projects / gcc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
analyzer: only use CWE-690 for unchecked return value [PR97893]
[gcc.git] / gcc / analyzer / ChangeLog
1 2020-11-12 David Malcolm <dmalcolm@redhat.com>
2
3 * checker-path.h (checker_event::get_id_ptr): New.
4 * diagnostic-manager.cc (path_builder::path_builder): Add "sd"
5 param and use it to initialize new field "m_sd".
6 (path_builder::get_pending_diagnostic): New.
7 (path_builder::m_sd): New field.
8 (diagnostic_manager::emit_saved_diagnostic): Pass sd to
9 path_builder ctor.
10 (diagnostic_manager::add_events_for_superedge): Call new
11 maybe_add_custom_events_for_superedge vfunc.
12 * engine.cc (stale_jmp_buf::stale_jmp_buf): Add "setjmp_point"
13 param and use it to initialize new field "m_setjmp_point".
14 Initialize new field "m_stack_pop_event".
15 (stale_jmp_buf::maybe_add_custom_events_for_superedge): New vfunc
16 implementation.
17 (stale_jmp_buf::describe_final_event): New vfunc implementation.
18 (stale_jmp_buf::m_setjmp_point): New field.
19 (stale_jmp_buf::m_stack_pop_event): New field.
20 (exploded_node::on_longjmp): Pass setjmp_point to stale_jmp_buf
21 ctor.
22 * pending-diagnostic.h
23 (pending_diagnostic::maybe_add_custom_events_for_superedge): New
24 vfunc.
25
26 2020-11-12 David Malcolm <dmalcolm@redhat.com>
27
28 PR tree-optimization/97424
29 * analyzer.opt (Wanalyzer-shift-count-negative): New.
30 (Wanalyzer-shift-count-overflow): New.
31 * region-model.cc (class shift_count_negative_diagnostic): New.
32 (class shift_count_overflow_diagnostic): New.
33 (region_model::get_gassign_result): Complain about shift counts that
34 are negative or are >= the operand's type's width.
35
36 2020-11-10 Martin Liska <mliska@suse.cz>
37
38 * constraint-manager.cc (constraint_manager::merge): Remove
39 unused code.
40 * constraint-manager.h: Likewise.
41 * program-state.cc (sm_state_map::sm_state_map): Likewise.
42 (program_state::program_state): Likewise.
43 (test_sm_state_map): Likewise.
44 * program-state.h: Likewise.
45 * region-model-reachability.cc (reachable_regions::reachable_regions): Likewise.
46 * region-model-reachability.h: Likewise.
47 * region-model.cc (region_model::handle_unrecognized_call): Likewise.
48 (region_model::get_reachable_svalues): Likewise.
49 (region_model::can_merge_with_p): Likewise.
50
51 2020-11-05 David Malcolm <dmalcolm@redhat.com>
52
53 PR analyzer/97668
54 * svalue.cc (cmp_cst): Handle COMPLEX_CST.
55
56 2020-10-29 David Malcolm <dmalcolm@redhat.com>
57
58 * program-state.cc (sm_state_map::on_liveness_change): Sort the
59 leaking svalues before calling on_state_leak.
60 (program_state::detect_leaks): Likewise when calling
61 on_svalue_leak.
62 * region-model-reachability.cc
63 (reachable_regions::mark_escaped_clusters): Likewise when
64 calling on_escaped_function.
65
66 2020-10-29 David Malcolm <dmalcolm@redhat.com>
67
68 PR analyzer/97608
69 * region-model-reachability.cc (reachable_regions::handle_sval):
70 Operands of reachable reversible operations are reachable.
71
72 2020-10-29 David Malcolm <dmalcolm@redhat.com>
73
74 * analyzer.h (class state_machine): New forward decl.
75 (class logger): Likewise.
76 (class visitor): Likewise.
77 * complexity.cc: New file, taken from svalue.cc.
78 * complexity.h: New file, taken from region-model.h.
79 * region-model.h: Include "analyzer/svalue.h" and
80 "analyzer/region.h". Move struct complexity to complexity.h.
81 Move svalue, its subclasses and supporting decls to svalue.h.
82 Move region, its subclasses and supporting decls to region.h.
83 * region.cc: Include "analyzer/region.h".
84 (symbolic_region::symbolic_region): Move here from region-model.h.
85 * region.h: New file, based on material from region-model.h.
86 * svalue.cc: Include "analyzer/svalue.h".
87 (complexity::complexity): Move to complexity.cc.
88 (complexity::from_pair): Likewise.
89 * svalue.h: New file, based on material from region-model.h.
90
91 2020-10-29 David Malcolm <dmalcolm@redhat.com>
92
93 * program-state.cc (sm_state_map::print): Guard the printing of
94 the origin pointer with !flag_dump_noaddr.
95 * region.cc (string_region::dump_to_pp): Likewise for
96 m_string_cst.
97
98 2020-10-27 David Malcolm <dmalcolm@redhat.com>
99
100 PR analyzer/97568
101 * region-model.cc (region_model::get_initial_value_for_global):
102 Move check that !DECL_EXTERNAL from here to...
103 * region.cc (decl_region::get_svalue_for_initializer): ...here,
104 using it to reject zero initialization.
105
106 2020-10-27 Markus Böck <markus.boeck02@gmail.com>
107
108 PR analyzer/96608
109 * store.h (hash): Cast to intptr_t instead of long
110
111 2020-10-27 David Malcolm <dmalcolm@redhat.com>
112
113 * constraint-manager.cc (svalue_cmp_by_ptr): Delete.
114 (equiv_class::canonicalize): Use svalue::cmp_ptr_ptr instead.
115 (equiv_class_cmp): Eliminate pointer comparison.
116 * diagnostic-manager.cc (dedupe_key::comparator): If they are at
117 the same location, also compare epath ength and pending_diagnostic
118 kind.
119 * engine.cc (readability_comparator): If two path_vars have the
120 same readability, then impose an arbitrary ordering on them.
121 (worklist::key_t::cmp): If two points have the same plan ordering,
122 continue the comparison. Call sm_state_map::cmp rather than
123 comparing hash values.
124 * program-state.cc (sm_state_map::entry_t::cmp): New.
125 (sm_state_map::cmp): New.
126 * program-state.h (sm_state_map::entry_t::cmp): New decl.
127 (sm_state_map::elements): New.
128 (sm_state_map::cmp): New.
129
130 2020-10-27 David Malcolm <dmalcolm@redhat.com>
131
132 * engine.cc (setjmp_record::cmp): New.
133 (supernode_cluster::dump_dot): Avoid embedding pointer in cluster
134 name.
135 (supernode_cluster::cmp_ptr_ptr): New.
136 (function_call_string_cluster::dump_dot): Avoid embedding pointer
137 in cluster name. Sort m_map when dumping child clusters.
138 (function_call_string_cluster::cmp_ptr_ptr): New.
139 (root_cluster::dump_dot): Sort m_map when dumping child clusters.
140 * program-point.cc (function_point::cmp): New.
141 (function_point::cmp_ptr): New.
142 * program-point.h (function_point::cmp): New decl.
143 (function_point::cmp_ptr): New decl.
144 * program-state.cc (sm_state_map::print): Sort the values. Guard
145 the printing of pointers with !flag_dump_noaddr.
146 (program_state::prune_for_point): Sort the regions.
147 (log_set_of_svalues): Sort the values. Guard the printing of
148 pointers with !flag_dump_noaddr.
149 * region-model-manager.cc (log_uniq_map): Sort the values.
150 * region-model-reachability.cc (dump_set): New function template.
151 (reachable_regions::dump_to_pp): Use it.
152 * region-model.h (svalue::cmp_ptr): New decl.
153 (svalue::cmp_ptr_ptr): New decl.
154 (setjmp_record::cmp): New decl.
155 (placeholder_svalue::get_name): New accessor.
156 (widening_svalue::get_point): New accessor.
157 (compound_svalue::get_map): New accessor.
158 (conjured_svalue::get_stmt): New accessor.
159 (conjured_svalue::get_id_region): New accessor.
160 (region::cmp_ptrs): Rename to...
161 (region::cmp_ptr_ptr): ...this.
162 * region.cc (region::cmp_ptrs): Rename to...
163 (region::cmp_ptr_ptr): ...this.
164 * state-purge.cc
165 (state_purge_per_ssa_name::state_purge_per_ssa_name): Sort
166 m_points_needing_name when dumping.
167 * store.cc (concrete_binding::cmp_ptr_ptr): New.
168 (symbolic_binding::cmp_ptr_ptr): New.
169 (binding_map::cmp): New.
170 (get_sorted_parent_regions): Update for renaming of
171 region::cmp_ptrs to region::cmp_ptr_ptr.
172 (store::dump_to_pp): Likewise.
173 (store::to_json): Likewise.
174 (store::can_merge_p): Sort the base regions before considering
175 them.
176 * store.h (concrete_binding::cmp_ptr_ptr): New decl.
177 (symbolic_binding::cmp_ptr_ptr): New decl.
178 (binding_map::cmp): New decl.
179 * supergraph.cc (supergraph::supergraph): Assign UIDs to the
180 gimple stmts.
181 * svalue.cc (cmp_cst): New.
182 (svalue::cmp_ptr): New.
183 (svalue::cmp_ptr_ptr): New.
184
185 2020-10-27 David Malcolm <dmalcolm@redhat.com>
186
187 * engine.cc (exploded_graph::get_or_create_node): Fix off-by-one
188 when imposing param_analyzer_max_enodes_per_program_point limit.
189
190 2020-10-27 David Malcolm <dmalcolm@redhat.com>
191
192 * region-model.cc (region_model::get_representative_path_var):
193 Implement case RK_LABEL.
194 * region-model.h (label_region::get_label): New accessor.
195
196 2020-10-22 David Malcolm <dmalcolm@redhat.com>
197
198 PR analyzer/97514
199 * engine.cc (exploded_graph::add_function_entry): Handle failure
200 to create an enode, rather than asserting.
201
202 2020-10-22 David Malcolm <dmalcolm@redhat.com>
203
204 PR analyzer/97489
205 * engine.cc (exploded_graph::add_function_entry): Assert that we
206 have a function body.
207 (exploded_graph::on_escaped_function): Reject fndecls that don't
208 have a function body.
209
210 2020-10-14 David Malcolm <dmalcolm@redhat.com>
211
212 PR analyzer/93388
213 * region-model.cc (region_model::get_initial_value_for_global):
214 Fall back to returning an initial_svalue if
215 decl_region::get_svalue_for_initializer fails.
216 * region.cc (decl_region::get_svalue_for_initializer): Don't
217 attempt to create a compound_svalue if the region has an unknown
218 size.
219
220 2020-10-14 David Malcolm <dmalcolm@redhat.com>
221
222 PR analyzer/93723
223 * store.cc (binding_map::apply_ctor_to_region): Remove redundant
224 assertion.
225
226 2020-10-12 David Malcolm <dmalcolm@redhat.com>
227
228 PR analyzer/97258
229 * engine.cc (impl_region_model_context::on_escaped_function): New
230 vfunc.
231 (exploded_graph::add_function_entry): Use m_functions_with_enodes
232 to implement idempotency.
233 (add_any_callbacks): New.
234 (exploded_graph::build_initial_worklist): Use the above to find
235 callbacks that are reachable from global initializers.
