public inbox for gcc-cvs@sourceware.org
help / color / mirror / Atom feed
* [gcc r13-5244] analyzer: add SARD testsuite 81
@ 2023-01-18 16:42 David Malcolm
0 siblings, 0 replies; only message in thread
From: David Malcolm @ 2023-01-18 16:42 UTC (permalink / raw)
To: gcc-cvs
https://gcc.gnu.org/g:c6a011119bfa038ccbfc9f123ede14a3d6237fab
commit r13-5244-gc6a011119bfa038ccbfc9f123ede14a3d6237fab
Author: David Malcolm <dmalcolm@redhat.com>
Date: Wed Jan 18 11:41:47 2023 -0500
analyzer: add SARD testsuite 81
A 2013 paper [1] proposed 5 simple tests for evaluating the
effectiveness of static analysis tools at detecting
CWE-121 ("Stack-based Buffer Overflow").
The tests can be found in:
https://samate.nist.gov/SARD/test-suites/81
This patch adds theses 5 tests to -fanalyzer's testsuite, lightly
modified to add DejaGnu directives.
This is for unit-testing; for broader testing of -fanalyzer I'm working
on a separate integration testing suite that builds various real-world C
projects with -fanalyzer, currently here:
https://github.com/davidmalcolm/gcc-analyzer-integration-tests
[1] Black, P. , Koo, H. and Irish, T. (2013), A Basic CWE-121 Buffer Overflow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Dependable Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=913117 (Accessed January 17, 2023)
gcc/testsuite/ChangeLog:
* gcc.dg/analyzer/SARD-tc117-basic-00001-min.c: New test, adapted
from https://samate.nist.gov/SARD/test-suites/81.
* gcc.dg/analyzer/SARD-tc1909-stack_overflow_loop.c: Likewise.
* gcc.dg/analyzer/SARD-tc249-basic-00034-min.c: Likewise.
* gcc.dg/analyzer/SARD-tc293-basic-00045-min.c: Likewise.
* gcc.dg/analyzer/SARD-tc841-basic-00182-min.c: Likewise.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
Diff:
---
.../gcc.dg/analyzer/SARD-tc117-basic-00001-min.c | 67 ++++++++++++++++++++
.../analyzer/SARD-tc1909-stack_overflow_loop.c | 29 +++++++++
.../gcc.dg/analyzer/SARD-tc249-basic-00034-min.c | 67 ++++++++++++++++++++
.../gcc.dg/analyzer/SARD-tc293-basic-00045-min.c | 69 ++++++++++++++++++++
.../gcc.dg/analyzer/SARD-tc841-basic-00182-min.c | 73 ++++++++++++++++++++++
5 files changed, 305 insertions(+)
diff --git a/gcc/testsuite/gcc.dg/analyzer/SARD-tc117-basic-00001-min.c b/gcc/testsuite/gcc.dg/analyzer/SARD-tc117-basic-00001-min.c
new file mode 100644
index 00000000000..e1ce195ad8b
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/SARD-tc117-basic-00001-min.c
@@ -0,0 +1,67 @@
+/* Adapted from https://samate.nist.gov/SARD/test-cases/117/versions/1.0.0
+ Part of https://samate.nist.gov/SARD/test-suites/81
+ See:
+ Black, P. , Koo, H. and Irish, T. (2013), A Basic CWE-121 Buffer Overflow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Dependable Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=913117 (Accessed January 17, 2023)
+*/
+
+/* Taxonomy Classification: 0000000000000000000100 */
+
+/*
+ * WRITE/READ 0 write
+ * WHICH BOUND 0 upper
+ * DATA TYPE 0 char
+ * MEMORY LOCATION 0 stack
+ * SCOPE 0 same
+ * CONTAINER 0 no
+ * POINTER 0 no
+ * INDEX COMPLEXITY 0 constant
+ * ADDRESS COMPLEXITY 0 constant
+ * LENGTH COMPLEXITY 0 N/A
+ * ADDRESS ALIAS 0 none
+ * INDEX ALIAS 0 none
+ * LOCAL CONTROL FLOW 0 none
+ * SECONDARY CONTROL FLOW 0 none
+ * LOOP STRUCTURE 0 no
+ * LOOP COMPLEXITY 0 N/A
+ * ASYNCHRONY 0 no
+ * TAINT 0 no
+ * RUNTIME ENV. DEPENDENCE 0 no
+ * MAGNITUDE 1 1 byte
+ * CONTINUOUS/DISCRETE 0 discrete
+ * SIGNEDNESS 0 no
+ */
+
+/*
+Copyright 2004 M.I.T.
