From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dmalcolm@sourceware.org>
Received: by sourceware.org (Postfix, from userid 2209)
	id D852B3858C30; Wed, 18 Jan 2023 16:42:16 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org D852B3858C30
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1674060136;
	bh=rSxhD6PivQ7/NpLdpbVshNoOuaDqdTVJH/sKZzTm0EI=;
	h=From:To:Subject:Date:From;
	b=sB9Wwy9dXhtBb1JUUCnDWsg/160jfOEPWCtLi4Yh847CzIPK4/nAxSugNqDTt3RK0
	 srdQcZIdBz7nwCvqEMztDHe9lMZ6ZsVih31jb1mwZQJDW2/zymOiFI0S0D8nRQdjUU
	 dKVBJ9LVXIBV96/83Xcvt6OZAsULR6h/RH7K5Z28=
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="utf-8"
From: David Malcolm <dmalcolm@gcc.gnu.org>
To: gcc-cvs@gcc.gnu.org
Subject: [gcc r13-5244] analyzer: add SARD testsuite 81
X-Act-Checkin: gcc
X-Git-Author: David Malcolm <dmalcolm@redhat.com>
X-Git-Refname: refs/heads/master
X-Git-Oldrev: db959e250077ae6b4fc08f53fb322719582c5de6
X-Git-Newrev: c6a011119bfa038ccbfc9f123ede14a3d6237fab
Message-Id: <20230118164216.D852B3858C30@sourceware.org>
Date: Wed, 18 Jan 2023 16:42:16 +0000 (GMT)
List-Id: <gcc-cvs.sourceware.org>

https://gcc.gnu.org/g:c6a011119bfa038ccbfc9f123ede14a3d6237fab

commit r13-5244-gc6a011119bfa038ccbfc9f123ede14a3d6237fab
Author: David Malcolm <dmalcolm@redhat.com>
Date:   Wed Jan 18 11:41:47 2023 -0500

    analyzer: add SARD testsuite 81
    
    A 2013 paper [1] proposed 5 simple tests for evaluating the
    effectiveness of static analysis tools at detecting
    CWE-121 ("Stack-based Buffer Overflow").
    
    The tests can be found in:
      https://samate.nist.gov/SARD/test-suites/81
    
    This patch adds theses 5 tests to -fanalyzer's testsuite, lightly
    modified to add DejaGnu directives.
    
    This is for unit-testing; for broader testing of -fanalyzer I'm working
    on a separate integration testing suite that builds various real-world C
    projects with -fanalyzer, currently here:
      https://github.com/davidmalcolm/gcc-analyzer-integration-tests
    
    [1] Black, P. , Koo, H. and Irish, T. (2013), A Basic CWE-121 Buffer Overflow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Dependable Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=913117 (Accessed January 17, 2023)
    
    gcc/testsuite/ChangeLog:
            * gcc.dg/analyzer/SARD-tc117-basic-00001-min.c: New test, adapted
            from https://samate.nist.gov/SARD/test-suites/81.
            * gcc.dg/analyzer/SARD-tc1909-stack_overflow_loop.c: Likewise.
            * gcc.dg/analyzer/SARD-tc249-basic-00034-min.c: Likewise.
            * gcc.dg/analyzer/SARD-tc293-basic-00045-min.c: Likewise.
            * gcc.dg/analyzer/SARD-tc841-basic-00182-min.c: Likewise.
    
