From patchwork Thu Jun 22 19:49:54 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Li, Pan2 via Gcc-patches" X-Patchwork-Id: 111795 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp5307516vqr; Thu, 22 Jun 2023 12:55:32 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5sD5Af9+aXRu11koSYDpiO8Rtx+/ayeeSx6/h7SeYPRKDr8xPosKW2/QpILf252N7w8Zf8 X-Received: by 2002:a17:906:4793:b0:974:32e:7de9 with SMTP id cw19-20020a170906479300b00974032e7de9mr17862555ejc.56.1687463732725; Thu, 22 Jun 2023 12:55:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1687463732; cv=none; d=google.com; s=arc-20160816; b=FRsE5coeNkYD1H+OV5W7CDYvjIKJJTVvZZM6FX06JxzgQfE/hMhvtrdqqUpXzVeGMG yI8Yd6yyVw0POfMGHR0h9391AUrCzA7Dv15HN01FLAHU761JWbFwJNkLifBuaQKhJxrW 1ugpqsfakkx7bTomJ+/kWo5XDfyB4Ugc4sbNaMVqUfPe+YLzIM6URus2XzMq1Sc9GbCZ VI2+SUPmHX9T4XZl7HfJoQhcvHVJMOcZuLytsNaJaswuelU2J5IXiWjnu0Jhwy04a/Te B521EWdQK+91W4MPh5APhfbTwwENmoGeVf5eISbVB1JqDiytHNcp4b1AMM1UtCfAFM+X 5fhw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:reply-to:from:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence :content-transfer-encoding:mime-version:message-id:date:subject:cc :to:dmarc-filter:delivered-to:dkim-signature:dkim-filter; bh=mgklL4yIqNUzthEHKvV7IsPxYdfE3jFCU/TllcaAS9M=; b=EVeaubBkPzeeScysHN08ALbWsNqMIppahGhQ/fklLkvauLuu9VzF2d/qKhZCSMdbT5 JgdDLSFtgG+FhLBoyGuU5IUfjYr5kQoaOU33GCmzvDCDiIVBjBN5B2y308pfBux+NJBq HRJ00VUm3sX6RyELnEV5HwggR9SN2cW4ex5aLl+ubc+HoBeCT53rSfkTVlcxlG1ewZ1P 3CCV44SgzU2OEB5YgmBHYOnE9n/I9LF+l9RHvLCDS7gbgDuQDG4W5ZkZvCBavres+XEi 3O54ZrfIp4hcXR85YlQbM/fhuqs3mdaICdVDwYl97HO6NN4D+CRsNNpv8NcCRKsHE0Ou zK9w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gcc.gnu.org header.s=default header.b=Rt6kT2+D; spf=pass (google.com: domain of gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gnu.org Received: from sourceware.org (ip-8-43-85-97.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id v7-20020a17090690c700b0098871998bc2si2508035ejw.948.2023.06.22.12.55.32 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 22 Jun 2023 12:55:32 -0700 (PDT) Received-SPF: pass (google.com: domain of gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@gcc.gnu.org header.s=default header.b=Rt6kT2+D; spf=pass (google.com: domain of gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gnu.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 9D6E43858401 for ; Thu, 22 Jun 2023 19:55:31 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 9D6E43858401 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1687463731; bh=mgklL4yIqNUzthEHKvV7IsPxYdfE3jFCU/TllcaAS9M=; h=To:Cc:Subject:Date:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe:From:Reply-To:From; b=Rt6kT2+Dd/8sYmUeRkzCV1HwmBDfyOG4oMh91UHSvPjmH52U/qHNVBLfol87O4Aym SrBF8Hp/CjYCqV6za9dsG7HoGE0du2ZTAKE2uTWXhoDrFKjEodS0+zAw+k/mZ5qJOm v6O4oW/7ShRzJmJvNuku+3Run5VVQtbcOzPWKWrU= X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from mail-wm1-x334.google.com (mail-wm1-x334.google.com [IPv6:2a00:1450:4864:20::334]) by sourceware.org (Postfix) with ESMTPS id A58BB3858D35 for ; Thu, 22 Jun 2023 19:54:46 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org A58BB3858D35 Received: by mail-wm1-x334.google.com with SMTP id 5b1f17b1804b1-3f90b4ac529so63329945e9.0 for ; Thu, 22 Jun 2023 12:54:46 