+2020-01-22 David Malcolm <dmalcolm@redhat.com>
+
+ PR analyzer/93307
+ * gdbinit.in (break-on-saved-diagnostic): Update for move of
+ diagnostic_manager into "ana" namespace.
+ * selftest-run-tests.c (selftest::run_tests): Update for move of
+ selftest::run_analyzer_selftests to
+ ana::selftest::run_analyzer_selftests.
+
2020-01-22 Richard Sandiford <richard.sandiford@arm.com>
* cfgexpand.c (union_stack_vars): Update the size.
+2020-01-22 David Malcolm <dmalcolm@redhat.com>
+
+ PR analyzer/93307
+ * analysis-plan.h: Wrap everything namespace "ana".
+ * analyzer-logging.cc: Likewise.
+ * analyzer-logging.h: Likewise.
+ * analyzer-pass.cc (pass_analyzer::execute): Update for "ana"
+ namespace.
+ * analyzer-selftests.cc: Wrap everything namespace "ana".
+ * analyzer-selftests.h: Likewise.
+ * analyzer.h: Likewise for forward decls of types.
+ * call-string.h: Likewise.
+ * checker-path.cc: Likewise.
+ * checker-path.h: Likewise.
+ * constraint-manager.cc: Likewise.
+ * constraint-manager.h: Likewise.
+ * diagnostic-manager.cc: Likewise.
+ * diagnostic-manager.h: Likewise.
+ * engine.cc: Likewise.
+ * engine.h: Likewise.
+ * exploded-graph.h: Likewise.
+ * function-set.cc: Likewise.
+ * function-set.h: Likewise.
+ * pending-diagnostic.cc: Likewise.
+ * pending-diagnostic.h: Likewise.
+ * program-point.cc: Likewise.
+ * program-point.h: Likewise.
+ * program-state.cc: Likewise.
+ * program-state.h: Likewise.
+ * region-model.cc: Likewise.
+ * region-model.h: Likewise.
+ * sm-file.cc: Likewise.
+ * sm-malloc.cc: Likewise.
+ * sm-pattern-test.cc: Likewise.
+ * sm-sensitive.cc: Likewise.
+ * sm-signal.cc: Likewise.
+ * sm-taint.cc: Likewise.
+ * sm.cc: Likewise.
+ * sm.h: Likewise.
+ * state-purge.h: Likewise.
+ * supergraph.cc: Likewise.
+ * supergraph.h: Likewise.
+
2020-01-21 David Malcolm <dmalcolm@redhat.com>
PR analyzer/93352
#ifndef GCC_ANALYZER_ANALYSIS_PLAN_H
#define GCC_ANALYZER_ANALYSIS_PLAN_H
+namespace ana {
+
/* A class to encapsulate decisions about how the analysis should happen.
