From patchwork Fri Dec 2 02:35:41 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Malcolm X-Patchwork-Id: 61336 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id C4D2A385843A for ; Fri, 2 Dec 2022 02:36:16 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org C4D2A385843A DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1669948576; bh=RcPoNEWk2JHc4CUKMTVCFKXQ2xIj38jpx4ymTG1qb2c=; h=To:Cc:Subject:Date:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe:From:Reply-To:From; b=LJc868ITcQo7d535b3zQotfxwLawUdIBAl+y4wfwzxmXhjRUBxBVCsM8nbzVKX8+c ZwzXQq0LEi3pYLgsC/+Uwjs+4OSv+bnPwhgmVm/EpqjWr/UIKGNKyhcZpQ/kgpnj7z aGa9csyJL3k7Ops9obRDABNzCXapTmkbRqDUvHzY= X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTPS id 388523858D3C for ; Fri, 2 Dec 2022 02:35:47 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 388523858D3C Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-562-Bes6Er0ZNEGvQIE4g_AGTA-1; Thu, 01 Dec 2022 21:35:45 -0500 X-MC-Unique: Bes6Er0ZNEGvQIE4g_AGTA-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 782CA800B23 for ; Fri, 2 Dec 2022 02:35:45 +0000 (UTC) Received: from t14s.localdomain.com (unknown [10.2.16.65]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4EB2E2022C30; Fri, 2 Dec 2022 02:35:45 +0000 (UTC) To: gcc-patches@gcc.gnu.org Cc: David Malcolm Subject: [committed] analyzer: add test coverage for string ops Date: Thu, 1 Dec 2022 21:35:41 -0500 Message-Id: <20221202023541.3778122-1-dmalcolm@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Spam-Status: No, score=-11.4 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: David Malcolm via Gcc-patches From: David Malcolm Reply-To: David Malcolm Errors-To: gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org Sender: "Gcc-patches" Tested on x86_64-pc-linux-gnu. Pushed to trunk as r13-4455-g5cb7d28dcfb11a. gcc/testsuite/ChangeLog: * gcc.dg/analyzer/string-ops-concat-pair.c: New test. * gcc.dg/analyzer/string-ops-dup.c: New test. Signed-off-by: David Malcolm --- .../gcc.dg/analyzer/string-ops-concat-pair.c | 67 +++++++++++++++++++ .../gcc.dg/analyzer/string-ops-dup.c | 61 +++++++++++++++++ 2 files changed, 128 insertions(+) create mode 100644 gcc/testsuite/gcc.dg/analyzer/string-ops-concat-pair.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/string-ops-dup.c diff --git a/gcc/testsuite/gcc.dg/analyzer/string-ops-concat-pair.c b/gcc/testsuite/gcc.dg/analyzer/string-ops-concat-pair.c new file mode 100644 index 00000000000..f5bcd67594f --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/string-ops-concat-pair.c @@ -0,0 +1,67 @@ +typedef __SIZE_TYPE__ size_t; +#define NULL ((void *)0) + +/* Concatenating a pair of strings. */ + +/* Correct but poor implementation with repeated __builtin_strlen calls. */ + +char * +alloc_dup_of_concatenated_pair_1_correct (const char *x, const char *y) +{ + size_t sz = __builtin_strlen (x) + __builtin_strlen (y) + 1; + char *result = __builtin_malloc (sz); + if (!result) + return NULL; + __builtin_memcpy (result, x, __builtin_strlen (x)); + __builtin_memcpy (result + __builtin_strlen (x), y, __builtin_strlen (y)); + result[__builtin_strlen(x) + __builtin_strlen (y)] = '\0'; + return result; +} + +/* Incorrect version: forgetting to add space for terminator. */ + +char * +alloc_dup_of_concatenated_pair_1_incorrect (const char *x, const char *y) +{ + /* Forgetting to add space for the terminator here. */ + size_t sz = __builtin_strlen (x) + __builtin_strlen (y); + char *result = __builtin_malloc (sz); + if (!result) + return NULL; + __builtin_memcpy (result, x, __builtin_strlen (x)); + __builtin_memcpy (result + __builtin_strlen (x), y, __builtin_strlen (y)); + result[__builtin_strlen(x) + __builtin_strlen (y)] = '\0'; /* { dg-warning "heap-based buffer overflow" "PR analyzer/105899" { xfail *-*-* } } */ + return result; +} + +/* As above, but only calling __builtin_strlen once on each input. */ + +char * +alloc_dup_of_concatenated_pair_2_correct (const char *x, const char *y) +{ + size_t len_x = __builtin_strlen (x); + size_t len_y = __builtin_strlen (y); + size_t sz = len_x + len_y + 1; + char *result = __builtin_malloc (sz); + if (!result) + return NULL; + __builtin_memcpy (result, x, len_x); + __builtin_memcpy (result + len_x, y, len_y); + result[len_x + len_y] = '\0'; + return result; +} + +char * +alloc_dup_of_concatenated_pair_2_incorrect (const char *x, const char *y) +{ + size_t len_x = __builtin_strlen (x); + size_t len_y = __builtin_strlen (y); + size_t sz = len_x + len_y; /* Forgetting to add space for the terminator. */ + char *result = __builtin_malloc (sz); /* { dg-message "capacity: 'len_x \\+ len_y' bytes" } */ + if (!result) + return NULL; + __builtin_memcpy (result, x, len_x); + __builtin_memcpy (result + len_x, y, len_y); + result[len_x + len_y] = '\0'; /* { dg-warning "heap-based buffer overflow" } */ + return result; +} diff --git a/gcc/testsuite/gcc.dg/analyzer/string-ops-dup.c b/gcc/testsuite/gcc.dg/analyzer/string-ops-dup.c new file mode 100644 index 00000000000..44c4e9dc67e --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/string-ops-dup.c @@ -0,0 +1,61 @@ +typedef __SIZE_TYPE__ size_t; +#define NULL ((void *)0) + +/* Duplicating a string. */ + +/* Correct but poor implementation with repeated __builtin_strlen calls. */ + +char * +alloc_dup_1_correct (const char *x) +{ + size_t sz = __builtin_strlen (x) + 1; + char *result = __builtin_malloc (sz); + if (!result) + return NULL; + __builtin_memcpy (result, x, __builtin_strlen (x)); + result[__builtin_strlen(x)] = '\0'; + return result; +} + +/* Incorrect version: forgetting to add space for terminator. */ + +char * +alloc_dup_1_incorrect (const char *x, const char *y) +{ + /* Forgetting to add space for the terminator here. */ + size_t sz = __builtin_strlen (x) + 1; + char *result = __builtin_malloc (sz); + if (!result) + return NULL; + __builtin_memcpy (result, x, __builtin_strlen (x)); + result[__builtin_strlen(x)] = '\0'; /* { dg-warning "heap-based buffer overflow" "PR analyzer/105899" { xfail *-*-* } } */ + return result; +} + +/* As above, but only calling __builtin_strlen once. */ + +char * +alloc_dup_2_correct (const char *x) +{ + size_t len_x = __builtin_strlen (x); + size_t sz = len_x + 1; + char *result = __builtin_malloc (sz); + if (!result) + return NULL; + __builtin_memcpy (result, x, len_x); + result[len_x] = '\0'; + return result; +} + +char * +alloc_dup_of_concatenated_pair_2_incorrect (const char *x, const char *y) +{ + size_t len_x = __builtin_strlen (x); + size_t sz = len_x; /* Forgetting to add space for the terminator. */ + char *result = __builtin_malloc (sz); /* { dg-message "capacity: 'len_x' bytes" } */ + if (!result) + return NULL; + __builtin_memcpy (result, x, len_x); + result[len_x] = '\0'; /* { dg-warning "heap-based buffer overflow" } */ + return result; +}