public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/105899] New: RFE: -fanalyzer could complain about misuses of standard C string APIs
@ 2022-06-08 15:00 dmalcolm at gcc dot gnu.org
2023-08-11 22:09 ` [Bug analyzer/105899] " cvs-commit at gcc dot gnu.org
` (14 more replies)
0 siblings, 15 replies; 16+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-06-08 15:00 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105899
Bug ID: 105899
Summary: RFE: -fanalyzer could complain about misuses of
standard C string APIs
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Blocks: 105887
Target Milestone: ---
See:
https://clang.llvm.org/docs/analyzer/checkers.html
1.2.13.8. alpha.unix.cstring.NotNullTerminated (C)
1.2.13.9. alpha.unix.cstring.OutOfBounds (C)
1.2.13.10. alpha.unix.cstring.UninitializedRead (C)
Difficult to implement if we do the general case; but fairly easy for detecting
the "definitely happens" cases, I think.
Referenced Bugs:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105887
[Bug 105887] RFE: clang analyzer warnings that GCC's -fanalyzer could implement
^ permalink raw reply [flat|nested] 16+ messages in thread
* [Bug analyzer/105899] RFE: -fanalyzer could complain about misuses of standard C string APIs
2022-06-08 15:00 [Bug analyzer/105899] New: RFE: -fanalyzer could complain about misuses of standard C string APIs dmalcolm at gcc dot gnu.org
@ 2023-08-11 22:09 ` cvs-commit at gcc dot gnu.org
2023-08-11 23:16 ` dmalcolm at gcc dot gnu.org
` (13 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-08-11 22:09 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105899
--- Comment #1 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:325f9e88802daaca0a4793ca079bb504f7d76c54
commit r14-3169-g325f9e88802daaca0a4793ca079bb504f7d76c54
Author: David Malcolm <dmalcolm@redhat.com>
Date: Fri Aug 11 18:05:48 2023 -0400
analyzer: new warning: -Wanalyzer-unterminated-string [PR105899]
This patch adds new functions to the analyzer for checking that
an argument at a callsite is a pointer to a valid null-terminated
string, and uses this for the following known functions:
- error (param 3, the format string)
- error_at_line (param 5, the format string)
- putenv
- strchr (1st param)
- strcpy (2nd param)
- strdup
Currently the check merely detects pointers to unterminated string
constants, and adds a new -Wanalyzer-unterminated-string to complain
about that. I'm experimenting with detecting other ways in which
a buffer can fail to be null-terminated, and for other problems with
such buffers, but this patch at least adds the framework for wiring
up the check to specific parameters of known_functions.
gcc/analyzer/ChangeLog:
PR analyzer/105899
* analyzer.opt (Wanalyzer-unterminated-string): New.
* call-details.cc
(call_details::check_for_null_terminated_string_arg): New.
* call-details.h
(call_details::check_for_null_terminated_string_arg): New decl.
* kf-analyzer.cc (class kf_analyzer_get_strlen): New.
(register_known_analyzer_functions): Register it.
* kf.cc (kf_error::impl_call_pre): Check that format arg is a
valid null-terminated string.
(kf_putenv::impl_call_pre): Likewise for the sole param.
(kf_strchr::impl_call_pre): Likewise for the first param.
(kf_strcpy::impl_call_pre): Likewise for the second param.
(kf_strdup::impl_call_pre): Likewise for the sole param.
* region-model.cc (get_strlen): New.
(struct call_arg_details): New.
(inform_about_expected_null_terminated_string_arg): New.
(class unterminated_string_arg): New.
(region_model::check_for_null_terminated_string_arg): New.
* region-model.h
(region_model::check_for_null_terminated_string_arg): New decl.
gcc/ChangeLog:
PR analyzer/105899
* doc/analyzer.texi (__analyzer_get_strlen): New.
* doc/invoke.texi: Add -Wanalyzer-unterminated-string.
gcc/testsuite/ChangeLog:
PR analyzer/105899
* gcc.dg/analyzer/analyzer-decls.h (__analyzer_get_strlen): New.