236 (exploded_graph::on_escaped_function): New.
237 * exploded-graph.h
238 (impl_region_model_context::on_escaped_function): New decl.
239 (exploded_graph::on_escaped_function): New decl.
240 (exploded_graph::m_functions_with_enodes): New field.
241 * region-model-reachability.cc
242 (reachable_regions::reachable_regions): Replace "store" param with
243 "model" param; use it to initialize m_model.
244 (reachable_regions::add): When getting the svalue for the region,
245 call get_store_value on the model rather than using an initial
246 value.
247 (reachable_regions::mark_escaped_clusters): Add ctxt param and
248 use it to call on_escaped_function when a function_region escapes.
249 * region-model-reachability.h
250 (reachable_regions::reachable_regions): Replace "store" param with
251 "model" param.
252 (reachable_regions::mark_escaped_clusters): Add ctxt param.
253 (reachable_regions::m_model): New field.
254 * region-model.cc (region_model::handle_unrecognized_call): Update
255 for change in reachable_regions ctor.
256 (region_model::handle_unrecognized_call): Pass ctxt to
257 mark_escaped_clusters.
258 (region_model::get_reachable_svalues): Update for change in
259 reachable_regions ctor.
260 (region_model::get_initial_value_for_global): Read-only variables
261 keep their initial values.
262 * region-model.h (region_model_context::on_escaped_function): New
263 vfunc.
264 (noop_region_model_context::on_escaped_function): New.
265
266 2020-10-12 David Malcolm <dmalcolm@redhat.com>
267
268 * analyzer.opt (Wanalyzer-write-to-const): New.
269 (Wanalyzer-write-to-string-literal): New.
270 * region-model-impl-calls.cc (region_model::impl_call_memcpy):
271 Call check_for_writable_region.
272 (region_model::impl_call_memset): Likewise.
273 (region_model::impl_call_strcpy): Likewise.
274 * region-model.cc (class write_to_const_diagnostic): New.
275 (class write_to_string_literal_diagnostic): New.
276 (region_model::check_for_writable_region): New.
277 (region_model::set_value): Call check_for_writable_region.
278 * region-model.h (region_model::check_for_writable_region): New
279 decl.
280
281 2020-10-07 David Malcolm <dmalcolm@redhat.com>
282
283 PR analyzer/97116
284 * sm-malloc.cc (method_p): New.
285 (describe_argument_index): New.
286 (inform_nonnull_attribute): Use describe_argument_index.
287 (possible_null_arg::describe_final_event): Likewise.
288 (null_arg::describe_final_event): Likewise.
289
290 2020-09-29 David Malcolm <dmalcolm@redhat.com>
291
292 PR analyzer/95188
293 * engine.cc (stmt_requires_new_enode_p): Split enodes before
294 "signal" calls.
295
296 2020-09-29 David Malcolm <dmalcolm@redhat.com>
297
298 * constraint-manager.cc
299 (constraint_manager::add_constraint_internal): Whitespace fixes.
300 Silence -Wsign-compare warning.
301 * engine.cc (maybe_process_run_of_before_supernode_enodes):
302 Silence -Wsign-compare warning.
303
304 2020-09-28 David Malcolm <dmalcolm@redhat.com>
305
306 * region-model.h (binop_svalue::dyn_cast_binop_svalue): Remove
307 redundant "virtual". Add FINAL OVERRIDE.
308 (widening_svalue::dyn_cast_widening_svalue): Add FINAL OVERRIDE.
309 (compound_svalue::dyn_cast_compound_svalue): Likewise.
310 (conjured_svalue::dyn_cast_conjured_svalue): Likewise.
311
312 2020-09-28 David Malcolm <dmalcolm@redhat.com>
313
314 * diagnostic-manager.cc (null_assignment_sm_context::m_visitor):
315 Remove unused field.
316
317 2020-09-28 David Malcolm <dmalcolm@redhat.com>
318
319 PR analyzer/97233
320 * analyzer.cc (is_longjmp_call_p): Require the initial argument
321 to be a pointer.
322 * engine.cc (exploded_node::on_longjmp): Likewise.
323
324 2020-09-28 David Malcolm <dmalcolm@redhat.com>
325
326 * program-state.cc (sm_state_map::print): Update check
327 for m_global_state being the start state.
328
329 2020-09-26 David Malcolm <dmalcolm@redhat.com>
330
331 PR analyzer/96646
332 PR analyzer/96841
333 * region-model.cc (region_model::get_representative_path_var):
334 When handling offset_region, wrap the MEM_REF's first argument in
335 an ADDR_EXPR of pointer type, rather than simply using the tree
336 for the parent region. Require the MEM_REF's second argument to
337 be an integer constant.
338
339 2020-09-24 David Malcolm <dmalcolm@redhat.com>
340
341 * analyzer.h (struct rejected_constraint): New decl.
342 * analyzer.opt (fanalyzer-feasibility): New option.
343 * diagnostic-manager.cc (path_builder::path_builder): Add
344 "problem" param and use it to initialize new field.
345 (path_builder::get_feasibility_problem): New accessor.
346 (path_builder::m_feasibility_problem): New field.
347 (dedupe_winners::add): Remove inversion of logic in "if" clause,
348 swapping if/else suites. In the !feasible_p suite, inspect
349 flag_analyzer_feasibility and add code to handle when this
350 is off, accepting the infeasible path, but recording the
351 feasibility_problem.
352 (diagnostic_manager::emit_saved_diagnostic): Pass the
353 feasibility_problem to the path_builder.
354 (diagnostic_manager::add_events_for_eedge): If we have
355 a feasibility_problem at this edge, use it to add a custom event.
356 * engine.cc (exploded_path::feasible_p): Pass a
357 rejected_constraint ** to model.maybe_update_for_edge and transfer
358 ownership of any created instance to any feasibility_problem.
359 (feasibility_problem::dump_to_pp): New.
360 * exploded-graph.h (feasibility_problem::feasibility_problem):
361 Drop "model" param; add rejected_constraint * param.
362 (feasibility_problem::~feasibility_problem): New.
363 (feasibility_problem::dump_to_pp): New decl.
364 (feasibility_problem::m_model): Drop field.
365 (feasibility_problem::m_rc): New field.
366 * program-point.cc (function_point::get_location): Handle
367 PK_BEFORE_SUPERNODE and PK_AFTER_SUPERNODE.
368 * program-state.cc (program_state::on_edge): Pass NULL to new
369 param of region_model::maybe_update_for_edge.
370 * region-model.cc (region_model::add_constraint): New overload
371 adding a rejected_constraint ** param.
372 (region_model::maybe_update_for_edge): Add rejected_constraint **
373 param and pass it to the various apply_constraints_for_ calls.
374 (region_model::apply_constraints_for_gcond): Add
375 rejected_constraint ** param and pass it to add_constraint calls.
376 (region_model::apply_constraints_for_gswitch): Likewise.
377 (region_model::apply_constraints_for_exception): Likewise.
378 (rejected_constraint::dump_to_pp): New.
379 * region-model.h (region_model::maybe_update_for_edge):
380 Add rejected_constraint ** param.
381 (region_model::add_constraint): New overload adding a
382 rejected_constraint ** param.
383 (region_model::apply_constraints_for_gcond): Add
384 rejected_constraint ** param.
385 (region_model::apply_constraints_for_gswitch): Likewise.
386 (region_model::apply_constraints_for_exception): Likewise.
387 (struct rejected_constraint): New.
388
389 2020-09-23 David Malcolm <dmalcolm@redhat.com>
390
391 PR analyzer/97178
392 * engine.cc (impl_run_checkers): Update for change to ext_state
393 ctor.
394 * program-state.cc (selftest::test_sm_state_map): Pass an engine
395 instance to ext_state ctor.
396 (selftest::test_program_state_1): Likewise.
397 (selftest::test_program_state_2): Likewise.
398 (selftest::test_program_state_merging): Likewise.
399 (selftest::test_program_state_merging_2): Likewise.
400 * program-state.h (extrinsic_state::extrinsic_state): Remove NULL
401 default value for "eng" param.
402
403 2020-09-23 Tobias Burnus <tobias@codesourcery.com>
404
405 * analyzer-logging.cc: Guard '#pragma ... ignored "-Wformat-diag"'
406 by '#if __GNUC__ >= 10'
407 * analyzer.h: Likewise.
408 * call-string.cc: Likewise.
409
410 2020-09-23 David Malcolm <dmalcolm@redhat.com>
411
412 * engine.cc (exploded_node::on_stmt): Replace sequence of dyn_cast
413 with switch.
414
415 2020-09-22 David Malcolm <dmalcolm@redhat.com>
416
417 * analysis-plan.cc: Include "json.h".
418 * analyzer.opt (fdump-analyzer-json): New.
419 * call-string.cc: Include "json.h".
420 (call_string::to_json): New.
421 * call-string.h (call_string::to_json): New decl.
422 * checker-path.cc: Include "json.h".
423 * constraint-manager.cc: Include "json.h".
424 (equiv_class::to_json): New.
425 (constraint::to_json): New.
426 (constraint_manager::to_json): New.
427 * constraint-manager.h (equiv_class::to_json): New decl.
428 (constraint::to_json): New decl.
429 (constraint_manager::to_json): New decl.
430 * diagnostic-manager.cc: Include "json.h".
431 (saved_diagnostic::to_json): New.
432 (diagnostic_manager::to_json): New.
433 * diagnostic-manager.h (saved_diagnostic::to_json): New decl.
434 (diagnostic_manager::to_json): New decl.
435 * engine.cc: Include "json.h", <zlib.h>.
436 (exploded_node::status_to_str): New.
437 (exploded_node::to_json): New.
438 (exploded_edge::to_json): New.
439 (exploded_graph::to_json): New.
440 (dump_analyzer_json): New.
441 (impl_run_checkers): Call it.
442 * exploded-graph.h (exploded_node::status_to_str): New decl.
443 (exploded_node::to_json): New.
444 (exploded_edge::to_json): New.
445 (exploded_graph::to_json): New.
446 * pending-diagnostic.cc: Include "json.h".
447 * program-point.cc: Include "json.h".
448 (program_point::to_json): New.
449 * program-point.h (program_point::to_json): New decl.
450 * program-state.cc: Include "json.h".
451 (extrinsic_state::to_json): New.
452 (sm_state_map::to_json): New.
453 (program_state::to_json): New.
454 * program-state.h (extrinsic_state::to_json): New decl.
455 (sm_state_map::to_json): New decl.
456 (program_state::to_json): New decl.
457 * region-model-impl-calls.cc: Include "json.h".
458 * region-model-manager.cc: Include "json.h".
459 * region-model-reachability.cc: Include "json.h".
460 * region-model.cc: Include "json.h".
461 * region-model.h (svalue::to_json): New decl.
462 (region::to_json): New decl.
463 * region.cc: Include "json.h".
464 (region::to_json: New.
465 * sm-file.cc: Include "json.h".
466 * sm-malloc.cc: Include "json.h".
467 * sm-pattern-test.cc: Include "json.h".
468 * sm-sensitive.cc: Include "json.h".
469 * sm-signal.cc: Include "json.h".
470 (signal_delivery_edge_info_t::to_json): New.
471 * sm-taint.cc: Include "json.h".
