aboutsummaryrefslogtreecommitdiff
path: root/gcc/analyzer
AgeCommit message (Collapse)AuthorFilesLines
2023-12-12Daily bump.GCC Administrator1-0/+11
2023-12-11analyzer: fix uninitialized bitmap [PR112955]David Malcolm1-0/+1
In r14-5566-g841008d3966c0f I added a new ctor for feasibility_state, but failed to call bitmap_clear on m_snodes_visited. Fixed thusly. gcc/analyzer/ChangeLog: PR analyzer/112955 * engine.cc (feasibility_state::feasibility_state): Initialize m_snodes_visited. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-12-11analyzer: Remove check of unsigned_char in ↵Andrew Pinski1-3/+0
maybe_undo_optimize_bit_field_compare. The check for the type seems unnecessary and gets in the way sometimes. Also with a patch I am working on for match.pd, it causes a failure to happen. Before my patch the IR was: _1 = BIT_FIELD_REF <s, 8, 16>; _2 = _1 & 1; _3 = _2 != 0; _4 = (int) _3; __analyzer_eval (_4); Where _2 was an unsigned char type. And After my patch we have: _1 = BIT_FIELD_REF <s, 8, 16>; _2 = (int) _1; _3 = _2 & 1; __analyzer_eval (_3); But in this case, the BIT_AND_EXPR is in an int type. OK? Bootstrapped and tested on x86_64-linux-gnu with no regressions. gcc/analyzer/ChangeLog: * region-model-manager.cc (maybe_undo_optimize_bit_field_compare): Remove the check for type being unsigned_char_type_node.
2023-12-09Daily bump.GCC Administrator1-0/+22
2023-12-08analyzer: avoid taint for (TAINTED % NON_TAINTED)David Malcolm1-1/+8
gcc/analyzer/ChangeLog: * sm-taint.cc (taint_state_machine::alt_get_inherited_state): Fix handling of TRUNC_MOD_EXPR. gcc/testsuite/ChangeLog: * c-c++-common/analyzer/taint-modulus-1.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-12-08analyzer: fix ICE on infoleak with poisoned sizeDavid Malcolm1-13/+24
gcc/analyzer/ChangeLog: * region-model.cc (contains_uninit_p): Only check for svalues that the infoleak warning can handle. gcc/testsuite/ChangeLog: * gcc.dg/plugin/infoleak-uninit-size-1.c: New test. * gcc.dg/plugin/infoleak-uninit-size-2.c: New test. * gcc.dg/plugin/plugin.exp: Add the new tests. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-12-07analyzer: fix ICE for 2 bits before the start of base region [PR112889]David Malcolm1-5/+5
Cncrete bindings were using -1 and -2 in the offset field to signify deleted and empty hash slots, but these are valid values, leading to assertion failures inside hash_map::put on a debug build, and probable bugs in a release build. (gdb) call k.dump(true) start: -2, size: 1, next: -1 (gdb) p k.is_empty() $6 = true Fix by using the size field rather than the offset. gcc/analyzer/ChangeLog: PR analyzer/112889 * store.h (concrete_binding::concrete_binding): Strengthen assertion to require size to be be positive, rather than just non-zero. (concrete_binding::mark_deleted): Use size rather than start bit offset. (concrete_binding::mark_empty): Likewise. (concrete_binding::is_deleted): Likewise. (concrete_binding::is_empty): Likewise. gcc/testsuite/ChangeLog: PR analyzer/112889 * c-c++-common/analyzer/ice-pr112889.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-12-08Daily bump.GCC Administrator1-0/+28
2023-12-07analyzer: deal with -fshort-enumsAlexandre Oliva1-4/+23
On platforms that enable -fshort-enums by default, various switch-enum analyzer tests fail, because apply_constraints_for_gswitch doesn't expect the integral promotion type cast. I've arranged for the code to cope with those casts. for gcc/analyzer/ChangeLog * region-model.cc (has_nondefault_case_for_value_p): Take enumerate type as a parameter. (region_model::apply_constraints_for_gswitch): Cope with integral promotion type casts. for gcc/testsuite/ChangeLog * gcc.dg/analyzer/switch-short-enum-1.c: New. * gcc.dg/analyzer/switch-no-short-enum-1.c: New.
2023-12-06analyzer: fix taint false positives with UNKNOWN [PR112850]David Malcolm8-1/+50
PR analyzer/112850 reports a false positive from -Wanalyzer-tainted-allocation-size on the Linux kernel [1] where -fanalyzer complains that an allocation size is attacker-controlled despite the value being correctly sanitized against upper and lower limits. The root cause is that the expression is sufficiently complex to exceed the -param=analyzer-max-svalue-depth= threshold, currently at 12, with depth 13, and so it is treated as UNKNOWN. Hence the sanitizations are seen as comparisons of an UNKNOWN symbolic value against constants, and these were being ignored by the taint state machine. The expression in question is relatively typical for those seen in Linux kernel ioctl handlers, and I was surprised that it had exceeded the analyzer's default expression complexity limit. This patch addresses this problem in three ways: (a) the default value of the threshold parameter is increased, from 12 to 18, so that such expressions are precisely handled (b) adding a new -Wanalyzer-symbol-too-complex to warn when the symbol complexity limit is reached. This is off by default for users, and on by default in the test suite. (c) the taint state machine handles comparisons against UNKNOWN svalues by dropping all taint information on that execution path, so that if the complexity limit has been exceeded we don't generate false positives As well as fixing the taint false positive (PR analyzer/112850), the patch also fixes a couple of leak false positives seen on flex-generated scanners (PR analyzer/103546). [1] specifically, in sound/core/rawmidi.c's handler for SNDRV_RAWMIDI_STREAM_OUTPUT. gcc/ChangeLog: PR analyzer/103546 PR analyzer/112850 * doc/invoke.texi: Add -Wanalyzer-symbol-too-complex. gcc/analyzer/ChangeLog: PR analyzer/103546 PR analyzer/112850 * analyzer.opt (-param=analyzer-max-svalue-depth=): Increase from 12 to 18. (Wanalyzer-symbol-too-complex): New. * diagnostic-manager.cc (null_assignment_sm_context::clear_all_per_svalue_state): New. * engine.cc (impl_sm_context::clear_all_per_svalue_state): New. * program-state.cc (sm_state_map::clear_all_per_svalue_state): New. * program-state.h (sm_state_map::clear_all_per_svalue_state): New decl. * region-model-manager.cc (region_model_manager::reject_if_too_complex): Add -Wanalyzer-symbol-too-complex. * sm-taint.cc (taint_state_machine::on_condition): Handle comparisons against UNKNOWN. * sm.h (sm_context::clear_all_per_svalue_state): New. gcc/testsuite/ChangeLog: PR analyzer/103546 PR analyzer/112850 * c-c++-common/analyzer/call-summaries-pr107158-2.c: Add -Wno-analyzer-symbol-too-complex. * c-c++-common/analyzer/call-summaries-pr107158.c: Likewise. * c-c++-common/analyzer/deref-before-check-pr109060-haproxy-cfgparse.c: Likewise. * c-c++-common/analyzer/feasibility-3.c: Add -Wno-analyzer-too-complex and -Wno-analyzer-symbol-too-complex. * c-c++-common/analyzer/flex-with-call-summaries.c: Add -Wno-analyzer-symbol-too-complex. Remove fail for PR analyzer/103546 leak false positive. * c-c++-common/analyzer/flex-without-call-summaries.c: Remove xfail for PR analyzer/103546 leak false positive. * c-c++-common/analyzer/infinite-recursion-3.c: Add -Wno-analyzer-symbol-too-complex. * c-c++-common/analyzer/null-deref-pr108251-smp_fetch_ssl_fc_has_early-O2.c: Likewise. * c-c++-common/analyzer/null-deref-pr108251-smp_fetch_ssl_fc_has_early.c: Likewise. * c-c++-common/analyzer/null-deref-pr108400-SoftEtherVPN-WebUi.c: Likewise. * c-c++-common/analyzer/null-deref-pr108806-qemu.c: Likewise. * c-c++-common/analyzer/null-deref-pr108830.c: Likewise. * c-c++-common/analyzer/pr94596.c: Likewise. * c-c++-common/analyzer/strtok-2.c: Likewise. * c-c++-common/analyzer/strtok-4.c: Add -Wno-analyzer-too-complex and -Wno-analyzer-symbol-too-complex. * c-c++-common/analyzer/strtok-cppreference.c: Likewise. * gcc.dg/analyzer/analyzer.exp: Add -Wanalyzer-symbol-too-complex to DEFAULT_CFLAGS. * gcc.dg/analyzer/attr-const-3.c: Add -Wno-analyzer-symbol-too-complex. * gcc.dg/analyzer/call-summaries-pr107072.c: Likewise. * gcc.dg/analyzer/doom-s_sound-pr108867.c: Likewise. * gcc.dg/analyzer/explode-4.c: Likewise. * gcc.dg/analyzer/null-deref-pr102671-1.c: Likewise. * gcc.dg/analyzer/null-deref-pr105755.c: Likewise. * gcc.dg/analyzer/out-of-bounds-curl.c: Likewise. * gcc.dg/analyzer/pr101503.c: Likewise. * gcc.dg/analyzer/pr103892.c: Add -Wno-analyzer-too-complex and -Wno-analyzer-symbol-too-complex. * gcc.dg/analyzer/pr94851-4.c: Add -Wno-analyzer-symbol-too-complex. * gcc.dg/analyzer/pr96860-1.c: Likewise. * gcc.dg/analyzer/pr96860-2.c: Likewise. * gcc.dg/analyzer/pr98918.c: Likewise. * gcc.dg/analyzer/pr99044-2.c: Likewise. * gcc.dg/analyzer/uninit-pr108806-qemu.c: Likewise. * gcc.dg/analyzer/use-after-free.c: Add -Wno-analyzer-too-complex and -Wno-analyzer-symbol-too-complex. * gcc.dg/plugin/plugin.exp: Add new tests for analyzer_kernel_plugin.c. * gcc.dg/plugin/taint-CVE-2011-0521-4.c: Update expected results. * gcc.dg/plugin/taint-CVE-2011-0521-5.c: Likewise. * gcc.dg/plugin/taint-CVE-2011-0521-6.c: Likewise. * gcc.dg/plugin/taint-CVE-2011-0521-5-fixed.c: Remove xfail. * gcc.dg/plugin/taint-pr112850-precise.c: New test. * gcc.dg/plugin/taint-pr112850-too-complex.c: New test. * gcc.dg/plugin/taint-pr112850-unsanitized.c: New test. * gcc.dg/plugin/taint-pr112850.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-12-07Daily bump.GCC Administrator1-0/+5
2023-12-06diagnostics: prettify JSON output formatsDavid Malcolm1-1/+1
Previously our JSON output emitted the JSON all on one line, with no indentation to show the structure of the values. Although it's easy to reformat such output (e.g. with "python -m json.tool"), I've found it's a pain to need to do so e.g. my text editor sometimes hangs when opening a multimegabyte json file all on one line. Similarly diff-ing is easier if the json is already formatted. This patch add whitespace to json output to show the structure. It turned out to be fairly easy to implement using pretty_printer's existing indentation machinery. The patch uses this formatting for the various JSON-based diagnostic output formats. For example, with this patch, the output from fdiagnostics-format=json-stderr looks like: [{"kind": "warning", "message": "stack-based buffer overflow", "option": "-Wanalyzer-out-of-bounds", "option_url": "https://gcc.gnu.org/onlinedocs/gcc/Static-Analyzer-Options.html#index-Wanalyzer-out-of-bounds", "children": [{"kind": "note", "message": "write of 350 bytes to beyond the end of ‘buf’", "locations": [{"caret": {"file": "../../src/gcc/testsuite/gcc.dg/analyzer/out-of-bounds-diagram-19.c", "line": 20, "display-column": 3, "byte-column": 3, "column": 3}, "finish": {"file": "../../src/gcc/testsuite/gcc.dg/analyzer/out-of-bounds-diagram-19.c", "line": 20, "display-column": 27, "byte-column": 27, "column": 27}}], "escape-source": false}, {"kind": "note", "message": "valid subscripts for ‘buf’ are ‘[0]’ to ‘[99]’", "locations": [{"caret": {"file": "../../src/gcc/testsuite/gcc.dg/analyzer/out-of-bounds-diagram-19.c", "line": 20, "display-column": 3, "byte-column": 3, "column": 3}, "finish": {"file": "../../src/gcc/testsuite/gcc.dg/analyzer/out-of-bounds-diagram-19.c", "line": 20, "display-column": 27, "byte-column": 27, "column": 27}}], "escape-source": false}], "column-origin": 1, ...snip...] I was able to update almost all of our DejaGnu test cases for JSON to handle this format tweak, and IMHO it improved the readability of these test cases, but a couple were more awkward. Hence I added -fno-diagnostics-json-formatting