Commit Graph

293 Commits

Author SHA1 Message Date
Daniel Marjamäki 5a4b309e6f Bug hunting: Add 'buffer overflow' check. Detect CVE-2019-19334 2020-05-23 17:50:24 +02:00
Daniel Marjamäki 820a9c29c1 ExprEngine: Return instead of Throw to continue analysis more 2020-05-23 11:43:30 +02:00
Daniel Marjamäki e5a3dc1a0c ExprEngine; Slow processing 2020-05-23 11:31:12 +02:00
Daniel Marjamäki 4e2f8d5d48 astyle formatting
[ci skip]
2020-05-23 07:30:22 +02:00
Oliver Stöneberg 37bc0483a4
made check.h less heavy (#2633) 2020-05-23 07:16:49 +02:00
Daniel Marjamäki 871cf379d5 ExprData: Better handling of ternary operator 2020-05-15 21:34:52 +02:00
Daniel Marjamäki 76f4fae806 Bug hunting; Started to activate some itc tests for uninitialized variables 2020-05-15 20:58:33 +02:00
Daniel Marjamäki e508950f4f ExprEngine; Activate bug hunting analysis for uninitialized variables/data. This analysis is pretty experimental right now. 2020-05-15 11:25:56 +02:00
Daniel Marjamäki 0799d74071 Tweak Z3 version checks 2020-05-12 17:01:16 +02:00
Daniel Marjamäki 3e650c311b Remove NEW_Z3 macro 2020-05-12 16:57:07 +02:00
Daniel Marjamäki 046f8eb6c6 ExprEngine: improved handling when lhs/rhs for && has unknown value 2020-05-10 22:50:23 +02:00
Oliver Stöneberg e0e50139cb
cleaned up includes based on include-what-you-use (#2632)
* cleaned up includes based on include-what-you-use

* token.cpp: fixed -Wextra-semi-stmt warning
2020-05-10 16:45:45 +02:00
Daniel Marjamäki 08ddd84780 Update copyright year 2020-05-10 11:16:32 +02:00
Daniel Marjamäki 3e0218299b Revert "Update copyright year"
This reverts commit 6eec6c4bd5.
2020-05-10 11:13:05 +02:00
Daniel Marjamäki 6eec6c4bd5 Update copyright year 2020-05-10 11:11:34 +02:00
Daniel Marjamäki d4169f04d5 Bug hunting; Avoid false warnings for impossible values 2020-05-08 17:42:56 +02:00
Daniel Marjamäki 02d88cb191 Travis: Run TestExprEngine tests 2020-05-08 12:21:22 +02:00
Daniel Marjamäki b5094f298a Bug hunting; Add new 'incomplete' flag for error messages. Used when analysis is incomplete. 2020-05-03 17:20:38 +02:00
Daniel Marjamäki 4c63940902 Add bug hunting test case for CVE-2019-7156 2020-05-02 22:22:31 +02:00
Daniel Marjamäki 56abbc1d42 Fixed segmentation faults 2020-05-01 18:10:18 +02:00
Daniel Marjamäki 34572a40ab Bug hunting: Fixed handling of switch 'case %char%' 2020-05-01 15:15:24 +02:00
Daniel Marjamäki 999ef06156 ExprEngine: Try to handle function with unknown type better 2020-04-30 22:10:30 +02:00
Daniel Marjamäki b27fabaacb Refactoring ExprEngine 2020-04-30 21:49:27 +02:00
Daniel Marjamäki b97250e0fa ExprEngine; Try to handle assignments better 2020-04-30 21:05:34 +02:00
Daniel Marjamäki 5a9e81897a ExprEngine: Document how it works 2020-04-30 12:18:49 +02:00
Daniel Marjamäki e30eabc896 ExprEngine: Fail to execute contract => write error message 2020-04-29 18:30:12 +02:00
Daniel Marjamäki daea5e2d6c Bug hunting: Do not warn about 'Division by zero' when variable is uninitialized 2020-04-29 11:00:33 +02:00
Daniel Marjamäki 5d67fd0e56 Bug hunting: Set 'inconclusive' flag for bailout values 2020-04-29 10:58:01 +02:00
Daniel Marjamäki 3eb19a64cb Removed inline suppression, it was not a FP, use #ifdef differently 2020-04-28 22:29:16 +02:00
Daniel Marjamäki 13e79fdeb6 Temporary inline suppression to hide false positive 2020-04-28 22:21:07 +02:00
Daniel Marjamäki 249a101ec2 Travis: Fix naming 2020-04-28 22:18:02 +02:00
Daniel Marjamäki 12dfd8a5ca GUI: Show missing/added contracts in tab 2020-04-28 22:09:01 +02:00
Daniel Marjamäki dab8b9fd31 ExprEngine: Improved checking of contracts in function calls 2020-04-28 17:16:13 +02:00
Daniel Marjamäki c19a9c2ad9 GUI: Only edit contract for non-bailout warnings 2020-04-27 19:43:38 +02:00
Daniel Marjamäki 2e369cc842 astyle formatting
[ci skip]
2020-04-27 17:35:52 +02:00
Daniel Marjamäki f7096a2232 Bug hunting: basic handling of contracts through GUI 2020-04-27 09:08:50 +02:00
Daniel Marjamäki 6d7dd7400d Refactoring; Sort options alphabetically. Removed unused --check-diff functionality. 2020-04-26 10:22:12 +02:00
Daniel Marjamäki 39710f106c Fixed #9693 (Bug hunting: Segmentation fault with --bug-hunting and clangimport.cpp) 2020-04-25 10:13:18 +02:00
Oliver Stöneberg 04bd2bdb74
some sanitizer build fixes and cleanups (#2621)
* cleaned up sanitizer build flags

