OpenE2K/gcc - gcc - Expired Mentality Git

Go to file

David Malcolm 33255ad3ac analyzer: reimplement -Wanalyzer-use-of-uninitialized-value [PR95006 et al] The initial gcc 10 era commit of the analyzer (in `757bf1dff5`) had an implementation of -Wanalyzer-use-of-uninitialized-value, but was sufficiently buggy that I removed it in `78b9783774` before the release of gcc 10.1 This patch reintroduces the warning, heavily rewritten, with (I hope) a less buggy implementation this time, for GCC 12. gcc/analyzer/ChangeLog: PR analyzer/95006 PR analyzer/94713 PR analyzer/94714 * analyzer.cc (maybe_reconstruct_from_def_stmt): Split out GIMPLE_ASSIGN case into... (get_diagnostic_tree_for_gassign_1): New. (get_diagnostic_tree_for_gassign): New. * analyzer.h (get_diagnostic_tree_for_gassign): New decl. * analyzer.opt (Wanalyzer-write-to-string-literal): New. * constraint-manager.cc (class svalue_purger): New. (constraint_manager::purge_state_involving): New. * constraint-manager.h (constraint_manager::purge_state_involving): New. * diagnostic-manager.cc (saved_diagnostic::supercedes_p): New. (dedupe_winners::handle_interactions): New. (diagnostic_manager::emit_saved_diagnostics): Call it. * diagnostic-manager.h (saved_diagnostic::supercedes_p): New decl. * engine.cc (impl_region_model_context::warn): Convert return type to bool. Return false if the diagnostic isn't saved. (impl_region_model_context::purge_state_involving): New. (impl_sm_context::get_state): Use NULL ctxt when querying old rvalue. (impl_sm_context::set_next_state): Use new sval when querying old state. (class dump_path_diagnostic): Move to region-model.cc (exploded_node::on_stmt): Move to on_stmt_pre and on_stmt_post. Remove call to purge_state_involving. (exploded_node::on_stmt_pre): New, based on the above. Move most of it to region_model::on_stmt_pre. (exploded_node::on_stmt_post): Likewise, moving to region_model::on_stmt_post. (class stale_jmp_buf): Fix parent class to use curiously recurring template pattern. (feasibility_state::maybe_update_for_edge): Call on_call_pre and on_call_post on gcalls. * exploded-graph.h (impl_region_model_context::warn): Return bool. (impl_region_model_context::purge_state_involving): New decl. (exploded_node::on_stmt_pre): New decl. (exploded_node::on_stmt_post): New decl. * pending-diagnostic.h (pending_diagnostic::use_of_uninit_p): New. (pending_diagnostic::supercedes_p): New. * program-state.cc (sm_state_map::get_state): Inherit state for conjured_svalue as well as initial_svalue. (sm_state_map::purge_state_involving): Also support SK_CONJURED. * region-model-impl-calls.cc (call_details::get_uncertainty): Handle m_ctxt being NULL. (call_details::get_or_create_conjured_svalue): New. (region_model::impl_call_fgets): New. (region_model::impl_call_fread): New. * region-model-manager.cc (region_model_manager::get_or_create_initial_value): Return an uninitialized poisoned value for regions that can't have initial values. * region-model-reachability.cc (reachable_regions::mark_escaped_clusters): Handle ctxt being NULL. * region-model.cc (region_to_value_map::purge_state_involving): New. (poisoned_value_diagnostic::use_of_uninit_p): New. (poisoned_value_diagnostic::emit): Handle POISON_KIND_UNINIT. (poisoned_value_diagnostic::describe_final_event): Likewise. (region_model::check_for_poison): New. (region_model::on_assignment): Call it. (class dump_path_diagnostic): Move here from engine.cc. (region_model::on_stmt_pre): New, based on exploded_node::on_stmt. (region_model::on_call_pre): Move the setting of the LHS to a conjured svalue to before the checks for specific functions. Handle "fgets", "fgets_unlocked", and "fread". (region_model::purge_state_involving): New. (region_model::handle_unrecognized_call): Handle ctxt being NULL. (region_model::get_rvalue): Call check_for_poison. (selftest::test_stack_frames): Use NULL for context when getting uninitialized rvalue. (selftest::test_alloca): Likewise. * region-model.h (region_to_value_map::purge_state_involving): New decl. (call_details::get_or_create_conjured_svalue): New decl. (region_model::on_stmt_pre): New decl. (region_model::purge_state_involving): New decl. (region_model::impl_call_fgets): New decl. (region_model::impl_call_fread): New