From patchwork Thu Dec 1 02:33:17 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Malcolm X-Patchwork-Id: 28156 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp32895wrr; Wed, 30 Nov 2022 18:34:10 -0800 (PST) X-Google-Smtp-Source: AA0mqf6fh2qrNvVX0dR4IFPQEyOotz2mtLkvBJu7eGqNLvJnQyvE+gn3Yjcuzdqwj110RoNdX3yG X-Received: by 2002:aa7:dd0e:0:b0:46b:9dee:1e09 with SMTP id i14-20020aa7dd0e000000b0046b9dee1e09mr6761219edv.390.1669862050492; Wed, 30 Nov 2022 18:34:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669862050; cv=none; d=google.com; s=arc-20160816; b=dKFzBmYD/Y5vfxfVBBOAnZP2m9o5O1bwE+mpY95zRRNg6GRflGOx74+hgTrdEaTHb0 sOxYck7wVtq12kU/McbZ3xsBhuS+jd/bXyTFeyRW8Fs9/ympEWofS/IKyWcmjbuzzVkb j/SJcjkopIFQhMyakXDpLOu+OgGi9/dcOnAuq6pbWTu9nc8bVkmC5pzEW3yu5Zr58RPk 0em08dHdj3XbZy4e7Ty9yIKHTJh/AA7LFfHjig37PXfBeqFY+iowE5hRxWC0S0JmZB5T 7TfW6JJu9laiQMDl2ouspdDb+CQOmthtNWmBotjJ8V3dssPYnGqfmFnW30gZbyzb0NR7 E5ig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:reply-to:from:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence :content-transfer-encoding:mime-version:message-id:date:subject:cc :to:dmarc-filter:delivered-to:dkim-signature:dkim-filter; bh=7TudjDFhXPLXUP8LBwygKSLMw7Qxoil1cKyfjtDc0K8=; b=JVb7BT8FxWkce0Oej0gdaMyxVdPepHMVPzvO7tbQsPCH9yLfQRpXdT1pV65Ukaanz3 kVeHAJNpq9UEmUsiFbrpgczkusJ02kCR+hNjD2+xA/CGSEFLYnTOVKQV9oPTX0UjN7GU SQIRXT6MjcpoCtvNRmeIjLDmOrObL3jUUQsSGry6a44cOJPT0XOpoM0TuJmhXafh+UJM TOcEHMAyYY8dnCFp73TK8JdC+9EaJPlo66TKw0CKjp7eB51u8M/86HvnADMZAjAQ4UzA Evb47JgLv19zDL8v41L63TI8vP4lNMnZe6YAFM3GcxCJBLJ8ODMonj/UF/hSJqmFw2bM 7/JA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gcc.gnu.org header.s=default header.b=j504fAad; spf=pass (google.com: domain of gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gnu.org Received: from sourceware.org (server2.sourceware.org. [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id cr12-20020a170906d54c00b007707b853e46si2658977ejc.882.2022.11.30.18.34.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 30 Nov 2022 18:34:10 -0800 (PST) Received-SPF: pass (google.com: domain of gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) client-ip=2620:52:3:1:0:246e:9693:128c; Authentication-Results: mx.google.com; dkim=pass header.i=@gcc.gnu.org header.s=default header.b=j504fAad; spf=pass (google.com: domain of gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gnu.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 33A62385B1A7 for ; Thu, 1 Dec 2022 02:34:09 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 33A62385B1A7 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1669862049; bh=7TudjDFhXPLXUP8LBwygKSLMw7Qxoil1cKyfjtDc0K8=; h=To:Cc:Subject:Date:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe:From:Reply-To:From; b=j504fAadBZpv7RxL/dRD7jgeMIA+iHztsdsbYwIa5cp2Ko/qd+9ZCeCnsUaDdTxzR JPyd0Ec4f01yGZFON+Ymd3bTCcn3ZqLGLXUzJqbt//UK4HoIHcolr4LeuUqtxVC2uG rSK9c047KNc2Upv1MZDZuAmYLc8KxKHHUTahai+E= X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTPS id BB8AE3858C54 for ; Thu, 1 Dec 2022 02:33:22 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org BB8AE3858C54 Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-230-7Hc9v_lYPIe7y2Sz_zImuQ-1; Wed, 30 Nov 2022 21:33:21 -0500 X-MC-Unique: 7Hc9v_lYPIe7y2Sz_zImuQ-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id F34A9811E7A for ; Thu, 1 Dec 2022 02:33:20 +0000 (UTC) Received: from t14s.localdomain.com (unknown [10.2.16.65]) by smtp.corp.redhat.com (Postfix) with ESMTP id C6F361120AA4; Thu, 1 Dec 2022 02:33:20 +0000 (UTC) To: gcc-patches@gcc.gnu.org Cc: David Malcolm Subject: [committed] analyzer: fix ICE on bind/connect with a constant fd [PR107928] Date: Wed, 30 Nov 2022 21:33:17 -0500 Message-Id: <20221201023317.3722715-1-dmalcolm@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Spam-Status: No, score=-11.4 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: David Malcolm via Gcc-patches From: David Malcolm Reply-To: David Malcolm Errors-To: gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org Sender: "Gcc-patches" X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1750977269554404609?