Examples:
- the order in which functions should be analyzed, so that function
auto_vec<int> m_index_by_uid;
};
+} // namespace ana
+
#endif /* GCC_ANALYZER_ANALYSIS_PLAN_H */
#if ENABLE_ANALYZER
+namespace ana {
+
/* Implementation of class logger. */
/* ctor for logger. */
m_logger = logger;
}
+} // namespace ana
+
#endif /* #if ENABLE_ANALYZER */
#ifndef ANALYZER_LOGGING_H
#define ANALYZER_LOGGING_H
+namespace ana {
+
/* A logger encapsulates a logging stream: a way to send
lines of pertinent information to a FILE *. */
#define LOG_FUNC_4(LOGGER, FMT, A0, A1, A2, A3) \
log_scope s (LOGGER, __func__, FMT, A0, A1, A2, A3)
+} // namespace ana
+
#endif /* ANALYZER_LOGGING_H */
pass_analyzer::execute (function *)
{
#if ENABLE_ANALYZER
- run_checkers ();
+ ana::run_checkers ();
#else
sorry ("%qs was not enabled in this build of GCC"
" (missing configure-time option %qs)",
#if CHECKING_P
+namespace ana {
+
namespace selftest {
/* Build a VAR_DECL named NAME of type TYPE, simulating a file-level
} /* end of namespace selftest. */
+} // namespace ana
+
#endif /* #if CHECKING_P */
#if CHECKING_P
+namespace ana {
+
namespace selftest {
extern tree build_global_decl (const char *name, tree type);
extern void analyzer_sm_file_cc_tests ();
extern void analyzer_sm_signal_cc_tests ();
-} /* end of namespace selftest. */
+} /* end of namespace ana::selftest. */
+
+} // namespace ana
#endif /* #if CHECKING_P */
/* Forward decls of common types, with indentation to show inheritance. */
class graphviz_out;
+
+namespace ana {
+
class supergraph;
class supernode;
class superedge;
class state_change;
class rewind_info_t;
+} // namespace ana
+
extern bool is_special_named_call_p (const gcall *call, const char *funcname,
unsigned int num_args);
extern bool is_named_call_p (tree fndecl, const char *funcname);
#ifndef GCC_ANALYZER_CALL_STRING_H
#define GCC_ANALYZER_CALL_STRING_H
+namespace ana {
+
class supergraph;
class call_superedge;
class return_superedge;
auto_vec<const return_superedge *> m_return_edges;
};
+} // namespace ana
+
#endif /* GCC_ANALYZER_CALL_STRING_H */
#if ENABLE_ANALYZER
+namespace ana {
+
/* Get a string for EK. */
const char *
add_event (end_of_path);
}
+} // namespace ana
+
#endif /* #if ENABLE_ANALYZER */
#ifndef GCC_ANALYZER_CHECKER_PATH_H
#define GCC_ANALYZER_CHECKER_PATH_H
+namespace ana {
+
/* An enum for discriminating between the concrete subclasses of
checker_event. */
hash_map <const exploded_node *, diagnostic_event_id_t> m_setjmp_event_ids;
};
+} // namespace ana
+
#endif /* GCC_ANALYZER_CHECKER_PATH_H */
#if ENABLE_ANALYZER
+namespace ana {
+
/* One of the end-points of a range. */
struct bound
#endif /* CHECKING_P */
+} // namespace ana
+
#endif /* #if ENABLE_ANALYZER */
#ifndef GCC_ANALYZER_CONSTRAINT_MANAGER_H
#define GCC_ANALYZER_CONSTRAINT_MANAGER_H
+namespace ana {
+
class constraint_manager;
/* Abstract base class for specifying how state should be purged. */
equiv_class_id rhs_id);
};
+} // namespace ana
+
#endif /* GCC_ANALYZER_CONSTRAINT_MANAGER_H */
#if ENABLE_ANALYZER
+namespace ana {
+
/* class saved_diagnostic. */
/* saved_diagnostic's ctor.
}
}
+} // namespace ana
+
#endif /* #if ENABLE_ANALYZER */
#ifndef GCC_ANALYZER_DIAGNOSTIC_MANAGER_H
#define GCC_ANALYZER_DIAGNOSTIC_MANAGER_H
+namespace ana {
+
/* A to-be-emitted diagnostic stored within diagnostic_manager. */
class saved_diagnostic
const int m_verbosity;
};
+} // namespace ana
+
#endif /* GCC_ANALYZER_DIAGNOSTIC_MANAGER_H */
#if ENABLE_ANALYZER
+namespace ana {
+
static int readability_comparator (const void *p1, const void *p2);
/* class impl_region_model_context : public region_model_context. */
dump (stderr, ext_state);
}
+} // namespace ana
+
/* Return true if FNDECL has a gimple body. */
// TODO: is there a pre-canned way to do this?
