1 2021-02-22 David Malcolm <dmalcolm@redhat.com>
4 * engine.cc (exploded_node::on_stmt): Provide terminate_path
5 flag as a way for on_call_pre to terminate the current analysis
7 * region-model-impl-calls.cc (call_details::num_args): New.
8 (region_model::impl_call_error): New.
9 * region-model.cc (region_model::on_call_pre): Add param
10 "out_terminate_path". Handle "error" and "error_at_line".
11 * region-model.h (call_details::num_args): New decl.
12 (region_model::on_call_pre): Add param "out_terminate_path".
13 (region_model::impl_call_error): New decl.
15 2021-02-17 David Malcolm <dmalcolm@redhat.com>
18 * constraint-manager.cc (dead_svalue_purger::should_purge_p):
19 Update for change to svalue::live_p.
20 * program-state.cc (sm_state_map::on_liveness_change): Likewise.
21 (program_state::detect_leaks): Likewise.
22 * region-model-reachability.cc (reachable_regions::init_cluster):
23 When dealing with a symbolic region, if the underlying pointer is
24 implicitly live, add the region to the reachable regions.
25 * region-model.cc (region_model::compare_initial_and_pointer):
26 Move logic for detecting initial values of params to
27 initial_svalue::initial_value_of_param_p.
28 * svalue.cc (svalue::live_p): Convert "live_svalues" from a
29 reference to a pointer; support it being NULL.
30 (svalue::implicitly_live_p): Convert first param from a
31 refererence to a pointer.
32 (region_svalue::implicitly_live_p): Likewise.
33 (constant_svalue::implicitly_live_p): Likewise.
34 (initial_svalue::implicitly_live_p): Likewise. Treat the initial
35 values of params for the top level frame as still live.
36 (initial_svalue::initial_value_of_param_p): New function, taken
37 from a test in region_model::compare_initial_and_pointer.
38 (unaryop_svalue::implicitly_live_p): Convert first param from a
39 refererence to a pointer.
40 (binop_svalue::implicitly_live_p): Likewise.
41 (sub_svalue::implicitly_live_p): Likewise.
42 (unmergeable_svalue::implicitly_live_p): Likewise.
43 * svalue.h (svalue::live_p): Likewise.
44 (svalue::implicitly_live_p): Likewise.
45 (region_svalue::implicitly_live_p): Likewise.
46 (constant_svalue::implicitly_live_p): Likewise.
47 (initial_svalue::implicitly_live_p): Likewise.
48 (initial_svalue::initial_value_of_param_p): New decl.
49 (unaryop_svalue::implicitly_live_p): Convert first param from a
50 refererence to a pointer.
51 (binop_svalue::implicitly_live_p): Likewise.
52 (sub_svalue::implicitly_live_p): Likewise.
53 (unmergeable_svalue::implicitly_live_p): Likewise.
55 2021-02-12 David Malcolm <dmalcolm@redhat.com>
58 * engine.cc (readability): Add names for the various arbitrary
59 values. Handle NOP_EXPR and INTEGER_CST.
60 (readability_comparator): Combine the readability tests for
61 tree and stack depth, rather than performing them sequentially.
62 (impl_region_model_context::on_state_leak): Strip off top-level
64 * region-model.cc (region_model::get_representative_path_var): Add
65 type-checking, moving the bulk of the implementation to...
66 (region_model::get_representative_path_var_1): ...here. Respect
67 types in casts by recursing and re-adding the cast, rather than
68 merely stripping them off. Use the correct type when handling
70 (region_model::get_representative_tree): Strip off any top-level
72 (region_model::get_representative_path_var): Add type-checking,
73 moving the bulk of the implementation to...
74 (region_model::get_representative_path_var_1): ...here.
75 * region-model.h (region_model::get_representative_path_var_1):
77 (region_model::get_representative_path_var_1): New decl.
78 * store.cc (append_pathvar_with_type): New.
79 (binding_cluster::get_representative_path_vars): Cast path_vars
80 to the correct type when adding them to *OUT_PVS.
82 2021-02-09 David Malcolm <dmalcolm@redhat.com>
85 * sm-file.cc (is_file_using_fn_p): Support "_IO_"-prefixed
88 2021-02-09 David Malcolm <dmalcolm@redhat.com>
91 * store.cc (store::set_value): Treat a pointer written to *UNKNOWN
94 2021-02-02 David Malcolm <dmalcolm@redhat.com>
98 * engine.cc (toplevel_function_p): Simplify so that
99 we only reject functions with a "__analyzer_" prefix.
100 (add_any_callbacks): Delete.
101 (exploded_graph::build_initial_worklist): Update for
102 dropped param of toplevel_function_p.
103 (exploded_graph::build_initial_worklist): Don't bother
104 looking for callbacks that are reachable from global
107 2021-02-01 David Malcolm <dmalcolm@redhat.com>
110 * region-model-manager.cc
111 (region_model_manager::get_or_create_initial_value):
112 Fold the initial value of *UNKNOWN_PTR to an UNKNOWN value.
113 (region_model_manager::get_field_region): Fold the value
114 of UNKNOWN_PTR->FIELD to *UNKNOWN_PTR_OF_&FIELD_TYPE.
116 2021-01-29 David Malcolm <dmalcolm@redhat.com>
118 * checker-path.cc (event_kind_to_string): Handle
119 EK_START_CONSOLIDATED_CFG_EDGES and
120 EK_END_CONSOLIDATED_CFG_EDGES.
121 (start_consolidated_cfg_edges_event::get_desc): New.
122 (checker_path::cfg_edge_pair_at_p): New.
123 * checker-path.h (enum event_kind): Add
124 EK_START_CONSOLIDATED_CFG_EDGES and
125 EK_END_CONSOLIDATED_CFG_EDGES.
126 (class start_consolidated_cfg_edges_event): New class.
127 (class end_consolidated_cfg_edges_event): New class.
128 (checker_path::delete_events): New.
129 (checker_path::replace_event): New.
130 (checker_path::cfg_edge_pair_at_p): New decl.
131 * diagnostic-manager.cc (diagnostic_manager::prune_path): Call
132 consolidate_conditions.
133 (same_line_as_p): New.
134 (diagnostic_manager::consolidate_conditions): New.
135 * diagnostic-manager.h
136 (diagnostic_manager::consolidate_conditions): New decl.
138 2021-01-18 David Malcolm <dmalcolm@redhat.com>
140 * analyzer.h (is_std_named_call_p): New decl.
141 * diagnostic-manager.cc (path_builder::get_sm): New.
142 (state_change_event_creator::state_change_event_creator): Add "pb"
144 (state_change_event_creator::on_global_state_change): Don't consider
145 state changes affecting other state_machines.
146 (state_change_event_creator::on_state_change): Likewise.
147 (state_change_event_creator::m_pb): New field.
148 (diagnostic_manager::add_events_for_eedge): Pass pb to visitor
150 * region-model-impl-calls.cc
151 (region_model::impl_deallocation_call): New.
152 * region-model.cc: Include "attribs.h".
153 (region_model::on_call_post): Handle fndecls referenced by
154 __attribute__((deallocated_by(FOO))).
155 * region-model.h (region_model::impl_deallocation_call): New decl.
156 * sm-malloc.cc: Include "stringpool.h" and "attribs.h". Add
159 (enum resource_state): Update comment for change from api to
160 deallocator and deallocator_set.
161 (allocation_state::allocation_state): Drop api param. Add
162 "deallocators" and "deallocator".
163 (allocation_state::m_api): Drop field in favor of...
164 (allocation_state::m_deallocators): New field.
165 (allocation_state::m_deallocator): New field.
166 (enum wording): Add WORDING_DEALLOCATED.
167 (struct deallocator): New.
168 (struct standard_deallocator): New.
169 (struct custom_deallocator): New.
170 (struct deallocator_set): New.
171 (struct custom_deallocator_set): New.
172 (struct standard_deallocator_set): New.
173 (struct deallocator_set_map_traits): New.
174 (malloc_state_machine::m_malloc): Drop field
175 (malloc_state_machine::m_scalar_new): Likewise.
176 (malloc_state_machine::m_vector_new): Likewise.
177 (malloc_state_machine::m_free): New field
178 (malloc_state_machine::m_scalar_delete): Likewise.
179 (malloc_state_machine::m_vector_delete): Likewise.
180 (malloc_state_machine::deallocator_map_t): New typedef.
181 (malloc_state_machine::m_deallocator_map): New field.
182 (malloc_state_machine::deallocator_set_cache_t): New typedef.
183 (malloc_state_machine::m_custom_deallocator_set_cache): New field.
184 (malloc_state_machine::custom_deallocator_set_map_t): New typedef.
185 (malloc_state_machine::m_custom_deallocator_set_map): New field.
186 (malloc_state_machine::m_dynamic_sets): New field.
187 (malloc_state_machine::m_dynamic_deallocators): New field.
189 (deallocator::deallocator): New ctor.
190 (deallocator::hash): New.
191 (deallocator::dump_to_pp): New.
192 (deallocator::cmp): New.
193 (deallocator::cmp_ptr_ptr): New.
194 (standard_deallocator::standard_deallocator): New ctor.
195 (deallocator_set::deallocator_set): New ctor.
196 (deallocator_set::dump): New.
197 (custom_deallocator_set::custom_deallocator_set): New ctor.
198 (custom_deallocator_set::contains_p): New.
199 (custom_deallocator_set::maybe_get_single): New.
200 (custom_deallocator_set::dump_to_pp): New.
201 (standard_deallocator_set::standard_deallocator_set): New ctor.
202 (standard_deallocator_set::contains_p): New.
203 (standard_deallocator_set::maybe_get_single): New.
204 (standard_deallocator_set::dump_to_pp): New.
206 (class mismatching_deallocation): Update for conversion from api
207 to deallocator_set and deallocator.
208 (double_free::emit): Use %qs.
209 (class use_after_free): Update for conversion from api to
210 deallocator_set and deallocator.
211 (malloc_leak::describe_state_change): Only emit "allocated here" on
212 a start->nonnull transition, rather than on other transitions to
214 (allocation_state::dump_to_pp): Update for conversion from api to
216 (allocation_state::get_nonnull): Likewise.
217 (malloc_state_machine::malloc_state_machine): Likewise.
218 (malloc_state_machine::~malloc_state_machine): New.
219 (malloc_state_machine::add_state): Update for conversion from api
221 (malloc_state_machine::get_or_create_custom_deallocator_set): New.
222 (malloc_state_machine::maybe_create_custom_deallocator_set): New.
223 (malloc_state_machine::get_or_create_deallocator): New.
224 (malloc_state_machine::on_stmt): Update for conversion from api
225 to deallocator_set. Handle "__attribute__((malloc(FOO)))", and
226 the special attribute set on FOO.
227 (malloc_state_machine::on_allocator_call): Update for conversion
228 from api to deallocator_set. Add "returns_nonnull" param and use
229 it to affect which state to transition to.
230 (malloc_state_machine::on_deallocator_call): Update for conversion
231 from api to deallocator_set.
233 2021-01-14 David Malcolm <dmalcolm@redhat.com>
235 * engine.cc (strongly_connected_components::to_json): New.
236 (worklist::to_json): New.
237 (exploded_graph::to_json): JSON-ify the worklist.
238 * exploded-graph.h (strongly_connected_components::to_json): New
240 (worklist::to_json): New decl.
241 * store.cc (store::to_json): Fix comment.
242 * supergraph.cc (supernode::to_json): Fix reference to
243 "returning_call" in comment. Add optional "fun" to JSON.
244 (edge_kind_to_string): New.
245 (superedge::to_json): Add "kind" to JSON.
247 2021-01-14 David Malcolm <dmalcolm@redhat.com>
250 * analyzer.h (region_offset::operator==): Make const.
251 * pending-diagnostic.h (pending_diagnostic::equal_p): Likewise.
252 * store.h (binding_cluster::for_each_value): Likewise.
253 (binding_cluster::for_each_binding): Likewise.
255 2021-01-12 David Malcolm <dmalcolm@redhat.com>
258 * store.cc (binding_cluster::make_unknown_relative_to): Don't mark
259 dereferenced unknown pointers as having escaped.
261 2021-01-07 David Malcolm <dmalcolm@redhat.com>
264 * region.cc (decl_region::get_svalue_for_initializer): Gracefully
265 handle when LTO writes out DECL_INITIAL as error_mark_node.
267 2021-01-07 David Malcolm <dmalcolm@redhat.com>
270 * store.cc (binding_cluster::can_merge_p): Add "out_store" param
271 and pass to calls to binding_cluster::make_unknown_relative_to.
272 (binding_cluster::make_unknown_relative_to): Add "out_store"
273 param. Use it to mark base regions that are pointed to by
274 pointers that become unknown as having escaped.
275 (store::can_merge_p): Pass out_store to
276 binding_cluster::can_merge_p.
277 * store.h (binding_cluster::can_merge_p): Add "out_store" param.
278 (binding_cluster::make_unknown_relative_to): Likewise.
279 * svalue.cc (region_svalue::implicitly_live_p): New vfunc.
280 * svalue.h (region_svalue::implicitly_live_p): New vfunc decl.
282 2021-01-07 David Malcolm <dmalcolm@redhat.com>
285 * engine.cc (exploded_path::feasible_p): Add missing call to
288 2021-01-06 David Malcolm <dmalcolm@redhat.com>
291 * region-model-reachability.cc (reachable_regions::init_cluster):
292 Convert symbolic region handling to a switch statement. Add cases
293 to handle SK_UNKNOWN and SK_CONJURED.
295 2021-01-05 David Malcolm <dmalcolm@redhat.com>
298 * store.cc (binding_map::apply_ctor_to_region): When "index" is
299 NULL, iterate through the fields for RECORD_TYPEs, rather than
300 creating an INTEGER_CST index.
302 2020-11-30 David Malcolm <dmalcolm@redhat.com>
304 * analyzer-pass.cc: Include "analyzer/analyzer.h" for the
305 declaration of sorry_no_analyzer; include "tree.h" and
306 "function.h" as these are needed by it.
308 2020-11-30 David Malcolm <dmalcolm@redhat.com>
310 * analyzer-pass.cc (pass_analyzer::execute): Move sorry call to...
311 (sorry_no_analyzer): New.
312 * analyzer.h (class state_machine): New forward decl.
313 (class logger): New forward decl.
314 (class plugin_analyzer_init_iface): New.
315 (sorry_no_analyzer): New decl.
316 * checker-path.cc (checker_path::fixup_locations): New.
317 * checker-path.h (checker_event::set_location): New.
318 (checker_path::fixup_locations): New decl.
319 * diagnostic-manager.cc
320 (diagnostic_manager::emit_saved_diagnostic): Call
321 checker_path::fixup_locations, and call fixup_location
322 on the primary location.
323 * engine.cc: Include "plugin.h".
324 (class plugin_analyzer_init_impl): New.
325 (impl_run_checkers): Invoke PLUGIN_ANALYZER_INIT callbacks.
326 * pending-diagnostic.h (pending_diagnostic::fixup_location): New
329 2020-11-18 David Malcolm <dmalcolm@redhat.com>
332 * sm-malloc.cc (null_deref::emit): Use CWE-476 rather than
333 CWE-690, as this isn't due to an unchecked return value.
334 (null_arg::emit): Likewise.
336 2020-11-12 David Malcolm <dmalcolm@redhat.com>
338 * checker-path.h (checker_event::get_id_ptr): New.
339 * diagnostic-manager.cc (path_builder::path_builder): Add "sd"
340 param and use it to initialize new field "m_sd".
341 (path_builder::get_pending_diagnostic): New.
342 (path_builder::m_sd): New field.
343 (diagnostic_manager::emit_saved_diagnostic): Pass sd to
345 (diagnostic_manager::add_events_for_superedge): Call new
346 maybe_add_custom_events_for_superedge vfunc.
347 * engine.cc (stale_jmp_buf::stale_jmp_buf): Add "setjmp_point"
348 param and use it to initialize new field "m_setjmp_point".
349 Initialize new field "m_stack_pop_event".
350 (stale_jmp_buf::maybe_add_custom_events_for_superedge): New vfunc
352 (stale_jmp_buf::describe_final_event): New vfunc implementation.
353 (stale_jmp_buf::m_setjmp_point): New field.
354 (stale_jmp_buf::m_stack_pop_event): New field.
355 (exploded_node::on_longjmp): Pass setjmp_point to stale_jmp_buf
357 * pending-diagnostic.h
358 (pending_diagnostic::maybe_add_custom_events_for_superedge): New
361 2020-11-12 David Malcolm <dmalcolm@redhat.com>
363 PR tree-optimization/97424
364 * analyzer.opt (Wanalyzer-shift-count-negative): New.
365 (Wanalyzer-shift-count-overflow): New.
366 * region-model.cc (class shift_count_negative_diagnostic): New.
367 (class shift_count_overflow_diagnostic): New.
368 (region_model::get_gassign_result): Complain about shift counts that
369 are negative or are >= the operand's type's width.
371 2020-11-10 Martin Liska <mliska@suse.cz>
373 * constraint-manager.cc (constraint_manager::merge): Remove
375 * constraint-manager.h: Likewise.
376 * program-state.cc (sm_state_map::sm_state_map): Likewise.
377 (program_state::program_state): Likewise.
378 (test_sm_state_map): Likewise.
379 * program-state.h: Likewise.
380 * region-model-reachability.cc (reachable_regions::reachable_regions): Likewise.
381 * region-model-reachability.h: Likewise.
382 * region-model.cc (region_model::handle_unrecognized_call): Likewise.
383 (region_model::get_reachable_svalues): Likewise.
384 (region_model::can_merge_with_p): Likewise.
386 2020-11-05 David Malcolm <dmalcolm@redhat.com>
389 * svalue.cc (cmp_cst): Handle COMPLEX_CST.
391 2020-10-29 David Malcolm <dmalcolm@redhat.com>
393 * program-state.cc (sm_state_map::on_liveness_change): Sort the
394 leaking svalues before calling on_state_leak.
395 (program_state::detect_leaks): Likewise when calling
397 * region-model-reachability.cc
398 (reachable_regions::mark_escaped_clusters): Likewise when
399 calling on_escaped_function.
401 2020-10-29 David Malcolm <dmalcolm@redhat.com>
404 * region-model-reachability.cc (reachable_regions::handle_sval):
405 Operands of reachable reversible operations are reachable.
407 2020-10-29 David Malcolm <dmalcolm@redhat.com>
409 * analyzer.h (class state_machine): New forward decl.
410 (class logger): Likewise.
411 (class visitor): Likewise.
412 * complexity.cc: New file, taken from svalue.cc.
413 * complexity.h: New file, taken from region-model.h.
414 * region-model.h: Include "analyzer/svalue.h" and
415 "analyzer/region.h". Move struct complexity to complexity.h.
416 Move svalue, its subclasses and supporting decls to svalue.h.
417 Move region, its subclasses and supporting decls to region.h.
418 * region.cc: Include "analyzer/region.h".
419 (symbolic_region::symbolic_region): Move here from region-model.h.
420 * region.h: New file, based on material from region-model.h.
421 * svalue.cc: Include "analyzer/svalue.h".
422 (complexity::complexity): Move to complexity.cc.
423 (complexity::from_pair): Likewise.
424 * svalue.h: New file, based on material from region-model.h.
426 2020-10-29 David Malcolm <dmalcolm@redhat.com>
428 * program-state.cc (sm_state_map::print): Guard the printing of
429 the origin pointer with !flag_dump_noaddr.
430 * region.cc (string_region::dump_to_pp): Likewise for
433 2020-10-27 David Malcolm <dmalcolm@redhat.com>
436 * region-model.cc (region_model::get_initial_value_for_global):
437 Move check that !DECL_EXTERNAL from here to...
438 * region.cc (decl_region::get_svalue_for_initializer): ...here,
439 using it to reject zero initialization.
441 2020-10-27 Markus Böck <markus.boeck02@gmail.com>
444 * store.h (hash): Cast to intptr_t instead of long
446 2020-10-27 David Malcolm <dmalcolm@redhat.com>
448 * constraint-manager.cc (svalue_cmp_by_ptr): Delete.
449 (equiv_class::canonicalize): Use svalue::cmp_ptr_ptr instead.
450 (equiv_class_cmp): Eliminate pointer comparison.
451 * diagnostic-manager.cc (dedupe_key::comparator): If they are at
452 the same location, also compare epath ength and pending_diagnostic
454 * engine.cc (readability_comparator): If two path_vars have the
455 same readability, then impose an arbitrary ordering on them.
456 (worklist::key_t::cmp): If two points have the same plan ordering,
457 continue the comparison. Call sm_state_map::cmp rather than
458 comparing hash values.
459 * program-state.cc (sm_state_map::entry_t::cmp): New.
460 (sm_state_map::cmp): New.
461 * program-state.h (sm_state_map::entry_t::cmp): New decl.
462 (sm_state_map::elements): New.
463 (sm_state_map::cmp): New.
465 2020-10-27 David Malcolm <dmalcolm@redhat.com>
467 * engine.cc (setjmp_record::cmp): New.
468 (supernode_cluster::dump_dot): Avoid embedding pointer in cluster
470 (supernode_cluster::cmp_ptr_ptr): New.
471 (function_call_string_cluster::dump_dot): Avoid embedding pointer
472 in cluster name. Sort m_map when dumping child clusters.
473 (function_call_string_cluster::cmp_ptr_ptr): New.
474 (root_cluster::dump_dot): Sort m_map when dumping child clusters.
475 * program-point.cc (function_point::cmp): New.
476 (function_point::cmp_ptr): New.
477 * program-point.h (function_point::cmp): New decl.
478 (function_point::cmp_ptr): New decl.
479 * program-state.cc (sm_state_map::print): Sort the values. Guard
480 the printing of pointers with !flag_dump_noaddr.
481 (program_state::prune_for_point): Sort the regions.
482 (log_set_of_svalues): Sort the values. Guard the printing of
483 pointers with !flag_dump_noaddr.
484 * region-model-manager.cc (log_uniq_map): Sort the values.
485 * region-model-reachability.cc (dump_set): New function template.
486 (reachable_regions::dump_to_pp): Use it.
487 * region-model.h (svalue::cmp_ptr): New decl.
488 (svalue::cmp_ptr_ptr): New decl.
489 (setjmp_record::cmp): New decl.
490 (placeholder_svalue::get_name): New accessor.
491 (widening_svalue::get_point): New accessor.
492 (compound_svalue::get_map): New accessor.
493 (conjured_svalue::get_stmt): New accessor.
494 (conjured_svalue::get_id_region): New accessor.
495 (region::cmp_ptrs): Rename to...
496 (region::cmp_ptr_ptr): ...this.
497 * region.cc (region::cmp_ptrs): Rename to...
498 (region::cmp_ptr_ptr): ...this.
500 (state_purge_per_ssa_name::state_purge_per_ssa_name): Sort
501 m_points_needing_name when dumping.
502 * store.cc (concrete_binding::cmp_ptr_ptr): New.
503 (symbolic_binding::cmp_ptr_ptr): New.
504 (binding_map::cmp): New.
505 (get_sorted_parent_regions): Update for renaming of
506 region::cmp_ptrs to region::cmp_ptr_ptr.
507 (store::dump_to_pp): Likewise.
508 (store::to_json): Likewise.
509 (store::can_merge_p): Sort the base regions before considering
511 * store.h (concrete_binding::cmp_ptr_ptr): New decl.
512 (symbolic_binding::cmp_ptr_ptr): New decl.
513 (binding_map::cmp): New decl.
514 * supergraph.cc (supergraph::supergraph): Assign UIDs to the
516 * svalue.cc (cmp_cst): New.
517 (svalue::cmp_ptr): New.
518 (svalue::cmp_ptr_ptr): New.
520 2020-10-27 David Malcolm <dmalcolm@redhat.com>
522 * engine.cc (exploded_graph::get_or_create_node): Fix off-by-one
523 when imposing param_analyzer_max_enodes_per_program_point limit.
525 2020-10-27 David Malcolm <dmalcolm@redhat.com>
527 * region-model.cc (region_model::get_representative_path_var):
528 Implement case RK_LABEL.
529 * region-model.h (label_region::get_label): New accessor.
531 2020-10-22 David Malcolm <dmalcolm@redhat.com>
534 * engine.cc (exploded_graph::add_function_entry): Handle failure
535 to create an enode, rather than asserting.
537 2020-10-22 David Malcolm <dmalcolm@redhat.com>
540 * engine.cc (exploded_graph::add_function_entry): Assert that we
541 have a function body.
542 (exploded_graph::on_escaped_function): Reject fndecls that don't
543 have a function body.
