]> git.ipfire.org Git - thirdparty/gcc.git/blame - gcc/analyzer/ChangeLog
projects / thirdparty / gcc.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
PR tree-optimization/82800 - Incorrect warning on "may be used uninitialized in varia...
[thirdparty/gcc.git] / gcc / analyzer / ChangeLog
CommitLineData
1d54b138
GA		 12021-04-10 David Malcolm <dmalcolm@redhat.com>
2
3 PR analyzer/100011
4 * region-model.cc (region_model::on_assignment): Avoid NULL
5 dereference if ctxt is NULL when assigning from a STRING_CST.
6
019a9220
GA		 72021-04-08 David Malcolm <dmalcolm@redhat.com>
8
9 PR analyzer/99042
10 PR analyzer/99774
11 * engine.cc
12 (impl_region_model_context::impl_region_model_context): Add
13 uncertainty param and use it to initialize m_uncertainty.
14 (impl_region_model_context::get_uncertainty): New.
15 (impl_sm_context::get_fndecl_for_call): Add NULL for new
16 uncertainty param when constructing impl_region_model_context.
17 (impl_sm_context::get_state): Likewise.
18 (impl_sm_context::set_next_state): Likewise.
19 (impl_sm_context::warn): Likewise.
20 (exploded_node::on_stmt): Add uncertainty param
21 and use it when constructing impl_region_model_context.
22 (exploded_node::on_edge): Add uncertainty param and pass
23 to on_edge call.
24 (exploded_node::detect_leaks): Create uncertainty_t and pass to
25 impl_region_model_context.
26 (exploded_graph::get_or_create_node): Create uncertainty_t and
27 pass to prune_for_point.
28 (maybe_process_run_of_before_supernode_enodes): Create
29 uncertainty_t and pass to impl_region_model_context.
30 (exploded_graph::process_node): Create uncertainty_t instances and
31 pass around as needed.
32 * exploded-graph.h
33 (impl_region_model_context::impl_region_model_context): Add
34 uncertainty param.
35 (impl_region_model_context::get_uncertainty): New decl.
36 (impl_region_model_context::m_uncertainty): New field.
37 (exploded_node::on_stmt): Add uncertainty param.
38 (exploded_node::on_edge): Likewise.
39 * program-state.cc (sm_state_map::on_liveness_change): Get
40 uncertainty from context and use it to unset sm-state from
41 svalues as appropriate.
42 (program_state::on_edge): Add uncertainty param and use it when
43 constructing impl_region_model_context. Fix indentation.
44 (program_state::prune_for_point): Add uncertainty param and use it
45 when constructing impl_region_model_context.
46 (program_state::detect_leaks): Get any uncertainty from ctxt and
47 use it to get maybe-live svalues for dest_state, rather than
48 definitely-live ones; use this when determining which svalues
49 have leaked.
50 (selftest::test_program_state_merging): Create uncertainty_t and
51 pass to impl_region_model_context.
52 * program-state.h (program_state::on_edge): Add uncertainty param.
53 (program_state::prune_for_point): Likewise.
54 * region-model-impl-calls.cc (call_details::get_uncertainty): New.
55 (region_model::impl_call_memcpy): Pass uncertainty to
56 mark_region_as_unknown call.
57 (region_model::impl_call_memset): Likewise.
58 (region_model::impl_call_strcpy): Likewise.
59 * region-model-reachability.cc (reachable_regions::handle_sval):
60 Also add sval to m_mutable_svals.
61 * region-model.cc (region_model::on_assignment): Pass any
62 uncertainty from ctxt to the store::set_value call.
63 (region_model::handle_unrecognized_call): Get any uncertainty from
64 ctxt and use it to record mutable svalues at the unknown call.
65 (region_model::get_reachable_svalues): Add uncertainty param and
66 use it to mark any maybe-bound svalues as being reachable.
67 (region_model::set_value): Pass any uncertainty from ctxt to the
68 store::set_value call.
69 (region_model::mark_region_as_unknown): Add uncertainty param and
70 pass it on to the store::mark_region_as_unknown call.
71 (region_model::update_for_call_summary): Add uncertainty param and
72 pass it on to the region_model::mark_region_as_unknown call.
73 * region-model.h (call_details::get_uncertainty): New decl.
74 (region_model::get_reachable_svalues): Add uncertainty param.
75 (region_model::mark_region_as_unknown): Add uncertainty param.
76 (region_model_context::get_uncertainty): New vfunc.
77 (noop_region_model_context::get_uncertainty): New vfunc
78 implementation.
79 * store.cc (dump_svalue_set): New.
80 (uncertainty_t::dump_to_pp): New.
81 (uncertainty_t::dump): New.
82 (binding_cluster::clobber_region): Pass NULL for uncertainty to
83 remove_overlapping_bindings.
84 (binding_cluster::mark_region_as_unknown): Add uncertainty param
85 and pass it to remove_overlapping_bindings.
86 (binding_cluster::remove_overlapping_bindings): Add uncertainty param.
87 Use it to record any svalues that were in clobbered bindings.
88 (store::set_value): Add uncertainty param. Pass it to
89 binding_cluster::mark_region_as_unknown when handling symbolic
90 regions.
91 (store::mark_region_as_unknown): Add uncertainty param and pass it
92 to binding_cluster::mark_region_as_unknown.
93 (store::remove_overlapping_bindings): Add uncertainty param and
94 pass it to binding_cluster::remove_overlapping_bindings.
95 * store.h (binding_cluster::mark_region_as_unknown): Add
96 uncertainty param.
97 (binding_cluster::remove_overlapping_bindings): Likewise.
98 (store::set_value): Likewise.
99 (store::mark_region_as_unknown): Likewise.
100
b1da9916
GA		 1012021-04-05 David Malcolm <dmalcolm@redhat.com>
102
103 PR analyzer/99906
104 * analyzer.cc (maybe_reconstruct_from_def_stmt): Fix NULL
105 dereference on calls with zero arguments.
106 * sm-malloc.cc (malloc_state_machine::on_stmt): When handling
107 __attribute__((nonnull)), only call get_diagnostic_tree if the
108 result will be used.
109
1102021-04-05 David Malcolm <dmalcolm@redhat.com>
111
112 PR analyzer/99886
113 * diagnostic-manager.cc
114 (diagnostic_manager::prune_interproc_events): Use signed integers
115 when subtracting one from path->num_events ().
116 (diagnostic_manager::consolidate_conditions): Likewise. Convert
117 next_idx to a signed int.
118
f1607029
GA		 1192021-04-01 David Malcolm <dmalcolm@redhat.com>
120
121 * diagnostic-manager.cc (diagnostic_manager::add_diagnostic): Make
122 enode param non-constant, and call add_diagnostic on it. Add
123 enode index to log message.
124 (diagnostic_manager::add_diagnostic): Make enode param
125 non-constant.
126 * diagnostic-manager.h (diagnostic_manager::add_diagnostic):
127 Likewise for both decls.
128 * engine.cc
129 (impl_region_model_context::impl_region_model_context): Likewise
130 for enode_for_diag.
131 (impl_sm_context::impl_sm_context): Likewise.
132 (impl_sm_context::m_enode_for_diag): Likewise.
133 (exploded_node::dump_dot): Don't pass the diagnostic manager
134 to dump_saved_diagnostics.
135 (exploded_node::dump_saved_diagnostics): Drop param. Iterate
136 directly through all saved diagnostics for the enode, rather
137 than all saved diagnostics in the diagnostic_manager and
138 filtering.
139 (exploded_node::on_stmt): Make non-const.
140 (exploded_node::on_edge): Likewise.
141 (exploded_node::on_longjmp): Likewise.
142 (exploded_node::detect_leaks): Likewise.
143 (exploded_graph::get_or_create_node): Make enode_for_diag param
144 non-const.
145 (exploded_graph_annotator::print_enode): Iterate
146 directly through all saved diagnostics for the enode, rather
147 than all saved diagnostics in the diagnostic_manager and
148 filtering.
149 * exploded-graph.h
150 (impl_region_model_context::impl_region_model_context): Make
151 enode_for_diag param non-constant.
152 (impl_region_model_context::m_enode_for_diag): Likewise.
153 (exploded_node::dump_saved_diagnostics): Drop param.
154 (exploded_node::on_stmt): Make non-const.
155 (exploded_node::on_edge): Likewise.
156 (exploded_node::on_longjmp): Likewise.
157 (exploded_node::detect_leaks): Likewise.
158 (exploded_node::add_diagnostic): New.
159 (exploded_node::get_num_diagnostics): New.
160 (exploded_node::get_saved_diagnostic): New.
161 (exploded_node::m_saved_diagnostics): New.
162 (exploded_graph::get_or_create_node): Make enode_for_diag param
163 non-constant.
164 * feasible-graph.cc (feasible_node::dump_dot): Drop
165 diagnostic_manager from call to dump_saved_diagnostics.
166 * program-state.cc (program_state::on_edge): Convert enode param
167 to non-const pointer.
168 (program_state::prune_for_point): Likewise for enode_for_diag
169 param.
170 * program-state.h (program_state::on_edge): Convert enode param
171 to non-const pointer.
172 (program_state::prune_for_point): Likewise for enode_for_diag
173 param.
174
95d217ab
GA		 1752021-03-31 David Malcolm <dmalcolm@redhat.com>
176
177 PR analyzer/99771
178 * analyzer.cc (maybe_reconstruct_from_def_stmt): New.
179 (fixup_tree_for_diagnostic_1): New.
180 (fixup_tree_for_diagnostic): New.
181 * analyzer.h (fixup_tree_for_diagnostic): New decl.
182 * checker-path.cc (call_event::get_desc): Call
183 fixup_tree_for_diagnostic and use it for the call_with_state call.
184 (warning_event::get_desc): Likewise for the final_event and
185 make_label_text calls.
186 * engine.cc (impl_region_model_context::on_state_leak): Likewise
187 for the on_leak and add_diagnostic calls.
188 * region-model.cc (region_model::get_representative_tree):
189 Likewise for the result.
190
08d2edae
GA		 1912021-03-30 David Malcolm <dmalcolm@redhat.com>
192
193 * region.h (region::dump_to_pp): Remove old decl.
194
1952021-03-30 David Malcolm <dmalcolm@redhat.com>
196
197 * sm-file.cc (fileptr_state_machine::on_stmt): Only call
198 get_diagnostic_tree if the result will be used.
199 * sm-malloc.cc (malloc_state_machine::on_stmt): Likewise.
200 (malloc_state_machine::on_deallocator_call): Likewise.
201 (malloc_state_machine::on_realloc_call): Likewise.
202 (malloc_state_machine::on_realloc_call): Likewise.
203 * sm-sensitive.cc
204 (sensitive_state_machine::warn_for_any_exposure): Likewise.
205 * sm-taint.cc (taint_state_machine::on_stmt): Likewise.
206
4493b1c1
GA		 2072021-03-25 David Malcolm <dmalcolm@redhat.com>
208
209 PR analyzer/93695
210 PR analyzer/99044
211 PR analyzer/99716
212 * engine.cc (exploded_node::on_stmt): Clear sm-state involving
213 an SSA name at the def-stmt of that SSA name.
214 * program-state.cc (sm_state_map::purge_state_involving): New.
215 * program-state.h (sm_state_map::purge_state_involving): New decl.
216 * region-model.cc (selftest::test_involves_p): New.
217 (selftest::analyzer_region_model_cc_tests): Call it.
218 * svalue.cc (class involvement_visitor): New class
219 (svalue::involves_p): New.
220 * svalue.h (svalue::involves_p): New decl.
221
5f256a70
GA		 2222021-03-19 David Malcolm <dmalcolm@redhat.com>
223
224 PR analyzer/99614
225 * diagnostic-manager.cc (class epath_finder): Add
226 DISABLE_COPY_AND_ASSIGN.
227
3c5b6d24
GA		 2282021-03-15 Martin Liska <mliska@suse.cz>
229
230 * sm-file.cc (get_file_using_fns): Add missing comma in initializer.
231
48ff383f
GA		 2322021-03-11 David Malcolm <dmalcolm@redhat.com>
233
234 PR analyzer/96374
235 * analyzer.opt (-param=analyzer-max-infeasible-edges=): New param.
236 (fdump-analyzer-feasibility): New flag.
237 * diagnostic-manager.cc: Include "analyzer/trimmed-graph.h" and
238 "analyzer/feasible-graph.h".
239 (epath_finder::epath_finder): Convert m_sep to a pointer and
240 only create it if !flag_analyzer_feasibility.
241 (epath_finder::~epath_finder): New.
242 (epath_finder::m_sep): Convert to a pointer.
243 (epath_finder::get_best_epath): Add param "diag_idx" and use it
244 when logging. Rather than finding the shortest path and then
245 checking feasibility, instead use explore_feasible_paths unless
246 !flag_analyzer_feasibility, in which case simply use the shortest
247 path, and note if it is infeasible. Update for m_sep becoming a
248 pointer.
249 (class feasible_worklist): New.
250 (epath_finder::explore_feasible_paths): New.
251 (epath_finder::process_worklist_item): New.
252 (class dump_eg_with_shortest_path): New.
253 (epath_finder::dump_trimmed_graph): New.
254 (epath_finder::dump_feasible_graph): New.
255 (saved_diagnostic::saved_diagnostic): Add "idx" param, using it
256 on new field m_idx.
257 (saved_diagnostic::to_json): Dump m_idx.
258 (saved_diagnostic::calc_best_epath): Pass m_idx to get_best_epath.
259 Remove assertion that m_problem was set when m_best_epath is NULL.
260 (diagnostic_manager::add_diagnostic): Pass an index when created
261 saved_diagnostic instances.
262 * diagnostic-manager.h (saved_diagnostic::saved_diagnostic): Add
263 "idx" param.
264 (saved_diagnostic::get_index): New accessor.
265 (saved_diagnostic::m_idx): New field.
266 * engine.cc (exploded_node::dump_dot): Call args.dump_extra_info.
267 Move code to...
268 (exploded_node::dump_processed_stmts): ...this new function and...
269 (exploded_node::dump_saved_diagnostics): ...this new function.
270 Add index of each diagnostic.
271 (exploded_edge::dump_dot): Move bulk of code to...
272 (exploded_edge::dump_dot_label): ...this new function.
273 * exploded-graph.h (eg_traits::dump_args_t::dump_extra_info): New
274 vfunc.
275 (exploded_node::dump_processed_stmts): New decl.
276 (exploded_node::dump_saved_diagnostics): New decl.
277 (exploded_edge::dump_dot_label): New decl.
278 * feasible-graph.cc: New file.
279 * feasible-graph.h: New file.
280 * trimmed-graph.cc: New file.
281 * trimmed-graph.h: New file.
282
2832021-03-11 David Malcolm <dmalcolm@redhat.com>
284
285 * diagnostic-manager.cc (epath_finder::epath_finder):
286 Update shortest_paths init for new param.
287
e9800852
GA		 2882021-03-10 David Malcolm <dmalcolm@redhat.com>
289
290 PR analyzer/96374
291 * engine.cc (exploded_path::feasible_p): Move "snodes_visited" and
292 "model" locals into a new class feasibility_state. Move heart
293 of per-edge processing into
294 feasibility_state::maybe_update_for_edge.
295 (feasibility_state::feasibility_state): New.
296 (feasibility_state::maybe_update_for_edge): New, based on loop
297 body in exploded_path::feasible_p.
298 * exploded-graph.h (class feasibility_state): New.
299
3002021-03-10 David Malcolm <dmalcolm@redhat.com>
301
302 * supergraph.h
303 (callgraph_superedge::dyn_cast_callgraph_superedge): New.
304 (call_superedge::dyn_cast_callgraph_superedge): Delete.
305 (return_superedge::dyn_cast_callgraph_superedge): Delete.
306
d97a92dc
GA		 3072021-03-02 Martin Liska <mliska@suse.cz>
308
309 * diagnostic-manager.cc (diagnostic_manager::emit_saved_diagnostics):
310 Do not pass engine.
311
06a9f20f
GA		 3122021-02-26 David Malcolm <dmalcolm@redhat.com>
313
314 * engine.cc (exploded_path::exploded_path): New copy-ctor.
315 * exploded-graph.h (exploded_path::operator=): Drop decl.
316
3172021-02-26 David Malcolm <dmalcolm@redhat.com>
318
319 PR analyzer/96374
320 * diagnostic-manager.cc (class epath_finder): New.
321 (epath_finder::get_best_epath): New.
322 (saved_diagnostic::saved_diagnostic): Update for replacement of
323 m_state and m_epath_length with m_best_epath.
324 (saved_diagnostic::~saved_diagnostic): Delete m_best_epath.
325 (saved_diagnostic::to_json): Update "path_length" to be optional.
326 (saved_diagnostic::calc_best_epath): New, based on
327 dedupe_winners::add and parts of dedupe_key::dedupe_key.
328 (saved_diagnostic::get_epath_length): New.
329 (saved_diagnostic::add_duplicate): New.
330 (dedupe_key::dedupe_key): Drop epath param. Move invocation of
331 stmt_finder to saved_diagnostic::calc_best_epath.
332 (class dedupe_candidate): Delete.
333 (class dedupe_hash_map_traits): Update to use saved_diagnotic *
334 rather than dedupe_candidate * as the value_type/compare_type.
335 (dedupe_winners::~dedupe_winners): Don't delete the values.
336 (dedupe_winners::add): Convert param from shortest_exploded_paths to
337 epath_finder. Drop "eg" param. Drop dedupe_candidate, moving
338 path generation and feasiblity checking to
339 epath_finder::get_best_epath. Update winner-selection for move
340 of epaths from dedupe_candidate to saved_diagnostic.
341 (dedupe_winners::emit_best): Update for removal of class
342 dedupe_candidate.
343 (dedupe_winners::map_t): Update to use saved_diagnotic * rather
344 than dedupe_candidate * as the value_type/compare_type.
345 (diagnostic_manager::emit_saved_diagnostics): Move
346 shortest_exploded_paths instance into epath_finder and pass that
347 around instead.
348 (diagnostic_manager::emit_saved_diagnostic): Drop epath, stmt
349 and num_dupes params, instead getting these from the
350 saved_diagnostic. Use correct location in inform_n call.
351 * diagnostic-manager.h (class epath_finder): New forward decl.
352 (saved_diagnostic::status): Drop enum.
353 (saved_diagnostic::set_feasible): Drop.
354 (saved_diagnostic::set_infeasible): Drop.
355 (saved_diagnostic::get_status): Drop.
356 (saved_diagnostic::calc_best_epath): New decl.
357 (saved_diagnostic::get_best_epath): New decl.
358 (saved_diagnostic::get_epath_length): New decl.
359 (saved_diagnostic::set_epath_length): Drop.
360 (saved_diagnostic::get_epath_length): Drop inline implementation.
361 (saved_diagnostic::add_duplicate): New.
362 (saved_diagnostic::get_num_dupes): New.
363 (saved_diagnostic::m_d): Document ownership.
364 (saved_diagnostic::m_trailing_eedge): Make const.
365 (saved_diagnostic::m_status): Drop field.
366 (saved_diagnostic::m_epath_length): Drop field.
367 (saved_diagnostic::m_best_epath): New field.
368 (saved_diagnostic::m_problem): Document ownership.
369 (saved_diagnostic::m_duplicates): New field.
370 (diagnostic_manager::emit_saved_diagnostic): Drop params epath,
371 stmt, and num_dupes.
372 * engine.cc (exploded_graph_annotator::print_saved_diagnostic):
373 Update for changes to saved_diagnostic class.
374 * exploded-graph.h (exploded_path::feasible_p): Drop unused
375 overloaded decl.
376
daa68844
GA		 3772021-02-25 David Malcolm <dmalcolm@redhat.com>
378
379 PR analyzer/99193
380 * region-model-impl-calls.cc (region_model::impl_call_realloc): New.
381 * region-model.cc (region_model::on_call_pre): Call it.
382 * region-model.h (region_model::impl_call_realloc): New decl.
383 * sm-malloc.cc (enum wording): Add WORDING_REALLOCATED.
384 (malloc_state_machine::m_realloc): New field.
385 (use_after_free::describe_state_change): Add case for
386 WORDING_REALLOCATED.
387 (use_after_free::describe_final_event): Likewise.
388 (malloc_state_machine::malloc_state_machine): Initialize
389 m_realloc.
390 (malloc_state_machine::on_stmt): Handle realloc by calling...
391 (malloc_state_machine::on_realloc_call): New.
392
2f5765cf
GA		 3932021-02-22 David Malcolm <dmalcolm@redhat.com>
394
395 PR analyzer/99196
396 * engine.cc (exploded_node::on_stmt): Provide terminate_path
397 flag as a way for on_call_pre to terminate the current analysis
398 path.
399 * region-model-impl-calls.cc (call_details::num_args): New.
400 (region_model::impl_call_error): New.
401 * region-model.cc (region_model::on_call_pre): Add param
402 "out_terminate_path". Handle "error" and "error_at_line".
403 * region-model.h (call_details::num_args): New decl.
404 (region_model::on_call_pre): Add param "out_terminate_path".
405 (region_model::impl_call_error): New decl.
406
acc0ee5c
GA		 4072021-02-17 David Malcolm <dmalcolm@redhat.com>
408
409 PR analyzer/98969
410 * constraint-manager.cc (dead_svalue_purger::should_purge_p):
411 Update for change to svalue::live_p.
412 * program-state.cc (sm_state_map::on_liveness_change): Likewise.
413 (program_state::detect_leaks): Likewise.
414 * region-model-reachability.cc (reachable_regions::init_cluster):
415 When dealing with a symbolic region, if the underlying pointer is
416 implicitly live, add the region to the reachable regions.
417 * region-model.cc (region_model::compare_initial_and_pointer):
418 Move logic for detecting initial values of params to
419 initial_svalue::initial_value_of_param_p.
420 * svalue.cc (svalue::live_p): Convert "live_svalues" from a
421 reference to a pointer; support it being NULL.
422 (svalue::implicitly_live_p): Convert first param from a
423 refererence to a pointer.
424 (region_svalue::implicitly_live_p): Likewise.
425 (constant_svalue::implicitly_live_p): Likewise.
426 (initial_svalue::implicitly_live_p): Likewise. Treat the initial
427 values of params for the top level frame as still live.
428 (initial_svalue::initial_value_of_param_p): New function, taken
429 from a test in region_model::compare_initial_and_pointer.
430 (unaryop_svalue::implicitly_live_p): Convert first param from a
431 refererence to a pointer.
432 (binop_svalue::implicitly_live_p): Likewise.
433 (sub_svalue::implicitly_live_p): Likewise.
434 (unmergeable_svalue::implicitly_live_p): Likewise.
435 * svalue.h (svalue::live_p): Likewise.
436 (svalue::implicitly_live_p): Likewise.
437 (region_svalue::implicitly_live_p): Likewise.
438 (constant_svalue::implicitly_live_p): Likewise.
439 (initial_svalue::implicitly_live_p): Likewise.
440 (initial_svalue::initial_value_of_param_p): New decl.
441 (unaryop_svalue::implicitly_live_p): Convert first param from a
442 refererence to a pointer.
443 (binop_svalue::implicitly_live_p): Likewise.
444 (sub_svalue::implicitly_live_p): Likewise.
445 (unmergeable_svalue::implicitly_live_p): Likewise.
446
fab095da
GA		 4472021-02-12 David Malcolm <dmalcolm@redhat.com>
448
449 PR analyzer/98969
450 * engine.cc (readability): Add names for the various arbitrary
451 values. Handle NOP_EXPR and INTEGER_CST.
452 (readability_comparator): Combine the readability tests for
453 tree and stack depth, rather than performing them sequentially.
454 (impl_region_model_context::on_state_leak): Strip off top-level
455 casts.
456 * region-model.cc (region_model::get_representative_path_var): Add
457 type-checking, moving the bulk of the implementation to...
458 (region_model::get_representative_path_var_1): ...here. Respect
459 types in casts by recursing and re-adding the cast, rather than
460 merely stripping them off. Use the correct type when handling
461 region_svalue.
462 (region_model::get_representative_tree): Strip off any top-level
463 cast.
464 (region_model::get_representative_path_var): Add type-checking,
465 moving the bulk of the implementation to...
466 (region_model::get_representative_path_var_1): ...here.
467 * region-model.h (region_model::get_representative_path_var_1):
468 New decl
469 (region_model::get_representative_path_var_1): New decl.
470 * store.cc (append_pathvar_with_type): New.
471 (binding_cluster::get_representative_path_vars): Cast path_vars
472 to the correct type when adding them to *OUT_PVS.
473
0a91b73e
GA		 4742021-02-09 David Malcolm <dmalcolm@redhat.com>
475
476 PR analyzer/98575
477 * sm-file.cc (is_file_using_fn_p): Support "_IO_"-prefixed
478 variants.
479
4802021-02-09 David Malcolm <dmalcolm@redhat.com>
481
482 PR analyzer/98575
483 * store.cc (store::set_value): Treat a pointer written to *UNKNOWN
484 as having escaped.
485
548b75d8
GA		 4862021-02-02 David Malcolm <dmalcolm@redhat.com>
487
488 PR analyzer/93355
489 PR analyzer/96374
490 * engine.cc (toplevel_function_p): Simplify so that
491 we only reject functions with a "__analyzer_" prefix.
492 (add_any_callbacks): Delete.
493 (exploded_graph::build_initial_worklist): Update for
494 dropped param of toplevel_function_p.
495 (exploded_graph::build_initial_worklist): Don't bother
496 looking for callbacks that are reachable from global
497 initializers.
498
f7884fb1
GA		 4992021-02-01 David Malcolm <dmalcolm@redhat.com>
500
501 PR analyzer/98918
502 * region-model-manager.cc
503 (region_model_manager::get_or_create_initial_value):
504 Fold the initial value of *UNKNOWN_PTR to an UNKNOWN value.
505 (region_model_manager::get_field_region): Fold the value
506 of UNKNOWN_PTR->FIELD to *UNKNOWN_PTR_OF_&FIELD_TYPE.
507
2900f2f2
GA		 5082021-01-29 David Malcolm <dmalcolm@redhat.com>
509
510 * checker-path.cc (event_kind_to_string): Handle
511 EK_START_CONSOLIDATED_CFG_EDGES and
512 EK_END_CONSOLIDATED_CFG_EDGES.
513 (start_consolidated_cfg_edges_event::get_desc): New.
514 (checker_path::cfg_edge_pair_at_p): New.
515 * checker-path.h (enum event_kind): Add
516 EK_START_CONSOLIDATED_CFG_EDGES and
517 EK_END_CONSOLIDATED_CFG_EDGES.
518 (class start_consolidated_cfg_edges_event): New class.
519 (class end_consolidated_cfg_edges_event): New class.
520 (checker_path::delete_events): New.
521 (checker_path::replace_event): New.
522 (checker_path::cfg_edge_pair_at_p): New decl.
523 * diagnostic-manager.cc (diagnostic_manager::prune_path): Call
524 consolidate_conditions.
525 (same_line_as_p): New.
526 (diagnostic_manager::consolidate_conditions): New.
527 * diagnostic-manager.h
528 (diagnostic_manager::consolidate_conditions): New decl.
529
ef1f8ee6
GA		 5302021-01-18 David Malcolm <dmalcolm@redhat.com>
531
532 * analyzer.h (is_std_named_call_p): New decl.
533 * diagnostic-manager.cc (path_builder::get_sm): New.
534 (state_change_event_creator::state_change_event_creator): Add "pb"
535 param.
536 (state_change_event_creator::on_global_state_change): Don't consider
537 state changes affecting other state_machines.
538 (state_change_event_creator::on_state_change): Likewise.
539 (state_change_event_creator::m_pb): New field.
540 (diagnostic_manager::add_events_for_eedge): Pass pb to visitor
541 ctor.
542 * region-model-impl-calls.cc
543 (region_model::impl_deallocation_call): New.
544 * region-model.cc: Include "attribs.h".
545 (region_model::on_call_post): Handle fndecls referenced by
546 __attribute__((deallocated_by(FOO))).
547 * region-model.h (region_model::impl_deallocation_call): New decl.
548 * sm-malloc.cc: Include "stringpool.h" and "attribs.h". Add
549 leading comment.
550 (class api): Delete.
551 (enum resource_state): Update comment for change from api to
552 deallocator and deallocator_set.
553 (allocation_state::allocation_state): Drop api param. Add
554 "deallocators" and "deallocator".
555 (allocation_state::m_api): Drop field in favor of...
556 (allocation_state::m_deallocators): New field.
557 (allocation_state::m_deallocator): New field.
558 (enum wording): Add WORDING_DEALLOCATED.
559 (struct deallocator): New.
560 (struct standard_deallocator): New.
561 (struct custom_deallocator): New.
562 (struct deallocator_set): New.
563 (struct custom_deallocator_set): New.
564 (struct standard_deallocator_set): New.
565 (struct deallocator_set_map_traits): New.
566 (malloc_state_machine::m_malloc): Drop field
567 (malloc_state_machine::m_scalar_new): Likewise.
568 (malloc_state_machine::m_vector_new): Likewise.
569 (malloc_state_machine::m_free): New field
570 (malloc_state_machine::m_scalar_delete): Likewise.
571 (malloc_state_machine::m_vector_delete): Likewise.
