]> git.ipfire.org Git - thirdparty/gcc.git/blame - gcc/analyzer/ChangeLog
projects / thirdparty / gcc.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
libstdc++: Remove spurious line break in doxygen comment
[thirdparty/gcc.git] / gcc / analyzer / ChangeLog
CommitLineData
b1da9916
GA		 12021-04-05 David Malcolm <dmalcolm@redhat.com>
2
3 PR analyzer/99906
4 * analyzer.cc (maybe_reconstruct_from_def_stmt): Fix NULL
5 dereference on calls with zero arguments.
6 * sm-malloc.cc (malloc_state_machine::on_stmt): When handling
7 __attribute__((nonnull)), only call get_diagnostic_tree if the
8 result will be used.
9
102021-04-05 David Malcolm <dmalcolm@redhat.com>
11
12 PR analyzer/99886
13 * diagnostic-manager.cc
14 (diagnostic_manager::prune_interproc_events): Use signed integers
15 when subtracting one from path->num_events ().
16 (diagnostic_manager::consolidate_conditions): Likewise. Convert
17 next_idx to a signed int.
18
f1607029
GA		 192021-04-01 David Malcolm <dmalcolm@redhat.com>
20
21 * diagnostic-manager.cc (diagnostic_manager::add_diagnostic): Make
22 enode param non-constant, and call add_diagnostic on it. Add
23 enode index to log message.
24 (diagnostic_manager::add_diagnostic): Make enode param
25 non-constant.
26 * diagnostic-manager.h (diagnostic_manager::add_diagnostic):
27 Likewise for both decls.
28 * engine.cc
29 (impl_region_model_context::impl_region_model_context): Likewise
30 for enode_for_diag.
31 (impl_sm_context::impl_sm_context): Likewise.
32 (impl_sm_context::m_enode_for_diag): Likewise.
33 (exploded_node::dump_dot): Don't pass the diagnostic manager
34 to dump_saved_diagnostics.
35 (exploded_node::dump_saved_diagnostics): Drop param. Iterate
36 directly through all saved diagnostics for the enode, rather
37 than all saved diagnostics in the diagnostic_manager and
38 filtering.
39 (exploded_node::on_stmt): Make non-const.
40 (exploded_node::on_edge): Likewise.
41 (exploded_node::on_longjmp): Likewise.
42 (exploded_node::detect_leaks): Likewise.
43 (exploded_graph::get_or_create_node): Make enode_for_diag param
44 non-const.
45 (exploded_graph_annotator::print_enode): Iterate
46 directly through all saved diagnostics for the enode, rather
47 than all saved diagnostics in the diagnostic_manager and
48 filtering.
49 * exploded-graph.h
50 (impl_region_model_context::impl_region_model_context): Make
51 enode_for_diag param non-constant.
52 (impl_region_model_context::m_enode_for_diag): Likewise.
53 (exploded_node::dump_saved_diagnostics): Drop param.
54 (exploded_node::on_stmt): Make non-const.
55 (exploded_node::on_edge): Likewise.
56 (exploded_node::on_longjmp): Likewise.
57 (exploded_node::detect_leaks): Likewise.
58 (exploded_node::add_diagnostic): New.
59 (exploded_node::get_num_diagnostics): New.
60 (exploded_node::get_saved_diagnostic): New.
61 (exploded_node::m_saved_diagnostics): New.
62 (exploded_graph::get_or_create_node): Make enode_for_diag param
63 non-constant.
64 * feasible-graph.cc (feasible_node::dump_dot): Drop
65 diagnostic_manager from call to dump_saved_diagnostics.
66 * program-state.cc (program_state::on_edge): Convert enode param
67 to non-const pointer.
68 (program_state::prune_for_point): Likewise for enode_for_diag
69 param.
70 * program-state.h (program_state::on_edge): Convert enode param
71 to non-const pointer.
72 (program_state::prune_for_point): Likewise for enode_for_diag
73 param.
74
95d217ab
GA		 752021-03-31 David Malcolm <dmalcolm@redhat.com>
76
77 PR analyzer/99771
78 * analyzer.cc (maybe_reconstruct_from_def_stmt): New.
79 (fixup_tree_for_diagnostic_1): New.
80 (fixup_tree_for_diagnostic): New.
81 * analyzer.h (fixup_tree_for_diagnostic): New decl.
82 * checker-path.cc (call_event::get_desc): Call
83 fixup_tree_for_diagnostic and use it for the call_with_state call.
84 (warning_event::get_desc): Likewise for the final_event and
85 make_label_text calls.
86 * engine.cc (impl_region_model_context::on_state_leak): Likewise
87 for the on_leak and add_diagnostic calls.
88 * region-model.cc (region_model::get_representative_tree):
89 Likewise for the result.
90
08d2edae
GA		 912021-03-30 David Malcolm <dmalcolm@redhat.com>
92
93 * region.h (region::dump_to_pp): Remove old decl.
94
952021-03-30 David Malcolm <dmalcolm@redhat.com>
96
97 * sm-file.cc (fileptr_state_machine::on_stmt): Only call
98 get_diagnostic_tree if the result will be used.
99 * sm-malloc.cc (malloc_state_machine::on_stmt): Likewise.
100 (malloc_state_machine::on_deallocator_call): Likewise.
101 (malloc_state_machine::on_realloc_call): Likewise.
102 (malloc_state_machine::on_realloc_call): Likewise.
103 * sm-sensitive.cc
104 (sensitive_state_machine::warn_for_any_exposure): Likewise.
105 * sm-taint.cc (taint_state_machine::on_stmt): Likewise.
106
4493b1c1
GA		 1072021-03-25 David Malcolm <dmalcolm@redhat.com>
108
109 PR analyzer/93695
110 PR analyzer/99044
111 PR analyzer/99716
112 * engine.cc (exploded_node::on_stmt): Clear sm-state involving
113 an SSA name at the def-stmt of that SSA name.
114 * program-state.cc (sm_state_map::purge_state_involving): New.
115 * program-state.h (sm_state_map::purge_state_involving): New decl.
116 * region-model.cc (selftest::test_involves_p): New.
117 (selftest::analyzer_region_model_cc_tests): Call it.
118 * svalue.cc (class involvement_visitor): New class
119 (svalue::involves_p): New.
120 * svalue.h (svalue::involves_p): New decl.
121
5f256a70
GA		 1222021-03-19 David Malcolm <dmalcolm@redhat.com>
123
124 PR analyzer/99614
125 * diagnostic-manager.cc (class epath_finder): Add
126 DISABLE_COPY_AND_ASSIGN.
127
3c5b6d24
GA		 1282021-03-15 Martin Liska <mliska@suse.cz>
129
130 * sm-file.cc (get_file_using_fns): Add missing comma in initializer.
131
48ff383f
GA		 1322021-03-11 David Malcolm <dmalcolm@redhat.com>
133
134 PR analyzer/96374
135 * analyzer.opt (-param=analyzer-max-infeasible-edges=): New param.
136 (fdump-analyzer-feasibility): New flag.
137 * diagnostic-manager.cc: Include "analyzer/trimmed-graph.h" and
138 "analyzer/feasible-graph.h".
139 (epath_finder::epath_finder): Convert m_sep to a pointer and
140 only create it if !flag_analyzer_feasibility.
141 (epath_finder::~epath_finder): New.
142 (epath_finder::m_sep): Convert to a pointer.
143 (epath_finder::get_best_epath): Add param "diag_idx" and use it
144 when logging. Rather than finding the shortest path and then
145 checking feasibility, instead use explore_feasible_paths unless
146 !flag_analyzer_feasibility, in which case simply use the shortest
147 path, and note if it is infeasible. Update for m_sep becoming a
148 pointer.
149 (class feasible_worklist): New.
150 (epath_finder::explore_feasible_paths): New.
151 (epath_finder::process_worklist_item): New.
152 (class dump_eg_with_shortest_path): New.
153 (epath_finder::dump_trimmed_graph): New.
154 (epath_finder::dump_feasible_graph): New.
155 (saved_diagnostic::saved_diagnostic): Add "idx" param, using it
156 on new field m_idx.
157 (saved_diagnostic::to_json): Dump m_idx.
158 (saved_diagnostic::calc_best_epath): Pass m_idx to get_best_epath.
159 Remove assertion that m_problem was set when m_best_epath is NULL.
160 (diagnostic_manager::add_diagnostic): Pass an index when created
161 saved_diagnostic instances.
162 * diagnostic-manager.h (saved_diagnostic::saved_diagnostic): Add
163 "idx" param.
164 (saved_diagnostic::get_index): New accessor.
165 (saved_diagnostic::m_idx): New field.
166 * engine.cc (exploded_node::dump_dot): Call args.dump_extra_info.
167 Move code to...
168 (exploded_node::dump_processed_stmts): ...this new function and...
169 (exploded_node::dump_saved_diagnostics): ...this new function.
170 Add index of each diagnostic.
171 (exploded_edge::dump_dot): Move bulk of code to...
172 (exploded_edge::dump_dot_label): ...this new function.
173 * exploded-graph.h (eg_traits::dump_args_t::dump_extra_info): New
174 vfunc.
175 (exploded_node::dump_processed_stmts): New decl.
176 (exploded_node::dump_saved_diagnostics): New decl.
177 (exploded_edge::dump_dot_label): New decl.
178 * feasible-graph.cc: New file.
179 * feasible-graph.h: New file.
180 * trimmed-graph.cc: New file.
181 * trimmed-graph.h: New file.
182
1832021-03-11 David Malcolm <dmalcolm@redhat.com>
184
185 * diagnostic-manager.cc (epath_finder::epath_finder):
186 Update shortest_paths init for new param.
187
e9800852
GA		 1882021-03-10 David Malcolm <dmalcolm@redhat.com>
189
190 PR analyzer/96374
191 * engine.cc (exploded_path::feasible_p): Move "snodes_visited" and
192 "model" locals into a new class feasibility_state. Move heart
193 of per-edge processing into
194 feasibility_state::maybe_update_for_edge.
195 (feasibility_state::feasibility_state): New.
196 (feasibility_state::maybe_update_for_edge): New, based on loop
197 body in exploded_path::feasible_p.
198 * exploded-graph.h (class feasibility_state): New.
199
2002021-03-10 David Malcolm <dmalcolm@redhat.com>
201
202 * supergraph.h
203 (callgraph_superedge::dyn_cast_callgraph_superedge): New.
204 (call_superedge::dyn_cast_callgraph_superedge): Delete.
205 (return_superedge::dyn_cast_callgraph_superedge): Delete.
206
d97a92dc
GA		 2072021-03-02 Martin Liska <mliska@suse.cz>
208
209 * diagnostic-manager.cc (diagnostic_manager::emit_saved_diagnostics):
210 Do not pass engine.
211
06a9f20f
GA		 2122021-02-26 David Malcolm <dmalcolm@redhat.com>
213
214 * engine.cc (exploded_path::exploded_path): New copy-ctor.
215 * exploded-graph.h (exploded_path::operator=): Drop decl.
216
2172021-02-26 David Malcolm <dmalcolm@redhat.com>
218
219 PR analyzer/96374
220 * diagnostic-manager.cc (class epath_finder): New.
221 (epath_finder::get_best_epath): New.
222 (saved_diagnostic::saved_diagnostic): Update for replacement of
223 m_state and m_epath_length with m_best_epath.
224 (saved_diagnostic::~saved_diagnostic): Delete m_best_epath.
225 (saved_diagnostic::to_json): Update "path_length" to be optional.
226 (saved_diagnostic::calc_best_epath): New, based on
227 dedupe_winners::add and parts of dedupe_key::dedupe_key.
228 (saved_diagnostic::get_epath_length): New.
229 (saved_diagnostic::add_duplicate): New.
230 (dedupe_key::dedupe_key): Drop epath param. Move invocation of
231 stmt_finder to saved_diagnostic::calc_best_epath.
232 (class dedupe_candidate): Delete.
233 (class dedupe_hash_map_traits): Update to use saved_diagnotic *
234 rather than dedupe_candidate * as the value_type/compare_type.
235 (dedupe_winners::~dedupe_winners): Don't delete the values.
236 (dedupe_winners::add): Convert param from shortest_exploded_paths to
237 epath_finder. Drop "eg" param. Drop dedupe_candidate, moving
238 path generation and feasiblity checking to
239 epath_finder::get_best_epath. Update winner-selection for move
240 of epaths from dedupe_candidate to saved_diagnostic.
241 (dedupe_winners::emit_best): Update for removal of class
242 dedupe_candidate.
243 (dedupe_winners::map_t): Update to use saved_diagnotic * rather
244 than dedupe_candidate * as the value_type/compare_type.
245 (diagnostic_manager::emit_saved_diagnostics): Move
246 shortest_exploded_paths instance into epath_finder and pass that
247 around instead.
248 (diagnostic_manager::emit_saved_diagnostic): Drop epath, stmt
249 and num_dupes params, instead getting these from the
250 saved_diagnostic. Use correct location in inform_n call.
251 * diagnostic-manager.h (class epath_finder): New forward decl.
252 (saved_diagnostic::status): Drop enum.
253 (saved_diagnostic::set_feasible): Drop.
254 (saved_diagnostic::set_infeasible): Drop.
255 (saved_diagnostic::get_status): Drop.
256 (saved_diagnostic::calc_best_epath): New decl.
257 (saved_diagnostic::get_best_epath): New decl.
258 (saved_diagnostic::get_epath_length): New decl.
259 (saved_diagnostic::set_epath_length): Drop.
260 (saved_diagnostic::get_epath_length): Drop inline implementation.
261 (saved_diagnostic::add_duplicate): New.
262 (saved_diagnostic::get_num_dupes): New.
263 (saved_diagnostic::m_d): Document ownership.
264 (saved_diagnostic::m_trailing_eedge): Make const.
265 (saved_diagnostic::m_status): Drop field.
266 (saved_diagnostic::m_epath_length): Drop field.
267 (saved_diagnostic::m_best_epath): New field.
268 (saved_diagnostic::m_problem): Document ownership.
269 (saved_diagnostic::m_duplicates): New field.
270 (diagnostic_manager::emit_saved_diagnostic): Drop params epath,
271 stmt, and num_dupes.
272 * engine.cc (exploded_graph_annotator::print_saved_diagnostic):
273 Update for changes to saved_diagnostic class.
274 * exploded-graph.h (exploded_path::feasible_p): Drop unused
275 overloaded decl.
276
daa68844
GA		 2772021-02-25 David Malcolm <dmalcolm@redhat.com>
278
279 PR analyzer/99193
280 * region-model-impl-calls.cc (region_model::impl_call_realloc): New.
281 * region-model.cc (region_model::on_call_pre): Call it.
282 * region-model.h (region_model::impl_call_realloc): New decl.
283 * sm-malloc.cc (enum wording): Add WORDING_REALLOCATED.
284 (malloc_state_machine::m_realloc): New field.
285 (use_after_free::describe_state_change): Add case for
286 WORDING_REALLOCATED.
287 (use_after_free::describe_final_event): Likewise.
288 (malloc_state_machine::malloc_state_machine): Initialize
289 m_realloc.
290 (malloc_state_machine::on_stmt): Handle realloc by calling...
291 (malloc_state_machine::on_realloc_call): New.
292
2f5765cf
GA		 2932021-02-22 David Malcolm <dmalcolm@redhat.com>
294
295 PR analyzer/99196
296 * engine.cc (exploded_node::on_stmt): Provide terminate_path
297 flag as a way for on_call_pre to terminate the current analysis
298 path.
299 * region-model-impl-calls.cc (call_details::num_args): New.
300 (region_model::impl_call_error): New.
301 * region-model.cc (region_model::on_call_pre): Add param
302 "out_terminate_path". Handle "error" and "error_at_line".
303 * region-model.h (call_details::num_args): New decl.
304 (region_model::on_call_pre): Add param "out_terminate_path".
305 (region_model::impl_call_error): New decl.
306
acc0ee5c
GA		 3072021-02-17 David Malcolm <dmalcolm@redhat.com>
308
309 PR analyzer/98969
310 * constraint-manager.cc (dead_svalue_purger::should_purge_p):
311 Update for change to svalue::live_p.
312 * program-state.cc (sm_state_map::on_liveness_change): Likewise.
313 (program_state::detect_leaks): Likewise.
314 * region-model-reachability.cc (reachable_regions::init_cluster):
315 When dealing with a symbolic region, if the underlying pointer is
316 implicitly live, add the region to the reachable regions.
317 * region-model.cc (region_model::compare_initial_and_pointer):
318 Move logic for detecting initial values of params to
319 initial_svalue::initial_value_of_param_p.
320 * svalue.cc (svalue::live_p): Convert "live_svalues" from a
321 reference to a pointer; support it being NULL.
322 (svalue::implicitly_live_p): Convert first param from a
323 refererence to a pointer.
324 (region_svalue::implicitly_live_p): Likewise.
325 (constant_svalue::implicitly_live_p): Likewise.
326 (initial_svalue::implicitly_live_p): Likewise. Treat the initial
327 values of params for the top level frame as still live.
328 (initial_svalue::initial_value_of_param_p): New function, taken
329 from a test in region_model::compare_initial_and_pointer.
330 (unaryop_svalue::implicitly_live_p): Convert first param from a
331 refererence to a pointer.
332 (binop_svalue::implicitly_live_p): Likewise.
333 (sub_svalue::implicitly_live_p): Likewise.
334 (unmergeable_svalue::implicitly_live_p): Likewise.
335 * svalue.h (svalue::live_p): Likewise.
336 (svalue::implicitly_live_p): Likewise.
337 (region_svalue::implicitly_live_p): Likewise.
338 (constant_svalue::implicitly_live_p): Likewise.
339 (initial_svalue::implicitly_live_p): Likewise.
340 (initial_svalue::initial_value_of_param_p): New decl.
341 (unaryop_svalue::implicitly_live_p): Convert first param from a
342 refererence to a pointer.
343 (binop_svalue::implicitly_live_p): Likewise.
344 (sub_svalue::implicitly_live_p): Likewise.
345 (unmergeable_svalue::implicitly_live_p): Likewise.
346
fab095da
GA		 3472021-02-12 David Malcolm <dmalcolm@redhat.com>
348
349 PR analyzer/98969
350 * engine.cc (readability): Add names for the various arbitrary
351 values. Handle NOP_EXPR and INTEGER_CST.
352 (readability_comparator): Combine the readability tests for
353 tree and stack depth, rather than performing them sequentially.
354 (impl_region_model_context::on_state_leak): Strip off top-level
355 casts.
356 * region-model.cc (region_model::get_representative_path_var): Add
357 type-checking, moving the bulk of the implementation to...
358 (region_model::get_representative_path_var_1): ...here. Respect
359 types in casts by recursing and re-adding the cast, rather than
360 merely stripping them off. Use the correct type when handling
361 region_svalue.
362 (region_model::get_representative_tree): Strip off any top-level
363 cast.
364 (region_model::get_representative_path_var): Add type-checking,
365 moving the bulk of the implementation to...
366 (region_model::get_representative_path_var_1): ...here.
367 * region-model.h (region_model::get_representative_path_var_1):
368 New decl
369 (region_model::get_representative_path_var_1): New decl.
370 * store.cc (append_pathvar_with_type): New.
371 (binding_cluster::get_representative_path_vars): Cast path_vars
372 to the correct type when adding them to *OUT_PVS.
373
0a91b73e
GA		 3742021-02-09 David Malcolm <dmalcolm@redhat.com>
375
376 PR analyzer/98575
377 * sm-file.cc (is_file_using_fn_p): Support "_IO_"-prefixed
378 variants.
379
3802021-02-09 David Malcolm <dmalcolm@redhat.com>
381
382 PR analyzer/98575
383 * store.cc (store::set_value): Treat a pointer written to *UNKNOWN
384 as having escaped.
385
548b75d8
GA		 3862021-02-02 David Malcolm <dmalcolm@redhat.com>
387
388 PR analyzer/93355
389 PR analyzer/96374
390 * engine.cc (toplevel_function_p): Simplify so that
391 we only reject functions with a "__analyzer_" prefix.
392 (add_any_callbacks): Delete.
393 (exploded_graph::build_initial_worklist): Update for
394 dropped param of toplevel_function_p.
395 (exploded_graph::build_initial_worklist): Don't bother
396 looking for callbacks that are reachable from global
397 initializers.
398
f7884fb1
GA		 3992021-02-01 David Malcolm <dmalcolm@redhat.com>
400
401 PR analyzer/98918
402 * region-model-manager.cc
403 (region_model_manager::get_or_create_initial_value):
404 Fold the initial value of *UNKNOWN_PTR to an UNKNOWN value.
405 (region_model_manager::get_field_region): Fold the value
406 of UNKNOWN_PTR->FIELD to *UNKNOWN_PTR_OF_&FIELD_TYPE.
407
2900f2f2
GA		 4082021-01-29 David Malcolm <dmalcolm@redhat.com>
409
410 * checker-path.cc (event_kind_to_string): Handle
411 EK_START_CONSOLIDATED_CFG_EDGES and
412 EK_END_CONSOLIDATED_CFG_EDGES.
413 (start_consolidated_cfg_edges_event::get_desc): New.
414 (checker_path::cfg_edge_pair_at_p): New.
415 * checker-path.h (enum event_kind): Add
416 EK_START_CONSOLIDATED_CFG_EDGES and
417 EK_END_CONSOLIDATED_CFG_EDGES.
418 (class start_consolidated_cfg_edges_event): New class.
419 (class end_consolidated_cfg_edges_event): New class.
420 (checker_path::delete_events): New.
421 (checker_path::replace_event): New.
422 (checker_path::cfg_edge_pair_at_p): New decl.
423 * diagnostic-manager.cc (diagnostic_manager::prune_path): Call
424 consolidate_conditions.
425 (same_line_as_p): New.
426 (diagnostic_manager::consolidate_conditions): New.
427 * diagnostic-manager.h
428 (diagnostic_manager::consolidate_conditions): New decl.
429
ef1f8ee6
GA		 4302021-01-18 David Malcolm <dmalcolm@redhat.com>
431
432 * analyzer.h (is_std_named_call_p): New decl.
433 * diagnostic-manager.cc (path_builder::get_sm): New.
434 (state_change_event_creator::state_change_event_creator): Add "pb"
435 param.
436 (state_change_event_creator::on_global_state_change): Don't consider
437 state changes affecting other state_machines.
438 (state_change_event_creator::on_state_change): Likewise.
439 (state_change_event_creator::m_pb): New field.
440 (diagnostic_manager::add_events_for_eedge): Pass pb to visitor
441 ctor.
442 * region-model-impl-calls.cc
443 (region_model::impl_deallocation_call): New.
444 * region-model.cc: Include "attribs.h".
445 (region_model::on_call_post): Handle fndecls referenced by
446 __attribute__((deallocated_by(FOO))).
447 * region-model.h (region_model::impl_deallocation_call): New decl.
448 * sm-malloc.cc: Include "stringpool.h" and "attribs.h". Add
449 leading comment.
450 (class api): Delete.
451 (enum resource_state): Update comment for change from api to
452 deallocator and deallocator_set.
453 (allocation_state::allocation_state): Drop api param. Add
454 "deallocators" and "deallocator".
455 (allocation_state::m_api): Drop field in favor of...
456 (allocation_state::m_deallocators): New field.
457 (allocation_state::m_deallocator): New field.
458 (enum wording): Add WORDING_DEALLOCATED.
459 (struct deallocator): New.
460 (struct standard_deallocator): New.
461 (struct custom_deallocator): New.
462 (struct deallocator_set): New.
463 (struct custom_deallocator_set): New.
464 (struct standard_deallocator_set): New.
465 (struct deallocator_set_map_traits): New.
466 (malloc_state_machine::m_malloc): Drop field
467 (malloc_state_machine::m_scalar_new): Likewise.
468 (malloc_state_machine::m_vector_new): Likewise.
469 (malloc_state_machine::m_free): New field
470 (malloc_state_machine::m_scalar_delete): Likewise.
471 (malloc_state_machine::m_vector_delete): Likewise.
472 (malloc_state_machine::deallocator_map_t): New typedef.
473 (malloc_state_machine::m_deallocator_map): New field.
474 (malloc_state_machine::deallocator_set_cache_t): New typedef.
475 (malloc_state_machine::m_custom_deallocator_set_cache): New field.
476 (malloc_state_machine::custom_deallocator_set_map_t): New typedef.
477 (malloc_state_machine::m_custom_deallocator_set_map): New field.
478 (malloc_state_machine::m_dynamic_sets): New field.
479 (malloc_state_machine::m_dynamic_deallocators): New field.
480 (api::api): Delete.
481 (deallocator::deallocator): New ctor.
482 (deallocator::hash): New.
483 (deallocator::dump_to_pp): New.
484 (deallocator::cmp): New.
485 (deallocator::cmp_ptr_ptr): New.
486 (standard_deallocator::standard_deallocator): New ctor.
487 (deallocator_set::deallocator_set): New ctor.
488 (deallocator_set::dump): New.
489 (custom_deallocator_set::custom_deallocator_set): New ctor.
490 (custom_deallocator_set::contains_p): New.
491 (custom_deallocator_set::maybe_get_single): New.
492 (custom_deallocator_set::dump_to_pp): New.
493 (standard_deallocator_set::standard_deallocator_set): New ctor.
494 (standard_deallocator_set::contains_p): New.
495 (standard_deallocator_set::maybe_get_single): New.
496 (standard_deallocator_set::dump_to_pp): New.
497 (start_p): New.
498 (class mismatching_deallocation): Update for conversion from api
499 to deallocator_set and deallocator.
500 (double_free::emit): Use %qs.
501 (class use_after_free): Update for conversion from api to
502 deallocator_set and deallocator.
503 (malloc_leak::describe_state_change): Only emit "allocated here" on
504 a start->nonnull transition, rather than on other transitions to
505 nonnull.
506 (allocation_state::dump_to_pp): Update for conversion from api to
507 deallocator_set.
508 (allocation_state::get_nonnull): Likewise.
509 (malloc_state_machine::malloc_state_machine): Likewise.
510 (malloc_state_machine::~malloc_state_machine): New.
511 (malloc_state_machine::add_state): Update for conversion from api
512 to deallocator_set.
513 (malloc_state_machine::get_or_create_custom_deallocator_set): New.
514 (malloc_state_machine::maybe_create_custom_deallocator_set): New.
515 (malloc_state_machine::get_or_create_deallocator): New.
516 (malloc_state_machine::on_stmt): Update for conversion from api
517 to deallocator_set. Handle "__attribute__((malloc(FOO)))", and
518 the special attribute set on FOO.
519 (malloc_state_machine::on_allocator_call): Update for conversion
520 from api to deallocator_set. Add "returns_nonnull" param and use
521 it to affect which state to transition to.
522 (malloc_state_machine::on_deallocator_call): Update for conversion
523 from api to deallocator_set.
524
5fff80fd
GA		 5252021-01-14 David Malcolm <dmalcolm@redhat.com>
526
527 * engine.cc (strongly_connected_components::to_json): New.
528 (worklist::to_json): New.
529 (exploded_graph::to_json): JSON-ify the worklist.
530 * exploded-graph.h (strongly_connected_components::to_json): New
531 decl.
532 (worklist::to_json): New decl.
533 * store.cc (store::to_json): Fix comment.
534 * supergraph.cc (supernode::to_json): Fix reference to
535 "returning_call" in comment. Add optional "fun" to JSON.
536 (edge_kind_to_string): New.
537 (superedge::to_json): Add "kind" to JSON.
538
5392021-01-14 David Malcolm <dmalcolm@redhat.com>
540
541 PR analyzer/98679
542 * analyzer.h (region_offset::operator==): Make const.
543 * pending-diagnostic.h (pending_diagnostic::equal_p): Likewise.
544 * store.h (binding_cluster::for_each_value): Likewise.
545 (binding_cluster::for_each_binding): Likewise.
546
6851dda2
GA		 5472021-01-12 David Malcolm <dmalcolm@redhat.com>
548
549 PR analyzer/98628
550 * store.cc (binding_cluster::make_unknown_relative_to): Don't mark
551 dereferenced unknown pointers as having escaped.
552
7d187e4f
GA		 5532021-01-07 David Malcolm <dmalcolm@redhat.com>
554
555 PR analyzer/98580
556 * region.cc (decl_region::get_svalue_for_initializer): Gracefully
557 handle when LTO writes out DECL_INITIAL as error_mark_node.
558
5592021-01-07 David Malcolm <dmalcolm@redhat.com>
560
561 PR analyzer/97074
562 * store.cc (binding_cluster::can_merge_p): Add "out_store" param
563 and pass to calls to binding_cluster::make_unknown_relative_to.