+
+Permission is hereby granted, without written agreement or royalty fee, to use,
+copy, modify, and distribute this software and its documentation for any
+purpose, provided that the above copyright notice and the following three
+paragraphs appear in all copies of this software.
+
+IN NO EVENT SHALL M.I.T. BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, SPECIAL,
+INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OF THIS SOFTWARE
+AND ITS DOCUMENTATION, EVEN IF M.I.T. HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMANGE.
+
+M.I.T. SPECIFICALLY DISCLAIMS ANY WARRANTIES INCLUDING, BUT NOT LIMITED TO
+THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
+AND NON-INFRINGEMENT.
+
+THE SOFTWARE IS PROVIDED ON AN "AS-IS" BASIS AND M.I.T. HAS NO OBLIGATION TO
+PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
+*/
+
+
+int main(int argc, char *argv[])
+{
+ char buf[10];
+
+
+ /* BAD */
+ buf[10] = 'A'; /* { dg-warning "stack-based buffer overflow" } */
+ /* { dg-message "write of 1 byte to beyond the end of 'buf'" "note" { target *-*-* } .-1 } */
+
+
+ return 0;
+}
diff --git a/gcc/testsuite/gcc.dg/analyzer/SARD-tc1909-stack_overflow_loop.c b/gcc/testsuite/gcc.dg/analyzer/SARD-tc1909-stack_overflow_loop.c
new file mode 100644
index 00000000000..2a7612ad6f0
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/SARD-tc1909-stack_overflow_loop.c
@@ -0,0 +1,29 @@
+/* Adapted from
+ https://samate.nist.gov/SARD/downloads/test-suites/2013-02-07-basic-cwe-effectiveness-cwe-121-stack-based-buffer-overflow-for-c.zip
+ Part of https://samate.nist.gov/SARD/test-suites/81:
+ See:
+ Black, P. , Koo, H. and Irish, T. (2013), A Basic CWE-121 Buffer Overflow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Dependable Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=913117 (Accessed January 17, 2023)
+*/
+
+/* This software was developed at the National Institute of Standards and
+ * Technology by employees of the Federal Government in the course of their
+ * official duties. Pursuant to title 17 Section 105 of the United States
+ * Code this software is not subject to copyright protection and is in the
+ * public domain. NIST assumes no responsibility whatsoever for its use by
+ * other parties, and makes no guarantees, expressed or implied, about its
+ * quality, reliability, or any other characteristic.
+
+ * We would appreciate acknowledgement if the software is used.
+ * The SAMATE project website is: http://samate.nist.gov
+*/
+
+#include <stdlib.h>
+
+int main(int argc, char *argv[])
+{
+ char bStr[10];
+ for (unsigned i=1;i<=10;++i) {
+ bStr[i] = (char)i + 'a'; /* { dg-warning "stack-based buffer overflow" "PR analyzer/108432" { xfail *-*-* } } */
+ }
+ return 0;
+}
diff --git a/gcc/testsuite/gcc.dg/analyzer/SARD-tc249-basic-00034-min.c b/gcc/testsuite/gcc.dg/analyzer/SARD-tc249-basic-00034-min.c
new file mode 100644
index 00000000000..4031e6d56c3
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/SARD-tc249-basic-00034-min.c
@@ -0,0 +1,67 @@
+/* Adapted from https://samate.nist.gov/SARD/test-cases/249/versions/1.0.0
+ Part of https://samate.nist.gov/SARD/test-suites/81
+ See:
+ Black, P. , Koo, H. and Irish, T. (2013), A Basic CWE-121 Buffer Overflow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Dependable Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=913117 (Accessed January 17, 2023)
+*/
+
+/* Taxonomy Classification: 0000001600030000000100 */
+
+/*
+ * WRITE/READ 0 write
+ * WHICH BOUND 0 upper
+ * DATA TYPE 0 char
+ * MEMORY LOCATION 0 stack
+ * SCOPE 0 same
+ * CONTAINER 0 no
+ * POINTER 1 yes
+ * INDEX COMPLEXITY 6 N/A
+ * ADDRESS COMPLEXITY 0 constant
+ * LENGTH COMPLEXITY 0 N/A
+ * ADDRESS ALIAS 0 none
+ * INDEX ALIAS 3 N/A
+ * LOCAL CONTROL FLOW 0 none
+ * SECONDARY CONTROL FLOW 0 none
+ * LOOP STRUCTURE 0 no
+ * LOOP COMPLEXITY 0 N/A
+ * ASYNCHRONY 0 no
+ * TAINT 0 no
+ * RUNTIME ENV. DEPENDENCE 0 no
+ * MAGNITUDE 1 1 byte
+ * CONTINUOUS/DISCRETE 0 discrete
+ * SIGNEDNESS 0 no
+ */
+
+/*
+Copyright 2004 M.I.T.
