]> git.ipfire.org Git - thirdparty/gcc.git/blame - gcc/analyzer/ChangeLog
projects / thirdparty / gcc.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
IBM Z: Fix bootstrap breakage due to HAVE_TF macro
[thirdparty/gcc.git] / gcc / analyzer / ChangeLog
CommitLineData
0cfd9109
GA		 12020-11-05 David Malcolm <dmalcolm@redhat.com>
2
3 PR analyzer/97668
4 * svalue.cc (cmp_cst): Handle COMPLEX_CST.
5
e93aae4a
GA		 62020-10-29 David Malcolm <dmalcolm@redhat.com>
7
8 * program-state.cc (sm_state_map::on_liveness_change): Sort the
9 leaking svalues before calling on_state_leak.
10 (program_state::detect_leaks): Likewise when calling
11 on_svalue_leak.
12 * region-model-reachability.cc
13 (reachable_regions::mark_escaped_clusters): Likewise when
14 calling on_escaped_function.
15
162020-10-29 David Malcolm <dmalcolm@redhat.com>
17
18 PR analyzer/97608
19 * region-model-reachability.cc (reachable_regions::handle_sval):
20 Operands of reachable reversible operations are reachable.
21
222020-10-29 David Malcolm <dmalcolm@redhat.com>
23
24 * analyzer.h (class state_machine): New forward decl.
25 (class logger): Likewise.
26 (class visitor): Likewise.
27 * complexity.cc: New file, taken from svalue.cc.
28 * complexity.h: New file, taken from region-model.h.
29 * region-model.h: Include "analyzer/svalue.h" and
30 "analyzer/region.h". Move struct complexity to complexity.h.
31 Move svalue, its subclasses and supporting decls to svalue.h.
32 Move region, its subclasses and supporting decls to region.h.
33 * region.cc: Include "analyzer/region.h".
34 (symbolic_region::symbolic_region): Move here from region-model.h.
35 * region.h: New file, based on material from region-model.h.
36 * svalue.cc: Include "analyzer/svalue.h".
37 (complexity::complexity): Move to complexity.cc.
38 (complexity::from_pair): Likewise.
39 * svalue.h: New file, based on material from region-model.h.
40
412020-10-29 David Malcolm <dmalcolm@redhat.com>
42
43 * program-state.cc (sm_state_map::print): Guard the printing of
44 the origin pointer with !flag_dump_noaddr.
45 * region.cc (string_region::dump_to_pp): Likewise for
46 m_string_cst.
47
89bb01e7
GA		 482020-10-27 David Malcolm <dmalcolm@redhat.com>
49
50 PR analyzer/97568
51 * region-model.cc (region_model::get_initial_value_for_global):
52 Move check that !DECL_EXTERNAL from here to...
53 * region.cc (decl_region::get_svalue_for_initializer): ...here,
54 using it to reject zero initialization.
55
562020-10-27 Markus Böck <markus.boeck02@gmail.com>
57
58 PR analyzer/96608
59 * store.h (hash): Cast to intptr_t instead of long
60
612020-10-27 David Malcolm <dmalcolm@redhat.com>
62
63 * constraint-manager.cc (svalue_cmp_by_ptr): Delete.
64 (equiv_class::canonicalize): Use svalue::cmp_ptr_ptr instead.
65 (equiv_class_cmp): Eliminate pointer comparison.
66 * diagnostic-manager.cc (dedupe_key::comparator): If they are at
67 the same location, also compare epath ength and pending_diagnostic
68 kind.
69 * engine.cc (readability_comparator): If two path_vars have the
70 same readability, then impose an arbitrary ordering on them.
71 (worklist::key_t::cmp): If two points have the same plan ordering,
72 continue the comparison. Call sm_state_map::cmp rather than
73 comparing hash values.
74 * program-state.cc (sm_state_map::entry_t::cmp): New.
75 (sm_state_map::cmp): New.
76 * program-state.h (sm_state_map::entry_t::cmp): New decl.
77 (sm_state_map::elements): New.
78 (sm_state_map::cmp): New.
79
802020-10-27 David Malcolm <dmalcolm@redhat.com>
81
82 * engine.cc (setjmp_record::cmp): New.
83 (supernode_cluster::dump_dot): Avoid embedding pointer in cluster
84 name.
85 (supernode_cluster::cmp_ptr_ptr): New.
86 (function_call_string_cluster::dump_dot): Avoid embedding pointer
87 in cluster name. Sort m_map when dumping child clusters.
88 (function_call_string_cluster::cmp_ptr_ptr): New.
89 (root_cluster::dump_dot): Sort m_map when dumping child clusters.
90 * program-point.cc (function_point::cmp): New.
91 (function_point::cmp_ptr): New.
92 * program-point.h (function_point::cmp): New decl.
93 (function_point::cmp_ptr): New decl.
94 * program-state.cc (sm_state_map::print): Sort the values. Guard
95 the printing of pointers with !flag_dump_noaddr.
96 (program_state::prune_for_point): Sort the regions.
97 (log_set_of_svalues): Sort the values. Guard the printing of
98 pointers with !flag_dump_noaddr.
99 * region-model-manager.cc (log_uniq_map): Sort the values.
100 * region-model-reachability.cc (dump_set): New function template.
101 (reachable_regions::dump_to_pp): Use it.
102 * region-model.h (svalue::cmp_ptr): New decl.
103 (svalue::cmp_ptr_ptr): New decl.
104 (setjmp_record::cmp): New decl.
105 (placeholder_svalue::get_name): New accessor.
106 (widening_svalue::get_point): New accessor.
107 (compound_svalue::get_map): New accessor.
108 (conjured_svalue::get_stmt): New accessor.
109 (conjured_svalue::get_id_region): New accessor.
110 (region::cmp_ptrs): Rename to...
111 (region::cmp_ptr_ptr): ...this.
112 * region.cc (region::cmp_ptrs): Rename to...
113 (region::cmp_ptr_ptr): ...this.
114 * state-purge.cc
115 (state_purge_per_ssa_name::state_purge_per_ssa_name): Sort
116 m_points_needing_name when dumping.
117 * store.cc (concrete_binding::cmp_ptr_ptr): New.
118 (symbolic_binding::cmp_ptr_ptr): New.
119 (binding_map::cmp): New.
120 (get_sorted_parent_regions): Update for renaming of
121 region::cmp_ptrs to region::cmp_ptr_ptr.
122 (store::dump_to_pp): Likewise.
123 (store::to_json): Likewise.
124 (store::can_merge_p): Sort the base regions before considering
125 them.
126 * store.h (concrete_binding::cmp_ptr_ptr): New decl.
127 (symbolic_binding::cmp_ptr_ptr): New decl.
128 (binding_map::cmp): New decl.
129 * supergraph.cc (supergraph::supergraph): Assign UIDs to the
130 gimple stmts.
131 * svalue.cc (cmp_cst): New.
132 (svalue::cmp_ptr): New.
133 (svalue::cmp_ptr_ptr): New.
134
1352020-10-27 David Malcolm <dmalcolm@redhat.com>
136
137 * engine.cc (exploded_graph::get_or_create_node): Fix off-by-one
138 when imposing param_analyzer_max_enodes_per_program_point limit.
139
1402020-10-27 David Malcolm <dmalcolm@redhat.com>
141
142 * region-model.cc (region_model::get_representative_path_var):
143 Implement case RK_LABEL.
144 * region-model.h (label_region::get_label): New accessor.
145
43868df3
GA		 1462020-10-22 David Malcolm <dmalcolm@redhat.com>
147
148 PR analyzer/97514
149 * engine.cc (exploded_graph::add_function_entry): Handle failure
150 to create an enode, rather than asserting.
151
1522020-10-22 David Malcolm <dmalcolm@redhat.com>
153
154 PR analyzer/97489
155 * engine.cc (exploded_graph::add_function_entry): Assert that we
156 have a function body.
157 (exploded_graph::on_escaped_function): Reject fndecls that don't
158 have a function body.
159
b2698c21
GA		 1602020-10-14 David Malcolm <dmalcolm@redhat.com>
161
162 PR analyzer/93388
163 * region-model.cc (region_model::get_initial_value_for_global):
164 Fall back to returning an initial_svalue if
165 decl_region::get_svalue_for_initializer fails.
166 * region.cc (decl_region::get_svalue_for_initializer): Don't
167 attempt to create a compound_svalue if the region has an unknown
168 size.
169
1702020-10-14 David Malcolm <dmalcolm@redhat.com>
171
172 PR analyzer/93723
173 * store.cc (binding_map::apply_ctor_to_region): Remove redundant
174 assertion.
175
8be127ca
GA		 1762020-10-12 David Malcolm <dmalcolm@redhat.com>
177
178 PR analyzer/97258
179 * engine.cc (impl_region_model_context::on_escaped_function): New
180 vfunc.
181 (exploded_graph::add_function_entry): Use m_functions_with_enodes
182 to implement idempotency.
183 (add_any_callbacks): New.
184 (exploded_graph::build_initial_worklist): Use the above to find
185 callbacks that are reachable from global initializers.
186 (exploded_graph::on_escaped_function): New.
187 * exploded-graph.h
188 (impl_region_model_context::on_escaped_function): New decl.
189 (exploded_graph::on_escaped_function): New decl.
190 (exploded_graph::m_functions_with_enodes): New field.
191 * region-model-reachability.cc
192 (reachable_regions::reachable_regions): Replace "store" param with
193 "model" param; use it to initialize m_model.
194 (reachable_regions::add): When getting the svalue for the region,
195 call get_store_value on the model rather than using an initial
196 value.
197 (reachable_regions::mark_escaped_clusters): Add ctxt param and
198 use it to call on_escaped_function when a function_region escapes.
199 * region-model-reachability.h
200 (reachable_regions::reachable_regions): Replace "store" param with
201 "model" param.
202 (reachable_regions::mark_escaped_clusters): Add ctxt param.
203 (reachable_regions::m_model): New field.
204 * region-model.cc (region_model::handle_unrecognized_call): Update
205 for change in reachable_regions ctor.
206 (region_model::handle_unrecognized_call): Pass ctxt to
207 mark_escaped_clusters.
208 (region_model::get_reachable_svalues): Update for change in
209 reachable_regions ctor.
210 (region_model::get_initial_value_for_global): Read-only variables
211 keep their initial values.
212 * region-model.h (region_model_context::on_escaped_function): New
213 vfunc.
214 (noop_region_model_context::on_escaped_function): New.
215
2162020-10-12 David Malcolm <dmalcolm@redhat.com>
217
218 * analyzer.opt (Wanalyzer-write-to-const): New.
219 (Wanalyzer-write-to-string-literal): New.
220 * region-model-impl-calls.cc (region_model::impl_call_memcpy):
221 Call check_for_writable_region.
222 (region_model::impl_call_memset): Likewise.
223 (region_model::impl_call_strcpy): Likewise.
224 * region-model.cc (class write_to_const_diagnostic): New.
225 (class write_to_string_literal_diagnostic): New.
226 (region_model::check_for_writable_region): New.
227 (region_model::set_value): Call check_for_writable_region.
228 * region-model.h (region_model::check_for_writable_region): New
229 decl.
230
6caec77e
GA		 2312020-10-07 David Malcolm <dmalcolm@redhat.com>
232
233 PR analyzer/97116
234 * sm-malloc.cc (method_p): New.
235 (describe_argument_index): New.
236 (inform_nonnull_attribute): Use describe_argument_index.
237 (possible_null_arg::describe_final_event): Likewise.
238 (null_arg::describe_final_event): Likewise.
239
93bca37c
GA		 2402020-09-29 David Malcolm <dmalcolm@redhat.com>
241
242 PR analyzer/95188
243 * engine.cc (stmt_requires_new_enode_p): Split enodes before
244 "signal" calls.
245
2462020-09-29 David Malcolm <dmalcolm@redhat.com>
247
248 * constraint-manager.cc
249 (constraint_manager::add_constraint_internal): Whitespace fixes.
250 Silence -Wsign-compare warning.
251 * engine.cc (maybe_process_run_of_before_supernode_enodes):
252 Silence -Wsign-compare warning.
253
e84761c6
GA		 2542020-09-28 David Malcolm <dmalcolm@redhat.com>
255
256 * region-model.h (binop_svalue::dyn_cast_binop_svalue): Remove
257 redundant "virtual". Add FINAL OVERRIDE.
258 (widening_svalue::dyn_cast_widening_svalue): Add FINAL OVERRIDE.
259 (compound_svalue::dyn_cast_compound_svalue): Likewise.
260 (conjured_svalue::dyn_cast_conjured_svalue): Likewise.
261
2622020-09-28 David Malcolm <dmalcolm@redhat.com>
263
264 * diagnostic-manager.cc (null_assignment_sm_context::m_visitor):
265 Remove unused field.
266
2672020-09-28 David Malcolm <dmalcolm@redhat.com>
268
269 PR analyzer/97233
270 * analyzer.cc (is_longjmp_call_p): Require the initial argument
271 to be a pointer.
272 * engine.cc (exploded_node::on_longjmp): Likewise.
273
2742020-09-28 David Malcolm <dmalcolm@redhat.com>
275
276 * program-state.cc (sm_state_map::print): Update check
277 for m_global_state being the start state.
278
91dd4a38
GA		 2792020-09-26 David Malcolm <dmalcolm@redhat.com>
280
281 PR analyzer/96646
282 PR analyzer/96841
283 * region-model.cc (region_model::get_representative_path_var):
284 When handling offset_region, wrap the MEM_REF's first argument in
285 an ADDR_EXPR of pointer type, rather than simply using the tree
286 for the parent region. Require the MEM_REF's second argument to
287 be an integer constant.
288
a2b7397b
GA		 2892020-09-24 David Malcolm <dmalcolm@redhat.com>
290
291 * analyzer.h (struct rejected_constraint): New decl.
292 * analyzer.opt (fanalyzer-feasibility): New option.
293 * diagnostic-manager.cc (path_builder::path_builder): Add
294 "problem" param and use it to initialize new field.
295 (path_builder::get_feasibility_problem): New accessor.
296 (path_builder::m_feasibility_problem): New field.
297 (dedupe_winners::add): Remove inversion of logic in "if" clause,
298 swapping if/else suites. In the !feasible_p suite, inspect
299 flag_analyzer_feasibility and add code to handle when this
300 is off, accepting the infeasible path, but recording the
301 feasibility_problem.
302 (diagnostic_manager::emit_saved_diagnostic): Pass the
303 feasibility_problem to the path_builder.
304 (diagnostic_manager::add_events_for_eedge): If we have
305 a feasibility_problem at this edge, use it to add a custom event.
306 * engine.cc (exploded_path::feasible_p): Pass a
307 rejected_constraint ** to model.maybe_update_for_edge and transfer
308 ownership of any created instance to any feasibility_problem.
309 (feasibility_problem::dump_to_pp): New.
310 * exploded-graph.h (feasibility_problem::feasibility_problem):
311 Drop "model" param; add rejected_constraint * param.
312 (feasibility_problem::~feasibility_problem): New.
313 (feasibility_problem::dump_to_pp): New decl.
314 (feasibility_problem::m_model): Drop field.
315 (feasibility_problem::m_rc): New field.
316 * program-point.cc (function_point::get_location): Handle
317 PK_BEFORE_SUPERNODE and PK_AFTER_SUPERNODE.
318 * program-state.cc (program_state::on_edge): Pass NULL to new
319 param of region_model::maybe_update_for_edge.
320 * region-model.cc (region_model::add_constraint): New overload
321 adding a rejected_constraint ** param.
322 (region_model::maybe_update_for_edge): Add rejected_constraint **
323 param and pass it to the various apply_constraints_for_ calls.
324 (region_model::apply_constraints_for_gcond): Add
325 rejected_constraint ** param and pass it to add_constraint calls.
326 (region_model::apply_constraints_for_gswitch): Likewise.
327 (region_model::apply_constraints_for_exception): Likewise.
328 (rejected_constraint::dump_to_pp): New.
329 * region-model.h (region_model::maybe_update_for_edge):
330 Add rejected_constraint ** param.
331 (region_model::add_constraint): New overload adding a
332 rejected_constraint ** param.
333 (region_model::apply_constraints_for_gcond): Add
334 rejected_constraint ** param.
335 (region_model::apply_constraints_for_gswitch): Likewise.
336 (region_model::apply_constraints_for_exception): Likewise.
337 (struct rejected_constraint): New.
338
82b77dee
GA		 3392020-09-23 David Malcolm <dmalcolm@redhat.com>
340
341 PR analyzer/97178
342 * engine.cc (impl_run_checkers): Update for change to ext_state
343 ctor.
344 * program-state.cc (selftest::test_sm_state_map): Pass an engine
345 instance to ext_state ctor.
346 (selftest::test_program_state_1): Likewise.
347 (selftest::test_program_state_2): Likewise.
348 (selftest::test_program_state_merging): Likewise.
349 (selftest::test_program_state_merging_2): Likewise.
350 * program-state.h (extrinsic_state::extrinsic_state): Remove NULL
351 default value for "eng" param.
352
3532020-09-23 Tobias Burnus <tobias@codesourcery.com>
354
355 * analyzer-logging.cc: Guard '#pragma ... ignored "-Wformat-diag"'
356 by '#if __GNUC__ >= 10'
357 * analyzer.h: Likewise.
358 * call-string.cc: Likewise.
359
3602020-09-23 David Malcolm <dmalcolm@redhat.com>
361
362 * engine.cc (exploded_node::on_stmt): Replace sequence of dyn_cast
363 with switch.
364
521d2711
GA		 3652020-09-22 David Malcolm <dmalcolm@redhat.com>
366
367 * analysis-plan.cc: Include "json.h".
368 * analyzer.opt (fdump-analyzer-json): New.
369 * call-string.cc: Include "json.h".
370 (call_string::to_json): New.
371 * call-string.h (call_string::to_json): New decl.
372 * checker-path.cc: Include "json.h".
373 * constraint-manager.cc: Include "json.h".
374 (equiv_class::to_json): New.
375 (constraint::to_json): New.
376 (constraint_manager::to_json): New.
377 * constraint-manager.h (equiv_class::to_json): New decl.
378 (constraint::to_json): New decl.
379 (constraint_manager::to_json): New decl.
380 * diagnostic-manager.cc: Include "json.h".
381 (saved_diagnostic::to_json): New.
382 (diagnostic_manager::to_json): New.
383 * diagnostic-manager.h (saved_diagnostic::to_json): New decl.
384 (diagnostic_manager::to_json): New decl.
385 * engine.cc: Include "json.h", <zlib.h>.
386 (exploded_node::status_to_str): New.
387 (exploded_node::to_json): New.
388 (exploded_edge::to_json): New.
389 (exploded_graph::to_json): New.
390 (dump_analyzer_json): New.
391 (impl_run_checkers): Call it.
392 * exploded-graph.h (exploded_node::status_to_str): New decl.
393 (exploded_node::to_json): New.
394 (exploded_edge::to_json): New.
395 (exploded_graph::to_json): New.
396 * pending-diagnostic.cc: Include "json.h".
397 * program-point.cc: Include "json.h".
398 (program_point::to_json): New.
399 * program-point.h (program_point::to_json): New decl.
400 * program-state.cc: Include "json.h".
401 (extrinsic_state::to_json): New.
402 (sm_state_map::to_json): New.
403 (program_state::to_json): New.
404 * program-state.h (extrinsic_state::to_json): New decl.
405 (sm_state_map::to_json): New decl.
406 (program_state::to_json): New decl.
407 * region-model-impl-calls.cc: Include "json.h".
408 * region-model-manager.cc: Include "json.h".
409 * region-model-reachability.cc: Include "json.h".
410 * region-model.cc: Include "json.h".
411 * region-model.h (svalue::to_json): New decl.
412 (region::to_json): New decl.
413 * region.cc: Include "json.h".
414 (region::to_json: New.
415 * sm-file.cc: Include "json.h".
416 * sm-malloc.cc: Include "json.h".
417 * sm-pattern-test.cc: Include "json.h".
418 * sm-sensitive.cc: Include "json.h".
419 * sm-signal.cc: Include "json.h".
420 (signal_delivery_edge_info_t::to_json): New.
421 * sm-taint.cc: Include "json.h".
422 * sm.cc: Include "diagnostic.h", "tree-diagnostic.h", and
423 "json.h".
424 (state_machine::state::to_json): New.
425 (state_machine::to_json): New.
426 * sm.h (state_machine::state::to_json): New.
427 (state_machine::to_json): New.
428 * state-purge.cc: Include "json.h".
429 * store.cc: Include "json.h".
430 (binding_key::get_desc): New.
431 (binding_map::to_json): New.
432 (binding_cluster::to_json): New.
433 (store::to_json): New.
434 * store.h (binding_key::get_desc): New decl.
435 (binding_map::to_json): New decl.
436 (binding_cluster::to_json): New decl.
437 (store::to_json): New decl.
438 * supergraph.cc: Include "json.h".
439 (supergraph::to_json): New.
440 (supernode::to_json): New.
441 (superedge::to_json): New.
442 * supergraph.h (supergraph::to_json): New decl.
443 (supernode::to_json): New decl.
444 (superedge::to_json): New decl.
445 * svalue.cc: Include "json.h".
446 (svalue::to_json): New.
447
44135373
GA		 4482020-09-21 David Malcolm <dmalcolm@redhat.com>
449
450 PR analyzer/97130
451 * region-model-impl-calls.cc (call_details::get_arg_type): New.
452 * region-model.cc (region_model::on_call_pre): Check that the
453 initial arg is a pointer before calling impl_call_memset and
454 impl_call_strlen.
455 * region-model.h (call_details::get_arg_type): New decl.
456
4572020-09-21 David Malcolm <dmalcolm@redhat.com>
458
459 PR analyzer/93355
460 * sm-malloc.cc (malloc_state_machine::get_default_state): Look at
461 the base region when considering pointers. Treat pointers to
462 decls as being non-heap.
463
239601c5
GA		 4642020-09-18 David Malcolm <dmalcolm@redhat.com>
465
466 * checker-path.cc (warning_event::get_desc): Handle global state
467 changes.
468
4692020-09-18 David Malcolm <dmalcolm@redhat.com>
470
471 * sm-malloc.cc (malloc_state_machine::on_stmt): Handle strdup and
472 strndup as being malloc-like allocators.
473
ecde1b0a
GA		 4742020-09-16 David Malcolm <dmalcolm@redhat.com>
475
476 * engine.cc (strongly_connected_components::strong_connect): Only
477 consider intraprocedural edges when creating SCCs.
478 (worklist::key_t::cmp): Add comment. Treat call_string
479 differences as more important than differences of program_point
480 within a supernode.
481
4822020-09-16 David Malcolm <dmalcolm@redhat.com>
483
484 * engine.cc (supernode_cluster::dump_dot): Show the SCC id
485 in the per-supernode clusters in FILENAME.eg.dot output.
486 (exploded_graph_annotator::add_node_annotations):
487 Show the SCC of the supernode in FILENAME.supernode.eg.dot output.
488 * exploded-graph.h (worklist::scc_id): New.
489 (exploded_graph::get_scc_id): New.
490
4912020-09-16 David Malcolm <dmalcolm@redhat.com>
492
493 * engine.cc (exploded_node::dump_dot): Show STATUS_BULK_MERGED.
494 (exploded_graph::process_worklist): Call
495 maybe_process_run_of_before_supernode_enodes.
496 (exploded_graph::maybe_process_run_of_before_supernode_enodes):
497 New.
498 (exploded_graph_annotator::print_enode): Show STATUS_BULK_MERGED.
499 * exploded-graph.h (enum exploded_node::status): Add
500 STATUS_BULK_MERGED.
501
5022020-09-16 David Malcolm <dmalcolm@redhat.com>
503
504 * engine.cc
505 (exploded_graph::process_node) <case PK_BEFORE_SUPERNODE>:
506 Simplify by using program_point::get_next.
507 * program-point.cc (program_point::get_next): New.
508 * program-point.h (program_point::get_next): New decl.
509
5102020-09-16 David Malcolm <dmalcolm@redhat.com>
511
512 * engine.cc (exploded_graph::get_or_create_node): Show the
513 program point when issuing -Wanalyzer-too-complex due to hitting
514 the per-program-point limit.
