]> git.ipfire.org Git - thirdparty/gcc.git/blame - gcc/analyzer/ChangeLog
projects / thirdparty / gcc.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Daily bump.
[thirdparty/gcc.git] / gcc / analyzer / ChangeLog
CommitLineData
55e96bf9
GA		 12022-01-08 David Malcolm <dmalcolm@redhat.com>
2
3 * engine.cc (impl_run_checkers): Pass logger to engine ctor.
4 * region-model-manager.cc
5 (region_model_manager::region_model_manager): Add logger param and
6 use it to initialize m_logger.
7 * region-model.cc (engine::engine): New.
8 * region-model.h (region_model_manager::region_model_manager):
9 Add logger param.
10 (region_model_manager::get_logger): New.
11 (region_model_manager::m_logger): New field.
12 (engine::engine): New.
13 * store.cc (store_manager::get_logger): New.
14 (store::set_value): Log scope. Log when marking a cluster as
15 unknown due to possible aliasing.
16 * store.h (store_manager::get_logger): New decl.
17
182022-01-08 David Malcolm <dmalcolm@redhat.com>
19
20 * region-model-impl-calls.cc (cmp_decls): New.
21 (cmp_decls_ptr_ptr): New.
22 (region_model::impl_call_analyzer_dump_escaped): New.
23 * region-model.cc (region_model::on_stmt_pre): Handle
24 __analyzer_dump_escaped.
25 * region-model.h (region_model::impl_call_analyzer_dump_escaped):
26 New decl.
27 * store.h (binding_cluster::get_base_region): New accessor.
28
292022-01-08 David Malcolm <dmalcolm@redhat.com>
30
31 * region.cc (region::is_named_decl_p): New.
32 * region.h (region::is_named_decl_p): New decl.
33
11ce8d04
GA		 342022-01-06 David Malcolm <dmalcolm@redhat.com>
35
36 PR analyzer/103546
37 * store.cc (store::eval_alias_1): Refactor handling of decl
38 regions, adding a test for may_be_aliased, rejecting those for
39 which it returns false.
40
c8dcf64b
GA		 412021-12-12 Jonathan Wakely <jwakely@redhat.com>
42
43 * engine.cc: Define INCLUDE_MEMORY instead of INCLUDE_UNIQUE_PTR.
44
3a580f96
GA		 452021-12-06 David Malcolm <dmalcolm@redhat.com>
46
47 PR analyzer/103533
48 * constraint-manager.cc (equiv_class::contains_non_constant_p):
49 New.
50 (constraint_manager::canonicalize): Call it when determining
51 redundant ECs.
52 (selftest::test_purging): New selftest.
53 (selftest::run_constraint_manager_tests): Likewise.
54 * constraint-manager.h (equiv_class::contains_non_constant_p):
55 New decl.
56
40fa651e
GA		 572021-12-01 David Malcolm <dmalcolm@redhat.com>
58
59 PR analyzer/102471
60 * region-model-reachability.cc (reachable_regions::handle_parm):
61 Treat all svalues within a compound parm has reachable, and those
62 wrapped in a cast.
63
87cd82c8
GA		 642021-11-29 David Malcolm <dmalcolm@redhat.com>
65
66 PR analyzer/103217
67 * store.cc (binding_cluster::can_merge_p): For the "key is bound"
68 vs "key is not bound" merger case, check that the bound svalue
69 is mergeable before merging it to "unknown", rejecting the merger
70 otherwise.
71
9c077398
GA		 722021-11-19 David Malcolm <dmalcolm@redhat.com>
73
74 PR analyzer/103217
75 * engine.cc (exploded_graph::get_or_create_node): Pass in
76 m_ext_state to program_state::can_merge_with_p.
77 (exploded_graph::process_worklist): Likewise.
78 (exploded_graph::maybe_process_run_of_before_supernode_enodes):
79 Likewise.
80 (exploded_graph::process_node): Add missing call to detect_leaks
81 when handling phi nodes.
82 * program-state.cc (program_state::can_merge_with_p): Add
83 "ext_state" param. Pass it and state ptrs to
84 region_model::can_merge_with_p.
85 (selftest::test_program_state_merging): Update for new ext_state
86 param of program_state::can_merge_with_p.
87 (selftest::test_program_state_merging_2): Likewise.
88 * program-state.h (program_state::can_purge_p): Make const.
89 (program_state::can_merge_with_p): Add "ext_state" param.
90 * region-model.cc: Include "analyzer/program-state.h".
91 (region_model::can_merge_with_p): Add params "ext_state",
92 "state_a", and "state_b", use them when creating model_merger
93 object.
94 (model_merger::mergeable_svalue_p): New.
95 * region-model.h (region_model::can_merge_with_p): Add params
96 "ext_state", "state_a", and "state_b".
97 (model_merger::model_merger) Likewise, initializing new fields.
98 (model_merger::mergeable_svalue_p): New decl.
99 (model_merger::m_ext_state): New field.
100 (model_merger::m_state_a): New field.
101 (model_merger::m_state_b): New field.
102 * svalue.cc (svalue::can_merge_p): Call
103 model_merger::mergeable_svalue_p on both states and reject the
104 merger accordingly.
105
280d2838
GA		 1062021-11-17 David Malcolm <dmalcolm@redhat.com>
107
108 PR analyzer/102695
109 * region-model-impl-calls.cc (region_model::impl_call_strchr): New.
110 * region-model-manager.cc
111 (region_model_manager::maybe_fold_unaryop): Simplify cast to
112 pointer type of an existing pointer to a region.
113 * region-model.cc (region_model::on_call_pre): Handle
114 BUILT_IN_STRCHR and "strchr".
115 (write_to_const_diagnostic::emit): Add auto_diagnostic_group. Add
116 alternate wordings for functions and labels.
117 (write_to_const_diagnostic::describe_final_event): Add alternate
118 wordings for functions and labels.
119 (region_model::check_for_writable_region): Handle RK_FUNCTION and
120 RK_LABEL.
121 * region-model.h (region_model::impl_call_strchr): New decl.
122
6b1695f4
GA		 1232021-11-16 David Malcolm <dmalcolm@redhat.com>
124
125 PR analyzer/102662
126 * constraint-manager.cc (bounded_range::operator==): Require the
127 types to be the same for equality.
128
a8029add
GA		 1292021-11-13 David Malcolm <dmalcolm@redhat.com>
130
131 * analyzer.opt (Wanalyzer-tainted-allocation-size): New.
132 (Wanalyzer-tainted-divisor): New.
133 (Wanalyzer-tainted-offset): New.
134 (Wanalyzer-tainted-size): New.
135 * engine.cc (impl_region_model_context::get_taint_map): New.
136 * exploded-graph.h (impl_region_model_context::get_taint_map):
137 New decl.
138 * program-state.cc (sm_state_map::get_state): Call
139 alt_get_inherited_state.
140 (sm_state_map::impl_set_state): Modify states within
141 compound svalues.
142 (program_state::impl_call_analyzer_dump_state): Undo casts.
143 (selftest::test_program_state_1): Update for new context param of
144 create_region_for_heap_alloc.
145 (selftest::test_program_state_merging): Likewise.
146 * region-model-impl-calls.cc (region_model::impl_call_alloca):
147 Likewise.
148 (region_model::impl_call_calloc): Likewise.
149 (region_model::impl_call_malloc): Likewise.
150 (region_model::impl_call_operator_new): Likewise.
151 (region_model::impl_call_realloc): Likewise.
152 * region-model.cc (region_model::check_region_access): Call
153 check_region_for_taint.
154 (region_model::get_representative_path_var_1): Handle binops.
155 (region_model::create_region_for_heap_alloc): Add "ctxt" param and
156 pass it to set_dynamic_extents.
157 (region_model::create_region_for_alloca): Likewise.
158 (region_model::set_dynamic_extents): Add "ctxt" param and use it
159 to call check_dynamic_size_for_taint.
160 (selftest::test_state_merging): Update for new context param of
161 create_region_for_heap_alloc.
162 (selftest::test_malloc_constraints): Likewise.
163 (selftest::test_malloc): Likewise.
164 (selftest::test_alloca): Likewise for create_region_for_alloca.
165 * region-model.h (region_model::create_region_for_heap_alloc): Add
166 "ctxt" param.
167 (region_model::create_region_for_alloca): Likewise.
168 (region_model::set_dynamic_extents): Likewise.
169 (region_model::check_dynamic_size_for_taint): New decl.
170 (region_model::check_region_for_taint): New decl.
171 (region_model_context::get_taint_map): New vfunc.
172 (noop_region_model_context::get_taint_map): New.
173 * sm-taint.cc: Remove include of "diagnostic-event-id.h"; add
174 includes of "gimple-iterator.h", "tristate.h", "selftest.h",
175 "ordered-hash-map.h", "cgraph.h", "cfg.h", "digraph.h",
176 "analyzer/supergraph.h", "analyzer/call-string.h",
177 "analyzer/program-point.h", "analyzer/store.h",
178 "analyzer/region-model.h", and "analyzer/program-state.h".
179 (enum bounds): Move to top of file.
180 (class taint_diagnostic): New.
181 (class tainted_array_index): Convert to subclass of taint_diagnostic.
182 (tainted_array_index::emit): Add CWE-129. Reword warning to use
183 "attacker-controlled" rather than "tainted".
184 (tainted_array_index::describe_state_change): Move to
185 taint_diagnostic::describe_state_change.
186 (tainted_array_index::describe_final_event): Reword to use
187 "attacker-controlled" rather than "tainted".
188 (class tainted_offset): New.
189 (class tainted_size): New.
190 (class tainted_divisor): New.
191 (class tainted_allocation_size): New.
192 (taint_state_machine::alt_get_inherited_state): New.
193 (taint_state_machine::on_stmt): In assignment handling, remove
194 ARRAY_REF handling in favor of check_region_for_taint. Add
195 detection of tainted divisors.
196 (taint_state_machine::get_taint): New.
197 (taint_state_machine::combine_states): New.
198 (region_model::check_region_for_taint): New.
199 (region_model::check_dynamic_size_for_taint): New.
200 * sm.h (state_machine::alt_get_inherited_state): New.
201
af2852b9
GA		 2022021-11-12 David Malcolm <dmalcolm@redhat.com>
203
204 * engine.cc (exploded_node::on_stmt_pre): Return when handling
205 "__analyzer_dump_state".
206
b39265d4
GA		 2072021-11-11 Richard Biener <rguenther@suse.de>
208
209 * supergraph.cc: Include bitmap.h.
210
29a1af24
GA		 2112021-11-04 David Malcolm <dmalcolm@redhat.com>
212
213 * program-state.cc (sm_state_map::dump): Use default_tree_printer
214 as format decoder.
215
e19570d3
GA		 2162021-09-16 Maxim Blinov <maxim.blinov@embecosm.com>
217
218 PR bootstrap/102242
219 * engine.cc (INCLUDE_UNIQUE_PTR): Define.
220
b6db7cd4
GA		 2212021-09-08 David Malcolm <dmalcolm@redhat.com>
222
223 PR analyzer/102225
224 * analyzer.h (compat_types_p): New decl.
225 * constraint-manager.cc
226 (constraint_manager::get_or_add_equiv_class): Guard against NULL
227 type when checking for pointer types.
228 * region-model-impl-calls.cc (region_model::impl_call_realloc):
229 Guard against NULL lhs type/region. Guard against the size value
230 not being of a compatible type for dynamic extents.
231 * region-model.cc (compat_types_p): Make non-static.
232
1e2f030b
GA		 2332021-08-30 David Malcolm <dmalcolm@redhat.com>
234
235 PR analyzer/99260
236 * analyzer.h (class custom_edge_info): New class, adapted from
237 exploded_edge::custom_info_t. Make member functions const.
238 Make update_model return bool, converting edge param from
239 reference to a pointer, and adding a ctxt param.
240 (class path_context): New class.
241 * call-info.cc: New file.
242 * call-info.h: New file.
243 * engine.cc: Include "analyzer/call-info.h" and <memory>.
244 (impl_region_model_context::impl_region_model_context): Update for
245 new m_path_ctxt field.
246 (impl_region_model_context::bifurcate): New.
247 (impl_region_model_context::terminate_path): New.
248 (impl_region_model_context::get_malloc_map): New.
249 (impl_sm_context::impl_sm_context): Update for new m_path_ctxt
250 field.
251 (impl_sm_context::get_fndecl_for_call): Likewise.
252 (impl_sm_context::set_next_state): Likewise.
253 (impl_sm_context::warn): Likewise.
254 (impl_sm_context::is_zero_assignment): Likewise.
255 (impl_sm_context::get_path_context): New.
256 (impl_sm_context::m_path_ctxt): New.
257 (impl_region_model_context::on_condition): Update for new
258 path_ctxt param. Handle m_enode_for_diag being NULL.
259 (impl_region_model_context::on_phi): Update for new path_ctxt
260 param.
261 (exploded_node::on_stmt): Add path_ctxt param, updating ctor calls
262 to use it as necessary. Use it to bail out after sm-handling,
263 if needed.
264 (exploded_node::detect_leaks): Update for new path_ctxt param.
265 (dynamic_call_info_t::update_model): Update for conversion of
266 exploded_edge::custom_info_t to custom_edge_info.
267 (dynamic_call_info_t::add_events_to_path): Likewise.
268 (rewind_info_t::update_model): Likewise.
269 (rewind_info_t::add_events_to_path): Likewise.
270 (exploded_edge::exploded_edge): Likewise.
271 (exploded_graph::add_edge): Likewise.
272 (exploded_graph::maybe_process_run_of_before_supernode_enodes):
273 Update for new path_ctxt param.
274 (class impl_path_context): New.
275 (exploded_graph::process_node): Update for new path_ctxt param.
276 Create an impl_path_context and pass it to exploded_node::on_stmt.
277 Use it to terminate iterating stmts if terminate_path is called
278 on it. After processing a run of stmts, query path_ctxt to
279 potentially terminate the analysis path, and/or to "bifurcate" the
280 analysis into multiple additional paths.
281 (feasibility_state::maybe_update_for_edge): Update for new
282 update_model ctxt param.
283 * exploded-graph.h
284 (impl_region_model_context::impl_region_model_context): Add
285 path_ctxt param.
286 (impl_region_model_context::bifurcate): New.
287 (impl_region_model_context::terminate_path): New
288 (impl_region_model_context::get_ext_state): New.
289 (impl_region_model_context::get_malloc_map): New.
290 (impl_region_model_context::m_path_ctxt): New field.
291 (exploded_node::on_stmt): Add path_ctxt param.
292 (class exploded_edge::custom_info_t): Move to analyzer.h, renaming
293 to custom_edge_info, and making the changes as noted in analyzer.h
294 above.
295 (exploded_edge::exploded_edge): Update for these changes to
296 exploded_edge::custom_info_t.
297 (exploded_edge::m_custom_info): Likewise.
298 (class dynamic_call_info_t): Likewise.
299 (class rewind_info_t): Likewise.
300 (exploded_graph::add_edge): Likewise.
301 * program-state.cc (program_state::on_edge): Update for new
302 path_ctxt param.
303 (program_state::push_call): Likewise.
304 (program_state::returning_call): Likewise.
305 (program_state::prune_for_point): Likewise.
306 * region-model-impl-calls.cc: Include "analyzer/call-info.h".
307 (call_details::get_fndecl_for_call): New.
308 (region_model::impl_call_realloc): Reimplement.
309 * region-model.cc (region_model::on_call_pre): Move call to
310 impl_call_realloc to...
311 (region_model::on_call_post): ...here. Consolidate creation
312 of call_details instance.
313 (noop_region_model_context::bifurcate): New.
314 (noop_region_model_context::terminate_path): New.
315 * region-model.h (call_details::get_call_stmt): New.
316 (call_details::get_fndecl_for_call): New.
317 (region_model::on_realloc_with_move): New.
318 (region_model_context::bifurcate): New.
319 (region_model_context::terminate_path): New.
320 (region_model_context::get_ext_state): New.
321 (region_model_context::get_malloc_map): New.
322 (noop_region_model_context::bifurcate): New.
323 (noop_region_model_context::terminate_path): New.
324 (noop_region_model_context::get_ext_state): New.
325 (noop_region_model_context::get_malloc_map): New.
326 * sm-malloc.cc: Include "analyzer/program-state.h".
327 (malloc_state_machine::on_realloc_call): Reimplement.
328 (malloc_state_machine::on_realloc_with_move): New.
329 (region_model::on_realloc_with_move): New.
330 * sm-signal.cc (class signal_delivery_edge_info_t): Update for
331 conversion from exploded_edge::custom_info_t to custom_edge_info.
332 * sm.h (sm_context::get_path_context): New.
333 * svalue.cc (svalue::maybe_get_constant): Call
334 unwrap_any_unmergeable.
335
85d77ac4
GA		 3362021-08-25 Ankur Saini <arsenic@sourceware.org>
337
338 PR analyzer/101980
339 * engine.cc (exploded_graph::maybe_create_dynamic_call): Don't create
340 calls if max recursion limit is reached.
341
38b19c5b
GA		 3422021-08-23 David Malcolm <dmalcolm@redhat.com>
343
344 * analyzer.h (struct rejected_constraint): Convert to...
345 (class rejected_constraint): ...this.
346 (class bounded_ranges): New forward decl.
347 (class bounded_ranges_manager): New forward decl.
348 * constraint-manager.cc: Include "analyzer/analyzer-logging.h" and
349 "tree-pretty-print.h".
350 (can_plus_one_p): New.
351 (plus_one): New.
352 (can_minus_one_p): New.
353 (minus_one): New.
354 (bounded_range::bounded_range): New.
355 (dump_cst): New.
356 (bounded_range::dump_to_pp): New.
357 (bounded_range::dump): New.
358 (bounded_range::to_json): New.
359 (bounded_range::set_json_attr): New.
360 (bounded_range::contains_p): New.
361 (bounded_range::intersects_p): New.
362 (bounded_range::operator==): New.
363 (bounded_range::cmp): New.
364 (bounded_ranges::bounded_ranges): New.
365 (bounded_ranges::bounded_ranges): New.
366 (bounded_ranges::bounded_ranges): New.
367 (bounded_ranges::canonicalize): New.
368 (bounded_ranges::validate): New.
369 (bounded_ranges::operator==): New.
370 (bounded_ranges::dump_to_pp): New.
371 (bounded_ranges::dump): New.
372 (bounded_ranges::to_json): New.
373 (bounded_ranges::eval_condition): New.
374 (bounded_ranges::contain_p): New.
375 (bounded_ranges::cmp): New.
376 (bounded_ranges_manager::~bounded_ranges_manager): New.
377 (bounded_ranges_manager::get_or_create_empty): New.
378 (bounded_ranges_manager::get_or_create_point): New.
379 (bounded_ranges_manager::get_or_create_range): New.
380 (bounded_ranges_manager::get_or_create_union): New.
381 (bounded_ranges_manager::get_or_create_intersection): New.
382 (bounded_ranges_manager::get_or_create_inverse): New.
383 (bounded_ranges_manager::consolidate): New.
384 (bounded_ranges_manager::get_or_create_ranges_for_switch): New.
385 (bounded_ranges_manager::create_ranges_for_switch): New.
386 (bounded_ranges_manager::make_case_label_ranges): New.
387 (bounded_ranges_manager::log_stats): New.
388 (bounded_ranges_constraint::print): New.
389 (bounded_ranges_constraint::to_json): New.
390 (bounded_ranges_constraint::operator==): New.
391 (bounded_ranges_constraint::add_to_hash): New.
392 (constraint_manager::constraint_manager): Update for new field
393 m_bounded_ranges_constraints.
394 (constraint_manager::operator=): Likewise.
395 (constraint_manager::hash): Likewise.
396 (constraint_manager::operator==): Likewise.
397 (constraint_manager::print): Likewise.
398 (constraint_manager::dump_to_pp): Likewise.
399 (constraint_manager::to_json): Likewise.
400 (constraint_manager::add_unknown_constraint): Update the lhs_ec_id
401 if necessary in existing constraints when combining equivalence
402 classes. Add similar code for handling
403 m_bounded_ranges_constraints.
404 (constraint_manager::add_constraint_internal): Add comment.
405 (constraint_manager::add_bounded_ranges): New.
406 (constraint_manager::eval_condition): Use new field
407 m_bounded_ranges_constraints.
408 (constraint_manager::purge): Update bounded_ranges_constraint
409 instances.
410 (constraint_manager::canonicalize): Update for new field.
411 (merger_fact_visitor::on_ranges): New.
412 (constraint_manager::for_each_fact): Use new field
413 m_bounded_ranges_constraints.
414 (constraint_manager::validate): Fix off-by-one error needed due
415 to bug fixed above in add_unknown_constraint. Validate the EC IDs
416 in m_bounded_ranges_constraints.
417 (constraint_manager::get_range_manager): New.
418 (selftest::assert_dump_bounded_range_eq): New.
419 (ASSERT_DUMP_BOUNDED_RANGE_EQ): New.
420 (selftest::test_bounded_range): New.
421 (selftest::assert_dump_bounded_ranges_eq): New.
422 (ASSERT_DUMP_BOUNDED_RANGES_EQ): New.
423 (selftest::test_bounded_ranges): New.
424 (selftest::run_constraint_manager_tests): Call the new selftests.
425 * constraint-manager.h (struct bounded_range): New.
426 (struct bounded_ranges): New.
427 (template <> struct default_hash_traits<bounded_ranges::key_t>): New.
428 (class bounded_ranges_manager): New.
429 (fact_visitor::on_ranges): New pure virtual function.
430 (class bounded_ranges_constraint): New.
431 (constraint_manager::add_bounded_ranges): New decl.
432 (constraint_manager::get_range_manager): New decl.
433 (constraint_manager::m_bounded_ranges_constraints): New field.
434 * diagnostic-manager.cc (epath_finder::process_worklist_item):
435 Transfer ownership of rc to add_feasibility_problem.
436 * engine.cc (feasibility_problem::dump_to_pp): Use get_model.
437 * feasible-graph.cc (infeasible_node::dump_dot): Update for
438 conversion of m_rc to a pointer.
439 (feasible_graph::add_feasibility_problem): Pass RC by pointer and
440 take ownership.
441 * feasible-graph.h (infeasible_node::infeasible_node): Pass RC by
442 pointer and take ownership.
443 (infeasible_node::~infeasible_node): New.
444 (infeasible_node::m_rc): Convert to a pointer.
445 (feasible_graph::add_feasibility_problem): Pass RC by pointer and
446 take ownership.
447 * region-model-manager.cc: Include
448 "analyzer/constraint-manager.h".
449 (region_model_manager::region_model_manager): Initializer new
450 field m_range_mgr.
451 (region_model_manager::~region_model_manager): Delete it.
452 (region_model_manager::log_stats): Call log_stats on it.
453 * region-model.cc (region_model::add_constraint): Use new subclass
454 rejected_op_constraint.
455 (region_model::apply_constraints_for_gswitch): Reimplement using
456 bounded_ranges_manager.
457 (rejected_constraint::dump_to_pp): Convert to...
458 (rejected_op_constraint::dump_to_pp): ...this.
459 (rejected_ranges_constraint::dump_to_pp): New.
460 * region-model.h (struct purge_stats): Add field
461 m_num_bounded_ranges_constraints.
462 (region_model_manager::get_range_manager): New.
463 (region_model_manager::m_range_mgr): New.
464 (region_model::get_range_manager): New.
465 (struct rejected_constraint): Split into...
466 (class rejected_constraint):...this new abstract base class,
467 and...
468 (class rejected_op_constraint): ...this new concrete subclass.
469 (class rejected_ranges_constraint): New.
470 * supergraph.cc: Include "tree-cfg.h".
471 (supergraph::supergraph): Drop idx param from add_cfg_edge.
472 (supergraph::add_cfg_edge): Drop idx param.
473 (switch_cfg_superedge::switch_cfg_superedge): Move here from
474 header. Populate m_case_labels with all cases which go to DST.
475 (switch_cfg_superedge::dump_label_to_pp): Reimplement to use
476 m_case_labels.
477 (switch_cfg_superedge::get_case_label): Delete.
478 * supergraph.h (supergraphadd_cfg_edge): Drop "idx" param.
479 (switch_cfg_superedge::switch_cfg_superedge): Drop idx param and
480 move implementation to supergraph.cc.
481 (switch_cfg_superedge::get_case_label): Delete.
482 (switch_cfg_superedge::get_case_labels): New.
483 (switch_cfg_superedge::m_idx): Delete.
484 (switch_cfg_superedge::m_case_labels): New field.
485
4862021-08-23 David Malcolm <dmalcolm@redhat.com>
487
488 PR analyzer/101875
489 * sm-file.cc (file_diagnostic::describe_state_change): Handle
490 change.m_expr being NULL.
491
4922021-08-23 David Malcolm <dmalcolm@redhat.com>
493
494 PR analyzer/101837
495 * analyzer.cc (maybe_reconstruct_from_def_stmt): Bail if fn is
496 NULL, and assert that it's non-NULL before passing it to
497 build_call_array_loc.
498
4992021-08-23 David Malcolm <dmalcolm@redhat.com>
500
501 PR analyzer/101962
502 * region-model.cc (region_model::eval_condition_without_cm):
503 Refactor comparison against zero, adding a check for
504 POINTER_PLUS_EXPR of non-NULL.
505
5062021-08-23 David Malcolm <dmalcolm@redhat.com>
507
508 * store.cc (bit_range::intersects_p): New overload.
509 (bit_range::operator-): New.
510 (binding_cluster::maybe_get_compound_binding): Handle the partial
511 overlap case.
512 (selftest::test_bit_range_intersects_p): Add test coverage for
513 new overload of bit_range::intersects_p.
514 * store.h (bit_range::intersects_p): New overload.
515 (bit_range::operator-): New.
516
5172021-08-23 Ankur Saini <arsenic@sourceware.org>
518
519 PR analyzer/102020
520 * diagnostic-manager.cc
521 (diagnostic_manager::prune_for_sm_diagnostic)<case EK_CALL_EDGE>: Fix typo.
522
4be4fa4e
GA		 5232021-08-21 Ankur Saini <arsenic@sourceware.org>
524
525 PR analyzer/101980
526 * diagnostic-manager.cc
527 (diagnostic_manager::prune_for_sm_diagnostic)<case EK_CALL_EDGE>: Use
528 caller_model only when the supergraph_edge doesn't exixt.
529 (diagnostic_manager::prune_for_sm_diagnostic)<case EK_RETURN_EDGE>:
530 Likewise.
531 * engine.cc (exploded_graph::create_dynamic_call): Rename to...
532 (exploded_graph::maybe_create_dynamic_call): ...this, return call
533 creation status.
534 (exploded_graph::process_node): Handle calls which were not dynamically
535 discovered.
536 * exploded-graph.h (exploded_graph::create_dynamic_call): Rename to...
537 (exploded_graph::maybe_create_dynamic_call): ...this.
538 * region-model.cc (region_model::update_for_gcall): New param, use it
539 to push call to frame.
540 (region_model::update_for_call_superedge): Pass callee function to
541 update_for_gcall.
542 * region-model.h (region_model::update_for_gcall): New param.
543
6e529985
GA		 5442021-08-18 Ankur Saini <arsenic@sourceware.org>
545
546 PR analyzer/97114
547 * region-model.cc (region_model::get_rvalue_1): Add case for
548 OBJ_TYPE_REF.
549
5502021-08-18 Ankur Saini <arsenic@sourceware.org>
551
552 PR analyzer/100546
553 * analysis-plan.cc (analysis_plan::use_summary_p): Don't use call
554 summaries if there is no callgraph edge
555 * checker-path.cc (call_event::call_event): Handle calls events that
556 are not represented by a supergraph call edge
557 (return_event::return_event): Likewise.
558 (call_event::get_desc): Work with new call_event structure.
559 (return_event::get_desc): Likeise.
560 * checker-path.h (call_event::m_src_snode): New field.
561 (call_event::m_dest_snode): New field.
562 (return_event::m_src_snode): New field.
563 (return_event::m_dest_snode): New field.
564 * diagnostic-manager.cc
565 (diagnostic_manager::prune_for_sm_diagnostic)<case EK_CALL_EDGE>:
566 Refactor to work with edges without callgraph edge.
567 (diagnostic_manager::prune_for_sm_diagnostic)<case EK_RETURN_EDGE>:
568 Likewise.
569 * engine.cc (dynamic_call_info_t::update_model): New function.
570 (dynamic_call_info_t::add_events_to_path): New function.
571 (exploded_graph::create_dynamic_call): New function.
572 (exploded_graph::process_node): Work with dynamically discovered calls.
573 * exploded-graph.h (class dynamic_call_info_t): New class.
574 (exploded_graph::create_dynamic_call): New decl.
575 * program-point.cc (program_point::push_to_call_stack): New function.
576 (program_point::pop_from_call_stack): New function.
577 * program-point.h (program_point::push_to_call_stack): New decl.
578 (program_point::pop_from_call_stack): New decl.
579 * program-state.cc (program_state::push_call): New function.
580 (program_state::returning_call): New function.
581 * program-state.h (program_state::push_call): New decl.
582 (program_state::returning_call): New decl.
583 * region-model.cc (region_model::update_for_gcall) New function.
584 (region_model::update_for_return_gcall): New function.
585 (egion_model::update_for_call_superedge): Get the underlying gcall and
586 update for gcall.
587 (region_model::update_for_return_superedge): Likewise.
588 * region-model.h (region_model::update_for_gcall): New decl.
589 (region_model::update_for_return_gcall): New decl.
590 * state-purge.cc (state_purge_per_ssa_name::process_point): Update to
591 work with calls without underlying cgraph edge.
592 * supergraph.cc (supergraph::supergraph) Split snodes at every callsite.
593 * supergraph.h (supernode::get_returning_call) New accessor.
594
2697f832
GA		 5952021-08-04 David Malcolm <dmalcolm@redhat.com>
596
597 PR analyzer/101570
598 * analyzer.cc (maybe_reconstruct_from_def_stmt): Add GIMPLE_ASM
599 case.
600 * analyzer.h (class asm_output_svalue): New forward decl.
601 (class reachable_regions): New forward decl.
602 * complexity.cc (complexity::from_vec_svalue): New.
603 * complexity.h (complexity::from_vec_svalue): New decl.
604 * engine.cc (feasibility_state::maybe_update_for_edge): Handle
605 asm stmts by calling on_asm_stmt.
606 * region-model-asm.cc: New file.
607 * region-model-manager.cc
608 (region_model_manager::maybe_fold_asm_output_svalue): New.
609 (region_model_manager::get_or_create_asm_output_svalue): New.
610 (region_model_manager::log_stats): Log m_asm_output_values_map.
611 * region-model.cc (region_model::on_stmt_pre): Handle GIMPLE_ASM.
612 * region-model.h (visitor::visit_asm_output_svalue): New.
613 (region_model_manager::get_or_create_asm_output_svalue): New decl.
614 (region_model_manager::maybe_fold_asm_output_svalue): New decl.
615 (region_model_manager::asm_output_values_map_t): New typedef.
616 (region_model_manager::m_asm_output_values_map): New field.
617 (region_model::on_asm_stmt): New.
618 * store.cc (binding_cluster::on_asm): New.
619 * store.h (binding_cluster::on_asm): New decl.
620 * svalue.cc (svalue::cmp_ptr): Handle SK_ASM_OUTPUT.
621 (asm_output_svalue::dump_to_pp): New.
622 (asm_output_svalue::dump_input): New.
623 (asm_output_svalue::input_idx_to_asm_idx): New.
624 (asm_output_svalue::accept): New.
625 * svalue.h (enum svalue_kind): Add SK_ASM_OUTPUT.
626 (svalue::dyn_cast_asm_output_svalue): New.
627 (class asm_output_svalue): New.
628 (is_a_helper <const asm_output_svalue *>::test): New.
629 (struct default_hash_traits<asm_output_svalue::key_t>): New.
630
fa1407c7
GA		 6312021-08-03 Jakub Jelinek <jakub@redhat.com>
632
633 PR analyzer/101721
634 * sm-malloc.cc (known_allocator_p): Only check DECL_FUNCTION_CODE on
635 BUILT_IN_NORMAL builtins.
636
4d17ca1b
GA		 6372021-07-29 Ankur Saini <arsenic@sourceware.org>
638
639 * call-string.cc (call_string::element_t::operator==): New operator.
640 (call_String::element_t::operator!=): New operator.
641 (call_string::element_t::get_caller_function): New function.
642 (call_string::element_t::get_callee_function): New function.
643 (call_string::call_string): Refactor to Initialise m_elements.
644 (call_string::operator=): Refactor to work with m_elements.
645 (call_string::operator==): Likewise.
646 (call_string::to_json): Likewise.
647 (call_string::hash): Refactor to hash e.m_caller.
648 (call_string::push_call): Refactor to work with m_elements.
649 (call_string::push_call): New overload to push call via supernodes.
650 (call_string::pop): Refactor to work with m_elements.
651 (call_string::calc_recursion_depth): Likewise.
652 (call_string::cmp): Likewise.
653 (call_string::validate): Likewise.
654 (call_string::operator[]): Likewise.
655 * call-string.h (class supernode): New forward decl.
656 (struct call_string::element_t): New struct.
657 (call_string::call_string): Refactor to initialise m_elements.
658 (call_string::bool empty_p): Refactor to work with m_elements.
659 (call_string::get_callee_node): New decl.
660 (call_string::get_caller_node): New decl.
661 (m_elements): Replaces m_return_edges.
662 * program-point.cc (program_point::get_function_at_depth): Refactor to
663 work with new call-string format.
664 (program_point::validate): Likewise.
665 (program_point::on_edge): Likewise.
666
39169029
GA		 6672021-07-28 David Malcolm <dmalcolm@redhat.com>
668
669 * region-model.cc (region_model::on_call_pre): Treat
670 IFN_UBSAN_BOUNDS, BUILT_IN_STACK_SAVE, and BUILT_IN_STACK_RESTORE
671 as no-ops, rather than handling them as unknown functions.
672
6732021-07-28 David Malcolm <dmalcolm@redhat.com>
674
675 * region-model-impl-calls.cc (region_model::impl_call_alloca):
676 Drop redundant return value.
677 (region_model::impl_call_builtin_expect): Likewise.
678 (region_model::impl_call_calloc): Likewise.
679 (region_model::impl_call_malloc): Likewise.
680 (region_model::impl_call_memset): Likewise.
681 (region_model::impl_call_operator_new): Likewise.
682 (region_model::impl_call_operator_delete): Likewise.
683 (region_model::impl_call_strlen): Likewise.
684 * region-model.cc (region_model::on_call_pre): Fix return value of
685 known functions that don't have unknown side-effects.
686 * region-model.h (region_model::impl_call_alloca): Drop redundant
687 return value.
688 (region_model::impl_call_builtin_expect): Likewise.
689 (region_model::impl_call_calloc): Likewise.
690 (region_model::impl_call_malloc): Likewise.
691 (region_model::impl_call_memset): Likewise.
692 (region_model::impl_call_strlen): Likewise.
693 (region_model::impl_call_operator_new): Likewise.
694 (region_model::impl_call_operator_delete): Likewise.
695
6962021-07-28 Siddhesh Poyarekar <siddhesh@gotplt.org>
697
698 * analyzer.cc (is_named_call_p, is_std_named_call_p): Make
699 first argument a const_tree.
700 * analyzer.h (is_named_call_p, -s_std_named_call_p): Likewise.
701 * sm-malloc.cc (known_allocator_p): New function.
702 (malloc_state_machine::on_stmt): Use it.
703
7042021-07-28 Siddhesh Poyarekar <siddhesh@gotplt.org>
705
706 * sm-malloc.cc
707 (malloc_state_machine::get_or_create_deallocator): Recognize
708 __builtin_free.
709
1a7febe9
GA		 7102021-07-26 David Malcolm <dmalcolm@redhat.com>
711
712 * region-model.cc (region_model::on_call_pre): Always set conjured
713 LHS, not just for SSA names.
714
ead235f6
GA		 7152021-07-23 David Malcolm <dmalcolm@redhat.com>
716
717 * diagnostic-manager.cc
718 (class auto_disable_complexity_checks): New.
719 (epath_finder::explore_feasible_paths): Use it to disable
720 complexity checks whilst processing the worklist.
721 * region-model-manager.cc
722 (region_model_manager::region_model_manager): Initialize
723 m_check_complexity.
724 (region_model_manager::reject_if_too_complex): Bail if
725 m_check_complexity is false.
726 * region-model.h
727 (region_model_manager::enable_complexity_check): New.
728 (region_model_manager::disable_complexity_check): New.
729 (region_model_manager::m_check_complexity): New.
730
419c6c68
GA		 7312021-07-21 David Malcolm <dmalcolm@redhat.com>
732
733 PR analyzer/101547
734 * sm-file.cc (file_leak::emit): Handle m_arg being NULL.
735 (file_leak::describe_final_event): Handle ev.m_expr being NULL.
736
7372021-07-21 David Malcolm <dmalcolm@redhat.com>
738
739 PR analyzer/101522
740 * store.cc (binding_cluster::purge_state_involving): Don't change
741 m_map whilst iterating through it.
742
7432021-07-21 David Malcolm <dmalcolm@redhat.com>
744
745 * region-model.cc (region_model::handle_phi): Add "old_state"
746 param and use it.
747 (region_model::update_for_phis): Update so that all of the phi
748 stmts are effectively handled simultaneously, rather than in
749 order.
750 * region-model.h (region_model::handle_phi): Add "old_state"
751 param.
752 * state-purge.cc (self_referential_phi_p): Replace with...
753 (name_used_by_phis_p): ...this new function.
754 (state_purge_per_ssa_name::process_point): Update to use the
755 above, so that all phi stmts at a basic block are effectively
756 considered simultaneously, and only consider the phi arguments for
757 the pertinent in-edge.
758 * supergraph.cc (cfg_superedge::get_phi_arg_idx): New.
759 (cfg_superedge::get_phi_arg): Use the above.
760 * supergraph.h (cfg_superedge::get_phi_arg_idx): New decl.
761
7622021-07-21 David Malcolm <dmalcolm@redhat.com>
763
764 * state-purge.cc (state_purge_annotator::add_node_annotations):
765 Rather than erroneously always using the NULL in-edge, determine
766 each relevant in-edge, and print the appropriate data for each
767 in-edge. Use print_needed to print the data as comma-separated
768 lists of SSA names.
769 (print_vec_of_names): Add "within_table" param and use it.
770 (state_purge_annotator::add_stmt_annotations): Factor out
771 collation and printing code into...
772 (state_purge_annotator::print_needed): ...this new function.
773 * state-purge.h (state_purge_annotator::print_needed): New decl.
774
7752021-07-21 David Malcolm <dmalcolm@redhat.com>
776
777 * program-point.cc (function_point::print): Show src BB index at
778 BEFORE_SUPERNODE.
779
7802021-07-21 David Malcolm <dmalcolm@redhat.com>
781
782 * svalue.cc (infix_p): New.
783 (binop_svalue::dump_to_pp): Use it to print MIN_EXPR and MAX_EXPR
784 in prefix form, rather than infix.
785
21ea2f93
GA		 7862021-07-19 David Malcolm <dmalcolm@redhat.com>
787
788 PR analyzer/101503
789 * constraint-manager.cc (constraint_manager::add_constraint): Use
790 can_have_associated_state_p rather than testing for unknown.
791 (constraint_manager::get_or_add_equiv_class): Likewise.
792 * program-state.cc (sm_state_map::set_state): Likewise.
793 (sm_state_map::impl_set_state): Add assertion.
794 * region-model-manager.cc
795 (region_model_manager::maybe_fold_unaryop): Handle poisoned
796 values.
797 (region_model_manager::maybe_fold_binop): Move handling of unknown
798 values...