564 (binding_cluster::make_unknown_relative_to): Add "out_store"
565 param. Use it to mark base regions that are pointed to by
566 pointers that become unknown as having escaped.
567 (store::can_merge_p): Pass out_store to
568 binding_cluster::can_merge_p.
569 * store.h (binding_cluster::can_merge_p): Add "out_store" param.
570 (binding_cluster::make_unknown_relative_to): Likewise.
571 * svalue.cc (region_svalue::implicitly_live_p): New vfunc.
572 * svalue.h (region_svalue::implicitly_live_p): New vfunc decl.
573
5742021-01-07 David Malcolm <dmalcolm@redhat.com>
575
576 PR analyzer/98564
577 * engine.cc (exploded_path::feasible_p): Add missing call to
578 bitmap_clear.
579
942ae5be
GA		 5802021-01-06 David Malcolm <dmalcolm@redhat.com>
581
582 PR analyzer/97072
583 * region-model-reachability.cc (reachable_regions::init_cluster):
584 Convert symbolic region handling to a switch statement. Add cases
585 to handle SK_UNKNOWN and SK_CONJURED.
586
651b8a50
GA		 5872021-01-05 David Malcolm <dmalcolm@redhat.com>
588
589 PR analyzer/98293
590 * store.cc (binding_map::apply_ctor_to_region): When "index" is
591 NULL, iterate through the fields for RECORD_TYPEs, rather than
592 creating an INTEGER_CST index.
593
94358e47
GA		 5942020-11-30 David Malcolm <dmalcolm@redhat.com>
595
596 * analyzer-pass.cc: Include "analyzer/analyzer.h" for the
597 declaration of sorry_no_analyzer; include "tree.h" and
598 "function.h" as these are needed by it.
599
6002020-11-30 David Malcolm <dmalcolm@redhat.com>
601
602 * analyzer-pass.cc (pass_analyzer::execute): Move sorry call to...
603 (sorry_no_analyzer): New.
604 * analyzer.h (class state_machine): New forward decl.
605 (class logger): New forward decl.
606 (class plugin_analyzer_init_iface): New.
607 (sorry_no_analyzer): New decl.
608 * checker-path.cc (checker_path::fixup_locations): New.
609 * checker-path.h (checker_event::set_location): New.
610 (checker_path::fixup_locations): New decl.
611 * diagnostic-manager.cc
612 (diagnostic_manager::emit_saved_diagnostic): Call
613 checker_path::fixup_locations, and call fixup_location
614 on the primary location.
615 * engine.cc: Include "plugin.h".
616 (class plugin_analyzer_init_impl): New.
617 (impl_run_checkers): Invoke PLUGIN_ANALYZER_INIT callbacks.
618 * pending-diagnostic.h (pending_diagnostic::fixup_location): New
619 vfunc.
620
25bb75f8
GA		 6212020-11-18 David Malcolm <dmalcolm@redhat.com>
622
623 PR analyzer/97893
624 * sm-malloc.cc (null_deref::emit): Use CWE-476 rather than
625 CWE-690, as this isn't due to an unchecked return value.
626 (null_arg::emit): Likewise.
627
a5a11525
GA		 6282020-11-12 David Malcolm <dmalcolm@redhat.com>
629
630 * checker-path.h (checker_event::get_id_ptr): New.
631 * diagnostic-manager.cc (path_builder::path_builder): Add "sd"
632 param and use it to initialize new field "m_sd".
633 (path_builder::get_pending_diagnostic): New.
634 (path_builder::m_sd): New field.
635 (diagnostic_manager::emit_saved_diagnostic): Pass sd to
636 path_builder ctor.
637 (diagnostic_manager::add_events_for_superedge): Call new
638 maybe_add_custom_events_for_superedge vfunc.
639 * engine.cc (stale_jmp_buf::stale_jmp_buf): Add "setjmp_point"
640 param and use it to initialize new field "m_setjmp_point".
641 Initialize new field "m_stack_pop_event".
642 (stale_jmp_buf::maybe_add_custom_events_for_superedge): New vfunc
643 implementation.
644 (stale_jmp_buf::describe_final_event): New vfunc implementation.
645 (stale_jmp_buf::m_setjmp_point): New field.
646 (stale_jmp_buf::m_stack_pop_event): New field.
647 (exploded_node::on_longjmp): Pass setjmp_point to stale_jmp_buf
648 ctor.
649 * pending-diagnostic.h
650 (pending_diagnostic::maybe_add_custom_events_for_superedge): New
651 vfunc.
652
6532020-11-12 David Malcolm <dmalcolm@redhat.com>
654
655 PR tree-optimization/97424
656 * analyzer.opt (Wanalyzer-shift-count-negative): New.
657 (Wanalyzer-shift-count-overflow): New.
658 * region-model.cc (class shift_count_negative_diagnostic): New.
659 (class shift_count_overflow_diagnostic): New.
660 (region_model::get_gassign_result): Complain about shift counts that
661 are negative or are >= the operand's type's width.
662
bb622641
GA		 6632020-11-10 Martin Liska <mliska@suse.cz>
664
665 * constraint-manager.cc (constraint_manager::merge): Remove
666 unused code.
667 * constraint-manager.h: Likewise.
668 * program-state.cc (sm_state_map::sm_state_map): Likewise.
669 (program_state::program_state): Likewise.
670 (test_sm_state_map): Likewise.
671 * program-state.h: Likewise.
672 * region-model-reachability.cc (reachable_regions::reachable_regions): Likewise.
673 * region-model-reachability.h: Likewise.
674 * region-model.cc (region_model::handle_unrecognized_call): Likewise.
675 (region_model::get_reachable_svalues): Likewise.
676 (region_model::can_merge_with_p): Likewise.
677
0cfd9109
GA		 6782020-11-05 David Malcolm <dmalcolm@redhat.com>
679
680 PR analyzer/97668
681 * svalue.cc (cmp_cst): Handle COMPLEX_CST.
682
e93aae4a
GA		 6832020-10-29 David Malcolm <dmalcolm@redhat.com>
684
685 * program-state.cc (sm_state_map::on_liveness_change): Sort the
686 leaking svalues before calling on_state_leak.
687 (program_state::detect_leaks): Likewise when calling
688 on_svalue_leak.
689 * region-model-reachability.cc
690 (reachable_regions::mark_escaped_clusters): Likewise when
691 calling on_escaped_function.
692
6932020-10-29 David Malcolm <dmalcolm@redhat.com>
694
695 PR analyzer/97608
696 * region-model-reachability.cc (reachable_regions::handle_sval):
697 Operands of reachable reversible operations are reachable.
698
6992020-10-29 David Malcolm <dmalcolm@redhat.com>
700
701 * analyzer.h (class state_machine): New forward decl.
702 (class logger): Likewise.
703 (class visitor): Likewise.
704 * complexity.cc: New file, taken from svalue.cc.
705 * complexity.h: New file, taken from region-model.h.
706 * region-model.h: Include "analyzer/svalue.h" and
707 "analyzer/region.h". Move struct complexity to complexity.h.
708 Move svalue, its subclasses and supporting decls to svalue.h.
709 Move region, its subclasses and supporting decls to region.h.
710 * region.cc: Include "analyzer/region.h".
711 (symbolic_region::symbolic_region): Move here from region-model.h.
712 * region.h: New file, based on material from region-model.h.
713 * svalue.cc: Include "analyzer/svalue.h".
714 (complexity::complexity): Move to complexity.cc.
715 (complexity::from_pair): Likewise.
716 * svalue.h: New file, based on material from region-model.h.
717
7182020-10-29 David Malcolm <dmalcolm@redhat.com>
719
720 * program-state.cc (sm_state_map::print): Guard the printing of
721 the origin pointer with !flag_dump_noaddr.
722 * region.cc (string_region::dump_to_pp): Likewise for
723 m_string_cst.
724
89bb01e7
GA		 7252020-10-27 David Malcolm <dmalcolm@redhat.com>
726
727 PR analyzer/97568
728 * region-model.cc (region_model::get_initial_value_for_global):
729 Move check that !DECL_EXTERNAL from here to...
730 * region.cc (decl_region::get_svalue_for_initializer): ...here,
731 using it to reject zero initialization.
732
7332020-10-27 Markus Böck <markus.boeck02@gmail.com>
734
735 PR analyzer/96608
736 * store.h (hash): Cast to intptr_t instead of long
737
7382020-10-27 David Malcolm <dmalcolm@redhat.com>
739
740 * constraint-manager.cc (svalue_cmp_by_ptr): Delete.
741 (equiv_class::canonicalize): Use svalue::cmp_ptr_ptr instead.
742 (equiv_class_cmp): Eliminate pointer comparison.
743 * diagnostic-manager.cc (dedupe_key::comparator): If they are at
744 the same location, also compare epath ength and pending_diagnostic
745 kind.
746 * engine.cc (readability_comparator): If two path_vars have the
747 same readability, then impose an arbitrary ordering on them.
748 (worklist::key_t::cmp): If two points have the same plan ordering,
749 continue the comparison. Call sm_state_map::cmp rather than
750 comparing hash values.
751 * program-state.cc (sm_state_map::entry_t::cmp): New.
752 (sm_state_map::cmp): New.
753 * program-state.h (sm_state_map::entry_t::cmp): New decl.
754 (sm_state_map::elements): New.
755 (sm_state_map::cmp): New.
756
7572020-10-27 David Malcolm <dmalcolm@redhat.com>
758
759 * engine.cc (setjmp_record::cmp): New.
760 (supernode_cluster::dump_dot): Avoid embedding pointer in cluster
761 name.
762 (supernode_cluster::cmp_ptr_ptr): New.
763 (function_call_string_cluster::dump_dot): Avoid embedding pointer
764 in cluster name. Sort m_map when dumping child clusters.
765 (function_call_string_cluster::cmp_ptr_ptr): New.
766 (root_cluster::dump_dot): Sort m_map when dumping child clusters.
767 * program-point.cc (function_point::cmp): New.
768 (function_point::cmp_ptr): New.
769 * program-point.h (function_point::cmp): New decl.
770 (function_point::cmp_ptr): New decl.
771 * program-state.cc (sm_state_map::print): Sort the values. Guard
772 the printing of pointers with !flag_dump_noaddr.
773 (program_state::prune_for_point): Sort the regions.
774 (log_set_of_svalues): Sort the values. Guard the printing of
775 pointers with !flag_dump_noaddr.
776 * region-model-manager.cc (log_uniq_map): Sort the values.
777 * region-model-reachability.cc (dump_set): New function template.
778 (reachable_regions::dump_to_pp): Use it.
779 * region-model.h (svalue::cmp_ptr): New decl.
780 (svalue::cmp_ptr_ptr): New decl.
781 (setjmp_record::cmp): New decl.
782 (placeholder_svalue::get_name): New accessor.
783 (widening_svalue::get_point): New accessor.
784 (compound_svalue::get_map): New accessor.
785 (conjured_svalue::get_stmt): New accessor.
786 (conjured_svalue::get_id_region): New accessor.
787 (region::cmp_ptrs): Rename to...
788 (region::cmp_ptr_ptr): ...this.
789 * region.cc (region::cmp_ptrs): Rename to...
790 (region::cmp_ptr_ptr): ...this.
791 * state-purge.cc
792 (state_purge_per_ssa_name::state_purge_per_ssa_name): Sort
793 m_points_needing_name when dumping.
794 * store.cc (concrete_binding::cmp_ptr_ptr): New.
795 (symbolic_binding::cmp_ptr_ptr): New.
796 (binding_map::cmp): New.
797 (get_sorted_parent_regions): Update for renaming of
798 region::cmp_ptrs to region::cmp_ptr_ptr.
799 (store::dump_to_pp): Likewise.
800 (store::to_json): Likewise.
801 (store::can_merge_p): Sort the base regions before considering
802 them.
803 * store.h (concrete_binding::cmp_ptr_ptr): New decl.
804 (symbolic_binding::cmp_ptr_ptr): New decl.
805 (binding_map::cmp): New decl.
806 * supergraph.cc (supergraph::supergraph): Assign UIDs to the
807 gimple stmts.
808 * svalue.cc (cmp_cst): New.
809 (svalue::cmp_ptr): New.
810 (svalue::cmp_ptr_ptr): New.
811
8122020-10-27 David Malcolm <dmalcolm@redhat.com>
813
814 * engine.cc (exploded_graph::get_or_create_node): Fix off-by-one
815 when imposing param_analyzer_max_enodes_per_program_point limit.
816
8172020-10-27 David Malcolm <dmalcolm@redhat.com>
818
819 * region-model.cc (region_model::get_representative_path_var):
820 Implement case RK_LABEL.
821 * region-model.h (label_region::get_label): New accessor.
822
43868df3
GA		 8232020-10-22 David Malcolm <dmalcolm@redhat.com>
824
825 PR analyzer/97514
826 * engine.cc (exploded_graph::add_function_entry): Handle failure
827 to create an enode, rather than asserting.
828
8292020-10-22 David Malcolm <dmalcolm@redhat.com>
830
831 PR analyzer/97489
832 * engine.cc (exploded_graph::add_function_entry): Assert that we
833 have a function body.
834 (exploded_graph::on_escaped_function): Reject fndecls that don't
835 have a function body.
836
b2698c21
GA		 8372020-10-14 David Malcolm <dmalcolm@redhat.com>
838
839 PR analyzer/93388
840 * region-model.cc (region_model::get_initial_value_for_global):
841 Fall back to returning an initial_svalue if
842 decl_region::get_svalue_for_initializer fails.
843 * region.cc (decl_region::get_svalue_for_initializer): Don't
844 attempt to create a compound_svalue if the region has an unknown
845 size.
846
8472020-10-14 David Malcolm <dmalcolm@redhat.com>
848
849 PR analyzer/93723
850 * store.cc (binding_map::apply_ctor_to_region): Remove redundant
851 assertion.
852
8be127ca
GA		 8532020-10-12 David Malcolm <dmalcolm@redhat.com>
854
855 PR analyzer/97258
856 * engine.cc (impl_region_model_context::on_escaped_function): New
857 vfunc.
858 (exploded_graph::add_function_entry): Use m_functions_with_enodes
859 to implement idempotency.
860 (add_any_callbacks): New.
861 (exploded_graph::build_initial_worklist): Use the above to find
862 callbacks that are reachable from global initializers.
863 (exploded_graph::on_escaped_function): New.
864 * exploded-graph.h
865 (impl_region_model_context::on_escaped_function): New decl.
866 (exploded_graph::on_escaped_function): New decl.
867 (exploded_graph::m_functions_with_enodes): New field.
868 * region-model-reachability.cc
869 (reachable_regions::reachable_regions): Replace "store" param with
870 "model" param; use it to initialize m_model.
871 (reachable_regions::add): When getting the svalue for the region,
872 call get_store_value on the model rather than using an initial
873 value.
874 (reachable_regions::mark_escaped_clusters): Add ctxt param and
875 use it to call on_escaped_function when a function_region escapes.
876 * region-model-reachability.h
877 (reachable_regions::reachable_regions): Replace "store" param with
878 "model" param.
879 (reachable_regions::mark_escaped_clusters): Add ctxt param.
880 (reachable_regions::m_model): New field.
881 * region-model.cc (region_model::handle_unrecognized_call): Update
882 for change in reachable_regions ctor.
883 (region_model::handle_unrecognized_call): Pass ctxt to
884 mark_escaped_clusters.
885 (region_model::get_reachable_svalues): Update for change in
886 reachable_regions ctor.
887 (region_model::get_initial_value_for_global): Read-only variables
888 keep their initial values.
889 * region-model.h (region_model_context::on_escaped_function): New
890 vfunc.
891 (noop_region_model_context::on_escaped_function): New.
892
8932020-10-12 David Malcolm <dmalcolm@redhat.com>
894
895 * analyzer.opt (Wanalyzer-write-to-const): New.
896 (Wanalyzer-write-to-string-literal): New.
897 * region-model-impl-calls.cc (region_model::impl_call_memcpy):
898 Call check_for_writable_region.
899 (region_model::impl_call_memset): Likewise.
900 (region_model::impl_call_strcpy): Likewise.
901 * region-model.cc (class write_to_const_diagnostic): New.
902 (class write_to_string_literal_diagnostic): New.
903 (region_model::check_for_writable_region): New.
904 (region_model::set_value): Call check_for_writable_region.
905 * region-model.h (region_model::check_for_writable_region): New
906 decl.
907
6caec77e
GA		 9082020-10-07 David Malcolm <dmalcolm@redhat.com>
909
910 PR analyzer/97116
911 * sm-malloc.cc (method_p): New.
912 (describe_argument_index): New.
913 (inform_nonnull_attribute): Use describe_argument_index.
914 (possible_null_arg::describe_final_event): Likewise.
915 (null_arg::describe_final_event): Likewise.
916
93bca37c
GA		 9172020-09-29 David Malcolm <dmalcolm@redhat.com>
918
919 PR analyzer/95188
920 * engine.cc (stmt_requires_new_enode_p): Split enodes before
921 "signal" calls.
922
9232020-09-29 David Malcolm <dmalcolm@redhat.com>
924
925 * constraint-manager.cc
926 (constraint_manager::add_constraint_internal): Whitespace fixes.
927 Silence -Wsign-compare warning.
928 * engine.cc (maybe_process_run_of_before_supernode_enodes):
929 Silence -Wsign-compare warning.
930
e84761c6
GA		 9312020-09-28 David Malcolm <dmalcolm@redhat.com>
932
933 * region-model.h (binop_svalue::dyn_cast_binop_svalue): Remove
934 redundant "virtual". Add FINAL OVERRIDE.
935 (widening_svalue::dyn_cast_widening_svalue): Add FINAL OVERRIDE.
936 (compound_svalue::dyn_cast_compound_svalue): Likewise.
937 (conjured_svalue::dyn_cast_conjured_svalue): Likewise.
938
9392020-09-28 David Malcolm <dmalcolm@redhat.com>
940
941 * diagnostic-manager.cc (null_assignment_sm_context::m_visitor):
942 Remove unused field.
943
9442020-09-28 David Malcolm <dmalcolm@redhat.com>
945
946 PR analyzer/97233
947 * analyzer.cc (is_longjmp_call_p): Require the initial argument
948 to be a pointer.
949 * engine.cc (exploded_node::on_longjmp): Likewise.
950
9512020-09-28 David Malcolm <dmalcolm@redhat.com>
952
953 * program-state.cc (sm_state_map::print): Update check
954 for m_global_state being the start state.
955
91dd4a38
GA		 9562020-09-26 David Malcolm <dmalcolm@redhat.com>
957
958 PR analyzer/96646
959 PR analyzer/96841
960 * region-model.cc (region_model::get_representative_path_var):
961 When handling offset_region, wrap the MEM_REF's first argument in
962 an ADDR_EXPR of pointer type, rather than simply using the tree
963 for the parent region. Require the MEM_REF's second argument to
964 be an integer constant.
965
a2b7397b
GA		 9662020-09-24 David Malcolm <dmalcolm@redhat.com>
967
968 * analyzer.h (struct rejected_constraint): New decl.
969 * analyzer.opt (fanalyzer-feasibility): New option.
970 * diagnostic-manager.cc (path_builder::path_builder): Add
971 "problem" param and use it to initialize new field.
972 (path_builder::get_feasibility_problem): New accessor.
973 (path_builder::m_feasibility_problem): New field.
974 (dedupe_winners::add): Remove inversion of logic in "if" clause,
975 swapping if/else suites. In the !feasible_p suite, inspect
976 flag_analyzer_feasibility and add code to handle when this
977 is off, accepting the infeasible path, but recording the
978 feasibility_problem.
979 (diagnostic_manager::emit_saved_diagnostic): Pass the
980 feasibility_problem to the path_builder.
981 (diagnostic_manager::add_events_for_eedge): If we have
982 a feasibility_problem at this edge, use it to add a custom event.
983 * engine.cc (exploded_path::feasible_p): Pass a
984 rejected_constraint ** to model.maybe_update_for_edge and transfer
985 ownership of any created instance to any feasibility_problem.
986 (feasibility_problem::dump_to_pp): New.
987 * exploded-graph.h (feasibility_problem::feasibility_problem):
988 Drop "model" param; add rejected_constraint * param.
989 (feasibility_problem::~feasibility_problem): New.
990 (feasibility_problem::dump_to_pp): New decl.
991 (feasibility_problem::m_model): Drop field.
992 (feasibility_problem::m_rc): New field.
993 * program-point.cc (function_point::get_location): Handle
994 PK_BEFORE_SUPERNODE and PK_AFTER_SUPERNODE.
995 * program-state.cc (program_state::on_edge): Pass NULL to new
996 param of region_model::maybe_update_for_edge.
997 * region-model.cc (region_model::add_constraint): New overload
998 adding a rejected_constraint ** param.
999 (region_model::maybe_update_for_edge): Add rejected_constraint **
1000 param and pass it to the various apply_constraints_for_ calls.
1001 (region_model::apply_constraints_for_gcond): Add
1002 rejected_constraint ** param and pass it to add_constraint calls.
1003 (region_model::apply_constraints_for_gswitch): Likewise.
1004 (region_model::apply_constraints_for_exception): Likewise.
1005 (rejected_constraint::dump_to_pp): New.
1006 * region-model.h (region_model::maybe_update_for_edge):
1007 Add rejected_constraint ** param.
1008 (region_model::add_constraint): New overload adding a
1009 rejected_constraint ** param.
1010 (region_model::apply_constraints_for_gcond): Add
1011 rejected_constraint ** param.
1012 (region_model::apply_constraints_for_gswitch): Likewise.
1013 (region_model::apply_constraints_for_exception): Likewise.
1014 (struct rejected_constraint): New.
1015
82b77dee
GA		 10162020-09-23 David Malcolm <dmalcolm@redhat.com>
1017
1018 PR analyzer/97178
1019 * engine.cc (impl_run_checkers): Update for change to ext_state
1020 ctor.
1021 * program-state.cc (selftest::test_sm_state_map): Pass an engine
1022 instance to ext_state ctor.
1023 (selftest::test_program_state_1): Likewise.
1024 (selftest::test_program_state_2): Likewise.
1025 (selftest::test_program_state_merging): Likewise.
1026 (selftest::test_program_state_merging_2): Likewise.
1027 * program-state.h (extrinsic_state::extrinsic_state): Remove NULL
1028 default value for "eng" param.
1029
10302020-09-23 Tobias Burnus <tobias@codesourcery.com>
1031
1032 * analyzer-logging.cc: Guard '#pragma ... ignored "-Wformat-diag"'
1033 by '#if __GNUC__ >= 10'
1034 * analyzer.h: Likewise.
1035 * call-string.cc: Likewise.
1036
10372020-09-23 David Malcolm <dmalcolm@redhat.com>
1038
1039 * engine.cc (exploded_node::on_stmt): Replace sequence of dyn_cast
1040 with switch.
1041
521d2711
GA		 10422020-09-22 David Malcolm <dmalcolm@redhat.com>
1043
1044 * analysis-plan.cc: Include "json.h".
1045 * analyzer.opt (fdump-analyzer-json): New.
1046 * call-string.cc: Include "json.h".
1047 (call_string::to_json): New.
1048 * call-string.h (call_string::to_json): New decl.
1049 * checker-path.cc: Include "json.h".
1050 * constraint-manager.cc: Include "json.h".
1051 (equiv_class::to_json): New.
1052 (constraint::to_json): New.
1053 (constraint_manager::to_json): New.
1054 * constraint-manager.h (equiv_class::to_json): New decl.
1055 (constraint::to_json): New decl.
1056 (constraint_manager::to_json): New decl.
1057 * diagnostic-manager.cc: Include "json.h".
1058 (saved_diagnostic::to_json): New.
1059 (diagnostic_manager::to_json): New.
1060 * diagnostic-manager.h (saved_diagnostic::to_json): New decl.
1061 (diagnostic_manager::to_json): New decl.
1062 * engine.cc: Include "json.h", <zlib.h>.
1063 (exploded_node::status_to_str): New.
1064 (exploded_node::to_json): New.
1065 (exploded_edge::to_json): New.
1066 (exploded_graph::to_json): New.
1067 (dump_analyzer_json): New.
1068 (impl_run_checkers): Call it.
1069 * exploded-graph.h (exploded_node::status_to_str): New decl.
1070 (exploded_node::to_json): New.
1071 (exploded_edge::to_json): New.
1072 (exploded_graph::to_json): New.
1073 * pending-diagnostic.cc: Include "json.h".
1074 * program-point.cc: Include "json.h".
1075 (program_point::to_json): New.
1076 * program-point.h (program_point::to_json): New decl.
1077 * program-state.cc: Include "json.h".
1078 (extrinsic_state::to_json): New.
1079 (sm_state_map::to_json): New.
1080 (program_state::to_json): New.
1081 * program-state.h (extrinsic_state::to_json): New decl.
1082 (sm_state_map::to_json): New decl.
1083 (program_state::to_json): New decl.
1084 * region-model-impl-calls.cc: Include "json.h".
1085 * region-model-manager.cc: Include "json.h".
1086 * region-model-reachability.cc: Include "json.h".
1087 * region-model.cc: Include "json.h".
1088 * region-model.h (svalue::to_json): New decl.
1089 (region::to_json): New decl.
1090 * region.cc: Include "json.h".
1091 (region::to_json: New.
1092 * sm-file.cc: Include "json.h".
1093 * sm-malloc.cc: Include "json.h".
1094 * sm-pattern-test.cc: Include "json.h".
1095 * sm-sensitive.cc: Include "json.h".
1096 * sm-signal.cc: Include "json.h".
1097 (signal_delivery_edge_info_t::to_json): New.
1098 * sm-taint.cc: Include "json.h".
1099 * sm.cc: Include "diagnostic.h", "tree-diagnostic.h", and
1100 "json.h".
1101 (state_machine::state::to_json): New.
1102 (state_machine::to_json): New.
1103 * sm.h (state_machine::state::to_json): New.
1104 (state_machine::to_json): New.
1105 * state-purge.cc: Include "json.h".
1106 * store.cc: Include "json.h".
1107 (binding_key::get_desc): New.
1108 (binding_map::to_json): New.
1109 (binding_cluster::to_json): New.
1110 (store::to_json): New.
1111 * store.h (binding_key::get_desc): New decl.
1112 (binding_map::to_json): New decl.
1113 (binding_cluster::to_json): New decl.
1114 (store::to_json): New decl.
1115 * supergraph.cc: Include "json.h".
1116 (supergraph::to_json): New.
1117 (supernode::to_json): New.
1118 (superedge::to_json): New.
1119 * supergraph.h (supergraph::to_json): New decl.
1120 (supernode::to_json): New decl.
1121 (superedge::to_json): New decl.
1122 * svalue.cc: Include "json.h".
1123 (svalue::to_json): New.
1124
44135373
GA		 11252020-09-21 David Malcolm <dmalcolm@redhat.com>
1126
1127 PR analyzer/97130
1128 * region-model-impl-calls.cc (call_details::get_arg_type): New.
1129 * region-model.cc (region_model::on_call_pre): Check that the
1130 initial arg is a pointer before calling impl_call_memset and
1131 impl_call_strlen.
1132 * region-model.h (call_details::get_arg_type): New decl.
1133
11342020-09-21 David Malcolm <dmalcolm@redhat.com>
1135
1136 PR analyzer/93355
1137 * sm-malloc.cc (malloc_state_machine::get_default_state): Look at
1138 the base region when considering pointers. Treat pointers to
1139 decls as being non-heap.
1140
239601c5
GA		 11412020-09-18 David Malcolm <dmalcolm@redhat.com>
1142
1143 * checker-path.cc (warning_event::get_desc): Handle global state
1144 changes.
1145
11462020-09-18 David Malcolm <dmalcolm@redhat.com>
1147
1148 * sm-malloc.cc (malloc_state_machine::on_stmt): Handle strdup and
1149 strndup as being malloc-like allocators.
1150
ecde1b0a
GA		 11512020-09-16 David Malcolm <dmalcolm@redhat.com>
1152
1153 * engine.cc (strongly_connected_components::strong_connect): Only
1154 consider intraprocedural edges when creating SCCs.
1155 (worklist::key_t::cmp): Add comment. Treat call_string
1156 differences as more important than differences of program_point
1157 within a supernode.
1158
11592020-09-16 David Malcolm <dmalcolm@redhat.com>
1160
1161 * engine.cc (supernode_cluster::dump_dot): Show the SCC id
1162 in the per-supernode clusters in FILENAME.eg.dot output.