572 (malloc_state_machine::deallocator_map_t): New typedef.
573 (malloc_state_machine::m_deallocator_map): New field.
574 (malloc_state_machine::deallocator_set_cache_t): New typedef.
575 (malloc_state_machine::m_custom_deallocator_set_cache): New field.
576 (malloc_state_machine::custom_deallocator_set_map_t): New typedef.
577 (malloc_state_machine::m_custom_deallocator_set_map): New field.
578 (malloc_state_machine::m_dynamic_sets): New field.
579 (malloc_state_machine::m_dynamic_deallocators): New field.
580 (api::api): Delete.
581 (deallocator::deallocator): New ctor.
582 (deallocator::hash): New.
583 (deallocator::dump_to_pp): New.
584 (deallocator::cmp): New.
585 (deallocator::cmp_ptr_ptr): New.
586 (standard_deallocator::standard_deallocator): New ctor.
587 (deallocator_set::deallocator_set): New ctor.
588 (deallocator_set::dump): New.
589 (custom_deallocator_set::custom_deallocator_set): New ctor.
590 (custom_deallocator_set::contains_p): New.
591 (custom_deallocator_set::maybe_get_single): New.
592 (custom_deallocator_set::dump_to_pp): New.
593 (standard_deallocator_set::standard_deallocator_set): New ctor.
594 (standard_deallocator_set::contains_p): New.
595 (standard_deallocator_set::maybe_get_single): New.
596 (standard_deallocator_set::dump_to_pp): New.
597 (start_p): New.
598 (class mismatching_deallocation): Update for conversion from api
599 to deallocator_set and deallocator.
600 (double_free::emit): Use %qs.
601 (class use_after_free): Update for conversion from api to
602 deallocator_set and deallocator.
603 (malloc_leak::describe_state_change): Only emit "allocated here" on
604 a start->nonnull transition, rather than on other transitions to
605 nonnull.
606 (allocation_state::dump_to_pp): Update for conversion from api to
607 deallocator_set.
608 (allocation_state::get_nonnull): Likewise.
609 (malloc_state_machine::malloc_state_machine): Likewise.
610 (malloc_state_machine::~malloc_state_machine): New.
611 (malloc_state_machine::add_state): Update for conversion from api
612 to deallocator_set.
613 (malloc_state_machine::get_or_create_custom_deallocator_set): New.
614 (malloc_state_machine::maybe_create_custom_deallocator_set): New.
615 (malloc_state_machine::get_or_create_deallocator): New.
616 (malloc_state_machine::on_stmt): Update for conversion from api
617 to deallocator_set. Handle "__attribute__((malloc(FOO)))", and
618 the special attribute set on FOO.
619 (malloc_state_machine::on_allocator_call): Update for conversion
620 from api to deallocator_set. Add "returns_nonnull" param and use
621 it to affect which state to transition to.
622 (malloc_state_machine::on_deallocator_call): Update for conversion
623 from api to deallocator_set.
624
5fff80fd
GA		 6252021-01-14 David Malcolm <dmalcolm@redhat.com>
626
627 * engine.cc (strongly_connected_components::to_json): New.
628 (worklist::to_json): New.
629 (exploded_graph::to_json): JSON-ify the worklist.
630 * exploded-graph.h (strongly_connected_components::to_json): New
631 decl.
632 (worklist::to_json): New decl.
633 * store.cc (store::to_json): Fix comment.
634 * supergraph.cc (supernode::to_json): Fix reference to
635 "returning_call" in comment. Add optional "fun" to JSON.
636 (edge_kind_to_string): New.
637 (superedge::to_json): Add "kind" to JSON.
638
6392021-01-14 David Malcolm <dmalcolm@redhat.com>
640
641 PR analyzer/98679
642 * analyzer.h (region_offset::operator==): Make const.
643 * pending-diagnostic.h (pending_diagnostic::equal_p): Likewise.
644 * store.h (binding_cluster::for_each_value): Likewise.
645 (binding_cluster::for_each_binding): Likewise.
646
6851dda2
GA		 6472021-01-12 David Malcolm <dmalcolm@redhat.com>
648
649 PR analyzer/98628
650 * store.cc (binding_cluster::make_unknown_relative_to): Don't mark
651 dereferenced unknown pointers as having escaped.
652
7d187e4f
GA		 6532021-01-07 David Malcolm <dmalcolm@redhat.com>
654
655 PR analyzer/98580
656 * region.cc (decl_region::get_svalue_for_initializer): Gracefully
657 handle when LTO writes out DECL_INITIAL as error_mark_node.
658
6592021-01-07 David Malcolm <dmalcolm@redhat.com>
660
661 PR analyzer/97074
662 * store.cc (binding_cluster::can_merge_p): Add "out_store" param
663 and pass to calls to binding_cluster::make_unknown_relative_to.
664 (binding_cluster::make_unknown_relative_to): Add "out_store"
665 param. Use it to mark base regions that are pointed to by
666 pointers that become unknown as having escaped.
667 (store::can_merge_p): Pass out_store to
668 binding_cluster::can_merge_p.
669 * store.h (binding_cluster::can_merge_p): Add "out_store" param.
670 (binding_cluster::make_unknown_relative_to): Likewise.
671 * svalue.cc (region_svalue::implicitly_live_p): New vfunc.
672 * svalue.h (region_svalue::implicitly_live_p): New vfunc decl.
673
6742021-01-07 David Malcolm <dmalcolm@redhat.com>
675
676 PR analyzer/98564
677 * engine.cc (exploded_path::feasible_p): Add missing call to
678 bitmap_clear.
679
942ae5be
GA		 6802021-01-06 David Malcolm <dmalcolm@redhat.com>
681
682 PR analyzer/97072
683 * region-model-reachability.cc (reachable_regions::init_cluster):
684 Convert symbolic region handling to a switch statement. Add cases
685 to handle SK_UNKNOWN and SK_CONJURED.
686
651b8a50
GA		 6872021-01-05 David Malcolm <dmalcolm@redhat.com>
688
689 PR analyzer/98293
690 * store.cc (binding_map::apply_ctor_to_region): When "index" is
691 NULL, iterate through the fields for RECORD_TYPEs, rather than
692 creating an INTEGER_CST index.
693
94358e47
GA		 6942020-11-30 David Malcolm <dmalcolm@redhat.com>
695
696 * analyzer-pass.cc: Include "analyzer/analyzer.h" for the
697 declaration of sorry_no_analyzer; include "tree.h" and
698 "function.h" as these are needed by it.
699
7002020-11-30 David Malcolm <dmalcolm@redhat.com>
701
702 * analyzer-pass.cc (pass_analyzer::execute): Move sorry call to...
703 (sorry_no_analyzer): New.
704 * analyzer.h (class state_machine): New forward decl.
705 (class logger): New forward decl.
706 (class plugin_analyzer_init_iface): New.
707 (sorry_no_analyzer): New decl.
708 * checker-path.cc (checker_path::fixup_locations): New.
709 * checker-path.h (checker_event::set_location): New.
710 (checker_path::fixup_locations): New decl.
711 * diagnostic-manager.cc
712 (diagnostic_manager::emit_saved_diagnostic): Call
713 checker_path::fixup_locations, and call fixup_location
714 on the primary location.
715 * engine.cc: Include "plugin.h".
716 (class plugin_analyzer_init_impl): New.
717 (impl_run_checkers): Invoke PLUGIN_ANALYZER_INIT callbacks.
718 * pending-diagnostic.h (pending_diagnostic::fixup_location): New
719 vfunc.
720
25bb75f8
GA		 7212020-11-18 David Malcolm <dmalcolm@redhat.com>
722
723 PR analyzer/97893
724 * sm-malloc.cc (null_deref::emit): Use CWE-476 rather than
725 CWE-690, as this isn't due to an unchecked return value.
726 (null_arg::emit): Likewise.
727
a5a11525
GA		 7282020-11-12 David Malcolm <dmalcolm@redhat.com>
729
730 * checker-path.h (checker_event::get_id_ptr): New.
731 * diagnostic-manager.cc (path_builder::path_builder): Add "sd"
732 param and use it to initialize new field "m_sd".
733 (path_builder::get_pending_diagnostic): New.
734 (path_builder::m_sd): New field.
735 (diagnostic_manager::emit_saved_diagnostic): Pass sd to
736 path_builder ctor.
737 (diagnostic_manager::add_events_for_superedge): Call new
738 maybe_add_custom_events_for_superedge vfunc.
739 * engine.cc (stale_jmp_buf::stale_jmp_buf): Add "setjmp_point"
740 param and use it to initialize new field "m_setjmp_point".
741 Initialize new field "m_stack_pop_event".
742 (stale_jmp_buf::maybe_add_custom_events_for_superedge): New vfunc
743 implementation.
744 (stale_jmp_buf::describe_final_event): New vfunc implementation.
745 (stale_jmp_buf::m_setjmp_point): New field.
746 (stale_jmp_buf::m_stack_pop_event): New field.
747 (exploded_node::on_longjmp): Pass setjmp_point to stale_jmp_buf
748 ctor.
749 * pending-diagnostic.h
750 (pending_diagnostic::maybe_add_custom_events_for_superedge): New
751 vfunc.
752
7532020-11-12 David Malcolm <dmalcolm@redhat.com>
754
755 PR tree-optimization/97424
756 * analyzer.opt (Wanalyzer-shift-count-negative): New.
757 (Wanalyzer-shift-count-overflow): New.
758 * region-model.cc (class shift_count_negative_diagnostic): New.
759 (class shift_count_overflow_diagnostic): New.
760 (region_model::get_gassign_result): Complain about shift counts that
761 are negative or are >= the operand's type's width.
762
bb622641
GA		 7632020-11-10 Martin Liska <mliska@suse.cz>
764
765 * constraint-manager.cc (constraint_manager::merge): Remove
766 unused code.
767 * constraint-manager.h: Likewise.
768 * program-state.cc (sm_state_map::sm_state_map): Likewise.
769 (program_state::program_state): Likewise.
770 (test_sm_state_map): Likewise.
771 * program-state.h: Likewise.
772 * region-model-reachability.cc (reachable_regions::reachable_regions): Likewise.
773 * region-model-reachability.h: Likewise.
774 * region-model.cc (region_model::handle_unrecognized_call): Likewise.
775 (region_model::get_reachable_svalues): Likewise.
776 (region_model::can_merge_with_p): Likewise.
777
0cfd9109
GA		 7782020-11-05 David Malcolm <dmalcolm@redhat.com>
779
780 PR analyzer/97668
781 * svalue.cc (cmp_cst): Handle COMPLEX_CST.
782
e93aae4a
GA		 7832020-10-29 David Malcolm <dmalcolm@redhat.com>
784
785 * program-state.cc (sm_state_map::on_liveness_change): Sort the
786 leaking svalues before calling on_state_leak.
787 (program_state::detect_leaks): Likewise when calling
788 on_svalue_leak.
789 * region-model-reachability.cc
790 (reachable_regions::mark_escaped_clusters): Likewise when
791 calling on_escaped_function.
792
7932020-10-29 David Malcolm <dmalcolm@redhat.com>
794
795 PR analyzer/97608
796 * region-model-reachability.cc (reachable_regions::handle_sval):
797 Operands of reachable reversible operations are reachable.
798
7992020-10-29 David Malcolm <dmalcolm@redhat.com>
800
801 * analyzer.h (class state_machine): New forward decl.
802 (class logger): Likewise.
803 (class visitor): Likewise.
804 * complexity.cc: New file, taken from svalue.cc.
805 * complexity.h: New file, taken from region-model.h.
806 * region-model.h: Include "analyzer/svalue.h" and
807 "analyzer/region.h". Move struct complexity to complexity.h.
808 Move svalue, its subclasses and supporting decls to svalue.h.
809 Move region, its subclasses and supporting decls to region.h.
810 * region.cc: Include "analyzer/region.h".
811 (symbolic_region::symbolic_region): Move here from region-model.h.
812 * region.h: New file, based on material from region-model.h.
813 * svalue.cc: Include "analyzer/svalue.h".
814 (complexity::complexity): Move to complexity.cc.
815 (complexity::from_pair): Likewise.
816 * svalue.h: New file, based on material from region-model.h.
817
8182020-10-29 David Malcolm <dmalcolm@redhat.com>
819
820 * program-state.cc (sm_state_map::print): Guard the printing of
821 the origin pointer with !flag_dump_noaddr.
822 * region.cc (string_region::dump_to_pp): Likewise for
823 m_string_cst.
824
89bb01e7
GA		 8252020-10-27 David Malcolm <dmalcolm@redhat.com>
826
827 PR analyzer/97568
828 * region-model.cc (region_model::get_initial_value_for_global):
829 Move check that !DECL_EXTERNAL from here to...
830 * region.cc (decl_region::get_svalue_for_initializer): ...here,
831 using it to reject zero initialization.
832
8332020-10-27 Markus Böck <markus.boeck02@gmail.com>
834
835 PR analyzer/96608
836 * store.h (hash): Cast to intptr_t instead of long
837
8382020-10-27 David Malcolm <dmalcolm@redhat.com>
839
840 * constraint-manager.cc (svalue_cmp_by_ptr): Delete.
841 (equiv_class::canonicalize): Use svalue::cmp_ptr_ptr instead.
842 (equiv_class_cmp): Eliminate pointer comparison.
843 * diagnostic-manager.cc (dedupe_key::comparator): If they are at
844 the same location, also compare epath ength and pending_diagnostic
845 kind.
846 * engine.cc (readability_comparator): If two path_vars have the
847 same readability, then impose an arbitrary ordering on them.
848 (worklist::key_t::cmp): If two points have the same plan ordering,
849 continue the comparison. Call sm_state_map::cmp rather than
850 comparing hash values.
851 * program-state.cc (sm_state_map::entry_t::cmp): New.
852 (sm_state_map::cmp): New.
853 * program-state.h (sm_state_map::entry_t::cmp): New decl.
854 (sm_state_map::elements): New.
855 (sm_state_map::cmp): New.
856
8572020-10-27 David Malcolm <dmalcolm@redhat.com>
858
859 * engine.cc (setjmp_record::cmp): New.
860 (supernode_cluster::dump_dot): Avoid embedding pointer in cluster
861 name.
862 (supernode_cluster::cmp_ptr_ptr): New.
863 (function_call_string_cluster::dump_dot): Avoid embedding pointer
864 in cluster name. Sort m_map when dumping child clusters.
865 (function_call_string_cluster::cmp_ptr_ptr): New.
866 (root_cluster::dump_dot): Sort m_map when dumping child clusters.
867 * program-point.cc (function_point::cmp): New.
868 (function_point::cmp_ptr): New.
869 * program-point.h (function_point::cmp): New decl.
870 (function_point::cmp_ptr): New decl.
871 * program-state.cc (sm_state_map::print): Sort the values. Guard
872 the printing of pointers with !flag_dump_noaddr.
873 (program_state::prune_for_point): Sort the regions.
874 (log_set_of_svalues): Sort the values. Guard the printing of
875 pointers with !flag_dump_noaddr.
876 * region-model-manager.cc (log_uniq_map): Sort the values.
877 * region-model-reachability.cc (dump_set): New function template.
878 (reachable_regions::dump_to_pp): Use it.
879 * region-model.h (svalue::cmp_ptr): New decl.
880 (svalue::cmp_ptr_ptr): New decl.
881 (setjmp_record::cmp): New decl.
882 (placeholder_svalue::get_name): New accessor.
883 (widening_svalue::get_point): New accessor.
884 (compound_svalue::get_map): New accessor.
885 (conjured_svalue::get_stmt): New accessor.
886 (conjured_svalue::get_id_region): New accessor.
887 (region::cmp_ptrs): Rename to...
888 (region::cmp_ptr_ptr): ...this.
889 * region.cc (region::cmp_ptrs): Rename to...
890 (region::cmp_ptr_ptr): ...this.
891 * state-purge.cc
892 (state_purge_per_ssa_name::state_purge_per_ssa_name): Sort
893 m_points_needing_name when dumping.
894 * store.cc (concrete_binding::cmp_ptr_ptr): New.
895 (symbolic_binding::cmp_ptr_ptr): New.
896 (binding_map::cmp): New.
897 (get_sorted_parent_regions): Update for renaming of
898 region::cmp_ptrs to region::cmp_ptr_ptr.
899 (store::dump_to_pp): Likewise.
900 (store::to_json): Likewise.
901 (store::can_merge_p): Sort the base regions before considering
902 them.
903 * store.h (concrete_binding::cmp_ptr_ptr): New decl.
904 (symbolic_binding::cmp_ptr_ptr): New decl.
905 (binding_map::cmp): New decl.
906 * supergraph.cc (supergraph::supergraph): Assign UIDs to the
907 gimple stmts.
908 * svalue.cc (cmp_cst): New.
909 (svalue::cmp_ptr): New.
910 (svalue::cmp_ptr_ptr): New.
911
9122020-10-27 David Malcolm <dmalcolm@redhat.com>
913
914 * engine.cc (exploded_graph::get_or_create_node): Fix off-by-one
915 when imposing param_analyzer_max_enodes_per_program_point limit.
916
9172020-10-27 David Malcolm <dmalcolm@redhat.com>
918
919 * region-model.cc (region_model::get_representative_path_var):
920 Implement case RK_LABEL.
921 * region-model.h (label_region::get_label): New accessor.
922
43868df3
GA		 9232020-10-22 David Malcolm <dmalcolm@redhat.com>
924
925 PR analyzer/97514
926 * engine.cc (exploded_graph::add_function_entry): Handle failure
927 to create an enode, rather than asserting.
928
9292020-10-22 David Malcolm <dmalcolm@redhat.com>
930
931 PR analyzer/97489
932 * engine.cc (exploded_graph::add_function_entry): Assert that we
933 have a function body.
934 (exploded_graph::on_escaped_function): Reject fndecls that don't
935 have a function body.
936
b2698c21
GA		 9372020-10-14 David Malcolm <dmalcolm@redhat.com>
938
939 PR analyzer/93388
940 * region-model.cc (region_model::get_initial_value_for_global):
941 Fall back to returning an initial_svalue if
942 decl_region::get_svalue_for_initializer fails.
943 * region.cc (decl_region::get_svalue_for_initializer): Don't
944 attempt to create a compound_svalue if the region has an unknown
945 size.
946
9472020-10-14 David Malcolm <dmalcolm@redhat.com>
948
949 PR analyzer/93723
950 * store.cc (binding_map::apply_ctor_to_region): Remove redundant
951 assertion.
952
8be127ca
GA		 9532020-10-12 David Malcolm <dmalcolm@redhat.com>
954
955 PR analyzer/97258
956 * engine.cc (impl_region_model_context::on_escaped_function): New
957 vfunc.
958 (exploded_graph::add_function_entry): Use m_functions_with_enodes
959 to implement idempotency.
960 (add_any_callbacks): New.
961 (exploded_graph::build_initial_worklist): Use the above to find
962 callbacks that are reachable from global initializers.
963 (exploded_graph::on_escaped_function): New.
964 * exploded-graph.h
965 (impl_region_model_context::on_escaped_function): New decl.
966 (exploded_graph::on_escaped_function): New decl.
967 (exploded_graph::m_functions_with_enodes): New field.
968 * region-model-reachability.cc
969 (reachable_regions::reachable_regions): Replace "store" param with
970 "model" param; use it to initialize m_model.
971 (reachable_regions::add): When getting the svalue for the region,
972 call get_store_value on the model rather than using an initial
973 value.
974 (reachable_regions::mark_escaped_clusters): Add ctxt param and
975 use it to call on_escaped_function when a function_region escapes.
976 * region-model-reachability.h
977 (reachable_regions::reachable_regions): Replace "store" param with
978 "model" param.
979 (reachable_regions::mark_escaped_clusters): Add ctxt param.
980 (reachable_regions::m_model): New field.
981 * region-model.cc (region_model::handle_unrecognized_call): Update
982 for change in reachable_regions ctor.
983 (region_model::handle_unrecognized_call): Pass ctxt to
984 mark_escaped_clusters.
985 (region_model::get_reachable_svalues): Update for change in
986 reachable_regions ctor.
987 (region_model::get_initial_value_for_global): Read-only variables
988 keep their initial values.
989 * region-model.h (region_model_context::on_escaped_function): New
990 vfunc.
991 (noop_region_model_context::on_escaped_function): New.
992
9932020-10-12 David Malcolm <dmalcolm@redhat.com>
994
995 * analyzer.opt (Wanalyzer-write-to-const): New.
996 (Wanalyzer-write-to-string-literal): New.
997 * region-model-impl-calls.cc (region_model::impl_call_memcpy):
998 Call check_for_writable_region.
999 (region_model::impl_call_memset): Likewise.
1000 (region_model::impl_call_strcpy): Likewise.
1001 * region-model.cc (class write_to_const_diagnostic): New.
1002 (class write_to_string_literal_diagnostic): New.
1003 (region_model::check_for_writable_region): New.
1004 (region_model::set_value): Call check_for_writable_region.
1005 * region-model.h (region_model::check_for_writable_region): New
1006 decl.
1007
6caec77e
GA		 10082020-10-07 David Malcolm <dmalcolm@redhat.com>
1009
1010 PR analyzer/97116
1011 * sm-malloc.cc (method_p): New.
1012 (describe_argument_index): New.
1013 (inform_nonnull_attribute): Use describe_argument_index.
1014 (possible_null_arg::describe_final_event): Likewise.
1015 (null_arg::describe_final_event): Likewise.
1016
93bca37c
GA		 10172020-09-29 David Malcolm <dmalcolm@redhat.com>
1018
1019 PR analyzer/95188
1020 * engine.cc (stmt_requires_new_enode_p): Split enodes before
1021 "signal" calls.
1022
10232020-09-29 David Malcolm <dmalcolm@redhat.com>
1024
1025 * constraint-manager.cc
1026 (constraint_manager::add_constraint_internal): Whitespace fixes.
1027 Silence -Wsign-compare warning.
1028 * engine.cc (maybe_process_run_of_before_supernode_enodes):
1029 Silence -Wsign-compare warning.
1030
e84761c6
GA		 10312020-09-28 David Malcolm <dmalcolm@redhat.com>
1032
1033 * region-model.h (binop_svalue::dyn_cast_binop_svalue): Remove
1034 redundant "virtual". Add FINAL OVERRIDE.
1035 (widening_svalue::dyn_cast_widening_svalue): Add FINAL OVERRIDE.
1036 (compound_svalue::dyn_cast_compound_svalue): Likewise.
1037 (conjured_svalue::dyn_cast_conjured_svalue): Likewise.
1038
10392020-09-28 David Malcolm <dmalcolm@redhat.com>
1040
1041 * diagnostic-manager.cc (null_assignment_sm_context::m_visitor):
1042 Remove unused field.
1043
10442020-09-28 David Malcolm <dmalcolm@redhat.com>
1045
1046 PR analyzer/97233
1047 * analyzer.cc (is_longjmp_call_p): Require the initial argument
1048 to be a pointer.
1049 * engine.cc (exploded_node::on_longjmp): Likewise.
1050
10512020-09-28 David Malcolm <dmalcolm@redhat.com>
1052
1053 * program-state.cc (sm_state_map::print): Update check
1054 for m_global_state being the start state.
1055
91dd4a38
GA		 10562020-09-26 David Malcolm <dmalcolm@redhat.com>
1057
1058 PR analyzer/96646
1059 PR analyzer/96841
1060 * region-model.cc (region_model::get_representative_path_var):
1061 When handling offset_region, wrap the MEM_REF's first argument in
1062 an ADDR_EXPR of pointer type, rather than simply using the tree
1063 for the parent region. Require the MEM_REF's second argument to
1064 be an integer constant.
1065
a2b7397b
GA		 10662020-09-24 David Malcolm <dmalcolm@redhat.com>
1067
1068 * analyzer.h (struct rejected_constraint): New decl.
1069 * analyzer.opt (fanalyzer-feasibility): New option.
1070 * diagnostic-manager.cc (path_builder::path_builder): Add
1071 "problem" param and use it to initialize new field.
1072 (path_builder::get_feasibility_problem): New accessor.
1073 (path_builder::m_feasibility_problem): New field.
1074 (dedupe_winners::add): Remove inversion of logic in "if" clause,
1075 swapping if/else suites. In the !feasible_p suite, inspect
1076 flag_analyzer_feasibility and add code to handle when this
1077 is off, accepting the infeasible path, but recording the
1078 feasibility_problem.
1079 (diagnostic_manager::emit_saved_diagnostic): Pass the
1080 feasibility_problem to the path_builder.
1081 (diagnostic_manager::add_events_for_eedge): If we have
1082 a feasibility_problem at this edge, use it to add a custom event.
1083 * engine.cc (exploded_path::feasible_p): Pass a
1084 rejected_constraint ** to model.maybe_update_for_edge and transfer
1085 ownership of any created instance to any feasibility_problem.
1086 (feasibility_problem::dump_to_pp): New.
1087 * exploded-graph.h (feasibility_problem::feasibility_problem):
1088 Drop "model" param; add rejected_constraint * param.
1089 (feasibility_problem::~feasibility_problem): New.
1090 (feasibility_problem::dump_to_pp): New decl.
1091 (feasibility_problem::m_model): Drop field.
1092 (feasibility_problem::m_rc): New field.
1093 * program-point.cc (function_point::get_location): Handle
1094 PK_BEFORE_SUPERNODE and PK_AFTER_SUPERNODE.
1095 * program-state.cc (program_state::on_edge): Pass NULL to new
1096 param of region_model::maybe_update_for_edge.
1097 * region-model.cc (region_model::add_constraint): New overload
1098 adding a rejected_constraint ** param.
1099 (region_model::maybe_update_for_edge): Add rejected_constraint **
1100 param and pass it to the various apply_constraints_for_ calls.
1101 (region_model::apply_constraints_for_gcond): Add
1102 rejected_constraint ** param and pass it to add_constraint calls.
1103 (region_model::apply_constraints_for_gswitch): Likewise.
1104 (region_model::apply_constraints_for_exception): Likewise.
1105 (rejected_constraint::dump_to_pp): New.
1106 * region-model.h (region_model::maybe_update_for_edge):
1107 Add rejected_constraint ** param.
1108 (region_model::add_constraint): New overload adding a
1109 rejected_constraint ** param.
1110 (region_model::apply_constraints_for_gcond): Add
1111 rejected_constraint ** param.
1112 (region_model::apply_constraints_for_gswitch): Likewise.
1113 (region_model::apply_constraints_for_exception): Likewise.
1114 (struct rejected_constraint): New.
1115
82b77dee
GA		 11162020-09-23 David Malcolm <dmalcolm@redhat.com>
1117
1118 PR analyzer/97178
1119 * engine.cc (impl_run_checkers): Update for change to ext_state
1120 ctor.
1121 * program-state.cc (selftest::test_sm_state_map): Pass an engine
1122 instance to ext_state ctor.
1123 (selftest::test_program_state_1): Likewise.
1124 (selftest::test_program_state_2): Likewise.
1125 (selftest::test_program_state_merging): Likewise.
1126 (selftest::test_program_state_merging_2): Likewise.
1127 * program-state.h (extrinsic_state::extrinsic_state): Remove NULL
1128 default value for "eng" param.
1129
11302020-09-23 Tobias Burnus <tobias@codesourcery.com>
1131
1132 * analyzer-logging.cc: Guard '#pragma ... ignored "-Wformat-diag"'
1133 by '#if __GNUC__ >= 10'
1134 * analyzer.h: Likewise.
1135 * call-string.cc: Likewise.
1136
11372020-09-23 David Malcolm <dmalcolm@redhat.com>
1138
1139 * engine.cc (exploded_node::on_stmt): Replace sequence of dyn_cast
1140 with switch.
1141
521d2711
GA		 11422020-09-22 David Malcolm <dmalcolm@redhat.com>
1143
1144 * analysis-plan.cc: Include "json.h".
1145 * analyzer.opt (fdump-analyzer-json): New.
1146 * call-string.cc: Include "json.h".
1147 (call_string::to_json): New.
1148 * call-string.h (call_string::to_json): New decl.
1149 * checker-path.cc: Include "json.h".
1150 * constraint-manager.cc: Include "json.h".
1151 (equiv_class::to_json): New.
1152 (constraint::to_json): New.
1153 (constraint_manager::to_json): New.
1154 * constraint-manager.h (equiv_class::to_json): New decl.
1155 (constraint::to_json): New decl.
1156 (constraint_manager::to_json): New decl.
1157 * diagnostic-manager.cc: Include "json.h".
1158 (saved_diagnostic::to_json): New.
1159 (diagnostic_manager::to_json): New.
1160 * diagnostic-manager.h (saved_diagnostic::to_json): New decl.
1161 (diagnostic_manager::to_json): New decl.
1162 * engine.cc: Include "json.h", <zlib.h>.
1163 (exploded_node::status_to_str): New.
1164 (exploded_node::to_json): New.
1165 (exploded_edge::to_json): New.
1166 (exploded_graph::to_json): New.
1167 (dump_analyzer_json): New.
1168 (impl_run_checkers): Call it.
1169 * exploded-graph.h (exploded_node::status_to_str): New decl.
1170 (exploded_node::to_json): New.
1171 (exploded_edge::to_json): New.
1172 (exploded_graph::to_json): New.
1173 * pending-diagnostic.cc: Include "json.h".