799 (region_model_manager::get_or_create_binop): ...to here, and
800 generalize to use can_have_associated_state_p.
801 (region_model_manager::maybe_fold_sub_svalue): Use
802 can_have_associated_state_p rather than testing for unknown.
803 (region_model_manager::maybe_fold_repeated_svalue): Use unknown
804 when the size or repeated value is "unknown"/"poisoned".
805 * region-model.cc (region_model::purge_state_involving): Reject
806 attempts to purge unknown/poisoned svalues, as these svalues
807 should not have state associated with them.
808 * svalue.cc (sub_svalue::sub_svalue): Assert that we're building
809 on top of an svalue with can_have_associated_state_p.
810 (repeated_svalue::repeated_svalue): Likewise.
811 (bits_within_svalue::bits_within_svalue): Likewise.
812 * svalue.h (svalue::can_have_associated_state_p): New.
813 (unknown_svalue::can_have_associated_state_p): New.
814 (poisoned_svalue::can_have_associated_state_p): New.
815 (unaryop_svalue::unaryop_svalue): Assert that we're building on
816 top of an svalue with can_have_associated_state_p.
817 (binop_svalue::binop_svalue): Likewise.
818 (widening_svalue::widening_svalue): Likewise.
819
87277b6a
GA		 8202021-07-16 David Malcolm <dmalcolm@redhat.com>
821
822 * analyzer.h (enum access_direction): New.
823 * engine.cc (exploded_node::on_longjmp): Update for new param of
824 get_store_value.
825 * program-state.cc (program_state::prune_for_point): Likewise.
826 * region-model-impl-calls.cc (region_model::impl_call_memcpy):
827 Replace call to check_for_writable_region with call to
828 check_region_for_write.
829 (region_model::impl_call_memset): Likewise.
830 (region_model::impl_call_strcpy): Likewise.
831 * region-model-reachability.cc (reachable_regions::add): Update
832 for new param of get_store_value.
833 * region-model.cc (region_model::get_rvalue_1): Likewise, also for
834 get_rvalue_for_bits.
835 (region_model::get_store_value): Add ctxt param and use it to call
836 check_region_for_read.
837 (region_model::get_rvalue_for_bits): Add ctxt param and use it to
838 call get_store_value.
839 (region_model::check_region_access): New.
840 (region_model::check_region_for_write): New.
841 (region_model::check_region_for_read): New.
842 (region_model::set_value): Update comment. Replace call to
843 check_for_writable_region with call to check_region_for_write.
844 * region-model.h (region_model::get_rvalue_for_bits): Add ctxt
845 param.
846 (region_model::get_store_value): Add ctxt param.
847 (region_model::check_region_access): New decl.
848 (region_model::check_region_for_write): New decl.
849 (region_model::check_region_for_read): New decl.
850 * region.cc (region_model::copy_region): Update call to
851 get_store_value.
852 * svalue.cc (initial_svalue::implicitly_live_p): Likewise.
853
8542021-07-16 David Malcolm <dmalcolm@redhat.com>
855
856 * engine.cc (exploded_node::on_stmt_pre): Handle
857 __analyzer_dump_state.
858 * program-state.cc (extrinsic_state::get_sm_idx_by_name): New.
859 (program_state::impl_call_analyzer_dump_state): New.
860 * program-state.h (extrinsic_state::get_sm_idx_by_name): New decl.
861 (program_state::impl_call_analyzer_dump_state): New decl.
862 * region-model-impl-calls.cc
863 (call_details::get_arg_string_literal): New.
864 * region-model.h (call_details::get_arg_string_literal): New decl.
865
8662021-07-16 David Malcolm <dmalcolm@redhat.com>
867
868 * program-state.cc (program_state::detect_leaks): Simplify using
869 svalue::maybe_get_region.
870 * region-model-impl-calls.cc (region_model::impl_call_fgets): Likewise.
871 (region_model::impl_call_fread): Likewise.
872 (region_model::impl_call_free): Likewise.
873 (region_model::impl_call_operator_delete): Likewise.
874 * region-model.cc (selftest::test_stack_frames): Likewise.
875 (selftest::test_state_merging): Likewise.
876 * svalue.cc (svalue::maybe_get_region): New.
877 * svalue.h (svalue::maybe_get_region): New decl.
878
d97d71a1
GA		 8792021-07-15 David Malcolm <dmalcolm@redhat.com>
880
881 * svalue.h (is_a_helper <placeholder_svalue *>::test): Make
882 param and template param const.
883 (is_a_helper <widening_svalue *>::test): Likewise.
884 (is_a_helper <compound_svalue *>::test): Likewise.
885 (is_a_helper <conjured_svalue *>::test): Likewise.
886
8872021-07-15 David Malcolm <dmalcolm@redhat.com>
888
889 PR analyzer/95006
890 PR analyzer/94713
891 PR analyzer/94714
892 * analyzer.cc (maybe_reconstruct_from_def_stmt): Split out
893 GIMPLE_ASSIGN case into...
894 (get_diagnostic_tree_for_gassign_1): New.
895 (get_diagnostic_tree_for_gassign): New.
896 * analyzer.h (get_diagnostic_tree_for_gassign): New decl.
897 * analyzer.opt (Wanalyzer-write-to-string-literal): New.
898 * constraint-manager.cc (class svalue_purger): New.
899 (constraint_manager::purge_state_involving): New.
900 * constraint-manager.h
901 (constraint_manager::purge_state_involving): New.
902 * diagnostic-manager.cc (saved_diagnostic::supercedes_p): New.
903 (dedupe_winners::handle_interactions): New.
904 (diagnostic_manager::emit_saved_diagnostics): Call it.
905 * diagnostic-manager.h (saved_diagnostic::supercedes_p): New decl.
906 * engine.cc (impl_region_model_context::warn): Convert return type
907 to bool. Return false if the diagnostic isn't saved.
908 (impl_region_model_context::purge_state_involving): New.
909 (impl_sm_context::get_state): Use NULL ctxt when querying old
910 rvalue.
911 (impl_sm_context::set_next_state): Use new sval when querying old
912 state.
913 (class dump_path_diagnostic): Move to region-model.cc
914 (exploded_node::on_stmt): Move to on_stmt_pre and on_stmt_post.
915 Remove call to purge_state_involving.
916 (exploded_node::on_stmt_pre): New, based on the above. Move most
917 of it to region_model::on_stmt_pre.
918 (exploded_node::on_stmt_post): Likewise, moving to
919 region_model::on_stmt_post.
920 (class stale_jmp_buf): Fix parent class to use curiously recurring
921 template pattern.
922 (feasibility_state::maybe_update_for_edge): Call on_call_pre and
923 on_call_post on gcalls.
924 * exploded-graph.h (impl_region_model_context::warn): Return bool.
925 (impl_region_model_context::purge_state_involving): New decl.
926 (exploded_node::on_stmt_pre): New decl.
927 (exploded_node::on_stmt_post): New decl.
928 * pending-diagnostic.h (pending_diagnostic::use_of_uninit_p): New.
929 (pending_diagnostic::supercedes_p): New.
930 * program-state.cc (sm_state_map::get_state): Inherit state for
931 conjured_svalue as well as initial_svalue.
932 (sm_state_map::purge_state_involving): Also support SK_CONJURED.
933 * region-model-impl-calls.cc (call_details::get_uncertainty):
934 Handle m_ctxt being NULL.
935 (call_details::get_or_create_conjured_svalue): New.
936 (region_model::impl_call_fgets): New.
937 (region_model::impl_call_fread): New.
938 * region-model-manager.cc
939 (region_model_manager::get_or_create_initial_value): Return an
940 uninitialized poisoned value for regions that can't have initial
941 values.
942 * region-model-reachability.cc
943 (reachable_regions::mark_escaped_clusters): Handle ctxt being
944 NULL.
945 * region-model.cc (region_to_value_map::purge_state_involving): New.
946 (poisoned_value_diagnostic::use_of_uninit_p): New.
947 (poisoned_value_diagnostic::emit): Handle POISON_KIND_UNINIT.
948 (poisoned_value_diagnostic::describe_final_event): Likewise.
949 (region_model::check_for_poison): New.
950 (region_model::on_assignment): Call it.
951 (class dump_path_diagnostic): Move here from engine.cc.
952 (region_model::on_stmt_pre): New, based on exploded_node::on_stmt.
953 (region_model::on_call_pre): Move the setting of the LHS to a
954 conjured svalue to before the checks for specific functions.
955 Handle "fgets", "fgets_unlocked", and "fread".
956 (region_model::purge_state_involving): New.
957 (region_model::handle_unrecognized_call): Handle ctxt being NULL.
958 (region_model::get_rvalue): Call check_for_poison.
959 (selftest::test_stack_frames): Use NULL for context when getting
960 uninitialized rvalue.
961 (selftest::test_alloca): Likewise.
962 * region-model.h (region_to_value_map::purge_state_involving): New
963 decl.
964 (call_details::get_or_create_conjured_svalue): New decl.
965 (region_model::on_stmt_pre): New decl.
966 (region_model::purge_state_involving): New decl.
967 (region_model::impl_call_fgets): New decl.
968 (region_model::impl_call_fread): New decl.
969 (region_model::check_for_poison): New decl.
970 (region_model_context::warn): Return bool.
971 (region_model_context::purge_state_involving): New.
972 (noop_region_model_context::warn): Return bool.
973 (noop_region_model_context::purge_state_involving): New.
974 (test_region_model_context:: warn): Return bool.
975 * region.cc (region::get_memory_space): New.
976 (region::can_have_initial_svalue_p): New.
977 (region::involves_p): New.
978 * region.h (enum memory_space): New.
979 (region::get_memory_space): New decl.
980 (region::can_have_initial_svalue_p): New decl.
981 (region::involves_p): New decl.
982 * sm-malloc.cc (use_after_free::supercedes_p): New.
983 * store.cc (binding_cluster::purge_state_involving): New.
984 (store::purge_state_involving): New.
985 * store.h (class symbolic_binding): New forward decl.
986 (binding_key::dyn_cast_symbolic_binding): New.
987 (symbolic_binding::dyn_cast_symbolic_binding): New.
988 (binding_cluster::purge_state_involving): New.
989 (store::purge_state_involving): New.
990 * svalue.cc (svalue::can_merge_p): Reject attempts to merge
991 poisoned svalues with other svalues, so that we identify
992 paths in which a variable is conditionally uninitialized.
993 (involvement_visitor::visit_conjured_svalue): New.
994 (svalue::involves_p): Also handle SK_CONJURED.
995 (poison_kind_to_str): Handle POISON_KIND_UNINIT.
996 (poisoned_svalue::maybe_fold_bits_within): New.
997 * svalue.h (enum poison_kind): Add POISON_KIND_UNINIT.
998 (poisoned_svalue::maybe_fold_bits_within): New decl.
999
10002021-07-15 David Malcolm <dmalcolm@redhat.com>
1001
1002 * analyzer.opt (fdump-analyzer-exploded-paths): New.
1003 * diagnostic-manager.cc
1004 (diagnostic_manager::emit_saved_diagnostic): Implement it.
1005 * engine.cc (exploded_path::dump_to_pp): Add ext_state param and
1006 use it to dump states if non-NULL.
1007 (exploded_path::dump): Likewise.
1008 (exploded_path::dump_to_file): New.
1009 * exploded-graph.h (exploded_path::dump_to_pp): Add ext_state
1010 param.
1011 (exploded_path::dump): Likewise.
1012 (exploded_path::dump): Likewise.
1013 (exploded_path::dump_to_file): New.
1014
10152021-07-15 David Malcolm <dmalcolm@redhat.com>
1016
1017 * analyzer.cc (fixup_tree_for_diagnostic_1): Use DECL_DEBUG_EXPR
1018 if it's available.
1019 * engine.cc (readability): Likewise.
1020
10212021-07-15 David Malcolm <dmalcolm@redhat.com>
1022
1023 * state-purge.cc (self_referential_phi_p): New.
1024 (state_purge_per_ssa_name::process_point): Don't purge an SSA name
1025 at its def-stmt if the def-stmt is self-referential.
1026
c24a9707
GA		 10272021-07-07 David Malcolm <dmalcolm@redhat.com>
1028
1029 * diagnostic-manager.cc (null_assignment_sm_context::get_state):
1030 New overload.
1031 (null_assignment_sm_context::set_next_state): New overload.
1032 (null_assignment_sm_context::get_diagnostic_tree): New.
1033 * engine.cc (impl_sm_context::get_state): New overload.
1034 (impl_sm_context::set_next_state): New overload.
1035 (impl_sm_context::get_diagnostic_tree): New overload.
1036 (impl_region_model_context::on_condition): Convert params from
1037 tree to const svalue *.
1038 * exploded-graph.h (impl_region_model_context::on_condition):
1039 Likewise.
1040 * region-model.cc (region_model::on_call_pre): Move handling of
1041 internal calls to before checking for get_fndecl_for_call.
1042 (region_model::add_constraints_from_binop): New.
1043 (region_model::add_constraint): Split out into a new overload
1044 working on const svalue * rather than tree. Call
1045 add_constraints_from_binop. Drop call to
1046 add_any_constraints_from_ssa_def_stmt.
1047 (region_model::add_any_constraints_from_ssa_def_stmt): Delete.
1048 (region_model::add_any_constraints_from_gassign): Delete.
1049 (region_model::add_any_constraints_from_gcall): Delete.
1050 * region-model.h
1051 (region_model::add_any_constraints_from_ssa_def_stmt): Delete.
1052 (region_model::add_any_constraints_from_gassign): Delete.
1053 (region_model::add_any_constraints_from_gcall): Delete.
1054 (region_model::add_constraint): Add overload decl.
1055 (region_model::add_constraints_from_binop): New decl.
1056 (region_model_context::on_condition): Convert params from tree to
1057 const svalue *.
1058 (noop_region_model_context::on_condition): Likewise.
1059 * sm-file.cc (fileptr_state_machine::condition): Likewise.
1060 * sm-malloc.cc (malloc_state_machine::on_condition): Likewise.
1061 * sm-pattern-test.cc: Include tristate.h, selftest.h,
1062 analyzer/call-string.h, analyzer/program-point.h,
1063 analyzer/store.h, and analyzer/region-model.h.
1064 (pattern_test_state_machine::on_condition): Convert params from tree to
1065 const svalue *.
1066 * sm-sensitive.cc (sensitive_state_machine::on_condition): Delete.
1067 * sm-signal.cc (signal_state_machine::on_condition): Delete.
1068 * sm-taint.cc (taint_state_machine::on_condition): Convert params
1069 from tree to const svalue *.
1070 * sm.cc: Include tristate.h, selftest.h, analyzer/call-string.h,
1071 analyzer/program-point.h, analyzer/store.h, and
1072 analyzer/region-model.h.
1073 (any_pointer_p): Add overload taking const svalue *sval.
1074 * sm.h (any_pointer_p): Add overload taking const svalue *sval.
1075 (state_machine::on_condition): Convert params from tree to
1076 const svalue *. Provide no-op default implementation.
1077 (sm_context::get_state): Add overload taking const svalue *sval.
1078 (sm_context::set_next_state): Likewise.
1079 (sm_context::on_transition): Likewise.
1080 (sm_context::get_diagnostic_tree): Likewise.
1081 * svalue.cc (svalue::all_zeroes_p): New.
1082 (constant_svalue::all_zeroes_p): New.
1083 (repeated_svalue::all_zeroes_p): Convert to vfunc.
1084 * svalue.h (svalue::all_zeroes_p): New decl.
1085 (constant_svalue::all_zeroes_p): New decl.
1086 (repeated_svalue::all_zeroes_p): Convert decl to vfunc.
1087
25b6bfea
GA		 10882021-06-30 David Malcolm <dmalcolm@redhat.com>
1089
1090 PR analyzer/95006
1091 * analyzer.h (class repeated_svalue): New forward decl.
1092 (class bits_within_svalue): New forward decl.
1093 (class sized_region): New forward decl.
1094 (get_field_at_bit_offset): New forward decl.
1095 * engine.cc (exploded_graph::get_or_create_node): Validate the
1096 merged state.
1097 (exploded_graph::maybe_process_run_of_before_supernode_enodes):
1098 Validate the states at each stage.
1099 * program-state.cc (program_state::validate): Validate
1100 m_region_model.
1101 * region-model-impl-calls.cc (region_model::impl_call_memset):
1102 Replace special-case logic for handling constant sizes with
1103 a call to fill_region of a sized_region with the given fill value.
1104 * region-model-manager.cc (maybe_undo_optimize_bit_field_compare):
1105 Drop DK_direct.
1106 (region_model_manager::maybe_fold_sub_svalue): Fold element-based
1107 subregions of an initial value into initial values of an element.
1108 Fold subvalues of repeated svalues.
1109 (region_model_manager::maybe_fold_repeated_svalue): New.
1110 (region_model_manager::get_or_create_repeated_svalue): New.
1111 (get_bit_range_for_field): New.
1112 (get_byte_range_for_field): New.
1113 (get_field_at_byte_range): New.
1114 (region_model_manager::maybe_fold_bits_within_svalue): New.
1115 (region_model_manager::get_or_create_bits_within): New.
1116 (region_model_manager::get_sized_region): New.
1117 (region_model_manager::log_stats): Update for addition of
1118 m_repeated_values_map, m_bits_within_values_map, and
1119 m_sized_regions.
1120 * region-model.cc (region_model::validate): New.
1121 (region_model::on_assignment): Drop enum binding_kind.
1122 (region_model::get_initial_value_for_global): Likewise.
1123 (region_model::get_rvalue_for_bits): Replace body with call to
1124 get_or_create_bits_within.
1125 (region_model::get_capacity): Handle RK_SIZED.
1126 (region_model::set_value): Drop enum binding_kind.
1127 (region_model::fill_region): New.
1128 (region_model::get_representative_path_var_1): Handle RK_SIZED.
1129 * region-model.h (visitor::visit_repeated_svalue): New.
1130 (visitor::visit_bits_within_svalue): New.
1131 (region_model_manager::get_or_create_repeated_svalue): New decl.
1132 (region_model_manager::get_or_create_bits_within): New decl.
1133 (region_model_manager::get_sized_region): New decl.
1134 (region_model_manager::maybe_fold_repeated_svalue): New decl.
1135 (region_model_manager::maybe_fold_bits_within_svalue): New decl.
1136 (region_model_manager::repeated_values_map_t): New typedef.
1137 (region_model_manager::m_repeated_values_map): New field.
1138 (region_model_manager::bits_within_values_map_t): New typedef.
1139 (region_model_manager::m_bits_within_values_map): New field.
1140 (region_model_manager::m_sized_regions): New field.
1141 (region_model::fill_region): New decl.
1142 * region.cc (region::get_base_region): Handle RK_SIZED.
1143 (region::base_region_p): Likewise.
1144 (region::get_byte_size_sval): New.
1145 (get_field_at_bit_offset): Make non-static.
1146 (region::calc_offset): Move implementation of cases to
1147 get_relative_concrete_offset vfunc implementations. Handle
1148 RK_SIZED.
1149 (region::get_relative_concrete_offset): New.
1150 (decl_region::get_svalue_for_initializer): Drop enum binding_kind.
1151 (field_region::get_relative_concrete_offset): New, from
1152 region::calc_offset.
1153 (element_region::get_relative_concrete_offset): Likewise.
1154 (offset_region::get_relative_concrete_offset): Likewise.
1155 (sized_region::accept): New.
1156 (sized_region::dump_to_pp): New.
1157 (sized_region::get_byte_size): New.
1158 (sized_region::get_bit_size): New.
1159 * region.h (enum region_kind): Add RK_SIZED.
1160 (region::dyn_cast_sized_region): New.
1161 (region::get_byte_size): Make virtual.
1162 (region::get_bit_size): Likewise.
1163 (region::get_byte_size_sval): New decl.
1164 (region::get_relative_concrete_offset): New decl.
1165 (field_region::get_relative_concrete_offset): New decl.
1166 (element_region::get_relative_concrete_offset): Likewise.
1167 (offset_region::get_relative_concrete_offset): Likewise.
1168 (class sized_region): New.
1169 * store.cc (binding_kind_to_string): Delete.
1170 (binding_key::make): Drop enum binding_kind.
1171 (binding_key::dump_to_pp): Delete.
1172 (binding_key::cmp_ptrs): Drop enum binding_kind.
1173 (bit_range::contains_p): New.
1174 (byte_range::dump): New.
1175 (byte_range::contains_p): New.
1176 (byte_range::cmp): New.
1177 (concrete_binding::dump_to_pp): Drop enum binding_kind.
1178 (concrete_binding::cmp_ptr_ptr): Likewise.
1179 (symbolic_binding::dump_to_pp): Likewise.
1180 (symbolic_binding::cmp_ptr_ptr): Likewise.
1181 (binding_map::apply_ctor_val_to_range): Likewise.
1182 (binding_map::apply_ctor_pair_to_child_region): Likewise.
1183 (binding_map::get_overlapping_bindings): New.
1184 (binding_map::remove_overlapping_bindings): New.
1185 (binding_cluster::validate): New.
1186 (binding_cluster::bind): Drop enum binding_kind.
1187 (binding_cluster::bind_compound_sval): Likewise.
1188 (binding_cluster::purge_region): Likewise.
1189 (binding_cluster::zero_fill_region): Reimplement in terms of...
1190 (binding_cluster::fill_region): New.
1191 (binding_cluster::mark_region_as_unknown): Drop enum binding_kind.
1192 (binding_cluster::get_binding): Likewise.
1193 (binding_cluster::get_binding_recursive): Likewise.
1194 (binding_cluster::get_any_binding): Likewise.
1195 (binding_cluster::maybe_get_compound_binding): Reimplement.
1196 (binding_cluster::get_overlapping_bindings): Delete.
1197 (binding_cluster::remove_overlapping_bindings): Reimplement in
1198 terms of binding_map::remove_overlapping_bindings.
1199 (binding_cluster::can_merge_p): Update for removal of
1200 enum binding_kind.
1201 (binding_cluster::on_unknown_fncall): Drop enum binding_kind.
1202 (binding_cluster::maybe_get_simple_value): Likewise.
1203 (store_manager::get_concrete_binding): Likewise.
1204 (store_manager::get_symbolic_binding): Likewise.
1205 (store::validate): New.
1206 (store::set_value): Drop enum binding_kind.
1207 (store::zero_fill_region): Reimplement in terms of...
1208 (store::fill_region): New.
1209 (selftest::test_binding_key_overlap): Drop enum binding_kind.
1210 * store.h (enum binding_kind): Delete.
1211 (binding_kind_to_string): Delete decl.
1212 (binding_key::make): Drop enum binding_kind.
1213 (binding_key::dump_to_pp): Make pure virtual.
1214 (binding_key::get_kind): Delete.
1215 (binding_key::mark_deleted): Delete.
1216 (binding_key::mark_empty): Delete.
1217 (binding_key::is_deleted): Delete.
1218 (binding_key::is_empty): Delete.
1219 (binding_key::binding_key): Delete.
1220 (binding_key::impl_hash): Delete.
1221 (binding_key::impl_eq): Delete.
1222 (binding_key::m_kind): Delete.
1223 (bit_range::get_last_bit_offset): New.
1224 (bit_range::contains_p): New.
1225 (byte_range::contains_p): New.
1226 (byte_range::operator==): New.
1227 (byte_range::get_start_byte_offset): New.
1228 (byte_range::get_next_byte_offset): New.
1229 (byte_range::get_last_byte_offset): New.
1230 (byte_range::as_bit_range): New.
1231 (byte_range::cmp): New.
1232 (concrete_binding::concrete_binding): Drop enum binding_kind.
1233 (concrete_binding::hash): Likewise.
1234 (concrete_binding::operator==): Likewise.
1235 (concrete_binding::mark_deleted): New.
1236 (concrete_binding::mark_empty): New.
1237 (concrete_binding::is_deleted): New.
1238 (concrete_binding::is_empty): New.
1239 (default_hash_traits<ana::concrete_binding>::empty_zero_p): Make false.
1240 (symbolic_binding::symbolic_binding): Drop enum binding_kind.
1241 (symbolic_binding::hash): Likewise.
1242 (symbolic_binding::operator==): Likewise.
1243 (symbolic_binding::mark_deleted): New.
1244 (symbolic_binding::mark_empty): New.
1245 (symbolic_binding::is_deleted): New.
1246 (symbolic_binding::is_empty): New.
1247 (binding_map::remove_overlapping_bindings): New decl.
1248 (binding_map::get_overlapping_bindings): New decl.
1249 (binding_cluster::validate): New decl.
1250 (binding_cluster::bind): Drop enum binding_kind.
1251 (binding_cluster::fill_region): New decl.
1252 (binding_cluster::get_binding): Drop enum binding_kind.
1253 (binding_cluster::get_binding_recursive): Likewise.
1254 (binding_cluster::get_overlapping_bindings): Delete.
1255 (store::validate): New decl.
1256 (store::set_value): Drop enum binding_kind.
1257 (store::fill_region): New decl.
1258 (store_manager::get_concrete_binding): Drop enum binding_kind.
1259 (store_manager::get_symbolic_binding): Likewise.
1260 * svalue.cc (svalue::cmp_ptr): Handle SK_REPEATED and
1261 SK_BITS_WITHIN.
1262 (svalue::extract_bit_range): New.
1263 (svalue::maybe_fold_bits_within): New.
1264 (constant_svalue::maybe_fold_bits_within): New.
1265 (unknown_svalue::maybe_fold_bits_within): New.
1266 (unaryop_svalue::maybe_fold_bits_within): New.
1267 (repeated_svalue::repeated_svalue): New.
1268 (repeated_svalue::dump_to_pp): New.
1269 (repeated_svalue::accept): New.
1270 (repeated_svalue::all_zeroes_p): New.
1271 (repeated_svalue::maybe_fold_bits_within): New.
1272 (bits_within_svalue::bits_within_svalue): New.
1273 (bits_within_svalue::dump_to_pp): New.
1274 (bits_within_svalue::maybe_fold_bits_within): New.
1275 (bits_within_svalue::accept): New.
1276 (bits_within_svalue::implicitly_live_p): New.
1277 (compound_svalue::maybe_fold_bits_within): New.
1278 * svalue.h (enum svalue_kind): Add SK_REPEATED and SK_BITS_WITHIN.
1279 (svalue::dyn_cast_repeated_svalue): New.
1280 (svalue::dyn_cast_bits_within_svalue): New.
1281 (svalue::extract_bit_range): New decl.
1282 (svalue::maybe_fold_bits_within): New vfunc decl.
1283 (region_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE.
1284 (region_svalue::key_t::is_empty): Likewise.
1285 (default_hash_traits<region_svalue::key_t>::empty_zero_p): Make false.
1286 (constant_svalue::maybe_fold_bits_within): New.
1287 (unknown_svalue::maybe_fold_bits_within): New.
1288 (poisoned_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE.
1289 (poisoned_svalue::key_t::is_empty): Likewise.
1290 (default_hash_traits<poisoned_svalue::key_t>::empty_zero_p): Make
1291 false.
1292 (setjmp_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE.
1293 (setjmp_svalue::key_t::is_empty): Likewise.
1294 (default_hash_traits<setjmp_svalue::key_t>::empty_zero_p): Make
1295 false.
1296 (unaryop_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE.
1297 (unaryop_svalue::key_t::is_empty): Likewise.
1298 (unaryop_svalue::maybe_fold_bits_within): New.
1299 (default_hash_traits<unaryop_svalue::key_t>::empty_zero_p): Make
1300 false.
1301 (binop_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE.
1302 (binop_svalue::key_t::is_empty): Likewise.
1303 (default_hash_traits<binop_svalue::key_t>::empty_zero_p): Make
1304 false.
1305 (sub_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE.
1306 (sub_svalue::key_t::is_empty): Likewise.
1307 (default_hash_traits<sub_svalue::key_t>::empty_zero_p): Make
1308 false.
1309 (class repeated_svalue): New.
1310 (is_a_helper <const repeated_svalue *>::test): New.
1311 (struct default_hash_traits<repeated_svalue::key_t>): New.
1312 (class bits_within_svalue): New.
1313 (is_a_helper <const bits_within_svalue *>::test): New.
1314 (struct default_hash_traits<bits_within_svalue::key_t>): New.
1315 (widening_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE.
1316 (widening_svalue::key_t::is_empty): Likewise.
1317 (default_hash_traits<widening_svalue::key_t>::empty_zero_p): Make
1318 false.
1319 (compound_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE.
1320 (compound_svalue::key_t::is_empty): Likewise.
1321 (compound_svalue::maybe_fold_bits_within): New.
1322 (default_hash_traits<compound_svalue::key_t>::empty_zero_p): Make
1323 false.
1324
c8abc205
GA		 13252021-06-28 David Malcolm <dmalcolm@redhat.com>
1326
1327 * analyzer.h (byte_offset_t): New typedef.
1328 * store.cc (bit_range::dump_to_pp): Dump as a byte range if
1329 possible.
1330 (bit_range::as_byte_range): New.
1331 (byte_range::dump_to_pp): New.
1332 * store.h (class byte_range): New forward decl.
1333 (struct bit_range): Add comment.
1334 (bit_range::as_byte_range): New decl.
1335 (struct byte_range): New.
1336
419af06a
GA		 13372021-06-22 David Malcolm <dmalcolm@redhat.com>
1338
1339 PR analyzer/101143
1340 * region-model.cc (compat_types_p): New function.
1341 (region_model::create_region_for_heap_alloc): Convert assertion to
1342 an error check.
1343 (region_model::create_region_for_alloca): Likewise.
1344
c5581d48
GA		 13452021-06-18 David Malcolm <dmalcolm@redhat.com>
1346
1347 * store.cc (binding_cluster::get_any_binding): Make symbolic reads
1348 from a cluster with concrete bindings return unknown.
1349
13502021-06-18 David Malcolm <dmalcolm@redhat.com>
1351
1352 * region-model-manager.cc
1353 (region_model_manager::get_or_create_int_cst): New.
1354 (region_model_manager::maybe_undo_optimize_bit_field_compare): Use
1355 it to simplify away a local tree.
1356 * region-model.cc (region_model::on_setjmp): Likewise.
1357 (region_model::on_longjmp): Likewise.
1358 * region-model.h (region_model_manager::get_or_create_int_cst):
1359 New decl.
1360 * store.cc (binding_cluster::zero_fill_region): Use it to simplify
1361 away a local tree.
1362
13632021-06-18 David Malcolm <dmalcolm@redhat.com>
1364
1365 * checker-path.cc (class custom_event): Make abstract to allow for
1366 custom vfuncs, splitting existing implementation into...
1367 (class precanned_custom_event): New subclass.
1368 (custom_event::get_desc): Move to...
1369 (precanned_custom_event::get_desc): ...subclass.
1370 * checker-path.h (class custom_event): Make abstract to allow for
1371 custom vfuncs, splitting existing implementation into...
1372 (class precanned_custom_event): New subclass.
1373 * diagnostic-manager.cc (diagnostic_manager::add_events_for_eedge):
1374 Use precanned_custom_event.
1375 * engine.cc
1376 (stale_jmp_buf::maybe_add_custom_events_for_superedge): Likewise.
1377 * sm-signal.cc (signal_delivery_edge_info_t::add_events_to_path):
1378 Likewise.
1379
ede6c356
GA		 13802021-06-15 David Malcolm <dmalcolm@redhat.com>
1381
1382 PR analyzer/99212
1383 PR analyzer/101082
1384 * engine.cc: Include "target.h".
1385 (impl_run_checkers): Log BITS_BIG_ENDIAN, BYTES_BIG_ENDIAN, and
1386 WORDS_BIG_ENDIAN.
1387 * region-model-manager.cc
1388 (region_model_manager::maybe_fold_binop): Move support for masking
1389 via ARG0 & CST into...
1390 (region_model_manager::maybe_undo_optimize_bit_field_compare):
1391 ...this new function. Flatten by converting from nested
1392 conditionals to a series of early return statements to reject
1393 failures. Reject if type is not unsigned_char_type_node.
1394 Handle BYTES_BIG_ENDIAN when determining which bits are bound
1395 in the binding_map.
1396 * region-model.h
1397 (region_model_manager::maybe_undo_optimize_bit_field_compare):
1398 New decl.
1399 * store.cc (bit_range::dump): New function.
1400 * store.h (bit_range::dump): New decl.
1401
14022021-06-15 David Malcolm <dmalcolm@redhat.com>
1403
1404 * engine.cc (exploded_node::on_stmt): Handle __analyzer_dump_capacity.
1405 (exploded_node::on_stmt): Drop m_sm_changes from on_stmt_flags.
1406 (state_change_requires_new_enode_p): New function...
1407 (exploded_graph::process_node): Call it, rather than querying
1408 flags.m_sm_changes, so that dynamic-extent differences can also
1409 trigger the splitting of nodes.
1410 * exploded-graph.h (struct on_stmt_flags): Drop field m_sm_changes.
1411 * program-state.cc (program_state::detect_leaks): Purge dead
1412 heap-allocated regions from dynamic extents.
1413 (selftest::test_program_state_1): Fix type of "size_in_bytes".
1414 (selftest::test_program_state_merging): Likewise.
1415 * region-model-impl-calls.cc
1416 (region_model::impl_call_analyzer_dump_capacity): New.
1417 (region_model::impl_call_free): Remove dynamic extents from the
1418 freed region.
1419 * region-model-reachability.h
1420 (reachable_regions::begin_mutable_base_regs): New.
1421 (reachable_regions::end_mutable_base_regs): New.
1422 * region-model.cc: Include "tree-object-size.h".
1423 (region_model::region_model): Support new field m_dynamic_extents.
1424 (region_model::operator=): Likewise.
1425 (region_model::operator==): Likewise.
1426 (region_model::dump_to_pp): Dump sizes of dynamic regions.
1427 (region_model::handle_unrecognized_call): Purge dynamic extents
1428 from any regions that have escaped mutably:.
1429 (region_model::get_capacity): New function.
1430 (region_model::add_constraint): Unset dynamic extents when a
1431 heap-allocated region's address is NULL.
1432 (region_model::unbind_region_and_descendents): Purge dynamic
1433 extents of unbound regions.
1434 (region_model::can_merge_with_p): Call
1435 m_dynamic_extents.can_merge_with_p.
1436 (region_model::create_region_for_heap_alloc): Assert that
1437 size_in_bytes's type is compatible with size_type_node. Update
1438 for renaming of record_dynamic_extents to set_dynamic_extents.
1439 (region_model::create_region_for_alloca): Likewise.
1440 (region_model::record_dynamic_extents): Rename to...
1441 (region_model::set_dynamic_extents): ...this. Assert that
1442 size_in_bytes's type is compatible with size_type_node. Add it
1443 to the m_dynamic_extents map.
1444 (region_model::get_dynamic_extents): New.
1445 (region_model::unset_dynamic_extents): New.
1446 (selftest::test_state_merging): Fix type of "size".
1447 (selftest::test_malloc_constraints): Likewise.
1448 (selftest::test_malloc): Verify dynamic extents.
1449 (selftest::test_alloca): Likewise.
1450 * region-model.h (region_to_value_map::is_empty): New.
1451 (region_model::dynamic_extents_t): New typedef.
1452 (region_model::impl_call_analyzer_dump_capacity): New decl.
1453 (region_model::get_dynamic_extents): New function.
1454 (region_model::get_dynamic_extents): New decl.
1455 (region_model::set_dynamic_extents): New decl.
1456 (region_model::unset_dynamic_extents): New decl.
1457 (region_model::get_capacity): New decl.
1458 (region_model::record_dynamic_extents): Rename to set_dynamic_extents.
1459 (region_model::m_dynamic_extents): New field.
1460
14612021-06-15 David Malcolm <dmalcolm@redhat.com>
1462
1463 * region-model.cc (region_to_value_map::operator=): New.
1464 (region_to_value_map::operator==): New.
1465 (region_to_value_map::dump_to_pp): New.
1466 (region_to_value_map::dump): New.
1467 (region_to_value_map::can_merge_with_p): New.
1468 * region-model.h (class region_to_value_map): New class.
1469
4e70c34e
GA		 14702021-06-13 Trevor Saunders <tbsaunde@tbsaunde.org>
1471
1472 * call-string.cc (call_string::call_string): Use range based for
1473 to iterate over vec<>.
1474 (call_string::to_json): Likewise.
1475 (call_string::hash): Likewise.
1476 (call_string::calc_recursion_depth): Likewise.
1477 * checker-path.cc (checker_path::fixup_locations): Likewise.
1478 * constraint-manager.cc (equiv_class::equiv_class): Likewise.
1479 (equiv_class::to_json): Likewise.
1480 (equiv_class::hash): Likewise.
1481 (constraint_manager::to_json): Likewise.
1482 * engine.cc (impl_region_model_context::on_svalue_leak):
1483 Likewise.
1484 (on_liveness_change): Likewise.
1485 (impl_region_model_context::on_unknown_change): Likewise.
1486 * program-state.cc (sm_state_map::set_state): Likewise.
1487 * region-model.cc (test_canonicalization_4): Likewise.
1488
f16f65f8
GA		 14892021-06-11 David Malcolm <dmalcolm@redhat.com>
1490
1491 * engine.cc (worklist::key_t::cmp): Move sort by call_string to
1492 before SCC.
1493
4f625f47
GA		 14942021-06-09 David Malcolm <dmalcolm@redhat.com>
1495
1496 * region-model.cc (region_model::get_lvalue_1): Make const.
1497 (region_model::get_lvalue): Likewise.
1498 (region_model::get_rvalue_1): Likewise.
1499 (region_model::get_rvalue): Likewise.
1500 (region_model::deref_rvalue): Likewise.
1501 (region_model::get_rvalue_for_bits): Likewise.
1502 * region-model.h (region_model::get_lvalue): Likewise.
1503 (region_model::get_rvalue): Likewise.
1504 (region_model::deref_rvalue): Likewise.
1505 (region_model::get_rvalue_for_bits): Likewise.
1506 (region_model::get_lvalue_1): Likewise.
1507 (region_model::get_rvalue_1): Likewise.
1508
c6038721
GA		 15092021-06-08 David Malcolm <dmalcolm@redhat.com>
1510
1511 PR analyzer/99212
1512 * region-model-manager.cc
1513 (region_model_manager::maybe_fold_binop): Add support for folding
1514 BIT_AND_EXPR of compound_svalue and a mask constant.
1515 * region-model.cc (region_model::get_rvalue_1): Implement
1516 BIT_FIELD_REF in terms of...
1517 (region_model::get_rvalue_for_bits): New function.
1518 * region-model.h (region_model::get_rvalue_for_bits): New decl.
1519 * store.cc (bit_range::from_mask): New function.
1520 (selftest::test_bit_range_intersects_p): New selftest.
1521 (selftest::assert_bit_range_from_mask_eq): New.
1522 (ASSERT_BIT_RANGE_FROM_MASK_EQ): New macro.
1523 (selftest::assert_no_bit_range_from_mask_eq): New.
1524 (ASSERT_NO_BIT_RANGE_FROM_MASK): New macro.
1525 (selftest::test_bit_range_from_mask): New selftest.
1526 (selftest::analyzer_store_cc_tests): Call the new selftests.
1527 * store.h (bit_range::intersects_p): New.
1528 (bit_range::from_mask): New decl.
1529 (concrete_binding::get_bit_range): New accessor.
1530 (store_manager::get_concrete_binding): New overload taking
1531 const bit_range &.
1532
15332021-06-08 David Malcolm <dmalcolm@redhat.com>
1534
1535 * analyzer.h (int_size_in_bits): New decl.
1536 * region.cc (int_size_in_bits): New function.
1537 (region::get_bit_size): Reimplement in terms of the above.