545 2020-10-14 David Malcolm <dmalcolm@redhat.com>
548 * region-model.cc (region_model::get_initial_value_for_global):
549 Fall back to returning an initial_svalue if
550 decl_region::get_svalue_for_initializer fails.
551 * region.cc (decl_region::get_svalue_for_initializer): Don't
552 attempt to create a compound_svalue if the region has an unknown
555 2020-10-14 David Malcolm <dmalcolm@redhat.com>
558 * store.cc (binding_map::apply_ctor_to_region): Remove redundant
561 2020-10-12 David Malcolm <dmalcolm@redhat.com>
564 * engine.cc (impl_region_model_context::on_escaped_function): New
566 (exploded_graph::add_function_entry): Use m_functions_with_enodes
567 to implement idempotency.
568 (add_any_callbacks): New.
569 (exploded_graph::build_initial_worklist): Use the above to find
570 callbacks that are reachable from global initializers.
571 (exploded_graph::on_escaped_function): New.
573 (impl_region_model_context::on_escaped_function): New decl.
574 (exploded_graph::on_escaped_function): New decl.
575 (exploded_graph::m_functions_with_enodes): New field.
576 * region-model-reachability.cc
577 (reachable_regions::reachable_regions): Replace "store" param with
578 "model" param; use it to initialize m_model.
579 (reachable_regions::add): When getting the svalue for the region,
580 call get_store_value on the model rather than using an initial
582 (reachable_regions::mark_escaped_clusters): Add ctxt param and
583 use it to call on_escaped_function when a function_region escapes.
584 * region-model-reachability.h
585 (reachable_regions::reachable_regions): Replace "store" param with
587 (reachable_regions::mark_escaped_clusters): Add ctxt param.
588 (reachable_regions::m_model): New field.
589 * region-model.cc (region_model::handle_unrecognized_call): Update
590 for change in reachable_regions ctor.
591 (region_model::handle_unrecognized_call): Pass ctxt to
592 mark_escaped_clusters.
593 (region_model::get_reachable_svalues): Update for change in
594 reachable_regions ctor.
595 (region_model::get_initial_value_for_global): Read-only variables
596 keep their initial values.
597 * region-model.h (region_model_context::on_escaped_function): New
599 (noop_region_model_context::on_escaped_function): New.
601 2020-10-12 David Malcolm <dmalcolm@redhat.com>
603 * analyzer.opt (Wanalyzer-write-to-const): New.
604 (Wanalyzer-write-to-string-literal): New.
605 * region-model-impl-calls.cc (region_model::impl_call_memcpy):
606 Call check_for_writable_region.
607 (region_model::impl_call_memset): Likewise.
608 (region_model::impl_call_strcpy): Likewise.
609 * region-model.cc (class write_to_const_diagnostic): New.
610 (class write_to_string_literal_diagnostic): New.
611 (region_model::check_for_writable_region): New.
612 (region_model::set_value): Call check_for_writable_region.
613 * region-model.h (region_model::check_for_writable_region): New
616 2020-10-07 David Malcolm <dmalcolm@redhat.com>
619 * sm-malloc.cc (method_p): New.
620 (describe_argument_index): New.
621 (inform_nonnull_attribute): Use describe_argument_index.
622 (possible_null_arg::describe_final_event): Likewise.
623 (null_arg::describe_final_event): Likewise.
625 2020-09-29 David Malcolm <dmalcolm@redhat.com>
628 * engine.cc (stmt_requires_new_enode_p): Split enodes before
631 2020-09-29 David Malcolm <dmalcolm@redhat.com>
633 * constraint-manager.cc
634 (constraint_manager::add_constraint_internal): Whitespace fixes.
635 Silence -Wsign-compare warning.
636 * engine.cc (maybe_process_run_of_before_supernode_enodes):
637 Silence -Wsign-compare warning.
639 2020-09-28 David Malcolm <dmalcolm@redhat.com>
641 * region-model.h (binop_svalue::dyn_cast_binop_svalue): Remove
642 redundant "virtual". Add FINAL OVERRIDE.
643 (widening_svalue::dyn_cast_widening_svalue): Add FINAL OVERRIDE.
644 (compound_svalue::dyn_cast_compound_svalue): Likewise.
645 (conjured_svalue::dyn_cast_conjured_svalue): Likewise.
647 2020-09-28 David Malcolm <dmalcolm@redhat.com>
649 * diagnostic-manager.cc (null_assignment_sm_context::m_visitor):
652 2020-09-28 David Malcolm <dmalcolm@redhat.com>
655 * analyzer.cc (is_longjmp_call_p): Require the initial argument
657 * engine.cc (exploded_node::on_longjmp): Likewise.
659 2020-09-28 David Malcolm <dmalcolm@redhat.com>
661 * program-state.cc (sm_state_map::print): Update check
662 for m_global_state being the start state.
664 2020-09-26 David Malcolm <dmalcolm@redhat.com>
668 * region-model.cc (region_model::get_representative_path_var):
669 When handling offset_region, wrap the MEM_REF's first argument in
670 an ADDR_EXPR of pointer type, rather than simply using the tree
671 for the parent region. Require the MEM_REF's second argument to
672 be an integer constant.
674 2020-09-24 David Malcolm <dmalcolm@redhat.com>
676 * analyzer.h (struct rejected_constraint): New decl.
677 * analyzer.opt (fanalyzer-feasibility): New option.
678 * diagnostic-manager.cc (path_builder::path_builder): Add
679 "problem" param and use it to initialize new field.
680 (path_builder::get_feasibility_problem): New accessor.
681 (path_builder::m_feasibility_problem): New field.
682 (dedupe_winners::add): Remove inversion of logic in "if" clause,
683 swapping if/else suites. In the !feasible_p suite, inspect
684 flag_analyzer_feasibility and add code to handle when this
685 is off, accepting the infeasible path, but recording the
687 (diagnostic_manager::emit_saved_diagnostic): Pass the
688 feasibility_problem to the path_builder.
689 (diagnostic_manager::add_events_for_eedge): If we have
690 a feasibility_problem at this edge, use it to add a custom event.
691 * engine.cc (exploded_path::feasible_p): Pass a
692 rejected_constraint ** to model.maybe_update_for_edge and transfer
693 ownership of any created instance to any feasibility_problem.
694 (feasibility_problem::dump_to_pp): New.
695 * exploded-graph.h (feasibility_problem::feasibility_problem):
696 Drop "model" param; add rejected_constraint * param.
697 (feasibility_problem::~feasibility_problem): New.
698 (feasibility_problem::dump_to_pp): New decl.
699 (feasibility_problem::m_model): Drop field.
700 (feasibility_problem::m_rc): New field.
701 * program-point.cc (function_point::get_location): Handle
702 PK_BEFORE_SUPERNODE and PK_AFTER_SUPERNODE.
703 * program-state.cc (program_state::on_edge): Pass NULL to new
704 param of region_model::maybe_update_for_edge.
705 * region-model.cc (region_model::add_constraint): New overload
706 adding a rejected_constraint ** param.
707 (region_model::maybe_update_for_edge): Add rejected_constraint **
708 param and pass it to the various apply_constraints_for_ calls.
709 (region_model::apply_constraints_for_gcond): Add
710 rejected_constraint ** param and pass it to add_constraint calls.
711 (region_model::apply_constraints_for_gswitch): Likewise.
712 (region_model::apply_constraints_for_exception): Likewise.
713 (rejected_constraint::dump_to_pp): New.
714 * region-model.h (region_model::maybe_update_for_edge):
715 Add rejected_constraint ** param.
716 (region_model::add_constraint): New overload adding a
717 rejected_constraint ** param.
718 (region_model::apply_constraints_for_gcond): Add
719 rejected_constraint ** param.
720 (region_model::apply_constraints_for_gswitch): Likewise.
721 (region_model::apply_constraints_for_exception): Likewise.
722 (struct rejected_constraint): New.
724 2020-09-23 David Malcolm <dmalcolm@redhat.com>
727 * engine.cc (impl_run_checkers): Update for change to ext_state
729 * program-state.cc (selftest::test_sm_state_map): Pass an engine
730 instance to ext_state ctor.
731 (selftest::test_program_state_1): Likewise.
732 (selftest::test_program_state_2): Likewise.
733 (selftest::test_program_state_merging): Likewise.
734 (selftest::test_program_state_merging_2): Likewise.
735 * program-state.h (extrinsic_state::extrinsic_state): Remove NULL
736 default value for "eng" param.
738 2020-09-23 Tobias Burnus <tobias@codesourcery.com>
740 * analyzer-logging.cc: Guard '#pragma ... ignored "-Wformat-diag"'
741 by '#if __GNUC__ >= 10'
742 * analyzer.h: Likewise.
743 * call-string.cc: Likewise.
745 2020-09-23 David Malcolm <dmalcolm@redhat.com>
747 * engine.cc (exploded_node::on_stmt): Replace sequence of dyn_cast
750 2020-09-22 David Malcolm <dmalcolm@redhat.com>
752 * analysis-plan.cc: Include "json.h".
753 * analyzer.opt (fdump-analyzer-json): New.
754 * call-string.cc: Include "json.h".
755 (call_string::to_json): New.
756 * call-string.h (call_string::to_json): New decl.
757 * checker-path.cc: Include "json.h".
758 * constraint-manager.cc: Include "json.h".
759 (equiv_class::to_json): New.
760 (constraint::to_json): New.
761 (constraint_manager::to_json): New.
762 * constraint-manager.h (equiv_class::to_json): New decl.
763 (constraint::to_json): New decl.
764 (constraint_manager::to_json): New decl.
765 * diagnostic-manager.cc: Include "json.h".
766 (saved_diagnostic::to_json): New.
767 (diagnostic_manager::to_json): New.
768 * diagnostic-manager.h (saved_diagnostic::to_json): New decl.
769 (diagnostic_manager::to_json): New decl.
770 * engine.cc: Include "json.h", <zlib.h>.
771 (exploded_node::status_to_str): New.
772 (exploded_node::to_json): New.
773 (exploded_edge::to_json): New.
774 (exploded_graph::to_json): New.
775 (dump_analyzer_json): New.
776 (impl_run_checkers): Call it.
777 * exploded-graph.h (exploded_node::status_to_str): New decl.
778 (exploded_node::to_json): New.
779 (exploded_edge::to_json): New.
780 (exploded_graph::to_json): New.
781 * pending-diagnostic.cc: Include "json.h".
782 * program-point.cc: Include "json.h".
783 (program_point::to_json): New.
784 * program-point.h (program_point::to_json): New decl.
785 * program-state.cc: Include "json.h".
786 (extrinsic_state::to_json): New.
787 (sm_state_map::to_json): New.
788 (program_state::to_json): New.
789 * program-state.h (extrinsic_state::to_json): New decl.
790 (sm_state_map::to_json): New decl.
791 (program_state::to_json): New decl.
792 * region-model-impl-calls.cc: Include "json.h".
793 * region-model-manager.cc: Include "json.h".
794 * region-model-reachability.cc: Include "json.h".
795 * region-model.cc: Include "json.h".
796 * region-model.h (svalue::to_json): New decl.
797 (region::to_json): New decl.
798 * region.cc: Include "json.h".
799 (region::to_json: New.
800 * sm-file.cc: Include "json.h".
801 * sm-malloc.cc: Include "json.h".
802 * sm-pattern-test.cc: Include "json.h".
803 * sm-sensitive.cc: Include "json.h".
804 * sm-signal.cc: Include "json.h".
805 (signal_delivery_edge_info_t::to_json): New.
806 * sm-taint.cc: Include "json.h".
807 * sm.cc: Include "diagnostic.h", "tree-diagnostic.h", and
809 (state_machine::state::to_json): New.
810 (state_machine::to_json): New.
811 * sm.h (state_machine::state::to_json): New.
812 (state_machine::to_json): New.
813 * state-purge.cc: Include "json.h".
814 * store.cc: Include "json.h".
815 (binding_key::get_desc): New.
816 (binding_map::to_json): New.
817 (binding_cluster::to_json): New.
818 (store::to_json): New.
819 * store.h (binding_key::get_desc): New decl.
820 (binding_map::to_json): New decl.
821 (binding_cluster::to_json): New decl.
822 (store::to_json): New decl.
823 * supergraph.cc: Include "json.h".
824 (supergraph::to_json): New.
825 (supernode::to_json): New.
826 (superedge::to_json): New.
827 * supergraph.h (supergraph::to_json): New decl.
828 (supernode::to_json): New decl.
829 (superedge::to_json): New decl.
830 * svalue.cc: Include "json.h".
831 (svalue::to_json): New.
833 2020-09-21 David Malcolm <dmalcolm@redhat.com>
836 * region-model-impl-calls.cc (call_details::get_arg_type): New.
837 * region-model.cc (region_model::on_call_pre): Check that the
838 initial arg is a pointer before calling impl_call_memset and
840 * region-model.h (call_details::get_arg_type): New decl.
842 2020-09-21 David Malcolm <dmalcolm@redhat.com>
845 * sm-malloc.cc (malloc_state_machine::get_default_state): Look at
846 the base region when considering pointers. Treat pointers to
847 decls as being non-heap.
849 2020-09-18 David Malcolm <dmalcolm@redhat.com>
851 * checker-path.cc (warning_event::get_desc): Handle global state
854 2020-09-18 David Malcolm <dmalcolm@redhat.com>
856 * sm-malloc.cc (malloc_state_machine::on_stmt): Handle strdup and
857 strndup as being malloc-like allocators.
859 2020-09-16 David Malcolm <dmalcolm@redhat.com>
861 * engine.cc (strongly_connected_components::strong_connect): Only
862 consider intraprocedural edges when creating SCCs.
863 (worklist::key_t::cmp): Add comment. Treat call_string
864 differences as more important than differences of program_point
867 2020-09-16 David Malcolm <dmalcolm@redhat.com>
869 * engine.cc (supernode_cluster::dump_dot): Show the SCC id
870 in the per-supernode clusters in FILENAME.eg.dot output.
871 (exploded_graph_annotator::add_node_annotations):
872 Show the SCC of the supernode in FILENAME.supernode.eg.dot output.
873 * exploded-graph.h (worklist::scc_id): New.
874 (exploded_graph::get_scc_id): New.
876 2020-09-16 David Malcolm <dmalcolm@redhat.com>
878 * engine.cc (exploded_node::dump_dot): Show STATUS_BULK_MERGED.
879 (exploded_graph::process_worklist): Call
880 maybe_process_run_of_before_supernode_enodes.
881 (exploded_graph::maybe_process_run_of_before_supernode_enodes):
883 (exploded_graph_annotator::print_enode): Show STATUS_BULK_MERGED.
884 * exploded-graph.h (enum exploded_node::status): Add
887 2020-09-16 David Malcolm <dmalcolm@redhat.com>
890 (exploded_graph::process_node) <case PK_BEFORE_SUPERNODE>:
891 Simplify by using program_point::get_next.
892 * program-point.cc (program_point::get_next): New.
893 * program-point.h (program_point::get_next): New decl.
895 2020-09-16 David Malcolm <dmalcolm@redhat.com>
897 * engine.cc (exploded_graph::get_or_create_node): Show the
898 program point when issuing -Wanalyzer-too-complex due to hitting
899 the per-program-point limit.
901 2020-09-16 David Malcolm <dmalcolm@redhat.com>
903 * region-model.cc (region_model::on_call_pre): Treat getchar as
904 having no side-effects.
906 2020-09-15 David Malcolm <dmalcolm@redhat.com>
909 * constraint-manager.cc (merger_fact_visitor::on_fact): Replace
910 assertion that add_constraint succeeded with an assertion that
911 if it fails, -fanalyzer-transitivity is off.
913 2020-09-14 David Malcolm <dmalcolm@redhat.com>
915 * analyzer.opt (-param=analyzer-max-constraints=): New param.
916 * constraint-manager.cc
917 (constraint_manager::add_constraint_internal): Silently reject
918 attempts to add constraints when the above limit is reached.
920 2020-09-14 David Malcolm <dmalcolm@redhat.com>
923 * constraint-manager.cc
924 (constraint_manager::get_or_add_equiv_class): Don't accumulate
925 transitive closure of all constraints on constants.
927 2020-09-14 David Malcolm <dmalcolm@redhat.com>
930 * analyzer.cc (is_setjmp_call_p): Require the initial arg to be a
932 * region-model.cc (region_model::deref_rvalue): Assert that the
933 svalue is of pointer type.
935 2020-09-11 David Malcolm <dmalcolm@redhat.com>
938 * region-model-impl-calls.cc (region_model::impl_call_memcpy):
940 (region_model::impl_call_strcpy): New.
941 * region-model.cc (region_model::on_call_pre): Flag unhandled
942 builtins that are non-pure as having unknown side-effects.
943 Implement BUILT_IN_MEMCPY, BUILT_IN_MEMCPY_CHK, BUILT_IN_STRCPY,
944 BUILT_IN_STRCPY_CHK, BUILT_IN_FPRINTF, BUILT_IN_FPRINTF_UNLOCKED,
945 BUILT_IN_PUTC, BUILT_IN_PUTC_UNLOCKED, BUILT_IN_FPUTC,
946 BUILT_IN_FPUTC_UNLOCKED, BUILT_IN_FPUTS, BUILT_IN_FPUTS_UNLOCKED,
947 BUILT_IN_FWRITE, BUILT_IN_FWRITE_UNLOCKED, BUILT_IN_PRINTF,
948 BUILT_IN_PRINTF_UNLOCKED, BUILT_IN_PUTCHAR,
949 BUILT_IN_PUTCHAR_UNLOCKED, BUILT_IN_PUTS, BUILT_IN_PUTS_UNLOCKED,
950 BUILT_IN_VFPRINTF, BUILT_IN_VPRINTF.
951 * region-model.h (region_model::impl_call_memcpy): New decl.
952 (region_model::impl_call_strcpy): New decl.
954 2020-09-09 David Malcolm <dmalcolm@redhat.com>
957 * analyzer.opt (Wanalyzer-mismatching-deallocation): New warning.
958 * region-model-impl-calls.cc
959 (region_model::impl_call_operator_new): New.
960 (region_model::impl_call_operator_delete): New.
961 * region-model.cc (region_model::on_call_pre): Detect operator new
963 (region_model::on_call_post): Likewise.
964 (region_model::maybe_update_for_edge): Detect EH edges and call...
965 (region_model::apply_constraints_for_exception): New function.
966 * region-model.h (region_model::impl_call_operator_new): New decl.
967 (region_model::impl_call_operator_delete): New decl.
968 (region_model::apply_constraints_for_exception): New decl.
969 * sm-malloc.cc (enum resource_state): New.
970 (struct allocation_state): New state subclass.
973 (malloc_state_machine::custom_data_t): New typedef.
974 (malloc_state_machine::add_state): New decl.
975 (malloc_state_machine::m_unchecked)
976 (malloc_state_machine::m_nonnull)
977 (malloc_state_machine::m_freed): Delete these states in favor
979 (malloc_state_machine::m_malloc)
980 (malloc_state_machine::m_scalar_new)
981 (malloc_state_machine::m_vector_new): ...this new api instances,
982 which own their own versions of these states.
983 (malloc_state_machine::on_allocator_call): New decl.
984 (malloc_state_machine::on_deallocator_call): New decl.
985 (api::api): New ctor.
986 (dyn_cast_allocation_state): New.
987 (as_a_allocation_state): New.
992 (malloc_diagnostic::describe_state_change): Use unchecked_p and
994 (class mismatching_deallocation): New.
995 (double_free::double_free): Add funcname param for initializing
997 (double_free::emit): Use m_funcname in warning message rather
998 than hardcoding "free".
999 (double_free::describe_state_change): Likewise. Use freed_p.
1000 (double_free::describe_call_with_state): Use freed_p.
1001 (double_free::describe_final_event): Use m_funcname in message
1002 rather than hardcoding "free".
1003 (double_free::m_funcname): New field.
1004 (possible_null::describe_state_change): Use unchecked_p.
1005 (possible_null::describe_return_of_state): Likewise.
1006 (use_after_free::use_after_free): Add param for initializing m_api.
1007 (use_after_free::emit): Use m_api->m_dealloc_funcname in message
1008 rather than hardcoding "free".
1009 (use_after_free::describe_state_change): Use freed_p. Change the
1010 wording of the message based on the API.
1011 (use_after_free::describe_final_event): Use
1012 m_api->m_dealloc_funcname in message rather than hardcoding
1013 "free". Change the wording of the message based on the API.
1014 (use_after_free::m_api): New field.
1015 (malloc_leak::describe_state_change): Use unchecked_p. Update
1016 for renaming of m_malloc_event to m_alloc_event.
1017 (malloc_leak::describe_final_event): Update for renaming of
1018 m_malloc_event to m_alloc_event.
1019 (malloc_leak::m_malloc_event): Rename...
1020 (malloc_leak::m_alloc_event): ...to this.
1021 (free_of_non_heap::free_of_non_heap): Add param for initializing
1023 (free_of_non_heap::emit): Use m_funcname in message rather than
1025 (free_of_non_heap::describe_final_event): Likewise.
1026 (free_of_non_heap::m_funcname): New field.
1027 (allocation_state::dump_to_pp): New.
1028 (allocation_state::get_nonnull): New.
1029 (malloc_state_machine::malloc_state_machine): Update for changes
1030 to state fields and new api fields.
1031 (malloc_state_machine::add_state): New.
1032 (malloc_state_machine::on_stmt): Move malloc/calloc handling to
1033 on_allocator_call and call it, passing in the API pointer.
1034 Likewise for free, moving it to on_deallocator_call. Handle calls
1035 to operator new and delete in an analogous way. Use unchecked_p
1036 when testing for possibly-null-arg and possibly-null-deref, and
1037 transition to the non-null for the correct API. Remove redundant
1038 node param from call to on_zero_assignment. Use freed_p for
1039 use-after-free check, and pass in API.
1040 (malloc_state_machine::on_allocator_call): New, based on code in
1042 (malloc_state_machine::on_deallocator_call): Likewise.
1043 (malloc_state_machine::on_phi): Mark node param with
1044 ATTRIBUTE_UNUSED; don't pass it to on_zero_assignment.
1045 (malloc_state_machine::on_condition): Mark node param with
1046 ATTRIBUTE_UNUSED. Replace on_transition calls with get_state and
1047 set_next_state pairs, transitioning to the non-null state for the
1049 (malloc_state_machine::can_purge_p): Port to new state approach.
1050 (malloc_state_machine::on_zero_assignment): Replace on_transition
1051 calls with get_state and set_next_state pairs. Drop redundant
1053 * sm.h (state_machine::add_custom_state): New.
1055 2020-09-09 David Malcolm <dmalcolm@redhat.com>
1057 * diagnostic-manager.cc
1058 (null_assignment_sm_context::warn_for_state): Replace with...
1059 (null_assignment_sm_context::warn): ...this.
1060 * engine.cc (impl_sm_context::warn_for_state): Replace with...
1061 (impl_sm_context::warn): ...this.
1062 * sm-file.cc (fileptr_state_machine::on_stmt): Replace
1063 warn_for_state and on_transition calls with a get_state
1064 test guarding warn and set_next_state calls.
1065 * sm-malloc.cc (malloc_state_machine::on_stmt): Likewise.
1066 * sm-pattern-test.cc (pattern_test_state_machine::on_condition):
1067 Replace warn_for_state call with warn call.
1069 (sensitive_state_machine::warn_for_any_exposure): Replace
1070 warn_for_state call with a get_state test guarding a warn call.
1071 * sm-signal.cc (signal_state_machine::on_stmt): Likewise.
1072 * sm-taint.cc (taint_state_machine::on_stmt): Replace
1073 warn_for_state and on_transition calls with a get_state
1074 test guarding warn and set_next_state calls.
1075 * sm.h (sm_context::warn_for_state): Replace with...
1076 (sm_context::warn): ...this.
1078 2020-09-09 David Malcolm <dmalcolm@redhat.com>
1080 * diagnostic-manager.cc
1081 (null_assignment_sm_context::null_assignment_sm_context): Add old_state
1082 and ext_state params, initializing m_old_state and m_ext_state.
1083 (null_assignment_sm_context::on_transition): Split into...
1084 (null_assignment_sm_context::get_state): ...this new vfunc
1085 implementation and...
1086 (null_assignment_sm_context::set_next_state): ...this new vfunc
1088 (null_assignment_sm_context::m_old_state): New field.
1089 (null_assignment_sm_context::m_ext_state): New field.
1090 (diagnostic_manager::add_events_for_eedge): Pass in old state and
1091 ext_state when creating sm_ctxt.
1092 * engine.cc (impl_sm_context::on_transition): Split into...
1093 (impl_sm_context::get_state): ...this new vfunc
1094 implementation and...
1095 (impl_sm_context::set_next_state): ...this new vfunc
1097 * sm.h (sm_context::get_state): New pure virtual function.
1098 (sm_context::set_next_state): Likewise.
1099 (sm_context::on_transition): Convert from a pure virtual function
1100 to a regular function implemented in terms of get_state and
1103 2020-09-09 David Malcolm <dmalcolm@redhat.com>
1105 * checker-path.cc (state_change_event::get_desc): Update
1106 state_machine::get_state_name calls to state::get_name.
1107 (warning_event::get_desc): Likewise.
1108 * diagnostic-manager.cc
1109 (null_assignment_sm_context::on_transition): Update comparison
1110 against 0 with comparison with m_sm.get_start_state.
1111 (diagnostic_manager::prune_for_sm_diagnostic): Update
1112 state_machine::get_state_name calls to state::get_name.
1113 * engine.cc (impl_sm_context::on_transition): Likewise.
1114 (exploded_node::get_dot_fillcolor): Use get_id when summing
1116 * program-state.cc (sm_state_map::sm_state_map): Don't hardcode
1117 0 as the start state when initializing m_global_state.
1118 (sm_state_map::print): Use dump_to_pp rather than get_state_name
1119 when dumping states.
1120 (sm_state_map::is_empty_p): Don't hardcode 0 as the start state
1121 when examining m_global_state.
1122 (sm_state_map::hash): Use get_id when hashing states.
1123 (selftest::test_sm_state_map): Use state objects rather than
1124 arbitrary hardcoded integers.
1125 (selftest::test_program_state_merging): Likewise.
1126 (selftest::test_program_state_merging_2): Likewise.
1127 * sm-file.cc (fileptr_state_machine::m_start): Move to base class.
1128 (file_diagnostic::describe_state_change): Use get_start_state.
1129 (fileptr_state_machine::fileptr_state_machine): Drop m_start
1131 * sm-malloc.cc (malloc_state_machine::m_start): Move to base
1133 (malloc_diagnostic::describe_state_change): Use get_start_state.
1134 (possible_null::describe_state_change): Likewise.
1135 (malloc_state_machine::malloc_state_machine): Drop m_start
1137 * sm-pattern-test.cc (pattern_test_state_machine::m_start): Move
1139 (pattern_test_state_machine::pattern_test_state_machine): Drop
1140 m_start initialization.
1141 * sm-sensitive.cc (sensitive_state_machine::m_start): Move to base
1143 (sensitive_state_machine::sensitive_state_machine): Drop m_start
1145 * sm-signal.cc (signal_state_machine::m_start): Move to base
1147 (signal_state_machine::signal_state_machine): Drop m_start
1149 * sm-taint.cc (taint_state_machine::m_start): Move to base class.
1150 (taint_state_machine::taint_state_machine): Drop m_start
1152 * sm.cc (state_machine::state::dump_to_pp): New.
1153 (state_machine::state_machine): Move here from sm.h. Initialize
1154 m_next_state_id and m_start.
1155 (state_machine::add_state): Reimplement in terms of state objects.
1156 (state_machine::get_state_name): Delete.
1157 (state_machine::get_state_by_name): Reimplement in terms of state
1158 objects. Make const.
1159 (state_machine::validate): Delete.
1160 (state_machine::dump_to_pp): Reimplement in terms of state
1162 * sm.h (state_machine::state): New class.
1163 (state_machine::state_t): Convert typedef from "unsigned" to
1164 "const state_machine::state *".
1165 (state_machine::state_machine): Move to sm.cc.
1166 (state_machine::get_default_state): Use m_start rather than
1168 (state_machine::get_state_name): Delete.
1169 (state_machine::get_state_by_name): Make const.
1170 (state_machine::get_start_state): New accessor.
1171 (state_machine::alloc_state_id): New.
1172 (state_machine::m_state_names): Drop in favor of...
1173 (state_machine::m_states): New field
1174 (state_machine::m_start): New field
1175 (start_start_p): Delete.
1177 2020-09-08 David Malcolm <dmalcolm@redhat.com>
1180 * store.cc (binding_map::apply_ctor_val_to_range): Add
1181 error-handling for the cases where we have symbolic offsets.
1183 2020-09-08 David Malcolm <dmalcolm@redhat.com>
1186 * store.cc (binding_map::apply_ctor_to_region): Handle RANGE_EXPR
1187 where min_index == max_index.
1188 (binding_map::apply_ctor_val_to_range): Replace assertion that we
1189 don't have a CONSTRUCTOR value with error-handling.
1191 2020-09-08 David Malcolm <dmalcolm@redhat.com>
1194 * region-model.cc (region_model::on_call_pre): Fix guard on switch
1195 on built-ins to only consider BUILT_IN_NORMAL, rather than other
1198 2020-09-01 David Malcolm <dmalcolm@redhat.com>
1201 * region-model.cc (region_model::deref_rvalue): Add the constraint
1202 that PTR_SVAL is non-NULL.
1204 2020-08-31 David Malcolm <dmalcolm@redhat.com>
1207 * region-model.cc (region_model::on_call_pre): Handle
1208 BUILT_IN_MEMSET_CHK.
1210 2020-08-31 David Malcolm <dmalcolm@redhat.com>
1212 * region-model.cc (region_model::on_call_pre): Gather handling of
1213 builtins and of internal fns into switch statements. Handle
1214 "alloca" and BUILT_IN_ALLOCA_WITH_ALIGN.
1216 2020-08-31 David Malcolm <dmalcolm@redhat.com>
1219 * region.cc (decl_region::get_svalue_for_constructor): Support
1220 apply_ctor_to_region failing.
1221 * store.cc (binding_map::apply_ctor_to_region): Add failure
1223 (binding_map::apply_ctor_val_to_range): Likewise.
1224 (binding_map::apply_ctor_pair_to_child_region): Likewise. Replace
1225 assertion that child_base_offset is not symbolic with error
1227 * store.h (binding_map::apply_ctor_to_region): Convert return type
1229 (binding_map::apply_ctor_val_to_range): Likewise.
1230 (binding_map::apply_ctor_pair_to_child_region): Likewise.
1232 2020-08-31 David Malcolm <dmalcolm@redhat.com>
1235 * store.cc (binding_map::apply_ctor_to_region): Handle RANGE_EXPR
1236 by calling a new binding_map::apply_ctor_val_to_range subroutine.
1237 Split out the existing non-CONSTRUCTOR-handling code to a new
1238 apply_ctor_pair_to_child_region subroutine.
1239 (binding_map::apply_ctor_val_to_range): New.
1240 (binding_map::apply_ctor_pair_to_child_region): New, split out
1241 from binding_map::apply_ctor_to_region as noted above.
1242 * store.h (binding_map::apply_ctor_val_to_range): New decl.
1243 (binding_map::apply_ctor_pair_to_child_region): New decl.
1245 2020-08-31 David Malcolm <dmalcolm@redhat.com>
1248 * region-model-manager.cc
1249 (region_model_manager::maybe_fold_unaryop): Handle VIEW_CONVERT_EXPR.
1250 (region_model_manager::get_or_create_cast): Move logic for
1251 real->integer casting to...
1252 (get_code_for_cast): ...this new function, and add logic for
1253 real->non-integer casts.
1254 (region_model_manager::maybe_fold_sub_svalue): Handle
1257 (region_model::add_any_constraints_from_gassign): Likewise.
1258 * svalue.cc (svalue::maybe_undo_cast): Likewise.
1259 (unaryop_svalue::dump_to_pp): Likewise.
1261 2020-08-26 David Malcolm <dmalcolm@redhat.com>
1264 * region-model-manager.cc
1265 (region_model_manager::get_or_create_widening_svalue): Assert that
1266 neither of the inputs are themselves widenings.
1267 * store.cc (store::eval_alias_1): The initial value of a pointer
1268 can't point to a region that was allocated on the heap after the
1269 beginning of the path. A widened pointer value can't alias anything
1270 that the initial pointer value can't alias.
1271 * svalue.cc (svalue::can_merge_p): Merge BINOP (X, OP, CST) with X
1272 to a widening svalue. Merge
1273 BINOP(WIDENING(BASE, BINOP(BASE, X)), X) and BINOP(BASE, X) to
1274 to the LHS of the first BINOP.
1276 2020-08-26 David Malcolm <dmalcolm@redhat.com>
1279 * region-model.h (class compound_svalue): Document that all keys
1281 (compound_svalue::compound_svalue): Move definition to svalue.cc.
1282 * store.cc (binding_map::apply_ctor_to_region): Handle
1283 initializers for trailing arrays with incomplete size.
1284 * svalue.cc (compound_svalue::compound_svalue): Move definition
1285 here from region-model.h. Add assertion that all keys are
1288 2020-08-22 David Malcolm <dmalcolm@redhat.com>
1291 * region-model-manager.cc
1292 (region_model_manager::maybe_fold_binop): Fold bitwise "& 0" to 0.
1294 2020-08-22 David Malcolm <dmalcolm@redhat.com>
1296 * store.cc (store::eval_alias): Make const. Split out 2nd half
1297 into store::eval_alias_1 and call it twice for symmetry, avoiding
1299 (store::eval_alias_1): New function, split out from the above.
1300 * store.h (store::eval_alias): Make const.
1301 (store::eval_alias_1): New decl.
1303 2020-08-22 David Malcolm <dmalcolm@redhat.com>
1305 * region-model.cc (region_model::push_frame): Bind the default
1306 SSA name for each parm if it exists, falling back to the parm
1307 itself otherwise, rather than doing both.
1309 2020-08-20 David Malcolm <dmalcolm@redhat.com>
1312 * region-model-manager.cc
1313 (region_model_manager::get_field_region): Assert that field is a
1315 * region.cc (region::get_subregions_for_binding): In
1316 union-handling, filter the TYPE_FIELDS traversal to just FIELD_DECLs.
1318 2020-08-20 David Malcolm <dmalcolm@redhat.com>
1321 * region-model.cc (region_model::get_gassign_result): For
1322 comparisons, only use eval_condition when the lhs has boolean
1323 type, and use get_or_create_constant_svalue on the boolean
1324 constants directly rather than via get_rvalue.
1326 2020-08-19 David Malcolm <dmalcolm@redhat.com>
1329 * region-model.cc (region_model::deref_rvalue): Rather than
1330 attempting to handle all svalue kinds in the switch, only cover
1331 the special cases, and move symbolic-region handling to after
1332 the switch, thus implicitly handling the missing case SK_COMPOUND.
1334 2020-08-19 David Malcolm <dmalcolm@redhat.com>
1337 * region-model-manager.cc
1338 (region_model_manager::maybe_fold_binop): Check that we have an
1339 integral type before calling build_int_cst.
1341 2020-08-19 David Malcolm <dmalcolm@redhat.com>
1344 * region-model-manager.cc
1345 (region_model_manager::get_or_create_cast): Use FIX_TRUNC_EXPR for
1346 casting from REAL_TYPE to INTEGER_TYPE.
1348 2020-08-19 David Malcolm <dmalcolm@redhat.com>
1351 * region-model.cc (region_model::called_from_main_p): New.
1352 (region_model::get_store_value): Move handling for globals into...
1353 (region_model::get_initial_value_for_global): ...this new
1354 function, and add logic for extracting values from decl
1356 * region-model.h (decl_region::get_svalue_for_constructor): New
1358 (decl_region::get_svalue_for_initializer): New decl.
1359 (region_model::called_from_main_p): New decl.
1360 (region_model::get_initial_value_for_global): New.
1361 * region.cc (decl_region::maybe_get_constant_value): Move logic
1362 for getting an svalue from a CONSTRUCTOR node to...
1363 (decl_region::get_svalue_for_constructor): ...this new function.
1364 (decl_region::get_svalue_for_initializer): New.
1365 * store.cc (get_svalue_for_ctor_val): Rewrite in terms of
1366 region_model::get_rvalue.
1367 * store.h (binding_cluster::get_map): New accessor.
1369 2020-08-19 David Malcolm <dmalcolm@redhat.com>
1372 * region.cc (get_field_at_bit_offset): Gracefully handle negative
1373 values for bit_offset.
1375 2020-08-18 David Malcolm <dmalcolm@redhat.com>
1377 * region-model.cc (region_model::get_rvalue_1): Fix name of local.
1379 2020-08-18 David Malcolm <dmalcolm@redhat.com>
1382 * region-model.cc (region_model::get_rvalue_1): Handle
1383 unrecognized tree codes by returning "UNKNOWN.
1385 2020-08-18 David Malcolm <dmalcolm@redhat.com>
1388 * region-model.cc (region_model::get_gassign_result): Handle various
1389 VEC_* tree codes by returning UNKNOWN.
1390 (region_model::on_assignment): Handle unrecognized tree codes by
1391 setting lhs to an unknown value, rather than issuing a "sorry" and
1394 2020-08-17 David Malcolm <dmalcolm@redhat.com>
1397 * region-model-manager.cc (get_region_for_unexpected_tree_code):
1398 Handle ctxt being NULL.
1400 2020-08-17 David Malcolm <dmalcolm@redhat.com>
1403 * region.cc (region::get_subregions_for_binding): Check for "type"
1406 2020-08-17 David Malcolm <dmalcolm@redhat.com>
1409 * store.cc (get_svalue_for_ctor_val): New.
1410 (binding_map::apply_ctor_to_region): Call it.
1412 2020-08-14 David Malcolm <dmalcolm@redhat.com>
1416 * region-model.cc (region_model::get_store_value): Call
1417 maybe_get_constant_value on decl_regions first.
1418 * region-model.h (decl_region::maybe_get_constant_value): New decl.
1419 * region.cc (decl_region::get_stack_depth): Likewise.
1420 (decl_region::maybe_get_constant_value): New.
1421 * store.cc (get_subregion_within_ctor): New.
1422 (binding_map::apply_ctor_to_region): New.
1423 * store.h (binding_map::apply_ctor_to_region): New decl.
1425 2020-08-14 David Malcolm <dmalcolm@redhat.com>
1428 * store.cc (store::mark_as_escaped): Reject attempts to
1429 get a cluster for an unknown pointer.
1431 2020-08-13 David Malcolm <dmalcolm@redhat.com>
1447 * analyzer-logging.cc: Ignore "-Wformat-diag".
1448 (logger::enter_scope): Use inc_indent in both overloads.
1449 (logger::exit_scope): Use dec_indent.
1450 * analyzer-logging.h (logger::inc_indent): New.
1451 (logger::dec_indent): New.
1452 * analyzer-selftests.cc (run_analyzer_selftests): Call
1453 analyzer_store_cc_tests.
1454 * analyzer-selftests.h (analyzer_store_cc_tests): New decl.
1455 * analyzer.cc (get_stmt_location): New function.
1456 * analyzer.h (class initial_svalue): New forward decl.
1457 (class unaryop_svalue): New forward decl.
1458 (class binop_svalue): New forward decl.
1459 (class sub_svalue): New forward decl.
1460 (class unmergeable_svalue): New forward decl.
1461 (class placeholder_svalue): New forward decl.
1462 (class widening_svalue): New forward decl.
1463 (class compound_svalue): New forward decl.
1464 (class conjured_svalue): New forward decl.
1465 (svalue_set): New typedef.
1466 (class map_region): Delete.
1467 (class array_region): Delete.
1468 (class frame_region): New forward decl.
1469 (class function_region): New forward decl.
1470 (class label_region): New forward decl.
1471 (class decl_region): New forward decl.
1472 (class element_region): New forward decl.
1473 (class offset_region): New forward decl.
1474 (class cast_region): New forward decl.
1475 (class field_region): New forward decl.
1476 (class string_region): New forward decl.
1477 (class region_model_manager): New forward decl.
1478 (class store_manager): New forward decl.
1479 (class store): New forward decl.
1480 (class call_details): New forward decl.
1481 (struct svalue_id_merger_mapping): Delete.
1482 (struct canonicalization): Delete.
1483 (class function_point): New forward decl.
1484 (class engine): New forward decl.
1485 (dump_tree): New function decl.
1486 (print_quoted_type): New function decl.
1487 (readability_comparator): New function decl.
1488 (tree_cmp): New function decl.
1489 (class path_var): Move here from region-model.h
1490 (bit_offset_t, bit_size_t, byte_size_t): New typedefs.
1491 (class region_offset): New class.
1492 (get_stmt_location): New decl.
1493 (struct member_function_hash_traits): New struct.
1494 (class consolidation_map): New class.
1495 Ignore "-Wformat-diag".
1496 * analyzer.opt (-param=analyzer-max-svalue-depth=): New param.
1497 (-param=analyzer-max-enodes-for-full-dump=): New param.
1498 * call-string.cc: Ignore -Wformat-diag.
1499 * checker-path.cc: Move includes of "analyzer/call-string.h" and
1500 "analyzer/program-point.h" to before "analyzer/region-model.h",
1501 and also include "analyzer/store.h" before it.
1502 (state_change_event::state_change_event): Replace "tree var" param
1503 with "const svalue *sval". Convert "origin" param from tree to
1505 (state_change_event::get_desc): Call get_representative_tree to
1506 convert the var and origin from const svalue * to tree. Use
1507 svalue::get_desc rather than %qE when describing state changes.
1508 (checker_path::add_final_event): Use get_stmt_location.
1509 * checker-path.h (state_change_event::state_change_event): Port
1510 from tree to const svalue *.
1511 (state_change_event::get_lvalue): Delete.
1512 (state_change_event::get_dest_function): New.
1513 (state_change_event::m_var): Replace with...
1514 (state_change_event::m_sval): ...this.
1515 (state_change_event::m_origin): Convert from tree to
1517 * constraint-manager.cc: Include "analyzer/call-string.h",
1518 "analyzer/program-point.h", and "analyzer/store.h" before
1519 "analyzer/region-model.h".
1520 (struct bound, struct range): Move to constraint-manager.h.
1521 (compare_constants): New function.
1522 (range::dump): Rename to...
1523 (range::dump_to_pp): ...this. Support NULL constants.
1524 (range::dump): Reintroduce for dumping to stderr.
1525 (range::constrained_to_single_element): Return result, rather than
1527 (range::eval_condition): New.
1528 (range::below_lower_bound): New.
1529 (range::above_upper_bound): New.
1530 (equiv_class::equiv_class): Port from svalue_id to const svalue *.
1531 (equiv_class::print): Likewise.
1532 (equiv_class::hash): Likewise.
1533 (equiv_class::operator==): Port from svalue_id to const svalue *.
1534 (equiv_class::add): Port from svalue_id to const svalue *. Drop
1536 (equiv_class::del): Port from svalue_id to const svalue *.
1537 (equiv_class::get_representative): Likewise.
1538 (equiv_class::remap_svalue_ids): Delete.
1539 (svalue_id_cmp_by_id): Rename to...
1540 (svalue_cmp_by_ptr): ...this, porting from svalue_id to
1542 (equiv_class::canonicalize): Update qsort comparator.
1543 (constraint::implied_by): New.
1544 (constraint_manager::constraint_manager): Copy m_mgr in copy ctor.
1545 (constraint_manager::dump_to_pp): Add "multiline" param
1546 (constraint_manager::dump): Pass "true" for "multiline".
1547 (constraint_manager::add_constraint): Port from svalue_id to
1548 const svalue *. Split out second part into...
1549 (constraint_manager::add_unknown_constraint): ...this new
1550 function. Remove self-constraints when merging equivalence
1552 (constraint_manager::add_constraint_internal): Remove constraints
1553 that would be implied by the new constraint. Port from svalue_id
1555 (constraint_manager::get_equiv_class_by_sid): Rename to...
1556 (constraint_manager::get_equiv_class_by_svalue): ...this, porting
1557 from svalue_id to const svalue *.
1558 (constraint_manager::get_or_add_equiv_class): Port from svalue_id
1560 (constraint_manager::eval_condition): Make const. Call
1561 compare_constants and return early if it provides a known result.
1562 (constraint_manager::get_ec_bounds): New.
1563 (constraint_manager::eval_condition): New overloads. Make
1564 existing one const, and use compare_constants.
1565 (constraint_manager::purge): Convert "p" param to a template
1566 rather that an abstract base class. Port from svalue_id to
1568 (class dead_svalue_purger): New class.
1569 (constraint_manager::remap_svalue_ids): Delete.
1570 (constraint_manager::on_liveness_change): New.
1571 (equiv_class_cmp): Port from svalue_id to const svalue *.
1572 (constraint_manager::canonicalize): Likewise. Combine with
1573 purging of redundant equivalence classes and constraints.
1574 (class cleaned_constraint_manager): Delete.
1575 (class merger_fact_visitor): Make "m_cm_b" const. Add "m_merger"
1577 (merger_fact_visitor::fact): Port from svalue_id to const svalue *.
1578 Add special case for widening.
1579 (constraint_manager::merge): Port from svalue_id to const svalue *.
1580 (constraint_manager::clean_merger_input): Delete.
1581 (constraint_manager::for_each_fact): Port from svalue_id to
1583 (constraint_manager::validate): Likewise.
1584 (selftest::test_constraint_conditions): Provide a
1585 region_model_manager when creating region_model instances.
1586 Add test for self-equality not creating equivalence classes.
1587 (selftest::test_transitivity): Provide a region_model_manager when
1588 creating region_model instances. Verify that EC-merging happens
1589 when constraints are implied.
1590 (selftest::test_constant_comparisons): Provide a
1591 region_model_manager when creating region_model instances.
1592 (selftest::test_constraint_impl): Likewise. Remove over-specified
1594 (selftest::test_equality): Provide a region_model_manager when
1595 creating region_model instances.
1596 (selftest::test_many_constants): Likewise. Provide a
1597 program_point when testing merging.
1598 (selftest::run_constraint_manager_tests): Move call to
1599 test_constant_comparisons to outside the transitivity guard.
1600 * constraint-manager.h (struct bound): Move here from
1601 constraint-manager.cc.
1602 (struct range): Likewise.
1603 (struct::eval_condition): New decl.
1604 (struct::below_lower_bound): New decl.
1605 (struct::above_upper_bound): New decl.
1606 (equiv_class::add): Port from svalue_id to const svalue *.
1607 (equiv_class::del): Likewise.
1608 (equiv_class::get_representative): Likewise.
1609 (equiv_class::remap_svalue_ids): Drop.
1610 (equiv_class::m_cst_sid): Convert to..
1611 (equiv_class::m_cst_sval): ...this.
1612 (equiv_class::m_vars): Port from svalue_id to const svalue *.
1613 (constraint::bool implied_by): New decl.
1614 (fact_visitor::on_fact): Port from svalue_id to const svalue *.
1615 (constraint_manager::constraint_manager): Add mgr param.
1616 (constraint_manager::clone): Delete.
1617 (constraint_manager::maybe_get_constant): Delete.
1618 (constraint_manager::get_sid_for_constant): Delete.
1619 (constraint_manager::get_num_svalues): Delete.
1620 (constraint_manager::dump_to_pp): Add "multiline" param.
1621 (constraint_manager::get_equiv_class): Port from svalue_id to
1623 (constraint_manager::add_constraint): Likewise.
1624 (constraint_manager::get_equiv_class_by_sid): Rename to...
1625 (constraint_manager::get_equiv_class_by_svalue): ...this, porting
1626 from svalue_id to const svalue *.
1627 (constraint_manager::add_unknown_constraint): New decl.
1628 (constraint_manager::get_or_add_equiv_class): Port from svalue_id
1630 (constraint_manager::eval_condition): Likewise. Add overloads.
1631 (constraint_manager::get_ec_bounds): New decl.
1632 (constraint_manager::purge): Convert to template.
1633 (constraint_manager::remap_svalue_ids): Delete.
1634 (constraint_manager::on_liveness_change): New decl.
1635 (constraint_manager::canonicalize): Drop param.
1636 (constraint_manager::clean_merger_input): Delete.
1637 (constraint_manager::m_mgr): New field.
1638 * diagnostic-manager.cc: Move includes of
1639 "analyzer/call-string.h" and "analyzer/program-point.h" to before
1640 "analyzer/region-model.h", and also include "analyzer/store.h"
1642 (saved_diagnostic::saved_diagnostic): Add "sval" param.
1643 (diagnostic_manager::diagnostic_manager): Add engine param.
1644 (diagnostic_manager::add_diagnostic): Add "sval" param, passing it
1645 to saved_diagnostic ctor. Update overload to pass NULL for it.
1646 (dedupe_winners::dedupe_winners): Add engine param.
1647 (dedupe_winners::add): Add "eg" param. Pass m_engine to
1649 (dedupe_winner::m_engine): New field.
1650 (diagnostic_manager::emit_saved_diagnostics): Pass engine to
1651 dedupe_winners. Pass &eg when adding candidates. Pass svalue
1652 rather than tree to prune_path. Use get_stmt_location to get
1653 primary location of diagnostic.