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687463685; x=1690055685; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=mgklL4yIqNUzthEHKvV7IsPxYdfE3jFCU/TllcaAS9M=; b=D8T3lzOf8kY6k4x+mrlEa7gCsI2SRSG5B5NLKI7kCr2u8V2Wgx5oGP9SgX6Qe90ZyC vE8JrggtLOTsMs4ixlF4tw37t3uEWuvrwpQX0ZyWFg+kQylUuuH9+S4VSpGBeYmjOrTt 1d6uPvSqXOoNwXOs4DaOt1C2bnw2q053h5TKcHuHCUU3fsHTKr0SouBQOxIpbukFfMBN pBbkYBIsd/ViEPX2RXpxYX9+P9nFn34KbACqc/e0zlPDIQqkLsDXjR6XTJP7gup2gBL3 JbfwDWe9DbPcku+u1KIOW30+rmjYAY0Qfo2j4/toI4Ia3za0ruNI41xNfAi/ug98vMg+ 1ExA== X-Gm-Message-State: AC+VfDw0AGMXsV++VA/o5FUbs91RFBIE/eyCKFNJGmnpftJxiA2mUyW8 x6mrr8XB4h9fkeimQD1pzifnoJlb8fCr X-Received: by 2002:a7b:cd97:0:b0:3f9:c1b:83c3 with SMTP id y23-20020a7bcd97000000b003f90c1b83c3mr11171103wmj.2.1687463685098; Thu, 22 Jun 2023 12:54:45 -0700 (PDT) Received: from localhost ([2a01:e0a:2ec:f0d0:c8e7:7043:db5a:a473]) by smtp.gmail.com with UTF8SMTPSA id v15-20020a05600c214f00b003fa78d1055esm348558wml.21.2023.06.22.12.54.43 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 22 Jun 2023 12:54:44 -0700 (PDT) X-Google-Original-From: vultkayn@gcc.gnu.org To: gcc-patches@gcc.gnu.org Cc: dmalcolm@redhat.com, benjamin priour Subject: Date: Thu, 22 Jun 2023 21:49:54 +0200 Message-Id: <20230622194952.1834364-1-vultkayn@gcc.gnu.org> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-Spam-Status: No, score=-9.9 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, KAM_BLANKSUBJECT, KAM_SHORT, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Benjamin Priour via Gcc-patches From: "Li, Pan2 via Gcc-patches" Reply-To: priour.be@gmail.com Errors-To: gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org Sender: "Gcc-patches" X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1769433970925976770?= X-GMAIL-MSGID: =?utf-8?q?1769433970925976770?= Hi, Below is the fix to regression bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110198 Was bootstrapped and regtested successfully on x86_64-linux-gnu Considering mishap from last patch, I'd would appreciate if you could also regtest it, to be sure :) Thanks, Benjamin. From 04186f04a3f172d7ccf9824cc71faca489eb39af Mon Sep 17 00:00:00 2001 From: benjamin priour Date: Thu, 22 Jun 2023 21:39:05 +0200 Subject: [PATCH] [PATCH] analyzer: Fix regression bug after r14-1632-g9589a46ddadc8b [pr110198] g++.dg/analyzer/pr100244.C was failing after a patch of PR109439. The reason was a spurious preemptive return of get_store_value upon out-of-bounds read that was preventing further checks. Now instead, a boolean value check_poisoned goes to false when a OOB is detected, and is later on given to get_or_create_initial_value. gcc/analyzer/ChangeLog: * region-model-manager.cc (region_model_manager::get_or_create_initial_value): Take an optional boolean value to bypass poisoning checks * region-model-manager.h: Update declaration of the above function. * region-model.cc (region_model::get_store_value): No longer returns on OOB, but rather gives a boolean to get_or_create_initial_value. (region_model::check_region_access): Update docstring. (region_model::check_region_for_write): Update docstring. Signed-off-by: benjamin priour --- gcc/analyzer/region-model-manager.cc | 5 +++-- gcc/analyzer/region-model-manager.h | 3 ++- gcc/analyzer/region-model.cc | 15 ++++++++------- 3 files changed, 13 insertions(+), 10 deletions(-) diff --git a/gcc/analyzer/region-model-manager.cc b/gcc/analyzer/region-model-manager.cc index 1453acf7bc9..4f11ef4bd29 100644 --- a/gcc/analyzer/region-model-manager.cc +++ b/gcc/analyzer/region-model-manager.cc @@ -293,9 +293,10 @@ region_model_manager::create_unique_svalue (tree type) necessary. */ const svalue * -region_model_manager::get_or_create_initial_value (const region *reg) +region_model_manager::get_or_create_initial_value (const region *reg, + bool check_poisoned) { - if (!reg->can_have_initial_svalue_p ()) + if (!reg->can_have_initial_svalue_p () && check_poisoned) return get_or_create_poisoned_svalue (POISON_KIND_UNINIT, reg->get_type ()); diff --git a/gcc/analyzer/region-model-manager.h b/gcc/analyzer/region-model-manager.h index 3340c3ebd1e..ff5333bf07c 100644 --- a/gcc/analyzer/region-model-manager.h +++ b/gcc/analyzer/region-model-manager.h @@ -49,7 +49,8 @@ public: tree type); const svalue *get_or_create_poisoned_svalue (enum poison_kind kind, tree type); - const svalue *get_or_create_initial_value (const region *reg); + const svalue *get_or_create_initial_value (const region *reg, + bool check_poisoned = true); const svalue *get_ptr_svalue (tree ptr_type, const region *pointee); const svalue *get_or_create_unaryop (tree type, enum tree_code op, const svalue *arg); diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc index 6bc60f89f3d..187013a37cc 100644 --- a/gcc/analyzer/region-model.cc +++ b/gcc/analyzer/region-model.cc @@ -2373,8 +2373,9 @@ region_model::get_store_value (const region *reg, if (reg->empty_p ()) return m_mgr->get_or_create_unknown_svalue (reg->get_type ()); + bool check_poisoned = true; if (check_region_for_read (reg, ctxt)) - return m_mgr->get_or_create_unknown_svalue(reg->get_type()); + check_poisoned = false; /* Special-case: handle var_decls in the constant pool. */ if (const decl_region *decl_reg = reg->dyn_cast_decl_region ()) @@ -2427,7 +2428,7 @@ region_model::get_store_value (const region *reg, == RK_GLOBALS) return get_initial_value_for_global (reg); - return m_mgr->get_or_create_initial_value (reg); + return m_mgr->get_or_create_initial_value (reg, check_poisoned); } /* Return false if REG does not exist, true if it may do. @@ -2790,7 +2791,7 @@ region_model::get_string_size (const region *reg) const /* If CTXT is non-NULL, use it to warn about any problems accessing REG, using DIR to determine if this access is a read or write. - Return TRUE if an UNKNOWN_SVALUE needs be created. + Return TRUE if an OOB access was detected. If SVAL_HINT is non-NULL, use it as a hint in diagnostics about the value that would be written to REG. */ @@ -2804,10 +2805,10 @@ region_model::check_region_access (const region *reg, if (!ctxt) return false; - bool need_unknown_sval = false; + bool oob_access_detected = false; check_region_for_taint (reg, dir, ctxt); if (!check_region_bounds (reg, dir, sval_hint, ctxt)) - need_unknown_sval = true; + oob_access_detected = true; switch (dir) { @@ -2820,7 +2821,7 @@ region_model::check_region_access (const region *reg, check_for_writable_region (reg, ctxt); break; } - return need_unknown_sval; + return oob_access_detected; } /* If CTXT is non-NULL, use it to warn about any problems writing to REG. */ @@ -2834,7 +2835,7 @@ region_model::check_region_for_write (const region *dest_reg, } /* If CTXT is non-NULL, use it to warn about any problems reading from REG. - Returns TRUE if an unknown svalue needs be created. */ + Returns TRUE if an OOB read was detected. */ bool region_model::check_region_for_read (const region *src_reg,