-/* An experimental state machine, for tracking "taint": unsanitized uses
+/* A state machine for tracking "taint": unsanitized uses
of data potentially under an attacker's control.
Copyright (C) 2019-2023 Free Software Foundation, Inc.
out.safe_push (make_malloc_state_machine (logger));
out.safe_push (make_fileptr_state_machine (logger));
out.safe_push (make_fd_state_machine (logger));
- /* The "taint" checker must be explicitly enabled (as it currently
- leads to state explosions that stop the other checkers working). */
- if (flag_analyzer_checker)
- out.safe_push (make_taint_state_machine (logger));
+ out.safe_push (make_taint_state_machine (logger));
out.safe_push (make_sensitive_state_machine (logger));
out.safe_push (make_signal_state_machine (logger));
out.safe_push (make_va_list_state_machine (logger));
-Wanalyzer-shift-count-negative
-Wanalyzer-shift-count-overflow
-Wanalyzer-stale-setjmp-buffer
+-Wanalyzer-tainted-allocation-size
+-Wanalyzer-tainted-array-index
+-Wanalyzer-tainted-assertion
+-Wanalyzer-tainted-divisor
+-Wanalyzer-tainted-offset
+-Wanalyzer-tainted-size
-Wanalyzer-unsafe-call-within-signal-handler
-Wanalyzer-use-after-free
-Wanalyzer-use-of-pointer-in-stale-stack-frame
-Wanalyzer-write-to-const
-Wanalyzer-write-to-string-literal
}
-@ignore
--Wanalyzer-tainted-allocation-size
--Wanalyzer-tainted-array-index
--Wanalyzer-tainted-divisor
--Wanalyzer-tainted-offset
--Wanalyzer-tainted-size
-@end ignore
This option is only available if GCC was configured with analyzer
support enabled.
@opindex Wanalyzer-tainted-allocation-size
@opindex Wno-analyzer-tainted-allocation-size
@item -Wno-analyzer-tainted-allocation-size
-This warning requires both @option{-fanalyzer} and
-@option{-fanalyzer-checker=taint} to enable it;
+This warning requires @option{-fanalyzer} which enables it;
use @option{-Wno-analyzer-tainted-allocation-size} to disable it.
This diagnostic warns for paths through the code in which a value
@opindex Wno-analyzer-tainted-assertion
@item -Wno-analyzer-tainted-assertion
-This warning requires both @option{-fanalyzer} and
-@option{-fanalyzer-checker=taint} to enable it;
+This warning requires @option{-fanalyzer} which enables it;
use @option{-Wno-analyzer-tainted-assertion} to disable it.
This diagnostic warns for paths through the code in which a value
@opindex Wanalyzer-tainted-array-index
@opindex Wno-analyzer-tainted-array-index
@item -Wno-analyzer-tainted-array-index
-This warning requires both @option{-fanalyzer} and
-@option{-fanalyzer-checker=taint} to enable it;
+This warning requires @option{-fanalyzer} which enables it;
use @option{-Wno-analyzer-tainted-array-index} to disable it.
This diagnostic warns for paths through the code in which a value
@opindex Wanalyzer-tainted-divisor
@opindex Wno-analyzer-tainted-divisor
@item -Wno-analyzer-tainted-divisor
-This warning requires both @option{-fanalyzer} and
-@option{-fanalyzer-checker=taint} to enable it;
+This warning requires @option{-fanalyzer} which enables it;
use @option{-Wno-analyzer-tainted-divisor} to disable it.
This diagnostic warns for paths through the code in which a value
@opindex Wanalyzer-tainted-offset
@opindex Wno-analyzer-tainted-offset
@item -Wno-analyzer-tainted-offset
-This warning requires both @option{-fanalyzer} and
-@option{-fanalyzer-checker=taint} to enable it;
+This warning requires @option{-fanalyzer} which enables it;
use @option{-Wno-analyzer-tainted-offset} to disable it.
This diagnostic warns for paths through the code in which a value
@opindex Wanalyzer-tainted-size
@opindex Wno-analyzer-tainted-size
@item -Wno-analyzer-tainted-size
-This warning requires both @option{-fanalyzer} and
-@option{-fanalyzer-checker=taint} to enable it;
+This warning requires @option{-fanalyzer} which enables it;
use @option{-Wno-analyzer-tainted-size} to disable it.
This diagnostic warns for paths through the code in which a value
@item -fanalyzer-checker=@var{name}
Restrict the analyzer to run just the named checker, and enable it.
