]> git.ipfire.org Git - thirdparty/gcc.git/blame - gcc/analyzer/ChangeLog
projects / thirdparty / gcc.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
compile, runtime: make selectnbrecv return two values
[thirdparty/gcc.git] / gcc / analyzer / ChangeLog
CommitLineData
4d17ca1b
GA		 12021-07-29 Ankur Saini <arsenic@sourceware.org>
2
3 * call-string.cc (call_string::element_t::operator==): New operator.
4 (call_String::element_t::operator!=): New operator.
5 (call_string::element_t::get_caller_function): New function.
6 (call_string::element_t::get_callee_function): New function.
7 (call_string::call_string): Refactor to Initialise m_elements.
8 (call_string::operator=): Refactor to work with m_elements.
9 (call_string::operator==): Likewise.
10 (call_string::to_json): Likewise.
11 (call_string::hash): Refactor to hash e.m_caller.
12 (call_string::push_call): Refactor to work with m_elements.
13 (call_string::push_call): New overload to push call via supernodes.
14 (call_string::pop): Refactor to work with m_elements.
15 (call_string::calc_recursion_depth): Likewise.
16 (call_string::cmp): Likewise.
17 (call_string::validate): Likewise.
18 (call_string::operator[]): Likewise.
19 * call-string.h (class supernode): New forward decl.
20 (struct call_string::element_t): New struct.
21 (call_string::call_string): Refactor to initialise m_elements.
22 (call_string::bool empty_p): Refactor to work with m_elements.
23 (call_string::get_callee_node): New decl.
24 (call_string::get_caller_node): New decl.
25 (m_elements): Replaces m_return_edges.
26 * program-point.cc (program_point::get_function_at_depth): Refactor to
27 work with new call-string format.
28 (program_point::validate): Likewise.
29 (program_point::on_edge): Likewise.
30
39169029
GA		 312021-07-28 David Malcolm <dmalcolm@redhat.com>
32
33 * region-model.cc (region_model::on_call_pre): Treat
34 IFN_UBSAN_BOUNDS, BUILT_IN_STACK_SAVE, and BUILT_IN_STACK_RESTORE
35 as no-ops, rather than handling them as unknown functions.
36
372021-07-28 David Malcolm <dmalcolm@redhat.com>
38
39 * region-model-impl-calls.cc (region_model::impl_call_alloca):
40 Drop redundant return value.
41 (region_model::impl_call_builtin_expect): Likewise.
42 (region_model::impl_call_calloc): Likewise.
43 (region_model::impl_call_malloc): Likewise.
44 (region_model::impl_call_memset): Likewise.
45 (region_model::impl_call_operator_new): Likewise.
46 (region_model::impl_call_operator_delete): Likewise.
47 (region_model::impl_call_strlen): Likewise.
48 * region-model.cc (region_model::on_call_pre): Fix return value of
49 known functions that don't have unknown side-effects.
50 * region-model.h (region_model::impl_call_alloca): Drop redundant
51 return value.
52 (region_model::impl_call_builtin_expect): Likewise.
53 (region_model::impl_call_calloc): Likewise.
54 (region_model::impl_call_malloc): Likewise.
55 (region_model::impl_call_memset): Likewise.
56 (region_model::impl_call_strlen): Likewise.
57 (region_model::impl_call_operator_new): Likewise.
58 (region_model::impl_call_operator_delete): Likewise.
59
602021-07-28 Siddhesh Poyarekar <siddhesh@gotplt.org>
61
62 * analyzer.cc (is_named_call_p, is_std_named_call_p): Make
63 first argument a const_tree.
64 * analyzer.h (is_named_call_p, -s_std_named_call_p): Likewise.
65 * sm-malloc.cc (known_allocator_p): New function.
66 (malloc_state_machine::on_stmt): Use it.
67
682021-07-28 Siddhesh Poyarekar <siddhesh@gotplt.org>
69
70 * sm-malloc.cc
71 (malloc_state_machine::get_or_create_deallocator): Recognize
72 __builtin_free.
73
1a7febe9
GA		 742021-07-26 David Malcolm <dmalcolm@redhat.com>
75
76 * region-model.cc (region_model::on_call_pre): Always set conjured
77 LHS, not just for SSA names.
78
ead235f6
GA		 792021-07-23 David Malcolm <dmalcolm@redhat.com>
80
81 * diagnostic-manager.cc
82 (class auto_disable_complexity_checks): New.
83 (epath_finder::explore_feasible_paths): Use it to disable
84 complexity checks whilst processing the worklist.
85 * region-model-manager.cc
86 (region_model_manager::region_model_manager): Initialize
87 m_check_complexity.
88 (region_model_manager::reject_if_too_complex): Bail if
89 m_check_complexity is false.
90 * region-model.h
91 (region_model_manager::enable_complexity_check): New.
92 (region_model_manager::disable_complexity_check): New.
93 (region_model_manager::m_check_complexity): New.
94
419c6c68
GA		 952021-07-21 David Malcolm <dmalcolm@redhat.com>
96
97 PR analyzer/101547
98 * sm-file.cc (file_leak::emit): Handle m_arg being NULL.
99 (file_leak::describe_final_event): Handle ev.m_expr being NULL.
100
1012021-07-21 David Malcolm <dmalcolm@redhat.com>
102
103 PR analyzer/101522
104 * store.cc (binding_cluster::purge_state_involving): Don't change
105 m_map whilst iterating through it.
106
1072021-07-21 David Malcolm <dmalcolm@redhat.com>
108
109 * region-model.cc (region_model::handle_phi): Add "old_state"
110 param and use it.
111 (region_model::update_for_phis): Update so that all of the phi
112 stmts are effectively handled simultaneously, rather than in
113 order.
114 * region-model.h (region_model::handle_phi): Add "old_state"
115 param.
116 * state-purge.cc (self_referential_phi_p): Replace with...
117 (name_used_by_phis_p): ...this new function.
118 (state_purge_per_ssa_name::process_point): Update to use the
119 above, so that all phi stmts at a basic block are effectively
120 considered simultaneously, and only consider the phi arguments for
121 the pertinent in-edge.
122 * supergraph.cc (cfg_superedge::get_phi_arg_idx): New.
123 (cfg_superedge::get_phi_arg): Use the above.
124 * supergraph.h (cfg_superedge::get_phi_arg_idx): New decl.
125
1262021-07-21 David Malcolm <dmalcolm@redhat.com>
127
128 * state-purge.cc (state_purge_annotator::add_node_annotations):
129 Rather than erroneously always using the NULL in-edge, determine
130 each relevant in-edge, and print the appropriate data for each
131 in-edge. Use print_needed to print the data as comma-separated
132 lists of SSA names.
133 (print_vec_of_names): Add "within_table" param and use it.
134 (state_purge_annotator::add_stmt_annotations): Factor out
135 collation and printing code into...
136 (state_purge_annotator::print_needed): ...this new function.
137 * state-purge.h (state_purge_annotator::print_needed): New decl.
138
1392021-07-21 David Malcolm <dmalcolm@redhat.com>
140
141 * program-point.cc (function_point::print): Show src BB index at
142 BEFORE_SUPERNODE.
143
1442021-07-21 David Malcolm <dmalcolm@redhat.com>
145
146 * svalue.cc (infix_p): New.
147 (binop_svalue::dump_to_pp): Use it to print MIN_EXPR and MAX_EXPR
148 in prefix form, rather than infix.
149
21ea2f93
GA		 1502021-07-19 David Malcolm <dmalcolm@redhat.com>
151
152 PR analyzer/101503
153 * constraint-manager.cc (constraint_manager::add_constraint): Use
154 can_have_associated_state_p rather than testing for unknown.
155 (constraint_manager::get_or_add_equiv_class): Likewise.
156 * program-state.cc (sm_state_map::set_state): Likewise.
157 (sm_state_map::impl_set_state): Add assertion.
158 * region-model-manager.cc
159 (region_model_manager::maybe_fold_unaryop): Handle poisoned
160 values.
161 (region_model_manager::maybe_fold_binop): Move handling of unknown
162 values...
163 (region_model_manager::get_or_create_binop): ...to here, and
164 generalize to use can_have_associated_state_p.
165 (region_model_manager::maybe_fold_sub_svalue): Use
166 can_have_associated_state_p rather than testing for unknown.
167 (region_model_manager::maybe_fold_repeated_svalue): Use unknown
168 when the size or repeated value is "unknown"/"poisoned".
169 * region-model.cc (region_model::purge_state_involving): Reject
170 attempts to purge unknown/poisoned svalues, as these svalues
171 should not have state associated with them.
172 * svalue.cc (sub_svalue::sub_svalue): Assert that we're building
173 on top of an svalue with can_have_associated_state_p.
174 (repeated_svalue::repeated_svalue): Likewise.
175 (bits_within_svalue::bits_within_svalue): Likewise.
176 * svalue.h (svalue::can_have_associated_state_p): New.
177 (unknown_svalue::can_have_associated_state_p): New.
178 (poisoned_svalue::can_have_associated_state_p): New.
179 (unaryop_svalue::unaryop_svalue): Assert that we're building on
180 top of an svalue with can_have_associated_state_p.
181 (binop_svalue::binop_svalue): Likewise.
182 (widening_svalue::widening_svalue): Likewise.
183
87277b6a
GA		 1842021-07-16 David Malcolm <dmalcolm@redhat.com>
185
186 * analyzer.h (enum access_direction): New.
187 * engine.cc (exploded_node::on_longjmp): Update for new param of
188 get_store_value.
189 * program-state.cc (program_state::prune_for_point): Likewise.
190 * region-model-impl-calls.cc (region_model::impl_call_memcpy):
191 Replace call to check_for_writable_region with call to
192 check_region_for_write.
193 (region_model::impl_call_memset): Likewise.
194 (region_model::impl_call_strcpy): Likewise.
195 * region-model-reachability.cc (reachable_regions::add): Update
196 for new param of get_store_value.
197 * region-model.cc (region_model::get_rvalue_1): Likewise, also for
198 get_rvalue_for_bits.
199 (region_model::get_store_value): Add ctxt param and use it to call
200 check_region_for_read.
201 (region_model::get_rvalue_for_bits): Add ctxt param and use it to
202 call get_store_value.
203 (region_model::check_region_access): New.
204 (region_model::check_region_for_write): New.
205 (region_model::check_region_for_read): New.
206 (region_model::set_value): Update comment. Replace call to
207 check_for_writable_region with call to check_region_for_write.
208 * region-model.h (region_model::get_rvalue_for_bits): Add ctxt
209 param.
210 (region_model::get_store_value): Add ctxt param.
211 (region_model::check_region_access): New decl.
212 (region_model::check_region_for_write): New decl.
213 (region_model::check_region_for_read): New decl.
214 * region.cc (region_model::copy_region): Update call to
215 get_store_value.
216 * svalue.cc (initial_svalue::implicitly_live_p): Likewise.
217
2182021-07-16 David Malcolm <dmalcolm@redhat.com>
219
220 * engine.cc (exploded_node::on_stmt_pre): Handle
221 __analyzer_dump_state.
222 * program-state.cc (extrinsic_state::get_sm_idx_by_name): New.
223 (program_state::impl_call_analyzer_dump_state): New.
224 * program-state.h (extrinsic_state::get_sm_idx_by_name): New decl.
225 (program_state::impl_call_analyzer_dump_state): New decl.
226 * region-model-impl-calls.cc
227 (call_details::get_arg_string_literal): New.
228 * region-model.h (call_details::get_arg_string_literal): New decl.
229
2302021-07-16 David Malcolm <dmalcolm@redhat.com>
231
232 * program-state.cc (program_state::detect_leaks): Simplify using
233 svalue::maybe_get_region.
234 * region-model-impl-calls.cc (region_model::impl_call_fgets): Likewise.
235 (region_model::impl_call_fread): Likewise.
236 (region_model::impl_call_free): Likewise.
237 (region_model::impl_call_operator_delete): Likewise.
238 * region-model.cc (selftest::test_stack_frames): Likewise.
239 (selftest::test_state_merging): Likewise.
240 * svalue.cc (svalue::maybe_get_region): New.
241 * svalue.h (svalue::maybe_get_region): New decl.
242
d97d71a1
GA		 2432021-07-15 David Malcolm <dmalcolm@redhat.com>
244
245 * svalue.h (is_a_helper <placeholder_svalue *>::test): Make
246 param and template param const.
247 (is_a_helper <widening_svalue *>::test): Likewise.
248 (is_a_helper <compound_svalue *>::test): Likewise.
249 (is_a_helper <conjured_svalue *>::test): Likewise.
250
2512021-07-15 David Malcolm <dmalcolm@redhat.com>
252
253 PR analyzer/95006
254 PR analyzer/94713
255 PR analyzer/94714
256 * analyzer.cc (maybe_reconstruct_from_def_stmt): Split out
257 GIMPLE_ASSIGN case into...
258 (get_diagnostic_tree_for_gassign_1): New.
259 (get_diagnostic_tree_for_gassign): New.
260 * analyzer.h (get_diagnostic_tree_for_gassign): New decl.
261 * analyzer.opt (Wanalyzer-write-to-string-literal): New.
262 * constraint-manager.cc (class svalue_purger): New.
263 (constraint_manager::purge_state_involving): New.
264 * constraint-manager.h
265 (constraint_manager::purge_state_involving): New.
266 * diagnostic-manager.cc (saved_diagnostic::supercedes_p): New.
267 (dedupe_winners::handle_interactions): New.
268 (diagnostic_manager::emit_saved_diagnostics): Call it.
269 * diagnostic-manager.h (saved_diagnostic::supercedes_p): New decl.
270 * engine.cc (impl_region_model_context::warn): Convert return type
271 to bool. Return false if the diagnostic isn't saved.
272 (impl_region_model_context::purge_state_involving): New.
273 (impl_sm_context::get_state): Use NULL ctxt when querying old
274 rvalue.
275 (impl_sm_context::set_next_state): Use new sval when querying old
276 state.
277 (class dump_path_diagnostic): Move to region-model.cc
278 (exploded_node::on_stmt): Move to on_stmt_pre and on_stmt_post.
279 Remove call to purge_state_involving.
280 (exploded_node::on_stmt_pre): New, based on the above. Move most
281 of it to region_model::on_stmt_pre.
282 (exploded_node::on_stmt_post): Likewise, moving to
283 region_model::on_stmt_post.
284 (class stale_jmp_buf): Fix parent class to use curiously recurring
285 template pattern.
286 (feasibility_state::maybe_update_for_edge): Call on_call_pre and
287 on_call_post on gcalls.
288 * exploded-graph.h (impl_region_model_context::warn): Return bool.
289 (impl_region_model_context::purge_state_involving): New decl.
290 (exploded_node::on_stmt_pre): New decl.
291 (exploded_node::on_stmt_post): New decl.
292 * pending-diagnostic.h (pending_diagnostic::use_of_uninit_p): New.
293 (pending_diagnostic::supercedes_p): New.
294 * program-state.cc (sm_state_map::get_state): Inherit state for
295 conjured_svalue as well as initial_svalue.
296 (sm_state_map::purge_state_involving): Also support SK_CONJURED.
297 * region-model-impl-calls.cc (call_details::get_uncertainty):
298 Handle m_ctxt being NULL.
299 (call_details::get_or_create_conjured_svalue): New.
300 (region_model::impl_call_fgets): New.
301 (region_model::impl_call_fread): New.
302 * region-model-manager.cc
303 (region_model_manager::get_or_create_initial_value): Return an
304 uninitialized poisoned value for regions that can't have initial
305 values.
306 * region-model-reachability.cc
307 (reachable_regions::mark_escaped_clusters): Handle ctxt being
308 NULL.
309 * region-model.cc (region_to_value_map::purge_state_involving): New.
310 (poisoned_value_diagnostic::use_of_uninit_p): New.
311 (poisoned_value_diagnostic::emit): Handle POISON_KIND_UNINIT.
312 (poisoned_value_diagnostic::describe_final_event): Likewise.
313 (region_model::check_for_poison): New.
314 (region_model::on_assignment): Call it.
315 (class dump_path_diagnostic): Move here from engine.cc.
316 (region_model::on_stmt_pre): New, based on exploded_node::on_stmt.
317 (region_model::on_call_pre): Move the setting of the LHS to a
318 conjured svalue to before the checks for specific functions.
319 Handle "fgets", "fgets_unlocked", and "fread".
320 (region_model::purge_state_involving): New.
321 (region_model::handle_unrecognized_call): Handle ctxt being NULL.
322 (region_model::get_rvalue): Call check_for_poison.
323 (selftest::test_stack_frames): Use NULL for context when getting
324 uninitialized rvalue.
325 (selftest::test_alloca): Likewise.
326 * region-model.h (region_to_value_map::purge_state_involving): New
327 decl.
328 (call_details::get_or_create_conjured_svalue): New decl.
329 (region_model::on_stmt_pre): New decl.
330 (region_model::purge_state_involving): New decl.
331 (region_model::impl_call_fgets): New decl.
332 (region_model::impl_call_fread): New decl.
333 (region_model::check_for_poison): New decl.
334 (region_model_context::warn): Return bool.
335 (region_model_context::purge_state_involving): New.
336 (noop_region_model_context::warn): Return bool.
337 (noop_region_model_context::purge_state_involving): New.
338 (test_region_model_context:: warn): Return bool.
339 * region.cc (region::get_memory_space): New.
340 (region::can_have_initial_svalue_p): New.
341 (region::involves_p): New.
342 * region.h (enum memory_space): New.
343 (region::get_memory_space): New decl.
344 (region::can_have_initial_svalue_p): New decl.
345 (region::involves_p): New decl.
346 * sm-malloc.cc (use_after_free::supercedes_p): New.
347 * store.cc (binding_cluster::purge_state_involving): New.
348 (store::purge_state_involving): New.
349 * store.h (class symbolic_binding): New forward decl.
350 (binding_key::dyn_cast_symbolic_binding): New.
351 (symbolic_binding::dyn_cast_symbolic_binding): New.
352 (binding_cluster::purge_state_involving): New.
353 (store::purge_state_involving): New.
354 * svalue.cc (svalue::can_merge_p): Reject attempts to merge
355 poisoned svalues with other svalues, so that we identify
356 paths in which a variable is conditionally uninitialized.
357 (involvement_visitor::visit_conjured_svalue): New.
358 (svalue::involves_p): Also handle SK_CONJURED.
359 (poison_kind_to_str): Handle POISON_KIND_UNINIT.
360 (poisoned_svalue::maybe_fold_bits_within): New.
361 * svalue.h (enum poison_kind): Add POISON_KIND_UNINIT.
362 (poisoned_svalue::maybe_fold_bits_within): New decl.
363
3642021-07-15 David Malcolm <dmalcolm@redhat.com>
365
366 * analyzer.opt (fdump-analyzer-exploded-paths): New.
367 * diagnostic-manager.cc
368 (diagnostic_manager::emit_saved_diagnostic): Implement it.
369 * engine.cc (exploded_path::dump_to_pp): Add ext_state param and
370 use it to dump states if non-NULL.
371 (exploded_path::dump): Likewise.
372 (exploded_path::dump_to_file): New.
373 * exploded-graph.h (exploded_path::dump_to_pp): Add ext_state
374 param.
375 (exploded_path::dump): Likewise.
376 (exploded_path::dump): Likewise.
377 (exploded_path::dump_to_file): New.
378
3792021-07-15 David Malcolm <dmalcolm@redhat.com>
380
381 * analyzer.cc (fixup_tree_for_diagnostic_1): Use DECL_DEBUG_EXPR
382 if it's available.
383 * engine.cc (readability): Likewise.
384
3852021-07-15 David Malcolm <dmalcolm@redhat.com>
386
387 * state-purge.cc (self_referential_phi_p): New.
388 (state_purge_per_ssa_name::process_point): Don't purge an SSA name
389 at its def-stmt if the def-stmt is self-referential.
390
c24a9707
GA		 3912021-07-07 David Malcolm <dmalcolm@redhat.com>
392
393 * diagnostic-manager.cc (null_assignment_sm_context::get_state):
394 New overload.
395 (null_assignment_sm_context::set_next_state): New overload.
396 (null_assignment_sm_context::get_diagnostic_tree): New.
397 * engine.cc (impl_sm_context::get_state): New overload.
398 (impl_sm_context::set_next_state): New overload.
399 (impl_sm_context::get_diagnostic_tree): New overload.
400 (impl_region_model_context::on_condition): Convert params from
401 tree to const svalue *.
402 * exploded-graph.h (impl_region_model_context::on_condition):
403 Likewise.
404 * region-model.cc (region_model::on_call_pre): Move handling of
405 internal calls to before checking for get_fndecl_for_call.
406 (region_model::add_constraints_from_binop): New.
407 (region_model::add_constraint): Split out into a new overload
408 working on const svalue * rather than tree. Call
409 add_constraints_from_binop. Drop call to
410 add_any_constraints_from_ssa_def_stmt.
411 (region_model::add_any_constraints_from_ssa_def_stmt): Delete.
412 (region_model::add_any_constraints_from_gassign): Delete.
413 (region_model::add_any_constraints_from_gcall): Delete.
414 * region-model.h
415 (region_model::add_any_constraints_from_ssa_def_stmt): Delete.
416 (region_model::add_any_constraints_from_gassign): Delete.
417 (region_model::add_any_constraints_from_gcall): Delete.
418 (region_model::add_constraint): Add overload decl.
419 (region_model::add_constraints_from_binop): New decl.
420 (region_model_context::on_condition): Convert params from tree to
421 const svalue *.
422 (noop_region_model_context::on_condition): Likewise.
423 * sm-file.cc (fileptr_state_machine::condition): Likewise.
424 * sm-malloc.cc (malloc_state_machine::on_condition): Likewise.
425 * sm-pattern-test.cc: Include tristate.h, selftest.h,
426 analyzer/call-string.h, analyzer/program-point.h,
427 analyzer/store.h, and analyzer/region-model.h.
428 (pattern_test_state_machine::on_condition): Convert params from tree to
429 const svalue *.
430 * sm-sensitive.cc (sensitive_state_machine::on_condition): Delete.
431 * sm-signal.cc (signal_state_machine::on_condition): Delete.
432 * sm-taint.cc (taint_state_machine::on_condition): Convert params
433 from tree to const svalue *.
434 * sm.cc: Include tristate.h, selftest.h, analyzer/call-string.h,
435 analyzer/program-point.h, analyzer/store.h, and
436 analyzer/region-model.h.
437 (any_pointer_p): Add overload taking const svalue *sval.
438 * sm.h (any_pointer_p): Add overload taking const svalue *sval.
439 (state_machine::on_condition): Convert params from tree to
440 const svalue *. Provide no-op default implementation.
441 (sm_context::get_state): Add overload taking const svalue *sval.
442 (sm_context::set_next_state): Likewise.
443 (sm_context::on_transition): Likewise.
444 (sm_context::get_diagnostic_tree): Likewise.
445 * svalue.cc (svalue::all_zeroes_p): New.
446 (constant_svalue::all_zeroes_p): New.
447 (repeated_svalue::all_zeroes_p): Convert to vfunc.
448 * svalue.h (svalue::all_zeroes_p): New decl.
449 (constant_svalue::all_zeroes_p): New decl.
450 (repeated_svalue::all_zeroes_p): Convert decl to vfunc.
451
25b6bfea
GA		 4522021-06-30 David Malcolm <dmalcolm@redhat.com>
453
454 PR analyzer/95006
455 * analyzer.h (class repeated_svalue): New forward decl.
456 (class bits_within_svalue): New forward decl.
457 (class sized_region): New forward decl.
458 (get_field_at_bit_offset): New forward decl.
459 * engine.cc (exploded_graph::get_or_create_node): Validate the
460 merged state.
461 (exploded_graph::maybe_process_run_of_before_supernode_enodes):
462 Validate the states at each stage.
463 * program-state.cc (program_state::validate): Validate
464 m_region_model.
465 * region-model-impl-calls.cc (region_model::impl_call_memset):
466 Replace special-case logic for handling constant sizes with
467 a call to fill_region of a sized_region with the given fill value.
468 * region-model-manager.cc (maybe_undo_optimize_bit_field_compare):
469 Drop DK_direct.
470 (region_model_manager::maybe_fold_sub_svalue): Fold element-based
471 subregions of an initial value into initial values of an element.
472 Fold subvalues of repeated svalues.
473 (region_model_manager::maybe_fold_repeated_svalue): New.
474 (region_model_manager::get_or_create_repeated_svalue): New.
475 (get_bit_range_for_field): New.
476 (get_byte_range_for_field): New.
477 (get_field_at_byte_range): New.
478 (region_model_manager::maybe_fold_bits_within_svalue): New.
479 (region_model_manager::get_or_create_bits_within): New.
480 (region_model_manager::get_sized_region): New.
481 (region_model_manager::log_stats): Update for addition of
482 m_repeated_values_map, m_bits_within_values_map, and
483 m_sized_regions.
484 * region-model.cc (region_model::validate): New.
485 (region_model::on_assignment): Drop enum binding_kind.
486 (region_model::get_initial_value_for_global): Likewise.
487 (region_model::get_rvalue_for_bits): Replace body with call to
488 get_or_create_bits_within.
489 (region_model::get_capacity): Handle RK_SIZED.
490 (region_model::set_value): Drop enum binding_kind.
491 (region_model::fill_region): New.
492 (region_model::get_representative_path_var_1): Handle RK_SIZED.
493 * region-model.h (visitor::visit_repeated_svalue): New.
494 (visitor::visit_bits_within_svalue): New.
495 (region_model_manager::get_or_create_repeated_svalue): New decl.
496 (region_model_manager::get_or_create_bits_within): New decl.
497 (region_model_manager::get_sized_region): New decl.
498 (region_model_manager::maybe_fold_repeated_svalue): New decl.
499 (region_model_manager::maybe_fold_bits_within_svalue): New decl.
500 (region_model_manager::repeated_values_map_t): New typedef.
501 (region_model_manager::m_repeated_values_map): New field.
502 (region_model_manager::bits_within_values_map_t): New typedef.
503 (region_model_manager::m_bits_within_values_map): New field.
504 (region_model_manager::m_sized_regions): New field.
505 (region_model::fill_region): New decl.
506 * region.cc (region::get_base_region): Handle RK_SIZED.
507 (region::base_region_p): Likewise.
508 (region::get_byte_size_sval): New.
509 (get_field_at_bit_offset): Make non-static.
510 (region::calc_offset): Move implementation of cases to
511 get_relative_concrete_offset vfunc implementations. Handle
512 RK_SIZED.
513 (region::get_relative_concrete_offset): New.
514 (decl_region::get_svalue_for_initializer): Drop enum binding_kind.
515 (field_region::get_relative_concrete_offset): New, from
516 region::calc_offset.
517 (element_region::get_relative_concrete_offset): Likewise.
518 (offset_region::get_relative_concrete_offset): Likewise.
519 (sized_region::accept): New.
520 (sized_region::dump_to_pp): New.
521 (sized_region::get_byte_size): New.
522 (sized_region::get_bit_size): New.
523 * region.h (enum region_kind): Add RK_SIZED.
524 (region::dyn_cast_sized_region): New.
525 (region::get_byte_size): Make virtual.
526 (region::get_bit_size): Likewise.
527 (region::get_byte_size_sval): New decl.
528 (region::get_relative_concrete_offset): New decl.
529 (field_region::get_relative_concrete_offset): New decl.
530 (element_region::get_relative_concrete_offset): Likewise.
531 (offset_region::get_relative_concrete_offset): Likewise.
532 (class sized_region): New.
533 * store.cc (binding_kind_to_string): Delete.
534 (binding_key::make): Drop enum binding_kind.
535 (binding_key::dump_to_pp): Delete.
536 (binding_key::cmp_ptrs): Drop enum binding_kind.
537 (bit_range::contains_p): New.
538 (byte_range::dump): New.
539 (byte_range::contains_p): New.
540 (byte_range::cmp): New.
541 (concrete_binding::dump_to_pp): Drop enum binding_kind.
542 (concrete_binding::cmp_ptr_ptr): Likewise.
543 (symbolic_binding::dump_to_pp): Likewise.
544 (symbolic_binding::cmp_ptr_ptr): Likewise.
545 (binding_map::apply_ctor_val_to_range): Likewise.
546 (binding_map::apply_ctor_pair_to_child_region): Likewise.
547 (binding_map::get_overlapping_bindings): New.
548 (binding_map::remove_overlapping_bindings): New.
549 (binding_cluster::validate): New.
550 (binding_cluster::bind): Drop enum binding_kind.
551 (binding_cluster::bind_compound_sval): Likewise.
552 (binding_cluster::purge_region): Likewise.
553 (binding_cluster::zero_fill_region): Reimplement in terms of...
554 (binding_cluster::fill_region): New.
555 (binding_cluster::mark_region_as_unknown): Drop enum binding_kind.
556 (binding_cluster::get_binding): Likewise.
557 (binding_cluster::get_binding_recursive): Likewise.
558 (binding_cluster::get_any_binding): Likewise.
559 (binding_cluster::maybe_get_compound_binding): Reimplement.
560 (binding_cluster::get_overlapping_bindings): Delete.
561 (binding_cluster::remove_overlapping_bindings): Reimplement in
562 terms of binding_map::remove_overlapping_bindings.
563 (binding_cluster::can_merge_p): Update for removal of
564 enum binding_kind.
565 (binding_cluster::on_unknown_fncall): Drop enum binding_kind.
566 (binding_cluster::maybe_get_simple_value): Likewise.
567 (store_manager::get_concrete_binding): Likewise.
568 (store_manager::get_symbolic_binding): Likewise.
569 (store::validate): New.
570 (store::set_value): Drop enum binding_kind.
571 (store::zero_fill_region): Reimplement in terms of...
572 (store::fill_region): New.
573 (selftest::test_binding_key_overlap): Drop enum binding_kind.
574 * store.h (enum binding_kind): Delete.
575 (binding_kind_to_string): Delete decl.
576 (binding_key::make): Drop enum binding_kind.
577 (binding_key::dump_to_pp): Make pure virtual.
578 (binding_key::get_kind): Delete.
579 (binding_key::mark_deleted): Delete.
580 (binding_key::mark_empty): Delete.
581 (binding_key::is_deleted): Delete.
582 (binding_key::is_empty): Delete.
583 (binding_key::binding_key): Delete.
584 (binding_key::impl_hash): Delete.
585 (binding_key::impl_eq): Delete.
586 (binding_key::m_kind): Delete.
587 (bit_range::get_last_bit_offset): New.
588 (bit_range::contains_p): New.
589 (byte_range::contains_p): New.
590 (byte_range::operator==): New.
591 (byte_range::get_start_byte_offset): New.
592 (byte_range::get_next_byte_offset): New.
593 (byte_range::get_last_byte_offset): New.
594 (byte_range::as_bit_range): New.
595 (byte_range::cmp): New.
596 (concrete_binding::concrete_binding): Drop enum binding_kind.
597 (concrete_binding::hash): Likewise.
598 (concrete_binding::operator==): Likewise.
599 (concrete_binding::mark_deleted): New.
600 (concrete_binding::mark_empty): New.
601 (concrete_binding::is_deleted): New.
602 (concrete_binding::is_empty): New.
603 (default_hash_traits<ana::concrete_binding>::empty_zero_p): Make false.
604 (symbolic_binding::symbolic_binding): Drop enum binding_kind.
605 (symbolic_binding::hash): Likewise.
606 (symbolic_binding::operator==): Likewise.
607 (symbolic_binding::mark_deleted): New.
608 (symbolic_binding::mark_empty): New.
609 (symbolic_binding::is_deleted): New.
610 (symbolic_binding::is_empty): New.
611 (binding_map::remove_overlapping_bindings): New decl.
612 (binding_map::get_overlapping_bindings): New decl.
613 (binding_cluster::validate): New decl.
614 (binding_cluster::bind): Drop enum binding_kind.
615 (binding_cluster::fill_region): New decl.
616 (binding_cluster::get_binding): Drop enum binding_kind.
617 (binding_cluster::get_binding_recursive): Likewise.
618 (binding_cluster::get_overlapping_bindings): Delete.
619 (store::validate): New decl.
620 (store::set_value): Drop enum binding_kind.
621 (store::fill_region): New decl.
622 (store_manager::get_concrete_binding): Drop enum binding_kind.
623 (store_manager::get_symbolic_binding): Likewise.
624 * svalue.cc (svalue::cmp_ptr): Handle SK_REPEATED and
625 SK_BITS_WITHIN.
626 (svalue::extract_bit_range): New.
627 (svalue::maybe_fold_bits_within): New.
628 (constant_svalue::maybe_fold_bits_within): New.
629 (unknown_svalue::maybe_fold_bits_within): New.
630 (unaryop_svalue::maybe_fold_bits_within): New.
631 (repeated_svalue::repeated_svalue): New.
632 (repeated_svalue::dump_to_pp): New.
633 (repeated_svalue::accept): New.
634 (repeated_svalue::all_zeroes_p): New.
635 (repeated_svalue::maybe_fold_bits_within): New.
636 (bits_within_svalue::bits_within_svalue): New.
637 (bits_within_svalue::dump_to_pp): New.
638 (bits_within_svalue::maybe_fold_bits_within): New.
639 (bits_within_svalue::accept): New.
640 (bits_within_svalue::implicitly_live_p): New.
641 (compound_svalue::maybe_fold_bits_within): New.
642 * svalue.h (enum svalue_kind): Add SK_REPEATED and SK_BITS_WITHIN.
643 (svalue::dyn_cast_repeated_svalue): New.
644 (svalue::dyn_cast_bits_within_svalue): New.
645 (svalue::extract_bit_range): New decl.
646 (svalue::maybe_fold_bits_within): New vfunc decl.
647 (region_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE.
648 (region_svalue::key_t::is_empty): Likewise.
649 (default_hash_traits<region_svalue::key_t>::empty_zero_p): Make false.
650 (constant_svalue::maybe_fold_bits_within): New.
651 (unknown_svalue::maybe_fold_bits_within): New.
652 (poisoned_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE.
653 (poisoned_svalue::key_t::is_empty): Likewise.
654 (default_hash_traits<poisoned_svalue::key_t>::empty_zero_p): Make
655 false.
656 (setjmp_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE.
657 (setjmp_svalue::key_t::is_empty): Likewise.
658 (default_hash_traits<setjmp_svalue::key_t>::empty_zero_p): Make
659 false.
660 (unaryop_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE.
661 (unaryop_svalue::key_t::is_empty): Likewise.
662 (unaryop_svalue::maybe_fold_bits_within): New.
663 (default_hash_traits<unaryop_svalue::key_t>::empty_zero_p): Make
664 false.
665 (binop_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE.
666 (binop_svalue::key_t::is_empty): Likewise.
667 (default_hash_traits<binop_svalue::key_t>::empty_zero_p): Make
668 false.
669 (sub_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE.
670 (sub_svalue::key_t::is_empty): Likewise.
671 (default_hash_traits<sub_svalue::key_t>::empty_zero_p): Make
672 false.
673 (class repeated_svalue): New.
674 (is_a_helper <const repeated_svalue *>::test): New.
675 (struct default_hash_traits<repeated_svalue::key_t>): New.
676 (class bits_within_svalue): New.
677 (is_a_helper <const bits_within_svalue *>::test): New.
678 (struct default_hash_traits<bits_within_svalue::key_t>): New.
679 (widening_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE.
680 (widening_svalue::key_t::is_empty): Likewise.
681 (default_hash_traits<widening_svalue::key_t>::empty_zero_p): Make
682 false.
683 (compound_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE.
684 (compound_svalue::key_t::is_empty): Likewise.
