1 | /* Base header for the analyzer, plus utility functions. |
---|---|
2 | Copyright (C) 2019-2025 Free Software Foundation, Inc. |
3 | Contributed by David Malcolm <dmalcolm@redhat.com>. |
4 | |
5 | This file is part of GCC. |
6 | |
7 | GCC is free software; you can redistribute it and/or modify it |
8 | under the terms of the GNU General Public License as published by |
9 | the Free Software Foundation; either version 3, or (at your option) |
10 | any later version. |
11 | |
12 | GCC is distributed in the hope that it will be useful, but |
13 | WITHOUT ANY WARRANTY; without even the implied warranty of |
14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
15 | General Public License for more details. |
16 | |
17 | You should have received a copy of the GNU General Public License |
18 | along with GCC; see the file COPYING3. If not see |
19 | <http://www.gnu.org/licenses/>. */ |
20 | |
21 | #ifndef GCC_ANALYZER_COMMON_H |
22 | #define GCC_ANALYZER_COMMON_H |
23 | |
24 | #include "config.h" |
25 | #define INCLUDE_VECTOR |
26 | #include "system.h" |
27 | #include "coretypes.h" |
28 | #include "tree.h" |
29 | #include "function.h" |
30 | #include "basic-block.h" |
31 | #include "gimple.h" |
32 | #include "options.h" |
33 | #include "bitmap.h" |
34 | #include "diagnostic-core.h" |
35 | #include "diagnostic-path.h" |
36 | #include "rich-location.h" |
37 | #include "function.h" |
38 | #include "json.h" |
39 | #include "tristate.h" |
40 | |
41 | class graphviz_out; |
42 | |
43 | namespace ana { |
44 | |
45 | /* Forward decls of common types, with indentation to show inheritance. */ |
46 | |
47 | class supergraph; |
48 | class supernode; |
49 | class superedge; |
50 | class cfg_superedge; |
51 | class switch_cfg_superedge; |
52 | class eh_dispatch_cfg_superedge; |
53 | class eh_dispatch_try_cfg_superedge; |
54 | class eh_dispatch_allowed_cfg_superedge; |
55 | class callgraph_superedge; |
56 | class call_superedge; |
57 | class return_superedge; |
58 | |
59 | class svalue; |
60 | class region_svalue; |
61 | class constant_svalue; |
62 | class unknown_svalue; |
63 | class poisoned_svalue; |
64 | class setjmp_svalue; |
65 | class initial_svalue; |
66 | class unaryop_svalue; |
67 | class binop_svalue; |
68 | class sub_svalue; |
69 | class repeated_svalue; |
70 | class bits_within_svalue; |
71 | class unmergeable_svalue; |
72 | class placeholder_svalue; |
73 | class widening_svalue; |
74 | class compound_svalue; |
75 | class conjured_svalue; |
76 | class asm_output_svalue; |
77 | class const_fn_result_svalue; |
78 | typedef hash_set<const svalue *> svalue_set; |
79 | class region; |
80 | class frame_region; |
81 | class function_region; |
82 | class label_region; |
83 | class decl_region; |
84 | class symbolic_region; |
85 | class element_region; |
86 | class offset_region; |
87 | class sized_region; |
88 | class cast_region; |
89 | class field_region; |
90 | class string_region; |
91 | class bit_range_region; |
92 | class var_arg_region; |
93 | class region_model_manager; |
94 | class conjured_purge; |
95 | struct model_merger; |
96 | class store_manager; |
97 | class store; |
98 | class region_model; |
99 | class region_model_context; |
100 | class impl_region_model_context; |
101 | class call_details; |
102 | class rejected_constraint; |
103 | class constraint_manager; |
104 | class equiv_class; |
105 | class reachable_regions; |
106 | class bounded_ranges; |
107 | class bounded_ranges_manager; |
108 | |
109 | struct pending_location; |
110 | class pending_diagnostic; |
111 | class pending_note; |
112 | class saved_diagnostic; |
113 | struct event_loc_info; |
114 | class checker_event; |
