From patchwork Thu Nov 24 01:52:02 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Malcolm X-Patchwork-Id: 25282 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp3137462wrr; Wed, 23 Nov 2022 17:53:25 -0800 (PST) X-Google-Smtp-Source: AA0mqf7Iqds7konAeT8mEMARqPw5EzM48QRnPuV0h+TeriGowLbL3eR7+2zkYJocRuLVHHuunyK0 X-Received: by 2002:a17:907:2a08:b0:7ae:76a4:e393 with SMTP id fd8-20020a1709072a0800b007ae76a4e393mr26655421ejc.743.1669254805843; Wed, 23 Nov 2022 17:53:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669254805; cv=none; d=google.com; s=arc-20160816; b=HqmiqsJzket72sLdT+CCKndR/qewt6bP58a7z/JJ8zK/1SxGFUVzZ6sQ5Qpx9yw5Qn ODXIQoIUjLKSXfR1GuwMA2xPUTU1CF4JvDnlbNerN9R+NSyAHg1uiyDt5UNBBVumQcSG bV2SJJjNNVRi2NF/93LqMMEorpbrdioBQV0WfIpT7YFIsnjC3f9KKwqg1DORE0p9Ge4O xxBn2Aes4m/LVuA89S90JFbCgAfA1EvSAF5Y/ANtPgon4ncuaC7Xu+AVb7nVgxvuhTpu nkbhPsVKpE9noL7zPE2YUy6en5gijg/HXhA2+qlKZ14tNZ6YXuNW6K0qqyIDs8CIxSRr Sd5A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:reply-to:from:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence :content-transfer-encoding:mime-version:message-id:date:subject:cc :to:dmarc-filter:delivered-to:dkim-signature:dkim-filter; bh=n+aizFkrVMTpfnuP+BferAZYfsdJ0xMTBYm6NWilE+o=; b=XelZRpeOFZbhWfyTpr1xoFD7iIfG8Nf2OurZUPxwm+9ChzaQBIGTZGi16MKlXHy9X0 hVhZ2Br2ne/lav2N5WEjSTAiC+LNnRxZkKrS4eHsA8HbARnUvZ3qmjnqKnfRHPLHjxFC k3oV7t7veiJLfqgbMTtV6LDscypSs4xLlhU6tUJZMceGSu6O2g0CopmQ5Tv9hza/jLvA NT5XwgJVkdps2Ss7HWdO2MkViqqsTZozARRJGnsdRcm6lWrv/08hK2CCPw6tBJ5WF1I9 6bz8lBYK/sXzeRk0KCi5JZf0fLcD0FgeSAEdKKFaDW20nJm6sL4TkPnZl/nCbGFWvdqc yNkg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gcc.gnu.org header.s=default header.b=BubNKAtS; spf=pass (google.com: domain of gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gnu.org Received: from sourceware.org (ip-8-43-85-97.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id t18-20020a1709063e5200b0078e1d213812si338798eji.184.2022.11.23.17.53.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 23 Nov 2022 17:53:25 -0800 (PST) Received-SPF: pass (google.com: domain of gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@gcc.gnu.org header.s=default header.b=BubNKAtS; spf=pass (google.com: domain of gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gnu.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 827043843869 for ; Thu, 24 Nov 2022 01:53:00 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 827043843869 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1669254780; bh=n+aizFkrVMTpfnuP+BferAZYfsdJ0xMTBYm6NWilE+o=; h=To:Cc:Subject:Date:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe:From:Reply-To:From; b=BubNKAtSn2pvuZ+KGap6zKng1+QLB3QJJqj4DVmr3PgFog7i1Czsx5zZBPtqQdkQb gMZQETouL1x077Q+z7zj/kem3PxnXcg7TU2vD/HkKX0XABAWtgo1iIcnhSl5W2RCvK ffEcMY2YPA21xA3Fyl8knEEV60vULK4HwsKjurUI= X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTPS id E5726384F6FB for ; Thu, 24 Nov 2022 01:52:12 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org E5726384F6FB Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-134-DbfupG4LOlSTb8v1exT8mA-1; Wed, 23 Nov 2022 20:52:10 -0500 X-MC-Unique: DbfupG4LOlSTb8v1exT8mA-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 8F2F83C0D840 for ; Thu, 24 Nov 2022 01:52:10 +0000 (UTC) Received: from t14s.localdomain.com (unknown [10.2.16.65]) by smtp.corp.redhat.com (Postfix) with ESMTP id 49D6F1121314; Thu, 24 Nov 2022 01:52:10 +0000 (UTC) To: gcc-patches@gcc.gnu.org Cc: David Malcolm Subject: [committed 1/2] analyzer: move known funs for fds to sm-fd.cc Date: Wed, 23 Nov 2022 20:52:02 -0500 Message-Id: <20221124015203.3367244-1-dmalcolm@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Spam-Status: No, score=-11.9 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: David Malcolm via Gcc-patches From: David Malcolm Reply-To: David Malcolm Errors-To: gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org Sender: "Gcc-patches" X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1750340527170201045?= X-GMAIL-MSGID: =?utf-8?q?1750340527170201045?= This mostly mechanical change enables a simplification in the followup patch. No functional change intended. Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu. Pushed to trunk as r13-4273-g50d5b240424d2b. gcc/analyzer/ChangeLog: * analyzer.h (register_known_fd_functions): New decl. * region-model-impl-calls.cc (class kf_accept): Move to sm-fd.cc. (class kf_bind): Likewise. (class kf_connect): Likewise. (class kf_listen): Likewise. (class kf_pipe): Likewise. (class kf_socket): Likewise. (register_known_functions): Remove registration of the above functions, instead calling register_known_fd_functions. * sm-fd.cc: Include "analyzer/call-info.h". (class kf_socket): Move here from region-model-impl-calls.cc. (class kf_bind): Likewise. (class kf_listen): Likewise. (class kf_accept): Likewise. (class kf_connect): Likewise. (class kf_pipe): Likewise. (register_known_fd_functions): New. Signed-off-by: David Malcolm --- gcc/analyzer/analyzer.h | 1 + gcc/analyzer/region-model-impl-calls.cc | 286 +---------------------- gcc/analyzer/sm-fd.cc | 293 ++++++++++++++++++++++++ 3 files changed, 296 insertions(+), 284 deletions(-) diff --git a/gcc/analyzer/analyzer.h b/gcc/analyzer/analyzer.h index d424b43f2de..4fbe092199f 100644 --- a/gcc/analyzer/analyzer.h +++ b/gcc/analyzer/analyzer.h @@ -258,6 +258,7 @@ public: }; extern void register_known_functions (known_function_manager &mgr); +extern void register_known_fd_functions (known_function_manager &kfm); extern void register_varargs_builtins (known_function_manager &kfm); /* Passed by pointer to PLUGIN_ANALYZER_INIT callbacks. */ diff --git a/gcc/analyzer/region-model-impl-calls.cc b/gcc/analyzer/region-model-impl-calls.cc index 23a21d752cf..d3f2bf8240b 100644 --- a/gcc/analyzer/region-model-impl-calls.cc +++ b/gcc/analyzer/region-model-impl-calls.cc @@ -595,83 +595,6 @@ public: } }; -/* Handle calls to "accept". - See e.g. https://man7.org/linux/man-pages/man3/accept.3p.html */ - -class kf_accept : public known_function -{ - class outcome_of_accept : public succeed_or_fail_call_info - { - public: - outcome_of_accept (const call_details &cd, bool success) - : succeed_or_fail_call_info (cd, success) - {} - - bool update_model (region_model *model, - const exploded_edge *, - region_model_context *ctxt) const final override - { - const call_details cd (get_call_details (model, ctxt)); - return cd.get_model ()->on_accept (cd, m_success); - } - }; - - bool matches_call_types_p (const call_details &cd) const final override - { - return (cd.num_args () == 3 - && cd.arg_is_pointer_p (1) - && cd.arg_is_pointer_p (2)); - } - - void impl_call_post (const call_details &cd) const final override - { - if (cd.get_ctxt ()) - { - cd.get_ctxt ()->bifurcate (make_unique (cd, false)); - cd.get_ctxt ()->bifurcate (make_unique (cd, true)); - cd.get_ctxt ()->terminate_path (); - } - } -}; - -/* Handle calls to "bind". - See e.g. https://man7.org/linux/man-pages/man3/bind.3p.html */ - -class kf_bind : public known_function -{ -public: - class outcome_of_bind : public succeed_or_fail_call_info - { - public: - outcome_of_bind (const call_details &cd, bool success) - : succeed_or_fail_call_info (cd, success) - {} - - bool update_model (region_model *model, - const exploded_edge *, - region_model_context *ctxt) const final override - { - const call_details cd (get_call_details (model, ctxt)); - return cd.get_model ()->on_bind (cd, m_success); - } - }; - - bool matches_call_types_p (const call_details &cd) const final override - { - return (cd.num_args () == 3 && cd.arg_is_pointer_p (1)); - } - - void impl_call_post (const call_details &cd) const final override - { - if (cd.get_ctxt ()) - { - cd.get_ctxt ()->bifurcate (make_unique (cd, false)); - cd.get_ctxt ()->bifurcate (make_unique (cd, true)); - cd.get_ctxt ()->terminate_path (); - } - } -}; - /* Handler for "__builtin_expect" etc. */ class kf_expect : public internal_known_function @@ -723,45 +646,6 @@ kf_calloc::impl_call_pre (const call_details &cd) const } } -/* Handle calls to "connect". - See e.g. https://man7.org/linux/man-pages/man3/connect.3p.html */ - -class kf_connect : public known_function -{ -public: - class outcome_of_connect : public succeed_or_fail_call_info - { - public: - outcome_of_connect (const call_details &cd, bool success) - : succeed_or_fail_call_info (cd, success) - {} - - bool update_model (region_model *model, - const exploded_edge *, - region_model_context *ctxt) const final override - { - const call_details cd (get_call_details (model, ctxt)); - return cd.get_model ()->on_connect (cd, m_success); - } - }; - - bool matches_call_types_p (const call_details &cd) const final override - { - return (cd.num_args () == 3 - && cd.arg_is_pointer_p (1)); - } - - void impl_call_post (const call_details &cd) const final override - { - if (cd.get_ctxt ()) - { - cd.get_ctxt ()->bifurcate (make_unique (cd, false)); - cd.get_ctxt ()->bifurcate (make_unique (cd, true)); - cd.get_ctxt ()->terminate_path (); - } - } -}; - /* Handler for glibc's "__errno_location". */ class kf_errno_location : public known_function @@ -933,43 +817,6 @@ public: for the analyzer). */ }; -/* Handle calls to "listen". - See e.g. https://man7.org/linux/man-pages/man3/listen.3p.html */ - -class kf_listen : public known_function -{ - class outcome_of_listen : public succeed_or_fail_call_info - { - public: - outcome_of_listen (const call_details &cd, bool success) - : succeed_or_fail_call_info (cd, success) - {} - - bool update_model (region_model *model, - const exploded_edge *, - region_model_context *ctxt) const final override - { - const call_details cd (get_call_details (model, ctxt)); - return cd.get_model ()->on_listen (cd, m_success); - } - }; - - bool matches_call_types_p (const call_details &cd) const final override - { - return cd.num_args () == 2; - } - - void impl_call_post (const call_details &cd) const final override - { - if (cd.get_ctxt ()) - { - cd.get_ctxt ()->bifurcate (make_unique (cd, false)); - cd.get_ctxt ()->bifurcate (make_unique (cd, true)); - cd.get_ctxt ()->terminate_path (); - } - } -}; - /* Handle the on_call_pre part of "malloc". */ class kf_malloc : public known_function @@ -1077,92 +924,6 @@ kf_memset::impl_call_pre (const call_details &cd) const model->fill_region (sized_dest_reg, fill_value_u8); } -/* Handler for calls to "pipe" and "pipe2". - See e.g. https://www.man7.org/linux/man-pages/man2/pipe.2.html */ - -class kf_pipe : public known_function -{ - class failure : public failed_call_info - { - public: - failure (const call_details &cd) : failed_call_info (cd) {} - - bool update_model (region_model *model, - const exploded_edge *, - region_model_context *ctxt) const final override - { - /* Return -1; everything else is unchanged. */ - const call_details cd (get_call_details (model, ctxt)); - model->update_for_int_cst_return (cd, -1, true); - return true; - } - }; - - class success : public success_call_info - { - public: - success (const call_details &cd) : success_call_info (cd) {} - - bool update_model (region_model *model, - const exploded_edge *, - region_model_context *ctxt) const final override - { - const call_details cd (get_call_details (model, ctxt)); - - /* Return 0. */ - model->update_for_zero_return (cd, true); - - /* Update fd array. */ - region_model_manager *mgr = cd.get_manager (); - tree arr_tree = cd.get_arg_tree (0); - const svalue *arr_sval = cd.get_arg_svalue (0); - for (int idx = 0; idx < 2; idx++) - { - const region *arr_reg - = model->deref_rvalue (arr_sval, arr_tree, cd.get_ctxt ()); - const svalue *idx_sval - = mgr->get_or_create_int_cst (integer_type_node, idx); - const region *element_reg - = mgr->get_element_region (arr_reg, integer_type_node, idx_sval); - conjured_purge p (model, cd.get_ctxt ()); - const svalue *fd_sval - = mgr->get_or_create_conjured_svalue (integer_type_node, - cd.get_call_stmt (), - element_reg, - p); - model->set_value (element_reg, fd_sval, cd.get_ctxt ()); - model->mark_as_valid_fd (fd_sval, cd.get_ctxt ()); - } - return true; - } - }; - -public: - kf_pipe (unsigned num_args) - : m_num_args (num_args) - { - gcc_assert (num_args > 0); - } - - bool matches_call_types_p (const call_details &cd) const final override - { - return (cd.num_args () == m_num_args && cd.arg_is_pointer_p (0)); - } - - void impl_call_post (const call_details &cd) const final override - { - if (cd.get_ctxt ()) - { - cd.get_ctxt ()->bifurcate (make_unique (cd)); - cd.get_ctxt ()->bifurcate (make_unique (cd)); - cd.get_ctxt ()->terminate_path (); - } - } - -private: - unsigned m_num_args; -}; - /* A subclass of pending_diagnostic for complaining about 'putenv' called on an auto var. */ @@ -1587,44 +1348,6 @@ kf_realloc::impl_call_post (const call_details &cd) const } } -/* Handle calls to "socket". - See e.g. https://man7.org/linux/man-pages/man3/socket.3p.html */ - -class kf_socket : public known_function -{ -public: - class outcome_of_socket : public succeed_or_fail_call_info - { - public: - outcome_of_socket (const call_details &cd, bool success) - : succeed_or_fail_call_info (cd, success) - {} - - bool update_model (region_model *model, - const exploded_edge *, - region_model_context *ctxt) const final override - { - const call_details cd (get_call_details (model, ctxt)); - return cd.get_model ()->on_socket (cd, m_success); - } - }; - - bool matches_call_types_p (const call_details &cd) const final override - { - return cd.num_args () == 3; - } - - void impl_call_post (const call_details &cd) const final override - { - if (cd.get_ctxt ()) - { - cd.get_ctxt ()->bifurcate (make_unique (cd, false)); - cd.get_ctxt ()->bifurcate (make_unique (cd, true)); - cd.get_ctxt ()->terminate_path (); - } - } -}; - /* Handler for "strchr" and "__builtin_strchr". */ class kf_strchr : public known_function @@ -1933,17 +1656,12 @@ register_known_functions (known_function_manager &kfm) /* Known POSIX functions, and some non-standard extensions. */ { - kfm.add ("accept", make_unique ()); - kfm.add ("bind", make_unique ()); - kfm.add ("connect", make_unique ()); kfm.add ("fgets", make_unique ()); kfm.add ("fgets_unlocked", make_unique ()); // non-standard kfm.add ("fread", make_unique ()); - kfm.add ("listen", make_unique ()); - kfm.add ("pipe", make_unique (1)); - kfm.add ("pipe2", make_unique (2)); kfm.add ("putenv", make_unique ()); - kfm.add ("socket", make_unique ()); + + register_known_fd_functions (kfm); } /* glibc functions. */ diff --git a/gcc/analyzer/sm-fd.cc b/gcc/analyzer/sm-fd.cc index f7779be7d26..af59aef401d 100644 --- a/gcc/analyzer/sm-fd.cc +++ b/gcc/analyzer/sm-fd.cc @@ -47,6 +47,7 @@ along with GCC; see the file COPYING3. If not see #include "analyzer/program-state.h" #include "analyzer/supergraph.h" #include "analyzer/analyzer-language.h" +#include "analyzer/call-info.h" #if ENABLE_ANALYZER @@ -2251,6 +2252,44 @@ region_model::mark_as_valid_fd (const svalue *sval, region_model_context *ctxt) fd_sm->mark_as_valid_fd (this, smap, sval, *ext_state); } +/* Handle calls to "socket". + See e.g. https://man7.org/linux/man-pages/man3/socket.3p.html */ + +class kf_socket : public known_function +{ +public: + class outcome_of_socket : public succeed_or_fail_call_info + { + public: + outcome_of_socket (const call_details &cd, bool success) + : succeed_or_fail_call_info (cd, success) + {} + + bool update_model (region_model *model, + const exploded_edge *, + region_model_context *ctxt) const final override + { + const call_details cd (get_call_details (model, ctxt)); + return cd.get_model ()->on_socket (cd, m_success); + } + }; + + bool matches_call_types_p (const call_details &cd) const final override + { + return cd.num_args () == 3; + } + + void impl_call_post (const call_details &cd) const final override + { + if (cd.get_ctxt ()) + { + cd.get_ctxt ()->bifurcate (make_unique (cd, false)); + cd.get_ctxt ()->bifurcate (make_unique (cd, true)); + cd.get_ctxt ()->terminate_path (); + } + } +}; + /* Specialcase hook for handling "socket", for use by kf_socket::outcome_of_socket::update_model. */ @@ -2269,6 +2308,44 @@ region_model::on_socket (const call_details &cd, bool successful) return fd_sm->on_socket (cd, successful, sm_ctxt.get (), *ext_state); } +/* Handle calls to "bind". + See e.g. https://man7.org/linux/man-pages/man3/bind.3p.html */ + +class kf_bind : public known_function +{ +public: + class outcome_of_bind : public succeed_or_fail_call_info + { + public: + outcome_of_bind (const call_details &cd, bool success) + : succeed_or_fail_call_info (cd, success) + {} + + bool update_model (region_model *model, + const exploded_edge *, + region_model_context *ctxt) const final override + { + const call_details cd (get_call_details (model, ctxt)); + return cd.get_model ()->on_bind (cd, m_success); + } + }; + + bool matches_call_types_p (const call_details &cd) const final override + { + return (cd.num_args () == 3 && cd.arg_is_pointer_p (1)); + } + + void impl_call_post (const call_details &cd) const final override + { + if (cd.get_ctxt ()) + { + cd.get_ctxt ()->bifurcate (make_unique (cd, false)); + cd.get_ctxt ()->bifurcate (make_unique (cd, true)); + cd.get_ctxt ()->terminate_path (); + } + } +}; + /* Specialcase hook for handling "bind", for use by kf_bind::outcome_of_bind::update_model. */ @@ -2287,6 +2364,43 @@ region_model::on_bind (const call_details &cd, bool successful) return fd_sm->on_bind (cd, successful, sm_ctxt.get (), *ext_state); } +/* Handle calls to "listen". + See e.g. https://man7.org/linux/man-pages/man3/listen.3p.html */ + +class kf_listen : public known_function +{ + class outcome_of_listen : public succeed_or_fail_call_info + { + public: + outcome_of_listen (const call_details &cd, bool success) + : succeed_or_fail_call_info (cd, success) + {} + + bool update_model (region_model *model, + const exploded_edge *, + region_model_context *ctxt) const final override + { + const call_details cd (get_call_details (model, ctxt)); + return cd.get_model ()->on_listen (cd, m_success); + } + }; + + bool matches_call_types_p (const call_details &cd) const final override + { + return cd.num_args () == 2; + } + + void impl_call_post (const call_details &cd) const final override + { + if (cd.get_ctxt ()) + { + cd.get_ctxt ()->bifurcate (make_unique (cd, false)); + cd.get_ctxt ()->bifurcate (make_unique (cd, true)); + cd.get_ctxt ()->terminate_path (); + } + } +}; + /* Specialcase hook for handling "listen", for use by kf_listen::outcome_of_listen::update_model. */ @@ -2305,6 +2419,45 @@ region_model::on_listen (const call_details &cd, bool successful) return fd_sm->on_listen (cd, successful, sm_ctxt.get (), *ext_state); } +/* Handle calls to "accept". + See e.g. https://man7.org/linux/man-pages/man3/accept.3p.html */ + +class kf_accept : public known_function +{ + class outcome_of_accept : public succeed_or_fail_call_info + { + public: + outcome_of_accept (const call_details &cd, bool success) + : succeed_or_fail_call_info (cd, success) + {} + + bool update_model (region_model *model, + const exploded_edge *, + region_model_context *ctxt) const final override + { + const call_details cd (get_call_details (model, ctxt)); + return cd.get_model ()->on_accept (cd, m_success); + } + }; + + bool matches_call_types_p (const call_details &cd) const final override + { + return (cd.num_args () == 3 + && cd.arg_is_pointer_p (1) + && cd.arg_is_pointer_p (2)); + } + + void impl_call_post (const call_details &cd) const final override + { + if (cd.get_ctxt ()) + { + cd.get_ctxt ()->bifurcate (make_unique (cd, false)); + cd.get_ctxt ()->bifurcate (make_unique (cd, true)); + cd.get_ctxt ()->terminate_path (); + } + } +}; + /* Specialcase hook for handling "accept", for use by kf_accept::outcome_of_accept::update_model. */ @@ -2323,6 +2476,45 @@ region_model::on_accept (const call_details &cd, bool successful) return fd_sm->on_accept (cd, successful, sm_ctxt.get (), *ext_state); } +/* Handle calls to "connect". + See e.g. https://man7.org/linux/man-pages/man3/connect.3p.html */ + +class kf_connect : public known_function +{ +public: + class outcome_of_connect : public succeed_or_fail_call_info + { + public: + outcome_of_connect (const call_details &cd, bool success) + : succeed_or_fail_call_info (cd, success) + {} + + bool update_model (region_model *model, + const exploded_edge *, + region_model_context *ctxt) const final override + { + const call_details cd (get_call_details (model, ctxt)); + return cd.get_model ()->on_connect (cd, m_success); + } + }; + + bool matches_call_types_p (const call_details &cd) const final override + { + return (cd.num_args () == 3 + && cd.arg_is_pointer_p (1)); + } + + void impl_call_post (const call_details &cd) const final override + { + if (cd.get_ctxt ()) + { + cd.get_ctxt ()->bifurcate (make_unique (cd, false)); + cd.get_ctxt ()->bifurcate (make_unique (cd, true)); + cd.get_ctxt ()->terminate_path (); + } + } +}; + /* Specialcase hook for handling "connect", for use by kf_connect::outcome_of_connect::update_model. */ @@ -2341,6 +2533,107 @@ region_model::on_connect (const call_details &cd, bool successful) return fd_sm->on_connect (cd, successful, sm_ctxt.get (), *ext_state); } +/* Handler for calls to "pipe" and "pipe2". + See e.g. https://www.man7.org/linux/man-pages/man2/pipe.2.html */ + +class kf_pipe : public known_function +{ + class failure : public failed_call_info + { + public: + failure (const call_details &cd) : failed_call_info (cd) {} + + bool update_model (region_model *model, + const exploded_edge *, + region_model_context *ctxt) const final override + { + /* Return -1; everything else is unchanged. */ + const call_details cd (get_call_details (model, ctxt)); + model->update_for_int_cst_return (cd, -1, true); + return true; + } + }; + + class success : public success_call_info + { + public: + success (const call_details &cd) : success_call_info (cd) {} + + bool update_model (region_model *model, + const exploded_edge *, + region_model_context *ctxt) const final override + { + const call_details cd (get_call_details (model, ctxt)); + + /* Return 0. */ + model->update_for_zero_return (cd, true); + + /* Update fd array. */ + region_model_manager *mgr = cd.get_manager (); + tree arr_tree = cd.get_arg_tree (0); + const svalue *arr_sval = cd.get_arg_svalue (0); + for (int idx = 0; idx < 2; idx++) + { + const region *arr_reg + = model->deref_rvalue (arr_sval, arr_tree, cd.get_ctxt ()); + const svalue *idx_sval + = mgr->get_or_create_int_cst (integer_type_node, idx); + const region *element_reg + = mgr->get_element_region (arr_reg, integer_type_node, idx_sval); + conjured_purge p (model, cd.get_ctxt ()); + const svalue *fd_sval + = mgr->get_or_create_conjured_svalue (integer_type_node, + cd.get_call_stmt (), + element_reg, + p); + model->set_value (element_reg, fd_sval, cd.get_ctxt ()); + model->mark_as_valid_fd (fd_sval, cd.get_ctxt ()); + } + return true; + } + }; + +public: + kf_pipe (unsigned num_args) + : m_num_args (num_args) + { + gcc_assert (num_args > 0); + } + + bool matches_call_types_p (const call_details &cd) const final override + { + return (cd.num_args () == m_num_args && cd.arg_is_pointer_p (0)); + } + + void impl_call_post (const call_details &cd) const final override + { + if (cd.get_ctxt ()) + { + cd.get_ctxt ()->bifurcate (make_unique (cd)); + cd.get_ctxt ()->bifurcate (make_unique (cd)); + cd.get_ctxt ()->terminate_path (); + } + } + +private: + unsigned m_num_args; +}; + +/* Populate KFM with instances of known functions relating to + file descriptors. */ + +void +register_known_fd_functions (known_function_manager &kfm) +{ + kfm.add ("accept", make_unique ()); + kfm.add ("bind", make_unique ()); + kfm.add ("connect", make_unique ()); + kfm.add ("listen", make_unique ()); + kfm.add ("pipe", make_unique (1)); + kfm.add ("pipe2", make_unique (2)); + kfm.add ("socket", make_unique ()); +} + } // namespace ana #endif // ENABLE_ANALYZER From patchwork Thu Nov 24 01:52:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Malcolm X-Patchwork-Id: 25281 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp3137436wrr; Wed, 23 Nov 2022 17:53:23 -0800 (PST) X-Google-Smtp-Source: AA0mqf6NyLN+BMDWiWJvRu7vz0JZEmG5yn68C1bXKC1Ud7UXy4k04MUL2BfSKtrLfqogECePay/D X-Received: by 2002:a05:6402:321e:b0:469:ebc0:2247 with SMTP id g30-20020a056402321e00b00469ebc02247mr9033168eda.217.1669254803147; Wed, 23 Nov 2022 17:53:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669254803; cv=none; d=google.com; s=arc-20160816; b=G8SHjTarLws21Rfkp8SmWjqU1oDru10d/i/h5CmKQfKwcfFmHAdkqk0QvhKHmpkmN/ 79CnGAExnAWtjN6YdHVnwPRBaPoA6zaS0yrlALPS9S3dw3FK/wlsnEsfF47t/u8z8wmw aCeSCoQn86B0kCEpAY3EXL6PjM+7L53jk215Ofo/wz+k3xaiEleOPITcvUlrXhuA31Qf YymtCqYdy4OsoqrDA6u2M5RD5Rcl/Bmy2YDCbpMY/Asme++FhKfvNRVDFrca4RlyhkQS +ASf4Gno9qEKUxdp7JoXlcCn3z6c6utHhoQxOuyIP/NpPOhXe8ECNQzrvqqP9kHn8lfY Aa3A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:reply-to:from:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence :content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:dmarc-filter:delivered-to :dkim-signature:dkim-filter; bh=Jds1r1zNEI2Lfc21XhQPkQQ178fhdADcbOyNbYCUo/Y=; b=DknPYmEdodat5jRAHs5ULofS7IfkK0mJZgSG1vT3o0ZGRkyqKLik6F4/fmhNPtaoGF ZiiTIlR0iPlAA/TEd55vVkgPqB872626K2IIC2ZlPZtPUDxWXD8TPhGADFnBJGDWbI/i VELPq04/ARrSjZEyEofPDiLW8HJzpSPVLvd451zsW/1/X0aHwEt3U2YvwdfSGrAvGKr1 tXdcffqNOE13o17MZTaT+AyyCjdizzjY7DeM3tVxOl6aQFd17lUZ2r2wbWj1pdaw6/jx JbVOLusjkCdi3MmLKqplfrsJI8kFOSeNQ6uZWyPgfFc8b9tZJn+kwv2m2KaMfh4WXLaw TmAA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gcc.gnu.org header.s=default header.b=xvooUaJY; spf=pass (google.com: domain of gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gnu.org Received: from sourceware.org (server2.sourceware.org. [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id ds21-20020a170907725500b007adfc1509afsi1168213ejc.34.2022.11.23.17.53.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 23 Nov 2022 17:53:23 -0800 (PST) Received-SPF: pass (google.com: domain of gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) client-ip=2620:52:3:1:0:246e:9693:128c; Authentication-Results: mx.google.com; dkim=pass header.i=@gcc.gnu.org header.s=default header.b=xvooUaJY; spf=pass (google.com: domain of gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gnu.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 2795738432D1 for ; Thu, 24 Nov 2022 01:52:59 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 2795738432D1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1669254779; bh=Jds1r1zNEI2Lfc21XhQPkQQ178fhdADcbOyNbYCUo/Y=; h=To:Cc:Subject:Date:In-Reply-To:References:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From:Reply-To:From; b=xvooUaJYrZecSM3/gBIwxpto2xxCmSO4jACWAWaxj4pwRNUVKmm9Too9vcKUiBag6 cntHMnOyogbFpZ/6u26u820SuUZ7og13+vlIYh2lhKuYVmSeTnSxRny/g/leyRcL3w zLZ8bITTDFZo6Au341dYYbPi5MNIf6ri/qNy9IWU= X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTPS id AFDDA384F489 for ; Thu, 24 Nov 2022 01:52:14 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org AFDDA384F489 Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-154-s7RSD1XgPBuavh8qYLgyQg-1; Wed, 23 Nov 2022 20:52:11 -0500 X-MC-Unique: s7RSD1XgPBuavh8qYLgyQg-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 9EC17101A56C for ; Thu, 24 Nov 2022 01:52:11 +0000 (UTC) Received: from