1174 * program-point.cc: Include "json.h".
1175 (program_point::to_json): New.
1176 * program-point.h (program_point::to_json): New decl.
1177 * program-state.cc: Include "json.h".
1178 (extrinsic_state::to_json): New.
1179 (sm_state_map::to_json): New.
1180 (program_state::to_json): New.
1181 * program-state.h (extrinsic_state::to_json): New decl.
1182 (sm_state_map::to_json): New decl.
1183 (program_state::to_json): New decl.
1184 * region-model-impl-calls.cc: Include "json.h".
1185 * region-model-manager.cc: Include "json.h".
1186 * region-model-reachability.cc: Include "json.h".
1187 * region-model.cc: Include "json.h".
1188 * region-model.h (svalue::to_json): New decl.
1189 (region::to_json): New decl.
1190 * region.cc: Include "json.h".
1191 (region::to_json: New.
1192 * sm-file.cc: Include "json.h".
1193 * sm-malloc.cc: Include "json.h".
1194 * sm-pattern-test.cc: Include "json.h".
1195 * sm-sensitive.cc: Include "json.h".
1196 * sm-signal.cc: Include "json.h".
1197 (signal_delivery_edge_info_t::to_json): New.
1198 * sm-taint.cc: Include "json.h".
1199 * sm.cc: Include "diagnostic.h", "tree-diagnostic.h", and
1200 "json.h".
1201 (state_machine::state::to_json): New.
1202 (state_machine::to_json): New.
1203 * sm.h (state_machine::state::to_json): New.
1204 (state_machine::to_json): New.
1205 * state-purge.cc: Include "json.h".
1206 * store.cc: Include "json.h".
1207 (binding_key::get_desc): New.
1208 (binding_map::to_json): New.
1209 (binding_cluster::to_json): New.
1210 (store::to_json): New.
1211 * store.h (binding_key::get_desc): New decl.
1212 (binding_map::to_json): New decl.
1213 (binding_cluster::to_json): New decl.
1214 (store::to_json): New decl.
1215 * supergraph.cc: Include "json.h".
1216 (supergraph::to_json): New.
1217 (supernode::to_json): New.
1218 (superedge::to_json): New.
1219 * supergraph.h (supergraph::to_json): New decl.
1220 (supernode::to_json): New decl.
1221 (superedge::to_json): New decl.
1222 * svalue.cc: Include "json.h".
1223 (svalue::to_json): New.
1224
44135373
GA		 12252020-09-21 David Malcolm <dmalcolm@redhat.com>
1226
1227 PR analyzer/97130
1228 * region-model-impl-calls.cc (call_details::get_arg_type): New.
1229 * region-model.cc (region_model::on_call_pre): Check that the
1230 initial arg is a pointer before calling impl_call_memset and
1231 impl_call_strlen.
1232 * region-model.h (call_details::get_arg_type): New decl.
1233
12342020-09-21 David Malcolm <dmalcolm@redhat.com>
1235
1236 PR analyzer/93355
1237 * sm-malloc.cc (malloc_state_machine::get_default_state): Look at
1238 the base region when considering pointers. Treat pointers to
1239 decls as being non-heap.
1240
239601c5
GA		 12412020-09-18 David Malcolm <dmalcolm@redhat.com>
1242
1243 * checker-path.cc (warning_event::get_desc): Handle global state
1244 changes.
1245
12462020-09-18 David Malcolm <dmalcolm@redhat.com>
1247
1248 * sm-malloc.cc (malloc_state_machine::on_stmt): Handle strdup and
1249 strndup as being malloc-like allocators.
1250
ecde1b0a
GA		 12512020-09-16 David Malcolm <dmalcolm@redhat.com>
1252
1253 * engine.cc (strongly_connected_components::strong_connect): Only
1254 consider intraprocedural edges when creating SCCs.
1255 (worklist::key_t::cmp): Add comment. Treat call_string
1256 differences as more important than differences of program_point
1257 within a supernode.
1258
12592020-09-16 David Malcolm <dmalcolm@redhat.com>
1260
1261 * engine.cc (supernode_cluster::dump_dot): Show the SCC id
1262 in the per-supernode clusters in FILENAME.eg.dot output.
1263 (exploded_graph_annotator::add_node_annotations):
1264 Show the SCC of the supernode in FILENAME.supernode.eg.dot output.
1265 * exploded-graph.h (worklist::scc_id): New.
1266 (exploded_graph::get_scc_id): New.
1267
12682020-09-16 David Malcolm <dmalcolm@redhat.com>
1269
1270 * engine.cc (exploded_node::dump_dot): Show STATUS_BULK_MERGED.
1271 (exploded_graph::process_worklist): Call
1272 maybe_process_run_of_before_supernode_enodes.
1273 (exploded_graph::maybe_process_run_of_before_supernode_enodes):
1274 New.
1275 (exploded_graph_annotator::print_enode): Show STATUS_BULK_MERGED.
1276 * exploded-graph.h (enum exploded_node::status): Add
1277 STATUS_BULK_MERGED.
1278
12792020-09-16 David Malcolm <dmalcolm@redhat.com>
1280
1281 * engine.cc
1282 (exploded_graph::process_node) <case PK_BEFORE_SUPERNODE>:
1283 Simplify by using program_point::get_next.
1284 * program-point.cc (program_point::get_next): New.
1285 * program-point.h (program_point::get_next): New decl.
1286
12872020-09-16 David Malcolm <dmalcolm@redhat.com>
1288
1289 * engine.cc (exploded_graph::get_or_create_node): Show the
1290 program point when issuing -Wanalyzer-too-complex due to hitting
1291 the per-program-point limit.
1292
12932020-09-16 David Malcolm <dmalcolm@redhat.com>
1294
1295 * region-model.cc (region_model::on_call_pre): Treat getchar as
1296 having no side-effects.
1297
9f7ab8c5
GA		 12982020-09-15 David Malcolm <dmalcolm@redhat.com>
1299
1300 PR analyzer/96650
1301 * constraint-manager.cc (merger_fact_visitor::on_fact): Replace
1302 assertion that add_constraint succeeded with an assertion that
1303 if it fails, -fanalyzer-transitivity is off.
1304
50a71cd0
GA		 13052020-09-14 David Malcolm <dmalcolm@redhat.com>
1306
1307 * analyzer.opt (-param=analyzer-max-constraints=): New param.
1308 * constraint-manager.cc
1309 (constraint_manager::add_constraint_internal): Silently reject
1310 attempts to add constraints when the above limit is reached.
1311
13122020-09-14 David Malcolm <dmalcolm@redhat.com>
1313
1314 PR analyzer/96653
1315 * constraint-manager.cc
1316 (constraint_manager::get_or_add_equiv_class): Don't accumulate
1317 transitive closure of all constraints on constants.
1318
13192020-09-14 David Malcolm <dmalcolm@redhat.com>
1320
1321 PR analyzer/97029
1322 * analyzer.cc (is_setjmp_call_p): Require the initial arg to be a
1323 pointer.
1324 * region-model.cc (region_model::deref_rvalue): Assert that the
1325 svalue is of pointer type.
1326
ac35c090
GA		 13272020-09-11 David Malcolm <dmalcolm@redhat.com>
1328
1329 PR analyzer/96798
1330 * region-model-impl-calls.cc (region_model::impl_call_memcpy):
1331 New.
1332 (region_model::impl_call_strcpy): New.
1333 * region-model.cc (region_model::on_call_pre): Flag unhandled
1334 builtins that are non-pure as having unknown side-effects.
1335 Implement BUILT_IN_MEMCPY, BUILT_IN_MEMCPY_CHK, BUILT_IN_STRCPY,
1336 BUILT_IN_STRCPY_CHK, BUILT_IN_FPRINTF, BUILT_IN_FPRINTF_UNLOCKED,
1337 BUILT_IN_PUTC, BUILT_IN_PUTC_UNLOCKED, BUILT_IN_FPUTC,
1338 BUILT_IN_FPUTC_UNLOCKED, BUILT_IN_FPUTS, BUILT_IN_FPUTS_UNLOCKED,
1339 BUILT_IN_FWRITE, BUILT_IN_FWRITE_UNLOCKED, BUILT_IN_PRINTF,
1340 BUILT_IN_PRINTF_UNLOCKED, BUILT_IN_PUTCHAR,
1341 BUILT_IN_PUTCHAR_UNLOCKED, BUILT_IN_PUTS, BUILT_IN_PUTS_UNLOCKED,
1342 BUILT_IN_VFPRINTF, BUILT_IN_VPRINTF.
1343 * region-model.h (region_model::impl_call_memcpy): New decl.
1344 (region_model::impl_call_strcpy): New decl.
1345
80f86e78
GA		 13462020-09-09 David Malcolm <dmalcolm@redhat.com>
1347
1348 PR analyzer/94355
1349 * analyzer.opt (Wanalyzer-mismatching-deallocation): New warning.
1350 * region-model-impl-calls.cc
1351 (region_model::impl_call_operator_new): New.
1352 (region_model::impl_call_operator_delete): New.
1353 * region-model.cc (region_model::on_call_pre): Detect operator new
1354 and operator delete.
1355 (region_model::on_call_post): Likewise.
1356 (region_model::maybe_update_for_edge): Detect EH edges and call...
1357 (region_model::apply_constraints_for_exception): New function.
1358 * region-model.h (region_model::impl_call_operator_new): New decl.
1359 (region_model::impl_call_operator_delete): New decl.
1360 (region_model::apply_constraints_for_exception): New decl.
1361 * sm-malloc.cc (enum resource_state): New.
1362 (struct allocation_state): New state subclass.
1363 (enum wording): New.
1364 (struct api): New.
1365 (malloc_state_machine::custom_data_t): New typedef.
1366 (malloc_state_machine::add_state): New decl.
1367 (malloc_state_machine::m_unchecked)
1368 (malloc_state_machine::m_nonnull)
1369 (malloc_state_machine::m_freed): Delete these states in favor
1370 of...
1371 (malloc_state_machine::m_malloc)
1372 (malloc_state_machine::m_scalar_new)
1373 (malloc_state_machine::m_vector_new): ...this new api instances,
1374 which own their own versions of these states.
1375 (malloc_state_machine::on_allocator_call): New decl.
1376 (malloc_state_machine::on_deallocator_call): New decl.
1377 (api::api): New ctor.
1378 (dyn_cast_allocation_state): New.
1379 (as_a_allocation_state): New.
1380 (get_rs): New.
1381 (unchecked_p): New.
1382 (nonnull_p): New.
1383 (freed_p): New.
1384 (malloc_diagnostic::describe_state_change): Use unchecked_p and
1385 nonnull_p.
1386 (class mismatching_deallocation): New.
1387 (double_free::double_free): Add funcname param for initializing
1388 m_funcname.
1389 (double_free::emit): Use m_funcname in warning message rather
1390 than hardcoding "free".
1391 (double_free::describe_state_change): Likewise. Use freed_p.
1392 (double_free::describe_call_with_state): Use freed_p.
1393 (double_free::describe_final_event): Use m_funcname in message
1394 rather than hardcoding "free".
1395 (double_free::m_funcname): New field.
1396 (possible_null::describe_state_change): Use unchecked_p.
1397 (possible_null::describe_return_of_state): Likewise.
1398 (use_after_free::use_after_free): Add param for initializing m_api.
1399 (use_after_free::emit): Use m_api->m_dealloc_funcname in message
1400 rather than hardcoding "free".
1401 (use_after_free::describe_state_change): Use freed_p. Change the
1402 wording of the message based on the API.
1403 (use_after_free::describe_final_event): Use
1404 m_api->m_dealloc_funcname in message rather than hardcoding
1405 "free". Change the wording of the message based on the API.
1406 (use_after_free::m_api): New field.
1407 (malloc_leak::describe_state_change): Use unchecked_p. Update
1408 for renaming of m_malloc_event to m_alloc_event.
1409 (malloc_leak::describe_final_event): Update for renaming of
1410 m_malloc_event to m_alloc_event.
1411 (malloc_leak::m_malloc_event): Rename...
1412 (malloc_leak::m_alloc_event): ...to this.
1413 (free_of_non_heap::free_of_non_heap): Add param for initializing
1414 m_funcname.
1415 (free_of_non_heap::emit): Use m_funcname in message rather than
1416 hardcoding "free".
1417 (free_of_non_heap::describe_final_event): Likewise.
1418 (free_of_non_heap::m_funcname): New field.
1419 (allocation_state::dump_to_pp): New.
1420 (allocation_state::get_nonnull): New.
1421 (malloc_state_machine::malloc_state_machine): Update for changes
1422 to state fields and new api fields.
1423 (malloc_state_machine::add_state): New.
1424 (malloc_state_machine::on_stmt): Move malloc/calloc handling to
1425 on_allocator_call and call it, passing in the API pointer.
1426 Likewise for free, moving it to on_deallocator_call. Handle calls
1427 to operator new and delete in an analogous way. Use unchecked_p
1428 when testing for possibly-null-arg and possibly-null-deref, and
1429 transition to the non-null for the correct API. Remove redundant
1430 node param from call to on_zero_assignment. Use freed_p for
1431 use-after-free check, and pass in API.
1432 (malloc_state_machine::on_allocator_call): New, based on code in
1433 on_stmt.
1434 (malloc_state_machine::on_deallocator_call): Likewise.
1435 (malloc_state_machine::on_phi): Mark node param with
1436 ATTRIBUTE_UNUSED; don't pass it to on_zero_assignment.
1437 (malloc_state_machine::on_condition): Mark node param with
1438 ATTRIBUTE_UNUSED. Replace on_transition calls with get_state and
1439 set_next_state pairs, transitioning to the non-null state for the
1440 appropriate API.
1441 (malloc_state_machine::can_purge_p): Port to new state approach.
1442 (malloc_state_machine::on_zero_assignment): Replace on_transition
1443 calls with get_state and set_next_state pairs. Drop redundant
1444 node param.
1445 * sm.h (state_machine::add_custom_state): New.
1446
14472020-09-09 David Malcolm <dmalcolm@redhat.com>
1448
1449 * diagnostic-manager.cc
1450 (null_assignment_sm_context::warn_for_state): Replace with...
1451 (null_assignment_sm_context::warn): ...this.
1452 * engine.cc (impl_sm_context::warn_for_state): Replace with...
1453 (impl_sm_context::warn): ...this.
1454 * sm-file.cc (fileptr_state_machine::on_stmt): Replace
1455 warn_for_state and on_transition calls with a get_state
1456 test guarding warn and set_next_state calls.
1457 * sm-malloc.cc (malloc_state_machine::on_stmt): Likewise.
1458 * sm-pattern-test.cc (pattern_test_state_machine::on_condition):
1459 Replace warn_for_state call with warn call.
1460 * sm-sensitive.cc
1461 (sensitive_state_machine::warn_for_any_exposure): Replace
1462 warn_for_state call with a get_state test guarding a warn call.
1463 * sm-signal.cc (signal_state_machine::on_stmt): Likewise.
1464 * sm-taint.cc (taint_state_machine::on_stmt): Replace
1465 warn_for_state and on_transition calls with a get_state
1466 test guarding warn and set_next_state calls.
1467 * sm.h (sm_context::warn_for_state): Replace with...
1468 (sm_context::warn): ...this.
1469
14702020-09-09 David Malcolm <dmalcolm@redhat.com>
1471
1472 * diagnostic-manager.cc
1473 (null_assignment_sm_context::null_assignment_sm_context): Add old_state
1474 and ext_state params, initializing m_old_state and m_ext_state.
1475 (null_assignment_sm_context::on_transition): Split into...
1476 (null_assignment_sm_context::get_state): ...this new vfunc
1477 implementation and...
1478 (null_assignment_sm_context::set_next_state): ...this new vfunc
1479 implementation.
1480 (null_assignment_sm_context::m_old_state): New field.
1481 (null_assignment_sm_context::m_ext_state): New field.
1482 (diagnostic_manager::add_events_for_eedge): Pass in old state and
1483 ext_state when creating sm_ctxt.
1484 * engine.cc (impl_sm_context::on_transition): Split into...
1485 (impl_sm_context::get_state): ...this new vfunc
1486 implementation and...
1487 (impl_sm_context::set_next_state): ...this new vfunc
1488 implementation.
1489 * sm.h (sm_context::get_state): New pure virtual function.
1490 (sm_context::set_next_state): Likewise.
1491 (sm_context::on_transition): Convert from a pure virtual function
1492 to a regular function implemented in terms of get_state and
1493 set_next_state.
1494
14952020-09-09 David Malcolm <dmalcolm@redhat.com>
1496
1497 * checker-path.cc (state_change_event::get_desc): Update
1498 state_machine::get_state_name calls to state::get_name.
1499 (warning_event::get_desc): Likewise.
1500 * diagnostic-manager.cc
1501 (null_assignment_sm_context::on_transition): Update comparison
1502 against 0 with comparison with m_sm.get_start_state.
1503 (diagnostic_manager::prune_for_sm_diagnostic): Update
1504 state_machine::get_state_name calls to state::get_name.
1505 * engine.cc (impl_sm_context::on_transition): Likewise.
1506 (exploded_node::get_dot_fillcolor): Use get_id when summing
1507 the sm states.
1508 * program-state.cc (sm_state_map::sm_state_map): Don't hardcode
1509 0 as the start state when initializing m_global_state.
1510 (sm_state_map::print): Use dump_to_pp rather than get_state_name
1511 when dumping states.
1512 (sm_state_map::is_empty_p): Don't hardcode 0 as the start state
1513 when examining m_global_state.
1514 (sm_state_map::hash): Use get_id when hashing states.
1515 (selftest::test_sm_state_map): Use state objects rather than
1516 arbitrary hardcoded integers.
1517 (selftest::test_program_state_merging): Likewise.
1518 (selftest::test_program_state_merging_2): Likewise.
1519 * sm-file.cc (fileptr_state_machine::m_start): Move to base class.
1520 (file_diagnostic::describe_state_change): Use get_start_state.
1521 (fileptr_state_machine::fileptr_state_machine): Drop m_start
1522 initialization.
1523 * sm-malloc.cc (malloc_state_machine::m_start): Move to base
1524 class.
1525 (malloc_diagnostic::describe_state_change): Use get_start_state.
1526 (possible_null::describe_state_change): Likewise.
1527 (malloc_state_machine::malloc_state_machine): Drop m_start
1528 initialization.
1529 * sm-pattern-test.cc (pattern_test_state_machine::m_start): Move
1530 to base class.
1531 (pattern_test_state_machine::pattern_test_state_machine): Drop
1532 m_start initialization.
1533 * sm-sensitive.cc (sensitive_state_machine::m_start): Move to base
1534 class.
1535 (sensitive_state_machine::sensitive_state_machine): Drop m_start
1536 initialization.
1537 * sm-signal.cc (signal_state_machine::m_start): Move to base
1538 class.
1539 (signal_state_machine::signal_state_machine): Drop m_start
1540 initialization.
1541 * sm-taint.cc (taint_state_machine::m_start): Move to base class.
1542 (taint_state_machine::taint_state_machine): Drop m_start
1543 initialization.
1544 * sm.cc (state_machine::state::dump_to_pp): New.
1545 (state_machine::state_machine): Move here from sm.h. Initialize
1546 m_next_state_id and m_start.
1547 (state_machine::add_state): Reimplement in terms of state objects.
1548 (state_machine::get_state_name): Delete.
1549 (state_machine::get_state_by_name): Reimplement in terms of state
1550 objects. Make const.
1551 (state_machine::validate): Delete.
1552 (state_machine::dump_to_pp): Reimplement in terms of state
1553 objects.
1554 * sm.h (state_machine::state): New class.
1555 (state_machine::state_t): Convert typedef from "unsigned" to
1556 "const state_machine::state *".
1557 (state_machine::state_machine): Move to sm.cc.
1558 (state_machine::get_default_state): Use m_start rather than
1559 hardcoding 0.
1560 (state_machine::get_state_name): Delete.
1561 (state_machine::get_state_by_name): Make const.
1562 (state_machine::get_start_state): New accessor.
1563 (state_machine::alloc_state_id): New.
1564 (state_machine::m_state_names): Drop in favor of...
1565 (state_machine::m_states): New field
1566 (state_machine::m_start): New field
1567 (start_start_p): Delete.
1568
31a05046
GA		 15692020-09-08 David Malcolm <dmalcolm@redhat.com>
1570
1571 PR analyzer/96949
1572 * store.cc (binding_map::apply_ctor_val_to_range): Add
1573 error-handling for the cases where we have symbolic offsets.
1574
15752020-09-08 David Malcolm <dmalcolm@redhat.com>
1576
1577 PR analyzer/96950
1578 * store.cc (binding_map::apply_ctor_to_region): Handle RANGE_EXPR
1579 where min_index == max_index.
1580 (binding_map::apply_ctor_val_to_range): Replace assertion that we
1581 don't have a CONSTRUCTOR value with error-handling.
1582
15832020-09-08 David Malcolm <dmalcolm@redhat.com>
1584
1585 PR analyzer/96962
1586 * region-model.cc (region_model::on_call_pre): Fix guard on switch
1587 on built-ins to only consider BUILT_IN_NORMAL, rather than other
1588 kinds of build-ins.
1589
e1a4a8a0
GA		 15902020-09-01 David Malcolm <dmalcolm@redhat.com>
1591
1592 PR analyzer/96792
1593 * region-model.cc (region_model::deref_rvalue): Add the constraint
1594 that PTR_SVAL is non-NULL.
1595
13e4ba28
GA		 15962020-08-31 David Malcolm <dmalcolm@redhat.com>
1597
1598 PR analyzer/96798
1599 * region-model.cc (region_model::on_call_pre): Handle
1600 BUILT_IN_MEMSET_CHK.
1601
16022020-08-31 David Malcolm <dmalcolm@redhat.com>
1603
1604 * region-model.cc (region_model::on_call_pre): Gather handling of
1605 builtins and of internal fns into switch statements. Handle
1606 "alloca" and BUILT_IN_ALLOCA_WITH_ALIGN.
1607
16082020-08-31 David Malcolm <dmalcolm@redhat.com>
1609
1610 PR analyzer/96860
1611 * region.cc (decl_region::get_svalue_for_constructor): Support
1612 apply_ctor_to_region failing.
1613 * store.cc (binding_map::apply_ctor_to_region): Add failure
1614 handling.
1615 (binding_map::apply_ctor_val_to_range): Likewise.
1616 (binding_map::apply_ctor_pair_to_child_region): Likewise. Replace
1617 assertion that child_base_offset is not symbolic with error
1618 handling.
1619 * store.h (binding_map::apply_ctor_to_region): Convert return type
1620 from void to bool.
1621 (binding_map::apply_ctor_val_to_range): Likewise.
1622 (binding_map::apply_ctor_pair_to_child_region): Likewise.
1623
16242020-08-31 David Malcolm <dmalcolm@redhat.com>
1625
1626 PR analyzer/96763
1627 * store.cc (binding_map::apply_ctor_to_region): Handle RANGE_EXPR
1628 by calling a new binding_map::apply_ctor_val_to_range subroutine.
1629 Split out the existing non-CONSTRUCTOR-handling code to a new
1630 apply_ctor_pair_to_child_region subroutine.
1631 (binding_map::apply_ctor_val_to_range): New.
1632 (binding_map::apply_ctor_pair_to_child_region): New, split out
1633 from binding_map::apply_ctor_to_region as noted above.
1634 * store.h (binding_map::apply_ctor_val_to_range): New decl.
1635 (binding_map::apply_ctor_pair_to_child_region): New decl.
1636
16372020-08-31 David Malcolm <dmalcolm@redhat.com>
1638
1639 PR analyzer/96764
1640 * region-model-manager.cc
1641 (region_model_manager::maybe_fold_unaryop): Handle VIEW_CONVERT_EXPR.
1642 (region_model_manager::get_or_create_cast): Move logic for
1643 real->integer casting to...
1644 (get_code_for_cast): ...this new function, and add logic for
1645 real->non-integer casts.
1646 (region_model_manager::maybe_fold_sub_svalue): Handle
1647 VIEW_CONVERT_EXPR.
1648 * region-model.cc
1649 (region_model::add_any_constraints_from_gassign): Likewise.
1650 * svalue.cc (svalue::maybe_undo_cast): Likewise.
1651 (unaryop_svalue::dump_to_pp): Likewise.
1652
57ea0894
GA		 16532020-08-26 David Malcolm <dmalcolm@redhat.com>
1654
1655 PR analyzer/94858
1656 * region-model-manager.cc
1657 (region_model_manager::get_or_create_widening_svalue): Assert that
1658 neither of the inputs are themselves widenings.
1659 * store.cc (store::eval_alias_1): The initial value of a pointer
1660 can't point to a region that was allocated on the heap after the
1661 beginning of the path. A widened pointer value can't alias anything
1662 that the initial pointer value can't alias.
1663 * svalue.cc (svalue::can_merge_p): Merge BINOP (X, OP, CST) with X
1664 to a widening svalue. Merge
1665 BINOP(WIDENING(BASE, BINOP(BASE, X)), X) and BINOP(BASE, X) to
1666 to the LHS of the first BINOP.
1667
16682020-08-26 David Malcolm <dmalcolm@redhat.com>
1669
1670 PR analyzer/96777
1671 * region-model.h (class compound_svalue): Document that all keys
1672 must be concrete.
1673 (compound_svalue::compound_svalue): Move definition to svalue.cc.
1674 * store.cc (binding_map::apply_ctor_to_region): Handle
1675 initializers for trailing arrays with incomplete size.
1676 * svalue.cc (compound_svalue::compound_svalue): Move definition
1677 here from region-model.h. Add assertion that all keys are
1678 concrete.
1679
e769f970
GA		 16802020-08-22 David Malcolm <dmalcolm@redhat.com>
1681
1682 PR analyzer/94851
1683 * region-model-manager.cc
1684 (region_model_manager::maybe_fold_binop): Fold bitwise "& 0" to 0.
1685
16862020-08-22 David Malcolm <dmalcolm@redhat.com>
1687
1688 * store.cc (store::eval_alias): Make const. Split out 2nd half
1689 into store::eval_alias_1 and call it twice for symmetry, avoiding
1690 test duplication.
1691 (store::eval_alias_1): New function, split out from the above.
1692 * store.h (store::eval_alias): Make const.
1693 (store::eval_alias_1): New decl.
1694
16952020-08-22 David Malcolm <dmalcolm@redhat.com>
1696
1697 * region-model.cc (region_model::push_frame): Bind the default
1698 SSA name for each parm if it exists, falling back to the parm
1699 itself otherwise, rather than doing both.
1700
5b9a3d2a
GA		 17012020-08-20 David Malcolm <dmalcolm@redhat.com>
1702
1703 PR analyzer/96723
1704 * region-model-manager.cc
1705 (region_model_manager::get_field_region): Assert that field is a
1706 FIELD_DECL.
1707 * region.cc (region::get_subregions_for_binding): In
1708 union-handling, filter the TYPE_FIELDS traversal to just FIELD_DECLs.
1709
17102020-08-20 David Malcolm <dmalcolm@redhat.com>
1711
1712 PR analyzer/96713
1713 * region-model.cc (region_model::get_gassign_result): For
1714 comparisons, only use eval_condition when the lhs has boolean
1715 type, and use get_or_create_constant_svalue on the boolean
1716 constants directly rather than via get_rvalue.
1717
04e23a40
GA		 17182020-08-19 David Malcolm <dmalcolm@redhat.com>
1719
1720 PR analyzer/96643
1721 * region-model.cc (region_model::deref_rvalue): Rather than
1722 attempting to handle all svalue kinds in the switch, only cover
1723 the special cases, and move symbolic-region handling to after
1724 the switch, thus implicitly handling the missing case SK_COMPOUND.
1725
17262020-08-19 David Malcolm <dmalcolm@redhat.com>
1727
1728 PR analyzer/96705
1729 * region-model-manager.cc
1730 (region_model_manager::maybe_fold_binop): Check that we have an
1731 integral type before calling build_int_cst.
1732
17332020-08-19 David Malcolm <dmalcolm@redhat.com>
1734
1735 PR analyzer/96699
1736 * region-model-manager.cc
1737 (region_model_manager::get_or_create_cast): Use FIX_TRUNC_EXPR for
1738 casting from REAL_TYPE to INTEGER_TYPE.
1739
17402020-08-19 David Malcolm <dmalcolm@redhat.com>
1741
1742 PR analyzer/96651
1743 * region-model.cc (region_model::called_from_main_p): New.
1744 (region_model::get_store_value): Move handling for globals into...
1745 (region_model::get_initial_value_for_global): ...this new
1746 function, and add logic for extracting values from decl
1747 initializers.
1748 * region-model.h (decl_region::get_svalue_for_constructor): New
1749 decl.
1750 (decl_region::get_svalue_for_initializer): New decl.
1751 (region_model::called_from_main_p): New decl.
1752 (region_model::get_initial_value_for_global): New.
1753 * region.cc (decl_region::maybe_get_constant_value): Move logic
1754 for getting an svalue from a CONSTRUCTOR node to...
1755 (decl_region::get_svalue_for_constructor): ...this new function.
1756 (decl_region::get_svalue_for_initializer): New.
1757 * store.cc (get_svalue_for_ctor_val): Rewrite in terms of
1758 region_model::get_rvalue.