115 | class state_change_event; |
116 | class warning_event; |
117 | class checker_path; |
118 | class extrinsic_state; |
119 | class sm_state_map; |
120 | class stmt_finder; |
121 | class program_point; |
122 | class function_point; |
123 | class program_state; |
124 | class exploded_graph; |
125 | class exploded_node; |
126 | class exploded_edge; |
127 | class feasibility_problem; |
128 | class exploded_cluster; |
129 | class exploded_path; |
130 | class analysis_plan; |
131 | class state_purge_map; |
132 | class state_purge_per_ssa_name; |
133 | class state_purge_per_decl; |
134 | class state_change; |
135 | class rewind_info_t; |
136 | |
137 | class engine; |
138 | class state_machine; |
139 | class logger; |
140 | class visitor; |
141 | class known_function_manager; |
142 | class call_summary; |
143 | class call_summary_replay; |
144 | struct per_function_data; |
145 | struct interesting_t; |
146 | |
147 | class feasible_node; |
148 | |
149 | class known_function; |
150 | class builtin_known_function; |
151 | class internal_known_function; |
152 | |
153 | /* Forward decls of functions. */ |
154 | |
155 | extern void dump_tree (pretty_printer *pp, tree t); |
156 | extern void dump_quoted_tree (pretty_printer *pp, tree t); |
157 | extern void print_quoted_type (pretty_printer *pp, tree t); |
158 | extern void print_expr_for_user (pretty_printer *pp, tree t); |
159 | extern int readability_comparator (const void *p1, const void *p2); |
160 | extern int tree_cmp (const void *p1, const void *p2); |
161 | extern tree fixup_tree_for_diagnostic (tree); |
162 | extern tree get_diagnostic_tree_for_gassign (const gassign *); |
163 | |
164 | /* A tree, extended with stack frame information for locals, so that |
165 | we can distinguish between different values of locals within a potentially |
166 | recursive callstack. */ |
167 | |
168 | class path_var |
169 | { |
170 | public: |
171 | path_var (tree t, int stack_depth) |
172 | : m_tree (t), m_stack_depth (stack_depth) |
173 | { |
174 | // TODO: ignore stack depth for globals and constants |
175 | } |
176 | |
177 | bool operator== (const path_var &other) const |
178 | { |
179 | return (m_tree == other.m_tree |
180 | && m_stack_depth == other.m_stack_depth); |
181 | } |
182 | |
183 | operator bool () const |
184 | { |
185 | return m_tree != NULL_TREE; |
186 | } |
187 | |
188 | void dump (pretty_printer *pp) const; |
189 | |
190 | tree m_tree; |
191 | int m_stack_depth; // or -1 for globals? |
192 | }; |
193 | |
194 | typedef offset_int bit_offset_t; |
195 | typedef offset_int bit_size_t; |
196 | typedef offset_int byte_offset_t; |
197 | typedef offset_int byte_size_t; |
198 | |
199 | extern bool int_size_in_bits (const_tree type, bit_size_t *out); |
200 | |
201 | extern tree get_field_at_bit_offset (tree record_type, bit_offset_t bit_offset); |
202 | |
203 | /* The location of a region expressesd as an offset relative to a |
204 | base region. */ |
205 | |
206 | class region_offset |
207 | { |
208 | public: |
209 | region_offset () |
210 | : m_base_region (NULL), m_offset (0), m_sym_offset (NULL) |
211 | { |
212 | } |
213 | |
214 | static region_offset make_concrete (const region *base_region, |
215 | bit_offset_t offset) |
216 | { |
217 | return region_offset (base_region, offset, NULL); |
218 | } |
219 | static region_offset make_symbolic (const region *base_region, |
220 | const svalue *sym_offset) |
221 | { |
222 | return region_offset (base_region, 0, sym_offset); |
223 | } |
224 | static region_offset make_byte_offset (const region *base_region, |
225 | const svalue *num_bytes_sval); |
226 | |
227 | const region *get_base_region () const { return m_base_region; } |
