search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
analyzer: enable taint state machine by default [PR103533]
[official-gcc.git] / gcc / analyzer / region-model-manager.h
bloba5281819a69be751323adb72a6b56087c96cd723
1 /* Consolidation of svalues and regions.
2 Copyright (C) 2020-2023 Free Software Foundation, Inc.
3 Contributed by David Malcolm <dmalcolm@redhat.com>.
4
5 This file is part of GCC.
6
7 GCC is free software; you can redistribute it and/or modify it
8 under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3, or (at your option)
10 any later version.
11
12 GCC is distributed in the hope that it will be useful, but
13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with GCC; see the file COPYING3. If not see
19 <http://www.gnu.org/licenses/>. */
20
21 #ifndef GCC_ANALYZER_REGION_MODEL_MANAGER_H
22 #define GCC_ANALYZER_REGION_MODEL_MANAGER_H
23
24 namespace ana {
25
26 /* A class responsible for owning and consolidating region and svalue
27 instances.
28 region and svalue instances are immutable as far as clients are
29 concerned, so they are provided as "const" ptrs. */
30
31 class region_model_manager
32 {
33 public:
34 region_model_manager (logger *logger = NULL);
35 ~region_model_manager ();
36
37 unsigned get_num_symbols () const { return m_next_symbol_id; }
38 unsigned alloc_symbol_id () { return m_next_symbol_id++; }
39
40 /* call_string consolidation. */
41 const call_string &get_empty_call_string () const
42 {
43 return m_empty_call_string;
44 }
45
46 /* svalue consolidation. */
47 const svalue *get_or_create_constant_svalue (tree cst_expr);
48 const svalue *get_or_create_int_cst (tree type, const poly_wide_int_ref &cst);
49 const svalue *get_or_create_null_ptr (tree pointer_type);
50 const svalue *get_or_create_unknown_svalue (tree type);
51 const svalue *get_or_create_setjmp_svalue (const setjmp_record &r,
52 tree type);
53 const svalue *get_or_create_poisoned_svalue (enum poison_kind kind,
54 tree type);
55 const svalue *get_or_create_initial_value (const region *reg,
56 bool check_poisoned = true);
57 const svalue *get_ptr_svalue (tree ptr_type, const region *pointee);
58 const svalue *get_or_create_unaryop (tree type, enum tree_code op,
59 const svalue *arg);
60 const svalue *get_or_create_cast (tree type, const svalue *arg);
61 const svalue *get_or_create_binop (tree type,
62 enum tree_code op,
63 const svalue *arg0, const svalue *arg1);
64 const svalue *get_or_create_sub_svalue (tree type,
65 const svalue *parent_svalue,
66 const region *subregion);
67 const svalue *get_or_create_repeated_svalue (tree type,
68 const svalue *outer_size,
69 const svalue *inner_svalue);
70 const svalue *get_or_create_bits_within (tree type,
71 const bit_range &bits,
72 const svalue *inner_svalue);
73 const svalue *get_or_create_unmergeable (const svalue *arg);
74 const svalue *get_or_create_widening_svalue (tree type,
75 const function_point &point,
76 const svalue *base_svalue,
77 const svalue *iter_svalue);
78 const svalue *get_or_create_compound_svalue (tree type,
79 const binding_map &map);
80 const svalue *get_or_create_conjured_svalue (tree type, const gimple *stmt,
81 const region *id_reg,
82 const conjured_purge &p);
83 const svalue *
84 get_or_create_asm_output_svalue (tree type,
85 const gasm *asm_stmt,
86 unsigned output_idx,
87 const vec<const svalue *> &inputs);
88 const svalue *
89 get_or_create_asm_output_svalue (tree type,
90 const char *asm_string,
91 unsigned output_idx,
92 unsigned num_outputs,
93 const vec<const svalue *> &inputs);
94 const svalue *
95 get_or_create_const_fn_result_svalue (tree type,
96 tree fndecl,
97 const vec<const svalue *> &inputs);
98
99 const svalue *maybe_get_char_from_string_cst (tree string_cst,
100 tree byte_offset_cst);
101
102 /* Dynamically-allocated svalue instances.
