projects / gcc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Daily bump.
[gcc.git] / gcc / analyzer / ChangeLog
1 2020-08-19 David Malcolm <dmalcolm@redhat.com>
2
3 PR analyzer/96643
4 * region-model.cc (region_model::deref_rvalue): Rather than
5 attempting to handle all svalue kinds in the switch, only cover
6 the special cases, and move symbolic-region handling to after
7 the switch, thus implicitly handling the missing case SK_COMPOUND.
8
9 2020-08-19 David Malcolm <dmalcolm@redhat.com>
10
11 PR analyzer/96705
12 * region-model-manager.cc
13 (region_model_manager::maybe_fold_binop): Check that we have an
14 integral type before calling build_int_cst.
15
16 2020-08-19 David Malcolm <dmalcolm@redhat.com>
17
18 PR analyzer/96699
19 * region-model-manager.cc
20 (region_model_manager::get_or_create_cast): Use FIX_TRUNC_EXPR for
21 casting from REAL_TYPE to INTEGER_TYPE.
22
23 2020-08-19 David Malcolm <dmalcolm@redhat.com>
24
25 PR analyzer/96651
26 * region-model.cc (region_model::called_from_main_p): New.
27 (region_model::get_store_value): Move handling for globals into...
28 (region_model::get_initial_value_for_global): ...this new
29 function, and add logic for extracting values from decl
30 initializers.
31 * region-model.h (decl_region::get_svalue_for_constructor): New
32 decl.
33 (decl_region::get_svalue_for_initializer): New decl.
34 (region_model::called_from_main_p): New decl.
35 (region_model::get_initial_value_for_global): New.
36 * region.cc (decl_region::maybe_get_constant_value): Move logic
37 for getting an svalue from a CONSTRUCTOR node to...
38 (decl_region::get_svalue_for_constructor): ...this new function.
39 (decl_region::get_svalue_for_initializer): New.
40 * store.cc (get_svalue_for_ctor_val): Rewrite in terms of
41 region_model::get_rvalue.
42 * store.h (binding_cluster::get_map): New accessor.
43
44 2020-08-19 David Malcolm <dmalcolm@redhat.com>
45
46 PR analyzer/96648
47 * region.cc (get_field_at_bit_offset): Gracefully handle negative
48 values for bit_offset.
49
50 2020-08-18 David Malcolm <dmalcolm@redhat.com>
51
52 * region-model.cc (region_model::get_rvalue_1): Fix name of local.
53
54 2020-08-18 David Malcolm <dmalcolm@redhat.com>
55
56 PR analyzer/96641
57 * region-model.cc (region_model::get_rvalue_1): Handle
58 unrecognized tree codes by returning "UNKNOWN.
59
60 2020-08-18 David Malcolm <dmalcolm@redhat.com>
61
62 PR analyzer/96640
63 * region-model.cc (region_model::get_gassign_result): Handle various
64 VEC_* tree codes by returning UNKNOWN.
65 (region_model::on_assignment): Handle unrecognized tree codes by
66 setting lhs to an unknown value, rather than issuing a "sorry" and
67 asserting.
68
69 2020-08-17 David Malcolm <dmalcolm@redhat.com>
70
71 PR analyzer/96644
72 * region-model-manager.cc (get_region_for_unexpected_tree_code):
73 Handle ctxt being NULL.
74
75 2020-08-17 David Malcolm <dmalcolm@redhat.com>
76
77 PR analyzer/96639
78 * region.cc (region::get_subregions_for_binding): Check for "type"
79 being NULL.
80
81 2020-08-17 David Malcolm <dmalcolm@redhat.com>
82
83 PR analyzer/96642
84 * store.cc (get_svalue_for_ctor_val): New.
85 (binding_map::apply_ctor_to_region): Call it.
86
87 2020-08-14 David Malcolm <dmalcolm@redhat.com>
88
89 PR testsuite/96609
90 PR analyzer/96616
91 * region-model.cc (region_model::get_store_value): Call
92 maybe_get_constant_value on decl_regions first.
93 * region-model.h (decl_region::maybe_get_constant_value): New decl.
94 * region.cc (decl_region::get_stack_depth): Likewise.
95 (decl_region::maybe_get_constant_value): New.
96 * store.cc (get_subregion_within_ctor): New.
97 (binding_map::apply_ctor_to_region): New.
98 * store.h (binding_map::apply_ctor_to_region): New decl.
99
100 2020-08-14 David Malcolm <dmalcolm@redhat.com>
101
102 PR analyzer/96611
103 * store.cc (store::mark_as_escaped): Reject attempts to
104 get a cluster for an unknown pointer.
105
106 2020-08-13 David Malcolm <dmalcolm@redhat.com>
107
108 PR analyzer/93032
109 PR analyzer/93938
110 PR analyzer/94011
111 PR analyzer/94099
112 PR analyzer/94399
113 PR analyzer/94458
114 PR analyzer/94503
115 PR analyzer/94640
116 PR analyzer/94688
117 PR analyzer/94689
118 PR analyzer/94839
119 PR analyzer/95026
120 PR analyzer/95042
121 PR analyzer/95240
122 * analyzer-logging.cc: Ignore "-Wformat-diag".
123 (logger::enter_scope): Use inc_indent in both overloads.
124 (logger::exit_scope): Use dec_indent.
125 * analyzer-logging.h (logger::inc_indent): New.
126 (logger::dec_indent): New.
127 * analyzer-selftests.cc (run_analyzer_selftests): Call
128 analyzer_store_cc_tests.
129 * analyzer-selftests.h (analyzer_store_cc_tests): New decl.
130 * analyzer.cc (get_stmt_location): New function.
131 * analyzer.h (class initial_svalue): New forward decl.
132 (class unaryop_svalue): New forward decl.
133 (class binop_svalue): New forward decl.
134 (class sub_svalue): New forward decl.
135 (class unmergeable_svalue): New forward decl.
136 (class placeholder_svalue): New forward decl.
137 (class widening_svalue): New forward decl.
138 (class compound_svalue): New forward decl.
139 (class conjured_svalue): New forward decl.
140 (svalue_set): New typedef.
141 (class map_region): Delete.
142 (class array_region): Delete.
143 (class frame_region): New forward decl.
144 (class function_region): New forward decl.
145 (class label_region): New forward decl.
146 (class decl_region): New forward decl.
147 (class element_region): New forward decl.
148 (class offset_region): New forward decl.
149 (class cast_region): New forward decl.
150 (class field_region): New forward decl.
151 (class string_region): New forward decl.
152 (class region_model_manager): New forward decl.
153 (class store_manager): New forward decl.
154 (class store): New forward decl.
155 (class call_details): New forward decl.
156 (struct svalue_id_merger_mapping): Delete.
157 (struct canonicalization): Delete.
158 (class function_point): New forward decl.
159 (class engine): New forward decl.
160 (dump_tree): New function decl.
161 (print_quoted_type): New function decl.
162 (readability_comparator): New function decl.
163 (tree_cmp): New function decl.
164 (class path_var): Move here from region-model.h
165 (bit_offset_t, bit_size_t, byte_size_t): New typedefs.
166 (class region_offset): New class.
167 (get_stmt_location): New decl.
168 (struct member_function_hash_traits): New struct.
169 (class consolidation_map): New class.
170 Ignore "-Wformat-diag".
171 * analyzer.opt (-param=analyzer-max-svalue-depth=): New param.
172 (-param=analyzer-max-enodes-for-full-dump=): New param.
173 * call-string.cc: Ignore -Wformat-diag.
174 * checker-path.cc: Move includes of "analyzer/call-string.h" and
175 "analyzer/program-point.h" to before "analyzer/region-model.h",
176 and also include "analyzer/store.h" before it.
177 (state_change_event::state_change_event): Replace "tree var" param
178 with "const svalue *sval". Convert "origin" param from tree to
179 "const svalue *".
180 (state_change_event::get_desc): Call get_representative_tree to
181 convert the var and origin from const svalue * to tree. Use
182 svalue::get_desc rather than %qE when describing state changes.
183 (checker_path::add_final_event): Use get_stmt_location.
184 * checker-path.h (state_change_event::state_change_event): Port
185 from tree to const svalue *.
186 (state_change_event::get_lvalue): Delete.
187 (state_change_event::get_dest_function): New.
188 (state_change_event::m_var): Replace with...
189 (state_change_event::m_sval): ...this.
190 (state_change_event::m_origin): Convert from tree to
191 const svalue *.
192 * constraint-manager.cc: Include "analyzer/call-string.h",
193 "analyzer/program-point.h", and "analyzer/store.h" before
194 "analyzer/region-model.h".
195 (struct bound, struct range): Move to constraint-manager.h.
196 (compare_constants): New function.
197 (range::dump): Rename to...
198 (range::dump_to_pp): ...this. Support NULL constants.
199 (range::dump): Reintroduce for dumping to stderr.
200 (range::constrained_to_single_element): Return result, rather than
201 writing to *OUT.
202 (range::eval_condition): New.
203 (range::below_lower_bound): New.
204 (range::above_upper_bound): New.
205 (equiv_class::equiv_class): Port from svalue_id to const svalue *.
206 (equiv_class::print): Likewise.
207 (equiv_class::hash): Likewise.
208 (equiv_class::operator==): Port from svalue_id to const svalue *.
209 (equiv_class::add): Port from svalue_id to const svalue *. Drop
210 "cm" param.
211 (equiv_class::del): Port from svalue_id to const svalue *.
212 (equiv_class::get_representative): Likewise.
213 (equiv_class::remap_svalue_ids): Delete.
214 (svalue_id_cmp_by_id): Rename to...
215 (svalue_cmp_by_ptr): ...this, porting from svalue_id to
216 const svalue *.
217 (equiv_class::canonicalize): Update qsort comparator.
218 (constraint::implied_by): New.
219 (constraint_manager::constraint_manager): Copy m_mgr in copy ctor.
220 (constraint_manager::dump_to_pp): Add "multiline" param
221 (constraint_manager::dump): Pass "true" for "multiline".
222 (constraint_manager::add_constraint): Port from svalue_id to
223 const svalue *. Split out second part into...
224 (constraint_manager::add_unknown_constraint): ...this new
225 function. Remove self-constraints when merging equivalence
226 classes.
227 (constraint_manager::add_constraint_internal): Remove constraints
228 that would be implied by the new constraint. Port from svalue_id
229 to const svalue *.
230 (constraint_manager::get_equiv_class_by_sid): Rename to...
231 (constraint_manager::get_equiv_class_by_svalue): ...this, porting
232 from svalue_id to const svalue *.
233 (constraint_manager::get_or_add_equiv_class): Port from svalue_id
234 to const svalue *.
235 (constraint_manager::eval_condition): Make const. Call
236 compare_constants and return early if it provides a known result.
237 (constraint_manager::get_ec_bounds): New.
238 (constraint_manager::eval_condition): New overloads. Make
239 existing one const, and use compare_constants.
240 (constraint_manager::purge): Convert "p" param to a template
241 rather that an abstract base class. Port from svalue_id to
242 const svalue *.
243 (class dead_svalue_purger): New class.
244 (constraint_manager::remap_svalue_ids): Delete.
245 (constraint_manager::on_liveness_change): New.
246 (equiv_class_cmp): Port from svalue_id to const svalue *.
247 (constraint_manager::canonicalize): Likewise. Combine with
248 purging of redundant equivalence classes and constraints.
249 (class cleaned_constraint_manager): Delete.
250 (class merger_fact_visitor): Make "m_cm_b" const. Add "m_merger"
251 field.
252 (merger_fact_visitor::fact): Port from svalue_id to const svalue *.
253 Add special case for widening.
254 (constraint_manager::merge): Port from svalue_id to const svalue *.
255 (constraint_manager::clean_merger_input): Delete.
256 (constraint_manager::for_each_fact): Port from svalue_id to
257 const svalue *.
258 (constraint_manager::validate): Likewise.
259 (selftest::test_constraint_conditions): Provide a
260 region_model_manager when creating region_model instances.
261 Add test for self-equality not creating equivalence classes.
262 (selftest::test_transitivity): Provide a region_model_manager when
263 creating region_model instances. Verify that EC-merging happens
264 when constraints are implied.
265 (selftest::test_constant_comparisons): Provide a
266 region_model_manager when creating region_model instances.
267 (selftest::test_constraint_impl): Likewise. Remove over-specified
268 assertions.
269 (selftest::test_equality): Provide a region_model_manager when
270 creating region_model instances.
271 (selftest::test_many_constants): Likewise. Provide a
272 program_point when testing merging.
273 (selftest::run_constraint_manager_tests): Move call to
274 test_constant_comparisons to outside the transitivity guard.
275 * constraint-manager.h (struct bound): Move here from
276 constraint-manager.cc.
277 (struct range): Likewise.
278 (struct::eval_condition): New decl.
279 (struct::below_lower_bound): New decl.
280 (struct::above_upper_bound): New decl.
281 (equiv_class::add): Port from svalue_id to const svalue *.
282 (equiv_class::del): Likewise.
283 (equiv_class::get_representative): Likewise.
284 (equiv_class::remap_svalue_ids): Drop.
285 (equiv_class::m_cst_sid): Convert to..
286 (equiv_class::m_cst_sval): ...this.
287 (equiv_class::m_vars): Port from svalue_id to const svalue *.
288 (constraint::bool implied_by): New decl.
289 (fact_visitor::on_fact): Port from svalue_id to const svalue *.
290 (constraint_manager::constraint_manager): Add mgr param.
291 (constraint_manager::clone): Delete.
292 (constraint_manager::maybe_get_constant): Delete.
293 (constraint_manager::get_sid_for_constant): Delete.
294 (constraint_manager::get_num_svalues): Delete.
295 (constraint_manager::dump_to_pp): Add "multiline" param.
296 (constraint_manager::get_equiv_class): Port from svalue_id to
297 const svalue *.
298 (constraint_manager::add_constraint): Likewise.
299 (constraint_manager::get_equiv_class_by_sid): Rename to...
300 (constraint_manager::get_equiv_class_by_svalue): ...this, porting
301 from svalue_id to const svalue *.
302 (constraint_manager::add_unknown_constraint): New decl.
303 (constraint_manager::get_or_add_equiv_class): Port from svalue_id
304 to const svalue *.
305 (constraint_manager::eval_condition): Likewise. Add overloads.
306 (constraint_manager::get_ec_bounds): New decl.
307 (constraint_manager::purge): Convert to template.
308 (constraint_manager::remap_svalue_ids): Delete.
309 (constraint_manager::on_liveness_change): New decl.
310 (constraint_manager::canonicalize): Drop param.
311 (constraint_manager::clean_merger_input): Delete.
312 (constraint_manager::m_mgr): New field.
313 * diagnostic-manager.cc: Move includes of
314 "analyzer/call-string.h" and "analyzer/program-point.h" to before
315 "analyzer/region-model.h", and also include "analyzer/store.h"
316 before it.
317 (saved_diagnostic::saved_diagnostic): Add "sval" param.
318 (diagnostic_manager::diagnostic_manager): Add engine param.
319 (diagnostic_manager::add_diagnostic): Add "sval" param, passing it
320 to saved_diagnostic ctor. Update overload to pass NULL for it.
321 (dedupe_winners::dedupe_winners): Add engine param.
322 (dedupe_winners::add): Add "eg" param. Pass m_engine to
323 feasible_p.
324 (dedupe_winner::m_engine): New field.
325 (diagnostic_manager::emit_saved_diagnostics): Pass engine to
326 dedupe_winners. Pass &eg when adding candidates. Pass svalue
327 rather than tree to prune_path. Use get_stmt_location to get
328 primary location of diagnostic.
329 (diagnostic_manager::emit_saved_diagnostic): Likewise.
330 (get_any_origin): Drop.
331 (state_change_event_creator::on_global_state_change): Pass NULL
332 const svalue * rather than NULL_TREE trees to state_change_event
333 ctor.
334 (state_change_event_creator::on_state_change): Port from tree and
335 svalue_id to const svalue *.
336 (for_each_state_change): Port from svalue_id to const svalue *.
337 (struct null_assignment_sm_context): New.
338 (diagnostic_manager::add_events_for_eedge): Add state change
339 events for assignment to NULL.
340 (diagnostic_manager::prune_path): Update param from tree to
341 const svalue *.
342 (diagnostic_manager::prune_for_sm_diagnostic): Port from tracking
343 by tree to by const svalue *.
344 * diagnostic-manager.h (saved_diagnostic::saved_diagnostic): Add sval
345 param.
346 (saved_diagnostic::m_sval): New field.
347 (diagnostic_manager::diagnostic_manager): Add engine param.
348 (diagnostic_manager::get_engine): New.
349 (diagnostic_manager::add_diagnostic): Add "sval" param.
350 (diagnostic_manager::prune_path): Likewise.
351 (diagnostic_manager::prune_for_sm_diagnostic): New overload.
352 (diagnostic_manager::m_eng): New field.
353 * engine.cc: Move includes of "analyzer/call-string.h" and
354 "analyzer/program-point.h" to before "analyzer/region-model.h",
355 and also include "analyzer/store.h" before it.
356 (impl_region_model_context::impl_region_model_context): Update for
357 removal of m_change field.
358 (impl_region_model_context::remap_svalue_ids): Delete.
359 (impl_region_model_context::on_svalue_leak): New.
360 (impl_region_model_context::on_svalue_purge): Delete.
361 (impl_region_model_context::on_liveness_change): New.
362 (impl_region_model_context::on_unknown_change): Update param
363 from svalue_id to const svalue *. Add is_mutable param.
364 (setjmp_svalue::compare_fields): Delete.
365 (setjmp_svalue::accept): New.
366 (setjmp_svalue::add_to_hash): Delete.
367 (setjmp_svalue::dump_to_pp): New.
368 (setjmp_svalue::print_details): Delete.
369 (impl_sm_context::impl_sm_context): Drop "change" param.
370 (impl_sm_context::get_fndecl_for_call): Drop "m_change".
371 (impl_sm_context::on_transition): Drop ATTRIBUTE_UNUSED from
372 "stmt" param. Drop m_change. Port from svalue_id to
373 const svalue *.