-Some checkers are disabled by default (even with @option{-fanalyzer}),
-such as the @code{taint} checker that implements
-@option{-Wanalyzer-tainted-array-index}, and this option is required
-to enable them.
-
-@emph{Note:} currently, @option{-fanalyzer-checker=taint} disables the
-following warnings from @option{-fanalyzer}:
-
-@gccoptlist{
--Wanalyzer-deref-before-check
--Wanalyzer-double-fclose
--Wanalyzer-double-free
--Wanalyzer-exposure-through-output-file
--Wanalyzer-fd-access-mode-mismatch
--Wanalyzer-fd-double-close
--Wanalyzer-fd-leak
--Wanalyzer-fd-use-after-close
--Wanalyzer-fd-use-without-check
--Wanalyzer-file-leak
--Wanalyzer-free-of-non-heap
--Wanalyzer-malloc-leak
--Wanalyzer-mismatching-deallocation
--Wanalyzer-null-argument
--Wanalyzer-null-dereference
--Wanalyzer-possible-null-argument
--Wanalyzer-possible-null-dereference
--Wanalyzer-unsafe-call-within-signal-handler
--Wanalyzer-use-after-free
--Wanalyzer-va-list-leak
--Wanalyzer-va-list-use-after-va-end
-}
-
@opindex fanalyzer-debug-text-art
@opindex fno-analyzer-debug-text-art
@item -fanalyzer-debug-text-art-headings
-// TODO: remove need for this option
-/* { dg-additional-options "-fanalyzer-checker=taint" } */
-
#include "../../gcc.dg/analyzer/analyzer-decls.h"
struct arg_buf
-/* { dg-additional-options "-fanalyzer-checker=taint" } */
-
typedef __SIZE_TYPE__ size_t;
extern size_t fread (void *, size_t, size_t, void *);
-// TODO: remove need for this option
-/* { dg-additional-options "-fanalyzer-checker=taint" } */
-
typedef __SIZE_TYPE__ size_t;
typedef const void *t_comptype;
typedef int (*t_compfunc)(t_comptype, t_comptype);
/* { dg-do "compile" } */
/* { dg-additional-options "-fsigned-char" } */
+/* TODO (PR analyzer/112528): remove need for this. */
+/* { dg-additional-options "--param analyzer-max-enodes-per-program-point=40 --param analyzer-bb-explosion-factor=10" } */
+
/* Minimal replacement of system headers. */
typedef __SIZE_TYPE__ size_t;
/* { dg-do "compile" } */
/* { dg-additional-options "-funsigned-char" } */
+/* TODO (PR analyzer/112528): remove need for this. */
+/* { dg-additional-options "--param analyzer-max-enodes-per-program-point=40 --param analyzer-bb-explosion-factor=10" } */
+
/* Minimal replacement of system headers. */
typedef __SIZE_TYPE__ size_t;
-/* { dg-additional-options "-fanalyzer-checker=taint" } */
-
typedef __SIZE_TYPE__ size_t;
int idx;
-// TODO: remove need for this option
-/* { dg-additional-options "-fanalyzer-checker=taint" } */
-
#include "analyzer-decls.h"
/* Verify the handling of "switch (enum_value)". */
Fixed in 3d0475119d8722798db5e88f26493f6547a4bb5b on linux-2.6.39.y
in linux-stable. */
-// TODO: remove need for this option:
-/* { dg-additional-options "-fanalyzer-checker=taint" } */
-
#include "analyzer-decls.h"
#include "test-uaccess.h"
/* See notes in this header. */
#include "taint-CVE-2020-13143.h"
-// TODO: remove need for this option
-/* { dg-additional-options "-fanalyzer-checker=taint" } */
-
struct configfs_attribute {
/* [...snip...] */
ssize_t (*store)(struct config_item *, const char *, size_t) /* { dg-message "\\(1\\) field 'store' of 'struct configfs_attribute' is marked with '__attribute__\\(\\(tainted_args\\)\\)'" } */
/* See notes in this header. */
#include "taint-CVE-2020-13143.h"
-// TODO: remove need for this option
-/* { dg-additional-options "-fanalyzer-checker=taint" } */
-
struct configfs_attribute {
/* [...snip...] */
ssize_t (*store)(struct config_item *, const char *, size_t) /* { dg-message "\\(1\\) field 'store' of 'struct configfs_attribute' is marked with '__attribute__\\(\\(tainted_args\\)\\)'" } */
Fixed by 15753588bcd4bbffae1cca33c8ced5722477fe1f on linux-5.7.y