decl. (region_model::check_for_poison): New decl. (region_model_context::warn): Return bool. (region_model_context::purge_state_involving): New. (noop_region_model_context::warn): Return bool. (noop_region_model_context::purge_state_involving): New. (test_region_model_context:: warn): Return bool. * region.cc (region::get_memory_space): New. (region::can_have_initial_svalue_p): New. (region::involves_p): New. * region.h (enum memory_space): New. (region::get_memory_space): New decl. (region::can_have_initial_svalue_p): New decl. (region::involves_p): New decl. * sm-malloc.cc (use_after_free::supercedes_p): New. * store.cc (binding_cluster::purge_state_involving): New. (store::purge_state_involving): New. * store.h (class symbolic_binding): New forward decl. (binding_key::dyn_cast_symbolic_binding): New. (symbolic_binding::dyn_cast_symbolic_binding): New. (binding_cluster::purge_state_involving): New. (store::purge_state_involving): New. * svalue.cc (svalue::can_merge_p): Reject attempts to merge poisoned svalues with other svalues, so that we identify paths in which a variable is conditionally uninitialized. (involvement_visitor::visit_conjured_svalue): New. (svalue::involves_p): Also handle SK_CONJURED. (poison_kind_to_str): Handle POISON_KIND_UNINIT. (poisoned_svalue::maybe_fold_bits_within): New. * svalue.h (enum poison_kind): Add POISON_KIND_UNINIT. (poisoned_svalue::maybe_fold_bits_within): New decl. gcc/ChangeLog: PR analyzer/95006 PR analyzer/94713 PR analyzer/94714 * doc/invoke.texi: Add -Wanalyzer-use-of-uninitialized-value. gcc/testsuite/ChangeLog: PR analyzer/95006 PR analyzer/94713 PR analyzer/94714 * g++.dg/analyzer/pr93212.C: Update location of warning. * g++.dg/analyzer/pr94011.C: Add -Wno-analyzer-use-of-uninitialized-value. * g++.dg/analyzer/pr94503.C: Likewise. * gcc.dg/analyzer/clobbers-1.c: Convert "f" from a local to a param to avoid uninitialized warning. * gcc.dg/analyzer/data-model-1.c (test_12): Add test for uninitialized value on result of alloca. (test_12a): Add expected warning. (test_12c): Likewise. (test_19): Likewise. (test_29b): Likewise. (test_29c): Likewise. (test_37): Remove xfail. (test_37a): Likewise. * gcc.dg/analyzer/data-model-20.c: Add warning about leak. * gcc.dg/analyzer/explode-2.c: Remove params; add -Wno-analyzer-too-complex, -Wno-analyzer-malloc-leak, and xfails. Initialize the locals. * gcc.dg/analyzer/explode-2a.c: Initialize the locals. Add expected leak. * gcc.dg/analyzer/fgets-1.c: New test. * gcc.dg/analyzer/fread-1.c: New test. * gcc.dg/analyzer/malloc-1.c (test_16): Add expected warning. (test_40): Likewise. * gcc.dg/analyzer/memset-CVE-2017-18549-1.c: Check for uninitialized padding. * gcc.dg/analyzer/pr93355-localealias-feasibility.c (fread): New decl. (read_alias_file): Call it. * gcc.dg/analyzer/pr94047.c: Add expected warnings. * gcc.dg/analyzer/pr94851-2.c: Likewise. * gcc.dg/analyzer/pr96841.c: Convert local to a param. * gcc.dg/analyzer/pr98628.c: Likewise. * gcc.dg/analyzer/pr99042.c: Updated expected location of leak diagnostics. * gcc.dg/analyzer/symbolic-1.c: Add expected warnings. * gcc.dg/analyzer/symbolic-7.c: Likewise. * gcc.dg/analyzer/torture/pr93649.c: Add expected warning. Skip with -fno-fat-lto-objects. * gcc.dg/analyzer/uninit-1.c: New test. * gcc.dg/analyzer/uninit-2.c: New test. * gcc.dg/analyzer/uninit-3.c: New test. * gcc.dg/analyzer/uninit-4.c: New test. * gcc.dg/analyzer/uninit-pr94713.c: New test. * gcc.dg/analyzer/uninit-pr94714.c: New test. * gcc.dg/analyzer/use-after-free-2.c: New test. * gcc.dg/analyzer/use-after-free-3.c: New test. * gcc.dg/analyzer/zlib-3.c: Add expected warning. * gcc.dg/analyzer/zlib-6.c: Convert locals to params to avoid uninitialized warnings. Remove xfail. * gcc.dg/analyzer/zlib-6a.c: New test, based on the old version of the above. * gfortran.dg/analyzer/pr97668.f: Add -Wno-analyzer-use-of-uninitialized-value and -Wno-analyzer-too-complex. Signed-off-by: David Malcolm <dmalcolm@redhat.com>		2021-07-15 15:07:07 -04:00
c++tools	Daily bump.	2021-05-26 00:16:41 +00:00
config	Daily bump.	2021-07-10 00:16:53 +00:00
contrib	Daily bump.	2021-07-03 00:16:31 +00:00
fixincludes	Daily bump.	2021-07-07 00:17:12 +00:00