1759 * store.h (binding_cluster::get_map): New accessor.
1760
17612020-08-19 David Malcolm <dmalcolm@redhat.com>
1762
1763 PR analyzer/96648
1764 * region.cc (get_field_at_bit_offset): Gracefully handle negative
1765 values for bit_offset.
1766
5c265693
GA		 17672020-08-18 David Malcolm <dmalcolm@redhat.com>
1768
1769 * region-model.cc (region_model::get_rvalue_1): Fix name of local.
1770
17712020-08-18 David Malcolm <dmalcolm@redhat.com>
1772
1773 PR analyzer/96641
1774 * region-model.cc (region_model::get_rvalue_1): Handle
1775 unrecognized tree codes by returning "UNKNOWN.
1776
17772020-08-18 David Malcolm <dmalcolm@redhat.com>
1778
1779 PR analyzer/96640
1780 * region-model.cc (region_model::get_gassign_result): Handle various
1781 VEC_* tree codes by returning UNKNOWN.
1782 (region_model::on_assignment): Handle unrecognized tree codes by
1783 setting lhs to an unknown value, rather than issuing a "sorry" and
1784 asserting.
1785
deee2322
GA		 17862020-08-17 David Malcolm <dmalcolm@redhat.com>
1787
1788 PR analyzer/96644
1789 * region-model-manager.cc (get_region_for_unexpected_tree_code):
1790 Handle ctxt being NULL.
1791
17922020-08-17 David Malcolm <dmalcolm@redhat.com>
1793
1794 PR analyzer/96639
1795 * region.cc (region::get_subregions_for_binding): Check for "type"
1796 being NULL.
1797
17982020-08-17 David Malcolm <dmalcolm@redhat.com>
1799
1800 PR analyzer/96642
1801 * store.cc (get_svalue_for_ctor_val): New.
1802 (binding_map::apply_ctor_to_region): Call it.
1803
661ee09b
GA		 18042020-08-14 David Malcolm <dmalcolm@redhat.com>
1805
1806 PR testsuite/96609
1807 PR analyzer/96616
1808 * region-model.cc (region_model::get_store_value): Call
1809 maybe_get_constant_value on decl_regions first.
1810 * region-model.h (decl_region::maybe_get_constant_value): New decl.
1811 * region.cc (decl_region::get_stack_depth): Likewise.
1812 (decl_region::maybe_get_constant_value): New.
1813 * store.cc (get_subregion_within_ctor): New.
1814 (binding_map::apply_ctor_to_region): New.
1815 * store.h (binding_map::apply_ctor_to_region): New decl.
1816
18172020-08-14 David Malcolm <dmalcolm@redhat.com>
1818
1819 PR analyzer/96611
1820 * store.cc (store::mark_as_escaped): Reject attempts to
1821 get a cluster for an unknown pointer.
1822
b3cb5606
GA		 18232020-08-13 David Malcolm <dmalcolm@redhat.com>
1824
5afd1882
ML		 1825 PR analyzer/93032
1826 PR analyzer/93938
1827 PR analyzer/94011
1828 PR analyzer/94099
1829 PR analyzer/94399
1830 PR analyzer/94458
1831 PR analyzer/94503
1832 PR analyzer/94640
1833 PR analyzer/94688
1834 PR analyzer/94689
1835 PR analyzer/94839
1836 PR analyzer/95026
1837 PR analyzer/95042
1838 PR analyzer/95240
b3cb5606
GA		 1839 * analyzer-logging.cc: Ignore "-Wformat-diag".
1840 (logger::enter_scope): Use inc_indent in both overloads.
1841 (logger::exit_scope): Use dec_indent.
1842 * analyzer-logging.h (logger::inc_indent): New.
1843 (logger::dec_indent): New.
1844 * analyzer-selftests.cc (run_analyzer_selftests): Call
1845 analyzer_store_cc_tests.
1846 * analyzer-selftests.h (analyzer_store_cc_tests): New decl.
1847 * analyzer.cc (get_stmt_location): New function.
1848 * analyzer.h (class initial_svalue): New forward decl.
1849 (class unaryop_svalue): New forward decl.
1850 (class binop_svalue): New forward decl.
1851 (class sub_svalue): New forward decl.
1852 (class unmergeable_svalue): New forward decl.
1853 (class placeholder_svalue): New forward decl.
1854 (class widening_svalue): New forward decl.
1855 (class compound_svalue): New forward decl.
1856 (class conjured_svalue): New forward decl.
1857 (svalue_set): New typedef.
1858 (class map_region): Delete.
1859 (class array_region): Delete.
1860 (class frame_region): New forward decl.
1861 (class function_region): New forward decl.
1862 (class label_region): New forward decl.
1863 (class decl_region): New forward decl.
1864 (class element_region): New forward decl.
1865 (class offset_region): New forward decl.
1866 (class cast_region): New forward decl.
1867 (class field_region): New forward decl.
1868 (class string_region): New forward decl.
1869 (class region_model_manager): New forward decl.
1870 (class store_manager): New forward decl.
1871 (class store): New forward decl.
1872 (class call_details): New forward decl.
1873 (struct svalue_id_merger_mapping): Delete.
1874 (struct canonicalization): Delete.
1875 (class function_point): New forward decl.
1876 (class engine): New forward decl.
1877 (dump_tree): New function decl.
1878 (print_quoted_type): New function decl.
1879 (readability_comparator): New function decl.
1880 (tree_cmp): New function decl.
1881 (class path_var): Move here from region-model.h
1882 (bit_offset_t, bit_size_t, byte_size_t): New typedefs.
1883 (class region_offset): New class.
1884 (get_stmt_location): New decl.
1885 (struct member_function_hash_traits): New struct.
1886 (class consolidation_map): New class.
1887 Ignore "-Wformat-diag".
1888 * analyzer.opt (-param=analyzer-max-svalue-depth=): New param.
1889 (-param=analyzer-max-enodes-for-full-dump=): New param.
1890 * call-string.cc: Ignore -Wformat-diag.
1891 * checker-path.cc: Move includes of "analyzer/call-string.h" and
1892 "analyzer/program-point.h" to before "analyzer/region-model.h",
1893 and also include "analyzer/store.h" before it.
1894 (state_change_event::state_change_event): Replace "tree var" param
1895 with "const svalue *sval". Convert "origin" param from tree to
1896 "const svalue *".
1897 (state_change_event::get_desc): Call get_representative_tree to
1898 convert the var and origin from const svalue * to tree. Use
1899 svalue::get_desc rather than %qE when describing state changes.
1900 (checker_path::add_final_event): Use get_stmt_location.
1901 * checker-path.h (state_change_event::state_change_event): Port
1902 from tree to const svalue *.
1903 (state_change_event::get_lvalue): Delete.
1904 (state_change_event::get_dest_function): New.
1905 (state_change_event::m_var): Replace with...
1906 (state_change_event::m_sval): ...this.
1907 (state_change_event::m_origin): Convert from tree to
1908 const svalue *.
1909 * constraint-manager.cc: Include "analyzer/call-string.h",
1910 "analyzer/program-point.h", and "analyzer/store.h" before
1911 "analyzer/region-model.h".
1912 (struct bound, struct range): Move to constraint-manager.h.
1913 (compare_constants): New function.
1914 (range::dump): Rename to...
1915 (range::dump_to_pp): ...this. Support NULL constants.
1916 (range::dump): Reintroduce for dumping to stderr.
1917 (range::constrained_to_single_element): Return result, rather than
1918 writing to *OUT.
1919 (range::eval_condition): New.
1920 (range::below_lower_bound): New.
1921 (range::above_upper_bound): New.
1922 (equiv_class::equiv_class): Port from svalue_id to const svalue *.
1923 (equiv_class::print): Likewise.
1924 (equiv_class::hash): Likewise.
1925 (equiv_class::operator==): Port from svalue_id to const svalue *.
1926 (equiv_class::add): Port from svalue_id to const svalue *. Drop
1927 "cm" param.
1928 (equiv_class::del): Port from svalue_id to const svalue *.
1929 (equiv_class::get_representative): Likewise.
1930 (equiv_class::remap_svalue_ids): Delete.
1931 (svalue_id_cmp_by_id): Rename to...
1932 (svalue_cmp_by_ptr): ...this, porting from svalue_id to
1933 const svalue *.
1934 (equiv_class::canonicalize): Update qsort comparator.
1935 (constraint::implied_by): New.
1936 (constraint_manager::constraint_manager): Copy m_mgr in copy ctor.
1937 (constraint_manager::dump_to_pp): Add "multiline" param
1938 (constraint_manager::dump): Pass "true" for "multiline".
1939 (constraint_manager::add_constraint): Port from svalue_id to
1940 const svalue *. Split out second part into...
1941 (constraint_manager::add_unknown_constraint): ...this new
1942 function. Remove self-constraints when merging equivalence
1943 classes.
1944 (constraint_manager::add_constraint_internal): Remove constraints
1945 that would be implied by the new constraint. Port from svalue_id
1946 to const svalue *.
1947 (constraint_manager::get_equiv_class_by_sid): Rename to...
1948 (constraint_manager::get_equiv_class_by_svalue): ...this, porting
1949 from svalue_id to const svalue *.
1950 (constraint_manager::get_or_add_equiv_class): Port from svalue_id
1951 to const svalue *.
1952 (constraint_manager::eval_condition): Make const. Call
1953 compare_constants and return early if it provides a known result.
1954 (constraint_manager::get_ec_bounds): New.
1955 (constraint_manager::eval_condition): New overloads. Make
1956 existing one const, and use compare_constants.
1957 (constraint_manager::purge): Convert "p" param to a template
1958 rather that an abstract base class. Port from svalue_id to
1959 const svalue *.
1960 (class dead_svalue_purger): New class.
1961 (constraint_manager::remap_svalue_ids): Delete.
1962 (constraint_manager::on_liveness_change): New.
1963 (equiv_class_cmp): Port from svalue_id to const svalue *.
1964 (constraint_manager::canonicalize): Likewise. Combine with
1965 purging of redundant equivalence classes and constraints.
1966 (class cleaned_constraint_manager): Delete.
1967 (class merger_fact_visitor): Make "m_cm_b" const. Add "m_merger"
1968 field.
1969 (merger_fact_visitor::fact): Port from svalue_id to const svalue *.
1970 Add special case for widening.
1971 (constraint_manager::merge): Port from svalue_id to const svalue *.
1972 (constraint_manager::clean_merger_input): Delete.
1973 (constraint_manager::for_each_fact): Port from svalue_id to
1974 const svalue *.
1975 (constraint_manager::validate): Likewise.
1976 (selftest::test_constraint_conditions): Provide a
1977 region_model_manager when creating region_model instances.
1978 Add test for self-equality not creating equivalence classes.
1979 (selftest::test_transitivity): Provide a region_model_manager when
1980 creating region_model instances. Verify that EC-merging happens
1981 when constraints are implied.
1982 (selftest::test_constant_comparisons): Provide a
1983 region_model_manager when creating region_model instances.
1984 (selftest::test_constraint_impl): Likewise. Remove over-specified
1985 assertions.
1986 (selftest::test_equality): Provide a region_model_manager when
1987 creating region_model instances.
1988 (selftest::test_many_constants): Likewise. Provide a
1989 program_point when testing merging.
1990 (selftest::run_constraint_manager_tests): Move call to
1991 test_constant_comparisons to outside the transitivity guard.
1992 * constraint-manager.h (struct bound): Move here from
1993 constraint-manager.cc.
1994 (struct range): Likewise.
1995 (struct::eval_condition): New decl.
1996 (struct::below_lower_bound): New decl.
1997 (struct::above_upper_bound): New decl.
1998 (equiv_class::add): Port from svalue_id to const svalue *.
1999 (equiv_class::del): Likewise.
2000 (equiv_class::get_representative): Likewise.
2001 (equiv_class::remap_svalue_ids): Drop.
2002 (equiv_class::m_cst_sid): Convert to..
2003 (equiv_class::m_cst_sval): ...this.
2004 (equiv_class::m_vars): Port from svalue_id to const svalue *.
2005 (constraint::bool implied_by): New decl.
2006 (fact_visitor::on_fact): Port from svalue_id to const svalue *.
2007 (constraint_manager::constraint_manager): Add mgr param.
2008 (constraint_manager::clone): Delete.
2009 (constraint_manager::maybe_get_constant): Delete.
2010 (constraint_manager::get_sid_for_constant): Delete.
2011 (constraint_manager::get_num_svalues): Delete.
2012 (constraint_manager::dump_to_pp): Add "multiline" param.
2013 (constraint_manager::get_equiv_class): Port from svalue_id to
2014 const svalue *.
2015 (constraint_manager::add_constraint): Likewise.
2016 (constraint_manager::get_equiv_class_by_sid): Rename to...
2017 (constraint_manager::get_equiv_class_by_svalue): ...this, porting
2018 from svalue_id to const svalue *.
2019 (constraint_manager::add_unknown_constraint): New decl.
2020 (constraint_manager::get_or_add_equiv_class): Port from svalue_id
2021 to const svalue *.
2022 (constraint_manager::eval_condition): Likewise. Add overloads.
2023 (constraint_manager::get_ec_bounds): New decl.
2024 (constraint_manager::purge): Convert to template.
2025 (constraint_manager::remap_svalue_ids): Delete.
2026 (constraint_manager::on_liveness_change): New decl.
2027 (constraint_manager::canonicalize): Drop param.
2028 (constraint_manager::clean_merger_input): Delete.
2029 (constraint_manager::m_mgr): New field.
2030 * diagnostic-manager.cc: Move includes of
2031 "analyzer/call-string.h" and "analyzer/program-point.h" to before
2032 "analyzer/region-model.h", and also include "analyzer/store.h"
2033 before it.
2034 (saved_diagnostic::saved_diagnostic): Add "sval" param.
2035 (diagnostic_manager::diagnostic_manager): Add engine param.
2036 (diagnostic_manager::add_diagnostic): Add "sval" param, passing it
2037 to saved_diagnostic ctor. Update overload to pass NULL for it.
2038 (dedupe_winners::dedupe_winners): Add engine param.
2039 (dedupe_winners::add): Add "eg" param. Pass m_engine to
2040 feasible_p.
2041 (dedupe_winner::m_engine): New field.
2042 (diagnostic_manager::emit_saved_diagnostics): Pass engine to
2043 dedupe_winners. Pass &eg when adding candidates. Pass svalue
2044 rather than tree to prune_path. Use get_stmt_location to get
2045 primary location of diagnostic.
2046 (diagnostic_manager::emit_saved_diagnostic): Likewise.
2047 (get_any_origin): Drop.
2048 (state_change_event_creator::on_global_state_change): Pass NULL
2049 const svalue * rather than NULL_TREE trees to state_change_event
2050 ctor.
2051 (state_change_event_creator::on_state_change): Port from tree and
2052 svalue_id to const svalue *.
2053 (for_each_state_change): Port from svalue_id to const svalue *.
2054 (struct null_assignment_sm_context): New.
2055 (diagnostic_manager::add_events_for_eedge): Add state change
2056 events for assignment to NULL.
2057 (diagnostic_manager::prune_path): Update param from tree to
2058 const svalue *.
2059 (diagnostic_manager::prune_for_sm_diagnostic): Port from tracking
2060 by tree to by const svalue *.
2061 * diagnostic-manager.h (saved_diagnostic::saved_diagnostic): Add sval
2062 param.
2063 (saved_diagnostic::m_sval): New field.
2064 (diagnostic_manager::diagnostic_manager): Add engine param.
2065 (diagnostic_manager::get_engine): New.
2066 (diagnostic_manager::add_diagnostic): Add "sval" param.
2067 (diagnostic_manager::prune_path): Likewise.
2068 (diagnostic_manager::prune_for_sm_diagnostic): New overload.
2069 (diagnostic_manager::m_eng): New field.
2070 * engine.cc: Move includes of "analyzer/call-string.h" and
2071 "analyzer/program-point.h" to before "analyzer/region-model.h",
2072 and also include "analyzer/store.h" before it.
2073 (impl_region_model_context::impl_region_model_context): Update for
2074 removal of m_change field.
2075 (impl_region_model_context::remap_svalue_ids): Delete.
2076 (impl_region_model_context::on_svalue_leak): New.
2077 (impl_region_model_context::on_svalue_purge): Delete.
2078 (impl_region_model_context::on_liveness_change): New.
2079 (impl_region_model_context::on_unknown_change): Update param
2080 from svalue_id to const svalue *. Add is_mutable param.
2081 (setjmp_svalue::compare_fields): Delete.
2082 (setjmp_svalue::accept): New.
2083 (setjmp_svalue::add_to_hash): Delete.
2084 (setjmp_svalue::dump_to_pp): New.
2085 (setjmp_svalue::print_details): Delete.
2086 (impl_sm_context::impl_sm_context): Drop "change" param.
2087 (impl_sm_context::get_fndecl_for_call): Drop "m_change".
2088 (impl_sm_context::on_transition): Drop ATTRIBUTE_UNUSED from
2089 "stmt" param. Drop m_change. Port from svalue_id to
2090 const svalue *.
2091 (impl_sm_context::warn_for_state): Drop m_change. Port from
2092 svalue_id to const svalue *.
2093 (impl_sm_context::get_readable_tree): Rename to...
2094 (impl_sm_context::get_diagnostic_tree): ...this. Port from
2095 svalue_id to const svalue *.
2096 (impl_sm_context::is_zero_assignment): New.
2097 (impl_sm_context::m_change): Delete field.
2098 (leak_stmt_finder::find_stmt): Handle m_var being NULL.
2099 (readability): Increase penalty for MEM_REF. For SSA_NAMEs,
2100 slightly favor the underlying var over the SSA name. Heavily
2101 penalize temporaries. Handle RESULT_DECL.
2102 (readability_comparator): Make non-static. Consider stack depths.
2103 (impl_region_model_context::on_state_leak): Convert from svalue_id
2104 to const svalue *, updating for region_model changes. Use
2105 id_equal.
2106 (impl_region_model_context::on_inherited_svalue): Delete.
2107 (impl_region_model_context::on_cast): Delete.
2108 (impl_region_model_context::on_condition): Drop m_change.
2109 (impl_region_model_context::on_phi): Likewise.
2110 (impl_region_model_context::on_unexpected_tree_code): Handle t
2111 being NULL.
2112 (point_and_state::validate): Update stack checking for
2113 region_model changes.
2114 (eg_traits::dump_args_t::show_enode_details_p): New.
2115 (exploded_node::exploded_node): Initialize m_num_processed_stmts.
2116 (exploded_node::get_processed_stmt): New function.
2117 (exploded_node::get_dot_fillcolor): Add more colors.
2118 (exploded_node::dump_dot): Guard the printing of the point and
2119 state with show_enode_details_p. Print the processed stmts for
2120 this enode after the initial state.
2121 (exploded_node::dump_to_pp): Pass true for new multiline param
2122 of program_state::dump_to_pp.
2123 (exploded_node::on_stmt): Drop "change" param. Log the stmt.
2124 Set input_location. Implement __analyzer_describe. Update
2125 implementation of __analyzer_dump and __analyzer_eval.
2126 Remove purging of sm-state for unknown fncalls from here.
2127 (exploded_node::on_edge): Drop "change" param.
2128 (exploded_node::on_longjmp): Port from region_id/svalue_id to
2129 const region */const svalue *. Call program_state::detect_leaks.
2130 Drop state_change.
2131 (exploded_node::detect_leaks): Update for changes to region_model.
2132 Call program_state::detect_leaks.
2133 (exploded_edge::exploded_edge): Drop ext_state and change params.
2134 (exploded_edge::dump_dot): "args" is no longer used. Drop dumping
2135 of m_change.
2136 (exploded_graph::exploded_graph): Pass engine to
2137 m_diagnostic_manager ctor. Use program_point::origin.
2138 (exploded_graph::add_function_entry): Drop ctxt. Use
2139 program_state::push_frame. Drop state_change.
2140 (exploded_graph::get_or_create_node): Drop "change" param. Add
2141 "enode_for_diag" param. Update dumping calls for API changes.
2142 Pass point to can_merge_with_p. Show enode indices
2143 within -Wanalyzer-too-complex diagnostic for hitting the per-point
2144 limit.
2145 (exploded_graph::add_edge): Drop "change" param. Log which nodes
2146 are being connected. Update for changes to exploded_edge ctor.
2147 (exploded_graph::get_per_program_point_data): New.
2148 (exploded_graph::process_worklist): Pass point to
2149 can_merge_with_p. Drop state_change. Update dumping call for API
2150 change.
2151 (exploded_graph::process_node): Drop state_change. Split the
2152 node in-place if an sm-state-change occurs. Update
2153 m_num_processed_stmts. Update dumping calls for API change.
2154 (exploded_graph::log_stats): Call engine::log_stats.
2155 (exploded_graph::dump_states_for_supernode): Update dumping
2156 call.
2157 (exploded_path::feasible_p): Add "eng" and "eg" params.
2158 Rename "i" to "end_idx". Pass the manager to the region_model
2159 ctor. Update for every processed stmt in the enode, not just the
2160 first. Keep track of which snodes have been visited, and call
2161 loop_replay_fixup when revisiting one.
2162 (enode_label::get_text): Update dump call for new param.
2163 (exploded_graph::dump_exploded_nodes): Likewise.
2164 (exploded_graph::get_node_by_index): New.
2165 (impl_run_checkers): Create engine instance and pass its address
2166 to extrinsic_state ctor.
2167 * exploded-graph.h
2168 (impl_region_model_context::impl_region_model_context): Drop
2169 "change" params.
2170 (impl_region_model_context::void remap_svalue_ids): Delete.
2171 (impl_region_model_context::on_svalue_purge): Delete.
2172 (impl_region_model_context::on_svalue_leak): New.
2173 (impl_region_model_context::on_liveness_change): New.
2174 (impl_region_model_context::on_state_leak): Update signature.
2175 (impl_region_model_context::on_inherited_svalue): Delete.
2176 (impl_region_model_context::on_cast): Delete.
2177 (impl_region_model_context::on_unknown_change): Update signature.
2178 (impl_region_model_context::m_change): Delete.
2179 (eg_traits::dump_args_t::show_enode_details_p): New.
2180 (exploded_node::on_stmt): Drop "change" param.
2181 (exploded_node::on_edge): Likewise.
2182 (exploded_node::get_processed_stmt): New decl.
2183 (exploded_node::m_num_processed_stmts): New field.
2184 (exploded_edge::exploded_edge): Drop ext_state and change params.
2185 (exploded_edge::m_change): Delete.
2186 (exploded_graph::get_engine): New accessor.
2187 (exploded_graph::get_or_create_node): Drop "change" param. Add
2188 "enode_for_diag" param.
2189 (exploded_graph::add_edge): Drop "change" param.
2190 (exploded_graph::get_per_program_point_data): New decl.
2191 (exploded_graph::get_node_by_index): New decl.
2192 (exploded_path::feasible_p): Add "eng" and "eg" params.
2193 * program-point.cc: Include "analyzer/store.h" before including
2194 "analyzer/region-model.h".
2195 (function_point::function_point): Move here from
2196 program-point.h.
2197 (function_point::get_function): Likewise.
2198 (function_point::from_function_entry): Likewise.
2199 (function_point::before_supernode): Likewise.
2200 (function_point::next_stmt): New function.
2201 * program-point.h (function_point::function_point): Move
2202 implementation from here to program-point.cc.
2203 (function_point::get_function): Likewise.
2204 (function_point::from_function_entry): Likewise.
2205 (function_point::before_supernode): Likewise.
2206 (function_point::next_stmt): New decl.
2207 (program_point::operator!=): New.
2208 (program_point::origin): New.
2209 (program_point::next_stmt): New.
2210 (program_point::m_function_point): Make non-const.
2211 * program-state.cc: Move includes of "analyzer/call-string.h" and
2212 "analyzer/program-point.h" to before "analyzer/region-model.h",
2213 and also include "analyzer/store.h" before it.
2214 (extrinsic_state::get_model_manager): New.
2215 (sm_state_map::sm_state_map): Pass in sm and sm_idx to ctor,
2216 rather than pass the around.
2217 (sm_state_map::clone_with_remapping): Delete.
2218 (sm_state_map::print): Remove "sm" param in favor of "m_sm". Add
2219 "simple" and "multiline" params and support multiline vs single
2220 line dumping.
2221 (sm_state_map::dump): Remove "sm" param in favor of "m_sm". Add
2222 "simple" param.
2223 (sm_state_map::hash): Port from svalue_id to const svalue *.
2224 (sm_state_map::operator==): Likewise.
2225 (sm_state_map::get_state): Likewise. Call canonicalize_svalue on
2226 input. Handle inheritance of sm-state. Call get_default_state.
2227 (sm_state_map::get_origin): Port from svalue_id to const svalue *.
2228 (sm_state_map::set_state): Likewise. Pass in ext_state. Reject
2229 attempts to set state on UNKNOWN.
2230 (sm_state_map::impl_set_state): Port from svalue_id to
2231 const svalue *. Pass in ext_state. Call canonicalize_svalue on
2232 input.
2233 (sm_state_map::purge_for_unknown_fncall): Delete.
2234 (sm_state_map::on_svalue_leak): New.
2235 (sm_state_map::remap_svalue_ids): Delete.
2236 (sm_state_map::on_liveness_change): New.
2237 (sm_state_map::on_unknown_change): Reimplement.
2238 (sm_state_map::on_svalue_purge): Delete.
2239 (sm_state_map::on_inherited_svalue): Delete.
2240 (sm_state_map::on_cast): Delete.
2241 (sm_state_map::validate): Delete.
2242 (sm_state_map::canonicalize_svalue): New.
2243 (program_state::program_state): Update to pass manager to
2244 region_model's ctor. Constify num_states and pass state machine
2245 and index to sm_state_map ctor.
2246 (program_state::print): Update for changes to dump API.
2247 (program_state::dump_to_pp): Ignore the summarize param. Add
2248 "multiline" param.
2249 (program_state::dump_to_file): Add "multiline" param.
2250 (program_state::dump): Pass "true" for new "multiline" param.
2251 (program_state::push_frame): New.
2252 (program_state::on_edge): Drop "change" param. Call
2253 program_state::detect_leaks.
2254 (program_state::prune_for_point): Add enode_for_diag param.
2255 Reimplement based on store class. Call detect_leaks
2256 (program_state::remap_svalue_ids): Delete.
2257 (program_state::get_representative_tree): Port from svalue_id to
2258 const svalue *.
2259 (program_state::can_merge_with_p): Add "point" param. Add early
2260 reject for sm-differences. Drop id remapping.
2261 (program_state::validate): Drop region model and sm_state_map
2262 validation.
2263 (state_change::sm_change::dump): Delete.
2264 (state_change::sm_change::remap_svalue_ids): Delete.
2265 (state_change::sm_change::on_svalue_purge): Delete.
2266 (log_set_of_svalues): New.
2267 (state_change::sm_change::validate): Delete.
2268 (state_change::state_change): Delete.
2269 (state_change::add_sm_change): Delete.
2270 (state_change::affects_p): Delete.
2271 (state_change::dump): Delete.
2272 (state_change::remap_svalue_ids): Delete.
2273 (state_change::on_svalue_purge): Delete.
2274 (state_change::validate): Delete.
2275 (selftest::assert_dump_eq): Delete.
2276 (ASSERT_DUMP_EQ): Delete.
2277 (selftest::test_sm_state_map): Update for changes to region_model
2278 and sm_state_map, porting from svalue_id to const svalue *.
2279 (selftest::test_program_state_dumping): Likewise. Drop test of
2280 dumping, renaming to...
2281 (selftest::test_program_state_1): ...this.
2282 (selftest::test_program_state_dumping_2): Likewise, renaming to...
2283 (selftest::test_program_state_2): ...this.
2284 (selftest::test_program_state_merging): Update for changes to
2285 region_model.
2286 (selftest::test_program_state_merging_2): Likewise.
2287 (selftest::analyzer_program_state_cc_tests): Update for renamed
2288 tests.
2289 * program-state.h (extrinsic_state::extrinsic_state): Add logger
2290 and engine params.
2291 (extrinsic_state::get_logger): New accessor.
2292 (extrinsic_state::get_engine): New accessor.
2293 (extrinsic_state::get_model_manager): New accessor.
2294 (extrinsic_state::m_logger): New field.
2295 (extrinsic_state::m_engine): New field.
2296 (struct default_hash_traits<svalue_id>): Delete.
2297 (pod_hash_traits<svalue_id>::hash): Delete.
2298 (pod_hash_traits<svalue_id>::equal): Delete.
2299 (pod_hash_traits<svalue_id>::mark_deleted): Delete.
2300 (pod_hash_traits<svalue_id>::mark_empty): Delete.
2301 (pod_hash_traits<svalue_id>::is_deleted): Delete.
2302 (pod_hash_traits<svalue_id>::is_empty): Delete.
2303 (sm_state_map::entry_t::entry_t): Port from svalue_id to
2304 const svalue *.
2305 (sm_state_map::entry_t::m_origin): Likewise.
2306 (sm_state_map::map_t): Likewise.
2307 (sm_state_map::sm_state_map): Add state_machine and index params.
2308 (sm_state_map::clone_with_remapping): Delete.
