public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "cvs-commit at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug analyzer/111155] RFE: better diagrams for string operations
Date: Sun, 08 Oct 2023 22:50:55 +0000 [thread overview]
Message-ID: <bug-111155-4-AkWzEphLJ9@http.gcc.gnu.org/bugzilla/> (raw)
In-Reply-To: <bug-111155-4@http.gcc.gnu.org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111155
--- Comment #1 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:b365e9d57ad445c5491737e230bc94213a139de7
commit r14-4477-gb365e9d57ad445c5491737e230bc94213a139de7
Author: David Malcolm <dmalcolm@redhat.com>
Date: Sun Oct 8 18:43:16 2023 -0400
analyzer: improvements to out-of-bounds diagrams [PR111155]
Update out-of-bounds diagrams to show existing string values,
and the initial write index within a string buffer.
For example, given the out-of-bounds write in strcat in:
void test (void)
{
char buf[10];
strcpy (buf, "hello");
strcat (buf, " world!");
}
the diagram improves from:
âââââââ¬ââââââ¬âââââ¬âââââ¬ââââââââââââ¬ââââââ¬ââââââ
â [0] â [1] â[2] â[3] â[4] ââ [5]
â [6] â [7] â
âââââââ¼ââââââ¼âââââ¼âââââ¼âââââ¤âââââââ¼ââââââ¼ââââââ¤
â ' ' â 'w' â'o' â'r' â'l' ââ 'd'
â '!' â NUL â
âââââââ´ââââââ´âââââ´âââââ´âââââ´â´ââââââ´ââââââ´ââââââ¤
â string literal (type: 'char[8]')
â
âââââââââââââââââââââââââââââââââââââââââââââââ
â â â â â â
â â
â â â â â â
â â
v v v v v v v v
âââââââ¬âââââââââââââââââââââââââââââââââââââââââ¬ââââââââââââââââââââââââ
â [0] â ... â[9] ââ
â
âââââââ´âââââââââââââââââââââââââââââââââââââââââ´âââââ¤âafter
valid rangeâ
â 'buf' (type: 'char[10]') ââ
â
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
âââââââââââââââââââââââââââ¬ââââââââââââââââââââââââââ¤ââââââââââ¬âââââââââ¤
â â
âââââââââââ´âââââââââ®
âââââââââââ´ââââââââââ®
âcapacity: 10 bytesâ âoverflow of 3
bytesâ
â°âââââââââââââââââââ¯
â°ââââââââââââââââââââ¯
to:
ââââââ¬âââââ¬âââââ¬âââââ¬ââââââââââââ¬ââââââ¬ââââââ
â[0] â[1] â[2] â[3] â[4] ââ [5]
â [6] â [7] â
ââââââ¼âââââ¼âââââ¼âââââ¼âââââ¤âââââââ¼ââââââ¼ââââââ¤
â' ' â'w' â'o' â'r' â'l' ââ 'd'
â '!' â NUL â
ââââââ´âââââ´âââââ´âââââ´âââââ´â´ââââââ´ââââââ´ââââââ¤
â string literal (type: 'char[8]')
â
âââââââââââââââââââââââââââââââââââââââââââââ
â â â â â â
â â
â â â â â â
â â
v v v v v v v v
âââââââ¬âââââââââââââââââââââ¬âââââ¬âââââââââââââââ¬ââââââââââââââââââââââââ
â [0] â ... â[5] â ... â[9] ââ
â
âââââââ¼âââââ¬âââââ¬âââââ¬âââââ¬â¼âââââ¼âââââââââââââââ´ââââââ
â
â 'h' â'e' â'l' â'l' â'o' ââNUL â
âafter valid rangeâ
âââââââ´âââââ´âââââ´âââââ´âââââ´â´âââââ´âââââââââââââââââââââ
â
â 'buf' (type: 'char[10]') ââ
â
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
âââââââââââââââââââââââââââ¬ââââââââââââââââââââââââââ¤ââââââââââ¬âââââââââ¤
â â
âââââââââââ´âââââââââ®
âââââââââââ´ââââââââââ®
âcapacity: 10 bytesâ âoverflow of 3
bytesâ
â°âââââââââââââââââââ¯
â°ââââââââââââââââââââ¯
gcc/analyzer/ChangeLog:
PR analyzer/111155
* access-diagram.cc (boundaries::boundaries): Add logger param
(boundaries::add): Add logging.