in linux-stable. */
-// TODO: remove need for this option
-/* { dg-additional-options "-fanalyzer-checker=taint" } */
-
#include <stddef.h>
/* Adapted from include/uapi/asm-generic/posix_types.h */
-// TODO: remove need for this option
-/* { dg-additional-options "-fanalyzer-checker=taint" } */
/* { dg-require-effective-target alloca } */
#include "analyzer-decls.h"
-// TODO: remove need for this option:
-/* { dg-additional-options "-fanalyzer-checker=taint" } */
-
#include "analyzer-decls.h"
#include <stdio.h>
#include <stdlib.h>
-// TODO: remove need for this option:
-/* { dg-additional-options "-fanalyzer-checker=taint" } */
-
#include "analyzer-decls.h"
#include <stdio.h>
#include <stdlib.h>
-// TODO: remove need for this option:
-/* { dg-additional-options "-fanalyzer-checker=taint" } */
-
#include "analyzer-decls.h"
#include <stdio.h>
#include <stdlib.h>
-// TODO: remove need for this option
-/* { dg-additional-options "-fanalyzer-checker=taint" } */
-
#include "analyzer-decls.h"
struct foo
-// TODO: remove need for this option
-/* { dg-additional-options "-fanalyzer-checker=taint" } */
-
/* We need this, otherwise the warnings are emitted inside the macros, which
makes it hard to write the DejaGnu directives. */
/* { dg-additional-options " -ftrack-macro-expansion=0" } */
-Wanalyzer-tainted-assertion with macro-tracking enabled
(the default). */
-// TODO: remove need for this option
-/* { dg-additional-options "-fanalyzer-checker=taint" } */
-
/* { dg-additional-options "-fdiagnostics-show-path-depths" } */
/* { dg-additional-options "-fdiagnostics-path-format=inline-events -fdiagnostics-show-caret" } */
(the default), where the assertion macro is defined in
a system header. */
-// TODO: remove need for this option
-/* { dg-additional-options "-fanalyzer-checker=taint" } */
-
/* { dg-additional-options "-fdiagnostics-show-path-depths" } */
/* { dg-additional-options "-fdiagnostics-path-format=inline-events -fdiagnostics-show-caret" } */
-// TODO: remove need for this option
-/* { dg-additional-options "-fanalyzer-checker=taint" } */
-
/* We need this, otherwise the warnings are emitted inside the macros, which
makes it hard to write the DejaGnu directives. */
/* { dg-additional-options " -ftrack-macro-expansion=0" } */
-// TODO: remove need for this option:
-/* { dg-additional-options "-fanalyzer-checker=taint" } */
-
#include "analyzer-decls.h"
#include <stdio.h>
-// TODO: remove need for this option:
-/* { dg-additional-options "-fanalyzer-checker=taint" } */
-
#include "analyzer-decls.h"
__attribute__ ((tainted_args))
-/* { dg-additional-options "-fanalyzer-checker=taint" } */
-// TODO: remove need for this option
-
#include "analyzer-decls.h"
int v_start;
+++ /dev/null
-/* { dg-additional-options "-fanalyzer-checker=taint" } */
-// TODO: remove need for this option
-/* This test can probably be removed when -fanalyzer enables
- the taint checker by default. */
-
-#include "analyzer-decls.h"
-
-void
-test_1 (char a)
-{
- char b = -a;
-}
-
-/* Copies of code from data-model-1.c. */
-
-void test_20 (int i, int j)
-{
- __analyzer_eval (i + 1); /* { dg-warning "UNKNOWN" } */
- __analyzer_eval (i + j); /* { dg-warning "UNKNOWN" } */
-
- __analyzer_eval (i - 1); /* { dg-warning "UNKNOWN" } */
- __analyzer_eval (i - j); /* { dg-warning "UNKNOWN" } */
-
- __analyzer_eval (i * 2); /* { dg-warning "UNKNOWN" } */
- __analyzer_eval (i * j); /* { dg-warning "UNKNOWN" } */
-
- __analyzer_eval (i / 2); /* { dg-warning "UNKNOWN" } */
- __analyzer_eval (i / j); /* { dg-warning "UNKNOWN" } */
-
- __analyzer_eval (i % 2); /* { dg-warning "UNKNOWN" } */
- __analyzer_eval (i % j); /* { dg-warning "UNKNOWN" } */
-
- __analyzer_eval (i & 1); /* { dg-warning "UNKNOWN" } */