return n->has_gimple_body_p ();
}
+namespace ana {
+
/* A pending_diagnostic subclass for implementing "__analyzer_dump_path". */
class dump_path_diagnostic
call_string m_cs;
};
+} // namespace ana
+
template <> struct default_hash_traits<function_call_string>
: public pod_hash_traits<function_call_string>
{
return v.m_fun == reinterpret_cast<function *> (NULL);
}
+namespace ana {
+
/* Top-level cluster for generating .dot output for exploded graphs,
handling the functionless nodes, and grouping the remaining nodes by
callstring. */
fclose (dump_fout);
}
+} // namespace ana
+
#endif /* #if ENABLE_ANALYZER */
#ifndef GCC_ANALYZER_ENGINE_H
#define GCC_ANALYZER_ENGINE_H
+namespace ana {
+
extern void run_checkers ();
+} // namespace ana
+
#endif /* GCC_ANALYZER_ENGINE_H */
#ifndef GCC_ANALYZER_EXPLODED_GRAPH_H
#define GCC_ANALYZER_EXPLODED_GRAPH_H
+namespace ana {
+
/* Concrete implementation of region_model_context, wiring it up to the
rest of the analysis engine. */
// TODO: split the above up?
+} // namespace ana
+
#endif /* GCC_ANALYZER_EXPLODED_GRAPH_H */
#if ENABLE_ANALYZER
+namespace ana {
+
/* Return true if NAME is within this set. */
bool
#endif /* CHECKING_P */
+} // namespace ana
+
#endif /* #if ENABLE_ANALYZER */
#ifndef GCC_ANALYZER_FUNCTION_SET_H
#define GCC_ANALYZER_FUNCTION_SET_H
+namespace ana {
+
/* A set of names. */
class function_set
size_t m_count;
};
+} // namespace ana
+
#endif /* GCC_ANALYZER_FUNCTION_SET_H */
#if ENABLE_ANALYZER
+namespace ana {
+
/* Generate a label_text by printing FMT.
Use a clone of the global_dc for formatting callbacks.
return simple_cst_equal (t1, t2) == 1;
}
+} // namespace ana
+
#endif /* #if ENABLE_ANALYZER */
#ifndef GCC_ANALYZER_PENDING_DIAGNOSTIC_H
#define GCC_ANALYZER_PENDING_DIAGNOSTIC_H
+namespace ana {
+
/* Various bundles of information used for generating more precise
messages for events within a diagnostic_path, for passing to the
various "describe_*" vfuncs of pending_diagnostic. See those
}
};
+} // namespace ana
+
#endif /* GCC_ANALYZER_PENDING_DIAGNOSTIC_H */
#if ENABLE_ANALYZER
+namespace ana {
+
/* Get a string for PK. */
const char *
#endif /* CHECKING_P */
+} // namespace ana
+
#endif /* #if ENABLE_ANALYZER */
#ifndef GCC_ANALYZER_PROGRAM_POINT_H
#define GCC_ANALYZER_PROGRAM_POINT_H
+namespace ana {
+
class exploded_graph;
/* An enum for distinguishing the various kinds of program_point. */
call_string m_call_string;
};
+} // namespace ana
+
#endif /* GCC_ANALYZER_PROGRAM_POINT_H */
#if ENABLE_ANALYZER
+namespace ana {
+
/* class sm_state_map. */
/* sm_state_map's ctor. */
#endif /* CHECKING_P */
+} // namespace ana
+
#endif /* #if ENABLE_ANALYZER */
#ifndef GCC_ANALYZER_PROGRAM_STATE_H
#define GCC_ANALYZER_PROGRAM_STATE_H
+namespace ana {
+
/* Data shared by all program_state instances. */
class extrinsic_state
auto_delete_vec <state_machine> &m_checkers;
};
+} // namespace ana
+
template <> struct default_hash_traits<svalue_id>
: public pod_hash_traits<svalue_id>
{
return v.null_p ();
}
+namespace ana {
+
/* Map from svalue_id to state machine state, also capturing the origin of
each state. */
auto_vec<sm_change> m_sm_changes;
};
+} // namespace ana
+
#endif /* GCC_ANALYZER_PROGRAM_STATE_H */
#if ENABLE_ANALYZER
+namespace ana {
+
/* Dump T to PP in language-independent form, for debugging/logging/dumping
purposes. */
dump (stderr);
}
+} // namespace ana
+
/* Update HSTATE with a hash of SID. */
void
rmodel.dump (false);
}
+namespace ana {
+
#if CHECKING_P
namespace selftest {
#endif /* CHECKING_P */
+} // namespace ana
+
#endif /* #if ENABLE_ANALYZER */
recursive callstack. */
// TODO: would this be better as a new tree code?