t14s.localdomain.com (unknown [10.2.16.65]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5EAB01121314; Thu, 24 Nov 2022 01:52:11 +0000 (UTC) To: gcc-patches@gcc.gnu.org Cc: David Malcolm Subject: [committed 2/2] analyzer: eliminate region_model::on_ fns for sockets Date: Wed, 23 Nov 2022 20:52:03 -0500 Message-Id: <20221124015203.3367244-2-dmalcolm@redhat.com> In-Reply-To: <20221124015203.3367244-1-dmalcolm@redhat.com> References: <20221124015203.3367244-1-dmalcolm@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Spam-Status: No, score=-11.4 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: David Malcolm via Gcc-patches From: David Malcolm Reply-To: David Malcolm Errors-To: gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org Sender: "Gcc-patches" X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1750340524412953439?= X-GMAIL-MSGID: =?utf-8?q?1750340524412953439?= This mostly mechanical patch eliminates a confusing extra layer of redundant calls in the handling of socket-related functions. Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu. Pushed to trunk as r13-4274-g5d2908b7bf9305. gcc/analyzer/ChangeLog: * region-model.h (region_model::on_socket): Delete decl. (region_model::on_bind): Likewise. (region_model::on_listen): Likewise. (region_model::on_accept): Likewise. (region_model::on_connect): Likewise. * sm-fd.cc (kf_socket::outcome_of_socket::update_model): Move body of region_model::on_socket into here, ... (region_model::on_socket): ...eliminating this function. (kf_bind::outcome_of_bind::update_model): Likewise for on_bind... (region_model::on_bind): ...eliminating this function. (kf_listen::outcome_of_listen::update_model): Likewise fo on_listen... (region_model::on_listen): ...eliminating this function. (kf_accept::outcome_of_accept::update_model): Likewise fo on_accept... (region_model::on_accept): ...eliminating this function. (kf_connect::outcome_of_connect::update_model): Likewise fo on_connect... (region_model::on_connect): ...eliminating this function. Signed-off-by: David Malcolm --- gcc/analyzer/region-model.h | 5 -- gcc/analyzer/sm-fd.cc | 144 ++++++++++++------------------------ 2 files changed, 49 insertions(+), 100 deletions(-) diff --git a/gcc/analyzer/region-model.h b/gcc/analyzer/region-model.h index 8e4616c28de..4413f5542d9 100644 --- a/gcc/analyzer/region-model.h +++ b/gcc/analyzer/region-model.h @@ -515,11 +515,6 @@ class region_model /* Implemented in sm-fd.cc */ void mark_as_valid_fd (const svalue *sval, region_model_context *ctxt); - bool on_socket (const call_details &cd, bool successful); - bool on_bind (const call_details &cd, bool successful); - bool on_listen (const call_details &cd, bool successful); - bool on_accept (const call_details &cd, bool successful); - bool on_connect (const call_details &cd, bool successful); /* Implemented in sm-malloc.cc */ void on_realloc_with_move (const call_details &cd, diff --git a/gcc/analyzer/sm-fd.cc b/gcc/analyzer/sm-fd.cc index af59aef401d..8f8ec851bab 100644 --- a/gcc/analyzer/sm-fd.cc +++ b/gcc/analyzer/sm-fd.cc @@ -2270,7 +2270,16 @@ public: region_model_context *ctxt) const final override { const call_details cd (get_call_details (model, ctxt)); - return cd.get_model ()->on_socket (cd, m_success); + sm_state_map *smap; + const fd_state_machine *fd_sm; + std::unique_ptr sm_ctxt; + if (!get_fd_state (ctxt, &smap, &fd_sm, NULL, &sm_ctxt)) + return true; + const extrinsic_state *ext_state = ctxt->get_ext_state (); + if (!ext_state) + return true; + + return fd_sm->on_socket (cd, m_success, sm_ctxt.get (), *ext_state); } }; @@ -2290,24 +2299,6 @@ public: } }; -/* Specialcase hook for handling "socket", for use by - kf_socket::outcome_of_socket::update_model. */ - -bool -region_model::on_socket (const call_details &cd, bool successful) -{ - sm_state_map *smap; - const fd_state_machine *fd_sm; - std::unique_ptr sm_ctxt; - if (!get_fd_state (cd.get_ctxt (), &smap, &fd_sm, NULL, &sm_ctxt)) - return true; - const extrinsic_state *ext_state = cd.get_ctxt ()->get_ext_state (); - if (!ext_state) - return true; - - return fd_sm->on_socket (cd, successful, sm_ctxt.get (), *ext_state); -} - /* Handle calls to "bind". See e.g. https://man7.org/linux/man-pages/man3/bind.3p.html */ @@ -2326,7 +2317,15 @@ public: region_model_context *ctxt) const final override { const call_details cd (get_call_details (model, ctxt)); - return cd.get_model ()->on_bind (cd, m_success); + sm_state_map *smap; + const fd_state_machine *fd_sm; + std::unique_ptr sm_ctxt; + if (!get_fd_state (ctxt, &smap, &fd_sm, NULL, &sm_ctxt)) + return true; + const extrinsic_state *ext_state = ctxt->get_ext_state (); + if (!ext_state) + return true; + return fd_sm->on_bind (cd, m_success, sm_ctxt.get (), *ext_state); } }; @@ -2346,24 +2345,6 @@ public: } }; -/* Specialcase hook for handling "bind", for use by - kf_bind::outcome_of_bind::update_model. */ - -bool -region_model::on_bind (const call_details &cd, bool successful) -{ - sm_state_map *smap; - const fd_state_machine *fd_sm; - std::unique_ptr sm_ctxt; - if (!get_fd_state (cd.get_ctxt (), &smap, &fd_sm, NULL, &sm_ctxt)) - return true; - const extrinsic_state *ext_state = cd.get_ctxt ()->get_ext_state (); - if (!ext_state) - return true; - - return fd_sm->on_bind (cd, successful, sm_ctxt.get (), *ext_state); -} - /* Handle calls to "listen". See e.g. https://man7.org/linux/man-pages/man3/listen.3p.html */ @@ -2381,7 +2362,16 @@ class kf_listen : public known_function region_model_context *ctxt) const final override { const call_details cd (get_call_details (model, ctxt)); - return cd.get_model ()->on_listen (cd, m_success); + sm_state_map *smap; + const fd_state_machine *fd_sm; + std::unique_ptr sm_ctxt; + if (!get_fd_state (ctxt, &smap, &fd_sm, NULL, &sm_ctxt)) + return true; + const extrinsic_state *ext_state = ctxt->get_ext_state (); + if (!ext_state) + return true; + + return fd_sm->on_listen (cd, m_success, sm_ctxt.get (), *ext_state); } }; @@ -2401,24 +2391,6 @@ class kf_listen : public known_function } }; -/* Specialcase hook for handling "listen", for use by - kf_listen::outcome_of_listen::update_model. */ - -bool -region_model::on_listen (const call_details &cd, bool successful) -{ - sm_state_map *smap; - const fd_state_machine *fd_sm; - std::unique_ptr sm_ctxt; - if (!get_fd_state (cd.get_ctxt (), &smap, &fd_sm, NULL, &sm_ctxt)) - return true; - const extrinsic_state *ext_state = cd.get_ctxt ()->get_ext_state (); - if (!ext_state) - return true; - - return fd_sm->on_listen (cd, successful, sm_ctxt.get (), *ext_state); -} - /* Handle calls to "accept". See e.g. https://man7.org/linux/man-pages/man3/accept.3p.html */ @@ -2436,7 +2408,16 @@ class kf_accept : public known_function region_model_context *ctxt) const final override { const call_details cd (get_call_details (model, ctxt)); - return cd.get_model ()->on_accept (cd, m_success); + sm_state_map *smap; + const fd_state_machine *fd_sm; + std::unique_ptr sm_ctxt; + if (!get_fd_state (ctxt, &smap, &fd_sm, NULL, &sm_ctxt)) + return true; + const extrinsic_state *ext_state = ctxt->get_ext_state (); + if (!ext_state) + return true; + + return fd_sm->on_accept (cd, m_success, sm_ctxt.get (), *ext_state); } }; @@ -2458,24 +2439,6 @@ class kf_accept : public known_function } }; -/* Specialcase hook for handling "accept", for use by - kf_accept::outcome_of_accept::update_model. */ - -bool -region_model::on_accept (const call_details &cd, bool successful) -{ - sm_state_map *smap; - const fd_state_machine *fd_sm; - std::unique_ptr sm_ctxt; - if (!get_fd_state (cd.get_ctxt (), &smap, &fd_sm, NULL, &sm_ctxt)) - return true; - const extrinsic_state *ext_state = cd.get_ctxt ()->get_ext_state (); - if (!ext_state) - return true; - - return fd_sm->on_accept (cd, successful, sm_ctxt.get (), *ext_state); -} - /* Handle calls to "connect". See e.g. https://man7.org/linux/man-pages/man3/connect.3p.html */ @@ -2494,7 +2457,16 @@ public: region_model_context *ctxt) const final override { const call_details cd (get_call_details (model, ctxt)); - return cd.get_model ()->on_connect (cd, m_success); + sm_state_map *smap; + const fd_state_machine *fd_sm; + std::unique_ptr sm_ctxt; + if (!get_fd_state (ctxt, &smap, &fd_sm, NULL, &sm_ctxt)) + return true; + const extrinsic_state *ext_state = ctxt->get_ext_state (); + if (!ext_state) + return true; + + return fd_sm->on_connect (cd, m_success, sm_ctxt.get (), *ext_state); } }; @@ -2515,24 +2487,6 @@ public: } }; -/* Specialcase hook for handling "connect", for use by - kf_connect::outcome_of_connect::update_model. */ - -bool -region_model::on_connect (const call_details &cd, bool successful) -{ - sm_state_map *smap; - const fd_state_machine *fd_sm; - std::unique_ptr sm_ctxt; - if (!get_fd_state (cd.get_ctxt (), &smap, &fd_sm, NULL, &sm_ctxt)) - return true; - const extrinsic_state *ext_state = cd.get_ctxt ()->get_ext_state (); - if (!ext_state) - return true; - - return fd_sm->on_connect (cd, successful, sm_ctxt.get (), *ext_state); -} - /* Handler for calls to "pipe" and "pipe2". See e.g. https://www.man7.org/linux/man-pages/man2/pipe.2.html */