685 (compound_svalue::maybe_fold_bits_within): New.
686 (default_hash_traits<compound_svalue::key_t>::empty_zero_p): Make
687 false.
688
c8abc205
GA		 6892021-06-28 David Malcolm <dmalcolm@redhat.com>
690
691 * analyzer.h (byte_offset_t): New typedef.
692 * store.cc (bit_range::dump_to_pp): Dump as a byte range if
693 possible.
694 (bit_range::as_byte_range): New.
695 (byte_range::dump_to_pp): New.
696 * store.h (class byte_range): New forward decl.
697 (struct bit_range): Add comment.
698 (bit_range::as_byte_range): New decl.
699 (struct byte_range): New.
700
419af06a
GA		 7012021-06-22 David Malcolm <dmalcolm@redhat.com>
702
703 PR analyzer/101143
704 * region-model.cc (compat_types_p): New function.
705 (region_model::create_region_for_heap_alloc): Convert assertion to
706 an error check.
707 (region_model::create_region_for_alloca): Likewise.
708
c5581d48
GA		 7092021-06-18 David Malcolm <dmalcolm@redhat.com>
710
711 * store.cc (binding_cluster::get_any_binding): Make symbolic reads
712 from a cluster with concrete bindings return unknown.
713
7142021-06-18 David Malcolm <dmalcolm@redhat.com>
715
716 * region-model-manager.cc
717 (region_model_manager::get_or_create_int_cst): New.
718 (region_model_manager::maybe_undo_optimize_bit_field_compare): Use
719 it to simplify away a local tree.
720 * region-model.cc (region_model::on_setjmp): Likewise.
721 (region_model::on_longjmp): Likewise.
722 * region-model.h (region_model_manager::get_or_create_int_cst):
723 New decl.
724 * store.cc (binding_cluster::zero_fill_region): Use it to simplify
725 away a local tree.
726
7272021-06-18 David Malcolm <dmalcolm@redhat.com>
728
729 * checker-path.cc (class custom_event): Make abstract to allow for
730 custom vfuncs, splitting existing implementation into...
731 (class precanned_custom_event): New subclass.
732 (custom_event::get_desc): Move to...
733 (precanned_custom_event::get_desc): ...subclass.
734 * checker-path.h (class custom_event): Make abstract to allow for
735 custom vfuncs, splitting existing implementation into...
736 (class precanned_custom_event): New subclass.
737 * diagnostic-manager.cc (diagnostic_manager::add_events_for_eedge):
738 Use precanned_custom_event.
739 * engine.cc
740 (stale_jmp_buf::maybe_add_custom_events_for_superedge): Likewise.
741 * sm-signal.cc (signal_delivery_edge_info_t::add_events_to_path):
742 Likewise.
743
ede6c356
GA		 7442021-06-15 David Malcolm <dmalcolm@redhat.com>
745
746 PR analyzer/99212
747 PR analyzer/101082
748 * engine.cc: Include "target.h".
749 (impl_run_checkers): Log BITS_BIG_ENDIAN, BYTES_BIG_ENDIAN, and
750 WORDS_BIG_ENDIAN.
751 * region-model-manager.cc
752 (region_model_manager::maybe_fold_binop): Move support for masking
753 via ARG0 & CST into...
754 (region_model_manager::maybe_undo_optimize_bit_field_compare):
755 ...this new function. Flatten by converting from nested
756 conditionals to a series of early return statements to reject
757 failures. Reject if type is not unsigned_char_type_node.
758 Handle BYTES_BIG_ENDIAN when determining which bits are bound
759 in the binding_map.
760 * region-model.h
761 (region_model_manager::maybe_undo_optimize_bit_field_compare):
762 New decl.
763 * store.cc (bit_range::dump): New function.
764 * store.h (bit_range::dump): New decl.
765
7662021-06-15 David Malcolm <dmalcolm@redhat.com>
767
768 * engine.cc (exploded_node::on_stmt): Handle __analyzer_dump_capacity.
769 (exploded_node::on_stmt): Drop m_sm_changes from on_stmt_flags.
770 (state_change_requires_new_enode_p): New function...
771 (exploded_graph::process_node): Call it, rather than querying
772 flags.m_sm_changes, so that dynamic-extent differences can also
773 trigger the splitting of nodes.
774 * exploded-graph.h (struct on_stmt_flags): Drop field m_sm_changes.
775 * program-state.cc (program_state::detect_leaks): Purge dead
776 heap-allocated regions from dynamic extents.
777 (selftest::test_program_state_1): Fix type of "size_in_bytes".
778 (selftest::test_program_state_merging): Likewise.
779 * region-model-impl-calls.cc
780 (region_model::impl_call_analyzer_dump_capacity): New.
781 (region_model::impl_call_free): Remove dynamic extents from the
782 freed region.
783 * region-model-reachability.h
784 (reachable_regions::begin_mutable_base_regs): New.
785 (reachable_regions::end_mutable_base_regs): New.
786 * region-model.cc: Include "tree-object-size.h".
787 (region_model::region_model): Support new field m_dynamic_extents.
788 (region_model::operator=): Likewise.
789 (region_model::operator==): Likewise.
790 (region_model::dump_to_pp): Dump sizes of dynamic regions.
791 (region_model::handle_unrecognized_call): Purge dynamic extents
792 from any regions that have escaped mutably:.
793 (region_model::get_capacity): New function.
794 (region_model::add_constraint): Unset dynamic extents when a
795 heap-allocated region's address is NULL.
796 (region_model::unbind_region_and_descendents): Purge dynamic
797 extents of unbound regions.
798 (region_model::can_merge_with_p): Call
799 m_dynamic_extents.can_merge_with_p.
800 (region_model::create_region_for_heap_alloc): Assert that
801 size_in_bytes's type is compatible with size_type_node. Update
802 for renaming of record_dynamic_extents to set_dynamic_extents.
803 (region_model::create_region_for_alloca): Likewise.
804 (region_model::record_dynamic_extents): Rename to...
805 (region_model::set_dynamic_extents): ...this. Assert that
806 size_in_bytes's type is compatible with size_type_node. Add it
807 to the m_dynamic_extents map.
808 (region_model::get_dynamic_extents): New.
809 (region_model::unset_dynamic_extents): New.
810 (selftest::test_state_merging): Fix type of "size".
811 (selftest::test_malloc_constraints): Likewise.
812 (selftest::test_malloc): Verify dynamic extents.
813 (selftest::test_alloca): Likewise.
814 * region-model.h (region_to_value_map::is_empty): New.
815 (region_model::dynamic_extents_t): New typedef.
816 (region_model::impl_call_analyzer_dump_capacity): New decl.
817 (region_model::get_dynamic_extents): New function.
818 (region_model::get_dynamic_extents): New decl.
819 (region_model::set_dynamic_extents): New decl.
820 (region_model::unset_dynamic_extents): New decl.
821 (region_model::get_capacity): New decl.
822 (region_model::record_dynamic_extents): Rename to set_dynamic_extents.
823 (region_model::m_dynamic_extents): New field.
824
8252021-06-15 David Malcolm <dmalcolm@redhat.com>
826
827 * region-model.cc (region_to_value_map::operator=): New.
828 (region_to_value_map::operator==): New.
829 (region_to_value_map::dump_to_pp): New.
830 (region_to_value_map::dump): New.
831 (region_to_value_map::can_merge_with_p): New.
832 * region-model.h (class region_to_value_map): New class.
833
4e70c34e
GA		 8342021-06-13 Trevor Saunders <tbsaunde@tbsaunde.org>
835
836 * call-string.cc (call_string::call_string): Use range based for
837 to iterate over vec<>.
838 (call_string::to_json): Likewise.
839 (call_string::hash): Likewise.
840 (call_string::calc_recursion_depth): Likewise.
841 * checker-path.cc (checker_path::fixup_locations): Likewise.
842 * constraint-manager.cc (equiv_class::equiv_class): Likewise.
843 (equiv_class::to_json): Likewise.
844 (equiv_class::hash): Likewise.
845 (constraint_manager::to_json): Likewise.
846 * engine.cc (impl_region_model_context::on_svalue_leak):
847 Likewise.
848 (on_liveness_change): Likewise.
849 (impl_region_model_context::on_unknown_change): Likewise.
850 * program-state.cc (sm_state_map::set_state): Likewise.
851 * region-model.cc (test_canonicalization_4): Likewise.
852
f16f65f8
GA		 8532021-06-11 David Malcolm <dmalcolm@redhat.com>
854
855 * engine.cc (worklist::key_t::cmp): Move sort by call_string to
856 before SCC.
857
4f625f47
GA		 8582021-06-09 David Malcolm <dmalcolm@redhat.com>
859
860 * region-model.cc (region_model::get_lvalue_1): Make const.
861 (region_model::get_lvalue): Likewise.
862 (region_model::get_rvalue_1): Likewise.
863 (region_model::get_rvalue): Likewise.
864 (region_model::deref_rvalue): Likewise.
865 (region_model::get_rvalue_for_bits): Likewise.
866 * region-model.h (region_model::get_lvalue): Likewise.
867 (region_model::get_rvalue): Likewise.
868 (region_model::deref_rvalue): Likewise.
869 (region_model::get_rvalue_for_bits): Likewise.
870 (region_model::get_lvalue_1): Likewise.
871 (region_model::get_rvalue_1): Likewise.
872
c6038721
GA		 8732021-06-08 David Malcolm <dmalcolm@redhat.com>
874
875 PR analyzer/99212
876 * region-model-manager.cc
877 (region_model_manager::maybe_fold_binop): Add support for folding
878 BIT_AND_EXPR of compound_svalue and a mask constant.
879 * region-model.cc (region_model::get_rvalue_1): Implement
880 BIT_FIELD_REF in terms of...
881 (region_model::get_rvalue_for_bits): New function.
882 * region-model.h (region_model::get_rvalue_for_bits): New decl.
883 * store.cc (bit_range::from_mask): New function.
884 (selftest::test_bit_range_intersects_p): New selftest.
885 (selftest::assert_bit_range_from_mask_eq): New.
886 (ASSERT_BIT_RANGE_FROM_MASK_EQ): New macro.
887 (selftest::assert_no_bit_range_from_mask_eq): New.
888 (ASSERT_NO_BIT_RANGE_FROM_MASK): New macro.
889 (selftest::test_bit_range_from_mask): New selftest.
890 (selftest::analyzer_store_cc_tests): Call the new selftests.
891 * store.h (bit_range::intersects_p): New.
892 (bit_range::from_mask): New decl.
893 (concrete_binding::get_bit_range): New accessor.
894 (store_manager::get_concrete_binding): New overload taking
895 const bit_range &.
896
8972021-06-08 David Malcolm <dmalcolm@redhat.com>
898
899 * analyzer.h (int_size_in_bits): New decl.
900 * region.cc (int_size_in_bits): New function.
901 (region::get_bit_size): Reimplement in terms of the above.
902
9032021-06-08 David Malcolm <dmalcolm@redhat.com>
904
905 * store.cc (concrete_binding::dump_to_pp): Move bulk of
906 implementation to...
907 (bit_range::dump_to_pp): ...this new function.
908 (bit_range::cmp): New.
909 (concrete_binding::overlaps_p): Update for use of bit_range.
910 (concrete_binding::cmp_ptr_ptr): Likewise.
911 * store.h (struct bit_range): New.
912 (class concrete_binding): Replace fields m_start_bit_offset and
913 m_size_in_bits with new field m_bit_range.
914
9152021-06-08 David Malcolm <dmalcolm@redhat.com>
916
917 * svalue.h (conjured_svalue::iterator_t): Delete.
918
440c8a0a
GA		 9192021-06-03 David Malcolm <dmalcolm@redhat.com>
920
921 * store.h (store::get_direct_binding): Remove unused decl.
922 (store::get_default_binding): Likewise.
923
9242021-06-03 David Malcolm <dmalcolm@redhat.com>
925
926 * svalue.cc (poisoned_svalue::dump_to_pp): Dump type.
927 (compound_svalue::dump_to_pp): Dump any type.
928
a8daf9a1
GA		 9292021-05-18 David Malcolm <dmalcolm@redhat.com>
930
931 PR analyzer/100615
932 * sm-malloc.cc: Include "analyzer/function-set.h".
933 (malloc_state_machine::on_stmt): Call unaffected_by_call_p and
934 bail on the functions it recognizes.
935 (malloc_state_machine::unaffected_by_call_p): New.
936
aa891c56
GA		 9372021-05-10 Martin Liska <mliska@suse.cz>
938
939 * sm-file.cc (is_file_using_fn_p): Use startswith
940 function instead of strncmp.
941
9422021-05-10 Martin Liska <mliska@suse.cz>
943
944 * program-state.cc (program_state::operator=): Remove
945 __cplusplus >= 201103.
946 (program_state::program_state): Likewise.
947 * program-state.h: Likewise.
948 * region-model.h (class region_model): Remove dead code.
949
502ef97c
GA		 9502021-04-24 David Malcolm <dmalcolm@redhat.com>
951
952 PR analyzer/100244
953 * sm-malloc.cc (free_of_non_heap::describe_state_change):
954 Bulletproof against change.m_expr being NULL.
955
6d0d35d5
GA		 9562021-04-13 David Malcolm <dmalcolm@redhat.com>
957
958 PR analyzer/98599
959 * supergraph.cc (saved_uids::make_uid_unique): New.
960 (saved_uids::restore_uids): New.
961 (supergraph::supergraph): Replace assignments to stmt->uid with
962 calls to m_stmt_uids.make_uid_unique.
963 (supergraph::~supergraph): New.
964 * supergraph.h (class saved_uids): New.
965 (supergraph::~supergraph): New decl.
966 (supergraph::m_stmt_uids): New field.
967
1d54b138
GA		 9682021-04-10 David Malcolm <dmalcolm@redhat.com>
969
970 PR analyzer/100011
971 * region-model.cc (region_model::on_assignment): Avoid NULL
972 dereference if ctxt is NULL when assigning from a STRING_CST.
973
019a9220
GA		 9742021-04-08 David Malcolm <dmalcolm@redhat.com>
975
976 PR analyzer/99042
977 PR analyzer/99774
978 * engine.cc
979 (impl_region_model_context::impl_region_model_context): Add
980 uncertainty param and use it to initialize m_uncertainty.
981 (impl_region_model_context::get_uncertainty): New.
982 (impl_sm_context::get_fndecl_for_call): Add NULL for new
983 uncertainty param when constructing impl_region_model_context.
984 (impl_sm_context::get_state): Likewise.
985 (impl_sm_context::set_next_state): Likewise.
986 (impl_sm_context::warn): Likewise.
987 (exploded_node::on_stmt): Add uncertainty param
988 and use it when constructing impl_region_model_context.
989 (exploded_node::on_edge): Add uncertainty param and pass
990 to on_edge call.
991 (exploded_node::detect_leaks): Create uncertainty_t and pass to
992 impl_region_model_context.
993 (exploded_graph::get_or_create_node): Create uncertainty_t and
994 pass to prune_for_point.
995 (maybe_process_run_of_before_supernode_enodes): Create
996 uncertainty_t and pass to impl_region_model_context.
997 (exploded_graph::process_node): Create uncertainty_t instances and
998 pass around as needed.
999 * exploded-graph.h
1000 (impl_region_model_context::impl_region_model_context): Add
1001 uncertainty param.
1002 (impl_region_model_context::get_uncertainty): New decl.
1003 (impl_region_model_context::m_uncertainty): New field.
1004 (exploded_node::on_stmt): Add uncertainty param.
1005 (exploded_node::on_edge): Likewise.
1006 * program-state.cc (sm_state_map::on_liveness_change): Get
1007 uncertainty from context and use it to unset sm-state from
1008 svalues as appropriate.
1009 (program_state::on_edge): Add uncertainty param and use it when
1010 constructing impl_region_model_context. Fix indentation.
1011 (program_state::prune_for_point): Add uncertainty param and use it
1012 when constructing impl_region_model_context.
1013 (program_state::detect_leaks): Get any uncertainty from ctxt and
1014 use it to get maybe-live svalues for dest_state, rather than
1015 definitely-live ones; use this when determining which svalues
1016 have leaked.
1017 (selftest::test_program_state_merging): Create uncertainty_t and
1018 pass to impl_region_model_context.
1019 * program-state.h (program_state::on_edge): Add uncertainty param.
1020 (program_state::prune_for_point): Likewise.
1021 * region-model-impl-calls.cc (call_details::get_uncertainty): New.
1022 (region_model::impl_call_memcpy): Pass uncertainty to
1023 mark_region_as_unknown call.
1024 (region_model::impl_call_memset): Likewise.
1025 (region_model::impl_call_strcpy): Likewise.
1026 * region-model-reachability.cc (reachable_regions::handle_sval):
1027 Also add sval to m_mutable_svals.
1028 * region-model.cc (region_model::on_assignment): Pass any
1029 uncertainty from ctxt to the store::set_value call.
1030 (region_model::handle_unrecognized_call): Get any uncertainty from
1031 ctxt and use it to record mutable svalues at the unknown call.
1032 (region_model::get_reachable_svalues): Add uncertainty param and
1033 use it to mark any maybe-bound svalues as being reachable.
1034 (region_model::set_value): Pass any uncertainty from ctxt to the
1035 store::set_value call.
1036 (region_model::mark_region_as_unknown): Add uncertainty param and
1037 pass it on to the store::mark_region_as_unknown call.
1038 (region_model::update_for_call_summary): Add uncertainty param and
1039 pass it on to the region_model::mark_region_as_unknown call.
1040 * region-model.h (call_details::get_uncertainty): New decl.
1041 (region_model::get_reachable_svalues): Add uncertainty param.
1042 (region_model::mark_region_as_unknown): Add uncertainty param.
1043 (region_model_context::get_uncertainty): New vfunc.
1044 (noop_region_model_context::get_uncertainty): New vfunc
1045 implementation.
1046 * store.cc (dump_svalue_set): New.
1047 (uncertainty_t::dump_to_pp): New.
1048 (uncertainty_t::dump): New.
1049 (binding_cluster::clobber_region): Pass NULL for uncertainty to
1050 remove_overlapping_bindings.
1051 (binding_cluster::mark_region_as_unknown): Add uncertainty param
1052 and pass it to remove_overlapping_bindings.
1053 (binding_cluster::remove_overlapping_bindings): Add uncertainty param.
1054 Use it to record any svalues that were in clobbered bindings.
1055 (store::set_value): Add uncertainty param. Pass it to
1056 binding_cluster::mark_region_as_unknown when handling symbolic
1057 regions.
1058 (store::mark_region_as_unknown): Add uncertainty param and pass it
1059 to binding_cluster::mark_region_as_unknown.
1060 (store::remove_overlapping_bindings): Add uncertainty param and
1061 pass it to binding_cluster::remove_overlapping_bindings.
1062 * store.h (binding_cluster::mark_region_as_unknown): Add
1063 uncertainty param.
1064 (binding_cluster::remove_overlapping_bindings): Likewise.
1065 (store::set_value): Likewise.
1066 (store::mark_region_as_unknown): Likewise.
1067
b1da9916
GA		 10682021-04-05 David Malcolm <dmalcolm@redhat.com>
1069
1070 PR analyzer/99906
1071 * analyzer.cc (maybe_reconstruct_from_def_stmt): Fix NULL
1072 dereference on calls with zero arguments.
1073 * sm-malloc.cc (malloc_state_machine::on_stmt): When handling
1074 __attribute__((nonnull)), only call get_diagnostic_tree if the
1075 result will be used.
1076
10772021-04-05 David Malcolm <dmalcolm@redhat.com>
1078
1079 PR analyzer/99886
1080 * diagnostic-manager.cc
1081 (diagnostic_manager::prune_interproc_events): Use signed integers
1082 when subtracting one from path->num_events ().
1083 (diagnostic_manager::consolidate_conditions): Likewise. Convert
1084 next_idx to a signed int.
1085
f1607029
GA		 10862021-04-01 David Malcolm <dmalcolm@redhat.com>
1087
1088 * diagnostic-manager.cc (diagnostic_manager::add_diagnostic): Make
1089 enode param non-constant, and call add_diagnostic on it. Add
1090 enode index to log message.
1091 (diagnostic_manager::add_diagnostic): Make enode param
1092 non-constant.
1093 * diagnostic-manager.h (diagnostic_manager::add_diagnostic):
1094 Likewise for both decls.
1095 * engine.cc
1096 (impl_region_model_context::impl_region_model_context): Likewise
1097 for enode_for_diag.
1098 (impl_sm_context::impl_sm_context): Likewise.
1099 (impl_sm_context::m_enode_for_diag): Likewise.
1100 (exploded_node::dump_dot): Don't pass the diagnostic manager
1101 to dump_saved_diagnostics.
1102 (exploded_node::dump_saved_diagnostics): Drop param. Iterate
1103 directly through all saved diagnostics for the enode, rather
1104 than all saved diagnostics in the diagnostic_manager and
1105 filtering.
1106 (exploded_node::on_stmt): Make non-const.
1107 (exploded_node::on_edge): Likewise.
1108 (exploded_node::on_longjmp): Likewise.
1109 (exploded_node::detect_leaks): Likewise.
1110 (exploded_graph::get_or_create_node): Make enode_for_diag param
1111 non-const.
1112 (exploded_graph_annotator::print_enode): Iterate
1113 directly through all saved diagnostics for the enode, rather
1114 than all saved diagnostics in the diagnostic_manager and
1115 filtering.
1116 * exploded-graph.h
1117 (impl_region_model_context::impl_region_model_context): Make
1118 enode_for_diag param non-constant.
1119 (impl_region_model_context::m_enode_for_diag): Likewise.
1120 (exploded_node::dump_saved_diagnostics): Drop param.
1121 (exploded_node::on_stmt): Make non-const.
1122 (exploded_node::on_edge): Likewise.
1123 (exploded_node::on_longjmp): Likewise.
1124 (exploded_node::detect_leaks): Likewise.
1125 (exploded_node::add_diagnostic): New.
1126 (exploded_node::get_num_diagnostics): New.
1127 (exploded_node::get_saved_diagnostic): New.
1128 (exploded_node::m_saved_diagnostics): New.
1129 (exploded_graph::get_or_create_node): Make enode_for_diag param
1130 non-constant.
1131 * feasible-graph.cc (feasible_node::dump_dot): Drop
1132 diagnostic_manager from call to dump_saved_diagnostics.
1133 * program-state.cc (program_state::on_edge): Convert enode param
1134 to non-const pointer.
1135 (program_state::prune_for_point): Likewise for enode_for_diag
1136 param.
1137 * program-state.h (program_state::on_edge): Convert enode param
1138 to non-const pointer.
1139 (program_state::prune_for_point): Likewise for enode_for_diag
1140 param.
1141
95d217ab
GA		 11422021-03-31 David Malcolm <dmalcolm@redhat.com>
1143
1144 PR analyzer/99771
1145 * analyzer.cc (maybe_reconstruct_from_def_stmt): New.
1146 (fixup_tree_for_diagnostic_1): New.
1147 (fixup_tree_for_diagnostic): New.
1148 * analyzer.h (fixup_tree_for_diagnostic): New decl.
1149 * checker-path.cc (call_event::get_desc): Call
1150 fixup_tree_for_diagnostic and use it for the call_with_state call.
1151 (warning_event::get_desc): Likewise for the final_event and
1152 make_label_text calls.
1153 * engine.cc (impl_region_model_context::on_state_leak): Likewise
1154 for the on_leak and add_diagnostic calls.
1155 * region-model.cc (region_model::get_representative_tree):
1156 Likewise for the result.
1157
08d2edae
GA		 11582021-03-30 David Malcolm <dmalcolm@redhat.com>
1159
1160 * region.h (region::dump_to_pp): Remove old decl.
1161
11622021-03-30 David Malcolm <dmalcolm@redhat.com>
1163
1164 * sm-file.cc (fileptr_state_machine::on_stmt): Only call
1165 get_diagnostic_tree if the result will be used.
1166 * sm-malloc.cc (malloc_state_machine::on_stmt): Likewise.
1167 (malloc_state_machine::on_deallocator_call): Likewise.
1168 (malloc_state_machine::on_realloc_call): Likewise.
1169 (malloc_state_machine::on_realloc_call): Likewise.
1170 * sm-sensitive.cc
1171 (sensitive_state_machine::warn_for_any_exposure): Likewise.
1172 * sm-taint.cc (taint_state_machine::on_stmt): Likewise.
1173
4493b1c1
GA		 11742021-03-25 David Malcolm <dmalcolm@redhat.com>
1175
1176 PR analyzer/93695
1177 PR analyzer/99044
1178 PR analyzer/99716
1179 * engine.cc (exploded_node::on_stmt): Clear sm-state involving
1180 an SSA name at the def-stmt of that SSA name.
1181 * program-state.cc (sm_state_map::purge_state_involving): New.
1182 * program-state.h (sm_state_map::purge_state_involving): New decl.
1183 * region-model.cc (selftest::test_involves_p): New.
1184 (selftest::analyzer_region_model_cc_tests): Call it.
1185 * svalue.cc (class involvement_visitor): New class
1186 (svalue::involves_p): New.
1187 * svalue.h (svalue::involves_p): New decl.
1188
5f256a70
GA		 11892021-03-19 David Malcolm <dmalcolm@redhat.com>
1190
1191 PR analyzer/99614
1192 * diagnostic-manager.cc (class epath_finder): Add
1193 DISABLE_COPY_AND_ASSIGN.
1194
3c5b6d24
GA		 11952021-03-15 Martin Liska <mliska@suse.cz>
1196
1197 * sm-file.cc (get_file_using_fns): Add missing comma in initializer.
1198
48ff383f
GA		 11992021-03-11 David Malcolm <dmalcolm@redhat.com>
1200
1201 PR analyzer/96374
1202 * analyzer.opt (-param=analyzer-max-infeasible-edges=): New param.
1203 (fdump-analyzer-feasibility): New flag.
1204 * diagnostic-manager.cc: Include "analyzer/trimmed-graph.h" and
1205 "analyzer/feasible-graph.h".
1206 (epath_finder::epath_finder): Convert m_sep to a pointer and
1207 only create it if !flag_analyzer_feasibility.
1208 (epath_finder::~epath_finder): New.
1209 (epath_finder::m_sep): Convert to a pointer.
1210 (epath_finder::get_best_epath): Add param "diag_idx" and use it
1211 when logging. Rather than finding the shortest path and then
1212 checking feasibility, instead use explore_feasible_paths unless
1213 !flag_analyzer_feasibility, in which case simply use the shortest
1214 path, and note if it is infeasible. Update for m_sep becoming a
1215 pointer.
1216 (class feasible_worklist): New.
1217 (epath_finder::explore_feasible_paths): New.
1218 (epath_finder::process_worklist_item): New.
1219 (class dump_eg_with_shortest_path): New.
1220 (epath_finder::dump_trimmed_graph): New.
1221 (epath_finder::dump_feasible_graph): New.
1222 (saved_diagnostic::saved_diagnostic): Add "idx" param, using it
1223 on new field m_idx.
1224 (saved_diagnostic::to_json): Dump m_idx.
1225 (saved_diagnostic::calc_best_epath): Pass m_idx to get_best_epath.
1226 Remove assertion that m_problem was set when m_best_epath is NULL.
1227 (diagnostic_manager::add_diagnostic): Pass an index when created
1228 saved_diagnostic instances.
1229 * diagnostic-manager.h (saved_diagnostic::saved_diagnostic): Add
1230 "idx" param.
1231 (saved_diagnostic::get_index): New accessor.
1232 (saved_diagnostic::m_idx): New field.
1233 * engine.cc (exploded_node::dump_dot): Call args.dump_extra_info.
1234 Move code to...
1235 (exploded_node::dump_processed_stmts): ...this new function and...
1236 (exploded_node::dump_saved_diagnostics): ...this new function.
1237 Add index of each diagnostic.
1238 (exploded_edge::dump_dot): Move bulk of code to...
1239 (exploded_edge::dump_dot_label): ...this new function.
1240 * exploded-graph.h (eg_traits::dump_args_t::dump_extra_info): New
1241 vfunc.
1242 (exploded_node::dump_processed_stmts): New decl.
1243 (exploded_node::dump_saved_diagnostics): New decl.
1244 (exploded_edge::dump_dot_label): New decl.
1245 * feasible-graph.cc: New file.
1246 * feasible-graph.h: New file.
1247 * trimmed-graph.cc: New file.
1248 * trimmed-graph.h: New file.
1249
12502021-03-11 David Malcolm <dmalcolm@redhat.com>
1251
1252 * diagnostic-manager.cc (epath_finder::epath_finder):
1253 Update shortest_paths init for new param.
1254
e9800852
GA		 12552021-03-10 David Malcolm <dmalcolm@redhat.com>
1256
1257 PR analyzer/96374
1258 * engine.cc (exploded_path::feasible_p): Move "snodes_visited" and
1259 "model" locals into a new class feasibility_state. Move heart
1260 of per-edge processing into
1261 feasibility_state::maybe_update_for_edge.
1262 (feasibility_state::feasibility_state): New.
1263 (feasibility_state::maybe_update_for_edge): New, based on loop
1264 body in exploded_path::feasible_p.
1265 * exploded-graph.h (class feasibility_state): New.
1266
12672021-03-10 David Malcolm <dmalcolm@redhat.com>
1268
1269 * supergraph.h
1270 (callgraph_superedge::dyn_cast_callgraph_superedge): New.
1271 (call_superedge::dyn_cast_callgraph_superedge): Delete.
1272 (return_superedge::dyn_cast_callgraph_superedge): Delete.
1273
d97a92dc
GA		 12742021-03-02 Martin Liska <mliska@suse.cz>
1275
1276 * diagnostic-manager.cc (diagnostic_manager::emit_saved_diagnostics):
1277 Do not pass engine.
1278
06a9f20f
GA		 12792021-02-26 David Malcolm <dmalcolm@redhat.com>
1280
1281 * engine.cc (exploded_path::exploded_path): New copy-ctor.
1282 * exploded-graph.h (exploded_path::operator=): Drop decl.
1283
12842021-02-26 David Malcolm <dmalcolm@redhat.com>
1285
1286 PR analyzer/96374
1287 * diagnostic-manager.cc (class epath_finder): New.
1288 (epath_finder::get_best_epath): New.
1289 (saved_diagnostic::saved_diagnostic): Update for replacement of
1290 m_state and m_epath_length with m_best_epath.
1291 (saved_diagnostic::~saved_diagnostic): Delete m_best_epath.
1292 (saved_diagnostic::to_json): Update "path_length" to be optional.
1293 (saved_diagnostic::calc_best_epath): New, based on
1294 dedupe_winners::add and parts of dedupe_key::dedupe_key.
1295 (saved_diagnostic::get_epath_length): New.
1296 (saved_diagnostic::add_duplicate): New.
1297 (dedupe_key::dedupe_key): Drop epath param. Move invocation of
1298 stmt_finder to saved_diagnostic::calc_best_epath.
1299 (class dedupe_candidate): Delete.
1300 (class dedupe_hash_map_traits): Update to use saved_diagnotic *
1301 rather than dedupe_candidate * as the value_type/compare_type.
1302 (dedupe_winners::~dedupe_winners): Don't delete the values.
1303 (dedupe_winners::add): Convert param from shortest_exploded_paths to
1304 epath_finder. Drop "eg" param. Drop dedupe_candidate, moving
1305 path generation and feasiblity checking to
1306 epath_finder::get_best_epath. Update winner-selection for move
1307 of epaths from dedupe_candidate to saved_diagnostic.
1308 (dedupe_winners::emit_best): Update for removal of class
1309 dedupe_candidate.
1310 (dedupe_winners::map_t): Update to use saved_diagnotic * rather
1311 than dedupe_candidate * as the value_type/compare_type.
1312 (diagnostic_manager::emit_saved_diagnostics): Move
1313 shortest_exploded_paths instance into epath_finder and pass that
1314 around instead.
1315 (diagnostic_manager::emit_saved_diagnostic): Drop epath, stmt
1316 and num_dupes params, instead getting these from the
1317 saved_diagnostic. Use correct location in inform_n call.
1318 * diagnostic-manager.h (class epath_finder): New forward decl.
1319 (saved_diagnostic::status): Drop enum.
1320 (saved_diagnostic::set_feasible): Drop.
1321 (saved_diagnostic::set_infeasible): Drop.
1322 (saved_diagnostic::get_status): Drop.
1323 (saved_diagnostic::calc_best_epath): New decl.
1324 (saved_diagnostic::get_best_epath): New decl.
1325 (saved_diagnostic::get_epath_length): New decl.
1326 (saved_diagnostic::set_epath_length): Drop.
1327 (saved_diagnostic::get_epath_length): Drop inline implementation.
1328 (saved_diagnostic::add_duplicate): New.
1329 (saved_diagnostic::get_num_dupes): New.
1330 (saved_diagnostic::m_d): Document ownership.
1331 (saved_diagnostic::m_trailing_eedge): Make const.
1332 (saved_diagnostic::m_status): Drop field.
1333 (saved_diagnostic::m_epath_length): Drop field.
1334 (saved_diagnostic::m_best_epath): New field.
1335 (saved_diagnostic::m_problem): Document ownership.
1336 (saved_diagnostic::m_duplicates): New field.
1337 (diagnostic_manager::emit_saved_diagnostic): Drop params epath,
1338 stmt, and num_dupes.
1339 * engine.cc (exploded_graph_annotator::print_saved_diagnostic):
1340 Update for changes to saved_diagnostic class.
1341 * exploded-graph.h (exploded_path::feasible_p): Drop unused
1342 overloaded decl.
1343
daa68844
GA		 13442021-02-25 David Malcolm <dmalcolm@redhat.com>
1345
1346 PR analyzer/99193
1347 * region-model-impl-calls.cc (region_model::impl_call_realloc): New.
1348 * region-model.cc (region_model::on_call_pre): Call it.
1349 * region-model.h (region_model::impl_call_realloc): New decl.
1350 * sm-malloc.cc (enum wording): Add WORDING_REALLOCATED.
1351 (malloc_state_machine::m_realloc): New field.
1352 (use_after_free::describe_state_change): Add case for
1353 WORDING_REALLOCATED.
1354 (use_after_free::describe_final_event): Likewise.
1355 (malloc_state_machine::malloc_state_machine): Initialize
1356 m_realloc.
1357 (malloc_state_machine::on_stmt): Handle realloc by calling...
1358 (malloc_state_machine::on_realloc_call): New.
1359
2f5765cf
GA		 13602021-02-22 David Malcolm <dmalcolm@redhat.com>
1361
1362 PR analyzer/99196
1363 * engine.cc (exploded_node::on_stmt): Provide terminate_path
1364 flag as a way for on_call_pre to terminate the current analysis
1365 path.
1366 * region-model-impl-calls.cc (call_details::num_args): New.
1367 (region_model::impl_call_error): New.
1368 * region-model.cc (region_model::on_call_pre): Add param
1369 "out_terminate_path". Handle "error" and "error_at_line".
1370 * region-model.h (call_details::num_args): New decl.
1371 (region_model::on_call_pre): Add param "out_terminate_path".
1372 (region_model::impl_call_error): New decl.
1373
acc0ee5c
GA		 13742021-02-17 David Malcolm <dmalcolm@redhat.com>
1375
1376 PR analyzer/98969
1377 * constraint-manager.cc (dead_svalue_purger::should_purge_p):
1378 Update for change to svalue::live_p.
1379 * program-state.cc (sm_state_map::on_liveness_change): Likewise.
1380 (program_state::detect_leaks): Likewise.
