]> git.ipfire.org Git - thirdparty/gcc.git/blob - gcc/analyzer/ChangeLog
projects / thirdparty / gcc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Daily bump.
[thirdparty/gcc.git] / gcc / analyzer / ChangeLog
1 2021-02-01 David Malcolm <dmalcolm@redhat.com>
2
3 PR analyzer/98918
4 * region-model-manager.cc
5 (region_model_manager::get_or_create_initial_value):
6 Fold the initial value of *UNKNOWN_PTR to an UNKNOWN value.
7 (region_model_manager::get_field_region): Fold the value
8 of UNKNOWN_PTR->FIELD to *UNKNOWN_PTR_OF_&FIELD_TYPE.
9
10 2021-01-29 David Malcolm <dmalcolm@redhat.com>
11
12 * checker-path.cc (event_kind_to_string): Handle
13 EK_START_CONSOLIDATED_CFG_EDGES and
14 EK_END_CONSOLIDATED_CFG_EDGES.
15 (start_consolidated_cfg_edges_event::get_desc): New.
16 (checker_path::cfg_edge_pair_at_p): New.
17 * checker-path.h (enum event_kind): Add
18 EK_START_CONSOLIDATED_CFG_EDGES and
19 EK_END_CONSOLIDATED_CFG_EDGES.
20 (class start_consolidated_cfg_edges_event): New class.
21 (class end_consolidated_cfg_edges_event): New class.
22 (checker_path::delete_events): New.
23 (checker_path::replace_event): New.
24 (checker_path::cfg_edge_pair_at_p): New decl.
25 * diagnostic-manager.cc (diagnostic_manager::prune_path): Call
26 consolidate_conditions.
27 (same_line_as_p): New.
28 (diagnostic_manager::consolidate_conditions): New.
29 * diagnostic-manager.h
30 (diagnostic_manager::consolidate_conditions): New decl.
31
32 2021-01-18 David Malcolm <dmalcolm@redhat.com>
33
34 * analyzer.h (is_std_named_call_p): New decl.
35 * diagnostic-manager.cc (path_builder::get_sm): New.
36 (state_change_event_creator::state_change_event_creator): Add "pb"
37 param.
38 (state_change_event_creator::on_global_state_change): Don't consider
39 state changes affecting other state_machines.
40 (state_change_event_creator::on_state_change): Likewise.
41 (state_change_event_creator::m_pb): New field.
42 (diagnostic_manager::add_events_for_eedge): Pass pb to visitor
43 ctor.
44 * region-model-impl-calls.cc
45 (region_model::impl_deallocation_call): New.
46 * region-model.cc: Include "attribs.h".
47 (region_model::on_call_post): Handle fndecls referenced by
48 __attribute__((deallocated_by(FOO))).
49 * region-model.h (region_model::impl_deallocation_call): New decl.
50 * sm-malloc.cc: Include "stringpool.h" and "attribs.h". Add
51 leading comment.
52 (class api): Delete.
53 (enum resource_state): Update comment for change from api to
54 deallocator and deallocator_set.
55 (allocation_state::allocation_state): Drop api param. Add
56 "deallocators" and "deallocator".
57 (allocation_state::m_api): Drop field in favor of...
58 (allocation_state::m_deallocators): New field.
59 (allocation_state::m_deallocator): New field.
60 (enum wording): Add WORDING_DEALLOCATED.
61 (struct deallocator): New.
62 (struct standard_deallocator): New.
63 (struct custom_deallocator): New.
64 (struct deallocator_set): New.
65 (struct custom_deallocator_set): New.
66 (struct standard_deallocator_set): New.
67 (struct deallocator_set_map_traits): New.
68 (malloc_state_machine::m_malloc): Drop field
69 (malloc_state_machine::m_scalar_new): Likewise.
70 (malloc_state_machine::m_vector_new): Likewise.
71 (malloc_state_machine::m_free): New field
72 (malloc_state_machine::m_scalar_delete): Likewise.
73 (malloc_state_machine::m_vector_delete): Likewise.
74 (malloc_state_machine::deallocator_map_t): New typedef.
75 (malloc_state_machine::m_deallocator_map): New field.
76 (malloc_state_machine::deallocator_set_cache_t): New typedef.
77 (malloc_state_machine::m_custom_deallocator_set_cache): New field.
78 (malloc_state_machine::custom_deallocator_set_map_t): New typedef.
79 (malloc_state_machine::m_custom_deallocator_set_map): New field.
80 (malloc_state_machine::m_dynamic_sets): New field.
81 (malloc_state_machine::m_dynamic_deallocators): New field.
82 (api::api): Delete.
83 (deallocator::deallocator): New ctor.
84 (deallocator::hash): New.
85 (deallocator::dump_to_pp): New.
86 (deallocator::cmp): New.
87 (deallocator::cmp_ptr_ptr): New.
88 (standard_deallocator::standard_deallocator): New ctor.
89 (deallocator_set::deallocator_set): New ctor.
90 (deallocator_set::dump): New.
91 (custom_deallocator_set::custom_deallocator_set): New ctor.
92 (custom_deallocator_set::contains_p): New.
93 (custom_deallocator_set::maybe_get_single): New.
94 (custom_deallocator_set::dump_to_pp): New.
95 (standard_deallocator_set::standard_deallocator_set): New ctor.
96 (standard_deallocator_set::contains_p): New.
97 (standard_deallocator_set::maybe_get_single): New.
98 (standard_deallocator_set::dump_to_pp): New.
99 (start_p): New.
100 (class mismatching_deallocation): Update for conversion from api
101 to deallocator_set and deallocator.
102 (double_free::emit): Use %qs.
103 (class use_after_free): Update for conversion from api to
104 deallocator_set and deallocator.
105 (malloc_leak::describe_state_change): Only emit "allocated here" on
106 a start->nonnull transition, rather than on other transitions to
107 nonnull.
108 (allocation_state::dump_to_pp): Update for conversion from api to
109 deallocator_set.
110 (allocation_state::get_nonnull): Likewise.
111 (malloc_state_machine::malloc_state_machine): Likewise.
112 (malloc_state_machine::~malloc_state_machine): New.
113 (malloc_state_machine::add_state): Update for conversion from api
114 to deallocator_set.
115 (malloc_state_machine::get_or_create_custom_deallocator_set): New.
116 (malloc_state_machine::maybe_create_custom_deallocator_set): New.
117 (malloc_state_machine::get_or_create_deallocator): New.
118 (malloc_state_machine::on_stmt): Update for conversion from api
119 to deallocator_set. Handle "__attribute__((malloc(FOO)))", and
120 the special attribute set on FOO.
121 (malloc_state_machine::on_allocator_call): Update for conversion
122 from api to deallocator_set. Add "returns_nonnull" param and use
123 it to affect which state to transition to.
124 (malloc_state_machine::on_deallocator_call): Update for conversion
125 from api to deallocator_set.
126
127 2021-01-14 David Malcolm <dmalcolm@redhat.com>
128
129 * engine.cc (strongly_connected_components::to_json): New.
130 (worklist::to_json): New.
131 (exploded_graph::to_json): JSON-ify the worklist.
132 * exploded-graph.h (strongly_connected_components::to_json): New
133 decl.
134 (worklist::to_json): New decl.
135 * store.cc (store::to_json): Fix comment.
136 * supergraph.cc (supernode::to_json): Fix reference to
137 "returning_call" in comment. Add optional "fun" to JSON.
138 (edge_kind_to_string): New.
139 (superedge::to_json): Add "kind" to JSON.
140
141 2021-01-14 David Malcolm <dmalcolm@redhat.com>
142
143 PR analyzer/98679
144 * analyzer.h (region_offset::operator==): Make const.
145 * pending-diagnostic.h (pending_diagnostic::equal_p): Likewise.
146 * store.h (binding_cluster::for_each_value): Likewise.
147 (binding_cluster::for_each_binding): Likewise.
148
149 2021-01-12 David Malcolm <dmalcolm@redhat.com>
150
151 PR analyzer/98628
152 * store.cc (binding_cluster::make_unknown_relative_to): Don't mark
153 dereferenced unknown pointers as having escaped.
154
155 2021-01-07 David Malcolm <dmalcolm@redhat.com>
156
157 PR analyzer/98580
158 * region.cc (decl_region::get_svalue_for_initializer): Gracefully
159 handle when LTO writes out DECL_INITIAL as error_mark_node.
160
161 2021-01-07 David Malcolm <dmalcolm@redhat.com>
162
163 PR analyzer/97074
164 * store.cc (binding_cluster::can_merge_p): Add "out_store" param
165 and pass to calls to binding_cluster::make_unknown_relative_to.
166 (binding_cluster::make_unknown_relative_to): Add "out_store"
167 param. Use it to mark base regions that are pointed to by
168 pointers that become unknown as having escaped.
169 (store::can_merge_p): Pass out_store to
170 binding_cluster::can_merge_p.
171 * store.h (binding_cluster::can_merge_p): Add "out_store" param.
172 (binding_cluster::make_unknown_relative_to): Likewise.
173 * svalue.cc (region_svalue::implicitly_live_p): New vfunc.
174 * svalue.h (region_svalue::implicitly_live_p): New vfunc decl.
175
176 2021-01-07 David Malcolm <dmalcolm@redhat.com>
177
178 PR analyzer/98564
179 * engine.cc (exploded_path::feasible_p): Add missing call to
180 bitmap_clear.
181
182 2021-01-06 David Malcolm <dmalcolm@redhat.com>
183
184 PR analyzer/97072
185 * region-model-reachability.cc (reachable_regions::init_cluster):
186 Convert symbolic region handling to a switch statement. Add cases
187 to handle SK_UNKNOWN and SK_CONJURED.
188
189 2021-01-05 David Malcolm <dmalcolm@redhat.com>
190
191 PR analyzer/98293
192 * store.cc (binding_map::apply_ctor_to_region): When "index" is
193 NULL, iterate through the fields for RECORD_TYPEs, rather than
194 creating an INTEGER_CST index.
195
196 2020-11-30 David Malcolm <dmalcolm@redhat.com>
197
198 * analyzer-pass.cc: Include "analyzer/analyzer.h" for the
199 declaration of sorry_no_analyzer; include "tree.h" and
200 "function.h" as these are needed by it.
201
202 2020-11-30 David Malcolm <dmalcolm@redhat.com>
203
204 * analyzer-pass.cc (pass_analyzer::execute): Move sorry call to...
205 (sorry_no_analyzer): New.
206 * analyzer.h (class state_machine): New forward decl.
207 (class logger): New forward decl.
208 (class plugin_analyzer_init_iface): New.
209 (sorry_no_analyzer): New decl.
210 * checker-path.cc (checker_path::fixup_locations): New.
211 * checker-path.h (checker_event::set_location): New.
212 (checker_path::fixup_locations): New decl.
213 * diagnostic-manager.cc
214 (diagnostic_manager::emit_saved_diagnostic): Call
215 checker_path::fixup_locations, and call fixup_location
216 on the primary location.
217 * engine.cc: Include "plugin.h".
218 (class plugin_analyzer_init_impl): New.
219 (impl_run_checkers): Invoke PLUGIN_ANALYZER_INIT callbacks.
220 * pending-diagnostic.h (pending_diagnostic::fixup_location): New
221 vfunc.
222
223 2020-11-18 David Malcolm <dmalcolm@redhat.com>
224
225 PR analyzer/97893
226 * sm-malloc.cc (null_deref::emit): Use CWE-476 rather than
227 CWE-690, as this isn't due to an unchecked return value.
228 (null_arg::emit): Likewise.
229
230 2020-11-12 David Malcolm <dmalcolm@redhat.com>
231
232 * checker-path.h (checker_event::get_id_ptr): New.
233 * diagnostic-manager.cc (path_builder::path_builder): Add "sd"
234 param and use it to initialize new field "m_sd".
235 (path_builder::get_pending_diagnostic): New.
236 (path_builder::m_sd): New field.
237 (diagnostic_manager::emit_saved_diagnostic): Pass sd to
238 path_builder ctor.
239 (diagnostic_manager::add_events_for_superedge): Call new
240 maybe_add_custom_events_for_superedge vfunc.
241 * engine.cc (stale_jmp_buf::stale_jmp_buf): Add "setjmp_point"
242 param and use it to initialize new field "m_setjmp_point".
243 Initialize new field "m_stack_pop_event".
244 (stale_jmp_buf::maybe_add_custom_events_for_superedge): New vfunc
245 implementation.
246 (stale_jmp_buf::describe_final_event): New vfunc implementation.
247 (stale_jmp_buf::m_setjmp_point): New field.
248 (stale_jmp_buf::m_stack_pop_event): New field.
249 (exploded_node::on_longjmp): Pass setjmp_point to stale_jmp_buf
250 ctor.
251 * pending-diagnostic.h
252 (pending_diagnostic::maybe_add_custom_events_for_superedge): New
253 vfunc.
254
255 2020-11-12 David Malcolm <dmalcolm@redhat.com>
256
257 PR tree-optimization/97424
258 * analyzer.opt (Wanalyzer-shift-count-negative): New.
259 (Wanalyzer-shift-count-overflow): New.
260 * region-model.cc (class shift_count_negative_diagnostic): New.
261 (class shift_count_overflow_diagnostic): New.
262 (region_model::get_gassign_result): Complain about shift counts that
263 are negative or are >= the operand's type's width.
264
265 2020-11-10 Martin Liska <mliska@suse.cz>
266
267 * constraint-manager.cc (constraint_manager::merge): Remove
268 unused code.
269 * constraint-manager.h: Likewise.
270 * program-state.cc (sm_state_map::sm_state_map): Likewise.
271 (program_state::program_state): Likewise.
272 (test_sm_state_map): Likewise.
273 * program-state.h: Likewise.
274 * region-model-reachability.cc (reachable_regions::reachable_regions): Likewise.
275 * region-model-reachability.h: Likewise.
276 * region-model.cc (region_model::handle_unrecognized_call): Likewise.
277 (region_model::get_reachable_svalues): Likewise.
278 (region_model::can_merge_with_p): Likewise.
279
280 2020-11-05 David Malcolm <dmalcolm@redhat.com>
281
282 PR analyzer/97668
283 * svalue.cc (cmp_cst): Handle COMPLEX_CST.
284
285 2020-10-29 David Malcolm <dmalcolm@redhat.com>
286
287 * program-state.cc (sm_state_map::on_liveness_change): Sort the
288 leaking svalues before calling on_state_leak.
289 (program_state::detect_leaks): Likewise when calling
290 on_svalue_leak.
291 * region-model-reachability.cc
292 (reachable_regions::mark_escaped_clusters): Likewise when
293 calling on_escaped_function.
294
295 2020-10-29 David Malcolm <dmalcolm@redhat.com>
296
297 PR analyzer/97608
298 * region-model-reachability.cc (reachable_regions::handle_sval):
299 Operands of reachable reversible operations are reachable.
300
301 2020-10-29 David Malcolm <dmalcolm@redhat.com>
302
303 * analyzer.h (class state_machine): New forward decl.
304 (class logger): Likewise.
305 (class visitor): Likewise.
306 * complexity.cc: New file, taken from svalue.cc.
307 * complexity.h: New file, taken from region-model.h.
308 * region-model.h: Include "analyzer/svalue.h" and
309 "analyzer/region.h". Move struct complexity to complexity.h.
310 Move svalue, its subclasses and supporting decls to svalue.h.
311 Move region, its subclasses and supporting decls to region.h.
312 * region.cc: Include "analyzer/region.h".
313 (symbolic_region::symbolic_region): Move here from region-model.h.
314 * region.h: New file, based on material from region-model.h.
315 * svalue.cc: Include "analyzer/svalue.h".
316 (complexity::complexity): Move to complexity.cc.
317 (complexity::from_pair): Likewise.
318 * svalue.h: New file, based on material from region-model.h.
319
320 2020-10-29 David Malcolm <dmalcolm@redhat.com>
321
322 * program-state.cc (sm_state_map::print): Guard the printing of
323 the origin pointer with !flag_dump_noaddr.
324 * region.cc (string_region::dump_to_pp): Likewise for
325 m_string_cst.
326
327 2020-10-27 David Malcolm <dmalcolm@redhat.com>
328
329 PR analyzer/97568
330 * region-model.cc (region_model::get_initial_value_for_global):
331 Move check that !DECL_EXTERNAL from here to...
332 * region.cc (decl_region::get_svalue_for_initializer): ...here,
333 using it to reject zero initialization.
334
335 2020-10-27 Markus Böck <markus.boeck02@gmail.com>
336
337 PR analyzer/96608
338 * store.h (hash): Cast to intptr_t instead of long
339
340 2020-10-27 David Malcolm <dmalcolm@redhat.com>
341
342 * constraint-manager.cc (svalue_cmp_by_ptr): Delete.
343 (equiv_class::canonicalize): Use svalue::cmp_ptr_ptr instead.
344 (equiv_class_cmp): Eliminate pointer comparison.
345 * diagnostic-manager.cc (dedupe_key::comparator): If they are at
346 the same location, also compare epath ength and pending_diagnostic
347 kind.
348 * engine.cc (readability_comparator): If two path_vars have the
349 same readability, then impose an arbitrary ordering on them.
350 (worklist::key_t::cmp): If two points have the same plan ordering,
351 continue the comparison. Call sm_state_map::cmp rather than
352 comparing hash values.
353 * program-state.cc (sm_state_map::entry_t::cmp): New.
354 (sm_state_map::cmp): New.
355 * program-state.h (sm_state_map::entry_t::cmp): New decl.
356 (sm_state_map::elements): New.
357 (sm_state_map::cmp): New.
358
359 2020-10-27 David Malcolm <dmalcolm@redhat.com>
360
361 * engine.cc (setjmp_record::cmp): New.
362 (supernode_cluster::dump_dot): Avoid embedding pointer in cluster
363 name.
364 (supernode_cluster::cmp_ptr_ptr): New.
365 (function_call_string_cluster::dump_dot): Avoid embedding pointer
366 in cluster name. Sort m_map when dumping child clusters.
367 (function_call_string_cluster::cmp_ptr_ptr): New.
368 (root_cluster::dump_dot): Sort m_map when dumping child clusters.
369 * program-point.cc (function_point::cmp): New.
370 (function_point::cmp_ptr): New.
371 * program-point.h (function_point::cmp): New decl.
372 (function_point::cmp_ptr): New decl.
373 * program-state.cc (sm_state_map::print): Sort the values. Guard
374 the printing of pointers with !flag_dump_noaddr.
375 (program_state::prune_for_point): Sort the regions.
376 (log_set_of_svalues): Sort the values. Guard the printing of
377 pointers with !flag_dump_noaddr.
378 * region-model-manager.cc (log_uniq_map): Sort the values.
379 * region-model-reachability.cc (dump_set): New function template.
380 (reachable_regions::dump_to_pp): Use it.
381 * region-model.h (svalue::cmp_ptr): New decl.
382 (svalue::cmp_ptr_ptr): New decl.
383 (setjmp_record::cmp): New decl.
384 (placeholder_svalue::get_name): New accessor.
385 (widening_svalue::get_point): New accessor.
386 (compound_svalue::get_map): New accessor.
387 (conjured_svalue::get_stmt): New accessor.
388 (conjured_svalue::get_id_region): New accessor.
389 (region::cmp_ptrs): Rename to...
390 (region::cmp_ptr_ptr): ...this.
391 * region.cc (region::cmp_ptrs): Rename to...
392 (region::cmp_ptr_ptr): ...this.
393 * state-purge.cc
394 (state_purge_per_ssa_name::state_purge_per_ssa_name): Sort
395 m_points_needing_name when dumping.
396 * store.cc (concrete_binding::cmp_ptr_ptr): New.
397 (symbolic_binding::cmp_ptr_ptr): New.
398 (binding_map::cmp): New.
399 (get_sorted_parent_regions): Update for renaming of
400 region::cmp_ptrs to region::cmp_ptr_ptr.
401 (store::dump_to_pp): Likewise.
402 (store::to_json): Likewise.
403 (store::can_merge_p): Sort the base regions before considering
404 them.
405 * store.h (concrete_binding::cmp_ptr_ptr): New decl.
406 (symbolic_binding::cmp_ptr_ptr): New decl.
407 (binding_map::cmp): New decl.
408 * supergraph.cc (supergraph::supergraph): Assign UIDs to the
409 gimple stmts.
410 * svalue.cc (cmp_cst): New.
411 (svalue::cmp_ptr): New.
412 (svalue::cmp_ptr_ptr): New.
413
414 2020-10-27 David Malcolm <dmalcolm@redhat.com>
415
416 * engine.cc (exploded_graph::get_or_create_node): Fix off-by-one
417 when imposing param_analyzer_max_enodes_per_program_point limit.
418
419 2020-10-27 David Malcolm <dmalcolm@redhat.com>
420
421 * region-model.cc (region_model::get_representative_path_var):
422 Implement case RK_LABEL.
423 * region-model.h (label_region::get_label): New accessor.
424
425 2020-10-22 David Malcolm <dmalcolm@redhat.com>
426
427 PR analyzer/97514
428 * engine.cc (exploded_graph::add_function_entry): Handle failure
429 to create an enode, rather than asserting.
430
431 2020-10-22 David Malcolm <dmalcolm@redhat.com>
432
433 PR analyzer/97489
434 * engine.cc (exploded_graph::add_function_entry): Assert that we
435 have a function body.
436 (exploded_graph::on_escaped_function): Reject fndecls that don't
437 have a function body.
438
439 2020-10-14 David Malcolm <dmalcolm@redhat.com>
440
441 PR analyzer/93388
442 * region-model.cc (region_model::get_initial_value_for_global):
443 Fall back to returning an initial_svalue if
444 decl_region::get_svalue_for_initializer fails.
445 * region.cc (decl_region::get_svalue_for_initializer): Don't
446 attempt to create a compound_svalue if the region has an unknown
447 size.
448
449 2020-10-14 David Malcolm <dmalcolm@redhat.com>
450
451 PR analyzer/93723
452 * store.cc (binding_map::apply_ctor_to_region): Remove redundant
453 assertion.
454
455 2020-10-12 David Malcolm <dmalcolm@redhat.com>
456
457 PR analyzer/97258
458 * engine.cc (impl_region_model_context::on_escaped_function): New
459 vfunc.
460 (exploded_graph::add_function_entry): Use m_functions_with_enodes
461 to implement idempotency.
462 (add_any_callbacks): New.
463 (exploded_graph::build_initial_worklist): Use the above to find
464 callbacks that are reachable from global initializers.
465 (exploded_graph::on_escaped_function): New.
466 * exploded-graph.h
467 (impl_region_model_context::on_escaped_function): New decl.
468 (exploded_graph::on_escaped_function): New decl.
469 (exploded_graph::m_functions_with_enodes): New field.
470 * region-model-reachability.cc
471 (reachable_regions::reachable_regions): Replace "store" param with
472 "model" param; use it to initialize m_model.
473 (reachable_regions::add): When getting the svalue for the region,
474 call get_store_value on the model rather than using an initial
475 value.
476 (reachable_regions::mark_escaped_clusters): Add ctxt param and
477 use it to call on_escaped_function when a function_region escapes.
478 * region-model-reachability.h
479 (reachable_regions::reachable_regions): Replace "store" param with
480 "model" param.
481 (reachable_regions::mark_escaped_clusters): Add ctxt param.
482 (reachable_regions::m_model): New field.
483 * region-model.cc (region_model::handle_unrecognized_call): Update
484 for change in reachable_regions ctor.
485 (region_model::handle_unrecognized_call): Pass ctxt to
486 mark_escaped_clusters.
487 (region_model::get_reachable_svalues): Update for change in
488 reachable_regions ctor.
489 (region_model::get_initial_value_for_global): Read-only variables
490 keep their initial values.
491 * region-model.h (region_model_context::on_escaped_function): New
492 vfunc.
493 (noop_region_model_context::on_escaped_function): New.
494
495 2020-10-12 David Malcolm <dmalcolm@redhat.com>
496
497 * analyzer.opt (Wanalyzer-write-to-const): New.
498 (Wanalyzer-write-to-string-literal): New.
499 * region-model-impl-calls.cc (region_model::impl_call_memcpy):
500 Call check_for_writable_region.
501 (region_model::impl_call_memset): Likewise.
502 (region_model::impl_call_strcpy): Likewise.
503 * region-model.cc (class write_to_const_diagnostic): New.
504 (class write_to_string_literal_diagnostic): New.
505 (region_model::check_for_writable_region): New.
506 (region_model::set_value): Call check_for_writable_region.
507 * region-model.h (region_model::check_for_writable_region): New
508 decl.
509
510 2020-10-07 David Malcolm <dmalcolm@redhat.com>
511
512 PR analyzer/97116
513 * sm-malloc.cc (method_p): New.
514 (describe_argument_index): New.
515 (inform_nonnull_attribute): Use describe_argument_index.
516 (possible_null_arg::describe_final_event): Likewise.
517 (null_arg::describe_final_event): Likewise.
518
519 2020-09-29 David Malcolm <dmalcolm@redhat.com>
520
521 PR analyzer/95188
522 * engine.cc (stmt_requires_new_enode_p): Split enodes before
523 "signal" calls.
524
525 2020-09-29 David Malcolm <dmalcolm@redhat.com>
526
527 * constraint-manager.cc
528 (constraint_manager::add_constraint_internal): Whitespace fixes.
529 Silence -Wsign-compare warning.
530 * engine.cc (maybe_process_run_of_before_supernode_enodes):
531 Silence -Wsign-compare warning.
532
533 2020-09-28 David Malcolm <dmalcolm@redhat.com>
534
535 * region-model.h (binop_svalue::dyn_cast_binop_svalue): Remove
536 redundant "virtual". Add FINAL OVERRIDE.
