From ab923f680bdfabc5d66d05d078752367cac0a6f8 Mon Sep 17 00:00:00 2001 From: David Malcolm Date: Thu, 2 Dec 2021 14:40:34 -0500 Subject: [PATCH] FIXME: WIP on enabling taint state machine by default (PR analyzer/103533) --- gcc/analyzer/sm-taint.cc | 2 +- gcc/analyzer/sm.cc | 4 ++ gcc/doc/invoke.texi | 63 ++++--------------- .../gcc.dg/analyzer/attr-tainted_args-1.c | 3 - gcc/testsuite/gcc.dg/analyzer/fread-1.c | 2 - gcc/testsuite/gcc.dg/analyzer/pr104029.c | 3 - gcc/testsuite/gcc.dg/analyzer/pr93382.c | 2 - .../gcc.dg/analyzer/taint-CVE-2011-2210-1.c | 3 - .../gcc.dg/analyzer/taint-CVE-2020-13143-1.c | 3 - .../gcc.dg/analyzer/taint-CVE-2020-13143-2.c | 3 - .../gcc.dg/analyzer/taint-CVE-2020-13143.h | 3 - gcc/testsuite/gcc.dg/analyzer/taint-alloc-1.c | 2 - gcc/testsuite/gcc.dg/analyzer/taint-alloc-2.c | 3 - gcc/testsuite/gcc.dg/analyzer/taint-alloc-3.c | 3 - gcc/testsuite/gcc.dg/analyzer/taint-alloc-4.c | 3 - gcc/testsuite/gcc.dg/analyzer/taint-alloc-5.c | 3 - .../gcc.dg/analyzer/taint-assert-BUG_ON.c | 3 - .../analyzer/taint-assert-macro-expansion.c | 3 - .../analyzer/taint-assert-system-header.c | 3 - gcc/testsuite/gcc.dg/analyzer/taint-assert.c | 3 - .../gcc.dg/analyzer/taint-divisor-1.c | 3 - gcc/testsuite/gcc.dg/analyzer/taint-merger.c | 3 - gcc/testsuite/gcc.dg/analyzer/taint-ops.c | 1 + .../gcc.dg/analyzer/taint-read-index-1.c | 3 - .../gcc.dg/analyzer/taint-read-offset-1.c | 3 - gcc/testsuite/gcc.dg/analyzer/taint-realloc.c | 3 - gcc/testsuite/gcc.dg/analyzer/taint-size-1.c | 3 - .../analyzer/taint-size-access-attr-1.c | 3 +- .../gcc.dg/analyzer/taint-write-index-1.c | 3 - .../gcc.dg/analyzer/taint-write-offset-1.c | 3 - .../analyzer/torture/taint-read-index-2.c | 2 - .../analyzer/torture/taint-read-index-3.c | 2 - .../plugin/taint-CVE-2011-0521-1-fixed.c | 2 - .../gcc.dg/plugin/taint-CVE-2011-0521-1.c | 2 - .../plugin/taint-CVE-2011-0521-2-fixed.c | 5 -- .../gcc.dg/plugin/taint-CVE-2011-0521-2.c | 2 - .../plugin/taint-CVE-2011-0521-3-fixed.c | 5 -- .../gcc.dg/plugin/taint-CVE-2011-0521-3.c | 2 - .../gcc.dg/plugin/taint-CVE-2011-0521-4.c | 4 +- .../plugin/taint-CVE-2011-0521-5-fixed.c | 3 +- .../gcc.dg/plugin/taint-CVE-2011-0521-5.c | 3 +- .../gcc.dg/plugin/taint-CVE-2011-0521-6.c | 3 +- .../gcc.dg/plugin/taint-antipatterns-1.c | 3 +- 43 files changed, 24 insertions(+), 159 deletions(-) diff --git a/gcc/analyzer/sm-taint.cc b/gcc/analyzer/sm-taint.cc index a2b442a4ef2..d69b05fa020 100644 --- a/gcc/analyzer/sm-taint.cc +++ b/gcc/analyzer/sm-taint.cc @@ -1,4 +1,4 @@ -/* An experimental state machine, for tracking "taint": unsanitized uses +/* A state machine for tracking "taint": unsanitized uses of data potentially under an attacker's control. Copyright (C) 2019-2022 Free Software Foundation, Inc. diff --git a/gcc/analyzer/sm.cc b/gcc/analyzer/sm.cc index 1f329cb11d0..31bcf6e2f8e 100644 --- a/gcc/analyzer/sm.cc +++ b/gcc/analyzer/sm.cc @@ -188,10 +188,14 @@ make_checkers (auto_delete_vec &out, logger *logger) out.safe_push (make_malloc_state_machine (logger)); out.safe_push (make_fileptr_state_machine (logger)); out.safe_push (make_fd_state_machine (logger)); +#if 1 + out.safe_push (make_taint_state_machine (logger)); +#else /* The "taint" checker must be explicitly enabled (as it currently leads to state explosions that stop the other checkers working). */ if (flag_analyzer_checker) out.safe_push (make_taint_state_machine (logger)); +#endif out.safe_push (make_sensitive_state_machine (logger)); out.safe_push (make_signal_state_machine (logger)); out.safe_push (make_va_list_state_machine (logger)); diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi index 80d942917bd..a76e38c1c4f 100644 --- a/gcc/doc/invoke.texi +++ b/gcc/doc/invoke.texi @@ -10093,6 +10093,12 @@ Enabling this option effectively enables the following warnings: -Wanalyzer-shift-count-negative @gol -Wanalyzer-shift-count-overflow @gol -Wanalyzer-stale-setjmp-buffer @gol +-Wanalyzer-tainted-allocation-size @gol +-Wanalyzer-tainted-array-index @gol +-Wanalyzer-tainted-assertion @gol +-Wanalyzer-tainted-divisor @gol +-Wanalyzer-tainted-offset @gol +-Wanalyzer-tainted-size @gol -Wanalyzer-unsafe-call-within-signal-handler @gol -Wanalyzer-use-after-free @gol -Wanalyzer-use-of-pointer-in-stale-stack-frame @gol @@ -10104,13 +10110,6 @@ Enabling this option effectively enables the following warnings: -Wanalyzer-write-to-const @gol -Wanalyzer-write-to-string-literal @gol } -@ignore --Wanalyzer-tainted-allocation-size @gol --Wanalyzer-tainted-array-index @gol --Wanalyzer-tainted-divisor @gol --Wanalyzer-tainted-offset @gol --Wanalyzer-tainted-size @gol -@end ignore This option is only available if GCC was configured with analyzer support enabled. @@ -10532,8 +10531,7 @@ no longer exists, and likely lead to a crash (or worse). @item -Wno-analyzer-tainted-allocation-size @opindex Wanalyzer-tainted-allocation-size @opindex Wno-analyzer-tainted-allocation-size -This warning requires both @option{-fanalyzer} and -@option{-fanalyzer-checker=taint} to enable it; +This warning requires @option{-fanalyzer} which enables it; use @option{-Wno-analyzer-tainted-allocation-size} to disable it. This diagnostic warns for paths through the code in which a value @@ -10548,8 +10546,7 @@ See @uref{https://cwe.mitre.org/data/definitions/789.html, CWE-789: Memory Alloc @opindex Wanalyzer-tainted-assertion @opindex Wno-analyzer-tainted-assertion -This warning requires both @option{-fanalyzer} and -@option{-fanalyzer-checker=taint} to enable it; +This warning requires @option{-fanalyzer} which enables it; use @option{-Wno-analyzer-tainted-assertion} to disable it. This diagnostic warns for paths through the code in which a value @@ -10610,8 +10607,7 @@ despite the above not being an assertion failure, strictly speaking. @item -Wno-analyzer-tainted-array-index @opindex Wanalyzer-tainted-array-index @opindex Wno-analyzer-tainted-array-index -This warning requires both @option{-fanalyzer} and -@option{-fanalyzer-checker=taint} to enable it; +This warning requires @option{-fanalyzer} which enables it; use @option{-Wno-analyzer-tainted-array-index} to disable it. This diagnostic warns for paths through the code in which a value @@ -10624,8 +10620,7 @@ See @uref{https://cwe.mitre.org/data/definitions/129.html, CWE-129: Improper Val @item -Wno-analyzer-tainted-divisor @opindex Wanalyzer-tainted-divisor @opindex Wno-analyzer-tainted-divisor -This warning requires both @option{-fanalyzer} and -@option{-fanalyzer-checker=taint} to enable it; +This warning requires @option{-fanalyzer} which enables it; use @option{-Wno-analyzer-tainted-divisor} to disable it. This diagnostic warns for paths through the code in which a value @@ -10638,8 +10633,7 @@ See @uref{https://cwe.mitre.org/data/definitions/369.html, CWE-369: Divide By Ze @item -Wno-analyzer-tainted-offset @opindex Wanalyzer-tainted-offset @opindex Wno-analyzer-tainted-offset -This warning requires both @option{-fanalyzer} and -@option{-fanalyzer-checker=taint} to enable it; +This warning requires @option{-fanalyzer} which enables it; use @option{-Wno-analyzer-tainted-offset} to disable it. This diagnostic warns for paths through the code in which a value @@ -10652,8 +10646,7 @@ See @uref{https://cwe.mitre.org/data/definitions/823.html, CWE-823: Use of Out-o @item -Wno-analyzer-tainted-size @opindex Wanalyzer-tainted-size @opindex Wno-analyzer-tainted-size -This warning requires both @option{-fanalyzer} and -@option{-fanalyzer-checker=taint} to enable it; +This warning requires @option{-fanalyzer} which enables it; use @option{-Wno-analyzer-tainted-size} to disable it. This diagnostic warns for paths through the code in which a