374 (impl_sm_context::warn_for_state): Drop m_change. Port from
375 svalue_id to const svalue *.
376 (impl_sm_context::get_readable_tree): Rename to...
377 (impl_sm_context::get_diagnostic_tree): ...this. Port from
378 svalue_id to const svalue *.
379 (impl_sm_context::is_zero_assignment): New.
380 (impl_sm_context::m_change): Delete field.
381 (leak_stmt_finder::find_stmt): Handle m_var being NULL.
382 (readability): Increase penalty for MEM_REF. For SSA_NAMEs,
383 slightly favor the underlying var over the SSA name. Heavily
384 penalize temporaries. Handle RESULT_DECL.
385 (readability_comparator): Make non-static. Consider stack depths.
386 (impl_region_model_context::on_state_leak): Convert from svalue_id
387 to const svalue *, updating for region_model changes. Use
388 id_equal.
389 (impl_region_model_context::on_inherited_svalue): Delete.
390 (impl_region_model_context::on_cast): Delete.
391 (impl_region_model_context::on_condition): Drop m_change.
392 (impl_region_model_context::on_phi): Likewise.
393 (impl_region_model_context::on_unexpected_tree_code): Handle t
394 being NULL.
395 (point_and_state::validate): Update stack checking for
396 region_model changes.
397 (eg_traits::dump_args_t::show_enode_details_p): New.
398 (exploded_node::exploded_node): Initialize m_num_processed_stmts.
399 (exploded_node::get_processed_stmt): New function.
400 (exploded_node::get_dot_fillcolor): Add more colors.
401 (exploded_node::dump_dot): Guard the printing of the point and
402 state with show_enode_details_p. Print the processed stmts for
403 this enode after the initial state.
404 (exploded_node::dump_to_pp): Pass true for new multiline param
405 of program_state::dump_to_pp.
406 (exploded_node::on_stmt): Drop "change" param. Log the stmt.
407 Set input_location. Implement __analyzer_describe. Update
408 implementation of __analyzer_dump and __analyzer_eval.
409 Remove purging of sm-state for unknown fncalls from here.
410 (exploded_node::on_edge): Drop "change" param.
411 (exploded_node::on_longjmp): Port from region_id/svalue_id to
412 const region */const svalue *. Call program_state::detect_leaks.
413 Drop state_change.
414 (exploded_node::detect_leaks): Update for changes to region_model.
415 Call program_state::detect_leaks.
416 (exploded_edge::exploded_edge): Drop ext_state and change params.
417 (exploded_edge::dump_dot): "args" is no longer used. Drop dumping
418 of m_change.
419 (exploded_graph::exploded_graph): Pass engine to
420 m_diagnostic_manager ctor. Use program_point::origin.
421 (exploded_graph::add_function_entry): Drop ctxt. Use
422 program_state::push_frame. Drop state_change.
423 (exploded_graph::get_or_create_node): Drop "change" param. Add
424 "enode_for_diag" param. Update dumping calls for API changes.
425 Pass point to can_merge_with_p. Show enode indices
426 within -Wanalyzer-too-complex diagnostic for hitting the per-point
427 limit.
428 (exploded_graph::add_edge): Drop "change" param. Log which nodes
429 are being connected. Update for changes to exploded_edge ctor.
430 (exploded_graph::get_per_program_point_data): New.
431 (exploded_graph::process_worklist): Pass point to
432 can_merge_with_p. Drop state_change. Update dumping call for API
433 change.
434 (exploded_graph::process_node): Drop state_change. Split the
435 node in-place if an sm-state-change occurs. Update
436 m_num_processed_stmts. Update dumping calls for API change.
437 (exploded_graph::log_stats): Call engine::log_stats.
438 (exploded_graph::dump_states_for_supernode): Update dumping
439 call.
440 (exploded_path::feasible_p): Add "eng" and "eg" params.
441 Rename "i" to "end_idx". Pass the manager to the region_model
442 ctor. Update for every processed stmt in the enode, not just the
443 first. Keep track of which snodes have been visited, and call
444 loop_replay_fixup when revisiting one.
445 (enode_label::get_text): Update dump call for new param.
446 (exploded_graph::dump_exploded_nodes): Likewise.
447 (exploded_graph::get_node_by_index): New.
448 (impl_run_checkers): Create engine instance and pass its address
449 to extrinsic_state ctor.
450 * exploded-graph.h
451 (impl_region_model_context::impl_region_model_context): Drop
452 "change" params.
453 (impl_region_model_context::void remap_svalue_ids): Delete.
454 (impl_region_model_context::on_svalue_purge): Delete.
455 (impl_region_model_context::on_svalue_leak): New.
456 (impl_region_model_context::on_liveness_change): New.
457 (impl_region_model_context::on_state_leak): Update signature.
458 (impl_region_model_context::on_inherited_svalue): Delete.
459 (impl_region_model_context::on_cast): Delete.
460 (impl_region_model_context::on_unknown_change): Update signature.
461 (impl_region_model_context::m_change): Delete.
462 (eg_traits::dump_args_t::show_enode_details_p): New.
463 (exploded_node::on_stmt): Drop "change" param.
464 (exploded_node::on_edge): Likewise.
465 (exploded_node::get_processed_stmt): New decl.
466 (exploded_node::m_num_processed_stmts): New field.
467 (exploded_edge::exploded_edge): Drop ext_state and change params.
468 (exploded_edge::m_change): Delete.
469 (exploded_graph::get_engine): New accessor.
470 (exploded_graph::get_or_create_node): Drop "change" param. Add
471 "enode_for_diag" param.
472 (exploded_graph::add_edge): Drop "change" param.
473 (exploded_graph::get_per_program_point_data): New decl.
474 (exploded_graph::get_node_by_index): New decl.
475 (exploded_path::feasible_p): Add "eng" and "eg" params.
476 * program-point.cc: Include "analyzer/store.h" before including
477 "analyzer/region-model.h".
478 (function_point::function_point): Move here from
479 program-point.h.
480 (function_point::get_function): Likewise.
481 (function_point::from_function_entry): Likewise.
482 (function_point::before_supernode): Likewise.
483 (function_point::next_stmt): New function.
484 * program-point.h (function_point::function_point): Move
485 implementation from here to program-point.cc.
486 (function_point::get_function): Likewise.
487 (function_point::from_function_entry): Likewise.
488 (function_point::before_supernode): Likewise.
489 (function_point::next_stmt): New decl.
490 (program_point::operator!=): New.
491 (program_point::origin): New.
492 (program_point::next_stmt): New.
493 (program_point::m_function_point): Make non-const.
494 * program-state.cc: Move includes of "analyzer/call-string.h" and
495 "analyzer/program-point.h" to before "analyzer/region-model.h",
496 and also include "analyzer/store.h" before it.
497 (extrinsic_state::get_model_manager): New.
498 (sm_state_map::sm_state_map): Pass in sm and sm_idx to ctor,
499 rather than pass the around.
500 (sm_state_map::clone_with_remapping): Delete.
501 (sm_state_map::print): Remove "sm" param in favor of "m_sm". Add
502 "simple" and "multiline" params and support multiline vs single
503 line dumping.
504 (sm_state_map::dump): Remove "sm" param in favor of "m_sm". Add
505 "simple" param.
506 (sm_state_map::hash): Port from svalue_id to const svalue *.
507 (sm_state_map::operator==): Likewise.
508 (sm_state_map::get_state): Likewise. Call canonicalize_svalue on
509 input. Handle inheritance of sm-state. Call get_default_state.
510 (sm_state_map::get_origin): Port from svalue_id to const svalue *.
511 (sm_state_map::set_state): Likewise. Pass in ext_state. Reject
512 attempts to set state on UNKNOWN.
513 (sm_state_map::impl_set_state): Port from svalue_id to
514 const svalue *. Pass in ext_state. Call canonicalize_svalue on
515 input.
516 (sm_state_map::purge_for_unknown_fncall): Delete.
517 (sm_state_map::on_svalue_leak): New.
518 (sm_state_map::remap_svalue_ids): Delete.
519 (sm_state_map::on_liveness_change): New.
520 (sm_state_map::on_unknown_change): Reimplement.
521 (sm_state_map::on_svalue_purge): Delete.
522 (sm_state_map::on_inherited_svalue): Delete.
523 (sm_state_map::on_cast): Delete.
524 (sm_state_map::validate): Delete.
525 (sm_state_map::canonicalize_svalue): New.
526 (program_state::program_state): Update to pass manager to
527 region_model's ctor. Constify num_states and pass state machine
528 and index to sm_state_map ctor.
529 (program_state::print): Update for changes to dump API.
530 (program_state::dump_to_pp): Ignore the summarize param. Add
531 "multiline" param.
532 (program_state::dump_to_file): Add "multiline" param.
533 (program_state::dump): Pass "true" for new "multiline" param.
534 (program_state::push_frame): New.
535 (program_state::on_edge): Drop "change" param. Call
536 program_state::detect_leaks.
537 (program_state::prune_for_point): Add enode_for_diag param.
538 Reimplement based on store class. Call detect_leaks
539 (program_state::remap_svalue_ids): Delete.
540 (program_state::get_representative_tree): Port from svalue_id to
541 const svalue *.
542 (program_state::can_merge_with_p): Add "point" param. Add early
543 reject for sm-differences. Drop id remapping.
544 (program_state::validate): Drop region model and sm_state_map
545 validation.
546 (state_change::sm_change::dump): Delete.
547 (state_change::sm_change::remap_svalue_ids): Delete.
548 (state_change::sm_change::on_svalue_purge): Delete.
549 (log_set_of_svalues): New.
550 (state_change::sm_change::validate): Delete.
551 (state_change::state_change): Delete.
552 (state_change::add_sm_change): Delete.
553 (state_change::affects_p): Delete.
554 (state_change::dump): Delete.
555 (state_change::remap_svalue_ids): Delete.
556 (state_change::on_svalue_purge): Delete.
557 (state_change::validate): Delete.
558 (selftest::assert_dump_eq): Delete.
559 (ASSERT_DUMP_EQ): Delete.
560 (selftest::test_sm_state_map): Update for changes to region_model
561 and sm_state_map, porting from svalue_id to const svalue *.
562 (selftest::test_program_state_dumping): Likewise. Drop test of
563 dumping, renaming to...
564 (selftest::test_program_state_1): ...this.
565 (selftest::test_program_state_dumping_2): Likewise, renaming to...
566 (selftest::test_program_state_2): ...this.
567 (selftest::test_program_state_merging): Update for changes to
568 region_model.
569 (selftest::test_program_state_merging_2): Likewise.
570 (selftest::analyzer_program_state_cc_tests): Update for renamed
571 tests.
572 * program-state.h (extrinsic_state::extrinsic_state): Add logger
573 and engine params.
574 (extrinsic_state::get_logger): New accessor.
575 (extrinsic_state::get_engine): New accessor.
576 (extrinsic_state::get_model_manager): New accessor.
577 (extrinsic_state::m_logger): New field.
578 (extrinsic_state::m_engine): New field.
579 (struct default_hash_traits<svalue_id>): Delete.
580 (pod_hash_traits<svalue_id>::hash): Delete.
581 (pod_hash_traits<svalue_id>::equal): Delete.
582 (pod_hash_traits<svalue_id>::mark_deleted): Delete.
583 (pod_hash_traits<svalue_id>::mark_empty): Delete.
584 (pod_hash_traits<svalue_id>::is_deleted): Delete.
585 (pod_hash_traits<svalue_id>::is_empty): Delete.
586 (sm_state_map::entry_t::entry_t): Port from svalue_id to
587 const svalue *.
588 (sm_state_map::entry_t::m_origin): Likewise.
589 (sm_state_map::map_t): Likewise.
590 (sm_state_map::sm_state_map): Add state_machine and index params.
591 (sm_state_map::clone_with_remapping): Delete.
592 (sm_state_map::print): Drop sm param; add simple and multiline
593 params.
594 (sm_state_map::dump): Drop sm param; add simple param.
595 (sm_state_map::get_state): Port from svalue_id to const svalue *.
596 Add ext_state param.
597 (sm_state_map::get_origin): Likewise.
598 (sm_state_map::set_state): Likewise.
599 (sm_state_map::impl_set_state): Likewise.
600 (sm_state_map::purge_for_unknown_fncall): Delete.
601 (sm_state_map::remap_svalue_ids): Delete.
602 (sm_state_map::on_svalue_purge): Delete.
603 (sm_state_map::on_svalue_leak): New.
604 (sm_state_map::on_liveness_change): New.
605 (sm_state_map::on_inherited_svalue): Delete.
606 (sm_state_map::on_cast): Delete.
607 (sm_state_map::validate): Delete.
608 (sm_state_map::on_unknown_change): Port from svalue_id to
609 const svalue *. Add is_mutable and ext_state params.
610 (sm_state_map::canonicalize_svalue): New.
611 (sm_state_map::m_sm): New field.
612 (sm_state_map::m_sm_idx): New field.
613 (program_state::operator=): Delete.
614 (program_state::dump_to_pp): Drop "summarize" param, adding
615 "simple" and "multiline".
616 (program_state::dump_to_file): Likewise.
617 (program_state::dump): Rename "summarize" to "simple".
618 (program_state::push_frame): New.
619 (program_state::get_current_function): New.
620 (program_state::on_edge): Drop "change" param.
621 (program_state::prune_for_point): Likewise. Add enode_for_diag
622 param.
623 (program_state::remap_svalue_ids): Delete.
624 (program_state::get_representative_tree): Port from svalue_id to
625 const svalue *.
626 (program_state::can_purge_p): Likewise. Pass ext_state to get_state.
627 (program_state::can_merge_with_p): Add point param.
628 (program_state::detect_leaks): New.
629 (state_change_visitor::on_state_change): Port from tree and
630 svalue_id to a pair of const svalue *.
631 (class state_change): Delete.
632 * region.cc: New file.
633 * region-model-impl-calls.cc: New file.
634 * region-model-manager.cc: New file.
635 * region-model-reachability.cc: New file.
636 * region-model-reachability.h: New file.
637 * region-model.cc: Include "analyzer/call-string.h",
638 "analyzer/program-point.h", and "analyzer/store.h" before
639 "analyzer/region-model.h". Include
640 "analyzer/region-model-reachability.h".
641 (dump_tree): Make non-static.
642 (dump_quoted_tree): Make non-static.
643 (print_quoted_type): Make non-static.
644 (path_var::dump): Delete.
645 (dump_separator): Delete.
646 (class impl_constraint_manager): Delete.
647 (svalue_id::print): Delete.
648 (svalue_id::dump_node_name_to_pp): Delete.
649 (svalue_id::validate): Delete.
650 (region_id::print): Delete.
651 (region_id::dump_node_name_to_pp): Delete.
652 (region_id::validate): Delete.
653 (region_id_set::region_id_set): Delete.
654 (svalue_id_set::svalue_id_set): Delete.
655 (svalue::operator==): Delete.
656 (svalue::hash): Delete.
657 (svalue::print): Delete.
658 (svalue::dump_dot_to_pp): Delete.
659 (svalue::remap_region_ids): Delete.
660 (svalue::walk_for_canonicalization): Delete.
661 (svalue::get_child_sid): Delete.
662 (svalue::maybe_get_constant): Delete.
663 (region_svalue::compare_fields): Delete.
664 (region_svalue::add_to_hash): Delete.
665 (region_svalue::print_details): Delete.
666 (region_svalue::dump_dot_to_pp): Delete.
667 (region_svalue::remap_region_ids): Delete.
668 (region_svalue::merge_values): Delete.
669 (region_svalue::walk_for_canonicalization): Delete.
670 (region_svalue::eval_condition): Delete.
671 (constant_svalue::compare_fields): Delete.
672 (constant_svalue::add_to_hash): Delete.
673 (constant_svalue::merge_values): Delete.
674 (constant_svalue::eval_condition): Move to svalue.cc.
675 (constant_svalue::print_details): Delete.
676 (constant_svalue::get_child_sid): Delete.
677 (unknown_svalue::compare_fields): Delete.
678 (unknown_svalue::add_to_hash): Delete.
679 (unknown_svalue::print_details): Delete.
680 (poison_kind_to_str): Move to svalue.cc.
681 (poisoned_svalue::compare_fields): Delete.
682 (poisoned_svalue::add_to_hash): Delete.
683 (poisoned_svalue::print_details): Delete.
684 (region_kind_to_str): Move to region.cc and reimplement.
685 (region::operator==): Delete.
686 (region::get_parent_region): Delete.
687 (region::set_value): Delete.
688 (region::become_active_view): Delete.
689 (region::deactivate_any_active_view): Delete.
690 (region::deactivate_view): Delete.
691 (region::get_value): Delete.
692 (region::get_inherited_child_sid): Delete.
693 (region_model::copy_region): Delete.
694 (region_model::copy_struct_region): Delete.
695 (region_model::copy_union_region): Delete.
696 (region_model::copy_array_region): Delete.
697 (region::hash): Delete.
698 (region::print): Delete.
699 (region::dump_dot_to_pp): Delete.
700 (region::dump_to_pp): Delete.
701 (region::dump_child_label): Delete.
702 (region::validate): Delete.
703 (region::remap_svalue_ids): Delete.
704 (region::remap_region_ids): Delete.
705 (region::add_view): Delete.
706 (region::get_view): Delete.
707 (region::region): Move to region.cc.
708 (region::add_to_hash): Delete.
709 (region::print_fields): Delete.
710 (region::non_null_p): Delete.
711 (primitive_region::clone): Delete.
712 (primitive_region::walk_for_canonicalization): Delete.
713 (map_region::map_region): Delete.
714 (map_region::compare_fields): Delete.
715 (map_region::print_fields): Delete.
716 (map_region::validate): Delete.
717 (map_region::dump_dot_to_pp): Delete.
718 (map_region::dump_child_label): Delete.
719 (map_region::get_or_create): Delete.
720 (map_region::get): Delete.
721 (map_region::add_to_hash): Delete.
722 (map_region::remap_region_ids): Delete.
723 (map_region::unbind): Delete.