103 The number of these within the analysis can grow arbitrarily.
104 They are still owned by the manager. */
105 const svalue *create_unique_svalue (tree type);
106
107 /* region consolidation. */
108 const stack_region * get_stack_region () const { return &m_stack_region; }
109 const heap_region *get_heap_region () const { return &m_heap_region; }
110 const code_region *get_code_region () const { return &m_code_region; }
111 const globals_region *get_globals_region () const
112 {
113 return &m_globals_region;
114 }
115 const errno_region *get_errno_region () const { return &m_errno_region; }
116 const function_region *get_region_for_fndecl (tree fndecl);
117 const label_region *get_region_for_label (tree label);
118 const decl_region *get_region_for_global (tree expr);
119 const region *get_field_region (const region *parent, tree field);
120 const region *get_element_region (const region *parent,
121 tree element_type,
122 const svalue *index);
123 const region *get_offset_region (const region *parent,
124 tree type,
125 const svalue *byte_offset);
126 const region *get_sized_region (const region *parent,
127 tree type,
128 const svalue *byte_size_sval);
129 const region *get_cast_region (const region *original_region,
130 tree type);
131 const frame_region *get_frame_region (const frame_region *calling_frame,
132 function *fun);
133 const region *get_symbolic_region (const svalue *sval);
134 const string_region *get_region_for_string (tree string_cst);
135 const region *get_bit_range (const region *parent, tree type,
136 const bit_range &bits);
137 const var_arg_region *get_var_arg_region (const frame_region *parent,
138 unsigned idx);
139
140 const region *get_unknown_symbolic_region (tree region_type);
141
142 const region *
143 get_region_for_unexpected_tree_code (region_model_context *ctxt,
144 tree t,
145 const dump_location_t &loc);
146
147 store_manager *get_store_manager () { return &m_store_mgr; }
148 bounded_ranges_manager *get_range_manager () const { return m_range_mgr; }
149
150 known_function_manager *get_known_function_manager ()
151 {
152 return &m_known_fn_mgr;
153 }
154
155 /* Dynamically-allocated region instances.
156 The number of these within the analysis can grow arbitrarily.
157 They are still owned by the manager. */
158 const region *
159 get_or_create_region_for_heap_alloc (const bitmap &base_regs_in_use);
160 const region *create_region_for_alloca (const frame_region *frame);
161
162 void log_stats (logger *logger, bool show_objs) const;
163
164 void begin_checking_feasibility (void) { m_checking_feasibility = true; }
165 void end_checking_feasibility (void) { m_checking_feasibility = false; }
166
167 logger *get_logger () const { return m_logger; }
168
169 void dump_untracked_regions () const;
170
171 private:
172 bool too_complex_p (const complexity &c) const;
173 bool reject_if_too_complex (svalue *sval);
174
175 const svalue *maybe_fold_unaryop (tree type, enum tree_code op,
176 const svalue *arg);
177 const svalue *maybe_fold_binop (tree type, enum tree_code op,
178 const svalue *arg0, const svalue *arg1);
179 const svalue *maybe_fold_sub_svalue (tree type,
180 const svalue *parent_svalue,
181 const region *subregion);
182 const svalue *maybe_fold_repeated_svalue (tree type,
183 const svalue *outer_size,
184 const svalue *inner_svalue);
185 const svalue *maybe_fold_bits_within_svalue (tree type,
186 const bit_range &bits,
187 const svalue *inner_svalue);
188 const svalue *maybe_undo_optimize_bit_field_compare (tree type,
189 const compound_svalue *compound_sval,
190 tree cst, const svalue *arg1);
191 const svalue *maybe_fold_asm_output_svalue (tree type,
192 const vec<const svalue *> &inputs);
193
194 logger *m_logger;
195
196 unsigned m_next_symbol_id;
197
198 const call_string m_empty_call_string;
199
200 root_region m_root_region;
201 stack_region m_stack_region;
202 heap_region m_heap_region;
203
204 /* svalue consolidation. */
205 typedef hash_map<tree, constant_svalue *> constants_map_t;
206 constants_map_t m_constants_map;
207
208 typedef hash_map<tree, unknown_svalue *> unknowns_map_t;
209 unknowns_map_t m_unknowns_map;
210 const unknown_svalue *m_unknown_NULL;
211
212 typedef hash_map<poisoned_svalue::key_t,
