]>
Commit | Line | Data |
---|---|---|
9365b2bf | 1 | /* A state machine for detecting misuses of POSIX file descriptor APIs. |
a945c346 | 2 | Copyright (C) 2019-2024 Free Software Foundation, Inc. |
9365b2bf ML |
3 | Contributed by Immad Mir <mir@sourceware.org>. |
4 | ||
5 | This file is part of GCC. | |
6 | ||
7 | GCC is free software; you can redistribute it and/or modify it | |
8 | under the terms of the GNU General Public License as published by | |
9 | the Free Software Foundation; either version 3, or (at your option) | |
10 | any later version. | |
11 | ||
12 | GCC is distributed in the hope that it will be useful, but | |
13 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
15 | General Public License for more details. | |
16 | ||
17 | You should have received a copy of the GNU General Public License | |
18 | along with GCC; see the file COPYING3. If not see | |
19 | <http://www.gnu.org/licenses/>. */ | |
20 | ||
21 | #include "config.h" | |
6341f14e | 22 | #define INCLUDE_MEMORY |
9365b2bf ML |
23 | #include "system.h" |
24 | #include "coretypes.h" | |
6341f14e | 25 | #include "make-unique.h" |
9365b2bf ML |
26 | #include "tree.h" |
27 | #include "function.h" | |
28 | #include "basic-block.h" | |
29 | #include "gimple.h" | |
30 | #include "options.h" | |
31 | #include "diagnostic-path.h" | |
9365b2bf ML |
32 | #include "analyzer/analyzer.h" |
33 | #include "diagnostic-event-id.h" | |
34 | #include "analyzer/analyzer-logging.h" | |
35 | #include "analyzer/sm.h" | |
36 | #include "analyzer/pending-diagnostic.h" | |
37 | #include "analyzer/function-set.h" | |
38 | #include "analyzer/analyzer-selftests.h" | |
9365b2bf ML |
39 | #include "stringpool.h" |
40 | #include "attribs.h" | |
41 | #include "analyzer/call-string.h" | |
42 | #include "analyzer/program-point.h" | |
43 | #include "analyzer/store.h" | |
44 | #include "analyzer/region-model.h" | |
45 | #include "bitmap.h" | |
792f039f | 46 | #include "analyzer/program-state.h" |
86a90006 DM |
47 | #include "analyzer/supergraph.h" |
48 | #include "analyzer/analyzer-language.h" | |
861c917a | 49 | #include "analyzer/call-details.h" |
50d5b240 | 50 | #include "analyzer/call-info.h" |
9365b2bf ML |
51 | |
52 | #if ENABLE_ANALYZER | |
53 | ||
54 | namespace ana { | |
55 | ||
56 | namespace { | |
57 | ||
58 | /* An enum for distinguishing between three different access modes. */ | |
59 | ||
60 | enum access_mode | |
61 | { | |
62 | READ_WRITE, | |
63 | READ_ONLY, | |
64 | WRITE_ONLY | |
65 | }; | |
66 | ||
67 | enum access_directions | |
68 | { | |
69 | DIRS_READ_WRITE, | |
70 | DIRS_READ, | |
71 | DIRS_WRITE | |
72 | }; | |
73 | ||
6a11f2d9 IM |
74 | /* An enum for distinguishing between dup, dup2 and dup3. */ |
75 | enum dup | |
76 | { | |
77 | DUP_1, | |
78 | DUP_2, | |
79 | DUP_3 | |
80 | }; | |
81 | ||
86a90006 DM |
82 | /* Enum for use by -Wanalyzer-fd-phase-mismatch. */ |
83 | ||
84 | enum expected_phase | |
85 | { | |
86 | EXPECTED_PHASE_CAN_TRANSFER, /* can "read"/"write". */ | |
87 | EXPECTED_PHASE_CAN_BIND, | |
88 | EXPECTED_PHASE_CAN_LISTEN, | |
89 | EXPECTED_PHASE_CAN_ACCEPT, | |
90 | EXPECTED_PHASE_CAN_CONNECT | |
91 | }; | |
92 | ||
9365b2bf ML |
93 | class fd_state_machine : public state_machine |
94 | { | |
95 | public: | |
96 | fd_state_machine (logger *logger); | |
97 | ||
98 | bool | |
99 | inherited_state_p () const final override | |
100 | { | |
101 | return false; | |
102 | } | |
103 | ||
104 | state_machine::state_t | |
105 | get_default_state (const svalue *sval) const final override | |
106 | { | |
107 | if (tree cst = sval->maybe_get_constant ()) | |
108 | { | |
109 | if (TREE_CODE (cst) == INTEGER_CST) | |
110 | { | |
111 | int val = TREE_INT_CST_LOW (cst); | |
112 | if (val >= 0) | |
113 | return m_constant_fd; | |
114 | else | |
115 | return m_invalid; | |
116 | } | |
117 | } | |
118 | return m_start; | |
119 | } | |
120 | ||
121 | bool on_stmt (sm_context *sm_ctxt, const supernode *node, | |
122 | const gimple *stmt) const final override; | |
123 | ||
124 | void on_condition (sm_context *sm_ctxt, const supernode *node, | |
125 | const gimple *stmt, const svalue *lhs, const tree_code op, | |
126 | const svalue *rhs) const final override; | |
127 | ||
128 | bool can_purge_p (state_t s) const final override; | |
6341f14e | 129 | std::unique_ptr<pending_diagnostic> on_leak (tree var) const final override; |
9365b2bf ML |
130 | |
131 | bool is_unchecked_fd_p (state_t s) const; | |
132 | bool is_valid_fd_p (state_t s) const; | |
86a90006 DM |
133 | bool is_socket_fd_p (state_t s) const; |
134 | bool is_datagram_socket_fd_p (state_t s) const; | |
135 | bool is_stream_socket_fd_p (state_t s) const; | |
9365b2bf ML |
136 | bool is_closed_fd_p (state_t s) const; |
137 | bool is_constant_fd_p (state_t s) const; | |
138 | bool is_readonly_fd_p (state_t s) const; | |
139 | bool is_writeonly_fd_p (state_t s) const; | |
140 | enum access_mode get_access_mode_from_flag (int flag) const; | |
6a11f2d9 IM |
141 | /* Function for one-to-one correspondence between valid |
142 | and unchecked states. */ | |
143 | state_t valid_to_unchecked_state (state_t state) const; | |
792f039f DM |
144 | |
145 | void mark_as_valid_fd (region_model *model, | |
146 | sm_state_map *smap, | |
147 | const svalue *fd_sval, | |
148 | const extrinsic_state &ext_state) const; | |
149 | ||
86a90006 DM |
150 | bool on_socket (const call_details &cd, |
151 | bool successful, | |
152 | sm_context *sm_ctxt, | |
153 | const extrinsic_state &ext_state) const; | |
154 | bool on_bind (const call_details &cd, | |
155 | bool successful, | |
156 | sm_context *sm_ctxt, | |
157 | const extrinsic_state &ext_state) const; | |
158 | bool on_listen (const call_details &cd, | |
159 | bool successful, | |
160 | sm_context *sm_ctxt, | |
161 | const extrinsic_state &ext_state) const; | |
162 | bool on_accept (const call_details &cd, | |
163 | bool successful, | |
164 | sm_context *sm_ctxt, | |
165 | const extrinsic_state &ext_state) const; | |
166 | bool on_connect (const call_details &cd, | |
167 | bool successful, | |
168 | sm_context *sm_ctxt, | |
169 | const extrinsic_state &ext_state) const; | |
170 | ||
9365b2bf ML |
171 | /* State for a constant file descriptor (>= 0) */ |
172 | state_t m_constant_fd; | |
173 | ||
174 | /* States representing a file descriptor that hasn't yet been | |
175 | checked for validity after opening, for three different | |
176 | access modes. */ | |
177 | state_t m_unchecked_read_write; | |
178 | ||
179 | state_t m_unchecked_read_only; | |
180 | ||
181 | state_t m_unchecked_write_only; | |
182 | ||
183 | /* States for representing a file descriptor that is known to be valid (>= | |
184 | 0), for three different access modes. */ | |
185 | state_t m_valid_read_write; | |
186 | ||
187 | state_t m_valid_read_only; | |
188 | ||
189 | state_t m_valid_write_only; | |
190 | ||
191 | /* State for a file descriptor that is known to be invalid (< 0). */ | |
192 | state_t m_invalid; | |
193 | ||
194 | /* State for a file descriptor that has been closed. */ | |
195 | state_t m_closed; | |
196 | ||
86a90006 DM |
197 | /* States for FDs relating to socket APIs. */ |
198 | ||
199 | /* Result of successful "socket" with SOCK_DGRAM. */ | |
200 | state_t m_new_datagram_socket; | |
201 | /* Result of successful "socket" with SOCK_STREAM. */ | |
202 | state_t m_new_stream_socket; | |
203 | /* Result of successful "socket" with unknown type. */ | |
204 | state_t m_new_unknown_socket; | |
205 | ||
206 | /* The above after a successful call to "bind". */ | |
207 | state_t m_bound_datagram_socket; | |
208 | state_t m_bound_stream_socket; | |
209 | state_t m_bound_unknown_socket; | |
210 | ||
211 | /* A bound socket after a successful call to "listen" (stream or unknown). */ | |
212 | state_t m_listening_stream_socket; | |
213 | ||
214 | /* (i) the new FD as a result of a succesful call to "accept" on a | |
215 | listening socket (via a passive open), or | |
216 | (ii) an active socket after a successful call to "connect" | |
217 | (via an active open). */ | |
218 | state_t m_connected_stream_socket; | |
219 | ||
9365b2bf ML |
220 | /* State for a file descriptor that we do not want to track anymore . */ |
221 | state_t m_stop; | |
222 | ||
d8aba860 DM |
223 | /* Stashed constant values from the frontend. These could be NULL. */ |
224 | tree m_O_ACCMODE; | |
225 | tree m_O_RDONLY; | |
226 | tree m_O_WRONLY; | |
86a90006 DM |
227 | tree m_SOCK_STREAM; |
228 | tree m_SOCK_DGRAM; | |
d8aba860 | 229 | |
9365b2bf ML |
230 | private: |
231 | void on_open (sm_context *sm_ctxt, const supernode *node, const gimple *stmt, | |
232 | const gcall *call) const; | |
6a11f2d9 IM |
233 | void on_creat (sm_context *sm_ctxt, const supernode *node, const gimple *stmt, |
234 | const gcall *call) const; | |
9365b2bf ML |
235 | void on_close (sm_context *sm_ctxt, const supernode *node, const gimple *stmt, |
236 | const gcall *call) const; | |
237 | void on_read (sm_context *sm_ctxt, const supernode *node, const gimple *stmt, | |
238 | const gcall *call, const tree callee_fndecl) const; | |
239 | void on_write (sm_context *sm_ctxt, const supernode *node, const gimple *stmt, | |
240 | const gcall *call, const tree callee_fndecl) const; | |
241 | void check_for_open_fd (sm_context *sm_ctxt, const supernode *node, | |
242 | const gimple *stmt, const gcall *call, | |
243 | const tree callee_fndecl, | |
244 | enum access_directions access_fn) const; | |
245 | ||
246 | void make_valid_transitions_on_condition (sm_context *sm_ctxt, | |
247 | const supernode *node, | |
248 | const gimple *stmt, | |
249 | const svalue *lhs) const; | |
250 | void make_invalid_transitions_on_condition (sm_context *sm_ctxt, | |
251 | const supernode *node, | |
252 | const gimple *stmt, | |
253 | const svalue *lhs) const; | |
254 | void check_for_fd_attrs (sm_context *sm_ctxt, const supernode *node, | |
255 | const gimple *stmt, const gcall *call, | |
256 | const tree callee_fndecl, const char *attr_name, | |
257 | access_directions fd_attr_access_dir) const; | |
6a11f2d9 IM |
258 | void check_for_dup (sm_context *sm_ctxt, const supernode *node, |
259 | const gimple *stmt, const gcall *call, const tree callee_fndecl, | |
260 | enum dup kind) const; | |
86a90006 DM |
261 | |
262 | state_t get_state_for_socket_type (const svalue *socket_type_sval) const; | |
263 | ||
264 | bool check_for_socket_fd (const call_details &cd, | |
265 | bool successful, | |
266 | sm_context *sm_ctxt, | |
267 | const svalue *fd_sval, | |
268 | const supernode *node, | |
269 | state_t old_state, | |
270 | bool *complained = NULL) const; | |
271 | bool check_for_new_socket_fd (const call_details &cd, | |
272 | bool successful, | |
273 | sm_context *sm_ctxt, | |
274 | const svalue *fd_sval, | |
275 | const supernode *node, | |
276 | state_t old_state, | |
277 | enum expected_phase expected_phase) const; | |
9365b2bf ML |
278 | }; |
279 | ||
280 | /* Base diagnostic class relative to fd_state_machine. */ | |
281 | class fd_diagnostic : public pending_diagnostic | |
282 | { | |
283 | public: | |
284 | fd_diagnostic (const fd_state_machine &sm, tree arg) : m_sm (sm), m_arg (arg) | |
285 | { | |
286 | } | |
287 | ||
288 | bool | |
289 | subclass_equal_p (const pending_diagnostic &base_other) const override | |
290 | { | |
291 | return same_tree_p (m_arg, ((const fd_diagnostic &)base_other).m_arg); | |
292 | } | |
293 | ||
294 | label_text | |
295 | describe_state_change (const evdesc::state_change &change) override | |
296 | { | |
86a90006 | 297 | if (change.m_old_state == m_sm.get_start_state ()) |
9365b2bf | 298 | { |
792f039f DM |
299 | if (change.m_new_state == m_sm.m_unchecked_read_write |
300 | || change.m_new_state == m_sm.m_valid_read_write) | |
9365b2bf ML |
301 | return change.formatted_print ("opened here as read-write"); |
302 | ||
792f039f DM |
303 | if (change.m_new_state == m_sm.m_unchecked_read_only |
304 | || change.m_new_state == m_sm.m_valid_read_only) | |
9365b2bf ML |
305 | return change.formatted_print ("opened here as read-only"); |
306 | ||
792f039f DM |
307 | if (change.m_new_state == m_sm.m_unchecked_write_only |
308 | || change.m_new_state == m_sm.m_valid_write_only) | |
9365b2bf | 309 | return change.formatted_print ("opened here as write-only"); |
86a90006 DM |
310 | |
311 | if (change.m_new_state == m_sm.m_new_datagram_socket) | |
312 | return change.formatted_print ("datagram socket created here"); | |
313 | ||
314 | if (change.m_new_state == m_sm.m_new_stream_socket) | |
315 | return change.formatted_print ("stream socket created here"); | |
316 | ||
317 | if (change.m_new_state == m_sm.m_new_unknown_socket | |
318 | || change.m_new_state == m_sm.m_connected_stream_socket) | |
319 | return change.formatted_print ("socket created here"); | |
9365b2bf ML |
320 | } |
321 | ||
86a90006 DM |
322 | if (change.m_new_state == m_sm.m_bound_datagram_socket) |