    Signed-off-by: David Malcolm <dmalcolm@redhat.com>

Diff:
---
 .../gcc.dg/analyzer/SARD-tc117-basic-00001-min.c   | 67 ++++++++++++++++++++
 .../analyzer/SARD-tc1909-stack_overflow_loop.c     | 29 +++++++++
 .../gcc.dg/analyzer/SARD-tc249-basic-00034-min.c   | 67 ++++++++++++++++++++
 .../gcc.dg/analyzer/SARD-tc293-basic-00045-min.c   | 69 ++++++++++++++++++++
 .../gcc.dg/analyzer/SARD-tc841-basic-00182-min.c   | 73 ++++++++++++++++++++++
 5 files changed, 305 insertions(+)

diff --git a/gcc/testsuite/gcc.dg/analyzer/SARD-tc117-basic-00001-min.c b/gcc/testsuite/gcc.dg/analyzer/SARD-tc117-basic-00001-min.c
new file mode 100644
index 00000000000..e1ce195ad8b
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/SARD-tc117-basic-00001-min.c
@@ -0,0 +1,67 @@
+/* Adapted from https://samate.nist.gov/SARD/test-cases/117/versions/1.0.0
+   Part of https://samate.nist.gov/SARD/test-suites/81
+   See:
+     Black, P. , Koo, H. and Irish, T. (2013), A Basic CWE-121 Buffer Overflow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Dependable Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=913117 (Accessed January 17, 2023)
+*/
+
+/* Taxonomy Classification: 0000000000000000000100 */
+
+/*
+ *  WRITE/READ               	 0	write
+ *  WHICH BOUND              	 0	upper
+ *  DATA TYPE                	 0	char
+ *  MEMORY LOCATION          	 0	stack
+ *  SCOPE                    	 0	same
+ *  CONTAINER                	 0	no
+ *  POINTER                  	 0	no
+ *  INDEX COMPLEXITY         	 0	constant
+ *  ADDRESS COMPLEXITY       	 0	constant
+ *  LENGTH COMPLEXITY        	 0	N/A
+ *  ADDRESS ALIAS            	 0	none
+ *  INDEX ALIAS              	 0	none
+ *  LOCAL CONTROL FLOW       	 0	none
+ *  SECONDARY CONTROL FLOW   	 0	none
+ *  LOOP STRUCTURE           	 0	no
+ *  LOOP COMPLEXITY          	 0	N/A
+ *  ASYNCHRONY               	 0	no
+ *  TAINT                    	 0	no
+ *  RUNTIME ENV. DEPENDENCE  	 0	no
+ *  MAGNITUDE                	 1	1 byte
+ *  CONTINUOUS/DISCRETE      	 0	discrete
+ *  SIGNEDNESS               	 0	no
+ */
+
+/*
+Copyright 2004 M.I.T.
+
+Permission is hereby granted, without written agreement or royalty fee, to use, 
+copy, modify, and distribute this software and its documentation for any 
+purpose, provided that the above copyright notice and the following three 
+paragraphs appear in all copies of this software.
+
+IN NO EVENT SHALL M.I.T. BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, SPECIAL, 
+INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OF THIS SOFTWARE 
+AND ITS DOCUMENTATION, EVEN IF M.I.T. HAS BEEN ADVISED OF THE POSSIBILITY OF 
+SUCH DAMANGE.
+
+M.I.T. SPECIFICALLY DISCLAIMS ANY WARRANTIES INCLUDING, BUT NOT LIMITED TO 
+THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, 
+AND NON-INFRINGEMENT.
+
+THE SOFTWARE IS PROVIDED ON AN "AS-IS" BASIS AND M.I.T. HAS NO OBLIGATION TO 
+PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
+*/
+
+
+int main(int argc, char *argv[])
+{
+  char buf[10];
+
+
+  /*  BAD  */
+  buf[10] = 'A'; /* { dg-warning "stack-based buffer overflow" } */
+  /* { dg-message "write of 1 byte to beyond the end of 'buf'" "note" { target *-*-* } .-1 } */
+
+
+  return 0;
+}
diff --git a/gcc/testsuite/gcc.dg/analyzer/SARD-tc1909-stack_overflow_loop.c b/gcc/testsuite/gcc.dg/analyzer/SARD-tc1909-stack_overflow_loop.c
