1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
|
/* Modeling API uses and misuses via state machines.
Copyright (C) 2019-2020 Free Software Foundation, Inc.
Contributed by David Malcolm <dmalcolm@redhat.com>.
This file is part of GCC.
GCC is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3, or (at your option)
any later version.
GCC is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GCC; see the file COPYING3. If not see
<http://www.gnu.org/licenses/>. */
#include "config.h"
#include "system.h"
#include "coretypes.h"
#include "tree.h"
#include "function.h"
#include "basic-block.h"
#include "gimple.h"
#include "options.h"
#include "function.h"
#include "diagnostic-core.h"
#include "pretty-print.h"
#include "analyzer/analyzer.h"
#include "analyzer/analyzer-logging.h"
#include "analyzer/sm.h"
#if ENABLE_ANALYZER
namespace ana {
/* Return true if VAR has pointer or reference type. */
bool
any_pointer_p (tree var)
{
return POINTER_TYPE_P (TREE_TYPE (var));
}
/* Add a state with name NAME to this state_machine.
The string is required to outlive the state_machine.
Return the state_t for the new state. */
state_machine::state_t
state_machine::add_state (const char *name)
{
m_state_names.safe_push (name);
return m_state_names.length () - 1;
}
/* Get the name of state S within this state_machine. */
const char *
state_machine::get_state_name (state_t s) const
{
return m_state_names[s];
}
/* Get the state with name NAME, which must exist.
This is purely intended for use in selftests. */
state_machine::state_t
state_machine::get_state_by_name (const char *name)
{
unsigned i;
const char *iter_name;
FOR_EACH_VEC_ELT (m_state_names, i, iter_name)
if (!strcmp (name, iter_name))
return i;
/* Name not found. */
gcc_unreachable ();
}
/* Assert that S is a valid state for this state_machine. */
void
state_machine::validate (state_t s) const
{
gcc_assert (s < m_state_names.length ());
}
/* Dump a multiline representation of this state machine to PP. */
void
state_machine::dump_to_pp (pretty_printer *pp) const
{
unsigned i;
const char *name;
FOR_EACH_VEC_ELT (m_state_names, i, name)
pp_printf (pp, " state %i: %qs\n", i, name);
}
/* Create instances of the various state machines, each using LOGGER,
and populate OUT with them. */
void
make_checkers (auto_delete_vec <state_machine> &out, logger *logger)
{
out.safe_push (make_malloc_state_machine (logger));
out.safe_push (make_fileptr_state_machine (logger));
/* The "taint" checker must be explicitly enabled (as it currently
leads to state explosions that stop the other checkers working). */
if (flag_analyzer_checker)
out.safe_push (make_taint_state_machine (logger));
out.safe_push (make_sensitive_state_machine (logger));
out.safe_push (make_signal_state_machine (logger));
/* We only attempt to run the pattern tests if it might have been manually
enabled (for DejaGnu purposes). */
if (flag_analyzer_checker)
out.safe_push (make_pattern_test_state_machine (logger));
if (flag_analyzer_checker)
{
unsigned read_index, write_index;
state_machine **sm;
/* TODO: this leaks the machines
Would be nice to log the things that were removed. */
VEC_ORDERED_REMOVE_IF (out, read_index, write_index, sm,
0 != strcmp (flag_analyzer_checker,
(*sm)->get_name ()));
}
}
} // namespace ana
#endif /* #if ENABLE_ANALYZER */
|