228 | |
229 | bool concrete_p () const { return m_sym_offset == NULL; } |
230 | bool symbolic_p () const { return m_sym_offset != NULL; } |
231 | |
232 | bit_offset_t get_bit_offset () const |
233 | { |
234 | gcc_assert (!symbolic_p ()); |
235 | return m_offset; |
236 | } |
237 | |
238 | bool get_concrete_byte_offset (byte_offset_t *out) const |
239 | { |
240 | gcc_assert (!symbolic_p ()); |
241 | if (m_offset % BITS_PER_UNIT == 0) |
242 | { |
243 | *out = m_offset / BITS_PER_UNIT; |
244 | return true; |
245 | } |
246 | return false; |
247 | } |
248 | |
249 | const svalue *get_symbolic_byte_offset () const |
250 | { |
251 | gcc_assert (symbolic_p ()); |
252 | return m_sym_offset; |
253 | } |
254 | |
255 | const svalue &calc_symbolic_bit_offset (region_model_manager *mgr) const; |
256 | const svalue *calc_symbolic_byte_offset (region_model_manager *mgr) const; |
257 | |
258 | bool operator== (const region_offset &other) const |
259 | { |
260 | return (m_base_region == other.m_base_region |
261 | && m_offset == other.m_offset |
262 | && m_sym_offset == other.m_sym_offset); |
263 | } |
264 | |
265 | void dump_to_pp (pretty_printer *pp, bool) const; |
266 | void dump (bool) const; |
267 | |
268 | private: |
269 | region_offset (const region *base_region, bit_offset_t offset, |
270 | const svalue *sym_offset) |
271 | : m_base_region (base_region), m_offset (offset), m_sym_offset (sym_offset) |
272 | {} |
273 | |
274 | const region *m_base_region; |
275 | bit_offset_t m_offset; |
276 | const svalue *m_sym_offset; |
277 | }; |
278 | |
279 | extern bool operator< (const region_offset &, const region_offset &); |
280 | extern bool operator<= (const region_offset &, const region_offset &); |
281 | extern bool operator> (const region_offset &, const region_offset &); |
282 | extern bool operator>= (const region_offset &, const region_offset &); |
283 | |
284 | extern location_t get_stmt_location (const gimple *stmt, function *fun); |
285 | |
286 | extern bool compat_types_p (tree src_type, tree dst_type); |
287 | |
288 | /* Abstract base class for simulating the behavior of known functions, |
289 | supplied by the core of the analyzer, or by plugins. |
290 | The former are typically implemented in the various kf*.cc */ |
291 | |
292 | class known_function |
293 | { |
294 | public: |
295 | virtual ~known_function () {} |
296 | virtual bool matches_call_types_p (const call_details &cd) const = 0; |
297 | virtual void impl_call_pre (const call_details &) const |
298 | { |
299 | return; |
300 | } |
301 | virtual void impl_call_post (const call_details &) const |
302 | { |
303 | return; |
304 | } |
305 | |
306 | virtual const builtin_known_function * |
307 | dyn_cast_builtin_kf () const { return NULL; } |
308 | }; |
309 | |
310 | /* Subclass of known_function for builtin functions. */ |
311 | |
312 | class builtin_known_function : public known_function |
313 | { |
314 | public: |
315 | virtual enum built_in_function builtin_code () const = 0; |
316 | tree builtin_decl () const { |
317 | gcc_assert (builtin_code () < END_BUILTINS); |
318 | return builtin_info[builtin_code ()].decl; |
319 | } |
320 | |
321 | const builtin_known_function * |
322 | dyn_cast_builtin_kf () const final override { return this; } |
323 | }; |
324 | |
325 | /* Subclass of known_function for IFN_* functions. */ |
326 | |
327 | class internal_known_function : public known_function |
328 | { |
329 | public: |
330 | bool matches_call_types_p (const call_details &) const final override |
331 | { |
332 | /* Types are assumed to be correct. */ |
333 | return true; |
334 | } |
335 | }; |
336 | |
337 | /* Abstract subclass of known_function that merely sets the return |