323 | return change.formatted_print ("datagram socket bound here"); | |
324 | ||
325 | if (change.m_new_state == m_sm.m_bound_stream_socket) | |
326 | return change.formatted_print ("stream socket bound here"); | |
327 | ||
328 | if (change.m_new_state == m_sm.m_bound_unknown_socket | |
329 | || change.m_new_state == m_sm.m_connected_stream_socket) | |
330 | return change.formatted_print ("socket bound here"); | |
331 | ||
332 | if (change.m_new_state == m_sm.m_listening_stream_socket) | |
333 | return change.formatted_print | |
334 | ("stream socket marked as passive here via %qs", "listen"); | |
335 | ||
9365b2bf ML |
336 | if (change.m_new_state == m_sm.m_closed) |
337 | return change.formatted_print ("closed here"); | |
338 | ||
339 | if (m_sm.is_unchecked_fd_p (change.m_old_state) | |
340 | && m_sm.is_valid_fd_p (change.m_new_state)) | |
341 | { | |
342 | if (change.m_expr) | |
343 | return change.formatted_print ( | |
344 | "assuming %qE is a valid file descriptor (>= 0)", change.m_expr); | |
345 | else | |
346 | return change.formatted_print ("assuming a valid file descriptor"); | |
347 | } | |
348 | ||
349 | if (m_sm.is_unchecked_fd_p (change.m_old_state) | |
350 | && change.m_new_state == m_sm.m_invalid) | |
351 | { | |
352 | if (change.m_expr) | |
353 | return change.formatted_print ( | |
354 | "assuming %qE is an invalid file descriptor (< 0)", | |
355 | change.m_expr); | |
356 | else | |
357 | return change.formatted_print ("assuming an invalid file descriptor"); | |
358 | } | |
359 | ||
360 | return label_text (); | |
361 | } | |
362 | ||
0f82c0ea IM |
363 | diagnostic_event::meaning |
364 | get_meaning_for_state_change ( | |
365 | const evdesc::state_change &change) const final override | |
366 | { | |
367 | if (change.m_old_state == m_sm.get_start_state () | |
86a90006 DM |
368 | && (m_sm.is_unchecked_fd_p (change.m_new_state) |
369 | || change.m_new_state == m_sm.m_new_datagram_socket | |
370 | || change.m_new_state == m_sm.m_new_stream_socket | |
371 | || change.m_new_state == m_sm.m_new_unknown_socket)) | |
0f82c0ea IM |
372 | return diagnostic_event::meaning (diagnostic_event::VERB_acquire, |
373 | diagnostic_event::NOUN_resource); | |
374 | if (change.m_new_state == m_sm.m_closed) | |
375 | return diagnostic_event::meaning (diagnostic_event::VERB_release, | |
376 | diagnostic_event::NOUN_resource); | |
377 | return diagnostic_event::meaning (); | |
378 | } | |
379 | ||
9365b2bf ML |
380 | protected: |
381 | const fd_state_machine &m_sm; | |
382 | tree m_arg; | |
383 | }; | |
384 | ||
385 | class fd_param_diagnostic : public fd_diagnostic | |
386 | { | |
387 | public: | |
388 | fd_param_diagnostic (const fd_state_machine &sm, tree arg, tree callee_fndecl, | |
389 | const char *attr_name, int arg_idx) | |
390 | : fd_diagnostic (sm, arg), m_callee_fndecl (callee_fndecl), | |
391 | m_attr_name (attr_name), m_arg_idx (arg_idx) | |
392 | { | |
393 | } | |
394 | ||
395 | fd_param_diagnostic (const fd_state_machine &sm, tree arg, tree callee_fndecl) | |
396 | : fd_diagnostic (sm, arg), m_callee_fndecl (callee_fndecl), | |
397 | m_attr_name (NULL), m_arg_idx (-1) | |
398 | { | |
399 | } | |
400 | ||
401 | bool | |
402 | subclass_equal_p (const pending_diagnostic &base_other) const override | |
403 | { | |
404 | const fd_param_diagnostic &sub_other | |
405 | = (const fd_param_diagnostic &)base_other; | |
406 | return (same_tree_p (m_arg, sub_other.m_arg) | |
407 | && same_tree_p (m_callee_fndecl, sub_other.m_callee_fndecl) | |
408 | && m_arg_idx == sub_other.m_arg_idx | |
409 | && ((m_attr_name) | |
410 | ? (strcmp (m_attr_name, sub_other.m_attr_name) == 0) | |
411 | : true)); | |
412 | } | |
413 | ||
414 | void | |
415 | inform_filedescriptor_attribute (access_directions fd_dir) | |
416 | { | |
417 | ||
418 | if (m_attr_name) | |
419 | switch (fd_dir) | |
420 | { | |
421 | case DIRS_READ_WRITE: | |
422 | inform (DECL_SOURCE_LOCATION (m_callee_fndecl), | |
423 | "argument %d of %qD must be an open file descriptor, due to " | |
424 | "%<__attribute__((%s(%d)))%>", | |
425 | m_arg_idx + 1, m_callee_fndecl, m_attr_name, m_arg_idx + 1); | |
426 | break; | |
427 | case DIRS_WRITE: | |
428 | inform (DECL_SOURCE_LOCATION (m_callee_fndecl), | |
429 | "argument %d of %qD must be a readable file descriptor, due " | |
430 | "to %<__attribute__((%s(%d)))%>", | |
431 | m_arg_idx + 1, m_callee_fndecl, m_attr_name, m_arg_idx + 1); | |
432 | break; | |
433 | case DIRS_READ: | |
434 | inform (DECL_SOURCE_LOCATION (m_callee_fndecl), | |
435 | "argument %d of %qD must be a writable file descriptor, due " | |
436 | "to %<__attribute__((%s(%d)))%>", | |
437 | m_arg_idx + 1, m_callee_fndecl, m_attr_name, m_arg_idx + 1); | |
438 | break; | |
439 | } | |
440 | } | |
441 | ||
442 | protected: | |
443 | tree m_callee_fndecl; | |
444 | const char *m_attr_name; | |
445 | /* ARG_IDX is 0-based. */ | |
446 | int m_arg_idx; | |
447 | }; | |
448 | ||
449 | class fd_leak : public fd_diagnostic | |
450 | { | |
451 | public: | |
452 | fd_leak (const fd_state_machine &sm, tree arg) : fd_diagnostic (sm, arg) {} | |
453 | ||
454 | const char * | |
455 | get_kind () const final override | |
456 | { | |
457 | return "fd_leak"; | |
458 | } | |
459 | ||
460 | int | |
461 | get_controlling_option () const final override | |
462 | { | |
463 | return OPT_Wanalyzer_fd_leak; | |
464 | } | |
465 | ||
466 | bool | |
12b67d1e | 467 | emit (diagnostic_emission_context &ctxt) final override |
9365b2bf ML |
468 | { |
469 | /*CWE-775: Missing Release of File Descriptor or Handle after Effective | |
470 | Lifetime | |
471 | */ | |
12b67d1e | 472 | ctxt.add_cwe (775); |
9365b2bf | 473 | if (m_arg) |
12b67d1e | 474 | return ctxt.warn ("leak of file descriptor %qE", m_arg); |
9365b2bf | 475 | else |
12b67d1e | 476 | return ctxt.warn ("leak of file descriptor"); |
9365b2bf ML |
477 | } |
478 | ||
479 | label_text | |
480 | describe_state_change (const evdesc::state_change &change) final override | |
481 | { | |
482 | if (m_sm.is_unchecked_fd_p (change.m_new_state)) | |
483 | { | |
484 | m_open_event = change.m_event_id; | |
485 | return label_text::borrow ("opened here"); | |
486 | } | |
487 | ||
488 | return fd_diagnostic::describe_state_change (change); | |
489 | } | |
490 | ||
491 | label_text | |
492 | describe_final_event (const evdesc::final_event &ev) final override | |
493 | { | |
494 | if (m_open_event.known_p ()) | |
495 | { | |
496 | if (ev.m_expr) | |
497 | return ev.formatted_print ("%qE leaks here; was opened at %@", | |
498 | ev.m_expr, &m_open_event); | |
499 | else | |
500 | return ev.formatted_print ("leaks here; was opened at %@", | |
501 | &m_open_event); | |
502 | } | |
503 | else | |
504 | { | |
505 | if (ev.m_expr) | |
506 | return ev.formatted_print ("%qE leaks here", ev.m_expr); | |
507 | else | |
508 | return ev.formatted_print ("leaks here"); | |
509 | } | |
510 | } | |
511 | ||
512 | private: | |
513 | diagnostic_event_id_t m_open_event; | |
514 | }; | |
515 | ||
516 | class fd_access_mode_mismatch : public fd_param_diagnostic | |
517 | { | |
518 | public: | |
519 | fd_access_mode_mismatch (const fd_state_machine &sm, tree arg, | |
520 | enum access_directions fd_dir, | |
521 | const tree callee_fndecl, const char *attr_name, | |
522 | int arg_idx) | |
523 | : fd_param_diagnostic (sm, arg, callee_fndecl, attr_name, arg_idx), | |
524 | m_fd_dir (fd_dir) | |
525 | ||
526 | { | |
527 | } | |
528 | ||
529 | fd_access_mode_mismatch (const fd_state_machine &sm, tree arg, | |
530 | enum access_directions fd_dir, | |
531 | const tree callee_fndecl) | |
532 | : fd_param_diagnostic (sm, arg, callee_fndecl), m_fd_dir (fd_dir) | |
533 | { | |
534 | } | |
535 | ||
536 | const char * | |
537 | get_kind () const final override | |
538 | { | |
539 | return "fd_access_mode_mismatch"; | |
540 | } | |
541 | ||
542 | int | |
543 | get_controlling_option () const final override | |
544 | { | |
545 | return OPT_Wanalyzer_fd_access_mode_mismatch; | |
546 | } | |
547 | ||
548 | bool | |
12b67d1e | 549 | emit (diagnostic_emission_context &ctxt) final override |
9365b2bf ML |
550 | { |
551 | bool warned; | |
552 | switch (m_fd_dir) | |
553 | { | |
554 | case DIRS_READ: | |
12b67d1e DM |
555 | warned = ctxt.warn ("%qE on read-only file descriptor %qE", |
556 | m_callee_fndecl, m_arg); | |
9365b2bf ML |
557 | break; |
558 | case DIRS_WRITE: | |
12b67d1e DM |
559 | warned = ctxt.warn ("%qE on write-only file descriptor %qE", |
560 | m_callee_fndecl, m_arg); | |
9365b2bf ML |
561 | break; |
562 | default: | |
563 | gcc_unreachable (); | |
564 | } | |
565 | if (warned) | |
566 | inform_filedescriptor_attribute (m_fd_dir); | |
567 | return warned; | |
568 | } | |
569 | ||
570 | label_text | |
571 | describe_final_event (const evdesc::final_event &ev) final override | |
572 | { | |
573 | switch (m_fd_dir) | |
574 | { | |
575 | case DIRS_READ: | |
576 | return ev.formatted_print ("%qE on read-only file descriptor %qE", | |
577 | m_callee_fndecl, m_arg); | |
578 | case DIRS_WRITE: | |
579 | return ev.formatted_print ("%qE on write-only file descriptor %qE", | |
580 | m_callee_fndecl, m_arg); | |
581 | default: | |
582 | gcc_unreachable (); | |
583 | } | |
584 | } | |
585 | ||
586 | private: | |
587 | enum access_directions m_fd_dir; | |
588 | }; | |
589 | ||
590 | class fd_double_close : public fd_diagnostic | |
591 | { | |
592 | public: | |
593 | fd_double_close (const fd_state_machine &sm, tree arg) : fd_diagnostic (sm, arg) | |
594 | { | |
595 | } | |
596 | ||
597 | const char * | |
598 | get_kind () const final override | |
599 | { | |
600 | return "fd_double_close"; | |
601 | } | |
602 | ||
603 | int | |
604 | get_controlling_option () const final override | |
605 | { | |
606 | return OPT_Wanalyzer_fd_double_close; | |
607 | } | |
608 | bool | |
12b67d1e | 609 | emit (diagnostic_emission_context &ctxt) final override |
9365b2bf | 610 | { |
9365b2bf | 611 | // CWE-1341: Multiple Releases of Same Resource or Handle |
12b67d1e DM |
612 | ctxt.add_cwe (1341); |
613 | return ctxt.warn ("double %<close%> of file descriptor %qE", m_arg); | |
9365b2bf ML |
614 | } |
615 | ||
616 | label_text | |
617 | describe_state_change (const evdesc::state_change &change) override | |
618 | { | |
619 | if (m_sm.is_unchecked_fd_p (change.m_new_state)) | |
620 | return label_text::borrow ("opened here"); | |
621 | ||
622 | if (change.m_new_state == m_sm.m_closed) | |
623 | { | |
624 | m_first_close_event = change.m_event_id; | |
625 | return change.formatted_print ("first %qs here", "close"); | |
626 | } | |
627 | return fd_diagnostic::describe_state_change (change); | |
628 | } | |
629 | ||
630 | label_text | |
631 | describe_final_event (const evdesc::final_event &ev) final override | |
632 | { | |
633 | if (m_first_close_event.known_p ()) | |
634 | return ev.formatted_print ("second %qs here; first %qs was at %@", | |
635 | "close", "close", &m_first_close_event); | |
636 | return ev.formatted_print ("second %qs here", "close"); | |
637 | } | |
638 | ||
639 | private: | |
640 | diagnostic_event_id_t m_first_close_event; | |
641 | }; | |
642 | ||
643 | class fd_use_after_close : public fd_param_diagnostic | |
644 | { | |
645 | public: | |
646 | fd_use_after_close (const fd_state_machine &sm, tree arg, | |
647 | const tree callee_fndecl, const char *attr_name, | |
648 | int arg_idx) | |
649 | : fd_param_diagnostic (sm, arg, callee_fndecl, attr_name, arg_idx) | |
650 | { | |
651 | } | |
652 | ||
653 | fd_use_after_close (const fd_state_machine &sm, tree arg, | |
654 | const tree callee_fndecl) | |
655 | : fd_param_diagnostic (sm, arg, callee_fndecl) | |
656 | { | |
657 | } | |
658 | ||
659 | const char * | |
660 | get_kind () const final override | |
661 | { | |
662 | return "fd_use_after_close"; | |
663 | } | |
664 | ||
665 | int | |
666 | get_controlling_option () const final override | |
667 | { | |
668 | return OPT_Wanalyzer_fd_use_after_close; | |
669 | } | |
670 | ||
671 | bool | |
12b67d1e | 672 | emit (diagnostic_emission_context &ctxt) final override |
9365b2bf | 673 | { |
12b67d1e DM |
674 | bool warned = ctxt.warn ("%qE on closed file descriptor %qE", |
675 | m_callee_fndecl, m_arg); | |
9365b2bf ML |
676 | if (warned) |
677 | inform_filedescriptor_attribute (DIRS_READ_WRITE); | |
678 | return warned; | |
679 | } | |
680 | ||
681 | label_text | |
682 | describe_state_change (const evdesc::state_change &change) override | |
683 | { | |
684 | if (m_sm.is_unchecked_fd_p (change.m_new_state)) | |
685 | return label_text::borrow ("opened here"); | |
686 | ||
687 | if (change.m_new_state == m_sm.m_closed) | |
688 | { | |
689 | m_first_close_event = change.m_event_id; | |
690 | return change.formatted_print ("closed here"); | |
691 | } | |
692 | ||
693 | return fd_diagnostic::describe_state_change (change); | |
694 | } | |
695 | ||
696 | label_text | |
697 | describe_final_event (const evdesc::final_event &ev) final override | |
698 | { | |