537 (widening_svalue::dyn_cast_widening_svalue): Add FINAL OVERRIDE.
538 (compound_svalue::dyn_cast_compound_svalue): Likewise.
539 (conjured_svalue::dyn_cast_conjured_svalue): Likewise.
540
541 2020-09-28 David Malcolm <dmalcolm@redhat.com>
542
543 * diagnostic-manager.cc (null_assignment_sm_context::m_visitor):
544 Remove unused field.
545
546 2020-09-28 David Malcolm <dmalcolm@redhat.com>
547
548 PR analyzer/97233
549 * analyzer.cc (is_longjmp_call_p): Require the initial argument
550 to be a pointer.
551 * engine.cc (exploded_node::on_longjmp): Likewise.
552
553 2020-09-28 David Malcolm <dmalcolm@redhat.com>
554
555 * program-state.cc (sm_state_map::print): Update check
556 for m_global_state being the start state.
557
558 2020-09-26 David Malcolm <dmalcolm@redhat.com>
559
560 PR analyzer/96646
561 PR analyzer/96841
562 * region-model.cc (region_model::get_representative_path_var):
563 When handling offset_region, wrap the MEM_REF's first argument in
564 an ADDR_EXPR of pointer type, rather than simply using the tree
565 for the parent region. Require the MEM_REF's second argument to
566 be an integer constant.
567
568 2020-09-24 David Malcolm <dmalcolm@redhat.com>
569
570 * analyzer.h (struct rejected_constraint): New decl.
571 * analyzer.opt (fanalyzer-feasibility): New option.
572 * diagnostic-manager.cc (path_builder::path_builder): Add
573 "problem" param and use it to initialize new field.
574 (path_builder::get_feasibility_problem): New accessor.
575 (path_builder::m_feasibility_problem): New field.
576 (dedupe_winners::add): Remove inversion of logic in "if" clause,
577 swapping if/else suites. In the !feasible_p suite, inspect
578 flag_analyzer_feasibility and add code to handle when this
579 is off, accepting the infeasible path, but recording the
580 feasibility_problem.
581 (diagnostic_manager::emit_saved_diagnostic): Pass the
582 feasibility_problem to the path_builder.
583 (diagnostic_manager::add_events_for_eedge): If we have
584 a feasibility_problem at this edge, use it to add a custom event.
585 * engine.cc (exploded_path::feasible_p): Pass a
586 rejected_constraint ** to model.maybe_update_for_edge and transfer
587 ownership of any created instance to any feasibility_problem.
588 (feasibility_problem::dump_to_pp): New.
589 * exploded-graph.h (feasibility_problem::feasibility_problem):
590 Drop "model" param; add rejected_constraint * param.
591 (feasibility_problem::~feasibility_problem): New.
592 (feasibility_problem::dump_to_pp): New decl.
593 (feasibility_problem::m_model): Drop field.
594 (feasibility_problem::m_rc): New field.
595 * program-point.cc (function_point::get_location): Handle
596 PK_BEFORE_SUPERNODE and PK_AFTER_SUPERNODE.
597 * program-state.cc (program_state::on_edge): Pass NULL to new
598 param of region_model::maybe_update_for_edge.
599 * region-model.cc (region_model::add_constraint): New overload
600 adding a rejected_constraint ** param.
601 (region_model::maybe_update_for_edge): Add rejected_constraint **
602 param and pass it to the various apply_constraints_for_ calls.
603 (region_model::apply_constraints_for_gcond): Add
604 rejected_constraint ** param and pass it to add_constraint calls.
605 (region_model::apply_constraints_for_gswitch): Likewise.
606 (region_model::apply_constraints_for_exception): Likewise.
607 (rejected_constraint::dump_to_pp): New.
608 * region-model.h (region_model::maybe_update_for_edge):
609 Add rejected_constraint ** param.
610 (region_model::add_constraint): New overload adding a
611 rejected_constraint ** param.
612 (region_model::apply_constraints_for_gcond): Add
613 rejected_constraint ** param.
614 (region_model::apply_constraints_for_gswitch): Likewise.
615 (region_model::apply_constraints_for_exception): Likewise.
616 (struct rejected_constraint): New.
617
618 2020-09-23 David Malcolm <dmalcolm@redhat.com>
619
620 PR analyzer/97178
621 * engine.cc (impl_run_checkers): Update for change to ext_state
622 ctor.
623 * program-state.cc (selftest::test_sm_state_map): Pass an engine
624 instance to ext_state ctor.
625 (selftest::test_program_state_1): Likewise.
626 (selftest::test_program_state_2): Likewise.
627 (selftest::test_program_state_merging): Likewise.
628 (selftest::test_program_state_merging_2): Likewise.
629 * program-state.h (extrinsic_state::extrinsic_state): Remove NULL
630 default value for "eng" param.
631
632 2020-09-23 Tobias Burnus <tobias@codesourcery.com>
633
634 * analyzer-logging.cc: Guard '#pragma ... ignored "-Wformat-diag"'
635 by '#if __GNUC__ >= 10'
636 * analyzer.h: Likewise.
637 * call-string.cc: Likewise.
638
639 2020-09-23 David Malcolm <dmalcolm@redhat.com>
640
641 * engine.cc (exploded_node::on_stmt): Replace sequence of dyn_cast
642 with switch.
643
644 2020-09-22 David Malcolm <dmalcolm@redhat.com>
645
646 * analysis-plan.cc: Include "json.h".
647 * analyzer.opt (fdump-analyzer-json): New.
648 * call-string.cc: Include "json.h".
649 (call_string::to_json): New.
650 * call-string.h (call_string::to_json): New decl.
651 * checker-path.cc: Include "json.h".
652 * constraint-manager.cc: Include "json.h".
653 (equiv_class::to_json): New.
654 (constraint::to_json): New.
655 (constraint_manager::to_json): New.
656 * constraint-manager.h (equiv_class::to_json): New decl.
657 (constraint::to_json): New decl.
658 (constraint_manager::to_json): New decl.
659 * diagnostic-manager.cc: Include "json.h".
660 (saved_diagnostic::to_json): New.
661 (diagnostic_manager::to_json): New.
662 * diagnostic-manager.h (saved_diagnostic::to_json): New decl.
663 (diagnostic_manager::to_json): New decl.
664 * engine.cc: Include "json.h", <zlib.h>.
665 (exploded_node::status_to_str): New.
666 (exploded_node::to_json): New.
667 (exploded_edge::to_json): New.
668 (exploded_graph::to_json): New.
669 (dump_analyzer_json): New.
670 (impl_run_checkers): Call it.
671 * exploded-graph.h (exploded_node::status_to_str): New decl.
672 (exploded_node::to_json): New.
673 (exploded_edge::to_json): New.
674 (exploded_graph::to_json): New.
675 * pending-diagnostic.cc: Include "json.h".
676 * program-point.cc: Include "json.h".
677 (program_point::to_json): New.
678 * program-point.h (program_point::to_json): New decl.
679 * program-state.cc: Include "json.h".
680 (extrinsic_state::to_json): New.
681 (sm_state_map::to_json): New.
682 (program_state::to_json): New.
683 * program-state.h (extrinsic_state::to_json): New decl.
684 (sm_state_map::to_json): New decl.
685 (program_state::to_json): New decl.
686 * region-model-impl-calls.cc: Include "json.h".
687 * region-model-manager.cc: Include "json.h".
688 * region-model-reachability.cc: Include "json.h".
689 * region-model.cc: Include "json.h".
690 * region-model.h (svalue::to_json): New decl.
691 (region::to_json): New decl.
692 * region.cc: Include "json.h".
693 (region::to_json: New.
694 * sm-file.cc: Include "json.h".
695 * sm-malloc.cc: Include "json.h".
696 * sm-pattern-test.cc: Include "json.h".
697 * sm-sensitive.cc: Include "json.h".
698 * sm-signal.cc: Include "json.h".
699 (signal_delivery_edge_info_t::to_json): New.
700 * sm-taint.cc: Include "json.h".
701 * sm.cc: Include "diagnostic.h", "tree-diagnostic.h", and
702 "json.h".
703 (state_machine::state::to_json): New.
704 (state_machine::to_json): New.
705 * sm.h (state_machine::state::to_json): New.
706 (state_machine::to_json): New.
707 * state-purge.cc: Include "json.h".
708 * store.cc: Include "json.h".
709 (binding_key::get_desc): New.
710 (binding_map::to_json): New.
711 (binding_cluster::to_json): New.
712 (store::to_json): New.
713 * store.h (binding_key::get_desc): New decl.
714 (binding_map::to_json): New decl.
715 (binding_cluster::to_json): New decl.
716 (store::to_json): New decl.
717 * supergraph.cc: Include "json.h".
718 (supergraph::to_json): New.
719 (supernode::to_json): New.
720 (superedge::to_json): New.
721 * supergraph.h (supergraph::to_json): New decl.
722 (supernode::to_json): New decl.
723 (superedge::to_json): New decl.
724 * svalue.cc: Include "json.h".
725 (svalue::to_json): New.
726
727 2020-09-21 David Malcolm <dmalcolm@redhat.com>
728
729 PR analyzer/97130
730 * region-model-impl-calls.cc (call_details::get_arg_type): New.
731 * region-model.cc (region_model::on_call_pre): Check that the
732 initial arg is a pointer before calling impl_call_memset and
733 impl_call_strlen.
734 * region-model.h (call_details::get_arg_type): New decl.
735
736 2020-09-21 David Malcolm <dmalcolm@redhat.com>
737
738 PR analyzer/93355
739 * sm-malloc.cc (malloc_state_machine::get_default_state): Look at
740 the base region when considering pointers. Treat pointers to
741 decls as being non-heap.
742
743 2020-09-18 David Malcolm <dmalcolm@redhat.com>
744
745 * checker-path.cc (warning_event::get_desc): Handle global state
746 changes.
747
748 2020-09-18 David Malcolm <dmalcolm@redhat.com>
749
750 * sm-malloc.cc (malloc_state_machine::on_stmt): Handle strdup and
751 strndup as being malloc-like allocators.
752
753 2020-09-16 David Malcolm <dmalcolm@redhat.com>
754
755 * engine.cc (strongly_connected_components::strong_connect): Only
756 consider intraprocedural edges when creating SCCs.
757 (worklist::key_t::cmp): Add comment. Treat call_string
758 differences as more important than differences of program_point
759 within a supernode.
760
761 2020-09-16 David Malcolm <dmalcolm@redhat.com>
762
763 * engine.cc (supernode_cluster::dump_dot): Show the SCC id
764 in the per-supernode clusters in FILENAME.eg.dot output.
765 (exploded_graph_annotator::add_node_annotations):
766 Show the SCC of the supernode in FILENAME.supernode.eg.dot output.
767 * exploded-graph.h (worklist::scc_id): New.
768 (exploded_graph::get_scc_id): New.
769
770 2020-09-16 David Malcolm <dmalcolm@redhat.com>
771
772 * engine.cc (exploded_node::dump_dot): Show STATUS_BULK_MERGED.
773 (exploded_graph::process_worklist): Call
774 maybe_process_run_of_before_supernode_enodes.
775 (exploded_graph::maybe_process_run_of_before_supernode_enodes):
776 New.
777 (exploded_graph_annotator::print_enode): Show STATUS_BULK_MERGED.
778 * exploded-graph.h (enum exploded_node::status): Add
779 STATUS_BULK_MERGED.
780
781 2020-09-16 David Malcolm <dmalcolm@redhat.com>
782
783 * engine.cc
784 (exploded_graph::process_node) <case PK_BEFORE_SUPERNODE>:
785 Simplify by using program_point::get_next.
786 * program-point.cc (program_point::get_next): New.
787 * program-point.h (program_point::get_next): New decl.
788
789 2020-09-16 David Malcolm <dmalcolm@redhat.com>
790
791 * engine.cc (exploded_graph::get_or_create_node): Show the
792 program point when issuing -Wanalyzer-too-complex due to hitting
793 the per-program-point limit.
794
795 2020-09-16 David Malcolm <dmalcolm@redhat.com>
796
797 * region-model.cc (region_model::on_call_pre): Treat getchar as
798 having no side-effects.
799
800 2020-09-15 David Malcolm <dmalcolm@redhat.com>
801
802 PR analyzer/96650
803 * constraint-manager.cc (merger_fact_visitor::on_fact): Replace
804 assertion that add_constraint succeeded with an assertion that
805 if it fails, -fanalyzer-transitivity is off.
806
807 2020-09-14 David Malcolm <dmalcolm@redhat.com>
808
809 * analyzer.opt (-param=analyzer-max-constraints=): New param.
810 * constraint-manager.cc
811 (constraint_manager::add_constraint_internal): Silently reject
812 attempts to add constraints when the above limit is reached.
813
814 2020-09-14 David Malcolm <dmalcolm@redhat.com>
815
816 PR analyzer/96653
817 * constraint-manager.cc
818 (constraint_manager::get_or_add_equiv_class): Don't accumulate
819 transitive closure of all constraints on constants.
820
821 2020-09-14 David Malcolm <dmalcolm@redhat.com>
822
823 PR analyzer/97029
824 * analyzer.cc (is_setjmp_call_p): Require the initial arg to be a
825 pointer.
826 * region-model.cc (region_model::deref_rvalue): Assert that the
827 svalue is of pointer type.
828
829 2020-09-11 David Malcolm <dmalcolm@redhat.com>
830
831 PR analyzer/96798
832 * region-model-impl-calls.cc (region_model::impl_call_memcpy):
833 New.
834 (region_model::impl_call_strcpy): New.
835 * region-model.cc (region_model::on_call_pre): Flag unhandled
836 builtins that are non-pure as having unknown side-effects.
837 Implement BUILT_IN_MEMCPY, BUILT_IN_MEMCPY_CHK, BUILT_IN_STRCPY,
838 BUILT_IN_STRCPY_CHK, BUILT_IN_FPRINTF, BUILT_IN_FPRINTF_UNLOCKED,
839 BUILT_IN_PUTC, BUILT_IN_PUTC_UNLOCKED, BUILT_IN_FPUTC,
840 BUILT_IN_FPUTC_UNLOCKED, BUILT_IN_FPUTS, BUILT_IN_FPUTS_UNLOCKED,
841 BUILT_IN_FWRITE, BUILT_IN_FWRITE_UNLOCKED, BUILT_IN_PRINTF,
842 BUILT_IN_PRINTF_UNLOCKED, BUILT_IN_PUTCHAR,
843 BUILT_IN_PUTCHAR_UNLOCKED, BUILT_IN_PUTS, BUILT_IN_PUTS_UNLOCKED,
844 BUILT_IN_VFPRINTF, BUILT_IN_VPRINTF.
845 * region-model.h (region_model::impl_call_memcpy): New decl.
846 (region_model::impl_call_strcpy): New decl.
847
848 2020-09-09 David Malcolm <dmalcolm@redhat.com>
849
850 PR analyzer/94355
851 * analyzer.opt (Wanalyzer-mismatching-deallocation): New warning.
852 * region-model-impl-calls.cc
853 (region_model::impl_call_operator_new): New.
854 (region_model::impl_call_operator_delete): New.
855 * region-model.cc (region_model::on_call_pre): Detect operator new
856 and operator delete.
857 (region_model::on_call_post): Likewise.
858 (region_model::maybe_update_for_edge): Detect EH edges and call...
859 (region_model::apply_constraints_for_exception): New function.
860 * region-model.h (region_model::impl_call_operator_new): New decl.
861 (region_model::impl_call_operator_delete): New decl.
862 (region_model::apply_constraints_for_exception): New decl.
863 * sm-malloc.cc (enum resource_state): New.
864 (struct allocation_state): New state subclass.
865 (enum wording): New.
866 (struct api): New.
867 (malloc_state_machine::custom_data_t): New typedef.
868 (malloc_state_machine::add_state): New decl.
869 (malloc_state_machine::m_unchecked)
870 (malloc_state_machine::m_nonnull)
871 (malloc_state_machine::m_freed): Delete these states in favor
872 of...
873 (malloc_state_machine::m_malloc)
874 (malloc_state_machine::m_scalar_new)
875 (malloc_state_machine::m_vector_new): ...this new api instances,
876 which own their own versions of these states.
877 (malloc_state_machine::on_allocator_call): New decl.
878 (malloc_state_machine::on_deallocator_call): New decl.
879 (api::api): New ctor.
880 (dyn_cast_allocation_state): New.
881 (as_a_allocation_state): New.
882 (get_rs): New.
883 (unchecked_p): New.
884 (nonnull_p): New.
885 (freed_p): New.
886 (malloc_diagnostic::describe_state_change): Use unchecked_p and
887 nonnull_p.
888 (class mismatching_deallocation): New.
889 (double_free::double_free): Add funcname param for initializing
890 m_funcname.
891 (double_free::emit): Use m_funcname in warning message rather
892 than hardcoding "free".
893 (double_free::describe_state_change): Likewise. Use freed_p.
894 (double_free::describe_call_with_state): Use freed_p.
895 (double_free::describe_final_event): Use m_funcname in message
896 rather than hardcoding "free".
897 (double_free::m_funcname): New field.
898 (possible_null::describe_state_change): Use unchecked_p.
899 (possible_null::describe_return_of_state): Likewise.
900 (use_after_free::use_after_free): Add param for initializing m_api.
901 (use_after_free::emit): Use m_api->m_dealloc_funcname in message
902 rather than hardcoding "free".
903 (use_after_free::describe_state_change): Use freed_p. Change the
904 wording of the message based on the API.
905 (use_after_free::describe_final_event): Use
906 m_api->m_dealloc_funcname in message rather than hardcoding
907 "free". Change the wording of the message based on the API.
908 (use_after_free::m_api): New field.
909 (malloc_leak::describe_state_change): Use unchecked_p. Update
910 for renaming of m_malloc_event to m_alloc_event.
911 (malloc_leak::describe_final_event): Update for renaming of
912 m_malloc_event to m_alloc_event.
913 (malloc_leak::m_malloc_event): Rename...
914 (malloc_leak::m_alloc_event): ...to this.
915 (free_of_non_heap::free_of_non_heap): Add param for initializing
916 m_funcname.
917 (free_of_non_heap::emit): Use m_funcname in message rather than
918 hardcoding "free".
919 (free_of_non_heap::describe_final_event): Likewise.
920 (free_of_non_heap::m_funcname): New field.
921 (allocation_state::dump_to_pp): New.
922 (allocation_state::get_nonnull): New.
923 (malloc_state_machine::malloc_state_machine): Update for changes
924 to state fields and new api fields.
925 (malloc_state_machine::add_state): New.
926 (malloc_state_machine::on_stmt): Move malloc/calloc handling to
927 on_allocator_call and call it, passing in the API pointer.
928 Likewise for free, moving it to on_deallocator_call. Handle calls
929 to operator new and delete in an analogous way. Use unchecked_p
930 when testing for possibly-null-arg and possibly-null-deref, and
931 transition to the non-null for the correct API. Remove redundant
932 node param from call to on_zero_assignment. Use freed_p for
933 use-after-free check, and pass in API.
934 (malloc_state_machine::on_allocator_call): New, based on code in
935 on_stmt.
936 (malloc_state_machine::on_deallocator_call): Likewise.
937 (malloc_state_machine::on_phi): Mark node param with
938 ATTRIBUTE_UNUSED; don't pass it to on_zero_assignment.
939 (malloc_state_machine::on_condition): Mark node param with
940 ATTRIBUTE_UNUSED. Replace on_transition calls with get_state and
941 set_next_state pairs, transitioning to the non-null state for the
942 appropriate API.
943 (malloc_state_machine::can_purge_p): Port to new state approach.
944 (malloc_state_machine::on_zero_assignment): Replace on_transition
945 calls with get_state and set_next_state pairs. Drop redundant
946 node param.
947 * sm.h (state_machine::add_custom_state): New.
948
949 2020-09-09 David Malcolm <dmalcolm@redhat.com>
950
951 * diagnostic-manager.cc
952 (null_assignment_sm_context::warn_for_state): Replace with...
953 (null_assignment_sm_context::warn): ...this.
954 * engine.cc (impl_sm_context::warn_for_state): Replace with...
955 (impl_sm_context::warn): ...this.
956 * sm-file.cc (fileptr_state_machine::on_stmt): Replace
957 warn_for_state and on_transition calls with a get_state
958 test guarding warn and set_next_state calls.
959 * sm-malloc.cc (malloc_state_machine::on_stmt): Likewise.
960 * sm-pattern-test.cc (pattern_test_state_machine::on_condition):
961 Replace warn_for_state call with warn call.
962 * sm-sensitive.cc
963 (sensitive_state_machine::warn_for_any_exposure): Replace
964 warn_for_state call with a get_state test guarding a warn call.
965 * sm-signal.cc (signal_state_machine::on_stmt): Likewise.
966 * sm-taint.cc (taint_state_machine::on_stmt): Replace
967 warn_for_state and on_transition calls with a get_state
968 test guarding warn and set_next_state calls.
969 * sm.h (sm_context::warn_for_state): Replace with...
970 (sm_context::warn): ...this.
971
972 2020-09-09 David Malcolm <dmalcolm@redhat.com>
973
974 * diagnostic-manager.cc
975 (null_assignment_sm_context::null_assignment_sm_context): Add old_state
976 and ext_state params, initializing m_old_state and m_ext_state.
977 (null_assignment_sm_context::on_transition): Split into...
978 (null_assignment_sm_context::get_state): ...this new vfunc
979 implementation and...
980 (null_assignment_sm_context::set_next_state): ...this new vfunc
981 implementation.
982 (null_assignment_sm_context::m_old_state): New field.
983 (null_assignment_sm_context::m_ext_state): New field.
984 (diagnostic_manager::add_events_for_eedge): Pass in old state and
985 ext_state when creating sm_ctxt.
986 * engine.cc (impl_sm_context::on_transition): Split into...
987 (impl_sm_context::get_state): ...this new vfunc
988 implementation and...
989 (impl_sm_context::set_next_state): ...this new vfunc
990 implementation.
991 * sm.h (sm_context::get_state): New pure virtual function.
992 (sm_context::set_next_state): Likewise.
993 (sm_context::on_transition): Convert from a pure virtual function
994 to a regular function implemented in terms of get_state and
995 set_next_state.
996
997 2020-09-09 David Malcolm <dmalcolm@redhat.com>
998
999 * checker-path.cc (state_change_event::get_desc): Update
1000 state_machine::get_state_name calls to state::get_name.
1001 (warning_event::get_desc): Likewise.
1002 * diagnostic-manager.cc
1003 (null_assignment_sm_context::on_transition): Update comparison
1004 against 0 with comparison with m_sm.get_start_state.
1005 (diagnostic_manager::prune_for_sm_diagnostic): Update
1006 state_machine::get_state_name calls to state::get_name.
1007 * engine.cc (impl_sm_context::on_transition): Likewise.
1008 (exploded_node::get_dot_fillcolor): Use get_id when summing
1009 the sm states.
1010 * program-state.cc (sm_state_map::sm_state_map): Don't hardcode
1011 0 as the start state when initializing m_global_state.
1012 (sm_state_map::print): Use dump_to_pp rather than get_state_name
1013 when dumping states.
1014 (sm_state_map::is_empty_p): Don't hardcode 0 as the start state
1015 when examining m_global_state.
1016 (sm_state_map::hash): Use get_id when hashing states.
1017 (selftest::test_sm_state_map): Use state objects rather than
1018 arbitrary hardcoded integers.
1019 (selftest::test_program_state_merging): Likewise.
1020 (selftest::test_program_state_merging_2): Likewise.
1021 * sm-file.cc (fileptr_state_machine::m_start): Move to base class.
1022 (file_diagnostic::describe_state_change): Use get_start_state.
1023 (fileptr_state_machine::fileptr_state_machine): Drop m_start
1024 initialization.
1025 * sm-malloc.cc (malloc_state_machine::m_start): Move to base
1026 class.
1027 (malloc_diagnostic::describe_state_change): Use get_start_state.
1028 (possible_null::describe_state_change): Likewise.
1029 (malloc_state_machine::malloc_state_machine): Drop m_start
1030 initialization.
1031 * sm-pattern-test.cc (pattern_test_state_machine::m_start): Move
1032 to base class.
1033 (pattern_test_state_machine::pattern_test_state_machine): Drop
1034 m_start initialization.
1035 * sm-sensitive.cc (sensitive_state_machine::m_start): Move to base
1036 class.
1037 (sensitive_state_machine::sensitive_state_machine): Drop m_start
1038 initialization.
1039 * sm-signal.cc (signal_state_machine::m_start): Move to base
1040 class.
1041 (signal_state_machine::signal_state_machine): Drop m_start
1042 initialization.
1043 * sm-taint.cc (taint_state_machine::m_start): Move to base class.
1044 (taint_state_machine::taint_state_machine): Drop m_start
1045 initialization.
1046 * sm.cc (state_machine::state::dump_to_pp): New.
1047 (state_machine::state_machine): Move here from sm.h. Initialize
1048 m_next_state_id and m_start.
1049 (state_machine::add_state): Reimplement in terms of state objects.
1050 (state_machine::get_state_name): Delete.
1051 (state_machine::get_state_by_name): Reimplement in terms of state
1052 objects. Make const.
1053 (state_machine::validate): Delete.
1054 (state_machine::dump_to_pp): Reimplement in terms of state
1055 objects.
1056 * sm.h (state_machine::state): New class.
1057 (state_machine::state_t): Convert typedef from "unsigned" to
1058 "const state_machine::state *".
1059 (state_machine::state_machine): Move to sm.cc.