338 | value of the function (based on function attributes), and assumes |
339 | it has no side-effects. */ |
340 | |
341 | class pure_known_function_with_default_return : public known_function |
342 | { |
343 | public: |
344 | void impl_call_pre (const call_details &cd) const override; |
345 | }; |
346 | |
347 | extern void register_known_functions (known_function_manager &kfm, |
348 | region_model_manager &rmm); |
349 | extern void register_known_analyzer_functions (known_function_manager &kfm); |
350 | extern void register_known_fd_functions (known_function_manager &kfm); |
351 | extern void register_known_file_functions (known_function_manager &kfm); |
352 | extern void register_known_functions_lang_cp (known_function_manager &kfm); |
353 | extern void register_varargs_builtins (known_function_manager &kfm); |
354 | |
355 | /* Passed by pointer to PLUGIN_ANALYZER_INIT callbacks. */ |
356 | |
357 | class plugin_analyzer_init_iface |
358 | { |
359 | public: |
360 | virtual void register_state_machine (std::unique_ptr<state_machine>) = 0; |
361 | virtual void register_known_function (const char *name, |
362 | std::unique_ptr<known_function>) = 0; |
363 | virtual logger *get_logger () const = 0; |
364 | }; |
365 | |
366 | /* An enum for describing the direction of an access to memory. */ |
367 | |
368 | enum class access_direction |
369 | { |
370 | read, |
371 | write |
372 | }; |
373 | |
374 | /* Abstract base class for associating custom data with an |
375 | exploded_edge, for handling non-standard edges such as |
376 | rewinding from a longjmp, signal handlers, etc. |
377 | Also used when "bifurcating" state: splitting the execution |
378 | path in non-standard ways (e.g. for simulating the various |
379 | outcomes of "realloc"). */ |
380 | |
381 | class custom_edge_info |
382 | { |
383 | public: |
384 | virtual ~custom_edge_info () {} |
385 | |
386 | /* Hook for making .dot label more readable. */ |
387 | virtual void print (pretty_printer *pp) const = 0; |
388 | |
389 | /* Hook for updating STATE when handling bifurcation. */ |
390 | virtual bool update_state (program_state *state, |
391 | const exploded_edge *eedge, |
392 | region_model_context *ctxt) const; |
393 | |
394 | /* Hook for updating MODEL within exploded_path::feasible_p |
395 | and when handling bifurcation. */ |
396 | virtual bool update_model (region_model *model, |
397 | const exploded_edge *eedge, |
398 | region_model_context *ctxt) const = 0; |
399 | |
400 | virtual void add_events_to_path (checker_path *emission_path, |
401 | const exploded_edge &eedge) const = 0; |
402 | |
403 | virtual exploded_node *create_enode (exploded_graph &eg, |
404 | const program_point &point, |
405 | program_state &&state, |
406 | exploded_node *enode_for_diag, |
407 | region_model_context *ctxt) const; |
408 | }; |
409 | |
410 | /* Abstract base class for splitting state. |
411 | |
412 | Most of the state-management code in the analyzer involves |
413 | modifying state objects in-place, which assumes a single outcome. |
414 | |
415 | This class provides an escape hatch to allow for multiple outcomes |
416 | for such updates e.g. for modelling multiple outcomes from function |
417 | calls, such as the various outcomes of "realloc". */ |
418 | |
419 | class path_context |
420 | { |
421 | public: |
422 | virtual ~path_context () {} |
423 | |
424 | /* Hook for clients to split state with a non-standard path. */ |
425 | virtual void bifurcate (std::unique_ptr<custom_edge_info> info) = 0; |
426 | |
427 | /* Hook for clients to terminate the standard path. */ |
428 | virtual void terminate_path () = 0; |
429 | |
