]> git.ipfire.org Git - thirdparty/gcc.git/blame - gcc/analyzer/ChangeLog
projects / thirdparty / gcc.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
c++: Add auto_diagnostic_group to check_handlers_1.
[thirdparty/gcc.git] / gcc / analyzer / ChangeLog
CommitLineData
e93aae4a
GA		 12020-10-29 David Malcolm <dmalcolm@redhat.com>
2
3 * program-state.cc (sm_state_map::on_liveness_change): Sort the
4 leaking svalues before calling on_state_leak.
5 (program_state::detect_leaks): Likewise when calling
6 on_svalue_leak.
7 * region-model-reachability.cc
8 (reachable_regions::mark_escaped_clusters): Likewise when
9 calling on_escaped_function.
10
112020-10-29 David Malcolm <dmalcolm@redhat.com>
12
13 PR analyzer/97608
14 * region-model-reachability.cc (reachable_regions::handle_sval):
15 Operands of reachable reversible operations are reachable.
16
172020-10-29 David Malcolm <dmalcolm@redhat.com>
18
19 * analyzer.h (class state_machine): New forward decl.
20 (class logger): Likewise.
21 (class visitor): Likewise.
22 * complexity.cc: New file, taken from svalue.cc.
23 * complexity.h: New file, taken from region-model.h.
24 * region-model.h: Include "analyzer/svalue.h" and
25 "analyzer/region.h". Move struct complexity to complexity.h.
26 Move svalue, its subclasses and supporting decls to svalue.h.
27 Move region, its subclasses and supporting decls to region.h.
28 * region.cc: Include "analyzer/region.h".
29 (symbolic_region::symbolic_region): Move here from region-model.h.
30 * region.h: New file, based on material from region-model.h.
31 * svalue.cc: Include "analyzer/svalue.h".
32 (complexity::complexity): Move to complexity.cc.
33 (complexity::from_pair): Likewise.
34 * svalue.h: New file, based on material from region-model.h.
35
362020-10-29 David Malcolm <dmalcolm@redhat.com>
37
38 * program-state.cc (sm_state_map::print): Guard the printing of
39 the origin pointer with !flag_dump_noaddr.
40 * region.cc (string_region::dump_to_pp): Likewise for
41 m_string_cst.
42
89bb01e7
GA		 432020-10-27 David Malcolm <dmalcolm@redhat.com>
44
45 PR analyzer/97568
46 * region-model.cc (region_model::get_initial_value_for_global):
47 Move check that !DECL_EXTERNAL from here to...
48 * region.cc (decl_region::get_svalue_for_initializer): ...here,
49 using it to reject zero initialization.
50
512020-10-27 Markus Böck <markus.boeck02@gmail.com>
52
53 PR analyzer/96608
54 * store.h (hash): Cast to intptr_t instead of long
55
562020-10-27 David Malcolm <dmalcolm@redhat.com>
57
58 * constraint-manager.cc (svalue_cmp_by_ptr): Delete.
59 (equiv_class::canonicalize): Use svalue::cmp_ptr_ptr instead.
60 (equiv_class_cmp): Eliminate pointer comparison.
61 * diagnostic-manager.cc (dedupe_key::comparator): If they are at
62 the same location, also compare epath ength and pending_diagnostic
63 kind.
64 * engine.cc (readability_comparator): If two path_vars have the
65 same readability, then impose an arbitrary ordering on them.
66 (worklist::key_t::cmp): If two points have the same plan ordering,
67 continue the comparison. Call sm_state_map::cmp rather than
68 comparing hash values.
69 * program-state.cc (sm_state_map::entry_t::cmp): New.
70 (sm_state_map::cmp): New.
71 * program-state.h (sm_state_map::entry_t::cmp): New decl.
72 (sm_state_map::elements): New.
73 (sm_state_map::cmp): New.
74
752020-10-27 David Malcolm <dmalcolm@redhat.com>
76
77 * engine.cc (setjmp_record::cmp): New.
78 (supernode_cluster::dump_dot): Avoid embedding pointer in cluster
79 name.
80 (supernode_cluster::cmp_ptr_ptr): New.
81 (function_call_string_cluster::dump_dot): Avoid embedding pointer
82 in cluster name. Sort m_map when dumping child clusters.
83 (function_call_string_cluster::cmp_ptr_ptr): New.
84 (root_cluster::dump_dot): Sort m_map when dumping child clusters.
85 * program-point.cc (function_point::cmp): New.
86 (function_point::cmp_ptr): New.
87 * program-point.h (function_point::cmp): New decl.
88 (function_point::cmp_ptr): New decl.
89 * program-state.cc (sm_state_map::print): Sort the values. Guard
90 the printing of pointers with !flag_dump_noaddr.
91 (program_state::prune_for_point): Sort the regions.
92 (log_set_of_svalues): Sort the values. Guard the printing of
93 pointers with !flag_dump_noaddr.
94 * region-model-manager.cc (log_uniq_map): Sort the values.
95 * region-model-reachability.cc (dump_set): New function template.
96 (reachable_regions::dump_to_pp): Use it.
97 * region-model.h (svalue::cmp_ptr): New decl.
98 (svalue::cmp_ptr_ptr): New decl.
99 (setjmp_record::cmp): New decl.
100 (placeholder_svalue::get_name): New accessor.
101 (widening_svalue::get_point): New accessor.
102 (compound_svalue::get_map): New accessor.
103 (conjured_svalue::get_stmt): New accessor.
104 (conjured_svalue::get_id_region): New accessor.
105 (region::cmp_ptrs): Rename to...
106 (region::cmp_ptr_ptr): ...this.
107 * region.cc (region::cmp_ptrs): Rename to...
108 (region::cmp_ptr_ptr): ...this.
109 * state-purge.cc
110 (state_purge_per_ssa_name::state_purge_per_ssa_name): Sort
111 m_points_needing_name when dumping.
112 * store.cc (concrete_binding::cmp_ptr_ptr): New.
113 (symbolic_binding::cmp_ptr_ptr): New.
114 (binding_map::cmp): New.
115 (get_sorted_parent_regions): Update for renaming of
116 region::cmp_ptrs to region::cmp_ptr_ptr.
117 (store::dump_to_pp): Likewise.
118 (store::to_json): Likewise.
119 (store::can_merge_p): Sort the base regions before considering
120 them.
121 * store.h (concrete_binding::cmp_ptr_ptr): New decl.
122 (symbolic_binding::cmp_ptr_ptr): New decl.
123 (binding_map::cmp): New decl.
124 * supergraph.cc (supergraph::supergraph): Assign UIDs to the
125 gimple stmts.
126 * svalue.cc (cmp_cst): New.
127 (svalue::cmp_ptr): New.
128 (svalue::cmp_ptr_ptr): New.
129
1302020-10-27 David Malcolm <dmalcolm@redhat.com>
131
132 * engine.cc (exploded_graph::get_or_create_node): Fix off-by-one
133 when imposing param_analyzer_max_enodes_per_program_point limit.
134
1352020-10-27 David Malcolm <dmalcolm@redhat.com>
136
137 * region-model.cc (region_model::get_representative_path_var):
138 Implement case RK_LABEL.
139 * region-model.h (label_region::get_label): New accessor.
140
43868df3
GA		 1412020-10-22 David Malcolm <dmalcolm@redhat.com>
142
143 PR analyzer/97514
144 * engine.cc (exploded_graph::add_function_entry): Handle failure
145 to create an enode, rather than asserting.
146
1472020-10-22 David Malcolm <dmalcolm@redhat.com>
148
149 PR analyzer/97489
150 * engine.cc (exploded_graph::add_function_entry): Assert that we
151 have a function body.
152 (exploded_graph::on_escaped_function): Reject fndecls that don't
153 have a function body.
154
b2698c21
GA		 1552020-10-14 David Malcolm <dmalcolm@redhat.com>
156
157 PR analyzer/93388
158 * region-model.cc (region_model::get_initial_value_for_global):
159 Fall back to returning an initial_svalue if
160 decl_region::get_svalue_for_initializer fails.
161 * region.cc (decl_region::get_svalue_for_initializer): Don't
162 attempt to create a compound_svalue if the region has an unknown
163 size.
164
1652020-10-14 David Malcolm <dmalcolm@redhat.com>
166
167 PR analyzer/93723
168 * store.cc (binding_map::apply_ctor_to_region): Remove redundant
169 assertion.
170
8be127ca
GA		 1712020-10-12 David Malcolm <dmalcolm@redhat.com>
172
173 PR analyzer/97258
174 * engine.cc (impl_region_model_context::on_escaped_function): New
175 vfunc.
176 (exploded_graph::add_function_entry): Use m_functions_with_enodes
177 to implement idempotency.
178 (add_any_callbacks): New.
179 (exploded_graph::build_initial_worklist): Use the above to find
180 callbacks that are reachable from global initializers.
181 (exploded_graph::on_escaped_function): New.
182 * exploded-graph.h
183 (impl_region_model_context::on_escaped_function): New decl.
184 (exploded_graph::on_escaped_function): New decl.
185 (exploded_graph::m_functions_with_enodes): New field.
186 * region-model-reachability.cc
187 (reachable_regions::reachable_regions): Replace "store" param with
188 "model" param; use it to initialize m_model.
189 (reachable_regions::add): When getting the svalue for the region,
190 call get_store_value on the model rather than using an initial
191 value.
192 (reachable_regions::mark_escaped_clusters): Add ctxt param and
193 use it to call on_escaped_function when a function_region escapes.
194 * region-model-reachability.h
195 (reachable_regions::reachable_regions): Replace "store" param with
196 "model" param.
197 (reachable_regions::mark_escaped_clusters): Add ctxt param.
198 (reachable_regions::m_model): New field.
199 * region-model.cc (region_model::handle_unrecognized_call): Update
200 for change in reachable_regions ctor.
201 (region_model::handle_unrecognized_call): Pass ctxt to
202 mark_escaped_clusters.
203 (region_model::get_reachable_svalues): Update for change in
204 reachable_regions ctor.
205 (region_model::get_initial_value_for_global): Read-only variables
206 keep their initial values.
207 * region-model.h (region_model_context::on_escaped_function): New
208 vfunc.
209 (noop_region_model_context::on_escaped_function): New.
210
2112020-10-12 David Malcolm <dmalcolm@redhat.com>
212
213 * analyzer.opt (Wanalyzer-write-to-const): New.
214 (Wanalyzer-write-to-string-literal): New.
215 * region-model-impl-calls.cc (region_model::impl_call_memcpy):
216 Call check_for_writable_region.
217 (region_model::impl_call_memset): Likewise.
218 (region_model::impl_call_strcpy): Likewise.
219 * region-model.cc (class write_to_const_diagnostic): New.
220 (class write_to_string_literal_diagnostic): New.
221 (region_model::check_for_writable_region): New.
222 (region_model::set_value): Call check_for_writable_region.
223 * region-model.h (region_model::check_for_writable_region): New
224 decl.
225
6caec77e
GA		 2262020-10-07 David Malcolm <dmalcolm@redhat.com>
227
228 PR analyzer/97116
229 * sm-malloc.cc (method_p): New.
230 (describe_argument_index): New.
231 (inform_nonnull_attribute): Use describe_argument_index.
232 (possible_null_arg::describe_final_event): Likewise.
233 (null_arg::describe_final_event): Likewise.
234
93bca37c
GA		 2352020-09-29 David Malcolm <dmalcolm@redhat.com>
236
237 PR analyzer/95188
238 * engine.cc (stmt_requires_new_enode_p): Split enodes before
239 "signal" calls.
240
2412020-09-29 David Malcolm <dmalcolm@redhat.com>
242
243 * constraint-manager.cc
244 (constraint_manager::add_constraint_internal): Whitespace fixes.
245 Silence -Wsign-compare warning.
246 * engine.cc (maybe_process_run_of_before_supernode_enodes):
247 Silence -Wsign-compare warning.
248
e84761c6
GA		 2492020-09-28 David Malcolm <dmalcolm@redhat.com>
250
251 * region-model.h (binop_svalue::dyn_cast_binop_svalue): Remove
252 redundant "virtual". Add FINAL OVERRIDE.
253 (widening_svalue::dyn_cast_widening_svalue): Add FINAL OVERRIDE.
254 (compound_svalue::dyn_cast_compound_svalue): Likewise.
255 (conjured_svalue::dyn_cast_conjured_svalue): Likewise.
256
2572020-09-28 David Malcolm <dmalcolm@redhat.com>
258
259 * diagnostic-manager.cc (null_assignment_sm_context::m_visitor):
260 Remove unused field.
261
2622020-09-28 David Malcolm <dmalcolm@redhat.com>
263
264 PR analyzer/97233
265 * analyzer.cc (is_longjmp_call_p): Require the initial argument
266 to be a pointer.
267 * engine.cc (exploded_node::on_longjmp): Likewise.
268
2692020-09-28 David Malcolm <dmalcolm@redhat.com>
270
271 * program-state.cc (sm_state_map::print): Update check
272 for m_global_state being the start state.
273
91dd4a38
GA		 2742020-09-26 David Malcolm <dmalcolm@redhat.com>
275
276 PR analyzer/96646
277 PR analyzer/96841
278 * region-model.cc (region_model::get_representative_path_var):
279 When handling offset_region, wrap the MEM_REF's first argument in
280 an ADDR_EXPR of pointer type, rather than simply using the tree
281 for the parent region. Require the MEM_REF's second argument to
282 be an integer constant.
283
a2b7397b
GA		 2842020-09-24 David Malcolm <dmalcolm@redhat.com>
285
286 * analyzer.h (struct rejected_constraint): New decl.
287 * analyzer.opt (fanalyzer-feasibility): New option.
288 * diagnostic-manager.cc (path_builder::path_builder): Add
289 "problem" param and use it to initialize new field.
290 (path_builder::get_feasibility_problem): New accessor.
291 (path_builder::m_feasibility_problem): New field.
292 (dedupe_winners::add): Remove inversion of logic in "if" clause,
293 swapping if/else suites. In the !feasible_p suite, inspect
294 flag_analyzer_feasibility and add code to handle when this
295 is off, accepting the infeasible path, but recording the
296 feasibility_problem.
297 (diagnostic_manager::emit_saved_diagnostic): Pass the
298 feasibility_problem to the path_builder.
299 (diagnostic_manager::add_events_for_eedge): If we have
300 a feasibility_problem at this edge, use it to add a custom event.
301 * engine.cc (exploded_path::feasible_p): Pass a
302 rejected_constraint ** to model.maybe_update_for_edge and transfer
303 ownership of any created instance to any feasibility_problem.
304 (feasibility_problem::dump_to_pp): New.
305 * exploded-graph.h (feasibility_problem::feasibility_problem):
306 Drop "model" param; add rejected_constraint * param.
307 (feasibility_problem::~feasibility_problem): New.
308 (feasibility_problem::dump_to_pp): New decl.
309 (feasibility_problem::m_model): Drop field.
310 (feasibility_problem::m_rc): New field.
311 * program-point.cc (function_point::get_location): Handle
312 PK_BEFORE_SUPERNODE and PK_AFTER_SUPERNODE.
313 * program-state.cc (program_state::on_edge): Pass NULL to new
314 param of region_model::maybe_update_for_edge.
315 * region-model.cc (region_model::add_constraint): New overload
316 adding a rejected_constraint ** param.
317 (region_model::maybe_update_for_edge): Add rejected_constraint **
318 param and pass it to the various apply_constraints_for_ calls.
319 (region_model::apply_constraints_for_gcond): Add
320 rejected_constraint ** param and pass it to add_constraint calls.
321 (region_model::apply_constraints_for_gswitch): Likewise.
322 (region_model::apply_constraints_for_exception): Likewise.
323 (rejected_constraint::dump_to_pp): New.
324 * region-model.h (region_model::maybe_update_for_edge):
325 Add rejected_constraint ** param.
326 (region_model::add_constraint): New overload adding a
327 rejected_constraint ** param.
328 (region_model::apply_constraints_for_gcond): Add
329 rejected_constraint ** param.
330 (region_model::apply_constraints_for_gswitch): Likewise.
331 (region_model::apply_constraints_for_exception): Likewise.
332 (struct rejected_constraint): New.
333
82b77dee
GA		 3342020-09-23 David Malcolm <dmalcolm@redhat.com>
335
336 PR analyzer/97178
337 * engine.cc (impl_run_checkers): Update for change to ext_state
338 ctor.
339 * program-state.cc (selftest::test_sm_state_map): Pass an engine
340 instance to ext_state ctor.
341 (selftest::test_program_state_1): Likewise.
342 (selftest::test_program_state_2): Likewise.
343 (selftest::test_program_state_merging): Likewise.
344 (selftest::test_program_state_merging_2): Likewise.
345 * program-state.h (extrinsic_state::extrinsic_state): Remove NULL
346 default value for "eng" param.
347
3482020-09-23 Tobias Burnus <tobias@codesourcery.com>
349
350 * analyzer-logging.cc: Guard '#pragma ... ignored "-Wformat-diag"'
351 by '#if __GNUC__ >= 10'
352 * analyzer.h: Likewise.
353 * call-string.cc: Likewise.
354
3552020-09-23 David Malcolm <dmalcolm@redhat.com>
356
357 * engine.cc (exploded_node::on_stmt): Replace sequence of dyn_cast
358 with switch.
359
521d2711
GA		 3602020-09-22 David Malcolm <dmalcolm@redhat.com>
361
362 * analysis-plan.cc: Include "json.h".
363 * analyzer.opt (fdump-analyzer-json): New.
364 * call-string.cc: Include "json.h".
365 (call_string::to_json): New.
366 * call-string.h (call_string::to_json): New decl.
367 * checker-path.cc: Include "json.h".
368 * constraint-manager.cc: Include "json.h".
369 (equiv_class::to_json): New.
370 (constraint::to_json): New.
371 (constraint_manager::to_json): New.
372 * constraint-manager.h (equiv_class::to_json): New decl.
373 (constraint::to_json): New decl.
374 (constraint_manager::to_json): New decl.
375 * diagnostic-manager.cc: Include "json.h".
376 (saved_diagnostic::to_json): New.
377 (diagnostic_manager::to_json): New.
378 * diagnostic-manager.h (saved_diagnostic::to_json): New decl.
379 (diagnostic_manager::to_json): New decl.
380 * engine.cc: Include "json.h", <zlib.h>.
381 (exploded_node::status_to_str): New.
382 (exploded_node::to_json): New.
383 (exploded_edge::to_json): New.
384 (exploded_graph::to_json): New.
385 (dump_analyzer_json): New.
386 (impl_run_checkers): Call it.
387 * exploded-graph.h (exploded_node::status_to_str): New decl.
388 (exploded_node::to_json): New.
389 (exploded_edge::to_json): New.
390 (exploded_graph::to_json): New.
391 * pending-diagnostic.cc: Include "json.h".
392 * program-point.cc: Include "json.h".
393 (program_point::to_json): New.
394 * program-point.h (program_point::to_json): New decl.
395 * program-state.cc: Include "json.h".
396 (extrinsic_state::to_json): New.
397 (sm_state_map::to_json): New.
398 (program_state::to_json): New.
399 * program-state.h (extrinsic_state::to_json): New decl.
400 (sm_state_map::to_json): New decl.
401 (program_state::to_json): New decl.
402 * region-model-impl-calls.cc: Include "json.h".
403 * region-model-manager.cc: Include "json.h".
404 * region-model-reachability.cc: Include "json.h".
405 * region-model.cc: Include "json.h".
406 * region-model.h (svalue::to_json): New decl.
407 (region::to_json): New decl.
408 * region.cc: Include "json.h".
409 (region::to_json: New.
410 * sm-file.cc: Include "json.h".
411 * sm-malloc.cc: Include "json.h".
412 * sm-pattern-test.cc: Include "json.h".
413 * sm-sensitive.cc: Include "json.h".
414 * sm-signal.cc: Include "json.h".
415 (signal_delivery_edge_info_t::to_json): New.
416 * sm-taint.cc: Include "json.h".
417 * sm.cc: Include "diagnostic.h", "tree-diagnostic.h", and
418 "json.h".
419 (state_machine::state::to_json): New.
420 (state_machine::to_json): New.
421 * sm.h (state_machine::state::to_json): New.
422 (state_machine::to_json): New.
423 * state-purge.cc: Include "json.h".
424 * store.cc: Include "json.h".
425 (binding_key::get_desc): New.
426 (binding_map::to_json): New.
427 (binding_cluster::to_json): New.
428 (store::to_json): New.
429 * store.h (binding_key::get_desc): New decl.
430 (binding_map::to_json): New decl.
431 (binding_cluster::to_json): New decl.
432 (store::to_json): New decl.
433 * supergraph.cc: Include "json.h".
434 (supergraph::to_json): New.
435 (supernode::to_json): New.
436 (superedge::to_json): New.
437 * supergraph.h (supergraph::to_json): New decl.
438 (supernode::to_json): New decl.
439 (superedge::to_json): New decl.
440 * svalue.cc: Include "json.h".
441 (svalue::to_json): New.
442
44135373
GA		 4432020-09-21 David Malcolm <dmalcolm@redhat.com>
444
445 PR analyzer/97130
446 * region-model-impl-calls.cc (call_details::get_arg_type): New.
447 * region-model.cc (region_model::on_call_pre): Check that the
448 initial arg is a pointer before calling impl_call_memset and
449 impl_call_strlen.
450 * region-model.h (call_details::get_arg_type): New decl.
451
4522020-09-21 David Malcolm <dmalcolm@redhat.com>
453
454 PR analyzer/93355
455 * sm-malloc.cc (malloc_state_machine::get_default_state): Look at
456 the base region when considering pointers. Treat pointers to
457 decls as being non-heap.
458
239601c5
GA		 4592020-09-18 David Malcolm <dmalcolm@redhat.com>
460
461 * checker-path.cc (warning_event::get_desc): Handle global state
462 changes.
463
4642020-09-18 David Malcolm <dmalcolm@redhat.com>
465
466 * sm-malloc.cc (malloc_state_machine::on_stmt): Handle strdup and
467 strndup as being malloc-like allocators.
468
ecde1b0a
GA		 4692020-09-16 David Malcolm <dmalcolm@redhat.com>
470
471 * engine.cc (strongly_connected_components::strong_connect): Only
472 consider intraprocedural edges when creating SCCs.
473 (worklist::key_t::cmp): Add comment. Treat call_string
474 differences as more important than differences of program_point
475 within a supernode.
476
4772020-09-16 David Malcolm <dmalcolm@redhat.com>
478
479 * engine.cc (supernode_cluster::dump_dot): Show the SCC id
480 in the per-supernode clusters in FILENAME.eg.dot output.
481 (exploded_graph_annotator::add_node_annotations):
482 Show the SCC of the supernode in FILENAME.supernode.eg.dot output.
483 * exploded-graph.h (worklist::scc_id): New.
484 (exploded_graph::get_scc_id): New.
485
4862020-09-16 David Malcolm <dmalcolm@redhat.com>
487
488 * engine.cc (exploded_node::dump_dot): Show STATUS_BULK_MERGED.
489 (exploded_graph::process_worklist): Call
490 maybe_process_run_of_before_supernode_enodes.
491 (exploded_graph::maybe_process_run_of_before_supernode_enodes):
492 New.
493 (exploded_graph_annotator::print_enode): Show STATUS_BULK_MERGED.
494 * exploded-graph.h (enum exploded_node::status): Add
495 STATUS_BULK_MERGED.
496
4972020-09-16 David Malcolm <dmalcolm@redhat.com>
498
499 * engine.cc
500 (exploded_graph::process_node) <case PK_BEFORE_SUPERNODE>:
501 Simplify by using program_point::get_next.
502 * program-point.cc (program_point::get_next): New.
503 * program-point.h (program_point::get_next): New decl.
504
5052020-09-16 David Malcolm <dmalcolm@redhat.com>
506
507 * engine.cc (exploded_graph::get_or_create_node): Show the
508 program point when issuing -Wanalyzer-too-complex due to hitting
509 the per-program-point limit.
510
5112020-09-16 David Malcolm <dmalcolm@redhat.com>
512
513 * region-model.cc (region_model::on_call_pre): Treat getchar as
514 having no side-effects.