699 | if (m_first_close_event.known_p ()) | |
700 | return ev.formatted_print ( | |
701 | "%qE on closed file descriptor %qE; %qs was at %@", m_callee_fndecl, | |
702 | m_arg, "close", &m_first_close_event); | |
703 | else | |
704 | return ev.formatted_print ("%qE on closed file descriptor %qE", | |
705 | m_callee_fndecl, m_arg); | |
706 | } | |
707 | ||
708 | private: | |
709 | diagnostic_event_id_t m_first_close_event; | |
710 | }; | |
711 | ||
712 | class fd_use_without_check : public fd_param_diagnostic | |
713 | { | |
714 | public: | |
715 | fd_use_without_check (const fd_state_machine &sm, tree arg, | |
716 | const tree callee_fndecl, const char *attr_name, | |
717 | int arg_idx) | |
718 | : fd_param_diagnostic (sm, arg, callee_fndecl, attr_name, arg_idx) | |
719 | { | |
720 | } | |
721 | ||
722 | fd_use_without_check (const fd_state_machine &sm, tree arg, | |
723 | const tree callee_fndecl) | |
724 | : fd_param_diagnostic (sm, arg, callee_fndecl) | |
725 | { | |
726 | } | |
727 | ||
728 | const char * | |
729 | get_kind () const final override | |
730 | { | |
731 | return "fd_use_without_check"; | |
732 | } | |
733 | ||
734 | int | |
735 | get_controlling_option () const final override | |
736 | { | |
737 | return OPT_Wanalyzer_fd_use_without_check; | |
738 | } | |
739 | ||
740 | bool | |
12b67d1e | 741 | emit (diagnostic_emission_context &ctxt) final override |
9365b2bf | 742 | { |
12b67d1e DM |
743 | bool warned = ctxt.warn ("%qE on possibly invalid file descriptor %qE", |
744 | m_callee_fndecl, m_arg); | |
9365b2bf ML |
745 | if (warned) |
746 | inform_filedescriptor_attribute (DIRS_READ_WRITE); | |
747 | return warned; | |
748 | } | |
749 | ||
750 | label_text | |
751 | describe_state_change (const evdesc::state_change &change) override | |
752 | { | |
753 | if (m_sm.is_unchecked_fd_p (change.m_new_state)) | |
754 | { | |
755 | m_first_open_event = change.m_event_id; | |
756 | return label_text::borrow ("opened here"); | |
757 | } | |
758 | ||
759 | return fd_diagnostic::describe_state_change (change); | |
760 | } | |
761 | ||
762 | label_text | |
763 | describe_final_event (const evdesc::final_event &ev) final override | |
764 | { | |
765 | if (m_first_open_event.known_p ()) | |
766 | return ev.formatted_print ( | |
767 | "%qE could be invalid: unchecked value from %@", m_arg, | |
768 | &m_first_open_event); | |
769 | else | |
770 | return ev.formatted_print ("%qE could be invalid", m_arg); | |
771 | } | |
772 | ||
773 | private: | |
774 | diagnostic_event_id_t m_first_open_event; | |
775 | }; | |
776 | ||
86a90006 DM |
777 | /* Concrete pending_diagnostic subclass for -Wanalyzer-fd-phase-mismatch. */ |
778 | ||
779 | class fd_phase_mismatch : public fd_param_diagnostic | |
780 | { | |
781 | public: | |
782 | fd_phase_mismatch (const fd_state_machine &sm, tree arg, | |
783 | const tree callee_fndecl, | |
784 | state_machine::state_t actual_state, | |
785 | enum expected_phase expected_phase) | |
786 | : fd_param_diagnostic (sm, arg, callee_fndecl), | |
787 | m_actual_state (actual_state), | |
788 | m_expected_phase (expected_phase) | |
789 | { | |
790 | gcc_assert (m_sm.is_socket_fd_p (actual_state)); | |
791 | switch (expected_phase) | |
792 | { | |
793 | case EXPECTED_PHASE_CAN_TRANSFER: | |
794 | gcc_assert (actual_state == m_sm.m_new_stream_socket | |
795 | || actual_state == m_sm.m_bound_stream_socket | |
796 | || actual_state == m_sm.m_listening_stream_socket); | |
797 | break; | |
798 | case EXPECTED_PHASE_CAN_BIND: | |
799 | gcc_assert (actual_state == m_sm.m_bound_datagram_socket | |
800 | || actual_state == m_sm.m_bound_stream_socket | |
801 | || actual_state == m_sm.m_bound_unknown_socket | |
802 | || actual_state == m_sm.m_connected_stream_socket | |
803 | || actual_state == m_sm.m_listening_stream_socket); | |
804 | break; | |
805 | case EXPECTED_PHASE_CAN_LISTEN: | |
806 | gcc_assert (actual_state == m_sm.m_new_stream_socket | |
807 | || actual_state == m_sm.m_new_unknown_socket | |
808 | || actual_state == m_sm.m_connected_stream_socket); | |
809 | break; | |
810 | case EXPECTED_PHASE_CAN_ACCEPT: | |
811 | gcc_assert (actual_state == m_sm.m_new_stream_socket | |
812 | || actual_state == m_sm.m_new_unknown_socket | |
813 | || actual_state == m_sm.m_bound_stream_socket | |
814 | || actual_state == m_sm.m_bound_unknown_socket | |
815 | || actual_state == m_sm.m_connected_stream_socket); | |
816 | break; | |
817 | case EXPECTED_PHASE_CAN_CONNECT: | |
818 | gcc_assert (actual_state == m_sm.m_bound_datagram_socket | |
819 | || actual_state == m_sm.m_bound_stream_socket | |
820 | || actual_state == m_sm.m_bound_unknown_socket | |
821 | || actual_state == m_sm.m_listening_stream_socket | |
822 | || actual_state == m_sm.m_connected_stream_socket); | |
823 | break; | |
824 | } | |
825 | } | |
826 | ||
827 | const char * | |
828 | get_kind () const final override | |
829 | { | |
830 | return "fd_phase_mismatch"; | |
831 | } | |
832 | ||
833 | bool | |
834 | subclass_equal_p (const pending_diagnostic &base_other) const final override | |
835 | { | |
836 | const fd_phase_mismatch &sub_other = (const fd_phase_mismatch &)base_other; | |
837 | if (!fd_param_diagnostic ::subclass_equal_p (sub_other)) | |
838 | return false; | |
839 | return (m_actual_state == sub_other.m_actual_state | |
840 | && m_expected_phase == sub_other.m_expected_phase); | |
841 | } | |
842 | ||
843 | int | |
844 | get_controlling_option () const final override | |
845 | { | |
846 | return OPT_Wanalyzer_fd_phase_mismatch; | |
847 | } | |
848 | ||
849 | bool | |
12b67d1e | 850 | emit (diagnostic_emission_context &ctxt) final override |
86a90006 DM |
851 | { |
852 | /* CWE-666: Operation on Resource in Wrong Phase of Lifetime. */ | |
12b67d1e DM |
853 | ctxt.add_cwe (666); |
854 | return ctxt.warn ("%qE on file descriptor %qE in wrong phase", | |
855 | m_callee_fndecl, m_arg); | |
86a90006 DM |
856 | } |
857 | ||
858 | label_text | |
859 | describe_final_event (const evdesc::final_event &ev) final override | |
860 | { | |
861 | switch (m_expected_phase) | |
862 | { | |
863 | case EXPECTED_PHASE_CAN_TRANSFER: | |
864 | { | |
865 | if (m_actual_state == m_sm.m_new_stream_socket) | |
866 | return ev.formatted_print | |
867 | ("%qE expects a stream socket to be connected via %qs" | |
868 | " but %qE has not yet been bound", | |
869 | m_callee_fndecl, "accept", m_arg); | |
870 | if (m_actual_state == m_sm.m_bound_stream_socket) | |
871 | return ev.formatted_print | |
872 | ("%qE expects a stream socket to be connected via %qs" | |
873 | " but %qE is not yet listening", | |
874 | m_callee_fndecl, "accept", m_arg); | |
875 | if (m_actual_state == m_sm.m_listening_stream_socket) | |
876 | return ev.formatted_print | |
877 | ("%qE expects a stream socket to be connected via" | |
878 | " the return value of %qs" | |
879 | " but %qE is listening; wrong file descriptor?", | |
880 | m_callee_fndecl, "accept", m_arg); | |
881 | } | |
882 | break; | |
883 | case EXPECTED_PHASE_CAN_BIND: | |
884 | { | |
885 | if (m_actual_state == m_sm.m_bound_datagram_socket | |
886 | || m_actual_state == m_sm.m_bound_stream_socket | |
887 | || m_actual_state == m_sm.m_bound_unknown_socket) | |
888 | return ev.formatted_print | |
889 | ("%qE expects a new socket file descriptor" | |
890 | " but %qE has already been bound", | |
891 | m_callee_fndecl, m_arg); | |
892 | if (m_actual_state == m_sm.m_connected_stream_socket) | |
893 | return ev.formatted_print | |
894 | ("%qE expects a new socket file descriptor" | |
895 | " but %qE is already connected", | |
896 | m_callee_fndecl, m_arg); | |
897 | if (m_actual_state == m_sm.m_listening_stream_socket) | |
898 | return ev.formatted_print | |
899 | ("%qE expects a new socket file descriptor" | |
900 | " but %qE is already listening", | |
901 | m_callee_fndecl, m_arg); | |
902 | } | |
903 | break; | |
904 | case EXPECTED_PHASE_CAN_LISTEN: | |
905 | { | |
906 | if (m_actual_state == m_sm.m_new_stream_socket | |
907 | || m_actual_state == m_sm.m_new_unknown_socket) | |
908 | return ev.formatted_print | |
909 | ("%qE expects a bound stream socket file descriptor" | |
910 | " but %qE has not yet been bound", | |
911 | m_callee_fndecl, m_arg); | |
912 | if (m_actual_state == m_sm.m_connected_stream_socket) | |
913 | return ev.formatted_print | |
914 | ("%qE expects a bound stream socket file descriptor" | |
915 | " but %qE is connected", | |
916 | m_callee_fndecl, m_arg); | |
917 | } | |
918 | break; | |
919 | case EXPECTED_PHASE_CAN_ACCEPT: | |
920 | { | |
921 | if (m_actual_state == m_sm.m_new_stream_socket | |
922 | || m_actual_state == m_sm.m_new_unknown_socket) | |
923 | return ev.formatted_print | |
924 | ("%qE expects a listening stream socket file descriptor" | |
925 | " but %qE has not yet been bound", | |
926 | m_callee_fndecl, m_arg); | |
927 | if (m_actual_state == m_sm.m_bound_stream_socket | |
928 | || m_actual_state == m_sm.m_bound_unknown_socket) | |
929 | return ev.formatted_print | |
930 | ("%qE expects a listening stream socket file descriptor" | |
931 | " whereas %qE is bound but not yet listening", | |
932 | m_callee_fndecl, m_arg); | |
933 | if (m_actual_state == m_sm.m_connected_stream_socket) | |
934 | return ev.formatted_print | |
935 | ("%qE expects a listening stream socket file descriptor" | |
936 | " but %qE is connected", | |
937 | m_callee_fndecl, m_arg); | |
938 | } | |
939 | break; | |
940 | case EXPECTED_PHASE_CAN_CONNECT: | |
941 | { | |
942 | if (m_actual_state == m_sm.m_bound_datagram_socket | |
943 | || m_actual_state == m_sm.m_bound_stream_socket | |
944 | || m_actual_state == m_sm.m_bound_unknown_socket) | |
945 | return ev.formatted_print | |
946 | ("%qE expects a new socket file descriptor but %qE is bound", | |
947 | m_callee_fndecl, m_arg); | |
948 | else | |
949 | return ev.formatted_print | |
950 | ("%qE expects a new socket file descriptor", m_callee_fndecl); | |
951 | } | |
952 | break; | |
953 | } | |
954 | gcc_unreachable (); | |
955 | } | |
956 | ||
957 | private: | |
958 | state_machine::state_t m_actual_state; | |
959 | enum expected_phase m_expected_phase; | |
960 | }; | |
961 | ||
962 | /* Enum for use by -Wanalyzer-fd-type-mismatch. */ | |
963 | ||
964 | enum expected_type | |
965 | { | |
966 | EXPECTED_TYPE_SOCKET, | |
967 | EXPECTED_TYPE_STREAM_SOCKET | |
968 | }; | |
969 | ||
970 | /* Concrete pending_diagnostic subclass for -Wanalyzer-fd-type-mismatch. */ | |
971 | ||
972 | class fd_type_mismatch : public fd_param_diagnostic | |
973 | { | |
974 | public: | |
975 | fd_type_mismatch (const fd_state_machine &sm, tree arg, | |
976 | const tree callee_fndecl, | |
977 | state_machine::state_t actual_state, | |
978 | enum expected_type expected_type) | |
979 | : fd_param_diagnostic (sm, arg, callee_fndecl), | |
980 | m_actual_state (actual_state), | |
981 | m_expected_type (expected_type) | |
982 | { | |
983 | } | |
984 | ||
985 | const char * | |
986 | get_kind () const final override | |
987 | { | |
988 | return "fd_type_mismatch"; | |
989 | } | |
990 | ||
991 | bool | |
992 | subclass_equal_p (const pending_diagnostic &base_other) const final override | |
993 | { | |
994 | const fd_type_mismatch &sub_other = (const fd_type_mismatch &)base_other; | |
995 | if (!fd_param_diagnostic ::subclass_equal_p (sub_other)) | |
996 | return false; | |
997 | return (m_actual_state == sub_other.m_actual_state | |
998 | && m_expected_type == sub_other.m_expected_type); | |
999 | } | |
1000 | ||
1001 | int | |
1002 | get_controlling_option () const final override | |
1003 | { | |
1004 | return OPT_Wanalyzer_fd_type_mismatch; | |
1005 | } | |
1006 | ||
1007 | bool | |
12b67d1e | 1008 | emit (diagnostic_emission_context &ctxt) final override |
86a90006 DM |
1009 | { |
1010 | switch (m_expected_type) | |
1011 | { | |
1012 | default: | |
1013 | gcc_unreachable (); | |
1014 | case EXPECTED_TYPE_SOCKET: | |
12b67d1e DM |
1015 | return ctxt.warn ("%qE on non-socket file descriptor %qE", |
1016 | m_callee_fndecl, m_arg); | |
86a90006 DM |
1017 | case EXPECTED_TYPE_STREAM_SOCKET: |
1018 | if (m_sm.is_datagram_socket_fd_p (m_actual_state)) | |
12b67d1e DM |
1019 | return ctxt.warn ("%qE on datagram socket file descriptor %qE", |
1020 | m_callee_fndecl, m_arg); | |
86a90006 | 1021 | else |
12b67d1e DM |
1022 | return ctxt.warn ("%qE on non-stream-socket file descriptor %qE", |
1023 | m_callee_fndecl, m_arg); | |
86a90006 DM |
1024 | } |
1025 | } | |
1026 | ||
1027 | label_text | |
1028 | describe_final_event (const evdesc::final_event &ev) final override | |
1029 | { | |
1030 | switch (m_expected_type) | |
1031 | { | |
1032 | default: | |
1033 | break; | |
1034 | gcc_unreachable (); | |
1035 | case EXPECTED_TYPE_SOCKET: | |
1036 | case EXPECTED_TYPE_STREAM_SOCKET: | |
1037 | if (!m_sm.is_socket_fd_p (m_actual_state)) | |
1038 | return ev.formatted_print ("%qE expects a socket file descriptor" | |
1039 | " but %qE is not a socket", | |