430 | /* Hook for clients to determine if the standard path has been |
431 | terminated. */ |
432 | virtual bool terminate_path_p () const = 0; |
433 | }; |
434 | |
435 | extern tree get_stashed_constant_by_name (const char *name); |
436 | extern void log_stashed_constants (logger *logger); |
437 | |
438 | extern FILE *get_or_create_any_logfile (); |
439 | |
440 | extern std::unique_ptr<json::value> |
441 | tree_to_json (tree node); |
442 | |
443 | extern std::unique_ptr<json::value> |
444 | diagnostic_event_id_to_json (const diagnostic_event_id_t &); |
445 | |
446 | extern std::unique_ptr<json::value> |
447 | bit_offset_to_json (const bit_offset_t &offset); |
448 | |
449 | extern std::unique_ptr<json::value> |
450 | byte_offset_to_json (const byte_offset_t &offset); |
451 | |
452 | extern tristate |
453 | compare_constants (tree lhs_const, enum tree_code op, tree rhs_const); |
454 | |
455 | extern tree |
456 | get_string_cst_size (const_tree string_cst); |
457 | |
458 | extern tree |
459 | get_ssa_default_def (const function &fun, tree var); |
460 | |
461 | extern const svalue * |
462 | strip_types (const svalue *sval, region_model_manager &mgr); |
463 | |
464 | extern region_offset |
465 | strip_types (const region_offset &offset, region_model_manager &mgr); |
466 | |
467 | extern tree remove_ssa_names (tree expr); |
468 | |
469 | } // namespace ana |
470 | |
471 | extern bool is_special_named_call_p (const gcall &call, const char *funcname, |
472 | unsigned int num_args, |
473 | bool look_in_std = false); |
474 | extern bool is_named_call_p (const_tree fndecl, const char *funcname); |
475 | extern bool is_named_call_p (const_tree fndecl, const char *funcname, |
476 | const gcall &call, unsigned int num_args); |
477 | extern bool is_std_function_p (const_tree fndecl); |
478 | extern bool is_std_named_call_p (const_tree fndecl, const char *funcname); |
479 | extern bool is_std_named_call_p (const_tree fndecl, const char *funcname, |
480 | const gcall &call, unsigned int num_args); |
481 | extern bool is_setjmp_call_p (const gcall &call); |
482 | extern bool is_longjmp_call_p (const gcall &call); |
483 | extern bool is_placement_new_p (const gcall &call); |
484 | extern bool is_cxa_throw_p (const gcall &call); |
485 | extern bool is_cxa_rethrow_p (const gcall &call); |
486 | |
487 | extern const char *get_user_facing_name (const gcall &call); |
488 | |
489 | extern void register_analyzer_pass (); |
490 | |
491 | extern label_text make_label_text (bool can_colorize, const char *fmt, ...); |
492 | extern label_text make_label_text_n (bool can_colorize, |
493 | unsigned HOST_WIDE_INT n, |
494 | const char *singular_fmt, |
495 | const char *plural_fmt, ...); |
496 | |
497 | extern bool fndecl_has_gimple_body_p (tree fndecl); |
498 | |
499 | /* An RAII-style class for pushing/popping cfun within a scope. |
500 | Doing so ensures we get "In function " announcements |
501 | from the diagnostics subsystem. */ |
502 | |
503 | class auto_cfun |
504 | { |
505 | public: |
506 | auto_cfun (function *fun) { push_cfun (new_cfun: fun); } |
507 | ~auto_cfun () { pop_cfun (); } |
508 | }; |
509 | |
510 | /* A template for creating hash traits for a POD type. */ |
511 | |
512 | template <typename Type> |
513 | struct pod_hash_traits : typed_noop_remove<Type> |
514 | { |
515 | typedef Type value_type; |
516 | typedef Type compare_type; |
517 | static inline hashval_t hash (value_type); |
518 | static inline bool equal (const value_type &existing, |
519 | const value_type &candidate); |
520 | static inline void mark_deleted (Type &); |
521 | static inline void mark_empty (Type &); |
522 | static inline bool is_deleted (Type); |