+using namespace ana;
+
+namespace ana {
+
class path_var
{
public:
int m_stack_depth; // or -1 for globals?
};
+} // namespace ana
+
namespace inchash
{
extern void add_path_var (path_var pv, hash &hstate);
} // namespace inchash
+namespace ana {
+
/* A region_model is effectively a graph of regions and symbolic values.
We store per-model IDs rather than pointers to make it easier to clone
and to compare graphs. */
region_id m_rid;
};
+} // namespace ana
+
template <>
template <>
inline bool
return sval->get_kind () == SK_REGION;
}
+namespace ana {
+
/* Concrete subclass of svalue representing a specific constant value. */
class constant_svalue : public svalue
tree m_cst_expr;
};
+} // namespace ana
+
template <>
template <>
inline bool
return sval->get_kind () == SK_CONSTANT;
}
+namespace ana {
+
/* Concrete subclass of svalue representing a unique but unknown value.
Comparisons of variables that share the same unknown value are known
to be equal, even if we don't know what the value is. */
enum poison_kind m_kind;
};
+} // namespace ana
+
template <>
template <>
inline bool
return sval->get_kind () == SK_POISONED;
}
+namespace ana {
+
/* Concrete subclass of svalue representing setjmp buffers, so that
longjmp can potentially "return" to an entirely different function. */
region_id m_active_view_rid;
};
+} // namespace ana
+
template <>
template <>
inline bool
return true;
}
+namespace ana {
+
/* Concrete region subclass for storing "primitive" types (integral types,
pointers, etc). */
map_t m_map;
};
+} // namespace ana
+
template <>
template <>
inline bool
return (reg->dyn_cast_map_region () != NULL);
}
+namespace ana {
+
/* Abstract subclass representing a region with fields
(either a struct or a union). */
bool compare_fields (const struct_or_union_region &other) const;
};
+} // namespace ana
+
template <>
template <>
inline bool
|| reg->get_kind () == RK_UNION);
}
+namespace ana {
+
/* Concrete region subclass. A map_region representing a struct, using
FIELD_DECLs for its keys. */
bool compare_fields (const struct_region &other) const;
};
+} // namespace ana
+
template <>
template <>
inline bool
return reg->get_kind () == RK_STRUCT;
}
+namespace ana {
+
/* Concrete region subclass. A map_region representing a union, using
FIELD_DECLs for its keys. */
bool compare_fields (const union_region &other) const;
};
+} // namespace ana
+
template <>
template <>
inline bool
return reg->get_kind () == RK_UNION;
}
+namespace ana {
+
/* Abstract map_region subclass for accessing decls, used as a base class
for function frames and for the globals region. */
int m_depth;
};
+} // namespace ana
+
template <>
template <>
inline bool
return reg->get_kind () == RK_FRAME;
}
+namespace ana {
+
/* Concrete region subclass, to hold global variables (data and bss). */
class globals_region : public scope_region
bool compare_fields (const globals_region &other) const;
};
+} // namespace ana
+
template <>
template <>
inline bool
return reg->get_kind () == RK_GLOBALS;
}
+namespace ana {
+
/* Concrete region subclass. A map_region representing the code, using
FUNCTION_DECLs for its keys. */
bool compare_fields (const code_region &other) const;
};
+} // namespace ana
+
template <>
template <>
inline bool
return reg->get_kind () == RK_CODE;
}
+namespace ana {
+
/* Concrete region subclass. A map_region representing the code for
a particular function, using LABEL_DECLs for its keys. */
bool compare_fields (const function_region &other) const;
};
+} // namespace ana
+
template <>
template <>
inline bool
return reg->get_kind () == RK_FUNCTION;
}
+namespace ana {
+
/* Concrete region subclass representing an array (or an array-like view
of a parent region of memory.