as an option to disable this formatting. The formatting does not affect the output of -fsave-optimization-record or the JSON output from gcov (but this could be enabled if desirable). gcc/analyzer/ChangeLog: * engine.cc (dump_analyzer_json): Use flag_diagnostics_json_formatting. gcc/ChangeLog: * common.opt (fdiagnostics-json-formatting): New. * diagnostic-format-json.cc: Add "formatted" boolean to json_output_format and subclasses, and to the diagnostic_output_format_init_json_* functions. Use it when printing JSON. * diagnostic-format-sarif.cc: Likewise for sarif_builder, sarif_output_format, and the various diagnostic_output_format_init_sarif_* functions. * diagnostic.cc (diagnostic_output_format_init): Add "json_formatting" boolean and pass on to the various cases. * diagnostic.h (diagnostic_output_format_init): Add "json_formatted" param. (diagnostic_output_format_init_json_stderr): Add "formatted" param (diagnostic_output_format_init_json_file): Likewise. (diagnostic_output_format_init_sarif_stderr): Likewise. (diagnostic_output_format_init_sarif_file): Likewise. (diagnostic_output_format_init_sarif_stream): Likewise. * doc/invoke.texi (-fdiagnostics-format=json): Remove discussion about JSON output needing formatting. (-fno-diagnostics-json-formatting): Add. * gcc.cc (driver_handle_option): Use opts->x_flag_diagnostics_json_formatting. * gcov.cc (generate_results): Pass "false" for new formatting option when printing json. * json.cc (value::dump): Add new "formatted" param. (object::print): Likewise, using it to add whitespace to format the JSON output. (array::print): Likewise. (float_number::print): Add new "formatted" param. (integer_number::print): Likewise. (string::print): Likewise. (literal::print): Likewise. (selftest::assert_print_eq): Add "formatted" param. (ASSERT_PRINT_EQ): Add "FORMATTED" param. (selftest::test_writing_objects): Test both formatted and unformatted printing. (selftest::test_writing_arrays): Likewise. (selftest::test_writing_float_numbers): Update for new param of ASSERT_PRINT_EQ. (selftest::test_writing_integer_numbers): Likewise. (selftest::test_writing_strings): Likewise. (selftest::test_writing_literals): Likewise. (selftest::test_formatting): New. (selftest::json_cc_tests): Call it. * json.h (value::print): Add "formatted" param. (value::dump): Likewise. (object::print): Likewise. (array::print): Likewise. (float_number::print): Likewise. (integer_number::print): Likewise. (string::print): Likewise. (literal::print): Likewise. * optinfo-emit-json.cc (optrecord_json_writer::write): Pass "false" for new formatting option when printing json. (selftest::test_building_json_from_dump_calls): Likewise. * opts.cc (common_handle_option): Use opts->x_flag_diagnostics_json_formatting. gcc/testsuite/ChangeLog: * c-c++-common/diagnostic-format-json-1.c: Update expected JSON output to reflect whitespace. * c-c++-common/diagnostic-format-json-2.c: Likewise. * c-c++-common/diagnostic-format-json-3.c: Likewise. * c-c++-common/diagnostic-format-json-4.c: Likewise. * c-c++-common/diagnostic-format-json-5.c: Likewise. * c-c++-common/diagnostic-format-json-stderr-1.c: Likewise. * g++.dg/pr90462.C: Add -fno-diagnostics-json-formatting. * gcc.dg/analyzer/malloc-sarif-1.c: Likewise. * gcc.dg/plugin/diagnostic-test-paths-3.c: Update expected JSON output to reflect whitespace. * gfortran.dg/diagnostic-format-json-1.F90: Likewise. * gfortran.dg/diagnostic-format-json-2.F90: Likewise. * gfortran.dg/diagnostic-format-json-3.F90: Likewise. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-12-02Daily bump.GCC Administrator1-0/+40
2023-12-01diagnostics, analyzer: add optional per-diagnostic property bags to SARIFDavid Malcolm23-497/+490
I've found it useful in debugging the analyzer for the SARIF output to contain extra analyzer-specific data in each diagnostic. This patch: * adds a way for a diagnostic_metadata to populate a property bag within a SARIF "result" object based on a new vfunc * reworks how diagnostics are emitted within the analyzer so that a custom diagnostic_metadata subclass is used, which populates the property bag with information from the saved_diagnostic, and with a vfunc hook allowing for per-pending_diagnotic-subclass extra properties. Doing so makes it trivial to go from the SARIF output back to pertinent parts of the analyzer's internals (e.g. the index of the diagnostic within the ana::diagnostic_manager, the index of the ana::exploded_node, etc). It also replaces a lot of boilerplate in the "emit" implementations in the various pending_diagnostics subclasses. In particular, doing so fixes missing CVE metadata for -Wanalyzer-fd-phase-mismatch (where sm-fd.cc's fd_phase_mismatch::emit was failing to use its diagnostic_metadata instance). gcc/analyzer/ChangeLog: * analyzer.h (class saved_diagnostic): New forward decl. * bounds-checking.cc: Update for changes to pending_diagnostic::emit. * call-details.cc: Likewise. * diagnostic-manager.cc: Include "diagnostic-format-sarif.h". (saved_diagnostic::maybe_add_sarif_properties): New. (class pending_diagnostic_metadata): New. (diagnostic_manager::emit_saved_diagnostic): Create a pending_diagnostic_metadata and a diagnostic_emission_context. Pass the latter to the pending_diagnostic::emit vfunc. * diagnostic-manager.h (saved_diagnostic::maybe_add_sarif_properties): New decl. * engine.cc: Update for changes to pending_diagnostic::emit. * infinite-loop.cc: Likewise. * infinite-recursion.cc: Likewise. * kf-analyzer.cc: Likewise. * kf.cc: Likewise. * pending-diagnostic.cc (diagnostic_emission_context::get_pending_diagnostic): New. (diagnostic_emission_context::warn): New. (diagnostic_emission_context::inform): New. * pending-diagnostic.h (class diagnostic_emission_context): New. (pending_diagnostic::emit): Update params. (pending_diagnostic::maybe_add_sarif_properties): New vfunc. * region.cc: Don't include "diagnostic-metadata.h". * region-model.cc: Include "diagnostic-format-sarif.h". Update for changes to pending_diagnostic::emit. (exposure_through_uninit_copy::maybe_add_sarif_properties): New. * sm-fd.cc: Update for changes to pending_diagnostic::emit. * sm-file.cc: Likewise. * sm-malloc.cc: Likewise. * sm-pattern-test.cc: Likewise. * sm-sensitive.cc: Likewise. * sm-signal.cc: Likewise. * sm-taint.cc: Likewise. * store.cc: Don't include "diagnostic-metadata.h". * varargs.cc: Update for changes to pending_diagnostic::emit. gcc/ChangeLog: * diagnostic-core.h (emit_diagnostic_valist): New overload decl. * diagnostic-format-sarif.cc (sarif_builder::make_result_object): When we have metadata, call its maybe_add_sarif_properties vfunc. * diagnostic-metadata.h (class sarif_object): Forward decl. (diagnostic_metadata::~diagnostic_metadata): New. (diagnostic_metadata::maybe_add_sarif_properties): New vfunc. * diagnostic.cc (emit_diagnostic_valist): New overload. gcc/testsuite/ChangeLog: * gcc.dg/analyzer/fd-accept.c: Update for fix to missing CWE metadata for -Wanalyzer-fd-phase-mismatch. * gcc.dg/analyzer/fd-bind.c: Likewise. * gcc.dg/analyzer/fd-socket-misuse.c: Likewise. * gcc.dg/plugin/analyzer_cpython_plugin.c: Update for changes to pending_diagnostic::emit. * gcc.dg/plugin/analyzer_gil_plugin.c: Likewise. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-11-20Daily bump.GCC Administrator1-0/+43
2023-11-19libcpp: split decls out to rich-location.hDavid Malcolm1-0/+1
The various decls relating to rich_location are in libcpp/include/line-map.h, but they don't relate to line maps. Split them out to their own header: libcpp/include/rich-location.h No functional change intended. gcc/ChangeLog: * Makefile.in (CPPLIB_H): Add libcpp/include/rich-location.h. * coretypes.h (class rich_location): New forward decl. gcc/analyzer/ChangeLog: * analyzer.h: Include "rich-location.h". gcc/c-family/ChangeLog: * c-lex.cc: Include "rich-location.h". gcc/cp/ChangeLog: * mapper-client.cc: Include "rich-location.h". gcc/ChangeLog: * diagnostic.h: Include "rich-location.h". * edit-context.h (class fixit_hint): New forward decl. * gcc-rich-location.h: Include "rich-location.h". * genmatch.cc: Likewise. * pretty-print.h: Likewise. gcc/rust/ChangeLog: * rust-location.h: Include "rich-location.h". libcpp/ChangeLog: * Makefile.in (TAGS_SOURCES): Add "include/rich-location.h". * include/cpplib.h (class rich_location): New forward decl. * include/line-map.h (class range_label) (enum range_display_kind, struct location_range) (class semi_embedded_vec, class rich_location, class label_text) (class range_label, class fixit_hint): Move to... * include/rich-location.h: ...this new file. * internal.h: Include "rich-location.h". Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-11-18analyzer: new warning: -Wanalyzer-undefined-behavior-strtok [PR107573]David Malcolm13-17/+407
This patch: - adds support to the analyzer for tracking API-private state or which we don't have a decl (such as strtok's internal state), - uses it to implement a new -Wanalyzer-undefined-behavior-strtok which warns when strtok (NULL, delim) is called as the first call to strtok after main. gcc/analyzer/ChangeLog: PR analyzer/107573 * analyzer.h (register_known_functions): Add region_model_manager param. * analyzer.opt (Wanalyzer-undefined-behavior-strtok): New. * call-summary.cc (call_summary_replay::convert_region_from_summary_1): Handle RK_PRIVATE. * engine.cc (impl_run_checkers): Pass model manager to register_known_functions. * kf.cc (class undefined_function_behavior): New. (class kf_strtok): New. (register_known_functions): Add region_model_manager param. Use it to register "strtok". * region-model-manager.cc (region_model_manager::get_or_create_conjured_svalue): Add "idx" param. * region-model-manager.h (region_model_manager::get_or_create_conjured_svalue): Add "idx" param. (region_model_manager::get_root_region): New accessor. * region-model.cc (region_model::scan_for_null_terminator): Handle "expr" being null. (region_model::get_representative_path_var_1): Handle RK_PRIVATE. * region-model.h (region_model::called_from_main_p): Make public. * region.cc (region::get_memory_space): Handle RK_PRIVATE. (region::can_have_initial_svalue_p): Handle MEMSPACE_PRIVATE. (private_region::dump_to_pp): New. * region.h (MEMSPACE_PRIVATE): New. (RK_PRIVATE): New. (class private_region): New. (is_a_helper <const private_region *>::test): New. * store.cc (store::replay_call_summary_cluster): Handle RK_PRIVATE. * svalue.h (struct conjured_svalue::key_t): Add "idx" param to ctor and "m_idx" field. (class conjured_svalue::conjured_svalue): Likewise. gcc/ChangeLog: PR analyzer/107573 * doc/invoke.texi: Add -Wanalyzer-undefined-behavior-strtok. gcc/testsuite/ChangeLog: PR analyzer/107573 * c-c++-common/analyzer/strtok-1.c: New test. * c-c++-common/analyzer/strtok-2.c: New test. * c-c++-common/analyzer/strtok-3.c: New test. * c-c++-common/analyzer/strtok-4.c: New test. * c-c++-common/analyzer/strtok-cppreference.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-11-19Daily bump.GCC Administrator1-0/+112
2023-11-17analyzer: new warning: -Wanalyzer-infinite-loop [PR106147]David Malcolm14-51/+845