472 * sm.cc: Include "diagnostic.h", "tree-diagnostic.h", and
473 "json.h".
474 (state_machine::state::to_json): New.
475 (state_machine::to_json): New.
476 * sm.h (state_machine::state::to_json): New.
477 (state_machine::to_json): New.
478 * state-purge.cc: Include "json.h".
479 * store.cc: Include "json.h".
480 (binding_key::get_desc): New.
481 (binding_map::to_json): New.
482 (binding_cluster::to_json): New.
483 (store::to_json): New.
484 * store.h (binding_key::get_desc): New decl.
485 (binding_map::to_json): New decl.
486 (binding_cluster::to_json): New decl.
487 (store::to_json): New decl.
488 * supergraph.cc: Include "json.h".
489 (supergraph::to_json): New.
490 (supernode::to_json): New.
491 (superedge::to_json): New.
492 * supergraph.h (supergraph::to_json): New decl.
493 (supernode::to_json): New decl.
494 (superedge::to_json): New decl.
495 * svalue.cc: Include "json.h".
496 (svalue::to_json): New.
497
498 2020-09-21 David Malcolm <dmalcolm@redhat.com>
499
500 PR analyzer/97130
501 * region-model-impl-calls.cc (call_details::get_arg_type): New.
502 * region-model.cc (region_model::on_call_pre): Check that the
503 initial arg is a pointer before calling impl_call_memset and
504 impl_call_strlen.
505 * region-model.h (call_details::get_arg_type): New decl.
506
507 2020-09-21 David Malcolm <dmalcolm@redhat.com>
508
509 PR analyzer/93355
510 * sm-malloc.cc (malloc_state_machine::get_default_state): Look at
511 the base region when considering pointers. Treat pointers to
512 decls as being non-heap.
513
514 2020-09-18 David Malcolm <dmalcolm@redhat.com>
515
516 * checker-path.cc (warning_event::get_desc): Handle global state
517 changes.
518
519 2020-09-18 David Malcolm <dmalcolm@redhat.com>
520
521 * sm-malloc.cc (malloc_state_machine::on_stmt): Handle strdup and
522 strndup as being malloc-like allocators.
523
524 2020-09-16 David Malcolm <dmalcolm@redhat.com>
525
526 * engine.cc (strongly_connected_components::strong_connect): Only
527 consider intraprocedural edges when creating SCCs.
528 (worklist::key_t::cmp): Add comment. Treat call_string
529 differences as more important than differences of program_point
530 within a supernode.
531
532 2020-09-16 David Malcolm <dmalcolm@redhat.com>
533
534 * engine.cc (supernode_cluster::dump_dot): Show the SCC id
535 in the per-supernode clusters in FILENAME.eg.dot output.
536 (exploded_graph_annotator::add_node_annotations):
537 Show the SCC of the supernode in FILENAME.supernode.eg.dot output.
538 * exploded-graph.h (worklist::scc_id): New.
539 (exploded_graph::get_scc_id): New.
540
541 2020-09-16 David Malcolm <dmalcolm@redhat.com>
542
543 * engine.cc (exploded_node::dump_dot): Show STATUS_BULK_MERGED.
544 (exploded_graph::process_worklist): Call
545 maybe_process_run_of_before_supernode_enodes.
546 (exploded_graph::maybe_process_run_of_before_supernode_enodes):
547 New.
548 (exploded_graph_annotator::print_enode): Show STATUS_BULK_MERGED.
549 * exploded-graph.h (enum exploded_node::status): Add
550 STATUS_BULK_MERGED.
551
552 2020-09-16 David Malcolm <dmalcolm@redhat.com>
553
554 * engine.cc
555 (exploded_graph::process_node) <case PK_BEFORE_SUPERNODE>:
556 Simplify by using program_point::get_next.
557 * program-point.cc (program_point::get_next): New.
558 * program-point.h (program_point::get_next): New decl.
559
560 2020-09-16 David Malcolm <dmalcolm@redhat.com>
561
562 * engine.cc (exploded_graph::get_or_create_node): Show the
563 program point when issuing -Wanalyzer-too-complex due to hitting
564 the per-program-point limit.
565
566 2020-09-16 David Malcolm <dmalcolm@redhat.com>
567
568 * region-model.cc (region_model::on_call_pre): Treat getchar as
569 having no side-effects.
570
571 2020-09-15 David Malcolm <dmalcolm@redhat.com>
572
573 PR analyzer/96650
574 * constraint-manager.cc (merger_fact_visitor::on_fact): Replace
575 assertion that add_constraint succeeded with an assertion that
576 if it fails, -fanalyzer-transitivity is off.
577
578 2020-09-14 David Malcolm <dmalcolm@redhat.com>
579
580 * analyzer.opt (-param=analyzer-max-constraints=): New param.
581 * constraint-manager.cc
582 (constraint_manager::add_constraint_internal): Silently reject
583 attempts to add constraints when the above limit is reached.
584
585 2020-09-14 David Malcolm <dmalcolm@redhat.com>
586
587 PR analyzer/96653
588 * constraint-manager.cc
589 (constraint_manager::get_or_add_equiv_class): Don't accumulate
590 transitive closure of all constraints on constants.
591
592 2020-09-14 David Malcolm <dmalcolm@redhat.com>
593
594 PR analyzer/97029
595 * analyzer.cc (is_setjmp_call_p): Require the initial arg to be a
596 pointer.
597 * region-model.cc (region_model::deref_rvalue): Assert that the
598 svalue is of pointer type.
599
600 2020-09-11 David Malcolm <dmalcolm@redhat.com>
601
602 PR analyzer/96798
603 * region-model-impl-calls.cc (region_model::impl_call_memcpy):
604 New.
605 (region_model::impl_call_strcpy): New.
606 * region-model.cc (region_model::on_call_pre): Flag unhandled
607 builtins that are non-pure as having unknown side-effects.
608 Implement BUILT_IN_MEMCPY, BUILT_IN_MEMCPY_CHK, BUILT_IN_STRCPY,
609 BUILT_IN_STRCPY_CHK, BUILT_IN_FPRINTF, BUILT_IN_FPRINTF_UNLOCKED,
610 BUILT_IN_PUTC, BUILT_IN_PUTC_UNLOCKED, BUILT_IN_FPUTC,
611 BUILT_IN_FPUTC_UNLOCKED, BUILT_IN_FPUTS, BUILT_IN_FPUTS_UNLOCKED,
612 BUILT_IN_FWRITE, BUILT_IN_FWRITE_UNLOCKED, BUILT_IN_PRINTF,
613 BUILT_IN_PRINTF_UNLOCKED, BUILT_IN_PUTCHAR,
614 BUILT_IN_PUTCHAR_UNLOCKED, BUILT_IN_PUTS, BUILT_IN_PUTS_UNLOCKED,
615 BUILT_IN_VFPRINTF, BUILT_IN_VPRINTF.
616 * region-model.h (region_model::impl_call_memcpy): New decl.
617 (region_model::impl_call_strcpy): New decl.
618
619 2020-09-09 David Malcolm <dmalcolm@redhat.com>
620
621 PR analyzer/94355
622 * analyzer.opt (Wanalyzer-mismatching-deallocation): New warning.
623 * region-model-impl-calls.cc
624 (region_model::impl_call_operator_new): New.
625 (region_model::impl_call_operator_delete): New.
626 * region-model.cc (region_model::on_call_pre): Detect operator new
627 and operator delete.
628 (region_model::on_call_post): Likewise.
629 (region_model::maybe_update_for_edge): Detect EH edges and call...
630 (region_model::apply_constraints_for_exception): New function.
631 * region-model.h (region_model::impl_call_operator_new): New decl.
632 (region_model::impl_call_operator_delete): New decl.
633 (region_model::apply_constraints_for_exception): New decl.
634 * sm-malloc.cc (enum resource_state): New.
635 (struct allocation_state): New state subclass.
636 (enum wording): New.
637 (struct api): New.
638 (malloc_state_machine::custom_data_t): New typedef.
639 (malloc_state_machine::add_state): New decl.
640 (malloc_state_machine::m_unchecked)
641 (malloc_state_machine::m_nonnull)
642 (malloc_state_machine::m_freed): Delete these states in favor
643 of...
644 (malloc_state_machine::m_malloc)
645 (malloc_state_machine::m_scalar_new)
646 (malloc_state_machine::m_vector_new): ...this new api instances,
647 which own their own versions of these states.
648 (malloc_state_machine::on_allocator_call): New decl.
649 (malloc_state_machine::on_deallocator_call): New decl.
650 (api::api): New ctor.
651 (dyn_cast_allocation_state): New.
652 (as_a_allocation_state): New.
653 (get_rs): New.
654 (unchecked_p): New.
655 (nonnull_p): New.
656 (freed_p): New.
657 (malloc_diagnostic::describe_state_change): Use unchecked_p and
658 nonnull_p.
659 (class mismatching_deallocation): New.
660 (double_free::double_free): Add funcname param for initializing
661 m_funcname.
662 (double_free::emit): Use m_funcname in warning message rather
663 than hardcoding "free".
664 (double_free::describe_state_change): Likewise. Use freed_p.
665 (double_free::describe_call_with_state): Use freed_p.
666 (double_free::describe_final_event): Use m_funcname in message
667 rather than hardcoding "free".
668 (double_free::m_funcname): New field.
669 (possible_null::describe_state_change): Use unchecked_p.
670 (possible_null::describe_return_of_state): Likewise.
671 (use_after_free::use_after_free): Add param for initializing m_api.
672 (use_after_free::emit): Use m_api->m_dealloc_funcname in message
673 rather than hardcoding "free".
674 (use_after_free::describe_state_change): Use freed_p. Change the
675 wording of the message based on the API.
676 (use_after_free::describe_final_event): Use
677 m_api->m_dealloc_funcname in message rather than hardcoding
678 "free". Change the wording of the message based on the API.
679 (use_after_free::m_api): New field.
680 (malloc_leak::describe_state_change): Use unchecked_p. Update
681 for renaming of m_malloc_event to m_alloc_event.
682 (malloc_leak::describe_final_event): Update for renaming of
683 m_malloc_event to m_alloc_event.
684 (malloc_leak::m_malloc_event): Rename...
685 (malloc_leak::m_alloc_event): ...to this.
686 (free_of_non_heap::free_of_non_heap): Add param for initializing
687 m_funcname.
688 (free_of_non_heap::emit): Use m_funcname in message rather than
689 hardcoding "free".
690 (free_of_non_heap::describe_final_event): Likewise.
691 (free_of_non_heap::m_funcname): New field.
692 (allocation_state::dump_to_pp): New.
693 (allocation_state::get_nonnull): New.
694 (malloc_state_machine::malloc_state_machine): Update for changes
695 to state fields and new api fields.
696 (malloc_state_machine::add_state): New.
697 (malloc_state_machine::on_stmt): Move malloc/calloc handling to
698 on_allocator_call and call it, passing in the API pointer.
699 Likewise for free, moving it to on_deallocator_call. Handle calls
700 to operator new and delete in an analogous way. Use unchecked_p
701 when testing for possibly-null-arg and possibly-null-deref, and
702 transition to the non-null for the correct API. Remove redundant
703 node param from call to on_zero_assignment. Use freed_p for
704 use-after-free check, and pass in API.
705 (malloc_state_machine::on_allocator_call): New, based on code in
706 on_stmt.