* exprengine.cpp: work around linker error with Clang and UBSAN
2020-04-24 21:17:06 +02:00
Daniel Marjamäki 3042bbdc3d Bug hunting: Handle early returns faster 2020-04-24 18:51:54 +02:00
Oliver Stöneberg 1af959af2c
fixed -Wextra-semi-stmt Clang warnings (#2553)
* fixed -Wextra-semi-stmt Clang warnings

* adjusted REDIRECT macro to require a semicolon

* testmathlib.cpp: rolled back accidental change
2020-04-21 17:27:51 +02:00
Oliver Stöneberg 1dd8d4afaf
fixes for Clang and clang-tidy 10 (#2588)
* clang_tidy.cmake: added clang-tidy-10 to program list

* fixed -Wrange-loop-construct Clang warnings

* fixed readability-qualified-auto clang-tidy warnings

* .clang-tidy: actually disable clang-analyzer-* warnings

* .clang-tidy: disabled some new warnings introduced with clang-tidy-10
2020-04-04 11:44:59 +02:00
Paul Fultz II 921887a281
Use valueFlowGeneric for valueFlowForwardExpression (#2537) 2020-02-16 16:02:22 +01:00
Paul Fultz II 7368a54629
Add generic valueflow forward analysis (#2511) 2020-02-13 16:27:06 +01:00
Daniel Marjamäki 1b66820cdb Revert "remove BUG_HUNTING_UNINIT conditionals"
This reverts commit 07a251d783.
2020-02-12 18:54:07 +01:00
Daniel Marjamäki 07a251d783 remove BUG_HUNTING_UNINIT conditionals 2020-02-10 21:43:06 +01:00
Daniel Marjamäki 6a07c2f71a ExprEngine; Check struct member assignment 2020-01-21 20:29:13 +01:00
Daniel Marjamäki 263f80deb8 ExprEngine: Add variable value checker 2020-01-21 20:19:51 +01:00
Daniel Marjamäki 4235a29501 ExprEngine: Handle variable annotations better 2020-01-21 18:55:07 +01:00
Daniel Marjamäki a6ab986217 ExprEngine; In divbyzero report rhs token because that has better location 2020-01-19 09:16:02 +01:00
Daniel Marjamäki 16981f0813 ExprEngine; Fix FP for BailoutValue 2020-01-19 09:10:50 +01:00
Daniel Marjamäki f7a30fc99f Rename Verification => Bughunting 2020-01-18 07:25:57 +01:00
Daniel Marjamäki 272fbfeb74 ExprEngine; Fix Z3 usage for floats 2020-01-16 19:35:05 +01:00
Daniel Marjamäki bc737be0b5 ExprEngine; OLD_Z3 => NEW_Z3 2020-01-16 18:59:47 +01:00
Daniel Marjamäki 76a048a2c1 Bug hunting; 'hide' the uninitialized variables checking, I need to focus on division by zero and clang import 2020-01-15 21:06:00 +01:00
Daniel Marjamäki 9507fccfc1 ExprEngine: Quick hacks for old Z3 compatibility 2020-01-15 19:46:00 +01:00
Daniel Marjamäki 52d72b6ffc ExprEngine; Fix crash 2020-01-15 18:35:55 +01:00
Daniel Marjamäki 446e7c3c0e ExprEngine; Fix fp in edgevalue 2020-01-15 17:51:34 +01:00
Daniel Marjamäki c79ec9e956 ExprEngine: sizeof() 2020-01-15 15:24:36 +01:00
Daniel Marjamäki 5ac0eb100c Bug hunting; avoid crash when argument is NULL 2020-01-15 07:15:47 +01:00
Daniel Marjamäki 7820b5dbcc Rename 'Verification' to 'Bug hunting' 2020-01-14 21:17:07 +01:00
Daniel Marjamäki 1bad69923c astyle formatting
[ci skip]
2020-01-12 13:35:39 +01:00
Daniel Marjamäki 166402b5cf verificationUninit: Avoid some false positives for 'bailout' values 2020-01-12 13:35:09 +01:00
Daniel Marjamäki 88429382b7 Verification; Avoid obvious verificationUninit false positives during bailout 2020-01-12 11:53:49 +01:00
