From patchwork Thu Apr 4 16:42:07 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: David Malcolm The warning
+ Improvements to Static Analyzer
+
+
+
+ -Wanalyzer-infinite-loop
+ warns about paths through the code which appear to lead to an infinite loop.
+ -Wanalyzer-overlapping-buffers
warns for paths through the code in which overlapping buffers are passed to an API for which the behavior on such buffers is undefined.
+ -Wanalyzer-undefined-behavior-strtok
+ warns for paths through the code in which a call is made to
+ strtok
with undefined behavior.
+ -fanalyzer-checker=taint
+ (along with
+ -fanalyzer
).
+ This is now enabled by default when
+ -fanalyzer
+ is selected, thus also enabling the 6 taint-based warnings:
+
+
+ -Wanalyzer-tainted-allocation-size
+ -Wanalyzer-tainted-array-index
+ -Wanalyzer-tainted-assertion
+ -Wanalyzer-tainted-divisor
+ -Wanalyzer-tainted-offset
+ -Wanalyzer-tainted-size
+ null_terminated_string_arg(PARAM_IDX)
+ attribute,
+ functions that use the
+ format
+ attribute,
+ and to the library functions
+ error
(parameter 3),
+ error_at_line
(parameter 5),
+ putenv
,
+ strchr
(parameter 1), and
+ strcpy
(parameter 2).
+ -fanalyzer
+ to emit
+ -Wanalyzer-allocation-size
,
+ -Wanalyzer-out-of-bounds
,
+ and
+ -Wanalyzer-tainted-allocation-size
+ on execution paths involving allocations using such functions.
+ fopen
,
+ strcat
,
+ strncpy
, and
+ strstr
.
+ The analyzer will also more precisely model the behavior of
+ memcpy
,
+ memmove
,
+ strcpy
,
+ strdup
,
+ strlen
,
+ and of various atomic
built-in functions.
+ -Wanalyzer-out-of-bounds
+ has been extended so that, where possible, it will emit a text-based
+ diagram visualizing the spatial relationship between
+
+
+ whether they overlap, are touching, are close or far apart;
+ which one is before or after in memory, the relative sizes involved,
+ the direction of the access (read vs write), and, in some cases,
+ the values of data involved.
Such "text art" diagrams can be controlled (or suppressed) via a new + -fdiagnostics-text-art-charset= option. +
For example, given the out-of-bounds write in strcat
in:
+
+
+void test (void) +{ + char buf[10]; + strcpy (buf, "hello"); + strcat (buf, " world!"); +} ++it emits: +
+ ┌────┬────┬────┬────┬────┐┌─────┬─────┬─────┐ + │[0] │[1] │[2] │[3] │[4] ││ [5] │ [6] │ [7] │ + ├────┼────┼────┼────┼────┤├─────┼─────┼─────┤ + │' ' │'w' │'o' │'r' │'l' ││ 'd' │ '!' │ NUL │ + ├────┴────┴────┴────┴────┴┴─────┴─────┴─────┤ + │ string literal (type: 'char[8]') │ + └───────────────────────────────────────────┘ + │ │ │ │ │ │ │ │ + │ │ │ │ │ │ │ │ + v v v v v v v v + ┌─────┬────────────────────┬────┬──────────────┬────┐┌─────────────────┐ + │ [0] │ ... │[5] │ ... │[9] ││ │ + ├─────┼────┬────┬────┬────┬┼────┼──────────────┴────┘│ │ + │ 'h' │'e' │'l' │'l' │'o' ││NUL │ │after valid range│ + ├─────┴────┴────┴────┴────┴┴────┴───────────────────┐│ │ + │ 'buf' (type: 'char[10]') ││ │ + └───────────────────────────────────────────────────┘└─────────────────┘ + ├─────────────────────────┬─────────────────────────┤├────────┬────────┤ + │ │ + ╭─────────┴────────╮ ╭─────────┴─────────╮ + │capacity: 10 bytes│ │overflow of 3 bytes│ + ╰──────────────────╯ ╰───────────────────╯ ++ showing that the overflow occurs partway through the second string + fragment. + +