707 (malloc_state_machine::on_deallocator_call): Likewise.
708 (malloc_state_machine::on_phi): Mark node param with
709 ATTRIBUTE_UNUSED; don't pass it to on_zero_assignment.
710 (malloc_state_machine::on_condition): Mark node param with
711 ATTRIBUTE_UNUSED. Replace on_transition calls with get_state and
712 set_next_state pairs, transitioning to the non-null state for the
713 appropriate API.
714 (malloc_state_machine::can_purge_p): Port to new state approach.
715 (malloc_state_machine::on_zero_assignment): Replace on_transition
716 calls with get_state and set_next_state pairs. Drop redundant
717 node param.
718 * sm.h (state_machine::add_custom_state): New.
719
720 2020-09-09 David Malcolm <dmalcolm@redhat.com>
721
722 * diagnostic-manager.cc
723 (null_assignment_sm_context::warn_for_state): Replace with...
724 (null_assignment_sm_context::warn): ...this.
725 * engine.cc (impl_sm_context::warn_for_state): Replace with...
726 (impl_sm_context::warn): ...this.
727 * sm-file.cc (fileptr_state_machine::on_stmt): Replace
728 warn_for_state and on_transition calls with a get_state
729 test guarding warn and set_next_state calls.
730 * sm-malloc.cc (malloc_state_machine::on_stmt): Likewise.
731 * sm-pattern-test.cc (pattern_test_state_machine::on_condition):
732 Replace warn_for_state call with warn call.
733 * sm-sensitive.cc
734 (sensitive_state_machine::warn_for_any_exposure): Replace
735 warn_for_state call with a get_state test guarding a warn call.
736 * sm-signal.cc (signal_state_machine::on_stmt): Likewise.
737 * sm-taint.cc (taint_state_machine::on_stmt): Replace
738 warn_for_state and on_transition calls with a get_state
739 test guarding warn and set_next_state calls.
740 * sm.h (sm_context::warn_for_state): Replace with...
741 (sm_context::warn): ...this.
742
743 2020-09-09 David Malcolm <dmalcolm@redhat.com>
744
745 * diagnostic-manager.cc
746 (null_assignment_sm_context::null_assignment_sm_context): Add old_state
747 and ext_state params, initializing m_old_state and m_ext_state.
748 (null_assignment_sm_context::on_transition): Split into...
749 (null_assignment_sm_context::get_state): ...this new vfunc
750 implementation and...
751 (null_assignment_sm_context::set_next_state): ...this new vfunc
752 implementation.
753 (null_assignment_sm_context::m_old_state): New field.
754 (null_assignment_sm_context::m_ext_state): New field.
755 (diagnostic_manager::add_events_for_eedge): Pass in old state and
756 ext_state when creating sm_ctxt.
757 * engine.cc (impl_sm_context::on_transition): Split into...
758 (impl_sm_context::get_state): ...this new vfunc
759 implementation and...
760 (impl_sm_context::set_next_state): ...this new vfunc
761 implementation.
762 * sm.h (sm_context::get_state): New pure virtual function.
763 (sm_context::set_next_state): Likewise.
764 (sm_context::on_transition): Convert from a pure virtual function
765 to a regular function implemented in terms of get_state and
766 set_next_state.
767
768 2020-09-09 David Malcolm <dmalcolm@redhat.com>
769
770 * checker-path.cc (state_change_event::get_desc): Update
771 state_machine::get_state_name calls to state::get_name.
772 (warning_event::get_desc): Likewise.
773 * diagnostic-manager.cc
774 (null_assignment_sm_context::on_transition): Update comparison
775 against 0 with comparison with m_sm.get_start_state.
776 (diagnostic_manager::prune_for_sm_diagnostic): Update
777 state_machine::get_state_name calls to state::get_name.
778 * engine.cc (impl_sm_context::on_transition): Likewise.
779 (exploded_node::get_dot_fillcolor): Use get_id when summing
780 the sm states.
781 * program-state.cc (sm_state_map::sm_state_map): Don't hardcode
782 0 as the start state when initializing m_global_state.
783 (sm_state_map::print): Use dump_to_pp rather than get_state_name
784 when dumping states.
785 (sm_state_map::is_empty_p): Don't hardcode 0 as the start state
786 when examining m_global_state.
787 (sm_state_map::hash): Use get_id when hashing states.
788 (selftest::test_sm_state_map): Use state objects rather than
789 arbitrary hardcoded integers.
790 (selftest::test_program_state_merging): Likewise.
791 (selftest::test_program_state_merging_2): Likewise.
792 * sm-file.cc (fileptr_state_machine::m_start): Move to base class.
793 (file_diagnostic::describe_state_change): Use get_start_state.
794 (fileptr_state_machine::fileptr_state_machine): Drop m_start
795 initialization.
796 * sm-malloc.cc (malloc_state_machine::m_start): Move to base
797 class.
798 (malloc_diagnostic::describe_state_change): Use get_start_state.
799 (possible_null::describe_state_change): Likewise.
800 (malloc_state_machine::malloc_state_machine): Drop m_start
801 initialization.
802 * sm-pattern-test.cc (pattern_test_state_machine::m_start): Move
803 to base class.
804 (pattern_test_state_machine::pattern_test_state_machine): Drop
805 m_start initialization.
806 * sm-sensitive.cc (sensitive_state_machine::m_start): Move to base
807 class.
808 (sensitive_state_machine::sensitive_state_machine): Drop m_start
809 initialization.
810 * sm-signal.cc (signal_state_machine::m_start): Move to base
811 class.
812 (signal_state_machine::signal_state_machine): Drop m_start
813 initialization.
814 * sm-taint.cc (taint_state_machine::m_start): Move to base class.
815 (taint_state_machine::taint_state_machine): Drop m_start
816 initialization.
817 * sm.cc (state_machine::state::dump_to_pp): New.
818 (state_machine::state_machine): Move here from sm.h. Initialize
819 m_next_state_id and m_start.
820 (state_machine::add_state): Reimplement in terms of state objects.
821 (state_machine::get_state_name): Delete.
822 (state_machine::get_state_by_name): Reimplement in terms of state
823 objects. Make const.
824 (state_machine::validate): Delete.
825 (state_machine::dump_to_pp): Reimplement in terms of state
826 objects.
827 * sm.h (state_machine::state): New class.
828 (state_machine::state_t): Convert typedef from "unsigned" to
829 "const state_machine::state *".
830 (state_machine::state_machine): Move to sm.cc.
831 (state_machine::get_default_state): Use m_start rather than
832 hardcoding 0.
833 (state_machine::get_state_name): Delete.
834 (state_machine::get_state_by_name): Make const.
835 (state_machine::get_start_state): New accessor.
836 (state_machine::alloc_state_id): New.
837 (state_machine::m_state_names): Drop in favor of...
838 (state_machine::m_states): New field
839 (state_machine::m_start): New field
840 (start_start_p): Delete.
841
842 2020-09-08 David Malcolm <dmalcolm@redhat.com>
843
844 PR analyzer/96949
845 * store.cc (binding_map::apply_ctor_val_to_range): Add
846 error-handling for the cases where we have symbolic offsets.
847
848 2020-09-08 David Malcolm <dmalcolm@redhat.com>
849
850 PR analyzer/96950
851 * store.cc (binding_map::apply_ctor_to_region): Handle RANGE_EXPR
852 where min_index == max_index.
853 (binding_map::apply_ctor_val_to_range): Replace assertion that we
854 don't have a CONSTRUCTOR value with error-handling.
855
856 2020-09-08 David Malcolm <dmalcolm@redhat.com>
857
858 PR analyzer/96962
859 * region-model.cc (region_model::on_call_pre): Fix guard on switch
860 on built-ins to only consider BUILT_IN_NORMAL, rather than other
861 kinds of build-ins.
862
863 2020-09-01 David Malcolm <dmalcolm@redhat.com>
864
865 PR analyzer/96792
866 * region-model.cc (region_model::deref_rvalue): Add the constraint
867 that PTR_SVAL is non-NULL.
868
869 2020-08-31 David Malcolm <dmalcolm@redhat.com>
870
871 PR analyzer/96798
872 * region-model.cc (region_model::on_call_pre): Handle
873 BUILT_IN_MEMSET_CHK.
874
875 2020-08-31 David Malcolm <dmalcolm@redhat.com>
876
877 * region-model.cc (region_model::on_call_pre): Gather handling of
878 builtins and of internal fns into switch statements. Handle
879 "alloca" and BUILT_IN_ALLOCA_WITH_ALIGN.
880
881 2020-08-31 David Malcolm <dmalcolm@redhat.com>
882
883 PR analyzer/96860
884 * region.cc (decl_region::get_svalue_for_constructor): Support
885 apply_ctor_to_region failing.
886 * store.cc (binding_map::apply_ctor_to_region): Add failure
887 handling.
888 (binding_map::apply_ctor_val_to_range): Likewise.
889 (binding_map::apply_ctor_pair_to_child_region): Likewise. Replace
890 assertion that child_base_offset is not symbolic with error
891 handling.
892 * store.h (binding_map::apply_ctor_to_region): Convert return type
893 from void to bool.
894 (binding_map::apply_ctor_val_to_range): Likewise.
895 (binding_map::apply_ctor_pair_to_child_region): Likewise.
896
897 2020-08-31 David Malcolm <dmalcolm@redhat.com>
898
899 PR analyzer/96763
900 * store.cc (binding_map::apply_ctor_to_region): Handle RANGE_EXPR
901 by calling a new binding_map::apply_ctor_val_to_range subroutine.
902 Split out the existing non-CONSTRUCTOR-handling code to a new
903 apply_ctor_pair_to_child_region subroutine.
904 (binding_map::apply_ctor_val_to_range): New.
905 (binding_map::apply_ctor_pair_to_child_region): New, split out
906 from binding_map::apply_ctor_to_region as noted above.
907 * store.h (binding_map::apply_ctor_val_to_range): New decl.
908 (binding_map::apply_ctor_pair_to_child_region): New decl.
909
910 2020-08-31 David Malcolm <dmalcolm@redhat.com>
911
912 PR analyzer/96764
913 * region-model-manager.cc
914 (region_model_manager::maybe_fold_unaryop): Handle VIEW_CONVERT_EXPR.
915 (region_model_manager::get_or_create_cast): Move logic for
916 real->integer casting to...
917 (get_code_for_cast): ...this new function, and add logic for
918 real->non-integer casts.
919 (region_model_manager::maybe_fold_sub_svalue): Handle
920 VIEW_CONVERT_EXPR.
921 * region-model.cc
922 (region_model::add_any_constraints_from_gassign): Likewise.
923 * svalue.cc (svalue::maybe_undo_cast): Likewise.
924 (unaryop_svalue::dump_to_pp): Likewise.
925
926 2020-08-26 David Malcolm <dmalcolm@redhat.com>
927
928 PR analyzer/94858
929 * region-model-manager.cc
930 (region_model_manager::get_or_create_widening_svalue): Assert that
931 neither of the inputs are themselves widenings.
932 * store.cc (store::eval_alias_1): The initial value of a pointer
933 can't point to a region that was allocated on the heap after the
934 beginning of the path. A widened pointer value can't alias anything
935 that the initial pointer value can't alias.
