This patch adds the reproducers reported in PR 110014 as test cases. The
false positives in those cases are already fixed with PR 109577.
2023-06-09 Tim Lange
PR analyzer/110014
gcc/testsuite/ChangeLog:
* gcc.dg/analyzer/pr110014.c: New tests.
---
gcc/testsuite/gcc.dg
as correct. This fixes the bug reported in PR 109577 by
Paul Eggert.
Regression-tested on Linux x86-64 with -m32 and -m64.
2023-06-09 Tim Lange
PR analyzer/109577
gcc/analyzer/ChangeLog:
* constraint-manager.cc (class sval_finder): Visitor to find
childs in svalue trees
Hi Berke,
I had the same problem last year. Many IDEs don't really work for
developing gcc. Most here probably use either emacs or vim. If you want
to use an IDE, you might have to do some hacks.
The oldschool indentation style of gcc (mix of tab and spaces) is not
widely supported.
> ...it took me a moment to realize that the analyzer "sees" that this is
> "main", and thus buf_size is 0.
>
> Interestingly, if I rename it to not be "main" (and thus buf_size could
> be non-zero), we still don't complain:
> https://godbolt.org/z/PezfTo9Mz
> Presumably this is a known
.
- Tim
This patch adds handling of empty ranges in bit_range and byte_range and
adds an assertion to member functions that assume a positive size.
Further, the patch fixes an ICE caused by an empty byte_range passed to
byte_range::exceeds_p.
Regression-tested on Linux x86_64.
2022-09-10 Tim
url, httpd and
openssh as usual.
2022-09-07 Tim Lange
gcc/analyzer/ChangeLog:
PR analyzer/106625
* analyzer.h (region_offset): Eliminate m_is_symbolic member.
* region-model-impl-calls.cc (region_model::impl_call_realloc):
Refine implementation to be mo
Hi,
below is my patch, adding support for reasoning about buffer overflows and
overreads with symbolic offsets and capacities.
I've already had one off-list feedback from Dave after sending him my
preliminary work. Below, I'll be also answering some of the questions that
came up during the first
-04 Tim Lange
gcc/analyzer/ChangeLog:
* region-model-impl-calls.cc (region_model::impl_call_strcpy):
Handle the constant string case.
* region-model.cc (region_model::get_string_size):
New function to get the string size from a region or svalue.
* region
where the analyzer is able to reason about the inequality of
the size argument and the string size.
Regrtested on Linux x86_64.
2022-09-02 Tim Lange
gcc/analyzer/ChangeLog:
* region-model-impl-calls.cc (region_model::impl_call_strncpy):
New function.
* region-model.cc
This patch fixes a bug where maybe_fold_sub_svalue did not fold the
access of a single char from a string to a char when the offset was zero
because get_relative_concrete_offset did return false for cast_regions.
Regrtested on Linux x86_64.
2022-09-02 Tim Lange
gcc/analyzer/ChangeLog
On Mi, Aug 31 2022 at 10:35:08 -0400, Jason Merrill via Gcc
wrote:
Generally we want to use the GCC hash_map because it works with GCC
garbage
collection (and PCH). Is that not relevant to your patch?
Jason
The map is only part a short-lived visitor object inside the analyzer
and is used
Hello,
I was preparing a patch for GCC and used the unordered_map from the C++
stdlib in my patch. Later on, I noticed that it is used nowhere else
inside GCC except for some files in the go frontend.
I wondered, now that building GCC requires a C++11 host compiler,
whether there is a
stating that and
the current limitations are documented in invoke.texi.
- Tim
This patch adds a new checker to complain about overlapping buffers on
calls to memcpy and mempcpy.
Regression-tested on Linux x86_64 and tested as usual on coreutils, curl,
httpd and openssh.
2022-08-21 Tim Lange
gcc
ested on Linux x86_64.
2022-08-17 Tim Lange
gcc/analyzer/ChangeLog:
PR analyzer/106181
* analyzer.opt: Add Wanalyzer-imprecise-floating-point-arithmetic.
* region-model.cc (is_any_cast_p): Formatting.
(region_model::check_region_size): Ensure precond
the analyzer & analyzer-torture tests with
the -m32 option enabled and had no false positives on coreutils, httpd,
openssh and curl.
