_bytes): New. (region_model::copy_bytes): New. * region-model.h (region_model::read_bytes): New decl. (region_model::copy_bytes): New decl. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-08-24analyzer: eliminate region_model::get_string_size [PR105899]David Malcolm2-32/+0
gcc/analyzer/ChangeLog: PR analyzer/105899 * region-model.cc (region_model::get_string_size): Delete both. * region-model.h (region_model::get_string_size): Delete both decls. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-08-24analyzer: reimplement kf_strcpy [PR105899]David Malcolm3-23/+45
This patch reimplements the analyzer's implementation of strcpy using the region_model::scan_for_null_terminator infrastructure, so that e.g. it can complain about out-of-bounds reads/writes, unterminated strings, etc. gcc/analyzer/ChangeLog: PR analyzer/105899 * kf.cc (kf_strcpy::impl_call_pre): Reimplement using check_for_null_terminated_string_arg. * region-model.cc (region_model::get_store_bytes): Shortcut reading all of a string_region. (region_model::scan_for_null_terminator): Use get_store_value for the bytes rather than "unknown" when returning an unknown length. (region_model::write_bytes): New. * region-model.h (region_model::write_bytes): New decl. gcc/testsuite/ChangeLog: PR analyzer/105899 * gcc.dg/analyzer/out-of-bounds-diagram-16.c: New test. * gcc.dg/analyzer/strcpy-1.c: Add test coverage. * gcc.dg/analyzer/strcpy-3.c: Likewise. * gcc.dg/analyzer/strcpy-4.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-08-24analyzer: handle symbolic bindings in scan_for_null_terminator [PR105899]David Malcolm1-0/+15
gcc/analyzer/ChangeLog: PR analyzer/105899 * region-model.cc (iterable_cluster::iterable_cluster): Add symbolic binding keys to m_symbolic_bindings. (iterable_cluster::has_symbolic_bindings_p): New. (iterable_cluster::m_symbolic_bindings): New field. (region_model::scan_for_null_terminator): Treat clusters with symbolic bindings as having unknown strlen. gcc/testsuite/ChangeLog: PR analyzer/105899 * gcc.dg/analyzer/sprintf-1.c: Include "analyzer-decls.h". (test_strlen_1): New. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-08-24analyzer: add logging to impl_path_contextDavid Malcolm1-2/+11
gcc/analyzer/ChangeLog: * engine.cc (impl_path_context::impl_path_context): Add logger param. (impl_path_context::bifurcate): Add log message. (impl_path_context::terminate_path): Likewise. (impl_path_context::m_logger): New field. (exploded_graph::process_node): Pass logger to path_ctxt ctor. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-08-23Daily bump.GCC Administrator1-0/+99
2023-08-22analyzer: reimplement kf_strlen [PR105899]David Malcolm3-59/+29
Reimplement kf_strlen in terms of the new string scanning implementation, sharing strlen's implementation with __analyzer_get_strlen. gcc/analyzer/ChangeLog: PR analyzer/105899 * kf-analyzer.cc (class kf_analyzer_get_strlen): Move to kf.cc. (register_known_analyzer_functions): Use make_kf_strlen. * kf.cc (class kf_strlen::impl_call_pre): Replace with implementation of kf_analyzer_get_strlen from kf-analyzer.cc. Handle "UNKNOWN" return from check_for_null_terminated_string_arg by falling back to a conjured svalue. (make_kf_strlen): New. (register_known_functions): Use make_kf_strlen. * known-function-manager.h (make_kf_strlen): New decl. gcc/testsuite/ChangeLog: PR analyzer/105899 * gcc.dg/analyzer/null-terminated-strings-1.c: Update expected results on symbolic values. * gcc.dg/analyzer/strlen-1.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
generated by cgit v1.1 at 2025-02-05 22:16:42 +0000