1538
15392021-06-08 David Malcolm <dmalcolm@redhat.com>
1540
1541 * store.cc (concrete_binding::dump_to_pp): Move bulk of
1542 implementation to...
1543 (bit_range::dump_to_pp): ...this new function.
1544 (bit_range::cmp): New.
1545 (concrete_binding::overlaps_p): Update for use of bit_range.
1546 (concrete_binding::cmp_ptr_ptr): Likewise.
1547 * store.h (struct bit_range): New.
1548 (class concrete_binding): Replace fields m_start_bit_offset and
1549 m_size_in_bits with new field m_bit_range.
1550
15512021-06-08 David Malcolm <dmalcolm@redhat.com>
1552
1553 * svalue.h (conjured_svalue::iterator_t): Delete.
1554
440c8a0a
GA		 15552021-06-03 David Malcolm <dmalcolm@redhat.com>
1556
1557 * store.h (store::get_direct_binding): Remove unused decl.
1558 (store::get_default_binding): Likewise.
1559
15602021-06-03 David Malcolm <dmalcolm@redhat.com>
1561
1562 * svalue.cc (poisoned_svalue::dump_to_pp): Dump type.
1563 (compound_svalue::dump_to_pp): Dump any type.
1564
a8daf9a1
GA		 15652021-05-18 David Malcolm <dmalcolm@redhat.com>
1566
1567 PR analyzer/100615
1568 * sm-malloc.cc: Include "analyzer/function-set.h".
1569 (malloc_state_machine::on_stmt): Call unaffected_by_call_p and
1570 bail on the functions it recognizes.
1571 (malloc_state_machine::unaffected_by_call_p): New.
1572
aa891c56
GA		 15732021-05-10 Martin Liska <mliska@suse.cz>
1574
1575 * sm-file.cc (is_file_using_fn_p): Use startswith
1576 function instead of strncmp.
1577
15782021-05-10 Martin Liska <mliska@suse.cz>
1579
1580 * program-state.cc (program_state::operator=): Remove
1581 __cplusplus >= 201103.
1582 (program_state::program_state): Likewise.
1583 * program-state.h: Likewise.
1584 * region-model.h (class region_model): Remove dead code.
1585
502ef97c
GA		 15862021-04-24 David Malcolm <dmalcolm@redhat.com>
1587
1588 PR analyzer/100244
1589 * sm-malloc.cc (free_of_non_heap::describe_state_change):
1590 Bulletproof against change.m_expr being NULL.
1591
6d0d35d5
GA		 15922021-04-13 David Malcolm <dmalcolm@redhat.com>
1593
1594 PR analyzer/98599
1595 * supergraph.cc (saved_uids::make_uid_unique): New.
1596 (saved_uids::restore_uids): New.
1597 (supergraph::supergraph): Replace assignments to stmt->uid with
1598 calls to m_stmt_uids.make_uid_unique.
1599 (supergraph::~supergraph): New.
1600 * supergraph.h (class saved_uids): New.
1601 (supergraph::~supergraph): New decl.
1602 (supergraph::m_stmt_uids): New field.
1603
1d54b138
GA		 16042021-04-10 David Malcolm <dmalcolm@redhat.com>
1605
1606 PR analyzer/100011
1607 * region-model.cc (region_model::on_assignment): Avoid NULL
1608 dereference if ctxt is NULL when assigning from a STRING_CST.
1609
019a9220
GA		 16102021-04-08 David Malcolm <dmalcolm@redhat.com>
1611
1612 PR analyzer/99042
1613 PR analyzer/99774
1614 * engine.cc
1615 (impl_region_model_context::impl_region_model_context): Add
1616 uncertainty param and use it to initialize m_uncertainty.
1617 (impl_region_model_context::get_uncertainty): New.
1618 (impl_sm_context::get_fndecl_for_call): Add NULL for new
1619 uncertainty param when constructing impl_region_model_context.
1620 (impl_sm_context::get_state): Likewise.
1621 (impl_sm_context::set_next_state): Likewise.
1622 (impl_sm_context::warn): Likewise.
1623 (exploded_node::on_stmt): Add uncertainty param
1624 and use it when constructing impl_region_model_context.
1625 (exploded_node::on_edge): Add uncertainty param and pass
1626 to on_edge call.
1627 (exploded_node::detect_leaks): Create uncertainty_t and pass to
1628 impl_region_model_context.
1629 (exploded_graph::get_or_create_node): Create uncertainty_t and
1630 pass to prune_for_point.
1631 (maybe_process_run_of_before_supernode_enodes): Create
1632 uncertainty_t and pass to impl_region_model_context.
1633 (exploded_graph::process_node): Create uncertainty_t instances and
1634 pass around as needed.
1635 * exploded-graph.h
1636 (impl_region_model_context::impl_region_model_context): Add
1637 uncertainty param.
1638 (impl_region_model_context::get_uncertainty): New decl.
1639 (impl_region_model_context::m_uncertainty): New field.
1640 (exploded_node::on_stmt): Add uncertainty param.
1641 (exploded_node::on_edge): Likewise.
1642 * program-state.cc (sm_state_map::on_liveness_change): Get
1643 uncertainty from context and use it to unset sm-state from
1644 svalues as appropriate.
1645 (program_state::on_edge): Add uncertainty param and use it when
1646 constructing impl_region_model_context. Fix indentation.
1647 (program_state::prune_for_point): Add uncertainty param and use it
1648 when constructing impl_region_model_context.
1649 (program_state::detect_leaks): Get any uncertainty from ctxt and
1650 use it to get maybe-live svalues for dest_state, rather than
1651 definitely-live ones; use this when determining which svalues
1652 have leaked.
1653 (selftest::test_program_state_merging): Create uncertainty_t and
1654 pass to impl_region_model_context.
1655 * program-state.h (program_state::on_edge): Add uncertainty param.
1656 (program_state::prune_for_point): Likewise.
1657 * region-model-impl-calls.cc (call_details::get_uncertainty): New.
1658 (region_model::impl_call_memcpy): Pass uncertainty to
1659 mark_region_as_unknown call.
1660 (region_model::impl_call_memset): Likewise.
1661 (region_model::impl_call_strcpy): Likewise.
1662 * region-model-reachability.cc (reachable_regions::handle_sval):
1663 Also add sval to m_mutable_svals.
1664 * region-model.cc (region_model::on_assignment): Pass any
1665 uncertainty from ctxt to the store::set_value call.
1666 (region_model::handle_unrecognized_call): Get any uncertainty from
1667 ctxt and use it to record mutable svalues at the unknown call.
1668 (region_model::get_reachable_svalues): Add uncertainty param and
1669 use it to mark any maybe-bound svalues as being reachable.
1670 (region_model::set_value): Pass any uncertainty from ctxt to the
1671 store::set_value call.
1672 (region_model::mark_region_as_unknown): Add uncertainty param and
1673 pass it on to the store::mark_region_as_unknown call.
1674 (region_model::update_for_call_summary): Add uncertainty param and
1675 pass it on to the region_model::mark_region_as_unknown call.
1676 * region-model.h (call_details::get_uncertainty): New decl.
1677 (region_model::get_reachable_svalues): Add uncertainty param.
1678 (region_model::mark_region_as_unknown): Add uncertainty param.
1679 (region_model_context::get_uncertainty): New vfunc.
1680 (noop_region_model_context::get_uncertainty): New vfunc
1681 implementation.
1682 * store.cc (dump_svalue_set): New.
1683 (uncertainty_t::dump_to_pp): New.
1684 (uncertainty_t::dump): New.
1685 (binding_cluster::clobber_region): Pass NULL for uncertainty to
1686 remove_overlapping_bindings.
1687 (binding_cluster::mark_region_as_unknown): Add uncertainty param
1688 and pass it to remove_overlapping_bindings.
1689 (binding_cluster::remove_overlapping_bindings): Add uncertainty param.
1690 Use it to record any svalues that were in clobbered bindings.
1691 (store::set_value): Add uncertainty param. Pass it to
1692 binding_cluster::mark_region_as_unknown when handling symbolic
1693 regions.
1694 (store::mark_region_as_unknown): Add uncertainty param and pass it
1695 to binding_cluster::mark_region_as_unknown.
1696 (store::remove_overlapping_bindings): Add uncertainty param and
1697 pass it to binding_cluster::remove_overlapping_bindings.
1698 * store.h (binding_cluster::mark_region_as_unknown): Add
1699 uncertainty param.
1700 (binding_cluster::remove_overlapping_bindings): Likewise.
1701 (store::set_value): Likewise.
1702 (store::mark_region_as_unknown): Likewise.
1703
b1da9916
GA		 17042021-04-05 David Malcolm <dmalcolm@redhat.com>
1705
1706 PR analyzer/99906
1707 * analyzer.cc (maybe_reconstruct_from_def_stmt): Fix NULL
1708 dereference on calls with zero arguments.
1709 * sm-malloc.cc (malloc_state_machine::on_stmt): When handling
1710 __attribute__((nonnull)), only call get_diagnostic_tree if the
1711 result will be used.
1712
17132021-04-05 David Malcolm <dmalcolm@redhat.com>
1714
1715 PR analyzer/99886
1716 * diagnostic-manager.cc
1717 (diagnostic_manager::prune_interproc_events): Use signed integers
1718 when subtracting one from path->num_events ().
1719 (diagnostic_manager::consolidate_conditions): Likewise. Convert
1720 next_idx to a signed int.
1721
f1607029
GA		 17222021-04-01 David Malcolm <dmalcolm@redhat.com>
1723
1724 * diagnostic-manager.cc (diagnostic_manager::add_diagnostic): Make
1725 enode param non-constant, and call add_diagnostic on it. Add
1726 enode index to log message.
1727 (diagnostic_manager::add_diagnostic): Make enode param
1728 non-constant.
1729 * diagnostic-manager.h (diagnostic_manager::add_diagnostic):
1730 Likewise for both decls.
1731 * engine.cc
1732 (impl_region_model_context::impl_region_model_context): Likewise
1733 for enode_for_diag.
1734 (impl_sm_context::impl_sm_context): Likewise.
1735 (impl_sm_context::m_enode_for_diag): Likewise.
1736 (exploded_node::dump_dot): Don't pass the diagnostic manager
1737 to dump_saved_diagnostics.
1738 (exploded_node::dump_saved_diagnostics): Drop param. Iterate
1739 directly through all saved diagnostics for the enode, rather
1740 than all saved diagnostics in the diagnostic_manager and
1741 filtering.
1742 (exploded_node::on_stmt): Make non-const.
1743 (exploded_node::on_edge): Likewise.
1744 (exploded_node::on_longjmp): Likewise.
1745 (exploded_node::detect_leaks): Likewise.
1746 (exploded_graph::get_or_create_node): Make enode_for_diag param
1747 non-const.
1748 (exploded_graph_annotator::print_enode): Iterate
1749 directly through all saved diagnostics for the enode, rather
1750 than all saved diagnostics in the diagnostic_manager and
1751 filtering.
1752 * exploded-graph.h
1753 (impl_region_model_context::impl_region_model_context): Make
1754 enode_for_diag param non-constant.
1755 (impl_region_model_context::m_enode_for_diag): Likewise.
1756 (exploded_node::dump_saved_diagnostics): Drop param.
1757 (exploded_node::on_stmt): Make non-const.
1758 (exploded_node::on_edge): Likewise.
1759 (exploded_node::on_longjmp): Likewise.
1760 (exploded_node::detect_leaks): Likewise.
1761 (exploded_node::add_diagnostic): New.
1762 (exploded_node::get_num_diagnostics): New.
1763 (exploded_node::get_saved_diagnostic): New.
1764 (exploded_node::m_saved_diagnostics): New.
1765 (exploded_graph::get_or_create_node): Make enode_for_diag param
1766 non-constant.
1767 * feasible-graph.cc (feasible_node::dump_dot): Drop
1768 diagnostic_manager from call to dump_saved_diagnostics.
1769 * program-state.cc (program_state::on_edge): Convert enode param
1770 to non-const pointer.
1771 (program_state::prune_for_point): Likewise for enode_for_diag
1772 param.
1773 * program-state.h (program_state::on_edge): Convert enode param
1774 to non-const pointer.
1775 (program_state::prune_for_point): Likewise for enode_for_diag
1776 param.
1777
95d217ab
GA		 17782021-03-31 David Malcolm <dmalcolm@redhat.com>
1779
1780 PR analyzer/99771
1781 * analyzer.cc (maybe_reconstruct_from_def_stmt): New.
1782 (fixup_tree_for_diagnostic_1): New.
1783 (fixup_tree_for_diagnostic): New.
1784 * analyzer.h (fixup_tree_for_diagnostic): New decl.
1785 * checker-path.cc (call_event::get_desc): Call
1786 fixup_tree_for_diagnostic and use it for the call_with_state call.
1787 (warning_event::get_desc): Likewise for the final_event and
1788 make_label_text calls.
1789 * engine.cc (impl_region_model_context::on_state_leak): Likewise
1790 for the on_leak and add_diagnostic calls.
1791 * region-model.cc (region_model::get_representative_tree):
1792 Likewise for the result.
1793
08d2edae
GA		 17942021-03-30 David Malcolm <dmalcolm@redhat.com>
1795
1796 * region.h (region::dump_to_pp): Remove old decl.
1797
17982021-03-30 David Malcolm <dmalcolm@redhat.com>
1799
1800 * sm-file.cc (fileptr_state_machine::on_stmt): Only call
1801 get_diagnostic_tree if the result will be used.
1802 * sm-malloc.cc (malloc_state_machine::on_stmt): Likewise.
1803 (malloc_state_machine::on_deallocator_call): Likewise.
1804 (malloc_state_machine::on_realloc_call): Likewise.
1805 (malloc_state_machine::on_realloc_call): Likewise.
1806 * sm-sensitive.cc
1807 (sensitive_state_machine::warn_for_any_exposure): Likewise.
1808 * sm-taint.cc (taint_state_machine::on_stmt): Likewise.
1809
4493b1c1
GA		 18102021-03-25 David Malcolm <dmalcolm@redhat.com>
1811
1812 PR analyzer/93695
1813 PR analyzer/99044
1814 PR analyzer/99716
1815 * engine.cc (exploded_node::on_stmt): Clear sm-state involving
1816 an SSA name at the def-stmt of that SSA name.
1817 * program-state.cc (sm_state_map::purge_state_involving): New.
1818 * program-state.h (sm_state_map::purge_state_involving): New decl.
1819 * region-model.cc (selftest::test_involves_p): New.
1820 (selftest::analyzer_region_model_cc_tests): Call it.
1821 * svalue.cc (class involvement_visitor): New class
1822 (svalue::involves_p): New.
1823 * svalue.h (svalue::involves_p): New decl.
1824
5f256a70
GA		 18252021-03-19 David Malcolm <dmalcolm@redhat.com>
1826
1827 PR analyzer/99614
1828 * diagnostic-manager.cc (class epath_finder): Add
1829 DISABLE_COPY_AND_ASSIGN.
1830
3c5b6d24
GA		 18312021-03-15 Martin Liska <mliska@suse.cz>
1832
1833 * sm-file.cc (get_file_using_fns): Add missing comma in initializer.
1834
48ff383f
GA		 18352021-03-11 David Malcolm <dmalcolm@redhat.com>
1836
1837 PR analyzer/96374
1838 * analyzer.opt (-param=analyzer-max-infeasible-edges=): New param.
1839 (fdump-analyzer-feasibility): New flag.
1840 * diagnostic-manager.cc: Include "analyzer/trimmed-graph.h" and
1841 "analyzer/feasible-graph.h".
1842 (epath_finder::epath_finder): Convert m_sep to a pointer and
1843 only create it if !flag_analyzer_feasibility.
1844 (epath_finder::~epath_finder): New.
1845 (epath_finder::m_sep): Convert to a pointer.
1846 (epath_finder::get_best_epath): Add param "diag_idx" and use it
1847 when logging. Rather than finding the shortest path and then
1848 checking feasibility, instead use explore_feasible_paths unless
1849 !flag_analyzer_feasibility, in which case simply use the shortest
1850 path, and note if it is infeasible. Update for m_sep becoming a
1851 pointer.
1852 (class feasible_worklist): New.
1853 (epath_finder::explore_feasible_paths): New.
1854 (epath_finder::process_worklist_item): New.
1855 (class dump_eg_with_shortest_path): New.
1856 (epath_finder::dump_trimmed_graph): New.
1857 (epath_finder::dump_feasible_graph): New.
1858 (saved_diagnostic::saved_diagnostic): Add "idx" param, using it
1859 on new field m_idx.
1860 (saved_diagnostic::to_json): Dump m_idx.
1861 (saved_diagnostic::calc_best_epath): Pass m_idx to get_best_epath.
1862 Remove assertion that m_problem was set when m_best_epath is NULL.
1863 (diagnostic_manager::add_diagnostic): Pass an index when created
1864 saved_diagnostic instances.
1865 * diagnostic-manager.h (saved_diagnostic::saved_diagnostic): Add
1866 "idx" param.
1867 (saved_diagnostic::get_index): New accessor.
1868 (saved_diagnostic::m_idx): New field.
1869 * engine.cc (exploded_node::dump_dot): Call args.dump_extra_info.
1870 Move code to...
1871 (exploded_node::dump_processed_stmts): ...this new function and...
1872 (exploded_node::dump_saved_diagnostics): ...this new function.
1873 Add index of each diagnostic.
1874 (exploded_edge::dump_dot): Move bulk of code to...
1875 (exploded_edge::dump_dot_label): ...this new function.
1876 * exploded-graph.h (eg_traits::dump_args_t::dump_extra_info): New
1877 vfunc.
1878 (exploded_node::dump_processed_stmts): New decl.
1879 (exploded_node::dump_saved_diagnostics): New decl.
1880 (exploded_edge::dump_dot_label): New decl.
1881 * feasible-graph.cc: New file.
1882 * feasible-graph.h: New file.
1883 * trimmed-graph.cc: New file.
1884 * trimmed-graph.h: New file.
1885
18862021-03-11 David Malcolm <dmalcolm@redhat.com>
1887
1888 * diagnostic-manager.cc (epath_finder::epath_finder):
1889 Update shortest_paths init for new param.
1890
e9800852
GA		 18912021-03-10 David Malcolm <dmalcolm@redhat.com>
1892
1893 PR analyzer/96374
1894 * engine.cc (exploded_path::feasible_p): Move "snodes_visited" and
1895 "model" locals into a new class feasibility_state. Move heart
1896 of per-edge processing into
1897 feasibility_state::maybe_update_for_edge.
1898 (feasibility_state::feasibility_state): New.
1899 (feasibility_state::maybe_update_for_edge): New, based on loop
1900 body in exploded_path::feasible_p.
1901 * exploded-graph.h (class feasibility_state): New.
1902
19032021-03-10 David Malcolm <dmalcolm@redhat.com>
1904
1905 * supergraph.h
1906 (callgraph_superedge::dyn_cast_callgraph_superedge): New.
1907 (call_superedge::dyn_cast_callgraph_superedge): Delete.
1908 (return_superedge::dyn_cast_callgraph_superedge): Delete.
1909
d97a92dc
GA		 19102021-03-02 Martin Liska <mliska@suse.cz>
1911
1912 * diagnostic-manager.cc (diagnostic_manager::emit_saved_diagnostics):
1913 Do not pass engine.
1914
06a9f20f
GA		 19152021-02-26 David Malcolm <dmalcolm@redhat.com>
1916
1917 * engine.cc (exploded_path::exploded_path): New copy-ctor.
1918 * exploded-graph.h (exploded_path::operator=): Drop decl.
1919
19202021-02-26 David Malcolm <dmalcolm@redhat.com>
1921
1922 PR analyzer/96374
1923 * diagnostic-manager.cc (class epath_finder): New.
1924 (epath_finder::get_best_epath): New.
1925 (saved_diagnostic::saved_diagnostic): Update for replacement of
1926 m_state and m_epath_length with m_best_epath.
1927 (saved_diagnostic::~saved_diagnostic): Delete m_best_epath.
1928 (saved_diagnostic::to_json): Update "path_length" to be optional.
1929 (saved_diagnostic::calc_best_epath): New, based on
1930 dedupe_winners::add and parts of dedupe_key::dedupe_key.
1931 (saved_diagnostic::get_epath_length): New.
1932 (saved_diagnostic::add_duplicate): New.
1933 (dedupe_key::dedupe_key): Drop epath param. Move invocation of
1934 stmt_finder to saved_diagnostic::calc_best_epath.
1935 (class dedupe_candidate): Delete.
1936 (class dedupe_hash_map_traits): Update to use saved_diagnotic *
1937 rather than dedupe_candidate * as the value_type/compare_type.
1938 (dedupe_winners::~dedupe_winners): Don't delete the values.
1939 (dedupe_winners::add): Convert param from shortest_exploded_paths to
1940 epath_finder. Drop "eg" param. Drop dedupe_candidate, moving
1941 path generation and feasiblity checking to
1942 epath_finder::get_best_epath. Update winner-selection for move
1943 of epaths from dedupe_candidate to saved_diagnostic.
1944 (dedupe_winners::emit_best): Update for removal of class
1945 dedupe_candidate.
1946 (dedupe_winners::map_t): Update to use saved_diagnotic * rather
1947 than dedupe_candidate * as the value_type/compare_type.
1948 (diagnostic_manager::emit_saved_diagnostics): Move
1949 shortest_exploded_paths instance into epath_finder and pass that
1950 around instead.
1951 (diagnostic_manager::emit_saved_diagnostic): Drop epath, stmt
1952 and num_dupes params, instead getting these from the
1953 saved_diagnostic. Use correct location in inform_n call.
1954 * diagnostic-manager.h (class epath_finder): New forward decl.
1955 (saved_diagnostic::status): Drop enum.
1956 (saved_diagnostic::set_feasible): Drop.
1957 (saved_diagnostic::set_infeasible): Drop.
1958 (saved_diagnostic::get_status): Drop.
1959 (saved_diagnostic::calc_best_epath): New decl.
1960 (saved_diagnostic::get_best_epath): New decl.
1961 (saved_diagnostic::get_epath_length): New decl.
1962 (saved_diagnostic::set_epath_length): Drop.
1963 (saved_diagnostic::get_epath_length): Drop inline implementation.
1964 (saved_diagnostic::add_duplicate): New.
1965 (saved_diagnostic::get_num_dupes): New.
1966 (saved_diagnostic::m_d): Document ownership.
1967 (saved_diagnostic::m_trailing_eedge): Make const.
1968 (saved_diagnostic::m_status): Drop field.
1969 (saved_diagnostic::m_epath_length): Drop field.
1970 (saved_diagnostic::m_best_epath): New field.
1971 (saved_diagnostic::m_problem): Document ownership.
1972 (saved_diagnostic::m_duplicates): New field.
1973 (diagnostic_manager::emit_saved_diagnostic): Drop params epath,
1974 stmt, and num_dupes.
1975 * engine.cc (exploded_graph_annotator::print_saved_diagnostic):
1976 Update for changes to saved_diagnostic class.
1977 * exploded-graph.h (exploded_path::feasible_p): Drop unused
1978 overloaded decl.
1979
daa68844
GA		 19802021-02-25 David Malcolm <dmalcolm@redhat.com>
1981
1982 PR analyzer/99193
1983 * region-model-impl-calls.cc (region_model::impl_call_realloc): New.
1984 * region-model.cc (region_model::on_call_pre): Call it.
1985 * region-model.h (region_model::impl_call_realloc): New decl.
1986 * sm-malloc.cc (enum wording): Add WORDING_REALLOCATED.
1987 (malloc_state_machine::m_realloc): New field.
1988 (use_after_free::describe_state_change): Add case for
1989 WORDING_REALLOCATED.
1990 (use_after_free::describe_final_event): Likewise.
1991 (malloc_state_machine::malloc_state_machine): Initialize
1992 m_realloc.
1993 (malloc_state_machine::on_stmt): Handle realloc by calling...
1994 (malloc_state_machine::on_realloc_call): New.
1995
2f5765cf
GA		 19962021-02-22 David Malcolm <dmalcolm@redhat.com>
1997
1998 PR analyzer/99196
1999 * engine.cc (exploded_node::on_stmt): Provide terminate_path
2000 flag as a way for on_call_pre to terminate the current analysis
2001 path.
2002 * region-model-impl-calls.cc (call_details::num_args): New.
2003 (region_model::impl_call_error): New.
2004 * region-model.cc (region_model::on_call_pre): Add param
2005 "out_terminate_path". Handle "error" and "error_at_line".
2006 * region-model.h (call_details::num_args): New decl.
2007 (region_model::on_call_pre): Add param "out_terminate_path".
2008 (region_model::impl_call_error): New decl.
2009
acc0ee5c
GA		 20102021-02-17 David Malcolm <dmalcolm@redhat.com>
2011
2012 PR analyzer/98969
2013 * constraint-manager.cc (dead_svalue_purger::should_purge_p):
2014 Update for change to svalue::live_p.
2015 * program-state.cc (sm_state_map::on_liveness_change): Likewise.
2016 (program_state::detect_leaks): Likewise.
2017 * region-model-reachability.cc (reachable_regions::init_cluster):
2018 When dealing with a symbolic region, if the underlying pointer is
2019 implicitly live, add the region to the reachable regions.
2020 * region-model.cc (region_model::compare_initial_and_pointer):
2021 Move logic for detecting initial values of params to
2022 initial_svalue::initial_value_of_param_p.
2023 * svalue.cc (svalue::live_p): Convert "live_svalues" from a
2024 reference to a pointer; support it being NULL.
2025 (svalue::implicitly_live_p): Convert first param from a
2026 refererence to a pointer.
2027 (region_svalue::implicitly_live_p): Likewise.
2028 (constant_svalue::implicitly_live_p): Likewise.
2029 (initial_svalue::implicitly_live_p): Likewise. Treat the initial
2030 values of params for the top level frame as still live.
2031 (initial_svalue::initial_value_of_param_p): New function, taken
2032 from a test in region_model::compare_initial_and_pointer.
2033 (unaryop_svalue::implicitly_live_p): Convert first param from a
2034 refererence to a pointer.
2035 (binop_svalue::implicitly_live_p): Likewise.
2036 (sub_svalue::implicitly_live_p): Likewise.
2037 (unmergeable_svalue::implicitly_live_p): Likewise.
2038 * svalue.h (svalue::live_p): Likewise.
2039 (svalue::implicitly_live_p): Likewise.
2040 (region_svalue::implicitly_live_p): Likewise.
2041 (constant_svalue::implicitly_live_p): Likewise.
2042 (initial_svalue::implicitly_live_p): Likewise.
2043 (initial_svalue::initial_value_of_param_p): New decl.
2044 (unaryop_svalue::implicitly_live_p): Convert first param from a
2045 refererence to a pointer.
2046 (binop_svalue::implicitly_live_p): Likewise.
2047 (sub_svalue::implicitly_live_p): Likewise.
2048 (unmergeable_svalue::implicitly_live_p): Likewise.
2049
fab095da
GA		 20502021-02-12 David Malcolm <dmalcolm@redhat.com>
2051
2052 PR analyzer/98969
2053 * engine.cc (readability): Add names for the various arbitrary
2054 values. Handle NOP_EXPR and INTEGER_CST.
2055 (readability_comparator): Combine the readability tests for
2056 tree and stack depth, rather than performing them sequentially.
2057 (impl_region_model_context::on_state_leak): Strip off top-level
2058 casts.
2059 * region-model.cc (region_model::get_representative_path_var): Add
2060 type-checking, moving the bulk of the implementation to...
2061 (region_model::get_representative_path_var_1): ...here. Respect
2062 types in casts by recursing and re-adding the cast, rather than
2063 merely stripping them off. Use the correct type when handling
2064 region_svalue.
2065 (region_model::get_representative_tree): Strip off any top-level
2066 cast.
2067 (region_model::get_representative_path_var): Add type-checking,
2068 moving the bulk of the implementation to...
2069 (region_model::get_representative_path_var_1): ...here.
2070 * region-model.h (region_model::get_representative_path_var_1):
2071 New decl
2072 (region_model::get_representative_path_var_1): New decl.
2073 * store.cc (append_pathvar_with_type): New.
2074 (binding_cluster::get_representative_path_vars): Cast path_vars
2075 to the correct type when adding them to *OUT_PVS.
2076
0a91b73e
GA		 20772021-02-09 David Malcolm <dmalcolm@redhat.com>
2078
2079 PR analyzer/98575
2080 * sm-file.cc (is_file_using_fn_p): Support "_IO_"-prefixed
2081 variants.
2082
20832021-02-09 David Malcolm <dmalcolm@redhat.com>
2084
2085 PR analyzer/98575
2086 * store.cc (store::set_value): Treat a pointer written to *UNKNOWN
2087 as having escaped.
2088
548b75d8
GA		 20892021-02-02 David Malcolm <dmalcolm@redhat.com>
2090
2091 PR analyzer/93355
2092 PR analyzer/96374
2093 * engine.cc (toplevel_function_p): Simplify so that
2094 we only reject functions with a "__analyzer_" prefix.
2095 (add_any_callbacks): Delete.
2096 (exploded_graph::build_initial_worklist): Update for
2097 dropped param of toplevel_function_p.
2098 (exploded_graph::build_initial_worklist): Don't bother
2099 looking for callbacks that are reachable from global
2100 initializers.
2101
f7884fb1
GA		 21022021-02-01 David Malcolm <dmalcolm@redhat.com>
2103
2104 PR analyzer/98918
2105 * region-model-manager.cc
2106 (region_model_manager::get_or_create_initial_value):
2107 Fold the initial value of *UNKNOWN_PTR to an UNKNOWN value.
2108 (region_model_manager::get_field_region): Fold the value
2109 of UNKNOWN_PTR->FIELD to *UNKNOWN_PTR_OF_&FIELD_TYPE.
2110
2900f2f2
GA		 21112021-01-29 David Malcolm <dmalcolm@redhat.com>
2112
2113 * checker-path.cc (event_kind_to_string): Handle
2114 EK_START_CONSOLIDATED_CFG_EDGES and
2115 EK_END_CONSOLIDATED_CFG_EDGES.
2116 (start_consolidated_cfg_edges_event::get_desc): New.
2117 (checker_path::cfg_edge_pair_at_p): New.
2118 * checker-path.h (enum event_kind): Add
2119 EK_START_CONSOLIDATED_CFG_EDGES and
2120 EK_END_CONSOLIDATED_CFG_EDGES.
2121 (class start_consolidated_cfg_edges_event): New class.
2122 (class end_consolidated_cfg_edges_event): New class.
2123 (checker_path::delete_events): New.
2124 (checker_path::replace_event): New.
2125 (checker_path::cfg_edge_pair_at_p): New decl.
2126 * diagnostic-manager.cc (diagnostic_manager::prune_path): Call
2127 consolidate_conditions.
2128 (same_line_as_p): New.
2129 (diagnostic_manager::consolidate_conditions): New.
2130 * diagnostic-manager.h
2131 (diagnostic_manager::consolidate_conditions): New decl.
2132
ef1f8ee6
GA		 21332021-01-18 David Malcolm <dmalcolm@redhat.com>
2134
2135 * analyzer.h (is_std_named_call_p): New decl.
2136 * diagnostic-manager.cc (path_builder::get_sm): New.
2137 (state_change_event_creator::state_change_event_creator): Add "pb"
2138 param.
2139 (state_change_event_creator::on_global_state_change): Don't consider
2140 state changes affecting other state_machines.
2141 (state_change_event_creator::on_state_change): Likewise.
2142 (state_change_event_creator::m_pb): New field.
2143 (diagnostic_manager::add_events_for_eedge): Pass pb to visitor
2144 ctor.
2145 * region-model-impl-calls.cc
2146 (region_model::impl_deallocation_call): New.
2147 * region-model.cc: Include "attribs.h".
2148 (region_model::on_call_post): Handle fndecls referenced by
2149 __attribute__((deallocated_by(FOO))).
2150 * region-model.h (region_model::impl_deallocation_call): New decl.
2151 * sm-malloc.cc: Include "stringpool.h" and "attribs.h". Add
2152 leading comment.
2153 (class api): Delete.
2154 (enum resource_state): Update comment for change from api to
2155 deallocator and deallocator_set.
2156 (allocation_state::allocation_state): Drop api param. Add
2157 "deallocators" and "deallocator".
2158 (allocation_state::m_api): Drop field in favor of...
2159 (allocation_state::m_deallocators): New field.
2160 (allocation_state::m_deallocator): New field.
2161 (enum wording): Add WORDING_DEALLOCATED.
2162 (struct deallocator): New.
2163 (struct standard_deallocator): New.
2164 (struct custom_deallocator): New.
2165 (struct deallocator_set): New.
2166 (struct custom_deallocator_set): New.
2167 (struct standard_deallocator_set): New.
2168 (struct deallocator_set_map_traits): New.
2169 (malloc_state_machine::m_malloc): Drop field
2170 (malloc_state_machine::m_scalar_new): Likewise.
2171 (malloc_state_machine::m_vector_new): Likewise.
2172 (malloc_state_machine::m_free): New field
2173 (malloc_state_machine::m_scalar_delete): Likewise.
2174 (malloc_state_machine::m_vector_delete): Likewise.
2175 (malloc_state_machine::deallocator_map_t): New typedef.
2176 (malloc_state_machine::m_deallocator_map): New field.
2177 (malloc_state_machine::deallocator_set_cache_t): New typedef.
2178 (malloc_state_machine::m_custom_deallocator_set_cache): New field.
2179 (malloc_state_machine::custom_deallocator_set_map_t): New typedef.
2180 (malloc_state_machine::m_custom_deallocator_set_map): New field.
2181 (malloc_state_machine::m_dynamic_sets): New field.
2182 (malloc_state_machine::m_dynamic_deallocators): New field.
2183 (api::api): Delete.
2184 (deallocator::deallocator): New ctor.
2185 (deallocator::hash): New.
2186 (deallocator::dump_to_pp): New.
2187 (deallocator::cmp): New.
2188 (deallocator::cmp_ptr_ptr): New.
2189 (standard_deallocator::standard_deallocator): New ctor.
2190 (deallocator_set::deallocator_set): New ctor.
2191 (deallocator_set::dump): New.
2192 (custom_deallocator_set::custom_deallocator_set): New ctor.
2193 (custom_deallocator_set::contains_p): New.
2194 (custom_deallocator_set::maybe_get_single): New.
2195 (custom_deallocator_set::dump_to_pp): New.
2196 (standard_deallocator_set::standard_deallocator_set): New ctor.
2197 (standard_deallocator_set::contains_p): New.
2198 (standard_deallocator_set::maybe_get_single): New.
2199 (standard_deallocator_set::dump_to_pp): New.
2200 (start_p): New.
2201 (class mismatching_deallocation): Update for conversion from api
2202 to deallocator_set and deallocator.
2203 (double_free::emit): Use %qs.
2204 (class use_after_free): Update for conversion from api to
2205 deallocator_set and deallocator.
2206 (malloc_leak::describe_state_change): Only emit "allocated here" on
2207 a start->nonnull transition, rather than on other transitions to
2208 nonnull.
2209 (allocation_state::dump_to_pp): Update for conversion from api to
2210 deallocator_set.
2211 (allocation_state::get_nonnull): Likewise.
2212 (malloc_state_machine::malloc_state_machine): Likewise.
2213 (malloc_state_machine::~malloc_state_machine): New.
2214 (malloc_state_machine::add_state): Update for conversion from api
2215 to deallocator_set.
2216 (malloc_state_machine::get_or_create_custom_deallocator_set): New.
2217 (malloc_state_machine::maybe_create_custom_deallocator_set): New.
2218 (malloc_state_machine::get_or_create_deallocator): New.
2219 (malloc_state_machine::on_stmt): Update for conversion from api
2220 to deallocator_set. Handle "__attribute__((malloc(FOO)))", and
2221 the special attribute set on FOO.
2222 (malloc_state_machine::on_allocator_call): Update for conversion
2223 from api to deallocator_set. Add "returns_nonnull" param and use
2224 it to affect which state to transition to.
2225 (malloc_state_machine::on_deallocator_call): Update for conversion
2226 from api to deallocator_set.
2227
5fff80fd
GA		 22282021-01-14 David Malcolm <dmalcolm@redhat.com>
2229
2230 * engine.cc (strongly_connected_components::to_json): New.
2231 (worklist::to_json): New.
2232 (exploded_graph::to_json): JSON-ify the worklist.
2233 * exploded-graph.h (strongly_connected_components::to_json): New
2234 decl.
2235 (worklist::to_json): New decl.
2236 * store.cc (store::to_json): Fix comment.
2237 * supergraph.cc (supernode::to_json): Fix reference to
2238 "returning_call" in comment. Add optional "fun" to JSON.
2239 (edge_kind_to_string): New.
2240 (superedge::to_json): Add "kind" to JSON.
2241
22422021-01-14 David Malcolm <dmalcolm@redhat.com>
2243
2244 PR analyzer/98679
2245 * analyzer.h (region_offset::operator==): Make const.
2246 * pending-diagnostic.h (pending_diagnostic::equal_p): Likewise.
2247 * store.h (binding_cluster::for_each_value): Likewise.
2248 (binding_cluster::for_each_binding): Likewise.
2249
6851dda2
GA		 22502021-01-12 David Malcolm <dmalcolm@redhat.com>
2251
2252 PR analyzer/98628
2253 * store.cc (binding_cluster::make_unknown_relative_to): Don't mark
2254 dereferenced unknown pointers as having escaped.
2255
7d187e4f
GA		 22562021-01-07 David Malcolm <dmalcolm@redhat.com>
2257
2258 PR analyzer/98580
2259 * region.cc (decl_region::get_svalue_for_initializer): Gracefully
2260 handle when LTO writes out DECL_INITIAL as error_mark_node.
2261
22622021-01-07 David Malcolm <dmalcolm@redhat.com>
2263
2264 PR analyzer/97074
2265 * store.cc (binding_cluster::can_merge_p): Add "out_store" param
2266 and pass to calls to binding_cluster::make_unknown_relative_to.
2267 (binding_cluster::make_unknown_relative_to): Add "out_store"
2268 param. Use it to mark base regions that are pointed to by
2269 pointers that become unknown as having escaped.
2270 (store::can_merge_p): Pass out_store to
2271 binding_cluster::can_merge_p.
2272 * store.h (binding_cluster::can_merge_p): Add "out_store" param.
2273 (binding_cluster::make_unknown_relative_to): Likewise.
2274 * svalue.cc (region_svalue::implicitly_live_p): New vfunc.
2275 * svalue.h (region_svalue::implicitly_live_p): New vfunc decl.
2276
22772021-01-07 David Malcolm <dmalcolm@redhat.com>
2278
2279 PR analyzer/98564
2280 * engine.cc (exploded_path::feasible_p): Add missing call to
2281 bitmap_clear.
2282
942ae5be
GA		 22832021-01-06 David Malcolm <dmalcolm@redhat.com>
2284
2285 PR analyzer/97072
2286 * region-model-reachability.cc (reachable_regions::init_cluster):
2287 Convert symbolic region handling to a switch statement. Add cases
2288 to handle SK_UNKNOWN and SK_CONJURED.
2289
651b8a50
GA		 22902021-01-05 David Malcolm <dmalcolm@redhat.com>
2291
2292 PR analyzer/98293
2293 * store.cc (binding_map::apply_ctor_to_region): When "index" is
2294 NULL, iterate through the fields for RECORD_TYPEs, rather than
2295 creating an INTEGER_CST index.
2296
94358e47
GA		 22972020-11-30 David Malcolm <dmalcolm@redhat.com>
2298
2299 * analyzer-pass.cc: Include "analyzer/analyzer.h" for the
2300 declaration of sorry_no_analyzer; include "tree.h" and
2301 "function.h" as these are needed by it.