+
+Permission is hereby granted, without written agreement or royalty fee, to use,
+copy, modify, and distribute this software and its documentation for any
+purpose, provided that the above copyright notice and the following three
+paragraphs appear in all copies of this software.
+
+IN NO EVENT SHALL M.I.T. BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, SPECIAL,
+INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OF THIS SOFTWARE
+AND ITS DOCUMENTATION, EVEN IF M.I.T. HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMANGE.
+
+M.I.T. SPECIFICALLY DISCLAIMS ANY WARRANTIES INCLUDING, BUT NOT LIMITED TO
+THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
+AND NON-INFRINGEMENT.
+
+THE SOFTWARE IS PROVIDED ON AN "AS-IS" BASIS AND M.I.T. HAS NO OBLIGATION TO
+PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
+*/
+
+
+int main(int argc, char *argv[])
+{
+ char buf[10];
+
+
+ /* BAD */
+ *(buf + 10) = 'A'; /* { dg-warning "stack-based buffer overflow" } */
+ /* { dg-message "write of 1 byte to beyond the end of 'buf'" "note" { target *-*-* } .-1 } */
+
+
+ return 0;
+}
diff --git a/gcc/testsuite/gcc.dg/analyzer/SARD-tc293-basic-00045-min.c b/gcc/testsuite/gcc.dg/analyzer/SARD-tc293-basic-00045-min.c
new file mode 100644
index 00000000000..36c1946b197
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/SARD-tc293-basic-00045-min.c
@@ -0,0 +1,69 @@
+/* Adapted from https://samate.nist.gov/SARD/test-cases/293/versions/1.0.0
+ Part of https://samate.nist.gov/SARD/test-suites/81
+ See:
+ Black, P. , Koo, H. and Irish, T. (2013), A Basic CWE-121 Buffer Overflow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Dependable Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=913117 (Accessed January 17, 2023)
+*/
+
+/* Taxonomy Classification: 0000300601130000000110 */
+
+/*
+ * WRITE/READ 0 write
+ * WHICH BOUND 0 upper
+ * DATA TYPE 0 char
+ * MEMORY LOCATION 0 stack
+ * SCOPE 3 inter-file/inter-proc
+ * CONTAINER 0 no
+ * POINTER 0 no
+ * INDEX COMPLEXITY 6 N/A
+ * ADDRESS COMPLEXITY 0 constant
+ * LENGTH COMPLEXITY 1 none
+ * ADDRESS ALIAS 1 yes, one level
+ * INDEX ALIAS 3 N/A
+ * LOCAL CONTROL FLOW 0 none
+ * SECONDARY CONTROL FLOW 0 none
+ * LOOP STRUCTURE 0 no
+ * LOOP COMPLEXITY 0 N/A
+ * ASYNCHRONY 0 no
+ * TAINT 0 no
+ * RUNTIME ENV. DEPENDENCE 0 no
+ * MAGNITUDE 1 1 byte
+ * CONTINUOUS/DISCRETE 1 continuous
+ * SIGNEDNESS 0 no
+ */
+
+/*
+Copyright 2004 M.I.T.
+
+Permission is hereby granted, without written agreement or royalty fee, to use,
+copy, modify, and distribute this software and its documentation for any
+purpose, provided that the above copyright notice and the following three
+paragraphs appear in all copies of this software.
+
+IN NO EVENT SHALL M.I.T. BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, SPECIAL,
+INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OF THIS SOFTWARE
+AND ITS DOCUMENTATION, EVEN IF M.I.T. HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMANGE.