new file mode 100644
index 00000000000..2a7612ad6f0
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/SARD-tc1909-stack_overflow_loop.c
@@ -0,0 +1,29 @@
+/* Adapted from
+     https://samate.nist.gov/SARD/downloads/test-suites/2013-02-07-basic-cwe-effectiveness-cwe-121-stack-based-buffer-overflow-for-c.zip
+   Part of https://samate.nist.gov/SARD/test-suites/81:
+   See:
+     Black, P. , Koo, H. and Irish, T. (2013), A Basic CWE-121 Buffer Overflow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Dependable Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=913117 (Accessed January 17, 2023)
+*/
+
+/* This software was developed at the National Institute of Standards and
+ * Technology by employees of the Federal Government in the course of their
+ * official duties. Pursuant to title 17 Section 105 of the United States
+ * Code this software is not subject to copyright protection and is in the
+ * public domain. NIST assumes no responsibility whatsoever for its use by
+ * other parties, and makes no guarantees, expressed or implied, about its
+ * quality, reliability, or any other characteristic.
+
+ * We would appreciate acknowledgement if the software is used.
+ * The SAMATE project website is: http://samate.nist.gov
+*/
+
+#include <stdlib.h>
+
+int main(int argc, char *argv[])
+{
+	char bStr[10];
+	for (unsigned i=1;i<=10;++i) {
+		bStr[i] = (char)i + 'a'; /* { dg-warning "stack-based buffer overflow" "PR analyzer/108432" { xfail *-*-* } } */
+	}
+	return 0;
+}
diff --git a/gcc/testsuite/gcc.dg/analyzer/SARD-tc249-basic-00034-min.c b/gcc/testsuite/gcc.dg/analyzer/SARD-tc249-basic-00034-min.c
new file mode 100644
index 00000000000..4031e6d56c3
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/SARD-tc249-basic-00034-min.c
@@ -0,0 +1,67 @@
+/* Adapted from https://samate.nist.gov/SARD/test-cases/249/versions/1.0.0
+   Part of https://samate.nist.gov/SARD/test-suites/81
+   See:
+     Black, P. , Koo, H. and Irish, T. (2013), A Basic CWE-121 Buffer Overflow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Dependable Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=913117 (Accessed January 17, 2023)
+*/
+
+/* Taxonomy Classification: 0000001600030000000100 */
+
+/*
+ *  WRITE/READ               	 0	write
+ *  WHICH BOUND              	 0	upper
+ *  DATA TYPE                	 0	char
+ *  MEMORY LOCATION          	 0	stack
+ *  SCOPE                    	 0	same
+ *  CONTAINER                	 0	no
+ *  POINTER                  	 1	yes
+ *  INDEX COMPLEXITY         	 6	N/A
+ *  ADDRESS COMPLEXITY       	 0	constant
+ *  LENGTH COMPLEXITY        	 0	N/A
+ *  ADDRESS ALIAS            	 0	none
+ *  INDEX ALIAS              	 3	N/A
+ *  LOCAL CONTROL FLOW       	 0	none
+ *  SECONDARY CONTROL FLOW   	 0	none
+ *  LOOP STRUCTURE           	 0	no
+ *  LOOP COMPLEXITY          	 0	N/A
+ *  ASYNCHRONY               	 0	no
+ *  TAINT                    	 0	no
+ *  RUNTIME ENV. DEPENDENCE  	 0	no
+ *  MAGNITUDE                	 1	1 byte
+ *  CONTINUOUS/DISCRETE      	 0	discrete
+ *  SIGNEDNESS               	 0	no
+ */
+
+/*
+Copyright 2004 M.I.T.
+
+Permission is hereby granted, without written agreement or royalty fee, to use, 
+copy, modify, and distribute this software and its documentation for any 
+purpose, provided that the above copyright notice and the following three 
