1*0bfacb9bSmrg /* Modeling API uses and misuses via state machines.
2*0bfacb9bSmrg Copyright (C) 2019-2020 Free Software Foundation, Inc.
3*0bfacb9bSmrg Contributed by David Malcolm <dmalcolm@redhat.com>.
4*0bfacb9bSmrg
5*0bfacb9bSmrg This file is part of GCC.
6*0bfacb9bSmrg
7*0bfacb9bSmrg GCC is free software; you can redistribute it and/or modify it
8*0bfacb9bSmrg under the terms of the GNU General Public License as published by
9*0bfacb9bSmrg the Free Software Foundation; either version 3, or (at your option)
10*0bfacb9bSmrg any later version.
11*0bfacb9bSmrg
12*0bfacb9bSmrg GCC is distributed in the hope that it will be useful, but
13*0bfacb9bSmrg WITHOUT ANY WARRANTY; without even the implied warranty of
14*0bfacb9bSmrg MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15*0bfacb9bSmrg General Public License for more details.
16*0bfacb9bSmrg
17*0bfacb9bSmrg You should have received a copy of the GNU General Public License
18*0bfacb9bSmrg along with GCC; see the file COPYING3. If not see
19*0bfacb9bSmrg <http://www.gnu.org/licenses/>. */
20*0bfacb9bSmrg
21*0bfacb9bSmrg #include "config.h"
22*0bfacb9bSmrg #include "system.h"
23*0bfacb9bSmrg #include "coretypes.h"
24*0bfacb9bSmrg #include "tree.h"
25*0bfacb9bSmrg #include "function.h"
26*0bfacb9bSmrg #include "basic-block.h"
27*0bfacb9bSmrg #include "gimple.h"
28*0bfacb9bSmrg #include "options.h"
29*0bfacb9bSmrg #include "function.h"
30*0bfacb9bSmrg #include "diagnostic-core.h"
31*0bfacb9bSmrg #include "pretty-print.h"
32*0bfacb9bSmrg #include "analyzer/analyzer.h"
33*0bfacb9bSmrg #include "analyzer/analyzer-logging.h"
34*0bfacb9bSmrg #include "analyzer/sm.h"
35*0bfacb9bSmrg
36*0bfacb9bSmrg #if ENABLE_ANALYZER
37*0bfacb9bSmrg
38*0bfacb9bSmrg /* If STMT is an assignment from zero, return the LHS. */
39*0bfacb9bSmrg
40*0bfacb9bSmrg tree
is_zero_assignment(const gimple * stmt)41*0bfacb9bSmrg is_zero_assignment (const gimple *stmt)
42*0bfacb9bSmrg {
43*0bfacb9bSmrg const gassign *assign_stmt = dyn_cast <const gassign *> (stmt);
44*0bfacb9bSmrg if (!assign_stmt)
45*0bfacb9bSmrg return NULL_TREE;
46*0bfacb9bSmrg
47*0bfacb9bSmrg enum tree_code op = gimple_assign_rhs_code (assign_stmt);
48*0bfacb9bSmrg if (TREE_CODE_CLASS (op) != tcc_constant)
49*0bfacb9bSmrg return NULL_TREE;
50*0bfacb9bSmrg
51*0bfacb9bSmrg if (!zerop (gimple_assign_rhs1 (assign_stmt)))
52*0bfacb9bSmrg return NULL_TREE;
53*0bfacb9bSmrg
54*0bfacb9bSmrg return gimple_assign_lhs (assign_stmt);
55*0bfacb9bSmrg }
56*0bfacb9bSmrg
57*0bfacb9bSmrg /* Return true if VAR has pointer or reference type. */
58*0bfacb9bSmrg
59*0bfacb9bSmrg bool
any_pointer_p(tree var)60*0bfacb9bSmrg any_pointer_p (tree var)
61*0bfacb9bSmrg {
62*0bfacb9bSmrg return POINTER_TYPE_P (TREE_TYPE (var));
63*0bfacb9bSmrg }
64*0bfacb9bSmrg
65*0bfacb9bSmrg namespace ana {
66*0bfacb9bSmrg
67*0bfacb9bSmrg /* Add a state with name NAME to this state_machine.
68*0bfacb9bSmrg The string is required to outlive the state_machine.
69*0bfacb9bSmrg
70*0bfacb9bSmrg Return the state_t for the new state. */
71*0bfacb9bSmrg
72*0bfacb9bSmrg state_machine::state_t
add_state(const char * name)73*0bfacb9bSmrg state_machine::add_state (const char *name)
74*0bfacb9bSmrg {
75*0bfacb9bSmrg m_state_names.safe_push (name);
76*0bfacb9bSmrg return m_state_names.length () - 1;
77*0bfacb9bSmrg }
78*0bfacb9bSmrg
79*0bfacb9bSmrg /* Get the name of state S within this state_machine. */
80*0bfacb9bSmrg
81*0bfacb9bSmrg const char *
get_state_name(state_t s) const82*0bfacb9bSmrg state_machine::get_state_name (state_t s) const
83*0bfacb9bSmrg {
84*0bfacb9bSmrg return m_state_names[s];
85*0bfacb9bSmrg }
86*0bfacb9bSmrg
87*0bfacb9bSmrg /* Get the state with name NAME, which must exist.