value @@ -10897,38 +10890,6 @@ call site, and that are sufficiently complicated (as per @opindex fanalyzer-checker Restrict the analyzer to run just the named checker, and enable it. -Some checkers are disabled by default (even with @option{-fanalyzer}), -such as the @code{taint} checker that implements -@option{-Wanalyzer-tainted-array-index}, and this option is required -to enable them. - -@emph{Note:} currently, @option{-fanalyzer-checker=taint} disables the -following warnings from @option{-fanalyzer}: - -@gccoptlist{ @gol --Wanalyzer-deref-before-check @gol --Wanalyzer-double-fclose @gol --Wanalyzer-double-free @gol --Wanalyzer-exposure-through-output-file @gol --Wanalyzer-fd-access-mode-mismatch @gol --Wanalyzer-fd-double-close @gol --Wanalyzer-fd-leak @gol --Wanalyzer-fd-use-after-close @gol --Wanalyzer-fd-use-without-check @gol --Wanalyzer-file-leak @gol --Wanalyzer-free-of-non-heap @gol --Wanalyzer-malloc-leak @gol --Wanalyzer-mismatching-deallocation @gol --Wanalyzer-null-argument @gol --Wanalyzer-null-dereference @gol --Wanalyzer-possible-null-argument @gol --Wanalyzer-possible-null-dereference @gol --Wanalyzer-unsafe-call-within-signal-handler @gol --Wanalyzer-use-after-free @gol --Wanalyzer-va-list-leak @gol --Wanalyzer-va-list-use-after-va-end @gol -} - @item -fno-analyzer-feasibility @opindex fanalyzer-feasibility @opindex fno-analyzer-feasibility diff --git a/gcc/testsuite/gcc.dg/analyzer/attr-tainted_args-1.c b/gcc/testsuite/gcc.dg/analyzer/attr-tainted_args-1.c index e1d87c9cece..aaae0276deb 100644 --- a/gcc/testsuite/gcc.dg/analyzer/attr-tainted_args-1.c +++ b/gcc/testsuite/gcc.dg/analyzer/attr-tainted_args-1.c @@ -1,6 +1,3 @@ -// TODO: remove need for this option -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - #include "analyzer-decls.h" struct arg_buf diff --git a/gcc/testsuite/gcc.dg/analyzer/fread-1.c b/gcc/testsuite/gcc.dg/analyzer/fread-1.c index 593cb7f4aa0..467467ee8a6 100644 --- a/gcc/testsuite/gcc.dg/analyzer/fread-1.c +++ b/gcc/testsuite/gcc.dg/analyzer/fread-1.c @@ -1,5 +1,3 @@ -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - typedef __SIZE_TYPE__ size_t; extern size_t fread (void *, size_t, size_t, void *); diff --git a/gcc/testsuite/gcc.dg/analyzer/pr104029.c b/gcc/testsuite/gcc.dg/analyzer/pr104029.c index adf15ed356f..46f1041939d 100644 --- a/gcc/testsuite/gcc.dg/analyzer/pr104029.c +++ b/gcc/testsuite/gcc.dg/analyzer/pr104029.c @@ -1,6 +1,3 @@ -// TODO: remove need for this option -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - typedef __SIZE_TYPE__ size_t; typedef const void *t_comptype; typedef int (*t_compfunc)(t_comptype, t_comptype); diff --git a/gcc/testsuite/gcc.dg/analyzer/pr93382.c b/gcc/testsuite/gcc.dg/analyzer/pr93382.c index 1e6612ddc05..91eab2192ad 100644 --- a/gcc/testsuite/gcc.dg/analyzer/pr93382.c +++ b/gcc/testsuite/gcc.dg/analyzer/pr93382.c @@ -1,5 +1,3 @@ -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - typedef __SIZE_TYPE__ size_t; int idx; diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-CVE-2011-2210-1.c b/gcc/testsuite/gcc.dg/analyzer/taint-CVE-2011-2210-1.c index b44be993568..fa89bda6f0f 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-CVE-2011-2210-1.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-CVE-2011-2210-1.c @@ -7,9 +7,6 @@ Fixed in 3d0475119d8722798db5e88f26493f6547a4bb5b on linux-2.6.39.y in linux-stable. */ -// TODO: remove need for this option: -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - #include "analyzer-decls.h" #include "test-uaccess.h" diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-CVE-2020-13143-1.c b/gcc/testsuite/gcc.dg/analyzer/taint-CVE-2020-13143-1.c index 328c5799145..1b81c1bb1f8 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-CVE-2020-13143-1.