]> git.ipfire.org Git - thirdparty/gcc.git/blame - gcc/analyzer/ChangeLog
projects / thirdparty / gcc.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
aix: Fix TLS thread pointer function names.
[thirdparty/gcc.git] / gcc / analyzer / ChangeLog
CommitLineData
06a9f20f
GA		 12021-02-26 David Malcolm <dmalcolm@redhat.com>
2
3 * engine.cc (exploded_path::exploded_path): New copy-ctor.
4 * exploded-graph.h (exploded_path::operator=): Drop decl.
5
62021-02-26 David Malcolm <dmalcolm@redhat.com>
7
8 PR analyzer/96374
9 * diagnostic-manager.cc (class epath_finder): New.
10 (epath_finder::get_best_epath): New.
11 (saved_diagnostic::saved_diagnostic): Update for replacement of
12 m_state and m_epath_length with m_best_epath.
13 (saved_diagnostic::~saved_diagnostic): Delete m_best_epath.
14 (saved_diagnostic::to_json): Update "path_length" to be optional.
15 (saved_diagnostic::calc_best_epath): New, based on
16 dedupe_winners::add and parts of dedupe_key::dedupe_key.
17 (saved_diagnostic::get_epath_length): New.
18 (saved_diagnostic::add_duplicate): New.
19 (dedupe_key::dedupe_key): Drop epath param. Move invocation of
20 stmt_finder to saved_diagnostic::calc_best_epath.
21 (class dedupe_candidate): Delete.
22 (class dedupe_hash_map_traits): Update to use saved_diagnotic *
23 rather than dedupe_candidate * as the value_type/compare_type.
24 (dedupe_winners::~dedupe_winners): Don't delete the values.
25 (dedupe_winners::add): Convert param from shortest_exploded_paths to
26 epath_finder. Drop "eg" param. Drop dedupe_candidate, moving
27 path generation and feasiblity checking to
28 epath_finder::get_best_epath. Update winner-selection for move
29 of epaths from dedupe_candidate to saved_diagnostic.
30 (dedupe_winners::emit_best): Update for removal of class
31 dedupe_candidate.
32 (dedupe_winners::map_t): Update to use saved_diagnotic * rather
33 than dedupe_candidate * as the value_type/compare_type.
34 (diagnostic_manager::emit_saved_diagnostics): Move
35 shortest_exploded_paths instance into epath_finder and pass that
36 around instead.
37 (diagnostic_manager::emit_saved_diagnostic): Drop epath, stmt
38 and num_dupes params, instead getting these from the
39 saved_diagnostic. Use correct location in inform_n call.
40 * diagnostic-manager.h (class epath_finder): New forward decl.
41 (saved_diagnostic::status): Drop enum.
42 (saved_diagnostic::set_feasible): Drop.
43 (saved_diagnostic::set_infeasible): Drop.
44 (saved_diagnostic::get_status): Drop.
45 (saved_diagnostic::calc_best_epath): New decl.
46 (saved_diagnostic::get_best_epath): New decl.
47 (saved_diagnostic::get_epath_length): New decl.
48 (saved_diagnostic::set_epath_length): Drop.
49 (saved_diagnostic::get_epath_length): Drop inline implementation.
50 (saved_diagnostic::add_duplicate): New.
51 (saved_diagnostic::get_num_dupes): New.
52 (saved_diagnostic::m_d): Document ownership.
53 (saved_diagnostic::m_trailing_eedge): Make const.
54 (saved_diagnostic::m_status): Drop field.
55 (saved_diagnostic::m_epath_length): Drop field.
56 (saved_diagnostic::m_best_epath): New field.
57 (saved_diagnostic::m_problem): Document ownership.
58 (saved_diagnostic::m_duplicates): New field.
59 (diagnostic_manager::emit_saved_diagnostic): Drop params epath,
60 stmt, and num_dupes.
61 * engine.cc (exploded_graph_annotator::print_saved_diagnostic):
62 Update for changes to saved_diagnostic class.
63 * exploded-graph.h (exploded_path::feasible_p): Drop unused
64 overloaded decl.
65
daa68844
GA		 662021-02-25 David Malcolm <dmalcolm@redhat.com>
67
68 PR analyzer/99193
69 * region-model-impl-calls.cc (region_model::impl_call_realloc): New.
70 * region-model.cc (region_model::on_call_pre): Call it.
71 * region-model.h (region_model::impl_call_realloc): New decl.
72 * sm-malloc.cc (enum wording): Add WORDING_REALLOCATED.
73 (malloc_state_machine::m_realloc): New field.
74 (use_after_free::describe_state_change): Add case for
75 WORDING_REALLOCATED.
76 (use_after_free::describe_final_event): Likewise.
77 (malloc_state_machine::malloc_state_machine): Initialize
78 m_realloc.
79 (malloc_state_machine::on_stmt): Handle realloc by calling...
80 (malloc_state_machine::on_realloc_call): New.
81
2f5765cf
GA		 822021-02-22 David Malcolm <dmalcolm@redhat.com>
83
84 PR analyzer/99196
85 * engine.cc (exploded_node::on_stmt): Provide terminate_path
86 flag as a way for on_call_pre to terminate the current analysis
87 path.
88 * region-model-impl-calls.cc (call_details::num_args): New.
89 (region_model::impl_call_error): New.
90 * region-model.cc (region_model::on_call_pre): Add param
91 "out_terminate_path". Handle "error" and "error_at_line".
92 * region-model.h (call_details::num_args): New decl.
93 (region_model::on_call_pre): Add param "out_terminate_path".
94 (region_model::impl_call_error): New decl.
95
acc0ee5c
GA		 962021-02-17 David Malcolm <dmalcolm@redhat.com>
97
98 PR analyzer/98969
99 * constraint-manager.cc (dead_svalue_purger::should_purge_p):
100 Update for change to svalue::live_p.
101 * program-state.cc (sm_state_map::on_liveness_change): Likewise.
102 (program_state::detect_leaks): Likewise.
103 * region-model-reachability.cc (reachable_regions::init_cluster):
104 When dealing with a symbolic region, if the underlying pointer is
105 implicitly live, add the region to the reachable regions.
106 * region-model.cc (region_model::compare_initial_and_pointer):
107 Move logic for detecting initial values of params to
108 initial_svalue::initial_value_of_param_p.
109 * svalue.cc (svalue::live_p): Convert "live_svalues" from a
110 reference to a pointer; support it being NULL.
111 (svalue::implicitly_live_p): Convert first param from a
112 refererence to a pointer.
113 (region_svalue::implicitly_live_p): Likewise.
114 (constant_svalue::implicitly_live_p): Likewise.
115 (initial_svalue::implicitly_live_p): Likewise. Treat the initial
116 values of params for the top level frame as still live.
117 (initial_svalue::initial_value_of_param_p): New function, taken
118 from a test in region_model::compare_initial_and_pointer.
119 (unaryop_svalue::implicitly_live_p): Convert first param from a
120 refererence to a pointer.
121 (binop_svalue::implicitly_live_p): Likewise.
122 (sub_svalue::implicitly_live_p): Likewise.
123 (unmergeable_svalue::implicitly_live_p): Likewise.
124 * svalue.h (svalue::live_p): Likewise.
125 (svalue::implicitly_live_p): Likewise.
126 (region_svalue::implicitly_live_p): Likewise.
127 (constant_svalue::implicitly_live_p): Likewise.
128 (initial_svalue::implicitly_live_p): Likewise.
129 (initial_svalue::initial_value_of_param_p): New decl.
130 (unaryop_svalue::implicitly_live_p): Convert first param from a
131 refererence to a pointer.
132 (binop_svalue::implicitly_live_p): Likewise.
133 (sub_svalue::implicitly_live_p): Likewise.
134 (unmergeable_svalue::implicitly_live_p): Likewise.
135
fab095da
GA		 1362021-02-12 David Malcolm <dmalcolm@redhat.com>
137
138 PR analyzer/98969
139 * engine.cc (readability): Add names for the various arbitrary
140 values. Handle NOP_EXPR and INTEGER_CST.
141 (readability_comparator): Combine the readability tests for
142 tree and stack depth, rather than performing them sequentially.
143 (impl_region_model_context::on_state_leak): Strip off top-level
144 casts.
145 * region-model.cc (region_model::get_representative_path_var): Add
146 type-checking, moving the bulk of the implementation to...
147 (region_model::get_representative_path_var_1): ...here. Respect
148 types in casts by recursing and re-adding the cast, rather than
149 merely stripping them off. Use the correct type when handling
150 region_svalue.
151 (region_model::get_representative_tree): Strip off any top-level
152 cast.
153 (region_model::get_representative_path_var): Add type-checking,
154 moving the bulk of the implementation to...
155 (region_model::get_representative_path_var_1): ...here.
156 * region-model.h (region_model::get_representative_path_var_1):
157 New decl
158 (region_model::get_representative_path_var_1): New decl.
159 * store.cc (append_pathvar_with_type): New.
160 (binding_cluster::get_representative_path_vars): Cast path_vars
161 to the correct type when adding them to *OUT_PVS.
162
0a91b73e
GA		 1632021-02-09 David Malcolm <dmalcolm@redhat.com>
164
165 PR analyzer/98575
166 * sm-file.cc (is_file_using_fn_p): Support "_IO_"-prefixed
167 variants.
168
1692021-02-09 David Malcolm <dmalcolm@redhat.com>
170
171 PR analyzer/98575
172 * store.cc (store::set_value): Treat a pointer written to *UNKNOWN
173 as having escaped.
174
548b75d8
GA		 1752021-02-02 David Malcolm <dmalcolm@redhat.com>
176
177 PR analyzer/93355
178 PR analyzer/96374
179 * engine.cc (toplevel_function_p): Simplify so that
180 we only reject functions with a "__analyzer_" prefix.
181 (add_any_callbacks): Delete.
182 (exploded_graph::build_initial_worklist): Update for
183 dropped param of toplevel_function_p.
184 (exploded_graph::build_initial_worklist): Don't bother
185 looking for callbacks that are reachable from global
186 initializers.
187
f7884fb1
GA		 1882021-02-01 David Malcolm <dmalcolm@redhat.com>
189
190 PR analyzer/98918
191 * region-model-manager.cc
192 (region_model_manager::get_or_create_initial_value):
193 Fold the initial value of *UNKNOWN_PTR to an UNKNOWN value.
194 (region_model_manager::get_field_region): Fold the value
195 of UNKNOWN_PTR->FIELD to *UNKNOWN_PTR_OF_&FIELD_TYPE.
196
2900f2f2
GA		 1972021-01-29 David Malcolm <dmalcolm@redhat.com>
198
199 * checker-path.cc (event_kind_to_string): Handle
200 EK_START_CONSOLIDATED_CFG_EDGES and
201 EK_END_CONSOLIDATED_CFG_EDGES.
202 (start_consolidated_cfg_edges_event::get_desc): New.
203 (checker_path::cfg_edge_pair_at_p): New.
204 * checker-path.h (enum event_kind): Add
205 EK_START_CONSOLIDATED_CFG_EDGES and
206 EK_END_CONSOLIDATED_CFG_EDGES.
207 (class start_consolidated_cfg_edges_event): New class.
208 (class end_consolidated_cfg_edges_event): New class.
209 (checker_path::delete_events): New.
210 (checker_path::replace_event): New.
211 (checker_path::cfg_edge_pair_at_p): New decl.
212 * diagnostic-manager.cc (diagnostic_manager::prune_path): Call
213 consolidate_conditions.
214 (same_line_as_p): New.
215 (diagnostic_manager::consolidate_conditions): New.
216 * diagnostic-manager.h
217 (diagnostic_manager::consolidate_conditions): New decl.
218
ef1f8ee6
GA		 2192021-01-18 David Malcolm <dmalcolm@redhat.com>
220
221 * analyzer.h (is_std_named_call_p): New decl.
222 * diagnostic-manager.cc (path_builder::get_sm): New.
223 (state_change_event_creator::state_change_event_creator): Add "pb"
224 param.
225 (state_change_event_creator::on_global_state_change): Don't consider
226 state changes affecting other state_machines.
227 (state_change_event_creator::on_state_change): Likewise.
228 (state_change_event_creator::m_pb): New field.
229 (diagnostic_manager::add_events_for_eedge): Pass pb to visitor
230 ctor.
231 * region-model-impl-calls.cc
232 (region_model::impl_deallocation_call): New.
233 * region-model.cc: Include "attribs.h".
234 (region_model::on_call_post): Handle fndecls referenced by
235 __attribute__((deallocated_by(FOO))).
236 * region-model.h (region_model::impl_deallocation_call): New decl.
237 * sm-malloc.cc: Include "stringpool.h" and "attribs.h". Add
238 leading comment.
239 (class api): Delete.
240 (enum resource_state): Update comment for change from api to
241 deallocator and deallocator_set.
242 (allocation_state::allocation_state): Drop api param. Add
243 "deallocators" and "deallocator".
244 (allocation_state::m_api): Drop field in favor of...
245 (allocation_state::m_deallocators): New field.
246 (allocation_state::m_deallocator): New field.
247 (enum wording): Add WORDING_DEALLOCATED.
248 (struct deallocator): New.
249 (struct standard_deallocator): New.
250 (struct custom_deallocator): New.
251 (struct deallocator_set): New.
252 (struct custom_deallocator_set): New.
253 (struct standard_deallocator_set): New.
254 (struct deallocator_set_map_traits): New.
255 (malloc_state_machine::m_malloc): Drop field
256 (malloc_state_machine::m_scalar_new): Likewise.
257 (malloc_state_machine::m_vector_new): Likewise.
258 (malloc_state_machine::m_free): New field
259 (malloc_state_machine::m_scalar_delete): Likewise.
260 (malloc_state_machine::m_vector_delete): Likewise.
261 (malloc_state_machine::deallocator_map_t): New typedef.
262 (malloc_state_machine::m_deallocator_map): New field.
263 (malloc_state_machine::deallocator_set_cache_t): New typedef.
264 (malloc_state_machine::m_custom_deallocator_set_cache): New field.
265 (malloc_state_machine::custom_deallocator_set_map_t): New typedef.
266 (malloc_state_machine::m_custom_deallocator_set_map): New field.
267 (malloc_state_machine::m_dynamic_sets): New field.
268 (malloc_state_machine::m_dynamic_deallocators): New field.
269 (api::api): Delete.
270 (deallocator::deallocator): New ctor.
271 (deallocator::hash): New.
272 (deallocator::dump_to_pp): New.
273 (deallocator::cmp): New.
274 (deallocator::cmp_ptr_ptr): New.
275 (standard_deallocator::standard_deallocator): New ctor.
276 (deallocator_set::deallocator_set): New ctor.
277 (deallocator_set::dump): New.
278 (custom_deallocator_set::custom_deallocator_set): New ctor.
279 (custom_deallocator_set::contains_p): New.
280 (custom_deallocator_set::maybe_get_single): New.
281 (custom_deallocator_set::dump_to_pp): New.
282 (standard_deallocator_set::standard_deallocator_set): New ctor.
283 (standard_deallocator_set::contains_p): New.
284 (standard_deallocator_set::maybe_get_single): New.
285 (standard_deallocator_set::dump_to_pp): New.
286 (start_p): New.
287 (class mismatching_deallocation): Update for conversion from api
288 to deallocator_set and deallocator.
289 (double_free::emit): Use %qs.
290 (class use_after_free): Update for conversion from api to
291 deallocator_set and deallocator.
292 (malloc_leak::describe_state_change): Only emit "allocated here" on
293 a start->nonnull transition, rather than on other transitions to
294 nonnull.
295 (allocation_state::dump_to_pp): Update for conversion from api to
296 deallocator_set.
297 (allocation_state::get_nonnull): Likewise.
298 (malloc_state_machine::malloc_state_machine): Likewise.
299 (malloc_state_machine::~malloc_state_machine): New.
300 (malloc_state_machine::add_state): Update for conversion from api
301 to deallocator_set.
302 (malloc_state_machine::get_or_create_custom_deallocator_set): New.
303 (malloc_state_machine::maybe_create_custom_deallocator_set): New.
304 (malloc_state_machine::get_or_create_deallocator): New.
305 (malloc_state_machine::on_stmt): Update for conversion from api
306 to deallocator_set. Handle "__attribute__((malloc(FOO)))", and
307 the special attribute set on FOO.
308 (malloc_state_machine::on_allocator_call): Update for conversion
309 from api to deallocator_set. Add "returns_nonnull" param and use
310 it to affect which state to transition to.
311 (malloc_state_machine::on_deallocator_call): Update for conversion
312 from api to deallocator_set.
313
5fff80fd
GA		 3142021-01-14 David Malcolm <dmalcolm@redhat.com>
315
316 * engine.cc (strongly_connected_components::to_json): New.
317 (worklist::to_json): New.
318 (exploded_graph::to_json): JSON-ify the worklist.
319 * exploded-graph.h (strongly_connected_components::to_json): New
320 decl.
321 (worklist::to_json): New decl.
322 * store.cc (store::to_json): Fix comment.
323 * supergraph.cc (supernode::to_json): Fix reference to
324 "returning_call" in comment. Add optional "fun" to JSON.
325 (edge_kind_to_string): New.
326 (superedge::to_json): Add "kind" to JSON.
327
3282021-01-14 David Malcolm <dmalcolm@redhat.com>
329
330 PR analyzer/98679
331 * analyzer.h (region_offset::operator==): Make const.
332 * pending-diagnostic.h (pending_diagnostic::equal_p): Likewise.
333 * store.h (binding_cluster::for_each_value): Likewise.
334 (binding_cluster::for_each_binding): Likewise.
335
6851dda2
GA		 3362021-01-12 David Malcolm <dmalcolm@redhat.com>
337
338 PR analyzer/98628
339 * store.cc (binding_cluster::make_unknown_relative_to): Don't mark
340 dereferenced unknown pointers as having escaped.
341
7d187e4f
GA		 3422021-01-07 David Malcolm <dmalcolm@redhat.com>
343
344 PR analyzer/98580
345 * region.cc (decl_region::get_svalue_for_initializer): Gracefully
346 handle when LTO writes out DECL_INITIAL as error_mark_node.
347
3482021-01-07 David Malcolm <dmalcolm@redhat.com>
349
350 PR analyzer/97074
351 * store.cc (binding_cluster::can_merge_p): Add "out_store" param
352 and pass to calls to binding_cluster::make_unknown_relative_to.
353 (binding_cluster::make_unknown_relative_to): Add "out_store"
354 param. Use it to mark base regions that are pointed to by
355 pointers that become unknown as having escaped.
356 (store::can_merge_p): Pass out_store to
357 binding_cluster::can_merge_p.
358 * store.h (binding_cluster::can_merge_p): Add "out_store" param.
359 (binding_cluster::make_unknown_relative_to): Likewise.
360 * svalue.cc (region_svalue::implicitly_live_p): New vfunc.
361 * svalue.h (region_svalue::implicitly_live_p): New vfunc decl.
362
3632021-01-07 David Malcolm <dmalcolm@redhat.com>
364
365 PR analyzer/98564
366 * engine.cc (exploded_path::feasible_p): Add missing call to
367 bitmap_clear.
368
942ae5be
GA		 3692021-01-06 David Malcolm <dmalcolm@redhat.com>
370
371 PR analyzer/97072
372 * region-model-reachability.cc (reachable_regions::init_cluster):
373 Convert symbolic region handling to a switch statement. Add cases
374 to handle SK_UNKNOWN and SK_CONJURED.
375
651b8a50
GA		 3762021-01-05 David Malcolm <dmalcolm@redhat.com>
377
378 PR analyzer/98293
379 * store.cc (binding_map::apply_ctor_to_region): When "index" is
380 NULL, iterate through the fields for RECORD_TYPEs, rather than
381 creating an INTEGER_CST index.
382
94358e47
GA		 3832020-11-30 David Malcolm <dmalcolm@redhat.com>
384
385 * analyzer-pass.cc: Include "analyzer/analyzer.h" for the
386 declaration of sorry_no_analyzer; include "tree.h" and
387 "function.h" as these are needed by it.
388
3892020-11-30 David Malcolm <dmalcolm@redhat.com>
390
391 * analyzer-pass.cc (pass_analyzer::execute): Move sorry call to...
392 (sorry_no_analyzer): New.
393 * analyzer.h (class state_machine): New forward decl.
394 (class logger): New forward decl.
395 (class plugin_analyzer_init_iface): New.
396 (sorry_no_analyzer): New decl.
397 * checker-path.cc (checker_path::fixup_locations): New.
398 * checker-path.h (checker_event::set_location): New.
399 (checker_path::fixup_locations): New decl.
400 * diagnostic-manager.cc
401 (diagnostic_manager::emit_saved_diagnostic): Call
402 checker_path::fixup_locations, and call fixup_location
403 on the primary location.
404 * engine.cc: Include "plugin.h".
405 (class plugin_analyzer_init_impl): New.
406 (impl_run_checkers): Invoke PLUGIN_ANALYZER_INIT callbacks.
407 * pending-diagnostic.h (pending_diagnostic::fixup_location): New
408 vfunc.
409
25bb75f8
GA		 4102020-11-18 David Malcolm <dmalcolm@redhat.com>
411
412 PR analyzer/97893
413 * sm-malloc.cc (null_deref::emit): Use CWE-476 rather than
414 CWE-690, as this isn't due to an unchecked return value.
415 (null_arg::emit): Likewise.
416
a5a11525
GA		 4172020-11-12 David Malcolm <dmalcolm@redhat.com>
418
419 * checker-path.h (checker_event::get_id_ptr): New.
420 * diagnostic-manager.cc (path_builder::path_builder): Add "sd"
421 param and use it to initialize new field "m_sd".
422 (path_builder::get_pending_diagnostic): New.
423 (path_builder::m_sd): New field.
424 (diagnostic_manager::emit_saved_diagnostic): Pass sd to
425 path_builder ctor.
426 (diagnostic_manager::add_events_for_superedge): Call new
427 maybe_add_custom_events_for_superedge vfunc.
428 * engine.cc (stale_jmp_buf::stale_jmp_buf): Add "setjmp_point"
429 param and use it to initialize new field "m_setjmp_point".
430 Initialize new field "m_stack_pop_event".
431 (stale_jmp_buf::maybe_add_custom_events_for_superedge): New vfunc
432 implementation.
433 (stale_jmp_buf::describe_final_event): New vfunc implementation.
434 (stale_jmp_buf::m_setjmp_point): New field.
435 (stale_jmp_buf::m_stack_pop_event): New field.
436 (exploded_node::on_longjmp): Pass setjmp_point to stale_jmp_buf
437 ctor.
438 * pending-diagnostic.h
439 (pending_diagnostic::maybe_add_custom_events_for_superedge): New
440 vfunc.
441
4422020-11-12 David Malcolm <dmalcolm@redhat.com>
443
444 PR tree-optimization/97424
445 * analyzer.opt (Wanalyzer-shift-count-negative): New.
446 (Wanalyzer-shift-count-overflow): New.
447 * region-model.cc (class shift_count_negative_diagnostic): New.
448 (class shift_count_overflow_diagnostic): New.
449 (region_model::get_gassign_result): Complain about shift counts that
450 are negative or are >= the operand's type's width.
451
bb622641
GA		 4522020-11-10 Martin Liska <mliska@suse.cz>
453
454 * constraint-manager.cc (constraint_manager::merge): Remove
455 unused code.
456 * constraint-manager.h: Likewise.
457 * program-state.cc (sm_state_map::sm_state_map): Likewise.
458 (program_state::program_state): Likewise.
459 (test_sm_state_map): Likewise.
460 * program-state.h: Likewise.
461 * region-model-reachability.cc (reachable_regions::reachable_regions): Likewise.
462 * region-model-reachability.h: Likewise.
463 * region-model.cc (region_model::handle_unrecognized_call): Likewise.
464 (region_model::get_reachable_svalues): Likewise.
465 (region_model::can_merge_with_p): Likewise.
466
0cfd9109
GA		 4672020-11-05 David Malcolm <dmalcolm@redhat.com>
468
469 PR analyzer/97668
470 * svalue.cc (cmp_cst): Handle COMPLEX_CST.
471
e93aae4a
GA		 4722020-10-29 David Malcolm <dmalcolm@redhat.com>
473
474 * program-state.cc (sm_state_map::on_liveness_change): Sort the
475 leaking svalues before calling on_state_leak.
476 (program_state::detect_leaks): Likewise when calling
477 on_svalue_leak.
478 * region-model-reachability.cc
479 (reachable_regions::mark_escaped_clusters): Likewise when
480 calling on_escaped_function.
481
4822020-10-29 David Malcolm <dmalcolm@redhat.com>
483
484 PR analyzer/97608
485 * region-model-reachability.cc (reachable_regions::handle_sval):
486 Operands of reachable reversible operations are reachable.
487
4882020-10-29 David Malcolm <dmalcolm@redhat.com>
489
490 * analyzer.h (class state_machine): New forward decl.
491 (class logger): Likewise.
492 (class visitor): Likewise.
493 * complexity.cc: New file, taken from svalue.cc.
494 * complexity.h: New file, taken from region-model.h.
495 * region-model.h: Include "analyzer/svalue.h" and
496 "analyzer/region.h". Move struct complexity to complexity.h.
497 Move svalue, its subclasses and supporting decls to svalue.h.
498 Move region, its subclasses and supporting decls to region.h.
499 * region.cc: Include "analyzer/region.h".
500 (symbolic_region::symbolic_region): Move here from region-model.h.
501 * region.h: New file, based on material from region-model.h.
502 * svalue.cc: Include "analyzer/svalue.h".
503 (complexity::complexity): Move to complexity.cc.
504 (complexity::from_pair): Likewise.
505 * svalue.h: New file, based on material from region-model.h.
506
5072020-10-29 David Malcolm <dmalcolm@redhat.com>
508
509 * program-state.cc (sm_state_map::print): Guard the printing of
510 the origin pointer with !flag_dump_noaddr.
511 * region.cc (string_region::dump_to_pp): Likewise for
512 m_string_cst.
513
89bb01e7
GA		 5142020-10-27 David Malcolm <dmalcolm@redhat.com>
515
516 PR analyzer/97568
517 * region-model.cc (region_model::get_initial_value_for_global):
518 Move check that !DECL_EXTERNAL from here to...
519 * region.cc (decl_region::get_svalue_for_initializer): ...here,
520 using it to reject zero initialization.
521
5222020-10-27 Markus Böck <markus.boeck02@gmail.com>
523
524 PR analyzer/96608
525 * store.h (hash): Cast to intptr_t instead of long
526
5272020-10-27 David Malcolm <dmalcolm@redhat.com>
528
529 * constraint-manager.cc (svalue_cmp_by_ptr): Delete.
530 (equiv_class::canonicalize): Use svalue::cmp_ptr_ptr instead.
531 (equiv_class_cmp): Eliminate pointer comparison.
532 * diagnostic-manager.cc (dedupe_key::comparator): If they are at
533 the same location, also compare epath ength and pending_diagnostic
534 kind.
535 * engine.cc (readability_comparator): If two path_vars have the
536 same readability, then impose an arbitrary ordering on them.
537 (worklist::key_t::cmp): If two points have the same plan ordering,
538 continue the comparison. Call sm_state_map::cmp rather than
539 comparing hash values.