88*0bfacb9bSmrg This is purely intended for use in selftests. */
89*0bfacb9bSmrg
90*0bfacb9bSmrg state_machine::state_t
get_state_by_name(const char * name)91*0bfacb9bSmrg state_machine::get_state_by_name (const char *name)
92*0bfacb9bSmrg {
93*0bfacb9bSmrg unsigned i;
94*0bfacb9bSmrg const char *iter_name;
95*0bfacb9bSmrg FOR_EACH_VEC_ELT (m_state_names, i, iter_name)
96*0bfacb9bSmrg if (!strcmp (name, iter_name))
97*0bfacb9bSmrg return i;
98*0bfacb9bSmrg /* Name not found. */
99*0bfacb9bSmrg gcc_unreachable ();
100*0bfacb9bSmrg }
101*0bfacb9bSmrg
102*0bfacb9bSmrg /* Assert that S is a valid state for this state_machine. */
103*0bfacb9bSmrg
104*0bfacb9bSmrg void
validate(state_t s) const105*0bfacb9bSmrg state_machine::validate (state_t s) const
106*0bfacb9bSmrg {
107*0bfacb9bSmrg gcc_assert (s < m_state_names.length ());
108*0bfacb9bSmrg }
109*0bfacb9bSmrg
110*0bfacb9bSmrg /* Dump a multiline representation of this state machine to PP. */
111*0bfacb9bSmrg
112*0bfacb9bSmrg void
dump_to_pp(pretty_printer * pp) const113*0bfacb9bSmrg state_machine::dump_to_pp (pretty_printer *pp) const
114*0bfacb9bSmrg {
115*0bfacb9bSmrg unsigned i;
116*0bfacb9bSmrg const char *name;
117*0bfacb9bSmrg FOR_EACH_VEC_ELT (m_state_names, i, name)
118*0bfacb9bSmrg pp_printf (pp, " state %i: %qs\n", i, name);
119*0bfacb9bSmrg }
120*0bfacb9bSmrg
121*0bfacb9bSmrg /* Create instances of the various state machines, each using LOGGER,
122*0bfacb9bSmrg and populate OUT with them. */
123*0bfacb9bSmrg
124*0bfacb9bSmrg void
make_checkers(auto_delete_vec<state_machine> & out,logger * logger)125*0bfacb9bSmrg make_checkers (auto_delete_vec <state_machine> &out, logger *logger)
126*0bfacb9bSmrg {
127*0bfacb9bSmrg out.safe_push (make_malloc_state_machine (logger));
128*0bfacb9bSmrg out.safe_push (make_fileptr_state_machine (logger));
129*0bfacb9bSmrg /* The "taint" checker must be explicitly enabled (as it currently
130*0bfacb9bSmrg leads to state explosions that stop the other checkers working). */
131*0bfacb9bSmrg if (flag_analyzer_checker)
132*0bfacb9bSmrg out.safe_push (make_taint_state_machine (logger));
133*0bfacb9bSmrg out.safe_push (make_sensitive_state_machine (logger));
134*0bfacb9bSmrg out.safe_push (make_signal_state_machine (logger));
135*0bfacb9bSmrg
136*0bfacb9bSmrg /* We only attempt to run the pattern tests if it might have been manually
137*0bfacb9bSmrg enabled (for DejaGnu purposes). */
138*0bfacb9bSmrg if (flag_analyzer_checker)
139*0bfacb9bSmrg out.safe_push (make_pattern_test_state_machine (logger));
140*0bfacb9bSmrg
141*0bfacb9bSmrg if (flag_analyzer_checker)
142*0bfacb9bSmrg {
143*0bfacb9bSmrg unsigned read_index, write_index;
144*0bfacb9bSmrg state_machine **sm;
145*0bfacb9bSmrg
146*0bfacb9bSmrg /* TODO: this leaks the machines
147*0bfacb9bSmrg Would be nice to log the things that were removed. */
148*0bfacb9bSmrg VEC_ORDERED_REMOVE_IF (out, read_index, write_index, sm,
149*0bfacb9bSmrg 0 != strcmp (flag_analyzer_checker,
150*0bfacb9bSmrg (*sm)->get_name ()));
151*0bfacb9bSmrg }
152*0bfacb9bSmrg }
153*0bfacb9bSmrg
154*0bfacb9bSmrg } // namespace ana
155*0bfacb9bSmrg
156*0bfacb9bSmrg #endif /* #if ENABLE_ANALYZER */
157