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-CVE-2020-13143-1.c @@ -1,9 +1,6 @@ /* See notes in this header. */ #include "taint-CVE-2020-13143.h" -// TODO: remove need for this option -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - struct configfs_attribute { /* [...snip...] */ ssize_t (*store)(struct config_item *, const char *, size_t) /* { dg-message "\\(1\\) field 'store' of 'struct configfs_attribute' is marked with '__attribute__\\(\\(tainted_args\\)\\)'" } */ diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-CVE-2020-13143-2.c b/gcc/testsuite/gcc.dg/analyzer/taint-CVE-2020-13143-2.c index c74a460b01e..f53e42bd6aa 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-CVE-2020-13143-2.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-CVE-2020-13143-2.c @@ -1,9 +1,6 @@ /* See notes in this header. */ #include "taint-CVE-2020-13143.h" -// TODO: remove need for this option -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - struct configfs_attribute { /* [...snip...] */ ssize_t (*store)(struct config_item *, const char *, size_t) /* { dg-message "\\(1\\) field 'store' of 'struct configfs_attribute' is marked with '__attribute__\\(\\(tainted_args\\)\\)'" } */ diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-CVE-2020-13143.h b/gcc/testsuite/gcc.dg/analyzer/taint-CVE-2020-13143.h index 0ba023539af..93f90d49013 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-CVE-2020-13143.h +++ b/gcc/testsuite/gcc.dg/analyzer/taint-CVE-2020-13143.h @@ -8,9 +8,6 @@ Fixed by 15753588bcd4bbffae1cca33c8ced5722477fe1f on linux-5.7.y in linux-stable. */ -// TODO: remove need for this option -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - #include /* Adapted from include/uapi/asm-generic/posix_types.h */ diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-alloc-1.c b/gcc/testsuite/gcc.dg/analyzer/taint-alloc-1.c index cb2db6c69cf..dfb585bc613 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-alloc-1.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-alloc-1.c @@ -1,5 +1,3 @@ -// TODO: remove need for this option -/* { dg-additional-options "-fanalyzer-checker=taint" } */ /* { dg-require-effective-target alloca } */ #include "analyzer-decls.h" diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-alloc-2.c b/gcc/testsuite/gcc.dg/analyzer/taint-alloc-2.c index 72dbca5cbf0..68fbce9188c 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-alloc-2.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-alloc-2.c @@ -1,6 +1,3 @@ -// TODO: remove need for this option: -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - #include "analyzer-decls.h" #include #include diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-alloc-3.c b/gcc/testsuite/gcc.dg/analyzer/taint-alloc-3.c index 80d8f0b8247..ce6a3271d2a 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-alloc-3.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-alloc-3.c @@ -1,6 +1,3 @@ -// TODO: remove need for this option: -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - #include "analyzer-decls.h" #include #include diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-alloc-4.c b/gcc/testsuite/gcc.dg/analyzer/taint-alloc-4.c index bd47097b1d5..9df9422491c 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-alloc-4.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-alloc-4.c @@ -1,6 +1,3 @@ -// TODO: remove need for this option: -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - #include "analyzer-decls.h" #include #include diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-alloc-5.c b/gcc/testsuite/gcc.dg/analyzer/taint-alloc-5.c index 9a159800c61..18dbff0298e 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-alloc-5.