540 * program-state.cc (sm_state_map::entry_t::cmp): New.
541 (sm_state_map::cmp): New.
542 * program-state.h (sm_state_map::entry_t::cmp): New decl.
543 (sm_state_map::elements): New.
544 (sm_state_map::cmp): New.
545
5462020-10-27 David Malcolm <dmalcolm@redhat.com>
547
548 * engine.cc (setjmp_record::cmp): New.
549 (supernode_cluster::dump_dot): Avoid embedding pointer in cluster
550 name.
551 (supernode_cluster::cmp_ptr_ptr): New.
552 (function_call_string_cluster::dump_dot): Avoid embedding pointer
553 in cluster name. Sort m_map when dumping child clusters.
554 (function_call_string_cluster::cmp_ptr_ptr): New.
555 (root_cluster::dump_dot): Sort m_map when dumping child clusters.
556 * program-point.cc (function_point::cmp): New.
557 (function_point::cmp_ptr): New.
558 * program-point.h (function_point::cmp): New decl.
559 (function_point::cmp_ptr): New decl.
560 * program-state.cc (sm_state_map::print): Sort the values. Guard
561 the printing of pointers with !flag_dump_noaddr.
562 (program_state::prune_for_point): Sort the regions.
563 (log_set_of_svalues): Sort the values. Guard the printing of
564 pointers with !flag_dump_noaddr.
565 * region-model-manager.cc (log_uniq_map): Sort the values.
566 * region-model-reachability.cc (dump_set): New function template.
567 (reachable_regions::dump_to_pp): Use it.
568 * region-model.h (svalue::cmp_ptr): New decl.
569 (svalue::cmp_ptr_ptr): New decl.
570 (setjmp_record::cmp): New decl.
571 (placeholder_svalue::get_name): New accessor.
572 (widening_svalue::get_point): New accessor.
573 (compound_svalue::get_map): New accessor.
574 (conjured_svalue::get_stmt): New accessor.
575 (conjured_svalue::get_id_region): New accessor.
576 (region::cmp_ptrs): Rename to...
577 (region::cmp_ptr_ptr): ...this.
578 * region.cc (region::cmp_ptrs): Rename to...
579 (region::cmp_ptr_ptr): ...this.
580 * state-purge.cc
581 (state_purge_per_ssa_name::state_purge_per_ssa_name): Sort
582 m_points_needing_name when dumping.
583 * store.cc (concrete_binding::cmp_ptr_ptr): New.
584 (symbolic_binding::cmp_ptr_ptr): New.
585 (binding_map::cmp): New.
586 (get_sorted_parent_regions): Update for renaming of
587 region::cmp_ptrs to region::cmp_ptr_ptr.
588 (store::dump_to_pp): Likewise.
589 (store::to_json): Likewise.
590 (store::can_merge_p): Sort the base regions before considering
591 them.
592 * store.h (concrete_binding::cmp_ptr_ptr): New decl.
593 (symbolic_binding::cmp_ptr_ptr): New decl.
594 (binding_map::cmp): New decl.
595 * supergraph.cc (supergraph::supergraph): Assign UIDs to the
596 gimple stmts.
597 * svalue.cc (cmp_cst): New.
598 (svalue::cmp_ptr): New.
599 (svalue::cmp_ptr_ptr): New.
600
6012020-10-27 David Malcolm <dmalcolm@redhat.com>
602
603 * engine.cc (exploded_graph::get_or_create_node): Fix off-by-one
604 when imposing param_analyzer_max_enodes_per_program_point limit.
605
6062020-10-27 David Malcolm <dmalcolm@redhat.com>
607
608 * region-model.cc (region_model::get_representative_path_var):
609 Implement case RK_LABEL.
610 * region-model.h (label_region::get_label): New accessor.
611
43868df3
GA		 6122020-10-22 David Malcolm <dmalcolm@redhat.com>
613
614 PR analyzer/97514
615 * engine.cc (exploded_graph::add_function_entry): Handle failure
616 to create an enode, rather than asserting.
617
6182020-10-22 David Malcolm <dmalcolm@redhat.com>
619
620 PR analyzer/97489
621 * engine.cc (exploded_graph::add_function_entry): Assert that we
622 have a function body.
623 (exploded_graph::on_escaped_function): Reject fndecls that don't
624 have a function body.
625
b2698c21
GA		 6262020-10-14 David Malcolm <dmalcolm@redhat.com>
627
628 PR analyzer/93388
629 * region-model.cc (region_model::get_initial_value_for_global):
630 Fall back to returning an initial_svalue if
631 decl_region::get_svalue_for_initializer fails.
632 * region.cc (decl_region::get_svalue_for_initializer): Don't
633 attempt to create a compound_svalue if the region has an unknown
634 size.
635
6362020-10-14 David Malcolm <dmalcolm@redhat.com>
637
638 PR analyzer/93723
639 * store.cc (binding_map::apply_ctor_to_region): Remove redundant
640 assertion.
641
8be127ca
GA		 6422020-10-12 David Malcolm <dmalcolm@redhat.com>
643
644 PR analyzer/97258
645 * engine.cc (impl_region_model_context::on_escaped_function): New
646 vfunc.
647 (exploded_graph::add_function_entry): Use m_functions_with_enodes
648 to implement idempotency.
649 (add_any_callbacks): New.
650 (exploded_graph::build_initial_worklist): Use the above to find
651 callbacks that are reachable from global initializers.
652 (exploded_graph::on_escaped_function): New.
653 * exploded-graph.h
654 (impl_region_model_context::on_escaped_function): New decl.
655 (exploded_graph::on_escaped_function): New decl.
656 (exploded_graph::m_functions_with_enodes): New field.
657 * region-model-reachability.cc
658 (reachable_regions::reachable_regions): Replace "store" param with
659 "model" param; use it to initialize m_model.
660 (reachable_regions::add): When getting the svalue for the region,
661 call get_store_value on the model rather than using an initial
662 value.
663 (reachable_regions::mark_escaped_clusters): Add ctxt param and
664 use it to call on_escaped_function when a function_region escapes.
665 * region-model-reachability.h
666 (reachable_regions::reachable_regions): Replace "store" param with
667 "model" param.
668 (reachable_regions::mark_escaped_clusters): Add ctxt param.
669 (reachable_regions::m_model): New field.
670 * region-model.cc (region_model::handle_unrecognized_call): Update
671 for change in reachable_regions ctor.
672 (region_model::handle_unrecognized_call): Pass ctxt to
673 mark_escaped_clusters.
674 (region_model::get_reachable_svalues): Update for change in
675 reachable_regions ctor.
676 (region_model::get_initial_value_for_global): Read-only variables
677 keep their initial values.
678 * region-model.h (region_model_context::on_escaped_function): New
679 vfunc.
680 (noop_region_model_context::on_escaped_function): New.
681
6822020-10-12 David Malcolm <dmalcolm@redhat.com>
683
684 * analyzer.opt (Wanalyzer-write-to-const): New.
685 (Wanalyzer-write-to-string-literal): New.
686 * region-model-impl-calls.cc (region_model::impl_call_memcpy):
687 Call check_for_writable_region.
688 (region_model::impl_call_memset): Likewise.
689 (region_model::impl_call_strcpy): Likewise.
690 * region-model.cc (class write_to_const_diagnostic): New.
691 (class write_to_string_literal_diagnostic): New.
692 (region_model::check_for_writable_region): New.
693 (region_model::set_value): Call check_for_writable_region.
694 * region-model.h (region_model::check_for_writable_region): New
695 decl.
696
6caec77e
GA		 6972020-10-07 David Malcolm <dmalcolm@redhat.com>
698
699 PR analyzer/97116
700 * sm-malloc.cc (method_p): New.
701 (describe_argument_index): New.
702 (inform_nonnull_attribute): Use describe_argument_index.
703 (possible_null_arg::describe_final_event): Likewise.
704 (null_arg::describe_final_event): Likewise.
705
93bca37c
GA		 7062020-09-29 David Malcolm <dmalcolm@redhat.com>
707
708 PR analyzer/95188
709 * engine.cc (stmt_requires_new_enode_p): Split enodes before
710 "signal" calls.
711
7122020-09-29 David Malcolm <dmalcolm@redhat.com>
713
714 * constraint-manager.cc
715 (constraint_manager::add_constraint_internal): Whitespace fixes.
716 Silence -Wsign-compare warning.
717 * engine.cc (maybe_process_run_of_before_supernode_enodes):
718 Silence -Wsign-compare warning.
719
e84761c6
GA		 7202020-09-28 David Malcolm <dmalcolm@redhat.com>
721
722 * region-model.h (binop_svalue::dyn_cast_binop_svalue): Remove
723 redundant "virtual". Add FINAL OVERRIDE.
724 (widening_svalue::dyn_cast_widening_svalue): Add FINAL OVERRIDE.
725 (compound_svalue::dyn_cast_compound_svalue): Likewise.
726 (conjured_svalue::dyn_cast_conjured_svalue): Likewise.
727
7282020-09-28 David Malcolm <dmalcolm@redhat.com>
729
730 * diagnostic-manager.cc (null_assignment_sm_context::m_visitor):
731 Remove unused field.
732
7332020-09-28 David Malcolm <dmalcolm@redhat.com>
734
735 PR analyzer/97233
736 * analyzer.cc (is_longjmp_call_p): Require the initial argument
737 to be a pointer.
738 * engine.cc (exploded_node::on_longjmp): Likewise.
739
7402020-09-28 David Malcolm <dmalcolm@redhat.com>
741
742 * program-state.cc (sm_state_map::print): Update check
743 for m_global_state being the start state.
744
91dd4a38
GA		 7452020-09-26 David Malcolm <dmalcolm@redhat.com>
746
747 PR analyzer/96646
748 PR analyzer/96841
749 * region-model.cc (region_model::get_representative_path_var):
750 When handling offset_region, wrap the MEM_REF's first argument in
751 an ADDR_EXPR of pointer type, rather than simply using the tree
752 for the parent region. Require the MEM_REF's second argument to
753 be an integer constant.
754
a2b7397b
GA		 7552020-09-24 David Malcolm <dmalcolm@redhat.com>
756
757 * analyzer.h (struct rejected_constraint): New decl.
758 * analyzer.opt (fanalyzer-feasibility): New option.
759 * diagnostic-manager.cc (path_builder::path_builder): Add
760 "problem" param and use it to initialize new field.
761 (path_builder::get_feasibility_problem): New accessor.
762 (path_builder::m_feasibility_problem): New field.
763 (dedupe_winners::add): Remove inversion of logic in "if" clause,
764 swapping if/else suites. In the !feasible_p suite, inspect
765 flag_analyzer_feasibility and add code to handle when this
766 is off, accepting the infeasible path, but recording the
767 feasibility_problem.
768 (diagnostic_manager::emit_saved_diagnostic): Pass the
769 feasibility_problem to the path_builder.
770 (diagnostic_manager::add_events_for_eedge): If we have
771 a feasibility_problem at this edge, use it to add a custom event.
772 * engine.cc (exploded_path::feasible_p): Pass a
773 rejected_constraint ** to model.maybe_update_for_edge and transfer
774 ownership of any created instance to any feasibility_problem.
775 (feasibility_problem::dump_to_pp): New.
776 * exploded-graph.h (feasibility_problem::feasibility_problem):
777 Drop "model" param; add rejected_constraint * param.
778 (feasibility_problem::~feasibility_problem): New.
779 (feasibility_problem::dump_to_pp): New decl.
780 (feasibility_problem::m_model): Drop field.
781 (feasibility_problem::m_rc): New field.
782 * program-point.cc (function_point::get_location): Handle
783 PK_BEFORE_SUPERNODE and PK_AFTER_SUPERNODE.
784 * program-state.cc (program_state::on_edge): Pass NULL to new
785 param of region_model::maybe_update_for_edge.
786 * region-model.cc (region_model::add_constraint): New overload
787 adding a rejected_constraint ** param.
788 (region_model::maybe_update_for_edge): Add rejected_constraint **
789 param and pass it to the various apply_constraints_for_ calls.
790 (region_model::apply_constraints_for_gcond): Add
791 rejected_constraint ** param and pass it to add_constraint calls.
792 (region_model::apply_constraints_for_gswitch): Likewise.
793 (region_model::apply_constraints_for_exception): Likewise.
794 (rejected_constraint::dump_to_pp): New.
795 * region-model.h (region_model::maybe_update_for_edge):
796 Add rejected_constraint ** param.
797 (region_model::add_constraint): New overload adding a
798 rejected_constraint ** param.
799 (region_model::apply_constraints_for_gcond): Add
800 rejected_constraint ** param.
801 (region_model::apply_constraints_for_gswitch): Likewise.
802 (region_model::apply_constraints_for_exception): Likewise.
803 (struct rejected_constraint): New.
804
82b77dee
GA		 8052020-09-23 David Malcolm <dmalcolm@redhat.com>
806
807 PR analyzer/97178
808 * engine.cc (impl_run_checkers): Update for change to ext_state
809 ctor.
810 * program-state.cc (selftest::test_sm_state_map): Pass an engine
811 instance to ext_state ctor.
812 (selftest::test_program_state_1): Likewise.
813 (selftest::test_program_state_2): Likewise.
814 (selftest::test_program_state_merging): Likewise.
815 (selftest::test_program_state_merging_2): Likewise.
816 * program-state.h (extrinsic_state::extrinsic_state): Remove NULL
817 default value for "eng" param.
818
8192020-09-23 Tobias Burnus <tobias@codesourcery.com>
820
821 * analyzer-logging.cc: Guard '#pragma ... ignored "-Wformat-diag"'
822 by '#if __GNUC__ >= 10'
823 * analyzer.h: Likewise.
824 * call-string.cc: Likewise.
825
8262020-09-23 David Malcolm <dmalcolm@redhat.com>
827
828 * engine.cc (exploded_node::on_stmt): Replace sequence of dyn_cast
829 with switch.
830
521d2711
GA		 8312020-09-22 David Malcolm <dmalcolm@redhat.com>
832
833 * analysis-plan.cc: Include "json.h".
834 * analyzer.opt (fdump-analyzer-json): New.
835 * call-string.cc: Include "json.h".
836 (call_string::to_json): New.
837 * call-string.h (call_string::to_json): New decl.
838 * checker-path.cc: Include "json.h".
839 * constraint-manager.cc: Include "json.h".
840 (equiv_class::to_json): New.
841 (constraint::to_json): New.
842 (constraint_manager::to_json): New.
843 * constraint-manager.h (equiv_class::to_json): New decl.
844 (constraint::to_json): New decl.
845 (constraint_manager::to_json): New decl.
846 * diagnostic-manager.cc: Include "json.h".
847 (saved_diagnostic::to_json): New.
848 (diagnostic_manager::to_json): New.
849 * diagnostic-manager.h (saved_diagnostic::to_json): New decl.
850 (diagnostic_manager::to_json): New decl.
851 * engine.cc: Include "json.h", <zlib.h>.
852 (exploded_node::status_to_str): New.
853 (exploded_node::to_json): New.
854 (exploded_edge::to_json): New.
855 (exploded_graph::to_json): New.
856 (dump_analyzer_json): New.
857 (impl_run_checkers): Call it.
858 * exploded-graph.h (exploded_node::status_to_str): New decl.
859 (exploded_node::to_json): New.
860 (exploded_edge::to_json): New.
861 (exploded_graph::to_json): New.
862 * pending-diagnostic.cc: Include "json.h".
863 * program-point.cc: Include "json.h".
864 (program_point::to_json): New.
865 * program-point.h (program_point::to_json): New decl.
866 * program-state.cc: Include "json.h".
867 (extrinsic_state::to_json): New.
868 (sm_state_map::to_json): New.
869 (program_state::to_json): New.
870 * program-state.h (extrinsic_state::to_json): New decl.
871 (sm_state_map::to_json): New decl.
872 (program_state::to_json): New decl.
873 * region-model-impl-calls.cc: Include "json.h".
874 * region-model-manager.cc: Include "json.h".
875 * region-model-reachability.cc: Include "json.h".
876 * region-model.cc: Include "json.h".
877 * region-model.h (svalue::to_json): New decl.
878 (region::to_json): New decl.
879 * region.cc: Include "json.h".
880 (region::to_json: New.
881 * sm-file.cc: Include "json.h".
882 * sm-malloc.cc: Include "json.h".
883 * sm-pattern-test.cc: Include "json.h".
884 * sm-sensitive.cc: Include "json.h".
885 * sm-signal.cc: Include "json.h".
886 (signal_delivery_edge_info_t::to_json): New.
887 * sm-taint.cc: Include "json.h".
888 * sm.cc: Include "diagnostic.h", "tree-diagnostic.h", and
889 "json.h".
890 (state_machine::state::to_json): New.
891 (state_machine::to_json): New.
892 * sm.h (state_machine::state::to_json): New.
893 (state_machine::to_json): New.
894 * state-purge.cc: Include "json.h".
895 * store.cc: Include "json.h".
896 (binding_key::get_desc): New.
897 (binding_map::to_json): New.
898 (binding_cluster::to_json): New.
899 (store::to_json): New.
900 * store.h (binding_key::get_desc): New decl.
901 (binding_map::to_json): New decl.
902 (binding_cluster::to_json): New decl.
903 (store::to_json): New decl.
904 * supergraph.cc: Include "json.h".
905 (supergraph::to_json): New.
906 (supernode::to_json): New.
907 (superedge::to_json): New.
908 * supergraph.h (supergraph::to_json): New decl.
909 (supernode::to_json): New decl.
910 (superedge::to_json): New decl.
911 * svalue.cc: Include "json.h".
912 (svalue::to_json): New.
913
44135373
GA		 9142020-09-21 David Malcolm <dmalcolm@redhat.com>
915
916 PR analyzer/97130
917 * region-model-impl-calls.cc (call_details::get_arg_type): New.
918 * region-model.cc (region_model::on_call_pre): Check that the
919 initial arg is a pointer before calling impl_call_memset and
920 impl_call_strlen.
921 * region-model.h (call_details::get_arg_type): New decl.
922
9232020-09-21 David Malcolm <dmalcolm@redhat.com>
924
925 PR analyzer/93355
926 * sm-malloc.cc (malloc_state_machine::get_default_state): Look at
927 the base region when considering pointers. Treat pointers to
928 decls as being non-heap.
929
239601c5
GA		 9302020-09-18 David Malcolm <dmalcolm@redhat.com>
931
932 * checker-path.cc (warning_event::get_desc): Handle global state
933 changes.
934
9352020-09-18 David Malcolm <dmalcolm@redhat.com>
936
937 * sm-malloc.cc (malloc_state_machine::on_stmt): Handle strdup and
938 strndup as being malloc-like allocators.
939
ecde1b0a
GA		 9402020-09-16 David Malcolm <dmalcolm@redhat.com>
941
942 * engine.cc (strongly_connected_components::strong_connect): Only
943 consider intraprocedural edges when creating SCCs.
944 (worklist::key_t::cmp): Add comment. Treat call_string
945 differences as more important than differences of program_point
946 within a supernode.
947
9482020-09-16 David Malcolm <dmalcolm@redhat.com>
949
950 * engine.cc (supernode_cluster::dump_dot): Show the SCC id
951 in the per-supernode clusters in FILENAME.eg.dot output.
952 (exploded_graph_annotator::add_node_annotations):
953 Show the SCC of the supernode in FILENAME.supernode.eg.dot output.
954 * exploded-graph.h (worklist::scc_id): New.
955 (exploded_graph::get_scc_id): New.
956
9572020-09-16 David Malcolm <dmalcolm@redhat.com>
958
959 * engine.cc (exploded_node::dump_dot): Show STATUS_BULK_MERGED.
960 (exploded_graph::process_worklist): Call
961 maybe_process_run_of_before_supernode_enodes.
962 (exploded_graph::maybe_process_run_of_before_supernode_enodes):
963 New.
964 (exploded_graph_annotator::print_enode): Show STATUS_BULK_MERGED.
965 * exploded-graph.h (enum exploded_node::status): Add
966 STATUS_BULK_MERGED.
967
9682020-09-16 David Malcolm <dmalcolm@redhat.com>
969
970 * engine.cc
971 (exploded_graph::process_node) <case PK_BEFORE_SUPERNODE>:
972 Simplify by using program_point::get_next.
973 * program-point.cc (program_point::get_next): New.
974 * program-point.h (program_point::get_next): New decl.
975
9762020-09-16 David Malcolm <dmalcolm@redhat.com>
977
978 * engine.cc (exploded_graph::get_or_create_node): Show the
979 program point when issuing -Wanalyzer-too-complex due to hitting
980 the per-program-point limit.
981
9822020-09-16 David Malcolm <dmalcolm@redhat.com>
983
984 * region-model.cc (region_model::on_call_pre): Treat getchar as
985 having no side-effects.
986
9f7ab8c5
GA		 9872020-09-15 David Malcolm <dmalcolm@redhat.com>
988
989 PR analyzer/96650
990 * constraint-manager.cc (merger_fact_visitor::on_fact): Replace
991 assertion that add_constraint succeeded with an assertion that
992 if it fails, -fanalyzer-transitivity is off.
993
50a71cd0
GA		 9942020-09-14 David Malcolm <dmalcolm@redhat.com>
995
996 * analyzer.opt (-param=analyzer-max-constraints=): New param.
997 * constraint-manager.cc
998 (constraint_manager::add_constraint_internal): Silently reject
999 attempts to add constraints when the above limit is reached.
1000
10012020-09-14 David Malcolm <dmalcolm@redhat.com>
1002
1003 PR analyzer/96653
1004 * constraint-manager.cc
1005 (constraint_manager::get_or_add_equiv_class): Don't accumulate
1006 transitive closure of all constraints on constants.
1007
10082020-09-14 David Malcolm <dmalcolm@redhat.com>
1009
1010 PR analyzer/97029
1011 * analyzer.cc (is_setjmp_call_p): Require the initial arg to be a
1012 pointer.
1013 * region-model.cc (region_model::deref_rvalue): Assert that the
1014 svalue is of pointer type.
1015
ac35c090
GA		 10162020-09-11 David Malcolm <dmalcolm@redhat.com>
1017
1018 PR analyzer/96798
1019 * region-model-impl-calls.cc (region_model::impl_call_memcpy):
1020 New.
1021 (region_model::impl_call_strcpy): New.
1022 * region-model.cc (region_model::on_call_pre): Flag unhandled
1023 builtins that are non-pure as having unknown side-effects.
1024 Implement BUILT_IN_MEMCPY, BUILT_IN_MEMCPY_CHK, BUILT_IN_STRCPY,
1025 BUILT_IN_STRCPY_CHK, BUILT_IN_FPRINTF, BUILT_IN_FPRINTF_UNLOCKED,
1026 BUILT_IN_PUTC, BUILT_IN_PUTC_UNLOCKED, BUILT_IN_FPUTC,
1027 BUILT_IN_FPUTC_UNLOCKED, BUILT_IN_FPUTS, BUILT_IN_FPUTS_UNLOCKED,
1028 BUILT_IN_FWRITE, BUILT_IN_FWRITE_UNLOCKED, BUILT_IN_PRINTF,
1029 BUILT_IN_PRINTF_UNLOCKED, BUILT_IN_PUTCHAR,
1030 BUILT_IN_PUTCHAR_UNLOCKED, BUILT_IN_PUTS, BUILT_IN_PUTS_UNLOCKED,
1031 BUILT_IN_VFPRINTF, BUILT_IN_VPRINTF.
1032 * region-model.h (region_model::impl_call_memcpy): New decl.
1033 (region_model::impl_call_strcpy): New decl.
1034
80f86e78
GA		 10352020-09-09 David Malcolm <dmalcolm@redhat.com>
1036
1037 PR analyzer/94355
1038 * analyzer.opt (Wanalyzer-mismatching-deallocation): New warning.
1039 * region-model-impl-calls.cc
1040 (region_model::impl_call_operator_new): New.
1041 (region_model::impl_call_operator_delete): New.
1042 * region-model.cc (region_model::on_call_pre): Detect operator new
1043 and operator delete.
1044 (region_model::on_call_post): Likewise.
1045 (region_model::maybe_update_for_edge): Detect EH edges and call...
1046 (region_model::apply_constraints_for_exception): New function.
1047 * region-model.h (region_model::impl_call_operator_new): New decl.
1048 (region_model::impl_call_operator_delete): New decl.
1049 (region_model::apply_constraints_for_exception): New decl.
1050 * sm-malloc.cc (enum resource_state): New.
1051 (struct allocation_state): New state subclass.
1052 (enum wording): New.
1053 (struct api): New.
1054 (malloc_state_machine::custom_data_t): New typedef.
1055 (malloc_state_machine::add_state): New decl.
1056 (malloc_state_machine::m_unchecked)
1057 (malloc_state_machine::m_nonnull)
1058 (malloc_state_machine::m_freed): Delete these states in favor
1059 of...
1060 (malloc_state_machine::m_malloc)
1061 (malloc_state_machine::m_scalar_new)
1062 (malloc_state_machine::m_vector_new): ...this new api instances,
1063 which own their own versions of these states.
1064 (malloc_state_machine::on_allocator_call): New decl.
1065 (malloc_state_machine::on_deallocator_call): New decl.
1066 (api::api): New ctor.
1067 (dyn_cast_allocation_state): New.
1068 (as_a_allocation_state): New.
1069 (get_rs): New.
1070 (unchecked_p): New.
1071 (nonnull_p): New.
1072 (freed_p): New.
1073 (malloc_diagnostic::describe_state_change): Use unchecked_p and
1074 nonnull_p.
1075 (class mismatching_deallocation): New.
1076 (double_free::double_free): Add funcname param for initializing
1077 m_funcname.
1078 (double_free::emit): Use m_funcname in warning message rather
1079 than hardcoding "free".
1080 (double_free::describe_state_change): Likewise. Use freed_p.
1081 (double_free::describe_call_with_state): Use freed_p.
1082 (double_free::describe_final_event): Use m_funcname in message
1083 rather than hardcoding "free".
1084 (double_free::m_funcname): New field.
1085 (possible_null::describe_state_change): Use unchecked_p.
1086 (possible_null::describe_return_of_state): Likewise.
1087 (use_after_free::use_after_free): Add param for initializing m_api.
1088 (use_after_free::emit): Use m_api->m_dealloc_funcname in message
1089 rather than hardcoding "free".
1090 (use_after_free::describe_state_change): Use freed_p. Change the
1091 wording of the message based on the API.
1092 (use_after_free::describe_final_event): Use
1093 m_api->m_dealloc_funcname in message rather than hardcoding
1094 "free". Change the wording of the message based on the API.
1095 (use_after_free::m_api): New field.
1096 (malloc_leak::describe_state_change): Use unchecked_p. Update
1097 for renaming of m_malloc_event to m_alloc_event.
1098 (malloc_leak::describe_final_event): Update for renaming of
1099 m_malloc_event to m_alloc_event.
1100 (malloc_leak::m_malloc_event): Rename...
1101 (malloc_leak::m_alloc_event): ...to this.
1102 (free_of_non_heap::free_of_non_heap): Add param for initializing
1103 m_funcname.
1104 (free_of_non_heap::emit): Use m_funcname in message rather than
1105 hardcoding "free".
1106 (free_of_non_heap::describe_final_event): Likewise.