2302
23032020-11-30 David Malcolm <dmalcolm@redhat.com>
2304
2305 * analyzer-pass.cc (pass_analyzer::execute): Move sorry call to...
2306 (sorry_no_analyzer): New.
2307 * analyzer.h (class state_machine): New forward decl.
2308 (class logger): New forward decl.
2309 (class plugin_analyzer_init_iface): New.
2310 (sorry_no_analyzer): New decl.
2311 * checker-path.cc (checker_path::fixup_locations): New.
2312 * checker-path.h (checker_event::set_location): New.
2313 (checker_path::fixup_locations): New decl.
2314 * diagnostic-manager.cc
2315 (diagnostic_manager::emit_saved_diagnostic): Call
2316 checker_path::fixup_locations, and call fixup_location
2317 on the primary location.
2318 * engine.cc: Include "plugin.h".
2319 (class plugin_analyzer_init_impl): New.
2320 (impl_run_checkers): Invoke PLUGIN_ANALYZER_INIT callbacks.
2321 * pending-diagnostic.h (pending_diagnostic::fixup_location): New
2322 vfunc.
2323
25bb75f8
GA		 23242020-11-18 David Malcolm <dmalcolm@redhat.com>
2325
2326 PR analyzer/97893
2327 * sm-malloc.cc (null_deref::emit): Use CWE-476 rather than
2328 CWE-690, as this isn't due to an unchecked return value.
2329 (null_arg::emit): Likewise.
2330
a5a11525
GA		 23312020-11-12 David Malcolm <dmalcolm@redhat.com>
2332
2333 * checker-path.h (checker_event::get_id_ptr): New.
2334 * diagnostic-manager.cc (path_builder::path_builder): Add "sd"
2335 param and use it to initialize new field "m_sd".
2336 (path_builder::get_pending_diagnostic): New.
2337 (path_builder::m_sd): New field.
2338 (diagnostic_manager::emit_saved_diagnostic): Pass sd to
2339 path_builder ctor.
2340 (diagnostic_manager::add_events_for_superedge): Call new
2341 maybe_add_custom_events_for_superedge vfunc.
2342 * engine.cc (stale_jmp_buf::stale_jmp_buf): Add "setjmp_point"
2343 param and use it to initialize new field "m_setjmp_point".
2344 Initialize new field "m_stack_pop_event".
2345 (stale_jmp_buf::maybe_add_custom_events_for_superedge): New vfunc
2346 implementation.
2347 (stale_jmp_buf::describe_final_event): New vfunc implementation.
2348 (stale_jmp_buf::m_setjmp_point): New field.
2349 (stale_jmp_buf::m_stack_pop_event): New field.
2350 (exploded_node::on_longjmp): Pass setjmp_point to stale_jmp_buf
2351 ctor.
2352 * pending-diagnostic.h
2353 (pending_diagnostic::maybe_add_custom_events_for_superedge): New
2354 vfunc.
2355
23562020-11-12 David Malcolm <dmalcolm@redhat.com>
2357
2358 PR tree-optimization/97424
2359 * analyzer.opt (Wanalyzer-shift-count-negative): New.
2360 (Wanalyzer-shift-count-overflow): New.
2361 * region-model.cc (class shift_count_negative_diagnostic): New.
2362 (class shift_count_overflow_diagnostic): New.
2363 (region_model::get_gassign_result): Complain about shift counts that
2364 are negative or are >= the operand's type's width.
2365
bb622641
GA		 23662020-11-10 Martin Liska <mliska@suse.cz>
2367
2368 * constraint-manager.cc (constraint_manager::merge): Remove
2369 unused code.
2370 * constraint-manager.h: Likewise.
2371 * program-state.cc (sm_state_map::sm_state_map): Likewise.
2372 (program_state::program_state): Likewise.
2373 (test_sm_state_map): Likewise.
2374 * program-state.h: Likewise.
2375 * region-model-reachability.cc (reachable_regions::reachable_regions): Likewise.
2376 * region-model-reachability.h: Likewise.
2377 * region-model.cc (region_model::handle_unrecognized_call): Likewise.
2378 (region_model::get_reachable_svalues): Likewise.
2379 (region_model::can_merge_with_p): Likewise.
2380
0cfd9109
GA		 23812020-11-05 David Malcolm <dmalcolm@redhat.com>
2382
2383 PR analyzer/97668
2384 * svalue.cc (cmp_cst): Handle COMPLEX_CST.
2385
e93aae4a
GA		 23862020-10-29 David Malcolm <dmalcolm@redhat.com>
2387
2388 * program-state.cc (sm_state_map::on_liveness_change): Sort the
2389 leaking svalues before calling on_state_leak.
2390 (program_state::detect_leaks): Likewise when calling
2391 on_svalue_leak.
2392 * region-model-reachability.cc
2393 (reachable_regions::mark_escaped_clusters): Likewise when
2394 calling on_escaped_function.
2395
23962020-10-29 David Malcolm <dmalcolm@redhat.com>
2397
2398 PR analyzer/97608
2399 * region-model-reachability.cc (reachable_regions::handle_sval):
2400 Operands of reachable reversible operations are reachable.
2401
24022020-10-29 David Malcolm <dmalcolm@redhat.com>
2403
2404 * analyzer.h (class state_machine): New forward decl.
2405 (class logger): Likewise.
2406 (class visitor): Likewise.
2407 * complexity.cc: New file, taken from svalue.cc.
2408 * complexity.h: New file, taken from region-model.h.
2409 * region-model.h: Include "analyzer/svalue.h" and
2410 "analyzer/region.h". Move struct complexity to complexity.h.
2411 Move svalue, its subclasses and supporting decls to svalue.h.
2412 Move region, its subclasses and supporting decls to region.h.
2413 * region.cc: Include "analyzer/region.h".
2414 (symbolic_region::symbolic_region): Move here from region-model.h.
2415 * region.h: New file, based on material from region-model.h.
2416 * svalue.cc: Include "analyzer/svalue.h".
2417 (complexity::complexity): Move to complexity.cc.
2418 (complexity::from_pair): Likewise.
2419 * svalue.h: New file, based on material from region-model.h.
2420
24212020-10-29 David Malcolm <dmalcolm@redhat.com>
2422
2423 * program-state.cc (sm_state_map::print): Guard the printing of
2424 the origin pointer with !flag_dump_noaddr.
2425 * region.cc (string_region::dump_to_pp): Likewise for
2426 m_string_cst.
2427
89bb01e7
GA		 24282020-10-27 David Malcolm <dmalcolm@redhat.com>
2429
2430 PR analyzer/97568
2431 * region-model.cc (region_model::get_initial_value_for_global):
2432 Move check that !DECL_EXTERNAL from here to...
2433 * region.cc (decl_region::get_svalue_for_initializer): ...here,
2434 using it to reject zero initialization.
2435
24362020-10-27 Markus Böck <markus.boeck02@gmail.com>
2437
2438 PR analyzer/96608
2439 * store.h (hash): Cast to intptr_t instead of long
2440
24412020-10-27 David Malcolm <dmalcolm@redhat.com>
2442
2443 * constraint-manager.cc (svalue_cmp_by_ptr): Delete.
2444 (equiv_class::canonicalize): Use svalue::cmp_ptr_ptr instead.
2445 (equiv_class_cmp): Eliminate pointer comparison.
2446 * diagnostic-manager.cc (dedupe_key::comparator): If they are at
2447 the same location, also compare epath ength and pending_diagnostic
2448 kind.
2449 * engine.cc (readability_comparator): If two path_vars have the
2450 same readability, then impose an arbitrary ordering on them.
2451 (worklist::key_t::cmp): If two points have the same plan ordering,
2452 continue the comparison. Call sm_state_map::cmp rather than
2453 comparing hash values.
2454 * program-state.cc (sm_state_map::entry_t::cmp): New.
2455 (sm_state_map::cmp): New.
2456 * program-state.h (sm_state_map::entry_t::cmp): New decl.
2457 (sm_state_map::elements): New.
2458 (sm_state_map::cmp): New.
2459
24602020-10-27 David Malcolm <dmalcolm@redhat.com>
2461
2462 * engine.cc (setjmp_record::cmp): New.
2463 (supernode_cluster::dump_dot): Avoid embedding pointer in cluster
2464 name.
2465 (supernode_cluster::cmp_ptr_ptr): New.
2466 (function_call_string_cluster::dump_dot): Avoid embedding pointer
2467 in cluster name. Sort m_map when dumping child clusters.
2468 (function_call_string_cluster::cmp_ptr_ptr): New.
2469 (root_cluster::dump_dot): Sort m_map when dumping child clusters.
2470 * program-point.cc (function_point::cmp): New.
2471 (function_point::cmp_ptr): New.
2472 * program-point.h (function_point::cmp): New decl.
2473 (function_point::cmp_ptr): New decl.
2474 * program-state.cc (sm_state_map::print): Sort the values. Guard
2475 the printing of pointers with !flag_dump_noaddr.
2476 (program_state::prune_for_point): Sort the regions.
2477 (log_set_of_svalues): Sort the values. Guard the printing of
2478 pointers with !flag_dump_noaddr.
2479 * region-model-manager.cc (log_uniq_map): Sort the values.
2480 * region-model-reachability.cc (dump_set): New function template.
2481 (reachable_regions::dump_to_pp): Use it.
2482 * region-model.h (svalue::cmp_ptr): New decl.
2483 (svalue::cmp_ptr_ptr): New decl.
2484 (setjmp_record::cmp): New decl.
2485 (placeholder_svalue::get_name): New accessor.
2486 (widening_svalue::get_point): New accessor.
2487 (compound_svalue::get_map): New accessor.
2488 (conjured_svalue::get_stmt): New accessor.
2489 (conjured_svalue::get_id_region): New accessor.
2490 (region::cmp_ptrs): Rename to...
2491 (region::cmp_ptr_ptr): ...this.
2492 * region.cc (region::cmp_ptrs): Rename to...
2493 (region::cmp_ptr_ptr): ...this.
2494 * state-purge.cc
2495 (state_purge_per_ssa_name::state_purge_per_ssa_name): Sort
2496 m_points_needing_name when dumping.
2497 * store.cc (concrete_binding::cmp_ptr_ptr): New.
2498 (symbolic_binding::cmp_ptr_ptr): New.
2499 (binding_map::cmp): New.
2500 (get_sorted_parent_regions): Update for renaming of
2501 region::cmp_ptrs to region::cmp_ptr_ptr.
2502 (store::dump_to_pp): Likewise.
2503 (store::to_json): Likewise.
2504 (store::can_merge_p): Sort the base regions before considering
2505 them.
2506 * store.h (concrete_binding::cmp_ptr_ptr): New decl.
2507 (symbolic_binding::cmp_ptr_ptr): New decl.
2508 (binding_map::cmp): New decl.
2509 * supergraph.cc (supergraph::supergraph): Assign UIDs to the
2510 gimple stmts.
2511 * svalue.cc (cmp_cst): New.
2512 (svalue::cmp_ptr): New.
2513 (svalue::cmp_ptr_ptr): New.
2514
25152020-10-27 David Malcolm <dmalcolm@redhat.com>
2516
2517 * engine.cc (exploded_graph::get_or_create_node): Fix off-by-one
2518 when imposing param_analyzer_max_enodes_per_program_point limit.
2519
25202020-10-27 David Malcolm <dmalcolm@redhat.com>
2521
2522 * region-model.cc (region_model::get_representative_path_var):
2523 Implement case RK_LABEL.
2524 * region-model.h (label_region::get_label): New accessor.
2525
43868df3
GA		 25262020-10-22 David Malcolm <dmalcolm@redhat.com>
2527
2528 PR analyzer/97514
2529 * engine.cc (exploded_graph::add_function_entry): Handle failure
2530 to create an enode, rather than asserting.
2531
25322020-10-22 David Malcolm <dmalcolm@redhat.com>
2533
2534 PR analyzer/97489
2535 * engine.cc (exploded_graph::add_function_entry): Assert that we
2536 have a function body.
2537 (exploded_graph::on_escaped_function): Reject fndecls that don't
2538 have a function body.
2539
b2698c21
GA		 25402020-10-14 David Malcolm <dmalcolm@redhat.com>
2541
2542 PR analyzer/93388
2543 * region-model.cc (region_model::get_initial_value_for_global):
2544 Fall back to returning an initial_svalue if
2545 decl_region::get_svalue_for_initializer fails.
2546 * region.cc (decl_region::get_svalue_for_initializer): Don't
2547 attempt to create a compound_svalue if the region has an unknown
2548 size.
2549
25502020-10-14 David Malcolm <dmalcolm@redhat.com>
2551
2552 PR analyzer/93723
2553 * store.cc (binding_map::apply_ctor_to_region): Remove redundant
2554 assertion.
2555
8be127ca
GA		 25562020-10-12 David Malcolm <dmalcolm@redhat.com>
2557
2558 PR analyzer/97258
2559 * engine.cc (impl_region_model_context::on_escaped_function): New
2560 vfunc.
2561 (exploded_graph::add_function_entry): Use m_functions_with_enodes
2562 to implement idempotency.
2563 (add_any_callbacks): New.
2564 (exploded_graph::build_initial_worklist): Use the above to find
2565 callbacks that are reachable from global initializers.
2566 (exploded_graph::on_escaped_function): New.
2567 * exploded-graph.h
2568 (impl_region_model_context::on_escaped_function): New decl.
2569 (exploded_graph::on_escaped_function): New decl.
2570 (exploded_graph::m_functions_with_enodes): New field.
2571 * region-model-reachability.cc
2572 (reachable_regions::reachable_regions): Replace "store" param with
2573 "model" param; use it to initialize m_model.
2574 (reachable_regions::add): When getting the svalue for the region,
2575 call get_store_value on the model rather than using an initial
2576 value.
2577 (reachable_regions::mark_escaped_clusters): Add ctxt param and
2578 use it to call on_escaped_function when a function_region escapes.
2579 * region-model-reachability.h
2580 (reachable_regions::reachable_regions): Replace "store" param with
2581 "model" param.
2582 (reachable_regions::mark_escaped_clusters): Add ctxt param.
2583 (reachable_regions::m_model): New field.
2584 * region-model.cc (region_model::handle_unrecognized_call): Update
2585 for change in reachable_regions ctor.
2586 (region_model::handle_unrecognized_call): Pass ctxt to
2587 mark_escaped_clusters.
2588 (region_model::get_reachable_svalues): Update for change in
2589 reachable_regions ctor.
2590 (region_model::get_initial_value_for_global): Read-only variables
2591 keep their initial values.
2592 * region-model.h (region_model_context::on_escaped_function): New
2593 vfunc.
2594 (noop_region_model_context::on_escaped_function): New.
2595
25962020-10-12 David Malcolm <dmalcolm@redhat.com>
2597
2598 * analyzer.opt (Wanalyzer-write-to-const): New.
2599 (Wanalyzer-write-to-string-literal): New.
2600 * region-model-impl-calls.cc (region_model::impl_call_memcpy):
2601 Call check_for_writable_region.
2602 (region_model::impl_call_memset): Likewise.
2603 (region_model::impl_call_strcpy): Likewise.
2604 * region-model.cc (class write_to_const_diagnostic): New.
2605 (class write_to_string_literal_diagnostic): New.
2606 (region_model::check_for_writable_region): New.
2607 (region_model::set_value): Call check_for_writable_region.
2608 * region-model.h (region_model::check_for_writable_region): New
2609 decl.
2610
6caec77e
GA		 26112020-10-07 David Malcolm <dmalcolm@redhat.com>
2612
2613 PR analyzer/97116
2614 * sm-malloc.cc (method_p): New.
2615 (describe_argument_index): New.
2616 (inform_nonnull_attribute): Use describe_argument_index.
2617 (possible_null_arg::describe_final_event): Likewise.
2618 (null_arg::describe_final_event): Likewise.
2619
93bca37c
GA		 26202020-09-29 David Malcolm <dmalcolm@redhat.com>
2621
2622 PR analyzer/95188
2623 * engine.cc (stmt_requires_new_enode_p): Split enodes before
2624 "signal" calls.
2625
26262020-09-29 David Malcolm <dmalcolm@redhat.com>
2627
2628 * constraint-manager.cc
2629 (constraint_manager::add_constraint_internal): Whitespace fixes.
2630 Silence -Wsign-compare warning.
2631 * engine.cc (maybe_process_run_of_before_supernode_enodes):
2632 Silence -Wsign-compare warning.
2633
e84761c6
GA		 26342020-09-28 David Malcolm <dmalcolm@redhat.com>
2635
2636 * region-model.h (binop_svalue::dyn_cast_binop_svalue): Remove
2637 redundant "virtual". Add FINAL OVERRIDE.
2638 (widening_svalue::dyn_cast_widening_svalue): Add FINAL OVERRIDE.
2639 (compound_svalue::dyn_cast_compound_svalue): Likewise.
2640 (conjured_svalue::dyn_cast_conjured_svalue): Likewise.
2641
26422020-09-28 David Malcolm <dmalcolm@redhat.com>
2643
2644 * diagnostic-manager.cc (null_assignment_sm_context::m_visitor):
2645 Remove unused field.
2646
26472020-09-28 David Malcolm <dmalcolm@redhat.com>
2648
2649 PR analyzer/97233
2650 * analyzer.cc (is_longjmp_call_p): Require the initial argument
2651 to be a pointer.
2652 * engine.cc (exploded_node::on_longjmp): Likewise.
2653
26542020-09-28 David Malcolm <dmalcolm@redhat.com>
2655
2656 * program-state.cc (sm_state_map::print): Update check
2657 for m_global_state being the start state.
2658
91dd4a38
GA		 26592020-09-26 David Malcolm <dmalcolm@redhat.com>
2660
2661 PR analyzer/96646
2662 PR analyzer/96841
2663 * region-model.cc (region_model::get_representative_path_var):
2664 When handling offset_region, wrap the MEM_REF's first argument in
2665 an ADDR_EXPR of pointer type, rather than simply using the tree
2666 for the parent region. Require the MEM_REF's second argument to
2667 be an integer constant.
2668
a2b7397b
GA		 26692020-09-24 David Malcolm <dmalcolm@redhat.com>
2670
2671 * analyzer.h (struct rejected_constraint): New decl.
2672 * analyzer.opt (fanalyzer-feasibility): New option.
2673 * diagnostic-manager.cc (path_builder::path_builder): Add
2674 "problem" param and use it to initialize new field.
2675 (path_builder::get_feasibility_problem): New accessor.
2676 (path_builder::m_feasibility_problem): New field.
2677 (dedupe_winners::add): Remove inversion of logic in "if" clause,
2678 swapping if/else suites. In the !feasible_p suite, inspect
2679 flag_analyzer_feasibility and add code to handle when this
2680 is off, accepting the infeasible path, but recording the
2681 feasibility_problem.
2682 (diagnostic_manager::emit_saved_diagnostic): Pass the
2683 feasibility_problem to the path_builder.
2684 (diagnostic_manager::add_events_for_eedge): If we have
2685 a feasibility_problem at this edge, use it to add a custom event.
2686 * engine.cc (exploded_path::feasible_p): Pass a
2687 rejected_constraint ** to model.maybe_update_for_edge and transfer
2688 ownership of any created instance to any feasibility_problem.
2689 (feasibility_problem::dump_to_pp): New.
2690 * exploded-graph.h (feasibility_problem::feasibility_problem):
2691 Drop "model" param; add rejected_constraint * param.
2692 (feasibility_problem::~feasibility_problem): New.
2693 (feasibility_problem::dump_to_pp): New decl.
2694 (feasibility_problem::m_model): Drop field.
2695 (feasibility_problem::m_rc): New field.
2696 * program-point.cc (function_point::get_location): Handle
2697 PK_BEFORE_SUPERNODE and PK_AFTER_SUPERNODE.
2698 * program-state.cc (program_state::on_edge): Pass NULL to new
2699 param of region_model::maybe_update_for_edge.
2700 * region-model.cc (region_model::add_constraint): New overload
2701 adding a rejected_constraint ** param.
2702 (region_model::maybe_update_for_edge): Add rejected_constraint **
2703 param and pass it to the various apply_constraints_for_ calls.
2704 (region_model::apply_constraints_for_gcond): Add
2705 rejected_constraint ** param and pass it to add_constraint calls.
2706 (region_model::apply_constraints_for_gswitch): Likewise.
2707 (region_model::apply_constraints_for_exception): Likewise.
2708 (rejected_constraint::dump_to_pp): New.
2709 * region-model.h (region_model::maybe_update_for_edge):
2710 Add rejected_constraint ** param.
2711 (region_model::add_constraint): New overload adding a
2712 rejected_constraint ** param.
2713 (region_model::apply_constraints_for_gcond): Add
2714 rejected_constraint ** param.
2715 (region_model::apply_constraints_for_gswitch): Likewise.
2716 (region_model::apply_constraints_for_exception): Likewise.
2717 (struct rejected_constraint): New.
2718
82b77dee
GA		 27192020-09-23 David Malcolm <dmalcolm@redhat.com>
2720
2721 PR analyzer/97178
2722 * engine.cc (impl_run_checkers): Update for change to ext_state
2723 ctor.
2724 * program-state.cc (selftest::test_sm_state_map): Pass an engine
2725 instance to ext_state ctor.
2726 (selftest::test_program_state_1): Likewise.
2727 (selftest::test_program_state_2): Likewise.
2728 (selftest::test_program_state_merging): Likewise.
2729 (selftest::test_program_state_merging_2): Likewise.
2730 * program-state.h (extrinsic_state::extrinsic_state): Remove NULL
2731 default value for "eng" param.
2732
27332020-09-23 Tobias Burnus <tobias@codesourcery.com>
2734
2735 * analyzer-logging.cc: Guard '#pragma ... ignored "-Wformat-diag"'
2736 by '#if __GNUC__ >= 10'
2737 * analyzer.h: Likewise.
2738 * call-string.cc: Likewise.
2739
27402020-09-23 David Malcolm <dmalcolm@redhat.com>
2741
2742 * engine.cc (exploded_node::on_stmt): Replace sequence of dyn_cast
2743 with switch.
2744
521d2711
GA		 27452020-09-22 David Malcolm <dmalcolm@redhat.com>
2746
2747 * analysis-plan.cc: Include "json.h".
2748 * analyzer.opt (fdump-analyzer-json): New.
2749 * call-string.cc: Include "json.h".
2750 (call_string::to_json): New.
2751 * call-string.h (call_string::to_json): New decl.
2752 * checker-path.cc: Include "json.h".
2753 * constraint-manager.cc: Include "json.h".
2754 (equiv_class::to_json): New.
2755 (constraint::to_json): New.
2756 (constraint_manager::to_json): New.
2757 * constraint-manager.h (equiv_class::to_json): New decl.
2758 (constraint::to_json): New decl.
2759 (constraint_manager::to_json): New decl.
2760 * diagnostic-manager.cc: Include "json.h".
2761 (saved_diagnostic::to_json): New.
2762 (diagnostic_manager::to_json): New.
2763 * diagnostic-manager.h (saved_diagnostic::to_json): New decl.
2764 (diagnostic_manager::to_json): New decl.
2765 * engine.cc: Include "json.h", <zlib.h>.
2766 (exploded_node::status_to_str): New.
2767 (exploded_node::to_json): New.
2768 (exploded_edge::to_json): New.
2769 (exploded_graph::to_json): New.
2770 (dump_analyzer_json): New.
2771 (impl_run_checkers): Call it.
2772 * exploded-graph.h (exploded_node::status_to_str): New decl.
2773 (exploded_node::to_json): New.
2774 (exploded_edge::to_json): New.
2775 (exploded_graph::to_json): New.
2776 * pending-diagnostic.cc: Include "json.h".
2777 * program-point.cc: Include "json.h".
2778 (program_point::to_json): New.
2779 * program-point.h (program_point::to_json): New decl.
2780 * program-state.cc: Include "json.h".
2781 (extrinsic_state::to_json): New.
2782 (sm_state_map::to_json): New.
2783 (program_state::to_json): New.
2784 * program-state.h (extrinsic_state::to_json): New decl.
2785 (sm_state_map::to_json): New decl.
2786 (program_state::to_json): New decl.
2787 * region-model-impl-calls.cc: Include "json.h".
2788 * region-model-manager.cc: Include "json.h".
2789 * region-model-reachability.cc: Include "json.h".
2790 * region-model.cc: Include "json.h".
2791 * region-model.h (svalue::to_json): New decl.
2792 (region::to_json): New decl.
2793 * region.cc: Include "json.h".
2794 (region::to_json: New.
2795 * sm-file.cc: Include "json.h".
2796 * sm-malloc.cc: Include "json.h".
2797 * sm-pattern-test.cc: Include "json.h".
2798 * sm-sensitive.cc: Include "json.h".
2799 * sm-signal.cc: Include "json.h".
2800 (signal_delivery_edge_info_t::to_json): New.
2801 * sm-taint.cc: Include "json.h".
2802 * sm.cc: Include "diagnostic.h", "tree-diagnostic.h", and
2803 "json.h".
2804 (state_machine::state::to_json): New.
2805 (state_machine::to_json): New.
2806 * sm.h (state_machine::state::to_json): New.
2807 (state_machine::to_json): New.
2808 * state-purge.cc: Include "json.h".
2809 * store.cc: Include "json.h".
2810 (binding_key::get_desc): New.
2811 (binding_map::to_json): New.
2812 (binding_cluster::to_json): New.
2813 (store::to_json): New.
2814 * store.h (binding_key::get_desc): New decl.
2815 (binding_map::to_json): New decl.
2816 (binding_cluster::to_json): New decl.
2817 (store::to_json): New decl.
2818 * supergraph.cc: Include "json.h".
2819 (supergraph::to_json): New.
2820 (supernode::to_json): New.
2821 (superedge::to_json): New.
2822 * supergraph.h (supergraph::to_json): New decl.
2823 (supernode::to_json): New decl.
2824 (superedge::to_json): New decl.
2825 * svalue.cc: Include "json.h".
2826 (svalue::to_json): New.
2827
44135373
GA		 28282020-09-21 David Malcolm <dmalcolm@redhat.com>
2829
2830 PR analyzer/97130
2831 * region-model-impl-calls.cc (call_details::get_arg_type): New.
2832 * region-model.cc (region_model::on_call_pre): Check that the
2833 initial arg is a pointer before calling impl_call_memset and
2834 impl_call_strlen.
2835 * region-model.h (call_details::get_arg_type): New decl.
2836
28372020-09-21 David Malcolm <dmalcolm@redhat.com>
2838
2839 PR analyzer/93355
2840 * sm-malloc.cc (malloc_state_machine::get_default_state): Look at
2841 the base region when considering pointers. Treat pointers to
2842 decls as being non-heap.
2843
239601c5
GA		 28442020-09-18 David Malcolm <dmalcolm@redhat.com>
2845
2846 * checker-path.cc (warning_event::get_desc): Handle global state
2847 changes.
2848
28492020-09-18 David Malcolm <dmalcolm@redhat.com>
2850
2851 * sm-malloc.cc (malloc_state_machine::on_stmt): Handle strdup and
2852 strndup as being malloc-like allocators.
2853
ecde1b0a
GA		 28542020-09-16 David Malcolm <dmalcolm@redhat.com>
2855
2856 * engine.cc (strongly_connected_components::strong_connect): Only
2857 consider intraprocedural edges when creating SCCs.
2858 (worklist::key_t::cmp): Add comment. Treat call_string
2859 differences as more important than differences of program_point
2860 within a supernode.
2861
28622020-09-16 David Malcolm <dmalcolm@redhat.com>
2863
2864 * engine.cc (supernode_cluster::dump_dot): Show the SCC id
2865 in the per-supernode clusters in FILENAME.eg.dot output.
2866 (exploded_graph_annotator::add_node_annotations):
2867 Show the SCC of the supernode in FILENAME.supernode.eg.dot output.
2868 * exploded-graph.h (worklist::scc_id): New.
2869 (exploded_graph::get_scc_id): New.
2870
28712020-09-16 David Malcolm <dmalcolm@redhat.com>
2872
2873 * engine.cc (exploded_node::dump_dot): Show STATUS_BULK_MERGED.
2874 (exploded_graph::process_worklist): Call
2875 maybe_process_run_of_before_supernode_enodes.
2876 (exploded_graph::maybe_process_run_of_before_supernode_enodes):
2877 New.
2878 (exploded_graph_annotator::print_enode): Show STATUS_BULK_MERGED.
2879 * exploded-graph.h (enum exploded_node::status): Add
2880 STATUS_BULK_MERGED.
2881
28822020-09-16 David Malcolm <dmalcolm@redhat.com>
2883
2884 * engine.cc
2885 (exploded_graph::process_node) <case PK_BEFORE_SUPERNODE>:
2886 Simplify by using program_point::get_next.
2887 * program-point.cc (program_point::get_next): New.
2888 * program-point.h (program_point::get_next): New decl.
2889
28902020-09-16 David Malcolm <dmalcolm@redhat.com>
2891
2892 * engine.cc (exploded_graph::get_or_create_node): Show the
2893 program point when issuing -Wanalyzer-too-complex due to hitting
2894 the per-program-point limit.
2895
28962020-09-16 David Malcolm <dmalcolm@redhat.com>
2897
2898 * region-model.cc (region_model::on_call_pre): Treat getchar as
2899 having no side-effects.
2900
9f7ab8c5
GA		 29012020-09-15 David Malcolm <dmalcolm@redhat.com>
2902
2903 PR analyzer/96650
2904 * constraint-manager.cc (merger_fact_visitor::on_fact): Replace
2905 assertion that add_constraint succeeded with an assertion that
2906 if it fails, -fanalyzer-transitivity is off.
2907
50a71cd0
GA		 29082020-09-14 David Malcolm <dmalcolm@redhat.com>
2909
2910 * analyzer.opt (-param=analyzer-max-constraints=): New param.
2911 * constraint-manager.cc
2912 (constraint_manager::add_constraint_internal): Silently reject
2913 attempts to add constraints when the above limit is reached.
2914
29152020-09-14 David Malcolm <dmalcolm@redhat.com>
2916
2917 PR analyzer/96653
2918 * constraint-manager.cc
2919 (constraint_manager::get_or_add_equiv_class): Don't accumulate
2920 transitive closure of all constraints on constants.
2921
29222020-09-14 David Malcolm <dmalcolm@redhat.com>
2923
2924 PR analyzer/97029
2925 * analyzer.cc (is_setjmp_call_p): Require the initial arg to be a
2926 pointer.
2927 * region-model.cc (region_model::deref_rvalue): Assert that the
2928 svalue is of pointer type.
2929
ac35c090
GA		 29302020-09-11 David Malcolm <dmalcolm@redhat.com>
2931
2932 PR analyzer/96798
2933 * region-model-impl-calls.cc (region_model::impl_call_memcpy):
2934 New.
2935 (region_model::impl_call_strcpy): New.
2936 * region-model.cc (region_model::on_call_pre): Flag unhandled
2937 builtins that are non-pure as having unknown side-effects.
2938 Implement BUILT_IN_MEMCPY, BUILT_IN_MEMCPY_CHK, BUILT_IN_STRCPY,
2939 BUILT_IN_STRCPY_CHK, BUILT_IN_FPRINTF, BUILT_IN_FPRINTF_UNLOCKED,
2940 BUILT_IN_PUTC, BUILT_IN_PUTC_UNLOCKED, BUILT_IN_FPUTC,
2941 BUILT_IN_FPUTC_UNLOCKED, BUILT_IN_FPUTS, BUILT_IN_FPUTS_UNLOCKED,
2942 BUILT_IN_FWRITE, BUILT_IN_FWRITE_UNLOCKED, BUILT_IN_PRINTF,
2943 BUILT_IN_PRINTF_UNLOCKED, BUILT_IN_PUTCHAR,
2944 BUILT_IN_PUTCHAR_UNLOCKED, BUILT_IN_PUTS, BUILT_IN_PUTS_UNLOCKED,
2945 BUILT_IN_VFPRINTF, BUILT_IN_VPRINTF.
2946 * region-model.h (region_model::impl_call_memcpy): New decl.
2947 (region_model::impl_call_strcpy): New decl.
2948
80f86e78
GA		 29492020-09-09 David Malcolm <dmalcolm@redhat.com>
2950
2951 PR analyzer/94355
2952 * analyzer.opt (Wanalyzer-mismatching-deallocation): New warning.
2953 * region-model-impl-calls.cc
2954 (region_model::impl_call_operator_new): New.
2955 (region_model::impl_call_operator_delete): New.
2956 * region-model.cc (region_model::on_call_pre): Detect operator new
2957 and operator delete.
2958 (region_model::on_call_post): Likewise.
2959 (region_model::maybe_update_for_edge): Detect EH edges and call...
2960 (region_model::apply_constraints_for_exception): New function.
2961 * region-model.h (region_model::impl_call_operator_new): New decl.
2962 (region_model::impl_call_operator_delete): New decl.
2963 (region_model::apply_constraints_for_exception): New decl.
2964 * sm-malloc.cc (enum resource_state): New.
2965 (struct allocation_state): New state subclass.
2966 (enum wording): New.
2967 (struct api): New.
2968 (malloc_state_machine::custom_data_t): New typedef.
2969 (malloc_state_machine::add_state): New decl.
2970 (malloc_state_machine::m_unchecked)
2971 (malloc_state_machine::m_nonnull)
2972 (malloc_state_machine::m_freed): Delete these states in favor
2973 of...
2974 (malloc_state_machine::m_malloc)
2975 (malloc_state_machine::m_scalar_new)
2976 (malloc_state_machine::m_vector_new): ...this new api instances,
2977 which own their own versions of these states.
2978 (malloc_state_machine::on_allocator_call): New decl.
2979 (malloc_state_machine::on_deallocator_call): New decl.
2980 (api::api): New ctor.
2981 (dyn_cast_allocation_state): New.
2982 (as_a_allocation_state): New.
2983 (get_rs): New.
2984 (unchecked_p): New.
2985 (nonnull_p): New.
2986 (freed_p): New.
2987 (malloc_diagnostic::describe_state_change): Use unchecked_p and
2988 nonnull_p.
2989 (class mismatching_deallocation): New.
2990 (double_free::double_free): Add funcname param for initializing
2991 m_funcname.
2992 (double_free::emit): Use m_funcname in warning message rather
2993 than hardcoding "free".
2994 (double_free::describe_state_change): Likewise. Use freed_p.
2995 (double_free::describe_call_with_state): Use freed_p.
2996 (double_free::describe_final_event): Use m_funcname in message
2997 rather than hardcoding "free".
2998 (double_free::m_funcname): New field.
2999 (possible_null::describe_state_change): Use unchecked_p.
3000 (possible_null::describe_return_of_state): Likewise.
3001 (use_after_free::use_after_free): Add param for initializing m_api.
3002 (use_after_free::emit): Use m_api->m_dealloc_funcname in message
3003 rather than hardcoding "free".
3004 (use_after_free::describe_state_change): Use freed_p. Change the
3005 wording of the message based on the API.
3006 (use_after_free::describe_final_event): Use
3007 m_api->m_dealloc_funcname in message rather than hardcoding
3008 "free". Change the wording of the message based on the API.
3009 (use_after_free::m_api): New field.
3010 (malloc_leak::describe_state_change): Use unchecked_p. Update
3011 for renaming of m_malloc_event to m_alloc_event.
3012 (malloc_leak::describe_final_event): Update for renaming of
3013 m_malloc_event to m_alloc_event.
3014 (malloc_leak::m_malloc_event): Rename...
3015 (malloc_leak::m_alloc_event): ...to this.
3016 (free_of_non_heap::free_of_non_heap): Add param for initializing
3017 m_funcname.
3018 (free_of_non_heap::emit): Use m_funcname in message rather than
3019 hardcoding "free".
3020 (free_of_non_heap::describe_final_event): Likewise.
3021 (free_of_non_heap::m_funcname): New field.
3022 (allocation_state::dump_to_pp): New.
3023 (allocation_state::get_nonnull): New.
3024 (malloc_state_machine::malloc_state_machine): Update for changes
3025 to state fields and new api fields.
3026 (malloc_state_machine::add_state): New.
3027 (malloc_state_machine::on_stmt): Move malloc/calloc handling to
3028 on_allocator_call and call it, passing in the API pointer.
3029 Likewise for free, moving it to on_deallocator_call. Handle calls
3030 to operator new and delete in an analogous way. Use unchecked_p
3031 when testing for possibly-null-arg and possibly-null-deref, and
3032 transition to the non-null for the correct API. Remove redundant
3033 node param from call to on_zero_assignment. Use freed_p for
3034 use-after-free check, and pass in API.
3035 (malloc_state_machine::on_allocator_call): New, based on code in
3036 on_stmt.
3037 (malloc_state_machine::on_deallocator_call): Likewise.
3038 (malloc_state_machine::on_phi): Mark node param with
3039 ATTRIBUTE_UNUSED; don't pass it to on_zero_assignment.
3040 (malloc_state_machine::on_condition): Mark node param with
3041 ATTRIBUTE_UNUSED. Replace on_transition calls with get_state and
3042 set_next_state pairs, transitioning to the non-null state for the
3043 appropriate API.
3044 (malloc_state_machine::can_purge_p): Port to new state approach.
3045 (malloc_state_machine::on_zero_assignment): Replace on_transition
3046 calls with get_state and set_next_state pairs. Drop redundant
3047 node param.
3048 * sm.h (state_machine::add_custom_state): New.
3049
30502020-09-09 David Malcolm <dmalcolm@redhat.com>
3051
3052 * diagnostic-manager.cc
3053 (null_assignment_sm_context::warn_for_state): Replace with...
3054 (null_assignment_sm_context::warn): ...this.
3055 * engine.cc (impl_sm_context::warn_for_state): Replace with...
3056 (impl_sm_context::warn): ...this.
3057 * sm-file.cc (fileptr_state_machine::on_stmt): Replace
3058 warn_for_state and on_transition calls with a get_state
3059 test guarding warn and set_next_state calls.
3060 * sm-malloc.cc (malloc_state_machine::on_stmt): Likewise.
3061 * sm-pattern-test.cc (pattern_test_state_machine::on_condition):
3062 Replace warn_for_state call with warn call.
3063 * sm-sensitive.cc
3064 (sensitive_state_machine::warn_for_any_exposure): Replace
3065 warn_for_state call with a get_state test guarding a warn call.
3066 * sm-signal.cc (signal_state_machine::on_stmt): Likewise.
3067 * sm-taint.cc (taint_state_machine::on_stmt): Replace
3068 warn_for_state and on_transition calls with a get_state
3069 test guarding warn and set_next_state calls.
3070 * sm.h (sm_context::warn_for_state): Replace with...
3071 (sm_context::warn): ...this.
3072
30732020-09-09 David Malcolm <dmalcolm@redhat.com>
3074
3075 * diagnostic-manager.cc
3076 (null_assignment_sm_context::null_assignment_sm_context): Add old_state
3077 and ext_state params, initializing m_old_state and m_ext_state.
3078 (null_assignment_sm_context::on_transition): Split into...
3079 (null_assignment_sm_context::get_state): ...this new vfunc
3080 implementation and...
3081 (null_assignment_sm_context::set_next_state): ...this new vfunc
3082 implementation.
3083 (null_assignment_sm_context::m_old_state): New field.
3084 (null_assignment_sm_context::m_ext_state): New field.
3085 (diagnostic_manager::add_events_for_eedge): Pass in old state and
3086 ext_state when creating sm_ctxt.
3087 * engine.cc (impl_sm_context::on_transition): Split into...
3088 (impl_sm_context::get_state): ...this new vfunc
3089 implementation and...
3090 (impl_sm_context::set_next_state): ...this new vfunc
3091 implementation.
3092 * sm.h (sm_context::get_state): New pure virtual function.
3093 (sm_context::set_next_state): Likewise.