936 * svalue.cc (svalue::can_merge_p): Merge BINOP (X, OP, CST) with X
937 to a widening svalue. Merge
938 BINOP(WIDENING(BASE, BINOP(BASE, X)), X) and BINOP(BASE, X) to
939 to the LHS of the first BINOP.
940
941 2020-08-26 David Malcolm <dmalcolm@redhat.com>
942
943 PR analyzer/96777
944 * region-model.h (class compound_svalue): Document that all keys
945 must be concrete.
946 (compound_svalue::compound_svalue): Move definition to svalue.cc.
947 * store.cc (binding_map::apply_ctor_to_region): Handle
948 initializers for trailing arrays with incomplete size.
949 * svalue.cc (compound_svalue::compound_svalue): Move definition
950 here from region-model.h. Add assertion that all keys are
951 concrete.
952
953 2020-08-22 David Malcolm <dmalcolm@redhat.com>
954
955 PR analyzer/94851
956 * region-model-manager.cc
957 (region_model_manager::maybe_fold_binop): Fold bitwise "& 0" to 0.
958
959 2020-08-22 David Malcolm <dmalcolm@redhat.com>
960
961 * store.cc (store::eval_alias): Make const. Split out 2nd half
962 into store::eval_alias_1 and call it twice for symmetry, avoiding
963 test duplication.
964 (store::eval_alias_1): New function, split out from the above.
965 * store.h (store::eval_alias): Make const.
966 (store::eval_alias_1): New decl.
967
968 2020-08-22 David Malcolm <dmalcolm@redhat.com>
969
970 * region-model.cc (region_model::push_frame): Bind the default
971 SSA name for each parm if it exists, falling back to the parm
972 itself otherwise, rather than doing both.
973
974 2020-08-20 David Malcolm <dmalcolm@redhat.com>
975
976 PR analyzer/96723
977 * region-model-manager.cc
978 (region_model_manager::get_field_region): Assert that field is a
979 FIELD_DECL.
980 * region.cc (region::get_subregions_for_binding): In
981 union-handling, filter the TYPE_FIELDS traversal to just FIELD_DECLs.
982
983 2020-08-20 David Malcolm <dmalcolm@redhat.com>
984
985 PR analyzer/96713
986 * region-model.cc (region_model::get_gassign_result): For
987 comparisons, only use eval_condition when the lhs has boolean
988 type, and use get_or_create_constant_svalue on the boolean
989 constants directly rather than via get_rvalue.
990
991 2020-08-19 David Malcolm <dmalcolm@redhat.com>
992
993 PR analyzer/96643
994 * region-model.cc (region_model::deref_rvalue): Rather than
995 attempting to handle all svalue kinds in the switch, only cover
996 the special cases, and move symbolic-region handling to after
997 the switch, thus implicitly handling the missing case SK_COMPOUND.
998
999 2020-08-19 David Malcolm <dmalcolm@redhat.com>
1000
1001 PR analyzer/96705
1002 * region-model-manager.cc
1003 (region_model_manager::maybe_fold_binop): Check that we have an
1004 integral type before calling build_int_cst.
1005
1006 2020-08-19 David Malcolm <dmalcolm@redhat.com>
1007
1008 PR analyzer/96699
1009 * region-model-manager.cc
1010 (region_model_manager::get_or_create_cast): Use FIX_TRUNC_EXPR for
1011 casting from REAL_TYPE to INTEGER_TYPE.
1012
1013 2020-08-19 David Malcolm <dmalcolm@redhat.com>
1014
1015 PR analyzer/96651
1016 * region-model.cc (region_model::called_from_main_p): New.
1017 (region_model::get_store_value): Move handling for globals into...
1018 (region_model::get_initial_value_for_global): ...this new
1019 function, and add logic for extracting values from decl
1020 initializers.
1021 * region-model.h (decl_region::get_svalue_for_constructor): New
1022 decl.
1023 (decl_region::get_svalue_for_initializer): New decl.
1024 (region_model::called_from_main_p): New decl.
1025 (region_model::get_initial_value_for_global): New.
1026 * region.cc (decl_region::maybe_get_constant_value): Move logic
1027 for getting an svalue from a CONSTRUCTOR node to...
1028 (decl_region::get_svalue_for_constructor): ...this new function.
1029 (decl_region::get_svalue_for_initializer): New.
1030 * store.cc (get_svalue_for_ctor_val): Rewrite in terms of
1031 region_model::get_rvalue.
1032 * store.h (binding_cluster::get_map): New accessor.
1033
1034 2020-08-19 David Malcolm <dmalcolm@redhat.com>
1035
1036 PR analyzer/96648
1037 * region.cc (get_field_at_bit_offset): Gracefully handle negative
1038 values for bit_offset.
1039
1040 2020-08-18 David Malcolm <dmalcolm@redhat.com>
1041
1042 * region-model.cc (region_model::get_rvalue_1): Fix name of local.
1043
1044 2020-08-18 David Malcolm <dmalcolm@redhat.com>
1045
1046 PR analyzer/96641
1047 * region-model.cc (region_model::get_rvalue_1): Handle
1048 unrecognized tree codes by returning "UNKNOWN.
1049
1050 2020-08-18 David Malcolm <dmalcolm@redhat.com>
1051
1052 PR analyzer/96640
1053 * region-model.cc (region_model::get_gassign_result): Handle various
1054 VEC_* tree codes by returning UNKNOWN.
1055 (region_model::on_assignment): Handle unrecognized tree codes by
1056 setting lhs to an unknown value, rather than issuing a "sorry" and
1057 asserting.
1058
1059 2020-08-17 David Malcolm <dmalcolm@redhat.com>
1060
1061 PR analyzer/96644
1062 * region-model-manager.cc (get_region_for_unexpected_tree_code):
1063 Handle ctxt being NULL.
1064
1065 2020-08-17 David Malcolm <dmalcolm@redhat.com>
1066
1067 PR analyzer/96639
1068 * region.cc (region::get_subregions_for_binding): Check for "type"
1069 being NULL.
1070
1071 2020-08-17 David Malcolm <dmalcolm@redhat.com>
1072
1073 PR analyzer/96642
1074 * store.cc (get_svalue_for_ctor_val): New.
1075 (binding_map::apply_ctor_to_region): Call it.
1076
1077 2020-08-14 David Malcolm <dmalcolm@redhat.com>
1078
1079 PR testsuite/96609
1080 PR analyzer/96616
1081 * region-model.cc (region_model::get_store_value): Call
1082 maybe_get_constant_value on decl_regions first.
1083 * region-model.h (decl_region::maybe_get_constant_value): New decl.
1084 * region.cc (decl_region::get_stack_depth): Likewise.
1085 (decl_region::maybe_get_constant_value): New.
1086 * store.cc (get_subregion_within_ctor): New.
1087 (binding_map::apply_ctor_to_region): New.
1088 * store.h (binding_map::apply_ctor_to_region): New decl.
1089
1090 2020-08-14 David Malcolm <dmalcolm@redhat.com>
1091
1092 PR analyzer/96611
1093 * store.cc (store::mark_as_escaped): Reject attempts to
1094 get a cluster for an unknown pointer.
1095
1096 2020-08-13 David Malcolm <dmalcolm@redhat.com>
1097
1098 PR analyzer/93032
1099 PR analyzer/93938
1100 PR analyzer/94011
1101 PR analyzer/94099
1102 PR analyzer/94399
1103 PR analyzer/94458
1104 PR analyzer/94503
1105 PR analyzer/94640
1106 PR analyzer/94688
1107 PR analyzer/94689
1108 PR analyzer/94839
1109 PR analyzer/95026
1110 PR analyzer/95042
1111 PR analyzer/95240
1112 * analyzer-logging.cc: Ignore "-Wformat-diag".
1113 (logger::enter_scope): Use inc_indent in both overloads.
1114 (logger::exit_scope): Use dec_indent.
1115 * analyzer-logging.h (logger::inc_indent): New.
1116 (logger::dec_indent): New.
1117 * analyzer-selftests.cc (run_analyzer_selftests): Call
1118 analyzer_store_cc_tests.
1119 * analyzer-selftests.h (analyzer_store_cc_tests): New decl.
1120 * analyzer.cc (get_stmt_location): New function.
1121 * analyzer.h (class initial_svalue): New forward decl.
1122 (class unaryop_svalue): New forward decl.
1123 (class binop_svalue): New forward decl.
1124 (class sub_svalue): New forward decl.
1125 (class unmergeable_svalue): New forward decl.
1126 (class placeholder_svalue): New forward decl.
1127 (class widening_svalue): New forward decl.
1128 (class compound_svalue): New forward decl.
1129 (class conjured_svalue): New forward decl.
1130 (svalue_set): New typedef.
1131 (class map_region): Delete.
1132 (class array_region): Delete.
1133 (class frame_region): New forward decl.
1134 (class function_region): New forward decl.
1135 (class label_region): New forward decl.
1136 (class decl_region): New forward decl.
1137 (class element_region): New forward decl.
1138 (class offset_region): New forward decl.
1139 (class cast_region): New forward decl.
1140 (class field_region): New forward decl.
1141 (class string_region): New forward decl.
1142 (class region_model_manager): New forward decl.
1143 (class store_manager): New forward decl.
1144 (class store): New forward decl.
1145 (class call_details): New forward decl.
1146 (struct svalue_id_merger_mapping): Delete.
1147 (struct canonicalization): Delete.
1148 (class function_point): New forward decl.
1149 (class engine): New forward decl.
1150 (dump_tree): New function decl.
1151 (print_quoted_type): New function decl.
1152 (readability_comparator): New function decl.
1153 (tree_cmp): New function decl.
1154 (class path_var): Move here from region-model.h
1155 (bit_offset_t, bit_size_t, byte_size_t): New typedefs.
1156 (class region_offset): New class.
1157 (get_stmt_location): New decl.
1158 (struct member_function_hash_traits): New struct.
1159 (class consolidation_map): New class.
1160 Ignore "-Wformat-diag".
1161 * analyzer.opt (-param=analyzer-max-svalue-depth=): New param.
1162 (-param=analyzer-max-enodes-for-full-dump=): New param.
1163 * call-string.cc: Ignore -Wformat-diag.
1164 * checker-path.cc: Move includes of "analyzer/call-string.h" and
1165 "analyzer/program-point.h" to before "analyzer/region-model.h",
1166 and also include "analyzer/store.h" before it.
1167 (state_change_event::state_change_event): Replace "tree var" param
1168 with "const svalue *sval". Convert "origin" param from tree to
1169 "const svalue *".
1170 (state_change_event::get_desc): Call get_representative_tree to
1171 convert the var and origin from const svalue * to tree. Use
1172 svalue::get_desc rather than %qE when describing state changes.
1173 (checker_path::add_final_event): Use get_stmt_location.
1174 * checker-path.h (state_change_event::state_change_event): Port
1175 from tree to const svalue *.
1176 (state_change_event::get_lvalue): Delete.
1177 (state_change_event::get_dest_function): New.
1178 (state_change_event::m_var): Replace with...
1179 (state_change_event::m_sval): ...this.
1180 (state_change_event::m_origin): Convert from tree to
1181 const svalue *.
1182 * constraint-manager.cc: Include "analyzer/call-string.h",
1183 "analyzer/program-point.h", and "analyzer/store.h" before
1184 "analyzer/region-model.h".