* gcc.dg/analyzer/error-1.c (test_error_unterminated): New.
(test_error_at_line_unterminated): New.
* gcc.dg/analyzer/null-terminated-strings-1.c: New test.
* gcc.dg/analyzer/putenv-1.c (test_unterminated): New.
* gcc.dg/analyzer/strchr-1.c (test_unterminated): New.
* gcc.dg/analyzer/strcpy-1.c (test_unterminated): New.
* gcc.dg/analyzer/strdup-1.c (test_unterminated): New.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
^ permalink raw reply [flat|nested] 16+ messages in thread
* [Bug analyzer/105899] RFE: -fanalyzer could complain about misuses of standard C string APIs
2022-06-08 15:00 [Bug analyzer/105899] New: RFE: -fanalyzer could complain about misuses of standard C string APIs dmalcolm at gcc dot gnu.org
2023-08-11 22:09 ` [Bug analyzer/105899] " cvs-commit at gcc dot gnu.org
@ 2023-08-11 23:16 ` dmalcolm at gcc dot gnu.org
2023-08-22 1:16 ` cvs-commit at gcc dot gnu.org
` (12 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2023-08-11 23:16 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105899
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Ever confirmed|0 |1
Status|UNCONFIRMED |ASSIGNED
Last reconfirmed| |2023-08-11
^ permalink raw reply [flat|nested] 16+ messages in thread
* [Bug analyzer/105899] RFE: -fanalyzer could complain about misuses of standard C string APIs
2022-06-08 15:00 [Bug analyzer/105899] New: RFE: -fanalyzer could complain about misuses of standard C string APIs dmalcolm at gcc dot gnu.org
2023-08-11 22:09 ` [Bug analyzer/105899] " cvs-commit at gcc dot gnu.org
2023-08-11 23:16 ` dmalcolm at gcc dot gnu.org
@ 2023-08-22 1:16 ` cvs-commit at gcc dot gnu.org
2023-08-22 1:16 ` cvs-commit at gcc dot gnu.org
` (11 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-08-22 1:16 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105899
--- Comment #2 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:fe97f09a0caeff2a22cc41b26bf08692bff8686d
commit r14-3374-gfe97f09a0caeff2a22cc41b26bf08692bff8686d
Author: David Malcolm <dmalcolm@redhat.com>
Date: Mon Aug 21 21:13:19 2023 -0400
analyzer: replace -Wanalyzer-unterminated-string with
scan_for_null_terminator [PR105899]
In r14-3169-g325f9e88802daa I added check_for_null_terminated_string_arg
to -fanalyzer, calling it in various places, with a sole check for
unterminated string constants, adding -Wanalyzer-unterminated-string for
this case.
This patch adds region_model::scan_for_null_terminator, which simulates
scanning memory for a zero byte, complaining about uninitiliazed bytes
and out-of-range accesses seen before any zero byte is seen.
This more flexible approach catches the issues we saw before with
-Wanalyzer-unterminated-string, and also catches uninitialized runs
of bytes, and I believe will be a better way to build checking of C
string operations in the analyzer.
Given that the patch makes -Wanalyzer-unterminated-string redundant
and that this option was only in trunk for 10 days and has no known
users, the patch simply removes the option without a compatibility
fallback.
The patch uses custom events and notes to provide context on where
the issues are coming from. For example, given:
null-terminated-strings-1.c: In function âtest_partially_initializedâ:
null-terminated-strings-1.c:71:3: warning: use of uninitialized value
âbuf[1]â [CWE-457] [-Wanalyzer-use-of-uninitialized-value]
71 | __analyzer_get_strlen (buf);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
âtest_partially_initializedâ: events 1-3
|
| 69 | char buf[16];
| | ^~~
| | |
| | (1) region created on stack here
| 70 | buf[0] = 'a';
| 71 | __analyzer_get_strlen (buf);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (2) while looking for null terminator for argument 1
(â&bufâ) of â__analyzer_get_strlenâ...
| | (3) use of uninitialized value âbuf[1]â here
|
analyzer-decls.h:59:22: note: argument 1 of â__analyzer_get_strlenâ
must be a pointer to a null-terminated string
59 | extern __SIZE_TYPE__ __analyzer_get_strlen (const char *ptr);
| ^~~~~~~~~~~~~~~~~~~~~
gcc/analyzer/ChangeLog:
PR analyzer/105899
* analyzer.opt (Wanalyzer-unterminated-string): Delete.
