| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Prevent the compiler from failing with an internal error in some cases involving
an instance of a generic which takes as a formal parameter an instance of a
second generic, where the second generic has an Initial_Condition aspect
specification.
gcc/ada/
* contracts.adb
(Analyze_Package_Contract): Do not analyze the contract of a
temporary package created just to check conformance of an actual
package.
|
|
The SPARK containers are now maintained under the spark2014 repository.
This change replaces the implementation of SPARK containers by a
pragma Compile_Time_Error, pointing the users WITHing the libraries
to their new location.
gcc/ada/
* Makefile.rtl: Remove SPARK containers filenames.
* impunit.adb: Remove SPARK containers packages names.
* libgnat/a-cfdlli.adb, libgnat/a-cfdlli.ads: Remove content and
add pragma Compile_Time_Error with suitable message.
* libgnat/a-cfhama.adb, libgnat/a-cfhama.ads: Likewise.
* libgnat/a-cfhase.adb, libgnat/a-cfhase.ads: Likewise.
* libgnat/a-cfidll.adb, libgnat/a-cfidll.ads: Likewise.
* libgnat/a-cfinse.adb, libgnat/a-cfinse.ads: Likewise.
* libgnat/a-cfinve.adb, libgnat/a-cfinve.ads: Likewise.
* libgnat/a-cforma.adb, libgnat/a-cforma.ads: Likewise.
* libgnat/a-cforse.adb, libgnat/a-cforse.ads: Likewise.
* libgnat/a-cofove.adb, libgnat/a-cofove.ads: Likewise.
* libgnat/a-cofuma.adb, libgnat/a-cofuma.ads: Likewise.
* libgnat/a-cofuse.adb, libgnat/a-cofuse.ads: Likewise.
* libgnat/a-cofuve.adb, libgnat/a-cofuve.ads: Likewise.
* libgnat/a-cofuba.adb, libgnat/a-cofuba.ads: Remove package.
gcc/testsuite/
* gnat.dg/aspect2.adb: Removed.
* gnat.dg/aspect2.ads: Removed.
* gnat.dg/config_pragma1.adb: Removed.
* gnat.dg/config_pragma1_pkg.ads: Removed.
* gnat.dg/equal8.adb: Removed.
* gnat.dg/equal8.ads: Removed.
* gnat.dg/equal8_pkg.ads: Removed.
* gnat.dg/formal_containers.adb: Removed.
* gnat.dg/iter1.adb: Removed.
* gnat.dg/iter1.ads: Removed.
|
|
Prefix of attribute Old is captured either as an object renaming or as
an object declaration. This is now taken into account when applying
validity checks.
gcc/ada/
* exp_attr.adb (Expand_N_Attribute_Reference [Attribute_Old]):
Adapt to object declaration being rewritten into object renaming.
|
|
This patch modifies the expansion of contracts such that the statements
and declarations of a subprogram with post-execution checks get moved to
a local internally generated subprogram which the original subprogram
calls directly followed by the required post-execution checks.
This differs from the current implementation which requires delicate
machinary which coordinates with the finalization process to emulate the
desired behavior within the "at end" procedure.
gcc/ada/
* contracts.adb, contracts.ads
(Analyze_Pragmas_In_Declarations): Added to aid in the new
expansion model so that pragmas relating to contracts can get
processed early before the rest of the subprogram containing them.
(Build_Subprogram_Contract_Wrapper): Created to do the majority of
expansion for postconditions. It builds a local wrapper with the
statements and declarations within a given subprogram.
(Is_Prologue_Renaming): Moved out from Process_Preconditions to be
used generally within the contracts package.
(Build_Entry_Contract_Wrapper): Moved from exp_ch7.
(Expand_Subprogram_Contract): Add new local variable Decls to
store expanded declarations needed for evaluation of contracts.
Call new wrapper building procedure and modify comments to match
new expansion model.
(Get_Postcond_Enabled): Deleted.
(Get_Result_Object_For_Postcond): Deleted.
(Get_Return_Success_For_Postcond): Deleted.
(Process_Contract_Cases): Add new parameter to store declarations.
(Process_Postconditions): Add new parameter to store declarations.
(Process_Preconditions): Add new parameter to store declarations.
Add code to move entry-call prologue renamings
* einfo.ads: Document new field Wrapped_Statements and modify
comment for Postconditions_Proc.
* exp_attr.adb
(Analyze_Attribute): Modify expansion of the 'Old attribute to
recognize new expansion model and use Wrapped_Statements instead
of Postconditions_Proc.
* exp_ch6.adb
(Add_Return): Remove special expansion for postconditions.
(Expand_Call): Modify condition checking for calls to access
subprogram wrappers to handle new expansion models.
(Expand_Call_Helper): Remove special expansion for postconditions.
(Expand_Non_Function_Return): Remove special expansion for
postconditions.
(Expand_Simple_Function_Return): Remove special expansion for
postconditions.
* exp_ch7.adb
(Build_Finalizer): Deleted, but replaced by code in
Build_Finalizer_Helper
(Build_Finalizer_Helper): Renamed to Build_Finalizer, and special
handling of 'Old objects removed.
* exp_ch9.adb
(Build_Contract_Wrapper): Renamed and moved to contracts package.
* exp_prag.adb
(Expand_Pragma_Contract_Cases): Delay analysis of contracts since
they now instead get analyzed as part of the wrapper generation
instead of after analysis of their corresponding subprogram's
body.
(Expand_Pragma_Check): Label expanded if-statements which come
from the expansion of assertion statements as
Comes_From_Check_Or_Contract.
* freeze.adb
(Freeze_Entity): Add special case to avoid freezing when a freeze
node gets generated as part of the expansion of a postcondition
check.
* gen_il-gen-gen_nodes.adb: Add new flag
Comes_From_Check_Or_Contract.
* gen_il-fields.ads: Add new field Wrapped_Statements. Add new
flag Comes_From_Check_Or_Contract.
* gen_il-gen-gen_entities.adb: Add new field Wrapped_Statements.
* ghost.adb
(Is_OK_Declaration): Replace Name_uPostconditions with
Name_uWrapped_Statements.