1185 (struct bound, struct range): Move to constraint-manager.h.
1186 (compare_constants): New function.
1187 (range::dump): Rename to...
1188 (range::dump_to_pp): ...this. Support NULL constants.
1189 (range::dump): Reintroduce for dumping to stderr.
1190 (range::constrained_to_single_element): Return result, rather than
1191 writing to *OUT.
1192 (range::eval_condition): New.
1193 (range::below_lower_bound): New.
1194 (range::above_upper_bound): New.
1195 (equiv_class::equiv_class): Port from svalue_id to const svalue *.
1196 (equiv_class::print): Likewise.
1197 (equiv_class::hash): Likewise.
1198 (equiv_class::operator==): Port from svalue_id to const svalue *.
1199 (equiv_class::add): Port from svalue_id to const svalue *. Drop
1200 "cm" param.
1201 (equiv_class::del): Port from svalue_id to const svalue *.
1202 (equiv_class::get_representative): Likewise.
1203 (equiv_class::remap_svalue_ids): Delete.
1204 (svalue_id_cmp_by_id): Rename to...
1205 (svalue_cmp_by_ptr): ...this, porting from svalue_id to
1206 const svalue *.
1207 (equiv_class::canonicalize): Update qsort comparator.
1208 (constraint::implied_by): New.
1209 (constraint_manager::constraint_manager): Copy m_mgr in copy ctor.
1210 (constraint_manager::dump_to_pp): Add "multiline" param
1211 (constraint_manager::dump): Pass "true" for "multiline".
1212 (constraint_manager::add_constraint): Port from svalue_id to
1213 const svalue *. Split out second part into...
1214 (constraint_manager::add_unknown_constraint): ...this new
1215 function. Remove self-constraints when merging equivalence
1216 classes.
1217 (constraint_manager::add_constraint_internal): Remove constraints
1218 that would be implied by the new constraint. Port from svalue_id
1219 to const svalue *.
1220 (constraint_manager::get_equiv_class_by_sid): Rename to...
1221 (constraint_manager::get_equiv_class_by_svalue): ...this, porting
1222 from svalue_id to const svalue *.
1223 (constraint_manager::get_or_add_equiv_class): Port from svalue_id
1224 to const svalue *.
1225 (constraint_manager::eval_condition): Make const. Call
1226 compare_constants and return early if it provides a known result.
1227 (constraint_manager::get_ec_bounds): New.
1228 (constraint_manager::eval_condition): New overloads. Make
1229 existing one const, and use compare_constants.
1230 (constraint_manager::purge): Convert "p" param to a template
1231 rather that an abstract base class. Port from svalue_id to
1232 const svalue *.
1233 (class dead_svalue_purger): New class.
1234 (constraint_manager::remap_svalue_ids): Delete.
1235 (constraint_manager::on_liveness_change): New.
1236 (equiv_class_cmp): Port from svalue_id to const svalue *.
1237 (constraint_manager::canonicalize): Likewise. Combine with
1238 purging of redundant equivalence classes and constraints.
1239 (class cleaned_constraint_manager): Delete.
1240 (class merger_fact_visitor): Make "m_cm_b" const. Add "m_merger"
1241 field.
1242 (merger_fact_visitor::fact): Port from svalue_id to const svalue *.
1243 Add special case for widening.
1244 (constraint_manager::merge): Port from svalue_id to const svalue *.
1245 (constraint_manager::clean_merger_input): Delete.
1246 (constraint_manager::for_each_fact): Port from svalue_id to
1247 const svalue *.
1248 (constraint_manager::validate): Likewise.
1249 (selftest::test_constraint_conditions): Provide a
1250 region_model_manager when creating region_model instances.
1251 Add test for self-equality not creating equivalence classes.
1252 (selftest::test_transitivity): Provide a region_model_manager when
1253 creating region_model instances. Verify that EC-merging happens
1254 when constraints are implied.
1255 (selftest::test_constant_comparisons): Provide a
1256 region_model_manager when creating region_model instances.
1257 (selftest::test_constraint_impl): Likewise. Remove over-specified
1258 assertions.
1259 (selftest::test_equality): Provide a region_model_manager when
1260 creating region_model instances.
1261 (selftest::test_many_constants): Likewise. Provide a
1262 program_point when testing merging.
1263 (selftest::run_constraint_manager_tests): Move call to
1264 test_constant_comparisons to outside the transitivity guard.
1265 * constraint-manager.h (struct bound): Move here from
1266 constraint-manager.cc.
1267 (struct range): Likewise.
1268 (struct::eval_condition): New decl.
1269 (struct::below_lower_bound): New decl.
1270 (struct::above_upper_bound): New decl.
1271 (equiv_class::add): Port from svalue_id to const svalue *.
1272 (equiv_class::del): Likewise.
1273 (equiv_class::get_representative): Likewise.
1274 (equiv_class::remap_svalue_ids): Drop.
1275 (equiv_class::m_cst_sid): Convert to..
1276 (equiv_class::m_cst_sval): ...this.
1277 (equiv_class::m_vars): Port from svalue_id to const svalue *.
1278 (constraint::bool implied_by): New decl.
1279 (fact_visitor::on_fact): Port from svalue_id to const svalue *.
1280 (constraint_manager::constraint_manager): Add mgr param.
1281 (constraint_manager::clone): Delete.
1282 (constraint_manager::maybe_get_constant): Delete.
1283 (constraint_manager::get_sid_for_constant): Delete.
1284 (constraint_manager::get_num_svalues): Delete.
1285 (constraint_manager::dump_to_pp): Add "multiline" param.
1286 (constraint_manager::get_equiv_class): Port from svalue_id to
1287 const svalue *.
1288 (constraint_manager::add_constraint): Likewise.
1289 (constraint_manager::get_equiv_class_by_sid): Rename to...
1290 (constraint_manager::get_equiv_class_by_svalue): ...this, porting
1291 from svalue_id to const svalue *.
1292 (constraint_manager::add_unknown_constraint): New decl.
1293 (constraint_manager::get_or_add_equiv_class): Port from svalue_id
1294 to const svalue *.
1295 (constraint_manager::eval_condition): Likewise. Add overloads.
1296 (constraint_manager::get_ec_bounds): New decl.
1297 (constraint_manager::purge): Convert to template.
1298 (constraint_manager::remap_svalue_ids): Delete.
1299 (constraint_manager::on_liveness_change): New decl.
1300 (constraint_manager::canonicalize): Drop param.
1301 (constraint_manager::clean_merger_input): Delete.
1302 (constraint_manager::m_mgr): New field.
1303 * diagnostic-manager.cc: Move includes of
1304 "analyzer/call-string.h" and "analyzer/program-point.h" to before
1305 "analyzer/region-model.h", and also include "analyzer/store.h"
1306 before it.
1307 (saved_diagnostic::saved_diagnostic): Add "sval" param.
1308 (diagnostic_manager::diagnostic_manager): Add engine param.
1309 (diagnostic_manager::add_diagnostic): Add "sval" param, passing it
1310 to saved_diagnostic ctor. Update overload to pass NULL for it.
1311 (dedupe_winners::dedupe_winners): Add engine param.
1312 (dedupe_winners::add): Add "eg" param. Pass m_engine to
1313 feasible_p.
1314 (dedupe_winner::m_engine): New field.
1315 (diagnostic_manager::emit_saved_diagnostics): Pass engine to
1316 dedupe_winners. Pass &eg when adding candidates. Pass svalue
1317 rather than tree to prune_path. Use get_stmt_location to get
1318 primary location of diagnostic.
1319 (diagnostic_manager::emit_saved_diagnostic): Likewise.
1320 (get_any_origin): Drop.
1321 (state_change_event_creator::on_global_state_change): Pass NULL
1322 const svalue * rather than NULL_TREE trees to state_change_event
1323 ctor.
1324 (state_change_event_creator::on_state_change): Port from tree and
1325 svalue_id to const svalue *.
1326 (for_each_state_change): Port from svalue_id to const svalue *.
1327 (struct null_assignment_sm_context): New.
1328 (diagnostic_manager::add_events_for_eedge): Add state change
1329 events for assignment to NULL.
1330 (diagnostic_manager::prune_path): Update param from tree to
1331 const svalue *.
1332 (diagnostic_manager::prune_for_sm_diagnostic): Port from tracking
1333 by tree to by const svalue *.
1334 * diagnostic-manager.h (saved_diagnostic::saved_diagnostic): Add sval
1335 param.
1336 (saved_diagnostic::m_sval): New field.
1337 (diagnostic_manager::diagnostic_manager): Add engine param.
1338 (diagnostic_manager::get_engine): New.
1339 (diagnostic_manager::add_diagnostic): Add "sval" param.
1340 (diagnostic_manager::prune_path): Likewise.
1341 (diagnostic_manager::prune_for_sm_diagnostic): New overload.
1342 (diagnostic_manager::m_eng): New field.
1343 * engine.cc: Move includes of "analyzer/call-string.h" and
1344 "analyzer/program-point.h" to before "analyzer/region-model.h",
1345 and also include "analyzer/store.h" before it.
1346 (impl_region_model_context::impl_region_model_context): Update for
1347 removal of m_change field.
1348 (impl_region_model_context::remap_svalue_ids): Delete.
1349 (impl_region_model_context::on_svalue_leak): New.
1350 (impl_region_model_context::on_svalue_purge): Delete.
1351 (impl_region_model_context::on_liveness_change): New.
1352 (impl_region_model_context::on_unknown_change): Update param
1353 from svalue_id to const svalue *. Add is_mutable param.
1354 (setjmp_svalue::compare_fields): Delete.
1355 (setjmp_svalue::accept): New.
1356 (setjmp_svalue::add_to_hash): Delete.
1357 (setjmp_svalue::dump_to_pp): New.
1358 (setjmp_svalue::print_details): Delete.
1359 (impl_sm_context::impl_sm_context): Drop "change" param.
1360 (impl_sm_context::get_fndecl_for_call): Drop "m_change".
1361 (impl_sm_context::on_transition): Drop ATTRIBUTE_UNUSED from
1362 "stmt" param. Drop m_change. Port from svalue_id to
1363 const svalue *.
1364 (impl_sm_context::warn_for_state): Drop m_change. Port from
1365 svalue_id to const svalue *.
1366 (impl_sm_context::get_readable_tree): Rename to...
1367 (impl_sm_context::get_diagnostic_tree): ...this. Port from
1368 svalue_id to const svalue *.
1369 (impl_sm_context::is_zero_assignment): New.
1370 (impl_sm_context::m_change): Delete field.
1371 (leak_stmt_finder::find_stmt): Handle m_var being NULL.
1372 (readability): Increase penalty for MEM_REF. For SSA_NAMEs,
1373 slightly favor the underlying var over the SSA name. Heavily
1374 penalize temporaries. Handle RESULT_DECL.
1375 (readability_comparator): Make non-static. Consider stack depths.
1376 (impl_region_model_context::on_state_leak): Convert from svalue_id
1377 to const svalue *, updating for region_model changes. Use
1378 id_equal.
1379 (impl_region_model_context::on_inherited_svalue): Delete.
1380 (impl_region_model_context::on_cast): Delete.
1381 (impl_region_model_context::on_condition): Drop m_change.
1382 (impl_region_model_context::on_phi): Likewise.
