]> git.ipfire.org Git - thirdparty/gcc.git/blame - gcc/analyzer/ChangeLog
projects / thirdparty / gcc.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Daily bump.
[thirdparty/gcc.git] / gcc / analyzer / ChangeLog
CommitLineData
419af06a
GA		 12021-06-22 David Malcolm <dmalcolm@redhat.com>
2
3 PR analyzer/101143
4 * region-model.cc (compat_types_p): New function.
5 (region_model::create_region_for_heap_alloc): Convert assertion to
6 an error check.
7 (region_model::create_region_for_alloca): Likewise.
8
c5581d48
GA		 92021-06-18 David Malcolm <dmalcolm@redhat.com>
10
11 * store.cc (binding_cluster::get_any_binding): Make symbolic reads
12 from a cluster with concrete bindings return unknown.
13
142021-06-18 David Malcolm <dmalcolm@redhat.com>
15
16 * region-model-manager.cc
17 (region_model_manager::get_or_create_int_cst): New.
18 (region_model_manager::maybe_undo_optimize_bit_field_compare): Use
19 it to simplify away a local tree.
20 * region-model.cc (region_model::on_setjmp): Likewise.
21 (region_model::on_longjmp): Likewise.
22 * region-model.h (region_model_manager::get_or_create_int_cst):
23 New decl.
24 * store.cc (binding_cluster::zero_fill_region): Use it to simplify
25 away a local tree.
26
272021-06-18 David Malcolm <dmalcolm@redhat.com>
28
29 * checker-path.cc (class custom_event): Make abstract to allow for
30 custom vfuncs, splitting existing implementation into...
31 (class precanned_custom_event): New subclass.
32 (custom_event::get_desc): Move to...
33 (precanned_custom_event::get_desc): ...subclass.
34 * checker-path.h (class custom_event): Make abstract to allow for
35 custom vfuncs, splitting existing implementation into...
36 (class precanned_custom_event): New subclass.
37 * diagnostic-manager.cc (diagnostic_manager::add_events_for_eedge):
38 Use precanned_custom_event.
39 * engine.cc
40 (stale_jmp_buf::maybe_add_custom_events_for_superedge): Likewise.
41 * sm-signal.cc (signal_delivery_edge_info_t::add_events_to_path):
42 Likewise.
43
ede6c356
GA		 442021-06-15 David Malcolm <dmalcolm@redhat.com>
45
46 PR analyzer/99212
47 PR analyzer/101082
48 * engine.cc: Include "target.h".
49 (impl_run_checkers): Log BITS_BIG_ENDIAN, BYTES_BIG_ENDIAN, and
50 WORDS_BIG_ENDIAN.
51 * region-model-manager.cc
52 (region_model_manager::maybe_fold_binop): Move support for masking
53 via ARG0 & CST into...
54 (region_model_manager::maybe_undo_optimize_bit_field_compare):
55 ...this new function. Flatten by converting from nested
56 conditionals to a series of early return statements to reject
57 failures. Reject if type is not unsigned_char_type_node.
58 Handle BYTES_BIG_ENDIAN when determining which bits are bound
59 in the binding_map.
60 * region-model.h
61 (region_model_manager::maybe_undo_optimize_bit_field_compare):
62 New decl.
63 * store.cc (bit_range::dump): New function.
64 * store.h (bit_range::dump): New decl.
65
662021-06-15 David Malcolm <dmalcolm@redhat.com>
67
68 * engine.cc (exploded_node::on_stmt): Handle __analyzer_dump_capacity.
69 (exploded_node::on_stmt): Drop m_sm_changes from on_stmt_flags.
70 (state_change_requires_new_enode_p): New function...
71 (exploded_graph::process_node): Call it, rather than querying
72 flags.m_sm_changes, so that dynamic-extent differences can also
73 trigger the splitting of nodes.
74 * exploded-graph.h (struct on_stmt_flags): Drop field m_sm_changes.
75 * program-state.cc (program_state::detect_leaks): Purge dead
76 heap-allocated regions from dynamic extents.
77 (selftest::test_program_state_1): Fix type of "size_in_bytes".
78 (selftest::test_program_state_merging): Likewise.
79 * region-model-impl-calls.cc
80 (region_model::impl_call_analyzer_dump_capacity): New.
81 (region_model::impl_call_free): Remove dynamic extents from the
82 freed region.
83 * region-model-reachability.h
84 (reachable_regions::begin_mutable_base_regs): New.
85 (reachable_regions::end_mutable_base_regs): New.
86 * region-model.cc: Include "tree-object-size.h".
87 (region_model::region_model): Support new field m_dynamic_extents.
88 (region_model::operator=): Likewise.
89 (region_model::operator==): Likewise.
90 (region_model::dump_to_pp): Dump sizes of dynamic regions.
91 (region_model::handle_unrecognized_call): Purge dynamic extents
92 from any regions that have escaped mutably:.
93 (region_model::get_capacity): New function.
94 (region_model::add_constraint): Unset dynamic extents when a
95 heap-allocated region's address is NULL.
96 (region_model::unbind_region_and_descendents): Purge dynamic
97 extents of unbound regions.
98 (region_model::can_merge_with_p): Call
99 m_dynamic_extents.can_merge_with_p.
100 (region_model::create_region_for_heap_alloc): Assert that
101 size_in_bytes's type is compatible with size_type_node. Update
102 for renaming of record_dynamic_extents to set_dynamic_extents.
103 (region_model::create_region_for_alloca): Likewise.
104 (region_model::record_dynamic_extents): Rename to...
105 (region_model::set_dynamic_extents): ...this. Assert that
106 size_in_bytes's type is compatible with size_type_node. Add it
107 to the m_dynamic_extents map.
108 (region_model::get_dynamic_extents): New.
109 (region_model::unset_dynamic_extents): New.
110 (selftest::test_state_merging): Fix type of "size".
111 (selftest::test_malloc_constraints): Likewise.
112 (selftest::test_malloc): Verify dynamic extents.
113 (selftest::test_alloca): Likewise.
114 * region-model.h (region_to_value_map::is_empty): New.
115 (region_model::dynamic_extents_t): New typedef.
116 (region_model::impl_call_analyzer_dump_capacity): New decl.
117 (region_model::get_dynamic_extents): New function.
118 (region_model::get_dynamic_extents): New decl.
119 (region_model::set_dynamic_extents): New decl.
120 (region_model::unset_dynamic_extents): New decl.
121 (region_model::get_capacity): New decl.
122 (region_model::record_dynamic_extents): Rename to set_dynamic_extents.
123 (region_model::m_dynamic_extents): New field.
124
1252021-06-15 David Malcolm <dmalcolm@redhat.com>
126
127 * region-model.cc (region_to_value_map::operator=): New.
128 (region_to_value_map::operator==): New.
129 (region_to_value_map::dump_to_pp): New.
130 (region_to_value_map::dump): New.
131 (region_to_value_map::can_merge_with_p): New.
132 * region-model.h (class region_to_value_map): New class.
133
4e70c34e
GA		 1342021-06-13 Trevor Saunders <tbsaunde@tbsaunde.org>
135
136 * call-string.cc (call_string::call_string): Use range based for
137 to iterate over vec<>.
138 (call_string::to_json): Likewise.
139 (call_string::hash): Likewise.
140 (call_string::calc_recursion_depth): Likewise.
141 * checker-path.cc (checker_path::fixup_locations): Likewise.
142 * constraint-manager.cc (equiv_class::equiv_class): Likewise.
143 (equiv_class::to_json): Likewise.
144 (equiv_class::hash): Likewise.
145 (constraint_manager::to_json): Likewise.
146 * engine.cc (impl_region_model_context::on_svalue_leak):
147 Likewise.
148 (on_liveness_change): Likewise.
149 (impl_region_model_context::on_unknown_change): Likewise.
150 * program-state.cc (sm_state_map::set_state): Likewise.
151 * region-model.cc (test_canonicalization_4): Likewise.
152
f16f65f8
GA		 1532021-06-11 David Malcolm <dmalcolm@redhat.com>
154
155 * engine.cc (worklist::key_t::cmp): Move sort by call_string to
156 before SCC.
157
4f625f47
GA		 1582021-06-09 David Malcolm <dmalcolm@redhat.com>
159
160 * region-model.cc (region_model::get_lvalue_1): Make const.
161 (region_model::get_lvalue): Likewise.
162 (region_model::get_rvalue_1): Likewise.
163 (region_model::get_rvalue): Likewise.
164 (region_model::deref_rvalue): Likewise.
165 (region_model::get_rvalue_for_bits): Likewise.
166 * region-model.h (region_model::get_lvalue): Likewise.
167 (region_model::get_rvalue): Likewise.
168 (region_model::deref_rvalue): Likewise.
169 (region_model::get_rvalue_for_bits): Likewise.
170 (region_model::get_lvalue_1): Likewise.
171 (region_model::get_rvalue_1): Likewise.
172
c6038721
GA		 1732021-06-08 David Malcolm <dmalcolm@redhat.com>
174
175 PR analyzer/99212
176 * region-model-manager.cc
177 (region_model_manager::maybe_fold_binop): Add support for folding
178 BIT_AND_EXPR of compound_svalue and a mask constant.
179 * region-model.cc (region_model::get_rvalue_1): Implement
180 BIT_FIELD_REF in terms of...
181 (region_model::get_rvalue_for_bits): New function.
182 * region-model.h (region_model::get_rvalue_for_bits): New decl.
183 * store.cc (bit_range::from_mask): New function.
184 (selftest::test_bit_range_intersects_p): New selftest.
185 (selftest::assert_bit_range_from_mask_eq): New.
186 (ASSERT_BIT_RANGE_FROM_MASK_EQ): New macro.
187 (selftest::assert_no_bit_range_from_mask_eq): New.
188 (ASSERT_NO_BIT_RANGE_FROM_MASK): New macro.
189 (selftest::test_bit_range_from_mask): New selftest.
190 (selftest::analyzer_store_cc_tests): Call the new selftests.
191 * store.h (bit_range::intersects_p): New.
192 (bit_range::from_mask): New decl.
193 (concrete_binding::get_bit_range): New accessor.
194 (store_manager::get_concrete_binding): New overload taking
195 const bit_range &.
196
1972021-06-08 David Malcolm <dmalcolm@redhat.com>
198
199 * analyzer.h (int_size_in_bits): New decl.
200 * region.cc (int_size_in_bits): New function.
201 (region::get_bit_size): Reimplement in terms of the above.
202
2032021-06-08 David Malcolm <dmalcolm@redhat.com>
204
205 * store.cc (concrete_binding::dump_to_pp): Move bulk of
206 implementation to...
207 (bit_range::dump_to_pp): ...this new function.
208 (bit_range::cmp): New.
209 (concrete_binding::overlaps_p): Update for use of bit_range.
210 (concrete_binding::cmp_ptr_ptr): Likewise.
211 * store.h (struct bit_range): New.
212 (class concrete_binding): Replace fields m_start_bit_offset and
213 m_size_in_bits with new field m_bit_range.
214
2152021-06-08 David Malcolm <dmalcolm@redhat.com>
216
217 * svalue.h (conjured_svalue::iterator_t): Delete.
218
440c8a0a
GA		 2192021-06-03 David Malcolm <dmalcolm@redhat.com>
220
221 * store.h (store::get_direct_binding): Remove unused decl.
222 (store::get_default_binding): Likewise.
223
2242021-06-03 David Malcolm <dmalcolm@redhat.com>
225
226 * svalue.cc (poisoned_svalue::dump_to_pp): Dump type.
227 (compound_svalue::dump_to_pp): Dump any type.
228
a8daf9a1
GA		 2292021-05-18 David Malcolm <dmalcolm@redhat.com>
230
231 PR analyzer/100615
232 * sm-malloc.cc: Include "analyzer/function-set.h".
233 (malloc_state_machine::on_stmt): Call unaffected_by_call_p and
234 bail on the functions it recognizes.
235 (malloc_state_machine::unaffected_by_call_p): New.
236
aa891c56
GA		 2372021-05-10 Martin Liska <mliska@suse.cz>
238
239 * sm-file.cc (is_file_using_fn_p): Use startswith
240 function instead of strncmp.
241
2422021-05-10 Martin Liska <mliska@suse.cz>
243
244 * program-state.cc (program_state::operator=): Remove
245 __cplusplus >= 201103.
246 (program_state::program_state): Likewise.
247 * program-state.h: Likewise.
248 * region-model.h (class region_model): Remove dead code.
249
502ef97c
GA		 2502021-04-24 David Malcolm <dmalcolm@redhat.com>
251
252 PR analyzer/100244
253 * sm-malloc.cc (free_of_non_heap::describe_state_change):
254 Bulletproof against change.m_expr being NULL.
255
6d0d35d5
GA		 2562021-04-13 David Malcolm <dmalcolm@redhat.com>
257
258 PR analyzer/98599
259 * supergraph.cc (saved_uids::make_uid_unique): New.
260 (saved_uids::restore_uids): New.
261 (supergraph::supergraph): Replace assignments to stmt->uid with
262 calls to m_stmt_uids.make_uid_unique.
263 (supergraph::~supergraph): New.
264 * supergraph.h (class saved_uids): New.
265 (supergraph::~supergraph): New decl.
266 (supergraph::m_stmt_uids): New field.
267
1d54b138
GA		 2682021-04-10 David Malcolm <dmalcolm@redhat.com>
269
270 PR analyzer/100011
271 * region-model.cc (region_model::on_assignment): Avoid NULL
272 dereference if ctxt is NULL when assigning from a STRING_CST.
273
019a9220
GA		 2742021-04-08 David Malcolm <dmalcolm@redhat.com>
275
276 PR analyzer/99042
277 PR analyzer/99774
278 * engine.cc
279 (impl_region_model_context::impl_region_model_context): Add
280 uncertainty param and use it to initialize m_uncertainty.
281 (impl_region_model_context::get_uncertainty): New.
282 (impl_sm_context::get_fndecl_for_call): Add NULL for new
283 uncertainty param when constructing impl_region_model_context.
284 (impl_sm_context::get_state): Likewise.
285 (impl_sm_context::set_next_state): Likewise.
286 (impl_sm_context::warn): Likewise.
287 (exploded_node::on_stmt): Add uncertainty param
288 and use it when constructing impl_region_model_context.
289 (exploded_node::on_edge): Add uncertainty param and pass
290 to on_edge call.
291 (exploded_node::detect_leaks): Create uncertainty_t and pass to
292 impl_region_model_context.
293 (exploded_graph::get_or_create_node): Create uncertainty_t and
294 pass to prune_for_point.
295 (maybe_process_run_of_before_supernode_enodes): Create
296 uncertainty_t and pass to impl_region_model_context.
297 (exploded_graph::process_node): Create uncertainty_t instances and
298 pass around as needed.
299 * exploded-graph.h
300 (impl_region_model_context::impl_region_model_context): Add
301 uncertainty param.
302 (impl_region_model_context::get_uncertainty): New decl.
303 (impl_region_model_context::m_uncertainty): New field.
304 (exploded_node::on_stmt): Add uncertainty param.
305 (exploded_node::on_edge): Likewise.
306 * program-state.cc (sm_state_map::on_liveness_change): Get
307 uncertainty from context and use it to unset sm-state from
308 svalues as appropriate.
309 (program_state::on_edge): Add uncertainty param and use it when
310 constructing impl_region_model_context. Fix indentation.
311 (program_state::prune_for_point): Add uncertainty param and use it
312 when constructing impl_region_model_context.
313 (program_state::detect_leaks): Get any uncertainty from ctxt and
314 use it to get maybe-live svalues for dest_state, rather than
315 definitely-live ones; use this when determining which svalues
316 have leaked.
317 (selftest::test_program_state_merging): Create uncertainty_t and
318 pass to impl_region_model_context.
319 * program-state.h (program_state::on_edge): Add uncertainty param.
320 (program_state::prune_for_point): Likewise.
321 * region-model-impl-calls.cc (call_details::get_uncertainty): New.
322 (region_model::impl_call_memcpy): Pass uncertainty to
323 mark_region_as_unknown call.
324 (region_model::impl_call_memset): Likewise.
325 (region_model::impl_call_strcpy): Likewise.
326 * region-model-reachability.cc (reachable_regions::handle_sval):
327 Also add sval to m_mutable_svals.
328 * region-model.cc (region_model::on_assignment): Pass any
329 uncertainty from ctxt to the store::set_value call.
330 (region_model::handle_unrecognized_call): Get any uncertainty from
331 ctxt and use it to record mutable svalues at the unknown call.
332 (region_model::get_reachable_svalues): Add uncertainty param and
333 use it to mark any maybe-bound svalues as being reachable.
334 (region_model::set_value): Pass any uncertainty from ctxt to the
335 store::set_value call.
336 (region_model::mark_region_as_unknown): Add uncertainty param and
337 pass it on to the store::mark_region_as_unknown call.
338 (region_model::update_for_call_summary): Add uncertainty param and
339 pass it on to the region_model::mark_region_as_unknown call.
340 * region-model.h (call_details::get_uncertainty): New decl.
341 (region_model::get_reachable_svalues): Add uncertainty param.
342 (region_model::mark_region_as_unknown): Add uncertainty param.
343 (region_model_context::get_uncertainty): New vfunc.
344 (noop_region_model_context::get_uncertainty): New vfunc
345 implementation.
346 * store.cc (dump_svalue_set): New.
347 (uncertainty_t::dump_to_pp): New.
348 (uncertainty_t::dump): New.
349 (binding_cluster::clobber_region): Pass NULL for uncertainty to
350 remove_overlapping_bindings.
351 (binding_cluster::mark_region_as_unknown): Add uncertainty param
352 and pass it to remove_overlapping_bindings.
353 (binding_cluster::remove_overlapping_bindings): Add uncertainty param.
354 Use it to record any svalues that were in clobbered bindings.
355 (store::set_value): Add uncertainty param. Pass it to
356 binding_cluster::mark_region_as_unknown when handling symbolic
357 regions.
358 (store::mark_region_as_unknown): Add uncertainty param and pass it
359 to binding_cluster::mark_region_as_unknown.
360 (store::remove_overlapping_bindings): Add uncertainty param and
361 pass it to binding_cluster::remove_overlapping_bindings.
362 * store.h (binding_cluster::mark_region_as_unknown): Add
363 uncertainty param.
364 (binding_cluster::remove_overlapping_bindings): Likewise.
365 (store::set_value): Likewise.
366 (store::mark_region_as_unknown): Likewise.
367
b1da9916
GA		 3682021-04-05 David Malcolm <dmalcolm@redhat.com>
369
370 PR analyzer/99906
371 * analyzer.cc (maybe_reconstruct_from_def_stmt): Fix NULL
372 dereference on calls with zero arguments.
373 * sm-malloc.cc (malloc_state_machine::on_stmt): When handling
374 __attribute__((nonnull)), only call get_diagnostic_tree if the
375 result will be used.
376
3772021-04-05 David Malcolm <dmalcolm@redhat.com>
378
379 PR analyzer/99886
380 * diagnostic-manager.cc
381 (diagnostic_manager::prune_interproc_events): Use signed integers
382 when subtracting one from path->num_events ().
383 (diagnostic_manager::consolidate_conditions): Likewise. Convert
384 next_idx to a signed int.
385
f1607029
GA		 3862021-04-01 David Malcolm <dmalcolm@redhat.com>
387
388 * diagnostic-manager.cc (diagnostic_manager::add_diagnostic): Make
389 enode param non-constant, and call add_diagnostic on it. Add
390 enode index to log message.
391 (diagnostic_manager::add_diagnostic): Make enode param
392 non-constant.
393 * diagnostic-manager.h (diagnostic_manager::add_diagnostic):
394 Likewise for both decls.
395 * engine.cc
396 (impl_region_model_context::impl_region_model_context): Likewise
397 for enode_for_diag.
398 (impl_sm_context::impl_sm_context): Likewise.
399 (impl_sm_context::m_enode_for_diag): Likewise.
400 (exploded_node::dump_dot): Don't pass the diagnostic manager
401 to dump_saved_diagnostics.
402 (exploded_node::dump_saved_diagnostics): Drop param. Iterate
403 directly through all saved diagnostics for the enode, rather
404 than all saved diagnostics in the diagnostic_manager and
405 filtering.
406 (exploded_node::on_stmt): Make non-const.
407 (exploded_node::on_edge): Likewise.
408 (exploded_node::on_longjmp): Likewise.
409 (exploded_node::detect_leaks): Likewise.
410 (exploded_graph::get_or_create_node): Make enode_for_diag param
411 non-const.
412 (exploded_graph_annotator::print_enode): Iterate
413 directly through all saved diagnostics for the enode, rather
414 than all saved diagnostics in the diagnostic_manager and
415 filtering.
416 * exploded-graph.h
417 (impl_region_model_context::impl_region_model_context): Make
418 enode_for_diag param non-constant.
419 (impl_region_model_context::m_enode_for_diag): Likewise.
420 (exploded_node::dump_saved_diagnostics): Drop param.
421 (exploded_node::on_stmt): Make non-const.
422 (exploded_node::on_edge): Likewise.
423 (exploded_node::on_longjmp): Likewise.
424 (exploded_node::detect_leaks): Likewise.
425 (exploded_node::add_diagnostic): New.
426 (exploded_node::get_num_diagnostics): New.
427 (exploded_node::get_saved_diagnostic): New.
428 (exploded_node::m_saved_diagnostics): New.
429 (exploded_graph::get_or_create_node): Make enode_for_diag param
430 non-constant.
431 * feasible-graph.cc (feasible_node::dump_dot): Drop
432 diagnostic_manager from call to dump_saved_diagnostics.
433 * program-state.cc (program_state::on_edge): Convert enode param
434 to non-const pointer.
435 (program_state::prune_for_point): Likewise for enode_for_diag
436 param.
437 * program-state.h (program_state::on_edge): Convert enode param
438 to non-const pointer.
439 (program_state::prune_for_point): Likewise for enode_for_diag
440 param.
441
95d217ab
GA		 4422021-03-31 David Malcolm <dmalcolm@redhat.com>
443
444 PR analyzer/99771
445 * analyzer.cc (maybe_reconstruct_from_def_stmt): New.
446 (fixup_tree_for_diagnostic_1): New.
447 (fixup_tree_for_diagnostic): New.
448 * analyzer.h (fixup_tree_for_diagnostic): New decl.
449 * checker-path.cc (call_event::get_desc): Call
450 fixup_tree_for_diagnostic and use it for the call_with_state call.
451 (warning_event::get_desc): Likewise for the final_event and
452 make_label_text calls.
453 * engine.cc (impl_region_model_context::on_state_leak): Likewise
454 for the on_leak and add_diagnostic calls.
455 * region-model.cc (region_model::get_representative_tree):
456 Likewise for the result.
457
08d2edae
GA		 4582021-03-30 David Malcolm <dmalcolm@redhat.com>
459
460 * region.h (region::dump_to_pp): Remove old decl.
461
4622021-03-30 David Malcolm <dmalcolm@redhat.com>
463
464 * sm-file.cc (fileptr_state_machine::on_stmt): Only call
465 get_diagnostic_tree if the result will be used.
466 * sm-malloc.cc (malloc_state_machine::on_stmt): Likewise.
467 (malloc_state_machine::on_deallocator_call): Likewise.
468 (malloc_state_machine::on_realloc_call): Likewise.
469 (malloc_state_machine::on_realloc_call): Likewise.
470 * sm-sensitive.cc
471 (sensitive_state_machine::warn_for_any_exposure): Likewise.
472 * sm-taint.cc (taint_state_machine::on_stmt): Likewise.
473
4493b1c1
GA		 4742021-03-25 David Malcolm <dmalcolm@redhat.com>
475
476 PR analyzer/93695
477 PR analyzer/99044
478 PR analyzer/99716
479 * engine.cc (exploded_node::on_stmt): Clear sm-state involving
480 an SSA name at the def-stmt of that SSA name.
481 * program-state.cc (sm_state_map::purge_state_involving): New.
482 * program-state.h (sm_state_map::purge_state_involving): New decl.
483 * region-model.cc (selftest::test_involves_p): New.
484 (selftest::analyzer_region_model_cc_tests): Call it.
485 * svalue.cc (class involvement_visitor): New class
486 (svalue::involves_p): New.
487 * svalue.h (svalue::involves_p): New decl.
488
5f256a70
GA		 4892021-03-19 David Malcolm <dmalcolm@redhat.com>
490
491 PR analyzer/99614
492 * diagnostic-manager.cc (class epath_finder): Add
493 DISABLE_COPY_AND_ASSIGN.
494
3c5b6d24
GA		 4952021-03-15 Martin Liska <mliska@suse.cz>
496
497 * sm-file.cc (get_file_using_fns): Add missing comma in initializer.
498
48ff383f
GA		 4992021-03-11 David Malcolm <dmalcolm@redhat.com>
500
501 PR analyzer/96374
502 * analyzer.opt (-param=analyzer-max-infeasible-edges=): New param.
503 (fdump-analyzer-feasibility): New flag.
504 * diagnostic-manager.cc: Include "analyzer/trimmed-graph.h" and
505 "analyzer/feasible-graph.h".
506 (epath_finder::epath_finder): Convert m_sep to a pointer and
507 only create it if !flag_analyzer_feasibility.
508 (epath_finder::~epath_finder): New.
509 (epath_finder::m_sep): Convert to a pointer.
510 (epath_finder::get_best_epath): Add param "diag_idx" and use it
511 when logging. Rather than finding the shortest path and then
512 checking feasibility, instead use explore_feasible_paths unless
513 !flag_analyzer_feasibility, in which case simply use the shortest
514 path, and note if it is infeasible. Update for m_sep becoming a
515 pointer.
516 (class feasible_worklist): New.
517 (epath_finder::explore_feasible_paths): New.
518 (epath_finder::process_worklist_item): New.
519 (class dump_eg_with_shortest_path): New.
520 (epath_finder::dump_trimmed_graph): New.
521 (epath_finder::dump_feasible_graph): New.
522 (saved_diagnostic::saved_diagnostic): Add "idx" param, using it
523 on new field m_idx.
524 (saved_diagnostic::to_json): Dump m_idx.
525 (saved_diagnostic::calc_best_epath): Pass m_idx to get_best_epath.
526 Remove assertion that m_problem was set when m_best_epath is NULL.
527 (diagnostic_manager::add_diagnostic): Pass an index when created
528 saved_diagnostic instances.
529 * diagnostic-manager.h (saved_diagnostic::saved_diagnostic): Add
530 "idx" param.
531 (saved_diagnostic::get_index): New accessor.
532 (saved_diagnostic::m_idx): New field.
533 * engine.cc (exploded_node::dump_dot): Call args.dump_extra_info.
534 Move code to...
535 (exploded_node::dump_processed_stmts): ...this new function and...
536 (exploded_node::dump_saved_diagnostics): ...this new function.
537 Add index of each diagnostic.
538 (exploded_edge::dump_dot): Move bulk of code to...
539 (exploded_edge::dump_dot_label): ...this new function.
540 * exploded-graph.h (eg_traits::dump_args_t::dump_extra_info): New
541 vfunc.
542 (exploded_node::dump_processed_stmts): New decl.
543 (exploded_node::dump_saved_diagnostics): New decl.
544 (exploded_edge::dump_dot_label): New decl.
545 * feasible-graph.cc: New file.
546 * feasible-graph.h: New file.
547 * trimmed-graph.cc: New file.
548 * trimmed-graph.h: New file.
549
5502021-03-11 David Malcolm <dmalcolm@redhat.com>
551
552 * diagnostic-manager.cc (epath_finder::epath_finder):
553 Update shortest_paths init for new param.
554
e9800852
GA		 5552021-03-10 David Malcolm <dmalcolm@redhat.com>
556
557 PR analyzer/96374
558 * engine.cc (exploded_path::feasible_p): Move "snodes_visited" and
559 "model" locals into a new class feasibility_state. Move heart
560 of per-edge processing into
561 feasibility_state::maybe_update_for_edge.
562 (feasibility_state::feasibility_state): New.
563 (feasibility_state::maybe_update_for_edge): New, based on loop
564 body in exploded_path::feasible_p.
565 * exploded-graph.h (class feasibility_state): New.
566
5672021-03-10 David Malcolm <dmalcolm@redhat.com>
568
569 * supergraph.h
570 (callgraph_superedge::dyn_cast_callgraph_superedge): New.
571 (call_superedge::dyn_cast_callgraph_superedge): Delete.
572 (return_superedge::dyn_cast_callgraph_superedge): Delete.
573
d97a92dc
GA		 5742021-03-02 Martin Liska <mliska@suse.cz>
575
576 * diagnostic-manager.cc (diagnostic_manager::emit_saved_diagnostics):
577 Do not pass engine.
578
06a9f20f
GA		 5792021-02-26 David Malcolm <dmalcolm@redhat.com>
580
581 * engine.cc (exploded_path::exploded_path): New copy-ctor.
582 * exploded-graph.h (exploded_path::operator=): Drop decl.
583
5842021-02-26 David Malcolm <dmalcolm@redhat.com>
585
586 PR analyzer/96374
587 * diagnostic-manager.cc (class epath_finder): New.
588 (epath_finder::get_best_epath): New.
589 (saved_diagnostic::saved_diagnostic): Update for replacement of
590 m_state and m_epath_length with m_best_epath.
591 (saved_diagnostic::~saved_diagnostic): Delete m_best_epath.
592 (saved_diagnostic::to_json): Update "path_length" to be optional.
593 (saved_diagnostic::calc_best_epath): New, based on
594 dedupe_winners::add and parts of dedupe_key::dedupe_key.
595 (saved_diagnostic::get_epath_length): New.
596 (saved_diagnostic::add_duplicate): New.
597 (dedupe_key::dedupe_key): Drop epath param. Move invocation of
598 stmt_finder to saved_diagnostic::calc_best_epath.
599 (class dedupe_candidate): Delete.
600 (class dedupe_hash_map_traits): Update to use saved_diagnotic *
601 rather than dedupe_candidate * as the value_type/compare_type.
602 (dedupe_winners::~dedupe_winners): Don't delete the values.
603 (dedupe_winners::add): Convert param from shortest_exploded_paths to
604 epath_finder. Drop "eg" param. Drop dedupe_candidate, moving
605 path generation and feasiblity checking to
606 epath_finder::get_best_epath. Update winner-selection for move
607 of epaths from dedupe_candidate to saved_diagnostic.
608 (dedupe_winners::emit_best): Update for removal of class
609 dedupe_candidate.
610 (dedupe_winners::map_t): Update to use saved_diagnotic * rather
611 than dedupe_candidate * as the value_type/compare_type.
612 (diagnostic_manager::emit_saved_diagnostics): Move
613 shortest_exploded_paths instance into epath_finder and pass that
614 around instead.
615 (diagnostic_manager::emit_saved_diagnostic): Drop epath, stmt
616 and num_dupes params, instead getting these from the
617 saved_diagnostic. Use correct location in inform_n call.