Daniel Marjamäki 7704f6578f Verification; Fix struct member false negative 2020-01-12 10:29:03 +01:00
Daniel Marjamäki 3db6502fba Verification; Dangerous casting of void pointer 2020-01-09 21:25:23 +01:00
Daniel Marjamäki bf62138237 Verification; Remove VERIFY_UNINIT define, the checking is always compiled from now on 2020-01-09 20:25:52 +01:00
Daniel Marjamäki 84b4f0f6ab Verification; Fixed false negative when global variable is changed by function call 2020-01-09 18:50:29 +01:00
Daniel Marjamäki 0e369edd8c Verification; Only warn about uninitialized function arguments if VERIFY_UNINIT is defined 2020-01-02 06:16:36 +01:00
Daniel Marjamäki e32c01b13c Verification; printing debug output on std::cout 2020-01-01 19:57:49 +01:00
Daniel Marjamäki f23d880a7e Verification; use <uninit> configuration 2020-01-01 14:37:20 +01:00
Daniel Marjamäki b44029cdaa Refactoring; CWEs should be clarified 2020-01-01 09:09:10 +01:00
Daniel Marjamäki 28c37bb63f Verification; Clarify error message 2020-01-01 08:36:40 +01:00
Daniel Marjamäki 443e8cfbcf Verification; avoid false positive for known float value 2020-01-01 08:33:27 +01:00
Daniel Marjamäki d4ec8075a4 Verification; Fix false positive in while loops 2019-12-31 22:32:16 +01:00
Daniel Marjamäki 043634be27 Verification; Better handling of assignment in while 2019-12-31 20:31:31 +01:00
Daniel Marjamäki 446256a503 Verification; assume non-const pointer argument might point at uninitialized data 2019-12-31 17:51:58 +01:00
Daniel Marjamäki 10010eba95 Verification; Avoid fp for array declaration 2019-12-31 16:50:20 +01:00
Daniel Marjamäki f55d72e821 Verification; uninitialized local variable 2019-12-31 14:57:42 +01:00
Daniel Marjamäki 48be067dd1 Verification; Added --verify-diff option 2019-12-31 12:05:08 +01:00
Daniel Marjamäki 3af3219076 Verification; Juliet *_float_* division by zero tests 2019-12-31 09:02:06 +01:00
Daniel Marjamäki fde86b696d Verification; Use ValueFlow for improved accuracy 2019-12-31 05:59:06 +01:00
Daniel Marjamäki 3ff31b799c Verification: Use separate id for floating point division by zero 2019-12-30 19:50:22 +01:00
Daniel Marjamäki 4b5585e75b Verification; floating point division by zero 2019-12-30 19:47:18 +01:00
Daniel Marjamäki a60efa6774 Verification; Experimental checking for uninit 2019-12-30 18:55:16 +01:00
Daniel Marjamäki 6ea1875a84 Verification; Ensure assertions for variable type limits are added 2019-12-30 12:53:59 +01:00
Daniel Marjamäki 29b599b0e5 Verification; callbacks in executeCast 2019-12-29 19:17:36 +01:00
Daniel Marjamäki 9723b28385 Verification; struct pointer member 2019-12-29 18:42:35 +01:00
Daniel Marjamäki 2710a94b4b Verification; Merged handling of pointers and arrays 2019-12-29 16:26:11 +01:00
Daniel Marjamäki d16ea3293e Verification; Fix testing 2019-12-28 22:09:16 +01:00
Daniel Marjamäki ab2e87191f Verification; Avoid crash 2019-12-27 20:27:21 +01:00
Daniel Marjamäki 49ed1a82b4 Verification; save report in custom file 2019-12-27 19:25:06 +01:00