1107 (free_of_non_heap::m_funcname): New field.
1108 (allocation_state::dump_to_pp): New.
1109 (allocation_state::get_nonnull): New.
1110 (malloc_state_machine::malloc_state_machine): Update for changes
1111 to state fields and new api fields.
1112 (malloc_state_machine::add_state): New.
1113 (malloc_state_machine::on_stmt): Move malloc/calloc handling to
1114 on_allocator_call and call it, passing in the API pointer.
1115 Likewise for free, moving it to on_deallocator_call. Handle calls
1116 to operator new and delete in an analogous way. Use unchecked_p
1117 when testing for possibly-null-arg and possibly-null-deref, and
1118 transition to the non-null for the correct API. Remove redundant
1119 node param from call to on_zero_assignment. Use freed_p for
1120 use-after-free check, and pass in API.
1121 (malloc_state_machine::on_allocator_call): New, based on code in
1122 on_stmt.
1123 (malloc_state_machine::on_deallocator_call): Likewise.
1124 (malloc_state_machine::on_phi): Mark node param with
1125 ATTRIBUTE_UNUSED; don't pass it to on_zero_assignment.
1126 (malloc_state_machine::on_condition): Mark node param with
1127 ATTRIBUTE_UNUSED. Replace on_transition calls with get_state and
1128 set_next_state pairs, transitioning to the non-null state for the
1129 appropriate API.
1130 (malloc_state_machine::can_purge_p): Port to new state approach.
1131 (malloc_state_machine::on_zero_assignment): Replace on_transition
1132 calls with get_state and set_next_state pairs. Drop redundant
1133 node param.
1134 * sm.h (state_machine::add_custom_state): New.
1135
11362020-09-09 David Malcolm <dmalcolm@redhat.com>
1137
1138 * diagnostic-manager.cc
1139 (null_assignment_sm_context::warn_for_state): Replace with...
1140 (null_assignment_sm_context::warn): ...this.
1141 * engine.cc (impl_sm_context::warn_for_state): Replace with...
1142 (impl_sm_context::warn): ...this.
1143 * sm-file.cc (fileptr_state_machine::on_stmt): Replace
1144 warn_for_state and on_transition calls with a get_state
1145 test guarding warn and set_next_state calls.
1146 * sm-malloc.cc (malloc_state_machine::on_stmt): Likewise.
1147 * sm-pattern-test.cc (pattern_test_state_machine::on_condition):
1148 Replace warn_for_state call with warn call.
1149 * sm-sensitive.cc
1150 (sensitive_state_machine::warn_for_any_exposure): Replace
1151 warn_for_state call with a get_state test guarding a warn call.
1152 * sm-signal.cc (signal_state_machine::on_stmt): Likewise.
1153 * sm-taint.cc (taint_state_machine::on_stmt): Replace
1154 warn_for_state and on_transition calls with a get_state
1155 test guarding warn and set_next_state calls.
1156 * sm.h (sm_context::warn_for_state): Replace with...
1157 (sm_context::warn): ...this.
1158
11592020-09-09 David Malcolm <dmalcolm@redhat.com>
1160
1161 * diagnostic-manager.cc
1162 (null_assignment_sm_context::null_assignment_sm_context): Add old_state
1163 and ext_state params, initializing m_old_state and m_ext_state.
1164 (null_assignment_sm_context::on_transition): Split into...
1165 (null_assignment_sm_context::get_state): ...this new vfunc
1166 implementation and...
1167 (null_assignment_sm_context::set_next_state): ...this new vfunc
1168 implementation.
1169 (null_assignment_sm_context::m_old_state): New field.
1170 (null_assignment_sm_context::m_ext_state): New field.
1171 (diagnostic_manager::add_events_for_eedge): Pass in old state and
1172 ext_state when creating sm_ctxt.
1173 * engine.cc (impl_sm_context::on_transition): Split into...
1174 (impl_sm_context::get_state): ...this new vfunc
1175 implementation and...
1176 (impl_sm_context::set_next_state): ...this new vfunc
1177 implementation.
1178 * sm.h (sm_context::get_state): New pure virtual function.
1179 (sm_context::set_next_state): Likewise.
1180 (sm_context::on_transition): Convert from a pure virtual function
1181 to a regular function implemented in terms of get_state and
1182 set_next_state.
1183
11842020-09-09 David Malcolm <dmalcolm@redhat.com>
1185
1186 * checker-path.cc (state_change_event::get_desc): Update
1187 state_machine::get_state_name calls to state::get_name.
1188 (warning_event::get_desc): Likewise.
1189 * diagnostic-manager.cc
1190 (null_assignment_sm_context::on_transition): Update comparison
1191 against 0 with comparison with m_sm.get_start_state.
1192 (diagnostic_manager::prune_for_sm_diagnostic): Update
1193 state_machine::get_state_name calls to state::get_name.
1194 * engine.cc (impl_sm_context::on_transition): Likewise.
1195 (exploded_node::get_dot_fillcolor): Use get_id when summing
1196 the sm states.
1197 * program-state.cc (sm_state_map::sm_state_map): Don't hardcode
1198 0 as the start state when initializing m_global_state.
1199 (sm_state_map::print): Use dump_to_pp rather than get_state_name
1200 when dumping states.
1201 (sm_state_map::is_empty_p): Don't hardcode 0 as the start state
1202 when examining m_global_state.
1203 (sm_state_map::hash): Use get_id when hashing states.
1204 (selftest::test_sm_state_map): Use state objects rather than
1205 arbitrary hardcoded integers.
1206 (selftest::test_program_state_merging): Likewise.
1207 (selftest::test_program_state_merging_2): Likewise.
1208 * sm-file.cc (fileptr_state_machine::m_start): Move to base class.
1209 (file_diagnostic::describe_state_change): Use get_start_state.
1210 (fileptr_state_machine::fileptr_state_machine): Drop m_start
1211 initialization.
1212 * sm-malloc.cc (malloc_state_machine::m_start): Move to base
1213 class.
1214 (malloc_diagnostic::describe_state_change): Use get_start_state.
1215 (possible_null::describe_state_change): Likewise.
1216 (malloc_state_machine::malloc_state_machine): Drop m_start
1217 initialization.
1218 * sm-pattern-test.cc (pattern_test_state_machine::m_start): Move
1219 to base class.
1220 (pattern_test_state_machine::pattern_test_state_machine): Drop
1221 m_start initialization.
1222 * sm-sensitive.cc (sensitive_state_machine::m_start): Move to base
1223 class.
1224 (sensitive_state_machine::sensitive_state_machine): Drop m_start
1225 initialization.
1226 * sm-signal.cc (signal_state_machine::m_start): Move to base
1227 class.
1228 (signal_state_machine::signal_state_machine): Drop m_start
1229 initialization.
1230 * sm-taint.cc (taint_state_machine::m_start): Move to base class.
1231 (taint_state_machine::taint_state_machine): Drop m_start
1232 initialization.
1233 * sm.cc (state_machine::state::dump_to_pp): New.
1234 (state_machine::state_machine): Move here from sm.h. Initialize
1235 m_next_state_id and m_start.
1236 (state_machine::add_state): Reimplement in terms of state objects.
1237 (state_machine::get_state_name): Delete.
1238 (state_machine::get_state_by_name): Reimplement in terms of state
1239 objects. Make const.
1240 (state_machine::validate): Delete.
1241 (state_machine::dump_to_pp): Reimplement in terms of state
1242 objects.
1243 * sm.h (state_machine::state): New class.
1244 (state_machine::state_t): Convert typedef from "unsigned" to
1245 "const state_machine::state *".
1246 (state_machine::state_machine): Move to sm.cc.
1247 (state_machine::get_default_state): Use m_start rather than
1248 hardcoding 0.
1249 (state_machine::get_state_name): Delete.
1250 (state_machine::get_state_by_name): Make const.
1251 (state_machine::get_start_state): New accessor.
1252 (state_machine::alloc_state_id): New.
1253 (state_machine::m_state_names): Drop in favor of...
1254 (state_machine::m_states): New field
1255 (state_machine::m_start): New field
1256 (start_start_p): Delete.
1257
31a05046
GA		 12582020-09-08 David Malcolm <dmalcolm@redhat.com>
1259
1260 PR analyzer/96949
1261 * store.cc (binding_map::apply_ctor_val_to_range): Add
1262 error-handling for the cases where we have symbolic offsets.
1263
12642020-09-08 David Malcolm <dmalcolm@redhat.com>
1265
1266 PR analyzer/96950
1267 * store.cc (binding_map::apply_ctor_to_region): Handle RANGE_EXPR
1268 where min_index == max_index.
1269 (binding_map::apply_ctor_val_to_range): Replace assertion that we
1270 don't have a CONSTRUCTOR value with error-handling.
1271
12722020-09-08 David Malcolm <dmalcolm@redhat.com>
1273
1274 PR analyzer/96962
1275 * region-model.cc (region_model::on_call_pre): Fix guard on switch
1276 on built-ins to only consider BUILT_IN_NORMAL, rather than other
1277 kinds of build-ins.
1278
e1a4a8a0
GA		 12792020-09-01 David Malcolm <dmalcolm@redhat.com>
1280
1281 PR analyzer/96792
1282 * region-model.cc (region_model::deref_rvalue): Add the constraint
1283 that PTR_SVAL is non-NULL.
1284
13e4ba28
GA		 12852020-08-31 David Malcolm <dmalcolm@redhat.com>
1286
1287 PR analyzer/96798
1288 * region-model.cc (region_model::on_call_pre): Handle
1289 BUILT_IN_MEMSET_CHK.
1290
12912020-08-31 David Malcolm <dmalcolm@redhat.com>
1292
1293 * region-model.cc (region_model::on_call_pre): Gather handling of
1294 builtins and of internal fns into switch statements. Handle
1295 "alloca" and BUILT_IN_ALLOCA_WITH_ALIGN.
1296
12972020-08-31 David Malcolm <dmalcolm@redhat.com>
1298
1299 PR analyzer/96860
1300 * region.cc (decl_region::get_svalue_for_constructor): Support
1301 apply_ctor_to_region failing.
1302 * store.cc (binding_map::apply_ctor_to_region): Add failure
1303 handling.
1304 (binding_map::apply_ctor_val_to_range): Likewise.
1305 (binding_map::apply_ctor_pair_to_child_region): Likewise. Replace
1306 assertion that child_base_offset is not symbolic with error
1307 handling.
1308 * store.h (binding_map::apply_ctor_to_region): Convert return type
1309 from void to bool.
1310 (binding_map::apply_ctor_val_to_range): Likewise.
1311 (binding_map::apply_ctor_pair_to_child_region): Likewise.
1312
13132020-08-31 David Malcolm <dmalcolm@redhat.com>
1314
1315 PR analyzer/96763
1316 * store.cc (binding_map::apply_ctor_to_region): Handle RANGE_EXPR
1317 by calling a new binding_map::apply_ctor_val_to_range subroutine.
1318 Split out the existing non-CONSTRUCTOR-handling code to a new
1319 apply_ctor_pair_to_child_region subroutine.
1320 (binding_map::apply_ctor_val_to_range): New.
1321 (binding_map::apply_ctor_pair_to_child_region): New, split out
1322 from binding_map::apply_ctor_to_region as noted above.
1323 * store.h (binding_map::apply_ctor_val_to_range): New decl.
1324 (binding_map::apply_ctor_pair_to_child_region): New decl.
1325
13262020-08-31 David Malcolm <dmalcolm@redhat.com>
1327
1328 PR analyzer/96764
1329 * region-model-manager.cc
1330 (region_model_manager::maybe_fold_unaryop): Handle VIEW_CONVERT_EXPR.
1331 (region_model_manager::get_or_create_cast): Move logic for
1332 real->integer casting to...
1333 (get_code_for_cast): ...this new function, and add logic for
1334 real->non-integer casts.
1335 (region_model_manager::maybe_fold_sub_svalue): Handle
1336 VIEW_CONVERT_EXPR.
1337 * region-model.cc
1338 (region_model::add_any_constraints_from_gassign): Likewise.
1339 * svalue.cc (svalue::maybe_undo_cast): Likewise.
1340 (unaryop_svalue::dump_to_pp): Likewise.
1341
57ea0894
GA		 13422020-08-26 David Malcolm <dmalcolm@redhat.com>
1343
1344 PR analyzer/94858
1345 * region-model-manager.cc
1346 (region_model_manager::get_or_create_widening_svalue): Assert that
1347 neither of the inputs are themselves widenings.
1348 * store.cc (store::eval_alias_1): The initial value of a pointer
1349 can't point to a region that was allocated on the heap after the
1350 beginning of the path. A widened pointer value can't alias anything
1351 that the initial pointer value can't alias.
1352 * svalue.cc (svalue::can_merge_p): Merge BINOP (X, OP, CST) with X
1353 to a widening svalue. Merge
1354 BINOP(WIDENING(BASE, BINOP(BASE, X)), X) and BINOP(BASE, X) to
1355 to the LHS of the first BINOP.
1356
13572020-08-26 David Malcolm <dmalcolm@redhat.com>
1358
1359 PR analyzer/96777
1360 * region-model.h (class compound_svalue): Document that all keys
1361 must be concrete.
1362 (compound_svalue::compound_svalue): Move definition to svalue.cc.
1363 * store.cc (binding_map::apply_ctor_to_region): Handle
1364 initializers for trailing arrays with incomplete size.
1365 * svalue.cc (compound_svalue::compound_svalue): Move definition
1366 here from region-model.h. Add assertion that all keys are
1367 concrete.
1368
e769f970
GA		 13692020-08-22 David Malcolm <dmalcolm@redhat.com>
1370
1371 PR analyzer/94851
1372 * region-model-manager.cc
1373 (region_model_manager::maybe_fold_binop): Fold bitwise "& 0" to 0.
1374
13752020-08-22 David Malcolm <dmalcolm@redhat.com>
1376
1377 * store.cc (store::eval_alias): Make const. Split out 2nd half
1378 into store::eval_alias_1 and call it twice for symmetry, avoiding
1379 test duplication.
1380 (store::eval_alias_1): New function, split out from the above.
1381 * store.h (store::eval_alias): Make const.
1382 (store::eval_alias_1): New decl.
1383
13842020-08-22 David Malcolm <dmalcolm@redhat.com>
1385
1386 * region-model.cc (region_model::push_frame): Bind the default
1387 SSA name for each parm if it exists, falling back to the parm
1388 itself otherwise, rather than doing both.
1389
5b9a3d2a
GA		 13902020-08-20 David Malcolm <dmalcolm@redhat.com>
1391
1392 PR analyzer/96723
1393 * region-model-manager.cc
1394 (region_model_manager::get_field_region): Assert that field is a
1395 FIELD_DECL.
1396 * region.cc (region::get_subregions_for_binding): In
1397 union-handling, filter the TYPE_FIELDS traversal to just FIELD_DECLs.
1398
13992020-08-20 David Malcolm <dmalcolm@redhat.com>
1400
1401 PR analyzer/96713
1402 * region-model.cc (region_model::get_gassign_result): For
1403 comparisons, only use eval_condition when the lhs has boolean
1404 type, and use get_or_create_constant_svalue on the boolean
1405 constants directly rather than via get_rvalue.
1406
04e23a40
GA		 14072020-08-19 David Malcolm <dmalcolm@redhat.com>
1408
1409 PR analyzer/96643
1410 * region-model.cc (region_model::deref_rvalue): Rather than
1411 attempting to handle all svalue kinds in the switch, only cover
1412 the special cases, and move symbolic-region handling to after
1413 the switch, thus implicitly handling the missing case SK_COMPOUND.
1414
14152020-08-19 David Malcolm <dmalcolm@redhat.com>
1416
1417 PR analyzer/96705
1418 * region-model-manager.cc
1419 (region_model_manager::maybe_fold_binop): Check that we have an
1420 integral type before calling build_int_cst.
1421
14222020-08-19 David Malcolm <dmalcolm@redhat.com>
1423
1424 PR analyzer/96699
1425 * region-model-manager.cc
1426 (region_model_manager::get_or_create_cast): Use FIX_TRUNC_EXPR for
1427 casting from REAL_TYPE to INTEGER_TYPE.
1428
14292020-08-19 David Malcolm <dmalcolm@redhat.com>
1430
1431 PR analyzer/96651
1432 * region-model.cc (region_model::called_from_main_p): New.
1433 (region_model::get_store_value): Move handling for globals into...
1434 (region_model::get_initial_value_for_global): ...this new
1435 function, and add logic for extracting values from decl
1436 initializers.
1437 * region-model.h (decl_region::get_svalue_for_constructor): New
1438 decl.
1439 (decl_region::get_svalue_for_initializer): New decl.
1440 (region_model::called_from_main_p): New decl.
1441 (region_model::get_initial_value_for_global): New.
1442 * region.cc (decl_region::maybe_get_constant_value): Move logic
1443 for getting an svalue from a CONSTRUCTOR node to...
1444 (decl_region::get_svalue_for_constructor): ...this new function.
1445 (decl_region::get_svalue_for_initializer): New.
1446 * store.cc (get_svalue_for_ctor_val): Rewrite in terms of
1447 region_model::get_rvalue.
1448 * store.h (binding_cluster::get_map): New accessor.
1449
14502020-08-19 David Malcolm <dmalcolm@redhat.com>
1451
1452 PR analyzer/96648
1453 * region.cc (get_field_at_bit_offset): Gracefully handle negative
1454 values for bit_offset.
1455
5c265693
GA		 14562020-08-18 David Malcolm <dmalcolm@redhat.com>
1457
1458 * region-model.cc (region_model::get_rvalue_1): Fix name of local.
1459
14602020-08-18 David Malcolm <dmalcolm@redhat.com>
1461
1462 PR analyzer/96641
1463 * region-model.cc (region_model::get_rvalue_1): Handle
1464 unrecognized tree codes by returning "UNKNOWN.
1465
14662020-08-18 David Malcolm <dmalcolm@redhat.com>
1467
1468 PR analyzer/96640
1469 * region-model.cc (region_model::get_gassign_result): Handle various
1470 VEC_* tree codes by returning UNKNOWN.
1471 (region_model::on_assignment): Handle unrecognized tree codes by
1472 setting lhs to an unknown value, rather than issuing a "sorry" and
1473 asserting.
1474
deee2322
GA		 14752020-08-17 David Malcolm <dmalcolm@redhat.com>
1476
1477 PR analyzer/96644
1478 * region-model-manager.cc (get_region_for_unexpected_tree_code):
1479 Handle ctxt being NULL.
1480
14812020-08-17 David Malcolm <dmalcolm@redhat.com>
1482
1483 PR analyzer/96639
1484 * region.cc (region::get_subregions_for_binding): Check for "type"
1485 being NULL.
1486
14872020-08-17 David Malcolm <dmalcolm@redhat.com>
1488
1489 PR analyzer/96642
1490 * store.cc (get_svalue_for_ctor_val): New.
1491 (binding_map::apply_ctor_to_region): Call it.
1492
661ee09b
GA		 14932020-08-14 David Malcolm <dmalcolm@redhat.com>
1494
1495 PR testsuite/96609
1496 PR analyzer/96616
1497 * region-model.cc (region_model::get_store_value): Call
1498 maybe_get_constant_value on decl_regions first.
1499 * region-model.h (decl_region::maybe_get_constant_value): New decl.
1500 * region.cc (decl_region::get_stack_depth): Likewise.
1501 (decl_region::maybe_get_constant_value): New.
1502 * store.cc (get_subregion_within_ctor): New.
1503 (binding_map::apply_ctor_to_region): New.
1504 * store.h (binding_map::apply_ctor_to_region): New decl.
1505
15062020-08-14 David Malcolm <dmalcolm@redhat.com>
1507
1508 PR analyzer/96611
1509 * store.cc (store::mark_as_escaped): Reject attempts to
1510 get a cluster for an unknown pointer.
1511
b3cb5606
GA		 15122020-08-13 David Malcolm <dmalcolm@redhat.com>
1513
5afd1882
ML		 1514 PR analyzer/93032
1515 PR analyzer/93938
1516 PR analyzer/94011
1517 PR analyzer/94099
1518 PR analyzer/94399
1519 PR analyzer/94458
1520 PR analyzer/94503
1521 PR analyzer/94640
1522 PR analyzer/94688
1523 PR analyzer/94689
1524 PR analyzer/94839
1525 PR analyzer/95026
1526 PR analyzer/95042
1527 PR analyzer/95240
b3cb5606
GA		 1528 * analyzer-logging.cc: Ignore "-Wformat-diag".
1529 (logger::enter_scope): Use inc_indent in both overloads.
1530 (logger::exit_scope): Use dec_indent.
1531 * analyzer-logging.h (logger::inc_indent): New.
1532 (logger::dec_indent): New.
1533 * analyzer-selftests.cc (run_analyzer_selftests): Call
1534 analyzer_store_cc_tests.
1535 * analyzer-selftests.h (analyzer_store_cc_tests): New decl.
1536 * analyzer.cc (get_stmt_location): New function.
1537 * analyzer.h (class initial_svalue): New forward decl.
1538 (class unaryop_svalue): New forward decl.
1539 (class binop_svalue): New forward decl.
1540 (class sub_svalue): New forward decl.
1541 (class unmergeable_svalue): New forward decl.
1542 (class placeholder_svalue): New forward decl.
1543 (class widening_svalue): New forward decl.
1544 (class compound_svalue): New forward decl.
1545 (class conjured_svalue): New forward decl.
1546 (svalue_set): New typedef.
1547 (class map_region): Delete.
1548 (class array_region): Delete.
1549 (class frame_region): New forward decl.
1550 (class function_region): New forward decl.
1551 (class label_region): New forward decl.
1552 (class decl_region): New forward decl.
1553 (class element_region): New forward decl.
1554 (class offset_region): New forward decl.
1555 (class cast_region): New forward decl.
1556 (class field_region): New forward decl.
1557 (class string_region): New forward decl.
1558 (class region_model_manager): New forward decl.
1559 (class store_manager): New forward decl.
1560 (class store): New forward decl.
1561 (class call_details): New forward decl.
1562 (struct svalue_id_merger_mapping): Delete.
1563 (struct canonicalization): Delete.
1564 (class function_point): New forward decl.
1565 (class engine): New forward decl.
1566 (dump_tree): New function decl.
1567 (print_quoted_type): New function decl.
1568 (readability_comparator): New function decl.
1569 (tree_cmp): New function decl.
1570 (class path_var): Move here from region-model.h
1571 (bit_offset_t, bit_size_t, byte_size_t): New typedefs.
1572 (class region_offset): New class.
1573 (get_stmt_location): New decl.
1574 (struct member_function_hash_traits): New struct.
1575 (class consolidation_map): New class.
1576 Ignore "-Wformat-diag".
1577 * analyzer.opt (-param=analyzer-max-svalue-depth=): New param.
1578 (-param=analyzer-max-enodes-for-full-dump=): New param.
1579 * call-string.cc: Ignore -Wformat-diag.
1580 * checker-path.cc: Move includes of "analyzer/call-string.h" and
1581 "analyzer/program-point.h" to before "analyzer/region-model.h",
1582 and also include "analyzer/store.h" before it.
1583 (state_change_event::state_change_event): Replace "tree var" param
1584 with "const svalue *sval". Convert "origin" param from tree to
1585 "const svalue *".
1586 (state_change_event::get_desc): Call get_representative_tree to
1587 convert the var and origin from const svalue * to tree. Use
1588 svalue::get_desc rather than %qE when describing state changes.
1589 (checker_path::add_final_event): Use get_stmt_location.
1590 * checker-path.h (state_change_event::state_change_event): Port
1591 from tree to const svalue *.
1592 (state_change_event::get_lvalue): Delete.
1593 (state_change_event::get_dest_function): New.
1594 (state_change_event::m_var): Replace with...
1595 (state_change_event::m_sval): ...this.
1596 (state_change_event::m_origin): Convert from tree to
1597 const svalue *.
1598 * constraint-manager.cc: Include "analyzer/call-string.h",
1599 "analyzer/program-point.h", and "analyzer/store.h" before
1600 "analyzer/region-model.h".
1601 (struct bound, struct range): Move to constraint-manager.h.
1602 (compare_constants): New function.
1603 (range::dump): Rename to...
1604 (range::dump_to_pp): ...this. Support NULL constants.
1605 (range::dump): Reintroduce for dumping to stderr.
1606 (range::constrained_to_single_element): Return result, rather than
1607 writing to *OUT.
1608 (range::eval_condition): New.
1609 (range::below_lower_bound): New.
1610 (range::above_upper_bound): New.
1611 (equiv_class::equiv_class): Port from svalue_id to const svalue *.
1612 (equiv_class::print): Likewise.
1613 (equiv_class::hash): Likewise.
1614 (equiv_class::operator==): Port from svalue_id to const svalue *.
1615 (equiv_class::add): Port from svalue_id to const svalue *. Drop
1616 "cm" param.
1617 (equiv_class::del): Port from svalue_id to const svalue *.
1618 (equiv_class::get_representative): Likewise.
1619 (equiv_class::remap_svalue_ids): Delete.
1620 (svalue_id_cmp_by_id): Rename to...
1621 (svalue_cmp_by_ptr): ...this, porting from svalue_id to
1622 const svalue *.
1623 (equiv_class::canonicalize): Update qsort comparator.
1624 (constraint::implied_by): New.
1625 (constraint_manager::constraint_manager): Copy m_mgr in copy ctor.
1626 (constraint_manager::dump_to_pp): Add "multiline" param
1627 (constraint_manager::dump): Pass "true" for "multiline".
1628 (constraint_manager::add_constraint): Port from svalue_id to
1629 const svalue *. Split out second part into...
1630 (constraint_manager::add_unknown_constraint): ...this new
1631 function. Remove self-constraints when merging equivalence
1632 classes.
1633 (constraint_manager::add_constraint_internal): Remove constraints
1634 that would be implied by the new constraint. Port from svalue_id
1635 to const svalue *.
1636 (constraint_manager::get_equiv_class_by_sid): Rename to...
1637 (constraint_manager::get_equiv_class_by_svalue): ...this, porting
1638 from svalue_id to const svalue *.
1639 (constraint_manager::get_or_add_equiv_class): Port from svalue_id
1640 to const svalue *.
1641 (constraint_manager::eval_condition): Make const. Call
1642 compare_constants and return early if it provides a known result.
1643 (constraint_manager::get_ec_bounds): New.
1644 (constraint_manager::eval_condition): New overloads. Make
1645 existing one const, and use compare_constants.
1646 (constraint_manager::purge): Convert "p" param to a template
1647 rather that an abstract base class. Port from svalue_id to
1648 const svalue *.
1649 (class dead_svalue_purger): New class.
1650 (constraint_manager::remap_svalue_ids): Delete.
1651 (constraint_manager::on_liveness_change): New.
1652 (equiv_class_cmp): Port from svalue_id to const svalue *.
1653 (constraint_manager::canonicalize): Likewise. Combine with
1654 purging of redundant equivalence classes and constraints.
1655 (class cleaned_constraint_manager): Delete.
1656 (class merger_fact_visitor): Make "m_cm_b" const. Add "m_merger"
1657 field.
1658 (merger_fact_visitor::fact): Port from svalue_id to const svalue *.