3094 (sm_context::on_transition): Convert from a pure virtual function
3095 to a regular function implemented in terms of get_state and
3096 set_next_state.
3097
30982020-09-09 David Malcolm <dmalcolm@redhat.com>
3099
3100 * checker-path.cc (state_change_event::get_desc): Update
3101 state_machine::get_state_name calls to state::get_name.
3102 (warning_event::get_desc): Likewise.
3103 * diagnostic-manager.cc
3104 (null_assignment_sm_context::on_transition): Update comparison
3105 against 0 with comparison with m_sm.get_start_state.
3106 (diagnostic_manager::prune_for_sm_diagnostic): Update
3107 state_machine::get_state_name calls to state::get_name.
3108 * engine.cc (impl_sm_context::on_transition): Likewise.
3109 (exploded_node::get_dot_fillcolor): Use get_id when summing
3110 the sm states.
3111 * program-state.cc (sm_state_map::sm_state_map): Don't hardcode
3112 0 as the start state when initializing m_global_state.
3113 (sm_state_map::print): Use dump_to_pp rather than get_state_name
3114 when dumping states.
3115 (sm_state_map::is_empty_p): Don't hardcode 0 as the start state
3116 when examining m_global_state.
3117 (sm_state_map::hash): Use get_id when hashing states.
3118 (selftest::test_sm_state_map): Use state objects rather than
3119 arbitrary hardcoded integers.
3120 (selftest::test_program_state_merging): Likewise.
3121 (selftest::test_program_state_merging_2): Likewise.
3122 * sm-file.cc (fileptr_state_machine::m_start): Move to base class.
3123 (file_diagnostic::describe_state_change): Use get_start_state.
3124 (fileptr_state_machine::fileptr_state_machine): Drop m_start
3125 initialization.
3126 * sm-malloc.cc (malloc_state_machine::m_start): Move to base
3127 class.
3128 (malloc_diagnostic::describe_state_change): Use get_start_state.
3129 (possible_null::describe_state_change): Likewise.
3130 (malloc_state_machine::malloc_state_machine): Drop m_start
3131 initialization.
3132 * sm-pattern-test.cc (pattern_test_state_machine::m_start): Move
3133 to base class.
3134 (pattern_test_state_machine::pattern_test_state_machine): Drop
3135 m_start initialization.
3136 * sm-sensitive.cc (sensitive_state_machine::m_start): Move to base
3137 class.
3138 (sensitive_state_machine::sensitive_state_machine): Drop m_start
3139 initialization.
3140 * sm-signal.cc (signal_state_machine::m_start): Move to base
3141 class.
3142 (signal_state_machine::signal_state_machine): Drop m_start
3143 initialization.
3144 * sm-taint.cc (taint_state_machine::m_start): Move to base class.
3145 (taint_state_machine::taint_state_machine): Drop m_start
3146 initialization.
3147 * sm.cc (state_machine::state::dump_to_pp): New.
3148 (state_machine::state_machine): Move here from sm.h. Initialize
3149 m_next_state_id and m_start.
3150 (state_machine::add_state): Reimplement in terms of state objects.
3151 (state_machine::get_state_name): Delete.
3152 (state_machine::get_state_by_name): Reimplement in terms of state
3153 objects. Make const.
3154 (state_machine::validate): Delete.
3155 (state_machine::dump_to_pp): Reimplement in terms of state
3156 objects.
3157 * sm.h (state_machine::state): New class.
3158 (state_machine::state_t): Convert typedef from "unsigned" to
3159 "const state_machine::state *".
3160 (state_machine::state_machine): Move to sm.cc.
3161 (state_machine::get_default_state): Use m_start rather than
3162 hardcoding 0.
3163 (state_machine::get_state_name): Delete.
3164 (state_machine::get_state_by_name): Make const.
3165 (state_machine::get_start_state): New accessor.
3166 (state_machine::alloc_state_id): New.
3167 (state_machine::m_state_names): Drop in favor of...
3168 (state_machine::m_states): New field
3169 (state_machine::m_start): New field
3170 (start_start_p): Delete.
3171
31a05046
GA		 31722020-09-08 David Malcolm <dmalcolm@redhat.com>
3173
3174 PR analyzer/96949
3175 * store.cc (binding_map::apply_ctor_val_to_range): Add
3176 error-handling for the cases where we have symbolic offsets.
3177
31782020-09-08 David Malcolm <dmalcolm@redhat.com>
3179
3180 PR analyzer/96950
3181 * store.cc (binding_map::apply_ctor_to_region): Handle RANGE_EXPR
3182 where min_index == max_index.
3183 (binding_map::apply_ctor_val_to_range): Replace assertion that we
3184 don't have a CONSTRUCTOR value with error-handling.
3185
31862020-09-08 David Malcolm <dmalcolm@redhat.com>
3187
3188 PR analyzer/96962
3189 * region-model.cc (region_model::on_call_pre): Fix guard on switch
3190 on built-ins to only consider BUILT_IN_NORMAL, rather than other
3191 kinds of build-ins.
3192
e1a4a8a0
GA		 31932020-09-01 David Malcolm <dmalcolm@redhat.com>
3194
3195 PR analyzer/96792
3196 * region-model.cc (region_model::deref_rvalue): Add the constraint
3197 that PTR_SVAL is non-NULL.
3198
13e4ba28
GA		 31992020-08-31 David Malcolm <dmalcolm@redhat.com>
3200
3201 PR analyzer/96798
3202 * region-model.cc (region_model::on_call_pre): Handle
3203 BUILT_IN_MEMSET_CHK.
3204
32052020-08-31 David Malcolm <dmalcolm@redhat.com>
3206
3207 * region-model.cc (region_model::on_call_pre): Gather handling of
3208 builtins and of internal fns into switch statements. Handle
3209 "alloca" and BUILT_IN_ALLOCA_WITH_ALIGN.
3210
32112020-08-31 David Malcolm <dmalcolm@redhat.com>
3212
3213 PR analyzer/96860
3214 * region.cc (decl_region::get_svalue_for_constructor): Support
3215 apply_ctor_to_region failing.
3216 * store.cc (binding_map::apply_ctor_to_region): Add failure
3217 handling.
3218 (binding_map::apply_ctor_val_to_range): Likewise.
3219 (binding_map::apply_ctor_pair_to_child_region): Likewise. Replace
3220 assertion that child_base_offset is not symbolic with error
3221 handling.
3222 * store.h (binding_map::apply_ctor_to_region): Convert return type
3223 from void to bool.
3224 (binding_map::apply_ctor_val_to_range): Likewise.
3225 (binding_map::apply_ctor_pair_to_child_region): Likewise.
3226
32272020-08-31 David Malcolm <dmalcolm@redhat.com>
3228
3229 PR analyzer/96763
3230 * store.cc (binding_map::apply_ctor_to_region): Handle RANGE_EXPR
3231 by calling a new binding_map::apply_ctor_val_to_range subroutine.
3232 Split out the existing non-CONSTRUCTOR-handling code to a new
3233 apply_ctor_pair_to_child_region subroutine.
3234 (binding_map::apply_ctor_val_to_range): New.
3235 (binding_map::apply_ctor_pair_to_child_region): New, split out
3236 from binding_map::apply_ctor_to_region as noted above.
3237 * store.h (binding_map::apply_ctor_val_to_range): New decl.
3238 (binding_map::apply_ctor_pair_to_child_region): New decl.
3239
32402020-08-31 David Malcolm <dmalcolm@redhat.com>
3241
3242 PR analyzer/96764
3243 * region-model-manager.cc
3244 (region_model_manager::maybe_fold_unaryop): Handle VIEW_CONVERT_EXPR.
3245 (region_model_manager::get_or_create_cast): Move logic for
3246 real->integer casting to...
3247 (get_code_for_cast): ...this new function, and add logic for
3248 real->non-integer casts.
3249 (region_model_manager::maybe_fold_sub_svalue): Handle
3250 VIEW_CONVERT_EXPR.
3251 * region-model.cc
3252 (region_model::add_any_constraints_from_gassign): Likewise.
3253 * svalue.cc (svalue::maybe_undo_cast): Likewise.
3254 (unaryop_svalue::dump_to_pp): Likewise.
3255
57ea0894
GA		 32562020-08-26 David Malcolm <dmalcolm@redhat.com>
3257
3258 PR analyzer/94858
3259 * region-model-manager.cc
3260 (region_model_manager::get_or_create_widening_svalue): Assert that
3261 neither of the inputs are themselves widenings.
3262 * store.cc (store::eval_alias_1): The initial value of a pointer
3263 can't point to a region that was allocated on the heap after the
3264 beginning of the path. A widened pointer value can't alias anything
3265 that the initial pointer value can't alias.
3266 * svalue.cc (svalue::can_merge_p): Merge BINOP (X, OP, CST) with X
3267 to a widening svalue. Merge
3268 BINOP(WIDENING(BASE, BINOP(BASE, X)), X) and BINOP(BASE, X) to
3269 to the LHS of the first BINOP.
3270
32712020-08-26 David Malcolm <dmalcolm@redhat.com>
3272
3273 PR analyzer/96777
3274 * region-model.h (class compound_svalue): Document that all keys
3275 must be concrete.
3276 (compound_svalue::compound_svalue): Move definition to svalue.cc.
3277 * store.cc (binding_map::apply_ctor_to_region): Handle
3278 initializers for trailing arrays with incomplete size.
3279 * svalue.cc (compound_svalue::compound_svalue): Move definition
3280 here from region-model.h. Add assertion that all keys are
3281 concrete.
3282
e769f970
GA		 32832020-08-22 David Malcolm <dmalcolm@redhat.com>
3284
3285 PR analyzer/94851
3286 * region-model-manager.cc
3287 (region_model_manager::maybe_fold_binop): Fold bitwise "& 0" to 0.
3288
32892020-08-22 David Malcolm <dmalcolm@redhat.com>
3290
3291 * store.cc (store::eval_alias): Make const. Split out 2nd half
3292 into store::eval_alias_1 and call it twice for symmetry, avoiding
3293 test duplication.
3294 (store::eval_alias_1): New function, split out from the above.
3295 * store.h (store::eval_alias): Make const.
3296 (store::eval_alias_1): New decl.
3297
32982020-08-22 David Malcolm <dmalcolm@redhat.com>
3299
3300 * region-model.cc (region_model::push_frame): Bind the default
3301 SSA name for each parm if it exists, falling back to the parm
3302 itself otherwise, rather than doing both.
3303
5b9a3d2a
GA		 33042020-08-20 David Malcolm <dmalcolm@redhat.com>
3305
3306 PR analyzer/96723
3307 * region-model-manager.cc
3308 (region_model_manager::get_field_region): Assert that field is a
3309 FIELD_DECL.
3310 * region.cc (region::get_subregions_for_binding): In
3311 union-handling, filter the TYPE_FIELDS traversal to just FIELD_DECLs.
3312
33132020-08-20 David Malcolm <dmalcolm@redhat.com>
3314
3315 PR analyzer/96713
3316 * region-model.cc (region_model::get_gassign_result): For
3317 comparisons, only use eval_condition when the lhs has boolean
3318 type, and use get_or_create_constant_svalue on the boolean
3319 constants directly rather than via get_rvalue.
3320
04e23a40
GA		 33212020-08-19 David Malcolm <dmalcolm@redhat.com>
3322
3323 PR analyzer/96643
3324 * region-model.cc (region_model::deref_rvalue): Rather than
3325 attempting to handle all svalue kinds in the switch, only cover
3326 the special cases, and move symbolic-region handling to after
3327 the switch, thus implicitly handling the missing case SK_COMPOUND.
3328
33292020-08-19 David Malcolm <dmalcolm@redhat.com>
3330
3331 PR analyzer/96705
3332 * region-model-manager.cc
3333 (region_model_manager::maybe_fold_binop): Check that we have an
3334 integral type before calling build_int_cst.
3335
33362020-08-19 David Malcolm <dmalcolm@redhat.com>
3337
3338 PR analyzer/96699
3339 * region-model-manager.cc
3340 (region_model_manager::get_or_create_cast): Use FIX_TRUNC_EXPR for
3341 casting from REAL_TYPE to INTEGER_TYPE.
3342
33432020-08-19 David Malcolm <dmalcolm@redhat.com>
3344
3345 PR analyzer/96651
3346 * region-model.cc (region_model::called_from_main_p): New.
3347 (region_model::get_store_value): Move handling for globals into...
3348 (region_model::get_initial_value_for_global): ...this new
3349 function, and add logic for extracting values from decl
3350 initializers.
3351 * region-model.h (decl_region::get_svalue_for_constructor): New
3352 decl.
3353 (decl_region::get_svalue_for_initializer): New decl.
3354 (region_model::called_from_main_p): New decl.
3355 (region_model::get_initial_value_for_global): New.
3356 * region.cc (decl_region::maybe_get_constant_value): Move logic
3357 for getting an svalue from a CONSTRUCTOR node to...
3358 (decl_region::get_svalue_for_constructor): ...this new function.
3359 (decl_region::get_svalue_for_initializer): New.
3360 * store.cc (get_svalue_for_ctor_val): Rewrite in terms of
3361 region_model::get_rvalue.
3362 * store.h (binding_cluster::get_map): New accessor.
3363
33642020-08-19 David Malcolm <dmalcolm@redhat.com>
3365
3366 PR analyzer/96648
3367 * region.cc (get_field_at_bit_offset): Gracefully handle negative
3368 values for bit_offset.
3369
5c265693
GA		 33702020-08-18 David Malcolm <dmalcolm@redhat.com>
3371
3372 * region-model.cc (region_model::get_rvalue_1): Fix name of local.
3373
33742020-08-18 David Malcolm <dmalcolm@redhat.com>
3375
3376 PR analyzer/96641
3377 * region-model.cc (region_model::get_rvalue_1): Handle
3378 unrecognized tree codes by returning "UNKNOWN.
3379
33802020-08-18 David Malcolm <dmalcolm@redhat.com>
3381
3382 PR analyzer/96640
3383 * region-model.cc (region_model::get_gassign_result): Handle various
3384 VEC_* tree codes by returning UNKNOWN.
3385 (region_model::on_assignment): Handle unrecognized tree codes by
3386 setting lhs to an unknown value, rather than issuing a "sorry" and
3387 asserting.
3388
deee2322
GA		 33892020-08-17 David Malcolm <dmalcolm@redhat.com>
3390
3391 PR analyzer/96644
3392 * region-model-manager.cc (get_region_for_unexpected_tree_code):
3393 Handle ctxt being NULL.
3394
33952020-08-17 David Malcolm <dmalcolm@redhat.com>
3396
3397 PR analyzer/96639
3398 * region.cc (region::get_subregions_for_binding): Check for "type"
3399 being NULL.
3400
34012020-08-17 David Malcolm <dmalcolm@redhat.com>
3402
3403 PR analyzer/96642
3404 * store.cc (get_svalue_for_ctor_val): New.
3405 (binding_map::apply_ctor_to_region): Call it.
3406
661ee09b
GA		 34072020-08-14 David Malcolm <dmalcolm@redhat.com>
3408
3409 PR testsuite/96609
3410 PR analyzer/96616
3411 * region-model.cc (region_model::get_store_value): Call
3412 maybe_get_constant_value on decl_regions first.
3413 * region-model.h (decl_region::maybe_get_constant_value): New decl.
3414 * region.cc (decl_region::get_stack_depth): Likewise.
3415 (decl_region::maybe_get_constant_value): New.
3416 * store.cc (get_subregion_within_ctor): New.
3417 (binding_map::apply_ctor_to_region): New.
3418 * store.h (binding_map::apply_ctor_to_region): New decl.
3419
34202020-08-14 David Malcolm <dmalcolm@redhat.com>
3421
3422 PR analyzer/96611
3423 * store.cc (store::mark_as_escaped): Reject attempts to
3424 get a cluster for an unknown pointer.
3425
b3cb5606
GA		 34262020-08-13 David Malcolm <dmalcolm@redhat.com>
3427
5afd1882
ML		 3428 PR analyzer/93032
3429 PR analyzer/93938
3430 PR analyzer/94011
3431 PR analyzer/94099
3432 PR analyzer/94399
3433 PR analyzer/94458
3434 PR analyzer/94503
3435 PR analyzer/94640
3436 PR analyzer/94688
3437 PR analyzer/94689
3438 PR analyzer/94839
3439 PR analyzer/95026
3440 PR analyzer/95042
3441 PR analyzer/95240
b3cb5606
GA		 3442 * analyzer-logging.cc: Ignore "-Wformat-diag".
3443 (logger::enter_scope): Use inc_indent in both overloads.
3444 (logger::exit_scope): Use dec_indent.
3445 * analyzer-logging.h (logger::inc_indent): New.
3446 (logger::dec_indent): New.
3447 * analyzer-selftests.cc (run_analyzer_selftests): Call
3448 analyzer_store_cc_tests.
3449 * analyzer-selftests.h (analyzer_store_cc_tests): New decl.
3450 * analyzer.cc (get_stmt_location): New function.
3451 * analyzer.h (class initial_svalue): New forward decl.
3452 (class unaryop_svalue): New forward decl.
3453 (class binop_svalue): New forward decl.
3454 (class sub_svalue): New forward decl.
3455 (class unmergeable_svalue): New forward decl.
3456 (class placeholder_svalue): New forward decl.
3457 (class widening_svalue): New forward decl.
3458 (class compound_svalue): New forward decl.
3459 (class conjured_svalue): New forward decl.
3460 (svalue_set): New typedef.
3461 (class map_region): Delete.
3462 (class array_region): Delete.
3463 (class frame_region): New forward decl.
3464 (class function_region): New forward decl.
3465 (class label_region): New forward decl.
3466 (class decl_region): New forward decl.
3467 (class element_region): New forward decl.
3468 (class offset_region): New forward decl.
3469 (class cast_region): New forward decl.
3470 (class field_region): New forward decl.
3471 (class string_region): New forward decl.
3472 (class region_model_manager): New forward decl.
3473 (class store_manager): New forward decl.
3474 (class store): New forward decl.
3475 (class call_details): New forward decl.
3476 (struct svalue_id_merger_mapping): Delete.
3477 (struct canonicalization): Delete.
3478 (class function_point): New forward decl.
3479 (class engine): New forward decl.
3480 (dump_tree): New function decl.
3481 (print_quoted_type): New function decl.
3482 (readability_comparator): New function decl.
3483 (tree_cmp): New function decl.
3484 (class path_var): Move here from region-model.h
3485 (bit_offset_t, bit_size_t, byte_size_t): New typedefs.
3486 (class region_offset): New class.
3487 (get_stmt_location): New decl.
3488 (struct member_function_hash_traits): New struct.
3489 (class consolidation_map): New class.
3490 Ignore "-Wformat-diag".
3491 * analyzer.opt (-param=analyzer-max-svalue-depth=): New param.
3492 (-param=analyzer-max-enodes-for-full-dump=): New param.
3493 * call-string.cc: Ignore -Wformat-diag.
3494 * checker-path.cc: Move includes of "analyzer/call-string.h" and
3495 "analyzer/program-point.h" to before "analyzer/region-model.h",
3496 and also include "analyzer/store.h" before it.
3497 (state_change_event::state_change_event): Replace "tree var" param
3498 with "const svalue *sval". Convert "origin" param from tree to
3499 "const svalue *".
3500 (state_change_event::get_desc): Call get_representative_tree to
3501 convert the var and origin from const svalue * to tree. Use
3502 svalue::get_desc rather than %qE when describing state changes.
3503 (checker_path::add_final_event): Use get_stmt_location.
3504 * checker-path.h (state_change_event::state_change_event): Port
3505 from tree to const svalue *.
3506 (state_change_event::get_lvalue): Delete.
3507 (state_change_event::get_dest_function): New.
3508 (state_change_event::m_var): Replace with...
3509 (state_change_event::m_sval): ...this.
3510 (state_change_event::m_origin): Convert from tree to
3511 const svalue *.
3512 * constraint-manager.cc: Include "analyzer/call-string.h",
3513 "analyzer/program-point.h", and "analyzer/store.h" before
3514 "analyzer/region-model.h".
3515 (struct bound, struct range): Move to constraint-manager.h.
3516 (compare_constants): New function.
3517 (range::dump): Rename to...
3518 (range::dump_to_pp): ...this. Support NULL constants.
3519 (range::dump): Reintroduce for dumping to stderr.
3520 (range::constrained_to_single_element): Return result, rather than
3521 writing to *OUT.
3522 (range::eval_condition): New.
3523 (range::below_lower_bound): New.
3524 (range::above_upper_bound): New.
3525 (equiv_class::equiv_class): Port from svalue_id to const svalue *.
3526 (equiv_class::print): Likewise.
3527 (equiv_class::hash): Likewise.
3528 (equiv_class::operator==): Port from svalue_id to const svalue *.
3529 (equiv_class::add): Port from svalue_id to const svalue *. Drop
3530 "cm" param.
3531 (equiv_class::del): Port from svalue_id to const svalue *.
3532 (equiv_class::get_representative): Likewise.
3533 (equiv_class::remap_svalue_ids): Delete.
3534 (svalue_id_cmp_by_id): Rename to...
3535 (svalue_cmp_by_ptr): ...this, porting from svalue_id to
3536 const svalue *.
3537 (equiv_class::canonicalize): Update qsort comparator.
3538 (constraint::implied_by): New.
3539 (constraint_manager::constraint_manager): Copy m_mgr in copy ctor.
3540 (constraint_manager::dump_to_pp): Add "multiline" param
3541 (constraint_manager::dump): Pass "true" for "multiline".
3542 (constraint_manager::add_constraint): Port from svalue_id to
3543 const svalue *. Split out second part into...
3544 (constraint_manager::add_unknown_constraint): ...this new
3545 function. Remove self-constraints when merging equivalence
3546 classes.
3547 (constraint_manager::add_constraint_internal): Remove constraints
3548 that would be implied by the new constraint. Port from svalue_id
3549 to const svalue *.
3550 (constraint_manager::get_equiv_class_by_sid): Rename to...
3551 (constraint_manager::get_equiv_class_by_svalue): ...this, porting
3552 from svalue_id to const svalue *.
3553 (constraint_manager::get_or_add_equiv_class): Port from svalue_id
3554 to const svalue *.
3555 (constraint_manager::eval_condition): Make const. Call
3556 compare_constants and return early if it provides a known result.
3557 (constraint_manager::get_ec_bounds): New.
3558 (constraint_manager::eval_condition): New overloads. Make
3559 existing one const, and use compare_constants.
3560 (constraint_manager::purge): Convert "p" param to a template
3561 rather that an abstract base class. Port from svalue_id to
3562 const svalue *.
3563 (class dead_svalue_purger): New class.
3564 (constraint_manager::remap_svalue_ids): Delete.
3565 (constraint_manager::on_liveness_change): New.
3566 (equiv_class_cmp): Port from svalue_id to const svalue *.
3567 (constraint_manager::canonicalize): Likewise. Combine with
3568 purging of redundant equivalence classes and constraints.
3569 (class cleaned_constraint_manager): Delete.
3570 (class merger_fact_visitor): Make "m_cm_b" const. Add "m_merger"
3571 field.
3572 (merger_fact_visitor::fact): Port from svalue_id to const svalue *.
3573 Add special case for widening.
3574 (constraint_manager::merge): Port from svalue_id to const svalue *.
3575 (constraint_manager::clean_merger_input): Delete.
3576 (constraint_manager::for_each_fact): Port from svalue_id to
3577 const svalue *.
3578 (constraint_manager::validate): Likewise.
3579 (selftest::test_constraint_conditions): Provide a
3580 region_model_manager when creating region_model instances.
3581 Add test for self-equality not creating equivalence classes.
3582 (selftest::test_transitivity): Provide a region_model_manager when
3583 creating region_model instances. Verify that EC-merging happens
3584 when constraints are implied.
3585 (selftest::test_constant_comparisons): Provide a
3586 region_model_manager when creating region_model instances.
3587 (selftest::test_constraint_impl): Likewise. Remove over-specified
3588 assertions.
3589 (selftest::test_equality): Provide a region_model_manager when
3590 creating region_model instances.
3591 (selftest::test_many_constants): Likewise. Provide a
3592 program_point when testing merging.
3593 (selftest::run_constraint_manager_tests): Move call to
3594 test_constant_comparisons to outside the transitivity guard.
3595 * constraint-manager.h (struct bound): Move here from
3596 constraint-manager.cc.
3597 (struct range): Likewise.
3598 (struct::eval_condition): New decl.
3599 (struct::below_lower_bound): New decl.
3600 (struct::above_upper_bound): New decl.
3601 (equiv_class::add): Port from svalue_id to const svalue *.
3602 (equiv_class::del): Likewise.
3603 (equiv_class::get_representative): Likewise.
3604 (equiv_class::remap_svalue_ids): Drop.
3605 (equiv_class::m_cst_sid): Convert to..
3606 (equiv_class::m_cst_sval): ...this.
3607 (equiv_class::m_vars): Port from svalue_id to const svalue *.
3608 (constraint::bool implied_by): New decl.
3609 (fact_visitor::on_fact): Port from svalue_id to const svalue *.
3610 (constraint_manager::constraint_manager): Add mgr param.
3611 (constraint_manager::clone): Delete.
3612 (constraint_manager::maybe_get_constant): Delete.
3613 (constraint_manager::get_sid_for_constant): Delete.
3614 (constraint_manager::get_num_svalues): Delete.
3615 (constraint_manager::dump_to_pp): Add "multiline" param.
3616 (constraint_manager::get_equiv_class): Port from svalue_id to
3617 const svalue *.
3618 (constraint_manager::add_constraint): Likewise.
3619 (constraint_manager::get_equiv_class_by_sid): Rename to...
3620 (constraint_manager::get_equiv_class_by_svalue): ...this, porting
3621 from svalue_id to const svalue *.
3622 (constraint_manager::add_unknown_constraint): New decl.
3623 (constraint_manager::get_or_add_equiv_class): Port from svalue_id
3624 to const svalue *.
3625 (constraint_manager::eval_condition): Likewise. Add overloads.
3626 (constraint_manager::get_ec_bounds): New decl.
3627 (constraint_manager::purge): Convert to template.
3628 (constraint_manager::remap_svalue_ids): Delete.
3629 (constraint_manager::on_liveness_change): New decl.
3630 (constraint_manager::canonicalize): Drop param.
3631 (constraint_manager::clean_merger_input): Delete.
3632 (constraint_manager::m_mgr): New field.
3633 * diagnostic-manager.cc: Move includes of
3634 "analyzer/call-string.h" and "analyzer/program-point.h" to before
3635 "analyzer/region-model.h", and also include "analyzer/store.h"
3636 before it.
3637 (saved_diagnostic::saved_diagnostic): Add "sval" param.
3638 (diagnostic_manager::diagnostic_manager): Add engine param.
3639 (diagnostic_manager::add_diagnostic): Add "sval" param, passing it
3640 to saved_diagnostic ctor. Update overload to pass NULL for it.
3641 (dedupe_winners::dedupe_winners): Add engine param.
3642 (dedupe_winners::add): Add "eg" param. Pass m_engine to
3643 feasible_p.
3644 (dedupe_winner::m_engine): New field.
3645 (diagnostic_manager::emit_saved_diagnostics): Pass engine to
3646 dedupe_winners. Pass &eg when adding candidates. Pass svalue
3647 rather than tree to prune_path. Use get_stmt_location to get
3648 primary location of diagnostic.
3649 (diagnostic_manager::emit_saved_diagnostic): Likewise.
3650 (get_any_origin): Drop.
3651 (state_change_event_creator::on_global_state_change): Pass NULL
3652 const svalue * rather than NULL_TREE trees to state_change_event
3653 ctor.
3654 (state_change_event_creator::on_state_change): Port from tree and
3655 svalue_id to const svalue *.
3656 (for_each_state_change): Port from svalue_id to const svalue *.
3657 (struct null_assignment_sm_context): New.
3658 (diagnostic_manager::add_events_for_eedge): Add state change
3659 events for assignment to NULL.
3660 (diagnostic_manager::prune_path): Update param from tree to
3661 const svalue *.
3662 (diagnostic_manager::prune_for_sm_diagnostic): Port from tracking
3663 by tree to by const svalue *.
3664 * diagnostic-manager.h (saved_diagnostic::saved_diagnostic): Add sval
3665 param.
3666 (saved_diagnostic::m_sval): New field.
3667 (diagnostic_manager::diagnostic_manager): Add engine param.
3668 (diagnostic_manager::get_engine): New.
3669 (diagnostic_manager::add_diagnostic): Add "sval" param.
3670 (diagnostic_manager::prune_path): Likewise.
3671 (diagnostic_manager::prune_for_sm_diagnostic): New overload.
3672 (diagnostic_manager::m_eng): New field.
3673 * engine.cc: Move includes of "analyzer/call-string.h" and
3674 "analyzer/program-point.h" to before "analyzer/region-model.h",
3675 and also include "analyzer/store.h" before it.
3676 (impl_region_model_context::impl_region_model_context): Update for
3677 removal of m_change field.
3678 (impl_region_model_context::remap_svalue_ids): Delete.
3679 (impl_region_model_context::on_svalue_leak): New.
3680 (impl_region_model_context::on_svalue_purge): Delete.
3681 (impl_region_model_context::on_liveness_change): New.
3682 (impl_region_model_context::on_unknown_change): Update param
3683 from svalue_id to const svalue *. Add is_mutable param.
3684 (setjmp_svalue::compare_fields): Delete.
3685 (setjmp_svalue::accept): New.
3686 (setjmp_svalue::add_to_hash): Delete.
3687 (setjmp_svalue::dump_to_pp): New.
3688 (setjmp_svalue::print_details): Delete.
3689 (impl_sm_context::impl_sm_context): Drop "change" param.
3690 (impl_sm_context::get_fndecl_for_call): Drop "m_change".
3691 (impl_sm_context::on_transition): Drop ATTRIBUTE_UNUSED from
3692 "stmt" param. Drop m_change. Port from svalue_id to
3693 const svalue *.
3694 (impl_sm_context::warn_for_state): Drop m_change. Port from
3695 svalue_id to const svalue *.
3696 (impl_sm_context::get_readable_tree): Rename to...
3697 (impl_sm_context::get_diagnostic_tree): ...this. Port from
3698 svalue_id to const svalue *.
3699 (impl_sm_context::is_zero_assignment): New.
3700 (impl_sm_context::m_change): Delete field.
3701 (leak_stmt_finder::find_stmt): Handle m_var being NULL.
3702 (readability): Increase penalty for MEM_REF. For SSA_NAMEs,
3703 slightly favor the underlying var over the SSA name. Heavily
3704 penalize temporaries. Handle RESULT_DECL.
3705 (readability_comparator): Make non-static. Consider stack depths.
3706 (impl_region_model_context::on_state_leak): Convert from svalue_id
3707 to const svalue *, updating for region_model changes. Use
3708 id_equal.
3709 (impl_region_model_context::on_inherited_svalue): Delete.
3710 (impl_region_model_context::on_cast): Delete.
3711 (impl_region_model_context::on_condition): Drop m_change.
3712 (impl_region_model_context::on_phi): Likewise.
3713 (impl_region_model_context::on_unexpected_tree_code): Handle t
3714 being NULL.
3715 (point_and_state::validate): Update stack checking for
3716 region_model changes.
3717 (eg_traits::dump_args_t::show_enode_details_p): New.
3718 (exploded_node::exploded_node): Initialize m_num_processed_stmts.
3719 (exploded_node::get_processed_stmt): New function.
3720 (exploded_node::get_dot_fillcolor): Add more colors.
3721 (exploded_node::dump_dot): Guard the printing of the point and
3722 state with show_enode_details_p. Print the processed stmts for
3723 this enode after the initial state.
3724 (exploded_node::dump_to_pp): Pass true for new multiline param
3725 of program_state::dump_to_pp.
3726 (exploded_node::on_stmt): Drop "change" param. Log the stmt.
3727 Set input_location. Implement __analyzer_describe. Update
3728 implementation of __analyzer_dump and __analyzer_eval.
3729 Remove purging of sm-state for unknown fncalls from here.
3730 (exploded_node::on_edge): Drop "change" param.
3731 (exploded_node::on_longjmp): Port from region_id/svalue_id to
3732 const region */const svalue *. Call program_state::detect_leaks.
3733 Drop state_change.
3734 (exploded_node::detect_leaks): Update for changes to region_model.
3735 Call program_state::detect_leaks.
3736 (exploded_edge::exploded_edge): Drop ext_state and change params.
3737 (exploded_edge::dump_dot): "args" is no longer used. Drop dumping
3738 of m_change.
3739 (exploded_graph::exploded_graph): Pass engine to
3740 m_diagnostic_manager ctor. Use program_point::origin.
3741 (exploded_graph::add_function_entry): Drop ctxt. Use
3742 program_state::push_frame. Drop state_change.
3743 (exploded_graph::get_or_create_node): Drop "change" param. Add
3744 "enode_for_diag" param. Update dumping calls for API changes.
3745 Pass point to can_merge_with_p. Show enode indices
3746 within -Wanalyzer-too-complex diagnostic for hitting the per-point
3747 limit.
3748 (exploded_graph::add_edge): Drop "change" param. Log which nodes
3749 are being connected. Update for changes to exploded_edge ctor.
3750 (exploded_graph::get_per_program_point_data): New.
3751 (exploded_graph::process_worklist): Pass point to
3752 can_merge_with_p. Drop state_change. Update dumping call for API
3753 change.
3754 (exploded_graph::process_node): Drop state_change. Split the
3755 node in-place if an sm-state-change occurs. Update
3756 m_num_processed_stmts. Update dumping calls for API change.
3757 (exploded_graph::log_stats): Call engine::log_stats.
3758 (exploded_graph::dump_states_for_supernode): Update dumping
3759 call.
3760 (exploded_path::feasible_p): Add "eng" and "eg" params.
3761 Rename "i" to "end_idx". Pass the manager to the region_model
3762 ctor. Update for every processed stmt in the enode, not just the
3763 first. Keep track of which snodes have been visited, and call
3764 loop_replay_fixup when revisiting one.
3765 (enode_label::get_text): Update dump call for new param.
3766 (exploded_graph::dump_exploded_nodes): Likewise.
3767 (exploded_graph::get_node_by_index): New.
3768 (impl_run_checkers): Create engine instance and pass its address
3769 to extrinsic_state ctor.
3770 * exploded-graph.h
3771 (impl_region_model_context::impl_region_model_context): Drop
3772 "change" params.
3773 (impl_region_model_context::void remap_svalue_ids): Delete.
3774 (impl_region_model_context::on_svalue_purge): Delete.
3775 (impl_region_model_context::on_svalue_leak): New.
3776 (impl_region_model_context::on_liveness_change): New.
3777 (impl_region_model_context::on_state_leak): Update signature.
3778 (impl_region_model_context::on_inherited_svalue): Delete.
3779 (impl_region_model_context::on_cast): Delete.
3780 (impl_region_model_context::on_unknown_change): Update signature.
3781 (impl_region_model_context::m_change): Delete.
3782 (eg_traits::dump_args_t::show_enode_details_p): New.
3783 (exploded_node::on_stmt): Drop "change" param.
3784 (exploded_node::on_edge): Likewise.
3785 (exploded_node::get_processed_stmt): New decl.
3786 (exploded_node::m_num_processed_stmts): New field.
3787 (exploded_edge::exploded_edge): Drop ext_state and change params.
3788 (exploded_edge::m_change): Delete.
3789 (exploded_graph::get_engine): New accessor.
3790 (exploded_graph::get_or_create_node): Drop "change" param. Add
3791 "enode_for_diag" param.
3792 (exploded_graph::add_edge): Drop "change" param.
3793 (exploded_graph::get_per_program_point_data): New decl.
3794 (exploded_graph::get_node_by_index): New decl.
3795 (exploded_path::feasible_p): Add "eng" and "eg" params.
3796 * program-point.cc: Include "analyzer/store.h" before including
3797 "analyzer/region-model.h".
3798 (function_point::function_point): Move here from
3799 program-point.h.
3800 (function_point::get_function): Likewise.
3801 (function_point::from_function_entry): Likewise.
3802 (function_point::before_supernode): Likewise.
3803 (function_point::next_stmt): New function.
3804 * program-point.h (function_point::function_point): Move
3805 implementation from here to program-point.cc.
3806 (function_point::get_function): Likewise.
3807 (function_point::from_function_entry): Likewise.
3808 (function_point::before_supernode): Likewise.
3809 (function_point::next_stmt): New decl.
3810 (program_point::operator!=): New.
3811 (program_point::origin): New.
3812 (program_point::next_stmt): New.
3813 (program_point::m_function_point): Make non-const.
3814 * program-state.cc: Move includes of "analyzer/call-string.h" and
3815 "analyzer/program-point.h" to before "analyzer/region-model.h",
3816 and also include "analyzer/store.h" before it.
3817 (extrinsic_state::get_model_manager): New.
3818 (sm_state_map::sm_state_map): Pass in sm and sm_idx to ctor,
3819 rather than pass the around.
3820 (sm_state_map::clone_with_remapping): Delete.
3821 (sm_state_map::print): Remove "sm" param in favor of "m_sm". Add
3822 "simple" and "multiline" params and support multiline vs single
3823 line dumping.
3824 (sm_state_map::dump): Remove "sm" param in favor of "m_sm". Add
3825 "simple" param.
3826 (sm_state_map::hash): Port from svalue_id to const svalue *.
3827 (sm_state_map::operator==): Likewise.
3828 (sm_state_map::get_state): Likewise. Call canonicalize_svalue on
3829 input. Handle inheritance of sm-state. Call get_default_state.
3830 (sm_state_map::get_origin): Port from svalue_id to const svalue *.
3831 (sm_state_map::set_state): Likewise. Pass in ext_state. Reject
3832 attempts to set state on UNKNOWN.
3833 (sm_state_map::impl_set_state): Port from svalue_id to
3834 const svalue *. Pass in ext_state. Call canonicalize_svalue on
3835 input.
3836 (sm_state_map::purge_for_unknown_fncall): Delete.
3837 (sm_state_map::on_svalue_leak): New.
3838 (sm_state_map::remap_svalue_ids): Delete.
3839 (sm_state_map::on_liveness_change): New.
3840 (sm_state_map::on_unknown_change): Reimplement.
3841 (sm_state_map::on_svalue_purge): Delete.
3842 (sm_state_map::on_inherited_svalue): Delete.
3843 (sm_state_map::on_cast): Delete.
3844 (sm_state_map::validate): Delete.
3845 (sm_state_map::canonicalize_svalue): New.
3846 (program_state::program_state): Update to pass manager to
3847 region_model's ctor. Constify num_states and pass state machine
3848 and index to sm_state_map ctor.
3849 (program_state::print): Update for changes to dump API.
3850 (program_state::dump_to_pp): Ignore the summarize param. Add
3851 "multiline" param.
3852 (program_state::dump_to_file): Add "multiline" param.
3853 (program_state::dump): Pass "true" for new "multiline" param.
3854 (program_state::push_frame): New.
3855 (program_state::on_edge): Drop "change" param. Call
3856 program_state::detect_leaks.
3857 (program_state::prune_for_point): Add enode_for_diag param.
3858 Reimplement based on store class. Call detect_leaks
3859 (program_state::remap_svalue_ids): Delete.
3860 (program_state::get_representative_tree): Port from svalue_id to
3861 const svalue *.
3862 (program_state::can_merge_with_p): Add "point" param. Add early
3863 reject for sm-differences. Drop id remapping.
3864 (program_state::validate): Drop region model and sm_state_map
3865 validation.
3866 (state_change::sm_change::dump): Delete.
3867 (state_change::sm_change::remap_svalue_ids): Delete.
3868 (state_change::sm_change::on_svalue_purge): Delete.