Daniel Marjamäki 4b4f7ea60b Verification; Updated report 2019-12-27 19:05:22 +01:00
Dmitry-Me 147cf9319f Restore compilation in gcc-4.6 2019-12-27 18:26:44 +03:00
Daniel Marjamäki ec4668353d Verification; Determine argument number properly 2019-12-26 18:32:59 +01:00
Daniel Marjamäki 8c652afd6e Verification: Added IntRange::isLessThan and IntRange::isGreaterThan 2019-12-26 15:39:08 +01:00
Daniel Marjamäki 0cd2935dc7 Verification; Verify that function call argument values meet annotations 2019-12-25 09:23:07 +01:00
Daniel Marjamäki f0ac19514b Verification: Handle Cppcheck annotations __cppcheck_low__ and __cppcheck_high__ 2019-12-24 21:14:14 +01:00
Daniel Marjamäki 755e2d261c Fixed #9402 (ExprEngine: && and || in condition) 2019-12-24 15:52:02 +01:00
Daniel Marjamäki 747a01f74d Verification; Check function argument values 2019-12-23 22:10:43 +01:00
Daniel Marjamäki eb551728a5 Verification; Avoid FP for known values 2019-12-22 21:24:39 +01:00
Daniel Marjamäki 93f10da981 Verification; Detect errors after bailout 2019-12-22 21:03:43 +01:00
Daniel Marjamäki c3c9559bee Fix Cppcheck warning 2019-10-27 18:22:47 +01:00
Daniel Marjamäki c899d7becf --verify: Fix false negative in itc 2019-10-27 16:47:56 +01:00
Daniel Marjamäki 83a7987f6f --verify: Fix false negative in itc test suite 2019-10-27 16:23:37 +01:00
Daniel Marjamäki c56a45840a Verify: Fix false negative in itc 2019-10-27 15:35:04 +01:00
Daniel Marjamäki 37bb19f02c Verify: Fix a false negative in the itc test suite 2019-10-25 21:46:02 +02:00
Daniel Marjamäki 8cfc833381 ExprEngine: Better handling of container arguments 2019-10-23 22:04:48 +02:00
Daniel Marjamäki 052c02f8ee ExprEngine: Refactoring 2019-10-23 18:42:40 +02:00
Daniel Marjamäki bcfc0d32fe ExprEngine: :: 2019-10-23 18:23:25 +02:00
Daniel Marjamäki 7b50b76b89 ExprEngine: container value 2019-10-23 18:06:10 +02:00
Daniel Marjamäki 4d218d1b47 ExprEngine: Clarify output 2019-10-23 16:40:49 +02:00
Daniel Marjamäki 3699227b12 ExprEngine: Throw exception if there is unhandled expression in assignment LHS 2019-10-22 18:39:59 +02:00
Daniel Marjamäki d98ac017f7 ExprEngine: Improved handling of struct member assignments in loops 2019-10-14 22:04:12 +02:00
Daniel Marjamäki 8c5c070d6a ExprEngine: Improved handling of struct member assignments in loop 2019-10-14 19:41:32 +02:00
Daniel Marjamäki ee280a94fb ExprEngine: New handling of << and >> 2019-10-14 17:20:35 +02:00
Daniel Marjamäki 4e49b14721 ExprEngine: << and >> are not handled well, throw exception for now. 2019-10-14 11:56:39 +02:00
Daniel Marjamäki c7a56529bb ExprEngine: Clarify verificationIntegerOverflow message 2019-10-14 11:54:43 +02:00
Daniel Marjamäki 530d4d2427 ExprEngine: Throw exception if we do not handle array well yet 2019-10-10 20:29:43 +02:00
Daniel Marjamäki c2b514dc45 ExprEngine: Throw exception if assignment in loop is not handled 2019-10-10 11:12:36 +02:00
Daniel Marjamäki 5b9bc4918e ExprEngine: Better error output when solver fails 2019-10-09 22:16:30 +02:00
Daniel Marjamäki 63bd182e83 ExprEngine: Adapt to z3 handling of bool/int expressions 2019-10-09 20:18:17 +02:00