1060 (state_machine::get_default_state): Use m_start rather than
1061 hardcoding 0.
1062 (state_machine::get_state_name): Delete.
1063 (state_machine::get_state_by_name): Make const.
1064 (state_machine::get_start_state): New accessor.
1065 (state_machine::alloc_state_id): New.
1066 (state_machine::m_state_names): Drop in favor of...
1067 (state_machine::m_states): New field
1068 (state_machine::m_start): New field
1069 (start_start_p): Delete.
1070
1071 2020-09-08 David Malcolm <dmalcolm@redhat.com>
1072
1073 PR analyzer/96949
1074 * store.cc (binding_map::apply_ctor_val_to_range): Add
1075 error-handling for the cases where we have symbolic offsets.
1076
1077 2020-09-08 David Malcolm <dmalcolm@redhat.com>
1078
1079 PR analyzer/96950
1080 * store.cc (binding_map::apply_ctor_to_region): Handle RANGE_EXPR
1081 where min_index == max_index.
1082 (binding_map::apply_ctor_val_to_range): Replace assertion that we
1083 don't have a CONSTRUCTOR value with error-handling.
1084
1085 2020-09-08 David Malcolm <dmalcolm@redhat.com>
1086
1087 PR analyzer/96962
1088 * region-model.cc (region_model::on_call_pre): Fix guard on switch
1089 on built-ins to only consider BUILT_IN_NORMAL, rather than other
1090 kinds of build-ins.
1091
1092 2020-09-01 David Malcolm <dmalcolm@redhat.com>
1093
1094 PR analyzer/96792
1095 * region-model.cc (region_model::deref_rvalue): Add the constraint
1096 that PTR_SVAL is non-NULL.
1097
1098 2020-08-31 David Malcolm <dmalcolm@redhat.com>
1099
1100 PR analyzer/96798
1101 * region-model.cc (region_model::on_call_pre): Handle
1102 BUILT_IN_MEMSET_CHK.
1103
1104 2020-08-31 David Malcolm <dmalcolm@redhat.com>
1105
1106 * region-model.cc (region_model::on_call_pre): Gather handling of
1107 builtins and of internal fns into switch statements. Handle
1108 "alloca" and BUILT_IN_ALLOCA_WITH_ALIGN.
1109
1110 2020-08-31 David Malcolm <dmalcolm@redhat.com>
1111
1112 PR analyzer/96860
1113 * region.cc (decl_region::get_svalue_for_constructor): Support
1114 apply_ctor_to_region failing.
1115 * store.cc (binding_map::apply_ctor_to_region): Add failure
1116 handling.
1117 (binding_map::apply_ctor_val_to_range): Likewise.
1118 (binding_map::apply_ctor_pair_to_child_region): Likewise. Replace
1119 assertion that child_base_offset is not symbolic with error
1120 handling.
1121 * store.h (binding_map::apply_ctor_to_region): Convert return type
1122 from void to bool.
1123 (binding_map::apply_ctor_val_to_range): Likewise.
1124 (binding_map::apply_ctor_pair_to_child_region): Likewise.
1125
1126 2020-08-31 David Malcolm <dmalcolm@redhat.com>
1127
1128 PR analyzer/96763
1129 * store.cc (binding_map::apply_ctor_to_region): Handle RANGE_EXPR
1130 by calling a new binding_map::apply_ctor_val_to_range subroutine.
1131 Split out the existing non-CONSTRUCTOR-handling code to a new
1132 apply_ctor_pair_to_child_region subroutine.
1133 (binding_map::apply_ctor_val_to_range): New.
1134 (binding_map::apply_ctor_pair_to_child_region): New, split out
1135 from binding_map::apply_ctor_to_region as noted above.
1136 * store.h (binding_map::apply_ctor_val_to_range): New decl.
1137 (binding_map::apply_ctor_pair_to_child_region): New decl.
1138
1139 2020-08-31 David Malcolm <dmalcolm@redhat.com>
1140
1141 PR analyzer/96764
1142 * region-model-manager.cc
1143 (region_model_manager::maybe_fold_unaryop): Handle VIEW_CONVERT_EXPR.
1144 (region_model_manager::get_or_create_cast): Move logic for
1145 real->integer casting to...
1146 (get_code_for_cast): ...this new function, and add logic for
1147 real->non-integer casts.
1148 (region_model_manager::maybe_fold_sub_svalue): Handle
1149 VIEW_CONVERT_EXPR.
1150 * region-model.cc
1151 (region_model::add_any_constraints_from_gassign): Likewise.
1152 * svalue.cc (svalue::maybe_undo_cast): Likewise.
1153 (unaryop_svalue::dump_to_pp): Likewise.
1154
1155 2020-08-26 David Malcolm <dmalcolm@redhat.com>
1156
1157 PR analyzer/94858
1158 * region-model-manager.cc
1159 (region_model_manager::get_or_create_widening_svalue): Assert that
1160 neither of the inputs are themselves widenings.
1161 * store.cc (store::eval_alias_1): The initial value of a pointer
1162 can't point to a region that was allocated on the heap after the
1163 beginning of the path. A widened pointer value can't alias anything
1164 that the initial pointer value can't alias.
1165 * svalue.cc (svalue::can_merge_p): Merge BINOP (X, OP, CST) with X
1166 to a widening svalue. Merge
1167 BINOP(WIDENING(BASE, BINOP(BASE, X)), X) and BINOP(BASE, X) to
1168 to the LHS of the first BINOP.
1169
1170 2020-08-26 David Malcolm <dmalcolm@redhat.com>
1171
1172 PR analyzer/96777
1173 * region-model.h (class compound_svalue): Document that all keys
1174 must be concrete.
1175 (compound_svalue::compound_svalue): Move definition to svalue.cc.
1176 * store.cc (binding_map::apply_ctor_to_region): Handle
1177 initializers for trailing arrays with incomplete size.
1178 * svalue.cc (compound_svalue::compound_svalue): Move definition
1179 here from region-model.h. Add assertion that all keys are
1180 concrete.
1181
1182 2020-08-22 David Malcolm <dmalcolm@redhat.com>
1183
1184 PR analyzer/94851
1185 * region-model-manager.cc
1186 (region_model_manager::maybe_fold_binop): Fold bitwise "& 0" to 0.
1187
1188 2020-08-22 David Malcolm <dmalcolm@redhat.com>
1189
1190 * store.cc (store::eval_alias): Make const. Split out 2nd half
1191 into store::eval_alias_1 and call it twice for symmetry, avoiding
1192 test duplication.
1193 (store::eval_alias_1): New function, split out from the above.
1194 * store.h (store::eval_alias): Make const.
1195 (store::eval_alias_1): New decl.
1196
1197 2020-08-22 David Malcolm <dmalcolm@redhat.com>
1198
1199 * region-model.cc (region_model::push_frame): Bind the default
1200 SSA name for each parm if it exists, falling back to the parm
1201 itself otherwise, rather than doing both.
1202
1203 2020-08-20 David Malcolm <dmalcolm@redhat.com>
1204
1205 PR analyzer/96723
1206 * region-model-manager.cc
1207 (region_model_manager::get_field_region): Assert that field is a
1208 FIELD_DECL.
1209 * region.cc (region::get_subregions_for_binding): In
1210 union-handling, filter the TYPE_FIELDS traversal to just FIELD_DECLs.
1211
1212 2020-08-20 David Malcolm <dmalcolm@redhat.com>
1213
1214 PR analyzer/96713
1215 * region-model.cc (region_model::get_gassign_result): For
1216 comparisons, only use eval_condition when the lhs has boolean
1217 type, and use get_or_create_constant_svalue on the boolean
1218 constants directly rather than via get_rvalue.
1219
1220 2020-08-19 David Malcolm <dmalcolm@redhat.com>
1221
1222 PR analyzer/96643
1223 * region-model.cc (region_model::deref_rvalue): Rather than
1224 attempting to handle all svalue kinds in the switch, only cover
1225 the special cases, and move symbolic-region handling to after
1226 the switch, thus implicitly handling the missing case SK_COMPOUND.
1227
1228 2020-08-19 David Malcolm <dmalcolm@redhat.com>
1229
1230 PR analyzer/96705
1231 * region-model-manager.cc
1232 (region_model_manager::maybe_fold_binop): Check that we have an
1233 integral type before calling build_int_cst.
1234
1235 2020-08-19 David Malcolm <dmalcolm@redhat.com>
1236
1237 PR analyzer/96699
1238 * region-model-manager.cc
1239 (region_model_manager::get_or_create_cast): Use FIX_TRUNC_EXPR for
1240 casting from REAL_TYPE to INTEGER_TYPE.
1241
1242 2020-08-19 David Malcolm <dmalcolm@redhat.com>
1243
1244 PR analyzer/96651
1245 * region-model.cc (region_model::called_from_main_p): New.
1246 (region_model::get_store_value): Move handling for globals into...
1247 (region_model::get_initial_value_for_global): ...this new
1248 function, and add logic for extracting values from decl
1249 initializers.
1250 * region-model.h (decl_region::get_svalue_for_constructor): New
1251 decl.
1252 (decl_region::get_svalue_for_initializer): New decl.
1253 (region_model::called_from_main_p): New decl.
1254 (region_model::get_initial_value_for_global): New.
1255 * region.cc (decl_region::maybe_get_constant_value): Move logic
1256 for getting an svalue from a CONSTRUCTOR node to...
1257 (decl_region::get_svalue_for_constructor): ...this new function.
1258 (decl_region::get_svalue_for_initializer): New.
1259 * store.cc (get_svalue_for_ctor_val): Rewrite in terms of
1260 region_model::get_rvalue.
1261 * store.h (binding_cluster::get_map): New accessor.
1262
1263 2020-08-19 David Malcolm <dmalcolm@redhat.com>
1264
1265 PR analyzer/96648
1266 * region.cc (get_field_at_bit_offset): Gracefully handle negative
1267 values for bit_offset.
1268
1269 2020-08-18 David Malcolm <dmalcolm@redhat.com>
1270
1271 * region-model.cc (region_model::get_rvalue_1): Fix name of local.
1272
1273 2020-08-18 David Malcolm <dmalcolm@redhat.com>
1274
1275 PR analyzer/96641
1276 * region-model.cc (region_model::get_rvalue_1): Handle
1277 unrecognized tree codes by returning "UNKNOWN.
1278
1279 2020-08-18 David Malcolm <dmalcolm@redhat.com>
1280
1281 PR analyzer/96640
1282 * region-model.cc (region_model::get_gassign_result): Handle various
1283 VEC_* tree codes by returning UNKNOWN.
1284 (region_model::on_assignment): Handle unrecognized tree codes by
1285 setting lhs to an unknown value, rather than issuing a "sorry" and
1286 asserting.
1287
1288 2020-08-17 David Malcolm <dmalcolm@redhat.com>
1289
1290 PR analyzer/96644
1291 * region-model-manager.cc (get_region_for_unexpected_tree_code):
1292 Handle ctxt being NULL.
1293
1294 2020-08-17 David Malcolm <dmalcolm@redhat.com>
1295
1296 PR analyzer/96639
1297 * region.cc (region::get_subregions_for_binding): Check for "type"
1298 being NULL.
1299
1300 2020-08-17 David Malcolm <dmalcolm@redhat.com>
1301
1302 PR analyzer/96642
1303 * store.cc (get_svalue_for_ctor_val): New.
1304 (binding_map::apply_ctor_to_region): Call it.
1305
1306 2020-08-14 David Malcolm <dmalcolm@redhat.com>
1307
1308 PR testsuite/96609
1309 PR analyzer/96616
1310 * region-model.cc (region_model::get_store_value): Call
1311 maybe_get_constant_value on decl_regions first.
1312 * region-model.h (decl_region::maybe_get_constant_value): New decl.
1313 * region.cc (decl_region::get_stack_depth): Likewise.
1314 (decl_region::maybe_get_constant_value): New.
1315 * store.cc (get_subregion_within_ctor): New.
1316 (binding_map::apply_ctor_to_region): New.
1317 * store.h (binding_map::apply_ctor_to_region): New decl.
1318
1319 2020-08-14 David Malcolm <dmalcolm@redhat.com>
1320
1321 PR analyzer/96611
1322 * store.cc (store::mark_as_escaped): Reject attempts to
1323 get a cluster for an unknown pointer.
1324
1325 2020-08-13 David Malcolm <dmalcolm@redhat.com>
1326
1327 PR analyzer/93032
1328 PR analyzer/93938
1329 PR analyzer/94011
1330 PR analyzer/94099
1331 PR analyzer/94399
1332 PR analyzer/94458
1333 PR analyzer/94503
1334 PR analyzer/94640
1335 PR analyzer/94688
1336 PR analyzer/94689
1337 PR analyzer/94839
1338 PR analyzer/95026
1339 PR analyzer/95042
1340 PR analyzer/95240
1341 * analyzer-logging.cc: Ignore "-Wformat-diag".
1342 (logger::enter_scope): Use inc_indent in both overloads.
1343 (logger::exit_scope): Use dec_indent.
1344 * analyzer-logging.h (logger::inc_indent): New.
1345 (logger::dec_indent): New.
1346 * analyzer-selftests.cc (run_analyzer_selftests): Call
1347 analyzer_store_cc_tests.
1348 * analyzer-selftests.h (analyzer_store_cc_tests): New decl.
1349 * analyzer.cc (get_stmt_location): New function.
1350 * analyzer.h (class initial_svalue): New forward decl.
1351 (class unaryop_svalue): New forward decl.
1352 (class binop_svalue): New forward decl.
1353 (class sub_svalue): New forward decl.
1354 (class unmergeable_svalue): New forward decl.
1355 (class placeholder_svalue): New forward decl.
1356 (class widening_svalue): New forward decl.
1357 (class compound_svalue): New forward decl.
1358 (class conjured_svalue): New forward decl.
1359 (svalue_set): New typedef.
1360 (class map_region): Delete.
1361 (class array_region): Delete.
1362 (class frame_region): New forward decl.
1363 (class function_region): New forward decl.
1364 (class label_region): New forward decl.
1365 (class decl_region): New forward decl.
1366 (class element_region): New forward decl.
1367 (class offset_region): New forward decl.
1368 (class cast_region): New forward decl.
1369 (class field_region): New forward decl.
1370 (class string_region): New forward decl.
1371 (class region_model_manager): New forward decl.
1372 (class store_manager): New forward decl.
1373 (class store): New forward decl.
1374 (class call_details): New forward decl.
1375 (struct svalue_id_merger_mapping): Delete.
1376 (struct canonicalization): Delete.
1377 (class function_point): New forward decl.
1378 (class engine): New forward decl.
1379 (dump_tree): New function decl.
1380 (print_quoted_type): New function decl.
1381 (readability_comparator): New function decl.
1382 (tree_cmp): New function decl.
1383 (class path_var): Move here from region-model.h
1384 (bit_offset_t, bit_size_t, byte_size_t): New typedefs.
1385 (class region_offset): New class.
1386 (get_stmt_location): New decl.
1387 (struct member_function_hash_traits): New struct.
1388 (class consolidation_map): New class.
1389 Ignore "-Wformat-diag".
1390 * analyzer.opt (-param=analyzer-max-svalue-depth=): New param.
1391 (-param=analyzer-max-enodes-for-full-dump=): New param.
1392 * call-string.cc: Ignore -Wformat-diag.
1393 * checker-path.cc: Move includes of "analyzer/call-string.h" and
1394 "analyzer/program-point.h" to before "analyzer/region-model.h",
1395 and also include "analyzer/store.h" before it.
1396 (state_change_event::state_change_event): Replace "tree var" param
1397 with "const svalue *sval". Convert "origin" param from tree to
1398 "const svalue *".
1399 (state_change_event::get_desc): Call get_representative_tree to
1400 convert the var and origin from const svalue * to tree. Use
1401 svalue::get_desc rather than %qE when describing state changes.
1402 (checker_path::add_final_event): Use get_stmt_location.
1403 * checker-path.h (state_change_event::state_change_event): Port
1404 from tree to const svalue *.
1405 (state_change_event::get_lvalue): Delete.
1406 (state_change_event::get_dest_function): New.
1407 (state_change_event::m_var): Replace with...
1408 (state_change_event::m_sval): ...this.
1409 (state_change_event::m_origin): Convert from tree to
1410 const svalue *.
1411 * constraint-manager.cc: Include "analyzer/call-string.h",
1412 "analyzer/program-point.h", and "analyzer/store.h" before
1413 "analyzer/region-model.h".
1414 (struct bound, struct range): Move to constraint-manager.h.
1415 (compare_constants): New function.
1416 (range::dump): Rename to...
1417 (range::dump_to_pp): ...this. Support NULL constants.
1418 (range::dump): Reintroduce for dumping to stderr.
1419 (range::constrained_to_single_element): Return result, rather than
1420 writing to *OUT.
1421 (range::eval_condition): New.
1422 (range::below_lower_bound): New.
1423 (range::above_upper_bound): New.
1424 (equiv_class::equiv_class): Port from svalue_id to const svalue *.
1425 (equiv_class::print): Likewise.
1426 (equiv_class::hash): Likewise.
1427 (equiv_class::operator==): Port from svalue_id to const svalue *.
1428 (equiv_class::add): Port from svalue_id to const svalue *. Drop
1429 "cm" param.
1430 (equiv_class::del): Port from svalue_id to const svalue *.
1431 (equiv_class::get_representative): Likewise.
1432 (equiv_class::remap_svalue_ids): Delete.
1433 (svalue_id_cmp_by_id): Rename to...
1434 (svalue_cmp_by_ptr): ...this, porting from svalue_id to
1435 const svalue *.
1436 (equiv_class::canonicalize): Update qsort comparator.
1437 (constraint::implied_by): New.
1438 (constraint_manager::constraint_manager): Copy m_mgr in copy ctor.
1439 (constraint_manager::dump_to_pp): Add "multiline" param
1440 (constraint_manager::dump): Pass "true" for "multiline".
1441 (constraint_manager::add_constraint): Port from svalue_id to
1442 const svalue *. Split out second part into...
1443 (constraint_manager::add_unknown_constraint): ...this new
1444 function. Remove self-constraints when merging equivalence
1445 classes.
1446 (constraint_manager::add_constraint_internal): Remove constraints
1447 that would be implied by the new constraint. Port from svalue_id
1448 to const svalue *.
1449 (constraint_manager::get_equiv_class_by_sid): Rename to...
1450 (constraint_manager::get_equiv_class_by_svalue): ...this, porting
1451 from svalue_id to const svalue *.
1452 (constraint_manager::get_or_add_equiv_class): Port from svalue_id
1453 to const svalue *.
1454 (constraint_manager::eval_condition): Make const. Call
1455 compare_constants and return early if it provides a known result.
1456 (constraint_manager::get_ec_bounds): New.
1457 (constraint_manager::eval_condition): New overloads. Make
1458 existing one const, and use compare_constants.
1459 (constraint_manager::purge): Convert "p" param to a template
1460 rather that an abstract base class. Port from svalue_id to
1461 const svalue *.
1462 (class dead_svalue_purger): New class.
1463 (constraint_manager::remap_svalue_ids): Delete.
1464 (constraint_manager::on_liveness_change): New.
1465 (equiv_class_cmp): Port from svalue_id to const svalue *.
1466 (constraint_manager::canonicalize): Likewise. Combine with
1467 purging of redundant equivalence classes and constraints.
1468 (class cleaned_constraint_manager): Delete.
1469 (class merger_fact_visitor): Make "m_cm_b" const. Add "m_merger"
1470 field.
1471 (merger_fact_visitor::fact): Port from svalue_id to const svalue *.
1472 Add special case for widening.
1473 (constraint_manager::merge): Port from svalue_id to const svalue *.
1474 (constraint_manager::clean_merger_input): Delete.
1475 (constraint_manager::for_each_fact): Port from svalue_id to
1476 const svalue *.
1477 (constraint_manager::validate): Likewise.
1478 (selftest::test_constraint_conditions): Provide a
1479 region_model_manager when creating region_model instances.
1480 Add test for self-equality not creating equivalence classes.
1481 (selftest::test_transitivity): Provide a region_model_manager when
1482 creating region_model instances. Verify that EC-merging happens
1483 when constraints are implied.
1484 (selftest::test_constant_comparisons): Provide a
1485 region_model_manager when creating region_model instances.
1486 (selftest::test_constraint_impl): Likewise. Remove over-specified
1487 assertions.
1488 (selftest::test_equality): Provide a region_model_manager when
1489 creating region_model instances.
1490 (selftest::test_many_constants): Likewise. Provide a
1491 program_point when testing merging.
1492 (selftest::run_constraint_manager_tests): Move call to
1493 test_constant_comparisons to outside the transitivity guard.
1494 * constraint-manager.h (struct bound): Move here from
1495 constraint-manager.cc.
1496 (struct range): Likewise.
1497 (struct::eval_condition): New decl.
1498 (struct::below_lower_bound): New decl.
1499 (struct::above_upper_bound): New decl.
1500 (equiv_class::add): Port from svalue_id to const svalue *.
1501 (equiv_class::del): Likewise.
1502 (equiv_class::get_representative): Likewise.
1503 (equiv_class::remap_svalue_ids): Drop.
1504 (equiv_class::m_cst_sid): Convert to..
1505 (equiv_class::m_cst_sval): ...this.
1506 (equiv_class::m_vars): Port from svalue_id to const svalue *.
1507 (constraint::bool implied_by): New decl.
1508 (fact_visitor::on_fact): Port from svalue_id to const svalue *.
1509 (constraint_manager::constraint_manager): Add mgr param.
1510 (constraint_manager::clone): Delete.
1511 (constraint_manager::maybe_get_constant): Delete.
1512 (constraint_manager::get_sid_for_constant): Delete.
1513 (constraint_manager::get_num_svalues): Delete.
1514 (constraint_manager::dump_to_pp): Add "multiline" param.
1515 (constraint_manager::get_equiv_class): Port from svalue_id to
1516 const svalue *.
1517 (constraint_manager::add_constraint): Likewise.
1518 (constraint_manager::get_equiv_class_by_sid): Rename to...
1519 (constraint_manager::get_equiv_class_by_svalue): ...this, porting
1520 from svalue_id to const svalue *.
1521 (constraint_manager::add_unknown_constraint): New decl.
1522 (constraint_manager::get_or_add_equiv_class): Port from svalue_id
1523 to const svalue *.
1524 (constraint_manager::eval_condition): Likewise. Add overloads.
1525 (constraint_manager::get_ec_bounds): New decl.
1526 (constraint_manager::purge): Convert to template.
1527 (constraint_manager::remap_svalue_ids): Delete.
1528 (constraint_manager::on_liveness_change): New decl.
1529 (constraint_manager::canonicalize): Drop param.
1530 (constraint_manager::clean_merger_input): Delete.
1531 (constraint_manager::m_mgr): New field.
1532 * diagnostic-manager.cc: Move includes of
1533 "analyzer/call-string.h" and "analyzer/program-point.h" to before
1534 "analyzer/region-model.h", and also include "analyzer/store.h"
1535 before it.
1536 (saved_diagnostic::saved_diagnostic): Add "sval" param.
1537 (diagnostic_manager::diagnostic_manager): Add engine param.
1538 (diagnostic_manager::add_diagnostic): Add "sval" param, passing it
1539 to saved_diagnostic ctor. Update overload to pass NULL for it.
1540 (dedupe_winners::dedupe_winners): Add engine param.
1541 (dedupe_winners::add): Add "eg" param. Pass m_engine to
1542 feasible_p.
1543 (dedupe_winner::m_engine): New field.
1544 (diagnostic_manager::emit_saved_diagnostics): Pass engine to
1545 dedupe_winners. Pass &eg when adding candidates. Pass svalue
1546 rather than tree to prune_path. Use get_stmt_location to get
1547 primary location of diagnostic.
1548 (diagnostic_manager::emit_saved_diagnostic): Likewise.
1549 (get_any_origin): Drop.
1550 (state_change_event_creator::on_global_state_change): Pass NULL
1551 const svalue * rather than NULL_TREE trees to state_change_event
1552 ctor.
1553 (state_change_event_creator::on_state_change): Port from tree and
1554 svalue_id to const svalue *.
1555 (for_each_state_change): Port from svalue_id to const svalue *.
1556 (struct null_assignment_sm_context): New.
1557 (diagnostic_manager::add_events_for_eedge): Add state change
1558 events for assignment to NULL.
1559 (diagnostic_manager::prune_path): Update param from tree to
1560 const svalue *.
1561 (diagnostic_manager::prune_for_sm_diagnostic): Port from tracking
1562 by tree to by const svalue *.
1563 * diagnostic-manager.h (saved_diagnostic::saved_diagnostic): Add sval
1564 param.
1565 (saved_diagnostic::m_sval): New field.
1566 (diagnostic_manager::diagnostic_manager): Add engine param.
1567 (diagnostic_manager::get_engine): New.
1568 (diagnostic_manager::add_diagnostic): Add "sval" param.
1569 (diagnostic_manager::prune_path): Likewise.
1570 (diagnostic_manager::prune_for_sm_diagnostic): New overload.
1571 (diagnostic_manager::m_eng): New field.
1572 * engine.cc: Move includes of "analyzer/call-string.h" and
1573 "analyzer/program-point.h" to before "analyzer/region-model.h",
1574 and also include "analyzer/store.h" before it.
1575 (impl_region_model_context::impl_region_model_context): Update for
1576 removal of m_change field.
1577 (impl_region_model_context::remap_svalue_ids): Delete.
1578 (impl_region_model_context::on_svalue_leak): New.
1579 (impl_region_model_context::on_svalue_purge): Delete.
1580 (impl_region_model_context::on_liveness_change): New.