This patch implements a new analyzer warning: -Wanalyzer-infinite-loop. It works by examining the exploded graph once the latter has been fully built. It attempts to detect cycles in the exploded graph in which: - no externally visible work occurs - no escape is possible from the cycle once it has been entered - the program state is "sufficiently concrete" at each step: - no unknown activity could be occurring - the worklist was fully drained for each enode in the cycle i.e. every enode in the cycle is processed For example, it correctly complains about this bogus "for" loop: int sum = 0; for (struct node *iter = n; iter; iter->next) sum += n->val; return sum; like this: infinite-loop-linked-list.c: In function ‘for_loop_noop_next’: infinite-loop-linked-list.c:110:31: warning: infinite loop [CWE-835] [-Wanalyzer-infinite-loop] 110 | for (struct node *iter = n; iter; iter->next) | ^~~~ ‘for_loop_noop_next’: events 1-5 | | 110 | for (struct node *iter = n; iter; iter->next) | | ^~~~ | | | | | (1) infinite loop here | | (2) when ‘iter’ is non-NULL: always following ‘true’ branch... | | (5) ...to here | 111 | sum += n->val; | | ~~~~~~~~~~~~~ | | | | | | | (3) ...to here | | (4) looping back... | gcc/ChangeLog: PR analyzer/106147 * Makefile.in (ANALYZER_OBJS): Add analyzer/infinite-loop.o. * doc/invoke.texi: Add -fdump-analyzer-infinite-loop and -Wanalyzer-infinite-loop. Add missing CWE link for -Wanalyzer-infinite-recursion. * timevar.def (TV_ANALYZER_INFINITE_LOOPS): New. gcc/analyzer/ChangeLog: PR analyzer/106147 * analyzer.opt (Wanalyzer-infinite-loop): New option. (fdump-analyzer-infinite-loop): New option. * checker-event.h (start_cfg_edge_event::get_desc): Drop "final". (start_cfg_edge_event::maybe_describe_condition): Convert from private to protected. * checker-path.h (checker_path::get_logger): New. * diagnostic-manager.cc (process_worklist_item): Update for new context param of maybe_update_for_edge. * engine.cc (impl_region_model_context::impl_region_model_context): Add out_could_have_done_work param to both ctors and use it to initialize mm_out_could_have_done_work. (impl_region_model_context::maybe_did_work): New vfunc implementation. (exploded_node::on_stmt): Add out_could_have_done_work param and pass to ctxt ctor. (exploded_node::on_stmt_pre): Treat setjmp and longjmp as "doing work". (exploded_node::on_longjmp): Likewise. (exploded_edge::exploded_edge): Add "could_do_work" param and use it to initialize m_could_do_work_p. (exploded_edge::dump_dot_label): Add result of could_do_work_p. (exploded_graph::add_function_entry): Mark edge as doing no work. (exploded_graph::add_edge): Add "could_do_work" param and pass to exploded_edge ctor. (add_tainted_args_callback): Treat as doing no work. (exploded_graph::process_worklist): Likewise when merging nodes. (maybe_process_run_of_before_supernode_enodes::item): Likewise. (exploded_graph::maybe_create_dynamic_call): Likewise. (exploded_graph::process_node): Likewise for phi nodes. Pass in a "could_have_done_work" bool when handling stmts and use when creating edges. Assume work is done at bifurcation. (exploded_path::feasible_p): Update for new context param of maybe_update_for_edge. (feasibility_state::feasibility_state): New ctor. (feasibility_state::operator=): New. (feasibility_state::maybe_update_for_edge): Add ctxt param and use it. Fix missing newline when logging state. (impl_run_checkers): Call exploded_graph::detect_infinite_loops. * exploded-graph.h (impl_region_model_context::impl_region_model_context): Add out_could_have_done_work param to both ctors. (impl_region_model_context::maybe_did_work): New decl. (impl_region_model_context::checking_for_infinite_loop_p): New. (impl_region_model_context::on_unusable_in_infinite_loop): New. (impl_region_model_context::m_out_could_have_done_work): New field. (exploded_node::on_stmt): Add "out_could_have_done_work" param. (exploded_edge::exploded_edge): Add "could_do_work" param. (exploded_edge::could_do_work_p): New accessor. (exploded_edge::m_could_do_work_p): New field. (exploded_graph::add_edge): Add "could_do_work" param. (exploded_graph::detect_infinite_loops): New decl. (feasibility_state::feasibility_state): New ctor. (feasibility_state::operator=): New decl. (feasibility_state::maybe_update_for_edge): Add ctxt param. * infinite-loop.cc: New file. * program-state.cc (program_state::on_edge): Log the rejected constraint when region_model::maybe_update_for_edge fails. * region-model.cc (region_model::on_assignment): Treat any writes other than to the stack as "doing work". (region_model::on_stmt_pre): Treat all asm stmts as "doing work". (region_model::on_call_post): Likewise for all calls to functions with unknown side effects. (region_model::handle_phi): Add svals_changing_meaning param. Mark widening svalue in phi nodes as changing meaning. (unusable_in_infinite_loop_constraint_p): New. (region_model::add_constraint): If we're checking for an infinite loop, bail out on unusable svalues, or if we don't have a definite true/false for the constraint. (region_model::update_for_phis): Gather all svalues changing meaning in phi nodes, and purge constraints involving them. (region_model::replay_call_summary): Treat all call summaries as doing work. (region_model::can_merge_with_p): Purge constraints involving svalues that change meaning. (model_merger::on_widening_reuse): New. (test_iteration_1): Likewise. (selftest::test_iteration_1): Remove assertion that model6 "knows" that i < 157. * region-model.h (region_model::handle_phi): Add svals_changing_meaning param (region_model_context::maybe_did_work): New pure virtual func. (region_model_context::checking_for_infinite_loop_p): Likewise. (region_model_context::on_unusable_in_infinite_loop): Likewise. (noop_region_model_context::maybe_did_work): Implement. (noop_region_model_context::checking_for_infinite_loop_p): Likewise. (noop_region_model_context::on_unusable_in_infinite_loop): Likewise. (region_model_context_decorator::maybe_did_work): Implement. (region_model_context_decorator::checking_for_infinite_loop_p): Likewise. (region_model_context_decorator::on_unusable_in_infinite_loop): Likewise. (model_merger::on_widening_reuse): New decl. (model_merger::m_svals_changing_meaning): New field. * sm-signal.cc (register_signal_handler::impl_transition): Assume the edge "does work". * supergraph.cc (supernode::get_start_location): Use CFG edge's goto_locus if available. (supernode::get_end_location): Likewise. (cfg_superedge::dump_label_to_pp): Dump edges with a "goto_locus" * supergraph.h (cfg_superedge::get_goto_locus): New. * svalue.cc (svalue::can_merge_p): Call on_widening_reuse for widening values. (involvement_visitor::visit_widening_svalue): New. (svalue::involves_p): Update assertion to allow widening svalues. gcc/testsuite/ChangeLog: PR analyzer/106147 * c-c++-common/analyzer/gzio-2.c: Add dg-warning for infinite loop, marked as xfail. * c-c++-common/analyzer/infinite-loop-2.c: New test. * c-c++-common/analyzer/infinite-loop-4.c: New test. * c-c++-common/analyzer/infinite-loop-crc32c.c: New test. * c-c++-common/analyzer/infinite-loop-doom-d_main-IdentifyVersion.c: New test. * c-c++-common/analyzer/infinite-loop-doom-v_video.c: New test. * c-c++-common/analyzer/infinite-loop-g_error.c: New test. * c-c++-common/analyzer/infinite-loop-linked-list.c: New test. * c-c++-common/analyzer/infinite-recursion-inlining.c: Add dg-warning directives for infinite loop. * c-c++-common/analyzer/inlining-4-multiline.c: Update expected paths for event 5 having a location. * gcc.dg/analyzer/boxed-malloc-1.c: Add dg-warning for infinite loop. * gcc.dg/analyzer/data-model-20.c: Likewise. Add comment about suspect code, and create... * gcc.dg/analyzer/data-model-20a.c: ...this new test by cleaning it up. * gcc.dg/analyzer/edges-1.c: Add a placeholder statement to avoid the "...to here" from the if stmt occurring at the "while", and thus being treated as a bogus event. * gcc.dg/analyzer/explode-2a.c: Add dg-warning for infinite loop. * gcc.dg/analyzer/infinite-loop-1.c: New test. * gcc.dg/analyzer/malloc-1.c: Add dg-warning for infinite loop. * gcc.dg/analyzer/out-of-bounds-coreutils.c: Add TODO. * gcc.dg/analyzer/paths-4.c: Add dg-warning for infinite loop. * gcc.dg/analyzer/pr103892.c: Likewise. * gcc.dg/analyzer/pr93546.c: Likewise. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-11-15Daily bump.GCC Administrator1-0/+6
2023-11-14analyzer: enable taint state machine by default [PR103533]David Malcolm2-5/+2
gcc/analyzer/ChangeLog: PR analyzer/103533 * sm-taint.cc: Remove "experimental" from comment. * sm.cc (make_checkers): Always add taint state machine. gcc/ChangeLog: PR analyzer/103533 * doc/invoke.texi (Static Analyzer Options): Add the six -Wanalyzer-tainted-* warnings. Update documentation of each warning to reflect removed requirement to use -fanalyzer-checker=taint. Remove discussion of -fanalyzer-checker=taint. gcc/testsuite/ChangeLog: PR analyzer/103533 * c-c++-common/analyzer/attr-tainted_args-1.c: Remove use of -fanalyzer-checker=taint. * c-c++-common/analyzer/fread-1.c: Likewise. * c-c++-common/analyzer/pr104029.c: Likewise. * gcc.dg/analyzer/pr93032-mztools-signed-char.c: Add params to work around state explosion. * gcc.dg/analyzer/pr93032-mztools-unsigned-char.c: Likewise. * gcc.dg/analyzer/pr93382.c: Remove use of -fanalyzer-checker=taint. * gcc.dg/analyzer/switch-enum-taint-1.c: Likewise. * gcc.dg/analyzer/taint-CVE-2011-2210-1.c: Likewise. * gcc.dg/analyzer/taint-CVE-2020-13143-1.c: Likewise. * gcc.dg/analyzer/taint-CVE-2020-13143-2.c: Likewise. * gcc.dg/analyzer/taint-CVE-2020-13143.h: Likewise. * gcc.dg/analyzer/taint-alloc-1.c: Likewise. * gcc.dg/analyzer/taint-alloc-2.c: Likewise. * gcc.dg/analyzer/taint-alloc-3.c: Likewise. * gcc.dg/analyzer/taint-alloc-4.c: Likewise. * gcc.dg/analyzer/taint-alloc-5.c: Likewise. * gcc.dg/analyzer/taint-assert-BUG_ON.c: Likewise. * gcc.dg/analyzer/taint-assert-macro-expansion.c: Likewise. * gcc.dg/analyzer/taint-assert-system-header.c: Likewise. * gcc.dg/analyzer/taint-assert.c: Likewise. * gcc.dg/analyzer/taint-divisor-1.c: Likewise. * gcc.dg/analyzer/taint-divisor-2.c: Likewise. * gcc.dg/analyzer/taint-merger.c: Likewise. * gcc.dg/analyzer/taint-ops.c: Delete this test: it was a duplicate of material in operations.c and data-model-1.c, with -fanalyzer-checker=taint added. * gcc.dg/analyzer/taint-read-index-1.c: Remove use of -fanalyzer-checker=taint. * gcc.dg/analyzer/taint-read-offset-1.c: Likewise. * gcc.dg/analyzer/taint-realloc.c: Likewise. Add missing dg-warning for leak now that the malloc state machine is also active. * gcc.dg/analyzer/taint-size-1.c: Remove use of -fanalyzer-checker=taint. * gcc.dg/analyzer/taint-size-access-attr-1.c: Likewise. * gcc.dg/analyzer/taint-write-index-1.c: Likewise. * gcc.dg/analyzer/taint-write-offset-1.c: Likewise. * gcc.dg/analyzer/torture/taint-read-index-2.c: Likewise. * gcc.dg/analyzer/torture/taint-read-index-3.c: Likewise. * gcc.dg/plugin/taint-CVE-2011-0521-1-fixed.c: Likewise. Add -Wno-pedantic. * gcc.dg/plugin/taint-CVE-2011-0521-1.c: Likewise. * gcc.dg/plugin/taint-CVE-2011-0521-2-fixed.c: Likewise. * gcc.dg/plugin/taint-CVE-2011-0521-2.c: Likewise. * gcc.dg/plugin/taint-CVE-2011-0521-3-fixed.c: Likewise. * gcc.dg/plugin/taint-CVE-2011-0521-3.c: Likewise. Fix C++-style comment. * gcc.dg/plugin/taint-CVE-2011-0521-4.c: Remove use of -fanalyzer-checker=taint and add -Wno-pedantic. Remove xfail and add missing dg-warning. * gcc.dg/plugin/taint-CVE-2011-0521-5-fixed.c: Remove use of -fanalyzer-checker=taint and add -Wno-pedantic. * gcc.dg/plugin/taint-CVE-2011-0521-5.c: Likewise. * gcc.dg/plugin/taint-CVE-2011-0521-6.c: Likewise. * gcc.dg/plugin/taint-antipatterns-1.c: : Remove use of -fanalyzer-checker=taint. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-11-05Daily bump.GCC Administrator1-0/+4