1163 (exploded_graph_annotator::add_node_annotations):
1164 Show the SCC of the supernode in FILENAME.supernode.eg.dot output.
1165 * exploded-graph.h (worklist::scc_id): New.
1166 (exploded_graph::get_scc_id): New.
1167
11682020-09-16 David Malcolm <dmalcolm@redhat.com>
1169
1170 * engine.cc (exploded_node::dump_dot): Show STATUS_BULK_MERGED.
1171 (exploded_graph::process_worklist): Call
1172 maybe_process_run_of_before_supernode_enodes.
1173 (exploded_graph::maybe_process_run_of_before_supernode_enodes):
1174 New.
1175 (exploded_graph_annotator::print_enode): Show STATUS_BULK_MERGED.
1176 * exploded-graph.h (enum exploded_node::status): Add
1177 STATUS_BULK_MERGED.
1178
11792020-09-16 David Malcolm <dmalcolm@redhat.com>
1180
1181 * engine.cc
1182 (exploded_graph::process_node) <case PK_BEFORE_SUPERNODE>:
1183 Simplify by using program_point::get_next.
1184 * program-point.cc (program_point::get_next): New.
1185 * program-point.h (program_point::get_next): New decl.
1186
11872020-09-16 David Malcolm <dmalcolm@redhat.com>
1188
1189 * engine.cc (exploded_graph::get_or_create_node): Show the
1190 program point when issuing -Wanalyzer-too-complex due to hitting
1191 the per-program-point limit.
1192
11932020-09-16 David Malcolm <dmalcolm@redhat.com>
1194
1195 * region-model.cc (region_model::on_call_pre): Treat getchar as
1196 having no side-effects.
1197
9f7ab8c5
GA		 11982020-09-15 David Malcolm <dmalcolm@redhat.com>
1199
1200 PR analyzer/96650
1201 * constraint-manager.cc (merger_fact_visitor::on_fact): Replace
1202 assertion that add_constraint succeeded with an assertion that
1203 if it fails, -fanalyzer-transitivity is off.
1204
50a71cd0
GA		 12052020-09-14 David Malcolm <dmalcolm@redhat.com>
1206
1207 * analyzer.opt (-param=analyzer-max-constraints=): New param.
1208 * constraint-manager.cc
1209 (constraint_manager::add_constraint_internal): Silently reject
1210 attempts to add constraints when the above limit is reached.
1211
12122020-09-14 David Malcolm <dmalcolm@redhat.com>
1213
1214 PR analyzer/96653
1215 * constraint-manager.cc
1216 (constraint_manager::get_or_add_equiv_class): Don't accumulate
1217 transitive closure of all constraints on constants.
1218
12192020-09-14 David Malcolm <dmalcolm@redhat.com>
1220
1221 PR analyzer/97029
1222 * analyzer.cc (is_setjmp_call_p): Require the initial arg to be a
1223 pointer.
1224 * region-model.cc (region_model::deref_rvalue): Assert that the
1225 svalue is of pointer type.
1226
ac35c090
GA		 12272020-09-11 David Malcolm <dmalcolm@redhat.com>
1228
1229 PR analyzer/96798
1230 * region-model-impl-calls.cc (region_model::impl_call_memcpy):
1231 New.
1232 (region_model::impl_call_strcpy): New.
1233 * region-model.cc (region_model::on_call_pre): Flag unhandled
1234 builtins that are non-pure as having unknown side-effects.
1235 Implement BUILT_IN_MEMCPY, BUILT_IN_MEMCPY_CHK, BUILT_IN_STRCPY,
1236 BUILT_IN_STRCPY_CHK, BUILT_IN_FPRINTF, BUILT_IN_FPRINTF_UNLOCKED,
1237 BUILT_IN_PUTC, BUILT_IN_PUTC_UNLOCKED, BUILT_IN_FPUTC,
1238 BUILT_IN_FPUTC_UNLOCKED, BUILT_IN_FPUTS, BUILT_IN_FPUTS_UNLOCKED,
1239 BUILT_IN_FWRITE, BUILT_IN_FWRITE_UNLOCKED, BUILT_IN_PRINTF,
1240 BUILT_IN_PRINTF_UNLOCKED, BUILT_IN_PUTCHAR,
1241 BUILT_IN_PUTCHAR_UNLOCKED, BUILT_IN_PUTS, BUILT_IN_PUTS_UNLOCKED,
1242 BUILT_IN_VFPRINTF, BUILT_IN_VPRINTF.
1243 * region-model.h (region_model::impl_call_memcpy): New decl.
1244 (region_model::impl_call_strcpy): New decl.
1245
80f86e78
GA		 12462020-09-09 David Malcolm <dmalcolm@redhat.com>
1247
1248 PR analyzer/94355
1249 * analyzer.opt (Wanalyzer-mismatching-deallocation): New warning.
1250 * region-model-impl-calls.cc
1251 (region_model::impl_call_operator_new): New.
1252 (region_model::impl_call_operator_delete): New.
1253 * region-model.cc (region_model::on_call_pre): Detect operator new
1254 and operator delete.
1255 (region_model::on_call_post): Likewise.
1256 (region_model::maybe_update_for_edge): Detect EH edges and call...
1257 (region_model::apply_constraints_for_exception): New function.
1258 * region-model.h (region_model::impl_call_operator_new): New decl.
1259 (region_model::impl_call_operator_delete): New decl.
1260 (region_model::apply_constraints_for_exception): New decl.
1261 * sm-malloc.cc (enum resource_state): New.
1262 (struct allocation_state): New state subclass.
1263 (enum wording): New.
1264 (struct api): New.
1265 (malloc_state_machine::custom_data_t): New typedef.
1266 (malloc_state_machine::add_state): New decl.
1267 (malloc_state_machine::m_unchecked)
1268 (malloc_state_machine::m_nonnull)
1269 (malloc_state_machine::m_freed): Delete these states in favor
1270 of...
1271 (malloc_state_machine::m_malloc)
1272 (malloc_state_machine::m_scalar_new)
1273 (malloc_state_machine::m_vector_new): ...this new api instances,
1274 which own their own versions of these states.
1275 (malloc_state_machine::on_allocator_call): New decl.
1276 (malloc_state_machine::on_deallocator_call): New decl.
1277 (api::api): New ctor.
1278 (dyn_cast_allocation_state): New.
1279 (as_a_allocation_state): New.
1280 (get_rs): New.
1281 (unchecked_p): New.
1282 (nonnull_p): New.
1283 (freed_p): New.
1284 (malloc_diagnostic::describe_state_change): Use unchecked_p and
1285 nonnull_p.
1286 (class mismatching_deallocation): New.
1287 (double_free::double_free): Add funcname param for initializing
1288 m_funcname.
1289 (double_free::emit): Use m_funcname in warning message rather
1290 than hardcoding "free".
1291 (double_free::describe_state_change): Likewise. Use freed_p.
1292 (double_free::describe_call_with_state): Use freed_p.
1293 (double_free::describe_final_event): Use m_funcname in message
1294 rather than hardcoding "free".
1295 (double_free::m_funcname): New field.
1296 (possible_null::describe_state_change): Use unchecked_p.
1297 (possible_null::describe_return_of_state): Likewise.
1298 (use_after_free::use_after_free): Add param for initializing m_api.
1299 (use_after_free::emit): Use m_api->m_dealloc_funcname in message
1300 rather than hardcoding "free".
1301 (use_after_free::describe_state_change): Use freed_p. Change the
1302 wording of the message based on the API.
1303 (use_after_free::describe_final_event): Use
1304 m_api->m_dealloc_funcname in message rather than hardcoding
1305 "free". Change the wording of the message based on the API.
1306 (use_after_free::m_api): New field.
1307 (malloc_leak::describe_state_change): Use unchecked_p. Update
1308 for renaming of m_malloc_event to m_alloc_event.
1309 (malloc_leak::describe_final_event): Update for renaming of
1310 m_malloc_event to m_alloc_event.
1311 (malloc_leak::m_malloc_event): Rename...
1312 (malloc_leak::m_alloc_event): ...to this.
1313 (free_of_non_heap::free_of_non_heap): Add param for initializing
1314 m_funcname.
1315 (free_of_non_heap::emit): Use m_funcname in message rather than
1316 hardcoding "free".
1317 (free_of_non_heap::describe_final_event): Likewise.
1318 (free_of_non_heap::m_funcname): New field.
1319 (allocation_state::dump_to_pp): New.
1320 (allocation_state::get_nonnull): New.
1321 (malloc_state_machine::malloc_state_machine): Update for changes
1322 to state fields and new api fields.
1323 (malloc_state_machine::add_state): New.
1324 (malloc_state_machine::on_stmt): Move malloc/calloc handling to
1325 on_allocator_call and call it, passing in the API pointer.
1326 Likewise for free, moving it to on_deallocator_call. Handle calls
1327 to operator new and delete in an analogous way. Use unchecked_p
1328 when testing for possibly-null-arg and possibly-null-deref, and
1329 transition to the non-null for the correct API. Remove redundant
1330 node param from call to on_zero_assignment. Use freed_p for
1331 use-after-free check, and pass in API.
1332 (malloc_state_machine::on_allocator_call): New, based on code in
1333 on_stmt.
1334 (malloc_state_machine::on_deallocator_call): Likewise.
1335 (malloc_state_machine::on_phi): Mark node param with
1336 ATTRIBUTE_UNUSED; don't pass it to on_zero_assignment.
1337 (malloc_state_machine::on_condition): Mark node param with
1338 ATTRIBUTE_UNUSED. Replace on_transition calls with get_state and
1339 set_next_state pairs, transitioning to the non-null state for the
1340 appropriate API.
1341 (malloc_state_machine::can_purge_p): Port to new state approach.
1342 (malloc_state_machine::on_zero_assignment): Replace on_transition
1343 calls with get_state and set_next_state pairs. Drop redundant
1344 node param.
1345 * sm.h (state_machine::add_custom_state): New.
1346
13472020-09-09 David Malcolm <dmalcolm@redhat.com>
1348
1349 * diagnostic-manager.cc
1350 (null_assignment_sm_context::warn_for_state): Replace with...
1351 (null_assignment_sm_context::warn): ...this.
1352 * engine.cc (impl_sm_context::warn_for_state): Replace with...
1353 (impl_sm_context::warn): ...this.
1354 * sm-file.cc (fileptr_state_machine::on_stmt): Replace
1355 warn_for_state and on_transition calls with a get_state
1356 test guarding warn and set_next_state calls.
1357 * sm-malloc.cc (malloc_state_machine::on_stmt): Likewise.
1358 * sm-pattern-test.cc (pattern_test_state_machine::on_condition):
1359 Replace warn_for_state call with warn call.
1360 * sm-sensitive.cc
1361 (sensitive_state_machine::warn_for_any_exposure): Replace
1362 warn_for_state call with a get_state test guarding a warn call.
1363 * sm-signal.cc (signal_state_machine::on_stmt): Likewise.
1364 * sm-taint.cc (taint_state_machine::on_stmt): Replace
1365 warn_for_state and on_transition calls with a get_state
1366 test guarding warn and set_next_state calls.
1367 * sm.h (sm_context::warn_for_state): Replace with...
1368 (sm_context::warn): ...this.
1369
13702020-09-09 David Malcolm <dmalcolm@redhat.com>
1371
1372 * diagnostic-manager.cc
1373 (null_assignment_sm_context::null_assignment_sm_context): Add old_state
1374 and ext_state params, initializing m_old_state and m_ext_state.
1375 (null_assignment_sm_context::on_transition): Split into...
1376 (null_assignment_sm_context::get_state): ...this new vfunc
1377 implementation and...
1378 (null_assignment_sm_context::set_next_state): ...this new vfunc
1379 implementation.
1380 (null_assignment_sm_context::m_old_state): New field.
1381 (null_assignment_sm_context::m_ext_state): New field.
1382 (diagnostic_manager::add_events_for_eedge): Pass in old state and
1383 ext_state when creating sm_ctxt.
1384 * engine.cc (impl_sm_context::on_transition): Split into...
1385 (impl_sm_context::get_state): ...this new vfunc
1386 implementation and...
1387 (impl_sm_context::set_next_state): ...this new vfunc
1388 implementation.
1389 * sm.h (sm_context::get_state): New pure virtual function.
1390 (sm_context::set_next_state): Likewise.
1391 (sm_context::on_transition): Convert from a pure virtual function
1392 to a regular function implemented in terms of get_state and
1393 set_next_state.
1394
13952020-09-09 David Malcolm <dmalcolm@redhat.com>
1396
1397 * checker-path.cc (state_change_event::get_desc): Update
1398 state_machine::get_state_name calls to state::get_name.
1399 (warning_event::get_desc): Likewise.
1400 * diagnostic-manager.cc
1401 (null_assignment_sm_context::on_transition): Update comparison
1402 against 0 with comparison with m_sm.get_start_state.
1403 (diagnostic_manager::prune_for_sm_diagnostic): Update
1404 state_machine::get_state_name calls to state::get_name.
1405 * engine.cc (impl_sm_context::on_transition): Likewise.
1406 (exploded_node::get_dot_fillcolor): Use get_id when summing
1407 the sm states.
1408 * program-state.cc (sm_state_map::sm_state_map): Don't hardcode
1409 0 as the start state when initializing m_global_state.
1410 (sm_state_map::print): Use dump_to_pp rather than get_state_name
1411 when dumping states.
1412 (sm_state_map::is_empty_p): Don't hardcode 0 as the start state
1413 when examining m_global_state.
1414 (sm_state_map::hash): Use get_id when hashing states.
1415 (selftest::test_sm_state_map): Use state objects rather than
1416 arbitrary hardcoded integers.
1417 (selftest::test_program_state_merging): Likewise.
1418 (selftest::test_program_state_merging_2): Likewise.
1419 * sm-file.cc (fileptr_state_machine::m_start): Move to base class.
1420 (file_diagnostic::describe_state_change): Use get_start_state.
1421 (fileptr_state_machine::fileptr_state_machine): Drop m_start
1422 initialization.
1423 * sm-malloc.cc (malloc_state_machine::m_start): Move to base
1424 class.
1425 (malloc_diagnostic::describe_state_change): Use get_start_state.
1426 (possible_null::describe_state_change): Likewise.
1427 (malloc_state_machine::malloc_state_machine): Drop m_start
1428 initialization.
1429 * sm-pattern-test.cc (pattern_test_state_machine::m_start): Move
1430 to base class.
1431 (pattern_test_state_machine::pattern_test_state_machine): Drop
1432 m_start initialization.
1433 * sm-sensitive.cc (sensitive_state_machine::m_start): Move to base
1434 class.
1435 (sensitive_state_machine::sensitive_state_machine): Drop m_start
1436 initialization.
1437 * sm-signal.cc (signal_state_machine::m_start): Move to base
1438 class.
1439 (signal_state_machine::signal_state_machine): Drop m_start
1440 initialization.
1441 * sm-taint.cc (taint_state_machine::m_start): Move to base class.
1442 (taint_state_machine::taint_state_machine): Drop m_start
1443 initialization.
1444 * sm.cc (state_machine::state::dump_to_pp): New.
1445 (state_machine::state_machine): Move here from sm.h. Initialize
1446 m_next_state_id and m_start.
1447 (state_machine::add_state): Reimplement in terms of state objects.
1448 (state_machine::get_state_name): Delete.
1449 (state_machine::get_state_by_name): Reimplement in terms of state
1450 objects. Make const.
1451 (state_machine::validate): Delete.
1452 (state_machine::dump_to_pp): Reimplement in terms of state
1453 objects.
1454 * sm.h (state_machine::state): New class.
1455 (state_machine::state_t): Convert typedef from "unsigned" to
1456 "const state_machine::state *".
1457 (state_machine::state_machine): Move to sm.cc.
1458 (state_machine::get_default_state): Use m_start rather than
1459 hardcoding 0.
1460 (state_machine::get_state_name): Delete.
1461 (state_machine::get_state_by_name): Make const.
1462 (state_machine::get_start_state): New accessor.
1463 (state_machine::alloc_state_id): New.
1464 (state_machine::m_state_names): Drop in favor of...
1465 (state_machine::m_states): New field
1466 (state_machine::m_start): New field
1467 (start_start_p): Delete.
1468
31a05046
GA		 14692020-09-08 David Malcolm <dmalcolm@redhat.com>
1470
1471 PR analyzer/96949
1472 * store.cc (binding_map::apply_ctor_val_to_range): Add
1473 error-handling for the cases where we have symbolic offsets.
1474
14752020-09-08 David Malcolm <dmalcolm@redhat.com>
1476
1477 PR analyzer/96950
1478 * store.cc (binding_map::apply_ctor_to_region): Handle RANGE_EXPR
1479 where min_index == max_index.
1480 (binding_map::apply_ctor_val_to_range): Replace assertion that we
1481 don't have a CONSTRUCTOR value with error-handling.
1482
14832020-09-08 David Malcolm <dmalcolm@redhat.com>
1484
1485 PR analyzer/96962
1486 * region-model.cc (region_model::on_call_pre): Fix guard on switch
1487 on built-ins to only consider BUILT_IN_NORMAL, rather than other
1488 kinds of build-ins.
1489
e1a4a8a0
GA		 14902020-09-01 David Malcolm <dmalcolm@redhat.com>
1491
1492 PR analyzer/96792
1493 * region-model.cc (region_model::deref_rvalue): Add the constraint
1494 that PTR_SVAL is non-NULL.
1495
13e4ba28
GA		 14962020-08-31 David Malcolm <dmalcolm@redhat.com>
1497
1498 PR analyzer/96798
1499 * region-model.cc (region_model::on_call_pre): Handle
1500 BUILT_IN_MEMSET_CHK.
1501
15022020-08-31 David Malcolm <dmalcolm@redhat.com>
1503
1504 * region-model.cc (region_model::on_call_pre): Gather handling of
1505 builtins and of internal fns into switch statements. Handle
1506 "alloca" and BUILT_IN_ALLOCA_WITH_ALIGN.
1507
15082020-08-31 David Malcolm <dmalcolm@redhat.com>
1509
1510 PR analyzer/96860
1511 * region.cc (decl_region::get_svalue_for_constructor): Support
1512 apply_ctor_to_region failing.
1513 * store.cc (binding_map::apply_ctor_to_region): Add failure
1514 handling.
1515 (binding_map::apply_ctor_val_to_range): Likewise.
1516 (binding_map::apply_ctor_pair_to_child_region): Likewise. Replace
1517 assertion that child_base_offset is not symbolic with error
1518 handling.
1519 * store.h (binding_map::apply_ctor_to_region): Convert return type
1520 from void to bool.
1521 (binding_map::apply_ctor_val_to_range): Likewise.
1522 (binding_map::apply_ctor_pair_to_child_region): Likewise.
1523
15242020-08-31 David Malcolm <dmalcolm@redhat.com>
1525
1526 PR analyzer/96763
1527 * store.cc (binding_map::apply_ctor_to_region): Handle RANGE_EXPR
1528 by calling a new binding_map::apply_ctor_val_to_range subroutine.
1529 Split out the existing non-CONSTRUCTOR-handling code to a new
1530 apply_ctor_pair_to_child_region subroutine.
1531 (binding_map::apply_ctor_val_to_range): New.
1532 (binding_map::apply_ctor_pair_to_child_region): New, split out
1533 from binding_map::apply_ctor_to_region as noted above.
1534 * store.h (binding_map::apply_ctor_val_to_range): New decl.
1535 (binding_map::apply_ctor_pair_to_child_region): New decl.
1536
15372020-08-31 David Malcolm <dmalcolm@redhat.com>
1538
1539 PR analyzer/96764
1540 * region-model-manager.cc
1541 (region_model_manager::maybe_fold_unaryop): Handle VIEW_CONVERT_EXPR.
1542 (region_model_manager::get_or_create_cast): Move logic for
1543 real->integer casting to...
1544 (get_code_for_cast): ...this new function, and add logic for
1545 real->non-integer casts.
1546 (region_model_manager::maybe_fold_sub_svalue): Handle
1547 VIEW_CONVERT_EXPR.
1548 * region-model.cc
1549 (region_model::add_any_constraints_from_gassign): Likewise.
1550 * svalue.cc (svalue::maybe_undo_cast): Likewise.
1551 (unaryop_svalue::dump_to_pp): Likewise.
1552
57ea0894
GA		 15532020-08-26 David Malcolm <dmalcolm@redhat.com>
1554
1555 PR analyzer/94858
1556 * region-model-manager.cc
1557 (region_model_manager::get_or_create_widening_svalue): Assert that
1558 neither of the inputs are themselves widenings.
1559 * store.cc (store::eval_alias_1): The initial value of a pointer
1560 can't point to a region that was allocated on the heap after the
1561 beginning of the path. A widened pointer value can't alias anything
1562 that the initial pointer value can't alias.
1563 * svalue.cc (svalue::can_merge_p): Merge BINOP (X, OP, CST) with X
1564 to a widening svalue. Merge
1565 BINOP(WIDENING(BASE, BINOP(BASE, X)), X) and BINOP(BASE, X) to
1566 to the LHS of the first BINOP.
1567
15682020-08-26 David Malcolm <dmalcolm@redhat.com>
1569
1570 PR analyzer/96777
1571 * region-model.h (class compound_svalue): Document that all keys
1572 must be concrete.
1573 (compound_svalue::compound_svalue): Move definition to svalue.cc.
1574 * store.cc (binding_map::apply_ctor_to_region): Handle
1575 initializers for trailing arrays with incomplete size.
1576 * svalue.cc (compound_svalue::compound_svalue): Move definition
1577 here from region-model.h. Add assertion that all keys are
1578 concrete.
1579
e769f970
GA		 15802020-08-22 David Malcolm <dmalcolm@redhat.com>
1581
1582 PR analyzer/94851
1583 * region-model-manager.cc
1584 (region_model_manager::maybe_fold_binop): Fold bitwise "& 0" to 0.
1585
15862020-08-22 David Malcolm <dmalcolm@redhat.com>
1587
1588 * store.cc (store::eval_alias): Make const. Split out 2nd half
1589 into store::eval_alias_1 and call it twice for symmetry, avoiding
1590 test duplication.
1591 (store::eval_alias_1): New function, split out from the above.
1592 * store.h (store::eval_alias): Make const.
1593 (store::eval_alias_1): New decl.
1594
15952020-08-22 David Malcolm <dmalcolm@redhat.com>
1596
1597 * region-model.cc (region_model::push_frame): Bind the default
1598 SSA name for each parm if it exists, falling back to the parm
1599 itself otherwise, rather than doing both.
1600
5b9a3d2a
GA		 16012020-08-20 David Malcolm <dmalcolm@redhat.com>
1602
1603 PR analyzer/96723
1604 * region-model-manager.cc
1605 (region_model_manager::get_field_region): Assert that field is a
1606 FIELD_DECL.
1607 * region.cc (region::get_subregions_for_binding): In
1608 union-handling, filter the TYPE_FIELDS traversal to just FIELD_DECLs.
1609
16102020-08-20 David Malcolm <dmalcolm@redhat.com>
1611
1612 PR analyzer/96713
1613 * region-model.cc (region_model::get_gassign_result): For
1614 comparisons, only use eval_condition when the lhs has boolean
1615 type, and use get_or_create_constant_svalue on the boolean
1616 constants directly rather than via get_rvalue.
1617
04e23a40
GA		 16182020-08-19 David Malcolm <dmalcolm@redhat.com>
1619
1620 PR analyzer/96643
1621 * region-model.cc (region_model::deref_rvalue): Rather than
1622 attempting to handle all svalue kinds in the switch, only cover
1623 the special cases, and move symbolic-region handling to after
1624 the switch, thus implicitly handling the missing case SK_COMPOUND.
1625
16262020-08-19 David Malcolm <dmalcolm@redhat.com>
1627
1628 PR analyzer/96705
1629 * region-model-manager.cc
1630 (region_model_manager::maybe_fold_binop): Check that we have an
1631 integral type before calling build_int_cst.
1632
16332020-08-19 David Malcolm <dmalcolm@redhat.com>
1634
1635 PR analyzer/96699
1636 * region-model-manager.cc
1637 (region_model_manager::get_or_create_cast): Use FIX_TRUNC_EXPR for
1638 casting from REAL_TYPE to INTEGER_TYPE.
1639
16402020-08-19 David Malcolm <dmalcolm@redhat.com>
1641
1642 PR analyzer/96651
1643 * region-model.cc (region_model::called_from_main_p): New.
1644 (region_model::get_store_value): Move handling for globals into...
1645 (region_model::get_initial_value_for_global): ...this new
1646 function, and add logic for extracting values from decl
1647 initializers.
1648 * region-model.h (decl_region::get_svalue_for_constructor): New
1649 decl.
1650 (decl_region::get_svalue_for_initializer): New decl.
1651 (region_model::called_from_main_p): New decl.
1652 (region_model::get_initial_value_for_global): New.
1653 * region.cc (decl_region::maybe_get_constant_value): Move logic
1654 for getting an svalue from a CONSTRUCTOR node to...
1655 (decl_region::get_svalue_for_constructor): ...this new function.
1656 (decl_region::get_svalue_for_initializer): New.
1657 * store.cc (get_svalue_for_ctor_val): Rewrite in terms of
1658 region_model::get_rvalue.
1659 * store.h (binding_cluster::get_map): New accessor.
1660
16612020-08-19 David Malcolm <dmalcolm@redhat.com>
1662
1663 PR analyzer/96648
1664 * region.cc (get_field_at_bit_offset): Gracefully handle negative
1665 values for bit_offset.
1666
5c265693
GA		 16672020-08-18 David Malcolm <dmalcolm@redhat.com>
1668
1669 * region-model.cc (region_model::get_rvalue_1): Fix name of local.
1670
16712020-08-18 David Malcolm <dmalcolm@redhat.com>
1672
1673 PR analyzer/96641
1674 * region-model.cc (region_model::get_rvalue_1): Handle
1675 unrecognized tree codes by returning "UNKNOWN.
1676
16772020-08-18 David Malcolm <dmalcolm@redhat.com>
1678
1679 PR analyzer/96640
1680 * region-model.cc (region_model::get_gassign_result): Handle various
1681 VEC_* tree codes by returning UNKNOWN.
1682 (region_model::on_assignment): Handle unrecognized tree codes by
1683 setting lhs to an unknown value, rather than issuing a "sorry" and
1684 asserting.
1685
deee2322
GA		 16862020-08-17 David Malcolm <dmalcolm@redhat.com>
1687
1688 PR analyzer/96644
1689 * region-model-manager.cc (get_region_for_unexpected_tree_code):
1690 Handle ctxt being NULL.
1691
16922020-08-17 David Malcolm <dmalcolm@redhat.com>
1693
1694 PR analyzer/96639
1695 * region.cc (region::get_subregions_for_binding): Check for "type"
1696 being NULL.
1697
16982020-08-17 David Malcolm <dmalcolm@redhat.com>
1699
1700 PR analyzer/96642
1701 * store.cc (get_svalue_for_ctor_val): New.
1702 (binding_map::apply_ctor_to_region): Call it.
1703
661ee09b
GA		 17042020-08-14 David Malcolm <dmalcolm@redhat.com>
1705
1706 PR testsuite/96609
1707 PR analyzer/96616
1708 * region-model.cc (region_model::get_store_value): Call
1709 maybe_get_constant_value on decl_regions first.
1710 * region-model.h (decl_region::maybe_get_constant_value): New decl.
1711 * region.cc (decl_region::get_stack_depth): Likewise.
1712 (decl_region::maybe_get_constant_value): New.
1713 * store.cc (get_subregion_within_ctor): New.
1714 (binding_map::apply_ctor_to_region): New.
1715 * store.h (binding_map::apply_ctor_to_region): New decl.
1716
17172020-08-14 David Malcolm <dmalcolm@redhat.com>
1718
1719 PR analyzer/96611
1720 * store.cc (store::mark_as_escaped): Reject attempts to
1721 get a cluster for an unknown pointer.
1722
b3cb5606
GA		 17232020-08-13 David Malcolm <dmalcolm@redhat.com>
1724
5afd1882
ML		 1725 PR analyzer/93032
1726 PR analyzer/93938
1727 PR analyzer/94011
1728 PR analyzer/94099
1729 PR analyzer/94399
1730 PR analyzer/94458
1731 PR analyzer/94503
1732 PR analyzer/94640
1733 PR analyzer/94688
1734 PR analyzer/94689
1735 PR analyzer/94839
1736 PR analyzer/95026
1737 PR analyzer/95042
1738 PR analyzer/95240
b3cb5606
GA		 1739 * analyzer-logging.cc: Ignore "-Wformat-diag".