724 (map_region::get_tree_for_child_region): Delete.
725 (map_region::get_tree_for_child_region): Delete.
726 (tree_cmp): Move to region.cc.
727 (map_region::can_merge_p): Delete.
728 (map_region::walk_for_canonicalization): Delete.
729 (map_region::get_value_by_name): Delete.
730 (struct_or_union_region::valid_key_p): Delete.
731 (struct_or_union_region::compare_fields): Delete.
732 (struct_region::clone): Delete.
733 (struct_region::compare_fields): Delete.
734 (union_region::clone): Delete.
735 (union_region::compare_fields): Delete.
736 (frame_region::compare_fields): Delete.
737 (frame_region::clone): Delete.
738 (frame_region::valid_key_p): Delete.
739 (frame_region::print_fields): Delete.
740 (frame_region::add_to_hash): Delete.
741 (globals_region::compare_fields): Delete.
742 (globals_region::clone): Delete.
743 (globals_region::valid_key_p): Delete.
744 (code_region::compare_fields): Delete.
745 (code_region::clone): Delete.
746 (code_region::valid_key_p): Delete.
747 (array_region::array_region): Delete.
748 (array_region::get_element): Delete.
749 (array_region::clone): Delete.
750 (array_region::compare_fields): Delete.
751 (array_region::print_fields): Delete.
752 (array_region::validate): Delete.
753 (array_region::dump_dot_to_pp): Delete.
754 (array_region::dump_child_label): Delete.
755 (array_region::get_or_create): Delete.
756 (array_region::get): Delete.
757 (array_region::add_to_hash): Delete.
758 (array_region::remap_region_ids): Delete.
759 (array_region::get_key_for_child_region): Delete.
760 (array_region::key_cmp): Delete.
761 (array_region::walk_for_canonicalization): Delete.
762 (array_region::key_from_constant): Delete.
763 (array_region::constant_from_key): Delete.
764 (function_region::compare_fields): Delete.
765 (function_region::clone): Delete.
766 (function_region::valid_key_p): Delete.
767 (stack_region::stack_region): Delete.
768 (stack_region::compare_fields): Delete.
769 (stack_region::clone): Delete.
770 (stack_region::print_fields): Delete.
771 (stack_region::dump_child_label): Delete.
772 (stack_region::validate): Delete.
773 (stack_region::push_frame): Delete.
774 (stack_region::get_current_frame_id): Delete.
775 (stack_region::pop_frame): Delete.
776 (stack_region::add_to_hash): Delete.
777 (stack_region::remap_region_ids): Delete.
778 (stack_region::can_merge_p): Delete.
779 (stack_region::walk_for_canonicalization): Delete.
780 (stack_region::get_value_by_name): Delete.
781 (heap_region::heap_region): Delete.
782 (heap_region::compare_fields): Delete.
783 (heap_region::clone): Delete.
784 (heap_region::walk_for_canonicalization): Delete.
785 (root_region::root_region): Delete.
786 (root_region::compare_fields): Delete.
787 (root_region::clone): Delete.
788 (root_region::print_fields): Delete.
789 (root_region::validate): Delete.
790 (root_region::dump_child_label): Delete.
791 (root_region::push_frame): Delete.
792 (root_region::get_current_frame_id): Delete.
793 (root_region::pop_frame): Delete.
794 (root_region::ensure_stack_region): Delete.
795 (root_region::get_stack_region): Delete.
796 (root_region::ensure_globals_region): Delete.
797 (root_region::get_code_region): Delete.
798 (root_region::ensure_code_region): Delete.
799 (root_region::get_globals_region): Delete.
800 (root_region::ensure_heap_region): Delete.
801 (root_region::get_heap_region): Delete.
802 (root_region::remap_region_ids): Delete.
803 (root_region::can_merge_p): Delete.
804 (root_region::add_to_hash): Delete.
805 (root_region::walk_for_canonicalization): Delete.
806 (root_region::get_value_by_name): Delete.
807 (symbolic_region::symbolic_region): Delete.
808 (symbolic_region::compare_fields): Delete.
809 (symbolic_region::clone): Delete.
810 (symbolic_region::walk_for_canonicalization): Delete.
811 (symbolic_region::print_fields): Delete.
812 (region_model::region_model): Add region_model_manager * param.
813 Reimplement in terms of store, dropping impl_constraint_manager
814 subclass.
815 (region_model::operator=): Reimplement in terms of store
816 (region_model::operator==): Likewise.
817 (region_model::hash): Likewise.
818 (region_model::print): Delete.
819 (region_model::print_svalue): Delete.
820 (region_model::dump_dot_to_pp): Delete.
821 (region_model::dump_dot_to_file): Delete.
822 (region_model::dump_dot): Delete.
823 (region_model::dump_to_pp): Replace "summarize" param with
824 "simple" and "multiline". Port to store-based implementation.
825 (region_model::dump): Replace "summarize" param with "simple" and
826 "multiline".
827 (dump_vec_of_tree): Delete.
828 (region_model::dump_summary_of_rep_path_vars): Delete.
829 (region_model::validate): Delete.
830 (svalue_id_cmp_by_constant_svalue_model): Delete.
831 (svalue_id_cmp_by_constant_svalue): Delete.
832 (region_model::canonicalize): Drop "ctxt" param. Reimplement in
833 terms of store and constraints.
834 (region_model::canonicalized_p): Remove NULL arg to canonicalize.
835 (region_model::loop_replay_fixup): New.
836 (poisoned_value_diagnostic::emit): Tweak wording of warnings.
837 (region_model::check_for_poison): Delete.
838 (region_model::get_gassign_result): New.
839 (region_model::on_assignment): Port to store-based implementation.
840 (region_model::on_call_pre): Delete calls to check_for_poison.
841 Move implementations to region-model-impl-calls.c and port to
842 store-based implementation.
843 (region_model::on_call_post): Likewise.
844 (class reachable_regions): Move to region-model-reachability.h/cc
845 and port to store-based implementation.
846 (region_model::handle_unrecognized_call): Port to store-based
847 implementation.
848 (region_model::get_reachable_svalues): New.
849 (region_model::on_setjmp): Port to store-based implementation.
850 (region_model::on_longjmp): Likewise.
851 (region_model::handle_phi): Drop is_back_edge param and the logic
852 using it.
853 (region_model::get_lvalue_1): Port from region_id to const region *.
854 (region_model::make_region_for_unexpected_tree_code): Delete.
855 (assert_compat_types): If the check fails, use internal_error to
856 show the types.
857 (region_model::get_lvalue): Port from region_id to const region *.
858 (region_model::get_rvalue_1): Port from svalue_id to const svalue *.
859 (region_model::get_rvalue): Likewise.
860 (region_model::get_or_create_ptr_svalue): Delete.
861 (region_model::get_or_create_constant_svalue): Delete.
862 (region_model::get_svalue_for_fndecl): Delete.
863 (region_model::get_region_for_fndecl): Delete.
864 (region_model::get_svalue_for_label): Delete.
865 (region_model::get_region_for_label): Delete.
866 (build_cast): Delete.
867 (region_model::maybe_cast_1): Delete.
868 (region_model::maybe_cast): Delete.
869 (region_model::get_field_region): Delete.
870 (region_model::get_store_value): New.
871 (region_model::region_exists_p): New.
872 (region_model::deref_rvalue): Port from svalue_id to const svalue *.
873 (region_model::set_value): Likewise.
874 (region_model::clobber_region): New.
875 (region_model::purge_region): New.
876 (region_model::zero_fill_region): New.
877 (region_model::mark_region_as_unknown): New.
878 (region_model::eval_condition): Port from svalue_id to
879 const svalue *.
880 (region_model::eval_condition_without_cm): Likewise.
881 (region_model::compare_initial_and_pointer): New.
882 (region_model::add_constraint): Port from svalue_id to
883 const svalue *.
884 (region_model::maybe_get_constant): Delete.
885 (region_model::get_representative_path_var): New.
886 (region_model::add_new_malloc_region): Delete.
887 (region_model::get_representative_tree): Port to const svalue *.
888 (region_model::get_representative_path_var): Port to
889 const region *.
890 (region_model::get_path_vars_for_svalue): Delete.
891 (region_model::set_to_new_unknown_value): Delete.
892 (region_model::update_for_phis): Don't pass is_back_edge to handle_phi.
893 (region_model::update_for_call_superedge): Port from svalue_id to
894 const svalue *.
895 (region_model::update_for_return_superedge): Port to store-based
896 implementation.
897 (region_model::update_for_call_summary): Replace
898 set_to_new_unknown_value with mark_region_as_unknown.
899 (region_model::get_root_region): Delete.
900 (region_model::get_stack_region_id): Delete.
901 (region_model::push_frame): Delete.
902 (region_model::get_current_frame_id): Delete.
903 (region_model::get_current_function): Delete.
904 (region_model::pop_frame): Delete.
905 (region_model::on_top_level_param): New.
906 (region_model::get_stack_depth): Delete.
907 (region_model::get_function_at_depth): Delete.
908 (region_model::get_globals_region_id): Delete.
909 (region_model::add_svalue): Delete.
910 (region_model::replace_svalue): Delete.
911 (region_model::add_region): Delete.
912 (region_model::get_svalue): Delete.
913 (region_model::get_region): Delete.
914 (make_region_for_type): Delete.
915 (region_model::add_region_for_type): Delete.
916 (region_model::on_top_level_param): New.
917 (class restrict_to_used_svalues): Delete.
918 (region_model::purge_unused_svalues): Delete.
919 (region_model::push_frame): New.
920 (region_model::remap_svalue_ids): Delete.
921 (region_model::remap_region_ids): Delete.
922 (region_model::purge_regions): Delete.
923 (region_model::get_descendents): Delete.
924 (region_model::delete_region_and_descendents): Delete.
925 (region_model::poison_any_pointers_to_bad_regions): Delete.
926 (region_model::can_merge_with_p): Delete.
927 (region_model::get_current_function): New.
928 (region_model::get_value_by_name): Delete.
929 (region_model::convert_byte_offset_to_array_index): Delete.
930 (region_model::pop_frame): New.
931 (region_model::get_or_create_mem_ref): Delete.
932 (region_model::get_stack_depth): New.
933 (region_model::get_frame_at_index): New.
934 (region_model::unbind_region_and_descendents): New.
935 (struct bad_pointer_finder): New.
936 (region_model::get_or_create_pointer_plus_expr): Delete.
937 (region_model::poison_any_pointers_to_descendents): New.
938 (region_model::get_or_create_view): Delete.
939 (region_model::can_merge_with_p): New.
940 (region_model::get_fndecl_for_call): Port from svalue_id to
941 const svalue *.
942 (struct append_ssa_names_cb_data): New.
943 (get_ssa_name_regions_for_current_frame): New.
944 (region_model::append_ssa_names_cb): New.
945 (model_merger::dump_to_pp): Add "simple" param. Drop dumping of
946 remappings.
947 (model_merger::dump): Add "simple" param to both overloads.
948 (model_merger::can_merge_values_p): Delete.
949 (model_merger::record_regions): Delete.
950 (model_merger::record_svalues): Delete.
951 (svalue_id_merger_mapping::svalue_id_merger_mapping): Delete.
952 (svalue_id_merger_mapping::dump_to_pp): Delete.
953 (svalue_id_merger_mapping::dump): Delete.
954 (region_model::create_region_for_heap_alloc): New.
955 (region_model::create_region_for_alloca): New.
956 (region_model::record_dynamic_extents): New.
957 (canonicalization::canonicalization): Delete.
958 (canonicalization::walk_rid): Delete.
959 (canonicalization::walk_sid): Delete.
960 (canonicalization::dump_to_pp): Delete.
961 (canonicalization::dump): Delete.
962 (inchash::add): Delete overloads for svalue_id and region_id.
963 (engine::log_stats): New.
964 (assert_condition): Add overload comparing svalues.
965 (assert_dump_eq): Pass "true" for multiline.
966 (selftest::test_dump): Update for rewrite of region_model.
967 (selftest::test_dump_2): Rename to...
968 (selftest::test_struct): ...this. Provide a region_model_manager
969 when creating region_model instance. Remove dump test. Add
970 checks for get_offset.
971 (selftest::test_dump_3): Rename to...
972 (selftest::test_array_1): ...this. Provide a region_model_manager
973 when creating region_model instance. Remove dump test.
974 (selftest::test_get_representative_tree): Port from svalue_id to
975 new API. Add test coverage for various expressions.
976 (selftest::test_unique_constants): Provide a region_model_manager
977 for the region_model. Add test coverage for comparing const vs
978 non-const.
979 (selftest::test_svalue_equality): Delete.
980 (selftest::test_region_equality): Delete.
981 (selftest::test_unique_unknowns): New.
982 (class purge_all_svalue_ids): Delete.
983 (class purge_one_svalue_id): Delete.
984 (selftest::test_purging_by_criteria): Delete.
985 (selftest::test_initial_svalue_folding): New.
986 (selftest::test_unaryop_svalue_folding): New.
987 (selftest::test_binop_svalue_folding): New.
988 (selftest::test_sub_svalue_folding): New.
989 (selftest::test_purge_unused_svalues): Delete.
990 (selftest::test_descendent_of_p): New.
991 (selftest::test_assignment): Provide a region_model_manager for
992 the region_model. Drop the dump test.
993 (selftest::test_compound_assignment): Likewise.
994 (selftest::test_stack_frames): Port to new implementation.
995 (selftest::test_get_representative_path_var): Likewise.
996 (selftest::test_canonicalization_1): Rename to...
997 (selftest::test_equality_1): ...this. Port to new API, and add
998 (selftest::test_canonicalization_2): Provide a
999 region_model_manager when creating region_model instances.
1000 Remove redundant canicalization.
1001 (selftest::test_canonicalization_3): Provide a
1002 region_model_manager when creating region_model instances.
1003 Remove param from calls to region_model::canonicalize.
1004 (selftest::test_canonicalization_4): Likewise.
1005 (selftest::assert_region_models_merge): Constify
1006 out_merged_svalue. Port to new API.
1007 (selftest::test_state_merging): Provide a
1008 region_model_manager when creating region_model instances.
1009 Provide a program_point point when merging them. Replace
1010 set_to_new_unknown_value with usage of placeholder_svalues.
1011 Drop get_value_by_name. Port from svalue_id to const svalue *.
1012 Add test of heap allocation.
1013 (selftest::test_constraint_merging): Provide a
1014 region_model_manager when creating region_model instances.
1015 Provide a program_point point when merging them. Eliminate use
1016 of set_to_new_unknown_value.
1017 (selftest::test_widening_constraints): New.
1018 (selftest::test_iteration_1): New.
1019 (selftest::test_malloc_constraints): Port to store-based
1020 implementation.
1021 (selftest::test_var): New test.
1022 (selftest::test_array_2): New test.
1023 (selftest::test_mem_ref): New test.
1024 (selftest::test_POINTER_PLUS_EXPR_then_MEM_REF): New.
1025 (selftest::test_malloc): New.
1026 (selftest::test_alloca): New.
1027 (selftest::analyzer_region_model_cc_tests): Update for renamings.
1028 Call new functions.
1029 * region-model.h (class path_var): Move to analyzer.h.
1030 (class svalue_id): Delete.
1031 (class region_id): Delete.
1032 (class id_map): Delete.
1033 (svalue_id_map): Delete.
1034 (region_id_map): Delete.
1035 (id_map<T>::id_map): Delete.
1036 (id_map<T>::put): Delete.
1037 (id_map<T>::get_dst_for_src): Delete.
1038 (id_map<T>::get_src_for_dst): Delete.
1039 (id_map<T>::dump_to_pp): Delete.
1040 (id_map<T>::dump): Delete.
1041 (id_map<T>::update): Delete.
1042 (one_way_svalue_id_map): Delete.
1043 (one_way_region_id_map): Delete.
1044 (class region_id_set): Delete.
1045 (class svalue_id_set): Delete.
1046 (struct complexity): New.
1047 (class visitor): New.
1048 (enum svalue_kind): Add SK_SETJMP, SK_INITIAL, SK_UNARYOP,
1049 SK_BINOP, SK_SUB,SK_UNMERGEABLE, SK_PLACEHOLDER, SK_WIDENING,
1050 SK_COMPOUND, and SK_CONJURED.
1051 (svalue::operator==): Delete.
1052 (svalue::operator!=): Delete.
1053 (svalue::clone): Delete.
1054 (svalue::hash): Delete.
1055 (svalue::dump_dot_to_pp): Delete.
1056 (svalue::dump_to_pp): New.
1057 (svalue::dump): New.
1058 (svalue::get_desc): New.
1059 (svalue::dyn_cast_initial_svalue): New.
1060 (svalue::dyn_cast_unaryop_svalue): New.
1061 (svalue::dyn_cast_binop_svalue): New.
1062 (svalue::dyn_cast_sub_svalue): New.
1063 (svalue::dyn_cast_unmergeable_svalue): New.
1064 (svalue::dyn_cast_widening_svalue): New.
1065 (svalue::dyn_cast_compound_svalue): New.
1066 (svalue::dyn_cast_conjured_svalue): New.
1067 (svalue::maybe_undo_cast): New.
1068 (svalue::unwrap_any_unmergeable): New.
1069 (svalue::remap_region_ids): Delete
1070 (svalue::can_merge_p): New.
1071 (svalue::walk_for_canonicalization): Delete
1072 (svalue::get_complexity): New.
1073 (svalue::get_child_sid): Delete
1074 (svalue::accept): New.
1075 (svalue::live_p): New.
1076 (svalue::implicitly_live_p): New.
1077 (svalue::svalue): Add complexity param.
1078 (svalue::add_to_hash): Delete
1079 (svalue::print_details): Delete
1080 (svalue::m_complexity): New field.
1081 (region_svalue::key_t): New struct.
1082 (region_svalue::region_svalue): Port from region_id to
1083 const region_id *. Add complexity.
1084 (region_svalue::compare_fields): Delete.
1085 (region_svalue::clone): Delete.
1086 (region_svalue::dump_dot_to_pp): Delete.
1087 (region_svalue::get_pointee): Port from region_id to
1088 const region_id *.