515
9f7ab8c5
GA		 5162020-09-15 David Malcolm <dmalcolm@redhat.com>
517
518 PR analyzer/96650
519 * constraint-manager.cc (merger_fact_visitor::on_fact): Replace
520 assertion that add_constraint succeeded with an assertion that
521 if it fails, -fanalyzer-transitivity is off.
522
50a71cd0
GA		 5232020-09-14 David Malcolm <dmalcolm@redhat.com>
524
525 * analyzer.opt (-param=analyzer-max-constraints=): New param.
526 * constraint-manager.cc
527 (constraint_manager::add_constraint_internal): Silently reject
528 attempts to add constraints when the above limit is reached.
529
5302020-09-14 David Malcolm <dmalcolm@redhat.com>
531
532 PR analyzer/96653
533 * constraint-manager.cc
534 (constraint_manager::get_or_add_equiv_class): Don't accumulate
535 transitive closure of all constraints on constants.
536
5372020-09-14 David Malcolm <dmalcolm@redhat.com>
538
539 PR analyzer/97029
540 * analyzer.cc (is_setjmp_call_p): Require the initial arg to be a
541 pointer.
542 * region-model.cc (region_model::deref_rvalue): Assert that the
543 svalue is of pointer type.
544
ac35c090
GA		 5452020-09-11 David Malcolm <dmalcolm@redhat.com>
546
547 PR analyzer/96798
548 * region-model-impl-calls.cc (region_model::impl_call_memcpy):
549 New.
550 (region_model::impl_call_strcpy): New.
551 * region-model.cc (region_model::on_call_pre): Flag unhandled
552 builtins that are non-pure as having unknown side-effects.
553 Implement BUILT_IN_MEMCPY, BUILT_IN_MEMCPY_CHK, BUILT_IN_STRCPY,
554 BUILT_IN_STRCPY_CHK, BUILT_IN_FPRINTF, BUILT_IN_FPRINTF_UNLOCKED,
555 BUILT_IN_PUTC, BUILT_IN_PUTC_UNLOCKED, BUILT_IN_FPUTC,
556 BUILT_IN_FPUTC_UNLOCKED, BUILT_IN_FPUTS, BUILT_IN_FPUTS_UNLOCKED,
557 BUILT_IN_FWRITE, BUILT_IN_FWRITE_UNLOCKED, BUILT_IN_PRINTF,
558 BUILT_IN_PRINTF_UNLOCKED, BUILT_IN_PUTCHAR,
559 BUILT_IN_PUTCHAR_UNLOCKED, BUILT_IN_PUTS, BUILT_IN_PUTS_UNLOCKED,
560 BUILT_IN_VFPRINTF, BUILT_IN_VPRINTF.
561 * region-model.h (region_model::impl_call_memcpy): New decl.
562 (region_model::impl_call_strcpy): New decl.
563
80f86e78
GA		 5642020-09-09 David Malcolm <dmalcolm@redhat.com>
565
566 PR analyzer/94355
567 * analyzer.opt (Wanalyzer-mismatching-deallocation): New warning.
568 * region-model-impl-calls.cc
569 (region_model::impl_call_operator_new): New.
570 (region_model::impl_call_operator_delete): New.
571 * region-model.cc (region_model::on_call_pre): Detect operator new
572 and operator delete.
573 (region_model::on_call_post): Likewise.
574 (region_model::maybe_update_for_edge): Detect EH edges and call...
575 (region_model::apply_constraints_for_exception): New function.
576 * region-model.h (region_model::impl_call_operator_new): New decl.
577 (region_model::impl_call_operator_delete): New decl.
578 (region_model::apply_constraints_for_exception): New decl.
579 * sm-malloc.cc (enum resource_state): New.
580 (struct allocation_state): New state subclass.
581 (enum wording): New.
582 (struct api): New.
583 (malloc_state_machine::custom_data_t): New typedef.
584 (malloc_state_machine::add_state): New decl.
585 (malloc_state_machine::m_unchecked)
586 (malloc_state_machine::m_nonnull)
587 (malloc_state_machine::m_freed): Delete these states in favor
588 of...
589 (malloc_state_machine::m_malloc)
590 (malloc_state_machine::m_scalar_new)
591 (malloc_state_machine::m_vector_new): ...this new api instances,
592 which own their own versions of these states.
593 (malloc_state_machine::on_allocator_call): New decl.
594 (malloc_state_machine::on_deallocator_call): New decl.
595 (api::api): New ctor.
596 (dyn_cast_allocation_state): New.
597 (as_a_allocation_state): New.
598 (get_rs): New.
599 (unchecked_p): New.
600 (nonnull_p): New.
601 (freed_p): New.
602 (malloc_diagnostic::describe_state_change): Use unchecked_p and
603 nonnull_p.
604 (class mismatching_deallocation): New.
605 (double_free::double_free): Add funcname param for initializing
606 m_funcname.
607 (double_free::emit): Use m_funcname in warning message rather
608 than hardcoding "free".
609 (double_free::describe_state_change): Likewise. Use freed_p.
610 (double_free::describe_call_with_state): Use freed_p.
611 (double_free::describe_final_event): Use m_funcname in message
612 rather than hardcoding "free".
613 (double_free::m_funcname): New field.
614 (possible_null::describe_state_change): Use unchecked_p.
615 (possible_null::describe_return_of_state): Likewise.
616 (use_after_free::use_after_free): Add param for initializing m_api.
617 (use_after_free::emit): Use m_api->m_dealloc_funcname in message
618 rather than hardcoding "free".
619 (use_after_free::describe_state_change): Use freed_p. Change the
620 wording of the message based on the API.
621 (use_after_free::describe_final_event): Use
622 m_api->m_dealloc_funcname in message rather than hardcoding
623 "free". Change the wording of the message based on the API.
624 (use_after_free::m_api): New field.
625 (malloc_leak::describe_state_change): Use unchecked_p. Update
626 for renaming of m_malloc_event to m_alloc_event.
627 (malloc_leak::describe_final_event): Update for renaming of
628 m_malloc_event to m_alloc_event.
629 (malloc_leak::m_malloc_event): Rename...
630 (malloc_leak::m_alloc_event): ...to this.
631 (free_of_non_heap::free_of_non_heap): Add param for initializing
632 m_funcname.
633 (free_of_non_heap::emit): Use m_funcname in message rather than
634 hardcoding "free".
635 (free_of_non_heap::describe_final_event): Likewise.
636 (free_of_non_heap::m_funcname): New field.
637 (allocation_state::dump_to_pp): New.
638 (allocation_state::get_nonnull): New.
639 (malloc_state_machine::malloc_state_machine): Update for changes
640 to state fields and new api fields.
641 (malloc_state_machine::add_state): New.
642 (malloc_state_machine::on_stmt): Move malloc/calloc handling to
643 on_allocator_call and call it, passing in the API pointer.
644 Likewise for free, moving it to on_deallocator_call. Handle calls
645 to operator new and delete in an analogous way. Use unchecked_p
646 when testing for possibly-null-arg and possibly-null-deref, and
647 transition to the non-null for the correct API. Remove redundant
648 node param from call to on_zero_assignment. Use freed_p for
649 use-after-free check, and pass in API.
650 (malloc_state_machine::on_allocator_call): New, based on code in
651 on_stmt.
652 (malloc_state_machine::on_deallocator_call): Likewise.
653 (malloc_state_machine::on_phi): Mark node param with
654 ATTRIBUTE_UNUSED; don't pass it to on_zero_assignment.
655 (malloc_state_machine::on_condition): Mark node param with
656 ATTRIBUTE_UNUSED. Replace on_transition calls with get_state and
657 set_next_state pairs, transitioning to the non-null state for the
658 appropriate API.
659 (malloc_state_machine::can_purge_p): Port to new state approach.
660 (malloc_state_machine::on_zero_assignment): Replace on_transition
661 calls with get_state and set_next_state pairs. Drop redundant
662 node param.
663 * sm.h (state_machine::add_custom_state): New.
664
6652020-09-09 David Malcolm <dmalcolm@redhat.com>
666
667 * diagnostic-manager.cc
668 (null_assignment_sm_context::warn_for_state): Replace with...
669 (null_assignment_sm_context::warn): ...this.
670 * engine.cc (impl_sm_context::warn_for_state): Replace with...
671 (impl_sm_context::warn): ...this.
672 * sm-file.cc (fileptr_state_machine::on_stmt): Replace
673 warn_for_state and on_transition calls with a get_state
674 test guarding warn and set_next_state calls.
675 * sm-malloc.cc (malloc_state_machine::on_stmt): Likewise.
676 * sm-pattern-test.cc (pattern_test_state_machine::on_condition):
677 Replace warn_for_state call with warn call.
678 * sm-sensitive.cc
679 (sensitive_state_machine::warn_for_any_exposure): Replace
680 warn_for_state call with a get_state test guarding a warn call.
681 * sm-signal.cc (signal_state_machine::on_stmt): Likewise.
682 * sm-taint.cc (taint_state_machine::on_stmt): Replace
683 warn_for_state and on_transition calls with a get_state
684 test guarding warn and set_next_state calls.
685 * sm.h (sm_context::warn_for_state): Replace with...
686 (sm_context::warn): ...this.
687
6882020-09-09 David Malcolm <dmalcolm@redhat.com>
689
690 * diagnostic-manager.cc
691 (null_assignment_sm_context::null_assignment_sm_context): Add old_state
692 and ext_state params, initializing m_old_state and m_ext_state.
693 (null_assignment_sm_context::on_transition): Split into...
694 (null_assignment_sm_context::get_state): ...this new vfunc
695 implementation and...
696 (null_assignment_sm_context::set_next_state): ...this new vfunc
697 implementation.
698 (null_assignment_sm_context::m_old_state): New field.
699 (null_assignment_sm_context::m_ext_state): New field.
700 (diagnostic_manager::add_events_for_eedge): Pass in old state and
701 ext_state when creating sm_ctxt.
702 * engine.cc (impl_sm_context::on_transition): Split into...
703 (impl_sm_context::get_state): ...this new vfunc
704 implementation and...
705 (impl_sm_context::set_next_state): ...this new vfunc
706 implementation.
707 * sm.h (sm_context::get_state): New pure virtual function.
708 (sm_context::set_next_state): Likewise.
709 (sm_context::on_transition): Convert from a pure virtual function
710 to a regular function implemented in terms of get_state and
711 set_next_state.
712
7132020-09-09 David Malcolm <dmalcolm@redhat.com>
714
715 * checker-path.cc (state_change_event::get_desc): Update
716 state_machine::get_state_name calls to state::get_name.
717 (warning_event::get_desc): Likewise.
718 * diagnostic-manager.cc
719 (null_assignment_sm_context::on_transition): Update comparison
720 against 0 with comparison with m_sm.get_start_state.
721 (diagnostic_manager::prune_for_sm_diagnostic): Update
722 state_machine::get_state_name calls to state::get_name.
723 * engine.cc (impl_sm_context::on_transition): Likewise.
724 (exploded_node::get_dot_fillcolor): Use get_id when summing
725 the sm states.
726 * program-state.cc (sm_state_map::sm_state_map): Don't hardcode
727 0 as the start state when initializing m_global_state.
728 (sm_state_map::print): Use dump_to_pp rather than get_state_name
729 when dumping states.
730 (sm_state_map::is_empty_p): Don't hardcode 0 as the start state
731 when examining m_global_state.
732 (sm_state_map::hash): Use get_id when hashing states.
733 (selftest::test_sm_state_map): Use state objects rather than
734 arbitrary hardcoded integers.
735 (selftest::test_program_state_merging): Likewise.
736 (selftest::test_program_state_merging_2): Likewise.
737 * sm-file.cc (fileptr_state_machine::m_start): Move to base class.
738 (file_diagnostic::describe_state_change): Use get_start_state.
739 (fileptr_state_machine::fileptr_state_machine): Drop m_start
740 initialization.
741 * sm-malloc.cc (malloc_state_machine::m_start): Move to base
742 class.
743 (malloc_diagnostic::describe_state_change): Use get_start_state.
744 (possible_null::describe_state_change): Likewise.
745 (malloc_state_machine::malloc_state_machine): Drop m_start
746 initialization.
747 * sm-pattern-test.cc (pattern_test_state_machine::m_start): Move
748 to base class.
749 (pattern_test_state_machine::pattern_test_state_machine): Drop
750 m_start initialization.
751 * sm-sensitive.cc (sensitive_state_machine::m_start): Move to base
752 class.
753 (sensitive_state_machine::sensitive_state_machine): Drop m_start
754 initialization.
755 * sm-signal.cc (signal_state_machine::m_start): Move to base
756 class.
757 (signal_state_machine::signal_state_machine): Drop m_start
758 initialization.
759 * sm-taint.cc (taint_state_machine::m_start): Move to base class.
760 (taint_state_machine::taint_state_machine): Drop m_start
761 initialization.
762 * sm.cc (state_machine::state::dump_to_pp): New.
763 (state_machine::state_machine): Move here from sm.h. Initialize
764 m_next_state_id and m_start.
765 (state_machine::add_state): Reimplement in terms of state objects.
766 (state_machine::get_state_name): Delete.
767 (state_machine::get_state_by_name): Reimplement in terms of state
768 objects. Make const.
769 (state_machine::validate): Delete.
770 (state_machine::dump_to_pp): Reimplement in terms of state
771 objects.
772 * sm.h (state_machine::state): New class.
773 (state_machine::state_t): Convert typedef from "unsigned" to
774 "const state_machine::state *".
775 (state_machine::state_machine): Move to sm.cc.
776 (state_machine::get_default_state): Use m_start rather than
777 hardcoding 0.
778 (state_machine::get_state_name): Delete.
779 (state_machine::get_state_by_name): Make const.
780 (state_machine::get_start_state): New accessor.
781 (state_machine::alloc_state_id): New.
782 (state_machine::m_state_names): Drop in favor of...
783 (state_machine::m_states): New field
784 (state_machine::m_start): New field
785 (start_start_p): Delete.
786
31a05046
GA		 7872020-09-08 David Malcolm <dmalcolm@redhat.com>
788
789 PR analyzer/96949
790 * store.cc (binding_map::apply_ctor_val_to_range): Add
791 error-handling for the cases where we have symbolic offsets.
792
7932020-09-08 David Malcolm <dmalcolm@redhat.com>
794
795 PR analyzer/96950
796 * store.cc (binding_map::apply_ctor_to_region): Handle RANGE_EXPR
797 where min_index == max_index.
798 (binding_map::apply_ctor_val_to_range): Replace assertion that we
799 don't have a CONSTRUCTOR value with error-handling.
800
8012020-09-08 David Malcolm <dmalcolm@redhat.com>
802
803 PR analyzer/96962
804 * region-model.cc (region_model::on_call_pre): Fix guard on switch
805 on built-ins to only consider BUILT_IN_NORMAL, rather than other
806 kinds of build-ins.
807
e1a4a8a0
GA		 8082020-09-01 David Malcolm <dmalcolm@redhat.com>
809
810 PR analyzer/96792
811 * region-model.cc (region_model::deref_rvalue): Add the constraint
812 that PTR_SVAL is non-NULL.
813
13e4ba28
GA		 8142020-08-31 David Malcolm <dmalcolm@redhat.com>
815
816 PR analyzer/96798
817 * region-model.cc (region_model::on_call_pre): Handle
818 BUILT_IN_MEMSET_CHK.
819
8202020-08-31 David Malcolm <dmalcolm@redhat.com>
821
822 * region-model.cc (region_model::on_call_pre): Gather handling of
823 builtins and of internal fns into switch statements. Handle
824 "alloca" and BUILT_IN_ALLOCA_WITH_ALIGN.
825
8262020-08-31 David Malcolm <dmalcolm@redhat.com>
827
828 PR analyzer/96860
829 * region.cc (decl_region::get_svalue_for_constructor): Support
830 apply_ctor_to_region failing.
831 * store.cc (binding_map::apply_ctor_to_region): Add failure
832 handling.
833 (binding_map::apply_ctor_val_to_range): Likewise.
834 (binding_map::apply_ctor_pair_to_child_region): Likewise. Replace
835 assertion that child_base_offset is not symbolic with error
836 handling.
837 * store.h (binding_map::apply_ctor_to_region): Convert return type
838 from void to bool.
839 (binding_map::apply_ctor_val_to_range): Likewise.
840 (binding_map::apply_ctor_pair_to_child_region): Likewise.
841
8422020-08-31 David Malcolm <dmalcolm@redhat.com>
843
844 PR analyzer/96763
845 * store.cc (binding_map::apply_ctor_to_region): Handle RANGE_EXPR
846 by calling a new binding_map::apply_ctor_val_to_range subroutine.
847 Split out the existing non-CONSTRUCTOR-handling code to a new
848 apply_ctor_pair_to_child_region subroutine.
849 (binding_map::apply_ctor_val_to_range): New.
850 (binding_map::apply_ctor_pair_to_child_region): New, split out
851 from binding_map::apply_ctor_to_region as noted above.
852 * store.h (binding_map::apply_ctor_val_to_range): New decl.
853 (binding_map::apply_ctor_pair_to_child_region): New decl.
854
8552020-08-31 David Malcolm <dmalcolm@redhat.com>
856
857 PR analyzer/96764
858 * region-model-manager.cc
859 (region_model_manager::maybe_fold_unaryop): Handle VIEW_CONVERT_EXPR.
860 (region_model_manager::get_or_create_cast): Move logic for
861 real->integer casting to...
862 (get_code_for_cast): ...this new function, and add logic for
863 real->non-integer casts.
864 (region_model_manager::maybe_fold_sub_svalue): Handle
865 VIEW_CONVERT_EXPR.
866 * region-model.cc
867 (region_model::add_any_constraints_from_gassign): Likewise.
868 * svalue.cc (svalue::maybe_undo_cast): Likewise.
869 (unaryop_svalue::dump_to_pp): Likewise.
870
57ea0894
GA		 8712020-08-26 David Malcolm <dmalcolm@redhat.com>
872
873 PR analyzer/94858
874 * region-model-manager.cc
875 (region_model_manager::get_or_create_widening_svalue): Assert that
876 neither of the inputs are themselves widenings.
877 * store.cc (store::eval_alias_1): The initial value of a pointer
878 can't point to a region that was allocated on the heap after the
879 beginning of the path. A widened pointer value can't alias anything
880 that the initial pointer value can't alias.
881 * svalue.cc (svalue::can_merge_p): Merge BINOP (X, OP, CST) with X
882 to a widening svalue. Merge
883 BINOP(WIDENING(BASE, BINOP(BASE, X)), X) and BINOP(BASE, X) to
884 to the LHS of the first BINOP.
885
8862020-08-26 David Malcolm <dmalcolm@redhat.com>
887
888 PR analyzer/96777
889 * region-model.h (class compound_svalue): Document that all keys
890 must be concrete.
891 (compound_svalue::compound_svalue): Move definition to svalue.cc.
892 * store.cc (binding_map::apply_ctor_to_region): Handle
893 initializers for trailing arrays with incomplete size.
894 * svalue.cc (compound_svalue::compound_svalue): Move definition
895 here from region-model.h. Add assertion that all keys are
896 concrete.
897
e769f970
GA		 8982020-08-22 David Malcolm <dmalcolm@redhat.com>
899
900 PR analyzer/94851
901 * region-model-manager.cc
902 (region_model_manager::maybe_fold_binop): Fold bitwise "& 0" to 0.
903
9042020-08-22 David Malcolm <dmalcolm@redhat.com>
905
906 * store.cc (store::eval_alias): Make const. Split out 2nd half
907 into store::eval_alias_1 and call it twice for symmetry, avoiding
908 test duplication.
909 (store::eval_alias_1): New function, split out from the above.
910 * store.h (store::eval_alias): Make const.
911 (store::eval_alias_1): New decl.
912
9132020-08-22 David Malcolm <dmalcolm@redhat.com>
914
915 * region-model.cc (region_model::push_frame): Bind the default
916 SSA name for each parm if it exists, falling back to the parm
917 itself otherwise, rather than doing both.
918
5b9a3d2a
GA		 9192020-08-20 David Malcolm <dmalcolm@redhat.com>
920
921 PR analyzer/96723
922 * region-model-manager.cc
923 (region_model_manager::get_field_region): Assert that field is a
924 FIELD_DECL.
925 * region.cc (region::get_subregions_for_binding): In
926 union-handling, filter the TYPE_FIELDS traversal to just FIELD_DECLs.
927
9282020-08-20 David Malcolm <dmalcolm@redhat.com>
929
930 PR analyzer/96713
931 * region-model.cc (region_model::get_gassign_result): For
932 comparisons, only use eval_condition when the lhs has boolean
933 type, and use get_or_create_constant_svalue on the boolean
934 constants directly rather than via get_rvalue.
935
04e23a40
GA		 9362020-08-19 David Malcolm <dmalcolm@redhat.com>
937
938 PR analyzer/96643
939 * region-model.cc (region_model::deref_rvalue): Rather than
940 attempting to handle all svalue kinds in the switch, only cover
941 the special cases, and move symbolic-region handling to after
942 the switch, thus implicitly handling the missing case SK_COMPOUND.
943
9442020-08-19 David Malcolm <dmalcolm@redhat.com>
945
946 PR analyzer/96705
947 * region-model-manager.cc
948 (region_model_manager::maybe_fold_binop): Check that we have an
949 integral type before calling build_int_cst.
950
9512020-08-19 David Malcolm <dmalcolm@redhat.com>
952
953 PR analyzer/96699
954 * region-model-manager.cc
955 (region_model_manager::get_or_create_cast): Use FIX_TRUNC_EXPR for
956 casting from REAL_TYPE to INTEGER_TYPE.
957
9582020-08-19 David Malcolm <dmalcolm@redhat.com>
959
960 PR analyzer/96651
961 * region-model.cc (region_model::called_from_main_p): New.
962 (region_model::get_store_value): Move handling for globals into...
963 (region_model::get_initial_value_for_global): ...this new
964 function, and add logic for extracting values from decl
965 initializers.
966 * region-model.h (decl_region::get_svalue_for_constructor): New
967 decl.
968 (decl_region::get_svalue_for_initializer): New decl.
969 (region_model::called_from_main_p): New decl.
970 (region_model::get_initial_value_for_global): New.
971 * region.cc (decl_region::maybe_get_constant_value): Move logic
972 for getting an svalue from a CONSTRUCTOR node to...
973 (decl_region::get_svalue_for_constructor): ...this new function.
974 (decl_region::get_svalue_for_initializer): New.
975 * store.cc (get_svalue_for_ctor_val): Rewrite in terms of
976 region_model::get_rvalue.
977 * store.h (binding_cluster::get_map): New accessor.
978
9792020-08-19 David Malcolm <dmalcolm@redhat.com>
980
981 PR analyzer/96648
982 * region.cc (get_field_at_bit_offset): Gracefully handle negative
983 values for bit_offset.
984
5c265693
GA		 9852020-08-18 David Malcolm <dmalcolm@redhat.com>
986
987 * region-model.cc (region_model::get_rvalue_1): Fix name of local.
988
9892020-08-18 David Malcolm <dmalcolm@redhat.com>
990
991 PR analyzer/96641
992 * region-model.cc (region_model::get_rvalue_1): Handle
993 unrecognized tree codes by returning "UNKNOWN.
994
9952020-08-18 David Malcolm <dmalcolm@redhat.com>
996
997 PR analyzer/96640
998 * region-model.cc (region_model::get_gassign_result): Handle various
999 VEC_* tree codes by returning UNKNOWN.
1000 (region_model::on_assignment): Handle unrecognized tree codes by
1001 setting lhs to an unknown value, rather than issuing a "sorry" and
1002 asserting.
1003
deee2322
GA		 10042020-08-17 David Malcolm <dmalcolm@redhat.com>
1005
1006 PR analyzer/96644
1007 * region-model-manager.cc (get_region_for_unexpected_tree_code):
1008 Handle ctxt being NULL.
1009
10102020-08-17 David Malcolm <dmalcolm@redhat.com>
1011
1012 PR analyzer/96639
1013 * region.cc (region::get_subregions_for_binding): Check for "type"
1014 being NULL.