1654 (diagnostic_manager::emit_saved_diagnostic): Likewise.
1655 (get_any_origin): Drop.
1656 (state_change_event_creator::on_global_state_change): Pass NULL
1657 const svalue * rather than NULL_TREE trees to state_change_event
1659 (state_change_event_creator::on_state_change): Port from tree and
1660 svalue_id to const svalue *.
1661 (for_each_state_change): Port from svalue_id to const svalue *.
1662 (struct null_assignment_sm_context): New.
1663 (diagnostic_manager::add_events_for_eedge): Add state change
1664 events for assignment to NULL.
1665 (diagnostic_manager::prune_path): Update param from tree to
1667 (diagnostic_manager::prune_for_sm_diagnostic): Port from tracking
1668 by tree to by const svalue *.
1669 * diagnostic-manager.h (saved_diagnostic::saved_diagnostic): Add sval
1671 (saved_diagnostic::m_sval): New field.
1672 (diagnostic_manager::diagnostic_manager): Add engine param.
1673 (diagnostic_manager::get_engine): New.
1674 (diagnostic_manager::add_diagnostic): Add "sval" param.
1675 (diagnostic_manager::prune_path): Likewise.
1676 (diagnostic_manager::prune_for_sm_diagnostic): New overload.
1677 (diagnostic_manager::m_eng): New field.
1678 * engine.cc: Move includes of "analyzer/call-string.h" and
1679 "analyzer/program-point.h" to before "analyzer/region-model.h",
1680 and also include "analyzer/store.h" before it.
1681 (impl_region_model_context::impl_region_model_context): Update for
1682 removal of m_change field.
1683 (impl_region_model_context::remap_svalue_ids): Delete.
1684 (impl_region_model_context::on_svalue_leak): New.
1685 (impl_region_model_context::on_svalue_purge): Delete.
1686 (impl_region_model_context::on_liveness_change): New.
1687 (impl_region_model_context::on_unknown_change): Update param
1688 from svalue_id to const svalue *. Add is_mutable param.
1689 (setjmp_svalue::compare_fields): Delete.
1690 (setjmp_svalue::accept): New.
1691 (setjmp_svalue::add_to_hash): Delete.
1692 (setjmp_svalue::dump_to_pp): New.
1693 (setjmp_svalue::print_details): Delete.
1694 (impl_sm_context::impl_sm_context): Drop "change" param.
1695 (impl_sm_context::get_fndecl_for_call): Drop "m_change".
1696 (impl_sm_context::on_transition): Drop ATTRIBUTE_UNUSED from
1697 "stmt" param. Drop m_change. Port from svalue_id to
1699 (impl_sm_context::warn_for_state): Drop m_change. Port from
1700 svalue_id to const svalue *.
1701 (impl_sm_context::get_readable_tree): Rename to...
1702 (impl_sm_context::get_diagnostic_tree): ...this. Port from
1703 svalue_id to const svalue *.
1704 (impl_sm_context::is_zero_assignment): New.
1705 (impl_sm_context::m_change): Delete field.
1706 (leak_stmt_finder::find_stmt): Handle m_var being NULL.
1707 (readability): Increase penalty for MEM_REF. For SSA_NAMEs,
1708 slightly favor the underlying var over the SSA name. Heavily
1709 penalize temporaries. Handle RESULT_DECL.
1710 (readability_comparator): Make non-static. Consider stack depths.
1711 (impl_region_model_context::on_state_leak): Convert from svalue_id
1712 to const svalue *, updating for region_model changes. Use
1714 (impl_region_model_context::on_inherited_svalue): Delete.
1715 (impl_region_model_context::on_cast): Delete.
1716 (impl_region_model_context::on_condition): Drop m_change.
1717 (impl_region_model_context::on_phi): Likewise.
1718 (impl_region_model_context::on_unexpected_tree_code): Handle t
1720 (point_and_state::validate): Update stack checking for
1721 region_model changes.
1722 (eg_traits::dump_args_t::show_enode_details_p): New.
1723 (exploded_node::exploded_node): Initialize m_num_processed_stmts.
1724 (exploded_node::get_processed_stmt): New function.
1725 (exploded_node::get_dot_fillcolor): Add more colors.
1726 (exploded_node::dump_dot): Guard the printing of the point and
1727 state with show_enode_details_p. Print the processed stmts for
1728 this enode after the initial state.
1729 (exploded_node::dump_to_pp): Pass true for new multiline param
1730 of program_state::dump_to_pp.
1731 (exploded_node::on_stmt): Drop "change" param. Log the stmt.
1732 Set input_location. Implement __analyzer_describe. Update
1733 implementation of __analyzer_dump and __analyzer_eval.
1734 Remove purging of sm-state for unknown fncalls from here.
1735 (exploded_node::on_edge): Drop "change" param.
1736 (exploded_node::on_longjmp): Port from region_id/svalue_id to
1737 const region */const svalue *. Call program_state::detect_leaks.
1739 (exploded_node::detect_leaks): Update for changes to region_model.
1740 Call program_state::detect_leaks.
1741 (exploded_edge::exploded_edge): Drop ext_state and change params.
1742 (exploded_edge::dump_dot): "args" is no longer used. Drop dumping
1744 (exploded_graph::exploded_graph): Pass engine to
1745 m_diagnostic_manager ctor. Use program_point::origin.
1746 (exploded_graph::add_function_entry): Drop ctxt. Use
1747 program_state::push_frame. Drop state_change.
1748 (exploded_graph::get_or_create_node): Drop "change" param. Add
1749 "enode_for_diag" param. Update dumping calls for API changes.
1750 Pass point to can_merge_with_p. Show enode indices
1751 within -Wanalyzer-too-complex diagnostic for hitting the per-point
1753 (exploded_graph::add_edge): Drop "change" param. Log which nodes
1754 are being connected. Update for changes to exploded_edge ctor.
1755 (exploded_graph::get_per_program_point_data): New.
1756 (exploded_graph::process_worklist): Pass point to
1757 can_merge_with_p. Drop state_change. Update dumping call for API
1759 (exploded_graph::process_node): Drop state_change. Split the
1760 node in-place if an sm-state-change occurs. Update
1761 m_num_processed_stmts. Update dumping calls for API change.
1762 (exploded_graph::log_stats): Call engine::log_stats.
1763 (exploded_graph::dump_states_for_supernode): Update dumping
1765 (exploded_path::feasible_p): Add "eng" and "eg" params.
1766 Rename "i" to "end_idx". Pass the manager to the region_model
1767 ctor. Update for every processed stmt in the enode, not just the
1768 first. Keep track of which snodes have been visited, and call
1769 loop_replay_fixup when revisiting one.
1770 (enode_label::get_text): Update dump call for new param.
1771 (exploded_graph::dump_exploded_nodes): Likewise.
1772 (exploded_graph::get_node_by_index): New.
1773 (impl_run_checkers): Create engine instance and pass its address
1774 to extrinsic_state ctor.
1776 (impl_region_model_context::impl_region_model_context): Drop
1778 (impl_region_model_context::void remap_svalue_ids): Delete.
1779 (impl_region_model_context::on_svalue_purge): Delete.
1780 (impl_region_model_context::on_svalue_leak): New.
1781 (impl_region_model_context::on_liveness_change): New.
1782 (impl_region_model_context::on_state_leak): Update signature.
1783 (impl_region_model_context::on_inherited_svalue): Delete.
1784 (impl_region_model_context::on_cast): Delete.
1785 (impl_region_model_context::on_unknown_change): Update signature.
1786 (impl_region_model_context::m_change): Delete.
1787 (eg_traits::dump_args_t::show_enode_details_p): New.
1788 (exploded_node::on_stmt): Drop "change" param.
1789 (exploded_node::on_edge): Likewise.
1790 (exploded_node::get_processed_stmt): New decl.
1791 (exploded_node::m_num_processed_stmts): New field.
1792 (exploded_edge::exploded_edge): Drop ext_state and change params.
1793 (exploded_edge::m_change): Delete.
1794 (exploded_graph::get_engine): New accessor.
1795 (exploded_graph::get_or_create_node): Drop "change" param. Add
1796 "enode_for_diag" param.
1797 (exploded_graph::add_edge): Drop "change" param.
1798 (exploded_graph::get_per_program_point_data): New decl.
1799 (exploded_graph::get_node_by_index): New decl.
1800 (exploded_path::feasible_p): Add "eng" and "eg" params.
1801 * program-point.cc: Include "analyzer/store.h" before including
1802 "analyzer/region-model.h".
1803 (function_point::function_point): Move here from
1805 (function_point::get_function): Likewise.
1806 (function_point::from_function_entry): Likewise.
1807 (function_point::before_supernode): Likewise.
1808 (function_point::next_stmt): New function.
1809 * program-point.h (function_point::function_point): Move
1810 implementation from here to program-point.cc.
1811 (function_point::get_function): Likewise.
1812 (function_point::from_function_entry): Likewise.
1813 (function_point::before_supernode): Likewise.
1814 (function_point::next_stmt): New decl.
1815 (program_point::operator!=): New.
1816 (program_point::origin): New.
1817 (program_point::next_stmt): New.
1818 (program_point::m_function_point): Make non-const.
1819 * program-state.cc: Move includes of "analyzer/call-string.h" and
1820 "analyzer/program-point.h" to before "analyzer/region-model.h",
1821 and also include "analyzer/store.h" before it.
1822 (extrinsic_state::get_model_manager): New.
1823 (sm_state_map::sm_state_map): Pass in sm and sm_idx to ctor,
1824 rather than pass the around.
1825 (sm_state_map::clone_with_remapping): Delete.
1826 (sm_state_map::print): Remove "sm" param in favor of "m_sm". Add
1827 "simple" and "multiline" params and support multiline vs single
1829 (sm_state_map::dump): Remove "sm" param in favor of "m_sm". Add
1831 (sm_state_map::hash): Port from svalue_id to const svalue *.
1832 (sm_state_map::operator==): Likewise.
1833 (sm_state_map::get_state): Likewise. Call canonicalize_svalue on
1834 input. Handle inheritance of sm-state. Call get_default_state.
1835 (sm_state_map::get_origin): Port from svalue_id to const svalue *.
1836 (sm_state_map::set_state): Likewise. Pass in ext_state. Reject
1837 attempts to set state on UNKNOWN.
1838 (sm_state_map::impl_set_state): Port from svalue_id to
1839 const svalue *. Pass in ext_state. Call canonicalize_svalue on
1841 (sm_state_map::purge_for_unknown_fncall): Delete.
1842 (sm_state_map::on_svalue_leak): New.
1843 (sm_state_map::remap_svalue_ids): Delete.
1844 (sm_state_map::on_liveness_change): New.
1845 (sm_state_map::on_unknown_change): Reimplement.
1846 (sm_state_map::on_svalue_purge): Delete.
1847 (sm_state_map::on_inherited_svalue): Delete.
1848 (sm_state_map::on_cast): Delete.
1849 (sm_state_map::validate): Delete.
1850 (sm_state_map::canonicalize_svalue): New.
1851 (program_state::program_state): Update to pass manager to
1852 region_model's ctor. Constify num_states and pass state machine
1853 and index to sm_state_map ctor.
1854 (program_state::print): Update for changes to dump API.
1855 (program_state::dump_to_pp): Ignore the summarize param. Add
1857 (program_state::dump_to_file): Add "multiline" param.
1858 (program_state::dump): Pass "true" for new "multiline" param.
1859 (program_state::push_frame): New.
1860 (program_state::on_edge): Drop "change" param. Call
1861 program_state::detect_leaks.
1862 (program_state::prune_for_point): Add enode_for_diag param.
1863 Reimplement based on store class. Call detect_leaks
1864 (program_state::remap_svalue_ids): Delete.
1865 (program_state::get_representative_tree): Port from svalue_id to
1867 (program_state::can_merge_with_p): Add "point" param. Add early
1868 reject for sm-differences. Drop id remapping.
1869 (program_state::validate): Drop region model and sm_state_map
1871 (state_change::sm_change::dump): Delete.
1872 (state_change::sm_change::remap_svalue_ids): Delete.
1873 (state_change::sm_change::on_svalue_purge): Delete.
1874 (log_set_of_svalues): New.
1875 (state_change::sm_change::validate): Delete.
1876 (state_change::state_change): Delete.
1877 (state_change::add_sm_change): Delete.
1878 (state_change::affects_p): Delete.
1879 (state_change::dump): Delete.
1880 (state_change::remap_svalue_ids): Delete.
1881 (state_change::on_svalue_purge): Delete.
1882 (state_change::validate): Delete.
1883 (selftest::assert_dump_eq): Delete.
1884 (ASSERT_DUMP_EQ): Delete.
1885 (selftest::test_sm_state_map): Update for changes to region_model
1886 and sm_state_map, porting from svalue_id to const svalue *.
1887 (selftest::test_program_state_dumping): Likewise. Drop test of
1888 dumping, renaming to...
1889 (selftest::test_program_state_1): ...this.
1890 (selftest::test_program_state_dumping_2): Likewise, renaming to...
1891 (selftest::test_program_state_2): ...this.
1892 (selftest::test_program_state_merging): Update for changes to
1894 (selftest::test_program_state_merging_2): Likewise.
1895 (selftest::analyzer_program_state_cc_tests): Update for renamed
1897 * program-state.h (extrinsic_state::extrinsic_state): Add logger
1899 (extrinsic_state::get_logger): New accessor.
1900 (extrinsic_state::get_engine): New accessor.
1901 (extrinsic_state::get_model_manager): New accessor.
1902 (extrinsic_state::m_logger): New field.
1903 (extrinsic_state::m_engine): New field.
1904 (struct default_hash_traits<svalue_id>): Delete.
1905 (pod_hash_traits<svalue_id>::hash): Delete.
1906 (pod_hash_traits<svalue_id>::equal): Delete.
1907 (pod_hash_traits<svalue_id>::mark_deleted): Delete.
1908 (pod_hash_traits<svalue_id>::mark_empty): Delete.
1909 (pod_hash_traits<svalue_id>::is_deleted): Delete.
1910 (pod_hash_traits<svalue_id>::is_empty): Delete.
1911 (sm_state_map::entry_t::entry_t): Port from svalue_id to
1913 (sm_state_map::entry_t::m_origin): Likewise.
1914 (sm_state_map::map_t): Likewise.
1915 (sm_state_map::sm_state_map): Add state_machine and index params.
1916 (sm_state_map::clone_with_remapping): Delete.
1917 (sm_state_map::print): Drop sm param; add simple and multiline
1919 (sm_state_map::dump): Drop sm param; add simple param.
1920 (sm_state_map::get_state): Port from svalue_id to const svalue *.
1921 Add ext_state param.
1922 (sm_state_map::get_origin): Likewise.
1923 (sm_state_map::set_state): Likewise.
1924 (sm_state_map::impl_set_state): Likewise.
1925 (sm_state_map::purge_for_unknown_fncall): Delete.
1926 (sm_state_map::remap_svalue_ids): Delete.
1927 (sm_state_map::on_svalue_purge): Delete.
1928 (sm_state_map::on_svalue_leak): New.
1929 (sm_state_map::on_liveness_change): New.
1930 (sm_state_map::on_inherited_svalue): Delete.
1931 (sm_state_map::on_cast): Delete.
1932 (sm_state_map::validate): Delete.
1933 (sm_state_map::on_unknown_change): Port from svalue_id to
1934 const svalue *. Add is_mutable and ext_state params.
1935 (sm_state_map::canonicalize_svalue): New.
1936 (sm_state_map::m_sm): New field.
1937 (sm_state_map::m_sm_idx): New field.
1938 (program_state::operator=): Delete.
1939 (program_state::dump_to_pp): Drop "summarize" param, adding
1940 "simple" and "multiline".
1941 (program_state::dump_to_file): Likewise.
1942 (program_state::dump): Rename "summarize" to "simple".
1943 (program_state::push_frame): New.
1944 (program_state::get_current_function): New.
1945 (program_state::on_edge): Drop "change" param.
1946 (program_state::prune_for_point): Likewise. Add enode_for_diag
1948 (program_state::remap_svalue_ids): Delete.
1949 (program_state::get_representative_tree): Port from svalue_id to
1951 (program_state::can_purge_p): Likewise. Pass ext_state to get_state.
1952 (program_state::can_merge_with_p): Add point param.
1953 (program_state::detect_leaks): New.
1954 (state_change_visitor::on_state_change): Port from tree and
1955 svalue_id to a pair of const svalue *.
1956 (class state_change): Delete.
1957 * region.cc: New file.
1958 * region-model-impl-calls.cc: New file.
1959 * region-model-manager.cc: New file.
1960 * region-model-reachability.cc: New file.
1961 * region-model-reachability.h: New file.
1962 * region-model.cc: Include "analyzer/call-string.h",
1963 "analyzer/program-point.h", and "analyzer/store.h" before
1964 "analyzer/region-model.h". Include
1965 "analyzer/region-model-reachability.h".
1966 (dump_tree): Make non-static.
1967 (dump_quoted_tree): Make non-static.
1968 (print_quoted_type): Make non-static.
1969 (path_var::dump): Delete.
1970 (dump_separator): Delete.
1971 (class impl_constraint_manager): Delete.
1972 (svalue_id::print): Delete.
1973 (svalue_id::dump_node_name_to_pp): Delete.
1974 (svalue_id::validate): Delete.
1975 (region_id::print): Delete.
1976 (region_id::dump_node_name_to_pp): Delete.
1977 (region_id::validate): Delete.
1978 (region_id_set::region_id_set): Delete.
1979 (svalue_id_set::svalue_id_set): Delete.
1980 (svalue::operator==): Delete.
1981 (svalue::hash): Delete.
1982 (svalue::print): Delete.
1983 (svalue::dump_dot_to_pp): Delete.
1984 (svalue::remap_region_ids): Delete.
1985 (svalue::walk_for_canonicalization): Delete.
1986 (svalue::get_child_sid): Delete.
1987 (svalue::maybe_get_constant): Delete.
1988 (region_svalue::compare_fields): Delete.
1989 (region_svalue::add_to_hash): Delete.
1990 (region_svalue::print_details): Delete.
1991 (region_svalue::dump_dot_to_pp): Delete.
1992 (region_svalue::remap_region_ids): Delete.
1993 (region_svalue::merge_values): Delete.
1994 (region_svalue::walk_for_canonicalization): Delete.
1995 (region_svalue::eval_condition): Delete.
1996 (constant_svalue::compare_fields): Delete.
1997 (constant_svalue::add_to_hash): Delete.
1998 (constant_svalue::merge_values): Delete.
1999 (constant_svalue::eval_condition): Move to svalue.cc.
2000 (constant_svalue::print_details): Delete.
2001 (constant_svalue::get_child_sid): Delete.
2002 (unknown_svalue::compare_fields): Delete.
2003 (unknown_svalue::add_to_hash): Delete.
2004 (unknown_svalue::print_details): Delete.
2005 (poison_kind_to_str): Move to svalue.cc.
2006 (poisoned_svalue::compare_fields): Delete.
2007 (poisoned_svalue::add_to_hash): Delete.
2008 (poisoned_svalue::print_details): Delete.
2009 (region_kind_to_str): Move to region.cc and reimplement.
2010 (region::operator==): Delete.
2011 (region::get_parent_region): Delete.
2012 (region::set_value): Delete.
2013 (region::become_active_view): Delete.
2014 (region::deactivate_any_active_view): Delete.
2015 (region::deactivate_view): Delete.
2016 (region::get_value): Delete.
2017 (region::get_inherited_child_sid): Delete.
2018 (region_model::copy_region): Delete.
2019 (region_model::copy_struct_region): Delete.
2020 (region_model::copy_union_region): Delete.
2021 (region_model::copy_array_region): Delete.
2022 (region::hash): Delete.
2023 (region::print): Delete.
2024 (region::dump_dot_to_pp): Delete.
2025 (region::dump_to_pp): Delete.
2026 (region::dump_child_label): Delete.
2027 (region::validate): Delete.
2028 (region::remap_svalue_ids): Delete.
2029 (region::remap_region_ids): Delete.
2030 (region::add_view): Delete.
2031 (region::get_view): Delete.
2032 (region::region): Move to region.cc.
2033 (region::add_to_hash): Delete.
2034 (region::print_fields): Delete.
2035 (region::non_null_p): Delete.
2036 (primitive_region::clone): Delete.
2037 (primitive_region::walk_for_canonicalization): Delete.
2038 (map_region::map_region): Delete.
2039 (map_region::compare_fields): Delete.
2040 (map_region::print_fields): Delete.
2041 (map_region::validate): Delete.
2042 (map_region::dump_dot_to_pp): Delete.
2043 (map_region::dump_child_label): Delete.
2044 (map_region::get_or_create): Delete.
2045 (map_region::get): Delete.
2046 (map_region::add_to_hash): Delete.
2047 (map_region::remap_region_ids): Delete.
2048 (map_region::unbind): Delete.
2049 (map_region::get_tree_for_child_region): Delete.
2050 (map_region::get_tree_for_child_region): Delete.
2051 (tree_cmp): Move to region.cc.
2052 (map_region::can_merge_p): Delete.
2053 (map_region::walk_for_canonicalization): Delete.
2054 (map_region::get_value_by_name): Delete.
2055 (struct_or_union_region::valid_key_p): Delete.
2056 (struct_or_union_region::compare_fields): Delete.
2057 (struct_region::clone): Delete.
2058 (struct_region::compare_fields): Delete.
2059 (union_region::clone): Delete.
2060 (union_region::compare_fields): Delete.
2061 (frame_region::compare_fields): Delete.
2062 (frame_region::clone): Delete.
2063 (frame_region::valid_key_p): Delete.
2064 (frame_region::print_fields): Delete.
2065 (frame_region::add_to_hash): Delete.
2066 (globals_region::compare_fields): Delete.
2067 (globals_region::clone): Delete.
2068 (globals_region::valid_key_p): Delete.
2069 (code_region::compare_fields): Delete.
2070 (code_region::clone): Delete.
2071 (code_region::valid_key_p): Delete.
2072 (array_region::array_region): Delete.
2073 (array_region::get_element): Delete.
2074 (array_region::clone): Delete.
2075 (array_region::compare_fields): Delete.
2076 (array_region::print_fields): Delete.
2077 (array_region::validate): Delete.
2078 (array_region::dump_dot_to_pp): Delete.
2079 (array_region::dump_child_label): Delete.
2080 (array_region::get_or_create): Delete.
2081 (array_region::get): Delete.
2082 (array_region::add_to_hash): Delete.
2083 (array_region::remap_region_ids): Delete.
2084 (array_region::get_key_for_child_region): Delete.
2085 (array_region::key_cmp): Delete.
2086 (array_region::walk_for_canonicalization): Delete.
2087 (array_region::key_from_constant): Delete.
2088 (array_region::constant_from_key): Delete.
2089 (function_region::compare_fields): Delete.
2090 (function_region::clone): Delete.
2091 (function_region::valid_key_p): Delete.
2092 (stack_region::stack_region): Delete.
2093 (stack_region::compare_fields): Delete.
2094 (stack_region::clone): Delete.
2095 (stack_region::print_fields): Delete.
2096 (stack_region::dump_child_label): Delete.
2097 (stack_region::validate): Delete.
2098 (stack_region::push_frame): Delete.
2099 (stack_region::get_current_frame_id): Delete.
2100 (stack_region::pop_frame): Delete.
2101 (stack_region::add_to_hash): Delete.
2102 (stack_region::remap_region_ids): Delete.
2103 (stack_region::can_merge_p): Delete.
2104 (stack_region::walk_for_canonicalization): Delete.
2105 (stack_region::get_value_by_name): Delete.
2106 (heap_region::heap_region): Delete.
2107 (heap_region::compare_fields): Delete.
2108 (heap_region::clone): Delete.
2109 (heap_region::walk_for_canonicalization): Delete.
2110 (root_region::root_region): Delete.
2111 (root_region::compare_fields): Delete.
2112 (root_region::clone): Delete.
2113 (root_region::print_fields): Delete.
2114 (root_region::validate): Delete.
2115 (root_region::dump_child_label): Delete.
2116 (root_region::push_frame): Delete.
2117 (root_region::get_current_frame_id): Delete.
2118 (root_region::pop_frame): Delete.
2119 (root_region::ensure_stack_region): Delete.
2120 (root_region::get_stack_region): Delete.
2121 (root_region::ensure_globals_region): Delete.
2122 (root_region::get_code_region): Delete.
2123 (root_region::ensure_code_region): Delete.
2124 (root_region::get_globals_region): Delete.
2125 (root_region::ensure_heap_region): Delete.
2126 (root_region::get_heap_region): Delete.