* call-details.cc
(call_details::check_for_null_terminated_string_arg): Convert
return type from void to const svalue *. Add param "out_sval".
* call-details.h
(call_details::check_for_null_terminated_string_arg): Likewise.
* kf-analyzer.cc (kf_analyzer_get_strlen::impl_call_pre): Wire up
to result of check_for_null_terminated_string_arg.
* region-model.cc (get_strlen): Delete.
(class unterminated_string_arg): Delete.
(struct fragment): New.
(class iterable_cluster): New.
(region_model::get_store_bytes): New.
(get_tree_for_byte_offset): New.
(region_model::scan_for_null_terminator): New.
(region_model::check_for_null_terminated_string_arg): Convert
return type from void to const svalue *. Add param "out_sval".
Reimplement in terms of scan_for_null_terminator, dropping the
special-case for -Wanalyzer-unterminated-string.
* region-model.h (region_model::get_store_bytes): New decl.
(region_model::scan_for_null_terminator): New decl.
(region_model::check_for_null_terminated_string_arg): Convert
return type from void to const svalue *. Add param "out_sval".
* store.cc (concrete_binding::get_byte_range): New.
* store.h (concrete_binding::get_byte_range): New decl.
(store_manager::get_concrete_binding): New overload.
gcc/ChangeLog:
PR analyzer/105899
* doc/invoke.texi: Remove -Wanalyzer-unterminated-string.
gcc/testsuite/ChangeLog:
PR analyzer/105899
* gcc.dg/analyzer/error-1.c: Update expected results to reflect
reimplementation of unterminated string detection. Add test
coverage for uninitialized buffers.
* gcc.dg/analyzer/null-terminated-strings-1.c: Likewise.
* gcc.dg/analyzer/putenv-1.c: Likewise.
* gcc.dg/analyzer/strchr-1.c: Likewise.
* gcc.dg/analyzer/strcpy-1.c: Likewise.
* gcc.dg/analyzer/strdup-1.c: Likewise.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
^ permalink raw reply [flat|nested] 16+ messages in thread
* [Bug analyzer/105899] RFE: -fanalyzer could complain about misuses of standard C string APIs
2022-06-08 15:00 [Bug analyzer/105899] New: RFE: -fanalyzer could complain about misuses of standard C string APIs dmalcolm at gcc dot gnu.org
` (2 preceding siblings ...)
2023-08-22 1:16 ` cvs-commit at gcc dot gnu.org
@ 2023-08-22 1:16 ` cvs-commit at gcc dot gnu.org
2023-08-22 22:38 ` cvs-commit at gcc dot gnu.org
` (10 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-08-22 1:16 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105899
--- Comment #3 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:3b691e0190c6e7291f8a52e1e14d8293a28ff4ce
commit r14-3376-g3b691e0190c6e7291f8a52e1e14d8293a28ff4ce
Author: David Malcolm <dmalcolm@redhat.com>
Date: Mon Aug 21 21:13:19 2023 -0400
analyzer: check format strings for null termination [PR105899]
This patch extends -fanalyzer to check the format strings of calls
to functions marked with '__attribute__ ((format...))'.
The only checking done in this patch is to check that the format string
is a valid null-terminated string; this patch doesn't attempt to check
the content of the format string.
gcc/analyzer/ChangeLog:
PR analyzer/105899
* call-details.cc (call_details::call_details): New ctor.
* call-details.h (call_details::call_details): New ctor decl.
(struct call_arg_details): Move here from region-model.cc.
* region-model.cc (region_model::check_call_format_attr): New.