1015
10162020-08-17 David Malcolm <dmalcolm@redhat.com>
1017
1018 PR analyzer/96642
1019 * store.cc (get_svalue_for_ctor_val): New.
1020 (binding_map::apply_ctor_to_region): Call it.
1021
661ee09b
GA		 10222020-08-14 David Malcolm <dmalcolm@redhat.com>
1023
1024 PR testsuite/96609
1025 PR analyzer/96616
1026 * region-model.cc (region_model::get_store_value): Call
1027 maybe_get_constant_value on decl_regions first.
1028 * region-model.h (decl_region::maybe_get_constant_value): New decl.
1029 * region.cc (decl_region::get_stack_depth): Likewise.
1030 (decl_region::maybe_get_constant_value): New.
1031 * store.cc (get_subregion_within_ctor): New.
1032 (binding_map::apply_ctor_to_region): New.
1033 * store.h (binding_map::apply_ctor_to_region): New decl.
1034
10352020-08-14 David Malcolm <dmalcolm@redhat.com>
1036
1037 PR analyzer/96611
1038 * store.cc (store::mark_as_escaped): Reject attempts to
1039 get a cluster for an unknown pointer.
1040
b3cb5606
GA		 10412020-08-13 David Malcolm <dmalcolm@redhat.com>
1042
5afd1882
ML		 1043 PR analyzer/93032
1044 PR analyzer/93938
1045 PR analyzer/94011
1046 PR analyzer/94099
1047 PR analyzer/94399
1048 PR analyzer/94458
1049 PR analyzer/94503
1050 PR analyzer/94640
1051 PR analyzer/94688
1052 PR analyzer/94689
1053 PR analyzer/94839
1054 PR analyzer/95026
1055 PR analyzer/95042
1056 PR analyzer/95240
b3cb5606
GA		 1057 * analyzer-logging.cc: Ignore "-Wformat-diag".
1058 (logger::enter_scope): Use inc_indent in both overloads.
1059 (logger::exit_scope): Use dec_indent.
1060 * analyzer-logging.h (logger::inc_indent): New.
1061 (logger::dec_indent): New.
1062 * analyzer-selftests.cc (run_analyzer_selftests): Call
1063 analyzer_store_cc_tests.
1064 * analyzer-selftests.h (analyzer_store_cc_tests): New decl.
1065 * analyzer.cc (get_stmt_location): New function.
1066 * analyzer.h (class initial_svalue): New forward decl.
1067 (class unaryop_svalue): New forward decl.
1068 (class binop_svalue): New forward decl.
1069 (class sub_svalue): New forward decl.
1070 (class unmergeable_svalue): New forward decl.
1071 (class placeholder_svalue): New forward decl.
1072 (class widening_svalue): New forward decl.
1073 (class compound_svalue): New forward decl.
1074 (class conjured_svalue): New forward decl.
1075 (svalue_set): New typedef.
1076 (class map_region): Delete.
1077 (class array_region): Delete.
1078 (class frame_region): New forward decl.
1079 (class function_region): New forward decl.
1080 (class label_region): New forward decl.
1081 (class decl_region): New forward decl.
1082 (class element_region): New forward decl.
1083 (class offset_region): New forward decl.
1084 (class cast_region): New forward decl.
1085 (class field_region): New forward decl.
1086 (class string_region): New forward decl.
1087 (class region_model_manager): New forward decl.
1088 (class store_manager): New forward decl.
1089 (class store): New forward decl.
1090 (class call_details): New forward decl.
1091 (struct svalue_id_merger_mapping): Delete.
1092 (struct canonicalization): Delete.
1093 (class function_point): New forward decl.
1094 (class engine): New forward decl.
1095 (dump_tree): New function decl.
1096 (print_quoted_type): New function decl.
1097 (readability_comparator): New function decl.
1098 (tree_cmp): New function decl.
1099 (class path_var): Move here from region-model.h
1100 (bit_offset_t, bit_size_t, byte_size_t): New typedefs.
1101 (class region_offset): New class.
1102 (get_stmt_location): New decl.
1103 (struct member_function_hash_traits): New struct.
1104 (class consolidation_map): New class.
1105 Ignore "-Wformat-diag".
1106 * analyzer.opt (-param=analyzer-max-svalue-depth=): New param.
1107 (-param=analyzer-max-enodes-for-full-dump=): New param.
1108 * call-string.cc: Ignore -Wformat-diag.
1109 * checker-path.cc: Move includes of "analyzer/call-string.h" and
1110 "analyzer/program-point.h" to before "analyzer/region-model.h",
1111 and also include "analyzer/store.h" before it.
1112 (state_change_event::state_change_event): Replace "tree var" param
1113 with "const svalue *sval". Convert "origin" param from tree to
1114 "const svalue *".
1115 (state_change_event::get_desc): Call get_representative_tree to
1116 convert the var and origin from const svalue * to tree. Use
1117 svalue::get_desc rather than %qE when describing state changes.
1118 (checker_path::add_final_event): Use get_stmt_location.
1119 * checker-path.h (state_change_event::state_change_event): Port
1120 from tree to const svalue *.
1121 (state_change_event::get_lvalue): Delete.
1122 (state_change_event::get_dest_function): New.
1123 (state_change_event::m_var): Replace with...
1124 (state_change_event::m_sval): ...this.
1125 (state_change_event::m_origin): Convert from tree to
1126 const svalue *.
1127 * constraint-manager.cc: Include "analyzer/call-string.h",
1128 "analyzer/program-point.h", and "analyzer/store.h" before
1129 "analyzer/region-model.h".
1130 (struct bound, struct range): Move to constraint-manager.h.
1131 (compare_constants): New function.
1132 (range::dump): Rename to...
1133 (range::dump_to_pp): ...this. Support NULL constants.
1134 (range::dump): Reintroduce for dumping to stderr.
1135 (range::constrained_to_single_element): Return result, rather than
1136 writing to *OUT.
1137 (range::eval_condition): New.
1138 (range::below_lower_bound): New.
1139 (range::above_upper_bound): New.
1140 (equiv_class::equiv_class): Port from svalue_id to const svalue *.
1141 (equiv_class::print): Likewise.
1142 (equiv_class::hash): Likewise.
1143 (equiv_class::operator==): Port from svalue_id to const svalue *.
1144 (equiv_class::add): Port from svalue_id to const svalue *. Drop
1145 "cm" param.
1146 (equiv_class::del): Port from svalue_id to const svalue *.
1147 (equiv_class::get_representative): Likewise.
1148 (equiv_class::remap_svalue_ids): Delete.
1149 (svalue_id_cmp_by_id): Rename to...
1150 (svalue_cmp_by_ptr): ...this, porting from svalue_id to
1151 const svalue *.
1152 (equiv_class::canonicalize): Update qsort comparator.
1153 (constraint::implied_by): New.
1154 (constraint_manager::constraint_manager): Copy m_mgr in copy ctor.
1155 (constraint_manager::dump_to_pp): Add "multiline" param
1156 (constraint_manager::dump): Pass "true" for "multiline".
1157 (constraint_manager::add_constraint): Port from svalue_id to
1158 const svalue *. Split out second part into...
1159 (constraint_manager::add_unknown_constraint): ...this new
1160 function. Remove self-constraints when merging equivalence
1161 classes.
1162 (constraint_manager::add_constraint_internal): Remove constraints
1163 that would be implied by the new constraint. Port from svalue_id
1164 to const svalue *.
1165 (constraint_manager::get_equiv_class_by_sid): Rename to...
1166 (constraint_manager::get_equiv_class_by_svalue): ...this, porting
1167 from svalue_id to const svalue *.
1168 (constraint_manager::get_or_add_equiv_class): Port from svalue_id
1169 to const svalue *.
1170 (constraint_manager::eval_condition): Make const. Call
1171 compare_constants and return early if it provides a known result.
1172 (constraint_manager::get_ec_bounds): New.
1173 (constraint_manager::eval_condition): New overloads. Make
1174 existing one const, and use compare_constants.
1175 (constraint_manager::purge): Convert "p" param to a template
1176 rather that an abstract base class. Port from svalue_id to
1177 const svalue *.
1178 (class dead_svalue_purger): New class.
1179 (constraint_manager::remap_svalue_ids): Delete.
1180 (constraint_manager::on_liveness_change): New.
1181 (equiv_class_cmp): Port from svalue_id to const svalue *.
1182 (constraint_manager::canonicalize): Likewise. Combine with
1183 purging of redundant equivalence classes and constraints.
1184 (class cleaned_constraint_manager): Delete.
1185 (class merger_fact_visitor): Make "m_cm_b" const. Add "m_merger"
1186 field.
1187 (merger_fact_visitor::fact): Port from svalue_id to const svalue *.
1188 Add special case for widening.
1189 (constraint_manager::merge): Port from svalue_id to const svalue *.
1190 (constraint_manager::clean_merger_input): Delete.
1191 (constraint_manager::for_each_fact): Port from svalue_id to
1192 const svalue *.
1193 (constraint_manager::validate): Likewise.
1194 (selftest::test_constraint_conditions): Provide a
1195 region_model_manager when creating region_model instances.
1196 Add test for self-equality not creating equivalence classes.
1197 (selftest::test_transitivity): Provide a region_model_manager when
1198 creating region_model instances. Verify that EC-merging happens
1199 when constraints are implied.
1200 (selftest::test_constant_comparisons): Provide a
1201 region_model_manager when creating region_model instances.
1202 (selftest::test_constraint_impl): Likewise. Remove over-specified
1203 assertions.
1204 (selftest::test_equality): Provide a region_model_manager when
1205 creating region_model instances.
1206 (selftest::test_many_constants): Likewise. Provide a
1207 program_point when testing merging.
1208 (selftest::run_constraint_manager_tests): Move call to
1209 test_constant_comparisons to outside the transitivity guard.
1210 * constraint-manager.h (struct bound): Move here from
1211 constraint-manager.cc.
1212 (struct range): Likewise.
1213 (struct::eval_condition): New decl.
1214 (struct::below_lower_bound): New decl.
1215 (struct::above_upper_bound): New decl.
1216 (equiv_class::add): Port from svalue_id to const svalue *.
1217 (equiv_class::del): Likewise.
1218 (equiv_class::get_representative): Likewise.
1219 (equiv_class::remap_svalue_ids): Drop.
1220 (equiv_class::m_cst_sid): Convert to..
1221 (equiv_class::m_cst_sval): ...this.
1222 (equiv_class::m_vars): Port from svalue_id to const svalue *.
1223 (constraint::bool implied_by): New decl.
1224 (fact_visitor::on_fact): Port from svalue_id to const svalue *.
1225 (constraint_manager::constraint_manager): Add mgr param.
1226 (constraint_manager::clone): Delete.
1227 (constraint_manager::maybe_get_constant): Delete.
1228 (constraint_manager::get_sid_for_constant): Delete.
1229 (constraint_manager::get_num_svalues): Delete.
1230 (constraint_manager::dump_to_pp): Add "multiline" param.
1231 (constraint_manager::get_equiv_class): Port from svalue_id to
1232 const svalue *.
1233 (constraint_manager::add_constraint): Likewise.
1234 (constraint_manager::get_equiv_class_by_sid): Rename to...
1235 (constraint_manager::get_equiv_class_by_svalue): ...this, porting
1236 from svalue_id to const svalue *.
1237 (constraint_manager::add_unknown_constraint): New decl.
1238 (constraint_manager::get_or_add_equiv_class): Port from svalue_id
1239 to const svalue *.
1240 (constraint_manager::eval_condition): Likewise. Add overloads.
1241 (constraint_manager::get_ec_bounds): New decl.
1242 (constraint_manager::purge): Convert to template.
1243 (constraint_manager::remap_svalue_ids): Delete.
1244 (constraint_manager::on_liveness_change): New decl.
1245 (constraint_manager::canonicalize): Drop param.
1246 (constraint_manager::clean_merger_input): Delete.
1247 (constraint_manager::m_mgr): New field.
1248 * diagnostic-manager.cc: Move includes of
1249 "analyzer/call-string.h" and "analyzer/program-point.h" to before
1250 "analyzer/region-model.h", and also include "analyzer/store.h"
1251 before it.
1252 (saved_diagnostic::saved_diagnostic): Add "sval" param.
1253 (diagnostic_manager::diagnostic_manager): Add engine param.
1254 (diagnostic_manager::add_diagnostic): Add "sval" param, passing it
1255 to saved_diagnostic ctor. Update overload to pass NULL for it.
1256 (dedupe_winners::dedupe_winners): Add engine param.
1257 (dedupe_winners::add): Add "eg" param. Pass m_engine to
1258 feasible_p.
1259 (dedupe_winner::m_engine): New field.
1260 (diagnostic_manager::emit_saved_diagnostics): Pass engine to
1261 dedupe_winners. Pass &eg when adding candidates. Pass svalue
1262 rather than tree to prune_path. Use get_stmt_location to get
1263 primary location of diagnostic.
1264 (diagnostic_manager::emit_saved_diagnostic): Likewise.
1265 (get_any_origin): Drop.
1266 (state_change_event_creator::on_global_state_change): Pass NULL
1267 const svalue * rather than NULL_TREE trees to state_change_event
1268 ctor.
1269 (state_change_event_creator::on_state_change): Port from tree and
1270 svalue_id to const svalue *.
1271 (for_each_state_change): Port from svalue_id to const svalue *.
1272 (struct null_assignment_sm_context): New.
1273 (diagnostic_manager::add_events_for_eedge): Add state change
1274 events for assignment to NULL.
1275 (diagnostic_manager::prune_path): Update param from tree to
1276 const svalue *.
1277 (diagnostic_manager::prune_for_sm_diagnostic): Port from tracking
1278 by tree to by const svalue *.
1279 * diagnostic-manager.h (saved_diagnostic::saved_diagnostic): Add sval
1280 param.
1281 (saved_diagnostic::m_sval): New field.
1282 (diagnostic_manager::diagnostic_manager): Add engine param.
1283 (diagnostic_manager::get_engine): New.
1284 (diagnostic_manager::add_diagnostic): Add "sval" param.
1285 (diagnostic_manager::prune_path): Likewise.
1286 (diagnostic_manager::prune_for_sm_diagnostic): New overload.
1287 (diagnostic_manager::m_eng): New field.
1288 * engine.cc: Move includes of "analyzer/call-string.h" and
1289 "analyzer/program-point.h" to before "analyzer/region-model.h",
1290 and also include "analyzer/store.h" before it.
1291 (impl_region_model_context::impl_region_model_context): Update for
1292 removal of m_change field.
1293 (impl_region_model_context::remap_svalue_ids): Delete.
1294 (impl_region_model_context::on_svalue_leak): New.
1295 (impl_region_model_context::on_svalue_purge): Delete.
1296 (impl_region_model_context::on_liveness_change): New.
1297 (impl_region_model_context::on_unknown_change): Update param
1298 from svalue_id to const svalue *. Add is_mutable param.
1299 (setjmp_svalue::compare_fields): Delete.
1300 (setjmp_svalue::accept): New.
1301 (setjmp_svalue::add_to_hash): Delete.
1302 (setjmp_svalue::dump_to_pp): New.
1303 (setjmp_svalue::print_details): Delete.
1304 (impl_sm_context::impl_sm_context): Drop "change" param.
1305 (impl_sm_context::get_fndecl_for_call): Drop "m_change".
1306 (impl_sm_context::on_transition): Drop ATTRIBUTE_UNUSED from
1307 "stmt" param. Drop m_change. Port from svalue_id to
1308 const svalue *.
1309 (impl_sm_context::warn_for_state): Drop m_change. Port from
1310 svalue_id to const svalue *.
1311 (impl_sm_context::get_readable_tree): Rename to...
1312 (impl_sm_context::get_diagnostic_tree): ...this. Port from
1313 svalue_id to const svalue *.
1314 (impl_sm_context::is_zero_assignment): New.
1315 (impl_sm_context::m_change): Delete field.
1316 (leak_stmt_finder::find_stmt): Handle m_var being NULL.
1317 (readability): Increase penalty for MEM_REF. For SSA_NAMEs,
1318 slightly favor the underlying var over the SSA name. Heavily
1319 penalize temporaries. Handle RESULT_DECL.
1320 (readability_comparator): Make non-static. Consider stack depths.
1321 (impl_region_model_context::on_state_leak): Convert from svalue_id
1322 to const svalue *, updating for region_model changes. Use
1323 id_equal.
1324 (impl_region_model_context::on_inherited_svalue): Delete.
1325 (impl_region_model_context::on_cast): Delete.
1326 (impl_region_model_context::on_condition): Drop m_change.
1327 (impl_region_model_context::on_phi): Likewise.
1328 (impl_region_model_context::on_unexpected_tree_code): Handle t
1329 being NULL.
1330 (point_and_state::validate): Update stack checking for
1331 region_model changes.
1332 (eg_traits::dump_args_t::show_enode_details_p): New.
1333 (exploded_node::exploded_node): Initialize m_num_processed_stmts.
1334 (exploded_node::get_processed_stmt): New function.
1335 (exploded_node::get_dot_fillcolor): Add more colors.
1336 (exploded_node::dump_dot): Guard the printing of the point and
1337 state with show_enode_details_p. Print the processed stmts for
1338 this enode after the initial state.
1339 (exploded_node::dump_to_pp): Pass true for new multiline param
1340 of program_state::dump_to_pp.
1341 (exploded_node::on_stmt): Drop "change" param. Log the stmt.
1342 Set input_location. Implement __analyzer_describe. Update
1343 implementation of __analyzer_dump and __analyzer_eval.
1344 Remove purging of sm-state for unknown fncalls from here.
1345 (exploded_node::on_edge): Drop "change" param.
1346 (exploded_node::on_longjmp): Port from region_id/svalue_id to
1347 const region */const svalue *. Call program_state::detect_leaks.
1348 Drop state_change.
1349 (exploded_node::detect_leaks): Update for changes to region_model.
1350 Call program_state::detect_leaks.
1351 (exploded_edge::exploded_edge): Drop ext_state and change params.
1352 (exploded_edge::dump_dot): "args" is no longer used. Drop dumping
1353 of m_change.
1354 (exploded_graph::exploded_graph): Pass engine to
1355 m_diagnostic_manager ctor. Use program_point::origin.
1356 (exploded_graph::add_function_entry): Drop ctxt. Use
1357 program_state::push_frame. Drop state_change.
1358 (exploded_graph::get_or_create_node): Drop "change" param. Add
1359 "enode_for_diag" param. Update dumping calls for API changes.
1360 Pass point to can_merge_with_p. Show enode indices
1361 within -Wanalyzer-too-complex diagnostic for hitting the per-point
1362 limit.
1363 (exploded_graph::add_edge): Drop "change" param. Log which nodes
1364 are being connected. Update for changes to exploded_edge ctor.
1365 (exploded_graph::get_per_program_point_data): New.
1366 (exploded_graph::process_worklist): Pass point to
1367 can_merge_with_p. Drop state_change. Update dumping call for API
1368 change.
1369 (exploded_graph::process_node): Drop state_change. Split the
1370 node in-place if an sm-state-change occurs. Update
1371 m_num_processed_stmts. Update dumping calls for API change.
1372 (exploded_graph::log_stats): Call engine::log_stats.
1373 (exploded_graph::dump_states_for_supernode): Update dumping
1374 call.
1375 (exploded_path::feasible_p): Add "eng" and "eg" params.
1376 Rename "i" to "end_idx". Pass the manager to the region_model
1377 ctor. Update for every processed stmt in the enode, not just the
1378 first. Keep track of which snodes have been visited, and call
1379 loop_replay_fixup when revisiting one.
1380 (enode_label::get_text): Update dump call for new param.
1381 (exploded_graph::dump_exploded_nodes): Likewise.
1382 (exploded_graph::get_node_by_index): New.
1383 (impl_run_checkers): Create engine instance and pass its address
1384 to extrinsic_state ctor.
1385 * exploded-graph.h
1386 (impl_region_model_context::impl_region_model_context): Drop
1387 "change" params.
1388 (impl_region_model_context::void remap_svalue_ids): Delete.
1389 (impl_region_model_context::on_svalue_purge): Delete.
1390 (impl_region_model_context::on_svalue_leak): New.
1391 (impl_region_model_context::on_liveness_change): New.
1392 (impl_region_model_context::on_state_leak): Update signature.
1393 (impl_region_model_context::on_inherited_svalue): Delete.
1394 (impl_region_model_context::on_cast): Delete.
1395 (impl_region_model_context::on_unknown_change): Update signature.
1396 (impl_region_model_context::m_change): Delete.
1397 (eg_traits::dump_args_t::show_enode_details_p): New.
1398 (exploded_node::on_stmt): Drop "change" param.
1399 (exploded_node::on_edge): Likewise.
1400 (exploded_node::get_processed_stmt): New decl.
1401 (exploded_node::m_num_processed_stmts): New field.
1402 (exploded_edge::exploded_edge): Drop ext_state and change params.
1403 (exploded_edge::m_change): Delete.
1404 (exploded_graph::get_engine): New accessor.
1405 (exploded_graph::get_or_create_node): Drop "change" param. Add
1406 "enode_for_diag" param.
1407 (exploded_graph::add_edge): Drop "change" param.
1408 (exploded_graph::get_per_program_point_data): New decl.
1409 (exploded_graph::get_node_by_index): New decl.
1410 (exploded_path::feasible_p): Add "eng" and "eg" params.
1411 * program-point.cc: Include "analyzer/store.h" before including
1412 "analyzer/region-model.h".
1413 (function_point::function_point): Move here from
1414 program-point.h.
1415 (function_point::get_function): Likewise.
1416 (function_point::from_function_entry): Likewise.
1417 (function_point::before_supernode): Likewise.
1418 (function_point::next_stmt): New function.
1419 * program-point.h (function_point::function_point): Move
1420 implementation from here to program-point.cc.
1421 (function_point::get_function): Likewise.
1422 (function_point::from_function_entry): Likewise.
1423 (function_point::before_supernode): Likewise.
1424 (function_point::next_stmt): New decl.
1425 (program_point::operator!=): New.
1426 (program_point::origin): New.
1427 (program_point::next_stmt): New.
1428 (program_point::m_function_point): Make non-const.
1429 * program-state.cc: Move includes of "analyzer/call-string.h" and
1430 "analyzer/program-point.h" to before "analyzer/region-model.h",
1431 and also include "analyzer/store.h" before it.
1432 (extrinsic_state::get_model_manager): New.
1433 (sm_state_map::sm_state_map): Pass in sm and sm_idx to ctor,
1434 rather than pass the around.
1435 (sm_state_map::clone_with_remapping): Delete.
1436 (sm_state_map::print): Remove "sm" param in favor of "m_sm". Add
1437 "simple" and "multiline" params and support multiline vs single
1438 line dumping.
1439 (sm_state_map::dump): Remove "sm" param in favor of "m_sm". Add
1440 "simple" param.
1441 (sm_state_map::hash): Port from svalue_id to const svalue *.
1442 (sm_state_map::operator==): Likewise.
1443 (sm_state_map::get_state): Likewise. Call canonicalize_svalue on
1444 input. Handle inheritance of sm-state. Call get_default_state.
1445 (sm_state_map::get_origin): Port from svalue_id to const svalue *.
1446 (sm_state_map::set_state): Likewise. Pass in ext_state. Reject
1447 attempts to set state on UNKNOWN.
1448 (sm_state_map::impl_set_state): Port from svalue_id to
1449 const svalue *. Pass in ext_state. Call canonicalize_svalue on
1450 input.
1451 (sm_state_map::purge_for_unknown_fncall): Delete.
1452 (sm_state_map::on_svalue_leak): New.
1453 (sm_state_map::remap_svalue_ids): Delete.
1454 (sm_state_map::on_liveness_change): New.
1455 (sm_state_map::on_unknown_change): Reimplement.
1456 (sm_state_map::on_svalue_purge): Delete.
1457 (sm_state_map::on_inherited_svalue): Delete.
1458 (sm_state_map::on_cast): Delete.
1459 (sm_state_map::validate): Delete.
1460 (sm_state_map::canonicalize_svalue): New.
1461 (program_state::program_state): Update to pass manager to
1462 region_model's ctor. Constify num_states and pass state machine
1463 and index to sm_state_map ctor.
