sm.cc source code [gcc/analyzer/sm.cc]

1	/ Modeling API uses and misuses via state machines.*
2	Copyright (C) 2019-2024 Free Software Foundation, Inc.
3	Contributed by David Malcolm <dmalcolm@redhat.com>.
4
5	This file is part of GCC.
6
7	GCC is free software; you can redistribute it and/or modify it
8	under the terms of the GNU General Public License as published by
9	the Free Software Foundation; either version 3, or (at your option)
10	any later version.
11
12	GCC is distributed in the hope that it will be useful, but
13	WITHOUT ANY WARRANTY; without even the implied warranty of
14	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15	General Public License for more details.
16
17	You should have received a copy of the GNU General Public License
18	along with GCC; see the file COPYING3. If not see
19	<http://www.gnu.org/licenses/>. /*
20
21	#include "config.h"
22	#define INCLUDE_MEMORY
23	#include "system.h"
24	#include "coretypes.h"
25	#include "tree.h"
26	#include "function.h"
27	#include "basic-block.h"
28	#include "gimple.h"
29	#include "options.h"
30	#include "function.h"
31	#include "diagnostic-core.h"
32	#include "pretty-print.h"
33	#include "diagnostic.h"
34	#include "tree-diagnostic.h"
35	#include "analyzer/analyzer.h"
36	#include "analyzer/analyzer-logging.h"
37	#include "analyzer/sm.h"
38	#include "analyzer/call-string.h"
39	#include "analyzer/program-point.h"
40	#include "analyzer/store.h"
41	#include "analyzer/svalue.h"
42	#include "analyzer/program-state.h"
43	#include "analyzer/pending-diagnostic.h"
44
45	#if ENABLE_ANALYZER
46
47	namespace ana {
48
49	/ Return true if VAR has pointer or reference type. /
50
51	bool
52	any_pointer_p (tree var)
53	{
54	return POINTER_TYPE_P (TREE_TYPE (var));
55	}
56
57	/ Return true if SVAL has pointer or reference type. /
58
59	bool
60	any_pointer_p (const svalue *sval)
61	{
62	if (!sval->get_type ())
63	return false;
64	return POINTER_TYPE_P (sval->get_type ());
65	}
66
67	/ class state_machine::state. /
68
69	/ Base implementation of dump_to_pp vfunc. /
70
71	void
72	state_machine::state::dump_to_pp (pretty_printer pp) const*
73	{
74	pp_string (pp, m_name);
75	}
76
77	/ Return a new json::string describing the state. /
78
79	json::value *
80	state_machine::state::to_json () const
81	{
82	pretty_printer pp;
83	pp_format_decoder (&pp) = default_tree_printer;
84	dump_to_pp (pp: &pp);
85	return new json::string (pp_formatted_text (&pp));
86	}
87
88	/ class state_machine. /
89
90	/ state_machine's ctor. /
91
92	state_machine::state_machine (const char name, logger logger)
93	: log_user (logger), m_name (name), m_next_state_id (`0`),
94	m_start (add_state (name: "start"))
95	{
96	}
97
98	/ Add a state with name NAME to this state_machine.*
99	The string is required to outlive the state_machine.
100
101	Return the state_t for the new state. /*
102
103	state_machine::state_t
104	state_machine::add_state (const char *name)
105	{
106	state s = new* state (name, alloc_state_id ());
107	m_states.safe_push (obj: s);
108	return s;
109	}
110
111	/ Get the state with name NAME, which must exist.*
112	This is purely intended for use in selftests. /*
113
114	state_machine::state_t
115	state_machine::get_state_by_name (const char name) const*
116	{
117	unsigned i;
118	state *s;
119	FOR_EACH_VEC_ELT (m_states, i, s)
120	if (!strcmp (s1: name, s2: s->get_name ()))
121	return s;
122	/ Name not found. /
123	gcc_unreachable ();
124	}
125
126	/ Base implementation of state_machine::on_leak. /
127
128	std::unique_ptr<pending_diagnostic>
129	state_machine::on_leak (tree var ATTRIBUTE_UNUSED) const
130	{
131	return NULL;
132	}
133
134	/ Dump a multiline representation of this state machine to PP. /
135
136	void
137	state_machine::dump_to_pp (pretty_printer pp) const*
138	{
139	unsigned i;
140	state *s;
141	FOR_EACH_VEC_ELT (m_states, i, s)
142	{
143	pp_printf (pp, " state %i: ", i);
144	s->dump_to_pp (pp);
145	pp_newline (pp);
146	}
147	}
148
149	/ Return a new json::object of the form*
150	{"name" : str,
151	"states" : [str]}. /*
152
153	json::object *
154	state_machine::to_json () const
155	{
156	json::object sm_obj = new* json::object ();
157
158	sm_obj->set (key: "name", v: new json::string (m_name));
159	{
160	json::array states_arr = new* json::array ();
161	unsigned i;
162	state *s;
163	FOR_EACH_VEC_ELT (m_states, i, s)
164	states_arr->append (v: s->to_json ());
165	sm_obj->set (key: "states", v: states_arr);
166	}
167
168	return sm_obj;
169	}
170
171	/ class sm_context. /
172
173	const region_model *
174	sm_context::get_old_region_model () const
175	{
176	if (const program_state *old_state = get_old_program_state ())
177	return old_state->m_region_model;
178	else
179	return NULL;
180	}
181
182	/ Create instances of the various state machines, each using LOGGER,*
183	and populate OUT with them. /*
184
185	void
186	make_checkers (auto_delete_vec <state_machine> &out, logger *logger)
187	{
188	out.safe_push (obj: make_malloc_state_machine (logger));
189	out.safe_push (obj: make_fileptr_state_machine (logger));
190	out.safe_push (obj: make_fd_state_machine (logger));
191	out.safe_push (obj: make_taint_state_machine (logger));
192	out.safe_push (obj: make_sensitive_state_machine (logger));
193	out.safe_push (obj: make_signal_state_machine (logger));
194	out.safe_push (obj: make_va_list_state_machine (logger));
195
196	/ We only attempt to run the pattern tests if it might have been manually*
197	enabled (for DejaGnu purposes). /*
198	if (flag_analyzer_checker)
199	out.safe_push (obj: make_pattern_test_state_machine (logger));
200
201	if (flag_analyzer_checker)
202	{
203	unsigned read_index, write_index;
204	state_machine **sm;
205
206	/ TODO: this leaks the machines*
207	Would be nice to log the things that were removed. /*
208	VEC_ORDERED_REMOVE_IF (out, read_index, write_index, sm,
209	`0` != strcmp (flag_analyzer_checker,
210	(*sm)->get_name ()));
211	}
212	}
213
214	} // namespace ana
215
216	#endif /* #if ENABLE_ANALYZER */
217

source code of gcc/analyzer/sm.cc