From: Gavin Ray <ray.gavin97@gmail.com>
To: David Malcolm <dmalcolm@redhat.com>
Cc: gcc@gcc.gnu.org
Subject: Re: -fanalyzer: Questions on C vs CPP + use of GCC attr's like malloc()/access()
Date: Fri, 25 Nov 2022 13:55:05 -0500 [thread overview]
Message-ID: <CAFtvWZMKinUBAF2VR1f+y-DdnvxsHq2yi3SOeVj+_LpJKhG5Cg@mail.gmail.com> (raw)
In-Reply-To: <0613ff41dd219231948d4ac7da651e32a6a084a3.camel@redhat.com>
> Unfortunately not: even fairly simple-looking C++ code can generate extra CFG
edges relating to exception-handling ... making the output essentially useless.
Ahh, I had figured the answer might be something like this. Thanks for
confirming. At least from the small codebase I have, swapping from C -> C++ when
compiling preserves all -fanalyzer warnings except for the ones from custom
malloc() attributes, so that's nice.
I won't count on the analyzer being able to do a stellar job though, so I'll
take what I can get =)
> I'm hoping to spend a good chunk of the GCC 14 development cycle working on
> adding C++ support
That's awesome! I hope you'll write some on these changes again -- I really
enjoyed reading your article on the state of Static Analysis in GCC 12 and your
LPC presentation.
I believe that's where I learned about the SARIF exporter, which with the VS
Code extension is just beyond cool!
> The analyzer makes use of the "malloc", "nonnull" and "const" function
attributes. It does make use of the "access" attribute, but only within
-Wanalyzer- tainted-size, for the case where the size param of the access is
attacker-controlled.
Ahh okay, thanks. I currently don't run the taint analysis, as this app is a
database a-la Postgres/SQLite built as a learning exercise/hobby so it's not so
much of a concern.
> the first [[gnu::malloc]] here is redundant, as it's implied by
> [[gnu::malloc(HeapPage_free, 1)]].
Good to know, ty -- it may be useful to modify the 'attribute' docs for these,
because currently it shows combined usage and phrases it as:
"Independently, the form of the attribute with one or two arguments associates
deallocator as a suitable deallocation function..."
__attribute__ ((malloc, malloc (fclose, 1))) FILE* fdopen (int, const char*);
On a related note, the "fd" analyzers warn: "fd may not be valid" but don't
clarify what "valid" means.
I found the DOT diagrams in the analyzer source and it turns out that the key is
to check "if (fd >= 0)". Maybe this could be added to the "fd" analyzer
warnings/info, too?
====================
Anyways, sorry to drone on. I think that the GCC Static Analyzer and the LLVM
Dataflow Analysis Framework are vital for the the evolution of safety and
developer experience in authoring C/C++
Big thanks to all involved and it's exciting to watch the shortlog & follow the
progress from the sidelines =)
next prev parent reply other threads:[~2022-11-25 18:55 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-24 1:49 Gavin Ray
2022-11-25 17:33 ` David Malcolm
2022-11-25 18:55 ` Gavin Ray [this message]
2022-11-26 14:09 ` Jonathan Wakely
2022-11-26 15:48 ` Gavin Ray
2022-11-26 17:47 ` Jonathan Wakely
2022-11-26 18:51 ` David Malcolm
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFtvWZMKinUBAF2VR1f+y-DdnvxsHq2yi3SOeVj+_LpJKhG5Cg@mail.gmail.com \
--to=ray.gavin97@gmail.com \
--cc=dmalcolm@redhat.com \
--cc=gcc@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).