(Is_OK_Statement): Simplify condition due to the loss of
Original_Node as a result of the new expansion model of contracts
and use new flag Comes_From_Check_Or_Contract in its place.
* inline.adb
(Declare_Postconditions_Result): Replace Name_uPostconditions with
Name_uWrapped_Statements.
(Expand_Inlined_Call): Replace Name_uPostconditions with
Name_uWrapped_Statements.
* lib.adb, lib.ads
(ipu): Created to aid in debugging.
* lib-xref.adb
(Generate_References): Remove special handling for postcondition
procedures.
* sem_attr.adb
(Analyze_Attribute_Old_Result): Add new context in which 'Old can
appear due to the changes in expansion. Replace
Name_uPostconditions with Name_uWrapped_Statements.
(Result): Replace Name_uPostconditions with
Name_uWrapped_Statements.
* sem_ch11.adb
(Analyze_Handled_Statements): Remove check to exclude warnings on
useless assignments within postcondition procedures since
postconditions no longer get isolated into separate subprograms.
* sem_ch6.adb
(Analyze_Generic_Subprogram_Body): Modify expansion of generic
subprogram bodies so that contracts (and their associated pragmas)
get analyzed first.
(Analyze_Subprogram_Body_Helper): Remove global HSS variable due
to the HSS of the body potentially changing during the expansion
of contracts. In cases where it was used instead directly call
Handled_Statement_Sequence. Modify expansion of subprogram bodies
so that contracts (and their associated pragmas) get analyzed
first.
(Check_Missing_Return): Create local HSS variable instead of using
a global one.
(Move_Pragmas): Use new pragma table instead of an explicit list.
* sem_elab.adb
(Is_Postconditions_Proc): Deleted since the new scheme of
expansion no longer divides postcondition checks to a separate
subprogram and so cannot be easily identified (similar to
pre-condition checks).
(Info_Call): Remove info printing for _Postconditions subprograms.
(Is_Assertion_Pragma_Target): Remove check for postconditions
procedure
(Is_Bridge_Target): Remove check for postconditions procedure.
(Get_Invocation_Attributes): Remove unneeded local variables and
check for postconditions procedure.
(Output_Call): Remove info printing for _Postconditions
subprograms.
* sem_prag.adb, sem_prag.ads: Add new Pragma table for pragmas
significant to subprograms, along with tech-debt comment.
(Check_Arg_Is_Local_Name): Modified to recognize the new
_Wrapped_Statements internal subprogram and the new expansion
model.
(Relocate_Pragmas_To_Body): Replace Name_uPostconditions with
Name_uWrapped_Statements.
* sem_res.adb
(Resolve_Entry_Call): Add conditional to detect both contract
based wrappers of entries, but also wrappers generated as part of
general contract expansion (e.g. local postconditions
subprograms).
* sem_util.adb
(Accessibility_Level): Verify 'Access is not taken based on a
component of a function result.
(Has_Significant_Contracts): Replace Name_uPostconditions with
Name_uWrapped_Statements.
(Same_Or_Aliased_Subprogram): Add conditional to detect and obtain
the original subprogram based on the new concept of
"postcondition" wrappers.
* sinfo.ads: Add documentation for new flag
Comes_From_Check_Or_Contract.
* snames.ads-tmpl: Remove Name_uPostconditions and add
Name_uWrapped_Statements
|
|
The pass would traverse generic subprogram bodies, which are not expanded,
thus stumbling on unexpected nodes.
gcc/ada/
* exp_unst.adb (Unnest_Subprograms.Search_Subprograms): Skip the
subprogram bodies that are not to be unnested.
|
|
Check for the case where a user writes "in" instead of "of" in an
aggregate like "[for E in Some_Array when Some_Filter (E) => E]".
gcc/ada/
* sem_aggr.adb
(Resolve_Array_Aggregate): Generate an appropriate error message
in the case where an error in the source code leads to an
N_Iterated_Element_Association node in a bad context.
|
|
gcc/ada/
* sem_ch4.adb
(Analyze_Selected_Component): Initialize the local variable Comp
to avoid having CodePeer generate an uninitialized variable
warning.
|
|
The -gnatX switch enables naming a prefixed view of a subprogram with an
untagged prefix. Compiling such a reference where the prefix is of a modular
type could result in an internal compiler error.
gcc/ada/
* sem_ch4.adb
(Analyze_Selected_Component): Avoid initializing the local
variable Comp if the variable is not going to be subsequently
referenced. This is a correctness issue because the call to
First_Entity can fail.
|
|
Allow the Lock_Free aspect of a protected type to be True (but only by
explicit specification) if Ceiling_Locking locking policy has been specified.
Clarify that the Lock_Free aspect takes precedence over the Ceiling_Locking
policy in that case.
gcc/ada/
* sem_ch9.adb
(Satisfies_Lock_Free_Requirements): If Ceiling_Locking locking
policy has been specified, then either return False (if Lock_Free
was not explicitly specified) or generate a warning that ceiling
locking will not be implemented for this protected unit (if
Lock_Free was explicitly specified). Generate an error message (in
addition to returning False) if an explicit Lock_Free aspect
specification is rejected because atomic primitives are not
supported on the given target.
* doc/gnat_rm/implementation_defined_pragmas.rst: Clarify that the
Lock_Free aspect for a protected unit takes precedence over the
Ceiling_Locking locking policy in the case where both apply.
* gnat_rm.texi: Regenerate.
|
|
This occurs because protected subprograms are not translated directly into
object code but first rewritten as a pair of subprograms by the front-end.
gcc/ada/
* exp_ch9.adb (Build_Protected_Spec): Tidy up and propagate the
Comes_From_Source flag onto the new formal parameters.
* sem_ch6.adb (Analyze_Subprogram_Body_Helper): Do not check
references for subprograms generated for protected subprograms.
|
|
The draft ACATS test (which we developed) for the Ada 2022 feature of
user-defined literals has compile-time problems that are fixed with this
set of changes. Two of these involve the resolution of named numbers
in the context where an implicit literal conversion can occur, and for
equality when a literal or named number is an operand. Furthermore,
the compiler can hang in some cases when a numeric literal is used
in a context where the expected type is a type derived two levels
down from a tagged type that specifies a literal aspect.
gcc/ada/
* sem_res.adb
(Resolve_Equality_Op): Add handling for equality ops with
user-defined literal operands.