1383 (impl_region_model_context::on_unexpected_tree_code): Handle t
1384 being NULL.
1385 (point_and_state::validate): Update stack checking for
1386 region_model changes.
1387 (eg_traits::dump_args_t::show_enode_details_p): New.
1388 (exploded_node::exploded_node): Initialize m_num_processed_stmts.
1389 (exploded_node::get_processed_stmt): New function.
1390 (exploded_node::get_dot_fillcolor): Add more colors.
1391 (exploded_node::dump_dot): Guard the printing of the point and
1392 state with show_enode_details_p. Print the processed stmts for
1393 this enode after the initial state.
1394 (exploded_node::dump_to_pp): Pass true for new multiline param
1395 of program_state::dump_to_pp.
1396 (exploded_node::on_stmt): Drop "change" param. Log the stmt.
1397 Set input_location. Implement __analyzer_describe. Update
1398 implementation of __analyzer_dump and __analyzer_eval.
1399 Remove purging of sm-state for unknown fncalls from here.
1400 (exploded_node::on_edge): Drop "change" param.
1401 (exploded_node::on_longjmp): Port from region_id/svalue_id to
1402 const region */const svalue *. Call program_state::detect_leaks.
1403 Drop state_change.
1404 (exploded_node::detect_leaks): Update for changes to region_model.
1405 Call program_state::detect_leaks.
1406 (exploded_edge::exploded_edge): Drop ext_state and change params.
1407 (exploded_edge::dump_dot): "args" is no longer used. Drop dumping
1408 of m_change.
1409 (exploded_graph::exploded_graph): Pass engine to
1410 m_diagnostic_manager ctor. Use program_point::origin.
1411 (exploded_graph::add_function_entry): Drop ctxt. Use
1412 program_state::push_frame. Drop state_change.
1413 (exploded_graph::get_or_create_node): Drop "change" param. Add
1414 "enode_for_diag" param. Update dumping calls for API changes.
1415 Pass point to can_merge_with_p. Show enode indices
1416 within -Wanalyzer-too-complex diagnostic for hitting the per-point
1417 limit.
1418 (exploded_graph::add_edge): Drop "change" param. Log which nodes
1419 are being connected. Update for changes to exploded_edge ctor.
1420 (exploded_graph::get_per_program_point_data): New.
1421 (exploded_graph::process_worklist): Pass point to
1422 can_merge_with_p. Drop state_change. Update dumping call for API
1423 change.
1424 (exploded_graph::process_node): Drop state_change. Split the
1425 node in-place if an sm-state-change occurs. Update
1426 m_num_processed_stmts. Update dumping calls for API change.
1427 (exploded_graph::log_stats): Call engine::log_stats.
1428 (exploded_graph::dump_states_for_supernode): Update dumping
1429 call.
1430 (exploded_path::feasible_p): Add "eng" and "eg" params.
1431 Rename "i" to "end_idx". Pass the manager to the region_model
1432 ctor. Update for every processed stmt in the enode, not just the
1433 first. Keep track of which snodes have been visited, and call
1434 loop_replay_fixup when revisiting one.
1435 (enode_label::get_text): Update dump call for new param.
1436 (exploded_graph::dump_exploded_nodes): Likewise.
1437 (exploded_graph::get_node_by_index): New.
1438 (impl_run_checkers): Create engine instance and pass its address
1439 to extrinsic_state ctor.
1440 * exploded-graph.h
1441 (impl_region_model_context::impl_region_model_context): Drop
1442 "change" params.
1443 (impl_region_model_context::void remap_svalue_ids): Delete.
1444 (impl_region_model_context::on_svalue_purge): Delete.
1445 (impl_region_model_context::on_svalue_leak): New.
1446 (impl_region_model_context::on_liveness_change): New.
1447 (impl_region_model_context::on_state_leak): Update signature.
1448 (impl_region_model_context::on_inherited_svalue): Delete.
1449 (impl_region_model_context::on_cast): Delete.
1450 (impl_region_model_context::on_unknown_change): Update signature.
1451 (impl_region_model_context::m_change): Delete.
1452 (eg_traits::dump_args_t::show_enode_details_p): New.
1453 (exploded_node::on_stmt): Drop "change" param.
1454 (exploded_node::on_edge): Likewise.
1455 (exploded_node::get_processed_stmt): New decl.
1456 (exploded_node::m_num_processed_stmts): New field.
1457 (exploded_edge::exploded_edge): Drop ext_state and change params.
1458 (exploded_edge::m_change): Delete.
1459 (exploded_graph::get_engine): New accessor.
1460 (exploded_graph::get_or_create_node): Drop "change" param. Add
1461 "enode_for_diag" param.
1462 (exploded_graph::add_edge): Drop "change" param.
1463 (exploded_graph::get_per_program_point_data): New decl.
1464 (exploded_graph::get_node_by_index): New decl.
1465 (exploded_path::feasible_p): Add "eng" and "eg" params.
1466 * program-point.cc: Include "analyzer/store.h" before including
1467 "analyzer/region-model.h".
1468 (function_point::function_point): Move here from
1469 program-point.h.
1470 (function_point::get_function): Likewise.
1471 (function_point::from_function_entry): Likewise.
1472 (function_point::before_supernode): Likewise.
1473 (function_point::next_stmt): New function.
1474 * program-point.h (function_point::function_point): Move
1475 implementation from here to program-point.cc.
1476 (function_point::get_function): Likewise.
1477 (function_point::from_function_entry): Likewise.
1478 (function_point::before_supernode): Likewise.
1479 (function_point::next_stmt): New decl.
1480 (program_point::operator!=): New.
1481 (program_point::origin): New.
1482 (program_point::next_stmt): New.
1483 (program_point::m_function_point): Make non-const.
1484 * program-state.cc: Move includes of "analyzer/call-string.h" and
1485 "analyzer/program-point.h" to before "analyzer/region-model.h",
1486 and also include "analyzer/store.h" before it.
1487 (extrinsic_state::get_model_manager): New.
1488 (sm_state_map::sm_state_map): Pass in sm and sm_idx to ctor,
1489 rather than pass the around.
1490 (sm_state_map::clone_with_remapping): Delete.
1491 (sm_state_map::print): Remove "sm" param in favor of "m_sm". Add
1492 "simple" and "multiline" params and support multiline vs single
1493 line dumping.
1494 (sm_state_map::dump): Remove "sm" param in favor of "m_sm". Add
1495 "simple" param.
1496 (sm_state_map::hash): Port from svalue_id to const svalue *.
1497 (sm_state_map::operator==): Likewise.
1498 (sm_state_map::get_state): Likewise. Call canonicalize_svalue on
1499 input. Handle inheritance of sm-state. Call get_default_state.
1500 (sm_state_map::get_origin): Port from svalue_id to const svalue *.
1501 (sm_state_map::set_state): Likewise. Pass in ext_state. Reject
1502 attempts to set state on UNKNOWN.
1503 (sm_state_map::impl_set_state): Port from svalue_id to
1504 const svalue *. Pass in ext_state. Call canonicalize_svalue on
1505 input.
1506 (sm_state_map::purge_for_unknown_fncall): Delete.
1507 (sm_state_map::on_svalue_leak): New.
1508 (sm_state_map::remap_svalue_ids): Delete.
1509 (sm_state_map::on_liveness_change): New.
1510 (sm_state_map::on_unknown_change): Reimplement.
1511 (sm_state_map::on_svalue_purge): Delete.
1512 (sm_state_map::on_inherited_svalue): Delete.
1513 (sm_state_map::on_cast): Delete.
1514 (sm_state_map::validate): Delete.
1515 (sm_state_map::canonicalize_svalue): New.
1516 (program_state::program_state): Update to pass manager to
1517 region_model's ctor. Constify num_states and pass state machine
1518 and index to sm_state_map ctor.
1519 (program_state::print): Update for changes to dump API.
1520 (program_state::dump_to_pp): Ignore the summarize param. Add
1521 "multiline" param.
1522 (program_state::dump_to_file): Add "multiline" param.
1523 (program_state::dump): Pass "true" for new "multiline" param.
1524 (program_state::push_frame): New.
1525 (program_state::on_edge): Drop "change" param. Call
1526 program_state::detect_leaks.
1527 (program_state::prune_for_point): Add enode_for_diag param.
1528 Reimplement based on store class. Call detect_leaks
1529 (program_state::remap_svalue_ids): Delete.
1530 (program_state::get_representative_tree): Port from svalue_id to
1531 const svalue *.
1532 (program_state::can_merge_with_p): Add "point" param. Add early
1533 reject for sm-differences. Drop id remapping.
1534 (program_state::validate): Drop region model and sm_state_map
1535 validation.
1536 (state_change::sm_change::dump): Delete.
1537 (state_change::sm_change::remap_svalue_ids): Delete.
1538 (state_change::sm_change::on_svalue_purge): Delete.
1539 (log_set_of_svalues): New.
1540 (state_change::sm_change::validate): Delete.
1541 (state_change::state_change): Delete.
1542 (state_change::add_sm_change): Delete.
1543 (state_change::affects_p): Delete.
1544 (state_change::dump): Delete.
1545 (state_change::remap_svalue_ids): Delete.
1546 (state_change::on_svalue_purge): Delete.
1547 (state_change::validate): Delete.
1548 (selftest::assert_dump_eq): Delete.
1549 (ASSERT_DUMP_EQ): Delete.
1550 (selftest::test_sm_state_map): Update for changes to region_model
1551 and sm_state_map, porting from svalue_id to const svalue *.
1552 (selftest::test_program_state_dumping): Likewise. Drop test of
1553 dumping, renaming to...
1554 (selftest::test_program_state_1): ...this.
1555 (selftest::test_program_state_dumping_2): Likewise, renaming to...
1556 (selftest::test_program_state_2): ...this.
1557 (selftest::test_program_state_merging): Update for changes to
1558 region_model.
1559 (selftest::test_program_state_merging_2): Likewise.
1560 (selftest::analyzer_program_state_cc_tests): Update for renamed
1561 tests.
1562 * program-state.h (extrinsic_state::extrinsic_state): Add logger
1563 and engine params.
1564 (extrinsic_state::get_logger): New accessor.
1565 (extrinsic_state::get_engine): New accessor.
1566 (extrinsic_state::get_model_manager): New accessor.
1567 (extrinsic_state::m_logger): New field.
1568 (extrinsic_state::m_engine): New field.
1569 (struct default_hash_traits<svalue_id>): Delete.
1570 (pod_hash_traits<svalue_id>::hash): Delete.
1571 (pod_hash_traits<svalue_id>::equal): Delete.
1572 (pod_hash_traits<svalue_id>::mark_deleted): Delete.
1573 (pod_hash_traits<svalue_id>::mark_empty): Delete.
1574 (pod_hash_traits<svalue_id>::is_deleted): Delete.
1575 (pod_hash_traits<svalue_id>::is_empty): Delete.
1576 (sm_state_map::entry_t::entry_t): Port from svalue_id to
1577 const svalue *.
1578 (sm_state_map::entry_t::m_origin): Likewise.
1579 (sm_state_map::map_t): Likewise.
1580 (sm_state_map::sm_state_map): Add state_machine and index params.
1581 (sm_state_map::clone_with_remapping): Delete.
1582 (sm_state_map::print): Drop sm param; add simple and multiline
1583 params.