618 * diagnostic-manager.h (class epath_finder): New forward decl.
619 (saved_diagnostic::status): Drop enum.
620 (saved_diagnostic::set_feasible): Drop.
621 (saved_diagnostic::set_infeasible): Drop.
622 (saved_diagnostic::get_status): Drop.
623 (saved_diagnostic::calc_best_epath): New decl.
624 (saved_diagnostic::get_best_epath): New decl.
625 (saved_diagnostic::get_epath_length): New decl.
626 (saved_diagnostic::set_epath_length): Drop.
627 (saved_diagnostic::get_epath_length): Drop inline implementation.
628 (saved_diagnostic::add_duplicate): New.
629 (saved_diagnostic::get_num_dupes): New.
630 (saved_diagnostic::m_d): Document ownership.
631 (saved_diagnostic::m_trailing_eedge): Make const.
632 (saved_diagnostic::m_status): Drop field.
633 (saved_diagnostic::m_epath_length): Drop field.
634 (saved_diagnostic::m_best_epath): New field.
635 (saved_diagnostic::m_problem): Document ownership.
636 (saved_diagnostic::m_duplicates): New field.
637 (diagnostic_manager::emit_saved_diagnostic): Drop params epath,
638 stmt, and num_dupes.
639 * engine.cc (exploded_graph_annotator::print_saved_diagnostic):
640 Update for changes to saved_diagnostic class.
641 * exploded-graph.h (exploded_path::feasible_p): Drop unused
642 overloaded decl.
643
daa68844
GA		 6442021-02-25 David Malcolm <dmalcolm@redhat.com>
645
646 PR analyzer/99193
647 * region-model-impl-calls.cc (region_model::impl_call_realloc): New.
648 * region-model.cc (region_model::on_call_pre): Call it.
649 * region-model.h (region_model::impl_call_realloc): New decl.
650 * sm-malloc.cc (enum wording): Add WORDING_REALLOCATED.
651 (malloc_state_machine::m_realloc): New field.
652 (use_after_free::describe_state_change): Add case for
653 WORDING_REALLOCATED.
654 (use_after_free::describe_final_event): Likewise.
655 (malloc_state_machine::malloc_state_machine): Initialize
656 m_realloc.
657 (malloc_state_machine::on_stmt): Handle realloc by calling...
658 (malloc_state_machine::on_realloc_call): New.
659
2f5765cf
GA		 6602021-02-22 David Malcolm <dmalcolm@redhat.com>
661
662 PR analyzer/99196
663 * engine.cc (exploded_node::on_stmt): Provide terminate_path
664 flag as a way for on_call_pre to terminate the current analysis
665 path.
666 * region-model-impl-calls.cc (call_details::num_args): New.
667 (region_model::impl_call_error): New.
668 * region-model.cc (region_model::on_call_pre): Add param
669 "out_terminate_path". Handle "error" and "error_at_line".
670 * region-model.h (call_details::num_args): New decl.
671 (region_model::on_call_pre): Add param "out_terminate_path".
672 (region_model::impl_call_error): New decl.
673
acc0ee5c
GA		 6742021-02-17 David Malcolm <dmalcolm@redhat.com>
675
676 PR analyzer/98969
677 * constraint-manager.cc (dead_svalue_purger::should_purge_p):
678 Update for change to svalue::live_p.
679 * program-state.cc (sm_state_map::on_liveness_change): Likewise.
680 (program_state::detect_leaks): Likewise.
681 * region-model-reachability.cc (reachable_regions::init_cluster):
682 When dealing with a symbolic region, if the underlying pointer is
683 implicitly live, add the region to the reachable regions.
684 * region-model.cc (region_model::compare_initial_and_pointer):
685 Move logic for detecting initial values of params to
686 initial_svalue::initial_value_of_param_p.
687 * svalue.cc (svalue::live_p): Convert "live_svalues" from a
688 reference to a pointer; support it being NULL.
689 (svalue::implicitly_live_p): Convert first param from a
690 refererence to a pointer.
691 (region_svalue::implicitly_live_p): Likewise.
692 (constant_svalue::implicitly_live_p): Likewise.
693 (initial_svalue::implicitly_live_p): Likewise. Treat the initial
694 values of params for the top level frame as still live.
695 (initial_svalue::initial_value_of_param_p): New function, taken
696 from a test in region_model::compare_initial_and_pointer.
697 (unaryop_svalue::implicitly_live_p): Convert first param from a
698 refererence to a pointer.
699 (binop_svalue::implicitly_live_p): Likewise.
700 (sub_svalue::implicitly_live_p): Likewise.
701 (unmergeable_svalue::implicitly_live_p): Likewise.
702 * svalue.h (svalue::live_p): Likewise.
703 (svalue::implicitly_live_p): Likewise.
704 (region_svalue::implicitly_live_p): Likewise.
705 (constant_svalue::implicitly_live_p): Likewise.
706 (initial_svalue::implicitly_live_p): Likewise.
707 (initial_svalue::initial_value_of_param_p): New decl.
708 (unaryop_svalue::implicitly_live_p): Convert first param from a
709 refererence to a pointer.
710 (binop_svalue::implicitly_live_p): Likewise.
711 (sub_svalue::implicitly_live_p): Likewise.
712 (unmergeable_svalue::implicitly_live_p): Likewise.
713
fab095da
GA		 7142021-02-12 David Malcolm <dmalcolm@redhat.com>
715
716 PR analyzer/98969
717 * engine.cc (readability): Add names for the various arbitrary
718 values. Handle NOP_EXPR and INTEGER_CST.
719 (readability_comparator): Combine the readability tests for
720 tree and stack depth, rather than performing them sequentially.
721 (impl_region_model_context::on_state_leak): Strip off top-level
722 casts.
723 * region-model.cc (region_model::get_representative_path_var): Add
724 type-checking, moving the bulk of the implementation to...
725 (region_model::get_representative_path_var_1): ...here. Respect
726 types in casts by recursing and re-adding the cast, rather than
727 merely stripping them off. Use the correct type when handling
728 region_svalue.
729 (region_model::get_representative_tree): Strip off any top-level
730 cast.
731 (region_model::get_representative_path_var): Add type-checking,
732 moving the bulk of the implementation to...
733 (region_model::get_representative_path_var_1): ...here.
734 * region-model.h (region_model::get_representative_path_var_1):
735 New decl
736 (region_model::get_representative_path_var_1): New decl.
737 * store.cc (append_pathvar_with_type): New.
738 (binding_cluster::get_representative_path_vars): Cast path_vars
739 to the correct type when adding them to *OUT_PVS.
740
0a91b73e
GA		 7412021-02-09 David Malcolm <dmalcolm@redhat.com>
742
743 PR analyzer/98575
744 * sm-file.cc (is_file_using_fn_p): Support "_IO_"-prefixed
745 variants.
746
7472021-02-09 David Malcolm <dmalcolm@redhat.com>
748
749 PR analyzer/98575
750 * store.cc (store::set_value): Treat a pointer written to *UNKNOWN
751 as having escaped.
752
548b75d8
GA		 7532021-02-02 David Malcolm <dmalcolm@redhat.com>
754
755 PR analyzer/93355
756 PR analyzer/96374
757 * engine.cc (toplevel_function_p): Simplify so that
758 we only reject functions with a "__analyzer_" prefix.
759 (add_any_callbacks): Delete.
760 (exploded_graph::build_initial_worklist): Update for
761 dropped param of toplevel_function_p.
762 (exploded_graph::build_initial_worklist): Don't bother
763 looking for callbacks that are reachable from global
764 initializers.
765
f7884fb1
GA		 7662021-02-01 David Malcolm <dmalcolm@redhat.com>
767
768 PR analyzer/98918
769 * region-model-manager.cc
770 (region_model_manager::get_or_create_initial_value):
771 Fold the initial value of *UNKNOWN_PTR to an UNKNOWN value.
772 (region_model_manager::get_field_region): Fold the value
773 of UNKNOWN_PTR->FIELD to *UNKNOWN_PTR_OF_&FIELD_TYPE.
774
2900f2f2
GA		 7752021-01-29 David Malcolm <dmalcolm@redhat.com>
776
777 * checker-path.cc (event_kind_to_string): Handle
778 EK_START_CONSOLIDATED_CFG_EDGES and
779 EK_END_CONSOLIDATED_CFG_EDGES.
780 (start_consolidated_cfg_edges_event::get_desc): New.
781 (checker_path::cfg_edge_pair_at_p): New.
782 * checker-path.h (enum event_kind): Add
783 EK_START_CONSOLIDATED_CFG_EDGES and
784 EK_END_CONSOLIDATED_CFG_EDGES.
785 (class start_consolidated_cfg_edges_event): New class.
786 (class end_consolidated_cfg_edges_event): New class.
787 (checker_path::delete_events): New.
788 (checker_path::replace_event): New.
789 (checker_path::cfg_edge_pair_at_p): New decl.
790 * diagnostic-manager.cc (diagnostic_manager::prune_path): Call
791 consolidate_conditions.
792 (same_line_as_p): New.
793 (diagnostic_manager::consolidate_conditions): New.
794 * diagnostic-manager.h
795 (diagnostic_manager::consolidate_conditions): New decl.
796
ef1f8ee6
GA		 7972021-01-18 David Malcolm <dmalcolm@redhat.com>
798
799 * analyzer.h (is_std_named_call_p): New decl.
800 * diagnostic-manager.cc (path_builder::get_sm): New.
801 (state_change_event_creator::state_change_event_creator): Add "pb"
802 param.
803 (state_change_event_creator::on_global_state_change): Don't consider
804 state changes affecting other state_machines.
805 (state_change_event_creator::on_state_change): Likewise.
806 (state_change_event_creator::m_pb): New field.
807 (diagnostic_manager::add_events_for_eedge): Pass pb to visitor
808 ctor.
809 * region-model-impl-calls.cc
810 (region_model::impl_deallocation_call): New.
811 * region-model.cc: Include "attribs.h".
812 (region_model::on_call_post): Handle fndecls referenced by
813 __attribute__((deallocated_by(FOO))).
814 * region-model.h (region_model::impl_deallocation_call): New decl.
815 * sm-malloc.cc: Include "stringpool.h" and "attribs.h". Add
816 leading comment.
817 (class api): Delete.
818 (enum resource_state): Update comment for change from api to
819 deallocator and deallocator_set.
820 (allocation_state::allocation_state): Drop api param. Add
821 "deallocators" and "deallocator".
822 (allocation_state::m_api): Drop field in favor of...
823 (allocation_state::m_deallocators): New field.
824 (allocation_state::m_deallocator): New field.
825 (enum wording): Add WORDING_DEALLOCATED.
826 (struct deallocator): New.
827 (struct standard_deallocator): New.
828 (struct custom_deallocator): New.
829 (struct deallocator_set): New.
830 (struct custom_deallocator_set): New.
831 (struct standard_deallocator_set): New.
832 (struct deallocator_set_map_traits): New.
833 (malloc_state_machine::m_malloc): Drop field
834 (malloc_state_machine::m_scalar_new): Likewise.
835 (malloc_state_machine::m_vector_new): Likewise.
836 (malloc_state_machine::m_free): New field
837 (malloc_state_machine::m_scalar_delete): Likewise.
838 (malloc_state_machine::m_vector_delete): Likewise.
839 (malloc_state_machine::deallocator_map_t): New typedef.
840 (malloc_state_machine::m_deallocator_map): New field.
841 (malloc_state_machine::deallocator_set_cache_t): New typedef.
842 (malloc_state_machine::m_custom_deallocator_set_cache): New field.
843 (malloc_state_machine::custom_deallocator_set_map_t): New typedef.
844 (malloc_state_machine::m_custom_deallocator_set_map): New field.
845 (malloc_state_machine::m_dynamic_sets): New field.
846 (malloc_state_machine::m_dynamic_deallocators): New field.
847 (api::api): Delete.
848 (deallocator::deallocator): New ctor.
849 (deallocator::hash): New.
850 (deallocator::dump_to_pp): New.
851 (deallocator::cmp): New.
852 (deallocator::cmp_ptr_ptr): New.
853 (standard_deallocator::standard_deallocator): New ctor.
854 (deallocator_set::deallocator_set): New ctor.
855 (deallocator_set::dump): New.
856 (custom_deallocator_set::custom_deallocator_set): New ctor.
857 (custom_deallocator_set::contains_p): New.
858 (custom_deallocator_set::maybe_get_single): New.
859 (custom_deallocator_set::dump_to_pp): New.
860 (standard_deallocator_set::standard_deallocator_set): New ctor.
861 (standard_deallocator_set::contains_p): New.
862 (standard_deallocator_set::maybe_get_single): New.
863 (standard_deallocator_set::dump_to_pp): New.
864 (start_p): New.
865 (class mismatching_deallocation): Update for conversion from api
866 to deallocator_set and deallocator.
867 (double_free::emit): Use %qs.
868 (class use_after_free): Update for conversion from api to
869 deallocator_set and deallocator.
870 (malloc_leak::describe_state_change): Only emit "allocated here" on
871 a start->nonnull transition, rather than on other transitions to
872 nonnull.
873 (allocation_state::dump_to_pp): Update for conversion from api to
874 deallocator_set.
875 (allocation_state::get_nonnull): Likewise.
876 (malloc_state_machine::malloc_state_machine): Likewise.
877 (malloc_state_machine::~malloc_state_machine): New.
878 (malloc_state_machine::add_state): Update for conversion from api
879 to deallocator_set.
880 (malloc_state_machine::get_or_create_custom_deallocator_set): New.
881 (malloc_state_machine::maybe_create_custom_deallocator_set): New.
882 (malloc_state_machine::get_or_create_deallocator): New.
883 (malloc_state_machine::on_stmt): Update for conversion from api
884 to deallocator_set. Handle "__attribute__((malloc(FOO)))", and
885 the special attribute set on FOO.
886 (malloc_state_machine::on_allocator_call): Update for conversion
887 from api to deallocator_set. Add "returns_nonnull" param and use
888 it to affect which state to transition to.
889 (malloc_state_machine::on_deallocator_call): Update for conversion
890 from api to deallocator_set.
891
5fff80fd
GA		 8922021-01-14 David Malcolm <dmalcolm@redhat.com>
893
894 * engine.cc (strongly_connected_components::to_json): New.
895 (worklist::to_json): New.
896 (exploded_graph::to_json): JSON-ify the worklist.
897 * exploded-graph.h (strongly_connected_components::to_json): New
898 decl.
899 (worklist::to_json): New decl.
900 * store.cc (store::to_json): Fix comment.
901 * supergraph.cc (supernode::to_json): Fix reference to
902 "returning_call" in comment. Add optional "fun" to JSON.
903 (edge_kind_to_string): New.
904 (superedge::to_json): Add "kind" to JSON.
905
9062021-01-14 David Malcolm <dmalcolm@redhat.com>
907
908 PR analyzer/98679
909 * analyzer.h (region_offset::operator==): Make const.
910 * pending-diagnostic.h (pending_diagnostic::equal_p): Likewise.
911 * store.h (binding_cluster::for_each_value): Likewise.
912 (binding_cluster::for_each_binding): Likewise.
913
6851dda2
GA		 9142021-01-12 David Malcolm <dmalcolm@redhat.com>
915
916 PR analyzer/98628
917 * store.cc (binding_cluster::make_unknown_relative_to): Don't mark
918 dereferenced unknown pointers as having escaped.
919
7d187e4f
GA		 9202021-01-07 David Malcolm <dmalcolm@redhat.com>
921
922 PR analyzer/98580
923 * region.cc (decl_region::get_svalue_for_initializer): Gracefully
924 handle when LTO writes out DECL_INITIAL as error_mark_node.
925
9262021-01-07 David Malcolm <dmalcolm@redhat.com>
927
928 PR analyzer/97074
929 * store.cc (binding_cluster::can_merge_p): Add "out_store" param
930 and pass to calls to binding_cluster::make_unknown_relative_to.
931 (binding_cluster::make_unknown_relative_to): Add "out_store"
932 param. Use it to mark base regions that are pointed to by
933 pointers that become unknown as having escaped.
934 (store::can_merge_p): Pass out_store to
935 binding_cluster::can_merge_p.
936 * store.h (binding_cluster::can_merge_p): Add "out_store" param.
937 (binding_cluster::make_unknown_relative_to): Likewise.
938 * svalue.cc (region_svalue::implicitly_live_p): New vfunc.
939 * svalue.h (region_svalue::implicitly_live_p): New vfunc decl.
940
9412021-01-07 David Malcolm <dmalcolm@redhat.com>
942
943 PR analyzer/98564
944 * engine.cc (exploded_path::feasible_p): Add missing call to
945 bitmap_clear.
946
942ae5be
GA		 9472021-01-06 David Malcolm <dmalcolm@redhat.com>
948
949 PR analyzer/97072
950 * region-model-reachability.cc (reachable_regions::init_cluster):
951 Convert symbolic region handling to a switch statement. Add cases
952 to handle SK_UNKNOWN and SK_CONJURED.
953
651b8a50
GA		 9542021-01-05 David Malcolm <dmalcolm@redhat.com>
955
956 PR analyzer/98293
957 * store.cc (binding_map::apply_ctor_to_region): When "index" is
958 NULL, iterate through the fields for RECORD_TYPEs, rather than
959 creating an INTEGER_CST index.
960
94358e47
GA		 9612020-11-30 David Malcolm <dmalcolm@redhat.com>
962
963 * analyzer-pass.cc: Include "analyzer/analyzer.h" for the
964 declaration of sorry_no_analyzer; include "tree.h" and
965 "function.h" as these are needed by it.
966
9672020-11-30 David Malcolm <dmalcolm@redhat.com>
968
969 * analyzer-pass.cc (pass_analyzer::execute): Move sorry call to...
970 (sorry_no_analyzer): New.
971 * analyzer.h (class state_machine): New forward decl.
972 (class logger): New forward decl.
973 (class plugin_analyzer_init_iface): New.
974 (sorry_no_analyzer): New decl.
975 * checker-path.cc (checker_path::fixup_locations): New.
976 * checker-path.h (checker_event::set_location): New.
977 (checker_path::fixup_locations): New decl.
978 * diagnostic-manager.cc
979 (diagnostic_manager::emit_saved_diagnostic): Call
980 checker_path::fixup_locations, and call fixup_location
981 on the primary location.
982 * engine.cc: Include "plugin.h".
983 (class plugin_analyzer_init_impl): New.
984 (impl_run_checkers): Invoke PLUGIN_ANALYZER_INIT callbacks.
985 * pending-diagnostic.h (pending_diagnostic::fixup_location): New
986 vfunc.
987
25bb75f8
GA		 9882020-11-18 David Malcolm <dmalcolm@redhat.com>
989
990 PR analyzer/97893
991 * sm-malloc.cc (null_deref::emit): Use CWE-476 rather than
992 CWE-690, as this isn't due to an unchecked return value.
993 (null_arg::emit): Likewise.
994
a5a11525
GA		 9952020-11-12 David Malcolm <dmalcolm@redhat.com>
996
997 * checker-path.h (checker_event::get_id_ptr): New.
998 * diagnostic-manager.cc (path_builder::path_builder): Add "sd"
999 param and use it to initialize new field "m_sd".
1000 (path_builder::get_pending_diagnostic): New.
1001 (path_builder::m_sd): New field.
1002 (diagnostic_manager::emit_saved_diagnostic): Pass sd to
1003 path_builder ctor.
1004 (diagnostic_manager::add_events_for_superedge): Call new
1005 maybe_add_custom_events_for_superedge vfunc.
1006 * engine.cc (stale_jmp_buf::stale_jmp_buf): Add "setjmp_point"
1007 param and use it to initialize new field "m_setjmp_point".
1008 Initialize new field "m_stack_pop_event".
1009 (stale_jmp_buf::maybe_add_custom_events_for_superedge): New vfunc
1010 implementation.
1011 (stale_jmp_buf::describe_final_event): New vfunc implementation.
1012 (stale_jmp_buf::m_setjmp_point): New field.
1013 (stale_jmp_buf::m_stack_pop_event): New field.
1014 (exploded_node::on_longjmp): Pass setjmp_point to stale_jmp_buf
1015 ctor.
1016 * pending-diagnostic.h
1017 (pending_diagnostic::maybe_add_custom_events_for_superedge): New
1018 vfunc.
1019
10202020-11-12 David Malcolm <dmalcolm@redhat.com>
1021
1022 PR tree-optimization/97424
1023 * analyzer.opt (Wanalyzer-shift-count-negative): New.
1024 (Wanalyzer-shift-count-overflow): New.
1025 * region-model.cc (class shift_count_negative_diagnostic): New.
1026 (class shift_count_overflow_diagnostic): New.
1027 (region_model::get_gassign_result): Complain about shift counts that
1028 are negative or are >= the operand's type's width.
1029
bb622641
GA		 10302020-11-10 Martin Liska <mliska@suse.cz>
1031
1032 * constraint-manager.cc (constraint_manager::merge): Remove
1033 unused code.
1034 * constraint-manager.h: Likewise.
1035 * program-state.cc (sm_state_map::sm_state_map): Likewise.
1036 (program_state::program_state): Likewise.
1037 (test_sm_state_map): Likewise.
1038 * program-state.h: Likewise.
1039 * region-model-reachability.cc (reachable_regions::reachable_regions): Likewise.
1040 * region-model-reachability.h: Likewise.
1041 * region-model.cc (region_model::handle_unrecognized_call): Likewise.
1042 (region_model::get_reachable_svalues): Likewise.
1043 (region_model::can_merge_with_p): Likewise.
1044
0cfd9109
GA		 10452020-11-05 David Malcolm <dmalcolm@redhat.com>
1046
1047 PR analyzer/97668
1048 * svalue.cc (cmp_cst): Handle COMPLEX_CST.
1049
e93aae4a
GA		 10502020-10-29 David Malcolm <dmalcolm@redhat.com>
1051
1052 * program-state.cc (sm_state_map::on_liveness_change): Sort the
1053 leaking svalues before calling on_state_leak.
1054 (program_state::detect_leaks): Likewise when calling
1055 on_svalue_leak.
1056 * region-model-reachability.cc
1057 (reachable_regions::mark_escaped_clusters): Likewise when
1058 calling on_escaped_function.
1059
10602020-10-29 David Malcolm <dmalcolm@redhat.com>
1061
1062 PR analyzer/97608
1063 * region-model-reachability.cc (reachable_regions::handle_sval):
1064 Operands of reachable reversible operations are reachable.
1065
10662020-10-29 David Malcolm <dmalcolm@redhat.com>
1067
1068 * analyzer.h (class state_machine): New forward decl.
1069 (class logger): Likewise.
1070 (class visitor): Likewise.
1071 * complexity.cc: New file, taken from svalue.cc.
1072 * complexity.h: New file, taken from region-model.h.
1073 * region-model.h: Include "analyzer/svalue.h" and
1074 "analyzer/region.h". Move struct complexity to complexity.h.
1075 Move svalue, its subclasses and supporting decls to svalue.h.
1076 Move region, its subclasses and supporting decls to region.h.
1077 * region.cc: Include "analyzer/region.h".
1078 (symbolic_region::symbolic_region): Move here from region-model.h.
1079 * region.h: New file, based on material from region-model.h.
1080 * svalue.cc: Include "analyzer/svalue.h".
1081 (complexity::complexity): Move to complexity.cc.
1082 (complexity::from_pair): Likewise.
1083 * svalue.h: New file, based on material from region-model.h.
1084
10852020-10-29 David Malcolm <dmalcolm@redhat.com>
1086
1087 * program-state.cc (sm_state_map::print): Guard the printing of
1088 the origin pointer with !flag_dump_noaddr.
1089 * region.cc (string_region::dump_to_pp): Likewise for
1090 m_string_cst.
1091
89bb01e7
GA		 10922020-10-27 David Malcolm <dmalcolm@redhat.com>
1093
1094 PR analyzer/97568
1095 * region-model.cc (region_model::get_initial_value_for_global):
1096 Move check that !DECL_EXTERNAL from here to...
1097 * region.cc (decl_region::get_svalue_for_initializer): ...here,
1098 using it to reject zero initialization.
1099
11002020-10-27 Markus Böck <markus.boeck02@gmail.com>
1101
1102 PR analyzer/96608
1103 * store.h (hash): Cast to intptr_t instead of long
1104
11052020-10-27 David Malcolm <dmalcolm@redhat.com>
1106
1107 * constraint-manager.cc (svalue_cmp_by_ptr): Delete.
1108 (equiv_class::canonicalize): Use svalue::cmp_ptr_ptr instead.
1109 (equiv_class_cmp): Eliminate pointer comparison.
1110 * diagnostic-manager.cc (dedupe_key::comparator): If they are at
1111 the same location, also compare epath ength and pending_diagnostic
1112 kind.
1113 * engine.cc (readability_comparator): If two path_vars have the
1114 same readability, then impose an arbitrary ordering on them.
1115 (worklist::key_t::cmp): If two points have the same plan ordering,
1116 continue the comparison. Call sm_state_map::cmp rather than
1117 comparing hash values.
1118 * program-state.cc (sm_state_map::entry_t::cmp): New.
1119 (sm_state_map::cmp): New.
1120 * program-state.h (sm_state_map::entry_t::cmp): New decl.
1121 (sm_state_map::elements): New.
1122 (sm_state_map::cmp): New.
1123
11242020-10-27 David Malcolm <dmalcolm@redhat.com>
1125
1126 * engine.cc (setjmp_record::cmp): New.
1127 (supernode_cluster::dump_dot): Avoid embedding pointer in cluster
1128 name.
1129 (supernode_cluster::cmp_ptr_ptr): New.
1130 (function_call_string_cluster::dump_dot): Avoid embedding pointer
1131 in cluster name. Sort m_map when dumping child clusters.
1132 (function_call_string_cluster::cmp_ptr_ptr): New.
1133 (root_cluster::dump_dot): Sort m_map when dumping child clusters.
1134 * program-point.cc (function_point::cmp): New.
1135 (function_point::cmp_ptr): New.
1136 * program-point.h (function_point::cmp): New decl.
1137 (function_point::cmp_ptr): New decl.
1138 * program-state.cc (sm_state_map::print): Sort the values. Guard
1139 the printing of pointers with !flag_dump_noaddr.
1140 (program_state::prune_for_point): Sort the regions.
1141 (log_set_of_svalues): Sort the values. Guard the printing of
1142 pointers with !flag_dump_noaddr.
1143 * region-model-manager.cc (log_uniq_map): Sort the values.
1144 * region-model-reachability.cc (dump_set): New function template.
1145 (reachable_regions::dump_to_pp): Use it.
1146 * region-model.h (svalue::cmp_ptr): New decl.
1147 (svalue::cmp_ptr_ptr): New decl.
1148 (setjmp_record::cmp): New decl.
1149 (placeholder_svalue::get_name): New accessor.
1150 (widening_svalue::get_point): New accessor.
1151 (compound_svalue::get_map): New accessor.
1152 (conjured_svalue::get_stmt): New accessor.
1153 (conjured_svalue::get_id_region): New accessor.
1154 (region::cmp_ptrs): Rename to...
1155 (region::cmp_ptr_ptr): ...this.
1156 * region.cc (region::cmp_ptrs): Rename to...
1157 (region::cmp_ptr_ptr): ...this.
1158 * state-purge.cc
1159 (state_purge_per_ssa_name::state_purge_per_ssa_name): Sort
1160 m_points_needing_name when dumping.
1161 * store.cc (concrete_binding::cmp_ptr_ptr): New.
1162 (symbolic_binding::cmp_ptr_ptr): New.
1163 (binding_map::cmp): New.
1164 (get_sorted_parent_regions): Update for renaming of
1165 region::cmp_ptrs to region::cmp_ptr_ptr.
1166 (store::dump_to_pp): Likewise.
1167 (store::to_json): Likewise.
1168 (store::can_merge_p): Sort the base regions before considering
1169 them.
1170 * store.h (concrete_binding::cmp_ptr_ptr): New decl.
1171 (symbolic_binding::cmp_ptr_ptr): New decl.
1172 (binding_map::cmp): New decl.
1173 * supergraph.cc (supergraph::supergraph): Assign UIDs to the
1174 gimple stmts.
1175 * svalue.cc (cmp_cst): New.
1176 (svalue::cmp_ptr): New.
1177 (svalue::cmp_ptr_ptr): New.
1178
11792020-10-27 David Malcolm <dmalcolm@redhat.com>
1180
1181 * engine.cc (exploded_graph::get_or_create_node): Fix off-by-one
1182 when imposing param_analyzer_max_enodes_per_program_point limit.
1183
11842020-10-27 David Malcolm <dmalcolm@redhat.com>
1185
1186 * region-model.cc (region_model::get_representative_path_var):
1187 Implement case RK_LABEL.
1188 * region-model.h (label_region::get_label): New accessor.
1189
43868df3
GA		 11902020-10-22 David Malcolm <dmalcolm@redhat.com>
1191
1192 PR analyzer/97514
1193 * engine.cc (exploded_graph::add_function_entry): Handle failure
1194 to create an enode, rather than asserting.
1195
11962020-10-22 David Malcolm <dmalcolm@redhat.com>
1197
1198 PR analyzer/97489
1199 * engine.cc (exploded_graph::add_function_entry): Assert that we
1200 have a function body.
1201 (exploded_graph::on_escaped_function): Reject fndecls that don't
1202 have a function body.
1203
b2698c21
GA		 12042020-10-14 David Malcolm <dmalcolm@redhat.com>
1205
1206 PR analyzer/93388
1207 * region-model.cc (region_model::get_initial_value_for_global):
1208 Fall back to returning an initial_svalue if
1209 decl_region::get_svalue_for_initializer fails.
1210 * region.cc (decl_region::get_svalue_for_initializer): Don't
1211 attempt to create a compound_svalue if the region has an unknown
1212 size.
1213
12142020-10-14 David Malcolm <dmalcolm@redhat.com>
1215
1216 PR analyzer/93723
1217 * store.cc (binding_map::apply_ctor_to_region): Remove redundant
1218 assertion.
1219
8be127ca
GA		 12202020-10-12 David Malcolm <dmalcolm@redhat.com>
1221
1222 PR analyzer/97258
1223 * engine.cc (impl_region_model_context::on_escaped_function): New
1224 vfunc.
1225 (exploded_graph::add_function_entry): Use m_functions_with_enodes
1226 to implement idempotency.
1227 (add_any_callbacks): New.
1228 (exploded_graph::build_initial_worklist): Use the above to find
1229 callbacks that are reachable from global initializers.
1230 (exploded_graph::on_escaped_function): New.
1231 * exploded-graph.h
1232 (impl_region_model_context::on_escaped_function): New decl.
1233 (exploded_graph::on_escaped_function): New decl.
1234 (exploded_graph::m_functions_with_enodes): New field.
1235 * region-model-reachability.cc
1236 (reachable_regions::reachable_regions): Replace "store" param with
1237 "model" param; use it to initialize m_model.