1659 Add special case for widening.
1660 (constraint_manager::merge): Port from svalue_id to const svalue *.
1661 (constraint_manager::clean_merger_input): Delete.
1662 (constraint_manager::for_each_fact): Port from svalue_id to
1663 const svalue *.
1664 (constraint_manager::validate): Likewise.
1665 (selftest::test_constraint_conditions): Provide a
1666 region_model_manager when creating region_model instances.
1667 Add test for self-equality not creating equivalence classes.
1668 (selftest::test_transitivity): Provide a region_model_manager when
1669 creating region_model instances. Verify that EC-merging happens
1670 when constraints are implied.
1671 (selftest::test_constant_comparisons): Provide a
1672 region_model_manager when creating region_model instances.
1673 (selftest::test_constraint_impl): Likewise. Remove over-specified
1674 assertions.
1675 (selftest::test_equality): Provide a region_model_manager when
1676 creating region_model instances.
1677 (selftest::test_many_constants): Likewise. Provide a
1678 program_point when testing merging.
1679 (selftest::run_constraint_manager_tests): Move call to
1680 test_constant_comparisons to outside the transitivity guard.
1681 * constraint-manager.h (struct bound): Move here from
1682 constraint-manager.cc.
1683 (struct range): Likewise.
1684 (struct::eval_condition): New decl.
1685 (struct::below_lower_bound): New decl.
1686 (struct::above_upper_bound): New decl.
1687 (equiv_class::add): Port from svalue_id to const svalue *.
1688 (equiv_class::del): Likewise.
1689 (equiv_class::get_representative): Likewise.
1690 (equiv_class::remap_svalue_ids): Drop.
1691 (equiv_class::m_cst_sid): Convert to..
1692 (equiv_class::m_cst_sval): ...this.
1693 (equiv_class::m_vars): Port from svalue_id to const svalue *.
1694 (constraint::bool implied_by): New decl.
1695 (fact_visitor::on_fact): Port from svalue_id to const svalue *.
1696 (constraint_manager::constraint_manager): Add mgr param.
1697 (constraint_manager::clone): Delete.
1698 (constraint_manager::maybe_get_constant): Delete.
1699 (constraint_manager::get_sid_for_constant): Delete.
1700 (constraint_manager::get_num_svalues): Delete.
1701 (constraint_manager::dump_to_pp): Add "multiline" param.
1702 (constraint_manager::get_equiv_class): Port from svalue_id to
1703 const svalue *.
1704 (constraint_manager::add_constraint): Likewise.
1705 (constraint_manager::get_equiv_class_by_sid): Rename to...
1706 (constraint_manager::get_equiv_class_by_svalue): ...this, porting
1707 from svalue_id to const svalue *.
1708 (constraint_manager::add_unknown_constraint): New decl.
1709 (constraint_manager::get_or_add_equiv_class): Port from svalue_id
1710 to const svalue *.
1711 (constraint_manager::eval_condition): Likewise. Add overloads.
1712 (constraint_manager::get_ec_bounds): New decl.
1713 (constraint_manager::purge): Convert to template.
1714 (constraint_manager::remap_svalue_ids): Delete.
1715 (constraint_manager::on_liveness_change): New decl.
1716 (constraint_manager::canonicalize): Drop param.
1717 (constraint_manager::clean_merger_input): Delete.
1718 (constraint_manager::m_mgr): New field.
1719 * diagnostic-manager.cc: Move includes of
1720 "analyzer/call-string.h" and "analyzer/program-point.h" to before
1721 "analyzer/region-model.h", and also include "analyzer/store.h"
1722 before it.
1723 (saved_diagnostic::saved_diagnostic): Add "sval" param.
1724 (diagnostic_manager::diagnostic_manager): Add engine param.
1725 (diagnostic_manager::add_diagnostic): Add "sval" param, passing it
1726 to saved_diagnostic ctor. Update overload to pass NULL for it.
1727 (dedupe_winners::dedupe_winners): Add engine param.
1728 (dedupe_winners::add): Add "eg" param. Pass m_engine to
1729 feasible_p.
1730 (dedupe_winner::m_engine): New field.
1731 (diagnostic_manager::emit_saved_diagnostics): Pass engine to
1732 dedupe_winners. Pass &eg when adding candidates. Pass svalue
1733 rather than tree to prune_path. Use get_stmt_location to get
1734 primary location of diagnostic.
1735 (diagnostic_manager::emit_saved_diagnostic): Likewise.
1736 (get_any_origin): Drop.
1737 (state_change_event_creator::on_global_state_change): Pass NULL
1738 const svalue * rather than NULL_TREE trees to state_change_event
1739 ctor.
1740 (state_change_event_creator::on_state_change): Port from tree and
1741 svalue_id to const svalue *.
1742 (for_each_state_change): Port from svalue_id to const svalue *.
1743 (struct null_assignment_sm_context): New.
1744 (diagnostic_manager::add_events_for_eedge): Add state change
1745 events for assignment to NULL.
1746 (diagnostic_manager::prune_path): Update param from tree to
1747 const svalue *.
1748 (diagnostic_manager::prune_for_sm_diagnostic): Port from tracking
1749 by tree to by const svalue *.
1750 * diagnostic-manager.h (saved_diagnostic::saved_diagnostic): Add sval
1751 param.
1752 (saved_diagnostic::m_sval): New field.
1753 (diagnostic_manager::diagnostic_manager): Add engine param.
1754 (diagnostic_manager::get_engine): New.
1755 (diagnostic_manager::add_diagnostic): Add "sval" param.
1756 (diagnostic_manager::prune_path): Likewise.
1757 (diagnostic_manager::prune_for_sm_diagnostic): New overload.
1758 (diagnostic_manager::m_eng): New field.
1759 * engine.cc: Move includes of "analyzer/call-string.h" and
1760 "analyzer/program-point.h" to before "analyzer/region-model.h",
1761 and also include "analyzer/store.h" before it.
1762 (impl_region_model_context::impl_region_model_context): Update for
1763 removal of m_change field.
1764 (impl_region_model_context::remap_svalue_ids): Delete.
1765 (impl_region_model_context::on_svalue_leak): New.
1766 (impl_region_model_context::on_svalue_purge): Delete.
1767 (impl_region_model_context::on_liveness_change): New.
1768 (impl_region_model_context::on_unknown_change): Update param
1769 from svalue_id to const svalue *. Add is_mutable param.
1770 (setjmp_svalue::compare_fields): Delete.
1771 (setjmp_svalue::accept): New.
1772 (setjmp_svalue::add_to_hash): Delete.
1773 (setjmp_svalue::dump_to_pp): New.
1774 (setjmp_svalue::print_details): Delete.
1775 (impl_sm_context::impl_sm_context): Drop "change" param.
1776 (impl_sm_context::get_fndecl_for_call): Drop "m_change".
1777 (impl_sm_context::on_transition): Drop ATTRIBUTE_UNUSED from
1778 "stmt" param. Drop m_change. Port from svalue_id to
1779 const svalue *.
1780 (impl_sm_context::warn_for_state): Drop m_change. Port from
1781 svalue_id to const svalue *.
1782 (impl_sm_context::get_readable_tree): Rename to...
1783 (impl_sm_context::get_diagnostic_tree): ...this. Port from
1784 svalue_id to const svalue *.
1785 (impl_sm_context::is_zero_assignment): New.
1786 (impl_sm_context::m_change): Delete field.
1787 (leak_stmt_finder::find_stmt): Handle m_var being NULL.
1788 (readability): Increase penalty for MEM_REF. For SSA_NAMEs,
1789 slightly favor the underlying var over the SSA name. Heavily
1790 penalize temporaries. Handle RESULT_DECL.
1791 (readability_comparator): Make non-static. Consider stack depths.
1792 (impl_region_model_context::on_state_leak): Convert from svalue_id
1793 to const svalue *, updating for region_model changes. Use
1794 id_equal.
1795 (impl_region_model_context::on_inherited_svalue): Delete.
1796 (impl_region_model_context::on_cast): Delete.
1797 (impl_region_model_context::on_condition): Drop m_change.
1798 (impl_region_model_context::on_phi): Likewise.
1799 (impl_region_model_context::on_unexpected_tree_code): Handle t
1800 being NULL.
1801 (point_and_state::validate): Update stack checking for
1802 region_model changes.
1803 (eg_traits::dump_args_t::show_enode_details_p): New.
1804 (exploded_node::exploded_node): Initialize m_num_processed_stmts.
1805 (exploded_node::get_processed_stmt): New function.
1806 (exploded_node::get_dot_fillcolor): Add more colors.
1807 (exploded_node::dump_dot): Guard the printing of the point and
1808 state with show_enode_details_p. Print the processed stmts for
1809 this enode after the initial state.
1810 (exploded_node::dump_to_pp): Pass true for new multiline param
1811 of program_state::dump_to_pp.
1812 (exploded_node::on_stmt): Drop "change" param. Log the stmt.
1813 Set input_location. Implement __analyzer_describe. Update
1814 implementation of __analyzer_dump and __analyzer_eval.
1815 Remove purging of sm-state for unknown fncalls from here.
1816 (exploded_node::on_edge): Drop "change" param.
1817 (exploded_node::on_longjmp): Port from region_id/svalue_id to
1818 const region */const svalue *. Call program_state::detect_leaks.
1819 Drop state_change.
1820 (exploded_node::detect_leaks): Update for changes to region_model.
1821 Call program_state::detect_leaks.
1822 (exploded_edge::exploded_edge): Drop ext_state and change params.
1823 (exploded_edge::dump_dot): "args" is no longer used. Drop dumping
1824 of m_change.
1825 (exploded_graph::exploded_graph): Pass engine to
1826 m_diagnostic_manager ctor. Use program_point::origin.
1827 (exploded_graph::add_function_entry): Drop ctxt. Use
1828 program_state::push_frame. Drop state_change.
1829 (exploded_graph::get_or_create_node): Drop "change" param. Add
1830 "enode_for_diag" param. Update dumping calls for API changes.
1831 Pass point to can_merge_with_p. Show enode indices
1832 within -Wanalyzer-too-complex diagnostic for hitting the per-point
1833 limit.
1834 (exploded_graph::add_edge): Drop "change" param. Log which nodes
1835 are being connected. Update for changes to exploded_edge ctor.
1836 (exploded_graph::get_per_program_point_data): New.
1837 (exploded_graph::process_worklist): Pass point to
1838 can_merge_with_p. Drop state_change. Update dumping call for API
1839 change.
1840 (exploded_graph::process_node): Drop state_change. Split the
1841 node in-place if an sm-state-change occurs. Update
1842 m_num_processed_stmts. Update dumping calls for API change.
1843 (exploded_graph::log_stats): Call engine::log_stats.
1844 (exploded_graph::dump_states_for_supernode): Update dumping
1845 call.
1846 (exploded_path::feasible_p): Add "eng" and "eg" params.
1847 Rename "i" to "end_idx". Pass the manager to the region_model
1848 ctor. Update for every processed stmt in the enode, not just the
1849 first. Keep track of which snodes have been visited, and call
1850 loop_replay_fixup when revisiting one.
1851 (enode_label::get_text): Update dump call for new param.
1852 (exploded_graph::dump_exploded_nodes): Likewise.
1853 (exploded_graph::get_node_by_index): New.
1854 (impl_run_checkers): Create engine instance and pass its address
1855 to extrinsic_state ctor.
1856 * exploded-graph.h
1857 (impl_region_model_context::impl_region_model_context): Drop
1858 "change" params.
1859 (impl_region_model_context::void remap_svalue_ids): Delete.
1860 (impl_region_model_context::on_svalue_purge): Delete.
1861 (impl_region_model_context::on_svalue_leak): New.
1862 (impl_region_model_context::on_liveness_change): New.
1863 (impl_region_model_context::on_state_leak): Update signature.
1864 (impl_region_model_context::on_inherited_svalue): Delete.
1865 (impl_region_model_context::on_cast): Delete.
1866 (impl_region_model_context::on_unknown_change): Update signature.
1867 (impl_region_model_context::m_change): Delete.
1868 (eg_traits::dump_args_t::show_enode_details_p): New.
1869 (exploded_node::on_stmt): Drop "change" param.
1870 (exploded_node::on_edge): Likewise.
1871 (exploded_node::get_processed_stmt): New decl.
1872 (exploded_node::m_num_processed_stmts): New field.
1873 (exploded_edge::exploded_edge): Drop ext_state and change params.
1874 (exploded_edge::m_change): Delete.
1875 (exploded_graph::get_engine): New accessor.
1876 (exploded_graph::get_or_create_node): Drop "change" param. Add
1877 "enode_for_diag" param.
1878 (exploded_graph::add_edge): Drop "change" param.
1879 (exploded_graph::get_per_program_point_data): New decl.
1880 (exploded_graph::get_node_by_index): New decl.
1881 (exploded_path::feasible_p): Add "eng" and "eg" params.
1882 * program-point.cc: Include "analyzer/store.h" before including
1883 "analyzer/region-model.h".
1884 (function_point::function_point): Move here from
1885 program-point.h.
1886 (function_point::get_function): Likewise.
1887 (function_point::from_function_entry): Likewise.
1888 (function_point::before_supernode): Likewise.
1889 (function_point::next_stmt): New function.
1890 * program-point.h (function_point::function_point): Move
1891 implementation from here to program-point.cc.
1892 (function_point::get_function): Likewise.
1893 (function_point::from_function_entry): Likewise.
1894 (function_point::before_supernode): Likewise.
1895 (function_point::next_stmt): New decl.
1896 (program_point::operator!=): New.
1897 (program_point::origin): New.
1898 (program_point::next_stmt): New.
1899 (program_point::m_function_point): Make non-const.
1900 * program-state.cc: Move includes of "analyzer/call-string.h" and
1901 "analyzer/program-point.h" to before "analyzer/region-model.h",
1902 and also include "analyzer/store.h" before it.
1903 (extrinsic_state::get_model_manager): New.
1904 (sm_state_map::sm_state_map): Pass in sm and sm_idx to ctor,
1905 rather than pass the around.
1906 (sm_state_map::clone_with_remapping): Delete.
1907 (sm_state_map::print): Remove "sm" param in favor of "m_sm". Add
1908 "simple" and "multiline" params and support multiline vs single
1909 line dumping.
1910 (sm_state_map::dump): Remove "sm" param in favor of "m_sm". Add
1911 "simple" param.
1912 (sm_state_map::hash): Port from svalue_id to const svalue *.
1913 (sm_state_map::operator==): Likewise.
1914 (sm_state_map::get_state): Likewise. Call canonicalize_svalue on
1915 input. Handle inheritance of sm-state. Call get_default_state.
1916 (sm_state_map::get_origin): Port from svalue_id to const svalue *.
1917 (sm_state_map::set_state): Likewise. Pass in ext_state. Reject
1918 attempts to set state on UNKNOWN.
1919 (sm_state_map::impl_set_state): Port from svalue_id to
1920 const svalue *. Pass in ext_state. Call canonicalize_svalue on
1921 input.
1922 (sm_state_map::purge_for_unknown_fncall): Delete.
1923 (sm_state_map::on_svalue_leak): New.
1924 (sm_state_map::remap_svalue_ids): Delete.
1925 (sm_state_map::on_liveness_change): New.
1926 (sm_state_map::on_unknown_change): Reimplement.
1927 (sm_state_map::on_svalue_purge): Delete.
1928 (sm_state_map::on_inherited_svalue): Delete.
1929 (sm_state_map::on_cast): Delete.
1930 (sm_state_map::validate): Delete.
1931 (sm_state_map::canonicalize_svalue): New.
1932 (program_state::program_state): Update to pass manager to
1933 region_model's ctor. Constify num_states and pass state machine
1934 and index to sm_state_map ctor.
1935 (program_state::print): Update for changes to dump API.
1936 (program_state::dump_to_pp): Ignore the summarize param. Add
1937 "multiline" param.
1938 (program_state::dump_to_file): Add "multiline" param.
1939 (program_state::dump): Pass "true" for new "multiline" param.
1940 (program_state::push_frame): New.
1941 (program_state::on_edge): Drop "change" param. Call
1942 program_state::detect_leaks.
1943 (program_state::prune_for_point): Add enode_for_diag param.
1944 Reimplement based on store class. Call detect_leaks
1945 (program_state::remap_svalue_ids): Delete.
1946 (program_state::get_representative_tree): Port from svalue_id to
1947 const svalue *.
1948 (program_state::can_merge_with_p): Add "point" param. Add early
1949 reject for sm-differences. Drop id remapping.
1950 (program_state::validate): Drop region model and sm_state_map
1951 validation.
1952 (state_change::sm_change::dump): Delete.
1953 (state_change::sm_change::remap_svalue_ids): Delete.
1954 (state_change::sm_change::on_svalue_purge): Delete.
1955 (log_set_of_svalues): New.
1956 (state_change::sm_change::validate): Delete.
1957 (state_change::state_change): Delete.
1958 (state_change::add_sm_change): Delete.
1959 (state_change::affects_p): Delete.
1960 (state_change::dump): Delete.
1961 (state_change::remap_svalue_ids): Delete.
1962 (state_change::on_svalue_purge): Delete.
1963 (state_change::validate): Delete.
1964 (selftest::assert_dump_eq): Delete.
1965 (ASSERT_DUMP_EQ): Delete.
1966 (selftest::test_sm_state_map): Update for changes to region_model
1967 and sm_state_map, porting from svalue_id to const svalue *.
1968 (selftest::test_program_state_dumping): Likewise. Drop test of
1969 dumping, renaming to...
1970 (selftest::test_program_state_1): ...this.
1971 (selftest::test_program_state_dumping_2): Likewise, renaming to...
1972 (selftest::test_program_state_2): ...this.
1973 (selftest::test_program_state_merging): Update for changes to
1974 region_model.
1975 (selftest::test_program_state_merging_2): Likewise.
1976 (selftest::analyzer_program_state_cc_tests): Update for renamed
1977 tests.
1978 * program-state.h (extrinsic_state::extrinsic_state): Add logger
1979 and engine params.
1980 (extrinsic_state::get_logger): New accessor.
1981 (extrinsic_state::get_engine): New accessor.
1982 (extrinsic_state::get_model_manager): New accessor.
1983 (extrinsic_state::m_logger): New field.
1984 (extrinsic_state::m_engine): New field.
1985 (struct default_hash_traits<svalue_id>): Delete.
1986 (pod_hash_traits<svalue_id>::hash): Delete.
1987 (pod_hash_traits<svalue_id>::equal): Delete.
1988 (pod_hash_traits<svalue_id>::mark_deleted): Delete.
1989 (pod_hash_traits<svalue_id>::mark_empty): Delete.
1990 (pod_hash_traits<svalue_id>::is_deleted): Delete.
1991 (pod_hash_traits<svalue_id>::is_empty): Delete.
1992 (sm_state_map::entry_t::entry_t): Port from svalue_id to
1993 const svalue *.
1994 (sm_state_map::entry_t::m_origin): Likewise.
1995 (sm_state_map::map_t): Likewise.
1996 (sm_state_map::sm_state_map): Add state_machine and index params.
1997 (sm_state_map::clone_with_remapping): Delete.
1998 (sm_state_map::print): Drop sm param; add simple and multiline
1999 params.
2000 (sm_state_map::dump): Drop sm param; add simple param.
2001 (sm_state_map::get_state): Port from svalue_id to const svalue *.
2002 Add ext_state param.
2003 (sm_state_map::get_origin): Likewise.
2004 (sm_state_map::set_state): Likewise.
2005 (sm_state_map::impl_set_state): Likewise.
2006 (sm_state_map::purge_for_unknown_fncall): Delete.
2007 (sm_state_map::remap_svalue_ids): Delete.
2008 (sm_state_map::on_svalue_purge): Delete.
2009 (sm_state_map::on_svalue_leak): New.
2010 (sm_state_map::on_liveness_change): New.
2011 (sm_state_map::on_inherited_svalue): Delete.
2012 (sm_state_map::on_cast): Delete.
2013 (sm_state_map::validate): Delete.
2014 (sm_state_map::on_unknown_change): Port from svalue_id to
2015 const svalue *. Add is_mutable and ext_state params.
2016 (sm_state_map::canonicalize_svalue): New.
2017 (sm_state_map::m_sm): New field.
2018 (sm_state_map::m_sm_idx): New field.
2019 (program_state::operator=): Delete.
2020 (program_state::dump_to_pp): Drop "summarize" param, adding
2021 "simple" and "multiline".
2022 (program_state::dump_to_file): Likewise.
2023 (program_state::dump): Rename "summarize" to "simple".
2024 (program_state::push_frame): New.
2025 (program_state::get_current_function): New.
2026 (program_state::on_edge): Drop "change" param.
2027 (program_state::prune_for_point): Likewise. Add enode_for_diag
2028 param.
2029 (program_state::remap_svalue_ids): Delete.
2030 (program_state::get_representative_tree): Port from svalue_id to
2031 const svalue *.
2032 (program_state::can_purge_p): Likewise. Pass ext_state to get_state.
2033 (program_state::can_merge_with_p): Add point param.
2034 (program_state::detect_leaks): New.
2035 (state_change_visitor::on_state_change): Port from tree and
2036 svalue_id to a pair of const svalue *.
2037 (class state_change): Delete.
2038 * region.cc: New file.
2039 * region-model-impl-calls.cc: New file.
2040 * region-model-manager.cc: New file.
2041 * region-model-reachability.cc: New file.
2042 * region-model-reachability.h: New file.
2043 * region-model.cc: Include "analyzer/call-string.h",
2044 "analyzer/program-point.h", and "analyzer/store.h" before
2045 "analyzer/region-model.h". Include
2046 "analyzer/region-model-reachability.h".
2047 (dump_tree): Make non-static.
2048 (dump_quoted_tree): Make non-static.
2049 (print_quoted_type): Make non-static.
2050 (path_var::dump): Delete.
2051 (dump_separator): Delete.
2052 (class impl_constraint_manager): Delete.
2053 (svalue_id::print): Delete.
2054 (svalue_id::dump_node_name_to_pp): Delete.
2055 (svalue_id::validate): Delete.
2056 (region_id::print): Delete.
2057 (region_id::dump_node_name_to_pp): Delete.
2058 (region_id::validate): Delete.
2059 (region_id_set::region_id_set): Delete.
2060 (svalue_id_set::svalue_id_set): Delete.
2061 (svalue::operator==): Delete.
2062 (svalue::hash): Delete.
2063 (svalue::print): Delete.
2064 (svalue::dump_dot_to_pp): Delete.
2065 (svalue::remap_region_ids): Delete.
2066 (svalue::walk_for_canonicalization): Delete.
2067 (svalue::get_child_sid): Delete.
2068 (svalue::maybe_get_constant): Delete.
2069 (region_svalue::compare_fields): Delete.
2070 (region_svalue::add_to_hash): Delete.
2071 (region_svalue::print_details): Delete.
2072 (region_svalue::dump_dot_to_pp): Delete.
2073 (region_svalue::remap_region_ids): Delete.
2074 (region_svalue::merge_values): Delete.
2075 (region_svalue::walk_for_canonicalization): Delete.
2076 (region_svalue::eval_condition): Delete.
2077 (constant_svalue::compare_fields): Delete.
2078 (constant_svalue::add_to_hash): Delete.
2079 (constant_svalue::merge_values): Delete.
2080 (constant_svalue::eval_condition): Move to svalue.cc.
2081 (constant_svalue::print_details): Delete.
2082 (constant_svalue::get_child_sid): Delete.
2083 (unknown_svalue::compare_fields): Delete.
2084 (unknown_svalue::add_to_hash): Delete.
2085 (unknown_svalue::print_details): Delete.
2086 (poison_kind_to_str): Move to svalue.cc.
2087 (poisoned_svalue::compare_fields): Delete.
2088 (poisoned_svalue::add_to_hash): Delete.
2089 (poisoned_svalue::print_details): Delete.
2090 (region_kind_to_str): Move to region.cc and reimplement.
2091 (region::operator==): Delete.
2092 (region::get_parent_region): Delete.
2093 (region::set_value): Delete.
2094 (region::become_active_view): Delete.
2095 (region::deactivate_any_active_view): Delete.
2096 (region::deactivate_view): Delete.
2097 (region::get_value): Delete.
2098 (region::get_inherited_child_sid): Delete.
2099 (region_model::copy_region): Delete.
2100 (region_model::copy_struct_region): Delete.
2101 (region_model::copy_union_region): Delete.
2102 (region_model::copy_array_region): Delete.
2103 (region::hash): Delete.
2104 (region::print): Delete.
2105 (region::dump_dot_to_pp): Delete.
2106 (region::dump_to_pp): Delete.
2107 (region::dump_child_label): Delete.
2108 (region::validate): Delete.
2109 (region::remap_svalue_ids): Delete.
2110 (region::remap_region_ids): Delete.
2111 (region::add_view): Delete.
2112 (region::get_view): Delete.
2113 (region::region): Move to region.cc.
2114 (region::add_to_hash): Delete.
2115 (region::print_fields): Delete.
2116 (region::non_null_p): Delete.
2117 (primitive_region::clone): Delete.
2118 (primitive_region::walk_for_canonicalization): Delete.
2119 (map_region::map_region): Delete.
2120 (map_region::compare_fields): Delete.
2121 (map_region::print_fields): Delete.
2122 (map_region::validate): Delete.
2123 (map_region::dump_dot_to_pp): Delete.
2124 (map_region::dump_child_label): Delete.
2125 (map_region::get_or_create): Delete.
2126 (map_region::get): Delete.
2127 (map_region::add_to_hash): Delete.
2128 (map_region::remap_region_ids): Delete.
2129 (map_region::unbind): Delete.
2130 (map_region::get_tree_for_child_region): Delete.
2131 (map_region::get_tree_for_child_region): Delete.
2132 (tree_cmp): Move to region.cc.
2133 (map_region::can_merge_p): Delete.
2134 (map_region::walk_for_canonicalization): Delete.
2135 (map_region::get_value_by_name): Delete.
2136 (struct_or_union_region::valid_key_p): Delete.
2137 (struct_or_union_region::compare_fields): Delete.
2138 (struct_region::clone): Delete.
2139 (struct_region::compare_fields): Delete.
2140 (union_region::clone): Delete.
2141 (union_region::compare_fields): Delete.
2142 (frame_region::compare_fields): Delete.
2143 (frame_region::clone): Delete.
2144 (frame_region::valid_key_p): Delete.
2145 (frame_region::print_fields): Delete.
2146 (frame_region::add_to_hash): Delete.
2147 (globals_region::compare_fields): Delete.
2148 (globals_region::clone): Delete.
2149 (globals_region::valid_key_p): Delete.
2150 (code_region::compare_fields): Delete.
2151 (code_region::clone): Delete.
2152 (code_region::valid_key_p): Delete.
2153 (array_region::array_region): Delete.
2154 (array_region::get_element): Delete.
2155 (array_region::clone): Delete.
2156 (array_region::compare_fields): Delete.
2157 (array_region::print_fields): Delete.
2158 (array_region::validate): Delete.
2159 (array_region::dump_dot_to_pp): Delete.
2160 (array_region::dump_child_label): Delete.
2161 (array_region::get_or_create): Delete.
2162 (array_region::get): Delete.
2163 (array_region::add_to_hash): Delete.