515
5162020-09-16 David Malcolm <dmalcolm@redhat.com>
517
518 * region-model.cc (region_model::on_call_pre): Treat getchar as
519 having no side-effects.
520
9f7ab8c5
GA		 5212020-09-15 David Malcolm <dmalcolm@redhat.com>
522
523 PR analyzer/96650
524 * constraint-manager.cc (merger_fact_visitor::on_fact): Replace
525 assertion that add_constraint succeeded with an assertion that
526 if it fails, -fanalyzer-transitivity is off.
527
50a71cd0
GA		 5282020-09-14 David Malcolm <dmalcolm@redhat.com>
529
530 * analyzer.opt (-param=analyzer-max-constraints=): New param.
531 * constraint-manager.cc
532 (constraint_manager::add_constraint_internal): Silently reject
533 attempts to add constraints when the above limit is reached.
534
5352020-09-14 David Malcolm <dmalcolm@redhat.com>
536
537 PR analyzer/96653
538 * constraint-manager.cc
539 (constraint_manager::get_or_add_equiv_class): Don't accumulate
540 transitive closure of all constraints on constants.
541
5422020-09-14 David Malcolm <dmalcolm@redhat.com>
543
544 PR analyzer/97029
545 * analyzer.cc (is_setjmp_call_p): Require the initial arg to be a
546 pointer.
547 * region-model.cc (region_model::deref_rvalue): Assert that the
548 svalue is of pointer type.
549
ac35c090
GA		 5502020-09-11 David Malcolm <dmalcolm@redhat.com>
551
552 PR analyzer/96798
553 * region-model-impl-calls.cc (region_model::impl_call_memcpy):
554 New.
555 (region_model::impl_call_strcpy): New.
556 * region-model.cc (region_model::on_call_pre): Flag unhandled
557 builtins that are non-pure as having unknown side-effects.
558 Implement BUILT_IN_MEMCPY, BUILT_IN_MEMCPY_CHK, BUILT_IN_STRCPY,
559 BUILT_IN_STRCPY_CHK, BUILT_IN_FPRINTF, BUILT_IN_FPRINTF_UNLOCKED,
560 BUILT_IN_PUTC, BUILT_IN_PUTC_UNLOCKED, BUILT_IN_FPUTC,
561 BUILT_IN_FPUTC_UNLOCKED, BUILT_IN_FPUTS, BUILT_IN_FPUTS_UNLOCKED,
562 BUILT_IN_FWRITE, BUILT_IN_FWRITE_UNLOCKED, BUILT_IN_PRINTF,
563 BUILT_IN_PRINTF_UNLOCKED, BUILT_IN_PUTCHAR,
564 BUILT_IN_PUTCHAR_UNLOCKED, BUILT_IN_PUTS, BUILT_IN_PUTS_UNLOCKED,
565 BUILT_IN_VFPRINTF, BUILT_IN_VPRINTF.
566 * region-model.h (region_model::impl_call_memcpy): New decl.
567 (region_model::impl_call_strcpy): New decl.
568
80f86e78
GA		 5692020-09-09 David Malcolm <dmalcolm@redhat.com>
570
571 PR analyzer/94355
572 * analyzer.opt (Wanalyzer-mismatching-deallocation): New warning.
573 * region-model-impl-calls.cc
574 (region_model::impl_call_operator_new): New.
575 (region_model::impl_call_operator_delete): New.
576 * region-model.cc (region_model::on_call_pre): Detect operator new
577 and operator delete.
578 (region_model::on_call_post): Likewise.
579 (region_model::maybe_update_for_edge): Detect EH edges and call...
580 (region_model::apply_constraints_for_exception): New function.
581 * region-model.h (region_model::impl_call_operator_new): New decl.
582 (region_model::impl_call_operator_delete): New decl.
583 (region_model::apply_constraints_for_exception): New decl.
584 * sm-malloc.cc (enum resource_state): New.
585 (struct allocation_state): New state subclass.
586 (enum wording): New.
587 (struct api): New.
588 (malloc_state_machine::custom_data_t): New typedef.
589 (malloc_state_machine::add_state): New decl.
590 (malloc_state_machine::m_unchecked)
591 (malloc_state_machine::m_nonnull)
592 (malloc_state_machine::m_freed): Delete these states in favor
593 of...
594 (malloc_state_machine::m_malloc)
595 (malloc_state_machine::m_scalar_new)
596 (malloc_state_machine::m_vector_new): ...this new api instances,
597 which own their own versions of these states.
598 (malloc_state_machine::on_allocator_call): New decl.
599 (malloc_state_machine::on_deallocator_call): New decl.
600 (api::api): New ctor.
601 (dyn_cast_allocation_state): New.
602 (as_a_allocation_state): New.
603 (get_rs): New.
604 (unchecked_p): New.
605 (nonnull_p): New.
606 (freed_p): New.
607 (malloc_diagnostic::describe_state_change): Use unchecked_p and
608 nonnull_p.
609 (class mismatching_deallocation): New.
610 (double_free::double_free): Add funcname param for initializing
611 m_funcname.
612 (double_free::emit): Use m_funcname in warning message rather
613 than hardcoding "free".
614 (double_free::describe_state_change): Likewise. Use freed_p.
615 (double_free::describe_call_with_state): Use freed_p.
616 (double_free::describe_final_event): Use m_funcname in message
617 rather than hardcoding "free".
618 (double_free::m_funcname): New field.
619 (possible_null::describe_state_change): Use unchecked_p.
620 (possible_null::describe_return_of_state): Likewise.
621 (use_after_free::use_after_free): Add param for initializing m_api.
622 (use_after_free::emit): Use m_api->m_dealloc_funcname in message
623 rather than hardcoding "free".
624 (use_after_free::describe_state_change): Use freed_p. Change the
625 wording of the message based on the API.
626 (use_after_free::describe_final_event): Use
627 m_api->m_dealloc_funcname in message rather than hardcoding
628 "free". Change the wording of the message based on the API.
629 (use_after_free::m_api): New field.
630 (malloc_leak::describe_state_change): Use unchecked_p. Update
631 for renaming of m_malloc_event to m_alloc_event.
632 (malloc_leak::describe_final_event): Update for renaming of
633 m_malloc_event to m_alloc_event.
634 (malloc_leak::m_malloc_event): Rename...
635 (malloc_leak::m_alloc_event): ...to this.
636 (free_of_non_heap::free_of_non_heap): Add param for initializing
637 m_funcname.
638 (free_of_non_heap::emit): Use m_funcname in message rather than
639 hardcoding "free".
640 (free_of_non_heap::describe_final_event): Likewise.
641 (free_of_non_heap::m_funcname): New field.
642 (allocation_state::dump_to_pp): New.
643 (allocation_state::get_nonnull): New.
644 (malloc_state_machine::malloc_state_machine): Update for changes
645 to state fields and new api fields.
646 (malloc_state_machine::add_state): New.
647 (malloc_state_machine::on_stmt): Move malloc/calloc handling to
648 on_allocator_call and call it, passing in the API pointer.
649 Likewise for free, moving it to on_deallocator_call. Handle calls
650 to operator new and delete in an analogous way. Use unchecked_p
651 when testing for possibly-null-arg and possibly-null-deref, and
652 transition to the non-null for the correct API. Remove redundant
653 node param from call to on_zero_assignment. Use freed_p for
654 use-after-free check, and pass in API.
655 (malloc_state_machine::on_allocator_call): New, based on code in
656 on_stmt.
657 (malloc_state_machine::on_deallocator_call): Likewise.
658 (malloc_state_machine::on_phi): Mark node param with
659 ATTRIBUTE_UNUSED; don't pass it to on_zero_assignment.
660 (malloc_state_machine::on_condition): Mark node param with
661 ATTRIBUTE_UNUSED. Replace on_transition calls with get_state and
662 set_next_state pairs, transitioning to the non-null state for the
663 appropriate API.
664 (malloc_state_machine::can_purge_p): Port to new state approach.
665 (malloc_state_machine::on_zero_assignment): Replace on_transition
666 calls with get_state and set_next_state pairs. Drop redundant
667 node param.
668 * sm.h (state_machine::add_custom_state): New.
669
6702020-09-09 David Malcolm <dmalcolm@redhat.com>
671
672 * diagnostic-manager.cc
673 (null_assignment_sm_context::warn_for_state): Replace with...
674 (null_assignment_sm_context::warn): ...this.
675 * engine.cc (impl_sm_context::warn_for_state): Replace with...
676 (impl_sm_context::warn): ...this.
677 * sm-file.cc (fileptr_state_machine::on_stmt): Replace
678 warn_for_state and on_transition calls with a get_state
679 test guarding warn and set_next_state calls.
680 * sm-malloc.cc (malloc_state_machine::on_stmt): Likewise.
681 * sm-pattern-test.cc (pattern_test_state_machine::on_condition):
682 Replace warn_for_state call with warn call.
683 * sm-sensitive.cc
684 (sensitive_state_machine::warn_for_any_exposure): Replace
685 warn_for_state call with a get_state test guarding a warn call.
686 * sm-signal.cc (signal_state_machine::on_stmt): Likewise.
687 * sm-taint.cc (taint_state_machine::on_stmt): Replace
688 warn_for_state and on_transition calls with a get_state
689 test guarding warn and set_next_state calls.
690 * sm.h (sm_context::warn_for_state): Replace with...
691 (sm_context::warn): ...this.
692
6932020-09-09 David Malcolm <dmalcolm@redhat.com>
694
695 * diagnostic-manager.cc
696 (null_assignment_sm_context::null_assignment_sm_context): Add old_state
697 and ext_state params, initializing m_old_state and m_ext_state.
698 (null_assignment_sm_context::on_transition): Split into...
699 (null_assignment_sm_context::get_state): ...this new vfunc
700 implementation and...
701 (null_assignment_sm_context::set_next_state): ...this new vfunc
702 implementation.
703 (null_assignment_sm_context::m_old_state): New field.
704 (null_assignment_sm_context::m_ext_state): New field.
705 (diagnostic_manager::add_events_for_eedge): Pass in old state and
706 ext_state when creating sm_ctxt.
707 * engine.cc (impl_sm_context::on_transition): Split into...
708 (impl_sm_context::get_state): ...this new vfunc
709 implementation and...
710 (impl_sm_context::set_next_state): ...this new vfunc
711 implementation.
712 * sm.h (sm_context::get_state): New pure virtual function.
713 (sm_context::set_next_state): Likewise.
714 (sm_context::on_transition): Convert from a pure virtual function
715 to a regular function implemented in terms of get_state and
716 set_next_state.
717
7182020-09-09 David Malcolm <dmalcolm@redhat.com>
719
720 * checker-path.cc (state_change_event::get_desc): Update
721 state_machine::get_state_name calls to state::get_name.
722 (warning_event::get_desc): Likewise.
723 * diagnostic-manager.cc
724 (null_assignment_sm_context::on_transition): Update comparison
725 against 0 with comparison with m_sm.get_start_state.
726 (diagnostic_manager::prune_for_sm_diagnostic): Update
727 state_machine::get_state_name calls to state::get_name.
728 * engine.cc (impl_sm_context::on_transition): Likewise.
729 (exploded_node::get_dot_fillcolor): Use get_id when summing
730 the sm states.
731 * program-state.cc (sm_state_map::sm_state_map): Don't hardcode
732 0 as the start state when initializing m_global_state.
733 (sm_state_map::print): Use dump_to_pp rather than get_state_name
734 when dumping states.
735 (sm_state_map::is_empty_p): Don't hardcode 0 as the start state
736 when examining m_global_state.
737 (sm_state_map::hash): Use get_id when hashing states.
738 (selftest::test_sm_state_map): Use state objects rather than
739 arbitrary hardcoded integers.
740 (selftest::test_program_state_merging): Likewise.
741 (selftest::test_program_state_merging_2): Likewise.
742 * sm-file.cc (fileptr_state_machine::m_start): Move to base class.
743 (file_diagnostic::describe_state_change): Use get_start_state.
744 (fileptr_state_machine::fileptr_state_machine): Drop m_start
745 initialization.
746 * sm-malloc.cc (malloc_state_machine::m_start): Move to base
747 class.
748 (malloc_diagnostic::describe_state_change): Use get_start_state.
749 (possible_null::describe_state_change): Likewise.
750 (malloc_state_machine::malloc_state_machine): Drop m_start
751 initialization.
752 * sm-pattern-test.cc (pattern_test_state_machine::m_start): Move
753 to base class.
754 (pattern_test_state_machine::pattern_test_state_machine): Drop
755 m_start initialization.
756 * sm-sensitive.cc (sensitive_state_machine::m_start): Move to base
757 class.
758 (sensitive_state_machine::sensitive_state_machine): Drop m_start
759 initialization.
760 * sm-signal.cc (signal_state_machine::m_start): Move to base
761 class.
762 (signal_state_machine::signal_state_machine): Drop m_start
763 initialization.
764 * sm-taint.cc (taint_state_machine::m_start): Move to base class.
765 (taint_state_machine::taint_state_machine): Drop m_start
766 initialization.
767 * sm.cc (state_machine::state::dump_to_pp): New.
768 (state_machine::state_machine): Move here from sm.h. Initialize
769 m_next_state_id and m_start.
770 (state_machine::add_state): Reimplement in terms of state objects.
771 (state_machine::get_state_name): Delete.
772 (state_machine::get_state_by_name): Reimplement in terms of state
773 objects. Make const.
774 (state_machine::validate): Delete.
775 (state_machine::dump_to_pp): Reimplement in terms of state
776 objects.
777 * sm.h (state_machine::state): New class.
778 (state_machine::state_t): Convert typedef from "unsigned" to
779 "const state_machine::state *".
780 (state_machine::state_machine): Move to sm.cc.
781 (state_machine::get_default_state): Use m_start rather than
782 hardcoding 0.
783 (state_machine::get_state_name): Delete.
784 (state_machine::get_state_by_name): Make const.
785 (state_machine::get_start_state): New accessor.
786 (state_machine::alloc_state_id): New.
787 (state_machine::m_state_names): Drop in favor of...
788 (state_machine::m_states): New field
789 (state_machine::m_start): New field
790 (start_start_p): Delete.
791
31a05046
GA		 7922020-09-08 David Malcolm <dmalcolm@redhat.com>
793
794 PR analyzer/96949
795 * store.cc (binding_map::apply_ctor_val_to_range): Add
796 error-handling for the cases where we have symbolic offsets.
797
7982020-09-08 David Malcolm <dmalcolm@redhat.com>
799
800 PR analyzer/96950
801 * store.cc (binding_map::apply_ctor_to_region): Handle RANGE_EXPR
802 where min_index == max_index.
803 (binding_map::apply_ctor_val_to_range): Replace assertion that we
804 don't have a CONSTRUCTOR value with error-handling.
805
8062020-09-08 David Malcolm <dmalcolm@redhat.com>
807
808 PR analyzer/96962
809 * region-model.cc (region_model::on_call_pre): Fix guard on switch
810 on built-ins to only consider BUILT_IN_NORMAL, rather than other
811 kinds of build-ins.
812
e1a4a8a0
GA		 8132020-09-01 David Malcolm <dmalcolm@redhat.com>
814
815 PR analyzer/96792
816 * region-model.cc (region_model::deref_rvalue): Add the constraint
817 that PTR_SVAL is non-NULL.
818
13e4ba28
GA		 8192020-08-31 David Malcolm <dmalcolm@redhat.com>
820
821 PR analyzer/96798
822 * region-model.cc (region_model::on_call_pre): Handle
823 BUILT_IN_MEMSET_CHK.
824
8252020-08-31 David Malcolm <dmalcolm@redhat.com>
826
827 * region-model.cc (region_model::on_call_pre): Gather handling of
828 builtins and of internal fns into switch statements. Handle
829 "alloca" and BUILT_IN_ALLOCA_WITH_ALIGN.
830
8312020-08-31 David Malcolm <dmalcolm@redhat.com>
832
833 PR analyzer/96860
834 * region.cc (decl_region::get_svalue_for_constructor): Support
835 apply_ctor_to_region failing.
836 * store.cc (binding_map::apply_ctor_to_region): Add failure
837 handling.
838 (binding_map::apply_ctor_val_to_range): Likewise.
839 (binding_map::apply_ctor_pair_to_child_region): Likewise. Replace
840 assertion that child_base_offset is not symbolic with error
841 handling.
842 * store.h (binding_map::apply_ctor_to_region): Convert return type
843 from void to bool.
844 (binding_map::apply_ctor_val_to_range): Likewise.
845 (binding_map::apply_ctor_pair_to_child_region): Likewise.
846
8472020-08-31 David Malcolm <dmalcolm@redhat.com>
848
849 PR analyzer/96763
850 * store.cc (binding_map::apply_ctor_to_region): Handle RANGE_EXPR
851 by calling a new binding_map::apply_ctor_val_to_range subroutine.
852 Split out the existing non-CONSTRUCTOR-handling code to a new
853 apply_ctor_pair_to_child_region subroutine.
854 (binding_map::apply_ctor_val_to_range): New.
855 (binding_map::apply_ctor_pair_to_child_region): New, split out
856 from binding_map::apply_ctor_to_region as noted above.
857 * store.h (binding_map::apply_ctor_val_to_range): New decl.
858 (binding_map::apply_ctor_pair_to_child_region): New decl.
859
8602020-08-31 David Malcolm <dmalcolm@redhat.com>
861
862 PR analyzer/96764
863 * region-model-manager.cc
864 (region_model_manager::maybe_fold_unaryop): Handle VIEW_CONVERT_EXPR.
865 (region_model_manager::get_or_create_cast): Move logic for
866 real->integer casting to...
867 (get_code_for_cast): ...this new function, and add logic for
868 real->non-integer casts.
869 (region_model_manager::maybe_fold_sub_svalue): Handle
870 VIEW_CONVERT_EXPR.
871 * region-model.cc
872 (region_model::add_any_constraints_from_gassign): Likewise.
873 * svalue.cc (svalue::maybe_undo_cast): Likewise.
874 (unaryop_svalue::dump_to_pp): Likewise.
875
57ea0894
GA		 8762020-08-26 David Malcolm <dmalcolm@redhat.com>
877
878 PR analyzer/94858
879 * region-model-manager.cc
880 (region_model_manager::get_or_create_widening_svalue): Assert that
881 neither of the inputs are themselves widenings.
882 * store.cc (store::eval_alias_1): The initial value of a pointer
883 can't point to a region that was allocated on the heap after the
884 beginning of the path. A widened pointer value can't alias anything
885 that the initial pointer value can't alias.
886 * svalue.cc (svalue::can_merge_p): Merge BINOP (X, OP, CST) with X
887 to a widening svalue. Merge
888 BINOP(WIDENING(BASE, BINOP(BASE, X)), X) and BINOP(BASE, X) to
889 to the LHS of the first BINOP.
890
8912020-08-26 David Malcolm <dmalcolm@redhat.com>
892
893 PR analyzer/96777
894 * region-model.h (class compound_svalue): Document that all keys
895 must be concrete.
896 (compound_svalue::compound_svalue): Move definition to svalue.cc.
897 * store.cc (binding_map::apply_ctor_to_region): Handle
898 initializers for trailing arrays with incomplete size.
899 * svalue.cc (compound_svalue::compound_svalue): Move definition
900 here from region-model.h. Add assertion that all keys are
901 concrete.
902
e769f970
GA		 9032020-08-22 David Malcolm <dmalcolm@redhat.com>
904
905 PR analyzer/94851
906 * region-model-manager.cc
907 (region_model_manager::maybe_fold_binop): Fold bitwise "& 0" to 0.
908
9092020-08-22 David Malcolm <dmalcolm@redhat.com>
910
911 * store.cc (store::eval_alias): Make const. Split out 2nd half
912 into store::eval_alias_1 and call it twice for symmetry, avoiding
913 test duplication.
914 (store::eval_alias_1): New function, split out from the above.
915 * store.h (store::eval_alias): Make const.
916 (store::eval_alias_1): New decl.
917
9182020-08-22 David Malcolm <dmalcolm@redhat.com>
919
920 * region-model.cc (region_model::push_frame): Bind the default
921 SSA name for each parm if it exists, falling back to the parm
922 itself otherwise, rather than doing both.
923
5b9a3d2a
GA		 9242020-08-20 David Malcolm <dmalcolm@redhat.com>
925
926 PR analyzer/96723
927 * region-model-manager.cc
928 (region_model_manager::get_field_region): Assert that field is a
929 FIELD_DECL.
930 * region.cc (region::get_subregions_for_binding): In
931 union-handling, filter the TYPE_FIELDS traversal to just FIELD_DECLs.
932
9332020-08-20 David Malcolm <dmalcolm@redhat.com>
934
935 PR analyzer/96713
936 * region-model.cc (region_model::get_gassign_result): For
937 comparisons, only use eval_condition when the lhs has boolean
938 type, and use get_or_create_constant_svalue on the boolean
939 constants directly rather than via get_rvalue.
940
04e23a40
GA		 9412020-08-19 David Malcolm <dmalcolm@redhat.com>
942
943 PR analyzer/96643
944 * region-model.cc (region_model::deref_rvalue): Rather than
945 attempting to handle all svalue kinds in the switch, only cover
946 the special cases, and move symbolic-region handling to after
947 the switch, thus implicitly handling the missing case SK_COMPOUND.
948
9492020-08-19 David Malcolm <dmalcolm@redhat.com>
950
951 PR analyzer/96705
952 * region-model-manager.cc
953 (region_model_manager::maybe_fold_binop): Check that we have an
954 integral type before calling build_int_cst.
955
9562020-08-19 David Malcolm <dmalcolm@redhat.com>
957
958 PR analyzer/96699
959 * region-model-manager.cc
960 (region_model_manager::get_or_create_cast): Use FIX_TRUNC_EXPR for
961 casting from REAL_TYPE to INTEGER_TYPE.
962
9632020-08-19 David Malcolm <dmalcolm@redhat.com>
964
965 PR analyzer/96651
966 * region-model.cc (region_model::called_from_main_p): New.
967 (region_model::get_store_value): Move handling for globals into...
968 (region_model::get_initial_value_for_global): ...this new
969 function, and add logic for extracting values from decl
970 initializers.
971 * region-model.h (decl_region::get_svalue_for_constructor): New
972 decl.
973 (decl_region::get_svalue_for_initializer): New decl.
974 (region_model::called_from_main_p): New decl.
975 (region_model::get_initial_value_for_global): New.
976 * region.cc (decl_region::maybe_get_constant_value): Move logic
977 for getting an svalue from a CONSTRUCTOR node to...
978 (decl_region::get_svalue_for_constructor): ...this new function.
979 (decl_region::get_svalue_for_initializer): New.
980 * store.cc (get_svalue_for_ctor_val): Rewrite in terms of
981 region_model::get_rvalue.
982 * store.h (binding_cluster::get_map): New accessor.
983
9842020-08-19 David Malcolm <dmalcolm@redhat.com>
985
986 PR analyzer/96648
987 * region.cc (get_field_at_bit_offset): Gracefully handle negative
988 values for bit_offset.
989
5c265693
GA		 9902020-08-18 David Malcolm <dmalcolm@redhat.com>
991
992 * region-model.cc (region_model::get_rvalue_1): Fix name of local.
993
9942020-08-18 David Malcolm <dmalcolm@redhat.com>
995
996 PR analyzer/96641
997 * region-model.cc (region_model::get_rvalue_1): Handle
998 unrecognized tree codes by returning "UNKNOWN.
999
10002020-08-18 David Malcolm <dmalcolm@redhat.com>
1001
1002 PR analyzer/96640
1003 * region-model.cc (region_model::get_gassign_result): Handle various
1004 VEC_* tree codes by returning UNKNOWN.
1005 (region_model::on_assignment): Handle unrecognized tree codes by
1006 setting lhs to an unknown value, rather than issuing a "sorry" and
1007 asserting.
1008
deee2322
GA		 10092020-08-17 David Malcolm <dmalcolm@redhat.com>
1010
1011 PR analyzer/96644
1012 * region-model-manager.cc (get_region_for_unexpected_tree_code):
1013 Handle ctxt being NULL.
1014
10152020-08-17 David Malcolm <dmalcolm@redhat.com>
1016
1017 PR analyzer/96639
1018 * region.cc (region::get_subregions_for_binding): Check for "type"
1019 being NULL.