- __analyzer_eval (i & j); /* { dg-warning "UNKNOWN" } */
-
- __analyzer_eval (i | 1); /* { dg-warning "UNKNOWN" } */
- __analyzer_eval (i | j); /* { dg-warning "UNKNOWN" } */
-
- __analyzer_eval (i ^ 1); /* { dg-warning "UNKNOWN" } */
- __analyzer_eval (i ^ j); /* { dg-warning "UNKNOWN" } */
-
- __analyzer_eval (i >> 1); /* { dg-warning "UNKNOWN" } */
- __analyzer_eval (i >> j); /* { dg-warning "UNKNOWN" } */
-
- __analyzer_eval (i << 1); /* { dg-warning "UNKNOWN" } */
- __analyzer_eval (i << j); /* { dg-warning "UNKNOWN" } */
-
- __analyzer_eval (i && 0); /* { dg-warning "FALSE" } */
- __analyzer_eval (i && 1); /* { dg-warning "UNKNOWN" } */
- __analyzer_eval (i && j); /* { dg-warning "UNKNOWN" } */
-
- __analyzer_eval (i || 0); /* { dg-warning "UNKNOWN" } */
-
- __analyzer_eval (i || 1); /* { dg-warning "TRUE" } */
- __analyzer_eval (i || j); /* { dg-warning "UNKNOWN" } */
-
- __analyzer_eval (~i); /* { dg-warning "UNKNOWN" } */
- __analyzer_eval (-i); /* { dg-warning "UNKNOWN" } */
- __analyzer_eval (+i); /* { dg-warning "UNKNOWN" } */
-
- /* Anything added above should be added to the next function also. */
-}
-
-void test_21 (void)
-{
- int i, j, zero;
- int *pi = &i;
- int *pj = &j;
- int *pzero = &zero;
- *pi = 5;
- *pj = 3;
- *pzero = 0;
-
- __analyzer_eval (i + j == 8); /* { dg-warning "TRUE" } */
- __analyzer_eval (i - j == 2); /* { dg-warning "TRUE" } */
- __analyzer_eval (i * j == 15); /* { dg-warning "TRUE" } */
- __analyzer_eval (i / j == 1); /* { dg-warning "TRUE" } */
- __analyzer_eval (i % j == 2); /* { dg-warning "TRUE" } */
-
- /* Division by zero. */
- // TODO: should we warn for this?
- __analyzer_eval (i / zero); /* { dg-warning "UNKNOWN" } */
- __analyzer_eval (i % zero); /* { dg-warning "UNKNOWN" } */
-
- __analyzer_eval ((i & 1) == (5 & 1)); /* { dg-warning "TRUE" } */
- __analyzer_eval ((i & j) == (5 & 3)); /* { dg-warning "TRUE" } */
- __analyzer_eval ((i | 1) == (5 | 1)); /* { dg-warning "TRUE" } */
- __analyzer_eval ((i | j) == (5 | 3)); /* { dg-warning "TRUE" } */
- __analyzer_eval ((i ^ 1) == (5 ^ 1)); /* { dg-warning "TRUE" } */
- __analyzer_eval ((i ^ j) == (5 ^ 3)); /* { dg-warning "TRUE" } */
- __analyzer_eval ((i >> 1) == (5 >> 1)); /* { dg-warning "TRUE" } */
- __analyzer_eval ((i >> j) == (5 >> 3)); /* { dg-warning "TRUE" } */
- __analyzer_eval ((i << 1) == (5 << 1)); /* { dg-warning "TRUE" } */
- __analyzer_eval ((i << j) == (5 << 3)); /* { dg-warning "TRUE" } */
- __analyzer_eval (i && 0); /* { dg-warning "FALSE" } */
- __analyzer_eval (i && 1); /* { dg-warning "TRUE" } */
- __analyzer_eval (i && j); /* { dg-warning "TRUE" } */
-
- __analyzer_eval (i || 0); /* { dg-warning "TRUE" } */
- __analyzer_eval (i || 1); /* { dg-warning "TRUE" } */
- __analyzer_eval (i || j); /* { dg-warning "TRUE" } */
-
- __analyzer_eval (~i == ~5); /* { dg-warning "TRUE" } */
- __analyzer_eval (-i == -5); /* { dg-warning "TRUE" } */
- __analyzer_eval (+i == +5); /* { dg-warning "TRUE" } */
-}
-// TODO: remove need for this option:
-/* { dg-additional-options "-fanalyzer-checker=taint" } */
-
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-// TODO: remove need for this option:
-/* { dg-additional-options "-fanalyzer-checker=taint" } */
-
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-// TODO: remove need for this option:
-/* { dg-additional-options "-fanalyzer-checker=taint" } */
-
#include "analyzer-decls.h"
#include <stdio.h>
#include <stdlib.h>
__analyzer_dump_state ("taint", sz); /* { dg-warning "state: 'tainted'" } */
q = realloc (p, sz); /* { dg-warning "use of attacker-controlled value 'sz' as allocation size without upper-bounds checking" } */
-}
+} /* { dg-warning "leak of 'q'" } */