1238 (reachable_regions::add): When getting the svalue for the region,
1239 call get_store_value on the model rather than using an initial
1240 value.
1241 (reachable_regions::mark_escaped_clusters): Add ctxt param and
1242 use it to call on_escaped_function when a function_region escapes.
1243 * region-model-reachability.h
1244 (reachable_regions::reachable_regions): Replace "store" param with
1245 "model" param.
1246 (reachable_regions::mark_escaped_clusters): Add ctxt param.
1247 (reachable_regions::m_model): New field.
1248 * region-model.cc (region_model::handle_unrecognized_call): Update
1249 for change in reachable_regions ctor.
1250 (region_model::handle_unrecognized_call): Pass ctxt to
1251 mark_escaped_clusters.
1252 (region_model::get_reachable_svalues): Update for change in
1253 reachable_regions ctor.
1254 (region_model::get_initial_value_for_global): Read-only variables
1255 keep their initial values.
1256 * region-model.h (region_model_context::on_escaped_function): New
1257 vfunc.
1258 (noop_region_model_context::on_escaped_function): New.
1259
12602020-10-12 David Malcolm <dmalcolm@redhat.com>
1261
1262 * analyzer.opt (Wanalyzer-write-to-const): New.
1263 (Wanalyzer-write-to-string-literal): New.
1264 * region-model-impl-calls.cc (region_model::impl_call_memcpy):
1265 Call check_for_writable_region.
1266 (region_model::impl_call_memset): Likewise.
1267 (region_model::impl_call_strcpy): Likewise.
1268 * region-model.cc (class write_to_const_diagnostic): New.
1269 (class write_to_string_literal_diagnostic): New.
1270 (region_model::check_for_writable_region): New.
1271 (region_model::set_value): Call check_for_writable_region.
1272 * region-model.h (region_model::check_for_writable_region): New
1273 decl.
1274
6caec77e
GA		 12752020-10-07 David Malcolm <dmalcolm@redhat.com>
1276
1277 PR analyzer/97116
1278 * sm-malloc.cc (method_p): New.
1279 (describe_argument_index): New.
1280 (inform_nonnull_attribute): Use describe_argument_index.
1281 (possible_null_arg::describe_final_event): Likewise.
1282 (null_arg::describe_final_event): Likewise.
1283
93bca37c
GA		 12842020-09-29 David Malcolm <dmalcolm@redhat.com>
1285
1286 PR analyzer/95188
1287 * engine.cc (stmt_requires_new_enode_p): Split enodes before
1288 "signal" calls.
1289
12902020-09-29 David Malcolm <dmalcolm@redhat.com>
1291
1292 * constraint-manager.cc
1293 (constraint_manager::add_constraint_internal): Whitespace fixes.
1294 Silence -Wsign-compare warning.
1295 * engine.cc (maybe_process_run_of_before_supernode_enodes):
1296 Silence -Wsign-compare warning.
1297
e84761c6
GA		 12982020-09-28 David Malcolm <dmalcolm@redhat.com>
1299
1300 * region-model.h (binop_svalue::dyn_cast_binop_svalue): Remove
1301 redundant "virtual". Add FINAL OVERRIDE.
1302 (widening_svalue::dyn_cast_widening_svalue): Add FINAL OVERRIDE.
1303 (compound_svalue::dyn_cast_compound_svalue): Likewise.
1304 (conjured_svalue::dyn_cast_conjured_svalue): Likewise.
1305
13062020-09-28 David Malcolm <dmalcolm@redhat.com>
1307
1308 * diagnostic-manager.cc (null_assignment_sm_context::m_visitor):
1309 Remove unused field.
1310
13112020-09-28 David Malcolm <dmalcolm@redhat.com>
1312
1313 PR analyzer/97233
1314 * analyzer.cc (is_longjmp_call_p): Require the initial argument
1315 to be a pointer.
1316 * engine.cc (exploded_node::on_longjmp): Likewise.
1317
13182020-09-28 David Malcolm <dmalcolm@redhat.com>
1319
1320 * program-state.cc (sm_state_map::print): Update check
1321 for m_global_state being the start state.
1322
91dd4a38
GA		 13232020-09-26 David Malcolm <dmalcolm@redhat.com>
1324
1325 PR analyzer/96646
1326 PR analyzer/96841
1327 * region-model.cc (region_model::get_representative_path_var):
1328 When handling offset_region, wrap the MEM_REF's first argument in
1329 an ADDR_EXPR of pointer type, rather than simply using the tree
1330 for the parent region. Require the MEM_REF's second argument to
1331 be an integer constant.
1332
a2b7397b
GA		 13332020-09-24 David Malcolm <dmalcolm@redhat.com>
1334
1335 * analyzer.h (struct rejected_constraint): New decl.
1336 * analyzer.opt (fanalyzer-feasibility): New option.
1337 * diagnostic-manager.cc (path_builder::path_builder): Add
1338 "problem" param and use it to initialize new field.
1339 (path_builder::get_feasibility_problem): New accessor.
1340 (path_builder::m_feasibility_problem): New field.
1341 (dedupe_winners::add): Remove inversion of logic in "if" clause,
1342 swapping if/else suites. In the !feasible_p suite, inspect
1343 flag_analyzer_feasibility and add code to handle when this
1344 is off, accepting the infeasible path, but recording the
1345 feasibility_problem.
1346 (diagnostic_manager::emit_saved_diagnostic): Pass the
1347 feasibility_problem to the path_builder.
1348 (diagnostic_manager::add_events_for_eedge): If we have
1349 a feasibility_problem at this edge, use it to add a custom event.
1350 * engine.cc (exploded_path::feasible_p): Pass a
1351 rejected_constraint ** to model.maybe_update_for_edge and transfer
1352 ownership of any created instance to any feasibility_problem.
1353 (feasibility_problem::dump_to_pp): New.
1354 * exploded-graph.h (feasibility_problem::feasibility_problem):
1355 Drop "model" param; add rejected_constraint * param.
1356 (feasibility_problem::~feasibility_problem): New.
1357 (feasibility_problem::dump_to_pp): New decl.
1358 (feasibility_problem::m_model): Drop field.
1359 (feasibility_problem::m_rc): New field.
1360 * program-point.cc (function_point::get_location): Handle
1361 PK_BEFORE_SUPERNODE and PK_AFTER_SUPERNODE.
1362 * program-state.cc (program_state::on_edge): Pass NULL to new
1363 param of region_model::maybe_update_for_edge.
1364 * region-model.cc (region_model::add_constraint): New overload
1365 adding a rejected_constraint ** param.
1366 (region_model::maybe_update_for_edge): Add rejected_constraint **
1367 param and pass it to the various apply_constraints_for_ calls.
1368 (region_model::apply_constraints_for_gcond): Add
1369 rejected_constraint ** param and pass it to add_constraint calls.
1370 (region_model::apply_constraints_for_gswitch): Likewise.
1371 (region_model::apply_constraints_for_exception): Likewise.
1372 (rejected_constraint::dump_to_pp): New.
1373 * region-model.h (region_model::maybe_update_for_edge):
1374 Add rejected_constraint ** param.
1375 (region_model::add_constraint): New overload adding a
1376 rejected_constraint ** param.
1377 (region_model::apply_constraints_for_gcond): Add
1378 rejected_constraint ** param.
1379 (region_model::apply_constraints_for_gswitch): Likewise.
1380 (region_model::apply_constraints_for_exception): Likewise.
1381 (struct rejected_constraint): New.
1382
82b77dee
GA		 13832020-09-23 David Malcolm <dmalcolm@redhat.com>
1384
1385 PR analyzer/97178
1386 * engine.cc (impl_run_checkers): Update for change to ext_state
1387 ctor.
1388 * program-state.cc (selftest::test_sm_state_map): Pass an engine
1389 instance to ext_state ctor.
1390 (selftest::test_program_state_1): Likewise.
1391 (selftest::test_program_state_2): Likewise.
1392 (selftest::test_program_state_merging): Likewise.
1393 (selftest::test_program_state_merging_2): Likewise.
1394 * program-state.h (extrinsic_state::extrinsic_state): Remove NULL
1395 default value for "eng" param.
1396
13972020-09-23 Tobias Burnus <tobias@codesourcery.com>
1398
1399 * analyzer-logging.cc: Guard '#pragma ... ignored "-Wformat-diag"'
1400 by '#if __GNUC__ >= 10'
1401 * analyzer.h: Likewise.
1402 * call-string.cc: Likewise.
1403
14042020-09-23 David Malcolm <dmalcolm@redhat.com>
1405
1406 * engine.cc (exploded_node::on_stmt): Replace sequence of dyn_cast
1407 with switch.
1408
521d2711
GA		 14092020-09-22 David Malcolm <dmalcolm@redhat.com>
1410
1411 * analysis-plan.cc: Include "json.h".
1412 * analyzer.opt (fdump-analyzer-json): New.
1413 * call-string.cc: Include "json.h".
1414 (call_string::to_json): New.
1415 * call-string.h (call_string::to_json): New decl.
1416 * checker-path.cc: Include "json.h".
1417 * constraint-manager.cc: Include "json.h".
1418 (equiv_class::to_json): New.
1419 (constraint::to_json): New.
1420 (constraint_manager::to_json): New.
1421 * constraint-manager.h (equiv_class::to_json): New decl.
1422 (constraint::to_json): New decl.
1423 (constraint_manager::to_json): New decl.
1424 * diagnostic-manager.cc: Include "json.h".
1425 (saved_diagnostic::to_json): New.
1426 (diagnostic_manager::to_json): New.
1427 * diagnostic-manager.h (saved_diagnostic::to_json): New decl.
1428 (diagnostic_manager::to_json): New decl.
1429 * engine.cc: Include "json.h", <zlib.h>.
1430 (exploded_node::status_to_str): New.
1431 (exploded_node::to_json): New.
1432 (exploded_edge::to_json): New.
1433 (exploded_graph::to_json): New.
1434 (dump_analyzer_json): New.
1435 (impl_run_checkers): Call it.
1436 * exploded-graph.h (exploded_node::status_to_str): New decl.
1437 (exploded_node::to_json): New.
1438 (exploded_edge::to_json): New.
1439 (exploded_graph::to_json): New.
1440 * pending-diagnostic.cc: Include "json.h".
1441 * program-point.cc: Include "json.h".
1442 (program_point::to_json): New.
1443 * program-point.h (program_point::to_json): New decl.
1444 * program-state.cc: Include "json.h".
1445 (extrinsic_state::to_json): New.
1446 (sm_state_map::to_json): New.
1447 (program_state::to_json): New.
1448 * program-state.h (extrinsic_state::to_json): New decl.
1449 (sm_state_map::to_json): New decl.
1450 (program_state::to_json): New decl.
1451 * region-model-impl-calls.cc: Include "json.h".
1452 * region-model-manager.cc: Include "json.h".
1453 * region-model-reachability.cc: Include "json.h".
1454 * region-model.cc: Include "json.h".
1455 * region-model.h (svalue::to_json): New decl.
1456 (region::to_json): New decl.
1457 * region.cc: Include "json.h".
1458 (region::to_json: New.
1459 * sm-file.cc: Include "json.h".
1460 * sm-malloc.cc: Include "json.h".
1461 * sm-pattern-test.cc: Include "json.h".
1462 * sm-sensitive.cc: Include "json.h".
1463 * sm-signal.cc: Include "json.h".
1464 (signal_delivery_edge_info_t::to_json): New.
1465 * sm-taint.cc: Include "json.h".
1466 * sm.cc: Include "diagnostic.h", "tree-diagnostic.h", and
1467 "json.h".
1468 (state_machine::state::to_json): New.
1469 (state_machine::to_json): New.
1470 * sm.h (state_machine::state::to_json): New.
1471 (state_machine::to_json): New.
1472 * state-purge.cc: Include "json.h".
1473 * store.cc: Include "json.h".
1474 (binding_key::get_desc): New.
1475 (binding_map::to_json): New.
1476 (binding_cluster::to_json): New.
1477 (store::to_json): New.
1478 * store.h (binding_key::get_desc): New decl.
1479 (binding_map::to_json): New decl.
1480 (binding_cluster::to_json): New decl.
1481 (store::to_json): New decl.
1482 * supergraph.cc: Include "json.h".
1483 (supergraph::to_json): New.
1484 (supernode::to_json): New.
1485 (superedge::to_json): New.
1486 * supergraph.h (supergraph::to_json): New decl.
1487 (supernode::to_json): New decl.
1488 (superedge::to_json): New decl.
1489 * svalue.cc: Include "json.h".
1490 (svalue::to_json): New.
1491
44135373
GA		 14922020-09-21 David Malcolm <dmalcolm@redhat.com>
1493
1494 PR analyzer/97130
1495 * region-model-impl-calls.cc (call_details::get_arg_type): New.
1496 * region-model.cc (region_model::on_call_pre): Check that the
1497 initial arg is a pointer before calling impl_call_memset and
1498 impl_call_strlen.
1499 * region-model.h (call_details::get_arg_type): New decl.
1500
15012020-09-21 David Malcolm <dmalcolm@redhat.com>
1502
1503 PR analyzer/93355
1504 * sm-malloc.cc (malloc_state_machine::get_default_state): Look at
1505 the base region when considering pointers. Treat pointers to
1506 decls as being non-heap.
1507
239601c5
GA		 15082020-09-18 David Malcolm <dmalcolm@redhat.com>
1509
1510 * checker-path.cc (warning_event::get_desc): Handle global state
1511 changes.
1512
15132020-09-18 David Malcolm <dmalcolm@redhat.com>
1514
1515 * sm-malloc.cc (malloc_state_machine::on_stmt): Handle strdup and
1516 strndup as being malloc-like allocators.
1517
ecde1b0a
GA		 15182020-09-16 David Malcolm <dmalcolm@redhat.com>
1519
1520 * engine.cc (strongly_connected_components::strong_connect): Only
1521 consider intraprocedural edges when creating SCCs.
1522 (worklist::key_t::cmp): Add comment. Treat call_string
1523 differences as more important than differences of program_point
1524 within a supernode.
1525
15262020-09-16 David Malcolm <dmalcolm@redhat.com>
1527
1528 * engine.cc (supernode_cluster::dump_dot): Show the SCC id
1529 in the per-supernode clusters in FILENAME.eg.dot output.
1530 (exploded_graph_annotator::add_node_annotations):
1531 Show the SCC of the supernode in FILENAME.supernode.eg.dot output.
1532 * exploded-graph.h (worklist::scc_id): New.
1533 (exploded_graph::get_scc_id): New.
1534
15352020-09-16 David Malcolm <dmalcolm@redhat.com>
1536
1537 * engine.cc (exploded_node::dump_dot): Show STATUS_BULK_MERGED.
1538 (exploded_graph::process_worklist): Call
1539 maybe_process_run_of_before_supernode_enodes.
1540 (exploded_graph::maybe_process_run_of_before_supernode_enodes):
1541 New.
1542 (exploded_graph_annotator::print_enode): Show STATUS_BULK_MERGED.
1543 * exploded-graph.h (enum exploded_node::status): Add
1544 STATUS_BULK_MERGED.
1545
15462020-09-16 David Malcolm <dmalcolm@redhat.com>
1547
1548 * engine.cc
1549 (exploded_graph::process_node) <case PK_BEFORE_SUPERNODE>:
1550 Simplify by using program_point::get_next.
1551 * program-point.cc (program_point::get_next): New.
1552 * program-point.h (program_point::get_next): New decl.
1553
15542020-09-16 David Malcolm <dmalcolm@redhat.com>
1555
1556 * engine.cc (exploded_graph::get_or_create_node): Show the
1557 program point when issuing -Wanalyzer-too-complex due to hitting
1558 the per-program-point limit.
1559
15602020-09-16 David Malcolm <dmalcolm@redhat.com>
1561
1562 * region-model.cc (region_model::on_call_pre): Treat getchar as
1563 having no side-effects.
1564
9f7ab8c5
GA		 15652020-09-15 David Malcolm <dmalcolm@redhat.com>
1566
1567 PR analyzer/96650
1568 * constraint-manager.cc (merger_fact_visitor::on_fact): Replace
1569 assertion that add_constraint succeeded with an assertion that
1570 if it fails, -fanalyzer-transitivity is off.
1571
50a71cd0
GA		 15722020-09-14 David Malcolm <dmalcolm@redhat.com>
1573
1574 * analyzer.opt (-param=analyzer-max-constraints=): New param.
1575 * constraint-manager.cc
1576 (constraint_manager::add_constraint_internal): Silently reject
1577 attempts to add constraints when the above limit is reached.
1578
15792020-09-14 David Malcolm <dmalcolm@redhat.com>
1580
1581 PR analyzer/96653
1582 * constraint-manager.cc
1583 (constraint_manager::get_or_add_equiv_class): Don't accumulate
1584 transitive closure of all constraints on constants.
1585
15862020-09-14 David Malcolm <dmalcolm@redhat.com>
1587
1588 PR analyzer/97029
1589 * analyzer.cc (is_setjmp_call_p): Require the initial arg to be a
1590 pointer.
1591 * region-model.cc (region_model::deref_rvalue): Assert that the
1592 svalue is of pointer type.
1593
ac35c090
GA		 15942020-09-11 David Malcolm <dmalcolm@redhat.com>
1595
1596 PR analyzer/96798
1597 * region-model-impl-calls.cc (region_model::impl_call_memcpy):
1598 New.
1599 (region_model::impl_call_strcpy): New.
1600 * region-model.cc (region_model::on_call_pre): Flag unhandled
1601 builtins that are non-pure as having unknown side-effects.
1602 Implement BUILT_IN_MEMCPY, BUILT_IN_MEMCPY_CHK, BUILT_IN_STRCPY,
1603 BUILT_IN_STRCPY_CHK, BUILT_IN_FPRINTF, BUILT_IN_FPRINTF_UNLOCKED,
1604 BUILT_IN_PUTC, BUILT_IN_PUTC_UNLOCKED, BUILT_IN_FPUTC,
1605 BUILT_IN_FPUTC_UNLOCKED, BUILT_IN_FPUTS, BUILT_IN_FPUTS_UNLOCKED,
1606 BUILT_IN_FWRITE, BUILT_IN_FWRITE_UNLOCKED, BUILT_IN_PRINTF,
1607 BUILT_IN_PRINTF_UNLOCKED, BUILT_IN_PUTCHAR,
1608 BUILT_IN_PUTCHAR_UNLOCKED, BUILT_IN_PUTS, BUILT_IN_PUTS_UNLOCKED,
1609 BUILT_IN_VFPRINTF, BUILT_IN_VPRINTF.
1610 * region-model.h (region_model::impl_call_memcpy): New decl.
1611 (region_model::impl_call_strcpy): New decl.
1612
80f86e78
GA		 16132020-09-09 David Malcolm <dmalcolm@redhat.com>
1614
1615 PR analyzer/94355
1616 * analyzer.opt (Wanalyzer-mismatching-deallocation): New warning.
1617 * region-model-impl-calls.cc
1618 (region_model::impl_call_operator_new): New.
1619 (region_model::impl_call_operator_delete): New.
1620 * region-model.cc (region_model::on_call_pre): Detect operator new
1621 and operator delete.
1622 (region_model::on_call_post): Likewise.
1623 (region_model::maybe_update_for_edge): Detect EH edges and call...
1624 (region_model::apply_constraints_for_exception): New function.
1625 * region-model.h (region_model::impl_call_operator_new): New decl.
1626 (region_model::impl_call_operator_delete): New decl.
1627 (region_model::apply_constraints_for_exception): New decl.
1628 * sm-malloc.cc (enum resource_state): New.
1629 (struct allocation_state): New state subclass.
1630 (enum wording): New.
1631 (struct api): New.
1632 (malloc_state_machine::custom_data_t): New typedef.
1633 (malloc_state_machine::add_state): New decl.
1634 (malloc_state_machine::m_unchecked)
1635 (malloc_state_machine::m_nonnull)
1636 (malloc_state_machine::m_freed): Delete these states in favor
1637 of...
1638 (malloc_state_machine::m_malloc)
1639 (malloc_state_machine::m_scalar_new)
1640 (malloc_state_machine::m_vector_new): ...this new api instances,
1641 which own their own versions of these states.
1642 (malloc_state_machine::on_allocator_call): New decl.
1643 (malloc_state_machine::on_deallocator_call): New decl.
1644 (api::api): New ctor.
1645 (dyn_cast_allocation_state): New.
1646 (as_a_allocation_state): New.
1647 (get_rs): New.
1648 (unchecked_p): New.
1649 (nonnull_p): New.
1650 (freed_p): New.
1651 (malloc_diagnostic::describe_state_change): Use unchecked_p and
1652 nonnull_p.
1653 (class mismatching_deallocation): New.
1654 (double_free::double_free): Add funcname param for initializing
1655 m_funcname.
1656 (double_free::emit): Use m_funcname in warning message rather
1657 than hardcoding "free".
1658 (double_free::describe_state_change): Likewise. Use freed_p.
1659 (double_free::describe_call_with_state): Use freed_p.
1660 (double_free::describe_final_event): Use m_funcname in message
1661 rather than hardcoding "free".
1662 (double_free::m_funcname): New field.
1663 (possible_null::describe_state_change): Use unchecked_p.
1664 (possible_null::describe_return_of_state): Likewise.
1665 (use_after_free::use_after_free): Add param for initializing m_api.
1666 (use_after_free::emit): Use m_api->m_dealloc_funcname in message
1667 rather than hardcoding "free".
1668 (use_after_free::describe_state_change): Use freed_p. Change the
1669 wording of the message based on the API.
1670 (use_after_free::describe_final_event): Use
1671 m_api->m_dealloc_funcname in message rather than hardcoding
1672 "free". Change the wording of the message based on the API.
1673 (use_after_free::m_api): New field.
1674 (malloc_leak::describe_state_change): Use unchecked_p. Update
1675 for renaming of m_malloc_event to m_alloc_event.
1676 (malloc_leak::describe_final_event): Update for renaming of
1677 m_malloc_event to m_alloc_event.
1678 (malloc_leak::m_malloc_event): Rename...
1679 (malloc_leak::m_alloc_event): ...to this.
1680 (free_of_non_heap::free_of_non_heap): Add param for initializing
1681 m_funcname.
1682 (free_of_non_heap::emit): Use m_funcname in message rather than
1683 hardcoding "free".
1684 (free_of_non_heap::describe_final_event): Likewise.
1685 (free_of_non_heap::m_funcname): New field.
1686 (allocation_state::dump_to_pp): New.
1687 (allocation_state::get_nonnull): New.
1688 (malloc_state_machine::malloc_state_machine): Update for changes
1689 to state fields and new api fields.
1690 (malloc_state_machine::add_state): New.
1691 (malloc_state_machine::on_stmt): Move malloc/calloc handling to
1692 on_allocator_call and call it, passing in the API pointer.
1693 Likewise for free, moving it to on_deallocator_call. Handle calls
1694 to operator new and delete in an analogous way. Use unchecked_p
1695 when testing for possibly-null-arg and possibly-null-deref, and
1696 transition to the non-null for the correct API. Remove redundant
1697 node param from call to on_zero_assignment. Use freed_p for
1698 use-after-free check, and pass in API.
1699 (malloc_state_machine::on_allocator_call): New, based on code in
1700 on_stmt.
1701 (malloc_state_machine::on_deallocator_call): Likewise.
1702 (malloc_state_machine::on_phi): Mark node param with
1703 ATTRIBUTE_UNUSED; don't pass it to on_zero_assignment.
1704 (malloc_state_machine::on_condition): Mark node param with
1705 ATTRIBUTE_UNUSED. Replace on_transition calls with get_state and
1706 set_next_state pairs, transitioning to the non-null state for the
1707 appropriate API.
1708 (malloc_state_machine::can_purge_p): Port to new state approach.
1709 (malloc_state_machine::on_zero_assignment): Replace on_transition
1710 calls with get_state and set_next_state pairs. Drop redundant
1711 node param.
1712 * sm.h (state_machine::add_custom_state): New.
1713
17142020-09-09 David Malcolm <dmalcolm@redhat.com>
1715
1716 * diagnostic-manager.cc
1717 (null_assignment_sm_context::warn_for_state): Replace with...
1718 (null_assignment_sm_context::warn): ...this.
1719 * engine.cc (impl_sm_context::warn_for_state): Replace with...
1720 (impl_sm_context::warn): ...this.
1721 * sm-file.cc (fileptr_state_machine::on_stmt): Replace
1722 warn_for_state and on_transition calls with a get_state
1723 test guarding warn and set_next_state calls.
1724 * sm-malloc.cc (malloc_state_machine::on_stmt): Likewise.
1725 * sm-pattern-test.cc (pattern_test_state_machine::on_condition):
1726 Replace warn_for_state call with warn call.
1727 * sm-sensitive.cc
1728 (sensitive_state_machine::warn_for_any_exposure): Replace
1729 warn_for_state call with a get_state test guarding a warn call.
1730 * sm-signal.cc (signal_state_machine::on_stmt): Likewise.
1731 * sm-taint.cc (taint_state_machine::on_stmt): Replace
1732 warn_for_state and on_transition calls with a get_state
1733 test guarding warn and set_next_state calls.
1734 * sm.h (sm_context::warn_for_state): Replace with...
1735 (sm_context::warn): ...this.
1736
17372020-09-09 David Malcolm <dmalcolm@redhat.com>
1738
1739 * diagnostic-manager.cc
1740 (null_assignment_sm_context::null_assignment_sm_context): Add old_state
1741 and ext_state params, initializing m_old_state and m_ext_state.
1742 (null_assignment_sm_context::on_transition): Split into...
1743 (null_assignment_sm_context::get_state): ...this new vfunc
1744 implementation and...
1745 (null_assignment_sm_context::set_next_state): ...this new vfunc
1746 implementation.
1747 (null_assignment_sm_context::m_old_state): New field.
1748 (null_assignment_sm_context::m_ext_state): New field.
1749 (diagnostic_manager::add_events_for_eedge): Pass in old state and
1750 ext_state when creating sm_ctxt.
1751 * engine.cc (impl_sm_context::on_transition): Split into...
1752 (impl_sm_context::get_state): ...this new vfunc
1753 implementation and...
1754 (impl_sm_context::set_next_state): ...this new vfunc
1755 implementation.
1756 * sm.h (sm_context::get_state): New pure virtual function.
1757 (sm_context::set_next_state): Likewise.
1758 (sm_context::on_transition): Convert from a pure virtual function
1759 to a regular function implemented in terms of get_state and
1760 set_next_state.
1761
17622020-09-09 David Malcolm <dmalcolm@redhat.com>
1763
1764 * checker-path.cc (state_change_event::get_desc): Update
1765 state_machine::get_state_name calls to state::get_name.
1766 (warning_event::get_desc): Likewise.
1767 * diagnostic-manager.cc
1768 (null_assignment_sm_context::on_transition): Update comparison
1769 against 0 with comparison with m_sm.get_start_state.
1770 (diagnostic_manager::prune_for_sm_diagnostic): Update
1771 state_machine::get_state_name calls to state::get_name.
1772 * engine.cc (impl_sm_context::on_transition): Likewise.
1773 (exploded_node::get_dot_fillcolor): Use get_id when summing
1774 the sm states.
1775 * program-state.cc (sm_state_map::sm_state_map): Don't hardcode
1776 0 as the start state when initializing m_global_state.
1777 (sm_state_map::print): Use dump_to_pp rather than get_state_name
1778 when dumping states.
1779 (sm_state_map::is_empty_p): Don't hardcode 0 as the start state
1780 when examining m_global_state.
1781 (sm_state_map::hash): Use get_id when hashing states.
1782 (selftest::test_sm_state_map): Use state objects rather than
1783 arbitrary hardcoded integers.
1784 (selftest::test_program_state_merging): Likewise.
1785 (selftest::test_program_state_merging_2): Likewise.
1786 * sm-file.cc (fileptr_state_machine::m_start): Move to base class.
1787 (file_diagnostic::describe_state_change): Use get_start_state.
1788 (fileptr_state_machine::fileptr_state_machine): Drop m_start
1789 initialization.
1790 * sm-malloc.cc (malloc_state_machine::m_start): Move to base
1791 class.
1792 (malloc_diagnostic::describe_state_change): Use get_start_state.
1793 (possible_null::describe_state_change): Likewise.
1794 (malloc_state_machine::malloc_state_machine): Drop m_start
1795 initialization.
1796 * sm-pattern-test.cc (pattern_test_state_machine::m_start): Move
1797 to base class.
1798 (pattern_test_state_machine::pattern_test_state_machine): Drop
1799 m_start initialization.
1800 * sm-sensitive.cc (sensitive_state_machine::m_start): Move to base
1801 class.
1802 (sensitive_state_machine::sensitive_state_machine): Drop m_start
1803 initialization.
1804 * sm-signal.cc (signal_state_machine::m_start): Move to base
1805 class.
1806 (signal_state_machine::signal_state_machine): Drop m_start
1807 initialization.
1808 * sm-taint.cc (taint_state_machine::m_start): Move to base class.
1809 (taint_state_machine::taint_state_machine): Drop m_start
1810 initialization.
1811 * sm.cc (state_machine::state::dump_to_pp): New.
1812 (state_machine::state_machine): Move here from sm.h. Initialize
1813 m_next_state_id and m_start.
1814 (state_machine::add_state): Reimplement in terms of state objects.
1815 (state_machine::get_state_name): Delete.
1816 (state_machine::get_state_by_name): Reimplement in terms of state
1817 objects. Make const.
1818 (state_machine::validate): Delete.
1819 (state_machine::dump_to_pp): Reimplement in terms of state
1820 objects.
1821 * sm.h (state_machine::state): New class.
1822 (state_machine::state_t): Convert typedef from "unsigned" to
1823 "const state_machine::state *".
1824 (state_machine::state_machine): Move to sm.cc.
1825 (state_machine::get_default_state): Use m_start rather than
1826 hardcoding 0.
1827 (state_machine::get_state_name): Delete.
1828 (state_machine::get_state_by_name): Make const.
1829 (state_machine::get_start_state): New accessor.
1830 (state_machine::alloc_state_id): New.
1831 (state_machine::m_state_names): Drop in favor of...
1832 (state_machine::m_states): New field
1833 (state_machine::m_start): New field
1834 (start_start_p): Delete.
1835
31a05046
GA		 18362020-09-08 David Malcolm <dmalcolm@redhat.com>
1837
1838 PR analyzer/96949
1839 * store.cc (binding_map::apply_ctor_val_to_range): Add
1840 error-handling for the cases where we have symbolic offsets.
1841
18422020-09-08 David Malcolm <dmalcolm@redhat.com>
1843
1844 PR analyzer/96950
1845 * store.cc (binding_map::apply_ctor_to_region): Handle RANGE_EXPR
1846 where min_index == max_index.
1847 (binding_map::apply_ctor_val_to_range): Replace assertion that we
1848 don't have a CONSTRUCTOR value with error-handling.