1464 (program_state::print): Update for changes to dump API.
1465 (program_state::dump_to_pp): Ignore the summarize param. Add
1466 "multiline" param.
1467 (program_state::dump_to_file): Add "multiline" param.
1468 (program_state::dump): Pass "true" for new "multiline" param.
1469 (program_state::push_frame): New.
1470 (program_state::on_edge): Drop "change" param. Call
1471 program_state::detect_leaks.
1472 (program_state::prune_for_point): Add enode_for_diag param.
1473 Reimplement based on store class. Call detect_leaks
1474 (program_state::remap_svalue_ids): Delete.
1475 (program_state::get_representative_tree): Port from svalue_id to
1476 const svalue *.
1477 (program_state::can_merge_with_p): Add "point" param. Add early
1478 reject for sm-differences. Drop id remapping.
1479 (program_state::validate): Drop region model and sm_state_map
1480 validation.
1481 (state_change::sm_change::dump): Delete.
1482 (state_change::sm_change::remap_svalue_ids): Delete.
1483 (state_change::sm_change::on_svalue_purge): Delete.
1484 (log_set_of_svalues): New.
1485 (state_change::sm_change::validate): Delete.
1486 (state_change::state_change): Delete.
1487 (state_change::add_sm_change): Delete.
1488 (state_change::affects_p): Delete.
1489 (state_change::dump): Delete.
1490 (state_change::remap_svalue_ids): Delete.
1491 (state_change::on_svalue_purge): Delete.
1492 (state_change::validate): Delete.
1493 (selftest::assert_dump_eq): Delete.
1494 (ASSERT_DUMP_EQ): Delete.
1495 (selftest::test_sm_state_map): Update for changes to region_model
1496 and sm_state_map, porting from svalue_id to const svalue *.
1497 (selftest::test_program_state_dumping): Likewise. Drop test of
1498 dumping, renaming to...
1499 (selftest::test_program_state_1): ...this.
1500 (selftest::test_program_state_dumping_2): Likewise, renaming to...
1501 (selftest::test_program_state_2): ...this.
1502 (selftest::test_program_state_merging): Update for changes to
1503 region_model.
1504 (selftest::test_program_state_merging_2): Likewise.
1505 (selftest::analyzer_program_state_cc_tests): Update for renamed
1506 tests.
1507 * program-state.h (extrinsic_state::extrinsic_state): Add logger
1508 and engine params.
1509 (extrinsic_state::get_logger): New accessor.
1510 (extrinsic_state::get_engine): New accessor.
1511 (extrinsic_state::get_model_manager): New accessor.
1512 (extrinsic_state::m_logger): New field.
1513 (extrinsic_state::m_engine): New field.
1514 (struct default_hash_traits<svalue_id>): Delete.
1515 (pod_hash_traits<svalue_id>::hash): Delete.
1516 (pod_hash_traits<svalue_id>::equal): Delete.
1517 (pod_hash_traits<svalue_id>::mark_deleted): Delete.
1518 (pod_hash_traits<svalue_id>::mark_empty): Delete.
1519 (pod_hash_traits<svalue_id>::is_deleted): Delete.
1520 (pod_hash_traits<svalue_id>::is_empty): Delete.
1521 (sm_state_map::entry_t::entry_t): Port from svalue_id to
1522 const svalue *.
1523 (sm_state_map::entry_t::m_origin): Likewise.
1524 (sm_state_map::map_t): Likewise.
1525 (sm_state_map::sm_state_map): Add state_machine and index params.
1526 (sm_state_map::clone_with_remapping): Delete.
1527 (sm_state_map::print): Drop sm param; add simple and multiline
1528 params.
1529 (sm_state_map::dump): Drop sm param; add simple param.
1530 (sm_state_map::get_state): Port from svalue_id to const svalue *.
1531 Add ext_state param.
1532 (sm_state_map::get_origin): Likewise.
1533 (sm_state_map::set_state): Likewise.
1534 (sm_state_map::impl_set_state): Likewise.
1535 (sm_state_map::purge_for_unknown_fncall): Delete.
1536 (sm_state_map::remap_svalue_ids): Delete.
1537 (sm_state_map::on_svalue_purge): Delete.
1538 (sm_state_map::on_svalue_leak): New.
1539 (sm_state_map::on_liveness_change): New.
1540 (sm_state_map::on_inherited_svalue): Delete.
1541 (sm_state_map::on_cast): Delete.
1542 (sm_state_map::validate): Delete.
1543 (sm_state_map::on_unknown_change): Port from svalue_id to
1544 const svalue *. Add is_mutable and ext_state params.
1545 (sm_state_map::canonicalize_svalue): New.
1546 (sm_state_map::m_sm): New field.
1547 (sm_state_map::m_sm_idx): New field.
1548 (program_state::operator=): Delete.
1549 (program_state::dump_to_pp): Drop "summarize" param, adding
1550 "simple" and "multiline".
1551 (program_state::dump_to_file): Likewise.
1552 (program_state::dump): Rename "summarize" to "simple".
1553 (program_state::push_frame): New.
1554 (program_state::get_current_function): New.
1555 (program_state::on_edge): Drop "change" param.
1556 (program_state::prune_for_point): Likewise. Add enode_for_diag
1557 param.
1558 (program_state::remap_svalue_ids): Delete.
1559 (program_state::get_representative_tree): Port from svalue_id to
1560 const svalue *.
1561 (program_state::can_purge_p): Likewise. Pass ext_state to get_state.
1562 (program_state::can_merge_with_p): Add point param.
1563 (program_state::detect_leaks): New.
1564 (state_change_visitor::on_state_change): Port from tree and
1565 svalue_id to a pair of const svalue *.
1566 (class state_change): Delete.
1567 * region.cc: New file.
1568 * region-model-impl-calls.cc: New file.
1569 * region-model-manager.cc: New file.
1570 * region-model-reachability.cc: New file.
1571 * region-model-reachability.h: New file.
1572 * region-model.cc: Include "analyzer/call-string.h",
1573 "analyzer/program-point.h", and "analyzer/store.h" before
1574 "analyzer/region-model.h". Include
1575 "analyzer/region-model-reachability.h".
1576 (dump_tree): Make non-static.
1577 (dump_quoted_tree): Make non-static.
1578 (print_quoted_type): Make non-static.
1579 (path_var::dump): Delete.
1580 (dump_separator): Delete.
1581 (class impl_constraint_manager): Delete.
1582 (svalue_id::print): Delete.
1583 (svalue_id::dump_node_name_to_pp): Delete.
1584 (svalue_id::validate): Delete.
1585 (region_id::print): Delete.
1586 (region_id::dump_node_name_to_pp): Delete.
1587 (region_id::validate): Delete.
1588 (region_id_set::region_id_set): Delete.
1589 (svalue_id_set::svalue_id_set): Delete.
1590 (svalue::operator==): Delete.
1591 (svalue::hash): Delete.
1592 (svalue::print): Delete.
1593 (svalue::dump_dot_to_pp): Delete.
1594 (svalue::remap_region_ids): Delete.
1595 (svalue::walk_for_canonicalization): Delete.
1596 (svalue::get_child_sid): Delete.
1597 (svalue::maybe_get_constant): Delete.
1598 (region_svalue::compare_fields): Delete.
1599 (region_svalue::add_to_hash): Delete.
1600 (region_svalue::print_details): Delete.
1601 (region_svalue::dump_dot_to_pp): Delete.
1602 (region_svalue::remap_region_ids): Delete.
1603 (region_svalue::merge_values): Delete.
1604 (region_svalue::walk_for_canonicalization): Delete.
1605 (region_svalue::eval_condition): Delete.
1606 (constant_svalue::compare_fields): Delete.
1607 (constant_svalue::add_to_hash): Delete.
1608 (constant_svalue::merge_values): Delete.
1609 (constant_svalue::eval_condition): Move to svalue.cc.
1610 (constant_svalue::print_details): Delete.
1611 (constant_svalue::get_child_sid): Delete.
1612 (unknown_svalue::compare_fields): Delete.
1613 (unknown_svalue::add_to_hash): Delete.
1614 (unknown_svalue::print_details): Delete.
1615 (poison_kind_to_str): Move to svalue.cc.
1616 (poisoned_svalue::compare_fields): Delete.
1617 (poisoned_svalue::add_to_hash): Delete.
1618 (poisoned_svalue::print_details): Delete.
1619 (region_kind_to_str): Move to region.cc and reimplement.
1620 (region::operator==): Delete.
1621 (region::get_parent_region): Delete.
1622 (region::set_value): Delete.
1623 (region::become_active_view): Delete.
1624 (region::deactivate_any_active_view): Delete.
1625 (region::deactivate_view): Delete.
1626 (region::get_value): Delete.
1627 (region::get_inherited_child_sid): Delete.
1628 (region_model::copy_region): Delete.
1629 (region_model::copy_struct_region): Delete.
1630 (region_model::copy_union_region): Delete.
1631 (region_model::copy_array_region): Delete.
1632 (region::hash): Delete.
1633 (region::print): Delete.
1634 (region::dump_dot_to_pp): Delete.
1635 (region::dump_to_pp): Delete.
1636 (region::dump_child_label): Delete.
1637 (region::validate): Delete.
1638 (region::remap_svalue_ids): Delete.
1639 (region::remap_region_ids): Delete.
1640 (region::add_view): Delete.
1641 (region::get_view): Delete.
1642 (region::region): Move to region.cc.
1643 (region::add_to_hash): Delete.
1644 (region::print_fields): Delete.
1645 (region::non_null_p): Delete.
1646 (primitive_region::clone): Delete.
1647 (primitive_region::walk_for_canonicalization): Delete.
1648 (map_region::map_region): Delete.
1649 (map_region::compare_fields): Delete.
1650 (map_region::print_fields): Delete.
1651 (map_region::validate): Delete.
1652 (map_region::dump_dot_to_pp): Delete.
1653 (map_region::dump_child_label): Delete.
1654 (map_region::get_or_create): Delete.
1655 (map_region::get): Delete.
1656 (map_region::add_to_hash): Delete.
1657 (map_region::remap_region_ids): Delete.
1658 (map_region::unbind): Delete.
1659 (map_region::get_tree_for_child_region): Delete.
1660 (map_region::get_tree_for_child_region): Delete.
1661 (tree_cmp): Move to region.cc.
1662 (map_region::can_merge_p): Delete.
1663 (map_region::walk_for_canonicalization): Delete.
1664 (map_region::get_value_by_name): Delete.
1665 (struct_or_union_region::valid_key_p): Delete.
1666 (struct_or_union_region::compare_fields): Delete.
1667 (struct_region::clone): Delete.
1668 (struct_region::compare_fields): Delete.
1669 (union_region::clone): Delete.
1670 (union_region::compare_fields): Delete.
1671 (frame_region::compare_fields): Delete.
1672 (frame_region::clone): Delete.
1673 (frame_region::valid_key_p): Delete.
1674 (frame_region::print_fields): Delete.
1675 (frame_region::add_to_hash): Delete.
1676 (globals_region::compare_fields): Delete.
1677 (globals_region::clone): Delete.
1678 (globals_region::valid_key_p): Delete.
1679 (code_region::compare_fields): Delete.
1680 (code_region::clone): Delete.
1681 (code_region::valid_key_p): Delete.
1682 (array_region::array_region): Delete.
1683 (array_region::get_element): Delete.
1684 (array_region::clone): Delete.
1685 (array_region::compare_fields): Delete.
1686 (array_region::print_fields): Delete.
1687 (array_region::validate): Delete.
1688 (array_region::dump_dot_to_pp): Delete.
1689 (array_region::dump_child_label): Delete.
1690 (array_region::get_or_create): Delete.
1691 (array_region::get): Delete.
1692 (array_region::add_to_hash): Delete.
1693 (array_region::remap_region_ids): Delete.
1694 (array_region::get_key_for_child_region): Delete.
1695 (array_region::key_cmp): Delete.
1696 (array_region::walk_for_canonicalization): Delete.
1697 (array_region::key_from_constant): Delete.
1698 (array_region::constant_from_key): Delete.
1699 (function_region::compare_fields): Delete.
1700 (function_region::clone): Delete.
1701 (function_region::valid_key_p): Delete.
1702 (stack_region::stack_region): Delete.
1703 (stack_region::compare_fields): Delete.
1704 (stack_region::clone): Delete.
1705 (stack_region::print_fields): Delete.
1706 (stack_region::dump_child_label): Delete.
1707 (stack_region::validate): Delete.
1708 (stack_region::push_frame): Delete.
1709 (stack_region::get_current_frame_id): Delete.
1710 (stack_region::pop_frame): Delete.
1711 (stack_region::add_to_hash): Delete.
1712 (stack_region::remap_region_ids): Delete.
1713 (stack_region::can_merge_p): Delete.
1714 (stack_region::walk_for_canonicalization): Delete.
1715 (stack_region::get_value_by_name): Delete.
1716 (heap_region::heap_region): Delete.
1717 (heap_region::compare_fields): Delete.
1718 (heap_region::clone): Delete.
1719 (heap_region::walk_for_canonicalization): Delete.
1720 (root_region::root_region): Delete.
1721 (root_region::compare_fields): Delete.
1722 (root_region::clone): Delete.
1723 (root_region::print_fields): Delete.
1724 (root_region::validate): Delete.
1725 (root_region::dump_child_label): Delete.
1726 (root_region::push_frame): Delete.
1727 (root_region::get_current_frame_id): Delete.
1728 (root_region::pop_frame): Delete.
1729 (root_region::ensure_stack_region): Delete.
1730 (root_region::get_stack_region): Delete.
1731 (root_region::ensure_globals_region): Delete.
1732 (root_region::get_code_region): Delete.
1733 (root_region::ensure_code_region): Delete.
1734 (root_region::get_globals_region): Delete.
1735 (root_region::ensure_heap_region): Delete.
1736 (root_region::get_heap_region): Delete.
1737 (root_region::remap_region_ids): Delete.
1738 (root_region::can_merge_p): Delete.
1739 (root_region::add_to_hash): Delete.
1740 (root_region::walk_for_canonicalization): Delete.
1741 (root_region::get_value_by_name): Delete.
1742 (symbolic_region::symbolic_region): Delete.
1743 (symbolic_region::compare_fields): Delete.
1744 (symbolic_region::clone): Delete.
1745 (symbolic_region::walk_for_canonicalization): Delete.
1746 (symbolic_region::print_fields): Delete.
1747 (region_model::region_model): Add region_model_manager * param.
1748 Reimplement in terms of store, dropping impl_constraint_manager
1749 subclass.
1750 (region_model::operator=): Reimplement in terms of store
1751 (region_model::operator==): Likewise.
1752 (region_model::hash): Likewise.
1753 (region_model::print): Delete.
1754 (region_model::print_svalue): Delete.
1755 (region_model::dump_dot_to_pp): Delete.
1756 (region_model::dump_dot_to_file): Delete.
1757 (region_model::dump_dot): Delete.
1758 (region_model::dump_to_pp): Replace "summarize" param with
1759 "simple" and "multiline". Port to store-based implementation.
1760 (region_model::dump): Replace "summarize" param with "simple" and
1761 "multiline".
1762 (dump_vec_of_tree): Delete.
1763 (region_model::dump_summary_of_rep_path_vars): Delete.
1764 (region_model::validate): Delete.
1765 (svalue_id_cmp_by_constant_svalue_model): Delete.
1766 (svalue_id_cmp_by_constant_svalue): Delete.
1767 (region_model::canonicalize): Drop "ctxt" param. Reimplement in
1768 terms of store and constraints.
1769 (region_model::canonicalized_p): Remove NULL arg to canonicalize.
1770 (region_model::loop_replay_fixup): New.
1771 (poisoned_value_diagnostic::emit): Tweak wording of warnings.
1772 (region_model::check_for_poison): Delete.
1773 (region_model::get_gassign_result): New.
1774 (region_model::on_assignment): Port to store-based implementation.
1775 (region_model::on_call_pre): Delete calls to check_for_poison.
1776 Move implementations to region-model-impl-calls.c and port to
1777 store-based implementation.
1778 (region_model::on_call_post): Likewise.
1779 (class reachable_regions): Move to region-model-reachability.h/cc
1780 and port to store-based implementation.
1781 (region_model::handle_unrecognized_call): Port to store-based
1782 implementation.
1783 (region_model::get_reachable_svalues): New.
1784 (region_model::on_setjmp): Port to store-based implementation.
1785 (region_model::on_longjmp): Likewise.
1786 (region_model::handle_phi): Drop is_back_edge param and the logic
1787 using it.
1788 (region_model::get_lvalue_1): Port from region_id to const region *.
1789 (region_model::make_region_for_unexpected_tree_code): Delete.
1790 (assert_compat_types): If the check fails, use internal_error to
1791 show the types.
1792 (region_model::get_lvalue): Port from region_id to const region *.
1793 (region_model::get_rvalue_1): Port from svalue_id to const svalue *.
1794 (region_model::get_rvalue): Likewise.
1795 (region_model::get_or_create_ptr_svalue): Delete.
1796 (region_model::get_or_create_constant_svalue): Delete.
1797 (region_model::get_svalue_for_fndecl): Delete.
1798 (region_model::get_region_for_fndecl): Delete.
1799 (region_model::get_svalue_for_label): Delete.
1800 (region_model::get_region_for_label): Delete.
1801 (build_cast): Delete.
1802 (region_model::maybe_cast_1): Delete.
1803 (region_model::maybe_cast): Delete.
1804 (region_model::get_field_region): Delete.
1805 (region_model::get_store_value): New.
1806 (region_model::region_exists_p): New.
1807 (region_model::deref_rvalue): Port from svalue_id to const svalue *.
1808 (region_model::set_value): Likewise.
1809 (region_model::clobber_region): New.
1810 (region_model::purge_region): New.
1811 (region_model::zero_fill_region): New.
1812 (region_model::mark_region_as_unknown): New.
1813 (region_model::eval_condition): Port from svalue_id to
1814 const svalue *.
1815 (region_model::eval_condition_without_cm): Likewise.
1816 (region_model::compare_initial_and_pointer): New.
1817 (region_model::add_constraint): Port from svalue_id to
1818 const svalue *.
1819 (region_model::maybe_get_constant): Delete.
1820 (region_model::get_representative_path_var): New.
1821 (region_model::add_new_malloc_region): Delete.
1822 (region_model::get_representative_tree): Port to const svalue *.
1823 (region_model::get_representative_path_var): Port to
1824 const region *.
1825 (region_model::get_path_vars_for_svalue): Delete.
1826 (region_model::set_to_new_unknown_value): Delete.
1827 (region_model::update_for_phis): Don't pass is_back_edge to handle_phi.
1828 (region_model::update_for_call_superedge): Port from svalue_id to
1829 const svalue *.
1830 (region_model::update_for_return_superedge): Port to store-based
1831 implementation.
1832 (region_model::update_for_call_summary): Replace
1833 set_to_new_unknown_value with mark_region_as_unknown.
1834 (region_model::get_root_region): Delete.
1835 (region_model::get_stack_region_id): Delete.
1836 (region_model::push_frame): Delete.
1837 (region_model::get_current_frame_id): Delete.
1838 (region_model::get_current_function): Delete.
1839 (region_model::pop_frame): Delete.
1840 (region_model::on_top_level_param): New.
1841 (region_model::get_stack_depth): Delete.
1842 (region_model::get_function_at_depth): Delete.
1843 (region_model::get_globals_region_id): Delete.
1844 (region_model::add_svalue): Delete.
1845 (region_model::replace_svalue): Delete.
1846 (region_model::add_region): Delete.
1847 (region_model::get_svalue): Delete.
1848 (region_model::get_region): Delete.
1849 (make_region_for_type): Delete.
1850 (region_model::add_region_for_type): Delete.
1851 (region_model::on_top_level_param): New.
1852 (class restrict_to_used_svalues): Delete.
1853 (region_model::purge_unused_svalues): Delete.
1854 (region_model::push_frame): New.
1855 (region_model::remap_svalue_ids): Delete.
1856 (region_model::remap_region_ids): Delete.
1857 (region_model::purge_regions): Delete.
1858 (region_model::get_descendents): Delete.
1859 (region_model::delete_region_and_descendents): Delete.
1860 (region_model::poison_any_pointers_to_bad_regions): Delete.
1861 (region_model::can_merge_with_p): Delete.
1862 (region_model::get_current_function): New.
1863 (region_model::get_value_by_name): Delete.
1864 (region_model::convert_byte_offset_to_array_index): Delete.
1865 (region_model::pop_frame): New.
1866 (region_model::get_or_create_mem_ref): Delete.
1867 (region_model::get_stack_depth): New.
1868 (region_model::get_frame_at_index): New.
1869 (region_model::unbind_region_and_descendents): New.
1870 (struct bad_pointer_finder): New.
1871 (region_model::get_or_create_pointer_plus_expr): Delete.
1872 (region_model::poison_any_pointers_to_descendents): New.
1873 (region_model::get_or_create_view): Delete.
1874 (region_model::can_merge_with_p): New.
1875 (region_model::get_fndecl_for_call): Port from svalue_id to
1876 const svalue *.
1877 (struct append_ssa_names_cb_data): New.
1878 (get_ssa_name_regions_for_current_frame): New.
1879 (region_model::append_ssa_names_cb): New.
1880 (model_merger::dump_to_pp): Add "simple" param. Drop dumping of
1881 remappings.
1882 (model_merger::dump): Add "simple" param to both overloads.
1883 (model_merger::can_merge_values_p): Delete.
1884 (model_merger::record_regions): Delete.
1885 (model_merger::record_svalues): Delete.
1886 (svalue_id_merger_mapping::svalue_id_merger_mapping): Delete.
1887 (svalue_id_merger_mapping::dump_to_pp): Delete.
1888 (svalue_id_merger_mapping::dump): Delete.
1889 (region_model::create_region_for_heap_alloc): New.
1890 (region_model::create_region_for_alloca): New.
1891 (region_model::record_dynamic_extents): New.
1892 (canonicalization::canonicalization): Delete.
1893 (canonicalization::walk_rid): Delete.
1894 (canonicalization::walk_sid): Delete.
1895 (canonicalization::dump_to_pp): Delete.
1896 (canonicalization::dump): Delete.
1897 (inchash::add): Delete overloads for svalue_id and region_id.
1898 (engine::log_stats): New.
1899 (assert_condition): Add overload comparing svalues.
1900 (assert_dump_eq): Pass "true" for multiline.
1901 (selftest::test_dump): Update for rewrite of region_model.
1902 (selftest::test_dump_2): Rename to...
1903 (selftest::test_struct): ...this. Provide a region_model_manager
1904 when creating region_model instance. Remove dump test. Add
1905 checks for get_offset.
1906 (selftest::test_dump_3): Rename to...
1907 (selftest::test_array_1): ...this. Provide a region_model_manager
1908 when creating region_model instance. Remove dump test.
1909 (selftest::test_get_representative_tree): Port from svalue_id to
1910 new API. Add test coverage for various expressions.
1911 (selftest::test_unique_constants): Provide a region_model_manager
1912 for the region_model. Add test coverage for comparing const vs
1913 non-const.
1914 (selftest::test_svalue_equality): Delete.
1915 (selftest::test_region_equality): Delete.
1916 (selftest::test_unique_unknowns): New.
1917 (class purge_all_svalue_ids): Delete.
1918 (class purge_one_svalue_id): Delete.
1919 (selftest::test_purging_by_criteria): Delete.
1920 (selftest::test_initial_svalue_folding): New.
1921 (selftest::test_unaryop_svalue_folding): New.
1922 (selftest::test_binop_svalue_folding): New.
1923 (selftest::test_sub_svalue_folding): New.
1924 (selftest::test_purge_unused_svalues): Delete.
1925 (selftest::test_descendent_of_p): New.
1926 (selftest::test_assignment): Provide a region_model_manager for
1927 the region_model. Drop the dump test.
1928 (selftest::test_compound_assignment): Likewise.
1929 (selftest::test_stack_frames): Port to new implementation.
1930 (selftest::test_get_representative_path_var): Likewise.
1931 (selftest::test_canonicalization_1): Rename to...
