From patchwork Fri Dec  2 09:45:17 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alexandre Oliva <oliva@adacore.com>
X-Patchwork-Id: 61354
X-Patchwork-Delegate: dmalcolm@redhat.com
Return-Path: <gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org>
X-Original-To: patchwork@sourceware.org
Delivered-To: patchwork@sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 91266385840F
	for <patchwork@sourceware.org>; Fri,  2 Dec 2022 09:45:56 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 91266385840F
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1669974356;
	bh=dIb1cnEgiGyxBxdRGjSGLrtlepuf7NCz75TSx5BqVt4=;
	h=To:Cc:Subject:Date:List-Id:List-Unsubscribe:List-Archive:
	 List-Post:List-Help:List-Subscribe:From:Reply-To:From;
	b=PrVYHkDOSFVeuGtyNWa0gbDGenplbcwMOBOpNJT5XbkEhs0GoDgSWmiWIzjcHIsUz
	 Dp6SY/Q4d5ZcOxE3xHzu78ifUoz9rNGgLSWzYB0y5BR0MHyNOA3RZuRRFcj6bYLajh
	 /i+jm94xpTwHSKtJQhneFfgy9Ch3Upvec3UdsneY=
X-Original-To: gcc-patches@gcc.gnu.org
Delivered-To: gcc-patches@gcc.gnu.org
Received: from rock.gnat.com (rock.gnat.com [205.232.38.15])
 by sourceware.org (Postfix) with ESMTPS id 9DB533858D33
 for <gcc-patches@gcc.gnu.org>; Fri,  2 Dec 2022 09:45:26 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 9DB533858D33
Received: from localhost (localhost.localdomain [127.0.0.1])
 by filtered-rock.gnat.com (Postfix) with ESMTP id 52C27116B12;
 Fri,  2 Dec 2022 04:45:26 -0500 (EST)
X-Virus-Scanned: Debian amavisd-new at gnat.com
Received: from rock.gnat.com ([127.0.0.1])
 by localhost (rock.gnat.com [127.0.0.1]) (amavisd-new, port 10024)
 with LMTP id i0M0rz9cWKnU; Fri,  2 Dec 2022 04:45:26 -0500 (EST)
Received: from free.home (tron.gnat.com
 [IPv6:2620:20:4000:0:46a8:42ff:fe0e:e294])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by rock.gnat.com (Postfix) with ESMTPS id E7D24116584;
 Fri,  2 Dec 2022 04:45:25 -0500 (EST)
Received: from livre (livre.home [172.31.160.2])
 by free.home (8.15.2/8.15.2) with ESMTPS id 2B29jHHn1291757
 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT);
 Fri, 2 Dec 2022 06:45:18 -0300
To: David Malcolm <dmalcolm@redhat.com>
Cc: gcc-patches@gcc.gnu.org
Subject: [PATCH gcc-12] [PR104308] [analyzer] handle memmove like memcpy
Organization: Free thinker, does not speak for AdaCore
Date: Fri, 02 Dec 2022 06:45:17 -0300
Message-ID: <orfsdyxhoy.fsf@lxoliva.fsfla.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84
X-Spam-Status: No, score=-12.2 required=5.0 tests=BAYES_00, GIT_PATCH_0,
 KAM_DMARC_STATUS, SPF_HELO_NONE, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: gcc-patches@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe>
X-Patchwork-Original-From: Alexandre Oliva via Gcc-patches
 <gcc-patches@gcc.gnu.org>
From: Alexandre Oliva <oliva@adacore.com>
Reply-To: Alexandre Oliva <oliva@adacore.com>
Errors-To: gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org
Sender: "Gcc-patches"
 <gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org>

Hello, David,

I'd written this patch for gcc-12, but you've worked too much on the
analyzer ;-) for it to apply in the trunk.  I wonder if there's any use
you can make of it, or of the observations in it, or whether you'd
prefer me to try to port it.

