1 /* Modeling API uses and misuses via state machines.
2 Copyright (C) 2019-2021 Free Software Foundation, Inc.
3 Contributed by David Malcolm <dmalcolm@redhat.com>.
4
5 This file is part of GCC.
6
7 GCC is free software; you can redistribute it and/or modify it
8 under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3, or (at your option)
10 any later version.
11
12 GCC is distributed in the hope that it will be useful, but
13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with GCC; see the file COPYING3. If not see
19 <http://www.gnu.org/licenses/>. */
20
21 #include "config.h"
22 #include "system.h"
23 #include "coretypes.h"
24 #include "tree.h"
25 #include "function.h"
26 #include "basic-block.h"
27 #include "gimple.h"
28 #include "options.h"
29 #include "function.h"
30 #include "diagnostic-core.h"
31 #include "pretty-print.h"
32 #include "diagnostic.h"
33 #include "tree-diagnostic.h"
34 #include "json.h"
35 #include "analyzer/analyzer.h"
36 #include "analyzer/analyzer-logging.h"
37 #include "analyzer/sm.h"
38
39 #if ENABLE_ANALYZER
40
41 namespace ana {
42
43 /* Return true if VAR has pointer or reference type. */
44
45 bool
any_pointer_p(tree var)46 any_pointer_p (tree var)
47 {
48 return POINTER_TYPE_P (TREE_TYPE (var));
49 }
50
51
52 /* class state_machine::state. */
53
54 /* Base implementation of dump_to_pp vfunc. */
55
56 void
dump_to_pp(pretty_printer * pp) const57 state_machine::state::dump_to_pp (pretty_printer *pp) const
58 {
59 pp_string (pp, m_name);
60 }
61
62 /* Return a new json::string describing the state. */
63
64 json::value *
to_json() const65 state_machine::state::to_json () const
66 {
67 pretty_printer pp;
68 pp_format_decoder (&pp) = default_tree_printer;
69 dump_to_pp (&pp);
70 return new json::string (pp_formatted_text (&pp));
71 }
72
73 /* class state_machine. */
74
75 /* state_machine's ctor. */
76
state_machine(const char * name,logger * logger)77 state_machine::state_machine (const char *name, logger *logger)
78 : log_user (logger), m_name (name), m_next_state_id (0),
79 m_start (add_state ("start"))
80 {
81 }
82
83 /* Add a state with name NAME to this state_machine.
84 The string is required to outlive the state_machine.
85
86 Return the state_t for the new state. */
87
88 state_machine::state_t
add_state(const char * name)89 state_machine::add_state (const char *name)
90 {
91 state *s = new state (name, alloc_state_id ());
92 m_states.safe_push (s);
93 return s;
94 }
95
96 /* Get the state with name NAME, which must exist.
97 This is purely intended for use in selftests. */
98
99 state_machine::state_t
get_state_by_name(const char * name) const100 state_machine::get_state_by_name (const char *name) const
101 {
102 unsigned i;
103 state *s;
104 FOR_EACH_VEC_ELT (m_states, i, s)
105 if (!strcmp (name, s->get_name ()))
106 return s;
107 /* Name not found. */
108 gcc_unreachable ();
109 }
110
111 /* Dump a multiline representation of this state machine to PP. */
112
113 void
dump_to_pp(pretty_printer * pp) const114 state_machine::dump_to_pp (pretty_printer *pp) const
115 {
116 unsigned i;
117 state *s;
118 FOR_EACH_VEC_ELT (m_states, i, s)
119 {
120 pp_printf (pp, " state %i: ", i);
121 s->dump_to_pp (pp);
122 pp_newline (pp);
123 }
124 }
125
126 /* Return a new json::object of the form
127 {"name" : str,
128 "states" : [str]}. */
129
130 json::object *
to_json() const131 state_machine::to_json () const
132 {
133 json::object *sm_obj = new json::object ();
134
135 sm_obj->set ("name", new json::string (m_name));
136 {
137 json::array *states_arr = new json::array ();
138 unsigned i;
139 state *s;
140 FOR_EACH_VEC_ELT (m_states, i, s)
141 states_arr->append (s->to_json ());
142 sm_obj->set ("states", states_arr);
143 }
144
145 return sm_obj;
146 }
147
148 /* Create instances of the various state machines, each using LOGGER,
149 and populate OUT with them. */
150
151 void
make_checkers(auto_delete_vec<state_machine> & out,logger * logger)152 make_checkers (auto_delete_vec <state_machine> &out, logger *logger)
153 {
154 out.safe_push (make_malloc_state_machine (logger));
155 out.safe_push (make_fileptr_state_machine (logger));
156 /* The "taint" checker must be explicitly enabled (as it currently
157 leads to state explosions that stop the other checkers working). */
158 if (flag_analyzer_checker)
159 out.safe_push (make_taint_state_machine (logger));
160 out.safe_push (make_sensitive_state_machine (logger));
161 out.safe_push (make_signal_state_machine (logger));
162
163 /* We only attempt to run the pattern tests if it might have been manually
164 enabled (for DejaGnu purposes). */
165 if (flag_analyzer_checker)
166 out.safe_push (make_pattern_test_state_machine (logger));
167
168 if (flag_analyzer_checker)
169 {
170 unsigned read_index, write_index;
171 state_machine **sm;
172
173 /* TODO: this leaks the machines
174 Would be nice to log the things that were removed. */
175 VEC_ORDERED_REMOVE_IF (out, read_index, write_index, sm,
176 0 != strcmp (flag_analyzer_checker,
177 (*sm)->get_name ()));
178 }
179 }
180
181 } // namespace ana
182
183 #endif /* #if ENABLE_ANALYZER */
184