2127 (root_region::remap_region_ids): Delete.
2128 (root_region::can_merge_p): Delete.
2129 (root_region::add_to_hash): Delete.
2130 (root_region::walk_for_canonicalization): Delete.
2131 (root_region::get_value_by_name): Delete.
2132 (symbolic_region::symbolic_region): Delete.
2133 (symbolic_region::compare_fields): Delete.
2134 (symbolic_region::clone): Delete.
2135 (symbolic_region::walk_for_canonicalization): Delete.
2136 (symbolic_region::print_fields): Delete.
2137 (region_model::region_model): Add region_model_manager * param.
2138 Reimplement in terms of store, dropping impl_constraint_manager
2140 (region_model::operator=): Reimplement in terms of store
2141 (region_model::operator==): Likewise.
2142 (region_model::hash): Likewise.
2143 (region_model::print): Delete.
2144 (region_model::print_svalue): Delete.
2145 (region_model::dump_dot_to_pp): Delete.
2146 (region_model::dump_dot_to_file): Delete.
2147 (region_model::dump_dot): Delete.
2148 (region_model::dump_to_pp): Replace "summarize" param with
2149 "simple" and "multiline". Port to store-based implementation.
2150 (region_model::dump): Replace "summarize" param with "simple" and
2152 (dump_vec_of_tree): Delete.
2153 (region_model::dump_summary_of_rep_path_vars): Delete.
2154 (region_model::validate): Delete.
2155 (svalue_id_cmp_by_constant_svalue_model): Delete.
2156 (svalue_id_cmp_by_constant_svalue): Delete.
2157 (region_model::canonicalize): Drop "ctxt" param. Reimplement in
2158 terms of store and constraints.
2159 (region_model::canonicalized_p): Remove NULL arg to canonicalize.
2160 (region_model::loop_replay_fixup): New.
2161 (poisoned_value_diagnostic::emit): Tweak wording of warnings.
2162 (region_model::check_for_poison): Delete.
2163 (region_model::get_gassign_result): New.
2164 (region_model::on_assignment): Port to store-based implementation.
2165 (region_model::on_call_pre): Delete calls to check_for_poison.
2166 Move implementations to region-model-impl-calls.c and port to
2167 store-based implementation.
2168 (region_model::on_call_post): Likewise.
2169 (class reachable_regions): Move to region-model-reachability.h/cc
2170 and port to store-based implementation.
2171 (region_model::handle_unrecognized_call): Port to store-based
2173 (region_model::get_reachable_svalues): New.
2174 (region_model::on_setjmp): Port to store-based implementation.
2175 (region_model::on_longjmp): Likewise.
2176 (region_model::handle_phi): Drop is_back_edge param and the logic
2178 (region_model::get_lvalue_1): Port from region_id to const region *.
2179 (region_model::make_region_for_unexpected_tree_code): Delete.
2180 (assert_compat_types): If the check fails, use internal_error to
2182 (region_model::get_lvalue): Port from region_id to const region *.
2183 (region_model::get_rvalue_1): Port from svalue_id to const svalue *.
2184 (region_model::get_rvalue): Likewise.
2185 (region_model::get_or_create_ptr_svalue): Delete.
2186 (region_model::get_or_create_constant_svalue): Delete.
2187 (region_model::get_svalue_for_fndecl): Delete.
2188 (region_model::get_region_for_fndecl): Delete.
2189 (region_model::get_svalue_for_label): Delete.
2190 (region_model::get_region_for_label): Delete.
2191 (build_cast): Delete.
2192 (region_model::maybe_cast_1): Delete.
2193 (region_model::maybe_cast): Delete.
2194 (region_model::get_field_region): Delete.
2195 (region_model::get_store_value): New.
2196 (region_model::region_exists_p): New.
2197 (region_model::deref_rvalue): Port from svalue_id to const svalue *.
2198 (region_model::set_value): Likewise.
2199 (region_model::clobber_region): New.
2200 (region_model::purge_region): New.
2201 (region_model::zero_fill_region): New.
2202 (region_model::mark_region_as_unknown): New.
2203 (region_model::eval_condition): Port from svalue_id to
2205 (region_model::eval_condition_without_cm): Likewise.
2206 (region_model::compare_initial_and_pointer): New.
2207 (region_model::add_constraint): Port from svalue_id to
2209 (region_model::maybe_get_constant): Delete.
2210 (region_model::get_representative_path_var): New.
2211 (region_model::add_new_malloc_region): Delete.
2212 (region_model::get_representative_tree): Port to const svalue *.
2213 (region_model::get_representative_path_var): Port to
2215 (region_model::get_path_vars_for_svalue): Delete.
2216 (region_model::set_to_new_unknown_value): Delete.
2217 (region_model::update_for_phis): Don't pass is_back_edge to handle_phi.
2218 (region_model::update_for_call_superedge): Port from svalue_id to
2220 (region_model::update_for_return_superedge): Port to store-based
2222 (region_model::update_for_call_summary): Replace
2223 set_to_new_unknown_value with mark_region_as_unknown.
2224 (region_model::get_root_region): Delete.
2225 (region_model::get_stack_region_id): Delete.
2226 (region_model::push_frame): Delete.
2227 (region_model::get_current_frame_id): Delete.
2228 (region_model::get_current_function): Delete.
2229 (region_model::pop_frame): Delete.
2230 (region_model::on_top_level_param): New.
2231 (region_model::get_stack_depth): Delete.
2232 (region_model::get_function_at_depth): Delete.
2233 (region_model::get_globals_region_id): Delete.
2234 (region_model::add_svalue): Delete.
2235 (region_model::replace_svalue): Delete.
2236 (region_model::add_region): Delete.
2237 (region_model::get_svalue): Delete.
2238 (region_model::get_region): Delete.
2239 (make_region_for_type): Delete.
2240 (region_model::add_region_for_type): Delete.
2241 (region_model::on_top_level_param): New.
2242 (class restrict_to_used_svalues): Delete.
2243 (region_model::purge_unused_svalues): Delete.
2244 (region_model::push_frame): New.
2245 (region_model::remap_svalue_ids): Delete.
2246 (region_model::remap_region_ids): Delete.
2247 (region_model::purge_regions): Delete.
2248 (region_model::get_descendents): Delete.
2249 (region_model::delete_region_and_descendents): Delete.
2250 (region_model::poison_any_pointers_to_bad_regions): Delete.
2251 (region_model::can_merge_with_p): Delete.
2252 (region_model::get_current_function): New.
2253 (region_model::get_value_by_name): Delete.
2254 (region_model::convert_byte_offset_to_array_index): Delete.
2255 (region_model::pop_frame): New.
2256 (region_model::get_or_create_mem_ref): Delete.
2257 (region_model::get_stack_depth): New.
2258 (region_model::get_frame_at_index): New.
2259 (region_model::unbind_region_and_descendents): New.
2260 (struct bad_pointer_finder): New.
2261 (region_model::get_or_create_pointer_plus_expr): Delete.
2262 (region_model::poison_any_pointers_to_descendents): New.
2263 (region_model::get_or_create_view): Delete.
2264 (region_model::can_merge_with_p): New.
2265 (region_model::get_fndecl_for_call): Port from svalue_id to
2267 (struct append_ssa_names_cb_data): New.
2268 (get_ssa_name_regions_for_current_frame): New.
2269 (region_model::append_ssa_names_cb): New.
2270 (model_merger::dump_to_pp): Add "simple" param. Drop dumping of
2272 (model_merger::dump): Add "simple" param to both overloads.
2273 (model_merger::can_merge_values_p): Delete.
2274 (model_merger::record_regions): Delete.
2275 (model_merger::record_svalues): Delete.
2276 (svalue_id_merger_mapping::svalue_id_merger_mapping): Delete.
2277 (svalue_id_merger_mapping::dump_to_pp): Delete.
2278 (svalue_id_merger_mapping::dump): Delete.
2279 (region_model::create_region_for_heap_alloc): New.
2280 (region_model::create_region_for_alloca): New.
2281 (region_model::record_dynamic_extents): New.
2282 (canonicalization::canonicalization): Delete.
2283 (canonicalization::walk_rid): Delete.
2284 (canonicalization::walk_sid): Delete.
2285 (canonicalization::dump_to_pp): Delete.
2286 (canonicalization::dump): Delete.
2287 (inchash::add): Delete overloads for svalue_id and region_id.
2288 (engine::log_stats): New.
2289 (assert_condition): Add overload comparing svalues.
2290 (assert_dump_eq): Pass "true" for multiline.
2291 (selftest::test_dump): Update for rewrite of region_model.
2292 (selftest::test_dump_2): Rename to...
2293 (selftest::test_struct): ...this. Provide a region_model_manager
2294 when creating region_model instance. Remove dump test. Add
2295 checks for get_offset.
2296 (selftest::test_dump_3): Rename to...
2297 (selftest::test_array_1): ...this. Provide a region_model_manager
2298 when creating region_model instance. Remove dump test.
2299 (selftest::test_get_representative_tree): Port from svalue_id to
2300 new API. Add test coverage for various expressions.
2301 (selftest::test_unique_constants): Provide a region_model_manager
2302 for the region_model. Add test coverage for comparing const vs
2304 (selftest::test_svalue_equality): Delete.
2305 (selftest::test_region_equality): Delete.
2306 (selftest::test_unique_unknowns): New.
2307 (class purge_all_svalue_ids): Delete.
2308 (class purge_one_svalue_id): Delete.
2309 (selftest::test_purging_by_criteria): Delete.
2310 (selftest::test_initial_svalue_folding): New.
2311 (selftest::test_unaryop_svalue_folding): New.
2312 (selftest::test_binop_svalue_folding): New.
2313 (selftest::test_sub_svalue_folding): New.
2314 (selftest::test_purge_unused_svalues): Delete.
2315 (selftest::test_descendent_of_p): New.
2316 (selftest::test_assignment): Provide a region_model_manager for
2317 the region_model. Drop the dump test.
2318 (selftest::test_compound_assignment): Likewise.
2319 (selftest::test_stack_frames): Port to new implementation.
2320 (selftest::test_get_representative_path_var): Likewise.
2321 (selftest::test_canonicalization_1): Rename to...
2322 (selftest::test_equality_1): ...this. Port to new API, and add
2323 (selftest::test_canonicalization_2): Provide a
2324 region_model_manager when creating region_model instances.
2325 Remove redundant canicalization.
2326 (selftest::test_canonicalization_3): Provide a
2327 region_model_manager when creating region_model instances.
2328 Remove param from calls to region_model::canonicalize.
2329 (selftest::test_canonicalization_4): Likewise.
2330 (selftest::assert_region_models_merge): Constify
2331 out_merged_svalue. Port to new API.
2332 (selftest::test_state_merging): Provide a
2333 region_model_manager when creating region_model instances.
2334 Provide a program_point point when merging them. Replace
2335 set_to_new_unknown_value with usage of placeholder_svalues.
2336 Drop get_value_by_name. Port from svalue_id to const svalue *.
2337 Add test of heap allocation.
2338 (selftest::test_constraint_merging): Provide a
2339 region_model_manager when creating region_model instances.
2340 Provide a program_point point when merging them. Eliminate use
2341 of set_to_new_unknown_value.
2342 (selftest::test_widening_constraints): New.
2343 (selftest::test_iteration_1): New.
2344 (selftest::test_malloc_constraints): Port to store-based
2346 (selftest::test_var): New test.
2347 (selftest::test_array_2): New test.
2348 (selftest::test_mem_ref): New test.
2349 (selftest::test_POINTER_PLUS_EXPR_then_MEM_REF): New.
2350 (selftest::test_malloc): New.
2351 (selftest::test_alloca): New.
2352 (selftest::analyzer_region_model_cc_tests): Update for renamings.
2354 * region-model.h (class path_var): Move to analyzer.h.
2355 (class svalue_id): Delete.
2356 (class region_id): Delete.
2357 (class id_map): Delete.
2358 (svalue_id_map): Delete.
2359 (region_id_map): Delete.
2360 (id_map<T>::id_map): Delete.
2361 (id_map<T>::put): Delete.
2362 (id_map<T>::get_dst_for_src): Delete.
2363 (id_map<T>::get_src_for_dst): Delete.
2364 (id_map<T>::dump_to_pp): Delete.
2365 (id_map<T>::dump): Delete.
2366 (id_map<T>::update): Delete.
2367 (one_way_svalue_id_map): Delete.
2368 (one_way_region_id_map): Delete.
2369 (class region_id_set): Delete.
2370 (class svalue_id_set): Delete.
2371 (struct complexity): New.
2372 (class visitor): New.
2373 (enum svalue_kind): Add SK_SETJMP, SK_INITIAL, SK_UNARYOP,
2374 SK_BINOP, SK_SUB,SK_UNMERGEABLE, SK_PLACEHOLDER, SK_WIDENING,
2375 SK_COMPOUND, and SK_CONJURED.
2376 (svalue::operator==): Delete.
2377 (svalue::operator!=): Delete.
2378 (svalue::clone): Delete.
2379 (svalue::hash): Delete.
2380 (svalue::dump_dot_to_pp): Delete.
2381 (svalue::dump_to_pp): New.
2382 (svalue::dump): New.
2383 (svalue::get_desc): New.
2384 (svalue::dyn_cast_initial_svalue): New.
2385 (svalue::dyn_cast_unaryop_svalue): New.
2386 (svalue::dyn_cast_binop_svalue): New.
2387 (svalue::dyn_cast_sub_svalue): New.
2388 (svalue::dyn_cast_unmergeable_svalue): New.
2389 (svalue::dyn_cast_widening_svalue): New.
2390 (svalue::dyn_cast_compound_svalue): New.
2391 (svalue::dyn_cast_conjured_svalue): New.
2392 (svalue::maybe_undo_cast): New.
2393 (svalue::unwrap_any_unmergeable): New.
2394 (svalue::remap_region_ids): Delete
2395 (svalue::can_merge_p): New.
2396 (svalue::walk_for_canonicalization): Delete
2397 (svalue::get_complexity): New.
2398 (svalue::get_child_sid): Delete
2399 (svalue::accept): New.
2400 (svalue::live_p): New.
2401 (svalue::implicitly_live_p): New.
2402 (svalue::svalue): Add complexity param.
2403 (svalue::add_to_hash): Delete
2404 (svalue::print_details): Delete
2405 (svalue::m_complexity): New field.
2406 (region_svalue::key_t): New struct.
2407 (region_svalue::region_svalue): Port from region_id to
2408 const region_id *. Add complexity.
2409 (region_svalue::compare_fields): Delete.
2410 (region_svalue::clone): Delete.
2411 (region_svalue::dump_dot_to_pp): Delete.
2412 (region_svalue::get_pointee): Port from region_id to
2414 (region_svalue::remap_region_ids): Delete.
2415 (region_svalue::merge_values): Delete.
2416 (region_svalue::dump_to_pp): New.
2417 (region_svalue::accept): New.
2418 (region_svalue::walk_for_canonicalization): Delete.
2419 (region_svalue::eval_condition): Make params const.
2420 (region_svalue::add_to_hash): Delete.
2421 (region_svalue::print_details): Delete.
2422 (region_svalue::m_rid): Replace with...
2423 (region_svalue::m_reg): ...this.
2424 (is_a_helper <region_svalue *>::test): Convert to...
2425 (is_a_helper <const region_svalue *>::test): ...this.
2426 (template <> struct default_hash_traits<region_svalue::key_t>):
2428 (constant_svalue::constant_svalue): Add complexity.
2429 (constant_svalue::compare_fields): Delete.
2430 (constant_svalue::clone): Delete.
2431 (constant_svalue::add_to_hash): Delete.
2432 (constant_svalue::dump_to_pp): New.
2433 (constant_svalue::accept): New.
2434 (constant_svalue::implicitly_live_p): New.
2435 (constant_svalue::merge_values): Delete.
2436 (constant_svalue::eval_condition): Make params const.
2437 (constant_svalue::get_child_sid): Delete.
2438 (constant_svalue::print_details): Delete.
2439 (is_a_helper <constant_svalue *>::test): Convert to...
2440 (is_a_helper <const constant_svalue *>::test): ...this.
2441 (class unknown_svalue): Update leading comment.
2442 (unknown_svalue::unknown_svalue): Add complexity.
2443 (unknown_svalue::compare_fields): Delete.
2444 (unknown_svalue::add_to_hash): Delete.
2445 (unknown_svalue::dyn_cast_unknown_svalue): Delete.
2446 (unknown_svalue::print_details): Delete.
2447 (unknown_svalue::dump_to_pp): New.
2448 (unknown_svalue::accept): New.
2449 (poisoned_svalue::key_t): New struct.
2450 (poisoned_svalue::poisoned_svalue): Add complexity.
2451 (poisoned_svalue::compare_fields): Delete.
2452 (poisoned_svalue::clone): Delete.
2453 (poisoned_svalue::add_to_hash): Delete.
2454 (poisoned_svalue::dump_to_pp): New.
2455 (poisoned_svalue::accept): New.
2456 (poisoned_svalue::print_details): Delete.
2457 (is_a_helper <poisoned_svalue *>::test): Convert to...
2458 (is_a_helper <const poisoned_svalue *>::test): ...this.
2459 (template <> struct default_hash_traits<poisoned_svalue::key_t>):
2461 (setjmp_record::add_to_hash): New.
2462 (setjmp_svalue::key_t): New struct.
2463 (setjmp_svalue::compare_fields): Delete.
2464 (setjmp_svalue::clone): Delete.
2465 (setjmp_svalue::add_to_hash): Delete.
2466 (setjmp_svalue::setjmp_svalue): Add complexity.
2467 (setjmp_svalue::dump_to_pp): New.
2468 (setjmp_svalue::accept): New.
2469 (setjmp_svalue::void print_details): Delete.
2470 (is_a_helper <const setjmp_svalue *>::test): New.
2471 (template <> struct default_hash_traits<setjmp_svalue::key_t>): New.
2472 (class initial_svalue : public svalue): New.
2473 (is_a_helper <const initial_svalue *>::test): New.
2474 (class unaryop_svalue): New.
2475 (is_a_helper <const unaryop_svalue *>::test): New.
2476 (template <> struct default_hash_traits<unaryop_svalue::key_t>): New.
2477 (class binop_svalue): New.
2478 (is_a_helper <const binop_svalue *>::test): New.
2479 (template <> struct default_hash_traits<binop_svalue::key_t>): New.
2480 (class sub_svalue): New.
2481 (is_a_helper <const sub_svalue *>::test): New.
2482 (template <> struct default_hash_traits<sub_svalue::key_t>): New.
2483 (class unmergeable_svalue): New.
2484 (is_a_helper <const unmergeable_svalue *>::test): New.
2485 (class placeholder_svalue): New.
2486 (is_a_helper <placeholder_svalue *>::test): New.
2487 (class widening_svalue): New.
2488 (is_a_helper <widening_svalue *>::test): New.
2489 (template <> struct default_hash_traits<widening_svalue::key_t>): New.
2490 (class compound_svalue): New.
2491 (is_a_helper <compound_svalue *>::test): New.
2492 (template <> struct default_hash_traits<compound_svalue::key_t>): New.
2493 (class conjured_svalue): New.
2494 (is_a_helper <conjured_svalue *>::test): New.
2495 (template <> struct default_hash_traits<conjured_svalue::key_t>): New.
2496 (enum region_kind): Delete RK_PRIMITIVE, RK_STRUCT, RK_UNION, and
2497 RK_ARRAY. Add RK_LABEL, RK_DECL, RK_FIELD, RK_ELEMENT, RK_OFFSET,
2498 RK_CAST, RK_HEAP_ALLOCATED, RK_ALLOCA, RK_STRING, and RK_UNKNOWN.
2499 (region_kind_to_str): Delete.
2500 (region::~region): Move implementation to region.cc.
2501 (region::operator==): Delete.
2502 (region::operator!=): Delete.
2503 (region::clone): Delete.
2504 (region::get_id): New.
2505 (region::cmp_ids): New.
2506 (region::dyn_cast_map_region): Delete.
2507 (region::dyn_cast_array_region): Delete.
2508 (region::region_id get_parent): Delete.
2509 (region::get_parent_region): Convert to a simple accessor.
2510 (region::void set_value): Delete.
2511 (region::svalue_id get_value): Delete.
2512 (region::svalue_id get_value_direct): Delete.
2513 (region::svalue_id get_inherited_child_sid): Delete.
2514 (region::dyn_cast_frame_region): New.
2515 (region::dyn_cast_function_region): New.
2516 (region::dyn_cast_decl_region): New.
2517 (region::dyn_cast_field_region): New.
2518 (region::dyn_cast_element_region): New.
2519 (region::dyn_cast_offset_region): New.
2520 (region::dyn_cast_cast_region): New.
2521 (region::dyn_cast_string_region): New.
2522 (region::accept): New.
2523 (region::get_base_region): New.
2524 (region::base_region_p): New.
2525 (region::descendent_of_p): New.
2526 (region::maybe_get_frame_region): New.
2527 (region::maybe_get_decl): New.
2528 (region::hash): Delete.
2529 (region::rint): Delete.
2530 (region::dump_dot_to_pp): Delete.
2531 (region::get_desc): New.
2532 (region::dump_to_pp): Convert to vfunc, changing signature.
2533 (region::dump_child_label): Delete.
2534 (region::remap_svalue_ids): Delete.
2535 (region::remap_region_ids): Delete.
2536 (region::dump): New.
2537 (region::walk_for_canonicalization): Delete.
2538 (region::non_null_p): Drop region_model param.
2539 (region::add_view): Delete.
2540 (region::get_view): Delete.
2541 (region::get_active_view): Delete.
2542 (region::is_view_p): Delete.
2543 (region::cmp_ptrs): New.
2544 (region::validate): Delete.
2545 (region::get_offset): New.
2546 (region::get_byte_size): New.
2547 (region::get_bit_size): New.
2548 (region::get_subregions_for_binding): New.
2549 (region::region): Add complexity param. Convert parent from
2550 region_id to const region *. Drop svalue_id. Drop copy ctor.
2551 (region::symbolic_for_unknown_ptr_p): New.
2552 (region::add_to_hash): Delete.
2553 (region::print_fields): Delete.
2554 (region::get_complexity): New accessor.
2555 (region::become_active_view): Delete.
2556 (region::deactivate_any_active_view): Delete.
2557 (region::deactivate_view): Delete.
2558 (region::calc_offset): New.
2559 (region::m_parent_rid): Delete.
2560 (region::m_sval_id): Delete.
2561 (region::m_complexity): New.
2562 (region::m_id): New.
2563 (region::m_parent): New.
2564 (region::m_view_rids): Delete.
2565 (region::m_is_view): Delete.
2566 (region::m_active_view_rid): Delete.
2567 (region::m_cached_offset): New.
2568 (is_a_helper <region *>::test): Convert to...
2569 (is_a_helper <const region *>::test): ... this.
2570 (class primitive_region): Delete.
2571 (class space_region): New.
2572 (class map_region): Delete.
2573 (is_a_helper <map_region *>::test): Delete.
2574 (class frame_region): Reimplement.
2575 (template <> struct default_hash_traits<frame_region::key_t>):
2577 (class globals_region): Reimplement.
2578 (is_a_helper <globals_region *>::test): Convert to...
2579 (is_a_helper <const globals_region *>::test): ...this.
2580 (class struct_or_union_region): Delete.
2581 (is_a_helper <struct_or_union_region *>::test): Delete.
2582 (class code_region): Reimplement.
2583 (is_a_helper <const code_region *>::test): New.
2584 (class struct_region): Delete.
2585 (is_a_helper <struct_region *>::test): Delete.
2586 (class function_region): Reimplement.
2587 (is_a_helper <function_region *>::test): Convert to...
2588 (is_a_helper <const function_region *>::test): ...this.
2589 (class union_region): Delete.
2590 (is_a_helper <union_region *>::test): Delete.
2591 (class label_region): New.
2592 (is_a_helper <const label_region *>::test): New.
2593 (class scope_region): Delete.
2594 (class stack_region): Reimplement.
2595 (is_a_helper <stack_region *>::test): Convert to...
2596 (is_a_helper <const stack_region *>::test): ...this.
2597 (class heap_region): Reimplement.
2598 (is_a_helper <heap_region *>::test): Convert to...
2599 (is_a_helper <const heap_region *>::test): ...this.
2600 (class root_region): Reimplement.
2601 (is_a_helper <root_region *>::test): Convert to...
2602 (is_a_helper <const root_region *>::test): ...this.
2603 (class symbolic_region): Reimplement.
2604 (is_a_helper <const symbolic_region *>::test): New.
2605 (template <> struct default_hash_traits<symbolic_region::key_t>):
2607 (class decl_region): New.