2164 (array_region::remap_region_ids): Delete.
2165 (array_region::get_key_for_child_region): Delete.
2166 (array_region::key_cmp): Delete.
2167 (array_region::walk_for_canonicalization): Delete.
2168 (array_region::key_from_constant): Delete.
2169 (array_region::constant_from_key): Delete.
2170 (function_region::compare_fields): Delete.
2171 (function_region::clone): Delete.
2172 (function_region::valid_key_p): Delete.
2173 (stack_region::stack_region): Delete.
2174 (stack_region::compare_fields): Delete.
2175 (stack_region::clone): Delete.
2176 (stack_region::print_fields): Delete.
2177 (stack_region::dump_child_label): Delete.
2178 (stack_region::validate): Delete.
2179 (stack_region::push_frame): Delete.
2180 (stack_region::get_current_frame_id): Delete.
2181 (stack_region::pop_frame): Delete.
2182 (stack_region::add_to_hash): Delete.
2183 (stack_region::remap_region_ids): Delete.
2184 (stack_region::can_merge_p): Delete.
2185 (stack_region::walk_for_canonicalization): Delete.
2186 (stack_region::get_value_by_name): Delete.
2187 (heap_region::heap_region): Delete.
2188 (heap_region::compare_fields): Delete.
2189 (heap_region::clone): Delete.
2190 (heap_region::walk_for_canonicalization): Delete.
2191 (root_region::root_region): Delete.
2192 (root_region::compare_fields): Delete.
2193 (root_region::clone): Delete.
2194 (root_region::print_fields): Delete.
2195 (root_region::validate): Delete.
2196 (root_region::dump_child_label): Delete.
2197 (root_region::push_frame): Delete.
2198 (root_region::get_current_frame_id): Delete.
2199 (root_region::pop_frame): Delete.
2200 (root_region::ensure_stack_region): Delete.
2201 (root_region::get_stack_region): Delete.
2202 (root_region::ensure_globals_region): Delete.
2203 (root_region::get_code_region): Delete.
2204 (root_region::ensure_code_region): Delete.
2205 (root_region::get_globals_region): Delete.
2206 (root_region::ensure_heap_region): Delete.
2207 (root_region::get_heap_region): Delete.
2208 (root_region::remap_region_ids): Delete.
2209 (root_region::can_merge_p): Delete.
2210 (root_region::add_to_hash): Delete.
2211 (root_region::walk_for_canonicalization): Delete.
2212 (root_region::get_value_by_name): Delete.
2213 (symbolic_region::symbolic_region): Delete.
2214 (symbolic_region::compare_fields): Delete.
2215 (symbolic_region::clone): Delete.
2216 (symbolic_region::walk_for_canonicalization): Delete.
2217 (symbolic_region::print_fields): Delete.
2218 (region_model::region_model): Add region_model_manager * param.
2219 Reimplement in terms of store, dropping impl_constraint_manager
2220 subclass.
2221 (region_model::operator=): Reimplement in terms of store
2222 (region_model::operator==): Likewise.
2223 (region_model::hash): Likewise.
2224 (region_model::print): Delete.
2225 (region_model::print_svalue): Delete.
2226 (region_model::dump_dot_to_pp): Delete.
2227 (region_model::dump_dot_to_file): Delete.
2228 (region_model::dump_dot): Delete.
2229 (region_model::dump_to_pp): Replace "summarize" param with
2230 "simple" and "multiline". Port to store-based implementation.
2231 (region_model::dump): Replace "summarize" param with "simple" and
2232 "multiline".
2233 (dump_vec_of_tree): Delete.
2234 (region_model::dump_summary_of_rep_path_vars): Delete.
2235 (region_model::validate): Delete.
2236 (svalue_id_cmp_by_constant_svalue_model): Delete.
2237 (svalue_id_cmp_by_constant_svalue): Delete.
2238 (region_model::canonicalize): Drop "ctxt" param. Reimplement in
2239 terms of store and constraints.
2240 (region_model::canonicalized_p): Remove NULL arg to canonicalize.
2241 (region_model::loop_replay_fixup): New.
2242 (poisoned_value_diagnostic::emit): Tweak wording of warnings.
2243 (region_model::check_for_poison): Delete.
2244 (region_model::get_gassign_result): New.
2245 (region_model::on_assignment): Port to store-based implementation.
2246 (region_model::on_call_pre): Delete calls to check_for_poison.
2247 Move implementations to region-model-impl-calls.c and port to
2248 store-based implementation.
2249 (region_model::on_call_post): Likewise.
2250 (class reachable_regions): Move to region-model-reachability.h/cc
2251 and port to store-based implementation.
2252 (region_model::handle_unrecognized_call): Port to store-based
2253 implementation.
2254 (region_model::get_reachable_svalues): New.
2255 (region_model::on_setjmp): Port to store-based implementation.
2256 (region_model::on_longjmp): Likewise.
2257 (region_model::handle_phi): Drop is_back_edge param and the logic
2258 using it.
2259 (region_model::get_lvalue_1): Port from region_id to const region *.
2260 (region_model::make_region_for_unexpected_tree_code): Delete.
2261 (assert_compat_types): If the check fails, use internal_error to
2262 show the types.
2263 (region_model::get_lvalue): Port from region_id to const region *.
2264 (region_model::get_rvalue_1): Port from svalue_id to const svalue *.
2265 (region_model::get_rvalue): Likewise.
2266 (region_model::get_or_create_ptr_svalue): Delete.
2267 (region_model::get_or_create_constant_svalue): Delete.
2268 (region_model::get_svalue_for_fndecl): Delete.
2269 (region_model::get_region_for_fndecl): Delete.
2270 (region_model::get_svalue_for_label): Delete.
2271 (region_model::get_region_for_label): Delete.
2272 (build_cast): Delete.
2273 (region_model::maybe_cast_1): Delete.
2274 (region_model::maybe_cast): Delete.
2275 (region_model::get_field_region): Delete.
2276 (region_model::get_store_value): New.
2277 (region_model::region_exists_p): New.
2278 (region_model::deref_rvalue): Port from svalue_id to const svalue *.
2279 (region_model::set_value): Likewise.
2280 (region_model::clobber_region): New.
2281 (region_model::purge_region): New.
2282 (region_model::zero_fill_region): New.
2283 (region_model::mark_region_as_unknown): New.
2284 (region_model::eval_condition): Port from svalue_id to
2285 const svalue *.
2286 (region_model::eval_condition_without_cm): Likewise.
2287 (region_model::compare_initial_and_pointer): New.
2288 (region_model::add_constraint): Port from svalue_id to
2289 const svalue *.
2290 (region_model::maybe_get_constant): Delete.
2291 (region_model::get_representative_path_var): New.
2292 (region_model::add_new_malloc_region): Delete.
2293 (region_model::get_representative_tree): Port to const svalue *.
2294 (region_model::get_representative_path_var): Port to
2295 const region *.
2296 (region_model::get_path_vars_for_svalue): Delete.
2297 (region_model::set_to_new_unknown_value): Delete.
2298 (region_model::update_for_phis): Don't pass is_back_edge to handle_phi.
2299 (region_model::update_for_call_superedge): Port from svalue_id to
2300 const svalue *.
2301 (region_model::update_for_return_superedge): Port to store-based
2302 implementation.
2303 (region_model::update_for_call_summary): Replace
2304 set_to_new_unknown_value with mark_region_as_unknown.
2305 (region_model::get_root_region): Delete.
2306 (region_model::get_stack_region_id): Delete.
2307 (region_model::push_frame): Delete.
2308 (region_model::get_current_frame_id): Delete.
2309 (region_model::get_current_function): Delete.
2310 (region_model::pop_frame): Delete.
2311 (region_model::on_top_level_param): New.
2312 (region_model::get_stack_depth): Delete.
2313 (region_model::get_function_at_depth): Delete.
2314 (region_model::get_globals_region_id): Delete.
2315 (region_model::add_svalue): Delete.
2316 (region_model::replace_svalue): Delete.
2317 (region_model::add_region): Delete.
2318 (region_model::get_svalue): Delete.
2319 (region_model::get_region): Delete.
2320 (make_region_for_type): Delete.
2321 (region_model::add_region_for_type): Delete.
2322 (region_model::on_top_level_param): New.
2323 (class restrict_to_used_svalues): Delete.
2324 (region_model::purge_unused_svalues): Delete.
2325 (region_model::push_frame): New.
2326 (region_model::remap_svalue_ids): Delete.
2327 (region_model::remap_region_ids): Delete.
2328 (region_model::purge_regions): Delete.
2329 (region_model::get_descendents): Delete.
2330 (region_model::delete_region_and_descendents): Delete.
2331 (region_model::poison_any_pointers_to_bad_regions): Delete.
2332 (region_model::can_merge_with_p): Delete.
2333 (region_model::get_current_function): New.
2334 (region_model::get_value_by_name): Delete.
2335 (region_model::convert_byte_offset_to_array_index): Delete.
2336 (region_model::pop_frame): New.
2337 (region_model::get_or_create_mem_ref): Delete.
2338 (region_model::get_stack_depth): New.
2339 (region_model::get_frame_at_index): New.
2340 (region_model::unbind_region_and_descendents): New.
2341 (struct bad_pointer_finder): New.
2342 (region_model::get_or_create_pointer_plus_expr): Delete.
2343 (region_model::poison_any_pointers_to_descendents): New.
2344 (region_model::get_or_create_view): Delete.
2345 (region_model::can_merge_with_p): New.
2346 (region_model::get_fndecl_for_call): Port from svalue_id to
2347 const svalue *.
2348 (struct append_ssa_names_cb_data): New.
2349 (get_ssa_name_regions_for_current_frame): New.
2350 (region_model::append_ssa_names_cb): New.
2351 (model_merger::dump_to_pp): Add "simple" param. Drop dumping of
2352 remappings.
2353 (model_merger::dump): Add "simple" param to both overloads.
2354 (model_merger::can_merge_values_p): Delete.
2355 (model_merger::record_regions): Delete.
2356 (model_merger::record_svalues): Delete.
2357 (svalue_id_merger_mapping::svalue_id_merger_mapping): Delete.
2358 (svalue_id_merger_mapping::dump_to_pp): Delete.
2359 (svalue_id_merger_mapping::dump): Delete.
2360 (region_model::create_region_for_heap_alloc): New.
2361 (region_model::create_region_for_alloca): New.
2362 (region_model::record_dynamic_extents): New.
2363 (canonicalization::canonicalization): Delete.
2364 (canonicalization::walk_rid): Delete.
2365 (canonicalization::walk_sid): Delete.
2366 (canonicalization::dump_to_pp): Delete.
2367 (canonicalization::dump): Delete.
2368 (inchash::add): Delete overloads for svalue_id and region_id.
2369 (engine::log_stats): New.
2370 (assert_condition): Add overload comparing svalues.
2371 (assert_dump_eq): Pass "true" for multiline.
2372 (selftest::test_dump): Update for rewrite of region_model.
2373 (selftest::test_dump_2): Rename to...
2374 (selftest::test_struct): ...this. Provide a region_model_manager
2375 when creating region_model instance. Remove dump test. Add
2376 checks for get_offset.
2377 (selftest::test_dump_3): Rename to...
2378 (selftest::test_array_1): ...this. Provide a region_model_manager
2379 when creating region_model instance. Remove dump test.
2380 (selftest::test_get_representative_tree): Port from svalue_id to
2381 new API. Add test coverage for various expressions.
2382 (selftest::test_unique_constants): Provide a region_model_manager
2383 for the region_model. Add test coverage for comparing const vs
2384 non-const.
2385 (selftest::test_svalue_equality): Delete.
2386 (selftest::test_region_equality): Delete.
2387 (selftest::test_unique_unknowns): New.
2388 (class purge_all_svalue_ids): Delete.
2389 (class purge_one_svalue_id): Delete.
2390 (selftest::test_purging_by_criteria): Delete.
2391 (selftest::test_initial_svalue_folding): New.
2392 (selftest::test_unaryop_svalue_folding): New.
2393 (selftest::test_binop_svalue_folding): New.
2394 (selftest::test_sub_svalue_folding): New.
2395 (selftest::test_purge_unused_svalues): Delete.
2396 (selftest::test_descendent_of_p): New.
2397 (selftest::test_assignment): Provide a region_model_manager for
2398 the region_model. Drop the dump test.
2399 (selftest::test_compound_assignment): Likewise.
2400 (selftest::test_stack_frames): Port to new implementation.
2401 (selftest::test_get_representative_path_var): Likewise.
2402 (selftest::test_canonicalization_1): Rename to...
2403 (selftest::test_equality_1): ...this. Port to new API, and add
2404 (selftest::test_canonicalization_2): Provide a
2405 region_model_manager when creating region_model instances.
2406 Remove redundant canicalization.
2407 (selftest::test_canonicalization_3): Provide a
2408 region_model_manager when creating region_model instances.
2409 Remove param from calls to region_model::canonicalize.
2410 (selftest::test_canonicalization_4): Likewise.
2411 (selftest::assert_region_models_merge): Constify
2412 out_merged_svalue. Port to new API.
2413 (selftest::test_state_merging): Provide a
2414 region_model_manager when creating region_model instances.
2415 Provide a program_point point when merging them. Replace
2416 set_to_new_unknown_value with usage of placeholder_svalues.
2417 Drop get_value_by_name. Port from svalue_id to const svalue *.
2418 Add test of heap allocation.
2419 (selftest::test_constraint_merging): Provide a
2420 region_model_manager when creating region_model instances.
2421 Provide a program_point point when merging them. Eliminate use
2422 of set_to_new_unknown_value.
2423 (selftest::test_widening_constraints): New.
2424 (selftest::test_iteration_1): New.
2425 (selftest::test_malloc_constraints): Port to store-based
2426 implementation.
2427 (selftest::test_var): New test.
2428 (selftest::test_array_2): New test.
2429 (selftest::test_mem_ref): New test.
2430 (selftest::test_POINTER_PLUS_EXPR_then_MEM_REF): New.
2431 (selftest::test_malloc): New.
2432 (selftest::test_alloca): New.
2433 (selftest::analyzer_region_model_cc_tests): Update for renamings.
2434 Call new functions.
2435 * region-model.h (class path_var): Move to analyzer.h.
2436 (class svalue_id): Delete.
2437 (class region_id): Delete.
2438 (class id_map): Delete.
2439 (svalue_id_map): Delete.
2440 (region_id_map): Delete.
2441 (id_map<T>::id_map): Delete.
2442 (id_map<T>::put): Delete.
2443 (id_map<T>::get_dst_for_src): Delete.
2444 (id_map<T>::get_src_for_dst): Delete.
2445 (id_map<T>::dump_to_pp): Delete.
2446 (id_map<T>::dump): Delete.
2447 (id_map<T>::update): Delete.
2448 (one_way_svalue_id_map): Delete.
2449 (one_way_region_id_map): Delete.
2450 (class region_id_set): Delete.
2451 (class svalue_id_set): Delete.
2452 (struct complexity): New.
2453 (class visitor): New.
2454 (enum svalue_kind): Add SK_SETJMP, SK_INITIAL, SK_UNARYOP,
2455 SK_BINOP, SK_SUB,SK_UNMERGEABLE, SK_PLACEHOLDER, SK_WIDENING,
2456 SK_COMPOUND, and SK_CONJURED.
2457 (svalue::operator==): Delete.
2458 (svalue::operator!=): Delete.
2459 (svalue::clone): Delete.
2460 (svalue::hash): Delete.
2461 (svalue::dump_dot_to_pp): Delete.
2462 (svalue::dump_to_pp): New.
2463 (svalue::dump): New.
2464 (svalue::get_desc): New.
2465 (svalue::dyn_cast_initial_svalue): New.
2466 (svalue::dyn_cast_unaryop_svalue): New.
2467 (svalue::dyn_cast_binop_svalue): New.
2468 (svalue::dyn_cast_sub_svalue): New.
2469 (svalue::dyn_cast_unmergeable_svalue): New.
2470 (svalue::dyn_cast_widening_svalue): New.
2471 (svalue::dyn_cast_compound_svalue): New.
2472 (svalue::dyn_cast_conjured_svalue): New.
2473 (svalue::maybe_undo_cast): New.
2474 (svalue::unwrap_any_unmergeable): New.
2475 (svalue::remap_region_ids): Delete
2476 (svalue::can_merge_p): New.
2477 (svalue::walk_for_canonicalization): Delete
2478 (svalue::get_complexity): New.
2479 (svalue::get_child_sid): Delete
2480 (svalue::accept): New.
2481 (svalue::live_p): New.
2482 (svalue::implicitly_live_p): New.
2483 (svalue::svalue): Add complexity param.
2484 (svalue::add_to_hash): Delete
2485 (svalue::print_details): Delete
2486 (svalue::m_complexity): New field.
2487 (region_svalue::key_t): New struct.
2488 (region_svalue::region_svalue): Port from region_id to
2489 const region_id *. Add complexity.
2490 (region_svalue::compare_fields): Delete.
2491 (region_svalue::clone): Delete.
2492 (region_svalue::dump_dot_to_pp): Delete.
2493 (region_svalue::get_pointee): Port from region_id to
2494 const region_id *.
2495 (region_svalue::remap_region_ids): Delete.
2496 (region_svalue::merge_values): Delete.
2497 (region_svalue::dump_to_pp): New.
2498 (region_svalue::accept): New.
2499 (region_svalue::walk_for_canonicalization): Delete.
2500 (region_svalue::eval_condition): Make params const.
2501 (region_svalue::add_to_hash): Delete.
2502 (region_svalue::print_details): Delete.
2503 (region_svalue::m_rid): Replace with...
2504 (region_svalue::m_reg): ...this.
2505 (is_a_helper <region_svalue *>::test): Convert to...
2506 (is_a_helper <const region_svalue *>::test): ...this.
2507 (template <> struct default_hash_traits<region_svalue::key_t>):
2508 New.
2509 (constant_svalue::constant_svalue): Add complexity.
2510 (constant_svalue::compare_fields): Delete.
2511 (constant_svalue::clone): Delete.
2512 (constant_svalue::add_to_hash): Delete.
2513 (constant_svalue::dump_to_pp): New.
2514 (constant_svalue::accept): New.
2515 (constant_svalue::implicitly_live_p): New.
2516 (constant_svalue::merge_values): Delete.
2517 (constant_svalue::eval_condition): Make params const.
2518 (constant_svalue::get_child_sid): Delete.
2519 (constant_svalue::print_details): Delete.
2520 (is_a_helper <constant_svalue *>::test): Convert to...
2521 (is_a_helper <const constant_svalue *>::test): ...this.
2522 (class unknown_svalue): Update leading comment.
2523 (unknown_svalue::unknown_svalue): Add complexity.
2524 (unknown_svalue::compare_fields): Delete.
2525 (unknown_svalue::add_to_hash): Delete.
2526 (unknown_svalue::dyn_cast_unknown_svalue): Delete.
2527 (unknown_svalue::print_details): Delete.
2528 (unknown_svalue::dump_to_pp): New.
2529 (unknown_svalue::accept): New.
2530 (poisoned_svalue::key_t): New struct.
2531 (poisoned_svalue::poisoned_svalue): Add complexity.
2532 (poisoned_svalue::compare_fields): Delete.
2533 (poisoned_svalue::clone): Delete.
2534 (poisoned_svalue::add_to_hash): Delete.
2535 (poisoned_svalue::dump_to_pp): New.
2536 (poisoned_svalue::accept): New.
2537 (poisoned_svalue::print_details): Delete.
2538 (is_a_helper <poisoned_svalue *>::test): Convert to...
2539 (is_a_helper <const poisoned_svalue *>::test): ...this.
2540 (template <> struct default_hash_traits<poisoned_svalue::key_t>):
2541 New.
2542 (setjmp_record::add_to_hash): New.
2543 (setjmp_svalue::key_t): New struct.
2544 (setjmp_svalue::compare_fields): Delete.
2545 (setjmp_svalue::clone): Delete.
2546 (setjmp_svalue::add_to_hash): Delete.
2547 (setjmp_svalue::setjmp_svalue): Add complexity.
2548 (setjmp_svalue::dump_to_pp): New.
2549 (setjmp_svalue::accept): New.
2550 (setjmp_svalue::void print_details): Delete.
2551 (is_a_helper <const setjmp_svalue *>::test): New.
2552 (template <> struct default_hash_traits<setjmp_svalue::key_t>): New.
2553 (class initial_svalue : public svalue): New.
2554 (is_a_helper <const initial_svalue *>::test): New.
2555 (class unaryop_svalue): New.
2556 (is_a_helper <const unaryop_svalue *>::test): New.
2557 (template <> struct default_hash_traits<unaryop_svalue::key_t>): New.
2558 (class binop_svalue): New.
2559 (is_a_helper <const binop_svalue *>::test): New.
2560 (template <> struct default_hash_traits<binop_svalue::key_t>): New.
2561 (class sub_svalue): New.
2562 (is_a_helper <const sub_svalue *>::test): New.
2563 (template <> struct default_hash_traits<sub_svalue::key_t>): New.
2564 (class unmergeable_svalue): New.
2565 (is_a_helper <const unmergeable_svalue *>::test): New.
2566 (class placeholder_svalue): New.
2567 (is_a_helper <placeholder_svalue *>::test): New.
2568 (class widening_svalue): New.
2569 (is_a_helper <widening_svalue *>::test): New.
2570 (template <> struct default_hash_traits<widening_svalue::key_t>): New.
2571 (class compound_svalue): New.
2572 (is_a_helper <compound_svalue *>::test): New.
2573 (template <> struct default_hash_traits<compound_svalue::key_t>): New.
2574 (class conjured_svalue): New.
2575 (is_a_helper <conjured_svalue *>::test): New.
2576 (template <> struct default_hash_traits<conjured_svalue::key_t>): New.
2577 (enum region_kind): Delete RK_PRIMITIVE, RK_STRUCT, RK_UNION, and
2578 RK_ARRAY. Add RK_LABEL, RK_DECL, RK_FIELD, RK_ELEMENT, RK_OFFSET,
2579 RK_CAST, RK_HEAP_ALLOCATED, RK_ALLOCA, RK_STRING, and RK_UNKNOWN.
2580 (region_kind_to_str): Delete.
2581 (region::~region): Move implementation to region.cc.
2582 (region::operator==): Delete.
2583 (region::operator!=): Delete.
2584 (region::clone): Delete.
2585 (region::get_id): New.
2586 (region::cmp_ids): New.
2587 (region::dyn_cast_map_region): Delete.
2588 (region::dyn_cast_array_region): Delete.
2589 (region::region_id get_parent): Delete.
2590 (region::get_parent_region): Convert to a simple accessor.
2591 (region::void set_value): Delete.
2592 (region::svalue_id get_value): Delete.
2593 (region::svalue_id get_value_direct): Delete.
2594 (region::svalue_id get_inherited_child_sid): Delete.
2595 (region::dyn_cast_frame_region): New.
2596 (region::dyn_cast_function_region): New.
2597 (region::dyn_cast_decl_region): New.
2598 (region::dyn_cast_field_region): New.
2599 (region::dyn_cast_element_region): New.
2600 (region::dyn_cast_offset_region): New.
2601 (region::dyn_cast_cast_region): New.
2602 (region::dyn_cast_string_region): New.
2603 (region::accept): New.
2604 (region::get_base_region): New.
2605 (region::base_region_p): New.
2606 (region::descendent_of_p): New.
2607 (region::maybe_get_frame_region): New.
2608 (region::maybe_get_decl): New.
2609 (region::hash): Delete.
2610 (region::rint): Delete.
2611 (region::dump_dot_to_pp): Delete.
2612 (region::get_desc): New.
2613 (region::dump_to_pp): Convert to vfunc, changing signature.
2614 (region::dump_child_label): Delete.
2615 (region::remap_svalue_ids): Delete.
2616 (region::remap_region_ids): Delete.
2617 (region::dump): New.
2618 (region::walk_for_canonicalization): Delete.
2619 (region::non_null_p): Drop region_model param.
2620 (region::add_view): Delete.
2621 (region::get_view): Delete.
2622 (region::get_active_view): Delete.
2623 (region::is_view_p): Delete.
2624 (region::cmp_ptrs): New.
2625 (region::validate): Delete.
2626 (region::get_offset): New.
2627 (region::get_byte_size): New.
2628 (region::get_bit_size): New.
2629 (region::get_subregions_for_binding): New.
2630 (region::region): Add complexity param. Convert parent from
2631 region_id to const region *. Drop svalue_id. Drop copy ctor.
2632 (region::symbolic_for_unknown_ptr_p): New.
2633 (region::add_to_hash): Delete.
2634 (region::print_fields): Delete.
2635 (region::get_complexity): New accessor.
2636 (region::become_active_view): Delete.
2637 (region::deactivate_any_active_view): Delete.
2638 (region::deactivate_view): Delete.
2639 (region::calc_offset): New.
2640 (region::m_parent_rid): Delete.
2641 (region::m_sval_id): Delete.
2642 (region::m_complexity): New.
2643 (region::m_id): New.
2644 (region::m_parent): New.
2645 (region::m_view_rids): Delete.
2646 (region::m_is_view): Delete.
2647 (region::m_active_view_rid): Delete.
2648 (region::m_cached_offset): New.
2649 (is_a_helper <region *>::test): Convert to...
2650 (is_a_helper <const region *>::test): ... this.
2651 (class primitive_region): Delete.
2652 (class space_region): New.
2653 (class map_region): Delete.
2654 (is_a_helper <map_region *>::test): Delete.
2655 (class frame_region): Reimplement.
2656 (template <> struct default_hash_traits<frame_region::key_t>):
2657 New.
2658 (class globals_region): Reimplement.
2659 (is_a_helper <globals_region *>::test): Convert to...
2660 (is_a_helper <const globals_region *>::test): ...this.
2661 (class struct_or_union_region): Delete.
2662 (is_a_helper <struct_or_union_region *>::test): Delete.
2663 (class code_region): Reimplement.
2664 (is_a_helper <const code_region *>::test): New.
2665 (class struct_region): Delete.
2666 (is_a_helper <struct_region *>::test): Delete.
2667 (class function_region): Reimplement.
2668 (is_a_helper <function_region *>::test): Convert to...
2669 (is_a_helper <const function_region *>::test): ...this.
2670 (class union_region): Delete.
2671 (is_a_helper <union_region *>::test): Delete.
2672 (class label_region): New.
2673 (is_a_helper <const label_region *>::test): New.
2674 (class scope_region): Delete.
2675 (class stack_region): Reimplement.
2676 (is_a_helper <stack_region *>::test): Convert to...
2677 (is_a_helper <const stack_region *>::test): ...this.
2678 (class heap_region): Reimplement.
2679 (is_a_helper <heap_region *>::test): Convert to...
2680 (is_a_helper <const heap_region *>::test): ...this.
2681 (class root_region): Reimplement.
2682 (is_a_helper <root_region *>::test): Convert to...
2683 (is_a_helper <const root_region *>::test): ...this.
2684 (class symbolic_region): Reimplement.
2685 (is_a_helper <const symbolic_region *>::test): New.
2686 (template <> struct default_hash_traits<symbolic_region::key_t>):
2687 New.
2688 (class decl_region): New.
2689 (is_a_helper <const decl_region *>::test): New.