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-alloc-5.c @@ -1,6 +1,3 @@ -// TODO: remove need for this option -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - #include "analyzer-decls.h" struct foo diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-assert-BUG_ON.c b/gcc/testsuite/gcc.dg/analyzer/taint-assert-BUG_ON.c index 8aef0a44a6d..328940d2983 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-assert-BUG_ON.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-assert-BUG_ON.c @@ -1,6 +1,3 @@ -// TODO: remove need for this option -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - /* We need this, otherwise the warnings are emitted inside the macros, which makes it hard to write the DejaGnu directives. */ /* { dg-additional-options " -ftrack-macro-expansion=0" } */ diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-assert-macro-expansion.c b/gcc/testsuite/gcc.dg/analyzer/taint-assert-macro-expansion.c index 24b175a0973..78357ae62b8 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-assert-macro-expansion.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-assert-macro-expansion.c @@ -2,9 +2,6 @@ -Wanalyzer-tainted-assertion with macro-tracking enabled (the default). */ -// TODO: remove need for this option -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - /* { dg-additional-options "-fdiagnostics-show-path-depths" } */ /* { dg-additional-options "-fdiagnostics-path-format=inline-events -fdiagnostics-show-caret" } */ diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-assert-system-header.c b/gcc/testsuite/gcc.dg/analyzer/taint-assert-system-header.c index a65853c7886..bd47ab79188 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-assert-system-header.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-assert-system-header.c @@ -3,9 +3,6 @@ (the default), where the assertion macro is defined in a system header. */ -// TODO: remove need for this option -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - /* { dg-additional-options "-fdiagnostics-show-path-depths" } */ /* { dg-additional-options "-fdiagnostics-path-format=inline-events -fdiagnostics-show-caret" } */ diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-assert.c b/gcc/testsuite/gcc.dg/analyzer/taint-assert.c index b09f8c51a16..855ed5f705f 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-assert.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-assert.c @@ -1,6 +1,3 @@ -// TODO: remove need for this option -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - /* We need this, otherwise the warnings are emitted inside the macros, which makes it hard to write the DejaGnu directives. */ /* { dg-additional-options " -ftrack-macro-expansion=0" } */ diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-divisor-1.c b/gcc/testsuite/gcc.dg/analyzer/taint-divisor-1.c index b7c1faef1c4..438a2095382 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-divisor-1.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-divisor-1.c @@ -1,6 +1,3 @@ -// TODO: remove need for this option: -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - #include "analyzer-decls.h" #include diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-merger.c b/gcc/testsuite/gcc.dg/analyzer/taint-merger.c index e4e48f3db03..b7d562b9704 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-merger.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-merger.c @@ -1,6 +1,3 @@ -/* { dg-additional-options "-fanalyzer-checker=taint" } */ -// TODO: remove need for this option - #include "analyzer-decls.h" int v_start; diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-ops.c b/gcc/testsuite/gcc.dg/analyzer/taint-ops.c index 729dbe53a0c..753500d5693 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-ops.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-ops.c @@ -2,6 +2,7 @@ // TODO: remove need for this option /* This test can probably be removed when -fanalyzer enables the taint checker by default. */ +// FIXME: remove it? #include "analyzer-decls.h" diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-read-index-1.c b/gcc/testsuite/gcc.dg/analyzer/taint-read-index-1.c index 71c0816fd1f..1ec78b52629 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-read-index-1.