213 poisoned_svalue *> poisoned_values_map_t;
214 poisoned_values_map_t m_poisoned_values_map;
215
216 typedef hash_map<setjmp_svalue::key_t,
217 setjmp_svalue *> setjmp_values_map_t;
218 setjmp_values_map_t m_setjmp_values_map;
219
220 typedef hash_map<const region *, initial_svalue *> initial_values_map_t;
221 initial_values_map_t m_initial_values_map;
222
223 typedef hash_map<region_svalue::key_t, region_svalue *> pointer_values_map_t;
224 pointer_values_map_t m_pointer_values_map;
225
226 typedef hash_map<unaryop_svalue::key_t,
227 unaryop_svalue *> unaryop_values_map_t;
228 unaryop_values_map_t m_unaryop_values_map;
229
230 typedef hash_map<binop_svalue::key_t, binop_svalue *> binop_values_map_t;
231 binop_values_map_t m_binop_values_map;
232
233 typedef hash_map<sub_svalue::key_t, sub_svalue *> sub_values_map_t;
234 sub_values_map_t m_sub_values_map;
235
236 typedef hash_map<repeated_svalue::key_t,
237 repeated_svalue *> repeated_values_map_t;
238 repeated_values_map_t m_repeated_values_map;
239
240 typedef hash_map<bits_within_svalue::key_t,
241 bits_within_svalue *> bits_within_values_map_t;
242 bits_within_values_map_t m_bits_within_values_map;
243
244 typedef hash_map<const svalue *,
245 unmergeable_svalue *> unmergeable_values_map_t;
246 unmergeable_values_map_t m_unmergeable_values_map;
247
248 typedef hash_map<widening_svalue::key_t,
249 widening_svalue */*,
250 widening_svalue::key_t::hash_map_traits*/>
251 widening_values_map_t;
252 widening_values_map_t m_widening_values_map;
253
254 typedef hash_map<compound_svalue::key_t,
255 compound_svalue *> compound_values_map_t;
256 compound_values_map_t m_compound_values_map;
257
258 typedef hash_map<conjured_svalue::key_t,
259 conjured_svalue *> conjured_values_map_t;
260 conjured_values_map_t m_conjured_values_map;
261
262 typedef hash_map<asm_output_svalue::key_t,
263 asm_output_svalue *> asm_output_values_map_t;
264 asm_output_values_map_t m_asm_output_values_map;
265
266 typedef hash_map<const_fn_result_svalue::key_t,
267 const_fn_result_svalue *> const_fn_result_values_map_t;
268 const_fn_result_values_map_t m_const_fn_result_values_map;
269
270 bool m_checking_feasibility;
271
272 /* "Dynamically-allocated" svalue instances.
273 The number of these within the analysis can grow arbitrarily.
274 They are still owned by the manager. */
275 auto_delete_vec<svalue> m_managed_dynamic_svalues;
276
277 /* Maximum complexity of svalues that weren't rejected. */
278 complexity m_max_complexity;
279
280 /* region consolidation. */
281
282 code_region m_code_region;
283 typedef hash_map<tree, function_region *> fndecls_map_t;
284 typedef fndecls_map_t::iterator fndecls_iterator_t;
285 fndecls_map_t m_fndecls_map;
286
287 typedef hash_map<tree, label_region *> labels_map_t;
288 typedef labels_map_t::iterator labels_iterator_t;
289 labels_map_t m_labels_map;
290
291 globals_region m_globals_region;
292 typedef hash_map<tree, decl_region *> globals_map_t;
293 typedef globals_map_t::iterator globals_iterator_t;
294 globals_map_t m_globals_map;
295
296 thread_local_region m_thread_local_region;
297 errno_region m_errno_region;
298
299 consolidation_map<field_region> m_field_regions;
300 consolidation_map<element_region> m_element_regions;
301 consolidation_map<offset_region> m_offset_regions;
302 consolidation_map<sized_region> m_sized_regions;
303 consolidation_map<cast_region> m_cast_regions;
304 consolidation_map<frame_region> m_frame_regions;
305 consolidation_map<symbolic_region> m_symbolic_regions;
306
307 typedef hash_map<tree, string_region *> string_map_t;
308 string_map_t m_string_map;
309
310 consolidation_map<bit_range_region> m_bit_range_regions;
311 consolidation_map<var_arg_region> m_var_arg_regions;
312
313 store_manager m_store_mgr;
314
315 bounded_ranges_manager *m_range_mgr;
316
317 known_function_manager m_known_fn_mgr;
318
319 /* "Dynamically-allocated" region instances.
320 The number of these within the analysis can grow arbitrarily.
321 They are still owned by the manager. */
322 auto_delete_vec<region> m_managed_dynamic_regions;
323 };
324
325 } // namespace ana
326
327 #endif /* GCC_ANALYZER_REGION_MODEL_MANAGER_H */
Mirror of the offical gcc git repository hosted at gcc.gnu.org