2022-08-15 Tim Lange
gcc/analyzer/ChangeLog:
PR analyzer/106181
* analyzer.opt: Add Wanalyzer-imprecise-floating-point-arithmetic.
* region-mo
This patch disables Wanalyzer-out-of-bounds for analyzer/torture/pr93451.c
and makes the test case pass when compiled with -m32.
The emitted warning is a true positive but only occurs if
sizeof (long int) is less than sizeof (double). I've already discussed a
similar case with Dave in the context
in bugzilla.
Regression-tested on Linux x86-64, further ran the analyzer tests with
the -m32 option.
2022-08-11 Tim Lange
gcc/analyzer/ChangeLog:
PR analyzer/106000
* analyzer.opt: Add Wanalyzer-out-of-bounds.
* region-model.cc (class out_of_bounds): Diagnostics base
This patch adds the "shrinks buffer" case to the success_with_move
modelling of realloc.
Regression-tested on Linux x86-64, further ran the analyzer tests with
the -m32 option.
2022-08-11 Tim Lange
gcc/analyzer/ChangeLog:
PR analyzer/106539
* region-model-imp
in bugzilla.
(Regrtests still running with the latest changes, will report back later.)
2022-08-09 Tim Lange
gcc/analyzer/ChangeLog:
PR analyzer/106000
* analyzer.opt: Add Wanalyzer-out-of-bounds.
* region-model.cc (class out_of_bounds): Diagnostics base class
This patch adds the "shrinks buffer" case to the success_with_move
modelling of realloc.
2022-08-09 Tim Lange
gcc/analyzer/ChangeLog:
PR analyzer/106539
* region-model-impl-calls.cc (region_model::impl_call_realloc):
Add get_copied_size function and pass
Hi everyone,
while testing a new buffer overlap and restrict checker in the analyzer,
it emitted a warning inside coreutils. During the discussion [0], Paul
Eggert posted a link to the current draft of the next C standard [1]
with new examples for the definition of 'restrict'. Especially example
On Thu, Jul 28 2022 at 02:46:58 PM -0400, David Malcolm via Gcc
wrote:
Is there documentation on setting up text editors to work with our
coding style? A lot of the next generation of developers aren't using
vi or emacs; they's using VS Code, CLion, and other editors. Does
anyone have
This patch unifies the handling of zero capacity regions for structs
and other types in the allocation size checker.
Regression-tested on x86_64 Linux.
2022-07-22 Tim Lange
gcc/analyzer/ChangeLog:
PR analyzer/106394
* region-model.cc (capacity_compatible_with_type): Always
On Tue, Jul 5 2022 at 05:37:46 PM -0400, David Malcolm
wrote:
On Tue, 2022-07-05 at 21:49 +0200, Tim Lange wrote:
This patch fixes the ICE reported in PR106181 by Arseny Solokha.
With
this patch, the allocation size checker tries to handle
floating-point
operands of allocation size
also be represented as a positive integer. In all other
cases and on unhandled constants, the checker falls back to not
emitting a warning.
Also, I unified the logic on zero byte allocations.
Regression-tested on x86_64 linux.
2022-07-05 Tim Lange
gcc/analyzer/ChangeLog:
PR analyzer
size
checker to fixed-width types of stdint.h to account for different
architectures with different type widths.
2022-07-03 Tim Lange
gcc/testsuite/ChangeLog:
* gcc.dg/analyzer/allocation-size-1.c: Use fixed-length types.
* gcc.dg/analyzer/allocation-size-2.c: Likewise
Hi everyone,
I've added myself to write after approval and DCO section.
- Tim
2022-07-02 Tim Lange
ChangeLog:
* MAINTAINERS: Add myself.
---
MAINTAINERS | 2 ++
1 file changed, 2 insertions(+)
diff --git a/MAINTAINERS b/MAINTAINERS
index 3c448ba9eb6..17bebefa2db 100644
Hi,
here's the updated patch that should address all the comments from the v2.
- Tim
This patch adds an checker that warns about code paths in which a buffer is
assigned to a incompatible type, i.e. when the allocated buffer size is not a
multiple of the pointee's size.