= X-GMAIL-MSGID: =?utf-8?q?1750977269554404609?= Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu. Pushed to trunk as r13-4424-g45a75fd3d31265. gcc/analyzer/ChangeLog: PR analyzer/107928 * sm-fd.cc (fd_state_machine::on_bind): Handle m_constant_fd in the "success" outcome. (fd_state_machine::on_connect): Likewise. * sm-fd.dot: Add "constant_fd" state and its transitions. gcc/testsuite/ChangeLog: PR analyzer/107928 * gcc.dg/analyzer/fd-bind-pr107928.c: New test. * gcc.dg/analyzer/fd-connect-pr107928.c: New test. * gcc.dg/analyzer/fd-stream-socket-active-open.c (test_active_open_from_connect_constant): New, adapted from test_active_open_from_connect. * gcc.dg/analyzer/fd-stream-socket-passive-open.c (test_passive_open_from_bind_constant): New, adapted from test_passive_open_from_bind. (test_passive_open_from_listen_constant): New, adapted from test_passive_open_from_listen. Signed-off-by: David Malcolm --- gcc/analyzer/sm-fd.cc | 6 +- gcc/analyzer/sm-fd.dot | 6 ++ .../gcc.dg/analyzer/fd-bind-pr107928.c | 10 ++ .../gcc.dg/analyzer/fd-connect-pr107928.c | 10 ++ .../analyzer/fd-stream-socket-active-open.c | 31 ++++++ .../analyzer/fd-stream-socket-passive-open.c | 98 +++++++++++++++++++ 6 files changed, 159 insertions(+), 2 deletions(-) create mode 100644 gcc/testsuite/gcc.dg/analyzer/fd-bind-pr107928.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/fd-connect-pr107928.c diff --git a/gcc/analyzer/sm-fd.cc b/gcc/analyzer/sm-fd.cc index 794733e55ca..799847cb8e8 100644 --- a/gcc/analyzer/sm-fd.cc +++ b/gcc/analyzer/sm-fd.cc @@ -1861,7 +1861,8 @@ fd_state_machine::on_bind (const call_details &cd, next_state = m_bound_datagram_socket; else if (old_state == m_new_unknown_socket) next_state = m_bound_unknown_socket; - else if (old_state == m_start) + else if (old_state == m_start + || old_state == m_constant_fd) next_state = m_bound_unknown_socket; else if (old_state == m_stop) next_state = m_stop; @@ -2116,7 +2117,8 @@ fd_state_machine::on_connect (const call_details &cd, next_state = m_new_datagram_socket; else if (old_state == m_new_unknown_socket) next_state = m_stop; - else if (old_state == m_start) + else if (old_state == m_start + || old_state == m_constant_fd) next_state = m_stop; else if (old_state == m_stop) next_state = m_stop; diff --git a/gcc/analyzer/sm-fd.dot b/gcc/analyzer/sm-fd.dot index da925b0989f..d7676b1f779 100644 --- a/gcc/analyzer/sm-fd.dot +++ b/gcc/analyzer/sm-fd.dot @@ -27,6 +27,9 @@ digraph "fd" { /* Start state. */ start; + /* State for a constant file descriptor (>= 0). */ + constant_fd; + /* States representing a file descriptor that hasn't yet been checked for validity after opening, for three different access modes. */ @@ -129,6 +132,7 @@ digraph "fd" { /* On "bind". */ start -> bound_unknown_socket [label="when 'bind(X, ...)' succeeds"]; + constant_fd -> bound_unknown_socket [label="when 'bind(X, ...)' succeeds"]; new_stream_socket -> bound_stream_socket [label="when 'bind(X, ...)' succeeds"]; new_datagram_socket -> bound_datagram_socket [label="when 'bind(X, ...)' succeeds"]; new_unknown_socket -> bound_unknown_socket [label="when 'bind(X, ...)' succeeds"]; @@ -140,12 +144,14 @@ digraph "fd" { /* On "accept". */ start -> connected_stream_socket [label="when 'accept(OTHER, ...)' succeeds on a