* sem_util.ads
(Is_User_Defined_Literal): Update spec comment to indicate
inclusion of named number cases.
* sem_util.adb
(Corresponding_Primitive_Op): Rather than following the chain of
ancestor subprograms via Alias and Overridden_Operation links, we
check for matching profiles between primitive subprograms of the
descendant type and the ancestor subprogram (by calling a new
nested function Profile_Matches_Ancestor). This prevents the
compiler from hanging due to circular linkages via those fields
that can occur between inherited and overriding subprograms
(which might indicate a latent bug, but one that may be rather
delicate to resolve).
(Profile_Matches_Ancestor): New nested subprogram to compare the
profile of a primitive subprogram with the profile of a candidate
ancestor subprogram.
(Is_User_Defined_Literal): Also return True in cases where the
node N denotes a named number (E_Name_Integer and E_Named_Real).
|
|
Remove a comment about the former use of the -gnatd9 switch (that switch is
now unused).
gcc/ada/
* debug.adb: remove a comment.
|
|
Make sure warnings about wrong-length aggregates don't get
suppressed. Such a warning (in a with-ed unit) can be the only
explanation for an error about No_Elaboration_Code violations.
Avoid passing a bogus "#" to Error_Msg. We really should never
construct message templates by concatenating strings that can
come from input data, but there are too many cases of that to
clean up. The message template parameters should really be
of a type other than String, to avoid these kinds of bugs,
but again, that's too much work to clean up now.
gcc/ada/
* checks.adb
(Selected_Length_Checks): In the message for an aggregate that has
too few or too many elements, add "!!" to make sure the warning
gets printed in with'ed units. Note that we have to put "!!"
before the "??", because Compile_Time_Constraint_Error detects
warnings by comparing the last character of the message with '?'
(which is bit dubious, but we're not changing that here).
(Length_Mismatch_Info_Message): Use Unat for some things that
can't be negative. Specify Decimal instead of Auto in calls to
UI_Image.
* sem_util.adb
(Compile_Time_Constraint_Error): Minor.
* uintp.adb
(Image_Uint): It's always better to initialize objects on their
declaration.
|
|
The current configuration of the x86-64 VxWorks runtimes does not support
atomic primitives. x86-64 VxWorks was missed from the previous patch.
gcc/ada/
* libgnat/system-vxworks7-x86_64-kernel.ads: Set
Support_Atomic_Primitives to false.
* libgnat/system-vxworks7-x86_64-rtp-smp.ads: Ditto.
|
|
The current configuration of the QNX and VxWorks runtimes does not support
atomic primitives.
gcc/ada/
* libgnat/system-qnx-arm.ads: Set Support_Atomic_Primitives to
false.
* libgnat/system-vxworks7-aarch64.ads: Ditto.
* libgnat/system-vxworks7-aarch64-rtp-smp.ads: Ditto.
* libgnat/system-vxworks7-arm.ads: Ditto.
* libgnat/system-vxworks7-arm-rtp-smp.ads: Ditto.
* libgnat/system-vxworks7-x86-kernel.ads: Ditto.
* libgnat/system-vxworks7-x86-rtp-smp.ads: Ditto.
|
|
This patch makes various minor cleanup changes to the parser.
No change in behavior.
gcc/ada/
* par-tchk.adb, par-util.adb, prep.adb, prepcomp.adb, scng.adb:
Use "in" instead of chains of "=" connected with "or else".
Likewise for "not in", "/=", "and then". Misc cleanup.
* par-ch10.adb, par-ch12.adb, par-ch13.adb, par-ch4.adb: Likewise.
* par-ch8.adb, par-ch9.adb, par-endh.adb, par-sync.adb: Likewise.
* par.adb
(Pf_Rec): Remove filler, which was added August 25, 1993 to get
around a compiler limitation that no longer exists. Minor cleanup.
Remove useless qualfications.
* par-ch3.adb: Remove redundant return statements.
(Component_Scan_Loop): Remove loop name; there are no nested
loops, so it's unnecessary and possibly misleading, and it causes
too-long lines.
* par-ch5.adb: DRY: Remove comments that repeat the comments in
par.adb.
(P_Sequence_Of_Statements): It is better to initialize things on
the declaration. And constants are better than variables.
(Test_Statement_Required): Remove unnecessary insertion of a null
statement.
* par-ch6.adb, par-ch7.adb: DRY: Remove comments that repeat the
comments in par.adb.
|
|
This reverts commit 51abc0cc8691daecd7cec8372e4988e9f3f1913c.
|
|
gcc/testsuite/ChangeLog:
* ChangeLog: Fix PR reference.
|
|
Fixes:
gcc/analyzer/region-model.cc:5918:8: warning: private field 'm_record_type' is not used [-Wunused-private-field]
gcc/analyzer/region-model.cc:6305:25: warning: private field 'm_mgr' is not used [-Wunused-private-field]
gcc/analyzer/ChangeLog:
* region-model.cc (region_model::maybe_complain_about_infoleak):
Remove unused fields.
|
|
|
|
This patch adds handling of empty ranges in bit_range and byte_range and
adds an assertion to member functions that assume a positive size.
Further, the patch fixes an ICE caused by an empty byte_range passed to
byte_range::exceeds_p.
Regression-tested on Linux x86_64.
2022-09-10 Tim Lange <mail@tim-lange.me>
gcc/analyzer/ChangeLog:
PR analyzer/106845
* region-model.cc (region_model::check_region_bounds):
Bail out if 0 bytes were accessed.
* store.cc (byte_range::dump_to_pp):
Add special case for empty ranges.
(byte_range::exceeds_p): Restrict to non-empty ranges.
(byte_range::falls_short_of_p): Restrict to non-empty ranges.
* store.h (bit_range::empty_p): New function.