-// TODO: remove need for this option:
-/* { dg-additional-options "-fanalyzer-checker=taint" } */
-
#include "analyzer-decls.h"
#include <stdio.h>
#include <stdlib.h>
/* Passing tainted sizes to external functions with attribute ((access)) with
a size-index. */
-// TODO: remove need for the explicit taint option:
-/* { dg-additional-options "-fanalyzer-checker=taint -fanalyzer-show-duplicate-count" } */
+/* { dg-additional-options "-fanalyzer-show-duplicate-count" } */
#include "analyzer-decls.h"
#include <stdio.h>
-// TODO: remove need for this option:
-/* { dg-additional-options "-fanalyzer-checker=taint" } */
-
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-// TODO: remove need for this option:
-/* { dg-additional-options "-fanalyzer-checker=taint" } */
-
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-// TODO: remove need for the taint option:
-/* { dg-additional-options "-fanalyzer-checker=taint" } */
/* { dg-skip-if "" { *-*-* } { "-fno-fat-lto-objects" } { "" } } */
#define LOWER_LIMIT 5
-// TODO: remove need for the taint option:
-/* { dg-additional-options "-fanalyzer-checker=taint" } */
/* { dg-skip-if "" { *-*-* } { "-fno-fat-lto-objects" } { "" } } */
struct raw_ep {
/* { dg-do compile } */
-// TODO: remove need for -fanalyzer-checker=taint here:
-/* { dg-options "-fanalyzer -fanalyzer-checker=taint" } */
/* { dg-require-effective-target analyzer } */
+/* { dg-additional-options "-Wno-pedantic" } */
/* See notes in this header. */
#include "taint-CVE-2011-0521.h"
/* { dg-do compile } */
-// TODO: remove need for -fanalyzer-checker=taint here:
-/* { dg-options "-fanalyzer -fanalyzer-checker=taint" } */
+/* { dg-additional-options "-Wno-pedantic" } */
/* { dg-require-effective-target analyzer } */
/* See notes in this header. */
/* { dg-do compile } */
-// TODO: remove need for -fanalyzer-checker=taint here:
-/* { dg-options "-fanalyzer -fanalyzer-checker=taint" } */
+/* { dg-additional-options "-Wno-pedantic" } */
/* { dg-require-effective-target analyzer } */
/* See notes in this header. */
#include "taint-CVE-2011-0521.h"
-// TODO: remove need for this option
-/* { dg-additional-options "-fanalyzer-checker=taint" } */
-
/* Adapted from drivers/media/dvb/ttpci/av7110_ca.c */
int dvb_ca_ioctl(struct file *file, unsigned int cmd, void *parg)
/* { dg-do compile } */
-// TODO: remove need for -fanalyzer-checker=taint here:
-/* { dg-options "-fanalyzer -fanalyzer-checker=taint" } */
/* { dg-require-effective-target analyzer } */
+/* { dg-additional-options "-Wno-pedantic" } */
/* See notes in this header. */
#include "taint-CVE-2011-0521.h"
/* { dg-do compile } */
-// TODO: remove need for -fanalyzer-checker=taint here:
-/* { dg-options "-fanalyzer -fanalyzer-checker=taint" } */
/* { dg-require-effective-target analyzer } */
+/* { dg-additional-options "-Wno-pedantic" } */
/* See notes in this header. */
#include "taint-CVE-2011-0521.h"
-// TODO: remove need for this option
-/* { dg-additional-options "-fanalyzer-checker=taint" } */
-
/* Adapted from drivers/media/dvb/ttpci/av7110_ca.c */
int dvb_ca_ioctl(struct file *file, unsigned int cmd, void *parg)
/* { dg-do compile } */
-// TODO: remove need for -fanalyzer-checker=taint here:
-/* { dg-options "-fanalyzer -fanalyzer-checker=taint" } */
/* { dg-require-effective-target analyzer } */
+/* { dg-additional-options "-Wno-pedantic" } */
/* See notes in this header. */
#include "taint-CVE-2011-0521.h"
if (info->num > 1)
return -EINVAL;
av7110->ci_slot[info->num].num = info->num; /* { dg-warning "attacker-controlled value" "" { xfail *-*-* } } */
- // TODO(xfail)
+ /* TODO(xfail). */
av7110->ci_slot[info->num].type = FW_CI_LL_SUPPORT(av7110->arm_app) ?