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-read-index-1.c @@ -1,6 +1,3 @@ -// TODO: remove need for this option: -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - #include #include #include diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-read-offset-1.c b/gcc/testsuite/gcc.dg/analyzer/taint-read-offset-1.c index 6db59bcc615..bb5d0930cdb 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-read-offset-1.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-read-offset-1.c @@ -1,6 +1,3 @@ -// TODO: remove need for this option: -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - #include #include #include diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-realloc.c b/gcc/testsuite/gcc.dg/analyzer/taint-realloc.c index bd0ed0010fb..27e36afea64 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-realloc.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-realloc.c @@ -1,6 +1,3 @@ -// TODO: remove need for this option: -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - #include "analyzer-decls.h" #include #include diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-size-1.c b/gcc/testsuite/gcc.dg/analyzer/taint-size-1.c index 0b166f7a86a..e0fa3fb0cb3 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-size-1.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-size-1.c @@ -1,6 +1,3 @@ -// TODO: remove need for this option: -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - #include "analyzer-decls.h" #include #include diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-size-access-attr-1.c b/gcc/testsuite/gcc.dg/analyzer/taint-size-access-attr-1.c index 7d243a9570f..d4da3d77fa1 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-size-access-attr-1.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-size-access-attr-1.c @@ -1,8 +1,7 @@ /* Passing tainted sizes to external functions with attribute ((access)) with a size-index. */ -// TODO: remove need for the explicit taint option: -/* { dg-additional-options "-fanalyzer-checker=taint -fanalyzer-show-duplicate-count" } */ +/* { dg-additional-options "-fanalyzer-show-duplicate-count" } */ #include "analyzer-decls.h" #include diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-write-index-1.c b/gcc/testsuite/gcc.dg/analyzer/taint-write-index-1.c index cc7ab1ca4f6..62222069578 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-write-index-1.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-write-index-1.c @@ -1,6 +1,3 @@ -// TODO: remove need for this option: -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - #include #include #include diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-write-offset-1.c b/gcc/testsuite/gcc.dg/analyzer/taint-write-offset-1.c index d0df6220315..21794ce4cf8 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-write-offset-1.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-write-offset-1.c @@ -1,6 +1,3 @@ -// TODO: remove need for this option: -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - #include #include #include diff --git a/gcc/testsuite/gcc.dg/analyzer/torture/taint-read-index-2.c b/gcc/testsuite/gcc.dg/analyzer/torture/taint-read-index-2.c index b3dc177cb14..81421330e8d 100644 --- a/gcc/testsuite/gcc.dg/analyzer/torture/taint-read-index-2.c +++ b/gcc/testsuite/gcc.dg/analyzer/torture/taint-read-index-2.c @@ -1,5 +1,3 @@ -// TODO: remove need for the taint option: -/* { dg-additional-options "-fanalyzer-checker=taint" } */ /* { dg-skip-if "" { *-*-* } { "-fno-fat-lto-objects" } { "" } } */ #define LOWER_LIMIT 5 diff --git a/gcc/testsuite/gcc.dg/analyzer/torture/taint-read-index-3.c