(region_model::check_call_args): Call it.
(struct call_arg_details): Move it to call-details.h.
* region-model.h (region_model::check_call_format_attr): New decl.
gcc/testsuite/ChangeLog:
PR analyzer/105899
* gcc.dg/analyzer/attr-format-1.c: New test.
* gcc.dg/analyzer/sprintf-1.c: Update expected results for
now-passing tests.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
^ permalink raw reply [flat|nested] 16+ messages in thread
* [Bug analyzer/105899] RFE: -fanalyzer could complain about misuses of standard C string APIs
2022-06-08 15:00 [Bug analyzer/105899] New: RFE: -fanalyzer could complain about misuses of standard C string APIs dmalcolm at gcc dot gnu.org
` (3 preceding siblings ...)
2023-08-22 1:16 ` cvs-commit at gcc dot gnu.org
@ 2023-08-22 22:38 ` cvs-commit at gcc dot gnu.org
2023-08-24 14:26 ` cvs-commit at gcc dot gnu.org
` (9 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-08-22 22:38 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105899
--- Comment #4 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:3242fb533d48abab621618c4f183ca395de3dcd2
commit r14-3391-g3242fb533d48abab621618c4f183ca395de3dcd2
Author: David Malcolm <dmalcolm@redhat.com>
Date: Tue Aug 22 18:36:54 2023 -0400
analyzer: reimplement kf_strlen [PR105899]
Reimplement kf_strlen in terms of the new string scanning
implementation, sharing strlen's implementation with
__analyzer_get_strlen.
gcc/analyzer/ChangeLog:
PR analyzer/105899
* kf-analyzer.cc (class kf_analyzer_get_strlen): Move to kf.cc.
(register_known_analyzer_functions): Use make_kf_strlen.
* kf.cc (class kf_strlen::impl_call_pre): Replace with
implementation of kf_analyzer_get_strlen from kf-analyzer.cc.
Handle "UNKNOWN" return from check_for_null_terminated_string_arg
by falling back to a conjured svalue.
(make_kf_strlen): New.
(register_known_functions): Use make_kf_strlen.
* known-function-manager.h (make_kf_strlen): New decl.
gcc/testsuite/ChangeLog:
PR analyzer/105899
* gcc.dg/analyzer/null-terminated-strings-1.c: Update expected
results on symbolic values.
* gcc.dg/analyzer/strlen-1.c: New test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
^ permalink raw reply [flat|nested] 16+ messages in thread
* [Bug analyzer/105899] RFE: -fanalyzer could complain about misuses of standard C string APIs
2022-06-08 15:00 [Bug analyzer/105899] New: RFE: -fanalyzer could complain about misuses of standard C string APIs dmalcolm at gcc dot gnu.org
` (4 preceding siblings ...)
2023-08-22 22:38 ` cvs-commit at gcc dot gnu.org
@ 2023-08-24 14:26 ` cvs-commit at gcc dot gnu.org
2023-08-24 14:26 ` cvs-commit at gcc dot gnu.org
` (8 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-08-24 14:26 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105899
--- Comment #5 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:5ef89c5c2f52a2c47fd26845d1f73e20b9081fc9
commit r14-3462-g5ef89c5c2f52a2c47fd26845d1f73e20b9081fc9
Author: David Malcolm <dmalcolm@redhat.com>
Date: Thu Aug 24 10:24:38 2023 -0400
analyzer: handle symbolic bindings in scan_for_null_terminator [PR105899]
gcc/analyzer/ChangeLog:
PR analyzer/105899
* region-model.cc (iterable_cluster::iterable_cluster): Add
symbolic binding keys to m_symbolic_bindings.
(iterable_cluster::has_symbolic_bindings_p): New.
(iterable_cluster::m_symbolic_bindings): New field.
(region_model::scan_for_null_terminator): Treat clusters with
symbolic bindings as having unknown strlen.
gcc/testsuite/ChangeLog:
PR analyzer/105899
* gcc.dg/analyzer/sprintf-1.c: Include "analyzer-decls.h".