1932 (selftest::test_equality_1): ...this. Port to new API, and add
1933 (selftest::test_canonicalization_2): Provide a
1934 region_model_manager when creating region_model instances.
1935 Remove redundant canicalization.
1936 (selftest::test_canonicalization_3): Provide a
1937 region_model_manager when creating region_model instances.
1938 Remove param from calls to region_model::canonicalize.
1939 (selftest::test_canonicalization_4): Likewise.
1940 (selftest::assert_region_models_merge): Constify
1941 out_merged_svalue. Port to new API.
1942 (selftest::test_state_merging): Provide a
1943 region_model_manager when creating region_model instances.
1944 Provide a program_point point when merging them. Replace
1945 set_to_new_unknown_value with usage of placeholder_svalues.
1946 Drop get_value_by_name. Port from svalue_id to const svalue *.
1947 Add test of heap allocation.
1948 (selftest::test_constraint_merging): Provide a
1949 region_model_manager when creating region_model instances.
1950 Provide a program_point point when merging them. Eliminate use
1951 of set_to_new_unknown_value.
1952 (selftest::test_widening_constraints): New.
1953 (selftest::test_iteration_1): New.
1954 (selftest::test_malloc_constraints): Port to store-based
1955 implementation.
1956 (selftest::test_var): New test.
1957 (selftest::test_array_2): New test.
1958 (selftest::test_mem_ref): New test.
1959 (selftest::test_POINTER_PLUS_EXPR_then_MEM_REF): New.
1960 (selftest::test_malloc): New.
1961 (selftest::test_alloca): New.
1962 (selftest::analyzer_region_model_cc_tests): Update for renamings.
1963 Call new functions.
1964 * region-model.h (class path_var): Move to analyzer.h.
1965 (class svalue_id): Delete.
1966 (class region_id): Delete.
1967 (class id_map): Delete.
1968 (svalue_id_map): Delete.
1969 (region_id_map): Delete.
1970 (id_map<T>::id_map): Delete.
1971 (id_map<T>::put): Delete.
1972 (id_map<T>::get_dst_for_src): Delete.
1973 (id_map<T>::get_src_for_dst): Delete.
1974 (id_map<T>::dump_to_pp): Delete.
1975 (id_map<T>::dump): Delete.
1976 (id_map<T>::update): Delete.
1977 (one_way_svalue_id_map): Delete.
1978 (one_way_region_id_map): Delete.
1979 (class region_id_set): Delete.
1980 (class svalue_id_set): Delete.
1981 (struct complexity): New.
1982 (class visitor): New.
1983 (enum svalue_kind): Add SK_SETJMP, SK_INITIAL, SK_UNARYOP,
1984 SK_BINOP, SK_SUB,SK_UNMERGEABLE, SK_PLACEHOLDER, SK_WIDENING,
1985 SK_COMPOUND, and SK_CONJURED.
1986 (svalue::operator==): Delete.
1987 (svalue::operator!=): Delete.
1988 (svalue::clone): Delete.
1989 (svalue::hash): Delete.
1990 (svalue::dump_dot_to_pp): Delete.
1991 (svalue::dump_to_pp): New.
1992 (svalue::dump): New.
1993 (svalue::get_desc): New.
1994 (svalue::dyn_cast_initial_svalue): New.
1995 (svalue::dyn_cast_unaryop_svalue): New.
1996 (svalue::dyn_cast_binop_svalue): New.
1997 (svalue::dyn_cast_sub_svalue): New.
1998 (svalue::dyn_cast_unmergeable_svalue): New.
1999 (svalue::dyn_cast_widening_svalue): New.
2000 (svalue::dyn_cast_compound_svalue): New.
2001 (svalue::dyn_cast_conjured_svalue): New.
2002 (svalue::maybe_undo_cast): New.
2003 (svalue::unwrap_any_unmergeable): New.
2004 (svalue::remap_region_ids): Delete
2005 (svalue::can_merge_p): New.
2006 (svalue::walk_for_canonicalization): Delete
2007 (svalue::get_complexity): New.
2008 (svalue::get_child_sid): Delete
2009 (svalue::accept): New.
2010 (svalue::live_p): New.
2011 (svalue::implicitly_live_p): New.
2012 (svalue::svalue): Add complexity param.
2013 (svalue::add_to_hash): Delete
2014 (svalue::print_details): Delete
2015 (svalue::m_complexity): New field.
2016 (region_svalue::key_t): New struct.
2017 (region_svalue::region_svalue): Port from region_id to
2018 const region_id *. Add complexity.
2019 (region_svalue::compare_fields): Delete.
2020 (region_svalue::clone): Delete.
2021 (region_svalue::dump_dot_to_pp): Delete.
2022 (region_svalue::get_pointee): Port from region_id to
2023 const region_id *.
2024 (region_svalue::remap_region_ids): Delete.
2025 (region_svalue::merge_values): Delete.
2026 (region_svalue::dump_to_pp): New.
2027 (region_svalue::accept): New.
2028 (region_svalue::walk_for_canonicalization): Delete.
2029 (region_svalue::eval_condition): Make params const.
2030 (region_svalue::add_to_hash): Delete.
2031 (region_svalue::print_details): Delete.
2032 (region_svalue::m_rid): Replace with...
2033 (region_svalue::m_reg): ...this.
2034 (is_a_helper <region_svalue *>::test): Convert to...
2035 (is_a_helper <const region_svalue *>::test): ...this.
2036 (template <> struct default_hash_traits<region_svalue::key_t>):
2037 New.
2038 (constant_svalue::constant_svalue): Add complexity.
2039 (constant_svalue::compare_fields): Delete.
2040 (constant_svalue::clone): Delete.
2041 (constant_svalue::add_to_hash): Delete.
2042 (constant_svalue::dump_to_pp): New.
2043 (constant_svalue::accept): New.
2044 (constant_svalue::implicitly_live_p): New.
2045 (constant_svalue::merge_values): Delete.
2046 (constant_svalue::eval_condition): Make params const.
2047 (constant_svalue::get_child_sid): Delete.
2048 (constant_svalue::print_details): Delete.
2049 (is_a_helper <constant_svalue *>::test): Convert to...
2050 (is_a_helper <const constant_svalue *>::test): ...this.
2051 (class unknown_svalue): Update leading comment.
2052 (unknown_svalue::unknown_svalue): Add complexity.
2053 (unknown_svalue::compare_fields): Delete.
2054 (unknown_svalue::add_to_hash): Delete.
2055 (unknown_svalue::dyn_cast_unknown_svalue): Delete.
2056 (unknown_svalue::print_details): Delete.
2057 (unknown_svalue::dump_to_pp): New.
2058 (unknown_svalue::accept): New.
2059 (poisoned_svalue::key_t): New struct.
2060 (poisoned_svalue::poisoned_svalue): Add complexity.
2061 (poisoned_svalue::compare_fields): Delete.
2062 (poisoned_svalue::clone): Delete.
2063 (poisoned_svalue::add_to_hash): Delete.
2064 (poisoned_svalue::dump_to_pp): New.
2065 (poisoned_svalue::accept): New.
2066 (poisoned_svalue::print_details): Delete.
2067 (is_a_helper <poisoned_svalue *>::test): Convert to...
2068 (is_a_helper <const poisoned_svalue *>::test): ...this.
2069 (template <> struct default_hash_traits<poisoned_svalue::key_t>):
2070 New.
2071 (setjmp_record::add_to_hash): New.
2072 (setjmp_svalue::key_t): New struct.
2073 (setjmp_svalue::compare_fields): Delete.
2074 (setjmp_svalue::clone): Delete.
2075 (setjmp_svalue::add_to_hash): Delete.
2076 (setjmp_svalue::setjmp_svalue): Add complexity.
2077 (setjmp_svalue::dump_to_pp): New.
2078 (setjmp_svalue::accept): New.
2079 (setjmp_svalue::void print_details): Delete.
2080 (is_a_helper <const setjmp_svalue *>::test): New.
2081 (template <> struct default_hash_traits<setjmp_svalue::key_t>): New.
2082 (class initial_svalue : public svalue): New.
2083 (is_a_helper <const initial_svalue *>::test): New.
2084 (class unaryop_svalue): New.
2085 (is_a_helper <const unaryop_svalue *>::test): New.
2086 (template <> struct default_hash_traits<unaryop_svalue::key_t>): New.
2087 (class binop_svalue): New.
2088 (is_a_helper <const binop_svalue *>::test): New.
2089 (template <> struct default_hash_traits<binop_svalue::key_t>): New.
2090 (class sub_svalue): New.
2091 (is_a_helper <const sub_svalue *>::test): New.
2092 (template <> struct default_hash_traits<sub_svalue::key_t>): New.
2093 (class unmergeable_svalue): New.
2094 (is_a_helper <const unmergeable_svalue *>::test): New.
2095 (class placeholder_svalue): New.
2096 (is_a_helper <placeholder_svalue *>::test): New.
2097 (class widening_svalue): New.
2098 (is_a_helper <widening_svalue *>::test): New.
2099 (template <> struct default_hash_traits<widening_svalue::key_t>): New.
2100 (class compound_svalue): New.
2101 (is_a_helper <compound_svalue *>::test): New.
2102 (template <> struct default_hash_traits<compound_svalue::key_t>): New.
2103 (class conjured_svalue): New.
2104 (is_a_helper <conjured_svalue *>::test): New.
2105 (template <> struct default_hash_traits<conjured_svalue::key_t>): New.
2106 (enum region_kind): Delete RK_PRIMITIVE, RK_STRUCT, RK_UNION, and
2107 RK_ARRAY. Add RK_LABEL, RK_DECL, RK_FIELD, RK_ELEMENT, RK_OFFSET,
2108 RK_CAST, RK_HEAP_ALLOCATED, RK_ALLOCA, RK_STRING, and RK_UNKNOWN.
2109 (region_kind_to_str): Delete.
2110 (region::~region): Move implementation to region.cc.
2111 (region::operator==): Delete.
2112 (region::operator!=): Delete.
2113 (region::clone): Delete.
2114 (region::get_id): New.
2115 (region::cmp_ids): New.
2116 (region::dyn_cast_map_region): Delete.
2117 (region::dyn_cast_array_region): Delete.
2118 (region::region_id get_parent): Delete.
2119 (region::get_parent_region): Convert to a simple accessor.
2120 (region::void set_value): Delete.
2121 (region::svalue_id get_value): Delete.
2122 (region::svalue_id get_value_direct): Delete.
2123 (region::svalue_id get_inherited_child_sid): Delete.
2124 (region::dyn_cast_frame_region): New.
2125 (region::dyn_cast_function_region): New.
2126 (region::dyn_cast_decl_region): New.
2127 (region::dyn_cast_field_region): New.
2128 (region::dyn_cast_element_region): New.
2129 (region::dyn_cast_offset_region): New.
2130 (region::dyn_cast_cast_region): New.
2131 (region::dyn_cast_string_region): New.
2132 (region::accept): New.
2133 (region::get_base_region): New.
2134 (region::base_region_p): New.
2135 (region::descendent_of_p): New.
2136 (region::maybe_get_frame_region): New.
2137 (region::maybe_get_decl): New.
2138 (region::hash): Delete.
2139 (region::rint): Delete.
2140 (region::dump_dot_to_pp): Delete.
2141 (region::get_desc): New.
2142 (region::dump_to_pp): Convert to vfunc, changing signature.
2143 (region::dump_child_label): Delete.
2144 (region::remap_svalue_ids): Delete.
2145 (region::remap_region_ids): Delete.
2146 (region::dump): New.
2147 (region::walk_for_canonicalization): Delete.
2148 (region::non_null_p): Drop region_model param.
2149 (region::add_view): Delete.
2150 (region::get_view): Delete.
2151 (region::get_active_view): Delete.
2152 (region::is_view_p): Delete.
2153 (region::cmp_ptrs): New.
2154 (region::validate): Delete.
2155 (region::get_offset): New.
2156 (region::get_byte_size): New.
2157 (region::get_bit_size): New.
2158 (region::get_subregions_for_binding): New.
2159 (region::region): Add complexity param. Convert parent from
2160 region_id to const region *. Drop svalue_id. Drop copy ctor.
2161 (region::symbolic_for_unknown_ptr_p): New.
2162 (region::add_to_hash): Delete.
2163 (region::print_fields): Delete.
2164 (region::get_complexity): New accessor.
2165 (region::become_active_view): Delete.
2166 (region::deactivate_any_active_view): Delete.
2167 (region::deactivate_view): Delete.
2168 (region::calc_offset): New.
2169 (region::m_parent_rid): Delete.
2170 (region::m_sval_id): Delete.
2171 (region::m_complexity): New.
2172 (region::m_id): New.
2173 (region::m_parent): New.
2174 (region::m_view_rids): Delete.
2175 (region::m_is_view): Delete.
2176 (region::m_active_view_rid): Delete.
2177 (region::m_cached_offset): New.
2178 (is_a_helper <region *>::test): Convert to...
2179 (is_a_helper <const region *>::test): ... this.
2180 (class primitive_region): Delete.
2181 (class space_region): New.
2182 (class map_region): Delete.
2183 (is_a_helper <map_region *>::test): Delete.
2184 (class frame_region): Reimplement.
2185 (template <> struct default_hash_traits<frame_region::key_t>):
2186 New.
2187 (class globals_region): Reimplement.
2188 (is_a_helper <globals_region *>::test): Convert to...
2189 (is_a_helper <const globals_region *>::test): ...this.
2190 (class struct_or_union_region): Delete.
2191 (is_a_helper <struct_or_union_region *>::test): Delete.
2192 (class code_region): Reimplement.
2193 (is_a_helper <const code_region *>::test): New.
2194 (class struct_region): Delete.
2195 (is_a_helper <struct_region *>::test): Delete.
2196 (class function_region): Reimplement.
2197 (is_a_helper <function_region *>::test): Convert to...
2198 (is_a_helper <const function_region *>::test): ...this.
2199 (class union_region): Delete.
2200 (is_a_helper <union_region *>::test): Delete.
2201 (class label_region): New.
2202 (is_a_helper <const label_region *>::test): New.
2203 (class scope_region): Delete.
2204 (class stack_region): Reimplement.
2205 (is_a_helper <stack_region *>::test): Convert to...
2206 (is_a_helper <const stack_region *>::test): ...this.
2207 (class heap_region): Reimplement.
2208 (is_a_helper <heap_region *>::test): Convert to...
2209 (is_a_helper <const heap_region *>::test): ...this.
2210 (class root_region): Reimplement.
2211 (is_a_helper <root_region *>::test): Convert to...
2212 (is_a_helper <const root_region *>::test): ...this.
2213 (class symbolic_region): Reimplement.
2214 (is_a_helper <const symbolic_region *>::test): New.
2215 (template <> struct default_hash_traits<symbolic_region::key_t>):
2216 New.
2217 (class decl_region): New.
2218 (is_a_helper <const decl_region *>::test): New.
2219 (class field_region): New.
2220 (template <> struct default_hash_traits<field_region::key_t>): New.
2221 (class array_region): Delete.
2222 (class element_region): New.
2223 (is_a_helper <array_region *>::test): Delete.
2224 (is_a_helper <const element_region *>::test): New.
2225 (template <> struct default_hash_traits<element_region::key_t>):
2226 New.
2227 (class offset_region): New.
2228 (is_a_helper <const offset_region *>::test): New.
2229 (template <> struct default_hash_traits<offset_region::key_t>):
2230 New.
2231 (class cast_region): New.
2232 (is_a_helper <const cast_region *>::test): New.
2233 (template <> struct default_hash_traits<cast_region::key_t>): New.
2234 (class heap_allocated_region): New.
2235 (class alloca_region): New.
2236 (class string_region): New.
2237 (is_a_helper <const string_region *>::test): New.
2238 (class unknown_region): New.
2239 (class region_model_manager): New.
2240 (struct append_ssa_names_cb_data): New.
2241 (class call_details): New.
2242 (region_model::region_model): Add region_model_manager param.
2243 (region_model::print_svalue): Delete.
2244 (region_model::dump_dot_to_pp): Delete.
2245 (region_model::dump_dot_to_file): Delete.
2246 (region_model::dump_dot): Delete.
2247 (region_model::dump_to_pp): Drop summarize param in favor of
2248 simple and multiline.
2249 (region_model::dump): Likewise.
2250 (region_model::summarize_to_pp): Delete.
2251 (region_model::summarize): Delete.
2252 (region_model::void canonicalize): Drop ctxt param.
2253 (region_model::void check_for_poison): Delete.
2254 (region_model::get_gassign_result): New.
2255 (region_model::impl_call_alloca): New.
2256 (region_model::impl_call_analyzer_describe): New.
2257 (region_model::impl_call_analyzer_eval): New.
2258 (region_model::impl_call_builtin_expect): New.
2259 (region_model::impl_call_calloc): New.
2260 (region_model::impl_call_free): New.
2261 (region_model::impl_call_malloc): New.
2262 (region_model::impl_call_memset): New.
2263 (region_model::impl_call_strlen): New.
2264 (region_model::get_reachable_svalues): New.
2265 (region_model::handle_phi): Drop is_back_edge param.
2266 (region_model::region_id get_root_rid): Delete.
2267 (region_model::root_region *get_root_region): Delete.
2268 (region_model::region_id get_stack_region_id): Delete.
2269 (region_model::push_frame): Convert from region_id and svalue_id
2270 to const region * and const svalue *.
2271 (region_model::get_current_frame_id): Replace with...
2272 (region_model::get_current_frame): ...this.
2273 (region_model::pop_frame): Convert from region_id to
2274 const region *. Drop purge and stats param. Add out_result.
2275 (region_model::function *get_function_at_depth): Delete.
2276 (region_model::get_globals_region_id): Delete.
2277 (region_model::add_svalue): Delete.
2278 (region_model::replace_svalue): Delete.
2279 (region_model::add_region): Delete.
2280 (region_model::add_region_for_type): Delete.
2281 (region_model::get_svalue): Delete.
2282 (region_model::get_region): Delete.
2283 (region_model::get_lvalue): Convert from region_id to
2284 const region *.
2285 (region_model::get_rvalue): Convert from svalue_id to
2286 const svalue *.
2287 (region_model::get_or_create_ptr_svalue): Delete.
2288 (region_model::get_or_create_constant_svalue): Delete.
2289 (region_model::get_svalue_for_fndecl): Delete.
2290 (region_model::get_svalue_for_label): Delete.
2291 (region_model::get_region_for_fndecl): Delete.
2292 (region_model::get_region_for_label): Delete.
2293 (region_model::get_frame_at_index (int index) const;): New.
2294 (region_model::maybe_cast): Delete.
2295 (region_model::maybe_cast_1): Delete.
2296 (region_model::get_field_region): Delete.
2297 (region_model::id deref_rvalue): Convert from region_id and
2298 svalue_id to const region * and const svalue *. Drop overload,
2299 passing in both a tree and an svalue.
2300 (region_model::set_value): Convert from region_id and svalue_id to
2301 const region * and const svalue *.
2302 (region_model::set_to_new_unknown_value): Delete.
2303 (region_model::clobber_region (const region *reg);): New.
2304 (region_model::purge_region (const region *reg);): New.
2305 (region_model::zero_fill_region (const region *reg);): New.
2306 (region_model::mark_region_as_unknown (const region *reg);): New.
2307 (region_model::copy_region): Convert from region_id to
2308 const region *.
2309 (region_model::eval_condition): Convert from svalue_id to
2310 const svalue *.
2311 (region_model::eval_condition_without_cm): Likewise.
2312 (region_model::compare_initial_and_pointer): New.
2313 (region_model:maybe_get_constant): Delete.
2314 (region_model::add_new_malloc_region): Delete.
2315 (region_model::get_representative_tree): Convert from svalue_id to
2316 const svalue *.
2317 (region_model::get_representative_path_var): Delete decl taking a
2318 region_id in favor of two decls, for svalue vs region, with an
2319 svalue_set to ensure termination.
2320 (region_model::get_path_vars_for_svalue): Delete.
2321 (region_model::create_region_for_heap_alloc): New.
2322 (region_model::create_region_for_alloca): New.
2323 (region_model::purge_unused_svalues): Delete.
2324 (region_model::remap_svalue_ids): Delete.
2325 (region_model::remap_region_ids): Delete.
2326 (region_model::purge_regions): Delete.
2327 (region_model::get_num_svalues): Delete.
2328 (region_model::get_num_regions): Delete.
2329 (region_model::get_descendents): Delete.
2330 (region_model::get_store): New.
2331 (region_model::delete_region_and_descendents): Delete.
2332 (region_model::get_manager): New.
2333 (region_model::unbind_region_and_descendents): New.
2334 (region_model::can_merge_with_p): Add point param. Drop
2335 svalue_id_merger_mapping.
2336 (region_model::get_value_by_name): Delete.
2337 (region_model::convert_byte_offset_to_array_index): Delete.
2338 (region_model::get_or_create_mem_ref): Delete.
2339 (region_model::get_or_create_pointer_plus_expr): Delete.
2340 (region_model::get_or_create_view): Delete.
2341 (region_model::get_lvalue_1): Convert from region_id to
2342 const region *.
2343 (region_model::get_rvalue_1): Convert from svalue_id to
2344 const svalue *.
2345 (region_model::get_ssa_name_regions_for_current_frame): New.
2346 (region_model::append_ssa_names_cb): New.
2347 (region_model::get_store_value): New.
2348 (region_model::copy_struct_region): Delete.
2349 (region_model::copy_union_region): Delete.
2350 (region_model::copy_array_region): Delete.
2351 (region_model::region_exists_p): New.
2352 (region_model::make_region_for_unexpected_tree_code): Delete.
2353 (region_model::loop_replay_fixup): New.
2354 (region_model::poison_any_pointers_to_bad_regions): Delete.
2355 (region_model::poison_any_pointers_to_descendents): New.
2356 (region_model::dump_summary_of_rep_path_vars): Delete.
2357 (region_model::on_top_level_param): New.
2358 (region_model::record_dynamic_extents): New.
2359 (region_model::m_mgr;): New.
2360 (region_model::m_store;): New.
2361 (region_model::m_svalues;): Delete.
2362 (region_model::m_regions;): Delete.
2363 (region_model::m_root_rid;): Delete.
2364 (region_model::m_current_frame;): New.
2365 (region_model_context::remap_svalue_ids): Delete.
2366 (region_model_context::can_purge_p): Delete.
2367 (region_model_context::on_svalue_leak): New.
2368 (region_model_context::on_svalue_purge): Delete.
2369 (region_model_context::on_liveness_change): New.
2370 (region_model_context::on_inherited_svalue): Delete.
2371 (region_model_context::on_cast): Delete.
2372 (region_model_context::on_unknown_change): Convert from svalue_id to
2373 const svalue * and add is_mutable.
2374 (class noop_region_model_context): Update for region_model_context
2375 changes.
2376 (model_merger::model_merger): Add program_point. Drop
2377 svalue_id_merger_mapping.
2378 (model_merger::dump_to_pp): Add "simple" param.
2379 (model_merger::dump): Likewise.
2380 (model_merger::get_region_a): Delete.
2381 (model_merger::get_region_b): Delete.
2382 (model_merger::can_merge_values_p): Delete.
2383 (model_merger::record_regions): Delete.
2384 (model_merger::record_svalues): Delete.
2385 (model_merger::m_point): New field.
2386 (model_merger::m_map_regions_from_a_to_m): Delete.
2387 (model_merger::m_map_regions_from_b_to_m): Delete.
2388 (model_merger::m_sid_mapping): Delete.
2389 (struct svalue_id_merger_mapping): Delete.
2390 (class engine): New.
2391 (struct canonicalization): Delete.
2392 (inchash::add): Delete decls for hashing svalue_id and region_id.
2393 (test_region_model_context::on_unexpected_tree_code): Require t to
2394 be non-NULL.
2395 (selftest::assert_condition): Add overload comparing a pair of
2396 const svalue *.
2397 * sm-file.cc: Include "tristate.h", "selftest.h",
2398 "analyzer/call-string.h", "analyzer/program-point.h",
2399 "analyzer/store.h", and "analyzer/region-model.h".
2400 (fileptr_state_machine::get_default_state): New.
