From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 27996 invoked by alias); 20 Dec 2019 01:21:54 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Received: (qmail 27910 invoked by uid 89); 20 Dec 2019 01:21:53 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-23.0 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3 autolearn=ham version=3.3.1 spammy=H*MI:sk:2019122, H*i:sk:2019122, H*f:sk:2019122, numerous X-HELO: us-smtp-delivery-1.mimecast.com Received: from us-smtp-1.mimecast.com (HELO us-smtp-delivery-1.mimecast.com) (207.211.31.81) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 20 Dec 2019 01:21:51 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1576804909; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=hDUOu0LYbyRbdBWv5yM8g8ptKB7EJZAMijUpwTPSjZg=; b=eeiVe7Lk151Do08gLo9sn6bATUS9Y2EU1p1a7MJhNPtAsjenPEvtp+a5eJx+akBQ6jg5KK JtAckbjJvtJ5zlpypxLaLTAYNG8QqTKzPCVSPozXgH8pFmv8x6AzjO4UY9oVPGnw5M9pcO Juc1fzkJOxoXXfogabXkAbx0lSsRYEw= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-193-hH7RuI4GObiqKouCt2xdFw-1; Thu, 19 Dec 2019 20:21:48 -0500 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 66D431856A60 for ; Fri, 20 Dec 2019 01:21:47 +0000 (UTC) Received: from t470.redhat.com (ovpn-116-206.phx2.redhat.com [10.3.116.206]) by smtp.corp.redhat.com (Postfix) with ESMTP id D9CA463B8A; Fri, 20 Dec 2019 01:21:46 +0000 (UTC) From: David Malcolm To: law@redhat.com, gcc-patches@gcc.gnu.org Cc: David Malcolm Subject: [PATCH 3/4] analyzer: add known stdio functions to sm-file.cc (PR analyzer/58237) Date: Fri, 20 Dec 2019 01:22:00 -0000 Message-Id: <20191220012138.6820-4-dmalcolm@redhat.com> In-Reply-To: <20191220012138.6820-1-dmalcolm@redhat.com> References: <20191220012138.6820-1-dmalcolm@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable X-IsSubscribed: yes X-SW-Source: 2019-12/txt/msg01426.txt.bz2 The analyzer ought to report various file leaks for the reproducer in PR analyzer/58237, such as: void f1(const char *str) { FILE * fp =3D fopen(str, "r"); char buf[10]; while (fgets(buf, 10, fp) !=3D NULL) { /* Do something with buf */ } /* Missing call to fclose. Need warning here for resource leak */ } but fails to do so, due to not recognizing fgets, and thus conservatively assuming that it could close "fp". This patch adds a function_set to sm-file.cc of numerous stdio.h functions that are known to not close the file (and which require a valid FILE *, but that's a matter for a followup), fixing the issue. gcc/analyzer/ChangeLog: PR analyzer/58237 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call selftest::analyzer_sm_file_cc_tests. * analyzer-selftests.h (selftest::analyzer_sm_file_cc_tests): New decl. * sm-file.cc: Include "analyzer/function-set.h" and "analyzer/analyzer-selftests.h". (get_file_using_fns): New function. (is_file_using_fn_p): New function. (fileptr_state_machine::on_stmt): Return true for known functions. (selftest::analyzer_sm_file_cc_tests): New function. gcc/testsuite/ChangeLog: PR analyzer/58237 * gcc.dg/analyzer/file-1.c (test_4): New. * gcc.dg/analyzer/file-pr58237.c: New test. --- gcc/analyzer/analyzer-selftests.cc | 1 + gcc/analyzer/analyzer-selftests.h | 1 + gcc/analyzer/sm-file.cc | 102 ++++++++++++++++++- gcc/testsuite/gcc.dg/analyzer/file-1.c | 12 +++ gcc/testsuite/gcc.dg/analyzer/file-pr58237.c | 72 +++++++++++++ 5 files changed, 187 insertions(+), 1 deletion(-) create mode 100644 gcc/testsuite/gcc.dg/analyzer/file-pr58237.c diff --git a/gcc/analyzer/analyzer-selftests.cc b/gcc/analyzer/analyzer-sel= ftests.cc index f90dad8e991f..182862428e31 100644 --- a/gcc/analyzer/analyzer-selftests.cc +++ b/gcc/analyzer/analyzer-selftests.cc @@ -53,6 +53,7 @@ run_analyzer_selftests () analyzer_program_point_cc_tests (); analyzer_program_state_cc_tests (); analyzer_region_model_cc_tests (); + analyzer_sm_file_cc_tests (); analyzer_sm_signal_cc_tests (); #endif /* #if ENABLE_ANALYZER */ } diff --git a/gcc/analyzer/analyzer-selftests.h b/gcc/analyzer/analyzer-self= tests.h index 225b717c9d13..ce336c0b2b41 100644 --- a/gcc/analyzer/analyzer-selftests.h +++ b/gcc/analyzer/analyzer-selftests.h @@ -37,6 +37,7 @@ extern void analyzer_function_set_cc_tests (); extern void analyzer_program_point_cc_tests (); extern void analyzer_program_state_cc_tests (); extern void analyzer_region_model_cc_tests (); +extern void analyzer_sm_file_cc_tests (); extern void analyzer_sm_signal_cc_tests (); =20 } /* end of namespace selftest. */ diff --git a/gcc/analyzer/sm-file.cc b/gcc/analyzer/sm-file.cc index e4eeb1f41be9..9a8ce4911d07 100644 --- a/gcc/analyzer/sm-file.cc +++ b/gcc/analyzer/sm-file.cc @@ -31,6 +31,8 @@ along with GCC; see the file COPYING3. If not see #include "analyzer/analyzer.h" #include "analyzer/pending-diagnostic.h" #include "analyzer/sm.h" +#include "analyzer/function-set.h" +#include "analyzer/analyzer-selftests.h" =20 #if ENABLE_ANALYZER =20 @@ -213,6 +215,82 @@ fileptr_state_machine::fileptr_state_machine (logger *= logger) m_stop =3D add_state ("stop"); } =20 +/* Get a set of functions that are known to take a FILE * that must be ope= n, + and are known to not close it. */ + +static function_set +get_file_using_fns () +{ + // TODO: populate this list more fully + static const char * const funcnames[] =3D { + /* This array must be kept sorted. */ + "__fbufsize", + "__flbf", + "__fpending", + "__fpurge" + "__freadable", + "__freading", + "__fsetlocking", + "__fwritable", + "__fwriting", + "clearerr", + "clearerr_unlocked", + "feof", + "feof_unlocked", + "ferror", + "ferror_unlocked", + "fflush", // safe to call with NULL + "fflush_unlocked", // safe to call with NULL + "fgetc", + "fgetc_unlocked", + "fgetpos", + "fgets", + "fgets_unlocked", + "fgetwc_unlocked", + "fgetws_unlocked", + "fileno", + "fileno_unlocked", + "fprintf", + "fputc", + "fputc_unlocked", + "fputs", + "fputs_unlocked", + "fputwc_unlocked", + "fputws_unlocked", + "fread_unlocked", + "fseek", + "fsetpos", + "ftell", + "fwrite_unlocked", + "getc", + "getc_unlocked", + "getwc_unlocked", + "putc", + "putc_unlocked", + "rewind", + "setbuf", + "setbuffer", + "setlinebuf", + "setvbuf", + "ungetc", + "vfprintf" + }; + const size_t count + =3D sizeof(funcnames) / sizeof (funcnames[0]); + function_set fs (funcnames, count); + return fs; +} + +/* Return true if FNDECL is known to require an open FILE *, and is known + to not close it. */ + +static bool +is_file_using_fn_p (tree fndecl) +{ + function_set fs =3D get_file_using_fns (); + return fs.contains_decl_p (fndecl); +} + /* Implementation of state_machine::on_stmt vfunc for fileptr_state_machin= e. */ =20 bool @@ -257,7 +335,11 @@ fileptr_state_machine::on_stmt (sm_context *sm_ctxt, return true; } =20 - // TODO: operations on closed file + if (is_file_using_fn_p (callee_fndecl)) + { + // TODO: operations on unchecked file + return true; + } // etc } =20 @@ -331,4 +413,22 @@ make_fileptr_state_machine (logger *logger) return new fileptr_state_machine (logger); } =20 +#if CHECKING_P + +namespace selftest { + +/* Run all of the selftests within this file. */ + +void +analyzer_sm_file_cc_tests () +{ + function_set fs =3D get_file_using_fns (); + fs.assert_sorted (); + fs.assert_sane (); +} + +} // namespace selftest + +#endif /* CHECKING_P */ + #endif /* #if ENABLE_ANALYZER */ diff --git a/gcc/testsuite/gcc.dg/analyzer/file-1.c b/gcc/testsuite/gcc.dg/= analyzer/file-1.c index 91d9685d9e9e..ba516afc8af0 100644 --- a/gcc/testsuite/gcc.dg/analyzer/file-1.c +++ b/gcc/testsuite/gcc.dg/analyzer/file-1.c @@ -35,3 +35,15 @@ test_3 (const char *path) FILE *f =3D fopen (path, "r"); /* { dg-message "opened here" } */ return; /* { dg-warning "leak of FILE 'f'" } */=20 } + +void +test_4 (const char *path) +{ + FILE *f =3D fopen (path, "r"); /* { dg-message "opened here" } */ + + /* Ensure we know about common fns that are known to not close the + file (e.g. "fseek"). */ + fseek (f, 1024, SEEK_SET); + + return; /* { dg-warning "leak of FILE 'f'" } */=20 +} diff --git a/gcc/testsuite/gcc.dg/analyzer/file-pr58237.c b/gcc/testsuite/g= cc.dg/analyzer/file-pr58237.c new file mode 100644 index 000000000000..68f49c25607a --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/file-pr58237.c @@ -0,0 +1,72 @@ +#include + +void f0(const char *str) +{ + FILE * fp =3D fopen(str, "r"); /* { dg-message "opened here" } */ + char buf[10]; + fgets(buf, 10, fp); +} /* { dg-warning "leak of FILE 'fp'" } */ + +void f1(const char *str) +{ + FILE * fp =3D fopen(str, "r"); /* { dg-message "opened here" } */ + char buf[10]; + + while (fgets(buf, 10, fp) !=3D NULL) + { + /* Do something with buf */ + } +} /* { dg-warning "leak of FILE 'fp'" } */ + +void f2(const char *str, int flag) +{ + FILE * fp =3D fopen(str, "r"); /* { dg-message "opened here" } */ + char buf[10]; + + while (fgets(buf, 10, fp) !=3D NULL) + { + /* Do something with buf */ + } + if (flag) /* { dg-message "when 'flag =3D=3D 0'" } */ + fclose(fp); +} /* { dg-warning "leak of FILE 'fp'" } */ + +extern void called_by_f3( FILE * fp); + +void f3(const char *str) +{ + FILE * fp =3D fopen(str, "r"); + char buf[10]; + + while (fgets(buf, 10, fp) !=3D NULL) + { + /* Do something with buf */ + } + /* Not sure if fclose executed by called_by_f3 or not. Say nothing */ + called_by_f3(fp); +} + +void f4(const char *str) +{ + FILE * fp =3D fopen(str, "r"); + char buf[10]; + + while (fgets(buf, 10, fp) !=3D NULL) + { + /* Do something with buf */ + } + /* Nothing to say here. */ + fclose(fp); +} + +void main(int argc, const char * argv[]) +{ + FILE * fp =3D fopen(argv[0], "r"); + char buf[10]; + + while (fgets(buf, 10, fp) !=3D NULL) + { + /* Do something with buf */ + } + /* Nothing to say here, because we are in main. */ +} --=20 2.21.0