gcc	analyzer: reimplement -Wanalyzer-use-of-uninitialized-value [PR95006 et al]	2021-07-15 15:07:07 -04:00
gnattools	Daily bump.	2021-05-08 00:16:27 +00:00
gotools	Daily bump.	2021-02-03 00:16:23 +00:00
include	Daily bump.	2021-07-03 00:16:31 +00:00
INSTALL
intl	Daily bump.	2021-06-15 00:16:37 +00:00
libada	Update copyright years.	2021-01-04 10:26:59 +01:00
libatomic	Daily bump.	2021-01-16 00:16:29 +00:00
libbacktrace	Daily bump.	2021-06-29 00:16:42 +00:00
libcc1	Daily bump.	2021-06-29 00:16:42 +00:00
libcody	Daily bump.	2021-04-07 00:16:39 +00:00
libcpp	Daily bump.	2021-06-17 00:16:54 +00:00
libdecnumber	Daily bump.	2021-05-04 00:16:53 +00:00
libffi	Daily bump.	2021-07-10 00:16:53 +00:00
libgcc	[POWER10] __morestack calls from pcrel code	2021-07-15 15:27:09 +09:30
libgfortran	Daily bump.	2021-07-02 00:16:47 +00:00
libgo	runtime: remove direct assignments to memory locations	2021-07-09 19:48:53 -07:00
libgomp	Daily bump.	2021-07-14 00:16:44 +00:00
libiberty	Daily bump.	2021-07-01 00:16:41 +00:00
libitm	Daily bump.	2021-06-18 00:16:58 +00:00
libobjc	Daily bump.	2021-01-06 00:16:55 +00:00
liboffloadmic	Daily bump.	2021-05-26 00:16:41 +00:00
libphobos	Daily bump.	2021-06-12 00:16:27 +00:00
libquadmath	Daily bump.	2021-06-09 00:16:30 +00:00
libsanitizer	Daily bump.	2021-05-22 00:16:29 +00:00
libssp	Daily bump.	2021-01-06 00:16:55 +00:00
libstdc++-v3	libstdc++: Fix std::get<T> for std::tuple [PR101427]	2021-07-15 16:25:42 +01:00
libvtv	Daily bump.	2021-01-06 00:16:55 +00:00
lto-plugin	Daily bump.	2021-06-26 00:16:39 +00:00
maintainer-scripts	Daily bump.	2021-05-15 00:16:27 +00:00
zlib	Daily bump.	2021-01-06 00:16:55 +00:00
.dir-locals.el	.dir-locals.el: Set 'fill-column' to 80 for c-mode	2020-12-14 12:19:56 +01:00
.gitattributes	Add *.md diff=md.	2020-01-15 14:29:53 +01:00
.gitignore	Add cscope.out to git ignore.	2021-06-24 16:51:40 +05:30
ABOUT-NLS
ar-lib
ChangeLog	Daily bump.	2021-07-10 00:16:53 +00:00
ChangeLog.jit
ChangeLog.tree-ssa
compile
config-ml.in	config-ml.in: Suppress output from multi-do recipes	2020-11-09 14:28:37 +00:00
config.guess	config.sub, config.guess : Import upstream 2021-01-25.	2021-02-23 17:21:10 +08:00
config.rpath
config.sub	config.sub, config.guess : Import upstream 2021-01-25.	2021-02-23 17:21:10 +08:00
configure	Darwin, config: Revise host config fragment.	2021-07-09 17:35:57 +01:00
configure.ac	Darwin, config: Revise host config fragment.	2021-07-09 17:35:57 +01:00
COPYING
COPYING3
COPYING3.LIB
COPYING.LIB
COPYING.RUNTIME
depcomp
install-sh
libtool-ldflags
libtool.m4	Update GNU/Hurd configure support	2021-01-05 16:04:14 -07:00
lt~obsolete.m4
ltgcc.m4
ltmain.sh	Do not use HAVE_DOS_BASED_FILE_SYSTEM for Cygwin.	2020-04-17 09:22:51 +02:00
ltoptions.m4
ltsugar.m4
ltversion.m4
MAINTAINERS	add myself to DCO section	2021-07-15 01:16:51 -04:00
Makefile.def	Darwin, configury : Allow for specification and detection of dsymutil.	2021-07-05 20:40:45 +01:00
Makefile.in	Darwin, configury : Allow for specification and detection of dsymutil.	2021-07-05 20:40:45 +01:00
Makefile.tpl	Darwin, configury : Allow for specification and detection of dsymutil.	2021-07-05 20:40:45 +01:00
missing
mkdep
mkinstalldirs
move-if-change
multilib.am
README
symlink-tree
test-driver
ylwrap

README

This directory contains the GNU Compiler Collection (GCC).

The GNU Compiler Collection is free software.  See the files whose
names start with COPYING for copying permission.  The manuals, and
some of the runtime libraries, are under different terms; see the
individual source files for details.

The directory INSTALL contains copies of the installation information
as HTML and plain text.  The source of this information is
gcc/doc/install.texi.  The installation information includes details
of what is included in the GCC sources and what files GCC installs.

See the file gcc/doc/gcc.texi (together with other files that it
includes) for usage and porting information.  An online readable
version of the manual is in the files gcc/doc/gcc.info*.

See http://gcc.gnu.org/bugs/ for how to report bugs usefully.

Copyright years on GCC source files may be listed using range
notation, e.g., 1987-2012, indicating that every year in the range,
inclusive, is a copyrightable year that could otherwise be listed
individually.