(bit_range::get_last_byte_offset): Restrict to non-empty ranges.
(byte_range::empty_p): New function.
(byte_range::get_last_byte_offset): Restrict to non-empty ranges.
gcc/testsuite/ChangeLog:
PR analyzer/106845
* gcc.dg/analyzer/out-of-bounds-zero.c: New test.
* gcc.dg/analyzer/pr106845.c: New test.
|
|
|
|
This patch adds a new 3-instructions constant synthesis pattern:
- A value that can fit into a signed 12-bit after a number of either bitwise
left or right rotations:
=> "MOVI(.N) Ax, simm12" + "SSAI (1 ... 11) or (21 ... 31)"
+ "SRC Ax, Ax, Ax"
gcc/ChangeLog:
* config/xtensa/xtensa.cc (xtensa_constantsynth):
Add new pattern for the abovementioned case.
gcc/testsuite/ChangeLog:
* gcc.target/xtensa/constsynth_3insns.c (test_4):
Add new test function.
|
|
As Akari noticed, we have an unusual "if" statement without parentheses
around the condition. The condition is a macro that expands to
something with parentheses in the right spot, but, let's make the code a
little less surprising :-)
2022-09-10 Akari Takahashi <akaritakahashioss@gmail.com>
Segher Boessenkool <segher@kernel.crashing.org>
* config/rs6000/rs6000.cc (get_memref_parts): Regularize some code.
|
|
The functions are added to the IEEE_ARITHMETIC module, but
are entirely expanded in the front-end, using GCC built-ins.
2022-08-31 Francois-Xavier Coudert <fxcoudert@gcc.gnu.org>
PR fortran/95644
gcc/fortran/
* f95-lang.cc (gfc_init_builtin_functions): Declare FMA
built-ins.
* mathbuiltins.def: Declare FMA built-ins.
* trans-intrinsic.cc (conv_intrinsic_ieee_fma): New function.
(conv_intrinsic_ieee_signbit): New function.
(gfc_build_intrinsic_lib_fndecls): Add cases for FMA and
SIGNBIT.
gcc/testsuite/
* gfortran.dg/ieee/fma_1.f90: New test.
* gfortran.dg/ieee/signbit_1.f90: New test.
libgfortran/
* ieee/ieee_arithmetic.F90: Add IEEE_SIGNBIT and IEEE_FMA.
|
|
|
|
This patch eliminates all clobbers for complex hard registers that will
be overwritten entirely afterwards (supersedence of
3867d414bd7d9e5b6fb2a51b1fb3d9e9e1eae9).
gcc/ChangeLog:
* config/xtensa/xtensa.md: Rewrite the split pattern that performs
the abovementioned process so that insns that overwrite clobbered
register no longer need to be contiguous.
(DSC): Remove as no longer needed.
|
|
In the example below, 'x' is once placed on the stack frame and then read
into registers as the argument value of bar():
/* example */
struct foo {
int a, b;
};
extern struct foo bar(struct foo);
struct foo test(void) {
struct foo x = { 0, 1 };
return bar(x);
}
Thanks to the dead store elimination, the initialization of 'x' turns into
merely loading the immediates to registers, but corresponding stack frame
growth is not rolled back. As a result:
;; prereq: the CALL0 ABI
;; before
test:
addi sp, sp, -16 // unused stack frame allocation/freeing
movi.n a2, 0
movi.n a3, 1
addi sp, sp, 16 // because no instructions that refer to
j.l bar, a9 // the stack pointer between the two
This patch eliminates such unused stack frame allocation/freeing:
;; after
test:
movi.n a2, 0
movi.n a3, 1
j.l bar, a9
gcc/ChangeLog:
* config/xtensa/xtensa.cc (machine_function): New boolean member as
a flag that controls whether to emit the insns for stack pointer
adjustment inside of the pro/epilogue.
(xtensa_emit_adjust_stack_ptr): New function to share the common
codes and to emit insns if not inhibited.
(xtensa_expand_epilogue): Change to use the function mentioned
above when using the CALL0 ABI.
(xtensa_expand_prologue): Ditto.
And also change to set the inhibit flag used by
xtensa_emit_adjust_stack_ptr() to true if the stack pointer is only
used for its own adjustment.
|
|
This is a less ambitious version of:
[PATCH 0/6] RFC: adding support to GCC for detecting trust boundaries
https://gcc.gnu.org/pipermail/gcc-patches/2021-November/584372.html
Earlier versions of this patch attempted:
(a) various ways of identifying "untrusted" memory regions
(b) providing a way to support the Linux kernel's "__user" annotation,
either via type attributes, or via custom address spaces
(c) enough attributes to identify "copy_from_user" and "copy_to_user",
(d) wiring all of the above together to detect infoleaks and taint
This patch adds a new -Wanalyzer-exposure-through-uninit-copy, emitted
by -fanalyzer if it detects copying of uninitialized data through
a pointer to an untrusted region, but requires a plugin to tell it when
a copy crosses a trust boundary.
This patch adds a proof-of-concept gcc plugin for the analyzer for use
with the Linux kernel that special-cases calls to "copy_from_user" and
calls to "copy_to_user": calls to copy_to_user are checked for
-Wanalyzer-exposure-through-uninit-copy, and data copied via
copy_from_user is marked as tainted when -fanalyzer-checker=taint is
active.
This is very much just a proof-of-concept. A big limitation is that the
copy_{from,to}_user special-casing only happens if these functions have
no body in the TU being analyzed, which isn't the case for a normal
kernel build. I'd much prefer to provide a more general mechanism for
handling such behavior without resorting to plugins (e.g. via attributes
or custom address spaces), but in the interest of not "letting perfect
be the enemy of the good" this patch at least allows parts of this
"trust boundaries" code to be merged for experimentation with the idea.
The -Wanalyzer-exposure-through-uninit-copy diagnostic uses notes to
express what fields and padding within a struct have not been initialized.