1740 (logger::enter_scope): Use inc_indent in both overloads.
1741 (logger::exit_scope): Use dec_indent.
1742 * analyzer-logging.h (logger::inc_indent): New.
1743 (logger::dec_indent): New.
1744 * analyzer-selftests.cc (run_analyzer_selftests): Call
1745 analyzer_store_cc_tests.
1746 * analyzer-selftests.h (analyzer_store_cc_tests): New decl.
1747 * analyzer.cc (get_stmt_location): New function.
1748 * analyzer.h (class initial_svalue): New forward decl.
1749 (class unaryop_svalue): New forward decl.
1750 (class binop_svalue): New forward decl.
1751 (class sub_svalue): New forward decl.
1752 (class unmergeable_svalue): New forward decl.
1753 (class placeholder_svalue): New forward decl.
1754 (class widening_svalue): New forward decl.
1755 (class compound_svalue): New forward decl.
1756 (class conjured_svalue): New forward decl.
1757 (svalue_set): New typedef.
1758 (class map_region): Delete.
1759 (class array_region): Delete.
1760 (class frame_region): New forward decl.
1761 (class function_region): New forward decl.
1762 (class label_region): New forward decl.
1763 (class decl_region): New forward decl.
1764 (class element_region): New forward decl.
1765 (class offset_region): New forward decl.
1766 (class cast_region): New forward decl.
1767 (class field_region): New forward decl.
1768 (class string_region): New forward decl.
1769 (class region_model_manager): New forward decl.
1770 (class store_manager): New forward decl.
1771 (class store): New forward decl.
1772 (class call_details): New forward decl.
1773 (struct svalue_id_merger_mapping): Delete.
1774 (struct canonicalization): Delete.
1775 (class function_point): New forward decl.
1776 (class engine): New forward decl.
1777 (dump_tree): New function decl.
1778 (print_quoted_type): New function decl.
1779 (readability_comparator): New function decl.
1780 (tree_cmp): New function decl.
1781 (class path_var): Move here from region-model.h
1782 (bit_offset_t, bit_size_t, byte_size_t): New typedefs.
1783 (class region_offset): New class.
1784 (get_stmt_location): New decl.
1785 (struct member_function_hash_traits): New struct.
1786 (class consolidation_map): New class.
1787 Ignore "-Wformat-diag".
1788 * analyzer.opt (-param=analyzer-max-svalue-depth=): New param.
1789 (-param=analyzer-max-enodes-for-full-dump=): New param.
1790 * call-string.cc: Ignore -Wformat-diag.
1791 * checker-path.cc: Move includes of "analyzer/call-string.h" and
1792 "analyzer/program-point.h" to before "analyzer/region-model.h",
1793 and also include "analyzer/store.h" before it.
1794 (state_change_event::state_change_event): Replace "tree var" param
1795 with "const svalue *sval". Convert "origin" param from tree to
1796 "const svalue *".
1797 (state_change_event::get_desc): Call get_representative_tree to
1798 convert the var and origin from const svalue * to tree. Use
1799 svalue::get_desc rather than %qE when describing state changes.
1800 (checker_path::add_final_event): Use get_stmt_location.
1801 * checker-path.h (state_change_event::state_change_event): Port
1802 from tree to const svalue *.
1803 (state_change_event::get_lvalue): Delete.
1804 (state_change_event::get_dest_function): New.
1805 (state_change_event::m_var): Replace with...
1806 (state_change_event::m_sval): ...this.
1807 (state_change_event::m_origin): Convert from tree to
1808 const svalue *.
1809 * constraint-manager.cc: Include "analyzer/call-string.h",
1810 "analyzer/program-point.h", and "analyzer/store.h" before
1811 "analyzer/region-model.h".
1812 (struct bound, struct range): Move to constraint-manager.h.
1813 (compare_constants): New function.
1814 (range::dump): Rename to...
1815 (range::dump_to_pp): ...this. Support NULL constants.
1816 (range::dump): Reintroduce for dumping to stderr.
1817 (range::constrained_to_single_element): Return result, rather than
1818 writing to *OUT.
1819 (range::eval_condition): New.
1820 (range::below_lower_bound): New.
1821 (range::above_upper_bound): New.
1822 (equiv_class::equiv_class): Port from svalue_id to const svalue *.
1823 (equiv_class::print): Likewise.
1824 (equiv_class::hash): Likewise.
1825 (equiv_class::operator==): Port from svalue_id to const svalue *.
1826 (equiv_class::add): Port from svalue_id to const svalue *. Drop
1827 "cm" param.
1828 (equiv_class::del): Port from svalue_id to const svalue *.
1829 (equiv_class::get_representative): Likewise.
1830 (equiv_class::remap_svalue_ids): Delete.
1831 (svalue_id_cmp_by_id): Rename to...
1832 (svalue_cmp_by_ptr): ...this, porting from svalue_id to
1833 const svalue *.
1834 (equiv_class::canonicalize): Update qsort comparator.
1835 (constraint::implied_by): New.
1836 (constraint_manager::constraint_manager): Copy m_mgr in copy ctor.
1837 (constraint_manager::dump_to_pp): Add "multiline" param
1838 (constraint_manager::dump): Pass "true" for "multiline".
1839 (constraint_manager::add_constraint): Port from svalue_id to
1840 const svalue *. Split out second part into...
1841 (constraint_manager::add_unknown_constraint): ...this new
1842 function. Remove self-constraints when merging equivalence
1843 classes.
1844 (constraint_manager::add_constraint_internal): Remove constraints
1845 that would be implied by the new constraint. Port from svalue_id
1846 to const svalue *.
1847 (constraint_manager::get_equiv_class_by_sid): Rename to...
1848 (constraint_manager::get_equiv_class_by_svalue): ...this, porting
1849 from svalue_id to const svalue *.
1850 (constraint_manager::get_or_add_equiv_class): Port from svalue_id
1851 to const svalue *.
1852 (constraint_manager::eval_condition): Make const. Call
1853 compare_constants and return early if it provides a known result.
1854 (constraint_manager::get_ec_bounds): New.
1855 (constraint_manager::eval_condition): New overloads. Make
1856 existing one const, and use compare_constants.
1857 (constraint_manager::purge): Convert "p" param to a template
1858 rather that an abstract base class. Port from svalue_id to
1859 const svalue *.
1860 (class dead_svalue_purger): New class.
1861 (constraint_manager::remap_svalue_ids): Delete.
1862 (constraint_manager::on_liveness_change): New.
1863 (equiv_class_cmp): Port from svalue_id to const svalue *.
1864 (constraint_manager::canonicalize): Likewise. Combine with
1865 purging of redundant equivalence classes and constraints.
1866 (class cleaned_constraint_manager): Delete.
1867 (class merger_fact_visitor): Make "m_cm_b" const. Add "m_merger"
1868 field.
1869 (merger_fact_visitor::fact): Port from svalue_id to const svalue *.
1870 Add special case for widening.
1871 (constraint_manager::merge): Port from svalue_id to const svalue *.
1872 (constraint_manager::clean_merger_input): Delete.
1873 (constraint_manager::for_each_fact): Port from svalue_id to
1874 const svalue *.
1875 (constraint_manager::validate): Likewise.
1876 (selftest::test_constraint_conditions): Provide a
1877 region_model_manager when creating region_model instances.
1878 Add test for self-equality not creating equivalence classes.
1879 (selftest::test_transitivity): Provide a region_model_manager when
1880 creating region_model instances. Verify that EC-merging happens
1881 when constraints are implied.
1882 (selftest::test_constant_comparisons): Provide a
1883 region_model_manager when creating region_model instances.
1884 (selftest::test_constraint_impl): Likewise. Remove over-specified
1885 assertions.
1886 (selftest::test_equality): Provide a region_model_manager when
1887 creating region_model instances.
1888 (selftest::test_many_constants): Likewise. Provide a
1889 program_point when testing merging.
1890 (selftest::run_constraint_manager_tests): Move call to
1891 test_constant_comparisons to outside the transitivity guard.
1892 * constraint-manager.h (struct bound): Move here from
1893 constraint-manager.cc.
1894 (struct range): Likewise.
1895 (struct::eval_condition): New decl.
1896 (struct::below_lower_bound): New decl.
1897 (struct::above_upper_bound): New decl.
1898 (equiv_class::add): Port from svalue_id to const svalue *.
1899 (equiv_class::del): Likewise.
1900 (equiv_class::get_representative): Likewise.
1901 (equiv_class::remap_svalue_ids): Drop.
1902 (equiv_class::m_cst_sid): Convert to..
1903 (equiv_class::m_cst_sval): ...this.
1904 (equiv_class::m_vars): Port from svalue_id to const svalue *.
1905 (constraint::bool implied_by): New decl.
1906 (fact_visitor::on_fact): Port from svalue_id to const svalue *.
1907 (constraint_manager::constraint_manager): Add mgr param.
1908 (constraint_manager::clone): Delete.
1909 (constraint_manager::maybe_get_constant): Delete.
1910 (constraint_manager::get_sid_for_constant): Delete.
1911 (constraint_manager::get_num_svalues): Delete.
1912 (constraint_manager::dump_to_pp): Add "multiline" param.
1913 (constraint_manager::get_equiv_class): Port from svalue_id to
1914 const svalue *.
1915 (constraint_manager::add_constraint): Likewise.
1916 (constraint_manager::get_equiv_class_by_sid): Rename to...
1917 (constraint_manager::get_equiv_class_by_svalue): ...this, porting
1918 from svalue_id to const svalue *.
1919 (constraint_manager::add_unknown_constraint): New decl.
1920 (constraint_manager::get_or_add_equiv_class): Port from svalue_id
1921 to const svalue *.
1922 (constraint_manager::eval_condition): Likewise. Add overloads.
1923 (constraint_manager::get_ec_bounds): New decl.
1924 (constraint_manager::purge): Convert to template.
1925 (constraint_manager::remap_svalue_ids): Delete.
1926 (constraint_manager::on_liveness_change): New decl.
1927 (constraint_manager::canonicalize): Drop param.
1928 (constraint_manager::clean_merger_input): Delete.
1929 (constraint_manager::m_mgr): New field.
1930 * diagnostic-manager.cc: Move includes of
1931 "analyzer/call-string.h" and "analyzer/program-point.h" to before
1932 "analyzer/region-model.h", and also include "analyzer/store.h"
1933 before it.
1934 (saved_diagnostic::saved_diagnostic): Add "sval" param.
1935 (diagnostic_manager::diagnostic_manager): Add engine param.
1936 (diagnostic_manager::add_diagnostic): Add "sval" param, passing it
1937 to saved_diagnostic ctor. Update overload to pass NULL for it.
1938 (dedupe_winners::dedupe_winners): Add engine param.
1939 (dedupe_winners::add): Add "eg" param. Pass m_engine to
1940 feasible_p.
1941 (dedupe_winner::m_engine): New field.
1942 (diagnostic_manager::emit_saved_diagnostics): Pass engine to
1943 dedupe_winners. Pass &eg when adding candidates. Pass svalue
1944 rather than tree to prune_path. Use get_stmt_location to get
1945 primary location of diagnostic.
1946 (diagnostic_manager::emit_saved_diagnostic): Likewise.
1947 (get_any_origin): Drop.
1948 (state_change_event_creator::on_global_state_change): Pass NULL
1949 const svalue * rather than NULL_TREE trees to state_change_event
1950 ctor.
1951 (state_change_event_creator::on_state_change): Port from tree and
1952 svalue_id to const svalue *.
1953 (for_each_state_change): Port from svalue_id to const svalue *.
1954 (struct null_assignment_sm_context): New.
1955 (diagnostic_manager::add_events_for_eedge): Add state change
1956 events for assignment to NULL.
1957 (diagnostic_manager::prune_path): Update param from tree to
1958 const svalue *.
1959 (diagnostic_manager::prune_for_sm_diagnostic): Port from tracking
1960 by tree to by const svalue *.
1961 * diagnostic-manager.h (saved_diagnostic::saved_diagnostic): Add sval
1962 param.
1963 (saved_diagnostic::m_sval): New field.
1964 (diagnostic_manager::diagnostic_manager): Add engine param.
1965 (diagnostic_manager::get_engine): New.
1966 (diagnostic_manager::add_diagnostic): Add "sval" param.
1967 (diagnostic_manager::prune_path): Likewise.
1968 (diagnostic_manager::prune_for_sm_diagnostic): New overload.
1969 (diagnostic_manager::m_eng): New field.
1970 * engine.cc: Move includes of "analyzer/call-string.h" and
1971 "analyzer/program-point.h" to before "analyzer/region-model.h",
1972 and also include "analyzer/store.h" before it.
1973 (impl_region_model_context::impl_region_model_context): Update for
1974 removal of m_change field.
1975 (impl_region_model_context::remap_svalue_ids): Delete.
1976 (impl_region_model_context::on_svalue_leak): New.
1977 (impl_region_model_context::on_svalue_purge): Delete.
1978 (impl_region_model_context::on_liveness_change): New.
1979 (impl_region_model_context::on_unknown_change): Update param
1980 from svalue_id to const svalue *. Add is_mutable param.
1981 (setjmp_svalue::compare_fields): Delete.
1982 (setjmp_svalue::accept): New.
1983 (setjmp_svalue::add_to_hash): Delete.
1984 (setjmp_svalue::dump_to_pp): New.
1985 (setjmp_svalue::print_details): Delete.
1986 (impl_sm_context::impl_sm_context): Drop "change" param.
1987 (impl_sm_context::get_fndecl_for_call): Drop "m_change".
1988 (impl_sm_context::on_transition): Drop ATTRIBUTE_UNUSED from
1989 "stmt" param. Drop m_change. Port from svalue_id to
1990 const svalue *.
1991 (impl_sm_context::warn_for_state): Drop m_change. Port from
1992 svalue_id to const svalue *.
1993 (impl_sm_context::get_readable_tree): Rename to...
1994 (impl_sm_context::get_diagnostic_tree): ...this. Port from
1995 svalue_id to const svalue *.
1996 (impl_sm_context::is_zero_assignment): New.
1997 (impl_sm_context::m_change): Delete field.
1998 (leak_stmt_finder::find_stmt): Handle m_var being NULL.
1999 (readability): Increase penalty for MEM_REF. For SSA_NAMEs,
2000 slightly favor the underlying var over the SSA name. Heavily
2001 penalize temporaries. Handle RESULT_DECL.
2002 (readability_comparator): Make non-static. Consider stack depths.
2003 (impl_region_model_context::on_state_leak): Convert from svalue_id
2004 to const svalue *, updating for region_model changes. Use
2005 id_equal.
2006 (impl_region_model_context::on_inherited_svalue): Delete.
2007 (impl_region_model_context::on_cast): Delete.
2008 (impl_region_model_context::on_condition): Drop m_change.
2009 (impl_region_model_context::on_phi): Likewise.
2010 (impl_region_model_context::on_unexpected_tree_code): Handle t
2011 being NULL.
2012 (point_and_state::validate): Update stack checking for
2013 region_model changes.
2014 (eg_traits::dump_args_t::show_enode_details_p): New.
2015 (exploded_node::exploded_node): Initialize m_num_processed_stmts.
2016 (exploded_node::get_processed_stmt): New function.
2017 (exploded_node::get_dot_fillcolor): Add more colors.
2018 (exploded_node::dump_dot): Guard the printing of the point and
2019 state with show_enode_details_p. Print the processed stmts for
2020 this enode after the initial state.
2021 (exploded_node::dump_to_pp): Pass true for new multiline param
2022 of program_state::dump_to_pp.
2023 (exploded_node::on_stmt): Drop "change" param. Log the stmt.
2024 Set input_location. Implement __analyzer_describe. Update
2025 implementation of __analyzer_dump and __analyzer_eval.
2026 Remove purging of sm-state for unknown fncalls from here.
2027 (exploded_node::on_edge): Drop "change" param.
2028 (exploded_node::on_longjmp): Port from region_id/svalue_id to
2029 const region */const svalue *. Call program_state::detect_leaks.
2030 Drop state_change.
2031 (exploded_node::detect_leaks): Update for changes to region_model.
2032 Call program_state::detect_leaks.
2033 (exploded_edge::exploded_edge): Drop ext_state and change params.
2034 (exploded_edge::dump_dot): "args" is no longer used. Drop dumping
2035 of m_change.
2036 (exploded_graph::exploded_graph): Pass engine to
2037 m_diagnostic_manager ctor. Use program_point::origin.
2038 (exploded_graph::add_function_entry): Drop ctxt. Use
2039 program_state::push_frame. Drop state_change.
2040 (exploded_graph::get_or_create_node): Drop "change" param. Add
2041 "enode_for_diag" param. Update dumping calls for API changes.
2042 Pass point to can_merge_with_p. Show enode indices
2043 within -Wanalyzer-too-complex diagnostic for hitting the per-point
2044 limit.
2045 (exploded_graph::add_edge): Drop "change" param. Log which nodes
2046 are being connected. Update for changes to exploded_edge ctor.
2047 (exploded_graph::get_per_program_point_data): New.
2048 (exploded_graph::process_worklist): Pass point to
2049 can_merge_with_p. Drop state_change. Update dumping call for API
2050 change.
2051 (exploded_graph::process_node): Drop state_change. Split the
2052 node in-place if an sm-state-change occurs. Update
2053 m_num_processed_stmts. Update dumping calls for API change.
2054 (exploded_graph::log_stats): Call engine::log_stats.
2055 (exploded_graph::dump_states_for_supernode): Update dumping
2056 call.
2057 (exploded_path::feasible_p): Add "eng" and "eg" params.
2058 Rename "i" to "end_idx". Pass the manager to the region_model
2059 ctor. Update for every processed stmt in the enode, not just the
2060 first. Keep track of which snodes have been visited, and call
2061 loop_replay_fixup when revisiting one.
2062 (enode_label::get_text): Update dump call for new param.
2063 (exploded_graph::dump_exploded_nodes): Likewise.
2064 (exploded_graph::get_node_by_index): New.
2065 (impl_run_checkers): Create engine instance and pass its address
2066 to extrinsic_state ctor.
2067 * exploded-graph.h
2068 (impl_region_model_context::impl_region_model_context): Drop
2069 "change" params.
2070 (impl_region_model_context::void remap_svalue_ids): Delete.
2071 (impl_region_model_context::on_svalue_purge): Delete.
2072 (impl_region_model_context::on_svalue_leak): New.
2073 (impl_region_model_context::on_liveness_change): New.
2074 (impl_region_model_context::on_state_leak): Update signature.
2075 (impl_region_model_context::on_inherited_svalue): Delete.
2076 (impl_region_model_context::on_cast): Delete.
2077 (impl_region_model_context::on_unknown_change): Update signature.
2078 (impl_region_model_context::m_change): Delete.
2079 (eg_traits::dump_args_t::show_enode_details_p): New.
2080 (exploded_node::on_stmt): Drop "change" param.
2081 (exploded_node::on_edge): Likewise.
2082 (exploded_node::get_processed_stmt): New decl.
2083 (exploded_node::m_num_processed_stmts): New field.
2084 (exploded_edge::exploded_edge): Drop ext_state and change params.
2085 (exploded_edge::m_change): Delete.
2086 (exploded_graph::get_engine): New accessor.
2087 (exploded_graph::get_or_create_node): Drop "change" param. Add
2088 "enode_for_diag" param.
2089 (exploded_graph::add_edge): Drop "change" param.
2090 (exploded_graph::get_per_program_point_data): New decl.
2091 (exploded_graph::get_node_by_index): New decl.
2092 (exploded_path::feasible_p): Add "eng" and "eg" params.
2093 * program-point.cc: Include "analyzer/store.h" before including
2094 "analyzer/region-model.h".
2095 (function_point::function_point): Move here from
2096 program-point.h.
2097 (function_point::get_function): Likewise.
2098 (function_point::from_function_entry): Likewise.
2099 (function_point::before_supernode): Likewise.
2100 (function_point::next_stmt): New function.
2101 * program-point.h (function_point::function_point): Move
2102 implementation from here to program-point.cc.
2103 (function_point::get_function): Likewise.
2104 (function_point::from_function_entry): Likewise.
2105 (function_point::before_supernode): Likewise.
2106 (function_point::next_stmt): New decl.
2107 (program_point::operator!=): New.
2108 (program_point::origin): New.
2109 (program_point::next_stmt): New.
2110 (program_point::m_function_point): Make non-const.
2111 * program-state.cc: Move includes of "analyzer/call-string.h" and
2112 "analyzer/program-point.h" to before "analyzer/region-model.h",
2113 and also include "analyzer/store.h" before it.
2114 (extrinsic_state::get_model_manager): New.
2115 (sm_state_map::sm_state_map): Pass in sm and sm_idx to ctor,
2116 rather than pass the around.
2117 (sm_state_map::clone_with_remapping): Delete.
2118 (sm_state_map::print): Remove "sm" param in favor of "m_sm". Add
2119 "simple" and "multiline" params and support multiline vs single
2120 line dumping.
2121 (sm_state_map::dump): Remove "sm" param in favor of "m_sm". Add
2122 "simple" param.
2123 (sm_state_map::hash): Port from svalue_id to const svalue *.
2124 (sm_state_map::operator==): Likewise.
2125 (sm_state_map::get_state): Likewise. Call canonicalize_svalue on
2126 input. Handle inheritance of sm-state. Call get_default_state.
2127 (sm_state_map::get_origin): Port from svalue_id to const svalue *.
2128 (sm_state_map::set_state): Likewise. Pass in ext_state. Reject
2129 attempts to set state on UNKNOWN.
2130 (sm_state_map::impl_set_state): Port from svalue_id to
2131 const svalue *. Pass in ext_state. Call canonicalize_svalue on
2132 input.
2133 (sm_state_map::purge_for_unknown_fncall): Delete.
2134 (sm_state_map::on_svalue_leak): New.
2135 (sm_state_map::remap_svalue_ids): Delete.
2136 (sm_state_map::on_liveness_change): New.
2137 (sm_state_map::on_unknown_change): Reimplement.
2138 (sm_state_map::on_svalue_purge): Delete.
2139 (sm_state_map::on_inherited_svalue): Delete.
2140 (sm_state_map::on_cast): Delete.
2141 (sm_state_map::validate): Delete.
2142 (sm_state_map::canonicalize_svalue): New.
2143 (program_state::program_state): Update to pass manager to
2144 region_model's ctor. Constify num_states and pass state machine
2145 and index to sm_state_map ctor.
2146 (program_state::print): Update for changes to dump API.
2147 (program_state::dump_to_pp): Ignore the summarize param. Add
2148 "multiline" param.
2149 (program_state::dump_to_file): Add "multiline" param.
2150 (program_state::dump): Pass "true" for new "multiline" param.
2151 (program_state::push_frame): New.
2152 (program_state::on_edge): Drop "change" param. Call
2153 program_state::detect_leaks.
2154 (program_state::prune_for_point): Add enode_for_diag param.
2155 Reimplement based on store class. Call detect_leaks
2156 (program_state::remap_svalue_ids): Delete.
2157 (program_state::get_representative_tree): Port from svalue_id to
2158 const svalue *.
2159 (program_state::can_merge_with_p): Add "point" param. Add early
2160 reject for sm-differences. Drop id remapping.
2161 (program_state::validate): Drop region model and sm_state_map
2162 validation.
2163 (state_change::sm_change::dump): Delete.
2164 (state_change::sm_change::remap_svalue_ids): Delete.
2165 (state_change::sm_change::on_svalue_purge): Delete.
2166 (log_set_of_svalues): New.
2167 (state_change::sm_change::validate): Delete.
2168 (state_change::state_change): Delete.
2169 (state_change::add_sm_change): Delete.
2170 (state_change::affects_p): Delete.
2171 (state_change::dump): Delete.
2172 (state_change::remap_svalue_ids): Delete.
2173 (state_change::on_svalue_purge): Delete.
2174 (state_change::validate): Delete.
2175 (selftest::assert_dump_eq): Delete.
2176 (ASSERT_DUMP_EQ): Delete.
2177 (selftest::test_sm_state_map): Update for changes to region_model
2178 and sm_state_map, porting from svalue_id to const svalue *.
2179 (selftest::test_program_state_dumping): Likewise. Drop test of
2180 dumping, renaming to...
2181 (selftest::test_program_state_1): ...this.
2182 (selftest::test_program_state_dumping_2): Likewise, renaming to...
2183 (selftest::test_program_state_2): ...this.
2184 (selftest::test_program_state_merging): Update for changes to
2185 region_model.
2186 (selftest::test_program_state_merging_2): Likewise.
2187 (selftest::analyzer_program_state_cc_tests): Update for renamed
2188 tests.
2189 * program-state.h (extrinsic_state::extrinsic_state): Add logger
2190 and engine params.
2191 (extrinsic_state::get_logger): New accessor.
2192 (extrinsic_state::get_engine): New accessor.
2193 (extrinsic_state::get_model_manager): New accessor.
2194 (extrinsic_state::m_logger): New field.
2195 (extrinsic_state::m_engine): New field.
2196 (struct default_hash_traits<svalue_id>): Delete.
2197 (pod_hash_traits<svalue_id>::hash): Delete.
2198 (pod_hash_traits<svalue_id>::equal): Delete.
2199 (pod_hash_traits<svalue_id>::mark_deleted): Delete.
2200 (pod_hash_traits<svalue_id>::mark_empty): Delete.
2201 (pod_hash_traits<svalue_id>::is_deleted): Delete.
2202 (pod_hash_traits<svalue_id>::is_empty): Delete.
2203 (sm_state_map::entry_t::entry_t): Port from svalue_id to
2204 const svalue *.
2205 (sm_state_map::entry_t::m_origin): Likewise.
2206 (sm_state_map::map_t): Likewise.
2207 (sm_state_map::sm_state_map): Add state_machine and index params.
2208 (sm_state_map::clone_with_remapping): Delete.
2209 (sm_state_map::print): Drop sm param; add simple and multiline
2210 params.
2211 (sm_state_map::dump): Drop sm param; add simple param.
2212 (sm_state_map::get_state): Port from svalue_id to const svalue *.
2213 Add ext_state param.
2214 (sm_state_map::get_origin): Likewise.
2215 (sm_state_map::set_state): Likewise.
2216 (sm_state_map::impl_set_state): Likewise.
2217 (sm_state_map::purge_for_unknown_fncall): Delete.
2218 (sm_state_map::remap_svalue_ids): Delete.
2219 (sm_state_map::on_svalue_purge): Delete.
2220 (sm_state_map::on_svalue_leak): New.
2221 (sm_state_map::on_liveness_change): New.
2222 (sm_state_map::on_inherited_svalue): Delete.
2223 (sm_state_map::on_cast): Delete.
2224 (sm_state_map::validate): Delete.
2225 (sm_state_map::on_unknown_change): Port from svalue_id to
2226 const svalue *. Add is_mutable and ext_state params.
2227 (sm_state_map::canonicalize_svalue): New.
2228 (sm_state_map::m_sm): New field.
2229 (sm_state_map::m_sm_idx): New field.
2230 (program_state::operator=): Delete.
2231 (program_state::dump_to_pp): Drop "summarize" param, adding
2232 "simple" and "multiline".
2233 (program_state::dump_to_file): Likewise.
2234 (program_state::dump): Rename "summarize" to "simple".
2235 (program_state::push_frame): New.
2236 (program_state::get_current_function): New.
2237 (program_state::on_edge): Drop "change" param.
2238 (program_state::prune_for_point): Likewise. Add enode_for_diag
2239 param.
2240 (program_state::remap_svalue_ids): Delete.
2241 (program_state::get_representative_tree): Port from svalue_id to
2242 const svalue *.
2243 (program_state::can_purge_p): Likewise. Pass ext_state to get_state.
2244 (program_state::can_merge_with_p): Add point param.
2245 (program_state::detect_leaks): New.
2246 (state_change_visitor::on_state_change): Port from tree and
2247 svalue_id to a pair of const svalue *.
2248 (class state_change): Delete.
2249 * region.cc: New file.
2250 * region-model-impl-calls.cc: New file.
2251 * region-model-manager.cc: New file.
2252 * region-model-reachability.cc: New file.
2253 * region-model-reachability.h: New file.
2254 * region-model.cc: Include "analyzer/call-string.h",
2255 "analyzer/program-point.h", and "analyzer/store.h" before
2256 "analyzer/region-model.h". Include
2257 "analyzer/region-model-reachability.h".
2258 (dump_tree): Make non-static.
2259 (dump_quoted_tree): Make non-static.
2260 (print_quoted_type): Make non-static.
2261 (path_var::dump): Delete.
2262 (dump_separator): Delete.