1581 (impl_region_model_context::on_unknown_change): Update param
1582 from svalue_id to const svalue *. Add is_mutable param.
1583 (setjmp_svalue::compare_fields): Delete.
1584 (setjmp_svalue::accept): New.
1585 (setjmp_svalue::add_to_hash): Delete.
1586 (setjmp_svalue::dump_to_pp): New.
1587 (setjmp_svalue::print_details): Delete.
1588 (impl_sm_context::impl_sm_context): Drop "change" param.
1589 (impl_sm_context::get_fndecl_for_call): Drop "m_change".
1590 (impl_sm_context::on_transition): Drop ATTRIBUTE_UNUSED from
1591 "stmt" param. Drop m_change. Port from svalue_id to
1592 const svalue *.
1593 (impl_sm_context::warn_for_state): Drop m_change. Port from
1594 svalue_id to const svalue *.
1595 (impl_sm_context::get_readable_tree): Rename to...
1596 (impl_sm_context::get_diagnostic_tree): ...this. Port from
1597 svalue_id to const svalue *.
1598 (impl_sm_context::is_zero_assignment): New.
1599 (impl_sm_context::m_change): Delete field.
1600 (leak_stmt_finder::find_stmt): Handle m_var being NULL.
1601 (readability): Increase penalty for MEM_REF. For SSA_NAMEs,
1602 slightly favor the underlying var over the SSA name. Heavily
1603 penalize temporaries. Handle RESULT_DECL.
1604 (readability_comparator): Make non-static. Consider stack depths.
1605 (impl_region_model_context::on_state_leak): Convert from svalue_id
1606 to const svalue *, updating for region_model changes. Use
1607 id_equal.
1608 (impl_region_model_context::on_inherited_svalue): Delete.
1609 (impl_region_model_context::on_cast): Delete.
1610 (impl_region_model_context::on_condition): Drop m_change.
1611 (impl_region_model_context::on_phi): Likewise.
1612 (impl_region_model_context::on_unexpected_tree_code): Handle t
1613 being NULL.
1614 (point_and_state::validate): Update stack checking for
1615 region_model changes.
1616 (eg_traits::dump_args_t::show_enode_details_p): New.
1617 (exploded_node::exploded_node): Initialize m_num_processed_stmts.
1618 (exploded_node::get_processed_stmt): New function.
1619 (exploded_node::get_dot_fillcolor): Add more colors.
1620 (exploded_node::dump_dot): Guard the printing of the point and
1621 state with show_enode_details_p. Print the processed stmts for
1622 this enode after the initial state.
1623 (exploded_node::dump_to_pp): Pass true for new multiline param
1624 of program_state::dump_to_pp.
1625 (exploded_node::on_stmt): Drop "change" param. Log the stmt.
1626 Set input_location. Implement __analyzer_describe. Update
1627 implementation of __analyzer_dump and __analyzer_eval.
1628 Remove purging of sm-state for unknown fncalls from here.
1629 (exploded_node::on_edge): Drop "change" param.
1630 (exploded_node::on_longjmp): Port from region_id/svalue_id to
1631 const region */const svalue *. Call program_state::detect_leaks.
1632 Drop state_change.
1633 (exploded_node::detect_leaks): Update for changes to region_model.
1634 Call program_state::detect_leaks.
1635 (exploded_edge::exploded_edge): Drop ext_state and change params.
1636 (exploded_edge::dump_dot): "args" is no longer used. Drop dumping
1637 of m_change.
1638 (exploded_graph::exploded_graph): Pass engine to
1639 m_diagnostic_manager ctor. Use program_point::origin.
1640 (exploded_graph::add_function_entry): Drop ctxt. Use
1641 program_state::push_frame. Drop state_change.
1642 (exploded_graph::get_or_create_node): Drop "change" param. Add
1643 "enode_for_diag" param. Update dumping calls for API changes.
1644 Pass point to can_merge_with_p. Show enode indices
1645 within -Wanalyzer-too-complex diagnostic for hitting the per-point
1646 limit.
1647 (exploded_graph::add_edge): Drop "change" param. Log which nodes
1648 are being connected. Update for changes to exploded_edge ctor.
1649 (exploded_graph::get_per_program_point_data): New.
1650 (exploded_graph::process_worklist): Pass point to
1651 can_merge_with_p. Drop state_change. Update dumping call for API
1652 change.
1653 (exploded_graph::process_node): Drop state_change. Split the
1654 node in-place if an sm-state-change occurs. Update
1655 m_num_processed_stmts. Update dumping calls for API change.
1656 (exploded_graph::log_stats): Call engine::log_stats.
1657 (exploded_graph::dump_states_for_supernode): Update dumping
1658 call.
1659 (exploded_path::feasible_p): Add "eng" and "eg" params.
1660 Rename "i" to "end_idx". Pass the manager to the region_model
1661 ctor. Update for every processed stmt in the enode, not just the
1662 first. Keep track of which snodes have been visited, and call
1663 loop_replay_fixup when revisiting one.
1664 (enode_label::get_text): Update dump call for new param.
1665 (exploded_graph::dump_exploded_nodes): Likewise.
1666 (exploded_graph::get_node_by_index): New.
1667 (impl_run_checkers): Create engine instance and pass its address
1668 to extrinsic_state ctor.
1669 * exploded-graph.h
1670 (impl_region_model_context::impl_region_model_context): Drop
1671 "change" params.
1672 (impl_region_model_context::void remap_svalue_ids): Delete.
1673 (impl_region_model_context::on_svalue_purge): Delete.
1674 (impl_region_model_context::on_svalue_leak): New.
1675 (impl_region_model_context::on_liveness_change): New.
1676 (impl_region_model_context::on_state_leak): Update signature.
1677 (impl_region_model_context::on_inherited_svalue): Delete.
1678 (impl_region_model_context::on_cast): Delete.
1679 (impl_region_model_context::on_unknown_change): Update signature.
1680 (impl_region_model_context::m_change): Delete.
1681 (eg_traits::dump_args_t::show_enode_details_p): New.
1682 (exploded_node::on_stmt): Drop "change" param.
1683 (exploded_node::on_edge): Likewise.
1684 (exploded_node::get_processed_stmt): New decl.
1685 (exploded_node::m_num_processed_stmts): New field.
1686 (exploded_edge::exploded_edge): Drop ext_state and change params.
1687 (exploded_edge::m_change): Delete.
1688 (exploded_graph::get_engine): New accessor.
1689 (exploded_graph::get_or_create_node): Drop "change" param. Add
1690 "enode_for_diag" param.
1691 (exploded_graph::add_edge): Drop "change" param.
1692 (exploded_graph::get_per_program_point_data): New decl.
1693 (exploded_graph::get_node_by_index): New decl.
1694 (exploded_path::feasible_p): Add "eng" and "eg" params.
1695 * program-point.cc: Include "analyzer/store.h" before including
1696 "analyzer/region-model.h".
1697 (function_point::function_point): Move here from
1698 program-point.h.
1699 (function_point::get_function): Likewise.
1700 (function_point::from_function_entry): Likewise.
1701 (function_point::before_supernode): Likewise.
1702 (function_point::next_stmt): New function.
1703 * program-point.h (function_point::function_point): Move
1704 implementation from here to program-point.cc.
1705 (function_point::get_function): Likewise.
1706 (function_point::from_function_entry): Likewise.
1707 (function_point::before_supernode): Likewise.
1708 (function_point::next_stmt): New decl.
1709 (program_point::operator!=): New.
1710 (program_point::origin): New.
1711 (program_point::next_stmt): New.
1712 (program_point::m_function_point): Make non-const.
1713 * program-state.cc: Move includes of "analyzer/call-string.h" and
1714 "analyzer/program-point.h" to before "analyzer/region-model.h",
1715 and also include "analyzer/store.h" before it.
1716 (extrinsic_state::get_model_manager): New.
1717 (sm_state_map::sm_state_map): Pass in sm and sm_idx to ctor,
1718 rather than pass the around.
1719 (sm_state_map::clone_with_remapping): Delete.
1720 (sm_state_map::print): Remove "sm" param in favor of "m_sm". Add
1721 "simple" and "multiline" params and support multiline vs single
1722 line dumping.
1723 (sm_state_map::dump): Remove "sm" param in favor of "m_sm". Add
1724 "simple" param.
1725 (sm_state_map::hash): Port from svalue_id to const svalue *.
1726 (sm_state_map::operator==): Likewise.
1727 (sm_state_map::get_state): Likewise. Call canonicalize_svalue on
1728 input. Handle inheritance of sm-state. Call get_default_state.
1729 (sm_state_map::get_origin): Port from svalue_id to const svalue *.
1730 (sm_state_map::set_state): Likewise. Pass in ext_state. Reject
1731 attempts to set state on UNKNOWN.
1732 (sm_state_map::impl_set_state): Port from svalue_id to
1733 const svalue *. Pass in ext_state. Call canonicalize_svalue on
1734 input.
1735 (sm_state_map::purge_for_unknown_fncall): Delete.
1736 (sm_state_map::on_svalue_leak): New.
1737 (sm_state_map::remap_svalue_ids): Delete.
1738 (sm_state_map::on_liveness_change): New.
1739 (sm_state_map::on_unknown_change): Reimplement.
1740 (sm_state_map::on_svalue_purge): Delete.
1741 (sm_state_map::on_inherited_svalue): Delete.
1742 (sm_state_map::on_cast): Delete.
1743 (sm_state_map::validate): Delete.
1744 (sm_state_map::canonicalize_svalue): New.
1745 (program_state::program_state): Update to pass manager to
1746 region_model's ctor. Constify num_states and pass state machine
1747 and index to sm_state_map ctor.
1748 (program_state::print): Update for changes to dump API.
1749 (program_state::dump_to_pp): Ignore the summarize param. Add
1750 "multiline" param.
1751 (program_state::dump_to_file): Add "multiline" param.
1752 (program_state::dump): Pass "true" for new "multiline" param.
1753 (program_state::push_frame): New.
1754 (program_state::on_edge): Drop "change" param. Call
1755 program_state::detect_leaks.
1756 (program_state::prune_for_point): Add enode_for_diag param.
1757 Reimplement based on store class. Call detect_leaks
1758 (program_state::remap_svalue_ids): Delete.
1759 (program_state::get_representative_tree): Port from svalue_id to
1760 const svalue *.
1761 (program_state::can_merge_with_p): Add "point" param. Add early
1762 reject for sm-differences. Drop id remapping.
1763 (program_state::validate): Drop region model and sm_state_map
1764 validation.
1765 (state_change::sm_change::dump): Delete.
1766 (state_change::sm_change::remap_svalue_ids): Delete.
1767 (state_change::sm_change::on_svalue_purge): Delete.
1768 (log_set_of_svalues): New.
1769 (state_change::sm_change::validate): Delete.
1770 (state_change::state_change): Delete.
1771 (state_change::add_sm_change): Delete.
1772 (state_change::affects_p): Delete.
1773 (state_change::dump): Delete.
1774 (state_change::remap_svalue_ids): Delete.
1775 (state_change::on_svalue_purge): Delete.
1776 (state_change::validate): Delete.
1777 (selftest::assert_dump_eq): Delete.
1778 (ASSERT_DUMP_EQ): Delete.
1779 (selftest::test_sm_state_map): Update for changes to region_model
1780 and sm_state_map, porting from svalue_id to const svalue *.
1781 (selftest::test_program_state_dumping): Likewise. Drop test of
1782 dumping, renaming to...
1783 (selftest::test_program_state_1): ...this.
1784 (selftest::test_program_state_dumping_2): Likewise, renaming to...
1785 (selftest::test_program_state_2): ...this.
1786 (selftest::test_program_state_merging): Update for changes to
1787 region_model.
1788 (selftest::test_program_state_merging_2): Likewise.
1789 (selftest::analyzer_program_state_cc_tests): Update for renamed
1790 tests.
1791 * program-state.h (extrinsic_state::extrinsic_state): Add logger
1792 and engine params.
1793 (extrinsic_state::get_logger): New accessor.
1794 (extrinsic_state::get_engine): New accessor.
1795 (extrinsic_state::get_model_manager): New accessor.
1796 (extrinsic_state::m_logger): New field.
1797 (extrinsic_state::m_engine): New field.
1798 (struct default_hash_traits<svalue_id>): Delete.
1799 (pod_hash_traits<svalue_id>::hash): Delete.
1800 (pod_hash_traits<svalue_id>::equal): Delete.
1801 (pod_hash_traits<svalue_id>::mark_deleted): Delete.
1802 (pod_hash_traits<svalue_id>::mark_empty): Delete.
1803 (pod_hash_traits<svalue_id>::is_deleted): Delete.
1804 (pod_hash_traits<svalue_id>::is_empty): Delete.
1805 (sm_state_map::entry_t::entry_t): Port from svalue_id to
1806 const svalue *.
1807 (sm_state_map::entry_t::m_origin): Likewise.
1808 (sm_state_map::map_t): Likewise.
1809 (sm_state_map::sm_state_map): Add state_machine and index params.
1810 (sm_state_map::clone_with_remapping): Delete.
1811 (sm_state_map::print): Drop sm param; add simple and multiline
1812 params.
1813 (sm_state_map::dump): Drop sm param; add simple param.
1814 (sm_state_map::get_state): Port from svalue_id to const svalue *.
1815 Add ext_state param.
1816 (sm_state_map::get_origin): Likewise.
1817 (sm_state_map::set_state): Likewise.
1818 (sm_state_map::impl_set_state): Likewise.
1819 (sm_state_map::purge_for_unknown_fncall): Delete.
1820 (sm_state_map::remap_svalue_ids): Delete.
1821 (sm_state_map::on_svalue_purge): Delete.
1822 (sm_state_map::on_svalue_leak): New.
1823 (sm_state_map::on_liveness_change): New.
1824 (sm_state_map::on_inherited_svalue): Delete.
1825 (sm_state_map::on_cast): Delete.
1826 (sm_state_map::validate): Delete.
1827 (sm_state_map::on_unknown_change): Port from svalue_id to
1828 const svalue *. Add is_mutable and ext_state params.
1829 (sm_state_map::canonicalize_svalue): New.
1830 (sm_state_map::m_sm): New field.
1831 (sm_state_map::m_sm_idx): New field.
1832 (program_state::operator=): Delete.
1833 (program_state::dump_to_pp): Drop "summarize" param, adding
1834 "simple" and "multiline".
1835 (program_state::dump_to_file): Likewise.
1836 (program_state::dump): Rename "summarize" to "simple".
1837 (program_state::push_frame): New.
1838 (program_state::get_current_function): New.
1839 (program_state::on_edge): Drop "change" param.
1840 (program_state::prune_for_point): Likewise. Add enode_for_diag
1841 param.
1842 (program_state::remap_svalue_ids): Delete.
1843 (program_state::get_representative_tree): Port from svalue_id to
1844 const svalue *.
1845 (program_state::can_purge_p): Likewise. Pass ext_state to get_state.
1846 (program_state::can_merge_with_p): Add point param.
1847 (program_state::detect_leaks): New.
1848 (state_change_visitor::on_state_change): Port from tree and
1849 svalue_id to a pair of const svalue *.
1850 (class state_change): Delete.
1851 * region.cc: New file.
1852 * region-model-impl-calls.cc: New file.
1853 * region-model-manager.cc: New file.
1854 * region-model-reachability.cc: New file.
1855 * region-model-reachability.h: New file.
1856 * region-model.cc: Include "analyzer/call-string.h",
1857 "analyzer/program-point.h", and "analyzer/store.h" before
1858 "analyzer/region-model.h". Include
1859 "analyzer/region-model-reachability.h".
1860 (dump_tree): Make non-static.
1861 (dump_quoted_tree): Make non-static.
1862 (print_quoted_type): Make non-static.
1863 (path_var::dump): Delete.
1864 (dump_separator): Delete.
1865 (class impl_constraint_manager): Delete.
1866 (svalue_id::print): Delete.
1867 (svalue_id::dump_node_name_to_pp): Delete.
1868 (svalue_id::validate): Delete.
1869 (region_id::print): Delete.
1870 (region_id::dump_node_name_to_pp): Delete.
1871 (region_id::validate): Delete.
1872 (region_id_set::region_id_set): Delete.
1873 (svalue_id_set::svalue_id_set): Delete.
1874 (svalue::operator==): Delete.
1875 (svalue::hash): Delete.
1876 (svalue::print): Delete.
1877 (svalue::dump_dot_to_pp): Delete.
1878 (svalue::remap_region_ids): Delete.
1879 (svalue::walk_for_canonicalization): Delete.
1880 (svalue::get_child_sid): Delete.
1881 (svalue::maybe_get_constant): Delete.
1882 (region_svalue::compare_fields): Delete.
1883 (region_svalue::add_to_hash): Delete.
1884 (region_svalue::print_details): Delete.
1885 (region_svalue::dump_dot_to_pp): Delete.
1886 (region_svalue::remap_region_ids): Delete.
1887 (region_svalue::merge_values): Delete.
1888 (region_svalue::walk_for_canonicalization): Delete.
1889 (region_svalue::eval_condition): Delete.
1890 (constant_svalue::compare_fields): Delete.
1891 (constant_svalue::add_to_hash): Delete.
1892 (constant_svalue::merge_values): Delete.
1893 (constant_svalue::eval_condition): Move to svalue.cc.
1894 (constant_svalue::print_details): Delete.
1895 (constant_svalue::get_child_sid): Delete.
1896 (unknown_svalue::compare_fields): Delete.
1897 (unknown_svalue::add_to_hash): Delete.
1898 (unknown_svalue::print_details): Delete.
1899 (poison_kind_to_str): Move to svalue.cc.
1900 (poisoned_svalue::compare_fields): Delete.
1901 (poisoned_svalue::add_to_hash): Delete.
1902 (poisoned_svalue::print_details): Delete.
1903 (region_kind_to_str): Move to region.cc and reimplement.
1904 (region::operator==): Delete.
1905 (region::get_parent_region): Delete.
1906 (region::set_value): Delete.
1907 (region::become_active_view): Delete.
1908 (region::deactivate_any_active_view): Delete.
1909 (region::deactivate_view): Delete.
1910 (region::get_value): Delete.
1911 (region::get_inherited_child_sid): Delete.
1912 (region_model::copy_region): Delete.
1913 (region_model::copy_struct_region): Delete.
1914 (region_model::copy_union_region): Delete.
1915 (region_model::copy_array_region): Delete.
1916 (region::hash): Delete.
1917 (region::print): Delete.
1918 (region::dump_dot_to_pp): Delete.
1919 (region::dump_to_pp): Delete.
1920 (region::dump_child_label): Delete.
1921 (region::validate): Delete.
1922 (region::remap_svalue_ids): Delete.
1923 (region::remap_region_ids): Delete.
1924 (region::add_view): Delete.
1925 (region::get_view): Delete.
1926 (region::region): Move to region.cc.
1927 (region::add_to_hash): Delete.
1928 (region::print_fields): Delete.
1929 (region::non_null_p): Delete.
1930 (primitive_region::clone): Delete.
1931 (primitive_region::walk_for_canonicalization): Delete.
1932 (map_region::map_region): Delete.
1933 (map_region::compare_fields): Delete.
1934 (map_region::print_fields): Delete.
1935 (map_region::validate): Delete.
1936 (map_region::dump_dot_to_pp): Delete.
1937 (map_region::dump_child_label): Delete.
1938 (map_region::get_or_create): Delete.
1939 (map_region::get): Delete.
1940 (map_region::add_to_hash): Delete.
1941 (map_region::remap_region_ids): Delete.
1942 (map_region::unbind): Delete.
1943 (map_region::get_tree_for_child_region): Delete.
1944 (map_region::get_tree_for_child_region): Delete.
1945 (tree_cmp): Move to region.cc.
1946 (map_region::can_merge_p): Delete.
1947 (map_region::walk_for_canonicalization): Delete.
1948 (map_region::get_value_by_name): Delete.
1949 (struct_or_union_region::valid_key_p): Delete.
1950 (struct_or_union_region::compare_fields): Delete.
1951 (struct_region::clone): Delete.
1952 (struct_region::compare_fields): Delete.
1953 (union_region::clone): Delete.
1954 (union_region::compare_fields): Delete.
1955 (frame_region::compare_fields): Delete.
1956 (frame_region::clone): Delete.
1957 (frame_region::valid_key_p): Delete.
1958 (frame_region::print_fields): Delete.
1959 (frame_region::add_to_hash): Delete.
1960 (globals_region::compare_fields): Delete.
1961 (globals_region::clone): Delete.
1962 (globals_region::valid_key_p): Delete.
1963 (code_region::compare_fields): Delete.
1964 (code_region::clone): Delete.
1965 (code_region::valid_key_p): Delete.
1966 (array_region::array_region): Delete.
1967 (array_region::get_element): Delete.
1968 (array_region::clone): Delete.
1969 (array_region::compare_fields): Delete.
1970 (array_region::print_fields): Delete.
1971 (array_region::validate): Delete.
1972 (array_region::dump_dot_to_pp): Delete.
1973 (array_region::dump_child_label): Delete.
1974 (array_region::get_or_create): Delete.
1975 (array_region::get): Delete.
1976 (array_region::add_to_hash): Delete.
1977 (array_region::remap_region_ids): Delete.
1978 (array_region::get_key_for_child_region): Delete.
1979 (array_region::key_cmp): Delete.
1980 (array_region::walk_for_canonicalization): Delete.
1981 (array_region::key_from_constant): Delete.
1982 (array_region::constant_from_key): Delete.
1983 (function_region::compare_fields): Delete.
1984 (function_region::clone): Delete.
1985 (function_region::valid_key_p): Delete.
1986 (stack_region::stack_region): Delete.
1987 (stack_region::compare_fields): Delete.
1988 (stack_region::clone): Delete.
1989 (stack_region::print_fields): Delete.
1990 (stack_region::dump_child_label): Delete.
1991 (stack_region::validate): Delete.
1992 (stack_region::push_frame): Delete.
1993 (stack_region::get_current_frame_id): Delete.
1994 (stack_region::pop_frame): Delete.
1995 (stack_region::add_to_hash): Delete.
1996 (stack_region::remap_region_ids): Delete.
1997 (stack_region::can_merge_p): Delete.
1998 (stack_region::walk_for_canonicalization): Delete.
1999 (stack_region::get_value_by_name): Delete.
2000 (heap_region::heap_region): Delete.
2001 (heap_region::compare_fields): Delete.
2002 (heap_region::clone): Delete.
2003 (heap_region::walk_for_canonicalization): Delete.
2004 (root_region::root_region): Delete.
2005 (root_region::compare_fields): Delete.
2006 (root_region::clone): Delete.
2007 (root_region::print_fields): Delete.
2008 (root_region::validate): Delete.
2009 (root_region::dump_child_label): Delete.
2010 (root_region::push_frame): Delete.
2011 (root_region::get_current_frame_id): Delete.
2012 (root_region::pop_frame): Delete.
2013 (root_region::ensure_stack_region): Delete.
2014 (root_region::get_stack_region): Delete.
2015 (root_region::ensure_globals_region): Delete.
2016 (root_region::get_code_region): Delete.
2017 (root_region::ensure_code_region): Delete.
2018 (root_region::get_globals_region): Delete.
2019 (root_region::ensure_heap_region): Delete.
2020 (root_region::get_heap_region): Delete.
2021 (root_region::remap_region_ids): Delete.
2022 (root_region::can_merge_p): Delete.
2023 (root_region::add_to_hash): Delete.
2024 (root_region::walk_for_canonicalization): Delete.
2025 (root_region::get_value_by_name): Delete.
2026 (symbolic_region::symbolic_region): Delete.
2027 (symbolic_region::compare_fields): Delete.
2028 (symbolic_region::clone): Delete.
2029 (symbolic_region::walk_for_canonicalization): Delete.
2030 (symbolic_region::print_fields): Delete.
2031 (region_model::region_model): Add region_model_manager * param.
2032 Reimplement in terms of store, dropping impl_constraint_manager
2033 subclass.
2034 (region_model::operator=): Reimplement in terms of store
2035 (region_model::operator==): Likewise.
2036 (region_model::hash): Likewise.
2037 (region_model::print): Delete.
2038 (region_model::print_svalue): Delete.
2039 (region_model::dump_dot_to_pp): Delete.
2040 (region_model::dump_dot_to_file): Delete.
2041 (region_model::dump_dot): Delete.
2042 (region_model::dump_to_pp): Replace "summarize" param with
2043 "simple" and "multiline". Port to store-based implementation.
2044 (region_model::dump): Replace "summarize" param with "simple" and
2045 "multiline".
2046 (dump_vec_of_tree): Delete.
2047 (region_model::dump_summary_of_rep_path_vars): Delete.
2048 (region_model::validate): Delete.
2049 (svalue_id_cmp_by_constant_svalue_model): Delete.
2050 (svalue_id_cmp_by_constant_svalue): Delete.
2051 (region_model::canonicalize): Drop "ctxt" param. Reimplement in
2052 terms of store and constraints.
2053 (region_model::canonicalized_p): Remove NULL arg to canonicalize.
2054 (region_model::loop_replay_fixup): New.
2055 (poisoned_value_diagnostic::emit): Tweak wording of warnings.
2056 (region_model::check_for_poison): Delete.
2057 (region_model::get_gassign_result): New.
2058 (region_model::on_assignment): Port to store-based implementation.
2059 (region_model::on_call_pre): Delete calls to check_for_poison.
2060 Move implementations to region-model-impl-calls.c and port to
2061 store-based implementation.
2062 (region_model::on_call_post): Likewise.
2063 (class reachable_regions): Move to region-model-reachability.h/cc
2064 and port to store-based implementation.