1020
10212020-08-17 David Malcolm <dmalcolm@redhat.com>
1022
1023 PR analyzer/96642
1024 * store.cc (get_svalue_for_ctor_val): New.
1025 (binding_map::apply_ctor_to_region): Call it.
1026
661ee09b
GA		 10272020-08-14 David Malcolm <dmalcolm@redhat.com>
1028
1029 PR testsuite/96609
1030 PR analyzer/96616
1031 * region-model.cc (region_model::get_store_value): Call
1032 maybe_get_constant_value on decl_regions first.
1033 * region-model.h (decl_region::maybe_get_constant_value): New decl.
1034 * region.cc (decl_region::get_stack_depth): Likewise.
1035 (decl_region::maybe_get_constant_value): New.
1036 * store.cc (get_subregion_within_ctor): New.
1037 (binding_map::apply_ctor_to_region): New.
1038 * store.h (binding_map::apply_ctor_to_region): New decl.
1039
10402020-08-14 David Malcolm <dmalcolm@redhat.com>
1041
1042 PR analyzer/96611
1043 * store.cc (store::mark_as_escaped): Reject attempts to
1044 get a cluster for an unknown pointer.
1045
b3cb5606
GA		 10462020-08-13 David Malcolm <dmalcolm@redhat.com>
1047
5afd1882
ML		 1048 PR analyzer/93032
1049 PR analyzer/93938
1050 PR analyzer/94011
1051 PR analyzer/94099
1052 PR analyzer/94399
1053 PR analyzer/94458
1054 PR analyzer/94503
1055 PR analyzer/94640
1056 PR analyzer/94688
1057 PR analyzer/94689
1058 PR analyzer/94839
1059 PR analyzer/95026
1060 PR analyzer/95042
1061 PR analyzer/95240
b3cb5606
GA		 1062 * analyzer-logging.cc: Ignore "-Wformat-diag".
1063 (logger::enter_scope): Use inc_indent in both overloads.
1064 (logger::exit_scope): Use dec_indent.
1065 * analyzer-logging.h (logger::inc_indent): New.
1066 (logger::dec_indent): New.
1067 * analyzer-selftests.cc (run_analyzer_selftests): Call
1068 analyzer_store_cc_tests.
1069 * analyzer-selftests.h (analyzer_store_cc_tests): New decl.
1070 * analyzer.cc (get_stmt_location): New function.
1071 * analyzer.h (class initial_svalue): New forward decl.
1072 (class unaryop_svalue): New forward decl.
1073 (class binop_svalue): New forward decl.
1074 (class sub_svalue): New forward decl.
1075 (class unmergeable_svalue): New forward decl.
1076 (class placeholder_svalue): New forward decl.
1077 (class widening_svalue): New forward decl.
1078 (class compound_svalue): New forward decl.
1079 (class conjured_svalue): New forward decl.
1080 (svalue_set): New typedef.
1081 (class map_region): Delete.
1082 (class array_region): Delete.
1083 (class frame_region): New forward decl.
1084 (class function_region): New forward decl.
1085 (class label_region): New forward decl.
1086 (class decl_region): New forward decl.
1087 (class element_region): New forward decl.
1088 (class offset_region): New forward decl.
1089 (class cast_region): New forward decl.
1090 (class field_region): New forward decl.
1091 (class string_region): New forward decl.
1092 (class region_model_manager): New forward decl.
1093 (class store_manager): New forward decl.
1094 (class store): New forward decl.
1095 (class call_details): New forward decl.
1096 (struct svalue_id_merger_mapping): Delete.
1097 (struct canonicalization): Delete.
1098 (class function_point): New forward decl.
1099 (class engine): New forward decl.
1100 (dump_tree): New function decl.
1101 (print_quoted_type): New function decl.
1102 (readability_comparator): New function decl.
1103 (tree_cmp): New function decl.
1104 (class path_var): Move here from region-model.h
1105 (bit_offset_t, bit_size_t, byte_size_t): New typedefs.
1106 (class region_offset): New class.
1107 (get_stmt_location): New decl.
1108 (struct member_function_hash_traits): New struct.
1109 (class consolidation_map): New class.
1110 Ignore "-Wformat-diag".
1111 * analyzer.opt (-param=analyzer-max-svalue-depth=): New param.
1112 (-param=analyzer-max-enodes-for-full-dump=): New param.
1113 * call-string.cc: Ignore -Wformat-diag.
1114 * checker-path.cc: Move includes of "analyzer/call-string.h" and
1115 "analyzer/program-point.h" to before "analyzer/region-model.h",
1116 and also include "analyzer/store.h" before it.
1117 (state_change_event::state_change_event): Replace "tree var" param
1118 with "const svalue *sval". Convert "origin" param from tree to
1119 "const svalue *".
1120 (state_change_event::get_desc): Call get_representative_tree to
1121 convert the var and origin from const svalue * to tree. Use
1122 svalue::get_desc rather than %qE when describing state changes.
1123 (checker_path::add_final_event): Use get_stmt_location.
1124 * checker-path.h (state_change_event::state_change_event): Port
1125 from tree to const svalue *.
1126 (state_change_event::get_lvalue): Delete.
1127 (state_change_event::get_dest_function): New.
1128 (state_change_event::m_var): Replace with...
1129 (state_change_event::m_sval): ...this.
1130 (state_change_event::m_origin): Convert from tree to
1131 const svalue *.
1132 * constraint-manager.cc: Include "analyzer/call-string.h",
1133 "analyzer/program-point.h", and "analyzer/store.h" before
1134 "analyzer/region-model.h".
1135 (struct bound, struct range): Move to constraint-manager.h.
1136 (compare_constants): New function.
1137 (range::dump): Rename to...
1138 (range::dump_to_pp): ...this. Support NULL constants.
1139 (range::dump): Reintroduce for dumping to stderr.
1140 (range::constrained_to_single_element): Return result, rather than
1141 writing to *OUT.
1142 (range::eval_condition): New.
1143 (range::below_lower_bound): New.
1144 (range::above_upper_bound): New.
1145 (equiv_class::equiv_class): Port from svalue_id to const svalue *.
1146 (equiv_class::print): Likewise.
1147 (equiv_class::hash): Likewise.
1148 (equiv_class::operator==): Port from svalue_id to const svalue *.
1149 (equiv_class::add): Port from svalue_id to const svalue *. Drop
1150 "cm" param.
1151 (equiv_class::del): Port from svalue_id to const svalue *.
1152 (equiv_class::get_representative): Likewise.
1153 (equiv_class::remap_svalue_ids): Delete.
1154 (svalue_id_cmp_by_id): Rename to...
1155 (svalue_cmp_by_ptr): ...this, porting from svalue_id to
1156 const svalue *.
1157 (equiv_class::canonicalize): Update qsort comparator.
1158 (constraint::implied_by): New.
1159 (constraint_manager::constraint_manager): Copy m_mgr in copy ctor.
1160 (constraint_manager::dump_to_pp): Add "multiline" param
1161 (constraint_manager::dump): Pass "true" for "multiline".
1162 (constraint_manager::add_constraint): Port from svalue_id to
1163 const svalue *. Split out second part into...
1164 (constraint_manager::add_unknown_constraint): ...this new
1165 function. Remove self-constraints when merging equivalence
1166 classes.
1167 (constraint_manager::add_constraint_internal): Remove constraints
1168 that would be implied by the new constraint. Port from svalue_id
1169 to const svalue *.
1170 (constraint_manager::get_equiv_class_by_sid): Rename to...
1171 (constraint_manager::get_equiv_class_by_svalue): ...this, porting
1172 from svalue_id to const svalue *.
1173 (constraint_manager::get_or_add_equiv_class): Port from svalue_id
1174 to const svalue *.
1175 (constraint_manager::eval_condition): Make const. Call
1176 compare_constants and return early if it provides a known result.
1177 (constraint_manager::get_ec_bounds): New.
1178 (constraint_manager::eval_condition): New overloads. Make
1179 existing one const, and use compare_constants.
1180 (constraint_manager::purge): Convert "p" param to a template
1181 rather that an abstract base class. Port from svalue_id to
1182 const svalue *.
1183 (class dead_svalue_purger): New class.
1184 (constraint_manager::remap_svalue_ids): Delete.
1185 (constraint_manager::on_liveness_change): New.
1186 (equiv_class_cmp): Port from svalue_id to const svalue *.
1187 (constraint_manager::canonicalize): Likewise. Combine with
1188 purging of redundant equivalence classes and constraints.
1189 (class cleaned_constraint_manager): Delete.
1190 (class merger_fact_visitor): Make "m_cm_b" const. Add "m_merger"
1191 field.
1192 (merger_fact_visitor::fact): Port from svalue_id to const svalue *.
1193 Add special case for widening.
1194 (constraint_manager::merge): Port from svalue_id to const svalue *.
1195 (constraint_manager::clean_merger_input): Delete.
1196 (constraint_manager::for_each_fact): Port from svalue_id to
1197 const svalue *.
1198 (constraint_manager::validate): Likewise.
1199 (selftest::test_constraint_conditions): Provide a
1200 region_model_manager when creating region_model instances.
1201 Add test for self-equality not creating equivalence classes.
1202 (selftest::test_transitivity): Provide a region_model_manager when
1203 creating region_model instances. Verify that EC-merging happens
1204 when constraints are implied.
1205 (selftest::test_constant_comparisons): Provide a
1206 region_model_manager when creating region_model instances.
1207 (selftest::test_constraint_impl): Likewise. Remove over-specified
1208 assertions.
1209 (selftest::test_equality): Provide a region_model_manager when
1210 creating region_model instances.
1211 (selftest::test_many_constants): Likewise. Provide a
1212 program_point when testing merging.
1213 (selftest::run_constraint_manager_tests): Move call to
1214 test_constant_comparisons to outside the transitivity guard.
1215 * constraint-manager.h (struct bound): Move here from
1216 constraint-manager.cc.
1217 (struct range): Likewise.
1218 (struct::eval_condition): New decl.
1219 (struct::below_lower_bound): New decl.
1220 (struct::above_upper_bound): New decl.
1221 (equiv_class::add): Port from svalue_id to const svalue *.
1222 (equiv_class::del): Likewise.
1223 (equiv_class::get_representative): Likewise.
1224 (equiv_class::remap_svalue_ids): Drop.
1225 (equiv_class::m_cst_sid): Convert to..
1226 (equiv_class::m_cst_sval): ...this.
1227 (equiv_class::m_vars): Port from svalue_id to const svalue *.
1228 (constraint::bool implied_by): New decl.
1229 (fact_visitor::on_fact): Port from svalue_id to const svalue *.
1230 (constraint_manager::constraint_manager): Add mgr param.
1231 (constraint_manager::clone): Delete.
1232 (constraint_manager::maybe_get_constant): Delete.
1233 (constraint_manager::get_sid_for_constant): Delete.
1234 (constraint_manager::get_num_svalues): Delete.
1235 (constraint_manager::dump_to_pp): Add "multiline" param.
1236 (constraint_manager::get_equiv_class): Port from svalue_id to
1237 const svalue *.
1238 (constraint_manager::add_constraint): Likewise.
1239 (constraint_manager::get_equiv_class_by_sid): Rename to...
1240 (constraint_manager::get_equiv_class_by_svalue): ...this, porting
1241 from svalue_id to const svalue *.
1242 (constraint_manager::add_unknown_constraint): New decl.
1243 (constraint_manager::get_or_add_equiv_class): Port from svalue_id
1244 to const svalue *.
1245 (constraint_manager::eval_condition): Likewise. Add overloads.
1246 (constraint_manager::get_ec_bounds): New decl.
1247 (constraint_manager::purge): Convert to template.
1248 (constraint_manager::remap_svalue_ids): Delete.
1249 (constraint_manager::on_liveness_change): New decl.
1250 (constraint_manager::canonicalize): Drop param.
1251 (constraint_manager::clean_merger_input): Delete.
1252 (constraint_manager::m_mgr): New field.
1253 * diagnostic-manager.cc: Move includes of
1254 "analyzer/call-string.h" and "analyzer/program-point.h" to before
1255 "analyzer/region-model.h", and also include "analyzer/store.h"
1256 before it.
1257 (saved_diagnostic::saved_diagnostic): Add "sval" param.
1258 (diagnostic_manager::diagnostic_manager): Add engine param.
1259 (diagnostic_manager::add_diagnostic): Add "sval" param, passing it
1260 to saved_diagnostic ctor. Update overload to pass NULL for it.
1261 (dedupe_winners::dedupe_winners): Add engine param.
1262 (dedupe_winners::add): Add "eg" param. Pass m_engine to
1263 feasible_p.
1264 (dedupe_winner::m_engine): New field.
1265 (diagnostic_manager::emit_saved_diagnostics): Pass engine to
1266 dedupe_winners. Pass &eg when adding candidates. Pass svalue
1267 rather than tree to prune_path. Use get_stmt_location to get
1268 primary location of diagnostic.
1269 (diagnostic_manager::emit_saved_diagnostic): Likewise.
1270 (get_any_origin): Drop.
1271 (state_change_event_creator::on_global_state_change): Pass NULL
1272 const svalue * rather than NULL_TREE trees to state_change_event
1273 ctor.
1274 (state_change_event_creator::on_state_change): Port from tree and
1275 svalue_id to const svalue *.
1276 (for_each_state_change): Port from svalue_id to const svalue *.
1277 (struct null_assignment_sm_context): New.
1278 (diagnostic_manager::add_events_for_eedge): Add state change
1279 events for assignment to NULL.
1280 (diagnostic_manager::prune_path): Update param from tree to
1281 const svalue *.
1282 (diagnostic_manager::prune_for_sm_diagnostic): Port from tracking
1283 by tree to by const svalue *.
1284 * diagnostic-manager.h (saved_diagnostic::saved_diagnostic): Add sval
1285 param.
1286 (saved_diagnostic::m_sval): New field.
1287 (diagnostic_manager::diagnostic_manager): Add engine param.
1288 (diagnostic_manager::get_engine): New.
1289 (diagnostic_manager::add_diagnostic): Add "sval" param.
1290 (diagnostic_manager::prune_path): Likewise.
1291 (diagnostic_manager::prune_for_sm_diagnostic): New overload.
1292 (diagnostic_manager::m_eng): New field.
1293 * engine.cc: Move includes of "analyzer/call-string.h" and
1294 "analyzer/program-point.h" to before "analyzer/region-model.h",
1295 and also include "analyzer/store.h" before it.
1296 (impl_region_model_context::impl_region_model_context): Update for
1297 removal of m_change field.
1298 (impl_region_model_context::remap_svalue_ids): Delete.
1299 (impl_region_model_context::on_svalue_leak): New.
1300 (impl_region_model_context::on_svalue_purge): Delete.
1301 (impl_region_model_context::on_liveness_change): New.
1302 (impl_region_model_context::on_unknown_change): Update param
1303 from svalue_id to const svalue *. Add is_mutable param.
1304 (setjmp_svalue::compare_fields): Delete.
1305 (setjmp_svalue::accept): New.
1306 (setjmp_svalue::add_to_hash): Delete.
1307 (setjmp_svalue::dump_to_pp): New.
1308 (setjmp_svalue::print_details): Delete.
1309 (impl_sm_context::impl_sm_context): Drop "change" param.
1310 (impl_sm_context::get_fndecl_for_call): Drop "m_change".
1311 (impl_sm_context::on_transition): Drop ATTRIBUTE_UNUSED from
1312 "stmt" param. Drop m_change. Port from svalue_id to
1313 const svalue *.
1314 (impl_sm_context::warn_for_state): Drop m_change. Port from
1315 svalue_id to const svalue *.
1316 (impl_sm_context::get_readable_tree): Rename to...
1317 (impl_sm_context::get_diagnostic_tree): ...this. Port from
1318 svalue_id to const svalue *.
1319 (impl_sm_context::is_zero_assignment): New.
1320 (impl_sm_context::m_change): Delete field.
1321 (leak_stmt_finder::find_stmt): Handle m_var being NULL.
1322 (readability): Increase penalty for MEM_REF. For SSA_NAMEs,
1323 slightly favor the underlying var over the SSA name. Heavily
1324 penalize temporaries. Handle RESULT_DECL.
1325 (readability_comparator): Make non-static. Consider stack depths.
1326 (impl_region_model_context::on_state_leak): Convert from svalue_id
1327 to const svalue *, updating for region_model changes. Use
1328 id_equal.
1329 (impl_region_model_context::on_inherited_svalue): Delete.
1330 (impl_region_model_context::on_cast): Delete.
1331 (impl_region_model_context::on_condition): Drop m_change.
1332 (impl_region_model_context::on_phi): Likewise.
1333 (impl_region_model_context::on_unexpected_tree_code): Handle t
1334 being NULL.
1335 (point_and_state::validate): Update stack checking for
1336 region_model changes.
1337 (eg_traits::dump_args_t::show_enode_details_p): New.
1338 (exploded_node::exploded_node): Initialize m_num_processed_stmts.
1339 (exploded_node::get_processed_stmt): New function.
1340 (exploded_node::get_dot_fillcolor): Add more colors.
1341 (exploded_node::dump_dot): Guard the printing of the point and
1342 state with show_enode_details_p. Print the processed stmts for
1343 this enode after the initial state.
1344 (exploded_node::dump_to_pp): Pass true for new multiline param
1345 of program_state::dump_to_pp.
1346 (exploded_node::on_stmt): Drop "change" param. Log the stmt.
1347 Set input_location. Implement __analyzer_describe. Update
1348 implementation of __analyzer_dump and __analyzer_eval.
1349 Remove purging of sm-state for unknown fncalls from here.
1350 (exploded_node::on_edge): Drop "change" param.
1351 (exploded_node::on_longjmp): Port from region_id/svalue_id to
1352 const region */const svalue *. Call program_state::detect_leaks.
1353 Drop state_change.
1354 (exploded_node::detect_leaks): Update for changes to region_model.
1355 Call program_state::detect_leaks.
1356 (exploded_edge::exploded_edge): Drop ext_state and change params.
1357 (exploded_edge::dump_dot): "args" is no longer used. Drop dumping
1358 of m_change.
1359 (exploded_graph::exploded_graph): Pass engine to
1360 m_diagnostic_manager ctor. Use program_point::origin.
1361 (exploded_graph::add_function_entry): Drop ctxt. Use
1362 program_state::push_frame. Drop state_change.
1363 (exploded_graph::get_or_create_node): Drop "change" param. Add
1364 "enode_for_diag" param. Update dumping calls for API changes.
1365 Pass point to can_merge_with_p. Show enode indices
1366 within -Wanalyzer-too-complex diagnostic for hitting the per-point
1367 limit.
1368 (exploded_graph::add_edge): Drop "change" param. Log which nodes
1369 are being connected. Update for changes to exploded_edge ctor.
1370 (exploded_graph::get_per_program_point_data): New.
1371 (exploded_graph::process_worklist): Pass point to
1372 can_merge_with_p. Drop state_change. Update dumping call for API
1373 change.
1374 (exploded_graph::process_node): Drop state_change. Split the
1375 node in-place if an sm-state-change occurs. Update
1376 m_num_processed_stmts. Update dumping calls for API change.
1377 (exploded_graph::log_stats): Call engine::log_stats.
1378 (exploded_graph::dump_states_for_supernode): Update dumping
1379 call.
1380 (exploded_path::feasible_p): Add "eng" and "eg" params.
1381 Rename "i" to "end_idx". Pass the manager to the region_model
1382 ctor. Update for every processed stmt in the enode, not just the
1383 first. Keep track of which snodes have been visited, and call
1384 loop_replay_fixup when revisiting one.
1385 (enode_label::get_text): Update dump call for new param.
1386 (exploded_graph::dump_exploded_nodes): Likewise.
1387 (exploded_graph::get_node_by_index): New.
1388 (impl_run_checkers): Create engine instance and pass its address
1389 to extrinsic_state ctor.
1390 * exploded-graph.h
1391 (impl_region_model_context::impl_region_model_context): Drop
1392 "change" params.
1393 (impl_region_model_context::void remap_svalue_ids): Delete.
1394 (impl_region_model_context::on_svalue_purge): Delete.
1395 (impl_region_model_context::on_svalue_leak): New.
1396 (impl_region_model_context::on_liveness_change): New.
1397 (impl_region_model_context::on_state_leak): Update signature.
1398 (impl_region_model_context::on_inherited_svalue): Delete.
1399 (impl_region_model_context::on_cast): Delete.
1400 (impl_region_model_context::on_unknown_change): Update signature.
1401 (impl_region_model_context::m_change): Delete.
1402 (eg_traits::dump_args_t::show_enode_details_p): New.
1403 (exploded_node::on_stmt): Drop "change" param.
1404 (exploded_node::on_edge): Likewise.
1405 (exploded_node::get_processed_stmt): New decl.
1406 (exploded_node::m_num_processed_stmts): New field.
1407 (exploded_edge::exploded_edge): Drop ext_state and change params.
1408 (exploded_edge::m_change): Delete.
1409 (exploded_graph::get_engine): New accessor.
1410 (exploded_graph::get_or_create_node): Drop "change" param. Add
1411 "enode_for_diag" param.
1412 (exploded_graph::add_edge): Drop "change" param.
1413 (exploded_graph::get_per_program_point_data): New decl.
1414 (exploded_graph::get_node_by_index): New decl.
1415 (exploded_path::feasible_p): Add "eng" and "eg" params.
1416 * program-point.cc: Include "analyzer/store.h" before including
1417 "analyzer/region-model.h".
1418 (function_point::function_point): Move here from
1419 program-point.h.
1420 (function_point::get_function): Likewise.
1421 (function_point::from_function_entry): Likewise.
1422 (function_point::before_supernode): Likewise.
1423 (function_point::next_stmt): New function.
1424 * program-point.h (function_point::function_point): Move
1425 implementation from here to program-point.cc.
1426 (function_point::get_function): Likewise.
1427 (function_point::from_function_entry): Likewise.
1428 (function_point::before_supernode): Likewise.
1429 (function_point::next_stmt): New decl.
1430 (program_point::operator!=): New.
1431 (program_point::origin): New.
1432 (program_point::next_stmt): New.
1433 (program_point::m_function_point): Make non-const.
1434 * program-state.cc: Move includes of "analyzer/call-string.h" and
1435 "analyzer/program-point.h" to before "analyzer/region-model.h",
1436 and also include "analyzer/store.h" before it.
1437 (extrinsic_state::get_model_manager): New.
1438 (sm_state_map::sm_state_map): Pass in sm and sm_idx to ctor,
1439 rather than pass the around.
1440 (sm_state_map::clone_with_remapping): Delete.
1441 (sm_state_map::print): Remove "sm" param in favor of "m_sm". Add
1442 "simple" and "multiline" params and support multiline vs single
1443 line dumping.
1444 (sm_state_map::dump): Remove "sm" param in favor of "m_sm". Add
1445 "simple" param.
1446 (sm_state_map::hash): Port from svalue_id to const svalue *.
1447 (sm_state_map::operator==): Likewise.
1448 (sm_state_map::get_state): Likewise. Call canonicalize_svalue on
1449 input. Handle inheritance of sm-state. Call get_default_state.
1450 (sm_state_map::get_origin): Port from svalue_id to const svalue *.
1451 (sm_state_map::set_state): Likewise. Pass in ext_state. Reject
1452 attempts to set state on UNKNOWN.
1453 (sm_state_map::impl_set_state): Port from svalue_id to
1454 const svalue *. Pass in ext_state. Call canonicalize_svalue on
1455 input.
1456 (sm_state_map::purge_for_unknown_fncall): Delete.
1457 (sm_state_map::on_svalue_leak): New.
1458 (sm_state_map::remap_svalue_ids): Delete.
1459 (sm_state_map::on_liveness_change): New.
1460 (sm_state_map::on_unknown_change): Reimplement.
1461 (sm_state_map::on_svalue_purge): Delete.
1462 (sm_state_map::on_inherited_svalue): Delete.
1463 (sm_state_map::on_cast): Delete.
1464 (sm_state_map::validate): Delete.