2309 (sm_state_map::print): Drop sm param; add simple and multiline
2310 params.
2311 (sm_state_map::dump): Drop sm param; add simple param.
2312 (sm_state_map::get_state): Port from svalue_id to const svalue *.
2313 Add ext_state param.
2314 (sm_state_map::get_origin): Likewise.
2315 (sm_state_map::set_state): Likewise.
2316 (sm_state_map::impl_set_state): Likewise.
2317 (sm_state_map::purge_for_unknown_fncall): Delete.
2318 (sm_state_map::remap_svalue_ids): Delete.
2319 (sm_state_map::on_svalue_purge): Delete.
2320 (sm_state_map::on_svalue_leak): New.
2321 (sm_state_map::on_liveness_change): New.
2322 (sm_state_map::on_inherited_svalue): Delete.
2323 (sm_state_map::on_cast): Delete.
2324 (sm_state_map::validate): Delete.
2325 (sm_state_map::on_unknown_change): Port from svalue_id to
2326 const svalue *. Add is_mutable and ext_state params.
2327 (sm_state_map::canonicalize_svalue): New.
2328 (sm_state_map::m_sm): New field.
2329 (sm_state_map::m_sm_idx): New field.
2330 (program_state::operator=): Delete.
2331 (program_state::dump_to_pp): Drop "summarize" param, adding
2332 "simple" and "multiline".
2333 (program_state::dump_to_file): Likewise.
2334 (program_state::dump): Rename "summarize" to "simple".
2335 (program_state::push_frame): New.
2336 (program_state::get_current_function): New.
2337 (program_state::on_edge): Drop "change" param.
2338 (program_state::prune_for_point): Likewise. Add enode_for_diag
2339 param.
2340 (program_state::remap_svalue_ids): Delete.
2341 (program_state::get_representative_tree): Port from svalue_id to
2342 const svalue *.
2343 (program_state::can_purge_p): Likewise. Pass ext_state to get_state.
2344 (program_state::can_merge_with_p): Add point param.
2345 (program_state::detect_leaks): New.
2346 (state_change_visitor::on_state_change): Port from tree and
2347 svalue_id to a pair of const svalue *.
2348 (class state_change): Delete.
2349 * region.cc: New file.
2350 * region-model-impl-calls.cc: New file.
2351 * region-model-manager.cc: New file.
2352 * region-model-reachability.cc: New file.
2353 * region-model-reachability.h: New file.
2354 * region-model.cc: Include "analyzer/call-string.h",
2355 "analyzer/program-point.h", and "analyzer/store.h" before
2356 "analyzer/region-model.h". Include
2357 "analyzer/region-model-reachability.h".
2358 (dump_tree): Make non-static.
2359 (dump_quoted_tree): Make non-static.
2360 (print_quoted_type): Make non-static.
2361 (path_var::dump): Delete.
2362 (dump_separator): Delete.
2363 (class impl_constraint_manager): Delete.
2364 (svalue_id::print): Delete.
2365 (svalue_id::dump_node_name_to_pp): Delete.
2366 (svalue_id::validate): Delete.
2367 (region_id::print): Delete.
2368 (region_id::dump_node_name_to_pp): Delete.
2369 (region_id::validate): Delete.
2370 (region_id_set::region_id_set): Delete.
2371 (svalue_id_set::svalue_id_set): Delete.
2372 (svalue::operator==): Delete.
2373 (svalue::hash): Delete.
2374 (svalue::print): Delete.
2375 (svalue::dump_dot_to_pp): Delete.
2376 (svalue::remap_region_ids): Delete.
2377 (svalue::walk_for_canonicalization): Delete.
2378 (svalue::get_child_sid): Delete.
2379 (svalue::maybe_get_constant): Delete.
2380 (region_svalue::compare_fields): Delete.
2381 (region_svalue::add_to_hash): Delete.
2382 (region_svalue::print_details): Delete.
2383 (region_svalue::dump_dot_to_pp): Delete.
2384 (region_svalue::remap_region_ids): Delete.
2385 (region_svalue::merge_values): Delete.
2386 (region_svalue::walk_for_canonicalization): Delete.
2387 (region_svalue::eval_condition): Delete.
2388 (constant_svalue::compare_fields): Delete.
2389 (constant_svalue::add_to_hash): Delete.
2390 (constant_svalue::merge_values): Delete.
2391 (constant_svalue::eval_condition): Move to svalue.cc.
2392 (constant_svalue::print_details): Delete.
2393 (constant_svalue::get_child_sid): Delete.
2394 (unknown_svalue::compare_fields): Delete.
2395 (unknown_svalue::add_to_hash): Delete.
2396 (unknown_svalue::print_details): Delete.
2397 (poison_kind_to_str): Move to svalue.cc.
2398 (poisoned_svalue::compare_fields): Delete.
2399 (poisoned_svalue::add_to_hash): Delete.
2400 (poisoned_svalue::print_details): Delete.
2401 (region_kind_to_str): Move to region.cc and reimplement.
2402 (region::operator==): Delete.
2403 (region::get_parent_region): Delete.
2404 (region::set_value): Delete.
2405 (region::become_active_view): Delete.
2406 (region::deactivate_any_active_view): Delete.
2407 (region::deactivate_view): Delete.
2408 (region::get_value): Delete.
2409 (region::get_inherited_child_sid): Delete.
2410 (region_model::copy_region): Delete.
2411 (region_model::copy_struct_region): Delete.
2412 (region_model::copy_union_region): Delete.
2413 (region_model::copy_array_region): Delete.
2414 (region::hash): Delete.
2415 (region::print): Delete.
2416 (region::dump_dot_to_pp): Delete.
2417 (region::dump_to_pp): Delete.
2418 (region::dump_child_label): Delete.
2419 (region::validate): Delete.
2420 (region::remap_svalue_ids): Delete.
2421 (region::remap_region_ids): Delete.
2422 (region::add_view): Delete.
2423 (region::get_view): Delete.
2424 (region::region): Move to region.cc.
2425 (region::add_to_hash): Delete.
2426 (region::print_fields): Delete.
2427 (region::non_null_p): Delete.
2428 (primitive_region::clone): Delete.
2429 (primitive_region::walk_for_canonicalization): Delete.
2430 (map_region::map_region): Delete.
2431 (map_region::compare_fields): Delete.
2432 (map_region::print_fields): Delete.
2433 (map_region::validate): Delete.
2434 (map_region::dump_dot_to_pp): Delete.
2435 (map_region::dump_child_label): Delete.
2436 (map_region::get_or_create): Delete.
2437 (map_region::get): Delete.
2438 (map_region::add_to_hash): Delete.
2439 (map_region::remap_region_ids): Delete.
2440 (map_region::unbind): Delete.
2441 (map_region::get_tree_for_child_region): Delete.
2442 (map_region::get_tree_for_child_region): Delete.
2443 (tree_cmp): Move to region.cc.
2444 (map_region::can_merge_p): Delete.
2445 (map_region::walk_for_canonicalization): Delete.
2446 (map_region::get_value_by_name): Delete.
2447 (struct_or_union_region::valid_key_p): Delete.
2448 (struct_or_union_region::compare_fields): Delete.
2449 (struct_region::clone): Delete.
2450 (struct_region::compare_fields): Delete.
2451 (union_region::clone): Delete.
2452 (union_region::compare_fields): Delete.
2453 (frame_region::compare_fields): Delete.
2454 (frame_region::clone): Delete.
2455 (frame_region::valid_key_p): Delete.
2456 (frame_region::print_fields): Delete.
2457 (frame_region::add_to_hash): Delete.
2458 (globals_region::compare_fields): Delete.
2459 (globals_region::clone): Delete.
2460 (globals_region::valid_key_p): Delete.
2461 (code_region::compare_fields): Delete.
2462 (code_region::clone): Delete.
2463 (code_region::valid_key_p): Delete.
2464 (array_region::array_region): Delete.
2465 (array_region::get_element): Delete.
2466 (array_region::clone): Delete.
2467 (array_region::compare_fields): Delete.
2468 (array_region::print_fields): Delete.
2469 (array_region::validate): Delete.
2470 (array_region::dump_dot_to_pp): Delete.
2471 (array_region::dump_child_label): Delete.
2472 (array_region::get_or_create): Delete.
2473 (array_region::get): Delete.
2474 (array_region::add_to_hash): Delete.
2475 (array_region::remap_region_ids): Delete.
2476 (array_region::get_key_for_child_region): Delete.
2477 (array_region::key_cmp): Delete.
2478 (array_region::walk_for_canonicalization): Delete.
2479 (array_region::key_from_constant): Delete.
2480 (array_region::constant_from_key): Delete.
2481 (function_region::compare_fields): Delete.
2482 (function_region::clone): Delete.
2483 (function_region::valid_key_p): Delete.
2484 (stack_region::stack_region): Delete.
2485 (stack_region::compare_fields): Delete.
2486 (stack_region::clone): Delete.
2487 (stack_region::print_fields): Delete.
2488 (stack_region::dump_child_label): Delete.
2489 (stack_region::validate): Delete.
2490 (stack_region::push_frame): Delete.
2491 (stack_region::get_current_frame_id): Delete.
2492 (stack_region::pop_frame): Delete.
2493 (stack_region::add_to_hash): Delete.
2494 (stack_region::remap_region_ids): Delete.
2495 (stack_region::can_merge_p): Delete.
2496 (stack_region::walk_for_canonicalization): Delete.
2497 (stack_region::get_value_by_name): Delete.
2498 (heap_region::heap_region): Delete.
2499 (heap_region::compare_fields): Delete.
2500 (heap_region::clone): Delete.
2501 (heap_region::walk_for_canonicalization): Delete.
2502 (root_region::root_region): Delete.
2503 (root_region::compare_fields): Delete.
2504 (root_region::clone): Delete.
2505 (root_region::print_fields): Delete.
2506 (root_region::validate): Delete.
2507 (root_region::dump_child_label): Delete.
2508 (root_region::push_frame): Delete.
2509 (root_region::get_current_frame_id): Delete.
2510 (root_region::pop_frame): Delete.
2511 (root_region::ensure_stack_region): Delete.
2512 (root_region::get_stack_region): Delete.
2513 (root_region::ensure_globals_region): Delete.
2514 (root_region::get_code_region): Delete.
2515 (root_region::ensure_code_region): Delete.
2516 (root_region::get_globals_region): Delete.
2517 (root_region::ensure_heap_region): Delete.
2518 (root_region::get_heap_region): Delete.
2519 (root_region::remap_region_ids): Delete.
2520 (root_region::can_merge_p): Delete.
2521 (root_region::add_to_hash): Delete.
2522 (root_region::walk_for_canonicalization): Delete.
2523 (root_region::get_value_by_name): Delete.
2524 (symbolic_region::symbolic_region): Delete.
2525 (symbolic_region::compare_fields): Delete.
2526 (symbolic_region::clone): Delete.
2527 (symbolic_region::walk_for_canonicalization): Delete.
2528 (symbolic_region::print_fields): Delete.
2529 (region_model::region_model): Add region_model_manager * param.
2530 Reimplement in terms of store, dropping impl_constraint_manager
2531 subclass.
2532 (region_model::operator=): Reimplement in terms of store
2533 (region_model::operator==): Likewise.
2534 (region_model::hash): Likewise.
2535 (region_model::print): Delete.
2536 (region_model::print_svalue): Delete.
2537 (region_model::dump_dot_to_pp): Delete.
2538 (region_model::dump_dot_to_file): Delete.
2539 (region_model::dump_dot): Delete.
2540 (region_model::dump_to_pp): Replace "summarize" param with
2541 "simple" and "multiline". Port to store-based implementation.
2542 (region_model::dump): Replace "summarize" param with "simple" and
2543 "multiline".
2544 (dump_vec_of_tree): Delete.
2545 (region_model::dump_summary_of_rep_path_vars): Delete.
2546 (region_model::validate): Delete.
2547 (svalue_id_cmp_by_constant_svalue_model): Delete.
2548 (svalue_id_cmp_by_constant_svalue): Delete.
2549 (region_model::canonicalize): Drop "ctxt" param. Reimplement in
2550 terms of store and constraints.
2551 (region_model::canonicalized_p): Remove NULL arg to canonicalize.
2552 (region_model::loop_replay_fixup): New.
2553 (poisoned_value_diagnostic::emit): Tweak wording of warnings.
2554 (region_model::check_for_poison): Delete.
2555 (region_model::get_gassign_result): New.
2556 (region_model::on_assignment): Port to store-based implementation.
2557 (region_model::on_call_pre): Delete calls to check_for_poison.
2558 Move implementations to region-model-impl-calls.c and port to
2559 store-based implementation.
2560 (region_model::on_call_post): Likewise.
2561 (class reachable_regions): Move to region-model-reachability.h/cc
2562 and port to store-based implementation.
2563 (region_model::handle_unrecognized_call): Port to store-based
2564 implementation.
2565 (region_model::get_reachable_svalues): New.
2566 (region_model::on_setjmp): Port to store-based implementation.
2567 (region_model::on_longjmp): Likewise.
2568 (region_model::handle_phi): Drop is_back_edge param and the logic
2569 using it.
2570 (region_model::get_lvalue_1): Port from region_id to const region *.
2571 (region_model::make_region_for_unexpected_tree_code): Delete.
2572 (assert_compat_types): If the check fails, use internal_error to
2573 show the types.
2574 (region_model::get_lvalue): Port from region_id to const region *.
2575 (region_model::get_rvalue_1): Port from svalue_id to const svalue *.
2576 (region_model::get_rvalue): Likewise.
2577 (region_model::get_or_create_ptr_svalue): Delete.
2578 (region_model::get_or_create_constant_svalue): Delete.
2579 (region_model::get_svalue_for_fndecl): Delete.
2580 (region_model::get_region_for_fndecl): Delete.
2581 (region_model::get_svalue_for_label): Delete.
2582 (region_model::get_region_for_label): Delete.
2583 (build_cast): Delete.
2584 (region_model::maybe_cast_1): Delete.
2585 (region_model::maybe_cast): Delete.
2586 (region_model::get_field_region): Delete.
2587 (region_model::get_store_value): New.
2588 (region_model::region_exists_p): New.
2589 (region_model::deref_rvalue): Port from svalue_id to const svalue *.
2590 (region_model::set_value): Likewise.
2591 (region_model::clobber_region): New.
2592 (region_model::purge_region): New.
2593 (region_model::zero_fill_region): New.
2594 (region_model::mark_region_as_unknown): New.
2595 (region_model::eval_condition): Port from svalue_id to
2596 const svalue *.
2597 (region_model::eval_condition_without_cm): Likewise.
2598 (region_model::compare_initial_and_pointer): New.
2599 (region_model::add_constraint): Port from svalue_id to
2600 const svalue *.
2601 (region_model::maybe_get_constant): Delete.
2602 (region_model::get_representative_path_var): New.
2603 (region_model::add_new_malloc_region): Delete.
2604 (region_model::get_representative_tree): Port to const svalue *.
2605 (region_model::get_representative_path_var): Port to
2606 const region *.
2607 (region_model::get_path_vars_for_svalue): Delete.
2608 (region_model::set_to_new_unknown_value): Delete.
2609 (region_model::update_for_phis): Don't pass is_back_edge to handle_phi.
2610 (region_model::update_for_call_superedge): Port from svalue_id to
2611 const svalue *.
2612 (region_model::update_for_return_superedge): Port to store-based
2613 implementation.
2614 (region_model::update_for_call_summary): Replace
2615 set_to_new_unknown_value with mark_region_as_unknown.
2616 (region_model::get_root_region): Delete.
2617 (region_model::get_stack_region_id): Delete.
2618 (region_model::push_frame): Delete.
2619 (region_model::get_current_frame_id): Delete.
2620 (region_model::get_current_function): Delete.
2621 (region_model::pop_frame): Delete.
2622 (region_model::on_top_level_param): New.
2623 (region_model::get_stack_depth): Delete.
2624 (region_model::get_function_at_depth): Delete.
2625 (region_model::get_globals_region_id): Delete.
2626 (region_model::add_svalue): Delete.
2627 (region_model::replace_svalue): Delete.
2628 (region_model::add_region): Delete.
2629 (region_model::get_svalue): Delete.
2630 (region_model::get_region): Delete.
2631 (make_region_for_type): Delete.
2632 (region_model::add_region_for_type): Delete.
2633 (region_model::on_top_level_param): New.
2634 (class restrict_to_used_svalues): Delete.
2635 (region_model::purge_unused_svalues): Delete.
2636 (region_model::push_frame): New.
2637 (region_model::remap_svalue_ids): Delete.
2638 (region_model::remap_region_ids): Delete.
2639 (region_model::purge_regions): Delete.
2640 (region_model::get_descendents): Delete.
2641 (region_model::delete_region_and_descendents): Delete.
2642 (region_model::poison_any_pointers_to_bad_regions): Delete.
2643 (region_model::can_merge_with_p): Delete.
2644 (region_model::get_current_function): New.
2645 (region_model::get_value_by_name): Delete.
2646 (region_model::convert_byte_offset_to_array_index): Delete.
2647 (region_model::pop_frame): New.
2648 (region_model::get_or_create_mem_ref): Delete.
2649 (region_model::get_stack_depth): New.
2650 (region_model::get_frame_at_index): New.
2651 (region_model::unbind_region_and_descendents): New.
2652 (struct bad_pointer_finder): New.
2653 (region_model::get_or_create_pointer_plus_expr): Delete.
2654 (region_model::poison_any_pointers_to_descendents): New.
2655 (region_model::get_or_create_view): Delete.
2656 (region_model::can_merge_with_p): New.
2657 (region_model::get_fndecl_for_call): Port from svalue_id to
2658 const svalue *.
2659 (struct append_ssa_names_cb_data): New.
2660 (get_ssa_name_regions_for_current_frame): New.
2661 (region_model::append_ssa_names_cb): New.
2662 (model_merger::dump_to_pp): Add "simple" param. Drop dumping of
2663 remappings.
2664 (model_merger::dump): Add "simple" param to both overloads.
2665 (model_merger::can_merge_values_p): Delete.
2666 (model_merger::record_regions): Delete.
2667 (model_merger::record_svalues): Delete.
2668 (svalue_id_merger_mapping::svalue_id_merger_mapping): Delete.
2669 (svalue_id_merger_mapping::dump_to_pp): Delete.
2670 (svalue_id_merger_mapping::dump): Delete.
2671 (region_model::create_region_for_heap_alloc): New.
2672 (region_model::create_region_for_alloca): New.
2673 (region_model::record_dynamic_extents): New.
2674 (canonicalization::canonicalization): Delete.
2675 (canonicalization::walk_rid): Delete.
2676 (canonicalization::walk_sid): Delete.
2677 (canonicalization::dump_to_pp): Delete.
2678 (canonicalization::dump): Delete.
2679 (inchash::add): Delete overloads for svalue_id and region_id.
2680 (engine::log_stats): New.
2681 (assert_condition): Add overload comparing svalues.
2682 (assert_dump_eq): Pass "true" for multiline.
2683 (selftest::test_dump): Update for rewrite of region_model.
2684 (selftest::test_dump_2): Rename to...
2685 (selftest::test_struct): ...this. Provide a region_model_manager
2686 when creating region_model instance. Remove dump test. Add
2687 checks for get_offset.
2688 (selftest::test_dump_3): Rename to...
2689 (selftest::test_array_1): ...this. Provide a region_model_manager
2690 when creating region_model instance. Remove dump test.
2691 (selftest::test_get_representative_tree): Port from svalue_id to
2692 new API. Add test coverage for various expressions.
2693 (selftest::test_unique_constants): Provide a region_model_manager
2694 for the region_model. Add test coverage for comparing const vs
2695 non-const.
2696 (selftest::test_svalue_equality): Delete.
2697 (selftest::test_region_equality): Delete.
2698 (selftest::test_unique_unknowns): New.
2699 (class purge_all_svalue_ids): Delete.
2700 (class purge_one_svalue_id): Delete.
2701 (selftest::test_purging_by_criteria): Delete.
2702 (selftest::test_initial_svalue_folding): New.
2703 (selftest::test_unaryop_svalue_folding): New.
2704 (selftest::test_binop_svalue_folding): New.
2705 (selftest::test_sub_svalue_folding): New.
2706 (selftest::test_purge_unused_svalues): Delete.
2707 (selftest::test_descendent_of_p): New.
2708 (selftest::test_assignment): Provide a region_model_manager for
2709 the region_model. Drop the dump test.
2710 (selftest::test_compound_assignment): Likewise.
2711 (selftest::test_stack_frames): Port to new implementation.
2712 (selftest::test_get_representative_path_var): Likewise.
2713 (selftest::test_canonicalization_1): Rename to...
2714 (selftest::test_equality_1): ...this. Port to new API, and add
2715 (selftest::test_canonicalization_2): Provide a
2716 region_model_manager when creating region_model instances.
2717 Remove redundant canicalization.
2718 (selftest::test_canonicalization_3): Provide a
2719 region_model_manager when creating region_model instances.
2720 Remove param from calls to region_model::canonicalize.
2721 (selftest::test_canonicalization_4): Likewise.
2722 (selftest::assert_region_models_merge): Constify
2723 out_merged_svalue. Port to new API.
2724 (selftest::test_state_merging): Provide a
2725 region_model_manager when creating region_model instances.
2726 Provide a program_point point when merging them. Replace
2727 set_to_new_unknown_value with usage of placeholder_svalues.
2728 Drop get_value_by_name. Port from svalue_id to const svalue *.
2729 Add test of heap allocation.
2730 (selftest::test_constraint_merging): Provide a
2731 region_model_manager when creating region_model instances.
2732 Provide a program_point point when merging them. Eliminate use
2733 of set_to_new_unknown_value.
2734 (selftest::test_widening_constraints): New.
2735 (selftest::test_iteration_1): New.
2736 (selftest::test_malloc_constraints): Port to store-based
2737 implementation.
2738 (selftest::test_var): New test.
2739 (selftest::test_array_2): New test.
2740 (selftest::test_mem_ref): New test.
2741 (selftest::test_POINTER_PLUS_EXPR_then_MEM_REF): New.
2742 (selftest::test_malloc): New.
2743 (selftest::test_alloca): New.
2744 (selftest::analyzer_region_model_cc_tests): Update for renamings.
2745 Call new functions.
2746 * region-model.h (class path_var): Move to analyzer.h.
2747 (class svalue_id): Delete.
2748 (class region_id): Delete.
2749 (class id_map): Delete.
2750 (svalue_id_map): Delete.
2751 (region_id_map): Delete.
2752 (id_map<T>::id_map): Delete.
2753 (id_map<T>::put): Delete.
2754 (id_map<T>::get_dst_for_src): Delete.
2755 (id_map<T>::get_src_for_dst): Delete.
2756 (id_map<T>::dump_to_pp): Delete.
2757 (id_map<T>::dump): Delete.
2758 (id_map<T>::update): Delete.
2759 (one_way_svalue_id_map): Delete.
2760 (one_way_region_id_map): Delete.
2761 (class region_id_set): Delete.
2762 (class svalue_id_set): Delete.
2763 (struct complexity): New.
2764 (class visitor): New.
2765 (enum svalue_kind): Add SK_SETJMP, SK_INITIAL, SK_UNARYOP,
2766 SK_BINOP, SK_SUB,SK_UNMERGEABLE, SK_PLACEHOLDER, SK_WIDENING,
2767 SK_COMPOUND, and SK_CONJURED.
2768 (svalue::operator==): Delete.
2769 (svalue::operator!=): Delete.
2770 (svalue::clone): Delete.
2771 (svalue::hash): Delete.
2772 (svalue::dump_dot_to_pp): Delete.
2773 (svalue::dump_to_pp): New.
2774 (svalue::dump): New.
2775 (svalue::get_desc): New.
2776 (svalue::dyn_cast_initial_svalue): New.
2777 (svalue::dyn_cast_unaryop_svalue): New.
2778 (svalue::dyn_cast_binop_svalue): New.
2779 (svalue::dyn_cast_sub_svalue): New.
2780 (svalue::dyn_cast_unmergeable_svalue): New.
2781 (svalue::dyn_cast_widening_svalue): New.
2782 (svalue::dyn_cast_compound_svalue): New.
2783 (svalue::dyn_cast_conjured_svalue): New.
2784 (svalue::maybe_undo_cast): New.
2785 (svalue::unwrap_any_unmergeable): New.
2786 (svalue::remap_region_ids): Delete
2787 (svalue::can_merge_p): New.
2788 (svalue::walk_for_canonicalization): Delete
2789 (svalue::get_complexity): New.
2790 (svalue::get_child_sid): Delete
2791 (svalue::accept): New.
2792 (svalue::live_p): New.
2793 (svalue::implicitly_live_p): New.
2794 (svalue::svalue): Add complexity param.
2795 (svalue::add_to_hash): Delete
2796 (svalue::print_details): Delete
2797 (svalue::m_complexity): New field.
2798 (region_svalue::key_t): New struct.
2799 (region_svalue::region_svalue): Port from region_id to
2800 const region_id *. Add complexity.
2801 (region_svalue::compare_fields): Delete.
2802 (region_svalue::clone): Delete.
2803 (region_svalue::dump_dot_to_pp): Delete.
2804 (region_svalue::get_pointee): Port from region_id to
2805 const region_id *.
2806 (region_svalue::remap_region_ids): Delete.
2807 (region_svalue::merge_values): Delete.
2808 (region_svalue::dump_to_pp): New.
2809 (region_svalue::accept): New.
2810 (region_svalue::walk_for_canonicalization): Delete.
2811 (region_svalue::eval_condition): Make params const.
2812 (region_svalue::add_to_hash): Delete.
2813 (region_svalue::print_details): Delete.
2814 (region_svalue::m_rid): Replace with...
2815 (region_svalue::m_reg): ...this.
2816 (is_a_helper <region_svalue *>::test): Convert to...
2817 (is_a_helper <const region_svalue *>::test): ...this.
2818 (template <> struct default_hash_traits<region_svalue::key_t>):
2819 New.
2820 (constant_svalue::constant_svalue): Add complexity.
2821 (constant_svalue::compare_fields): Delete.
2822 (constant_svalue::clone): Delete.
2823 (constant_svalue::add_to_hash): Delete.
2824 (constant_svalue::dump_to_pp): New.
2825 (constant_svalue::accept): New.
2826 (constant_svalue::implicitly_live_p): New.
2827 (constant_svalue::merge_values): Delete.
2828 (constant_svalue::eval_condition): Make params const.
2829 (constant_svalue::get_child_sid): Delete.
2830 (constant_svalue::print_details): Delete.
2831 (is_a_helper <constant_svalue *>::test): Convert to...
2832 (is_a_helper <const constant_svalue *>::test): ...this.
2833 (class unknown_svalue): Update leading comment.
2834 (unknown_svalue::unknown_svalue): Add complexity.
2835 (unknown_svalue::compare_fields): Delete.
2836 (unknown_svalue::add_to_hash): Delete.
2837 (unknown_svalue::dyn_cast_unknown_svalue): Delete.
2838 (unknown_svalue::print_details): Delete.
2839 (unknown_svalue::dump_to_pp): New.
2840 (unknown_svalue::accept): New.
2841 (poisoned_svalue::key_t): New struct.
2842 (poisoned_svalue::poisoned_svalue): Add complexity.
2843 (poisoned_svalue::compare_fields): Delete.
2844 (poisoned_svalue::clone): Delete.
2845 (poisoned_svalue::add_to_hash): Delete.
2846 (poisoned_svalue::dump_to_pp): New.
2847 (poisoned_svalue::accept): New.
2848 (poisoned_svalue::print_details): Delete.
2849 (is_a_helper <poisoned_svalue *>::test): Convert to...
2850 (is_a_helper <const poisoned_svalue *>::test): ...this.
2851 (template <> struct default_hash_traits<poisoned_svalue::key_t>):
2852 New.
2853 (setjmp_record::add_to_hash): New.
2854 (setjmp_svalue::key_t): New struct.
2855 (setjmp_svalue::compare_fields): Delete.
2856 (setjmp_svalue::clone): Delete.
2857 (setjmp_svalue::add_to_hash): Delete.
2858 (setjmp_svalue::setjmp_svalue): Add complexity.
2859 (setjmp_svalue::dump_to_pp): New.
2860 (setjmp_svalue::accept): New.
2861 (setjmp_svalue::void print_details): Delete.
2862 (is_a_helper <const setjmp_svalue *>::test): New.
2863 (template <> struct default_hash_traits<setjmp_svalue::key_t>): New.
2864 (class initial_svalue : public svalue): New.
2865 (is_a_helper <const initial_svalue *>::test): New.
2866 (class unaryop_svalue): New.
2867 (is_a_helper <const unaryop_svalue *>::test): New.
2868 (template <> struct default_hash_traits<unaryop_svalue::key_t>): New.
2869 (class binop_svalue): New.
2870 (is_a_helper <const binop_svalue *>::test): New.
2871 (template <> struct default_hash_traits<binop_svalue::key_t>): New.
2872 (class sub_svalue): New.
2873 (is_a_helper <const sub_svalue *>::test): New.
2874 (template <> struct default_hash_traits<sub_svalue::key_t>): New.
2875 (class unmergeable_svalue): New.
2876 (is_a_helper <const unmergeable_svalue *>::test): New.
2877 (class placeholder_svalue): New.