(test_strlen_1): New.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
^ permalink raw reply [flat|nested] 16+ messages in thread
* [Bug analyzer/105899] RFE: -fanalyzer could complain about misuses of standard C string APIs
2022-06-08 15:00 [Bug analyzer/105899] New: RFE: -fanalyzer could complain about misuses of standard C string APIs dmalcolm at gcc dot gnu.org
` (5 preceding siblings ...)
2023-08-24 14:26 ` cvs-commit at gcc dot gnu.org
@ 2023-08-24 14:26 ` cvs-commit at gcc dot gnu.org
2023-08-24 14:26 ` cvs-commit at gcc dot gnu.org
` (7 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-08-24 14:26 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105899
--- Comment #6 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:0ae07a7203dd24f90e49d025046e61ef90a9fd18
commit r14-3463-g0ae07a7203dd24f90e49d025046e61ef90a9fd18
Author: David Malcolm <dmalcolm@redhat.com>
Date: Thu Aug 24 10:24:38 2023 -0400
analyzer: reimplement kf_strcpy [PR105899]
This patch reimplements the analyzer's implementation of strcpy using
the region_model::scan_for_null_terminator infrastructure, so that e.g.
it can complain about out-of-bounds reads/writes, unterminated strings,
etc.
gcc/analyzer/ChangeLog:
PR analyzer/105899
* kf.cc (kf_strcpy::impl_call_pre): Reimplement using
check_for_null_terminated_string_arg.
* region-model.cc (region_model::get_store_bytes): Shortcut
reading all of a string_region.
(region_model::scan_for_null_terminator): Use get_store_value for
the bytes rather than "unknown" when returning an unknown length.
(region_model::write_bytes): New.
* region-model.h (region_model::write_bytes): New decl.
gcc/testsuite/ChangeLog:
PR analyzer/105899
* gcc.dg/analyzer/out-of-bounds-diagram-16.c: New test.
* gcc.dg/analyzer/strcpy-1.c: Add test coverage.
* gcc.dg/analyzer/strcpy-3.c: Likewise.
* gcc.dg/analyzer/strcpy-4.c: New test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
^ permalink raw reply [flat|nested] 16+ messages in thread
* [Bug analyzer/105899] RFE: -fanalyzer could complain about misuses of standard C string APIs
2022-06-08 15:00 [Bug analyzer/105899] New: RFE: -fanalyzer could complain about misuses of standard C string APIs dmalcolm at gcc dot gnu.org
` (6 preceding siblings ...)
2023-08-24 14:26 ` cvs-commit at gcc dot gnu.org
@ 2023-08-24 14:26 ` cvs-commit at gcc dot gnu.org
2023-08-24 14:27 ` cvs-commit at gcc dot gnu.org
` (6 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-08-24 14:26 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105899
--- Comment #7 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:603bdf906af6d42ce0dabee86efc1e0aec0f1900
commit r14-3464-g603bdf906af6d42ce0dabee86efc1e0aec0f1900
Author: David Malcolm <dmalcolm@redhat.com>
Date: Thu Aug 24 10:24:38 2023 -0400
analyzer: eliminate region_model::get_string_size [PR105899]
gcc/analyzer/ChangeLog:
PR analyzer/105899
* region-model.cc (region_model::get_string_size): Delete both.
* region-model.h (region_model::get_string_size): Delete both
decls.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
^ permalink raw reply [flat|nested] 16+ messages in thread
* [Bug analyzer/105899] RFE: -fanalyzer could complain about misuses of standard C string APIs
2022-06-08 15:00 [Bug analyzer/105899] New: RFE: -fanalyzer could complain about misuses of standard C string APIs dmalcolm at gcc dot gnu.org
` (7 preceding siblings ...)