For example:
infoleak-CVE-2011-1078-2.c: In function 'test_1':
infoleak-CVE-2011-1078-2.c:32:9: warning: potential exposure of sensitive
information by copying uninitialized data from stack across trust
boundary [CWE-200] [-Wanalyzer-exposure-through-uninit-copy]
32 | copy_to_user(optval, &cinfo, sizeof(cinfo));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'test_1': events 1-3
|
| 25 | struct sco_conninfo cinfo;
| | ^~~~~
| | |
| | (1) region created on stack here
| | (2) capacity: 6 bytes
|......
| 32 | copy_to_user(optval, &cinfo, sizeof(cinfo));
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (3) uninitialized data copied from stack here
|
infoleak-CVE-2011-1078-2.c:32:9: note: 1 byte is uninitialized
32 | copy_to_user(optval, &cinfo, sizeof(cinfo));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
infoleak-CVE-2011-1078-2.c:18:15: note: padding after field 'dev_class'
is uninitialized (1 byte)
18 | __u8 dev_class[3];
| ^~~~~~~~~
infoleak-CVE-2011-1078-2.c:25:29: note: suggest forcing
zero-initialization by providing a '{0}' initializer
25 | struct sco_conninfo cinfo;
| ^~~~~
| = {0}
For taint-detection, the patch includes a series of reproducers for
detecting CVE-2011-0521. Unfortunately the analyzer doesn't yet detect
the issue until the code has been significantly simplified from its
original form: currently only in -5.c and -6.c in the series of test
(see notes in the individual cases), such as:
taint-CVE-2011-0521-6.c:33:48: warning: use of attacker-controlled value
'*info.num' in array lookup without bounds checking [CWE-129]
[-Wanalyzer-tainted-array-index]
33 | av7110->ci_slot[info->num].num = info->num;
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~
'test_1': events 1-3
|
| 19 | if (copy_from_user(&sbuf, (void __user *)arg, sizeof(sbuf)) != 0)
| | ^
| | |
| | (1) following 'false' branch...
|......
| 23 | struct dvb_device *dvbdev = file->private_data;
| | ~~~~~~
| | |
| | (2) ...to here
|......
| 33 | av7110->ci_slot[info->num].num = info->num;
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (3) use of attacker-controlled value '*info.num' in array lookup without bounds checking
|
The patch also includes various infoleak and taint cases from my
antipatterns.ko kernel module:
https://github.com/davidmalcolm/antipatterns.ko
gcc/analyzer/ChangeLog:
* analyzer.opt (Wanalyzer-exposure-through-uninit-copy): New.
* checker-path.cc (region_creation_event::region_creation_event):
Add "capacity" and "kind" params.
(region_creation_event::get_desc): Generalize to different kinds
of event.
(checker_path::add_region_creation_event): Convert to...
(checker_path::add_region_creation_events): ...this.
* checker-path.h (enum rce_kind): New.
(region_creation_event::region_creation_event): Add "capacity" and
"kind" params.
(region_creation_event::m_capacity): New field.
(region_creation_event::m_rce_kind): New field.
(checker_path::add_region_creation_event): Convert to...
(checker_path::add_region_creation_events): ...this.
* diagnostic-manager.cc (diagnostic_manager::build_emission_path):
Update for multiple region creation events.
(diagnostic_manager::add_event_on_final_node): Likewise.
(diagnostic_manager::add_events_for_eedge): Likewise.
* region-model-impl-calls.cc (call_details::get_logger): New.
* region-model.cc: Define INCLUDE_MEMORY before including
"system.h". Include "gcc-rich-location.h".
(class record_layout): New.
(class exposure_through_uninit_copy): New.
(contains_uninit_p): New.
(region_model::maybe_complain_about_infoleak): New.
* region-model.h (call_details::get_logger): New decl.
(region_model::maybe_complain_about_infoleak): New decl.
(region_model::mark_as_tainted): New decl.
* sm-taint.cc (region_model::mark_as_tainted): New.
gcc/ChangeLog:
* doc/invoke.texi (Static Analyzer Options): Add
-Wanalyzer-exposure-through-uninit-copy.
gcc/testsuite/ChangeLog:
* gcc.dg/plugin/analyzer_kernel_plugin.c: New test.
* gcc.dg/plugin/copy_from_user-1.c: New test.
* gcc.dg/plugin/infoleak-1.c: New test.
* gcc.dg/plugin/infoleak-2.c: New test.
* gcc.dg/plugin/infoleak-3.c: New test.
* gcc.dg/plugin/infoleak-CVE-2011-1078-1.c: New test.
* gcc.dg/plugin/infoleak-CVE-2011-1078-2.c: New test.
* gcc.dg/plugin/infoleak-CVE-2014-1446-1.c: New test.
* gcc.dg/plugin/infoleak-CVE-2017-18549-1.c: New test.
* gcc.dg/plugin/infoleak-CVE-2017-18550-1.c: New test.
* gcc.dg/plugin/infoleak-antipatterns-1.c: New test.
* gcc.dg/plugin/infoleak-fixit-1.c: New test.
* gcc.dg/plugin/infoleak-net-ethtool-ioctl.c: New test.
* gcc.dg/plugin/infoleak-vfio_iommu_type1.c: New test.
* gcc.dg/plugin/plugin.exp (plugin_test_list): Add
analyzer_kernel_plugin.c and the new test cases.
* gcc.dg/plugin/taint-CVE-2011-0521-1-fixed.c: New test.
* gcc.dg/plugin/taint-CVE-2011-0521-1.c: New test.
* gcc.dg/plugin/taint-CVE-2011-0521-2-fixed.c: New test.
* gcc.dg/plugin/taint-CVE-2011-0521-2.c: New test.
* gcc.dg/plugin/taint-CVE-2011-0521-3-fixed.c: New test.
* gcc.dg/plugin/taint-CVE-2011-0521-3.c: New test.
* gcc.dg/plugin/taint-CVE-2011-0521-4.c: New test.
* gcc.dg/plugin/taint-CVE-2011-0521-5-fixed.c: New test.
* gcc.dg/plugin/taint-CVE-2011-0521-5.c: New test.
* gcc.dg/plugin/taint-CVE-2011-0521-6.c: New test.
* gcc.dg/plugin/taint-CVE-2011-0521.h: New test.
