From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugzilla@gcc.gnu.org>
Received: by sourceware.org (Postfix, from userid 48)
 id ED6843858415; Fri, 12 Aug 2022 09:14:14 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org ED6843858415
From: "cvs-commit at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug analyzer/106000] RFE: -fanalyzer should complain about memory
 accesses that are definitely out-of-bounds
Date: Fri, 12 Aug 2022 09:14:14 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: analyzer
X-Bugzilla-Version: 12.0
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: cvs-commit at gcc dot gnu.org
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: tlange at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-106000-4-G9rHfUlEqt@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-106000-4@http.gcc.gnu.org/bugzilla/>
References: <bug-106000-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: gcc-bugs@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-bugs mailing list <gcc-bugs.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Aug 2022 09:14:15 -0000

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D106000

--- Comment #6 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Tim Lange <tlange@gcc.gnu.org>:

https://gcc.gnu.org/g:7e3b45befdbbf1a1f9ff728fa2bac31b4756907c

commit r13-2029-g7e3b45befdbbf1a1f9ff728fa2bac31b4756907c
Author: Tim Lange <mail@tim-lange.me>
Date:   Fri Aug 12 10:27:16 2022 +0200

    analyzer: out-of-bounds checker [PR106000]

    This patch adds an experimental out-of-bounds checker to the analyzer.

    The checker was tested on coreutils, curl, httpd and openssh. It is mos=
tly
    accurate but does produce false-positives on yacc-generated files and
    sometimes when the analyzer misses an invariant. These cases will be
    documented in bugzilla.
    Regression-tested on Linux x86-64, further ran the analyzer tests with
    the -m32 option.

    2022-08-11  Tim Lange  <mail@tim-lange.me>

    gcc/analyzer/ChangeLog:

            PR analyzer/106000
            * analyzer.opt: Add Wanalyzer-out-of-bounds.
            * region-model.cc (class out_of_bounds): Diagnostics base class
            for all out-of-bounds diagnostics.
            (class past_the_end): Base class derived from out_of_bounds for
            the buffer_overflow and buffer_overread diagnostics.
            (class buffer_overflow): Buffer overflow diagnostics.
            (class buffer_overread): Buffer overread diagnostics.
            (class buffer_underflow): Buffer underflow diagnostics.
            (class buffer_underread): Buffer overread diagnostics.
            (region_model::check_region_bounds): New function to check regi=
on
            bounds for out-of-bounds accesses.
            (region_model::check_region_access):
            Add call to check_region_bounds.
            (region_model::get_representative_tree): New function that acce=
pts
            a region instead of an svalue.
            * region-model.h (class region_model):
            Add region_model::check_region_bounds.
            * region.cc (region::symbolic_p): New predicate.
            (offset_region::get_byte_size_sval): Only return the remaining
            byte size on offset_regions.
            * region.h: Add region::symbolic_p.
            * store.cc (byte_range::intersects_p):
            Add new function equivalent to bit_range::intersects_p.
            (byte_range::exceeds_p): New function.
            (byte_range::falls_short_of_p): New function.
            * store.h (struct byte_range): Add byte_range::intersects_p,
            byte_range::exceeds_p and byte_range::falls_short_of_p.

    gcc/ChangeLog:

            PR analyzer/106000
            * doc/invoke.texi: Add Wanalyzer-out-of-bounds.

    gcc/testsuite/ChangeLog:

            PR analyzer/106000
            * g++.dg/analyzer/pr100244.C: Disable out-of-bounds warning.
            * gcc.dg/analyzer/allocation-size-3.c:
            Disable out-of-bounds warning.
            * gcc.dg/analyzer/memcpy-2.c: Disable out-of-bounds warning.
            * gcc.dg/analyzer/pr101962.c: Add dg-warning.
            * gcc.dg/analyzer/pr96764.c: Disable out-of-bounds warning.
            * gcc.dg/analyzer/pr97029.c:
            Add dummy buffer to prevent an out-of-bounds warning.
            * gcc.dg/analyzer/realloc-5.c: Add dg-warning.
            * gcc.dg/analyzer/test-setjmp.h:
            Add dummy buffer to prevent an out-of-bounds warning.
            * gcc.dg/analyzer/zlib-3.c: Add dg-bogus.
            * g++.dg/analyzer/out-of-bounds-placement-new.C: New test.
            * gcc.dg/analyzer/out-of-bounds-1.c: New test.
            * gcc.dg/analyzer/out-of-bounds-2.c: New test.
            * gcc.dg/analyzer/out-of-bounds-3.c: New test.
            * gcc.dg/analyzer/out-of-bounds-container_of.c: New test.
            * gcc.dg/analyzer/out-of-bounds-coreutils.c: New test.
            * gcc.dg/analyzer/out-of-bounds-curl.c: New test.=