3869 (log_set_of_svalues): New.
3870 (state_change::sm_change::validate): Delete.
3871 (state_change::state_change): Delete.
3872 (state_change::add_sm_change): Delete.
3873 (state_change::affects_p): Delete.
3874 (state_change::dump): Delete.
3875 (state_change::remap_svalue_ids): Delete.
3876 (state_change::on_svalue_purge): Delete.
3877 (state_change::validate): Delete.
3878 (selftest::assert_dump_eq): Delete.
3879 (ASSERT_DUMP_EQ): Delete.
3880 (selftest::test_sm_state_map): Update for changes to region_model
3881 and sm_state_map, porting from svalue_id to const svalue *.
3882 (selftest::test_program_state_dumping): Likewise. Drop test of
3883 dumping, renaming to...
3884 (selftest::test_program_state_1): ...this.
3885 (selftest::test_program_state_dumping_2): Likewise, renaming to...
3886 (selftest::test_program_state_2): ...this.
3887 (selftest::test_program_state_merging): Update for changes to
3888 region_model.
3889 (selftest::test_program_state_merging_2): Likewise.
3890 (selftest::analyzer_program_state_cc_tests): Update for renamed
3891 tests.
3892 * program-state.h (extrinsic_state::extrinsic_state): Add logger
3893 and engine params.
3894 (extrinsic_state::get_logger): New accessor.
3895 (extrinsic_state::get_engine): New accessor.
3896 (extrinsic_state::get_model_manager): New accessor.
3897 (extrinsic_state::m_logger): New field.
3898 (extrinsic_state::m_engine): New field.
3899 (struct default_hash_traits<svalue_id>): Delete.
3900 (pod_hash_traits<svalue_id>::hash): Delete.
3901 (pod_hash_traits<svalue_id>::equal): Delete.
3902 (pod_hash_traits<svalue_id>::mark_deleted): Delete.
3903 (pod_hash_traits<svalue_id>::mark_empty): Delete.
3904 (pod_hash_traits<svalue_id>::is_deleted): Delete.
3905 (pod_hash_traits<svalue_id>::is_empty): Delete.
3906 (sm_state_map::entry_t::entry_t): Port from svalue_id to
3907 const svalue *.
3908 (sm_state_map::entry_t::m_origin): Likewise.
3909 (sm_state_map::map_t): Likewise.
3910 (sm_state_map::sm_state_map): Add state_machine and index params.
3911 (sm_state_map::clone_with_remapping): Delete.
3912 (sm_state_map::print): Drop sm param; add simple and multiline
3913 params.
3914 (sm_state_map::dump): Drop sm param; add simple param.
3915 (sm_state_map::get_state): Port from svalue_id to const svalue *.
3916 Add ext_state param.
3917 (sm_state_map::get_origin): Likewise.
3918 (sm_state_map::set_state): Likewise.
3919 (sm_state_map::impl_set_state): Likewise.
3920 (sm_state_map::purge_for_unknown_fncall): Delete.
3921 (sm_state_map::remap_svalue_ids): Delete.
3922 (sm_state_map::on_svalue_purge): Delete.
3923 (sm_state_map::on_svalue_leak): New.
3924 (sm_state_map::on_liveness_change): New.
3925 (sm_state_map::on_inherited_svalue): Delete.
3926 (sm_state_map::on_cast): Delete.
3927 (sm_state_map::validate): Delete.
3928 (sm_state_map::on_unknown_change): Port from svalue_id to
3929 const svalue *. Add is_mutable and ext_state params.
3930 (sm_state_map::canonicalize_svalue): New.
3931 (sm_state_map::m_sm): New field.
3932 (sm_state_map::m_sm_idx): New field.
3933 (program_state::operator=): Delete.
3934 (program_state::dump_to_pp): Drop "summarize" param, adding
3935 "simple" and "multiline".
3936 (program_state::dump_to_file): Likewise.
3937 (program_state::dump): Rename "summarize" to "simple".
3938 (program_state::push_frame): New.
3939 (program_state::get_current_function): New.
3940 (program_state::on_edge): Drop "change" param.
3941 (program_state::prune_for_point): Likewise. Add enode_for_diag
3942 param.
3943 (program_state::remap_svalue_ids): Delete.
3944 (program_state::get_representative_tree): Port from svalue_id to
3945 const svalue *.
3946 (program_state::can_purge_p): Likewise. Pass ext_state to get_state.
3947 (program_state::can_merge_with_p): Add point param.
3948 (program_state::detect_leaks): New.
3949 (state_change_visitor::on_state_change): Port from tree and
3950 svalue_id to a pair of const svalue *.
3951 (class state_change): Delete.
3952 * region.cc: New file.
3953 * region-model-impl-calls.cc: New file.
3954 * region-model-manager.cc: New file.
3955 * region-model-reachability.cc: New file.
3956 * region-model-reachability.h: New file.
3957 * region-model.cc: Include "analyzer/call-string.h",
3958 "analyzer/program-point.h", and "analyzer/store.h" before
3959 "analyzer/region-model.h". Include
3960 "analyzer/region-model-reachability.h".
3961 (dump_tree): Make non-static.
3962 (dump_quoted_tree): Make non-static.
3963 (print_quoted_type): Make non-static.
3964 (path_var::dump): Delete.
3965 (dump_separator): Delete.
3966 (class impl_constraint_manager): Delete.
3967 (svalue_id::print): Delete.
3968 (svalue_id::dump_node_name_to_pp): Delete.
3969 (svalue_id::validate): Delete.
3970 (region_id::print): Delete.
3971 (region_id::dump_node_name_to_pp): Delete.
3972 (region_id::validate): Delete.
3973 (region_id_set::region_id_set): Delete.
3974 (svalue_id_set::svalue_id_set): Delete.
3975 (svalue::operator==): Delete.
3976 (svalue::hash): Delete.
3977 (svalue::print): Delete.
3978 (svalue::dump_dot_to_pp): Delete.
3979 (svalue::remap_region_ids): Delete.
3980 (svalue::walk_for_canonicalization): Delete.
3981 (svalue::get_child_sid): Delete.
3982 (svalue::maybe_get_constant): Delete.
3983 (region_svalue::compare_fields): Delete.
3984 (region_svalue::add_to_hash): Delete.
3985 (region_svalue::print_details): Delete.
3986 (region_svalue::dump_dot_to_pp): Delete.
3987 (region_svalue::remap_region_ids): Delete.
3988 (region_svalue::merge_values): Delete.
3989 (region_svalue::walk_for_canonicalization): Delete.
3990 (region_svalue::eval_condition): Delete.
3991 (constant_svalue::compare_fields): Delete.
3992 (constant_svalue::add_to_hash): Delete.
3993 (constant_svalue::merge_values): Delete.
3994 (constant_svalue::eval_condition): Move to svalue.cc.
3995 (constant_svalue::print_details): Delete.
3996 (constant_svalue::get_child_sid): Delete.
3997 (unknown_svalue::compare_fields): Delete.
3998 (unknown_svalue::add_to_hash): Delete.
3999 (unknown_svalue::print_details): Delete.
4000 (poison_kind_to_str): Move to svalue.cc.
4001 (poisoned_svalue::compare_fields): Delete.
4002 (poisoned_svalue::add_to_hash): Delete.
4003 (poisoned_svalue::print_details): Delete.
4004 (region_kind_to_str): Move to region.cc and reimplement.
4005 (region::operator==): Delete.
4006 (region::get_parent_region): Delete.
4007 (region::set_value): Delete.
4008 (region::become_active_view): Delete.
4009 (region::deactivate_any_active_view): Delete.
4010 (region::deactivate_view): Delete.
4011 (region::get_value): Delete.
4012 (region::get_inherited_child_sid): Delete.
4013 (region_model::copy_region): Delete.
4014 (region_model::copy_struct_region): Delete.
4015 (region_model::copy_union_region): Delete.
4016 (region_model::copy_array_region): Delete.
4017 (region::hash): Delete.
4018 (region::print): Delete.
4019 (region::dump_dot_to_pp): Delete.
4020 (region::dump_to_pp): Delete.
4021 (region::dump_child_label): Delete.
4022 (region::validate): Delete.
4023 (region::remap_svalue_ids): Delete.
4024 (region::remap_region_ids): Delete.
4025 (region::add_view): Delete.
4026 (region::get_view): Delete.
4027 (region::region): Move to region.cc.
4028 (region::add_to_hash): Delete.
4029 (region::print_fields): Delete.
4030 (region::non_null_p): Delete.
4031 (primitive_region::clone): Delete.
4032 (primitive_region::walk_for_canonicalization): Delete.
4033 (map_region::map_region): Delete.
4034 (map_region::compare_fields): Delete.
4035 (map_region::print_fields): Delete.
4036 (map_region::validate): Delete.
4037 (map_region::dump_dot_to_pp): Delete.
4038 (map_region::dump_child_label): Delete.
4039 (map_region::get_or_create): Delete.
4040 (map_region::get): Delete.
4041 (map_region::add_to_hash): Delete.
4042 (map_region::remap_region_ids): Delete.
4043 (map_region::unbind): Delete.
4044 (map_region::get_tree_for_child_region): Delete.
4045 (map_region::get_tree_for_child_region): Delete.
4046 (tree_cmp): Move to region.cc.
4047 (map_region::can_merge_p): Delete.
4048 (map_region::walk_for_canonicalization): Delete.
4049 (map_region::get_value_by_name): Delete.
4050 (struct_or_union_region::valid_key_p): Delete.
4051 (struct_or_union_region::compare_fields): Delete.
4052 (struct_region::clone): Delete.
4053 (struct_region::compare_fields): Delete.
4054 (union_region::clone): Delete.
4055 (union_region::compare_fields): Delete.
4056 (frame_region::compare_fields): Delete.
4057 (frame_region::clone): Delete.
4058 (frame_region::valid_key_p): Delete.
4059 (frame_region::print_fields): Delete.
4060 (frame_region::add_to_hash): Delete.
4061 (globals_region::compare_fields): Delete.
4062 (globals_region::clone): Delete.
4063 (globals_region::valid_key_p): Delete.
4064 (code_region::compare_fields): Delete.
4065 (code_region::clone): Delete.
4066 (code_region::valid_key_p): Delete.
4067 (array_region::array_region): Delete.
4068 (array_region::get_element): Delete.
4069 (array_region::clone): Delete.
4070 (array_region::compare_fields): Delete.
4071 (array_region::print_fields): Delete.
4072 (array_region::validate): Delete.
4073 (array_region::dump_dot_to_pp): Delete.
4074 (array_region::dump_child_label): Delete.
4075 (array_region::get_or_create): Delete.
4076 (array_region::get): Delete.
4077 (array_region::add_to_hash): Delete.
4078 (array_region::remap_region_ids): Delete.
4079 (array_region::get_key_for_child_region): Delete.
4080 (array_region::key_cmp): Delete.
4081 (array_region::walk_for_canonicalization): Delete.
4082 (array_region::key_from_constant): Delete.
4083 (array_region::constant_from_key): Delete.
4084 (function_region::compare_fields): Delete.
4085 (function_region::clone): Delete.
4086 (function_region::valid_key_p): Delete.
4087 (stack_region::stack_region): Delete.
4088 (stack_region::compare_fields): Delete.
4089 (stack_region::clone): Delete.
4090 (stack_region::print_fields): Delete.
4091 (stack_region::dump_child_label): Delete.
4092 (stack_region::validate): Delete.
4093 (stack_region::push_frame): Delete.
4094 (stack_region::get_current_frame_id): Delete.
4095 (stack_region::pop_frame): Delete.
4096 (stack_region::add_to_hash): Delete.
4097 (stack_region::remap_region_ids): Delete.
4098 (stack_region::can_merge_p): Delete.
4099 (stack_region::walk_for_canonicalization): Delete.
4100 (stack_region::get_value_by_name): Delete.
4101 (heap_region::heap_region): Delete.
4102 (heap_region::compare_fields): Delete.
4103 (heap_region::clone): Delete.
4104 (heap_region::walk_for_canonicalization): Delete.
4105 (root_region::root_region): Delete.
4106 (root_region::compare_fields): Delete.
4107 (root_region::clone): Delete.
4108 (root_region::print_fields): Delete.
4109 (root_region::validate): Delete.
4110 (root_region::dump_child_label): Delete.
4111 (root_region::push_frame): Delete.
4112 (root_region::get_current_frame_id): Delete.
4113 (root_region::pop_frame): Delete.
4114 (root_region::ensure_stack_region): Delete.
4115 (root_region::get_stack_region): Delete.
4116 (root_region::ensure_globals_region): Delete.
4117 (root_region::get_code_region): Delete.
4118 (root_region::ensure_code_region): Delete.
4119 (root_region::get_globals_region): Delete.
4120 (root_region::ensure_heap_region): Delete.
4121 (root_region::get_heap_region): Delete.
4122 (root_region::remap_region_ids): Delete.
4123 (root_region::can_merge_p): Delete.
4124 (root_region::add_to_hash): Delete.
4125 (root_region::walk_for_canonicalization): Delete.
4126 (root_region::get_value_by_name): Delete.
4127 (symbolic_region::symbolic_region): Delete.
4128 (symbolic_region::compare_fields): Delete.
4129 (symbolic_region::clone): Delete.
4130 (symbolic_region::walk_for_canonicalization): Delete.
4131 (symbolic_region::print_fields): Delete.
4132 (region_model::region_model): Add region_model_manager * param.
4133 Reimplement in terms of store, dropping impl_constraint_manager
4134 subclass.
4135 (region_model::operator=): Reimplement in terms of store
4136 (region_model::operator==): Likewise.
4137 (region_model::hash): Likewise.
4138 (region_model::print): Delete.
4139 (region_model::print_svalue): Delete.
4140 (region_model::dump_dot_to_pp): Delete.
4141 (region_model::dump_dot_to_file): Delete.
4142 (region_model::dump_dot): Delete.
4143 (region_model::dump_to_pp): Replace "summarize" param with
4144 "simple" and "multiline". Port to store-based implementation.
4145 (region_model::dump): Replace "summarize" param with "simple" and
4146 "multiline".
4147 (dump_vec_of_tree): Delete.
4148 (region_model::dump_summary_of_rep_path_vars): Delete.
4149 (region_model::validate): Delete.
4150 (svalue_id_cmp_by_constant_svalue_model): Delete.
4151 (svalue_id_cmp_by_constant_svalue): Delete.
4152 (region_model::canonicalize): Drop "ctxt" param. Reimplement in
4153 terms of store and constraints.
4154 (region_model::canonicalized_p): Remove NULL arg to canonicalize.
4155 (region_model::loop_replay_fixup): New.
4156 (poisoned_value_diagnostic::emit): Tweak wording of warnings.
4157 (region_model::check_for_poison): Delete.
4158 (region_model::get_gassign_result): New.
4159 (region_model::on_assignment): Port to store-based implementation.
4160 (region_model::on_call_pre): Delete calls to check_for_poison.
4161 Move implementations to region-model-impl-calls.c and port to
4162 store-based implementation.
4163 (region_model::on_call_post): Likewise.
4164 (class reachable_regions): Move to region-model-reachability.h/cc
4165 and port to store-based implementation.
4166 (region_model::handle_unrecognized_call): Port to store-based
4167 implementation.
4168 (region_model::get_reachable_svalues): New.
4169 (region_model::on_setjmp): Port to store-based implementation.
4170 (region_model::on_longjmp): Likewise.
4171 (region_model::handle_phi): Drop is_back_edge param and the logic
4172 using it.
4173 (region_model::get_lvalue_1): Port from region_id to const region *.
4174 (region_model::make_region_for_unexpected_tree_code): Delete.
4175 (assert_compat_types): If the check fails, use internal_error to
4176 show the types.
4177 (region_model::get_lvalue): Port from region_id to const region *.
4178 (region_model::get_rvalue_1): Port from svalue_id to const svalue *.
4179 (region_model::get_rvalue): Likewise.
4180 (region_model::get_or_create_ptr_svalue): Delete.
4181 (region_model::get_or_create_constant_svalue): Delete.
4182 (region_model::get_svalue_for_fndecl): Delete.
4183 (region_model::get_region_for_fndecl): Delete.
4184 (region_model::get_svalue_for_label): Delete.
4185 (region_model::get_region_for_label): Delete.
4186 (build_cast): Delete.
4187 (region_model::maybe_cast_1): Delete.
4188 (region_model::maybe_cast): Delete.
4189 (region_model::get_field_region): Delete.
4190 (region_model::get_store_value): New.
4191 (region_model::region_exists_p): New.
4192 (region_model::deref_rvalue): Port from svalue_id to const svalue *.
4193 (region_model::set_value): Likewise.
4194 (region_model::clobber_region): New.
4195 (region_model::purge_region): New.
4196 (region_model::zero_fill_region): New.
4197 (region_model::mark_region_as_unknown): New.
4198 (region_model::eval_condition): Port from svalue_id to
4199 const svalue *.
4200 (region_model::eval_condition_without_cm): Likewise.
4201 (region_model::compare_initial_and_pointer): New.
4202 (region_model::add_constraint): Port from svalue_id to
4203 const svalue *.
4204 (region_model::maybe_get_constant): Delete.
4205 (region_model::get_representative_path_var): New.
4206 (region_model::add_new_malloc_region): Delete.
4207 (region_model::get_representative_tree): Port to const svalue *.
4208 (region_model::get_representative_path_var): Port to
4209 const region *.
4210 (region_model::get_path_vars_for_svalue): Delete.
4211 (region_model::set_to_new_unknown_value): Delete.
4212 (region_model::update_for_phis): Don't pass is_back_edge to handle_phi.
4213 (region_model::update_for_call_superedge): Port from svalue_id to
4214 const svalue *.
4215 (region_model::update_for_return_superedge): Port to store-based
4216 implementation.
4217 (region_model::update_for_call_summary): Replace
4218 set_to_new_unknown_value with mark_region_as_unknown.
4219 (region_model::get_root_region): Delete.
4220 (region_model::get_stack_region_id): Delete.
4221 (region_model::push_frame): Delete.
4222 (region_model::get_current_frame_id): Delete.
4223 (region_model::get_current_function): Delete.
4224 (region_model::pop_frame): Delete.
4225 (region_model::on_top_level_param): New.
4226 (region_model::get_stack_depth): Delete.
4227 (region_model::get_function_at_depth): Delete.
4228 (region_model::get_globals_region_id): Delete.
4229 (region_model::add_svalue): Delete.
4230 (region_model::replace_svalue): Delete.
4231 (region_model::add_region): Delete.
4232 (region_model::get_svalue): Delete.
4233 (region_model::get_region): Delete.
4234 (make_region_for_type): Delete.
4235 (region_model::add_region_for_type): Delete.
4236 (region_model::on_top_level_param): New.
4237 (class restrict_to_used_svalues): Delete.
4238 (region_model::purge_unused_svalues): Delete.
4239 (region_model::push_frame): New.
4240 (region_model::remap_svalue_ids): Delete.
4241 (region_model::remap_region_ids): Delete.
4242 (region_model::purge_regions): Delete.
4243 (region_model::get_descendents): Delete.
4244 (region_model::delete_region_and_descendents): Delete.
4245 (region_model::poison_any_pointers_to_bad_regions): Delete.
4246 (region_model::can_merge_with_p): Delete.
4247 (region_model::get_current_function): New.
4248 (region_model::get_value_by_name): Delete.
4249 (region_model::convert_byte_offset_to_array_index): Delete.
4250 (region_model::pop_frame): New.
4251 (region_model::get_or_create_mem_ref): Delete.
4252 (region_model::get_stack_depth): New.
4253 (region_model::get_frame_at_index): New.
4254 (region_model::unbind_region_and_descendents): New.
4255 (struct bad_pointer_finder): New.
4256 (region_model::get_or_create_pointer_plus_expr): Delete.
4257 (region_model::poison_any_pointers_to_descendents): New.
4258 (region_model::get_or_create_view): Delete.
4259 (region_model::can_merge_with_p): New.
4260 (region_model::get_fndecl_for_call): Port from svalue_id to
4261 const svalue *.
4262 (struct append_ssa_names_cb_data): New.
4263 (get_ssa_name_regions_for_current_frame): New.
4264 (region_model::append_ssa_names_cb): New.
4265 (model_merger::dump_to_pp): Add "simple" param. Drop dumping of
4266 remappings.
4267 (model_merger::dump): Add "simple" param to both overloads.
4268 (model_merger::can_merge_values_p): Delete.
4269 (model_merger::record_regions): Delete.
4270 (model_merger::record_svalues): Delete.
4271 (svalue_id_merger_mapping::svalue_id_merger_mapping): Delete.
4272 (svalue_id_merger_mapping::dump_to_pp): Delete.
4273 (svalue_id_merger_mapping::dump): Delete.
4274 (region_model::create_region_for_heap_alloc): New.
4275 (region_model::create_region_for_alloca): New.
4276 (region_model::record_dynamic_extents): New.
4277 (canonicalization::canonicalization): Delete.
4278 (canonicalization::walk_rid): Delete.
4279 (canonicalization::walk_sid): Delete.
4280 (canonicalization::dump_to_pp): Delete.
4281 (canonicalization::dump): Delete.
4282 (inchash::add): Delete overloads for svalue_id and region_id.
4283 (engine::log_stats): New.
4284 (assert_condition): Add overload comparing svalues.
4285 (assert_dump_eq): Pass "true" for multiline.
4286 (selftest::test_dump): Update for rewrite of region_model.
4287 (selftest::test_dump_2): Rename to...
4288 (selftest::test_struct): ...this. Provide a region_model_manager
4289 when creating region_model instance. Remove dump test. Add
4290 checks for get_offset.
4291 (selftest::test_dump_3): Rename to...
4292 (selftest::test_array_1): ...this. Provide a region_model_manager
4293 when creating region_model instance. Remove dump test.
4294 (selftest::test_get_representative_tree): Port from svalue_id to
4295 new API. Add test coverage for various expressions.
4296 (selftest::test_unique_constants): Provide a region_model_manager
4297 for the region_model. Add test coverage for comparing const vs
4298 non-const.
4299 (selftest::test_svalue_equality): Delete.
4300 (selftest::test_region_equality): Delete.
4301 (selftest::test_unique_unknowns): New.
4302 (class purge_all_svalue_ids): Delete.
4303 (class purge_one_svalue_id): Delete.
4304 (selftest::test_purging_by_criteria): Delete.
4305 (selftest::test_initial_svalue_folding): New.
4306 (selftest::test_unaryop_svalue_folding): New.
4307 (selftest::test_binop_svalue_folding): New.
4308 (selftest::test_sub_svalue_folding): New.
4309 (selftest::test_purge_unused_svalues): Delete.
4310 (selftest::test_descendent_of_p): New.
4311 (selftest::test_assignment): Provide a region_model_manager for
4312 the region_model. Drop the dump test.
4313 (selftest::test_compound_assignment): Likewise.
4314 (selftest::test_stack_frames): Port to new implementation.
4315 (selftest::test_get_representative_path_var): Likewise.
4316 (selftest::test_canonicalization_1): Rename to...
4317 (selftest::test_equality_1): ...this. Port to new API, and add
4318 (selftest::test_canonicalization_2): Provide a
4319 region_model_manager when creating region_model instances.
4320 Remove redundant canicalization.
4321 (selftest::test_canonicalization_3): Provide a
4322 region_model_manager when creating region_model instances.
4323 Remove param from calls to region_model::canonicalize.
4324 (selftest::test_canonicalization_4): Likewise.
4325 (selftest::assert_region_models_merge): Constify
4326 out_merged_svalue. Port to new API.
4327 (selftest::test_state_merging): Provide a
4328 region_model_manager when creating region_model instances.
4329 Provide a program_point point when merging them. Replace
4330 set_to_new_unknown_value with usage of placeholder_svalues.
4331 Drop get_value_by_name. Port from svalue_id to const svalue *.
4332 Add test of heap allocation.
4333 (selftest::test_constraint_merging): Provide a
4334 region_model_manager when creating region_model instances.
4335 Provide a program_point point when merging them. Eliminate use
4336 of set_to_new_unknown_value.
4337 (selftest::test_widening_constraints): New.
4338 (selftest::test_iteration_1): New.
4339 (selftest::test_malloc_constraints): Port to store-based
4340 implementation.
4341 (selftest::test_var): New test.
4342 (selftest::test_array_2): New test.
4343 (selftest::test_mem_ref): New test.
4344 (selftest::test_POINTER_PLUS_EXPR_then_MEM_REF): New.
4345 (selftest::test_malloc): New.
4346 (selftest::test_alloca): New.
4347 (selftest::analyzer_region_model_cc_tests): Update for renamings.
4348 Call new functions.
4349 * region-model.h (class path_var): Move to analyzer.h.
4350 (class svalue_id): Delete.
4351 (class region_id): Delete.
4352 (class id_map): Delete.
4353 (svalue_id_map): Delete.
4354 (region_id_map): Delete.
4355 (id_map<T>::id_map): Delete.
4356 (id_map<T>::put): Delete.
4357 (id_map<T>::get_dst_for_src): Delete.
4358 (id_map<T>::get_src_for_dst): Delete.
4359 (id_map<T>::dump_to_pp): Delete.
4360 (id_map<T>::dump): Delete.
4361 (id_map<T>::update): Delete.
4362 (one_way_svalue_id_map): Delete.
4363 (one_way_region_id_map): Delete.
4364 (class region_id_set): Delete.
4365 (class svalue_id_set): Delete.
4366 (struct complexity): New.
4367 (class visitor): New.
4368 (enum svalue_kind): Add SK_SETJMP, SK_INITIAL, SK_UNARYOP,
4369 SK_BINOP, SK_SUB,SK_UNMERGEABLE, SK_PLACEHOLDER, SK_WIDENING,
4370 SK_COMPOUND, and SK_CONJURED.
4371 (svalue::operator==): Delete.
4372 (svalue::operator!=): Delete.
4373 (svalue::clone): Delete.
4374 (svalue::hash): Delete.
4375 (svalue::dump_dot_to_pp): Delete.
4376 (svalue::dump_to_pp): New.
4377 (svalue::dump): New.
4378 (svalue::get_desc): New.
4379 (svalue::dyn_cast_initial_svalue): New.
4380 (svalue::dyn_cast_unaryop_svalue): New.
4381 (svalue::dyn_cast_binop_svalue): New.
4382 (svalue::dyn_cast_sub_svalue): New.
4383 (svalue::dyn_cast_unmergeable_svalue): New.
4384 (svalue::dyn_cast_widening_svalue): New.
4385 (svalue::dyn_cast_compound_svalue): New.
4386 (svalue::dyn_cast_conjured_svalue): New.
4387 (svalue::maybe_undo_cast): New.
4388 (svalue::unwrap_any_unmergeable): New.
4389 (svalue::remap_region_ids): Delete
4390 (svalue::can_merge_p): New.
4391 (svalue::walk_for_canonicalization): Delete
4392 (svalue::get_complexity): New.
4393 (svalue::get_child_sid): Delete
4394 (svalue::accept): New.
4395 (svalue::live_p): New.
4396 (svalue::implicitly_live_p): New.
4397 (svalue::svalue): Add complexity param.
4398 (svalue::add_to_hash): Delete
4399 (svalue::print_details): Delete
4400 (svalue::m_complexity): New field.
4401 (region_svalue::key_t): New struct.
4402 (region_svalue::region_svalue): Port from region_id to
4403 const region_id *. Add complexity.
4404 (region_svalue::compare_fields): Delete.
4405 (region_svalue::clone): Delete.
4406 (region_svalue::dump_dot_to_pp): Delete.
4407 (region_svalue::get_pointee): Port from region_id to
4408 const region_id *.
4409 (region_svalue::remap_region_ids): Delete.
4410 (region_svalue::merge_values): Delete.
4411 (region_svalue::dump_to_pp): New.
4412 (region_svalue::accept): New.
4413 (region_svalue::walk_for_canonicalization): Delete.
4414 (region_svalue::eval_condition): Make params const.
4415 (region_svalue::add_to_hash): Delete.
4416 (region_svalue::print_details): Delete.
4417 (region_svalue::m_rid): Replace with...
4418 (region_svalue::m_reg): ...this.
4419 (is_a_helper <region_svalue *>::test): Convert to...
4420 (is_a_helper <const region_svalue *>::test): ...this.
4421 (template <> struct default_hash_traits<region_svalue::key_t>):
4422 New.
4423 (constant_svalue::constant_svalue): Add complexity.
4424 (constant_svalue::compare_fields): Delete.
4425 (constant_svalue::clone): Delete.
4426 (constant_svalue::add_to_hash): Delete.
4427 (constant_svalue::dump_to_pp): New.
4428 (constant_svalue::accept): New.
4429 (constant_svalue::implicitly_live_p): New.
4430 (constant_svalue::merge_values): Delete.
4431 (constant_svalue::eval_condition): Make params const.
4432 (constant_svalue::get_child_sid): Delete.
4433 (constant_svalue::print_details): Delete.
4434 (is_a_helper <constant_svalue *>::test): Convert to...
4435 (is_a_helper <const constant_svalue *>::test): ...this.
4436 (class unknown_svalue): Update leading comment.
4437 (unknown_svalue::unknown_svalue): Add complexity.
4438 (unknown_svalue::compare_fields): Delete.
4439 (unknown_svalue::add_to_hash): Delete.
4440 (unknown_svalue::dyn_cast_unknown_svalue): Delete.
4441 (unknown_svalue::print_details): Delete.
4442 (unknown_svalue::dump_to_pp): New.
4443 (unknown_svalue::accept): New.
4444 (poisoned_svalue::key_t): New struct.
4445 (poisoned_svalue::poisoned_svalue): Add complexity.
4446 (poisoned_svalue::compare_fields): Delete.
4447 (poisoned_svalue::clone): Delete.
4448 (poisoned_svalue::add_to_hash): Delete.
4449 (poisoned_svalue::dump_to_pp): New.
4450 (poisoned_svalue::accept): New.
4451 (poisoned_svalue::print_details): Delete.
4452 (is_a_helper <poisoned_svalue *>::test): Convert to...
4453 (is_a_helper <const poisoned_svalue *>::test): ...this.
4454 (template <> struct default_hash_traits<poisoned_svalue::key_t>):
4455 New.
4456 (setjmp_record::add_to_hash): New.
4457 (setjmp_svalue::key_t): New struct.
4458 (setjmp_svalue::compare_fields): Delete.
4459 (setjmp_svalue::clone): Delete.
4460 (setjmp_svalue::add_to_hash): Delete.
4461 (setjmp_svalue::setjmp_svalue): Add complexity.
4462 (setjmp_svalue::dump_to_pp): New.
4463 (setjmp_svalue::accept): New.
4464 (setjmp_svalue::void print_details): Delete.
4465 (is_a_helper <const setjmp_svalue *>::test): New.
4466 (template <> struct default_hash_traits<setjmp_svalue::key_t>): New.
4467 (class initial_svalue : public svalue): New.
4468 (is_a_helper <const initial_svalue *>::test): New.
4469 (class unaryop_svalue): New.
4470 (is_a_helper <const unaryop_svalue *>::test): New.
4471 (template <> struct default_hash_traits<unaryop_svalue::key_t>): New.
4472 (class binop_svalue): New.
4473 (is_a_helper <const binop_svalue *>::test): New.
4474 (template <> struct default_hash_traits<binop_svalue::key_t>): New.
4475 (class sub_svalue): New.
4476 (is_a_helper <const sub_svalue *>::test): New.
4477 (template <> struct default_hash_traits<sub_svalue::key_t>): New.
4478 (class unmergeable_svalue): New.
4479 (is_a_helper <const unmergeable_svalue *>::test): New.
4480 (class placeholder_svalue): New.
4481 (is_a_helper <placeholder_svalue *>::test): New.
4482 (class widening_svalue): New.
4483 (is_a_helper <widening_svalue *>::test): New.
4484 (template <> struct default_hash_traits<widening_svalue::key_t>): New.
4485 (class compound_svalue): New.
4486 (is_a_helper <compound_svalue *>::test): New.
4487 (template <> struct default_hash_traits<compound_svalue::key_t>): New.
4488 (class conjured_svalue): New.
4489 (is_a_helper <conjured_svalue *>::test): New.
4490 (template <> struct default_hash_traits<conjured_svalue::key_t>): New.
4491 (enum region_kind): Delete RK_PRIMITIVE, RK_STRUCT, RK_UNION, and
4492 RK_ARRAY. Add RK_LABEL, RK_DECL, RK_FIELD, RK_ELEMENT, RK_OFFSET,
4493 RK_CAST, RK_HEAP_ALLOCATED, RK_ALLOCA, RK_STRING, and RK_UNKNOWN.
4494 (region_kind_to_str): Delete.
4495 (region::~region): Move implementation to region.cc.
4496 (region::operator==): Delete.
4497 (region::operator!=): Delete.
4498 (region::clone): Delete.
4499 (region::get_id): New.
4500 (region::cmp_ids): New.
4501 (region::dyn_cast_map_region): Delete.
4502 (region::dyn_cast_array_region): Delete.
4503 (region::region_id get_parent): Delete.
4504 (region::get_parent_region): Convert to a simple accessor.
4505 (region::void set_value): Delete.
4506 (region::svalue_id get_value): Delete.
4507 (region::svalue_id get_value_direct): Delete.
4508 (region::svalue_id get_inherited_child_sid): Delete.
4509 (region::dyn_cast_frame_region): New.
4510 (region::dyn_cast_function_region): New.
4511 (region::dyn_cast_decl_region): New.
4512 (region::dyn_cast_field_region): New.
4513 (region::dyn_cast_element_region): New.
4514 (region::dyn_cast_offset_region): New.
4515 (region::dyn_cast_cast_region): New.
4516 (region::dyn_cast_string_region): New.
4517 (region::accept): New.
4518 (region::get_base_region): New.
4519 (region::base_region_p): New.
4520 (region::descendent_of_p): New.
4521 (region::maybe_get_frame_region): New.
4522 (region::maybe_get_decl): New.
4523 (region::hash): Delete.
4524 (region::rint): Delete.
4525 (region::dump_dot_to_pp): Delete.
4526 (region::get_desc): New.
4527 (region::dump_to_pp): Convert to vfunc, changing signature.
4528 (region::dump_child_label): Delete.
4529 (region::remap_svalue_ids): Delete.
4530 (region::remap_region_ids): Delete.
4531 (region::dump): New.
4532 (region::walk_for_canonicalization): Delete.
4533 (region::non_null_p): Drop region_model param.
4534 (region::add_view): Delete.
4535 (region::get_view): Delete.
4536 (region::get_active_view): Delete.
4537 (region::is_view_p): Delete.
4538 (region::cmp_ptrs): New.
4539 (region::validate): Delete.
4540 (region::get_offset): New.
4541 (region::get_byte_size): New.
4542 (region::get_bit_size): New.
4543 (region::get_subregions_for_binding): New.
4544 (region::region): Add complexity param. Convert parent from
4545 region_id to const region *. Drop svalue_id. Drop copy ctor.
4546 (region::symbolic_for_unknown_ptr_p): New.
4547 (region::add_to_hash): Delete.
4548 (region::print_fields): Delete.
4549 (region::get_complexity): New accessor.
4550 (region::become_active_view): Delete.
4551 (region::deactivate_any_active_view): Delete.
4552 (region::deactivate_view): Delete.
4553 (region::calc_offset): New.
4554 (region::m_parent_rid): Delete.
4555 (region::m_sval_id): Delete.
4556 (region::m_complexity): New.
4557 (region::m_id): New.
4558 (region::m_parent): New.
4559 (region::m_view_rids): Delete.
4560 (region::m_is_view): Delete.
4561 (region::m_active_view_rid): Delete.
4562 (region::m_cached_offset): New.
4563 (is_a_helper <region *>::test): Convert to...
4564 (is_a_helper <const region *>::test): ... this.
4565 (class primitive_region): Delete.
4566 (class space_region): New.
4567 (class map_region): Delete.
4568 (is_a_helper <map_region *>::test): Delete.
4569 (class frame_region): Reimplement.
4570 (template <> struct default_hash_traits<frame_region::key_t>):
4571 New.
4572 (class globals_region): Reimplement.
4573 (is_a_helper <globals_region *>::test): Convert to...
4574 (is_a_helper <const globals_region *>::test): ...this.
4575 (class struct_or_union_region): Delete.
4576 (is_a_helper <struct_or_union_region *>::test): Delete.
4577 (class code_region): Reimplement.
4578 (is_a_helper <const code_region *>::test): New.
4579 (class struct_region): Delete.
4580 (is_a_helper <struct_region *>::test): Delete.
4581 (class function_region): Reimplement.
4582 (is_a_helper <function_region *>::test): Convert to...
4583 (is_a_helper <const function_region *>::test): ...this.
4584 (class union_region): Delete.
4585 (is_a_helper <union_region *>::test): Delete.
4586 (class label_region): New.
4587 (is_a_helper <const label_region *>::test): New.
4588 (class scope_region): Delete.
4589 (class stack_region): Reimplement.
4590 (is_a_helper <stack_region *>::test): Convert to...
4591 (is_a_helper <const stack_region *>::test): ...this.
4592 (class heap_region): Reimplement.
4593 (is_a_helper <heap_region *>::test): Convert to...
4594 (is_a_helper <const heap_region *>::test): ...this.
4595 (class root_region): Reimplement.
4596 (is_a_helper <root_region *>::test): Convert to...
4597 (is_a_helper <const root_region *>::test): ...this.
4598 (class symbolic_region): Reimplement.
4599 (is_a_helper <const symbolic_region *>::test): New.
4600 (template <> struct default_hash_traits<symbolic_region::key_t>):
4601 New.
4602 (class decl_region): New.
4603 (is_a_helper <const decl_region *>::test): New.
4604 (class field_region): New.
4605 (template <> struct default_hash_traits<field_region::key_t>): New.
4606 (class array_region): Delete.
4607 (class element_region): New.
4608 (is_a_helper <array_region *>::test): Delete.
4609 (is_a_helper <const element_region *>::test): New.
4610 (template <> struct default_hash_traits<element_region::key_t>):
4611 New.
4612 (class offset_region): New.
4613 (is_a_helper <const offset_region *>::test): New.
4614 (template <> struct default_hash_traits<offset_region::key_t>):
4615 New.
4616 (class cast_region): New.
4617 (is_a_helper <const cast_region *>::test): New.
4618 (template <> struct default_hash_traits<cast_region::key_t>): New.
4619 (class heap_allocated_region): New.
4620 (class alloca_region): New.
4621 (class string_region): New.
4622 (is_a_helper <const string_region *>::test): New.
4623 (class unknown_region): New.
4624 (class region_model_manager): New.
4625 (struct append_ssa_names_cb_data): New.
4626 (class call_details): New.
4627 (region_model::region_model): Add region_model_manager param.
4628 (region_model::print_svalue): Delete.
4629 (region_model::dump_dot_to_pp): Delete.
4630 (region_model::dump_dot_to_file): Delete.
4631 (region_model::dump_dot): Delete.
4632 (region_model::dump_to_pp): Drop summarize param in favor of
4633 simple and multiline.
4634 (region_model::dump): Likewise.
4635 (region_model::summarize_to_pp): Delete.
4636 (region_model::summarize): Delete.
4637 (region_model::void canonicalize): Drop ctxt param.
4638 (region_model::void check_for_poison): Delete.
4639 (region_model::get_gassign_result): New.
4640 (region_model::impl_call_alloca): New.
4641 (region_model::impl_call_analyzer_describe): New.
4642 (region_model::impl_call_analyzer_eval): New.
4643 (region_model::impl_call_builtin_expect): New.
4644 (region_model::impl_call_calloc): New.
4645 (region_model::impl_call_free): New.
4646 (region_model::impl_call_malloc): New.