1849
18502020-09-08 David Malcolm <dmalcolm@redhat.com>
1851
1852 PR analyzer/96962
1853 * region-model.cc (region_model::on_call_pre): Fix guard on switch
1854 on built-ins to only consider BUILT_IN_NORMAL, rather than other
1855 kinds of build-ins.
1856
e1a4a8a0
GA		 18572020-09-01 David Malcolm <dmalcolm@redhat.com>
1858
1859 PR analyzer/96792
1860 * region-model.cc (region_model::deref_rvalue): Add the constraint
1861 that PTR_SVAL is non-NULL.
1862
13e4ba28
GA		 18632020-08-31 David Malcolm <dmalcolm@redhat.com>
1864
1865 PR analyzer/96798
1866 * region-model.cc (region_model::on_call_pre): Handle
1867 BUILT_IN_MEMSET_CHK.
1868
18692020-08-31 David Malcolm <dmalcolm@redhat.com>
1870
1871 * region-model.cc (region_model::on_call_pre): Gather handling of
1872 builtins and of internal fns into switch statements. Handle
1873 "alloca" and BUILT_IN_ALLOCA_WITH_ALIGN.
1874
18752020-08-31 David Malcolm <dmalcolm@redhat.com>
1876
1877 PR analyzer/96860
1878 * region.cc (decl_region::get_svalue_for_constructor): Support
1879 apply_ctor_to_region failing.
1880 * store.cc (binding_map::apply_ctor_to_region): Add failure
1881 handling.
1882 (binding_map::apply_ctor_val_to_range): Likewise.
1883 (binding_map::apply_ctor_pair_to_child_region): Likewise. Replace
1884 assertion that child_base_offset is not symbolic with error
1885 handling.
1886 * store.h (binding_map::apply_ctor_to_region): Convert return type
1887 from void to bool.
1888 (binding_map::apply_ctor_val_to_range): Likewise.
1889 (binding_map::apply_ctor_pair_to_child_region): Likewise.
1890
18912020-08-31 David Malcolm <dmalcolm@redhat.com>
1892
1893 PR analyzer/96763
1894 * store.cc (binding_map::apply_ctor_to_region): Handle RANGE_EXPR
1895 by calling a new binding_map::apply_ctor_val_to_range subroutine.
1896 Split out the existing non-CONSTRUCTOR-handling code to a new
1897 apply_ctor_pair_to_child_region subroutine.
1898 (binding_map::apply_ctor_val_to_range): New.
1899 (binding_map::apply_ctor_pair_to_child_region): New, split out
1900 from binding_map::apply_ctor_to_region as noted above.
1901 * store.h (binding_map::apply_ctor_val_to_range): New decl.
1902 (binding_map::apply_ctor_pair_to_child_region): New decl.
1903
19042020-08-31 David Malcolm <dmalcolm@redhat.com>
1905
1906 PR analyzer/96764
1907 * region-model-manager.cc
1908 (region_model_manager::maybe_fold_unaryop): Handle VIEW_CONVERT_EXPR.
1909 (region_model_manager::get_or_create_cast): Move logic for
1910 real->integer casting to...
1911 (get_code_for_cast): ...this new function, and add logic for
1912 real->non-integer casts.
1913 (region_model_manager::maybe_fold_sub_svalue): Handle
1914 VIEW_CONVERT_EXPR.
1915 * region-model.cc
1916 (region_model::add_any_constraints_from_gassign): Likewise.
1917 * svalue.cc (svalue::maybe_undo_cast): Likewise.
1918 (unaryop_svalue::dump_to_pp): Likewise.
1919
57ea0894
GA		 19202020-08-26 David Malcolm <dmalcolm@redhat.com>
1921
1922 PR analyzer/94858
1923 * region-model-manager.cc
1924 (region_model_manager::get_or_create_widening_svalue): Assert that
1925 neither of the inputs are themselves widenings.
1926 * store.cc (store::eval_alias_1): The initial value of a pointer
1927 can't point to a region that was allocated on the heap after the
1928 beginning of the path. A widened pointer value can't alias anything
1929 that the initial pointer value can't alias.
1930 * svalue.cc (svalue::can_merge_p): Merge BINOP (X, OP, CST) with X
1931 to a widening svalue. Merge
1932 BINOP(WIDENING(BASE, BINOP(BASE, X)), X) and BINOP(BASE, X) to
1933 to the LHS of the first BINOP.
1934
19352020-08-26 David Malcolm <dmalcolm@redhat.com>
1936
1937 PR analyzer/96777
1938 * region-model.h (class compound_svalue): Document that all keys
1939 must be concrete.
1940 (compound_svalue::compound_svalue): Move definition to svalue.cc.
1941 * store.cc (binding_map::apply_ctor_to_region): Handle
1942 initializers for trailing arrays with incomplete size.
1943 * svalue.cc (compound_svalue::compound_svalue): Move definition
1944 here from region-model.h. Add assertion that all keys are
1945 concrete.
1946
e769f970
GA		 19472020-08-22 David Malcolm <dmalcolm@redhat.com>
1948
1949 PR analyzer/94851
1950 * region-model-manager.cc
1951 (region_model_manager::maybe_fold_binop): Fold bitwise "& 0" to 0.
1952
19532020-08-22 David Malcolm <dmalcolm@redhat.com>
1954
1955 * store.cc (store::eval_alias): Make const. Split out 2nd half
1956 into store::eval_alias_1 and call it twice for symmetry, avoiding
1957 test duplication.
1958 (store::eval_alias_1): New function, split out from the above.
1959 * store.h (store::eval_alias): Make const.
1960 (store::eval_alias_1): New decl.
1961
19622020-08-22 David Malcolm <dmalcolm@redhat.com>
1963
1964 * region-model.cc (region_model::push_frame): Bind the default
1965 SSA name for each parm if it exists, falling back to the parm
1966 itself otherwise, rather than doing both.
1967
5b9a3d2a
GA		 19682020-08-20 David Malcolm <dmalcolm@redhat.com>
1969
1970 PR analyzer/96723
1971 * region-model-manager.cc
1972 (region_model_manager::get_field_region): Assert that field is a
1973 FIELD_DECL.
1974 * region.cc (region::get_subregions_for_binding): In
1975 union-handling, filter the TYPE_FIELDS traversal to just FIELD_DECLs.
1976
19772020-08-20 David Malcolm <dmalcolm@redhat.com>
1978
1979 PR analyzer/96713
1980 * region-model.cc (region_model::get_gassign_result): For
1981 comparisons, only use eval_condition when the lhs has boolean
1982 type, and use get_or_create_constant_svalue on the boolean
1983 constants directly rather than via get_rvalue.
1984
04e23a40
GA		 19852020-08-19 David Malcolm <dmalcolm@redhat.com>
1986
1987 PR analyzer/96643
1988 * region-model.cc (region_model::deref_rvalue): Rather than
1989 attempting to handle all svalue kinds in the switch, only cover
1990 the special cases, and move symbolic-region handling to after
1991 the switch, thus implicitly handling the missing case SK_COMPOUND.
1992
19932020-08-19 David Malcolm <dmalcolm@redhat.com>
1994
1995 PR analyzer/96705
1996 * region-model-manager.cc
1997 (region_model_manager::maybe_fold_binop): Check that we have an
1998 integral type before calling build_int_cst.
1999
20002020-08-19 David Malcolm <dmalcolm@redhat.com>
2001
2002 PR analyzer/96699
2003 * region-model-manager.cc
2004 (region_model_manager::get_or_create_cast): Use FIX_TRUNC_EXPR for
2005 casting from REAL_TYPE to INTEGER_TYPE.
2006
20072020-08-19 David Malcolm <dmalcolm@redhat.com>
2008
2009 PR analyzer/96651
2010 * region-model.cc (region_model::called_from_main_p): New.
2011 (region_model::get_store_value): Move handling for globals into...
2012 (region_model::get_initial_value_for_global): ...this new
2013 function, and add logic for extracting values from decl
2014 initializers.
2015 * region-model.h (decl_region::get_svalue_for_constructor): New
2016 decl.
2017 (decl_region::get_svalue_for_initializer): New decl.
2018 (region_model::called_from_main_p): New decl.
2019 (region_model::get_initial_value_for_global): New.
2020 * region.cc (decl_region::maybe_get_constant_value): Move logic
2021 for getting an svalue from a CONSTRUCTOR node to...
2022 (decl_region::get_svalue_for_constructor): ...this new function.
2023 (decl_region::get_svalue_for_initializer): New.
2024 * store.cc (get_svalue_for_ctor_val): Rewrite in terms of
2025 region_model::get_rvalue.
2026 * store.h (binding_cluster::get_map): New accessor.
2027
20282020-08-19 David Malcolm <dmalcolm@redhat.com>
2029
2030 PR analyzer/96648
2031 * region.cc (get_field_at_bit_offset): Gracefully handle negative
2032 values for bit_offset.
2033
5c265693
GA		 20342020-08-18 David Malcolm <dmalcolm@redhat.com>
2035
2036 * region-model.cc (region_model::get_rvalue_1): Fix name of local.
2037
20382020-08-18 David Malcolm <dmalcolm@redhat.com>
2039
2040 PR analyzer/96641
2041 * region-model.cc (region_model::get_rvalue_1): Handle
2042 unrecognized tree codes by returning "UNKNOWN.
2043
20442020-08-18 David Malcolm <dmalcolm@redhat.com>
2045
2046 PR analyzer/96640
2047 * region-model.cc (region_model::get_gassign_result): Handle various
2048 VEC_* tree codes by returning UNKNOWN.
2049 (region_model::on_assignment): Handle unrecognized tree codes by
2050 setting lhs to an unknown value, rather than issuing a "sorry" and
2051 asserting.
2052
deee2322
GA		 20532020-08-17 David Malcolm <dmalcolm@redhat.com>
2054
2055 PR analyzer/96644
2056 * region-model-manager.cc (get_region_for_unexpected_tree_code):
2057 Handle ctxt being NULL.
2058
20592020-08-17 David Malcolm <dmalcolm@redhat.com>
2060
2061 PR analyzer/96639
2062 * region.cc (region::get_subregions_for_binding): Check for "type"
2063 being NULL.
2064
20652020-08-17 David Malcolm <dmalcolm@redhat.com>
2066
2067 PR analyzer/96642
2068 * store.cc (get_svalue_for_ctor_val): New.
2069 (binding_map::apply_ctor_to_region): Call it.
2070
661ee09b
GA		 20712020-08-14 David Malcolm <dmalcolm@redhat.com>
2072
2073 PR testsuite/96609
2074 PR analyzer/96616
2075 * region-model.cc (region_model::get_store_value): Call
2076 maybe_get_constant_value on decl_regions first.
2077 * region-model.h (decl_region::maybe_get_constant_value): New decl.
2078 * region.cc (decl_region::get_stack_depth): Likewise.
2079 (decl_region::maybe_get_constant_value): New.
2080 * store.cc (get_subregion_within_ctor): New.
2081 (binding_map::apply_ctor_to_region): New.
2082 * store.h (binding_map::apply_ctor_to_region): New decl.
2083
20842020-08-14 David Malcolm <dmalcolm@redhat.com>
2085
2086 PR analyzer/96611
2087 * store.cc (store::mark_as_escaped): Reject attempts to
2088 get a cluster for an unknown pointer.
2089
b3cb5606
GA		 20902020-08-13 David Malcolm <dmalcolm@redhat.com>
2091
5afd1882
ML		 2092 PR analyzer/93032
2093 PR analyzer/93938
2094 PR analyzer/94011
2095 PR analyzer/94099
2096 PR analyzer/94399
2097 PR analyzer/94458
2098 PR analyzer/94503
2099 PR analyzer/94640
2100 PR analyzer/94688
2101 PR analyzer/94689
2102 PR analyzer/94839
2103 PR analyzer/95026
2104 PR analyzer/95042
2105 PR analyzer/95240
b3cb5606
GA		 2106 * analyzer-logging.cc: Ignore "-Wformat-diag".
2107 (logger::enter_scope): Use inc_indent in both overloads.
2108 (logger::exit_scope): Use dec_indent.
2109 * analyzer-logging.h (logger::inc_indent): New.
2110 (logger::dec_indent): New.
2111 * analyzer-selftests.cc (run_analyzer_selftests): Call
2112 analyzer_store_cc_tests.
2113 * analyzer-selftests.h (analyzer_store_cc_tests): New decl.
2114 * analyzer.cc (get_stmt_location): New function.
2115 * analyzer.h (class initial_svalue): New forward decl.
2116 (class unaryop_svalue): New forward decl.
2117 (class binop_svalue): New forward decl.
2118 (class sub_svalue): New forward decl.
2119 (class unmergeable_svalue): New forward decl.
2120 (class placeholder_svalue): New forward decl.
2121 (class widening_svalue): New forward decl.
2122 (class compound_svalue): New forward decl.
2123 (class conjured_svalue): New forward decl.
2124 (svalue_set): New typedef.
2125 (class map_region): Delete.
2126 (class array_region): Delete.
2127 (class frame_region): New forward decl.
2128 (class function_region): New forward decl.
2129 (class label_region): New forward decl.
2130 (class decl_region): New forward decl.
2131 (class element_region): New forward decl.
2132 (class offset_region): New forward decl.
2133 (class cast_region): New forward decl.
2134 (class field_region): New forward decl.
2135 (class string_region): New forward decl.
2136 (class region_model_manager): New forward decl.
2137 (class store_manager): New forward decl.
2138 (class store): New forward decl.
2139 (class call_details): New forward decl.
2140 (struct svalue_id_merger_mapping): Delete.
2141 (struct canonicalization): Delete.
2142 (class function_point): New forward decl.
2143 (class engine): New forward decl.
2144 (dump_tree): New function decl.
2145 (print_quoted_type): New function decl.
2146 (readability_comparator): New function decl.
2147 (tree_cmp): New function decl.
2148 (class path_var): Move here from region-model.h
2149 (bit_offset_t, bit_size_t, byte_size_t): New typedefs.
2150 (class region_offset): New class.
2151 (get_stmt_location): New decl.
2152 (struct member_function_hash_traits): New struct.
2153 (class consolidation_map): New class.
2154 Ignore "-Wformat-diag".
2155 * analyzer.opt (-param=analyzer-max-svalue-depth=): New param.
2156 (-param=analyzer-max-enodes-for-full-dump=): New param.
2157 * call-string.cc: Ignore -Wformat-diag.
2158 * checker-path.cc: Move includes of "analyzer/call-string.h" and
2159 "analyzer/program-point.h" to before "analyzer/region-model.h",
2160 and also include "analyzer/store.h" before it.
2161 (state_change_event::state_change_event): Replace "tree var" param
2162 with "const svalue *sval". Convert "origin" param from tree to
2163 "const svalue *".
2164 (state_change_event::get_desc): Call get_representative_tree to
2165 convert the var and origin from const svalue * to tree. Use
2166 svalue::get_desc rather than %qE when describing state changes.
2167 (checker_path::add_final_event): Use get_stmt_location.
2168 * checker-path.h (state_change_event::state_change_event): Port
2169 from tree to const svalue *.
2170 (state_change_event::get_lvalue): Delete.
2171 (state_change_event::get_dest_function): New.
2172 (state_change_event::m_var): Replace with...
2173 (state_change_event::m_sval): ...this.
2174 (state_change_event::m_origin): Convert from tree to
2175 const svalue *.
2176 * constraint-manager.cc: Include "analyzer/call-string.h",
2177 "analyzer/program-point.h", and "analyzer/store.h" before
2178 "analyzer/region-model.h".
2179 (struct bound, struct range): Move to constraint-manager.h.
2180 (compare_constants): New function.
2181 (range::dump): Rename to...
2182 (range::dump_to_pp): ...this. Support NULL constants.
2183 (range::dump): Reintroduce for dumping to stderr.
2184 (range::constrained_to_single_element): Return result, rather than
2185 writing to *OUT.
2186 (range::eval_condition): New.
2187 (range::below_lower_bound): New.
2188 (range::above_upper_bound): New.
2189 (equiv_class::equiv_class): Port from svalue_id to const svalue *.
2190 (equiv_class::print): Likewise.
2191 (equiv_class::hash): Likewise.
2192 (equiv_class::operator==): Port from svalue_id to const svalue *.
2193 (equiv_class::add): Port from svalue_id to const svalue *. Drop
2194 "cm" param.
2195 (equiv_class::del): Port from svalue_id to const svalue *.
2196 (equiv_class::get_representative): Likewise.
2197 (equiv_class::remap_svalue_ids): Delete.
2198 (svalue_id_cmp_by_id): Rename to...
2199 (svalue_cmp_by_ptr): ...this, porting from svalue_id to
2200 const svalue *.
2201 (equiv_class::canonicalize): Update qsort comparator.
2202 (constraint::implied_by): New.
2203 (constraint_manager::constraint_manager): Copy m_mgr in copy ctor.
2204 (constraint_manager::dump_to_pp): Add "multiline" param
2205 (constraint_manager::dump): Pass "true" for "multiline".
2206 (constraint_manager::add_constraint): Port from svalue_id to
2207 const svalue *. Split out second part into...
2208 (constraint_manager::add_unknown_constraint): ...this new
2209 function. Remove self-constraints when merging equivalence
2210 classes.
2211 (constraint_manager::add_constraint_internal): Remove constraints
2212 that would be implied by the new constraint. Port from svalue_id
2213 to const svalue *.
2214 (constraint_manager::get_equiv_class_by_sid): Rename to...
2215 (constraint_manager::get_equiv_class_by_svalue): ...this, porting
2216 from svalue_id to const svalue *.
2217 (constraint_manager::get_or_add_equiv_class): Port from svalue_id
2218 to const svalue *.
2219 (constraint_manager::eval_condition): Make const. Call
2220 compare_constants and return early if it provides a known result.
2221 (constraint_manager::get_ec_bounds): New.
2222 (constraint_manager::eval_condition): New overloads. Make
2223 existing one const, and use compare_constants.
2224 (constraint_manager::purge): Convert "p" param to a template
2225 rather that an abstract base class. Port from svalue_id to
2226 const svalue *.
2227 (class dead_svalue_purger): New class.
2228 (constraint_manager::remap_svalue_ids): Delete.
2229 (constraint_manager::on_liveness_change): New.
2230 (equiv_class_cmp): Port from svalue_id to const svalue *.
2231 (constraint_manager::canonicalize): Likewise. Combine with
2232 purging of redundant equivalence classes and constraints.
2233 (class cleaned_constraint_manager): Delete.
2234 (class merger_fact_visitor): Make "m_cm_b" const. Add "m_merger"
2235 field.
2236 (merger_fact_visitor::fact): Port from svalue_id to const svalue *.
2237 Add special case for widening.
2238 (constraint_manager::merge): Port from svalue_id to const svalue *.
2239 (constraint_manager::clean_merger_input): Delete.
2240 (constraint_manager::for_each_fact): Port from svalue_id to
2241 const svalue *.
2242 (constraint_manager::validate): Likewise.
2243 (selftest::test_constraint_conditions): Provide a
2244 region_model_manager when creating region_model instances.
2245 Add test for self-equality not creating equivalence classes.
2246 (selftest::test_transitivity): Provide a region_model_manager when
2247 creating region_model instances. Verify that EC-merging happens
2248 when constraints are implied.
2249 (selftest::test_constant_comparisons): Provide a
2250 region_model_manager when creating region_model instances.
2251 (selftest::test_constraint_impl): Likewise. Remove over-specified
2252 assertions.
2253 (selftest::test_equality): Provide a region_model_manager when
2254 creating region_model instances.
2255 (selftest::test_many_constants): Likewise. Provide a
2256 program_point when testing merging.
2257 (selftest::run_constraint_manager_tests): Move call to
2258 test_constant_comparisons to outside the transitivity guard.
2259 * constraint-manager.h (struct bound): Move here from
2260 constraint-manager.cc.
2261 (struct range): Likewise.
2262 (struct::eval_condition): New decl.
2263 (struct::below_lower_bound): New decl.
2264 (struct::above_upper_bound): New decl.
2265 (equiv_class::add): Port from svalue_id to const svalue *.
2266 (equiv_class::del): Likewise.
2267 (equiv_class::get_representative): Likewise.
2268 (equiv_class::remap_svalue_ids): Drop.
2269 (equiv_class::m_cst_sid): Convert to..
2270 (equiv_class::m_cst_sval): ...this.
2271 (equiv_class::m_vars): Port from svalue_id to const svalue *.
2272 (constraint::bool implied_by): New decl.
2273 (fact_visitor::on_fact): Port from svalue_id to const svalue *.
2274 (constraint_manager::constraint_manager): Add mgr param.
2275 (constraint_manager::clone): Delete.
2276 (constraint_manager::maybe_get_constant): Delete.
2277 (constraint_manager::get_sid_for_constant): Delete.
2278 (constraint_manager::get_num_svalues): Delete.
2279 (constraint_manager::dump_to_pp): Add "multiline" param.
2280 (constraint_manager::get_equiv_class): Port from svalue_id to
2281 const svalue *.
2282 (constraint_manager::add_constraint): Likewise.
2283 (constraint_manager::get_equiv_class_by_sid): Rename to...
2284 (constraint_manager::get_equiv_class_by_svalue): ...this, porting
2285 from svalue_id to const svalue *.
2286 (constraint_manager::add_unknown_constraint): New decl.
2287 (constraint_manager::get_or_add_equiv_class): Port from svalue_id
2288 to const svalue *.
2289 (constraint_manager::eval_condition): Likewise. Add overloads.
2290 (constraint_manager::get_ec_bounds): New decl.
2291 (constraint_manager::purge): Convert to template.
2292 (constraint_manager::remap_svalue_ids): Delete.
2293 (constraint_manager::on_liveness_change): New decl.
2294 (constraint_manager::canonicalize): Drop param.
2295 (constraint_manager::clean_merger_input): Delete.
2296 (constraint_manager::m_mgr): New field.
2297 * diagnostic-manager.cc: Move includes of
2298 "analyzer/call-string.h" and "analyzer/program-point.h" to before
2299 "analyzer/region-model.h", and also include "analyzer/store.h"
2300 before it.
2301 (saved_diagnostic::saved_diagnostic): Add "sval" param.
2302 (diagnostic_manager::diagnostic_manager): Add engine param.
2303 (diagnostic_manager::add_diagnostic): Add "sval" param, passing it
2304 to saved_diagnostic ctor. Update overload to pass NULL for it.
2305 (dedupe_winners::dedupe_winners): Add engine param.
2306 (dedupe_winners::add): Add "eg" param. Pass m_engine to
2307 feasible_p.
2308 (dedupe_winner::m_engine): New field.
2309 (diagnostic_manager::emit_saved_diagnostics): Pass engine to
2310 dedupe_winners. Pass &eg when adding candidates. Pass svalue
2311 rather than tree to prune_path. Use get_stmt_location to get
2312 primary location of diagnostic.
2313 (diagnostic_manager::emit_saved_diagnostic): Likewise.
2314 (get_any_origin): Drop.
2315 (state_change_event_creator::on_global_state_change): Pass NULL
2316 const svalue * rather than NULL_TREE trees to state_change_event
2317 ctor.
2318 (state_change_event_creator::on_state_change): Port from tree and
2319 svalue_id to const svalue *.
2320 (for_each_state_change): Port from svalue_id to const svalue *.
2321 (struct null_assignment_sm_context): New.
2322 (diagnostic_manager::add_events_for_eedge): Add state change
2323 events for assignment to NULL.
2324 (diagnostic_manager::prune_path): Update param from tree to
2325 const svalue *.
2326 (diagnostic_manager::prune_for_sm_diagnostic): Port from tracking
2327 by tree to by const svalue *.
2328 * diagnostic-manager.h (saved_diagnostic::saved_diagnostic): Add sval
2329 param.
2330 (saved_diagnostic::m_sval): New field.
2331 (diagnostic_manager::diagnostic_manager): Add engine param.
2332 (diagnostic_manager::get_engine): New.
2333 (diagnostic_manager::add_diagnostic): Add "sval" param.
2334 (diagnostic_manager::prune_path): Likewise.
2335 (diagnostic_manager::prune_for_sm_diagnostic): New overload.
2336 (diagnostic_manager::m_eng): New field.
2337 * engine.cc: Move includes of "analyzer/call-string.h" and
2338 "analyzer/program-point.h" to before "analyzer/region-model.h",
2339 and also include "analyzer/store.h" before it.
2340 (impl_region_model_context::impl_region_model_context): Update for
2341 removal of m_change field.
2342 (impl_region_model_context::remap_svalue_ids): Delete.
2343 (impl_region_model_context::on_svalue_leak): New.
2344 (impl_region_model_context::on_svalue_purge): Delete.
2345 (impl_region_model_context::on_liveness_change): New.
2346 (impl_region_model_context::on_unknown_change): Update param
2347 from svalue_id to const svalue *. Add is_mutable param.
2348 (setjmp_svalue::compare_fields): Delete.
2349 (setjmp_svalue::accept): New.
2350 (setjmp_svalue::add_to_hash): Delete.
2351 (setjmp_svalue::dump_to_pp): New.
2352 (setjmp_svalue::print_details): Delete.
2353 (impl_sm_context::impl_sm_context): Drop "change" param.
2354 (impl_sm_context::get_fndecl_for_call): Drop "m_change".
2355 (impl_sm_context::on_transition): Drop ATTRIBUTE_UNUSED from
2356 "stmt" param. Drop m_change. Port from svalue_id to
2357 const svalue *.
2358 (impl_sm_context::warn_for_state): Drop m_change. Port from
2359 svalue_id to const svalue *.
2360 (impl_sm_context::get_readable_tree): Rename to...
2361 (impl_sm_context::get_diagnostic_tree): ...this. Port from
2362 svalue_id to const svalue *.
2363 (impl_sm_context::is_zero_assignment): New.
2364 (impl_sm_context::m_change): Delete field.
2365 (leak_stmt_finder::find_stmt): Handle m_var being NULL.
2366 (readability): Increase penalty for MEM_REF. For SSA_NAMEs,
2367 slightly favor the underlying var over the SSA name. Heavily
2368 penalize temporaries. Handle RESULT_DECL.
2369 (readability_comparator): Make non-static. Consider stack depths.
2370 (impl_region_model_context::on_state_leak): Convert from svalue_id
2371 to const svalue *, updating for region_model changes. Use
2372 id_equal.
2373 (impl_region_model_context::on_inherited_svalue): Delete.
2374 (impl_region_model_context::on_cast): Delete.
2375 (impl_region_model_context::on_condition): Drop m_change.
2376 (impl_region_model_context::on_phi): Likewise.
2377 (impl_region_model_context::on_unexpected_tree_code): Handle t
2378 being NULL.
2379 (point_and_state::validate): Update stack checking for
2380 region_model changes.
2381 (eg_traits::dump_args_t::show_enode_details_p): New.
2382 (exploded_node::exploded_node): Initialize m_num_processed_stmts.
2383 (exploded_node::get_processed_stmt): New function.
2384 (exploded_node::get_dot_fillcolor): Add more colors.
2385 (exploded_node::dump_dot): Guard the printing of the point and
2386 state with show_enode_details_p. Print the processed stmts for
2387 this enode after the initial state.
2388 (exploded_node::dump_to_pp): Pass true for new multiline param
2389 of program_state::dump_to_pp.
2390 (exploded_node::on_stmt): Drop "change" param. Log the stmt.
2391 Set input_location. Implement __analyzer_describe. Update
2392 implementation of __analyzer_dump and __analyzer_eval.
2393 Remove purging of sm-state for unknown fncalls from here.
2394 (exploded_node::on_edge): Drop "change" param.
2395 (exploded_node::on_longjmp): Port from region_id/svalue_id to
2396 const region */const svalue *. Call program_state::detect_leaks.
2397 Drop state_change.
2398 (exploded_node::detect_leaks): Update for changes to region_model.
2399 Call program_state::detect_leaks.
2400 (exploded_edge::exploded_edge): Drop ext_state and change params.
2401 (exploded_edge::dump_dot): "args" is no longer used. Drop dumping
2402 of m_change.
2403 (exploded_graph::exploded_graph): Pass engine to
2404 m_diagnostic_manager ctor. Use program_point::origin.
2405 (exploded_graph::add_function_entry): Drop ctxt. Use
2406 program_state::push_frame. Drop state_change.
2407 (exploded_graph::get_or_create_node): Drop "change" param. Add
2408 "enode_for_diag" param. Update dumping calls for API changes.
2409 Pass point to can_merge_with_p. Show enode indices
2410 within -Wanalyzer-too-complex diagnostic for hitting the per-point
2411 limit.
2412 (exploded_graph::add_edge): Drop "change" param. Log which nodes
2413 are being connected. Update for changes to exploded_edge ctor.
2414 (exploded_graph::get_per_program_point_data): New.
2415 (exploded_graph::process_worklist): Pass point to
2416 can_merge_with_p. Drop state_change. Update dumping call for API
2417 change.
2418 (exploded_graph::process_node): Drop state_change. Split the
2419 node in-place if an sm-state-change occurs. Update
2420 m_num_processed_stmts. Update dumping calls for API change.
2421 (exploded_graph::log_stats): Call engine::log_stats.
2422 (exploded_graph::dump_states_for_supernode): Update dumping
2423 call.
2424 (exploded_path::feasible_p): Add "eng" and "eg" params.
2425 Rename "i" to "end_idx". Pass the manager to the region_model
2426 ctor. Update for every processed stmt in the enode, not just the
2427 first. Keep track of which snodes have been visited, and call
2428 loop_replay_fixup when revisiting one.
2429 (enode_label::get_text): Update dump call for new param.
2430 (exploded_graph::dump_exploded_nodes): Likewise.
2431 (exploded_graph::get_node_by_index): New.
2432 (impl_run_checkers): Create engine instance and pass its address
2433 to extrinsic_state ctor.
2434 * exploded-graph.h
2435 (impl_region_model_context::impl_region_model_context): Drop
2436 "change" params.
2437 (impl_region_model_context::void remap_svalue_ids): Delete.
2438 (impl_region_model_context::on_svalue_purge): Delete.
2439 (impl_region_model_context::on_svalue_leak): New.
2440 (impl_region_model_context::on_liveness_change): New.
2441 (impl_region_model_context::on_state_leak): Update signature.
2442 (impl_region_model_context::on_inherited_svalue): Delete.
2443 (impl_region_model_context::on_cast): Delete.
2444 (impl_region_model_context::on_unknown_change): Update signature.
2445 (impl_region_model_context::m_change): Delete.
2446 (eg_traits::dump_args_t::show_enode_details_p): New.
2447 (exploded_node::on_stmt): Drop "change" param.
2448 (exploded_node::on_edge): Likewise.
2449 (exploded_node::get_processed_stmt): New decl.
2450 (exploded_node::m_num_processed_stmts): New field.
2451 (exploded_edge::exploded_edge): Drop ext_state and change params.
2452 (exploded_edge::m_change): Delete.
2453 (exploded_graph::get_engine): New accessor.
