gcc/analyzer/sm.cc

   1 /* Modeling API uses and misuses via state machines.
   2    Copyright (C) 2019-2022 Free Software Foundation, Inc.
   3    Contributed by David Malcolm <dmalcolm@redhat.com>.
   4
   5 This file is part of GCC.
   6
   7 GCC is free software; you can redistribute it and/or modify it
   8 under the terms of the GNU General Public License as published by
   9 the Free Software Foundation; either version 3, or (at your option)
  10 any later version.
  11
  12 GCC is distributed in the hope that it will be useful, but
  13 WITHOUT ANY WARRANTY; without even the implied warranty of
  14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  15 General Public License for more details.
  16
  17 You should have received a copy of the GNU General Public License
  18 along with GCC; see the file COPYING3.  If not see
  19 <http://www.gnu.org/licenses/>.  */
  20
  21 #include "config.h"
  22 #include "system.h"
  23 #include "coretypes.h"
  24 #include "tree.h"
  25 #include "function.h"
  26 #include "basic-block.h"
  27 #include "gimple.h"
  28 #include "options.h"
  29 #include "function.h"
  30 #include "diagnostic-core.h"
  31 #include "pretty-print.h"
  32 #include "diagnostic.h"
  33 #include "tree-diagnostic.h"
  34 #include "json.h"
  35 #include "analyzer/analyzer.h"
  36 #include "analyzer/analyzer-logging.h"
  37 #include "analyzer/sm.h"
  38 #include "tristate.h"
  39 #include "analyzer/call-string.h"
  40 #include "analyzer/program-point.h"
  41 #include "analyzer/store.h"
  42 #include "analyzer/svalue.h"
  43
  44 #if ENABLE_ANALYZER
  45
  46 namespace ana {
  47
  48 /* Return true if VAR has pointer or reference type.  */
  49
  50 bool
  51 any_pointer_p (tree var)
  52 {
  53   return POINTER_TYPE_P (TREE_TYPE (var));
  54 }
  55
  56 /* Return true if SVAL has pointer or reference type.  */
  57
  58 bool
  59 any_pointer_p (const svalue *sval)
  60 {
  61   if (!sval->get_type ())
  62     return false;
  63   return POINTER_TYPE_P (sval->get_type ());
  64 }
  65
  66 /* class state_machine::state.  */
  67
  68 /* Base implementation of dump_to_pp vfunc.  */
  69
  70 void
  71 state_machine::state::dump_to_pp (pretty_printer *pp) const
  72 {
  73   pp_string (pp, m_name);
  74 }
  75
  76 /* Return a new json::string describing the state.  */
  77
  78 json::value *
  79 state_machine::state::to_json () const
  80 {
  81   pretty_printer pp;
  82   pp_format_decoder (&pp) = default_tree_printer;
  83   dump_to_pp (&pp);
  84   return new json::string (pp_formatted_text (&pp));
  85 }
  86
  87 /* class state_machine.  */
  88
  89 /* state_machine's ctor.  */
  90
  91 state_machine::state_machine (const char *name, logger *logger)
  92 : log_user (logger), m_name (name), m_next_state_id (0),
  93   m_start (add_state ("start"))
  94 {
  95 }
  96
  97 /* Add a state with name NAME to this state_machine.
  98    The string is required to outlive the state_machine.
  99
 100    Return the state_t for the new state.  */
 101
 102 state_machine::state_t
 103 state_machine::add_state (const char *name)
 104 {
 105   state *s = new state (name, alloc_state_id ());
 106   m_states.safe_push (s);
 107   return s;
 108 }
 109
 110 /* Get the state with name NAME, which must exist.
 111    This is purely intended for use in selftests.  */
 112
 113 state_machine::state_t
 114 state_machine::get_state_by_name (const char *name) const
 115 {
 116   unsigned i;
 117   state *s;
 118   FOR_EACH_VEC_ELT (m_states, i, s)
 119     if (!strcmp (name, s->get_name ()))
 120       return s;
 121   /* Name not found.  */
 122   gcc_unreachable ();
 123 }
 124
 125 /* Dump a multiline representation of this state machine to PP.  */
 126
 127 void
 128 state_machine::dump_to_pp (pretty_printer *pp) const
 129 {
 130   unsigned i;
 131   state *s;
 132   FOR_EACH_VEC_ELT (m_states, i, s)
 133     {
 134       pp_printf (pp, "  state %i: ", i);
 135       s->dump_to_pp (pp);
 136       pp_newline (pp);
 137     }
 138 }
 139
 140 /* Return a new json::object of the form
 141    {"name" : str,
 142     "states" : [str]}.  */
 143
 144 json::object *
 145 state_machine::to_json () const
 146 {
 147   json::object *sm_obj = new json::object ();
 148
 149   sm_obj->set ("name", new json::string (m_name));
 150   {
 151     json::array *states_arr = new json::array ();
 152     unsigned i;
 153     state *s;
 154     FOR_EACH_VEC_ELT (m_states, i, s)
 155       states_arr->append (s->to_json ());
 156     sm_obj->set ("states", states_arr);
 157   }
 158
 159   return sm_obj;
 160 }
 161
 162 /* Create instances of the various state machines, each using LOGGER,
 163    and populate OUT with them.  */
 164
 165 void
 166 make_checkers (auto_delete_vec <state_machine> &out, logger *logger)
 167 {
 168   out.safe_push (make_malloc_state_machine (logger));
 169   out.safe_push (make_fileptr_state_machine (logger));
 170   /* The "taint" checker must be explicitly enabled (as it currently
 171      leads to state explosions that stop the other checkers working).  */
 172   if (flag_analyzer_checker)
 173     out.safe_push (make_taint_state_machine (logger));
 174   out.safe_push (make_sensitive_state_machine (logger));
 175   out.safe_push (make_signal_state_machine (logger));
 176
 177   /* We only attempt to run the pattern tests if it might have been manually
 178      enabled (for DejaGnu purposes).  */
 179   if (flag_analyzer_checker)
 180     out.safe_push (make_pattern_test_state_machine (logger));
 181
 182   if (flag_analyzer_checker)
 183     {
 184       unsigned read_index, write_index;
 185       state_machine **sm;
 186
 187       /* TODO: this leaks the machines
 188          Would be nice to log the things that were removed.  */
 189       VEC_ORDERED_REMOVE_IF (out, read_index, write_index, sm,
 190                              0 != strcmp (flag_analyzer_checker,
 191                                           (*sm)->get_name ()));
 192     }
 193 }
 194
 195 } // namespace ana
 196
 197 #endif /* #if ENABLE_ANALYZER */