2608 (is_a_helper <const decl_region *>::test): New.
2609 (class field_region): New.
2610 (template <> struct default_hash_traits<field_region::key_t>): New.
2611 (class array_region): Delete.
2612 (class element_region): New.
2613 (is_a_helper <array_region *>::test): Delete.
2614 (is_a_helper <const element_region *>::test): New.
2615 (template <> struct default_hash_traits<element_region::key_t>):
2617 (class offset_region): New.
2618 (is_a_helper <const offset_region *>::test): New.
2619 (template <> struct default_hash_traits<offset_region::key_t>):
2621 (class cast_region): New.
2622 (is_a_helper <const cast_region *>::test): New.
2623 (template <> struct default_hash_traits<cast_region::key_t>): New.
2624 (class heap_allocated_region): New.
2625 (class alloca_region): New.
2626 (class string_region): New.
2627 (is_a_helper <const string_region *>::test): New.
2628 (class unknown_region): New.
2629 (class region_model_manager): New.
2630 (struct append_ssa_names_cb_data): New.
2631 (class call_details): New.
2632 (region_model::region_model): Add region_model_manager param.
2633 (region_model::print_svalue): Delete.
2634 (region_model::dump_dot_to_pp): Delete.
2635 (region_model::dump_dot_to_file): Delete.
2636 (region_model::dump_dot): Delete.
2637 (region_model::dump_to_pp): Drop summarize param in favor of
2638 simple and multiline.
2639 (region_model::dump): Likewise.
2640 (region_model::summarize_to_pp): Delete.
2641 (region_model::summarize): Delete.
2642 (region_model::void canonicalize): Drop ctxt param.
2643 (region_model::void check_for_poison): Delete.
2644 (region_model::get_gassign_result): New.
2645 (region_model::impl_call_alloca): New.
2646 (region_model::impl_call_analyzer_describe): New.
2647 (region_model::impl_call_analyzer_eval): New.
2648 (region_model::impl_call_builtin_expect): New.
2649 (region_model::impl_call_calloc): New.
2650 (region_model::impl_call_free): New.
2651 (region_model::impl_call_malloc): New.
2652 (region_model::impl_call_memset): New.
2653 (region_model::impl_call_strlen): New.
2654 (region_model::get_reachable_svalues): New.
2655 (region_model::handle_phi): Drop is_back_edge param.
2656 (region_model::region_id get_root_rid): Delete.
2657 (region_model::root_region *get_root_region): Delete.
2658 (region_model::region_id get_stack_region_id): Delete.
2659 (region_model::push_frame): Convert from region_id and svalue_id
2660 to const region * and const svalue *.
2661 (region_model::get_current_frame_id): Replace with...
2662 (region_model::get_current_frame): ...this.
2663 (region_model::pop_frame): Convert from region_id to
2664 const region *. Drop purge and stats param. Add out_result.
2665 (region_model::function *get_function_at_depth): Delete.
2666 (region_model::get_globals_region_id): Delete.
2667 (region_model::add_svalue): Delete.
2668 (region_model::replace_svalue): Delete.
2669 (region_model::add_region): Delete.
2670 (region_model::add_region_for_type): Delete.
2671 (region_model::get_svalue): Delete.
2672 (region_model::get_region): Delete.
2673 (region_model::get_lvalue): Convert from region_id to
2675 (region_model::get_rvalue): Convert from svalue_id to
2677 (region_model::get_or_create_ptr_svalue): Delete.
2678 (region_model::get_or_create_constant_svalue): Delete.
2679 (region_model::get_svalue_for_fndecl): Delete.
2680 (region_model::get_svalue_for_label): Delete.
2681 (region_model::get_region_for_fndecl): Delete.
2682 (region_model::get_region_for_label): Delete.
2683 (region_model::get_frame_at_index (int index) const;): New.
2684 (region_model::maybe_cast): Delete.
2685 (region_model::maybe_cast_1): Delete.
2686 (region_model::get_field_region): Delete.
2687 (region_model::id deref_rvalue): Convert from region_id and
2688 svalue_id to const region * and const svalue *. Drop overload,
2689 passing in both a tree and an svalue.
2690 (region_model::set_value): Convert from region_id and svalue_id to
2691 const region * and const svalue *.
2692 (region_model::set_to_new_unknown_value): Delete.
2693 (region_model::clobber_region (const region *reg);): New.
2694 (region_model::purge_region (const region *reg);): New.
2695 (region_model::zero_fill_region (const region *reg);): New.
2696 (region_model::mark_region_as_unknown (const region *reg);): New.
2697 (region_model::copy_region): Convert from region_id to
2699 (region_model::eval_condition): Convert from svalue_id to
2701 (region_model::eval_condition_without_cm): Likewise.
2702 (region_model::compare_initial_and_pointer): New.
2703 (region_model:maybe_get_constant): Delete.
2704 (region_model::add_new_malloc_region): Delete.
2705 (region_model::get_representative_tree): Convert from svalue_id to
2707 (region_model::get_representative_path_var): Delete decl taking a
2708 region_id in favor of two decls, for svalue vs region, with an
2709 svalue_set to ensure termination.
2710 (region_model::get_path_vars_for_svalue): Delete.
2711 (region_model::create_region_for_heap_alloc): New.
2712 (region_model::create_region_for_alloca): New.
2713 (region_model::purge_unused_svalues): Delete.
2714 (region_model::remap_svalue_ids): Delete.
2715 (region_model::remap_region_ids): Delete.
2716 (region_model::purge_regions): Delete.
2717 (region_model::get_num_svalues): Delete.
2718 (region_model::get_num_regions): Delete.
2719 (region_model::get_descendents): Delete.
2720 (region_model::get_store): New.
2721 (region_model::delete_region_and_descendents): Delete.
2722 (region_model::get_manager): New.
2723 (region_model::unbind_region_and_descendents): New.
2724 (region_model::can_merge_with_p): Add point param. Drop
2725 svalue_id_merger_mapping.
2726 (region_model::get_value_by_name): Delete.
2727 (region_model::convert_byte_offset_to_array_index): Delete.
2728 (region_model::get_or_create_mem_ref): Delete.
2729 (region_model::get_or_create_pointer_plus_expr): Delete.
2730 (region_model::get_or_create_view): Delete.
2731 (region_model::get_lvalue_1): Convert from region_id to
2733 (region_model::get_rvalue_1): Convert from svalue_id to
2735 (region_model::get_ssa_name_regions_for_current_frame): New.
2736 (region_model::append_ssa_names_cb): New.
2737 (region_model::get_store_value): New.
2738 (region_model::copy_struct_region): Delete.
2739 (region_model::copy_union_region): Delete.
2740 (region_model::copy_array_region): Delete.
2741 (region_model::region_exists_p): New.
2742 (region_model::make_region_for_unexpected_tree_code): Delete.
2743 (region_model::loop_replay_fixup): New.
2744 (region_model::poison_any_pointers_to_bad_regions): Delete.
2745 (region_model::poison_any_pointers_to_descendents): New.
2746 (region_model::dump_summary_of_rep_path_vars): Delete.
2747 (region_model::on_top_level_param): New.
2748 (region_model::record_dynamic_extents): New.
2749 (region_model::m_mgr;): New.
2750 (region_model::m_store;): New.
2751 (region_model::m_svalues;): Delete.
2752 (region_model::m_regions;): Delete.
2753 (region_model::m_root_rid;): Delete.
2754 (region_model::m_current_frame;): New.
2755 (region_model_context::remap_svalue_ids): Delete.
2756 (region_model_context::can_purge_p): Delete.
2757 (region_model_context::on_svalue_leak): New.
2758 (region_model_context::on_svalue_purge): Delete.
2759 (region_model_context::on_liveness_change): New.
2760 (region_model_context::on_inherited_svalue): Delete.
2761 (region_model_context::on_cast): Delete.
2762 (region_model_context::on_unknown_change): Convert from svalue_id to
2763 const svalue * and add is_mutable.
2764 (class noop_region_model_context): Update for region_model_context
2766 (model_merger::model_merger): Add program_point. Drop
2767 svalue_id_merger_mapping.
2768 (model_merger::dump_to_pp): Add "simple" param.
2769 (model_merger::dump): Likewise.
2770 (model_merger::get_region_a): Delete.
2771 (model_merger::get_region_b): Delete.
2772 (model_merger::can_merge_values_p): Delete.
2773 (model_merger::record_regions): Delete.
2774 (model_merger::record_svalues): Delete.
2775 (model_merger::m_point): New field.
2776 (model_merger::m_map_regions_from_a_to_m): Delete.
2777 (model_merger::m_map_regions_from_b_to_m): Delete.
2778 (model_merger::m_sid_mapping): Delete.
2779 (struct svalue_id_merger_mapping): Delete.
2780 (class engine): New.
2781 (struct canonicalization): Delete.
2782 (inchash::add): Delete decls for hashing svalue_id and region_id.
2783 (test_region_model_context::on_unexpected_tree_code): Require t to
2785 (selftest::assert_condition): Add overload comparing a pair of
2787 * sm-file.cc: Include "tristate.h", "selftest.h",
2788 "analyzer/call-string.h", "analyzer/program-point.h",
2789 "analyzer/store.h", and "analyzer/region-model.h".
2790 (fileptr_state_machine::get_default_state): New.
2791 (fileptr_state_machine::on_stmt): Remove calls to
2792 get_readable_tree in favor of get_diagnostic_tree.
2793 * sm-malloc.cc: Include "tristate.h", "selftest.h",
2794 "analyzer/call-string.h", "analyzer/program-point.h",
2795 "analyzer/store.h", and "analyzer/region-model.h".
2796 (malloc_state_machine::get_default_state): New.
2797 (malloc_state_machine::reset_when_passed_to_unknown_fn_p): New.
2798 (malloc_diagnostic::describe_state_change): Handle change.m_expr
2800 (null_arg::emit): Avoid printing "NULL '0'".
2801 (null_arg::describe_final_event): Avoid printing "(0) NULL".
2802 (malloc_leak::emit): Handle m_arg being NULL.
2803 (malloc_leak::describe_final_event): Handle ev.m_expr being NULL.
2804 (malloc_state_machine::on_stmt): Don't call get_readable_tree.
2805 Call get_diagnostic_tree when creating pending diagnostics.
2806 Update for is_zero_assignment becoming a member function of
2808 Don't transition to m_non_heap for ADDR_EXPR(MEM_REF()).
2809 (malloc_state_machine::reset_when_passed_to_unknown_fn_p): New
2810 vfunc implementation.
2811 * sm-sensitive.cc (sensitive_state_machine::warn_for_any_exposure): Call
2812 get_diagnostic_tree and pass the result to warn_for_state.
2813 * sm-signal.cc: Move includes of "analyzer/call-string.h" and
2814 "analyzer/program-point.h" to before "analyzer/region-model.h",
2815 and also include "analyzer/store.h" before it.
2816 (signal_unsafe_call::describe_state_change): Use
2817 get_dest_function to get handler.
2818 (update_model_for_signal_handler): Pass manager to region_model
2820 (register_signal_handler::impl_transition): Update for changes to
2821 get_or_create_node and add_edge.
2822 * sm-taint.cc (taint_state_machine::on_stmt): Remove calls to
2823 get_readable_tree, replacing them when calling warn_for_state with
2824 calls to get_diagnostic_tree.
2825 * sm.cc (is_zero_assignment): Delete.
2826 (any_pointer_p): Move to within namespace ana.
2827 * sm.h (is_zero_assignment): Remove decl.
2828 (any_pointer_p): Move decl to within namespace ana.
2829 (state_machine::get_default_state): New vfunc.
2830 (state_machine::reset_when_passed_to_unknown_fn_p): New vfunc.
2831 (sm_context::get_readable_tree): Rename to...
2832 (sm_context::get_diagnostic_tree): ...this.
2833 (sm_context::is_zero_assignment): New vfunc.
2834 * store.cc: New file.
2835 * store.h: New file.
2836 * svalue.cc: New file.
2838 2020-05-22 Mark Wielaard <mark@klomp.org>
2840 * sm-signal.cc(signal_unsafe_call::emit): Possibly add
2841 gcc_rich_location note for replacement.
2842 (signal_unsafe_call::get_replacement_fn): New private function.
2843 (get_async_signal_unsafe_fns): Add "exit".
2845 2020-04-28 David Malcolm <dmalcolm@redhat.com>
2848 * engine.cc (impl_region_model_context::on_unexpected_tree_code):
2850 * region-model.cc (region_model::add_region_for_type): Handle
2853 (test_region_model_context::on_unexpected_tree_code): Handle NULL
2856 2020-04-28 David Malcolm <dmalcolm@redhat.com>
2862 * analyzer.opt (Wanalyzer-use-of-uninitialized-value): Delete.
2863 * program-state.cc (selftest::test_program_state_dumping): Update
2864 expected dump result for removal of "uninit".
2865 * region-model.cc (poison_kind_to_str): Delete POISON_KIND_UNINIT
2867 (root_region::ensure_stack_region): Initialize stack with null
2868 svalue_id rather than with a typeless POISON_KIND_UNINIT value.
2869 (root_region::ensure_heap_region): Likewise for the heap.
2870 (region_model::dump_summary_of_rep_path_vars): Remove
2871 summarization of uninit values.
2872 (region_model::validate): Remove check that the stack has a
2873 POISON_KIND_UNINIT value.
2874 (poisoned_value_diagnostic::emit): Remove POISON_KIND_UNINIT
2876 (poisoned_value_diagnostic::describe_final_event): Likewise.
2877 (selftest::test_dump): Update expected dump result for removal of
2879 (selftest::test_svalue_equality): Remove "uninit" and "freed".
2880 * region-model.h (enum poison_kind): Remove POISON_KIND_UNINIT.
2882 2020-04-01 David Malcolm <dmalcolm@redhat.com>
2885 * checker-path.cc: Include "bitmap.h".
2886 * constraint-manager.cc: Likewise.
2887 * diagnostic-manager.cc: Likewise.
2888 * engine.cc: Likewise.
2889 (exploded_node::detect_leaks): Pass null region_id to pop_frame.
2890 * program-point.cc: Include "bitmap.h".
2891 * program-state.cc: Likewise.
2892 * region-model.cc (id_set<region_id>::id_set): Convert to...
2893 (region_id_set::region_id_set): ...this.
2894 (svalue_id_set::svalue_id_set): New ctor.
2895 (region_model::copy_region): New function.
2896 (region_model::copy_struct_region): New function.
2897 (region_model::copy_union_region): New function.
2898 (region_model::copy_array_region): New function.
2899 (stack_region::pop_frame): Drop return value. Add
2900 "result_dst_rid" param; if it is non-null, use copy_region to copy
2901 the result to it. Rather than capture and pass a single "known
2902 used" return value to be used by purge_unused_values, instead
2903 gather and pass a set of known used return values.
2904 (root_region::pop_frame): Drop return value. Add "result_dst_rid"
2906 (region_model::on_assignment): Use copy_region.
2907 (region_model::on_return): Likewise for the result.
2908 (region_model::on_longjmp): Pass null for pop_frame's
2910 (region_model::update_for_return_superedge): Pass the region for the
2911 return value of the call, if any, to pop_frame, rather than setting
2912 the lvalue for the lhs of the result.
2913 (region_model::pop_frame): Drop return value. Add
2914 "result_dst_rid" param.
2915 (region_model::purge_unused_svalues): Convert third param from an
2916 svalue_id * to an svalue_id_set *, updating the initial populating
2917 of the "used" bitmap accordingly. Don't remap it when done.
2918 (struct selftest::coord_test): New selftest fixture, extracted from...
2919 (selftest::test_dump_2): ...here.
2920 (selftest::test_compound_assignment): New selftest.
2921 (selftest::test_stack_frames): Pass null to new param of pop_frame.
2922 (selftest::analyzer_region_model_cc_tests): Call the new selftest.
2923 * region-model.h (class id_set): Delete template.
2924 (class region_id_set): Reimplement, using old id_set implementation.
2925 (class svalue_id_set): Likewise. Convert from auto_sbitmap to
2927 (region::get_active_view): New accessor.
2928 (stack_region::pop_frame): Drop return value. Add
2929 "result_dst_rid" param.
2930 (root_region::pop_frame): Likewise.
2931 (region_model::pop_frame): Likewise.
2932 (region_model::copy_region): New decl.
2933 (region_model::purge_unused_svalues): Convert third param from an
2934 svalue_id * to an svalue_id_set *.
2935 (region_model::copy_struct_region): New decl.
2936 (region_model::copy_union_region): New decl.
2937 (region_model::copy_array_region): New decl.
2939 2020-03-27 David Malcolm <dmalcolm@redhat.com>
2941 * program-state.cc (selftest::test_program_state_dumping): Update
2942 expected dump to include symbolic_region's possibly_null field.
2943 * region-model.cc (symbolic_region::print_fields): New vfunc
2945 (region_model::add_constraint): Clear m_possibly_null from
2946 symbolic_regions now known to be non-NULL.
2947 (selftest::test_malloc_constraints): New selftest.
2948 (selftest::analyzer_region_model_cc_tests): Call it.
2949 * region-model.h (region::dyn_cast_symbolic_region): Add non-const
2951 (symbolic_region::dyn_cast_symbolic_region): Implement it.
2952 (symbolic_region::print_fields): New vfunc override decl.
2954 2020-03-27 David Malcolm <dmalcolm@redhat.com>
2956 * analyzer.h (class feasibility_problem): New forward decl.
2957 * diagnostic-manager.cc (saved_diagnostic::saved_diagnostic):
2958 Initialize new fields m_status, m_epath_length, and m_problem.
2959 (saved_diagnostic::~saved_diagnostic): Delete m_problem.
2960 (dedupe_candidate::dedupe_candidate): Convert "sd" param from a
2961 const ref to a mutable ptr.
2962 (dedupe_winners::add): Convert "sd" param from a const ref to a
2963 mutable ptr. Record the length of the exploded_path. Record the
2964 feasibility/infeasibility of sd into sd, capturing a
2965 feasibility_problem when feasible_p fails, and storing it in sd.
2966 (diagnostic_manager::emit_saved_diagnostics): Update for pass by
2967 ptr rather than by const ref.
2968 * diagnostic-manager.h (class saved_diagnostic): Add new enum
2969 status. Add fields m_status, m_epath_length and m_problem.
2970 (saved_diagnostic::set_feasible): New member function.
2971 (saved_diagnostic::set_infeasible): New member function.
2972 (saved_diagnostic::get_feasibility_problem): New accessor.
2973 (saved_diagnostic::get_status): New accessor.
2974 (saved_diagnostic::set_epath_length): New member function.
2975 (saved_diagnostic::get_epath_length): New accessor.
2976 * engine.cc: Include "gimple-pretty-print.h".
2977 (exploded_path::feasible_p): Add OUT param and, if non-NULL, write
2978 a new feasibility_problem to it on failure.
2979 (viz_callgraph_node::dump_dot): Convert begin_tr calls to
2980 begin_trtd. Convert end_tr calls to end_tdtr.
2981 (class exploded_graph_annotator): New subclass of dot_annotator.
2982 (impl_run_checkers): Add a second -fdump-analyzer-supergraph dump
2983 after the analysis runs, using exploded_graph_annotator. dumping
2984 to DUMP_BASE_NAME.supergraph-eg.dot.
2985 * exploded-graph.h (exploded_node::get_dot_fillcolor): Make
2987 (exploded_path::feasible_p): Add OUT param.
2988 (class feasibility_problem): New class.
2989 * state-purge.cc (state_purge_annotator::add_node_annotations):
2990 Return a bool, add a "within_table" param.
2991 (print_vec_of_names): Convert begin_tr calls to begin_trtd.
2992 Convert end_tr calls to end_tdtr.
2993 (state_purge_annotator::add_stmt_annotations): Add "within_row"
2995 * state-purge.h ((state_purge_annotator::add_node_annotations):
2996 Return a bool, add a "within_table" param.
2997 (state_purge_annotator::add_stmt_annotations): Add "within_row"
2999 * supergraph.cc (supernode::dump_dot): Call add_node_annotations
3000 twice: as before, passing false for "within_table", then again
3001 with true when within the TABLE element. Convert some begin_tr
3002 calls to begin_trtd, and some end_tr calls to end_tdtr.
3003 Repeat each add_stmt_annotations call, distinguishing between
3004 calls that add TRs and those that add TDs to an existing TR.
3005 Add a call to add_after_node_annotations.
3006 * supergraph.h (dot_annotator::add_node_annotations): Add a
3007 "within_table" param.
3008 (dot_annotator::add_stmt_annotations): Add a "within_row" param.
3009 (dot_annotator::add_after_node_annotations): New vfunc.
3011 2020-03-27 David Malcolm <dmalcolm@redhat.com>
3013 * diagnostic-manager.cc (dedupe_winners::add): Show the
3014 exploded_node index in the log messages.
3015 (diagnostic_manager::emit_saved_diagnostics): Log a summary of
3016 m_saved_diagnostics at entry.
3018 2020-03-27 David Malcolm <dmalcolm@redhat.com>
3020 * supergraph.cc (superedge::dump): Add space before description;
3021 move newline to non-pretty_printer overload.
3023 2020-03-18 David Malcolm <dmalcolm@redhat.com>
3025 * region-model.cc: Include "stor-layout.h".
3026 (region_model::dump_to_pp): Rather than calling
3027 dump_summary_of_map on each of the current frame and the globals,
3028 instead get a vec of representative path_vars for all regions,
3029 and then dump a summary of all of them.
3030 (region_model::dump_summary_of_map): Delete, rewriting into...
3031 (region_model::dump_summary_of_rep_path_vars): ...this new
3032 function, working on a vec of path_vars.
3033 (region_model::set_value): New overload.
3034 (region_model::get_representative_path_var): Rename
3035 "parent_region" local to "parent_reg" and consolidate with other
3036 local. Guard test for grandparent being stack on parent_reg being
3037 non-NULL. Move handling for parent being an array_region to
3038 within guard for parent_reg being non-NULL.
3039 (selftest::make_test_compound_type): New function.
3040 (selftest::test_dump_2): New selftest.
3041 (selftest::test_dump_3): New selftest.
3042 (selftest::test_stack_frames): Update expected output from
3043 simplified dump to show "a" and "b" from parent frame and "y" in
3045 (selftest::analyzer_region_model_cc_tests): Call test_dump_2 and
3047 * region-model.h (region_model::set_value): New overload decl.
3048 (region_model::dump_summary_of_map): Delete.
3049 (region_model::dump_summary_of_rep_path_vars): New.
3051 2020-03-18 David Malcolm <dmalcolm@redhat.com>
3053 * region-model.h (class noop_region_model_context): New subclass
3054 of region_model_context.
3055 (class tentative_region_model_context): Inherit from
3056 noop_region_model_context rather than from region_model_context;
3057 drop redundant vfunc implementations.
3058 (class test_region_model_context): Likewise.
3060 2020-03-18 David Malcolm <dmalcolm@redhat.com>
3062 * engine.cc (exploded_node::exploded_node): Move implementation
3063 here from header; accept point_and_state by const reference rather
3065 * exploded-graph.h (exploded_node::exploded_node): Pass
3066 point_and_state by const reference rather than by value. Move
3069 2020-03-18 Jakub Jelinek <jakub@redhat.com>
3071 * sm-malloc.cc (malloc_state_machine::on_stmt): Fix up duplicated word
3073 * region-model.cc (region_model::make_region_for_unexpected_tree_code,
3074 region_model::delete_region_and_descendents): Likewise.
3075 * engine.cc (class exploded_cluster): Likewise.
3076 * diagnostic-manager.cc (class path_builder): Likewise.
3078 2020-03-13 David Malcolm <dmalcolm@redhat.com>
3082 * diagnostic-manager.cc (for_each_state_change): Bulletproof
3083 against errors in get_rvalue by passing a
3084 tentative_region_model_context and rejecting if there's an error.
3085 * region-model.cc (region_model::get_lvalue_1): When handling
3086 ARRAY_REF, handle results of error-handling. Handle NOP_EXPR.
3088 2020-03-06 David Malcolm <dmalcolm@redhat.com>
3090 * analyzer.h (class array_region): New forward decl.
3091 * program-state.cc (selftest::test_program_state_dumping_2): New.
3092 (selftest::analyzer_program_state_cc_tests): Call it.
3093 * region-model.cc (array_region::constant_from_key): New.
3094 (region_model::get_representative_tree): Handle region_svalue by
3095 generating an ADDR_EXPR.
3096 (region_model::get_representative_path_var): In view handling,
3097 remove erroneous TREE_TYPE when determining the type of the tree.
3098 Handle array regions and STRING_CST.
3099 (selftest::assert_dump_tree_eq): New.
