public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/111155] New: RFE: better diagrams for string operations
@ 2023-08-25 12:52 dmalcolm at gcc dot gnu.org
2023-10-08 22:50 ` [Bug analyzer/111155] " cvs-commit at gcc dot gnu.org
0 siblings, 1 reply; 2+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2023-08-25 12:52 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111155
Bug ID: 111155
Summary: RFE: better diagrams for string operations
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Target Milestone: ---
See
https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=99a3fcb8ff0bf27407c525415384372189e2c3cc
The generated diagrams could be improved.
Specifically:
- we should show the index of the insertion point into buf of the strcat
string. This could be done by looking at hard boundaries, and ensuring that we
show the index on each side of a hard boundary when the index is within the
valid area (with ellipsis cells for other runs)
- we could show the existing content of the valid region, visualizing:
- the string from the strcpy that is untouched by the strcat,
- the existing NUL from the strcpy that is being overwritten by the strcat,
and
- the uninitialized bytes that are being overwritten by the strcat
^ permalink raw reply [flat|nested] 2+ messages in thread
* [Bug analyzer/111155] RFE: better diagrams for string operations
2023-08-25 12:52 [Bug analyzer/111155] New: RFE: better diagrams for string operations dmalcolm at gcc dot gnu.org
@ 2023-10-08 22:50 ` cvs-commit at gcc dot gnu.org
0 siblings, 0 replies; 2+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-10-08 22:50 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111155
--- Comment #1 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by David Malcolm <dmalcolm@gcc.gnu.org>:
https://gcc.gnu.org/g:b365e9d57ad445c5491737e230bc94213a139de7
commit r14-4477-gb365e9d57ad445c5491737e230bc94213a139de7
Author: David Malcolm <dmalcolm@redhat.com>
Date: Sun Oct 8 18:43:16 2023 -0400
analyzer: improvements to out-of-bounds diagrams [PR111155]
Update out-of-bounds diagrams to show existing string values,
and the initial write index within a string buffer.
For example, given the out-of-bounds write in strcat in:
void test (void)
{
char buf[10];
strcpy (buf, "hello");
strcat (buf, " world!");
}
the diagram improves from:
âââââââ¬ââââââ¬âââââ¬âââââ¬ââââââââââââ¬ââââââ¬ââââââ
â [0] â [1] â[2] â[3] â[4] ââ [5]
â [6] â [7] â
âââââââ¼ââââââ¼âââââ¼âââââ¼âââââ¤âââââââ¼ââââââ¼ââââââ¤
â ' ' â 'w' â'o' â'r' â'l' ââ 'd'
â '!' â NUL â
âââââââ´ââââââ´âââââ´âââââ´âââââ´â´ââââââ´ââââââ´ââââââ¤
â string literal (type: 'char[8]')
â
âââââââââââââââââââââââââââââââââââââââââââââââ
â â â â â â
â â
â â â â â â
â â
v v v v v v v v
âââââââ¬âââââââââââââââââââââââââââââââââââââââââ¬ââââââââââââââââââââââââ
â [0] â ... â[9] ââ
â
âââââââ´âââââââââââââââââââââââââââââââââââââââââ´âââââ¤âafter
valid rangeâ
â 'buf' (type: 'char[10]') ââ
â
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
âââââââââââââââââââââââââââ¬ââââââââââââââââââââââââââ¤ââââââââââ¬âââââââââ¤
â â
âââââââââââ´âââââââââ®
âââââââââââ´ââââââââââ®
âcapacity: 10 bytesâ âoverflow of 3
bytesâ
â°âââââââââââââââââââ¯
â°ââââââââââââââââââââ¯
to:
ââââââ¬âââââ¬âââââ¬âââââ¬ââââââââââââ¬ââââââ¬ââââââ
â[0] â[1] â[2] â[3] â[4] ââ [5]
â [6] â [7] â
ââââââ¼âââââ¼âââââ¼âââââ¼âââââ¤âââââââ¼ââââââ¼ââââââ¤
â' ' â'w' â'o' â'r' â'l' ââ 'd'
â '!' â NUL â
ââââââ´âââââ´âââââ´âââââ´âââââ´â´ââââââ´ââââââ´ââââââ¤
â string literal (type: 'char[8]')
â
âââââââââââââââââââââââââââââââââââââââââââââ
â â â â â â
â â
â â â â â â
â â
v v v v v v v v
âââââââ¬âââââââââââââââââââââ¬âââââ¬âââââââââââââââ¬ââââââââââââââââââââââââ
â [0] â ... â[5] â ... â[9] ââ
â
âââââââ¼âââââ¬âââââ¬âââââ¬âââââ¬â¼âââââ¼âââââââââââââââ´ââââââ
â
â 'h' â'e' â'l' â'l' â'o' ââNUL â
âafter valid rangeâ
âââââââ´âââââ´âââââ´âââââ´âââââ´â´âââââ´âââââââââââââââââââââ
â
â 'buf' (type: 'char[10]') ââ
â
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
âââââââââââââââââââââââââââ¬ââââââââââââââââââââââââââ¤ââââââââââ¬âââââââââ¤
â â
âââââââââââ´âââââââââ®
âââââââââââ´ââââââââââ®
âcapacity: 10 bytesâ âoverflow of 3
bytesâ
â°âââââââââââââââââââ¯
â°ââââââââââââââââââââ¯
gcc/analyzer/ChangeLog:
PR analyzer/111155
* access-diagram.cc (boundaries::boundaries): Add logger param
(boundaries::add): Add logging.