2454 (exploded_graph::get_or_create_node): Drop "change" param. Add
2455 "enode_for_diag" param.
2456 (exploded_graph::add_edge): Drop "change" param.
2457 (exploded_graph::get_per_program_point_data): New decl.
2458 (exploded_graph::get_node_by_index): New decl.
2459 (exploded_path::feasible_p): Add "eng" and "eg" params.
2460 * program-point.cc: Include "analyzer/store.h" before including
2461 "analyzer/region-model.h".
2462 (function_point::function_point): Move here from
2463 program-point.h.
2464 (function_point::get_function): Likewise.
2465 (function_point::from_function_entry): Likewise.
2466 (function_point::before_supernode): Likewise.
2467 (function_point::next_stmt): New function.
2468 * program-point.h (function_point::function_point): Move
2469 implementation from here to program-point.cc.
2470 (function_point::get_function): Likewise.
2471 (function_point::from_function_entry): Likewise.
2472 (function_point::before_supernode): Likewise.
2473 (function_point::next_stmt): New decl.
2474 (program_point::operator!=): New.
2475 (program_point::origin): New.
2476 (program_point::next_stmt): New.
2477 (program_point::m_function_point): Make non-const.
2478 * program-state.cc: Move includes of "analyzer/call-string.h" and
2479 "analyzer/program-point.h" to before "analyzer/region-model.h",
2480 and also include "analyzer/store.h" before it.
2481 (extrinsic_state::get_model_manager): New.
2482 (sm_state_map::sm_state_map): Pass in sm and sm_idx to ctor,
2483 rather than pass the around.
2484 (sm_state_map::clone_with_remapping): Delete.
2485 (sm_state_map::print): Remove "sm" param in favor of "m_sm". Add
2486 "simple" and "multiline" params and support multiline vs single
2487 line dumping.
2488 (sm_state_map::dump): Remove "sm" param in favor of "m_sm". Add
2489 "simple" param.
2490 (sm_state_map::hash): Port from svalue_id to const svalue *.
2491 (sm_state_map::operator==): Likewise.
2492 (sm_state_map::get_state): Likewise. Call canonicalize_svalue on
2493 input. Handle inheritance of sm-state. Call get_default_state.
2494 (sm_state_map::get_origin): Port from svalue_id to const svalue *.
2495 (sm_state_map::set_state): Likewise. Pass in ext_state. Reject
2496 attempts to set state on UNKNOWN.
2497 (sm_state_map::impl_set_state): Port from svalue_id to
2498 const svalue *. Pass in ext_state. Call canonicalize_svalue on
2499 input.
2500 (sm_state_map::purge_for_unknown_fncall): Delete.
2501 (sm_state_map::on_svalue_leak): New.
2502 (sm_state_map::remap_svalue_ids): Delete.
2503 (sm_state_map::on_liveness_change): New.
2504 (sm_state_map::on_unknown_change): Reimplement.
2505 (sm_state_map::on_svalue_purge): Delete.
2506 (sm_state_map::on_inherited_svalue): Delete.
2507 (sm_state_map::on_cast): Delete.
2508 (sm_state_map::validate): Delete.
2509 (sm_state_map::canonicalize_svalue): New.
2510 (program_state::program_state): Update to pass manager to
2511 region_model's ctor. Constify num_states and pass state machine
2512 and index to sm_state_map ctor.
2513 (program_state::print): Update for changes to dump API.
2514 (program_state::dump_to_pp): Ignore the summarize param. Add
2515 "multiline" param.
2516 (program_state::dump_to_file): Add "multiline" param.
2517 (program_state::dump): Pass "true" for new "multiline" param.
2518 (program_state::push_frame): New.
2519 (program_state::on_edge): Drop "change" param. Call
2520 program_state::detect_leaks.
2521 (program_state::prune_for_point): Add enode_for_diag param.
2522 Reimplement based on store class. Call detect_leaks
2523 (program_state::remap_svalue_ids): Delete.
2524 (program_state::get_representative_tree): Port from svalue_id to
2525 const svalue *.
2526 (program_state::can_merge_with_p): Add "point" param. Add early
2527 reject for sm-differences. Drop id remapping.
2528 (program_state::validate): Drop region model and sm_state_map
2529 validation.
2530 (state_change::sm_change::dump): Delete.
2531 (state_change::sm_change::remap_svalue_ids): Delete.
2532 (state_change::sm_change::on_svalue_purge): Delete.
2533 (log_set_of_svalues): New.
2534 (state_change::sm_change::validate): Delete.
2535 (state_change::state_change): Delete.
2536 (state_change::add_sm_change): Delete.
2537 (state_change::affects_p): Delete.
2538 (state_change::dump): Delete.
2539 (state_change::remap_svalue_ids): Delete.
2540 (state_change::on_svalue_purge): Delete.
2541 (state_change::validate): Delete.
2542 (selftest::assert_dump_eq): Delete.
2543 (ASSERT_DUMP_EQ): Delete.
2544 (selftest::test_sm_state_map): Update for changes to region_model
2545 and sm_state_map, porting from svalue_id to const svalue *.
2546 (selftest::test_program_state_dumping): Likewise. Drop test of
2547 dumping, renaming to...
2548 (selftest::test_program_state_1): ...this.
2549 (selftest::test_program_state_dumping_2): Likewise, renaming to...
2550 (selftest::test_program_state_2): ...this.
2551 (selftest::test_program_state_merging): Update for changes to
2552 region_model.
2553 (selftest::test_program_state_merging_2): Likewise.
2554 (selftest::analyzer_program_state_cc_tests): Update for renamed
2555 tests.
2556 * program-state.h (extrinsic_state::extrinsic_state): Add logger
2557 and engine params.
2558 (extrinsic_state::get_logger): New accessor.
2559 (extrinsic_state::get_engine): New accessor.
2560 (extrinsic_state::get_model_manager): New accessor.
2561 (extrinsic_state::m_logger): New field.
2562 (extrinsic_state::m_engine): New field.
2563 (struct default_hash_traits<svalue_id>): Delete.
2564 (pod_hash_traits<svalue_id>::hash): Delete.
2565 (pod_hash_traits<svalue_id>::equal): Delete.
2566 (pod_hash_traits<svalue_id>::mark_deleted): Delete.
2567 (pod_hash_traits<svalue_id>::mark_empty): Delete.
2568 (pod_hash_traits<svalue_id>::is_deleted): Delete.
2569 (pod_hash_traits<svalue_id>::is_empty): Delete.
2570 (sm_state_map::entry_t::entry_t): Port from svalue_id to
2571 const svalue *.
2572 (sm_state_map::entry_t::m_origin): Likewise.
2573 (sm_state_map::map_t): Likewise.
2574 (sm_state_map::sm_state_map): Add state_machine and index params.
2575 (sm_state_map::clone_with_remapping): Delete.
2576 (sm_state_map::print): Drop sm param; add simple and multiline
2577 params.
2578 (sm_state_map::dump): Drop sm param; add simple param.
2579 (sm_state_map::get_state): Port from svalue_id to const svalue *.
2580 Add ext_state param.
2581 (sm_state_map::get_origin): Likewise.
2582 (sm_state_map::set_state): Likewise.
2583 (sm_state_map::impl_set_state): Likewise.
2584 (sm_state_map::purge_for_unknown_fncall): Delete.
2585 (sm_state_map::remap_svalue_ids): Delete.
2586 (sm_state_map::on_svalue_purge): Delete.
2587 (sm_state_map::on_svalue_leak): New.
2588 (sm_state_map::on_liveness_change): New.
2589 (sm_state_map::on_inherited_svalue): Delete.
2590 (sm_state_map::on_cast): Delete.
2591 (sm_state_map::validate): Delete.
2592 (sm_state_map::on_unknown_change): Port from svalue_id to
2593 const svalue *. Add is_mutable and ext_state params.
2594 (sm_state_map::canonicalize_svalue): New.
2595 (sm_state_map::m_sm): New field.
2596 (sm_state_map::m_sm_idx): New field.
2597 (program_state::operator=): Delete.
2598 (program_state::dump_to_pp): Drop "summarize" param, adding
2599 "simple" and "multiline".
2600 (program_state::dump_to_file): Likewise.
2601 (program_state::dump): Rename "summarize" to "simple".
2602 (program_state::push_frame): New.
2603 (program_state::get_current_function): New.
2604 (program_state::on_edge): Drop "change" param.
2605 (program_state::prune_for_point): Likewise. Add enode_for_diag
2606 param.
2607 (program_state::remap_svalue_ids): Delete.
2608 (program_state::get_representative_tree): Port from svalue_id to
2609 const svalue *.
2610 (program_state::can_purge_p): Likewise. Pass ext_state to get_state.
2611 (program_state::can_merge_with_p): Add point param.
2612 (program_state::detect_leaks): New.
2613 (state_change_visitor::on_state_change): Port from tree and
2614 svalue_id to a pair of const svalue *.
2615 (class state_change): Delete.
2616 * region.cc: New file.
2617 * region-model-impl-calls.cc: New file.
2618 * region-model-manager.cc: New file.
2619 * region-model-reachability.cc: New file.
2620 * region-model-reachability.h: New file.
2621 * region-model.cc: Include "analyzer/call-string.h",
2622 "analyzer/program-point.h", and "analyzer/store.h" before
2623 "analyzer/region-model.h". Include
2624 "analyzer/region-model-reachability.h".
2625 (dump_tree): Make non-static.
2626 (dump_quoted_tree): Make non-static.
2627 (print_quoted_type): Make non-static.
2628 (path_var::dump): Delete.
2629 (dump_separator): Delete.
2630 (class impl_constraint_manager): Delete.
2631 (svalue_id::print): Delete.
2632 (svalue_id::dump_node_name_to_pp): Delete.
2633 (svalue_id::validate): Delete.
2634 (region_id::print): Delete.
2635 (region_id::dump_node_name_to_pp): Delete.
2636 (region_id::validate): Delete.
2637 (region_id_set::region_id_set): Delete.
2638 (svalue_id_set::svalue_id_set): Delete.
2639 (svalue::operator==): Delete.
2640 (svalue::hash): Delete.
2641 (svalue::print): Delete.
2642 (svalue::dump_dot_to_pp): Delete.
2643 (svalue::remap_region_ids): Delete.
2644 (svalue::walk_for_canonicalization): Delete.
2645 (svalue::get_child_sid): Delete.
2646 (svalue::maybe_get_constant): Delete.
2647 (region_svalue::compare_fields): Delete.
2648 (region_svalue::add_to_hash): Delete.
2649 (region_svalue::print_details): Delete.
2650 (region_svalue::dump_dot_to_pp): Delete.
2651 (region_svalue::remap_region_ids): Delete.
2652 (region_svalue::merge_values): Delete.
2653 (region_svalue::walk_for_canonicalization): Delete.
2654 (region_svalue::eval_condition): Delete.
2655 (constant_svalue::compare_fields): Delete.
2656 (constant_svalue::add_to_hash): Delete.
2657 (constant_svalue::merge_values): Delete.
2658 (constant_svalue::eval_condition): Move to svalue.cc.
2659 (constant_svalue::print_details): Delete.
2660 (constant_svalue::get_child_sid): Delete.
2661 (unknown_svalue::compare_fields): Delete.
2662 (unknown_svalue::add_to_hash): Delete.
2663 (unknown_svalue::print_details): Delete.
2664 (poison_kind_to_str): Move to svalue.cc.
2665 (poisoned_svalue::compare_fields): Delete.
2666 (poisoned_svalue::add_to_hash): Delete.
2667 (poisoned_svalue::print_details): Delete.
2668 (region_kind_to_str): Move to region.cc and reimplement.
2669 (region::operator==): Delete.
2670 (region::get_parent_region): Delete.
2671 (region::set_value): Delete.
2672 (region::become_active_view): Delete.
2673 (region::deactivate_any_active_view): Delete.
2674 (region::deactivate_view): Delete.
2675 (region::get_value): Delete.
2676 (region::get_inherited_child_sid): Delete.
2677 (region_model::copy_region): Delete.
2678 (region_model::copy_struct_region): Delete.
2679 (region_model::copy_union_region): Delete.
2680 (region_model::copy_array_region): Delete.
2681 (region::hash): Delete.
2682 (region::print): Delete.
2683 (region::dump_dot_to_pp): Delete.
2684 (region::dump_to_pp): Delete.
2685 (region::dump_child_label): Delete.
2686 (region::validate): Delete.
2687 (region::remap_svalue_ids): Delete.
2688 (region::remap_region_ids): Delete.
2689 (region::add_view): Delete.
2690 (region::get_view): Delete.
2691 (region::region): Move to region.cc.
2692 (region::add_to_hash): Delete.
2693 (region::print_fields): Delete.
2694 (region::non_null_p): Delete.
2695 (primitive_region::clone): Delete.
2696 (primitive_region::walk_for_canonicalization): Delete.
2697 (map_region::map_region): Delete.
2698 (map_region::compare_fields): Delete.
2699 (map_region::print_fields): Delete.
2700 (map_region::validate): Delete.
2701 (map_region::dump_dot_to_pp): Delete.
2702 (map_region::dump_child_label): Delete.
2703 (map_region::get_or_create): Delete.
2704 (map_region::get): Delete.
2705 (map_region::add_to_hash): Delete.
2706 (map_region::remap_region_ids): Delete.
2707 (map_region::unbind): Delete.
2708 (map_region::get_tree_for_child_region): Delete.
2709 (map_region::get_tree_for_child_region): Delete.
2710 (tree_cmp): Move to region.cc.
2711 (map_region::can_merge_p): Delete.
2712 (map_region::walk_for_canonicalization): Delete.
2713 (map_region::get_value_by_name): Delete.
2714 (struct_or_union_region::valid_key_p): Delete.
2715 (struct_or_union_region::compare_fields): Delete.
2716 (struct_region::clone): Delete.
2717 (struct_region::compare_fields): Delete.
2718 (union_region::clone): Delete.
2719 (union_region::compare_fields): Delete.
2720 (frame_region::compare_fields): Delete.
2721 (frame_region::clone): Delete.
2722 (frame_region::valid_key_p): Delete.
2723 (frame_region::print_fields): Delete.
2724 (frame_region::add_to_hash): Delete.
2725 (globals_region::compare_fields): Delete.
2726 (globals_region::clone): Delete.
2727 (globals_region::valid_key_p): Delete.
2728 (code_region::compare_fields): Delete.
2729 (code_region::clone): Delete.
2730 (code_region::valid_key_p): Delete.
2731 (array_region::array_region): Delete.
2732 (array_region::get_element): Delete.
2733 (array_region::clone): Delete.
2734 (array_region::compare_fields): Delete.
2735 (array_region::print_fields): Delete.
2736 (array_region::validate): Delete.
2737 (array_region::dump_dot_to_pp): Delete.
2738 (array_region::dump_child_label): Delete.
2739 (array_region::get_or_create): Delete.
2740 (array_region::get): Delete.
2741 (array_region::add_to_hash): Delete.
2742 (array_region::remap_region_ids): Delete.
2743 (array_region::get_key_for_child_region): Delete.
2744 (array_region::key_cmp): Delete.
2745 (array_region::walk_for_canonicalization): Delete.
2746 (array_region::key_from_constant): Delete.
2747 (array_region::constant_from_key): Delete.
2748 (function_region::compare_fields): Delete.
2749 (function_region::clone): Delete.
2750 (function_region::valid_key_p): Delete.
2751 (stack_region::stack_region): Delete.
2752 (stack_region::compare_fields): Delete.
2753 (stack_region::clone): Delete.
2754 (stack_region::print_fields): Delete.
2755 (stack_region::dump_child_label): Delete.
2756 (stack_region::validate): Delete.
2757 (stack_region::push_frame): Delete.
2758 (stack_region::get_current_frame_id): Delete.
2759 (stack_region::pop_frame): Delete.
2760 (stack_region::add_to_hash): Delete.
2761 (stack_region::remap_region_ids): Delete.
2762 (stack_region::can_merge_p): Delete.
2763 (stack_region::walk_for_canonicalization): Delete.
2764 (stack_region::get_value_by_name): Delete.
2765 (heap_region::heap_region): Delete.
2766 (heap_region::compare_fields): Delete.
2767 (heap_region::clone): Delete.
2768 (heap_region::walk_for_canonicalization): Delete.
2769 (root_region::root_region): Delete.
2770 (root_region::compare_fields): Delete.
2771 (root_region::clone): Delete.
2772 (root_region::print_fields): Delete.
2773 (root_region::validate): Delete.
2774 (root_region::dump_child_label): Delete.
2775 (root_region::push_frame): Delete.
2776 (root_region::get_current_frame_id): Delete.
2777 (root_region::pop_frame): Delete.
2778 (root_region::ensure_stack_region): Delete.
2779 (root_region::get_stack_region): Delete.
2780 (root_region::ensure_globals_region): Delete.
2781 (root_region::get_code_region): Delete.
2782 (root_region::ensure_code_region): Delete.
2783 (root_region::get_globals_region): Delete.
2784 (root_region::ensure_heap_region): Delete.
2785 (root_region::get_heap_region): Delete.
2786 (root_region::remap_region_ids): Delete.
2787 (root_region::can_merge_p): Delete.
2788 (root_region::add_to_hash): Delete.
2789 (root_region::walk_for_canonicalization): Delete.
2790 (root_region::get_value_by_name): Delete.
2791 (symbolic_region::symbolic_region): Delete.
2792 (symbolic_region::compare_fields): Delete.
2793 (symbolic_region::clone): Delete.
2794 (symbolic_region::walk_for_canonicalization): Delete.
2795 (symbolic_region::print_fields): Delete.
2796 (region_model::region_model): Add region_model_manager * param.
2797 Reimplement in terms of store, dropping impl_constraint_manager
2798 subclass.
2799 (region_model::operator=): Reimplement in terms of store
2800 (region_model::operator==): Likewise.
2801 (region_model::hash): Likewise.
2802 (region_model::print): Delete.
2803 (region_model::print_svalue): Delete.
2804 (region_model::dump_dot_to_pp): Delete.
2805 (region_model::dump_dot_to_file): Delete.
2806 (region_model::dump_dot): Delete.
2807 (region_model::dump_to_pp): Replace "summarize" param with
2808 "simple" and "multiline". Port to store-based implementation.
2809 (region_model::dump): Replace "summarize" param with "simple" and
2810 "multiline".
2811 (dump_vec_of_tree): Delete.
2812 (region_model::dump_summary_of_rep_path_vars): Delete.
2813 (region_model::validate): Delete.
2814 (svalue_id_cmp_by_constant_svalue_model): Delete.
2815 (svalue_id_cmp_by_constant_svalue): Delete.
2816 (region_model::canonicalize): Drop "ctxt" param. Reimplement in
2817 terms of store and constraints.
2818 (region_model::canonicalized_p): Remove NULL arg to canonicalize.
2819 (region_model::loop_replay_fixup): New.
2820 (poisoned_value_diagnostic::emit): Tweak wording of warnings.
2821 (region_model::check_for_poison): Delete.
2822 (region_model::get_gassign_result): New.
2823 (region_model::on_assignment): Port to store-based implementation.
2824 (region_model::on_call_pre): Delete calls to check_for_poison.
2825 Move implementations to region-model-impl-calls.c and port to
2826 store-based implementation.
2827 (region_model::on_call_post): Likewise.
2828 (class reachable_regions): Move to region-model-reachability.h/cc
2829 and port to store-based implementation.
2830 (region_model::handle_unrecognized_call): Port to store-based
2831 implementation.
2832 (region_model::get_reachable_svalues): New.
2833 (region_model::on_setjmp): Port to store-based implementation.
2834 (region_model::on_longjmp): Likewise.
2835 (region_model::handle_phi): Drop is_back_edge param and the logic
2836 using it.
2837 (region_model::get_lvalue_1): Port from region_id to const region *.
2838 (region_model::make_region_for_unexpected_tree_code): Delete.
2839 (assert_compat_types): If the check fails, use internal_error to
2840 show the types.
2841 (region_model::get_lvalue): Port from region_id to const region *.
2842 (region_model::get_rvalue_1): Port from svalue_id to const svalue *.
2843 (region_model::get_rvalue): Likewise.
2844 (region_model::get_or_create_ptr_svalue): Delete.
2845 (region_model::get_or_create_constant_svalue): Delete.
2846 (region_model::get_svalue_for_fndecl): Delete.
2847 (region_model::get_region_for_fndecl): Delete.
2848 (region_model::get_svalue_for_label): Delete.
2849 (region_model::get_region_for_label): Delete.
2850 (build_cast): Delete.
2851 (region_model::maybe_cast_1): Delete.
2852 (region_model::maybe_cast): Delete.
2853 (region_model::get_field_region): Delete.
2854 (region_model::get_store_value): New.
2855 (region_model::region_exists_p): New.
2856 (region_model::deref_rvalue): Port from svalue_id to const svalue *.
2857 (region_model::set_value): Likewise.
2858 (region_model::clobber_region): New.
2859 (region_model::purge_region): New.
2860 (region_model::zero_fill_region): New.
2861 (region_model::mark_region_as_unknown): New.
2862 (region_model::eval_condition): Port from svalue_id to
2863 const svalue *.
2864 (region_model::eval_condition_without_cm): Likewise.
2865 (region_model::compare_initial_and_pointer): New.
2866 (region_model::add_constraint): Port from svalue_id to
2867 const svalue *.
2868 (region_model::maybe_get_constant): Delete.
2869 (region_model::get_representative_path_var): New.
2870 (region_model::add_new_malloc_region): Delete.
2871 (region_model::get_representative_tree): Port to const svalue *.
2872 (region_model::get_representative_path_var): Port to
2873 const region *.
2874 (region_model::get_path_vars_for_svalue): Delete.
2875 (region_model::set_to_new_unknown_value): Delete.
2876 (region_model::update_for_phis): Don't pass is_back_edge to handle_phi.
2877 (region_model::update_for_call_superedge): Port from svalue_id to
2878 const svalue *.
2879 (region_model::update_for_return_superedge): Port to store-based
2880 implementation.
2881 (region_model::update_for_call_summary): Replace
2882 set_to_new_unknown_value with mark_region_as_unknown.
2883 (region_model::get_root_region): Delete.
2884 (region_model::get_stack_region_id): Delete.
2885 (region_model::push_frame): Delete.
2886 (region_model::get_current_frame_id): Delete.
2887 (region_model::get_current_function): Delete.
2888 (region_model::pop_frame): Delete.
2889 (region_model::on_top_level_param): New.
2890 (region_model::get_stack_depth): Delete.
2891 (region_model::get_function_at_depth): Delete.
2892 (region_model::get_globals_region_id): Delete.
2893 (region_model::add_svalue): Delete.
2894 (region_model::replace_svalue): Delete.
2895 (region_model::add_region): Delete.
2896 (region_model::get_svalue): Delete.
2897 (region_model::get_region): Delete.
2898 (make_region_for_type): Delete.
2899 (region_model::add_region_for_type): Delete.
2900 (region_model::on_top_level_param): New.
2901 (class restrict_to_used_svalues): Delete.
2902 (region_model::purge_unused_svalues): Delete.
2903 (region_model::push_frame): New.
2904 (region_model::remap_svalue_ids): Delete.
2905 (region_model::remap_region_ids): Delete.
2906 (region_model::purge_regions): Delete.
2907 (region_model::get_descendents): Delete.
2908 (region_model::delete_region_and_descendents): Delete.
2909 (region_model::poison_any_pointers_to_bad_regions): Delete.
2910 (region_model::can_merge_with_p): Delete.
2911 (region_model::get_current_function): New.
2912 (region_model::get_value_by_name): Delete.
2913 (region_model::convert_byte_offset_to_array_index): Delete.
2914 (region_model::pop_frame): New.
2915 (region_model::get_or_create_mem_ref): Delete.
2916 (region_model::get_stack_depth): New.
2917 (region_model::get_frame_at_index): New.
2918 (region_model::unbind_region_and_descendents): New.
2919 (struct bad_pointer_finder): New.
2920 (region_model::get_or_create_pointer_plus_expr): Delete.
2921 (region_model::poison_any_pointers_to_descendents): New.
2922 (region_model::get_or_create_view): Delete.
2923 (region_model::can_merge_with_p): New.
2924 (region_model::get_fndecl_for_call): Port from svalue_id to
2925 const svalue *.
2926 (struct append_ssa_names_cb_data): New.
2927 (get_ssa_name_regions_for_current_frame): New.
2928 (region_model::append_ssa_names_cb): New.
2929 (model_merger::dump_to_pp): Add "simple" param. Drop dumping of
2930 remappings.
2931 (model_merger::dump): Add "simple" param to both overloads.
2932 (model_merger::can_merge_values_p): Delete.
2933 (model_merger::record_regions): Delete.
2934 (model_merger::record_svalues): Delete.
2935 (svalue_id_merger_mapping::svalue_id_merger_mapping): Delete.
2936 (svalue_id_merger_mapping::dump_to_pp): Delete.
2937 (svalue_id_merger_mapping::dump): Delete.
2938 (region_model::create_region_for_heap_alloc): New.
2939 (region_model::create_region_for_alloca): New.
2940 (region_model::record_dynamic_extents): New.
2941 (canonicalization::canonicalization): Delete.
2942 (canonicalization::walk_rid): Delete.
2943 (canonicalization::walk_sid): Delete.
2944 (canonicalization::dump_to_pp): Delete.
2945 (canonicalization::dump): Delete.
2946 (inchash::add): Delete overloads for svalue_id and region_id.
2947 (engine::log_stats): New.
2948 (assert_condition): Add overload comparing svalues.
2949 (assert_dump_eq): Pass "true" for multiline.
2950 (selftest::test_dump): Update for rewrite of region_model.
2951 (selftest::test_dump_2): Rename to...
2952 (selftest::test_struct): ...this. Provide a region_model_manager
2953 when creating region_model instance. Remove dump test. Add
2954 checks for get_offset.
2955 (selftest::test_dump_3): Rename to...
2956 (selftest::test_array_1): ...this. Provide a region_model_manager
2957 when creating region_model instance. Remove dump test.
2958 (selftest::test_get_representative_tree): Port from svalue_id to
2959 new API. Add test coverage for various expressions.
2960 (selftest::test_unique_constants): Provide a region_model_manager
2961 for the region_model. Add test coverage for comparing const vs
2962 non-const.
2963 (selftest::test_svalue_equality): Delete.
2964 (selftest::test_region_equality): Delete.
2965 (selftest::test_unique_unknowns): New.
2966 (class purge_all_svalue_ids): Delete.
2967 (class purge_one_svalue_id): Delete.
2968 (selftest::test_purging_by_criteria): Delete.
2969 (selftest::test_initial_svalue_folding): New.
2970 (selftest::test_unaryop_svalue_folding): New.
2971 (selftest::test_binop_svalue_folding): New.
2972 (selftest::test_sub_svalue_folding): New.
2973 (selftest::test_purge_unused_svalues): Delete.
2974 (selftest::test_descendent_of_p): New.
2975 (selftest::test_assignment): Provide a region_model_manager for
2976 the region_model. Drop the dump test.
2977 (selftest::test_compound_assignment): Likewise.
2978 (selftest::test_stack_frames): Port to new implementation.
2979 (selftest::test_get_representative_path_var): Likewise.
2980 (selftest::test_canonicalization_1): Rename to...
2981 (selftest::test_equality_1): ...this. Port to new API, and add
2982 (selftest::test_canonicalization_2): Provide a
2983 region_model_manager when creating region_model instances.
2984 Remove redundant canicalization.
2985 (selftest::test_canonicalization_3): Provide a
2986 region_model_manager when creating region_model instances.
2987 Remove param from calls to region_model::canonicalize.
2988 (selftest::test_canonicalization_4): Likewise.
2989 (selftest::assert_region_models_merge): Constify
2990 out_merged_svalue. Port to new API.
2991 (selftest::test_state_merging): Provide a
2992 region_model_manager when creating region_model instances.
2993 Provide a program_point point when merging them. Replace
2994 set_to_new_unknown_value with usage of placeholder_svalues.
2995 Drop get_value_by_name. Port from svalue_id to const svalue *.
2996 Add test of heap allocation.
2997 (selftest::test_constraint_merging): Provide a
2998 region_model_manager when creating region_model instances.
2999 Provide a program_point point when merging them. Eliminate use
3000 of set_to_new_unknown_value.
3001 (selftest::test_widening_constraints): New.
3002 (selftest::test_iteration_1): New.
3003 (selftest::test_malloc_constraints): Port to store-based
3004 implementation.
3005 (selftest::test_var): New test.
3006 (selftest::test_array_2): New test.
3007 (selftest::test_mem_ref): New test.
3008 (selftest::test_POINTER_PLUS_EXPR_then_MEM_REF): New.
3009 (selftest::test_malloc): New.
3010 (selftest::test_alloca): New.
3011 (selftest::analyzer_region_model_cc_tests): Update for renamings.
3012 Call new functions.
3013 * region-model.h (class path_var): Move to analyzer.h.
3014 (class svalue_id): Delete.
3015 (class region_id): Delete.
3016 (class id_map): Delete.
3017 (svalue_id_map): Delete.
3018 (region_id_map): Delete.
3019 (id_map<T>::id_map): Delete.
3020 (id_map<T>::put): Delete.
3021 (id_map<T>::get_dst_for_src): Delete.
3022 (id_map<T>::get_src_for_dst): Delete.
3023 (id_map<T>::dump_to_pp): Delete.
3024 (id_map<T>::dump): Delete.
3025 (id_map<T>::update): Delete.
3026 (one_way_svalue_id_map): Delete.
3027 (one_way_region_id_map): Delete.
3028 (class region_id_set): Delete.
3029 (class svalue_id_set): Delete.
3030 (struct complexity): New.
3031 (class visitor): New.
3032 (enum svalue_kind): Add SK_SETJMP, SK_INITIAL, SK_UNARYOP,
3033 SK_BINOP, SK_SUB,SK_UNMERGEABLE, SK_PLACEHOLDER, SK_WIDENING,
3034 SK_COMPOUND, and SK_CONJURED.
3035 (svalue::operator==): Delete.
3036 (svalue::operator!=): Delete.
3037 (svalue::clone): Delete.
3038 (svalue::hash): Delete.
3039 (svalue::dump_dot_to_pp): Delete.
3040 (svalue::dump_to_pp): New.
3041 (svalue::dump): New.
3042 (svalue::get_desc): New.
3043 (svalue::dyn_cast_initial_svalue): New.
3044 (svalue::dyn_cast_unaryop_svalue): New.
3045 (svalue::dyn_cast_binop_svalue): New.
3046 (svalue::dyn_cast_sub_svalue): New.
3047 (svalue::dyn_cast_unmergeable_svalue): New.
3048 (svalue::dyn_cast_widening_svalue): New.
3049 (svalue::dyn_cast_compound_svalue): New.
3050 (svalue::dyn_cast_conjured_svalue): New.
3051 (svalue::maybe_undo_cast): New.