4647 (region_model::impl_call_memset): New.
4648 (region_model::impl_call_strlen): New.
4649 (region_model::get_reachable_svalues): New.
4650 (region_model::handle_phi): Drop is_back_edge param.
4651 (region_model::region_id get_root_rid): Delete.
4652 (region_model::root_region *get_root_region): Delete.
4653 (region_model::region_id get_stack_region_id): Delete.
4654 (region_model::push_frame): Convert from region_id and svalue_id
4655 to const region * and const svalue *.
4656 (region_model::get_current_frame_id): Replace with...
4657 (region_model::get_current_frame): ...this.
4658 (region_model::pop_frame): Convert from region_id to
4659 const region *. Drop purge and stats param. Add out_result.
4660 (region_model::function *get_function_at_depth): Delete.
4661 (region_model::get_globals_region_id): Delete.
4662 (region_model::add_svalue): Delete.
4663 (region_model::replace_svalue): Delete.
4664 (region_model::add_region): Delete.
4665 (region_model::add_region_for_type): Delete.
4666 (region_model::get_svalue): Delete.
4667 (region_model::get_region): Delete.
4668 (region_model::get_lvalue): Convert from region_id to
4669 const region *.
4670 (region_model::get_rvalue): Convert from svalue_id to
4671 const svalue *.
4672 (region_model::get_or_create_ptr_svalue): Delete.
4673 (region_model::get_or_create_constant_svalue): Delete.
4674 (region_model::get_svalue_for_fndecl): Delete.
4675 (region_model::get_svalue_for_label): Delete.
4676 (region_model::get_region_for_fndecl): Delete.
4677 (region_model::get_region_for_label): Delete.
4678 (region_model::get_frame_at_index (int index) const;): New.
4679 (region_model::maybe_cast): Delete.
4680 (region_model::maybe_cast_1): Delete.
4681 (region_model::get_field_region): Delete.
4682 (region_model::id deref_rvalue): Convert from region_id and
4683 svalue_id to const region * and const svalue *. Drop overload,
4684 passing in both a tree and an svalue.
4685 (region_model::set_value): Convert from region_id and svalue_id to
4686 const region * and const svalue *.
4687 (region_model::set_to_new_unknown_value): Delete.
4688 (region_model::clobber_region (const region *reg);): New.
4689 (region_model::purge_region (const region *reg);): New.
4690 (region_model::zero_fill_region (const region *reg);): New.
4691 (region_model::mark_region_as_unknown (const region *reg);): New.
4692 (region_model::copy_region): Convert from region_id to
4693 const region *.
4694 (region_model::eval_condition): Convert from svalue_id to
4695 const svalue *.
4696 (region_model::eval_condition_without_cm): Likewise.
4697 (region_model::compare_initial_and_pointer): New.
4698 (region_model:maybe_get_constant): Delete.
4699 (region_model::add_new_malloc_region): Delete.
4700 (region_model::get_representative_tree): Convert from svalue_id to
4701 const svalue *.
4702 (region_model::get_representative_path_var): Delete decl taking a
4703 region_id in favor of two decls, for svalue vs region, with an
4704 svalue_set to ensure termination.
4705 (region_model::get_path_vars_for_svalue): Delete.
4706 (region_model::create_region_for_heap_alloc): New.
4707 (region_model::create_region_for_alloca): New.
4708 (region_model::purge_unused_svalues): Delete.
4709 (region_model::remap_svalue_ids): Delete.
4710 (region_model::remap_region_ids): Delete.
4711 (region_model::purge_regions): Delete.
4712 (region_model::get_num_svalues): Delete.
4713 (region_model::get_num_regions): Delete.
4714 (region_model::get_descendents): Delete.
4715 (region_model::get_store): New.
4716 (region_model::delete_region_and_descendents): Delete.
4717 (region_model::get_manager): New.
4718 (region_model::unbind_region_and_descendents): New.
4719 (region_model::can_merge_with_p): Add point param. Drop
4720 svalue_id_merger_mapping.
4721 (region_model::get_value_by_name): Delete.
4722 (region_model::convert_byte_offset_to_array_index): Delete.
4723 (region_model::get_or_create_mem_ref): Delete.
4724 (region_model::get_or_create_pointer_plus_expr): Delete.
4725 (region_model::get_or_create_view): Delete.
4726 (region_model::get_lvalue_1): Convert from region_id to
4727 const region *.
4728 (region_model::get_rvalue_1): Convert from svalue_id to
4729 const svalue *.
4730 (region_model::get_ssa_name_regions_for_current_frame): New.
4731 (region_model::append_ssa_names_cb): New.
4732 (region_model::get_store_value): New.
4733 (region_model::copy_struct_region): Delete.
4734 (region_model::copy_union_region): Delete.
4735 (region_model::copy_array_region): Delete.
4736 (region_model::region_exists_p): New.
4737 (region_model::make_region_for_unexpected_tree_code): Delete.
4738 (region_model::loop_replay_fixup): New.
4739 (region_model::poison_any_pointers_to_bad_regions): Delete.
4740 (region_model::poison_any_pointers_to_descendents): New.
4741 (region_model::dump_summary_of_rep_path_vars): Delete.
4742 (region_model::on_top_level_param): New.
4743 (region_model::record_dynamic_extents): New.
4744 (region_model::m_mgr;): New.
4745 (region_model::m_store;): New.
4746 (region_model::m_svalues;): Delete.
4747 (region_model::m_regions;): Delete.
4748 (region_model::m_root_rid;): Delete.
4749 (region_model::m_current_frame;): New.
4750 (region_model_context::remap_svalue_ids): Delete.
4751 (region_model_context::can_purge_p): Delete.
4752 (region_model_context::on_svalue_leak): New.
4753 (region_model_context::on_svalue_purge): Delete.
4754 (region_model_context::on_liveness_change): New.
4755 (region_model_context::on_inherited_svalue): Delete.
4756 (region_model_context::on_cast): Delete.
4757 (region_model_context::on_unknown_change): Convert from svalue_id to
4758 const svalue * and add is_mutable.
4759 (class noop_region_model_context): Update for region_model_context
4760 changes.
4761 (model_merger::model_merger): Add program_point. Drop
4762 svalue_id_merger_mapping.
4763 (model_merger::dump_to_pp): Add "simple" param.
4764 (model_merger::dump): Likewise.
4765 (model_merger::get_region_a): Delete.
4766 (model_merger::get_region_b): Delete.
4767 (model_merger::can_merge_values_p): Delete.
4768 (model_merger::record_regions): Delete.
4769 (model_merger::record_svalues): Delete.
4770 (model_merger::m_point): New field.
4771 (model_merger::m_map_regions_from_a_to_m): Delete.
4772 (model_merger::m_map_regions_from_b_to_m): Delete.
4773 (model_merger::m_sid_mapping): Delete.
4774 (struct svalue_id_merger_mapping): Delete.
4775 (class engine): New.
4776 (struct canonicalization): Delete.
4777 (inchash::add): Delete decls for hashing svalue_id and region_id.
4778 (test_region_model_context::on_unexpected_tree_code): Require t to
4779 be non-NULL.
4780 (selftest::assert_condition): Add overload comparing a pair of
4781 const svalue *.
4782 * sm-file.cc: Include "tristate.h", "selftest.h",
4783 "analyzer/call-string.h", "analyzer/program-point.h",
4784 "analyzer/store.h", and "analyzer/region-model.h".
4785 (fileptr_state_machine::get_default_state): New.
4786 (fileptr_state_machine::on_stmt): Remove calls to
4787 get_readable_tree in favor of get_diagnostic_tree.
4788 * sm-malloc.cc: Include "tristate.h", "selftest.h",
4789 "analyzer/call-string.h", "analyzer/program-point.h",
4790 "analyzer/store.h", and "analyzer/region-model.h".
4791 (malloc_state_machine::get_default_state): New.
4792 (malloc_state_machine::reset_when_passed_to_unknown_fn_p): New.
4793 (malloc_diagnostic::describe_state_change): Handle change.m_expr
4794 being NULL.
4795 (null_arg::emit): Avoid printing "NULL '0'".
4796 (null_arg::describe_final_event): Avoid printing "(0) NULL".
4797 (malloc_leak::emit): Handle m_arg being NULL.
4798 (malloc_leak::describe_final_event): Handle ev.m_expr being NULL.
4799 (malloc_state_machine::on_stmt): Don't call get_readable_tree.
4800 Call get_diagnostic_tree when creating pending diagnostics.
4801 Update for is_zero_assignment becoming a member function of
4802 sm_ctxt.
4803 Don't transition to m_non_heap for ADDR_EXPR(MEM_REF()).
4804 (malloc_state_machine::reset_when_passed_to_unknown_fn_p): New
4805 vfunc implementation.
4806 * sm-sensitive.cc (sensitive_state_machine::warn_for_any_exposure): Call
4807 get_diagnostic_tree and pass the result to warn_for_state.
4808 * sm-signal.cc: Move includes of "analyzer/call-string.h" and
4809 "analyzer/program-point.h" to before "analyzer/region-model.h",
4810 and also include "analyzer/store.h" before it.
4811 (signal_unsafe_call::describe_state_change): Use
4812 get_dest_function to get handler.
4813 (update_model_for_signal_handler): Pass manager to region_model
4814 ctor.
4815 (register_signal_handler::impl_transition): Update for changes to
4816 get_or_create_node and add_edge.
4817 * sm-taint.cc (taint_state_machine::on_stmt): Remove calls to
4818 get_readable_tree, replacing them when calling warn_for_state with
4819 calls to get_diagnostic_tree.
4820 * sm.cc (is_zero_assignment): Delete.
4821 (any_pointer_p): Move to within namespace ana.
4822 * sm.h (is_zero_assignment): Remove decl.
4823 (any_pointer_p): Move decl to within namespace ana.
4824 (state_machine::get_default_state): New vfunc.
4825 (state_machine::reset_when_passed_to_unknown_fn_p): New vfunc.
4826 (sm_context::get_readable_tree): Rename to...
4827 (sm_context::get_diagnostic_tree): ...this.
4828 (sm_context::is_zero_assignment): New vfunc.
4829 * store.cc: New file.
4830 * store.h: New file.
4831 * svalue.cc: New file.
4832
2221fb6f
MW		 48332020-05-22 Mark Wielaard <mark@klomp.org>
4834
4835 * sm-signal.cc(signal_unsafe_call::emit): Possibly add
4836 gcc_rich_location note for replacement.
4837 (signal_unsafe_call::get_replacement_fn): New private function.
4838 (get_async_signal_unsafe_fns): Add "exit".
4839
5eae0ac7
DM		 48402020-04-28 David Malcolm <dmalcolm@redhat.com>
4841
4842 PR analyzer/94816
4843 * engine.cc (impl_region_model_context::on_unexpected_tree_code):
4844 Handle NULL tree.
4845 * region-model.cc (region_model::add_region_for_type): Handle
4846 NULL type.
4847 * region-model.h
4848 (test_region_model_context::on_unexpected_tree_code): Handle NULL
4849 tree.
4850
78b97837
DM		 48512020-04-28 David Malcolm <dmalcolm@redhat.com>
4852
4853 PR analyzer/94447
4854 PR analyzer/94639
4855 PR analyzer/94732
4856 PR analyzer/94754
4857 * analyzer.opt (Wanalyzer-use-of-uninitialized-value): Delete.
4858 * program-state.cc (selftest::test_program_state_dumping): Update
4859 expected dump result for removal of "uninit".
4860 * region-model.cc (poison_kind_to_str): Delete POISON_KIND_UNINIT
4861 case.
4862 (root_region::ensure_stack_region): Initialize stack with null
4863 svalue_id rather than with a typeless POISON_KIND_UNINIT value.
4864 (root_region::ensure_heap_region): Likewise for the heap.
4865 (region_model::dump_summary_of_rep_path_vars): Remove
4866 summarization of uninit values.
4867 (region_model::validate): Remove check that the stack has a
4868 POISON_KIND_UNINIT value.
4869 (poisoned_value_diagnostic::emit): Remove POISON_KIND_UNINIT
4870 case.
4871 (poisoned_value_diagnostic::describe_final_event): Likewise.
4872 (selftest::test_dump): Update expected dump result for removal of
4873 "uninit".
4874 (selftest::test_svalue_equality): Remove "uninit" and "freed".
4875 * region-model.h (enum poison_kind): Remove POISON_KIND_UNINIT.
4876
a96f1c38
DM		 48772020-04-01 David Malcolm <dmalcolm@redhat.com>
4878
4879 PR analyzer/94378
4880 * checker-path.cc: Include "bitmap.h".
4881 * constraint-manager.cc: Likewise.
4882 * diagnostic-manager.cc: Likewise.
4883 * engine.cc: Likewise.
4884 (exploded_node::detect_leaks): Pass null region_id to pop_frame.
4885 * program-point.cc: Include "bitmap.h".
4886 * program-state.cc: Likewise.
4887 * region-model.cc (id_set<region_id>::id_set): Convert to...
4888 (region_id_set::region_id_set): ...this.
4889 (svalue_id_set::svalue_id_set): New ctor.
4890 (region_model::copy_region): New function.
4891 (region_model::copy_struct_region): New function.
4892 (region_model::copy_union_region): New function.
4893 (region_model::copy_array_region): New function.
4894 (stack_region::pop_frame): Drop return value. Add
4895 "result_dst_rid" param; if it is non-null, use copy_region to copy
4896 the result to it. Rather than capture and pass a single "known
4897 used" return value to be used by purge_unused_values, instead
4898 gather and pass a set of known used return values.
4899 (root_region::pop_frame): Drop return value. Add "result_dst_rid"
4900 param.
4901 (region_model::on_assignment): Use copy_region.
4902 (region_model::on_return): Likewise for the result.
4903 (region_model::on_longjmp): Pass null for pop_frame's
4904 result_dst_rid.
4905 (region_model::update_for_return_superedge): Pass the region for the
4906 return value of the call, if any, to pop_frame, rather than setting
4907 the lvalue for the lhs of the result.
4908 (region_model::pop_frame): Drop return value. Add
4909 "result_dst_rid" param.
4910 (region_model::purge_unused_svalues): Convert third param from an
4911 svalue_id * to an svalue_id_set *, updating the initial populating
4912 of the "used" bitmap accordingly. Don't remap it when done.
4913 (struct selftest::coord_test): New selftest fixture, extracted from...
4914 (selftest::test_dump_2): ...here.
4915 (selftest::test_compound_assignment): New selftest.
4916 (selftest::test_stack_frames): Pass null to new param of pop_frame.
4917 (selftest::analyzer_region_model_cc_tests): Call the new selftest.
4918 * region-model.h (class id_set): Delete template.
4919 (class region_id_set): Reimplement, using old id_set implementation.
4920 (class svalue_id_set): Likewise. Convert from auto_sbitmap to
4921 auto_bitmap.
4922 (region::get_active_view): New accessor.
4923 (stack_region::pop_frame): Drop return value. Add
4924 "result_dst_rid" param.
4925 (root_region::pop_frame): Likewise.
4926 (region_model::pop_frame): Likewise.
4927 (region_model::copy_region): New decl.
4928 (region_model::purge_unused_svalues): Convert third param from an
4929 svalue_id * to an svalue_id_set *.
4930 (region_model::copy_struct_region): New decl.
4931 (region_model::copy_union_region): New decl.
4932 (region_model::copy_array_region): New decl.
4933
6969ac30
DM		 49342020-03-27 David Malcolm <dmalcolm@redhat.com>
4935
4936 * program-state.cc (selftest::test_program_state_dumping): Update
4937 expected dump to include symbolic_region's possibly_null field.
4938 * region-model.cc (symbolic_region::print_fields): New vfunc
4939 implementation.
4940 (region_model::add_constraint): Clear m_possibly_null from
4941 symbolic_regions now known to be non-NULL.
4942 (selftest::test_malloc_constraints): New selftest.
4943 (selftest::analyzer_region_model_cc_tests): Call it.
4944 * region-model.h (region::dyn_cast_symbolic_region): Add non-const
4945 overload.
4946 (symbolic_region::dyn_cast_symbolic_region): Implement it.
4947 (symbolic_region::print_fields): New vfunc override decl.
4948
42c63313
DM		 49492020-03-27 David Malcolm <dmalcolm@redhat.com>
4950
4951 * analyzer.h (class feasibility_problem): New forward decl.
4952 * diagnostic-manager.cc (saved_diagnostic::saved_diagnostic):
4953 Initialize new fields m_status, m_epath_length, and m_problem.
4954 (saved_diagnostic::~saved_diagnostic): Delete m_problem.
4955 (dedupe_candidate::dedupe_candidate): Convert "sd" param from a
4956 const ref to a mutable ptr.
4957 (dedupe_winners::add): Convert "sd" param from a const ref to a
4958 mutable ptr. Record the length of the exploded_path. Record the
4959 feasibility/infeasibility of sd into sd, capturing a
4960 feasibility_problem when feasible_p fails, and storing it in sd.
4961 (diagnostic_manager::emit_saved_diagnostics): Update for pass by
4962 ptr rather than by const ref.
4963 * diagnostic-manager.h (class saved_diagnostic): Add new enum
4964 status. Add fields m_status, m_epath_length and m_problem.
4965 (saved_diagnostic::set_feasible): New member function.
4966 (saved_diagnostic::set_infeasible): New member function.
4967 (saved_diagnostic::get_feasibility_problem): New accessor.
4968 (saved_diagnostic::get_status): New accessor.
4969 (saved_diagnostic::set_epath_length): New member function.
4970 (saved_diagnostic::get_epath_length): New accessor.
4971 * engine.cc: Include "gimple-pretty-print.h".
4972 (exploded_path::feasible_p): Add OUT param and, if non-NULL, write
4973 a new feasibility_problem to it on failure.
4974 (viz_callgraph_node::dump_dot): Convert begin_tr calls to
4975 begin_trtd. Convert end_tr calls to end_tdtr.
4976 (class exploded_graph_annotator): New subclass of dot_annotator.
4977 (impl_run_checkers): Add a second -fdump-analyzer-supergraph dump
4978 after the analysis runs, using exploded_graph_annotator. dumping
4979 to DUMP_BASE_NAME.supergraph-eg.dot.
4980 * exploded-graph.h (exploded_node::get_dot_fillcolor): Make
4981 public.
4982 (exploded_path::feasible_p): Add OUT param.
4983 (class feasibility_problem): New class.
4984 * state-purge.cc (state_purge_annotator::add_node_annotations):
4985 Return a bool, add a "within_table" param.
4986 (print_vec_of_names): Convert begin_tr calls to begin_trtd.
4987 Convert end_tr calls to end_tdtr.
4988 (state_purge_annotator::add_stmt_annotations): Add "within_row"
4989 param.
4990 * state-purge.h ((state_purge_annotator::add_node_annotations):
4991 Return a bool, add a "within_table" param.
4992 (state_purge_annotator::add_stmt_annotations): Add "within_row"
4993 param.
4994 * supergraph.cc (supernode::dump_dot): Call add_node_annotations
4995 twice: as before, passing false for "within_table", then again
4996 with true when within the TABLE element. Convert some begin_tr
4997 calls to begin_trtd, and some end_tr calls to end_tdtr.
4998 Repeat each add_stmt_annotations call, distinguishing between
4999 calls that add TRs and those that add TDs to an existing TR.
5000 Add a call to add_after_node_annotations.
5001 * supergraph.h (dot_annotator::add_node_annotations): Add a
5002 "within_table" param.
5003 (dot_annotator::add_stmt_annotations): Add a "within_row" param.
5004 (dot_annotator::add_after_node_annotations): New vfunc.
5005
8f023575
DM		 50062020-03-27 David Malcolm <dmalcolm@redhat.com>
5007
5008 * diagnostic-manager.cc (dedupe_winners::add): Show the
5009 exploded_node index in the log messages.
5010 (diagnostic_manager::emit_saved_diagnostics): Log a summary of
5011 m_saved_diagnostics at entry.
5012
4d661bb7
DM		 50132020-03-27 David Malcolm <dmalcolm@redhat.com>
5014
5015 * supergraph.cc (superedge::dump): Add space before description;
5016 move newline to non-pretty_printer overload.
5017
884d9141
DM		 50182020-03-18 David Malcolm <dmalcolm@redhat.com>
5019
5020 * region-model.cc: Include "stor-layout.h".
5021 (region_model::dump_to_pp): Rather than calling
5022 dump_summary_of_map on each of the current frame and the globals,
5023 instead get a vec of representative path_vars for all regions,
5024 and then dump a summary of all of them.
5025 (region_model::dump_summary_of_map): Delete, rewriting into...
5026 (region_model::dump_summary_of_rep_path_vars): ...this new
5027 function, working on a vec of path_vars.
5028 (region_model::set_value): New overload.
5029 (region_model::get_representative_path_var): Rename
5030 "parent_region" local to "parent_reg" and consolidate with other
5031 local. Guard test for grandparent being stack on parent_reg being
5032 non-NULL. Move handling for parent being an array_region to
5033 within guard for parent_reg being non-NULL.
5034 (selftest::make_test_compound_type): New function.
5035 (selftest::test_dump_2): New selftest.
5036 (selftest::test_dump_3): New selftest.
5037 (selftest::test_stack_frames): Update expected output from
5038 simplified dump to show "a" and "b" from parent frame and "y" in
5039 child frame.
5040 (selftest::analyzer_region_model_cc_tests): Call test_dump_2 and
5041 test_dump_3.
5042 * region-model.h (region_model::set_value): New overload decl.
5043 (region_model::dump_summary_of_map): Delete.
5044 (region_model::dump_summary_of_rep_path_vars): New.
5045
7d9c107a
DM		 50462020-03-18 David Malcolm <dmalcolm@redhat.com>
5047
5048 * region-model.h (class noop_region_model_context): New subclass
5049 of region_model_context.
5050 (class tentative_region_model_context): Inherit from
5051 noop_region_model_context rather than from region_model_context;
5052 drop redundant vfunc implementations.
5053 (class test_region_model_context): Likewise.
5054
0db2cd17
DM		 50552020-03-18 David Malcolm <dmalcolm@redhat.com>
5056
5057 * engine.cc (exploded_node::exploded_node): Move implementation
5058 here from header; accept point_and_state by const reference rather
5059 than by value.
5060 * exploded-graph.h (exploded_node::exploded_node): Pass
5061 point_and_state by const reference rather than by value. Move
5062 body to engine.cc.
5063
d5029d45
JJ		 50642020-03-18 Jakub Jelinek <jakub@redhat.com>
5065
5066 * sm-malloc.cc (malloc_state_machine::on_stmt): Fix up duplicated word
5067 issue in a comment.
5068 * region-model.cc (region_model::make_region_for_unexpected_tree_code,
5069 region_model::delete_region_and_descendents): Likewise.
5070 * engine.cc (class exploded_cluster): Likewise.
5071 * diagnostic-manager.cc (class path_builder): Likewise.
5072
5c048755
DM		 50732020-03-13 David Malcolm <dmalcolm@redhat.com>
5074
5075 PR analyzer/94099
5076 PR analyzer/94105
5077 * diagnostic-manager.cc (for_each_state_change): Bulletproof
5078 against errors in get_rvalue by passing a
5079 tentative_region_model_context and rejecting if there's an error.
5080 * region-model.cc (region_model::get_lvalue_1): When handling
5081 ARRAY_REF, handle results of error-handling. Handle NOP_EXPR.
5082
90f7c300
DM		 50832020-03-06 David Malcolm <dmalcolm@redhat.com>
5084
5085 * analyzer.h (class array_region): New forward decl.
5086 * program-state.cc (selftest::test_program_state_dumping_2): New.
5087 (selftest::analyzer_program_state_cc_tests): Call it.
5088 * region-model.cc (array_region::constant_from_key): New.
5089 (region_model::get_representative_tree): Handle region_svalue by
5090 generating an ADDR_EXPR.
5091 (region_model::get_representative_path_var): In view handling,
5092 remove erroneous TREE_TYPE when determining the type of the tree.
5093 Handle array regions and STRING_CST.
5094 (selftest::assert_dump_tree_eq): New.
5095 (ASSERT_DUMP_TREE_EQ): New macro.
5096 (selftest::test_get_representative_tree): New selftest.
5097 (selftest::analyzer_region_model_cc_tests): Call it.
5098 * region-model.h (region::dyn_cast_array_region): New vfunc.
5099 (array_region::dyn_cast_array_region): New vfunc implementation.
5100 (array_region::constant_from_key): New decl.
5101
41f99ba6
DM		 51022020-03-06 David Malcolm <dmalcolm@redhat.com>
5103
5104 * analyzer.h (dump_quoted_tree): New decl.
5105 * engine.cc (exploded_node::dump_dot): Pass region model to
5106 sm_state_map::print.
5107 * program-state.cc: Include diagnostic-core.h.
5108 (sm_state_map::print): Add "model" param and use it to print
5109 representative trees. Only print origin information if non-null.
5110 (sm_state_map::dump): Pass NULL for model to print call.
5111 (program_state::print): Pass region model to sm_state_map::print.
5112 (program_state::dump_to_pp): Use spaces rather than newlines when
5113 summarizing. Pass region_model to sm_state_map::print.
5114 (ana::selftest::assert_dump_eq): New function.
5115 (ASSERT_DUMP_EQ): New macro.
5116 (ana::selftest::test_program_state_dumping): New function.
5117 (ana::selftest::analyzer_program_state_cc_tests): Call it.
5118 * program-state.h (program_state::print): Add model param.
5119 * region-model.cc (dump_quoted_tree): New function.
5120 (map_region::print_fields): Use dump_quoted_tree rather than
5121 %qE to avoid lang-dependent output.
5122 (map_region::dump_child_label): Likewise.
5123 (region_model::dump_summary_of_map): For SK_REGION, when
5124 get_representative_path_var fails, print the region id rather than
5125 erroneously printing NULL.
5126 * sm.cc (state_machine::get_state_by_name): New function.
5127 * sm.h (state_machine::get_state_by_name): New decl.
5128
3c1645a3
DM		 51292020-03-04 David Malcolm <dmalcolm@redhat.com>
5130
5131 * region-model.cc (region::validate): Convert model param from ptr
5132 to reference. Update comment to reflect that it's now a vfunc.
5133 (map_region::validate): New vfunc implementation.
5134 (array_region::validate): New vfunc implementation.
5135 (stack_region::validate): New vfunc implementation.
5136 (root_region::validate): New vfunc implementation.
5137 (region_model::validate): Pass a reference rather than a pointer
5138 to the region::validate vfunc.
5139 * region-model.h (region::validate): Make virtual. Convert model
5140 param from ptr to reference.
5141 (map_region::validate): New vfunc decl.
5142 (array_region::validate): New vfunc decl.
5143 (stack_region::validate): New vfunc decl.
5144 (root_region::validate): New vfunc decl.
5145
e516294a
DM		 51462020-03-04 David Malcolm <dmalcolm@redhat.com>
5147
5148 PR analyzer/93993
5149 * region-model.cc (region_model::on_call_pre): Handle
5150 BUILT_IN_EXPECT and its variants.
5151 (region_model::add_any_constraints_from_ssa_def_stmt): Split out
5152 gassign handling into add_any_constraints_from_gassign; add gcall
5153 handling.
5154 (region_model::add_any_constraints_from_gassign): New function,
5155 based on the above. Add handling for NOP_EXPR.
5156 (region_model::add_any_constraints_from_gcall): New function.
5157 (region_model::get_representative_path_var): Handle views.
5158 * region-model.h
5159 (region_model::add_any_constraints_from_ssa_def_stmt): New decl.
5160 (region_model::add_any_constraints_from_gassign): New decl.
5161
3d66e153
DM		 51622020-03-04 David Malcolm <dmalcolm@redhat.com>
5163
5164 PR analyzer/93993
5165 * checker-path.h (state_change_event::get_lvalue): Add ctxt param
5166 and pass it to region_model::get_value call.
5167 * diagnostic-manager.cc (get_any_origin): Pass a
5168 tentative_region_model_context to the calls to get_lvalue and reject
5169 the comparison if errors occur.
5170 (can_be_expr_of_interest_p): New function.
5171 (diagnostic_manager::prune_for_sm_diagnostic): Replace checks for
5172 CONSTANT_CLASS_P with calls to update_for_unsuitable_sm_exprs.
5173 Pass a tentative_region_model_context to the calls to
5174 state_change_event::get_lvalue and reject the comparison if errors
5175 occur.
5176 (diagnostic_manager::update_for_unsuitable_sm_exprs): New.
5177 * diagnostic-manager.h
5178 (diagnostic_manager::update_for_unsuitable_sm_exprs): New decl.
5179 * region-model.h (class tentative_region_model_context): New class.
5180
13e3ba14
DM		 51812020-03-04 David Malcolm <dmalcolm@redhat.com>
5182
5183 * engine.cc (worklist::worklist): Remove unused field m_eg.
5184 (class viz_callgraph_edge): Remove unused field m_call_sedge.
5185 (class viz_callgraph): Remove unused field m_sg.
5186 * exploded-graph.h (worklist::::m_eg): Remove unused field.
5187
13b76912
DM		 51882020-03-02 David Malcolm <dmalcolm@redhat.com>
5189
5190 * analyzer.opt (fanalyzer-show-duplicate-count): New option.
5191 * diagnostic-manager.cc
5192 (diagnostic_manager::emit_saved_diagnostic): Use the above to
5193 guard the printing of the duplicate count.
5194
9f00b22f
DM		 51952020-03-02 David Malcolm <dmalcolm@redhat.com>
5196
5197 PR analyzer/93959
5198 * analyzer.cc (is_std_function_p): New function.
5199 (is_std_named_call_p): New functions.
5200 * analyzer.h (is_std_named_call_p): New decl.
5201 * sm-malloc.cc (malloc_state_machine::on_stmt): Check for "std::"
5202 variants when checking for malloc, calloc and free.
5203
71b633aa
DM		 52042020-02-26 David Malcolm <dmalcolm@redhat.com>
5205
5206 PR analyzer/93950
5207 * diagnostic-manager.cc
5208 (diagnostic_manager::prune_for_sm_diagnostic): Assert that var is
5209 either NULL or not a constant. When updating var, bulletproof
5210 against constant values.
5211
0ba70d1b
DM		 52122020-02-26 David Malcolm <dmalcolm@redhat.com>
5213
5214 PR analyzer/93947
5215 * region-model.cc (region_model::get_fndecl_for_call): Gracefully
5216 fail for fn_decls that don't have a cgraph_node.
5217
67fa274c
DM		 52182020-02-26 David Malcolm <dmalcolm@redhat.com>
5219
5220 * bar-chart.cc: New file.
5221 * bar-chart.h: New file.
5222 * engine.cc: Include "analyzer/bar-chart.h".
5223 (stats::log): Only log the m_num_nodes kinds that are non-zero.
5224 (stats::dump): Likewise when dumping.
5225 (stats::get_total_enodes): New.
5226 (exploded_graph::get_or_create_node): Increment the per-point-data
5227 m_excess_enodes when hitting the per-program-point limit on
5228 enodes.
5229 (exploded_graph::print_bar_charts): New.
5230 (exploded_graph::log_stats): Log the number of unprocessed enodes
5231 in the worklist. Call print_bar_charts.
5232 (exploded_graph::dump_stats): Print the number of unprocessed
5233 enodes in the worklist.
5234 * exploded-graph.h (stats::get_total_enodes): New decl.
5235 (struct per_program_point_data): Add field m_excess_enodes.
5236 (exploded_graph::print_bar_charts): New decl.
5237 * supergraph.cc (superedge::dump): New.
5238 (superedge::dump): New.
5239 * supergraph.h (supernode::get_function): New.
5240 (superedge::dump): New decl.
5241 (superedge::dump): New decl.
5242
f2ca2088
DM		 52432020-02-24 David Malcolm <dmalcolm@redhat.com>
5244
5245 * engine.cc (exploded_graph::get_or_create_node): Dump the
5246 program_state to the pp, rather than to stderr.
5247
b3d788a2
DM		 52482020-02-24 David Malcolm <dmalcolm@redhat.com>
5249
5250 PR analyzer/93032
5251 * sm.cc (make_checkers): Require the "taint" checker to be
5252 explicitly enabled.
5253
3a25f345
DM		 52542020-02-24 David Malcolm <dmalcolm@redhat.com>
5255
5256 PR analyzer/93899
5257 * engine.cc
5258 (impl_region_model_context::impl_region_model_context): Add logger
5259 param.
5260 * engine.cc (exploded_graph::add_function_entry): Create an
5261 impl_region_model_context and pass it to the push_frame call.
5262 Bail if the resulting state is invalid.
5263 (exploded_graph::build_initial_worklist): Likewise.
5264 (exploded_graph::build_initial_worklist): Handle the case where
5265 add_function_entry fails.
5266 * exploded-graph.h
5267 (impl_region_model_context::impl_region_model_context): Add logger
5268 param.
5269 * region-model.cc (map_region::get_or_create): Add ctxt param and
5270 pass it to add_region_for_type.
5271 (map_region::can_merge_p): Pass NULL as a ctxt to call to
5272 get_or_create.
5273 (array_region::get_element): Pass ctxt to call to get_or_create.
5274 (array_region::get_or_create): Add ctxt param and pass it to
5275 add_region_for_type.
5276 (root_region::push_frame): Pass ctxt to get_or_create calls.
5277 (region_model::get_lvalue_1): Likewise.
5278 (region_model::make_region_for_unexpected_tree_code): Assert that
5279 ctxt is non-NULL.
5280 (region_model::get_rvalue_1): Pass ctxt to get_svalue_for_fndecl
5281 and get_svalue_for_label calls.
5282 (region_model::get_svalue_for_fndecl): Add ctxt param and pass it
5283 to get_region_for_fndecl.
5284 (region_model::get_region_for_fndecl): Add ctxt param and pass it
5285 to get_or_create.
5286 (region_model::get_svalue_for_label): Add ctxt param and pass it
5287 to get_region_for_label.
5288 (region_model::get_region_for_label): Add ctxt param and pass it
5289 to get_region_for_fndecl and get_or_create.
5290 (region_model::get_field_region): Add ctxt param and pass it to
5291 get_or_create_view and get_or_create.
5292 (make_region_for_type): Replace gcc_unreachable with return NULL.
5293 (region_model::add_region_for_type): Add ctxt param. Handle a
5294 return of NULL from make_region_for_type by calling
5295 make_region_for_unexpected_tree_code.
5296 (region_model::get_or_create_mem_ref): Pass ctxt to calls to
5297 get_or_create_view.
5298 (region_model::get_or_create_view): Add ctxt param and pass it to
5299 add_region_for_type.
5300 (selftest::test_state_merging): Pass ctxt to get_or_create_view.
5301 * region-model.h (region_model::get_or_create): Add ctxt param.
5302 (region_model::add_region_for_type): Likewise.
5303 (region_model::get_svalue_for_fndecl): Likewise.
5304 (region_model::get_svalue_for_label): Likewise.
5305 (region_model::get_region_for_fndecl): Likewise.
5306 (region_model::get_region_for_label): Likewise.
5307 (region_model::get_field_region): Likewise.
5308 (region_model::get_or_create_view): Likewise.
5309
004f2c07
DM		 53102020-02-24 David Malcolm <dmalcolm@redhat.com>
5311
5312 * checker-path.cc (superedge_event::should_filter_p): Update
5313 filter for empty descriptions to cover verbosity level 3 as well
5314 as 2.
5315 * diagnostic-manager.cc: Include "analyzer/reachability.h".
5316 (class path_builder): New class.
5317 (diagnostic_manager::emit_saved_diagnostic): Create a path_builder
5318 and pass it to build_emission_path, rather passing eg; similarly
5319 for add_events_for_eedge and ext_state.
5320 (diagnostic_manager::build_emission_path): Replace "eg" param
5321 with a path_builder, pass it to add_events_for_eedge.
5322 (diagnostic_manager::add_events_for_eedge): Replace ext_state
5323 param with path_builder; pass it to add_events_for_superedge.
5324 (diagnostic_manager::significant_edge_p): New.
5325 (diagnostic_manager::add_events_for_superedge): Add path_builder
5326 param. Reject insignificant edges at verbosity levels below 3.
5327 (diagnostic_manager::prune_for_sm_diagnostic): Update highest
5328 verbosity level to 4.
5329 * diagnostic-manager.h (class path_builder): New forward decl.
5330 (diagnostic_manager::build_emission_path): Replace "eg" param
5331 with a path_builder.
5332 (diagnostic_manager::add_events_for_eedge): Replace ext_state
5333 param with path_builder.
5334 (diagnostic_manager::significant_edge_p): New.
5335 (diagnostic_manager::add_events_for_superedge): Add path_builder
5336 param.
5337 * reachability.h: New file.
5338
0b2b45a6
DM		 53392020-02-18 David Malcolm <dmalcolm@redhat.com>
5340
5341 PR analyzer/93692
5342 * analyzer.opt (fdump-analyzer-callgraph): Rewrite description.
5343
4f40164a
DM		 53442020-02-18 David Malcolm <dmalcolm@redhat.com>
5345
5346 PR analyzer/93777
5347 * region-model.cc (region_model::maybe_cast_1): Replace assertion
5348 that build_cast returns non-NULL with a conditional, falling
5349 through to the logic which returns a new unknown value of the
5350 desired type if it fails.
5351
2e623393
DM		 53522020-02-18 David Malcolm <dmalcolm@redhat.com>
5353
5354 PR analyzer/93778
5355 * engine.cc (impl_region_model_context::on_unknown_tree_code):
5356 Rename to...
5357 (impl_region_model_context::on_unexpected_tree_code): ...this and
5358 convert first argument from path_var to tree.
5359 (exploded_node::on_stmt): Pass ctxt to purge_for_unknown_fncall.
5360 * exploded-graph.h (region_model_context::on_unknown_tree_code):
5361 Rename to...
5362 (region_model_context::on_unexpected_tree_code): ...this and
5363 convert first argument from path_var to tree.
5364 * program-state.cc (sm_state_map::purge_for_unknown_fncall): Add
5365 ctxt param and pass on to calls to get_rvalue.
5366 * program-state.h (sm_state_map::purge_for_unknown_fncall): Add
5367 ctxt param.
5368 * region-model.cc (region_model::handle_unrecognized_call): Pass
5369 ctxt on to call to get_rvalue.
5370 (region_model::get_lvalue_1): Move body of default case to
5371 region_model::make_region_for_unexpected_tree_code and call it.
5372 Within COMPONENT_REF case, reject attempts to handle types other
5373 than RECORD_TYPE and UNION_TYPE.
5374 (region_model::make_region_for_unexpected_tree_code): New
5375 function, based on default case of region_model::get_lvalue_1.
5376 * region-model.h
5377 (region_model::make_region_for_unexpected_tree_code): New decl.
5378 (region_model::on_unknown_tree_code): Rename to...
5379 (region_model::on_unexpected_tree_code): ...this and convert first
5380 argument from path_var to tree.
5381 (class test_region_model_context): Update vfunc implementation for
5382 above change.
5383
a674c7b8
DM		 53842020-02-18 David Malcolm <dmalcolm@redhat.com>
5385
5386 PR analyzer/93774
5387 * region-model.cc
5388 (region_model::convert_byte_offset_to_array_index): Use
5389 int_size_in_bytes before calling size_in_bytes, to gracefully fail
5390 on incomplete types.
5391
d8cde6f9
DM		 53922020-02-17 David Malcolm <dmalcolm@redhat.com>
5393
5394 PR analyzer/93775
5395 * region-model.cc (region_model::get_fndecl_for_call): Handle the
5396 case where the code_region's get_tree_for_child_region returns
5397 NULL.
5398
f76a88eb
DM		 53992020-02-17 David Malcolm <dmalcolm@redhat.com>
5400
5401 PR analyzer/93388
5402 * engine.cc (impl_region_model_context::on_unknown_tree_code):
5403 New.
5404 (exploded_graph::get_or_create_node): Reject invalid states.