1089 (region_svalue::remap_region_ids): Delete.
1090 (region_svalue::merge_values): Delete.
1091 (region_svalue::dump_to_pp): New.
1092 (region_svalue::accept): New.
1093 (region_svalue::walk_for_canonicalization): Delete.
1094 (region_svalue::eval_condition): Make params const.
1095 (region_svalue::add_to_hash): Delete.
1096 (region_svalue::print_details): Delete.
1097 (region_svalue::m_rid): Replace with...
1098 (region_svalue::m_reg): ...this.
1099 (is_a_helper <region_svalue *>::test): Convert to...
1100 (is_a_helper <const region_svalue *>::test): ...this.
1101 (template <> struct default_hash_traits<region_svalue::key_t>):
1102 New.
1103 (constant_svalue::constant_svalue): Add complexity.
1104 (constant_svalue::compare_fields): Delete.
1105 (constant_svalue::clone): Delete.
1106 (constant_svalue::add_to_hash): Delete.
1107 (constant_svalue::dump_to_pp): New.
1108 (constant_svalue::accept): New.
1109 (constant_svalue::implicitly_live_p): New.
1110 (constant_svalue::merge_values): Delete.
1111 (constant_svalue::eval_condition): Make params const.
1112 (constant_svalue::get_child_sid): Delete.
1113 (constant_svalue::print_details): Delete.
1114 (is_a_helper <constant_svalue *>::test): Convert to...
1115 (is_a_helper <const constant_svalue *>::test): ...this.
1116 (class unknown_svalue): Update leading comment.
1117 (unknown_svalue::unknown_svalue): Add complexity.
1118 (unknown_svalue::compare_fields): Delete.
1119 (unknown_svalue::add_to_hash): Delete.
1120 (unknown_svalue::dyn_cast_unknown_svalue): Delete.
1121 (unknown_svalue::print_details): Delete.
1122 (unknown_svalue::dump_to_pp): New.
1123 (unknown_svalue::accept): New.
1124 (poisoned_svalue::key_t): New struct.
1125 (poisoned_svalue::poisoned_svalue): Add complexity.
1126 (poisoned_svalue::compare_fields): Delete.
1127 (poisoned_svalue::clone): Delete.
1128 (poisoned_svalue::add_to_hash): Delete.
1129 (poisoned_svalue::dump_to_pp): New.
1130 (poisoned_svalue::accept): New.
1131 (poisoned_svalue::print_details): Delete.
1132 (is_a_helper <poisoned_svalue *>::test): Convert to...
1133 (is_a_helper <const poisoned_svalue *>::test): ...this.
1134 (template <> struct default_hash_traits<poisoned_svalue::key_t>):
1135 New.
1136 (setjmp_record::add_to_hash): New.
1137 (setjmp_svalue::key_t): New struct.
1138 (setjmp_svalue::compare_fields): Delete.
1139 (setjmp_svalue::clone): Delete.
1140 (setjmp_svalue::add_to_hash): Delete.
1141 (setjmp_svalue::setjmp_svalue): Add complexity.
1142 (setjmp_svalue::dump_to_pp): New.
1143 (setjmp_svalue::accept): New.
1144 (setjmp_svalue::void print_details): Delete.
1145 (is_a_helper <const setjmp_svalue *>::test): New.
1146 (template <> struct default_hash_traits<setjmp_svalue::key_t>): New.
1147 (class initial_svalue : public svalue): New.
1148 (is_a_helper <const initial_svalue *>::test): New.
1149 (class unaryop_svalue): New.
1150 (is_a_helper <const unaryop_svalue *>::test): New.
1151 (template <> struct default_hash_traits<unaryop_svalue::key_t>): New.
1152 (class binop_svalue): New.
1153 (is_a_helper <const binop_svalue *>::test): New.
1154 (template <> struct default_hash_traits<binop_svalue::key_t>): New.
1155 (class sub_svalue): New.
1156 (is_a_helper <const sub_svalue *>::test): New.
1157 (template <> struct default_hash_traits<sub_svalue::key_t>): New.
1158 (class unmergeable_svalue): New.
1159 (is_a_helper <const unmergeable_svalue *>::test): New.
1160 (class placeholder_svalue): New.
1161 (is_a_helper <placeholder_svalue *>::test): New.
1162 (class widening_svalue): New.
1163 (is_a_helper <widening_svalue *>::test): New.
1164 (template <> struct default_hash_traits<widening_svalue::key_t>): New.
1165 (class compound_svalue): New.
1166 (is_a_helper <compound_svalue *>::test): New.
1167 (template <> struct default_hash_traits<compound_svalue::key_t>): New.
1168 (class conjured_svalue): New.
1169 (is_a_helper <conjured_svalue *>::test): New.
1170 (template <> struct default_hash_traits<conjured_svalue::key_t>): New.
1171 (enum region_kind): Delete RK_PRIMITIVE, RK_STRUCT, RK_UNION, and
1172 RK_ARRAY. Add RK_LABEL, RK_DECL, RK_FIELD, RK_ELEMENT, RK_OFFSET,
1173 RK_CAST, RK_HEAP_ALLOCATED, RK_ALLOCA, RK_STRING, and RK_UNKNOWN.
1174 (region_kind_to_str): Delete.
1175 (region::~region): Move implementation to region.cc.
1176 (region::operator==): Delete.
1177 (region::operator!=): Delete.
1178 (region::clone): Delete.
1179 (region::get_id): New.
1180 (region::cmp_ids): New.
1181 (region::dyn_cast_map_region): Delete.
1182 (region::dyn_cast_array_region): Delete.
1183 (region::region_id get_parent): Delete.
1184 (region::get_parent_region): Convert to a simple accessor.
1185 (region::void set_value): Delete.
1186 (region::svalue_id get_value): Delete.
1187 (region::svalue_id get_value_direct): Delete.
1188 (region::svalue_id get_inherited_child_sid): Delete.
1189 (region::dyn_cast_frame_region): New.
1190 (region::dyn_cast_function_region): New.
1191 (region::dyn_cast_decl_region): New.
1192 (region::dyn_cast_field_region): New.
1193 (region::dyn_cast_element_region): New.
1194 (region::dyn_cast_offset_region): New.
1195 (region::dyn_cast_cast_region): New.
1196 (region::dyn_cast_string_region): New.
1197 (region::accept): New.
1198 (region::get_base_region): New.
1199 (region::base_region_p): New.
1200 (region::descendent_of_p): New.
1201 (region::maybe_get_frame_region): New.
1202 (region::maybe_get_decl): New.
1203 (region::hash): Delete.
1204 (region::rint): Delete.
1205 (region::dump_dot_to_pp): Delete.
1206 (region::get_desc): New.
1207 (region::dump_to_pp): Convert to vfunc, changing signature.
1208 (region::dump_child_label): Delete.
1209 (region::remap_svalue_ids): Delete.
1210 (region::remap_region_ids): Delete.
1211 (region::dump): New.
1212 (region::walk_for_canonicalization): Delete.
1213 (region::non_null_p): Drop region_model param.
1214 (region::add_view): Delete.
1215 (region::get_view): Delete.
1216 (region::get_active_view): Delete.
1217 (region::is_view_p): Delete.
1218 (region::cmp_ptrs): New.
1219 (region::validate): Delete.
1220 (region::get_offset): New.
1221 (region::get_byte_size): New.
1222 (region::get_bit_size): New.
1223 (region::get_subregions_for_binding): New.
1224 (region::region): Add complexity param. Convert parent from
1225 region_id to const region *. Drop svalue_id. Drop copy ctor.
1226 (region::symbolic_for_unknown_ptr_p): New.
1227 (region::add_to_hash): Delete.
1228 (region::print_fields): Delete.
1229 (region::get_complexity): New accessor.
1230 (region::become_active_view): Delete.
1231 (region::deactivate_any_active_view): Delete.
1232 (region::deactivate_view): Delete.
1233 (region::calc_offset): New.
1234 (region::m_parent_rid): Delete.
1235 (region::m_sval_id): Delete.
1236 (region::m_complexity): New.
1237 (region::m_id): New.
1238 (region::m_parent): New.
1239 (region::m_view_rids): Delete.
1240 (region::m_is_view): Delete.
1241 (region::m_active_view_rid): Delete.
1242 (region::m_cached_offset): New.
1243 (is_a_helper <region *>::test): Convert to...
1244 (is_a_helper <const region *>::test): ... this.
1245 (class primitive_region): Delete.
1246 (class space_region): New.
1247 (class map_region): Delete.
1248 (is_a_helper <map_region *>::test): Delete.
1249 (class frame_region): Reimplement.
1250 (template <> struct default_hash_traits<frame_region::key_t>):
1251 New.
1252 (class globals_region): Reimplement.
1253 (is_a_helper <globals_region *>::test): Convert to...
1254 (is_a_helper <const globals_region *>::test): ...this.
1255 (class struct_or_union_region): Delete.
1256 (is_a_helper <struct_or_union_region *>::test): Delete.
1257 (class code_region): Reimplement.
1258 (is_a_helper <const code_region *>::test): New.
1259 (class struct_region): Delete.
1260 (is_a_helper <struct_region *>::test): Delete.
1261 (class function_region): Reimplement.
1262 (is_a_helper <function_region *>::test): Convert to...
1263 (is_a_helper <const function_region *>::test): ...this.
1264 (class union_region): Delete.
1265 (is_a_helper <union_region *>::test): Delete.
1266 (class label_region): New.
1267 (is_a_helper <const label_region *>::test): New.
1268 (class scope_region): Delete.
1269 (class stack_region): Reimplement.
1270 (is_a_helper <stack_region *>::test): Convert to...
1271 (is_a_helper <const stack_region *>::test): ...this.
1272 (class heap_region): Reimplement.
1273 (is_a_helper <heap_region *>::test): Convert to...
1274 (is_a_helper <const heap_region *>::test): ...this.
1275 (class root_region): Reimplement.
1276 (is_a_helper <root_region *>::test): Convert to...
1277 (is_a_helper <const root_region *>::test): ...this.
1278 (class symbolic_region): Reimplement.
1279 (is_a_helper <const symbolic_region *>::test): New.
1280 (template <> struct default_hash_traits<symbolic_region::key_t>):
1281 New.
1282 (class decl_region): New.
1283 (is_a_helper <const decl_region *>::test): New.
1284 (class field_region): New.
1285 (template <> struct default_hash_traits<field_region::key_t>): New.
1286 (class array_region): Delete.
1287 (class element_region): New.
1288 (is_a_helper <array_region *>::test): Delete.
1289 (is_a_helper <const element_region *>::test): New.
1290 (template <> struct default_hash_traits<element_region::key_t>):
1291 New.
1292 (class offset_region): New.
1293 (is_a_helper <const offset_region *>::test): New.
1294 (template <> struct default_hash_traits<offset_region::key_t>):
1295 New.
1296 (class cast_region): New.
1297 (is_a_helper <const cast_region *>::test): New.
1298 (template <> struct default_hash_traits<cast_region::key_t>): New.
1299 (class heap_allocated_region): New.
1300 (class alloca_region): New.
1301 (class string_region): New.
1302 (is_a_helper <const string_region *>::test): New.
1303 (class unknown_region): New.
1304 (class region_model_manager): New.
1305 (struct append_ssa_names_cb_data): New.
1306 (class call_details): New.
1307 (region_model::region_model): Add region_model_manager param.
1308 (region_model::print_svalue): Delete.
1309 (region_model::dump_dot_to_pp): Delete.
1310 (region_model::dump_dot_to_file): Delete.
1311 (region_model::dump_dot): Delete.
1312 (region_model::dump_to_pp): Drop summarize param in favor of
1313 simple and multiline.
1314 (region_model::dump): Likewise.
1315 (region_model::summarize_to_pp): Delete.
1316 (region_model::summarize): Delete.
1317 (region_model::void canonicalize): Drop ctxt param.
1318 (region_model::void check_for_poison): Delete.
1319 (region_model::get_gassign_result): New.
1320 (region_model::impl_call_alloca): New.
1321 (region_model::impl_call_analyzer_describe): New.
1322 (region_model::impl_call_analyzer_eval): New.
1323 (region_model::impl_call_builtin_expect): New.
1324 (region_model::impl_call_calloc): New.
1325 (region_model::impl_call_free): New.
1326 (region_model::impl_call_malloc): New.
1327 (region_model::impl_call_memset): New.
1328 (region_model::impl_call_strlen): New.
1329 (region_model::get_reachable_svalues): New.
1330 (region_model::handle_phi): Drop is_back_edge param.
1331 (region_model::region_id get_root_rid): Delete.
1332 (region_model::root_region *get_root_region): Delete.
1333 (region_model::region_id get_stack_region_id): Delete.
1334 (region_model::push_frame): Convert from region_id and svalue_id
1335 to const region * and const svalue *.
1336 (region_model::get_current_frame_id): Replace with...
1337 (region_model::get_current_frame): ...this.
1338 (region_model::pop_frame): Convert from region_id to
1339 const region *. Drop purge and stats param. Add out_result.
1340 (region_model::function *get_function_at_depth): Delete.
1341 (region_model::get_globals_region_id): Delete.
1342 (region_model::add_svalue): Delete.
1343 (region_model::replace_svalue): Delete.
1344 (region_model::add_region): Delete.
1345 (region_model::add_region_for_type): Delete.
1346 (region_model::get_svalue): Delete.
1347 (region_model::get_region): Delete.
1348 (region_model::get_lvalue): Convert from region_id to
1349 const region *.
1350 (region_model::get_rvalue): Convert from svalue_id to
1351 const svalue *.
1352 (region_model::get_or_create_ptr_svalue): Delete.
1353 (region_model::get_or_create_constant_svalue): Delete.
1354 (region_model::get_svalue_for_fndecl): Delete.
1355 (region_model::get_svalue_for_label): Delete.
1356 (region_model::get_region_for_fndecl): Delete.
1357 (region_model::get_region_for_label): Delete.
1358 (region_model::get_frame_at_index (int index) const;): New.
1359 (region_model::maybe_cast): Delete.
1360 (region_model::maybe_cast_1): Delete.
1361 (region_model::get_field_region): Delete.
1362 (region_model::id deref_rvalue): Convert from region_id and
1363 svalue_id to const region * and const svalue *. Drop overload,
1364 passing in both a tree and an svalue.
1365 (region_model::set_value): Convert from region_id and svalue_id to
1366 const region * and const svalue *.
1367 (region_model::set_to_new_unknown_value): Delete.
1368 (region_model::clobber_region (const region *reg);): New.
1369 (region_model::purge_region (const region *reg);): New.
1370 (region_model::zero_fill_region (const region *reg);): New.
1371 (region_model::mark_region_as_unknown (const region *reg);): New.
1372 (region_model::copy_region): Convert from region_id to
1373 const region *.
1374 (region_model::eval_condition): Convert from svalue_id to
1375 const svalue *.
1376 (region_model::eval_condition_without_cm): Likewise.
1377 (region_model::compare_initial_and_pointer): New.
1378 (region_model:maybe_get_constant): Delete.
1379 (region_model::add_new_malloc_region): Delete.
1380 (region_model::get_representative_tree): Convert from svalue_id to
1381 const svalue *.
1382 (region_model::get_representative_path_var): Delete decl taking a
1383 region_id in favor of two decls, for svalue vs region, with an
1384 svalue_set to ensure termination.
1385 (region_model::get_path_vars_for_svalue): Delete.
1386 (region_model::create_region_for_heap_alloc): New.
1387 (region_model::create_region_for_alloca): New.
1388 (region_model::purge_unused_svalues): Delete.
1389 (region_model::remap_svalue_ids): Delete.
1390 (region_model::remap_region_ids): Delete.
1391 (region_model::purge_regions): Delete.
1392 (region_model::get_num_svalues): Delete.
1393 (region_model::get_num_regions): Delete.
1394 (region_model::get_descendents): Delete.
1395 (region_model::get_store): New.
1396 (region_model::delete_region_and_descendents): Delete.
1397 (region_model::get_manager): New.
1398 (region_model::unbind_region_and_descendents): New.
1399 (region_model::can_merge_with_p): Add point param. Drop
1400 svalue_id_merger_mapping.
1401 (region_model::get_value_by_name): Delete.
1402 (region_model::convert_byte_offset_to_array_index): Delete.
1403 (region_model::get_or_create_mem_ref): Delete.
1404 (region_model::get_or_create_pointer_plus_expr): Delete.
1405 (region_model::get_or_create_view): Delete.
1406 (region_model::get_lvalue_1): Convert from region_id to
1407 const region *.
1408 (region_model::get_rvalue_1): Convert from svalue_id to
1409 const svalue *.
1410 (region_model::get_ssa_name_regions_for_current_frame): New.
1411 (region_model::append_ssa_names_cb): New.
1412 (region_model::get_store_value): New.
1413 (region_model::copy_struct_region): Delete.
1414 (region_model::copy_union_region): Delete.
1415 (region_model::copy_array_region): Delete.
1416 (region_model::region_exists_p): New.
1417 (region_model::make_region_for_unexpected_tree_code): Delete.
1418 (region_model::loop_replay_fixup): New.
1419 (region_model::poison_any_pointers_to_bad_regions): Delete.
1420 (region_model::poison_any_pointers_to_descendents): New.
1421 (region_model::dump_summary_of_rep_path_vars): Delete.
1422 (region_model::on_top_level_param): New.
1423 (region_model::record_dynamic_extents): New.
1424 (region_model::m_mgr;): New.
1425 (region_model::m_store;): New.
1426 (region_model::m_svalues;): Delete.
1427 (region_model::m_regions;): Delete.
1428 (region_model::m_root_rid;): Delete.
1429 (region_model::m_current_frame;): New.
1430 (region_model_context::remap_svalue_ids): Delete.
1431 (region_model_context::can_purge_p): Delete.
1432 (region_model_context::on_svalue_leak): New.
1433 (region_model_context::on_svalue_purge): Delete.
1434 (region_model_context::on_liveness_change): New.
1435 (region_model_context::on_inherited_svalue): Delete.
1436 (region_model_context::on_cast): Delete.