This can't be a map_region as we can't use trees as the keys: there's
map_t m_map;
};
+} // namespace ana
+
template <>
template <>
inline bool
return reg->get_kind () == RK_ARRAY;
}
+namespace ana {
+
/* Concrete region subclass representing a stack, containing all stack
frames, and implicitly providing a POISON_KIND_UNINIT value to all
child regions by default. */
auto_vec<region_id> m_frame_rids;
};
+} // namespace ana
+
template <>
template <>
inline bool
return reg->get_kind () == RK_STACK;
}
+namespace ana {
+
/* Concrete region subclass: a region within which regions can be
dynamically allocated. */
};
+} // namespace ana
+
template <>
template <>
inline bool
return reg->get_kind () == RK_HEAP;
}
+namespace ana {
+
/* Concrete region subclass. The root region, containing all regions
(either directly, or as descendents).
Unique within a region_model. */
region_id m_heap_rid;
};
+} // namespace ana
+
template <>
template <>
inline bool
return reg->get_kind () == RK_ROOT;
}
+namespace ana {
+
/* Concrete region subclass: a region to use when dereferencing an unknown
pointer. */
int m_next_sid_int;
};
+} // namespace ana
+
namespace inchash
{
extern void add (svalue_id sid, hash &hstate);
extern void debug (const region_model &rmodel);
+namespace ana {
+
#if CHECKING_P
namespace selftest {
+using namespace ::selftest;
+
/* An implementation of region_model_context for use in selftests, which
stores any pending_diagnostic instances passed to it. */
#endif /* #if CHECKING_P */
+} // namespace ana
+
#endif /* GCC_ANALYZER_REGION_MODEL_H */
#if ENABLE_ANALYZER
+namespace ana {
+
namespace {
/* A state machine for detecting misuses of <stdio.h>'s FILE * API. */
#endif /* CHECKING_P */
+} // namespace ana
+
#endif /* #if ENABLE_ANALYZER */
#if ENABLE_ANALYZER
+namespace ana {
+
namespace {
/* A state machine for detecting misuses of the malloc/free API.
return new malloc_state_machine (logger);
}
+} // namespace ana
+
#endif /* #if ENABLE_ANALYZER */
#if ENABLE_ANALYZER
+namespace ana {
+
namespace {
/* A state machine for use in DejaGnu tests, to check that
return new pattern_test_state_machine (logger);
}
+} // namespace ana
+
#endif /* #if ENABLE_ANALYZER */
#if ENABLE_ANALYZER
+namespace ana {
+
namespace {
/* An experimental state machine, for tracking exposure of sensitive
return new sensitive_state_machine (logger);
}
+} // namespace ana
+
#endif /* #if ENABLE_ANALYZER */
#if ENABLE_ANALYZER
+namespace ana {
+
namespace {
/* An experimental state machine, for tracking calls to async-signal-unsafe
} // namespace selftest
+} // namespace ana
+
#endif /* CHECKING_P */
#endif /* #if ENABLE_ANALYZER */
#if ENABLE_ANALYZER
+namespace ana {
+
namespace {
/* An experimental state machine, for tracking "taint": unsanitized uses
return new taint_state_machine (logger);
}
+} // namespace ana
+
#endif /* #if ENABLE_ANALYZER */
return POINTER_TYPE_P (TREE_TYPE (var));
}
+namespace ana {
+
/* Add a state with name NAME to this state_machine.