5405 * exploded-graph.h
5406 (impl_region_model_context::on_unknown_tree_code): New decl.
5407 (point_and_state::point_and_state): Assert that the state is
5408 valid.
5409 * program-state.cc (program_state::program_state): Initialize
5410 m_valid to true.
5411 (program_state::operator=): Copy m_valid.
5412 (program_state::program_state): Likewise for move constructor.
5413 (program_state::print): Print m_valid.
5414 (program_state::dump_to_pp): Likewise.
5415 * program-state.h (program_state::m_valid): New field.
5416 * region-model.cc (region_model::get_lvalue_1): Implement the
5417 default case by returning a new symbolic region and calling
5418 the context's on_unknown_tree_code, rather than issuing an
5419 internal_error. Implement VIEW_CONVERT_EXPR.
5420 * region-model.h (region_model_context::on_unknown_tree_code): New
5421 vfunc.
5422 (test_region_model_context::on_unknown_tree_code): New.
5423
0993ad65
DM		 54242020-02-17 David Malcolm <dmalcolm@redhat.com>
5425
5426 * sm-malloc.cc (malloc_diagnostic::describe_state_change): For
5427 transition to the "null" state, only say "assuming" when
5428 transitioning from the "unchecked" state.
5429
67098787
DM		 54302020-02-17 David Malcolm <dmalcolm@redhat.com>
5431
5432 * diagnostic-manager.h (diagnostic_manager::get_saved_diagnostic):
5433 Add const overload.
5434 * engine.cc (exploded_node::dump_dot): Dump saved_diagnostics.
5435 * exploded-graph.h (exploded_graph::get_diagnostic_manager): Add
5436 const overload.
5437
91f993b7
DM		 54382020-02-11 David Malcolm <dmalcolm@redhat.com>
5439
5440 PR analyzer/93288
5441 * analysis-plan.cc (analysis_plan::use_summary_p): Look through
5442 the ultimate_alias_target when getting the called function.
5443 * engine.cc (exploded_node::on_stmt): Rename second "ctxt" to
5444 "sm_ctxt". Use the region_model's get_fndecl_for_call rather than
5445 gimple_call_fndecl.
5446 * region-model.cc (region_model::get_fndecl_for_call): Use
5447 ultimate_alias_target on fndecl.
5448 * supergraph.cc (get_ultimate_function_for_cgraph_edge): New
5449 function.
5450 (supergraph_call_edge): Use it when rejecting edges without
5451 functions.
5452 (supergraph::supergraph): Use it to get the function for the
5453 cgraph_edge when building interprocedural superedges.
5454 (callgraph_superedge::get_callee_function): Use it.
5455 * supergraph.h (supergraph::get_num_snodes): Make param const.
5456 (supergraph::function_to_num_snodes_t): Make first type param
5457 const.
5458
a60d9889
DM		 54592020-02-11 David Malcolm <dmalcolm@redhat.com>
5460
5461 PR analyzer/93374
5462 * engine.cc (exploded_edge::exploded_edge): Add ext_state param
5463 and pass it to change.validate.
5464 (exploded_graph::get_or_create_node): Move purging of change
5465 svalues to also cover the case of reusing an existing enode.
5466 (exploded_graph::add_edge): Pass m_ext_state to exploded_edge's
5467 ctor.
5468 * exploded-graph.h (exploded_edge::exploded_edge): Add ext_state
5469 param.
5470 * program-state.cc (state_change::sm_change::validate): Likewise.
5471 Assert that m_sm_idx is sane. Use ext_state to validate
5472 m_old_state and m_new_state.
5473 (state_change::validate): Add ext_state param and pass it to
5474 the sm_change validate calls.
5475 * program-state.h (state_change::sm_change::validate): Add
5476 ext_state param.
5477 (state_change::validate): Likewise.
5478
a0e4929b
DM		 54792020-02-11 David Malcolm <dmalcolm@redhat.com>
5480
5481 PR analyzer/93669
5482 * engine.cc (exploded_graph::dump_exploded_nodes): Handle missing
5483 case of STATUS_WORKLIST in implementation of
5484 "__analyzer_dump_exploded_nodes".
5485
cd28b759
DM		 54862020-02-11 David Malcolm <dmalcolm@redhat.com>
5487
5488 PR analyzer/93649
5489 * constraint-manager.cc (constraint_manager::add_constraint): When
5490 merging equivalence classes and updating m_constant, also update
5491 m_cst_sid.
5492 (constraint_manager::validate): If m_constant is non-NULL assert
5493 that m_cst_sid is non-null and is valid.
5494
5e17c1bd
DM		 54952020-02-11 David Malcolm <dmalcolm@redhat.com>
5496
5497 PR analyzer/93657
5498 * analyzer.opt (fdump-analyzer): Reword description.
5499 (fdump-analyzer-stderr): Likewise.
5500
c46d057f
DM		 55012020-02-11 David Malcolm <dmalcolm@redhat.com>
5502
5503 * region-model.cc (print_quoted_type): New function.
5504 (svalue::print): Use it to replace %qT.
5505 (region::dump_to_pp): Likewise.
5506 (region::dump_child_label): Likewise.
5507 (region::print_fields): Likewise.
5508
eb031d4b
DM		 55092020-02-10 David Malcolm <dmalcolm@redhat.com>
5510
5511 PR analyzer/93659
5512 * analyzer.opt (-param=analyzer-max-recursion-depth=): Fix "tha"
5513 -> "that" typo.
5514 (Wanalyzer-use-of-uninitialized-value): Fix "initialized" ->
5515 "uninitialized" typo.
5516
e87deb37
DM		 55172020-02-10 David Malcolm <dmalcolm@redhat.com>
5518
5519 PR analyzer/93350
5520 * region-model.cc (region_model::get_lvalue_1):
5521 Handle BIT_FIELD_REF.
5522 (make_region_for_type): Handle VECTOR_TYPE.
5523
e953f958
DM		 55242020-02-10 David Malcolm <dmalcolm@redhat.com>
5525
5526 PR analyzer/93647
5527 * diagnostic-manager.cc
5528 (diagnostic_manager::prune_for_sm_diagnostic): Bulletproof against
5529 VAR being constant.
5530 * region-model.cc (region_model::get_lvalue_1): Provide a better
5531 error message when encountering an unhandled tree code.
5532
41a9e940
DM		 55332020-02-10 David Malcolm <dmalcolm@redhat.com>
5534
5535 PR analyzer/93405
5536 * region-model.cc (region_model::get_lvalue_1): Implement
5537 CONST_DECL.
5538
cb273d81
DM		 55392020-02-06 David Malcolm <dmalcolm@redhat.com>
5540
5541 * region-model.cc (region_model::maybe_cast_1): Attempt to provide
5542 a region_svalue if either type is a pointer, rather than if both
5543 types are pointers.
5544
a4d3bfc0
DM		 55452020-02-05 David Malcolm <dmalcolm@redhat.com>
5546
5547 * engine.cc (exploded_node::dump_dot): Show merger enodes.
5548 (worklist::add_node): Assert that the node's m_status is
5549 STATUS_WORKLIST.
5550 (exploded_graph::process_worklist): Likewise for nodes from the
5551 worklist. Set status of merged nodes to STATUS_MERGER.
5552 (exploded_graph::process_node): Set status of node to
5553 STATUS_PROCESSED.
5554 (exploded_graph::dump_exploded_nodes): Rework handling of
5555 "__analyzer_dump_exploded_nodes", splitting enodes by status into
5556 "processed" and "merger", showing the count of just the processed
5557 enodes at the call, rather than the count of all enodes.
5558 * exploded-graph.h (exploded_node::status): New enum.
5559 (exploded_node::exploded_node): Initialize m_status to
5560 STATUS_WORKLIST.
5561 (exploded_node::get_status): New getter.
5562 (exploded_node::set_status): New setter.
5563
1dae549d
DM		 55642020-02-04 David Malcolm <dmalcolm@redhat.com>
5565
5566 PR analyzer/93543
5567 * engine.cc (pod_hash_traits<function_call_string>::mark_empty):
5568 Eliminate reinterpret_cast.
5569 (pod_hash_traits<function_call_string>::is_empty): Likewise.
5570
833f1e66
DM		 55712020-02-03 David Malcolm <dmalcolm@redhat.com>
5572
5573 * constraint-manager.cc (range::constrained_to_single_element):
5574 Replace fold_build2 with fold_binary. Remove unnecessary newline.
5575 (constraint_manager::get_or_add_equiv_class): Replace fold_build2
5576 with fold_binary in two places, and remove out-of-date comment.
5577 (constraint_manager::eval_condition): Replace fold_build2 with
5578 fold_binary.
5579 * region-model.cc (constant_svalue::eval_condition): Likewise.
5580 (region_model::on_assignment): Likewise.
5581
8525d1f5
DM		 55822020-02-03 David Malcolm <dmalcolm@redhat.com>
5583
5584 PR analyzer/93544
5585 * diagnostic-manager.cc
5586 (diagnostic_manager::prune_for_sm_diagnostic): Bulletproof
5587 against bad choices due to bad paths.
5588 * engine.cc (impl_region_model_context::on_phi): New.
5589 * exploded-graph.h (impl_region_model_context::on_phi): New decl.
5590 * region-model.cc (region_model::on_longjmp): Likewise.
5591 (region_model::handle_phi): Add phi param. Call the ctxt's on_phi
5592 vfunc.
5593 (region_model::update_for_phis): Pass phi to handle_phi.
5594 * region-model.h (region_model::handle_phi): Add phi param.
5595 (region_model_context::on_phi): New vfunc.
5596 (test_region_model_context::on_phi): New.
5597 * sm-malloc.cc (malloc_state_machine::on_phi): New.
5598 (malloc_state_machine::on_zero_assignment): New.
5599 * sm.h (state_machine::on_phi): New vfunc.
5600
73f38658
DM		 56012020-02-03 David Malcolm <dmalcolm@redhat.com>
5602
5603 * engine.cc (supernode_cluster::dump_dot): Show BB index as
5604 well as SN index.
5605 * supergraph.cc (supernode::dump_dot): Likewise.
5606
5e10b9a2
DM		 56072020-02-03 David Malcolm <dmalcolm@redhat.com>
5608
5609 PR analyzer/93546
5610 * region-model.cc (region_model::on_call_pre): Update for new
5611 param of symbolic_region ctor.
5612 (region_model::deref_rvalue): Likewise.
5613 (region_model::add_new_malloc_region): Likewise.
5614 (make_region_for_type): Likewise, preserving type.
5615 * region-model.h (symbolic_region::symbolic_region): Add "type"
5616 param and pass it to base class ctor.
5617
287ccd3b
DM		 56182020-02-03 David Malcolm <dmalcolm@redhat.com>
5619
5620 PR analyzer/93547
5621 * constraint-manager.cc
5622 (constraint_manager::get_or_add_equiv_class): Ensure types are
5623 compatible before comparing constants.
5624
67751724
DM		 56252020-01-31 David Malcolm <dmalcolm@redhat.com>
5626
5627 PR analyzer/93457
5628 * region-model.cc (make_region_for_type): Use VOID_TYPE_P rather
5629 than checking against void_type_node.
5630
09bea584
DM		 56312020-01-31 David Malcolm <dmalcolm@redhat.com>
5632
5633 PR analyzer/93373
5634 * region-model.cc (ASSERT_COMPAT_TYPES): Convert to...
5635 (assert_compat_types): ...this, and bail when either type is NULL,
5636 or when VOID_TYPE_P (dst_type).
5637 (region_model::get_lvalue): Update for above conversion.
5638 (region_model::get_rvalue): Likewise.
5639
f1c807e8
DM		 56402020-01-31 David Malcolm <dmalcolm@redhat.com>
5641
5642 PR analyzer/93379
5643 * region-model.cc (region_model::update_for_return_superedge):
5644 Move check for null result so that it also guards setting the
5645 lhs.
5646
455f58ec
DM		 56472020-01-31 David Malcolm <dmalcolm@redhat.com>
5648
5649 PR analyzer/93438
5650 * region-model.cc (stack_region::can_merge_p): Split into a two
5651 pass approach, creating all stack regions first, then populating
5652 them.
5653 (selftest::test_state_merging): Add test coverage for (a) the case
5654 of self-merging a model in which a local in an older stack frame
5655 points to a local in a more recent stack frame (which previously
5656 would ICE), and (b) the case of self-merging a model in which a
5657 local points to a global (which previously worked OK).
5658
182ce042
DM		 56592020-01-31 David Malcolm <dmalcolm@redhat.com>
5660
5661 * analyzer.cc (is_named_call_p): Replace tests for fndecl being
5662 extern at file scope and having a non-NULL DECL_NAME with a call
5663 to maybe_special_function_p.
5664 * function-set.cc (function_set::contains_decl_p): Add call to
5665 maybe_special_function_p.
5666
45eb3e49
DM		 56672020-01-31 David Malcolm <dmalcolm@redhat.com>
5668
5669 PR analyzer/93450
5670 * constraint-manager.cc
5671 (constraint_manager::get_or_add_equiv_class): Only compare constants
5672 if their types are compatible.
5673 * region-model.cc (constant_svalue::eval_condition): Replace check
5674 for identical types with call to types_compatible_p.
5675
42f36563
DM		 56762020-01-30 David Malcolm <dmalcolm@redhat.com>
5677
5678 * program-state.cc (extrinsic_state::dump_to_pp): New.
5679 (extrinsic_state::dump_to_file): New.
5680 (extrinsic_state::dump): New.
5681 * program-state.h (extrinsic_state::dump_to_pp): New decl.
5682 (extrinsic_state::dump_to_file): New decl.
5683 (extrinsic_state::dump): New decl.
5684 * sm.cc: Include "pretty-print.h".
5685 (state_machine::dump_to_pp): New.
5686 * sm.h (state_machine::dump_to_pp): New decl.
5687
ebe9174e
DM		 56882020-01-30 David Malcolm <dmalcolm@redhat.com>
5689
5690 * diagnostic-manager.cc (for_each_state_change): Use
5691 extrinsic_state::get_num_checkers rather than accessing m_checkers
5692 directly.
5693 * program-state.cc (program_state::program_state): Likewise.
5694 * program-state.h (extrinsic_state::m_checkers): Make private.
5695
e978955d
DM		 56962020-01-30 David Malcolm <dmalcolm@redhat.com>
5697
5698 PR analyzer/93356
5699 * region-model.cc (region_model::eval_condition): In both
5700 overloads, bail out immediately on floating-point types.
5701 (region_model::eval_condition_without_cm): Likewise.
5702 (region_model::add_constraint): Likewise.
5703
d177c49c
DM		 57042020-01-30 David Malcolm <dmalcolm@redhat.com>
5705
5706 PR analyzer/93450
5707 * program-state.cc (sm_state_map::set_state): For the overload
5708 taking an svalue_id, bail out if the set_state on the ec does
5709 nothing. Convert the latter's return type from void to bool,
5710 returning true if anything changed.
5711 (sm_state_map::impl_set_state): Convert the return type from void
5712 to bool, returning true if the state changed.
5713 * program-state.h (sm_state_map::set_state): Convert return type
5714 from void to bool.
5715 (sm_state_map::impl_set_state): Likewise.
5716 * region-model.cc (constant_svalue::eval_condition): Only call
5717 fold_build2 if the types are the same.
5718
7892ff37
JJ		 57192020-01-29 Jakub Jelinek <jakub@redhat.com>
5720
5721 * analyzer.h (PUSH_IGNORE_WFORMAT, POP_IGNORE_WFORMAT): Remove.
5722 * constraint-manager.cc: Include diagnostic-core.h before graphviz.h.
5723 (range::dump, equiv_class::print): Don't use PUSH_IGNORE_WFORMAT or
5724 POP_IGNORE_WFORMAT.
5725 * state-purge.cc: Include diagnostic-core.h before
5726 gimple-pretty-print.h.
5727 (state_purge_annotator::add_node_annotations, print_vec_of_names):
5728 Don't use PUSH_IGNORE_WFORMAT or POP_IGNORE_WFORMAT.
5729 * region-model.cc: Move diagnostic-core.h include before graphviz.h.
5730 (path_var::dump, svalue::print, constant_svalue::print_details,
5731 region::dump_to_pp, region::dump_child_label, region::print_fields,
5732 map_region::print_fields, map_region::dump_dot_to_pp,
5733 map_region::dump_child_label, array_region::print_fields,
5734 array_region::dump_dot_to_pp): Don't use PUSH_IGNORE_WFORMAT or
5735 POP_IGNORE_WFORMAT.
5736
5aebfb71
DM		 57372020-01-28 David Malcolm <dmalcolm@redhat.com>
5738
5739 PR analyzer/93316
5740 * engine.cc (rewind_info_t::update_model): Get the longjmp call
5741 stmt via get_longjmp_call () rather than assuming it is the last
5742 stmt in the longjmp's supernode.
5743 (rewind_info_t::add_events_to_path): Get the location_t for the
5744 rewind_from_longjmp_event via get_longjmp_call () rather than from
5745 the supernode's get_end_location ().
5746
6c8e5844
DM		 57472020-01-28 David Malcolm <dmalcolm@redhat.com>
5748
5749 * region-model.cc (poisoned_value_diagnostic::emit): Update for
5750 renaming of warning_at overload to warning_meta.
5751 * sm-file.cc (file_leak::emit): Likewise.
5752 * sm-malloc.cc (double_free::emit): Likewise.
5753 (possible_null_deref::emit): Likewise.
5754 (possible_null_arg::emit): Likewise.
5755 (null_deref::emit): Likewise.
5756 (null_arg::emit): Likewise.
5757 (use_after_free::emit): Likewise.
5758 (malloc_leak::emit): Likewise.
5759 (free_of_non_heap::emit): Likewise.
5760 * sm-sensitive.cc (exposure_through_output_file::emit): Likewise.
5761 * sm-signal.cc (signal_unsafe_call::emit): Likewise.
5762 * sm-taint.cc (tainted_array_index::emit): Likewise.
5763
8c08c983
DM		 57642020-01-27 David Malcolm <dmalcolm@redhat.com>
5765
5766 PR analyzer/93451
5767 * region-model.cc (tree_cmp): For the REAL_CST case, impose an
5768 arbitrary order on NaNs relative to other NaNs and to non-NaNs;
5769 const-correctness tweak.
5770 (ana::selftests::build_real_cst_from_string): New function.
5771 (ana::selftests::append_interesting_constants): New function.
5772 (ana::selftests::test_tree_cmp_on_constants): New test.
5773 (ana::selftests::test_canonicalization_4): New test.
5774 (ana::selftests::analyzer_region_model_cc_tests): Call the new
5775 tests.
5776
2fbea419
DM		 57772020-01-27 David Malcolm <dmalcolm@redhat.com>
5778
5779 PR analyzer/93349
5780 * engine.cc (run_checkers): Save and restore input_location.
5781
6a81cabc
DM		 57822020-01-27 David Malcolm <dmalcolm@redhat.com>
5783
5784 * call-string.cc (call_string::cmp_1): Delete, moving body to...
5785 (call_string::cmp): ...here.
5786 * call-string.h (call_string::cmp_1): Delete decl.
5787 * engine.cc (worklist::key_t::cmp_1): Delete, moving body to...
5788 (worklist::key_t::cmp): ...here. Implement hash comparisons
5789 via comparison rather than subtraction to avoid overflow issues.
5790 * exploded-graph.h (worklist::key_t::cmp_1): Delete decl.
5791 * region-model.cc (tree_cmp): Eliminate buggy checking for
5792 symmetry.
5793
342e14ff
DM		 57942020-01-27 David Malcolm <dmalcolm@redhat.com>
5795
5796 * analyzer.cc (is_named_call_p): Check that fndecl is "extern"
5797 and at file scope. Potentially disregard prefix _ or __ in
5798 fndecl's name. Bail if the identifier is NULL.
5799 (is_setjmp_call_p): Expect a gcall rather than plain gimple.
5800 Remove special-case check for leading prefix, and also check for
5801 sigsetjmp.
5802 (is_longjmp_call_p): Also check for siglongjmp.
5803 (get_user_facing_name): New function.
5804 * analyzer.h (is_setjmp_call_p): Expect a gcall rather than plain
5805 gimple.
5806 (get_user_facing_name): New decl.
5807 * checker-path.cc (setjmp_event::get_desc): Use
5808 get_user_facing_name to avoid hardcoding the function name.
5809 (rewind_event::rewind_event): Add rewind_info param, using it to
5810 initialize new m_rewind_info field, and strengthen the assertion.
5811 (rewind_from_longjmp_event::get_desc): Use get_user_facing_name to
5812 avoid hardcoding the function name.
5813 (rewind_to_setjmp_event::get_desc): Likewise.
5814 * checker-path.h (setjmp_event::setjmp_event): Add setjmp_call
5815 param and use it to initialize...
5816 (setjmp_event::m_setjmp_call): New field.
5817 (rewind_event::rewind_event): Add rewind_info param.
5818 (rewind_event::m_rewind_info): New protected field.
5819 (rewind_from_longjmp_event::rewind_from_longjmp_event): Add
5820 rewind_info param.
5821 (class rewind_to_setjmp_event): Move rewind_info field to parent
5822 class.
5823 * diagnostic-manager.cc (diagnostic_manager::add_events_for_eedge):
5824 Update setjmp-handling for is_setjmp_call_p requiring a gcall;
5825 pass the call to the new setjmp_event.
5826 * engine.cc (exploded_node::on_stmt): Update for is_setjmp_call_p
5827 requiring a gcall.
5828 (stale_jmp_buf::emit): Use get_user_facing_name to avoid
5829 hardcoding the function names.
5830 (exploded_node::on_longjmp): Pass the longjmp_call when
5831 constructing rewind_info.
5832 (rewind_info_t::add_events_to_path): Pass the rewind_info_t to the
5833 rewind_from_longjmp_event's ctor.
5834 * exploded-graph.h (rewind_info_t::rewind_info_t): Add
5835 longjmp_call param.
5836 (rewind_info_t::get_longjmp_call): New.
5837 (rewind_info_t::m_longjmp_call): New.
5838 * region-model.cc (region_model::on_setjmp): Update comment to
5839 indicate this is also for sigsetjmp.
5840 * region-model.h (struct setjmp_record): Likewise.
5841 (class setjmp_svalue): Likewise.
5842
26d949c8
DM		 58432020-01-27 David Malcolm <dmalcolm@redhat.com>
5844
5845 PR analyzer/93276
5846 * analyzer.h (PUSH_IGNORE_WFORMAT, POP_IGNORE_WFORMAT): Guard these
5847 macros with GCC_VERSION >= 4006, making them no-op otherwise.
5848 * engine.cc (exploded_edge::exploded_edge): Specify template for
5849 base class initializer.
5850 (exploded_graph::add_edge): Specify template when chaining up to
5851 base class add_edge implementation.
5852 (viz_callgraph_node::dump_dot): Drop redundant "typename".
5853 (viz_callgraph_edge::viz_callgraph_edge): Specify template for
5854 base class initializer.
5855 * program-state.cc (sm_state_map::clone_with_remapping): Drop
5856 redundant "typename".
5857 (sm_state_map::print): Likewise.
5858 (sm_state_map::hash): Likewise.
5859 (sm_state_map::operator==): Likewise.
5860 (sm_state_map::remap_svalue_ids): Likewise.
5861 (sm_state_map::on_svalue_purge): Likewise.
5862 (sm_state_map::validate): Likewise.
5863 * program-state.h (sm_state_map::iterator_t): Likewise.
5864 * supergraph.h (superedge::superedge): Specify template for base
5865 class initializer.
5866
648796da
DM		 58672020-01-23 David Malcolm <dmalcolm@redhat.com>
5868
5869 PR analyzer/93375
5870 * supergraph.cc (callgraph_superedge::get_arg_for_parm): Fail
5871 gracefully is the number of parameters at the callee exceeds the
5872 number of arguments at the call stmt.
5873 (callgraph_superedge::get_parm_for_arg): Likewise.
5874
591b59eb
DM		 58752020-01-22 David Malcolm <dmalcolm@redhat.com>
5876
5877 PR analyzer/93382
5878 * program-state.cc (sm_state_map::on_svalue_purge): If the
5879 entry survives, but the origin is being purged, then reset the
5880 origin to null.
5881
c9c8aef4
DM		 58822020-01-22 David Malcolm <dmalcolm@redhat.com>
5883
5884 * sm-signal.cc: Fix nesting of CHECKING_P and namespace ana.
5885
fd9982bb
DM		 58862020-01-22 David Malcolm <dmalcolm@redhat.com>
5887
5888 PR analyzer/93378
5889 * engine.cc (setjmp_svalue::compare_fields): Update for
5890 replacement of m_enode with m_setjmp_record.
5891 (setjmp_svalue::add_to_hash): Likewise.
5892 (setjmp_svalue::get_index): Rename...
5893 (setjmp_svalue::get_enode_index): ...to this.
5894 (setjmp_svalue::print_details): Update for replacement of m_enode
5895 with m_setjmp_record.
5896 (exploded_node::on_longjmp): Likewise.
5897 * exploded-graph.h (rewind_info_t::m_enode_origin): Replace...
5898 (rewind_info_t::m_setjmp_record): ...with this.
5899 (rewind_info_t::rewind_info_t): Update for replacement of m_enode
5900 with m_setjmp_record.
5901 (rewind_info_t::get_setjmp_point): Likewise.
5902 (rewind_info_t::get_setjmp_call): Likewise.
5903 * region-model.cc (region_model::dump_summary_of_map): Likewise.
5904 (region_model::on_setjmp): Likewise.
5905 * region-model.h (struct setjmp_record): New struct.
5906 (setjmp_svalue::m_enode): Replace...
5907 (setjmp_svalue::m_setjmp_record): ...with this.
5908 (setjmp_svalue::setjmp_svalue): Update for replacement of m_enode
5909 with m_setjmp_record.
5910 (setjmp_svalue::clone): Likewise.
5911 (setjmp_svalue::get_index): Rename...
5912 (setjmp_svalue::get_enode_index): ...to this.
5913 (setjmp_svalue::get_exploded_node): Replace...
5914 (setjmp_svalue::get_setjmp_record): ...with this.
5915
da7cf663
DM		 59162020-01-22 David Malcolm <dmalcolm@redhat.com>
5917
5918 PR analyzer/93316
5919 * analyzer.cc (is_setjmp_call_p): Check for "setjmp" as well as
5920 "_setjmp".
5921
75038aa6
DM		 59222020-01-22 David Malcolm <dmalcolm@redhat.com>
5923
5924 PR analyzer/93307
5925 * analysis-plan.h: Wrap everything namespace "ana".
5926 * analyzer-logging.cc: Likewise.
5927 * analyzer-logging.h: Likewise.
5928 * analyzer-pass.cc (pass_analyzer::execute): Update for "ana"
5929 namespace.
5930 * analyzer-selftests.cc: Wrap everything namespace "ana".
5931 * analyzer-selftests.h: Likewise.
5932 * analyzer.h: Likewise for forward decls of types.
5933 * call-string.h: Likewise.
5934 * checker-path.cc: Likewise.
5935 * checker-path.h: Likewise.
5936 * constraint-manager.cc: Likewise.
5937 * constraint-manager.h: Likewise.
5938 * diagnostic-manager.cc: Likewise.
5939 * diagnostic-manager.h: Likewise.
5940 * engine.cc: Likewise.
5941 * engine.h: Likewise.
5942 * exploded-graph.h: Likewise.
5943 * function-set.cc: Likewise.
5944 * function-set.h: Likewise.
5945 * pending-diagnostic.cc: Likewise.
5946 * pending-diagnostic.h: Likewise.
5947 * program-point.cc: Likewise.
5948 * program-point.h: Likewise.
5949 * program-state.cc: Likewise.
5950 * program-state.h: Likewise.
5951 * region-model.cc: Likewise.
5952 * region-model.h: Likewise.
5953 * sm-file.cc: Likewise.
5954 * sm-malloc.cc: Likewise.
5955 * sm-pattern-test.cc: Likewise.
5956 * sm-sensitive.cc: Likewise.
5957 * sm-signal.cc: Likewise.
5958 * sm-taint.cc: Likewise.
5959 * sm.cc: Likewise.
5960 * sm.h: Likewise.
5961 * state-purge.h: Likewise.
5962 * supergraph.cc: Likewise.
5963 * supergraph.h: Likewise.
5964
4f01e577
DM		 59652020-01-21 David Malcolm <dmalcolm@redhat.com>
5966
5967 PR analyzer/93352
5968 * region-model.cc (int_cmp): Rename to...
5969 (array_region::key_cmp): ...this, using key_t rather than int.
5970 Rewrite in terms of comparisons rather than subtraction to
5971 ensure qsort is anti-symmetric when handling extreme values.
5972 (array_region::walk_for_canonicalization): Update for above
5973 renaming.
5974 * region-model.h (array_region::key_cmp): New decl.
5975
07c86323
DM		 59762020-01-17 David Malcolm <dmalcolm@redhat.com>
5977
5978 PR analyzer/93290
5979 * region-model.cc (region_model::eval_condition_without_cm): Avoid
5980 gcc_unreachable for unexpected operations for the case where
5981 we're comparing an svalue against itself.
5982
5f030383
DM		 59832020-01-17 David Malcolm <dmalcolm@redhat.com>
5984
5985 PR analyzer/93281
5986 * region-model.cc
5987 (region_model::convert_byte_offset_to_array_index): Convert to
5988 ssizetype before dividing by byte_size. Use fold_binary rather
5989 than fold_build2 to avoid needlessly constructing a tree for the
5990 non-const case.
5991
49e9a999
DM		 59922020-01-15 David Malcolm <dmalcolm@redhat.com>
5993
5994 * engine.cc (class impl_region_model_context): Fix comment.
5995
32077b69
DM		 59962020-01-14 David Malcolm <dmalcolm@redhat.com>
5997
5998 PR analyzer/93212
5999 * region-model.cc (make_region_for_type): Use
6000 FUNC_OR_METHOD_TYPE_P rather than comparing against FUNCTION_TYPE.
6001 * region-model.h (function_region::function_region): Likewise.
6002
7fb3669e
DM		 60032020-01-14 David Malcolm <dmalcolm@redhat.com>
6004
6005 * program-state.cc (sm_state_map::clone_with_remapping): Copy
6006 m_global_state.
6007 (selftest::test_program_state_merging_2): New selftest.
6008 (selftest::analyzer_program_state_cc_tests): Call it.
6009
e2a538b1
DM		 60102020-01-14 David Malcolm <dmalcolm@redhat.com>
6011
6012 * checker-path.h (checker_path::get_checker_event): New function.
6013 (checker_path): Add DISABLE_COPY_AND_ASSIGN; make fields private.
6014 * diagnostic-manager.cc
6015 (diagnostic_manager::prune_for_sm_diagnostic): Replace direct
6016 access to checker_path::m_events with accessor functions. Fix
6017 overlong line.
6018 (diagnostic_manager::prune_interproc_events): Replace direct
6019 access to checker_path::m_events with accessor functions.
6020 (diagnostic_manager::finish_pruning): Likewise.
6021
94946989
DM		 60222020-01-14 David Malcolm <dmalcolm@redhat.com>
6023
6024 * checker-path.h (checker_event::clone): Delete vfunc decl.
6025 (debug_event::clone): Delete vfunc impl.
6026 (custom_event::clone): Delete vfunc impl.
6027 (statement_event::clone): Delete vfunc impl.
6028 (function_entry_event::clone): Delete vfunc impl.
6029 (state_change_event::clone): Delete vfunc impl.
6030 (start_cfg_edge_event::clone): Delete vfunc impl.
6031 (end_cfg_edge_event::clone): Delete vfunc impl.
6032 (call_event::clone): Delete vfunc impl.
6033 (return_event::clone): Delete vfunc impl.
6034 (setjmp_event::clone): Delete vfunc impl.
6035 (rewind_from_longjmp_event::clone): Delete vfunc impl.
6036 (rewind_to_setjmp_event::clone): Delete vfunc impl.
6037 (warning_event::clone): Delete vfunc impl.
6038
718930c0
DM		 60392020-01-14 David Malcolm <dmalcolm@redhat.com>
6040
6041 * supergraph.cc (supernode::dump_dot): Ensure that the TABLE
6042 element has at least one TR.
6043
8397af8e
DM		 60442020-01-14 David Malcolm <dmalcolm@redhat.com>
6045
6046 PR analyzer/58237
6047 * engine.cc (leak_stmt_finder::find_stmt): Use get_pure_location
6048 when comparing against UNKNOWN_LOCATION.
6049 (stmt_requires_new_enode_p): Likewise.
6050 (exploded_graph::dump_exploded_nodes): Likewise.
6051 * supergraph.cc (supernode::get_start_location): Likewise.
6052 (supernode::get_end_location): Likewise.
6053
697251b7
DM		 60542020-01-14 David Malcolm <dmalcolm@redhat.com>
6055
6056 PR analyzer/58237
6057 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
6058 selftest::analyzer_sm_file_cc_tests.
6059 * analyzer-selftests.h (selftest::analyzer_sm_file_cc_tests): New
6060 decl.
6061 * sm-file.cc: Include "analyzer/function-set.h" and
6062 "analyzer/analyzer-selftests.h".
6063 (get_file_using_fns): New function.
6064 (is_file_using_fn_p): New function.
6065 (fileptr_state_machine::on_stmt): Return true for known functions.
6066 (selftest::analyzer_sm_file_cc_tests): New function.
6067
4804c5fe
DM		 60682020-01-14 David Malcolm <dmalcolm@redhat.com>
6069
6070 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
6071 selftest::analyzer_sm_signal_cc_tests.
6072 * analyzer-selftests.h (selftest::analyzer_sm_signal_cc_tests):
6073 New decl.
6074 * sm-signal.cc: Include "analyzer/function-set.h" and
6075 "analyzer/analyzer-selftests.h".
6076 (get_async_signal_unsafe_fns): New function.
6077 (signal_unsafe_p): Reimplement in terms of the above.
6078 (selftest::analyzer_sm_signal_cc_tests): New function.
6079
a6b5f19c
DM		 60802020-01-14 David Malcolm <dmalcolm@redhat.com>
6081
6082 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
6083 selftest::analyzer_function_set_cc_tests.
6084 * analyzer-selftests.h (selftest::analyzer_function_set_cc_tests):
6085 New decl.
6086 * function-set.cc: New file.
6087 * function-set.h: New file.
6088
ef7827b0
DM		 60892020-01-14 David Malcolm <dmalcolm@redhat.com>
6090
6091 * analyzer.h (fndecl_has_gimple_body_p): New decl.
6092 * engine.cc (impl_region_model_context::on_unknown_change): New
6093 function.
6094 (fndecl_has_gimple_body_p): Make non-static.
6095 (exploded_node::on_stmt): Treat __analyzer_dump_exploded_nodes as
6096 known. Track whether we have a call with unknown side-effects and
6097 pass it to on_call_post.
6098 * exploded-graph.h (impl_region_model_context::on_unknown_change):
6099 New decl.
6100 * program-state.cc (sm_state_map::on_unknown_change): New function.
6101 * program-state.h (sm_state_map::on_unknown_change): New decl.
6102 * region-model.cc: Include "bitmap.h".
6103 (region_model::on_call_pre): Return a bool, capturing whether the
6104 call has unknown side effects.
6105 (region_model::on_call_post): Add arg "bool unknown_side_effects"
6106 and if true, call handle_unrecognized_call.
6107 (class reachable_regions): New class.
6108 (region_model::handle_unrecognized_call): New function.
6109 * region-model.h (region_model::on_call_pre): Return a bool.
6110 (region_model::on_call_post): Add arg "bool unknown_side_effects".
6111 (region_model::handle_unrecognized_call): New decl.
6112 (region_model_context::on_unknown_change): New vfunc.
6113 (test_region_model_context::on_unknown_change): New function.
6114
14f9d7b9
DM		 61152020-01-14 David Malcolm <dmalcolm@redhat.com>
6116
6117 * diagnostic-manager.cc (saved_diagnostic::operator==): Move here
6118 from header. Replace pointer equality test on m_var with call to
6119 pending_diagnostic::same_tree_p.
6120 * diagnostic-manager.h (saved_diagnostic::operator==): Move to
6121 diagnostic-manager.cc.
6122 * pending-diagnostic.cc (pending_diagnostic::same_tree_p): New.
6123 * pending-diagnostic.h (pending_diagnostic::same_tree_p): New.
6124 * sm-file.cc (file_diagnostic::subclass_equal_p): Replace pointer
6125 equality on m_arg with call to pending_diagnostic::same_tree_p.
6126 * sm-malloc.cc (malloc_diagnostic::subclass_equal_p): Likewise.
6127 (possible_null_arg::subclass_equal_p): Likewise.
6128 (null_arg::subclass_equal_p): Likewise.
6129 (free_of_non_heap::subclass_equal_p): Likewise.
6130 * sm-pattern-test.cc (pattern_match::operator==): Likewise.
6131 * sm-sensitive.cc (exposure_through_output_file::operator==):
6132 Likewise.
6133 * sm-taint.cc (tainted_array_index::operator==): Likewise.
6134
f474fbd5
DM		 61352020-01-14 David Malcolm <dmalcolm@redhat.com>
6136
6137 * diagnostic-manager.cc (dedupe_winners::add): Add logging
6138 of deduplication decisions made.
6139
757bf1df
DM		 61402020-01-14 David Malcolm <dmalcolm@redhat.com>
6141
6142 * ChangeLog: New file.
6143 * analyzer-selftests.cc: New file.
6144 * analyzer-selftests.h: New file.
6145 * analyzer.opt: New file.
6146 * analysis-plan.cc: New file.
6147 * analysis-plan.h: New file.
6148 * analyzer-logging.cc: New file.
6149 * analyzer-logging.h: New file.
6150 * analyzer-pass.cc: New file.
6151 * analyzer.cc: New file.
6152 * analyzer.h: New file.
6153 * call-string.cc: New file.
6154 * call-string.h: New file.
6155 * checker-path.cc: New file.
6156 * checker-path.h: New file.
6157 * constraint-manager.cc: New file.
6158 * constraint-manager.h: New file.
6159 * diagnostic-manager.cc: New file.
6160 * diagnostic-manager.h: New file.
6161 * engine.cc: New file.
6162 * engine.h: New file.
6163 * exploded-graph.h: New file.
6164 * pending-diagnostic.cc: New file.
6165 * pending-diagnostic.h: New file.
6166 * program-point.cc: New file.
6167 * program-point.h: New file.
6168 * program-state.cc: New file.
6169 * program-state.h: New file.
6170 * region-model.cc: New file.
6171 * region-model.h: New file.
6172 * sm-file.cc: New file.
6173 * sm-malloc.cc: New file.
6174 * sm-malloc.dot: New file.
6175 * sm-pattern-test.cc: New file.
6176 * sm-sensitive.cc: New file.
6177 * sm-signal.cc: New file.
6178 * sm-taint.cc: New file.
6179 * sm.cc: New file.
6180 * sm.h: New file.
6181 * state-purge.cc: New file.
6182 * state-purge.h: New file.
6183 * supergraph.cc: New file.
6184 * supergraph.h: New file.
6185
61862019-12-13 David Malcolm <dmalcolm@redhat.com>
6187
6188 * Initial creation
6189
6190\f
877e3c2a 6191Copyright (C) 2019-2022 Free Software Foundation, Inc.
757bf1df
DM		 6192
6193Copying and distribution of this file, with or without modification,
6194are permitted in any medium without royalty provided the copyright
6195notice and this notice are preserved.
Mirror of https://gcc.gnu.org/git/gcc.git