2263 (class impl_constraint_manager): Delete.
2264 (svalue_id::print): Delete.
2265 (svalue_id::dump_node_name_to_pp): Delete.
2266 (svalue_id::validate): Delete.
2267 (region_id::print): Delete.
2268 (region_id::dump_node_name_to_pp): Delete.
2269 (region_id::validate): Delete.
2270 (region_id_set::region_id_set): Delete.
2271 (svalue_id_set::svalue_id_set): Delete.
2272 (svalue::operator==): Delete.
2273 (svalue::hash): Delete.
2274 (svalue::print): Delete.
2275 (svalue::dump_dot_to_pp): Delete.
2276 (svalue::remap_region_ids): Delete.
2277 (svalue::walk_for_canonicalization): Delete.
2278 (svalue::get_child_sid): Delete.
2279 (svalue::maybe_get_constant): Delete.
2280 (region_svalue::compare_fields): Delete.
2281 (region_svalue::add_to_hash): Delete.
2282 (region_svalue::print_details): Delete.
2283 (region_svalue::dump_dot_to_pp): Delete.
2284 (region_svalue::remap_region_ids): Delete.
2285 (region_svalue::merge_values): Delete.
2286 (region_svalue::walk_for_canonicalization): Delete.
2287 (region_svalue::eval_condition): Delete.
2288 (constant_svalue::compare_fields): Delete.
2289 (constant_svalue::add_to_hash): Delete.
2290 (constant_svalue::merge_values): Delete.
2291 (constant_svalue::eval_condition): Move to svalue.cc.
2292 (constant_svalue::print_details): Delete.
2293 (constant_svalue::get_child_sid): Delete.
2294 (unknown_svalue::compare_fields): Delete.
2295 (unknown_svalue::add_to_hash): Delete.
2296 (unknown_svalue::print_details): Delete.
2297 (poison_kind_to_str): Move to svalue.cc.
2298 (poisoned_svalue::compare_fields): Delete.
2299 (poisoned_svalue::add_to_hash): Delete.
2300 (poisoned_svalue::print_details): Delete.
2301 (region_kind_to_str): Move to region.cc and reimplement.
2302 (region::operator==): Delete.
2303 (region::get_parent_region): Delete.
2304 (region::set_value): Delete.
2305 (region::become_active_view): Delete.
2306 (region::deactivate_any_active_view): Delete.
2307 (region::deactivate_view): Delete.
2308 (region::get_value): Delete.
2309 (region::get_inherited_child_sid): Delete.
2310 (region_model::copy_region): Delete.
2311 (region_model::copy_struct_region): Delete.
2312 (region_model::copy_union_region): Delete.
2313 (region_model::copy_array_region): Delete.
2314 (region::hash): Delete.
2315 (region::print): Delete.
2316 (region::dump_dot_to_pp): Delete.
2317 (region::dump_to_pp): Delete.
2318 (region::dump_child_label): Delete.
2319 (region::validate): Delete.
2320 (region::remap_svalue_ids): Delete.
2321 (region::remap_region_ids): Delete.
2322 (region::add_view): Delete.
2323 (region::get_view): Delete.
2324 (region::region): Move to region.cc.
2325 (region::add_to_hash): Delete.
2326 (region::print_fields): Delete.
2327 (region::non_null_p): Delete.
2328 (primitive_region::clone): Delete.
2329 (primitive_region::walk_for_canonicalization): Delete.
2330 (map_region::map_region): Delete.
2331 (map_region::compare_fields): Delete.
2332 (map_region::print_fields): Delete.
2333 (map_region::validate): Delete.
2334 (map_region::dump_dot_to_pp): Delete.
2335 (map_region::dump_child_label): Delete.
2336 (map_region::get_or_create): Delete.
2337 (map_region::get): Delete.
2338 (map_region::add_to_hash): Delete.
2339 (map_region::remap_region_ids): Delete.
2340 (map_region::unbind): Delete.
2341 (map_region::get_tree_for_child_region): Delete.
2342 (map_region::get_tree_for_child_region): Delete.
2343 (tree_cmp): Move to region.cc.
2344 (map_region::can_merge_p): Delete.
2345 (map_region::walk_for_canonicalization): Delete.
2346 (map_region::get_value_by_name): Delete.
2347 (struct_or_union_region::valid_key_p): Delete.
2348 (struct_or_union_region::compare_fields): Delete.
2349 (struct_region::clone): Delete.
2350 (struct_region::compare_fields): Delete.
2351 (union_region::clone): Delete.
2352 (union_region::compare_fields): Delete.
2353 (frame_region::compare_fields): Delete.
2354 (frame_region::clone): Delete.
2355 (frame_region::valid_key_p): Delete.
2356 (frame_region::print_fields): Delete.
2357 (frame_region::add_to_hash): Delete.
2358 (globals_region::compare_fields): Delete.
2359 (globals_region::clone): Delete.
2360 (globals_region::valid_key_p): Delete.
2361 (code_region::compare_fields): Delete.
2362 (code_region::clone): Delete.
2363 (code_region::valid_key_p): Delete.
2364 (array_region::array_region): Delete.
2365 (array_region::get_element): Delete.
2366 (array_region::clone): Delete.
2367 (array_region::compare_fields): Delete.
2368 (array_region::print_fields): Delete.
2369 (array_region::validate): Delete.
2370 (array_region::dump_dot_to_pp): Delete.
2371 (array_region::dump_child_label): Delete.
2372 (array_region::get_or_create): Delete.
2373 (array_region::get): Delete.
2374 (array_region::add_to_hash): Delete.
2375 (array_region::remap_region_ids): Delete.
2376 (array_region::get_key_for_child_region): Delete.
2377 (array_region::key_cmp): Delete.
2378 (array_region::walk_for_canonicalization): Delete.
2379 (array_region::key_from_constant): Delete.
2380 (array_region::constant_from_key): Delete.
2381 (function_region::compare_fields): Delete.
2382 (function_region::clone): Delete.
2383 (function_region::valid_key_p): Delete.
2384 (stack_region::stack_region): Delete.
2385 (stack_region::compare_fields): Delete.
2386 (stack_region::clone): Delete.
2387 (stack_region::print_fields): Delete.
2388 (stack_region::dump_child_label): Delete.
2389 (stack_region::validate): Delete.
2390 (stack_region::push_frame): Delete.
2391 (stack_region::get_current_frame_id): Delete.
2392 (stack_region::pop_frame): Delete.
2393 (stack_region::add_to_hash): Delete.
2394 (stack_region::remap_region_ids): Delete.
2395 (stack_region::can_merge_p): Delete.
2396 (stack_region::walk_for_canonicalization): Delete.
2397 (stack_region::get_value_by_name): Delete.
2398 (heap_region::heap_region): Delete.
2399 (heap_region::compare_fields): Delete.
2400 (heap_region::clone): Delete.
2401 (heap_region::walk_for_canonicalization): Delete.
2402 (root_region::root_region): Delete.
2403 (root_region::compare_fields): Delete.
2404 (root_region::clone): Delete.
2405 (root_region::print_fields): Delete.
2406 (root_region::validate): Delete.
2407 (root_region::dump_child_label): Delete.
2408 (root_region::push_frame): Delete.
2409 (root_region::get_current_frame_id): Delete.
2410 (root_region::pop_frame): Delete.
2411 (root_region::ensure_stack_region): Delete.
2412 (root_region::get_stack_region): Delete.
2413 (root_region::ensure_globals_region): Delete.
2414 (root_region::get_code_region): Delete.
2415 (root_region::ensure_code_region): Delete.
2416 (root_region::get_globals_region): Delete.
2417 (root_region::ensure_heap_region): Delete.
2418 (root_region::get_heap_region): Delete.
2419 (root_region::remap_region_ids): Delete.
2420 (root_region::can_merge_p): Delete.
2421 (root_region::add_to_hash): Delete.
2422 (root_region::walk_for_canonicalization): Delete.
2423 (root_region::get_value_by_name): Delete.
2424 (symbolic_region::symbolic_region): Delete.
2425 (symbolic_region::compare_fields): Delete.
2426 (symbolic_region::clone): Delete.
2427 (symbolic_region::walk_for_canonicalization): Delete.
2428 (symbolic_region::print_fields): Delete.
2429 (region_model::region_model): Add region_model_manager * param.
2430 Reimplement in terms of store, dropping impl_constraint_manager
2431 subclass.
2432 (region_model::operator=): Reimplement in terms of store
2433 (region_model::operator==): Likewise.
2434 (region_model::hash): Likewise.
2435 (region_model::print): Delete.
2436 (region_model::print_svalue): Delete.
2437 (region_model::dump_dot_to_pp): Delete.
2438 (region_model::dump_dot_to_file): Delete.
2439 (region_model::dump_dot): Delete.
2440 (region_model::dump_to_pp): Replace "summarize" param with
2441 "simple" and "multiline". Port to store-based implementation.
2442 (region_model::dump): Replace "summarize" param with "simple" and
2443 "multiline".
2444 (dump_vec_of_tree): Delete.
2445 (region_model::dump_summary_of_rep_path_vars): Delete.
2446 (region_model::validate): Delete.
2447 (svalue_id_cmp_by_constant_svalue_model): Delete.
2448 (svalue_id_cmp_by_constant_svalue): Delete.
2449 (region_model::canonicalize): Drop "ctxt" param. Reimplement in
2450 terms of store and constraints.
2451 (region_model::canonicalized_p): Remove NULL arg to canonicalize.
2452 (region_model::loop_replay_fixup): New.
2453 (poisoned_value_diagnostic::emit): Tweak wording of warnings.
2454 (region_model::check_for_poison): Delete.
2455 (region_model::get_gassign_result): New.
2456 (region_model::on_assignment): Port to store-based implementation.
2457 (region_model::on_call_pre): Delete calls to check_for_poison.
2458 Move implementations to region-model-impl-calls.c and port to
2459 store-based implementation.
2460 (region_model::on_call_post): Likewise.
2461 (class reachable_regions): Move to region-model-reachability.h/cc
2462 and port to store-based implementation.
2463 (region_model::handle_unrecognized_call): Port to store-based
2464 implementation.
2465 (region_model::get_reachable_svalues): New.
2466 (region_model::on_setjmp): Port to store-based implementation.
2467 (region_model::on_longjmp): Likewise.
2468 (region_model::handle_phi): Drop is_back_edge param and the logic
2469 using it.
2470 (region_model::get_lvalue_1): Port from region_id to const region *.
2471 (region_model::make_region_for_unexpected_tree_code): Delete.
2472 (assert_compat_types): If the check fails, use internal_error to
2473 show the types.
2474 (region_model::get_lvalue): Port from region_id to const region *.
2475 (region_model::get_rvalue_1): Port from svalue_id to const svalue *.
2476 (region_model::get_rvalue): Likewise.
2477 (region_model::get_or_create_ptr_svalue): Delete.
2478 (region_model::get_or_create_constant_svalue): Delete.
2479 (region_model::get_svalue_for_fndecl): Delete.
2480 (region_model::get_region_for_fndecl): Delete.
2481 (region_model::get_svalue_for_label): Delete.
2482 (region_model::get_region_for_label): Delete.
2483 (build_cast): Delete.
2484 (region_model::maybe_cast_1): Delete.
2485 (region_model::maybe_cast): Delete.
2486 (region_model::get_field_region): Delete.
2487 (region_model::get_store_value): New.
2488 (region_model::region_exists_p): New.
2489 (region_model::deref_rvalue): Port from svalue_id to const svalue *.
2490 (region_model::set_value): Likewise.
2491 (region_model::clobber_region): New.
2492 (region_model::purge_region): New.
2493 (region_model::zero_fill_region): New.
2494 (region_model::mark_region_as_unknown): New.
2495 (region_model::eval_condition): Port from svalue_id to
2496 const svalue *.
2497 (region_model::eval_condition_without_cm): Likewise.
2498 (region_model::compare_initial_and_pointer): New.
2499 (region_model::add_constraint): Port from svalue_id to
2500 const svalue *.
2501 (region_model::maybe_get_constant): Delete.
2502 (region_model::get_representative_path_var): New.
2503 (region_model::add_new_malloc_region): Delete.
2504 (region_model::get_representative_tree): Port to const svalue *.
2505 (region_model::get_representative_path_var): Port to
2506 const region *.
2507 (region_model::get_path_vars_for_svalue): Delete.
2508 (region_model::set_to_new_unknown_value): Delete.
2509 (region_model::update_for_phis): Don't pass is_back_edge to handle_phi.
2510 (region_model::update_for_call_superedge): Port from svalue_id to
2511 const svalue *.
2512 (region_model::update_for_return_superedge): Port to store-based
2513 implementation.
2514 (region_model::update_for_call_summary): Replace
2515 set_to_new_unknown_value with mark_region_as_unknown.
2516 (region_model::get_root_region): Delete.
2517 (region_model::get_stack_region_id): Delete.
2518 (region_model::push_frame): Delete.
2519 (region_model::get_current_frame_id): Delete.
2520 (region_model::get_current_function): Delete.
2521 (region_model::pop_frame): Delete.
2522 (region_model::on_top_level_param): New.
2523 (region_model::get_stack_depth): Delete.
2524 (region_model::get_function_at_depth): Delete.
2525 (region_model::get_globals_region_id): Delete.
2526 (region_model::add_svalue): Delete.
2527 (region_model::replace_svalue): Delete.
2528 (region_model::add_region): Delete.
2529 (region_model::get_svalue): Delete.
2530 (region_model::get_region): Delete.
2531 (make_region_for_type): Delete.
2532 (region_model::add_region_for_type): Delete.
2533 (region_model::on_top_level_param): New.
2534 (class restrict_to_used_svalues): Delete.
2535 (region_model::purge_unused_svalues): Delete.
2536 (region_model::push_frame): New.
2537 (region_model::remap_svalue_ids): Delete.
2538 (region_model::remap_region_ids): Delete.
2539 (region_model::purge_regions): Delete.
2540 (region_model::get_descendents): Delete.
2541 (region_model::delete_region_and_descendents): Delete.
2542 (region_model::poison_any_pointers_to_bad_regions): Delete.
2543 (region_model::can_merge_with_p): Delete.
2544 (region_model::get_current_function): New.
2545 (region_model::get_value_by_name): Delete.
2546 (region_model::convert_byte_offset_to_array_index): Delete.
2547 (region_model::pop_frame): New.
2548 (region_model::get_or_create_mem_ref): Delete.
2549 (region_model::get_stack_depth): New.
2550 (region_model::get_frame_at_index): New.
2551 (region_model::unbind_region_and_descendents): New.
2552 (struct bad_pointer_finder): New.
2553 (region_model::get_or_create_pointer_plus_expr): Delete.
2554 (region_model::poison_any_pointers_to_descendents): New.
2555 (region_model::get_or_create_view): Delete.
2556 (region_model::can_merge_with_p): New.
2557 (region_model::get_fndecl_for_call): Port from svalue_id to
2558 const svalue *.
2559 (struct append_ssa_names_cb_data): New.
2560 (get_ssa_name_regions_for_current_frame): New.
2561 (region_model::append_ssa_names_cb): New.
2562 (model_merger::dump_to_pp): Add "simple" param. Drop dumping of
2563 remappings.
2564 (model_merger::dump): Add "simple" param to both overloads.
2565 (model_merger::can_merge_values_p): Delete.
2566 (model_merger::record_regions): Delete.
2567 (model_merger::record_svalues): Delete.
2568 (svalue_id_merger_mapping::svalue_id_merger_mapping): Delete.
2569 (svalue_id_merger_mapping::dump_to_pp): Delete.
2570 (svalue_id_merger_mapping::dump): Delete.
2571 (region_model::create_region_for_heap_alloc): New.
2572 (region_model::create_region_for_alloca): New.
2573 (region_model::record_dynamic_extents): New.
2574 (canonicalization::canonicalization): Delete.
2575 (canonicalization::walk_rid): Delete.
2576 (canonicalization::walk_sid): Delete.
2577 (canonicalization::dump_to_pp): Delete.
2578 (canonicalization::dump): Delete.
2579 (inchash::add): Delete overloads for svalue_id and region_id.
2580 (engine::log_stats): New.
2581 (assert_condition): Add overload comparing svalues.
2582 (assert_dump_eq): Pass "true" for multiline.
2583 (selftest::test_dump): Update for rewrite of region_model.
2584 (selftest::test_dump_2): Rename to...
2585 (selftest::test_struct): ...this. Provide a region_model_manager
2586 when creating region_model instance. Remove dump test. Add
2587 checks for get_offset.
2588 (selftest::test_dump_3): Rename to...
2589 (selftest::test_array_1): ...this. Provide a region_model_manager
2590 when creating region_model instance. Remove dump test.
2591 (selftest::test_get_representative_tree): Port from svalue_id to
2592 new API. Add test coverage for various expressions.
2593 (selftest::test_unique_constants): Provide a region_model_manager
2594 for the region_model. Add test coverage for comparing const vs
2595 non-const.
2596 (selftest::test_svalue_equality): Delete.
2597 (selftest::test_region_equality): Delete.
2598 (selftest::test_unique_unknowns): New.
2599 (class purge_all_svalue_ids): Delete.
2600 (class purge_one_svalue_id): Delete.
2601 (selftest::test_purging_by_criteria): Delete.
2602 (selftest::test_initial_svalue_folding): New.
2603 (selftest::test_unaryop_svalue_folding): New.
2604 (selftest::test_binop_svalue_folding): New.
2605 (selftest::test_sub_svalue_folding): New.
2606 (selftest::test_purge_unused_svalues): Delete.
2607 (selftest::test_descendent_of_p): New.
2608 (selftest::test_assignment): Provide a region_model_manager for
2609 the region_model. Drop the dump test.
2610 (selftest::test_compound_assignment): Likewise.
2611 (selftest::test_stack_frames): Port to new implementation.
2612 (selftest::test_get_representative_path_var): Likewise.
2613 (selftest::test_canonicalization_1): Rename to...
2614 (selftest::test_equality_1): ...this. Port to new API, and add
2615 (selftest::test_canonicalization_2): Provide a
2616 region_model_manager when creating region_model instances.
2617 Remove redundant canicalization.
2618 (selftest::test_canonicalization_3): Provide a
2619 region_model_manager when creating region_model instances.
2620 Remove param from calls to region_model::canonicalize.
2621 (selftest::test_canonicalization_4): Likewise.
2622 (selftest::assert_region_models_merge): Constify
2623 out_merged_svalue. Port to new API.
2624 (selftest::test_state_merging): Provide a
2625 region_model_manager when creating region_model instances.
2626 Provide a program_point point when merging them. Replace
2627 set_to_new_unknown_value with usage of placeholder_svalues.
2628 Drop get_value_by_name. Port from svalue_id to const svalue *.
2629 Add test of heap allocation.
2630 (selftest::test_constraint_merging): Provide a
2631 region_model_manager when creating region_model instances.
2632 Provide a program_point point when merging them. Eliminate use
2633 of set_to_new_unknown_value.
2634 (selftest::test_widening_constraints): New.
2635 (selftest::test_iteration_1): New.
2636 (selftest::test_malloc_constraints): Port to store-based
2637 implementation.
2638 (selftest::test_var): New test.
2639 (selftest::test_array_2): New test.
2640 (selftest::test_mem_ref): New test.
2641 (selftest::test_POINTER_PLUS_EXPR_then_MEM_REF): New.
2642 (selftest::test_malloc): New.
2643 (selftest::test_alloca): New.
2644 (selftest::analyzer_region_model_cc_tests): Update for renamings.
2645 Call new functions.
2646 * region-model.h (class path_var): Move to analyzer.h.
2647 (class svalue_id): Delete.
2648 (class region_id): Delete.
2649 (class id_map): Delete.
2650 (svalue_id_map): Delete.
2651 (region_id_map): Delete.
2652 (id_map<T>::id_map): Delete.
2653 (id_map<T>::put): Delete.
2654 (id_map<T>::get_dst_for_src): Delete.
2655 (id_map<T>::get_src_for_dst): Delete.
2656 (id_map<T>::dump_to_pp): Delete.
2657 (id_map<T>::dump): Delete.
2658 (id_map<T>::update): Delete.
2659 (one_way_svalue_id_map): Delete.
2660 (one_way_region_id_map): Delete.
2661 (class region_id_set): Delete.
2662 (class svalue_id_set): Delete.
2663 (struct complexity): New.
2664 (class visitor): New.
2665 (enum svalue_kind): Add SK_SETJMP, SK_INITIAL, SK_UNARYOP,
2666 SK_BINOP, SK_SUB,SK_UNMERGEABLE, SK_PLACEHOLDER, SK_WIDENING,
2667 SK_COMPOUND, and SK_CONJURED.
2668 (svalue::operator==): Delete.
2669 (svalue::operator!=): Delete.
2670 (svalue::clone): Delete.
2671 (svalue::hash): Delete.
2672 (svalue::dump_dot_to_pp): Delete.
2673 (svalue::dump_to_pp): New.
2674 (svalue::dump): New.
2675 (svalue::get_desc): New.
2676 (svalue::dyn_cast_initial_svalue): New.
2677 (svalue::dyn_cast_unaryop_svalue): New.
2678 (svalue::dyn_cast_binop_svalue): New.
2679 (svalue::dyn_cast_sub_svalue): New.
2680 (svalue::dyn_cast_unmergeable_svalue): New.
2681 (svalue::dyn_cast_widening_svalue): New.
2682 (svalue::dyn_cast_compound_svalue): New.
2683 (svalue::dyn_cast_conjured_svalue): New.
2684 (svalue::maybe_undo_cast): New.
2685 (svalue::unwrap_any_unmergeable): New.
2686 (svalue::remap_region_ids): Delete
2687 (svalue::can_merge_p): New.
2688 (svalue::walk_for_canonicalization): Delete
2689 (svalue::get_complexity): New.
2690 (svalue::get_child_sid): Delete
2691 (svalue::accept): New.
2692 (svalue::live_p): New.
2693 (svalue::implicitly_live_p): New.
2694 (svalue::svalue): Add complexity param.
2695 (svalue::add_to_hash): Delete
2696 (svalue::print_details): Delete
2697 (svalue::m_complexity): New field.
2698 (region_svalue::key_t): New struct.
2699 (region_svalue::region_svalue): Port from region_id to
2700 const region_id *. Add complexity.
2701 (region_svalue::compare_fields): Delete.
2702 (region_svalue::clone): Delete.
2703 (region_svalue::dump_dot_to_pp): Delete.
2704 (region_svalue::get_pointee): Port from region_id to
2705 const region_id *.
2706 (region_svalue::remap_region_ids): Delete.
2707 (region_svalue::merge_values): Delete.
2708 (region_svalue::dump_to_pp): New.
2709 (region_svalue::accept): New.
2710 (region_svalue::walk_for_canonicalization): Delete.
2711 (region_svalue::eval_condition): Make params const.
2712 (region_svalue::add_to_hash): Delete.
2713 (region_svalue::print_details): Delete.
2714 (region_svalue::m_rid): Replace with...
2715 (region_svalue::m_reg): ...this.
2716 (is_a_helper <region_svalue *>::test): Convert to...
2717 (is_a_helper <const region_svalue *>::test): ...this.
2718 (template <> struct default_hash_traits<region_svalue::key_t>):
2719 New.
2720 (constant_svalue::constant_svalue): Add complexity.
2721 (constant_svalue::compare_fields): Delete.
2722 (constant_svalue::clone): Delete.
2723 (constant_svalue::add_to_hash): Delete.
2724 (constant_svalue::dump_to_pp): New.
2725 (constant_svalue::accept): New.
2726 (constant_svalue::implicitly_live_p): New.
2727 (constant_svalue::merge_values): Delete.
2728 (constant_svalue::eval_condition): Make params const.
2729 (constant_svalue::get_child_sid): Delete.
2730 (constant_svalue::print_details): Delete.
2731 (is_a_helper <constant_svalue *>::test): Convert to...
2732 (is_a_helper <const constant_svalue *>::test): ...this.
2733 (class unknown_svalue): Update leading comment.
2734 (unknown_svalue::unknown_svalue): Add complexity.
2735 (unknown_svalue::compare_fields): Delete.
2736 (unknown_svalue::add_to_hash): Delete.
2737 (unknown_svalue::dyn_cast_unknown_svalue): Delete.
2738 (unknown_svalue::print_details): Delete.
2739 (unknown_svalue::dump_to_pp): New.
2740 (unknown_svalue::accept): New.
2741 (poisoned_svalue::key_t): New struct.
2742 (poisoned_svalue::poisoned_svalue): Add complexity.
2743 (poisoned_svalue::compare_fields): Delete.
2744 (poisoned_svalue::clone): Delete.
2745 (poisoned_svalue::add_to_hash): Delete.
2746 (poisoned_svalue::dump_to_pp): New.
2747 (poisoned_svalue::accept): New.
2748 (poisoned_svalue::print_details): Delete.
2749 (is_a_helper <poisoned_svalue *>::test): Convert to...
2750 (is_a_helper <const poisoned_svalue *>::test): ...this.
2751 (template <> struct default_hash_traits<poisoned_svalue::key_t>):
2752 New.
2753 (setjmp_record::add_to_hash): New.
2754 (setjmp_svalue::key_t): New struct.
2755 (setjmp_svalue::compare_fields): Delete.
2756 (setjmp_svalue::clone): Delete.
2757 (setjmp_svalue::add_to_hash): Delete.
2758 (setjmp_svalue::setjmp_svalue): Add complexity.
2759 (setjmp_svalue::dump_to_pp): New.
2760 (setjmp_svalue::accept): New.
2761 (setjmp_svalue::void print_details): Delete.
2762 (is_a_helper <const setjmp_svalue *>::test): New.
2763 (template <> struct default_hash_traits<setjmp_svalue::key_t>): New.
2764 (class initial_svalue : public svalue): New.
2765 (is_a_helper <const initial_svalue *>::test): New.
2766 (class unaryop_svalue): New.
2767 (is_a_helper <const unaryop_svalue *>::test): New.
2768 (template <> struct default_hash_traits<unaryop_svalue::key_t>): New.
2769 (class binop_svalue): New.
2770 (is_a_helper <const binop_svalue *>::test): New.
2771 (template <> struct default_hash_traits<binop_svalue::key_t>): New.
2772 (class sub_svalue): New.
2773 (is_a_helper <const sub_svalue *>::test): New.
2774 (template <> struct default_hash_traits<sub_svalue::key_t>): New.
2775 (class unmergeable_svalue): New.
2776 (is_a_helper <const unmergeable_svalue *>::test): New.
2777 (class placeholder_svalue): New.
2778 (is_a_helper <placeholder_svalue *>::test): New.
2779 (class widening_svalue): New.
2780 (is_a_helper <widening_svalue *>::test): New.
2781 (template <> struct default_hash_traits<widening_svalue::key_t>): New.
2782 (class compound_svalue): New.
2783 (is_a_helper <compound_svalue *>::test): New.
2784 (template <> struct default_hash_traits<compound_svalue::key_t>): New.
2785 (class conjured_svalue): New.
2786 (is_a_helper <conjured_svalue *>::test): New.
2787 (template <> struct default_hash_traits<conjured_svalue::key_t>): New.
2788 (enum region_kind): Delete RK_PRIMITIVE, RK_STRUCT, RK_UNION, and
2789 RK_ARRAY. Add RK_LABEL, RK_DECL, RK_FIELD, RK_ELEMENT, RK_OFFSET,
2790 RK_CAST, RK_HEAP_ALLOCATED, RK_ALLOCA, RK_STRING, and RK_UNKNOWN.
2791 (region_kind_to_str): Delete.
2792 (region::~region): Move implementation to region.cc.
2793 (region::operator==): Delete.
2794 (region::operator!=): Delete.
2795 (region::clone): Delete.
2796 (region::get_id): New.
2797 (region::cmp_ids): New.
2798 (region::dyn_cast_map_region): Delete.
2799 (region::dyn_cast_array_region): Delete.
2800 (region::region_id get_parent): Delete.
2801 (region::get_parent_region): Convert to a simple accessor.
2802 (region::void set_value): Delete.
2803 (region::svalue_id get_value): Delete.
2804 (region::svalue_id get_value_direct): Delete.
2805 (region::svalue_id get_inherited_child_sid): Delete.
2806 (region::dyn_cast_frame_region): New.
2807 (region::dyn_cast_function_region): New.
2808 (region::dyn_cast_decl_region): New.
2809 (region::dyn_cast_field_region): New.
2810 (region::dyn_cast_element_region): New.
2811 (region::dyn_cast_offset_region): New.
2812 (region::dyn_cast_cast_region): New.
