git.ipfire.org Git - people/ms/gcc.git/commit

author	David Malcolm <dmalcolm@redhat.com>
	Fri, 3 Mar 2023 22:59:21 +0000 (17:59 -0500)
committer	David Malcolm <dmalcolm@redhat.com>
	Fri, 3 Mar 2023 22:59:21 +0000 (17:59 -0500)
commit	56572a08ec4a0fc1a7802d3737cd7f7cc9089c4b
tree	eab4594d22b277acd4d3b265e32935ab231d9ba7	tree \| snapshot
parent	d3ef73867e3f70a343ad5aa4e00b270be85fa572	commit \| diff

analyzer: provide placeholder implementation of sprintf

Previously, the analyzer lacked a known_function implementation of
sprintf, and thus would handle calls to sprintf with the "anything could
happen" fallback.

Whilst working on PR analyzer/107565 I noticed that this was preventing
a lot of genuine memory leaks from being reported for Doom; fixing
thusly.

Integration testing of the effect of the patch shows a big increase in
true positives due to the case mentioned in Doom, and one new false
positive (in pcre2), which I'm tracking as PR analyzer/109014.

Comparison:
  GOOD:  67 -> 123 (+56); 10.91% -> 18.33%
   BAD: 547 -> 548 (+1)

where the affected warnings/projects are:

  -Wanalyzer-malloc-leak:
    GOOD:  0 -> 56 (+56);  0.00% -> 41.48%
     BAD: 79
      True positives: 0 -> 56 (+56)
        (all in Doom)

  -Wanalyzer-use-of-uninitialized-value:
    GOOD: 0;  0.00%
     BAD: 80 -> 81 (+1)
      False positives:
        pcre2-10.42: 0 -> 1 (+1)

gcc/analyzer/ChangeLog:
* kf.cc (class kf_sprintf): New.
(register_known_functions): Register it.

gcc/testsuite/ChangeLog:
* gcc.dg/analyzer/doom-d_main-IdentifyVersion.c: New test.
* gcc.dg/analyzer/sprintf-1.c: New test.
* gcc.dg/analyzer/sprintf-concat.c: New test.

Signed-off-by: David Malcolm <dmalcolm@redhat.com>

gcc/analyzer/kf.cc		diff \| blob \| blame \| history
gcc/testsuite/gcc.dg/analyzer/doom-d_main-IdentifyVersion.c	[new file with mode: 0644]	blob
gcc/testsuite/gcc.dg/analyzer/sprintf-1.c	[new file with mode: 0644]	blob
gcc/testsuite/gcc.dg/analyzer/sprintf-concat.c	[new file with mode: 0644]	blob