analyzer: add SARD testsuite 81
A 2013 paper [1] proposed 5 simple tests for evaluating the
effectiveness of static analysis tools at detecting
CWE-121 ("Stack-based Buffer Overflow").
The tests can be found in:
https://samate.nist.gov/SARD/test-suites/81
This patch adds theses 5 tests to -fanalyzer's testsuite, lightly
modified to add DejaGnu directives.
This is for unit-testing; for broader testing of -fanalyzer I'm working
on a separate integration testing suite that builds various real-world C
projects with -fanalyzer, currently here:
https://github.com/davidmalcolm/gcc-analyzer-integration-tests
[1] Black, P. , Koo, H. and Irish, T. (2013), A Basic CWE-121 Buffer Overflow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Dependable Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=913117 (Accessed January 17, 2023)
gcc/testsuite/ChangeLog:
* gcc.dg/analyzer/SARD-tc117-basic-00001-min.c: New test, adapted
from https://samate.nist.gov/SARD/test-suites/81.
* gcc.dg/analyzer/SARD-tc1909-stack_overflow_loop.c: Likewise.
* gcc.dg/analyzer/SARD-tc249-basic-00034-min.c: Likewise.
* gcc.dg/analyzer/SARD-tc293-basic-00045-min.c: Likewise.
* gcc.dg/analyzer/SARD-tc841-basic-00182-min.c: Likewise.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
projects / platform / upstream / gcc.git / commit