2878 (is_a_helper <placeholder_svalue *>::test): New.
2879 (class widening_svalue): New.
2880 (is_a_helper <widening_svalue *>::test): New.
2881 (template <> struct default_hash_traits<widening_svalue::key_t>): New.
2882 (class compound_svalue): New.
2883 (is_a_helper <compound_svalue *>::test): New.
2884 (template <> struct default_hash_traits<compound_svalue::key_t>): New.
2885 (class conjured_svalue): New.
2886 (is_a_helper <conjured_svalue *>::test): New.
2887 (template <> struct default_hash_traits<conjured_svalue::key_t>): New.
2888 (enum region_kind): Delete RK_PRIMITIVE, RK_STRUCT, RK_UNION, and
2889 RK_ARRAY. Add RK_LABEL, RK_DECL, RK_FIELD, RK_ELEMENT, RK_OFFSET,
2890 RK_CAST, RK_HEAP_ALLOCATED, RK_ALLOCA, RK_STRING, and RK_UNKNOWN.
2891 (region_kind_to_str): Delete.
2892 (region::~region): Move implementation to region.cc.
2893 (region::operator==): Delete.
2894 (region::operator!=): Delete.
2895 (region::clone): Delete.
2896 (region::get_id): New.
2897 (region::cmp_ids): New.
2898 (region::dyn_cast_map_region): Delete.
2899 (region::dyn_cast_array_region): Delete.
2900 (region::region_id get_parent): Delete.
2901 (region::get_parent_region): Convert to a simple accessor.
2902 (region::void set_value): Delete.
2903 (region::svalue_id get_value): Delete.
2904 (region::svalue_id get_value_direct): Delete.
2905 (region::svalue_id get_inherited_child_sid): Delete.
2906 (region::dyn_cast_frame_region): New.
2907 (region::dyn_cast_function_region): New.
2908 (region::dyn_cast_decl_region): New.
2909 (region::dyn_cast_field_region): New.
2910 (region::dyn_cast_element_region): New.
2911 (region::dyn_cast_offset_region): New.
2912 (region::dyn_cast_cast_region): New.
2913 (region::dyn_cast_string_region): New.
2914 (region::accept): New.
2915 (region::get_base_region): New.
2916 (region::base_region_p): New.
2917 (region::descendent_of_p): New.
2918 (region::maybe_get_frame_region): New.
2919 (region::maybe_get_decl): New.
2920 (region::hash): Delete.
2921 (region::rint): Delete.
2922 (region::dump_dot_to_pp): Delete.
2923 (region::get_desc): New.
2924 (region::dump_to_pp): Convert to vfunc, changing signature.
2925 (region::dump_child_label): Delete.
2926 (region::remap_svalue_ids): Delete.
2927 (region::remap_region_ids): Delete.
2928 (region::dump): New.
2929 (region::walk_for_canonicalization): Delete.
2930 (region::non_null_p): Drop region_model param.
2931 (region::add_view): Delete.
2932 (region::get_view): Delete.
2933 (region::get_active_view): Delete.
2934 (region::is_view_p): Delete.
2935 (region::cmp_ptrs): New.
2936 (region::validate): Delete.
2937 (region::get_offset): New.
2938 (region::get_byte_size): New.
2939 (region::get_bit_size): New.
2940 (region::get_subregions_for_binding): New.
2941 (region::region): Add complexity param. Convert parent from
2942 region_id to const region *. Drop svalue_id. Drop copy ctor.
2943 (region::symbolic_for_unknown_ptr_p): New.
2944 (region::add_to_hash): Delete.
2945 (region::print_fields): Delete.
2946 (region::get_complexity): New accessor.
2947 (region::become_active_view): Delete.
2948 (region::deactivate_any_active_view): Delete.
2949 (region::deactivate_view): Delete.
2950 (region::calc_offset): New.
2951 (region::m_parent_rid): Delete.
2952 (region::m_sval_id): Delete.
2953 (region::m_complexity): New.
2954 (region::m_id): New.
2955 (region::m_parent): New.
2956 (region::m_view_rids): Delete.
2957 (region::m_is_view): Delete.
2958 (region::m_active_view_rid): Delete.
2959 (region::m_cached_offset): New.
2960 (is_a_helper <region *>::test): Convert to...
2961 (is_a_helper <const region *>::test): ... this.
2962 (class primitive_region): Delete.
2963 (class space_region): New.
2964 (class map_region): Delete.
2965 (is_a_helper <map_region *>::test): Delete.
2966 (class frame_region): Reimplement.
2967 (template <> struct default_hash_traits<frame_region::key_t>):
2968 New.
2969 (class globals_region): Reimplement.
2970 (is_a_helper <globals_region *>::test): Convert to...
2971 (is_a_helper <const globals_region *>::test): ...this.
2972 (class struct_or_union_region): Delete.
2973 (is_a_helper <struct_or_union_region *>::test): Delete.
2974 (class code_region): Reimplement.
2975 (is_a_helper <const code_region *>::test): New.
2976 (class struct_region): Delete.
2977 (is_a_helper <struct_region *>::test): Delete.
2978 (class function_region): Reimplement.
2979 (is_a_helper <function_region *>::test): Convert to...
2980 (is_a_helper <const function_region *>::test): ...this.
2981 (class union_region): Delete.
2982 (is_a_helper <union_region *>::test): Delete.
2983 (class label_region): New.
2984 (is_a_helper <const label_region *>::test): New.
2985 (class scope_region): Delete.
2986 (class stack_region): Reimplement.
2987 (is_a_helper <stack_region *>::test): Convert to...
2988 (is_a_helper <const stack_region *>::test): ...this.
2989 (class heap_region): Reimplement.
2990 (is_a_helper <heap_region *>::test): Convert to...
2991 (is_a_helper <const heap_region *>::test): ...this.
2992 (class root_region): Reimplement.
2993 (is_a_helper <root_region *>::test): Convert to...
2994 (is_a_helper <const root_region *>::test): ...this.
2995 (class symbolic_region): Reimplement.
2996 (is_a_helper <const symbolic_region *>::test): New.
2997 (template <> struct default_hash_traits<symbolic_region::key_t>):
2998 New.
2999 (class decl_region): New.
3000 (is_a_helper <const decl_region *>::test): New.
3001 (class field_region): New.
3002 (template <> struct default_hash_traits<field_region::key_t>): New.
3003 (class array_region): Delete.
3004 (class element_region): New.
3005 (is_a_helper <array_region *>::test): Delete.
3006 (is_a_helper <const element_region *>::test): New.
3007 (template <> struct default_hash_traits<element_region::key_t>):
3008 New.
3009 (class offset_region): New.
3010 (is_a_helper <const offset_region *>::test): New.
3011 (template <> struct default_hash_traits<offset_region::key_t>):
3012 New.
3013 (class cast_region): New.
3014 (is_a_helper <const cast_region *>::test): New.
3015 (template <> struct default_hash_traits<cast_region::key_t>): New.
3016 (class heap_allocated_region): New.
3017 (class alloca_region): New.
3018 (class string_region): New.
3019 (is_a_helper <const string_region *>::test): New.
3020 (class unknown_region): New.
3021 (class region_model_manager): New.
3022 (struct append_ssa_names_cb_data): New.
3023 (class call_details): New.
3024 (region_model::region_model): Add region_model_manager param.
3025 (region_model::print_svalue): Delete.
3026 (region_model::dump_dot_to_pp): Delete.
3027 (region_model::dump_dot_to_file): Delete.
3028 (region_model::dump_dot): Delete.
3029 (region_model::dump_to_pp): Drop summarize param in favor of
3030 simple and multiline.
3031 (region_model::dump): Likewise.
3032 (region_model::summarize_to_pp): Delete.
3033 (region_model::summarize): Delete.
3034 (region_model::void canonicalize): Drop ctxt param.
3035 (region_model::void check_for_poison): Delete.
3036 (region_model::get_gassign_result): New.
3037 (region_model::impl_call_alloca): New.
3038 (region_model::impl_call_analyzer_describe): New.
3039 (region_model::impl_call_analyzer_eval): New.
3040 (region_model::impl_call_builtin_expect): New.
3041 (region_model::impl_call_calloc): New.
3042 (region_model::impl_call_free): New.
3043 (region_model::impl_call_malloc): New.
3044 (region_model::impl_call_memset): New.
3045 (region_model::impl_call_strlen): New.
3046 (region_model::get_reachable_svalues): New.
3047 (region_model::handle_phi): Drop is_back_edge param.
3048 (region_model::region_id get_root_rid): Delete.
3049 (region_model::root_region *get_root_region): Delete.
3050 (region_model::region_id get_stack_region_id): Delete.
3051 (region_model::push_frame): Convert from region_id and svalue_id
3052 to const region * and const svalue *.
3053 (region_model::get_current_frame_id): Replace with...
3054 (region_model::get_current_frame): ...this.
3055 (region_model::pop_frame): Convert from region_id to
3056 const region *. Drop purge and stats param. Add out_result.
3057 (region_model::function *get_function_at_depth): Delete.
3058 (region_model::get_globals_region_id): Delete.
3059 (region_model::add_svalue): Delete.
3060 (region_model::replace_svalue): Delete.
3061 (region_model::add_region): Delete.
3062 (region_model::add_region_for_type): Delete.
3063 (region_model::get_svalue): Delete.
3064 (region_model::get_region): Delete.
3065 (region_model::get_lvalue): Convert from region_id to
3066 const region *.
3067 (region_model::get_rvalue): Convert from svalue_id to
3068 const svalue *.
3069 (region_model::get_or_create_ptr_svalue): Delete.
3070 (region_model::get_or_create_constant_svalue): Delete.
3071 (region_model::get_svalue_for_fndecl): Delete.
3072 (region_model::get_svalue_for_label): Delete.
3073 (region_model::get_region_for_fndecl): Delete.
3074 (region_model::get_region_for_label): Delete.
3075 (region_model::get_frame_at_index (int index) const;): New.
3076 (region_model::maybe_cast): Delete.
3077 (region_model::maybe_cast_1): Delete.
3078 (region_model::get_field_region): Delete.
3079 (region_model::id deref_rvalue): Convert from region_id and
3080 svalue_id to const region * and const svalue *. Drop overload,
3081 passing in both a tree and an svalue.
3082 (region_model::set_value): Convert from region_id and svalue_id to
3083 const region * and const svalue *.
3084 (region_model::set_to_new_unknown_value): Delete.
3085 (region_model::clobber_region (const region *reg);): New.
3086 (region_model::purge_region (const region *reg);): New.
3087 (region_model::zero_fill_region (const region *reg);): New.
3088 (region_model::mark_region_as_unknown (const region *reg);): New.
3089 (region_model::copy_region): Convert from region_id to
3090 const region *.
3091 (region_model::eval_condition): Convert from svalue_id to
3092 const svalue *.
3093 (region_model::eval_condition_without_cm): Likewise.
3094 (region_model::compare_initial_and_pointer): New.
3095 (region_model:maybe_get_constant): Delete.
3096 (region_model::add_new_malloc_region): Delete.
3097 (region_model::get_representative_tree): Convert from svalue_id to
3098 const svalue *.
3099 (region_model::get_representative_path_var): Delete decl taking a
3100 region_id in favor of two decls, for svalue vs region, with an
3101 svalue_set to ensure termination.
3102 (region_model::get_path_vars_for_svalue): Delete.
3103 (region_model::create_region_for_heap_alloc): New.
3104 (region_model::create_region_for_alloca): New.
3105 (region_model::purge_unused_svalues): Delete.
3106 (region_model::remap_svalue_ids): Delete.
3107 (region_model::remap_region_ids): Delete.
3108 (region_model::purge_regions): Delete.
3109 (region_model::get_num_svalues): Delete.
3110 (region_model::get_num_regions): Delete.
3111 (region_model::get_descendents): Delete.
3112 (region_model::get_store): New.
3113 (region_model::delete_region_and_descendents): Delete.
3114 (region_model::get_manager): New.
3115 (region_model::unbind_region_and_descendents): New.
3116 (region_model::can_merge_with_p): Add point param. Drop
3117 svalue_id_merger_mapping.
3118 (region_model::get_value_by_name): Delete.
3119 (region_model::convert_byte_offset_to_array_index): Delete.
3120 (region_model::get_or_create_mem_ref): Delete.
3121 (region_model::get_or_create_pointer_plus_expr): Delete.
3122 (region_model::get_or_create_view): Delete.
3123 (region_model::get_lvalue_1): Convert from region_id to
3124 const region *.
3125 (region_model::get_rvalue_1): Convert from svalue_id to
3126 const svalue *.
3127 (region_model::get_ssa_name_regions_for_current_frame): New.
3128 (region_model::append_ssa_names_cb): New.
3129 (region_model::get_store_value): New.
3130 (region_model::copy_struct_region): Delete.
3131 (region_model::copy_union_region): Delete.
3132 (region_model::copy_array_region): Delete.
3133 (region_model::region_exists_p): New.
3134 (region_model::make_region_for_unexpected_tree_code): Delete.
3135 (region_model::loop_replay_fixup): New.
3136 (region_model::poison_any_pointers_to_bad_regions): Delete.
3137 (region_model::poison_any_pointers_to_descendents): New.
3138 (region_model::dump_summary_of_rep_path_vars): Delete.
3139 (region_model::on_top_level_param): New.
3140 (region_model::record_dynamic_extents): New.
3141 (region_model::m_mgr;): New.
3142 (region_model::m_store;): New.
3143 (region_model::m_svalues;): Delete.
3144 (region_model::m_regions;): Delete.
3145 (region_model::m_root_rid;): Delete.
3146 (region_model::m_current_frame;): New.
3147 (region_model_context::remap_svalue_ids): Delete.
3148 (region_model_context::can_purge_p): Delete.
3149 (region_model_context::on_svalue_leak): New.
3150 (region_model_context::on_svalue_purge): Delete.
3151 (region_model_context::on_liveness_change): New.
3152 (region_model_context::on_inherited_svalue): Delete.
3153 (region_model_context::on_cast): Delete.
3154 (region_model_context::on_unknown_change): Convert from svalue_id to
3155 const svalue * and add is_mutable.
3156 (class noop_region_model_context): Update for region_model_context
3157 changes.
3158 (model_merger::model_merger): Add program_point. Drop
3159 svalue_id_merger_mapping.
3160 (model_merger::dump_to_pp): Add "simple" param.
3161 (model_merger::dump): Likewise.
3162 (model_merger::get_region_a): Delete.
3163 (model_merger::get_region_b): Delete.
3164 (model_merger::can_merge_values_p): Delete.
3165 (model_merger::record_regions): Delete.
3166 (model_merger::record_svalues): Delete.
3167 (model_merger::m_point): New field.
3168 (model_merger::m_map_regions_from_a_to_m): Delete.
3169 (model_merger::m_map_regions_from_b_to_m): Delete.
3170 (model_merger::m_sid_mapping): Delete.
3171 (struct svalue_id_merger_mapping): Delete.
3172 (class engine): New.
3173 (struct canonicalization): Delete.
3174 (inchash::add): Delete decls for hashing svalue_id and region_id.
3175 (test_region_model_context::on_unexpected_tree_code): Require t to
3176 be non-NULL.
3177 (selftest::assert_condition): Add overload comparing a pair of
3178 const svalue *.
3179 * sm-file.cc: Include "tristate.h", "selftest.h",
3180 "analyzer/call-string.h", "analyzer/program-point.h",
3181 "analyzer/store.h", and "analyzer/region-model.h".
3182 (fileptr_state_machine::get_default_state): New.
3183 (fileptr_state_machine::on_stmt): Remove calls to
3184 get_readable_tree in favor of get_diagnostic_tree.
3185 * sm-malloc.cc: Include "tristate.h", "selftest.h",
3186 "analyzer/call-string.h", "analyzer/program-point.h",
3187 "analyzer/store.h", and "analyzer/region-model.h".
3188 (malloc_state_machine::get_default_state): New.
3189 (malloc_state_machine::reset_when_passed_to_unknown_fn_p): New.
3190 (malloc_diagnostic::describe_state_change): Handle change.m_expr
3191 being NULL.
3192 (null_arg::emit): Avoid printing "NULL '0'".
3193 (null_arg::describe_final_event): Avoid printing "(0) NULL".
3194 (malloc_leak::emit): Handle m_arg being NULL.
3195 (malloc_leak::describe_final_event): Handle ev.m_expr being NULL.
3196 (malloc_state_machine::on_stmt): Don't call get_readable_tree.
3197 Call get_diagnostic_tree when creating pending diagnostics.
3198 Update for is_zero_assignment becoming a member function of
3199 sm_ctxt.
3200 Don't transition to m_non_heap for ADDR_EXPR(MEM_REF()).
3201 (malloc_state_machine::reset_when_passed_to_unknown_fn_p): New
3202 vfunc implementation.
3203 * sm-sensitive.cc (sensitive_state_machine::warn_for_any_exposure): Call
3204 get_diagnostic_tree and pass the result to warn_for_state.
3205 * sm-signal.cc: Move includes of "analyzer/call-string.h" and
3206 "analyzer/program-point.h" to before "analyzer/region-model.h",
3207 and also include "analyzer/store.h" before it.
3208 (signal_unsafe_call::describe_state_change): Use
3209 get_dest_function to get handler.
3210 (update_model_for_signal_handler): Pass manager to region_model
3211 ctor.
3212 (register_signal_handler::impl_transition): Update for changes to
3213 get_or_create_node and add_edge.
3214 * sm-taint.cc (taint_state_machine::on_stmt): Remove calls to
3215 get_readable_tree, replacing them when calling warn_for_state with
3216 calls to get_diagnostic_tree.
3217 * sm.cc (is_zero_assignment): Delete.
3218 (any_pointer_p): Move to within namespace ana.
3219 * sm.h (is_zero_assignment): Remove decl.
3220 (any_pointer_p): Move decl to within namespace ana.
3221 (state_machine::get_default_state): New vfunc.
3222 (state_machine::reset_when_passed_to_unknown_fn_p): New vfunc.
3223 (sm_context::get_readable_tree): Rename to...
3224 (sm_context::get_diagnostic_tree): ...this.
3225 (sm_context::is_zero_assignment): New vfunc.
3226 * store.cc: New file.
3227 * store.h: New file.
3228 * svalue.cc: New file.
3229
2221fb6f
MW		 32302020-05-22 Mark Wielaard <mark@klomp.org>
3231
3232 * sm-signal.cc(signal_unsafe_call::emit): Possibly add
3233 gcc_rich_location note for replacement.
3234 (signal_unsafe_call::get_replacement_fn): New private function.
3235 (get_async_signal_unsafe_fns): Add "exit".
3236
5eae0ac7
DM		 32372020-04-28 David Malcolm <dmalcolm@redhat.com>
3238
3239 PR analyzer/94816
3240 * engine.cc (impl_region_model_context::on_unexpected_tree_code):
3241 Handle NULL tree.
3242 * region-model.cc (region_model::add_region_for_type): Handle
3243 NULL type.
3244 * region-model.h
3245 (test_region_model_context::on_unexpected_tree_code): Handle NULL
3246 tree.
3247
78b97837
DM		 32482020-04-28 David Malcolm <dmalcolm@redhat.com>
3249
3250 PR analyzer/94447
3251 PR analyzer/94639
3252 PR analyzer/94732
3253 PR analyzer/94754
3254 * analyzer.opt (Wanalyzer-use-of-uninitialized-value): Delete.
3255 * program-state.cc (selftest::test_program_state_dumping): Update
3256 expected dump result for removal of "uninit".
3257 * region-model.cc (poison_kind_to_str): Delete POISON_KIND_UNINIT
3258 case.
3259 (root_region::ensure_stack_region): Initialize stack with null
3260 svalue_id rather than with a typeless POISON_KIND_UNINIT value.
3261 (root_region::ensure_heap_region): Likewise for the heap.
3262 (region_model::dump_summary_of_rep_path_vars): Remove
3263 summarization of uninit values.
3264 (region_model::validate): Remove check that the stack has a
3265 POISON_KIND_UNINIT value.
3266 (poisoned_value_diagnostic::emit): Remove POISON_KIND_UNINIT
3267 case.
3268 (poisoned_value_diagnostic::describe_final_event): Likewise.
3269 (selftest::test_dump): Update expected dump result for removal of
3270 "uninit".
3271 (selftest::test_svalue_equality): Remove "uninit" and "freed".
3272 * region-model.h (enum poison_kind): Remove POISON_KIND_UNINIT.
3273
a96f1c38
DM		 32742020-04-01 David Malcolm <dmalcolm@redhat.com>
3275
3276 PR analyzer/94378
3277 * checker-path.cc: Include "bitmap.h".
3278 * constraint-manager.cc: Likewise.
3279 * diagnostic-manager.cc: Likewise.
3280 * engine.cc: Likewise.
3281 (exploded_node::detect_leaks): Pass null region_id to pop_frame.
3282 * program-point.cc: Include "bitmap.h".
3283 * program-state.cc: Likewise.
3284 * region-model.cc (id_set<region_id>::id_set): Convert to...
3285 (region_id_set::region_id_set): ...this.
3286 (svalue_id_set::svalue_id_set): New ctor.
3287 (region_model::copy_region): New function.
3288 (region_model::copy_struct_region): New function.
3289 (region_model::copy_union_region): New function.
3290 (region_model::copy_array_region): New function.
3291 (stack_region::pop_frame): Drop return value. Add
3292 "result_dst_rid" param; if it is non-null, use copy_region to copy
3293 the result to it. Rather than capture and pass a single "known
3294 used" return value to be used by purge_unused_values, instead
3295 gather and pass a set of known used return values.
3296 (root_region::pop_frame): Drop return value. Add "result_dst_rid"
3297 param.
3298 (region_model::on_assignment): Use copy_region.
3299 (region_model::on_return): Likewise for the result.
3300 (region_model::on_longjmp): Pass null for pop_frame's
3301 result_dst_rid.
3302 (region_model::update_for_return_superedge): Pass the region for the
3303 return value of the call, if any, to pop_frame, rather than setting
3304 the lvalue for the lhs of the result.
3305 (region_model::pop_frame): Drop return value. Add
3306 "result_dst_rid" param.
3307 (region_model::purge_unused_svalues): Convert third param from an
3308 svalue_id * to an svalue_id_set *, updating the initial populating
3309 of the "used" bitmap accordingly. Don't remap it when done.
3310 (struct selftest::coord_test): New selftest fixture, extracted from...
3311 (selftest::test_dump_2): ...here.
3312 (selftest::test_compound_assignment): New selftest.
3313 (selftest::test_stack_frames): Pass null to new param of pop_frame.
3314 (selftest::analyzer_region_model_cc_tests): Call the new selftest.
3315 * region-model.h (class id_set): Delete template.
3316 (class region_id_set): Reimplement, using old id_set implementation.
3317 (class svalue_id_set): Likewise. Convert from auto_sbitmap to
3318 auto_bitmap.
3319 (region::get_active_view): New accessor.
3320 (stack_region::pop_frame): Drop return value. Add
3321 "result_dst_rid" param.
3322 (root_region::pop_frame): Likewise.
3323 (region_model::pop_frame): Likewise.
3324 (region_model::copy_region): New decl.
3325 (region_model::purge_unused_svalues): Convert third param from an
3326 svalue_id * to an svalue_id_set *.
3327 (region_model::copy_struct_region): New decl.
3328 (region_model::copy_union_region): New decl.
3329 (region_model::copy_array_region): New decl.
3330
6969ac30
DM		 33312020-03-27 David Malcolm <dmalcolm@redhat.com>
3332
3333 * program-state.cc (selftest::test_program_state_dumping): Update
3334 expected dump to include symbolic_region's possibly_null field.
3335 * region-model.cc (symbolic_region::print_fields): New vfunc
3336 implementation.
3337 (region_model::add_constraint): Clear m_possibly_null from
3338 symbolic_regions now known to be non-NULL.
3339 (selftest::test_malloc_constraints): New selftest.
3340 (selftest::analyzer_region_model_cc_tests): Call it.
3341 * region-model.h (region::dyn_cast_symbolic_region): Add non-const
3342 overload.
3343 (symbolic_region::dyn_cast_symbolic_region): Implement it.
3344 (symbolic_region::print_fields): New vfunc override decl.
3345
42c63313
DM		 33462020-03-27 David Malcolm <dmalcolm@redhat.com>
3347
3348 * analyzer.h (class feasibility_problem): New forward decl.
3349 * diagnostic-manager.cc (saved_diagnostic::saved_diagnostic):
3350 Initialize new fields m_status, m_epath_length, and m_problem.
3351 (saved_diagnostic::~saved_diagnostic): Delete m_problem.
3352 (dedupe_candidate::dedupe_candidate): Convert "sd" param from a
3353 const ref to a mutable ptr.
3354 (dedupe_winners::add): Convert "sd" param from a const ref to a
3355 mutable ptr. Record the length of the exploded_path. Record the
3356 feasibility/infeasibility of sd into sd, capturing a
3357 feasibility_problem when feasible_p fails, and storing it in sd.
3358 (diagnostic_manager::emit_saved_diagnostics): Update for pass by
3359 ptr rather than by const ref.
3360 * diagnostic-manager.h (class saved_diagnostic): Add new enum
3361 status. Add fields m_status, m_epath_length and m_problem.
3362 (saved_diagnostic::set_feasible): New member function.
3363 (saved_diagnostic::set_infeasible): New member function.
3364 (saved_diagnostic::get_feasibility_problem): New accessor.
3365 (saved_diagnostic::get_status): New accessor.
3366 (saved_diagnostic::set_epath_length): New member function.
3367 (saved_diagnostic::get_epath_length): New accessor.
3368 * engine.cc: Include "gimple-pretty-print.h".
3369 (exploded_path::feasible_p): Add OUT param and, if non-NULL, write
3370 a new feasibility_problem to it on failure.
3371 (viz_callgraph_node::dump_dot): Convert begin_tr calls to
3372 begin_trtd. Convert end_tr calls to end_tdtr.
3373 (class exploded_graph_annotator): New subclass of dot_annotator.
3374 (impl_run_checkers): Add a second -fdump-analyzer-supergraph dump
3375 after the analysis runs, using exploded_graph_annotator. dumping
3376 to DUMP_BASE_NAME.supergraph-eg.dot.
3377 * exploded-graph.h (exploded_node::get_dot_fillcolor): Make
3378 public.
3379 (exploded_path::feasible_p): Add OUT param.
3380 (class feasibility_problem): New class.
3381 * state-purge.cc (state_purge_annotator::add_node_annotations):
3382 Return a bool, add a "within_table" param.
3383 (print_vec_of_names): Convert begin_tr calls to begin_trtd.
3384 Convert end_tr calls to end_tdtr.
3385 (state_purge_annotator::add_stmt_annotations): Add "within_row"
3386 param.
3387 * state-purge.h ((state_purge_annotator::add_node_annotations):
3388 Return a bool, add a "within_table" param.
3389 (state_purge_annotator::add_stmt_annotations): Add "within_row"
3390 param.
3391 * supergraph.cc (supernode::dump_dot): Call add_node_annotations
3392 twice: as before, passing false for "within_table", then again
3393 with true when within the TABLE element. Convert some begin_tr
3394 calls to begin_trtd, and some end_tr calls to end_tdtr.
3395 Repeat each add_stmt_annotations call, distinguishing between
3396 calls that add TRs and those that add TDs to an existing TR.
3397 Add a call to add_after_node_annotations.
3398 * supergraph.h (dot_annotator::add_node_annotations): Add a
3399 "within_table" param.
3400 (dot_annotator::add_stmt_annotations): Add a "within_row" param.
3401 (dot_annotator::add_after_node_annotations): New vfunc.
3402
8f023575
DM		 34032020-03-27 David Malcolm <dmalcolm@redhat.com>
3404
3405 * diagnostic-manager.cc (dedupe_winners::add): Show the
3406 exploded_node index in the log messages.
3407 (diagnostic_manager::emit_saved_diagnostics): Log a summary of
3408 m_saved_diagnostics at entry.
3409
4d661bb7
DM		 34102020-03-27 David Malcolm <dmalcolm@redhat.com>
3411
3412 * supergraph.cc (superedge::dump): Add space before description;
3413 move newline to non-pretty_printer overload.
3414
884d9141
DM		 34152020-03-18 David Malcolm <dmalcolm@redhat.com>
3416
3417 * region-model.cc: Include "stor-layout.h".
3418 (region_model::dump_to_pp): Rather than calling
3419 dump_summary_of_map on each of the current frame and the globals,
3420 instead get a vec of representative path_vars for all regions,
3421 and then dump a summary of all of them.
3422 (region_model::dump_summary_of_map): Delete, rewriting into...
3423 (region_model::dump_summary_of_rep_path_vars): ...this new
3424 function, working on a vec of path_vars.
3425 (region_model::set_value): New overload.
3426 (region_model::get_representative_path_var): Rename
3427 "parent_region" local to "parent_reg" and consolidate with other
3428 local. Guard test for grandparent being stack on parent_reg being
3429 non-NULL. Move handling for parent being an array_region to
3430 within guard for parent_reg being non-NULL.
3431 (selftest::make_test_compound_type): New function.
3432 (selftest::test_dump_2): New selftest.
3433 (selftest::test_dump_3): New selftest.