(boundaries::get_hard_boundaries_in_range): New.
(boundaries::m_logger): New field.
(boundaries::get_table_x_for_offset): Make public.
(class svalue_spatial_item): New.
(class compound_svalue_spatial_item): New.
(add_ellipsis_to_gaps): New.
(valid_region_spatial_item::valid_region_spatial_item): Add theme
param. Initialize m_boundaries, m_existing_sval, and
m_existing_sval_spatial_item.
(valid_region_spatial_item::add_boundaries): Set m_boundaries.
Add boundaries for any m_existing_sval_spatial_item.
(valid_region_spatial_item::add_array_elements_to_table): Rewrite
creation of min/max index in terms of
maybe_add_array_index_to_table. Rewrite ellipsis code using
add_ellipsis_to_gaps. Add index values for any hard boundaries
within the valid region.
(valid_region_spatial_item::maybe_add_array_index_to_table): New,
based on code formerly in add_array_elements_to_table.
(valid_region_spatial_item::make_table): Make use of
m_existing_sval_spatial_item, if any.
(valid_region_spatial_item::m_boundaries): New field.
(valid_region_spatial_item::m_existing_sval): New field.
(valid_region_spatial_item::m_existing_sval_spatial_item): New
field.
(class svalue_spatial_item): Rename to...
(class written_svalue_spatial_item): ...this.
(class string_region_spatial_item): Rename to..
(class string_literal_spatial_item): ...this. Add "kind".
(string_literal_spatial_item::add_boundaries): Use m_kind to
determine kind of boundary. Update for renaming of m_actual_bits
to m_bits.
(string_literal_spatial_item::make_table): Likewise. Support not
displaying a row for byte indexes, and not displaying a row for
the type.
(string_literal_spatial_item::add_column_for_byte): Make byte index
row optional.
(svalue_spatial_item::make): Convert to...
(make_written_svalue_spatial_item): ...this.
(make_existing_svalue_spatial_item): New.
(access_diagram_impl::access_diagram_impl): Pass theme to
m_valid_region_spatial_item ctor. Update for renaming of
m_svalue_spatial_item.
(access_diagram_impl::find_boundaries): Pass logger to boundaries.
Update for renaming of...
(access_diagram_impl::m_svalue_spatial_item): Rename to...
(access_diagram_impl::m_written_svalue_spatial_item): ...this.
gcc/testsuite/ChangeLog:
PR analyzer/111155
* c-c++-common/analyzer/out-of-bounds-diagram-strcat-2.c: New test.
* c-c++-common/analyzer/out-of-bounds-diagram-strcat.c: New test.
* gcc.dg/analyzer/out-of-bounds-diagram-17.c: Update expected
result to show the existing content of "buf" and the index at
which the write starts.
* gcc.dg/analyzer/out-of-bounds-diagram-18.c: Likewise.
* gcc.dg/analyzer/out-of-bounds-diagram-19.c: Likewise.
* gcc.dg/analyzer/out-of-bounds-diagram-6.c: Update expected
output.
gcc/ChangeLog:
PR analyzer/111155
* text-art/table.cc (table::maybe_set_cell_span): New.
(table::add_other_table): New.
* text-art/table.h (class table::cell_placement): Add class table
as a friend.
(table::add_rows): New.
(table::add_row): Reimplement in terms of add_rows.
(table::maybe_set_cell_span): New decl.
(table::add_other_table): New decl.
* text-art/types.h (operator+): New operator for rect + coord.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
prev parent reply other threads:[~2023-10-08 22:50 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-25 12:52 [Bug analyzer/111155] New: " dmalcolm at gcc dot gnu.org
2023-10-08 22:50 ` cvs-commit at gcc dot gnu.org [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-111155-4-AkWzEphLJ9@http.gcc.gnu.org/bugzilla/ \
--to=gcc-bugzilla@gcc.gnu.org \
--cc=gcc-bugs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).