1040 | m_callee_fndecl, m_arg); | |
1041 | } | |
1042 | gcc_assert (m_expected_type == EXPECTED_TYPE_STREAM_SOCKET); | |
1043 | gcc_assert (m_sm.is_datagram_socket_fd_p (m_actual_state)); | |
1044 | return ev.formatted_print | |
1045 | ("%qE expects a stream socket file descriptor" | |
1046 | " but %qE is a datagram socket", | |
1047 | m_callee_fndecl, m_arg); | |
1048 | } | |
1049 | ||
1050 | private: | |
1051 | state_machine::state_t m_actual_state; | |
1052 | enum expected_type m_expected_type; | |
1053 | }; | |
1054 | ||
9365b2bf ML |
1055 | fd_state_machine::fd_state_machine (logger *logger) |
1056 | : state_machine ("file-descriptor", logger), | |
1057 | m_constant_fd (add_state ("fd-constant")), | |
1058 | m_unchecked_read_write (add_state ("fd-unchecked-read-write")), | |
1059 | m_unchecked_read_only (add_state ("fd-unchecked-read-only")), | |
1060 | m_unchecked_write_only (add_state ("fd-unchecked-write-only")), | |
1061 | m_valid_read_write (add_state ("fd-valid-read-write")), | |
1062 | m_valid_read_only (add_state ("fd-valid-read-only")), | |
1063 | m_valid_write_only (add_state ("fd-valid-write-only")), | |
1064 | m_invalid (add_state ("fd-invalid")), | |
1065 | m_closed (add_state ("fd-closed")), | |
86a90006 DM |
1066 | m_new_datagram_socket (add_state ("fd-new-datagram-socket")), |
1067 | m_new_stream_socket (add_state ("fd-new-stream-socket")), | |
1068 | m_new_unknown_socket (add_state ("fd-new-unknown-socket")), | |
1069 | m_bound_datagram_socket (add_state ("fd-bound-datagram-socket")), | |
1070 | m_bound_stream_socket (add_state ("fd-bound-stream-socket")), | |
1071 | m_bound_unknown_socket (add_state ("fd-bound-unknown-socket")), | |
1072 | m_listening_stream_socket (add_state ("fd-listening-stream-socket")), | |
1073 | m_connected_stream_socket (add_state ("fd-connected-stream-socket")), | |
d8aba860 DM |
1074 | m_stop (add_state ("fd-stop")), |
1075 | m_O_ACCMODE (get_stashed_constant_by_name ("O_ACCMODE")), | |
1076 | m_O_RDONLY (get_stashed_constant_by_name ("O_RDONLY")), | |
86a90006 DM |
1077 | m_O_WRONLY (get_stashed_constant_by_name ("O_WRONLY")), |
1078 | m_SOCK_STREAM (get_stashed_constant_by_name ("SOCK_STREAM")), | |
1079 | m_SOCK_DGRAM (get_stashed_constant_by_name ("SOCK_DGRAM")) | |
9365b2bf ML |
1080 | { |
1081 | } | |
1082 | ||
1083 | bool | |
1084 | fd_state_machine::is_unchecked_fd_p (state_t s) const | |
1085 | { | |
1086 | return (s == m_unchecked_read_write | |
1087 | || s == m_unchecked_read_only | |
1088 | || s == m_unchecked_write_only); | |
1089 | } | |
1090 | ||
1091 | bool | |
1092 | fd_state_machine::is_valid_fd_p (state_t s) const | |
1093 | { | |
1094 | return (s == m_valid_read_write | |
1095 | || s == m_valid_read_only | |
1096 | || s == m_valid_write_only); | |
1097 | } | |
1098 | ||
86a90006 DM |
1099 | bool |
1100 | fd_state_machine::is_socket_fd_p (state_t s) const | |
1101 | { | |
1102 | return (s == m_new_datagram_socket | |
1103 | || s == m_new_stream_socket | |
1104 | || s == m_new_unknown_socket | |
1105 | || s == m_bound_datagram_socket | |
1106 | || s == m_bound_stream_socket | |
1107 | || s == m_bound_unknown_socket | |
1108 | || s == m_listening_stream_socket | |
1109 | || s == m_connected_stream_socket); | |
1110 | } | |
1111 | ||
1112 | bool | |
1113 | fd_state_machine::is_datagram_socket_fd_p (state_t s) const | |
1114 | { | |
1115 | return (s == m_new_datagram_socket | |
1116 | || s == m_new_unknown_socket | |
1117 | || s == m_bound_datagram_socket | |
1118 | || s == m_bound_unknown_socket); | |
1119 | } | |
1120 | ||
1121 | bool | |
1122 | fd_state_machine::is_stream_socket_fd_p (state_t s) const | |
1123 | { | |
1124 | return (s == m_new_stream_socket | |
1125 | || s == m_new_unknown_socket | |
1126 | || s == m_bound_stream_socket | |
1127 | || s == m_bound_unknown_socket | |
1128 | || s == m_listening_stream_socket | |
1129 | || s == m_connected_stream_socket); | |
1130 | } | |
1131 | ||
9365b2bf ML |
1132 | enum access_mode |
1133 | fd_state_machine::get_access_mode_from_flag (int flag) const | |
1134 | { | |
d8aba860 | 1135 | if (m_O_ACCMODE && TREE_CODE (m_O_ACCMODE) == INTEGER_CST) |
9365b2bf | 1136 | { |
d8aba860 DM |
1137 | const unsigned HOST_WIDE_INT mask_val = TREE_INT_CST_LOW (m_O_ACCMODE); |
1138 | const unsigned HOST_WIDE_INT masked_flag = flag & mask_val; | |
1139 | ||
1140 | if (m_O_RDONLY && TREE_CODE (m_O_RDONLY) == INTEGER_CST) | |
1141 | if (masked_flag == TREE_INT_CST_LOW (m_O_RDONLY)) | |
1142 | return READ_ONLY; | |
1143 | ||
1144 | if (m_O_WRONLY && TREE_CODE (m_O_WRONLY) == INTEGER_CST) | |
1145 | if (masked_flag == TREE_INT_CST_LOW (m_O_WRONLY)) | |
1146 | return WRITE_ONLY; | |
9365b2bf ML |
1147 | } |
1148 | return READ_WRITE; | |
1149 | } | |
1150 | ||
1151 | bool | |
1152 | fd_state_machine::is_readonly_fd_p (state_t state) const | |
1153 | { | |
1154 | return (state == m_unchecked_read_only || state == m_valid_read_only); | |
1155 | } | |
1156 | ||
1157 | bool | |
1158 | fd_state_machine::is_writeonly_fd_p (state_t state) const | |
1159 | { | |
1160 | return (state == m_unchecked_write_only || state == m_valid_write_only); | |
1161 | } | |
1162 | ||
1163 | bool | |
1164 | fd_state_machine::is_closed_fd_p (state_t state) const | |
1165 | { | |
1166 | return (state == m_closed); | |
1167 | } | |
1168 | ||
1169 | bool | |
1170 | fd_state_machine::is_constant_fd_p (state_t state) const | |
1171 | { | |
1172 | return (state == m_constant_fd); | |
1173 | } | |
1174 | ||
6a11f2d9 IM |
1175 | fd_state_machine::state_t |
1176 | fd_state_machine::valid_to_unchecked_state (state_t state) const | |
1177 | { | |
1178 | if (state == m_valid_read_write) | |
1179 | return m_unchecked_read_write; | |
1180 | else if (state == m_valid_write_only) | |
1181 | return m_unchecked_write_only; | |
1182 | else if (state == m_valid_read_only) | |
1183 | return m_unchecked_read_only; | |
1184 | else | |
1185 | gcc_unreachable (); | |
1186 | return NULL; | |
1187 | } | |
1188 | ||
792f039f DM |
1189 | void |
1190 | fd_state_machine::mark_as_valid_fd (region_model *model, | |
1191 | sm_state_map *smap, | |
1192 | const svalue *fd_sval, | |
1193 | const extrinsic_state &ext_state) const | |
1194 | { | |
1195 | smap->set_state (model, fd_sval, m_valid_read_write, NULL, ext_state); | |
1196 | } | |
1197 | ||
9365b2bf ML |
1198 | bool |
1199 | fd_state_machine::on_stmt (sm_context *sm_ctxt, const supernode *node, | |
1200 | const gimple *stmt) const | |
1201 | { | |
1202 | if (const gcall *call = dyn_cast<const gcall *> (stmt)) | |
1203 | if (tree callee_fndecl = sm_ctxt->get_fndecl_for_call (call)) | |
1204 | { | |
1205 | if (is_named_call_p (callee_fndecl, "open", call, 2)) | |
1206 | { | |
1207 | on_open (sm_ctxt, node, stmt, call); | |
1208 | return true; | |
1209 | } // "open" | |
1210 | ||
6a11f2d9 IM |
1211 | if (is_named_call_p (callee_fndecl, "creat", call, 2)) |
1212 | { | |
1213 | on_creat (sm_ctxt, node, stmt, call); | |
792f039f | 1214 | return true; |
6a11f2d9 IM |
1215 | } // "creat" |
1216 | ||
9365b2bf ML |
1217 | if (is_named_call_p (callee_fndecl, "close", call, 1)) |
1218 | { | |
1219 | on_close (sm_ctxt, node, stmt, call); | |
1220 | return true; | |
1221 | } // "close" | |
1222 | ||
1223 | if (is_named_call_p (callee_fndecl, "write", call, 3)) | |
1224 | { | |
1225 | on_write (sm_ctxt, node, stmt, call, callee_fndecl); | |
1226 | return true; | |
1227 | } // "write" | |
1228 | ||
1229 | if (is_named_call_p (callee_fndecl, "read", call, 3)) | |
1230 | { | |
1231 | on_read (sm_ctxt, node, stmt, call, callee_fndecl); | |
1232 | return true; | |
1233 | } // "read" | |
1234 | ||
6a11f2d9 IM |
1235 | if (is_named_call_p (callee_fndecl, "dup", call, 1)) |
1236 | { | |
1237 | check_for_dup (sm_ctxt, node, stmt, call, callee_fndecl, DUP_1); | |
1238 | return true; | |
1239 | } | |
1240 | ||
1241 | if (is_named_call_p (callee_fndecl, "dup2", call, 2)) | |
1242 | { | |
1243 | check_for_dup (sm_ctxt, node, stmt, call, callee_fndecl, DUP_2); | |
1244 | return true; | |
1245 | } | |
1246 | ||
1247 | if (is_named_call_p (callee_fndecl, "dup3", call, 3)) | |
1248 | { | |
1249 | check_for_dup (sm_ctxt, node, stmt, call, callee_fndecl, DUP_3); | |
1250 | return true; | |
1251 | } | |
9365b2bf ML |
1252 | |
1253 | { | |
1254 | // Handle __attribute__((fd_arg)) | |
1255 | ||
1256 | check_for_fd_attrs (sm_ctxt, node, stmt, call, callee_fndecl, | |
1257 | "fd_arg", DIRS_READ_WRITE); | |
1258 | ||
1259 | // Handle __attribute__((fd_arg_read)) | |
1260 | ||
1261 | check_for_fd_attrs (sm_ctxt, node, stmt, call, callee_fndecl, | |
1262 | "fd_arg_read", DIRS_READ); | |
1263 | ||
1264 | // Handle __attribute__((fd_arg_write)) | |
1265 | ||
1266 | check_for_fd_attrs (sm_ctxt, node, stmt, call, callee_fndecl, | |
1267 | "fd_arg_write", DIRS_WRITE); | |
1268 | } | |
1269 | } | |
1270 | ||
1271 | return false; | |
1272 | } | |
1273 | ||
1274 | void | |
1275 | fd_state_machine::check_for_fd_attrs ( | |
1276 | sm_context *sm_ctxt, const supernode *node, const gimple *stmt, | |
1277 | const gcall *call, const tree callee_fndecl, const char *attr_name, | |
1278 | access_directions fd_attr_access_dir) const | |
1279 | { | |
55f6a7d9 | 1280 | /* Handle interesting fd attributes of the callee_fndecl, |
1281 | or prioritize those of the builtin that callee_fndecl is | |
1282 | expected to be. | |
1283 | Might want this to be controlled by a flag. */ | |
1284 | tree fndecl = callee_fndecl; | |
1285 | /* If call is recognized as a builtin known_function, | |
1286 | use that builtin's function_decl. */ | |
1287 | if (const region_model *old_model = sm_ctxt->get_old_region_model ()) | |
1288 | if (const builtin_known_function *builtin_kf | |
1289 | = old_model->get_builtin_kf (call)) | |
1290 | fndecl = builtin_kf->builtin_decl (); | |
1291 | ||
1292 | tree attrs = TYPE_ATTRIBUTES (TREE_TYPE (fndecl)); | |
9365b2bf ML |
1293 | attrs = lookup_attribute (attr_name, attrs); |
1294 | if (!attrs) | |
1295 | return; | |
1296 | ||
1297 | if (!TREE_VALUE (attrs)) | |
1298 | return; | |
1299 | ||
1300 | auto_bitmap argmap; | |
1301 | ||
1302 | for (tree idx = TREE_VALUE (attrs); idx; idx = TREE_CHAIN (idx)) | |
1303 | { | |
1304 | unsigned int val = TREE_INT_CST_LOW (TREE_VALUE (idx)) - 1; | |
1305 | bitmap_set_bit (argmap, val); | |
1306 | } | |
1307 | if (bitmap_empty_p (argmap)) | |
1308 | return; | |
1309 | ||
1310 | for (unsigned arg_idx = 0; arg_idx < gimple_call_num_args (call); arg_idx++) | |
1311 | { | |
1312 | tree arg = gimple_call_arg (call, arg_idx); | |
1313 | tree diag_arg = sm_ctxt->get_diagnostic_tree (arg); | |
1314 | state_t state = sm_ctxt->get_state (stmt, arg); | |
1315 | bool bit_set = bitmap_bit_p (argmap, arg_idx); | |
1316 | if (TREE_CODE (TREE_TYPE (arg)) != INTEGER_TYPE) | |
1317 | continue; | |
1318 | if (bit_set) // Check if arg_idx is marked by any of the file descriptor | |
1319 | // attributes | |
1320 | { | |
1321 | ||
55f6a7d9 | 1322 | /* Do use the fndecl that caused the warning so that the |
1323 | misused attributes are printed and the user not confused. */ | |
9365b2bf ML |
1324 | if (is_closed_fd_p (state)) |
1325 | { | |
1326 | ||
1327 | sm_ctxt->warn (node, stmt, arg, | |
6341f14e DM |
1328 | make_unique<fd_use_after_close> |
1329 | (*this, diag_arg, | |
55f6a7d9 | 1330 | fndecl, attr_name, |
6341f14e | 1331 | arg_idx)); |
9365b2bf ML |
1332 | continue; |
1333 | } | |
1334 | ||
1335 | if (!(is_valid_fd_p (state) || (state == m_stop))) | |
1336 | { | |
1337 | if (!is_constant_fd_p (state)) | |
d84dc419 DM |
1338 | { |
1339 | sm_ctxt->warn (node, stmt, arg, | |
1340 | make_unique<fd_use_without_check> | |
6341f14e | 1341 | (*this, diag_arg, |
55f6a7d9 | 1342 | fndecl, attr_name, |
6341f14e | 1343 | arg_idx)); |
d84dc419 DM |
1344 | continue; |
1345 | } | |
9365b2bf ML |
1346 | } |
1347 | ||
1348 | switch (fd_attr_access_dir) | |
1349 | { | |
1350 | case DIRS_READ_WRITE: | |
1351 | break; | |
1352 | case DIRS_READ: | |
1353 | ||
1354 | if (is_writeonly_fd_p (state)) | |
1355 | { | |
1356 | sm_ctxt->warn ( | |
1357 | node, stmt, arg, | |
6341f14e DM |
1358 | make_unique<fd_access_mode_mismatch> (*this, diag_arg, |
1359 | DIRS_WRITE, | |
55f6a7d9 | 1360 | fndecl, |
6341f14e DM |
1361 | attr_name, |
1362 | arg_idx)); | |
9365b2bf ML |
1363 | } |
1364 | ||
1365 | break; | |
1366 | case DIRS_WRITE: | |
1367 | ||
1368 | if (is_readonly_fd_p (state)) | |
1369 | { | |
1370 | sm_ctxt->warn ( | |
1371 | node, stmt, arg, | |
6341f14e DM |
1372 | make_unique<fd_access_mode_mismatch> (*this, diag_arg, |
1373 | DIRS_READ, | |
55f6a7d9 | 1374 | fndecl, |
6341f14e DM |
1375 | attr_name, |
1376 | arg_idx)); | |
9365b2bf ML |
1377 | } |
1378 | ||
1379 | break; | |
1380 | } | |
1381 | } | |
1382 | } | |
1383 | } | |
1384 | ||
1385 | ||
1386 | void | |
1387 | fd_state_machine::on_open (sm_context *sm_ctxt, const supernode *node, | |
1388 | const gimple *stmt, const gcall *call) const | |