* gcc.dg/plugin/taint-antipatterns-1.c: New test.
* gcc.dg/plugin/test-uaccess.h: New header for tests.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
|
|
This patch adds the ability for plugins to register "known functions"
with the analyzer, identified by name. If -fanalyzer sees a call to
such a function (with no body), it will use a plugin-provided subclass
of the new known_function abstract base class to model the possible
outcomes of the function call.
gcc/ChangeLog:
* Makefile.in (ANALYZER_OBJS): Add
analyzer/known-function-manager.o.
gcc/analyzer/ChangeLog:
* analyzer.h (class known_function_manager): New forward decl.
(class known_function): New.
(plugin_analyzer_init_iface::register_known_function): New.
* engine.cc: Include "analyzer/known-function-manager.h".
(plugin_analyzer_init_impl::plugin_analyzer_init_impl): Add
known_fn_mgr param.
(plugin_analyzer_init_impl::register_state_machine): Add
LOC_SCOPE.
(plugin_analyzer_init_impl::register_known_function): New.
(plugin_analyzer_init_impl::m_known_fn_mgr): New.
(impl_run_checkers): Update plugin callback invocation to use
eng's known_function_manager.
* known-function-manager.cc: New file.
* known-function-manager.h: New file.
* region-model-manager.cc
(region_model_manager::region_model_manager): Pass logger to
m_known_fn_mgr's ctor.
* region-model.cc (region_model::update_for_zero_return): New.
(region_model::update_for_nonzero_return): New.
(maybe_simplify_upper_bound): New.
(region_model::maybe_get_copy_bounds): New.
(region_model::get_known_function): New.
(region_model::on_call_pre): Handle plugin-supplied known
functions.
* region-model.h: Include "analyzer/known-function-manager.h".
(region_model_manager::get_known_function_manager): New.
(region_model_manager::m_known_fn_mgr): New.
(call_details::get_model): New accessor.
(region_model::maybe_get_copy_bounds): New decl.
(region_model::update_for_zero_return): New decl.
(region_model::update_for_nonzero_return): New decl.
(region_model::get_known_function): New decl.
(region_model::get_known_function_manager): New.
gcc/testsuite/ChangeLog:
* gcc.dg/plugin/analyzer_known_fns_plugin.c: New test plugin.
* gcc.dg/plugin/known-fns-1.c: New test.
* gcc.dg/plugin/plugin.exp (plugin_test_list): Add the new plugin
and test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
|
|
gcc/testsuite/ChangeLog:
PR analyzer/98247
* gcc.dg/analyzer/flexible-array-member-1.c: New test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
|
|
Add support to nvptx for reverse lookup of function name to prepare for
'omp target device(ancestor:1)'.
gcc/ChangeLog:
* config/nvptx/mkoffload.cc (struct id_map): Add 'dim' member.
(record_id): Store func name without quotes, store dim separately.
(process): For GOMP_REQUIRES_REVERSE_OFFLOAD, check that -march is
at least sm_35, create '$offload_func_table' global array and init
with reverse-offload function addresses.
* config/nvptx/nvptx.cc (write_fn_proto_1, write_fn_proto): New
force_public attribute to force .visible.
(nvptx_declare_function_name): For "omp target
device_ancestor_nohost" attribut, force .visible/TREE_PUBLIC.
libgomp/ChangeLog:
* plugin/plugin-nvptx.c (GOMP_OFFLOAD_load_image): Read offload
function address table '$offload_func_table' if rev_fn_table
is not NULL.
|
|
Add support to GCN for reverse lookup of function name to prepare for
'omp target device(ancestor:1)'.
gcc/ChangeLog:
* config/gcn/mkoffload.cc (process_asm): Create .offload_func_table,
similar to pre-existing .offload_var_table.
libgomp/ChangeLog:
* plugin/plugin-gcn.c (GOMP_OFFLOAD_load_image): Read
.offload_func_table to populate rev_fn_table when requested.
|
|
C2x adds a macro unreachable to stddef.h, with the same semantics as
__builtin_unreachable. Define this macro accordingly.
Bootstrapped with no regressions for x86_64-pc-linux-gnu.
gcc/
* ginclude/stddef.h [__STDC_VERSION__ > 201710L] (unreachable):
New macro.
gcc/testsuite/
* gcc.dg/c11-unreachable-1.c, gcc.dg/c2x-unreachable-1.c: New
tests.
|
|
Add -fscaffold-main description and order all options.
gcc/ChangeLog:
* doc/gm2.texi: All options have been alphabetically ordered.
(-fscaffold-main) Documented. (Environment variable) section
removed.
Signed-off-by: Gaius Mulley <gaiusmod2@gmail.com>
|
|
As PR106833 shows, cv-qualified opaque type can cause ICE
during LTO. It exposes that we missd to handle OPAQUE_TYPE
well in type verification. As Richi pointed out, also
assuming that target will always define TYPE_MAIN_VARIANT
TYPE_CANONICAL for opaque type, this patch is to check
both are OPAQUE_TYPE_P and their modes are of MODE_OPAQUE
class. Besides, it also checks the only available size
and alignment information.
PR middle-end/106833
gcc/ChangeLog:
* tree.cc (verify_opaque_type): New function.
(verify_type): Call verify_opaque_type for OPAQUE_TYPE.
gcc/testsuite/ChangeLog:
* gcc.target/powerpc/pr106833.c: New test.
|
|
This adds support for the following natively supported floating-point
operations, in scalar and vectorized modes:
floor, ceil, exp2*, log2*, sin*, cos*, ldexp, frexp
* These operations are single-precision float only and are only active
if unsafe_math_optimizations are enabled (due to potential numerical
precision issues).
2022-09-09 Kwok Cheung Yeung <kcy@codesourcery.com>
gcc/
* config/gcn/gcn-builtins.def (FABSVF, LDEXPVF, LDEXPV, FREXPVF_EXP,
FREXPVF_MANT, FREXPV_EXP, FREXPV_MANT): Add new builtins.
* config/gcn/gcn-protos.h (gcn_dconst1over2pi): New prototype.