3434 (selftest::test_stack_frames): Update expected output from
3435 simplified dump to show "a" and "b" from parent frame and "y" in
3436 child frame.
3437 (selftest::analyzer_region_model_cc_tests): Call test_dump_2 and
3438 test_dump_3.
3439 * region-model.h (region_model::set_value): New overload decl.
3440 (region_model::dump_summary_of_map): Delete.
3441 (region_model::dump_summary_of_rep_path_vars): New.
3442
7d9c107a
DM		 34432020-03-18 David Malcolm <dmalcolm@redhat.com>
3444
3445 * region-model.h (class noop_region_model_context): New subclass
3446 of region_model_context.
3447 (class tentative_region_model_context): Inherit from
3448 noop_region_model_context rather than from region_model_context;
3449 drop redundant vfunc implementations.
3450 (class test_region_model_context): Likewise.
3451
0db2cd17
DM		 34522020-03-18 David Malcolm <dmalcolm@redhat.com>
3453
3454 * engine.cc (exploded_node::exploded_node): Move implementation
3455 here from header; accept point_and_state by const reference rather
3456 than by value.
3457 * exploded-graph.h (exploded_node::exploded_node): Pass
3458 point_and_state by const reference rather than by value. Move
3459 body to engine.cc.
3460
d5029d45
JJ		 34612020-03-18 Jakub Jelinek <jakub@redhat.com>
3462
3463 * sm-malloc.cc (malloc_state_machine::on_stmt): Fix up duplicated word
3464 issue in a comment.
3465 * region-model.cc (region_model::make_region_for_unexpected_tree_code,
3466 region_model::delete_region_and_descendents): Likewise.
3467 * engine.cc (class exploded_cluster): Likewise.
3468 * diagnostic-manager.cc (class path_builder): Likewise.
3469
5c048755
DM		 34702020-03-13 David Malcolm <dmalcolm@redhat.com>
3471
3472 PR analyzer/94099
3473 PR analyzer/94105
3474 * diagnostic-manager.cc (for_each_state_change): Bulletproof
3475 against errors in get_rvalue by passing a
3476 tentative_region_model_context and rejecting if there's an error.
3477 * region-model.cc (region_model::get_lvalue_1): When handling
3478 ARRAY_REF, handle results of error-handling. Handle NOP_EXPR.
3479
90f7c300
DM		 34802020-03-06 David Malcolm <dmalcolm@redhat.com>
3481
3482 * analyzer.h (class array_region): New forward decl.
3483 * program-state.cc (selftest::test_program_state_dumping_2): New.
3484 (selftest::analyzer_program_state_cc_tests): Call it.
3485 * region-model.cc (array_region::constant_from_key): New.
3486 (region_model::get_representative_tree): Handle region_svalue by
3487 generating an ADDR_EXPR.
3488 (region_model::get_representative_path_var): In view handling,
3489 remove erroneous TREE_TYPE when determining the type of the tree.
3490 Handle array regions and STRING_CST.
3491 (selftest::assert_dump_tree_eq): New.
3492 (ASSERT_DUMP_TREE_EQ): New macro.
3493 (selftest::test_get_representative_tree): New selftest.
3494 (selftest::analyzer_region_model_cc_tests): Call it.
3495 * region-model.h (region::dyn_cast_array_region): New vfunc.
3496 (array_region::dyn_cast_array_region): New vfunc implementation.
3497 (array_region::constant_from_key): New decl.
3498
41f99ba6
DM		 34992020-03-06 David Malcolm <dmalcolm@redhat.com>
3500
3501 * analyzer.h (dump_quoted_tree): New decl.
3502 * engine.cc (exploded_node::dump_dot): Pass region model to
3503 sm_state_map::print.
3504 * program-state.cc: Include diagnostic-core.h.
3505 (sm_state_map::print): Add "model" param and use it to print
3506 representative trees. Only print origin information if non-null.
3507 (sm_state_map::dump): Pass NULL for model to print call.
3508 (program_state::print): Pass region model to sm_state_map::print.
3509 (program_state::dump_to_pp): Use spaces rather than newlines when
3510 summarizing. Pass region_model to sm_state_map::print.
3511 (ana::selftest::assert_dump_eq): New function.
3512 (ASSERT_DUMP_EQ): New macro.
3513 (ana::selftest::test_program_state_dumping): New function.
3514 (ana::selftest::analyzer_program_state_cc_tests): Call it.
3515 * program-state.h (program_state::print): Add model param.
3516 * region-model.cc (dump_quoted_tree): New function.
3517 (map_region::print_fields): Use dump_quoted_tree rather than
3518 %qE to avoid lang-dependent output.
3519 (map_region::dump_child_label): Likewise.
3520 (region_model::dump_summary_of_map): For SK_REGION, when
3521 get_representative_path_var fails, print the region id rather than
3522 erroneously printing NULL.
3523 * sm.cc (state_machine::get_state_by_name): New function.
3524 * sm.h (state_machine::get_state_by_name): New decl.
3525
3c1645a3
DM		 35262020-03-04 David Malcolm <dmalcolm@redhat.com>
3527
3528 * region-model.cc (region::validate): Convert model param from ptr
3529 to reference. Update comment to reflect that it's now a vfunc.
3530 (map_region::validate): New vfunc implementation.
3531 (array_region::validate): New vfunc implementation.
3532 (stack_region::validate): New vfunc implementation.
3533 (root_region::validate): New vfunc implementation.
3534 (region_model::validate): Pass a reference rather than a pointer
3535 to the region::validate vfunc.
3536 * region-model.h (region::validate): Make virtual. Convert model
3537 param from ptr to reference.
3538 (map_region::validate): New vfunc decl.
3539 (array_region::validate): New vfunc decl.
3540 (stack_region::validate): New vfunc decl.
3541 (root_region::validate): New vfunc decl.
3542
e516294a
DM		 35432020-03-04 David Malcolm <dmalcolm@redhat.com>
3544
3545 PR analyzer/93993
3546 * region-model.cc (region_model::on_call_pre): Handle
3547 BUILT_IN_EXPECT and its variants.
3548 (region_model::add_any_constraints_from_ssa_def_stmt): Split out
3549 gassign handling into add_any_constraints_from_gassign; add gcall
3550 handling.
3551 (region_model::add_any_constraints_from_gassign): New function,
3552 based on the above. Add handling for NOP_EXPR.
3553 (region_model::add_any_constraints_from_gcall): New function.
3554 (region_model::get_representative_path_var): Handle views.
3555 * region-model.h
3556 (region_model::add_any_constraints_from_ssa_def_stmt): New decl.
3557 (region_model::add_any_constraints_from_gassign): New decl.
3558
3d66e153
DM		 35592020-03-04 David Malcolm <dmalcolm@redhat.com>
3560
3561 PR analyzer/93993
3562 * checker-path.h (state_change_event::get_lvalue): Add ctxt param
3563 and pass it to region_model::get_value call.
3564 * diagnostic-manager.cc (get_any_origin): Pass a
3565 tentative_region_model_context to the calls to get_lvalue and reject
3566 the comparison if errors occur.
3567 (can_be_expr_of_interest_p): New function.
3568 (diagnostic_manager::prune_for_sm_diagnostic): Replace checks for
3569 CONSTANT_CLASS_P with calls to update_for_unsuitable_sm_exprs.
3570 Pass a tentative_region_model_context to the calls to
3571 state_change_event::get_lvalue and reject the comparison if errors
3572 occur.
3573 (diagnostic_manager::update_for_unsuitable_sm_exprs): New.
3574 * diagnostic-manager.h
3575 (diagnostic_manager::update_for_unsuitable_sm_exprs): New decl.
3576 * region-model.h (class tentative_region_model_context): New class.
3577
13e3ba14
DM		 35782020-03-04 David Malcolm <dmalcolm@redhat.com>
3579
3580 * engine.cc (worklist::worklist): Remove unused field m_eg.
3581 (class viz_callgraph_edge): Remove unused field m_call_sedge.
3582 (class viz_callgraph): Remove unused field m_sg.
3583 * exploded-graph.h (worklist::::m_eg): Remove unused field.
3584
13b76912
DM		 35852020-03-02 David Malcolm <dmalcolm@redhat.com>
3586
3587 * analyzer.opt (fanalyzer-show-duplicate-count): New option.
3588 * diagnostic-manager.cc
3589 (diagnostic_manager::emit_saved_diagnostic): Use the above to
3590 guard the printing of the duplicate count.
3591
9f00b22f
DM		 35922020-03-02 David Malcolm <dmalcolm@redhat.com>
3593
3594 PR analyzer/93959
3595 * analyzer.cc (is_std_function_p): New function.
3596 (is_std_named_call_p): New functions.
3597 * analyzer.h (is_std_named_call_p): New decl.
3598 * sm-malloc.cc (malloc_state_machine::on_stmt): Check for "std::"
3599 variants when checking for malloc, calloc and free.
3600
71b633aa
DM		 36012020-02-26 David Malcolm <dmalcolm@redhat.com>
3602
3603 PR analyzer/93950
3604 * diagnostic-manager.cc
3605 (diagnostic_manager::prune_for_sm_diagnostic): Assert that var is
3606 either NULL or not a constant. When updating var, bulletproof
3607 against constant values.
3608
0ba70d1b
DM		 36092020-02-26 David Malcolm <dmalcolm@redhat.com>
3610
3611 PR analyzer/93947
3612 * region-model.cc (region_model::get_fndecl_for_call): Gracefully
3613 fail for fn_decls that don't have a cgraph_node.
3614
67fa274c
DM		 36152020-02-26 David Malcolm <dmalcolm@redhat.com>
3616
3617 * bar-chart.cc: New file.
3618 * bar-chart.h: New file.
3619 * engine.cc: Include "analyzer/bar-chart.h".
3620 (stats::log): Only log the m_num_nodes kinds that are non-zero.
3621 (stats::dump): Likewise when dumping.
3622 (stats::get_total_enodes): New.
3623 (exploded_graph::get_or_create_node): Increment the per-point-data
3624 m_excess_enodes when hitting the per-program-point limit on
3625 enodes.
3626 (exploded_graph::print_bar_charts): New.
3627 (exploded_graph::log_stats): Log the number of unprocessed enodes
3628 in the worklist. Call print_bar_charts.
3629 (exploded_graph::dump_stats): Print the number of unprocessed
3630 enodes in the worklist.
3631 * exploded-graph.h (stats::get_total_enodes): New decl.
3632 (struct per_program_point_data): Add field m_excess_enodes.
3633 (exploded_graph::print_bar_charts): New decl.
3634 * supergraph.cc (superedge::dump): New.
3635 (superedge::dump): New.
3636 * supergraph.h (supernode::get_function): New.
3637 (superedge::dump): New decl.
3638 (superedge::dump): New decl.
3639
f2ca2088
DM		 36402020-02-24 David Malcolm <dmalcolm@redhat.com>
3641
3642 * engine.cc (exploded_graph::get_or_create_node): Dump the
3643 program_state to the pp, rather than to stderr.
3644
b3d788a2
DM		 36452020-02-24 David Malcolm <dmalcolm@redhat.com>
3646
3647 PR analyzer/93032
3648 * sm.cc (make_checkers): Require the "taint" checker to be
3649 explicitly enabled.
3650
3a25f345
DM		 36512020-02-24 David Malcolm <dmalcolm@redhat.com>
3652
3653 PR analyzer/93899
3654 * engine.cc
3655 (impl_region_model_context::impl_region_model_context): Add logger
3656 param.
3657 * engine.cc (exploded_graph::add_function_entry): Create an
3658 impl_region_model_context and pass it to the push_frame call.
3659 Bail if the resulting state is invalid.
3660 (exploded_graph::build_initial_worklist): Likewise.
3661 (exploded_graph::build_initial_worklist): Handle the case where
3662 add_function_entry fails.
3663 * exploded-graph.h
3664 (impl_region_model_context::impl_region_model_context): Add logger
3665 param.
3666 * region-model.cc (map_region::get_or_create): Add ctxt param and
3667 pass it to add_region_for_type.
3668 (map_region::can_merge_p): Pass NULL as a ctxt to call to
3669 get_or_create.
3670 (array_region::get_element): Pass ctxt to call to get_or_create.
3671 (array_region::get_or_create): Add ctxt param and pass it to
3672 add_region_for_type.
3673 (root_region::push_frame): Pass ctxt to get_or_create calls.
3674 (region_model::get_lvalue_1): Likewise.
3675 (region_model::make_region_for_unexpected_tree_code): Assert that
3676 ctxt is non-NULL.
3677 (region_model::get_rvalue_1): Pass ctxt to get_svalue_for_fndecl
3678 and get_svalue_for_label calls.
3679 (region_model::get_svalue_for_fndecl): Add ctxt param and pass it
3680 to get_region_for_fndecl.
3681 (region_model::get_region_for_fndecl): Add ctxt param and pass it
3682 to get_or_create.
3683 (region_model::get_svalue_for_label): Add ctxt param and pass it
3684 to get_region_for_label.
3685 (region_model::get_region_for_label): Add ctxt param and pass it
3686 to get_region_for_fndecl and get_or_create.
3687 (region_model::get_field_region): Add ctxt param and pass it to
3688 get_or_create_view and get_or_create.
3689 (make_region_for_type): Replace gcc_unreachable with return NULL.
3690 (region_model::add_region_for_type): Add ctxt param. Handle a
3691 return of NULL from make_region_for_type by calling
3692 make_region_for_unexpected_tree_code.
3693 (region_model::get_or_create_mem_ref): Pass ctxt to calls to
3694 get_or_create_view.
3695 (region_model::get_or_create_view): Add ctxt param and pass it to
3696 add_region_for_type.
3697 (selftest::test_state_merging): Pass ctxt to get_or_create_view.
3698 * region-model.h (region_model::get_or_create): Add ctxt param.
3699 (region_model::add_region_for_type): Likewise.
3700 (region_model::get_svalue_for_fndecl): Likewise.
3701 (region_model::get_svalue_for_label): Likewise.
3702 (region_model::get_region_for_fndecl): Likewise.
3703 (region_model::get_region_for_label): Likewise.
3704 (region_model::get_field_region): Likewise.
3705 (region_model::get_or_create_view): Likewise.
3706
004f2c07
DM		 37072020-02-24 David Malcolm <dmalcolm@redhat.com>
3708
3709 * checker-path.cc (superedge_event::should_filter_p): Update
3710 filter for empty descriptions to cover verbosity level 3 as well
3711 as 2.
3712 * diagnostic-manager.cc: Include "analyzer/reachability.h".
3713 (class path_builder): New class.
3714 (diagnostic_manager::emit_saved_diagnostic): Create a path_builder
3715 and pass it to build_emission_path, rather passing eg; similarly
3716 for add_events_for_eedge and ext_state.
3717 (diagnostic_manager::build_emission_path): Replace "eg" param
3718 with a path_builder, pass it to add_events_for_eedge.
3719 (diagnostic_manager::add_events_for_eedge): Replace ext_state
3720 param with path_builder; pass it to add_events_for_superedge.
3721 (diagnostic_manager::significant_edge_p): New.
3722 (diagnostic_manager::add_events_for_superedge): Add path_builder
3723 param. Reject insignificant edges at verbosity levels below 3.
3724 (diagnostic_manager::prune_for_sm_diagnostic): Update highest
3725 verbosity level to 4.
3726 * diagnostic-manager.h (class path_builder): New forward decl.
3727 (diagnostic_manager::build_emission_path): Replace "eg" param
3728 with a path_builder.
3729 (diagnostic_manager::add_events_for_eedge): Replace ext_state
3730 param with path_builder.
3731 (diagnostic_manager::significant_edge_p): New.
3732 (diagnostic_manager::add_events_for_superedge): Add path_builder
3733 param.
3734 * reachability.h: New file.
3735
0b2b45a6
DM		 37362020-02-18 David Malcolm <dmalcolm@redhat.com>
3737
3738 PR analyzer/93692
3739 * analyzer.opt (fdump-analyzer-callgraph): Rewrite description.
3740
4f40164a
DM		 37412020-02-18 David Malcolm <dmalcolm@redhat.com>
3742
3743 PR analyzer/93777
3744 * region-model.cc (region_model::maybe_cast_1): Replace assertion
3745 that build_cast returns non-NULL with a conditional, falling
3746 through to the logic which returns a new unknown value of the
3747 desired type if it fails.
3748
2e623393
DM		 37492020-02-18 David Malcolm <dmalcolm@redhat.com>
3750
3751 PR analyzer/93778
3752 * engine.cc (impl_region_model_context::on_unknown_tree_code):
3753 Rename to...
3754 (impl_region_model_context::on_unexpected_tree_code): ...this and
3755 convert first argument from path_var to tree.
3756 (exploded_node::on_stmt): Pass ctxt to purge_for_unknown_fncall.
3757 * exploded-graph.h (region_model_context::on_unknown_tree_code):
3758 Rename to...
3759 (region_model_context::on_unexpected_tree_code): ...this and
3760 convert first argument from path_var to tree.
3761 * program-state.cc (sm_state_map::purge_for_unknown_fncall): Add
3762 ctxt param and pass on to calls to get_rvalue.
3763 * program-state.h (sm_state_map::purge_for_unknown_fncall): Add
3764 ctxt param.
3765 * region-model.cc (region_model::handle_unrecognized_call): Pass
3766 ctxt on to call to get_rvalue.
3767 (region_model::get_lvalue_1): Move body of default case to
3768 region_model::make_region_for_unexpected_tree_code and call it.
3769 Within COMPONENT_REF case, reject attempts to handle types other
3770 than RECORD_TYPE and UNION_TYPE.
3771 (region_model::make_region_for_unexpected_tree_code): New
3772 function, based on default case of region_model::get_lvalue_1.
3773 * region-model.h
3774 (region_model::make_region_for_unexpected_tree_code): New decl.
3775 (region_model::on_unknown_tree_code): Rename to...
3776 (region_model::on_unexpected_tree_code): ...this and convert first
3777 argument from path_var to tree.
3778 (class test_region_model_context): Update vfunc implementation for
3779 above change.
3780
a674c7b8
DM		 37812020-02-18 David Malcolm <dmalcolm@redhat.com>
3782
3783 PR analyzer/93774
3784 * region-model.cc
3785 (region_model::convert_byte_offset_to_array_index): Use
3786 int_size_in_bytes before calling size_in_bytes, to gracefully fail
3787 on incomplete types.
3788
d8cde6f9
DM		 37892020-02-17 David Malcolm <dmalcolm@redhat.com>
3790
3791 PR analyzer/93775
3792 * region-model.cc (region_model::get_fndecl_for_call): Handle the
3793 case where the code_region's get_tree_for_child_region returns
3794 NULL.
3795
f76a88eb
DM		 37962020-02-17 David Malcolm <dmalcolm@redhat.com>
3797
3798 PR analyzer/93388
3799 * engine.cc (impl_region_model_context::on_unknown_tree_code):
3800 New.
3801 (exploded_graph::get_or_create_node): Reject invalid states.
3802 * exploded-graph.h
3803 (impl_region_model_context::on_unknown_tree_code): New decl.
3804 (point_and_state::point_and_state): Assert that the state is
3805 valid.
3806 * program-state.cc (program_state::program_state): Initialize
3807 m_valid to true.
3808 (program_state::operator=): Copy m_valid.
3809 (program_state::program_state): Likewise for move constructor.
3810 (program_state::print): Print m_valid.
3811 (program_state::dump_to_pp): Likewise.
3812 * program-state.h (program_state::m_valid): New field.
3813 * region-model.cc (region_model::get_lvalue_1): Implement the
3814 default case by returning a new symbolic region and calling
3815 the context's on_unknown_tree_code, rather than issuing an
3816 internal_error. Implement VIEW_CONVERT_EXPR.
3817 * region-model.h (region_model_context::on_unknown_tree_code): New
3818 vfunc.
3819 (test_region_model_context::on_unknown_tree_code): New.
3820
0993ad65
DM		 38212020-02-17 David Malcolm <dmalcolm@redhat.com>
3822
3823 * sm-malloc.cc (malloc_diagnostic::describe_state_change): For
3824 transition to the "null" state, only say "assuming" when
3825 transitioning from the "unchecked" state.
3826
67098787
DM		 38272020-02-17 David Malcolm <dmalcolm@redhat.com>
3828
3829 * diagnostic-manager.h (diagnostic_manager::get_saved_diagnostic):
3830 Add const overload.
3831 * engine.cc (exploded_node::dump_dot): Dump saved_diagnostics.
3832 * exploded-graph.h (exploded_graph::get_diagnostic_manager): Add
3833 const overload.
3834
91f993b7
DM		 38352020-02-11 David Malcolm <dmalcolm@redhat.com>
3836
3837 PR analyzer/93288
3838 * analysis-plan.cc (analysis_plan::use_summary_p): Look through
3839 the ultimate_alias_target when getting the called function.
3840 * engine.cc (exploded_node::on_stmt): Rename second "ctxt" to
3841 "sm_ctxt". Use the region_model's get_fndecl_for_call rather than
3842 gimple_call_fndecl.
3843 * region-model.cc (region_model::get_fndecl_for_call): Use
3844 ultimate_alias_target on fndecl.
3845 * supergraph.cc (get_ultimate_function_for_cgraph_edge): New
3846 function.
3847 (supergraph_call_edge): Use it when rejecting edges without
3848 functions.
3849 (supergraph::supergraph): Use it to get the function for the
3850 cgraph_edge when building interprocedural superedges.
3851 (callgraph_superedge::get_callee_function): Use it.
3852 * supergraph.h (supergraph::get_num_snodes): Make param const.
3853 (supergraph::function_to_num_snodes_t): Make first type param
3854 const.
3855
a60d9889
DM		 38562020-02-11 David Malcolm <dmalcolm@redhat.com>
3857
3858 PR analyzer/93374
3859 * engine.cc (exploded_edge::exploded_edge): Add ext_state param
3860 and pass it to change.validate.
3861 (exploded_graph::get_or_create_node): Move purging of change
3862 svalues to also cover the case of reusing an existing enode.
3863 (exploded_graph::add_edge): Pass m_ext_state to exploded_edge's
3864 ctor.
3865 * exploded-graph.h (exploded_edge::exploded_edge): Add ext_state
3866 param.
3867 * program-state.cc (state_change::sm_change::validate): Likewise.
3868 Assert that m_sm_idx is sane. Use ext_state to validate
3869 m_old_state and m_new_state.
3870 (state_change::validate): Add ext_state param and pass it to
3871 the sm_change validate calls.
3872 * program-state.h (state_change::sm_change::validate): Add
3873 ext_state param.
3874 (state_change::validate): Likewise.
3875
a0e4929b
DM		 38762020-02-11 David Malcolm <dmalcolm@redhat.com>
3877
3878 PR analyzer/93669
3879 * engine.cc (exploded_graph::dump_exploded_nodes): Handle missing
3880 case of STATUS_WORKLIST in implementation of
3881 "__analyzer_dump_exploded_nodes".
3882
cd28b759
DM		 38832020-02-11 David Malcolm <dmalcolm@redhat.com>
3884
3885 PR analyzer/93649
3886 * constraint-manager.cc (constraint_manager::add_constraint): When
3887 merging equivalence classes and updating m_constant, also update
3888 m_cst_sid.
3889 (constraint_manager::validate): If m_constant is non-NULL assert
3890 that m_cst_sid is non-null and is valid.
3891
5e17c1bd
DM		 38922020-02-11 David Malcolm <dmalcolm@redhat.com>
3893
3894 PR analyzer/93657
3895 * analyzer.opt (fdump-analyzer): Reword description.
3896 (fdump-analyzer-stderr): Likewise.
3897
c46d057f
DM		 38982020-02-11 David Malcolm <dmalcolm@redhat.com>
3899
3900 * region-model.cc (print_quoted_type): New function.
3901 (svalue::print): Use it to replace %qT.
3902 (region::dump_to_pp): Likewise.
3903 (region::dump_child_label): Likewise.
3904 (region::print_fields): Likewise.
3905
eb031d4b
DM		 39062020-02-10 David Malcolm <dmalcolm@redhat.com>
3907
3908 PR analyzer/93659
3909 * analyzer.opt (-param=analyzer-max-recursion-depth=): Fix "tha"
3910 -> "that" typo.
3911 (Wanalyzer-use-of-uninitialized-value): Fix "initialized" ->
3912 "uninitialized" typo.
3913
e87deb37
DM		 39142020-02-10 David Malcolm <dmalcolm@redhat.com>
3915
3916 PR analyzer/93350
3917 * region-model.cc (region_model::get_lvalue_1):
3918 Handle BIT_FIELD_REF.
3919 (make_region_for_type): Handle VECTOR_TYPE.
3920
e953f958
DM		 39212020-02-10 David Malcolm <dmalcolm@redhat.com>
3922
3923 PR analyzer/93647
3924 * diagnostic-manager.cc
3925 (diagnostic_manager::prune_for_sm_diagnostic): Bulletproof against
3926 VAR being constant.
3927 * region-model.cc (region_model::get_lvalue_1): Provide a better
3928 error message when encountering an unhandled tree code.
3929
41a9e940
DM		 39302020-02-10 David Malcolm <dmalcolm@redhat.com>
3931
3932 PR analyzer/93405
3933 * region-model.cc (region_model::get_lvalue_1): Implement
3934 CONST_DECL.
3935
cb273d81
DM		 39362020-02-06 David Malcolm <dmalcolm@redhat.com>
3937
3938 * region-model.cc (region_model::maybe_cast_1): Attempt to provide
3939 a region_svalue if either type is a pointer, rather than if both
3940 types are pointers.
3941
a4d3bfc0
DM		 39422020-02-05 David Malcolm <dmalcolm@redhat.com>
3943
3944 * engine.cc (exploded_node::dump_dot): Show merger enodes.
3945 (worklist::add_node): Assert that the node's m_status is
3946 STATUS_WORKLIST.
3947 (exploded_graph::process_worklist): Likewise for nodes from the
3948 worklist. Set status of merged nodes to STATUS_MERGER.
3949 (exploded_graph::process_node): Set status of node to
3950 STATUS_PROCESSED.
3951 (exploded_graph::dump_exploded_nodes): Rework handling of
3952 "__analyzer_dump_exploded_nodes", splitting enodes by status into
3953 "processed" and "merger", showing the count of just the processed
3954 enodes at the call, rather than the count of all enodes.
3955 * exploded-graph.h (exploded_node::status): New enum.
3956 (exploded_node::exploded_node): Initialize m_status to
3957 STATUS_WORKLIST.
3958 (exploded_node::get_status): New getter.
3959 (exploded_node::set_status): New setter.
3960
1dae549d
DM		 39612020-02-04 David Malcolm <dmalcolm@redhat.com>
3962
3963 PR analyzer/93543
3964 * engine.cc (pod_hash_traits<function_call_string>::mark_empty):
3965 Eliminate reinterpret_cast.
3966 (pod_hash_traits<function_call_string>::is_empty): Likewise.
3967
833f1e66
DM		 39682020-02-03 David Malcolm <dmalcolm@redhat.com>
3969
3970 * constraint-manager.cc (range::constrained_to_single_element):
3971 Replace fold_build2 with fold_binary. Remove unnecessary newline.
3972 (constraint_manager::get_or_add_equiv_class): Replace fold_build2
3973 with fold_binary in two places, and remove out-of-date comment.
3974 (constraint_manager::eval_condition): Replace fold_build2 with
3975 fold_binary.
3976 * region-model.cc (constant_svalue::eval_condition): Likewise.
3977 (region_model::on_assignment): Likewise.
3978
8525d1f5
DM		 39792020-02-03 David Malcolm <dmalcolm@redhat.com>
3980
3981 PR analyzer/93544
3982 * diagnostic-manager.cc
3983 (diagnostic_manager::prune_for_sm_diagnostic): Bulletproof
3984 against bad choices due to bad paths.
3985 * engine.cc (impl_region_model_context::on_phi): New.
3986 * exploded-graph.h (impl_region_model_context::on_phi): New decl.
3987 * region-model.cc (region_model::on_longjmp): Likewise.
3988 (region_model::handle_phi): Add phi param. Call the ctxt's on_phi
3989 vfunc.
3990 (region_model::update_for_phis): Pass phi to handle_phi.
3991 * region-model.h (region_model::handle_phi): Add phi param.
3992 (region_model_context::on_phi): New vfunc.
3993 (test_region_model_context::on_phi): New.
3994 * sm-malloc.cc (malloc_state_machine::on_phi): New.
3995 (malloc_state_machine::on_zero_assignment): New.
3996 * sm.h (state_machine::on_phi): New vfunc.
3997
73f38658
DM		 39982020-02-03 David Malcolm <dmalcolm@redhat.com>
3999
4000 * engine.cc (supernode_cluster::dump_dot): Show BB index as
4001 well as SN index.
4002 * supergraph.cc (supernode::dump_dot): Likewise.
4003
5e10b9a2
DM		 40042020-02-03 David Malcolm <dmalcolm@redhat.com>
4005
4006 PR analyzer/93546
4007 * region-model.cc (region_model::on_call_pre): Update for new
4008 param of symbolic_region ctor.
4009 (region_model::deref_rvalue): Likewise.
4010 (region_model::add_new_malloc_region): Likewise.
4011 (make_region_for_type): Likewise, preserving type.