1389 | { | |
1390 | tree lhs = gimple_call_lhs (call); | |
1391 | if (lhs) | |
1392 | { | |
1393 | tree arg = gimple_call_arg (call, 1); | |
57bbf3a4 | 1394 | enum access_mode mode = READ_WRITE; |
9365b2bf ML |
1395 | if (TREE_CODE (arg) == INTEGER_CST) |
1396 | { | |
1397 | int flag = TREE_INT_CST_LOW (arg); | |
57bbf3a4 DM |
1398 | mode = get_access_mode_from_flag (flag); |
1399 | } | |
1400 | switch (mode) | |
1401 | { | |
1402 | case READ_ONLY: | |
1403 | sm_ctxt->on_transition (node, stmt, lhs, m_start, | |
1404 | m_unchecked_read_only); | |
1405 | break; | |
1406 | case WRITE_ONLY: | |
1407 | sm_ctxt->on_transition (node, stmt, lhs, m_start, | |
1408 | m_unchecked_write_only); | |
1409 | break; | |
1410 | default: | |
1411 | sm_ctxt->on_transition (node, stmt, lhs, m_start, | |
1412 | m_unchecked_read_write); | |
9365b2bf ML |
1413 | } |
1414 | } | |
1415 | else | |
1416 | { | |
6341f14e DM |
1417 | sm_ctxt->warn (node, stmt, NULL_TREE, |
1418 | make_unique<fd_leak> (*this, NULL_TREE)); | |
9365b2bf ML |
1419 | } |
1420 | } | |
1421 | ||
6a11f2d9 IM |
1422 | void |
1423 | fd_state_machine::on_creat (sm_context *sm_ctxt, const supernode *node, | |
1424 | const gimple *stmt, const gcall *call) const | |
1425 | { | |
1426 | tree lhs = gimple_call_lhs (call); | |
1427 | if (lhs) | |
1428 | sm_ctxt->on_transition (node, stmt, lhs, m_start, m_unchecked_write_only); | |
1429 | else | |
6341f14e DM |
1430 | sm_ctxt->warn (node, stmt, NULL_TREE, |
1431 | make_unique<fd_leak> (*this, NULL_TREE)); | |
6a11f2d9 IM |
1432 | } |
1433 | ||
1434 | void | |
1435 | fd_state_machine::check_for_dup (sm_context *sm_ctxt, const supernode *node, | |
1436 | const gimple *stmt, const gcall *call, | |
1437 | const tree callee_fndecl, enum dup kind) const | |
1438 | { | |
1439 | tree lhs = gimple_call_lhs (call); | |
1440 | tree arg_1 = gimple_call_arg (call, 0); | |
1441 | state_t state_arg_1 = sm_ctxt->get_state (stmt, arg_1); | |
1442 | if (state_arg_1 == m_stop) | |
1443 | return; | |
83714225 IM |
1444 | if (!(is_constant_fd_p (state_arg_1) || is_valid_fd_p (state_arg_1) |
1445 | || state_arg_1 == m_start)) | |
6a11f2d9 IM |
1446 | { |
1447 | check_for_open_fd (sm_ctxt, node, stmt, call, callee_fndecl, | |
1448 | DIRS_READ_WRITE); | |
ed7e7620 | 1449 | return; |
6a11f2d9 IM |
1450 | } |
1451 | switch (kind) | |
1452 | { | |
1453 | case DUP_1: | |
1454 | if (lhs) | |
1455 | { | |
83714225 | 1456 | if (is_constant_fd_p (state_arg_1) || state_arg_1 == m_start) |
6a11f2d9 IM |
1457 | sm_ctxt->set_next_state (stmt, lhs, m_unchecked_read_write); |
1458 | else | |
1459 | sm_ctxt->set_next_state (stmt, lhs, | |
1460 | valid_to_unchecked_state (state_arg_1)); | |
1461 | } | |
1462 | break; | |
1463 | ||
1464 | case DUP_2: | |
1465 | case DUP_3: | |
1466 | tree arg_2 = gimple_call_arg (call, 1); | |
1467 | state_t state_arg_2 = sm_ctxt->get_state (stmt, arg_2); | |
1468 | tree diag_arg_2 = sm_ctxt->get_diagnostic_tree (arg_2); | |
1469 | if (state_arg_2 == m_stop) | |
1470 | return; | |
1471 | /* Check if -1 was passed as second argument to dup2. */ | |
83714225 IM |
1472 | if (!(is_constant_fd_p (state_arg_2) || is_valid_fd_p (state_arg_2) |
1473 | || state_arg_2 == m_start)) | |
6a11f2d9 IM |
1474 | { |
1475 | sm_ctxt->warn ( | |
1476 | node, stmt, arg_2, | |
6341f14e DM |
1477 | make_unique<fd_use_without_check> (*this, diag_arg_2, |
1478 | callee_fndecl)); | |
6a11f2d9 IM |
1479 | return; |
1480 | } | |
1481 | /* dup2 returns value of its second argument on success.But, the | |
1482 | access mode of the returned file descriptor depends on the duplicated | |
1483 | file descriptor i.e the first argument. */ | |
1484 | if (lhs) | |
1485 | { | |
83714225 | 1486 | if (is_constant_fd_p (state_arg_1) || state_arg_1 == m_start) |
6a11f2d9 IM |
1487 | sm_ctxt->set_next_state (stmt, lhs, m_unchecked_read_write); |
1488 | else | |
1489 | sm_ctxt->set_next_state (stmt, lhs, | |
1490 | valid_to_unchecked_state (state_arg_1)); | |
1491 | } | |
1492 | ||
1493 | break; | |
1494 | } | |
1495 | } | |
1496 | ||
9365b2bf ML |
1497 | void |
1498 | fd_state_machine::on_close (sm_context *sm_ctxt, const supernode *node, | |
1499 | const gimple *stmt, const gcall *call) const | |
1500 | { | |
1501 | tree arg = gimple_call_arg (call, 0); | |
1502 | state_t state = sm_ctxt->get_state (stmt, arg); | |
1503 | tree diag_arg = sm_ctxt->get_diagnostic_tree (arg); | |
1504 | ||
1505 | sm_ctxt->on_transition (node, stmt, arg, m_start, m_closed); | |
1506 | sm_ctxt->on_transition (node, stmt, arg, m_unchecked_read_write, m_closed); | |
1507 | sm_ctxt->on_transition (node, stmt, arg, m_unchecked_read_only, m_closed); | |
1508 | sm_ctxt->on_transition (node, stmt, arg, m_unchecked_write_only, m_closed); | |
1509 | sm_ctxt->on_transition (node, stmt, arg, m_valid_read_write, m_closed); | |
1510 | sm_ctxt->on_transition (node, stmt, arg, m_valid_read_only, m_closed); | |
1511 | sm_ctxt->on_transition (node, stmt, arg, m_valid_write_only, m_closed); | |
1512 | sm_ctxt->on_transition (node, stmt, arg, m_constant_fd, m_closed); | |
86a90006 DM |
1513 | sm_ctxt->on_transition (node, stmt, arg, m_new_datagram_socket, m_closed); |
1514 | sm_ctxt->on_transition (node, stmt, arg, m_new_stream_socket, m_closed); | |
1515 | sm_ctxt->on_transition (node, stmt, arg, m_new_unknown_socket, m_closed); | |
1516 | sm_ctxt->on_transition (node, stmt, arg, m_bound_datagram_socket, m_closed); | |
1517 | sm_ctxt->on_transition (node, stmt, arg, m_bound_stream_socket, m_closed); | |
1518 | sm_ctxt->on_transition (node, stmt, arg, m_bound_unknown_socket, m_closed); | |
1519 | sm_ctxt->on_transition (node, stmt, arg, m_listening_stream_socket, m_closed); | |
1520 | sm_ctxt->on_transition (node, stmt, arg, m_connected_stream_socket, m_closed); | |
9365b2bf ML |
1521 | |
1522 | if (is_closed_fd_p (state)) | |
1523 | { | |
6341f14e DM |
1524 | sm_ctxt->warn (node, stmt, arg, |
1525 | make_unique<fd_double_close> (*this, diag_arg)); | |
9365b2bf ML |
1526 | sm_ctxt->set_next_state (stmt, arg, m_stop); |
1527 | } | |
1528 | } | |
1529 | void | |
1530 | fd_state_machine::on_read (sm_context *sm_ctxt, const supernode *node, | |
1531 | const gimple *stmt, const gcall *call, | |
1532 | const tree callee_fndecl) const | |
1533 | { | |
1534 | check_for_open_fd (sm_ctxt, node, stmt, call, callee_fndecl, DIRS_READ); | |
1535 | } | |
1536 | void | |
1537 | fd_state_machine::on_write (sm_context *sm_ctxt, const supernode *node, | |
1538 | const gimple *stmt, const gcall *call, | |
1539 | const tree callee_fndecl) const | |
1540 | { | |
1541 | check_for_open_fd (sm_ctxt, node, stmt, call, callee_fndecl, DIRS_WRITE); | |
1542 | } | |
1543 | ||
1544 | void | |
1545 | fd_state_machine::check_for_open_fd ( | |
1546 | sm_context *sm_ctxt, const supernode *node, const gimple *stmt, | |
1547 | const gcall *call, const tree callee_fndecl, | |
1548 | enum access_directions callee_fndecl_dir) const | |
1549 | { | |
1550 | tree arg = gimple_call_arg (call, 0); | |
1551 | tree diag_arg = sm_ctxt->get_diagnostic_tree (arg); | |
1552 | state_t state = sm_ctxt->get_state (stmt, arg); | |
1553 | ||
1554 | if (is_closed_fd_p (state)) | |
1555 | { | |
1556 | sm_ctxt->warn (node, stmt, arg, | |
6341f14e DM |
1557 | make_unique<fd_use_after_close> (*this, diag_arg, |
1558 | callee_fndecl)); | |
9365b2bf ML |
1559 | } |
1560 | ||
1561 | else | |
1562 | { | |
86a90006 DM |
1563 | if (state == m_new_stream_socket |
1564 | || state == m_bound_stream_socket | |
1565 | || state == m_listening_stream_socket) | |
1566 | /* Complain about fncall on socket in wrong phase. */ | |
1567 | sm_ctxt->warn | |
1568 | (node, stmt, arg, | |
1569 | make_unique<fd_phase_mismatch> (*this, diag_arg, | |
1570 | callee_fndecl, | |
1571 | state, | |
1572 | EXPECTED_PHASE_CAN_TRANSFER)); | |
1573 | else if (!(is_valid_fd_p (state) | |
1574 | || state == m_new_datagram_socket | |
1575 | || state == m_bound_unknown_socket | |
1576 | || state == m_connected_stream_socket | |
1577 | || state == m_start | |
1578 | || state == m_stop)) | |
9365b2bf ML |
1579 | { |
1580 | if (!is_constant_fd_p (state)) | |
1581 | sm_ctxt->warn ( | |
1582 | node, stmt, arg, | |
6341f14e DM |
1583 | make_unique<fd_use_without_check> (*this, diag_arg, |
1584 | callee_fndecl)); | |
9365b2bf ML |
1585 | } |
1586 | switch (callee_fndecl_dir) | |
1587 | { | |
6a11f2d9 IM |
1588 | case DIRS_READ_WRITE: |
1589 | break; | |
9365b2bf ML |
1590 | case DIRS_READ: |
1591 | if (is_writeonly_fd_p (state)) | |
1592 | { | |
1593 | tree diag_arg = sm_ctxt->get_diagnostic_tree (arg); | |
1594 | sm_ctxt->warn (node, stmt, arg, | |
6341f14e | 1595 | make_unique<fd_access_mode_mismatch> ( |
9365b2bf ML |
1596 | *this, diag_arg, DIRS_WRITE, callee_fndecl)); |
1597 | } | |
1598 | ||
1599 | break; | |
1600 | case DIRS_WRITE: | |
1601 | ||
1602 | if (is_readonly_fd_p (state)) | |
1603 | { | |
1604 | tree diag_arg = sm_ctxt->get_diagnostic_tree (arg); | |
1605 | sm_ctxt->warn (node, stmt, arg, | |
6341f14e | 1606 | make_unique<fd_access_mode_mismatch> ( |
9365b2bf ML |
1607 | *this, diag_arg, DIRS_READ, callee_fndecl)); |
1608 | } | |
1609 | break; | |
9365b2bf ML |
1610 | } |
1611 | } | |
1612 | } | |
1613 | ||
86a90006 DM |
1614 | static bool |
1615 | add_constraint_ge_zero (region_model *model, | |
1616 | const svalue *fd_sval, | |
1617 | region_model_context *ctxt) | |
1618 | { | |
1619 | const svalue *zero | |
1620 | = model->get_manager ()->get_or_create_int_cst (integer_type_node, 0); | |
1621 | return model->add_constraint (fd_sval, GE_EXPR, zero, ctxt); | |
1622 | } | |
1623 | ||
1624 | /* Get the state for a new socket type based on SOCKET_TYPE_SVAL, | |
1625 | a SOCK_* value. */ | |
1626 | ||
1627 | state_machine::state_t | |
1628 | fd_state_machine:: | |
1629 | get_state_for_socket_type (const svalue *socket_type_sval) const | |
1630 | { | |
1631 | if (tree socket_type_cst = socket_type_sval->maybe_get_constant ()) | |
1632 | { | |
1633 | /* Attempt to use SOCK_* constants stashed from the frontend. */ | |
1634 | if (tree_int_cst_equal (socket_type_cst, m_SOCK_STREAM)) | |
1635 | return m_new_stream_socket; | |
1636 | if (tree_int_cst_equal (socket_type_cst, m_SOCK_DGRAM)) | |
1637 | return m_new_datagram_socket; | |
1638 | } | |
1639 | ||
1640 | /* Unrecognized constant, or a symbolic "type" value. */ | |
1641 | return m_new_unknown_socket; | |
1642 | } | |
1643 | ||
1644 | /* Update the model and fd state for an outcome of a call to "socket", | |
1645 | where SUCCESSFUL indicate which of the two outcomes. | |
1646 | Return true if the outcome is feasible, or false to reject it. */ | |
1647 | ||
1648 | bool | |
1649 | fd_state_machine::on_socket (const call_details &cd, | |
1650 | bool successful, | |
1651 | sm_context *sm_ctxt, | |
1652 | const extrinsic_state &ext_state) const | |
1653 | { | |
1654 | const gcall *stmt = cd.get_call_stmt (); | |
1655 | engine *eng = ext_state.get_engine (); | |
1656 | const supergraph *sg = eng->get_supergraph (); | |
1657 | const supernode *node = sg->get_supernode_for_stmt (stmt); | |
1658 | region_model *model = cd.get_model (); | |
1659 | ||
1660 | if (successful) | |
1661 | { | |
1662 | if (gimple_call_lhs (stmt)) | |
1663 | { | |
1664 | conjured_purge p (model, cd.get_ctxt ()); | |
1665 | region_model_manager *mgr = model->get_manager (); | |
1666 | const svalue *new_fd | |
1667 | = mgr->get_or_create_conjured_svalue (integer_type_node, | |
1668 | stmt, | |
1669 | cd.get_lhs_region (), | |
1670 | p); | |
1671 | if (!add_constraint_ge_zero (model, new_fd, cd.get_ctxt ())) | |
1672 | return false; | |
1673 | ||
1674 | const svalue *socket_type_sval = cd.get_arg_svalue (1); | |
1675 | state_machine::state_t new_state | |
1676 | = get_state_for_socket_type (socket_type_sval); | |
1677 | sm_ctxt->on_transition (node, stmt, new_fd, m_start, new_state); | |
1678 | model->set_value (cd.get_lhs_region (), new_fd, cd.get_ctxt ()); | |
1679 | } | |
1680 | else | |
1681 | sm_ctxt->warn (node, stmt, NULL_TREE, | |
1682 | make_unique<fd_leak> (*this, NULL_TREE)); | |
1683 | } | |
1684 | else | |
1685 | { | |
1686 | /* Return -1; set errno. */ | |
1687 | model->update_for_int_cst_return (cd, -1, true); | |
1688 | model->set_errno (cd); | |
1689 | } | |
1690 | ||
1691 | return true; | |
1692 | } | |
1693 | ||
1694 | /* Check that FD_SVAL is usable by socket APIs. | |
1695 | Complain if it has been closed, if it is a non-socket, | |
1696 | or is invalid. | |
1697 | If COMPLAINED is non-NULL and a problem is found, | |
1698 | write *COMPLAINED = true. | |
1699 | ||
1700 | If SUCCESSFUL is true, attempt to add the constraint that FD_SVAL >= 0. | |
1701 | Return true if this outcome is feasible. */ | |
1702 | ||
1703 | bool | |
1704 | fd_state_machine::check_for_socket_fd (const call_details &cd, | |
1705 | bool successful, | |
1706 | sm_context *sm_ctxt, | |
1707 | const svalue *fd_sval, | |