* config/gcn/gcn-valu.md (MATH_UNOP_1OR2REG, MATH_UNOP_1REG,
MATH_UNOP_TRIG): New iterators.
(math_unop): New attributes.
(<math_unop><mode>2, <math_unop><mode>2<exec>,
<math_unop><mode>2, <math_unop><mode>2<exec>,
*<math_unop><mode>2_insn, *<math_unop><mode>2<exec>_insn,
ldexp<mode>3, ldexp<mode>3<exec>,
frexp<mode>_exp2, frexp<mode>_mant2,
frexp<mode>_exp2<exec>, frexp<mode>_mant2<exec>): New instructions.
(<math_unop><mode>2, <math_unop><mode>2<exec>): New expanders.
* config/gcn/gcn.cc (init_ext_gcn_constants): Update definition of
dconst1over2pi.
(gcn_dconst1over2pi): New.
(gcn_builtin_type_index): Add entry for v64df type.
(v64df_type_node): New.
(gcn_init_builtin_types): Initialize v64df_type_node.
(gcn_expand_builtin_1): Expand new builtins to instructions.
(print_operand): Fix assembler output for 1/(2*PI) constant.
* config/gcn/gcn.md (unspec): Add new entries.
|
|
When predictive commoning builds a reference for iteration N it
prematurely associates a constant offset into the MEM_REF offset
operand which can be invalid if the base pointer then points
outside of an object which alias-analysis does not consider valid.
PR tree-optimization/106722
* tree-predcom.cc (ref_at_iteration): Do not associate the
constant part of the offset into the MEM_REF offset
operand, across a non-zero offset.
* gcc.dg/torture/pr106892.c: New testcase.
|
|
../../gcc/common/config/riscv/riscv-common.cc: In function 'const char* riscv_multi_lib_check(int, const char**)':
../../gcc/common/config/riscv/riscv-common.cc:1451:11: error: bare apostrophe ''' in format [-Werror=format-diag]
1451 | "Can't find suitable multilib set for %<-march=%s%>/%<-mabi=%s%>",
| ^
../../gcc/common/config/riscv/riscv-common.cc:1451:7: note: if avoiding the apostrophe is not feasible, enclose it in a pair of '%<' and '%>' directives instead
1451 | "Can't find suitable multilib set for %<-march=%s%>/%<-mabi=%s%>",
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../gcc/common/config/riscv/riscv-common.cc: At global scope:
../../gcc/common/config/riscv/riscv-common.cc:1492:1: error: 'int riscv_check_conds(const switchstr*, int, int, const std::vector<std::__cxx11::basic_string<char> >&)' defined but not used [-Werror=unused-function]
1492 | riscv_check_conds (
| ^~~~~~~~~~~~~~~~~
../../gcc/common/config/riscv/riscv-common.cc:1374:1: error: 'const char* find_last_appear_switch(const switchstr*, int, const char*)' defined but not used [-Werror=unused-function]
1374 | find_last_appear_switch (
| ^~~~~~~~~~~~~~~~~~~~~~~
cc1plus: all warnings being treated as errors
make[3]: *** [Makefile:2442: riscv-common.o] Error 1
gcc/ChangeLog:
* common/config/riscv/riscv-common.cc (RISCV_USE_CUSTOMISED_MULTI_LIB):
Move forward for cover all all necessary functions for suppress
unused function warnings.
(riscv_multi_lib_check): Move forward, and tweak message to suppress
-Werror=format-diag warning.
|
|
This adjusts simple_control_dep_chain in the same way I adjusted
compute_control_dep_chain_pdom to avoid adding fallthru edges to
the predicate chain.
PR tree-optimization/106881
* gimple-predicate-analysis.cc (simple_control_dep_chain):
Add only non-fallthru edges and avoid the same set of edges
as compute_control_dep_chain_pdom does.
|
|
The mingw32 port is the only port to have TARGET_OVERRIDES_FORMAT_ATTRIBUTES
defined. When this macro is defined, it will never evaluate to NULL and produce
a warning: "error: the address of 'mingw_format_attribute_overrides' will never
be NULL [-Werror=address]"
Also, when TARGET_OVERRIDES_FORMAT_ATTRIBUTES is defined,
TARGET_OVERRIDES_FORMAT_ATTRIBUTES_COUNT must be defined as well. Add that
requirement to the docs.
2022-09-07 Jan-Benedict Glaw <jbglaw@lug-owl.de>
gcc/c-family/ChangeLog:
* c-format.cc (convert_format_name_to_system_name): Fix warning.
gcc/ChangeLog:
* doc/tm.texi.in (TARGET_OVERRIDES_FORMAT_ATTRIBUTES): Document requirement
of TARGET_OVERRIDES_FORMAT_ATTRIBUTES_COUNT being defined as well.
* doc/tm.texi: Regenerate.
|
|
gcc/ChangeLog:
* optc-save-gen.awk: Always compare array option values with memcmp.
|
|
|
|
omp/ompx sentinels are for vendor extensions; as they might be required for
the correctness of the program, a warning should be printable. This patch
documents in the OpenMP 5.2 table the existing warnings, including the new
warning for for fixed source form Fortran.
PR fortran/106670
gcc/fortran/ChangeLog:
* scanner.cc (skip_fixed_omp_sentinel): Add -Wsurprising warning
for 'omx' sentinels with -fopenmp.
* invoke.texi (-Wsurprising): Document additional warning case.
libgomp/ChangeLog:
* libgomp.texi (OpenMP 5.2): Add comment to ompx/omx entry.
gcc/testsuite/ChangeLog:
* c-c++-common/gomp/ompx-1.c: New test.
* c-c++-common/gomp/ompx-2.c: New test.
* g++.dg/gomp/ompx-attrs-1.C: New test.
* gfortran.dg/gomp/ompx-1.f90: New test.
* gfortran.dg/gomp/omx-1.f: New test.
* gfortran.dg/gomp/omx-2.f: New test.
|
|
The check_trait_type function is used for a number of different type
traits that have different requirements on their arguments. For example,
__is_constructible allows arrays of unknown bound even if the array
element is an incomplete type, but __is_aggregate does not, it always
requires the array element type to be complete. Other traits have
different requirements again, e.g. __is_empty allows incomplete unions,
and arrays (of known or unknown bound) of incomplete types.