1465 (sm_state_map::canonicalize_svalue): New.
1466 (program_state::program_state): Update to pass manager to
1467 region_model's ctor. Constify num_states and pass state machine
1468 and index to sm_state_map ctor.
1469 (program_state::print): Update for changes to dump API.
1470 (program_state::dump_to_pp): Ignore the summarize param. Add
1471 "multiline" param.
1472 (program_state::dump_to_file): Add "multiline" param.
1473 (program_state::dump): Pass "true" for new "multiline" param.
1474 (program_state::push_frame): New.
1475 (program_state::on_edge): Drop "change" param. Call
1476 program_state::detect_leaks.
1477 (program_state::prune_for_point): Add enode_for_diag param.
1478 Reimplement based on store class. Call detect_leaks
1479 (program_state::remap_svalue_ids): Delete.
1480 (program_state::get_representative_tree): Port from svalue_id to
1481 const svalue *.
1482 (program_state::can_merge_with_p): Add "point" param. Add early
1483 reject for sm-differences. Drop id remapping.
1484 (program_state::validate): Drop region model and sm_state_map
1485 validation.
1486 (state_change::sm_change::dump): Delete.
1487 (state_change::sm_change::remap_svalue_ids): Delete.
1488 (state_change::sm_change::on_svalue_purge): Delete.
1489 (log_set_of_svalues): New.
1490 (state_change::sm_change::validate): Delete.
1491 (state_change::state_change): Delete.
1492 (state_change::add_sm_change): Delete.
1493 (state_change::affects_p): Delete.
1494 (state_change::dump): Delete.
1495 (state_change::remap_svalue_ids): Delete.
1496 (state_change::on_svalue_purge): Delete.
1497 (state_change::validate): Delete.
1498 (selftest::assert_dump_eq): Delete.
1499 (ASSERT_DUMP_EQ): Delete.
1500 (selftest::test_sm_state_map): Update for changes to region_model
1501 and sm_state_map, porting from svalue_id to const svalue *.
1502 (selftest::test_program_state_dumping): Likewise. Drop test of
1503 dumping, renaming to...
1504 (selftest::test_program_state_1): ...this.
1505 (selftest::test_program_state_dumping_2): Likewise, renaming to...
1506 (selftest::test_program_state_2): ...this.
1507 (selftest::test_program_state_merging): Update for changes to
1508 region_model.
1509 (selftest::test_program_state_merging_2): Likewise.
1510 (selftest::analyzer_program_state_cc_tests): Update for renamed
1511 tests.
1512 * program-state.h (extrinsic_state::extrinsic_state): Add logger
1513 and engine params.
1514 (extrinsic_state::get_logger): New accessor.
1515 (extrinsic_state::get_engine): New accessor.
1516 (extrinsic_state::get_model_manager): New accessor.
1517 (extrinsic_state::m_logger): New field.
1518 (extrinsic_state::m_engine): New field.
1519 (struct default_hash_traits<svalue_id>): Delete.
1520 (pod_hash_traits<svalue_id>::hash): Delete.
1521 (pod_hash_traits<svalue_id>::equal): Delete.
1522 (pod_hash_traits<svalue_id>::mark_deleted): Delete.
1523 (pod_hash_traits<svalue_id>::mark_empty): Delete.
1524 (pod_hash_traits<svalue_id>::is_deleted): Delete.
1525 (pod_hash_traits<svalue_id>::is_empty): Delete.
1526 (sm_state_map::entry_t::entry_t): Port from svalue_id to
1527 const svalue *.
1528 (sm_state_map::entry_t::m_origin): Likewise.
1529 (sm_state_map::map_t): Likewise.
1530 (sm_state_map::sm_state_map): Add state_machine and index params.
1531 (sm_state_map::clone_with_remapping): Delete.
1532 (sm_state_map::print): Drop sm param; add simple and multiline
1533 params.
1534 (sm_state_map::dump): Drop sm param; add simple param.
1535 (sm_state_map::get_state): Port from svalue_id to const svalue *.
1536 Add ext_state param.
1537 (sm_state_map::get_origin): Likewise.
1538 (sm_state_map::set_state): Likewise.
1539 (sm_state_map::impl_set_state): Likewise.
1540 (sm_state_map::purge_for_unknown_fncall): Delete.
1541 (sm_state_map::remap_svalue_ids): Delete.
1542 (sm_state_map::on_svalue_purge): Delete.
1543 (sm_state_map::on_svalue_leak): New.
1544 (sm_state_map::on_liveness_change): New.
1545 (sm_state_map::on_inherited_svalue): Delete.
1546 (sm_state_map::on_cast): Delete.
1547 (sm_state_map::validate): Delete.
1548 (sm_state_map::on_unknown_change): Port from svalue_id to
1549 const svalue *. Add is_mutable and ext_state params.
1550 (sm_state_map::canonicalize_svalue): New.
1551 (sm_state_map::m_sm): New field.
1552 (sm_state_map::m_sm_idx): New field.
1553 (program_state::operator=): Delete.
1554 (program_state::dump_to_pp): Drop "summarize" param, adding
1555 "simple" and "multiline".
1556 (program_state::dump_to_file): Likewise.
1557 (program_state::dump): Rename "summarize" to "simple".
1558 (program_state::push_frame): New.
1559 (program_state::get_current_function): New.
1560 (program_state::on_edge): Drop "change" param.
1561 (program_state::prune_for_point): Likewise. Add enode_for_diag
1562 param.
1563 (program_state::remap_svalue_ids): Delete.
1564 (program_state::get_representative_tree): Port from svalue_id to
1565 const svalue *.
1566 (program_state::can_purge_p): Likewise. Pass ext_state to get_state.
1567 (program_state::can_merge_with_p): Add point param.
1568 (program_state::detect_leaks): New.
1569 (state_change_visitor::on_state_change): Port from tree and
1570 svalue_id to a pair of const svalue *.
1571 (class state_change): Delete.
1572 * region.cc: New file.
1573 * region-model-impl-calls.cc: New file.
1574 * region-model-manager.cc: New file.
1575 * region-model-reachability.cc: New file.
1576 * region-model-reachability.h: New file.
1577 * region-model.cc: Include "analyzer/call-string.h",
1578 "analyzer/program-point.h", and "analyzer/store.h" before
1579 "analyzer/region-model.h". Include
1580 "analyzer/region-model-reachability.h".
1581 (dump_tree): Make non-static.
1582 (dump_quoted_tree): Make non-static.
1583 (print_quoted_type): Make non-static.
1584 (path_var::dump): Delete.
1585 (dump_separator): Delete.
1586 (class impl_constraint_manager): Delete.
1587 (svalue_id::print): Delete.
1588 (svalue_id::dump_node_name_to_pp): Delete.
1589 (svalue_id::validate): Delete.
1590 (region_id::print): Delete.
1591 (region_id::dump_node_name_to_pp): Delete.
1592 (region_id::validate): Delete.
1593 (region_id_set::region_id_set): Delete.
1594 (svalue_id_set::svalue_id_set): Delete.
1595 (svalue::operator==): Delete.
1596 (svalue::hash): Delete.
1597 (svalue::print): Delete.
1598 (svalue::dump_dot_to_pp): Delete.
1599 (svalue::remap_region_ids): Delete.
1600 (svalue::walk_for_canonicalization): Delete.
1601 (svalue::get_child_sid): Delete.
1602 (svalue::maybe_get_constant): Delete.
1603 (region_svalue::compare_fields): Delete.
1604 (region_svalue::add_to_hash): Delete.
1605 (region_svalue::print_details): Delete.
1606 (region_svalue::dump_dot_to_pp): Delete.
1607 (region_svalue::remap_region_ids): Delete.
1608 (region_svalue::merge_values): Delete.
1609 (region_svalue::walk_for_canonicalization): Delete.
1610 (region_svalue::eval_condition): Delete.
1611 (constant_svalue::compare_fields): Delete.
1612 (constant_svalue::add_to_hash): Delete.
1613 (constant_svalue::merge_values): Delete.
1614 (constant_svalue::eval_condition): Move to svalue.cc.
1615 (constant_svalue::print_details): Delete.
1616 (constant_svalue::get_child_sid): Delete.
1617 (unknown_svalue::compare_fields): Delete.
1618 (unknown_svalue::add_to_hash): Delete.
1619 (unknown_svalue::print_details): Delete.
1620 (poison_kind_to_str): Move to svalue.cc.
1621 (poisoned_svalue::compare_fields): Delete.
1622 (poisoned_svalue::add_to_hash): Delete.
1623 (poisoned_svalue::print_details): Delete.
1624 (region_kind_to_str): Move to region.cc and reimplement.
1625 (region::operator==): Delete.
1626 (region::get_parent_region): Delete.
1627 (region::set_value): Delete.
1628 (region::become_active_view): Delete.
1629 (region::deactivate_any_active_view): Delete.
1630 (region::deactivate_view): Delete.
1631 (region::get_value): Delete.
1632 (region::get_inherited_child_sid): Delete.
1633 (region_model::copy_region): Delete.
1634 (region_model::copy_struct_region): Delete.
1635 (region_model::copy_union_region): Delete.
1636 (region_model::copy_array_region): Delete.
1637 (region::hash): Delete.
1638 (region::print): Delete.
1639 (region::dump_dot_to_pp): Delete.
1640 (region::dump_to_pp): Delete.
1641 (region::dump_child_label): Delete.
1642 (region::validate): Delete.
1643 (region::remap_svalue_ids): Delete.
1644 (region::remap_region_ids): Delete.
1645 (region::add_view): Delete.
1646 (region::get_view): Delete.
1647 (region::region): Move to region.cc.
1648 (region::add_to_hash): Delete.
1649 (region::print_fields): Delete.
1650 (region::non_null_p): Delete.
1651 (primitive_region::clone): Delete.
1652 (primitive_region::walk_for_canonicalization): Delete.
1653 (map_region::map_region): Delete.
1654 (map_region::compare_fields): Delete.
1655 (map_region::print_fields): Delete.
1656 (map_region::validate): Delete.
1657 (map_region::dump_dot_to_pp): Delete.
1658 (map_region::dump_child_label): Delete.
1659 (map_region::get_or_create): Delete.
1660 (map_region::get): Delete.
1661 (map_region::add_to_hash): Delete.
1662 (map_region::remap_region_ids): Delete.
1663 (map_region::unbind): Delete.
1664 (map_region::get_tree_for_child_region): Delete.
1665 (map_region::get_tree_for_child_region): Delete.
1666 (tree_cmp): Move to region.cc.
1667 (map_region::can_merge_p): Delete.
1668 (map_region::walk_for_canonicalization): Delete.
1669 (map_region::get_value_by_name): Delete.
1670 (struct_or_union_region::valid_key_p): Delete.
1671 (struct_or_union_region::compare_fields): Delete.
1672 (struct_region::clone): Delete.
1673 (struct_region::compare_fields): Delete.
1674 (union_region::clone): Delete.
1675 (union_region::compare_fields): Delete.
1676 (frame_region::compare_fields): Delete.
1677 (frame_region::clone): Delete.
1678 (frame_region::valid_key_p): Delete.
1679 (frame_region::print_fields): Delete.
1680 (frame_region::add_to_hash): Delete.
1681 (globals_region::compare_fields): Delete.
1682 (globals_region::clone): Delete.
1683 (globals_region::valid_key_p): Delete.
1684 (code_region::compare_fields): Delete.
1685 (code_region::clone): Delete.
1686 (code_region::valid_key_p): Delete.
1687 (array_region::array_region): Delete.
1688 (array_region::get_element): Delete.
1689 (array_region::clone): Delete.
1690 (array_region::compare_fields): Delete.
1691 (array_region::print_fields): Delete.
1692 (array_region::validate): Delete.
1693 (array_region::dump_dot_to_pp): Delete.
1694 (array_region::dump_child_label): Delete.
1695 (array_region::get_or_create): Delete.
1696 (array_region::get): Delete.
1697 (array_region::add_to_hash): Delete.
1698 (array_region::remap_region_ids): Delete.
1699 (array_region::get_key_for_child_region): Delete.
1700 (array_region::key_cmp): Delete.
1701 (array_region::walk_for_canonicalization): Delete.
1702 (array_region::key_from_constant): Delete.
1703 (array_region::constant_from_key): Delete.
1704 (function_region::compare_fields): Delete.
1705 (function_region::clone): Delete.
1706 (function_region::valid_key_p): Delete.
1707 (stack_region::stack_region): Delete.
1708 (stack_region::compare_fields): Delete.
1709 (stack_region::clone): Delete.
1710 (stack_region::print_fields): Delete.
1711 (stack_region::dump_child_label): Delete.
1712 (stack_region::validate): Delete.
1713 (stack_region::push_frame): Delete.
1714 (stack_region::get_current_frame_id): Delete.
1715 (stack_region::pop_frame): Delete.
1716 (stack_region::add_to_hash): Delete.
1717 (stack_region::remap_region_ids): Delete.
1718 (stack_region::can_merge_p): Delete.
1719 (stack_region::walk_for_canonicalization): Delete.
1720 (stack_region::get_value_by_name): Delete.
1721 (heap_region::heap_region): Delete.
1722 (heap_region::compare_fields): Delete.
1723 (heap_region::clone): Delete.
1724 (heap_region::walk_for_canonicalization): Delete.
1725 (root_region::root_region): Delete.
1726 (root_region::compare_fields): Delete.
1727 (root_region::clone): Delete.
1728 (root_region::print_fields): Delete.
1729 (root_region::validate): Delete.
1730 (root_region::dump_child_label): Delete.
1731 (root_region::push_frame): Delete.
1732 (root_region::get_current_frame_id): Delete.
1733 (root_region::pop_frame): Delete.
1734 (root_region::ensure_stack_region): Delete.
1735 (root_region::get_stack_region): Delete.
1736 (root_region::ensure_globals_region): Delete.
1737 (root_region::get_code_region): Delete.
1738 (root_region::ensure_code_region): Delete.
1739 (root_region::get_globals_region): Delete.
1740 (root_region::ensure_heap_region): Delete.
1741 (root_region::get_heap_region): Delete.
1742 (root_region::remap_region_ids): Delete.
1743 (root_region::can_merge_p): Delete.
1744 (root_region::add_to_hash): Delete.
1745 (root_region::walk_for_canonicalization): Delete.
1746 (root_region::get_value_by_name): Delete.
1747 (symbolic_region::symbolic_region): Delete.
1748 (symbolic_region::compare_fields): Delete.
1749 (symbolic_region::clone): Delete.
1750 (symbolic_region::walk_for_canonicalization): Delete.
1751 (symbolic_region::print_fields): Delete.
1752 (region_model::region_model): Add region_model_manager * param.
1753 Reimplement in terms of store, dropping impl_constraint_manager
1754 subclass.
1755 (region_model::operator=): Reimplement in terms of store
1756 (region_model::operator==): Likewise.
1757 (region_model::hash): Likewise.
1758 (region_model::print): Delete.
1759 (region_model::print_svalue): Delete.
1760 (region_model::dump_dot_to_pp): Delete.
1761 (region_model::dump_dot_to_file): Delete.
1762 (region_model::dump_dot): Delete.
1763 (region_model::dump_to_pp): Replace "summarize" param with
1764 "simple" and "multiline". Port to store-based implementation.
1765 (region_model::dump): Replace "summarize" param with "simple" and
1766 "multiline".
1767 (dump_vec_of_tree): Delete.
1768 (region_model::dump_summary_of_rep_path_vars): Delete.
1769 (region_model::validate): Delete.
1770 (svalue_id_cmp_by_constant_svalue_model): Delete.
1771 (svalue_id_cmp_by_constant_svalue): Delete.
1772 (region_model::canonicalize): Drop "ctxt" param. Reimplement in
1773 terms of store and constraints.
1774 (region_model::canonicalized_p): Remove NULL arg to canonicalize.
1775 (region_model::loop_replay_fixup): New.
1776 (poisoned_value_diagnostic::emit): Tweak wording of warnings.
1777 (region_model::check_for_poison): Delete.
1778 (region_model::get_gassign_result): New.
1779 (region_model::on_assignment): Port to store-based implementation.
1780 (region_model::on_call_pre): Delete calls to check_for_poison.
1781 Move implementations to region-model-impl-calls.c and port to
1782 store-based implementation.
1783 (region_model::on_call_post): Likewise.
1784 (class reachable_regions): Move to region-model-reachability.h/cc
1785 and port to store-based implementation.
1786 (region_model::handle_unrecognized_call): Port to store-based
1787 implementation.
1788 (region_model::get_reachable_svalues): New.
1789 (region_model::on_setjmp): Port to store-based implementation.
1790 (region_model::on_longjmp): Likewise.
1791 (region_model::handle_phi): Drop is_back_edge param and the logic
1792 using it.
1793 (region_model::get_lvalue_1): Port from region_id to const region *.
1794 (region_model::make_region_for_unexpected_tree_code): Delete.
1795 (assert_compat_types): If the check fails, use internal_error to
1796 show the types.
1797 (region_model::get_lvalue): Port from region_id to const region *.
1798 (region_model::get_rvalue_1): Port from svalue_id to const svalue *.
1799 (region_model::get_rvalue): Likewise.
1800 (region_model::get_or_create_ptr_svalue): Delete.
1801 (region_model::get_or_create_constant_svalue): Delete.
1802 (region_model::get_svalue_for_fndecl): Delete.
1803 (region_model::get_region_for_fndecl): Delete.
1804 (region_model::get_svalue_for_label): Delete.
1805 (region_model::get_region_for_label): Delete.
1806 (build_cast): Delete.
1807 (region_model::maybe_cast_1): Delete.
1808 (region_model::maybe_cast): Delete.
1809 (region_model::get_field_region): Delete.
1810 (region_model::get_store_value): New.
1811 (region_model::region_exists_p): New.
1812 (region_model::deref_rvalue): Port from svalue_id to const svalue *.
1813 (region_model::set_value): Likewise.
1814 (region_model::clobber_region): New.
1815 (region_model::purge_region): New.
1816 (region_model::zero_fill_region): New.
1817 (region_model::mark_region_as_unknown): New.
1818 (region_model::eval_condition): Port from svalue_id to
1819 const svalue *.
1820 (region_model::eval_condition_without_cm): Likewise.
1821 (region_model::compare_initial_and_pointer): New.
1822 (region_model::add_constraint): Port from svalue_id to
1823 const svalue *.
1824 (region_model::maybe_get_constant): Delete.
1825 (region_model::get_representative_path_var): New.
1826 (region_model::add_new_malloc_region): Delete.
1827 (region_model::get_representative_tree): Port to const svalue *.
1828 (region_model::get_representative_path_var): Port to
1829 const region *.
1830 (region_model::get_path_vars_for_svalue): Delete.
1831 (region_model::set_to_new_unknown_value): Delete.
1832 (region_model::update_for_phis): Don't pass is_back_edge to handle_phi.
1833 (region_model::update_for_call_superedge): Port from svalue_id to
1834 const svalue *.
1835 (region_model::update_for_return_superedge): Port to store-based
1836 implementation.
1837 (region_model::update_for_call_summary): Replace
1838 set_to_new_unknown_value with mark_region_as_unknown.
1839 (region_model::get_root_region): Delete.
1840 (region_model::get_stack_region_id): Delete.
1841 (region_model::push_frame): Delete.
1842 (region_model::get_current_frame_id): Delete.
1843 (region_model::get_current_function): Delete.
1844 (region_model::pop_frame): Delete.
1845 (region_model::on_top_level_param): New.
1846 (region_model::get_stack_depth): Delete.
1847 (region_model::get_function_at_depth): Delete.
1848 (region_model::get_globals_region_id): Delete.
1849 (region_model::add_svalue): Delete.
1850 (region_model::replace_svalue): Delete.
1851 (region_model::add_region): Delete.
1852 (region_model::get_svalue): Delete.
1853 (region_model::get_region): Delete.
1854 (make_region_for_type): Delete.
1855 (region_model::add_region_for_type): Delete.
1856 (region_model::on_top_level_param): New.
1857 (class restrict_to_used_svalues): Delete.
1858 (region_model::purge_unused_svalues): Delete.
1859 (region_model::push_frame): New.
1860 (region_model::remap_svalue_ids): Delete.
1861 (region_model::remap_region_ids): Delete.
1862 (region_model::purge_regions): Delete.
1863 (region_model::get_descendents): Delete.
1864 (region_model::delete_region_and_descendents): Delete.
1865 (region_model::poison_any_pointers_to_bad_regions): Delete.
1866 (region_model::can_merge_with_p): Delete.
1867 (region_model::get_current_function): New.
1868 (region_model::get_value_by_name): Delete.
1869 (region_model::convert_byte_offset_to_array_index): Delete.
1870 (region_model::pop_frame): New.
1871 (region_model::get_or_create_mem_ref): Delete.
1872 (region_model::get_stack_depth): New.
1873 (region_model::get_frame_at_index): New.
1874 (region_model::unbind_region_and_descendents): New.
1875 (struct bad_pointer_finder): New.
1876 (region_model::get_or_create_pointer_plus_expr): Delete.
1877 (region_model::poison_any_pointers_to_descendents): New.
1878 (region_model::get_or_create_view): Delete.
1879 (region_model::can_merge_with_p): New.
1880 (region_model::get_fndecl_for_call): Port from svalue_id to
1881 const svalue *.
1882 (struct append_ssa_names_cb_data): New.
1883 (get_ssa_name_regions_for_current_frame): New.
1884 (region_model::append_ssa_names_cb): New.
1885 (model_merger::dump_to_pp): Add "simple" param. Drop dumping of
1886 remappings.
1887 (model_merger::dump): Add "simple" param to both overloads.
1888 (model_merger::can_merge_values_p): Delete.
1889 (model_merger::record_regions): Delete.
1890 (model_merger::record_svalues): Delete.
1891 (svalue_id_merger_mapping::svalue_id_merger_mapping): Delete.
1892 (svalue_id_merger_mapping::dump_to_pp): Delete.
1893 (svalue_id_merger_mapping::dump): Delete.
1894 (region_model::create_region_for_heap_alloc): New.
1895 (region_model::create_region_for_alloca): New.
1896 (region_model::record_dynamic_extents): New.
1897 (canonicalization::canonicalization): Delete.
1898 (canonicalization::walk_rid): Delete.
1899 (canonicalization::walk_sid): Delete.
1900 (canonicalization::dump_to_pp): Delete.
1901 (canonicalization::dump): Delete.
1902 (inchash::add): Delete overloads for svalue_id and region_id.
1903 (engine::log_stats): New.
1904 (assert_condition): Add overload comparing svalues.
1905 (assert_dump_eq): Pass "true" for multiline.
1906 (selftest::test_dump): Update for rewrite of region_model.
1907 (selftest::test_dump_2): Rename to...
1908 (selftest::test_struct): ...this. Provide a region_model_manager
1909 when creating region_model instance. Remove dump test. Add
1910 checks for get_offset.
1911 (selftest::test_dump_3): Rename to...
1912 (selftest::test_array_1): ...this. Provide a region_model_manager
1913 when creating region_model instance. Remove dump test.
1914 (selftest::test_get_representative_tree): Port from svalue_id to
1915 new API. Add test coverage for various expressions.
1916 (selftest::test_unique_constants): Provide a region_model_manager
1917 for the region_model. Add test coverage for comparing const vs
1918 non-const.
1919 (selftest::test_svalue_equality): Delete.
1920 (selftest::test_region_equality): Delete.
1921 (selftest::test_unique_unknowns): New.
1922 (class purge_all_svalue_ids): Delete.
1923 (class purge_one_svalue_id): Delete.
1924 (selftest::test_purging_by_criteria): Delete.
1925 (selftest::test_initial_svalue_folding): New.
1926 (selftest::test_unaryop_svalue_folding): New.
1927 (selftest::test_binop_svalue_folding): New.
1928 (selftest::test_sub_svalue_folding): New.
1929 (selftest::test_purge_unused_svalues): Delete.
1930 (selftest::test_descendent_of_p): New.
1931 (selftest::test_assignment): Provide a region_model_manager for
1932 the region_model. Drop the dump test.
1933 (selftest::test_compound_assignment): Likewise.
1934 (selftest::test_stack_frames): Port to new implementation.