1381 * region-model-reachability.cc (reachable_regions::init_cluster):
1382 When dealing with a symbolic region, if the underlying pointer is
1383 implicitly live, add the region to the reachable regions.
1384 * region-model.cc (region_model::compare_initial_and_pointer):
1385 Move logic for detecting initial values of params to
1386 initial_svalue::initial_value_of_param_p.
1387 * svalue.cc (svalue::live_p): Convert "live_svalues" from a
1388 reference to a pointer; support it being NULL.
1389 (svalue::implicitly_live_p): Convert first param from a
1390 refererence to a pointer.
1391 (region_svalue::implicitly_live_p): Likewise.
1392 (constant_svalue::implicitly_live_p): Likewise.
1393 (initial_svalue::implicitly_live_p): Likewise. Treat the initial
1394 values of params for the top level frame as still live.
1395 (initial_svalue::initial_value_of_param_p): New function, taken
1396 from a test in region_model::compare_initial_and_pointer.
1397 (unaryop_svalue::implicitly_live_p): Convert first param from a
1398 refererence to a pointer.
1399 (binop_svalue::implicitly_live_p): Likewise.
1400 (sub_svalue::implicitly_live_p): Likewise.
1401 (unmergeable_svalue::implicitly_live_p): Likewise.
1402 * svalue.h (svalue::live_p): Likewise.
1403 (svalue::implicitly_live_p): Likewise.
1404 (region_svalue::implicitly_live_p): Likewise.
1405 (constant_svalue::implicitly_live_p): Likewise.
1406 (initial_svalue::implicitly_live_p): Likewise.
1407 (initial_svalue::initial_value_of_param_p): New decl.
1408 (unaryop_svalue::implicitly_live_p): Convert first param from a
1409 refererence to a pointer.
1410 (binop_svalue::implicitly_live_p): Likewise.
1411 (sub_svalue::implicitly_live_p): Likewise.
1412 (unmergeable_svalue::implicitly_live_p): Likewise.
1413
fab095da
GA		 14142021-02-12 David Malcolm <dmalcolm@redhat.com>
1415
1416 PR analyzer/98969
1417 * engine.cc (readability): Add names for the various arbitrary
1418 values. Handle NOP_EXPR and INTEGER_CST.
1419 (readability_comparator): Combine the readability tests for
1420 tree and stack depth, rather than performing them sequentially.
1421 (impl_region_model_context::on_state_leak): Strip off top-level
1422 casts.
1423 * region-model.cc (region_model::get_representative_path_var): Add
1424 type-checking, moving the bulk of the implementation to...
1425 (region_model::get_representative_path_var_1): ...here. Respect
1426 types in casts by recursing and re-adding the cast, rather than
1427 merely stripping them off. Use the correct type when handling
1428 region_svalue.
1429 (region_model::get_representative_tree): Strip off any top-level
1430 cast.
1431 (region_model::get_representative_path_var): Add type-checking,
1432 moving the bulk of the implementation to...
1433 (region_model::get_representative_path_var_1): ...here.
1434 * region-model.h (region_model::get_representative_path_var_1):
1435 New decl
1436 (region_model::get_representative_path_var_1): New decl.
1437 * store.cc (append_pathvar_with_type): New.
1438 (binding_cluster::get_representative_path_vars): Cast path_vars
1439 to the correct type when adding them to *OUT_PVS.
1440
0a91b73e
GA		 14412021-02-09 David Malcolm <dmalcolm@redhat.com>
1442
1443 PR analyzer/98575
1444 * sm-file.cc (is_file_using_fn_p): Support "_IO_"-prefixed
1445 variants.
1446
14472021-02-09 David Malcolm <dmalcolm@redhat.com>
1448
1449 PR analyzer/98575
1450 * store.cc (store::set_value): Treat a pointer written to *UNKNOWN
1451 as having escaped.
1452
548b75d8
GA		 14532021-02-02 David Malcolm <dmalcolm@redhat.com>
1454
1455 PR analyzer/93355
1456 PR analyzer/96374
1457 * engine.cc (toplevel_function_p): Simplify so that
1458 we only reject functions with a "__analyzer_" prefix.
1459 (add_any_callbacks): Delete.
1460 (exploded_graph::build_initial_worklist): Update for
1461 dropped param of toplevel_function_p.
1462 (exploded_graph::build_initial_worklist): Don't bother
1463 looking for callbacks that are reachable from global
1464 initializers.
1465
f7884fb1
GA		 14662021-02-01 David Malcolm <dmalcolm@redhat.com>
1467
1468 PR analyzer/98918
1469 * region-model-manager.cc
1470 (region_model_manager::get_or_create_initial_value):
1471 Fold the initial value of *UNKNOWN_PTR to an UNKNOWN value.
1472 (region_model_manager::get_field_region): Fold the value
1473 of UNKNOWN_PTR->FIELD to *UNKNOWN_PTR_OF_&FIELD_TYPE.
1474
2900f2f2
GA		 14752021-01-29 David Malcolm <dmalcolm@redhat.com>
1476
1477 * checker-path.cc (event_kind_to_string): Handle
1478 EK_START_CONSOLIDATED_CFG_EDGES and
1479 EK_END_CONSOLIDATED_CFG_EDGES.
1480 (start_consolidated_cfg_edges_event::get_desc): New.
1481 (checker_path::cfg_edge_pair_at_p): New.
1482 * checker-path.h (enum event_kind): Add
1483 EK_START_CONSOLIDATED_CFG_EDGES and
1484 EK_END_CONSOLIDATED_CFG_EDGES.
1485 (class start_consolidated_cfg_edges_event): New class.
1486 (class end_consolidated_cfg_edges_event): New class.
1487 (checker_path::delete_events): New.
1488 (checker_path::replace_event): New.
1489 (checker_path::cfg_edge_pair_at_p): New decl.
1490 * diagnostic-manager.cc (diagnostic_manager::prune_path): Call
1491 consolidate_conditions.
1492 (same_line_as_p): New.
1493 (diagnostic_manager::consolidate_conditions): New.
1494 * diagnostic-manager.h
1495 (diagnostic_manager::consolidate_conditions): New decl.
1496
ef1f8ee6
GA		 14972021-01-18 David Malcolm <dmalcolm@redhat.com>
1498
1499 * analyzer.h (is_std_named_call_p): New decl.
1500 * diagnostic-manager.cc (path_builder::get_sm): New.
1501 (state_change_event_creator::state_change_event_creator): Add "pb"
1502 param.
1503 (state_change_event_creator::on_global_state_change): Don't consider
1504 state changes affecting other state_machines.
1505 (state_change_event_creator::on_state_change): Likewise.
1506 (state_change_event_creator::m_pb): New field.
1507 (diagnostic_manager::add_events_for_eedge): Pass pb to visitor
1508 ctor.
1509 * region-model-impl-calls.cc
1510 (region_model::impl_deallocation_call): New.
1511 * region-model.cc: Include "attribs.h".
1512 (region_model::on_call_post): Handle fndecls referenced by
1513 __attribute__((deallocated_by(FOO))).
1514 * region-model.h (region_model::impl_deallocation_call): New decl.
1515 * sm-malloc.cc: Include "stringpool.h" and "attribs.h". Add
1516 leading comment.
1517 (class api): Delete.
1518 (enum resource_state): Update comment for change from api to
1519 deallocator and deallocator_set.
1520 (allocation_state::allocation_state): Drop api param. Add
1521 "deallocators" and "deallocator".
1522 (allocation_state::m_api): Drop field in favor of...
1523 (allocation_state::m_deallocators): New field.
1524 (allocation_state::m_deallocator): New field.
1525 (enum wording): Add WORDING_DEALLOCATED.
1526 (struct deallocator): New.
1527 (struct standard_deallocator): New.
1528 (struct custom_deallocator): New.
1529 (struct deallocator_set): New.
1530 (struct custom_deallocator_set): New.
1531 (struct standard_deallocator_set): New.
1532 (struct deallocator_set_map_traits): New.
1533 (malloc_state_machine::m_malloc): Drop field
1534 (malloc_state_machine::m_scalar_new): Likewise.
1535 (malloc_state_machine::m_vector_new): Likewise.
1536 (malloc_state_machine::m_free): New field
1537 (malloc_state_machine::m_scalar_delete): Likewise.
1538 (malloc_state_machine::m_vector_delete): Likewise.
1539 (malloc_state_machine::deallocator_map_t): New typedef.
1540 (malloc_state_machine::m_deallocator_map): New field.
1541 (malloc_state_machine::deallocator_set_cache_t): New typedef.
1542 (malloc_state_machine::m_custom_deallocator_set_cache): New field.
1543 (malloc_state_machine::custom_deallocator_set_map_t): New typedef.
1544 (malloc_state_machine::m_custom_deallocator_set_map): New field.
1545 (malloc_state_machine::m_dynamic_sets): New field.
1546 (malloc_state_machine::m_dynamic_deallocators): New field.
1547 (api::api): Delete.
1548 (deallocator::deallocator): New ctor.
1549 (deallocator::hash): New.
1550 (deallocator::dump_to_pp): New.
1551 (deallocator::cmp): New.
1552 (deallocator::cmp_ptr_ptr): New.
1553 (standard_deallocator::standard_deallocator): New ctor.
1554 (deallocator_set::deallocator_set): New ctor.
1555 (deallocator_set::dump): New.
1556 (custom_deallocator_set::custom_deallocator_set): New ctor.
1557 (custom_deallocator_set::contains_p): New.
1558 (custom_deallocator_set::maybe_get_single): New.
1559 (custom_deallocator_set::dump_to_pp): New.
1560 (standard_deallocator_set::standard_deallocator_set): New ctor.
1561 (standard_deallocator_set::contains_p): New.
1562 (standard_deallocator_set::maybe_get_single): New.
1563 (standard_deallocator_set::dump_to_pp): New.
1564 (start_p): New.
1565 (class mismatching_deallocation): Update for conversion from api
1566 to deallocator_set and deallocator.
1567 (double_free::emit): Use %qs.
1568 (class use_after_free): Update for conversion from api to
1569 deallocator_set and deallocator.
1570 (malloc_leak::describe_state_change): Only emit "allocated here" on
1571 a start->nonnull transition, rather than on other transitions to
1572 nonnull.
1573 (allocation_state::dump_to_pp): Update for conversion from api to
1574 deallocator_set.
1575 (allocation_state::get_nonnull): Likewise.
1576 (malloc_state_machine::malloc_state_machine): Likewise.
1577 (malloc_state_machine::~malloc_state_machine): New.
1578 (malloc_state_machine::add_state): Update for conversion from api
1579 to deallocator_set.
1580 (malloc_state_machine::get_or_create_custom_deallocator_set): New.
1581 (malloc_state_machine::maybe_create_custom_deallocator_set): New.
1582 (malloc_state_machine::get_or_create_deallocator): New.
1583 (malloc_state_machine::on_stmt): Update for conversion from api
1584 to deallocator_set. Handle "__attribute__((malloc(FOO)))", and
1585 the special attribute set on FOO.
1586 (malloc_state_machine::on_allocator_call): Update for conversion
1587 from api to deallocator_set. Add "returns_nonnull" param and use
1588 it to affect which state to transition to.
1589 (malloc_state_machine::on_deallocator_call): Update for conversion
1590 from api to deallocator_set.
1591
5fff80fd
GA		 15922021-01-14 David Malcolm <dmalcolm@redhat.com>
1593
1594 * engine.cc (strongly_connected_components::to_json): New.
1595 (worklist::to_json): New.
1596 (exploded_graph::to_json): JSON-ify the worklist.
1597 * exploded-graph.h (strongly_connected_components::to_json): New
1598 decl.
1599 (worklist::to_json): New decl.
1600 * store.cc (store::to_json): Fix comment.
1601 * supergraph.cc (supernode::to_json): Fix reference to
1602 "returning_call" in comment. Add optional "fun" to JSON.
1603 (edge_kind_to_string): New.
1604 (superedge::to_json): Add "kind" to JSON.
1605
16062021-01-14 David Malcolm <dmalcolm@redhat.com>
1607
1608 PR analyzer/98679
1609 * analyzer.h (region_offset::operator==): Make const.
1610 * pending-diagnostic.h (pending_diagnostic::equal_p): Likewise.
1611 * store.h (binding_cluster::for_each_value): Likewise.
1612 (binding_cluster::for_each_binding): Likewise.
1613
6851dda2
GA		 16142021-01-12 David Malcolm <dmalcolm@redhat.com>
1615
1616 PR analyzer/98628
1617 * store.cc (binding_cluster::make_unknown_relative_to): Don't mark
1618 dereferenced unknown pointers as having escaped.
1619
7d187e4f
GA		 16202021-01-07 David Malcolm <dmalcolm@redhat.com>
1621
1622 PR analyzer/98580
1623 * region.cc (decl_region::get_svalue_for_initializer): Gracefully
1624 handle when LTO writes out DECL_INITIAL as error_mark_node.
1625
16262021-01-07 David Malcolm <dmalcolm@redhat.com>
1627
1628 PR analyzer/97074
1629 * store.cc (binding_cluster::can_merge_p): Add "out_store" param
1630 and pass to calls to binding_cluster::make_unknown_relative_to.
1631 (binding_cluster::make_unknown_relative_to): Add "out_store"
1632 param. Use it to mark base regions that are pointed to by
1633 pointers that become unknown as having escaped.
1634 (store::can_merge_p): Pass out_store to
1635 binding_cluster::can_merge_p.
1636 * store.h (binding_cluster::can_merge_p): Add "out_store" param.
1637 (binding_cluster::make_unknown_relative_to): Likewise.
1638 * svalue.cc (region_svalue::implicitly_live_p): New vfunc.
1639 * svalue.h (region_svalue::implicitly_live_p): New vfunc decl.
1640
16412021-01-07 David Malcolm <dmalcolm@redhat.com>
1642
1643 PR analyzer/98564
1644 * engine.cc (exploded_path::feasible_p): Add missing call to
1645 bitmap_clear.
1646
942ae5be
GA		 16472021-01-06 David Malcolm <dmalcolm@redhat.com>
1648
1649 PR analyzer/97072
1650 * region-model-reachability.cc (reachable_regions::init_cluster):
1651 Convert symbolic region handling to a switch statement. Add cases
1652 to handle SK_UNKNOWN and SK_CONJURED.
1653
651b8a50
GA		 16542021-01-05 David Malcolm <dmalcolm@redhat.com>
1655
1656 PR analyzer/98293
1657 * store.cc (binding_map::apply_ctor_to_region): When "index" is
1658 NULL, iterate through the fields for RECORD_TYPEs, rather than
1659 creating an INTEGER_CST index.
1660
94358e47
GA		 16612020-11-30 David Malcolm <dmalcolm@redhat.com>
1662
1663 * analyzer-pass.cc: Include "analyzer/analyzer.h" for the
1664 declaration of sorry_no_analyzer; include "tree.h" and
1665 "function.h" as these are needed by it.
1666
16672020-11-30 David Malcolm <dmalcolm@redhat.com>
1668
1669 * analyzer-pass.cc (pass_analyzer::execute): Move sorry call to...
1670 (sorry_no_analyzer): New.
1671 * analyzer.h (class state_machine): New forward decl.
1672 (class logger): New forward decl.
1673 (class plugin_analyzer_init_iface): New.
1674 (sorry_no_analyzer): New decl.
1675 * checker-path.cc (checker_path::fixup_locations): New.
1676 * checker-path.h (checker_event::set_location): New.
1677 (checker_path::fixup_locations): New decl.
1678 * diagnostic-manager.cc
1679 (diagnostic_manager::emit_saved_diagnostic): Call
1680 checker_path::fixup_locations, and call fixup_location
1681 on the primary location.
1682 * engine.cc: Include "plugin.h".
1683 (class plugin_analyzer_init_impl): New.
1684 (impl_run_checkers): Invoke PLUGIN_ANALYZER_INIT callbacks.
1685 * pending-diagnostic.h (pending_diagnostic::fixup_location): New
1686 vfunc.
1687
25bb75f8
GA		 16882020-11-18 David Malcolm <dmalcolm@redhat.com>
1689
1690 PR analyzer/97893
1691 * sm-malloc.cc (null_deref::emit): Use CWE-476 rather than
1692 CWE-690, as this isn't due to an unchecked return value.
1693 (null_arg::emit): Likewise.
1694
a5a11525
GA		 16952020-11-12 David Malcolm <dmalcolm@redhat.com>
1696
1697 * checker-path.h (checker_event::get_id_ptr): New.
1698 * diagnostic-manager.cc (path_builder::path_builder): Add "sd"
1699 param and use it to initialize new field "m_sd".
1700 (path_builder::get_pending_diagnostic): New.
1701 (path_builder::m_sd): New field.
1702 (diagnostic_manager::emit_saved_diagnostic): Pass sd to
1703 path_builder ctor.
1704 (diagnostic_manager::add_events_for_superedge): Call new
1705 maybe_add_custom_events_for_superedge vfunc.
1706 * engine.cc (stale_jmp_buf::stale_jmp_buf): Add "setjmp_point"
1707 param and use it to initialize new field "m_setjmp_point".
1708 Initialize new field "m_stack_pop_event".
1709 (stale_jmp_buf::maybe_add_custom_events_for_superedge): New vfunc
1710 implementation.
1711 (stale_jmp_buf::describe_final_event): New vfunc implementation.
1712 (stale_jmp_buf::m_setjmp_point): New field.
1713 (stale_jmp_buf::m_stack_pop_event): New field.
1714 (exploded_node::on_longjmp): Pass setjmp_point to stale_jmp_buf
1715 ctor.
1716 * pending-diagnostic.h
1717 (pending_diagnostic::maybe_add_custom_events_for_superedge): New
1718 vfunc.
1719
17202020-11-12 David Malcolm <dmalcolm@redhat.com>
1721
1722 PR tree-optimization/97424
1723 * analyzer.opt (Wanalyzer-shift-count-negative): New.
1724 (Wanalyzer-shift-count-overflow): New.
1725 * region-model.cc (class shift_count_negative_diagnostic): New.
1726 (class shift_count_overflow_diagnostic): New.
1727 (region_model::get_gassign_result): Complain about shift counts that
1728 are negative or are >= the operand's type's width.
1729
bb622641
GA		 17302020-11-10 Martin Liska <mliska@suse.cz>
1731
1732 * constraint-manager.cc (constraint_manager::merge): Remove
1733 unused code.
1734 * constraint-manager.h: Likewise.
1735 * program-state.cc (sm_state_map::sm_state_map): Likewise.
1736 (program_state::program_state): Likewise.
1737 (test_sm_state_map): Likewise.
1738 * program-state.h: Likewise.
1739 * region-model-reachability.cc (reachable_regions::reachable_regions): Likewise.
1740 * region-model-reachability.h: Likewise.
1741 * region-model.cc (region_model::handle_unrecognized_call): Likewise.
1742 (region_model::get_reachable_svalues): Likewise.
1743 (region_model::can_merge_with_p): Likewise.
1744
0cfd9109
GA		 17452020-11-05 David Malcolm <dmalcolm@redhat.com>
1746
1747 PR analyzer/97668
1748 * svalue.cc (cmp_cst): Handle COMPLEX_CST.
1749
e93aae4a
GA		 17502020-10-29 David Malcolm <dmalcolm@redhat.com>
1751
1752 * program-state.cc (sm_state_map::on_liveness_change): Sort the
1753 leaking svalues before calling on_state_leak.
1754 (program_state::detect_leaks): Likewise when calling
1755 on_svalue_leak.
1756 * region-model-reachability.cc
1757 (reachable_regions::mark_escaped_clusters): Likewise when
1758 calling on_escaped_function.
1759
17602020-10-29 David Malcolm <dmalcolm@redhat.com>
1761
1762 PR analyzer/97608
1763 * region-model-reachability.cc (reachable_regions::handle_sval):
1764 Operands of reachable reversible operations are reachable.
1765
17662020-10-29 David Malcolm <dmalcolm@redhat.com>
1767
1768 * analyzer.h (class state_machine): New forward decl.
1769 (class logger): Likewise.
1770 (class visitor): Likewise.
1771 * complexity.cc: New file, taken from svalue.cc.
1772 * complexity.h: New file, taken from region-model.h.
1773 * region-model.h: Include "analyzer/svalue.h" and
1774 "analyzer/region.h". Move struct complexity to complexity.h.
1775 Move svalue, its subclasses and supporting decls to svalue.h.
1776 Move region, its subclasses and supporting decls to region.h.
1777 * region.cc: Include "analyzer/region.h".
1778 (symbolic_region::symbolic_region): Move here from region-model.h.
1779 * region.h: New file, based on material from region-model.h.
1780 * svalue.cc: Include "analyzer/svalue.h".
1781 (complexity::complexity): Move to complexity.cc.
1782 (complexity::from_pair): Likewise.
1783 * svalue.h: New file, based on material from region-model.h.
1784
17852020-10-29 David Malcolm <dmalcolm@redhat.com>
1786
1787 * program-state.cc (sm_state_map::print): Guard the printing of
1788 the origin pointer with !flag_dump_noaddr.
1789 * region.cc (string_region::dump_to_pp): Likewise for
1790 m_string_cst.
1791
89bb01e7
GA		 17922020-10-27 David Malcolm <dmalcolm@redhat.com>
1793
1794 PR analyzer/97568
1795 * region-model.cc (region_model::get_initial_value_for_global):
1796 Move check that !DECL_EXTERNAL from here to...
1797 * region.cc (decl_region::get_svalue_for_initializer): ...here,
1798 using it to reject zero initialization.
1799
18002020-10-27 Markus Böck <markus.boeck02@gmail.com>
1801
1802 PR analyzer/96608
1803 * store.h (hash): Cast to intptr_t instead of long
1804
18052020-10-27 David Malcolm <dmalcolm@redhat.com>
1806
1807 * constraint-manager.cc (svalue_cmp_by_ptr): Delete.
1808 (equiv_class::canonicalize): Use svalue::cmp_ptr_ptr instead.
1809 (equiv_class_cmp): Eliminate pointer comparison.
1810 * diagnostic-manager.cc (dedupe_key::comparator): If they are at
1811 the same location, also compare epath ength and pending_diagnostic
1812 kind.
1813 * engine.cc (readability_comparator): If two path_vars have the
1814 same readability, then impose an arbitrary ordering on them.
1815 (worklist::key_t::cmp): If two points have the same plan ordering,
1816 continue the comparison. Call sm_state_map::cmp rather than
1817 comparing hash values.
1818 * program-state.cc (sm_state_map::entry_t::cmp): New.
1819 (sm_state_map::cmp): New.
1820 * program-state.h (sm_state_map::entry_t::cmp): New decl.
1821 (sm_state_map::elements): New.
1822 (sm_state_map::cmp): New.
1823
18242020-10-27 David Malcolm <dmalcolm@redhat.com>
1825
1826 * engine.cc (setjmp_record::cmp): New.
1827 (supernode_cluster::dump_dot): Avoid embedding pointer in cluster
1828 name.
1829 (supernode_cluster::cmp_ptr_ptr): New.
1830 (function_call_string_cluster::dump_dot): Avoid embedding pointer
1831 in cluster name. Sort m_map when dumping child clusters.
1832 (function_call_string_cluster::cmp_ptr_ptr): New.
1833 (root_cluster::dump_dot): Sort m_map when dumping child clusters.
1834 * program-point.cc (function_point::cmp): New.
1835 (function_point::cmp_ptr): New.
1836 * program-point.h (function_point::cmp): New decl.
1837 (function_point::cmp_ptr): New decl.
1838 * program-state.cc (sm_state_map::print): Sort the values. Guard
1839 the printing of pointers with !flag_dump_noaddr.
1840 (program_state::prune_for_point): Sort the regions.
1841 (log_set_of_svalues): Sort the values. Guard the printing of
1842 pointers with !flag_dump_noaddr.
1843 * region-model-manager.cc (log_uniq_map): Sort the values.
1844 * region-model-reachability.cc (dump_set): New function template.
1845 (reachable_regions::dump_to_pp): Use it.
1846 * region-model.h (svalue::cmp_ptr): New decl.
1847 (svalue::cmp_ptr_ptr): New decl.
1848 (setjmp_record::cmp): New decl.
1849 (placeholder_svalue::get_name): New accessor.
1850 (widening_svalue::get_point): New accessor.
1851 (compound_svalue::get_map): New accessor.
1852 (conjured_svalue::get_stmt): New accessor.
1853 (conjured_svalue::get_id_region): New accessor.
1854 (region::cmp_ptrs): Rename to...
1855 (region::cmp_ptr_ptr): ...this.
1856 * region.cc (region::cmp_ptrs): Rename to...
1857 (region::cmp_ptr_ptr): ...this.
1858 * state-purge.cc
1859 (state_purge_per_ssa_name::state_purge_per_ssa_name): Sort
1860 m_points_needing_name when dumping.
1861 * store.cc (concrete_binding::cmp_ptr_ptr): New.
1862 (symbolic_binding::cmp_ptr_ptr): New.
1863 (binding_map::cmp): New.
1864 (get_sorted_parent_regions): Update for renaming of
1865 region::cmp_ptrs to region::cmp_ptr_ptr.
1866 (store::dump_to_pp): Likewise.
1867 (store::to_json): Likewise.
1868 (store::can_merge_p): Sort the base regions before considering
1869 them.
1870 * store.h (concrete_binding::cmp_ptr_ptr): New decl.
1871 (symbolic_binding::cmp_ptr_ptr): New decl.
1872 (binding_map::cmp): New decl.
1873 * supergraph.cc (supergraph::supergraph): Assign UIDs to the
1874 gimple stmts.
1875 * svalue.cc (cmp_cst): New.
1876 (svalue::cmp_ptr): New.
1877 (svalue::cmp_ptr_ptr): New.
1878
18792020-10-27 David Malcolm <dmalcolm@redhat.com>
1880
1881 * engine.cc (exploded_graph::get_or_create_node): Fix off-by-one
1882 when imposing param_analyzer_max_enodes_per_program_point limit.
1883
18842020-10-27 David Malcolm <dmalcolm@redhat.com>
1885
1886 * region-model.cc (region_model::get_representative_path_var):
1887 Implement case RK_LABEL.
1888 * region-model.h (label_region::get_label): New accessor.
1889
43868df3
GA		 18902020-10-22 David Malcolm <dmalcolm@redhat.com>
1891
1892 PR analyzer/97514
1893 * engine.cc (exploded_graph::add_function_entry): Handle failure
1894 to create an enode, rather than asserting.
1895
18962020-10-22 David Malcolm <dmalcolm@redhat.com>
1897
1898 PR analyzer/97489
1899 * engine.cc (exploded_graph::add_function_entry): Assert that we
1900 have a function body.
1901 (exploded_graph::on_escaped_function): Reject fndecls that don't
1902 have a function body.
1903
b2698c21
GA		 19042020-10-14 David Malcolm <dmalcolm@redhat.com>
1905
1906 PR analyzer/93388
1907 * region-model.cc (region_model::get_initial_value_for_global):
1908 Fall back to returning an initial_svalue if
1909 decl_region::get_svalue_for_initializer fails.
1910 * region.cc (decl_region::get_svalue_for_initializer): Don't
1911 attempt to create a compound_svalue if the region has an unknown
1912 size.
1913
19142020-10-14 David Malcolm <dmalcolm@redhat.com>
1915
1916 PR analyzer/93723
1917 * store.cc (binding_map::apply_ctor_to_region): Remove redundant
1918 assertion.
1919
8be127ca
GA		 19202020-10-12 David Malcolm <dmalcolm@redhat.com>
1921
1922 PR analyzer/97258
1923 * engine.cc (impl_region_model_context::on_escaped_function): New
1924 vfunc.
1925 (exploded_graph::add_function_entry): Use m_functions_with_enodes
1926 to implement idempotency.
1927 (add_any_callbacks): New.
1928 (exploded_graph::build_initial_worklist): Use the above to find
1929 callbacks that are reachable from global initializers.
1930 (exploded_graph::on_escaped_function): New.
1931 * exploded-graph.h
1932 (impl_region_model_context::on_escaped_function): New decl.
1933 (exploded_graph::on_escaped_function): New decl.
1934 (exploded_graph::m_functions_with_enodes): New field.
1935 * region-model-reachability.cc
1936 (reachable_regions::reachable_regions): Replace "store" param with
1937 "model" param; use it to initialize m_model.
1938 (reachable_regions::add): When getting the svalue for the region,
1939 call get_store_value on the model rather than using an initial
1940 value.
1941 (reachable_regions::mark_escaped_clusters): Add ctxt param and
1942 use it to call on_escaped_function when a function_region escapes.
1943 * region-model-reachability.h
1944 (reachable_regions::reachable_regions): Replace "store" param with
1945 "model" param.
1946 (reachable_regions::mark_escaped_clusters): Add ctxt param.
1947 (reachable_regions::m_model): New field.
1948 * region-model.cc (region_model::handle_unrecognized_call): Update
1949 for change in reachable_regions ctor.
1950 (region_model::handle_unrecognized_call): Pass ctxt to
1951 mark_escaped_clusters.
1952 (region_model::get_reachable_svalues): Update for change in
1953 reachable_regions ctor.
1954 (region_model::get_initial_value_for_global): Read-only variables
1955 keep their initial values.
1956 * region-model.h (region_model_context::on_escaped_function): New
1957 vfunc.
1958 (noop_region_model_context::on_escaped_function): New.
1959
19602020-10-12 David Malcolm <dmalcolm@redhat.com>
1961
1962 * analyzer.opt (Wanalyzer-write-to-const): New.
1963 (Wanalyzer-write-to-string-literal): New.
1964 * region-model-impl-calls.cc (region_model::impl_call_memcpy):
1965 Call check_for_writable_region.
1966 (region_model::impl_call_memset): Likewise.
1967 (region_model::impl_call_strcpy): Likewise.
1968 * region-model.cc (class write_to_const_diagnostic): New.
1969 (class write_to_string_literal_diagnostic): New.
1970 (region_model::check_for_writable_region): New.
1971 (region_model::set_value): Call check_for_writable_region.
1972 * region-model.h (region_model::check_for_writable_region): New
1973 decl.
1974
6caec77e
GA		 19752020-10-07 David Malcolm <dmalcolm@redhat.com>
1976
1977 PR analyzer/97116
1978 * sm-malloc.cc (method_p): New.
1979 (describe_argument_index): New.
1980 (inform_nonnull_attribute): Use describe_argument_index.
1981 (possible_null_arg::describe_final_event): Likewise.
1982 (null_arg::describe_final_event): Likewise.
1983
93bca37c
GA		 19842020-09-29 David Malcolm <dmalcolm@redhat.com>
1985
1986 PR analyzer/95188
1987 * engine.cc (stmt_requires_new_enode_p): Split enodes before
1988 "signal" calls.
1989
19902020-09-29 David Malcolm <dmalcolm@redhat.com>
1991
1992 * constraint-manager.cc
1993 (constraint_manager::add_constraint_internal): Whitespace fixes.
1994 Silence -Wsign-compare warning.
1995 * engine.cc (maybe_process_run_of_before_supernode_enodes):
1996 Silence -Wsign-compare warning.
1997
e84761c6
GA		 19982020-09-28 David Malcolm <dmalcolm@redhat.com>
1999
2000 * region-model.h (binop_svalue::dyn_cast_binop_svalue): Remove
2001 redundant "virtual". Add FINAL OVERRIDE.
2002 (widening_svalue::dyn_cast_widening_svalue): Add FINAL OVERRIDE.
2003 (compound_svalue::dyn_cast_compound_svalue): Likewise.
2004 (conjured_svalue::dyn_cast_conjured_svalue): Likewise.
2005
20062020-09-28 David Malcolm <dmalcolm@redhat.com>
2007
2008 * diagnostic-manager.cc (null_assignment_sm_context::m_visitor):
2009 Remove unused field.
2010
20112020-09-28 David Malcolm <dmalcolm@redhat.com>
2012
2013 PR analyzer/97233
2014 * analyzer.cc (is_longjmp_call_p): Require the initial argument
2015 to be a pointer.
2016 * engine.cc (exploded_node::on_longjmp): Likewise.
2017
20182020-09-28 David Malcolm <dmalcolm@redhat.com>
2019
2020 * program-state.cc (sm_state_map::print): Update check
2021 for m_global_state being the start state.
2022
91dd4a38
GA		 20232020-09-26 David Malcolm <dmalcolm@redhat.com>
2024
2025 PR analyzer/96646
2026 PR analyzer/96841
2027 * region-model.cc (region_model::get_representative_path_var):
2028 When handling offset_region, wrap the MEM_REF's first argument in
2029 an ADDR_EXPR of pointer type, rather than simply using the tree
2030 for the parent region. Require the MEM_REF's second argument to
2031 be an integer constant.
2032
a2b7397b
GA		 20332020-09-24 David Malcolm <dmalcolm@redhat.com>
2034
2035 * analyzer.h (struct rejected_constraint): New decl.
2036 * analyzer.opt (fanalyzer-feasibility): New option.
2037 * diagnostic-manager.cc (path_builder::path_builder): Add
2038 "problem" param and use it to initialize new field.
2039 (path_builder::get_feasibility_problem): New accessor.
2040 (path_builder::m_feasibility_problem): New field.
2041 (dedupe_winners::add): Remove inversion of logic in "if" clause,
2042 swapping if/else suites. In the !feasible_p suite, inspect
2043 flag_analyzer_feasibility and add code to handle when this
2044 is off, accepting the infeasible path, but recording the
2045 feasibility_problem.
2046 (diagnostic_manager::emit_saved_diagnostic): Pass the
2047 feasibility_problem to the path_builder.
2048 (diagnostic_manager::add_events_for_eedge): If we have
2049 a feasibility_problem at this edge, use it to add a custom event.
2050 * engine.cc (exploded_path::feasible_p): Pass a
2051 rejected_constraint ** to model.maybe_update_for_edge and transfer
2052 ownership of any created instance to any feasibility_problem.
2053 (feasibility_problem::dump_to_pp): New.
2054 * exploded-graph.h (feasibility_problem::feasibility_problem):
2055 Drop "model" param; add rejected_constraint * param.
2056 (feasibility_problem::~feasibility_problem): New.
2057 (feasibility_problem::dump_to_pp): New decl.
2058 (feasibility_problem::m_model): Drop field.
2059 (feasibility_problem::m_rc): New field.
2060 * program-point.cc (function_point::get_location): Handle
2061 PK_BEFORE_SUPERNODE and PK_AFTER_SUPERNODE.
2062 * program-state.cc (program_state::on_edge): Pass NULL to new
2063 param of region_model::maybe_update_for_edge.
2064 * region-model.cc (region_model::add_constraint): New overload
2065 adding a rejected_constraint ** param.
2066 (region_model::maybe_update_for_edge): Add rejected_constraint **
2067 param and pass it to the various apply_constraints_for_ calls.
2068 (region_model::apply_constraints_for_gcond): Add
2069 rejected_constraint ** param and pass it to add_constraint calls.
2070 (region_model::apply_constraints_for_gswitch): Likewise.
2071 (region_model::apply_constraints_for_exception): Likewise.
2072 (rejected_constraint::dump_to_pp): New.
2073 * region-model.h (region_model::maybe_update_for_edge):
2074 Add rejected_constraint ** param.
2075 (region_model::add_constraint): New overload adding a
2076 rejected_constraint ** param.
2077 (region_model::apply_constraints_for_gcond): Add
2078 rejected_constraint ** param.
2079 (region_model::apply_constraints_for_gswitch): Likewise.
2080 (region_model::apply_constraints_for_exception): Likewise.
2081 (struct rejected_constraint): New.
