https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111155
--- Comment #1 from CVS Commits <cvs-commit at gcc dot gnu.org> --- The master branch has been updated by David Malcolm <dmalc...@gcc.gnu.org>: https://gcc.gnu.org/g:b365e9d57ad445c5491737e230bc94213a139de7 commit r14-4477-gb365e9d57ad445c5491737e230bc94213a139de7 Author: David Malcolm <dmalc...@redhat.com> Date: Sun Oct 8 18:43:16 2023 -0400 analyzer: improvements to out-of-bounds diagrams [PR111155] Update out-of-bounds diagrams to show existing string values, and the initial write index within a string buffer. For example, given the out-of-bounds write in strcat in: void test (void) { char buf[10]; strcpy (buf, "hello"); strcat (buf, " world!"); } the diagram improves from: âââââââ¬ââââââ¬âââââ¬âââââ¬ââââââââââââ¬ââââââ¬ââââââ â [0] â [1] â[2] â[3] â[4] ââ [5] â [6] â [7] â âââââââ¼ââââââ¼âââââ¼âââââ¼âââââ¤âââââââ¼ââââââ¼âââââ⤠â ' ' â 'w' â'o' â'r' â'l' ââ 'd' â '!' â NUL â âââââââ´ââââââ´âââââ´âââââ´âââââ´â´ââââââ´ââââââ´âââââ⤠â string literal (type: 'char[8]') â âââââââââââââââââââââââââââââââââââââââââââââââ â â â â â â â â â â â â â â â â v v v v v v v v âââââââ¬âââââââââââââââââââââââââââââââââââââââââ¬ââââââââââââââââââââââââ â [0] â ... â[9] ââ â âââââââ´âââââââââââââââââââââââââââââââââââââââââ´âââââ¤âafter valid rangeâ â 'buf' (type: 'char[10]') ââ â ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ âââââââââââââââââââââââââââ¬ââââââââââââââââââââââââââ¤ââââââââââ¬ââââââââ⤠â â âââââââââââ´âââââââââ® âââââââââââ´ââââââââââ® âcapacity: 10 bytesâ âoverflow of 3 bytesâ â°ââââââââââââââââââ⯠â°âââââââââââââââââââ⯠to: ââââââ¬âââââ¬âââââ¬âââââ¬ââââââââââââ¬ââââââ¬ââââââ â[0] â[1] â[2] â[3] â[4] ââ [5] â [6] â [7] â ââââââ¼âââââ¼âââââ¼âââââ¼âââââ¤âââââââ¼ââââââ¼âââââ⤠â' ' â'w' â'o' â'r' â'l' ââ 'd' â '!' â NUL â ââââââ´âââââ´âââââ´âââââ´âââââ´â´ââââââ´ââââââ´âââââ⤠â string literal (type: 'char[8]') â âââââââââââââââââââââââââââââââââââââââââââââ â â â â â â â â â â â â â â â â v v v v v v v v âââââââ¬âââââââââââââââââââââ¬âââââ¬âââââââââââââââ¬ââââââââââââââââââââââââ â [0] â ... â[5] â ... â[9] ââ â âââââââ¼âââââ¬âââââ¬âââââ¬âââââ¬â¼âââââ¼âââââââââââââââ´ââââââ â â 'h' â'e' â'l' â'l' â'o' ââNUL â âafter valid rangeâ âââââââ´âââââ´âââââ´âââââ´âââââ´â´âââââ´âââââââââââââââââââââ â â 'buf' (type: 'char[10]') ââ â ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ âââââââââââââââââââââââââââ¬ââââââââââââââââââââââââââ¤ââââââââââ¬ââââââââ⤠â â âââââââââââ´âââââââââ® âââââââââââ´ââââââââââ® âcapacity: 10 bytesâ âoverflow of 3 bytesâ â°ââââââââââââââââââ⯠â°âââââââââââââââââââ⯠gcc/analyzer/ChangeLog: PR analyzer/111155 * access-diagram.cc (boundaries::boundaries): Add logger param (boundaries::add): Add logging. (boundaries::get_hard_boundaries_in_range): New. (boundaries::m_logger): New field. (boundaries::get_table_x_for_offset): Make public. (class svalue_spatial_item): New. (class compound_svalue_spatial_item): New. (add_ellipsis_to_gaps): New. (valid_region_spatial_item::valid_region_spatial_item): Add theme param. Initialize m_boundaries, m_existing_sval, and m_existing_sval_spatial_item. (valid_region_spatial_item::add_boundaries): Set m_boundaries. Add boundaries for any m_existing_sval_spatial_item. (valid_region_spatial_item::add_array_elements_to_table): Rewrite creation of min/max index in terms of maybe_add_array_index_to_table. Rewrite ellipsis code using add_ellipsis_to_gaps. Add index values for any hard boundaries within the valid region. (valid_region_spatial_item::maybe_add_array_index_to_table): New, based on code formerly in add_array_elements_to_table. (valid_region_spatial_item::make_table): Make use of m_existing_sval_spatial_item, if any. (valid_region_spatial_item::m_boundaries): New field. (valid_region_spatial_item::m_existing_sval): New field. (valid_region_spatial_item::m_existing_sval_spatial_item): New field. (class svalue_spatial_item): Rename to... (class written_svalue_spatial_item): ...this. (class string_region_spatial_item): Rename to.. (class string_literal_spatial_item): ...this. Add "kind". (string_literal_spatial_item::add_boundaries): Use m_kind to determine kind of boundary. Update for renaming of m_actual_bits to m_bits. (string_literal_spatial_item::make_table): Likewise. Support not displaying a row for byte indexes, and not displaying a row for the type. (string_literal_spatial_item::add_column_for_byte): Make byte index row optional. (svalue_spatial_item::make): Convert to... (make_written_svalue_spatial_item): ...this. (make_existing_svalue_spatial_item): New. (access_diagram_impl::access_diagram_impl): Pass theme to m_valid_region_spatial_item ctor. Update for renaming of m_svalue_spatial_item. (access_diagram_impl::find_boundaries): Pass logger to boundaries. Update for renaming of... (access_diagram_impl::m_svalue_spatial_item): Rename to... (access_diagram_impl::m_written_svalue_spatial_item): ...this. gcc/testsuite/ChangeLog: PR analyzer/111155 * c-c++-common/analyzer/out-of-bounds-diagram-strcat-2.c: New test. * c-c++-common/analyzer/out-of-bounds-diagram-strcat.c: New test. * gcc.dg/analyzer/out-of-bounds-diagram-17.c: Update expected result to show the existing content of "buf" and the index at which the write starts. * gcc.dg/analyzer/out-of-bounds-diagram-18.c: Likewise. * gcc.dg/analyzer/out-of-bounds-diagram-19.c: Likewise. * gcc.dg/analyzer/out-of-bounds-diagram-6.c: Update expected output. gcc/ChangeLog: PR analyzer/111155 * text-art/table.cc (table::maybe_set_cell_span): New. (table::add_other_table): New. * text-art/table.h (class table::cell_placement): Add class table as a friend. (table::add_rows): New. (table::add_row): Reimplement in terms of add_rows. (table::maybe_set_cell_span): New decl. (table::add_other_table): New decl. * text-art/types.h (operator+): New operator for rect + coord. Signed-off-by: David Malcolm <dmalc...@redhat.com>