1935 (selftest::test_get_representative_path_var): Likewise.
1936 (selftest::test_canonicalization_1): Rename to...
1937 (selftest::test_equality_1): ...this. Port to new API, and add
1938 (selftest::test_canonicalization_2): Provide a
1939 region_model_manager when creating region_model instances.
1940 Remove redundant canicalization.
1941 (selftest::test_canonicalization_3): Provide a
1942 region_model_manager when creating region_model instances.
1943 Remove param from calls to region_model::canonicalize.
1944 (selftest::test_canonicalization_4): Likewise.
1945 (selftest::assert_region_models_merge): Constify
1946 out_merged_svalue. Port to new API.
1947 (selftest::test_state_merging): Provide a
1948 region_model_manager when creating region_model instances.
1949 Provide a program_point point when merging them. Replace
1950 set_to_new_unknown_value with usage of placeholder_svalues.
1951 Drop get_value_by_name. Port from svalue_id to const svalue *.
1952 Add test of heap allocation.
1953 (selftest::test_constraint_merging): Provide a
1954 region_model_manager when creating region_model instances.
1955 Provide a program_point point when merging them. Eliminate use
1956 of set_to_new_unknown_value.
1957 (selftest::test_widening_constraints): New.
1958 (selftest::test_iteration_1): New.
1959 (selftest::test_malloc_constraints): Port to store-based
1960 implementation.
1961 (selftest::test_var): New test.
1962 (selftest::test_array_2): New test.
1963 (selftest::test_mem_ref): New test.
1964 (selftest::test_POINTER_PLUS_EXPR_then_MEM_REF): New.
1965 (selftest::test_malloc): New.
1966 (selftest::test_alloca): New.
1967 (selftest::analyzer_region_model_cc_tests): Update for renamings.
1968 Call new functions.
1969 * region-model.h (class path_var): Move to analyzer.h.
1970 (class svalue_id): Delete.
1971 (class region_id): Delete.
1972 (class id_map): Delete.
1973 (svalue_id_map): Delete.
1974 (region_id_map): Delete.
1975 (id_map<T>::id_map): Delete.
1976 (id_map<T>::put): Delete.
1977 (id_map<T>::get_dst_for_src): Delete.
1978 (id_map<T>::get_src_for_dst): Delete.
1979 (id_map<T>::dump_to_pp): Delete.
1980 (id_map<T>::dump): Delete.
1981 (id_map<T>::update): Delete.
1982 (one_way_svalue_id_map): Delete.
1983 (one_way_region_id_map): Delete.
1984 (class region_id_set): Delete.
1985 (class svalue_id_set): Delete.
1986 (struct complexity): New.
1987 (class visitor): New.
1988 (enum svalue_kind): Add SK_SETJMP, SK_INITIAL, SK_UNARYOP,
1989 SK_BINOP, SK_SUB,SK_UNMERGEABLE, SK_PLACEHOLDER, SK_WIDENING,
1990 SK_COMPOUND, and SK_CONJURED.
1991 (svalue::operator==): Delete.
1992 (svalue::operator!=): Delete.
1993 (svalue::clone): Delete.
1994 (svalue::hash): Delete.
1995 (svalue::dump_dot_to_pp): Delete.
1996 (svalue::dump_to_pp): New.
1997 (svalue::dump): New.
1998 (svalue::get_desc): New.
1999 (svalue::dyn_cast_initial_svalue): New.
2000 (svalue::dyn_cast_unaryop_svalue): New.
2001 (svalue::dyn_cast_binop_svalue): New.
2002 (svalue::dyn_cast_sub_svalue): New.
2003 (svalue::dyn_cast_unmergeable_svalue): New.
2004 (svalue::dyn_cast_widening_svalue): New.
2005 (svalue::dyn_cast_compound_svalue): New.
2006 (svalue::dyn_cast_conjured_svalue): New.
2007 (svalue::maybe_undo_cast): New.
2008 (svalue::unwrap_any_unmergeable): New.
2009 (svalue::remap_region_ids): Delete
2010 (svalue::can_merge_p): New.
2011 (svalue::walk_for_canonicalization): Delete
2012 (svalue::get_complexity): New.
2013 (svalue::get_child_sid): Delete
2014 (svalue::accept): New.
2015 (svalue::live_p): New.
2016 (svalue::implicitly_live_p): New.
2017 (svalue::svalue): Add complexity param.
2018 (svalue::add_to_hash): Delete
2019 (svalue::print_details): Delete
2020 (svalue::m_complexity): New field.
2021 (region_svalue::key_t): New struct.
2022 (region_svalue::region_svalue): Port from region_id to
2023 const region_id *. Add complexity.
2024 (region_svalue::compare_fields): Delete.
2025 (region_svalue::clone): Delete.
2026 (region_svalue::dump_dot_to_pp): Delete.
2027 (region_svalue::get_pointee): Port from region_id to
2028 const region_id *.
2029 (region_svalue::remap_region_ids): Delete.
2030 (region_svalue::merge_values): Delete.
2031 (region_svalue::dump_to_pp): New.
2032 (region_svalue::accept): New.
2033 (region_svalue::walk_for_canonicalization): Delete.
2034 (region_svalue::eval_condition): Make params const.
2035 (region_svalue::add_to_hash): Delete.
2036 (region_svalue::print_details): Delete.
2037 (region_svalue::m_rid): Replace with...
2038 (region_svalue::m_reg): ...this.
2039 (is_a_helper <region_svalue *>::test): Convert to...
2040 (is_a_helper <const region_svalue *>::test): ...this.
2041 (template <> struct default_hash_traits<region_svalue::key_t>):
2042 New.
2043 (constant_svalue::constant_svalue): Add complexity.
2044 (constant_svalue::compare_fields): Delete.
2045 (constant_svalue::clone): Delete.
2046 (constant_svalue::add_to_hash): Delete.
2047 (constant_svalue::dump_to_pp): New.
2048 (constant_svalue::accept): New.
2049 (constant_svalue::implicitly_live_p): New.
2050 (constant_svalue::merge_values): Delete.
2051 (constant_svalue::eval_condition): Make params const.
2052 (constant_svalue::get_child_sid): Delete.
2053 (constant_svalue::print_details): Delete.
2054 (is_a_helper <constant_svalue *>::test): Convert to...
2055 (is_a_helper <const constant_svalue *>::test): ...this.
2056 (class unknown_svalue): Update leading comment.
2057 (unknown_svalue::unknown_svalue): Add complexity.
2058 (unknown_svalue::compare_fields): Delete.
2059 (unknown_svalue::add_to_hash): Delete.
2060 (unknown_svalue::dyn_cast_unknown_svalue): Delete.
2061 (unknown_svalue::print_details): Delete.
2062 (unknown_svalue::dump_to_pp): New.
2063 (unknown_svalue::accept): New.
2064 (poisoned_svalue::key_t): New struct.
2065 (poisoned_svalue::poisoned_svalue): Add complexity.
2066 (poisoned_svalue::compare_fields): Delete.
2067 (poisoned_svalue::clone): Delete.
2068 (poisoned_svalue::add_to_hash): Delete.
2069 (poisoned_svalue::dump_to_pp): New.
2070 (poisoned_svalue::accept): New.
2071 (poisoned_svalue::print_details): Delete.
2072 (is_a_helper <poisoned_svalue *>::test): Convert to...
2073 (is_a_helper <const poisoned_svalue *>::test): ...this.
2074 (template <> struct default_hash_traits<poisoned_svalue::key_t>):
2075 New.
2076 (setjmp_record::add_to_hash): New.
2077 (setjmp_svalue::key_t): New struct.
2078 (setjmp_svalue::compare_fields): Delete.
2079 (setjmp_svalue::clone): Delete.
2080 (setjmp_svalue::add_to_hash): Delete.
2081 (setjmp_svalue::setjmp_svalue): Add complexity.
2082 (setjmp_svalue::dump_to_pp): New.
2083 (setjmp_svalue::accept): New.
2084 (setjmp_svalue::void print_details): Delete.
2085 (is_a_helper <const setjmp_svalue *>::test): New.
2086 (template <> struct default_hash_traits<setjmp_svalue::key_t>): New.
2087 (class initial_svalue : public svalue): New.
2088 (is_a_helper <const initial_svalue *>::test): New.
2089 (class unaryop_svalue): New.
2090 (is_a_helper <const unaryop_svalue *>::test): New.
2091 (template <> struct default_hash_traits<unaryop_svalue::key_t>): New.
2092 (class binop_svalue): New.
2093 (is_a_helper <const binop_svalue *>::test): New.
2094 (template <> struct default_hash_traits<binop_svalue::key_t>): New.
2095 (class sub_svalue): New.
2096 (is_a_helper <const sub_svalue *>::test): New.
2097 (template <> struct default_hash_traits<sub_svalue::key_t>): New.
2098 (class unmergeable_svalue): New.
2099 (is_a_helper <const unmergeable_svalue *>::test): New.
2100 (class placeholder_svalue): New.
2101 (is_a_helper <placeholder_svalue *>::test): New.
2102 (class widening_svalue): New.
2103 (is_a_helper <widening_svalue *>::test): New.
2104 (template <> struct default_hash_traits<widening_svalue::key_t>): New.
2105 (class compound_svalue): New.
2106 (is_a_helper <compound_svalue *>::test): New.
2107 (template <> struct default_hash_traits<compound_svalue::key_t>): New.
2108 (class conjured_svalue): New.
2109 (is_a_helper <conjured_svalue *>::test): New.
2110 (template <> struct default_hash_traits<conjured_svalue::key_t>): New.
2111 (enum region_kind): Delete RK_PRIMITIVE, RK_STRUCT, RK_UNION, and
2112 RK_ARRAY. Add RK_LABEL, RK_DECL, RK_FIELD, RK_ELEMENT, RK_OFFSET,
2113 RK_CAST, RK_HEAP_ALLOCATED, RK_ALLOCA, RK_STRING, and RK_UNKNOWN.
2114 (region_kind_to_str): Delete.
2115 (region::~region): Move implementation to region.cc.
2116 (region::operator==): Delete.
2117 (region::operator!=): Delete.
2118 (region::clone): Delete.
2119 (region::get_id): New.
2120 (region::cmp_ids): New.
2121 (region::dyn_cast_map_region): Delete.
2122 (region::dyn_cast_array_region): Delete.
2123 (region::region_id get_parent): Delete.
2124 (region::get_parent_region): Convert to a simple accessor.
2125 (region::void set_value): Delete.
2126 (region::svalue_id get_value): Delete.
2127 (region::svalue_id get_value_direct): Delete.
2128 (region::svalue_id get_inherited_child_sid): Delete.
2129 (region::dyn_cast_frame_region): New.
2130 (region::dyn_cast_function_region): New.
2131 (region::dyn_cast_decl_region): New.
2132 (region::dyn_cast_field_region): New.
2133 (region::dyn_cast_element_region): New.
2134 (region::dyn_cast_offset_region): New.
2135 (region::dyn_cast_cast_region): New.
2136 (region::dyn_cast_string_region): New.
2137 (region::accept): New.
2138 (region::get_base_region): New.
2139 (region::base_region_p): New.
2140 (region::descendent_of_p): New.
2141 (region::maybe_get_frame_region): New.
2142 (region::maybe_get_decl): New.
2143 (region::hash): Delete.
2144 (region::rint): Delete.
2145 (region::dump_dot_to_pp): Delete.
2146 (region::get_desc): New.
2147 (region::dump_to_pp): Convert to vfunc, changing signature.
2148 (region::dump_child_label): Delete.
2149 (region::remap_svalue_ids): Delete.
2150 (region::remap_region_ids): Delete.
2151 (region::dump): New.
2152 (region::walk_for_canonicalization): Delete.
2153 (region::non_null_p): Drop region_model param.
2154 (region::add_view): Delete.
2155 (region::get_view): Delete.
2156 (region::get_active_view): Delete.
2157 (region::is_view_p): Delete.
2158 (region::cmp_ptrs): New.
2159 (region::validate): Delete.
2160 (region::get_offset): New.
2161 (region::get_byte_size): New.
2162 (region::get_bit_size): New.
2163 (region::get_subregions_for_binding): New.
2164 (region::region): Add complexity param. Convert parent from
2165 region_id to const region *. Drop svalue_id. Drop copy ctor.
2166 (region::symbolic_for_unknown_ptr_p): New.
2167 (region::add_to_hash): Delete.
2168 (region::print_fields): Delete.
2169 (region::get_complexity): New accessor.
2170 (region::become_active_view): Delete.
2171 (region::deactivate_any_active_view): Delete.
2172 (region::deactivate_view): Delete.
2173 (region::calc_offset): New.
2174 (region::m_parent_rid): Delete.
2175 (region::m_sval_id): Delete.
2176 (region::m_complexity): New.
2177 (region::m_id): New.
2178 (region::m_parent): New.
2179 (region::m_view_rids): Delete.
2180 (region::m_is_view): Delete.
2181 (region::m_active_view_rid): Delete.
2182 (region::m_cached_offset): New.
2183 (is_a_helper <region *>::test): Convert to...
2184 (is_a_helper <const region *>::test): ... this.
2185 (class primitive_region): Delete.
2186 (class space_region): New.
2187 (class map_region): Delete.
2188 (is_a_helper <map_region *>::test): Delete.
2189 (class frame_region): Reimplement.
2190 (template <> struct default_hash_traits<frame_region::key_t>):
2191 New.
2192 (class globals_region): Reimplement.
2193 (is_a_helper <globals_region *>::test): Convert to...
2194 (is_a_helper <const globals_region *>::test): ...this.
2195 (class struct_or_union_region): Delete.
2196 (is_a_helper <struct_or_union_region *>::test): Delete.
2197 (class code_region): Reimplement.
2198 (is_a_helper <const code_region *>::test): New.
2199 (class struct_region): Delete.
2200 (is_a_helper <struct_region *>::test): Delete.
2201 (class function_region): Reimplement.
2202 (is_a_helper <function_region *>::test): Convert to...
2203 (is_a_helper <const function_region *>::test): ...this.
2204 (class union_region): Delete.
2205 (is_a_helper <union_region *>::test): Delete.
2206 (class label_region): New.
2207 (is_a_helper <const label_region *>::test): New.
2208 (class scope_region): Delete.
2209 (class stack_region): Reimplement.
2210 (is_a_helper <stack_region *>::test): Convert to...
2211 (is_a_helper <const stack_region *>::test): ...this.
2212 (class heap_region): Reimplement.
2213 (is_a_helper <heap_region *>::test): Convert to...
2214 (is_a_helper <const heap_region *>::test): ...this.
2215 (class root_region): Reimplement.
2216 (is_a_helper <root_region *>::test): Convert to...
2217 (is_a_helper <const root_region *>::test): ...this.
2218 (class symbolic_region): Reimplement.
2219 (is_a_helper <const symbolic_region *>::test): New.
2220 (template <> struct default_hash_traits<symbolic_region::key_t>):
2221 New.
2222 (class decl_region): New.
2223 (is_a_helper <const decl_region *>::test): New.
2224 (class field_region): New.
2225 (template <> struct default_hash_traits<field_region::key_t>): New.
2226 (class array_region): Delete.
2227 (class element_region): New.
2228 (is_a_helper <array_region *>::test): Delete.
2229 (is_a_helper <const element_region *>::test): New.
2230 (template <> struct default_hash_traits<element_region::key_t>):
2231 New.
2232 (class offset_region): New.
2233 (is_a_helper <const offset_region *>::test): New.
2234 (template <> struct default_hash_traits<offset_region::key_t>):
2235 New.
2236 (class cast_region): New.
2237 (is_a_helper <const cast_region *>::test): New.
2238 (template <> struct default_hash_traits<cast_region::key_t>): New.
2239 (class heap_allocated_region): New.
2240 (class alloca_region): New.
2241 (class string_region): New.
2242 (is_a_helper <const string_region *>::test): New.
2243 (class unknown_region): New.
2244 (class region_model_manager): New.
2245 (struct append_ssa_names_cb_data): New.
2246 (class call_details): New.
2247 (region_model::region_model): Add region_model_manager param.
2248 (region_model::print_svalue): Delete.
2249 (region_model::dump_dot_to_pp): Delete.
2250 (region_model::dump_dot_to_file): Delete.
2251 (region_model::dump_dot): Delete.
2252 (region_model::dump_to_pp): Drop summarize param in favor of
2253 simple and multiline.
2254 (region_model::dump): Likewise.
2255 (region_model::summarize_to_pp): Delete.
2256 (region_model::summarize): Delete.
2257 (region_model::void canonicalize): Drop ctxt param.
2258 (region_model::void check_for_poison): Delete.
2259 (region_model::get_gassign_result): New.
2260 (region_model::impl_call_alloca): New.
2261 (region_model::impl_call_analyzer_describe): New.
2262 (region_model::impl_call_analyzer_eval): New.
2263 (region_model::impl_call_builtin_expect): New.
2264 (region_model::impl_call_calloc): New.
2265 (region_model::impl_call_free): New.
2266 (region_model::impl_call_malloc): New.
2267 (region_model::impl_call_memset): New.
2268 (region_model::impl_call_strlen): New.
2269 (region_model::get_reachable_svalues): New.
2270 (region_model::handle_phi): Drop is_back_edge param.
2271 (region_model::region_id get_root_rid): Delete.
2272 (region_model::root_region *get_root_region): Delete.
2273 (region_model::region_id get_stack_region_id): Delete.
2274 (region_model::push_frame): Convert from region_id and svalue_id
2275 to const region * and const svalue *.
2276 (region_model::get_current_frame_id): Replace with...
2277 (region_model::get_current_frame): ...this.
2278 (region_model::pop_frame): Convert from region_id to
2279 const region *. Drop purge and stats param. Add out_result.
2280 (region_model::function *get_function_at_depth): Delete.
2281 (region_model::get_globals_region_id): Delete.
2282 (region_model::add_svalue): Delete.
2283 (region_model::replace_svalue): Delete.
2284 (region_model::add_region): Delete.
2285 (region_model::add_region_for_type): Delete.
2286 (region_model::get_svalue): Delete.
2287 (region_model::get_region): Delete.
2288 (region_model::get_lvalue): Convert from region_id to
2289 const region *.
2290 (region_model::get_rvalue): Convert from svalue_id to
2291 const svalue *.
2292 (region_model::get_or_create_ptr_svalue): Delete.
2293 (region_model::get_or_create_constant_svalue): Delete.
2294 (region_model::get_svalue_for_fndecl): Delete.
2295 (region_model::get_svalue_for_label): Delete.
2296 (region_model::get_region_for_fndecl): Delete.
2297 (region_model::get_region_for_label): Delete.
2298 (region_model::get_frame_at_index (int index) const;): New.
2299 (region_model::maybe_cast): Delete.
2300 (region_model::maybe_cast_1): Delete.
2301 (region_model::get_field_region): Delete.
2302 (region_model::id deref_rvalue): Convert from region_id and
2303 svalue_id to const region * and const svalue *. Drop overload,
2304 passing in both a tree and an svalue.
2305 (region_model::set_value): Convert from region_id and svalue_id to
2306 const region * and const svalue *.
2307 (region_model::set_to_new_unknown_value): Delete.
2308 (region_model::clobber_region (const region *reg);): New.
2309 (region_model::purge_region (const region *reg);): New.
2310 (region_model::zero_fill_region (const region *reg);): New.
2311 (region_model::mark_region_as_unknown (const region *reg);): New.
2312 (region_model::copy_region): Convert from region_id to
2313 const region *.
2314 (region_model::eval_condition): Convert from svalue_id to
2315 const svalue *.
2316 (region_model::eval_condition_without_cm): Likewise.
2317 (region_model::compare_initial_and_pointer): New.
2318 (region_model:maybe_get_constant): Delete.
2319 (region_model::add_new_malloc_region): Delete.
2320 (region_model::get_representative_tree): Convert from svalue_id to
2321 const svalue *.
2322 (region_model::get_representative_path_var): Delete decl taking a
2323 region_id in favor of two decls, for svalue vs region, with an
2324 svalue_set to ensure termination.
2325 (region_model::get_path_vars_for_svalue): Delete.
2326 (region_model::create_region_for_heap_alloc): New.
2327 (region_model::create_region_for_alloca): New.
2328 (region_model::purge_unused_svalues): Delete.
2329 (region_model::remap_svalue_ids): Delete.
2330 (region_model::remap_region_ids): Delete.
2331 (region_model::purge_regions): Delete.
2332 (region_model::get_num_svalues): Delete.
2333 (region_model::get_num_regions): Delete.
2334 (region_model::get_descendents): Delete.
2335 (region_model::get_store): New.
2336 (region_model::delete_region_and_descendents): Delete.
2337 (region_model::get_manager): New.
2338 (region_model::unbind_region_and_descendents): New.
2339 (region_model::can_merge_with_p): Add point param. Drop
2340 svalue_id_merger_mapping.
2341 (region_model::get_value_by_name): Delete.
2342 (region_model::convert_byte_offset_to_array_index): Delete.
2343 (region_model::get_or_create_mem_ref): Delete.
2344 (region_model::get_or_create_pointer_plus_expr): Delete.
2345 (region_model::get_or_create_view): Delete.
2346 (region_model::get_lvalue_1): Convert from region_id to
2347 const region *.
2348 (region_model::get_rvalue_1): Convert from svalue_id to
2349 const svalue *.
2350 (region_model::get_ssa_name_regions_for_current_frame): New.
2351 (region_model::append_ssa_names_cb): New.
2352 (region_model::get_store_value): New.
2353 (region_model::copy_struct_region): Delete.
2354 (region_model::copy_union_region): Delete.
2355 (region_model::copy_array_region): Delete.
2356 (region_model::region_exists_p): New.
2357 (region_model::make_region_for_unexpected_tree_code): Delete.
2358 (region_model::loop_replay_fixup): New.
2359 (region_model::poison_any_pointers_to_bad_regions): Delete.
2360 (region_model::poison_any_pointers_to_descendents): New.
2361 (region_model::dump_summary_of_rep_path_vars): Delete.
2362 (region_model::on_top_level_param): New.
2363 (region_model::record_dynamic_extents): New.
2364 (region_model::m_mgr;): New.
2365 (region_model::m_store;): New.
2366 (region_model::m_svalues;): Delete.
2367 (region_model::m_regions;): Delete.
2368 (region_model::m_root_rid;): Delete.
2369 (region_model::m_current_frame;): New.
2370 (region_model_context::remap_svalue_ids): Delete.
2371 (region_model_context::can_purge_p): Delete.
2372 (region_model_context::on_svalue_leak): New.
2373 (region_model_context::on_svalue_purge): Delete.
2374 (region_model_context::on_liveness_change): New.
2375 (region_model_context::on_inherited_svalue): Delete.
2376 (region_model_context::on_cast): Delete.
2377 (region_model_context::on_unknown_change): Convert from svalue_id to
2378 const svalue * and add is_mutable.
2379 (class noop_region_model_context): Update for region_model_context
2380 changes.
2381 (model_merger::model_merger): Add program_point. Drop
2382 svalue_id_merger_mapping.
2383 (model_merger::dump_to_pp): Add "simple" param.
2384 (model_merger::dump): Likewise.
2385 (model_merger::get_region_a): Delete.
2386 (model_merger::get_region_b): Delete.
2387 (model_merger::can_merge_values_p): Delete.
2388 (model_merger::record_regions): Delete.
2389 (model_merger::record_svalues): Delete.
2390 (model_merger::m_point): New field.
2391 (model_merger::m_map_regions_from_a_to_m): Delete.
2392 (model_merger::m_map_regions_from_b_to_m): Delete.
2393 (model_merger::m_sid_mapping): Delete.
2394 (struct svalue_id_merger_mapping): Delete.
2395 (class engine): New.
2396 (struct canonicalization): Delete.
2397 (inchash::add): Delete decls for hashing svalue_id and region_id.
2398 (test_region_model_context::on_unexpected_tree_code): Require t to
2399 be non-NULL.
2400 (selftest::assert_condition): Add overload comparing a pair of
2401 const svalue *.
2402 * sm-file.cc: Include "tristate.h", "selftest.h",
2403 "analyzer/call-string.h", "analyzer/program-point.h",
2404 "analyzer/store.h", and "analyzer/region-model.h".