2082
82b77dee
GA		 20832020-09-23 David Malcolm <dmalcolm@redhat.com>
2084
2085 PR analyzer/97178
2086 * engine.cc (impl_run_checkers): Update for change to ext_state
2087 ctor.
2088 * program-state.cc (selftest::test_sm_state_map): Pass an engine
2089 instance to ext_state ctor.
2090 (selftest::test_program_state_1): Likewise.
2091 (selftest::test_program_state_2): Likewise.
2092 (selftest::test_program_state_merging): Likewise.
2093 (selftest::test_program_state_merging_2): Likewise.
2094 * program-state.h (extrinsic_state::extrinsic_state): Remove NULL
2095 default value for "eng" param.
2096
20972020-09-23 Tobias Burnus <tobias@codesourcery.com>
2098
2099 * analyzer-logging.cc: Guard '#pragma ... ignored "-Wformat-diag"'
2100 by '#if __GNUC__ >= 10'
2101 * analyzer.h: Likewise.
2102 * call-string.cc: Likewise.
2103
21042020-09-23 David Malcolm <dmalcolm@redhat.com>
2105
2106 * engine.cc (exploded_node::on_stmt): Replace sequence of dyn_cast
2107 with switch.
2108
521d2711
GA		 21092020-09-22 David Malcolm <dmalcolm@redhat.com>
2110
2111 * analysis-plan.cc: Include "json.h".
2112 * analyzer.opt (fdump-analyzer-json): New.
2113 * call-string.cc: Include "json.h".
2114 (call_string::to_json): New.
2115 * call-string.h (call_string::to_json): New decl.
2116 * checker-path.cc: Include "json.h".
2117 * constraint-manager.cc: Include "json.h".
2118 (equiv_class::to_json): New.
2119 (constraint::to_json): New.
2120 (constraint_manager::to_json): New.
2121 * constraint-manager.h (equiv_class::to_json): New decl.
2122 (constraint::to_json): New decl.
2123 (constraint_manager::to_json): New decl.
2124 * diagnostic-manager.cc: Include "json.h".
2125 (saved_diagnostic::to_json): New.
2126 (diagnostic_manager::to_json): New.
2127 * diagnostic-manager.h (saved_diagnostic::to_json): New decl.
2128 (diagnostic_manager::to_json): New decl.
2129 * engine.cc: Include "json.h", <zlib.h>.
2130 (exploded_node::status_to_str): New.
2131 (exploded_node::to_json): New.
2132 (exploded_edge::to_json): New.
2133 (exploded_graph::to_json): New.
2134 (dump_analyzer_json): New.
2135 (impl_run_checkers): Call it.
2136 * exploded-graph.h (exploded_node::status_to_str): New decl.
2137 (exploded_node::to_json): New.
2138 (exploded_edge::to_json): New.
2139 (exploded_graph::to_json): New.
2140 * pending-diagnostic.cc: Include "json.h".
2141 * program-point.cc: Include "json.h".
2142 (program_point::to_json): New.
2143 * program-point.h (program_point::to_json): New decl.
2144 * program-state.cc: Include "json.h".
2145 (extrinsic_state::to_json): New.
2146 (sm_state_map::to_json): New.
2147 (program_state::to_json): New.
2148 * program-state.h (extrinsic_state::to_json): New decl.
2149 (sm_state_map::to_json): New decl.
2150 (program_state::to_json): New decl.
2151 * region-model-impl-calls.cc: Include "json.h".
2152 * region-model-manager.cc: Include "json.h".
2153 * region-model-reachability.cc: Include "json.h".
2154 * region-model.cc: Include "json.h".
2155 * region-model.h (svalue::to_json): New decl.
2156 (region::to_json): New decl.
2157 * region.cc: Include "json.h".
2158 (region::to_json: New.
2159 * sm-file.cc: Include "json.h".
2160 * sm-malloc.cc: Include "json.h".
2161 * sm-pattern-test.cc: Include "json.h".
2162 * sm-sensitive.cc: Include "json.h".
2163 * sm-signal.cc: Include "json.h".
2164 (signal_delivery_edge_info_t::to_json): New.
2165 * sm-taint.cc: Include "json.h".
2166 * sm.cc: Include "diagnostic.h", "tree-diagnostic.h", and
2167 "json.h".
2168 (state_machine::state::to_json): New.
2169 (state_machine::to_json): New.
2170 * sm.h (state_machine::state::to_json): New.
2171 (state_machine::to_json): New.
2172 * state-purge.cc: Include "json.h".
2173 * store.cc: Include "json.h".
2174 (binding_key::get_desc): New.
2175 (binding_map::to_json): New.
2176 (binding_cluster::to_json): New.
2177 (store::to_json): New.
2178 * store.h (binding_key::get_desc): New decl.
2179 (binding_map::to_json): New decl.
2180 (binding_cluster::to_json): New decl.
2181 (store::to_json): New decl.
2182 * supergraph.cc: Include "json.h".
2183 (supergraph::to_json): New.
2184 (supernode::to_json): New.
2185 (superedge::to_json): New.
2186 * supergraph.h (supergraph::to_json): New decl.
2187 (supernode::to_json): New decl.
2188 (superedge::to_json): New decl.
2189 * svalue.cc: Include "json.h".
2190 (svalue::to_json): New.
2191
44135373
GA		 21922020-09-21 David Malcolm <dmalcolm@redhat.com>
2193
2194 PR analyzer/97130
2195 * region-model-impl-calls.cc (call_details::get_arg_type): New.
2196 * region-model.cc (region_model::on_call_pre): Check that the
2197 initial arg is a pointer before calling impl_call_memset and
2198 impl_call_strlen.
2199 * region-model.h (call_details::get_arg_type): New decl.
2200
22012020-09-21 David Malcolm <dmalcolm@redhat.com>
2202
2203 PR analyzer/93355
2204 * sm-malloc.cc (malloc_state_machine::get_default_state): Look at
2205 the base region when considering pointers. Treat pointers to
2206 decls as being non-heap.
2207
239601c5
GA		 22082020-09-18 David Malcolm <dmalcolm@redhat.com>
2209
2210 * checker-path.cc (warning_event::get_desc): Handle global state
2211 changes.
2212
22132020-09-18 David Malcolm <dmalcolm@redhat.com>
2214
2215 * sm-malloc.cc (malloc_state_machine::on_stmt): Handle strdup and
2216 strndup as being malloc-like allocators.
2217
ecde1b0a
GA		 22182020-09-16 David Malcolm <dmalcolm@redhat.com>
2219
2220 * engine.cc (strongly_connected_components::strong_connect): Only
2221 consider intraprocedural edges when creating SCCs.
2222 (worklist::key_t::cmp): Add comment. Treat call_string
2223 differences as more important than differences of program_point
2224 within a supernode.
2225
22262020-09-16 David Malcolm <dmalcolm@redhat.com>
2227
2228 * engine.cc (supernode_cluster::dump_dot): Show the SCC id
2229 in the per-supernode clusters in FILENAME.eg.dot output.
2230 (exploded_graph_annotator::add_node_annotations):
2231 Show the SCC of the supernode in FILENAME.supernode.eg.dot output.
2232 * exploded-graph.h (worklist::scc_id): New.
2233 (exploded_graph::get_scc_id): New.
2234
22352020-09-16 David Malcolm <dmalcolm@redhat.com>
2236
2237 * engine.cc (exploded_node::dump_dot): Show STATUS_BULK_MERGED.
2238 (exploded_graph::process_worklist): Call
2239 maybe_process_run_of_before_supernode_enodes.
2240 (exploded_graph::maybe_process_run_of_before_supernode_enodes):
2241 New.
2242 (exploded_graph_annotator::print_enode): Show STATUS_BULK_MERGED.
2243 * exploded-graph.h (enum exploded_node::status): Add
2244 STATUS_BULK_MERGED.
2245
22462020-09-16 David Malcolm <dmalcolm@redhat.com>
2247
2248 * engine.cc
2249 (exploded_graph::process_node) <case PK_BEFORE_SUPERNODE>:
2250 Simplify by using program_point::get_next.
2251 * program-point.cc (program_point::get_next): New.
2252 * program-point.h (program_point::get_next): New decl.
2253
22542020-09-16 David Malcolm <dmalcolm@redhat.com>
2255
2256 * engine.cc (exploded_graph::get_or_create_node): Show the
2257 program point when issuing -Wanalyzer-too-complex due to hitting
2258 the per-program-point limit.
2259
22602020-09-16 David Malcolm <dmalcolm@redhat.com>
2261
2262 * region-model.cc (region_model::on_call_pre): Treat getchar as
2263 having no side-effects.
2264
9f7ab8c5
GA		 22652020-09-15 David Malcolm <dmalcolm@redhat.com>
2266
2267 PR analyzer/96650
2268 * constraint-manager.cc (merger_fact_visitor::on_fact): Replace
2269 assertion that add_constraint succeeded with an assertion that
2270 if it fails, -fanalyzer-transitivity is off.
2271
50a71cd0
GA		 22722020-09-14 David Malcolm <dmalcolm@redhat.com>
2273
2274 * analyzer.opt (-param=analyzer-max-constraints=): New param.
2275 * constraint-manager.cc
2276 (constraint_manager::add_constraint_internal): Silently reject
2277 attempts to add constraints when the above limit is reached.
2278
22792020-09-14 David Malcolm <dmalcolm@redhat.com>
2280
2281 PR analyzer/96653
2282 * constraint-manager.cc
2283 (constraint_manager::get_or_add_equiv_class): Don't accumulate
2284 transitive closure of all constraints on constants.
2285
22862020-09-14 David Malcolm <dmalcolm@redhat.com>
2287
2288 PR analyzer/97029
2289 * analyzer.cc (is_setjmp_call_p): Require the initial arg to be a
2290 pointer.
2291 * region-model.cc (region_model::deref_rvalue): Assert that the
2292 svalue is of pointer type.
2293
ac35c090
GA		 22942020-09-11 David Malcolm <dmalcolm@redhat.com>
2295
2296 PR analyzer/96798
2297 * region-model-impl-calls.cc (region_model::impl_call_memcpy):
2298 New.
2299 (region_model::impl_call_strcpy): New.
2300 * region-model.cc (region_model::on_call_pre): Flag unhandled
2301 builtins that are non-pure as having unknown side-effects.
2302 Implement BUILT_IN_MEMCPY, BUILT_IN_MEMCPY_CHK, BUILT_IN_STRCPY,
2303 BUILT_IN_STRCPY_CHK, BUILT_IN_FPRINTF, BUILT_IN_FPRINTF_UNLOCKED,
2304 BUILT_IN_PUTC, BUILT_IN_PUTC_UNLOCKED, BUILT_IN_FPUTC,
2305 BUILT_IN_FPUTC_UNLOCKED, BUILT_IN_FPUTS, BUILT_IN_FPUTS_UNLOCKED,
2306 BUILT_IN_FWRITE, BUILT_IN_FWRITE_UNLOCKED, BUILT_IN_PRINTF,
2307 BUILT_IN_PRINTF_UNLOCKED, BUILT_IN_PUTCHAR,
2308 BUILT_IN_PUTCHAR_UNLOCKED, BUILT_IN_PUTS, BUILT_IN_PUTS_UNLOCKED,
2309 BUILT_IN_VFPRINTF, BUILT_IN_VPRINTF.
2310 * region-model.h (region_model::impl_call_memcpy): New decl.
2311 (region_model::impl_call_strcpy): New decl.
2312
80f86e78
GA		 23132020-09-09 David Malcolm <dmalcolm@redhat.com>
2314
2315 PR analyzer/94355
2316 * analyzer.opt (Wanalyzer-mismatching-deallocation): New warning.
2317 * region-model-impl-calls.cc
2318 (region_model::impl_call_operator_new): New.
2319 (region_model::impl_call_operator_delete): New.
2320 * region-model.cc (region_model::on_call_pre): Detect operator new
2321 and operator delete.
2322 (region_model::on_call_post): Likewise.
2323 (region_model::maybe_update_for_edge): Detect EH edges and call...
2324 (region_model::apply_constraints_for_exception): New function.
2325 * region-model.h (region_model::impl_call_operator_new): New decl.
2326 (region_model::impl_call_operator_delete): New decl.
2327 (region_model::apply_constraints_for_exception): New decl.
2328 * sm-malloc.cc (enum resource_state): New.
2329 (struct allocation_state): New state subclass.
2330 (enum wording): New.
2331 (struct api): New.
2332 (malloc_state_machine::custom_data_t): New typedef.
2333 (malloc_state_machine::add_state): New decl.
2334 (malloc_state_machine::m_unchecked)
2335 (malloc_state_machine::m_nonnull)
2336 (malloc_state_machine::m_freed): Delete these states in favor
2337 of...
2338 (malloc_state_machine::m_malloc)
2339 (malloc_state_machine::m_scalar_new)
2340 (malloc_state_machine::m_vector_new): ...this new api instances,
2341 which own their own versions of these states.
2342 (malloc_state_machine::on_allocator_call): New decl.
2343 (malloc_state_machine::on_deallocator_call): New decl.
2344 (api::api): New ctor.
2345 (dyn_cast_allocation_state): New.
2346 (as_a_allocation_state): New.
2347 (get_rs): New.
2348 (unchecked_p): New.
2349 (nonnull_p): New.
2350 (freed_p): New.
2351 (malloc_diagnostic::describe_state_change): Use unchecked_p and
2352 nonnull_p.
2353 (class mismatching_deallocation): New.
2354 (double_free::double_free): Add funcname param for initializing
2355 m_funcname.
2356 (double_free::emit): Use m_funcname in warning message rather
2357 than hardcoding "free".
2358 (double_free::describe_state_change): Likewise. Use freed_p.
2359 (double_free::describe_call_with_state): Use freed_p.
2360 (double_free::describe_final_event): Use m_funcname in message
2361 rather than hardcoding "free".
2362 (double_free::m_funcname): New field.
2363 (possible_null::describe_state_change): Use unchecked_p.
2364 (possible_null::describe_return_of_state): Likewise.
2365 (use_after_free::use_after_free): Add param for initializing m_api.
2366 (use_after_free::emit): Use m_api->m_dealloc_funcname in message
2367 rather than hardcoding "free".
2368 (use_after_free::describe_state_change): Use freed_p. Change the
2369 wording of the message based on the API.
2370 (use_after_free::describe_final_event): Use
2371 m_api->m_dealloc_funcname in message rather than hardcoding
2372 "free". Change the wording of the message based on the API.
2373 (use_after_free::m_api): New field.
2374 (malloc_leak::describe_state_change): Use unchecked_p. Update
2375 for renaming of m_malloc_event to m_alloc_event.
2376 (malloc_leak::describe_final_event): Update for renaming of
2377 m_malloc_event to m_alloc_event.
2378 (malloc_leak::m_malloc_event): Rename...
2379 (malloc_leak::m_alloc_event): ...to this.
2380 (free_of_non_heap::free_of_non_heap): Add param for initializing
2381 m_funcname.
2382 (free_of_non_heap::emit): Use m_funcname in message rather than
2383 hardcoding "free".
2384 (free_of_non_heap::describe_final_event): Likewise.
2385 (free_of_non_heap::m_funcname): New field.
2386 (allocation_state::dump_to_pp): New.
2387 (allocation_state::get_nonnull): New.
2388 (malloc_state_machine::malloc_state_machine): Update for changes
2389 to state fields and new api fields.
2390 (malloc_state_machine::add_state): New.
2391 (malloc_state_machine::on_stmt): Move malloc/calloc handling to
2392 on_allocator_call and call it, passing in the API pointer.
2393 Likewise for free, moving it to on_deallocator_call. Handle calls
2394 to operator new and delete in an analogous way. Use unchecked_p
2395 when testing for possibly-null-arg and possibly-null-deref, and
2396 transition to the non-null for the correct API. Remove redundant
2397 node param from call to on_zero_assignment. Use freed_p for
2398 use-after-free check, and pass in API.
2399 (malloc_state_machine::on_allocator_call): New, based on code in
2400 on_stmt.
2401 (malloc_state_machine::on_deallocator_call): Likewise.
2402 (malloc_state_machine::on_phi): Mark node param with
2403 ATTRIBUTE_UNUSED; don't pass it to on_zero_assignment.
2404 (malloc_state_machine::on_condition): Mark node param with
2405 ATTRIBUTE_UNUSED. Replace on_transition calls with get_state and
2406 set_next_state pairs, transitioning to the non-null state for the
2407 appropriate API.
2408 (malloc_state_machine::can_purge_p): Port to new state approach.
2409 (malloc_state_machine::on_zero_assignment): Replace on_transition
2410 calls with get_state and set_next_state pairs. Drop redundant
2411 node param.
2412 * sm.h (state_machine::add_custom_state): New.
2413
24142020-09-09 David Malcolm <dmalcolm@redhat.com>
2415
2416 * diagnostic-manager.cc
2417 (null_assignment_sm_context::warn_for_state): Replace with...
2418 (null_assignment_sm_context::warn): ...this.
2419 * engine.cc (impl_sm_context::warn_for_state): Replace with...
2420 (impl_sm_context::warn): ...this.
2421 * sm-file.cc (fileptr_state_machine::on_stmt): Replace
2422 warn_for_state and on_transition calls with a get_state
2423 test guarding warn and set_next_state calls.
2424 * sm-malloc.cc (malloc_state_machine::on_stmt): Likewise.
2425 * sm-pattern-test.cc (pattern_test_state_machine::on_condition):
2426 Replace warn_for_state call with warn call.
2427 * sm-sensitive.cc
2428 (sensitive_state_machine::warn_for_any_exposure): Replace
2429 warn_for_state call with a get_state test guarding a warn call.
2430 * sm-signal.cc (signal_state_machine::on_stmt): Likewise.
2431 * sm-taint.cc (taint_state_machine::on_stmt): Replace
2432 warn_for_state and on_transition calls with a get_state
2433 test guarding warn and set_next_state calls.
2434 * sm.h (sm_context::warn_for_state): Replace with...
2435 (sm_context::warn): ...this.
2436
24372020-09-09 David Malcolm <dmalcolm@redhat.com>
2438
2439 * diagnostic-manager.cc
2440 (null_assignment_sm_context::null_assignment_sm_context): Add old_state
2441 and ext_state params, initializing m_old_state and m_ext_state.
2442 (null_assignment_sm_context::on_transition): Split into...
2443 (null_assignment_sm_context::get_state): ...this new vfunc
2444 implementation and...
2445 (null_assignment_sm_context::set_next_state): ...this new vfunc
2446 implementation.
2447 (null_assignment_sm_context::m_old_state): New field.
2448 (null_assignment_sm_context::m_ext_state): New field.
2449 (diagnostic_manager::add_events_for_eedge): Pass in old state and
2450 ext_state when creating sm_ctxt.
2451 * engine.cc (impl_sm_context::on_transition): Split into...
2452 (impl_sm_context::get_state): ...this new vfunc
2453 implementation and...
2454 (impl_sm_context::set_next_state): ...this new vfunc
2455 implementation.
2456 * sm.h (sm_context::get_state): New pure virtual function.
2457 (sm_context::set_next_state): Likewise.
2458 (sm_context::on_transition): Convert from a pure virtual function
2459 to a regular function implemented in terms of get_state and
2460 set_next_state.
2461
24622020-09-09 David Malcolm <dmalcolm@redhat.com>
2463
2464 * checker-path.cc (state_change_event::get_desc): Update
2465 state_machine::get_state_name calls to state::get_name.
2466 (warning_event::get_desc): Likewise.
2467 * diagnostic-manager.cc
2468 (null_assignment_sm_context::on_transition): Update comparison
2469 against 0 with comparison with m_sm.get_start_state.
2470 (diagnostic_manager::prune_for_sm_diagnostic): Update
2471 state_machine::get_state_name calls to state::get_name.
2472 * engine.cc (impl_sm_context::on_transition): Likewise.
2473 (exploded_node::get_dot_fillcolor): Use get_id when summing
2474 the sm states.
2475 * program-state.cc (sm_state_map::sm_state_map): Don't hardcode
2476 0 as the start state when initializing m_global_state.
2477 (sm_state_map::print): Use dump_to_pp rather than get_state_name
2478 when dumping states.
2479 (sm_state_map::is_empty_p): Don't hardcode 0 as the start state
2480 when examining m_global_state.
2481 (sm_state_map::hash): Use get_id when hashing states.
2482 (selftest::test_sm_state_map): Use state objects rather than
2483 arbitrary hardcoded integers.
2484 (selftest::test_program_state_merging): Likewise.
2485 (selftest::test_program_state_merging_2): Likewise.
2486 * sm-file.cc (fileptr_state_machine::m_start): Move to base class.
2487 (file_diagnostic::describe_state_change): Use get_start_state.
2488 (fileptr_state_machine::fileptr_state_machine): Drop m_start
2489 initialization.
2490 * sm-malloc.cc (malloc_state_machine::m_start): Move to base
2491 class.
2492 (malloc_diagnostic::describe_state_change): Use get_start_state.
2493 (possible_null::describe_state_change): Likewise.
2494 (malloc_state_machine::malloc_state_machine): Drop m_start
2495 initialization.
2496 * sm-pattern-test.cc (pattern_test_state_machine::m_start): Move
2497 to base class.
2498 (pattern_test_state_machine::pattern_test_state_machine): Drop
2499 m_start initialization.
2500 * sm-sensitive.cc (sensitive_state_machine::m_start): Move to base
2501 class.
2502 (sensitive_state_machine::sensitive_state_machine): Drop m_start
2503 initialization.
2504 * sm-signal.cc (signal_state_machine::m_start): Move to base
2505 class.
2506 (signal_state_machine::signal_state_machine): Drop m_start
2507 initialization.
2508 * sm-taint.cc (taint_state_machine::m_start): Move to base class.
2509 (taint_state_machine::taint_state_machine): Drop m_start
2510 initialization.
2511 * sm.cc (state_machine::state::dump_to_pp): New.
2512 (state_machine::state_machine): Move here from sm.h. Initialize
2513 m_next_state_id and m_start.
2514 (state_machine::add_state): Reimplement in terms of state objects.
2515 (state_machine::get_state_name): Delete.
2516 (state_machine::get_state_by_name): Reimplement in terms of state
2517 objects. Make const.
2518 (state_machine::validate): Delete.
2519 (state_machine::dump_to_pp): Reimplement in terms of state
2520 objects.
2521 * sm.h (state_machine::state): New class.
2522 (state_machine::state_t): Convert typedef from "unsigned" to
2523 "const state_machine::state *".
2524 (state_machine::state_machine): Move to sm.cc.
2525 (state_machine::get_default_state): Use m_start rather than
2526 hardcoding 0.
2527 (state_machine::get_state_name): Delete.
2528 (state_machine::get_state_by_name): Make const.
2529 (state_machine::get_start_state): New accessor.
2530 (state_machine::alloc_state_id): New.
2531 (state_machine::m_state_names): Drop in favor of...
2532 (state_machine::m_states): New field
2533 (state_machine::m_start): New field
2534 (start_start_p): Delete.
2535
31a05046
GA		 25362020-09-08 David Malcolm <dmalcolm@redhat.com>
2537
2538 PR analyzer/96949
2539 * store.cc (binding_map::apply_ctor_val_to_range): Add
2540 error-handling for the cases where we have symbolic offsets.
2541
25422020-09-08 David Malcolm <dmalcolm@redhat.com>
2543
2544 PR analyzer/96950
2545 * store.cc (binding_map::apply_ctor_to_region): Handle RANGE_EXPR
2546 where min_index == max_index.
2547 (binding_map::apply_ctor_val_to_range): Replace assertion that we
2548 don't have a CONSTRUCTOR value with error-handling.
2549
25502020-09-08 David Malcolm <dmalcolm@redhat.com>
2551
2552 PR analyzer/96962
2553 * region-model.cc (region_model::on_call_pre): Fix guard on switch
2554 on built-ins to only consider BUILT_IN_NORMAL, rather than other
2555 kinds of build-ins.
2556
e1a4a8a0
GA		 25572020-09-01 David Malcolm <dmalcolm@redhat.com>
2558
2559 PR analyzer/96792
2560 * region-model.cc (region_model::deref_rvalue): Add the constraint
2561 that PTR_SVAL is non-NULL.
2562
13e4ba28
GA		 25632020-08-31 David Malcolm <dmalcolm@redhat.com>
2564
2565 PR analyzer/96798
2566 * region-model.cc (region_model::on_call_pre): Handle
2567 BUILT_IN_MEMSET_CHK.
2568
25692020-08-31 David Malcolm <dmalcolm@redhat.com>
2570
2571 * region-model.cc (region_model::on_call_pre): Gather handling of
2572 builtins and of internal fns into switch statements. Handle
2573 "alloca" and BUILT_IN_ALLOCA_WITH_ALIGN.
2574
25752020-08-31 David Malcolm <dmalcolm@redhat.com>
2576
2577 PR analyzer/96860
2578 * region.cc (decl_region::get_svalue_for_constructor): Support
2579 apply_ctor_to_region failing.
2580 * store.cc (binding_map::apply_ctor_to_region): Add failure
2581 handling.
2582 (binding_map::apply_ctor_val_to_range): Likewise.
2583 (binding_map::apply_ctor_pair_to_child_region): Likewise. Replace
2584 assertion that child_base_offset is not symbolic with error
2585 handling.
2586 * store.h (binding_map::apply_ctor_to_region): Convert return type
2587 from void to bool.
2588 (binding_map::apply_ctor_val_to_range): Likewise.
2589 (binding_map::apply_ctor_pair_to_child_region): Likewise.
2590
25912020-08-31 David Malcolm <dmalcolm@redhat.com>
2592
2593 PR analyzer/96763
2594 * store.cc (binding_map::apply_ctor_to_region): Handle RANGE_EXPR
2595 by calling a new binding_map::apply_ctor_val_to_range subroutine.
2596 Split out the existing non-CONSTRUCTOR-handling code to a new
2597 apply_ctor_pair_to_child_region subroutine.
2598 (binding_map::apply_ctor_val_to_range): New.
2599 (binding_map::apply_ctor_pair_to_child_region): New, split out
2600 from binding_map::apply_ctor_to_region as noted above.
2601 * store.h (binding_map::apply_ctor_val_to_range): New decl.
2602 (binding_map::apply_ctor_pair_to_child_region): New decl.
2603
26042020-08-31 David Malcolm <dmalcolm@redhat.com>
2605
2606 PR analyzer/96764
2607 * region-model-manager.cc
2608 (region_model_manager::maybe_fold_unaryop): Handle VIEW_CONVERT_EXPR.
2609 (region_model_manager::get_or_create_cast): Move logic for
2610 real->integer casting to...
2611 (get_code_for_cast): ...this new function, and add logic for
2612 real->non-integer casts.
2613 (region_model_manager::maybe_fold_sub_svalue): Handle
2614 VIEW_CONVERT_EXPR.
2615 * region-model.cc
2616 (region_model::add_any_constraints_from_gassign): Likewise.
2617 * svalue.cc (svalue::maybe_undo_cast): Likewise.
2618 (unaryop_svalue::dump_to_pp): Likewise.
2619
57ea0894
GA		 26202020-08-26 David Malcolm <dmalcolm@redhat.com>
2621
2622 PR analyzer/94858
2623 * region-model-manager.cc
2624 (region_model_manager::get_or_create_widening_svalue): Assert that
2625 neither of the inputs are themselves widenings.
2626 * store.cc (store::eval_alias_1): The initial value of a pointer
2627 can't point to a region that was allocated on the heap after the
2628 beginning of the path. A widened pointer value can't alias anything
2629 that the initial pointer value can't alias.
2630 * svalue.cc (svalue::can_merge_p): Merge BINOP (X, OP, CST) with X
2631 to a widening svalue. Merge
2632 BINOP(WIDENING(BASE, BINOP(BASE, X)), X) and BINOP(BASE, X) to
2633 to the LHS of the first BINOP.
2634
26352020-08-26 David Malcolm <dmalcolm@redhat.com>
2636
2637 PR analyzer/96777
2638 * region-model.h (class compound_svalue): Document that all keys
2639 must be concrete.
2640 (compound_svalue::compound_svalue): Move definition to svalue.cc.
2641 * store.cc (binding_map::apply_ctor_to_region): Handle
2642 initializers for trailing arrays with incomplete size.
2643 * svalue.cc (compound_svalue::compound_svalue): Move definition
2644 here from region-model.h. Add assertion that all keys are
2645 concrete.
2646
e769f970
GA		 26472020-08-22 David Malcolm <dmalcolm@redhat.com>
2648
2649 PR analyzer/94851
2650 * region-model-manager.cc
2651 (region_model_manager::maybe_fold_binop): Fold bitwise "& 0" to 0.
2652
26532020-08-22 David Malcolm <dmalcolm@redhat.com>
2654
2655 * store.cc (store::eval_alias): Make const. Split out 2nd half
2656 into store::eval_alias_1 and call it twice for symmetry, avoiding
2657 test duplication.
2658 (store::eval_alias_1): New function, split out from the above.
2659 * store.h (store::eval_alias): Make const.
2660 (store::eval_alias_1): New decl.
2661
26622020-08-22 David Malcolm <dmalcolm@redhat.com>
2663
2664 * region-model.cc (region_model::push_frame): Bind the default
2665 SSA name for each parm if it exists, falling back to the parm
2666 itself otherwise, rather than doing both.
2667
5b9a3d2a
GA		 26682020-08-20 David Malcolm <dmalcolm@redhat.com>
2669
2670 PR analyzer/96723
2671 * region-model-manager.cc
2672 (region_model_manager::get_field_region): Assert that field is a
2673 FIELD_DECL.
2674 * region.cc (region::get_subregions_for_binding): In
2675 union-handling, filter the TYPE_FIELDS traversal to just FIELD_DECLs.
2676
26772020-08-20 David Malcolm <dmalcolm@redhat.com>
2678
2679 PR analyzer/96713
2680 * region-model.cc (region_model::get_gassign_result): For
2681 comparisons, only use eval_condition when the lhs has boolean
2682 type, and use get_or_create_constant_svalue on the boolean
2683 constants directly rather than via get_rvalue.
2684
04e23a40
GA		 26852020-08-19 David Malcolm <dmalcolm@redhat.com>
2686
2687 PR analyzer/96643
2688 * region-model.cc (region_model::deref_rvalue): Rather than
2689 attempting to handle all svalue kinds in the switch, only cover
2690 the special cases, and move symbolic-region handling to after
2691 the switch, thus implicitly handling the missing case SK_COMPOUND.
2692
26932020-08-19 David Malcolm <dmalcolm@redhat.com>
2694
2695 PR analyzer/96705
2696 * region-model-manager.cc
2697 (region_model_manager::maybe_fold_binop): Check that we have an
2698 integral type before calling build_int_cst.
2699
27002020-08-19 David Malcolm <dmalcolm@redhat.com>
2701
2702 PR analyzer/96699
2703 * region-model-manager.cc
2704 (region_model_manager::get_or_create_cast): Use FIX_TRUNC_EXPR for
2705 casting from REAL_TYPE to INTEGER_TYPE.
2706
27072020-08-19 David Malcolm <dmalcolm@redhat.com>
2708
2709 PR analyzer/96651
2710 * region-model.cc (region_model::called_from_main_p): New.
2711 (region_model::get_store_value): Move handling for globals into...
2712 (region_model::get_initial_value_for_global): ...this new
2713 function, and add logic for extracting values from decl
2714 initializers.
2715 * region-model.h (decl_region::get_svalue_for_constructor): New
2716 decl.
2717 (decl_region::get_svalue_for_initializer): New decl.
2718 (region_model::called_from_main_p): New decl.
2719 (region_model::get_initial_value_for_global): New.
2720 * region.cc (decl_region::maybe_get_constant_value): Move logic
2721 for getting an svalue from a CONSTRUCTOR node to...
2722 (decl_region::get_svalue_for_constructor): ...this new function.
2723 (decl_region::get_svalue_for_initializer): New.
2724 * store.cc (get_svalue_for_ctor_val): Rewrite in terms of
2725 region_model::get_rvalue.
2726 * store.h (binding_cluster::get_map): New accessor.
2727
27282020-08-19 David Malcolm <dmalcolm@redhat.com>
2729
2730 PR analyzer/96648
2731 * region.cc (get_field_at_bit_offset): Gracefully handle negative
2732 values for bit_offset.
2733
5c265693
GA		 27342020-08-18 David Malcolm <dmalcolm@redhat.com>
2735
2736 * region-model.cc (region_model::get_rvalue_1): Fix name of local.
2737
27382020-08-18 David Malcolm <dmalcolm@redhat.com>
2739
2740 PR analyzer/96641
2741 * region-model.cc (region_model::get_rvalue_1): Handle
2742 unrecognized tree codes by returning "UNKNOWN.
2743
27442020-08-18 David Malcolm <dmalcolm@redhat.com>
2745
2746 PR analyzer/96640
2747 * region-model.cc (region_model::get_gassign_result): Handle various
2748 VEC_* tree codes by returning UNKNOWN.
2749 (region_model::on_assignment): Handle unrecognized tree codes by
2750 setting lhs to an unknown value, rather than issuing a "sorry" and
2751 asserting.
2752
deee2322
GA		 27532020-08-17 David Malcolm <dmalcolm@redhat.com>
2754
2755 PR analyzer/96644
2756 * region-model-manager.cc (get_region_for_unexpected_tree_code):
2757 Handle ctxt being NULL.
2758
27592020-08-17 David Malcolm <dmalcolm@redhat.com>
2760
2761 PR analyzer/96639
2762 * region.cc (region::get_subregions_for_binding): Check for "type"
2763 being NULL.
2764
27652020-08-17 David Malcolm <dmalcolm@redhat.com>
2766
2767 PR analyzer/96642
2768 * store.cc (get_svalue_for_ctor_val): New.
2769 (binding_map::apply_ctor_to_region): Call it.
2770
661ee09b
GA		 27712020-08-14 David Malcolm <dmalcolm@redhat.com>
2772
2773 PR testsuite/96609
2774 PR analyzer/96616
2775 * region-model.cc (region_model::get_store_value): Call
2776 maybe_get_constant_value on decl_regions first.
2777 * region-model.h (decl_region::maybe_get_constant_value): New decl.
2778 * region.cc (decl_region::get_stack_depth): Likewise.
2779 (decl_region::maybe_get_constant_value): New.
2780 * store.cc (get_subregion_within_ctor): New.
2781 (binding_map::apply_ctor_to_region): New.
2782 * store.h (binding_map::apply_ctor_to_region): New decl.
2783
27842020-08-14 David Malcolm <dmalcolm@redhat.com>
2785
2786 PR analyzer/96611
2787 * store.cc (store::mark_as_escaped): Reject attempts to
2788 get a cluster for an unknown pointer.
2789
b3cb5606
GA		 27902020-08-13 David Malcolm <dmalcolm@redhat.com>
2791
5afd1882
ML		 2792 PR analyzer/93032
2793 PR analyzer/93938
2794 PR analyzer/94011
2795 PR analyzer/94099
2796 PR analyzer/94399
2797 PR analyzer/94458
2798 PR analyzer/94503
2799 PR analyzer/94640
2800 PR analyzer/94688
2801 PR analyzer/94689
2802 PR analyzer/94839
2803 PR analyzer/95026
2804 PR analyzer/95042
2805 PR analyzer/95240
b3cb5606
GA		 2806 * analyzer-logging.cc: Ignore "-Wformat-diag".
2807 (logger::enter_scope): Use inc_indent in both overloads.
2808 (logger::exit_scope): Use dec_indent.
2809 * analyzer-logging.h (logger::inc_indent): New.
2810 (logger::dec_indent): New.