2401 (fileptr_state_machine::on_stmt): Remove calls to
2402 get_readable_tree in favor of get_diagnostic_tree.
2403 * sm-malloc.cc: Include "tristate.h", "selftest.h",
2404 "analyzer/call-string.h", "analyzer/program-point.h",
2405 "analyzer/store.h", and "analyzer/region-model.h".
2406 (malloc_state_machine::get_default_state): New.
2407 (malloc_state_machine::reset_when_passed_to_unknown_fn_p): New.
2408 (malloc_diagnostic::describe_state_change): Handle change.m_expr
2409 being NULL.
2410 (null_arg::emit): Avoid printing "NULL '0'".
2411 (null_arg::describe_final_event): Avoid printing "(0) NULL".
2412 (malloc_leak::emit): Handle m_arg being NULL.
2413 (malloc_leak::describe_final_event): Handle ev.m_expr being NULL.
2414 (malloc_state_machine::on_stmt): Don't call get_readable_tree.
2415 Call get_diagnostic_tree when creating pending diagnostics.
2416 Update for is_zero_assignment becoming a member function of
2417 sm_ctxt.
2418 Don't transition to m_non_heap for ADDR_EXPR(MEM_REF()).
2419 (malloc_state_machine::reset_when_passed_to_unknown_fn_p): New
2420 vfunc implementation.
2421 * sm-sensitive.cc (sensitive_state_machine::warn_for_any_exposure): Call
2422 get_diagnostic_tree and pass the result to warn_for_state.
2423 * sm-signal.cc: Move includes of "analyzer/call-string.h" and
2424 "analyzer/program-point.h" to before "analyzer/region-model.h",
2425 and also include "analyzer/store.h" before it.
2426 (signal_unsafe_call::describe_state_change): Use
2427 get_dest_function to get handler.
2428 (update_model_for_signal_handler): Pass manager to region_model
2429 ctor.
2430 (register_signal_handler::impl_transition): Update for changes to
2431 get_or_create_node and add_edge.
2432 * sm-taint.cc (taint_state_machine::on_stmt): Remove calls to
2433 get_readable_tree, replacing them when calling warn_for_state with
2434 calls to get_diagnostic_tree.
2435 * sm.cc (is_zero_assignment): Delete.
2436 (any_pointer_p): Move to within namespace ana.
2437 * sm.h (is_zero_assignment): Remove decl.
2438 (any_pointer_p): Move decl to within namespace ana.
2439 (state_machine::get_default_state): New vfunc.
2440 (state_machine::reset_when_passed_to_unknown_fn_p): New vfunc.
2441 (sm_context::get_readable_tree): Rename to...
2442 (sm_context::get_diagnostic_tree): ...this.
2443 (sm_context::is_zero_assignment): New vfunc.
2444 * store.cc: New file.
2445 * store.h: New file.
2446 * svalue.cc: New file.
2447
2221fb6f
MW		 24482020-05-22 Mark Wielaard <mark@klomp.org>
2449
2450 * sm-signal.cc(signal_unsafe_call::emit): Possibly add
2451 gcc_rich_location note for replacement.
2452 (signal_unsafe_call::get_replacement_fn): New private function.
2453 (get_async_signal_unsafe_fns): Add "exit".
2454
5eae0ac7
DM		 24552020-04-28 David Malcolm <dmalcolm@redhat.com>
2456
2457 PR analyzer/94816
2458 * engine.cc (impl_region_model_context::on_unexpected_tree_code):
2459 Handle NULL tree.
2460 * region-model.cc (region_model::add_region_for_type): Handle
2461 NULL type.
2462 * region-model.h
2463 (test_region_model_context::on_unexpected_tree_code): Handle NULL
2464 tree.
2465
78b97837
DM		 24662020-04-28 David Malcolm <dmalcolm@redhat.com>
2467
2468 PR analyzer/94447
2469 PR analyzer/94639
2470 PR analyzer/94732
2471 PR analyzer/94754
2472 * analyzer.opt (Wanalyzer-use-of-uninitialized-value): Delete.
2473 * program-state.cc (selftest::test_program_state_dumping): Update
2474 expected dump result for removal of "uninit".
2475 * region-model.cc (poison_kind_to_str): Delete POISON_KIND_UNINIT
2476 case.
2477 (root_region::ensure_stack_region): Initialize stack with null
2478 svalue_id rather than with a typeless POISON_KIND_UNINIT value.
2479 (root_region::ensure_heap_region): Likewise for the heap.
2480 (region_model::dump_summary_of_rep_path_vars): Remove
2481 summarization of uninit values.
2482 (region_model::validate): Remove check that the stack has a
2483 POISON_KIND_UNINIT value.
2484 (poisoned_value_diagnostic::emit): Remove POISON_KIND_UNINIT
2485 case.
2486 (poisoned_value_diagnostic::describe_final_event): Likewise.
2487 (selftest::test_dump): Update expected dump result for removal of
2488 "uninit".
2489 (selftest::test_svalue_equality): Remove "uninit" and "freed".
2490 * region-model.h (enum poison_kind): Remove POISON_KIND_UNINIT.
2491
a96f1c38
DM		 24922020-04-01 David Malcolm <dmalcolm@redhat.com>
2493
2494 PR analyzer/94378
2495 * checker-path.cc: Include "bitmap.h".
2496 * constraint-manager.cc: Likewise.
2497 * diagnostic-manager.cc: Likewise.
2498 * engine.cc: Likewise.
2499 (exploded_node::detect_leaks): Pass null region_id to pop_frame.
2500 * program-point.cc: Include "bitmap.h".
2501 * program-state.cc: Likewise.
2502 * region-model.cc (id_set<region_id>::id_set): Convert to...
2503 (region_id_set::region_id_set): ...this.
2504 (svalue_id_set::svalue_id_set): New ctor.
2505 (region_model::copy_region): New function.
2506 (region_model::copy_struct_region): New function.
2507 (region_model::copy_union_region): New function.
2508 (region_model::copy_array_region): New function.
2509 (stack_region::pop_frame): Drop return value. Add
2510 "result_dst_rid" param; if it is non-null, use copy_region to copy
2511 the result to it. Rather than capture and pass a single "known
2512 used" return value to be used by purge_unused_values, instead
2513 gather and pass a set of known used return values.
2514 (root_region::pop_frame): Drop return value. Add "result_dst_rid"
2515 param.
2516 (region_model::on_assignment): Use copy_region.
2517 (region_model::on_return): Likewise for the result.
2518 (region_model::on_longjmp): Pass null for pop_frame's
2519 result_dst_rid.
2520 (region_model::update_for_return_superedge): Pass the region for the
2521 return value of the call, if any, to pop_frame, rather than setting
2522 the lvalue for the lhs of the result.
2523 (region_model::pop_frame): Drop return value. Add
2524 "result_dst_rid" param.
2525 (region_model::purge_unused_svalues): Convert third param from an
2526 svalue_id * to an svalue_id_set *, updating the initial populating
2527 of the "used" bitmap accordingly. Don't remap it when done.
2528 (struct selftest::coord_test): New selftest fixture, extracted from...
2529 (selftest::test_dump_2): ...here.
2530 (selftest::test_compound_assignment): New selftest.
2531 (selftest::test_stack_frames): Pass null to new param of pop_frame.
2532 (selftest::analyzer_region_model_cc_tests): Call the new selftest.
2533 * region-model.h (class id_set): Delete template.
2534 (class region_id_set): Reimplement, using old id_set implementation.
2535 (class svalue_id_set): Likewise. Convert from auto_sbitmap to
2536 auto_bitmap.
2537 (region::get_active_view): New accessor.
2538 (stack_region::pop_frame): Drop return value. Add
2539 "result_dst_rid" param.
2540 (root_region::pop_frame): Likewise.
2541 (region_model::pop_frame): Likewise.
2542 (region_model::copy_region): New decl.
2543 (region_model::purge_unused_svalues): Convert third param from an
2544 svalue_id * to an svalue_id_set *.
2545 (region_model::copy_struct_region): New decl.
2546 (region_model::copy_union_region): New decl.
2547 (region_model::copy_array_region): New decl.
2548
6969ac30
DM		 25492020-03-27 David Malcolm <dmalcolm@redhat.com>
2550
2551 * program-state.cc (selftest::test_program_state_dumping): Update
2552 expected dump to include symbolic_region's possibly_null field.
2553 * region-model.cc (symbolic_region::print_fields): New vfunc
2554 implementation.
2555 (region_model::add_constraint): Clear m_possibly_null from
2556 symbolic_regions now known to be non-NULL.
2557 (selftest::test_malloc_constraints): New selftest.
2558 (selftest::analyzer_region_model_cc_tests): Call it.
2559 * region-model.h (region::dyn_cast_symbolic_region): Add non-const
2560 overload.
2561 (symbolic_region::dyn_cast_symbolic_region): Implement it.
2562 (symbolic_region::print_fields): New vfunc override decl.
2563
42c63313
DM		 25642020-03-27 David Malcolm <dmalcolm@redhat.com>
2565
2566 * analyzer.h (class feasibility_problem): New forward decl.
2567 * diagnostic-manager.cc (saved_diagnostic::saved_diagnostic):
2568 Initialize new fields m_status, m_epath_length, and m_problem.
2569 (saved_diagnostic::~saved_diagnostic): Delete m_problem.
2570 (dedupe_candidate::dedupe_candidate): Convert "sd" param from a
2571 const ref to a mutable ptr.
2572 (dedupe_winners::add): Convert "sd" param from a const ref to a
2573 mutable ptr. Record the length of the exploded_path. Record the
2574 feasibility/infeasibility of sd into sd, capturing a
2575 feasibility_problem when feasible_p fails, and storing it in sd.
2576 (diagnostic_manager::emit_saved_diagnostics): Update for pass by
2577 ptr rather than by const ref.
2578 * diagnostic-manager.h (class saved_diagnostic): Add new enum
2579 status. Add fields m_status, m_epath_length and m_problem.
2580 (saved_diagnostic::set_feasible): New member function.
2581 (saved_diagnostic::set_infeasible): New member function.
2582 (saved_diagnostic::get_feasibility_problem): New accessor.
2583 (saved_diagnostic::get_status): New accessor.
2584 (saved_diagnostic::set_epath_length): New member function.
2585 (saved_diagnostic::get_epath_length): New accessor.
2586 * engine.cc: Include "gimple-pretty-print.h".
2587 (exploded_path::feasible_p): Add OUT param and, if non-NULL, write
2588 a new feasibility_problem to it on failure.
2589 (viz_callgraph_node::dump_dot): Convert begin_tr calls to
2590 begin_trtd. Convert end_tr calls to end_tdtr.
2591 (class exploded_graph_annotator): New subclass of dot_annotator.
2592 (impl_run_checkers): Add a second -fdump-analyzer-supergraph dump
2593 after the analysis runs, using exploded_graph_annotator. dumping
2594 to DUMP_BASE_NAME.supergraph-eg.dot.
2595 * exploded-graph.h (exploded_node::get_dot_fillcolor): Make
2596 public.
2597 (exploded_path::feasible_p): Add OUT param.
2598 (class feasibility_problem): New class.
2599 * state-purge.cc (state_purge_annotator::add_node_annotations):
2600 Return a bool, add a "within_table" param.
2601 (print_vec_of_names): Convert begin_tr calls to begin_trtd.
2602 Convert end_tr calls to end_tdtr.
2603 (state_purge_annotator::add_stmt_annotations): Add "within_row"
2604 param.
2605 * state-purge.h ((state_purge_annotator::add_node_annotations):
2606 Return a bool, add a "within_table" param.
2607 (state_purge_annotator::add_stmt_annotations): Add "within_row"
2608 param.
2609 * supergraph.cc (supernode::dump_dot): Call add_node_annotations
2610 twice: as before, passing false for "within_table", then again
2611 with true when within the TABLE element. Convert some begin_tr
2612 calls to begin_trtd, and some end_tr calls to end_tdtr.
2613 Repeat each add_stmt_annotations call, distinguishing between
2614 calls that add TRs and those that add TDs to an existing TR.
2615 Add a call to add_after_node_annotations.
2616 * supergraph.h (dot_annotator::add_node_annotations): Add a
2617 "within_table" param.
2618 (dot_annotator::add_stmt_annotations): Add a "within_row" param.
2619 (dot_annotator::add_after_node_annotations): New vfunc.
2620
8f023575
DM		 26212020-03-27 David Malcolm <dmalcolm@redhat.com>
2622
2623 * diagnostic-manager.cc (dedupe_winners::add): Show the
2624 exploded_node index in the log messages.
2625 (diagnostic_manager::emit_saved_diagnostics): Log a summary of
2626 m_saved_diagnostics at entry.
2627
4d661bb7
DM		 26282020-03-27 David Malcolm <dmalcolm@redhat.com>
2629
2630 * supergraph.cc (superedge::dump): Add space before description;
2631 move newline to non-pretty_printer overload.
2632
884d9141
DM		 26332020-03-18 David Malcolm <dmalcolm@redhat.com>
2634
2635 * region-model.cc: Include "stor-layout.h".
2636 (region_model::dump_to_pp): Rather than calling
2637 dump_summary_of_map on each of the current frame and the globals,
2638 instead get a vec of representative path_vars for all regions,
2639 and then dump a summary of all of them.
2640 (region_model::dump_summary_of_map): Delete, rewriting into...
2641 (region_model::dump_summary_of_rep_path_vars): ...this new
2642 function, working on a vec of path_vars.
2643 (region_model::set_value): New overload.
2644 (region_model::get_representative_path_var): Rename
2645 "parent_region" local to "parent_reg" and consolidate with other
2646 local. Guard test for grandparent being stack on parent_reg being
2647 non-NULL. Move handling for parent being an array_region to
2648 within guard for parent_reg being non-NULL.
2649 (selftest::make_test_compound_type): New function.
2650 (selftest::test_dump_2): New selftest.
2651 (selftest::test_dump_3): New selftest.
2652 (selftest::test_stack_frames): Update expected output from
2653 simplified dump to show "a" and "b" from parent frame and "y" in
2654 child frame.
2655 (selftest::analyzer_region_model_cc_tests): Call test_dump_2 and
2656 test_dump_3.
2657 * region-model.h (region_model::set_value): New overload decl.
2658 (region_model::dump_summary_of_map): Delete.
2659 (region_model::dump_summary_of_rep_path_vars): New.
2660
7d9c107a
DM		 26612020-03-18 David Malcolm <dmalcolm@redhat.com>
2662
2663 * region-model.h (class noop_region_model_context): New subclass
2664 of region_model_context.
2665 (class tentative_region_model_context): Inherit from
2666 noop_region_model_context rather than from region_model_context;
2667 drop redundant vfunc implementations.
2668 (class test_region_model_context): Likewise.
2669
0db2cd17
DM		 26702020-03-18 David Malcolm <dmalcolm@redhat.com>
2671
2672 * engine.cc (exploded_node::exploded_node): Move implementation
2673 here from header; accept point_and_state by const reference rather
2674 than by value.
2675 * exploded-graph.h (exploded_node::exploded_node): Pass
2676 point_and_state by const reference rather than by value. Move
2677 body to engine.cc.
2678
d5029d45
JJ		 26792020-03-18 Jakub Jelinek <jakub@redhat.com>
2680
2681 * sm-malloc.cc (malloc_state_machine::on_stmt): Fix up duplicated word
2682 issue in a comment.
2683 * region-model.cc (region_model::make_region_for_unexpected_tree_code,
2684 region_model::delete_region_and_descendents): Likewise.
2685 * engine.cc (class exploded_cluster): Likewise.
2686 * diagnostic-manager.cc (class path_builder): Likewise.
2687
5c048755
DM		 26882020-03-13 David Malcolm <dmalcolm@redhat.com>
2689
2690 PR analyzer/94099
2691 PR analyzer/94105
2692 * diagnostic-manager.cc (for_each_state_change): Bulletproof
2693 against errors in get_rvalue by passing a
2694 tentative_region_model_context and rejecting if there's an error.
2695 * region-model.cc (region_model::get_lvalue_1): When handling
2696 ARRAY_REF, handle results of error-handling. Handle NOP_EXPR.
2697
90f7c300
DM		 26982020-03-06 David Malcolm <dmalcolm@redhat.com>
2699
2700 * analyzer.h (class array_region): New forward decl.
2701 * program-state.cc (selftest::test_program_state_dumping_2): New.
2702 (selftest::analyzer_program_state_cc_tests): Call it.
2703 * region-model.cc (array_region::constant_from_key): New.
2704 (region_model::get_representative_tree): Handle region_svalue by
2705 generating an ADDR_EXPR.
2706 (region_model::get_representative_path_var): In view handling,
2707 remove erroneous TREE_TYPE when determining the type of the tree.
2708 Handle array regions and STRING_CST.
2709 (selftest::assert_dump_tree_eq): New.
2710 (ASSERT_DUMP_TREE_EQ): New macro.
2711 (selftest::test_get_representative_tree): New selftest.
2712 (selftest::analyzer_region_model_cc_tests): Call it.
2713 * region-model.h (region::dyn_cast_array_region): New vfunc.
2714 (array_region::dyn_cast_array_region): New vfunc implementation.
2715 (array_region::constant_from_key): New decl.
2716
41f99ba6
DM		 27172020-03-06 David Malcolm <dmalcolm@redhat.com>
2718
2719 * analyzer.h (dump_quoted_tree): New decl.
2720 * engine.cc (exploded_node::dump_dot): Pass region model to
2721 sm_state_map::print.
2722 * program-state.cc: Include diagnostic-core.h.
2723 (sm_state_map::print): Add "model" param and use it to print
2724 representative trees. Only print origin information if non-null.
2725 (sm_state_map::dump): Pass NULL for model to print call.
2726 (program_state::print): Pass region model to sm_state_map::print.
2727 (program_state::dump_to_pp): Use spaces rather than newlines when
2728 summarizing. Pass region_model to sm_state_map::print.
2729 (ana::selftest::assert_dump_eq): New function.
2730 (ASSERT_DUMP_EQ): New macro.
2731 (ana::selftest::test_program_state_dumping): New function.
2732 (ana::selftest::analyzer_program_state_cc_tests): Call it.
2733 * program-state.h (program_state::print): Add model param.
2734 * region-model.cc (dump_quoted_tree): New function.
2735 (map_region::print_fields): Use dump_quoted_tree rather than
2736 %qE to avoid lang-dependent output.
2737 (map_region::dump_child_label): Likewise.
2738 (region_model::dump_summary_of_map): For SK_REGION, when
2739 get_representative_path_var fails, print the region id rather than
2740 erroneously printing NULL.
2741 * sm.cc (state_machine::get_state_by_name): New function.
2742 * sm.h (state_machine::get_state_by_name): New decl.
2743
3c1645a3
DM		 27442020-03-04 David Malcolm <dmalcolm@redhat.com>
2745
2746 * region-model.cc (region::validate): Convert model param from ptr
2747 to reference. Update comment to reflect that it's now a vfunc.
2748 (map_region::validate): New vfunc implementation.
2749 (array_region::validate): New vfunc implementation.
2750 (stack_region::validate): New vfunc implementation.
2751 (root_region::validate): New vfunc implementation.
2752 (region_model::validate): Pass a reference rather than a pointer
2753 to the region::validate vfunc.
2754 * region-model.h (region::validate): Make virtual. Convert model
2755 param from ptr to reference.
2756 (map_region::validate): New vfunc decl.
2757 (array_region::validate): New vfunc decl.
2758 (stack_region::validate): New vfunc decl.
2759 (root_region::validate): New vfunc decl.
2760
e516294a
DM		 27612020-03-04 David Malcolm <dmalcolm@redhat.com>
2762
2763 PR analyzer/93993
2764 * region-model.cc (region_model::on_call_pre): Handle
2765 BUILT_IN_EXPECT and its variants.
2766 (region_model::add_any_constraints_from_ssa_def_stmt): Split out
2767 gassign handling into add_any_constraints_from_gassign; add gcall
2768 handling.
2769 (region_model::add_any_constraints_from_gassign): New function,
2770 based on the above. Add handling for NOP_EXPR.
2771 (region_model::add_any_constraints_from_gcall): New function.
2772 (region_model::get_representative_path_var): Handle views.
2773 * region-model.h
2774 (region_model::add_any_constraints_from_ssa_def_stmt): New decl.
2775 (region_model::add_any_constraints_from_gassign): New decl.
2776
3d66e153
DM		 27772020-03-04 David Malcolm <dmalcolm@redhat.com>
2778
2779 PR analyzer/93993
2780 * checker-path.h (state_change_event::get_lvalue): Add ctxt param
2781 and pass it to region_model::get_value call.
2782 * diagnostic-manager.cc (get_any_origin): Pass a
2783 tentative_region_model_context to the calls to get_lvalue and reject
2784 the comparison if errors occur.
2785 (can_be_expr_of_interest_p): New function.
2786 (diagnostic_manager::prune_for_sm_diagnostic): Replace checks for
2787 CONSTANT_CLASS_P with calls to update_for_unsuitable_sm_exprs.
2788 Pass a tentative_region_model_context to the calls to
2789 state_change_event::get_lvalue and reject the comparison if errors
2790 occur.
2791 (diagnostic_manager::update_for_unsuitable_sm_exprs): New.
2792 * diagnostic-manager.h
2793 (diagnostic_manager::update_for_unsuitable_sm_exprs): New decl.
2794 * region-model.h (class tentative_region_model_context): New class.
2795
13e3ba14
DM		 27962020-03-04 David Malcolm <dmalcolm@redhat.com>
2797
2798 * engine.cc (worklist::worklist): Remove unused field m_eg.
2799 (class viz_callgraph_edge): Remove unused field m_call_sedge.
2800 (class viz_callgraph): Remove unused field m_sg.
2801 * exploded-graph.h (worklist::::m_eg): Remove unused field.
2802
13b76912
DM		 28032020-03-02 David Malcolm <dmalcolm@redhat.com>
2804
2805 * analyzer.opt (fanalyzer-show-duplicate-count): New option.
2806 * diagnostic-manager.cc
2807 (diagnostic_manager::emit_saved_diagnostic): Use the above to
2808 guard the printing of the duplicate count.
2809
9f00b22f
DM		 28102020-03-02 David Malcolm <dmalcolm@redhat.com>
2811
2812 PR analyzer/93959
2813 * analyzer.cc (is_std_function_p): New function.
2814 (is_std_named_call_p): New functions.
2815 * analyzer.h (is_std_named_call_p): New decl.
2816 * sm-malloc.cc (malloc_state_machine::on_stmt): Check for "std::"
2817 variants when checking for malloc, calloc and free.
2818
71b633aa
DM		 28192020-02-26 David Malcolm <dmalcolm@redhat.com>
2820
2821 PR analyzer/93950
2822 * diagnostic-manager.cc
2823 (diagnostic_manager::prune_for_sm_diagnostic): Assert that var is
2824 either NULL or not a constant. When updating var, bulletproof
2825 against constant values.
2826
0ba70d1b
DM		 28272020-02-26 David Malcolm <dmalcolm@redhat.com>
2828
2829 PR analyzer/93947
2830 * region-model.cc (region_model::get_fndecl_for_call): Gracefully
2831 fail for fn_decls that don't have a cgraph_node.
2832
67fa274c
DM		 28332020-02-26 David Malcolm <dmalcolm@redhat.com>
2834
2835 * bar-chart.cc: New file.
2836 * bar-chart.h: New file.
2837 * engine.cc: Include "analyzer/bar-chart.h".
2838 (stats::log): Only log the m_num_nodes kinds that are non-zero.
2839 (stats::dump): Likewise when dumping.
2840 (stats::get_total_enodes): New.
2841 (exploded_graph::get_or_create_node): Increment the per-point-data
2842 m_excess_enodes when hitting the per-program-point limit on
2843 enodes.
2844 (exploded_graph::print_bar_charts): New.
2845 (exploded_graph::log_stats): Log the number of unprocessed enodes
2846 in the worklist. Call print_bar_charts.
2847 (exploded_graph::dump_stats): Print the number of unprocessed
2848 enodes in the worklist.
2849 * exploded-graph.h (stats::get_total_enodes): New decl.