3100 (ASSERT_DUMP_TREE_EQ): New macro.
3101 (selftest::test_get_representative_tree): New selftest.
3102 (selftest::analyzer_region_model_cc_tests): Call it.
3103 * region-model.h (region::dyn_cast_array_region): New vfunc.
3104 (array_region::dyn_cast_array_region): New vfunc implementation.
3105 (array_region::constant_from_key): New decl.
3107 2020-03-06 David Malcolm <dmalcolm@redhat.com>
3109 * analyzer.h (dump_quoted_tree): New decl.
3110 * engine.cc (exploded_node::dump_dot): Pass region model to
3111 sm_state_map::print.
3112 * program-state.cc: Include diagnostic-core.h.
3113 (sm_state_map::print): Add "model" param and use it to print
3114 representative trees. Only print origin information if non-null.
3115 (sm_state_map::dump): Pass NULL for model to print call.
3116 (program_state::print): Pass region model to sm_state_map::print.
3117 (program_state::dump_to_pp): Use spaces rather than newlines when
3118 summarizing. Pass region_model to sm_state_map::print.
3119 (ana::selftest::assert_dump_eq): New function.
3120 (ASSERT_DUMP_EQ): New macro.
3121 (ana::selftest::test_program_state_dumping): New function.
3122 (ana::selftest::analyzer_program_state_cc_tests): Call it.
3123 * program-state.h (program_state::print): Add model param.
3124 * region-model.cc (dump_quoted_tree): New function.
3125 (map_region::print_fields): Use dump_quoted_tree rather than
3126 %qE to avoid lang-dependent output.
3127 (map_region::dump_child_label): Likewise.
3128 (region_model::dump_summary_of_map): For SK_REGION, when
3129 get_representative_path_var fails, print the region id rather than
3130 erroneously printing NULL.
3131 * sm.cc (state_machine::get_state_by_name): New function.
3132 * sm.h (state_machine::get_state_by_name): New decl.
3134 2020-03-04 David Malcolm <dmalcolm@redhat.com>
3136 * region-model.cc (region::validate): Convert model param from ptr
3137 to reference. Update comment to reflect that it's now a vfunc.
3138 (map_region::validate): New vfunc implementation.
3139 (array_region::validate): New vfunc implementation.
3140 (stack_region::validate): New vfunc implementation.
3141 (root_region::validate): New vfunc implementation.
3142 (region_model::validate): Pass a reference rather than a pointer
3143 to the region::validate vfunc.
3144 * region-model.h (region::validate): Make virtual. Convert model
3145 param from ptr to reference.
3146 (map_region::validate): New vfunc decl.
3147 (array_region::validate): New vfunc decl.
3148 (stack_region::validate): New vfunc decl.
3149 (root_region::validate): New vfunc decl.
3151 2020-03-04 David Malcolm <dmalcolm@redhat.com>
3154 * region-model.cc (region_model::on_call_pre): Handle
3155 BUILT_IN_EXPECT and its variants.
3156 (region_model::add_any_constraints_from_ssa_def_stmt): Split out
3157 gassign handling into add_any_constraints_from_gassign; add gcall
3159 (region_model::add_any_constraints_from_gassign): New function,
3160 based on the above. Add handling for NOP_EXPR.
3161 (region_model::add_any_constraints_from_gcall): New function.
3162 (region_model::get_representative_path_var): Handle views.
3164 (region_model::add_any_constraints_from_ssa_def_stmt): New decl.
3165 (region_model::add_any_constraints_from_gassign): New decl.
3167 2020-03-04 David Malcolm <dmalcolm@redhat.com>
3170 * checker-path.h (state_change_event::get_lvalue): Add ctxt param
3171 and pass it to region_model::get_value call.
3172 * diagnostic-manager.cc (get_any_origin): Pass a
3173 tentative_region_model_context to the calls to get_lvalue and reject
3174 the comparison if errors occur.
3175 (can_be_expr_of_interest_p): New function.
3176 (diagnostic_manager::prune_for_sm_diagnostic): Replace checks for
3177 CONSTANT_CLASS_P with calls to update_for_unsuitable_sm_exprs.
3178 Pass a tentative_region_model_context to the calls to
3179 state_change_event::get_lvalue and reject the comparison if errors
3181 (diagnostic_manager::update_for_unsuitable_sm_exprs): New.
3182 * diagnostic-manager.h
3183 (diagnostic_manager::update_for_unsuitable_sm_exprs): New decl.
3184 * region-model.h (class tentative_region_model_context): New class.
3186 2020-03-04 David Malcolm <dmalcolm@redhat.com>
3188 * engine.cc (worklist::worklist): Remove unused field m_eg.
3189 (class viz_callgraph_edge): Remove unused field m_call_sedge.
3190 (class viz_callgraph): Remove unused field m_sg.
3191 * exploded-graph.h (worklist::::m_eg): Remove unused field.
3193 2020-03-02 David Malcolm <dmalcolm@redhat.com>
3195 * analyzer.opt (fanalyzer-show-duplicate-count): New option.
3196 * diagnostic-manager.cc
3197 (diagnostic_manager::emit_saved_diagnostic): Use the above to
3198 guard the printing of the duplicate count.
3200 2020-03-02 David Malcolm <dmalcolm@redhat.com>
3203 * analyzer.cc (is_std_function_p): New function.
3204 (is_std_named_call_p): New functions.
3205 * analyzer.h (is_std_named_call_p): New decl.
3206 * sm-malloc.cc (malloc_state_machine::on_stmt): Check for "std::"
3207 variants when checking for malloc, calloc and free.
3209 2020-02-26 David Malcolm <dmalcolm@redhat.com>
3212 * diagnostic-manager.cc
3213 (diagnostic_manager::prune_for_sm_diagnostic): Assert that var is
3214 either NULL or not a constant. When updating var, bulletproof
3215 against constant values.
3217 2020-02-26 David Malcolm <dmalcolm@redhat.com>
3220 * region-model.cc (region_model::get_fndecl_for_call): Gracefully
3221 fail for fn_decls that don't have a cgraph_node.
3223 2020-02-26 David Malcolm <dmalcolm@redhat.com>
3225 * bar-chart.cc: New file.
3226 * bar-chart.h: New file.
3227 * engine.cc: Include "analyzer/bar-chart.h".
3228 (stats::log): Only log the m_num_nodes kinds that are non-zero.
3229 (stats::dump): Likewise when dumping.
3230 (stats::get_total_enodes): New.
3231 (exploded_graph::get_or_create_node): Increment the per-point-data
3232 m_excess_enodes when hitting the per-program-point limit on
3234 (exploded_graph::print_bar_charts): New.
3235 (exploded_graph::log_stats): Log the number of unprocessed enodes
3236 in the worklist. Call print_bar_charts.
3237 (exploded_graph::dump_stats): Print the number of unprocessed
3238 enodes in the worklist.
3239 * exploded-graph.h (stats::get_total_enodes): New decl.
3240 (struct per_program_point_data): Add field m_excess_enodes.
3241 (exploded_graph::print_bar_charts): New decl.
3242 * supergraph.cc (superedge::dump): New.
3243 (superedge::dump): New.
3244 * supergraph.h (supernode::get_function): New.
3245 (superedge::dump): New decl.
3246 (superedge::dump): New decl.
3248 2020-02-24 David Malcolm <dmalcolm@redhat.com>
3250 * engine.cc (exploded_graph::get_or_create_node): Dump the
3251 program_state to the pp, rather than to stderr.
3253 2020-02-24 David Malcolm <dmalcolm@redhat.com>
3256 * sm.cc (make_checkers): Require the "taint" checker to be
3259 2020-02-24 David Malcolm <dmalcolm@redhat.com>
3263 (impl_region_model_context::impl_region_model_context): Add logger
3265 * engine.cc (exploded_graph::add_function_entry): Create an
3266 impl_region_model_context and pass it to the push_frame call.
3267 Bail if the resulting state is invalid.
3268 (exploded_graph::build_initial_worklist): Likewise.
3269 (exploded_graph::build_initial_worklist): Handle the case where
3270 add_function_entry fails.
3272 (impl_region_model_context::impl_region_model_context): Add logger
3274 * region-model.cc (map_region::get_or_create): Add ctxt param and
3275 pass it to add_region_for_type.
3276 (map_region::can_merge_p): Pass NULL as a ctxt to call to
3278 (array_region::get_element): Pass ctxt to call to get_or_create.
3279 (array_region::get_or_create): Add ctxt param and pass it to
3280 add_region_for_type.
3281 (root_region::push_frame): Pass ctxt to get_or_create calls.
3282 (region_model::get_lvalue_1): Likewise.
3283 (region_model::make_region_for_unexpected_tree_code): Assert that
3285 (region_model::get_rvalue_1): Pass ctxt to get_svalue_for_fndecl
3286 and get_svalue_for_label calls.
3287 (region_model::get_svalue_for_fndecl): Add ctxt param and pass it
3288 to get_region_for_fndecl.
3289 (region_model::get_region_for_fndecl): Add ctxt param and pass it
3291 (region_model::get_svalue_for_label): Add ctxt param and pass it
3292 to get_region_for_label.
3293 (region_model::get_region_for_label): Add ctxt param and pass it
3294 to get_region_for_fndecl and get_or_create.
3295 (region_model::get_field_region): Add ctxt param and pass it to
3296 get_or_create_view and get_or_create.
3297 (make_region_for_type): Replace gcc_unreachable with return NULL.
3298 (region_model::add_region_for_type): Add ctxt param. Handle a
3299 return of NULL from make_region_for_type by calling
3300 make_region_for_unexpected_tree_code.
3301 (region_model::get_or_create_mem_ref): Pass ctxt to calls to
3303 (region_model::get_or_create_view): Add ctxt param and pass it to
3304 add_region_for_type.
3305 (selftest::test_state_merging): Pass ctxt to get_or_create_view.
3306 * region-model.h (region_model::get_or_create): Add ctxt param.
3307 (region_model::add_region_for_type): Likewise.
3308 (region_model::get_svalue_for_fndecl): Likewise.
3309 (region_model::get_svalue_for_label): Likewise.
3310 (region_model::get_region_for_fndecl): Likewise.
3311 (region_model::get_region_for_label): Likewise.
3312 (region_model::get_field_region): Likewise.
3313 (region_model::get_or_create_view): Likewise.
3315 2020-02-24 David Malcolm <dmalcolm@redhat.com>
3317 * checker-path.cc (superedge_event::should_filter_p): Update
3318 filter for empty descriptions to cover verbosity level 3 as well
3320 * diagnostic-manager.cc: Include "analyzer/reachability.h".
3321 (class path_builder): New class.
3322 (diagnostic_manager::emit_saved_diagnostic): Create a path_builder
3323 and pass it to build_emission_path, rather passing eg; similarly
3324 for add_events_for_eedge and ext_state.
3325 (diagnostic_manager::build_emission_path): Replace "eg" param
3326 with a path_builder, pass it to add_events_for_eedge.
3327 (diagnostic_manager::add_events_for_eedge): Replace ext_state
3328 param with path_builder; pass it to add_events_for_superedge.
3329 (diagnostic_manager::significant_edge_p): New.
3330 (diagnostic_manager::add_events_for_superedge): Add path_builder
3331 param. Reject insignificant edges at verbosity levels below 3.
3332 (diagnostic_manager::prune_for_sm_diagnostic): Update highest
3333 verbosity level to 4.
3334 * diagnostic-manager.h (class path_builder): New forward decl.
3335 (diagnostic_manager::build_emission_path): Replace "eg" param
3336 with a path_builder.
3337 (diagnostic_manager::add_events_for_eedge): Replace ext_state
3338 param with path_builder.
3339 (diagnostic_manager::significant_edge_p): New.
3340 (diagnostic_manager::add_events_for_superedge): Add path_builder
3342 * reachability.h: New file.
3344 2020-02-18 David Malcolm <dmalcolm@redhat.com>
3347 * analyzer.opt (fdump-analyzer-callgraph): Rewrite description.
3349 2020-02-18 David Malcolm <dmalcolm@redhat.com>
3352 * region-model.cc (region_model::maybe_cast_1): Replace assertion
3353 that build_cast returns non-NULL with a conditional, falling
3354 through to the logic which returns a new unknown value of the
3355 desired type if it fails.
3357 2020-02-18 David Malcolm <dmalcolm@redhat.com>
3360 * engine.cc (impl_region_model_context::on_unknown_tree_code):
3362 (impl_region_model_context::on_unexpected_tree_code): ...this and
3363 convert first argument from path_var to tree.
3364 (exploded_node::on_stmt): Pass ctxt to purge_for_unknown_fncall.
3365 * exploded-graph.h (region_model_context::on_unknown_tree_code):
3367 (region_model_context::on_unexpected_tree_code): ...this and
3368 convert first argument from path_var to tree.
3369 * program-state.cc (sm_state_map::purge_for_unknown_fncall): Add
3370 ctxt param and pass on to calls to get_rvalue.
3371 * program-state.h (sm_state_map::purge_for_unknown_fncall): Add
3373 * region-model.cc (region_model::handle_unrecognized_call): Pass
3374 ctxt on to call to get_rvalue.
3375 (region_model::get_lvalue_1): Move body of default case to
3376 region_model::make_region_for_unexpected_tree_code and call it.
3377 Within COMPONENT_REF case, reject attempts to handle types other
3378 than RECORD_TYPE and UNION_TYPE.
3379 (region_model::make_region_for_unexpected_tree_code): New
3380 function, based on default case of region_model::get_lvalue_1.
3382 (region_model::make_region_for_unexpected_tree_code): New decl.
3383 (region_model::on_unknown_tree_code): Rename to...
3384 (region_model::on_unexpected_tree_code): ...this and convert first
3385 argument from path_var to tree.
3386 (class test_region_model_context): Update vfunc implementation for
3389 2020-02-18 David Malcolm <dmalcolm@redhat.com>
3393 (region_model::convert_byte_offset_to_array_index): Use
3394 int_size_in_bytes before calling size_in_bytes, to gracefully fail
3395 on incomplete types.
3397 2020-02-17 David Malcolm <dmalcolm@redhat.com>
3400 * region-model.cc (region_model::get_fndecl_for_call): Handle the
3401 case where the code_region's get_tree_for_child_region returns
3404 2020-02-17 David Malcolm <dmalcolm@redhat.com>
3407 * engine.cc (impl_region_model_context::on_unknown_tree_code):
3409 (exploded_graph::get_or_create_node): Reject invalid states.
3411 (impl_region_model_context::on_unknown_tree_code): New decl.
3412 (point_and_state::point_and_state): Assert that the state is
3414 * program-state.cc (program_state::program_state): Initialize
3416 (program_state::operator=): Copy m_valid.
3417 (program_state::program_state): Likewise for move constructor.
3418 (program_state::print): Print m_valid.
3419 (program_state::dump_to_pp): Likewise.
3420 * program-state.h (program_state::m_valid): New field.
3421 * region-model.cc (region_model::get_lvalue_1): Implement the
3422 default case by returning a new symbolic region and calling
3423 the context's on_unknown_tree_code, rather than issuing an
3424 internal_error. Implement VIEW_CONVERT_EXPR.
3425 * region-model.h (region_model_context::on_unknown_tree_code): New
3427 (test_region_model_context::on_unknown_tree_code): New.
3429 2020-02-17 David Malcolm <dmalcolm@redhat.com>
3431 * sm-malloc.cc (malloc_diagnostic::describe_state_change): For
3432 transition to the "null" state, only say "assuming" when
3433 transitioning from the "unchecked" state.
3435 2020-02-17 David Malcolm <dmalcolm@redhat.com>
3437 * diagnostic-manager.h (diagnostic_manager::get_saved_diagnostic):
3439 * engine.cc (exploded_node::dump_dot): Dump saved_diagnostics.
3440 * exploded-graph.h (exploded_graph::get_diagnostic_manager): Add
3443 2020-02-11 David Malcolm <dmalcolm@redhat.com>
3446 * analysis-plan.cc (analysis_plan::use_summary_p): Look through
3447 the ultimate_alias_target when getting the called function.
3448 * engine.cc (exploded_node::on_stmt): Rename second "ctxt" to
3449 "sm_ctxt". Use the region_model's get_fndecl_for_call rather than
3451 * region-model.cc (region_model::get_fndecl_for_call): Use
3452 ultimate_alias_target on fndecl.
3453 * supergraph.cc (get_ultimate_function_for_cgraph_edge): New
3455 (supergraph_call_edge): Use it when rejecting edges without
3457 (supergraph::supergraph): Use it to get the function for the
3458 cgraph_edge when building interprocedural superedges.
3459 (callgraph_superedge::get_callee_function): Use it.
3460 * supergraph.h (supergraph::get_num_snodes): Make param const.
3461 (supergraph::function_to_num_snodes_t): Make first type param
3464 2020-02-11 David Malcolm <dmalcolm@redhat.com>
3467 * engine.cc (exploded_edge::exploded_edge): Add ext_state param
3468 and pass it to change.validate.
3469 (exploded_graph::get_or_create_node): Move purging of change
3470 svalues to also cover the case of reusing an existing enode.
3471 (exploded_graph::add_edge): Pass m_ext_state to exploded_edge's
3473 * exploded-graph.h (exploded_edge::exploded_edge): Add ext_state
3475 * program-state.cc (state_change::sm_change::validate): Likewise.
3476 Assert that m_sm_idx is sane. Use ext_state to validate
3477 m_old_state and m_new_state.
3478 (state_change::validate): Add ext_state param and pass it to
3479 the sm_change validate calls.
3480 * program-state.h (state_change::sm_change::validate): Add
3482 (state_change::validate): Likewise.
3484 2020-02-11 David Malcolm <dmalcolm@redhat.com>
3487 * engine.cc (exploded_graph::dump_exploded_nodes): Handle missing
3488 case of STATUS_WORKLIST in implementation of
3489 "__analyzer_dump_exploded_nodes".
3491 2020-02-11 David Malcolm <dmalcolm@redhat.com>
3494 * constraint-manager.cc (constraint_manager::add_constraint): When
3495 merging equivalence classes and updating m_constant, also update
3497 (constraint_manager::validate): If m_constant is non-NULL assert
3498 that m_cst_sid is non-null and is valid.
3500 2020-02-11 David Malcolm <dmalcolm@redhat.com>
3503 * analyzer.opt (fdump-analyzer): Reword description.
3504 (fdump-analyzer-stderr): Likewise.
3506 2020-02-11 David Malcolm <dmalcolm@redhat.com>
3508 * region-model.cc (print_quoted_type): New function.
3509 (svalue::print): Use it to replace %qT.
3510 (region::dump_to_pp): Likewise.
3511 (region::dump_child_label): Likewise.
3512 (region::print_fields): Likewise.
3514 2020-02-10 David Malcolm <dmalcolm@redhat.com>
3517 * analyzer.opt (-param=analyzer-max-recursion-depth=): Fix "tha"
3519 (Wanalyzer-use-of-uninitialized-value): Fix "initialized" ->
3520 "uninitialized" typo.
3522 2020-02-10 David Malcolm <dmalcolm@redhat.com>
3525 * region-model.cc (region_model::get_lvalue_1):
3526 Handle BIT_FIELD_REF.
3527 (make_region_for_type): Handle VECTOR_TYPE.
3529 2020-02-10 David Malcolm <dmalcolm@redhat.com>
3532 * diagnostic-manager.cc
3533 (diagnostic_manager::prune_for_sm_diagnostic): Bulletproof against
3535 * region-model.cc (region_model::get_lvalue_1): Provide a better
3536 error message when encountering an unhandled tree code.
3538 2020-02-10 David Malcolm <dmalcolm@redhat.com>
3541 * region-model.cc (region_model::get_lvalue_1): Implement
3544 2020-02-06 David Malcolm <dmalcolm@redhat.com>
3546 * region-model.cc (region_model::maybe_cast_1): Attempt to provide
3547 a region_svalue if either type is a pointer, rather than if both
3550 2020-02-05 David Malcolm <dmalcolm@redhat.com>
3552 * engine.cc (exploded_node::dump_dot): Show merger enodes.
3553 (worklist::add_node): Assert that the node's m_status is
3555 (exploded_graph::process_worklist): Likewise for nodes from the
3556 worklist. Set status of merged nodes to STATUS_MERGER.
3557 (exploded_graph::process_node): Set status of node to
3559 (exploded_graph::dump_exploded_nodes): Rework handling of
3560 "__analyzer_dump_exploded_nodes", splitting enodes by status into
3561 "processed" and "merger", showing the count of just the processed
3562 enodes at the call, rather than the count of all enodes.
3563 * exploded-graph.h (exploded_node::status): New enum.
3564 (exploded_node::exploded_node): Initialize m_status to
3566 (exploded_node::get_status): New getter.
3567 (exploded_node::set_status): New setter.
3569 2020-02-04 David Malcolm <dmalcolm@redhat.com>
3572 * engine.cc (pod_hash_traits<function_call_string>::mark_empty):
3573 Eliminate reinterpret_cast.
3574 (pod_hash_traits<function_call_string>::is_empty): Likewise.
3576 2020-02-03 David Malcolm <dmalcolm@redhat.com>
3578 * constraint-manager.cc (range::constrained_to_single_element):
3579 Replace fold_build2 with fold_binary. Remove unnecessary newline.
3580 (constraint_manager::get_or_add_equiv_class): Replace fold_build2
3581 with fold_binary in two places, and remove out-of-date comment.
3582 (constraint_manager::eval_condition): Replace fold_build2 with
3584 * region-model.cc (constant_svalue::eval_condition): Likewise.
3585 (region_model::on_assignment): Likewise.
3587 2020-02-03 David Malcolm <dmalcolm@redhat.com>
3590 * diagnostic-manager.cc
3591 (diagnostic_manager::prune_for_sm_diagnostic): Bulletproof
3592 against bad choices due to bad paths.
3593 * engine.cc (impl_region_model_context::on_phi): New.
3594 * exploded-graph.h (impl_region_model_context::on_phi): New decl.
3595 * region-model.cc (region_model::on_longjmp): Likewise.
3596 (region_model::handle_phi): Add phi param. Call the ctxt's on_phi
3598 (region_model::update_for_phis): Pass phi to handle_phi.
3599 * region-model.h (region_model::handle_phi): Add phi param.
3600 (region_model_context::on_phi): New vfunc.
3601 (test_region_model_context::on_phi): New.
3602 * sm-malloc.cc (malloc_state_machine::on_phi): New.
3603 (malloc_state_machine::on_zero_assignment): New.
3604 * sm.h (state_machine::on_phi): New vfunc.
3606 2020-02-03 David Malcolm <dmalcolm@redhat.com>
3608 * engine.cc (supernode_cluster::dump_dot): Show BB index as
3610 * supergraph.cc (supernode::dump_dot): Likewise.
3612 2020-02-03 David Malcolm <dmalcolm@redhat.com>
3615 * region-model.cc (region_model::on_call_pre): Update for new
3616 param of symbolic_region ctor.
3617 (region_model::deref_rvalue): Likewise.
3618 (region_model::add_new_malloc_region): Likewise.
3619 (make_region_for_type): Likewise, preserving type.
3620 * region-model.h (symbolic_region::symbolic_region): Add "type"
3621 param and pass it to base class ctor.
3623 2020-02-03 David Malcolm <dmalcolm@redhat.com>
3626 * constraint-manager.cc
3627 (constraint_manager::get_or_add_equiv_class): Ensure types are
3628 compatible before comparing constants.
3630 2020-01-31 David Malcolm <dmalcolm@redhat.com>
3633 * region-model.cc (make_region_for_type): Use VOID_TYPE_P rather
3634 than checking against void_type_node.
3636 2020-01-31 David Malcolm <dmalcolm@redhat.com>
3639 * region-model.cc (ASSERT_COMPAT_TYPES): Convert to...
3640 (assert_compat_types): ...this, and bail when either type is NULL,
3641 or when VOID_TYPE_P (dst_type).
3642 (region_model::get_lvalue): Update for above conversion.
3643 (region_model::get_rvalue): Likewise.
3645 2020-01-31 David Malcolm <dmalcolm@redhat.com>
3648 * region-model.cc (region_model::update_for_return_superedge):
3649 Move check for null result so that it also guards setting the
3652 2020-01-31 David Malcolm <dmalcolm@redhat.com>
3655 * region-model.cc (stack_region::can_merge_p): Split into a two
3656 pass approach, creating all stack regions first, then populating
3658 (selftest::test_state_merging): Add test coverage for (a) the case
3659 of self-merging a model in which a local in an older stack frame
3660 points to a local in a more recent stack frame (which previously
3661 would ICE), and (b) the case of self-merging a model in which a
3662 local points to a global (which previously worked OK).