2811 * analyzer-selftests.cc (run_analyzer_selftests): Call
2812 analyzer_store_cc_tests.
2813 * analyzer-selftests.h (analyzer_store_cc_tests): New decl.
2814 * analyzer.cc (get_stmt_location): New function.
2815 * analyzer.h (class initial_svalue): New forward decl.
2816 (class unaryop_svalue): New forward decl.
2817 (class binop_svalue): New forward decl.
2818 (class sub_svalue): New forward decl.
2819 (class unmergeable_svalue): New forward decl.
2820 (class placeholder_svalue): New forward decl.
2821 (class widening_svalue): New forward decl.
2822 (class compound_svalue): New forward decl.
2823 (class conjured_svalue): New forward decl.
2824 (svalue_set): New typedef.
2825 (class map_region): Delete.
2826 (class array_region): Delete.
2827 (class frame_region): New forward decl.
2828 (class function_region): New forward decl.
2829 (class label_region): New forward decl.
2830 (class decl_region): New forward decl.
2831 (class element_region): New forward decl.
2832 (class offset_region): New forward decl.
2833 (class cast_region): New forward decl.
2834 (class field_region): New forward decl.
2835 (class string_region): New forward decl.
2836 (class region_model_manager): New forward decl.
2837 (class store_manager): New forward decl.
2838 (class store): New forward decl.
2839 (class call_details): New forward decl.
2840 (struct svalue_id_merger_mapping): Delete.
2841 (struct canonicalization): Delete.
2842 (class function_point): New forward decl.
2843 (class engine): New forward decl.
2844 (dump_tree): New function decl.
2845 (print_quoted_type): New function decl.
2846 (readability_comparator): New function decl.
2847 (tree_cmp): New function decl.
2848 (class path_var): Move here from region-model.h
2849 (bit_offset_t, bit_size_t, byte_size_t): New typedefs.
2850 (class region_offset): New class.
2851 (get_stmt_location): New decl.
2852 (struct member_function_hash_traits): New struct.
2853 (class consolidation_map): New class.
2854 Ignore "-Wformat-diag".
2855 * analyzer.opt (-param=analyzer-max-svalue-depth=): New param.
2856 (-param=analyzer-max-enodes-for-full-dump=): New param.
2857 * call-string.cc: Ignore -Wformat-diag.
2858 * checker-path.cc: Move includes of "analyzer/call-string.h" and
2859 "analyzer/program-point.h" to before "analyzer/region-model.h",
2860 and also include "analyzer/store.h" before it.
2861 (state_change_event::state_change_event): Replace "tree var" param
2862 with "const svalue *sval". Convert "origin" param from tree to
2863 "const svalue *".
2864 (state_change_event::get_desc): Call get_representative_tree to
2865 convert the var and origin from const svalue * to tree. Use
2866 svalue::get_desc rather than %qE when describing state changes.
2867 (checker_path::add_final_event): Use get_stmt_location.
2868 * checker-path.h (state_change_event::state_change_event): Port
2869 from tree to const svalue *.
2870 (state_change_event::get_lvalue): Delete.
2871 (state_change_event::get_dest_function): New.
2872 (state_change_event::m_var): Replace with...
2873 (state_change_event::m_sval): ...this.
2874 (state_change_event::m_origin): Convert from tree to
2875 const svalue *.
2876 * constraint-manager.cc: Include "analyzer/call-string.h",
2877 "analyzer/program-point.h", and "analyzer/store.h" before
2878 "analyzer/region-model.h".
2879 (struct bound, struct range): Move to constraint-manager.h.
2880 (compare_constants): New function.
2881 (range::dump): Rename to...
2882 (range::dump_to_pp): ...this. Support NULL constants.
2883 (range::dump): Reintroduce for dumping to stderr.
2884 (range::constrained_to_single_element): Return result, rather than
2885 writing to *OUT.
2886 (range::eval_condition): New.
2887 (range::below_lower_bound): New.
2888 (range::above_upper_bound): New.
2889 (equiv_class::equiv_class): Port from svalue_id to const svalue *.
2890 (equiv_class::print): Likewise.
2891 (equiv_class::hash): Likewise.
2892 (equiv_class::operator==): Port from svalue_id to const svalue *.
2893 (equiv_class::add): Port from svalue_id to const svalue *. Drop
2894 "cm" param.
2895 (equiv_class::del): Port from svalue_id to const svalue *.
2896 (equiv_class::get_representative): Likewise.
2897 (equiv_class::remap_svalue_ids): Delete.
2898 (svalue_id_cmp_by_id): Rename to...
2899 (svalue_cmp_by_ptr): ...this, porting from svalue_id to
2900 const svalue *.
2901 (equiv_class::canonicalize): Update qsort comparator.
2902 (constraint::implied_by): New.
2903 (constraint_manager::constraint_manager): Copy m_mgr in copy ctor.
2904 (constraint_manager::dump_to_pp): Add "multiline" param
2905 (constraint_manager::dump): Pass "true" for "multiline".
2906 (constraint_manager::add_constraint): Port from svalue_id to
2907 const svalue *. Split out second part into...
2908 (constraint_manager::add_unknown_constraint): ...this new
2909 function. Remove self-constraints when merging equivalence
2910 classes.
2911 (constraint_manager::add_constraint_internal): Remove constraints
2912 that would be implied by the new constraint. Port from svalue_id
2913 to const svalue *.
2914 (constraint_manager::get_equiv_class_by_sid): Rename to...
2915 (constraint_manager::get_equiv_class_by_svalue): ...this, porting
2916 from svalue_id to const svalue *.
2917 (constraint_manager::get_or_add_equiv_class): Port from svalue_id
2918 to const svalue *.
2919 (constraint_manager::eval_condition): Make const. Call
2920 compare_constants and return early if it provides a known result.
2921 (constraint_manager::get_ec_bounds): New.
2922 (constraint_manager::eval_condition): New overloads. Make
2923 existing one const, and use compare_constants.
2924 (constraint_manager::purge): Convert "p" param to a template
2925 rather that an abstract base class. Port from svalue_id to
2926 const svalue *.
2927 (class dead_svalue_purger): New class.
2928 (constraint_manager::remap_svalue_ids): Delete.
2929 (constraint_manager::on_liveness_change): New.
2930 (equiv_class_cmp): Port from svalue_id to const svalue *.
2931 (constraint_manager::canonicalize): Likewise. Combine with
2932 purging of redundant equivalence classes and constraints.
2933 (class cleaned_constraint_manager): Delete.
2934 (class merger_fact_visitor): Make "m_cm_b" const. Add "m_merger"
2935 field.
2936 (merger_fact_visitor::fact): Port from svalue_id to const svalue *.
2937 Add special case for widening.
2938 (constraint_manager::merge): Port from svalue_id to const svalue *.
2939 (constraint_manager::clean_merger_input): Delete.
2940 (constraint_manager::for_each_fact): Port from svalue_id to
2941 const svalue *.
2942 (constraint_manager::validate): Likewise.
2943 (selftest::test_constraint_conditions): Provide a
2944 region_model_manager when creating region_model instances.
2945 Add test for self-equality not creating equivalence classes.
2946 (selftest::test_transitivity): Provide a region_model_manager when
2947 creating region_model instances. Verify that EC-merging happens
2948 when constraints are implied.
2949 (selftest::test_constant_comparisons): Provide a
2950 region_model_manager when creating region_model instances.
2951 (selftest::test_constraint_impl): Likewise. Remove over-specified
2952 assertions.
2953 (selftest::test_equality): Provide a region_model_manager when
2954 creating region_model instances.
2955 (selftest::test_many_constants): Likewise. Provide a
2956 program_point when testing merging.
2957 (selftest::run_constraint_manager_tests): Move call to
2958 test_constant_comparisons to outside the transitivity guard.
2959 * constraint-manager.h (struct bound): Move here from
2960 constraint-manager.cc.
2961 (struct range): Likewise.
2962 (struct::eval_condition): New decl.
2963 (struct::below_lower_bound): New decl.
2964 (struct::above_upper_bound): New decl.
2965 (equiv_class::add): Port from svalue_id to const svalue *.
2966 (equiv_class::del): Likewise.
2967 (equiv_class::get_representative): Likewise.
2968 (equiv_class::remap_svalue_ids): Drop.
2969 (equiv_class::m_cst_sid): Convert to..
2970 (equiv_class::m_cst_sval): ...this.
2971 (equiv_class::m_vars): Port from svalue_id to const svalue *.
2972 (constraint::bool implied_by): New decl.
2973 (fact_visitor::on_fact): Port from svalue_id to const svalue *.
2974 (constraint_manager::constraint_manager): Add mgr param.
2975 (constraint_manager::clone): Delete.
2976 (constraint_manager::maybe_get_constant): Delete.
2977 (constraint_manager::get_sid_for_constant): Delete.
2978 (constraint_manager::get_num_svalues): Delete.
2979 (constraint_manager::dump_to_pp): Add "multiline" param.
2980 (constraint_manager::get_equiv_class): Port from svalue_id to
2981 const svalue *.
2982 (constraint_manager::add_constraint): Likewise.
2983 (constraint_manager::get_equiv_class_by_sid): Rename to...
2984 (constraint_manager::get_equiv_class_by_svalue): ...this, porting
2985 from svalue_id to const svalue *.
2986 (constraint_manager::add_unknown_constraint): New decl.
2987 (constraint_manager::get_or_add_equiv_class): Port from svalue_id
2988 to const svalue *.
2989 (constraint_manager::eval_condition): Likewise. Add overloads.
2990 (constraint_manager::get_ec_bounds): New decl.
2991 (constraint_manager::purge): Convert to template.
2992 (constraint_manager::remap_svalue_ids): Delete.
2993 (constraint_manager::on_liveness_change): New decl.
2994 (constraint_manager::canonicalize): Drop param.
2995 (constraint_manager::clean_merger_input): Delete.
2996 (constraint_manager::m_mgr): New field.
2997 * diagnostic-manager.cc: Move includes of
2998 "analyzer/call-string.h" and "analyzer/program-point.h" to before
2999 "analyzer/region-model.h", and also include "analyzer/store.h"
3000 before it.
3001 (saved_diagnostic::saved_diagnostic): Add "sval" param.
3002 (diagnostic_manager::diagnostic_manager): Add engine param.
3003 (diagnostic_manager::add_diagnostic): Add "sval" param, passing it
3004 to saved_diagnostic ctor. Update overload to pass NULL for it.
3005 (dedupe_winners::dedupe_winners): Add engine param.
3006 (dedupe_winners::add): Add "eg" param. Pass m_engine to
3007 feasible_p.
3008 (dedupe_winner::m_engine): New field.
3009 (diagnostic_manager::emit_saved_diagnostics): Pass engine to
3010 dedupe_winners. Pass &eg when adding candidates. Pass svalue
3011 rather than tree to prune_path. Use get_stmt_location to get
3012 primary location of diagnostic.
3013 (diagnostic_manager::emit_saved_diagnostic): Likewise.
3014 (get_any_origin): Drop.
3015 (state_change_event_creator::on_global_state_change): Pass NULL
3016 const svalue * rather than NULL_TREE trees to state_change_event
3017 ctor.
3018 (state_change_event_creator::on_state_change): Port from tree and
3019 svalue_id to const svalue *.
3020 (for_each_state_change): Port from svalue_id to const svalue *.
3021 (struct null_assignment_sm_context): New.
3022 (diagnostic_manager::add_events_for_eedge): Add state change
3023 events for assignment to NULL.
3024 (diagnostic_manager::prune_path): Update param from tree to
3025 const svalue *.
3026 (diagnostic_manager::prune_for_sm_diagnostic): Port from tracking
3027 by tree to by const svalue *.
3028 * diagnostic-manager.h (saved_diagnostic::saved_diagnostic): Add sval
3029 param.
3030 (saved_diagnostic::m_sval): New field.
3031 (diagnostic_manager::diagnostic_manager): Add engine param.
3032 (diagnostic_manager::get_engine): New.
3033 (diagnostic_manager::add_diagnostic): Add "sval" param.
3034 (diagnostic_manager::prune_path): Likewise.
3035 (diagnostic_manager::prune_for_sm_diagnostic): New overload.
3036 (diagnostic_manager::m_eng): New field.
3037 * engine.cc: Move includes of "analyzer/call-string.h" and
3038 "analyzer/program-point.h" to before "analyzer/region-model.h",
3039 and also include "analyzer/store.h" before it.
3040 (impl_region_model_context::impl_region_model_context): Update for
3041 removal of m_change field.
3042 (impl_region_model_context::remap_svalue_ids): Delete.
3043 (impl_region_model_context::on_svalue_leak): New.
3044 (impl_region_model_context::on_svalue_purge): Delete.
3045 (impl_region_model_context::on_liveness_change): New.
3046 (impl_region_model_context::on_unknown_change): Update param
3047 from svalue_id to const svalue *. Add is_mutable param.
3048 (setjmp_svalue::compare_fields): Delete.
3049 (setjmp_svalue::accept): New.
3050 (setjmp_svalue::add_to_hash): Delete.
3051 (setjmp_svalue::dump_to_pp): New.
3052 (setjmp_svalue::print_details): Delete.
3053 (impl_sm_context::impl_sm_context): Drop "change" param.
3054 (impl_sm_context::get_fndecl_for_call): Drop "m_change".
3055 (impl_sm_context::on_transition): Drop ATTRIBUTE_UNUSED from
3056 "stmt" param. Drop m_change. Port from svalue_id to
3057 const svalue *.
3058 (impl_sm_context::warn_for_state): Drop m_change. Port from
3059 svalue_id to const svalue *.
3060 (impl_sm_context::get_readable_tree): Rename to...
3061 (impl_sm_context::get_diagnostic_tree): ...this. Port from
3062 svalue_id to const svalue *.
3063 (impl_sm_context::is_zero_assignment): New.
3064 (impl_sm_context::m_change): Delete field.
3065 (leak_stmt_finder::find_stmt): Handle m_var being NULL.
3066 (readability): Increase penalty for MEM_REF. For SSA_NAMEs,
3067 slightly favor the underlying var over the SSA name. Heavily
3068 penalize temporaries. Handle RESULT_DECL.
3069 (readability_comparator): Make non-static. Consider stack depths.
3070 (impl_region_model_context::on_state_leak): Convert from svalue_id
3071 to const svalue *, updating for region_model changes. Use
3072 id_equal.
3073 (impl_region_model_context::on_inherited_svalue): Delete.
3074 (impl_region_model_context::on_cast): Delete.
3075 (impl_region_model_context::on_condition): Drop m_change.
3076 (impl_region_model_context::on_phi): Likewise.
3077 (impl_region_model_context::on_unexpected_tree_code): Handle t
3078 being NULL.
3079 (point_and_state::validate): Update stack checking for
3080 region_model changes.
3081 (eg_traits::dump_args_t::show_enode_details_p): New.
3082 (exploded_node::exploded_node): Initialize m_num_processed_stmts.
3083 (exploded_node::get_processed_stmt): New function.
3084 (exploded_node::get_dot_fillcolor): Add more colors.
3085 (exploded_node::dump_dot): Guard the printing of the point and
3086 state with show_enode_details_p. Print the processed stmts for
3087 this enode after the initial state.
3088 (exploded_node::dump_to_pp): Pass true for new multiline param
3089 of program_state::dump_to_pp.
3090 (exploded_node::on_stmt): Drop "change" param. Log the stmt.
3091 Set input_location. Implement __analyzer_describe. Update
3092 implementation of __analyzer_dump and __analyzer_eval.
3093 Remove purging of sm-state for unknown fncalls from here.
3094 (exploded_node::on_edge): Drop "change" param.
3095 (exploded_node::on_longjmp): Port from region_id/svalue_id to
3096 const region */const svalue *. Call program_state::detect_leaks.
3097 Drop state_change.
3098 (exploded_node::detect_leaks): Update for changes to region_model.
3099 Call program_state::detect_leaks.
3100 (exploded_edge::exploded_edge): Drop ext_state and change params.
3101 (exploded_edge::dump_dot): "args" is no longer used. Drop dumping
3102 of m_change.
3103 (exploded_graph::exploded_graph): Pass engine to
3104 m_diagnostic_manager ctor. Use program_point::origin.
3105 (exploded_graph::add_function_entry): Drop ctxt. Use
3106 program_state::push_frame. Drop state_change.
3107 (exploded_graph::get_or_create_node): Drop "change" param. Add
3108 "enode_for_diag" param. Update dumping calls for API changes.
3109 Pass point to can_merge_with_p. Show enode indices
3110 within -Wanalyzer-too-complex diagnostic for hitting the per-point
3111 limit.
3112 (exploded_graph::add_edge): Drop "change" param. Log which nodes
3113 are being connected. Update for changes to exploded_edge ctor.
3114 (exploded_graph::get_per_program_point_data): New.
3115 (exploded_graph::process_worklist): Pass point to
3116 can_merge_with_p. Drop state_change. Update dumping call for API
3117 change.
3118 (exploded_graph::process_node): Drop state_change. Split the
3119 node in-place if an sm-state-change occurs. Update
3120 m_num_processed_stmts. Update dumping calls for API change.
3121 (exploded_graph::log_stats): Call engine::log_stats.
3122 (exploded_graph::dump_states_for_supernode): Update dumping
3123 call.
3124 (exploded_path::feasible_p): Add "eng" and "eg" params.
3125 Rename "i" to "end_idx". Pass the manager to the region_model
3126 ctor. Update for every processed stmt in the enode, not just the
3127 first. Keep track of which snodes have been visited, and call
3128 loop_replay_fixup when revisiting one.
3129 (enode_label::get_text): Update dump call for new param.
3130 (exploded_graph::dump_exploded_nodes): Likewise.
3131 (exploded_graph::get_node_by_index): New.
3132 (impl_run_checkers): Create engine instance and pass its address
3133 to extrinsic_state ctor.
3134 * exploded-graph.h
3135 (impl_region_model_context::impl_region_model_context): Drop
3136 "change" params.
3137 (impl_region_model_context::void remap_svalue_ids): Delete.
3138 (impl_region_model_context::on_svalue_purge): Delete.
3139 (impl_region_model_context::on_svalue_leak): New.
3140 (impl_region_model_context::on_liveness_change): New.
3141 (impl_region_model_context::on_state_leak): Update signature.
3142 (impl_region_model_context::on_inherited_svalue): Delete.
3143 (impl_region_model_context::on_cast): Delete.
3144 (impl_region_model_context::on_unknown_change): Update signature.
3145 (impl_region_model_context::m_change): Delete.
3146 (eg_traits::dump_args_t::show_enode_details_p): New.
3147 (exploded_node::on_stmt): Drop "change" param.
3148 (exploded_node::on_edge): Likewise.
3149 (exploded_node::get_processed_stmt): New decl.
3150 (exploded_node::m_num_processed_stmts): New field.
3151 (exploded_edge::exploded_edge): Drop ext_state and change params.
3152 (exploded_edge::m_change): Delete.
3153 (exploded_graph::get_engine): New accessor.
3154 (exploded_graph::get_or_create_node): Drop "change" param. Add
3155 "enode_for_diag" param.
3156 (exploded_graph::add_edge): Drop "change" param.
3157 (exploded_graph::get_per_program_point_data): New decl.
3158 (exploded_graph::get_node_by_index): New decl.
3159 (exploded_path::feasible_p): Add "eng" and "eg" params.
3160 * program-point.cc: Include "analyzer/store.h" before including
3161 "analyzer/region-model.h".
3162 (function_point::function_point): Move here from
3163 program-point.h.
3164 (function_point::get_function): Likewise.
3165 (function_point::from_function_entry): Likewise.
3166 (function_point::before_supernode): Likewise.
3167 (function_point::next_stmt): New function.
3168 * program-point.h (function_point::function_point): Move
3169 implementation from here to program-point.cc.
3170 (function_point::get_function): Likewise.
3171 (function_point::from_function_entry): Likewise.
3172 (function_point::before_supernode): Likewise.
3173 (function_point::next_stmt): New decl.
3174 (program_point::operator!=): New.
3175 (program_point::origin): New.
3176 (program_point::next_stmt): New.
3177 (program_point::m_function_point): Make non-const.
3178 * program-state.cc: Move includes of "analyzer/call-string.h" and
3179 "analyzer/program-point.h" to before "analyzer/region-model.h",
3180 and also include "analyzer/store.h" before it.
3181 (extrinsic_state::get_model_manager): New.
3182 (sm_state_map::sm_state_map): Pass in sm and sm_idx to ctor,
3183 rather than pass the around.
3184 (sm_state_map::clone_with_remapping): Delete.
3185 (sm_state_map::print): Remove "sm" param in favor of "m_sm". Add
3186 "simple" and "multiline" params and support multiline vs single
3187 line dumping.
3188 (sm_state_map::dump): Remove "sm" param in favor of "m_sm". Add
3189 "simple" param.
3190 (sm_state_map::hash): Port from svalue_id to const svalue *.
3191 (sm_state_map::operator==): Likewise.
3192 (sm_state_map::get_state): Likewise. Call canonicalize_svalue on
3193 input. Handle inheritance of sm-state. Call get_default_state.
3194 (sm_state_map::get_origin): Port from svalue_id to const svalue *.
3195 (sm_state_map::set_state): Likewise. Pass in ext_state. Reject
3196 attempts to set state on UNKNOWN.
3197 (sm_state_map::impl_set_state): Port from svalue_id to
3198 const svalue *. Pass in ext_state. Call canonicalize_svalue on
3199 input.
3200 (sm_state_map::purge_for_unknown_fncall): Delete.
3201 (sm_state_map::on_svalue_leak): New.
3202 (sm_state_map::remap_svalue_ids): Delete.
3203 (sm_state_map::on_liveness_change): New.
3204 (sm_state_map::on_unknown_change): Reimplement.
3205 (sm_state_map::on_svalue_purge): Delete.
3206 (sm_state_map::on_inherited_svalue): Delete.
3207 (sm_state_map::on_cast): Delete.
3208 (sm_state_map::validate): Delete.
3209 (sm_state_map::canonicalize_svalue): New.
3210 (program_state::program_state): Update to pass manager to
3211 region_model's ctor. Constify num_states and pass state machine
3212 and index to sm_state_map ctor.
3213 (program_state::print): Update for changes to dump API.
3214 (program_state::dump_to_pp): Ignore the summarize param. Add
3215 "multiline" param.
3216 (program_state::dump_to_file): Add "multiline" param.
3217 (program_state::dump): Pass "true" for new "multiline" param.
3218 (program_state::push_frame): New.
3219 (program_state::on_edge): Drop "change" param. Call
3220 program_state::detect_leaks.
3221 (program_state::prune_for_point): Add enode_for_diag param.
3222 Reimplement based on store class. Call detect_leaks
3223 (program_state::remap_svalue_ids): Delete.
3224 (program_state::get_representative_tree): Port from svalue_id to
3225 const svalue *.
3226 (program_state::can_merge_with_p): Add "point" param. Add early
3227 reject for sm-differences. Drop id remapping.
3228 (program_state::validate): Drop region model and sm_state_map
3229 validation.
3230 (state_change::sm_change::dump): Delete.
3231 (state_change::sm_change::remap_svalue_ids): Delete.
3232 (state_change::sm_change::on_svalue_purge): Delete.
3233 (log_set_of_svalues): New.
3234 (state_change::sm_change::validate): Delete.
3235 (state_change::state_change): Delete.
3236 (state_change::add_sm_change): Delete.
3237 (state_change::affects_p): Delete.
3238 (state_change::dump): Delete.
3239 (state_change::remap_svalue_ids): Delete.
3240 (state_change::on_svalue_purge): Delete.
3241 (state_change::validate): Delete.
3242 (selftest::assert_dump_eq): Delete.
3243 (ASSERT_DUMP_EQ): Delete.
3244 (selftest::test_sm_state_map): Update for changes to region_model
3245 and sm_state_map, porting from svalue_id to const svalue *.
3246 (selftest::test_program_state_dumping): Likewise. Drop test of
3247 dumping, renaming to...
3248 (selftest::test_program_state_1): ...this.
3249 (selftest::test_program_state_dumping_2): Likewise, renaming to...
3250 (selftest::test_program_state_2): ...this.
3251 (selftest::test_program_state_merging): Update for changes to
3252 region_model.
3253 (selftest::test_program_state_merging_2): Likewise.
3254 (selftest::analyzer_program_state_cc_tests): Update for renamed
3255 tests.
3256 * program-state.h (extrinsic_state::extrinsic_state): Add logger
3257 and engine params.
3258 (extrinsic_state::get_logger): New accessor.
3259 (extrinsic_state::get_engine): New accessor.
3260 (extrinsic_state::get_model_manager): New accessor.
3261 (extrinsic_state::m_logger): New field.
3262 (extrinsic_state::m_engine): New field.
3263 (struct default_hash_traits<svalue_id>): Delete.
3264 (pod_hash_traits<svalue_id>::hash): Delete.
3265 (pod_hash_traits<svalue_id>::equal): Delete.
3266 (pod_hash_traits<svalue_id>::mark_deleted): Delete.
3267 (pod_hash_traits<svalue_id>::mark_empty): Delete.
3268 (pod_hash_traits<svalue_id>::is_deleted): Delete.
3269 (pod_hash_traits<svalue_id>::is_empty): Delete.
3270 (sm_state_map::entry_t::entry_t): Port from svalue_id to
3271 const svalue *.
3272 (sm_state_map::entry_t::m_origin): Likewise.
3273 (sm_state_map::map_t): Likewise.
3274 (sm_state_map::sm_state_map): Add state_machine and index params.
3275 (sm_state_map::clone_with_remapping): Delete.
3276 (sm_state_map::print): Drop sm param; add simple and multiline
3277 params.
3278 (sm_state_map::dump): Drop sm param; add simple param.
3279 (sm_state_map::get_state): Port from svalue_id to const svalue *.
3280 Add ext_state param.
3281 (sm_state_map::get_origin): Likewise.
3282 (sm_state_map::set_state): Likewise.
3283 (sm_state_map::impl_set_state): Likewise.
3284 (sm_state_map::purge_for_unknown_fncall): Delete.
3285 (sm_state_map::remap_svalue_ids): Delete.
3286 (sm_state_map::on_svalue_purge): Delete.
3287 (sm_state_map::on_svalue_leak): New.
3288 (sm_state_map::on_liveness_change): New.
3289 (sm_state_map::on_inherited_svalue): Delete.
3290 (sm_state_map::on_cast): Delete.
3291 (sm_state_map::validate): Delete.
3292 (sm_state_map::on_unknown_change): Port from svalue_id to
3293 const svalue *. Add is_mutable and ext_state params.
3294 (sm_state_map::canonicalize_svalue): New.
3295 (sm_state_map::m_sm): New field.
3296 (sm_state_map::m_sm_idx): New field.
3297 (program_state::operator=): Delete.
3298 (program_state::dump_to_pp): Drop "summarize" param, adding
3299 "simple" and "multiline".
3300 (program_state::dump_to_file): Likewise.
3301 (program_state::dump): Rename "summarize" to "simple".
3302 (program_state::push_frame): New.
3303 (program_state::get_current_function): New.
3304 (program_state::on_edge): Drop "change" param.
3305 (program_state::prune_for_point): Likewise. Add enode_for_diag
3306 param.
3307 (program_state::remap_svalue_ids): Delete.
3308 (program_state::get_representative_tree): Port from svalue_id to
3309 const svalue *.
3310 (program_state::can_purge_p): Likewise. Pass ext_state to get_state.
3311 (program_state::can_merge_with_p): Add point param.
3312 (program_state::detect_leaks): New.
3313 (state_change_visitor::on_state_change): Port from tree and
3314 svalue_id to a pair of const svalue *.
3315 (class state_change): Delete.
3316 * region.cc: New file.
3317 * region-model-impl-calls.cc: New file.
3318 * region-model-manager.cc: New file.
3319 * region-model-reachability.cc: New file.
3320 * region-model-reachability.h: New file.
3321 * region-model.cc: Include "analyzer/call-string.h",
3322 "analyzer/program-point.h", and "analyzer/store.h" before
3323 "analyzer/region-model.h". Include
3324 "analyzer/region-model-reachability.h".
3325 (dump_tree): Make non-static.
3326 (dump_quoted_tree): Make non-static.
3327 (print_quoted_type): Make non-static.
3328 (path_var::dump): Delete.
3329 (dump_separator): Delete.
3330 (class impl_constraint_manager): Delete.
3331 (svalue_id::print): Delete.
3332 (svalue_id::dump_node_name_to_pp): Delete.
3333 (svalue_id::validate): Delete.
3334 (region_id::print): Delete.
3335 (region_id::dump_node_name_to_pp): Delete.
3336 (region_id::validate): Delete.
3337 (region_id_set::region_id_set): Delete.
3338 (svalue_id_set::svalue_id_set): Delete.
3339 (svalue::operator==): Delete.
3340 (svalue::hash): Delete.
3341 (svalue::print): Delete.
3342 (svalue::dump_dot_to_pp): Delete.
3343 (svalue::remap_region_ids): Delete.
3344 (svalue::walk_for_canonicalization): Delete.
3345 (svalue::get_child_sid): Delete.
3346 (svalue::maybe_get_constant): Delete.
3347 (region_svalue::compare_fields): Delete.
3348 (region_svalue::add_to_hash): Delete.
3349 (region_svalue::print_details): Delete.
3350 (region_svalue::dump_dot_to_pp): Delete.
3351 (region_svalue::remap_region_ids): Delete.
3352 (region_svalue::merge_values): Delete.
3353 (region_svalue::walk_for_canonicalization): Delete.
3354 (region_svalue::eval_condition): Delete.
3355 (constant_svalue::compare_fields): Delete.
3356 (constant_svalue::add_to_hash): Delete.
3357 (constant_svalue::merge_values): Delete.
3358 (constant_svalue::eval_condition): Move to svalue.cc.
3359 (constant_svalue::print_details): Delete.
3360 (constant_svalue::get_child_sid): Delete.
3361 (unknown_svalue::compare_fields): Delete.
3362 (unknown_svalue::add_to_hash): Delete.
3363 (unknown_svalue::print_details): Delete.
3364 (poison_kind_to_str): Move to svalue.cc.
3365 (poisoned_svalue::compare_fields): Delete.
3366 (poisoned_svalue::add_to_hash): Delete.
3367 (poisoned_svalue::print_details): Delete.
3368 (region_kind_to_str): Move to region.cc and reimplement.
3369 (region::operator==): Delete.
3370 (region::get_parent_region): Delete.
3371 (region::set_value): Delete.
3372 (region::become_active_view): Delete.
3373 (region::deactivate_any_active_view): Delete.
3374 (region::deactivate_view): Delete.
3375 (region::get_value): Delete.
3376 (region::get_inherited_child_sid): Delete.
3377 (region_model::copy_region): Delete.
3378 (region_model::copy_struct_region): Delete.
3379 (region_model::copy_union_region): Delete.
3380 (region_model::copy_array_region): Delete.
3381 (region::hash): Delete.
3382 (region::print): Delete.
3383 (region::dump_dot_to_pp): Delete.
3384 (region::dump_to_pp): Delete.
3385 (region::dump_child_label): Delete.
3386 (region::validate): Delete.
3387 (region::remap_svalue_ids): Delete.
3388 (region::remap_region_ids): Delete.
3389 (region::add_view): Delete.
3390 (region::get_view): Delete.
3391 (region::region): Move to region.cc.
3392 (region::add_to_hash): Delete.
3393 (region::print_fields): Delete.
3394 (region::non_null_p): Delete.
3395 (primitive_region::clone): Delete.
3396 (primitive_region::walk_for_canonicalization): Delete.
3397 (map_region::map_region): Delete.
3398 (map_region::compare_fields): Delete.
3399 (map_region::print_fields): Delete.
3400 (map_region::validate): Delete.
3401 (map_region::dump_dot_to_pp): Delete.
3402 (map_region::dump_child_label): Delete.
3403 (map_region::get_or_create): Delete.
3404 (map_region::get): Delete.
3405 (map_region::add_to_hash): Delete.
3406 (map_region::remap_region_ids): Delete.
3407 (map_region::unbind): Delete.
3408 (map_region::get_tree_for_child_region): Delete.
3409 (map_region::get_tree_for_child_region): Delete.
3410 (tree_cmp): Move to region.cc.
3411 (map_region::can_merge_p): Delete.
3412 (map_region::walk_for_canonicalization): Delete.
3413 (map_region::get_value_by_name): Delete.
3414 (struct_or_union_region::valid_key_p): Delete.
3415 (struct_or_union_region::compare_fields): Delete.
3416 (struct_region::clone): Delete.
3417 (struct_region::compare_fields): Delete.
3418 (union_region::clone): Delete.
3419 (union_region::compare_fields): Delete.
3420 (frame_region::compare_fields): Delete.
3421 (frame_region::clone): Delete.
3422 (frame_region::valid_key_p): Delete.
3423 (frame_region::print_fields): Delete.
3424 (frame_region::add_to_hash): Delete.
3425 (globals_region::compare_fields): Delete.
3426 (globals_region::clone): Delete.
3427 (globals_region::valid_key_p): Delete.
3428 (code_region::compare_fields): Delete.
3429 (code_region::clone): Delete.
3430 (code_region::valid_key_p): Delete.
3431 (array_region::array_region): Delete.
3432 (array_region::get_element): Delete.
3433 (array_region::clone): Delete.
3434 (array_region::compare_fields): Delete.
3435 (array_region::print_fields): Delete.
3436 (array_region::validate): Delete.
3437 (array_region::dump_dot_to_pp): Delete.
3438 (array_region::dump_child_label): Delete.
3439 (array_region::get_or_create): Delete.
3440 (array_region::get): Delete.
3441 (array_region::add_to_hash): Delete.
3442 (array_region::remap_region_ids): Delete.
3443 (array_region::get_key_for_child_region): Delete.
3444 (array_region::key_cmp): Delete.
3445 (array_region::walk_for_canonicalization): Delete.
3446 (array_region::key_from_constant): Delete.
3447 (array_region::constant_from_key): Delete.
3448 (function_region::compare_fields): Delete.
3449 (function_region::clone): Delete.
3450 (function_region::valid_key_p): Delete.
3451 (stack_region::stack_region): Delete.
3452 (stack_region::compare_fields): Delete.
3453 (stack_region::clone): Delete.
3454 (stack_region::print_fields): Delete.
3455 (stack_region::dump_child_label): Delete.
3456 (stack_region::validate): Delete.
3457 (stack_region::push_frame): Delete.
3458 (stack_region::get_current_frame_id): Delete.
3459 (stack_region::pop_frame): Delete.
3460 (stack_region::add_to_hash): Delete.
3461 (stack_region::remap_region_ids): Delete.
3462 (stack_region::can_merge_p): Delete.
3463 (stack_region::walk_for_canonicalization): Delete.
3464 (stack_region::get_value_by_name): Delete.
3465 (heap_region::heap_region): Delete.
3466 (heap_region::compare_fields): Delete.
3467 (heap_region::clone): Delete.
3468 (heap_region::walk_for_canonicalization): Delete.
3469 (root_region::root_region): Delete.
3470 (root_region::compare_fields): Delete.
3471 (root_region::clone): Delete.
3472 (root_region::print_fields): Delete.
3473 (root_region::validate): Delete.
3474 (root_region::dump_child_label): Delete.
3475 (root_region::push_frame): Delete.
3476 (root_region::get_current_frame_id): Delete.
3477 (root_region::pop_frame): Delete.
3478 (root_region::ensure_stack_region): Delete.
3479 (root_region::get_stack_region): Delete.
3480 (root_region::ensure_globals_region): Delete.
3481 (root_region::get_code_region): Delete.