2022-07-30 Tim Lange
On Wed Jun 29, 2022 at 7:39 PM CEST, David Malcolm wrote:
> On Wed, 2022-06-29 at 17:39 +0200, Tim Lange wrote:
>
> > Hi,
>
> Thanks for the updated patch.
>
> Overall, looks nearly ready; various nits inline below, throughout...
>
> >
> > I've addre
* gcc.dg/analyzer/allocation-size-3.c: New test.
* gcc.dg/analyzer/allocation-size-4.c: New test.
* gcc.dg/analyzer/allocation-size-5.c: New test.
Signed-off-by: Tim Lange
---
gcc/analyzer/analyzer.opt | 4 +
gcc/analyzer/checker-path.cc |
fore node
breaks the assumptions inside exploded_graph::get_or_create_node.
I don't know what's the best/elegant way of solving this. Is a solution to
attach the return svalue to the return edge and then use it later in the
PK_BEFORE_SUPERNODE?
Signed-off-by: Tim Lange
---
gcc/analyzer/ana
On Sat Jun 18, 2022 at 12:13 AM CEST, David Malcolm wrote:
> On Fri, 2022-06-17 at 22:23 +0200, Tim Lange wrote:
> > On Fri, Jun 17, 2022 at 01:48:09PM -0400, David Malcolm wrote:
> > > On Fri, 2022-06-17 at 17:54 +0200, Tim Lange wrote:
>
> [...snip...]
>
> > &g
On Fri, Jun 17, 2022 at 01:48:09PM -0400, David Malcolm wrote:
> On Fri, 2022-06-17 at 17:54 +0200, Tim Lange wrote:
> > Hi everyone,
>
> Hi Tim.
>
> Thanks for the patch.
>
> Various comments inline below, throughout...
>
> >
> > tracked in PR105
On Fr, Jun 17 2022 at 22:45:42 +0530, Prathamesh Kulkarni
wrote:
On Fri, 17 Jun 2022 at 21:25, Tim Lange wrote:
Hi everyone,
Hi Tim,
Thanks for posting the POC patch!
Just a couple of comments (inline)
Hi Prathamesh,
thanks for looking at it.
tracked in PR105900 [0], I'd like
.
* gcc.dg/analyzer/allocation-size-1.c: New test.
* gcc.dg/analyzer/allocation-size-2.c: New test.
* gcc.dg/analyzer/allocation-size-3.c: New test.
* gcc.dg/analyzer/allocation-size-4.c: New test.
Signed-off-by: Tim Lange
---
gcc/analyzer/analyzer.opt
n-size-3.c: New test.
* gcc.dg/analyzer/allocation-size-4.c: New test.
Signed-off-by: Tim Lange
---
gcc/analyzer/analyzer.opt | 4 +
gcc/analyzer/sm-malloc.cc | 363 +-
.../gcc.dg/analyzer/allocation-size-1.c | 54 +++
.../gcc.dg/analyzer/allocation-size-2.c | 44 +++
.../gcc.d
On Do, Jun 9 2022 at 13:40:06 -0400, David Malcolm
wrote:
On Thu, 2022-06-09 at 16:49 +0200, Tim Lange wrote:
> On Mi, Jun 8 2022 at 11:12:52 -0400, David Malcolm
wrote:
> > On Wed, 2022-06-08 at 01:42 +0200, Tim Lange wrote:
> >
> > Hi Dave,
Hi Tim; var
> On Mi, Jun 8 2022 at 11:12:52 -0400, David Malcolm
wrote:
> > On Wed, 2022-06-08 at 01:42 +0200, Tim Lange wrote:
> >
> > Hi Dave,
> >
> > I did spent some time to think about the zero state machine. I
first
> > thought about distinguishing between
Hi everyone,
my name is Tim and I'm also working on the static analyzer this summer.
Some of you might already noticed my nooby questions in the IRC ;).
Specifically, I'll be working on extending the analyzer with several
smaller warnings that the clang analyzer already has. David created a
Hi everyone,
Hi David,
I'm interested in extending the static analysis pass as a GSoC project.
Short introduction of me: I'm Tim, currently doing my master in
computer science with focus on IT security at TU Darmstadt. I already
worked with IFDS as part of my bachelor thesis and took both
40 matches
Mail list logo