b/gcc/testsuite/gcc.dg/analyzer/torture/taint-read-index-3.c index 8eb6061a08b..86bdedede7e 100644 --- a/gcc/testsuite/gcc.dg/analyzer/torture/taint-read-index-3.c +++ b/gcc/testsuite/gcc.dg/analyzer/torture/taint-read-index-3.c @@ -1,5 +1,3 @@ -// TODO: remove need for the taint option: -/* { dg-additional-options "-fanalyzer-checker=taint" } */ /* { dg-skip-if "" { *-*-* } { "-fno-fat-lto-objects" } { "" } } */ struct raw_ep { diff --git a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-1-fixed.c b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-1-fixed.c index 0ca8137c3ef..7ca0c8ee48b 100644 --- a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-1-fixed.c +++ b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-1-fixed.c @@ -1,6 +1,4 @@ /* { dg-do compile } */ -// TODO: remove need for -fanalyzer-checker=taint here: -/* { dg-options "-fanalyzer -fanalyzer-checker=taint" } */ /* { dg-require-effective-target analyzer } */ /* See notes in this header. */ diff --git a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-1.c b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-1.c index cde12b3b761..6aa62a30e42 100644 --- a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-1.c +++ b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-1.c @@ -1,6 +1,4 @@ /* { dg-do compile } */ -// TODO: remove need for -fanalyzer-checker=taint here: -/* { dg-options "-fanalyzer -fanalyzer-checker=taint" } */ /* { dg-require-effective-target analyzer } */ /* See notes in this header. */ diff --git a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-2-fixed.c b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-2-fixed.c index 8a211cefe4e..b962e9dfb79 100644 --- a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-2-fixed.c +++ b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-2-fixed.c @@ -1,14 +1,9 @@ /* { dg-do compile } */ -// TODO: remove need for -fanalyzer-checker=taint here: -/* { dg-options "-fanalyzer -fanalyzer-checker=taint" } */ /* { dg-require-effective-target analyzer } */ /* See notes in this header. */ #include "taint-CVE-2011-0521.h" -// TODO: remove need for this option -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - /* Adapted from drivers/media/dvb/ttpci/av7110_ca.c */ int dvb_ca_ioctl(struct file *file, unsigned int cmd, void *parg) diff --git a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-2.c b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-2.c index 30cab38e002..70bb4b35320 100644 --- a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-2.c +++ b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-2.c @@ -1,6 +1,4 @@ /* { dg-do compile } */ -// TODO: remove need for -fanalyzer-checker=taint here: -/* { dg-options "-fanalyzer -fanalyzer-checker=taint" } */ /* { dg-require-effective-target analyzer } */ /* See notes in this header. */ diff --git a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-3-fixed.c b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-3-fixed.c index b7852b40dcf..df8ba5b4e27 100644 --- a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-3-fixed.c +++ b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-3-fixed.c @@ -1,14 +1,9 @@ /* { dg-do compile } */ -// TODO: remove need for -fanalyzer-checker=taint here: -/* { dg-options "-fanalyzer -fanalyzer-checker=taint" } */ /* { dg-require-effective-target analyzer } */ /* See notes in this header. */ #include "taint-CVE-2011-0521.h" -// TODO: remove need for this option -/* { dg-additional-options "-fanalyzer-checker=taint" } */ - /* Adapted from drivers/media/dvb/ttpci/av7110_ca.c */ int dvb_ca_ioctl(struct file *file, unsigned int cmd, void *parg) diff --git a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-3.c b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-3.c index 