2023-11-03diagnostics: convert diagnostic_context to a classDavid Malcolm1-2/+2
This patch: - converts "struct diagnostic_context" to "class diagnostic_context". - ensures all data members have an "m_" prefix, except for "printer", which has so many uses that renaming would be painful. - makes most of the data members private - converts much of the diagnostic_* functions to member functions of diagnostic_context, adding compatibility wrappers for users such as the Fortran frontend, and making as many as possible private. No functional change intended. gcc/ChangeLog: * common.opt (fdiagnostics-text-art-charset=): Remove refererence to diagnostic-text-art.h. * coretypes.h (struct diagnostic_context): Replace forward decl with... (class diagnostic_context): ...this. * diagnostic-format-json.cc: Update for changes to diagnostic_context. * diagnostic-format-sarif.cc: Likewise. * diagnostic-show-locus.cc: Likewise. * diagnostic-text-art.h: Deleted file, moving content... (enum diagnostic_text_art_charset): ...to diagnostic.h, (DIAGNOSTICS_TEXT_ART_CHARSET_DEFAULT): ...deleting, (diagnostics_text_art_charset_init): ...deleting in favor of diagnostic_context::set_text_art_charset. * diagnostic.cc: Remove include of "diagnostic-text-art.h". (pedantic_warning_kind): Update for field renaming. (permissive_error_kind): Likewise. (permissive_error_option): Likewise. (diagnostic_initialize): Convert to... (diagnostic_context::initialize): ...this, updating for field renamings. (diagnostic_color_init): Convert to... (diagnostic_context::color_init): ...this. (diagnostic_urls_init): Convert to... (diagnostic_context::urls_init): ...this. (diagnostic_initialize_input_context): Convert to... (diagnostic_context::initialize_input_context): ...this. (diagnostic_finish): Convert to... (diagnostic_context::finish): ...this, updating for field renamings. (diagnostic_context::set_output_format): New. (diagnostic_context::set_client_data_hooks): New. (diagnostic_context::create_edit_context): New. (diagnostic_converted_column): Convert to... (diagnostic_context::converted_column): ...this. (diagnostic_get_location_text): Update for field renaming. (diagnostic_check_max_errors): Convert to... (diagnostic_context::check_max_errors): ...this, updating for field renamings. (diagnostic_action_after_output): Convert to... (diagnostic_context::action_after_output): ...this, updating for field renamings. (last_module_changed_p): Delete. (set_last_module): Delete. (includes_seen): Convert to... (diagnostic_context::includes_seen_p): ...this, updating for field renamings. (diagnostic_report_current_module): Convert to... (diagnostic_context::report_current_module): ...this, updating for field renamings, and replacing uses of last_module_changed_p and set_last_module to simple field accesses. (diagnostic_show_any_path): Convert to... (diagnostic_context::show_any_path): ...this. (diagnostic_classify_diagnostic): Convert to... (diagnostic_context::classify_diagnostic): ...this, updating for field renamings. (diagnostic_push_diagnostics): Convert to... (diagnostic_context::push_diagnostics): ...this, updating for field renamings. (diagnostic_pop_diagnostics): Convert to... (diagnostic_context::pop_diagnostics): ...this, updating for field renamings. (get_any_inlining_info): Convert to... (diagnostic_context::get_any_inlining_info): ...this, updating for field renamings. (update_effective_level_from_pragmas): Convert to... (diagnostic_context::update_effective_level_from_pragmas): ...this, updating for field renamings. (print_any_cwe): Convert to... (diagnostic_context::print_any_cwe): ...this. (print_any_rules): Convert to... (diagnostic_context::print_any_rules): ...this. (print_option_information): Convert to... (diagnostic_context::print_option_information): ...this, updating for field renamings. (diagnostic_enabled): Convert to... (diagnostic_context::diagnostic_enabled): ...this, updating for field renamings. (warning_enabled_at): Convert to... (diagnostic_context::warning_enabled_at): ...this. (diagnostic_report_diagnostic): Convert to... (diagnostic_context::report_diagnostic): ...this, updating for field renamings and conversions to member functions. (diagnostic_append_note): Update for field renaming. (diagnostic_impl): Use diagnostic_context::report_diagnostic directly. (diagnostic_n_impl): Likewise. (diagnostic_emit_diagram): Convert to... (diagnostic_context::emit_diagram): ...this, updating for field renamings. (error_recursion): Convert to... (diagnostic_context::error_recursion): ...this. (diagnostic_text_output_format::~diagnostic_text_output_format): Use accessor. (diagnostics_text_art_charset_init): Convert to... (diagnostic_context::set_text_art_charset): ...this. (assert_location_text): Update for field renamings. * diagnostic.h (enum diagnostic_text_art_charset): Move here from diagnostic-text-art.h. (struct diagnostic_context): Convert to... (class diagnostic_context): ...this. (diagnostic_context::ice_handler_callback_t): New typedef. (diagnostic_context::set_locations_callback_t): New typedef. (diagnostic_context::initialize): New decl. (diagnostic_context::color_init): New decl. (diagnostic_context::urls_init): New decl. (diagnostic_context::file_cache_init): New decl. (diagnostic_context::finish): New decl. (diagnostic_context::set_set_locations_callback): New. (diagnostic_context::initialize_input_context): New decl. (diagnostic_context::warning_enabled_at): New decl. (diagnostic_context::option_unspecified_p): New. (diagnostic_context::report_diagnostic): New decl. (diagnostic_context::report_current_module): New decl. (diagnostic_context::check_max_errors): New decl. (diagnostic_context::action_after_output): New decl. (diagnostic_context::classify_diagnostic): New decl. (diagnostic_context::push_diagnostics): New decl. (diagnostic_context::pop_diagnostics): New decl. (diagnostic_context::emit_diagram): New decl. (diagnostic_context::set_output_format): New decl. (diagnostic_context::set_text_art_charset): New decl. (diagnostic_context::set_client_data_hooks): New decl. (diagnostic_context::create_edit_context): New decl. (diagnostic_context::set_warning_as_error_requested): New. (diagnostic_context::set_report_bug): New. (diagnostic_context::set_extra_output_kind): New. (diagnostic_context::set_show_cwe): New. (diagnostic_context::set_show_rules): New. (diagnostic_context::set_path_format): New. (diagnostic_context::set_show_path_depths): New. (diagnostic_context::set_show_option_requested): New. (diagnostic_context::set_max_errors): New. (diagnostic_context::set_escape_format): New. (diagnostic_context::set_ice_handler_callback): New. (diagnostic_context::warning_as_error_requested_p): New. (diagnostic_context::show_path_depths_p): New. (diagnostic_context::get_path_format): New. (diagnostic_context::get_escape_format): New. (diagnostic_context::get_file_cache): New. (diagnostic_context::get_edit_context): New. (diagnostic_context::get_client_data_hooks): New. (diagnostic_context::get_diagram_theme): New. (diagnostic_context::converted_column): New decl. (diagnostic_context::diagnostic_count): New. (diagnostic_context::includes_seen_p): New decl. (diagnostic_context::print_any_cwe): New decl. (diagnostic_context::print_any_rules): New decl. (diagnostic_context::print_option_information): New decl. (diagnostic_context::show_any_path): New decl. (diagnostic_context::error_recursion): New decl. (diagnostic_context::diagnostic_enabled): New decl. (diagnostic_context::get_any_inlining_info): New decl. (diagnostic_context::update_effective_level_from_pragmas): New decl. (diagnostic_context::m_file_cache): Make private. (diagnostic_context::diagnostic_count): Rename to... (diagnostic_context::m_diagnostic_count): ...this and make private. (diagnostic_context::warning_as_error_requested): Rename to... (diagnostic_context::m_warning_as_error_requested): ...this and make private. (diagnostic_context::n_opts): Rename to... (diagnostic_context::m_n_opts): ...this and make private. (diagnostic_context::classify_diagnostic): Rename to... (diagnostic_context::m_classify_diagnostic): ...this and make private. (diagnostic_context::classification_history): Rename to... (diagnostic_context::m_classification_history): ...this and make private. (diagnostic_context::n_classification_history): Rename to... (diagnostic_context::m_n_classification_history): ...this and make private. (diagnostic_context::push_list): Rename to... (diagnostic_context::m_push_list): ...this and make private. (diagnostic_context::n_push): Rename to... (diagnostic_context::m_n_push): ...this and make private. (diagnostic_context::show_cwe): Rename to... (diagnostic_context::m_show_cwe): ...this and make private. (diagnostic_context::show_rules): Rename to... (diagnostic_context::m_show_rules): ...this and make private. (diagnostic_context::path_format): Rename to... (diagnostic_context::m_path_format): ...this and make private. (diagnostic_context::show_path_depths): Rename to... (diagnostic_context::m_show_path_depths): ...this and make private. (diagnostic_context::show_option_requested): Rename to... (diagnostic_context::m_show_option_requested): ...this and make private. (diagnostic_context::abort_on_error): Rename to... (diagnostic_context::m_abort_on_error): ...this. (diagnostic_context::show_column): Rename to... (diagnostic_context::m_show_column): ...this. (diagnostic_context::pedantic_errors): Rename to... (diagnostic_context::m_pedantic_errors): ...this. (diagnostic_context::permissive): Rename to... (diagnostic_context::m_permissive): ...this. (diagnostic_context::opt_permissive): Rename to... (diagnostic_context::m_opt_permissive): ...this. (diagnostic_context::fatal_errors): Rename to... (diagnostic_context::m_fatal_errors): ...this. (diagnostic_context::dc_inhibit_warnings): Rename to... (diagnostic_context::m_inhibit_warnings): ...this. (diagnostic_context::dc_warn_system_headers): Rename to... (diagnostic_context::m_warn_system_headers): ...this. (diagnostic_context::max_errors): Rename to... (diagnostic_context::m_max_errors): ...this and make private. (diagnostic_context::internal_error): Rename to... (diagnostic_context::m_internal_error): ...this. (diagnostic_context::option_enabled): Rename to... (diagnostic_context::m_option_enabled): ...this. (diagnostic_context::option_state): Rename to... (diagnostic_context::m_option_state): ...this. (diagnostic_context::option_name): Rename to... (diagnostic_context::m_option_name): ...this. (diagnostic_context::get_option_url): Rename to... (diagnostic_context::m_get_option_url): ...this. (diagnostic_context::print_path): Rename to... (diagnostic_context::m_print_path): ...this. (diagnostic_context::make_json_for_path): Rename to... (diagnostic_context::m_make_json_for_path): ...this. (diagnostic_context::x_data): Rename to... (diagnostic_context::m_client_aux_data): ...this. (diagnostic_context::last_location): Rename to... (diagnostic_context::m_last_location): ...this. (diagnostic_context::last_module): Rename to... (diagnostic_context::m_last_module): ...this and make