1437 (region_model_context::on_unknown_change): Convert from svalue_id to
1438 const svalue * and add is_mutable.
1439 (class noop_region_model_context): Update for region_model_context
1440 changes.
1441 (model_merger::model_merger): Add program_point. Drop
1442 svalue_id_merger_mapping.
1443 (model_merger::dump_to_pp): Add "simple" param.
1444 (model_merger::dump): Likewise.
1445 (model_merger::get_region_a): Delete.
1446 (model_merger::get_region_b): Delete.
1447 (model_merger::can_merge_values_p): Delete.
1448 (model_merger::record_regions): Delete.
1449 (model_merger::record_svalues): Delete.
1450 (model_merger::m_point): New field.
1451 (model_merger::m_map_regions_from_a_to_m): Delete.
1452 (model_merger::m_map_regions_from_b_to_m): Delete.
1453 (model_merger::m_sid_mapping): Delete.
1454 (struct svalue_id_merger_mapping): Delete.
1455 (class engine): New.
1456 (struct canonicalization): Delete.
1457 (inchash::add): Delete decls for hashing svalue_id and region_id.
1458 (test_region_model_context::on_unexpected_tree_code): Require t to
1459 be non-NULL.
1460 (selftest::assert_condition): Add overload comparing a pair of
1461 const svalue *.
1462 * sm-file.cc: Include "tristate.h", "selftest.h",
1463 "analyzer/call-string.h", "analyzer/program-point.h",
1464 "analyzer/store.h", and "analyzer/region-model.h".
1465 (fileptr_state_machine::get_default_state): New.
1466 (fileptr_state_machine::on_stmt): Remove calls to
1467 get_readable_tree in favor of get_diagnostic_tree.
1468 * sm-malloc.cc: Include "tristate.h", "selftest.h",
1469 "analyzer/call-string.h", "analyzer/program-point.h",
1470 "analyzer/store.h", and "analyzer/region-model.h".
1471 (malloc_state_machine::get_default_state): New.
1472 (malloc_state_machine::reset_when_passed_to_unknown_fn_p): New.
1473 (malloc_diagnostic::describe_state_change): Handle change.m_expr
1474 being NULL.
1475 (null_arg::emit): Avoid printing "NULL '0'".
1476 (null_arg::describe_final_event): Avoid printing "(0) NULL".
1477 (malloc_leak::emit): Handle m_arg being NULL.
1478 (malloc_leak::describe_final_event): Handle ev.m_expr being NULL.
1479 (malloc_state_machine::on_stmt): Don't call get_readable_tree.
1480 Call get_diagnostic_tree when creating pending diagnostics.
1481 Update for is_zero_assignment becoming a member function of
1482 sm_ctxt.
1483 Don't transition to m_non_heap for ADDR_EXPR(MEM_REF()).
1484 (malloc_state_machine::reset_when_passed_to_unknown_fn_p): New
1485 vfunc implementation.
1486 * sm-sensitive.cc (sensitive_state_machine::warn_for_any_exposure): Call
1487 get_diagnostic_tree and pass the result to warn_for_state.
1488 * sm-signal.cc: Move includes of "analyzer/call-string.h" and
1489 "analyzer/program-point.h" to before "analyzer/region-model.h",
1490 and also include "analyzer/store.h" before it.
1491 (signal_unsafe_call::describe_state_change): Use
1492 get_dest_function to get handler.
1493 (update_model_for_signal_handler): Pass manager to region_model
1494 ctor.
1495 (register_signal_handler::impl_transition): Update for changes to
1496 get_or_create_node and add_edge.
1497 * sm-taint.cc (taint_state_machine::on_stmt): Remove calls to
1498 get_readable_tree, replacing them when calling warn_for_state with
1499 calls to get_diagnostic_tree.
1500 * sm.cc (is_zero_assignment): Delete.
1501 (any_pointer_p): Move to within namespace ana.
1502 * sm.h (is_zero_assignment): Remove decl.
1503 (any_pointer_p): Move decl to within namespace ana.
1504 (state_machine::get_default_state): New vfunc.
1505 (state_machine::reset_when_passed_to_unknown_fn_p): New vfunc.
1506 (sm_context::get_readable_tree): Rename to...
1507 (sm_context::get_diagnostic_tree): ...this.
1508 (sm_context::is_zero_assignment): New vfunc.
1509 * store.cc: New file.
1510 * store.h: New file.
1511 * svalue.cc: New file.
1512
1513 2020-05-22 Mark Wielaard <mark@klomp.org>
1514
1515 * sm-signal.cc(signal_unsafe_call::emit): Possibly add
1516 gcc_rich_location note for replacement.
1517 (signal_unsafe_call::get_replacement_fn): New private function.
1518 (get_async_signal_unsafe_fns): Add "exit".
1519
1520 2020-04-28 David Malcolm <dmalcolm@redhat.com>
1521
1522 PR analyzer/94816
1523 * engine.cc (impl_region_model_context::on_unexpected_tree_code):
1524 Handle NULL tree.
1525 * region-model.cc (region_model::add_region_for_type): Handle
1526 NULL type.
1527 * region-model.h
1528 (test_region_model_context::on_unexpected_tree_code): Handle NULL
1529 tree.
1530
1531 2020-04-28 David Malcolm <dmalcolm@redhat.com>
1532
1533 PR analyzer/94447
1534 PR analyzer/94639
1535 PR analyzer/94732
1536 PR analyzer/94754
1537 * analyzer.opt (Wanalyzer-use-of-uninitialized-value): Delete.
1538 * program-state.cc (selftest::test_program_state_dumping): Update
1539 expected dump result for removal of "uninit".
1540 * region-model.cc (poison_kind_to_str): Delete POISON_KIND_UNINIT
1541 case.
1542 (root_region::ensure_stack_region): Initialize stack with null
1543 svalue_id rather than with a typeless POISON_KIND_UNINIT value.
1544 (root_region::ensure_heap_region): Likewise for the heap.
1545 (region_model::dump_summary_of_rep_path_vars): Remove
1546 summarization of uninit values.
1547 (region_model::validate): Remove check that the stack has a
1548 POISON_KIND_UNINIT value.
1549 (poisoned_value_diagnostic::emit): Remove POISON_KIND_UNINIT
1550 case.
1551 (poisoned_value_diagnostic::describe_final_event): Likewise.
1552 (selftest::test_dump): Update expected dump result for removal of
1553 "uninit".
1554 (selftest::test_svalue_equality): Remove "uninit" and "freed".
1555 * region-model.h (enum poison_kind): Remove POISON_KIND_UNINIT.
1556
1557 2020-04-01 David Malcolm <dmalcolm@redhat.com>
1558
1559 PR analyzer/94378
1560 * checker-path.cc: Include "bitmap.h".
1561 * constraint-manager.cc: Likewise.
1562 * diagnostic-manager.cc: Likewise.
1563 * engine.cc: Likewise.
1564 (exploded_node::detect_leaks): Pass null region_id to pop_frame.
1565 * program-point.cc: Include "bitmap.h".
1566 * program-state.cc: Likewise.
1567 * region-model.cc (id_set<region_id>::id_set): Convert to...
1568 (region_id_set::region_id_set): ...this.
1569 (svalue_id_set::svalue_id_set): New ctor.
1570 (region_model::copy_region): New function.
1571 (region_model::copy_struct_region): New function.
1572 (region_model::copy_union_region): New function.
1573 (region_model::copy_array_region): New function.
1574 (stack_region::pop_frame): Drop return value. Add
1575 "result_dst_rid" param; if it is non-null, use copy_region to copy
1576 the result to it. Rather than capture and pass a single "known
1577 used" return value to be used by purge_unused_values, instead
1578 gather and pass a set of known used return values.
1579 (root_region::pop_frame): Drop return value. Add "result_dst_rid"
1580 param.
1581 (region_model::on_assignment): Use copy_region.
1582 (region_model::on_return): Likewise for the result.
1583 (region_model::on_longjmp): Pass null for pop_frame's
1584 result_dst_rid.
1585 (region_model::update_for_return_superedge): Pass the region for the
1586 return value of the call, if any, to pop_frame, rather than setting
1587 the lvalue for the lhs of the result.
1588 (region_model::pop_frame): Drop return value. Add
1589 "result_dst_rid" param.
1590 (region_model::purge_unused_svalues): Convert third param from an
1591 svalue_id * to an svalue_id_set *, updating the initial populating
1592 of the "used" bitmap accordingly. Don't remap it when done.
1593 (struct selftest::coord_test): New selftest fixture, extracted from...
1594 (selftest::test_dump_2): ...here.
1595 (selftest::test_compound_assignment): New selftest.
1596 (selftest::test_stack_frames): Pass null to new param of pop_frame.
1597 (selftest::analyzer_region_model_cc_tests): Call the new selftest.
1598 * region-model.h (class id_set): Delete template.
1599 (class region_id_set): Reimplement, using old id_set implementation.
1600 (class svalue_id_set): Likewise. Convert from auto_sbitmap to
1601 auto_bitmap.
1602 (region::get_active_view): New accessor.
1603 (stack_region::pop_frame): Drop return value. Add
1604 "result_dst_rid" param.
1605 (root_region::pop_frame): Likewise.
1606 (region_model::pop_frame): Likewise.
1607 (region_model::copy_region): New decl.
1608 (region_model::purge_unused_svalues): Convert third param from an
1609 svalue_id * to an svalue_id_set *.
1610 (region_model::copy_struct_region): New decl.
1611 (region_model::copy_union_region): New decl.
1612 (region_model::copy_array_region): New decl.
1613
1614 2020-03-27 David Malcolm <dmalcolm@redhat.com>
1615
1616 * program-state.cc (selftest::test_program_state_dumping): Update
1617 expected dump to include symbolic_region's possibly_null field.
1618 * region-model.cc (symbolic_region::print_fields): New vfunc
1619 implementation.
1620 (region_model::add_constraint): Clear m_possibly_null from
1621 symbolic_regions now known to be non-NULL.
1622 (selftest::test_malloc_constraints): New selftest.
1623 (selftest::analyzer_region_model_cc_tests): Call it.
1624 * region-model.h (region::dyn_cast_symbolic_region): Add non-const
1625 overload.
1626 (symbolic_region::dyn_cast_symbolic_region): Implement it.
1627 (symbolic_region::print_fields): New vfunc override decl.
1628
1629 2020-03-27 David Malcolm <dmalcolm@redhat.com>
1630
1631 * analyzer.h (class feasibility_problem): New forward decl.
1632 * diagnostic-manager.cc (saved_diagnostic::saved_diagnostic):
1633 Initialize new fields m_status, m_epath_length, and m_problem.
1634 (saved_diagnostic::~saved_diagnostic): Delete m_problem.
1635 (dedupe_candidate::dedupe_candidate): Convert "sd" param from a
1636 const ref to a mutable ptr.
1637 (dedupe_winners::add): Convert "sd" param from a const ref to a
1638 mutable ptr. Record the length of the exploded_path. Record the
1639 feasibility/infeasibility of sd into sd, capturing a
1640 feasibility_problem when feasible_p fails, and storing it in sd.
1641 (diagnostic_manager::emit_saved_diagnostics): Update for pass by
1642 ptr rather than by const ref.
1643 * diagnostic-manager.h (class saved_diagnostic): Add new enum
1644 status. Add fields m_status, m_epath_length and m_problem.
1645 (saved_diagnostic::set_feasible): New member function.
1646 (saved_diagnostic::set_infeasible): New member function.
1647 (saved_diagnostic::get_feasibility_problem): New accessor.
1648 (saved_diagnostic::get_status): New accessor.
1649 (saved_diagnostic::set_epath_length): New member function.
1650 (saved_diagnostic::get_epath_length): New accessor.
1651 * engine.cc: Include "gimple-pretty-print.h".
1652 (exploded_path::feasible_p): Add OUT param and, if non-NULL, write
1653 a new feasibility_problem to it on failure.
1654 (viz_callgraph_node::dump_dot): Convert begin_tr calls to
1655 begin_trtd. Convert end_tr calls to end_tdtr.
1656 (class exploded_graph_annotator): New subclass of dot_annotator.
1657 (impl_run_checkers): Add a second -fdump-analyzer-supergraph dump
1658 after the analysis runs, using exploded_graph_annotator. dumping
1659 to DUMP_BASE_NAME.supergraph-eg.dot.
1660 * exploded-graph.h (exploded_node::get_dot_fillcolor): Make
1661 public.
1662 (exploded_path::feasible_p): Add OUT param.
1663 (class feasibility_problem): New class.
1664 * state-purge.cc (state_purge_annotator::add_node_annotations):
1665 Return a bool, add a "within_table" param.
1666 (print_vec_of_names): Convert begin_tr calls to begin_trtd.
1667 Convert end_tr calls to end_tdtr.
1668 (state_purge_annotator::add_stmt_annotations): Add "within_row"
1669 param.
1670 * state-purge.h ((state_purge_annotator::add_node_annotations):
1671 Return a bool, add a "within_table" param.
1672 (state_purge_annotator::add_stmt_annotations): Add "within_row"
1673 param.
1674 * supergraph.cc (supernode::dump_dot): Call add_node_annotations
1675 twice: as before, passing false for "within_table", then again
1676 with true when within the TABLE element. Convert some begin_tr
1677 calls to begin_trtd, and some end_tr calls to end_tdtr.
1678 Repeat each add_stmt_annotations call, distinguishing between
1679 calls that add TRs and those that add TDs to an existing TR.
1680 Add a call to add_after_node_annotations.
1681 * supergraph.h (dot_annotator::add_node_annotations): Add a
1682 "within_table" param.
1683 (dot_annotator::add_stmt_annotations): Add a "within_row" param.
1684 (dot_annotator::add_after_node_annotations): New vfunc.
1685
1686 2020-03-27 David Malcolm <dmalcolm@redhat.com>
1687
1688 * diagnostic-manager.cc (dedupe_winners::add): Show the
1689 exploded_node index in the log messages.
1690 (diagnostic_manager::emit_saved_diagnostics): Log a summary of
1691 m_saved_diagnostics at entry.
1692
1693 2020-03-27 David Malcolm <dmalcolm@redhat.com>
1694
1695 * supergraph.cc (superedge::dump): Add space before description;
1696 move newline to non-pretty_printer overload.
1697
1698 2020-03-18 David Malcolm <dmalcolm@redhat.com>
1699
1700 * region-model.cc: Include "stor-layout.h".
1701 (region_model::dump_to_pp): Rather than calling
1702 dump_summary_of_map on each of the current frame and the globals,
1703 instead get a vec of representative path_vars for all regions,
1704 and then dump a summary of all of them.
1705 (region_model::dump_summary_of_map): Delete, rewriting into...
1706 (region_model::dump_summary_of_rep_path_vars): ...this new
1707 function, working on a vec of path_vars.
1708 (region_model::set_value): New overload.
1709 (region_model::get_representative_path_var): Rename
1710 "parent_region" local to "parent_reg" and consolidate with other
1711 local. Guard test for grandparent being stack on parent_reg being
1712 non-NULL. Move handling for parent being an array_region to
1713 within guard for parent_reg being non-NULL.
1714 (selftest::make_test_compound_type): New function.
1715 (selftest::test_dump_2): New selftest.
1716 (selftest::test_dump_3): New selftest.
1717 (selftest::test_stack_frames): Update expected output from
1718 simplified dump to show "a" and "b" from parent frame and "y" in
1719 child frame.
1720 (selftest::analyzer_region_model_cc_tests): Call test_dump_2 and
1721 test_dump_3.
1722 * region-model.h (region_model::set_value): New overload decl.
1723 (region_model::dump_summary_of_map): Delete.
1724 (region_model::dump_summary_of_rep_path_vars): New.
1725
1726 2020-03-18 David Malcolm <dmalcolm@redhat.com>
1727
1728 * region-model.h (class noop_region_model_context): New subclass
1729 of region_model_context.
1730 (class tentative_region_model_context): Inherit from
1731 noop_region_model_context rather than from region_model_context;
1732 drop redundant vfunc implementations.
1733 (class test_region_model_context): Likewise.
1734
1735 2020-03-18 David Malcolm <dmalcolm@redhat.com>
1736
1737 * engine.cc (exploded_node::exploded_node): Move implementation
1738 here from header; accept point_and_state by const reference rather
1739 than by value.
1740 * exploded-graph.h (exploded_node::exploded_node): Pass
1741 point_and_state by const reference rather than by value. Move
1742 body to engine.cc.
1743
1744 2020-03-18 Jakub Jelinek <jakub@redhat.com>
1745
1746 * sm-malloc.cc (malloc_state_machine::on_stmt): Fix up duplicated word
1747 issue in a comment.
1748 * region-model.cc (region_model::make_region_for_unexpected_tree_code,
1749 region_model::delete_region_and_descendents): Likewise.
1750 * engine.cc (class exploded_cluster): Likewise.
1751 * diagnostic-manager.cc (class path_builder): Likewise.
1752
1753 2020-03-13 David Malcolm <dmalcolm@redhat.com>
1754
1755 PR analyzer/94099
1756 PR analyzer/94105
1757 * diagnostic-manager.cc (for_each_state_change): Bulletproof
1758 against errors in get_rvalue by passing a
1759 tentative_region_model_context and rejecting if there's an error.
1760 * region-model.cc (region_model::get_lvalue_1): When handling
1761 ARRAY_REF, handle results of error-handling. Handle NOP_EXPR.
1762
1763 2020-03-06 David Malcolm <dmalcolm@redhat.com>
1764
1765 * analyzer.h (class array_region): New forward decl.
1766 * program-state.cc (selftest::test_program_state_dumping_2): New.
1767 (selftest::analyzer_program_state_cc_tests): Call it.
1768 * region-model.cc (array_region::constant_from_key): New.
1769 (region_model::get_representative_tree): Handle region_svalue by
1770 generating an ADDR_EXPR.
1771 (region_model::get_representative_path_var): In view handling,
1772 remove erroneous TREE_TYPE when determining the type of the tree.
1773 Handle array regions and STRING_CST.
1774 (selftest::assert_dump_tree_eq): New.