The string is required to outlive the state_machine.
}
}
+} // namespace ana
+
#endif /* #if ENABLE_ANALYZER */
extern tree is_zero_assignment (const gimple *stmt);
extern bool any_pointer_p (tree var);
+namespace ana {
+
class state_machine;
class sm_context;
class pending_diagnostic;
extern state_machine *make_signal_state_machine (logger *logger);
extern state_machine *make_pattern_test_state_machine (logger *logger);
+} // namespace ana
+
#endif /* GCC_ANALYZER_SM_H */
return v.get_kind () == PK_EMPTY;
}
+namespace ana {
+
/* The result of analyzing which SSA names can be purged from state at
different points in the program, so that we can simplify program_state
objects, in the hope of reducing state-blowup. */
const state_purge_map *m_map;
};
+} // namespace ana
+
#endif /* GCC_ANALYZER_STATE_PURGE_H */
#if ENABLE_ANALYZER
+namespace ana {
+
/* Get the cgraph_edge, but only if there's an underlying function body. */
cgraph_edge *
return NULL_TREE;
}
+} // namespace ana
+
#endif /* #if ENABLE_ANALYZER */
#ifndef GCC_ANALYZER_SUPERGRAPH_H
#define GCC_ANALYZER_SUPERGRAPH_H
+using namespace ana;
+
+namespace ana {
+
/* Forward decls, using indentation to show inheritance. */
class supergraph;
cgraph_edge *const m_cedge;
};
+} // namespace ana
+
template <>
template <>
inline bool
|| sedge->get_kind () == SUPEREDGE_RETURN);
}
+namespace ana {
+
/* A subclass of superedge representing an interprocedural call. */
class call_superedge : public callgraph_superedge
}
};
+} // namespace ana
+
template <>
template <>
inline bool
return sedge->get_kind () == SUPEREDGE_CALL;
}
+namespace ana {
+
/* A subclass of superedge represesnting an interprocedural return. */
class return_superedge : public callgraph_superedge
}
};
+} // namespace ana
+
template <>
template <>
inline bool
return sedge->get_kind () == SUPEREDGE_RETURN;
}
+namespace ana {
+
/* A subclass of superedge that corresponds to a CFG edge. */
class cfg_superedge : public superedge
const ::edge m_cfg_edge;
};
+} // namespace ana
+
template <>
template <>
inline bool
return sedge->get_kind () == SUPEREDGE_CFG_EDGE;
}
+namespace ana {
+
/* A subclass for edges from switch statements, retaining enough
information to identify the pertinent case, and for adding labels
when rendering via graphviz. */
const int m_idx;
};
+} // namespace ana
+
template <>
template <>
inline bool
return sedge->dyn_cast_switch_cfg_superedge () != NULL;
}
+namespace ana {
+
/* Base class for adding additional content to the .dot output
for a supergraph. */
extern cgraph_edge *supergraph_call_edge (function *fun, gimple *stmt);
+} // namespace ana
+
#endif /* GCC_ANALYZER_SUPERGRAPH_H */
end
define break-on-saved-diagnostic
-break diagnostic_manager::add_diagnostic
+break ana::diagnostic_manager::add_diagnostic
end
document break-on-saved-diagnostic
-Put a breakpoint on diagnostic_manager::add_diagnostic, called within
+Put a breakpoint on ana::diagnostic_manager::add_diagnostic, called within
the analyzer whenever a diagnostic is saved for later de-duplication and
possible emission.
end
lang_hooks.run_lang_selftests ();
/* Run the analyzer selftests (if enabled). */
- run_analyzer_selftests ();
+ ana::selftest::run_analyzer_selftests ();
/* Force a GC at the end of the selftests, to shake out GC-related
issues. For example, if any GC-managed items have buggy (or missing)
projects / gcc.git / commitdiff