private. (diagnostic_context::lock): Rename to... (diagnostic_context::m_lock): ...this and make private. (diagnostic_context::lang_mask): Rename to... (diagnostic_context::m_lang_mask): ...this. (diagnostic_context::inhibit_notes_p): Rename to... (diagnostic_context::m_inhibit_notes_p): ...this. (diagnostic_context::report_bug): Rename to... (diagnostic_context::m_report_bug): ...this and make private. (diagnostic_context::extra_output_kind): Rename to... (diagnostic_context::m_extra_output_kind): ...this and make private. (diagnostic_context::column_unit): Rename to... (diagnostic_context::m_column_unit): ...this and make private. (diagnostic_context::column_origin): Rename to... (diagnostic_context::m_column_origin): ...this and make private. (diagnostic_context::tabstop): Rename to... (diagnostic_context::m_tabstop): ...this and make private. (diagnostic_context::escape_format): Rename to... (diagnostic_context::m_escape_format): ...this and make private. (diagnostic_context::edit_context_ptr): Rename to... (diagnostic_context::m_edit_context_ptr): ...this and make private. (diagnostic_context::set_locations_cb): Rename to... (diagnostic_context::m_set_locations_cb): ...this and make private. (diagnostic_context::ice_handler_cb): Rename to... (diagnostic_context::m_ice_handler_cb): ...this and make private. (diagnostic_context::includes_seen): Rename to... (diagnostic_context::m_includes_seen): ...this and make private. (diagnostic_inhibit_notes): Update for field renaming. (diagnostic_context_auxiliary_data): Likewise. (diagnostic_abort_on_error): Convert from macro to inline function and update for field renaming. (diagnostic_kind_count): Convert from macro to inline function and use diagnostic_count accessor. (diagnostic_report_warnings_p): Update for field renaming. (diagnostic_initialize): Convert decl to inline function calling into diagnostic_context. (diagnostic_color_init): Likewise. (diagnostic_urls_init): Likewise. (diagnostic_urls_init): Likewise. (diagnostic_finish): Likewise. (diagnostic_report_current_module): Likewise. (diagnostic_show_any_path): Delete decl. (diagnostic_initialize_input_context): Convert decl to inline function calling into diagnostic_context. (diagnostic_classify_diagnostic): Likewise. (diagnostic_push_diagnostics): Likewise. (diagnostic_pop_diagnostics): Likewise. (diagnostic_report_diagnostic): Likewise. (diagnostic_action_after_output): Likewise. (diagnostic_check_max_errors): Likewise. (diagnostic_file_cache_fini): Delete decl. (diagnostic_converted_column): Delete decl. (warning_enabled_at): Convert decl to inline function calling into diagnostic_context. (option_unspecified_p): New. (diagnostic_emit_diagram): Delete decl. * gcc.cc: Remove include of "diagnostic-text-art.h". Update for changes to diagnostic_context. * input.cc (diagnostic_file_cache_init): Move implementation to... (diagnostic_context::file_cache_init): ...this new member function. (diagnostic_file_cache_fini): Delete. (diagnostics_file_cache_forcibly_evict_file): Update for m_file_cache becoming private. (location_get_source_line): Likewise. (get_source_file_content): Likewise. (location_missing_trailing_newline): Likewise. * input.h (diagnostics_file_cache_fini): Delete. * langhooks.cc: Update for changes to diagnostic_context. * lto-wrapper.cc: Likewise. * opts.cc: Remove include of "diagnostic-text-art.h". Update for changes to diagnostic_context. * selftest-diagnostic.cc: Update for changes to diagnostic_context. * toplev.cc: Likewise. * tree-diagnostic-path.cc: Likewise. * tree-diagnostic.cc: Likewise. gcc/ada/ChangeLog: * gcc-interface/misc.cc: Update for changes to diagnostic_context. gcc/analyzer/ChangeLog: * bounds-checking.cc: Update for changes to diagnostic_context. gcc/c-family/ChangeLog: * c-common.cc: Update for changes to diagnostic_context. * c-indentation.cc: Likewise. * c-opts.cc: Likewise. * c-warn.cc: Likewise. gcc/cp/ChangeLog: * call.cc: Update for changes to diagnostic_context. * class.cc: Likewise. * decl.cc: Likewise. * error.cc: Likewise. * except.cc: Likewise. * pt.cc: Likewise. gcc/fortran/ChangeLog: * cpp.cc: Update for changes to diagnostic_context. * error.cc: Likewise. * options.cc: Likewise. gcc/jit/ChangeLog: * jit-playback.cc: Update for changes to diagnostic_context. * jit-playback.h: Likewise. gcc/testsuite/ChangeLog: * gcc.dg/plugin/diagnostic_group_plugin.c: Update for changes to diagnostic_context. * gcc.dg/plugin/diagnostic_plugin_test_text_art.c: Likewise. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-11-03Daily bump.GCC Administrator1-0/+14
2023-11-02analyzer: fix clang warnings [PR112317]David Malcolm3-23/+9
No functional change intended. gcc/analyzer/ChangeLog: PR analyzer/112317 * access-diagram.cc (class x_aligned_x_ruler_widget): Eliminate unused field "m_col_widths". (access_diagram_impl::add_valid_vs_invalid_ruler): Update for above change. * region-model.cc (check_one_function_attr_null_terminated_string_arg): Remove unused variables "cd_unchecked", "strlen_sval", and "limited_sval". * region-model.h (region_model_context_decorator::warn): Add missing "override". Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-11-01Daily bump.GCC Administrator1-0/+7
2023-10-31analyzer: move class record_layout to its own .h/.ccDavid Malcolm3-131/+217
No functional change intended. gcc/ChangeLog: * Makefile.in (ANALYZER_OBJS): Add analyzer/record-layout.o. gcc/analyzer/ChangeLog: * record-layout.cc: New file, based on material in region-model.cc. * record-layout.h: Likewise. * region-model.cc: Include "analyzer/record-layout.h". (class record_layout): Move to record-layout.cc and .h Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-10-27Daily bump.GCC Administrator1-0/+28
2023-10-26Add attribute((null_terminated_string_arg(PARAM_IDX)))David Malcolm2-28/+179
This patch adds a new function attribute to GCC for marking that an argument is expected to be a null-terminated string. For example, consider: void test_a (const char *p) __attribute__((null_terminated_string_arg (1))); which would indicate to humans and compilers that argument 1 of "test_a" is expected to be a null-terminated string, with the idea: - we should complain if it's not valid to read from *p up to the first '\0' character in the buffer - we should complain if *p is not terminated, or if it's uninitialized before the first '\0' character This is independent of the nonnull-ness of the pointer: if you also want to express that the argument must be non-null, we already have __attribute__((nonnull (N))), so the user can write e.g.: void test_b (const char *p) __attribute__((null_terminated_string_arg (1)) __attribute__((nonnull (1))); which can also be spelled as: void test_b (const char *p) __attribute__((null_terminated_string_arg (1), nonnull (1))); For a function similar to strncpy, we can use the "access" attribute to express a maximum size of the read: void test_c (const char *p, size_t sz) __attribute__((null_terminated_string_arg (1), nonnull (1), access (read_only, 1, 2))); The patch implements: (a) C/C++ frontends: recognition of this attribute (b) analyzer: usage of this attribute gcc/analyzer/ChangeLog: * region-model.cc (region_model::check_external_function_for_access_attr): Split out, replacing with... (region_model::check_function_attr_access): ...this new function and... (region_model::check_function_attrs): ...this new function. (region_model::check_one_function_attr_null_terminated_string_arg): New. (region_model::check_function_attr_null_terminated_string_arg): New. (region_model::handle_unrecognized_call): Update for renaming of check_external_function_for_access_attr to check_function_attrs. (region_model::check_for_null_terminated_string_arg): Add return value to one overload. Make both overloads const. * region-model.h: Include "stringpool.h" and "attribs.h". (region_model::check_for_null_terminated_string_arg): Add return value to one overload. Make both overloads const. (region_model::check_external_function_for_access_attr): Delete decl. (region_model::check_function_attr_access): New decl. (region_model::check_function_attr_null_terminated_string_arg): New decl. (region_model::check_one_function_attr_null_terminated_string_arg): New decl. (region_model::check_function_attrs): New decl. gcc/c-family/ChangeLog: * c-attribs.cc (c_common_attribute_table): Add "null_terminated_string_arg". (handle_null_terminated_string_arg_attribute): New. gcc/ChangeLog: * doc/extend.texi (Common Function Attributes): Add null_terminated_string_arg. gcc/testsuite/ChangeLog: * c-c++-common/analyzer/attr-null_terminated_string_arg-access-read_write.c: New test. * c-c++-common/analyzer/attr-null_terminated_string_arg-access-without-size.c: New test. * c-c++-common/analyzer/attr-null_terminated_string_arg-multiple.c: New test. * c-c++-common/analyzer/attr-null_terminated_string_arg-nonnull-2.c: New test. * c-c++-common/analyzer/attr-null_terminated_string_arg-nonnull-sized.c: New test. * c-c++-common/analyzer/attr-null_terminated_string_arg-nonnull.c: New test. * c-c++-common/analyzer/attr-null_terminated_string_arg-nullable-sized.c: New test. * c-c++-common/analyzer/attr-null_terminated_string_arg-nullable.c: New test. * c-c++-common/attr-null_terminated_string_arg.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-10-10Daily bump.GCC Administrator1-0/+5
2023-10-09analyzer: fix build with gcc < 6David Malcolm1-1/+2
gcc/analyzer/ChangeLog: * access-diagram.cc (boundaries::add): Explicitly state "boundaries::" scope for "kind" enum. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-10-09Daily bump.GCC Administrator1-0/+52
2023-10-08analyzer: improvements to out-of-bounds diagrams [PR111155]David Malcolm1-89/+341