3482 (root_region::ensure_code_region): Delete.
3483 (root_region::get_globals_region): Delete.
3484 (root_region::ensure_heap_region): Delete.
3485 (root_region::get_heap_region): Delete.
3486 (root_region::remap_region_ids): Delete.
3487 (root_region::can_merge_p): Delete.
3488 (root_region::add_to_hash): Delete.
3489 (root_region::walk_for_canonicalization): Delete.
3490 (root_region::get_value_by_name): Delete.
3491 (symbolic_region::symbolic_region): Delete.
3492 (symbolic_region::compare_fields): Delete.
3493 (symbolic_region::clone): Delete.
3494 (symbolic_region::walk_for_canonicalization): Delete.
3495 (symbolic_region::print_fields): Delete.
3496 (region_model::region_model): Add region_model_manager * param.
3497 Reimplement in terms of store, dropping impl_constraint_manager
3498 subclass.
3499 (region_model::operator=): Reimplement in terms of store
3500 (region_model::operator==): Likewise.
3501 (region_model::hash): Likewise.
3502 (region_model::print): Delete.
3503 (region_model::print_svalue): Delete.
3504 (region_model::dump_dot_to_pp): Delete.
3505 (region_model::dump_dot_to_file): Delete.
3506 (region_model::dump_dot): Delete.
3507 (region_model::dump_to_pp): Replace "summarize" param with
3508 "simple" and "multiline". Port to store-based implementation.
3509 (region_model::dump): Replace "summarize" param with "simple" and
3510 "multiline".
3511 (dump_vec_of_tree): Delete.
3512 (region_model::dump_summary_of_rep_path_vars): Delete.
3513 (region_model::validate): Delete.
3514 (svalue_id_cmp_by_constant_svalue_model): Delete.
3515 (svalue_id_cmp_by_constant_svalue): Delete.
3516 (region_model::canonicalize): Drop "ctxt" param. Reimplement in
3517 terms of store and constraints.
3518 (region_model::canonicalized_p): Remove NULL arg to canonicalize.
3519 (region_model::loop_replay_fixup): New.
3520 (poisoned_value_diagnostic::emit): Tweak wording of warnings.
3521 (region_model::check_for_poison): Delete.
3522 (region_model::get_gassign_result): New.
3523 (region_model::on_assignment): Port to store-based implementation.
3524 (region_model::on_call_pre): Delete calls to check_for_poison.
3525 Move implementations to region-model-impl-calls.c and port to
3526 store-based implementation.
3527 (region_model::on_call_post): Likewise.
3528 (class reachable_regions): Move to region-model-reachability.h/cc
3529 and port to store-based implementation.
3530 (region_model::handle_unrecognized_call): Port to store-based
3531 implementation.
3532 (region_model::get_reachable_svalues): New.
3533 (region_model::on_setjmp): Port to store-based implementation.
3534 (region_model::on_longjmp): Likewise.
3535 (region_model::handle_phi): Drop is_back_edge param and the logic
3536 using it.
3537 (region_model::get_lvalue_1): Port from region_id to const region *.
3538 (region_model::make_region_for_unexpected_tree_code): Delete.
3539 (assert_compat_types): If the check fails, use internal_error to
3540 show the types.
3541 (region_model::get_lvalue): Port from region_id to const region *.
3542 (region_model::get_rvalue_1): Port from svalue_id to const svalue *.
3543 (region_model::get_rvalue): Likewise.
3544 (region_model::get_or_create_ptr_svalue): Delete.
3545 (region_model::get_or_create_constant_svalue): Delete.
3546 (region_model::get_svalue_for_fndecl): Delete.
3547 (region_model::get_region_for_fndecl): Delete.
3548 (region_model::get_svalue_for_label): Delete.
3549 (region_model::get_region_for_label): Delete.
3550 (build_cast): Delete.
3551 (region_model::maybe_cast_1): Delete.
3552 (region_model::maybe_cast): Delete.
3553 (region_model::get_field_region): Delete.
3554 (region_model::get_store_value): New.
3555 (region_model::region_exists_p): New.
3556 (region_model::deref_rvalue): Port from svalue_id to const svalue *.
3557 (region_model::set_value): Likewise.
3558 (region_model::clobber_region): New.
3559 (region_model::purge_region): New.
3560 (region_model::zero_fill_region): New.
3561 (region_model::mark_region_as_unknown): New.
3562 (region_model::eval_condition): Port from svalue_id to
3563 const svalue *.
3564 (region_model::eval_condition_without_cm): Likewise.
3565 (region_model::compare_initial_and_pointer): New.
3566 (region_model::add_constraint): Port from svalue_id to
3567 const svalue *.
3568 (region_model::maybe_get_constant): Delete.
3569 (region_model::get_representative_path_var): New.
3570 (region_model::add_new_malloc_region): Delete.
3571 (region_model::get_representative_tree): Port to const svalue *.
3572 (region_model::get_representative_path_var): Port to
3573 const region *.
3574 (region_model::get_path_vars_for_svalue): Delete.
3575 (region_model::set_to_new_unknown_value): Delete.
3576 (region_model::update_for_phis): Don't pass is_back_edge to handle_phi.
3577 (region_model::update_for_call_superedge): Port from svalue_id to
3578 const svalue *.
3579 (region_model::update_for_return_superedge): Port to store-based
3580 implementation.
3581 (region_model::update_for_call_summary): Replace
3582 set_to_new_unknown_value with mark_region_as_unknown.
3583 (region_model::get_root_region): Delete.
3584 (region_model::get_stack_region_id): Delete.
3585 (region_model::push_frame): Delete.
3586 (region_model::get_current_frame_id): Delete.
3587 (region_model::get_current_function): Delete.
3588 (region_model::pop_frame): Delete.
3589 (region_model::on_top_level_param): New.
3590 (region_model::get_stack_depth): Delete.
3591 (region_model::get_function_at_depth): Delete.
3592 (region_model::get_globals_region_id): Delete.
3593 (region_model::add_svalue): Delete.
3594 (region_model::replace_svalue): Delete.
3595 (region_model::add_region): Delete.
3596 (region_model::get_svalue): Delete.
3597 (region_model::get_region): Delete.
3598 (make_region_for_type): Delete.
3599 (region_model::add_region_for_type): Delete.
3600 (region_model::on_top_level_param): New.
3601 (class restrict_to_used_svalues): Delete.
3602 (region_model::purge_unused_svalues): Delete.
3603 (region_model::push_frame): New.
3604 (region_model::remap_svalue_ids): Delete.
3605 (region_model::remap_region_ids): Delete.
3606 (region_model::purge_regions): Delete.
3607 (region_model::get_descendents): Delete.
3608 (region_model::delete_region_and_descendents): Delete.
3609 (region_model::poison_any_pointers_to_bad_regions): Delete.
3610 (region_model::can_merge_with_p): Delete.
3611 (region_model::get_current_function): New.
3612 (region_model::get_value_by_name): Delete.
3613 (region_model::convert_byte_offset_to_array_index): Delete.
3614 (region_model::pop_frame): New.
3615 (region_model::get_or_create_mem_ref): Delete.
3616 (region_model::get_stack_depth): New.
3617 (region_model::get_frame_at_index): New.
3618 (region_model::unbind_region_and_descendents): New.
3619 (struct bad_pointer_finder): New.
3620 (region_model::get_or_create_pointer_plus_expr): Delete.
3621 (region_model::poison_any_pointers_to_descendents): New.
3622 (region_model::get_or_create_view): Delete.
3623 (region_model::can_merge_with_p): New.
3624 (region_model::get_fndecl_for_call): Port from svalue_id to
3625 const svalue *.
3626 (struct append_ssa_names_cb_data): New.
3627 (get_ssa_name_regions_for_current_frame): New.
3628 (region_model::append_ssa_names_cb): New.
3629 (model_merger::dump_to_pp): Add "simple" param. Drop dumping of
3630 remappings.
3631 (model_merger::dump): Add "simple" param to both overloads.
3632 (model_merger::can_merge_values_p): Delete.
3633 (model_merger::record_regions): Delete.
3634 (model_merger::record_svalues): Delete.
3635 (svalue_id_merger_mapping::svalue_id_merger_mapping): Delete.
3636 (svalue_id_merger_mapping::dump_to_pp): Delete.
3637 (svalue_id_merger_mapping::dump): Delete.
3638 (region_model::create_region_for_heap_alloc): New.
3639 (region_model::create_region_for_alloca): New.
3640 (region_model::record_dynamic_extents): New.
3641 (canonicalization::canonicalization): Delete.
3642 (canonicalization::walk_rid): Delete.
3643 (canonicalization::walk_sid): Delete.
3644 (canonicalization::dump_to_pp): Delete.
3645 (canonicalization::dump): Delete.
3646 (inchash::add): Delete overloads for svalue_id and region_id.
3647 (engine::log_stats): New.
3648 (assert_condition): Add overload comparing svalues.
3649 (assert_dump_eq): Pass "true" for multiline.
3650 (selftest::test_dump): Update for rewrite of region_model.
3651 (selftest::test_dump_2): Rename to...
3652 (selftest::test_struct): ...this. Provide a region_model_manager
3653 when creating region_model instance. Remove dump test. Add
3654 checks for get_offset.
3655 (selftest::test_dump_3): Rename to...
3656 (selftest::test_array_1): ...this. Provide a region_model_manager
3657 when creating region_model instance. Remove dump test.
3658 (selftest::test_get_representative_tree): Port from svalue_id to
3659 new API. Add test coverage for various expressions.
3660 (selftest::test_unique_constants): Provide a region_model_manager
3661 for the region_model. Add test coverage for comparing const vs
3662 non-const.
3663 (selftest::test_svalue_equality): Delete.
3664 (selftest::test_region_equality): Delete.
3665 (selftest::test_unique_unknowns): New.
3666 (class purge_all_svalue_ids): Delete.
3667 (class purge_one_svalue_id): Delete.
3668 (selftest::test_purging_by_criteria): Delete.
3669 (selftest::test_initial_svalue_folding): New.
3670 (selftest::test_unaryop_svalue_folding): New.
3671 (selftest::test_binop_svalue_folding): New.
3672 (selftest::test_sub_svalue_folding): New.
3673 (selftest::test_purge_unused_svalues): Delete.
3674 (selftest::test_descendent_of_p): New.
3675 (selftest::test_assignment): Provide a region_model_manager for
3676 the region_model. Drop the dump test.
3677 (selftest::test_compound_assignment): Likewise.
3678 (selftest::test_stack_frames): Port to new implementation.
3679 (selftest::test_get_representative_path_var): Likewise.
3680 (selftest::test_canonicalization_1): Rename to...
3681 (selftest::test_equality_1): ...this. Port to new API, and add
3682 (selftest::test_canonicalization_2): Provide a
3683 region_model_manager when creating region_model instances.
3684 Remove redundant canicalization.
3685 (selftest::test_canonicalization_3): Provide a
3686 region_model_manager when creating region_model instances.
3687 Remove param from calls to region_model::canonicalize.
3688 (selftest::test_canonicalization_4): Likewise.
3689 (selftest::assert_region_models_merge): Constify
3690 out_merged_svalue. Port to new API.
3691 (selftest::test_state_merging): Provide a
3692 region_model_manager when creating region_model instances.
3693 Provide a program_point point when merging them. Replace
3694 set_to_new_unknown_value with usage of placeholder_svalues.
3695 Drop get_value_by_name. Port from svalue_id to const svalue *.
3696 Add test of heap allocation.
3697 (selftest::test_constraint_merging): Provide a
3698 region_model_manager when creating region_model instances.
3699 Provide a program_point point when merging them. Eliminate use
3700 of set_to_new_unknown_value.
3701 (selftest::test_widening_constraints): New.
3702 (selftest::test_iteration_1): New.
3703 (selftest::test_malloc_constraints): Port to store-based
3704 implementation.
3705 (selftest::test_var): New test.
3706 (selftest::test_array_2): New test.
3707 (selftest::test_mem_ref): New test.
3708 (selftest::test_POINTER_PLUS_EXPR_then_MEM_REF): New.
3709 (selftest::test_malloc): New.
3710 (selftest::test_alloca): New.
3711 (selftest::analyzer_region_model_cc_tests): Update for renamings.
3712 Call new functions.
3713 * region-model.h (class path_var): Move to analyzer.h.
3714 (class svalue_id): Delete.
3715 (class region_id): Delete.
3716 (class id_map): Delete.
3717 (svalue_id_map): Delete.
3718 (region_id_map): Delete.
3719 (id_map<T>::id_map): Delete.
3720 (id_map<T>::put): Delete.
3721 (id_map<T>::get_dst_for_src): Delete.
3722 (id_map<T>::get_src_for_dst): Delete.
3723 (id_map<T>::dump_to_pp): Delete.
3724 (id_map<T>::dump): Delete.
3725 (id_map<T>::update): Delete.
3726 (one_way_svalue_id_map): Delete.
3727 (one_way_region_id_map): Delete.
3728 (class region_id_set): Delete.
3729 (class svalue_id_set): Delete.
3730 (struct complexity): New.
3731 (class visitor): New.
3732 (enum svalue_kind): Add SK_SETJMP, SK_INITIAL, SK_UNARYOP,
3733 SK_BINOP, SK_SUB,SK_UNMERGEABLE, SK_PLACEHOLDER, SK_WIDENING,
3734 SK_COMPOUND, and SK_CONJURED.
3735 (svalue::operator==): Delete.
3736 (svalue::operator!=): Delete.
3737 (svalue::clone): Delete.
3738 (svalue::hash): Delete.
3739 (svalue::dump_dot_to_pp): Delete.
3740 (svalue::dump_to_pp): New.
3741 (svalue::dump): New.
3742 (svalue::get_desc): New.
3743 (svalue::dyn_cast_initial_svalue): New.
3744 (svalue::dyn_cast_unaryop_svalue): New.
3745 (svalue::dyn_cast_binop_svalue): New.
3746 (svalue::dyn_cast_sub_svalue): New.
3747 (svalue::dyn_cast_unmergeable_svalue): New.
3748 (svalue::dyn_cast_widening_svalue): New.
3749 (svalue::dyn_cast_compound_svalue): New.
3750 (svalue::dyn_cast_conjured_svalue): New.
3751 (svalue::maybe_undo_cast): New.
3752 (svalue::unwrap_any_unmergeable): New.
3753 (svalue::remap_region_ids): Delete
3754 (svalue::can_merge_p): New.
3755 (svalue::walk_for_canonicalization): Delete
3756 (svalue::get_complexity): New.
3757 (svalue::get_child_sid): Delete
3758 (svalue::accept): New.
3759 (svalue::live_p): New.
3760 (svalue::implicitly_live_p): New.
3761 (svalue::svalue): Add complexity param.
3762 (svalue::add_to_hash): Delete
3763 (svalue::print_details): Delete
3764 (svalue::m_complexity): New field.
3765 (region_svalue::key_t): New struct.
3766 (region_svalue::region_svalue): Port from region_id to
3767 const region_id *. Add complexity.
3768 (region_svalue::compare_fields): Delete.
3769 (region_svalue::clone): Delete.
3770 (region_svalue::dump_dot_to_pp): Delete.
3771 (region_svalue::get_pointee): Port from region_id to
3772 const region_id *.
3773 (region_svalue::remap_region_ids): Delete.
3774 (region_svalue::merge_values): Delete.
3775 (region_svalue::dump_to_pp): New.
3776 (region_svalue::accept): New.
3777 (region_svalue::walk_for_canonicalization): Delete.
3778 (region_svalue::eval_condition): Make params const.
3779 (region_svalue::add_to_hash): Delete.
3780 (region_svalue::print_details): Delete.
3781 (region_svalue::m_rid): Replace with...
3782 (region_svalue::m_reg): ...this.
3783 (is_a_helper <region_svalue *>::test): Convert to...
3784 (is_a_helper <const region_svalue *>::test): ...this.
3785 (template <> struct default_hash_traits<region_svalue::key_t>):
3786 New.
3787 (constant_svalue::constant_svalue): Add complexity.
3788 (constant_svalue::compare_fields): Delete.
3789 (constant_svalue::clone): Delete.
3790 (constant_svalue::add_to_hash): Delete.
3791 (constant_svalue::dump_to_pp): New.
3792 (constant_svalue::accept): New.
3793 (constant_svalue::implicitly_live_p): New.
3794 (constant_svalue::merge_values): Delete.
3795 (constant_svalue::eval_condition): Make params const.
3796 (constant_svalue::get_child_sid): Delete.
3797 (constant_svalue::print_details): Delete.
3798 (is_a_helper <constant_svalue *>::test): Convert to...
3799 (is_a_helper <const constant_svalue *>::test): ...this.
3800 (class unknown_svalue): Update leading comment.
3801 (unknown_svalue::unknown_svalue): Add complexity.
3802 (unknown_svalue::compare_fields): Delete.
3803 (unknown_svalue::add_to_hash): Delete.
3804 (unknown_svalue::dyn_cast_unknown_svalue): Delete.
3805 (unknown_svalue::print_details): Delete.
3806 (unknown_svalue::dump_to_pp): New.
3807 (unknown_svalue::accept): New.
3808 (poisoned_svalue::key_t): New struct.
3809 (poisoned_svalue::poisoned_svalue): Add complexity.
3810 (poisoned_svalue::compare_fields): Delete.
3811 (poisoned_svalue::clone): Delete.
3812 (poisoned_svalue::add_to_hash): Delete.
3813 (poisoned_svalue::dump_to_pp): New.
3814 (poisoned_svalue::accept): New.
3815 (poisoned_svalue::print_details): Delete.
3816 (is_a_helper <poisoned_svalue *>::test): Convert to...
3817 (is_a_helper <const poisoned_svalue *>::test): ...this.
3818 (template <> struct default_hash_traits<poisoned_svalue::key_t>):
3819 New.
3820 (setjmp_record::add_to_hash): New.
3821 (setjmp_svalue::key_t): New struct.
3822 (setjmp_svalue::compare_fields): Delete.
3823 (setjmp_svalue::clone): Delete.
3824 (setjmp_svalue::add_to_hash): Delete.
3825 (setjmp_svalue::setjmp_svalue): Add complexity.
3826 (setjmp_svalue::dump_to_pp): New.
3827 (setjmp_svalue::accept): New.
3828 (setjmp_svalue::void print_details): Delete.
3829 (is_a_helper <const setjmp_svalue *>::test): New.
3830 (template <> struct default_hash_traits<setjmp_svalue::key_t>): New.
3831 (class initial_svalue : public svalue): New.
3832 (is_a_helper <const initial_svalue *>::test): New.
3833 (class unaryop_svalue): New.
3834 (is_a_helper <const unaryop_svalue *>::test): New.
3835 (template <> struct default_hash_traits<unaryop_svalue::key_t>): New.
3836 (class binop_svalue): New.
3837 (is_a_helper <const binop_svalue *>::test): New.
3838 (template <> struct default_hash_traits<binop_svalue::key_t>): New.
3839 (class sub_svalue): New.
3840 (is_a_helper <const sub_svalue *>::test): New.
3841 (template <> struct default_hash_traits<sub_svalue::key_t>): New.
3842 (class unmergeable_svalue): New.
3843 (is_a_helper <const unmergeable_svalue *>::test): New.
3844 (class placeholder_svalue): New.
3845 (is_a_helper <placeholder_svalue *>::test): New.
3846 (class widening_svalue): New.
3847 (is_a_helper <widening_svalue *>::test): New.
3848 (template <> struct default_hash_traits<widening_svalue::key_t>): New.
3849 (class compound_svalue): New.
3850 (is_a_helper <compound_svalue *>::test): New.
3851 (template <> struct default_hash_traits<compound_svalue::key_t>): New.
3852 (class conjured_svalue): New.
3853 (is_a_helper <conjured_svalue *>::test): New.
3854 (template <> struct default_hash_traits<conjured_svalue::key_t>): New.
3855 (enum region_kind): Delete RK_PRIMITIVE, RK_STRUCT, RK_UNION, and
3856 RK_ARRAY. Add RK_LABEL, RK_DECL, RK_FIELD, RK_ELEMENT, RK_OFFSET,
3857 RK_CAST, RK_HEAP_ALLOCATED, RK_ALLOCA, RK_STRING, and RK_UNKNOWN.
3858 (region_kind_to_str): Delete.
3859 (region::~region): Move implementation to region.cc.
3860 (region::operator==): Delete.
3861 (region::operator!=): Delete.
3862 (region::clone): Delete.
3863 (region::get_id): New.
3864 (region::cmp_ids): New.
3865 (region::dyn_cast_map_region): Delete.
3866 (region::dyn_cast_array_region): Delete.
3867 (region::region_id get_parent): Delete.
3868 (region::get_parent_region): Convert to a simple accessor.
3869 (region::void set_value): Delete.
3870 (region::svalue_id get_value): Delete.
3871 (region::svalue_id get_value_direct): Delete.
3872 (region::svalue_id get_inherited_child_sid): Delete.
3873 (region::dyn_cast_frame_region): New.
3874 (region::dyn_cast_function_region): New.
3875 (region::dyn_cast_decl_region): New.
3876 (region::dyn_cast_field_region): New.
3877 (region::dyn_cast_element_region): New.
3878 (region::dyn_cast_offset_region): New.
3879 (region::dyn_cast_cast_region): New.
3880 (region::dyn_cast_string_region): New.
3881 (region::accept): New.
3882 (region::get_base_region): New.
3883 (region::base_region_p): New.
3884 (region::descendent_of_p): New.
3885 (region::maybe_get_frame_region): New.
3886 (region::maybe_get_decl): New.
3887 (region::hash): Delete.
3888 (region::rint): Delete.
3889 (region::dump_dot_to_pp): Delete.
3890 (region::get_desc): New.
3891 (region::dump_to_pp): Convert to vfunc, changing signature.
3892 (region::dump_child_label): Delete.
3893 (region::remap_svalue_ids): Delete.
3894 (region::remap_region_ids): Delete.
3895 (region::dump): New.
3896 (region::walk_for_canonicalization): Delete.
3897 (region::non_null_p): Drop region_model param.
3898 (region::add_view): Delete.
3899 (region::get_view): Delete.
3900 (region::get_active_view): Delete.
3901 (region::is_view_p): Delete.
3902 (region::cmp_ptrs): New.
3903 (region::validate): Delete.
3904 (region::get_offset): New.
3905 (region::get_byte_size): New.
3906 (region::get_bit_size): New.
3907 (region::get_subregions_for_binding): New.
3908 (region::region): Add complexity param. Convert parent from
3909 region_id to const region *. Drop svalue_id. Drop copy ctor.
3910 (region::symbolic_for_unknown_ptr_p): New.
3911 (region::add_to_hash): Delete.
3912 (region::print_fields): Delete.
3913 (region::get_complexity): New accessor.
3914 (region::become_active_view): Delete.
3915 (region::deactivate_any_active_view): Delete.
3916 (region::deactivate_view): Delete.
3917 (region::calc_offset): New.
3918 (region::m_parent_rid): Delete.
3919 (region::m_sval_id): Delete.
3920 (region::m_complexity): New.
3921 (region::m_id): New.
3922 (region::m_parent): New.
3923 (region::m_view_rids): Delete.
3924 (region::m_is_view): Delete.
3925 (region::m_active_view_rid): Delete.
3926 (region::m_cached_offset): New.
3927 (is_a_helper <region *>::test): Convert to...
3928 (is_a_helper <const region *>::test): ... this.
3929 (class primitive_region): Delete.
3930 (class space_region): New.
3931 (class map_region): Delete.
3932 (is_a_helper <map_region *>::test): Delete.
3933 (class frame_region): Reimplement.
3934 (template <> struct default_hash_traits<frame_region::key_t>):
3935 New.
3936 (class globals_region): Reimplement.
3937 (is_a_helper <globals_region *>::test): Convert to...
3938 (is_a_helper <const globals_region *>::test): ...this.
3939 (class struct_or_union_region): Delete.
3940 (is_a_helper <struct_or_union_region *>::test): Delete.
3941 (class code_region): Reimplement.
3942 (is_a_helper <const code_region *>::test): New.
3943 (class struct_region): Delete.
3944 (is_a_helper <struct_region *>::test): Delete.
3945 (class function_region): Reimplement.
3946 (is_a_helper <function_region *>::test): Convert to...
3947 (is_a_helper <const function_region *>::test): ...this.
3948 (class union_region): Delete.
3949 (is_a_helper <union_region *>::test): Delete.
3950 (class label_region): New.
3951 (is_a_helper <const label_region *>::test): New.
3952 (class scope_region): Delete.
3953 (class stack_region): Reimplement.
3954 (is_a_helper <stack_region *>::test): Convert to...
3955 (is_a_helper <const stack_region *>::test): ...this.
3956 (class heap_region): Reimplement.
3957 (is_a_helper <heap_region *>::test): Convert to...
3958 (is_a_helper <const heap_region *>::test): ...this.
3959 (class root_region): Reimplement.
3960 (is_a_helper <root_region *>::test): Convert to...
3961 (is_a_helper <const root_region *>::test): ...this.
3962 (class symbolic_region): Reimplement.
3963 (is_a_helper <const symbolic_region *>::test): New.
3964 (template <> struct default_hash_traits<symbolic_region::key_t>):
3965 New.
3966 (class decl_region): New.
3967 (is_a_helper <const decl_region *>::test): New.
3968 (class field_region): New.
3969 (template <> struct default_hash_traits<field_region::key_t>): New.
3970 (class array_region): Delete.
3971 (class element_region): New.
3972 (is_a_helper <array_region *>::test): Delete.
3973 (is_a_helper <const element_region *>::test): New.
3974 (template <> struct default_hash_traits<element_region::key_t>):
3975 New.
3976 (class offset_region): New.
3977 (is_a_helper <const offset_region *>::test): New.
3978 (template <> struct default_hash_traits<offset_region::key_t>):
3979 New.
3980 (class cast_region): New.
3981 (is_a_helper <const cast_region *>::test): New.
3982 (template <> struct default_hash_traits<cast_region::key_t>): New.
3983 (class heap_allocated_region): New.
3984 (class alloca_region): New.
3985 (class string_region): New.
3986 (is_a_helper <const string_region *>::test): New.
3987 (class unknown_region): New.
3988 (class region_model_manager): New.
3989 (struct append_ssa_names_cb_data): New.
3990 (class call_details): New.
3991 (region_model::region_model): Add region_model_manager param.
3992 (region_model::print_svalue): Delete.
3993 (region_model::dump_dot_to_pp): Delete.
3994 (region_model::dump_dot_to_file): Delete.
3995 (region_model::dump_dot): Delete.
3996 (region_model::dump_to_pp): Drop summarize param in favor of
3997 simple and multiline.
3998 (region_model::dump): Likewise.
3999 (region_model::summarize_to_pp): Delete.
4000 (region_model::summarize): Delete.
4001 (region_model::void canonicalize): Drop ctxt param.
4002 (region_model::void check_for_poison): Delete.
4003 (region_model::get_gassign_result): New.
4004 (region_model::impl_call_alloca): New.
4005 (region_model::impl_call_analyzer_describe): New.
4006 (region_model::impl_call_analyzer_eval): New.
4007 (region_model::impl_call_builtin_expect): New.
4008 (region_model::impl_call_calloc): New.
4009 (region_model::impl_call_free): New.
4010 (region_model::impl_call_malloc): New.
4011 (region_model::impl_call_memset): New.
4012 (region_model::impl_call_strlen): New.
4013 (region_model::get_reachable_svalues): New.
4014 (region_model::handle_phi): Drop is_back_edge param.
4015 (region_model::region_id get_root_rid): Delete.
4016 (region_model::root_region *get_root_region): Delete.
4017 (region_model::region_id get_stack_region_id): Delete.
4018 (region_model::push_frame): Convert from region_id and svalue_id
4019 to const region * and const svalue *.
4020 (region_model::get_current_frame_id): Replace with...
4021 (region_model::get_current_frame): ...this.
4022 (region_model::pop_frame): Convert from region_id to
4023 const region *. Drop purge and stats param. Add out_result.
4024 (region_model::function *get_function_at_depth): Delete.
4025 (region_model::get_globals_region_id): Delete.
4026 (region_model::add_svalue): Delete.
4027 (region_model::replace_svalue): Delete.
4028 (region_model::add_region): Delete.
4029 (region_model::add_region_for_type): Delete.
4030 (region_model::get_svalue): Delete.
4031 (region_model::get_region): Delete.
4032 (region_model::get_lvalue): Convert from region_id to
4033 const region *.
4034 (region_model::get_rvalue): Convert from svalue_id to
4035 const svalue *.
4036 (region_model::get_or_create_ptr_svalue): Delete.
4037 (region_model::get_or_create_constant_svalue): Delete.
4038 (region_model::get_svalue_for_fndecl): Delete.
4039 (region_model::get_svalue_for_label): Delete.
4040 (region_model::get_region_for_fndecl): Delete.
4041 (region_model::get_region_for_label): Delete.
4042 (region_model::get_frame_at_index (int index) const;): New.
4043 (region_model::maybe_cast): Delete.
4044 (region_model::maybe_cast_1): Delete.
4045 (region_model::get_field_region): Delete.
4046 (region_model::id deref_rvalue): Convert from region_id and
4047 svalue_id to const region * and const svalue *. Drop overload,
4048 passing in both a tree and an svalue.
4049 (region_model::set_value): Convert from region_id and svalue_id to
4050 const region * and const svalue *.
4051 (region_model::set_to_new_unknown_value): Delete.
4052 (region_model::clobber_region (const region *reg);): New.
4053 (region_model::purge_region (const region *reg);): New.
4054 (region_model::zero_fill_region (const region *reg);): New.
4055 (region_model::mark_region_as_unknown (const region *reg);): New.
4056 (region_model::copy_region): Convert from region_id to
4057 const region *.
4058 (region_model::eval_condition): Convert from svalue_id to
4059 const svalue *.
4060 (region_model::eval_condition_without_cm): Likewise.
4061 (region_model::compare_initial_and_pointer): New.
4062 (region_model:maybe_get_constant): Delete.
4063 (region_model::add_new_malloc_region): Delete.
4064 (region_model::get_representative_tree): Convert from svalue_id to
4065 const svalue *.
4066 (region_model::get_representative_path_var): Delete decl taking a
4067 region_id in favor of two decls, for svalue vs region, with an
4068 svalue_set to ensure termination.
4069 (region_model::get_path_vars_for_svalue): Delete.
4070 (region_model::create_region_for_heap_alloc): New.
4071 (region_model::create_region_for_alloca): New.
4072 (region_model::purge_unused_svalues): Delete.
4073 (region_model::remap_svalue_ids): Delete.
4074 (region_model::remap_region_ids): Delete.
4075 (region_model::purge_regions): Delete.
4076 (region_model::get_num_svalues): Delete.
4077 (region_model::get_num_regions): Delete.
4078 (region_model::get_descendents): Delete.
4079 (region_model::get_store): New.
4080 (region_model::delete_region_and_descendents): Delete.
4081 (region_model::get_manager): New.
4082 (region_model::unbind_region_and_descendents): New.
4083 (region_model::can_merge_with_p): Add point param. Drop
4084 svalue_id_merger_mapping.
4085 (region_model::get_value_by_name): Delete.
4086 (region_model::convert_byte_offset_to_array_index): Delete.
4087 (region_model::get_or_create_mem_ref): Delete.
4088 (region_model::get_or_create_pointer_plus_expr): Delete.
4089 (region_model::get_or_create_view): Delete.
4090 (region_model::get_lvalue_1): Convert from region_id to
4091 const region *.
4092 (region_model::get_rvalue_1): Convert from svalue_id to
4093 const svalue *.
4094 (region_model::get_ssa_name_regions_for_current_frame): New.
4095 (region_model::append_ssa_names_cb): New.
4096 (region_model::get_store_value): New.
4097 (region_model::copy_struct_region): Delete.
4098 (region_model::copy_union_region): Delete.
4099 (region_model::copy_array_region): Delete.
4100 (region_model::region_exists_p): New.
4101 (region_model::make_region_for_unexpected_tree_code): Delete.
4102 (region_model::loop_replay_fixup): New.
4103 (region_model::poison_any_pointers_to_bad_regions): Delete.
4104 (region_model::poison_any_pointers_to_descendents): New.
4105 (region_model::dump_summary_of_rep_path_vars): Delete.
4106 (region_model::on_top_level_param): New.
4107 (region_model::record_dynamic_extents): New.
4108 (region_model::m_mgr;): New.
4109 (region_model::m_store;): New.
4110 (region_model::m_svalues;): Delete.
4111 (region_model::m_regions;): Delete.
4112 (region_model::m_root_rid;): Delete.
4113 (region_model::m_current_frame;): New.
4114 (region_model_context::remap_svalue_ids): Delete.
4115 (region_model_context::can_purge_p): Delete.
4116 (region_model_context::on_svalue_leak): New.
4117 (region_model_context::on_svalue_purge): Delete.
4118 (region_model_context::on_liveness_change): New.
4119 (region_model_context::on_inherited_svalue): Delete.
4120 (region_model_context::on_cast): Delete.
4121 (region_model_context::on_unknown_change): Convert from svalue_id to
4122 const svalue * and add is_mutable.
4123 (class noop_region_model_context): Update for region_model_context
4124 changes.
4125 (model_merger::model_merger): Add program_point. Drop
4126 svalue_id_merger_mapping.
4127 (model_merger::dump_to_pp): Add "simple" param.
4128 (model_merger::dump): Likewise.
4129 (model_merger::get_region_a): Delete.
4130 (model_merger::get_region_b): Delete.
4131 (model_merger::can_merge_values_p): Delete.
4132 (model_merger::record_regions): Delete.
4133 (model_merger::record_svalues): Delete.
4134 (model_merger::m_point): New field.
4135 (model_merger::m_map_regions_from_a_to_m): Delete.
4136 (model_merger::m_map_regions_from_b_to_m): Delete.
4137 (model_merger::m_sid_mapping): Delete.
4138 (struct svalue_id_merger_mapping): Delete.
4139 (class engine): New.
4140 (struct canonicalization): Delete.
4141 (inchash::add): Delete decls for hashing svalue_id and region_id.
4142 (test_region_model_context::on_unexpected_tree_code): Require t to
4143 be non-NULL.
4144 (selftest::assert_condition): Add overload comparing a pair of
4145 const svalue *.
4146 * sm-file.cc: Include "tristate.h", "selftest.h",
4147 "analyzer/call-string.h", "analyzer/program-point.h",
4148 "analyzer/store.h", and "analyzer/region-model.h".
4149 (fileptr_state_machine::get_default_state): New.
4150 (fileptr_state_machine::on_stmt): Remove calls to
4151 get_readable_tree in favor of get_diagnostic_tree.
4152 * sm-malloc.cc: Include "tristate.h", "selftest.h",
4153 "analyzer/call-string.h", "analyzer/program-point.h",
4154 "analyzer/store.h", and "analyzer/region-model.h".
4155 (malloc_state_machine::get_default_state): New.
4156 (malloc_state_machine::reset_when_passed_to_unknown_fn_p): New.
4157 (malloc_diagnostic::describe_state_change): Handle change.m_expr
4158 being NULL.
4159 (null_arg::emit): Avoid printing "NULL '0'".
4160 (null_arg::describe_final_event): Avoid printing "(0) NULL".
4161 (malloc_leak::emit): Handle m_arg being NULL.
4162 (malloc_leak::describe_final_event): Handle ev.m_expr being NULL.
4163 (malloc_state_machine::on_stmt): Don't call get_readable_tree.
4164 Call get_diagnostic_tree when creating pending diagnostics.
4165 Update for is_zero_assignment becoming a member function of
4166 sm_ctxt.