6b9e034eea7..183348faa71 100644 --- a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-3.c +++ b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-3.c @@ -1,6 +1,4 @@ /* { dg-do compile } */ -// TODO: remove need for -fanalyzer-checker=taint here: -/* { dg-options "-fanalyzer -fanalyzer-checker=taint" } */ /* { dg-require-effective-target analyzer } */ /* See notes in this header. */ diff --git a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-4.c b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-4.c index f314c64ce70..3a0e1ff76ca 100644 --- a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-4.c +++ b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-4.c @@ -1,8 +1,6 @@ /* { dg-do compile } */ -// TODO: remove need for -fanalyzer-checker=taint here: // TODO: remove need for --param=analyzer-max-svalue-depth=25 here: -/* { dg-options "-fanalyzer -fanalyzer-checker=taint --param=analyzer-max-svalue-depth=25" } */ -/* { dg-options "-fanalyzer -fanalyzer-checker=taint" } */ +/* { dg-options "-fanalyzer --param=analyzer-max-svalue-depth=25" } */ /* { dg-require-effective-target analyzer } */ /* See notes in this header. */ diff --git a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-5-fixed.c b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-5-fixed.c index 8cb067c6542..c22d1481900 100644 --- a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-5-fixed.c +++ b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-5-fixed.c @@ -1,7 +1,6 @@ /* { dg-do compile } */ -// TODO: remove need for -fanalyzer-checker=taint here: // TODO: remove need for --param=analyzer-max-svalue-depth=25 here: -/* { dg-options "-fanalyzer -fanalyzer-checker=taint --param=analyzer-max-svalue-depth=25" } */ +/* { dg-options "-fanalyzer --param=analyzer-max-svalue-depth=25" } */ /* { dg-require-effective-target analyzer } */ /* See notes in this header. */ diff --git a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-5.c b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-5.c index 4ce047902d3..66f334a61a1 100644 --- a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-5.c +++ b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-5.c @@ -1,7 +1,6 @@ /* { dg-do compile } */ -// TODO: remove need for -fanalyzer-checker=taint here: // TODO: remove need for --param=analyzer-max-svalue-depth=25 here: -/* { dg-options "-fanalyzer -fanalyzer-checker=taint --param=analyzer-max-svalue-depth=25" } */ +/* { dg-options "-fanalyzer --param=analyzer-max-svalue-depth=25" } */ /* { dg-require-effective-target analyzer } */ /* See notes in this header. */ diff --git a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-6.c b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-6.c index c54af790a56..5af799158b1 100644 --- a/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-6.c +++ b/gcc/testsuite/gcc.dg/plugin/taint-CVE-2011-0521-6.c @@ -1,7 +1,6 @@ /* { dg-do compile } */ -// TODO: remove need for -fanalyzer-checker=taint here: // TODO: remove need for --param=analyzer-max-svalue-depth=25 here: -/* { dg-options "-fanalyzer -fanalyzer-checker=taint --param=analyzer-max-svalue-depth=25" } */ +/* { dg-options "-fanalyzer --param=analyzer-max-svalue-depth=25" } */ /* { dg-require-effective-target analyzer } */ /* See notes in this header. */ diff --git a/gcc/testsuite/gcc.dg/plugin/taint-antipatterns-1.c b/gcc/testsuite/gcc.dg/plugin/taint-antipatterns-1.c index 6bb6f1be25c..cdd9a4f1f50 100644 --- a/gcc/testsuite/gcc.dg/plugin/taint-antipatterns-1.c +++ b/gcc/testsuite/gcc.dg/plugin/taint-antipatterns-1.c @@ -1,6 +1,5 @@ /* { dg-do compile } */ -// TODO: remove need for -fanalyzer-checker=taint here: -/* { dg-options "-fanalyzer -fanalyzer-checker=taint" } */ +/* { dg-options "-fanalyzer" } */ /* { dg-require-effective-target analyzer } */ #include "test-uaccess.h" -- 2.26.3