(boundaries::get_hard_boundaries_in_range): New.
(boundaries::m_logger): New field.
(boundaries::get_table_x_for_offset): Make public.
(class svalue_spatial_item): New.
(class compound_svalue_spatial_item): New.
(add_ellipsis_to_gaps): New.
(valid_region_spatial_item::valid_region_spatial_item): Add theme
param. Initialize m_boundaries, m_existing_sval, and
m_existing_sval_spatial_item.
(valid_region_spatial_item::add_boundaries): Set m_boundaries.
Add boundaries for any m_existing_sval_spatial_item.
(valid_region_spatial_item::add_array_elements_to_table): Rewrite
creation of min/max index in terms of
maybe_add_array_index_to_table. Rewrite ellipsis code using
add_ellipsis_to_gaps. Add index values for any hard boundaries
within the valid region.
(valid_region_spatial_item::maybe_add_array_index_to_table): New,
based on code formerly in add_array_elements_to_table.
(valid_region_spatial_item::make_table): Make use of
m_existing_sval_spatial_item, if any.
(valid_region_spatial_item::m_boundaries): New field.
(valid_region_spatial_item::m_existing_sval): New field.
(valid_region_spatial_item::m_existing_sval_spatial_item): New
field.
(class svalue_spatial_item): Rename to...
(class written_svalue_spatial_item): ...this.
(class string_region_spatial_item): Rename to..
(class string_literal_spatial_item): ...this. Add "kind".
(string_literal_spatial_item::add_boundaries): Use m_kind to
determine kind of boundary. Update for renaming of m_actual_bits
to m_bits.
(string_literal_spatial_item::make_table): Likewise. Support not
displaying a row for byte indexes, and not displaying a row for
the type.
(string_literal_spatial_item::add_column_for_byte): Make byte index
row optional.
(svalue_spatial_item::make): Convert to...
(make_written_svalue_spatial_item): ...this.
(make_existing_svalue_spatial_item): New.
(access_diagram_impl::access_diagram_impl): Pass theme to
m_valid_region_spatial_item ctor. Update for renaming of
m_svalue_spatial_item.
(access_diagram_impl::find_boundaries): Pass logger to boundaries.
Update for renaming of...
(access_diagram_impl::m_svalue_spatial_item): Rename to...
(access_diagram_impl::m_written_svalue_spatial_item): ...this.
gcc/testsuite/ChangeLog:
PR analyzer/111155
* c-c++-common/analyzer/out-of-bounds-diagram-strcat-2.c: New test.
* c-c++-common/analyzer/out-of-bounds-diagram-strcat.c: New test.
* gcc.dg/analyzer/out-of-bounds-diagram-17.c: Update expected
result to show the existing content of "buf" and the index at
which the write starts.
* gcc.dg/analyzer/out-of-bounds-diagram-18.c: Likewise.
* gcc.dg/analyzer/out-of-bounds-diagram-19.c: Likewise.
* gcc.dg/analyzer/out-of-bounds-diagram-6.c: Update expected
output.
gcc/ChangeLog:
PR analyzer/111155
* text-art/table.cc (table::maybe_set_cell_span): New.
(table::add_other_table): New.
* text-art/table.h (class table::cell_placement): Add class table
as a friend.
(table::add_rows): New.
(table::add_row): Reimplement in terms of add_rows.
(table::maybe_set_cell_span): New decl.
(table::add_other_table): New decl.
* text-art/types.h (operator+): New operator for rect + coord.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-10-08 22:50 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-08-25 12:52 [Bug analyzer/111155] New: RFE: better diagrams for string operations dmalcolm at gcc dot gnu.org
2023-10-08 22:50 ` [Bug analyzer/111155] " cvs-commit at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).