2850 (struct per_program_point_data): Add field m_excess_enodes.
2851 (exploded_graph::print_bar_charts): New decl.
2852 * supergraph.cc (superedge::dump): New.
2853 (superedge::dump): New.
2854 * supergraph.h (supernode::get_function): New.
2855 (superedge::dump): New decl.
2856 (superedge::dump): New decl.
2857
f2ca2088
DM		 28582020-02-24 David Malcolm <dmalcolm@redhat.com>
2859
2860 * engine.cc (exploded_graph::get_or_create_node): Dump the
2861 program_state to the pp, rather than to stderr.
2862
b3d788a2
DM		 28632020-02-24 David Malcolm <dmalcolm@redhat.com>
2864
2865 PR analyzer/93032
2866 * sm.cc (make_checkers): Require the "taint" checker to be
2867 explicitly enabled.
2868
3a25f345
DM		 28692020-02-24 David Malcolm <dmalcolm@redhat.com>
2870
2871 PR analyzer/93899
2872 * engine.cc
2873 (impl_region_model_context::impl_region_model_context): Add logger
2874 param.
2875 * engine.cc (exploded_graph::add_function_entry): Create an
2876 impl_region_model_context and pass it to the push_frame call.
2877 Bail if the resulting state is invalid.
2878 (exploded_graph::build_initial_worklist): Likewise.
2879 (exploded_graph::build_initial_worklist): Handle the case where
2880 add_function_entry fails.
2881 * exploded-graph.h
2882 (impl_region_model_context::impl_region_model_context): Add logger
2883 param.
2884 * region-model.cc (map_region::get_or_create): Add ctxt param and
2885 pass it to add_region_for_type.
2886 (map_region::can_merge_p): Pass NULL as a ctxt to call to
2887 get_or_create.
2888 (array_region::get_element): Pass ctxt to call to get_or_create.
2889 (array_region::get_or_create): Add ctxt param and pass it to
2890 add_region_for_type.
2891 (root_region::push_frame): Pass ctxt to get_or_create calls.
2892 (region_model::get_lvalue_1): Likewise.
2893 (region_model::make_region_for_unexpected_tree_code): Assert that
2894 ctxt is non-NULL.
2895 (region_model::get_rvalue_1): Pass ctxt to get_svalue_for_fndecl
2896 and get_svalue_for_label calls.
2897 (region_model::get_svalue_for_fndecl): Add ctxt param and pass it
2898 to get_region_for_fndecl.
2899 (region_model::get_region_for_fndecl): Add ctxt param and pass it
2900 to get_or_create.
2901 (region_model::get_svalue_for_label): Add ctxt param and pass it
2902 to get_region_for_label.
2903 (region_model::get_region_for_label): Add ctxt param and pass it
2904 to get_region_for_fndecl and get_or_create.
2905 (region_model::get_field_region): Add ctxt param and pass it to
2906 get_or_create_view and get_or_create.
2907 (make_region_for_type): Replace gcc_unreachable with return NULL.
2908 (region_model::add_region_for_type): Add ctxt param. Handle a
2909 return of NULL from make_region_for_type by calling
2910 make_region_for_unexpected_tree_code.
2911 (region_model::get_or_create_mem_ref): Pass ctxt to calls to
2912 get_or_create_view.
2913 (region_model::get_or_create_view): Add ctxt param and pass it to
2914 add_region_for_type.
2915 (selftest::test_state_merging): Pass ctxt to get_or_create_view.
2916 * region-model.h (region_model::get_or_create): Add ctxt param.
2917 (region_model::add_region_for_type): Likewise.
2918 (region_model::get_svalue_for_fndecl): Likewise.
2919 (region_model::get_svalue_for_label): Likewise.
2920 (region_model::get_region_for_fndecl): Likewise.
2921 (region_model::get_region_for_label): Likewise.
2922 (region_model::get_field_region): Likewise.
2923 (region_model::get_or_create_view): Likewise.
2924
004f2c07
DM		 29252020-02-24 David Malcolm <dmalcolm@redhat.com>
2926
2927 * checker-path.cc (superedge_event::should_filter_p): Update
2928 filter for empty descriptions to cover verbosity level 3 as well
2929 as 2.
2930 * diagnostic-manager.cc: Include "analyzer/reachability.h".
2931 (class path_builder): New class.
2932 (diagnostic_manager::emit_saved_diagnostic): Create a path_builder
2933 and pass it to build_emission_path, rather passing eg; similarly
2934 for add_events_for_eedge and ext_state.
2935 (diagnostic_manager::build_emission_path): Replace "eg" param
2936 with a path_builder, pass it to add_events_for_eedge.
2937 (diagnostic_manager::add_events_for_eedge): Replace ext_state
2938 param with path_builder; pass it to add_events_for_superedge.
2939 (diagnostic_manager::significant_edge_p): New.
2940 (diagnostic_manager::add_events_for_superedge): Add path_builder
2941 param. Reject insignificant edges at verbosity levels below 3.
2942 (diagnostic_manager::prune_for_sm_diagnostic): Update highest
2943 verbosity level to 4.
2944 * diagnostic-manager.h (class path_builder): New forward decl.
2945 (diagnostic_manager::build_emission_path): Replace "eg" param
2946 with a path_builder.
2947 (diagnostic_manager::add_events_for_eedge): Replace ext_state
2948 param with path_builder.
2949 (diagnostic_manager::significant_edge_p): New.
2950 (diagnostic_manager::add_events_for_superedge): Add path_builder
2951 param.
2952 * reachability.h: New file.
2953
0b2b45a6
DM		 29542020-02-18 David Malcolm <dmalcolm@redhat.com>
2955
2956 PR analyzer/93692
2957 * analyzer.opt (fdump-analyzer-callgraph): Rewrite description.
2958
4f40164a
DM		 29592020-02-18 David Malcolm <dmalcolm@redhat.com>
2960
2961 PR analyzer/93777
2962 * region-model.cc (region_model::maybe_cast_1): Replace assertion
2963 that build_cast returns non-NULL with a conditional, falling
2964 through to the logic which returns a new unknown value of the
2965 desired type if it fails.
2966
2e623393
DM		 29672020-02-18 David Malcolm <dmalcolm@redhat.com>
2968
2969 PR analyzer/93778
2970 * engine.cc (impl_region_model_context::on_unknown_tree_code):
2971 Rename to...
2972 (impl_region_model_context::on_unexpected_tree_code): ...this and
2973 convert first argument from path_var to tree.
2974 (exploded_node::on_stmt): Pass ctxt to purge_for_unknown_fncall.
2975 * exploded-graph.h (region_model_context::on_unknown_tree_code):
2976 Rename to...
2977 (region_model_context::on_unexpected_tree_code): ...this and
2978 convert first argument from path_var to tree.
2979 * program-state.cc (sm_state_map::purge_for_unknown_fncall): Add
2980 ctxt param and pass on to calls to get_rvalue.
2981 * program-state.h (sm_state_map::purge_for_unknown_fncall): Add
2982 ctxt param.
2983 * region-model.cc (region_model::handle_unrecognized_call): Pass
2984 ctxt on to call to get_rvalue.
2985 (region_model::get_lvalue_1): Move body of default case to
2986 region_model::make_region_for_unexpected_tree_code and call it.
2987 Within COMPONENT_REF case, reject attempts to handle types other
2988 than RECORD_TYPE and UNION_TYPE.
2989 (region_model::make_region_for_unexpected_tree_code): New
2990 function, based on default case of region_model::get_lvalue_1.
2991 * region-model.h
2992 (region_model::make_region_for_unexpected_tree_code): New decl.
2993 (region_model::on_unknown_tree_code): Rename to...
2994 (region_model::on_unexpected_tree_code): ...this and convert first
2995 argument from path_var to tree.
2996 (class test_region_model_context): Update vfunc implementation for
2997 above change.
2998
a674c7b8
DM		 29992020-02-18 David Malcolm <dmalcolm@redhat.com>
3000
3001 PR analyzer/93774
3002 * region-model.cc
3003 (region_model::convert_byte_offset_to_array_index): Use
3004 int_size_in_bytes before calling size_in_bytes, to gracefully fail
3005 on incomplete types.
3006
d8cde6f9
DM		 30072020-02-17 David Malcolm <dmalcolm@redhat.com>
3008
3009 PR analyzer/93775
3010 * region-model.cc (region_model::get_fndecl_for_call): Handle the
3011 case where the code_region's get_tree_for_child_region returns
3012 NULL.
3013
f76a88eb
DM		 30142020-02-17 David Malcolm <dmalcolm@redhat.com>
3015
3016 PR analyzer/93388
3017 * engine.cc (impl_region_model_context::on_unknown_tree_code):
3018 New.
3019 (exploded_graph::get_or_create_node): Reject invalid states.
3020 * exploded-graph.h
3021 (impl_region_model_context::on_unknown_tree_code): New decl.
3022 (point_and_state::point_and_state): Assert that the state is
3023 valid.
3024 * program-state.cc (program_state::program_state): Initialize
3025 m_valid to true.
3026 (program_state::operator=): Copy m_valid.
3027 (program_state::program_state): Likewise for move constructor.
3028 (program_state::print): Print m_valid.
3029 (program_state::dump_to_pp): Likewise.
3030 * program-state.h (program_state::m_valid): New field.
3031 * region-model.cc (region_model::get_lvalue_1): Implement the
3032 default case by returning a new symbolic region and calling
3033 the context's on_unknown_tree_code, rather than issuing an
3034 internal_error. Implement VIEW_CONVERT_EXPR.
3035 * region-model.h (region_model_context::on_unknown_tree_code): New
3036 vfunc.
3037 (test_region_model_context::on_unknown_tree_code): New.
3038
0993ad65
DM		 30392020-02-17 David Malcolm <dmalcolm@redhat.com>
3040
3041 * sm-malloc.cc (malloc_diagnostic::describe_state_change): For
3042 transition to the "null" state, only say "assuming" when
3043 transitioning from the "unchecked" state.
3044
67098787
DM		 30452020-02-17 David Malcolm <dmalcolm@redhat.com>
3046
3047 * diagnostic-manager.h (diagnostic_manager::get_saved_diagnostic):
3048 Add const overload.
3049 * engine.cc (exploded_node::dump_dot): Dump saved_diagnostics.
3050 * exploded-graph.h (exploded_graph::get_diagnostic_manager): Add
3051 const overload.
3052
91f993b7
DM		 30532020-02-11 David Malcolm <dmalcolm@redhat.com>
3054
3055 PR analyzer/93288
3056 * analysis-plan.cc (analysis_plan::use_summary_p): Look through
3057 the ultimate_alias_target when getting the called function.
3058 * engine.cc (exploded_node::on_stmt): Rename second "ctxt" to
3059 "sm_ctxt". Use the region_model's get_fndecl_for_call rather than
3060 gimple_call_fndecl.
3061 * region-model.cc (region_model::get_fndecl_for_call): Use
3062 ultimate_alias_target on fndecl.
3063 * supergraph.cc (get_ultimate_function_for_cgraph_edge): New
3064 function.
3065 (supergraph_call_edge): Use it when rejecting edges without
3066 functions.
3067 (supergraph::supergraph): Use it to get the function for the
3068 cgraph_edge when building interprocedural superedges.
3069 (callgraph_superedge::get_callee_function): Use it.
3070 * supergraph.h (supergraph::get_num_snodes): Make param const.
3071 (supergraph::function_to_num_snodes_t): Make first type param
3072 const.
3073
a60d9889
DM		 30742020-02-11 David Malcolm <dmalcolm@redhat.com>
3075
3076 PR analyzer/93374
3077 * engine.cc (exploded_edge::exploded_edge): Add ext_state param
3078 and pass it to change.validate.
3079 (exploded_graph::get_or_create_node): Move purging of change
3080 svalues to also cover the case of reusing an existing enode.
3081 (exploded_graph::add_edge): Pass m_ext_state to exploded_edge's
3082 ctor.
3083 * exploded-graph.h (exploded_edge::exploded_edge): Add ext_state
3084 param.
3085 * program-state.cc (state_change::sm_change::validate): Likewise.
3086 Assert that m_sm_idx is sane. Use ext_state to validate
3087 m_old_state and m_new_state.
3088 (state_change::validate): Add ext_state param and pass it to
3089 the sm_change validate calls.
3090 * program-state.h (state_change::sm_change::validate): Add
3091 ext_state param.
3092 (state_change::validate): Likewise.
3093
a0e4929b
DM		 30942020-02-11 David Malcolm <dmalcolm@redhat.com>
3095
3096 PR analyzer/93669
3097 * engine.cc (exploded_graph::dump_exploded_nodes): Handle missing
3098 case of STATUS_WORKLIST in implementation of
3099 "__analyzer_dump_exploded_nodes".
3100
cd28b759
DM		 31012020-02-11 David Malcolm <dmalcolm@redhat.com>
3102
3103 PR analyzer/93649
3104 * constraint-manager.cc (constraint_manager::add_constraint): When
3105 merging equivalence classes and updating m_constant, also update
3106 m_cst_sid.
3107 (constraint_manager::validate): If m_constant is non-NULL assert
3108 that m_cst_sid is non-null and is valid.
3109
5e17c1bd
DM		 31102020-02-11 David Malcolm <dmalcolm@redhat.com>
3111
3112 PR analyzer/93657
3113 * analyzer.opt (fdump-analyzer): Reword description.
3114 (fdump-analyzer-stderr): Likewise.
3115
c46d057f
DM		 31162020-02-11 David Malcolm <dmalcolm@redhat.com>
3117
3118 * region-model.cc (print_quoted_type): New function.
3119 (svalue::print): Use it to replace %qT.
3120 (region::dump_to_pp): Likewise.
3121 (region::dump_child_label): Likewise.
3122 (region::print_fields): Likewise.
3123
eb031d4b
DM		 31242020-02-10 David Malcolm <dmalcolm@redhat.com>
3125
3126 PR analyzer/93659
3127 * analyzer.opt (-param=analyzer-max-recursion-depth=): Fix "tha"
3128 -> "that" typo.
3129 (Wanalyzer-use-of-uninitialized-value): Fix "initialized" ->
3130 "uninitialized" typo.
3131
e87deb37
DM		 31322020-02-10 David Malcolm <dmalcolm@redhat.com>
3133
3134 PR analyzer/93350
3135 * region-model.cc (region_model::get_lvalue_1):
3136 Handle BIT_FIELD_REF.
3137 (make_region_for_type): Handle VECTOR_TYPE.
3138
e953f958
DM		 31392020-02-10 David Malcolm <dmalcolm@redhat.com>
3140
3141 PR analyzer/93647
3142 * diagnostic-manager.cc
3143 (diagnostic_manager::prune_for_sm_diagnostic): Bulletproof against
3144 VAR being constant.
3145 * region-model.cc (region_model::get_lvalue_1): Provide a better
3146 error message when encountering an unhandled tree code.
3147
41a9e940
DM		 31482020-02-10 David Malcolm <dmalcolm@redhat.com>
3149
3150 PR analyzer/93405
3151 * region-model.cc (region_model::get_lvalue_1): Implement
3152 CONST_DECL.
3153
cb273d81
DM		 31542020-02-06 David Malcolm <dmalcolm@redhat.com>
3155
3156 * region-model.cc (region_model::maybe_cast_1): Attempt to provide
3157 a region_svalue if either type is a pointer, rather than if both
3158 types are pointers.
3159
a4d3bfc0
DM		 31602020-02-05 David Malcolm <dmalcolm@redhat.com>
3161
3162 * engine.cc (exploded_node::dump_dot): Show merger enodes.
3163 (worklist::add_node): Assert that the node's m_status is
3164 STATUS_WORKLIST.
3165 (exploded_graph::process_worklist): Likewise for nodes from the
3166 worklist. Set status of merged nodes to STATUS_MERGER.
3167 (exploded_graph::process_node): Set status of node to
3168 STATUS_PROCESSED.
3169 (exploded_graph::dump_exploded_nodes): Rework handling of
3170 "__analyzer_dump_exploded_nodes", splitting enodes by status into
3171 "processed" and "merger", showing the count of just the processed
3172 enodes at the call, rather than the count of all enodes.
3173 * exploded-graph.h (exploded_node::status): New enum.
3174 (exploded_node::exploded_node): Initialize m_status to
3175 STATUS_WORKLIST.
3176 (exploded_node::get_status): New getter.
3177 (exploded_node::set_status): New setter.
3178
1dae549d
DM		 31792020-02-04 David Malcolm <dmalcolm@redhat.com>
3180
3181 PR analyzer/93543
3182 * engine.cc (pod_hash_traits<function_call_string>::mark_empty):
3183 Eliminate reinterpret_cast.
3184 (pod_hash_traits<function_call_string>::is_empty): Likewise.
3185
833f1e66
DM		 31862020-02-03 David Malcolm <dmalcolm@redhat.com>
3187
3188 * constraint-manager.cc (range::constrained_to_single_element):
3189 Replace fold_build2 with fold_binary. Remove unnecessary newline.
3190 (constraint_manager::get_or_add_equiv_class): Replace fold_build2
3191 with fold_binary in two places, and remove out-of-date comment.
3192 (constraint_manager::eval_condition): Replace fold_build2 with
3193 fold_binary.
3194 * region-model.cc (constant_svalue::eval_condition): Likewise.
3195 (region_model::on_assignment): Likewise.
3196
8525d1f5
DM		 31972020-02-03 David Malcolm <dmalcolm@redhat.com>
3198
3199 PR analyzer/93544
3200 * diagnostic-manager.cc
3201 (diagnostic_manager::prune_for_sm_diagnostic): Bulletproof
3202 against bad choices due to bad paths.
3203 * engine.cc (impl_region_model_context::on_phi): New.
3204 * exploded-graph.h (impl_region_model_context::on_phi): New decl.
3205 * region-model.cc (region_model::on_longjmp): Likewise.
3206 (region_model::handle_phi): Add phi param. Call the ctxt's on_phi
3207 vfunc.
3208 (region_model::update_for_phis): Pass phi to handle_phi.
3209 * region-model.h (region_model::handle_phi): Add phi param.
3210 (region_model_context::on_phi): New vfunc.
3211 (test_region_model_context::on_phi): New.
3212 * sm-malloc.cc (malloc_state_machine::on_phi): New.
3213 (malloc_state_machine::on_zero_assignment): New.
3214 * sm.h (state_machine::on_phi): New vfunc.
3215
73f38658
DM		 32162020-02-03 David Malcolm <dmalcolm@redhat.com>
3217
3218 * engine.cc (supernode_cluster::dump_dot): Show BB index as
3219 well as SN index.
3220 * supergraph.cc (supernode::dump_dot): Likewise.
3221
5e10b9a2
DM		 32222020-02-03 David Malcolm <dmalcolm@redhat.com>
3223
3224 PR analyzer/93546
3225 * region-model.cc (region_model::on_call_pre): Update for new
3226 param of symbolic_region ctor.
3227 (region_model::deref_rvalue): Likewise.
3228 (region_model::add_new_malloc_region): Likewise.
3229 (make_region_for_type): Likewise, preserving type.
3230 * region-model.h (symbolic_region::symbolic_region): Add "type"
3231 param and pass it to base class ctor.
3232
287ccd3b
DM		 32332020-02-03 David Malcolm <dmalcolm@redhat.com>
3234
3235 PR analyzer/93547
3236 * constraint-manager.cc
3237 (constraint_manager::get_or_add_equiv_class): Ensure types are
3238 compatible before comparing constants.
3239
67751724
DM		 32402020-01-31 David Malcolm <dmalcolm@redhat.com>
3241
3242 PR analyzer/93457
3243 * region-model.cc (make_region_for_type): Use VOID_TYPE_P rather
3244 than checking against void_type_node.
3245
09bea584
DM		 32462020-01-31 David Malcolm <dmalcolm@redhat.com>
3247
3248 PR analyzer/93373
3249 * region-model.cc (ASSERT_COMPAT_TYPES): Convert to...
3250 (assert_compat_types): ...this, and bail when either type is NULL,
3251 or when VOID_TYPE_P (dst_type).
3252 (region_model::get_lvalue): Update for above conversion.
3253 (region_model::get_rvalue): Likewise.
3254
f1c807e8
DM		 32552020-01-31 David Malcolm <dmalcolm@redhat.com>
3256
3257 PR analyzer/93379
3258 * region-model.cc (region_model::update_for_return_superedge):
3259 Move check for null result so that it also guards setting the
3260 lhs.
3261
455f58ec
DM		 32622020-01-31 David Malcolm <dmalcolm@redhat.com>
3263
3264 PR analyzer/93438
3265 * region-model.cc (stack_region::can_merge_p): Split into a two
3266 pass approach, creating all stack regions first, then populating
3267 them.
3268 (selftest::test_state_merging): Add test coverage for (a) the case
3269 of self-merging a model in which a local in an older stack frame
3270 points to a local in a more recent stack frame (which previously
3271 would ICE), and (b) the case of self-merging a model in which a
3272 local points to a global (which previously worked OK).
3273
182ce042
DM		 32742020-01-31 David Malcolm <dmalcolm@redhat.com>
3275
3276 * analyzer.cc (is_named_call_p): Replace tests for fndecl being
3277 extern at file scope and having a non-NULL DECL_NAME with a call
3278 to maybe_special_function_p.
3279 * function-set.cc (function_set::contains_decl_p): Add call to
3280 maybe_special_function_p.
3281
45eb3e49
DM		 32822020-01-31 David Malcolm <dmalcolm@redhat.com>
3283
3284 PR analyzer/93450
3285 * constraint-manager.cc
3286 (constraint_manager::get_or_add_equiv_class): Only compare constants
3287 if their types are compatible.
3288 * region-model.cc (constant_svalue::eval_condition): Replace check
3289 for identical types with call to types_compatible_p.
3290
42f36563
DM		 32912020-01-30 David Malcolm <dmalcolm@redhat.com>
3292
3293 * program-state.cc (extrinsic_state::dump_to_pp): New.
3294 (extrinsic_state::dump_to_file): New.
3295 (extrinsic_state::dump): New.
3296 * program-state.h (extrinsic_state::dump_to_pp): New decl.
3297 (extrinsic_state::dump_to_file): New decl.
3298 (extrinsic_state::dump): New decl.
3299 * sm.cc: Include "pretty-print.h".
3300 (state_machine::dump_to_pp): New.
3301 * sm.h (state_machine::dump_to_pp): New decl.
3302
ebe9174e
DM		 33032020-01-30 David Malcolm <dmalcolm@redhat.com>
3304
3305 * diagnostic-manager.cc (for_each_state_change): Use
3306 extrinsic_state::get_num_checkers rather than accessing m_checkers
3307 directly.
3308 * program-state.cc (program_state::program_state): Likewise.
3309 * program-state.h (extrinsic_state::m_checkers): Make private.
3310
e978955d
DM		 33112020-01-30 David Malcolm <dmalcolm@redhat.com>
3312
3313 PR analyzer/93356
3314 * region-model.cc (region_model::eval_condition): In both
3315 overloads, bail out immediately on floating-point types.
3316 (region_model::eval_condition_without_cm): Likewise.
3317 (region_model::add_constraint): Likewise.
3318
d177c49c
DM		 33192020-01-30 David Malcolm <dmalcolm@redhat.com>
3320
3321 PR analyzer/93450
3322 * program-state.cc (sm_state_map::set_state): For the overload
3323 taking an svalue_id, bail out if the set_state on the ec does
3324 nothing. Convert the latter's return type from void to bool,
3325 returning true if anything changed.
3326 (sm_state_map::impl_set_state): Convert the return type from void
3327 to bool, returning true if the state changed.
3328 * program-state.h (sm_state_map::set_state): Convert return type
3329 from void to bool.
3330 (sm_state_map::impl_set_state): Likewise.
3331 * region-model.cc (constant_svalue::eval_condition): Only call
3332 fold_build2 if the types are the same.
3333
7892ff37
JJ		 33342020-01-29 Jakub Jelinek <jakub@redhat.com>
3335
3336 * analyzer.h (PUSH_IGNORE_WFORMAT, POP_IGNORE_WFORMAT): Remove.
3337 * constraint-manager.cc: Include diagnostic-core.h before graphviz.h.