4167 Don't transition to m_non_heap for ADDR_EXPR(MEM_REF()).
4168 (malloc_state_machine::reset_when_passed_to_unknown_fn_p): New
4169 vfunc implementation.
4170 * sm-sensitive.cc (sensitive_state_machine::warn_for_any_exposure): Call
4171 get_diagnostic_tree and pass the result to warn_for_state.
4172 * sm-signal.cc: Move includes of "analyzer/call-string.h" and
4173 "analyzer/program-point.h" to before "analyzer/region-model.h",
4174 and also include "analyzer/store.h" before it.
4175 (signal_unsafe_call::describe_state_change): Use
4176 get_dest_function to get handler.
4177 (update_model_for_signal_handler): Pass manager to region_model
4178 ctor.
4179 (register_signal_handler::impl_transition): Update for changes to
4180 get_or_create_node and add_edge.
4181 * sm-taint.cc (taint_state_machine::on_stmt): Remove calls to
4182 get_readable_tree, replacing them when calling warn_for_state with
4183 calls to get_diagnostic_tree.
4184 * sm.cc (is_zero_assignment): Delete.
4185 (any_pointer_p): Move to within namespace ana.
4186 * sm.h (is_zero_assignment): Remove decl.
4187 (any_pointer_p): Move decl to within namespace ana.
4188 (state_machine::get_default_state): New vfunc.
4189 (state_machine::reset_when_passed_to_unknown_fn_p): New vfunc.
4190 (sm_context::get_readable_tree): Rename to...
4191 (sm_context::get_diagnostic_tree): ...this.
4192 (sm_context::is_zero_assignment): New vfunc.
4193 * store.cc: New file.
4194 * store.h: New file.
4195 * svalue.cc: New file.
4196
2221fb6f
MW		 41972020-05-22 Mark Wielaard <mark@klomp.org>
4198
4199 * sm-signal.cc(signal_unsafe_call::emit): Possibly add
4200 gcc_rich_location note for replacement.
4201 (signal_unsafe_call::get_replacement_fn): New private function.
4202 (get_async_signal_unsafe_fns): Add "exit".
4203
5eae0ac7
DM		 42042020-04-28 David Malcolm <dmalcolm@redhat.com>
4205
4206 PR analyzer/94816
4207 * engine.cc (impl_region_model_context::on_unexpected_tree_code):
4208 Handle NULL tree.
4209 * region-model.cc (region_model::add_region_for_type): Handle
4210 NULL type.
4211 * region-model.h
4212 (test_region_model_context::on_unexpected_tree_code): Handle NULL
4213 tree.
4214
78b97837
DM		 42152020-04-28 David Malcolm <dmalcolm@redhat.com>
4216
4217 PR analyzer/94447
4218 PR analyzer/94639
4219 PR analyzer/94732
4220 PR analyzer/94754
4221 * analyzer.opt (Wanalyzer-use-of-uninitialized-value): Delete.
4222 * program-state.cc (selftest::test_program_state_dumping): Update
4223 expected dump result for removal of "uninit".
4224 * region-model.cc (poison_kind_to_str): Delete POISON_KIND_UNINIT
4225 case.
4226 (root_region::ensure_stack_region): Initialize stack with null
4227 svalue_id rather than with a typeless POISON_KIND_UNINIT value.
4228 (root_region::ensure_heap_region): Likewise for the heap.
4229 (region_model::dump_summary_of_rep_path_vars): Remove
4230 summarization of uninit values.
4231 (region_model::validate): Remove check that the stack has a
4232 POISON_KIND_UNINIT value.
4233 (poisoned_value_diagnostic::emit): Remove POISON_KIND_UNINIT
4234 case.
4235 (poisoned_value_diagnostic::describe_final_event): Likewise.
4236 (selftest::test_dump): Update expected dump result for removal of
4237 "uninit".
4238 (selftest::test_svalue_equality): Remove "uninit" and "freed".
4239 * region-model.h (enum poison_kind): Remove POISON_KIND_UNINIT.
4240
a96f1c38
DM		 42412020-04-01 David Malcolm <dmalcolm@redhat.com>
4242
4243 PR analyzer/94378
4244 * checker-path.cc: Include "bitmap.h".
4245 * constraint-manager.cc: Likewise.
4246 * diagnostic-manager.cc: Likewise.
4247 * engine.cc: Likewise.
4248 (exploded_node::detect_leaks): Pass null region_id to pop_frame.
4249 * program-point.cc: Include "bitmap.h".
4250 * program-state.cc: Likewise.
4251 * region-model.cc (id_set<region_id>::id_set): Convert to...
4252 (region_id_set::region_id_set): ...this.
4253 (svalue_id_set::svalue_id_set): New ctor.
4254 (region_model::copy_region): New function.
4255 (region_model::copy_struct_region): New function.
4256 (region_model::copy_union_region): New function.
4257 (region_model::copy_array_region): New function.
4258 (stack_region::pop_frame): Drop return value. Add
4259 "result_dst_rid" param; if it is non-null, use copy_region to copy
4260 the result to it. Rather than capture and pass a single "known
4261 used" return value to be used by purge_unused_values, instead
4262 gather and pass a set of known used return values.
4263 (root_region::pop_frame): Drop return value. Add "result_dst_rid"
4264 param.
4265 (region_model::on_assignment): Use copy_region.
4266 (region_model::on_return): Likewise for the result.
4267 (region_model::on_longjmp): Pass null for pop_frame's
4268 result_dst_rid.
4269 (region_model::update_for_return_superedge): Pass the region for the
4270 return value of the call, if any, to pop_frame, rather than setting
4271 the lvalue for the lhs of the result.
4272 (region_model::pop_frame): Drop return value. Add
4273 "result_dst_rid" param.
4274 (region_model::purge_unused_svalues): Convert third param from an
4275 svalue_id * to an svalue_id_set *, updating the initial populating
4276 of the "used" bitmap accordingly. Don't remap it when done.
4277 (struct selftest::coord_test): New selftest fixture, extracted from...
4278 (selftest::test_dump_2): ...here.
4279 (selftest::test_compound_assignment): New selftest.
4280 (selftest::test_stack_frames): Pass null to new param of pop_frame.
4281 (selftest::analyzer_region_model_cc_tests): Call the new selftest.
4282 * region-model.h (class id_set): Delete template.
4283 (class region_id_set): Reimplement, using old id_set implementation.
4284 (class svalue_id_set): Likewise. Convert from auto_sbitmap to
4285 auto_bitmap.
4286 (region::get_active_view): New accessor.
4287 (stack_region::pop_frame): Drop return value. Add
4288 "result_dst_rid" param.
4289 (root_region::pop_frame): Likewise.
4290 (region_model::pop_frame): Likewise.
4291 (region_model::copy_region): New decl.
4292 (region_model::purge_unused_svalues): Convert third param from an
4293 svalue_id * to an svalue_id_set *.
4294 (region_model::copy_struct_region): New decl.
4295 (region_model::copy_union_region): New decl.
4296 (region_model::copy_array_region): New decl.
4297
6969ac30
DM		 42982020-03-27 David Malcolm <dmalcolm@redhat.com>
4299
4300 * program-state.cc (selftest::test_program_state_dumping): Update
4301 expected dump to include symbolic_region's possibly_null field.
4302 * region-model.cc (symbolic_region::print_fields): New vfunc
4303 implementation.
4304 (region_model::add_constraint): Clear m_possibly_null from
4305 symbolic_regions now known to be non-NULL.
4306 (selftest::test_malloc_constraints): New selftest.
4307 (selftest::analyzer_region_model_cc_tests): Call it.
4308 * region-model.h (region::dyn_cast_symbolic_region): Add non-const
4309 overload.
4310 (symbolic_region::dyn_cast_symbolic_region): Implement it.
4311 (symbolic_region::print_fields): New vfunc override decl.
4312
42c63313
DM		 43132020-03-27 David Malcolm <dmalcolm@redhat.com>
4314
4315 * analyzer.h (class feasibility_problem): New forward decl.
4316 * diagnostic-manager.cc (saved_diagnostic::saved_diagnostic):
4317 Initialize new fields m_status, m_epath_length, and m_problem.
4318 (saved_diagnostic::~saved_diagnostic): Delete m_problem.
4319 (dedupe_candidate::dedupe_candidate): Convert "sd" param from a
4320 const ref to a mutable ptr.
4321 (dedupe_winners::add): Convert "sd" param from a const ref to a
4322 mutable ptr. Record the length of the exploded_path. Record the
4323 feasibility/infeasibility of sd into sd, capturing a
4324 feasibility_problem when feasible_p fails, and storing it in sd.
4325 (diagnostic_manager::emit_saved_diagnostics): Update for pass by
4326 ptr rather than by const ref.
4327 * diagnostic-manager.h (class saved_diagnostic): Add new enum
4328 status. Add fields m_status, m_epath_length and m_problem.
4329 (saved_diagnostic::set_feasible): New member function.
4330 (saved_diagnostic::set_infeasible): New member function.
4331 (saved_diagnostic::get_feasibility_problem): New accessor.
4332 (saved_diagnostic::get_status): New accessor.
4333 (saved_diagnostic::set_epath_length): New member function.
4334 (saved_diagnostic::get_epath_length): New accessor.
4335 * engine.cc: Include "gimple-pretty-print.h".
4336 (exploded_path::feasible_p): Add OUT param and, if non-NULL, write
4337 a new feasibility_problem to it on failure.
4338 (viz_callgraph_node::dump_dot): Convert begin_tr calls to
4339 begin_trtd. Convert end_tr calls to end_tdtr.
4340 (class exploded_graph_annotator): New subclass of dot_annotator.
4341 (impl_run_checkers): Add a second -fdump-analyzer-supergraph dump
4342 after the analysis runs, using exploded_graph_annotator. dumping
4343 to DUMP_BASE_NAME.supergraph-eg.dot.
4344 * exploded-graph.h (exploded_node::get_dot_fillcolor): Make
4345 public.
4346 (exploded_path::feasible_p): Add OUT param.
4347 (class feasibility_problem): New class.
4348 * state-purge.cc (state_purge_annotator::add_node_annotations):
4349 Return a bool, add a "within_table" param.
4350 (print_vec_of_names): Convert begin_tr calls to begin_trtd.
4351 Convert end_tr calls to end_tdtr.
4352 (state_purge_annotator::add_stmt_annotations): Add "within_row"
4353 param.
4354 * state-purge.h ((state_purge_annotator::add_node_annotations):
4355 Return a bool, add a "within_table" param.
4356 (state_purge_annotator::add_stmt_annotations): Add "within_row"
4357 param.
4358 * supergraph.cc (supernode::dump_dot): Call add_node_annotations
4359 twice: as before, passing false for "within_table", then again
4360 with true when within the TABLE element. Convert some begin_tr
4361 calls to begin_trtd, and some end_tr calls to end_tdtr.
4362 Repeat each add_stmt_annotations call, distinguishing between
4363 calls that add TRs and those that add TDs to an existing TR.
4364 Add a call to add_after_node_annotations.
4365 * supergraph.h (dot_annotator::add_node_annotations): Add a
4366 "within_table" param.
4367 (dot_annotator::add_stmt_annotations): Add a "within_row" param.
4368 (dot_annotator::add_after_node_annotations): New vfunc.
4369
8f023575
DM		 43702020-03-27 David Malcolm <dmalcolm@redhat.com>
4371
4372 * diagnostic-manager.cc (dedupe_winners::add): Show the
4373 exploded_node index in the log messages.
4374 (diagnostic_manager::emit_saved_diagnostics): Log a summary of
4375 m_saved_diagnostics at entry.
4376
4d661bb7
DM		 43772020-03-27 David Malcolm <dmalcolm@redhat.com>
4378
4379 * supergraph.cc (superedge::dump): Add space before description;
4380 move newline to non-pretty_printer overload.
4381
884d9141
DM		 43822020-03-18 David Malcolm <dmalcolm@redhat.com>
4383
4384 * region-model.cc: Include "stor-layout.h".
4385 (region_model::dump_to_pp): Rather than calling
4386 dump_summary_of_map on each of the current frame and the globals,
4387 instead get a vec of representative path_vars for all regions,
4388 and then dump a summary of all of them.
4389 (region_model::dump_summary_of_map): Delete, rewriting into...
4390 (region_model::dump_summary_of_rep_path_vars): ...this new
4391 function, working on a vec of path_vars.
4392 (region_model::set_value): New overload.
4393 (region_model::get_representative_path_var): Rename
4394 "parent_region" local to "parent_reg" and consolidate with other
4395 local. Guard test for grandparent being stack on parent_reg being
4396 non-NULL. Move handling for parent being an array_region to
4397 within guard for parent_reg being non-NULL.
4398 (selftest::make_test_compound_type): New function.
4399 (selftest::test_dump_2): New selftest.
4400 (selftest::test_dump_3): New selftest.
4401 (selftest::test_stack_frames): Update expected output from
4402 simplified dump to show "a" and "b" from parent frame and "y" in
4403 child frame.
4404 (selftest::analyzer_region_model_cc_tests): Call test_dump_2 and
4405 test_dump_3.
4406 * region-model.h (region_model::set_value): New overload decl.
4407 (region_model::dump_summary_of_map): Delete.
4408 (region_model::dump_summary_of_rep_path_vars): New.
4409
7d9c107a
DM		 44102020-03-18 David Malcolm <dmalcolm@redhat.com>
4411
4412 * region-model.h (class noop_region_model_context): New subclass
4413 of region_model_context.
4414 (class tentative_region_model_context): Inherit from
4415 noop_region_model_context rather than from region_model_context;
4416 drop redundant vfunc implementations.
4417 (class test_region_model_context): Likewise.
4418
0db2cd17
DM		 44192020-03-18 David Malcolm <dmalcolm@redhat.com>
4420
4421 * engine.cc (exploded_node::exploded_node): Move implementation
4422 here from header; accept point_and_state by const reference rather
4423 than by value.
4424 * exploded-graph.h (exploded_node::exploded_node): Pass
4425 point_and_state by const reference rather than by value. Move
4426 body to engine.cc.
4427
d5029d45
JJ		 44282020-03-18 Jakub Jelinek <jakub@redhat.com>
4429
4430 * sm-malloc.cc (malloc_state_machine::on_stmt): Fix up duplicated word
4431 issue in a comment.
4432 * region-model.cc (region_model::make_region_for_unexpected_tree_code,
4433 region_model::delete_region_and_descendents): Likewise.
4434 * engine.cc (class exploded_cluster): Likewise.
4435 * diagnostic-manager.cc (class path_builder): Likewise.
4436
5c048755
DM		 44372020-03-13 David Malcolm <dmalcolm@redhat.com>
4438
4439 PR analyzer/94099
4440 PR analyzer/94105
4441 * diagnostic-manager.cc (for_each_state_change): Bulletproof
4442 against errors in get_rvalue by passing a
4443 tentative_region_model_context and rejecting if there's an error.
4444 * region-model.cc (region_model::get_lvalue_1): When handling
4445 ARRAY_REF, handle results of error-handling. Handle NOP_EXPR.
4446
90f7c300
DM		 44472020-03-06 David Malcolm <dmalcolm@redhat.com>
4448
4449 * analyzer.h (class array_region): New forward decl.
4450 * program-state.cc (selftest::test_program_state_dumping_2): New.
4451 (selftest::analyzer_program_state_cc_tests): Call it.
4452 * region-model.cc (array_region::constant_from_key): New.
4453 (region_model::get_representative_tree): Handle region_svalue by
4454 generating an ADDR_EXPR.
4455 (region_model::get_representative_path_var): In view handling,
4456 remove erroneous TREE_TYPE when determining the type of the tree.
4457 Handle array regions and STRING_CST.
4458 (selftest::assert_dump_tree_eq): New.
4459 (ASSERT_DUMP_TREE_EQ): New macro.
4460 (selftest::test_get_representative_tree): New selftest.
4461 (selftest::analyzer_region_model_cc_tests): Call it.
4462 * region-model.h (region::dyn_cast_array_region): New vfunc.
4463 (array_region::dyn_cast_array_region): New vfunc implementation.
4464 (array_region::constant_from_key): New decl.
4465
41f99ba6
DM		 44662020-03-06 David Malcolm <dmalcolm@redhat.com>
4467
4468 * analyzer.h (dump_quoted_tree): New decl.
4469 * engine.cc (exploded_node::dump_dot): Pass region model to
4470 sm_state_map::print.
4471 * program-state.cc: Include diagnostic-core.h.
4472 (sm_state_map::print): Add "model" param and use it to print
4473 representative trees. Only print origin information if non-null.
4474 (sm_state_map::dump): Pass NULL for model to print call.
4475 (program_state::print): Pass region model to sm_state_map::print.
4476 (program_state::dump_to_pp): Use spaces rather than newlines when
4477 summarizing. Pass region_model to sm_state_map::print.
4478 (ana::selftest::assert_dump_eq): New function.
4479 (ASSERT_DUMP_EQ): New macro.
4480 (ana::selftest::test_program_state_dumping): New function.
4481 (ana::selftest::analyzer_program_state_cc_tests): Call it.
4482 * program-state.h (program_state::print): Add model param.
4483 * region-model.cc (dump_quoted_tree): New function.
4484 (map_region::print_fields): Use dump_quoted_tree rather than
4485 %qE to avoid lang-dependent output.
4486 (map_region::dump_child_label): Likewise.
4487 (region_model::dump_summary_of_map): For SK_REGION, when
4488 get_representative_path_var fails, print the region id rather than
4489 erroneously printing NULL.
4490 * sm.cc (state_machine::get_state_by_name): New function.
4491 * sm.h (state_machine::get_state_by_name): New decl.
4492
3c1645a3
DM		 44932020-03-04 David Malcolm <dmalcolm@redhat.com>
4494
4495 * region-model.cc (region::validate): Convert model param from ptr
4496 to reference. Update comment to reflect that it's now a vfunc.
4497 (map_region::validate): New vfunc implementation.
4498 (array_region::validate): New vfunc implementation.
4499 (stack_region::validate): New vfunc implementation.
4500 (root_region::validate): New vfunc implementation.
4501 (region_model::validate): Pass a reference rather than a pointer
4502 to the region::validate vfunc.
4503 * region-model.h (region::validate): Make virtual. Convert model
4504 param from ptr to reference.
4505 (map_region::validate): New vfunc decl.
4506 (array_region::validate): New vfunc decl.
4507 (stack_region::validate): New vfunc decl.
4508 (root_region::validate): New vfunc decl.
4509
e516294a
DM		 45102020-03-04 David Malcolm <dmalcolm@redhat.com>
4511
4512 PR analyzer/93993
4513 * region-model.cc (region_model::on_call_pre): Handle
4514 BUILT_IN_EXPECT and its variants.
4515 (region_model::add_any_constraints_from_ssa_def_stmt): Split out
4516 gassign handling into add_any_constraints_from_gassign; add gcall
4517 handling.
4518 (region_model::add_any_constraints_from_gassign): New function,
4519 based on the above. Add handling for NOP_EXPR.
4520 (region_model::add_any_constraints_from_gcall): New function.
4521 (region_model::get_representative_path_var): Handle views.
4522 * region-model.h
4523 (region_model::add_any_constraints_from_ssa_def_stmt): New decl.
4524 (region_model::add_any_constraints_from_gassign): New decl.
4525
3d66e153
DM		 45262020-03-04 David Malcolm <dmalcolm@redhat.com>
4527
4528 PR analyzer/93993
4529 * checker-path.h (state_change_event::get_lvalue): Add ctxt param
4530 and pass it to region_model::get_value call.
4531 * diagnostic-manager.cc (get_any_origin): Pass a
4532 tentative_region_model_context to the calls to get_lvalue and reject
4533 the comparison if errors occur.
4534 (can_be_expr_of_interest_p): New function.
4535 (diagnostic_manager::prune_for_sm_diagnostic): Replace checks for
4536 CONSTANT_CLASS_P with calls to update_for_unsuitable_sm_exprs.
4537 Pass a tentative_region_model_context to the calls to
4538 state_change_event::get_lvalue and reject the comparison if errors
4539 occur.
4540 (diagnostic_manager::update_for_unsuitable_sm_exprs): New.
4541 * diagnostic-manager.h
4542 (diagnostic_manager::update_for_unsuitable_sm_exprs): New decl.
4543 * region-model.h (class tentative_region_model_context): New class.
4544
13e3ba14
DM		 45452020-03-04 David Malcolm <dmalcolm@redhat.com>
4546
4547 * engine.cc (worklist::worklist): Remove unused field m_eg.
4548 (class viz_callgraph_edge): Remove unused field m_call_sedge.
4549 (class viz_callgraph): Remove unused field m_sg.
4550 * exploded-graph.h (worklist::::m_eg): Remove unused field.
4551
13b76912
DM		 45522020-03-02 David Malcolm <dmalcolm@redhat.com>
4553
4554 * analyzer.opt (fanalyzer-show-duplicate-count): New option.
4555 * diagnostic-manager.cc
4556 (diagnostic_manager::emit_saved_diagnostic): Use the above to
4557 guard the printing of the duplicate count.
4558
9f00b22f
DM		 45592020-03-02 David Malcolm <dmalcolm@redhat.com>
4560
4561 PR analyzer/93959
4562 * analyzer.cc (is_std_function_p): New function.
4563 (is_std_named_call_p): New functions.
4564 * analyzer.h (is_std_named_call_p): New decl.
4565 * sm-malloc.cc (malloc_state_machine::on_stmt): Check for "std::"
4566 variants when checking for malloc, calloc and free.
4567
71b633aa
DM		 45682020-02-26 David Malcolm <dmalcolm@redhat.com>
4569
4570 PR analyzer/93950
4571 * diagnostic-manager.cc
4572 (diagnostic_manager::prune_for_sm_diagnostic): Assert that var is
4573 either NULL or not a constant. When updating var, bulletproof
4574 against constant values.
4575
0ba70d1b
DM		 45762020-02-26 David Malcolm <dmalcolm@redhat.com>
4577
4578 PR analyzer/93947
4579 * region-model.cc (region_model::get_fndecl_for_call): Gracefully
4580 fail for fn_decls that don't have a cgraph_node.
4581
67fa274c
DM		 45822020-02-26 David Malcolm <dmalcolm@redhat.com>
4583
4584 * bar-chart.cc: New file.
4585 * bar-chart.h: New file.
4586 * engine.cc: Include "analyzer/bar-chart.h".
4587 (stats::log): Only log the m_num_nodes kinds that are non-zero.
4588 (stats::dump): Likewise when dumping.
4589 (stats::get_total_enodes): New.
4590 (exploded_graph::get_or_create_node): Increment the per-point-data
4591 m_excess_enodes when hitting the per-program-point limit on
4592 enodes.
4593 (exploded_graph::print_bar_charts): New.
4594 (exploded_graph::log_stats): Log the number of unprocessed enodes
4595 in the worklist. Call print_bar_charts.
4596 (exploded_graph::dump_stats): Print the number of unprocessed
4597 enodes in the worklist.
4598 * exploded-graph.h (stats::get_total_enodes): New decl.
4599 (struct per_program_point_data): Add field m_excess_enodes.
4600 (exploded_graph::print_bar_charts): New decl.
4601 * supergraph.cc (superedge::dump): New.
4602 (superedge::dump): New.
4603 * supergraph.h (supernode::get_function): New.
4604 (superedge::dump): New decl.
4605 (superedge::dump): New decl.
4606
f2ca2088
DM		 46072020-02-24 David Malcolm <dmalcolm@redhat.com>
4608
4609 * engine.cc (exploded_graph::get_or_create_node): Dump the
4610 program_state to the pp, rather than to stderr.
4611
b3d788a2
DM		 46122020-02-24 David Malcolm <dmalcolm@redhat.com>
4613
4614 PR analyzer/93032
4615 * sm.cc (make_checkers): Require the "taint" checker to be
4616 explicitly enabled.
4617
3a25f345
DM		 46182020-02-24 David Malcolm <dmalcolm@redhat.com>
4619
4620 PR analyzer/93899
4621 * engine.cc
4622 (impl_region_model_context::impl_region_model_context): Add logger
4623 param.
4624 * engine.cc (exploded_graph::add_function_entry): Create an
4625 impl_region_model_context and pass it to the push_frame call.
4626 Bail if the resulting state is invalid.
4627 (exploded_graph::build_initial_worklist): Likewise.
4628 (exploded_graph::build_initial_worklist): Handle the case where
4629 add_function_entry fails.
4630 * exploded-graph.h
4631 (impl_region_model_context::impl_region_model_context): Add logger
4632 param.
4633 * region-model.cc (map_region::get_or_create): Add ctxt param and
4634 pass it to add_region_for_type.
4635 (map_region::can_merge_p): Pass NULL as a ctxt to call to
4636 get_or_create.
4637 (array_region::get_element): Pass ctxt to call to get_or_create.
4638 (array_region::get_or_create): Add ctxt param and pass it to
4639 add_region_for_type.
4640 (root_region::push_frame): Pass ctxt to get_or_create calls.
4641 (region_model::get_lvalue_1): Likewise.
4642 (region_model::make_region_for_unexpected_tree_code): Assert that
4643 ctxt is non-NULL.
4644 (region_model::get_rvalue_1): Pass ctxt to get_svalue_for_fndecl
4645 and get_svalue_for_label calls.
4646 (region_model::get_svalue_for_fndecl): Add ctxt param and pass it
4647 to get_region_for_fndecl.
4648 (region_model::get_region_for_fndecl): Add ctxt param and pass it
4649 to get_or_create.
4650 (region_model::get_svalue_for_label): Add ctxt param and pass it
4651 to get_region_for_label.
4652 (region_model::get_region_for_label): Add ctxt param and pass it
4653 to get_region_for_fndecl and get_or_create.
4654 (region_model::get_field_region): Add ctxt param and pass it to
4655 get_or_create_view and get_or_create.
4656 (make_region_for_type): Replace gcc_unreachable with return NULL.
4657 (region_model::add_region_for_type): Add ctxt param. Handle a
4658 return of NULL from make_region_for_type by calling
4659 make_region_for_unexpected_tree_code.
4660 (region_model::get_or_create_mem_ref): Pass ctxt to calls to
4661 get_or_create_view.
4662 (region_model::get_or_create_view): Add ctxt param and pass it to
4663 add_region_for_type.
4664 (selftest::test_state_merging): Pass ctxt to get_or_create_view.
4665 * region-model.h (region_model::get_or_create): Add ctxt param.
4666 (region_model::add_region_for_type): Likewise.
4667 (region_model::get_svalue_for_fndecl): Likewise.
4668 (region_model::get_svalue_for_label): Likewise.
4669 (region_model::get_region_for_fndecl): Likewise.
4670 (region_model::get_region_for_label): Likewise.
4671 (region_model::get_field_region): Likewise.
4672 (region_model::get_or_create_view): Likewise.
4673
004f2c07
DM		 46742020-02-24 David Malcolm <dmalcolm@redhat.com>
4675
4676 * checker-path.cc (superedge_event::should_filter_p): Update
4677 filter for empty descriptions to cover verbosity level 3 as well
4678 as 2.
4679 * diagnostic-manager.cc: Include "analyzer/reachability.h".
4680 (class path_builder): New class.
4681 (diagnostic_manager::emit_saved_diagnostic): Create a path_builder
4682 and pass it to build_emission_path, rather passing eg; similarly
4683 for add_events_for_eedge and ext_state.
4684 (diagnostic_manager::build_emission_path): Replace "eg" param
4685 with a path_builder, pass it to add_events_for_eedge.
4686 (diagnostic_manager::add_events_for_eedge): Replace ext_state
4687 param with path_builder; pass it to add_events_for_superedge.
4688 (diagnostic_manager::significant_edge_p): New.
4689 (diagnostic_manager::add_events_for_superedge): Add path_builder
4690 param. Reject insignificant edges at verbosity levels below 3.
4691 (diagnostic_manager::prune_for_sm_diagnostic): Update highest
4692 verbosity level to 4.
4693 * diagnostic-manager.h (class path_builder): New forward decl.
4694 (diagnostic_manager::build_emission_path): Replace "eg" param
4695 with a path_builder.
4696 (diagnostic_manager::add_events_for_eedge): Replace ext_state
4697 param with path_builder.
4698 (diagnostic_manager::significant_edge_p): New.
4699 (diagnostic_manager::add_events_for_superedge): Add path_builder
4700 param.
4701 * reachability.h: New file.
4702
0b2b45a6
DM		 47032020-02-18 David Malcolm <dmalcolm@redhat.com>
4704
4705 PR analyzer/93692
4706 * analyzer.opt (fdump-analyzer-callgraph): Rewrite description.
4707
4f40164a
DM		 47082020-02-18 David Malcolm <dmalcolm@redhat.com>
4709
4710 PR analyzer/93777
4711 * region-model.cc (region_model::maybe_cast_1): Replace assertion
4712 that build_cast returns non-NULL with a conditional, falling
4713 through to the logic which returns a new unknown value of the
4714 desired type if it fails.
4715
2e623393
DM		 47162020-02-18 David Malcolm <dmalcolm@redhat.com>
4717
4718 PR analyzer/93778
4719 * engine.cc (impl_region_model_context::on_unknown_tree_code):
4720 Rename to...
4721 (impl_region_model_context::on_unexpected_tree_code): ...this and
4722 convert first argument from path_var to tree.
4723 (exploded_node::on_stmt): Pass ctxt to purge_for_unknown_fncall.
4724 * exploded-graph.h (region_model_context::on_unknown_tree_code):
4725 Rename to...
4726 (region_model_context::on_unexpected_tree_code): ...this and
4727 convert first argument from path_var to tree.
4728 * program-state.cc (sm_state_map::purge_for_unknown_fncall): Add
4729 ctxt param and pass on to calls to get_rvalue.
4730 * program-state.h (sm_state_map::purge_for_unknown_fncall): Add
4731 ctxt param.
4732 * region-model.cc (region_model::handle_unrecognized_call): Pass
4733 ctxt on to call to get_rvalue.
4734 (region_model::get_lvalue_1): Move body of default case to
4735 region_model::make_region_for_unexpected_tree_code and call it.
4736 Within COMPONENT_REF case, reject attempts to handle types other
4737 than RECORD_TYPE and UNION_TYPE.
4738 (region_model::make_region_for_unexpected_tree_code): New
4739 function, based on default case of region_model::get_lvalue_1.
4740 * region-model.h
4741 (region_model::make_region_for_unexpected_tree_code): New decl.
4742 (region_model::on_unknown_tree_code): Rename to...
4743 (region_model::on_unexpected_tree_code): ...this and convert first
4744 argument from path_var to tree.
4745 (class test_region_model_context): Update vfunc implementation for
4746 above change.
4747
a674c7b8
DM		 47482020-02-18 David Malcolm <dmalcolm@redhat.com>
4749
4750 PR analyzer/93774
4751 * region-model.cc
4752 (region_model::convert_byte_offset_to_array_index): Use
4753 int_size_in_bytes before calling size_in_bytes, to gracefully fail
4754 on incomplete types.
4755
d8cde6f9
DM		 47562020-02-17 David Malcolm <dmalcolm@redhat.com>
4757
4758 PR analyzer/93775
4759 * region-model.cc (region_model::get_fndecl_for_call): Handle the
4760 case where the code_region's get_tree_for_child_region returns
4761 NULL.
4762
f76a88eb
DM		 47632020-02-17 David Malcolm <dmalcolm@redhat.com>
4764
4765 PR analyzer/93388
4766 * engine.cc (impl_region_model_context::on_unknown_tree_code):
4767 New.
4768 (exploded_graph::get_or_create_node): Reject invalid states.
4769 * exploded-graph.h
4770 (impl_region_model_context::on_unknown_tree_code): New decl.
4771 (point_and_state::point_and_state): Assert that the state is
4772 valid.
4773 * program-state.cc (program_state::program_state): Initialize
4774 m_valid to true.
4775 (program_state::operator=): Copy m_valid.
4776 (program_state::program_state): Likewise for move constructor.
4777 (program_state::print): Print m_valid.
4778 (program_state::dump_to_pp): Likewise.
4779 * program-state.h (program_state::m_valid): New field.
4780 * region-model.cc (region_model::get_lvalue_1): Implement the
4781 default case by returning a new symbolic region and calling
4782 the context's on_unknown_tree_code, rather than issuing an
4783 internal_error. Implement VIEW_CONVERT_EXPR.
4784 * region-model.h (region_model_context::on_unknown_tree_code): New
4785 vfunc.
4786 (test_region_model_context::on_unknown_tree_code): New.
4787
0993ad65
DM		 47882020-02-17 David Malcolm <dmalcolm@redhat.com>
4789
4790 * sm-malloc.cc (malloc_diagnostic::describe_state_change): For
4791 transition to the "null" state, only say "assuming" when
4792 transitioning from the "unchecked" state.
4793
67098787
DM		 47942020-02-17 David Malcolm <dmalcolm@redhat.com>
4795
4796 * diagnostic-manager.h (diagnostic_manager::get_saved_diagnostic):
4797 Add const overload.
4798 * engine.cc (exploded_node::dump_dot): Dump saved_diagnostics.
4799 * exploded-graph.h (exploded_graph::get_diagnostic_manager): Add
4800 const overload.
4801
91f993b7
DM		 48022020-02-11 David Malcolm <dmalcolm@redhat.com>
4803
4804 PR analyzer/93288
4805 * analysis-plan.cc (analysis_plan::use_summary_p): Look through
4806 the ultimate_alias_target when getting the called function.
4807 * engine.cc (exploded_node::on_stmt): Rename second "ctxt" to
4808 "sm_ctxt". Use the region_model's get_fndecl_for_call rather than
4809 gimple_call_fndecl.
4810 * region-model.cc (region_model::get_fndecl_for_call): Use
4811 ultimate_alias_target on fndecl.
4812 * supergraph.cc (get_ultimate_function_for_cgraph_edge): New
4813 function.
4814 (supergraph_call_edge): Use it when rejecting edges without
4815 functions.
4816 (supergraph::supergraph): Use it to get the function for the
4817 cgraph_edge when building interprocedural superedges.
4818 (callgraph_superedge::get_callee_function): Use it.
4819 * supergraph.h (supergraph::get_num_snodes): Make param const.
4820 (supergraph::function_to_num_snodes_t): Make first type param
4821 const.
4822
a60d9889
DM		 48232020-02-11 David Malcolm <dmalcolm@redhat.com>
4824
4825 PR analyzer/93374
4826 * engine.cc (exploded_edge::exploded_edge): Add ext_state param
4827 and pass it to change.validate.
4828 (exploded_graph::get_or_create_node): Move purging of change
4829 svalues to also cover the case of reusing an existing enode.
4830 (exploded_graph::add_edge): Pass m_ext_state to exploded_edge's
4831 ctor.
4832 * exploded-graph.h (exploded_edge::exploded_edge): Add ext_state
4833 param.
4834 * program-state.cc (state_change::sm_change::validate): Likewise.
4835 Assert that m_sm_idx is sane. Use ext_state to validate
4836 m_old_state and m_new_state.
4837 (state_change::validate): Add ext_state param and pass it to
4838 the sm_change validate calls.
4839 * program-state.h (state_change::sm_change::validate): Add
4840 ext_state param.
4841 (state_change::validate): Likewise.
4842
a0e4929b
DM		 48432020-02-11 David Malcolm <dmalcolm@redhat.com>
4844
4845 PR analyzer/93669
4846 * engine.cc (exploded_graph::dump_exploded_nodes): Handle missing
4847 case of STATUS_WORKLIST in implementation of
4848 "__analyzer_dump_exploded_nodes".