523 | static inline bool is_empty (Type); |
524 | }; |
525 | |
526 | /* A hash traits class that uses member functions to implement |
527 | the various required ops. */ |
528 | |
529 | template <typename Type> |
530 | struct member_function_hash_traits : public typed_noop_remove<Type> |
531 | { |
532 | typedef Type value_type; |
533 | typedef Type compare_type; |
534 | static inline hashval_t hash (value_type v) { return v.hash (); } |
535 | static inline bool equal (const value_type &existing, |
536 | const value_type &candidate) |
537 | { |
538 | return existing == candidate; |
539 | } |
540 | static inline void mark_deleted (Type &t) { t.mark_deleted (); } |
541 | static inline void mark_empty (Type &t) { t.mark_empty (); } |
542 | static inline bool is_deleted (Type t) { return t.is_deleted (); } |
543 | static inline bool is_empty (Type t) { return t.is_empty (); } |
544 | }; |
545 | |
546 | /* A map from T::key_t to T* for use in consolidating instances of T. |
547 | Owns all instances of T. |
548 | T::key_t should have operator== and be hashable. */ |
549 | |
550 | template <typename T> |
551 | class consolidation_map |
552 | { |
553 | public: |
554 | typedef typename T::key_t key_t; |
555 | typedef T instance_t; |
556 | typedef hash_map<key_t, instance_t *> inner_map_t; |
557 | typedef typename inner_map_t::iterator iterator; |
558 | |
559 | /* Delete all instances of T. */ |
560 | |
561 | ~consolidation_map () |
562 | { |
563 | for (typename inner_map_t::iterator iter = m_inner_map.begin (); |
564 | iter != m_inner_map.end (); ++iter) |
565 | delete (*iter).second; |
566 | } |
567 | |
568 | /* Get the instance of T for K if one exists, or NULL. */ |
569 | |
570 | T *get (const key_t &k) const |
571 | { |
572 | if (instance_t **slot = const_cast<inner_map_t &> (m_inner_map).get (k)) |
573 | return *slot; |
574 | return NULL; |
575 | } |
576 | |
577 | /* Take ownership of INSTANCE. */ |
578 | |
579 | void put (const key_t &k, T *instance) |
580 | { |
581 | m_inner_map.put (k, instance); |
582 | } |
583 | |
584 | size_t elements () const { return m_inner_map.elements (); } |
585 | |
586 | iterator begin () const { return m_inner_map.begin (); } |
587 | iterator end () const { return m_inner_map.end (); } |
588 | |
589 | private: |
590 | inner_map_t m_inner_map; |
591 | }; |
592 | |
593 | /* Disable -Wformat-diag; we want to be able to use pp_printf |
594 | for logging/dumping without complying with the rules for diagnostics. */ |
595 | #if __GNUC__ >= 10 |
596 | #pragma GCC diagnostic ignored "-Wformat-diag" |
597 | #endif |
598 | |
599 | #if !ENABLE_ANALYZER |
600 | extern void sorry_no_analyzer (); |
601 | #endif /* #if !ENABLE_ANALYZER */ |
602 | |
603 | #endif /* GCC_ANALYZER_COMMON_H */ |
604 |
Definitions
- path_var
- path_var
- operator==
- operator bool
- region_offset
- region_offset
- make_concrete
- make_symbolic
- get_base_region
- concrete_p
- symbolic_p
- get_bit_offset
- get_concrete_byte_offset
- get_symbolic_byte_offset
- operator==
- region_offset
- known_function
- ~known_function
- impl_call_pre
- impl_call_post
- dyn_cast_builtin_kf
- builtin_known_function
- builtin_decl
- dyn_cast_builtin_kf
- internal_known_function
- matches_call_types_p
- pure_known_function_with_default_return
- plugin_analyzer_init_iface
- access_direction
- custom_edge_info
- ~custom_edge_info
- path_context
- ~path_context
- auto_cfun
- auto_cfun
- ~auto_cfun
- pod_hash_traits
- member_function_hash_traits
- hash
- equal
- mark_deleted
- mark_empty
- is_deleted
- is_empty
- consolidation_map
- ~consolidation_map
- get
- put
- elements
- begin
Learn to use CMake with our Intro Training
Find out more