1708 | const supernode *node, | |
1709 | state_t old_state, | |
1710 | bool *complained) const | |
1711 | { | |
1712 | const gcall *stmt = cd.get_call_stmt (); | |
1713 | ||
1714 | if (is_closed_fd_p (old_state)) | |
1715 | { | |
1716 | tree diag_arg = sm_ctxt->get_diagnostic_tree (fd_sval); | |
1717 | sm_ctxt->warn | |
1718 | (node, stmt, fd_sval, | |
1719 | make_unique<fd_use_after_close> (*this, diag_arg, | |
1720 | cd.get_fndecl_for_call ())); | |
1721 | if (complained) | |
1722 | *complained = true; | |
1723 | if (successful) | |
1724 | return false; | |
1725 | } | |
1726 | else if (is_unchecked_fd_p (old_state) || is_valid_fd_p (old_state)) | |
1727 | { | |
1728 | /* Complain about non-socket. */ | |
1729 | tree diag_arg = sm_ctxt->get_diagnostic_tree (fd_sval); | |
1730 | sm_ctxt->warn | |
1731 | (node, stmt, fd_sval, | |
1732 | make_unique<fd_type_mismatch> (*this, diag_arg, | |
1733 | cd.get_fndecl_for_call (), | |
1734 | old_state, | |
1735 | EXPECTED_TYPE_SOCKET)); | |
1736 | if (complained) | |
1737 | *complained = true; | |
1738 | if (successful) | |
1739 | return false; | |
1740 | } | |
1741 | else if (old_state == m_invalid) | |
1742 | { | |
1743 | tree diag_arg = sm_ctxt->get_diagnostic_tree (fd_sval); | |
1744 | sm_ctxt->warn | |
1745 | (node, stmt, fd_sval, | |
1746 | make_unique<fd_use_without_check> (*this, diag_arg, | |
1747 | cd.get_fndecl_for_call ())); | |
1748 | if (complained) | |
1749 | *complained = true; | |
1750 | if (successful) | |
1751 | return false; | |
1752 | } | |
1753 | ||
1754 | if (successful) | |
1755 | if (!add_constraint_ge_zero (cd.get_model (), fd_sval, cd.get_ctxt ())) | |
1756 | return false; | |
1757 | ||
1758 | return true; | |
1759 | } | |
1760 | ||
1761 | /* For use by "bind" and "connect". | |
1762 | As per fd_state_machine::check_for_socket_fd above, | |
1763 | but also complain if we don't have a new socket, and check that | |
1764 | we can read up to the size bytes from the address. */ | |
1765 | ||
1766 | bool | |
1767 | fd_state_machine::check_for_new_socket_fd (const call_details &cd, | |
1768 | bool successful, | |
1769 | sm_context *sm_ctxt, | |
1770 | const svalue *fd_sval, | |
1771 | const supernode *node, | |
1772 | state_t old_state, | |
1773 | enum expected_phase expected_phase) | |
1774 | const | |
1775 | { | |
1776 | bool complained = false; | |
1777 | ||
1778 | /* Check address and len. */ | |
1779 | const svalue *address_sval = cd.get_arg_svalue (1); | |
1780 | const svalue *len_sval = cd.get_arg_svalue (2); | |
1781 | ||
1782 | /* Check that we can read the given number of bytes from the | |
1783 | address. */ | |
1784 | region_model *model = cd.get_model (); | |
1785 | const region *address_reg | |
1786 | = model->deref_rvalue (address_sval, cd.get_arg_tree (1), | |
1787 | cd.get_ctxt ()); | |
1788 | const region *sized_address_reg | |
1789 | = model->get_manager ()->get_sized_region (address_reg, | |
1790 | NULL_TREE, | |
1791 | len_sval); | |
1792 | model->get_store_value (sized_address_reg, cd.get_ctxt ()); | |
1793 | ||
1794 | if (!check_for_socket_fd (cd, successful, sm_ctxt, | |
1795 | fd_sval, node, old_state, &complained)) | |
1796 | return false; | |
1797 | else if (!complained | |
1798 | && !(old_state == m_new_stream_socket | |
1799 | || old_state == m_new_datagram_socket | |
1800 | || old_state == m_new_unknown_socket | |
1801 | || old_state == m_start | |
64fb291c DM |
1802 | || old_state == m_stop |
1803 | || old_state == m_constant_fd)) | |
86a90006 DM |
1804 | { |
1805 | /* Complain about "bind" or "connect" in wrong phase. */ | |
1806 | tree diag_arg = sm_ctxt->get_diagnostic_tree (fd_sval); | |
1807 | sm_ctxt->warn | |
1808 | (node, cd.get_call_stmt (), fd_sval, | |
1809 | make_unique<fd_phase_mismatch> (*this, diag_arg, | |
1810 | cd.get_fndecl_for_call (), | |
1811 | old_state, | |
1812 | expected_phase)); | |
1813 | if (successful) | |
1814 | return false; | |
1815 | } | |
1816 | else if (!successful) | |
1817 | { | |
1818 | /* If we were in the start state, assume we had a new socket. */ | |
1819 | if (old_state == m_start) | |
1820 | sm_ctxt->set_next_state (cd.get_call_stmt (), fd_sval, | |
1821 | m_new_unknown_socket); | |
1822 | } | |
1823 | ||
1824 | /* Passing NULL as the address will lead to failure. */ | |
1825 | if (successful) | |
1826 | if (address_sval->all_zeroes_p ()) | |
1827 | return false; | |
1828 | ||
1829 | return true; | |
1830 | } | |
1831 | ||
1832 | /* Update the model and fd state for an outcome of a call to "bind", | |
1833 | where SUCCESSFUL indicate which of the two outcomes. | |
1834 | Return true if the outcome is feasible, or false to reject it. */ | |
1835 | ||
1836 | bool | |
1837 | fd_state_machine::on_bind (const call_details &cd, | |
1838 | bool successful, | |
1839 | sm_context *sm_ctxt, | |
1840 | const extrinsic_state &ext_state) const | |
1841 | { | |
1842 | const gcall *stmt = cd.get_call_stmt (); | |
1843 | engine *eng = ext_state.get_engine (); | |
1844 | const supergraph *sg = eng->get_supergraph (); | |
1845 | const supernode *node = sg->get_supernode_for_stmt (stmt); | |
1846 | const svalue *fd_sval = cd.get_arg_svalue (0); | |
1847 | region_model *model = cd.get_model (); | |
1848 | state_t old_state = sm_ctxt->get_state (stmt, fd_sval); | |
1849 | ||
1850 | if (!check_for_new_socket_fd (cd, successful, sm_ctxt, | |
1851 | fd_sval, node, old_state, | |
1852 | EXPECTED_PHASE_CAN_BIND)) | |
1853 | return false; | |
1854 | ||
1855 | if (successful) | |
1856 | { | |
1857 | state_t next_state = NULL; | |
1858 | if (old_state == m_new_stream_socket) | |
1859 | next_state = m_bound_stream_socket; | |
1860 | else if (old_state == m_new_datagram_socket) | |
1861 | next_state = m_bound_datagram_socket; | |
1862 | else if (old_state == m_new_unknown_socket) | |
1863 | next_state = m_bound_unknown_socket; | |
45a75fd3 DM |
1864 | else if (old_state == m_start |
1865 | || old_state == m_constant_fd) | |
86a90006 DM |
1866 | next_state = m_bound_unknown_socket; |
1867 | else if (old_state == m_stop) | |
1868 | next_state = m_stop; | |
1869 | else | |
1870 | gcc_unreachable (); | |
1871 | sm_ctxt->set_next_state (cd.get_call_stmt (), fd_sval, next_state); | |
1872 | model->update_for_zero_return (cd, true); | |
1873 | } | |
1874 | else | |
1875 | { | |
1876 | /* Return -1; set errno. */ | |
1877 | model->update_for_int_cst_return (cd, -1, true); | |
1878 | model->set_errno (cd); | |
1879 | } | |
1880 | ||
1881 | return true; | |
1882 | } | |
1883 | ||
1884 | /* Update the model and fd state for an outcome of a call to "listen", | |
1885 | where SUCCESSFUL indicate which of the two outcomes. | |
1886 | Return true if the outcome is feasible, or false to reject it. */ | |
1887 | ||
1888 | bool | |
1889 | fd_state_machine::on_listen (const call_details &cd, | |
1890 | bool successful, | |
1891 | sm_context *sm_ctxt, | |
1892 | const extrinsic_state &ext_state) const | |
1893 | { | |
1894 | const gcall *stmt = cd.get_call_stmt (); | |
1895 | engine *eng = ext_state.get_engine (); | |
1896 | const supergraph *sg = eng->get_supergraph (); | |
1897 | const supernode *node = sg->get_supernode_for_stmt (cd.get_call_stmt ()); | |
1898 | const svalue *fd_sval = cd.get_arg_svalue (0); | |
1899 | region_model *model = cd.get_model (); | |
1900 | state_t old_state = sm_ctxt->get_state (stmt, fd_sval); | |
1901 | ||
1902 | /* We expect a stream socket that's had "bind" called on it. */ | |
1903 | if (!check_for_socket_fd (cd, successful, sm_ctxt, fd_sval, node, old_state)) | |
1904 | return false; | |
1905 | if (!(old_state == m_start | |
64fb291c | 1906 | || old_state == m_constant_fd |
86a90006 | 1907 | || old_state == m_stop |
d84dc419 | 1908 | || old_state == m_invalid |
86a90006 DM |
1909 | || old_state == m_bound_stream_socket |
1910 | || old_state == m_bound_unknown_socket | |
1911 | /* Assume it's OK to call "listen" more than once. */ | |
1912 | || old_state == m_listening_stream_socket)) | |
1913 | { | |
1914 | /* Complain about fncall on wrong type or in wrong phase. */ | |
1915 | tree diag_arg = sm_ctxt->get_diagnostic_tree (fd_sval); | |
1916 | if (is_stream_socket_fd_p (old_state)) | |
1917 | sm_ctxt->warn | |
1918 | (node, stmt, fd_sval, | |
1919 | make_unique<fd_phase_mismatch> (*this, diag_arg, | |
1920 | cd.get_fndecl_for_call (), | |
1921 | old_state, | |
1922 | EXPECTED_PHASE_CAN_LISTEN)); | |
1923 | else | |
1924 | sm_ctxt->warn | |
1925 | (node, stmt, fd_sval, | |
1926 | make_unique<fd_type_mismatch> (*this, diag_arg, | |
1927 | cd.get_fndecl_for_call (), | |
1928 | old_state, | |
1929 | EXPECTED_TYPE_STREAM_SOCKET)); | |
1930 | if (successful) | |
1931 | return false; | |
1932 | } | |
1933 | ||
1934 | if (successful) | |
1935 | { | |
1936 | model->update_for_zero_return (cd, true); | |
1937 | sm_ctxt->set_next_state (cd.get_call_stmt (), fd_sval, | |
1938 | m_listening_stream_socket); | |
1939 | } | |
1940 | else | |
1941 | { | |
1942 | /* Return -1; set errno. */ | |
1943 | model->update_for_int_cst_return (cd, -1, true); | |
1944 | model->set_errno (cd); | |
1945 | if (old_state == m_start) | |
1946 | sm_ctxt->set_next_state (cd.get_call_stmt (), fd_sval, | |
1947 | m_bound_stream_socket); | |
1948 | } | |
1949 | ||
1950 | return true; | |
1951 | } | |
1952 | ||
1953 | /* Update the model and fd state for an outcome of a call to "accept", | |
1954 | where SUCCESSFUL indicate which of the two outcomes. | |
1955 | Return true if the outcome is feasible, or false to reject it. */ | |
1956 | ||
1957 | bool | |
1958 | fd_state_machine::on_accept (const call_details &cd, | |
1959 | bool successful, | |
1960 | sm_context *sm_ctxt, | |
1961 | const extrinsic_state &ext_state) const | |
1962 | { | |
1963 | const gcall *stmt = cd.get_call_stmt (); | |
1964 | engine *eng = ext_state.get_engine (); | |
1965 | const supergraph *sg = eng->get_supergraph (); | |
1966 | const supernode *node = sg->get_supernode_for_stmt (stmt); | |
1967 | const svalue *fd_sval = cd.get_arg_svalue (0); | |
1968 | const svalue *address_sval = cd.get_arg_svalue (1); | |
1969 | const svalue *len_ptr_sval = cd.get_arg_svalue (2); | |
1970 | region_model *model = cd.get_model (); | |
1971 | state_t old_state = sm_ctxt->get_state (stmt, fd_sval); | |
1972 | ||
1973 | if (!address_sval->all_zeroes_p ()) | |
1974 | { | |
1975 | region_model_manager *mgr = model->get_manager (); | |
1976 | ||
1977 | /* We might have a union of various pointer types, rather than a | |
1978 | pointer type; cast to (void *) before dereferencing. */ | |
1979 | address_sval = mgr->get_or_create_cast (ptr_type_node, address_sval); | |
1980 | ||
1981 | const region *address_reg | |
1982 | = model->deref_rvalue (address_sval, cd.get_arg_tree (1), | |
1983 | cd.get_ctxt ()); | |
1984 | const region *len_reg | |
1985 | = model->deref_rvalue (len_ptr_sval, cd.get_arg_tree (2), | |
1986 | cd.get_ctxt ()); | |
1987 | const svalue *old_len_sval | |
1988 | = model->get_store_value (len_reg, cd.get_ctxt ()); | |
1989 | tree len_ptr = cd.get_arg_tree (2); | |
1990 | tree star_len_ptr = build2 (MEM_REF, TREE_TYPE (TREE_TYPE (len_ptr)), | |
1991 | len_ptr, | |
1992 | build_int_cst (TREE_TYPE (len_ptr), 0)); | |
1993 | old_len_sval = model->check_for_poison (old_len_sval, | |
1994 | star_len_ptr, | |
2fdc8546 | 1995 | len_reg, |
86a90006 DM |
1996 | cd.get_ctxt ()); |
1997 | if (successful) | |
1998 | { | |
1999 | conjured_purge p (model, cd.get_ctxt ()); | |
2000 | const region *old_sized_address_reg | |
2001 | = mgr->get_sized_region (address_reg, | |
2002 | NULL_TREE, | |
2003 | old_len_sval); | |
2004 | const svalue *new_addr_sval | |
2005 | = mgr->get_or_create_conjured_svalue (NULL_TREE, | |
2006 | stmt, | |
2007 | old_sized_address_reg, | |
2008 | p); | |
2009 | model->set_value (old_sized_address_reg, new_addr_sval, | |
2010 | cd.get_ctxt ()); | |
2011 | const svalue *new_addr_len | |
2012 | = mgr->get_or_create_conjured_svalue (NULL_TREE, | |
2013 | stmt, | |
2014 | len_reg, | |
2015 | p); | |
2016 | model->set_value (len_reg, new_addr_len, cd.get_ctxt ()); | |
2017 | } | |
2018 | } | |
2019 | ||
2020 | /* We expect a stream socket in the "listening" state. */ | |
2021 | if (!check_for_socket_fd (cd, successful, sm_ctxt, fd_sval, node, old_state)) | |
2022 | return false; | |
2023 | ||
64fb291c DM |
2024 | if (old_state == m_start || old_state == m_constant_fd) |
2025 | /* If we were in the start state (or a constant), assume we had the | |
2026 | expected state. */ | |
86a90006 DM |
2027 | sm_ctxt->set_next_state (cd.get_call_stmt (), fd_sval, |
2028 | m_listening_stream_socket); | |
2029 | else if (old_state == m_stop) | |
2030 | { | |
2031 | /* No further complaints. */ | |
2032 | } | |
2033 | else if (old_state != m_listening_stream_socket) | |
2034 | { | |
2035 | /* Complain about fncall on wrong type or in wrong phase. */ | |
2036 | tree diag_arg = sm_ctxt->get_diagnostic_tree (fd_sval); | |