2813 (region::dyn_cast_string_region): New.
2814 (region::accept): New.
2815 (region::get_base_region): New.
2816 (region::base_region_p): New.
2817 (region::descendent_of_p): New.
2818 (region::maybe_get_frame_region): New.
2819 (region::maybe_get_decl): New.
2820 (region::hash): Delete.
2821 (region::rint): Delete.
2822 (region::dump_dot_to_pp): Delete.
2823 (region::get_desc): New.
2824 (region::dump_to_pp): Convert to vfunc, changing signature.
2825 (region::dump_child_label): Delete.
2826 (region::remap_svalue_ids): Delete.
2827 (region::remap_region_ids): Delete.
2828 (region::dump): New.
2829 (region::walk_for_canonicalization): Delete.
2830 (region::non_null_p): Drop region_model param.
2831 (region::add_view): Delete.
2832 (region::get_view): Delete.
2833 (region::get_active_view): Delete.
2834 (region::is_view_p): Delete.
2835 (region::cmp_ptrs): New.
2836 (region::validate): Delete.
2837 (region::get_offset): New.
2838 (region::get_byte_size): New.
2839 (region::get_bit_size): New.
2840 (region::get_subregions_for_binding): New.
2841 (region::region): Add complexity param. Convert parent from
2842 region_id to const region *. Drop svalue_id. Drop copy ctor.
2843 (region::symbolic_for_unknown_ptr_p): New.
2844 (region::add_to_hash): Delete.
2845 (region::print_fields): Delete.
2846 (region::get_complexity): New accessor.
2847 (region::become_active_view): Delete.
2848 (region::deactivate_any_active_view): Delete.
2849 (region::deactivate_view): Delete.
2850 (region::calc_offset): New.
2851 (region::m_parent_rid): Delete.
2852 (region::m_sval_id): Delete.
2853 (region::m_complexity): New.
2854 (region::m_id): New.
2855 (region::m_parent): New.
2856 (region::m_view_rids): Delete.
2857 (region::m_is_view): Delete.
2858 (region::m_active_view_rid): Delete.
2859 (region::m_cached_offset): New.
2860 (is_a_helper <region *>::test): Convert to...
2861 (is_a_helper <const region *>::test): ... this.
2862 (class primitive_region): Delete.
2863 (class space_region): New.
2864 (class map_region): Delete.
2865 (is_a_helper <map_region *>::test): Delete.
2866 (class frame_region): Reimplement.
2867 (template <> struct default_hash_traits<frame_region::key_t>):
2868 New.
2869 (class globals_region): Reimplement.
2870 (is_a_helper <globals_region *>::test): Convert to...
2871 (is_a_helper <const globals_region *>::test): ...this.
2872 (class struct_or_union_region): Delete.
2873 (is_a_helper <struct_or_union_region *>::test): Delete.
2874 (class code_region): Reimplement.
2875 (is_a_helper <const code_region *>::test): New.
2876 (class struct_region): Delete.
2877 (is_a_helper <struct_region *>::test): Delete.
2878 (class function_region): Reimplement.
2879 (is_a_helper <function_region *>::test): Convert to...
2880 (is_a_helper <const function_region *>::test): ...this.
2881 (class union_region): Delete.
2882 (is_a_helper <union_region *>::test): Delete.
2883 (class label_region): New.
2884 (is_a_helper <const label_region *>::test): New.
2885 (class scope_region): Delete.
2886 (class stack_region): Reimplement.
2887 (is_a_helper <stack_region *>::test): Convert to...
2888 (is_a_helper <const stack_region *>::test): ...this.
2889 (class heap_region): Reimplement.
2890 (is_a_helper <heap_region *>::test): Convert to...
2891 (is_a_helper <const heap_region *>::test): ...this.
2892 (class root_region): Reimplement.
2893 (is_a_helper <root_region *>::test): Convert to...
2894 (is_a_helper <const root_region *>::test): ...this.
2895 (class symbolic_region): Reimplement.
2896 (is_a_helper <const symbolic_region *>::test): New.
2897 (template <> struct default_hash_traits<symbolic_region::key_t>):
2898 New.
2899 (class decl_region): New.
2900 (is_a_helper <const decl_region *>::test): New.
2901 (class field_region): New.
2902 (template <> struct default_hash_traits<field_region::key_t>): New.
2903 (class array_region): Delete.
2904 (class element_region): New.
2905 (is_a_helper <array_region *>::test): Delete.
2906 (is_a_helper <const element_region *>::test): New.
2907 (template <> struct default_hash_traits<element_region::key_t>):
2908 New.
2909 (class offset_region): New.
2910 (is_a_helper <const offset_region *>::test): New.
2911 (template <> struct default_hash_traits<offset_region::key_t>):
2912 New.
2913 (class cast_region): New.
2914 (is_a_helper <const cast_region *>::test): New.
2915 (template <> struct default_hash_traits<cast_region::key_t>): New.
2916 (class heap_allocated_region): New.
2917 (class alloca_region): New.
2918 (class string_region): New.
2919 (is_a_helper <const string_region *>::test): New.
2920 (class unknown_region): New.
2921 (class region_model_manager): New.
2922 (struct append_ssa_names_cb_data): New.
2923 (class call_details): New.
2924 (region_model::region_model): Add region_model_manager param.
2925 (region_model::print_svalue): Delete.
2926 (region_model::dump_dot_to_pp): Delete.
2927 (region_model::dump_dot_to_file): Delete.
2928 (region_model::dump_dot): Delete.
2929 (region_model::dump_to_pp): Drop summarize param in favor of
2930 simple and multiline.
2931 (region_model::dump): Likewise.
2932 (region_model::summarize_to_pp): Delete.
2933 (region_model::summarize): Delete.
2934 (region_model::void canonicalize): Drop ctxt param.
2935 (region_model::void check_for_poison): Delete.
2936 (region_model::get_gassign_result): New.
2937 (region_model::impl_call_alloca): New.
2938 (region_model::impl_call_analyzer_describe): New.
2939 (region_model::impl_call_analyzer_eval): New.
2940 (region_model::impl_call_builtin_expect): New.
2941 (region_model::impl_call_calloc): New.
2942 (region_model::impl_call_free): New.
2943 (region_model::impl_call_malloc): New.
2944 (region_model::impl_call_memset): New.
2945 (region_model::impl_call_strlen): New.
2946 (region_model::get_reachable_svalues): New.
2947 (region_model::handle_phi): Drop is_back_edge param.
2948 (region_model::region_id get_root_rid): Delete.
2949 (region_model::root_region *get_root_region): Delete.
2950 (region_model::region_id get_stack_region_id): Delete.
2951 (region_model::push_frame): Convert from region_id and svalue_id
2952 to const region * and const svalue *.
2953 (region_model::get_current_frame_id): Replace with...
2954 (region_model::get_current_frame): ...this.
2955 (region_model::pop_frame): Convert from region_id to
2956 const region *. Drop purge and stats param. Add out_result.
2957 (region_model::function *get_function_at_depth): Delete.
2958 (region_model::get_globals_region_id): Delete.
2959 (region_model::add_svalue): Delete.
2960 (region_model::replace_svalue): Delete.
2961 (region_model::add_region): Delete.
2962 (region_model::add_region_for_type): Delete.
2963 (region_model::get_svalue): Delete.
2964 (region_model::get_region): Delete.
2965 (region_model::get_lvalue): Convert from region_id to
2966 const region *.
2967 (region_model::get_rvalue): Convert from svalue_id to
2968 const svalue *.
2969 (region_model::get_or_create_ptr_svalue): Delete.
2970 (region_model::get_or_create_constant_svalue): Delete.
2971 (region_model::get_svalue_for_fndecl): Delete.
2972 (region_model::get_svalue_for_label): Delete.
2973 (region_model::get_region_for_fndecl): Delete.
2974 (region_model::get_region_for_label): Delete.
2975 (region_model::get_frame_at_index (int index) const;): New.
2976 (region_model::maybe_cast): Delete.
2977 (region_model::maybe_cast_1): Delete.
2978 (region_model::get_field_region): Delete.
2979 (region_model::id deref_rvalue): Convert from region_id and
2980 svalue_id to const region * and const svalue *. Drop overload,
2981 passing in both a tree and an svalue.
2982 (region_model::set_value): Convert from region_id and svalue_id to
2983 const region * and const svalue *.
2984 (region_model::set_to_new_unknown_value): Delete.
2985 (region_model::clobber_region (const region *reg);): New.
2986 (region_model::purge_region (const region *reg);): New.
2987 (region_model::zero_fill_region (const region *reg);): New.
2988 (region_model::mark_region_as_unknown (const region *reg);): New.
2989 (region_model::copy_region): Convert from region_id to
2990 const region *.
2991 (region_model::eval_condition): Convert from svalue_id to
2992 const svalue *.
2993 (region_model::eval_condition_without_cm): Likewise.
2994 (region_model::compare_initial_and_pointer): New.
2995 (region_model:maybe_get_constant): Delete.
2996 (region_model::add_new_malloc_region): Delete.
2997 (region_model::get_representative_tree): Convert from svalue_id to
2998 const svalue *.
2999 (region_model::get_representative_path_var): Delete decl taking a
3000 region_id in favor of two decls, for svalue vs region, with an
3001 svalue_set to ensure termination.
3002 (region_model::get_path_vars_for_svalue): Delete.
3003 (region_model::create_region_for_heap_alloc): New.
3004 (region_model::create_region_for_alloca): New.
3005 (region_model::purge_unused_svalues): Delete.
3006 (region_model::remap_svalue_ids): Delete.
3007 (region_model::remap_region_ids): Delete.
3008 (region_model::purge_regions): Delete.
3009 (region_model::get_num_svalues): Delete.
3010 (region_model::get_num_regions): Delete.
3011 (region_model::get_descendents): Delete.
3012 (region_model::get_store): New.
3013 (region_model::delete_region_and_descendents): Delete.
3014 (region_model::get_manager): New.
3015 (region_model::unbind_region_and_descendents): New.
3016 (region_model::can_merge_with_p): Add point param. Drop
3017 svalue_id_merger_mapping.
3018 (region_model::get_value_by_name): Delete.
3019 (region_model::convert_byte_offset_to_array_index): Delete.
3020 (region_model::get_or_create_mem_ref): Delete.
3021 (region_model::get_or_create_pointer_plus_expr): Delete.
3022 (region_model::get_or_create_view): Delete.
3023 (region_model::get_lvalue_1): Convert from region_id to
3024 const region *.
3025 (region_model::get_rvalue_1): Convert from svalue_id to
3026 const svalue *.
3027 (region_model::get_ssa_name_regions_for_current_frame): New.
3028 (region_model::append_ssa_names_cb): New.
3029 (region_model::get_store_value): New.
3030 (region_model::copy_struct_region): Delete.
3031 (region_model::copy_union_region): Delete.
3032 (region_model::copy_array_region): Delete.
3033 (region_model::region_exists_p): New.
3034 (region_model::make_region_for_unexpected_tree_code): Delete.
3035 (region_model::loop_replay_fixup): New.
3036 (region_model::poison_any_pointers_to_bad_regions): Delete.
3037 (region_model::poison_any_pointers_to_descendents): New.
3038 (region_model::dump_summary_of_rep_path_vars): Delete.
3039 (region_model::on_top_level_param): New.
3040 (region_model::record_dynamic_extents): New.
3041 (region_model::m_mgr;): New.
3042 (region_model::m_store;): New.
3043 (region_model::m_svalues;): Delete.
3044 (region_model::m_regions;): Delete.
3045 (region_model::m_root_rid;): Delete.
3046 (region_model::m_current_frame;): New.
3047 (region_model_context::remap_svalue_ids): Delete.
3048 (region_model_context::can_purge_p): Delete.
3049 (region_model_context::on_svalue_leak): New.
3050 (region_model_context::on_svalue_purge): Delete.
3051 (region_model_context::on_liveness_change): New.
3052 (region_model_context::on_inherited_svalue): Delete.
3053 (region_model_context::on_cast): Delete.
3054 (region_model_context::on_unknown_change): Convert from svalue_id to
3055 const svalue * and add is_mutable.
3056 (class noop_region_model_context): Update for region_model_context
3057 changes.
3058 (model_merger::model_merger): Add program_point. Drop
3059 svalue_id_merger_mapping.
3060 (model_merger::dump_to_pp): Add "simple" param.
3061 (model_merger::dump): Likewise.
3062 (model_merger::get_region_a): Delete.
3063 (model_merger::get_region_b): Delete.
3064 (model_merger::can_merge_values_p): Delete.
3065 (model_merger::record_regions): Delete.
3066 (model_merger::record_svalues): Delete.
3067 (model_merger::m_point): New field.
3068 (model_merger::m_map_regions_from_a_to_m): Delete.
3069 (model_merger::m_map_regions_from_b_to_m): Delete.
3070 (model_merger::m_sid_mapping): Delete.
3071 (struct svalue_id_merger_mapping): Delete.
3072 (class engine): New.
3073 (struct canonicalization): Delete.
3074 (inchash::add): Delete decls for hashing svalue_id and region_id.
3075 (test_region_model_context::on_unexpected_tree_code): Require t to
3076 be non-NULL.
3077 (selftest::assert_condition): Add overload comparing a pair of
3078 const svalue *.
3079 * sm-file.cc: Include "tristate.h", "selftest.h",
3080 "analyzer/call-string.h", "analyzer/program-point.h",
3081 "analyzer/store.h", and "analyzer/region-model.h".
3082 (fileptr_state_machine::get_default_state): New.
3083 (fileptr_state_machine::on_stmt): Remove calls to
3084 get_readable_tree in favor of get_diagnostic_tree.
3085 * sm-malloc.cc: Include "tristate.h", "selftest.h",
3086 "analyzer/call-string.h", "analyzer/program-point.h",
3087 "analyzer/store.h", and "analyzer/region-model.h".
3088 (malloc_state_machine::get_default_state): New.
3089 (malloc_state_machine::reset_when_passed_to_unknown_fn_p): New.
3090 (malloc_diagnostic::describe_state_change): Handle change.m_expr
3091 being NULL.
3092 (null_arg::emit): Avoid printing "NULL '0'".
3093 (null_arg::describe_final_event): Avoid printing "(0) NULL".
3094 (malloc_leak::emit): Handle m_arg being NULL.
3095 (malloc_leak::describe_final_event): Handle ev.m_expr being NULL.
3096 (malloc_state_machine::on_stmt): Don't call get_readable_tree.
3097 Call get_diagnostic_tree when creating pending diagnostics.
3098 Update for is_zero_assignment becoming a member function of
3099 sm_ctxt.
3100 Don't transition to m_non_heap for ADDR_EXPR(MEM_REF()).
3101 (malloc_state_machine::reset_when_passed_to_unknown_fn_p): New
3102 vfunc implementation.
3103 * sm-sensitive.cc (sensitive_state_machine::warn_for_any_exposure): Call
3104 get_diagnostic_tree and pass the result to warn_for_state.
3105 * sm-signal.cc: Move includes of "analyzer/call-string.h" and
3106 "analyzer/program-point.h" to before "analyzer/region-model.h",
3107 and also include "analyzer/store.h" before it.
3108 (signal_unsafe_call::describe_state_change): Use
3109 get_dest_function to get handler.
3110 (update_model_for_signal_handler): Pass manager to region_model
3111 ctor.
3112 (register_signal_handler::impl_transition): Update for changes to
3113 get_or_create_node and add_edge.
3114 * sm-taint.cc (taint_state_machine::on_stmt): Remove calls to
3115 get_readable_tree, replacing them when calling warn_for_state with
3116 calls to get_diagnostic_tree.
3117 * sm.cc (is_zero_assignment): Delete.
3118 (any_pointer_p): Move to within namespace ana.
3119 * sm.h (is_zero_assignment): Remove decl.
3120 (any_pointer_p): Move decl to within namespace ana.
3121 (state_machine::get_default_state): New vfunc.
3122 (state_machine::reset_when_passed_to_unknown_fn_p): New vfunc.
3123 (sm_context::get_readable_tree): Rename to...
3124 (sm_context::get_diagnostic_tree): ...this.
3125 (sm_context::is_zero_assignment): New vfunc.
3126 * store.cc: New file.
3127 * store.h: New file.
3128 * svalue.cc: New file.
3129
2221fb6f
MW		 31302020-05-22 Mark Wielaard <mark@klomp.org>
3131
3132 * sm-signal.cc(signal_unsafe_call::emit): Possibly add
3133 gcc_rich_location note for replacement.
3134 (signal_unsafe_call::get_replacement_fn): New private function.
3135 (get_async_signal_unsafe_fns): Add "exit".
3136
5eae0ac7
DM		 31372020-04-28 David Malcolm <dmalcolm@redhat.com>
3138
3139 PR analyzer/94816
3140 * engine.cc (impl_region_model_context::on_unexpected_tree_code):
3141 Handle NULL tree.
3142 * region-model.cc (region_model::add_region_for_type): Handle
3143 NULL type.
3144 * region-model.h
3145 (test_region_model_context::on_unexpected_tree_code): Handle NULL
3146 tree.
3147
78b97837
DM		 31482020-04-28 David Malcolm <dmalcolm@redhat.com>
3149
3150 PR analyzer/94447
3151 PR analyzer/94639
3152 PR analyzer/94732
3153 PR analyzer/94754
3154 * analyzer.opt (Wanalyzer-use-of-uninitialized-value): Delete.
3155 * program-state.cc (selftest::test_program_state_dumping): Update
3156 expected dump result for removal of "uninit".
3157 * region-model.cc (poison_kind_to_str): Delete POISON_KIND_UNINIT
3158 case.
3159 (root_region::ensure_stack_region): Initialize stack with null
3160 svalue_id rather than with a typeless POISON_KIND_UNINIT value.
3161 (root_region::ensure_heap_region): Likewise for the heap.
3162 (region_model::dump_summary_of_rep_path_vars): Remove
3163 summarization of uninit values.
3164 (region_model::validate): Remove check that the stack has a
3165 POISON_KIND_UNINIT value.
3166 (poisoned_value_diagnostic::emit): Remove POISON_KIND_UNINIT
3167 case.
3168 (poisoned_value_diagnostic::describe_final_event): Likewise.
3169 (selftest::test_dump): Update expected dump result for removal of
3170 "uninit".
3171 (selftest::test_svalue_equality): Remove "uninit" and "freed".
3172 * region-model.h (enum poison_kind): Remove POISON_KIND_UNINIT.
3173
a96f1c38
DM		 31742020-04-01 David Malcolm <dmalcolm@redhat.com>
3175
3176 PR analyzer/94378
3177 * checker-path.cc: Include "bitmap.h".
3178 * constraint-manager.cc: Likewise.
3179 * diagnostic-manager.cc: Likewise.
3180 * engine.cc: Likewise.
3181 (exploded_node::detect_leaks): Pass null region_id to pop_frame.
3182 * program-point.cc: Include "bitmap.h".
3183 * program-state.cc: Likewise.
3184 * region-model.cc (id_set<region_id>::id_set): Convert to...
3185 (region_id_set::region_id_set): ...this.
3186 (svalue_id_set::svalue_id_set): New ctor.
3187 (region_model::copy_region): New function.
3188 (region_model::copy_struct_region): New function.
3189 (region_model::copy_union_region): New function.
3190 (region_model::copy_array_region): New function.
3191 (stack_region::pop_frame): Drop return value. Add
3192 "result_dst_rid" param; if it is non-null, use copy_region to copy
3193 the result to it. Rather than capture and pass a single "known
3194 used" return value to be used by purge_unused_values, instead
3195 gather and pass a set of known used return values.
3196 (root_region::pop_frame): Drop return value. Add "result_dst_rid"
3197 param.
3198 (region_model::on_assignment): Use copy_region.
3199 (region_model::on_return): Likewise for the result.
3200 (region_model::on_longjmp): Pass null for pop_frame's
3201 result_dst_rid.
3202 (region_model::update_for_return_superedge): Pass the region for the
3203 return value of the call, if any, to pop_frame, rather than setting
3204 the lvalue for the lhs of the result.
3205 (region_model::pop_frame): Drop return value. Add
3206 "result_dst_rid" param.
3207 (region_model::purge_unused_svalues): Convert third param from an
3208 svalue_id * to an svalue_id_set *, updating the initial populating
3209 of the "used" bitmap accordingly. Don't remap it when done.
3210 (struct selftest::coord_test): New selftest fixture, extracted from...
3211 (selftest::test_dump_2): ...here.
3212 (selftest::test_compound_assignment): New selftest.
3213 (selftest::test_stack_frames): Pass null to new param of pop_frame.
3214 (selftest::analyzer_region_model_cc_tests): Call the new selftest.
3215 * region-model.h (class id_set): Delete template.
3216 (class region_id_set): Reimplement, using old id_set implementation.
3217 (class svalue_id_set): Likewise. Convert from auto_sbitmap to
3218 auto_bitmap.
3219 (region::get_active_view): New accessor.
3220 (stack_region::pop_frame): Drop return value. Add
3221 "result_dst_rid" param.
3222 (root_region::pop_frame): Likewise.
3223 (region_model::pop_frame): Likewise.
3224 (region_model::copy_region): New decl.
3225 (region_model::purge_unused_svalues): Convert third param from an
3226 svalue_id * to an svalue_id_set *.
3227 (region_model::copy_struct_region): New decl.
3228 (region_model::copy_union_region): New decl.
3229 (region_model::copy_array_region): New decl.
3230
6969ac30
DM		 32312020-03-27 David Malcolm <dmalcolm@redhat.com>
3232
3233 * program-state.cc (selftest::test_program_state_dumping): Update
3234 expected dump to include symbolic_region's possibly_null field.
3235 * region-model.cc (symbolic_region::print_fields): New vfunc
3236 implementation.
3237 (region_model::add_constraint): Clear m_possibly_null from
3238 symbolic_regions now known to be non-NULL.
3239 (selftest::test_malloc_constraints): New selftest.
3240 (selftest::analyzer_region_model_cc_tests): Call it.
3241 * region-model.h (region::dyn_cast_symbolic_region): Add non-const
3242 overload.
3243 (symbolic_region::dyn_cast_symbolic_region): Implement it.
3244 (symbolic_region::print_fields): New vfunc override decl.
3245
42c63313
DM		 32462020-03-27 David Malcolm <dmalcolm@redhat.com>
3247
3248 * analyzer.h (class feasibility_problem): New forward decl.
3249 * diagnostic-manager.cc (saved_diagnostic::saved_diagnostic):
3250 Initialize new fields m_status, m_epath_length, and m_problem.
3251 (saved_diagnostic::~saved_diagnostic): Delete m_problem.
3252 (dedupe_candidate::dedupe_candidate): Convert "sd" param from a
3253 const ref to a mutable ptr.
3254 (dedupe_winners::add): Convert "sd" param from a const ref to a
3255 mutable ptr. Record the length of the exploded_path. Record the
3256 feasibility/infeasibility of sd into sd, capturing a
3257 feasibility_problem when feasible_p fails, and storing it in sd.
3258 (diagnostic_manager::emit_saved_diagnostics): Update for pass by
3259 ptr rather than by const ref.
3260 * diagnostic-manager.h (class saved_diagnostic): Add new enum
3261 status. Add fields m_status, m_epath_length and m_problem.
3262 (saved_diagnostic::set_feasible): New member function.
3263 (saved_diagnostic::set_infeasible): New member function.
3264 (saved_diagnostic::get_feasibility_problem): New accessor.
3265 (saved_diagnostic::get_status): New accessor.
3266 (saved_diagnostic::set_epath_length): New member function.
3267 (saved_diagnostic::get_epath_length): New accessor.
3268 * engine.cc: Include "gimple-pretty-print.h".
3269 (exploded_path::feasible_p): Add OUT param and, if non-NULL, write
3270 a new feasibility_problem to it on failure.
3271 (viz_callgraph_node::dump_dot): Convert begin_tr calls to
3272 begin_trtd. Convert end_tr calls to end_tdtr.
3273 (class exploded_graph_annotator): New subclass of dot_annotator.
3274 (impl_run_checkers): Add a second -fdump-analyzer-supergraph dump
3275 after the analysis runs, using exploded_graph_annotator. dumping
3276 to DUMP_BASE_NAME.supergraph-eg.dot.
3277 * exploded-graph.h (exploded_node::get_dot_fillcolor): Make
3278 public.
3279 (exploded_path::feasible_p): Add OUT param.
3280 (class feasibility_problem): New class.
3281 * state-purge.cc (state_purge_annotator::add_node_annotations):
3282 Return a bool, add a "within_table" param.
3283 (print_vec_of_names): Convert begin_tr calls to begin_trtd.
3284 Convert end_tr calls to end_tdtr.
3285 (state_purge_annotator::add_stmt_annotations): Add "within_row"
3286 param.
3287 * state-purge.h ((state_purge_annotator::add_node_annotations):
3288 Return a bool, add a "within_table" param.
3289 (state_purge_annotator::add_stmt_annotations): Add "within_row"
3290 param.
3291 * supergraph.cc (supernode::dump_dot): Call add_node_annotations
3292 twice: as before, passing false for "within_table", then again
3293 with true when within the TABLE element. Convert some begin_tr
3294 calls to begin_trtd, and some end_tr calls to end_tdtr.
3295 Repeat each add_stmt_annotations call, distinguishing between
3296 calls that add TRs and those that add TDs to an existing TR.
3297 Add a call to add_after_node_annotations.
3298 * supergraph.h (dot_annotator::add_node_annotations): Add a
3299 "within_table" param.
3300 (dot_annotator::add_stmt_annotations): Add a "within_row" param.
3301 (dot_annotator::add_after_node_annotations): New vfunc.
3302
8f023575
DM		 33032020-03-27 David Malcolm <dmalcolm@redhat.com>
3304
3305 * diagnostic-manager.cc (dedupe_winners::add): Show the
3306 exploded_node index in the log messages.
3307 (diagnostic_manager::emit_saved_diagnostics): Log a summary of
3308 m_saved_diagnostics at entry.
3309
4d661bb7
DM		 33102020-03-27 David Malcolm <dmalcolm@redhat.com>
3311
3312 * supergraph.cc (superedge::dump): Add space before description;
3313 move newline to non-pretty_printer overload.
3314
884d9141
DM		 33152020-03-18 David Malcolm <dmalcolm@redhat.com>
3316
3317 * region-model.cc: Include "stor-layout.h".
3318 (region_model::dump_to_pp): Rather than calling
3319 dump_summary_of_map on each of the current frame and the globals,
3320 instead get a vec of representative path_vars for all regions,
3321 and then dump a summary of all of them.
3322 (region_model::dump_summary_of_map): Delete, rewriting into...
3323 (region_model::dump_summary_of_rep_path_vars): ...this new
3324 function, working on a vec of path_vars.
3325 (region_model::set_value): New overload.
3326 (region_model::get_representative_path_var): Rename
3327 "parent_region" local to "parent_reg" and consolidate with other
3328 local. Guard test for grandparent being stack on parent_reg being
3329 non-NULL. Move handling for parent being an array_region to
3330 within guard for parent_reg being non-NULL.
3331 (selftest::make_test_compound_type): New function.
3332 (selftest::test_dump_2): New selftest.
3333 (selftest::test_dump_3): New selftest.
3334 (selftest::test_stack_frames): Update expected output from
3335 simplified dump to show "a" and "b" from parent frame and "y" in
3336 child frame.
3337 (selftest::analyzer_region_model_cc_tests): Call test_dump_2 and
3338 test_dump_3.
3339 * region-model.h (region_model::set_value): New overload decl.
3340 (region_model::dump_summary_of_map): Delete.
3341 (region_model::dump_summary_of_rep_path_vars): New.
3342
7d9c107a
DM		 33432020-03-18 David Malcolm <dmalcolm@redhat.com>
3344
3345 * region-model.h (class noop_region_model_context): New subclass
3346 of region_model_context.
3347 (class tentative_region_model_context): Inherit from
3348 noop_region_model_context rather than from region_model_context;
3349 drop redundant vfunc implementations.
3350 (class test_region_model_context): Likewise.
3351
0db2cd17
DM		 33522020-03-18 David Malcolm <dmalcolm@redhat.com>
3353
3354 * engine.cc (exploded_node::exploded_node): Move implementation
3355 here from header; accept point_and_state by const reference rather
3356 than by value.
3357 * exploded-graph.h (exploded_node::exploded_node): Pass
3358 point_and_state by const reference rather than by value. Move
3359 body to engine.cc.
3360
d5029d45
JJ		 33612020-03-18 Jakub Jelinek <jakub@redhat.com>
3362
3363 * sm-malloc.cc (malloc_state_machine::on_stmt): Fix up duplicated word
3364 issue in a comment.