2065 (region_model::handle_unrecognized_call): Port to store-based
2066 implementation.
2067 (region_model::get_reachable_svalues): New.
2068 (region_model::on_setjmp): Port to store-based implementation.
2069 (region_model::on_longjmp): Likewise.
2070 (region_model::handle_phi): Drop is_back_edge param and the logic
2071 using it.
2072 (region_model::get_lvalue_1): Port from region_id to const region *.
2073 (region_model::make_region_for_unexpected_tree_code): Delete.
2074 (assert_compat_types): If the check fails, use internal_error to
2075 show the types.
2076 (region_model::get_lvalue): Port from region_id to const region *.
2077 (region_model::get_rvalue_1): Port from svalue_id to const svalue *.
2078 (region_model::get_rvalue): Likewise.
2079 (region_model::get_or_create_ptr_svalue): Delete.
2080 (region_model::get_or_create_constant_svalue): Delete.
2081 (region_model::get_svalue_for_fndecl): Delete.
2082 (region_model::get_region_for_fndecl): Delete.
2083 (region_model::get_svalue_for_label): Delete.
2084 (region_model::get_region_for_label): Delete.
2085 (build_cast): Delete.
2086 (region_model::maybe_cast_1): Delete.
2087 (region_model::maybe_cast): Delete.
2088 (region_model::get_field_region): Delete.
2089 (region_model::get_store_value): New.
2090 (region_model::region_exists_p): New.
2091 (region_model::deref_rvalue): Port from svalue_id to const svalue *.
2092 (region_model::set_value): Likewise.
2093 (region_model::clobber_region): New.
2094 (region_model::purge_region): New.
2095 (region_model::zero_fill_region): New.
2096 (region_model::mark_region_as_unknown): New.
2097 (region_model::eval_condition): Port from svalue_id to
2098 const svalue *.
2099 (region_model::eval_condition_without_cm): Likewise.
2100 (region_model::compare_initial_and_pointer): New.
2101 (region_model::add_constraint): Port from svalue_id to
2102 const svalue *.
2103 (region_model::maybe_get_constant): Delete.
2104 (region_model::get_representative_path_var): New.
2105 (region_model::add_new_malloc_region): Delete.
2106 (region_model::get_representative_tree): Port to const svalue *.
2107 (region_model::get_representative_path_var): Port to
2108 const region *.
2109 (region_model::get_path_vars_for_svalue): Delete.
2110 (region_model::set_to_new_unknown_value): Delete.
2111 (region_model::update_for_phis): Don't pass is_back_edge to handle_phi.
2112 (region_model::update_for_call_superedge): Port from svalue_id to
2113 const svalue *.
2114 (region_model::update_for_return_superedge): Port to store-based
2115 implementation.
2116 (region_model::update_for_call_summary): Replace
2117 set_to_new_unknown_value with mark_region_as_unknown.
2118 (region_model::get_root_region): Delete.
2119 (region_model::get_stack_region_id): Delete.
2120 (region_model::push_frame): Delete.
2121 (region_model::get_current_frame_id): Delete.
2122 (region_model::get_current_function): Delete.
2123 (region_model::pop_frame): Delete.
2124 (region_model::on_top_level_param): New.
2125 (region_model::get_stack_depth): Delete.
2126 (region_model::get_function_at_depth): Delete.
2127 (region_model::get_globals_region_id): Delete.
2128 (region_model::add_svalue): Delete.
2129 (region_model::replace_svalue): Delete.
2130 (region_model::add_region): Delete.
2131 (region_model::get_svalue): Delete.
2132 (region_model::get_region): Delete.
2133 (make_region_for_type): Delete.
2134 (region_model::add_region_for_type): Delete.
2135 (region_model::on_top_level_param): New.
2136 (class restrict_to_used_svalues): Delete.
2137 (region_model::purge_unused_svalues): Delete.
2138 (region_model::push_frame): New.
2139 (region_model::remap_svalue_ids): Delete.
2140 (region_model::remap_region_ids): Delete.
2141 (region_model::purge_regions): Delete.
2142 (region_model::get_descendents): Delete.
2143 (region_model::delete_region_and_descendents): Delete.
2144 (region_model::poison_any_pointers_to_bad_regions): Delete.
2145 (region_model::can_merge_with_p): Delete.
2146 (region_model::get_current_function): New.
2147 (region_model::get_value_by_name): Delete.
2148 (region_model::convert_byte_offset_to_array_index): Delete.
2149 (region_model::pop_frame): New.
2150 (region_model::get_or_create_mem_ref): Delete.
2151 (region_model::get_stack_depth): New.
2152 (region_model::get_frame_at_index): New.
2153 (region_model::unbind_region_and_descendents): New.
2154 (struct bad_pointer_finder): New.
2155 (region_model::get_or_create_pointer_plus_expr): Delete.
2156 (region_model::poison_any_pointers_to_descendents): New.
2157 (region_model::get_or_create_view): Delete.
2158 (region_model::can_merge_with_p): New.
2159 (region_model::get_fndecl_for_call): Port from svalue_id to
2160 const svalue *.
2161 (struct append_ssa_names_cb_data): New.
2162 (get_ssa_name_regions_for_current_frame): New.
2163 (region_model::append_ssa_names_cb): New.
2164 (model_merger::dump_to_pp): Add "simple" param. Drop dumping of
2165 remappings.
2166 (model_merger::dump): Add "simple" param to both overloads.
2167 (model_merger::can_merge_values_p): Delete.
2168 (model_merger::record_regions): Delete.
2169 (model_merger::record_svalues): Delete.
2170 (svalue_id_merger_mapping::svalue_id_merger_mapping): Delete.
2171 (svalue_id_merger_mapping::dump_to_pp): Delete.
2172 (svalue_id_merger_mapping::dump): Delete.
2173 (region_model::create_region_for_heap_alloc): New.
2174 (region_model::create_region_for_alloca): New.
2175 (region_model::record_dynamic_extents): New.
2176 (canonicalization::canonicalization): Delete.
2177 (canonicalization::walk_rid): Delete.
2178 (canonicalization::walk_sid): Delete.
2179 (canonicalization::dump_to_pp): Delete.
2180 (canonicalization::dump): Delete.
2181 (inchash::add): Delete overloads for svalue_id and region_id.
2182 (engine::log_stats): New.
2183 (assert_condition): Add overload comparing svalues.
2184 (assert_dump_eq): Pass "true" for multiline.
2185 (selftest::test_dump): Update for rewrite of region_model.
2186 (selftest::test_dump_2): Rename to...
2187 (selftest::test_struct): ...this. Provide a region_model_manager
2188 when creating region_model instance. Remove dump test. Add
2189 checks for get_offset.
2190 (selftest::test_dump_3): Rename to...
2191 (selftest::test_array_1): ...this. Provide a region_model_manager
2192 when creating region_model instance. Remove dump test.
2193 (selftest::test_get_representative_tree): Port from svalue_id to
2194 new API. Add test coverage for various expressions.
2195 (selftest::test_unique_constants): Provide a region_model_manager
2196 for the region_model. Add test coverage for comparing const vs
2197 non-const.
2198 (selftest::test_svalue_equality): Delete.
2199 (selftest::test_region_equality): Delete.
2200 (selftest::test_unique_unknowns): New.
2201 (class purge_all_svalue_ids): Delete.
2202 (class purge_one_svalue_id): Delete.
2203 (selftest::test_purging_by_criteria): Delete.
2204 (selftest::test_initial_svalue_folding): New.
2205 (selftest::test_unaryop_svalue_folding): New.
2206 (selftest::test_binop_svalue_folding): New.
2207 (selftest::test_sub_svalue_folding): New.
2208 (selftest::test_purge_unused_svalues): Delete.
2209 (selftest::test_descendent_of_p): New.
2210 (selftest::test_assignment): Provide a region_model_manager for
2211 the region_model. Drop the dump test.
2212 (selftest::test_compound_assignment): Likewise.
2213 (selftest::test_stack_frames): Port to new implementation.
2214 (selftest::test_get_representative_path_var): Likewise.
2215 (selftest::test_canonicalization_1): Rename to...
2216 (selftest::test_equality_1): ...this. Port to new API, and add
2217 (selftest::test_canonicalization_2): Provide a
2218 region_model_manager when creating region_model instances.
2219 Remove redundant canicalization.
2220 (selftest::test_canonicalization_3): Provide a
2221 region_model_manager when creating region_model instances.
2222 Remove param from calls to region_model::canonicalize.
2223 (selftest::test_canonicalization_4): Likewise.
2224 (selftest::assert_region_models_merge): Constify
2225 out_merged_svalue. Port to new API.
2226 (selftest::test_state_merging): Provide a
2227 region_model_manager when creating region_model instances.
2228 Provide a program_point point when merging them. Replace
2229 set_to_new_unknown_value with usage of placeholder_svalues.
2230 Drop get_value_by_name. Port from svalue_id to const svalue *.
2231 Add test of heap allocation.
2232 (selftest::test_constraint_merging): Provide a
2233 region_model_manager when creating region_model instances.
2234 Provide a program_point point when merging them. Eliminate use
2235 of set_to_new_unknown_value.
2236 (selftest::test_widening_constraints): New.
2237 (selftest::test_iteration_1): New.
2238 (selftest::test_malloc_constraints): Port to store-based
2239 implementation.
2240 (selftest::test_var): New test.
2241 (selftest::test_array_2): New test.
2242 (selftest::test_mem_ref): New test.
2243 (selftest::test_POINTER_PLUS_EXPR_then_MEM_REF): New.
2244 (selftest::test_malloc): New.
2245 (selftest::test_alloca): New.
2246 (selftest::analyzer_region_model_cc_tests): Update for renamings.
2247 Call new functions.
2248 * region-model.h (class path_var): Move to analyzer.h.
2249 (class svalue_id): Delete.
2250 (class region_id): Delete.
2251 (class id_map): Delete.
2252 (svalue_id_map): Delete.
2253 (region_id_map): Delete.
2254 (id_map<T>::id_map): Delete.
2255 (id_map<T>::put): Delete.
2256 (id_map<T>::get_dst_for_src): Delete.
2257 (id_map<T>::get_src_for_dst): Delete.
2258 (id_map<T>::dump_to_pp): Delete.
2259 (id_map<T>::dump): Delete.
2260 (id_map<T>::update): Delete.
2261 (one_way_svalue_id_map): Delete.
2262 (one_way_region_id_map): Delete.
2263 (class region_id_set): Delete.
2264 (class svalue_id_set): Delete.
2265 (struct complexity): New.
2266 (class visitor): New.
2267 (enum svalue_kind): Add SK_SETJMP, SK_INITIAL, SK_UNARYOP,
2268 SK_BINOP, SK_SUB,SK_UNMERGEABLE, SK_PLACEHOLDER, SK_WIDENING,
2269 SK_COMPOUND, and SK_CONJURED.
2270 (svalue::operator==): Delete.
2271 (svalue::operator!=): Delete.
2272 (svalue::clone): Delete.
2273 (svalue::hash): Delete.
2274 (svalue::dump_dot_to_pp): Delete.
2275 (svalue::dump_to_pp): New.
2276 (svalue::dump): New.
2277 (svalue::get_desc): New.
2278 (svalue::dyn_cast_initial_svalue): New.
2279 (svalue::dyn_cast_unaryop_svalue): New.
2280 (svalue::dyn_cast_binop_svalue): New.
2281 (svalue::dyn_cast_sub_svalue): New.
2282 (svalue::dyn_cast_unmergeable_svalue): New.
2283 (svalue::dyn_cast_widening_svalue): New.
2284 (svalue::dyn_cast_compound_svalue): New.
2285 (svalue::dyn_cast_conjured_svalue): New.
2286 (svalue::maybe_undo_cast): New.
2287 (svalue::unwrap_any_unmergeable): New.
2288 (svalue::remap_region_ids): Delete
2289 (svalue::can_merge_p): New.
2290 (svalue::walk_for_canonicalization): Delete
2291 (svalue::get_complexity): New.
2292 (svalue::get_child_sid): Delete
2293 (svalue::accept): New.
2294 (svalue::live_p): New.
2295 (svalue::implicitly_live_p): New.
2296 (svalue::svalue): Add complexity param.
2297 (svalue::add_to_hash): Delete
2298 (svalue::print_details): Delete
2299 (svalue::m_complexity): New field.
2300 (region_svalue::key_t): New struct.
2301 (region_svalue::region_svalue): Port from region_id to
2302 const region_id *. Add complexity.
2303 (region_svalue::compare_fields): Delete.
2304 (region_svalue::clone): Delete.
2305 (region_svalue::dump_dot_to_pp): Delete.
2306 (region_svalue::get_pointee): Port from region_id to
2307 const region_id *.
2308 (region_svalue::remap_region_ids): Delete.
2309 (region_svalue::merge_values): Delete.
2310 (region_svalue::dump_to_pp): New.
2311 (region_svalue::accept): New.
2312 (region_svalue::walk_for_canonicalization): Delete.
2313 (region_svalue::eval_condition): Make params const.
2314 (region_svalue::add_to_hash): Delete.
2315 (region_svalue::print_details): Delete.
2316 (region_svalue::m_rid): Replace with...
2317 (region_svalue::m_reg): ...this.
2318 (is_a_helper <region_svalue *>::test): Convert to...
2319 (is_a_helper <const region_svalue *>::test): ...this.
2320 (template <> struct default_hash_traits<region_svalue::key_t>):
2321 New.
2322 (constant_svalue::constant_svalue): Add complexity.
2323 (constant_svalue::compare_fields): Delete.
2324 (constant_svalue::clone): Delete.
2325 (constant_svalue::add_to_hash): Delete.
2326 (constant_svalue::dump_to_pp): New.
2327 (constant_svalue::accept): New.
2328 (constant_svalue::implicitly_live_p): New.
2329 (constant_svalue::merge_values): Delete.
2330 (constant_svalue::eval_condition): Make params const.
2331 (constant_svalue::get_child_sid): Delete.
2332 (constant_svalue::print_details): Delete.
2333 (is_a_helper <constant_svalue *>::test): Convert to...
2334 (is_a_helper <const constant_svalue *>::test): ...this.
2335 (class unknown_svalue): Update leading comment.
2336 (unknown_svalue::unknown_svalue): Add complexity.
2337 (unknown_svalue::compare_fields): Delete.
2338 (unknown_svalue::add_to_hash): Delete.
2339 (unknown_svalue::dyn_cast_unknown_svalue): Delete.
2340 (unknown_svalue::print_details): Delete.
2341 (unknown_svalue::dump_to_pp): New.
2342 (unknown_svalue::accept): New.
2343 (poisoned_svalue::key_t): New struct.
2344 (poisoned_svalue::poisoned_svalue): Add complexity.
2345 (poisoned_svalue::compare_fields): Delete.
2346 (poisoned_svalue::clone): Delete.
2347 (poisoned_svalue::add_to_hash): Delete.
2348 (poisoned_svalue::dump_to_pp): New.
2349 (poisoned_svalue::accept): New.
2350 (poisoned_svalue::print_details): Delete.
2351 (is_a_helper <poisoned_svalue *>::test): Convert to...
2352 (is_a_helper <const poisoned_svalue *>::test): ...this.
2353 (template <> struct default_hash_traits<poisoned_svalue::key_t>):
2354 New.
2355 (setjmp_record::add_to_hash): New.
2356 (setjmp_svalue::key_t): New struct.
2357 (setjmp_svalue::compare_fields): Delete.
2358 (setjmp_svalue::clone): Delete.
2359 (setjmp_svalue::add_to_hash): Delete.
2360 (setjmp_svalue::setjmp_svalue): Add complexity.
2361 (setjmp_svalue::dump_to_pp): New.
2362 (setjmp_svalue::accept): New.
2363 (setjmp_svalue::void print_details): Delete.
2364 (is_a_helper <const setjmp_svalue *>::test): New.
2365 (template <> struct default_hash_traits<setjmp_svalue::key_t>): New.
2366 (class initial_svalue : public svalue): New.
2367 (is_a_helper <const initial_svalue *>::test): New.
2368 (class unaryop_svalue): New.
2369 (is_a_helper <const unaryop_svalue *>::test): New.
2370 (template <> struct default_hash_traits<unaryop_svalue::key_t>): New.
2371 (class binop_svalue): New.
2372 (is_a_helper <const binop_svalue *>::test): New.
2373 (template <> struct default_hash_traits<binop_svalue::key_t>): New.
2374 (class sub_svalue): New.
2375 (is_a_helper <const sub_svalue *>::test): New.
2376 (template <> struct default_hash_traits<sub_svalue::key_t>): New.
2377 (class unmergeable_svalue): New.
2378 (is_a_helper <const unmergeable_svalue *>::test): New.
2379 (class placeholder_svalue): New.
2380 (is_a_helper <placeholder_svalue *>::test): New.
2381 (class widening_svalue): New.
2382 (is_a_helper <widening_svalue *>::test): New.
2383 (template <> struct default_hash_traits<widening_svalue::key_t>): New.
2384 (class compound_svalue): New.
2385 (is_a_helper <compound_svalue *>::test): New.
2386 (template <> struct default_hash_traits<compound_svalue::key_t>): New.
2387 (class conjured_svalue): New.
2388 (is_a_helper <conjured_svalue *>::test): New.
2389 (template <> struct default_hash_traits<conjured_svalue::key_t>): New.
2390 (enum region_kind): Delete RK_PRIMITIVE, RK_STRUCT, RK_UNION, and
2391 RK_ARRAY. Add RK_LABEL, RK_DECL, RK_FIELD, RK_ELEMENT, RK_OFFSET,
2392 RK_CAST, RK_HEAP_ALLOCATED, RK_ALLOCA, RK_STRING, and RK_UNKNOWN.
2393 (region_kind_to_str): Delete.
2394 (region::~region): Move implementation to region.cc.
2395 (region::operator==): Delete.
2396 (region::operator!=): Delete.
2397 (region::clone): Delete.
2398 (region::get_id): New.
2399 (region::cmp_ids): New.
2400 (region::dyn_cast_map_region): Delete.
2401 (region::dyn_cast_array_region): Delete.
2402 (region::region_id get_parent): Delete.
2403 (region::get_parent_region): Convert to a simple accessor.
2404 (region::void set_value): Delete.
2405 (region::svalue_id get_value): Delete.
2406 (region::svalue_id get_value_direct): Delete.
2407 (region::svalue_id get_inherited_child_sid): Delete.
2408 (region::dyn_cast_frame_region): New.
2409 (region::dyn_cast_function_region): New.
2410 (region::dyn_cast_decl_region): New.
2411 (region::dyn_cast_field_region): New.
2412 (region::dyn_cast_element_region): New.
2413 (region::dyn_cast_offset_region): New.
2414 (region::dyn_cast_cast_region): New.
2415 (region::dyn_cast_string_region): New.
2416 (region::accept): New.
2417 (region::get_base_region): New.
2418 (region::base_region_p): New.
2419 (region::descendent_of_p): New.
2420 (region::maybe_get_frame_region): New.
2421 (region::maybe_get_decl): New.
2422 (region::hash): Delete.
2423 (region::rint): Delete.
2424 (region::dump_dot_to_pp): Delete.
2425 (region::get_desc): New.
2426 (region::dump_to_pp): Convert to vfunc, changing signature.
2427 (region::dump_child_label): Delete.
2428 (region::remap_svalue_ids): Delete.
2429 (region::remap_region_ids): Delete.
2430 (region::dump): New.
2431 (region::walk_for_canonicalization): Delete.
2432 (region::non_null_p): Drop region_model param.
2433 (region::add_view): Delete.
2434 (region::get_view): Delete.
2435 (region::get_active_view): Delete.
2436 (region::is_view_p): Delete.
2437 (region::cmp_ptrs): New.
2438 (region::validate): Delete.
2439 (region::get_offset): New.
2440 (region::get_byte_size): New.
2441 (region::get_bit_size): New.
2442 (region::get_subregions_for_binding): New.
2443 (region::region): Add complexity param. Convert parent from
2444 region_id to const region *. Drop svalue_id. Drop copy ctor.
2445 (region::symbolic_for_unknown_ptr_p): New.
2446 (region::add_to_hash): Delete.
2447 (region::print_fields): Delete.
2448 (region::get_complexity): New accessor.
2449 (region::become_active_view): Delete.
2450 (region::deactivate_any_active_view): Delete.
2451 (region::deactivate_view): Delete.
2452 (region::calc_offset): New.
2453 (region::m_parent_rid): Delete.
2454 (region::m_sval_id): Delete.
2455 (region::m_complexity): New.
2456 (region::m_id): New.
2457 (region::m_parent): New.
2458 (region::m_view_rids): Delete.
2459 (region::m_is_view): Delete.
2460 (region::m_active_view_rid): Delete.
2461 (region::m_cached_offset): New.
2462 (is_a_helper <region *>::test): Convert to...
2463 (is_a_helper <const region *>::test): ... this.
2464 (class primitive_region): Delete.
2465 (class space_region): New.
2466 (class map_region): Delete.
2467 (is_a_helper <map_region *>::test): Delete.
2468 (class frame_region): Reimplement.
2469 (template <> struct default_hash_traits<frame_region::key_t>):
2470 New.
2471 (class globals_region): Reimplement.
2472 (is_a_helper <globals_region *>::test): Convert to...
2473 (is_a_helper <const globals_region *>::test): ...this.
2474 (class struct_or_union_region): Delete.
2475 (is_a_helper <struct_or_union_region *>::test): Delete.
2476 (class code_region): Reimplement.
2477 (is_a_helper <const code_region *>::test): New.
2478 (class struct_region): Delete.
2479 (is_a_helper <struct_region *>::test): Delete.
2480 (class function_region): Reimplement.
2481 (is_a_helper <function_region *>::test): Convert to...
2482 (is_a_helper <const function_region *>::test): ...this.
2483 (class union_region): Delete.
2484 (is_a_helper <union_region *>::test): Delete.
2485 (class label_region): New.
2486 (is_a_helper <const label_region *>::test): New.
2487 (class scope_region): Delete.
2488 (class stack_region): Reimplement.
2489 (is_a_helper <stack_region *>::test): Convert to...
2490 (is_a_helper <const stack_region *>::test): ...this.
2491 (class heap_region): Reimplement.
2492 (is_a_helper <heap_region *>::test): Convert to...
2493 (is_a_helper <const heap_region *>::test): ...this.
2494 (class root_region): Reimplement.
2495 (is_a_helper <root_region *>::test): Convert to...
2496 (is_a_helper <const root_region *>::test): ...this.
2497 (class symbolic_region): Reimplement.
2498 (is_a_helper <const symbolic_region *>::test): New.
2499 (template <> struct default_hash_traits<symbolic_region::key_t>):
2500 New.
2501 (class decl_region): New.
2502 (is_a_helper <const decl_region *>::test): New.
2503 (class field_region): New.
2504 (template <> struct default_hash_traits<field_region::key_t>): New.
2505 (class array_region): Delete.
2506 (class element_region): New.
2507 (is_a_helper <array_region *>::test): Delete.
2508 (is_a_helper <const element_region *>::test): New.
2509 (template <> struct default_hash_traits<element_region::key_t>):
2510 New.
2511 (class offset_region): New.
2512 (is_a_helper <const offset_region *>::test): New.
2513 (template <> struct default_hash_traits<offset_region::key_t>):
2514 New.
2515 (class cast_region): New.
2516 (is_a_helper <const cast_region *>::test): New.
2517 (template <> struct default_hash_traits<cast_region::key_t>): New.
2518 (class heap_allocated_region): New.
2519 (class alloca_region): New.
2520 (class string_region): New.
2521 (is_a_helper <const string_region *>::test): New.
2522 (class unknown_region): New.
2523 (class region_model_manager): New.
2524 (struct append_ssa_names_cb_data): New.
2525 (class call_details): New.
2526 (region_model::region_model): Add region_model_manager param.
2527 (region_model::print_svalue): Delete.
2528 (region_model::dump_dot_to_pp): Delete.
2529 (region_model::dump_dot_to_file): Delete.
2530 (region_model::dump_dot): Delete.
2531 (region_model::dump_to_pp): Drop summarize param in favor of
2532 simple and multiline.
2533 (region_model::dump): Likewise.
2534 (region_model::summarize_to_pp): Delete.
2535 (region_model::summarize): Delete.
2536 (region_model::void canonicalize): Drop ctxt param.
2537 (region_model::void check_for_poison): Delete.
2538 (region_model::get_gassign_result): New.
2539 (region_model::impl_call_alloca): New.
2540 (region_model::impl_call_analyzer_describe): New.
2541 (region_model::impl_call_analyzer_eval): New.
2542 (region_model::impl_call_builtin_expect): New.
2543 (region_model::impl_call_calloc): New.
2544 (region_model::impl_call_free): New.
2545 (region_model::impl_call_malloc): New.
2546 (region_model::impl_call_memset): New.
2547 (region_model::impl_call_strlen): New.
2548 (region_model::get_reachable_svalues): New.
2549 (region_model::handle_phi): Drop is_back_edge param.
2550 (region_model::region_id get_root_rid): Delete.
2551 (region_model::root_region *get_root_region): Delete.
2552 (region_model::region_id get_stack_region_id): Delete.
2553 (region_model::push_frame): Convert from region_id and svalue_id
2554 to const region * and const svalue *.
2555 (region_model::get_current_frame_id): Replace with...
2556 (region_model::get_current_frame): ...this.
2557 (region_model::pop_frame): Convert from region_id to
2558 const region *. Drop purge and stats param. Add out_result.
2559 (region_model::function *get_function_at_depth): Delete.
2560 (region_model::get_globals_region_id): Delete.
2561 (region_model::add_svalue): Delete.