2023-08-24 14:26 ` cvs-commit at gcc dot gnu.org
@ 2023-08-24 14:27 ` cvs-commit at gcc dot gnu.org
2023-08-24 14:27 ` cvs-commit at gcc dot gnu.org
` (5 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-08-24 14:27 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105899
--- Comment #8 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:d99d73c77d1e9cca5938134b4e6e068945cf50b1
commit r14-3466-gd99d73c77d1e9cca5938134b4e6e068945cf50b1
Author: David Malcolm <dmalcolm@redhat.com>
Date: Thu Aug 24 10:24:39 2023 -0400
analyzer: handle strlen(INIT_VAL(STRING_REG)) [PR105899]
gcc/analyzer/ChangeLog:
PR analyzer/105899
* region-model.cc (fragment::has_null_terminator): Move STRING_CST
handling to fragment::string_cst_has_null_terminator; also use it
to
handle INIT_VAL(STRING_REG).
(fragment::string_cst_has_null_terminator): New, from above.
gcc/testsuite/ChangeLog:
PR analyzer/105899
* gcc.dg/analyzer/strcpy-3.c (test_2): New.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
^ permalink raw reply [flat|nested] 16+ messages in thread
* [Bug analyzer/105899] RFE: -fanalyzer could complain about misuses of standard C string APIs
2022-06-08 15:00 [Bug analyzer/105899] New: RFE: -fanalyzer could complain about misuses of standard C string APIs dmalcolm at gcc dot gnu.org
` (8 preceding siblings ...)
2023-08-24 14:27 ` cvs-commit at gcc dot gnu.org
@ 2023-08-24 14:27 ` cvs-commit at gcc dot gnu.org
2023-08-24 14:27 ` cvs-commit at gcc dot gnu.org
` (4 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-08-24 14:27 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105899
--- Comment #9 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:46cb27e56f36f23cb277f8a5beae05235af05768
commit r14-3467-g46cb27e56f36f23cb277f8a5beae05235af05768
Author: David Malcolm <dmalcolm@redhat.com>
Date: Thu Aug 24 10:24:40 2023 -0400
analyzer: handle INIT_VAL(ELEMENT_REG(STRING_REG), CONSTANT_SVAL)
[PR105899]
gcc/analyzer/ChangeLog:
PR analyzer/105899
* region-model-manager.cc
(region_model_manager::get_or_create_initial_value): Simplify
INIT_VAL(ELEMENT_REG(STRING_REG), CONSTANT_SVAL) to
CONSTANT_SVAL(STRING[N]).
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
^ permalink raw reply [flat|nested] 16+ messages in thread
* [Bug analyzer/105899] RFE: -fanalyzer could complain about misuses of standard C string APIs
2022-06-08 15:00 [Bug analyzer/105899] New: RFE: -fanalyzer could complain about misuses of standard C string APIs dmalcolm at gcc dot gnu.org
` (9 preceding siblings ...)
2023-08-24 14:27 ` cvs-commit at gcc dot gnu.org
@ 2023-08-24 14:27 ` cvs-commit at gcc dot gnu.org
2023-08-24 14:27 ` cvs-commit at gcc dot gnu.org
` (3 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-08-24 14:27 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105899
--- Comment #10 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:2bad0eeb5573e52c4b7b51546ecffcb17f46eda3
commit r14-3468-g2bad0eeb5573e52c4b7b51546ecffcb17f46eda3
Author: David Malcolm <dmalcolm@redhat.com>
Date: Thu Aug 24 10:24:40 2023 -0400
analyzer: handle strlen(BITS_WITHIN) [PR105899]
gcc/analyzer/ChangeLog:
PR analyzer/105899
* region-model.cc (fragment::has_null_terminator): Handle
SK_BITS_WITHIN.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
^ permalink raw reply [flat|nested] 16+ messages in thread
* [Bug analyzer/105899] RFE: -fanalyzer could complain about misuses of standard C string APIs
2022-06-08 15:00 [Bug analyzer/105899] New: RFE: -fanalyzer could complain about misuses of standard C string APIs dmalcolm at gcc dot gnu.org
` (10 preceding siblings ...)