2405 (fileptr_state_machine::get_default_state): New.
2406 (fileptr_state_machine::on_stmt): Remove calls to
2407 get_readable_tree in favor of get_diagnostic_tree.
2408 * sm-malloc.cc: Include "tristate.h", "selftest.h",
2409 "analyzer/call-string.h", "analyzer/program-point.h",
2410 "analyzer/store.h", and "analyzer/region-model.h".
2411 (malloc_state_machine::get_default_state): New.
2412 (malloc_state_machine::reset_when_passed_to_unknown_fn_p): New.
2413 (malloc_diagnostic::describe_state_change): Handle change.m_expr
2414 being NULL.
2415 (null_arg::emit): Avoid printing "NULL '0'".
2416 (null_arg::describe_final_event): Avoid printing "(0) NULL".
2417 (malloc_leak::emit): Handle m_arg being NULL.
2418 (malloc_leak::describe_final_event): Handle ev.m_expr being NULL.
2419 (malloc_state_machine::on_stmt): Don't call get_readable_tree.
2420 Call get_diagnostic_tree when creating pending diagnostics.
2421 Update for is_zero_assignment becoming a member function of
2422 sm_ctxt.
2423 Don't transition to m_non_heap for ADDR_EXPR(MEM_REF()).
2424 (malloc_state_machine::reset_when_passed_to_unknown_fn_p): New
2425 vfunc implementation.
2426 * sm-sensitive.cc (sensitive_state_machine::warn_for_any_exposure): Call
2427 get_diagnostic_tree and pass the result to warn_for_state.
2428 * sm-signal.cc: Move includes of "analyzer/call-string.h" and
2429 "analyzer/program-point.h" to before "analyzer/region-model.h",
2430 and also include "analyzer/store.h" before it.
2431 (signal_unsafe_call::describe_state_change): Use
2432 get_dest_function to get handler.
2433 (update_model_for_signal_handler): Pass manager to region_model
2434 ctor.
2435 (register_signal_handler::impl_transition): Update for changes to
2436 get_or_create_node and add_edge.
2437 * sm-taint.cc (taint_state_machine::on_stmt): Remove calls to
2438 get_readable_tree, replacing them when calling warn_for_state with
2439 calls to get_diagnostic_tree.
2440 * sm.cc (is_zero_assignment): Delete.
2441 (any_pointer_p): Move to within namespace ana.
2442 * sm.h (is_zero_assignment): Remove decl.
2443 (any_pointer_p): Move decl to within namespace ana.
2444 (state_machine::get_default_state): New vfunc.
2445 (state_machine::reset_when_passed_to_unknown_fn_p): New vfunc.
2446 (sm_context::get_readable_tree): Rename to...
2447 (sm_context::get_diagnostic_tree): ...this.
2448 (sm_context::is_zero_assignment): New vfunc.
2449 * store.cc: New file.
2450 * store.h: New file.
2451 * svalue.cc: New file.
2452
2221fb6f
MW		 24532020-05-22 Mark Wielaard <mark@klomp.org>
2454
2455 * sm-signal.cc(signal_unsafe_call::emit): Possibly add
2456 gcc_rich_location note for replacement.
2457 (signal_unsafe_call::get_replacement_fn): New private function.
2458 (get_async_signal_unsafe_fns): Add "exit".
2459
5eae0ac7
DM		 24602020-04-28 David Malcolm <dmalcolm@redhat.com>
2461
2462 PR analyzer/94816
2463 * engine.cc (impl_region_model_context::on_unexpected_tree_code):
2464 Handle NULL tree.
2465 * region-model.cc (region_model::add_region_for_type): Handle
2466 NULL type.
2467 * region-model.h
2468 (test_region_model_context::on_unexpected_tree_code): Handle NULL
2469 tree.
2470
78b97837
DM		 24712020-04-28 David Malcolm <dmalcolm@redhat.com>
2472
2473 PR analyzer/94447
2474 PR analyzer/94639
2475 PR analyzer/94732
2476 PR analyzer/94754
2477 * analyzer.opt (Wanalyzer-use-of-uninitialized-value): Delete.
2478 * program-state.cc (selftest::test_program_state_dumping): Update
2479 expected dump result for removal of "uninit".
2480 * region-model.cc (poison_kind_to_str): Delete POISON_KIND_UNINIT
2481 case.
2482 (root_region::ensure_stack_region): Initialize stack with null
2483 svalue_id rather than with a typeless POISON_KIND_UNINIT value.
2484 (root_region::ensure_heap_region): Likewise for the heap.
2485 (region_model::dump_summary_of_rep_path_vars): Remove
2486 summarization of uninit values.
2487 (region_model::validate): Remove check that the stack has a
2488 POISON_KIND_UNINIT value.
2489 (poisoned_value_diagnostic::emit): Remove POISON_KIND_UNINIT
2490 case.
2491 (poisoned_value_diagnostic::describe_final_event): Likewise.
2492 (selftest::test_dump): Update expected dump result for removal of
2493 "uninit".
2494 (selftest::test_svalue_equality): Remove "uninit" and "freed".
2495 * region-model.h (enum poison_kind): Remove POISON_KIND_UNINIT.
2496
a96f1c38
DM		 24972020-04-01 David Malcolm <dmalcolm@redhat.com>
2498
2499 PR analyzer/94378
2500 * checker-path.cc: Include "bitmap.h".
2501 * constraint-manager.cc: Likewise.
2502 * diagnostic-manager.cc: Likewise.
2503 * engine.cc: Likewise.
2504 (exploded_node::detect_leaks): Pass null region_id to pop_frame.
2505 * program-point.cc: Include "bitmap.h".
2506 * program-state.cc: Likewise.
2507 * region-model.cc (id_set<region_id>::id_set): Convert to...
2508 (region_id_set::region_id_set): ...this.
2509 (svalue_id_set::svalue_id_set): New ctor.
2510 (region_model::copy_region): New function.
2511 (region_model::copy_struct_region): New function.
2512 (region_model::copy_union_region): New function.
2513 (region_model::copy_array_region): New function.
2514 (stack_region::pop_frame): Drop return value. Add
2515 "result_dst_rid" param; if it is non-null, use copy_region to copy
2516 the result to it. Rather than capture and pass a single "known
2517 used" return value to be used by purge_unused_values, instead
2518 gather and pass a set of known used return values.
2519 (root_region::pop_frame): Drop return value. Add "result_dst_rid"
2520 param.
2521 (region_model::on_assignment): Use copy_region.
2522 (region_model::on_return): Likewise for the result.
2523 (region_model::on_longjmp): Pass null for pop_frame's
2524 result_dst_rid.
2525 (region_model::update_for_return_superedge): Pass the region for the
2526 return value of the call, if any, to pop_frame, rather than setting
2527 the lvalue for the lhs of the result.
2528 (region_model::pop_frame): Drop return value. Add
2529 "result_dst_rid" param.
2530 (region_model::purge_unused_svalues): Convert third param from an
2531 svalue_id * to an svalue_id_set *, updating the initial populating
2532 of the "used" bitmap accordingly. Don't remap it when done.
2533 (struct selftest::coord_test): New selftest fixture, extracted from...
2534 (selftest::test_dump_2): ...here.
2535 (selftest::test_compound_assignment): New selftest.
2536 (selftest::test_stack_frames): Pass null to new param of pop_frame.
2537 (selftest::analyzer_region_model_cc_tests): Call the new selftest.
2538 * region-model.h (class id_set): Delete template.
2539 (class region_id_set): Reimplement, using old id_set implementation.
2540 (class svalue_id_set): Likewise. Convert from auto_sbitmap to
2541 auto_bitmap.
2542 (region::get_active_view): New accessor.
2543 (stack_region::pop_frame): Drop return value. Add
2544 "result_dst_rid" param.
2545 (root_region::pop_frame): Likewise.
2546 (region_model::pop_frame): Likewise.
2547 (region_model::copy_region): New decl.
2548 (region_model::purge_unused_svalues): Convert third param from an
2549 svalue_id * to an svalue_id_set *.
2550 (region_model::copy_struct_region): New decl.
2551 (region_model::copy_union_region): New decl.
2552 (region_model::copy_array_region): New decl.
2553
6969ac30
DM		 25542020-03-27 David Malcolm <dmalcolm@redhat.com>
2555
2556 * program-state.cc (selftest::test_program_state_dumping): Update
2557 expected dump to include symbolic_region's possibly_null field.
2558 * region-model.cc (symbolic_region::print_fields): New vfunc
2559 implementation.
2560 (region_model::add_constraint): Clear m_possibly_null from
2561 symbolic_regions now known to be non-NULL.
2562 (selftest::test_malloc_constraints): New selftest.
2563 (selftest::analyzer_region_model_cc_tests): Call it.
2564 * region-model.h (region::dyn_cast_symbolic_region): Add non-const
2565 overload.
2566 (symbolic_region::dyn_cast_symbolic_region): Implement it.
2567 (symbolic_region::print_fields): New vfunc override decl.
2568
42c63313
DM		 25692020-03-27 David Malcolm <dmalcolm@redhat.com>
2570
2571 * analyzer.h (class feasibility_problem): New forward decl.
2572 * diagnostic-manager.cc (saved_diagnostic::saved_diagnostic):
2573 Initialize new fields m_status, m_epath_length, and m_problem.
2574 (saved_diagnostic::~saved_diagnostic): Delete m_problem.
2575 (dedupe_candidate::dedupe_candidate): Convert "sd" param from a
2576 const ref to a mutable ptr.
2577 (dedupe_winners::add): Convert "sd" param from a const ref to a
2578 mutable ptr. Record the length of the exploded_path. Record the
2579 feasibility/infeasibility of sd into sd, capturing a
2580 feasibility_problem when feasible_p fails, and storing it in sd.
2581 (diagnostic_manager::emit_saved_diagnostics): Update for pass by
2582 ptr rather than by const ref.
2583 * diagnostic-manager.h (class saved_diagnostic): Add new enum
2584 status. Add fields m_status, m_epath_length and m_problem.
2585 (saved_diagnostic::set_feasible): New member function.
2586 (saved_diagnostic::set_infeasible): New member function.
2587 (saved_diagnostic::get_feasibility_problem): New accessor.
2588 (saved_diagnostic::get_status): New accessor.
2589 (saved_diagnostic::set_epath_length): New member function.
2590 (saved_diagnostic::get_epath_length): New accessor.
2591 * engine.cc: Include "gimple-pretty-print.h".
2592 (exploded_path::feasible_p): Add OUT param and, if non-NULL, write
2593 a new feasibility_problem to it on failure.
2594 (viz_callgraph_node::dump_dot): Convert begin_tr calls to
2595 begin_trtd. Convert end_tr calls to end_tdtr.
2596 (class exploded_graph_annotator): New subclass of dot_annotator.
2597 (impl_run_checkers): Add a second -fdump-analyzer-supergraph dump
2598 after the analysis runs, using exploded_graph_annotator. dumping
2599 to DUMP_BASE_NAME.supergraph-eg.dot.
2600 * exploded-graph.h (exploded_node::get_dot_fillcolor): Make
2601 public.
2602 (exploded_path::feasible_p): Add OUT param.
2603 (class feasibility_problem): New class.
2604 * state-purge.cc (state_purge_annotator::add_node_annotations):
2605 Return a bool, add a "within_table" param.
2606 (print_vec_of_names): Convert begin_tr calls to begin_trtd.
2607 Convert end_tr calls to end_tdtr.
2608 (state_purge_annotator::add_stmt_annotations): Add "within_row"
2609 param.
2610 * state-purge.h ((state_purge_annotator::add_node_annotations):
2611 Return a bool, add a "within_table" param.
2612 (state_purge_annotator::add_stmt_annotations): Add "within_row"
2613 param.
2614 * supergraph.cc (supernode::dump_dot): Call add_node_annotations
2615 twice: as before, passing false for "within_table", then again
2616 with true when within the TABLE element. Convert some begin_tr
2617 calls to begin_trtd, and some end_tr calls to end_tdtr.
2618 Repeat each add_stmt_annotations call, distinguishing between
2619 calls that add TRs and those that add TDs to an existing TR.
2620 Add a call to add_after_node_annotations.
2621 * supergraph.h (dot_annotator::add_node_annotations): Add a
2622 "within_table" param.
2623 (dot_annotator::add_stmt_annotations): Add a "within_row" param.
2624 (dot_annotator::add_after_node_annotations): New vfunc.
2625
8f023575
DM		 26262020-03-27 David Malcolm <dmalcolm@redhat.com>
2627
2628 * diagnostic-manager.cc (dedupe_winners::add): Show the
2629 exploded_node index in the log messages.
2630 (diagnostic_manager::emit_saved_diagnostics): Log a summary of
2631 m_saved_diagnostics at entry.
2632
4d661bb7
DM		 26332020-03-27 David Malcolm <dmalcolm@redhat.com>
2634
2635 * supergraph.cc (superedge::dump): Add space before description;
2636 move newline to non-pretty_printer overload.
2637
884d9141
DM		 26382020-03-18 David Malcolm <dmalcolm@redhat.com>
2639
2640 * region-model.cc: Include "stor-layout.h".
2641 (region_model::dump_to_pp): Rather than calling
2642 dump_summary_of_map on each of the current frame and the globals,
2643 instead get a vec of representative path_vars for all regions,
2644 and then dump a summary of all of them.
2645 (region_model::dump_summary_of_map): Delete, rewriting into...
2646 (region_model::dump_summary_of_rep_path_vars): ...this new
2647 function, working on a vec of path_vars.
2648 (region_model::set_value): New overload.
2649 (region_model::get_representative_path_var): Rename
2650 "parent_region" local to "parent_reg" and consolidate with other
2651 local. Guard test for grandparent being stack on parent_reg being
2652 non-NULL. Move handling for parent being an array_region to
2653 within guard for parent_reg being non-NULL.
2654 (selftest::make_test_compound_type): New function.
2655 (selftest::test_dump_2): New selftest.
2656 (selftest::test_dump_3): New selftest.
2657 (selftest::test_stack_frames): Update expected output from
2658 simplified dump to show "a" and "b" from parent frame and "y" in
2659 child frame.
2660 (selftest::analyzer_region_model_cc_tests): Call test_dump_2 and
2661 test_dump_3.
2662 * region-model.h (region_model::set_value): New overload decl.
2663 (region_model::dump_summary_of_map): Delete.
2664 (region_model::dump_summary_of_rep_path_vars): New.
2665
7d9c107a
DM		 26662020-03-18 David Malcolm <dmalcolm@redhat.com>
2667
2668 * region-model.h (class noop_region_model_context): New subclass
2669 of region_model_context.
2670 (class tentative_region_model_context): Inherit from
2671 noop_region_model_context rather than from region_model_context;
2672 drop redundant vfunc implementations.
2673 (class test_region_model_context): Likewise.
2674
0db2cd17
DM		 26752020-03-18 David Malcolm <dmalcolm@redhat.com>
2676
2677 * engine.cc (exploded_node::exploded_node): Move implementation
2678 here from header; accept point_and_state by const reference rather
2679 than by value.
2680 * exploded-graph.h (exploded_node::exploded_node): Pass
2681 point_and_state by const reference rather than by value. Move
2682 body to engine.cc.
2683
d5029d45
JJ		 26842020-03-18 Jakub Jelinek <jakub@redhat.com>
2685
2686 * sm-malloc.cc (malloc_state_machine::on_stmt): Fix up duplicated word
2687 issue in a comment.
2688 * region-model.cc (region_model::make_region_for_unexpected_tree_code,
2689 region_model::delete_region_and_descendents): Likewise.
2690 * engine.cc (class exploded_cluster): Likewise.
2691 * diagnostic-manager.cc (class path_builder): Likewise.
2692
5c048755
DM		 26932020-03-13 David Malcolm <dmalcolm@redhat.com>
2694
2695 PR analyzer/94099
2696 PR analyzer/94105
2697 * diagnostic-manager.cc (for_each_state_change): Bulletproof
2698 against errors in get_rvalue by passing a
2699 tentative_region_model_context and rejecting if there's an error.
2700 * region-model.cc (region_model::get_lvalue_1): When handling
2701 ARRAY_REF, handle results of error-handling. Handle NOP_EXPR.
2702
90f7c300
DM		 27032020-03-06 David Malcolm <dmalcolm@redhat.com>
2704
2705 * analyzer.h (class array_region): New forward decl.
2706 * program-state.cc (selftest::test_program_state_dumping_2): New.
2707 (selftest::analyzer_program_state_cc_tests): Call it.
2708 * region-model.cc (array_region::constant_from_key): New.
2709 (region_model::get_representative_tree): Handle region_svalue by
2710 generating an ADDR_EXPR.
2711 (region_model::get_representative_path_var): In view handling,
2712 remove erroneous TREE_TYPE when determining the type of the tree.
2713 Handle array regions and STRING_CST.
2714 (selftest::assert_dump_tree_eq): New.
2715 (ASSERT_DUMP_TREE_EQ): New macro.
2716 (selftest::test_get_representative_tree): New selftest.
2717 (selftest::analyzer_region_model_cc_tests): Call it.
2718 * region-model.h (region::dyn_cast_array_region): New vfunc.
2719 (array_region::dyn_cast_array_region): New vfunc implementation.
2720 (array_region::constant_from_key): New decl.
2721
41f99ba6
DM		 27222020-03-06 David Malcolm <dmalcolm@redhat.com>
2723
2724 * analyzer.h (dump_quoted_tree): New decl.
2725 * engine.cc (exploded_node::dump_dot): Pass region model to
2726 sm_state_map::print.
2727 * program-state.cc: Include diagnostic-core.h.
2728 (sm_state_map::print): Add "model" param and use it to print
2729 representative trees. Only print origin information if non-null.
2730 (sm_state_map::dump): Pass NULL for model to print call.
2731 (program_state::print): Pass region model to sm_state_map::print.
2732 (program_state::dump_to_pp): Use spaces rather than newlines when
2733 summarizing. Pass region_model to sm_state_map::print.
2734 (ana::selftest::assert_dump_eq): New function.
2735 (ASSERT_DUMP_EQ): New macro.
2736 (ana::selftest::test_program_state_dumping): New function.
2737 (ana::selftest::analyzer_program_state_cc_tests): Call it.
2738 * program-state.h (program_state::print): Add model param.
2739 * region-model.cc (dump_quoted_tree): New function.
2740 (map_region::print_fields): Use dump_quoted_tree rather than
2741 %qE to avoid lang-dependent output.
2742 (map_region::dump_child_label): Likewise.
2743 (region_model::dump_summary_of_map): For SK_REGION, when
2744 get_representative_path_var fails, print the region id rather than
2745 erroneously printing NULL.
2746 * sm.cc (state_machine::get_state_by_name): New function.
2747 * sm.h (state_machine::get_state_by_name): New decl.
2748
3c1645a3
DM		 27492020-03-04 David Malcolm <dmalcolm@redhat.com>
2750
2751 * region-model.cc (region::validate): Convert model param from ptr
2752 to reference. Update comment to reflect that it's now a vfunc.
2753 (map_region::validate): New vfunc implementation.
2754 (array_region::validate): New vfunc implementation.
2755 (stack_region::validate): New vfunc implementation.
2756 (root_region::validate): New vfunc implementation.
2757 (region_model::validate): Pass a reference rather than a pointer
2758 to the region::validate vfunc.
2759 * region-model.h (region::validate): Make virtual. Convert model
2760 param from ptr to reference.
2761 (map_region::validate): New vfunc decl.
2762 (array_region::validate): New vfunc decl.
2763 (stack_region::validate): New vfunc decl.
2764 (root_region::validate): New vfunc decl.
2765
e516294a
DM		 27662020-03-04 David Malcolm <dmalcolm@redhat.com>
2767
2768 PR analyzer/93993
2769 * region-model.cc (region_model::on_call_pre): Handle
2770 BUILT_IN_EXPECT and its variants.
2771 (region_model::add_any_constraints_from_ssa_def_stmt): Split out
2772 gassign handling into add_any_constraints_from_gassign; add gcall
2773 handling.
2774 (region_model::add_any_constraints_from_gassign): New function,
2775 based on the above. Add handling for NOP_EXPR.
2776 (region_model::add_any_constraints_from_gcall): New function.
2777 (region_model::get_representative_path_var): Handle views.
2778 * region-model.h
2779 (region_model::add_any_constraints_from_ssa_def_stmt): New decl.
2780 (region_model::add_any_constraints_from_gassign): New decl.
2781
3d66e153
DM		 27822020-03-04 David Malcolm <dmalcolm@redhat.com>
2783
2784 PR analyzer/93993
2785 * checker-path.h (state_change_event::get_lvalue): Add ctxt param
2786 and pass it to region_model::get_value call.
2787 * diagnostic-manager.cc (get_any_origin): Pass a
2788 tentative_region_model_context to the calls to get_lvalue and reject
2789 the comparison if errors occur.
2790 (can_be_expr_of_interest_p): New function.
2791 (diagnostic_manager::prune_for_sm_diagnostic): Replace checks for
2792 CONSTANT_CLASS_P with calls to update_for_unsuitable_sm_exprs.
2793 Pass a tentative_region_model_context to the calls to
2794 state_change_event::get_lvalue and reject the comparison if errors
2795 occur.
2796 (diagnostic_manager::update_for_unsuitable_sm_exprs): New.
2797 * diagnostic-manager.h
2798 (diagnostic_manager::update_for_unsuitable_sm_exprs): New decl.
2799 * region-model.h (class tentative_region_model_context): New class.
2800
13e3ba14
DM		 28012020-03-04 David Malcolm <dmalcolm@redhat.com>
2802
2803 * engine.cc (worklist::worklist): Remove unused field m_eg.
2804 (class viz_callgraph_edge): Remove unused field m_call_sedge.
2805 (class viz_callgraph): Remove unused field m_sg.
2806 * exploded-graph.h (worklist::::m_eg): Remove unused field.
2807
13b76912
DM		 28082020-03-02 David Malcolm <dmalcolm@redhat.com>
2809
2810 * analyzer.opt (fanalyzer-show-duplicate-count): New option.
2811 * diagnostic-manager.cc
2812 (diagnostic_manager::emit_saved_diagnostic): Use the above to
2813 guard the printing of the duplicate count.
2814
9f00b22f
DM		 28152020-03-02 David Malcolm <dmalcolm@redhat.com>
2816
2817 PR analyzer/93959
2818 * analyzer.cc (is_std_function_p): New function.
2819 (is_std_named_call_p): New functions.
2820 * analyzer.h (is_std_named_call_p): New decl.
2821 * sm-malloc.cc (malloc_state_machine::on_stmt): Check for "std::"
2822 variants when checking for malloc, calloc and free.
2823
71b633aa
DM		 28242020-02-26 David Malcolm <dmalcolm@redhat.com>
2825
2826 PR analyzer/93950
2827 * diagnostic-manager.cc
2828 (diagnostic_manager::prune_for_sm_diagnostic): Assert that var is
2829 either NULL or not a constant. When updating var, bulletproof
2830 against constant values.
2831
0ba70d1b
DM		 28322020-02-26 David Malcolm <dmalcolm@redhat.com>
2833
2834 PR analyzer/93947
2835 * region-model.cc (region_model::get_fndecl_for_call): Gracefully
2836 fail for fn_decls that don't have a cgraph_node.
2837
67fa274c
DM		 28382020-02-26 David Malcolm <dmalcolm@redhat.com>
2839
2840 * bar-chart.cc: New file.
2841 * bar-chart.h: New file.
2842 * engine.cc: Include "analyzer/bar-chart.h".
2843 (stats::log): Only log the m_num_nodes kinds that are non-zero.
2844 (stats::dump): Likewise when dumping.
2845 (stats::get_total_enodes): New.
2846 (exploded_graph::get_or_create_node): Increment the per-point-data
2847 m_excess_enodes when hitting the per-program-point limit on
2848 enodes.
2849 (exploded_graph::print_bar_charts): New.
2850 (exploded_graph::log_stats): Log the number of unprocessed enodes
2851 in the worklist. Call print_bar_charts.
2852 (exploded_graph::dump_stats): Print the number of unprocessed
2853 enodes in the worklist.