+paragraphs appear in all copies of this software.
+
+IN NO EVENT SHALL M.I.T. BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, SPECIAL, 
+INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OF THIS SOFTWARE 
+AND ITS DOCUMENTATION, EVEN IF M.I.T. HAS BEEN ADVISED OF THE POSSIBILITY OF 
+SUCH DAMANGE.
+
+M.I.T. SPECIFICALLY DISCLAIMS ANY WARRANTIES INCLUDING, BUT NOT LIMITED TO 
+THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, 
+AND NON-INFRINGEMENT.
+
+THE SOFTWARE IS PROVIDED ON AN "AS-IS" BASIS AND M.I.T. HAS NO OBLIGATION TO 
+PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
+*/
+
+
+int main(int argc, char *argv[])
+{
+  char buf[10];
+
+
+  /*  BAD  */
+  *(buf + 10) = 'A'; /* { dg-warning "stack-based buffer overflow" } */
+  /* { dg-message "write of 1 byte to beyond the end of 'buf'" "note" { target *-*-* } .-1 } */
+
+
+  return 0;
+}
diff --git a/gcc/testsuite/gcc.dg/analyzer/SARD-tc293-basic-00045-min.c b/gcc/testsuite/gcc.dg/analyzer/SARD-tc293-basic-00045-min.c
new file mode 100644
index 00000000000..36c1946b197
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/SARD-tc293-basic-00045-min.c
@@ -0,0 +1,69 @@
+/* Adapted from https://samate.nist.gov/SARD/test-cases/293/versions/1.0.0
+   Part of https://samate.nist.gov/SARD/test-suites/81
+   See:
+     Black, P. , Koo, H. and Irish, T. (2013), A Basic CWE-121 Buffer Overflow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Dependable Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=913117 (Accessed January 17, 2023)
+*/
+
+/* Taxonomy Classification: 0000300601130000000110 */
+
+/*
+ *  WRITE/READ               	 0	write
+ *  WHICH BOUND              	 0	upper
+ *  DATA TYPE                	 0	char
+ *  MEMORY LOCATION          	 0	stack
+ *  SCOPE                    	 3	inter-file/inter-proc
+ *  CONTAINER                	 0	no
+ *  POINTER                  	 0	no
+ *  INDEX COMPLEXITY         	 6	N/A
+ *  ADDRESS COMPLEXITY       	 0	constant
+ *  LENGTH COMPLEXITY        	 1	none
+ *  ADDRESS ALIAS            	 1	yes, one level
+ *  INDEX ALIAS              	 3	N/A
+ *  LOCAL CONTROL FLOW       	 0	none
+ *  SECONDARY CONTROL FLOW   	 0	none
+ *  LOOP STRUCTURE           	 0	no
+ *  LOOP COMPLEXITY          	 0	N/A
+ *  ASYNCHRONY               	 0	no
+ *  TAINT                    	 0	no
+ *  RUNTIME ENV. DEPENDENCE  	 0	no
+ *  MAGNITUDE                	 1	1 byte
+ *  CONTINUOUS/DISCRETE      	 1	continuous
+ *  SIGNEDNESS               	 0	no
+ */
+
+/*
+Copyright 2004 M.I.T.
+
+Permission is hereby granted, without written agreement or royalty fee, to use, 
+copy, modify, and distribute this software and its documentation for any 
+purpose, provided that the above copyright notice and the following three 
+paragraphs appear in all copies of this software.
+
+IN NO EVENT SHALL M.I.T. BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, SPECIAL, 
+INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OF THIS SOFTWARE 
+AND ITS DOCUMENTATION, EVEN IF M.I.T. HAS BEEN ADVISED OF THE POSSIBILITY OF 
+SUCH DAMANGE.
+
+M.I.T. SPECIFICALLY DISCLAIMS ANY WARRANTIES INCLUDING, BUT NOT LIMITED TO 
+THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, 
+AND NON-INFRINGEMENT.
+
+THE SOFTWARE IS PROVIDED ON AN "AS-IS" BASIS AND M.I.T. HAS NO OBLIGATION TO 
+PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