3365 * region-model.cc (region_model::make_region_for_unexpected_tree_code,
3366 region_model::delete_region_and_descendents): Likewise.
3367 * engine.cc (class exploded_cluster): Likewise.
3368 * diagnostic-manager.cc (class path_builder): Likewise.
3369
5c048755
DM		 33702020-03-13 David Malcolm <dmalcolm@redhat.com>
3371
3372 PR analyzer/94099
3373 PR analyzer/94105
3374 * diagnostic-manager.cc (for_each_state_change): Bulletproof
3375 against errors in get_rvalue by passing a
3376 tentative_region_model_context and rejecting if there's an error.
3377 * region-model.cc (region_model::get_lvalue_1): When handling
3378 ARRAY_REF, handle results of error-handling. Handle NOP_EXPR.
3379
90f7c300
DM		 33802020-03-06 David Malcolm <dmalcolm@redhat.com>
3381
3382 * analyzer.h (class array_region): New forward decl.
3383 * program-state.cc (selftest::test_program_state_dumping_2): New.
3384 (selftest::analyzer_program_state_cc_tests): Call it.
3385 * region-model.cc (array_region::constant_from_key): New.
3386 (region_model::get_representative_tree): Handle region_svalue by
3387 generating an ADDR_EXPR.
3388 (region_model::get_representative_path_var): In view handling,
3389 remove erroneous TREE_TYPE when determining the type of the tree.
3390 Handle array regions and STRING_CST.
3391 (selftest::assert_dump_tree_eq): New.
3392 (ASSERT_DUMP_TREE_EQ): New macro.
3393 (selftest::test_get_representative_tree): New selftest.
3394 (selftest::analyzer_region_model_cc_tests): Call it.
3395 * region-model.h (region::dyn_cast_array_region): New vfunc.
3396 (array_region::dyn_cast_array_region): New vfunc implementation.
3397 (array_region::constant_from_key): New decl.
3398
41f99ba6
DM		 33992020-03-06 David Malcolm <dmalcolm@redhat.com>
3400
3401 * analyzer.h (dump_quoted_tree): New decl.
3402 * engine.cc (exploded_node::dump_dot): Pass region model to
3403 sm_state_map::print.
3404 * program-state.cc: Include diagnostic-core.h.
3405 (sm_state_map::print): Add "model" param and use it to print
3406 representative trees. Only print origin information if non-null.
3407 (sm_state_map::dump): Pass NULL for model to print call.
3408 (program_state::print): Pass region model to sm_state_map::print.
3409 (program_state::dump_to_pp): Use spaces rather than newlines when
3410 summarizing. Pass region_model to sm_state_map::print.
3411 (ana::selftest::assert_dump_eq): New function.
3412 (ASSERT_DUMP_EQ): New macro.
3413 (ana::selftest::test_program_state_dumping): New function.
3414 (ana::selftest::analyzer_program_state_cc_tests): Call it.
3415 * program-state.h (program_state::print): Add model param.
3416 * region-model.cc (dump_quoted_tree): New function.
3417 (map_region::print_fields): Use dump_quoted_tree rather than
3418 %qE to avoid lang-dependent output.
3419 (map_region::dump_child_label): Likewise.
3420 (region_model::dump_summary_of_map): For SK_REGION, when
3421 get_representative_path_var fails, print the region id rather than
3422 erroneously printing NULL.
3423 * sm.cc (state_machine::get_state_by_name): New function.
3424 * sm.h (state_machine::get_state_by_name): New decl.
3425
3c1645a3
DM		 34262020-03-04 David Malcolm <dmalcolm@redhat.com>
3427
3428 * region-model.cc (region::validate): Convert model param from ptr
3429 to reference. Update comment to reflect that it's now a vfunc.
3430 (map_region::validate): New vfunc implementation.
3431 (array_region::validate): New vfunc implementation.
3432 (stack_region::validate): New vfunc implementation.
3433 (root_region::validate): New vfunc implementation.
3434 (region_model::validate): Pass a reference rather than a pointer
3435 to the region::validate vfunc.
3436 * region-model.h (region::validate): Make virtual. Convert model
3437 param from ptr to reference.
3438 (map_region::validate): New vfunc decl.
3439 (array_region::validate): New vfunc decl.
3440 (stack_region::validate): New vfunc decl.
3441 (root_region::validate): New vfunc decl.
3442
e516294a
DM		 34432020-03-04 David Malcolm <dmalcolm@redhat.com>
3444
3445 PR analyzer/93993
3446 * region-model.cc (region_model::on_call_pre): Handle
3447 BUILT_IN_EXPECT and its variants.
3448 (region_model::add_any_constraints_from_ssa_def_stmt): Split out
3449 gassign handling into add_any_constraints_from_gassign; add gcall
3450 handling.
3451 (region_model::add_any_constraints_from_gassign): New function,
3452 based on the above. Add handling for NOP_EXPR.
3453 (region_model::add_any_constraints_from_gcall): New function.
3454 (region_model::get_representative_path_var): Handle views.
3455 * region-model.h
3456 (region_model::add_any_constraints_from_ssa_def_stmt): New decl.
3457 (region_model::add_any_constraints_from_gassign): New decl.
3458
3d66e153
DM		 34592020-03-04 David Malcolm <dmalcolm@redhat.com>
3460
3461 PR analyzer/93993
3462 * checker-path.h (state_change_event::get_lvalue): Add ctxt param
3463 and pass it to region_model::get_value call.
3464 * diagnostic-manager.cc (get_any_origin): Pass a
3465 tentative_region_model_context to the calls to get_lvalue and reject
3466 the comparison if errors occur.
3467 (can_be_expr_of_interest_p): New function.
3468 (diagnostic_manager::prune_for_sm_diagnostic): Replace checks for
3469 CONSTANT_CLASS_P with calls to update_for_unsuitable_sm_exprs.
3470 Pass a tentative_region_model_context to the calls to
3471 state_change_event::get_lvalue and reject the comparison if errors
3472 occur.
3473 (diagnostic_manager::update_for_unsuitable_sm_exprs): New.
3474 * diagnostic-manager.h
3475 (diagnostic_manager::update_for_unsuitable_sm_exprs): New decl.
3476 * region-model.h (class tentative_region_model_context): New class.
3477
13e3ba14
DM		 34782020-03-04 David Malcolm <dmalcolm@redhat.com>
3479
3480 * engine.cc (worklist::worklist): Remove unused field m_eg.
3481 (class viz_callgraph_edge): Remove unused field m_call_sedge.
3482 (class viz_callgraph): Remove unused field m_sg.
3483 * exploded-graph.h (worklist::::m_eg): Remove unused field.
3484
13b76912
DM		 34852020-03-02 David Malcolm <dmalcolm@redhat.com>
3486
3487 * analyzer.opt (fanalyzer-show-duplicate-count): New option.
3488 * diagnostic-manager.cc
3489 (diagnostic_manager::emit_saved_diagnostic): Use the above to
3490 guard the printing of the duplicate count.
3491
9f00b22f
DM		 34922020-03-02 David Malcolm <dmalcolm@redhat.com>
3493
3494 PR analyzer/93959
3495 * analyzer.cc (is_std_function_p): New function.
3496 (is_std_named_call_p): New functions.
3497 * analyzer.h (is_std_named_call_p): New decl.
3498 * sm-malloc.cc (malloc_state_machine::on_stmt): Check for "std::"
3499 variants when checking for malloc, calloc and free.
3500
71b633aa
DM		 35012020-02-26 David Malcolm <dmalcolm@redhat.com>
3502
3503 PR analyzer/93950
3504 * diagnostic-manager.cc
3505 (diagnostic_manager::prune_for_sm_diagnostic): Assert that var is
3506 either NULL or not a constant. When updating var, bulletproof
3507 against constant values.
3508
0ba70d1b
DM		 35092020-02-26 David Malcolm <dmalcolm@redhat.com>
3510
3511 PR analyzer/93947
3512 * region-model.cc (region_model::get_fndecl_for_call): Gracefully
3513 fail for fn_decls that don't have a cgraph_node.
3514
67fa274c
DM		 35152020-02-26 David Malcolm <dmalcolm@redhat.com>
3516
3517 * bar-chart.cc: New file.
3518 * bar-chart.h: New file.
3519 * engine.cc: Include "analyzer/bar-chart.h".
3520 (stats::log): Only log the m_num_nodes kinds that are non-zero.
3521 (stats::dump): Likewise when dumping.
3522 (stats::get_total_enodes): New.
3523 (exploded_graph::get_or_create_node): Increment the per-point-data
3524 m_excess_enodes when hitting the per-program-point limit on
3525 enodes.
3526 (exploded_graph::print_bar_charts): New.
3527 (exploded_graph::log_stats): Log the number of unprocessed enodes
3528 in the worklist. Call print_bar_charts.
3529 (exploded_graph::dump_stats): Print the number of unprocessed
3530 enodes in the worklist.
3531 * exploded-graph.h (stats::get_total_enodes): New decl.
3532 (struct per_program_point_data): Add field m_excess_enodes.
3533 (exploded_graph::print_bar_charts): New decl.
3534 * supergraph.cc (superedge::dump): New.
3535 (superedge::dump): New.
3536 * supergraph.h (supernode::get_function): New.
3537 (superedge::dump): New decl.
3538 (superedge::dump): New decl.
3539
f2ca2088
DM		 35402020-02-24 David Malcolm <dmalcolm@redhat.com>
3541
3542 * engine.cc (exploded_graph::get_or_create_node): Dump the
3543 program_state to the pp, rather than to stderr.
3544
b3d788a2
DM		 35452020-02-24 David Malcolm <dmalcolm@redhat.com>
3546
3547 PR analyzer/93032
3548 * sm.cc (make_checkers): Require the "taint" checker to be
3549 explicitly enabled.
3550
3a25f345
DM		 35512020-02-24 David Malcolm <dmalcolm@redhat.com>
3552
3553 PR analyzer/93899
3554 * engine.cc
3555 (impl_region_model_context::impl_region_model_context): Add logger
3556 param.
3557 * engine.cc (exploded_graph::add_function_entry): Create an
3558 impl_region_model_context and pass it to the push_frame call.
3559 Bail if the resulting state is invalid.
3560 (exploded_graph::build_initial_worklist): Likewise.
3561 (exploded_graph::build_initial_worklist): Handle the case where
3562 add_function_entry fails.
3563 * exploded-graph.h
3564 (impl_region_model_context::impl_region_model_context): Add logger
3565 param.
3566 * region-model.cc (map_region::get_or_create): Add ctxt param and
3567 pass it to add_region_for_type.
3568 (map_region::can_merge_p): Pass NULL as a ctxt to call to
3569 get_or_create.
3570 (array_region::get_element): Pass ctxt to call to get_or_create.
3571 (array_region::get_or_create): Add ctxt param and pass it to
3572 add_region_for_type.
3573 (root_region::push_frame): Pass ctxt to get_or_create calls.
3574 (region_model::get_lvalue_1): Likewise.
3575 (region_model::make_region_for_unexpected_tree_code): Assert that
3576 ctxt is non-NULL.
3577 (region_model::get_rvalue_1): Pass ctxt to get_svalue_for_fndecl
3578 and get_svalue_for_label calls.
3579 (region_model::get_svalue_for_fndecl): Add ctxt param and pass it
3580 to get_region_for_fndecl.
3581 (region_model::get_region_for_fndecl): Add ctxt param and pass it
3582 to get_or_create.
3583 (region_model::get_svalue_for_label): Add ctxt param and pass it
3584 to get_region_for_label.
3585 (region_model::get_region_for_label): Add ctxt param and pass it
3586 to get_region_for_fndecl and get_or_create.
3587 (region_model::get_field_region): Add ctxt param and pass it to
3588 get_or_create_view and get_or_create.
3589 (make_region_for_type): Replace gcc_unreachable with return NULL.
3590 (region_model::add_region_for_type): Add ctxt param. Handle a
3591 return of NULL from make_region_for_type by calling
3592 make_region_for_unexpected_tree_code.
3593 (region_model::get_or_create_mem_ref): Pass ctxt to calls to
3594 get_or_create_view.
3595 (region_model::get_or_create_view): Add ctxt param and pass it to
3596 add_region_for_type.
3597 (selftest::test_state_merging): Pass ctxt to get_or_create_view.
3598 * region-model.h (region_model::get_or_create): Add ctxt param.
3599 (region_model::add_region_for_type): Likewise.
3600 (region_model::get_svalue_for_fndecl): Likewise.
3601 (region_model::get_svalue_for_label): Likewise.
3602 (region_model::get_region_for_fndecl): Likewise.
3603 (region_model::get_region_for_label): Likewise.
3604 (region_model::get_field_region): Likewise.
3605 (region_model::get_or_create_view): Likewise.
3606
004f2c07
DM		 36072020-02-24 David Malcolm <dmalcolm@redhat.com>
3608
3609 * checker-path.cc (superedge_event::should_filter_p): Update
3610 filter for empty descriptions to cover verbosity level 3 as well
3611 as 2.
3612 * diagnostic-manager.cc: Include "analyzer/reachability.h".
3613 (class path_builder): New class.
3614 (diagnostic_manager::emit_saved_diagnostic): Create a path_builder
3615 and pass it to build_emission_path, rather passing eg; similarly
3616 for add_events_for_eedge and ext_state.
3617 (diagnostic_manager::build_emission_path): Replace "eg" param
3618 with a path_builder, pass it to add_events_for_eedge.
3619 (diagnostic_manager::add_events_for_eedge): Replace ext_state
3620 param with path_builder; pass it to add_events_for_superedge.
3621 (diagnostic_manager::significant_edge_p): New.
3622 (diagnostic_manager::add_events_for_superedge): Add path_builder
3623 param. Reject insignificant edges at verbosity levels below 3.
3624 (diagnostic_manager::prune_for_sm_diagnostic): Update highest
3625 verbosity level to 4.
3626 * diagnostic-manager.h (class path_builder): New forward decl.
3627 (diagnostic_manager::build_emission_path): Replace "eg" param
3628 with a path_builder.
3629 (diagnostic_manager::add_events_for_eedge): Replace ext_state
3630 param with path_builder.
3631 (diagnostic_manager::significant_edge_p): New.
3632 (diagnostic_manager::add_events_for_superedge): Add path_builder
3633 param.
3634 * reachability.h: New file.
3635
0b2b45a6
DM		 36362020-02-18 David Malcolm <dmalcolm@redhat.com>
3637
3638 PR analyzer/93692
3639 * analyzer.opt (fdump-analyzer-callgraph): Rewrite description.
3640
4f40164a
DM		 36412020-02-18 David Malcolm <dmalcolm@redhat.com>
3642
3643 PR analyzer/93777
3644 * region-model.cc (region_model::maybe_cast_1): Replace assertion
3645 that build_cast returns non-NULL with a conditional, falling
3646 through to the logic which returns a new unknown value of the
3647 desired type if it fails.
3648
2e623393
DM		 36492020-02-18 David Malcolm <dmalcolm@redhat.com>
3650
3651 PR analyzer/93778
3652 * engine.cc (impl_region_model_context::on_unknown_tree_code):
3653 Rename to...
3654 (impl_region_model_context::on_unexpected_tree_code): ...this and
3655 convert first argument from path_var to tree.
3656 (exploded_node::on_stmt): Pass ctxt to purge_for_unknown_fncall.
3657 * exploded-graph.h (region_model_context::on_unknown_tree_code):
3658 Rename to...
3659 (region_model_context::on_unexpected_tree_code): ...this and
3660 convert first argument from path_var to tree.
3661 * program-state.cc (sm_state_map::purge_for_unknown_fncall): Add
3662 ctxt param and pass on to calls to get_rvalue.
3663 * program-state.h (sm_state_map::purge_for_unknown_fncall): Add
3664 ctxt param.
3665 * region-model.cc (region_model::handle_unrecognized_call): Pass
3666 ctxt on to call to get_rvalue.
3667 (region_model::get_lvalue_1): Move body of default case to
3668 region_model::make_region_for_unexpected_tree_code and call it.
3669 Within COMPONENT_REF case, reject attempts to handle types other
3670 than RECORD_TYPE and UNION_TYPE.
3671 (region_model::make_region_for_unexpected_tree_code): New
3672 function, based on default case of region_model::get_lvalue_1.
3673 * region-model.h
3674 (region_model::make_region_for_unexpected_tree_code): New decl.
3675 (region_model::on_unknown_tree_code): Rename to...
3676 (region_model::on_unexpected_tree_code): ...this and convert first
3677 argument from path_var to tree.
3678 (class test_region_model_context): Update vfunc implementation for
3679 above change.
3680
a674c7b8
DM		 36812020-02-18 David Malcolm <dmalcolm@redhat.com>
3682
3683 PR analyzer/93774
3684 * region-model.cc
3685 (region_model::convert_byte_offset_to_array_index): Use
3686 int_size_in_bytes before calling size_in_bytes, to gracefully fail
3687 on incomplete types.
3688
d8cde6f9
DM		 36892020-02-17 David Malcolm <dmalcolm@redhat.com>
3690
3691 PR analyzer/93775
3692 * region-model.cc (region_model::get_fndecl_for_call): Handle the
3693 case where the code_region's get_tree_for_child_region returns
3694 NULL.
3695
f76a88eb
DM		 36962020-02-17 David Malcolm <dmalcolm@redhat.com>
3697
3698 PR analyzer/93388
3699 * engine.cc (impl_region_model_context::on_unknown_tree_code):
3700 New.
3701 (exploded_graph::get_or_create_node): Reject invalid states.
3702 * exploded-graph.h
3703 (impl_region_model_context::on_unknown_tree_code): New decl.
3704 (point_and_state::point_and_state): Assert that the state is
3705 valid.
3706 * program-state.cc (program_state::program_state): Initialize
3707 m_valid to true.
3708 (program_state::operator=): Copy m_valid.
3709 (program_state::program_state): Likewise for move constructor.
3710 (program_state::print): Print m_valid.
3711 (program_state::dump_to_pp): Likewise.
3712 * program-state.h (program_state::m_valid): New field.
3713 * region-model.cc (region_model::get_lvalue_1): Implement the
3714 default case by returning a new symbolic region and calling
3715 the context's on_unknown_tree_code, rather than issuing an
3716 internal_error. Implement VIEW_CONVERT_EXPR.
3717 * region-model.h (region_model_context::on_unknown_tree_code): New
3718 vfunc.
3719 (test_region_model_context::on_unknown_tree_code): New.
3720
0993ad65
DM		 37212020-02-17 David Malcolm <dmalcolm@redhat.com>
3722
3723 * sm-malloc.cc (malloc_diagnostic::describe_state_change): For
3724 transition to the "null" state, only say "assuming" when
3725 transitioning from the "unchecked" state.
3726
67098787
DM		 37272020-02-17 David Malcolm <dmalcolm@redhat.com>
3728
3729 * diagnostic-manager.h (diagnostic_manager::get_saved_diagnostic):
3730 Add const overload.
3731 * engine.cc (exploded_node::dump_dot): Dump saved_diagnostics.
3732 * exploded-graph.h (exploded_graph::get_diagnostic_manager): Add
3733 const overload.
3734
91f993b7
DM		 37352020-02-11 David Malcolm <dmalcolm@redhat.com>
3736
3737 PR analyzer/93288
3738 * analysis-plan.cc (analysis_plan::use_summary_p): Look through
3739 the ultimate_alias_target when getting the called function.
3740 * engine.cc (exploded_node::on_stmt): Rename second "ctxt" to
3741 "sm_ctxt". Use the region_model's get_fndecl_for_call rather than
3742 gimple_call_fndecl.
3743 * region-model.cc (region_model::get_fndecl_for_call): Use
3744 ultimate_alias_target on fndecl.
3745 * supergraph.cc (get_ultimate_function_for_cgraph_edge): New
3746 function.
3747 (supergraph_call_edge): Use it when rejecting edges without
3748 functions.
3749 (supergraph::supergraph): Use it to get the function for the
3750 cgraph_edge when building interprocedural superedges.
3751 (callgraph_superedge::get_callee_function): Use it.
3752 * supergraph.h (supergraph::get_num_snodes): Make param const.
3753 (supergraph::function_to_num_snodes_t): Make first type param
3754 const.
3755
a60d9889
DM		 37562020-02-11 David Malcolm <dmalcolm@redhat.com>
3757
3758 PR analyzer/93374
3759 * engine.cc (exploded_edge::exploded_edge): Add ext_state param
3760 and pass it to change.validate.
3761 (exploded_graph::get_or_create_node): Move purging of change
3762 svalues to also cover the case of reusing an existing enode.
3763 (exploded_graph::add_edge): Pass m_ext_state to exploded_edge's
3764 ctor.
3765 * exploded-graph.h (exploded_edge::exploded_edge): Add ext_state
3766 param.
3767 * program-state.cc (state_change::sm_change::validate): Likewise.
3768 Assert that m_sm_idx is sane. Use ext_state to validate
3769 m_old_state and m_new_state.
3770 (state_change::validate): Add ext_state param and pass it to
3771 the sm_change validate calls.
3772 * program-state.h (state_change::sm_change::validate): Add
3773 ext_state param.
3774 (state_change::validate): Likewise.
3775
a0e4929b
DM		 37762020-02-11 David Malcolm <dmalcolm@redhat.com>
3777
3778 PR analyzer/93669
3779 * engine.cc (exploded_graph::dump_exploded_nodes): Handle missing
3780 case of STATUS_WORKLIST in implementation of
3781 "__analyzer_dump_exploded_nodes".
3782
cd28b759
DM		 37832020-02-11 David Malcolm <dmalcolm@redhat.com>
3784
3785 PR analyzer/93649
3786 * constraint-manager.cc (constraint_manager::add_constraint): When
3787 merging equivalence classes and updating m_constant, also update
3788 m_cst_sid.
3789 (constraint_manager::validate): If m_constant is non-NULL assert
3790 that m_cst_sid is non-null and is valid.
3791
5e17c1bd
DM		 37922020-02-11 David Malcolm <dmalcolm@redhat.com>
3793
3794 PR analyzer/93657
3795 * analyzer.opt (fdump-analyzer): Reword description.
3796 (fdump-analyzer-stderr): Likewise.
3797
c46d057f
DM		 37982020-02-11 David Malcolm <dmalcolm@redhat.com>
3799
3800 * region-model.cc (print_quoted_type): New function.
3801 (svalue::print): Use it to replace %qT.
3802 (region::dump_to_pp): Likewise.
3803 (region::dump_child_label): Likewise.
3804 (region::print_fields): Likewise.
3805
eb031d4b
DM		 38062020-02-10 David Malcolm <dmalcolm@redhat.com>
3807
3808 PR analyzer/93659
3809 * analyzer.opt (-param=analyzer-max-recursion-depth=): Fix "tha"
3810 -> "that" typo.
3811 (Wanalyzer-use-of-uninitialized-value): Fix "initialized" ->
3812 "uninitialized" typo.
3813
e87deb37
DM		 38142020-02-10 David Malcolm <dmalcolm@redhat.com>
3815
3816 PR analyzer/93350
3817 * region-model.cc (region_model::get_lvalue_1):
3818 Handle BIT_FIELD_REF.
3819 (make_region_for_type): Handle VECTOR_TYPE.
3820
e953f958
DM		 38212020-02-10 David Malcolm <dmalcolm@redhat.com>
3822
3823 PR analyzer/93647
3824 * diagnostic-manager.cc
3825 (diagnostic_manager::prune_for_sm_diagnostic): Bulletproof against
3826 VAR being constant.
3827 * region-model.cc (region_model::get_lvalue_1): Provide a better
3828 error message when encountering an unhandled tree code.
3829
41a9e940
DM		 38302020-02-10 David Malcolm <dmalcolm@redhat.com>
3831
3832 PR analyzer/93405
3833 * region-model.cc (region_model::get_lvalue_1): Implement
3834 CONST_DECL.
3835
cb273d81
DM		 38362020-02-06 David Malcolm <dmalcolm@redhat.com>
3837
3838 * region-model.cc (region_model::maybe_cast_1): Attempt to provide
3839 a region_svalue if either type is a pointer, rather than if both
3840 types are pointers.
3841
a4d3bfc0
DM		 38422020-02-05 David Malcolm <dmalcolm@redhat.com>
3843
3844 * engine.cc (exploded_node::dump_dot): Show merger enodes.
3845 (worklist::add_node): Assert that the node's m_status is
3846 STATUS_WORKLIST.
3847 (exploded_graph::process_worklist): Likewise for nodes from the
3848 worklist. Set status of merged nodes to STATUS_MERGER.
3849 (exploded_graph::process_node): Set status of node to
3850 STATUS_PROCESSED.
3851 (exploded_graph::dump_exploded_nodes): Rework handling of
3852 "__analyzer_dump_exploded_nodes", splitting enodes by status into
3853 "processed" and "merger", showing the count of just the processed
3854 enodes at the call, rather than the count of all enodes.
3855 * exploded-graph.h (exploded_node::status): New enum.
3856 (exploded_node::exploded_node): Initialize m_status to
3857 STATUS_WORKLIST.
3858 (exploded_node::get_status): New getter.
3859 (exploded_node::set_status): New setter.
3860
1dae549d
DM		 38612020-02-04 David Malcolm <dmalcolm@redhat.com>
3862
3863 PR analyzer/93543
3864 * engine.cc (pod_hash_traits<function_call_string>::mark_empty):
3865 Eliminate reinterpret_cast.
3866 (pod_hash_traits<function_call_string>::is_empty): Likewise.
3867
833f1e66
DM		 38682020-02-03 David Malcolm <dmalcolm@redhat.com>
3869
3870 * constraint-manager.cc (range::constrained_to_single_element):
3871 Replace fold_build2 with fold_binary. Remove unnecessary newline.
3872 (constraint_manager::get_or_add_equiv_class): Replace fold_build2
3873 with fold_binary in two places, and remove out-of-date comment.
3874 (constraint_manager::eval_condition): Replace fold_build2 with
3875 fold_binary.
3876 * region-model.cc (constant_svalue::eval_condition): Likewise.
3877 (region_model::on_assignment): Likewise.
3878
8525d1f5
DM		 38792020-02-03 David Malcolm <dmalcolm@redhat.com>
3880
3881 PR analyzer/93544
3882 * diagnostic-manager.cc
3883 (diagnostic_manager::prune_for_sm_diagnostic): Bulletproof
3884 against bad choices due to bad paths.
3885 * engine.cc (impl_region_model_context::on_phi): New.
3886 * exploded-graph.h (impl_region_model_context::on_phi): New decl.
3887 * region-model.cc (region_model::on_longjmp): Likewise.
3888 (region_model::handle_phi): Add phi param. Call the ctxt's on_phi
3889 vfunc.
3890 (region_model::update_for_phis): Pass phi to handle_phi.
3891 * region-model.h (region_model::handle_phi): Add phi param.
3892 (region_model_context::on_phi): New vfunc.
3893 (test_region_model_context::on_phi): New.
3894 * sm-malloc.cc (malloc_state_machine::on_phi): New.
3895 (malloc_state_machine::on_zero_assignment): New.
3896 * sm.h (state_machine::on_phi): New vfunc.
3897
73f38658
DM		 38982020-02-03 David Malcolm <dmalcolm@redhat.com>
3899
3900 * engine.cc (supernode_cluster::dump_dot): Show BB index as
3901 well as SN index.
3902 * supergraph.cc (supernode::dump_dot): Likewise.
3903
5e10b9a2
DM		 39042020-02-03 David Malcolm <dmalcolm@redhat.com>
3905
3906 PR analyzer/93546
3907 * region-model.cc (region_model::on_call_pre): Update for new
3908 param of symbolic_region ctor.
3909 (region_model::deref_rvalue): Likewise.
3910 (region_model::add_new_malloc_region): Likewise.
3911 (make_region_for_type): Likewise, preserving type.
3912 * region-model.h (symbolic_region::symbolic_region): Add "type"
3913 param and pass it to base class ctor.
3914
287ccd3b
DM		 39152020-02-03 David Malcolm <dmalcolm@redhat.com>
3916
3917 PR analyzer/93547
3918 * constraint-manager.cc
3919 (constraint_manager::get_or_add_equiv_class): Ensure types are
3920 compatible before comparing constants.
3921
67751724
DM		 39222020-01-31 David Malcolm <dmalcolm@redhat.com>
3923
3924 PR analyzer/93457
3925 * region-model.cc (make_region_for_type): Use VOID_TYPE_P rather
3926 than checking against void_type_node.