2854 * exploded-graph.h (stats::get_total_enodes): New decl.
2855 (struct per_program_point_data): Add field m_excess_enodes.
2856 (exploded_graph::print_bar_charts): New decl.
2857 * supergraph.cc (superedge::dump): New.
2858 (superedge::dump): New.
2859 * supergraph.h (supernode::get_function): New.
2860 (superedge::dump): New decl.
2861 (superedge::dump): New decl.
2862
f2ca2088
DM		 28632020-02-24 David Malcolm <dmalcolm@redhat.com>
2864
2865 * engine.cc (exploded_graph::get_or_create_node): Dump the
2866 program_state to the pp, rather than to stderr.
2867
b3d788a2
DM		 28682020-02-24 David Malcolm <dmalcolm@redhat.com>
2869
2870 PR analyzer/93032
2871 * sm.cc (make_checkers): Require the "taint" checker to be
2872 explicitly enabled.
2873
3a25f345
DM		 28742020-02-24 David Malcolm <dmalcolm@redhat.com>
2875
2876 PR analyzer/93899
2877 * engine.cc
2878 (impl_region_model_context::impl_region_model_context): Add logger
2879 param.
2880 * engine.cc (exploded_graph::add_function_entry): Create an
2881 impl_region_model_context and pass it to the push_frame call.
2882 Bail if the resulting state is invalid.
2883 (exploded_graph::build_initial_worklist): Likewise.
2884 (exploded_graph::build_initial_worklist): Handle the case where
2885 add_function_entry fails.
2886 * exploded-graph.h
2887 (impl_region_model_context::impl_region_model_context): Add logger
2888 param.
2889 * region-model.cc (map_region::get_or_create): Add ctxt param and
2890 pass it to add_region_for_type.
2891 (map_region::can_merge_p): Pass NULL as a ctxt to call to
2892 get_or_create.
2893 (array_region::get_element): Pass ctxt to call to get_or_create.
2894 (array_region::get_or_create): Add ctxt param and pass it to
2895 add_region_for_type.
2896 (root_region::push_frame): Pass ctxt to get_or_create calls.
2897 (region_model::get_lvalue_1): Likewise.
2898 (region_model::make_region_for_unexpected_tree_code): Assert that
2899 ctxt is non-NULL.
2900 (region_model::get_rvalue_1): Pass ctxt to get_svalue_for_fndecl
2901 and get_svalue_for_label calls.
2902 (region_model::get_svalue_for_fndecl): Add ctxt param and pass it
2903 to get_region_for_fndecl.
2904 (region_model::get_region_for_fndecl): Add ctxt param and pass it
2905 to get_or_create.
2906 (region_model::get_svalue_for_label): Add ctxt param and pass it
2907 to get_region_for_label.
2908 (region_model::get_region_for_label): Add ctxt param and pass it
2909 to get_region_for_fndecl and get_or_create.
2910 (region_model::get_field_region): Add ctxt param and pass it to
2911 get_or_create_view and get_or_create.
2912 (make_region_for_type): Replace gcc_unreachable with return NULL.
2913 (region_model::add_region_for_type): Add ctxt param. Handle a
2914 return of NULL from make_region_for_type by calling
2915 make_region_for_unexpected_tree_code.
2916 (region_model::get_or_create_mem_ref): Pass ctxt to calls to
2917 get_or_create_view.
2918 (region_model::get_or_create_view): Add ctxt param and pass it to
2919 add_region_for_type.
2920 (selftest::test_state_merging): Pass ctxt to get_or_create_view.
2921 * region-model.h (region_model::get_or_create): Add ctxt param.
2922 (region_model::add_region_for_type): Likewise.
2923 (region_model::get_svalue_for_fndecl): Likewise.
2924 (region_model::get_svalue_for_label): Likewise.
2925 (region_model::get_region_for_fndecl): Likewise.
2926 (region_model::get_region_for_label): Likewise.
2927 (region_model::get_field_region): Likewise.
2928 (region_model::get_or_create_view): Likewise.
2929
004f2c07
DM		 29302020-02-24 David Malcolm <dmalcolm@redhat.com>
2931
2932 * checker-path.cc (superedge_event::should_filter_p): Update
2933 filter for empty descriptions to cover verbosity level 3 as well
2934 as 2.
2935 * diagnostic-manager.cc: Include "analyzer/reachability.h".
2936 (class path_builder): New class.
2937 (diagnostic_manager::emit_saved_diagnostic): Create a path_builder
2938 and pass it to build_emission_path, rather passing eg; similarly
2939 for add_events_for_eedge and ext_state.
2940 (diagnostic_manager::build_emission_path): Replace "eg" param
2941 with a path_builder, pass it to add_events_for_eedge.
2942 (diagnostic_manager::add_events_for_eedge): Replace ext_state
2943 param with path_builder; pass it to add_events_for_superedge.
2944 (diagnostic_manager::significant_edge_p): New.
2945 (diagnostic_manager::add_events_for_superedge): Add path_builder
2946 param. Reject insignificant edges at verbosity levels below 3.
2947 (diagnostic_manager::prune_for_sm_diagnostic): Update highest
2948 verbosity level to 4.
2949 * diagnostic-manager.h (class path_builder): New forward decl.
2950 (diagnostic_manager::build_emission_path): Replace "eg" param
2951 with a path_builder.
2952 (diagnostic_manager::add_events_for_eedge): Replace ext_state
2953 param with path_builder.
2954 (diagnostic_manager::significant_edge_p): New.
2955 (diagnostic_manager::add_events_for_superedge): Add path_builder
2956 param.
2957 * reachability.h: New file.
2958
0b2b45a6
DM		 29592020-02-18 David Malcolm <dmalcolm@redhat.com>
2960
2961 PR analyzer/93692
2962 * analyzer.opt (fdump-analyzer-callgraph): Rewrite description.
2963
4f40164a
DM		 29642020-02-18 David Malcolm <dmalcolm@redhat.com>
2965
2966 PR analyzer/93777
2967 * region-model.cc (region_model::maybe_cast_1): Replace assertion
2968 that build_cast returns non-NULL with a conditional, falling
2969 through to the logic which returns a new unknown value of the
2970 desired type if it fails.
2971
2e623393
DM		 29722020-02-18 David Malcolm <dmalcolm@redhat.com>
2973
2974 PR analyzer/93778
2975 * engine.cc (impl_region_model_context::on_unknown_tree_code):
2976 Rename to...
2977 (impl_region_model_context::on_unexpected_tree_code): ...this and
2978 convert first argument from path_var to tree.
2979 (exploded_node::on_stmt): Pass ctxt to purge_for_unknown_fncall.
2980 * exploded-graph.h (region_model_context::on_unknown_tree_code):
2981 Rename to...
2982 (region_model_context::on_unexpected_tree_code): ...this and
2983 convert first argument from path_var to tree.
2984 * program-state.cc (sm_state_map::purge_for_unknown_fncall): Add
2985 ctxt param and pass on to calls to get_rvalue.
2986 * program-state.h (sm_state_map::purge_for_unknown_fncall): Add
2987 ctxt param.
2988 * region-model.cc (region_model::handle_unrecognized_call): Pass
2989 ctxt on to call to get_rvalue.
2990 (region_model::get_lvalue_1): Move body of default case to
2991 region_model::make_region_for_unexpected_tree_code and call it.
2992 Within COMPONENT_REF case, reject attempts to handle types other
2993 than RECORD_TYPE and UNION_TYPE.
2994 (region_model::make_region_for_unexpected_tree_code): New
2995 function, based on default case of region_model::get_lvalue_1.
2996 * region-model.h
2997 (region_model::make_region_for_unexpected_tree_code): New decl.
2998 (region_model::on_unknown_tree_code): Rename to...
2999 (region_model::on_unexpected_tree_code): ...this and convert first
3000 argument from path_var to tree.
3001 (class test_region_model_context): Update vfunc implementation for
3002 above change.
3003
a674c7b8
DM		 30042020-02-18 David Malcolm <dmalcolm@redhat.com>
3005
3006 PR analyzer/93774
3007 * region-model.cc
3008 (region_model::convert_byte_offset_to_array_index): Use
3009 int_size_in_bytes before calling size_in_bytes, to gracefully fail
3010 on incomplete types.
3011
d8cde6f9
DM		 30122020-02-17 David Malcolm <dmalcolm@redhat.com>
3013
3014 PR analyzer/93775
3015 * region-model.cc (region_model::get_fndecl_for_call): Handle the
3016 case where the code_region's get_tree_for_child_region returns
3017 NULL.
3018
f76a88eb
DM		 30192020-02-17 David Malcolm <dmalcolm@redhat.com>
3020
3021 PR analyzer/93388
3022 * engine.cc (impl_region_model_context::on_unknown_tree_code):
3023 New.
3024 (exploded_graph::get_or_create_node): Reject invalid states.
3025 * exploded-graph.h
3026 (impl_region_model_context::on_unknown_tree_code): New decl.
3027 (point_and_state::point_and_state): Assert that the state is
3028 valid.
3029 * program-state.cc (program_state::program_state): Initialize
3030 m_valid to true.
3031 (program_state::operator=): Copy m_valid.
3032 (program_state::program_state): Likewise for move constructor.
3033 (program_state::print): Print m_valid.
3034 (program_state::dump_to_pp): Likewise.
3035 * program-state.h (program_state::m_valid): New field.
3036 * region-model.cc (region_model::get_lvalue_1): Implement the
3037 default case by returning a new symbolic region and calling
3038 the context's on_unknown_tree_code, rather than issuing an
3039 internal_error. Implement VIEW_CONVERT_EXPR.
3040 * region-model.h (region_model_context::on_unknown_tree_code): New
3041 vfunc.
3042 (test_region_model_context::on_unknown_tree_code): New.
3043
0993ad65
DM		 30442020-02-17 David Malcolm <dmalcolm@redhat.com>
3045
3046 * sm-malloc.cc (malloc_diagnostic::describe_state_change): For
3047 transition to the "null" state, only say "assuming" when
3048 transitioning from the "unchecked" state.
3049
67098787
DM		 30502020-02-17 David Malcolm <dmalcolm@redhat.com>
3051
3052 * diagnostic-manager.h (diagnostic_manager::get_saved_diagnostic):
3053 Add const overload.
3054 * engine.cc (exploded_node::dump_dot): Dump saved_diagnostics.
3055 * exploded-graph.h (exploded_graph::get_diagnostic_manager): Add
3056 const overload.
3057
91f993b7
DM		 30582020-02-11 David Malcolm <dmalcolm@redhat.com>
3059
3060 PR analyzer/93288
3061 * analysis-plan.cc (analysis_plan::use_summary_p): Look through
3062 the ultimate_alias_target when getting the called function.
3063 * engine.cc (exploded_node::on_stmt): Rename second "ctxt" to
3064 "sm_ctxt". Use the region_model's get_fndecl_for_call rather than
3065 gimple_call_fndecl.
3066 * region-model.cc (region_model::get_fndecl_for_call): Use
3067 ultimate_alias_target on fndecl.
3068 * supergraph.cc (get_ultimate_function_for_cgraph_edge): New
3069 function.
3070 (supergraph_call_edge): Use it when rejecting edges without
3071 functions.
3072 (supergraph::supergraph): Use it to get the function for the
3073 cgraph_edge when building interprocedural superedges.
3074 (callgraph_superedge::get_callee_function): Use it.
3075 * supergraph.h (supergraph::get_num_snodes): Make param const.
3076 (supergraph::function_to_num_snodes_t): Make first type param
3077 const.
3078
a60d9889
DM		 30792020-02-11 David Malcolm <dmalcolm@redhat.com>
3080
3081 PR analyzer/93374
3082 * engine.cc (exploded_edge::exploded_edge): Add ext_state param
3083 and pass it to change.validate.
3084 (exploded_graph::get_or_create_node): Move purging of change
3085 svalues to also cover the case of reusing an existing enode.
3086 (exploded_graph::add_edge): Pass m_ext_state to exploded_edge's
3087 ctor.
3088 * exploded-graph.h (exploded_edge::exploded_edge): Add ext_state
3089 param.
3090 * program-state.cc (state_change::sm_change::validate): Likewise.
3091 Assert that m_sm_idx is sane. Use ext_state to validate
3092 m_old_state and m_new_state.
3093 (state_change::validate): Add ext_state param and pass it to
3094 the sm_change validate calls.
3095 * program-state.h (state_change::sm_change::validate): Add
3096 ext_state param.
3097 (state_change::validate): Likewise.
3098
a0e4929b
DM		 30992020-02-11 David Malcolm <dmalcolm@redhat.com>
3100
3101 PR analyzer/93669
3102 * engine.cc (exploded_graph::dump_exploded_nodes): Handle missing
3103 case of STATUS_WORKLIST in implementation of
3104 "__analyzer_dump_exploded_nodes".
3105
cd28b759
DM		 31062020-02-11 David Malcolm <dmalcolm@redhat.com>
3107
3108 PR analyzer/93649
3109 * constraint-manager.cc (constraint_manager::add_constraint): When
3110 merging equivalence classes and updating m_constant, also update
3111 m_cst_sid.
3112 (constraint_manager::validate): If m_constant is non-NULL assert
3113 that m_cst_sid is non-null and is valid.
3114
5e17c1bd
DM		 31152020-02-11 David Malcolm <dmalcolm@redhat.com>
3116
3117 PR analyzer/93657
3118 * analyzer.opt (fdump-analyzer): Reword description.
3119 (fdump-analyzer-stderr): Likewise.
3120
c46d057f
DM		 31212020-02-11 David Malcolm <dmalcolm@redhat.com>
3122
3123 * region-model.cc (print_quoted_type): New function.
3124 (svalue::print): Use it to replace %qT.
3125 (region::dump_to_pp): Likewise.
3126 (region::dump_child_label): Likewise.
3127 (region::print_fields): Likewise.
3128
eb031d4b
DM		 31292020-02-10 David Malcolm <dmalcolm@redhat.com>
3130
3131 PR analyzer/93659
3132 * analyzer.opt (-param=analyzer-max-recursion-depth=): Fix "tha"
3133 -> "that" typo.
3134 (Wanalyzer-use-of-uninitialized-value): Fix "initialized" ->
3135 "uninitialized" typo.
3136
e87deb37
DM		 31372020-02-10 David Malcolm <dmalcolm@redhat.com>
3138
3139 PR analyzer/93350
3140 * region-model.cc (region_model::get_lvalue_1):
3141 Handle BIT_FIELD_REF.
3142 (make_region_for_type): Handle VECTOR_TYPE.
3143
e953f958
DM		 31442020-02-10 David Malcolm <dmalcolm@redhat.com>
3145
3146 PR analyzer/93647
3147 * diagnostic-manager.cc
3148 (diagnostic_manager::prune_for_sm_diagnostic): Bulletproof against
3149 VAR being constant.
3150 * region-model.cc (region_model::get_lvalue_1): Provide a better
3151 error message when encountering an unhandled tree code.
3152
41a9e940
DM		 31532020-02-10 David Malcolm <dmalcolm@redhat.com>
3154
3155 PR analyzer/93405
3156 * region-model.cc (region_model::get_lvalue_1): Implement
3157 CONST_DECL.
3158
cb273d81
DM		 31592020-02-06 David Malcolm <dmalcolm@redhat.com>
3160
3161 * region-model.cc (region_model::maybe_cast_1): Attempt to provide
3162 a region_svalue if either type is a pointer, rather than if both
3163 types are pointers.
3164
a4d3bfc0
DM		 31652020-02-05 David Malcolm <dmalcolm@redhat.com>
3166
3167 * engine.cc (exploded_node::dump_dot): Show merger enodes.
3168 (worklist::add_node): Assert that the node's m_status is
3169 STATUS_WORKLIST.
3170 (exploded_graph::process_worklist): Likewise for nodes from the
3171 worklist. Set status of merged nodes to STATUS_MERGER.
3172 (exploded_graph::process_node): Set status of node to
3173 STATUS_PROCESSED.
3174 (exploded_graph::dump_exploded_nodes): Rework handling of
3175 "__analyzer_dump_exploded_nodes", splitting enodes by status into
3176 "processed" and "merger", showing the count of just the processed
3177 enodes at the call, rather than the count of all enodes.
3178 * exploded-graph.h (exploded_node::status): New enum.
3179 (exploded_node::exploded_node): Initialize m_status to
3180 STATUS_WORKLIST.
3181 (exploded_node::get_status): New getter.
3182 (exploded_node::set_status): New setter.
3183
1dae549d
DM		 31842020-02-04 David Malcolm <dmalcolm@redhat.com>
3185
3186 PR analyzer/93543
3187 * engine.cc (pod_hash_traits<function_call_string>::mark_empty):
3188 Eliminate reinterpret_cast.
3189 (pod_hash_traits<function_call_string>::is_empty): Likewise.
3190
833f1e66
DM		 31912020-02-03 David Malcolm <dmalcolm@redhat.com>
3192
3193 * constraint-manager.cc (range::constrained_to_single_element):
3194 Replace fold_build2 with fold_binary. Remove unnecessary newline.
3195 (constraint_manager::get_or_add_equiv_class): Replace fold_build2
3196 with fold_binary in two places, and remove out-of-date comment.
3197 (constraint_manager::eval_condition): Replace fold_build2 with
3198 fold_binary.
3199 * region-model.cc (constant_svalue::eval_condition): Likewise.
3200 (region_model::on_assignment): Likewise.
3201
8525d1f5
DM		 32022020-02-03 David Malcolm <dmalcolm@redhat.com>
3203
3204 PR analyzer/93544
3205 * diagnostic-manager.cc
3206 (diagnostic_manager::prune_for_sm_diagnostic): Bulletproof
3207 against bad choices due to bad paths.
3208 * engine.cc (impl_region_model_context::on_phi): New.
3209 * exploded-graph.h (impl_region_model_context::on_phi): New decl.
3210 * region-model.cc (region_model::on_longjmp): Likewise.
3211 (region_model::handle_phi): Add phi param. Call the ctxt's on_phi
3212 vfunc.
3213 (region_model::update_for_phis): Pass phi to handle_phi.
3214 * region-model.h (region_model::handle_phi): Add phi param.
3215 (region_model_context::on_phi): New vfunc.
3216 (test_region_model_context::on_phi): New.
3217 * sm-malloc.cc (malloc_state_machine::on_phi): New.
3218 (malloc_state_machine::on_zero_assignment): New.
3219 * sm.h (state_machine::on_phi): New vfunc.
3220
73f38658
DM		 32212020-02-03 David Malcolm <dmalcolm@redhat.com>
3222
3223 * engine.cc (supernode_cluster::dump_dot): Show BB index as
3224 well as SN index.
3225 * supergraph.cc (supernode::dump_dot): Likewise.
3226
5e10b9a2
DM		 32272020-02-03 David Malcolm <dmalcolm@redhat.com>
3228
3229 PR analyzer/93546
3230 * region-model.cc (region_model::on_call_pre): Update for new
3231 param of symbolic_region ctor.
3232 (region_model::deref_rvalue): Likewise.
3233 (region_model::add_new_malloc_region): Likewise.
3234 (make_region_for_type): Likewise, preserving type.
3235 * region-model.h (symbolic_region::symbolic_region): Add "type"
3236 param and pass it to base class ctor.
3237
287ccd3b
DM		 32382020-02-03 David Malcolm <dmalcolm@redhat.com>
3239
3240 PR analyzer/93547
3241 * constraint-manager.cc
3242 (constraint_manager::get_or_add_equiv_class): Ensure types are
3243 compatible before comparing constants.
3244
67751724
DM		 32452020-01-31 David Malcolm <dmalcolm@redhat.com>
3246
3247 PR analyzer/93457
3248 * region-model.cc (make_region_for_type): Use VOID_TYPE_P rather
3249 than checking against void_type_node.
3250
09bea584
DM		 32512020-01-31 David Malcolm <dmalcolm@redhat.com>
3252
3253 PR analyzer/93373
3254 * region-model.cc (ASSERT_COMPAT_TYPES): Convert to...
3255 (assert_compat_types): ...this, and bail when either type is NULL,
3256 or when VOID_TYPE_P (dst_type).
3257 (region_model::get_lvalue): Update for above conversion.
3258 (region_model::get_rvalue): Likewise.
3259
f1c807e8
DM		 32602020-01-31 David Malcolm <dmalcolm@redhat.com>
3261
3262 PR analyzer/93379
3263 * region-model.cc (region_model::update_for_return_superedge):
3264 Move check for null result so that it also guards setting the
3265 lhs.
3266
455f58ec
DM		 32672020-01-31 David Malcolm <dmalcolm@redhat.com>
3268
3269 PR analyzer/93438
3270 * region-model.cc (stack_region::can_merge_p): Split into a two
3271 pass approach, creating all stack regions first, then populating
3272 them.
3273 (selftest::test_state_merging): Add test coverage for (a) the case
3274 of self-merging a model in which a local in an older stack frame
3275 points to a local in a more recent stack frame (which previously
3276 would ICE), and (b) the case of self-merging a model in which a
3277 local points to a global (which previously worked OK).
3278
182ce042
DM		 32792020-01-31 David Malcolm <dmalcolm@redhat.com>
3280
3281 * analyzer.cc (is_named_call_p): Replace tests for fndecl being
3282 extern at file scope and having a non-NULL DECL_NAME with a call
3283 to maybe_special_function_p.
3284 * function-set.cc (function_set::contains_decl_p): Add call to
3285 maybe_special_function_p.
3286
45eb3e49
DM		 32872020-01-31 David Malcolm <dmalcolm@redhat.com>
3288
3289 PR analyzer/93450
3290 * constraint-manager.cc
3291 (constraint_manager::get_or_add_equiv_class): Only compare constants
3292 if their types are compatible.
3293 * region-model.cc (constant_svalue::eval_condition): Replace check
3294 for identical types with call to types_compatible_p.
3295
42f36563
DM		 32962020-01-30 David Malcolm <dmalcolm@redhat.com>
3297
3298 * program-state.cc (extrinsic_state::dump_to_pp): New.
3299 (extrinsic_state::dump_to_file): New.
3300 (extrinsic_state::dump): New.
3301 * program-state.h (extrinsic_state::dump_to_pp): New decl.
3302 (extrinsic_state::dump_to_file): New decl.
3303 (extrinsic_state::dump): New decl.
3304 * sm.cc: Include "pretty-print.h".
3305 (state_machine::dump_to_pp): New.
3306 * sm.h (state_machine::dump_to_pp): New decl.
3307
ebe9174e
DM		 33082020-01-30 David Malcolm <dmalcolm@redhat.com>
3309
3310 * diagnostic-manager.cc (for_each_state_change): Use
3311 extrinsic_state::get_num_checkers rather than accessing m_checkers
3312 directly.
3313 * program-state.cc (program_state::program_state): Likewise.
3314 * program-state.h (extrinsic_state::m_checkers): Make private.
3315
e978955d
DM		 33162020-01-30 David Malcolm <dmalcolm@redhat.com>
3317
3318 PR analyzer/93356
3319 * region-model.cc (region_model::eval_condition): In both
3320 overloads, bail out immediately on floating-point types.
3321 (region_model::eval_condition_without_cm): Likewise.
3322 (region_model::add_constraint): Likewise.
3323
d177c49c
DM		 33242020-01-30 David Malcolm <dmalcolm@redhat.com>
3325
3326 PR analyzer/93450
3327 * program-state.cc (sm_state_map::set_state): For the overload
3328 taking an svalue_id, bail out if the set_state on the ec does
3329 nothing. Convert the latter's return type from void to bool,
3330 returning true if anything changed.
3331 (sm_state_map::impl_set_state): Convert the return type from void
3332 to bool, returning true if the state changed.
3333 * program-state.h (sm_state_map::set_state): Convert return type
3334 from void to bool.
3335 (sm_state_map::impl_set_state): Likewise.
3336 * region-model.cc (constant_svalue::eval_condition): Only call
3337 fold_build2 if the types are the same.
3338
7892ff37
JJ		 33392020-01-29 Jakub Jelinek <jakub@redhat.com>
3340
3341 * analyzer.h (PUSH_IGNORE_WFORMAT, POP_IGNORE_WFORMAT): Remove.
3342 * constraint-manager.cc: Include diagnostic-core.h before graphviz.h.