2562 (region_model::replace_svalue): Delete.
2563 (region_model::add_region): Delete.
2564 (region_model::add_region_for_type): Delete.
2565 (region_model::get_svalue): Delete.
2566 (region_model::get_region): Delete.
2567 (region_model::get_lvalue): Convert from region_id to
2568 const region *.
2569 (region_model::get_rvalue): Convert from svalue_id to
2570 const svalue *.
2571 (region_model::get_or_create_ptr_svalue): Delete.
2572 (region_model::get_or_create_constant_svalue): Delete.
2573 (region_model::get_svalue_for_fndecl): Delete.
2574 (region_model::get_svalue_for_label): Delete.
2575 (region_model::get_region_for_fndecl): Delete.
2576 (region_model::get_region_for_label): Delete.
2577 (region_model::get_frame_at_index (int index) const;): New.
2578 (region_model::maybe_cast): Delete.
2579 (region_model::maybe_cast_1): Delete.
2580 (region_model::get_field_region): Delete.
2581 (region_model::id deref_rvalue): Convert from region_id and
2582 svalue_id to const region * and const svalue *. Drop overload,
2583 passing in both a tree and an svalue.
2584 (region_model::set_value): Convert from region_id and svalue_id to
2585 const region * and const svalue *.
2586 (region_model::set_to_new_unknown_value): Delete.
2587 (region_model::clobber_region (const region *reg);): New.
2588 (region_model::purge_region (const region *reg);): New.
2589 (region_model::zero_fill_region (const region *reg);): New.
2590 (region_model::mark_region_as_unknown (const region *reg);): New.
2591 (region_model::copy_region): Convert from region_id to
2592 const region *.
2593 (region_model::eval_condition): Convert from svalue_id to
2594 const svalue *.
2595 (region_model::eval_condition_without_cm): Likewise.
2596 (region_model::compare_initial_and_pointer): New.
2597 (region_model:maybe_get_constant): Delete.
2598 (region_model::add_new_malloc_region): Delete.
2599 (region_model::get_representative_tree): Convert from svalue_id to
2600 const svalue *.
2601 (region_model::get_representative_path_var): Delete decl taking a
2602 region_id in favor of two decls, for svalue vs region, with an
2603 svalue_set to ensure termination.
2604 (region_model::get_path_vars_for_svalue): Delete.
2605 (region_model::create_region_for_heap_alloc): New.
2606 (region_model::create_region_for_alloca): New.
2607 (region_model::purge_unused_svalues): Delete.
2608 (region_model::remap_svalue_ids): Delete.
2609 (region_model::remap_region_ids): Delete.
2610 (region_model::purge_regions): Delete.
2611 (region_model::get_num_svalues): Delete.
2612 (region_model::get_num_regions): Delete.
2613 (region_model::get_descendents): Delete.
2614 (region_model::get_store): New.
2615 (region_model::delete_region_and_descendents): Delete.
2616 (region_model::get_manager): New.
2617 (region_model::unbind_region_and_descendents): New.
2618 (region_model::can_merge_with_p): Add point param. Drop
2619 svalue_id_merger_mapping.
2620 (region_model::get_value_by_name): Delete.
2621 (region_model::convert_byte_offset_to_array_index): Delete.
2622 (region_model::get_or_create_mem_ref): Delete.
2623 (region_model::get_or_create_pointer_plus_expr): Delete.
2624 (region_model::get_or_create_view): Delete.
2625 (region_model::get_lvalue_1): Convert from region_id to
2626 const region *.
2627 (region_model::get_rvalue_1): Convert from svalue_id to
2628 const svalue *.
2629 (region_model::get_ssa_name_regions_for_current_frame): New.
2630 (region_model::append_ssa_names_cb): New.
2631 (region_model::get_store_value): New.
2632 (region_model::copy_struct_region): Delete.
2633 (region_model::copy_union_region): Delete.
2634 (region_model::copy_array_region): Delete.
2635 (region_model::region_exists_p): New.
2636 (region_model::make_region_for_unexpected_tree_code): Delete.
2637 (region_model::loop_replay_fixup): New.
2638 (region_model::poison_any_pointers_to_bad_regions): Delete.
2639 (region_model::poison_any_pointers_to_descendents): New.
2640 (region_model::dump_summary_of_rep_path_vars): Delete.
2641 (region_model::on_top_level_param): New.
2642 (region_model::record_dynamic_extents): New.
2643 (region_model::m_mgr;): New.
2644 (region_model::m_store;): New.
2645 (region_model::m_svalues;): Delete.
2646 (region_model::m_regions;): Delete.
2647 (region_model::m_root_rid;): Delete.
2648 (region_model::m_current_frame;): New.
2649 (region_model_context::remap_svalue_ids): Delete.
2650 (region_model_context::can_purge_p): Delete.
2651 (region_model_context::on_svalue_leak): New.
2652 (region_model_context::on_svalue_purge): Delete.
2653 (region_model_context::on_liveness_change): New.
2654 (region_model_context::on_inherited_svalue): Delete.
2655 (region_model_context::on_cast): Delete.
2656 (region_model_context::on_unknown_change): Convert from svalue_id to
2657 const svalue * and add is_mutable.
2658 (class noop_region_model_context): Update for region_model_context
2659 changes.
2660 (model_merger::model_merger): Add program_point. Drop
2661 svalue_id_merger_mapping.
2662 (model_merger::dump_to_pp): Add "simple" param.
2663 (model_merger::dump): Likewise.
2664 (model_merger::get_region_a): Delete.
2665 (model_merger::get_region_b): Delete.
2666 (model_merger::can_merge_values_p): Delete.
2667 (model_merger::record_regions): Delete.
2668 (model_merger::record_svalues): Delete.
2669 (model_merger::m_point): New field.
2670 (model_merger::m_map_regions_from_a_to_m): Delete.
2671 (model_merger::m_map_regions_from_b_to_m): Delete.
2672 (model_merger::m_sid_mapping): Delete.
2673 (struct svalue_id_merger_mapping): Delete.
2674 (class engine): New.
2675 (struct canonicalization): Delete.
2676 (inchash::add): Delete decls for hashing svalue_id and region_id.
2677 (test_region_model_context::on_unexpected_tree_code): Require t to
2678 be non-NULL.
2679 (selftest::assert_condition): Add overload comparing a pair of
2680 const svalue *.
2681 * sm-file.cc: Include "tristate.h", "selftest.h",
2682 "analyzer/call-string.h", "analyzer/program-point.h",
2683 "analyzer/store.h", and "analyzer/region-model.h".
2684 (fileptr_state_machine::get_default_state): New.
2685 (fileptr_state_machine::on_stmt): Remove calls to
2686 get_readable_tree in favor of get_diagnostic_tree.
2687 * sm-malloc.cc: Include "tristate.h", "selftest.h",
2688 "analyzer/call-string.h", "analyzer/program-point.h",
2689 "analyzer/store.h", and "analyzer/region-model.h".
2690 (malloc_state_machine::get_default_state): New.
2691 (malloc_state_machine::reset_when_passed_to_unknown_fn_p): New.
2692 (malloc_diagnostic::describe_state_change): Handle change.m_expr
2693 being NULL.
2694 (null_arg::emit): Avoid printing "NULL '0'".
2695 (null_arg::describe_final_event): Avoid printing "(0) NULL".
2696 (malloc_leak::emit): Handle m_arg being NULL.
2697 (malloc_leak::describe_final_event): Handle ev.m_expr being NULL.
2698 (malloc_state_machine::on_stmt): Don't call get_readable_tree.
2699 Call get_diagnostic_tree when creating pending diagnostics.
2700 Update for is_zero_assignment becoming a member function of
2701 sm_ctxt.
2702 Don't transition to m_non_heap for ADDR_EXPR(MEM_REF()).
2703 (malloc_state_machine::reset_when_passed_to_unknown_fn_p): New
2704 vfunc implementation.
2705 * sm-sensitive.cc (sensitive_state_machine::warn_for_any_exposure): Call
2706 get_diagnostic_tree and pass the result to warn_for_state.
2707 * sm-signal.cc: Move includes of "analyzer/call-string.h" and
2708 "analyzer/program-point.h" to before "analyzer/region-model.h",
2709 and also include "analyzer/store.h" before it.
2710 (signal_unsafe_call::describe_state_change): Use
2711 get_dest_function to get handler.
2712 (update_model_for_signal_handler): Pass manager to region_model
2713 ctor.
2714 (register_signal_handler::impl_transition): Update for changes to
2715 get_or_create_node and add_edge.
2716 * sm-taint.cc (taint_state_machine::on_stmt): Remove calls to
2717 get_readable_tree, replacing them when calling warn_for_state with
2718 calls to get_diagnostic_tree.
2719 * sm.cc (is_zero_assignment): Delete.
2720 (any_pointer_p): Move to within namespace ana.
2721 * sm.h (is_zero_assignment): Remove decl.
2722 (any_pointer_p): Move decl to within namespace ana.
2723 (state_machine::get_default_state): New vfunc.
2724 (state_machine::reset_when_passed_to_unknown_fn_p): New vfunc.
2725 (sm_context::get_readable_tree): Rename to...
2726 (sm_context::get_diagnostic_tree): ...this.
2727 (sm_context::is_zero_assignment): New vfunc.
2728 * store.cc: New file.
2729 * store.h: New file.
2730 * svalue.cc: New file.
2731
2732 2020-05-22 Mark Wielaard <mark@klomp.org>
2733
2734 * sm-signal.cc(signal_unsafe_call::emit): Possibly add
2735 gcc_rich_location note for replacement.
2736 (signal_unsafe_call::get_replacement_fn): New private function.
2737 (get_async_signal_unsafe_fns): Add "exit".
2738
2739 2020-04-28 David Malcolm <dmalcolm@redhat.com>
2740
2741 PR analyzer/94816
2742 * engine.cc (impl_region_model_context::on_unexpected_tree_code):
2743 Handle NULL tree.
2744 * region-model.cc (region_model::add_region_for_type): Handle
2745 NULL type.
2746 * region-model.h
2747 (test_region_model_context::on_unexpected_tree_code): Handle NULL
2748 tree.
2749
2750 2020-04-28 David Malcolm <dmalcolm@redhat.com>
2751
2752 PR analyzer/94447
2753 PR analyzer/94639
2754 PR analyzer/94732
2755 PR analyzer/94754
2756 * analyzer.opt (Wanalyzer-use-of-uninitialized-value): Delete.
2757 * program-state.cc (selftest::test_program_state_dumping): Update
2758 expected dump result for removal of "uninit".
2759 * region-model.cc (poison_kind_to_str): Delete POISON_KIND_UNINIT
2760 case.
2761 (root_region::ensure_stack_region): Initialize stack with null
2762 svalue_id rather than with a typeless POISON_KIND_UNINIT value.
2763 (root_region::ensure_heap_region): Likewise for the heap.
2764 (region_model::dump_summary_of_rep_path_vars): Remove
2765 summarization of uninit values.
2766 (region_model::validate): Remove check that the stack has a
2767 POISON_KIND_UNINIT value.
2768 (poisoned_value_diagnostic::emit): Remove POISON_KIND_UNINIT
2769 case.
2770 (poisoned_value_diagnostic::describe_final_event): Likewise.
2771 (selftest::test_dump): Update expected dump result for removal of
2772 "uninit".
2773 (selftest::test_svalue_equality): Remove "uninit" and "freed".
2774 * region-model.h (enum poison_kind): Remove POISON_KIND_UNINIT.
2775
2776 2020-04-01 David Malcolm <dmalcolm@redhat.com>
2777
2778 PR analyzer/94378
2779 * checker-path.cc: Include "bitmap.h".
2780 * constraint-manager.cc: Likewise.
2781 * diagnostic-manager.cc: Likewise.
2782 * engine.cc: Likewise.
2783 (exploded_node::detect_leaks): Pass null region_id to pop_frame.
2784 * program-point.cc: Include "bitmap.h".
2785 * program-state.cc: Likewise.
2786 * region-model.cc (id_set<region_id>::id_set): Convert to...
2787 (region_id_set::region_id_set): ...this.
2788 (svalue_id_set::svalue_id_set): New ctor.
2789 (region_model::copy_region): New function.
2790 (region_model::copy_struct_region): New function.
2791 (region_model::copy_union_region): New function.
2792 (region_model::copy_array_region): New function.
2793 (stack_region::pop_frame): Drop return value. Add
2794 "result_dst_rid" param; if it is non-null, use copy_region to copy
2795 the result to it. Rather than capture and pass a single "known
2796 used" return value to be used by purge_unused_values, instead
2797 gather and pass a set of known used return values.
2798 (root_region::pop_frame): Drop return value. Add "result_dst_rid"
2799 param.
2800 (region_model::on_assignment): Use copy_region.
2801 (region_model::on_return): Likewise for the result.
2802 (region_model::on_longjmp): Pass null for pop_frame's
2803 result_dst_rid.
2804 (region_model::update_for_return_superedge): Pass the region for the
2805 return value of the call, if any, to pop_frame, rather than setting
2806 the lvalue for the lhs of the result.
2807 (region_model::pop_frame): Drop return value. Add
2808 "result_dst_rid" param.
2809 (region_model::purge_unused_svalues): Convert third param from an
2810 svalue_id * to an svalue_id_set *, updating the initial populating
2811 of the "used" bitmap accordingly. Don't remap it when done.
2812 (struct selftest::coord_test): New selftest fixture, extracted from...
2813 (selftest::test_dump_2): ...here.
2814 (selftest::test_compound_assignment): New selftest.
2815 (selftest::test_stack_frames): Pass null to new param of pop_frame.
2816 (selftest::analyzer_region_model_cc_tests): Call the new selftest.
2817 * region-model.h (class id_set): Delete template.
2818 (class region_id_set): Reimplement, using old id_set implementation.
2819 (class svalue_id_set): Likewise. Convert from auto_sbitmap to
2820 auto_bitmap.
2821 (region::get_active_view): New accessor.
2822 (stack_region::pop_frame): Drop return value. Add
2823 "result_dst_rid" param.
2824 (root_region::pop_frame): Likewise.
2825 (region_model::pop_frame): Likewise.
2826 (region_model::copy_region): New decl.
2827 (region_model::purge_unused_svalues): Convert third param from an
2828 svalue_id * to an svalue_id_set *.
2829 (region_model::copy_struct_region): New decl.
2830 (region_model::copy_union_region): New decl.
2831 (region_model::copy_array_region): New decl.
2832
2833 2020-03-27 David Malcolm <dmalcolm@redhat.com>
2834
2835 * program-state.cc (selftest::test_program_state_dumping): Update
2836 expected dump to include symbolic_region's possibly_null field.
2837 * region-model.cc (symbolic_region::print_fields): New vfunc
2838 implementation.
2839 (region_model::add_constraint): Clear m_possibly_null from
2840 symbolic_regions now known to be non-NULL.
2841 (selftest::test_malloc_constraints): New selftest.
2842 (selftest::analyzer_region_model_cc_tests): Call it.
2843 * region-model.h (region::dyn_cast_symbolic_region): Add non-const
2844 overload.
2845 (symbolic_region::dyn_cast_symbolic_region): Implement it.
2846 (symbolic_region::print_fields): New vfunc override decl.
2847
2848 2020-03-27 David Malcolm <dmalcolm@redhat.com>
2849
2850 * analyzer.h (class feasibility_problem): New forward decl.
2851 * diagnostic-manager.cc (saved_diagnostic::saved_diagnostic):
2852 Initialize new fields m_status, m_epath_length, and m_problem.
2853 (saved_diagnostic::~saved_diagnostic): Delete m_problem.
2854 (dedupe_candidate::dedupe_candidate): Convert "sd" param from a
2855 const ref to a mutable ptr.
2856 (dedupe_winners::add): Convert "sd" param from a const ref to a
2857 mutable ptr. Record the length of the exploded_path. Record the
2858 feasibility/infeasibility of sd into sd, capturing a
2859 feasibility_problem when feasible_p fails, and storing it in sd.
2860 (diagnostic_manager::emit_saved_diagnostics): Update for pass by
2861 ptr rather than by const ref.
2862 * diagnostic-manager.h (class saved_diagnostic): Add new enum
2863 status. Add fields m_status, m_epath_length and m_problem.
2864 (saved_diagnostic::set_feasible): New member function.
2865 (saved_diagnostic::set_infeasible): New member function.
2866 (saved_diagnostic::get_feasibility_problem): New accessor.
2867 (saved_diagnostic::get_status): New accessor.
2868 (saved_diagnostic::set_epath_length): New member function.
2869 (saved_diagnostic::get_epath_length): New accessor.
2870 * engine.cc: Include "gimple-pretty-print.h".
2871 (exploded_path::feasible_p): Add OUT param and, if non-NULL, write
2872 a new feasibility_problem to it on failure.
2873 (viz_callgraph_node::dump_dot): Convert begin_tr calls to
2874 begin_trtd. Convert end_tr calls to end_tdtr.
2875 (class exploded_graph_annotator): New subclass of dot_annotator.
2876 (impl_run_checkers): Add a second -fdump-analyzer-supergraph dump
2877 after the analysis runs, using exploded_graph_annotator. dumping
2878 to DUMP_BASE_NAME.supergraph-eg.dot.
2879 * exploded-graph.h (exploded_node::get_dot_fillcolor): Make
2880 public.
2881 (exploded_path::feasible_p): Add OUT param.
2882 (class feasibility_problem): New class.
2883 * state-purge.cc (state_purge_annotator::add_node_annotations):
2884 Return a bool, add a "within_table" param.
2885 (print_vec_of_names): Convert begin_tr calls to begin_trtd.
2886 Convert end_tr calls to end_tdtr.
2887 (state_purge_annotator::add_stmt_annotations): Add "within_row"
2888 param.
2889 * state-purge.h ((state_purge_annotator::add_node_annotations):
2890 Return a bool, add a "within_table" param.
2891 (state_purge_annotator::add_stmt_annotations): Add "within_row"
2892 param.
2893 * supergraph.cc (supernode::dump_dot): Call add_node_annotations
2894 twice: as before, passing false for "within_table", then again
2895 with true when within the TABLE element. Convert some begin_tr
2896 calls to begin_trtd, and some end_tr calls to end_tdtr.
2897 Repeat each add_stmt_annotations call, distinguishing between
2898 calls that add TRs and those that add TDs to an existing TR.
2899 Add a call to add_after_node_annotations.
2900 * supergraph.h (dot_annotator::add_node_annotations): Add a
2901 "within_table" param.
2902 (dot_annotator::add_stmt_annotations): Add a "within_row" param.
2903 (dot_annotator::add_after_node_annotations): New vfunc.
2904
2905 2020-03-27 David Malcolm <dmalcolm@redhat.com>
2906
2907 * diagnostic-manager.cc (dedupe_winners::add): Show the
2908 exploded_node index in the log messages.
2909 (diagnostic_manager::emit_saved_diagnostics): Log a summary of
2910 m_saved_diagnostics at entry.
2911
2912 2020-03-27 David Malcolm <dmalcolm@redhat.com>
2913
2914 * supergraph.cc (superedge::dump): Add space before description;
2915 move newline to non-pretty_printer overload.
2916
2917 2020-03-18 David Malcolm <dmalcolm@redhat.com>
2918
2919 * region-model.cc: Include "stor-layout.h".
2920 (region_model::dump_to_pp): Rather than calling
2921 dump_summary_of_map on each of the current frame and the globals,
2922 instead get a vec of representative path_vars for all regions,
2923 and then dump a summary of all of them.
2924 (region_model::dump_summary_of_map): Delete, rewriting into...
2925 (region_model::dump_summary_of_rep_path_vars): ...this new
2926 function, working on a vec of path_vars.
2927 (region_model::set_value): New overload.
2928 (region_model::get_representative_path_var): Rename
2929 "parent_region" local to "parent_reg" and consolidate with other
2930 local. Guard test for grandparent being stack on parent_reg being
2931 non-NULL. Move handling for parent being an array_region to
2932 within guard for parent_reg being non-NULL.
2933 (selftest::make_test_compound_type): New function.
2934 (selftest::test_dump_2): New selftest.
2935 (selftest::test_dump_3): New selftest.
2936 (selftest::test_stack_frames): Update expected output from
2937 simplified dump to show "a" and "b" from parent frame and "y" in
2938 child frame.
2939 (selftest::analyzer_region_model_cc_tests): Call test_dump_2 and
2940 test_dump_3.
2941 * region-model.h (region_model::set_value): New overload decl.
2942 (region_model::dump_summary_of_map): Delete.
2943 (region_model::dump_summary_of_rep_path_vars): New.
2944
2945 2020-03-18 David Malcolm <dmalcolm@redhat.com>
2946
2947 * region-model.h (class noop_region_model_context): New subclass
2948 of region_model_context.
2949 (class tentative_region_model_context): Inherit from
2950 noop_region_model_context rather than from region_model_context;
2951 drop redundant vfunc implementations.
2952 (class test_region_model_context): Likewise.
2953
2954 2020-03-18 David Malcolm <dmalcolm@redhat.com>
2955
2956 * engine.cc (exploded_node::exploded_node): Move implementation
2957 here from header; accept point_and_state by const reference rather
2958 than by value.
2959 * exploded-graph.h (exploded_node::exploded_node): Pass
2960 point_and_state by const reference rather than by value. Move
2961 body to engine.cc.
2962
2963 2020-03-18 Jakub Jelinek <jakub@redhat.com>
2964
2965 * sm-malloc.cc (malloc_state_machine::on_stmt): Fix up duplicated word
2966 issue in a comment.
2967 * region-model.cc (region_model::make_region_for_unexpected_tree_code,
2968 region_model::delete_region_and_descendents): Likewise.
2969 * engine.cc (class exploded_cluster): Likewise.
2970 * diagnostic-manager.cc (class path_builder): Likewise.
2971
2972 2020-03-13 David Malcolm <dmalcolm@redhat.com>
2973
2974 PR analyzer/94099
2975 PR analyzer/94105
2976 * diagnostic-manager.cc (for_each_state_change): Bulletproof
2977 against errors in get_rvalue by passing a
2978 tentative_region_model_context and rejecting if there's an error.
2979 * region-model.cc (region_model::get_lvalue_1): When handling
2980 ARRAY_REF, handle results of error-handling. Handle NOP_EXPR.
2981
2982 2020-03-06 David Malcolm <dmalcolm@redhat.com>
2983
2984 * analyzer.h (class array_region): New forward decl.
2985 * program-state.cc (selftest::test_program_state_dumping_2): New.
2986 (selftest::analyzer_program_state_cc_tests): Call it.
2987 * region-model.cc (array_region::constant_from_key): New.
2988 (region_model::get_representative_tree): Handle region_svalue by
2989 generating an ADDR_EXPR.
2990 (region_model::get_representative_path_var): In view handling,
2991 remove erroneous TREE_TYPE when determining the type of the tree.
2992 Handle array regions and STRING_CST.
2993 (selftest::assert_dump_tree_eq): New.
2994 (ASSERT_DUMP_TREE_EQ): New macro.
2995 (selftest::test_get_representative_tree): New selftest.
2996 (selftest::analyzer_region_model_cc_tests): Call it.
2997 * region-model.h (region::dyn_cast_array_region): New vfunc.
2998 (array_region::dyn_cast_array_region): New vfunc implementation.
2999 (array_region::constant_from_key): New decl.
3000
3001 2020-03-06 David Malcolm <dmalcolm@redhat.com>
3002
3003 * analyzer.h (dump_quoted_tree): New decl.
3004 * engine.cc (exploded_node::dump_dot): Pass region model to
3005 sm_state_map::print.
3006 * program-state.cc: Include diagnostic-core.h.
3007 (sm_state_map::print): Add "model" param and use it to print
3008 representative trees. Only print origin information if non-null.
3009 (sm_state_map::dump): Pass NULL for model to print call.
3010 (program_state::print): Pass region model to sm_state_map::print.
3011 (program_state::dump_to_pp): Use spaces rather than newlines when
3012 summarizing. Pass region_model to sm_state_map::print.
3013 (ana::selftest::assert_dump_eq): New function.
3014 (ASSERT_DUMP_EQ): New macro.
3015 (ana::selftest::test_program_state_dumping): New function.
3016 (ana::selftest::analyzer_program_state_cc_tests): Call it.
3017 * program-state.h (program_state::print): Add model param.
3018 * region-model.cc (dump_quoted_tree): New function.
3019 (map_region::print_fields): Use dump_quoted_tree rather than
3020 %qE to avoid lang-dependent output.
3021 (map_region::dump_child_label): Likewise.
3022 (region_model::dump_summary_of_map): For SK_REGION, when
3023 get_representative_path_var fails, print the region id rather than
3024 erroneously printing NULL.
3025 * sm.cc (state_machine::get_state_by_name): New function.
3026 * sm.h (state_machine::get_state_by_name): New decl.
3027
3028 2020-03-04 David Malcolm <dmalcolm@redhat.com>
3029
3030 * region-model.cc (region::validate): Convert model param from ptr
3031 to reference. Update comment to reflect that it's now a vfunc.
3032 (map_region::validate): New vfunc implementation.
3033 (array_region::validate): New vfunc implementation.
3034 (stack_region::validate): New vfunc implementation.
3035 (root_region::validate): New vfunc implementation.
3036 (region_model::validate): Pass a reference rather than a pointer
3037 to the region::validate vfunc.
3038 * region-model.h (region::validate): Make virtual. Convert model
3039 param from ptr to reference.
3040 (map_region::validate): New vfunc decl.
3041 (array_region::validate): New vfunc decl.
3042 (stack_region::validate): New vfunc decl.
3043 (root_region::validate): New vfunc decl.