3052 (svalue::unwrap_any_unmergeable): New.
3053 (svalue::remap_region_ids): Delete
3054 (svalue::can_merge_p): New.
3055 (svalue::walk_for_canonicalization): Delete
3056 (svalue::get_complexity): New.
3057 (svalue::get_child_sid): Delete
3058 (svalue::accept): New.
3059 (svalue::live_p): New.
3060 (svalue::implicitly_live_p): New.
3061 (svalue::svalue): Add complexity param.
3062 (svalue::add_to_hash): Delete
3063 (svalue::print_details): Delete
3064 (svalue::m_complexity): New field.
3065 (region_svalue::key_t): New struct.
3066 (region_svalue::region_svalue): Port from region_id to
3067 const region_id *. Add complexity.
3068 (region_svalue::compare_fields): Delete.
3069 (region_svalue::clone): Delete.
3070 (region_svalue::dump_dot_to_pp): Delete.
3071 (region_svalue::get_pointee): Port from region_id to
3072 const region_id *.
3073 (region_svalue::remap_region_ids): Delete.
3074 (region_svalue::merge_values): Delete.
3075 (region_svalue::dump_to_pp): New.
3076 (region_svalue::accept): New.
3077 (region_svalue::walk_for_canonicalization): Delete.
3078 (region_svalue::eval_condition): Make params const.
3079 (region_svalue::add_to_hash): Delete.
3080 (region_svalue::print_details): Delete.
3081 (region_svalue::m_rid): Replace with...
3082 (region_svalue::m_reg): ...this.
3083 (is_a_helper <region_svalue *>::test): Convert to...
3084 (is_a_helper <const region_svalue *>::test): ...this.
3085 (template <> struct default_hash_traits<region_svalue::key_t>):
3086 New.
3087 (constant_svalue::constant_svalue): Add complexity.
3088 (constant_svalue::compare_fields): Delete.
3089 (constant_svalue::clone): Delete.
3090 (constant_svalue::add_to_hash): Delete.
3091 (constant_svalue::dump_to_pp): New.
3092 (constant_svalue::accept): New.
3093 (constant_svalue::implicitly_live_p): New.
3094 (constant_svalue::merge_values): Delete.
3095 (constant_svalue::eval_condition): Make params const.
3096 (constant_svalue::get_child_sid): Delete.
3097 (constant_svalue::print_details): Delete.
3098 (is_a_helper <constant_svalue *>::test): Convert to...
3099 (is_a_helper <const constant_svalue *>::test): ...this.
3100 (class unknown_svalue): Update leading comment.
3101 (unknown_svalue::unknown_svalue): Add complexity.
3102 (unknown_svalue::compare_fields): Delete.
3103 (unknown_svalue::add_to_hash): Delete.
3104 (unknown_svalue::dyn_cast_unknown_svalue): Delete.
3105 (unknown_svalue::print_details): Delete.
3106 (unknown_svalue::dump_to_pp): New.
3107 (unknown_svalue::accept): New.
3108 (poisoned_svalue::key_t): New struct.
3109 (poisoned_svalue::poisoned_svalue): Add complexity.
3110 (poisoned_svalue::compare_fields): Delete.
3111 (poisoned_svalue::clone): Delete.
3112 (poisoned_svalue::add_to_hash): Delete.
3113 (poisoned_svalue::dump_to_pp): New.
3114 (poisoned_svalue::accept): New.
3115 (poisoned_svalue::print_details): Delete.
3116 (is_a_helper <poisoned_svalue *>::test): Convert to...
3117 (is_a_helper <const poisoned_svalue *>::test): ...this.
3118 (template <> struct default_hash_traits<poisoned_svalue::key_t>):
3119 New.
3120 (setjmp_record::add_to_hash): New.
3121 (setjmp_svalue::key_t): New struct.
3122 (setjmp_svalue::compare_fields): Delete.
3123 (setjmp_svalue::clone): Delete.
3124 (setjmp_svalue::add_to_hash): Delete.
3125 (setjmp_svalue::setjmp_svalue): Add complexity.
3126 (setjmp_svalue::dump_to_pp): New.
3127 (setjmp_svalue::accept): New.
3128 (setjmp_svalue::void print_details): Delete.
3129 (is_a_helper <const setjmp_svalue *>::test): New.
3130 (template <> struct default_hash_traits<setjmp_svalue::key_t>): New.
3131 (class initial_svalue : public svalue): New.
3132 (is_a_helper <const initial_svalue *>::test): New.
3133 (class unaryop_svalue): New.
3134 (is_a_helper <const unaryop_svalue *>::test): New.
3135 (template <> struct default_hash_traits<unaryop_svalue::key_t>): New.
3136 (class binop_svalue): New.
3137 (is_a_helper <const binop_svalue *>::test): New.
3138 (template <> struct default_hash_traits<binop_svalue::key_t>): New.
3139 (class sub_svalue): New.
3140 (is_a_helper <const sub_svalue *>::test): New.
3141 (template <> struct default_hash_traits<sub_svalue::key_t>): New.
3142 (class unmergeable_svalue): New.
3143 (is_a_helper <const unmergeable_svalue *>::test): New.
3144 (class placeholder_svalue): New.
3145 (is_a_helper <placeholder_svalue *>::test): New.
3146 (class widening_svalue): New.
3147 (is_a_helper <widening_svalue *>::test): New.
3148 (template <> struct default_hash_traits<widening_svalue::key_t>): New.
3149 (class compound_svalue): New.
3150 (is_a_helper <compound_svalue *>::test): New.
3151 (template <> struct default_hash_traits<compound_svalue::key_t>): New.
3152 (class conjured_svalue): New.
3153 (is_a_helper <conjured_svalue *>::test): New.
3154 (template <> struct default_hash_traits<conjured_svalue::key_t>): New.
3155 (enum region_kind): Delete RK_PRIMITIVE, RK_STRUCT, RK_UNION, and
3156 RK_ARRAY. Add RK_LABEL, RK_DECL, RK_FIELD, RK_ELEMENT, RK_OFFSET,
3157 RK_CAST, RK_HEAP_ALLOCATED, RK_ALLOCA, RK_STRING, and RK_UNKNOWN.
3158 (region_kind_to_str): Delete.
3159 (region::~region): Move implementation to region.cc.
3160 (region::operator==): Delete.
3161 (region::operator!=): Delete.
3162 (region::clone): Delete.
3163 (region::get_id): New.
3164 (region::cmp_ids): New.
3165 (region::dyn_cast_map_region): Delete.
3166 (region::dyn_cast_array_region): Delete.
3167 (region::region_id get_parent): Delete.
3168 (region::get_parent_region): Convert to a simple accessor.
3169 (region::void set_value): Delete.
3170 (region::svalue_id get_value): Delete.
3171 (region::svalue_id get_value_direct): Delete.
3172 (region::svalue_id get_inherited_child_sid): Delete.
3173 (region::dyn_cast_frame_region): New.
3174 (region::dyn_cast_function_region): New.
3175 (region::dyn_cast_decl_region): New.
3176 (region::dyn_cast_field_region): New.
3177 (region::dyn_cast_element_region): New.
3178 (region::dyn_cast_offset_region): New.
3179 (region::dyn_cast_cast_region): New.
3180 (region::dyn_cast_string_region): New.
3181 (region::accept): New.
3182 (region::get_base_region): New.
3183 (region::base_region_p): New.
3184 (region::descendent_of_p): New.
3185 (region::maybe_get_frame_region): New.
3186 (region::maybe_get_decl): New.
3187 (region::hash): Delete.
3188 (region::rint): Delete.
3189 (region::dump_dot_to_pp): Delete.
3190 (region::get_desc): New.
3191 (region::dump_to_pp): Convert to vfunc, changing signature.
3192 (region::dump_child_label): Delete.
3193 (region::remap_svalue_ids): Delete.
3194 (region::remap_region_ids): Delete.
3195 (region::dump): New.
3196 (region::walk_for_canonicalization): Delete.
3197 (region::non_null_p): Drop region_model param.
3198 (region::add_view): Delete.
3199 (region::get_view): Delete.
3200 (region::get_active_view): Delete.
3201 (region::is_view_p): Delete.
3202 (region::cmp_ptrs): New.
3203 (region::validate): Delete.
3204 (region::get_offset): New.
3205 (region::get_byte_size): New.
3206 (region::get_bit_size): New.
3207 (region::get_subregions_for_binding): New.
3208 (region::region): Add complexity param. Convert parent from
3209 region_id to const region *. Drop svalue_id. Drop copy ctor.
3210 (region::symbolic_for_unknown_ptr_p): New.
3211 (region::add_to_hash): Delete.
3212 (region::print_fields): Delete.
3213 (region::get_complexity): New accessor.
3214 (region::become_active_view): Delete.
3215 (region::deactivate_any_active_view): Delete.
3216 (region::deactivate_view): Delete.
3217 (region::calc_offset): New.
3218 (region::m_parent_rid): Delete.
3219 (region::m_sval_id): Delete.
3220 (region::m_complexity): New.
3221 (region::m_id): New.
3222 (region::m_parent): New.
3223 (region::m_view_rids): Delete.
3224 (region::m_is_view): Delete.
3225 (region::m_active_view_rid): Delete.
3226 (region::m_cached_offset): New.
3227 (is_a_helper <region *>::test): Convert to...
3228 (is_a_helper <const region *>::test): ... this.
3229 (class primitive_region): Delete.
3230 (class space_region): New.
3231 (class map_region): Delete.
3232 (is_a_helper <map_region *>::test): Delete.
3233 (class frame_region): Reimplement.
3234 (template <> struct default_hash_traits<frame_region::key_t>):
3235 New.
3236 (class globals_region): Reimplement.
3237 (is_a_helper <globals_region *>::test): Convert to...
3238 (is_a_helper <const globals_region *>::test): ...this.
3239 (class struct_or_union_region): Delete.
3240 (is_a_helper <struct_or_union_region *>::test): Delete.
3241 (class code_region): Reimplement.
3242 (is_a_helper <const code_region *>::test): New.
3243 (class struct_region): Delete.
3244 (is_a_helper <struct_region *>::test): Delete.
3245 (class function_region): Reimplement.
3246 (is_a_helper <function_region *>::test): Convert to...
3247 (is_a_helper <const function_region *>::test): ...this.
3248 (class union_region): Delete.
3249 (is_a_helper <union_region *>::test): Delete.
3250 (class label_region): New.
3251 (is_a_helper <const label_region *>::test): New.
3252 (class scope_region): Delete.
3253 (class stack_region): Reimplement.
3254 (is_a_helper <stack_region *>::test): Convert to...
3255 (is_a_helper <const stack_region *>::test): ...this.
3256 (class heap_region): Reimplement.
3257 (is_a_helper <heap_region *>::test): Convert to...
3258 (is_a_helper <const heap_region *>::test): ...this.
3259 (class root_region): Reimplement.
3260 (is_a_helper <root_region *>::test): Convert to...
3261 (is_a_helper <const root_region *>::test): ...this.
3262 (class symbolic_region): Reimplement.
3263 (is_a_helper <const symbolic_region *>::test): New.
3264 (template <> struct default_hash_traits<symbolic_region::key_t>):
3265 New.
3266 (class decl_region): New.
3267 (is_a_helper <const decl_region *>::test): New.
3268 (class field_region): New.
3269 (template <> struct default_hash_traits<field_region::key_t>): New.
3270 (class array_region): Delete.
3271 (class element_region): New.
3272 (is_a_helper <array_region *>::test): Delete.
3273 (is_a_helper <const element_region *>::test): New.
3274 (template <> struct default_hash_traits<element_region::key_t>):
3275 New.
3276 (class offset_region): New.
3277 (is_a_helper <const offset_region *>::test): New.
3278 (template <> struct default_hash_traits<offset_region::key_t>):
3279 New.
3280 (class cast_region): New.
3281 (is_a_helper <const cast_region *>::test): New.
3282 (template <> struct default_hash_traits<cast_region::key_t>): New.
3283 (class heap_allocated_region): New.
3284 (class alloca_region): New.
3285 (class string_region): New.
3286 (is_a_helper <const string_region *>::test): New.
3287 (class unknown_region): New.
3288 (class region_model_manager): New.
3289 (struct append_ssa_names_cb_data): New.
3290 (class call_details): New.
3291 (region_model::region_model): Add region_model_manager param.
3292 (region_model::print_svalue): Delete.
3293 (region_model::dump_dot_to_pp): Delete.
3294 (region_model::dump_dot_to_file): Delete.
3295 (region_model::dump_dot): Delete.
3296 (region_model::dump_to_pp): Drop summarize param in favor of
3297 simple and multiline.
3298 (region_model::dump): Likewise.
3299 (region_model::summarize_to_pp): Delete.
3300 (region_model::summarize): Delete.
3301 (region_model::void canonicalize): Drop ctxt param.
3302 (region_model::void check_for_poison): Delete.
3303 (region_model::get_gassign_result): New.
3304 (region_model::impl_call_alloca): New.
3305 (region_model::impl_call_analyzer_describe): New.
3306 (region_model::impl_call_analyzer_eval): New.
3307 (region_model::impl_call_builtin_expect): New.
3308 (region_model::impl_call_calloc): New.
3309 (region_model::impl_call_free): New.
3310 (region_model::impl_call_malloc): New.
3311 (region_model::impl_call_memset): New.
3312 (region_model::impl_call_strlen): New.
3313 (region_model::get_reachable_svalues): New.
3314 (region_model::handle_phi): Drop is_back_edge param.
3315 (region_model::region_id get_root_rid): Delete.
3316 (region_model::root_region *get_root_region): Delete.
3317 (region_model::region_id get_stack_region_id): Delete.
3318 (region_model::push_frame): Convert from region_id and svalue_id
3319 to const region * and const svalue *.
3320 (region_model::get_current_frame_id): Replace with...
3321 (region_model::get_current_frame): ...this.
3322 (region_model::pop_frame): Convert from region_id to
3323 const region *. Drop purge and stats param. Add out_result.
3324 (region_model::function *get_function_at_depth): Delete.
3325 (region_model::get_globals_region_id): Delete.
3326 (region_model::add_svalue): Delete.
3327 (region_model::replace_svalue): Delete.
3328 (region_model::add_region): Delete.
3329 (region_model::add_region_for_type): Delete.
3330 (region_model::get_svalue): Delete.
3331 (region_model::get_region): Delete.
3332 (region_model::get_lvalue): Convert from region_id to
3333 const region *.
3334 (region_model::get_rvalue): Convert from svalue_id to
3335 const svalue *.
3336 (region_model::get_or_create_ptr_svalue): Delete.
3337 (region_model::get_or_create_constant_svalue): Delete.
3338 (region_model::get_svalue_for_fndecl): Delete.
3339 (region_model::get_svalue_for_label): Delete.
3340 (region_model::get_region_for_fndecl): Delete.
3341 (region_model::get_region_for_label): Delete.
3342 (region_model::get_frame_at_index (int index) const;): New.
3343 (region_model::maybe_cast): Delete.
3344 (region_model::maybe_cast_1): Delete.
3345 (region_model::get_field_region): Delete.
3346 (region_model::id deref_rvalue): Convert from region_id and
3347 svalue_id to const region * and const svalue *. Drop overload,
3348 passing in both a tree and an svalue.
3349 (region_model::set_value): Convert from region_id and svalue_id to
3350 const region * and const svalue *.
3351 (region_model::set_to_new_unknown_value): Delete.
3352 (region_model::clobber_region (const region *reg);): New.
3353 (region_model::purge_region (const region *reg);): New.
3354 (region_model::zero_fill_region (const region *reg);): New.
3355 (region_model::mark_region_as_unknown (const region *reg);): New.
3356 (region_model::copy_region): Convert from region_id to
3357 const region *.
3358 (region_model::eval_condition): Convert from svalue_id to
3359 const svalue *.
3360 (region_model::eval_condition_without_cm): Likewise.
3361 (region_model::compare_initial_and_pointer): New.
3362 (region_model:maybe_get_constant): Delete.
3363 (region_model::add_new_malloc_region): Delete.
3364 (region_model::get_representative_tree): Convert from svalue_id to
3365 const svalue *.
3366 (region_model::get_representative_path_var): Delete decl taking a
3367 region_id in favor of two decls, for svalue vs region, with an
3368 svalue_set to ensure termination.
3369 (region_model::get_path_vars_for_svalue): Delete.
3370 (region_model::create_region_for_heap_alloc): New.
3371 (region_model::create_region_for_alloca): New.
3372 (region_model::purge_unused_svalues): Delete.
3373 (region_model::remap_svalue_ids): Delete.
3374 (region_model::remap_region_ids): Delete.
3375 (region_model::purge_regions): Delete.
3376 (region_model::get_num_svalues): Delete.
3377 (region_model::get_num_regions): Delete.
3378 (region_model::get_descendents): Delete.
3379 (region_model::get_store): New.
3380 (region_model::delete_region_and_descendents): Delete.
3381 (region_model::get_manager): New.
3382 (region_model::unbind_region_and_descendents): New.
3383 (region_model::can_merge_with_p): Add point param. Drop
3384 svalue_id_merger_mapping.
3385 (region_model::get_value_by_name): Delete.
3386 (region_model::convert_byte_offset_to_array_index): Delete.
3387 (region_model::get_or_create_mem_ref): Delete.
3388 (region_model::get_or_create_pointer_plus_expr): Delete.
3389 (region_model::get_or_create_view): Delete.
3390 (region_model::get_lvalue_1): Convert from region_id to
3391 const region *.
3392 (region_model::get_rvalue_1): Convert from svalue_id to
3393 const svalue *.
3394 (region_model::get_ssa_name_regions_for_current_frame): New.
3395 (region_model::append_ssa_names_cb): New.
3396 (region_model::get_store_value): New.
3397 (region_model::copy_struct_region): Delete.
3398 (region_model::copy_union_region): Delete.
3399 (region_model::copy_array_region): Delete.
3400 (region_model::region_exists_p): New.
3401 (region_model::make_region_for_unexpected_tree_code): Delete.
3402 (region_model::loop_replay_fixup): New.
3403 (region_model::poison_any_pointers_to_bad_regions): Delete.
3404 (region_model::poison_any_pointers_to_descendents): New.
3405 (region_model::dump_summary_of_rep_path_vars): Delete.
3406 (region_model::on_top_level_param): New.
3407 (region_model::record_dynamic_extents): New.
3408 (region_model::m_mgr;): New.
3409 (region_model::m_store;): New.
3410 (region_model::m_svalues;): Delete.
3411 (region_model::m_regions;): Delete.
3412 (region_model::m_root_rid;): Delete.
3413 (region_model::m_current_frame;): New.
3414 (region_model_context::remap_svalue_ids): Delete.
3415 (region_model_context::can_purge_p): Delete.
3416 (region_model_context::on_svalue_leak): New.
3417 (region_model_context::on_svalue_purge): Delete.
3418 (region_model_context::on_liveness_change): New.
3419 (region_model_context::on_inherited_svalue): Delete.
3420 (region_model_context::on_cast): Delete.
3421 (region_model_context::on_unknown_change): Convert from svalue_id to
3422 const svalue * and add is_mutable.
3423 (class noop_region_model_context): Update for region_model_context
3424 changes.
3425 (model_merger::model_merger): Add program_point. Drop
3426 svalue_id_merger_mapping.
3427 (model_merger::dump_to_pp): Add "simple" param.
3428 (model_merger::dump): Likewise.
3429 (model_merger::get_region_a): Delete.
3430 (model_merger::get_region_b): Delete.
3431 (model_merger::can_merge_values_p): Delete.
3432 (model_merger::record_regions): Delete.
3433 (model_merger::record_svalues): Delete.
3434 (model_merger::m_point): New field.
3435 (model_merger::m_map_regions_from_a_to_m): Delete.
3436 (model_merger::m_map_regions_from_b_to_m): Delete.
3437 (model_merger::m_sid_mapping): Delete.
3438 (struct svalue_id_merger_mapping): Delete.
3439 (class engine): New.
3440 (struct canonicalization): Delete.
3441 (inchash::add): Delete decls for hashing svalue_id and region_id.
3442 (test_region_model_context::on_unexpected_tree_code): Require t to
3443 be non-NULL.
3444 (selftest::assert_condition): Add overload comparing a pair of
3445 const svalue *.
3446 * sm-file.cc: Include "tristate.h", "selftest.h",
3447 "analyzer/call-string.h", "analyzer/program-point.h",
3448 "analyzer/store.h", and "analyzer/region-model.h".
3449 (fileptr_state_machine::get_default_state): New.
3450 (fileptr_state_machine::on_stmt): Remove calls to
3451 get_readable_tree in favor of get_diagnostic_tree.
3452 * sm-malloc.cc: Include "tristate.h", "selftest.h",
3453 "analyzer/call-string.h", "analyzer/program-point.h",
3454 "analyzer/store.h", and "analyzer/region-model.h".
3455 (malloc_state_machine::get_default_state): New.
3456 (malloc_state_machine::reset_when_passed_to_unknown_fn_p): New.
3457 (malloc_diagnostic::describe_state_change): Handle change.m_expr
3458 being NULL.
3459 (null_arg::emit): Avoid printing "NULL '0'".
3460 (null_arg::describe_final_event): Avoid printing "(0) NULL".
3461 (malloc_leak::emit): Handle m_arg being NULL.
3462 (malloc_leak::describe_final_event): Handle ev.m_expr being NULL.
3463 (malloc_state_machine::on_stmt): Don't call get_readable_tree.
3464 Call get_diagnostic_tree when creating pending diagnostics.
3465 Update for is_zero_assignment becoming a member function of
3466 sm_ctxt.
3467 Don't transition to m_non_heap for ADDR_EXPR(MEM_REF()).
3468 (malloc_state_machine::reset_when_passed_to_unknown_fn_p): New
3469 vfunc implementation.
3470 * sm-sensitive.cc (sensitive_state_machine::warn_for_any_exposure): Call
3471 get_diagnostic_tree and pass the result to warn_for_state.
3472 * sm-signal.cc: Move includes of "analyzer/call-string.h" and
3473 "analyzer/program-point.h" to before "analyzer/region-model.h",
3474 and also include "analyzer/store.h" before it.
3475 (signal_unsafe_call::describe_state_change): Use
3476 get_dest_function to get handler.
3477 (update_model_for_signal_handler): Pass manager to region_model
3478 ctor.
3479 (register_signal_handler::impl_transition): Update for changes to
3480 get_or_create_node and add_edge.
3481 * sm-taint.cc (taint_state_machine::on_stmt): Remove calls to
3482 get_readable_tree, replacing them when calling warn_for_state with
3483 calls to get_diagnostic_tree.
3484 * sm.cc (is_zero_assignment): Delete.
3485 (any_pointer_p): Move to within namespace ana.
3486 * sm.h (is_zero_assignment): Remove decl.
3487 (any_pointer_p): Move decl to within namespace ana.
3488 (state_machine::get_default_state): New vfunc.
3489 (state_machine::reset_when_passed_to_unknown_fn_p): New vfunc.
3490 (sm_context::get_readable_tree): Rename to...
3491 (sm_context::get_diagnostic_tree): ...this.
3492 (sm_context::is_zero_assignment): New vfunc.
3493 * store.cc: New file.
3494 * store.h: New file.
3495 * svalue.cc: New file.
3496
2221fb6f
MW		 34972020-05-22 Mark Wielaard <mark@klomp.org>
3498
3499 * sm-signal.cc(signal_unsafe_call::emit): Possibly add
3500 gcc_rich_location note for replacement.
3501 (signal_unsafe_call::get_replacement_fn): New private function.
3502 (get_async_signal_unsafe_fns): Add "exit".
3503
5eae0ac7
DM		 35042020-04-28 David Malcolm <dmalcolm@redhat.com>
3505
3506 PR analyzer/94816
3507 * engine.cc (impl_region_model_context::on_unexpected_tree_code):
3508 Handle NULL tree.
3509 * region-model.cc (region_model::add_region_for_type): Handle
3510 NULL type.
3511 * region-model.h
3512 (test_region_model_context::on_unexpected_tree_code): Handle NULL
3513 tree.
3514
78b97837
DM		 35152020-04-28 David Malcolm <dmalcolm@redhat.com>
3516
3517 PR analyzer/94447
3518 PR analyzer/94639
3519 PR analyzer/94732
3520 PR analyzer/94754
3521 * analyzer.opt (Wanalyzer-use-of-uninitialized-value): Delete.
3522 * program-state.cc (selftest::test_program_state_dumping): Update
3523 expected dump result for removal of "uninit".
3524 * region-model.cc (poison_kind_to_str): Delete POISON_KIND_UNINIT
3525 case.
3526 (root_region::ensure_stack_region): Initialize stack with null
3527 svalue_id rather than with a typeless POISON_KIND_UNINIT value.
3528 (root_region::ensure_heap_region): Likewise for the heap.
3529 (region_model::dump_summary_of_rep_path_vars): Remove
3530 summarization of uninit values.
3531 (region_model::validate): Remove check that the stack has a
3532 POISON_KIND_UNINIT value.
3533 (poisoned_value_diagnostic::emit): Remove POISON_KIND_UNINIT
3534 case.
3535 (poisoned_value_diagnostic::describe_final_event): Likewise.
3536 (selftest::test_dump): Update expected dump result for removal of
3537 "uninit".
3538 (selftest::test_svalue_equality): Remove "uninit" and "freed".
3539 * region-model.h (enum poison_kind): Remove POISON_KIND_UNINIT.
3540
a96f1c38
DM		 35412020-04-01 David Malcolm <dmalcolm@redhat.com>
3542
3543 PR analyzer/94378
3544 * checker-path.cc: Include "bitmap.h".
3545 * constraint-manager.cc: Likewise.
3546 * diagnostic-manager.cc: Likewise.
3547 * engine.cc: Likewise.
3548 (exploded_node::detect_leaks): Pass null region_id to pop_frame.
3549 * program-point.cc: Include "bitmap.h".
3550 * program-state.cc: Likewise.
3551 * region-model.cc (id_set<region_id>::id_set): Convert to...
3552 (region_id_set::region_id_set): ...this.
3553 (svalue_id_set::svalue_id_set): New ctor.
3554 (region_model::copy_region): New function.
3555 (region_model::copy_struct_region): New function.
3556 (region_model::copy_union_region): New function.
3557 (region_model::copy_array_region): New function.
3558 (stack_region::pop_frame): Drop return value. Add
3559 "result_dst_rid" param; if it is non-null, use copy_region to copy
3560 the result to it. Rather than capture and pass a single "known
3561 used" return value to be used by purge_unused_values, instead
3562 gather and pass a set of known used return values.
3563 (root_region::pop_frame): Drop return value. Add "result_dst_rid"
3564 param.
3565 (region_model::on_assignment): Use copy_region.
3566 (region_model::on_return): Likewise for the result.
3567 (region_model::on_longjmp): Pass null for pop_frame's
3568 result_dst_rid.
3569 (region_model::update_for_return_superedge): Pass the region for the
3570 return value of the call, if any, to pop_frame, rather than setting
3571 the lvalue for the lhs of the result.
3572 (region_model::pop_frame): Drop return value. Add
3573 "result_dst_rid" param.
3574 (region_model::purge_unused_svalues): Convert third param from an
3575 svalue_id * to an svalue_id_set *, updating the initial populating
3576 of the "used" bitmap accordingly. Don't remap it when done.
3577 (struct selftest::coord_test): New selftest fixture, extracted from...
3578 (selftest::test_dump_2): ...here.
3579 (selftest::test_compound_assignment): New selftest.
3580 (selftest::test_stack_frames): Pass null to new param of pop_frame.
3581 (selftest::analyzer_region_model_cc_tests): Call the new selftest.
3582 * region-model.h (class id_set): Delete template.
3583 (class region_id_set): Reimplement, using old id_set implementation.
3584 (class svalue_id_set): Likewise. Convert from auto_sbitmap to
3585 auto_bitmap.
3586 (region::get_active_view): New accessor.
3587 (stack_region::pop_frame): Drop return value. Add
3588 "result_dst_rid" param.
3589 (root_region::pop_frame): Likewise.
3590 (region_model::pop_frame): Likewise.
3591 (region_model::copy_region): New decl.
3592 (region_model::purge_unused_svalues): Convert third param from an
3593 svalue_id * to an svalue_id_set *.
3594 (region_model::copy_struct_region): New decl.
3595 (region_model::copy_union_region): New decl.
3596 (region_model::copy_array_region): New decl.
3597
6969ac30
DM		 35982020-03-27 David Malcolm <dmalcolm@redhat.com>
3599
3600 * program-state.cc (selftest::test_program_state_dumping): Update
3601 expected dump to include symbolic_region's possibly_null field.
3602 * region-model.cc (symbolic_region::print_fields): New vfunc
3603 implementation.
3604 (region_model::add_constraint): Clear m_possibly_null from
3605 symbolic_regions now known to be non-NULL.
3606 (selftest::test_malloc_constraints): New selftest.
3607 (selftest::analyzer_region_model_cc_tests): Call it.
3608 * region-model.h (region::dyn_cast_symbolic_region): Add non-const
3609 overload.
3610 (symbolic_region::dyn_cast_symbolic_region): Implement it.
3611 (symbolic_region::print_fields): New vfunc override decl.
3612
42c63313
DM		 36132020-03-27 David Malcolm <dmalcolm@redhat.com>
3614
3615 * analyzer.h (class feasibility_problem): New forward decl.
3616 * diagnostic-manager.cc (saved_diagnostic::saved_diagnostic):
3617 Initialize new fields m_status, m_epath_length, and m_problem.
3618 (saved_diagnostic::~saved_diagnostic): Delete m_problem.
3619 (dedupe_candidate::dedupe_candidate): Convert "sd" param from a
3620 const ref to a mutable ptr.
3621 (dedupe_winners::add): Convert "sd" param from a const ref to a
3622 mutable ptr. Record the length of the exploded_path. Record the
3623 feasibility/infeasibility of sd into sd, capturing a
3624 feasibility_problem when feasible_p fails, and storing it in sd.
3625 (diagnostic_manager::emit_saved_diagnostics): Update for pass by
3626 ptr rather than by const ref.
3627 * diagnostic-manager.h (class saved_diagnostic): Add new enum
3628 status. Add fields m_status, m_epath_length and m_problem.
3629 (saved_diagnostic::set_feasible): New member function.
3630 (saved_diagnostic::set_infeasible): New member function.
3631 (saved_diagnostic::get_feasibility_problem): New accessor.
3632 (saved_diagnostic::get_status): New accessor.
3633 (saved_diagnostic::set_epath_length): New member function.
3634 (saved_diagnostic::get_epath_length): New accessor.
3635 * engine.cc: Include "gimple-pretty-print.h".
3636 (exploded_path::feasible_p): Add OUT param and, if non-NULL, write
3637 a new feasibility_problem to it on failure.
3638 (viz_callgraph_node::dump_dot): Convert begin_tr calls to
3639 begin_trtd. Convert end_tr calls to end_tdtr.