listening_stream_socket"]; + constant_fd -> connected_stream_socket [label="when 'accept(OTHER, ...)' succeeds on a listening_stream_socket"]; /* On "connect". */ new_stream_socket -> connected_stream_socket [label="when 'connect(X, ...)' succeeds"]; new_datagram_socket -> new_datagram_socket [label="when 'connect(X, ...)' succeeds"]; new_unknown_socket -> stop [label="when 'connect(X, ...)' succeeds"]; start -> stop [label="when 'connect(X, ...)' succeeds"]; + constant_fd -> stop [label="when 'connect(X, ...)' succeeds"]; /* on_condition. */ unchecked_read_write -> valid_read_write [label="on 'X >= 0'"]; diff --git a/gcc/testsuite/gcc.dg/analyzer/fd-bind-pr107928.c b/gcc/testsuite/gcc.dg/analyzer/fd-bind-pr107928.c new file mode 100644 index 00000000000..acc1a1df8e0 --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/fd-bind-pr107928.c @@ -0,0 +1,10 @@ +struct sa {}; + +int +bind (int, struct sa *, int); + +int +foo (struct sa sa) +{ + return bind (1, &sa, sizeof sa); +} diff --git a/gcc/testsuite/gcc.dg/analyzer/fd-connect-pr107928.c b/gcc/testsuite/gcc.dg/analyzer/fd-connect-pr107928.c new file mode 100644 index 00000000000..f3bdc87c210 --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/fd-connect-pr107928.c @@ -0,0 +1,10 @@ +struct sa {}; + +int +connect (int, struct sa *, int); + +int +foo (struct sa sa) +{ + return connect (1, &sa, sizeof sa); +} diff --git a/gcc/testsuite/gcc.dg/analyzer/fd-stream-socket-active-open.c b/gcc/testsuite/gcc.dg/analyzer/fd-stream-socket-active-open.c index 841894cc1bd..89ea82e59c9 100644 --- a/gcc/testsuite/gcc.dg/analyzer/fd-stream-socket-active-open.c +++ b/gcc/testsuite/gcc.dg/analyzer/fd-stream-socket-active-open.c @@ -74,3 +74,34 @@ void test_active_open_from_connect (int fd, const char *sockname, void *buf) close (fd); __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-stop'" } */ } + +void test_active_open_from_connect_constant (const char *sockname, void *buf) +{ + const int fd = 42; + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-constant'" } */ + + struct sockaddr_un addr; + memset (&addr, 0, sizeof (addr)); + addr.sun_family = AF_UNIX; + strncpy (addr.sun_path, sockname, sizeof(addr.sun_path) - 1); + + errno = 0; + if (connect (fd, (struct sockaddr *)&addr, sizeof (addr)) == -1) + { + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-constant'" } */ + __analyzer_eval (errno > 0); /* { dg-warning "TRUE" } */ + close (fd); + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-closed'" } */ + return; + } + + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-stop'" } */ + __analyzer_eval (errno == 0); /* { dg-warning "TRUE" } */ + __analyzer_eval (fd >= 0); /* { dg-warning "TRUE" } */ + + write (fd, "hello", 6); + read (fd, buf, 100); + + close (fd); + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-stop'" } */ +} diff --git a/gcc/testsuite/gcc.dg/analyzer/fd-stream-socket-passive-open.c b/gcc/testsuite/gcc.dg/analyzer/fd-stream-socket-passive-open.c index a61091101ed..8af52904d7e 100644 --- a/gcc/testsuite/gcc.dg/analyzer/fd-stream-socket-passive-open.c +++ b/gcc/testsuite/gcc.dg/analyzer/fd-stream-socket-passive-open.c @@ -129,6 +129,62 @@ void test_passive_open_from_bind (int fd, const char *sockname, void *buf) __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-closed'" } */ } +void test_passive_open_from_bind_constant (const char *sockname, void *buf) +{ + const int fd = 42; + struct sockaddr_un addr; + int afd; + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-constant'" } */ + memset (&addr, 0, sizeof (addr)); + addr.sun_family = AF_UNIX; + strncpy (addr.sun_path, sockname, sizeof(addr.sun_path) - 1); + errno = 0; + if (bind (fd, (struct sockaddr *)&addr, sizeof (addr)) == -1) + { + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-constant'" } */ + __analyzer_eval (errno > 0); /* { dg-warning "TRUE" } */ + close (fd); + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-closed'" } */ + return; + } + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-bound-unknown-socket'" } */ + __analyzer_eval (errno == 0); /* { dg-warning "TRUE" } */ + __analyzer_eval (fd >= 0); /* { dg-warning "TRUE" } */ + if (listen (fd, 5) == -1) + { + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-bound-unknown-socket'" } */ + __analyzer_eval (errno > 0); /* { dg-warning "TRUE" } */ + close (fd); + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-closed'" } */ + return; + } + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-listening-stream-socket'" } */ + __analyzer_eval (errno == 0); /* { dg-warning "TRUE" } */ + __analyzer_eval (fd >= 0); /* { dg-warning "TRUE" } */ + afd = accept (fd, NULL, NULL); + if (afd == -1) + { + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-listening-stream-socket'" } */ + __analyzer_eval (errno > 0); /* { dg-warning "TRUE" } */ + close (fd); + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-closed'" } */ + return; + } + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-listening-stream-socket'" } */ + __analyzer_dump_state ("file-descriptor", afd); /* { dg-warning "state: 'fd-connected-stream-socket'" } */ + __analyzer_eval (errno == 0); /* { dg-warning "TRUE" } */ + __analyzer_eval (fd >= 0); /* { dg-warning "TRUE" } */ + __analyzer_eval (afd >= 0); /* { dg-warning "TRUE" } */ + + write (afd, "hello", 6); + read (afd, buf, 100); + + close (afd); + close (fd); + __analyzer_dump_state ("file-descriptor", afd); /* { dg-warning "state: 'fd-closed'" } */ + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-closed'" } */ +} + void test_passive_open_from_listen (int fd, void *buf) { int afd; @@ -169,6 +225,48 @@ void test_passive_open_from_listen (int fd, void *buf) __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-closed'" } */ } + +void test_passive_open_from_listen_constant (void *buf) +{ + const int fd = 42; + int afd; + errno = 0; + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-constant'" } */ + if (listen (fd, 5) == -1) + { + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-constant'" } */ + __analyzer_eval (errno > 0); /* { dg-warning "TRUE" } */ + close (fd); + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-closed'" } */ + return; + } + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-listening-stream-socket'" } */ + __analyzer_eval (errno == 0); /* { dg-warning "TRUE" } */ + __analyzer_eval (fd >= 0); /* { dg-warning "TRUE" } */ + afd = accept (fd, NULL, NULL); + if (afd == -1) + { + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-listening-stream-socket'" } */ + __analyzer_eval (errno > 0); /* { dg-warning "TRUE" } */ + close (fd); + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-closed'" } */ + return; + } + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-listening-stream-socket'" } */ + __analyzer_dump_state ("file-descriptor", afd); /* { dg-warning "state: 'fd-connected-stream-socket'" } */ + __analyzer_eval (errno == 0); /* { dg-warning "TRUE" } */ + __analyzer_eval (fd >= 0); /* { dg-warning "TRUE" } */ + __analyzer_eval (afd >= 0); /* { dg-warning "TRUE" } */ + + write (afd, "hello", 6); + read (afd, buf, 100); + + close (afd); + close (fd); + __analyzer_dump_state ("file-descriptor", afd); /* { dg-warning "state: 'fd-closed'" } */ + __analyzer_dump_state ("file-descriptor", fd); /* { dg-warning "state: 'fd-closed'" } */ +} + void test_passive_open_from_accept (int fd, void *buf) { int afd;