+
+M.I.T. SPECIFICALLY DISCLAIMS ANY WARRANTIES INCLUDING, BUT NOT LIMITED TO
+THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
+AND NON-INFRINGEMENT.
+
+THE SOFTWARE IS PROVIDED ON AN "AS-IS" BASIS AND M.I.T. HAS NO OBLIGATION TO
+PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
+*/
+
+#include <string.h>
+
+int main(int argc, char *argv[])
+{
+ char buf[10];
+
+
+ /* BAD */
+ strcpy(buf, "AAAAAAAAAA"); /* { dg-warning "stack-based buffer overflow" "analyzer warning" } */
+ /* { dg-message "write of 1 byte to beyond the end of 'buf'" "analyzer note" { target *-*-* } .-1 } */
+ /* { dg-warning "'__builtin_memcpy' writing 11 bytes into a region of size 10 overflows the destination" "Wstringop-overflow" { target *-*-* } .-2 } */
+
+
+ return 0;
+}
diff --git a/gcc/testsuite/gcc.dg/analyzer/SARD-tc841-basic-00182-min.c b/gcc/testsuite/gcc.dg/analyzer/SARD-tc841-basic-00182-min.c
new file mode 100644
index 00000000000..577dce13f00
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/SARD-tc841-basic-00182-min.c
@@ -0,0 +1,73 @@
+/* Adapted from https://samate.nist.gov/SARD/test-cases/841/versions/1.0.0
+ Part of https://samate.nist.gov/SARD/test-suites/81
+ See:
+ Black, P. , Koo, H. and Irish, T. (2013), A Basic CWE-121 Buffer Overflow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Dependable Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=913117 (Accessed January 17, 2023)
+*/
+
+/* Taxonomy Classification: 0000300602130000031110 */
+
+/*
+ * WRITE/READ 0 write
+ * WHICH BOUND 0 upper
+ * DATA TYPE 0 char
+ * MEMORY LOCATION 0 stack
+ * SCOPE 3 inter-file/inter-proc
+ * CONTAINER 0 no
+ * POINTER 0 no
+ * INDEX COMPLEXITY 6 N/A
+ * ADDRESS COMPLEXITY 0 constant
+ * LENGTH COMPLEXITY 2 constant
+ * ADDRESS ALIAS 1 yes, one level
+ * INDEX ALIAS 3 N/A
+ * LOCAL CONTROL FLOW 0 none
+ * SECONDARY CONTROL FLOW 0 none
+ * LOOP STRUCTURE 0 no
+ * LOOP COMPLEXITY 0 N/A
+ * ASYNCHRONY 0 no
+ * TAINT 3 file read
+ * RUNTIME ENV. DEPENDENCE 1 yes
+ * MAGNITUDE 1 1 byte
+ * CONTINUOUS/DISCRETE 1 continuous
+ * SIGNEDNESS 0 no
+ */
+
+/*
+Copyright 2004 M.I.T.
+
+Permission is hereby granted, without written agreement or royalty fee, to use,
+copy, modify, and distribute this software and its documentation for any
+purpose, provided that the above copyright notice and the following three
+paragraphs appear in all copies of this software.
+
+IN NO EVENT SHALL M.I.T. BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, SPECIAL,
+INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OF THIS SOFTWARE
+AND ITS DOCUMENTATION, EVEN IF M.I.T. HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMANGE.
+
+M.I.T. SPECIFICALLY DISCLAIMS ANY WARRANTIES INCLUDING, BUT NOT LIMITED TO
+THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
+AND NON-INFRINGEMENT.
+
+THE SOFTWARE IS PROVIDED ON AN "AS-IS" BASIS AND M.I.T. HAS NO OBLIGATION TO
+PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
+*/
+
+#include <assert.h>
+#include <stdio.h>
+
+int main(int argc, char *argv[])
+{
+ FILE * f;
+ char buf[10];
+
+ f = fopen("TestInputFile1", "r");
+ assert(f != NULL);
+
+ /* BAD */
+ fgets(buf, 11, f); /* { dg-warning "stack-based buffer overflow" "PR analyzer/105895" { xfail *-*-* } } */
+
+ fclose(f);
+
+
+ return 0;
+}
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2023-01-18 16:42 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-18 16:42 [gcc r13-5244] analyzer: add SARD testsuite 81 David Malcolm
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).