3640 (class exploded_graph_annotator): New subclass of dot_annotator.
3641 (impl_run_checkers): Add a second -fdump-analyzer-supergraph dump
3642 after the analysis runs, using exploded_graph_annotator. dumping
3643 to DUMP_BASE_NAME.supergraph-eg.dot.
3644 * exploded-graph.h (exploded_node::get_dot_fillcolor): Make
3645 public.
3646 (exploded_path::feasible_p): Add OUT param.
3647 (class feasibility_problem): New class.
3648 * state-purge.cc (state_purge_annotator::add_node_annotations):
3649 Return a bool, add a "within_table" param.
3650 (print_vec_of_names): Convert begin_tr calls to begin_trtd.
3651 Convert end_tr calls to end_tdtr.
3652 (state_purge_annotator::add_stmt_annotations): Add "within_row"
3653 param.
3654 * state-purge.h ((state_purge_annotator::add_node_annotations):
3655 Return a bool, add a "within_table" param.
3656 (state_purge_annotator::add_stmt_annotations): Add "within_row"
3657 param.
3658 * supergraph.cc (supernode::dump_dot): Call add_node_annotations
3659 twice: as before, passing false for "within_table", then again
3660 with true when within the TABLE element. Convert some begin_tr
3661 calls to begin_trtd, and some end_tr calls to end_tdtr.
3662 Repeat each add_stmt_annotations call, distinguishing between
3663 calls that add TRs and those that add TDs to an existing TR.
3664 Add a call to add_after_node_annotations.
3665 * supergraph.h (dot_annotator::add_node_annotations): Add a
3666 "within_table" param.
3667 (dot_annotator::add_stmt_annotations): Add a "within_row" param.
3668 (dot_annotator::add_after_node_annotations): New vfunc.
3669
8f023575
DM		 36702020-03-27 David Malcolm <dmalcolm@redhat.com>
3671
3672 * diagnostic-manager.cc (dedupe_winners::add): Show the
3673 exploded_node index in the log messages.
3674 (diagnostic_manager::emit_saved_diagnostics): Log a summary of
3675 m_saved_diagnostics at entry.
3676
4d661bb7
DM		 36772020-03-27 David Malcolm <dmalcolm@redhat.com>
3678
3679 * supergraph.cc (superedge::dump): Add space before description;
3680 move newline to non-pretty_printer overload.
3681
884d9141
DM		 36822020-03-18 David Malcolm <dmalcolm@redhat.com>
3683
3684 * region-model.cc: Include "stor-layout.h".
3685 (region_model::dump_to_pp): Rather than calling
3686 dump_summary_of_map on each of the current frame and the globals,
3687 instead get a vec of representative path_vars for all regions,
3688 and then dump a summary of all of them.
3689 (region_model::dump_summary_of_map): Delete, rewriting into...
3690 (region_model::dump_summary_of_rep_path_vars): ...this new
3691 function, working on a vec of path_vars.
3692 (region_model::set_value): New overload.
3693 (region_model::get_representative_path_var): Rename
3694 "parent_region" local to "parent_reg" and consolidate with other
3695 local. Guard test for grandparent being stack on parent_reg being
3696 non-NULL. Move handling for parent being an array_region to
3697 within guard for parent_reg being non-NULL.
3698 (selftest::make_test_compound_type): New function.
3699 (selftest::test_dump_2): New selftest.
3700 (selftest::test_dump_3): New selftest.
3701 (selftest::test_stack_frames): Update expected output from
3702 simplified dump to show "a" and "b" from parent frame and "y" in
3703 child frame.
3704 (selftest::analyzer_region_model_cc_tests): Call test_dump_2 and
3705 test_dump_3.
3706 * region-model.h (region_model::set_value): New overload decl.
3707 (region_model::dump_summary_of_map): Delete.
3708 (region_model::dump_summary_of_rep_path_vars): New.
3709
7d9c107a
DM		 37102020-03-18 David Malcolm <dmalcolm@redhat.com>
3711
3712 * region-model.h (class noop_region_model_context): New subclass
3713 of region_model_context.
3714 (class tentative_region_model_context): Inherit from
3715 noop_region_model_context rather than from region_model_context;
3716 drop redundant vfunc implementations.
3717 (class test_region_model_context): Likewise.
3718
0db2cd17
DM		 37192020-03-18 David Malcolm <dmalcolm@redhat.com>
3720
3721 * engine.cc (exploded_node::exploded_node): Move implementation
3722 here from header; accept point_and_state by const reference rather
3723 than by value.
3724 * exploded-graph.h (exploded_node::exploded_node): Pass
3725 point_and_state by const reference rather than by value. Move
3726 body to engine.cc.
3727
d5029d45
JJ		 37282020-03-18 Jakub Jelinek <jakub@redhat.com>
3729
3730 * sm-malloc.cc (malloc_state_machine::on_stmt): Fix up duplicated word
3731 issue in a comment.
3732 * region-model.cc (region_model::make_region_for_unexpected_tree_code,
3733 region_model::delete_region_and_descendents): Likewise.
3734 * engine.cc (class exploded_cluster): Likewise.
3735 * diagnostic-manager.cc (class path_builder): Likewise.
3736
5c048755
DM		 37372020-03-13 David Malcolm <dmalcolm@redhat.com>
3738
3739 PR analyzer/94099
3740 PR analyzer/94105
3741 * diagnostic-manager.cc (for_each_state_change): Bulletproof
3742 against errors in get_rvalue by passing a
3743 tentative_region_model_context and rejecting if there's an error.
3744 * region-model.cc (region_model::get_lvalue_1): When handling
3745 ARRAY_REF, handle results of error-handling. Handle NOP_EXPR.
3746
90f7c300
DM		 37472020-03-06 David Malcolm <dmalcolm@redhat.com>
3748
3749 * analyzer.h (class array_region): New forward decl.
3750 * program-state.cc (selftest::test_program_state_dumping_2): New.
3751 (selftest::analyzer_program_state_cc_tests): Call it.
3752 * region-model.cc (array_region::constant_from_key): New.
3753 (region_model::get_representative_tree): Handle region_svalue by
3754 generating an ADDR_EXPR.
3755 (region_model::get_representative_path_var): In view handling,
3756 remove erroneous TREE_TYPE when determining the type of the tree.
3757 Handle array regions and STRING_CST.
3758 (selftest::assert_dump_tree_eq): New.
3759 (ASSERT_DUMP_TREE_EQ): New macro.
3760 (selftest::test_get_representative_tree): New selftest.
3761 (selftest::analyzer_region_model_cc_tests): Call it.
3762 * region-model.h (region::dyn_cast_array_region): New vfunc.
3763 (array_region::dyn_cast_array_region): New vfunc implementation.
3764 (array_region::constant_from_key): New decl.
3765
41f99ba6
DM		 37662020-03-06 David Malcolm <dmalcolm@redhat.com>
3767
3768 * analyzer.h (dump_quoted_tree): New decl.
3769 * engine.cc (exploded_node::dump_dot): Pass region model to
3770 sm_state_map::print.
3771 * program-state.cc: Include diagnostic-core.h.
3772 (sm_state_map::print): Add "model" param and use it to print
3773 representative trees. Only print origin information if non-null.
3774 (sm_state_map::dump): Pass NULL for model to print call.
3775 (program_state::print): Pass region model to sm_state_map::print.
3776 (program_state::dump_to_pp): Use spaces rather than newlines when
3777 summarizing. Pass region_model to sm_state_map::print.
3778 (ana::selftest::assert_dump_eq): New function.
3779 (ASSERT_DUMP_EQ): New macro.
3780 (ana::selftest::test_program_state_dumping): New function.
3781 (ana::selftest::analyzer_program_state_cc_tests): Call it.
3782 * program-state.h (program_state::print): Add model param.
3783 * region-model.cc (dump_quoted_tree): New function.
3784 (map_region::print_fields): Use dump_quoted_tree rather than
3785 %qE to avoid lang-dependent output.
3786 (map_region::dump_child_label): Likewise.
3787 (region_model::dump_summary_of_map): For SK_REGION, when
3788 get_representative_path_var fails, print the region id rather than
3789 erroneously printing NULL.
3790 * sm.cc (state_machine::get_state_by_name): New function.
3791 * sm.h (state_machine::get_state_by_name): New decl.
3792
3c1645a3
DM		 37932020-03-04 David Malcolm <dmalcolm@redhat.com>
3794
3795 * region-model.cc (region::validate): Convert model param from ptr
3796 to reference. Update comment to reflect that it's now a vfunc.
3797 (map_region::validate): New vfunc implementation.
3798 (array_region::validate): New vfunc implementation.
3799 (stack_region::validate): New vfunc implementation.
3800 (root_region::validate): New vfunc implementation.
3801 (region_model::validate): Pass a reference rather than a pointer
3802 to the region::validate vfunc.
3803 * region-model.h (region::validate): Make virtual. Convert model
3804 param from ptr to reference.
3805 (map_region::validate): New vfunc decl.
3806 (array_region::validate): New vfunc decl.
3807 (stack_region::validate): New vfunc decl.
3808 (root_region::validate): New vfunc decl.
3809
e516294a
DM		 38102020-03-04 David Malcolm <dmalcolm@redhat.com>
3811
3812 PR analyzer/93993
3813 * region-model.cc (region_model::on_call_pre): Handle
3814 BUILT_IN_EXPECT and its variants.
3815 (region_model::add_any_constraints_from_ssa_def_stmt): Split out
3816 gassign handling into add_any_constraints_from_gassign; add gcall
3817 handling.
3818 (region_model::add_any_constraints_from_gassign): New function,
3819 based on the above. Add handling for NOP_EXPR.
3820 (region_model::add_any_constraints_from_gcall): New function.
3821 (region_model::get_representative_path_var): Handle views.
3822 * region-model.h
3823 (region_model::add_any_constraints_from_ssa_def_stmt): New decl.
3824 (region_model::add_any_constraints_from_gassign): New decl.
3825
3d66e153
DM		 38262020-03-04 David Malcolm <dmalcolm@redhat.com>
3827
3828 PR analyzer/93993
3829 * checker-path.h (state_change_event::get_lvalue): Add ctxt param
3830 and pass it to region_model::get_value call.
3831 * diagnostic-manager.cc (get_any_origin): Pass a
3832 tentative_region_model_context to the calls to get_lvalue and reject
3833 the comparison if errors occur.
3834 (can_be_expr_of_interest_p): New function.
3835 (diagnostic_manager::prune_for_sm_diagnostic): Replace checks for
3836 CONSTANT_CLASS_P with calls to update_for_unsuitable_sm_exprs.
3837 Pass a tentative_region_model_context to the calls to
3838 state_change_event::get_lvalue and reject the comparison if errors
3839 occur.
3840 (diagnostic_manager::update_for_unsuitable_sm_exprs): New.
3841 * diagnostic-manager.h
3842 (diagnostic_manager::update_for_unsuitable_sm_exprs): New decl.
3843 * region-model.h (class tentative_region_model_context): New class.
3844
13e3ba14
DM		 38452020-03-04 David Malcolm <dmalcolm@redhat.com>
3846
3847 * engine.cc (worklist::worklist): Remove unused field m_eg.
3848 (class viz_callgraph_edge): Remove unused field m_call_sedge.
3849 (class viz_callgraph): Remove unused field m_sg.
3850 * exploded-graph.h (worklist::::m_eg): Remove unused field.
3851
13b76912
DM		 38522020-03-02 David Malcolm <dmalcolm@redhat.com>
3853
3854 * analyzer.opt (fanalyzer-show-duplicate-count): New option.
3855 * diagnostic-manager.cc
3856 (diagnostic_manager::emit_saved_diagnostic): Use the above to
3857 guard the printing of the duplicate count.
3858
9f00b22f
DM		 38592020-03-02 David Malcolm <dmalcolm@redhat.com>
3860
3861 PR analyzer/93959
3862 * analyzer.cc (is_std_function_p): New function.
3863 (is_std_named_call_p): New functions.
3864 * analyzer.h (is_std_named_call_p): New decl.
3865 * sm-malloc.cc (malloc_state_machine::on_stmt): Check for "std::"
3866 variants when checking for malloc, calloc and free.
3867
71b633aa
DM		 38682020-02-26 David Malcolm <dmalcolm@redhat.com>
3869
3870 PR analyzer/93950
3871 * diagnostic-manager.cc
3872 (diagnostic_manager::prune_for_sm_diagnostic): Assert that var is
3873 either NULL or not a constant. When updating var, bulletproof
3874 against constant values.
3875
0ba70d1b
DM		 38762020-02-26 David Malcolm <dmalcolm@redhat.com>
3877
3878 PR analyzer/93947
3879 * region-model.cc (region_model::get_fndecl_for_call): Gracefully
3880 fail for fn_decls that don't have a cgraph_node.
3881
67fa274c
DM		 38822020-02-26 David Malcolm <dmalcolm@redhat.com>
3883
3884 * bar-chart.cc: New file.
3885 * bar-chart.h: New file.
3886 * engine.cc: Include "analyzer/bar-chart.h".
3887 (stats::log): Only log the m_num_nodes kinds that are non-zero.
3888 (stats::dump): Likewise when dumping.
3889 (stats::get_total_enodes): New.
3890 (exploded_graph::get_or_create_node): Increment the per-point-data
3891 m_excess_enodes when hitting the per-program-point limit on
3892 enodes.
3893 (exploded_graph::print_bar_charts): New.
3894 (exploded_graph::log_stats): Log the number of unprocessed enodes
3895 in the worklist. Call print_bar_charts.
3896 (exploded_graph::dump_stats): Print the number of unprocessed
3897 enodes in the worklist.
3898 * exploded-graph.h (stats::get_total_enodes): New decl.
3899 (struct per_program_point_data): Add field m_excess_enodes.
3900 (exploded_graph::print_bar_charts): New decl.
3901 * supergraph.cc (superedge::dump): New.
3902 (superedge::dump): New.
3903 * supergraph.h (supernode::get_function): New.
3904 (superedge::dump): New decl.
3905 (superedge::dump): New decl.
3906
f2ca2088
DM		 39072020-02-24 David Malcolm <dmalcolm@redhat.com>
3908
3909 * engine.cc (exploded_graph::get_or_create_node): Dump the
3910 program_state to the pp, rather than to stderr.
3911
b3d788a2
DM		 39122020-02-24 David Malcolm <dmalcolm@redhat.com>
3913
3914 PR analyzer/93032
3915 * sm.cc (make_checkers): Require the "taint" checker to be
3916 explicitly enabled.
3917
3a25f345
DM		 39182020-02-24 David Malcolm <dmalcolm@redhat.com>
3919
3920 PR analyzer/93899
3921 * engine.cc
3922 (impl_region_model_context::impl_region_model_context): Add logger
3923 param.
3924 * engine.cc (exploded_graph::add_function_entry): Create an
3925 impl_region_model_context and pass it to the push_frame call.
3926 Bail if the resulting state is invalid.
3927 (exploded_graph::build_initial_worklist): Likewise.
3928 (exploded_graph::build_initial_worklist): Handle the case where
3929 add_function_entry fails.
3930 * exploded-graph.h
3931 (impl_region_model_context::impl_region_model_context): Add logger
3932 param.
3933 * region-model.cc (map_region::get_or_create): Add ctxt param and
3934 pass it to add_region_for_type.
3935 (map_region::can_merge_p): Pass NULL as a ctxt to call to
3936 get_or_create.
3937 (array_region::get_element): Pass ctxt to call to get_or_create.
3938 (array_region::get_or_create): Add ctxt param and pass it to
3939 add_region_for_type.
3940 (root_region::push_frame): Pass ctxt to get_or_create calls.
3941 (region_model::get_lvalue_1): Likewise.
3942 (region_model::make_region_for_unexpected_tree_code): Assert that
3943 ctxt is non-NULL.
3944 (region_model::get_rvalue_1): Pass ctxt to get_svalue_for_fndecl
3945 and get_svalue_for_label calls.
3946 (region_model::get_svalue_for_fndecl): Add ctxt param and pass it
3947 to get_region_for_fndecl.
3948 (region_model::get_region_for_fndecl): Add ctxt param and pass it
3949 to get_or_create.
3950 (region_model::get_svalue_for_label): Add ctxt param and pass it
3951 to get_region_for_label.
3952 (region_model::get_region_for_label): Add ctxt param and pass it
3953 to get_region_for_fndecl and get_or_create.
3954 (region_model::get_field_region): Add ctxt param and pass it to
3955 get_or_create_view and get_or_create.
3956 (make_region_for_type): Replace gcc_unreachable with return NULL.
3957 (region_model::add_region_for_type): Add ctxt param. Handle a
3958 return of NULL from make_region_for_type by calling
3959 make_region_for_unexpected_tree_code.
3960 (region_model::get_or_create_mem_ref): Pass ctxt to calls to
3961 get_or_create_view.
3962 (region_model::get_or_create_view): Add ctxt param and pass it to
3963 add_region_for_type.
3964 (selftest::test_state_merging): Pass ctxt to get_or_create_view.
3965 * region-model.h (region_model::get_or_create): Add ctxt param.
3966 (region_model::add_region_for_type): Likewise.
3967 (region_model::get_svalue_for_fndecl): Likewise.
3968 (region_model::get_svalue_for_label): Likewise.
3969 (region_model::get_region_for_fndecl): Likewise.
3970 (region_model::get_region_for_label): Likewise.
3971 (region_model::get_field_region): Likewise.
3972 (region_model::get_or_create_view): Likewise.
3973
004f2c07
DM		 39742020-02-24 David Malcolm <dmalcolm@redhat.com>
3975
3976 * checker-path.cc (superedge_event::should_filter_p): Update
3977 filter for empty descriptions to cover verbosity level 3 as well
3978 as 2.
3979 * diagnostic-manager.cc: Include "analyzer/reachability.h".
3980 (class path_builder): New class.
3981 (diagnostic_manager::emit_saved_diagnostic): Create a path_builder
3982 and pass it to build_emission_path, rather passing eg; similarly
3983 for add_events_for_eedge and ext_state.
3984 (diagnostic_manager::build_emission_path): Replace "eg" param
3985 with a path_builder, pass it to add_events_for_eedge.
3986 (diagnostic_manager::add_events_for_eedge): Replace ext_state
3987 param with path_builder; pass it to add_events_for_superedge.
3988 (diagnostic_manager::significant_edge_p): New.
3989 (diagnostic_manager::add_events_for_superedge): Add path_builder
3990 param. Reject insignificant edges at verbosity levels below 3.
3991 (diagnostic_manager::prune_for_sm_diagnostic): Update highest
3992 verbosity level to 4.
3993 * diagnostic-manager.h (class path_builder): New forward decl.
3994 (diagnostic_manager::build_emission_path): Replace "eg" param
3995 with a path_builder.
3996 (diagnostic_manager::add_events_for_eedge): Replace ext_state
3997 param with path_builder.
3998 (diagnostic_manager::significant_edge_p): New.
3999 (diagnostic_manager::add_events_for_superedge): Add path_builder
4000 param.
4001 * reachability.h: New file.
4002
0b2b45a6
DM		 40032020-02-18 David Malcolm <dmalcolm@redhat.com>
4004
4005 PR analyzer/93692
4006 * analyzer.opt (fdump-analyzer-callgraph): Rewrite description.
4007
4f40164a
DM		 40082020-02-18 David Malcolm <dmalcolm@redhat.com>
4009
4010 PR analyzer/93777
4011 * region-model.cc (region_model::maybe_cast_1): Replace assertion
4012 that build_cast returns non-NULL with a conditional, falling
4013 through to the logic which returns a new unknown value of the
4014 desired type if it fails.
4015
2e623393
DM		 40162020-02-18 David Malcolm <dmalcolm@redhat.com>
4017
4018 PR analyzer/93778
4019 * engine.cc (impl_region_model_context::on_unknown_tree_code):
4020 Rename to...
4021 (impl_region_model_context::on_unexpected_tree_code): ...this and
4022 convert first argument from path_var to tree.
4023 (exploded_node::on_stmt): Pass ctxt to purge_for_unknown_fncall.
4024 * exploded-graph.h (region_model_context::on_unknown_tree_code):
4025 Rename to...
4026 (region_model_context::on_unexpected_tree_code): ...this and
4027 convert first argument from path_var to tree.
4028 * program-state.cc (sm_state_map::purge_for_unknown_fncall): Add
4029 ctxt param and pass on to calls to get_rvalue.
4030 * program-state.h (sm_state_map::purge_for_unknown_fncall): Add
4031 ctxt param.
4032 * region-model.cc (region_model::handle_unrecognized_call): Pass
4033 ctxt on to call to get_rvalue.
4034 (region_model::get_lvalue_1): Move body of default case to
4035 region_model::make_region_for_unexpected_tree_code and call it.
4036 Within COMPONENT_REF case, reject attempts to handle types other
4037 than RECORD_TYPE and UNION_TYPE.
4038 (region_model::make_region_for_unexpected_tree_code): New
4039 function, based on default case of region_model::get_lvalue_1.
4040 * region-model.h
4041 (region_model::make_region_for_unexpected_tree_code): New decl.
4042 (region_model::on_unknown_tree_code): Rename to...
4043 (region_model::on_unexpected_tree_code): ...this and convert first
4044 argument from path_var to tree.
4045 (class test_region_model_context): Update vfunc implementation for
4046 above change.
4047
a674c7b8
DM		 40482020-02-18 David Malcolm <dmalcolm@redhat.com>
4049
4050 PR analyzer/93774
4051 * region-model.cc
4052 (region_model::convert_byte_offset_to_array_index): Use
4053 int_size_in_bytes before calling size_in_bytes, to gracefully fail
4054 on incomplete types.
4055
d8cde6f9
DM		 40562020-02-17 David Malcolm <dmalcolm@redhat.com>
4057
4058 PR analyzer/93775
4059 * region-model.cc (region_model::get_fndecl_for_call): Handle the
4060 case where the code_region's get_tree_for_child_region returns
4061 NULL.
4062
f76a88eb
DM		 40632020-02-17 David Malcolm <dmalcolm@redhat.com>
4064
4065 PR analyzer/93388
4066 * engine.cc (impl_region_model_context::on_unknown_tree_code):
4067 New.
4068 (exploded_graph::get_or_create_node): Reject invalid states.
4069 * exploded-graph.h
4070 (impl_region_model_context::on_unknown_tree_code): New decl.
4071 (point_and_state::point_and_state): Assert that the state is
4072 valid.
4073 * program-state.cc (program_state::program_state): Initialize
4074 m_valid to true.
4075 (program_state::operator=): Copy m_valid.
4076 (program_state::program_state): Likewise for move constructor.
4077 (program_state::print): Print m_valid.
4078 (program_state::dump_to_pp): Likewise.
4079 * program-state.h (program_state::m_valid): New field.
4080 * region-model.cc (region_model::get_lvalue_1): Implement the
4081 default case by returning a new symbolic region and calling
4082 the context's on_unknown_tree_code, rather than issuing an
4083 internal_error. Implement VIEW_CONVERT_EXPR.
4084 * region-model.h (region_model_context::on_unknown_tree_code): New
4085 vfunc.
4086 (test_region_model_context::on_unknown_tree_code): New.
4087
0993ad65
DM		 40882020-02-17 David Malcolm <dmalcolm@redhat.com>
4089
4090 * sm-malloc.cc (malloc_diagnostic::describe_state_change): For
4091 transition to the "null" state, only say "assuming" when
4092 transitioning from the "unchecked" state.
4093
67098787
DM		 40942020-02-17 David Malcolm <dmalcolm@redhat.com>
4095
4096 * diagnostic-manager.h (diagnostic_manager::get_saved_diagnostic):
4097 Add const overload.
4098 * engine.cc (exploded_node::dump_dot): Dump saved_diagnostics.
4099 * exploded-graph.h (exploded_graph::get_diagnostic_manager): Add
4100 const overload.
4101
91f993b7
DM		 41022020-02-11 David Malcolm <dmalcolm@redhat.com>
4103
4104 PR analyzer/93288
4105 * analysis-plan.cc (analysis_plan::use_summary_p): Look through
4106 the ultimate_alias_target when getting the called function.
4107 * engine.cc (exploded_node::on_stmt): Rename second "ctxt" to
4108 "sm_ctxt". Use the region_model's get_fndecl_for_call rather than
4109 gimple_call_fndecl.
4110 * region-model.cc (region_model::get_fndecl_for_call): Use
4111 ultimate_alias_target on fndecl.
4112 * supergraph.cc (get_ultimate_function_for_cgraph_edge): New
4113 function.
4114 (supergraph_call_edge): Use it when rejecting edges without
4115 functions.
4116 (supergraph::supergraph): Use it to get the function for the
4117 cgraph_edge when building interprocedural superedges.
4118 (callgraph_superedge::get_callee_function): Use it.
4119 * supergraph.h (supergraph::get_num_snodes): Make param const.
4120 (supergraph::function_to_num_snodes_t): Make first type param
4121 const.
4122
a60d9889
DM		 41232020-02-11 David Malcolm <dmalcolm@redhat.com>
4124
4125 PR analyzer/93374
4126 * engine.cc (exploded_edge::exploded_edge): Add ext_state param
4127 and pass it to change.validate.
4128 (exploded_graph::get_or_create_node): Move purging of change
4129 svalues to also cover the case of reusing an existing enode.
4130 (exploded_graph::add_edge): Pass m_ext_state to exploded_edge's
4131 ctor.
4132 * exploded-graph.h (exploded_edge::exploded_edge): Add ext_state
4133 param.
4134 * program-state.cc (state_change::sm_change::validate): Likewise.
4135 Assert that m_sm_idx is sane. Use ext_state to validate
4136 m_old_state and m_new_state.
4137 (state_change::validate): Add ext_state param and pass it to
4138 the sm_change validate calls.
4139 * program-state.h (state_change::sm_change::validate): Add
4140 ext_state param.
4141 (state_change::validate): Likewise.
4142
a0e4929b
DM		 41432020-02-11 David Malcolm <dmalcolm@redhat.com>
4144
4145 PR analyzer/93669
4146 * engine.cc (exploded_graph::dump_exploded_nodes): Handle missing
4147 case of STATUS_WORKLIST in implementation of
4148 "__analyzer_dump_exploded_nodes".
4149
cd28b759
DM		 41502020-02-11 David Malcolm <dmalcolm@redhat.com>
4151
4152 PR analyzer/93649
4153 * constraint-manager.cc (constraint_manager::add_constraint): When
4154 merging equivalence classes and updating m_constant, also update
4155 m_cst_sid.
4156 (constraint_manager::validate): If m_constant is non-NULL assert
4157 that m_cst_sid is non-null and is valid.
4158
5e17c1bd
DM		 41592020-02-11 David Malcolm <dmalcolm@redhat.com>
4160
4161 PR analyzer/93657
4162 * analyzer.opt (fdump-analyzer): Reword description.
4163 (fdump-analyzer-stderr): Likewise.
4164
c46d057f
DM		 41652020-02-11 David Malcolm <dmalcolm@redhat.com>
4166
4167 * region-model.cc (print_quoted_type): New function.
4168 (svalue::print): Use it to replace %qT.
4169 (region::dump_to_pp): Likewise.
4170 (region::dump_child_label): Likewise.
4171 (region::print_fields): Likewise.
4172
eb031d4b
DM		 41732020-02-10 David Malcolm <dmalcolm@redhat.com>
4174
4175 PR analyzer/93659
4176 * analyzer.opt (-param=analyzer-max-recursion-depth=): Fix "tha"
4177 -> "that" typo.
4178 (Wanalyzer-use-of-uninitialized-value): Fix "initialized" ->
4179 "uninitialized" typo.
4180
e87deb37
DM		 41812020-02-10 David Malcolm <dmalcolm@redhat.com>
4182
4183 PR analyzer/93350
4184 * region-model.cc (region_model::get_lvalue_1):
4185 Handle BIT_FIELD_REF.
4186 (make_region_for_type): Handle VECTOR_TYPE.
4187
e953f958
DM		 41882020-02-10 David Malcolm <dmalcolm@redhat.com>
4189
4190 PR analyzer/93647
4191 * diagnostic-manager.cc
4192 (diagnostic_manager::prune_for_sm_diagnostic): Bulletproof against
4193 VAR being constant.
4194 * region-model.cc (region_model::get_lvalue_1): Provide a better
4195 error message when encountering an unhandled tree code.
4196
41a9e940
DM		 41972020-02-10 David Malcolm <dmalcolm@redhat.com>
4198
4199 PR analyzer/93405
4200 * region-model.cc (region_model::get_lvalue_1): Implement
4201 CONST_DECL.
4202
cb273d81
DM		 42032020-02-06 David Malcolm <dmalcolm@redhat.com>
4204
4205 * region-model.cc (region_model::maybe_cast_1): Attempt to provide
4206 a region_svalue if either type is a pointer, rather than if both
4207 types are pointers.
4208
a4d3bfc0
DM		 42092020-02-05 David Malcolm <dmalcolm@redhat.com>
4210
4211 * engine.cc (exploded_node::dump_dot): Show merger enodes.
4212 (worklist::add_node): Assert that the node's m_status is
4213 STATUS_WORKLIST.
4214 (exploded_graph::process_worklist): Likewise for nodes from the
4215 worklist. Set status of merged nodes to STATUS_MERGER.
4216 (exploded_graph::process_node): Set status of node to
4217 STATUS_PROCESSED.
4218 (exploded_graph::dump_exploded_nodes): Rework handling of
4219 "__analyzer_dump_exploded_nodes", splitting enodes by status into
4220 "processed" and "merger", showing the count of just the processed
4221 enodes at the call, rather than the count of all enodes.
4222 * exploded-graph.h (exploded_node::status): New enum.
4223 (exploded_node::exploded_node): Initialize m_status to
4224 STATUS_WORKLIST.
4225 (exploded_node::get_status): New getter.
4226 (exploded_node::set_status): New setter.
4227
1dae549d
DM		 42282020-02-04 David Malcolm <dmalcolm@redhat.com>
4229
4230 PR analyzer/93543
4231 * engine.cc (pod_hash_traits<function_call_string>::mark_empty):
4232 Eliminate reinterpret_cast.
4233 (pod_hash_traits<function_call_string>::is_empty): Likewise.
4234
833f1e66
DM		 42352020-02-03 David Malcolm <dmalcolm@redhat.com>
4236
4237 * constraint-manager.cc (range::constrained_to_single_element):
4238 Replace fold_build2 with fold_binary. Remove unnecessary newline.
4239 (constraint_manager::get_or_add_equiv_class): Replace fold_build2
4240 with fold_binary in two places, and remove out-of-date comment.
4241 (constraint_manager::eval_condition): Replace fold_build2 with
4242 fold_binary.
4243 * region-model.cc (constant_svalue::eval_condition): Likewise.
4244 (region_model::on_assignment): Likewise.