Update out-of-bounds diagrams to show existing string values, and the initial write index within a string buffer. For example, given the out-of-bounds write in strcat in: void test (void) { char buf[10]; strcpy (buf, "hello"); strcat (buf, " world!"); } the diagram improves from: ┌─────┬─────┬────┬────┬────┐┌─────┬─────┬─────┐ │ [0] │ [1] │[2] │[3] │[4] ││ [5] │ [6] │ [7] │ ├─────┼─────┼────┼────┼────┤├─────┼─────┼─────┤ │ ' ' │ 'w' │'o' │'r' │'l' ││ 'd' │ '!' │ NUL │ ├─────┴─────┴────┴────┴────┴┴─────┴─────┴─────┤ │ string literal (type: 'char[8]') │ └─────────────────────────────────────────────┘ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ v v v v v v v v ┌─────┬────────────────────────────────────────┬────┐┌─────────────────┐ │ [0] │ ... │[9] ││ │ ├─────┴────────────────────────────────────────┴────┤│after valid range│ │ 'buf' (type: 'char[10]') ││ │ └───────────────────────────────────────────────────┘└─────────────────┘ ├─────────────────────────┬─────────────────────────┤├────────┬────────┤ │ │ ╭─────────┴────────╮ ╭─────────┴─────────╮ │capacity: 10 bytes│ │overflow of 3 bytes│ ╰──────────────────╯ ╰───────────────────╯ to: ┌────┬────┬────┬────┬────┐┌─────┬─────┬─────┐ │[0] │[1] │[2] │[3] │[4] ││ [5] │ [6] │ [7] │ ├────┼────┼────┼────┼────┤├─────┼─────┼─────┤ │' ' │'w' │'o' │'r' │'l' ││ 'd' │ '!' │ NUL │ ├────┴────┴────┴────┴────┴┴─────┴─────┴─────┤ │ string literal (type: 'char[8]') │ └───────────────────────────────────────────┘ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ v v v v v v v v ┌─────┬────────────────────┬────┬──────────────┬────┐┌─────────────────┐ │ [0] │ ... │[5] │ ... │[9] ││ │ ├─────┼────┬────┬────┬────┬┼────┼──────────────┴────┘│ │ │ 'h' │'e' │'l' │'l' │'o' ││NUL │ │after valid range│ ├─────┴────┴────┴────┴────┴┴────┴───────────────────┐│ │ │ 'buf' (type: 'char[10]') ││ │ └───────────────────────────────────────────────────┘└─────────────────┘ ├─────────────────────────┬─────────────────────────┤├────────┬────────┤ │ │ ╭─────────┴────────╮ ╭─────────┴─────────╮ │capacity: 10 bytes│ │overflow of 3 bytes│ ╰──────────────────╯ ╰───────────────────╯ gcc/analyzer/ChangeLog: PR analyzer/111155 * access-diagram.cc (boundaries::boundaries): Add logger param (boundaries::add): Add logging. (boundaries::get_hard_boundaries_in_range): New. (boundaries::m_logger): New field. (boundaries::get_table_x_for_offset): Make public. (class svalue_spatial_item): New. (class compound_svalue_spatial_item): New. (add_ellipsis_to_gaps): New. (valid_region_spatial_item::valid_region_spatial_item): Add theme param. Initialize m_boundaries, m_existing_sval, and m_existing_sval_spatial_item. (valid_region_spatial_item::add_boundaries): Set m_boundaries. Add boundaries for any m_existing_sval_spatial_item. (valid_region_spatial_item::add_array_elements_to_table): Rewrite creation of min/max index in terms of maybe_add_array_index_to_table. Rewrite ellipsis code using add_ellipsis_to_gaps. Add index values for any hard boundaries within the valid region. (valid_region_spatial_item::maybe_add_array_index_to_table): New, based on code formerly in add_array_elements_to_table. (valid_region_spatial_item::make_table): Make use of m_existing_sval_spatial_item, if any. (valid_region_spatial_item::m_boundaries): New field. (valid_region_spatial_item::m_existing_sval): New field. (valid_region_spatial_item::m_existing_sval_spatial_item): New field. (class svalue_spatial_item): Rename to... (class written_svalue_spatial_item): ...this. (class string_region_spatial_item): Rename to.. (class string_literal_spatial_item): ...this. Add "kind". (string_literal_spatial_item::add_boundaries): Use m_kind to determine kind of boundary. Update for renaming of m_actual_bits to m_bits. (string_literal_spatial_item::make_table): Likewise. Support not displaying a row for byte indexes, and not displaying a row for the type. (string_literal_spatial_item::add_column_for_byte): Make byte index row optional. (svalue_spatial_item::make): Convert to... (make_written_svalue_spatial_item): ...this. (make_existing_svalue_spatial_item): New. (access_diagram_impl::access_diagram_impl): Pass theme to m_valid_region_spatial_item ctor. Update for renaming of m_svalue_spatial_item. (access_diagram_impl::find_boundaries): Pass logger to boundaries. Update for renaming of... (access_diagram_impl::m_svalue_spatial_item): Rename to... (access_diagram_impl::m_written_svalue_spatial_item): ...this. gcc/testsuite/ChangeLog: PR analyzer/111155 * c-c++-common/analyzer/out-of-bounds-diagram-strcat-2.c: New test. * c-c++-common/analyzer/out-of-bounds-diagram-strcat.c: New test. * gcc.dg/analyzer/out-of-bounds-diagram-17.c: Update expected result to show the existing content of "buf" and the index at which the write starts. * gcc.dg/analyzer/out-of-bounds-diagram-18.c: Likewise. * gcc.dg/analyzer/out-of-bounds-diagram-19.c: Likewise. * gcc.dg/analyzer/out-of-bounds-diagram-6.c: Update expected output. gcc/ChangeLog: PR analyzer/111155 * text-art/table.cc (table::maybe_set_cell_span): New. (table::add_other_table): New. * text-art/table.h (class table::cell_placement): Add class table as a friend. (table::add_rows): New. (table::add_row): Reimplement in terms of add_rows. (table::maybe_set_cell_span): New decl. (table::add_other_table): New decl. * text-art/types.h (operator+): New operator for rect + coord. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-10-04Daily bump.GCC Administrator1-0/+9
2023-10-03diagnostics: add ctors to text_info; add m_ prefixes to fieldsDavid Malcolm3-23/+4
No functional change intended. gcc/ada/ChangeLog: * gcc-interface/misc.cc: Use text_info ctor. gcc/analyzer/ChangeLog: * analyzer-logging.cc (logger::log_va_partial): Use text_info ctor. * analyzer.cc (make_label_text): Likewise. (make_label_text_n): Likewise. * pending-diagnostic.cc (evdesc::event_desc::formatted_print): Likewise. gcc/c/ChangeLog: * c-objc-common.cc (c_tree_printer): Update for "m_" prefixes to text_info fields. gcc/cp/ChangeLog: * error.cc: Update for "m_" prefixes to text_info fields. gcc/d/ChangeLog: * d-diagnostic.cc (d_diagnostic_report_diagnostic): Use text_info ctor. gcc/ChangeLog: * diagnostic.cc (diagnostic_set_info_translated): Update for "m_" prefixes to text_info fields. (diagnostic_report_diagnostic): Likewise. (verbatim): Use text_info ctor. (simple_diagnostic_path::add_event): Likewise. (simple_diagnostic_path::add_thread_event): Likewise. * dumpfile.cc (dump_pretty_printer::decode_format): Update for "m_" prefixes to text_info fields. (dump_context::dump_printf_va): Use text_info ctor. * graphviz.cc (graphviz_out::graphviz_out): Use text_info ctor. (graphviz_out::print): Likewise. * opt-problem.cc (opt_problem::opt_problem): Likewise. * pretty-print.cc (pp_format): Update for "m_" prefixes to text_info fields. (pp_printf): Use text_info ctor. (pp_verbatim): Likewise. (assert_pp_format_va): Likewise. * pretty-print.h (struct text_info): Add ctors. Add "m_" prefix to all fields. * text-art/styled-string.cc (styled_string::from_fmt_va): Use text_info ctor. * tree-diagnostic.cc (default_tree_printer): Update for "m_" prefixes to text_info fields. * tree-pretty-print.h (pp_ti_abstract_origin): Likewise. gcc/fortran/ChangeLog: * error.cc (gfc_format_decoder): Update for "m_" prefixes to text_info fields. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-10-03Daily bump.GCC Administrator1-0/+5
2023-10-02diagnostics: group together source printing fields of diagnostic_contextDavid Malcolm1-2/+2
struct diagnostic_context has > 60 fields. Try to tame some of the complexity by grouping together the 8 source-printing fields into a struct, the "m_source_printing" field. No functional change intended. gcc/ada/ChangeLog: * gcc-interface/misc.cc (gnat_post_options): Update for renaming of diagnostic_context's show_caret to m_source_printing.enabled. gcc/analyzer/ChangeLog: * program-point.cc: Update for grouping of source printing fields within diagnostic_context. gcc/c-family/ChangeLog: * c-common.cc (maybe_add_include_fixit): Update for renaming of diagnostic_context's show_caret to m_source_printing.enabled. * c-opts.cc (c_common_init_options): Update for renaming of diagnostic_context's colorize_source_p to m_source_printing.colorize_source_p. gcc/ChangeLog: * diagnostic-show-locus.cc: Update for reorganization of source-printing fields of diagnostic_context. * diagnostic.cc (diagnostic_set_caret_max_width): Likewise. (diagnostic_initialize): Likewise. * diagnostic.h (diagnostic_context::show_caret): Move to... (diagnostic_context::m_source_printing::enabled): ...here. (diagnostic_context::caret_max_width): Move to... (diagnostic_context::m_source_printing::max_width): ...here. (diagnostic_context::caret_chars): Move to... (diagnostic_context::m_source_printing::caret_chars): ...here. (diagnostic_context::colorize_source_p): Move to... (diagnostic_context::m_source_printing::colorize_source_p): ...here. (diagnostic_context::show_labels_p): Move to... (diagnostic_context::m_source_printing::show_labels_p): ...here. (diagnostic_context::show_line_numbers_p): Move to... (diagnostic_context::m_source_printing::show_line_numbers_p): ...here. (diagnostic_context::min_margin_width): Move to... (diagnostic_context::m_source_printing::min_margin_width): ...here. (diagnostic_context::show_ruler_p): Move to... (diagnostic_context::m_source_printing::show_ruler_p): ...here. (diagnostic_same_line): Update for above changes. * opts.cc (common_handle_option): Update for reorganization of source-printing fields of diagnostic_context. * selftest-diagnostic.cc (test_diagnostic_context::test_diagnostic_context): Likewise. * toplev.cc (general_init): Likewise. * tree-diagnostic-path.cc (struct event_range): Likewise. gcc/fortran/ChangeLog: * error.cc (gfc_diagnostic_starter): Update for reorganization of source-printing fields of diagnostic_context. (gfc_diagnostics_init): Likewise. (gfc_diagnostics_finish): Likewise. gcc/testsuite/ChangeLog: * gcc.dg/plugin/diagnostic_plugin_show_trees.c: Update for reorganization of source-printing fields of diagnostic_context. * gcc.dg/plugin/diagnostic_plugin_test_inlining.c: Likewise. * gcc.dg/plugin/diagnostic_plugin_test_paths.c: Likewise. * gcc.dg/plugin/diagnostic_plugin_test_show_locus.c: Likewise. * gcc.dg/plugin/diagnostic_plugin_test_string_literals.c: Likewise. * gcc.dg/plugin/diagnostic_plugin_test_tree_expression_range.c: Likewise. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-09-16Daily bump.GCC Administrator1-0/+44
2023-09-15analyzer: support diagnostics that don't have a stmtDavid Malcolm3-14/+42
gcc/analyzer/ChangeLog: * analyzer.cc (get_stmt_location): Handle null stmt. * diagnostic-manager.cc (saved_diagnostic::saved_diagnostic): Copy m_loc from ploc. (saved_diagnostic::operator==): Compare m_loc. (saved_diagnostic::calc_best_epath): Only use m_stmt_finder if m_loc is unknown. (dedupe_key::dedupe_key): Initialize m_loc. (dedupe_key::operator==): Compare m_loc. (dedupe_key::get_location): Use m_loc if it's known. (dedupe_key::m_loc): New field. (diagnostic_manager::emit_saved_diagnostic): Only call get_emission_location if m_loc is unknown, preferring to use m_loc if it's available. * diagnostic-manager.h (saved_diagnostic::m_loc): New field. (pending_location::pending_location): Initialize m_loc. Add overload taking a location_t rather than a stmt/stmt_finder. (pending_location::m_loc): New field. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-09-15analyzer: introduce pending_locationDavid Malcolm5-44/+71
No functional change intended. gcc/analyzer/ChangeLog: * analyzer.h (struct pending_location): New forward decl. * diagnostic-manager.cc (saved_diagnostic::saved_diagnostic): Replace params "enode", "snode", "stmt", and "stmt_finder" with "ploc". (diagnostic_manager::add_diagnostic): Likewise for both overloads. * diagnostic-manager.h (saved_diagnostic::saved_diagnostic): Likewise. (struct pending_location): New. (diagnostic_manager::add_diagnostic): Replace params "enode", "snode", "stmt", and "stmt_finder" with "ploc". * engine.cc (impl_region_model_context::warn): Update call to add_diagnostic for above change. (impl_sm_context::warn): Likewise. (impl_region_model_context::on_state_leak): Likewise. * infinite-recursion.cc (exploded_graph::detect_infinite_recursion): Likewise. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-09-15analyzer: handle volatile opsDavid Malcolm1-0/+11
gcc/analyzer/ChangeLog: * region-model.cc (region_model::get_gassign_result): Handle volatile ops by using a conjured_svalue. gcc/testsuite/ChangeLog: * c-c++-common/analyzer/volatile-1.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-09-15Daily bump.GCC Administrator1-0/+33
2023-09-14diagnostics: support multithreaded diagnostic pathsDavid Malcolm2-1/+20