3044
3045 2020-03-04 David Malcolm <dmalcolm@redhat.com>
3046
3047 PR analyzer/93993
3048 * region-model.cc (region_model::on_call_pre): Handle
3049 BUILT_IN_EXPECT and its variants.
3050 (region_model::add_any_constraints_from_ssa_def_stmt): Split out
3051 gassign handling into add_any_constraints_from_gassign; add gcall
3052 handling.
3053 (region_model::add_any_constraints_from_gassign): New function,
3054 based on the above. Add handling for NOP_EXPR.
3055 (region_model::add_any_constraints_from_gcall): New function.
3056 (region_model::get_representative_path_var): Handle views.
3057 * region-model.h
3058 (region_model::add_any_constraints_from_ssa_def_stmt): New decl.
3059 (region_model::add_any_constraints_from_gassign): New decl.
3060
3061 2020-03-04 David Malcolm <dmalcolm@redhat.com>
3062
3063 PR analyzer/93993
3064 * checker-path.h (state_change_event::get_lvalue): Add ctxt param
3065 and pass it to region_model::get_value call.
3066 * diagnostic-manager.cc (get_any_origin): Pass a
3067 tentative_region_model_context to the calls to get_lvalue and reject
3068 the comparison if errors occur.
3069 (can_be_expr_of_interest_p): New function.
3070 (diagnostic_manager::prune_for_sm_diagnostic): Replace checks for
3071 CONSTANT_CLASS_P with calls to update_for_unsuitable_sm_exprs.
3072 Pass a tentative_region_model_context to the calls to
3073 state_change_event::get_lvalue and reject the comparison if errors
3074 occur.
3075 (diagnostic_manager::update_for_unsuitable_sm_exprs): New.
3076 * diagnostic-manager.h
3077 (diagnostic_manager::update_for_unsuitable_sm_exprs): New decl.
3078 * region-model.h (class tentative_region_model_context): New class.
3079
3080 2020-03-04 David Malcolm <dmalcolm@redhat.com>
3081
3082 * engine.cc (worklist::worklist): Remove unused field m_eg.
3083 (class viz_callgraph_edge): Remove unused field m_call_sedge.
3084 (class viz_callgraph): Remove unused field m_sg.
3085 * exploded-graph.h (worklist::::m_eg): Remove unused field.
3086
3087 2020-03-02 David Malcolm <dmalcolm@redhat.com>
3088
3089 * analyzer.opt (fanalyzer-show-duplicate-count): New option.
3090 * diagnostic-manager.cc
3091 (diagnostic_manager::emit_saved_diagnostic): Use the above to
3092 guard the printing of the duplicate count.
3093
3094 2020-03-02 David Malcolm <dmalcolm@redhat.com>
3095
3096 PR analyzer/93959
3097 * analyzer.cc (is_std_function_p): New function.
3098 (is_std_named_call_p): New functions.
3099 * analyzer.h (is_std_named_call_p): New decl.
3100 * sm-malloc.cc (malloc_state_machine::on_stmt): Check for "std::"
3101 variants when checking for malloc, calloc and free.
3102
3103 2020-02-26 David Malcolm <dmalcolm@redhat.com>
3104
3105 PR analyzer/93950
3106 * diagnostic-manager.cc
3107 (diagnostic_manager::prune_for_sm_diagnostic): Assert that var is
3108 either NULL or not a constant. When updating var, bulletproof
3109 against constant values.
3110
3111 2020-02-26 David Malcolm <dmalcolm@redhat.com>
3112
3113 PR analyzer/93947
3114 * region-model.cc (region_model::get_fndecl_for_call): Gracefully
3115 fail for fn_decls that don't have a cgraph_node.
3116
3117 2020-02-26 David Malcolm <dmalcolm@redhat.com>
3118
3119 * bar-chart.cc: New file.
3120 * bar-chart.h: New file.
3121 * engine.cc: Include "analyzer/bar-chart.h".
3122 (stats::log): Only log the m_num_nodes kinds that are non-zero.
3123 (stats::dump): Likewise when dumping.
3124 (stats::get_total_enodes): New.
3125 (exploded_graph::get_or_create_node): Increment the per-point-data
3126 m_excess_enodes when hitting the per-program-point limit on
3127 enodes.
3128 (exploded_graph::print_bar_charts): New.
3129 (exploded_graph::log_stats): Log the number of unprocessed enodes
3130 in the worklist. Call print_bar_charts.
3131 (exploded_graph::dump_stats): Print the number of unprocessed
3132 enodes in the worklist.
3133 * exploded-graph.h (stats::get_total_enodes): New decl.
3134 (struct per_program_point_data): Add field m_excess_enodes.
3135 (exploded_graph::print_bar_charts): New decl.
3136 * supergraph.cc (superedge::dump): New.
3137 (superedge::dump): New.
3138 * supergraph.h (supernode::get_function): New.
3139 (superedge::dump): New decl.
3140 (superedge::dump): New decl.
3141
3142 2020-02-24 David Malcolm <dmalcolm@redhat.com>
3143
3144 * engine.cc (exploded_graph::get_or_create_node): Dump the
3145 program_state to the pp, rather than to stderr.
3146
3147 2020-02-24 David Malcolm <dmalcolm@redhat.com>
3148
3149 PR analyzer/93032
3150 * sm.cc (make_checkers): Require the "taint" checker to be
3151 explicitly enabled.
3152
3153 2020-02-24 David Malcolm <dmalcolm@redhat.com>
3154
3155 PR analyzer/93899
3156 * engine.cc
3157 (impl_region_model_context::impl_region_model_context): Add logger
3158 param.
3159 * engine.cc (exploded_graph::add_function_entry): Create an
3160 impl_region_model_context and pass it to the push_frame call.
3161 Bail if the resulting state is invalid.
3162 (exploded_graph::build_initial_worklist): Likewise.
3163 (exploded_graph::build_initial_worklist): Handle the case where
3164 add_function_entry fails.
3165 * exploded-graph.h
3166 (impl_region_model_context::impl_region_model_context): Add logger
3167 param.
3168 * region-model.cc (map_region::get_or_create): Add ctxt param and
3169 pass it to add_region_for_type.
3170 (map_region::can_merge_p): Pass NULL as a ctxt to call to
3171 get_or_create.
3172 (array_region::get_element): Pass ctxt to call to get_or_create.
3173 (array_region::get_or_create): Add ctxt param and pass it to
3174 add_region_for_type.
3175 (root_region::push_frame): Pass ctxt to get_or_create calls.
3176 (region_model::get_lvalue_1): Likewise.
3177 (region_model::make_region_for_unexpected_tree_code): Assert that
3178 ctxt is non-NULL.
3179 (region_model::get_rvalue_1): Pass ctxt to get_svalue_for_fndecl
3180 and get_svalue_for_label calls.
3181 (region_model::get_svalue_for_fndecl): Add ctxt param and pass it
3182 to get_region_for_fndecl.
3183 (region_model::get_region_for_fndecl): Add ctxt param and pass it
3184 to get_or_create.
3185 (region_model::get_svalue_for_label): Add ctxt param and pass it
3186 to get_region_for_label.
3187 (region_model::get_region_for_label): Add ctxt param and pass it
3188 to get_region_for_fndecl and get_or_create.
3189 (region_model::get_field_region): Add ctxt param and pass it to
3190 get_or_create_view and get_or_create.
3191 (make_region_for_type): Replace gcc_unreachable with return NULL.
3192 (region_model::add_region_for_type): Add ctxt param. Handle a
3193 return of NULL from make_region_for_type by calling
3194 make_region_for_unexpected_tree_code.
3195 (region_model::get_or_create_mem_ref): Pass ctxt to calls to
3196 get_or_create_view.
3197 (region_model::get_or_create_view): Add ctxt param and pass it to
3198 add_region_for_type.
3199 (selftest::test_state_merging): Pass ctxt to get_or_create_view.
3200 * region-model.h (region_model::get_or_create): Add ctxt param.
3201 (region_model::add_region_for_type): Likewise.
3202 (region_model::get_svalue_for_fndecl): Likewise.
3203 (region_model::get_svalue_for_label): Likewise.
3204 (region_model::get_region_for_fndecl): Likewise.
3205 (region_model::get_region_for_label): Likewise.
3206 (region_model::get_field_region): Likewise.
3207 (region_model::get_or_create_view): Likewise.
3208
3209 2020-02-24 David Malcolm <dmalcolm@redhat.com>
3210
3211 * checker-path.cc (superedge_event::should_filter_p): Update
3212 filter for empty descriptions to cover verbosity level 3 as well
3213 as 2.
3214 * diagnostic-manager.cc: Include "analyzer/reachability.h".
3215 (class path_builder): New class.
3216 (diagnostic_manager::emit_saved_diagnostic): Create a path_builder
3217 and pass it to build_emission_path, rather passing eg; similarly
3218 for add_events_for_eedge and ext_state.
3219 (diagnostic_manager::build_emission_path): Replace "eg" param
3220 with a path_builder, pass it to add_events_for_eedge.
3221 (diagnostic_manager::add_events_for_eedge): Replace ext_state
3222 param with path_builder; pass it to add_events_for_superedge.
3223 (diagnostic_manager::significant_edge_p): New.
3224 (diagnostic_manager::add_events_for_superedge): Add path_builder
3225 param. Reject insignificant edges at verbosity levels below 3.
3226 (diagnostic_manager::prune_for_sm_diagnostic): Update highest
3227 verbosity level to 4.
3228 * diagnostic-manager.h (class path_builder): New forward decl.
3229 (diagnostic_manager::build_emission_path): Replace "eg" param
3230 with a path_builder.
3231 (diagnostic_manager::add_events_for_eedge): Replace ext_state
3232 param with path_builder.
3233 (diagnostic_manager::significant_edge_p): New.
3234 (diagnostic_manager::add_events_for_superedge): Add path_builder
3235 param.
3236 * reachability.h: New file.
3237
3238 2020-02-18 David Malcolm <dmalcolm@redhat.com>
3239
3240 PR analyzer/93692
3241 * analyzer.opt (fdump-analyzer-callgraph): Rewrite description.
3242
3243 2020-02-18 David Malcolm <dmalcolm@redhat.com>
3244
3245 PR analyzer/93777
3246 * region-model.cc (region_model::maybe_cast_1): Replace assertion
3247 that build_cast returns non-NULL with a conditional, falling
3248 through to the logic which returns a new unknown value of the
3249 desired type if it fails.
3250
3251 2020-02-18 David Malcolm <dmalcolm@redhat.com>
3252
3253 PR analyzer/93778
3254 * engine.cc (impl_region_model_context::on_unknown_tree_code):
3255 Rename to...
3256 (impl_region_model_context::on_unexpected_tree_code): ...this and
3257 convert first argument from path_var to tree.
3258 (exploded_node::on_stmt): Pass ctxt to purge_for_unknown_fncall.
3259 * exploded-graph.h (region_model_context::on_unknown_tree_code):
3260 Rename to...
3261 (region_model_context::on_unexpected_tree_code): ...this and
3262 convert first argument from path_var to tree.
3263 * program-state.cc (sm_state_map::purge_for_unknown_fncall): Add
3264 ctxt param and pass on to calls to get_rvalue.
3265 * program-state.h (sm_state_map::purge_for_unknown_fncall): Add
3266 ctxt param.
3267 * region-model.cc (region_model::handle_unrecognized_call): Pass
3268 ctxt on to call to get_rvalue.
3269 (region_model::get_lvalue_1): Move body of default case to
3270 region_model::make_region_for_unexpected_tree_code and call it.
3271 Within COMPONENT_REF case, reject attempts to handle types other
3272 than RECORD_TYPE and UNION_TYPE.
3273 (region_model::make_region_for_unexpected_tree_code): New
3274 function, based on default case of region_model::get_lvalue_1.
3275 * region-model.h
3276 (region_model::make_region_for_unexpected_tree_code): New decl.
3277 (region_model::on_unknown_tree_code): Rename to...
3278 (region_model::on_unexpected_tree_code): ...this and convert first
3279 argument from path_var to tree.
3280 (class test_region_model_context): Update vfunc implementation for
3281 above change.
3282
3283 2020-02-18 David Malcolm <dmalcolm@redhat.com>
3284
3285 PR analyzer/93774
3286 * region-model.cc
3287 (region_model::convert_byte_offset_to_array_index): Use
3288 int_size_in_bytes before calling size_in_bytes, to gracefully fail
3289 on incomplete types.
3290
3291 2020-02-17 David Malcolm <dmalcolm@redhat.com>
3292
3293 PR analyzer/93775
3294 * region-model.cc (region_model::get_fndecl_for_call): Handle the
3295 case where the code_region's get_tree_for_child_region returns
3296 NULL.
3297
3298 2020-02-17 David Malcolm <dmalcolm@redhat.com>
3299
3300 PR analyzer/93388
3301 * engine.cc (impl_region_model_context::on_unknown_tree_code):
3302 New.
3303 (exploded_graph::get_or_create_node): Reject invalid states.
3304 * exploded-graph.h
3305 (impl_region_model_context::on_unknown_tree_code): New decl.
3306 (point_and_state::point_and_state): Assert that the state is
3307 valid.
3308 * program-state.cc (program_state::program_state): Initialize
3309 m_valid to true.
3310 (program_state::operator=): Copy m_valid.
3311 (program_state::program_state): Likewise for move constructor.
3312 (program_state::print): Print m_valid.
3313 (program_state::dump_to_pp): Likewise.
3314 * program-state.h (program_state::m_valid): New field.
3315 * region-model.cc (region_model::get_lvalue_1): Implement the
3316 default case by returning a new symbolic region and calling
3317 the context's on_unknown_tree_code, rather than issuing an
3318 internal_error. Implement VIEW_CONVERT_EXPR.
3319 * region-model.h (region_model_context::on_unknown_tree_code): New
3320 vfunc.
3321 (test_region_model_context::on_unknown_tree_code): New.
3322
3323 2020-02-17 David Malcolm <dmalcolm@redhat.com>
3324
3325 * sm-malloc.cc (malloc_diagnostic::describe_state_change): For
3326 transition to the "null" state, only say "assuming" when
3327 transitioning from the "unchecked" state.
3328
3329 2020-02-17 David Malcolm <dmalcolm@redhat.com>
3330
3331 * diagnostic-manager.h (diagnostic_manager::get_saved_diagnostic):
3332 Add const overload.
3333 * engine.cc (exploded_node::dump_dot): Dump saved_diagnostics.
3334 * exploded-graph.h (exploded_graph::get_diagnostic_manager): Add
3335 const overload.
3336
3337 2020-02-11 David Malcolm <dmalcolm@redhat.com>
3338
3339 PR analyzer/93288
3340 * analysis-plan.cc (analysis_plan::use_summary_p): Look through
3341 the ultimate_alias_target when getting the called function.
3342 * engine.cc (exploded_node::on_stmt): Rename second "ctxt" to
3343 "sm_ctxt". Use the region_model's get_fndecl_for_call rather than
3344 gimple_call_fndecl.
3345 * region-model.cc (region_model::get_fndecl_for_call): Use
3346 ultimate_alias_target on fndecl.
3347 * supergraph.cc (get_ultimate_function_for_cgraph_edge): New
3348 function.
3349 (supergraph_call_edge): Use it when rejecting edges without
3350 functions.
3351 (supergraph::supergraph): Use it to get the function for the
3352 cgraph_edge when building interprocedural superedges.
3353 (callgraph_superedge::get_callee_function): Use it.
3354 * supergraph.h (supergraph::get_num_snodes): Make param const.
3355 (supergraph::function_to_num_snodes_t): Make first type param
3356 const.
3357
3358 2020-02-11 David Malcolm <dmalcolm@redhat.com>
3359
3360 PR analyzer/93374
3361 * engine.cc (exploded_edge::exploded_edge): Add ext_state param
3362 and pass it to change.validate.
3363 (exploded_graph::get_or_create_node): Move purging of change
3364 svalues to also cover the case of reusing an existing enode.
3365 (exploded_graph::add_edge): Pass m_ext_state to exploded_edge's
3366 ctor.
3367 * exploded-graph.h (exploded_edge::exploded_edge): Add ext_state
3368 param.
3369 * program-state.cc (state_change::sm_change::validate): Likewise.
3370 Assert that m_sm_idx is sane. Use ext_state to validate
3371 m_old_state and m_new_state.
3372 (state_change::validate): Add ext_state param and pass it to
3373 the sm_change validate calls.
3374 * program-state.h (state_change::sm_change::validate): Add
3375 ext_state param.
3376 (state_change::validate): Likewise.
3377
3378 2020-02-11 David Malcolm <dmalcolm@redhat.com>
3379
3380 PR analyzer/93669
3381 * engine.cc (exploded_graph::dump_exploded_nodes): Handle missing
3382 case of STATUS_WORKLIST in implementation of
3383 "__analyzer_dump_exploded_nodes".
3384
3385 2020-02-11 David Malcolm <dmalcolm@redhat.com>
3386
3387 PR analyzer/93649
3388 * constraint-manager.cc (constraint_manager::add_constraint): When
3389 merging equivalence classes and updating m_constant, also update
3390 m_cst_sid.
3391 (constraint_manager::validate): If m_constant is non-NULL assert
3392 that m_cst_sid is non-null and is valid.
3393
3394 2020-02-11 David Malcolm <dmalcolm@redhat.com>
3395
3396 PR analyzer/93657
3397 * analyzer.opt (fdump-analyzer): Reword description.
3398 (fdump-analyzer-stderr): Likewise.
3399
3400 2020-02-11 David Malcolm <dmalcolm@redhat.com>
3401
3402 * region-model.cc (print_quoted_type): New function.
3403 (svalue::print): Use it to replace %qT.
3404 (region::dump_to_pp): Likewise.
3405 (region::dump_child_label): Likewise.
3406 (region::print_fields): Likewise.
3407
3408 2020-02-10 David Malcolm <dmalcolm@redhat.com>
3409
3410 PR analyzer/93659
3411 * analyzer.opt (-param=analyzer-max-recursion-depth=): Fix "tha"
3412 -> "that" typo.
3413 (Wanalyzer-use-of-uninitialized-value): Fix "initialized" ->
3414 "uninitialized" typo.
3415
3416 2020-02-10 David Malcolm <dmalcolm@redhat.com>
3417
3418 PR analyzer/93350
3419 * region-model.cc (region_model::get_lvalue_1):
3420 Handle BIT_FIELD_REF.
3421 (make_region_for_type): Handle VECTOR_TYPE.
3422
3423 2020-02-10 David Malcolm <dmalcolm@redhat.com>
3424
3425 PR analyzer/93647
3426 * diagnostic-manager.cc
3427 (diagnostic_manager::prune_for_sm_diagnostic): Bulletproof against
3428 VAR being constant.
3429 * region-model.cc (region_model::get_lvalue_1): Provide a better
3430 error message when encountering an unhandled tree code.
3431
3432 2020-02-10 David Malcolm <dmalcolm@redhat.com>
3433
3434 PR analyzer/93405
3435 * region-model.cc (region_model::get_lvalue_1): Implement
3436 CONST_DECL.
3437
3438 2020-02-06 David Malcolm <dmalcolm@redhat.com>
3439
3440 * region-model.cc (region_model::maybe_cast_1): Attempt to provide
3441 a region_svalue if either type is a pointer, rather than if both
3442 types are pointers.
3443
3444 2020-02-05 David Malcolm <dmalcolm@redhat.com>
3445
3446 * engine.cc (exploded_node::dump_dot): Show merger enodes.
3447 (worklist::add_node): Assert that the node's m_status is
3448 STATUS_WORKLIST.
3449 (exploded_graph::process_worklist): Likewise for nodes from the
3450 worklist. Set status of merged nodes to STATUS_MERGER.
3451 (exploded_graph::process_node): Set status of node to
3452 STATUS_PROCESSED.
3453 (exploded_graph::dump_exploded_nodes): Rework handling of
3454 "__analyzer_dump_exploded_nodes", splitting enodes by status into
3455 "processed" and "merger", showing the count of just the processed
3456 enodes at the call, rather than the count of all enodes.
3457 * exploded-graph.h (exploded_node::status): New enum.
3458 (exploded_node::exploded_node): Initialize m_status to
3459 STATUS_WORKLIST.
3460 (exploded_node::get_status): New getter.
3461 (exploded_node::set_status): New setter.
3462
3463 2020-02-04 David Malcolm <dmalcolm@redhat.com>
3464
3465 PR analyzer/93543
3466 * engine.cc (pod_hash_traits<function_call_string>::mark_empty):
3467 Eliminate reinterpret_cast.
3468 (pod_hash_traits<function_call_string>::is_empty): Likewise.
3469
3470 2020-02-03 David Malcolm <dmalcolm@redhat.com>
3471
3472 * constraint-manager.cc (range::constrained_to_single_element):
3473 Replace fold_build2 with fold_binary. Remove unnecessary newline.
3474 (constraint_manager::get_or_add_equiv_class): Replace fold_build2
3475 with fold_binary in two places, and remove out-of-date comment.
3476 (constraint_manager::eval_condition): Replace fold_build2 with
3477 fold_binary.
3478 * region-model.cc (constant_svalue::eval_condition): Likewise.
3479 (region_model::on_assignment): Likewise.
3480
3481 2020-02-03 David Malcolm <dmalcolm@redhat.com>
3482
3483 PR analyzer/93544
3484 * diagnostic-manager.cc
3485 (diagnostic_manager::prune_for_sm_diagnostic): Bulletproof
3486 against bad choices due to bad paths.
3487 * engine.cc (impl_region_model_context::on_phi): New.
3488 * exploded-graph.h (impl_region_model_context::on_phi): New decl.
3489 * region-model.cc (region_model::on_longjmp): Likewise.
3490 (region_model::handle_phi): Add phi param. Call the ctxt's on_phi
3491 vfunc.
3492 (region_model::update_for_phis): Pass phi to handle_phi.
3493 * region-model.h (region_model::handle_phi): Add phi param.
3494 (region_model_context::on_phi): New vfunc.
3495 (test_region_model_context::on_phi): New.
3496 * sm-malloc.cc (malloc_state_machine::on_phi): New.
3497 (malloc_state_machine::on_zero_assignment): New.
3498 * sm.h (state_machine::on_phi): New vfunc.
3499
3500 2020-02-03 David Malcolm <dmalcolm@redhat.com>
3501
3502 * engine.cc (supernode_cluster::dump_dot): Show BB index as
3503 well as SN index.
3504 * supergraph.cc (supernode::dump_dot): Likewise.
3505
3506 2020-02-03 David Malcolm <dmalcolm@redhat.com>
3507
3508 PR analyzer/93546
3509 * region-model.cc (region_model::on_call_pre): Update for new
3510 param of symbolic_region ctor.
3511 (region_model::deref_rvalue): Likewise.
3512 (region_model::add_new_malloc_region): Likewise.
3513 (make_region_for_type): Likewise, preserving type.
3514 * region-model.h (symbolic_region::symbolic_region): Add "type"
3515 param and pass it to base class ctor.
3516
3517 2020-02-03 David Malcolm <dmalcolm@redhat.com>
3518
3519 PR analyzer/93547
3520 * constraint-manager.cc
3521 (constraint_manager::get_or_add_equiv_class): Ensure types are
3522 compatible before comparing constants.
3523
3524 2020-01-31 David Malcolm <dmalcolm@redhat.com>
3525
3526 PR analyzer/93457
3527 * region-model.cc (make_region_for_type): Use VOID_TYPE_P rather
3528 than checking against void_type_node.
3529
3530 2020-01-31 David Malcolm <dmalcolm@redhat.com>
3531
3532 PR analyzer/93373
3533 * region-model.cc (ASSERT_COMPAT_TYPES): Convert to...
3534 (assert_compat_types): ...this, and bail when either type is NULL,
3535 or when VOID_TYPE_P (dst_type).
3536 (region_model::get_lvalue): Update for above conversion.
3537 (region_model::get_rvalue): Likewise.
3538
3539 2020-01-31 David Malcolm <dmalcolm@redhat.com>
3540
3541 PR analyzer/93379
3542 * region-model.cc (region_model::update_for_return_superedge):
3543 Move check for null result so that it also guards setting the
3544 lhs.
3545
3546 2020-01-31 David Malcolm <dmalcolm@redhat.com>
3547
3548 PR analyzer/93438
3549 * region-model.cc (stack_region::can_merge_p): Split into a two
3550 pass approach, creating all stack regions first, then populating
3551 them.
3552 (selftest::test_state_merging): Add test coverage for (a) the case
3553 of self-merging a model in which a local in an older stack frame
3554 points to a local in a more recent stack frame (which previously
3555 would ICE), and (b) the case of self-merging a model in which a
3556 local points to a global (which previously worked OK).
3557
3558 2020-01-31 David Malcolm <dmalcolm@redhat.com>
3559
3560 * analyzer.cc (is_named_call_p): Replace tests for fndecl being
3561 extern at file scope and having a non-NULL DECL_NAME with a call
3562 to maybe_special_function_p.
3563 * function-set.cc (function_set::contains_decl_p): Add call to
3564 maybe_special_function_p.
3565
3566 2020-01-31 David Malcolm <dmalcolm@redhat.com>
3567
3568 PR analyzer/93450
3569 * constraint-manager.cc
3570 (constraint_manager::get_or_add_equiv_class): Only compare constants
3571 if their types are compatible.
3572 * region-model.cc (constant_svalue::eval_condition): Replace check
3573 for identical types with call to types_compatible_p.
3574
3575 2020-01-30 David Malcolm <dmalcolm@redhat.com>
3576
3577 * program-state.cc (extrinsic_state::dump_to_pp): New.
3578 (extrinsic_state::dump_to_file): New.
3579 (extrinsic_state::dump): New.