3338 (range::dump, equiv_class::print): Don't use PUSH_IGNORE_WFORMAT or
3339 POP_IGNORE_WFORMAT.
3340 * state-purge.cc: Include diagnostic-core.h before
3341 gimple-pretty-print.h.
3342 (state_purge_annotator::add_node_annotations, print_vec_of_names):
3343 Don't use PUSH_IGNORE_WFORMAT or POP_IGNORE_WFORMAT.
3344 * region-model.cc: Move diagnostic-core.h include before graphviz.h.
3345 (path_var::dump, svalue::print, constant_svalue::print_details,
3346 region::dump_to_pp, region::dump_child_label, region::print_fields,
3347 map_region::print_fields, map_region::dump_dot_to_pp,
3348 map_region::dump_child_label, array_region::print_fields,
3349 array_region::dump_dot_to_pp): Don't use PUSH_IGNORE_WFORMAT or
3350 POP_IGNORE_WFORMAT.
3351
5aebfb71
DM		 33522020-01-28 David Malcolm <dmalcolm@redhat.com>
3353
3354 PR analyzer/93316
3355 * engine.cc (rewind_info_t::update_model): Get the longjmp call
3356 stmt via get_longjmp_call () rather than assuming it is the last
3357 stmt in the longjmp's supernode.
3358 (rewind_info_t::add_events_to_path): Get the location_t for the
3359 rewind_from_longjmp_event via get_longjmp_call () rather than from
3360 the supernode's get_end_location ().
3361
6c8e5844
DM		 33622020-01-28 David Malcolm <dmalcolm@redhat.com>
3363
3364 * region-model.cc (poisoned_value_diagnostic::emit): Update for
3365 renaming of warning_at overload to warning_meta.
3366 * sm-file.cc (file_leak::emit): Likewise.
3367 * sm-malloc.cc (double_free::emit): Likewise.
3368 (possible_null_deref::emit): Likewise.
3369 (possible_null_arg::emit): Likewise.
3370 (null_deref::emit): Likewise.
3371 (null_arg::emit): Likewise.
3372 (use_after_free::emit): Likewise.
3373 (malloc_leak::emit): Likewise.
3374 (free_of_non_heap::emit): Likewise.
3375 * sm-sensitive.cc (exposure_through_output_file::emit): Likewise.
3376 * sm-signal.cc (signal_unsafe_call::emit): Likewise.
3377 * sm-taint.cc (tainted_array_index::emit): Likewise.
3378
8c08c983
DM		 33792020-01-27 David Malcolm <dmalcolm@redhat.com>
3380
3381 PR analyzer/93451
3382 * region-model.cc (tree_cmp): For the REAL_CST case, impose an
3383 arbitrary order on NaNs relative to other NaNs and to non-NaNs;
3384 const-correctness tweak.
3385 (ana::selftests::build_real_cst_from_string): New function.
3386 (ana::selftests::append_interesting_constants): New function.
3387 (ana::selftests::test_tree_cmp_on_constants): New test.
3388 (ana::selftests::test_canonicalization_4): New test.
3389 (ana::selftests::analyzer_region_model_cc_tests): Call the new
3390 tests.
3391
2fbea419
DM		 33922020-01-27 David Malcolm <dmalcolm@redhat.com>
3393
3394 PR analyzer/93349
3395 * engine.cc (run_checkers): Save and restore input_location.
3396
6a81cabc
DM		 33972020-01-27 David Malcolm <dmalcolm@redhat.com>
3398
3399 * call-string.cc (call_string::cmp_1): Delete, moving body to...
3400 (call_string::cmp): ...here.
3401 * call-string.h (call_string::cmp_1): Delete decl.
3402 * engine.cc (worklist::key_t::cmp_1): Delete, moving body to...
3403 (worklist::key_t::cmp): ...here. Implement hash comparisons
3404 via comparison rather than subtraction to avoid overflow issues.
3405 * exploded-graph.h (worklist::key_t::cmp_1): Delete decl.
3406 * region-model.cc (tree_cmp): Eliminate buggy checking for
3407 symmetry.
3408
342e14ff
DM		 34092020-01-27 David Malcolm <dmalcolm@redhat.com>
3410
3411 * analyzer.cc (is_named_call_p): Check that fndecl is "extern"
3412 and at file scope. Potentially disregard prefix _ or __ in
3413 fndecl's name. Bail if the identifier is NULL.
3414 (is_setjmp_call_p): Expect a gcall rather than plain gimple.
3415 Remove special-case check for leading prefix, and also check for
3416 sigsetjmp.
3417 (is_longjmp_call_p): Also check for siglongjmp.
3418 (get_user_facing_name): New function.
3419 * analyzer.h (is_setjmp_call_p): Expect a gcall rather than plain
3420 gimple.
3421 (get_user_facing_name): New decl.
3422 * checker-path.cc (setjmp_event::get_desc): Use
3423 get_user_facing_name to avoid hardcoding the function name.
3424 (rewind_event::rewind_event): Add rewind_info param, using it to
3425 initialize new m_rewind_info field, and strengthen the assertion.
3426 (rewind_from_longjmp_event::get_desc): Use get_user_facing_name to
3427 avoid hardcoding the function name.
3428 (rewind_to_setjmp_event::get_desc): Likewise.
3429 * checker-path.h (setjmp_event::setjmp_event): Add setjmp_call
3430 param and use it to initialize...
3431 (setjmp_event::m_setjmp_call): New field.
3432 (rewind_event::rewind_event): Add rewind_info param.
3433 (rewind_event::m_rewind_info): New protected field.
3434 (rewind_from_longjmp_event::rewind_from_longjmp_event): Add
3435 rewind_info param.
3436 (class rewind_to_setjmp_event): Move rewind_info field to parent
3437 class.
3438 * diagnostic-manager.cc (diagnostic_manager::add_events_for_eedge):
3439 Update setjmp-handling for is_setjmp_call_p requiring a gcall;
3440 pass the call to the new setjmp_event.
3441 * engine.cc (exploded_node::on_stmt): Update for is_setjmp_call_p
3442 requiring a gcall.
3443 (stale_jmp_buf::emit): Use get_user_facing_name to avoid
3444 hardcoding the function names.
3445 (exploded_node::on_longjmp): Pass the longjmp_call when
3446 constructing rewind_info.
3447 (rewind_info_t::add_events_to_path): Pass the rewind_info_t to the
3448 rewind_from_longjmp_event's ctor.
3449 * exploded-graph.h (rewind_info_t::rewind_info_t): Add
3450 longjmp_call param.
3451 (rewind_info_t::get_longjmp_call): New.
3452 (rewind_info_t::m_longjmp_call): New.
3453 * region-model.cc (region_model::on_setjmp): Update comment to
3454 indicate this is also for sigsetjmp.
3455 * region-model.h (struct setjmp_record): Likewise.
3456 (class setjmp_svalue): Likewise.
3457
26d949c8
DM		 34582020-01-27 David Malcolm <dmalcolm@redhat.com>
3459
3460 PR analyzer/93276
3461 * analyzer.h (PUSH_IGNORE_WFORMAT, POP_IGNORE_WFORMAT): Guard these
3462 macros with GCC_VERSION >= 4006, making them no-op otherwise.
3463 * engine.cc (exploded_edge::exploded_edge): Specify template for
3464 base class initializer.
3465 (exploded_graph::add_edge): Specify template when chaining up to
3466 base class add_edge implementation.
3467 (viz_callgraph_node::dump_dot): Drop redundant "typename".
3468 (viz_callgraph_edge::viz_callgraph_edge): Specify template for
3469 base class initializer.
3470 * program-state.cc (sm_state_map::clone_with_remapping): Drop
3471 redundant "typename".
3472 (sm_state_map::print): Likewise.
3473 (sm_state_map::hash): Likewise.
3474 (sm_state_map::operator==): Likewise.
3475 (sm_state_map::remap_svalue_ids): Likewise.
3476 (sm_state_map::on_svalue_purge): Likewise.
3477 (sm_state_map::validate): Likewise.
3478 * program-state.h (sm_state_map::iterator_t): Likewise.
3479 * supergraph.h (superedge::superedge): Specify template for base
3480 class initializer.
3481
648796da
DM		 34822020-01-23 David Malcolm <dmalcolm@redhat.com>
3483
3484 PR analyzer/93375
3485 * supergraph.cc (callgraph_superedge::get_arg_for_parm): Fail
3486 gracefully is the number of parameters at the callee exceeds the
3487 number of arguments at the call stmt.
3488 (callgraph_superedge::get_parm_for_arg): Likewise.
3489
591b59eb
DM		 34902020-01-22 David Malcolm <dmalcolm@redhat.com>
3491
3492 PR analyzer/93382
3493 * program-state.cc (sm_state_map::on_svalue_purge): If the
3494 entry survives, but the origin is being purged, then reset the
3495 origin to null.
3496
c9c8aef4
DM		 34972020-01-22 David Malcolm <dmalcolm@redhat.com>
3498
3499 * sm-signal.cc: Fix nesting of CHECKING_P and namespace ana.
3500
fd9982bb
DM		 35012020-01-22 David Malcolm <dmalcolm@redhat.com>
3502
3503 PR analyzer/93378
3504 * engine.cc (setjmp_svalue::compare_fields): Update for
3505 replacement of m_enode with m_setjmp_record.
3506 (setjmp_svalue::add_to_hash): Likewise.
3507 (setjmp_svalue::get_index): Rename...
3508 (setjmp_svalue::get_enode_index): ...to this.
3509 (setjmp_svalue::print_details): Update for replacement of m_enode
3510 with m_setjmp_record.
3511 (exploded_node::on_longjmp): Likewise.
3512 * exploded-graph.h (rewind_info_t::m_enode_origin): Replace...
3513 (rewind_info_t::m_setjmp_record): ...with this.
3514 (rewind_info_t::rewind_info_t): Update for replacement of m_enode
3515 with m_setjmp_record.
3516 (rewind_info_t::get_setjmp_point): Likewise.
3517 (rewind_info_t::get_setjmp_call): Likewise.
3518 * region-model.cc (region_model::dump_summary_of_map): Likewise.
3519 (region_model::on_setjmp): Likewise.
3520 * region-model.h (struct setjmp_record): New struct.
3521 (setjmp_svalue::m_enode): Replace...
3522 (setjmp_svalue::m_setjmp_record): ...with this.
3523 (setjmp_svalue::setjmp_svalue): Update for replacement of m_enode
3524 with m_setjmp_record.
3525 (setjmp_svalue::clone): Likewise.
3526 (setjmp_svalue::get_index): Rename...
3527 (setjmp_svalue::get_enode_index): ...to this.
3528 (setjmp_svalue::get_exploded_node): Replace...
3529 (setjmp_svalue::get_setjmp_record): ...with this.
3530
da7cf663
DM		 35312020-01-22 David Malcolm <dmalcolm@redhat.com>
3532
3533 PR analyzer/93316
3534 * analyzer.cc (is_setjmp_call_p): Check for "setjmp" as well as
3535 "_setjmp".
3536
75038aa6
DM		 35372020-01-22 David Malcolm <dmalcolm@redhat.com>
3538
3539 PR analyzer/93307
3540 * analysis-plan.h: Wrap everything namespace "ana".
3541 * analyzer-logging.cc: Likewise.
3542 * analyzer-logging.h: Likewise.
3543 * analyzer-pass.cc (pass_analyzer::execute): Update for "ana"
3544 namespace.
3545 * analyzer-selftests.cc: Wrap everything namespace "ana".
3546 * analyzer-selftests.h: Likewise.
3547 * analyzer.h: Likewise for forward decls of types.
3548 * call-string.h: Likewise.
3549 * checker-path.cc: Likewise.
3550 * checker-path.h: Likewise.
3551 * constraint-manager.cc: Likewise.
3552 * constraint-manager.h: Likewise.
3553 * diagnostic-manager.cc: Likewise.
3554 * diagnostic-manager.h: Likewise.
3555 * engine.cc: Likewise.
3556 * engine.h: Likewise.
3557 * exploded-graph.h: Likewise.
3558 * function-set.cc: Likewise.
3559 * function-set.h: Likewise.
3560 * pending-diagnostic.cc: Likewise.
3561 * pending-diagnostic.h: Likewise.
3562 * program-point.cc: Likewise.
3563 * program-point.h: Likewise.
3564 * program-state.cc: Likewise.
3565 * program-state.h: Likewise.
3566 * region-model.cc: Likewise.
3567 * region-model.h: Likewise.
3568 * sm-file.cc: Likewise.
3569 * sm-malloc.cc: Likewise.
3570 * sm-pattern-test.cc: Likewise.
3571 * sm-sensitive.cc: Likewise.
3572 * sm-signal.cc: Likewise.
3573 * sm-taint.cc: Likewise.
3574 * sm.cc: Likewise.
3575 * sm.h: Likewise.
3576 * state-purge.h: Likewise.
3577 * supergraph.cc: Likewise.
3578 * supergraph.h: Likewise.
3579
4f01e577
DM		 35802020-01-21 David Malcolm <dmalcolm@redhat.com>
3581
3582 PR analyzer/93352
3583 * region-model.cc (int_cmp): Rename to...
3584 (array_region::key_cmp): ...this, using key_t rather than int.
3585 Rewrite in terms of comparisons rather than subtraction to
3586 ensure qsort is anti-symmetric when handling extreme values.
3587 (array_region::walk_for_canonicalization): Update for above
3588 renaming.
3589 * region-model.h (array_region::key_cmp): New decl.
3590
07c86323
DM		 35912020-01-17 David Malcolm <dmalcolm@redhat.com>
3592
3593 PR analyzer/93290
3594 * region-model.cc (region_model::eval_condition_without_cm): Avoid
3595 gcc_unreachable for unexpected operations for the case where
3596 we're comparing an svalue against itself.
3597
5f030383
DM		 35982020-01-17 David Malcolm <dmalcolm@redhat.com>
3599
3600 PR analyzer/93281
3601 * region-model.cc
3602 (region_model::convert_byte_offset_to_array_index): Convert to
3603 ssizetype before dividing by byte_size. Use fold_binary rather
3604 than fold_build2 to avoid needlessly constructing a tree for the
3605 non-const case.
3606
49e9a999
DM		 36072020-01-15 David Malcolm <dmalcolm@redhat.com>
3608
3609 * engine.cc (class impl_region_model_context): Fix comment.
3610
32077b69
DM		 36112020-01-14 David Malcolm <dmalcolm@redhat.com>
3612
3613 PR analyzer/93212
3614 * region-model.cc (make_region_for_type): Use
3615 FUNC_OR_METHOD_TYPE_P rather than comparing against FUNCTION_TYPE.
3616 * region-model.h (function_region::function_region): Likewise.
3617
7fb3669e
DM		 36182020-01-14 David Malcolm <dmalcolm@redhat.com>
3619
3620 * program-state.cc (sm_state_map::clone_with_remapping): Copy
3621 m_global_state.
3622 (selftest::test_program_state_merging_2): New selftest.
3623 (selftest::analyzer_program_state_cc_tests): Call it.
3624
e2a538b1
DM		 36252020-01-14 David Malcolm <dmalcolm@redhat.com>
3626
3627 * checker-path.h (checker_path::get_checker_event): New function.
3628 (checker_path): Add DISABLE_COPY_AND_ASSIGN; make fields private.
3629 * diagnostic-manager.cc
3630 (diagnostic_manager::prune_for_sm_diagnostic): Replace direct
3631 access to checker_path::m_events with accessor functions. Fix
3632 overlong line.
3633 (diagnostic_manager::prune_interproc_events): Replace direct
3634 access to checker_path::m_events with accessor functions.
3635 (diagnostic_manager::finish_pruning): Likewise.
3636
94946989
DM		 36372020-01-14 David Malcolm <dmalcolm@redhat.com>
3638
3639 * checker-path.h (checker_event::clone): Delete vfunc decl.
3640 (debug_event::clone): Delete vfunc impl.
3641 (custom_event::clone): Delete vfunc impl.
3642 (statement_event::clone): Delete vfunc impl.
3643 (function_entry_event::clone): Delete vfunc impl.
3644 (state_change_event::clone): Delete vfunc impl.
3645 (start_cfg_edge_event::clone): Delete vfunc impl.
3646 (end_cfg_edge_event::clone): Delete vfunc impl.
3647 (call_event::clone): Delete vfunc impl.
3648 (return_event::clone): Delete vfunc impl.
3649 (setjmp_event::clone): Delete vfunc impl.
3650 (rewind_from_longjmp_event::clone): Delete vfunc impl.
3651 (rewind_to_setjmp_event::clone): Delete vfunc impl.
3652 (warning_event::clone): Delete vfunc impl.
3653
718930c0
DM		 36542020-01-14 David Malcolm <dmalcolm@redhat.com>
3655
3656 * supergraph.cc (supernode::dump_dot): Ensure that the TABLE
3657 element has at least one TR.
3658
8397af8e
DM		 36592020-01-14 David Malcolm <dmalcolm@redhat.com>
3660
3661 PR analyzer/58237
3662 * engine.cc (leak_stmt_finder::find_stmt): Use get_pure_location
3663 when comparing against UNKNOWN_LOCATION.
3664 (stmt_requires_new_enode_p): Likewise.
3665 (exploded_graph::dump_exploded_nodes): Likewise.
3666 * supergraph.cc (supernode::get_start_location): Likewise.
3667 (supernode::get_end_location): Likewise.
3668
697251b7
DM		 36692020-01-14 David Malcolm <dmalcolm@redhat.com>
3670
3671 PR analyzer/58237
3672 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
3673 selftest::analyzer_sm_file_cc_tests.
3674 * analyzer-selftests.h (selftest::analyzer_sm_file_cc_tests): New
3675 decl.
3676 * sm-file.cc: Include "analyzer/function-set.h" and
3677 "analyzer/analyzer-selftests.h".
3678 (get_file_using_fns): New function.
3679 (is_file_using_fn_p): New function.
3680 (fileptr_state_machine::on_stmt): Return true for known functions.
3681 (selftest::analyzer_sm_file_cc_tests): New function.
3682
4804c5fe
DM		 36832020-01-14 David Malcolm <dmalcolm@redhat.com>
3684
3685 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
3686 selftest::analyzer_sm_signal_cc_tests.
3687 * analyzer-selftests.h (selftest::analyzer_sm_signal_cc_tests):
3688 New decl.
3689 * sm-signal.cc: Include "analyzer/function-set.h" and
3690 "analyzer/analyzer-selftests.h".
3691 (get_async_signal_unsafe_fns): New function.
3692 (signal_unsafe_p): Reimplement in terms of the above.
3693 (selftest::analyzer_sm_signal_cc_tests): New function.
3694
a6b5f19c
DM		 36952020-01-14 David Malcolm <dmalcolm@redhat.com>
3696
3697 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
3698 selftest::analyzer_function_set_cc_tests.
3699 * analyzer-selftests.h (selftest::analyzer_function_set_cc_tests):
3700 New decl.
3701 * function-set.cc: New file.
3702 * function-set.h: New file.
3703
ef7827b0
DM		 37042020-01-14 David Malcolm <dmalcolm@redhat.com>
3705
3706 * analyzer.h (fndecl_has_gimple_body_p): New decl.
3707 * engine.cc (impl_region_model_context::on_unknown_change): New
3708 function.
3709 (fndecl_has_gimple_body_p): Make non-static.
3710 (exploded_node::on_stmt): Treat __analyzer_dump_exploded_nodes as
3711 known. Track whether we have a call with unknown side-effects and
3712 pass it to on_call_post.
3713 * exploded-graph.h (impl_region_model_context::on_unknown_change):
3714 New decl.
3715 * program-state.cc (sm_state_map::on_unknown_change): New function.
3716 * program-state.h (sm_state_map::on_unknown_change): New decl.
3717 * region-model.cc: Include "bitmap.h".
3718 (region_model::on_call_pre): Return a bool, capturing whether the
3719 call has unknown side effects.
3720 (region_model::on_call_post): Add arg "bool unknown_side_effects"
3721 and if true, call handle_unrecognized_call.
3722 (class reachable_regions): New class.
3723 (region_model::handle_unrecognized_call): New function.
3724 * region-model.h (region_model::on_call_pre): Return a bool.
3725 (region_model::on_call_post): Add arg "bool unknown_side_effects".
3726 (region_model::handle_unrecognized_call): New decl.
3727 (region_model_context::on_unknown_change): New vfunc.
3728 (test_region_model_context::on_unknown_change): New function.
3729
14f9d7b9
DM		 37302020-01-14 David Malcolm <dmalcolm@redhat.com>
3731
3732 * diagnostic-manager.cc (saved_diagnostic::operator==): Move here
3733 from header. Replace pointer equality test on m_var with call to
3734 pending_diagnostic::same_tree_p.
3735 * diagnostic-manager.h (saved_diagnostic::operator==): Move to
3736 diagnostic-manager.cc.
3737 * pending-diagnostic.cc (pending_diagnostic::same_tree_p): New.
3738 * pending-diagnostic.h (pending_diagnostic::same_tree_p): New.
3739 * sm-file.cc (file_diagnostic::subclass_equal_p): Replace pointer
3740 equality on m_arg with call to pending_diagnostic::same_tree_p.
3741 * sm-malloc.cc (malloc_diagnostic::subclass_equal_p): Likewise.
3742 (possible_null_arg::subclass_equal_p): Likewise.
3743 (null_arg::subclass_equal_p): Likewise.
3744 (free_of_non_heap::subclass_equal_p): Likewise.
3745 * sm-pattern-test.cc (pattern_match::operator==): Likewise.
3746 * sm-sensitive.cc (exposure_through_output_file::operator==):
3747 Likewise.
3748 * sm-taint.cc (tainted_array_index::operator==): Likewise.
3749
f474fbd5
DM		 37502020-01-14 David Malcolm <dmalcolm@redhat.com>
3751
3752 * diagnostic-manager.cc (dedupe_winners::add): Add logging
3753 of deduplication decisions made.
3754
757bf1df
DM		 37552020-01-14 David Malcolm <dmalcolm@redhat.com>
3756
3757 * ChangeLog: New file.
3758 * analyzer-selftests.cc: New file.
3759 * analyzer-selftests.h: New file.
3760 * analyzer.opt: New file.
3761 * analysis-plan.cc: New file.
3762 * analysis-plan.h: New file.
3763 * analyzer-logging.cc: New file.
3764 * analyzer-logging.h: New file.
3765 * analyzer-pass.cc: New file.
3766 * analyzer.cc: New file.
3767 * analyzer.h: New file.
3768 * call-string.cc: New file.
3769 * call-string.h: New file.
3770 * checker-path.cc: New file.
3771 * checker-path.h: New file.
3772 * constraint-manager.cc: New file.
3773 * constraint-manager.h: New file.
3774 * diagnostic-manager.cc: New file.
3775 * diagnostic-manager.h: New file.
3776 * engine.cc: New file.
3777 * engine.h: New file.
3778 * exploded-graph.h: New file.
3779 * pending-diagnostic.cc: New file.
3780 * pending-diagnostic.h: New file.
3781 * program-point.cc: New file.
3782 * program-point.h: New file.
3783 * program-state.cc: New file.
3784 * program-state.h: New file.
3785 * region-model.cc: New file.
3786 * region-model.h: New file.
3787 * sm-file.cc: New file.
3788 * sm-malloc.cc: New file.
3789 * sm-malloc.dot: New file.
3790 * sm-pattern-test.cc: New file.
3791 * sm-sensitive.cc: New file.
3792 * sm-signal.cc: New file.
3793 * sm-taint.cc: New file.
3794 * sm.cc: New file.
3795 * sm.h: New file.
3796 * state-purge.cc: New file.
3797 * state-purge.h: New file.
3798 * supergraph.cc: New file.
3799 * supergraph.h: New file.
3800
38012019-12-13 David Malcolm <dmalcolm@redhat.com>
3802
3803 * Initial creation
3804
3805\f
3806Copyright (C) 2019-2020 Free Software Foundation, Inc.
3807
3808Copying and distribution of this file, with or without modification,
3809are permitted in any medium without royalty provided the copyright
3810notice and this notice are preserved.
Mirror of https://gcc.gnu.org/git/gcc.git