CA_CI_LINK : CA_CI;
memcpy(info, &av7110->ci_slot[info->num], sizeof(ca_slot_info_t));
/* { dg-do compile } */
-// TODO: remove need for -fanalyzer-checker=taint here:
// TODO: remove need for --param=analyzer-max-svalue-depth=25 here:
-/* { dg-options "-fanalyzer -fanalyzer-checker=taint --param=analyzer-max-svalue-depth=25" } */
-/* { dg-options "-fanalyzer -fanalyzer-checker=taint" } */
+/* { dg-options "-fanalyzer --param=analyzer-max-svalue-depth=25" } */
+/* { dg-additional-options "-Wno-pedantic" } */
/* { dg-require-effective-target analyzer } */
/* See notes in this header. */
if (info->num > 1)
return -EINVAL;
- av7110->ci_slot[info->num].num = info->num; /* { dg-warning "attacker-controlled value" "" { xfail *-*-* } } */
- // TODO(xfail)
- av7110->ci_slot[info->num].type = FW_CI_LL_SUPPORT(av7110->arm_app) ?
+ av7110->ci_slot[info->num].num = info->num; /* { dg-warning "attacker-controlled value" } */
+ av7110->ci_slot[info->num].type = FW_CI_LL_SUPPORT(av7110->arm_app) ? /* { dg-warning "attacker-controlled value" } */
CA_CI_LINK : CA_CI;
- memcpy(info, &av7110->ci_slot[info->num], sizeof(ca_slot_info_t));
+ memcpy(info, &av7110->ci_slot[info->num], sizeof(ca_slot_info_t)); /* { dg-warning "attacker-controlled value" } */
}
copy_to_user((void __user *)arg, parg, sizeof(sbuf));
/* { dg-do compile } */
-// TODO: remove need for -fanalyzer-checker=taint here:
// TODO: remove need for --param=analyzer-max-svalue-depth=25 here:
-/* { dg-options "-fanalyzer -fanalyzer-checker=taint --param=analyzer-max-svalue-depth=25" } */
+/* { dg-options "-fanalyzer --param=analyzer-max-svalue-depth=25" } */
+/* { dg-additional-options "-Wno-pedantic" } */
/* { dg-require-effective-target analyzer } */
/* On darwin, system headers are fortified, which defeats the analysis. Turn it off. */
/* { dg-do compile } */
-// TODO: remove need for -fanalyzer-checker=taint here:
// TODO: remove need for --param=analyzer-max-svalue-depth=25 here:
-/* { dg-options "-fanalyzer -fanalyzer-checker=taint --param=analyzer-max-svalue-depth=25" } */
+/* { dg-options "-fanalyzer --param=analyzer-max-svalue-depth=25" } */
+/* { dg-additional-options "-Wno-pedantic" } */
/* { dg-require-effective-target analyzer } */
/* On darwin, system headers are fortified, which defeats the analysis. Turn it off. */
/* { dg-do compile } */
-// TODO: remove need for -fanalyzer-checker=taint here:
// TODO: remove need for --param=analyzer-max-svalue-depth=25 here:
-/* { dg-options "-fanalyzer -fanalyzer-checker=taint --param=analyzer-max-svalue-depth=25" } */
+/* { dg-options "-fanalyzer --param=analyzer-max-svalue-depth=25" } */
+/* { dg-additional-options "-Wno-pedantic" } */
/* { dg-require-effective-target analyzer } */
/* On darwin, system headers are fortified, which defeats the analysis. Turn it off. */
/* { dg-do compile } */
-// TODO: remove need for -fanalyzer-checker=taint here:
-/* { dg-options "-fanalyzer -fanalyzer-checker=taint" } */
+/* { dg-options "-fanalyzer" } */
/* { dg-require-effective-target analyzer } */
#include "test-uaccess.h"