4012 * region-model.h (symbolic_region::symbolic_region): Add "type"
4013 param and pass it to base class ctor.
4014
287ccd3b
DM		 40152020-02-03 David Malcolm <dmalcolm@redhat.com>
4016
4017 PR analyzer/93547
4018 * constraint-manager.cc
4019 (constraint_manager::get_or_add_equiv_class): Ensure types are
4020 compatible before comparing constants.
4021
67751724
DM		 40222020-01-31 David Malcolm <dmalcolm@redhat.com>
4023
4024 PR analyzer/93457
4025 * region-model.cc (make_region_for_type): Use VOID_TYPE_P rather
4026 than checking against void_type_node.
4027
09bea584
DM		 40282020-01-31 David Malcolm <dmalcolm@redhat.com>
4029
4030 PR analyzer/93373
4031 * region-model.cc (ASSERT_COMPAT_TYPES): Convert to...
4032 (assert_compat_types): ...this, and bail when either type is NULL,
4033 or when VOID_TYPE_P (dst_type).
4034 (region_model::get_lvalue): Update for above conversion.
4035 (region_model::get_rvalue): Likewise.
4036
f1c807e8
DM		 40372020-01-31 David Malcolm <dmalcolm@redhat.com>
4038
4039 PR analyzer/93379
4040 * region-model.cc (region_model::update_for_return_superedge):
4041 Move check for null result so that it also guards setting the
4042 lhs.
4043
455f58ec
DM		 40442020-01-31 David Malcolm <dmalcolm@redhat.com>
4045
4046 PR analyzer/93438
4047 * region-model.cc (stack_region::can_merge_p): Split into a two
4048 pass approach, creating all stack regions first, then populating
4049 them.
4050 (selftest::test_state_merging): Add test coverage for (a) the case
4051 of self-merging a model in which a local in an older stack frame
4052 points to a local in a more recent stack frame (which previously
4053 would ICE), and (b) the case of self-merging a model in which a
4054 local points to a global (which previously worked OK).
4055
182ce042
DM		 40562020-01-31 David Malcolm <dmalcolm@redhat.com>
4057
4058 * analyzer.cc (is_named_call_p): Replace tests for fndecl being
4059 extern at file scope and having a non-NULL DECL_NAME with a call
4060 to maybe_special_function_p.
4061 * function-set.cc (function_set::contains_decl_p): Add call to
4062 maybe_special_function_p.
4063
45eb3e49
DM		 40642020-01-31 David Malcolm <dmalcolm@redhat.com>
4065
4066 PR analyzer/93450
4067 * constraint-manager.cc
4068 (constraint_manager::get_or_add_equiv_class): Only compare constants
4069 if their types are compatible.
4070 * region-model.cc (constant_svalue::eval_condition): Replace check
4071 for identical types with call to types_compatible_p.
4072
42f36563
DM		 40732020-01-30 David Malcolm <dmalcolm@redhat.com>
4074
4075 * program-state.cc (extrinsic_state::dump_to_pp): New.
4076 (extrinsic_state::dump_to_file): New.
4077 (extrinsic_state::dump): New.
4078 * program-state.h (extrinsic_state::dump_to_pp): New decl.
4079 (extrinsic_state::dump_to_file): New decl.
4080 (extrinsic_state::dump): New decl.
4081 * sm.cc: Include "pretty-print.h".
4082 (state_machine::dump_to_pp): New.
4083 * sm.h (state_machine::dump_to_pp): New decl.
4084
ebe9174e
DM		 40852020-01-30 David Malcolm <dmalcolm@redhat.com>
4086
4087 * diagnostic-manager.cc (for_each_state_change): Use
4088 extrinsic_state::get_num_checkers rather than accessing m_checkers
4089 directly.
4090 * program-state.cc (program_state::program_state): Likewise.
4091 * program-state.h (extrinsic_state::m_checkers): Make private.
4092
e978955d
DM		 40932020-01-30 David Malcolm <dmalcolm@redhat.com>
4094
4095 PR analyzer/93356
4096 * region-model.cc (region_model::eval_condition): In both
4097 overloads, bail out immediately on floating-point types.
4098 (region_model::eval_condition_without_cm): Likewise.
4099 (region_model::add_constraint): Likewise.
4100
d177c49c
DM		 41012020-01-30 David Malcolm <dmalcolm@redhat.com>
4102
4103 PR analyzer/93450
4104 * program-state.cc (sm_state_map::set_state): For the overload
4105 taking an svalue_id, bail out if the set_state on the ec does
4106 nothing. Convert the latter's return type from void to bool,
4107 returning true if anything changed.
4108 (sm_state_map::impl_set_state): Convert the return type from void
4109 to bool, returning true if the state changed.
4110 * program-state.h (sm_state_map::set_state): Convert return type
4111 from void to bool.
4112 (sm_state_map::impl_set_state): Likewise.
4113 * region-model.cc (constant_svalue::eval_condition): Only call
4114 fold_build2 if the types are the same.
4115
7892ff37
JJ		 41162020-01-29 Jakub Jelinek <jakub@redhat.com>
4117
4118 * analyzer.h (PUSH_IGNORE_WFORMAT, POP_IGNORE_WFORMAT): Remove.
4119 * constraint-manager.cc: Include diagnostic-core.h before graphviz.h.
4120 (range::dump, equiv_class::print): Don't use PUSH_IGNORE_WFORMAT or
4121 POP_IGNORE_WFORMAT.
4122 * state-purge.cc: Include diagnostic-core.h before
4123 gimple-pretty-print.h.
4124 (state_purge_annotator::add_node_annotations, print_vec_of_names):
4125 Don't use PUSH_IGNORE_WFORMAT or POP_IGNORE_WFORMAT.
4126 * region-model.cc: Move diagnostic-core.h include before graphviz.h.
4127 (path_var::dump, svalue::print, constant_svalue::print_details,
4128 region::dump_to_pp, region::dump_child_label, region::print_fields,
4129 map_region::print_fields, map_region::dump_dot_to_pp,
4130 map_region::dump_child_label, array_region::print_fields,
4131 array_region::dump_dot_to_pp): Don't use PUSH_IGNORE_WFORMAT or
4132 POP_IGNORE_WFORMAT.
4133
5aebfb71
DM		 41342020-01-28 David Malcolm <dmalcolm@redhat.com>
4135
4136 PR analyzer/93316
4137 * engine.cc (rewind_info_t::update_model): Get the longjmp call
4138 stmt via get_longjmp_call () rather than assuming it is the last
4139 stmt in the longjmp's supernode.
4140 (rewind_info_t::add_events_to_path): Get the location_t for the
4141 rewind_from_longjmp_event via get_longjmp_call () rather than from
4142 the supernode's get_end_location ().
4143
6c8e5844
DM		 41442020-01-28 David Malcolm <dmalcolm@redhat.com>
4145
4146 * region-model.cc (poisoned_value_diagnostic::emit): Update for
4147 renaming of warning_at overload to warning_meta.
4148 * sm-file.cc (file_leak::emit): Likewise.
4149 * sm-malloc.cc (double_free::emit): Likewise.
4150 (possible_null_deref::emit): Likewise.
4151 (possible_null_arg::emit): Likewise.
4152 (null_deref::emit): Likewise.
4153 (null_arg::emit): Likewise.
4154 (use_after_free::emit): Likewise.
4155 (malloc_leak::emit): Likewise.
4156 (free_of_non_heap::emit): Likewise.
4157 * sm-sensitive.cc (exposure_through_output_file::emit): Likewise.
4158 * sm-signal.cc (signal_unsafe_call::emit): Likewise.
4159 * sm-taint.cc (tainted_array_index::emit): Likewise.
4160
8c08c983
DM		 41612020-01-27 David Malcolm <dmalcolm@redhat.com>
4162
4163 PR analyzer/93451
4164 * region-model.cc (tree_cmp): For the REAL_CST case, impose an
4165 arbitrary order on NaNs relative to other NaNs and to non-NaNs;
4166 const-correctness tweak.
4167 (ana::selftests::build_real_cst_from_string): New function.
4168 (ana::selftests::append_interesting_constants): New function.
4169 (ana::selftests::test_tree_cmp_on_constants): New test.
4170 (ana::selftests::test_canonicalization_4): New test.
4171 (ana::selftests::analyzer_region_model_cc_tests): Call the new
4172 tests.
4173
2fbea419
DM		 41742020-01-27 David Malcolm <dmalcolm@redhat.com>
4175
4176 PR analyzer/93349
4177 * engine.cc (run_checkers): Save and restore input_location.
4178
6a81cabc
DM		 41792020-01-27 David Malcolm <dmalcolm@redhat.com>
4180
4181 * call-string.cc (call_string::cmp_1): Delete, moving body to...
4182 (call_string::cmp): ...here.
4183 * call-string.h (call_string::cmp_1): Delete decl.
4184 * engine.cc (worklist::key_t::cmp_1): Delete, moving body to...
4185 (worklist::key_t::cmp): ...here. Implement hash comparisons
4186 via comparison rather than subtraction to avoid overflow issues.
4187 * exploded-graph.h (worklist::key_t::cmp_1): Delete decl.
4188 * region-model.cc (tree_cmp): Eliminate buggy checking for
4189 symmetry.
4190
342e14ff
DM		 41912020-01-27 David Malcolm <dmalcolm@redhat.com>
4192
4193 * analyzer.cc (is_named_call_p): Check that fndecl is "extern"
4194 and at file scope. Potentially disregard prefix _ or __ in
4195 fndecl's name. Bail if the identifier is NULL.
4196 (is_setjmp_call_p): Expect a gcall rather than plain gimple.
4197 Remove special-case check for leading prefix, and also check for
4198 sigsetjmp.
4199 (is_longjmp_call_p): Also check for siglongjmp.
4200 (get_user_facing_name): New function.
4201 * analyzer.h (is_setjmp_call_p): Expect a gcall rather than plain
4202 gimple.
4203 (get_user_facing_name): New decl.
4204 * checker-path.cc (setjmp_event::get_desc): Use
4205 get_user_facing_name to avoid hardcoding the function name.
4206 (rewind_event::rewind_event): Add rewind_info param, using it to
4207 initialize new m_rewind_info field, and strengthen the assertion.
4208 (rewind_from_longjmp_event::get_desc): Use get_user_facing_name to
4209 avoid hardcoding the function name.
4210 (rewind_to_setjmp_event::get_desc): Likewise.
4211 * checker-path.h (setjmp_event::setjmp_event): Add setjmp_call
4212 param and use it to initialize...
4213 (setjmp_event::m_setjmp_call): New field.
4214 (rewind_event::rewind_event): Add rewind_info param.
4215 (rewind_event::m_rewind_info): New protected field.
4216 (rewind_from_longjmp_event::rewind_from_longjmp_event): Add
4217 rewind_info param.
4218 (class rewind_to_setjmp_event): Move rewind_info field to parent
4219 class.
4220 * diagnostic-manager.cc (diagnostic_manager::add_events_for_eedge):
4221 Update setjmp-handling for is_setjmp_call_p requiring a gcall;
4222 pass the call to the new setjmp_event.
4223 * engine.cc (exploded_node::on_stmt): Update for is_setjmp_call_p
4224 requiring a gcall.
4225 (stale_jmp_buf::emit): Use get_user_facing_name to avoid
4226 hardcoding the function names.
4227 (exploded_node::on_longjmp): Pass the longjmp_call when
4228 constructing rewind_info.
4229 (rewind_info_t::add_events_to_path): Pass the rewind_info_t to the
4230 rewind_from_longjmp_event's ctor.
4231 * exploded-graph.h (rewind_info_t::rewind_info_t): Add
4232 longjmp_call param.
4233 (rewind_info_t::get_longjmp_call): New.
4234 (rewind_info_t::m_longjmp_call): New.
4235 * region-model.cc (region_model::on_setjmp): Update comment to
4236 indicate this is also for sigsetjmp.
4237 * region-model.h (struct setjmp_record): Likewise.
4238 (class setjmp_svalue): Likewise.
4239
26d949c8
DM		 42402020-01-27 David Malcolm <dmalcolm@redhat.com>
4241
4242 PR analyzer/93276
4243 * analyzer.h (PUSH_IGNORE_WFORMAT, POP_IGNORE_WFORMAT): Guard these
4244 macros with GCC_VERSION >= 4006, making them no-op otherwise.
4245 * engine.cc (exploded_edge::exploded_edge): Specify template for
4246 base class initializer.
4247 (exploded_graph::add_edge): Specify template when chaining up to
4248 base class add_edge implementation.
4249 (viz_callgraph_node::dump_dot): Drop redundant "typename".
4250 (viz_callgraph_edge::viz_callgraph_edge): Specify template for
4251 base class initializer.
4252 * program-state.cc (sm_state_map::clone_with_remapping): Drop
4253 redundant "typename".
4254 (sm_state_map::print): Likewise.
4255 (sm_state_map::hash): Likewise.
4256 (sm_state_map::operator==): Likewise.
4257 (sm_state_map::remap_svalue_ids): Likewise.
4258 (sm_state_map::on_svalue_purge): Likewise.
4259 (sm_state_map::validate): Likewise.
4260 * program-state.h (sm_state_map::iterator_t): Likewise.
4261 * supergraph.h (superedge::superedge): Specify template for base
4262 class initializer.
4263
648796da
DM		 42642020-01-23 David Malcolm <dmalcolm@redhat.com>
4265
4266 PR analyzer/93375
4267 * supergraph.cc (callgraph_superedge::get_arg_for_parm): Fail
4268 gracefully is the number of parameters at the callee exceeds the
4269 number of arguments at the call stmt.
4270 (callgraph_superedge::get_parm_for_arg): Likewise.
4271
591b59eb
DM		 42722020-01-22 David Malcolm <dmalcolm@redhat.com>
4273
4274 PR analyzer/93382
4275 * program-state.cc (sm_state_map::on_svalue_purge): If the
4276 entry survives, but the origin is being purged, then reset the
4277 origin to null.
4278
c9c8aef4
DM		 42792020-01-22 David Malcolm <dmalcolm@redhat.com>
4280
4281 * sm-signal.cc: Fix nesting of CHECKING_P and namespace ana.
4282
fd9982bb
DM		 42832020-01-22 David Malcolm <dmalcolm@redhat.com>
4284
4285 PR analyzer/93378
4286 * engine.cc (setjmp_svalue::compare_fields): Update for
4287 replacement of m_enode with m_setjmp_record.
4288 (setjmp_svalue::add_to_hash): Likewise.
4289 (setjmp_svalue::get_index): Rename...
4290 (setjmp_svalue::get_enode_index): ...to this.
4291 (setjmp_svalue::print_details): Update for replacement of m_enode
4292 with m_setjmp_record.
4293 (exploded_node::on_longjmp): Likewise.
4294 * exploded-graph.h (rewind_info_t::m_enode_origin): Replace...
4295 (rewind_info_t::m_setjmp_record): ...with this.
4296 (rewind_info_t::rewind_info_t): Update for replacement of m_enode
4297 with m_setjmp_record.
4298 (rewind_info_t::get_setjmp_point): Likewise.
4299 (rewind_info_t::get_setjmp_call): Likewise.
4300 * region-model.cc (region_model::dump_summary_of_map): Likewise.
4301 (region_model::on_setjmp): Likewise.
4302 * region-model.h (struct setjmp_record): New struct.
4303 (setjmp_svalue::m_enode): Replace...
4304 (setjmp_svalue::m_setjmp_record): ...with this.
4305 (setjmp_svalue::setjmp_svalue): Update for replacement of m_enode
4306 with m_setjmp_record.
4307 (setjmp_svalue::clone): Likewise.
4308 (setjmp_svalue::get_index): Rename...
4309 (setjmp_svalue::get_enode_index): ...to this.
4310 (setjmp_svalue::get_exploded_node): Replace...
4311 (setjmp_svalue::get_setjmp_record): ...with this.
4312
da7cf663
DM		 43132020-01-22 David Malcolm <dmalcolm@redhat.com>
4314
4315 PR analyzer/93316
4316 * analyzer.cc (is_setjmp_call_p): Check for "setjmp" as well as
4317 "_setjmp".
4318
75038aa6
DM		 43192020-01-22 David Malcolm <dmalcolm@redhat.com>
4320
4321 PR analyzer/93307
4322 * analysis-plan.h: Wrap everything namespace "ana".
4323 * analyzer-logging.cc: Likewise.
4324 * analyzer-logging.h: Likewise.
4325 * analyzer-pass.cc (pass_analyzer::execute): Update for "ana"
4326 namespace.
4327 * analyzer-selftests.cc: Wrap everything namespace "ana".
4328 * analyzer-selftests.h: Likewise.
4329 * analyzer.h: Likewise for forward decls of types.
4330 * call-string.h: Likewise.
4331 * checker-path.cc: Likewise.
4332 * checker-path.h: Likewise.
4333 * constraint-manager.cc: Likewise.
4334 * constraint-manager.h: Likewise.
4335 * diagnostic-manager.cc: Likewise.
4336 * diagnostic-manager.h: Likewise.
4337 * engine.cc: Likewise.
4338 * engine.h: Likewise.
4339 * exploded-graph.h: Likewise.
4340 * function-set.cc: Likewise.
4341 * function-set.h: Likewise.
4342 * pending-diagnostic.cc: Likewise.
4343 * pending-diagnostic.h: Likewise.
4344 * program-point.cc: Likewise.
4345 * program-point.h: Likewise.
4346 * program-state.cc: Likewise.
4347 * program-state.h: Likewise.
4348 * region-model.cc: Likewise.
4349 * region-model.h: Likewise.
4350 * sm-file.cc: Likewise.
4351 * sm-malloc.cc: Likewise.
4352 * sm-pattern-test.cc: Likewise.
4353 * sm-sensitive.cc: Likewise.
4354 * sm-signal.cc: Likewise.
4355 * sm-taint.cc: Likewise.
4356 * sm.cc: Likewise.
4357 * sm.h: Likewise.
4358 * state-purge.h: Likewise.
4359 * supergraph.cc: Likewise.
4360 * supergraph.h: Likewise.
4361
4f01e577
DM		 43622020-01-21 David Malcolm <dmalcolm@redhat.com>
4363
4364 PR analyzer/93352
4365 * region-model.cc (int_cmp): Rename to...
4366 (array_region::key_cmp): ...this, using key_t rather than int.
4367 Rewrite in terms of comparisons rather than subtraction to
4368 ensure qsort is anti-symmetric when handling extreme values.
4369 (array_region::walk_for_canonicalization): Update for above
4370 renaming.
4371 * region-model.h (array_region::key_cmp): New decl.
4372
07c86323
DM		 43732020-01-17 David Malcolm <dmalcolm@redhat.com>
4374
4375 PR analyzer/93290
4376 * region-model.cc (region_model::eval_condition_without_cm): Avoid
4377 gcc_unreachable for unexpected operations for the case where
4378 we're comparing an svalue against itself.
4379
5f030383
DM		 43802020-01-17 David Malcolm <dmalcolm@redhat.com>
4381
4382 PR analyzer/93281
4383 * region-model.cc
4384 (region_model::convert_byte_offset_to_array_index): Convert to
4385 ssizetype before dividing by byte_size. Use fold_binary rather
4386 than fold_build2 to avoid needlessly constructing a tree for the
4387 non-const case.
4388
49e9a999
DM		 43892020-01-15 David Malcolm <dmalcolm@redhat.com>
4390
4391 * engine.cc (class impl_region_model_context): Fix comment.
4392
32077b69
DM		 43932020-01-14 David Malcolm <dmalcolm@redhat.com>
4394
4395 PR analyzer/93212
4396 * region-model.cc (make_region_for_type): Use
4397 FUNC_OR_METHOD_TYPE_P rather than comparing against FUNCTION_TYPE.
4398 * region-model.h (function_region::function_region): Likewise.
4399
7fb3669e
DM		 44002020-01-14 David Malcolm <dmalcolm@redhat.com>
4401
4402 * program-state.cc (sm_state_map::clone_with_remapping): Copy
4403 m_global_state.
4404 (selftest::test_program_state_merging_2): New selftest.
4405 (selftest::analyzer_program_state_cc_tests): Call it.
4406
e2a538b1
DM		 44072020-01-14 David Malcolm <dmalcolm@redhat.com>
4408
4409 * checker-path.h (checker_path::get_checker_event): New function.
4410 (checker_path): Add DISABLE_COPY_AND_ASSIGN; make fields private.
4411 * diagnostic-manager.cc
4412 (diagnostic_manager::prune_for_sm_diagnostic): Replace direct
4413 access to checker_path::m_events with accessor functions. Fix
4414 overlong line.
4415 (diagnostic_manager::prune_interproc_events): Replace direct
4416 access to checker_path::m_events with accessor functions.
4417 (diagnostic_manager::finish_pruning): Likewise.
4418
94946989
DM		 44192020-01-14 David Malcolm <dmalcolm@redhat.com>
4420
4421 * checker-path.h (checker_event::clone): Delete vfunc decl.
4422 (debug_event::clone): Delete vfunc impl.
4423 (custom_event::clone): Delete vfunc impl.
4424 (statement_event::clone): Delete vfunc impl.
4425 (function_entry_event::clone): Delete vfunc impl.
4426 (state_change_event::clone): Delete vfunc impl.
4427 (start_cfg_edge_event::clone): Delete vfunc impl.
4428 (end_cfg_edge_event::clone): Delete vfunc impl.
4429 (call_event::clone): Delete vfunc impl.
4430 (return_event::clone): Delete vfunc impl.
4431 (setjmp_event::clone): Delete vfunc impl.
4432 (rewind_from_longjmp_event::clone): Delete vfunc impl.
4433 (rewind_to_setjmp_event::clone): Delete vfunc impl.
4434 (warning_event::clone): Delete vfunc impl.
4435
718930c0
DM		 44362020-01-14 David Malcolm <dmalcolm@redhat.com>
4437
4438 * supergraph.cc (supernode::dump_dot): Ensure that the TABLE
4439 element has at least one TR.
4440
8397af8e
DM		 44412020-01-14 David Malcolm <dmalcolm@redhat.com>
4442
4443 PR analyzer/58237
4444 * engine.cc (leak_stmt_finder::find_stmt): Use get_pure_location
4445 when comparing against UNKNOWN_LOCATION.
4446 (stmt_requires_new_enode_p): Likewise.
4447 (exploded_graph::dump_exploded_nodes): Likewise.
4448 * supergraph.cc (supernode::get_start_location): Likewise.
4449 (supernode::get_end_location): Likewise.
4450
697251b7
DM		 44512020-01-14 David Malcolm <dmalcolm@redhat.com>
4452
4453 PR analyzer/58237
4454 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
4455 selftest::analyzer_sm_file_cc_tests.
4456 * analyzer-selftests.h (selftest::analyzer_sm_file_cc_tests): New
4457 decl.
4458 * sm-file.cc: Include "analyzer/function-set.h" and
4459 "analyzer/analyzer-selftests.h".
4460 (get_file_using_fns): New function.
4461 (is_file_using_fn_p): New function.
4462 (fileptr_state_machine::on_stmt): Return true for known functions.
4463 (selftest::analyzer_sm_file_cc_tests): New function.
4464
4804c5fe
DM		 44652020-01-14 David Malcolm <dmalcolm@redhat.com>
4466
4467 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
4468 selftest::analyzer_sm_signal_cc_tests.
4469 * analyzer-selftests.h (selftest::analyzer_sm_signal_cc_tests):
4470 New decl.
4471 * sm-signal.cc: Include "analyzer/function-set.h" and
4472 "analyzer/analyzer-selftests.h".
4473 (get_async_signal_unsafe_fns): New function.
4474 (signal_unsafe_p): Reimplement in terms of the above.
4475 (selftest::analyzer_sm_signal_cc_tests): New function.
4476
a6b5f19c
DM		 44772020-01-14 David Malcolm <dmalcolm@redhat.com>
4478
4479 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
4480 selftest::analyzer_function_set_cc_tests.
4481 * analyzer-selftests.h (selftest::analyzer_function_set_cc_tests):
4482 New decl.
4483 * function-set.cc: New file.
4484 * function-set.h: New file.
4485
ef7827b0
DM		 44862020-01-14 David Malcolm <dmalcolm@redhat.com>
4487
4488 * analyzer.h (fndecl_has_gimple_body_p): New decl.
4489 * engine.cc (impl_region_model_context::on_unknown_change): New
4490 function.
4491 (fndecl_has_gimple_body_p): Make non-static.
4492 (exploded_node::on_stmt): Treat __analyzer_dump_exploded_nodes as
4493 known. Track whether we have a call with unknown side-effects and
4494 pass it to on_call_post.
4495 * exploded-graph.h (impl_region_model_context::on_unknown_change):
4496 New decl.
4497 * program-state.cc (sm_state_map::on_unknown_change): New function.
4498 * program-state.h (sm_state_map::on_unknown_change): New decl.
4499 * region-model.cc: Include "bitmap.h".
4500 (region_model::on_call_pre): Return a bool, capturing whether the
4501 call has unknown side effects.
4502 (region_model::on_call_post): Add arg "bool unknown_side_effects"
4503 and if true, call handle_unrecognized_call.
4504 (class reachable_regions): New class.
4505 (region_model::handle_unrecognized_call): New function.
4506 * region-model.h (region_model::on_call_pre): Return a bool.
4507 (region_model::on_call_post): Add arg "bool unknown_side_effects".
4508 (region_model::handle_unrecognized_call): New decl.
4509 (region_model_context::on_unknown_change): New vfunc.
4510 (test_region_model_context::on_unknown_change): New function.
4511
14f9d7b9
DM		 45122020-01-14 David Malcolm <dmalcolm@redhat.com>
4513
4514 * diagnostic-manager.cc (saved_diagnostic::operator==): Move here
4515 from header. Replace pointer equality test on m_var with call to
4516 pending_diagnostic::same_tree_p.
4517 * diagnostic-manager.h (saved_diagnostic::operator==): Move to
4518 diagnostic-manager.cc.
4519 * pending-diagnostic.cc (pending_diagnostic::same_tree_p): New.
4520 * pending-diagnostic.h (pending_diagnostic::same_tree_p): New.
4521 * sm-file.cc (file_diagnostic::subclass_equal_p): Replace pointer
4522 equality on m_arg with call to pending_diagnostic::same_tree_p.
4523 * sm-malloc.cc (malloc_diagnostic::subclass_equal_p): Likewise.
4524 (possible_null_arg::subclass_equal_p): Likewise.
4525 (null_arg::subclass_equal_p): Likewise.
4526 (free_of_non_heap::subclass_equal_p): Likewise.
4527 * sm-pattern-test.cc (pattern_match::operator==): Likewise.
4528 * sm-sensitive.cc (exposure_through_output_file::operator==):
4529 Likewise.
4530 * sm-taint.cc (tainted_array_index::operator==): Likewise.
4531
f474fbd5
DM		 45322020-01-14 David Malcolm <dmalcolm@redhat.com>
4533
4534 * diagnostic-manager.cc (dedupe_winners::add): Add logging
4535 of deduplication decisions made.
4536
757bf1df
DM		 45372020-01-14 David Malcolm <dmalcolm@redhat.com>
4538
4539 * ChangeLog: New file.
4540 * analyzer-selftests.cc: New file.
4541 * analyzer-selftests.h: New file.
4542 * analyzer.opt: New file.
4543 * analysis-plan.cc: New file.
4544 * analysis-plan.h: New file.
4545 * analyzer-logging.cc: New file.
4546 * analyzer-logging.h: New file.
4547 * analyzer-pass.cc: New file.
4548 * analyzer.cc: New file.
4549 * analyzer.h: New file.
4550 * call-string.cc: New file.
4551 * call-string.h: New file.
4552 * checker-path.cc: New file.
4553 * checker-path.h: New file.
4554 * constraint-manager.cc: New file.
4555 * constraint-manager.h: New file.
4556 * diagnostic-manager.cc: New file.
4557 * diagnostic-manager.h: New file.
4558 * engine.cc: New file.
4559 * engine.h: New file.
4560 * exploded-graph.h: New file.
4561 * pending-diagnostic.cc: New file.
4562 * pending-diagnostic.h: New file.
4563 * program-point.cc: New file.
4564 * program-point.h: New file.
4565 * program-state.cc: New file.
4566 * program-state.h: New file.
4567 * region-model.cc: New file.
4568 * region-model.h: New file.
4569 * sm-file.cc: New file.
4570 * sm-malloc.cc: New file.
4571 * sm-malloc.dot: New file.
4572 * sm-pattern-test.cc: New file.
4573 * sm-sensitive.cc: New file.
4574 * sm-signal.cc: New file.
4575 * sm-taint.cc: New file.
4576 * sm.cc: New file.
4577 * sm.h: New file.
4578 * state-purge.cc: New file.
4579 * state-purge.h: New file.
4580 * supergraph.cc: New file.
4581 * supergraph.h: New file.
4582
45832019-12-13 David Malcolm <dmalcolm@redhat.com>
4584
4585 * Initial creation
4586
4587\f
c48514be 4588Copyright (C) 2019-2021 Free Software Foundation, Inc.
757bf1df
DM		 4589
4590Copying and distribution of this file, with or without modification,
4591are permitted in any medium without royalty provided the copyright
4592notice and this notice are preserved.
Mirror of https://gcc.gnu.org/git/gcc.git