2690 (class field_region): New.
2691 (template <> struct default_hash_traits<field_region::key_t>): New.
2692 (class array_region): Delete.
2693 (class element_region): New.
2694 (is_a_helper <array_region *>::test): Delete.
2695 (is_a_helper <const element_region *>::test): New.
2696 (template <> struct default_hash_traits<element_region::key_t>):
2697 New.
2698 (class offset_region): New.
2699 (is_a_helper <const offset_region *>::test): New.
2700 (template <> struct default_hash_traits<offset_region::key_t>):
2701 New.
2702 (class cast_region): New.
2703 (is_a_helper <const cast_region *>::test): New.
2704 (template <> struct default_hash_traits<cast_region::key_t>): New.
2705 (class heap_allocated_region): New.
2706 (class alloca_region): New.
2707 (class string_region): New.
2708 (is_a_helper <const string_region *>::test): New.
2709 (class unknown_region): New.
2710 (class region_model_manager): New.
2711 (struct append_ssa_names_cb_data): New.
2712 (class call_details): New.
2713 (region_model::region_model): Add region_model_manager param.
2714 (region_model::print_svalue): Delete.
2715 (region_model::dump_dot_to_pp): Delete.
2716 (region_model::dump_dot_to_file): Delete.
2717 (region_model::dump_dot): Delete.
2718 (region_model::dump_to_pp): Drop summarize param in favor of
2719 simple and multiline.
2720 (region_model::dump): Likewise.
2721 (region_model::summarize_to_pp): Delete.
2722 (region_model::summarize): Delete.
2723 (region_model::void canonicalize): Drop ctxt param.
2724 (region_model::void check_for_poison): Delete.
2725 (region_model::get_gassign_result): New.
2726 (region_model::impl_call_alloca): New.
2727 (region_model::impl_call_analyzer_describe): New.
2728 (region_model::impl_call_analyzer_eval): New.
2729 (region_model::impl_call_builtin_expect): New.
2730 (region_model::impl_call_calloc): New.
2731 (region_model::impl_call_free): New.
2732 (region_model::impl_call_malloc): New.
2733 (region_model::impl_call_memset): New.
2734 (region_model::impl_call_strlen): New.
2735 (region_model::get_reachable_svalues): New.
2736 (region_model::handle_phi): Drop is_back_edge param.
2737 (region_model::region_id get_root_rid): Delete.
2738 (region_model::root_region *get_root_region): Delete.
2739 (region_model::region_id get_stack_region_id): Delete.
2740 (region_model::push_frame): Convert from region_id and svalue_id
2741 to const region * and const svalue *.
2742 (region_model::get_current_frame_id): Replace with...
2743 (region_model::get_current_frame): ...this.
2744 (region_model::pop_frame): Convert from region_id to
2745 const region *. Drop purge and stats param. Add out_result.
2746 (region_model::function *get_function_at_depth): Delete.
2747 (region_model::get_globals_region_id): Delete.
2748 (region_model::add_svalue): Delete.
2749 (region_model::replace_svalue): Delete.
2750 (region_model::add_region): Delete.
2751 (region_model::add_region_for_type): Delete.
2752 (region_model::get_svalue): Delete.
2753 (region_model::get_region): Delete.
2754 (region_model::get_lvalue): Convert from region_id to
2755 const region *.
2756 (region_model::get_rvalue): Convert from svalue_id to
2757 const svalue *.
2758 (region_model::get_or_create_ptr_svalue): Delete.
2759 (region_model::get_or_create_constant_svalue): Delete.
2760 (region_model::get_svalue_for_fndecl): Delete.
2761 (region_model::get_svalue_for_label): Delete.
2762 (region_model::get_region_for_fndecl): Delete.
2763 (region_model::get_region_for_label): Delete.
2764 (region_model::get_frame_at_index (int index) const;): New.
2765 (region_model::maybe_cast): Delete.
2766 (region_model::maybe_cast_1): Delete.
2767 (region_model::get_field_region): Delete.
2768 (region_model::id deref_rvalue): Convert from region_id and
2769 svalue_id to const region * and const svalue *. Drop overload,
2770 passing in both a tree and an svalue.
2771 (region_model::set_value): Convert from region_id and svalue_id to
2772 const region * and const svalue *.
2773 (region_model::set_to_new_unknown_value): Delete.
2774 (region_model::clobber_region (const region *reg);): New.
2775 (region_model::purge_region (const region *reg);): New.
2776 (region_model::zero_fill_region (const region *reg);): New.
2777 (region_model::mark_region_as_unknown (const region *reg);): New.
2778 (region_model::copy_region): Convert from region_id to
2779 const region *.
2780 (region_model::eval_condition): Convert from svalue_id to
2781 const svalue *.
2782 (region_model::eval_condition_without_cm): Likewise.
2783 (region_model::compare_initial_and_pointer): New.
2784 (region_model:maybe_get_constant): Delete.
2785 (region_model::add_new_malloc_region): Delete.
2786 (region_model::get_representative_tree): Convert from svalue_id to
2787 const svalue *.
2788 (region_model::get_representative_path_var): Delete decl taking a
2789 region_id in favor of two decls, for svalue vs region, with an
2790 svalue_set to ensure termination.
2791 (region_model::get_path_vars_for_svalue): Delete.
2792 (region_model::create_region_for_heap_alloc): New.
2793 (region_model::create_region_for_alloca): New.
2794 (region_model::purge_unused_svalues): Delete.
2795 (region_model::remap_svalue_ids): Delete.
2796 (region_model::remap_region_ids): Delete.
2797 (region_model::purge_regions): Delete.
2798 (region_model::get_num_svalues): Delete.
2799 (region_model::get_num_regions): Delete.
2800 (region_model::get_descendents): Delete.
2801 (region_model::get_store): New.
2802 (region_model::delete_region_and_descendents): Delete.
2803 (region_model::get_manager): New.
2804 (region_model::unbind_region_and_descendents): New.
2805 (region_model::can_merge_with_p): Add point param. Drop
2806 svalue_id_merger_mapping.
2807 (region_model::get_value_by_name): Delete.
2808 (region_model::convert_byte_offset_to_array_index): Delete.
2809 (region_model::get_or_create_mem_ref): Delete.
2810 (region_model::get_or_create_pointer_plus_expr): Delete.
2811 (region_model::get_or_create_view): Delete.
2812 (region_model::get_lvalue_1): Convert from region_id to
2813 const region *.
2814 (region_model::get_rvalue_1): Convert from svalue_id to
2815 const svalue *.
2816 (region_model::get_ssa_name_regions_for_current_frame): New.
2817 (region_model::append_ssa_names_cb): New.
2818 (region_model::get_store_value): New.
2819 (region_model::copy_struct_region): Delete.
2820 (region_model::copy_union_region): Delete.
2821 (region_model::copy_array_region): Delete.
2822 (region_model::region_exists_p): New.
2823 (region_model::make_region_for_unexpected_tree_code): Delete.
2824 (region_model::loop_replay_fixup): New.
2825 (region_model::poison_any_pointers_to_bad_regions): Delete.
2826 (region_model::poison_any_pointers_to_descendents): New.
2827 (region_model::dump_summary_of_rep_path_vars): Delete.
2828 (region_model::on_top_level_param): New.
2829 (region_model::record_dynamic_extents): New.
2830 (region_model::m_mgr;): New.
2831 (region_model::m_store;): New.
2832 (region_model::m_svalues;): Delete.
2833 (region_model::m_regions;): Delete.
2834 (region_model::m_root_rid;): Delete.
2835 (region_model::m_current_frame;): New.
2836 (region_model_context::remap_svalue_ids): Delete.
2837 (region_model_context::can_purge_p): Delete.
2838 (region_model_context::on_svalue_leak): New.
2839 (region_model_context::on_svalue_purge): Delete.
2840 (region_model_context::on_liveness_change): New.
2841 (region_model_context::on_inherited_svalue): Delete.
2842 (region_model_context::on_cast): Delete.
2843 (region_model_context::on_unknown_change): Convert from svalue_id to
2844 const svalue * and add is_mutable.
2845 (class noop_region_model_context): Update for region_model_context
2846 changes.
2847 (model_merger::model_merger): Add program_point. Drop
2848 svalue_id_merger_mapping.
2849 (model_merger::dump_to_pp): Add "simple" param.
2850 (model_merger::dump): Likewise.
2851 (model_merger::get_region_a): Delete.
2852 (model_merger::get_region_b): Delete.
2853 (model_merger::can_merge_values_p): Delete.
2854 (model_merger::record_regions): Delete.
2855 (model_merger::record_svalues): Delete.
2856 (model_merger::m_point): New field.
2857 (model_merger::m_map_regions_from_a_to_m): Delete.
2858 (model_merger::m_map_regions_from_b_to_m): Delete.
2859 (model_merger::m_sid_mapping): Delete.
2860 (struct svalue_id_merger_mapping): Delete.
2861 (class engine): New.
2862 (struct canonicalization): Delete.
2863 (inchash::add): Delete decls for hashing svalue_id and region_id.
2864 (test_region_model_context::on_unexpected_tree_code): Require t to
2865 be non-NULL.
2866 (selftest::assert_condition): Add overload comparing a pair of
2867 const svalue *.
2868 * sm-file.cc: Include "tristate.h", "selftest.h",
2869 "analyzer/call-string.h", "analyzer/program-point.h",
2870 "analyzer/store.h", and "analyzer/region-model.h".
2871 (fileptr_state_machine::get_default_state): New.
2872 (fileptr_state_machine::on_stmt): Remove calls to
2873 get_readable_tree in favor of get_diagnostic_tree.
2874 * sm-malloc.cc: Include "tristate.h", "selftest.h",
2875 "analyzer/call-string.h", "analyzer/program-point.h",
2876 "analyzer/store.h", and "analyzer/region-model.h".
2877 (malloc_state_machine::get_default_state): New.
2878 (malloc_state_machine::reset_when_passed_to_unknown_fn_p): New.
2879 (malloc_diagnostic::describe_state_change): Handle change.m_expr
2880 being NULL.
2881 (null_arg::emit): Avoid printing "NULL '0'".
2882 (null_arg::describe_final_event): Avoid printing "(0) NULL".
2883 (malloc_leak::emit): Handle m_arg being NULL.
2884 (malloc_leak::describe_final_event): Handle ev.m_expr being NULL.
2885 (malloc_state_machine::on_stmt): Don't call get_readable_tree.
2886 Call get_diagnostic_tree when creating pending diagnostics.
2887 Update for is_zero_assignment becoming a member function of
2888 sm_ctxt.
2889 Don't transition to m_non_heap for ADDR_EXPR(MEM_REF()).
2890 (malloc_state_machine::reset_when_passed_to_unknown_fn_p): New
2891 vfunc implementation.
2892 * sm-sensitive.cc (sensitive_state_machine::warn_for_any_exposure): Call
2893 get_diagnostic_tree and pass the result to warn_for_state.
2894 * sm-signal.cc: Move includes of "analyzer/call-string.h" and
2895 "analyzer/program-point.h" to before "analyzer/region-model.h",
2896 and also include "analyzer/store.h" before it.
2897 (signal_unsafe_call::describe_state_change): Use
2898 get_dest_function to get handler.
2899 (update_model_for_signal_handler): Pass manager to region_model
2900 ctor.
2901 (register_signal_handler::impl_transition): Update for changes to
2902 get_or_create_node and add_edge.
2903 * sm-taint.cc (taint_state_machine::on_stmt): Remove calls to
2904 get_readable_tree, replacing them when calling warn_for_state with
2905 calls to get_diagnostic_tree.
2906 * sm.cc (is_zero_assignment): Delete.
2907 (any_pointer_p): Move to within namespace ana.
2908 * sm.h (is_zero_assignment): Remove decl.
2909 (any_pointer_p): Move decl to within namespace ana.
2910 (state_machine::get_default_state): New vfunc.
2911 (state_machine::reset_when_passed_to_unknown_fn_p): New vfunc.
2912 (sm_context::get_readable_tree): Rename to...
2913 (sm_context::get_diagnostic_tree): ...this.
2914 (sm_context::is_zero_assignment): New vfunc.
2915 * store.cc: New file.
2916 * store.h: New file.
2917 * svalue.cc: New file.
2918
2221fb6f
MW		 29192020-05-22 Mark Wielaard <mark@klomp.org>
2920
2921 * sm-signal.cc(signal_unsafe_call::emit): Possibly add
2922 gcc_rich_location note for replacement.
2923 (signal_unsafe_call::get_replacement_fn): New private function.
2924 (get_async_signal_unsafe_fns): Add "exit".
2925
5eae0ac7
DM		 29262020-04-28 David Malcolm <dmalcolm@redhat.com>
2927
2928 PR analyzer/94816
2929 * engine.cc (impl_region_model_context::on_unexpected_tree_code):
2930 Handle NULL tree.
2931 * region-model.cc (region_model::add_region_for_type): Handle
2932 NULL type.
2933 * region-model.h
2934 (test_region_model_context::on_unexpected_tree_code): Handle NULL
2935 tree.
2936
78b97837
DM		 29372020-04-28 David Malcolm <dmalcolm@redhat.com>
2938
2939 PR analyzer/94447
2940 PR analyzer/94639
2941 PR analyzer/94732
2942 PR analyzer/94754
2943 * analyzer.opt (Wanalyzer-use-of-uninitialized-value): Delete.
2944 * program-state.cc (selftest::test_program_state_dumping): Update
2945 expected dump result for removal of "uninit".
2946 * region-model.cc (poison_kind_to_str): Delete POISON_KIND_UNINIT
2947 case.
2948 (root_region::ensure_stack_region): Initialize stack with null
2949 svalue_id rather than with a typeless POISON_KIND_UNINIT value.
2950 (root_region::ensure_heap_region): Likewise for the heap.
2951 (region_model::dump_summary_of_rep_path_vars): Remove
2952 summarization of uninit values.
2953 (region_model::validate): Remove check that the stack has a
2954 POISON_KIND_UNINIT value.
2955 (poisoned_value_diagnostic::emit): Remove POISON_KIND_UNINIT
2956 case.
2957 (poisoned_value_diagnostic::describe_final_event): Likewise.
2958 (selftest::test_dump): Update expected dump result for removal of
2959 "uninit".
2960 (selftest::test_svalue_equality): Remove "uninit" and "freed".
2961 * region-model.h (enum poison_kind): Remove POISON_KIND_UNINIT.
2962
a96f1c38
DM		 29632020-04-01 David Malcolm <dmalcolm@redhat.com>
2964
2965 PR analyzer/94378
2966 * checker-path.cc: Include "bitmap.h".
2967 * constraint-manager.cc: Likewise.
2968 * diagnostic-manager.cc: Likewise.
2969 * engine.cc: Likewise.
2970 (exploded_node::detect_leaks): Pass null region_id to pop_frame.
2971 * program-point.cc: Include "bitmap.h".
2972 * program-state.cc: Likewise.
2973 * region-model.cc (id_set<region_id>::id_set): Convert to...
2974 (region_id_set::region_id_set): ...this.
2975 (svalue_id_set::svalue_id_set): New ctor.
2976 (region_model::copy_region): New function.
2977 (region_model::copy_struct_region): New function.
2978 (region_model::copy_union_region): New function.
2979 (region_model::copy_array_region): New function.
2980 (stack_region::pop_frame): Drop return value. Add
2981 "result_dst_rid" param; if it is non-null, use copy_region to copy
2982 the result to it. Rather than capture and pass a single "known
2983 used" return value to be used by purge_unused_values, instead
2984 gather and pass a set of known used return values.
2985 (root_region::pop_frame): Drop return value. Add "result_dst_rid"
2986 param.
2987 (region_model::on_assignment): Use copy_region.
2988 (region_model::on_return): Likewise for the result.
2989 (region_model::on_longjmp): Pass null for pop_frame's
2990 result_dst_rid.
2991 (region_model::update_for_return_superedge): Pass the region for the
2992 return value of the call, if any, to pop_frame, rather than setting
2993 the lvalue for the lhs of the result.
2994 (region_model::pop_frame): Drop return value. Add
2995 "result_dst_rid" param.
2996 (region_model::purge_unused_svalues): Convert third param from an
2997 svalue_id * to an svalue_id_set *, updating the initial populating
2998 of the "used" bitmap accordingly. Don't remap it when done.
2999 (struct selftest::coord_test): New selftest fixture, extracted from...
3000 (selftest::test_dump_2): ...here.
3001 (selftest::test_compound_assignment): New selftest.
3002 (selftest::test_stack_frames): Pass null to new param of pop_frame.
3003 (selftest::analyzer_region_model_cc_tests): Call the new selftest.
3004 * region-model.h (class id_set): Delete template.
3005 (class region_id_set): Reimplement, using old id_set implementation.
3006 (class svalue_id_set): Likewise. Convert from auto_sbitmap to
3007 auto_bitmap.
3008 (region::get_active_view): New accessor.
3009 (stack_region::pop_frame): Drop return value. Add
3010 "result_dst_rid" param.
3011 (root_region::pop_frame): Likewise.
3012 (region_model::pop_frame): Likewise.
3013 (region_model::copy_region): New decl.
3014 (region_model::purge_unused_svalues): Convert third param from an
3015 svalue_id * to an svalue_id_set *.
3016 (region_model::copy_struct_region): New decl.
3017 (region_model::copy_union_region): New decl.
3018 (region_model::copy_array_region): New decl.
3019
6969ac30
DM		 30202020-03-27 David Malcolm <dmalcolm@redhat.com>
3021
3022 * program-state.cc (selftest::test_program_state_dumping): Update
3023 expected dump to include symbolic_region's possibly_null field.
3024 * region-model.cc (symbolic_region::print_fields): New vfunc
3025 implementation.
3026 (region_model::add_constraint): Clear m_possibly_null from
3027 symbolic_regions now known to be non-NULL.
3028 (selftest::test_malloc_constraints): New selftest.
3029 (selftest::analyzer_region_model_cc_tests): Call it.
3030 * region-model.h (region::dyn_cast_symbolic_region): Add non-const
3031 overload.
3032 (symbolic_region::dyn_cast_symbolic_region): Implement it.
3033 (symbolic_region::print_fields): New vfunc override decl.
3034
42c63313
DM		 30352020-03-27 David Malcolm <dmalcolm@redhat.com>
3036
3037 * analyzer.h (class feasibility_problem): New forward decl.
3038 * diagnostic-manager.cc (saved_diagnostic::saved_diagnostic):
3039 Initialize new fields m_status, m_epath_length, and m_problem.
3040 (saved_diagnostic::~saved_diagnostic): Delete m_problem.
3041 (dedupe_candidate::dedupe_candidate): Convert "sd" param from a
3042 const ref to a mutable ptr.
3043 (dedupe_winners::add): Convert "sd" param from a const ref to a
3044 mutable ptr. Record the length of the exploded_path. Record the
3045 feasibility/infeasibility of sd into sd, capturing a
3046 feasibility_problem when feasible_p fails, and storing it in sd.
3047 (diagnostic_manager::emit_saved_diagnostics): Update for pass by
3048 ptr rather than by const ref.
3049 * diagnostic-manager.h (class saved_diagnostic): Add new enum
3050 status. Add fields m_status, m_epath_length and m_problem.
3051 (saved_diagnostic::set_feasible): New member function.
3052 (saved_diagnostic::set_infeasible): New member function.
3053 (saved_diagnostic::get_feasibility_problem): New accessor.
3054 (saved_diagnostic::get_status): New accessor.
3055 (saved_diagnostic::set_epath_length): New member function.
3056 (saved_diagnostic::get_epath_length): New accessor.
3057 * engine.cc: Include "gimple-pretty-print.h".
3058 (exploded_path::feasible_p): Add OUT param and, if non-NULL, write
3059 a new feasibility_problem to it on failure.
3060 (viz_callgraph_node::dump_dot): Convert begin_tr calls to
3061 begin_trtd. Convert end_tr calls to end_tdtr.
3062 (class exploded_graph_annotator): New subclass of dot_annotator.
3063 (impl_run_checkers): Add a second -fdump-analyzer-supergraph dump
3064 after the analysis runs, using exploded_graph_annotator. dumping
3065 to DUMP_BASE_NAME.supergraph-eg.dot.
3066 * exploded-graph.h (exploded_node::get_dot_fillcolor): Make
3067 public.
3068 (exploded_path::feasible_p): Add OUT param.
3069 (class feasibility_problem): New class.
3070 * state-purge.cc (state_purge_annotator::add_node_annotations):
3071 Return a bool, add a "within_table" param.
3072 (print_vec_of_names): Convert begin_tr calls to begin_trtd.
3073 Convert end_tr calls to end_tdtr.
3074 (state_purge_annotator::add_stmt_annotations): Add "within_row"
3075 param.
3076 * state-purge.h ((state_purge_annotator::add_node_annotations):
3077 Return a bool, add a "within_table" param.
3078 (state_purge_annotator::add_stmt_annotations): Add "within_row"
3079 param.
3080 * supergraph.cc (supernode::dump_dot): Call add_node_annotations
3081 twice: as before, passing false for "within_table", then again
3082 with true when within the TABLE element. Convert some begin_tr
3083 calls to begin_trtd, and some end_tr calls to end_tdtr.
3084 Repeat each add_stmt_annotations call, distinguishing between
3085 calls that add TRs and those that add TDs to an existing TR.
3086 Add a call to add_after_node_annotations.
3087 * supergraph.h (dot_annotator::add_node_annotations): Add a
3088 "within_table" param.
3089 (dot_annotator::add_stmt_annotations): Add a "within_row" param.
3090 (dot_annotator::add_after_node_annotations): New vfunc.
3091
8f023575
DM		 30922020-03-27 David Malcolm <dmalcolm@redhat.com>
3093
3094 * diagnostic-manager.cc (dedupe_winners::add): Show the
3095 exploded_node index in the log messages.
3096 (diagnostic_manager::emit_saved_diagnostics): Log a summary of
3097 m_saved_diagnostics at entry.
3098
4d661bb7
DM		 30992020-03-27 David Malcolm <dmalcolm@redhat.com>
3100
3101 * supergraph.cc (superedge::dump): Add space before description;
3102 move newline to non-pretty_printer overload.
3103
884d9141
DM		 31042020-03-18 David Malcolm <dmalcolm@redhat.com>
3105
3106 * region-model.cc: Include "stor-layout.h".
3107 (region_model::dump_to_pp): Rather than calling
3108 dump_summary_of_map on each of the current frame and the globals,
3109 instead get a vec of representative path_vars for all regions,
3110 and then dump a summary of all of them.
3111 (region_model::dump_summary_of_map): Delete, rewriting into...
3112 (region_model::dump_summary_of_rep_path_vars): ...this new
3113 function, working on a vec of path_vars.
3114 (region_model::set_value): New overload.
3115 (region_model::get_representative_path_var): Rename
3116 "parent_region" local to "parent_reg" and consolidate with other
3117 local. Guard test for grandparent being stack on parent_reg being
3118 non-NULL. Move handling for parent being an array_region to
3119 within guard for parent_reg being non-NULL.
3120 (selftest::make_test_compound_type): New function.
3121 (selftest::test_dump_2): New selftest.
3122 (selftest::test_dump_3): New selftest.
3123 (selftest::test_stack_frames): Update expected output from
3124 simplified dump to show "a" and "b" from parent frame and "y" in
3125 child frame.
3126 (selftest::analyzer_region_model_cc_tests): Call test_dump_2 and
3127 test_dump_3.
3128 * region-model.h (region_model::set_value): New overload decl.
3129 (region_model::dump_summary_of_map): Delete.
3130 (region_model::dump_summary_of_rep_path_vars): New.
3131
7d9c107a
DM		 31322020-03-18 David Malcolm <dmalcolm@redhat.com>
3133
3134 * region-model.h (class noop_region_model_context): New subclass
3135 of region_model_context.
3136 (class tentative_region_model_context): Inherit from
3137 noop_region_model_context rather than from region_model_context;
3138 drop redundant vfunc implementations.
3139 (class test_region_model_context): Likewise.
3140
0db2cd17
DM		 31412020-03-18 David Malcolm <dmalcolm@redhat.com>
3142
3143 * engine.cc (exploded_node::exploded_node): Move implementation
3144 here from header; accept point_and_state by const reference rather
3145 than by value.
3146 * exploded-graph.h (exploded_node::exploded_node): Pass
3147 point_and_state by const reference rather than by value. Move
3148 body to engine.cc.
3149
d5029d45
JJ		 31502020-03-18 Jakub Jelinek <jakub@redhat.com>
3151
3152 * sm-malloc.cc (malloc_state_machine::on_stmt): Fix up duplicated word
3153 issue in a comment.
3154 * region-model.cc (region_model::make_region_for_unexpected_tree_code,
3155 region_model::delete_region_and_descendents): Likewise.
3156 * engine.cc (class exploded_cluster): Likewise.
3157 * diagnostic-manager.cc (class path_builder): Likewise.
3158
5c048755
DM		 31592020-03-13 David Malcolm <dmalcolm@redhat.com>
3160
3161 PR analyzer/94099
3162 PR analyzer/94105
3163 * diagnostic-manager.cc (for_each_state_change): Bulletproof
3164 against errors in get_rvalue by passing a
3165 tentative_region_model_context and rejecting if there's an error.
3166 * region-model.cc (region_model::get_lvalue_1): When handling
3167 ARRAY_REF, handle results of error-handling. Handle NOP_EXPR.
3168
90f7c300
DM		 31692020-03-06 David Malcolm <dmalcolm@redhat.com>
3170
3171 * analyzer.h (class array_region): New forward decl.
3172 * program-state.cc (selftest::test_program_state_dumping_2): New.
3173 (selftest::analyzer_program_state_cc_tests): Call it.
3174 * region-model.cc (array_region::constant_from_key): New.
3175 (region_model::get_representative_tree): Handle region_svalue by
3176 generating an ADDR_EXPR.
3177 (region_model::get_representative_path_var): In view handling,
3178 remove erroneous TREE_TYPE when determining the type of the tree.
3179 Handle array regions and STRING_CST.
3180 (selftest::assert_dump_tree_eq): New.
3181 (ASSERT_DUMP_TREE_EQ): New macro.
3182 (selftest::test_get_representative_tree): New selftest.
3183 (selftest::analyzer_region_model_cc_tests): Call it.
3184 * region-model.h (region::dyn_cast_array_region): New vfunc.
3185 (array_region::dyn_cast_array_region): New vfunc implementation.
3186 (array_region::constant_from_key): New decl.
3187
41f99ba6
DM		 31882020-03-06 David Malcolm <dmalcolm@redhat.com>
3189
3190 * analyzer.h (dump_quoted_tree): New decl.
3191 * engine.cc (exploded_node::dump_dot): Pass region model to
3192 sm_state_map::print.
3193 * program-state.cc: Include diagnostic-core.h.
3194 (sm_state_map::print): Add "model" param and use it to print
3195 representative trees. Only print origin information if non-null.
3196 (sm_state_map::dump): Pass NULL for model to print call.
3197 (program_state::print): Pass region model to sm_state_map::print.
3198 (program_state::dump_to_pp): Use spaces rather than newlines when
3199 summarizing. Pass region_model to sm_state_map::print.
3200 (ana::selftest::assert_dump_eq): New function.
