Skip to content
Snippets Groups Projects
Commit b365e9d5 authored by David Malcolm's avatar David Malcolm
Browse files

analyzer: improvements to out-of-bounds diagrams [PR111155] 


Update out-of-bounds diagrams to show existing string values,
and the initial write index within a string buffer.

For example, given the out-of-bounds write in strcat in:

void test (void)
{
  char buf[10];
  strcpy (buf, "hello");
  strcat (buf, " world!");
}

the diagram improves from:

                           ┌─────┬─────┬────┬────┬────┐┌─────┬─────┬─────┐
                           │ [0] │ [1] │[2] │[3] │[4] ││ [5] │ [6] │ [7] │
                           ├─────┼─────┼────┼────┼────┤├─────┼─────┼─────┤
                           │ ' ' │ 'w' │'o' │'r' │'l' ││ 'd' │ '!' │ NUL │
                           ├─────┴─────┴────┴────┴────┴┴─────┴─────┴─────┤
                           │      string literal (type: 'char[8]')       │
                           └─────────────────────────────────────────────┘
                              │     │    │    │    │      │     │     │
                              │     │    │    │    │      │     │     │
                              v     v    v    v    v      v     v     v
  ┌─────┬────────────────────────────────────────┬────┐┌─────────────────┐
  │ [0] │                  ...                   │[9] ││                 │
  ├─────┴────────────────────────────────────────┴────┤│after valid range│
  │             'buf' (type: 'char[10]')              ││                 │
  └───────────────────────────────────────────────────┘└─────────────────┘
  ├─────────────────────────┬─────────────────────────┤├────────┬────────┤
                            │                                   │
                  ╭─────────┴────────╮                ╭─────────┴─────────╮
                  │capacity: 10 bytes│                │overflow of 3 bytes│
                  ╰──────────────────╯                ╰───────────────────╯

to:

                             ┌────┬────┬────┬────┬────┐┌─────┬─────┬─────┐
                             │[0] │[1] │[2] │[3] │[4] ││ [5] │ [6] │ [7] │
                             ├────┼────┼────┼────┼────┤├─────┼─────┼─────┤
                             │' ' │'w' │'o' │'r' │'l' ││ 'd' │ '!' │ NUL │
                             ├────┴────┴────┴────┴────┴┴─────┴─────┴─────┤
                             │     string literal (type: 'char[8]')      │
                             └───────────────────────────────────────────┘
                               │    │    │    │    │      │     │     │
                               │    │    │    │    │      │     │     │
                               v    v    v    v    v      v     v     v
  ┌─────┬────────────────────┬────┬──────────────┬────┐┌─────────────────┐
  │ [0] │        ...         │[5] │     ...      │[9] ││                 │
  ├─────┼────┬────┬────┬────┬┼────┼──────────────┴────┘│                 │
  │ 'h' │'e' │'l' │'l' │'o' ││NUL │                    │after valid range│
  ├─────┴────┴────┴────┴────┴┴────┴───────────────────┐│                 │
  │             'buf' (type: 'char[10]')              ││                 │
  └───────────────────────────────────────────────────┘└─────────────────┘
  ├─────────────────────────┬─────────────────────────┤├────────┬────────┤
                            │                                   │
                  ╭─────────┴────────╮                ╭─────────┴─────────╮
                  │capacity: 10 bytes│                │overflow of 3 bytes│
                  ╰──────────────────╯                ╰───────────────────╯

gcc/analyzer/ChangeLog:
	PR analyzer/111155
	* access-diagram.cc (boundaries::boundaries): Add logger param
	(boundaries::add): Add logging.
	(boundaries::get_hard_boundaries_in_range): New.
	(boundaries::m_logger): New field.
	(boundaries::get_table_x_for_offset): Make public.
	(class svalue_spatial_item): New.
	(class compound_svalue_spatial_item): New.
	(add_ellipsis_to_gaps): New.
	(valid_region_spatial_item::valid_region_spatial_item): Add theme
	param.  Initialize m_boundaries, m_existing_sval, and
	m_existing_sval_spatial_item.
	(valid_region_spatial_item::add_boundaries): Set m_boundaries.
	Add boundaries for any m_existing_sval_spatial_item.
	(valid_region_spatial_item::add_array_elements_to_table): Rewrite
	creation of min/max index in terms of
	maybe_add_array_index_to_table.  Rewrite ellipsis code using
	add_ellipsis_to_gaps. Add index values for any hard boundaries
	within the valid region.
	(valid_region_spatial_item::maybe_add_array_index_to_table): New,
	based on code formerly in add_array_elements_to_table.
	(valid_region_spatial_item::make_table): Make use of
	m_existing_sval_spatial_item, if any.
	(valid_region_spatial_item::m_boundaries): New field.
	(valid_region_spatial_item::m_existing_sval): New field.
	(valid_region_spatial_item::m_existing_sval_spatial_item): New
	field.
	(class svalue_spatial_item): Rename to...
	(class written_svalue_spatial_item): ...this.
	(class string_region_spatial_item): Rename to..
	(class string_literal_spatial_item): ...this.  Add "kind".
	(string_literal_spatial_item::add_boundaries): Use m_kind to
	determine kind of boundary.  Update for renaming of m_actual_bits
	to m_bits.
	(string_literal_spatial_item::make_table): Likewise.  Support not
	displaying a row for byte indexes, and not displaying a row for
	the type.
	(string_literal_spatial_item::add_column_for_byte): Make byte index
	row optional.
	(svalue_spatial_item::make): Convert to...
	(make_written_svalue_spatial_item): ...this.
	(make_existing_svalue_spatial_item): New.
	(access_diagram_impl::access_diagram_impl): Pass theme to
	m_valid_region_spatial_item ctor.  Update for renaming of
	m_svalue_spatial_item.
	(access_diagram_impl::find_boundaries): Pass logger to boundaries.
	Update for renaming of...
	(access_diagram_impl::m_svalue_spatial_item): Rename to...
	(access_diagram_impl::m_written_svalue_spatial_item): ...this.

gcc/testsuite/ChangeLog:
	PR analyzer/111155
	* c-c++-common/analyzer/out-of-bounds-diagram-strcat-2.c: New test.
	* c-c++-common/analyzer/out-of-bounds-diagram-strcat.c: New test.
	* gcc.dg/analyzer/out-of-bounds-diagram-17.c: Update expected
	result to show the existing content of "buf" and the index at
	which the write starts.
	* gcc.dg/analyzer/out-of-bounds-diagram-18.c: Likewise.
	* gcc.dg/analyzer/out-of-bounds-diagram-19.c: Likewise.
	* gcc.dg/analyzer/out-of-bounds-diagram-6.c: Update expected
	output.

gcc/ChangeLog:
	PR analyzer/111155
	* text-art/table.cc (table::maybe_set_cell_span): New.
	(table::add_other_table): New.
	* text-art/table.h (class table::cell_placement): Add class table
	as a friend.
	(table::add_rows): New.
	(table::add_row): Reimplement in terms of add_rows.
	(table::maybe_set_cell_span): New decl.
	(table::add_other_table): New decl.
	* text-art/types.h (operator+): New operator for rect + coord.

Signed-off-by: default avatarDavid Malcolm <dmalcolm@redhat.com>
parent 1f68a3e8
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 644 additions and 181 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment