]> git.ipfire.org Git - thirdparty/gcc.git/blame - gcc/analyzer/ChangeLog
projects / thirdparty / gcc.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
c++: Add testcase for already fixed PR97105
[thirdparty/gcc.git] / gcc / analyzer / ChangeLog
CommitLineData
ecde1b0a
GA		 12020-09-16 David Malcolm <dmalcolm@redhat.com>
2
3 * engine.cc (strongly_connected_components::strong_connect): Only
4 consider intraprocedural edges when creating SCCs.
5 (worklist::key_t::cmp): Add comment. Treat call_string
6 differences as more important than differences of program_point
7 within a supernode.
8
92020-09-16 David Malcolm <dmalcolm@redhat.com>
10
11 * engine.cc (supernode_cluster::dump_dot): Show the SCC id
12 in the per-supernode clusters in FILENAME.eg.dot output.
13 (exploded_graph_annotator::add_node_annotations):
14 Show the SCC of the supernode in FILENAME.supernode.eg.dot output.
15 * exploded-graph.h (worklist::scc_id): New.
16 (exploded_graph::get_scc_id): New.
17
182020-09-16 David Malcolm <dmalcolm@redhat.com>
19
20 * engine.cc (exploded_node::dump_dot): Show STATUS_BULK_MERGED.
21 (exploded_graph::process_worklist): Call
22 maybe_process_run_of_before_supernode_enodes.
23 (exploded_graph::maybe_process_run_of_before_supernode_enodes):
24 New.
25 (exploded_graph_annotator::print_enode): Show STATUS_BULK_MERGED.
26 * exploded-graph.h (enum exploded_node::status): Add
27 STATUS_BULK_MERGED.
28
292020-09-16 David Malcolm <dmalcolm@redhat.com>
30
31 * engine.cc
32 (exploded_graph::process_node) <case PK_BEFORE_SUPERNODE>:
33 Simplify by using program_point::get_next.
34 * program-point.cc (program_point::get_next): New.
35 * program-point.h (program_point::get_next): New decl.
36
372020-09-16 David Malcolm <dmalcolm@redhat.com>
38
39 * engine.cc (exploded_graph::get_or_create_node): Show the
40 program point when issuing -Wanalyzer-too-complex due to hitting
41 the per-program-point limit.
42
432020-09-16 David Malcolm <dmalcolm@redhat.com>
44
45 * region-model.cc (region_model::on_call_pre): Treat getchar as
46 having no side-effects.
47
9f7ab8c5
GA		 482020-09-15 David Malcolm <dmalcolm@redhat.com>
49
50 PR analyzer/96650
51 * constraint-manager.cc (merger_fact_visitor::on_fact): Replace
52 assertion that add_constraint succeeded with an assertion that
53 if it fails, -fanalyzer-transitivity is off.
54
50a71cd0
GA		 552020-09-14 David Malcolm <dmalcolm@redhat.com>
56
57 * analyzer.opt (-param=analyzer-max-constraints=): New param.
58 * constraint-manager.cc
59 (constraint_manager::add_constraint_internal): Silently reject
60 attempts to add constraints when the above limit is reached.
61
622020-09-14 David Malcolm <dmalcolm@redhat.com>
63
64 PR analyzer/96653
65 * constraint-manager.cc
66 (constraint_manager::get_or_add_equiv_class): Don't accumulate
67 transitive closure of all constraints on constants.
68
692020-09-14 David Malcolm <dmalcolm@redhat.com>
70
71 PR analyzer/97029
72 * analyzer.cc (is_setjmp_call_p): Require the initial arg to be a
73 pointer.
74 * region-model.cc (region_model::deref_rvalue): Assert that the
75 svalue is of pointer type.
76
ac35c090
GA		 772020-09-11 David Malcolm <dmalcolm@redhat.com>
78
79 PR analyzer/96798
80 * region-model-impl-calls.cc (region_model::impl_call_memcpy):
81 New.
82 (region_model::impl_call_strcpy): New.
83 * region-model.cc (region_model::on_call_pre): Flag unhandled
84 builtins that are non-pure as having unknown side-effects.
85 Implement BUILT_IN_MEMCPY, BUILT_IN_MEMCPY_CHK, BUILT_IN_STRCPY,
86 BUILT_IN_STRCPY_CHK, BUILT_IN_FPRINTF, BUILT_IN_FPRINTF_UNLOCKED,
87 BUILT_IN_PUTC, BUILT_IN_PUTC_UNLOCKED, BUILT_IN_FPUTC,
88 BUILT_IN_FPUTC_UNLOCKED, BUILT_IN_FPUTS, BUILT_IN_FPUTS_UNLOCKED,
89 BUILT_IN_FWRITE, BUILT_IN_FWRITE_UNLOCKED, BUILT_IN_PRINTF,
90 BUILT_IN_PRINTF_UNLOCKED, BUILT_IN_PUTCHAR,
91 BUILT_IN_PUTCHAR_UNLOCKED, BUILT_IN_PUTS, BUILT_IN_PUTS_UNLOCKED,
92 BUILT_IN_VFPRINTF, BUILT_IN_VPRINTF.
93 * region-model.h (region_model::impl_call_memcpy): New decl.
94 (region_model::impl_call_strcpy): New decl.
95
80f86e78
GA		 962020-09-09 David Malcolm <dmalcolm@redhat.com>
97
98 PR analyzer/94355
99 * analyzer.opt (Wanalyzer-mismatching-deallocation): New warning.
100 * region-model-impl-calls.cc
101 (region_model::impl_call_operator_new): New.
102 (region_model::impl_call_operator_delete): New.
103 * region-model.cc (region_model::on_call_pre): Detect operator new
104 and operator delete.
105 (region_model::on_call_post): Likewise.
106 (region_model::maybe_update_for_edge): Detect EH edges and call...
107 (region_model::apply_constraints_for_exception): New function.
108 * region-model.h (region_model::impl_call_operator_new): New decl.
109 (region_model::impl_call_operator_delete): New decl.
110 (region_model::apply_constraints_for_exception): New decl.
111 * sm-malloc.cc (enum resource_state): New.
112 (struct allocation_state): New state subclass.
113 (enum wording): New.
114 (struct api): New.
115 (malloc_state_machine::custom_data_t): New typedef.
116 (malloc_state_machine::add_state): New decl.
117 (malloc_state_machine::m_unchecked)
118 (malloc_state_machine::m_nonnull)
119 (malloc_state_machine::m_freed): Delete these states in favor
120 of...
121 (malloc_state_machine::m_malloc)
122 (malloc_state_machine::m_scalar_new)
123 (malloc_state_machine::m_vector_new): ...this new api instances,
124 which own their own versions of these states.
125 (malloc_state_machine::on_allocator_call): New decl.
126 (malloc_state_machine::on_deallocator_call): New decl.
127 (api::api): New ctor.
128 (dyn_cast_allocation_state): New.
129 (as_a_allocation_state): New.
130 (get_rs): New.
131 (unchecked_p): New.
132 (nonnull_p): New.
133 (freed_p): New.
134 (malloc_diagnostic::describe_state_change): Use unchecked_p and
135 nonnull_p.
136 (class mismatching_deallocation): New.
137 (double_free::double_free): Add funcname param for initializing
138 m_funcname.
139 (double_free::emit): Use m_funcname in warning message rather
140 than hardcoding "free".
141 (double_free::describe_state_change): Likewise. Use freed_p.
142 (double_free::describe_call_with_state): Use freed_p.
143 (double_free::describe_final_event): Use m_funcname in message
144 rather than hardcoding "free".
145 (double_free::m_funcname): New field.
146 (possible_null::describe_state_change): Use unchecked_p.
147 (possible_null::describe_return_of_state): Likewise.
148 (use_after_free::use_after_free): Add param for initializing m_api.
149 (use_after_free::emit): Use m_api->m_dealloc_funcname in message
150 rather than hardcoding "free".
151 (use_after_free::describe_state_change): Use freed_p. Change the
152 wording of the message based on the API.
153 (use_after_free::describe_final_event): Use
154 m_api->m_dealloc_funcname in message rather than hardcoding
155 "free". Change the wording of the message based on the API.
156 (use_after_free::m_api): New field.
157 (malloc_leak::describe_state_change): Use unchecked_p. Update
158 for renaming of m_malloc_event to m_alloc_event.
159 (malloc_leak::describe_final_event): Update for renaming of
160 m_malloc_event to m_alloc_event.
161 (malloc_leak::m_malloc_event): Rename...
162 (malloc_leak::m_alloc_event): ...to this.
163 (free_of_non_heap::free_of_non_heap): Add param for initializing
164 m_funcname.
165 (free_of_non_heap::emit): Use m_funcname in message rather than
166 hardcoding "free".
167 (free_of_non_heap::describe_final_event): Likewise.
168 (free_of_non_heap::m_funcname): New field.
169 (allocation_state::dump_to_pp): New.
170 (allocation_state::get_nonnull): New.
171 (malloc_state_machine::malloc_state_machine): Update for changes
172 to state fields and new api fields.
173 (malloc_state_machine::add_state): New.
174 (malloc_state_machine::on_stmt): Move malloc/calloc handling to
175 on_allocator_call and call it, passing in the API pointer.
176 Likewise for free, moving it to on_deallocator_call. Handle calls
177 to operator new and delete in an analogous way. Use unchecked_p
178 when testing for possibly-null-arg and possibly-null-deref, and
179 transition to the non-null for the correct API. Remove redundant
180 node param from call to on_zero_assignment. Use freed_p for
181 use-after-free check, and pass in API.
182 (malloc_state_machine::on_allocator_call): New, based on code in
183 on_stmt.
184 (malloc_state_machine::on_deallocator_call): Likewise.
185 (malloc_state_machine::on_phi): Mark node param with
186 ATTRIBUTE_UNUSED; don't pass it to on_zero_assignment.
187 (malloc_state_machine::on_condition): Mark node param with
188 ATTRIBUTE_UNUSED. Replace on_transition calls with get_state and
189 set_next_state pairs, transitioning to the non-null state for the
190 appropriate API.
191 (malloc_state_machine::can_purge_p): Port to new state approach.
192 (malloc_state_machine::on_zero_assignment): Replace on_transition
193 calls with get_state and set_next_state pairs. Drop redundant
194 node param.
195 * sm.h (state_machine::add_custom_state): New.
196
1972020-09-09 David Malcolm <dmalcolm@redhat.com>
198
199 * diagnostic-manager.cc
200 (null_assignment_sm_context::warn_for_state): Replace with...
201 (null_assignment_sm_context::warn): ...this.
202 * engine.cc (impl_sm_context::warn_for_state): Replace with...
203 (impl_sm_context::warn): ...this.
204 * sm-file.cc (fileptr_state_machine::on_stmt): Replace
205 warn_for_state and on_transition calls with a get_state
206 test guarding warn and set_next_state calls.
207 * sm-malloc.cc (malloc_state_machine::on_stmt): Likewise.
208 * sm-pattern-test.cc (pattern_test_state_machine::on_condition):
209 Replace warn_for_state call with warn call.
210 * sm-sensitive.cc
211 (sensitive_state_machine::warn_for_any_exposure): Replace
212 warn_for_state call with a get_state test guarding a warn call.
213 * sm-signal.cc (signal_state_machine::on_stmt): Likewise.
214 * sm-taint.cc (taint_state_machine::on_stmt): Replace
215 warn_for_state and on_transition calls with a get_state
216 test guarding warn and set_next_state calls.
217 * sm.h (sm_context::warn_for_state): Replace with...
218 (sm_context::warn): ...this.
219
2202020-09-09 David Malcolm <dmalcolm@redhat.com>
221
222 * diagnostic-manager.cc
223 (null_assignment_sm_context::null_assignment_sm_context): Add old_state
224 and ext_state params, initializing m_old_state and m_ext_state.
225 (null_assignment_sm_context::on_transition): Split into...
226 (null_assignment_sm_context::get_state): ...this new vfunc
227 implementation and...
228 (null_assignment_sm_context::set_next_state): ...this new vfunc
229 implementation.
230 (null_assignment_sm_context::m_old_state): New field.
231 (null_assignment_sm_context::m_ext_state): New field.
232 (diagnostic_manager::add_events_for_eedge): Pass in old state and
233 ext_state when creating sm_ctxt.
234 * engine.cc (impl_sm_context::on_transition): Split into...
235 (impl_sm_context::get_state): ...this new vfunc
236 implementation and...
237 (impl_sm_context::set_next_state): ...this new vfunc
238 implementation.
239 * sm.h (sm_context::get_state): New pure virtual function.
240 (sm_context::set_next_state): Likewise.
241 (sm_context::on_transition): Convert from a pure virtual function
242 to a regular function implemented in terms of get_state and
243 set_next_state.
244
2452020-09-09 David Malcolm <dmalcolm@redhat.com>
246
247 * checker-path.cc (state_change_event::get_desc): Update
248 state_machine::get_state_name calls to state::get_name.
249 (warning_event::get_desc): Likewise.
250 * diagnostic-manager.cc
251 (null_assignment_sm_context::on_transition): Update comparison
252 against 0 with comparison with m_sm.get_start_state.
253 (diagnostic_manager::prune_for_sm_diagnostic): Update
254 state_machine::get_state_name calls to state::get_name.
255 * engine.cc (impl_sm_context::on_transition): Likewise.
256 (exploded_node::get_dot_fillcolor): Use get_id when summing
257 the sm states.
258 * program-state.cc (sm_state_map::sm_state_map): Don't hardcode
259 0 as the start state when initializing m_global_state.
260 (sm_state_map::print): Use dump_to_pp rather than get_state_name
261 when dumping states.
262 (sm_state_map::is_empty_p): Don't hardcode 0 as the start state
263 when examining m_global_state.
264 (sm_state_map::hash): Use get_id when hashing states.
265 (selftest::test_sm_state_map): Use state objects rather than
266 arbitrary hardcoded integers.
267 (selftest::test_program_state_merging): Likewise.
268 (selftest::test_program_state_merging_2): Likewise.
269 * sm-file.cc (fileptr_state_machine::m_start): Move to base class.
270 (file_diagnostic::describe_state_change): Use get_start_state.
271 (fileptr_state_machine::fileptr_state_machine): Drop m_start
272 initialization.
273 * sm-malloc.cc (malloc_state_machine::m_start): Move to base
274 class.
275 (malloc_diagnostic::describe_state_change): Use get_start_state.
276 (possible_null::describe_state_change): Likewise.
277 (malloc_state_machine::malloc_state_machine): Drop m_start
278 initialization.
279 * sm-pattern-test.cc (pattern_test_state_machine::m_start): Move
280 to base class.
281 (pattern_test_state_machine::pattern_test_state_machine): Drop
282 m_start initialization.
283 * sm-sensitive.cc (sensitive_state_machine::m_start): Move to base
284 class.
285 (sensitive_state_machine::sensitive_state_machine): Drop m_start
286 initialization.
287 * sm-signal.cc (signal_state_machine::m_start): Move to base
288 class.
289 (signal_state_machine::signal_state_machine): Drop m_start
290 initialization.
291 * sm-taint.cc (taint_state_machine::m_start): Move to base class.
292 (taint_state_machine::taint_state_machine): Drop m_start
293 initialization.
294 * sm.cc (state_machine::state::dump_to_pp): New.
295 (state_machine::state_machine): Move here from sm.h. Initialize
296 m_next_state_id and m_start.
297 (state_machine::add_state): Reimplement in terms of state objects.
298 (state_machine::get_state_name): Delete.
299 (state_machine::get_state_by_name): Reimplement in terms of state
300 objects. Make const.
301 (state_machine::validate): Delete.
302 (state_machine::dump_to_pp): Reimplement in terms of state
303 objects.
304 * sm.h (state_machine::state): New class.
305 (state_machine::state_t): Convert typedef from "unsigned" to
306 "const state_machine::state *".
307 (state_machine::state_machine): Move to sm.cc.
308 (state_machine::get_default_state): Use m_start rather than
309 hardcoding 0.
310 (state_machine::get_state_name): Delete.
311 (state_machine::get_state_by_name): Make const.
312 (state_machine::get_start_state): New accessor.
313 (state_machine::alloc_state_id): New.
314 (state_machine::m_state_names): Drop in favor of...
315 (state_machine::m_states): New field
316 (state_machine::m_start): New field
317 (start_start_p): Delete.
318
31a05046
GA		 3192020-09-08 David Malcolm <dmalcolm@redhat.com>
320
321 PR analyzer/96949
322 * store.cc (binding_map::apply_ctor_val_to_range): Add
323 error-handling for the cases where we have symbolic offsets.
324
3252020-09-08 David Malcolm <dmalcolm@redhat.com>
326
327 PR analyzer/96950
328 * store.cc (binding_map::apply_ctor_to_region): Handle RANGE_EXPR
329 where min_index == max_index.
330 (binding_map::apply_ctor_val_to_range): Replace assertion that we
331 don't have a CONSTRUCTOR value with error-handling.
332
3332020-09-08 David Malcolm <dmalcolm@redhat.com>
334
335 PR analyzer/96962
336 * region-model.cc (region_model::on_call_pre): Fix guard on switch
337 on built-ins to only consider BUILT_IN_NORMAL, rather than other
338 kinds of build-ins.
339
e1a4a8a0
GA		 3402020-09-01 David Malcolm <dmalcolm@redhat.com>
341
342 PR analyzer/96792
343 * region-model.cc (region_model::deref_rvalue): Add the constraint
344 that PTR_SVAL is non-NULL.
345
13e4ba28
GA		 3462020-08-31 David Malcolm <dmalcolm@redhat.com>
347
348 PR analyzer/96798
349 * region-model.cc (region_model::on_call_pre): Handle
350 BUILT_IN_MEMSET_CHK.
351
3522020-08-31 David Malcolm <dmalcolm@redhat.com>
353
354 * region-model.cc (region_model::on_call_pre): Gather handling of
355 builtins and of internal fns into switch statements. Handle
356 "alloca" and BUILT_IN_ALLOCA_WITH_ALIGN.
357
3582020-08-31 David Malcolm <dmalcolm@redhat.com>
359
360 PR analyzer/96860
361 * region.cc (decl_region::get_svalue_for_constructor): Support
362 apply_ctor_to_region failing.
363 * store.cc (binding_map::apply_ctor_to_region): Add failure
364 handling.
365 (binding_map::apply_ctor_val_to_range): Likewise.
366 (binding_map::apply_ctor_pair_to_child_region): Likewise. Replace
367 assertion that child_base_offset is not symbolic with error
368 handling.
369 * store.h (binding_map::apply_ctor_to_region): Convert return type
370 from void to bool.
371 (binding_map::apply_ctor_val_to_range): Likewise.
372 (binding_map::apply_ctor_pair_to_child_region): Likewise.
373
3742020-08-31 David Malcolm <dmalcolm@redhat.com>
375
376 PR analyzer/96763
377 * store.cc (binding_map::apply_ctor_to_region): Handle RANGE_EXPR
378 by calling a new binding_map::apply_ctor_val_to_range subroutine.
379 Split out the existing non-CONSTRUCTOR-handling code to a new
380 apply_ctor_pair_to_child_region subroutine.
381 (binding_map::apply_ctor_val_to_range): New.
382 (binding_map::apply_ctor_pair_to_child_region): New, split out
383 from binding_map::apply_ctor_to_region as noted above.
384 * store.h (binding_map::apply_ctor_val_to_range): New decl.
385 (binding_map::apply_ctor_pair_to_child_region): New decl.
386
3872020-08-31 David Malcolm <dmalcolm@redhat.com>
388
389 PR analyzer/96764
390 * region-model-manager.cc
391 (region_model_manager::maybe_fold_unaryop): Handle VIEW_CONVERT_EXPR.
392 (region_model_manager::get_or_create_cast): Move logic for
393 real->integer casting to...
394 (get_code_for_cast): ...this new function, and add logic for
395 real->non-integer casts.
396 (region_model_manager::maybe_fold_sub_svalue): Handle
397 VIEW_CONVERT_EXPR.
398 * region-model.cc
399 (region_model::add_any_constraints_from_gassign): Likewise.
400 * svalue.cc (svalue::maybe_undo_cast): Likewise.
401 (unaryop_svalue::dump_to_pp): Likewise.
402
57ea0894
GA		 4032020-08-26 David Malcolm <dmalcolm@redhat.com>
404
405 PR analyzer/94858
406 * region-model-manager.cc
407 (region_model_manager::get_or_create_widening_svalue): Assert that
408 neither of the inputs are themselves widenings.
409 * store.cc (store::eval_alias_1): The initial value of a pointer
410 can't point to a region that was allocated on the heap after the
411 beginning of the path. A widened pointer value can't alias anything
412 that the initial pointer value can't alias.
413 * svalue.cc (svalue::can_merge_p): Merge BINOP (X, OP, CST) with X
414 to a widening svalue. Merge
415 BINOP(WIDENING(BASE, BINOP(BASE, X)), X) and BINOP(BASE, X) to
416 to the LHS of the first BINOP.
417
4182020-08-26 David Malcolm <dmalcolm@redhat.com>
419
420 PR analyzer/96777
421 * region-model.h (class compound_svalue): Document that all keys
422 must be concrete.
423 (compound_svalue::compound_svalue): Move definition to svalue.cc.
424 * store.cc (binding_map::apply_ctor_to_region): Handle
425 initializers for trailing arrays with incomplete size.
426 * svalue.cc (compound_svalue::compound_svalue): Move definition
427 here from region-model.h. Add assertion that all keys are
428 concrete.
429
e769f970
GA		 4302020-08-22 David Malcolm <dmalcolm@redhat.com>
431
432 PR analyzer/94851
433 * region-model-manager.cc
434 (region_model_manager::maybe_fold_binop): Fold bitwise "& 0" to 0.
435
4362020-08-22 David Malcolm <dmalcolm@redhat.com>
437
438 * store.cc (store::eval_alias): Make const. Split out 2nd half
439 into store::eval_alias_1 and call it twice for symmetry, avoiding
440 test duplication.
441 (store::eval_alias_1): New function, split out from the above.
442 * store.h (store::eval_alias): Make const.
443 (store::eval_alias_1): New decl.
444
4452020-08-22 David Malcolm <dmalcolm@redhat.com>
446
447 * region-model.cc (region_model::push_frame): Bind the default
448 SSA name for each parm if it exists, falling back to the parm
449 itself otherwise, rather than doing both.
450
5b9a3d2a
GA		 4512020-08-20 David Malcolm <dmalcolm@redhat.com>
452
453 PR analyzer/96723
454 * region-model-manager.cc
455 (region_model_manager::get_field_region): Assert that field is a
456 FIELD_DECL.
457 * region.cc (region::get_subregions_for_binding): In
458 union-handling, filter the TYPE_FIELDS traversal to just FIELD_DECLs.
459
4602020-08-20 David Malcolm <dmalcolm@redhat.com>
461
462 PR analyzer/96713
463 * region-model.cc (region_model::get_gassign_result): For
464 comparisons, only use eval_condition when the lhs has boolean
465 type, and use get_or_create_constant_svalue on the boolean
466 constants directly rather than via get_rvalue.
467
04e23a40
GA		 4682020-08-19 David Malcolm <dmalcolm@redhat.com>
469
470 PR analyzer/96643
471 * region-model.cc (region_model::deref_rvalue): Rather than
472 attempting to handle all svalue kinds in the switch, only cover
473 the special cases, and move symbolic-region handling to after
474 the switch, thus implicitly handling the missing case SK_COMPOUND.
475
4762020-08-19 David Malcolm <dmalcolm@redhat.com>
477
478 PR analyzer/96705
479 * region-model-manager.cc
480 (region_model_manager::maybe_fold_binop): Check that we have an
481 integral type before calling build_int_cst.
482
4832020-08-19 David Malcolm <dmalcolm@redhat.com>
484
485 PR analyzer/96699
486 * region-model-manager.cc
487 (region_model_manager::get_or_create_cast): Use FIX_TRUNC_EXPR for
488 casting from REAL_TYPE to INTEGER_TYPE.
489
4902020-08-19 David Malcolm <dmalcolm@redhat.com>
491
492 PR analyzer/96651
493 * region-model.cc (region_model::called_from_main_p): New.
494 (region_model::get_store_value): Move handling for globals into...
495 (region_model::get_initial_value_for_global): ...this new
496 function, and add logic for extracting values from decl
497 initializers.
498 * region-model.h (decl_region::get_svalue_for_constructor): New
499 decl.
500 (decl_region::get_svalue_for_initializer): New decl.
501 (region_model::called_from_main_p): New decl.
502 (region_model::get_initial_value_for_global): New.
503 * region.cc (decl_region::maybe_get_constant_value): Move logic
504 for getting an svalue from a CONSTRUCTOR node to...
505 (decl_region::get_svalue_for_constructor): ...this new function.
506 (decl_region::get_svalue_for_initializer): New.
507 * store.cc (get_svalue_for_ctor_val): Rewrite in terms of
508 region_model::get_rvalue.
509 * store.h (binding_cluster::get_map): New accessor.
510
5112020-08-19 David Malcolm <dmalcolm@redhat.com>
512
513 PR analyzer/96648
514 * region.cc (get_field_at_bit_offset): Gracefully handle negative
515 values for bit_offset.
516
5c265693
GA		 5172020-08-18 David Malcolm <dmalcolm@redhat.com>
518
519 * region-model.cc (region_model::get_rvalue_1): Fix name of local.
520
5212020-08-18 David Malcolm <dmalcolm@redhat.com>
522
523 PR analyzer/96641
524 * region-model.cc (region_model::get_rvalue_1): Handle
525 unrecognized tree codes by returning "UNKNOWN.
526
5272020-08-18 David Malcolm <dmalcolm@redhat.com>
528
529 PR analyzer/96640
530 * region-model.cc (region_model::get_gassign_result): Handle various
531 VEC_* tree codes by returning UNKNOWN.
532 (region_model::on_assignment): Handle unrecognized tree codes by
533 setting lhs to an unknown value, rather than issuing a "sorry" and
534 asserting.
535
deee2322
GA		 5362020-08-17 David Malcolm <dmalcolm@redhat.com>
537
538 PR analyzer/96644
539 * region-model-manager.cc (get_region_for_unexpected_tree_code):
540 Handle ctxt being NULL.
541
5422020-08-17 David Malcolm <dmalcolm@redhat.com>
543
544 PR analyzer/96639
545 * region.cc (region::get_subregions_for_binding): Check for "type"
546 being NULL.
547
5482020-08-17 David Malcolm <dmalcolm@redhat.com>
549
550 PR analyzer/96642
551 * store.cc (get_svalue_for_ctor_val): New.
552 (binding_map::apply_ctor_to_region): Call it.
553
661ee09b
GA		 5542020-08-14 David Malcolm <dmalcolm@redhat.com>
555
556 PR testsuite/96609
557 PR analyzer/96616
558 * region-model.cc (region_model::get_store_value): Call
559 maybe_get_constant_value on decl_regions first.
560 * region-model.h (decl_region::maybe_get_constant_value): New decl.
561 * region.cc (decl_region::get_stack_depth): Likewise.
562 (decl_region::maybe_get_constant_value): New.
563 * store.cc (get_subregion_within_ctor): New.
564 (binding_map::apply_ctor_to_region): New.
565 * store.h (binding_map::apply_ctor_to_region): New decl.
566
5672020-08-14 David Malcolm <dmalcolm@redhat.com>
568
569 PR analyzer/96611
570 * store.cc (store::mark_as_escaped): Reject attempts to
571 get a cluster for an unknown pointer.
572
b3cb5606
GA		 5732020-08-13 David Malcolm <dmalcolm@redhat.com>
574
5afd1882
ML		 575 PR analyzer/93032
576 PR analyzer/93938
577 PR analyzer/94011
578 PR analyzer/94099
579 PR analyzer/94399
580 PR analyzer/94458
581 PR analyzer/94503
582 PR analyzer/94640
583 PR analyzer/94688
584 PR analyzer/94689
585 PR analyzer/94839
586 PR analyzer/95026
587 PR analyzer/95042
588 PR analyzer/95240
b3cb5606
GA		 589 * analyzer-logging.cc: Ignore "-Wformat-diag".
590 (logger::enter_scope): Use inc_indent in both overloads.
591 (logger::exit_scope): Use dec_indent.
592 * analyzer-logging.h (logger::inc_indent): New.
593 (logger::dec_indent): New.
594 * analyzer-selftests.cc (run_analyzer_selftests): Call
595 analyzer_store_cc_tests.
596 * analyzer-selftests.h (analyzer_store_cc_tests): New decl.
597 * analyzer.cc (get_stmt_location): New function.
598 * analyzer.h (class initial_svalue): New forward decl.
599 (class unaryop_svalue): New forward decl.
600 (class binop_svalue): New forward decl.
601 (class sub_svalue): New forward decl.
602 (class unmergeable_svalue): New forward decl.
603 (class placeholder_svalue): New forward decl.
604 (class widening_svalue): New forward decl.
605 (class compound_svalue): New forward decl.
606 (class conjured_svalue): New forward decl.
607 (svalue_set): New typedef.
608 (class map_region): Delete.
609 (class array_region): Delete.
610 (class frame_region): New forward decl.
611 (class function_region): New forward decl.
612 (class label_region): New forward decl.
613 (class decl_region): New forward decl.
614 (class element_region): New forward decl.
615 (class offset_region): New forward decl.
616 (class cast_region): New forward decl.
617 (class field_region): New forward decl.
618 (class string_region): New forward decl.
619 (class region_model_manager): New forward decl.
620 (class store_manager): New forward decl.
621 (class store): New forward decl.
622 (class call_details): New forward decl.
623 (struct svalue_id_merger_mapping): Delete.
624 (struct canonicalization): Delete.
625 (class function_point): New forward decl.
626 (class engine): New forward decl.
627 (dump_tree): New function decl.
628 (print_quoted_type): New function decl.
629 (readability_comparator): New function decl.
630 (tree_cmp): New function decl.
631 (class path_var): Move here from region-model.h
632 (bit_offset_t, bit_size_t, byte_size_t): New typedefs.
633 (class region_offset): New class.
634 (get_stmt_location): New decl.
635 (struct member_function_hash_traits): New struct.
636 (class consolidation_map): New class.
637 Ignore "-Wformat-diag".
638 * analyzer.opt (-param=analyzer-max-svalue-depth=): New param.
639 (-param=analyzer-max-enodes-for-full-dump=): New param.
640 * call-string.cc: Ignore -Wformat-diag.
641 * checker-path.cc: Move includes of "analyzer/call-string.h" and
642 "analyzer/program-point.h" to before "analyzer/region-model.h",
643 and also include "analyzer/store.h" before it.
644 (state_change_event::state_change_event): Replace "tree var" param
645 with "const svalue *sval". Convert "origin" param from tree to
646 "const svalue *".
647 (state_change_event::get_desc): Call get_representative_tree to
648 convert the var and origin from const svalue * to tree. Use
649 svalue::get_desc rather than %qE when describing state changes.
650 (checker_path::add_final_event): Use get_stmt_location.
651 * checker-path.h (state_change_event::state_change_event): Port
652 from tree to const svalue *.
653 (state_change_event::get_lvalue): Delete.
654 (state_change_event::get_dest_function): New.
655 (state_change_event::m_var): Replace with...
656 (state_change_event::m_sval): ...this.
657 (state_change_event::m_origin): Convert from tree to
658 const svalue *.
659 * constraint-manager.cc: Include "analyzer/call-string.h",
660 "analyzer/program-point.h", and "analyzer/store.h" before
661 "analyzer/region-model.h".
662 (struct bound, struct range): Move to constraint-manager.h.
663 (compare_constants): New function.
664 (range::dump): Rename to...
665 (range::dump_to_pp): ...this. Support NULL constants.
666 (range::dump): Reintroduce for dumping to stderr.
667 (range::constrained_to_single_element): Return result, rather than
668 writing to *OUT.
669 (range::eval_condition): New.
670 (range::below_lower_bound): New.
671 (range::above_upper_bound): New.
672 (equiv_class::equiv_class): Port from svalue_id to const svalue *.
673 (equiv_class::print): Likewise.
674 (equiv_class::hash): Likewise.
675 (equiv_class::operator==): Port from svalue_id to const svalue *.
676 (equiv_class::add): Port from svalue_id to const svalue *. Drop
677 "cm" param.
678 (equiv_class::del): Port from svalue_id to const svalue *.
679 (equiv_class::get_representative): Likewise.
680 (equiv_class::remap_svalue_ids): Delete.
681 (svalue_id_cmp_by_id): Rename to...
682 (svalue_cmp_by_ptr): ...this, porting from svalue_id to
683 const svalue *.
684 (equiv_class::canonicalize): Update qsort comparator.
685 (constraint::implied_by): New.
686 (constraint_manager::constraint_manager): Copy m_mgr in copy ctor.
687 (constraint_manager::dump_to_pp): Add "multiline" param
688 (constraint_manager::dump): Pass "true" for "multiline".
689 (constraint_manager::add_constraint): Port from svalue_id to
690 const svalue *. Split out second part into...
691 (constraint_manager::add_unknown_constraint): ...this new
692 function. Remove self-constraints when merging equivalence
693 classes.
694 (constraint_manager::add_constraint_internal): Remove constraints
695 that would be implied by the new constraint. Port from svalue_id
696 to const svalue *.
697 (constraint_manager::get_equiv_class_by_sid): Rename to...
698 (constraint_manager::get_equiv_class_by_svalue): ...this, porting
699 from svalue_id to const svalue *.
700 (constraint_manager::get_or_add_equiv_class): Port from svalue_id
701 to const svalue *.
702 (constraint_manager::eval_condition): Make const. Call
703 compare_constants and return early if it provides a known result.
704 (constraint_manager::get_ec_bounds): New.
705 (constraint_manager::eval_condition): New overloads. Make
706 existing one const, and use compare_constants.
707 (constraint_manager::purge): Convert "p" param to a template
708 rather that an abstract base class. Port from svalue_id to
709 const svalue *.
710 (class dead_svalue_purger): New class.
711 (constraint_manager::remap_svalue_ids): Delete.
712 (constraint_manager::on_liveness_change): New.
713 (equiv_class_cmp): Port from svalue_id to const svalue *.
714 (constraint_manager::canonicalize): Likewise. Combine with
715 purging of redundant equivalence classes and constraints.
716 (class cleaned_constraint_manager): Delete.
717 (class merger_fact_visitor): Make "m_cm_b" const. Add "m_merger"
718 field.
719 (merger_fact_visitor::fact): Port from svalue_id to const svalue *.
720 Add special case for widening.
721 (constraint_manager::merge): Port from svalue_id to const svalue *.
722 (constraint_manager::clean_merger_input): Delete.
723 (constraint_manager::for_each_fact): Port from svalue_id to
724 const svalue *.
725 (constraint_manager::validate): Likewise.
726 (selftest::test_constraint_conditions): Provide a
727 region_model_manager when creating region_model instances.
728 Add test for self-equality not creating equivalence classes.
729 (selftest::test_transitivity): Provide a region_model_manager when
730 creating region_model instances. Verify that EC-merging happens
731 when constraints are implied.
732 (selftest::test_constant_comparisons): Provide a
733 region_model_manager when creating region_model instances.
734 (selftest::test_constraint_impl): Likewise. Remove over-specified
735 assertions.
736 (selftest::test_equality): Provide a region_model_manager when
737 creating region_model instances.
738 (selftest::test_many_constants): Likewise. Provide a
739 program_point when testing merging.
740 (selftest::run_constraint_manager_tests): Move call to
741 test_constant_comparisons to outside the transitivity guard.
742 * constraint-manager.h (struct bound): Move here from
743 constraint-manager.cc.
744 (struct range): Likewise.
745 (struct::eval_condition): New decl.
746 (struct::below_lower_bound): New decl.
747 (struct::above_upper_bound): New decl.
748 (equiv_class::add): Port from svalue_id to const svalue *.
749 (equiv_class::del): Likewise.
750 (equiv_class::get_representative): Likewise.
751 (equiv_class::remap_svalue_ids): Drop.
752 (equiv_class::m_cst_sid): Convert to..
753 (equiv_class::m_cst_sval): ...this.
754 (equiv_class::m_vars): Port from svalue_id to const svalue *.
755 (constraint::bool implied_by): New decl.
756 (fact_visitor::on_fact): Port from svalue_id to const svalue *.
757 (constraint_manager::constraint_manager): Add mgr param.
758 (constraint_manager::clone): Delete.
759 (constraint_manager::maybe_get_constant): Delete.
760 (constraint_manager::get_sid_for_constant): Delete.
761 (constraint_manager::get_num_svalues): Delete.
762 (constraint_manager::dump_to_pp): Add "multiline" param.
763 (constraint_manager::get_equiv_class): Port from svalue_id to
764 const svalue *.
765 (constraint_manager::add_constraint): Likewise.
766 (constraint_manager::get_equiv_class_by_sid): Rename to...
767 (constraint_manager::get_equiv_class_by_svalue): ...this, porting
768 from svalue_id to const svalue *.
769 (constraint_manager::add_unknown_constraint): New decl.
770 (constraint_manager::get_or_add_equiv_class): Port from svalue_id
771 to const svalue *.
772 (constraint_manager::eval_condition): Likewise. Add overloads.
773 (constraint_manager::get_ec_bounds): New decl.
774 (constraint_manager::purge): Convert to template.
775 (constraint_manager::remap_svalue_ids): Delete.
776 (constraint_manager::on_liveness_change): New decl.
777 (constraint_manager::canonicalize): Drop param.
778 (constraint_manager::clean_merger_input): Delete.
779 (constraint_manager::m_mgr): New field.
780 * diagnostic-manager.cc: Move includes of
781 "analyzer/call-string.h" and "analyzer/program-point.h" to before
782 "analyzer/region-model.h", and also include "analyzer/store.h"
783 before it.
784 (saved_diagnostic::saved_diagnostic): Add "sval" param.
785 (diagnostic_manager::diagnostic_manager): Add engine param.
786 (diagnostic_manager::add_diagnostic): Add "sval" param, passing it
787 to saved_diagnostic ctor. Update overload to pass NULL for it.
788 (dedupe_winners::dedupe_winners): Add engine param.
789 (dedupe_winners::add): Add "eg" param. Pass m_engine to
790 feasible_p.
791 (dedupe_winner::m_engine): New field.
792 (diagnostic_manager::emit_saved_diagnostics): Pass engine to
793 dedupe_winners. Pass &eg when adding candidates. Pass svalue
794 rather than tree to prune_path. Use get_stmt_location to get
795 primary location of diagnostic.
796 (diagnostic_manager::emit_saved_diagnostic): Likewise.
797 (get_any_origin): Drop.
798 (state_change_event_creator::on_global_state_change): Pass NULL
799 const svalue * rather than NULL_TREE trees to state_change_event
800 ctor.
801 (state_change_event_creator::on_state_change): Port from tree and
802 svalue_id to const svalue *.
803 (for_each_state_change): Port from svalue_id to const svalue *.
804 (struct null_assignment_sm_context): New.
805 (diagnostic_manager::add_events_for_eedge): Add state change
806 events for assignment to NULL.
807 (diagnostic_manager::prune_path): Update param from tree to
808 const svalue *.
809 (diagnostic_manager::prune_for_sm_diagnostic): Port from tracking
810 by tree to by const svalue *.
811 * diagnostic-manager.h (saved_diagnostic::saved_diagnostic): Add sval
812 param.
813 (saved_diagnostic::m_sval): New field.
814 (diagnostic_manager::diagnostic_manager): Add engine param.
815 (diagnostic_manager::get_engine): New.
816 (diagnostic_manager::add_diagnostic): Add "sval" param.
817 (diagnostic_manager::prune_path): Likewise.
818 (diagnostic_manager::prune_for_sm_diagnostic): New overload.
819 (diagnostic_manager::m_eng): New field.
820 * engine.cc: Move includes of "analyzer/call-string.h" and
821 "analyzer/program-point.h" to before "analyzer/region-model.h",
822 and also include "analyzer/store.h" before it.
823 (impl_region_model_context::impl_region_model_context): Update for
824 removal of m_change field.
825 (impl_region_model_context::remap_svalue_ids): Delete.
826 (impl_region_model_context::on_svalue_leak): New.
827 (impl_region_model_context::on_svalue_purge): Delete.
828 (impl_region_model_context::on_liveness_change): New.
829 (impl_region_model_context::on_unknown_change): Update param
830 from svalue_id to const svalue *. Add is_mutable param.
831 (setjmp_svalue::compare_fields): Delete.
832 (setjmp_svalue::accept): New.
833 (setjmp_svalue::add_to_hash): Delete.
834 (setjmp_svalue::dump_to_pp): New.
835 (setjmp_svalue::print_details): Delete.
836 (impl_sm_context::impl_sm_context): Drop "change" param.
837 (impl_sm_context::get_fndecl_for_call): Drop "m_change".
838 (impl_sm_context::on_transition): Drop ATTRIBUTE_UNUSED from
839 "stmt" param. Drop m_change. Port from svalue_id to
840 const svalue *.
841 (impl_sm_context::warn_for_state): Drop m_change. Port from
842 svalue_id to const svalue *.
843 (impl_sm_context::get_readable_tree): Rename to...
844 (impl_sm_context::get_diagnostic_tree): ...this. Port from
845 svalue_id to const svalue *.
846 (impl_sm_context::is_zero_assignment): New.
847 (impl_sm_context::m_change): Delete field.
848 (leak_stmt_finder::find_stmt): Handle m_var being NULL.
849 (readability): Increase penalty for MEM_REF. For SSA_NAMEs,
850 slightly favor the underlying var over the SSA name. Heavily
851 penalize temporaries. Handle RESULT_DECL.
852 (readability_comparator): Make non-static. Consider stack depths.
853 (impl_region_model_context::on_state_leak): Convert from svalue_id
854 to const svalue *, updating for region_model changes. Use
855 id_equal.
856 (impl_region_model_context::on_inherited_svalue): Delete.
857 (impl_region_model_context::on_cast): Delete.
858 (impl_region_model_context::on_condition): Drop m_change.
859 (impl_region_model_context::on_phi): Likewise.
860 (impl_region_model_context::on_unexpected_tree_code): Handle t
861 being NULL.
862 (point_and_state::validate): Update stack checking for
863 region_model changes.
864 (eg_traits::dump_args_t::show_enode_details_p): New.
865 (exploded_node::exploded_node): Initialize m_num_processed_stmts.
866 (exploded_node::get_processed_stmt): New function.
867 (exploded_node::get_dot_fillcolor): Add more colors.
868 (exploded_node::dump_dot): Guard the printing of the point and
869 state with show_enode_details_p. Print the processed stmts for
870 this enode after the initial state.
871 (exploded_node::dump_to_pp): Pass true for new multiline param
872 of program_state::dump_to_pp.
873 (exploded_node::on_stmt): Drop "change" param. Log the stmt.
874 Set input_location. Implement __analyzer_describe. Update
875 implementation of __analyzer_dump and __analyzer_eval.
876 Remove purging of sm-state for unknown fncalls from here.
877 (exploded_node::on_edge): Drop "change" param.
878 (exploded_node::on_longjmp): Port from region_id/svalue_id to
879 const region */const svalue *. Call program_state::detect_leaks.
880 Drop state_change.
881 (exploded_node::detect_leaks): Update for changes to region_model.
882 Call program_state::detect_leaks.
883 (exploded_edge::exploded_edge): Drop ext_state and change params.
884 (exploded_edge::dump_dot): "args" is no longer used. Drop dumping
885 of m_change.
886 (exploded_graph::exploded_graph): Pass engine to
887 m_diagnostic_manager ctor. Use program_point::origin.
888 (exploded_graph::add_function_entry): Drop ctxt. Use
889 program_state::push_frame. Drop state_change.
890 (exploded_graph::get_or_create_node): Drop "change" param. Add
891 "enode_for_diag" param. Update dumping calls for API changes.
892 Pass point to can_merge_with_p. Show enode indices
893 within -Wanalyzer-too-complex diagnostic for hitting the per-point
894 limit.
895 (exploded_graph::add_edge): Drop "change" param. Log which nodes
896 are being connected. Update for changes to exploded_edge ctor.
897 (exploded_graph::get_per_program_point_data): New.
898 (exploded_graph::process_worklist): Pass point to
899 can_merge_with_p. Drop state_change. Update dumping call for API
900 change.
901 (exploded_graph::process_node): Drop state_change. Split the
902 node in-place if an sm-state-change occurs. Update
903 m_num_processed_stmts. Update dumping calls for API change.
904 (exploded_graph::log_stats): Call engine::log_stats.
905 (exploded_graph::dump_states_for_supernode): Update dumping
906 call.
907 (exploded_path::feasible_p): Add "eng" and "eg" params.
908 Rename "i" to "end_idx". Pass the manager to the region_model
909 ctor. Update for every processed stmt in the enode, not just the
910 first. Keep track of which snodes have been visited, and call
911 loop_replay_fixup when revisiting one.
912 (enode_label::get_text): Update dump call for new param.
913 (exploded_graph::dump_exploded_nodes): Likewise.
914 (exploded_graph::get_node_by_index): New.
915 (impl_run_checkers): Create engine instance and pass its address
916 to extrinsic_state ctor.
917 * exploded-graph.h
918 (impl_region_model_context::impl_region_model_context): Drop
919 "change" params.
920 (impl_region_model_context::void remap_svalue_ids): Delete.
921 (impl_region_model_context::on_svalue_purge): Delete.
922 (impl_region_model_context::on_svalue_leak): New.
923 (impl_region_model_context::on_liveness_change): New.
924 (impl_region_model_context::on_state_leak): Update signature.
925 (impl_region_model_context::on_inherited_svalue): Delete.
926 (impl_region_model_context::on_cast): Delete.
927 (impl_region_model_context::on_unknown_change): Update signature.
928 (impl_region_model_context::m_change): Delete.
929 (eg_traits::dump_args_t::show_enode_details_p): New.
930 (exploded_node::on_stmt): Drop "change" param.
931 (exploded_node::on_edge): Likewise.
932 (exploded_node::get_processed_stmt): New decl.
933 (exploded_node::m_num_processed_stmts): New field.
934 (exploded_edge::exploded_edge): Drop ext_state and change params.
935 (exploded_edge::m_change): Delete.
936 (exploded_graph::get_engine): New accessor.
937 (exploded_graph::get_or_create_node): Drop "change" param. Add
938 "enode_for_diag" param.
939 (exploded_graph::add_edge): Drop "change" param.
940 (exploded_graph::get_per_program_point_data): New decl.
941 (exploded_graph::get_node_by_index): New decl.
942 (exploded_path::feasible_p): Add "eng" and "eg" params.
943 * program-point.cc: Include "analyzer/store.h" before including
944 "analyzer/region-model.h".
945 (function_point::function_point): Move here from
946 program-point.h.
947 (function_point::get_function): Likewise.
948 (function_point::from_function_entry): Likewise.
949 (function_point::before_supernode): Likewise.
950 (function_point::next_stmt): New function.
951 * program-point.h (function_point::function_point): Move
952 implementation from here to program-point.cc.
953 (function_point::get_function): Likewise.
954 (function_point::from_function_entry): Likewise.
955 (function_point::before_supernode): Likewise.
956 (function_point::next_stmt): New decl.
957 (program_point::operator!=): New.
958 (program_point::origin): New.
959 (program_point::next_stmt): New.
960 (program_point::m_function_point): Make non-const.
961 * program-state.cc: Move includes of "analyzer/call-string.h" and
962 "analyzer/program-point.h" to before "analyzer/region-model.h",
963 and also include "analyzer/store.h" before it.
964 (extrinsic_state::get_model_manager): New.
965 (sm_state_map::sm_state_map): Pass in sm and sm_idx to ctor,
966 rather than pass the around.
967 (sm_state_map::clone_with_remapping): Delete.
968 (sm_state_map::print): Remove "sm" param in favor of "m_sm". Add
969 "simple" and "multiline" params and support multiline vs single
970 line dumping.
971 (sm_state_map::dump): Remove "sm" param in favor of "m_sm". Add
972 "simple" param.
973 (sm_state_map::hash): Port from svalue_id to const svalue *.
974 (sm_state_map::operator==): Likewise.
975 (sm_state_map::get_state): Likewise. Call canonicalize_svalue on
976 input. Handle inheritance of sm-state. Call get_default_state.
977 (sm_state_map::get_origin): Port from svalue_id to const svalue *.
978 (sm_state_map::set_state): Likewise. Pass in ext_state. Reject
979 attempts to set state on UNKNOWN.
980 (sm_state_map::impl_set_state): Port from svalue_id to
981 const svalue *. Pass in ext_state. Call canonicalize_svalue on
982 input.
983 (sm_state_map::purge_for_unknown_fncall): Delete.
984 (sm_state_map::on_svalue_leak): New.
985 (sm_state_map::remap_svalue_ids): Delete.
986 (sm_state_map::on_liveness_change): New.
987 (sm_state_map::on_unknown_change): Reimplement.
988 (sm_state_map::on_svalue_purge): Delete.
989 (sm_state_map::on_inherited_svalue): Delete.
990 (sm_state_map::on_cast): Delete.
991 (sm_state_map::validate): Delete.
992 (sm_state_map::canonicalize_svalue): New.
993 (program_state::program_state): Update to pass manager to
994 region_model's ctor. Constify num_states and pass state machine
995 and index to sm_state_map ctor.
996 (program_state::print): Update for changes to dump API.
997 (program_state::dump_to_pp): Ignore the summarize param. Add
998 "multiline" param.
999 (program_state::dump_to_file): Add "multiline" param.
1000 (program_state::dump): Pass "true" for new "multiline" param.
1001 (program_state::push_frame): New.
1002 (program_state::on_edge): Drop "change" param. Call
1003 program_state::detect_leaks.
1004 (program_state::prune_for_point): Add enode_for_diag param.
1005 Reimplement based on store class. Call detect_leaks
1006 (program_state::remap_svalue_ids): Delete.
1007 (program_state::get_representative_tree): Port from svalue_id to
1008 const svalue *.
1009 (program_state::can_merge_with_p): Add "point" param. Add early
1010 reject for sm-differences. Drop id remapping.
1011 (program_state::validate): Drop region model and sm_state_map
1012 validation.
1013 (state_change::sm_change::dump): Delete.
1014 (state_change::sm_change::remap_svalue_ids): Delete.
1015 (state_change::sm_change::on_svalue_purge): Delete.
1016 (log_set_of_svalues): New.
1017 (state_change::sm_change::validate): Delete.
1018 (state_change::state_change): Delete.
1019 (state_change::add_sm_change): Delete.
1020 (state_change::affects_p): Delete.
1021 (state_change::dump): Delete.
1022 (state_change::remap_svalue_ids): Delete.
1023 (state_change::on_svalue_purge): Delete.
1024 (state_change::validate): Delete.
1025 (selftest::assert_dump_eq): Delete.
1026 (ASSERT_DUMP_EQ): Delete.
1027 (selftest::test_sm_state_map): Update for changes to region_model
1028 and sm_state_map, porting from svalue_id to const svalue *.
1029 (selftest::test_program_state_dumping): Likewise. Drop test of
1030 dumping, renaming to...
1031 (selftest::test_program_state_1): ...this.
1032 (selftest::test_program_state_dumping_2): Likewise, renaming to...
1033 (selftest::test_program_state_2): ...this.
1034 (selftest::test_program_state_merging): Update for changes to
1035 region_model.
1036 (selftest::test_program_state_merging_2): Likewise.
1037 (selftest::analyzer_program_state_cc_tests): Update for renamed
1038 tests.
1039 * program-state.h (extrinsic_state::extrinsic_state): Add logger
1040 and engine params.
1041 (extrinsic_state::get_logger): New accessor.
1042 (extrinsic_state::get_engine): New accessor.
1043 (extrinsic_state::get_model_manager): New accessor.
1044 (extrinsic_state::m_logger): New field.
1045 (extrinsic_state::m_engine): New field.
1046 (struct default_hash_traits<svalue_id>): Delete.
1047 (pod_hash_traits<svalue_id>::hash): Delete.
1048 (pod_hash_traits<svalue_id>::equal): Delete.
1049 (pod_hash_traits<svalue_id>::mark_deleted): Delete.
1050 (pod_hash_traits<svalue_id>::mark_empty): Delete.
1051 (pod_hash_traits<svalue_id>::is_deleted): Delete.
1052 (pod_hash_traits<svalue_id>::is_empty): Delete.
1053 (sm_state_map::entry_t::entry_t): Port from svalue_id to
1054 const svalue *.
1055 (sm_state_map::entry_t::m_origin): Likewise.
1056 (sm_state_map::map_t): Likewise.
1057 (sm_state_map::sm_state_map): Add state_machine and index params.
1058 (sm_state_map::clone_with_remapping): Delete.
1059 (sm_state_map::print): Drop sm param; add simple and multiline
1060 params.
1061 (sm_state_map::dump): Drop sm param; add simple param.
1062 (sm_state_map::get_state): Port from svalue_id to const svalue *.
1063 Add ext_state param.
1064 (sm_state_map::get_origin): Likewise.
1065 (sm_state_map::set_state): Likewise.
1066 (sm_state_map::impl_set_state): Likewise.
1067 (sm_state_map::purge_for_unknown_fncall): Delete.
1068 (sm_state_map::remap_svalue_ids): Delete.
1069 (sm_state_map::on_svalue_purge): Delete.
1070 (sm_state_map::on_svalue_leak): New.
1071 (sm_state_map::on_liveness_change): New.
1072 (sm_state_map::on_inherited_svalue): Delete.
1073 (sm_state_map::on_cast): Delete.
1074 (sm_state_map::validate): Delete.
1075 (sm_state_map::on_unknown_change): Port from svalue_id to
1076 const svalue *. Add is_mutable and ext_state params.
1077 (sm_state_map::canonicalize_svalue): New.
1078 (sm_state_map::m_sm): New field.
1079 (sm_state_map::m_sm_idx): New field.
1080 (program_state::operator=): Delete.
1081 (program_state::dump_to_pp): Drop "summarize" param, adding
1082 "simple" and "multiline".
1083 (program_state::dump_to_file): Likewise.
1084 (program_state::dump): Rename "summarize" to "simple".
1085 (program_state::push_frame): New.
1086 (program_state::get_current_function): New.
1087 (program_state::on_edge): Drop "change" param.
1088 (program_state::prune_for_point): Likewise. Add enode_for_diag
1089 param.
1090 (program_state::remap_svalue_ids): Delete.
1091 (program_state::get_representative_tree): Port from svalue_id to
1092 const svalue *.
1093 (program_state::can_purge_p): Likewise. Pass ext_state to get_state.
1094 (program_state::can_merge_with_p): Add point param.
1095 (program_state::detect_leaks): New.
1096 (state_change_visitor::on_state_change): Port from tree and
1097 svalue_id to a pair of const svalue *.
1098 (class state_change): Delete.
1099 * region.cc: New file.
1100 * region-model-impl-calls.cc: New file.
1101 * region-model-manager.cc: New file.
1102 * region-model-reachability.cc: New file.
1103 * region-model-reachability.h: New file.
1104 * region-model.cc: Include "analyzer/call-string.h",
1105 "analyzer/program-point.h", and "analyzer/store.h" before
1106 "analyzer/region-model.h". Include
1107 "analyzer/region-model-reachability.h".
1108 (dump_tree): Make non-static.
1109 (dump_quoted_tree): Make non-static.
1110 (print_quoted_type): Make non-static.
1111 (path_var::dump): Delete.
1112 (dump_separator): Delete.
1113 (class impl_constraint_manager): Delete.
1114 (svalue_id::print): Delete.
1115 (svalue_id::dump_node_name_to_pp): Delete.
1116 (svalue_id::validate): Delete.
1117 (region_id::print): Delete.
1118 (region_id::dump_node_name_to_pp): Delete.
1119 (region_id::validate): Delete.
1120 (region_id_set::region_id_set): Delete.
1121 (svalue_id_set::svalue_id_set): Delete.
1122 (svalue::operator==): Delete.
1123 (svalue::hash): Delete.
1124 (svalue::print): Delete.
1125 (svalue::dump_dot_to_pp): Delete.
1126 (svalue::remap_region_ids): Delete.
1127 (svalue::walk_for_canonicalization): Delete.
1128 (svalue::get_child_sid): Delete.
1129 (svalue::maybe_get_constant): Delete.
1130 (region_svalue::compare_fields): Delete.
1131 (region_svalue::add_to_hash): Delete.
1132 (region_svalue::print_details): Delete.
1133 (region_svalue::dump_dot_to_pp): Delete.
1134 (region_svalue::remap_region_ids): Delete.
1135 (region_svalue::merge_values): Delete.
1136 (region_svalue::walk_for_canonicalization): Delete.
1137 (region_svalue::eval_condition): Delete.
1138 (constant_svalue::compare_fields): Delete.
1139 (constant_svalue::add_to_hash): Delete.
1140 (constant_svalue::merge_values): Delete.
1141 (constant_svalue::eval_condition): Move to svalue.cc.
1142 (constant_svalue::print_details): Delete.
1143 (constant_svalue::get_child_sid): Delete.
1144 (unknown_svalue::compare_fields): Delete.
1145 (unknown_svalue::add_to_hash): Delete.
1146 (unknown_svalue::print_details): Delete.
1147 (poison_kind_to_str): Move to svalue.cc.
1148 (poisoned_svalue::compare_fields): Delete.
1149 (poisoned_svalue::add_to_hash): Delete.
1150 (poisoned_svalue::print_details): Delete.
1151 (region_kind_to_str): Move to region.cc and reimplement.
1152 (region::operator==): Delete.
1153 (region::get_parent_region): Delete.
1154 (region::set_value): Delete.
1155 (region::become_active_view): Delete.
1156 (region::deactivate_any_active_view): Delete.
1157 (region::deactivate_view): Delete.
1158 (region::get_value): Delete.
1159 (region::get_inherited_child_sid): Delete.
1160 (region_model::copy_region): Delete.
1161 (region_model::copy_struct_region): Delete.
1162 (region_model::copy_union_region): Delete.
1163 (region_model::copy_array_region): Delete.
1164 (region::hash): Delete.
1165 (region::print): Delete.
1166 (region::dump_dot_to_pp): Delete.
1167 (region::dump_to_pp): Delete.
1168 (region::dump_child_label): Delete.
1169 (region::validate): Delete.
1170 (region::remap_svalue_ids): Delete.
1171 (region::remap_region_ids): Delete.
1172 (region::add_view): Delete.
1173 (region::get_view): Delete.
1174 (region::region): Move to region.cc.
1175 (region::add_to_hash): Delete.
1176 (region::print_fields): Delete.
1177 (region::non_null_p): Delete.
1178 (primitive_region::clone): Delete.
1179 (primitive_region::walk_for_canonicalization): Delete.
1180 (map_region::map_region): Delete.
1181 (map_region::compare_fields): Delete.
1182 (map_region::print_fields): Delete.
1183 (map_region::validate): Delete.
1184 (map_region::dump_dot_to_pp): Delete.
1185 (map_region::dump_child_label): Delete.
1186 (map_region::get_or_create): Delete.
1187 (map_region::get): Delete.
1188 (map_region::add_to_hash): Delete.
1189 (map_region::remap_region_ids): Delete.
1190 (map_region::unbind): Delete.
1191 (map_region::get_tree_for_child_region): Delete.
1192 (map_region::get_tree_for_child_region): Delete.
1193 (tree_cmp): Move to region.cc.
1194 (map_region::can_merge_p): Delete.
1195 (map_region::walk_for_canonicalization): Delete.
1196 (map_region::get_value_by_name): Delete.
1197 (struct_or_union_region::valid_key_p): Delete.
1198 (struct_or_union_region::compare_fields): Delete.
1199 (struct_region::clone): Delete.
1200 (struct_region::compare_fields): Delete.
1201 (union_region::clone): Delete.
1202 (union_region::compare_fields): Delete.
1203 (frame_region::compare_fields): Delete.
1204 (frame_region::clone): Delete.
1205 (frame_region::valid_key_p): Delete.
1206 (frame_region::print_fields): Delete.
1207 (frame_region::add_to_hash): Delete.
1208 (globals_region::compare_fields): Delete.
1209 (globals_region::clone): Delete.
1210 (globals_region::valid_key_p): Delete.
1211 (code_region::compare_fields): Delete.
1212 (code_region::clone): Delete.
1213 (code_region::valid_key_p): Delete.
1214 (array_region::array_region): Delete.
1215 (array_region::get_element): Delete.
1216 (array_region::clone): Delete.
1217 (array_region::compare_fields): Delete.
1218 (array_region::print_fields): Delete.
1219 (array_region::validate): Delete.
1220 (array_region::dump_dot_to_pp): Delete.
1221 (array_region::dump_child_label): Delete.
1222 (array_region::get_or_create): Delete.
1223 (array_region::get): Delete.
1224 (array_region::add_to_hash): Delete.
1225 (array_region::remap_region_ids): Delete.
1226 (array_region::get_key_for_child_region): Delete.
1227 (array_region::key_cmp): Delete.
1228 (array_region::walk_for_canonicalization): Delete.
1229 (array_region::key_from_constant): Delete.
1230 (array_region::constant_from_key): Delete.
1231 (function_region::compare_fields): Delete.
1232 (function_region::clone): Delete.
1233 (function_region::valid_key_p): Delete.
1234 (stack_region::stack_region): Delete.
1235 (stack_region::compare_fields): Delete.
1236 (stack_region::clone): Delete.
1237 (stack_region::print_fields): Delete.
1238 (stack_region::dump_child_label): Delete.
1239 (stack_region::validate): Delete.
1240 (stack_region::push_frame): Delete.
1241 (stack_region::get_current_frame_id): Delete.
1242 (stack_region::pop_frame): Delete.
1243 (stack_region::add_to_hash): Delete.
1244 (stack_region::remap_region_ids): Delete.
1245 (stack_region::can_merge_p): Delete.
1246 (stack_region::walk_for_canonicalization): Delete.
1247 (stack_region::get_value_by_name): Delete.
1248 (heap_region::heap_region): Delete.
1249 (heap_region::compare_fields): Delete.
1250 (heap_region::clone): Delete.
1251 (heap_region::walk_for_canonicalization): Delete.
1252 (root_region::root_region): Delete.
1253 (root_region::compare_fields): Delete.
1254 (root_region::clone): Delete.
1255 (root_region::print_fields): Delete.
1256 (root_region::validate): Delete.
1257 (root_region::dump_child_label): Delete.
1258 (root_region::push_frame): Delete.
1259 (root_region::get_current_frame_id): Delete.
1260 (root_region::pop_frame): Delete.
1261 (root_region::ensure_stack_region): Delete.
1262 (root_region::get_stack_region): Delete.
1263 (root_region::ensure_globals_region): Delete.
1264 (root_region::get_code_region): Delete.
1265 (root_region::ensure_code_region): Delete.
1266 (root_region::get_globals_region): Delete.
1267 (root_region::ensure_heap_region): Delete.
1268 (root_region::get_heap_region): Delete.
1269 (root_region::remap_region_ids): Delete.
1270 (root_region::can_merge_p): Delete.
1271 (root_region::add_to_hash): Delete.
1272 (root_region::walk_for_canonicalization): Delete.
1273 (root_region::get_value_by_name): Delete.
1274 (symbolic_region::symbolic_region): Delete.
1275 (symbolic_region::compare_fields): Delete.
1276 (symbolic_region::clone): Delete.
1277 (symbolic_region::walk_for_canonicalization): Delete.
1278 (symbolic_region::print_fields): Delete.
1279 (region_model::region_model): Add region_model_manager * param.
1280 Reimplement in terms of store, dropping impl_constraint_manager
1281 subclass.
1282 (region_model::operator=): Reimplement in terms of store
1283 (region_model::operator==): Likewise.
1284 (region_model::hash): Likewise.
1285 (region_model::print): Delete.
1286 (region_model::print_svalue): Delete.
1287 (region_model::dump_dot_to_pp): Delete.
1288 (region_model::dump_dot_to_file): Delete.
1289 (region_model::dump_dot): Delete.
1290 (region_model::dump_to_pp): Replace "summarize" param with
1291 "simple" and "multiline". Port to store-based implementation.
1292 (region_model::dump): Replace "summarize" param with "simple" and
1293 "multiline".
1294 (dump_vec_of_tree): Delete.
1295 (region_model::dump_summary_of_rep_path_vars): Delete.
1296 (region_model::validate): Delete.
1297 (svalue_id_cmp_by_constant_svalue_model): Delete.
1298 (svalue_id_cmp_by_constant_svalue): Delete.
1299 (region_model::canonicalize): Drop "ctxt" param. Reimplement in
1300 terms of store and constraints.
1301 (region_model::canonicalized_p): Remove NULL arg to canonicalize.
1302 (region_model::loop_replay_fixup): New.
1303 (poisoned_value_diagnostic::emit): Tweak wording of warnings.
1304 (region_model::check_for_poison): Delete.
1305 (region_model::get_gassign_result): New.
1306 (region_model::on_assignment): Port to store-based implementation.
1307 (region_model::on_call_pre): Delete calls to check_for_poison.
1308 Move implementations to region-model-impl-calls.c and port to
1309 store-based implementation.
1310 (region_model::on_call_post): Likewise.
1311 (class reachable_regions): Move to region-model-reachability.h/cc
1312 and port to store-based implementation.
1313 (region_model::handle_unrecognized_call): Port to store-based
1314 implementation.
1315 (region_model::get_reachable_svalues): New.
1316 (region_model::on_setjmp): Port to store-based implementation.
1317 (region_model::on_longjmp): Likewise.
1318 (region_model::handle_phi): Drop is_back_edge param and the logic
1319 using it.
1320 (region_model::get_lvalue_1): Port from region_id to const region *.
1321 (region_model::make_region_for_unexpected_tree_code): Delete.
1322 (assert_compat_types): If the check fails, use internal_error to
1323 show the types.
1324 (region_model::get_lvalue): Port from region_id to const region *.
1325 (region_model::get_rvalue_1): Port from svalue_id to const svalue *.
1326 (region_model::get_rvalue): Likewise.
1327 (region_model::get_or_create_ptr_svalue): Delete.
1328 (region_model::get_or_create_constant_svalue): Delete.
1329 (region_model::get_svalue_for_fndecl): Delete.
1330 (region_model::get_region_for_fndecl): Delete.
1331 (region_model::get_svalue_for_label): Delete.
1332 (region_model::get_region_for_label): Delete.
1333 (build_cast): Delete.
1334 (region_model::maybe_cast_1): Delete.
1335 (region_model::maybe_cast): Delete.
1336 (region_model::get_field_region): Delete.
1337 (region_model::get_store_value): New.
1338 (region_model::region_exists_p): New.
1339 (region_model::deref_rvalue): Port from svalue_id to const svalue *.
1340 (region_model::set_value): Likewise.
1341 (region_model::clobber_region): New.
1342 (region_model::purge_region): New.
1343 (region_model::zero_fill_region): New.
1344 (region_model::mark_region_as_unknown): New.
1345 (region_model::eval_condition): Port from svalue_id to
1346 const svalue *.
1347 (region_model::eval_condition_without_cm): Likewise.
1348 (region_model::compare_initial_and_pointer): New.
1349 (region_model::add_constraint): Port from svalue_id to
1350 const svalue *.
1351 (region_model::maybe_get_constant): Delete.
1352 (region_model::get_representative_path_var): New.
1353 (region_model::add_new_malloc_region): Delete.
1354 (region_model::get_representative_tree): Port to const svalue *.
1355 (region_model::get_representative_path_var): Port to
1356 const region *.
1357 (region_model::get_path_vars_for_svalue): Delete.
1358 (region_model::set_to_new_unknown_value): Delete.
1359 (region_model::update_for_phis): Don't pass is_back_edge to handle_phi.
1360 (region_model::update_for_call_superedge): Port from svalue_id to
1361 const svalue *.
1362 (region_model::update_for_return_superedge): Port to store-based
1363 implementation.
1364 (region_model::update_for_call_summary): Replace
1365 set_to_new_unknown_value with mark_region_as_unknown.
1366 (region_model::get_root_region): Delete.
1367 (region_model::get_stack_region_id): Delete.
1368 (region_model::push_frame): Delete.
1369 (region_model::get_current_frame_id): Delete.
1370 (region_model::get_current_function): Delete.
1371 (region_model::pop_frame): Delete.
1372 (region_model::on_top_level_param): New.
1373 (region_model::get_stack_depth): Delete.
1374 (region_model::get_function_at_depth): Delete.
1375 (region_model::get_globals_region_id): Delete.
1376 (region_model::add_svalue): Delete.
1377 (region_model::replace_svalue): Delete.
1378 (region_model::add_region): Delete.
1379 (region_model::get_svalue): Delete.
1380 (region_model::get_region): Delete.
1381 (make_region_for_type): Delete.
1382 (region_model::add_region_for_type): Delete.
1383 (region_model::on_top_level_param): New.
1384 (class restrict_to_used_svalues): Delete.
1385 (region_model::purge_unused_svalues): Delete.
1386 (region_model::push_frame): New.
1387 (region_model::remap_svalue_ids): Delete.
1388 (region_model::remap_region_ids): Delete.
1389 (region_model::purge_regions): Delete.
1390 (region_model::get_descendents): Delete.
1391 (region_model::delete_region_and_descendents): Delete.
1392 (region_model::poison_any_pointers_to_bad_regions): Delete.
1393 (region_model::can_merge_with_p): Delete.
1394 (region_model::get_current_function): New.
1395 (region_model::get_value_by_name): Delete.
1396 (region_model::convert_byte_offset_to_array_index): Delete.
1397 (region_model::pop_frame): New.
1398 (region_model::get_or_create_mem_ref): Delete.
1399 (region_model::get_stack_depth): New.
1400 (region_model::get_frame_at_index): New.
1401 (region_model::unbind_region_and_descendents): New.
1402 (struct bad_pointer_finder): New.
1403 (region_model::get_or_create_pointer_plus_expr): Delete.
1404 (region_model::poison_any_pointers_to_descendents): New.
1405 (region_model::get_or_create_view): Delete.
1406 (region_model::can_merge_with_p): New.
1407 (region_model::get_fndecl_for_call): Port from svalue_id to
1408 const svalue *.
1409 (struct append_ssa_names_cb_data): New.
1410 (get_ssa_name_regions_for_current_frame): New.
1411 (region_model::append_ssa_names_cb): New.
1412 (model_merger::dump_to_pp): Add "simple" param. Drop dumping of
1413 remappings.
1414 (model_merger::dump): Add "simple" param to both overloads.
1415 (model_merger::can_merge_values_p): Delete.
1416 (model_merger::record_regions): Delete.
1417 (model_merger::record_svalues): Delete.
1418 (svalue_id_merger_mapping::svalue_id_merger_mapping): Delete.
1419 (svalue_id_merger_mapping::dump_to_pp): Delete.
1420 (svalue_id_merger_mapping::dump): Delete.
1421 (region_model::create_region_for_heap_alloc): New.
1422 (region_model::create_region_for_alloca): New.
1423 (region_model::record_dynamic_extents): New.
1424 (canonicalization::canonicalization): Delete.
1425 (canonicalization::walk_rid): Delete.
1426 (canonicalization::walk_sid): Delete.
1427 (canonicalization::dump_to_pp): Delete.
1428 (canonicalization::dump): Delete.
1429 (inchash::add): Delete overloads for svalue_id and region_id.
1430 (engine::log_stats): New.
1431 (assert_condition): Add overload comparing svalues.
1432 (assert_dump_eq): Pass "true" for multiline.
1433 (selftest::test_dump): Update for rewrite of region_model.
1434 (selftest::test_dump_2): Rename to...
1435 (selftest::test_struct): ...this. Provide a region_model_manager
1436 when creating region_model instance. Remove dump test. Add
1437 checks for get_offset.
1438 (selftest::test_dump_3): Rename to...
1439 (selftest::test_array_1): ...this. Provide a region_model_manager
1440 when creating region_model instance. Remove dump test.
1441 (selftest::test_get_representative_tree): Port from svalue_id to
1442 new API. Add test coverage for various expressions.
1443 (selftest::test_unique_constants): Provide a region_model_manager
1444 for the region_model. Add test coverage for comparing const vs
1445 non-const.
1446 (selftest::test_svalue_equality): Delete.
1447 (selftest::test_region_equality): Delete.
1448 (selftest::test_unique_unknowns): New.
1449 (class purge_all_svalue_ids): Delete.
1450 (class purge_one_svalue_id): Delete.
1451 (selftest::test_purging_by_criteria): Delete.
1452 (selftest::test_initial_svalue_folding): New.
1453 (selftest::test_unaryop_svalue_folding): New.
1454 (selftest::test_binop_svalue_folding): New.
1455 (selftest::test_sub_svalue_folding): New.
1456 (selftest::test_purge_unused_svalues): Delete.
1457 (selftest::test_descendent_of_p): New.
1458 (selftest::test_assignment): Provide a region_model_manager for
1459 the region_model. Drop the dump test.
1460 (selftest::test_compound_assignment): Likewise.
1461 (selftest::test_stack_frames): Port to new implementation.
1462 (selftest::test_get_representative_path_var): Likewise.
1463 (selftest::test_canonicalization_1): Rename to...
1464 (selftest::test_equality_1): ...this. Port to new API, and add
1465 (selftest::test_canonicalization_2): Provide a
1466 region_model_manager when creating region_model instances.
1467 Remove redundant canicalization.
1468 (selftest::test_canonicalization_3): Provide a
1469 region_model_manager when creating region_model instances.
1470 Remove param from calls to region_model::canonicalize.
1471 (selftest::test_canonicalization_4): Likewise.
1472 (selftest::assert_region_models_merge): Constify
1473 out_merged_svalue. Port to new API.
1474 (selftest::test_state_merging): Provide a
1475 region_model_manager when creating region_model instances.
1476 Provide a program_point point when merging them. Replace
1477 set_to_new_unknown_value with usage of placeholder_svalues.
1478 Drop get_value_by_name. Port from svalue_id to const svalue *.
1479 Add test of heap allocation.
1480 (selftest::test_constraint_merging): Provide a
1481 region_model_manager when creating region_model instances.
1482 Provide a program_point point when merging them. Eliminate use
1483 of set_to_new_unknown_value.
1484 (selftest::test_widening_constraints): New.
1485 (selftest::test_iteration_1): New.
1486 (selftest::test_malloc_constraints): Port to store-based
1487 implementation.
1488 (selftest::test_var): New test.
1489 (selftest::test_array_2): New test.
1490 (selftest::test_mem_ref): New test.
1491 (selftest::test_POINTER_PLUS_EXPR_then_MEM_REF): New.
1492 (selftest::test_malloc): New.
1493 (selftest::test_alloca): New.
1494 (selftest::analyzer_region_model_cc_tests): Update for renamings.
1495 Call new functions.
1496 * region-model.h (class path_var): Move to analyzer.h.
1497 (class svalue_id): Delete.
1498 (class region_id): Delete.
1499 (class id_map): Delete.
1500 (svalue_id_map): Delete.
1501 (region_id_map): Delete.
1502 (id_map<T>::id_map): Delete.
1503 (id_map<T>::put): Delete.
1504 (id_map<T>::get_dst_for_src): Delete.
1505 (id_map<T>::get_src_for_dst): Delete.
1506 (id_map<T>::dump_to_pp): Delete.
1507 (id_map<T>::dump): Delete.
1508 (id_map<T>::update): Delete.
1509 (one_way_svalue_id_map): Delete.
1510 (one_way_region_id_map): Delete.
1511 (class region_id_set): Delete.
1512 (class svalue_id_set): Delete.
1513 (struct complexity): New.
1514 (class visitor): New.
1515 (enum svalue_kind): Add SK_SETJMP, SK_INITIAL, SK_UNARYOP,
1516 SK_BINOP, SK_SUB,SK_UNMERGEABLE, SK_PLACEHOLDER, SK_WIDENING,
1517 SK_COMPOUND, and SK_CONJURED.
1518 (svalue::operator==): Delete.
1519 (svalue::operator!=): Delete.
1520 (svalue::clone): Delete.
1521 (svalue::hash): Delete.
1522 (svalue::dump_dot_to_pp): Delete.
1523 (svalue::dump_to_pp): New.
1524 (svalue::dump): New.
1525 (svalue::get_desc): New.
1526 (svalue::dyn_cast_initial_svalue): New.
1527 (svalue::dyn_cast_unaryop_svalue): New.
1528 (svalue::dyn_cast_binop_svalue): New.
1529 (svalue::dyn_cast_sub_svalue): New.
1530 (svalue::dyn_cast_unmergeable_svalue): New.
1531 (svalue::dyn_cast_widening_svalue): New.
1532 (svalue::dyn_cast_compound_svalue): New.
1533 (svalue::dyn_cast_conjured_svalue): New.
1534 (svalue::maybe_undo_cast): New.
1535 (svalue::unwrap_any_unmergeable): New.
1536 (svalue::remap_region_ids): Delete
1537 (svalue::can_merge_p): New.
1538 (svalue::walk_for_canonicalization): Delete
1539 (svalue::get_complexity): New.
1540 (svalue::get_child_sid): Delete
1541 (svalue::accept): New.
1542 (svalue::live_p): New.
1543 (svalue::implicitly_live_p): New.
1544 (svalue::svalue): Add complexity param.
1545 (svalue::add_to_hash): Delete
1546 (svalue::print_details): Delete
1547 (svalue::m_complexity): New field.
1548 (region_svalue::key_t): New struct.
1549 (region_svalue::region_svalue): Port from region_id to
1550 const region_id *. Add complexity.
1551 (region_svalue::compare_fields): Delete.
1552 (region_svalue::clone): Delete.
1553 (region_svalue::dump_dot_to_pp): Delete.
1554 (region_svalue::get_pointee): Port from region_id to
1555 const region_id *.
1556 (region_svalue::remap_region_ids): Delete.
1557 (region_svalue::merge_values): Delete.
1558 (region_svalue::dump_to_pp): New.
1559 (region_svalue::accept): New.
1560 (region_svalue::walk_for_canonicalization): Delete.
1561 (region_svalue::eval_condition): Make params const.
1562 (region_svalue::add_to_hash): Delete.
1563 (region_svalue::print_details): Delete.
1564 (region_svalue::m_rid): Replace with...
1565 (region_svalue::m_reg): ...this.
1566 (is_a_helper <region_svalue *>::test): Convert to...
1567 (is_a_helper <const region_svalue *>::test): ...this.
1568 (template <> struct default_hash_traits<region_svalue::key_t>):
1569 New.
1570 (constant_svalue::constant_svalue): Add complexity.
1571 (constant_svalue::compare_fields): Delete.
1572 (constant_svalue::clone): Delete.
1573 (constant_svalue::add_to_hash): Delete.
1574 (constant_svalue::dump_to_pp): New.
1575 (constant_svalue::accept): New.
1576 (constant_svalue::implicitly_live_p): New.
1577 (constant_svalue::merge_values): Delete.
1578 (constant_svalue::eval_condition): Make params const.
1579 (constant_svalue::get_child_sid): Delete.
1580 (constant_svalue::print_details): Delete.
1581 (is_a_helper <constant_svalue *>::test): Convert to...
1582 (is_a_helper <const constant_svalue *>::test): ...this.
1583 (class unknown_svalue): Update leading comment.
1584 (unknown_svalue::unknown_svalue): Add complexity.
1585 (unknown_svalue::compare_fields): Delete.
1586 (unknown_svalue::add_to_hash): Delete.
1587 (unknown_svalue::dyn_cast_unknown_svalue): Delete.
1588 (unknown_svalue::print_details): Delete.
1589 (unknown_svalue::dump_to_pp): New.
1590 (unknown_svalue::accept): New.
1591 (poisoned_svalue::key_t): New struct.
1592 (poisoned_svalue::poisoned_svalue): Add complexity.
1593 (poisoned_svalue::compare_fields): Delete.
1594 (poisoned_svalue::clone): Delete.
1595 (poisoned_svalue::add_to_hash): Delete.
1596 (poisoned_svalue::dump_to_pp): New.
1597 (poisoned_svalue::accept): New.
1598 (poisoned_svalue::print_details): Delete.
1599 (is_a_helper <poisoned_svalue *>::test): Convert to...
1600 (is_a_helper <const poisoned_svalue *>::test): ...this.
1601 (template <> struct default_hash_traits<poisoned_svalue::key_t>):
1602 New.
1603 (setjmp_record::add_to_hash): New.
1604 (setjmp_svalue::key_t): New struct.
1605 (setjmp_svalue::compare_fields): Delete.
1606 (setjmp_svalue::clone): Delete.
1607 (setjmp_svalue::add_to_hash): Delete.
1608 (setjmp_svalue::setjmp_svalue): Add complexity.
1609 (setjmp_svalue::dump_to_pp): New.
1610 (setjmp_svalue::accept): New.
1611 (setjmp_svalue::void print_details): Delete.
1612 (is_a_helper <const setjmp_svalue *>::test): New.
1613 (template <> struct default_hash_traits<setjmp_svalue::key_t>): New.
1614 (class initial_svalue : public svalue): New.
1615 (is_a_helper <const initial_svalue *>::test): New.
1616 (class unaryop_svalue): New.
1617 (is_a_helper <const unaryop_svalue *>::test): New.
1618 (template <> struct default_hash_traits<unaryop_svalue::key_t>): New.
1619 (class binop_svalue): New.
1620 (is_a_helper <const binop_svalue *>::test): New.
1621 (template <> struct default_hash_traits<binop_svalue::key_t>): New.
1622 (class sub_svalue): New.
1623 (is_a_helper <const sub_svalue *>::test): New.
1624 (template <> struct default_hash_traits<sub_svalue::key_t>): New.
1625 (class unmergeable_svalue): New.
1626 (is_a_helper <const unmergeable_svalue *>::test): New.
1627 (class placeholder_svalue): New.
1628 (is_a_helper <placeholder_svalue *>::test): New.
1629 (class widening_svalue): New.
1630 (is_a_helper <widening_svalue *>::test): New.
1631 (template <> struct default_hash_traits<widening_svalue::key_t>): New.
1632 (class compound_svalue): New.
1633 (is_a_helper <compound_svalue *>::test): New.
1634 (template <> struct default_hash_traits<compound_svalue::key_t>): New.
1635 (class conjured_svalue): New.
1636 (is_a_helper <conjured_svalue *>::test): New.
1637 (template <> struct default_hash_traits<conjured_svalue::key_t>): New.
1638 (enum region_kind): Delete RK_PRIMITIVE, RK_STRUCT, RK_UNION, and
1639 RK_ARRAY. Add RK_LABEL, RK_DECL, RK_FIELD, RK_ELEMENT, RK_OFFSET,
1640 RK_CAST, RK_HEAP_ALLOCATED, RK_ALLOCA, RK_STRING, and RK_UNKNOWN.
1641 (region_kind_to_str): Delete.
1642 (region::~region): Move implementation to region.cc.
1643 (region::operator==): Delete.
1644 (region::operator!=): Delete.
1645 (region::clone): Delete.
1646 (region::get_id): New.
1647 (region::cmp_ids): New.
1648 (region::dyn_cast_map_region): Delete.
1649 (region::dyn_cast_array_region): Delete.
1650 (region::region_id get_parent): Delete.
1651 (region::get_parent_region): Convert to a simple accessor.
1652 (region::void set_value): Delete.
1653 (region::svalue_id get_value): Delete.
1654 (region::svalue_id get_value_direct): Delete.
1655 (region::svalue_id get_inherited_child_sid): Delete.
1656 (region::dyn_cast_frame_region): New.
1657 (region::dyn_cast_function_region): New.
1658 (region::dyn_cast_decl_region): New.
1659 (region::dyn_cast_field_region): New.
1660 (region::dyn_cast_element_region): New.
1661 (region::dyn_cast_offset_region): New.
1662 (region::dyn_cast_cast_region): New.
1663 (region::dyn_cast_string_region): New.
1664 (region::accept): New.
1665 (region::get_base_region): New.
1666 (region::base_region_p): New.
1667 (region::descendent_of_p): New.
1668 (region::maybe_get_frame_region): New.
1669 (region::maybe_get_decl): New.
1670 (region::hash): Delete.
1671 (region::rint): Delete.
1672 (region::dump_dot_to_pp): Delete.
1673 (region::get_desc): New.
1674 (region::dump_to_pp): Convert to vfunc, changing signature.
1675 (region::dump_child_label): Delete.
1676 (region::remap_svalue_ids): Delete.
1677 (region::remap_region_ids): Delete.
1678 (region::dump): New.
1679 (region::walk_for_canonicalization): Delete.
1680 (region::non_null_p): Drop region_model param.
1681 (region::add_view): Delete.
1682 (region::get_view): Delete.
1683 (region::get_active_view): Delete.
1684 (region::is_view_p): Delete.
1685 (region::cmp_ptrs): New.
1686 (region::validate): Delete.
1687 (region::get_offset): New.
1688 (region::get_byte_size): New.
1689 (region::get_bit_size): New.
1690 (region::get_subregions_for_binding): New.
1691 (region::region): Add complexity param. Convert parent from
1692 region_id to const region *. Drop svalue_id. Drop copy ctor.
1693 (region::symbolic_for_unknown_ptr_p): New.
1694 (region::add_to_hash): Delete.
1695 (region::print_fields): Delete.
1696 (region::get_complexity): New accessor.
1697 (region::become_active_view): Delete.
1698 (region::deactivate_any_active_view): Delete.
1699 (region::deactivate_view): Delete.
1700 (region::calc_offset): New.
1701 (region::m_parent_rid): Delete.
1702 (region::m_sval_id): Delete.
1703 (region::m_complexity): New.
1704 (region::m_id): New.
1705 (region::m_parent): New.
1706 (region::m_view_rids): Delete.
1707 (region::m_is_view): Delete.
1708 (region::m_active_view_rid): Delete.
1709 (region::m_cached_offset): New.
1710 (is_a_helper <region *>::test): Convert to...
1711 (is_a_helper <const region *>::test): ... this.
1712 (class primitive_region): Delete.
1713 (class space_region): New.
1714 (class map_region): Delete.
1715 (is_a_helper <map_region *>::test): Delete.
1716 (class frame_region): Reimplement.
1717 (template <> struct default_hash_traits<frame_region::key_t>):
1718 New.
1719 (class globals_region): Reimplement.
1720 (is_a_helper <globals_region *>::test): Convert to...
1721 (is_a_helper <const globals_region *>::test): ...this.
1722 (class struct_or_union_region): Delete.
1723 (is_a_helper <struct_or_union_region *>::test): Delete.
1724 (class code_region): Reimplement.
1725 (is_a_helper <const code_region *>::test): New.
1726 (class struct_region): Delete.
1727 (is_a_helper <struct_region *>::test): Delete.
1728 (class function_region): Reimplement.
1729 (is_a_helper <function_region *>::test): Convert to...
1730 (is_a_helper <const function_region *>::test): ...this.
1731 (class union_region): Delete.
1732 (is_a_helper <union_region *>::test): Delete.
1733 (class label_region): New.
1734 (is_a_helper <const label_region *>::test): New.
1735 (class scope_region): Delete.
1736 (class stack_region): Reimplement.
1737 (is_a_helper <stack_region *>::test): Convert to...
1738 (is_a_helper <const stack_region *>::test): ...this.
1739 (class heap_region): Reimplement.
1740 (is_a_helper <heap_region *>::test): Convert to...
1741 (is_a_helper <const heap_region *>::test): ...this.
1742 (class root_region): Reimplement.
1743 (is_a_helper <root_region *>::test): Convert to...
1744 (is_a_helper <const root_region *>::test): ...this.
1745 (class symbolic_region): Reimplement.
1746 (is_a_helper <const symbolic_region *>::test): New.
1747 (template <> struct default_hash_traits<symbolic_region::key_t>):
1748 New.
1749 (class decl_region): New.
1750 (is_a_helper <const decl_region *>::test): New.
1751 (class field_region): New.
1752 (template <> struct default_hash_traits<field_region::key_t>): New.
1753 (class array_region): Delete.
1754 (class element_region): New.
1755 (is_a_helper <array_region *>::test): Delete.
1756 (is_a_helper <const element_region *>::test): New.
1757 (template <> struct default_hash_traits<element_region::key_t>):
1758 New.
1759 (class offset_region): New.
1760 (is_a_helper <const offset_region *>::test): New.
1761 (template <> struct default_hash_traits<offset_region::key_t>):
1762 New.
1763 (class cast_region): New.
1764 (is_a_helper <const cast_region *>::test): New.
1765 (template <> struct default_hash_traits<cast_region::key_t>): New.
1766 (class heap_allocated_region): New.
1767 (class alloca_region): New.
1768 (class string_region): New.
1769 (is_a_helper <const string_region *>::test): New.
1770 (class unknown_region): New.
1771 (class region_model_manager): New.
1772 (struct append_ssa_names_cb_data): New.
1773 (class call_details): New.
1774 (region_model::region_model): Add region_model_manager param.
1775 (region_model::print_svalue): Delete.
1776 (region_model::dump_dot_to_pp): Delete.
1777 (region_model::dump_dot_to_file): Delete.
1778 (region_model::dump_dot): Delete.
1779 (region_model::dump_to_pp): Drop summarize param in favor of
1780 simple and multiline.
1781 (region_model::dump): Likewise.
1782 (region_model::summarize_to_pp): Delete.
1783 (region_model::summarize): Delete.
1784 (region_model::void canonicalize): Drop ctxt param.
1785 (region_model::void check_for_poison): Delete.
1786 (region_model::get_gassign_result): New.
1787 (region_model::impl_call_alloca): New.
1788 (region_model::impl_call_analyzer_describe): New.
1789 (region_model::impl_call_analyzer_eval): New.
1790 (region_model::impl_call_builtin_expect): New.
1791 (region_model::impl_call_calloc): New.
1792 (region_model::impl_call_free): New.
1793 (region_model::impl_call_malloc): New.
1794 (region_model::impl_call_memset): New.
1795 (region_model::impl_call_strlen): New.
1796 (region_model::get_reachable_svalues): New.
1797 (region_model::handle_phi): Drop is_back_edge param.
1798 (region_model::region_id get_root_rid): Delete.
1799 (region_model::root_region *get_root_region): Delete.
1800 (region_model::region_id get_stack_region_id): Delete.
1801 (region_model::push_frame): Convert from region_id and svalue_id
1802 to const region * and const svalue *.
1803 (region_model::get_current_frame_id): Replace with...
1804 (region_model::get_current_frame): ...this.
1805 (region_model::pop_frame): Convert from region_id to
1806 const region *. Drop purge and stats param. Add out_result.
1807 (region_model::function *get_function_at_depth): Delete.
1808 (region_model::get_globals_region_id): Delete.
1809 (region_model::add_svalue): Delete.
1810 (region_model::replace_svalue): Delete.
1811 (region_model::add_region): Delete.
1812 (region_model::add_region_for_type): Delete.
1813 (region_model::get_svalue): Delete.
1814 (region_model::get_region): Delete.
1815 (region_model::get_lvalue): Convert from region_id to
1816 const region *.
1817 (region_model::get_rvalue): Convert from svalue_id to
1818 const svalue *.
1819 (region_model::get_or_create_ptr_svalue): Delete.
1820 (region_model::get_or_create_constant_svalue): Delete.
1821 (region_model::get_svalue_for_fndecl): Delete.
1822 (region_model::get_svalue_for_label): Delete.
1823 (region_model::get_region_for_fndecl): Delete.
1824 (region_model::get_region_for_label): Delete.
1825 (region_model::get_frame_at_index (int index) const;): New.
1826 (region_model::maybe_cast): Delete.
1827 (region_model::maybe_cast_1): Delete.
1828 (region_model::get_field_region): Delete.
1829 (region_model::id deref_rvalue): Convert from region_id and
1830 svalue_id to const region * and const svalue *. Drop overload,
1831 passing in both a tree and an svalue.
1832 (region_model::set_value): Convert from region_id and svalue_id to
1833 const region * and const svalue *.
1834 (region_model::set_to_new_unknown_value): Delete.
1835 (region_model::clobber_region (const region *reg);): New.
1836 (region_model::purge_region (const region *reg);): New.
1837 (region_model::zero_fill_region (const region *reg);): New.
1838 (region_model::mark_region_as_unknown (const region *reg);): New.
1839 (region_model::copy_region): Convert from region_id to
1840 const region *.
1841 (region_model::eval_condition): Convert from svalue_id to
1842 const svalue *.
1843 (region_model::eval_condition_without_cm): Likewise.
1844 (region_model::compare_initial_and_pointer): New.
1845 (region_model:maybe_get_constant): Delete.
1846 (region_model::add_new_malloc_region): Delete.
1847 (region_model::get_representative_tree): Convert from svalue_id to
1848 const svalue *.
1849 (region_model::get_representative_path_var): Delete decl taking a
1850 region_id in favor of two decls, for svalue vs region, with an
1851 svalue_set to ensure termination.
1852 (region_model::get_path_vars_for_svalue): Delete.
1853 (region_model::create_region_for_heap_alloc): New.
1854 (region_model::create_region_for_alloca): New.
1855 (region_model::purge_unused_svalues): Delete.
1856 (region_model::remap_svalue_ids): Delete.
1857 (region_model::remap_region_ids): Delete.
1858 (region_model::purge_regions): Delete.
1859 (region_model::get_num_svalues): Delete.
1860 (region_model::get_num_regions): Delete.
1861 (region_model::get_descendents): Delete.
1862 (region_model::get_store): New.
1863 (region_model::delete_region_and_descendents): Delete.
1864 (region_model::get_manager): New.
1865 (region_model::unbind_region_and_descendents): New.
1866 (region_model::can_merge_with_p): Add point param. Drop
1867 svalue_id_merger_mapping.
1868 (region_model::get_value_by_name): Delete.
1869 (region_model::convert_byte_offset_to_array_index): Delete.
1870 (region_model::get_or_create_mem_ref): Delete.
1871 (region_model::get_or_create_pointer_plus_expr): Delete.
1872 (region_model::get_or_create_view): Delete.
1873 (region_model::get_lvalue_1): Convert from region_id to
1874 const region *.
1875 (region_model::get_rvalue_1): Convert from svalue_id to
1876 const svalue *.
1877 (region_model::get_ssa_name_regions_for_current_frame): New.
1878 (region_model::append_ssa_names_cb): New.
1879 (region_model::get_store_value): New.
1880 (region_model::copy_struct_region): Delete.
1881 (region_model::copy_union_region): Delete.
1882 (region_model::copy_array_region): Delete.
1883 (region_model::region_exists_p): New.
1884 (region_model::make_region_for_unexpected_tree_code): Delete.
1885 (region_model::loop_replay_fixup): New.
1886 (region_model::poison_any_pointers_to_bad_regions): Delete.
1887 (region_model::poison_any_pointers_to_descendents): New.
1888 (region_model::dump_summary_of_rep_path_vars): Delete.
1889 (region_model::on_top_level_param): New.
1890 (region_model::record_dynamic_extents): New.
1891 (region_model::m_mgr;): New.
1892 (region_model::m_store;): New.
1893 (region_model::m_svalues;): Delete.
1894 (region_model::m_regions;): Delete.
1895 (region_model::m_root_rid;): Delete.
1896 (region_model::m_current_frame;): New.
1897 (region_model_context::remap_svalue_ids): Delete.
1898 (region_model_context::can_purge_p): Delete.
1899 (region_model_context::on_svalue_leak): New.
1900 (region_model_context::on_svalue_purge): Delete.
1901 (region_model_context::on_liveness_change): New.
1902 (region_model_context::on_inherited_svalue): Delete.
1903 (region_model_context::on_cast): Delete.
1904 (region_model_context::on_unknown_change): Convert from svalue_id to
1905 const svalue * and add is_mutable.
1906 (class noop_region_model_context): Update for region_model_context
1907 changes.
1908 (model_merger::model_merger): Add program_point. Drop
1909 svalue_id_merger_mapping.
1910 (model_merger::dump_to_pp): Add "simple" param.
1911 (model_merger::dump): Likewise.
1912 (model_merger::get_region_a): Delete.
1913 (model_merger::get_region_b): Delete.
1914 (model_merger::can_merge_values_p): Delete.
1915 (model_merger::record_regions): Delete.
1916 (model_merger::record_svalues): Delete.
1917 (model_merger::m_point): New field.
1918 (model_merger::m_map_regions_from_a_to_m): Delete.
1919 (model_merger::m_map_regions_from_b_to_m): Delete.
1920 (model_merger::m_sid_mapping): Delete.
1921 (struct svalue_id_merger_mapping): Delete.
1922 (class engine): New.
1923 (struct canonicalization): Delete.
1924 (inchash::add): Delete decls for hashing svalue_id and region_id.
1925 (test_region_model_context::on_unexpected_tree_code): Require t to
1926 be non-NULL.
1927 (selftest::assert_condition): Add overload comparing a pair of
1928 const svalue *.
1929 * sm-file.cc: Include "tristate.h", "selftest.h",
1930 "analyzer/call-string.h", "analyzer/program-point.h",
1931 "analyzer/store.h", and "analyzer/region-model.h".
1932 (fileptr_state_machine::get_default_state): New.
1933 (fileptr_state_machine::on_stmt): Remove calls to
1934 get_readable_tree in favor of get_diagnostic_tree.
1935 * sm-malloc.cc: Include "tristate.h", "selftest.h",
1936 "analyzer/call-string.h", "analyzer/program-point.h",
1937 "analyzer/store.h", and "analyzer/region-model.h".
1938 (malloc_state_machine::get_default_state): New.
1939 (malloc_state_machine::reset_when_passed_to_unknown_fn_p): New.
1940 (malloc_diagnostic::describe_state_change): Handle change.m_expr
1941 being NULL.
1942 (null_arg::emit): Avoid printing "NULL '0'".
1943 (null_arg::describe_final_event): Avoid printing "(0) NULL".
1944 (malloc_leak::emit): Handle m_arg being NULL.
1945 (malloc_leak::describe_final_event): Handle ev.m_expr being NULL.
1946 (malloc_state_machine::on_stmt): Don't call get_readable_tree.
1947 Call get_diagnostic_tree when creating pending diagnostics.
1948 Update for is_zero_assignment becoming a member function of
1949 sm_ctxt.
1950 Don't transition to m_non_heap for ADDR_EXPR(MEM_REF()).
1951 (malloc_state_machine::reset_when_passed_to_unknown_fn_p): New
1952 vfunc implementation.
1953 * sm-sensitive.cc (sensitive_state_machine::warn_for_any_exposure): Call
1954 get_diagnostic_tree and pass the result to warn_for_state.
1955 * sm-signal.cc: Move includes of "analyzer/call-string.h" and
1956 "analyzer/program-point.h" to before "analyzer/region-model.h",
1957 and also include "analyzer/store.h" before it.
1958 (signal_unsafe_call::describe_state_change): Use
1959 get_dest_function to get handler.
1960 (update_model_for_signal_handler): Pass manager to region_model
1961 ctor.
1962 (register_signal_handler::impl_transition): Update for changes to
1963 get_or_create_node and add_edge.
1964 * sm-taint.cc (taint_state_machine::on_stmt): Remove calls to
1965 get_readable_tree, replacing them when calling warn_for_state with
1966 calls to get_diagnostic_tree.
1967 * sm.cc (is_zero_assignment): Delete.
1968 (any_pointer_p): Move to within namespace ana.
1969 * sm.h (is_zero_assignment): Remove decl.
1970 (any_pointer_p): Move decl to within namespace ana.
1971 (state_machine::get_default_state): New vfunc.
1972 (state_machine::reset_when_passed_to_unknown_fn_p): New vfunc.
1973 (sm_context::get_readable_tree): Rename to...
1974 (sm_context::get_diagnostic_tree): ...this.
1975 (sm_context::is_zero_assignment): New vfunc.
1976 * store.cc: New file.
1977 * store.h: New file.
1978 * svalue.cc: New file.
1979
2221fb6f
MW		 19802020-05-22 Mark Wielaard <mark@klomp.org>
1981
1982 * sm-signal.cc(signal_unsafe_call::emit): Possibly add
1983 gcc_rich_location note for replacement.
1984 (signal_unsafe_call::get_replacement_fn): New private function.
1985 (get_async_signal_unsafe_fns): Add "exit".
1986
5eae0ac7
DM		 19872020-04-28 David Malcolm <dmalcolm@redhat.com>
1988
1989 PR analyzer/94816
1990 * engine.cc (impl_region_model_context::on_unexpected_tree_code):
1991 Handle NULL tree.
1992 * region-model.cc (region_model::add_region_for_type): Handle
1993 NULL type.
1994 * region-model.h
1995 (test_region_model_context::on_unexpected_tree_code): Handle NULL
1996 tree.
1997
78b97837
DM		 19982020-04-28 David Malcolm <dmalcolm@redhat.com>
1999
2000 PR analyzer/94447
2001 PR analyzer/94639
2002 PR analyzer/94732
2003 PR analyzer/94754
2004 * analyzer.opt (Wanalyzer-use-of-uninitialized-value): Delete.
2005 * program-state.cc (selftest::test_program_state_dumping): Update
2006 expected dump result for removal of "uninit".
2007 * region-model.cc (poison_kind_to_str): Delete POISON_KIND_UNINIT
2008 case.
2009 (root_region::ensure_stack_region): Initialize stack with null
2010 svalue_id rather than with a typeless POISON_KIND_UNINIT value.
2011 (root_region::ensure_heap_region): Likewise for the heap.
2012 (region_model::dump_summary_of_rep_path_vars): Remove
2013 summarization of uninit values.
2014 (region_model::validate): Remove check that the stack has a
2015 POISON_KIND_UNINIT value.
2016 (poisoned_value_diagnostic::emit): Remove POISON_KIND_UNINIT
2017 case.
2018 (poisoned_value_diagnostic::describe_final_event): Likewise.
2019 (selftest::test_dump): Update expected dump result for removal of
2020 "uninit".
2021 (selftest::test_svalue_equality): Remove "uninit" and "freed".
2022 * region-model.h (enum poison_kind): Remove POISON_KIND_UNINIT.
2023
a96f1c38
DM		 20242020-04-01 David Malcolm <dmalcolm@redhat.com>
2025
2026 PR analyzer/94378
2027 * checker-path.cc: Include "bitmap.h".
2028 * constraint-manager.cc: Likewise.
2029 * diagnostic-manager.cc: Likewise.
2030 * engine.cc: Likewise.
2031 (exploded_node::detect_leaks): Pass null region_id to pop_frame.
2032 * program-point.cc: Include "bitmap.h".
2033 * program-state.cc: Likewise.
2034 * region-model.cc (id_set<region_id>::id_set): Convert to...
2035 (region_id_set::region_id_set): ...this.
2036 (svalue_id_set::svalue_id_set): New ctor.
2037 (region_model::copy_region): New function.
2038 (region_model::copy_struct_region): New function.
2039 (region_model::copy_union_region): New function.
2040 (region_model::copy_array_region): New function.
2041 (stack_region::pop_frame): Drop return value. Add
2042 "result_dst_rid" param; if it is non-null, use copy_region to copy
2043 the result to it. Rather than capture and pass a single "known
2044 used" return value to be used by purge_unused_values, instead
2045 gather and pass a set of known used return values.
2046 (root_region::pop_frame): Drop return value. Add "result_dst_rid"
2047 param.
2048 (region_model::on_assignment): Use copy_region.
2049 (region_model::on_return): Likewise for the result.
2050 (region_model::on_longjmp): Pass null for pop_frame's
2051 result_dst_rid.
2052 (region_model::update_for_return_superedge): Pass the region for the
2053 return value of the call, if any, to pop_frame, rather than setting
2054 the lvalue for the lhs of the result.
2055 (region_model::pop_frame): Drop return value. Add
2056 "result_dst_rid" param.
2057 (region_model::purge_unused_svalues): Convert third param from an
2058 svalue_id * to an svalue_id_set *, updating the initial populating
2059 of the "used" bitmap accordingly. Don't remap it when done.
2060 (struct selftest::coord_test): New selftest fixture, extracted from...
2061 (selftest::test_dump_2): ...here.
2062 (selftest::test_compound_assignment): New selftest.
2063 (selftest::test_stack_frames): Pass null to new param of pop_frame.
2064 (selftest::analyzer_region_model_cc_tests): Call the new selftest.
2065 * region-model.h (class id_set): Delete template.
2066 (class region_id_set): Reimplement, using old id_set implementation.
2067 (class svalue_id_set): Likewise. Convert from auto_sbitmap to
2068 auto_bitmap.
2069 (region::get_active_view): New accessor.
2070 (stack_region::pop_frame): Drop return value. Add
2071 "result_dst_rid" param.
2072 (root_region::pop_frame): Likewise.
2073 (region_model::pop_frame): Likewise.
2074 (region_model::copy_region): New decl.
2075 (region_model::purge_unused_svalues): Convert third param from an
2076 svalue_id * to an svalue_id_set *.
2077 (region_model::copy_struct_region): New decl.
2078 (region_model::copy_union_region): New decl.
2079 (region_model::copy_array_region): New decl.
2080
6969ac30
DM		 20812020-03-27 David Malcolm <dmalcolm@redhat.com>
2082
2083 * program-state.cc (selftest::test_program_state_dumping): Update
2084 expected dump to include symbolic_region's possibly_null field.
2085 * region-model.cc (symbolic_region::print_fields): New vfunc
2086 implementation.
2087 (region_model::add_constraint): Clear m_possibly_null from
2088 symbolic_regions now known to be non-NULL.
2089 (selftest::test_malloc_constraints): New selftest.
2090 (selftest::analyzer_region_model_cc_tests): Call it.
2091 * region-model.h (region::dyn_cast_symbolic_region): Add non-const
2092 overload.
2093 (symbolic_region::dyn_cast_symbolic_region): Implement it.
2094 (symbolic_region::print_fields): New vfunc override decl.
2095
42c63313
DM		 20962020-03-27 David Malcolm <dmalcolm@redhat.com>
2097
2098 * analyzer.h (class feasibility_problem): New forward decl.
2099 * diagnostic-manager.cc (saved_diagnostic::saved_diagnostic):
2100 Initialize new fields m_status, m_epath_length, and m_problem.
2101 (saved_diagnostic::~saved_diagnostic): Delete m_problem.
2102 (dedupe_candidate::dedupe_candidate): Convert "sd" param from a
2103 const ref to a mutable ptr.
2104 (dedupe_winners::add): Convert "sd" param from a const ref to a
2105 mutable ptr. Record the length of the exploded_path. Record the
2106 feasibility/infeasibility of sd into sd, capturing a
2107 feasibility_problem when feasible_p fails, and storing it in sd.
2108 (diagnostic_manager::emit_saved_diagnostics): Update for pass by
2109 ptr rather than by const ref.
2110 * diagnostic-manager.h (class saved_diagnostic): Add new enum
2111 status. Add fields m_status, m_epath_length and m_problem.
2112 (saved_diagnostic::set_feasible): New member function.
2113 (saved_diagnostic::set_infeasible): New member function.
2114 (saved_diagnostic::get_feasibility_problem): New accessor.
2115 (saved_diagnostic::get_status): New accessor.
2116 (saved_diagnostic::set_epath_length): New member function.
2117 (saved_diagnostic::get_epath_length): New accessor.
2118 * engine.cc: Include "gimple-pretty-print.h".
2119 (exploded_path::feasible_p): Add OUT param and, if non-NULL, write
2120 a new feasibility_problem to it on failure.
2121 (viz_callgraph_node::dump_dot): Convert begin_tr calls to
2122 begin_trtd. Convert end_tr calls to end_tdtr.
2123 (class exploded_graph_annotator): New subclass of dot_annotator.
2124 (impl_run_checkers): Add a second -fdump-analyzer-supergraph dump
2125 after the analysis runs, using exploded_graph_annotator. dumping
2126 to DUMP_BASE_NAME.supergraph-eg.dot.
2127 * exploded-graph.h (exploded_node::get_dot_fillcolor): Make
2128 public.
2129 (exploded_path::feasible_p): Add OUT param.
2130 (class feasibility_problem): New class.
2131 * state-purge.cc (state_purge_annotator::add_node_annotations):
2132 Return a bool, add a "within_table" param.
2133 (print_vec_of_names): Convert begin_tr calls to begin_trtd.
2134 Convert end_tr calls to end_tdtr.
2135 (state_purge_annotator::add_stmt_annotations): Add "within_row"
2136 param.
2137 * state-purge.h ((state_purge_annotator::add_node_annotations):
2138 Return a bool, add a "within_table" param.
2139 (state_purge_annotator::add_stmt_annotations): Add "within_row"
2140 param.
2141 * supergraph.cc (supernode::dump_dot): Call add_node_annotations
2142 twice: as before, passing false for "within_table", then again
2143 with true when within the TABLE element. Convert some begin_tr
2144 calls to begin_trtd, and some end_tr calls to end_tdtr.
2145 Repeat each add_stmt_annotations call, distinguishing between
2146 calls that add TRs and those that add TDs to an existing TR.
2147 Add a call to add_after_node_annotations.
2148 * supergraph.h (dot_annotator::add_node_annotations): Add a
2149 "within_table" param.
2150 (dot_annotator::add_stmt_annotations): Add a "within_row" param.
2151 (dot_annotator::add_after_node_annotations): New vfunc.
2152
8f023575
DM		 21532020-03-27 David Malcolm <dmalcolm@redhat.com>
2154
2155 * diagnostic-manager.cc (dedupe_winners::add): Show the
2156 exploded_node index in the log messages.
2157 (diagnostic_manager::emit_saved_diagnostics): Log a summary of
2158 m_saved_diagnostics at entry.
2159
4d661bb7
DM		 21602020-03-27 David Malcolm <dmalcolm@redhat.com>
2161
2162 * supergraph.cc (superedge::dump): Add space before description;
2163 move newline to non-pretty_printer overload.
2164
884d9141
DM		 21652020-03-18 David Malcolm <dmalcolm@redhat.com>
2166
2167 * region-model.cc: Include "stor-layout.h".
2168 (region_model::dump_to_pp): Rather than calling
2169 dump_summary_of_map on each of the current frame and the globals,
2170 instead get a vec of representative path_vars for all regions,
2171 and then dump a summary of all of them.
2172 (region_model::dump_summary_of_map): Delete, rewriting into...
2173 (region_model::dump_summary_of_rep_path_vars): ...this new
2174 function, working on a vec of path_vars.
2175 (region_model::set_value): New overload.
2176 (region_model::get_representative_path_var): Rename
2177 "parent_region" local to "parent_reg" and consolidate with other
2178 local. Guard test for grandparent being stack on parent_reg being
2179 non-NULL. Move handling for parent being an array_region to
2180 within guard for parent_reg being non-NULL.
2181 (selftest::make_test_compound_type): New function.
2182 (selftest::test_dump_2): New selftest.
2183 (selftest::test_dump_3): New selftest.
2184 (selftest::test_stack_frames): Update expected output from
2185 simplified dump to show "a" and "b" from parent frame and "y" in
2186 child frame.
2187 (selftest::analyzer_region_model_cc_tests): Call test_dump_2 and
2188 test_dump_3.
2189 * region-model.h (region_model::set_value): New overload decl.
2190 (region_model::dump_summary_of_map): Delete.
2191 (region_model::dump_summary_of_rep_path_vars): New.
2192
7d9c107a
DM		 21932020-03-18 David Malcolm <dmalcolm@redhat.com>
2194
2195 * region-model.h (class noop_region_model_context): New subclass
2196 of region_model_context.
2197 (class tentative_region_model_context): Inherit from
2198 noop_region_model_context rather than from region_model_context;
2199 drop redundant vfunc implementations.
2200 (class test_region_model_context): Likewise.
2201
0db2cd17
DM		 22022020-03-18 David Malcolm <dmalcolm@redhat.com>
2203
2204 * engine.cc (exploded_node::exploded_node): Move implementation
2205 here from header; accept point_and_state by const reference rather
2206 than by value.
2207 * exploded-graph.h (exploded_node::exploded_node): Pass
2208 point_and_state by const reference rather than by value. Move
2209 body to engine.cc.
2210
d5029d45
JJ		 22112020-03-18 Jakub Jelinek <jakub@redhat.com>
2212
2213 * sm-malloc.cc (malloc_state_machine::on_stmt): Fix up duplicated word
2214 issue in a comment.
2215 * region-model.cc (region_model::make_region_for_unexpected_tree_code,
2216 region_model::delete_region_and_descendents): Likewise.
2217 * engine.cc (class exploded_cluster): Likewise.
2218 * diagnostic-manager.cc (class path_builder): Likewise.
2219
5c048755
DM		 22202020-03-13 David Malcolm <dmalcolm@redhat.com>
2221
2222 PR analyzer/94099
2223 PR analyzer/94105
2224 * diagnostic-manager.cc (for_each_state_change): Bulletproof
2225 against errors in get_rvalue by passing a
2226 tentative_region_model_context and rejecting if there's an error.
2227 * region-model.cc (region_model::get_lvalue_1): When handling
2228 ARRAY_REF, handle results of error-handling. Handle NOP_EXPR.
2229
90f7c300
DM		 22302020-03-06 David Malcolm <dmalcolm@redhat.com>
2231
2232 * analyzer.h (class array_region): New forward decl.
2233 * program-state.cc (selftest::test_program_state_dumping_2): New.
2234 (selftest::analyzer_program_state_cc_tests): Call it.
2235 * region-model.cc (array_region::constant_from_key): New.
2236 (region_model::get_representative_tree): Handle region_svalue by
2237 generating an ADDR_EXPR.
2238 (region_model::get_representative_path_var): In view handling,
2239 remove erroneous TREE_TYPE when determining the type of the tree.
2240 Handle array regions and STRING_CST.
2241 (selftest::assert_dump_tree_eq): New.
2242 (ASSERT_DUMP_TREE_EQ): New macro.
2243 (selftest::test_get_representative_tree): New selftest.
2244 (selftest::analyzer_region_model_cc_tests): Call it.
2245 * region-model.h (region::dyn_cast_array_region): New vfunc.
2246 (array_region::dyn_cast_array_region): New vfunc implementation.
2247 (array_region::constant_from_key): New decl.
2248
41f99ba6
DM		 22492020-03-06 David Malcolm <dmalcolm@redhat.com>
2250
2251 * analyzer.h (dump_quoted_tree): New decl.
2252 * engine.cc (exploded_node::dump_dot): Pass region model to
2253 sm_state_map::print.
2254 * program-state.cc: Include diagnostic-core.h.
2255 (sm_state_map::print): Add "model" param and use it to print
2256 representative trees. Only print origin information if non-null.
2257 (sm_state_map::dump): Pass NULL for model to print call.
2258 (program_state::print): Pass region model to sm_state_map::print.
2259 (program_state::dump_to_pp): Use spaces rather than newlines when
2260 summarizing. Pass region_model to sm_state_map::print.
2261 (ana::selftest::assert_dump_eq): New function.
2262 (ASSERT_DUMP_EQ): New macro.
2263 (ana::selftest::test_program_state_dumping): New function.
2264 (ana::selftest::analyzer_program_state_cc_tests): Call it.
2265 * program-state.h (program_state::print): Add model param.
2266 * region-model.cc (dump_quoted_tree): New function.
2267 (map_region::print_fields): Use dump_quoted_tree rather than
2268 %qE to avoid lang-dependent output.
2269 (map_region::dump_child_label): Likewise.
2270 (region_model::dump_summary_of_map): For SK_REGION, when
2271 get_representative_path_var fails, print the region id rather than
2272 erroneously printing NULL.
2273 * sm.cc (state_machine::get_state_by_name): New function.
2274 * sm.h (state_machine::get_state_by_name): New decl.
2275
3c1645a3
DM		 22762020-03-04 David Malcolm <dmalcolm@redhat.com>
2277
2278 * region-model.cc (region::validate): Convert model param from ptr
2279 to reference. Update comment to reflect that it's now a vfunc.
2280 (map_region::validate): New vfunc implementation.
2281 (array_region::validate): New vfunc implementation.
2282 (stack_region::validate): New vfunc implementation.
2283 (root_region::validate): New vfunc implementation.
2284 (region_model::validate): Pass a reference rather than a pointer
2285 to the region::validate vfunc.
2286 * region-model.h (region::validate): Make virtual. Convert model
2287 param from ptr to reference.
2288 (map_region::validate): New vfunc decl.
2289 (array_region::validate): New vfunc decl.
2290 (stack_region::validate): New vfunc decl.
2291 (root_region::validate): New vfunc decl.
2292
e516294a
DM		 22932020-03-04 David Malcolm <dmalcolm@redhat.com>
2294
2295 PR analyzer/93993
2296 * region-model.cc (region_model::on_call_pre): Handle
2297 BUILT_IN_EXPECT and its variants.
2298 (region_model::add_any_constraints_from_ssa_def_stmt): Split out
2299 gassign handling into add_any_constraints_from_gassign; add gcall
2300 handling.
2301 (region_model::add_any_constraints_from_gassign): New function,
2302 based on the above. Add handling for NOP_EXPR.
2303 (region_model::add_any_constraints_from_gcall): New function.
2304 (region_model::get_representative_path_var): Handle views.
2305 * region-model.h
2306 (region_model::add_any_constraints_from_ssa_def_stmt): New decl.
2307 (region_model::add_any_constraints_from_gassign): New decl.
2308
3d66e153
DM		 23092020-03-04 David Malcolm <dmalcolm@redhat.com>
2310
2311 PR analyzer/93993
2312 * checker-path.h (state_change_event::get_lvalue): Add ctxt param
2313 and pass it to region_model::get_value call.
2314 * diagnostic-manager.cc (get_any_origin): Pass a
2315 tentative_region_model_context to the calls to get_lvalue and reject
2316 the comparison if errors occur.
2317 (can_be_expr_of_interest_p): New function.
2318 (diagnostic_manager::prune_for_sm_diagnostic): Replace checks for
2319 CONSTANT_CLASS_P with calls to update_for_unsuitable_sm_exprs.
2320 Pass a tentative_region_model_context to the calls to
2321 state_change_event::get_lvalue and reject the comparison if errors
2322 occur.
2323 (diagnostic_manager::update_for_unsuitable_sm_exprs): New.
2324 * diagnostic-manager.h
2325 (diagnostic_manager::update_for_unsuitable_sm_exprs): New decl.
2326 * region-model.h (class tentative_region_model_context): New class.
2327
13e3ba14
DM		 23282020-03-04 David Malcolm <dmalcolm@redhat.com>
2329
2330 * engine.cc (worklist::worklist): Remove unused field m_eg.
2331 (class viz_callgraph_edge): Remove unused field m_call_sedge.
2332 (class viz_callgraph): Remove unused field m_sg.
2333 * exploded-graph.h (worklist::::m_eg): Remove unused field.
2334
13b76912
DM		 23352020-03-02 David Malcolm <dmalcolm@redhat.com>
2336
2337 * analyzer.opt (fanalyzer-show-duplicate-count): New option.
2338 * diagnostic-manager.cc
2339 (diagnostic_manager::emit_saved_diagnostic): Use the above to
2340 guard the printing of the duplicate count.
2341
9f00b22f
DM		 23422020-03-02 David Malcolm <dmalcolm@redhat.com>
2343
2344 PR analyzer/93959
2345 * analyzer.cc (is_std_function_p): New function.
2346 (is_std_named_call_p): New functions.
2347 * analyzer.h (is_std_named_call_p): New decl.
2348 * sm-malloc.cc (malloc_state_machine::on_stmt): Check for "std::"
2349 variants when checking for malloc, calloc and free.
2350
71b633aa
DM		 23512020-02-26 David Malcolm <dmalcolm@redhat.com>
2352
2353 PR analyzer/93950
2354 * diagnostic-manager.cc
2355 (diagnostic_manager::prune_for_sm_diagnostic): Assert that var is
2356 either NULL or not a constant. When updating var, bulletproof
2357 against constant values.
2358
0ba70d1b
DM		 23592020-02-26 David Malcolm <dmalcolm@redhat.com>
2360
2361 PR analyzer/93947
2362 * region-model.cc (region_model::get_fndecl_for_call): Gracefully
2363 fail for fn_decls that don't have a cgraph_node.
2364
67fa274c
DM		 23652020-02-26 David Malcolm <dmalcolm@redhat.com>
2366
2367 * bar-chart.cc: New file.
2368 * bar-chart.h: New file.
2369 * engine.cc: Include "analyzer/bar-chart.h".
2370 (stats::log): Only log the m_num_nodes kinds that are non-zero.
2371 (stats::dump): Likewise when dumping.
2372 (stats::get_total_enodes): New.
2373 (exploded_graph::get_or_create_node): Increment the per-point-data
2374 m_excess_enodes when hitting the per-program-point limit on
2375 enodes.
2376 (exploded_graph::print_bar_charts): New.
2377 (exploded_graph::log_stats): Log the number of unprocessed enodes
2378 in the worklist. Call print_bar_charts.
2379 (exploded_graph::dump_stats): Print the number of unprocessed
2380 enodes in the worklist.
2381 * exploded-graph.h (stats::get_total_enodes): New decl.
2382 (struct per_program_point_data): Add field m_excess_enodes.
2383 (exploded_graph::print_bar_charts): New decl.
2384 * supergraph.cc (superedge::dump): New.
2385 (superedge::dump): New.
2386 * supergraph.h (supernode::get_function): New.
2387 (superedge::dump): New decl.
2388 (superedge::dump): New decl.
2389
f2ca2088
DM		 23902020-02-24 David Malcolm <dmalcolm@redhat.com>
2391
2392 * engine.cc (exploded_graph::get_or_create_node): Dump the
2393 program_state to the pp, rather than to stderr.
2394
b3d788a2
DM		 23952020-02-24 David Malcolm <dmalcolm@redhat.com>
2396
2397 PR analyzer/93032
2398 * sm.cc (make_checkers): Require the "taint" checker to be
2399 explicitly enabled.
2400
3a25f345
DM		 24012020-02-24 David Malcolm <dmalcolm@redhat.com>
2402
2403 PR analyzer/93899
2404 * engine.cc
2405 (impl_region_model_context::impl_region_model_context): Add logger
2406 param.
2407 * engine.cc (exploded_graph::add_function_entry): Create an
2408 impl_region_model_context and pass it to the push_frame call.
2409 Bail if the resulting state is invalid.
2410 (exploded_graph::build_initial_worklist): Likewise.
2411 (exploded_graph::build_initial_worklist): Handle the case where
2412 add_function_entry fails.
2413 * exploded-graph.h
2414 (impl_region_model_context::impl_region_model_context): Add logger
2415 param.
2416 * region-model.cc (map_region::get_or_create): Add ctxt param and
2417 pass it to add_region_for_type.
2418 (map_region::can_merge_p): Pass NULL as a ctxt to call to
2419 get_or_create.
2420 (array_region::get_element): Pass ctxt to call to get_or_create.
2421 (array_region::get_or_create): Add ctxt param and pass it to
2422 add_region_for_type.
2423 (root_region::push_frame): Pass ctxt to get_or_create calls.
2424 (region_model::get_lvalue_1): Likewise.
2425 (region_model::make_region_for_unexpected_tree_code): Assert that
2426 ctxt is non-NULL.
2427 (region_model::get_rvalue_1): Pass ctxt to get_svalue_for_fndecl
2428 and get_svalue_for_label calls.
2429 (region_model::get_svalue_for_fndecl): Add ctxt param and pass it
2430 to get_region_for_fndecl.
2431 (region_model::get_region_for_fndecl): Add ctxt param and pass it
2432 to get_or_create.
2433 (region_model::get_svalue_for_label): Add ctxt param and pass it
2434 to get_region_for_label.
2435 (region_model::get_region_for_label): Add ctxt param and pass it
2436 to get_region_for_fndecl and get_or_create.
2437 (region_model::get_field_region): Add ctxt param and pass it to
2438 get_or_create_view and get_or_create.
2439 (make_region_for_type): Replace gcc_unreachable with return NULL.
2440 (region_model::add_region_for_type): Add ctxt param. Handle a
2441 return of NULL from make_region_for_type by calling
2442 make_region_for_unexpected_tree_code.
2443 (region_model::get_or_create_mem_ref): Pass ctxt to calls to
2444 get_or_create_view.
2445 (region_model::get_or_create_view): Add ctxt param and pass it to
2446 add_region_for_type.
2447 (selftest::test_state_merging): Pass ctxt to get_or_create_view.
2448 * region-model.h (region_model::get_or_create): Add ctxt param.
2449 (region_model::add_region_for_type): Likewise.
2450 (region_model::get_svalue_for_fndecl): Likewise.
2451 (region_model::get_svalue_for_label): Likewise.
2452 (region_model::get_region_for_fndecl): Likewise.
2453 (region_model::get_region_for_label): Likewise.
2454 (region_model::get_field_region): Likewise.
2455 (region_model::get_or_create_view): Likewise.
2456
004f2c07
DM		 24572020-02-24 David Malcolm <dmalcolm@redhat.com>
2458
2459 * checker-path.cc (superedge_event::should_filter_p): Update
2460 filter for empty descriptions to cover verbosity level 3 as well
2461 as 2.
2462 * diagnostic-manager.cc: Include "analyzer/reachability.h".
2463 (class path_builder): New class.
2464 (diagnostic_manager::emit_saved_diagnostic): Create a path_builder
2465 and pass it to build_emission_path, rather passing eg; similarly
2466 for add_events_for_eedge and ext_state.
2467 (diagnostic_manager::build_emission_path): Replace "eg" param
2468 with a path_builder, pass it to add_events_for_eedge.
2469 (diagnostic_manager::add_events_for_eedge): Replace ext_state
2470 param with path_builder; pass it to add_events_for_superedge.
2471 (diagnostic_manager::significant_edge_p): New.
2472 (diagnostic_manager::add_events_for_superedge): Add path_builder
2473 param. Reject insignificant edges at verbosity levels below 3.
2474 (diagnostic_manager::prune_for_sm_diagnostic): Update highest
2475 verbosity level to 4.
2476 * diagnostic-manager.h (class path_builder): New forward decl.
2477 (diagnostic_manager::build_emission_path): Replace "eg" param
2478 with a path_builder.
2479 (diagnostic_manager::add_events_for_eedge): Replace ext_state
2480 param with path_builder.
2481 (diagnostic_manager::significant_edge_p): New.
2482 (diagnostic_manager::add_events_for_superedge): Add path_builder
2483 param.
2484 * reachability.h: New file.
2485
0b2b45a6
DM		 24862020-02-18 David Malcolm <dmalcolm@redhat.com>
2487
2488 PR analyzer/93692
2489 * analyzer.opt (fdump-analyzer-callgraph): Rewrite description.