4849
cd28b759
DM		 48502020-02-11 David Malcolm <dmalcolm@redhat.com>
4851
4852 PR analyzer/93649
4853 * constraint-manager.cc (constraint_manager::add_constraint): When
4854 merging equivalence classes and updating m_constant, also update
4855 m_cst_sid.
4856 (constraint_manager::validate): If m_constant is non-NULL assert
4857 that m_cst_sid is non-null and is valid.
4858
5e17c1bd
DM		 48592020-02-11 David Malcolm <dmalcolm@redhat.com>
4860
4861 PR analyzer/93657
4862 * analyzer.opt (fdump-analyzer): Reword description.
4863 (fdump-analyzer-stderr): Likewise.
4864
c46d057f
DM		 48652020-02-11 David Malcolm <dmalcolm@redhat.com>
4866
4867 * region-model.cc (print_quoted_type): New function.
4868 (svalue::print): Use it to replace %qT.
4869 (region::dump_to_pp): Likewise.
4870 (region::dump_child_label): Likewise.
4871 (region::print_fields): Likewise.
4872
eb031d4b
DM		 48732020-02-10 David Malcolm <dmalcolm@redhat.com>
4874
4875 PR analyzer/93659
4876 * analyzer.opt (-param=analyzer-max-recursion-depth=): Fix "tha"
4877 -> "that" typo.
4878 (Wanalyzer-use-of-uninitialized-value): Fix "initialized" ->
4879 "uninitialized" typo.
4880
e87deb37
DM		 48812020-02-10 David Malcolm <dmalcolm@redhat.com>
4882
4883 PR analyzer/93350
4884 * region-model.cc (region_model::get_lvalue_1):
4885 Handle BIT_FIELD_REF.
4886 (make_region_for_type): Handle VECTOR_TYPE.
4887
e953f958
DM		 48882020-02-10 David Malcolm <dmalcolm@redhat.com>
4889
4890 PR analyzer/93647
4891 * diagnostic-manager.cc
4892 (diagnostic_manager::prune_for_sm_diagnostic): Bulletproof against
4893 VAR being constant.
4894 * region-model.cc (region_model::get_lvalue_1): Provide a better
4895 error message when encountering an unhandled tree code.
4896
41a9e940
DM		 48972020-02-10 David Malcolm <dmalcolm@redhat.com>
4898
4899 PR analyzer/93405
4900 * region-model.cc (region_model::get_lvalue_1): Implement
4901 CONST_DECL.
4902
cb273d81
DM		 49032020-02-06 David Malcolm <dmalcolm@redhat.com>
4904
4905 * region-model.cc (region_model::maybe_cast_1): Attempt to provide
4906 a region_svalue if either type is a pointer, rather than if both
4907 types are pointers.
4908
a4d3bfc0
DM		 49092020-02-05 David Malcolm <dmalcolm@redhat.com>
4910
4911 * engine.cc (exploded_node::dump_dot): Show merger enodes.
4912 (worklist::add_node): Assert that the node's m_status is
4913 STATUS_WORKLIST.
4914 (exploded_graph::process_worklist): Likewise for nodes from the
4915 worklist. Set status of merged nodes to STATUS_MERGER.
4916 (exploded_graph::process_node): Set status of node to
4917 STATUS_PROCESSED.
4918 (exploded_graph::dump_exploded_nodes): Rework handling of
4919 "__analyzer_dump_exploded_nodes", splitting enodes by status into
4920 "processed" and "merger", showing the count of just the processed
4921 enodes at the call, rather than the count of all enodes.
4922 * exploded-graph.h (exploded_node::status): New enum.
4923 (exploded_node::exploded_node): Initialize m_status to
4924 STATUS_WORKLIST.
4925 (exploded_node::get_status): New getter.
4926 (exploded_node::set_status): New setter.
4927
1dae549d
DM		 49282020-02-04 David Malcolm <dmalcolm@redhat.com>
4929
4930 PR analyzer/93543
4931 * engine.cc (pod_hash_traits<function_call_string>::mark_empty):
4932 Eliminate reinterpret_cast.
4933 (pod_hash_traits<function_call_string>::is_empty): Likewise.
4934
833f1e66
DM		 49352020-02-03 David Malcolm <dmalcolm@redhat.com>
4936
4937 * constraint-manager.cc (range::constrained_to_single_element):
4938 Replace fold_build2 with fold_binary. Remove unnecessary newline.
4939 (constraint_manager::get_or_add_equiv_class): Replace fold_build2
4940 with fold_binary in two places, and remove out-of-date comment.
4941 (constraint_manager::eval_condition): Replace fold_build2 with
4942 fold_binary.
4943 * region-model.cc (constant_svalue::eval_condition): Likewise.
4944 (region_model::on_assignment): Likewise.
4945
8525d1f5
DM		 49462020-02-03 David Malcolm <dmalcolm@redhat.com>
4947
4948 PR analyzer/93544
4949 * diagnostic-manager.cc
4950 (diagnostic_manager::prune_for_sm_diagnostic): Bulletproof
4951 against bad choices due to bad paths.
4952 * engine.cc (impl_region_model_context::on_phi): New.
4953 * exploded-graph.h (impl_region_model_context::on_phi): New decl.
4954 * region-model.cc (region_model::on_longjmp): Likewise.
4955 (region_model::handle_phi): Add phi param. Call the ctxt's on_phi
4956 vfunc.
4957 (region_model::update_for_phis): Pass phi to handle_phi.
4958 * region-model.h (region_model::handle_phi): Add phi param.
4959 (region_model_context::on_phi): New vfunc.
4960 (test_region_model_context::on_phi): New.
4961 * sm-malloc.cc (malloc_state_machine::on_phi): New.
4962 (malloc_state_machine::on_zero_assignment): New.
4963 * sm.h (state_machine::on_phi): New vfunc.
4964
73f38658
DM		 49652020-02-03 David Malcolm <dmalcolm@redhat.com>
4966
4967 * engine.cc (supernode_cluster::dump_dot): Show BB index as
4968 well as SN index.
4969 * supergraph.cc (supernode::dump_dot): Likewise.
4970
5e10b9a2
DM		 49712020-02-03 David Malcolm <dmalcolm@redhat.com>
4972
4973 PR analyzer/93546
4974 * region-model.cc (region_model::on_call_pre): Update for new
4975 param of symbolic_region ctor.
4976 (region_model::deref_rvalue): Likewise.
4977 (region_model::add_new_malloc_region): Likewise.
4978 (make_region_for_type): Likewise, preserving type.
4979 * region-model.h (symbolic_region::symbolic_region): Add "type"
4980 param and pass it to base class ctor.
4981
287ccd3b
DM		 49822020-02-03 David Malcolm <dmalcolm@redhat.com>
4983
4984 PR analyzer/93547
4985 * constraint-manager.cc
4986 (constraint_manager::get_or_add_equiv_class): Ensure types are
4987 compatible before comparing constants.
4988
67751724
DM		 49892020-01-31 David Malcolm <dmalcolm@redhat.com>
4990
4991 PR analyzer/93457
4992 * region-model.cc (make_region_for_type): Use VOID_TYPE_P rather
4993 than checking against void_type_node.
4994
09bea584
DM		 49952020-01-31 David Malcolm <dmalcolm@redhat.com>
4996
4997 PR analyzer/93373
4998 * region-model.cc (ASSERT_COMPAT_TYPES): Convert to...
4999 (assert_compat_types): ...this, and bail when either type is NULL,
5000 or when VOID_TYPE_P (dst_type).
5001 (region_model::get_lvalue): Update for above conversion.
5002 (region_model::get_rvalue): Likewise.
5003
f1c807e8
DM		 50042020-01-31 David Malcolm <dmalcolm@redhat.com>
5005
5006 PR analyzer/93379
5007 * region-model.cc (region_model::update_for_return_superedge):
5008 Move check for null result so that it also guards setting the
5009 lhs.
5010
455f58ec
DM		 50112020-01-31 David Malcolm <dmalcolm@redhat.com>
5012
5013 PR analyzer/93438
5014 * region-model.cc (stack_region::can_merge_p): Split into a two
5015 pass approach, creating all stack regions first, then populating
5016 them.
5017 (selftest::test_state_merging): Add test coverage for (a) the case
5018 of self-merging a model in which a local in an older stack frame
5019 points to a local in a more recent stack frame (which previously
5020 would ICE), and (b) the case of self-merging a model in which a
5021 local points to a global (which previously worked OK).
5022
182ce042
DM		 50232020-01-31 David Malcolm <dmalcolm@redhat.com>
5024
5025 * analyzer.cc (is_named_call_p): Replace tests for fndecl being
5026 extern at file scope and having a non-NULL DECL_NAME with a call
5027 to maybe_special_function_p.
5028 * function-set.cc (function_set::contains_decl_p): Add call to
5029 maybe_special_function_p.
5030
45eb3e49
DM		 50312020-01-31 David Malcolm <dmalcolm@redhat.com>
5032
5033 PR analyzer/93450
5034 * constraint-manager.cc
5035 (constraint_manager::get_or_add_equiv_class): Only compare constants
5036 if their types are compatible.
5037 * region-model.cc (constant_svalue::eval_condition): Replace check
5038 for identical types with call to types_compatible_p.
5039
42f36563
DM		 50402020-01-30 David Malcolm <dmalcolm@redhat.com>
5041
5042 * program-state.cc (extrinsic_state::dump_to_pp): New.
5043 (extrinsic_state::dump_to_file): New.
5044 (extrinsic_state::dump): New.
5045 * program-state.h (extrinsic_state::dump_to_pp): New decl.
5046 (extrinsic_state::dump_to_file): New decl.
5047 (extrinsic_state::dump): New decl.
5048 * sm.cc: Include "pretty-print.h".
5049 (state_machine::dump_to_pp): New.
5050 * sm.h (state_machine::dump_to_pp): New decl.
5051
ebe9174e
DM		 50522020-01-30 David Malcolm <dmalcolm@redhat.com>
5053
5054 * diagnostic-manager.cc (for_each_state_change): Use
5055 extrinsic_state::get_num_checkers rather than accessing m_checkers
5056 directly.
5057 * program-state.cc (program_state::program_state): Likewise.
5058 * program-state.h (extrinsic_state::m_checkers): Make private.
5059
e978955d
DM		 50602020-01-30 David Malcolm <dmalcolm@redhat.com>
5061
5062 PR analyzer/93356
5063 * region-model.cc (region_model::eval_condition): In both
5064 overloads, bail out immediately on floating-point types.
5065 (region_model::eval_condition_without_cm): Likewise.
5066 (region_model::add_constraint): Likewise.
5067
d177c49c
DM		 50682020-01-30 David Malcolm <dmalcolm@redhat.com>
5069
5070 PR analyzer/93450
5071 * program-state.cc (sm_state_map::set_state): For the overload
5072 taking an svalue_id, bail out if the set_state on the ec does
5073 nothing. Convert the latter's return type from void to bool,
5074 returning true if anything changed.
5075 (sm_state_map::impl_set_state): Convert the return type from void
5076 to bool, returning true if the state changed.
5077 * program-state.h (sm_state_map::set_state): Convert return type
5078 from void to bool.
5079 (sm_state_map::impl_set_state): Likewise.
5080 * region-model.cc (constant_svalue::eval_condition): Only call
5081 fold_build2 if the types are the same.
5082
7892ff37
JJ		 50832020-01-29 Jakub Jelinek <jakub@redhat.com>
5084
5085 * analyzer.h (PUSH_IGNORE_WFORMAT, POP_IGNORE_WFORMAT): Remove.
5086 * constraint-manager.cc: Include diagnostic-core.h before graphviz.h.
5087 (range::dump, equiv_class::print): Don't use PUSH_IGNORE_WFORMAT or
5088 POP_IGNORE_WFORMAT.
5089 * state-purge.cc: Include diagnostic-core.h before
5090 gimple-pretty-print.h.
5091 (state_purge_annotator::add_node_annotations, print_vec_of_names):
5092 Don't use PUSH_IGNORE_WFORMAT or POP_IGNORE_WFORMAT.
5093 * region-model.cc: Move diagnostic-core.h include before graphviz.h.
5094 (path_var::dump, svalue::print, constant_svalue::print_details,
5095 region::dump_to_pp, region::dump_child_label, region::print_fields,
5096 map_region::print_fields, map_region::dump_dot_to_pp,
5097 map_region::dump_child_label, array_region::print_fields,
5098 array_region::dump_dot_to_pp): Don't use PUSH_IGNORE_WFORMAT or
5099 POP_IGNORE_WFORMAT.
5100
5aebfb71
DM		 51012020-01-28 David Malcolm <dmalcolm@redhat.com>
5102
5103 PR analyzer/93316
5104 * engine.cc (rewind_info_t::update_model): Get the longjmp call
5105 stmt via get_longjmp_call () rather than assuming it is the last
5106 stmt in the longjmp's supernode.
5107 (rewind_info_t::add_events_to_path): Get the location_t for the
5108 rewind_from_longjmp_event via get_longjmp_call () rather than from
5109 the supernode's get_end_location ().
5110
6c8e5844
DM		 51112020-01-28 David Malcolm <dmalcolm@redhat.com>
5112
5113 * region-model.cc (poisoned_value_diagnostic::emit): Update for
5114 renaming of warning_at overload to warning_meta.
5115 * sm-file.cc (file_leak::emit): Likewise.
5116 * sm-malloc.cc (double_free::emit): Likewise.
5117 (possible_null_deref::emit): Likewise.
5118 (possible_null_arg::emit): Likewise.
5119 (null_deref::emit): Likewise.
5120 (null_arg::emit): Likewise.
5121 (use_after_free::emit): Likewise.
5122 (malloc_leak::emit): Likewise.
5123 (free_of_non_heap::emit): Likewise.
5124 * sm-sensitive.cc (exposure_through_output_file::emit): Likewise.
5125 * sm-signal.cc (signal_unsafe_call::emit): Likewise.
5126 * sm-taint.cc (tainted_array_index::emit): Likewise.
5127
8c08c983
DM		 51282020-01-27 David Malcolm <dmalcolm@redhat.com>
5129
5130 PR analyzer/93451
5131 * region-model.cc (tree_cmp): For the REAL_CST case, impose an
5132 arbitrary order on NaNs relative to other NaNs and to non-NaNs;
5133 const-correctness tweak.
5134 (ana::selftests::build_real_cst_from_string): New function.
5135 (ana::selftests::append_interesting_constants): New function.
5136 (ana::selftests::test_tree_cmp_on_constants): New test.
5137 (ana::selftests::test_canonicalization_4): New test.
5138 (ana::selftests::analyzer_region_model_cc_tests): Call the new
5139 tests.
5140
2fbea419
DM		 51412020-01-27 David Malcolm <dmalcolm@redhat.com>
5142
5143 PR analyzer/93349
5144 * engine.cc (run_checkers): Save and restore input_location.
5145
6a81cabc
DM		 51462020-01-27 David Malcolm <dmalcolm@redhat.com>
5147
5148 * call-string.cc (call_string::cmp_1): Delete, moving body to...
5149 (call_string::cmp): ...here.
5150 * call-string.h (call_string::cmp_1): Delete decl.
5151 * engine.cc (worklist::key_t::cmp_1): Delete, moving body to...
5152 (worklist::key_t::cmp): ...here. Implement hash comparisons
5153 via comparison rather than subtraction to avoid overflow issues.
5154 * exploded-graph.h (worklist::key_t::cmp_1): Delete decl.
5155 * region-model.cc (tree_cmp): Eliminate buggy checking for
5156 symmetry.
5157
342e14ff
DM		 51582020-01-27 David Malcolm <dmalcolm@redhat.com>
5159
5160 * analyzer.cc (is_named_call_p): Check that fndecl is "extern"
5161 and at file scope. Potentially disregard prefix _ or __ in
5162 fndecl's name. Bail if the identifier is NULL.
5163 (is_setjmp_call_p): Expect a gcall rather than plain gimple.
5164 Remove special-case check for leading prefix, and also check for
5165 sigsetjmp.
5166 (is_longjmp_call_p): Also check for siglongjmp.
5167 (get_user_facing_name): New function.
5168 * analyzer.h (is_setjmp_call_p): Expect a gcall rather than plain
5169 gimple.
5170 (get_user_facing_name): New decl.
5171 * checker-path.cc (setjmp_event::get_desc): Use
5172 get_user_facing_name to avoid hardcoding the function name.
5173 (rewind_event::rewind_event): Add rewind_info param, using it to
5174 initialize new m_rewind_info field, and strengthen the assertion.
5175 (rewind_from_longjmp_event::get_desc): Use get_user_facing_name to
5176 avoid hardcoding the function name.
5177 (rewind_to_setjmp_event::get_desc): Likewise.
5178 * checker-path.h (setjmp_event::setjmp_event): Add setjmp_call
5179 param and use it to initialize...
5180 (setjmp_event::m_setjmp_call): New field.
5181 (rewind_event::rewind_event): Add rewind_info param.
5182 (rewind_event::m_rewind_info): New protected field.
5183 (rewind_from_longjmp_event::rewind_from_longjmp_event): Add
5184 rewind_info param.
5185 (class rewind_to_setjmp_event): Move rewind_info field to parent
5186 class.
5187 * diagnostic-manager.cc (diagnostic_manager::add_events_for_eedge):
5188 Update setjmp-handling for is_setjmp_call_p requiring a gcall;
5189 pass the call to the new setjmp_event.
5190 * engine.cc (exploded_node::on_stmt): Update for is_setjmp_call_p
5191 requiring a gcall.
5192 (stale_jmp_buf::emit): Use get_user_facing_name to avoid
5193 hardcoding the function names.
5194 (exploded_node::on_longjmp): Pass the longjmp_call when
5195 constructing rewind_info.
5196 (rewind_info_t::add_events_to_path): Pass the rewind_info_t to the
5197 rewind_from_longjmp_event's ctor.
5198 * exploded-graph.h (rewind_info_t::rewind_info_t): Add
5199 longjmp_call param.
5200 (rewind_info_t::get_longjmp_call): New.
5201 (rewind_info_t::m_longjmp_call): New.
5202 * region-model.cc (region_model::on_setjmp): Update comment to
5203 indicate this is also for sigsetjmp.
5204 * region-model.h (struct setjmp_record): Likewise.
5205 (class setjmp_svalue): Likewise.
5206
26d949c8
DM		 52072020-01-27 David Malcolm <dmalcolm@redhat.com>
5208
5209 PR analyzer/93276
5210 * analyzer.h (PUSH_IGNORE_WFORMAT, POP_IGNORE_WFORMAT): Guard these
5211 macros with GCC_VERSION >= 4006, making them no-op otherwise.
5212 * engine.cc (exploded_edge::exploded_edge): Specify template for
5213 base class initializer.
5214 (exploded_graph::add_edge): Specify template when chaining up to
5215 base class add_edge implementation.
5216 (viz_callgraph_node::dump_dot): Drop redundant "typename".
5217 (viz_callgraph_edge::viz_callgraph_edge): Specify template for
5218 base class initializer.
5219 * program-state.cc (sm_state_map::clone_with_remapping): Drop
5220 redundant "typename".
5221 (sm_state_map::print): Likewise.
5222 (sm_state_map::hash): Likewise.
5223 (sm_state_map::operator==): Likewise.
5224 (sm_state_map::remap_svalue_ids): Likewise.
5225 (sm_state_map::on_svalue_purge): Likewise.
5226 (sm_state_map::validate): Likewise.
5227 * program-state.h (sm_state_map::iterator_t): Likewise.
5228 * supergraph.h (superedge::superedge): Specify template for base
5229 class initializer.
5230
648796da
DM		 52312020-01-23 David Malcolm <dmalcolm@redhat.com>
5232
5233 PR analyzer/93375
5234 * supergraph.cc (callgraph_superedge::get_arg_for_parm): Fail
5235 gracefully is the number of parameters at the callee exceeds the
5236 number of arguments at the call stmt.
5237 (callgraph_superedge::get_parm_for_arg): Likewise.
5238
591b59eb
DM		 52392020-01-22 David Malcolm <dmalcolm@redhat.com>
5240
5241 PR analyzer/93382
5242 * program-state.cc (sm_state_map::on_svalue_purge): If the
5243 entry survives, but the origin is being purged, then reset the
5244 origin to null.
5245
c9c8aef4
DM		 52462020-01-22 David Malcolm <dmalcolm@redhat.com>
5247
5248 * sm-signal.cc: Fix nesting of CHECKING_P and namespace ana.
5249
fd9982bb
DM		 52502020-01-22 David Malcolm <dmalcolm@redhat.com>
5251
5252 PR analyzer/93378
5253 * engine.cc (setjmp_svalue::compare_fields): Update for
5254 replacement of m_enode with m_setjmp_record.
5255 (setjmp_svalue::add_to_hash): Likewise.
5256 (setjmp_svalue::get_index): Rename...
5257 (setjmp_svalue::get_enode_index): ...to this.
5258 (setjmp_svalue::print_details): Update for replacement of m_enode
5259 with m_setjmp_record.
5260 (exploded_node::on_longjmp): Likewise.
5261 * exploded-graph.h (rewind_info_t::m_enode_origin): Replace...
5262 (rewind_info_t::m_setjmp_record): ...with this.
5263 (rewind_info_t::rewind_info_t): Update for replacement of m_enode
5264 with m_setjmp_record.
5265 (rewind_info_t::get_setjmp_point): Likewise.
5266 (rewind_info_t::get_setjmp_call): Likewise.
5267 * region-model.cc (region_model::dump_summary_of_map): Likewise.
5268 (region_model::on_setjmp): Likewise.
5269 * region-model.h (struct setjmp_record): New struct.
5270 (setjmp_svalue::m_enode): Replace...
5271 (setjmp_svalue::m_setjmp_record): ...with this.
5272 (setjmp_svalue::setjmp_svalue): Update for replacement of m_enode
5273 with m_setjmp_record.
5274 (setjmp_svalue::clone): Likewise.
5275 (setjmp_svalue::get_index): Rename...
5276 (setjmp_svalue::get_enode_index): ...to this.
5277 (setjmp_svalue::get_exploded_node): Replace...
5278 (setjmp_svalue::get_setjmp_record): ...with this.
5279
da7cf663
DM		 52802020-01-22 David Malcolm <dmalcolm@redhat.com>
5281
5282 PR analyzer/93316
5283 * analyzer.cc (is_setjmp_call_p): Check for "setjmp" as well as
5284 "_setjmp".
5285
75038aa6
DM		 52862020-01-22 David Malcolm <dmalcolm@redhat.com>
5287
5288 PR analyzer/93307
5289 * analysis-plan.h: Wrap everything namespace "ana".
5290 * analyzer-logging.cc: Likewise.
5291 * analyzer-logging.h: Likewise.
5292 * analyzer-pass.cc (pass_analyzer::execute): Update for "ana"
5293 namespace.
5294 * analyzer-selftests.cc: Wrap everything namespace "ana".
5295 * analyzer-selftests.h: Likewise.
5296 * analyzer.h: Likewise for forward decls of types.
5297 * call-string.h: Likewise.
5298 * checker-path.cc: Likewise.
5299 * checker-path.h: Likewise.
5300 * constraint-manager.cc: Likewise.
5301 * constraint-manager.h: Likewise.
5302 * diagnostic-manager.cc: Likewise.
5303 * diagnostic-manager.h: Likewise.
5304 * engine.cc: Likewise.
5305 * engine.h: Likewise.
5306 * exploded-graph.h: Likewise.
5307 * function-set.cc: Likewise.
5308 * function-set.h: Likewise.
5309 * pending-diagnostic.cc: Likewise.
5310 * pending-diagnostic.h: Likewise.
5311 * program-point.cc: Likewise.
5312 * program-point.h: Likewise.
5313 * program-state.cc: Likewise.
5314 * program-state.h: Likewise.
5315 * region-model.cc: Likewise.
5316 * region-model.h: Likewise.
5317 * sm-file.cc: Likewise.
5318 * sm-malloc.cc: Likewise.
5319 * sm-pattern-test.cc: Likewise.
5320 * sm-sensitive.cc: Likewise.
5321 * sm-signal.cc: Likewise.
5322 * sm-taint.cc: Likewise.
5323 * sm.cc: Likewise.
5324 * sm.h: Likewise.
5325 * state-purge.h: Likewise.
5326 * supergraph.cc: Likewise.
5327 * supergraph.h: Likewise.
5328
4f01e577
DM		 53292020-01-21 David Malcolm <dmalcolm@redhat.com>
5330
5331 PR analyzer/93352
5332 * region-model.cc (int_cmp): Rename to...
5333 (array_region::key_cmp): ...this, using key_t rather than int.
5334 Rewrite in terms of comparisons rather than subtraction to
5335 ensure qsort is anti-symmetric when handling extreme values.
5336 (array_region::walk_for_canonicalization): Update for above
5337 renaming.
5338 * region-model.h (array_region::key_cmp): New decl.
5339
07c86323
DM		 53402020-01-17 David Malcolm <dmalcolm@redhat.com>
5341
5342 PR analyzer/93290
5343 * region-model.cc (region_model::eval_condition_without_cm): Avoid
5344 gcc_unreachable for unexpected operations for the case where
5345 we're comparing an svalue against itself.
5346
5f030383
DM		 53472020-01-17 David Malcolm <dmalcolm@redhat.com>
5348
5349 PR analyzer/93281
5350 * region-model.cc
5351 (region_model::convert_byte_offset_to_array_index): Convert to
5352 ssizetype before dividing by byte_size. Use fold_binary rather
5353 than fold_build2 to avoid needlessly constructing a tree for the
5354 non-const case.
5355
49e9a999
DM		 53562020-01-15 David Malcolm <dmalcolm@redhat.com>
5357
5358 * engine.cc (class impl_region_model_context): Fix comment.
5359
32077b69
DM		 53602020-01-14 David Malcolm <dmalcolm@redhat.com>
5361
5362 PR analyzer/93212
5363 * region-model.cc (make_region_for_type): Use
5364 FUNC_OR_METHOD_TYPE_P rather than comparing against FUNCTION_TYPE.
5365 * region-model.h (function_region::function_region): Likewise.
5366
7fb3669e
DM		 53672020-01-14 David Malcolm <dmalcolm@redhat.com>
5368
5369 * program-state.cc (sm_state_map::clone_with_remapping): Copy
5370 m_global_state.
5371 (selftest::test_program_state_merging_2): New selftest.
5372 (selftest::analyzer_program_state_cc_tests): Call it.
5373
e2a538b1
DM		 53742020-01-14 David Malcolm <dmalcolm@redhat.com>
5375
5376 * checker-path.h (checker_path::get_checker_event): New function.
5377 (checker_path): Add DISABLE_COPY_AND_ASSIGN; make fields private.
5378 * diagnostic-manager.cc
5379 (diagnostic_manager::prune_for_sm_diagnostic): Replace direct
5380 access to checker_path::m_events with accessor functions. Fix
5381 overlong line.
5382 (diagnostic_manager::prune_interproc_events): Replace direct
5383 access to checker_path::m_events with accessor functions.
5384 (diagnostic_manager::finish_pruning): Likewise.
5385
94946989
DM		 53862020-01-14 David Malcolm <dmalcolm@redhat.com>
5387
5388 * checker-path.h (checker_event::clone): Delete vfunc decl.
5389 (debug_event::clone): Delete vfunc impl.
5390 (custom_event::clone): Delete vfunc impl.
5391 (statement_event::clone): Delete vfunc impl.
5392 (function_entry_event::clone): Delete vfunc impl.
5393 (state_change_event::clone): Delete vfunc impl.
5394 (start_cfg_edge_event::clone): Delete vfunc impl.
5395 (end_cfg_edge_event::clone): Delete vfunc impl.
5396 (call_event::clone): Delete vfunc impl.
5397 (return_event::clone): Delete vfunc impl.
5398 (setjmp_event::clone): Delete vfunc impl.
5399 (rewind_from_longjmp_event::clone): Delete vfunc impl.
5400 (rewind_to_setjmp_event::clone): Delete vfunc impl.
5401 (warning_event::clone): Delete vfunc impl.
5402
718930c0
DM		 54032020-01-14 David Malcolm <dmalcolm@redhat.com>
5404
5405 * supergraph.cc (supernode::dump_dot): Ensure that the TABLE
5406 element has at least one TR.
5407
8397af8e
DM		 54082020-01-14 David Malcolm <dmalcolm@redhat.com>
5409
5410 PR analyzer/58237
5411 * engine.cc (leak_stmt_finder::find_stmt): Use get_pure_location
5412 when comparing against UNKNOWN_LOCATION.
5413 (stmt_requires_new_enode_p): Likewise.
5414 (exploded_graph::dump_exploded_nodes): Likewise.
5415 * supergraph.cc (supernode::get_start_location): Likewise.
5416 (supernode::get_end_location): Likewise.
5417
697251b7
DM		 54182020-01-14 David Malcolm <dmalcolm@redhat.com>
5419
5420 PR analyzer/58237
5421 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
5422 selftest::analyzer_sm_file_cc_tests.
5423 * analyzer-selftests.h (selftest::analyzer_sm_file_cc_tests): New
5424 decl.
5425 * sm-file.cc: Include "analyzer/function-set.h" and
5426 "analyzer/analyzer-selftests.h".
5427 (get_file_using_fns): New function.
5428 (is_file_using_fn_p): New function.
5429 (fileptr_state_machine::on_stmt): Return true for known functions.
5430 (selftest::analyzer_sm_file_cc_tests): New function.
5431
4804c5fe
DM		 54322020-01-14 David Malcolm <dmalcolm@redhat.com>
5433
5434 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
5435 selftest::analyzer_sm_signal_cc_tests.
5436 * analyzer-selftests.h (selftest::analyzer_sm_signal_cc_tests):
5437 New decl.
5438 * sm-signal.cc: Include "analyzer/function-set.h" and
5439 "analyzer/analyzer-selftests.h".
5440 (get_async_signal_unsafe_fns): New function.
5441 (signal_unsafe_p): Reimplement in terms of the above.
5442 (selftest::analyzer_sm_signal_cc_tests): New function.
5443
a6b5f19c
DM		 54442020-01-14 David Malcolm <dmalcolm@redhat.com>
5445
5446 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
5447 selftest::analyzer_function_set_cc_tests.
5448 * analyzer-selftests.h (selftest::analyzer_function_set_cc_tests):
5449 New decl.
5450 * function-set.cc: New file.
5451 * function-set.h: New file.
5452
ef7827b0
DM		 54532020-01-14 David Malcolm <dmalcolm@redhat.com>
5454
5455 * analyzer.h (fndecl_has_gimple_body_p): New decl.
5456 * engine.cc (impl_region_model_context::on_unknown_change): New
5457 function.
5458 (fndecl_has_gimple_body_p): Make non-static.
5459 (exploded_node::on_stmt): Treat __analyzer_dump_exploded_nodes as
5460 known. Track whether we have a call with unknown side-effects and
5461 pass it to on_call_post.
5462 * exploded-graph.h (impl_region_model_context::on_unknown_change):
5463 New decl.
5464 * program-state.cc (sm_state_map::on_unknown_change): New function.
5465 * program-state.h (sm_state_map::on_unknown_change): New decl.
5466 * region-model.cc: Include "bitmap.h".
5467 (region_model::on_call_pre): Return a bool, capturing whether the
5468 call has unknown side effects.
5469 (region_model::on_call_post): Add arg "bool unknown_side_effects"
5470 and if true, call handle_unrecognized_call.
5471 (class reachable_regions): New class.
5472 (region_model::handle_unrecognized_call): New function.
5473 * region-model.h (region_model::on_call_pre): Return a bool.
5474 (region_model::on_call_post): Add arg "bool unknown_side_effects".
5475 (region_model::handle_unrecognized_call): New decl.
5476 (region_model_context::on_unknown_change): New vfunc.
5477 (test_region_model_context::on_unknown_change): New function.
5478
14f9d7b9
DM		 54792020-01-14 David Malcolm <dmalcolm@redhat.com>
5480
5481 * diagnostic-manager.cc (saved_diagnostic::operator==): Move here
5482 from header. Replace pointer equality test on m_var with call to
5483 pending_diagnostic::same_tree_p.
5484 * diagnostic-manager.h (saved_diagnostic::operator==): Move to
5485 diagnostic-manager.cc.
5486 * pending-diagnostic.cc (pending_diagnostic::same_tree_p): New.
5487 * pending-diagnostic.h (pending_diagnostic::same_tree_p): New.
5488 * sm-file.cc (file_diagnostic::subclass_equal_p): Replace pointer
5489 equality on m_arg with call to pending_diagnostic::same_tree_p.
5490 * sm-malloc.cc (malloc_diagnostic::subclass_equal_p): Likewise.
5491 (possible_null_arg::subclass_equal_p): Likewise.
5492 (null_arg::subclass_equal_p): Likewise.
5493 (free_of_non_heap::subclass_equal_p): Likewise.
5494 * sm-pattern-test.cc (pattern_match::operator==): Likewise.
5495 * sm-sensitive.cc (exposure_through_output_file::operator==):
5496 Likewise.
5497 * sm-taint.cc (tainted_array_index::operator==): Likewise.
5498
f474fbd5
DM		 54992020-01-14 David Malcolm <dmalcolm@redhat.com>
5500
5501 * diagnostic-manager.cc (dedupe_winners::add): Add logging
5502 of deduplication decisions made.
5503
757bf1df
DM		 55042020-01-14 David Malcolm <dmalcolm@redhat.com>
5505
5506 * ChangeLog: New file.
5507 * analyzer-selftests.cc: New file.
5508 * analyzer-selftests.h: New file.
5509 * analyzer.opt: New file.
5510 * analysis-plan.cc: New file.
5511 * analysis-plan.h: New file.
5512 * analyzer-logging.cc: New file.
5513 * analyzer-logging.h: New file.
5514 * analyzer-pass.cc: New file.
5515 * analyzer.cc: New file.
5516 * analyzer.h: New file.
5517 * call-string.cc: New file.
5518 * call-string.h: New file.
5519 * checker-path.cc: New file.
5520 * checker-path.h: New file.
5521 * constraint-manager.cc: New file.
5522 * constraint-manager.h: New file.
5523 * diagnostic-manager.cc: New file.
5524 * diagnostic-manager.h: New file.
5525 * engine.cc: New file.
5526 * engine.h: New file.
5527 * exploded-graph.h: New file.
5528 * pending-diagnostic.cc: New file.
5529 * pending-diagnostic.h: New file.
5530 * program-point.cc: New file.
5531 * program-point.h: New file.
5532 * program-state.cc: New file.
5533 * program-state.h: New file.
5534 * region-model.cc: New file.
5535 * region-model.h: New file.
5536 * sm-file.cc: New file.
5537 * sm-malloc.cc: New file.
5538 * sm-malloc.dot: New file.
5539 * sm-pattern-test.cc: New file.
5540 * sm-sensitive.cc: New file.
5541 * sm-signal.cc: New file.
5542 * sm-taint.cc: New file.
5543 * sm.cc: New file.
5544 * sm.h: New file.
5545 * state-purge.cc: New file.
5546 * state-purge.h: New file.
5547 * supergraph.cc: New file.
5548 * supergraph.h: New file.
5549
55502019-12-13 David Malcolm <dmalcolm@redhat.com>
5551
5552 * Initial creation
5553
5554\f
c48514be 5555Copyright (C) 2019-2021 Free Software Foundation, Inc.
757bf1df
DM		 5556
5557Copying and distribution of this file, with or without modification,
5558are permitted in any medium without royalty provided the copyright
5559notice and this notice are preserved.
Mirror of https://gcc.gnu.org/git/gcc.git