3201 (ASSERT_DUMP_EQ): New macro.
3202 (ana::selftest::test_program_state_dumping): New function.
3203 (ana::selftest::analyzer_program_state_cc_tests): Call it.
3204 * program-state.h (program_state::print): Add model param.
3205 * region-model.cc (dump_quoted_tree): New function.
3206 (map_region::print_fields): Use dump_quoted_tree rather than
3207 %qE to avoid lang-dependent output.
3208 (map_region::dump_child_label): Likewise.
3209 (region_model::dump_summary_of_map): For SK_REGION, when
3210 get_representative_path_var fails, print the region id rather than
3211 erroneously printing NULL.
3212 * sm.cc (state_machine::get_state_by_name): New function.
3213 * sm.h (state_machine::get_state_by_name): New decl.
3214
3c1645a3
DM		 32152020-03-04 David Malcolm <dmalcolm@redhat.com>
3216
3217 * region-model.cc (region::validate): Convert model param from ptr
3218 to reference. Update comment to reflect that it's now a vfunc.
3219 (map_region::validate): New vfunc implementation.
3220 (array_region::validate): New vfunc implementation.
3221 (stack_region::validate): New vfunc implementation.
3222 (root_region::validate): New vfunc implementation.
3223 (region_model::validate): Pass a reference rather than a pointer
3224 to the region::validate vfunc.
3225 * region-model.h (region::validate): Make virtual. Convert model
3226 param from ptr to reference.
3227 (map_region::validate): New vfunc decl.
3228 (array_region::validate): New vfunc decl.
3229 (stack_region::validate): New vfunc decl.
3230 (root_region::validate): New vfunc decl.
3231
e516294a
DM		 32322020-03-04 David Malcolm <dmalcolm@redhat.com>
3233
3234 PR analyzer/93993
3235 * region-model.cc (region_model::on_call_pre): Handle
3236 BUILT_IN_EXPECT and its variants.
3237 (region_model::add_any_constraints_from_ssa_def_stmt): Split out
3238 gassign handling into add_any_constraints_from_gassign; add gcall
3239 handling.
3240 (region_model::add_any_constraints_from_gassign): New function,
3241 based on the above. Add handling for NOP_EXPR.
3242 (region_model::add_any_constraints_from_gcall): New function.
3243 (region_model::get_representative_path_var): Handle views.
3244 * region-model.h
3245 (region_model::add_any_constraints_from_ssa_def_stmt): New decl.
3246 (region_model::add_any_constraints_from_gassign): New decl.
3247
3d66e153
DM		 32482020-03-04 David Malcolm <dmalcolm@redhat.com>
3249
3250 PR analyzer/93993
3251 * checker-path.h (state_change_event::get_lvalue): Add ctxt param
3252 and pass it to region_model::get_value call.
3253 * diagnostic-manager.cc (get_any_origin): Pass a
3254 tentative_region_model_context to the calls to get_lvalue and reject
3255 the comparison if errors occur.
3256 (can_be_expr_of_interest_p): New function.
3257 (diagnostic_manager::prune_for_sm_diagnostic): Replace checks for
3258 CONSTANT_CLASS_P with calls to update_for_unsuitable_sm_exprs.
3259 Pass a tentative_region_model_context to the calls to
3260 state_change_event::get_lvalue and reject the comparison if errors
3261 occur.
3262 (diagnostic_manager::update_for_unsuitable_sm_exprs): New.
3263 * diagnostic-manager.h
3264 (diagnostic_manager::update_for_unsuitable_sm_exprs): New decl.
3265 * region-model.h (class tentative_region_model_context): New class.
3266
13e3ba14
DM		 32672020-03-04 David Malcolm <dmalcolm@redhat.com>
3268
3269 * engine.cc (worklist::worklist): Remove unused field m_eg.
3270 (class viz_callgraph_edge): Remove unused field m_call_sedge.
3271 (class viz_callgraph): Remove unused field m_sg.
3272 * exploded-graph.h (worklist::::m_eg): Remove unused field.
3273
13b76912
DM		 32742020-03-02 David Malcolm <dmalcolm@redhat.com>
3275
3276 * analyzer.opt (fanalyzer-show-duplicate-count): New option.
3277 * diagnostic-manager.cc
3278 (diagnostic_manager::emit_saved_diagnostic): Use the above to
3279 guard the printing of the duplicate count.
3280
9f00b22f
DM		 32812020-03-02 David Malcolm <dmalcolm@redhat.com>
3282
3283 PR analyzer/93959
3284 * analyzer.cc (is_std_function_p): New function.
3285 (is_std_named_call_p): New functions.
3286 * analyzer.h (is_std_named_call_p): New decl.
3287 * sm-malloc.cc (malloc_state_machine::on_stmt): Check for "std::"
3288 variants when checking for malloc, calloc and free.
3289
71b633aa
DM		 32902020-02-26 David Malcolm <dmalcolm@redhat.com>
3291
3292 PR analyzer/93950
3293 * diagnostic-manager.cc
3294 (diagnostic_manager::prune_for_sm_diagnostic): Assert that var is
3295 either NULL or not a constant. When updating var, bulletproof
3296 against constant values.
3297
0ba70d1b
DM		 32982020-02-26 David Malcolm <dmalcolm@redhat.com>
3299
3300 PR analyzer/93947
3301 * region-model.cc (region_model::get_fndecl_for_call): Gracefully
3302 fail for fn_decls that don't have a cgraph_node.
3303
67fa274c
DM		 33042020-02-26 David Malcolm <dmalcolm@redhat.com>
3305
3306 * bar-chart.cc: New file.
3307 * bar-chart.h: New file.
3308 * engine.cc: Include "analyzer/bar-chart.h".
3309 (stats::log): Only log the m_num_nodes kinds that are non-zero.
3310 (stats::dump): Likewise when dumping.
3311 (stats::get_total_enodes): New.
3312 (exploded_graph::get_or_create_node): Increment the per-point-data
3313 m_excess_enodes when hitting the per-program-point limit on
3314 enodes.
3315 (exploded_graph::print_bar_charts): New.
3316 (exploded_graph::log_stats): Log the number of unprocessed enodes
3317 in the worklist. Call print_bar_charts.
3318 (exploded_graph::dump_stats): Print the number of unprocessed
3319 enodes in the worklist.
3320 * exploded-graph.h (stats::get_total_enodes): New decl.
3321 (struct per_program_point_data): Add field m_excess_enodes.
3322 (exploded_graph::print_bar_charts): New decl.
3323 * supergraph.cc (superedge::dump): New.
3324 (superedge::dump): New.
3325 * supergraph.h (supernode::get_function): New.
3326 (superedge::dump): New decl.
3327 (superedge::dump): New decl.
3328
f2ca2088
DM		 33292020-02-24 David Malcolm <dmalcolm@redhat.com>
3330
3331 * engine.cc (exploded_graph::get_or_create_node): Dump the
3332 program_state to the pp, rather than to stderr.
3333
b3d788a2
DM		 33342020-02-24 David Malcolm <dmalcolm@redhat.com>
3335
3336 PR analyzer/93032
3337 * sm.cc (make_checkers): Require the "taint" checker to be
3338 explicitly enabled.
3339
3a25f345
DM		 33402020-02-24 David Malcolm <dmalcolm@redhat.com>
3341
3342 PR analyzer/93899
3343 * engine.cc
3344 (impl_region_model_context::impl_region_model_context): Add logger
3345 param.
3346 * engine.cc (exploded_graph::add_function_entry): Create an
3347 impl_region_model_context and pass it to the push_frame call.
3348 Bail if the resulting state is invalid.
3349 (exploded_graph::build_initial_worklist): Likewise.
3350 (exploded_graph::build_initial_worklist): Handle the case where
3351 add_function_entry fails.
3352 * exploded-graph.h
3353 (impl_region_model_context::impl_region_model_context): Add logger
3354 param.
3355 * region-model.cc (map_region::get_or_create): Add ctxt param and
3356 pass it to add_region_for_type.
3357 (map_region::can_merge_p): Pass NULL as a ctxt to call to
3358 get_or_create.
3359 (array_region::get_element): Pass ctxt to call to get_or_create.
3360 (array_region::get_or_create): Add ctxt param and pass it to
3361 add_region_for_type.
3362 (root_region::push_frame): Pass ctxt to get_or_create calls.
3363 (region_model::get_lvalue_1): Likewise.
3364 (region_model::make_region_for_unexpected_tree_code): Assert that
3365 ctxt is non-NULL.
3366 (region_model::get_rvalue_1): Pass ctxt to get_svalue_for_fndecl
3367 and get_svalue_for_label calls.
3368 (region_model::get_svalue_for_fndecl): Add ctxt param and pass it
3369 to get_region_for_fndecl.
3370 (region_model::get_region_for_fndecl): Add ctxt param and pass it
3371 to get_or_create.
3372 (region_model::get_svalue_for_label): Add ctxt param and pass it
3373 to get_region_for_label.
3374 (region_model::get_region_for_label): Add ctxt param and pass it
3375 to get_region_for_fndecl and get_or_create.
3376 (region_model::get_field_region): Add ctxt param and pass it to
3377 get_or_create_view and get_or_create.
3378 (make_region_for_type): Replace gcc_unreachable with return NULL.
3379 (region_model::add_region_for_type): Add ctxt param. Handle a
3380 return of NULL from make_region_for_type by calling
3381 make_region_for_unexpected_tree_code.
3382 (region_model::get_or_create_mem_ref): Pass ctxt to calls to
3383 get_or_create_view.
3384 (region_model::get_or_create_view): Add ctxt param and pass it to
3385 add_region_for_type.
3386 (selftest::test_state_merging): Pass ctxt to get_or_create_view.
3387 * region-model.h (region_model::get_or_create): Add ctxt param.
3388 (region_model::add_region_for_type): Likewise.
3389 (region_model::get_svalue_for_fndecl): Likewise.
3390 (region_model::get_svalue_for_label): Likewise.
3391 (region_model::get_region_for_fndecl): Likewise.
3392 (region_model::get_region_for_label): Likewise.
3393 (region_model::get_field_region): Likewise.
3394 (region_model::get_or_create_view): Likewise.
3395
004f2c07
DM		 33962020-02-24 David Malcolm <dmalcolm@redhat.com>
3397
3398 * checker-path.cc (superedge_event::should_filter_p): Update
3399 filter for empty descriptions to cover verbosity level 3 as well
3400 as 2.
3401 * diagnostic-manager.cc: Include "analyzer/reachability.h".
3402 (class path_builder): New class.
3403 (diagnostic_manager::emit_saved_diagnostic): Create a path_builder
3404 and pass it to build_emission_path, rather passing eg; similarly
3405 for add_events_for_eedge and ext_state.
3406 (diagnostic_manager::build_emission_path): Replace "eg" param
3407 with a path_builder, pass it to add_events_for_eedge.
3408 (diagnostic_manager::add_events_for_eedge): Replace ext_state
3409 param with path_builder; pass it to add_events_for_superedge.
3410 (diagnostic_manager::significant_edge_p): New.
3411 (diagnostic_manager::add_events_for_superedge): Add path_builder
3412 param. Reject insignificant edges at verbosity levels below 3.
3413 (diagnostic_manager::prune_for_sm_diagnostic): Update highest
3414 verbosity level to 4.
3415 * diagnostic-manager.h (class path_builder): New forward decl.
3416 (diagnostic_manager::build_emission_path): Replace "eg" param
3417 with a path_builder.
3418 (diagnostic_manager::add_events_for_eedge): Replace ext_state
3419 param with path_builder.
3420 (diagnostic_manager::significant_edge_p): New.
3421 (diagnostic_manager::add_events_for_superedge): Add path_builder
3422 param.
3423 * reachability.h: New file.
3424
0b2b45a6
DM		 34252020-02-18 David Malcolm <dmalcolm@redhat.com>
3426
3427 PR analyzer/93692
3428 * analyzer.opt (fdump-analyzer-callgraph): Rewrite description.
3429
4f40164a
DM		 34302020-02-18 David Malcolm <dmalcolm@redhat.com>
3431
3432 PR analyzer/93777
3433 * region-model.cc (region_model::maybe_cast_1): Replace assertion
3434 that build_cast returns non-NULL with a conditional, falling
3435 through to the logic which returns a new unknown value of the
3436 desired type if it fails.
3437
2e623393
DM		 34382020-02-18 David Malcolm <dmalcolm@redhat.com>
3439
3440 PR analyzer/93778
3441 * engine.cc (impl_region_model_context::on_unknown_tree_code):
3442 Rename to...
3443 (impl_region_model_context::on_unexpected_tree_code): ...this and
3444 convert first argument from path_var to tree.
3445 (exploded_node::on_stmt): Pass ctxt to purge_for_unknown_fncall.
3446 * exploded-graph.h (region_model_context::on_unknown_tree_code):
3447 Rename to...
3448 (region_model_context::on_unexpected_tree_code): ...this and
3449 convert first argument from path_var to tree.
3450 * program-state.cc (sm_state_map::purge_for_unknown_fncall): Add
3451 ctxt param and pass on to calls to get_rvalue.
3452 * program-state.h (sm_state_map::purge_for_unknown_fncall): Add
3453 ctxt param.
3454 * region-model.cc (region_model::handle_unrecognized_call): Pass
3455 ctxt on to call to get_rvalue.
3456 (region_model::get_lvalue_1): Move body of default case to
3457 region_model::make_region_for_unexpected_tree_code and call it.
3458 Within COMPONENT_REF case, reject attempts to handle types other
3459 than RECORD_TYPE and UNION_TYPE.
3460 (region_model::make_region_for_unexpected_tree_code): New
3461 function, based on default case of region_model::get_lvalue_1.
3462 * region-model.h
3463 (region_model::make_region_for_unexpected_tree_code): New decl.
3464 (region_model::on_unknown_tree_code): Rename to...
3465 (region_model::on_unexpected_tree_code): ...this and convert first
3466 argument from path_var to tree.
3467 (class test_region_model_context): Update vfunc implementation for
3468 above change.
3469
a674c7b8
DM		 34702020-02-18 David Malcolm <dmalcolm@redhat.com>
3471
3472 PR analyzer/93774
3473 * region-model.cc
3474 (region_model::convert_byte_offset_to_array_index): Use
3475 int_size_in_bytes before calling size_in_bytes, to gracefully fail
3476 on incomplete types.
3477
d8cde6f9
DM		 34782020-02-17 David Malcolm <dmalcolm@redhat.com>
3479
3480 PR analyzer/93775
3481 * region-model.cc (region_model::get_fndecl_for_call): Handle the
3482 case where the code_region's get_tree_for_child_region returns
3483 NULL.
3484
f76a88eb
DM		 34852020-02-17 David Malcolm <dmalcolm@redhat.com>
3486
3487 PR analyzer/93388
3488 * engine.cc (impl_region_model_context::on_unknown_tree_code):
3489 New.
3490 (exploded_graph::get_or_create_node): Reject invalid states.
3491 * exploded-graph.h
3492 (impl_region_model_context::on_unknown_tree_code): New decl.
3493 (point_and_state::point_and_state): Assert that the state is
3494 valid.
3495 * program-state.cc (program_state::program_state): Initialize
3496 m_valid to true.
3497 (program_state::operator=): Copy m_valid.
3498 (program_state::program_state): Likewise for move constructor.
3499 (program_state::print): Print m_valid.
3500 (program_state::dump_to_pp): Likewise.
3501 * program-state.h (program_state::m_valid): New field.
3502 * region-model.cc (region_model::get_lvalue_1): Implement the
3503 default case by returning a new symbolic region and calling
3504 the context's on_unknown_tree_code, rather than issuing an
3505 internal_error. Implement VIEW_CONVERT_EXPR.
3506 * region-model.h (region_model_context::on_unknown_tree_code): New
3507 vfunc.
3508 (test_region_model_context::on_unknown_tree_code): New.
3509
0993ad65
DM		 35102020-02-17 David Malcolm <dmalcolm@redhat.com>
3511
3512 * sm-malloc.cc (malloc_diagnostic::describe_state_change): For
3513 transition to the "null" state, only say "assuming" when
3514 transitioning from the "unchecked" state.
3515
67098787
DM		 35162020-02-17 David Malcolm <dmalcolm@redhat.com>
3517
3518 * diagnostic-manager.h (diagnostic_manager::get_saved_diagnostic):
3519 Add const overload.
3520 * engine.cc (exploded_node::dump_dot): Dump saved_diagnostics.
3521 * exploded-graph.h (exploded_graph::get_diagnostic_manager): Add
3522 const overload.
3523
91f993b7
DM		 35242020-02-11 David Malcolm <dmalcolm@redhat.com>
3525
3526 PR analyzer/93288
3527 * analysis-plan.cc (analysis_plan::use_summary_p): Look through
3528 the ultimate_alias_target when getting the called function.
3529 * engine.cc (exploded_node::on_stmt): Rename second "ctxt" to
3530 "sm_ctxt". Use the region_model's get_fndecl_for_call rather than
3531 gimple_call_fndecl.
3532 * region-model.cc (region_model::get_fndecl_for_call): Use
3533 ultimate_alias_target on fndecl.
3534 * supergraph.cc (get_ultimate_function_for_cgraph_edge): New
3535 function.
3536 (supergraph_call_edge): Use it when rejecting edges without
3537 functions.
3538 (supergraph::supergraph): Use it to get the function for the
3539 cgraph_edge when building interprocedural superedges.
3540 (callgraph_superedge::get_callee_function): Use it.
3541 * supergraph.h (supergraph::get_num_snodes): Make param const.
3542 (supergraph::function_to_num_snodes_t): Make first type param
3543 const.
3544
a60d9889
DM		 35452020-02-11 David Malcolm <dmalcolm@redhat.com>
3546
3547 PR analyzer/93374
3548 * engine.cc (exploded_edge::exploded_edge): Add ext_state param
3549 and pass it to change.validate.
3550 (exploded_graph::get_or_create_node): Move purging of change
3551 svalues to also cover the case of reusing an existing enode.
3552 (exploded_graph::add_edge): Pass m_ext_state to exploded_edge's
3553 ctor.
3554 * exploded-graph.h (exploded_edge::exploded_edge): Add ext_state
3555 param.
3556 * program-state.cc (state_change::sm_change::validate): Likewise.
3557 Assert that m_sm_idx is sane. Use ext_state to validate
3558 m_old_state and m_new_state.
3559 (state_change::validate): Add ext_state param and pass it to
3560 the sm_change validate calls.
3561 * program-state.h (state_change::sm_change::validate): Add
3562 ext_state param.
3563 (state_change::validate): Likewise.
3564
a0e4929b
DM		 35652020-02-11 David Malcolm <dmalcolm@redhat.com>
3566
3567 PR analyzer/93669
3568 * engine.cc (exploded_graph::dump_exploded_nodes): Handle missing
3569 case of STATUS_WORKLIST in implementation of
3570 "__analyzer_dump_exploded_nodes".
3571
cd28b759
DM		 35722020-02-11 David Malcolm <dmalcolm@redhat.com>
3573
3574 PR analyzer/93649
3575 * constraint-manager.cc (constraint_manager::add_constraint): When
3576 merging equivalence classes and updating m_constant, also update
3577 m_cst_sid.
3578 (constraint_manager::validate): If m_constant is non-NULL assert
3579 that m_cst_sid is non-null and is valid.
3580
5e17c1bd
DM		 35812020-02-11 David Malcolm <dmalcolm@redhat.com>
3582
3583 PR analyzer/93657
3584 * analyzer.opt (fdump-analyzer): Reword description.
3585 (fdump-analyzer-stderr): Likewise.
3586
c46d057f
DM		 35872020-02-11 David Malcolm <dmalcolm@redhat.com>
3588
3589 * region-model.cc (print_quoted_type): New function.
3590 (svalue::print): Use it to replace %qT.
3591 (region::dump_to_pp): Likewise.
3592 (region::dump_child_label): Likewise.
3593 (region::print_fields): Likewise.
3594
eb031d4b
DM		 35952020-02-10 David Malcolm <dmalcolm@redhat.com>
3596
3597 PR analyzer/93659
3598 * analyzer.opt (-param=analyzer-max-recursion-depth=): Fix "tha"
3599 -> "that" typo.
3600 (Wanalyzer-use-of-uninitialized-value): Fix "initialized" ->
3601 "uninitialized" typo.
3602
e87deb37
DM		 36032020-02-10 David Malcolm <dmalcolm@redhat.com>
3604
3605 PR analyzer/93350
3606 * region-model.cc (region_model::get_lvalue_1):
3607 Handle BIT_FIELD_REF.
3608 (make_region_for_type): Handle VECTOR_TYPE.
3609
e953f958
DM		 36102020-02-10 David Malcolm <dmalcolm@redhat.com>
3611
3612 PR analyzer/93647
3613 * diagnostic-manager.cc
3614 (diagnostic_manager::prune_for_sm_diagnostic): Bulletproof against
3615 VAR being constant.
3616 * region-model.cc (region_model::get_lvalue_1): Provide a better
3617 error message when encountering an unhandled tree code.
3618
41a9e940
DM		 36192020-02-10 David Malcolm <dmalcolm@redhat.com>
3620
3621 PR analyzer/93405
3622 * region-model.cc (region_model::get_lvalue_1): Implement
3623 CONST_DECL.
3624
cb273d81
DM		 36252020-02-06 David Malcolm <dmalcolm@redhat.com>
3626
3627 * region-model.cc (region_model::maybe_cast_1): Attempt to provide
3628 a region_svalue if either type is a pointer, rather than if both
3629 types are pointers.
3630
a4d3bfc0
DM		 36312020-02-05 David Malcolm <dmalcolm@redhat.com>
3632
3633 * engine.cc (exploded_node::dump_dot): Show merger enodes.
3634 (worklist::add_node): Assert that the node's m_status is
3635 STATUS_WORKLIST.
3636 (exploded_graph::process_worklist): Likewise for nodes from the
3637 worklist. Set status of merged nodes to STATUS_MERGER.
3638 (exploded_graph::process_node): Set status of node to
3639 STATUS_PROCESSED.
3640 (exploded_graph::dump_exploded_nodes): Rework handling of
3641 "__analyzer_dump_exploded_nodes", splitting enodes by status into
3642 "processed" and "merger", showing the count of just the processed
3643 enodes at the call, rather than the count of all enodes.
3644 * exploded-graph.h (exploded_node::status): New enum.
3645 (exploded_node::exploded_node): Initialize m_status to
3646 STATUS_WORKLIST.
3647 (exploded_node::get_status): New getter.
3648 (exploded_node::set_status): New setter.
3649
1dae549d
DM		 36502020-02-04 David Malcolm <dmalcolm@redhat.com>
3651
3652 PR analyzer/93543
3653 * engine.cc (pod_hash_traits<function_call_string>::mark_empty):
3654 Eliminate reinterpret_cast.
3655 (pod_hash_traits<function_call_string>::is_empty): Likewise.
3656
833f1e66
DM		 36572020-02-03 David Malcolm <dmalcolm@redhat.com>
3658
3659 * constraint-manager.cc (range::constrained_to_single_element):
3660 Replace fold_build2 with fold_binary. Remove unnecessary newline.
3661 (constraint_manager::get_or_add_equiv_class): Replace fold_build2
3662 with fold_binary in two places, and remove out-of-date comment.
3663 (constraint_manager::eval_condition): Replace fold_build2 with
3664 fold_binary.
3665 * region-model.cc (constant_svalue::eval_condition): Likewise.
3666 (region_model::on_assignment): Likewise.
3667
8525d1f5
DM		 36682020-02-03 David Malcolm <dmalcolm@redhat.com>
3669
3670 PR analyzer/93544
3671 * diagnostic-manager.cc
3672 (diagnostic_manager::prune_for_sm_diagnostic): Bulletproof
3673 against bad choices due to bad paths.
3674 * engine.cc (impl_region_model_context::on_phi): New.
3675 * exploded-graph.h (impl_region_model_context::on_phi): New decl.
3676 * region-model.cc (region_model::on_longjmp): Likewise.
3677 (region_model::handle_phi): Add phi param. Call the ctxt's on_phi
3678 vfunc.
3679 (region_model::update_for_phis): Pass phi to handle_phi.
3680 * region-model.h (region_model::handle_phi): Add phi param.
3681 (region_model_context::on_phi): New vfunc.
3682 (test_region_model_context::on_phi): New.
3683 * sm-malloc.cc (malloc_state_machine::on_phi): New.
3684 (malloc_state_machine::on_zero_assignment): New.
3685 * sm.h (state_machine::on_phi): New vfunc.
3686
73f38658
DM		 36872020-02-03 David Malcolm <dmalcolm@redhat.com>
3688
3689 * engine.cc (supernode_cluster::dump_dot): Show BB index as
3690 well as SN index.
3691 * supergraph.cc (supernode::dump_dot): Likewise.
3692
5e10b9a2
DM		 36932020-02-03 David Malcolm <dmalcolm@redhat.com>
3694
3695 PR analyzer/93546
3696 * region-model.cc (region_model::on_call_pre): Update for new
3697 param of symbolic_region ctor.
3698 (region_model::deref_rvalue): Likewise.
3699 (region_model::add_new_malloc_region): Likewise.
3700 (make_region_for_type): Likewise, preserving type.
3701 * region-model.h (symbolic_region::symbolic_region): Add "type"
3702 param and pass it to base class ctor.
3703
287ccd3b
DM		 37042020-02-03 David Malcolm <dmalcolm@redhat.com>
3705
3706 PR analyzer/93547
3707 * constraint-manager.cc
3708 (constraint_manager::get_or_add_equiv_class): Ensure types are
3709 compatible before comparing constants.
3710
67751724
DM		 37112020-01-31 David Malcolm <dmalcolm@redhat.com>
3712
3713 PR analyzer/93457
3714 * region-model.cc (make_region_for_type): Use VOID_TYPE_P rather
3715 than checking against void_type_node.
3716
09bea584
DM		 37172020-01-31 David Malcolm <dmalcolm@redhat.com>
3718
3719 PR analyzer/93373
3720 * region-model.cc (ASSERT_COMPAT_TYPES): Convert to...
3721 (assert_compat_types): ...this, and bail when either type is NULL,
3722 or when VOID_TYPE_P (dst_type).
3723 (region_model::get_lvalue): Update for above conversion.
3724 (region_model::get_rvalue): Likewise.
3725
f1c807e8
DM		 37262020-01-31 David Malcolm <dmalcolm@redhat.com>
3727
3728 PR analyzer/93379
3729 * region-model.cc (region_model::update_for_return_superedge):
3730 Move check for null result so that it also guards setting the
3731 lhs.
3732
455f58ec
DM		 37332020-01-31 David Malcolm <dmalcolm@redhat.com>
3734
3735 PR analyzer/93438
3736 * region-model.cc (stack_region::can_merge_p): Split into a two
3737 pass approach, creating all stack regions first, then populating
3738 them.
3739 (selftest::test_state_merging): Add test coverage for (a) the case
3740 of self-merging a model in which a local in an older stack frame
3741 points to a local in a more recent stack frame (which previously
3742 would ICE), and (b) the case of self-merging a model in which a
3743 local points to a global (which previously worked OK).