3927
09bea584
DM		 39282020-01-31 David Malcolm <dmalcolm@redhat.com>
3929
3930 PR analyzer/93373
3931 * region-model.cc (ASSERT_COMPAT_TYPES): Convert to...
3932 (assert_compat_types): ...this, and bail when either type is NULL,
3933 or when VOID_TYPE_P (dst_type).
3934 (region_model::get_lvalue): Update for above conversion.
3935 (region_model::get_rvalue): Likewise.
3936
f1c807e8
DM		 39372020-01-31 David Malcolm <dmalcolm@redhat.com>
3938
3939 PR analyzer/93379
3940 * region-model.cc (region_model::update_for_return_superedge):
3941 Move check for null result so that it also guards setting the
3942 lhs.
3943
455f58ec
DM		 39442020-01-31 David Malcolm <dmalcolm@redhat.com>
3945
3946 PR analyzer/93438
3947 * region-model.cc (stack_region::can_merge_p): Split into a two
3948 pass approach, creating all stack regions first, then populating
3949 them.
3950 (selftest::test_state_merging): Add test coverage for (a) the case
3951 of self-merging a model in which a local in an older stack frame
3952 points to a local in a more recent stack frame (which previously
3953 would ICE), and (b) the case of self-merging a model in which a
3954 local points to a global (which previously worked OK).
3955
182ce042
DM		 39562020-01-31 David Malcolm <dmalcolm@redhat.com>
3957
3958 * analyzer.cc (is_named_call_p): Replace tests for fndecl being
3959 extern at file scope and having a non-NULL DECL_NAME with a call
3960 to maybe_special_function_p.
3961 * function-set.cc (function_set::contains_decl_p): Add call to
3962 maybe_special_function_p.
3963
45eb3e49
DM		 39642020-01-31 David Malcolm <dmalcolm@redhat.com>
3965
3966 PR analyzer/93450
3967 * constraint-manager.cc
3968 (constraint_manager::get_or_add_equiv_class): Only compare constants
3969 if their types are compatible.
3970 * region-model.cc (constant_svalue::eval_condition): Replace check
3971 for identical types with call to types_compatible_p.
3972
42f36563
DM		 39732020-01-30 David Malcolm <dmalcolm@redhat.com>
3974
3975 * program-state.cc (extrinsic_state::dump_to_pp): New.
3976 (extrinsic_state::dump_to_file): New.
3977 (extrinsic_state::dump): New.
3978 * program-state.h (extrinsic_state::dump_to_pp): New decl.
3979 (extrinsic_state::dump_to_file): New decl.
3980 (extrinsic_state::dump): New decl.
3981 * sm.cc: Include "pretty-print.h".
3982 (state_machine::dump_to_pp): New.
3983 * sm.h (state_machine::dump_to_pp): New decl.
3984
ebe9174e
DM		 39852020-01-30 David Malcolm <dmalcolm@redhat.com>
3986
3987 * diagnostic-manager.cc (for_each_state_change): Use
3988 extrinsic_state::get_num_checkers rather than accessing m_checkers
3989 directly.
3990 * program-state.cc (program_state::program_state): Likewise.
3991 * program-state.h (extrinsic_state::m_checkers): Make private.
3992
e978955d
DM		 39932020-01-30 David Malcolm <dmalcolm@redhat.com>
3994
3995 PR analyzer/93356
3996 * region-model.cc (region_model::eval_condition): In both
3997 overloads, bail out immediately on floating-point types.
3998 (region_model::eval_condition_without_cm): Likewise.
3999 (region_model::add_constraint): Likewise.
4000
d177c49c
DM		 40012020-01-30 David Malcolm <dmalcolm@redhat.com>
4002
4003 PR analyzer/93450
4004 * program-state.cc (sm_state_map::set_state): For the overload
4005 taking an svalue_id, bail out if the set_state on the ec does
4006 nothing. Convert the latter's return type from void to bool,
4007 returning true if anything changed.
4008 (sm_state_map::impl_set_state): Convert the return type from void
4009 to bool, returning true if the state changed.
4010 * program-state.h (sm_state_map::set_state): Convert return type
4011 from void to bool.
4012 (sm_state_map::impl_set_state): Likewise.
4013 * region-model.cc (constant_svalue::eval_condition): Only call
4014 fold_build2 if the types are the same.
4015
7892ff37
JJ		 40162020-01-29 Jakub Jelinek <jakub@redhat.com>
4017
4018 * analyzer.h (PUSH_IGNORE_WFORMAT, POP_IGNORE_WFORMAT): Remove.
4019 * constraint-manager.cc: Include diagnostic-core.h before graphviz.h.
4020 (range::dump, equiv_class::print): Don't use PUSH_IGNORE_WFORMAT or
4021 POP_IGNORE_WFORMAT.
4022 * state-purge.cc: Include diagnostic-core.h before
4023 gimple-pretty-print.h.
4024 (state_purge_annotator::add_node_annotations, print_vec_of_names):
4025 Don't use PUSH_IGNORE_WFORMAT or POP_IGNORE_WFORMAT.
4026 * region-model.cc: Move diagnostic-core.h include before graphviz.h.
4027 (path_var::dump, svalue::print, constant_svalue::print_details,
4028 region::dump_to_pp, region::dump_child_label, region::print_fields,
4029 map_region::print_fields, map_region::dump_dot_to_pp,
4030 map_region::dump_child_label, array_region::print_fields,
4031 array_region::dump_dot_to_pp): Don't use PUSH_IGNORE_WFORMAT or
4032 POP_IGNORE_WFORMAT.
4033
5aebfb71
DM		 40342020-01-28 David Malcolm <dmalcolm@redhat.com>
4035
4036 PR analyzer/93316
4037 * engine.cc (rewind_info_t::update_model): Get the longjmp call
4038 stmt via get_longjmp_call () rather than assuming it is the last
4039 stmt in the longjmp's supernode.
4040 (rewind_info_t::add_events_to_path): Get the location_t for the
4041 rewind_from_longjmp_event via get_longjmp_call () rather than from
4042 the supernode's get_end_location ().
4043
6c8e5844
DM		 40442020-01-28 David Malcolm <dmalcolm@redhat.com>
4045
4046 * region-model.cc (poisoned_value_diagnostic::emit): Update for
4047 renaming of warning_at overload to warning_meta.
4048 * sm-file.cc (file_leak::emit): Likewise.
4049 * sm-malloc.cc (double_free::emit): Likewise.
4050 (possible_null_deref::emit): Likewise.
4051 (possible_null_arg::emit): Likewise.
4052 (null_deref::emit): Likewise.
4053 (null_arg::emit): Likewise.
4054 (use_after_free::emit): Likewise.
4055 (malloc_leak::emit): Likewise.
4056 (free_of_non_heap::emit): Likewise.
4057 * sm-sensitive.cc (exposure_through_output_file::emit): Likewise.
4058 * sm-signal.cc (signal_unsafe_call::emit): Likewise.
4059 * sm-taint.cc (tainted_array_index::emit): Likewise.
4060
8c08c983
DM		 40612020-01-27 David Malcolm <dmalcolm@redhat.com>
4062
4063 PR analyzer/93451
4064 * region-model.cc (tree_cmp): For the REAL_CST case, impose an
4065 arbitrary order on NaNs relative to other NaNs and to non-NaNs;
4066 const-correctness tweak.
4067 (ana::selftests::build_real_cst_from_string): New function.
4068 (ana::selftests::append_interesting_constants): New function.
4069 (ana::selftests::test_tree_cmp_on_constants): New test.
4070 (ana::selftests::test_canonicalization_4): New test.
4071 (ana::selftests::analyzer_region_model_cc_tests): Call the new
4072 tests.
4073
2fbea419
DM		 40742020-01-27 David Malcolm <dmalcolm@redhat.com>
4075
4076 PR analyzer/93349
4077 * engine.cc (run_checkers): Save and restore input_location.
4078
6a81cabc
DM		 40792020-01-27 David Malcolm <dmalcolm@redhat.com>
4080
4081 * call-string.cc (call_string::cmp_1): Delete, moving body to...
4082 (call_string::cmp): ...here.
4083 * call-string.h (call_string::cmp_1): Delete decl.
4084 * engine.cc (worklist::key_t::cmp_1): Delete, moving body to...
4085 (worklist::key_t::cmp): ...here. Implement hash comparisons
4086 via comparison rather than subtraction to avoid overflow issues.
4087 * exploded-graph.h (worklist::key_t::cmp_1): Delete decl.
4088 * region-model.cc (tree_cmp): Eliminate buggy checking for
4089 symmetry.
4090
342e14ff
DM		 40912020-01-27 David Malcolm <dmalcolm@redhat.com>
4092
4093 * analyzer.cc (is_named_call_p): Check that fndecl is "extern"
4094 and at file scope. Potentially disregard prefix _ or __ in
4095 fndecl's name. Bail if the identifier is NULL.
4096 (is_setjmp_call_p): Expect a gcall rather than plain gimple.
4097 Remove special-case check for leading prefix, and also check for
4098 sigsetjmp.
4099 (is_longjmp_call_p): Also check for siglongjmp.
4100 (get_user_facing_name): New function.
4101 * analyzer.h (is_setjmp_call_p): Expect a gcall rather than plain
4102 gimple.
4103 (get_user_facing_name): New decl.
4104 * checker-path.cc (setjmp_event::get_desc): Use
4105 get_user_facing_name to avoid hardcoding the function name.
4106 (rewind_event::rewind_event): Add rewind_info param, using it to
4107 initialize new m_rewind_info field, and strengthen the assertion.
4108 (rewind_from_longjmp_event::get_desc): Use get_user_facing_name to
4109 avoid hardcoding the function name.
4110 (rewind_to_setjmp_event::get_desc): Likewise.
4111 * checker-path.h (setjmp_event::setjmp_event): Add setjmp_call
4112 param and use it to initialize...
4113 (setjmp_event::m_setjmp_call): New field.
4114 (rewind_event::rewind_event): Add rewind_info param.
4115 (rewind_event::m_rewind_info): New protected field.
4116 (rewind_from_longjmp_event::rewind_from_longjmp_event): Add
4117 rewind_info param.
4118 (class rewind_to_setjmp_event): Move rewind_info field to parent
4119 class.
4120 * diagnostic-manager.cc (diagnostic_manager::add_events_for_eedge):
4121 Update setjmp-handling for is_setjmp_call_p requiring a gcall;
4122 pass the call to the new setjmp_event.
4123 * engine.cc (exploded_node::on_stmt): Update for is_setjmp_call_p
4124 requiring a gcall.
4125 (stale_jmp_buf::emit): Use get_user_facing_name to avoid
4126 hardcoding the function names.
4127 (exploded_node::on_longjmp): Pass the longjmp_call when
4128 constructing rewind_info.
4129 (rewind_info_t::add_events_to_path): Pass the rewind_info_t to the
4130 rewind_from_longjmp_event's ctor.
4131 * exploded-graph.h (rewind_info_t::rewind_info_t): Add
4132 longjmp_call param.
4133 (rewind_info_t::get_longjmp_call): New.
4134 (rewind_info_t::m_longjmp_call): New.
4135 * region-model.cc (region_model::on_setjmp): Update comment to
4136 indicate this is also for sigsetjmp.
4137 * region-model.h (struct setjmp_record): Likewise.
4138 (class setjmp_svalue): Likewise.
4139
26d949c8
DM		 41402020-01-27 David Malcolm <dmalcolm@redhat.com>
4141
4142 PR analyzer/93276
4143 * analyzer.h (PUSH_IGNORE_WFORMAT, POP_IGNORE_WFORMAT): Guard these
4144 macros with GCC_VERSION >= 4006, making them no-op otherwise.
4145 * engine.cc (exploded_edge::exploded_edge): Specify template for
4146 base class initializer.
4147 (exploded_graph::add_edge): Specify template when chaining up to
4148 base class add_edge implementation.
4149 (viz_callgraph_node::dump_dot): Drop redundant "typename".
4150 (viz_callgraph_edge::viz_callgraph_edge): Specify template for
4151 base class initializer.
4152 * program-state.cc (sm_state_map::clone_with_remapping): Drop
4153 redundant "typename".
4154 (sm_state_map::print): Likewise.
4155 (sm_state_map::hash): Likewise.
4156 (sm_state_map::operator==): Likewise.
4157 (sm_state_map::remap_svalue_ids): Likewise.
4158 (sm_state_map::on_svalue_purge): Likewise.
4159 (sm_state_map::validate): Likewise.
4160 * program-state.h (sm_state_map::iterator_t): Likewise.
4161 * supergraph.h (superedge::superedge): Specify template for base
4162 class initializer.
4163
648796da
DM		 41642020-01-23 David Malcolm <dmalcolm@redhat.com>
4165
4166 PR analyzer/93375
4167 * supergraph.cc (callgraph_superedge::get_arg_for_parm): Fail
4168 gracefully is the number of parameters at the callee exceeds the
4169 number of arguments at the call stmt.
4170 (callgraph_superedge::get_parm_for_arg): Likewise.
4171
591b59eb
DM		 41722020-01-22 David Malcolm <dmalcolm@redhat.com>
4173
4174 PR analyzer/93382
4175 * program-state.cc (sm_state_map::on_svalue_purge): If the
4176 entry survives, but the origin is being purged, then reset the
4177 origin to null.
4178
c9c8aef4
DM		 41792020-01-22 David Malcolm <dmalcolm@redhat.com>
4180
4181 * sm-signal.cc: Fix nesting of CHECKING_P and namespace ana.
4182
fd9982bb
DM		 41832020-01-22 David Malcolm <dmalcolm@redhat.com>
4184
4185 PR analyzer/93378
4186 * engine.cc (setjmp_svalue::compare_fields): Update for
4187 replacement of m_enode with m_setjmp_record.
4188 (setjmp_svalue::add_to_hash): Likewise.
4189 (setjmp_svalue::get_index): Rename...
4190 (setjmp_svalue::get_enode_index): ...to this.
4191 (setjmp_svalue::print_details): Update for replacement of m_enode
4192 with m_setjmp_record.
4193 (exploded_node::on_longjmp): Likewise.
4194 * exploded-graph.h (rewind_info_t::m_enode_origin): Replace...
4195 (rewind_info_t::m_setjmp_record): ...with this.
4196 (rewind_info_t::rewind_info_t): Update for replacement of m_enode
4197 with m_setjmp_record.
4198 (rewind_info_t::get_setjmp_point): Likewise.
4199 (rewind_info_t::get_setjmp_call): Likewise.
4200 * region-model.cc (region_model::dump_summary_of_map): Likewise.
4201 (region_model::on_setjmp): Likewise.
4202 * region-model.h (struct setjmp_record): New struct.
4203 (setjmp_svalue::m_enode): Replace...
4204 (setjmp_svalue::m_setjmp_record): ...with this.
4205 (setjmp_svalue::setjmp_svalue): Update for replacement of m_enode
4206 with m_setjmp_record.
4207 (setjmp_svalue::clone): Likewise.
4208 (setjmp_svalue::get_index): Rename...
4209 (setjmp_svalue::get_enode_index): ...to this.
4210 (setjmp_svalue::get_exploded_node): Replace...
4211 (setjmp_svalue::get_setjmp_record): ...with this.
4212
da7cf663
DM		 42132020-01-22 David Malcolm <dmalcolm@redhat.com>
4214
4215 PR analyzer/93316
4216 * analyzer.cc (is_setjmp_call_p): Check for "setjmp" as well as
4217 "_setjmp".
4218
75038aa6
DM		 42192020-01-22 David Malcolm <dmalcolm@redhat.com>
4220
4221 PR analyzer/93307
4222 * analysis-plan.h: Wrap everything namespace "ana".
4223 * analyzer-logging.cc: Likewise.
4224 * analyzer-logging.h: Likewise.
4225 * analyzer-pass.cc (pass_analyzer::execute): Update for "ana"
4226 namespace.
4227 * analyzer-selftests.cc: Wrap everything namespace "ana".
4228 * analyzer-selftests.h: Likewise.
4229 * analyzer.h: Likewise for forward decls of types.
4230 * call-string.h: Likewise.
4231 * checker-path.cc: Likewise.
4232 * checker-path.h: Likewise.
4233 * constraint-manager.cc: Likewise.
4234 * constraint-manager.h: Likewise.
4235 * diagnostic-manager.cc: Likewise.
4236 * diagnostic-manager.h: Likewise.
4237 * engine.cc: Likewise.
4238 * engine.h: Likewise.
4239 * exploded-graph.h: Likewise.
4240 * function-set.cc: Likewise.
4241 * function-set.h: Likewise.
4242 * pending-diagnostic.cc: Likewise.
4243 * pending-diagnostic.h: Likewise.
4244 * program-point.cc: Likewise.
4245 * program-point.h: Likewise.
4246 * program-state.cc: Likewise.
4247 * program-state.h: Likewise.
4248 * region-model.cc: Likewise.
4249 * region-model.h: Likewise.
4250 * sm-file.cc: Likewise.
4251 * sm-malloc.cc: Likewise.
4252 * sm-pattern-test.cc: Likewise.
4253 * sm-sensitive.cc: Likewise.
4254 * sm-signal.cc: Likewise.
4255 * sm-taint.cc: Likewise.
4256 * sm.cc: Likewise.
4257 * sm.h: Likewise.
4258 * state-purge.h: Likewise.
4259 * supergraph.cc: Likewise.
4260 * supergraph.h: Likewise.
4261
4f01e577
DM		 42622020-01-21 David Malcolm <dmalcolm@redhat.com>
4263
4264 PR analyzer/93352
4265 * region-model.cc (int_cmp): Rename to...
4266 (array_region::key_cmp): ...this, using key_t rather than int.
4267 Rewrite in terms of comparisons rather than subtraction to
4268 ensure qsort is anti-symmetric when handling extreme values.
4269 (array_region::walk_for_canonicalization): Update for above
4270 renaming.
4271 * region-model.h (array_region::key_cmp): New decl.
4272
07c86323
DM		 42732020-01-17 David Malcolm <dmalcolm@redhat.com>
4274
4275 PR analyzer/93290
4276 * region-model.cc (region_model::eval_condition_without_cm): Avoid
4277 gcc_unreachable for unexpected operations for the case where
4278 we're comparing an svalue against itself.
4279
5f030383
DM		 42802020-01-17 David Malcolm <dmalcolm@redhat.com>
4281
4282 PR analyzer/93281
4283 * region-model.cc
4284 (region_model::convert_byte_offset_to_array_index): Convert to
4285 ssizetype before dividing by byte_size. Use fold_binary rather
4286 than fold_build2 to avoid needlessly constructing a tree for the
4287 non-const case.
4288
49e9a999
DM		 42892020-01-15 David Malcolm <dmalcolm@redhat.com>
4290
4291 * engine.cc (class impl_region_model_context): Fix comment.
4292
32077b69
DM		 42932020-01-14 David Malcolm <dmalcolm@redhat.com>
4294
4295 PR analyzer/93212
4296 * region-model.cc (make_region_for_type): Use
4297 FUNC_OR_METHOD_TYPE_P rather than comparing against FUNCTION_TYPE.
4298 * region-model.h (function_region::function_region): Likewise.
4299
7fb3669e
DM		 43002020-01-14 David Malcolm <dmalcolm@redhat.com>
4301
4302 * program-state.cc (sm_state_map::clone_with_remapping): Copy
4303 m_global_state.
4304 (selftest::test_program_state_merging_2): New selftest.
4305 (selftest::analyzer_program_state_cc_tests): Call it.
4306
e2a538b1
DM		 43072020-01-14 David Malcolm <dmalcolm@redhat.com>
4308
4309 * checker-path.h (checker_path::get_checker_event): New function.
4310 (checker_path): Add DISABLE_COPY_AND_ASSIGN; make fields private.
4311 * diagnostic-manager.cc
4312 (diagnostic_manager::prune_for_sm_diagnostic): Replace direct
4313 access to checker_path::m_events with accessor functions. Fix
4314 overlong line.
4315 (diagnostic_manager::prune_interproc_events): Replace direct
4316 access to checker_path::m_events with accessor functions.
4317 (diagnostic_manager::finish_pruning): Likewise.
4318
94946989
DM		 43192020-01-14 David Malcolm <dmalcolm@redhat.com>
4320
4321 * checker-path.h (checker_event::clone): Delete vfunc decl.
4322 (debug_event::clone): Delete vfunc impl.
4323 (custom_event::clone): Delete vfunc impl.
4324 (statement_event::clone): Delete vfunc impl.
4325 (function_entry_event::clone): Delete vfunc impl.
4326 (state_change_event::clone): Delete vfunc impl.
4327 (start_cfg_edge_event::clone): Delete vfunc impl.
4328 (end_cfg_edge_event::clone): Delete vfunc impl.
4329 (call_event::clone): Delete vfunc impl.
4330 (return_event::clone): Delete vfunc impl.
4331 (setjmp_event::clone): Delete vfunc impl.
4332 (rewind_from_longjmp_event::clone): Delete vfunc impl.
4333 (rewind_to_setjmp_event::clone): Delete vfunc impl.
4334 (warning_event::clone): Delete vfunc impl.
4335
718930c0
DM		 43362020-01-14 David Malcolm <dmalcolm@redhat.com>
4337
4338 * supergraph.cc (supernode::dump_dot): Ensure that the TABLE
4339 element has at least one TR.
4340
8397af8e
DM		 43412020-01-14 David Malcolm <dmalcolm@redhat.com>
4342
4343 PR analyzer/58237
4344 * engine.cc (leak_stmt_finder::find_stmt): Use get_pure_location
4345 when comparing against UNKNOWN_LOCATION.
4346 (stmt_requires_new_enode_p): Likewise.
4347 (exploded_graph::dump_exploded_nodes): Likewise.
4348 * supergraph.cc (supernode::get_start_location): Likewise.
4349 (supernode::get_end_location): Likewise.
4350
697251b7
DM		 43512020-01-14 David Malcolm <dmalcolm@redhat.com>
4352
4353 PR analyzer/58237
4354 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
4355 selftest::analyzer_sm_file_cc_tests.
4356 * analyzer-selftests.h (selftest::analyzer_sm_file_cc_tests): New
4357 decl.
4358 * sm-file.cc: Include "analyzer/function-set.h" and
4359 "analyzer/analyzer-selftests.h".
4360 (get_file_using_fns): New function.
4361 (is_file_using_fn_p): New function.
4362 (fileptr_state_machine::on_stmt): Return true for known functions.
4363 (selftest::analyzer_sm_file_cc_tests): New function.
4364
4804c5fe
DM		 43652020-01-14 David Malcolm <dmalcolm@redhat.com>
4366
4367 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
4368 selftest::analyzer_sm_signal_cc_tests.
4369 * analyzer-selftests.h (selftest::analyzer_sm_signal_cc_tests):
4370 New decl.
4371 * sm-signal.cc: Include "analyzer/function-set.h" and
4372 "analyzer/analyzer-selftests.h".
4373 (get_async_signal_unsafe_fns): New function.
4374 (signal_unsafe_p): Reimplement in terms of the above.
4375 (selftest::analyzer_sm_signal_cc_tests): New function.
4376
a6b5f19c
DM		 43772020-01-14 David Malcolm <dmalcolm@redhat.com>
4378
4379 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
4380 selftest::analyzer_function_set_cc_tests.
4381 * analyzer-selftests.h (selftest::analyzer_function_set_cc_tests):
4382 New decl.
4383 * function-set.cc: New file.
4384 * function-set.h: New file.
4385
ef7827b0
DM		 43862020-01-14 David Malcolm <dmalcolm@redhat.com>
4387
4388 * analyzer.h (fndecl_has_gimple_body_p): New decl.
4389 * engine.cc (impl_region_model_context::on_unknown_change): New
4390 function.
4391 (fndecl_has_gimple_body_p): Make non-static.
4392 (exploded_node::on_stmt): Treat __analyzer_dump_exploded_nodes as
4393 known. Track whether we have a call with unknown side-effects and
4394 pass it to on_call_post.
4395 * exploded-graph.h (impl_region_model_context::on_unknown_change):
4396 New decl.
4397 * program-state.cc (sm_state_map::on_unknown_change): New function.
4398 * program-state.h (sm_state_map::on_unknown_change): New decl.
4399 * region-model.cc: Include "bitmap.h".
4400 (region_model::on_call_pre): Return a bool, capturing whether the
4401 call has unknown side effects.
4402 (region_model::on_call_post): Add arg "bool unknown_side_effects"
4403 and if true, call handle_unrecognized_call.
4404 (class reachable_regions): New class.
4405 (region_model::handle_unrecognized_call): New function.
4406 * region-model.h (region_model::on_call_pre): Return a bool.
4407 (region_model::on_call_post): Add arg "bool unknown_side_effects".
4408 (region_model::handle_unrecognized_call): New decl.
4409 (region_model_context::on_unknown_change): New vfunc.
4410 (test_region_model_context::on_unknown_change): New function.
4411
14f9d7b9
DM		 44122020-01-14 David Malcolm <dmalcolm@redhat.com>
4413
4414 * diagnostic-manager.cc (saved_diagnostic::operator==): Move here
4415 from header. Replace pointer equality test on m_var with call to
4416 pending_diagnostic::same_tree_p.
4417 * diagnostic-manager.h (saved_diagnostic::operator==): Move to
4418 diagnostic-manager.cc.
4419 * pending-diagnostic.cc (pending_diagnostic::same_tree_p): New.
4420 * pending-diagnostic.h (pending_diagnostic::same_tree_p): New.
4421 * sm-file.cc (file_diagnostic::subclass_equal_p): Replace pointer
4422 equality on m_arg with call to pending_diagnostic::same_tree_p.
4423 * sm-malloc.cc (malloc_diagnostic::subclass_equal_p): Likewise.
4424 (possible_null_arg::subclass_equal_p): Likewise.
4425 (null_arg::subclass_equal_p): Likewise.
4426 (free_of_non_heap::subclass_equal_p): Likewise.
4427 * sm-pattern-test.cc (pattern_match::operator==): Likewise.
4428 * sm-sensitive.cc (exposure_through_output_file::operator==):
4429 Likewise.
4430 * sm-taint.cc (tainted_array_index::operator==): Likewise.
4431
f474fbd5
DM		 44322020-01-14 David Malcolm <dmalcolm@redhat.com>
4433
4434 * diagnostic-manager.cc (dedupe_winners::add): Add logging
4435 of deduplication decisions made.
4436
757bf1df
DM		 44372020-01-14 David Malcolm <dmalcolm@redhat.com>
4438
4439 * ChangeLog: New file.
4440 * analyzer-selftests.cc: New file.
4441 * analyzer-selftests.h: New file.
4442 * analyzer.opt: New file.
4443 * analysis-plan.cc: New file.
4444 * analysis-plan.h: New file.
4445 * analyzer-logging.cc: New file.
4446 * analyzer-logging.h: New file.
4447 * analyzer-pass.cc: New file.
4448 * analyzer.cc: New file.
4449 * analyzer.h: New file.
4450 * call-string.cc: New file.
4451 * call-string.h: New file.
4452 * checker-path.cc: New file.
4453 * checker-path.h: New file.
4454 * constraint-manager.cc: New file.
4455 * constraint-manager.h: New file.
4456 * diagnostic-manager.cc: New file.
4457 * diagnostic-manager.h: New file.
4458 * engine.cc: New file.
4459 * engine.h: New file.
4460 * exploded-graph.h: New file.
4461 * pending-diagnostic.cc: New file.
4462 * pending-diagnostic.h: New file.
4463 * program-point.cc: New file.
4464 * program-point.h: New file.
4465 * program-state.cc: New file.
4466 * program-state.h: New file.
4467 * region-model.cc: New file.
4468 * region-model.h: New file.
4469 * sm-file.cc: New file.
4470 * sm-malloc.cc: New file.
4471 * sm-malloc.dot: New file.
4472 * sm-pattern-test.cc: New file.
4473 * sm-sensitive.cc: New file.
4474 * sm-signal.cc: New file.
4475 * sm-taint.cc: New file.
4476 * sm.cc: New file.
4477 * sm.h: New file.
4478 * state-purge.cc: New file.
4479 * state-purge.h: New file.
4480 * supergraph.cc: New file.
4481 * supergraph.h: New file.
4482
44832019-12-13 David Malcolm <dmalcolm@redhat.com>
4484
4485 * Initial creation
4486
4487\f
c48514be 4488Copyright (C) 2019-2021 Free Software Foundation, Inc.
757bf1df
DM		 4489
4490Copying and distribution of this file, with or without modification,
4491are permitted in any medium without royalty provided the copyright
4492notice and this notice are preserved.
Mirror of https://gcc.gnu.org/git/gcc.git