Daniel Marjamäki 273a1a7402 ExprEngine: Fix FP for 'int' overflows 2019-10-09 11:24:57 +02:00
Daniel Marjamäki ab6354754f ExprEngine: Catch z3::exception and print message 2019-10-09 09:42:18 +02:00
Daniel Marjamäki b27fe83da4 ExprEngine: Handle << and >> 2019-10-08 21:38:10 +02:00
Daniel Marjamäki 3e50150dbf ExprEngine: Fix the checking for integer overflows 2019-10-08 20:13:25 +02:00
Daniel Marjamäki 21774cbdc4 ExprEngine: Handle while/for loops 2019-10-07 17:45:06 +02:00
Daniel Marjamäki d82b1b29ce ExprEngine: Initial handling of switch 2019-10-06 19:58:51 +02:00
Daniel Marjamäki 05aae9569b ExprEngine: Execute false execution path even if there is no else, upon Z3 exception assume that value is in range (safe option) 2019-10-06 18:26:40 +02:00
Daniel Marjamäki 6c0c9ba6d3 ExprEngine: Handle 'break' and 'while (0);' 2019-10-06 17:43:30 +02:00
Daniel Marjamäki dcf8a7213f ExprEngine: ExprData::getConstraintExpr 2019-10-06 14:47:50 +02:00
Daniel Marjamäki 4e525e52ec ExprEngine: Avoid endless recursion for struct members that have struct type 2019-10-05 18:29:41 +02:00
Daniel Marjamäki e686699294 ExprEngine: Fix ExprEngin::IntRange::isIntValueInRange 2019-10-05 16:33:40 +02:00
Daniel Marjamäki fcccd5f42e ExprEngine: Small tweaks 2019-10-04 17:58:18 +02:00
Daniel Marjamäki f80d387374 ExprEngine: Arrays if-then-else 2019-10-03 20:16:06 +02:00
Daniel Marjamäki 555890fdfa ExprEngine: Removed NullPointerDereference checker for now. 2019-10-03 19:24:14 +02:00
Daniel Marjamäki b79283306f ExprEngine: Rename Data::conditions => Data::constraints 2019-10-03 08:48:05 +02:00
Daniel Marjamäki d916379f9f ExprEngine: Better handling of if/else 2019-10-02 21:47:00 +02:00
Daniel Marjamäki 7ab22c7176 ExprEngine: Use smt solver Z3 2019-10-02 17:59:04 +02:00
Daniel Marjamäki 1ccc303602 ExprEngine: Simplify array value if possible, ensure each array data has a unique name 2019-09-29 21:20:57 +02:00
Daniel Marjamäki 03ff32993e Fixed Cppcheck warning 2019-09-29 17:32:26 +02:00
Daniel Marjamäki 1979b64170 ExprEngine: Bailout when for|while|switch is seen 2019-09-29 17:28:12 +02:00
Daniel Marjamäki 40c3e68e07 ExprEngine: Add --debug-verify, fixed handling of global arrays 2019-09-29 15:00:54 +02:00
Daniel Marjamäki 60e1cf8b8d ExprEngine: Fix NULL pointer dereference tests 2019-09-29 08:26:09 +02:00
Daniel Marjamäki 3f587bef65 ExprEngine: Add some CWE476 (Null pointer dereference) checks 2019-09-28 19:28:12 +02:00
Daniel Marjamäki 1acd78a038 ExprEngine: Translate uninitialized values to value ranges 2019-09-28 16:16:36 +02:00
Daniel Marjamäki 2e5d663ae9 ExprEngine: Handle void* -> int* casts better 2019-09-28 15:40:00 +02:00
Daniel Marjamäki f6c0550c41 ExprEngine: Do not bailout if function type is not known if the result is not used anyway 2019-09-28 11:55:06 +02:00
Daniel Marjamäki b2239f04ba ExprEngine: Improve 'division by zero' warning 2019-09-28 11:03:20 +02:00
Daniel Marjamäki 0de3e76b2d ExprEngine: Clarify when analysis is aborted 2019-09-28 10:59:28 +02:00