3343 (range::dump, equiv_class::print): Don't use PUSH_IGNORE_WFORMAT or
3344 POP_IGNORE_WFORMAT.
3345 * state-purge.cc: Include diagnostic-core.h before
3346 gimple-pretty-print.h.
3347 (state_purge_annotator::add_node_annotations, print_vec_of_names):
3348 Don't use PUSH_IGNORE_WFORMAT or POP_IGNORE_WFORMAT.
3349 * region-model.cc: Move diagnostic-core.h include before graphviz.h.
3350 (path_var::dump, svalue::print, constant_svalue::print_details,
3351 region::dump_to_pp, region::dump_child_label, region::print_fields,
3352 map_region::print_fields, map_region::dump_dot_to_pp,
3353 map_region::dump_child_label, array_region::print_fields,
3354 array_region::dump_dot_to_pp): Don't use PUSH_IGNORE_WFORMAT or
3355 POP_IGNORE_WFORMAT.
3356
5aebfb71
DM		 33572020-01-28 David Malcolm <dmalcolm@redhat.com>
3358
3359 PR analyzer/93316
3360 * engine.cc (rewind_info_t::update_model): Get the longjmp call
3361 stmt via get_longjmp_call () rather than assuming it is the last
3362 stmt in the longjmp's supernode.
3363 (rewind_info_t::add_events_to_path): Get the location_t for the
3364 rewind_from_longjmp_event via get_longjmp_call () rather than from
3365 the supernode's get_end_location ().
3366
6c8e5844
DM		 33672020-01-28 David Malcolm <dmalcolm@redhat.com>
3368
3369 * region-model.cc (poisoned_value_diagnostic::emit): Update for
3370 renaming of warning_at overload to warning_meta.
3371 * sm-file.cc (file_leak::emit): Likewise.
3372 * sm-malloc.cc (double_free::emit): Likewise.
3373 (possible_null_deref::emit): Likewise.
3374 (possible_null_arg::emit): Likewise.
3375 (null_deref::emit): Likewise.
3376 (null_arg::emit): Likewise.
3377 (use_after_free::emit): Likewise.
3378 (malloc_leak::emit): Likewise.
3379 (free_of_non_heap::emit): Likewise.
3380 * sm-sensitive.cc (exposure_through_output_file::emit): Likewise.
3381 * sm-signal.cc (signal_unsafe_call::emit): Likewise.
3382 * sm-taint.cc (tainted_array_index::emit): Likewise.
3383
8c08c983
DM		 33842020-01-27 David Malcolm <dmalcolm@redhat.com>
3385
3386 PR analyzer/93451
3387 * region-model.cc (tree_cmp): For the REAL_CST case, impose an
3388 arbitrary order on NaNs relative to other NaNs and to non-NaNs;
3389 const-correctness tweak.
3390 (ana::selftests::build_real_cst_from_string): New function.
3391 (ana::selftests::append_interesting_constants): New function.
3392 (ana::selftests::test_tree_cmp_on_constants): New test.
3393 (ana::selftests::test_canonicalization_4): New test.
3394 (ana::selftests::analyzer_region_model_cc_tests): Call the new
3395 tests.
3396
2fbea419
DM		 33972020-01-27 David Malcolm <dmalcolm@redhat.com>
3398
3399 PR analyzer/93349
3400 * engine.cc (run_checkers): Save and restore input_location.
3401
6a81cabc
DM		 34022020-01-27 David Malcolm <dmalcolm@redhat.com>
3403
3404 * call-string.cc (call_string::cmp_1): Delete, moving body to...
3405 (call_string::cmp): ...here.
3406 * call-string.h (call_string::cmp_1): Delete decl.
3407 * engine.cc (worklist::key_t::cmp_1): Delete, moving body to...
3408 (worklist::key_t::cmp): ...here. Implement hash comparisons
3409 via comparison rather than subtraction to avoid overflow issues.
3410 * exploded-graph.h (worklist::key_t::cmp_1): Delete decl.
3411 * region-model.cc (tree_cmp): Eliminate buggy checking for
3412 symmetry.
3413
342e14ff
DM		 34142020-01-27 David Malcolm <dmalcolm@redhat.com>
3415
3416 * analyzer.cc (is_named_call_p): Check that fndecl is "extern"
3417 and at file scope. Potentially disregard prefix _ or __ in
3418 fndecl's name. Bail if the identifier is NULL.
3419 (is_setjmp_call_p): Expect a gcall rather than plain gimple.
3420 Remove special-case check for leading prefix, and also check for
3421 sigsetjmp.
3422 (is_longjmp_call_p): Also check for siglongjmp.
3423 (get_user_facing_name): New function.
3424 * analyzer.h (is_setjmp_call_p): Expect a gcall rather than plain
3425 gimple.
3426 (get_user_facing_name): New decl.
3427 * checker-path.cc (setjmp_event::get_desc): Use
3428 get_user_facing_name to avoid hardcoding the function name.
3429 (rewind_event::rewind_event): Add rewind_info param, using it to
3430 initialize new m_rewind_info field, and strengthen the assertion.
3431 (rewind_from_longjmp_event::get_desc): Use get_user_facing_name to
3432 avoid hardcoding the function name.
3433 (rewind_to_setjmp_event::get_desc): Likewise.
3434 * checker-path.h (setjmp_event::setjmp_event): Add setjmp_call
3435 param and use it to initialize...
3436 (setjmp_event::m_setjmp_call): New field.
3437 (rewind_event::rewind_event): Add rewind_info param.
3438 (rewind_event::m_rewind_info): New protected field.
3439 (rewind_from_longjmp_event::rewind_from_longjmp_event): Add
3440 rewind_info param.
3441 (class rewind_to_setjmp_event): Move rewind_info field to parent
3442 class.
3443 * diagnostic-manager.cc (diagnostic_manager::add_events_for_eedge):
3444 Update setjmp-handling for is_setjmp_call_p requiring a gcall;
3445 pass the call to the new setjmp_event.
3446 * engine.cc (exploded_node::on_stmt): Update for is_setjmp_call_p
3447 requiring a gcall.
3448 (stale_jmp_buf::emit): Use get_user_facing_name to avoid
3449 hardcoding the function names.
3450 (exploded_node::on_longjmp): Pass the longjmp_call when
3451 constructing rewind_info.
3452 (rewind_info_t::add_events_to_path): Pass the rewind_info_t to the
3453 rewind_from_longjmp_event's ctor.
3454 * exploded-graph.h (rewind_info_t::rewind_info_t): Add
3455 longjmp_call param.
3456 (rewind_info_t::get_longjmp_call): New.
3457 (rewind_info_t::m_longjmp_call): New.
3458 * region-model.cc (region_model::on_setjmp): Update comment to
3459 indicate this is also for sigsetjmp.
3460 * region-model.h (struct setjmp_record): Likewise.
3461 (class setjmp_svalue): Likewise.
3462
26d949c8
DM		 34632020-01-27 David Malcolm <dmalcolm@redhat.com>
3464
3465 PR analyzer/93276
3466 * analyzer.h (PUSH_IGNORE_WFORMAT, POP_IGNORE_WFORMAT): Guard these
3467 macros with GCC_VERSION >= 4006, making them no-op otherwise.
3468 * engine.cc (exploded_edge::exploded_edge): Specify template for
3469 base class initializer.
3470 (exploded_graph::add_edge): Specify template when chaining up to
3471 base class add_edge implementation.
3472 (viz_callgraph_node::dump_dot): Drop redundant "typename".
3473 (viz_callgraph_edge::viz_callgraph_edge): Specify template for
3474 base class initializer.
3475 * program-state.cc (sm_state_map::clone_with_remapping): Drop
3476 redundant "typename".
3477 (sm_state_map::print): Likewise.
3478 (sm_state_map::hash): Likewise.
3479 (sm_state_map::operator==): Likewise.
3480 (sm_state_map::remap_svalue_ids): Likewise.
3481 (sm_state_map::on_svalue_purge): Likewise.
3482 (sm_state_map::validate): Likewise.
3483 * program-state.h (sm_state_map::iterator_t): Likewise.
3484 * supergraph.h (superedge::superedge): Specify template for base
3485 class initializer.
3486
648796da
DM		 34872020-01-23 David Malcolm <dmalcolm@redhat.com>
3488
3489 PR analyzer/93375
3490 * supergraph.cc (callgraph_superedge::get_arg_for_parm): Fail
3491 gracefully is the number of parameters at the callee exceeds the
3492 number of arguments at the call stmt.
3493 (callgraph_superedge::get_parm_for_arg): Likewise.
3494
591b59eb
DM		 34952020-01-22 David Malcolm <dmalcolm@redhat.com>
3496
3497 PR analyzer/93382
3498 * program-state.cc (sm_state_map::on_svalue_purge): If the
3499 entry survives, but the origin is being purged, then reset the
3500 origin to null.
3501
c9c8aef4
DM		 35022020-01-22 David Malcolm <dmalcolm@redhat.com>
3503
3504 * sm-signal.cc: Fix nesting of CHECKING_P and namespace ana.
3505
fd9982bb
DM		 35062020-01-22 David Malcolm <dmalcolm@redhat.com>
3507
3508 PR analyzer/93378
3509 * engine.cc (setjmp_svalue::compare_fields): Update for
3510 replacement of m_enode with m_setjmp_record.
3511 (setjmp_svalue::add_to_hash): Likewise.
3512 (setjmp_svalue::get_index): Rename...
3513 (setjmp_svalue::get_enode_index): ...to this.
3514 (setjmp_svalue::print_details): Update for replacement of m_enode
3515 with m_setjmp_record.
3516 (exploded_node::on_longjmp): Likewise.
3517 * exploded-graph.h (rewind_info_t::m_enode_origin): Replace...
3518 (rewind_info_t::m_setjmp_record): ...with this.
3519 (rewind_info_t::rewind_info_t): Update for replacement of m_enode
3520 with m_setjmp_record.
3521 (rewind_info_t::get_setjmp_point): Likewise.
3522 (rewind_info_t::get_setjmp_call): Likewise.
3523 * region-model.cc (region_model::dump_summary_of_map): Likewise.
3524 (region_model::on_setjmp): Likewise.
3525 * region-model.h (struct setjmp_record): New struct.
3526 (setjmp_svalue::m_enode): Replace...
3527 (setjmp_svalue::m_setjmp_record): ...with this.
3528 (setjmp_svalue::setjmp_svalue): Update for replacement of m_enode
3529 with m_setjmp_record.
3530 (setjmp_svalue::clone): Likewise.
3531 (setjmp_svalue::get_index): Rename...
3532 (setjmp_svalue::get_enode_index): ...to this.
3533 (setjmp_svalue::get_exploded_node): Replace...
3534 (setjmp_svalue::get_setjmp_record): ...with this.
3535
da7cf663
DM		 35362020-01-22 David Malcolm <dmalcolm@redhat.com>
3537
3538 PR analyzer/93316
3539 * analyzer.cc (is_setjmp_call_p): Check for "setjmp" as well as
3540 "_setjmp".
3541
75038aa6
DM		 35422020-01-22 David Malcolm <dmalcolm@redhat.com>
3543
3544 PR analyzer/93307
3545 * analysis-plan.h: Wrap everything namespace "ana".
3546 * analyzer-logging.cc: Likewise.
3547 * analyzer-logging.h: Likewise.
3548 * analyzer-pass.cc (pass_analyzer::execute): Update for "ana"
3549 namespace.
3550 * analyzer-selftests.cc: Wrap everything namespace "ana".
3551 * analyzer-selftests.h: Likewise.
3552 * analyzer.h: Likewise for forward decls of types.
3553 * call-string.h: Likewise.
3554 * checker-path.cc: Likewise.
3555 * checker-path.h: Likewise.
3556 * constraint-manager.cc: Likewise.
3557 * constraint-manager.h: Likewise.
3558 * diagnostic-manager.cc: Likewise.
3559 * diagnostic-manager.h: Likewise.
3560 * engine.cc: Likewise.
3561 * engine.h: Likewise.
3562 * exploded-graph.h: Likewise.
3563 * function-set.cc: Likewise.
3564 * function-set.h: Likewise.
3565 * pending-diagnostic.cc: Likewise.
3566 * pending-diagnostic.h: Likewise.
3567 * program-point.cc: Likewise.
3568 * program-point.h: Likewise.
3569 * program-state.cc: Likewise.
3570 * program-state.h: Likewise.
3571 * region-model.cc: Likewise.
3572 * region-model.h: Likewise.
3573 * sm-file.cc: Likewise.
3574 * sm-malloc.cc: Likewise.
3575 * sm-pattern-test.cc: Likewise.
3576 * sm-sensitive.cc: Likewise.
3577 * sm-signal.cc: Likewise.
3578 * sm-taint.cc: Likewise.
3579 * sm.cc: Likewise.
3580 * sm.h: Likewise.
3581 * state-purge.h: Likewise.
3582 * supergraph.cc: Likewise.
3583 * supergraph.h: Likewise.
3584
4f01e577
DM		 35852020-01-21 David Malcolm <dmalcolm@redhat.com>
3586
3587 PR analyzer/93352
3588 * region-model.cc (int_cmp): Rename to...
3589 (array_region::key_cmp): ...this, using key_t rather than int.
3590 Rewrite in terms of comparisons rather than subtraction to
3591 ensure qsort is anti-symmetric when handling extreme values.
3592 (array_region::walk_for_canonicalization): Update for above
3593 renaming.
3594 * region-model.h (array_region::key_cmp): New decl.
3595
07c86323
DM		 35962020-01-17 David Malcolm <dmalcolm@redhat.com>
3597
3598 PR analyzer/93290
3599 * region-model.cc (region_model::eval_condition_without_cm): Avoid
3600 gcc_unreachable for unexpected operations for the case where
3601 we're comparing an svalue against itself.
3602
5f030383
DM		 36032020-01-17 David Malcolm <dmalcolm@redhat.com>
3604
3605 PR analyzer/93281
3606 * region-model.cc
3607 (region_model::convert_byte_offset_to_array_index): Convert to
3608 ssizetype before dividing by byte_size. Use fold_binary rather
3609 than fold_build2 to avoid needlessly constructing a tree for the
3610 non-const case.
3611
49e9a999
DM		 36122020-01-15 David Malcolm <dmalcolm@redhat.com>
3613
3614 * engine.cc (class impl_region_model_context): Fix comment.
3615
32077b69
DM		 36162020-01-14 David Malcolm <dmalcolm@redhat.com>
3617
3618 PR analyzer/93212
3619 * region-model.cc (make_region_for_type): Use
3620 FUNC_OR_METHOD_TYPE_P rather than comparing against FUNCTION_TYPE.
3621 * region-model.h (function_region::function_region): Likewise.
3622
7fb3669e
DM		 36232020-01-14 David Malcolm <dmalcolm@redhat.com>
3624
3625 * program-state.cc (sm_state_map::clone_with_remapping): Copy
3626 m_global_state.
3627 (selftest::test_program_state_merging_2): New selftest.
3628 (selftest::analyzer_program_state_cc_tests): Call it.
3629
e2a538b1
DM		 36302020-01-14 David Malcolm <dmalcolm@redhat.com>
3631
3632 * checker-path.h (checker_path::get_checker_event): New function.
3633 (checker_path): Add DISABLE_COPY_AND_ASSIGN; make fields private.
3634 * diagnostic-manager.cc
3635 (diagnostic_manager::prune_for_sm_diagnostic): Replace direct
3636 access to checker_path::m_events with accessor functions. Fix
3637 overlong line.
3638 (diagnostic_manager::prune_interproc_events): Replace direct
3639 access to checker_path::m_events with accessor functions.
3640 (diagnostic_manager::finish_pruning): Likewise.
3641
94946989
DM		 36422020-01-14 David Malcolm <dmalcolm@redhat.com>
3643
3644 * checker-path.h (checker_event::clone): Delete vfunc decl.
3645 (debug_event::clone): Delete vfunc impl.
3646 (custom_event::clone): Delete vfunc impl.
3647 (statement_event::clone): Delete vfunc impl.
3648 (function_entry_event::clone): Delete vfunc impl.
3649 (state_change_event::clone): Delete vfunc impl.
3650 (start_cfg_edge_event::clone): Delete vfunc impl.
3651 (end_cfg_edge_event::clone): Delete vfunc impl.
3652 (call_event::clone): Delete vfunc impl.
3653 (return_event::clone): Delete vfunc impl.
3654 (setjmp_event::clone): Delete vfunc impl.
3655 (rewind_from_longjmp_event::clone): Delete vfunc impl.
3656 (rewind_to_setjmp_event::clone): Delete vfunc impl.
3657 (warning_event::clone): Delete vfunc impl.
3658
718930c0
DM		 36592020-01-14 David Malcolm <dmalcolm@redhat.com>
3660
3661 * supergraph.cc (supernode::dump_dot): Ensure that the TABLE
3662 element has at least one TR.
3663
8397af8e
DM		 36642020-01-14 David Malcolm <dmalcolm@redhat.com>
3665
3666 PR analyzer/58237
3667 * engine.cc (leak_stmt_finder::find_stmt): Use get_pure_location
3668 when comparing against UNKNOWN_LOCATION.
3669 (stmt_requires_new_enode_p): Likewise.
3670 (exploded_graph::dump_exploded_nodes): Likewise.
3671 * supergraph.cc (supernode::get_start_location): Likewise.
3672 (supernode::get_end_location): Likewise.
3673
697251b7
DM		 36742020-01-14 David Malcolm <dmalcolm@redhat.com>
3675
3676 PR analyzer/58237
3677 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
3678 selftest::analyzer_sm_file_cc_tests.
3679 * analyzer-selftests.h (selftest::analyzer_sm_file_cc_tests): New
3680 decl.
3681 * sm-file.cc: Include "analyzer/function-set.h" and
3682 "analyzer/analyzer-selftests.h".
3683 (get_file_using_fns): New function.
3684 (is_file_using_fn_p): New function.
3685 (fileptr_state_machine::on_stmt): Return true for known functions.
3686 (selftest::analyzer_sm_file_cc_tests): New function.
3687
4804c5fe
DM		 36882020-01-14 David Malcolm <dmalcolm@redhat.com>
3689
3690 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
3691 selftest::analyzer_sm_signal_cc_tests.
3692 * analyzer-selftests.h (selftest::analyzer_sm_signal_cc_tests):
3693 New decl.
3694 * sm-signal.cc: Include "analyzer/function-set.h" and
3695 "analyzer/analyzer-selftests.h".
3696 (get_async_signal_unsafe_fns): New function.
3697 (signal_unsafe_p): Reimplement in terms of the above.
3698 (selftest::analyzer_sm_signal_cc_tests): New function.
3699
a6b5f19c
DM		 37002020-01-14 David Malcolm <dmalcolm@redhat.com>
3701
3702 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
3703 selftest::analyzer_function_set_cc_tests.
3704 * analyzer-selftests.h (selftest::analyzer_function_set_cc_tests):
3705 New decl.
3706 * function-set.cc: New file.
3707 * function-set.h: New file.
3708
ef7827b0
DM		 37092020-01-14 David Malcolm <dmalcolm@redhat.com>
3710
3711 * analyzer.h (fndecl_has_gimple_body_p): New decl.
3712 * engine.cc (impl_region_model_context::on_unknown_change): New
3713 function.
3714 (fndecl_has_gimple_body_p): Make non-static.
3715 (exploded_node::on_stmt): Treat __analyzer_dump_exploded_nodes as
3716 known. Track whether we have a call with unknown side-effects and
3717 pass it to on_call_post.
3718 * exploded-graph.h (impl_region_model_context::on_unknown_change):
3719 New decl.
3720 * program-state.cc (sm_state_map::on_unknown_change): New function.
3721 * program-state.h (sm_state_map::on_unknown_change): New decl.
3722 * region-model.cc: Include "bitmap.h".
3723 (region_model::on_call_pre): Return a bool, capturing whether the
3724 call has unknown side effects.
3725 (region_model::on_call_post): Add arg "bool unknown_side_effects"
3726 and if true, call handle_unrecognized_call.
3727 (class reachable_regions): New class.
3728 (region_model::handle_unrecognized_call): New function.
3729 * region-model.h (region_model::on_call_pre): Return a bool.
3730 (region_model::on_call_post): Add arg "bool unknown_side_effects".
3731 (region_model::handle_unrecognized_call): New decl.
3732 (region_model_context::on_unknown_change): New vfunc.
3733 (test_region_model_context::on_unknown_change): New function.
3734
14f9d7b9
DM		 37352020-01-14 David Malcolm <dmalcolm@redhat.com>
3736
3737 * diagnostic-manager.cc (saved_diagnostic::operator==): Move here
3738 from header. Replace pointer equality test on m_var with call to
3739 pending_diagnostic::same_tree_p.
3740 * diagnostic-manager.h (saved_diagnostic::operator==): Move to
3741 diagnostic-manager.cc.
3742 * pending-diagnostic.cc (pending_diagnostic::same_tree_p): New.
3743 * pending-diagnostic.h (pending_diagnostic::same_tree_p): New.
3744 * sm-file.cc (file_diagnostic::subclass_equal_p): Replace pointer
3745 equality on m_arg with call to pending_diagnostic::same_tree_p.
3746 * sm-malloc.cc (malloc_diagnostic::subclass_equal_p): Likewise.
3747 (possible_null_arg::subclass_equal_p): Likewise.
3748 (null_arg::subclass_equal_p): Likewise.
3749 (free_of_non_heap::subclass_equal_p): Likewise.
3750 * sm-pattern-test.cc (pattern_match::operator==): Likewise.
3751 * sm-sensitive.cc (exposure_through_output_file::operator==):
3752 Likewise.
3753 * sm-taint.cc (tainted_array_index::operator==): Likewise.
3754
f474fbd5
DM		 37552020-01-14 David Malcolm <dmalcolm@redhat.com>
3756
3757 * diagnostic-manager.cc (dedupe_winners::add): Add logging
3758 of deduplication decisions made.
3759
757bf1df
DM		 37602020-01-14 David Malcolm <dmalcolm@redhat.com>
3761
3762 * ChangeLog: New file.
3763 * analyzer-selftests.cc: New file.
3764 * analyzer-selftests.h: New file.
3765 * analyzer.opt: New file.
3766 * analysis-plan.cc: New file.
3767 * analysis-plan.h: New file.
3768 * analyzer-logging.cc: New file.
3769 * analyzer-logging.h: New file.
3770 * analyzer-pass.cc: New file.
3771 * analyzer.cc: New file.
3772 * analyzer.h: New file.
3773 * call-string.cc: New file.
3774 * call-string.h: New file.
3775 * checker-path.cc: New file.
3776 * checker-path.h: New file.
3777 * constraint-manager.cc: New file.
3778 * constraint-manager.h: New file.
3779 * diagnostic-manager.cc: New file.
3780 * diagnostic-manager.h: New file.
3781 * engine.cc: New file.
3782 * engine.h: New file.
3783 * exploded-graph.h: New file.
3784 * pending-diagnostic.cc: New file.
3785 * pending-diagnostic.h: New file.
3786 * program-point.cc: New file.
3787 * program-point.h: New file.
3788 * program-state.cc: New file.
3789 * program-state.h: New file.
3790 * region-model.cc: New file.
3791 * region-model.h: New file.
3792 * sm-file.cc: New file.
3793 * sm-malloc.cc: New file.
3794 * sm-malloc.dot: New file.
3795 * sm-pattern-test.cc: New file.
3796 * sm-sensitive.cc: New file.
3797 * sm-signal.cc: New file.
3798 * sm-taint.cc: New file.
3799 * sm.cc: New file.
3800 * sm.h: New file.
3801 * state-purge.cc: New file.
3802 * state-purge.h: New file.
3803 * supergraph.cc: New file.
3804 * supergraph.h: New file.
3805
38062019-12-13 David Malcolm <dmalcolm@redhat.com>
3807
3808 * Initial creation
3809
3810\f
3811Copyright (C) 2019-2020 Free Software Foundation, Inc.
3812
3813Copying and distribution of this file, with or without modification,
3814are permitted in any medium without royalty provided the copyright
3815notice and this notice are preserved.
Mirror of https://gcc.gnu.org/git/gcc.git