This patch extends the existing diagnostic_path class so that as well as list of events, there is a list of named threads, with each event being associated with one of the threads. No GCC diagnostics take advantage of this, but GCC plugins may find a use for this; an example is provided in the testsuite. Given that there is still a single list of events within a diagnostic_path, the events in a diagnostic_path have a specific global ordering even if they are in multiple threads. Within the SARIF serialization, the patch adds the "executionOrder" property to threadFlowLocation objects (SARIF v2.1.0 3.38.11). This is 1-based in order to match the human-readable numbering of events shown in messages emitted by pretty-printer.cc's "%@". With -fdiagnostics-path-format=separate-events, the threads are not shown. With -fdiagnostics-path-format=inline-events, the threads and the per-thread stack activity are tracked and visalized separately. An example can be seen in the testsuite. gcc/analyzer/ChangeLog: * checker-event.h (checker_event::get_thread_id): New. * checker-path.h (class checker_path): Implement thread-related vfuncs via a single simple_diagnostic_thread instance named "main". gcc/ChangeLog: * diagnostic-event-id.h (diagnostic_thread_id_t): New typedef. * diagnostic-format-sarif.cc (class sarif_thread_flow): New. (sarif_thread_flow::sarif_thread_flow): New. (sarif_builder::make_code_flow_object): Reimplement, creating per-thread threadFlow objects, populating them with the relevant events. (sarif_builder::make_thread_flow_object): Delete, moving the code into sarif_builder::make_code_flow_object. (sarif_builder::make_thread_flow_location_object): Add "path_event_idx" param. Use it to set "executionOrder" property. * diagnostic-path.h (diagnostic_event::get_thread_id): New pure-virtual vfunc. (class diagnostic_thread): New. (diagnostic_path::num_threads): New pure-virtual vfunc. (diagnostic_path::get_thread): New pure-virtual vfunc. (diagnostic_path::multithreaded_p): New decl. (simple_diagnostic_event::simple_diagnostic_event): Add optional thread_id param. (simple_diagnostic_event::get_thread_id): New accessor. (simple_diagnostic_event::m_thread_id): New. (class simple_diagnostic_thread): New. (simple_diagnostic_path::simple_diagnostic_path): Move definition to diagnostic.cc. (simple_diagnostic_path::num_threads): New. (simple_diagnostic_path::get_thread): New. (simple_diagnostic_path::add_thread): New. (simple_diagnostic_path::add_thread_event): New. (simple_diagnostic_path::m_threads): New. * diagnostic-show-locus.cc (layout::layout): Add pretty_printer param for overriding the context's printer. (diagnostic_show_locus): Likwise. * diagnostic.cc (simple_diagnostic_path::simple_diagnostic_path): Move here from diagnostic-path.h. Add main thread. (simple_diagnostic_path::num_threads): New. (simple_diagnostic_path::get_thread): New. (simple_diagnostic_path::add_thread): New. (simple_diagnostic_path::add_thread_event): New. (simple_diagnostic_event::simple_diagnostic_event): Add thread_id param and use it to initialize m_thread_id. Reformat. * diagnostic.h: Add pretty_printer param for overriding the context's printer. * tree-diagnostic-path.cc: Add #define INCLUDE_VECTOR. (can_consolidate_events): Compare thread ids. (class per_thread_summary): New. (event_range::event_range): Add per_thread_summary arg. (event_range::print): Add "pp" param and use it rather than dc's printer. (event_range::m_thread_id): New field. (event_range::m_per_thread_summary): New field. (path_summary::multithreaded_p): New. (path_summary::get_events_for_thread_id): New. (path_summary::m_per_thread_summary): New field. (path_summary::m_thread_id_to_events): New field. (path_summary::get_or_create_events_for_thread_id): New. (path_summary::path_summary): Create per_thread_summary instances as needed and associate the event_range instances with them. (base_indent): Move here from print_path_summary_as_text. (per_frame_indent): Likewise. (class thread_event_printer): New, adapted from parts of print_path_summary_as_text. (print_path_summary_as_text): Make static. Reimplement to moving most of existing code to class thread_event_printer, capturing state as per-thread as appropriate. (default_tree_diagnostic_path_printer): Add missing 'break' on final case. gcc/testsuite/ChangeLog: * gcc.dg/plugin/diagnostic-test-paths-multithreaded-inline-events.c: New test. * gcc.dg/plugin/diagnostic-test-paths-multithreaded-sarif.c: New test. * gcc.dg/plugin/diagnostic-test-paths-multithreaded-separate-events.c: New test. * gcc.dg/plugin/diagnostic_plugin_test_paths.c: Add support for generating multithreaded paths. * gcc.dg/plugin/plugin.exp: Add the new tests. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-09-14analyzer: fix missing return in compatible_epath_pDavid Malcolm1-0/+8
gcc/analyzer/ChangeLog: * diagnostic-manager.cc (compatible_epath_p): Fix missing return. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-09-14analyzer: use unique_ptr for rejected_constraintDavid Malcolm7-45/+45
gcc/analyzer/ChangeLog: * diagnostic-manager.cc (process_worklist_item): Use std::unique_ptr rather than plain rejected_constraint *. * engine.cc (exploded_path::feasible_p): Likewise. (feasibility_state::maybe_update_for_edge): Likewise. * exploded-graph.h (feasibility_problem::feasibility_problem): Likewise. (feasibility_problem::~feasibility_problem): Delete. (feasibility_problem::m_rc): Use std::unique_ptr. (feasibility_state::maybe_update_for_edge): Likewise. * feasible-graph.cc (feasible_graph::add_feasibility_problem): Likewise. * feasible-graph.h (class infeasible_node): Likewise. (feasible_graph::add_feasibility_problem): Likewise. * region-model.cc (region_model::add_constraint): Likewise. (region_model::maybe_update_for_edge): Likewise. (region_model::apply_constraints_for_gcond): Likewise. (region_model::apply_constraints_for_gswitch): Likewise. (region_model::apply_constraints_for_exception): Likewise. * region-model.h (class region_model): Likewise for decls. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-09-10Daily bump.GCC Administrator1-0/+7
2023-09-09analyzer: Move gcc.dg/analyzer tests to c-c++-common (2) [PR96395]benjamin priour1-0/+4
Second batch of moving tests from under gcc.dg/analyzer into c-c++-common/analyzer. Prior to this patch the analyzer was not unwrapping ordering binop_svalue, such as LT_EXPR, when evaluating conditions. Therefore when an ordering conditional was stored, the analyzer was missing out on some constraints, which led to false positives. gcc/analyzer/ChangeLog: PR analyzer/96395 * region-model.cc (region_model::add_constraints_from_binop): binop_svalues around LT_EXPR, LE_EXPR, GT_EXPR, GE_EXPR are now unwrapped. gcc/testsuite/ChangeLog: PR analyzer/96395 * gcc.dg/analyzer/allocation-size-1.c: Moved to... * c-c++-common/analyzer/allocation-size-1.c: ...here. * gcc.dg/analyzer/allocation-size-2.c: Moved to... * c-c++-common/analyzer/allocation-size-2.c: ...here. * gcc.dg/analyzer/allocation-size-3.c: Moved to... * c-c++-common/analyzer/allocation-size-3.c: ...here. * gcc.dg/analyzer/allocation-size-4.c: Moved to... * c-c++-common/analyzer/allocation-size-4.c: ...here. * gcc.dg/analyzer/analyzer-verbosity-0.c: Moved to... * c-c++-common/analyzer/analyzer-verbosity-0.c: ...here. * gcc.dg/analyzer/analyzer-verbosity-1.c: Moved to... * c-c++-common/analyzer/analyzer-verbosity-1.c: ...here. * gcc.dg/analyzer/analyzer-verbosity-2.c: Moved to... * c-c++-common/analyzer/analyzer-verbosity-2.c: ...here. * gcc.dg/analyzer/analyzer-verbosity-3.c: Moved to... * c-c++-common/analyzer/analyzer-verbosity-3.c: ...here. * gcc.dg/analyzer/attr-alloc_size-1.c: Moved to... * c-c++-common/analyzer/attr-alloc_size-1.c: ...here. * gcc.dg/analyzer/attr-alloc_size-2.c: Moved to... * c-c++-common/analyzer/attr-alloc_size-2.c: ...here. * gcc.dg/analyzer/call-summaries-malloc.c: Moved to... * c-c++-common/analyzer/call-summaries-malloc.c: ...here. * gcc.dg/analyzer/call-summaries-pr107158-2.c: Moved to... * c-c++-common/analyzer/call-summaries-pr107158-2.c: ...here. * gcc.dg/analyzer/capacity-1.c: Moved to... * c-c++-common/analyzer/capacity-1.c: ...here. * gcc.dg/analyzer/dot-output.c: Moved to... * c-c++-common/analyzer/dot-output.c: ...here. * gcc.dg/analyzer/escaping-1.c: Moved to... * c-c++-common/analyzer/escaping-1.c: ...here. * gcc.dg/analyzer/expect-1.c: Moved to... * c-c++-common/analyzer/expect-1.c: ...here. * gcc.dg/analyzer/fgets-1.c: Moved to... * c-c++-common/analyzer/fgets-1.c: ...here. * gcc.dg/analyzer/file-uninit-1.c: Moved to... * c-c++-common/analyzer/file-uninit-1.c: ...here. * gcc.dg/analyzer/fileno-1.c: Moved to... * c-c++-common/analyzer/fileno-1.c: ...here. * gcc.dg/analyzer/first-field-1.c: Moved to... * c-c++-common/analyzer/first-field-1.c: ...here. * gcc.dg/analyzer/first-field-2.c: Moved to... * c-c++-common/analyzer/first-field-2.c: ...here. * gcc.dg/analyzer/flex-with-call-summaries.c: Moved to... * c-c++-common/analyzer/flex-with-call-summaries.c: ...here. * gcc.dg/analyzer/flex-without-call-summaries.c: Moved to... * c-c++-common/analyzer/flex-without-call-summaries.c: ...here. * gcc.dg/analyzer/flexible-array-member-1.c: Moved to... * c-c++-common/analyzer/flexible-array-member-1.c: ...here. * gcc.dg/analyzer/fold-string-to-char.c: Moved to... * c-c++-common/analyzer/fold-string-to-char.c: ...here. * gcc.dg/analyzer/fread-1.c: Moved to... * c-c++-common/analyzer/fread-1.c: ...here. * gcc.dg/analyzer/fread-2.c: Moved to... * c-c++-common/analyzer/fread-2.c: ...here. * gcc.dg/analyzer/fread-pr108661.c: Moved to... * c-c++-common/analyzer/fread-pr108661.c: ...here. * gcc.dg/analyzer/function-ptr-1.c: Moved to... * c-c++-common/analyzer/function-ptr-1.c: ...here. * gcc.dg/analyzer/function-ptr-2.c: Moved to... * c-c++-common/analyzer/function-ptr-2.c: ...here. * gcc.dg/analyzer/function-ptr-3.c: Moved to... * c-c++-common/analyzer/function-ptr-3.c: ...here. * gcc.dg/analyzer/function-ptr-4.c: Moved to... * c-c++-common/analyzer/function-ptr-4.c: ...here. * gcc.dg/analyzer/getc-1.c: Moved to... * c-c++-common/analyzer/getc-1.c: ...here. * gcc.dg/analyzer/getchar-1.c: Moved to... * c-c++-common/analyzer/getchar-1.c: ...here. * gcc.dg/analyzer/gzio-2.c: Moved to... * c-c++-common/analyzer/gzio-2.c: ...here. * gcc.dg/analyzer/gzio-3.c: Moved to... * c-c++-common/analyzer/gzio-3.c: ...here. * gcc.dg/analyzer/gzio-3a.c: Moved to... * c-c++-common/analyzer/gzio-3a.c: ...here. * gcc.dg/analyzer/gzio.c: Moved to... * c-c++-common/analyzer/gzio.c: ...here. * gcc.dg/analyzer/imprecise-floating-point-1.c: Moved to... * c-c++-common/analyzer/imprecise-floating-point-1.c: ...here. * gcc.dg/analyzer/infinite-recursion-2.c: Moved to... * c-c++-common/analyzer/infinite-recursion-2.c: ...here. * gcc.dg/analyzer/infinite-recursion-3.c: Moved to... * c-c++-common/analyzer/infinite-recursion-3.c: ...here. * gcc.dg/analyzer/infinite-recursion-4-limited-buggy.c: Moved to... * c-c++-common/analyzer/infinite-recursion-4-limited-buggy.c: ...here. * gcc.dg/analyzer/infinite-recursion-4-limited.c: Moved to... * c-c++-common/analyzer/infinite-recursion-4-limited.c: ...here. * gcc.dg/analyzer/infinite-recursion-4-unlimited-buggy.c: Moved to... * c-c++-common/analyzer/infinite-recursion-4-unlimited-buggy.c: ...here. * gcc.dg/analyzer/infinite-recursion-4-unlimited.c: Moved to... * c-c++-common/analyzer/infinite-recursion-4-unlimited.c: ...here. * gcc.dg/analyzer/infinite-recursion-5.c: Moved to... * c-c++-common/analyzer/infinite-recursion-5.c: ...here. * gcc.dg/analyzer/infinite-recursion-alloca.c: Moved to... * c-c++-common/analyzer/infinite-recursion-alloca.c: ...here. * gcc.dg/analyzer/infinite-recursion-inlining.c: Moved to... * c-c++-common/analyzer/infinite-recursion-inlining.c: ...here. * gcc.dg/analyzer/infinite-recursion-multiline-1.c: Moved to... * c-c++-common/analyzer/infinite-recursion-multiline-1.c: ...here. * gcc.dg/analyzer/infinite-recursion-multiline-2.c: Moved to... * c-c++-common/analyzer/infinite-recursion-multiline-2.c: ...here. * gcc.dg/analyzer/infinite-recursion-pr108935-1.c: Moved to... * c-c++-common/analyzer/infinite-recursion-pr108935-1.c: ...here. * gcc.dg/analyzer/infinite-recursion-pr108935-1a.c: Moved to... * c-c++-common/analyzer/infinite-recursion-pr108935-1a.c: ...here. * gcc.dg/analyzer/infinite-recursion-pr108935-2.c: Moved to... * c-c++-common/analyzer/infinite-recursion-pr108935-2.c: ...here. * gcc.dg/analyzer/infinite-recursion-variadic.c: Moved to... * c-c++-common/analyzer/infinite-recursion-variadic.c: ...here. * gcc.dg/analyzer/infinite-recursion.c: Moved to... * c-c++-common/analyzer/infinite-recursion.c: ...here. * gcc.dg/analyzer/inlining-1-multiline.c: Moved to... * c-c++-common/analyzer/inlining-1-multiline.c: ...here. * gcc.dg/analyzer/inlining-1-no-undo.c: Moved to... * c-c++-common/analyzer/inlining-1-no-undo.c: ...here. * gcc.dg/analyzer/inlining-2-multiline.c: Moved to... * c-c++-common/analyzer/inlining-2-multiline.c: ...here. * gcc.dg/analyzer/inlining-5-multiline.c: Moved to... * c-c++-common/analyzer/inlining-5-multiline.c: ...here. * gcc.dg/analyzer/inlining-6-multiline.c: Moved to... * c-c++-common/analyzer/inlining-6-multiline.c: ...here. * gcc.dg/analyzer/inlining-6.c: Moved to... * c-c++-common/analyzer/inlining-6.c: ...here. * gcc.dg/analyzer/inlining-7-multiline.c: Moved to... * c-c++-common/analyzer/inlining-7-multiline.c: ...here. * gcc.dg/analyzer/invalid-shift-1.c: Moved to... * c-c++-common/analyzer/invalid-shift-1.c: ...here. * gcc.dg/analyzer/isatty-1.c: Moved to... * c-c++-common/analyzer/isatty-1.c: ...here. * gcc.dg/analyzer/leak-2.c: Moved to... * c-c++-common/analyzer/leak-2.c: ...here. * gcc.dg/analyzer/leak-3.c: Moved to... * c-c++-common/analyzer/leak-3.c: ...here. * gcc.dg/analyzer/leak-4.c: Moved to... * c-c++-common/analyzer/leak-4.c: ...here. * gcc.dg/analyzer/loop-0-up-to-n-by-1-with-iter-obj.c: Moved to... * c-c++-common/analyzer/loop-0-up-to-n-by-1-with-iter-obj.c: ...here. * gcc.dg/analyzer/loop-0-up-to-n-by-1.c: Moved to... * c-c++-common/analyzer/loop-0-up-to-n-by-1.c: ...here. * gcc.dg/analyzer/loop-2.c: Moved to... * c-c++-common/analyzer/loop-2.c: ...here. * gcc.dg/analyzer/loop-2a.c: Moved to... * c-c++-common/analyzer/loop-2a.c: ...here. * gcc.dg/analyzer/loop-3.c: Moved to... * c-c++-common/analyzer/loop-3.c: ...here. * gcc.dg/analyzer/loop-4.c: Moved to... * c-c++-common/analyzer/loop-4.c: ...here. * gcc.dg/analyzer/loop-n-down-to-1-by-1.c: Moved to... * c-c++-common/analyzer/loop-n-down-to-1-by-1.c: ...here. * gcc.dg/analyzer/loop-start-down-to-end-by-1.c: Moved to... * c-c++-common/analyzer/loop-start-down-to-end-by-1.c: ...here. * gcc.dg/analyzer/loop-start-down-to-end-by-step.c: Moved to... * c-c++-common/analyzer/loop-start-down-to-end-by-step.c: ...here. * gcc.dg/analyzer/loop-start-to-end-by-step.c: Moved to... * c-c++-common/analyzer/loop-start-to-end-by-step.c: ...here. * gcc.dg/analyzer/loop-start-up-to-end-by-1.c: Moved to... * c-c++-common/analyzer/loop-start-up-to-end-by-1.c: ...here. * gcc.dg/analyzer/loop.c: Moved to... * c-c++-common/analyzer/loop.c: ...here. * gcc.dg/analyzer/malloc-3.c: Moved to... * c-c++-common/analyzer/malloc-3.c: ...here. * gcc.dg/analyzer/malloc-5.c: Moved to... * c-c++-common/analyzer/malloc-5.c: ...here. * gcc.dg/analyzer/malloc-CWE-401-example.c: Moved to... * c-c++-common/analyzer/malloc-CWE-401-example.c: ...here. * gcc.dg/analyzer/malloc-CWE-415-examples.c: Moved to... * c-c++-common/analyzer/malloc-CWE-415-examples.c: ...here. * gcc.dg/analyzer/malloc-CWE-416-examples.c: Moved to... * c-c++-common/analyzer/malloc-CWE-416-examples.c: ...here. * gcc.dg/analyzer/malloc-CWE-590-examples.c: Moved to... * c-c++-common/analyzer/malloc-CWE-590-examples.c: ...here. * gcc.dg/analyzer/malloc-callbacks.c: Moved to... * c-c++-common/analyzer/malloc-callbacks.c: ...here. * gcc.dg/analyzer/malloc-dce.c: Moved to... * c-c++-common/analyzer/malloc-dce.c: ...here. * gcc.dg/analyzer/malloc-dedupe-1.c: Moved to... * c-c++-common/analyzer/malloc-dedupe-1.c: ...here. * gcc.dg/analyzer/malloc-in-loop.c: Moved to... * c-c++-common/analyzer/malloc-in-loop.c: ...here. * gcc.dg/analyzer/malloc-ipa-1.c: Moved to... * c-c++-common/analyzer/malloc-ipa-1.c: ...here. * gcc.dg/analyzer/malloc-ipa-11.c: Moved to... * c-c++-common/analyzer/malloc-ipa-11.c: ...here. * gcc.dg/analyzer/malloc-ipa-2.c: Moved to... * c-c++-common/analyzer/malloc-ipa-2.c: ...here. * gcc.dg/analyzer/malloc-ipa-3.c: Moved to... * c-c++-common/analyzer/malloc-ipa-3.c: ...here. * gcc.dg/analyzer/malloc-ipa-4.c: Moved to... * c-c++-common/analyzer/malloc-ipa-4.c: ...here. * gcc.dg/analyzer/malloc-ipa-5.c: Moved to... * c-c++-common/analyzer/malloc-ipa-5.c: ...here. * gcc.dg/analyzer/malloc-ipa-6.c: Moved to... * c-c++-common/analyzer/malloc-ipa-6.c: ...here. * gcc.dg/analyzer/malloc-ipa-7.c: Moved to... * c-c++-common/analyzer/malloc-ipa-7.c: ...here. * gcc.dg/analyzer/malloc-ipa-8-unchecked.c: Moved to... * c-c++-common/analyzer/malloc-ipa-8-unchecked.c: ...here. * gcc.dg/analyzer/malloc-macro-inline-events.c: Moved to... * c-c++-common/analyzer/malloc-macro-inline-events.c: ...here. * gcc.dg/analyzer/malloc-macro-separate-events.c: Moved to... * c-c++-common/analyzer/malloc-macro-separate-events.c: ...here. * gcc.dg/analyzer/malloc-macro.h: Moved to... * c-c++-common/analyzer/malloc-macro.h: ...here. * gcc.dg/analyzer/null-deref-pr108400-SoftEtherVPN-WebUi.c: Moved to... * c-c++-common/analyzer/null-deref-pr108400-SoftEtherVPN-WebUi.c: ...here. * gcc.dg/analyzer/out-of-bounds-1.c: Moved to... * c-c++-common/analyzer/out-of-bounds-1.c: ...here. * gcc.dg/analyzer/out-of-bounds-2.c: Moved to... * c-c++-common/analyzer/out-of-bounds-2.c: ...here. * gcc.dg/analyzer/out-of-bounds-5.c: Moved to... * c-c++-common/analyzer/out-of-bounds-5.c: ...here. * gcc.dg/analyzer/out-of-bounds-diagram-11.c: Moved to... * c-c++-common/analyzer/out-of-bounds-diagram-11.c: ...here. * gcc.dg/analyzer/out-of-bounds-diagram-3.c: Moved to... * c-c++-common/analyzer/out-of-bounds-diagram-3.c: ...here. * gcc.dg/analyzer/out-of-bounds-diagram-8.c: Moved to... * c-c++-common/analyzer/out-of-bounds-diagram-8.c: ...here. * gcc.dg/analyzer/phi-1.c: Moved to... * c-c++-common/analyzer/phi-1.c: ...here. * gcc.dg/analyzer/pr100615.c: Moved to... * c-c++-common/analyzer/pr100615.c: ...here. * gcc.dg/analyzer/pr103526.c: Moved to... * c-c++-common/analyzer/pr103526.c: ...here. * gcc.dg/analyzer/pr94362-1.c: Moved to... * c-c++-common/analyzer/pr94362-1.c: ...here. * gcc.dg/analyzer/pr97074.c: Moved to... * c-c++-common/analyzer/pr97074.c: ...here. * c-c++-common/analyzer/pr99193-2.c: Added include. * c-c++-common/analyzer/realloc-1.c: Added include. * gcc.dg/analyzer/scope-1.c: Moved to... * c-c++-common/analyzer/scope-1.c: ...here. * gcc.dg/analyzer/setjmp-2.c: Moved to... * c-c++-common/analyzer/setjmp-2.c: ...here. * gcc.dg/analyzer/setjmp-5.c: Moved to... * c-c++-common/analyzer/setjmp-5.c: ...here. * gcc.dg/analyzer/setjmp-9.c: Moved to... * c-c++-common/analyzer/setjmp-9.c: ...here. * gcc.dg/analyzer/signal-4a.c: Moved to... * c-c++-common/analyzer/signal-4a.c: ...here. * gcc.dg/analyzer/signal-4b.c: Moved to... * c-c++-common/analyzer/signal-4b.c: ...here. * gcc.dg/analyzer/file-pr58237.c: C only. * gcc.dg/analyzer/fopen-1.c: C only. * gcc.dg/analyzer/malloc-4.c: C only. * gcc.dg/analyzer/malloc-paths-9.c: C only. * gcc.dg/analyzer/pr103892.c: C only. * gcc.dg/analyzer/pr109577.c: C only. * gcc.dg/analyzer/pr93355-localealias-feasibility.c: C only. * gcc.dg/analyzer/pr99193-1.c: C only. * gcc.dg/analyzer/compound-assignment-1.c: Removed. * gcc.dg/analyzer/inlining-1.c: Removed. * gcc.dg/analyzer/inlining-2.c: Removed. * gcc.dg/analyzer/inlining-5.c: Removed. * gcc.dg/analyzer/inlining-7.c: Removed. * c-c++-common/analyzer/compound-assignment-1.c: New test. * c-c++-common/analyzer/file-pr58237-noexcept.c: Duplicate of gcc.dg/analyzer/file-pr58237.c with exceptions disabled. * c-c++-common/analyzer/fopen-2.c: C++ compatible parts from gcc.dg/analyzer/fopen-1.c. * c-c++-common/analyzer/inlining-1.c: New test. * c-c++-common/analyzer/inlining-2.c: New test. * c-c++-common/analyzer/inlining-5.c: New test. * c-c++-common/analyzer/inlining-7.c: New test. * c-c++-common/analyzer/malloc-paths-9-noexcept.c: Duplicate of gcc.dg/analyzer/malloc-paths-9.c with exceptions disabled. * c-c++-common/analyzer/pr109577-noexcept.c: Duplicate of gcc.dg/analyzer/pr109577.c with exceptions disabled. * c-c++-common/analyzer/pr93355-localealias-feasibility-noexcept.c: Duplicate of gcc.dg/analyzer/pr93355-localealias-feasibility.c with exceptions disabled. * c-c++-common/analyzer/pr99193-1-noexcept.c: Duplicate of gcc.dg/analyzer/pr99193-1.c with exceptions disabled. Signed-off-by: benjamin priour <vultkayn@gcc.gnu.org>
2023-09-08Daily bump.GCC Administrator1-0/+26
2023-09-07analyzer: basic support for computed gotos (PR analyzer/110529)David Malcolm5-3/+71
PR analyzer/110529 notes that -fanalyzer was giving up on execution paths that follow a computed goto, due to ignoring CFG edges with the flag EDGE_ABNORMAL set. This patch implements enough handling for them to allow analysis of such execution paths to continue. gcc/analyzer/ChangeLog: PR analyzer/110529 * program-point.cc (program_point::on_edge): Don't reject EDGE_ABNORMAL for computed gotos. * region-model.cc (region_model::maybe_update_for_edge): Handle computed goto statements. (region_model::apply_constraints_for_ggoto): New. * region-model.h (region_model::apply_constraints_for_ggoto): New decl. * supergraph.cc (supernode::get_label): New. * supergraph.h (supernode::get_label): New decl. gcc/testsuite/ChangeLog: PR analyzer/110529 * c-c++-common/analyzer/computed-goto-1.c: New test. * gcc.dg/analyzer/computed-goto-pr110529.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-09-07analyzer: Call off a superseding when diagnostics are unrelated [PR110830]benjamin priour1-1/+89
Before this patch, a saved_diagnostic would supersede another at the same statement if and only its vfunc supercedes_p returned true for the other diagnostic's kind. That both warning were unrelated - i.e. resolving one would not fix the other - was not considered in making the above choice. This patch makes it so that two saved_diagnostics taking a different outcome of at least one common conditional branching cannot supersede each other. Signed-off-by: Benjamin Priour <vultkayn@gcc.gnu.org> Co-authored-by: David Malcolm <dmalcolm@redhat.com> Signed-off-by: David Malcolm <dmalcolm@redhat.com> gcc/analyzer/ChangeLog: PR analyzer/110830 * diagnostic-manager.cc (compatible_epaths_p): New function. (saved_diagnostic::supercedes_p): Now calls the above to determine if the diagnostics do overlap and the superseding may proceed. gcc/testsuite/ChangeLog: PR analyzer/110830 * c-c++-common/analyzer/pr110830.c: New test.
generated by cgit v1.1 at 2025-09-19 05:44:41 +0000