3664 2020-01-31 David Malcolm <dmalcolm@redhat.com>
3666 * analyzer.cc (is_named_call_p): Replace tests for fndecl being
3667 extern at file scope and having a non-NULL DECL_NAME with a call
3668 to maybe_special_function_p.
3669 * function-set.cc (function_set::contains_decl_p): Add call to
3670 maybe_special_function_p.
3672 2020-01-31 David Malcolm <dmalcolm@redhat.com>
3675 * constraint-manager.cc
3676 (constraint_manager::get_or_add_equiv_class): Only compare constants
3677 if their types are compatible.
3678 * region-model.cc (constant_svalue::eval_condition): Replace check
3679 for identical types with call to types_compatible_p.
3681 2020-01-30 David Malcolm <dmalcolm@redhat.com>
3683 * program-state.cc (extrinsic_state::dump_to_pp): New.
3684 (extrinsic_state::dump_to_file): New.
3685 (extrinsic_state::dump): New.
3686 * program-state.h (extrinsic_state::dump_to_pp): New decl.
3687 (extrinsic_state::dump_to_file): New decl.
3688 (extrinsic_state::dump): New decl.
3689 * sm.cc: Include "pretty-print.h".
3690 (state_machine::dump_to_pp): New.
3691 * sm.h (state_machine::dump_to_pp): New decl.
3693 2020-01-30 David Malcolm <dmalcolm@redhat.com>
3695 * diagnostic-manager.cc (for_each_state_change): Use
3696 extrinsic_state::get_num_checkers rather than accessing m_checkers
3698 * program-state.cc (program_state::program_state): Likewise.
3699 * program-state.h (extrinsic_state::m_checkers): Make private.
3701 2020-01-30 David Malcolm <dmalcolm@redhat.com>
3704 * region-model.cc (region_model::eval_condition): In both
3705 overloads, bail out immediately on floating-point types.
3706 (region_model::eval_condition_without_cm): Likewise.
3707 (region_model::add_constraint): Likewise.
3709 2020-01-30 David Malcolm <dmalcolm@redhat.com>
3712 * program-state.cc (sm_state_map::set_state): For the overload
3713 taking an svalue_id, bail out if the set_state on the ec does
3714 nothing. Convert the latter's return type from void to bool,
3715 returning true if anything changed.
3716 (sm_state_map::impl_set_state): Convert the return type from void
3717 to bool, returning true if the state changed.
3718 * program-state.h (sm_state_map::set_state): Convert return type
3720 (sm_state_map::impl_set_state): Likewise.
3721 * region-model.cc (constant_svalue::eval_condition): Only call
3722 fold_build2 if the types are the same.
3724 2020-01-29 Jakub Jelinek <jakub@redhat.com>
3726 * analyzer.h (PUSH_IGNORE_WFORMAT, POP_IGNORE_WFORMAT): Remove.
3727 * constraint-manager.cc: Include diagnostic-core.h before graphviz.h.
3728 (range::dump, equiv_class::print): Don't use PUSH_IGNORE_WFORMAT or
3730 * state-purge.cc: Include diagnostic-core.h before
3731 gimple-pretty-print.h.
3732 (state_purge_annotator::add_node_annotations, print_vec_of_names):
3733 Don't use PUSH_IGNORE_WFORMAT or POP_IGNORE_WFORMAT.
3734 * region-model.cc: Move diagnostic-core.h include before graphviz.h.
3735 (path_var::dump, svalue::print, constant_svalue::print_details,
3736 region::dump_to_pp, region::dump_child_label, region::print_fields,
3737 map_region::print_fields, map_region::dump_dot_to_pp,
3738 map_region::dump_child_label, array_region::print_fields,
3739 array_region::dump_dot_to_pp): Don't use PUSH_IGNORE_WFORMAT or
3742 2020-01-28 David Malcolm <dmalcolm@redhat.com>
3745 * engine.cc (rewind_info_t::update_model): Get the longjmp call
3746 stmt via get_longjmp_call () rather than assuming it is the last
3747 stmt in the longjmp's supernode.
3748 (rewind_info_t::add_events_to_path): Get the location_t for the
3749 rewind_from_longjmp_event via get_longjmp_call () rather than from
3750 the supernode's get_end_location ().
3752 2020-01-28 David Malcolm <dmalcolm@redhat.com>
3754 * region-model.cc (poisoned_value_diagnostic::emit): Update for
3755 renaming of warning_at overload to warning_meta.
3756 * sm-file.cc (file_leak::emit): Likewise.
3757 * sm-malloc.cc (double_free::emit): Likewise.
3758 (possible_null_deref::emit): Likewise.
3759 (possible_null_arg::emit): Likewise.
3760 (null_deref::emit): Likewise.
3761 (null_arg::emit): Likewise.
3762 (use_after_free::emit): Likewise.
3763 (malloc_leak::emit): Likewise.
3764 (free_of_non_heap::emit): Likewise.
3765 * sm-sensitive.cc (exposure_through_output_file::emit): Likewise.
3766 * sm-signal.cc (signal_unsafe_call::emit): Likewise.
3767 * sm-taint.cc (tainted_array_index::emit): Likewise.
3769 2020-01-27 David Malcolm <dmalcolm@redhat.com>
3772 * region-model.cc (tree_cmp): For the REAL_CST case, impose an
3773 arbitrary order on NaNs relative to other NaNs and to non-NaNs;
3774 const-correctness tweak.
3775 (ana::selftests::build_real_cst_from_string): New function.
3776 (ana::selftests::append_interesting_constants): New function.
3777 (ana::selftests::test_tree_cmp_on_constants): New test.
3778 (ana::selftests::test_canonicalization_4): New test.
3779 (ana::selftests::analyzer_region_model_cc_tests): Call the new
3782 2020-01-27 David Malcolm <dmalcolm@redhat.com>
3785 * engine.cc (run_checkers): Save and restore input_location.
3787 2020-01-27 David Malcolm <dmalcolm@redhat.com>
3789 * call-string.cc (call_string::cmp_1): Delete, moving body to...
3790 (call_string::cmp): ...here.
3791 * call-string.h (call_string::cmp_1): Delete decl.
3792 * engine.cc (worklist::key_t::cmp_1): Delete, moving body to...
3793 (worklist::key_t::cmp): ...here. Implement hash comparisons
3794 via comparison rather than subtraction to avoid overflow issues.
3795 * exploded-graph.h (worklist::key_t::cmp_1): Delete decl.
3796 * region-model.cc (tree_cmp): Eliminate buggy checking for
3799 2020-01-27 David Malcolm <dmalcolm@redhat.com>
3801 * analyzer.cc (is_named_call_p): Check that fndecl is "extern"
3802 and at file scope. Potentially disregard prefix _ or __ in
3803 fndecl's name. Bail if the identifier is NULL.
3804 (is_setjmp_call_p): Expect a gcall rather than plain gimple.
3805 Remove special-case check for leading prefix, and also check for
3807 (is_longjmp_call_p): Also check for siglongjmp.
3808 (get_user_facing_name): New function.
3809 * analyzer.h (is_setjmp_call_p): Expect a gcall rather than plain
3811 (get_user_facing_name): New decl.
3812 * checker-path.cc (setjmp_event::get_desc): Use
3813 get_user_facing_name to avoid hardcoding the function name.
3814 (rewind_event::rewind_event): Add rewind_info param, using it to
3815 initialize new m_rewind_info field, and strengthen the assertion.
3816 (rewind_from_longjmp_event::get_desc): Use get_user_facing_name to
3817 avoid hardcoding the function name.
3818 (rewind_to_setjmp_event::get_desc): Likewise.
3819 * checker-path.h (setjmp_event::setjmp_event): Add setjmp_call
3820 param and use it to initialize...
3821 (setjmp_event::m_setjmp_call): New field.
3822 (rewind_event::rewind_event): Add rewind_info param.
3823 (rewind_event::m_rewind_info): New protected field.
3824 (rewind_from_longjmp_event::rewind_from_longjmp_event): Add
3826 (class rewind_to_setjmp_event): Move rewind_info field to parent
3828 * diagnostic-manager.cc (diagnostic_manager::add_events_for_eedge):
3829 Update setjmp-handling for is_setjmp_call_p requiring a gcall;
3830 pass the call to the new setjmp_event.
3831 * engine.cc (exploded_node::on_stmt): Update for is_setjmp_call_p
3833 (stale_jmp_buf::emit): Use get_user_facing_name to avoid
3834 hardcoding the function names.
3835 (exploded_node::on_longjmp): Pass the longjmp_call when
3836 constructing rewind_info.
3837 (rewind_info_t::add_events_to_path): Pass the rewind_info_t to the
3838 rewind_from_longjmp_event's ctor.
3839 * exploded-graph.h (rewind_info_t::rewind_info_t): Add
3841 (rewind_info_t::get_longjmp_call): New.
3842 (rewind_info_t::m_longjmp_call): New.
3843 * region-model.cc (region_model::on_setjmp): Update comment to
3844 indicate this is also for sigsetjmp.
3845 * region-model.h (struct setjmp_record): Likewise.
3846 (class setjmp_svalue): Likewise.
3848 2020-01-27 David Malcolm <dmalcolm@redhat.com>
3851 * analyzer.h (PUSH_IGNORE_WFORMAT, POP_IGNORE_WFORMAT): Guard these
3852 macros with GCC_VERSION >= 4006, making them no-op otherwise.
3853 * engine.cc (exploded_edge::exploded_edge): Specify template for
3854 base class initializer.
3855 (exploded_graph::add_edge): Specify template when chaining up to
3856 base class add_edge implementation.
3857 (viz_callgraph_node::dump_dot): Drop redundant "typename".
3858 (viz_callgraph_edge::viz_callgraph_edge): Specify template for
3859 base class initializer.
3860 * program-state.cc (sm_state_map::clone_with_remapping): Drop
3861 redundant "typename".
3862 (sm_state_map::print): Likewise.
3863 (sm_state_map::hash): Likewise.
3864 (sm_state_map::operator==): Likewise.
3865 (sm_state_map::remap_svalue_ids): Likewise.
3866 (sm_state_map::on_svalue_purge): Likewise.
3867 (sm_state_map::validate): Likewise.
3868 * program-state.h (sm_state_map::iterator_t): Likewise.
3869 * supergraph.h (superedge::superedge): Specify template for base
3872 2020-01-23 David Malcolm <dmalcolm@redhat.com>
3875 * supergraph.cc (callgraph_superedge::get_arg_for_parm): Fail
3876 gracefully is the number of parameters at the callee exceeds the
3877 number of arguments at the call stmt.
3878 (callgraph_superedge::get_parm_for_arg): Likewise.
3880 2020-01-22 David Malcolm <dmalcolm@redhat.com>
3883 * program-state.cc (sm_state_map::on_svalue_purge): If the
3884 entry survives, but the origin is being purged, then reset the
3887 2020-01-22 David Malcolm <dmalcolm@redhat.com>
3889 * sm-signal.cc: Fix nesting of CHECKING_P and namespace ana.
3891 2020-01-22 David Malcolm <dmalcolm@redhat.com>
3894 * engine.cc (setjmp_svalue::compare_fields): Update for
3895 replacement of m_enode with m_setjmp_record.
3896 (setjmp_svalue::add_to_hash): Likewise.
3897 (setjmp_svalue::get_index): Rename...
3898 (setjmp_svalue::get_enode_index): ...to this.
3899 (setjmp_svalue::print_details): Update for replacement of m_enode
3900 with m_setjmp_record.
3901 (exploded_node::on_longjmp): Likewise.
3902 * exploded-graph.h (rewind_info_t::m_enode_origin): Replace...
3903 (rewind_info_t::m_setjmp_record): ...with this.
3904 (rewind_info_t::rewind_info_t): Update for replacement of m_enode
3905 with m_setjmp_record.
3906 (rewind_info_t::get_setjmp_point): Likewise.
3907 (rewind_info_t::get_setjmp_call): Likewise.
3908 * region-model.cc (region_model::dump_summary_of_map): Likewise.
3909 (region_model::on_setjmp): Likewise.
3910 * region-model.h (struct setjmp_record): New struct.
3911 (setjmp_svalue::m_enode): Replace...
3912 (setjmp_svalue::m_setjmp_record): ...with this.
3913 (setjmp_svalue::setjmp_svalue): Update for replacement of m_enode
3914 with m_setjmp_record.
3915 (setjmp_svalue::clone): Likewise.
3916 (setjmp_svalue::get_index): Rename...
3917 (setjmp_svalue::get_enode_index): ...to this.
3918 (setjmp_svalue::get_exploded_node): Replace...
3919 (setjmp_svalue::get_setjmp_record): ...with this.
3921 2020-01-22 David Malcolm <dmalcolm@redhat.com>
3924 * analyzer.cc (is_setjmp_call_p): Check for "setjmp" as well as
3927 2020-01-22 David Malcolm <dmalcolm@redhat.com>
3930 * analysis-plan.h: Wrap everything namespace "ana".
3931 * analyzer-logging.cc: Likewise.
3932 * analyzer-logging.h: Likewise.
3933 * analyzer-pass.cc (pass_analyzer::execute): Update for "ana"
3935 * analyzer-selftests.cc: Wrap everything namespace "ana".
3936 * analyzer-selftests.h: Likewise.
3937 * analyzer.h: Likewise for forward decls of types.
3938 * call-string.h: Likewise.
3939 * checker-path.cc: Likewise.
3940 * checker-path.h: Likewise.
3941 * constraint-manager.cc: Likewise.
3942 * constraint-manager.h: Likewise.
3943 * diagnostic-manager.cc: Likewise.
3944 * diagnostic-manager.h: Likewise.
3945 * engine.cc: Likewise.
3946 * engine.h: Likewise.
3947 * exploded-graph.h: Likewise.
3948 * function-set.cc: Likewise.
3949 * function-set.h: Likewise.
3950 * pending-diagnostic.cc: Likewise.
3951 * pending-diagnostic.h: Likewise.
3952 * program-point.cc: Likewise.
3953 * program-point.h: Likewise.
3954 * program-state.cc: Likewise.
3955 * program-state.h: Likewise.
3956 * region-model.cc: Likewise.
3957 * region-model.h: Likewise.
3958 * sm-file.cc: Likewise.
3959 * sm-malloc.cc: Likewise.
3960 * sm-pattern-test.cc: Likewise.
3961 * sm-sensitive.cc: Likewise.
3962 * sm-signal.cc: Likewise.
3963 * sm-taint.cc: Likewise.
3966 * state-purge.h: Likewise.
3967 * supergraph.cc: Likewise.
3968 * supergraph.h: Likewise.
3970 2020-01-21 David Malcolm <dmalcolm@redhat.com>
3973 * region-model.cc (int_cmp): Rename to...
3974 (array_region::key_cmp): ...this, using key_t rather than int.
3975 Rewrite in terms of comparisons rather than subtraction to
3976 ensure qsort is anti-symmetric when handling extreme values.
3977 (array_region::walk_for_canonicalization): Update for above
3979 * region-model.h (array_region::key_cmp): New decl.
3981 2020-01-17 David Malcolm <dmalcolm@redhat.com>
3984 * region-model.cc (region_model::eval_condition_without_cm): Avoid
3985 gcc_unreachable for unexpected operations for the case where
3986 we're comparing an svalue against itself.
3988 2020-01-17 David Malcolm <dmalcolm@redhat.com>
3992 (region_model::convert_byte_offset_to_array_index): Convert to
3993 ssizetype before dividing by byte_size. Use fold_binary rather
3994 than fold_build2 to avoid needlessly constructing a tree for the
3997 2020-01-15 David Malcolm <dmalcolm@redhat.com>
3999 * engine.cc (class impl_region_model_context): Fix comment.
4001 2020-01-14 David Malcolm <dmalcolm@redhat.com>
4004 * region-model.cc (make_region_for_type): Use
4005 FUNC_OR_METHOD_TYPE_P rather than comparing against FUNCTION_TYPE.
4006 * region-model.h (function_region::function_region): Likewise.
4008 2020-01-14 David Malcolm <dmalcolm@redhat.com>
4010 * program-state.cc (sm_state_map::clone_with_remapping): Copy
4012 (selftest::test_program_state_merging_2): New selftest.
4013 (selftest::analyzer_program_state_cc_tests): Call it.
4015 2020-01-14 David Malcolm <dmalcolm@redhat.com>
4017 * checker-path.h (checker_path::get_checker_event): New function.
4018 (checker_path): Add DISABLE_COPY_AND_ASSIGN; make fields private.
4019 * diagnostic-manager.cc
4020 (diagnostic_manager::prune_for_sm_diagnostic): Replace direct
4021 access to checker_path::m_events with accessor functions. Fix
4023 (diagnostic_manager::prune_interproc_events): Replace direct
4024 access to checker_path::m_events with accessor functions.
4025 (diagnostic_manager::finish_pruning): Likewise.
4027 2020-01-14 David Malcolm <dmalcolm@redhat.com>
4029 * checker-path.h (checker_event::clone): Delete vfunc decl.
4030 (debug_event::clone): Delete vfunc impl.
4031 (custom_event::clone): Delete vfunc impl.
4032 (statement_event::clone): Delete vfunc impl.
4033 (function_entry_event::clone): Delete vfunc impl.
4034 (state_change_event::clone): Delete vfunc impl.
4035 (start_cfg_edge_event::clone): Delete vfunc impl.
4036 (end_cfg_edge_event::clone): Delete vfunc impl.
4037 (call_event::clone): Delete vfunc impl.
4038 (return_event::clone): Delete vfunc impl.
4039 (setjmp_event::clone): Delete vfunc impl.
4040 (rewind_from_longjmp_event::clone): Delete vfunc impl.
4041 (rewind_to_setjmp_event::clone): Delete vfunc impl.
4042 (warning_event::clone): Delete vfunc impl.
4044 2020-01-14 David Malcolm <dmalcolm@redhat.com>
4046 * supergraph.cc (supernode::dump_dot): Ensure that the TABLE
4047 element has at least one TR.
4049 2020-01-14 David Malcolm <dmalcolm@redhat.com>
4052 * engine.cc (leak_stmt_finder::find_stmt): Use get_pure_location
4053 when comparing against UNKNOWN_LOCATION.
4054 (stmt_requires_new_enode_p): Likewise.
4055 (exploded_graph::dump_exploded_nodes): Likewise.
4056 * supergraph.cc (supernode::get_start_location): Likewise.
4057 (supernode::get_end_location): Likewise.
4059 2020-01-14 David Malcolm <dmalcolm@redhat.com>
4062 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
4063 selftest::analyzer_sm_file_cc_tests.
4064 * analyzer-selftests.h (selftest::analyzer_sm_file_cc_tests): New
4066 * sm-file.cc: Include "analyzer/function-set.h" and
4067 "analyzer/analyzer-selftests.h".
4068 (get_file_using_fns): New function.
4069 (is_file_using_fn_p): New function.
4070 (fileptr_state_machine::on_stmt): Return true for known functions.
4071 (selftest::analyzer_sm_file_cc_tests): New function.
4073 2020-01-14 David Malcolm <dmalcolm@redhat.com>
4075 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
4076 selftest::analyzer_sm_signal_cc_tests.
4077 * analyzer-selftests.h (selftest::analyzer_sm_signal_cc_tests):
4079 * sm-signal.cc: Include "analyzer/function-set.h" and
4080 "analyzer/analyzer-selftests.h".
4081 (get_async_signal_unsafe_fns): New function.
4082 (signal_unsafe_p): Reimplement in terms of the above.
4083 (selftest::analyzer_sm_signal_cc_tests): New function.
4085 2020-01-14 David Malcolm <dmalcolm@redhat.com>
4087 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
4088 selftest::analyzer_function_set_cc_tests.
4089 * analyzer-selftests.h (selftest::analyzer_function_set_cc_tests):
4091 * function-set.cc: New file.
4092 * function-set.h: New file.
4094 2020-01-14 David Malcolm <dmalcolm@redhat.com>
4096 * analyzer.h (fndecl_has_gimple_body_p): New decl.
4097 * engine.cc (impl_region_model_context::on_unknown_change): New
4099 (fndecl_has_gimple_body_p): Make non-static.
4100 (exploded_node::on_stmt): Treat __analyzer_dump_exploded_nodes as
4101 known. Track whether we have a call with unknown side-effects and
4102 pass it to on_call_post.
4103 * exploded-graph.h (impl_region_model_context::on_unknown_change):
4105 * program-state.cc (sm_state_map::on_unknown_change): New function.
4106 * program-state.h (sm_state_map::on_unknown_change): New decl.
4107 * region-model.cc: Include "bitmap.h".
4108 (region_model::on_call_pre): Return a bool, capturing whether the
4109 call has unknown side effects.
4110 (region_model::on_call_post): Add arg "bool unknown_side_effects"
4111 and if true, call handle_unrecognized_call.
4112 (class reachable_regions): New class.
4113 (region_model::handle_unrecognized_call): New function.
4114 * region-model.h (region_model::on_call_pre): Return a bool.
4115 (region_model::on_call_post): Add arg "bool unknown_side_effects".
4116 (region_model::handle_unrecognized_call): New decl.
4117 (region_model_context::on_unknown_change): New vfunc.
4118 (test_region_model_context::on_unknown_change): New function.
4120 2020-01-14 David Malcolm <dmalcolm@redhat.com>
4122 * diagnostic-manager.cc (saved_diagnostic::operator==): Move here
4123 from header. Replace pointer equality test on m_var with call to
4124 pending_diagnostic::same_tree_p.
4125 * diagnostic-manager.h (saved_diagnostic::operator==): Move to
4126 diagnostic-manager.cc.
4127 * pending-diagnostic.cc (pending_diagnostic::same_tree_p): New.
4128 * pending-diagnostic.h (pending_diagnostic::same_tree_p): New.
4129 * sm-file.cc (file_diagnostic::subclass_equal_p): Replace pointer
4130 equality on m_arg with call to pending_diagnostic::same_tree_p.
4131 * sm-malloc.cc (malloc_diagnostic::subclass_equal_p): Likewise.
4132 (possible_null_arg::subclass_equal_p): Likewise.
4133 (null_arg::subclass_equal_p): Likewise.
4134 (free_of_non_heap::subclass_equal_p): Likewise.
4135 * sm-pattern-test.cc (pattern_match::operator==): Likewise.
4136 * sm-sensitive.cc (exposure_through_output_file::operator==):
4138 * sm-taint.cc (tainted_array_index::operator==): Likewise.
4140 2020-01-14 David Malcolm <dmalcolm@redhat.com>
4142 * diagnostic-manager.cc (dedupe_winners::add): Add logging
4143 of deduplication decisions made.
4145 2020-01-14 David Malcolm <dmalcolm@redhat.com>
4147 * ChangeLog: New file.
4148 * analyzer-selftests.cc: New file.
4149 * analyzer-selftests.h: New file.
4150 * analyzer.opt: New file.
4151 * analysis-plan.cc: New file.
4152 * analysis-plan.h: New file.
4153 * analyzer-logging.cc: New file.
4154 * analyzer-logging.h: New file.
4155 * analyzer-pass.cc: New file.
4156 * analyzer.cc: New file.
4157 * analyzer.h: New file.
4158 * call-string.cc: New file.
4159 * call-string.h: New file.
4160 * checker-path.cc: New file.
4161 * checker-path.h: New file.
4162 * constraint-manager.cc: New file.
4163 * constraint-manager.h: New file.
4164 * diagnostic-manager.cc: New file.
4165 * diagnostic-manager.h: New file.
4166 * engine.cc: New file.
4167 * engine.h: New file.
4168 * exploded-graph.h: New file.
4169 * pending-diagnostic.cc: New file.
4170 * pending-diagnostic.h: New file.
4171 * program-point.cc: New file.
4172 * program-point.h: New file.
4173 * program-state.cc: New file.
4174 * program-state.h: New file.
4175 * region-model.cc: New file.
4176 * region-model.h: New file.
4177 * sm-file.cc: New file.
4178 * sm-malloc.cc: New file.
4179 * sm-malloc.dot: New file.
4180 * sm-pattern-test.cc: New file.
4181 * sm-sensitive.cc: New file.
4182 * sm-signal.cc: New file.
4183 * sm-taint.cc: New file.
4186 * state-purge.cc: New file.
4187 * state-purge.h: New file.
4188 * supergraph.cc: New file.
4189 * supergraph.h: New file.
4191 2019-12-13 David Malcolm <dmalcolm@redhat.com>
4196 Copyright (C) 2019-2021 Free Software Foundation, Inc.
4198 Copying and distribution of this file, with or without modification,
4199 are permitted in any medium without royalty provided the copyright
4200 notice and this notice are preserved.
projects / thirdparty / gcc.git / blob