This alters the check_trait_type function to take an additional KIND
parameter which indicates which set of type trait requirements to check.
As noted in a comment, the requirements for __is_aggregate deviate from
the ones for std::is_aggregate in the standard. It's not necessary for
the elements of an array to be complete types, because arrays are always
aggregates.
The type_has_virtual_destructor change is needed to avoid an ICE.
Previously it could never be called for incomplete union types as they
were (incorrectly) rejected by check_trait_type.
This change causes some additional diagnostics in some libstdc++ tests,
where the front end was not previously complaining about invalid types
that the library assertions diagnosed. We should consider removing the
library assertions from traits where the front end implements the
correct checks now.
PR c++/106838
gcc/cp/ChangeLog:
* class.cc (type_has_virtual_destructor): Return false for
union types.
* semantics.cc (check_trait_type): Add KIND parameter to support
different sets of requirements.
(finish_trait_expr): Pass KIND argument for relevant traits.
gcc/ChangeLog:
* doc/extend.texi (Type Traits): Fix requirements. Document
__is_aggregate and __is_final.
gcc/testsuite/ChangeLog:
* g++.dg/ext/array4.C: Fix invalid use of __is_constructible.
* g++.dg/ext/unary_trait_incomplete.C: Fix tests for traits with
different requirements.
libstdc++-v3/ChangeLog:
* testsuite/20_util/is_complete_or_unbounded/memoization_neg.cc:
Prune additional errors from front-end.
* testsuite/20_util/is_move_constructible/incomplete_neg.cc:
Likewise.
* testsuite/20_util/is_nothrow_swappable/incomplete_neg.cc:
Likewise.
* testsuite/20_util/is_nothrow_swappable_with/incomplete_neg.cc:
Likewise.
* testsuite/20_util/is_swappable_with/incomplete_neg.cc:
Likewise.
|
|
This patch adds support for reasoning about the inequality of two symbolic
values in the special case specifically suited for reasoning about
out-of-bounds past the end of the buffer. With this patch, the analyzer
catches off-by-one errors and more even when the offset and capacity is
symbolic.
Regrtested on Linux x86_64 and tested on coreutils, curl, httpd and
openssh as usual.
2022-09-07 Tim Lange <mail@tim-lange.me>
gcc/analyzer/ChangeLog:
PR analyzer/106625
* analyzer.h (region_offset): Eliminate m_is_symbolic member.
* region-model-impl-calls.cc (region_model::impl_call_realloc):
Refine implementation to be more precise.
* region-model.cc (class symbolic_past_the_end):
Abstract diagnostic class to complain about accesses past the end
with symbolic values.
(class symbolic_buffer_overflow):
Concrete diagnostic class to complain about buffer overflows with
symbolic values.
(class symbolic_buffer_overread):
Concrete diagnostic class to complain about buffer overreads with
symbolic values.
(region_model::check_symbolic_bounds): New function.
(maybe_get_integer_cst_tree): New helper function.
(region_model::check_region_bounds):
Add call to check_symbolic_bounds if offset is not concrete.
(region_model::eval_condition_without_cm):
Add support for EQ_EXPR and GT_EXPR with binaryop_svalues.
(is_positive_svalue): New hleper function.
(region_model::symbolic_greater_than):
New function to handle GT_EXPR comparisons with symbolic values.
(region_model::structural_equality): New function to compare
whether two svalues are structured the same, i.e. evaluate to
the same value.
(test_struct): Reflect changes to region::calc_offset.
(test_var): Likewise.
(test_array_2): Likewise and add selftest with symbolic i.
* region-model.h (class region_model): Add check_symbolic_bounds,
symbolic_greater_than and structural_equality.
* region.cc (region::get_offset):
Reflect changes to region::calc_offset.
(region::calc_offset):
Compute the symbolic offset if the offset is not concrete.
(region::get_relative_symbolic_offset): New function to return the
symbolic offset in bytes relative to its parent.
(field_region::get_relative_symbolic_offset): Likewise.
(element_region::get_relative_symbolic_offset): Likewise.
(offset_region::get_relative_symbolic_offset): Likewise.
(bit_range_region::get_relative_symbolic_offset): Likewise.
* region.h: Add get_relative_symbolic_offset.
* store.cc (binding_key::make):
Reflect changes to region::calc_offset.
(binding_map::apply_ctor_val_to_range): Likewise.
(binding_map::apply_ctor_pair_to_child_region): Likewise.
(binding_cluster::bind_compound_sval): Likewise.
(binding_cluster::get_any_binding): Likewise.
(binding_cluster::maybe_get_compound_binding): Likewise.
gcc/ChangeLog:
PR analyzer/106625
* doc/invoke.texi:
State that the checker also reasons about symbolic values.
gcc/testsuite/ChangeLog:
PR analyzer/106625
* gcc.dg/analyzer/data-model-1.c: Change expected result.
* gcc.dg/analyzer/out-of-bounds-5.c: New test.
* gcc.dg/analyzer/out-of-bounds-realloc-grow.c: New test.
* gcc.dg/analyzer/symbolic-gt-1.c: New test.
|
|
Fix a stupid typo in my vect_optimize_slp_pass patch.
gcc/
PR tree-optimization/106886
* tree-vect-slp.cc (vect_optimize_slp_pass::get_result_with_layout):
Fix copying of scalar stmts.
gcc/testsuite/
PR tree-optimization/106886
* gcc.dg/vect/bb-slp-layout-21.c: New test.
|
|
Add #undef of MUSL_DYNAMIC_LINKER before #define, to satisfy build checks
when configured with --enable-werror-always.
gcc/ChangeLog:
* config/nios2/linux.h (MUSL_DYNAMIC_LINKER): Add #undef before #define.
|
|
|
|
This was incidentally fixed by r13-806-g221acd67ca50f8.
PR c++/99209
gcc/testsuite/ChangeLog:
* g++.dg/cpp2a/lambda-uneval17.C: New test.
|