+*/
+
+#include <string.h>
+
+int main(int argc, char *argv[])
+{
+  char buf[10];
+
+
+  /*  BAD  */
+  strcpy(buf, "AAAAAAAAAA"); /* { dg-warning "stack-based buffer overflow" "analyzer warning" } */
+  /* { dg-message "write of 1 byte to beyond the end of 'buf'" "analyzer note" { target *-*-* } .-1 } */
+  /* { dg-warning "'__builtin_memcpy' writing 11 bytes into a region of size 10 overflows the destination" "Wstringop-overflow" { target *-*-* } .-2 } */
+
+
+  return 0;
+}
diff --git a/gcc/testsuite/gcc.dg/analyzer/SARD-tc841-basic-00182-min.c b/gcc/testsuite/gcc.dg/analyzer/SARD-tc841-basic-00182-min.c
new file mode 100644
index 00000000000..577dce13f00
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/SARD-tc841-basic-00182-min.c
@@ -0,0 +1,73 @@
+/* Adapted from https://samate.nist.gov/SARD/test-cases/841/versions/1.0.0
+   Part of https://samate.nist.gov/SARD/test-suites/81
+   See:
+     Black, P. , Koo, H. and Irish, T. (2013), A Basic CWE-121 Buffer Overflow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Dependable Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=913117 (Accessed January 17, 2023)
+*/
+
+/* Taxonomy Classification: 0000300602130000031110 */
+
+/*
+ *  WRITE/READ               	 0	write
+ *  WHICH BOUND              	 0	upper
+ *  DATA TYPE                	 0	char
+ *  MEMORY LOCATION          	 0	stack
+ *  SCOPE                    	 3	inter-file/inter-proc
+ *  CONTAINER                	 0	no
+ *  POINTER                  	 0	no
+ *  INDEX COMPLEXITY         	 6	N/A
+ *  ADDRESS COMPLEXITY       	 0	constant
+ *  LENGTH COMPLEXITY        	 2	constant
+ *  ADDRESS ALIAS            	 1	yes, one level
+ *  INDEX ALIAS              	 3	N/A
+ *  LOCAL CONTROL FLOW       	 0	none
+ *  SECONDARY CONTROL FLOW   	 0	none
+ *  LOOP STRUCTURE           	 0	no
+ *  LOOP COMPLEXITY          	 0	N/A
+ *  ASYNCHRONY               	 0	no
+ *  TAINT                    	 3	file read
+ *  RUNTIME ENV. DEPENDENCE  	 1	yes
+ *  MAGNITUDE                	 1	1 byte
+ *  CONTINUOUS/DISCRETE      	 1	continuous
+ *  SIGNEDNESS               	 0	no
+ */
+
+/*
+Copyright 2004 M.I.T.
+
+Permission is hereby granted, without written agreement or royalty fee, to use, 
+copy, modify, and distribute this software and its documentation for any 
+purpose, provided that the above copyright notice and the following three 
+paragraphs appear in all copies of this software.
+
+IN NO EVENT SHALL M.I.T. BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, SPECIAL, 
+INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OF THIS SOFTWARE 
+AND ITS DOCUMENTATION, EVEN IF M.I.T. HAS BEEN ADVISED OF THE POSSIBILITY OF 
+SUCH DAMANGE.
+
+M.I.T. SPECIFICALLY DISCLAIMS ANY WARRANTIES INCLUDING, BUT NOT LIMITED TO 
+THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, 
+AND NON-INFRINGEMENT.
+
+THE SOFTWARE IS PROVIDED ON AN "AS-IS" BASIS AND M.I.T. HAS NO OBLIGATION TO 
+PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
+*/
+
+#include <assert.h>
+#include <stdio.h>
+
+int main(int argc, char *argv[])
+{
+  FILE * f;
+  char buf[10];
+
+  f = fopen("TestInputFile1", "r");
+  assert(f != NULL);
+
+  /*  BAD  */
+  fgets(buf, 11, f); /* { dg-warning "stack-based buffer overflow" "PR analyzer/105895" { xfail *-*-* } } */
+
+  fclose(f);
+
+
+  return 0;
+}