3580 * program-state.h (extrinsic_state::dump_to_pp): New decl.
3581 (extrinsic_state::dump_to_file): New decl.
3582 (extrinsic_state::dump): New decl.
3583 * sm.cc: Include "pretty-print.h".
3584 (state_machine::dump_to_pp): New.
3585 * sm.h (state_machine::dump_to_pp): New decl.
3586
3587 2020-01-30 David Malcolm <dmalcolm@redhat.com>
3588
3589 * diagnostic-manager.cc (for_each_state_change): Use
3590 extrinsic_state::get_num_checkers rather than accessing m_checkers
3591 directly.
3592 * program-state.cc (program_state::program_state): Likewise.
3593 * program-state.h (extrinsic_state::m_checkers): Make private.
3594
3595 2020-01-30 David Malcolm <dmalcolm@redhat.com>
3596
3597 PR analyzer/93356
3598 * region-model.cc (region_model::eval_condition): In both
3599 overloads, bail out immediately on floating-point types.
3600 (region_model::eval_condition_without_cm): Likewise.
3601 (region_model::add_constraint): Likewise.
3602
3603 2020-01-30 David Malcolm <dmalcolm@redhat.com>
3604
3605 PR analyzer/93450
3606 * program-state.cc (sm_state_map::set_state): For the overload
3607 taking an svalue_id, bail out if the set_state on the ec does
3608 nothing. Convert the latter's return type from void to bool,
3609 returning true if anything changed.
3610 (sm_state_map::impl_set_state): Convert the return type from void
3611 to bool, returning true if the state changed.
3612 * program-state.h (sm_state_map::set_state): Convert return type
3613 from void to bool.
3614 (sm_state_map::impl_set_state): Likewise.
3615 * region-model.cc (constant_svalue::eval_condition): Only call
3616 fold_build2 if the types are the same.
3617
3618 2020-01-29 Jakub Jelinek <jakub@redhat.com>
3619
3620 * analyzer.h (PUSH_IGNORE_WFORMAT, POP_IGNORE_WFORMAT): Remove.
3621 * constraint-manager.cc: Include diagnostic-core.h before graphviz.h.
3622 (range::dump, equiv_class::print): Don't use PUSH_IGNORE_WFORMAT or
3623 POP_IGNORE_WFORMAT.
3624 * state-purge.cc: Include diagnostic-core.h before
3625 gimple-pretty-print.h.
3626 (state_purge_annotator::add_node_annotations, print_vec_of_names):
3627 Don't use PUSH_IGNORE_WFORMAT or POP_IGNORE_WFORMAT.
3628 * region-model.cc: Move diagnostic-core.h include before graphviz.h.
3629 (path_var::dump, svalue::print, constant_svalue::print_details,
3630 region::dump_to_pp, region::dump_child_label, region::print_fields,
3631 map_region::print_fields, map_region::dump_dot_to_pp,
3632 map_region::dump_child_label, array_region::print_fields,
3633 array_region::dump_dot_to_pp): Don't use PUSH_IGNORE_WFORMAT or
3634 POP_IGNORE_WFORMAT.
3635
3636 2020-01-28 David Malcolm <dmalcolm@redhat.com>
3637
3638 PR analyzer/93316
3639 * engine.cc (rewind_info_t::update_model): Get the longjmp call
3640 stmt via get_longjmp_call () rather than assuming it is the last
3641 stmt in the longjmp's supernode.
3642 (rewind_info_t::add_events_to_path): Get the location_t for the
3643 rewind_from_longjmp_event via get_longjmp_call () rather than from
3644 the supernode's get_end_location ().
3645
3646 2020-01-28 David Malcolm <dmalcolm@redhat.com>
3647
3648 * region-model.cc (poisoned_value_diagnostic::emit): Update for
3649 renaming of warning_at overload to warning_meta.
3650 * sm-file.cc (file_leak::emit): Likewise.
3651 * sm-malloc.cc (double_free::emit): Likewise.
3652 (possible_null_deref::emit): Likewise.
3653 (possible_null_arg::emit): Likewise.
3654 (null_deref::emit): Likewise.
3655 (null_arg::emit): Likewise.
3656 (use_after_free::emit): Likewise.
3657 (malloc_leak::emit): Likewise.
3658 (free_of_non_heap::emit): Likewise.
3659 * sm-sensitive.cc (exposure_through_output_file::emit): Likewise.
3660 * sm-signal.cc (signal_unsafe_call::emit): Likewise.
3661 * sm-taint.cc (tainted_array_index::emit): Likewise.
3662
3663 2020-01-27 David Malcolm <dmalcolm@redhat.com>
3664
3665 PR analyzer/93451
3666 * region-model.cc (tree_cmp): For the REAL_CST case, impose an
3667 arbitrary order on NaNs relative to other NaNs and to non-NaNs;
3668 const-correctness tweak.
3669 (ana::selftests::build_real_cst_from_string): New function.
3670 (ana::selftests::append_interesting_constants): New function.
3671 (ana::selftests::test_tree_cmp_on_constants): New test.
3672 (ana::selftests::test_canonicalization_4): New test.
3673 (ana::selftests::analyzer_region_model_cc_tests): Call the new
3674 tests.
3675
3676 2020-01-27 David Malcolm <dmalcolm@redhat.com>
3677
3678 PR analyzer/93349
3679 * engine.cc (run_checkers): Save and restore input_location.
3680
3681 2020-01-27 David Malcolm <dmalcolm@redhat.com>
3682
3683 * call-string.cc (call_string::cmp_1): Delete, moving body to...
3684 (call_string::cmp): ...here.
3685 * call-string.h (call_string::cmp_1): Delete decl.
3686 * engine.cc (worklist::key_t::cmp_1): Delete, moving body to...
3687 (worklist::key_t::cmp): ...here. Implement hash comparisons
3688 via comparison rather than subtraction to avoid overflow issues.
3689 * exploded-graph.h (worklist::key_t::cmp_1): Delete decl.
3690 * region-model.cc (tree_cmp): Eliminate buggy checking for
3691 symmetry.
3692
3693 2020-01-27 David Malcolm <dmalcolm@redhat.com>
3694
3695 * analyzer.cc (is_named_call_p): Check that fndecl is "extern"
3696 and at file scope. Potentially disregard prefix _ or __ in
3697 fndecl's name. Bail if the identifier is NULL.
3698 (is_setjmp_call_p): Expect a gcall rather than plain gimple.
3699 Remove special-case check for leading prefix, and also check for
3700 sigsetjmp.
3701 (is_longjmp_call_p): Also check for siglongjmp.
3702 (get_user_facing_name): New function.
3703 * analyzer.h (is_setjmp_call_p): Expect a gcall rather than plain
3704 gimple.
3705 (get_user_facing_name): New decl.
3706 * checker-path.cc (setjmp_event::get_desc): Use
3707 get_user_facing_name to avoid hardcoding the function name.
3708 (rewind_event::rewind_event): Add rewind_info param, using it to
3709 initialize new m_rewind_info field, and strengthen the assertion.
3710 (rewind_from_longjmp_event::get_desc): Use get_user_facing_name to
3711 avoid hardcoding the function name.
3712 (rewind_to_setjmp_event::get_desc): Likewise.
3713 * checker-path.h (setjmp_event::setjmp_event): Add setjmp_call
3714 param and use it to initialize...
3715 (setjmp_event::m_setjmp_call): New field.
3716 (rewind_event::rewind_event): Add rewind_info param.
3717 (rewind_event::m_rewind_info): New protected field.
3718 (rewind_from_longjmp_event::rewind_from_longjmp_event): Add
3719 rewind_info param.
3720 (class rewind_to_setjmp_event): Move rewind_info field to parent
3721 class.
3722 * diagnostic-manager.cc (diagnostic_manager::add_events_for_eedge):
3723 Update setjmp-handling for is_setjmp_call_p requiring a gcall;
3724 pass the call to the new setjmp_event.
3725 * engine.cc (exploded_node::on_stmt): Update for is_setjmp_call_p
3726 requiring a gcall.
3727 (stale_jmp_buf::emit): Use get_user_facing_name to avoid
3728 hardcoding the function names.
3729 (exploded_node::on_longjmp): Pass the longjmp_call when
3730 constructing rewind_info.
3731 (rewind_info_t::add_events_to_path): Pass the rewind_info_t to the
3732 rewind_from_longjmp_event's ctor.
3733 * exploded-graph.h (rewind_info_t::rewind_info_t): Add
3734 longjmp_call param.
3735 (rewind_info_t::get_longjmp_call): New.
3736 (rewind_info_t::m_longjmp_call): New.
3737 * region-model.cc (region_model::on_setjmp): Update comment to
3738 indicate this is also for sigsetjmp.
3739 * region-model.h (struct setjmp_record): Likewise.
3740 (class setjmp_svalue): Likewise.
3741
3742 2020-01-27 David Malcolm <dmalcolm@redhat.com>
3743
3744 PR analyzer/93276
3745 * analyzer.h (PUSH_IGNORE_WFORMAT, POP_IGNORE_WFORMAT): Guard these
3746 macros with GCC_VERSION >= 4006, making them no-op otherwise.
3747 * engine.cc (exploded_edge::exploded_edge): Specify template for
3748 base class initializer.
3749 (exploded_graph::add_edge): Specify template when chaining up to
3750 base class add_edge implementation.
3751 (viz_callgraph_node::dump_dot): Drop redundant "typename".
3752 (viz_callgraph_edge::viz_callgraph_edge): Specify template for
3753 base class initializer.
3754 * program-state.cc (sm_state_map::clone_with_remapping): Drop
3755 redundant "typename".
3756 (sm_state_map::print): Likewise.
3757 (sm_state_map::hash): Likewise.
3758 (sm_state_map::operator==): Likewise.
3759 (sm_state_map::remap_svalue_ids): Likewise.
3760 (sm_state_map::on_svalue_purge): Likewise.
3761 (sm_state_map::validate): Likewise.
3762 * program-state.h (sm_state_map::iterator_t): Likewise.
3763 * supergraph.h (superedge::superedge): Specify template for base
3764 class initializer.
3765
3766 2020-01-23 David Malcolm <dmalcolm@redhat.com>
3767
3768 PR analyzer/93375
3769 * supergraph.cc (callgraph_superedge::get_arg_for_parm): Fail
3770 gracefully is the number of parameters at the callee exceeds the
3771 number of arguments at the call stmt.
3772 (callgraph_superedge::get_parm_for_arg): Likewise.
3773
3774 2020-01-22 David Malcolm <dmalcolm@redhat.com>
3775
3776 PR analyzer/93382
3777 * program-state.cc (sm_state_map::on_svalue_purge): If the
3778 entry survives, but the origin is being purged, then reset the
3779 origin to null.
3780
3781 2020-01-22 David Malcolm <dmalcolm@redhat.com>
3782
3783 * sm-signal.cc: Fix nesting of CHECKING_P and namespace ana.
3784
3785 2020-01-22 David Malcolm <dmalcolm@redhat.com>
3786
3787 PR analyzer/93378
3788 * engine.cc (setjmp_svalue::compare_fields): Update for
3789 replacement of m_enode with m_setjmp_record.
3790 (setjmp_svalue::add_to_hash): Likewise.
3791 (setjmp_svalue::get_index): Rename...
3792 (setjmp_svalue::get_enode_index): ...to this.
3793 (setjmp_svalue::print_details): Update for replacement of m_enode
3794 with m_setjmp_record.
3795 (exploded_node::on_longjmp): Likewise.
3796 * exploded-graph.h (rewind_info_t::m_enode_origin): Replace...
3797 (rewind_info_t::m_setjmp_record): ...with this.
3798 (rewind_info_t::rewind_info_t): Update for replacement of m_enode
3799 with m_setjmp_record.
3800 (rewind_info_t::get_setjmp_point): Likewise.
3801 (rewind_info_t::get_setjmp_call): Likewise.
3802 * region-model.cc (region_model::dump_summary_of_map): Likewise.
3803 (region_model::on_setjmp): Likewise.
3804 * region-model.h (struct setjmp_record): New struct.
3805 (setjmp_svalue::m_enode): Replace...
3806 (setjmp_svalue::m_setjmp_record): ...with this.
3807 (setjmp_svalue::setjmp_svalue): Update for replacement of m_enode
3808 with m_setjmp_record.
3809 (setjmp_svalue::clone): Likewise.
3810 (setjmp_svalue::get_index): Rename...
3811 (setjmp_svalue::get_enode_index): ...to this.
3812 (setjmp_svalue::get_exploded_node): Replace...
3813 (setjmp_svalue::get_setjmp_record): ...with this.
3814
3815 2020-01-22 David Malcolm <dmalcolm@redhat.com>
3816
3817 PR analyzer/93316
3818 * analyzer.cc (is_setjmp_call_p): Check for "setjmp" as well as
3819 "_setjmp".
3820
3821 2020-01-22 David Malcolm <dmalcolm@redhat.com>
3822
3823 PR analyzer/93307
3824 * analysis-plan.h: Wrap everything namespace "ana".
3825 * analyzer-logging.cc: Likewise.
3826 * analyzer-logging.h: Likewise.
3827 * analyzer-pass.cc (pass_analyzer::execute): Update for "ana"
3828 namespace.
3829 * analyzer-selftests.cc: Wrap everything namespace "ana".
3830 * analyzer-selftests.h: Likewise.
3831 * analyzer.h: Likewise for forward decls of types.
3832 * call-string.h: Likewise.
3833 * checker-path.cc: Likewise.
3834 * checker-path.h: Likewise.
3835 * constraint-manager.cc: Likewise.
3836 * constraint-manager.h: Likewise.
3837 * diagnostic-manager.cc: Likewise.
3838 * diagnostic-manager.h: Likewise.
3839 * engine.cc: Likewise.
3840 * engine.h: Likewise.
3841 * exploded-graph.h: Likewise.
3842 * function-set.cc: Likewise.
3843 * function-set.h: Likewise.
3844 * pending-diagnostic.cc: Likewise.
3845 * pending-diagnostic.h: Likewise.
3846 * program-point.cc: Likewise.
3847 * program-point.h: Likewise.
3848 * program-state.cc: Likewise.
3849 * program-state.h: Likewise.
3850 * region-model.cc: Likewise.
3851 * region-model.h: Likewise.
3852 * sm-file.cc: Likewise.
3853 * sm-malloc.cc: Likewise.
3854 * sm-pattern-test.cc: Likewise.
3855 * sm-sensitive.cc: Likewise.
3856 * sm-signal.cc: Likewise.
3857 * sm-taint.cc: Likewise.
3858 * sm.cc: Likewise.
3859 * sm.h: Likewise.
3860 * state-purge.h: Likewise.
3861 * supergraph.cc: Likewise.
3862 * supergraph.h: Likewise.
3863
3864 2020-01-21 David Malcolm <dmalcolm@redhat.com>
3865
3866 PR analyzer/93352
3867 * region-model.cc (int_cmp): Rename to...
3868 (array_region::key_cmp): ...this, using key_t rather than int.
3869 Rewrite in terms of comparisons rather than subtraction to
3870 ensure qsort is anti-symmetric when handling extreme values.
3871 (array_region::walk_for_canonicalization): Update for above
3872 renaming.
3873 * region-model.h (array_region::key_cmp): New decl.
3874
3875 2020-01-17 David Malcolm <dmalcolm@redhat.com>
3876
3877 PR analyzer/93290
3878 * region-model.cc (region_model::eval_condition_without_cm): Avoid
3879 gcc_unreachable for unexpected operations for the case where
3880 we're comparing an svalue against itself.
3881
3882 2020-01-17 David Malcolm <dmalcolm@redhat.com>
3883
3884 PR analyzer/93281
3885 * region-model.cc
3886 (region_model::convert_byte_offset_to_array_index): Convert to
3887 ssizetype before dividing by byte_size. Use fold_binary rather
3888 than fold_build2 to avoid needlessly constructing a tree for the
3889 non-const case.
3890
3891 2020-01-15 David Malcolm <dmalcolm@redhat.com>
3892
3893 * engine.cc (class impl_region_model_context): Fix comment.
3894
3895 2020-01-14 David Malcolm <dmalcolm@redhat.com>
3896
3897 PR analyzer/93212
3898 * region-model.cc (make_region_for_type): Use
3899 FUNC_OR_METHOD_TYPE_P rather than comparing against FUNCTION_TYPE.
3900 * region-model.h (function_region::function_region): Likewise.
3901
3902 2020-01-14 David Malcolm <dmalcolm@redhat.com>
3903
3904 * program-state.cc (sm_state_map::clone_with_remapping): Copy
3905 m_global_state.
3906 (selftest::test_program_state_merging_2): New selftest.
3907 (selftest::analyzer_program_state_cc_tests): Call it.
3908
3909 2020-01-14 David Malcolm <dmalcolm@redhat.com>
3910
3911 * checker-path.h (checker_path::get_checker_event): New function.
3912 (checker_path): Add DISABLE_COPY_AND_ASSIGN; make fields private.
3913 * diagnostic-manager.cc
3914 (diagnostic_manager::prune_for_sm_diagnostic): Replace direct
3915 access to checker_path::m_events with accessor functions. Fix
3916 overlong line.
3917 (diagnostic_manager::prune_interproc_events): Replace direct
3918 access to checker_path::m_events with accessor functions.
3919 (diagnostic_manager::finish_pruning): Likewise.
3920
3921 2020-01-14 David Malcolm <dmalcolm@redhat.com>
3922
3923 * checker-path.h (checker_event::clone): Delete vfunc decl.
3924 (debug_event::clone): Delete vfunc impl.
3925 (custom_event::clone): Delete vfunc impl.
3926 (statement_event::clone): Delete vfunc impl.
3927 (function_entry_event::clone): Delete vfunc impl.
3928 (state_change_event::clone): Delete vfunc impl.
3929 (start_cfg_edge_event::clone): Delete vfunc impl.
3930 (end_cfg_edge_event::clone): Delete vfunc impl.
3931 (call_event::clone): Delete vfunc impl.
3932 (return_event::clone): Delete vfunc impl.
3933 (setjmp_event::clone): Delete vfunc impl.
3934 (rewind_from_longjmp_event::clone): Delete vfunc impl.
3935 (rewind_to_setjmp_event::clone): Delete vfunc impl.
3936 (warning_event::clone): Delete vfunc impl.
3937
3938 2020-01-14 David Malcolm <dmalcolm@redhat.com>
3939
3940 * supergraph.cc (supernode::dump_dot): Ensure that the TABLE
3941 element has at least one TR.
3942
3943 2020-01-14 David Malcolm <dmalcolm@redhat.com>
3944
3945 PR analyzer/58237
3946 * engine.cc (leak_stmt_finder::find_stmt): Use get_pure_location
3947 when comparing against UNKNOWN_LOCATION.
3948 (stmt_requires_new_enode_p): Likewise.
3949 (exploded_graph::dump_exploded_nodes): Likewise.
3950 * supergraph.cc (supernode::get_start_location): Likewise.
3951 (supernode::get_end_location): Likewise.
3952
3953 2020-01-14 David Malcolm <dmalcolm@redhat.com>
3954
3955 PR analyzer/58237
3956 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
3957 selftest::analyzer_sm_file_cc_tests.
3958 * analyzer-selftests.h (selftest::analyzer_sm_file_cc_tests): New
3959 decl.
3960 * sm-file.cc: Include "analyzer/function-set.h" and
3961 "analyzer/analyzer-selftests.h".
3962 (get_file_using_fns): New function.
3963 (is_file_using_fn_p): New function.
3964 (fileptr_state_machine::on_stmt): Return true for known functions.
3965 (selftest::analyzer_sm_file_cc_tests): New function.
3966
3967 2020-01-14 David Malcolm <dmalcolm@redhat.com>
3968
3969 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
3970 selftest::analyzer_sm_signal_cc_tests.
3971 * analyzer-selftests.h (selftest::analyzer_sm_signal_cc_tests):
3972 New decl.
3973 * sm-signal.cc: Include "analyzer/function-set.h" and
3974 "analyzer/analyzer-selftests.h".
3975 (get_async_signal_unsafe_fns): New function.
3976 (signal_unsafe_p): Reimplement in terms of the above.
3977 (selftest::analyzer_sm_signal_cc_tests): New function.
3978
3979 2020-01-14 David Malcolm <dmalcolm@redhat.com>
3980
3981 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
3982 selftest::analyzer_function_set_cc_tests.
3983 * analyzer-selftests.h (selftest::analyzer_function_set_cc_tests):
3984 New decl.
3985 * function-set.cc: New file.
3986 * function-set.h: New file.
3987
3988 2020-01-14 David Malcolm <dmalcolm@redhat.com>
3989
3990 * analyzer.h (fndecl_has_gimple_body_p): New decl.
3991 * engine.cc (impl_region_model_context::on_unknown_change): New
3992 function.
3993 (fndecl_has_gimple_body_p): Make non-static.
3994 (exploded_node::on_stmt): Treat __analyzer_dump_exploded_nodes as
3995 known. Track whether we have a call with unknown side-effects and
3996 pass it to on_call_post.
3997 * exploded-graph.h (impl_region_model_context::on_unknown_change):
3998 New decl.
3999 * program-state.cc (sm_state_map::on_unknown_change): New function.
4000 * program-state.h (sm_state_map::on_unknown_change): New decl.
4001 * region-model.cc: Include "bitmap.h".
4002 (region_model::on_call_pre): Return a bool, capturing whether the
4003 call has unknown side effects.
4004 (region_model::on_call_post): Add arg "bool unknown_side_effects"
4005 and if true, call handle_unrecognized_call.
4006 (class reachable_regions): New class.
4007 (region_model::handle_unrecognized_call): New function.
4008 * region-model.h (region_model::on_call_pre): Return a bool.
4009 (region_model::on_call_post): Add arg "bool unknown_side_effects".
4010 (region_model::handle_unrecognized_call): New decl.
4011 (region_model_context::on_unknown_change): New vfunc.
4012 (test_region_model_context::on_unknown_change): New function.
4013
4014 2020-01-14 David Malcolm <dmalcolm@redhat.com>
4015
4016 * diagnostic-manager.cc (saved_diagnostic::operator==): Move here
4017 from header. Replace pointer equality test on m_var with call to
4018 pending_diagnostic::same_tree_p.
4019 * diagnostic-manager.h (saved_diagnostic::operator==): Move to
4020 diagnostic-manager.cc.
4021 * pending-diagnostic.cc (pending_diagnostic::same_tree_p): New.
4022 * pending-diagnostic.h (pending_diagnostic::same_tree_p): New.
4023 * sm-file.cc (file_diagnostic::subclass_equal_p): Replace pointer
4024 equality on m_arg with call to pending_diagnostic::same_tree_p.
4025 * sm-malloc.cc (malloc_diagnostic::subclass_equal_p): Likewise.
4026 (possible_null_arg::subclass_equal_p): Likewise.
4027 (null_arg::subclass_equal_p): Likewise.
4028 (free_of_non_heap::subclass_equal_p): Likewise.
4029 * sm-pattern-test.cc (pattern_match::operator==): Likewise.
4030 * sm-sensitive.cc (exposure_through_output_file::operator==):
4031 Likewise.
4032 * sm-taint.cc (tainted_array_index::operator==): Likewise.
4033
4034 2020-01-14 David Malcolm <dmalcolm@redhat.com>
4035
4036 * diagnostic-manager.cc (dedupe_winners::add): Add logging
4037 of deduplication decisions made.
4038
4039 2020-01-14 David Malcolm <dmalcolm@redhat.com>
4040
4041 * ChangeLog: New file.
4042 * analyzer-selftests.cc: New file.
4043 * analyzer-selftests.h: New file.
4044 * analyzer.opt: New file.
4045 * analysis-plan.cc: New file.
4046 * analysis-plan.h: New file.
4047 * analyzer-logging.cc: New file.
4048 * analyzer-logging.h: New file.
4049 * analyzer-pass.cc: New file.
4050 * analyzer.cc: New file.
4051 * analyzer.h: New file.
4052 * call-string.cc: New file.
4053 * call-string.h: New file.
4054 * checker-path.cc: New file.
4055 * checker-path.h: New file.
4056 * constraint-manager.cc: New file.
4057 * constraint-manager.h: New file.
4058 * diagnostic-manager.cc: New file.
4059 * diagnostic-manager.h: New file.
4060 * engine.cc: New file.
4061 * engine.h: New file.
4062 * exploded-graph.h: New file.
4063 * pending-diagnostic.cc: New file.
4064 * pending-diagnostic.h: New file.
4065 * program-point.cc: New file.
4066 * program-point.h: New file.
4067 * program-state.cc: New file.
4068 * program-state.h: New file.
4069 * region-model.cc: New file.
4070 * region-model.h: New file.
4071 * sm-file.cc: New file.
4072 * sm-malloc.cc: New file.
4073 * sm-malloc.dot: New file.
4074 * sm-pattern-test.cc: New file.
4075 * sm-sensitive.cc: New file.
4076 * sm-signal.cc: New file.
4077 * sm-taint.cc: New file.
4078 * sm.cc: New file.
4079 * sm.h: New file.
4080 * state-purge.cc: New file.
4081 * state-purge.h: New file.
4082 * supergraph.cc: New file.
4083 * supergraph.h: New file.
4084
4085 2019-12-13 David Malcolm <dmalcolm@redhat.com>
4086
4087 * Initial creation
4088
4089 \f
4090 Copyright (C) 2019-2021 Free Software Foundation, Inc.
4091
4092 Copying and distribution of this file, with or without modification,
4093 are permitted in any medium without royalty provided the copyright
4094 notice and this notice are preserved.
Mirror of https://gcc.gnu.org/git/gcc.git