2023-08-24 14:27 ` cvs-commit at gcc dot gnu.org
@ 2023-08-24 14:27 ` cvs-commit at gcc dot gnu.org
2023-08-29 14:59 ` cvs-commit at gcc dot gnu.org
` (2 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-08-24 14:27 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105899
--- Comment #11 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:bbdc0e0d0042ae16aa4d09ceb52c71e746d9139d
commit r14-3469-gbbdc0e0d0042ae16aa4d09ceb52c71e746d9139d
Author: David Malcolm <dmalcolm@redhat.com>
Date: Thu Aug 24 10:24:40 2023 -0400
analyzer: implement kf_strcat [PR105899]
gcc/analyzer/ChangeLog:
PR analyzer/105899
* call-details.cc
(call_details::check_for_null_terminated_string_arg): Split into
overloads, one taking just an arg_idx, the other a new
"include_terminator" param.
* call-details.h: Likewise.
* kf.cc (class kf_strcat): New.
(kf_strcpy::impl_call_pre): Update for change to
check_for_null_terminated_string_arg.
(register_known_functions): Register kf_strcat.
* region-model.cc
(region_model::check_for_null_terminated_string_arg): Split into
overloads, one taking just an arg_idx, the other a new
"include_terminator" param. When returning an svalue, handle
"include_terminator" being false by subtracting one.
* region-model.h
(region_model::check_for_null_terminated_string_arg): Split into
overloads, one taking just an arg_idx, the other a new
"include_terminator" param.
gcc/ChangeLog:
PR analyzer/105899
* doc/invoke.texi (Static Analyzer Options): Add "strcat" to the
list of functions known to the analyzer.
gcc/testsuite/ChangeLog:
PR analyzer/105899
* gcc.dg/analyzer/strcat-1.c: New test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
^ permalink raw reply [flat|nested] 16+ messages in thread
* [Bug analyzer/105899] RFE: -fanalyzer could complain about misuses of standard C string APIs
2022-06-08 15:00 [Bug analyzer/105899] New: RFE: -fanalyzer could complain about misuses of standard C string APIs dmalcolm at gcc dot gnu.org
` (11 preceding siblings ...)
2023-08-24 14:27 ` cvs-commit at gcc dot gnu.org
@ 2023-08-29 14:59 ` cvs-commit at gcc dot gnu.org
2023-09-06 13:33 ` cvs-commit at gcc dot gnu.org
2023-09-06 13:33 ` cvs-commit at gcc dot gnu.org
14 siblings, 0 replies; 16+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-08-29 14:59 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105899
--- Comment #12 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:f687fc1ff6d4a44db87a35e9e3be7f20425bdacc
commit r14-3549-gf687fc1ff6d4a44db87a35e9e3be7f20425bdacc
Author: David Malcolm <dmalcolm@redhat.com>
Date: Tue Aug 29 10:57:42 2023 -0400
analyzer: improve strdup handling [PR105899]
gcc/analyzer/ChangeLog:
PR analyzer/105899
* kf.cc (kf_strdup::impl_call_pre): Set size of
dynamically-allocated buffer. Simulate copying the string from
the source region to the new buffer.
gcc/testsuite/ChangeLog:
PR analyzer/105899
* c-c++-common/analyzer/pr99193-2.c: Add
-Wno-analyzer-too-complex.
* gcc.dg/analyzer/strdup-1.c: Include "analyzer-decls.h".
(test_concrete_strlen): New.
(test_symbolic_strlen): New.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
^ permalink raw reply [flat|nested] 16+ messages in thread
* [Bug analyzer/105899] RFE: -fanalyzer could complain about misuses of standard C string APIs
2022-06-08 15:00 [Bug analyzer/105899] New: RFE: -fanalyzer could complain about misuses of standard C string APIs dmalcolm at gcc dot gnu.org
` (12 preceding siblings ...)