2490
4f40164a
DM		 24912020-02-18 David Malcolm <dmalcolm@redhat.com>
2492
2493 PR analyzer/93777
2494 * region-model.cc (region_model::maybe_cast_1): Replace assertion
2495 that build_cast returns non-NULL with a conditional, falling
2496 through to the logic which returns a new unknown value of the
2497 desired type if it fails.
2498
2e623393
DM		 24992020-02-18 David Malcolm <dmalcolm@redhat.com>
2500
2501 PR analyzer/93778
2502 * engine.cc (impl_region_model_context::on_unknown_tree_code):
2503 Rename to...
2504 (impl_region_model_context::on_unexpected_tree_code): ...this and
2505 convert first argument from path_var to tree.
2506 (exploded_node::on_stmt): Pass ctxt to purge_for_unknown_fncall.
2507 * exploded-graph.h (region_model_context::on_unknown_tree_code):
2508 Rename to...
2509 (region_model_context::on_unexpected_tree_code): ...this and
2510 convert first argument from path_var to tree.
2511 * program-state.cc (sm_state_map::purge_for_unknown_fncall): Add
2512 ctxt param and pass on to calls to get_rvalue.
2513 * program-state.h (sm_state_map::purge_for_unknown_fncall): Add
2514 ctxt param.
2515 * region-model.cc (region_model::handle_unrecognized_call): Pass
2516 ctxt on to call to get_rvalue.
2517 (region_model::get_lvalue_1): Move body of default case to
2518 region_model::make_region_for_unexpected_tree_code and call it.
2519 Within COMPONENT_REF case, reject attempts to handle types other
2520 than RECORD_TYPE and UNION_TYPE.
2521 (region_model::make_region_for_unexpected_tree_code): New
2522 function, based on default case of region_model::get_lvalue_1.
2523 * region-model.h
2524 (region_model::make_region_for_unexpected_tree_code): New decl.
2525 (region_model::on_unknown_tree_code): Rename to...
2526 (region_model::on_unexpected_tree_code): ...this and convert first
2527 argument from path_var to tree.
2528 (class test_region_model_context): Update vfunc implementation for
2529 above change.
2530
a674c7b8
DM		 25312020-02-18 David Malcolm <dmalcolm@redhat.com>
2532
2533 PR analyzer/93774
2534 * region-model.cc
2535 (region_model::convert_byte_offset_to_array_index): Use
2536 int_size_in_bytes before calling size_in_bytes, to gracefully fail
2537 on incomplete types.
2538
d8cde6f9
DM		 25392020-02-17 David Malcolm <dmalcolm@redhat.com>
2540
2541 PR analyzer/93775
2542 * region-model.cc (region_model::get_fndecl_for_call): Handle the
2543 case where the code_region's get_tree_for_child_region returns
2544 NULL.
2545
f76a88eb
DM		 25462020-02-17 David Malcolm <dmalcolm@redhat.com>
2547
2548 PR analyzer/93388
2549 * engine.cc (impl_region_model_context::on_unknown_tree_code):
2550 New.
2551 (exploded_graph::get_or_create_node): Reject invalid states.
2552 * exploded-graph.h
2553 (impl_region_model_context::on_unknown_tree_code): New decl.
2554 (point_and_state::point_and_state): Assert that the state is
2555 valid.
2556 * program-state.cc (program_state::program_state): Initialize
2557 m_valid to true.
2558 (program_state::operator=): Copy m_valid.
2559 (program_state::program_state): Likewise for move constructor.
2560 (program_state::print): Print m_valid.
2561 (program_state::dump_to_pp): Likewise.
2562 * program-state.h (program_state::m_valid): New field.
2563 * region-model.cc (region_model::get_lvalue_1): Implement the
2564 default case by returning a new symbolic region and calling
2565 the context's on_unknown_tree_code, rather than issuing an
2566 internal_error. Implement VIEW_CONVERT_EXPR.
2567 * region-model.h (region_model_context::on_unknown_tree_code): New
2568 vfunc.
2569 (test_region_model_context::on_unknown_tree_code): New.
2570
0993ad65
DM		 25712020-02-17 David Malcolm <dmalcolm@redhat.com>
2572
2573 * sm-malloc.cc (malloc_diagnostic::describe_state_change): For
2574 transition to the "null" state, only say "assuming" when
2575 transitioning from the "unchecked" state.
2576
67098787
DM		 25772020-02-17 David Malcolm <dmalcolm@redhat.com>
2578
2579 * diagnostic-manager.h (diagnostic_manager::get_saved_diagnostic):
2580 Add const overload.
2581 * engine.cc (exploded_node::dump_dot): Dump saved_diagnostics.
2582 * exploded-graph.h (exploded_graph::get_diagnostic_manager): Add
2583 const overload.
2584
91f993b7
DM		 25852020-02-11 David Malcolm <dmalcolm@redhat.com>
2586
2587 PR analyzer/93288
2588 * analysis-plan.cc (analysis_plan::use_summary_p): Look through
2589 the ultimate_alias_target when getting the called function.
2590 * engine.cc (exploded_node::on_stmt): Rename second "ctxt" to
2591 "sm_ctxt". Use the region_model's get_fndecl_for_call rather than
2592 gimple_call_fndecl.
2593 * region-model.cc (region_model::get_fndecl_for_call): Use
2594 ultimate_alias_target on fndecl.
2595 * supergraph.cc (get_ultimate_function_for_cgraph_edge): New
2596 function.
2597 (supergraph_call_edge): Use it when rejecting edges without
2598 functions.
2599 (supergraph::supergraph): Use it to get the function for the
2600 cgraph_edge when building interprocedural superedges.
2601 (callgraph_superedge::get_callee_function): Use it.
2602 * supergraph.h (supergraph::get_num_snodes): Make param const.
2603 (supergraph::function_to_num_snodes_t): Make first type param
2604 const.
2605
a60d9889
DM		 26062020-02-11 David Malcolm <dmalcolm@redhat.com>
2607
2608 PR analyzer/93374
2609 * engine.cc (exploded_edge::exploded_edge): Add ext_state param
2610 and pass it to change.validate.
2611 (exploded_graph::get_or_create_node): Move purging of change
2612 svalues to also cover the case of reusing an existing enode.
2613 (exploded_graph::add_edge): Pass m_ext_state to exploded_edge's
2614 ctor.
2615 * exploded-graph.h (exploded_edge::exploded_edge): Add ext_state
2616 param.
2617 * program-state.cc (state_change::sm_change::validate): Likewise.
2618 Assert that m_sm_idx is sane. Use ext_state to validate
2619 m_old_state and m_new_state.
2620 (state_change::validate): Add ext_state param and pass it to
2621 the sm_change validate calls.
2622 * program-state.h (state_change::sm_change::validate): Add
2623 ext_state param.
2624 (state_change::validate): Likewise.
2625
a0e4929b
DM		 26262020-02-11 David Malcolm <dmalcolm@redhat.com>
2627
2628 PR analyzer/93669
2629 * engine.cc (exploded_graph::dump_exploded_nodes): Handle missing
2630 case of STATUS_WORKLIST in implementation of
2631 "__analyzer_dump_exploded_nodes".
2632
cd28b759
DM		 26332020-02-11 David Malcolm <dmalcolm@redhat.com>
2634
2635 PR analyzer/93649
2636 * constraint-manager.cc (constraint_manager::add_constraint): When
2637 merging equivalence classes and updating m_constant, also update
2638 m_cst_sid.
2639 (constraint_manager::validate): If m_constant is non-NULL assert
2640 that m_cst_sid is non-null and is valid.
2641
5e17c1bd
DM		 26422020-02-11 David Malcolm <dmalcolm@redhat.com>
2643
2644 PR analyzer/93657
2645 * analyzer.opt (fdump-analyzer): Reword description.
2646 (fdump-analyzer-stderr): Likewise.
2647
c46d057f
DM		 26482020-02-11 David Malcolm <dmalcolm@redhat.com>
2649
2650 * region-model.cc (print_quoted_type): New function.
2651 (svalue::print): Use it to replace %qT.
2652 (region::dump_to_pp): Likewise.
2653 (region::dump_child_label): Likewise.
2654 (region::print_fields): Likewise.
2655
eb031d4b
DM		 26562020-02-10 David Malcolm <dmalcolm@redhat.com>
2657
2658 PR analyzer/93659
2659 * analyzer.opt (-param=analyzer-max-recursion-depth=): Fix "tha"
2660 -> "that" typo.
2661 (Wanalyzer-use-of-uninitialized-value): Fix "initialized" ->
2662 "uninitialized" typo.
2663
e87deb37
DM		 26642020-02-10 David Malcolm <dmalcolm@redhat.com>
2665
2666 PR analyzer/93350
2667 * region-model.cc (region_model::get_lvalue_1):
2668 Handle BIT_FIELD_REF.
2669 (make_region_for_type): Handle VECTOR_TYPE.
2670
e953f958
DM		 26712020-02-10 David Malcolm <dmalcolm@redhat.com>
2672
2673 PR analyzer/93647
2674 * diagnostic-manager.cc
2675 (diagnostic_manager::prune_for_sm_diagnostic): Bulletproof against
2676 VAR being constant.
2677 * region-model.cc (region_model::get_lvalue_1): Provide a better
2678 error message when encountering an unhandled tree code.
2679
41a9e940
DM		 26802020-02-10 David Malcolm <dmalcolm@redhat.com>
2681
2682 PR analyzer/93405
2683 * region-model.cc (region_model::get_lvalue_1): Implement
2684 CONST_DECL.
2685
cb273d81
DM		 26862020-02-06 David Malcolm <dmalcolm@redhat.com>
2687
2688 * region-model.cc (region_model::maybe_cast_1): Attempt to provide
2689 a region_svalue if either type is a pointer, rather than if both
2690 types are pointers.
2691
a4d3bfc0
DM		 26922020-02-05 David Malcolm <dmalcolm@redhat.com>
2693
2694 * engine.cc (exploded_node::dump_dot): Show merger enodes.
2695 (worklist::add_node): Assert that the node's m_status is
2696 STATUS_WORKLIST.
2697 (exploded_graph::process_worklist): Likewise for nodes from the
2698 worklist. Set status of merged nodes to STATUS_MERGER.
2699 (exploded_graph::process_node): Set status of node to
2700 STATUS_PROCESSED.
2701 (exploded_graph::dump_exploded_nodes): Rework handling of
2702 "__analyzer_dump_exploded_nodes", splitting enodes by status into
2703 "processed" and "merger", showing the count of just the processed
2704 enodes at the call, rather than the count of all enodes.
2705 * exploded-graph.h (exploded_node::status): New enum.
2706 (exploded_node::exploded_node): Initialize m_status to
2707 STATUS_WORKLIST.
2708 (exploded_node::get_status): New getter.
2709 (exploded_node::set_status): New setter.
2710
1dae549d
DM		 27112020-02-04 David Malcolm <dmalcolm@redhat.com>
2712
2713 PR analyzer/93543
2714 * engine.cc (pod_hash_traits<function_call_string>::mark_empty):
2715 Eliminate reinterpret_cast.
2716 (pod_hash_traits<function_call_string>::is_empty): Likewise.
2717
833f1e66
DM		 27182020-02-03 David Malcolm <dmalcolm@redhat.com>
2719
2720 * constraint-manager.cc (range::constrained_to_single_element):
2721 Replace fold_build2 with fold_binary. Remove unnecessary newline.
2722 (constraint_manager::get_or_add_equiv_class): Replace fold_build2
2723 with fold_binary in two places, and remove out-of-date comment.
2724 (constraint_manager::eval_condition): Replace fold_build2 with
2725 fold_binary.
2726 * region-model.cc (constant_svalue::eval_condition): Likewise.
2727 (region_model::on_assignment): Likewise.
2728
8525d1f5
DM		 27292020-02-03 David Malcolm <dmalcolm@redhat.com>
2730
2731 PR analyzer/93544
2732 * diagnostic-manager.cc
2733 (diagnostic_manager::prune_for_sm_diagnostic): Bulletproof
2734 against bad choices due to bad paths.
2735 * engine.cc (impl_region_model_context::on_phi): New.
2736 * exploded-graph.h (impl_region_model_context::on_phi): New decl.
2737 * region-model.cc (region_model::on_longjmp): Likewise.
2738 (region_model::handle_phi): Add phi param. Call the ctxt's on_phi
2739 vfunc.
2740 (region_model::update_for_phis): Pass phi to handle_phi.
2741 * region-model.h (region_model::handle_phi): Add phi param.
2742 (region_model_context::on_phi): New vfunc.
2743 (test_region_model_context::on_phi): New.
2744 * sm-malloc.cc (malloc_state_machine::on_phi): New.
2745 (malloc_state_machine::on_zero_assignment): New.
2746 * sm.h (state_machine::on_phi): New vfunc.
2747
73f38658
DM		 27482020-02-03 David Malcolm <dmalcolm@redhat.com>
2749
2750 * engine.cc (supernode_cluster::dump_dot): Show BB index as
2751 well as SN index.
2752 * supergraph.cc (supernode::dump_dot): Likewise.
2753
5e10b9a2
DM		 27542020-02-03 David Malcolm <dmalcolm@redhat.com>
2755
2756 PR analyzer/93546
2757 * region-model.cc (region_model::on_call_pre): Update for new
2758 param of symbolic_region ctor.
2759 (region_model::deref_rvalue): Likewise.
2760 (region_model::add_new_malloc_region): Likewise.
2761 (make_region_for_type): Likewise, preserving type.
2762 * region-model.h (symbolic_region::symbolic_region): Add "type"
2763 param and pass it to base class ctor.
2764
287ccd3b
DM		 27652020-02-03 David Malcolm <dmalcolm@redhat.com>
2766
2767 PR analyzer/93547
2768 * constraint-manager.cc
2769 (constraint_manager::get_or_add_equiv_class): Ensure types are
2770 compatible before comparing constants.
2771
67751724
DM		 27722020-01-31 David Malcolm <dmalcolm@redhat.com>
2773
2774 PR analyzer/93457
2775 * region-model.cc (make_region_for_type): Use VOID_TYPE_P rather
2776 than checking against void_type_node.
2777
09bea584
DM		 27782020-01-31 David Malcolm <dmalcolm@redhat.com>
2779
2780 PR analyzer/93373
2781 * region-model.cc (ASSERT_COMPAT_TYPES): Convert to...
2782 (assert_compat_types): ...this, and bail when either type is NULL,
2783 or when VOID_TYPE_P (dst_type).
2784 (region_model::get_lvalue): Update for above conversion.
2785 (region_model::get_rvalue): Likewise.
2786
f1c807e8
DM		 27872020-01-31 David Malcolm <dmalcolm@redhat.com>
2788
2789 PR analyzer/93379
2790 * region-model.cc (region_model::update_for_return_superedge):
2791 Move check for null result so that it also guards setting the
2792 lhs.
2793
455f58ec
DM		 27942020-01-31 David Malcolm <dmalcolm@redhat.com>
2795
2796 PR analyzer/93438
2797 * region-model.cc (stack_region::can_merge_p): Split into a two
2798 pass approach, creating all stack regions first, then populating
2799 them.
2800 (selftest::test_state_merging): Add test coverage for (a) the case
2801 of self-merging a model in which a local in an older stack frame
2802 points to a local in a more recent stack frame (which previously
2803 would ICE), and (b) the case of self-merging a model in which a
2804 local points to a global (which previously worked OK).
2805
182ce042
DM		 28062020-01-31 David Malcolm <dmalcolm@redhat.com>
2807
2808 * analyzer.cc (is_named_call_p): Replace tests for fndecl being
2809 extern at file scope and having a non-NULL DECL_NAME with a call
2810 to maybe_special_function_p.
2811 * function-set.cc (function_set::contains_decl_p): Add call to
2812 maybe_special_function_p.
2813
45eb3e49
DM		 28142020-01-31 David Malcolm <dmalcolm@redhat.com>
2815
2816 PR analyzer/93450
2817 * constraint-manager.cc
2818 (constraint_manager::get_or_add_equiv_class): Only compare constants
2819 if their types are compatible.
2820 * region-model.cc (constant_svalue::eval_condition): Replace check
2821 for identical types with call to types_compatible_p.
2822
42f36563
DM		 28232020-01-30 David Malcolm <dmalcolm@redhat.com>
2824
2825 * program-state.cc (extrinsic_state::dump_to_pp): New.
2826 (extrinsic_state::dump_to_file): New.
2827 (extrinsic_state::dump): New.
2828 * program-state.h (extrinsic_state::dump_to_pp): New decl.
2829 (extrinsic_state::dump_to_file): New decl.
2830 (extrinsic_state::dump): New decl.
2831 * sm.cc: Include "pretty-print.h".
2832 (state_machine::dump_to_pp): New.
2833 * sm.h (state_machine::dump_to_pp): New decl.
2834
ebe9174e
DM		 28352020-01-30 David Malcolm <dmalcolm@redhat.com>
2836
2837 * diagnostic-manager.cc (for_each_state_change): Use
2838 extrinsic_state::get_num_checkers rather than accessing m_checkers
2839 directly.
2840 * program-state.cc (program_state::program_state): Likewise.
2841 * program-state.h (extrinsic_state::m_checkers): Make private.
2842
e978955d
DM		 28432020-01-30 David Malcolm <dmalcolm@redhat.com>
2844
2845 PR analyzer/93356
2846 * region-model.cc (region_model::eval_condition): In both
2847 overloads, bail out immediately on floating-point types.
2848 (region_model::eval_condition_without_cm): Likewise.
2849 (region_model::add_constraint): Likewise.
2850
d177c49c
DM		 28512020-01-30 David Malcolm <dmalcolm@redhat.com>
2852
2853 PR analyzer/93450
2854 * program-state.cc (sm_state_map::set_state): For the overload
2855 taking an svalue_id, bail out if the set_state on the ec does
2856 nothing. Convert the latter's return type from void to bool,
2857 returning true if anything changed.
2858 (sm_state_map::impl_set_state): Convert the return type from void
2859 to bool, returning true if the state changed.
2860 * program-state.h (sm_state_map::set_state): Convert return type
2861 from void to bool.
2862 (sm_state_map::impl_set_state): Likewise.
2863 * region-model.cc (constant_svalue::eval_condition): Only call
2864 fold_build2 if the types are the same.
2865
7892ff37
JJ		 28662020-01-29 Jakub Jelinek <jakub@redhat.com>
2867
2868 * analyzer.h (PUSH_IGNORE_WFORMAT, POP_IGNORE_WFORMAT): Remove.
2869 * constraint-manager.cc: Include diagnostic-core.h before graphviz.h.
2870 (range::dump, equiv_class::print): Don't use PUSH_IGNORE_WFORMAT or
2871 POP_IGNORE_WFORMAT.
2872 * state-purge.cc: Include diagnostic-core.h before
2873 gimple-pretty-print.h.
2874 (state_purge_annotator::add_node_annotations, print_vec_of_names):
2875 Don't use PUSH_IGNORE_WFORMAT or POP_IGNORE_WFORMAT.
2876 * region-model.cc: Move diagnostic-core.h include before graphviz.h.
2877 (path_var::dump, svalue::print, constant_svalue::print_details,
2878 region::dump_to_pp, region::dump_child_label, region::print_fields,
2879 map_region::print_fields, map_region::dump_dot_to_pp,
2880 map_region::dump_child_label, array_region::print_fields,
2881 array_region::dump_dot_to_pp): Don't use PUSH_IGNORE_WFORMAT or
2882 POP_IGNORE_WFORMAT.
2883
5aebfb71
DM		 28842020-01-28 David Malcolm <dmalcolm@redhat.com>
2885
2886 PR analyzer/93316
2887 * engine.cc (rewind_info_t::update_model): Get the longjmp call
2888 stmt via get_longjmp_call () rather than assuming it is the last
2889 stmt in the longjmp's supernode.
2890 (rewind_info_t::add_events_to_path): Get the location_t for the
2891 rewind_from_longjmp_event via get_longjmp_call () rather than from
2892 the supernode's get_end_location ().
2893
6c8e5844
DM		 28942020-01-28 David Malcolm <dmalcolm@redhat.com>
2895
2896 * region-model.cc (poisoned_value_diagnostic::emit): Update for
2897 renaming of warning_at overload to warning_meta.
2898 * sm-file.cc (file_leak::emit): Likewise.
2899 * sm-malloc.cc (double_free::emit): Likewise.
2900 (possible_null_deref::emit): Likewise.
2901 (possible_null_arg::emit): Likewise.
2902 (null_deref::emit): Likewise.
2903 (null_arg::emit): Likewise.
2904 (use_after_free::emit): Likewise.
2905 (malloc_leak::emit): Likewise.
2906 (free_of_non_heap::emit): Likewise.
2907 * sm-sensitive.cc (exposure_through_output_file::emit): Likewise.
2908 * sm-signal.cc (signal_unsafe_call::emit): Likewise.
2909 * sm-taint.cc (tainted_array_index::emit): Likewise.
2910
8c08c983
DM		 29112020-01-27 David Malcolm <dmalcolm@redhat.com>
2912
2913 PR analyzer/93451
2914 * region-model.cc (tree_cmp): For the REAL_CST case, impose an
2915 arbitrary order on NaNs relative to other NaNs and to non-NaNs;
2916 const-correctness tweak.
2917 (ana::selftests::build_real_cst_from_string): New function.
2918 (ana::selftests::append_interesting_constants): New function.
2919 (ana::selftests::test_tree_cmp_on_constants): New test.