3744
182ce042
DM		 37452020-01-31 David Malcolm <dmalcolm@redhat.com>
3746
3747 * analyzer.cc (is_named_call_p): Replace tests for fndecl being
3748 extern at file scope and having a non-NULL DECL_NAME with a call
3749 to maybe_special_function_p.
3750 * function-set.cc (function_set::contains_decl_p): Add call to
3751 maybe_special_function_p.
3752
45eb3e49
DM		 37532020-01-31 David Malcolm <dmalcolm@redhat.com>
3754
3755 PR analyzer/93450
3756 * constraint-manager.cc
3757 (constraint_manager::get_or_add_equiv_class): Only compare constants
3758 if their types are compatible.
3759 * region-model.cc (constant_svalue::eval_condition): Replace check
3760 for identical types with call to types_compatible_p.
3761
42f36563
DM		 37622020-01-30 David Malcolm <dmalcolm@redhat.com>
3763
3764 * program-state.cc (extrinsic_state::dump_to_pp): New.
3765 (extrinsic_state::dump_to_file): New.
3766 (extrinsic_state::dump): New.
3767 * program-state.h (extrinsic_state::dump_to_pp): New decl.
3768 (extrinsic_state::dump_to_file): New decl.
3769 (extrinsic_state::dump): New decl.
3770 * sm.cc: Include "pretty-print.h".
3771 (state_machine::dump_to_pp): New.
3772 * sm.h (state_machine::dump_to_pp): New decl.
3773
ebe9174e
DM		 37742020-01-30 David Malcolm <dmalcolm@redhat.com>
3775
3776 * diagnostic-manager.cc (for_each_state_change): Use
3777 extrinsic_state::get_num_checkers rather than accessing m_checkers
3778 directly.
3779 * program-state.cc (program_state::program_state): Likewise.
3780 * program-state.h (extrinsic_state::m_checkers): Make private.
3781
e978955d
DM		 37822020-01-30 David Malcolm <dmalcolm@redhat.com>
3783
3784 PR analyzer/93356
3785 * region-model.cc (region_model::eval_condition): In both
3786 overloads, bail out immediately on floating-point types.
3787 (region_model::eval_condition_without_cm): Likewise.
3788 (region_model::add_constraint): Likewise.
3789
d177c49c
DM		 37902020-01-30 David Malcolm <dmalcolm@redhat.com>
3791
3792 PR analyzer/93450
3793 * program-state.cc (sm_state_map::set_state): For the overload
3794 taking an svalue_id, bail out if the set_state on the ec does
3795 nothing. Convert the latter's return type from void to bool,
3796 returning true if anything changed.
3797 (sm_state_map::impl_set_state): Convert the return type from void
3798 to bool, returning true if the state changed.
3799 * program-state.h (sm_state_map::set_state): Convert return type
3800 from void to bool.
3801 (sm_state_map::impl_set_state): Likewise.
3802 * region-model.cc (constant_svalue::eval_condition): Only call
3803 fold_build2 if the types are the same.
3804
7892ff37
JJ		 38052020-01-29 Jakub Jelinek <jakub@redhat.com>
3806
3807 * analyzer.h (PUSH_IGNORE_WFORMAT, POP_IGNORE_WFORMAT): Remove.
3808 * constraint-manager.cc: Include diagnostic-core.h before graphviz.h.
3809 (range::dump, equiv_class::print): Don't use PUSH_IGNORE_WFORMAT or
3810 POP_IGNORE_WFORMAT.
3811 * state-purge.cc: Include diagnostic-core.h before
3812 gimple-pretty-print.h.
3813 (state_purge_annotator::add_node_annotations, print_vec_of_names):
3814 Don't use PUSH_IGNORE_WFORMAT or POP_IGNORE_WFORMAT.
3815 * region-model.cc: Move diagnostic-core.h include before graphviz.h.
3816 (path_var::dump, svalue::print, constant_svalue::print_details,
3817 region::dump_to_pp, region::dump_child_label, region::print_fields,
3818 map_region::print_fields, map_region::dump_dot_to_pp,
3819 map_region::dump_child_label, array_region::print_fields,
3820 array_region::dump_dot_to_pp): Don't use PUSH_IGNORE_WFORMAT or
3821 POP_IGNORE_WFORMAT.
3822
5aebfb71
DM		 38232020-01-28 David Malcolm <dmalcolm@redhat.com>
3824
3825 PR analyzer/93316
3826 * engine.cc (rewind_info_t::update_model): Get the longjmp call
3827 stmt via get_longjmp_call () rather than assuming it is the last
3828 stmt in the longjmp's supernode.
3829 (rewind_info_t::add_events_to_path): Get the location_t for the
3830 rewind_from_longjmp_event via get_longjmp_call () rather than from
3831 the supernode's get_end_location ().
3832
6c8e5844
DM		 38332020-01-28 David Malcolm <dmalcolm@redhat.com>
3834
3835 * region-model.cc (poisoned_value_diagnostic::emit): Update for
3836 renaming of warning_at overload to warning_meta.
3837 * sm-file.cc (file_leak::emit): Likewise.
3838 * sm-malloc.cc (double_free::emit): Likewise.
3839 (possible_null_deref::emit): Likewise.
3840 (possible_null_arg::emit): Likewise.
3841 (null_deref::emit): Likewise.
3842 (null_arg::emit): Likewise.
3843 (use_after_free::emit): Likewise.
3844 (malloc_leak::emit): Likewise.
3845 (free_of_non_heap::emit): Likewise.
3846 * sm-sensitive.cc (exposure_through_output_file::emit): Likewise.
3847 * sm-signal.cc (signal_unsafe_call::emit): Likewise.
3848 * sm-taint.cc (tainted_array_index::emit): Likewise.
3849
8c08c983
DM		 38502020-01-27 David Malcolm <dmalcolm@redhat.com>
3851
3852 PR analyzer/93451
3853 * region-model.cc (tree_cmp): For the REAL_CST case, impose an
3854 arbitrary order on NaNs relative to other NaNs and to non-NaNs;
3855 const-correctness tweak.
3856 (ana::selftests::build_real_cst_from_string): New function.
3857 (ana::selftests::append_interesting_constants): New function.
3858 (ana::selftests::test_tree_cmp_on_constants): New test.
3859 (ana::selftests::test_canonicalization_4): New test.
3860 (ana::selftests::analyzer_region_model_cc_tests): Call the new
3861 tests.
3862
2fbea419
DM		 38632020-01-27 David Malcolm <dmalcolm@redhat.com>
3864
3865 PR analyzer/93349
3866 * engine.cc (run_checkers): Save and restore input_location.
3867
6a81cabc
DM		 38682020-01-27 David Malcolm <dmalcolm@redhat.com>
3869
3870 * call-string.cc (call_string::cmp_1): Delete, moving body to...
3871 (call_string::cmp): ...here.
3872 * call-string.h (call_string::cmp_1): Delete decl.
3873 * engine.cc (worklist::key_t::cmp_1): Delete, moving body to...
3874 (worklist::key_t::cmp): ...here. Implement hash comparisons
3875 via comparison rather than subtraction to avoid overflow issues.
3876 * exploded-graph.h (worklist::key_t::cmp_1): Delete decl.
3877 * region-model.cc (tree_cmp): Eliminate buggy checking for
3878 symmetry.
3879
342e14ff
DM		 38802020-01-27 David Malcolm <dmalcolm@redhat.com>
3881
3882 * analyzer.cc (is_named_call_p): Check that fndecl is "extern"
3883 and at file scope. Potentially disregard prefix _ or __ in
3884 fndecl's name. Bail if the identifier is NULL.
3885 (is_setjmp_call_p): Expect a gcall rather than plain gimple.
3886 Remove special-case check for leading prefix, and also check for
3887 sigsetjmp.
3888 (is_longjmp_call_p): Also check for siglongjmp.
3889 (get_user_facing_name): New function.
3890 * analyzer.h (is_setjmp_call_p): Expect a gcall rather than plain
3891 gimple.
3892 (get_user_facing_name): New decl.
3893 * checker-path.cc (setjmp_event::get_desc): Use
3894 get_user_facing_name to avoid hardcoding the function name.
3895 (rewind_event::rewind_event): Add rewind_info param, using it to
3896 initialize new m_rewind_info field, and strengthen the assertion.
3897 (rewind_from_longjmp_event::get_desc): Use get_user_facing_name to
3898 avoid hardcoding the function name.
3899 (rewind_to_setjmp_event::get_desc): Likewise.
3900 * checker-path.h (setjmp_event::setjmp_event): Add setjmp_call
3901 param and use it to initialize...
3902 (setjmp_event::m_setjmp_call): New field.
3903 (rewind_event::rewind_event): Add rewind_info param.
3904 (rewind_event::m_rewind_info): New protected field.
3905 (rewind_from_longjmp_event::rewind_from_longjmp_event): Add
3906 rewind_info param.
3907 (class rewind_to_setjmp_event): Move rewind_info field to parent
3908 class.
3909 * diagnostic-manager.cc (diagnostic_manager::add_events_for_eedge):
3910 Update setjmp-handling for is_setjmp_call_p requiring a gcall;
3911 pass the call to the new setjmp_event.
3912 * engine.cc (exploded_node::on_stmt): Update for is_setjmp_call_p
3913 requiring a gcall.
3914 (stale_jmp_buf::emit): Use get_user_facing_name to avoid
3915 hardcoding the function names.
3916 (exploded_node::on_longjmp): Pass the longjmp_call when
3917 constructing rewind_info.
3918 (rewind_info_t::add_events_to_path): Pass the rewind_info_t to the
3919 rewind_from_longjmp_event's ctor.
3920 * exploded-graph.h (rewind_info_t::rewind_info_t): Add
3921 longjmp_call param.
3922 (rewind_info_t::get_longjmp_call): New.
3923 (rewind_info_t::m_longjmp_call): New.
3924 * region-model.cc (region_model::on_setjmp): Update comment to
3925 indicate this is also for sigsetjmp.
3926 * region-model.h (struct setjmp_record): Likewise.
3927 (class setjmp_svalue): Likewise.
3928
26d949c8
DM		 39292020-01-27 David Malcolm <dmalcolm@redhat.com>
3930
3931 PR analyzer/93276
3932 * analyzer.h (PUSH_IGNORE_WFORMAT, POP_IGNORE_WFORMAT): Guard these
3933 macros with GCC_VERSION >= 4006, making them no-op otherwise.
3934 * engine.cc (exploded_edge::exploded_edge): Specify template for
3935 base class initializer.
3936 (exploded_graph::add_edge): Specify template when chaining up to
3937 base class add_edge implementation.
3938 (viz_callgraph_node::dump_dot): Drop redundant "typename".
3939 (viz_callgraph_edge::viz_callgraph_edge): Specify template for
3940 base class initializer.
3941 * program-state.cc (sm_state_map::clone_with_remapping): Drop
3942 redundant "typename".
3943 (sm_state_map::print): Likewise.
3944 (sm_state_map::hash): Likewise.
3945 (sm_state_map::operator==): Likewise.
3946 (sm_state_map::remap_svalue_ids): Likewise.
3947 (sm_state_map::on_svalue_purge): Likewise.
3948 (sm_state_map::validate): Likewise.
3949 * program-state.h (sm_state_map::iterator_t): Likewise.
3950 * supergraph.h (superedge::superedge): Specify template for base
3951 class initializer.
3952
648796da
DM		 39532020-01-23 David Malcolm <dmalcolm@redhat.com>
3954
3955 PR analyzer/93375
3956 * supergraph.cc (callgraph_superedge::get_arg_for_parm): Fail
3957 gracefully is the number of parameters at the callee exceeds the
3958 number of arguments at the call stmt.
3959 (callgraph_superedge::get_parm_for_arg): Likewise.
3960
591b59eb
DM		 39612020-01-22 David Malcolm <dmalcolm@redhat.com>
3962
3963 PR analyzer/93382
3964 * program-state.cc (sm_state_map::on_svalue_purge): If the
3965 entry survives, but the origin is being purged, then reset the
3966 origin to null.
3967
c9c8aef4
DM		 39682020-01-22 David Malcolm <dmalcolm@redhat.com>
3969
3970 * sm-signal.cc: Fix nesting of CHECKING_P and namespace ana.
3971
fd9982bb
DM		 39722020-01-22 David Malcolm <dmalcolm@redhat.com>
3973
3974 PR analyzer/93378
3975 * engine.cc (setjmp_svalue::compare_fields): Update for
3976 replacement of m_enode with m_setjmp_record.
3977 (setjmp_svalue::add_to_hash): Likewise.
3978 (setjmp_svalue::get_index): Rename...
3979 (setjmp_svalue::get_enode_index): ...to this.
3980 (setjmp_svalue::print_details): Update for replacement of m_enode
3981 with m_setjmp_record.
3982 (exploded_node::on_longjmp): Likewise.
3983 * exploded-graph.h (rewind_info_t::m_enode_origin): Replace...
3984 (rewind_info_t::m_setjmp_record): ...with this.
3985 (rewind_info_t::rewind_info_t): Update for replacement of m_enode
3986 with m_setjmp_record.
3987 (rewind_info_t::get_setjmp_point): Likewise.
3988 (rewind_info_t::get_setjmp_call): Likewise.
3989 * region-model.cc (region_model::dump_summary_of_map): Likewise.
3990 (region_model::on_setjmp): Likewise.
3991 * region-model.h (struct setjmp_record): New struct.
3992 (setjmp_svalue::m_enode): Replace...
3993 (setjmp_svalue::m_setjmp_record): ...with this.
3994 (setjmp_svalue::setjmp_svalue): Update for replacement of m_enode
3995 with m_setjmp_record.
3996 (setjmp_svalue::clone): Likewise.
3997 (setjmp_svalue::get_index): Rename...
3998 (setjmp_svalue::get_enode_index): ...to this.
3999 (setjmp_svalue::get_exploded_node): Replace...
4000 (setjmp_svalue::get_setjmp_record): ...with this.
4001
da7cf663
DM		 40022020-01-22 David Malcolm <dmalcolm@redhat.com>
4003
4004 PR analyzer/93316
4005 * analyzer.cc (is_setjmp_call_p): Check for "setjmp" as well as
4006 "_setjmp".
4007
75038aa6
DM		 40082020-01-22 David Malcolm <dmalcolm@redhat.com>
4009
4010 PR analyzer/93307
4011 * analysis-plan.h: Wrap everything namespace "ana".
4012 * analyzer-logging.cc: Likewise.
4013 * analyzer-logging.h: Likewise.
4014 * analyzer-pass.cc (pass_analyzer::execute): Update for "ana"
4015 namespace.
4016 * analyzer-selftests.cc: Wrap everything namespace "ana".
4017 * analyzer-selftests.h: Likewise.
4018 * analyzer.h: Likewise for forward decls of types.
4019 * call-string.h: Likewise.
4020 * checker-path.cc: Likewise.
4021 * checker-path.h: Likewise.
4022 * constraint-manager.cc: Likewise.
4023 * constraint-manager.h: Likewise.
4024 * diagnostic-manager.cc: Likewise.
4025 * diagnostic-manager.h: Likewise.
4026 * engine.cc: Likewise.
4027 * engine.h: Likewise.
4028 * exploded-graph.h: Likewise.
4029 * function-set.cc: Likewise.
4030 * function-set.h: Likewise.
4031 * pending-diagnostic.cc: Likewise.
4032 * pending-diagnostic.h: Likewise.
4033 * program-point.cc: Likewise.
4034 * program-point.h: Likewise.
4035 * program-state.cc: Likewise.
4036 * program-state.h: Likewise.
4037 * region-model.cc: Likewise.
4038 * region-model.h: Likewise.
4039 * sm-file.cc: Likewise.
4040 * sm-malloc.cc: Likewise.
4041 * sm-pattern-test.cc: Likewise.
4042 * sm-sensitive.cc: Likewise.
4043 * sm-signal.cc: Likewise.
4044 * sm-taint.cc: Likewise.
4045 * sm.cc: Likewise.
4046 * sm.h: Likewise.
4047 * state-purge.h: Likewise.
4048 * supergraph.cc: Likewise.
4049 * supergraph.h: Likewise.
4050
4f01e577
DM		 40512020-01-21 David Malcolm <dmalcolm@redhat.com>
4052
4053 PR analyzer/93352
4054 * region-model.cc (int_cmp): Rename to...
4055 (array_region::key_cmp): ...this, using key_t rather than int.
4056 Rewrite in terms of comparisons rather than subtraction to
4057 ensure qsort is anti-symmetric when handling extreme values.
4058 (array_region::walk_for_canonicalization): Update for above
4059 renaming.
4060 * region-model.h (array_region::key_cmp): New decl.
4061
07c86323
DM		 40622020-01-17 David Malcolm <dmalcolm@redhat.com>
4063
4064 PR analyzer/93290
4065 * region-model.cc (region_model::eval_condition_without_cm): Avoid
4066 gcc_unreachable for unexpected operations for the case where
4067 we're comparing an svalue against itself.
4068
5f030383
DM		 40692020-01-17 David Malcolm <dmalcolm@redhat.com>
4070
4071 PR analyzer/93281
4072 * region-model.cc
4073 (region_model::convert_byte_offset_to_array_index): Convert to
4074 ssizetype before dividing by byte_size. Use fold_binary rather
4075 than fold_build2 to avoid needlessly constructing a tree for the
4076 non-const case.
4077
49e9a999
DM		 40782020-01-15 David Malcolm <dmalcolm@redhat.com>
4079
4080 * engine.cc (class impl_region_model_context): Fix comment.
4081
32077b69
DM		 40822020-01-14 David Malcolm <dmalcolm@redhat.com>
4083
4084 PR analyzer/93212
4085 * region-model.cc (make_region_for_type): Use
4086 FUNC_OR_METHOD_TYPE_P rather than comparing against FUNCTION_TYPE.
4087 * region-model.h (function_region::function_region): Likewise.
4088
7fb3669e
DM		 40892020-01-14 David Malcolm <dmalcolm@redhat.com>
4090
4091 * program-state.cc (sm_state_map::clone_with_remapping): Copy
4092 m_global_state.
4093 (selftest::test_program_state_merging_2): New selftest.
4094 (selftest::analyzer_program_state_cc_tests): Call it.
4095
e2a538b1
DM		 40962020-01-14 David Malcolm <dmalcolm@redhat.com>
4097
4098 * checker-path.h (checker_path::get_checker_event): New function.
4099 (checker_path): Add DISABLE_COPY_AND_ASSIGN; make fields private.
4100 * diagnostic-manager.cc
4101 (diagnostic_manager::prune_for_sm_diagnostic): Replace direct
4102 access to checker_path::m_events with accessor functions. Fix
4103 overlong line.
4104 (diagnostic_manager::prune_interproc_events): Replace direct
4105 access to checker_path::m_events with accessor functions.
4106 (diagnostic_manager::finish_pruning): Likewise.
4107
94946989
DM		 41082020-01-14 David Malcolm <dmalcolm@redhat.com>
4109
4110 * checker-path.h (checker_event::clone): Delete vfunc decl.
4111 (debug_event::clone): Delete vfunc impl.
4112 (custom_event::clone): Delete vfunc impl.
4113 (statement_event::clone): Delete vfunc impl.
4114 (function_entry_event::clone): Delete vfunc impl.
4115 (state_change_event::clone): Delete vfunc impl.
4116 (start_cfg_edge_event::clone): Delete vfunc impl.
4117 (end_cfg_edge_event::clone): Delete vfunc impl.
4118 (call_event::clone): Delete vfunc impl.
4119 (return_event::clone): Delete vfunc impl.
4120 (setjmp_event::clone): Delete vfunc impl.
4121 (rewind_from_longjmp_event::clone): Delete vfunc impl.
4122 (rewind_to_setjmp_event::clone): Delete vfunc impl.
4123 (warning_event::clone): Delete vfunc impl.
4124
718930c0
DM		 41252020-01-14 David Malcolm <dmalcolm@redhat.com>
4126
4127 * supergraph.cc (supernode::dump_dot): Ensure that the TABLE
4128 element has at least one TR.
4129
8397af8e
DM		 41302020-01-14 David Malcolm <dmalcolm@redhat.com>
4131
4132 PR analyzer/58237
4133 * engine.cc (leak_stmt_finder::find_stmt): Use get_pure_location
4134 when comparing against UNKNOWN_LOCATION.
4135 (stmt_requires_new_enode_p): Likewise.
4136 (exploded_graph::dump_exploded_nodes): Likewise.
4137 * supergraph.cc (supernode::get_start_location): Likewise.
4138 (supernode::get_end_location): Likewise.
4139
697251b7
DM		 41402020-01-14 David Malcolm <dmalcolm@redhat.com>
4141
4142 PR analyzer/58237
4143 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
4144 selftest::analyzer_sm_file_cc_tests.
4145 * analyzer-selftests.h (selftest::analyzer_sm_file_cc_tests): New
4146 decl.
4147 * sm-file.cc: Include "analyzer/function-set.h" and
4148 "analyzer/analyzer-selftests.h".
4149 (get_file_using_fns): New function.
4150 (is_file_using_fn_p): New function.
4151 (fileptr_state_machine::on_stmt): Return true for known functions.
4152 (selftest::analyzer_sm_file_cc_tests): New function.
4153
4804c5fe
DM		 41542020-01-14 David Malcolm <dmalcolm@redhat.com>
4155
4156 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
4157 selftest::analyzer_sm_signal_cc_tests.
4158 * analyzer-selftests.h (selftest::analyzer_sm_signal_cc_tests):
4159 New decl.
4160 * sm-signal.cc: Include "analyzer/function-set.h" and
4161 "analyzer/analyzer-selftests.h".
4162 (get_async_signal_unsafe_fns): New function.
4163 (signal_unsafe_p): Reimplement in terms of the above.
4164 (selftest::analyzer_sm_signal_cc_tests): New function.
4165
a6b5f19c
DM		 41662020-01-14 David Malcolm <dmalcolm@redhat.com>
4167
4168 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
4169 selftest::analyzer_function_set_cc_tests.
4170 * analyzer-selftests.h (selftest::analyzer_function_set_cc_tests):
4171 New decl.
4172 * function-set.cc: New file.
4173 * function-set.h: New file.
4174
ef7827b0
DM		 41752020-01-14 David Malcolm <dmalcolm@redhat.com>
4176
4177 * analyzer.h (fndecl_has_gimple_body_p): New decl.
4178 * engine.cc (impl_region_model_context::on_unknown_change): New
4179 function.
4180 (fndecl_has_gimple_body_p): Make non-static.
4181 (exploded_node::on_stmt): Treat __analyzer_dump_exploded_nodes as
4182 known. Track whether we have a call with unknown side-effects and
4183 pass it to on_call_post.
4184 * exploded-graph.h (impl_region_model_context::on_unknown_change):
4185 New decl.
4186 * program-state.cc (sm_state_map::on_unknown_change): New function.
4187 * program-state.h (sm_state_map::on_unknown_change): New decl.
4188 * region-model.cc: Include "bitmap.h".
4189 (region_model::on_call_pre): Return a bool, capturing whether the
4190 call has unknown side effects.
4191 (region_model::on_call_post): Add arg "bool unknown_side_effects"
4192 and if true, call handle_unrecognized_call.
4193 (class reachable_regions): New class.
4194 (region_model::handle_unrecognized_call): New function.
4195 * region-model.h (region_model::on_call_pre): Return a bool.
4196 (region_model::on_call_post): Add arg "bool unknown_side_effects".
4197 (region_model::handle_unrecognized_call): New decl.
4198 (region_model_context::on_unknown_change): New vfunc.
4199 (test_region_model_context::on_unknown_change): New function.
4200
14f9d7b9
DM		 42012020-01-14 David Malcolm <dmalcolm@redhat.com>
4202
4203 * diagnostic-manager.cc (saved_diagnostic::operator==): Move here
4204 from header. Replace pointer equality test on m_var with call to
4205 pending_diagnostic::same_tree_p.
4206 * diagnostic-manager.h (saved_diagnostic::operator==): Move to
4207 diagnostic-manager.cc.
4208 * pending-diagnostic.cc (pending_diagnostic::same_tree_p): New.
4209 * pending-diagnostic.h (pending_diagnostic::same_tree_p): New.
4210 * sm-file.cc (file_diagnostic::subclass_equal_p): Replace pointer
4211 equality on m_arg with call to pending_diagnostic::same_tree_p.
4212 * sm-malloc.cc (malloc_diagnostic::subclass_equal_p): Likewise.
4213 (possible_null_arg::subclass_equal_p): Likewise.
4214 (null_arg::subclass_equal_p): Likewise.
4215 (free_of_non_heap::subclass_equal_p): Likewise.
4216 * sm-pattern-test.cc (pattern_match::operator==): Likewise.
4217 * sm-sensitive.cc (exposure_through_output_file::operator==):
4218 Likewise.
4219 * sm-taint.cc (tainted_array_index::operator==): Likewise.
4220
f474fbd5
DM		 42212020-01-14 David Malcolm <dmalcolm@redhat.com>
4222
4223 * diagnostic-manager.cc (dedupe_winners::add): Add logging
4224 of deduplication decisions made.
4225
757bf1df
DM		 42262020-01-14 David Malcolm <dmalcolm@redhat.com>
4227
4228 * ChangeLog: New file.
4229 * analyzer-selftests.cc: New file.
4230 * analyzer-selftests.h: New file.
4231 * analyzer.opt: New file.
4232 * analysis-plan.cc: New file.
4233 * analysis-plan.h: New file.
4234 * analyzer-logging.cc: New file.
4235 * analyzer-logging.h: New file.
4236 * analyzer-pass.cc: New file.
4237 * analyzer.cc: New file.
4238 * analyzer.h: New file.
4239 * call-string.cc: New file.
4240 * call-string.h: New file.
4241 * checker-path.cc: New file.
4242 * checker-path.h: New file.
4243 * constraint-manager.cc: New file.
4244 * constraint-manager.h: New file.
4245 * diagnostic-manager.cc: New file.
4246 * diagnostic-manager.h: New file.
4247 * engine.cc: New file.
4248 * engine.h: New file.
4249 * exploded-graph.h: New file.
4250 * pending-diagnostic.cc: New file.
4251 * pending-diagnostic.h: New file.
4252 * program-point.cc: New file.
4253 * program-point.h: New file.
4254 * program-state.cc: New file.
4255 * program-state.h: New file.
4256 * region-model.cc: New file.
4257 * region-model.h: New file.
4258 * sm-file.cc: New file.
4259 * sm-malloc.cc: New file.
4260 * sm-malloc.dot: New file.
4261 * sm-pattern-test.cc: New file.
4262 * sm-sensitive.cc: New file.
4263 * sm-signal.cc: New file.
4264 * sm-taint.cc: New file.
4265 * sm.cc: New file.
4266 * sm.h: New file.
4267 * state-purge.cc: New file.
4268 * state-purge.h: New file.
4269 * supergraph.cc: New file.
4270 * supergraph.h: New file.
4271
42722019-12-13 David Malcolm <dmalcolm@redhat.com>
4273
4274 * Initial creation
4275
4276\f
c48514be 4277Copyright (C) 2019-2021 Free Software Foundation, Inc.
757bf1df
DM		 4278
4279Copying and distribution of this file, with or without modification,
4280are permitted in any medium without royalty provided the copyright
4281notice and this notice are preserved.
Mirror of https://gcc.gnu.org/git/gcc.git