2037 | if (is_stream_socket_fd_p (old_state)) | |
2038 | sm_ctxt->warn | |
2039 | (node, stmt, fd_sval, | |
2040 | make_unique<fd_phase_mismatch> (*this, diag_arg, | |
2041 | cd.get_fndecl_for_call (), | |
2042 | old_state, | |
2043 | EXPECTED_PHASE_CAN_ACCEPT)); | |
2044 | else | |
2045 | sm_ctxt->warn | |
2046 | (node, stmt, fd_sval, | |
2047 | make_unique<fd_type_mismatch> (*this, diag_arg, | |
2048 | cd.get_fndecl_for_call (), | |
2049 | old_state, | |
2050 | EXPECTED_TYPE_STREAM_SOCKET)); | |
2051 | if (successful) | |
2052 | return false; | |
2053 | } | |
2054 | ||
2055 | if (successful) | |
2056 | { | |
2057 | /* Return new conjured FD in "connected" state. */ | |
2058 | if (gimple_call_lhs (stmt)) | |
2059 | { | |
2060 | conjured_purge p (model, cd.get_ctxt ()); | |
2061 | region_model_manager *mgr = model->get_manager (); | |
2062 | const svalue *new_fd | |
2063 | = mgr->get_or_create_conjured_svalue (integer_type_node, | |
2064 | stmt, | |
2065 | cd.get_lhs_region (), | |
2066 | p); | |
2067 | if (!add_constraint_ge_zero (model, new_fd, cd.get_ctxt ())) | |
2068 | return false; | |
2069 | sm_ctxt->on_transition (node, stmt, new_fd, | |
2070 | m_start, m_connected_stream_socket); | |
2071 | model->set_value (cd.get_lhs_region (), new_fd, cd.get_ctxt ()); | |
2072 | } | |
2073 | else | |
2074 | sm_ctxt->warn (node, stmt, NULL_TREE, | |
2075 | make_unique<fd_leak> (*this, NULL_TREE)); | |
2076 | } | |
2077 | else | |
2078 | { | |
2079 | /* Return -1; set errno. */ | |
2080 | model->update_for_int_cst_return (cd, -1, true); | |
2081 | model->set_errno (cd); | |
2082 | } | |
2083 | ||
2084 | return true; | |
2085 | } | |
2086 | ||
2087 | /* Update the model and fd state for an outcome of a call to "connect", | |
2088 | where SUCCESSFUL indicate which of the two outcomes. | |
2089 | Return true if the outcome is feasible, or false to reject it. */ | |
2090 | ||
2091 | bool | |
2092 | fd_state_machine::on_connect (const call_details &cd, | |
2093 | bool successful, | |
2094 | sm_context *sm_ctxt, | |
2095 | const extrinsic_state &ext_state) const | |
2096 | { | |
2097 | const gcall *stmt = cd.get_call_stmt (); | |
2098 | engine *eng = ext_state.get_engine (); | |
2099 | const supergraph *sg = eng->get_supergraph (); | |
2100 | const supernode *node = sg->get_supernode_for_stmt (stmt); | |
2101 | const svalue *fd_sval = cd.get_arg_svalue (0); | |
2102 | region_model *model = cd.get_model (); | |
2103 | state_t old_state = sm_ctxt->get_state (stmt, fd_sval); | |
2104 | ||
2105 | if (!check_for_new_socket_fd (cd, successful, sm_ctxt, | |
2106 | fd_sval, node, old_state, | |
2107 | EXPECTED_PHASE_CAN_CONNECT)) | |
2108 | return false; | |
2109 | ||
2110 | if (successful) | |
2111 | { | |
2112 | model->update_for_zero_return (cd, true); | |
2113 | state_t next_state = NULL; | |
2114 | if (old_state == m_new_stream_socket) | |
2115 | next_state = m_connected_stream_socket; | |
2116 | else if (old_state == m_new_datagram_socket) | |
2117 | /* It's legal to call connect on a datagram socket, potentially | |
2118 | more than once. We don't transition states for this. */ | |
2119 | next_state = m_new_datagram_socket; | |
2120 | else if (old_state == m_new_unknown_socket) | |
2121 | next_state = m_stop; | |
45a75fd3 DM |
2122 | else if (old_state == m_start |
2123 | || old_state == m_constant_fd) | |
86a90006 DM |
2124 | next_state = m_stop; |
2125 | else if (old_state == m_stop) | |
2126 | next_state = m_stop; | |
2127 | else | |
2128 | gcc_unreachable (); | |
2129 | sm_ctxt->set_next_state (cd.get_call_stmt (), fd_sval, next_state); | |
2130 | } | |
2131 | else | |
2132 | { | |
2133 | /* Return -1; set errno. */ | |
2134 | model->update_for_int_cst_return (cd, -1, true); | |
2135 | model->set_errno (cd); | |
2136 | /* TODO: perhaps transition to a failed state, since the | |
2137 | portable way to handle a failed "connect" is to close | |
2138 | the socket and try again with a new socket. */ | |
2139 | } | |
2140 | ||
2141 | return true; | |
2142 | } | |
2143 | ||
9365b2bf ML |
2144 | void |
2145 | fd_state_machine::on_condition (sm_context *sm_ctxt, const supernode *node, | |
2146 | const gimple *stmt, const svalue *lhs, | |
2147 | enum tree_code op, const svalue *rhs) const | |
2148 | { | |
2149 | if (tree cst = rhs->maybe_get_constant ()) | |
2150 | { | |
2151 | if (TREE_CODE (cst) == INTEGER_CST) | |
2152 | { | |
2153 | int val = TREE_INT_CST_LOW (cst); | |
2154 | if (val == -1) | |
2155 | { | |
2156 | if (op == NE_EXPR) | |
2157 | make_valid_transitions_on_condition (sm_ctxt, node, stmt, lhs); | |
2158 | ||
2159 | else if (op == EQ_EXPR) | |
2160 | make_invalid_transitions_on_condition (sm_ctxt, node, stmt, | |
2161 | lhs); | |
2162 | } | |
2163 | } | |
2164 | } | |
2165 | ||
2166 | if (rhs->all_zeroes_p ()) | |
2167 | { | |
2168 | if (op == GE_EXPR) | |
2169 | make_valid_transitions_on_condition (sm_ctxt, node, stmt, lhs); | |
2170 | else if (op == LT_EXPR) | |
2171 | make_invalid_transitions_on_condition (sm_ctxt, node, stmt, lhs); | |
2172 | } | |
2173 | } | |
2174 | ||
2175 | void | |
2176 | fd_state_machine::make_valid_transitions_on_condition (sm_context *sm_ctxt, | |
2177 | const supernode *node, | |
2178 | const gimple *stmt, | |
2179 | const svalue *lhs) const | |
2180 | { | |
2181 | sm_ctxt->on_transition (node, stmt, lhs, m_unchecked_read_write, | |
2182 | m_valid_read_write); | |
2183 | sm_ctxt->on_transition (node, stmt, lhs, m_unchecked_read_only, | |
2184 | m_valid_read_only); | |
2185 | sm_ctxt->on_transition (node, stmt, lhs, m_unchecked_write_only, | |
2186 | m_valid_write_only); | |
2187 | } | |
2188 | ||
2189 | void | |
2190 | fd_state_machine::make_invalid_transitions_on_condition ( | |
2191 | sm_context *sm_ctxt, const supernode *node, const gimple *stmt, | |
2192 | const svalue *lhs) const | |
2193 | { | |
2194 | sm_ctxt->on_transition (node, stmt, lhs, m_unchecked_read_write, m_invalid); | |
2195 | sm_ctxt->on_transition (node, stmt, lhs, m_unchecked_read_only, m_invalid); | |
2196 | sm_ctxt->on_transition (node, stmt, lhs, m_unchecked_write_only, m_invalid); | |
2197 | } | |
2198 | ||
2199 | bool | |
2200 | fd_state_machine::can_purge_p (state_t s) const | |
2201 | { | |
86a90006 DM |
2202 | if (is_unchecked_fd_p (s) |
2203 | || is_valid_fd_p (s) | |
2204 | || is_socket_fd_p (s)) | |
9365b2bf ML |
2205 | return false; |
2206 | else | |
2207 | return true; | |
2208 | } | |
2209 | ||
6341f14e | 2210 | std::unique_ptr<pending_diagnostic> |
9365b2bf ML |
2211 | fd_state_machine::on_leak (tree var) const |
2212 | { | |
6341f14e | 2213 | return make_unique<fd_leak> (*this, var); |
9365b2bf ML |
2214 | } |
2215 | } // namespace | |
2216 | ||
2217 | state_machine * | |
2218 | make_fd_state_machine (logger *logger) | |
2219 | { | |
2220 | return new fd_state_machine (logger); | |
2221 | } | |
792f039f | 2222 | |
86a90006 DM |
2223 | static bool |
2224 | get_fd_state (region_model_context *ctxt, | |
2225 | sm_state_map **out_smap, | |
2226 | const fd_state_machine **out_sm, | |
2227 | unsigned *out_sm_idx, | |
2228 | std::unique_ptr<sm_context> *out_sm_context) | |
2229 | { | |
2230 | if (!ctxt) | |
2231 | return false; | |
2232 | ||
2233 | const state_machine *sm; | |
2234 | if (!ctxt->get_fd_map (out_smap, &sm, out_sm_idx, out_sm_context)) | |
2235 | return false; | |
2236 | ||
2237 | gcc_assert (sm); | |
2238 | ||
2239 | *out_sm = (const fd_state_machine *)sm; | |
2240 | return true; | |
2241 | } | |
2242 | ||
792f039f | 2243 | /* Specialcase hook for handling pipe, for use by |
1c4a7881 | 2244 | kf_pipe::success::update_model. */ |
792f039f DM |
2245 | |
2246 | void | |
2247 | region_model::mark_as_valid_fd (const svalue *sval, region_model_context *ctxt) | |
2248 | { | |
86a90006 DM |
2249 | sm_state_map *smap; |
2250 | const fd_state_machine *fd_sm; | |
2251 | if (!get_fd_state (ctxt, &smap, &fd_sm, NULL, NULL)) | |
792f039f DM |
2252 | return; |
2253 | const extrinsic_state *ext_state = ctxt->get_ext_state (); | |
2254 | if (!ext_state) | |
2255 | return; | |
86a90006 DM |
2256 | fd_sm->mark_as_valid_fd (this, smap, sval, *ext_state); |
2257 | } | |
792f039f | 2258 | |
50d5b240 DM |
2259 | /* Handle calls to "socket". |
2260 | See e.g. https://man7.org/linux/man-pages/man3/socket.3p.html */ | |
2261 | ||
2262 | class kf_socket : public known_function | |
2263 | { | |
2264 | public: | |
2265 | class outcome_of_socket : public succeed_or_fail_call_info | |
2266 | { | |
2267 | public: | |
2268 | outcome_of_socket (const call_details &cd, bool success) | |
2269 | : succeed_or_fail_call_info (cd, success) | |
2270 | {} | |
2271 | ||
2272 | bool update_model (region_model *model, | |
2273 | const exploded_edge *, | |
2274 | region_model_context *ctxt) const final override | |
2275 | { | |
2276 | const call_details cd (get_call_details (model, ctxt)); | |
5d2908b7 DM |
2277 | sm_state_map *smap; |
2278 | const fd_state_machine *fd_sm; | |
2279 | std::unique_ptr<sm_context> sm_ctxt; | |
2280 | if (!get_fd_state (ctxt, &smap, &fd_sm, NULL, &sm_ctxt)) | |
73da34a5 DM |
2281 | { |
2282 | cd.set_any_lhs_with_defaults (); | |
2283 | return true; | |
2284 | } | |
5d2908b7 DM |
2285 | const extrinsic_state *ext_state = ctxt->get_ext_state (); |
2286 | if (!ext_state) | |
73da34a5 DM |
2287 | { |
2288 | cd.set_any_lhs_with_defaults (); | |
2289 | return true; | |
2290 | } | |
5d2908b7 DM |
2291 | |
2292 | return fd_sm->on_socket (cd, m_success, sm_ctxt.get (), *ext_state); | |
50d5b240 DM |
2293 | } |
2294 | }; | |
2295 | ||
2296 | bool matches_call_types_p (const call_details &cd) const final override | |
2297 | { | |
2298 | return cd.num_args () == 3; | |
2299 | } | |
2300 | ||
2301 | void impl_call_post (const call_details &cd) const final override | |
2302 | { | |
2303 | if (cd.get_ctxt ()) | |
2304 | { | |
2305 | cd.get_ctxt ()->bifurcate (make_unique<outcome_of_socket> (cd, false)); | |
2306 | cd.get_ctxt ()->bifurcate (make_unique<outcome_of_socket> (cd, true)); | |
2307 | cd.get_ctxt ()->terminate_path (); | |
2308 | } | |
2309 | } | |
2310 | }; | |
2311 | ||
50d5b240 DM |
2312 | /* Handle calls to "bind". |
2313 | See e.g. https://man7.org/linux/man-pages/man3/bind.3p.html */ | |
2314 | ||
2315 | class kf_bind : public known_function | |
2316 | { | |
2317 | public: | |
2318 | class outcome_of_bind : public succeed_or_fail_call_info | |
2319 | { | |
2320 | public: | |
2321 | outcome_of_bind (const call_details &cd, bool success) | |
2322 | : succeed_or_fail_call_info (cd, success) | |
2323 | {} | |
2324 | ||
2325 | bool update_model (region_model *model, | |
2326 | const exploded_edge *, | |
2327 | region_model_context *ctxt) const final override | |
2328 | { | |
2329 | const call_details cd (get_call_details (model, ctxt)); | |
5d2908b7 DM |
2330 | sm_state_map *smap; |
2331 | const fd_state_machine *fd_sm; | |
2332 | std::unique_ptr<sm_context> sm_ctxt; | |
2333 | if (!get_fd_state (ctxt, &smap, &fd_sm, NULL, &sm_ctxt)) | |
73da34a5 DM |
2334 | { |
2335 | cd.set_any_lhs_with_defaults (); | |
2336 | return true; | |
2337 | } | |
5d2908b7 DM |
2338 | const extrinsic_state *ext_state = ctxt->get_ext_state (); |
2339 | if (!ext_state) | |
73da34a5 DM |
2340 | { |
2341 | cd.set_any_lhs_with_defaults (); | |
2342 | return true; | |
2343 | } | |
5d2908b7 | 2344 | return fd_sm->on_bind (cd, m_success, sm_ctxt.get (), *ext_state); |
50d5b240 DM |
2345 | } |
2346 | }; | |
2347 | ||
2348 | bool matches_call_types_p (const call_details &cd) const final override | |
2349 | { | |
2350 | return (cd.num_args () == 3 && cd.arg_is_pointer_p (1)); | |
2351 | } | |
2352 | ||
2353 | void impl_call_post (const call_details &cd) const final override | |
2354 | { | |
2355 | if (cd.get_ctxt ()) | |
2356 | { | |
2357 | cd.get_ctxt ()->bifurcate (make_unique<outcome_of_bind> (cd, false)); | |
2358 | cd.get_ctxt ()->bifurcate (make_unique<outcome_of_bind> (cd, true)); | |
2359 | cd.get_ctxt ()->terminate_path (); | |
2360 | } | |
2361 | } | |
2362 | }; | |
2363 | ||
50d5b240 DM |
2364 | /* Handle calls to "listen". |
2365 | See e.g. https://man7.org/linux/man-pages/man3/listen.3p.html */ | |
2366 | ||
2367 | class kf_listen : public known_function | |
2368 | { | |
2369 | class outcome_of_listen : public succeed_or_fail_call_info | |
2370 | { | |
2371 | public: | |
2372 | outcome_of_listen (const call_details &cd, bool success) | |
2373 | : succeed_or_fail_call_info (cd, success) | |
2374 | {} | |
2375 | ||
2376 | bool update_model (region_model *model, | |
2377 | const exploded_edge *, | |
2378 | region_model_context *ctxt) const final override | |
2379 | { | |
2380 | const call_details cd (get_call_details (model, ctxt)); | |
5d2908b7 DM |
2381 | sm_state_map *smap; |
2382 | const fd_state_machine *fd_sm; | |
2383 | std::unique_ptr<sm_context> sm_ctxt; | |
2384 | if (!get_fd_state (ctxt, &smap, &fd_sm, NULL, &sm_ctxt)) | |
73da34a5 DM |
2385 | { |