4245
8525d1f5
DM		 42462020-02-03 David Malcolm <dmalcolm@redhat.com>
4247
4248 PR analyzer/93544
4249 * diagnostic-manager.cc
4250 (diagnostic_manager::prune_for_sm_diagnostic): Bulletproof
4251 against bad choices due to bad paths.
4252 * engine.cc (impl_region_model_context::on_phi): New.
4253 * exploded-graph.h (impl_region_model_context::on_phi): New decl.
4254 * region-model.cc (region_model::on_longjmp): Likewise.
4255 (region_model::handle_phi): Add phi param. Call the ctxt's on_phi
4256 vfunc.
4257 (region_model::update_for_phis): Pass phi to handle_phi.
4258 * region-model.h (region_model::handle_phi): Add phi param.
4259 (region_model_context::on_phi): New vfunc.
4260 (test_region_model_context::on_phi): New.
4261 * sm-malloc.cc (malloc_state_machine::on_phi): New.
4262 (malloc_state_machine::on_zero_assignment): New.
4263 * sm.h (state_machine::on_phi): New vfunc.
4264
73f38658
DM		 42652020-02-03 David Malcolm <dmalcolm@redhat.com>
4266
4267 * engine.cc (supernode_cluster::dump_dot): Show BB index as
4268 well as SN index.
4269 * supergraph.cc (supernode::dump_dot): Likewise.
4270
5e10b9a2
DM		 42712020-02-03 David Malcolm <dmalcolm@redhat.com>
4272
4273 PR analyzer/93546
4274 * region-model.cc (region_model::on_call_pre): Update for new
4275 param of symbolic_region ctor.
4276 (region_model::deref_rvalue): Likewise.
4277 (region_model::add_new_malloc_region): Likewise.
4278 (make_region_for_type): Likewise, preserving type.
4279 * region-model.h (symbolic_region::symbolic_region): Add "type"
4280 param and pass it to base class ctor.
4281
287ccd3b
DM		 42822020-02-03 David Malcolm <dmalcolm@redhat.com>
4283
4284 PR analyzer/93547
4285 * constraint-manager.cc
4286 (constraint_manager::get_or_add_equiv_class): Ensure types are
4287 compatible before comparing constants.
4288
67751724
DM		 42892020-01-31 David Malcolm <dmalcolm@redhat.com>
4290
4291 PR analyzer/93457
4292 * region-model.cc (make_region_for_type): Use VOID_TYPE_P rather
4293 than checking against void_type_node.
4294
09bea584
DM		 42952020-01-31 David Malcolm <dmalcolm@redhat.com>
4296
4297 PR analyzer/93373
4298 * region-model.cc (ASSERT_COMPAT_TYPES): Convert to...
4299 (assert_compat_types): ...this, and bail when either type is NULL,
4300 or when VOID_TYPE_P (dst_type).
4301 (region_model::get_lvalue): Update for above conversion.
4302 (region_model::get_rvalue): Likewise.
4303
f1c807e8
DM		 43042020-01-31 David Malcolm <dmalcolm@redhat.com>
4305
4306 PR analyzer/93379
4307 * region-model.cc (region_model::update_for_return_superedge):
4308 Move check for null result so that it also guards setting the
4309 lhs.
4310
455f58ec
DM		 43112020-01-31 David Malcolm <dmalcolm@redhat.com>
4312
4313 PR analyzer/93438
4314 * region-model.cc (stack_region::can_merge_p): Split into a two
4315 pass approach, creating all stack regions first, then populating
4316 them.
4317 (selftest::test_state_merging): Add test coverage for (a) the case
4318 of self-merging a model in which a local in an older stack frame
4319 points to a local in a more recent stack frame (which previously
4320 would ICE), and (b) the case of self-merging a model in which a
4321 local points to a global (which previously worked OK).
4322
182ce042
DM		 43232020-01-31 David Malcolm <dmalcolm@redhat.com>
4324
4325 * analyzer.cc (is_named_call_p): Replace tests for fndecl being
4326 extern at file scope and having a non-NULL DECL_NAME with a call
4327 to maybe_special_function_p.
4328 * function-set.cc (function_set::contains_decl_p): Add call to
4329 maybe_special_function_p.
4330
45eb3e49
DM		 43312020-01-31 David Malcolm <dmalcolm@redhat.com>
4332
4333 PR analyzer/93450
4334 * constraint-manager.cc
4335 (constraint_manager::get_or_add_equiv_class): Only compare constants
4336 if their types are compatible.
4337 * region-model.cc (constant_svalue::eval_condition): Replace check
4338 for identical types with call to types_compatible_p.
4339
42f36563
DM		 43402020-01-30 David Malcolm <dmalcolm@redhat.com>
4341
4342 * program-state.cc (extrinsic_state::dump_to_pp): New.
4343 (extrinsic_state::dump_to_file): New.
4344 (extrinsic_state::dump): New.
4345 * program-state.h (extrinsic_state::dump_to_pp): New decl.
4346 (extrinsic_state::dump_to_file): New decl.
4347 (extrinsic_state::dump): New decl.
4348 * sm.cc: Include "pretty-print.h".
4349 (state_machine::dump_to_pp): New.
4350 * sm.h (state_machine::dump_to_pp): New decl.
4351
ebe9174e
DM		 43522020-01-30 David Malcolm <dmalcolm@redhat.com>
4353
4354 * diagnostic-manager.cc (for_each_state_change): Use
4355 extrinsic_state::get_num_checkers rather than accessing m_checkers
4356 directly.
4357 * program-state.cc (program_state::program_state): Likewise.
4358 * program-state.h (extrinsic_state::m_checkers): Make private.
4359
e978955d
DM		 43602020-01-30 David Malcolm <dmalcolm@redhat.com>
4361
4362 PR analyzer/93356
4363 * region-model.cc (region_model::eval_condition): In both
4364 overloads, bail out immediately on floating-point types.
4365 (region_model::eval_condition_without_cm): Likewise.
4366 (region_model::add_constraint): Likewise.
4367
d177c49c
DM		 43682020-01-30 David Malcolm <dmalcolm@redhat.com>
4369
4370 PR analyzer/93450
4371 * program-state.cc (sm_state_map::set_state): For the overload
4372 taking an svalue_id, bail out if the set_state on the ec does
4373 nothing. Convert the latter's return type from void to bool,
4374 returning true if anything changed.
4375 (sm_state_map::impl_set_state): Convert the return type from void
4376 to bool, returning true if the state changed.
4377 * program-state.h (sm_state_map::set_state): Convert return type
4378 from void to bool.
4379 (sm_state_map::impl_set_state): Likewise.
4380 * region-model.cc (constant_svalue::eval_condition): Only call
4381 fold_build2 if the types are the same.
4382
7892ff37
JJ		 43832020-01-29 Jakub Jelinek <jakub@redhat.com>
4384
4385 * analyzer.h (PUSH_IGNORE_WFORMAT, POP_IGNORE_WFORMAT): Remove.
4386 * constraint-manager.cc: Include diagnostic-core.h before graphviz.h.
4387 (range::dump, equiv_class::print): Don't use PUSH_IGNORE_WFORMAT or
4388 POP_IGNORE_WFORMAT.
4389 * state-purge.cc: Include diagnostic-core.h before
4390 gimple-pretty-print.h.
4391 (state_purge_annotator::add_node_annotations, print_vec_of_names):
4392 Don't use PUSH_IGNORE_WFORMAT or POP_IGNORE_WFORMAT.
4393 * region-model.cc: Move diagnostic-core.h include before graphviz.h.
4394 (path_var::dump, svalue::print, constant_svalue::print_details,
4395 region::dump_to_pp, region::dump_child_label, region::print_fields,
4396 map_region::print_fields, map_region::dump_dot_to_pp,
4397 map_region::dump_child_label, array_region::print_fields,
4398 array_region::dump_dot_to_pp): Don't use PUSH_IGNORE_WFORMAT or
4399 POP_IGNORE_WFORMAT.
4400
5aebfb71
DM		 44012020-01-28 David Malcolm <dmalcolm@redhat.com>
4402
4403 PR analyzer/93316
4404 * engine.cc (rewind_info_t::update_model): Get the longjmp call
4405 stmt via get_longjmp_call () rather than assuming it is the last
4406 stmt in the longjmp's supernode.
4407 (rewind_info_t::add_events_to_path): Get the location_t for the
4408 rewind_from_longjmp_event via get_longjmp_call () rather than from
4409 the supernode's get_end_location ().
4410
6c8e5844
DM		 44112020-01-28 David Malcolm <dmalcolm@redhat.com>
4412
4413 * region-model.cc (poisoned_value_diagnostic::emit): Update for
4414 renaming of warning_at overload to warning_meta.
4415 * sm-file.cc (file_leak::emit): Likewise.
4416 * sm-malloc.cc (double_free::emit): Likewise.
4417 (possible_null_deref::emit): Likewise.
4418 (possible_null_arg::emit): Likewise.
4419 (null_deref::emit): Likewise.
4420 (null_arg::emit): Likewise.
4421 (use_after_free::emit): Likewise.
4422 (malloc_leak::emit): Likewise.
4423 (free_of_non_heap::emit): Likewise.
4424 * sm-sensitive.cc (exposure_through_output_file::emit): Likewise.
4425 * sm-signal.cc (signal_unsafe_call::emit): Likewise.
4426 * sm-taint.cc (tainted_array_index::emit): Likewise.
4427
8c08c983
DM		 44282020-01-27 David Malcolm <dmalcolm@redhat.com>
4429
4430 PR analyzer/93451
4431 * region-model.cc (tree_cmp): For the REAL_CST case, impose an
4432 arbitrary order on NaNs relative to other NaNs and to non-NaNs;
4433 const-correctness tweak.
4434 (ana::selftests::build_real_cst_from_string): New function.
4435 (ana::selftests::append_interesting_constants): New function.
4436 (ana::selftests::test_tree_cmp_on_constants): New test.
4437 (ana::selftests::test_canonicalization_4): New test.
4438 (ana::selftests::analyzer_region_model_cc_tests): Call the new
4439 tests.
4440
2fbea419
DM		 44412020-01-27 David Malcolm <dmalcolm@redhat.com>
4442
4443 PR analyzer/93349
4444 * engine.cc (run_checkers): Save and restore input_location.
4445
6a81cabc
DM		 44462020-01-27 David Malcolm <dmalcolm@redhat.com>
4447
4448 * call-string.cc (call_string::cmp_1): Delete, moving body to...
4449 (call_string::cmp): ...here.
4450 * call-string.h (call_string::cmp_1): Delete decl.
4451 * engine.cc (worklist::key_t::cmp_1): Delete, moving body to...
4452 (worklist::key_t::cmp): ...here. Implement hash comparisons
4453 via comparison rather than subtraction to avoid overflow issues.
4454 * exploded-graph.h (worklist::key_t::cmp_1): Delete decl.
4455 * region-model.cc (tree_cmp): Eliminate buggy checking for
4456 symmetry.
4457
342e14ff
DM		 44582020-01-27 David Malcolm <dmalcolm@redhat.com>
4459
4460 * analyzer.cc (is_named_call_p): Check that fndecl is "extern"
4461 and at file scope. Potentially disregard prefix _ or __ in
4462 fndecl's name. Bail if the identifier is NULL.
4463 (is_setjmp_call_p): Expect a gcall rather than plain gimple.
4464 Remove special-case check for leading prefix, and also check for
4465 sigsetjmp.
4466 (is_longjmp_call_p): Also check for siglongjmp.
4467 (get_user_facing_name): New function.
4468 * analyzer.h (is_setjmp_call_p): Expect a gcall rather than plain
4469 gimple.
4470 (get_user_facing_name): New decl.
4471 * checker-path.cc (setjmp_event::get_desc): Use
4472 get_user_facing_name to avoid hardcoding the function name.
4473 (rewind_event::rewind_event): Add rewind_info param, using it to
4474 initialize new m_rewind_info field, and strengthen the assertion.
4475 (rewind_from_longjmp_event::get_desc): Use get_user_facing_name to
4476 avoid hardcoding the function name.
4477 (rewind_to_setjmp_event::get_desc): Likewise.
4478 * checker-path.h (setjmp_event::setjmp_event): Add setjmp_call
4479 param and use it to initialize...
4480 (setjmp_event::m_setjmp_call): New field.
4481 (rewind_event::rewind_event): Add rewind_info param.
4482 (rewind_event::m_rewind_info): New protected field.
4483 (rewind_from_longjmp_event::rewind_from_longjmp_event): Add
4484 rewind_info param.
4485 (class rewind_to_setjmp_event): Move rewind_info field to parent
4486 class.
4487 * diagnostic-manager.cc (diagnostic_manager::add_events_for_eedge):
4488 Update setjmp-handling for is_setjmp_call_p requiring a gcall;
4489 pass the call to the new setjmp_event.
4490 * engine.cc (exploded_node::on_stmt): Update for is_setjmp_call_p
4491 requiring a gcall.
4492 (stale_jmp_buf::emit): Use get_user_facing_name to avoid
4493 hardcoding the function names.
4494 (exploded_node::on_longjmp): Pass the longjmp_call when
4495 constructing rewind_info.
4496 (rewind_info_t::add_events_to_path): Pass the rewind_info_t to the
4497 rewind_from_longjmp_event's ctor.
4498 * exploded-graph.h (rewind_info_t::rewind_info_t): Add
4499 longjmp_call param.
4500 (rewind_info_t::get_longjmp_call): New.
4501 (rewind_info_t::m_longjmp_call): New.
4502 * region-model.cc (region_model::on_setjmp): Update comment to
4503 indicate this is also for sigsetjmp.
4504 * region-model.h (struct setjmp_record): Likewise.
4505 (class setjmp_svalue): Likewise.
4506
26d949c8
DM		 45072020-01-27 David Malcolm <dmalcolm@redhat.com>
4508
4509 PR analyzer/93276
4510 * analyzer.h (PUSH_IGNORE_WFORMAT, POP_IGNORE_WFORMAT): Guard these
4511 macros with GCC_VERSION >= 4006, making them no-op otherwise.
4512 * engine.cc (exploded_edge::exploded_edge): Specify template for
4513 base class initializer.
4514 (exploded_graph::add_edge): Specify template when chaining up to
4515 base class add_edge implementation.
4516 (viz_callgraph_node::dump_dot): Drop redundant "typename".
4517 (viz_callgraph_edge::viz_callgraph_edge): Specify template for
4518 base class initializer.
4519 * program-state.cc (sm_state_map::clone_with_remapping): Drop
4520 redundant "typename".
4521 (sm_state_map::print): Likewise.
4522 (sm_state_map::hash): Likewise.
4523 (sm_state_map::operator==): Likewise.
4524 (sm_state_map::remap_svalue_ids): Likewise.
4525 (sm_state_map::on_svalue_purge): Likewise.
4526 (sm_state_map::validate): Likewise.
4527 * program-state.h (sm_state_map::iterator_t): Likewise.
4528 * supergraph.h (superedge::superedge): Specify template for base
4529 class initializer.
4530
648796da
DM		 45312020-01-23 David Malcolm <dmalcolm@redhat.com>
4532
4533 PR analyzer/93375
4534 * supergraph.cc (callgraph_superedge::get_arg_for_parm): Fail
4535 gracefully is the number of parameters at the callee exceeds the
4536 number of arguments at the call stmt.
4537 (callgraph_superedge::get_parm_for_arg): Likewise.
4538
591b59eb
DM		 45392020-01-22 David Malcolm <dmalcolm@redhat.com>
4540
4541 PR analyzer/93382
4542 * program-state.cc (sm_state_map::on_svalue_purge): If the
4543 entry survives, but the origin is being purged, then reset the
4544 origin to null.
4545
c9c8aef4
DM		 45462020-01-22 David Malcolm <dmalcolm@redhat.com>
4547
4548 * sm-signal.cc: Fix nesting of CHECKING_P and namespace ana.
4549
fd9982bb
DM		 45502020-01-22 David Malcolm <dmalcolm@redhat.com>
4551
4552 PR analyzer/93378
4553 * engine.cc (setjmp_svalue::compare_fields): Update for
4554 replacement of m_enode with m_setjmp_record.
4555 (setjmp_svalue::add_to_hash): Likewise.
4556 (setjmp_svalue::get_index): Rename...
4557 (setjmp_svalue::get_enode_index): ...to this.
4558 (setjmp_svalue::print_details): Update for replacement of m_enode
4559 with m_setjmp_record.
4560 (exploded_node::on_longjmp): Likewise.
4561 * exploded-graph.h (rewind_info_t::m_enode_origin): Replace...
4562 (rewind_info_t::m_setjmp_record): ...with this.
4563 (rewind_info_t::rewind_info_t): Update for replacement of m_enode
4564 with m_setjmp_record.
4565 (rewind_info_t::get_setjmp_point): Likewise.
4566 (rewind_info_t::get_setjmp_call): Likewise.
4567 * region-model.cc (region_model::dump_summary_of_map): Likewise.
4568 (region_model::on_setjmp): Likewise.
4569 * region-model.h (struct setjmp_record): New struct.
4570 (setjmp_svalue::m_enode): Replace...
4571 (setjmp_svalue::m_setjmp_record): ...with this.
4572 (setjmp_svalue::setjmp_svalue): Update for replacement of m_enode
4573 with m_setjmp_record.
4574 (setjmp_svalue::clone): Likewise.
4575 (setjmp_svalue::get_index): Rename...
4576 (setjmp_svalue::get_enode_index): ...to this.
4577 (setjmp_svalue::get_exploded_node): Replace...
4578 (setjmp_svalue::get_setjmp_record): ...with this.
4579
da7cf663
DM		 45802020-01-22 David Malcolm <dmalcolm@redhat.com>
4581
4582 PR analyzer/93316
4583 * analyzer.cc (is_setjmp_call_p): Check for "setjmp" as well as
4584 "_setjmp".
4585
75038aa6
DM		 45862020-01-22 David Malcolm <dmalcolm@redhat.com>
4587
4588 PR analyzer/93307
4589 * analysis-plan.h: Wrap everything namespace "ana".
4590 * analyzer-logging.cc: Likewise.
4591 * analyzer-logging.h: Likewise.
4592 * analyzer-pass.cc (pass_analyzer::execute): Update for "ana"
4593 namespace.
4594 * analyzer-selftests.cc: Wrap everything namespace "ana".
4595 * analyzer-selftests.h: Likewise.
4596 * analyzer.h: Likewise for forward decls of types.
4597 * call-string.h: Likewise.
4598 * checker-path.cc: Likewise.
4599 * checker-path.h: Likewise.
4600 * constraint-manager.cc: Likewise.
4601 * constraint-manager.h: Likewise.
4602 * diagnostic-manager.cc: Likewise.
4603 * diagnostic-manager.h: Likewise.
4604 * engine.cc: Likewise.
4605 * engine.h: Likewise.
4606 * exploded-graph.h: Likewise.
4607 * function-set.cc: Likewise.
4608 * function-set.h: Likewise.
4609 * pending-diagnostic.cc: Likewise.
4610 * pending-diagnostic.h: Likewise.
4611 * program-point.cc: Likewise.
4612 * program-point.h: Likewise.
4613 * program-state.cc: Likewise.
4614 * program-state.h: Likewise.
4615 * region-model.cc: Likewise.
4616 * region-model.h: Likewise.
4617 * sm-file.cc: Likewise.
4618 * sm-malloc.cc: Likewise.
4619 * sm-pattern-test.cc: Likewise.
4620 * sm-sensitive.cc: Likewise.
4621 * sm-signal.cc: Likewise.
4622 * sm-taint.cc: Likewise.
4623 * sm.cc: Likewise.
4624 * sm.h: Likewise.
4625 * state-purge.h: Likewise.
4626 * supergraph.cc: Likewise.
4627 * supergraph.h: Likewise.
4628
4f01e577
DM		 46292020-01-21 David Malcolm <dmalcolm@redhat.com>
4630
4631 PR analyzer/93352
4632 * region-model.cc (int_cmp): Rename to...
4633 (array_region::key_cmp): ...this, using key_t rather than int.
4634 Rewrite in terms of comparisons rather than subtraction to
4635 ensure qsort is anti-symmetric when handling extreme values.
4636 (array_region::walk_for_canonicalization): Update for above
4637 renaming.
4638 * region-model.h (array_region::key_cmp): New decl.
4639
07c86323
DM		 46402020-01-17 David Malcolm <dmalcolm@redhat.com>
4641
4642 PR analyzer/93290
4643 * region-model.cc (region_model::eval_condition_without_cm): Avoid
4644 gcc_unreachable for unexpected operations for the case where
4645 we're comparing an svalue against itself.
4646
5f030383
DM		 46472020-01-17 David Malcolm <dmalcolm@redhat.com>
4648
4649 PR analyzer/93281
4650 * region-model.cc
4651 (region_model::convert_byte_offset_to_array_index): Convert to
4652 ssizetype before dividing by byte_size. Use fold_binary rather
4653 than fold_build2 to avoid needlessly constructing a tree for the
4654 non-const case.
4655
49e9a999
DM		 46562020-01-15 David Malcolm <dmalcolm@redhat.com>
4657
4658 * engine.cc (class impl_region_model_context): Fix comment.
4659
32077b69
DM		 46602020-01-14 David Malcolm <dmalcolm@redhat.com>
4661
4662 PR analyzer/93212
4663 * region-model.cc (make_region_for_type): Use
4664 FUNC_OR_METHOD_TYPE_P rather than comparing against FUNCTION_TYPE.
4665 * region-model.h (function_region::function_region): Likewise.
4666
7fb3669e
DM		 46672020-01-14 David Malcolm <dmalcolm@redhat.com>
4668
4669 * program-state.cc (sm_state_map::clone_with_remapping): Copy
4670 m_global_state.
4671 (selftest::test_program_state_merging_2): New selftest.
4672 (selftest::analyzer_program_state_cc_tests): Call it.
4673
e2a538b1
DM		 46742020-01-14 David Malcolm <dmalcolm@redhat.com>
4675
4676 * checker-path.h (checker_path::get_checker_event): New function.
4677 (checker_path): Add DISABLE_COPY_AND_ASSIGN; make fields private.
4678 * diagnostic-manager.cc
4679 (diagnostic_manager::prune_for_sm_diagnostic): Replace direct
4680 access to checker_path::m_events with accessor functions. Fix
4681 overlong line.
4682 (diagnostic_manager::prune_interproc_events): Replace direct
4683 access to checker_path::m_events with accessor functions.
4684 (diagnostic_manager::finish_pruning): Likewise.
4685
94946989
DM		 46862020-01-14 David Malcolm <dmalcolm@redhat.com>
4687
4688 * checker-path.h (checker_event::clone): Delete vfunc decl.
4689 (debug_event::clone): Delete vfunc impl.
4690 (custom_event::clone): Delete vfunc impl.
4691 (statement_event::clone): Delete vfunc impl.
4692 (function_entry_event::clone): Delete vfunc impl.
4693 (state_change_event::clone): Delete vfunc impl.
4694 (start_cfg_edge_event::clone): Delete vfunc impl.
4695 (end_cfg_edge_event::clone): Delete vfunc impl.
4696 (call_event::clone): Delete vfunc impl.
4697 (return_event::clone): Delete vfunc impl.
4698 (setjmp_event::clone): Delete vfunc impl.
4699 (rewind_from_longjmp_event::clone): Delete vfunc impl.
4700 (rewind_to_setjmp_event::clone): Delete vfunc impl.
4701 (warning_event::clone): Delete vfunc impl.
4702
718930c0
DM		 47032020-01-14 David Malcolm <dmalcolm@redhat.com>
4704
4705 * supergraph.cc (supernode::dump_dot): Ensure that the TABLE
4706 element has at least one TR.
4707
8397af8e
DM		 47082020-01-14 David Malcolm <dmalcolm@redhat.com>
4709
4710 PR analyzer/58237
4711 * engine.cc (leak_stmt_finder::find_stmt): Use get_pure_location
4712 when comparing against UNKNOWN_LOCATION.
4713 (stmt_requires_new_enode_p): Likewise.
4714 (exploded_graph::dump_exploded_nodes): Likewise.
4715 * supergraph.cc (supernode::get_start_location): Likewise.
4716 (supernode::get_end_location): Likewise.
4717
697251b7
DM		 47182020-01-14 David Malcolm <dmalcolm@redhat.com>
4719
4720 PR analyzer/58237
4721 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
4722 selftest::analyzer_sm_file_cc_tests.
4723 * analyzer-selftests.h (selftest::analyzer_sm_file_cc_tests): New
4724 decl.
4725 * sm-file.cc: Include "analyzer/function-set.h" and
4726 "analyzer/analyzer-selftests.h".
4727 (get_file_using_fns): New function.
4728 (is_file_using_fn_p): New function.
4729 (fileptr_state_machine::on_stmt): Return true for known functions.
4730 (selftest::analyzer_sm_file_cc_tests): New function.
4731
4804c5fe
DM		 47322020-01-14 David Malcolm <dmalcolm@redhat.com>
4733
4734 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
4735 selftest::analyzer_sm_signal_cc_tests.
4736 * analyzer-selftests.h (selftest::analyzer_sm_signal_cc_tests):
4737 New decl.
4738 * sm-signal.cc: Include "analyzer/function-set.h" and
4739 "analyzer/analyzer-selftests.h".
4740 (get_async_signal_unsafe_fns): New function.
4741 (signal_unsafe_p): Reimplement in terms of the above.
4742 (selftest::analyzer_sm_signal_cc_tests): New function.
4743
a6b5f19c
DM		 47442020-01-14 David Malcolm <dmalcolm@redhat.com>
4745
4746 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
4747 selftest::analyzer_function_set_cc_tests.
4748 * analyzer-selftests.h (selftest::analyzer_function_set_cc_tests):
4749 New decl.
4750 * function-set.cc: New file.
4751 * function-set.h: New file.
4752
ef7827b0
DM		 47532020-01-14 David Malcolm <dmalcolm@redhat.com>
4754
4755 * analyzer.h (fndecl_has_gimple_body_p): New decl.
4756 * engine.cc (impl_region_model_context::on_unknown_change): New
4757 function.
4758 (fndecl_has_gimple_body_p): Make non-static.
4759 (exploded_node::on_stmt): Treat __analyzer_dump_exploded_nodes as
4760 known. Track whether we have a call with unknown side-effects and
4761 pass it to on_call_post.
4762 * exploded-graph.h (impl_region_model_context::on_unknown_change):
4763 New decl.
4764 * program-state.cc (sm_state_map::on_unknown_change): New function.
4765 * program-state.h (sm_state_map::on_unknown_change): New decl.
4766 * region-model.cc: Include "bitmap.h".
4767 (region_model::on_call_pre): Return a bool, capturing whether the
4768 call has unknown side effects.
4769 (region_model::on_call_post): Add arg "bool unknown_side_effects"
4770 and if true, call handle_unrecognized_call.
4771 (class reachable_regions): New class.
4772 (region_model::handle_unrecognized_call): New function.
4773 * region-model.h (region_model::on_call_pre): Return a bool.
4774 (region_model::on_call_post): Add arg "bool unknown_side_effects".
4775 (region_model::handle_unrecognized_call): New decl.
4776 (region_model_context::on_unknown_change): New vfunc.
4777 (test_region_model_context::on_unknown_change): New function.
4778
14f9d7b9
DM		 47792020-01-14 David Malcolm <dmalcolm@redhat.com>
4780
4781 * diagnostic-manager.cc (saved_diagnostic::operator==): Move here
4782 from header. Replace pointer equality test on m_var with call to
4783 pending_diagnostic::same_tree_p.
4784 * diagnostic-manager.h (saved_diagnostic::operator==): Move to
4785 diagnostic-manager.cc.
4786 * pending-diagnostic.cc (pending_diagnostic::same_tree_p): New.
4787 * pending-diagnostic.h (pending_diagnostic::same_tree_p): New.
4788 * sm-file.cc (file_diagnostic::subclass_equal_p): Replace pointer
4789 equality on m_arg with call to pending_diagnostic::same_tree_p.
4790 * sm-malloc.cc (malloc_diagnostic::subclass_equal_p): Likewise.
4791 (possible_null_arg::subclass_equal_p): Likewise.
4792 (null_arg::subclass_equal_p): Likewise.
4793 (free_of_non_heap::subclass_equal_p): Likewise.
4794 * sm-pattern-test.cc (pattern_match::operator==): Likewise.
4795 * sm-sensitive.cc (exposure_through_output_file::operator==):
4796 Likewise.
4797 * sm-taint.cc (tainted_array_index::operator==): Likewise.
4798
f474fbd5
DM		 47992020-01-14 David Malcolm <dmalcolm@redhat.com>
4800
4801 * diagnostic-manager.cc (dedupe_winners::add): Add logging
4802 of deduplication decisions made.
4803
757bf1df
DM		 48042020-01-14 David Malcolm <dmalcolm@redhat.com>
4805
4806 * ChangeLog: New file.
4807 * analyzer-selftests.cc: New file.
4808 * analyzer-selftests.h: New file.
4809 * analyzer.opt: New file.
4810 * analysis-plan.cc: New file.
4811 * analysis-plan.h: New file.
4812 * analyzer-logging.cc: New file.
4813 * analyzer-logging.h: New file.
4814 * analyzer-pass.cc: New file.
4815 * analyzer.cc: New file.
4816 * analyzer.h: New file.
4817 * call-string.cc: New file.
4818 * call-string.h: New file.
4819 * checker-path.cc: New file.
4820 * checker-path.h: New file.
4821 * constraint-manager.cc: New file.
4822 * constraint-manager.h: New file.
4823 * diagnostic-manager.cc: New file.
4824 * diagnostic-manager.h: New file.
4825 * engine.cc: New file.
4826 * engine.h: New file.
4827 * exploded-graph.h: New file.
4828 * pending-diagnostic.cc: New file.
4829 * pending-diagnostic.h: New file.
4830 * program-point.cc: New file.
4831 * program-point.h: New file.
4832 * program-state.cc: New file.
4833 * program-state.h: New file.
4834 * region-model.cc: New file.
4835 * region-model.h: New file.
4836 * sm-file.cc: New file.
4837 * sm-malloc.cc: New file.
4838 * sm-malloc.dot: New file.
4839 * sm-pattern-test.cc: New file.
4840 * sm-sensitive.cc: New file.
4841 * sm-signal.cc: New file.
4842 * sm-taint.cc: New file.
4843 * sm.cc: New file.
4844 * sm.h: New file.
4845 * state-purge.cc: New file.
4846 * state-purge.h: New file.
4847 * supergraph.cc: New file.
4848 * supergraph.h: New file.
4849
48502019-12-13 David Malcolm <dmalcolm@redhat.com>
4851
4852 * Initial creation
4853
4854\f
c48514be 4855Copyright (C) 2019-2021 Free Software Foundation, Inc.
757bf1df
DM		 4856
4857Copying and distribution of this file, with or without modification,
4858are permitted in any medium without royalty provided the copyright
4859notice and this notice are preserved.
Mirror of https://gcc.gnu.org/git/gcc.git