2920 (ana::selftests::test_canonicalization_4): New test.
2921 (ana::selftests::analyzer_region_model_cc_tests): Call the new
2922 tests.
2923
2fbea419
DM		 29242020-01-27 David Malcolm <dmalcolm@redhat.com>
2925
2926 PR analyzer/93349
2927 * engine.cc (run_checkers): Save and restore input_location.
2928
6a81cabc
DM		 29292020-01-27 David Malcolm <dmalcolm@redhat.com>
2930
2931 * call-string.cc (call_string::cmp_1): Delete, moving body to...
2932 (call_string::cmp): ...here.
2933 * call-string.h (call_string::cmp_1): Delete decl.
2934 * engine.cc (worklist::key_t::cmp_1): Delete, moving body to...
2935 (worklist::key_t::cmp): ...here. Implement hash comparisons
2936 via comparison rather than subtraction to avoid overflow issues.
2937 * exploded-graph.h (worklist::key_t::cmp_1): Delete decl.
2938 * region-model.cc (tree_cmp): Eliminate buggy checking for
2939 symmetry.
2940
342e14ff
DM		 29412020-01-27 David Malcolm <dmalcolm@redhat.com>
2942
2943 * analyzer.cc (is_named_call_p): Check that fndecl is "extern"
2944 and at file scope. Potentially disregard prefix _ or __ in
2945 fndecl's name. Bail if the identifier is NULL.
2946 (is_setjmp_call_p): Expect a gcall rather than plain gimple.
2947 Remove special-case check for leading prefix, and also check for
2948 sigsetjmp.
2949 (is_longjmp_call_p): Also check for siglongjmp.
2950 (get_user_facing_name): New function.
2951 * analyzer.h (is_setjmp_call_p): Expect a gcall rather than plain
2952 gimple.
2953 (get_user_facing_name): New decl.
2954 * checker-path.cc (setjmp_event::get_desc): Use
2955 get_user_facing_name to avoid hardcoding the function name.
2956 (rewind_event::rewind_event): Add rewind_info param, using it to
2957 initialize new m_rewind_info field, and strengthen the assertion.
2958 (rewind_from_longjmp_event::get_desc): Use get_user_facing_name to
2959 avoid hardcoding the function name.
2960 (rewind_to_setjmp_event::get_desc): Likewise.
2961 * checker-path.h (setjmp_event::setjmp_event): Add setjmp_call
2962 param and use it to initialize...
2963 (setjmp_event::m_setjmp_call): New field.
2964 (rewind_event::rewind_event): Add rewind_info param.
2965 (rewind_event::m_rewind_info): New protected field.
2966 (rewind_from_longjmp_event::rewind_from_longjmp_event): Add
2967 rewind_info param.
2968 (class rewind_to_setjmp_event): Move rewind_info field to parent
2969 class.
2970 * diagnostic-manager.cc (diagnostic_manager::add_events_for_eedge):
2971 Update setjmp-handling for is_setjmp_call_p requiring a gcall;
2972 pass the call to the new setjmp_event.
2973 * engine.cc (exploded_node::on_stmt): Update for is_setjmp_call_p
2974 requiring a gcall.
2975 (stale_jmp_buf::emit): Use get_user_facing_name to avoid
2976 hardcoding the function names.
2977 (exploded_node::on_longjmp): Pass the longjmp_call when
2978 constructing rewind_info.
2979 (rewind_info_t::add_events_to_path): Pass the rewind_info_t to the
2980 rewind_from_longjmp_event's ctor.
2981 * exploded-graph.h (rewind_info_t::rewind_info_t): Add
2982 longjmp_call param.
2983 (rewind_info_t::get_longjmp_call): New.
2984 (rewind_info_t::m_longjmp_call): New.
2985 * region-model.cc (region_model::on_setjmp): Update comment to
2986 indicate this is also for sigsetjmp.
2987 * region-model.h (struct setjmp_record): Likewise.
2988 (class setjmp_svalue): Likewise.
2989
26d949c8
DM		 29902020-01-27 David Malcolm <dmalcolm@redhat.com>
2991
2992 PR analyzer/93276
2993 * analyzer.h (PUSH_IGNORE_WFORMAT, POP_IGNORE_WFORMAT): Guard these
2994 macros with GCC_VERSION >= 4006, making them no-op otherwise.
2995 * engine.cc (exploded_edge::exploded_edge): Specify template for
2996 base class initializer.
2997 (exploded_graph::add_edge): Specify template when chaining up to
2998 base class add_edge implementation.
2999 (viz_callgraph_node::dump_dot): Drop redundant "typename".
3000 (viz_callgraph_edge::viz_callgraph_edge): Specify template for
3001 base class initializer.
3002 * program-state.cc (sm_state_map::clone_with_remapping): Drop
3003 redundant "typename".
3004 (sm_state_map::print): Likewise.
3005 (sm_state_map::hash): Likewise.
3006 (sm_state_map::operator==): Likewise.
3007 (sm_state_map::remap_svalue_ids): Likewise.
3008 (sm_state_map::on_svalue_purge): Likewise.
3009 (sm_state_map::validate): Likewise.
3010 * program-state.h (sm_state_map::iterator_t): Likewise.
3011 * supergraph.h (superedge::superedge): Specify template for base
3012 class initializer.
3013
648796da
DM		 30142020-01-23 David Malcolm <dmalcolm@redhat.com>
3015
3016 PR analyzer/93375
3017 * supergraph.cc (callgraph_superedge::get_arg_for_parm): Fail
3018 gracefully is the number of parameters at the callee exceeds the
3019 number of arguments at the call stmt.
3020 (callgraph_superedge::get_parm_for_arg): Likewise.
3021
591b59eb
DM		 30222020-01-22 David Malcolm <dmalcolm@redhat.com>
3023
3024 PR analyzer/93382
3025 * program-state.cc (sm_state_map::on_svalue_purge): If the
3026 entry survives, but the origin is being purged, then reset the
3027 origin to null.
3028
c9c8aef4
DM		 30292020-01-22 David Malcolm <dmalcolm@redhat.com>
3030
3031 * sm-signal.cc: Fix nesting of CHECKING_P and namespace ana.
3032
fd9982bb
DM		 30332020-01-22 David Malcolm <dmalcolm@redhat.com>
3034
3035 PR analyzer/93378
3036 * engine.cc (setjmp_svalue::compare_fields): Update for
3037 replacement of m_enode with m_setjmp_record.
3038 (setjmp_svalue::add_to_hash): Likewise.
3039 (setjmp_svalue::get_index): Rename...
3040 (setjmp_svalue::get_enode_index): ...to this.
3041 (setjmp_svalue::print_details): Update for replacement of m_enode
3042 with m_setjmp_record.
3043 (exploded_node::on_longjmp): Likewise.
3044 * exploded-graph.h (rewind_info_t::m_enode_origin): Replace...
3045 (rewind_info_t::m_setjmp_record): ...with this.
3046 (rewind_info_t::rewind_info_t): Update for replacement of m_enode
3047 with m_setjmp_record.
3048 (rewind_info_t::get_setjmp_point): Likewise.
3049 (rewind_info_t::get_setjmp_call): Likewise.
3050 * region-model.cc (region_model::dump_summary_of_map): Likewise.
3051 (region_model::on_setjmp): Likewise.
3052 * region-model.h (struct setjmp_record): New struct.
3053 (setjmp_svalue::m_enode): Replace...
3054 (setjmp_svalue::m_setjmp_record): ...with this.
3055 (setjmp_svalue::setjmp_svalue): Update for replacement of m_enode
3056 with m_setjmp_record.
3057 (setjmp_svalue::clone): Likewise.
3058 (setjmp_svalue::get_index): Rename...
3059 (setjmp_svalue::get_enode_index): ...to this.
3060 (setjmp_svalue::get_exploded_node): Replace...
3061 (setjmp_svalue::get_setjmp_record): ...with this.
3062
da7cf663
DM		 30632020-01-22 David Malcolm <dmalcolm@redhat.com>
3064
3065 PR analyzer/93316
3066 * analyzer.cc (is_setjmp_call_p): Check for "setjmp" as well as
3067 "_setjmp".
3068
75038aa6
DM		 30692020-01-22 David Malcolm <dmalcolm@redhat.com>
3070
3071 PR analyzer/93307
3072 * analysis-plan.h: Wrap everything namespace "ana".
3073 * analyzer-logging.cc: Likewise.
3074 * analyzer-logging.h: Likewise.
3075 * analyzer-pass.cc (pass_analyzer::execute): Update for "ana"
3076 namespace.
3077 * analyzer-selftests.cc: Wrap everything namespace "ana".
3078 * analyzer-selftests.h: Likewise.
3079 * analyzer.h: Likewise for forward decls of types.
3080 * call-string.h: Likewise.
3081 * checker-path.cc: Likewise.
3082 * checker-path.h: Likewise.
3083 * constraint-manager.cc: Likewise.
3084 * constraint-manager.h: Likewise.
3085 * diagnostic-manager.cc: Likewise.
3086 * diagnostic-manager.h: Likewise.
3087 * engine.cc: Likewise.
3088 * engine.h: Likewise.
3089 * exploded-graph.h: Likewise.
3090 * function-set.cc: Likewise.
3091 * function-set.h: Likewise.
3092 * pending-diagnostic.cc: Likewise.
3093 * pending-diagnostic.h: Likewise.
3094 * program-point.cc: Likewise.
3095 * program-point.h: Likewise.
3096 * program-state.cc: Likewise.
3097 * program-state.h: Likewise.
3098 * region-model.cc: Likewise.
3099 * region-model.h: Likewise.
3100 * sm-file.cc: Likewise.
3101 * sm-malloc.cc: Likewise.
3102 * sm-pattern-test.cc: Likewise.
3103 * sm-sensitive.cc: Likewise.
3104 * sm-signal.cc: Likewise.
3105 * sm-taint.cc: Likewise.
3106 * sm.cc: Likewise.
3107 * sm.h: Likewise.
3108 * state-purge.h: Likewise.
3109 * supergraph.cc: Likewise.
3110 * supergraph.h: Likewise.
3111
4f01e577
DM		 31122020-01-21 David Malcolm <dmalcolm@redhat.com>
3113
3114 PR analyzer/93352
3115 * region-model.cc (int_cmp): Rename to...
3116 (array_region::key_cmp): ...this, using key_t rather than int.
3117 Rewrite in terms of comparisons rather than subtraction to
3118 ensure qsort is anti-symmetric when handling extreme values.
3119 (array_region::walk_for_canonicalization): Update for above
3120 renaming.
3121 * region-model.h (array_region::key_cmp): New decl.
3122
07c86323
DM		 31232020-01-17 David Malcolm <dmalcolm@redhat.com>
3124
3125 PR analyzer/93290
3126 * region-model.cc (region_model::eval_condition_without_cm): Avoid
3127 gcc_unreachable for unexpected operations for the case where
3128 we're comparing an svalue against itself.
3129
5f030383
DM		 31302020-01-17 David Malcolm <dmalcolm@redhat.com>
3131
3132 PR analyzer/93281
3133 * region-model.cc
3134 (region_model::convert_byte_offset_to_array_index): Convert to
3135 ssizetype before dividing by byte_size. Use fold_binary rather
3136 than fold_build2 to avoid needlessly constructing a tree for the
3137 non-const case.
3138
49e9a999
DM		 31392020-01-15 David Malcolm <dmalcolm@redhat.com>
3140
3141 * engine.cc (class impl_region_model_context): Fix comment.
3142
32077b69
DM		 31432020-01-14 David Malcolm <dmalcolm@redhat.com>
3144
3145 PR analyzer/93212
3146 * region-model.cc (make_region_for_type): Use
3147 FUNC_OR_METHOD_TYPE_P rather than comparing against FUNCTION_TYPE.
3148 * region-model.h (function_region::function_region): Likewise.
3149
7fb3669e
DM		 31502020-01-14 David Malcolm <dmalcolm@redhat.com>
3151
3152 * program-state.cc (sm_state_map::clone_with_remapping): Copy
3153 m_global_state.
3154 (selftest::test_program_state_merging_2): New selftest.
3155 (selftest::analyzer_program_state_cc_tests): Call it.
3156
e2a538b1
DM		 31572020-01-14 David Malcolm <dmalcolm@redhat.com>
3158
3159 * checker-path.h (checker_path::get_checker_event): New function.
3160 (checker_path): Add DISABLE_COPY_AND_ASSIGN; make fields private.
3161 * diagnostic-manager.cc
3162 (diagnostic_manager::prune_for_sm_diagnostic): Replace direct
3163 access to checker_path::m_events with accessor functions. Fix
3164 overlong line.
3165 (diagnostic_manager::prune_interproc_events): Replace direct
3166 access to checker_path::m_events with accessor functions.
3167 (diagnostic_manager::finish_pruning): Likewise.
3168
94946989
DM		 31692020-01-14 David Malcolm <dmalcolm@redhat.com>
3170
3171 * checker-path.h (checker_event::clone): Delete vfunc decl.
3172 (debug_event::clone): Delete vfunc impl.
3173 (custom_event::clone): Delete vfunc impl.
3174 (statement_event::clone): Delete vfunc impl.
3175 (function_entry_event::clone): Delete vfunc impl.
3176 (state_change_event::clone): Delete vfunc impl.
3177 (start_cfg_edge_event::clone): Delete vfunc impl.
3178 (end_cfg_edge_event::clone): Delete vfunc impl.
3179 (call_event::clone): Delete vfunc impl.
3180 (return_event::clone): Delete vfunc impl.
3181 (setjmp_event::clone): Delete vfunc impl.
3182 (rewind_from_longjmp_event::clone): Delete vfunc impl.
3183 (rewind_to_setjmp_event::clone): Delete vfunc impl.
3184 (warning_event::clone): Delete vfunc impl.
3185
718930c0
DM		 31862020-01-14 David Malcolm <dmalcolm@redhat.com>
3187
3188 * supergraph.cc (supernode::dump_dot): Ensure that the TABLE
3189 element has at least one TR.
3190
8397af8e
DM		 31912020-01-14 David Malcolm <dmalcolm@redhat.com>
3192
3193 PR analyzer/58237
3194 * engine.cc (leak_stmt_finder::find_stmt): Use get_pure_location
3195 when comparing against UNKNOWN_LOCATION.
3196 (stmt_requires_new_enode_p): Likewise.
3197 (exploded_graph::dump_exploded_nodes): Likewise.
3198 * supergraph.cc (supernode::get_start_location): Likewise.
3199 (supernode::get_end_location): Likewise.
3200
697251b7
DM		 32012020-01-14 David Malcolm <dmalcolm@redhat.com>
3202
3203 PR analyzer/58237
3204 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
3205 selftest::analyzer_sm_file_cc_tests.
3206 * analyzer-selftests.h (selftest::analyzer_sm_file_cc_tests): New
3207 decl.
3208 * sm-file.cc: Include "analyzer/function-set.h" and
3209 "analyzer/analyzer-selftests.h".
3210 (get_file_using_fns): New function.
3211 (is_file_using_fn_p): New function.
3212 (fileptr_state_machine::on_stmt): Return true for known functions.
3213 (selftest::analyzer_sm_file_cc_tests): New function.
3214
4804c5fe
DM		 32152020-01-14 David Malcolm <dmalcolm@redhat.com>
3216
3217 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
3218 selftest::analyzer_sm_signal_cc_tests.
3219 * analyzer-selftests.h (selftest::analyzer_sm_signal_cc_tests):
3220 New decl.
3221 * sm-signal.cc: Include "analyzer/function-set.h" and
3222 "analyzer/analyzer-selftests.h".
3223 (get_async_signal_unsafe_fns): New function.
3224 (signal_unsafe_p): Reimplement in terms of the above.
3225 (selftest::analyzer_sm_signal_cc_tests): New function.
3226
a6b5f19c
DM		 32272020-01-14 David Malcolm <dmalcolm@redhat.com>
3228
3229 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
3230 selftest::analyzer_function_set_cc_tests.
3231 * analyzer-selftests.h (selftest::analyzer_function_set_cc_tests):
3232 New decl.
3233 * function-set.cc: New file.
3234 * function-set.h: New file.
3235
ef7827b0
DM		 32362020-01-14 David Malcolm <dmalcolm@redhat.com>
3237
3238 * analyzer.h (fndecl_has_gimple_body_p): New decl.
3239 * engine.cc (impl_region_model_context::on_unknown_change): New
3240 function.
3241 (fndecl_has_gimple_body_p): Make non-static.
3242 (exploded_node::on_stmt): Treat __analyzer_dump_exploded_nodes as
3243 known. Track whether we have a call with unknown side-effects and
3244 pass it to on_call_post.
3245 * exploded-graph.h (impl_region_model_context::on_unknown_change):
3246 New decl.
3247 * program-state.cc (sm_state_map::on_unknown_change): New function.
3248 * program-state.h (sm_state_map::on_unknown_change): New decl.
3249 * region-model.cc: Include "bitmap.h".
3250 (region_model::on_call_pre): Return a bool, capturing whether the
3251 call has unknown side effects.
3252 (region_model::on_call_post): Add arg "bool unknown_side_effects"
3253 and if true, call handle_unrecognized_call.
3254 (class reachable_regions): New class.
3255 (region_model::handle_unrecognized_call): New function.
3256 * region-model.h (region_model::on_call_pre): Return a bool.
3257 (region_model::on_call_post): Add arg "bool unknown_side_effects".
3258 (region_model::handle_unrecognized_call): New decl.
3259 (region_model_context::on_unknown_change): New vfunc.
3260 (test_region_model_context::on_unknown_change): New function.
3261
14f9d7b9
DM		 32622020-01-14 David Malcolm <dmalcolm@redhat.com>
3263
3264 * diagnostic-manager.cc (saved_diagnostic::operator==): Move here
3265 from header. Replace pointer equality test on m_var with call to
3266 pending_diagnostic::same_tree_p.
3267 * diagnostic-manager.h (saved_diagnostic::operator==): Move to
3268 diagnostic-manager.cc.
3269 * pending-diagnostic.cc (pending_diagnostic::same_tree_p): New.
3270 * pending-diagnostic.h (pending_diagnostic::same_tree_p): New.
3271 * sm-file.cc (file_diagnostic::subclass_equal_p): Replace pointer
3272 equality on m_arg with call to pending_diagnostic::same_tree_p.
3273 * sm-malloc.cc (malloc_diagnostic::subclass_equal_p): Likewise.
3274 (possible_null_arg::subclass_equal_p): Likewise.
3275 (null_arg::subclass_equal_p): Likewise.
3276 (free_of_non_heap::subclass_equal_p): Likewise.
3277 * sm-pattern-test.cc (pattern_match::operator==): Likewise.
3278 * sm-sensitive.cc (exposure_through_output_file::operator==):
3279 Likewise.
3280 * sm-taint.cc (tainted_array_index::operator==): Likewise.
3281
f474fbd5
DM		 32822020-01-14 David Malcolm <dmalcolm@redhat.com>
3283
3284 * diagnostic-manager.cc (dedupe_winners::add): Add logging
3285 of deduplication decisions made.
3286
757bf1df
DM		 32872020-01-14 David Malcolm <dmalcolm@redhat.com>
3288
3289 * ChangeLog: New file.
3290 * analyzer-selftests.cc: New file.
3291 * analyzer-selftests.h: New file.
3292 * analyzer.opt: New file.
3293 * analysis-plan.cc: New file.
3294 * analysis-plan.h: New file.
3295 * analyzer-logging.cc: New file.
3296 * analyzer-logging.h: New file.
3297 * analyzer-pass.cc: New file.
3298 * analyzer.cc: New file.
3299 * analyzer.h: New file.
3300 * call-string.cc: New file.
3301 * call-string.h: New file.
3302 * checker-path.cc: New file.
3303 * checker-path.h: New file.
3304 * constraint-manager.cc: New file.
3305 * constraint-manager.h: New file.
3306 * diagnostic-manager.cc: New file.
3307 * diagnostic-manager.h: New file.
3308 * engine.cc: New file.
3309 * engine.h: New file.
3310 * exploded-graph.h: New file.
3311 * pending-diagnostic.cc: New file.
3312 * pending-diagnostic.h: New file.
3313 * program-point.cc: New file.
3314 * program-point.h: New file.
3315 * program-state.cc: New file.
3316 * program-state.h: New file.
3317 * region-model.cc: New file.
3318 * region-model.h: New file.
3319 * sm-file.cc: New file.
3320 * sm-malloc.cc: New file.
3321 * sm-malloc.dot: New file.
3322 * sm-pattern-test.cc: New file.
3323 * sm-sensitive.cc: New file.
3324 * sm-signal.cc: New file.
3325 * sm-taint.cc: New file.
3326 * sm.cc: New file.
3327 * sm.h: New file.
3328 * state-purge.cc: New file.
3329 * state-purge.h: New file.
3330 * supergraph.cc: New file.
3331 * supergraph.h: New file.
3332
33332019-12-13 David Malcolm <dmalcolm@redhat.com>
3334
3335 * Initial creation
3336
3337\f
3338Copyright (C) 2019-2020 Free Software Foundation, Inc.
3339
3340Copying and distribution of this file, with or without modification,
3341are permitted in any medium without royalty provided the copyright
3342notice and this notice are preserved.
Mirror of https://gcc.gnu.org/git/gcc.git