2386 | cd.set_any_lhs_with_defaults (); | |
2387 | return true; | |
2388 | } | |
5d2908b7 DM |
2389 | const extrinsic_state *ext_state = ctxt->get_ext_state (); |
2390 | if (!ext_state) | |
73da34a5 DM |
2391 | { |
2392 | cd.set_any_lhs_with_defaults (); | |
2393 | return true; | |
2394 | } | |
5d2908b7 DM |
2395 | |
2396 | return fd_sm->on_listen (cd, m_success, sm_ctxt.get (), *ext_state); | |
50d5b240 DM |
2397 | } |
2398 | }; | |
2399 | ||
2400 | bool matches_call_types_p (const call_details &cd) const final override | |
2401 | { | |
2402 | return cd.num_args () == 2; | |
2403 | } | |
2404 | ||
2405 | void impl_call_post (const call_details &cd) const final override | |
2406 | { | |
2407 | if (cd.get_ctxt ()) | |
2408 | { | |
2409 | cd.get_ctxt ()->bifurcate (make_unique<outcome_of_listen> (cd, false)); | |
2410 | cd.get_ctxt ()->bifurcate (make_unique<outcome_of_listen> (cd, true)); | |
2411 | cd.get_ctxt ()->terminate_path (); | |
2412 | } | |
2413 | } | |
2414 | }; | |
2415 | ||
50d5b240 DM |
2416 | /* Handle calls to "accept". |
2417 | See e.g. https://man7.org/linux/man-pages/man3/accept.3p.html */ | |
2418 | ||
2419 | class kf_accept : public known_function | |
2420 | { | |
2421 | class outcome_of_accept : public succeed_or_fail_call_info | |
2422 | { | |
2423 | public: | |
2424 | outcome_of_accept (const call_details &cd, bool success) | |
2425 | : succeed_or_fail_call_info (cd, success) | |
2426 | {} | |
2427 | ||
2428 | bool update_model (region_model *model, | |
2429 | const exploded_edge *, | |
2430 | region_model_context *ctxt) const final override | |
2431 | { | |
2432 | const call_details cd (get_call_details (model, ctxt)); | |
5d2908b7 DM |
2433 | sm_state_map *smap; |
2434 | const fd_state_machine *fd_sm; | |
2435 | std::unique_ptr<sm_context> sm_ctxt; | |
2436 | if (!get_fd_state (ctxt, &smap, &fd_sm, NULL, &sm_ctxt)) | |
73da34a5 DM |
2437 | { |
2438 | cd.set_any_lhs_with_defaults (); | |
2439 | return true; | |
2440 | } | |
5d2908b7 DM |
2441 | const extrinsic_state *ext_state = ctxt->get_ext_state (); |
2442 | if (!ext_state) | |
73da34a5 DM |
2443 | { |
2444 | cd.set_any_lhs_with_defaults (); | |
2445 | return true; | |
2446 | } | |
5d2908b7 DM |
2447 | |
2448 | return fd_sm->on_accept (cd, m_success, sm_ctxt.get (), *ext_state); | |
50d5b240 DM |
2449 | } |
2450 | }; | |
2451 | ||
2452 | bool matches_call_types_p (const call_details &cd) const final override | |
2453 | { | |
2454 | return (cd.num_args () == 3 | |
2455 | && cd.arg_is_pointer_p (1) | |
2456 | && cd.arg_is_pointer_p (2)); | |
2457 | } | |
2458 | ||
2459 | void impl_call_post (const call_details &cd) const final override | |
2460 | { | |
2461 | if (cd.get_ctxt ()) | |
2462 | { | |
2463 | cd.get_ctxt ()->bifurcate (make_unique<outcome_of_accept> (cd, false)); | |
2464 | cd.get_ctxt ()->bifurcate (make_unique<outcome_of_accept> (cd, true)); | |
2465 | cd.get_ctxt ()->terminate_path (); | |
2466 | } | |
2467 | } | |
2468 | }; | |
2469 | ||
50d5b240 DM |
2470 | /* Handle calls to "connect". |
2471 | See e.g. https://man7.org/linux/man-pages/man3/connect.3p.html */ | |
2472 | ||
2473 | class kf_connect : public known_function | |
2474 | { | |
2475 | public: | |
2476 | class outcome_of_connect : public succeed_or_fail_call_info | |
2477 | { | |
2478 | public: | |
2479 | outcome_of_connect (const call_details &cd, bool success) | |
2480 | : succeed_or_fail_call_info (cd, success) | |
2481 | {} | |
2482 | ||
2483 | bool update_model (region_model *model, | |
2484 | const exploded_edge *, | |
2485 | region_model_context *ctxt) const final override | |
2486 | { | |
2487 | const call_details cd (get_call_details (model, ctxt)); | |
5d2908b7 DM |
2488 | sm_state_map *smap; |
2489 | const fd_state_machine *fd_sm; | |
2490 | std::unique_ptr<sm_context> sm_ctxt; | |
2491 | if (!get_fd_state (ctxt, &smap, &fd_sm, NULL, &sm_ctxt)) | |
73da34a5 DM |
2492 | { |
2493 | cd.set_any_lhs_with_defaults (); | |
2494 | return true; | |
2495 | } | |
5d2908b7 DM |
2496 | const extrinsic_state *ext_state = ctxt->get_ext_state (); |
2497 | if (!ext_state) | |
73da34a5 DM |
2498 | { |
2499 | cd.set_any_lhs_with_defaults (); | |
2500 | return true; | |
2501 | } | |
5d2908b7 DM |
2502 | |
2503 | return fd_sm->on_connect (cd, m_success, sm_ctxt.get (), *ext_state); | |
50d5b240 DM |
2504 | } |
2505 | }; | |
2506 | ||
2507 | bool matches_call_types_p (const call_details &cd) const final override | |
2508 | { | |
2509 | return (cd.num_args () == 3 | |
2510 | && cd.arg_is_pointer_p (1)); | |
2511 | } | |
2512 | ||
2513 | void impl_call_post (const call_details &cd) const final override | |
2514 | { | |
2515 | if (cd.get_ctxt ()) | |
2516 | { | |
2517 | cd.get_ctxt ()->bifurcate (make_unique<outcome_of_connect> (cd, false)); | |
2518 | cd.get_ctxt ()->bifurcate (make_unique<outcome_of_connect> (cd, true)); | |
2519 | cd.get_ctxt ()->terminate_path (); | |
2520 | } | |
2521 | } | |
2522 | }; | |
2523 | ||
78a17f44 DM |
2524 | /* Handler for "isatty"". |
2525 | See e.g. https://man7.org/linux/man-pages/man3/isatty.3.html */ | |
2526 | ||
2527 | class kf_isatty : public known_function | |
2528 | { | |
2529 | class outcome_of_isatty : public succeed_or_fail_call_info | |
2530 | { | |
2531 | public: | |
2532 | outcome_of_isatty (const call_details &cd, bool success) | |
2533 | : succeed_or_fail_call_info (cd, success) | |
2534 | {} | |
2535 | ||
2536 | bool update_model (region_model *model, | |
2537 | const exploded_edge *, | |
2538 | region_model_context *ctxt) const final override | |
2539 | { | |
2540 | const call_details cd (get_call_details (model, ctxt)); | |
2541 | ||
2542 | if (m_success) | |
2543 | { | |
2544 | /* Return 1. */ | |
2545 | model->update_for_int_cst_return (cd, 1, true); | |
2546 | } | |
2547 | else | |
2548 | { | |
2549 | /* Return 0; set errno. */ | |
2550 | model->update_for_int_cst_return (cd, 0, true); | |
2551 | model->set_errno (cd); | |
2552 | } | |
2553 | ||
2554 | return feasible_p (cd, ctxt); | |
2555 | } | |
2556 | ||
2557 | private: | |
2558 | bool feasible_p (const call_details &cd, | |
2559 | region_model_context *ctxt) const | |
2560 | { | |
2561 | if (m_success) | |
2562 | { | |
2563 | /* Can't be "success" on a closed/invalid fd. */ | |
2564 | sm_state_map *smap; | |
2565 | const fd_state_machine *fd_sm; | |
2566 | std::unique_ptr<sm_context> sm_ctxt; | |
2567 | if (!get_fd_state (ctxt, &smap, &fd_sm, NULL, &sm_ctxt)) | |
2568 | return true; | |
2569 | const extrinsic_state *ext_state = ctxt->get_ext_state (); | |
2570 | if (!ext_state) | |
2571 | return true; | |
2572 | ||
2573 | const svalue *fd_sval = cd.get_arg_svalue (0); | |
2574 | state_machine::state_t old_state | |
2575 | = sm_ctxt->get_state (cd.get_call_stmt (), fd_sval); | |
2576 | ||
2577 | if (fd_sm->is_closed_fd_p (old_state) | |
2578 | || old_state == fd_sm->m_invalid) | |
2579 | return false; | |
2580 | } | |
2581 | return true; | |
2582 | } | |
2583 | }; // class outcome_of_isatty | |
2584 | ||
2585 | public: | |
2586 | bool matches_call_types_p (const call_details &cd) const final override | |
2587 | { | |
2588 | return cd.num_args () == 1; | |
2589 | } | |
2590 | ||
2591 | void impl_call_post (const call_details &cd) const final override | |
2592 | { | |
2593 | if (cd.get_ctxt ()) | |
2594 | { | |
2595 | cd.get_ctxt ()->bifurcate (make_unique<outcome_of_isatty> (cd, false)); | |
2596 | cd.get_ctxt ()->bifurcate (make_unique<outcome_of_isatty> (cd, true)); | |
2597 | cd.get_ctxt ()->terminate_path (); | |
2598 | } | |
2599 | } | |
2600 | }; | |
2601 | ||
50d5b240 DM |
2602 | /* Handler for calls to "pipe" and "pipe2". |
2603 | See e.g. https://www.man7.org/linux/man-pages/man2/pipe.2.html */ | |
2604 | ||
2605 | class kf_pipe : public known_function | |
2606 | { | |
2607 | class failure : public failed_call_info | |
2608 | { | |
2609 | public: | |
2610 | failure (const call_details &cd) : failed_call_info (cd) {} | |
2611 | ||
2612 | bool update_model (region_model *model, | |
2613 | const exploded_edge *, | |
2614 | region_model_context *ctxt) const final override | |
2615 | { | |
2616 | /* Return -1; everything else is unchanged. */ | |
2617 | const call_details cd (get_call_details (model, ctxt)); | |
2618 | model->update_for_int_cst_return (cd, -1, true); | |
2619 | return true; | |
2620 | } | |
2621 | }; | |
2622 | ||
2623 | class success : public success_call_info | |
2624 | { | |
2625 | public: | |
2626 | success (const call_details &cd) : success_call_info (cd) {} | |
2627 | ||
2628 | bool update_model (region_model *model, | |
2629 | const exploded_edge *, | |
2630 | region_model_context *ctxt) const final override | |
2631 | { | |
2632 | const call_details cd (get_call_details (model, ctxt)); | |
2633 | ||
2634 | /* Return 0. */ | |
2635 | model->update_for_zero_return (cd, true); | |
2636 | ||
2637 | /* Update fd array. */ | |
2638 | region_model_manager *mgr = cd.get_manager (); | |
2639 | tree arr_tree = cd.get_arg_tree (0); | |
2640 | const svalue *arr_sval = cd.get_arg_svalue (0); | |
2641 | for (int idx = 0; idx < 2; idx++) | |
2642 | { | |
2643 | const region *arr_reg | |
2644 | = model->deref_rvalue (arr_sval, arr_tree, cd.get_ctxt ()); | |
2645 | const svalue *idx_sval | |
2646 | = mgr->get_or_create_int_cst (integer_type_node, idx); | |
2647 | const region *element_reg | |
2648 | = mgr->get_element_region (arr_reg, integer_type_node, idx_sval); | |
2649 | conjured_purge p (model, cd.get_ctxt ()); | |
2650 | const svalue *fd_sval | |
2651 | = mgr->get_or_create_conjured_svalue (integer_type_node, | |
2652 | cd.get_call_stmt (), | |
2653 | element_reg, | |
2654 | p); | |
2655 | model->set_value (element_reg, fd_sval, cd.get_ctxt ()); | |
2656 | model->mark_as_valid_fd (fd_sval, cd.get_ctxt ()); | |
2657 | } | |
2658 | return true; | |
2659 | } | |
2660 | }; | |
2661 | ||
2662 | public: | |
2663 | kf_pipe (unsigned num_args) | |
2664 | : m_num_args (num_args) | |
2665 | { | |
2666 | gcc_assert (num_args > 0); | |
2667 | } | |
2668 | ||
2669 | bool matches_call_types_p (const call_details &cd) const final override | |
2670 | { | |
2671 | return (cd.num_args () == m_num_args && cd.arg_is_pointer_p (0)); | |
2672 | } | |
2673 | ||
2674 | void impl_call_post (const call_details &cd) const final override | |
2675 | { | |
2676 | if (cd.get_ctxt ()) | |
2677 | { | |
2678 | cd.get_ctxt ()->bifurcate (make_unique<failure> (cd)); | |
2679 | cd.get_ctxt ()->bifurcate (make_unique<success> (cd)); | |
2680 | cd.get_ctxt ()->terminate_path (); | |
2681 | } | |
2682 | } | |
2683 | ||
2684 | private: | |
2685 | unsigned m_num_args; | |
2686 | }; | |
2687 | ||
c300e251 DM |
2688 | /* Handler for "read". |
2689 | ssize_t read(int fildes, void *buf, size_t nbyte); | |
2690 | See e.g. https://man7.org/linux/man-pages/man2/read.2.html */ | |
2691 | ||
2692 | class kf_read : public known_function | |
2693 | { | |
2694 | public: | |
2695 | bool matches_call_types_p (const call_details &cd) const final override | |
2696 | { | |
2697 | return (cd.num_args () == 3 | |
2698 | && cd.arg_is_pointer_p (1) | |
2699 | && cd.arg_is_size_p (2)); | |
2700 | } | |
2701 | ||
2702 | /* For now, assume that any call to "read" fully clobbers the buffer | |
2703 | passed in. This isn't quite correct (e.g. errors, partial reads; | |
2704 | see PR analyzer/108689), but at least stops us falsely complaining | |
2705 | about the buffer being uninitialized. */ | |
2706 | void impl_call_pre (const call_details &cd) const final override | |
2707 | { | |
2708 | region_model *model = cd.get_model (); | |
2709 | const svalue *ptr_sval = cd.get_arg_svalue (1); | |
2710 | if (const region *reg = ptr_sval->maybe_get_region ()) | |
2711 | { | |
2712 | const region *base_reg = reg->get_base_region (); | |
2713 | const svalue *new_sval = cd.get_or_create_conjured_svalue (base_reg); | |
2714 | model->set_value (base_reg, new_sval, cd.get_ctxt ()); | |
2715 | } | |
73da34a5 | 2716 | cd.set_any_lhs_with_defaults (); |
c300e251 DM |
2717 | } |
2718 | }; | |
2719 | ||
2720 | ||
50d5b240 DM |
2721 | /* Populate KFM with instances of known functions relating to |
2722 | file descriptors. */ | |
2723 | ||
2724 | void | |
2725 | register_known_fd_functions (known_function_manager &kfm) | |
2726 | { | |
2727 | kfm.add ("accept", make_unique<kf_accept> ()); | |
2728 | kfm.add ("bind", make_unique<kf_bind> ()); | |
2729 | kfm.add ("connect", make_unique<kf_connect> ()); | |
78a17f44 | 2730 | kfm.add ("isatty", make_unique<kf_isatty> ()); |
50d5b240 DM |
2731 | kfm.add ("listen", make_unique<kf_listen> ()); |
2732 | kfm.add ("pipe", make_unique<kf_pipe> (1)); | |
2733 | kfm.add ("pipe2", make_unique<kf_pipe> (2)); | |
c300e251 | 2734 | kfm.add ("read", make_unique<kf_read> ()); |
50d5b240 DM |
2735 | kfm.add ("socket", make_unique<kf_socket> ()); |
2736 | } | |
2737 | ||
9365b2bf ML |
2738 | } // namespace ana |
2739 | ||
2740 | #endif // ENABLE_ANALYZER |