I've regstrapped it on x86_64-linux-gnu, and also tested with crosses to
riscv64-elf and arm-eabi, but with gcc-12 only, so I'm hesitant to ask
whether it's ok to install.  Trunk still fails to issue the warning for
memmove on riscv64-elf.


The testcase expects analyzer warnings for memmove just like for
memcpy.  We get them when memmove is open-coded, but not when it
remains a call.

The analyzer has code to handle memcpy calls, whose logic can be
trivially reused for memmove, but we don't get the expected warnings
and notes for memmove on riscv64-*-elf.  They wouldn't be issued for
memcpy either, if it wasn't open-coded.

I've managed to find out how to get the warning for the remaining-call
variants, but not to get the note issued for the point of creation of
the uninitialized buffer, so this patch also adds an xfail for the
note on riscv*-*-*.


for  gcc/analyzer/ChangeLog

	* region-model.cc (region_model::on_call_pre): Handle memmove
	and memmove_chk like memcpy.
	* region-model-impl-calls.cc (region_model::impl_call_memcpy):
	Check for poison in the src region.

for  gcc/testsuite/ChangeLog

	* gcc.dg/analyzer/pr104308.c (test_memmove_within_uninit):
	Expect creation point note to be missing on riscv*-*-*.

Change-Id: I66a856fa8e60f264a347dfd105e01c5a027d8f62
TN: VB12-006
---
 gcc/analyzer/region-model-impl-calls.cc  |    1 +
 gcc/analyzer/region-model.cc             |    4 ++++
 gcc/testsuite/gcc.dg/analyzer/pr104308.c |    2 +-
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/gcc/analyzer/region-model-impl-calls.cc b/gcc/analyzer/region-model-impl-calls.cc
index 621e7002ffb38..21b10e4b477db 100644
--- a/gcc/analyzer/region-model-impl-calls.cc
+++ b/gcc/analyzer/region-model-impl-calls.cc
@@ -521,6 +521,7 @@ region_model::impl_call_memcpy (const call_details &cd)
     = m_mgr->get_sized_region (dest_reg, NULL_TREE, num_bytes_sval);
   const svalue *src_contents_sval
     = get_store_value (sized_src_reg, cd.get_ctxt ());
+  check_for_poison (src_contents_sval, cd.get_arg_tree (1), cd.get_ctxt ());
   set_value (sized_dest_reg, src_contents_sval, cd.get_ctxt ());
 }
 
diff --git a/gcc/analyzer/region-model.cc b/gcc/analyzer/region-model.cc
index 23837a173460e..e0e95ae514576 100644
--- a/gcc/analyzer/region-model.cc
+++ b/gcc/analyzer/region-model.cc
@@ -1421,6 +1421,10 @@ region_model::on_call_pre (const gcall *call, region_model_context *ctxt,
 	  case BUILT_IN_MALLOC:
 	    impl_call_malloc (cd);
 	    return false;
+	  case BUILT_IN_MEMMOVE:
+	  case BUILT_IN_MEMMOVE_CHK:
+	    /* We can use impl_call_memcpy until overlap checking is
+	       added to it.  */
 	  case BUILT_IN_MEMCPY:
 	  case BUILT_IN_MEMCPY_CHK:
 	    impl_call_memcpy (cd);
diff --git a/gcc/testsuite/gcc.dg/analyzer/pr104308.c b/gcc/testsuite/gcc.dg/analyzer/pr104308.c
index a3a0cbb731776..e6a2c8821bf54 100644
--- a/gcc/testsuite/gcc.dg/analyzer/pr104308.c
+++ b/gcc/testsuite/gcc.dg/analyzer/pr104308.c
@@ -6,7 +6,7 @@
 
 int test_memmove_within_uninit (void)
 {
-  char s[5]; /* { dg-message "region created on stack here" } */
+  char s[5]; /* { dg-message "region created on stack here" "" { xfail riscv*-*-* } } */
   memmove(s, s + 1, 2); /* { dg-warning "use of uninitialized value" } */
   return 0;
 }