1775 (ASSERT_DUMP_TREE_EQ): New macro.
1776 (selftest::test_get_representative_tree): New selftest.
1777 (selftest::analyzer_region_model_cc_tests): Call it.
1778 * region-model.h (region::dyn_cast_array_region): New vfunc.
1779 (array_region::dyn_cast_array_region): New vfunc implementation.
1780 (array_region::constant_from_key): New decl.
1781
1782 2020-03-06 David Malcolm <dmalcolm@redhat.com>
1783
1784 * analyzer.h (dump_quoted_tree): New decl.
1785 * engine.cc (exploded_node::dump_dot): Pass region model to
1786 sm_state_map::print.
1787 * program-state.cc: Include diagnostic-core.h.
1788 (sm_state_map::print): Add "model" param and use it to print
1789 representative trees. Only print origin information if non-null.
1790 (sm_state_map::dump): Pass NULL for model to print call.
1791 (program_state::print): Pass region model to sm_state_map::print.
1792 (program_state::dump_to_pp): Use spaces rather than newlines when
1793 summarizing. Pass region_model to sm_state_map::print.
1794 (ana::selftest::assert_dump_eq): New function.
1795 (ASSERT_DUMP_EQ): New macro.
1796 (ana::selftest::test_program_state_dumping): New function.
1797 (ana::selftest::analyzer_program_state_cc_tests): Call it.
1798 * program-state.h (program_state::print): Add model param.
1799 * region-model.cc (dump_quoted_tree): New function.
1800 (map_region::print_fields): Use dump_quoted_tree rather than
1801 %qE to avoid lang-dependent output.
1802 (map_region::dump_child_label): Likewise.
1803 (region_model::dump_summary_of_map): For SK_REGION, when
1804 get_representative_path_var fails, print the region id rather than
1805 erroneously printing NULL.
1806 * sm.cc (state_machine::get_state_by_name): New function.
1807 * sm.h (state_machine::get_state_by_name): New decl.
1808
1809 2020-03-04 David Malcolm <dmalcolm@redhat.com>
1810
1811 * region-model.cc (region::validate): Convert model param from ptr
1812 to reference. Update comment to reflect that it's now a vfunc.
1813 (map_region::validate): New vfunc implementation.
1814 (array_region::validate): New vfunc implementation.
1815 (stack_region::validate): New vfunc implementation.
1816 (root_region::validate): New vfunc implementation.
1817 (region_model::validate): Pass a reference rather than a pointer
1818 to the region::validate vfunc.
1819 * region-model.h (region::validate): Make virtual. Convert model
1820 param from ptr to reference.
1821 (map_region::validate): New vfunc decl.
1822 (array_region::validate): New vfunc decl.
1823 (stack_region::validate): New vfunc decl.
1824 (root_region::validate): New vfunc decl.
1825
1826 2020-03-04 David Malcolm <dmalcolm@redhat.com>
1827
1828 PR analyzer/93993
1829 * region-model.cc (region_model::on_call_pre): Handle
1830 BUILT_IN_EXPECT and its variants.
1831 (region_model::add_any_constraints_from_ssa_def_stmt): Split out
1832 gassign handling into add_any_constraints_from_gassign; add gcall
1833 handling.
1834 (region_model::add_any_constraints_from_gassign): New function,
1835 based on the above. Add handling for NOP_EXPR.
1836 (region_model::add_any_constraints_from_gcall): New function.
1837 (region_model::get_representative_path_var): Handle views.
1838 * region-model.h
1839 (region_model::add_any_constraints_from_ssa_def_stmt): New decl.
1840 (region_model::add_any_constraints_from_gassign): New decl.
1841
1842 2020-03-04 David Malcolm <dmalcolm@redhat.com>
1843
1844 PR analyzer/93993
1845 * checker-path.h (state_change_event::get_lvalue): Add ctxt param
1846 and pass it to region_model::get_value call.
1847 * diagnostic-manager.cc (get_any_origin): Pass a
1848 tentative_region_model_context to the calls to get_lvalue and reject
1849 the comparison if errors occur.
1850 (can_be_expr_of_interest_p): New function.
1851 (diagnostic_manager::prune_for_sm_diagnostic): Replace checks for
1852 CONSTANT_CLASS_P with calls to update_for_unsuitable_sm_exprs.
1853 Pass a tentative_region_model_context to the calls to
1854 state_change_event::get_lvalue and reject the comparison if errors
1855 occur.
1856 (diagnostic_manager::update_for_unsuitable_sm_exprs): New.
1857 * diagnostic-manager.h
1858 (diagnostic_manager::update_for_unsuitable_sm_exprs): New decl.
1859 * region-model.h (class tentative_region_model_context): New class.
1860
1861 2020-03-04 David Malcolm <dmalcolm@redhat.com>
1862
1863 * engine.cc (worklist::worklist): Remove unused field m_eg.
1864 (class viz_callgraph_edge): Remove unused field m_call_sedge.
1865 (class viz_callgraph): Remove unused field m_sg.
1866 * exploded-graph.h (worklist::::m_eg): Remove unused field.
1867
1868 2020-03-02 David Malcolm <dmalcolm@redhat.com>
1869
1870 * analyzer.opt (fanalyzer-show-duplicate-count): New option.
1871 * diagnostic-manager.cc
1872 (diagnostic_manager::emit_saved_diagnostic): Use the above to
1873 guard the printing of the duplicate count.
1874
1875 2020-03-02 David Malcolm <dmalcolm@redhat.com>
1876
1877 PR analyzer/93959
1878 * analyzer.cc (is_std_function_p): New function.
1879 (is_std_named_call_p): New functions.
1880 * analyzer.h (is_std_named_call_p): New decl.
1881 * sm-malloc.cc (malloc_state_machine::on_stmt): Check for "std::"
1882 variants when checking for malloc, calloc and free.
1883
1884 2020-02-26 David Malcolm <dmalcolm@redhat.com>
1885
1886 PR analyzer/93950
1887 * diagnostic-manager.cc
1888 (diagnostic_manager::prune_for_sm_diagnostic): Assert that var is
1889 either NULL or not a constant. When updating var, bulletproof
1890 against constant values.
1891
1892 2020-02-26 David Malcolm <dmalcolm@redhat.com>
1893
1894 PR analyzer/93947
1895 * region-model.cc (region_model::get_fndecl_for_call): Gracefully
1896 fail for fn_decls that don't have a cgraph_node.
1897
1898 2020-02-26 David Malcolm <dmalcolm@redhat.com>
1899
1900 * bar-chart.cc: New file.
1901 * bar-chart.h: New file.
1902 * engine.cc: Include "analyzer/bar-chart.h".
1903 (stats::log): Only log the m_num_nodes kinds that are non-zero.
1904 (stats::dump): Likewise when dumping.
1905 (stats::get_total_enodes): New.
1906 (exploded_graph::get_or_create_node): Increment the per-point-data
1907 m_excess_enodes when hitting the per-program-point limit on
1908 enodes.
1909 (exploded_graph::print_bar_charts): New.
1910 (exploded_graph::log_stats): Log the number of unprocessed enodes
1911 in the worklist. Call print_bar_charts.
1912 (exploded_graph::dump_stats): Print the number of unprocessed
1913 enodes in the worklist.
1914 * exploded-graph.h (stats::get_total_enodes): New decl.
1915 (struct per_program_point_data): Add field m_excess_enodes.
1916 (exploded_graph::print_bar_charts): New decl.
1917 * supergraph.cc (superedge::dump): New.
1918 (superedge::dump): New.
1919 * supergraph.h (supernode::get_function): New.
1920 (superedge::dump): New decl.
1921 (superedge::dump): New decl.
1922
1923 2020-02-24 David Malcolm <dmalcolm@redhat.com>
1924
1925 * engine.cc (exploded_graph::get_or_create_node): Dump the
1926 program_state to the pp, rather than to stderr.
1927
1928 2020-02-24 David Malcolm <dmalcolm@redhat.com>
1929
1930 PR analyzer/93032
1931 * sm.cc (make_checkers): Require the "taint" checker to be
1932 explicitly enabled.
1933
1934 2020-02-24 David Malcolm <dmalcolm@redhat.com>
1935
1936 PR analyzer/93899
1937 * engine.cc
1938 (impl_region_model_context::impl_region_model_context): Add logger
1939 param.
1940 * engine.cc (exploded_graph::add_function_entry): Create an
1941 impl_region_model_context and pass it to the push_frame call.
1942 Bail if the resulting state is invalid.
1943 (exploded_graph::build_initial_worklist): Likewise.
1944 (exploded_graph::build_initial_worklist): Handle the case where
1945 add_function_entry fails.
1946 * exploded-graph.h
1947 (impl_region_model_context::impl_region_model_context): Add logger
1948 param.
1949 * region-model.cc (map_region::get_or_create): Add ctxt param and
1950 pass it to add_region_for_type.
1951 (map_region::can_merge_p): Pass NULL as a ctxt to call to
1952 get_or_create.
1953 (array_region::get_element): Pass ctxt to call to get_or_create.
1954 (array_region::get_or_create): Add ctxt param and pass it to
1955 add_region_for_type.
1956 (root_region::push_frame): Pass ctxt to get_or_create calls.
1957 (region_model::get_lvalue_1): Likewise.
1958 (region_model::make_region_for_unexpected_tree_code): Assert that
1959 ctxt is non-NULL.
1960 (region_model::get_rvalue_1): Pass ctxt to get_svalue_for_fndecl
1961 and get_svalue_for_label calls.
1962 (region_model::get_svalue_for_fndecl): Add ctxt param and pass it
1963 to get_region_for_fndecl.
1964 (region_model::get_region_for_fndecl): Add ctxt param and pass it
1965 to get_or_create.
1966 (region_model::get_svalue_for_label): Add ctxt param and pass it
1967 to get_region_for_label.
1968 (region_model::get_region_for_label): Add ctxt param and pass it
1969 to get_region_for_fndecl and get_or_create.
1970 (region_model::get_field_region): Add ctxt param and pass it to
1971 get_or_create_view and get_or_create.
1972 (make_region_for_type): Replace gcc_unreachable with return NULL.
1973 (region_model::add_region_for_type): Add ctxt param. Handle a
1974 return of NULL from make_region_for_type by calling
1975 make_region_for_unexpected_tree_code.
1976 (region_model::get_or_create_mem_ref): Pass ctxt to calls to
1977 get_or_create_view.
1978 (region_model::get_or_create_view): Add ctxt param and pass it to
1979 add_region_for_type.
1980 (selftest::test_state_merging): Pass ctxt to get_or_create_view.
1981 * region-model.h (region_model::get_or_create): Add ctxt param.
1982 (region_model::add_region_for_type): Likewise.
1983 (region_model::get_svalue_for_fndecl): Likewise.
1984 (region_model::get_svalue_for_label): Likewise.
1985 (region_model::get_region_for_fndecl): Likewise.
1986 (region_model::get_region_for_label): Likewise.
1987 (region_model::get_field_region): Likewise.
1988 (region_model::get_or_create_view): Likewise.
1989
1990 2020-02-24 David Malcolm <dmalcolm@redhat.com>
1991
1992 * checker-path.cc (superedge_event::should_filter_p): Update
1993 filter for empty descriptions to cover verbosity level 3 as well
1994 as 2.
1995 * diagnostic-manager.cc: Include "analyzer/reachability.h".
1996 (class path_builder): New class.
1997 (diagnostic_manager::emit_saved_diagnostic): Create a path_builder
1998 and pass it to build_emission_path, rather passing eg; similarly
1999 for add_events_for_eedge and ext_state.
2000 (diagnostic_manager::build_emission_path): Replace "eg" param
2001 with a path_builder, pass it to add_events_for_eedge.
2002 (diagnostic_manager::add_events_for_eedge): Replace ext_state
2003 param with path_builder; pass it to add_events_for_superedge.
2004 (diagnostic_manager::significant_edge_p): New.
2005 (diagnostic_manager::add_events_for_superedge): Add path_builder
2006 param. Reject insignificant edges at verbosity levels below 3.
2007 (diagnostic_manager::prune_for_sm_diagnostic): Update highest
2008 verbosity level to 4.
2009 * diagnostic-manager.h (class path_builder): New forward decl.
2010 (diagnostic_manager::build_emission_path): Replace "eg" param
2011 with a path_builder.
2012 (diagnostic_manager::add_events_for_eedge): Replace ext_state
2013 param with path_builder.
2014 (diagnostic_manager::significant_edge_p): New.
2015 (diagnostic_manager::add_events_for_superedge): Add path_builder
2016 param.
2017 * reachability.h: New file.
2018
2019 2020-02-18 David Malcolm <dmalcolm@redhat.com>
2020
2021 PR analyzer/93692
2022 * analyzer.opt (fdump-analyzer-callgraph): Rewrite description.
2023
2024 2020-02-18 David Malcolm <dmalcolm@redhat.com>
2025
2026 PR analyzer/93777
2027 * region-model.cc (region_model::maybe_cast_1): Replace assertion
2028 that build_cast returns non-NULL with a conditional, falling
2029 through to the logic which returns a new unknown value of the
2030 desired type if it fails.
2031
2032 2020-02-18 David Malcolm <dmalcolm@redhat.com>
2033
2034 PR analyzer/93778
2035 * engine.cc (impl_region_model_context::on_unknown_tree_code):
2036 Rename to...
2037 (impl_region_model_context::on_unexpected_tree_code): ...this and
2038 convert first argument from path_var to tree.
2039 (exploded_node::on_stmt): Pass ctxt to purge_for_unknown_fncall.
2040 * exploded-graph.h (region_model_context::on_unknown_tree_code):
2041 Rename to...
2042 (region_model_context::on_unexpected_tree_code): ...this and
2043 convert first argument from path_var to tree.
2044 * program-state.cc (sm_state_map::purge_for_unknown_fncall): Add
2045 ctxt param and pass on to calls to get_rvalue.
2046 * program-state.h (sm_state_map::purge_for_unknown_fncall): Add
2047 ctxt param.
2048 * region-model.cc (region_model::handle_unrecognized_call): Pass
2049 ctxt on to call to get_rvalue.
2050 (region_model::get_lvalue_1): Move body of default case to
2051 region_model::make_region_for_unexpected_tree_code and call it.
2052 Within COMPONENT_REF case, reject attempts to handle types other
2053 than RECORD_TYPE and UNION_TYPE.
2054 (region_model::make_region_for_unexpected_tree_code): New
2055 function, based on default case of region_model::get_lvalue_1.
2056 * region-model.h
2057 (region_model::make_region_for_unexpected_tree_code): New decl.
2058 (region_model::on_unknown_tree_code): Rename to...
2059 (region_model::on_unexpected_tree_code): ...this and convert first
2060 argument from path_var to tree.
2061 (class test_region_model_context): Update vfunc implementation for
2062 above change.
2063
2064 2020-02-18 David Malcolm <dmalcolm@redhat.com>
2065
2066 PR analyzer/93774
2067 * region-model.cc
2068 (region_model::convert_byte_offset_to_array_index): Use
2069 int_size_in_bytes before calling size_in_bytes, to gracefully fail
2070 on incomplete types.
2071
2072 2020-02-17 David Malcolm <dmalcolm@redhat.com>
2073
2074 PR analyzer/93775
2075 * region-model.cc (region_model::get_fndecl_for_call): Handle the
2076 case where the code_region's get_tree_for_child_region returns
2077 NULL.
2078
2079 2020-02-17 David Malcolm <dmalcolm@redhat.com>
2080
2081 PR analyzer/93388
2082 * engine.cc (impl_region_model_context::on_unknown_tree_code):
2083 New.
2084 (exploded_graph::get_or_create_node): Reject invalid states.
2085 * exploded-graph.h
2086 (impl_region_model_context::on_unknown_tree_code): New decl.
2087 (point_and_state::point_and_state): Assert that the state is
2088 valid.
2089 * program-state.cc (program_state::program_state): Initialize
2090 m_valid to true.
2091 (program_state::operator=): Copy m_valid.
2092 (program_state::program_state): Likewise for move constructor.
2093 (program_state::print): Print m_valid.
2094 (program_state::dump_to_pp): Likewise.
2095 * program-state.h (program_state::m_valid): New field.
2096 * region-model.cc (region_model::get_lvalue_1): Implement the
2097 default case by returning a new symbolic region and calling
2098 the context's on_unknown_tree_code, rather than issuing an
2099 internal_error. Implement VIEW_CONVERT_EXPR.
2100 * region-model.h (region_model_context::on_unknown_tree_code): New
2101 vfunc.
2102 (test_region_model_context::on_unknown_tree_code): New.
2103
2104 2020-02-17 David Malcolm <dmalcolm@redhat.com>
2105
2106 * sm-malloc.cc (malloc_diagnostic::describe_state_change): For
2107 transition to the "null" state, only say "assuming" when
2108 transitioning from the "unchecked" state.
2109
2110 2020-02-17 David Malcolm <dmalcolm@redhat.com>
2111
2112 * diagnostic-manager.h (diagnostic_manager::get_saved_diagnostic):
2113 Add const overload.
2114 * engine.cc (exploded_node::dump_dot): Dump saved_diagnostics.
2115 * exploded-graph.h (exploded_graph::get_diagnostic_manager): Add
2116 const overload.
2117
2118 2020-02-11 David Malcolm <dmalcolm@redhat.com>
2119
2120 PR analyzer/93288
2121 * analysis-plan.cc (analysis_plan::use_summary_p): Look through
2122 the ultimate_alias_target when getting the called function.
2123 * engine.cc (exploded_node::on_stmt): Rename second "ctxt" to
2124 "sm_ctxt". Use the region_model's get_fndecl_for_call rather than
2125 gimple_call_fndecl.
2126 * region-model.cc (region_model::get_fndecl_for_call): Use
2127 ultimate_alias_target on fndecl.
2128 * supergraph.cc (get_ultimate_function_for_cgraph_edge): New
2129 function.
2130 (supergraph_call_edge): Use it when rejecting edges without
2131 functions.
2132 (supergraph::supergraph): Use it to get the function for the
2133 cgraph_edge when building interprocedural superedges.