2023-08-29 14:59 ` cvs-commit at gcc dot gnu.org
@ 2023-09-06 13:33 ` cvs-commit at gcc dot gnu.org
2023-09-06 13:33 ` cvs-commit at gcc dot gnu.org
14 siblings, 0 replies; 16+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-09-06 13:33 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105899
--- Comment #13 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:b51cde34d4e7504e821d935152c0ece0ce0dc74d
commit r14-3740-gb51cde34d4e7504e821d935152c0ece0ce0dc74d
Author: David Malcolm <dmalcolm@redhat.com>
Date: Wed Sep 6 09:32:01 2023 -0400
analyzer: implement kf_strncpy [PR105899]
gcc/analyzer/ChangeLog:
PR analyzer/105899
* kf.cc (class kf_strncpy): New.
(kf_strncpy::impl_call_post): New.
(register_known_functions): Register it.
* region-model.cc (region_model::read_bytes): Handle unknown
number of bytes.
gcc/testsuite/ChangeLog:
PR analyzer/105899
* c-c++-common/analyzer/null-terminated-strings-2.c: New test.
* c-c++-common/analyzer/overlapping-buffers.c: Update dg-bogus
directives to avoid clashing with note from <string.h> that might
happen to have the same line number. Add strpncpy test coverage.
* c-c++-common/analyzer/strncpy-1.c: New test.
* gcc.dg/analyzer/null-terminated-strings-1.c
(test_filled_nonzero): New.
(void test_filled_zero): New.
(test_filled_symbolic): New.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
^ permalink raw reply [flat|nested] 16+ messages in thread
* [Bug analyzer/105899] RFE: -fanalyzer could complain about misuses of standard C string APIs
2022-06-08 15:00 [Bug analyzer/105899] New: RFE: -fanalyzer could complain about misuses of standard C string APIs dmalcolm at gcc dot gnu.org
` (13 preceding siblings ...)
2023-09-06 13:33 ` cvs-commit at gcc dot gnu.org
@ 2023-09-06 13:33 ` cvs-commit at gcc dot gnu.org
14 siblings, 0 replies; 16+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-09-06 13:33 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105899
--- Comment #14 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:f2d7a4001a33884bc1dfd8da58e58dee18e3cd71
commit r14-3741-gf2d7a4001a33884bc1dfd8da58e58dee18e3cd71
Author: David Malcolm <dmalcolm@redhat.com>
Date: Wed Sep 6 09:32:07 2023 -0400
analyzer: implement kf_strstr [PR105899]
gcc/analyzer/ChangeLog:
PR analyzer/105899
* kf.cc (class kf_strstr): New.
(kf_strstr::impl_call_post): New.
(register_known_functions): Register it.
gcc/testsuite/ChangeLog:
PR analyzer/105899
* c-c++-common/analyzer/strstr-1.c: New test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
^ permalink raw reply [flat|nested] 16+ messages in thread
end of thread, other threads:[~2023-09-06 13:33 UTC | newest]
Thread overview: 16+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-08 15:00 [Bug analyzer/105899] New: RFE: -fanalyzer could complain about misuses of standard C string APIs dmalcolm at gcc dot gnu.org
2023-08-11 22:09 ` [Bug analyzer/105899] " cvs-commit at gcc dot gnu.org
2023-08-11 23:16 ` dmalcolm at gcc dot gnu.org
2023-08-22 1:16 ` cvs-commit at gcc dot gnu.org
2023-08-22 1:16 ` cvs-commit at gcc dot gnu.org
2023-08-22 22:38 ` cvs-commit at gcc dot gnu.org
2023-08-24 14:26 ` cvs-commit at gcc dot gnu.org
2023-08-24 14:26 ` cvs-commit at gcc dot gnu.org
2023-08-24 14:26 ` cvs-commit at gcc dot gnu.org
2023-08-24 14:27 ` cvs-commit at gcc dot gnu.org
2023-08-24 14:27 ` cvs-commit at gcc dot gnu.org
2023-08-24 14:27 ` cvs-commit at gcc dot gnu.org
2023-08-24 14:27 ` cvs-commit at gcc dot gnu.org
2023-08-29 14:59 ` cvs-commit at gcc dot gnu.org
2023-09-06 13:33 ` cvs-commit at gcc dot gnu.org
2023-09-06 13:33 ` cvs-commit at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).