2134 (callgraph_superedge::get_callee_function): Use it.
2135 * supergraph.h (supergraph::get_num_snodes): Make param const.
2136 (supergraph::function_to_num_snodes_t): Make first type param
2137 const.
2138
2139 2020-02-11 David Malcolm <dmalcolm@redhat.com>
2140
2141 PR analyzer/93374
2142 * engine.cc (exploded_edge::exploded_edge): Add ext_state param
2143 and pass it to change.validate.
2144 (exploded_graph::get_or_create_node): Move purging of change
2145 svalues to also cover the case of reusing an existing enode.
2146 (exploded_graph::add_edge): Pass m_ext_state to exploded_edge's
2147 ctor.
2148 * exploded-graph.h (exploded_edge::exploded_edge): Add ext_state
2149 param.
2150 * program-state.cc (state_change::sm_change::validate): Likewise.
2151 Assert that m_sm_idx is sane. Use ext_state to validate
2152 m_old_state and m_new_state.
2153 (state_change::validate): Add ext_state param and pass it to
2154 the sm_change validate calls.
2155 * program-state.h (state_change::sm_change::validate): Add
2156 ext_state param.
2157 (state_change::validate): Likewise.
2158
2159 2020-02-11 David Malcolm <dmalcolm@redhat.com>
2160
2161 PR analyzer/93669
2162 * engine.cc (exploded_graph::dump_exploded_nodes): Handle missing
2163 case of STATUS_WORKLIST in implementation of
2164 "__analyzer_dump_exploded_nodes".
2165
2166 2020-02-11 David Malcolm <dmalcolm@redhat.com>
2167
2168 PR analyzer/93649
2169 * constraint-manager.cc (constraint_manager::add_constraint): When
2170 merging equivalence classes and updating m_constant, also update
2171 m_cst_sid.
2172 (constraint_manager::validate): If m_constant is non-NULL assert
2173 that m_cst_sid is non-null and is valid.
2174
2175 2020-02-11 David Malcolm <dmalcolm@redhat.com>
2176
2177 PR analyzer/93657
2178 * analyzer.opt (fdump-analyzer): Reword description.
2179 (fdump-analyzer-stderr): Likewise.
2180
2181 2020-02-11 David Malcolm <dmalcolm@redhat.com>
2182
2183 * region-model.cc (print_quoted_type): New function.
2184 (svalue::print): Use it to replace %qT.
2185 (region::dump_to_pp): Likewise.
2186 (region::dump_child_label): Likewise.
2187 (region::print_fields): Likewise.
2188
2189 2020-02-10 David Malcolm <dmalcolm@redhat.com>
2190
2191 PR analyzer/93659
2192 * analyzer.opt (-param=analyzer-max-recursion-depth=): Fix "tha"
2193 -> "that" typo.
2194 (Wanalyzer-use-of-uninitialized-value): Fix "initialized" ->
2195 "uninitialized" typo.
2196
2197 2020-02-10 David Malcolm <dmalcolm@redhat.com>
2198
2199 PR analyzer/93350
2200 * region-model.cc (region_model::get_lvalue_1):
2201 Handle BIT_FIELD_REF.
2202 (make_region_for_type): Handle VECTOR_TYPE.
2203
2204 2020-02-10 David Malcolm <dmalcolm@redhat.com>
2205
2206 PR analyzer/93647
2207 * diagnostic-manager.cc
2208 (diagnostic_manager::prune_for_sm_diagnostic): Bulletproof against
2209 VAR being constant.
2210 * region-model.cc (region_model::get_lvalue_1): Provide a better
2211 error message when encountering an unhandled tree code.
2212
2213 2020-02-10 David Malcolm <dmalcolm@redhat.com>
2214
2215 PR analyzer/93405
2216 * region-model.cc (region_model::get_lvalue_1): Implement
2217 CONST_DECL.
2218
2219 2020-02-06 David Malcolm <dmalcolm@redhat.com>
2220
2221 * region-model.cc (region_model::maybe_cast_1): Attempt to provide
2222 a region_svalue if either type is a pointer, rather than if both
2223 types are pointers.
2224
2225 2020-02-05 David Malcolm <dmalcolm@redhat.com>
2226
2227 * engine.cc (exploded_node::dump_dot): Show merger enodes.
2228 (worklist::add_node): Assert that the node's m_status is
2229 STATUS_WORKLIST.
2230 (exploded_graph::process_worklist): Likewise for nodes from the
2231 worklist. Set status of merged nodes to STATUS_MERGER.
2232 (exploded_graph::process_node): Set status of node to
2233 STATUS_PROCESSED.
2234 (exploded_graph::dump_exploded_nodes): Rework handling of
2235 "__analyzer_dump_exploded_nodes", splitting enodes by status into
2236 "processed" and "merger", showing the count of just the processed
2237 enodes at the call, rather than the count of all enodes.
2238 * exploded-graph.h (exploded_node::status): New enum.
2239 (exploded_node::exploded_node): Initialize m_status to
2240 STATUS_WORKLIST.
2241 (exploded_node::get_status): New getter.
2242 (exploded_node::set_status): New setter.
2243
2244 2020-02-04 David Malcolm <dmalcolm@redhat.com>
2245
2246 PR analyzer/93543
2247 * engine.cc (pod_hash_traits<function_call_string>::mark_empty):
2248 Eliminate reinterpret_cast.
2249 (pod_hash_traits<function_call_string>::is_empty): Likewise.
2250
2251 2020-02-03 David Malcolm <dmalcolm@redhat.com>
2252
2253 * constraint-manager.cc (range::constrained_to_single_element):
2254 Replace fold_build2 with fold_binary. Remove unnecessary newline.
2255 (constraint_manager::get_or_add_equiv_class): Replace fold_build2
2256 with fold_binary in two places, and remove out-of-date comment.
2257 (constraint_manager::eval_condition): Replace fold_build2 with
2258 fold_binary.
2259 * region-model.cc (constant_svalue::eval_condition): Likewise.
2260 (region_model::on_assignment): Likewise.
2261
2262 2020-02-03 David Malcolm <dmalcolm@redhat.com>
2263
2264 PR analyzer/93544
2265 * diagnostic-manager.cc
2266 (diagnostic_manager::prune_for_sm_diagnostic): Bulletproof
2267 against bad choices due to bad paths.
2268 * engine.cc (impl_region_model_context::on_phi): New.
2269 * exploded-graph.h (impl_region_model_context::on_phi): New decl.
2270 * region-model.cc (region_model::on_longjmp): Likewise.
2271 (region_model::handle_phi): Add phi param. Call the ctxt's on_phi
2272 vfunc.
2273 (region_model::update_for_phis): Pass phi to handle_phi.
2274 * region-model.h (region_model::handle_phi): Add phi param.
2275 (region_model_context::on_phi): New vfunc.
2276 (test_region_model_context::on_phi): New.
2277 * sm-malloc.cc (malloc_state_machine::on_phi): New.
2278 (malloc_state_machine::on_zero_assignment): New.
2279 * sm.h (state_machine::on_phi): New vfunc.
2280
2281 2020-02-03 David Malcolm <dmalcolm@redhat.com>
2282
2283 * engine.cc (supernode_cluster::dump_dot): Show BB index as
2284 well as SN index.
2285 * supergraph.cc (supernode::dump_dot): Likewise.
2286
2287 2020-02-03 David Malcolm <dmalcolm@redhat.com>
2288
2289 PR analyzer/93546
2290 * region-model.cc (region_model::on_call_pre): Update for new
2291 param of symbolic_region ctor.
2292 (region_model::deref_rvalue): Likewise.
2293 (region_model::add_new_malloc_region): Likewise.
2294 (make_region_for_type): Likewise, preserving type.
2295 * region-model.h (symbolic_region::symbolic_region): Add "type"
2296 param and pass it to base class ctor.
2297
2298 2020-02-03 David Malcolm <dmalcolm@redhat.com>
2299
2300 PR analyzer/93547
2301 * constraint-manager.cc
2302 (constraint_manager::get_or_add_equiv_class): Ensure types are
2303 compatible before comparing constants.
2304
2305 2020-01-31 David Malcolm <dmalcolm@redhat.com>
2306
2307 PR analyzer/93457
2308 * region-model.cc (make_region_for_type): Use VOID_TYPE_P rather
2309 than checking against void_type_node.
2310
2311 2020-01-31 David Malcolm <dmalcolm@redhat.com>
2312
2313 PR analyzer/93373
2314 * region-model.cc (ASSERT_COMPAT_TYPES): Convert to...
2315 (assert_compat_types): ...this, and bail when either type is NULL,
2316 or when VOID_TYPE_P (dst_type).
2317 (region_model::get_lvalue): Update for above conversion.
2318 (region_model::get_rvalue): Likewise.
2319
2320 2020-01-31 David Malcolm <dmalcolm@redhat.com>
2321
2322 PR analyzer/93379
2323 * region-model.cc (region_model::update_for_return_superedge):
2324 Move check for null result so that it also guards setting the
2325 lhs.
2326
2327 2020-01-31 David Malcolm <dmalcolm@redhat.com>
2328
2329 PR analyzer/93438
2330 * region-model.cc (stack_region::can_merge_p): Split into a two
2331 pass approach, creating all stack regions first, then populating
2332 them.
2333 (selftest::test_state_merging): Add test coverage for (a) the case
2334 of self-merging a model in which a local in an older stack frame
2335 points to a local in a more recent stack frame (which previously
2336 would ICE), and (b) the case of self-merging a model in which a
2337 local points to a global (which previously worked OK).
2338
2339 2020-01-31 David Malcolm <dmalcolm@redhat.com>
2340
2341 * analyzer.cc (is_named_call_p): Replace tests for fndecl being
2342 extern at file scope and having a non-NULL DECL_NAME with a call
2343 to maybe_special_function_p.
2344 * function-set.cc (function_set::contains_decl_p): Add call to
2345 maybe_special_function_p.
2346
2347 2020-01-31 David Malcolm <dmalcolm@redhat.com>
2348
2349 PR analyzer/93450
2350 * constraint-manager.cc
2351 (constraint_manager::get_or_add_equiv_class): Only compare constants
2352 if their types are compatible.
2353 * region-model.cc (constant_svalue::eval_condition): Replace check
2354 for identical types with call to types_compatible_p.
2355
2356 2020-01-30 David Malcolm <dmalcolm@redhat.com>
2357
2358 * program-state.cc (extrinsic_state::dump_to_pp): New.
2359 (extrinsic_state::dump_to_file): New.
2360 (extrinsic_state::dump): New.
2361 * program-state.h (extrinsic_state::dump_to_pp): New decl.
2362 (extrinsic_state::dump_to_file): New decl.
2363 (extrinsic_state::dump): New decl.
2364 * sm.cc: Include "pretty-print.h".
2365 (state_machine::dump_to_pp): New.
2366 * sm.h (state_machine::dump_to_pp): New decl.
2367
2368 2020-01-30 David Malcolm <dmalcolm@redhat.com>
2369
2370 * diagnostic-manager.cc (for_each_state_change): Use
2371 extrinsic_state::get_num_checkers rather than accessing m_checkers
2372 directly.
2373 * program-state.cc (program_state::program_state): Likewise.
2374 * program-state.h (extrinsic_state::m_checkers): Make private.
2375
2376 2020-01-30 David Malcolm <dmalcolm@redhat.com>
2377
2378 PR analyzer/93356
2379 * region-model.cc (region_model::eval_condition): In both
2380 overloads, bail out immediately on floating-point types.
2381 (region_model::eval_condition_without_cm): Likewise.
2382 (region_model::add_constraint): Likewise.
2383
2384 2020-01-30 David Malcolm <dmalcolm@redhat.com>
2385
2386 PR analyzer/93450
2387 * program-state.cc (sm_state_map::set_state): For the overload
2388 taking an svalue_id, bail out if the set_state on the ec does
2389 nothing. Convert the latter's return type from void to bool,
2390 returning true if anything changed.
2391 (sm_state_map::impl_set_state): Convert the return type from void
2392 to bool, returning true if the state changed.
2393 * program-state.h (sm_state_map::set_state): Convert return type
2394 from void to bool.
2395 (sm_state_map::impl_set_state): Likewise.
2396 * region-model.cc (constant_svalue::eval_condition): Only call
2397 fold_build2 if the types are the same.
2398
2399 2020-01-29 Jakub Jelinek <jakub@redhat.com>
2400
2401 * analyzer.h (PUSH_IGNORE_WFORMAT, POP_IGNORE_WFORMAT): Remove.
2402 * constraint-manager.cc: Include diagnostic-core.h before graphviz.h.
2403 (range::dump, equiv_class::print): Don't use PUSH_IGNORE_WFORMAT or
2404 POP_IGNORE_WFORMAT.
2405 * state-purge.cc: Include diagnostic-core.h before
2406 gimple-pretty-print.h.
2407 (state_purge_annotator::add_node_annotations, print_vec_of_names):
2408 Don't use PUSH_IGNORE_WFORMAT or POP_IGNORE_WFORMAT.
2409 * region-model.cc: Move diagnostic-core.h include before graphviz.h.
2410 (path_var::dump, svalue::print, constant_svalue::print_details,
2411 region::dump_to_pp, region::dump_child_label, region::print_fields,
2412 map_region::print_fields, map_region::dump_dot_to_pp,
2413 map_region::dump_child_label, array_region::print_fields,
2414 array_region::dump_dot_to_pp): Don't use PUSH_IGNORE_WFORMAT or
2415 POP_IGNORE_WFORMAT.
2416
2417 2020-01-28 David Malcolm <dmalcolm@redhat.com>
2418
2419 PR analyzer/93316
2420 * engine.cc (rewind_info_t::update_model): Get the longjmp call
2421 stmt via get_longjmp_call () rather than assuming it is the last
2422 stmt in the longjmp's supernode.
2423 (rewind_info_t::add_events_to_path): Get the location_t for the
2424 rewind_from_longjmp_event via get_longjmp_call () rather than from
2425 the supernode's get_end_location ().
2426
2427 2020-01-28 David Malcolm <dmalcolm@redhat.com>
2428
2429 * region-model.cc (poisoned_value_diagnostic::emit): Update for
2430 renaming of warning_at overload to warning_meta.
2431 * sm-file.cc (file_leak::emit): Likewise.
2432 * sm-malloc.cc (double_free::emit): Likewise.
2433 (possible_null_deref::emit): Likewise.
2434 (possible_null_arg::emit): Likewise.
2435 (null_deref::emit): Likewise.
2436 (null_arg::emit): Likewise.
2437 (use_after_free::emit): Likewise.
2438 (malloc_leak::emit): Likewise.
2439 (free_of_non_heap::emit): Likewise.
2440 * sm-sensitive.cc (exposure_through_output_file::emit): Likewise.
2441 * sm-signal.cc (signal_unsafe_call::emit): Likewise.
2442 * sm-taint.cc (tainted_array_index::emit): Likewise.
2443
2444 2020-01-27 David Malcolm <dmalcolm@redhat.com>
2445
2446 PR analyzer/93451
2447 * region-model.cc (tree_cmp): For the REAL_CST case, impose an
2448 arbitrary order on NaNs relative to other NaNs and to non-NaNs;
2449 const-correctness tweak.
2450 (ana::selftests::build_real_cst_from_string): New function.
2451 (ana::selftests::append_interesting_constants): New function.
2452 (ana::selftests::test_tree_cmp_on_constants): New test.
2453 (ana::selftests::test_canonicalization_4): New test.
2454 (ana::selftests::analyzer_region_model_cc_tests): Call the new
2455 tests.
2456
2457 2020-01-27 David Malcolm <dmalcolm@redhat.com>
2458
2459 PR analyzer/93349
2460 * engine.cc (run_checkers): Save and restore input_location.
2461
2462 2020-01-27 David Malcolm <dmalcolm@redhat.com>
2463
2464 * call-string.cc (call_string::cmp_1): Delete, moving body to...
2465 (call_string::cmp): ...here.
2466 * call-string.h (call_string::cmp_1): Delete decl.
2467 * engine.cc (worklist::key_t::cmp_1): Delete, moving body to...
2468 (worklist::key_t::cmp): ...here. Implement hash comparisons
2469 via comparison rather than subtraction to avoid overflow issues.
2470 * exploded-graph.h (worklist::key_t::cmp_1): Delete decl.
2471 * region-model.cc (tree_cmp): Eliminate buggy checking for
2472 symmetry.
2473
2474 2020-01-27 David Malcolm <dmalcolm@redhat.com>
2475
2476 * analyzer.cc (is_named_call_p): Check that fndecl is "extern"
2477 and at file scope. Potentially disregard prefix _ or __ in
2478 fndecl's name. Bail if the identifier is NULL.
2479 (is_setjmp_call_p): Expect a gcall rather than plain gimple.
2480 Remove special-case check for leading prefix, and also check for
2481 sigsetjmp.
2482 (is_longjmp_call_p): Also check for siglongjmp.
2483 (get_user_facing_name): New function.
2484 * analyzer.h (is_setjmp_call_p): Expect a gcall rather than plain
2485 gimple.
2486 (get_user_facing_name): New decl.
2487 * checker-path.cc (setjmp_event::get_desc): Use
2488 get_user_facing_name to avoid hardcoding the function name.
2489 (rewind_event::rewind_event): Add rewind_info param, using it to
2490 initialize new m_rewind_info field, and strengthen the assertion.
2491 (rewind_from_longjmp_event::get_desc): Use get_user_facing_name to
2492 avoid hardcoding the function name.
2493 (rewind_to_setjmp_event::get_desc): Likewise.
2494 * checker-path.h (setjmp_event::setjmp_event): Add setjmp_call
2495 param and use it to initialize...
2496 (setjmp_event::m_setjmp_call): New field.
2497 (rewind_event::rewind_event): Add rewind_info param.
2498 (rewind_event::m_rewind_info): New protected field.
2499 (rewind_from_longjmp_event::rewind_from_longjmp_event): Add
2500 rewind_info param.
2501 (class rewind_to_setjmp_event): Move rewind_info field to parent
2502 class.
2503 * diagnostic-manager.cc (diagnostic_manager::add_events_for_eedge):
2504 Update setjmp-handling for is_setjmp_call_p requiring a gcall;
2505 pass the call to the new setjmp_event.
2506 * engine.cc (exploded_node::on_stmt): Update for is_setjmp_call_p
2507 requiring a gcall.
2508 (stale_jmp_buf::emit): Use get_user_facing_name to avoid
2509 hardcoding the function names.
2510 (exploded_node::on_longjmp): Pass the longjmp_call when
2511 constructing rewind_info.
2512 (rewind_info_t::add_events_to_path): Pass the rewind_info_t to the
2513 rewind_from_longjmp_event's ctor.
2514 * exploded-graph.h (rewind_info_t::rewind_info_t): Add
2515 longjmp_call param.
2516 (rewind_info_t::get_longjmp_call): New.
2517 (rewind_info_t::m_longjmp_call): New.
2518 * region-model.cc (region_model::on_setjmp): Update comment to
2519 indicate this is also for sigsetjmp.
2520 * region-model.h (struct setjmp_record): Likewise.
2521 (class setjmp_svalue): Likewise.
2522
2523 2020-01-27 David Malcolm <dmalcolm@redhat.com>
2524
2525 PR analyzer/93276
2526 * analyzer.h (PUSH_IGNORE_WFORMAT, POP_IGNORE_WFORMAT): Guard these
2527 macros with GCC_VERSION >= 4006, making them no-op otherwise.
2528 * engine.cc (exploded_edge::exploded_edge): Specify template for
2529 base class initializer.
2530 (exploded_graph::add_edge): Specify template when chaining up to
2531 base class add_edge implementation.
2532 (viz_callgraph_node::dump_dot): Drop redundant "typename".
2533 (viz_callgraph_edge::viz_callgraph_edge): Specify template for
2534 base class initializer.
2535 * program-state.cc (sm_state_map::clone_with_remapping): Drop
2536 redundant "typename".
2537 (sm_state_map::print): Likewise.
2538 (sm_state_map::hash): Likewise.
2539 (sm_state_map::operator==): Likewise.
2540 (sm_state_map::remap_svalue_ids): Likewise.
2541 (sm_state_map::on_svalue_purge): Likewise.
2542 (sm_state_map::validate): Likewise.
2543 * program-state.h (sm_state_map::iterator_t): Likewise.
2544 * supergraph.h (superedge::superedge): Specify template for base
2545 class initializer.
2546
2547 2020-01-23 David Malcolm <dmalcolm@redhat.com>
2548
2549 PR analyzer/93375
2550 * supergraph.cc (callgraph_superedge::get_arg_for_parm): Fail
2551 gracefully is the number of parameters at the callee exceeds the
2552 number of arguments at the call stmt.
2553 (callgraph_superedge::get_parm_for_arg): Likewise.
2554
2555 2020-01-22 David Malcolm <dmalcolm@redhat.com>
2556
2557 PR analyzer/93382
2558 * program-state.cc (sm_state_map::on_svalue_purge): If the
2559 entry survives, but the origin is being purged, then reset the
2560 origin to null.
2561
2562 2020-01-22 David Malcolm <dmalcolm@redhat.com>
2563
2564 * sm-signal.cc: Fix nesting of CHECKING_P and namespace ana.
2565
2566 2020-01-22 David Malcolm <dmalcolm@redhat.com>
2567
2568 PR analyzer/93378
2569 * engine.cc (setjmp_svalue::compare_fields): Update for
2570 replacement of m_enode with m_setjmp_record.
2571 (setjmp_svalue::add_to_hash): Likewise.
2572 (setjmp_svalue::get_index): Rename...
2573 (setjmp_svalue::get_enode_index): ...to this.
2574 (setjmp_svalue::print_details): Update for replacement of m_enode
2575 with m_setjmp_record.
2576 (exploded_node::on_longjmp): Likewise.
2577 * exploded-graph.h (rewind_info_t::m_enode_origin): Replace...
2578 (rewind_info_t::m_setjmp_record): ...with this.
2579 (rewind_info_t::rewind_info_t): Update for replacement of m_enode
2580 with m_setjmp_record.
2581 (rewind_info_t::get_setjmp_point): Likewise.
2582 (rewind_info_t::get_setjmp_call): Likewise.
2583 * region-model.cc (region_model::dump_summary_of_map): Likewise.
2584 (region_model::on_setjmp): Likewise.
2585 * region-model.h (struct setjmp_record): New struct.
2586 (setjmp_svalue::m_enode): Replace...
2587 (setjmp_svalue::m_setjmp_record): ...with this.
2588 (setjmp_svalue::setjmp_svalue): Update for replacement of m_enode
2589 with m_setjmp_record.
2590 (setjmp_svalue::clone): Likewise.
2591 (setjmp_svalue::get_index): Rename...
2592 (setjmp_svalue::get_enode_index): ...to this.
2593 (setjmp_svalue::get_exploded_node): Replace...
2594 (setjmp_svalue::get_setjmp_record): ...with this.
2595
2596 2020-01-22 David Malcolm <dmalcolm@redhat.com>
2597
2598 PR analyzer/93316
2599 * analyzer.cc (is_setjmp_call_p): Check for "setjmp" as well as
2600 "_setjmp".
2601
2602 2020-01-22 David Malcolm <dmalcolm@redhat.com>
2603
2604 PR analyzer/93307
2605 * analysis-plan.h: Wrap everything namespace "ana".
2606 * analyzer-logging.cc: Likewise.
2607 * analyzer-logging.h: Likewise.
2608 * analyzer-pass.cc (pass_analyzer::execute): Update for "ana"
2609 namespace.
2610 * analyzer-selftests.cc: Wrap everything namespace "ana".
2611 * analyzer-selftests.h: Likewise.
2612 * analyzer.h: Likewise for forward decls of types.
2613 * call-string.h: Likewise.
2614 * checker-path.cc: Likewise.
2615 * checker-path.h: Likewise.
2616 * constraint-manager.cc: Likewise.
2617 * constraint-manager.h: Likewise.
2618 * diagnostic-manager.cc: Likewise.
2619 * diagnostic-manager.h: Likewise.
2620 * engine.cc: Likewise.
2621 * engine.h: Likewise.
2622 * exploded-graph.h: Likewise.
2623 * function-set.cc: Likewise.
2624 * function-set.h: Likewise.
2625 * pending-diagnostic.cc: Likewise.
2626 * pending-diagnostic.h: Likewise.
2627 * program-point.cc: Likewise.
2628 * program-point.h: Likewise.
2629 * program-state.cc: Likewise.
2630 * program-state.h: Likewise.
2631 * region-model.cc: Likewise.
2632 * region-model.h: Likewise.
2633 * sm-file.cc: Likewise.
2634 * sm-malloc.cc: Likewise.
2635 * sm-pattern-test.cc: Likewise.
2636 * sm-sensitive.cc: Likewise.
2637 * sm-signal.cc: Likewise.
2638 * sm-taint.cc: Likewise.
2639 * sm.cc: Likewise.
2640 * sm.h: Likewise.
2641 * state-purge.h: Likewise.
2642 * supergraph.cc: Likewise.
2643 * supergraph.h: Likewise.
2644
2645 2020-01-21 David Malcolm <dmalcolm@redhat.com>
2646
2647 PR analyzer/93352
2648 * region-model.cc (int_cmp): Rename to...
2649 (array_region::key_cmp): ...this, using key_t rather than int.
2650 Rewrite in terms of comparisons rather than subtraction to
2651 ensure qsort is anti-symmetric when handling extreme values.
2652 (array_region::walk_for_canonicalization): Update for above
2653 renaming.
2654 * region-model.h (array_region::key_cmp): New decl.
2655
2656 2020-01-17 David Malcolm <dmalcolm@redhat.com>
2657
2658 PR analyzer/93290
2659 * region-model.cc (region_model::eval_condition_without_cm): Avoid
2660 gcc_unreachable for unexpected operations for the case where
2661 we're comparing an svalue against itself.
2662
2663 2020-01-17 David Malcolm <dmalcolm@redhat.com>
2664
2665 PR analyzer/93281
2666 * region-model.cc
2667 (region_model::convert_byte_offset_to_array_index): Convert to
2668 ssizetype before dividing by byte_size. Use fold_binary rather
2669 than fold_build2 to avoid needlessly constructing a tree for the
2670 non-const case.
2671
2672 2020-01-15 David Malcolm <dmalcolm@redhat.com>
2673
2674 * engine.cc (class impl_region_model_context): Fix comment.
2675
2676 2020-01-14 David Malcolm <dmalcolm@redhat.com>
2677
2678 PR analyzer/93212
2679 * region-model.cc (make_region_for_type): Use
2680 FUNC_OR_METHOD_TYPE_P rather than comparing against FUNCTION_TYPE.
2681 * region-model.h (function_region::function_region): Likewise.
2682
2683 2020-01-14 David Malcolm <dmalcolm@redhat.com>
2684
2685 * program-state.cc (sm_state_map::clone_with_remapping): Copy
2686 m_global_state.
2687 (selftest::test_program_state_merging_2): New selftest.
2688 (selftest::analyzer_program_state_cc_tests): Call it.
2689
2690 2020-01-14 David Malcolm <dmalcolm@redhat.com>
2691
2692 * checker-path.h (checker_path::get_checker_event): New function.
2693 (checker_path): Add DISABLE_COPY_AND_ASSIGN; make fields private.
2694 * diagnostic-manager.cc
2695 (diagnostic_manager::prune_for_sm_diagnostic): Replace direct
2696 access to checker_path::m_events with accessor functions. Fix
2697 overlong line.
2698 (diagnostic_manager::prune_interproc_events): Replace direct
2699 access to checker_path::m_events with accessor functions.
2700 (diagnostic_manager::finish_pruning): Likewise.
2701
2702 2020-01-14 David Malcolm <dmalcolm@redhat.com>
2703
2704 * checker-path.h (checker_event::clone): Delete vfunc decl.
2705 (debug_event::clone): Delete vfunc impl.
2706 (custom_event::clone): Delete vfunc impl.
2707 (statement_event::clone): Delete vfunc impl.
2708 (function_entry_event::clone): Delete vfunc impl.
2709 (state_change_event::clone): Delete vfunc impl.
2710 (start_cfg_edge_event::clone): Delete vfunc impl.
2711 (end_cfg_edge_event::clone): Delete vfunc impl.
2712 (call_event::clone): Delete vfunc impl.
2713 (return_event::clone): Delete vfunc impl.
2714 (setjmp_event::clone): Delete vfunc impl.
2715 (rewind_from_longjmp_event::clone): Delete vfunc impl.
2716 (rewind_to_setjmp_event::clone): Delete vfunc impl.
2717 (warning_event::clone): Delete vfunc impl.
2718
2719 2020-01-14 David Malcolm <dmalcolm@redhat.com>
2720
2721 * supergraph.cc (supernode::dump_dot): Ensure that the TABLE
2722 element has at least one TR.
2723
2724 2020-01-14 David Malcolm <dmalcolm@redhat.com>
2725
2726 PR analyzer/58237
2727 * engine.cc (leak_stmt_finder::find_stmt): Use get_pure_location
2728 when comparing against UNKNOWN_LOCATION.
2729 (stmt_requires_new_enode_p): Likewise.
2730 (exploded_graph::dump_exploded_nodes): Likewise.
2731 * supergraph.cc (supernode::get_start_location): Likewise.
2732 (supernode::get_end_location): Likewise.
2733
2734 2020-01-14 David Malcolm <dmalcolm@redhat.com>
2735
2736 PR analyzer/58237
2737 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
2738 selftest::analyzer_sm_file_cc_tests.
2739 * analyzer-selftests.h (selftest::analyzer_sm_file_cc_tests): New
2740 decl.
2741 * sm-file.cc: Include "analyzer/function-set.h" and
2742 "analyzer/analyzer-selftests.h".
2743 (get_file_using_fns): New function.
2744 (is_file_using_fn_p): New function.
2745 (fileptr_state_machine::on_stmt): Return true for known functions.
2746 (selftest::analyzer_sm_file_cc_tests): New function.
2747
2748 2020-01-14 David Malcolm <dmalcolm@redhat.com>
2749
2750 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
2751 selftest::analyzer_sm_signal_cc_tests.
2752 * analyzer-selftests.h (selftest::analyzer_sm_signal_cc_tests):
2753 New decl.
2754 * sm-signal.cc: Include "analyzer/function-set.h" and
2755 "analyzer/analyzer-selftests.h".
2756 (get_async_signal_unsafe_fns): New function.
2757 (signal_unsafe_p): Reimplement in terms of the above.
2758 (selftest::analyzer_sm_signal_cc_tests): New function.
2759
2760 2020-01-14 David Malcolm <dmalcolm@redhat.com>
2761
2762 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
2763 selftest::analyzer_function_set_cc_tests.
2764 * analyzer-selftests.h (selftest::analyzer_function_set_cc_tests):
2765 New decl.
2766 * function-set.cc: New file.
2767 * function-set.h: New file.
2768
2769 2020-01-14 David Malcolm <dmalcolm@redhat.com>
2770
2771 * analyzer.h (fndecl_has_gimple_body_p): New decl.
2772 * engine.cc (impl_region_model_context::on_unknown_change): New
2773 function.
2774 (fndecl_has_gimple_body_p): Make non-static.
2775 (exploded_node::on_stmt): Treat __analyzer_dump_exploded_nodes as
2776 known. Track whether we have a call with unknown side-effects and
2777 pass it to on_call_post.
2778 * exploded-graph.h (impl_region_model_context::on_unknown_change):
2779 New decl.
2780 * program-state.cc (sm_state_map::on_unknown_change): New function.
2781 * program-state.h (sm_state_map::on_unknown_change): New decl.
2782 * region-model.cc: Include "bitmap.h".
2783 (region_model::on_call_pre): Return a bool, capturing whether the
2784 call has unknown side effects.
2785 (region_model::on_call_post): Add arg "bool unknown_side_effects"
2786 and if true, call handle_unrecognized_call.
2787 (class reachable_regions): New class.
2788 (region_model::handle_unrecognized_call): New function.
2789 * region-model.h (region_model::on_call_pre): Return a bool.
2790 (region_model::on_call_post): Add arg "bool unknown_side_effects".
2791 (region_model::handle_unrecognized_call): New decl.
2792 (region_model_context::on_unknown_change): New vfunc.
2793 (test_region_model_context::on_unknown_change): New function.
2794
2795 2020-01-14 David Malcolm <dmalcolm@redhat.com>
2796
2797 * diagnostic-manager.cc (saved_diagnostic::operator==): Move here
2798 from header. Replace pointer equality test on m_var with call to
2799 pending_diagnostic::same_tree_p.
2800 * diagnostic-manager.h (saved_diagnostic::operator==): Move to
2801 diagnostic-manager.cc.
2802 * pending-diagnostic.cc (pending_diagnostic::same_tree_p): New.
2803 * pending-diagnostic.h (pending_diagnostic::same_tree_p): New.
2804 * sm-file.cc (file_diagnostic::subclass_equal_p): Replace pointer
2805 equality on m_arg with call to pending_diagnostic::same_tree_p.
2806 * sm-malloc.cc (malloc_diagnostic::subclass_equal_p): Likewise.
2807 (possible_null_arg::subclass_equal_p): Likewise.
2808 (null_arg::subclass_equal_p): Likewise.
2809 (free_of_non_heap::subclass_equal_p): Likewise.
2810 * sm-pattern-test.cc (pattern_match::operator==): Likewise.
2811 * sm-sensitive.cc (exposure_through_output_file::operator==):
2812 Likewise.
2813 * sm-taint.cc (tainted_array_index::operator==): Likewise.
2814
2815 2020-01-14 David Malcolm <dmalcolm@redhat.com>
2816
2817 * diagnostic-manager.cc (dedupe_winners::add): Add logging
2818 of deduplication decisions made.
2819
2820 2020-01-14 David Malcolm <dmalcolm@redhat.com>
2821
2822 * ChangeLog: New file.
2823 * analyzer-selftests.cc: New file.
2824 * analyzer-selftests.h: New file.
2825 * analyzer.opt: New file.
2826 * analysis-plan.cc: New file.
2827 * analysis-plan.h: New file.
2828 * analyzer-logging.cc: New file.
2829 * analyzer-logging.h: New file.
2830 * analyzer-pass.cc: New file.
2831 * analyzer.cc: New file.
2832 * analyzer.h: New file.
2833 * call-string.cc: New file.
2834 * call-string.h: New file.
2835 * checker-path.cc: New file.
2836 * checker-path.h: New file.
2837 * constraint-manager.cc: New file.
2838 * constraint-manager.h: New file.
2839 * diagnostic-manager.cc: New file.
2840 * diagnostic-manager.h: New file.
2841 * engine.cc: New file.
2842 * engine.h: New file.
2843 * exploded-graph.h: New file.
2844 * pending-diagnostic.cc: New file.
2845 * pending-diagnostic.h: New file.
2846 * program-point.cc: New file.
2847 * program-point.h: New file.
2848 * program-state.cc: New file.
2849 * program-state.h: New file.
2850 * region-model.cc: New file.
2851 * region-model.h: New file.
2852 * sm-file.cc: New file.
2853 * sm-malloc.cc: New file.
2854 * sm-malloc.dot: New file.
2855 * sm-pattern-test.cc: New file.
2856 * sm-sensitive.cc: New file.
2857 * sm-signal.cc: New file.
2858 * sm-taint.cc: New file.
2859 * sm.cc: New file.
2860 * sm.h: New file.
2861 * state-purge.cc: New file.
2862 * state-purge.h: New file.
2863 * supergraph.cc: New file.
2864 * supergraph.h: New file.
2865
2866 2019-12-13 David Malcolm <dmalcolm@redhat.com>
2867
2868 * Initial creation
2869
2870 \f
2871 Copyright (C) 2019-2020 Free Software Foundation, Inc.
2872
2873 Copying and distribution of this file, with or without modification,
2874 are permitted in any medium without royalty provided the copyright
2875 notice and this notice are preserved.