1584 (sm_state_map::dump): Drop sm param; add simple param.
1585 (sm_state_map::get_state): Port from svalue_id to const svalue *.
1586 Add ext_state param.
1587 (sm_state_map::get_origin): Likewise.
1588 (sm_state_map::set_state): Likewise.
1589 (sm_state_map::impl_set_state): Likewise.
1590 (sm_state_map::purge_for_unknown_fncall): Delete.
1591 (sm_state_map::remap_svalue_ids): Delete.
1592 (sm_state_map::on_svalue_purge): Delete.
1593 (sm_state_map::on_svalue_leak): New.
1594 (sm_state_map::on_liveness_change): New.
1595 (sm_state_map::on_inherited_svalue): Delete.
1596 (sm_state_map::on_cast): Delete.
1597 (sm_state_map::validate): Delete.
1598 (sm_state_map::on_unknown_change): Port from svalue_id to
1599 const svalue *. Add is_mutable and ext_state params.
1600 (sm_state_map::canonicalize_svalue): New.
1601 (sm_state_map::m_sm): New field.
1602 (sm_state_map::m_sm_idx): New field.
1603 (program_state::operator=): Delete.
1604 (program_state::dump_to_pp): Drop "summarize" param, adding
1605 "simple" and "multiline".
1606 (program_state::dump_to_file): Likewise.
1607 (program_state::dump): Rename "summarize" to "simple".
1608 (program_state::push_frame): New.
1609 (program_state::get_current_function): New.
1610 (program_state::on_edge): Drop "change" param.
1611 (program_state::prune_for_point): Likewise. Add enode_for_diag
1612 param.
1613 (program_state::remap_svalue_ids): Delete.
1614 (program_state::get_representative_tree): Port from svalue_id to
1615 const svalue *.
1616 (program_state::can_purge_p): Likewise. Pass ext_state to get_state.
1617 (program_state::can_merge_with_p): Add point param.
1618 (program_state::detect_leaks): New.
1619 (state_change_visitor::on_state_change): Port from tree and
1620 svalue_id to a pair of const svalue *.
1621 (class state_change): Delete.
1622 * region.cc: New file.
1623 * region-model-impl-calls.cc: New file.
1624 * region-model-manager.cc: New file.
1625 * region-model-reachability.cc: New file.
1626 * region-model-reachability.h: New file.
1627 * region-model.cc: Include "analyzer/call-string.h",
1628 "analyzer/program-point.h", and "analyzer/store.h" before
1629 "analyzer/region-model.h". Include
1630 "analyzer/region-model-reachability.h".
1631 (dump_tree): Make non-static.
1632 (dump_quoted_tree): Make non-static.
1633 (print_quoted_type): Make non-static.
1634 (path_var::dump): Delete.
1635 (dump_separator): Delete.
1636 (class impl_constraint_manager): Delete.
1637 (svalue_id::print): Delete.
1638 (svalue_id::dump_node_name_to_pp): Delete.
1639 (svalue_id::validate): Delete.
1640 (region_id::print): Delete.
1641 (region_id::dump_node_name_to_pp): Delete.
1642 (region_id::validate): Delete.
1643 (region_id_set::region_id_set): Delete.
1644 (svalue_id_set::svalue_id_set): Delete.
1645 (svalue::operator==): Delete.
1646 (svalue::hash): Delete.
1647 (svalue::print): Delete.
1648 (svalue::dump_dot_to_pp): Delete.
1649 (svalue::remap_region_ids): Delete.
1650 (svalue::walk_for_canonicalization): Delete.
1651 (svalue::get_child_sid): Delete.
1652 (svalue::maybe_get_constant): Delete.
1653 (region_svalue::compare_fields): Delete.
1654 (region_svalue::add_to_hash): Delete.
1655 (region_svalue::print_details): Delete.
1656 (region_svalue::dump_dot_to_pp): Delete.
1657 (region_svalue::remap_region_ids): Delete.
1658 (region_svalue::merge_values): Delete.
1659 (region_svalue::walk_for_canonicalization): Delete.
1660 (region_svalue::eval_condition): Delete.
1661 (constant_svalue::compare_fields): Delete.
1662 (constant_svalue::add_to_hash): Delete.
1663 (constant_svalue::merge_values): Delete.
1664 (constant_svalue::eval_condition): Move to svalue.cc.
1665 (constant_svalue::print_details): Delete.
1666 (constant_svalue::get_child_sid): Delete.
1667 (unknown_svalue::compare_fields): Delete.
1668 (unknown_svalue::add_to_hash): Delete.
1669 (unknown_svalue::print_details): Delete.
1670 (poison_kind_to_str): Move to svalue.cc.
1671 (poisoned_svalue::compare_fields): Delete.
1672 (poisoned_svalue::add_to_hash): Delete.
1673 (poisoned_svalue::print_details): Delete.
1674 (region_kind_to_str): Move to region.cc and reimplement.
1675 (region::operator==): Delete.
1676 (region::get_parent_region): Delete.
1677 (region::set_value): Delete.
1678 (region::become_active_view): Delete.
1679 (region::deactivate_any_active_view): Delete.
1680 (region::deactivate_view): Delete.
1681 (region::get_value): Delete.
1682 (region::get_inherited_child_sid): Delete.
1683 (region_model::copy_region): Delete.
1684 (region_model::copy_struct_region): Delete.
1685 (region_model::copy_union_region): Delete.
1686 (region_model::copy_array_region): Delete.
1687 (region::hash): Delete.
1688 (region::print): Delete.
1689 (region::dump_dot_to_pp): Delete.
1690 (region::dump_to_pp): Delete.
1691 (region::dump_child_label): Delete.
1692 (region::validate): Delete.
1693 (region::remap_svalue_ids): Delete.
1694 (region::remap_region_ids): Delete.
1695 (region::add_view): Delete.
1696 (region::get_view): Delete.
1697 (region::region): Move to region.cc.
1698 (region::add_to_hash): Delete.
1699 (region::print_fields): Delete.
1700 (region::non_null_p): Delete.
1701 (primitive_region::clone): Delete.
1702 (primitive_region::walk_for_canonicalization): Delete.
1703 (map_region::map_region): Delete.
1704 (map_region::compare_fields): Delete.
1705 (map_region::print_fields): Delete.
1706 (map_region::validate): Delete.
1707 (map_region::dump_dot_to_pp): Delete.
1708 (map_region::dump_child_label): Delete.
1709 (map_region::get_or_create): Delete.
1710 (map_region::get): Delete.
1711 (map_region::add_to_hash): Delete.
1712 (map_region::remap_region_ids): Delete.
1713 (map_region::unbind): Delete.
1714 (map_region::get_tree_for_child_region): Delete.
1715 (map_region::get_tree_for_child_region): Delete.
1716 (tree_cmp): Move to region.cc.
1717 (map_region::can_merge_p): Delete.
1718 (map_region::walk_for_canonicalization): Delete.
1719 (map_region::get_value_by_name): Delete.
1720 (struct_or_union_region::valid_key_p): Delete.
1721 (struct_or_union_region::compare_fields): Delete.
1722 (struct_region::clone): Delete.
1723 (struct_region::compare_fields): Delete.
1724 (union_region::clone): Delete.
1725 (union_region::compare_fields): Delete.
1726 (frame_region::compare_fields): Delete.
1727 (frame_region::clone): Delete.
1728 (frame_region::valid_key_p): Delete.
1729 (frame_region::print_fields): Delete.
1730 (frame_region::add_to_hash): Delete.
1731 (globals_region::compare_fields): Delete.
1732 (globals_region::clone): Delete.
1733 (globals_region::valid_key_p): Delete.
1734 (code_region::compare_fields): Delete.
1735 (code_region::clone): Delete.
1736 (code_region::valid_key_p): Delete.
1737 (array_region::array_region): Delete.
1738 (array_region::get_element): Delete.
1739 (array_region::clone): Delete.
1740 (array_region::compare_fields): Delete.
1741 (array_region::print_fields): Delete.
1742 (array_region::validate): Delete.
1743 (array_region::dump_dot_to_pp): Delete.
1744 (array_region::dump_child_label): Delete.
1745 (array_region::get_or_create): Delete.
1746 (array_region::get): Delete.
1747 (array_region::add_to_hash): Delete.
1748 (array_region::remap_region_ids): Delete.
1749 (array_region::get_key_for_child_region): Delete.
1750 (array_region::key_cmp): Delete.
1751 (array_region::walk_for_canonicalization): Delete.
1752 (array_region::key_from_constant): Delete.
1753 (array_region::constant_from_key): Delete.
1754 (function_region::compare_fields): Delete.
1755 (function_region::clone): Delete.
1756 (function_region::valid_key_p): Delete.
1757 (stack_region::stack_region): Delete.
1758 (stack_region::compare_fields): Delete.
1759 (stack_region::clone): Delete.
1760 (stack_region::print_fields): Delete.
1761 (stack_region::dump_child_label): Delete.
1762 (stack_region::validate): Delete.
1763 (stack_region::push_frame): Delete.
1764 (stack_region::get_current_frame_id): Delete.
1765 (stack_region::pop_frame): Delete.
1766 (stack_region::add_to_hash): Delete.
1767 (stack_region::remap_region_ids): Delete.
1768 (stack_region::can_merge_p): Delete.
1769 (stack_region::walk_for_canonicalization): Delete.
1770 (stack_region::get_value_by_name): Delete.
1771 (heap_region::heap_region): Delete.
1772 (heap_region::compare_fields): Delete.
1773 (heap_region::clone): Delete.
1774 (heap_region::walk_for_canonicalization): Delete.
1775 (root_region::root_region): Delete.
1776 (root_region::compare_fields): Delete.
1777 (root_region::clone): Delete.
1778 (root_region::print_fields): Delete.
1779 (root_region::validate): Delete.
1780 (root_region::dump_child_label): Delete.
1781 (root_region::push_frame): Delete.
1782 (root_region::get_current_frame_id): Delete.
1783 (root_region::pop_frame): Delete.
1784 (root_region::ensure_stack_region): Delete.
1785 (root_region::get_stack_region): Delete.
1786 (root_region::ensure_globals_region): Delete.
1787 (root_region::get_code_region): Delete.
1788 (root_region::ensure_code_region): Delete.
1789 (root_region::get_globals_region): Delete.
1790 (root_region::ensure_heap_region): Delete.
1791 (root_region::get_heap_region): Delete.
1792 (root_region::remap_region_ids): Delete.
1793 (root_region::can_merge_p): Delete.
1794 (root_region::add_to_hash): Delete.
1795 (root_region::walk_for_canonicalization): Delete.
1796 (root_region::get_value_by_name): Delete.
1797 (symbolic_region::symbolic_region): Delete.
1798 (symbolic_region::compare_fields): Delete.
1799 (symbolic_region::clone): Delete.
1800 (symbolic_region::walk_for_canonicalization): Delete.
1801 (symbolic_region::print_fields): Delete.
1802 (region_model::region_model): Add region_model_manager * param.
1803 Reimplement in terms of store, dropping impl_constraint_manager
1804 subclass.
1805 (region_model::operator=): Reimplement in terms of store
1806 (region_model::operator==): Likewise.
1807 (region_model::hash): Likewise.
1808 (region_model::print): Delete.
1809 (region_model::print_svalue): Delete.
1810 (region_model::dump_dot_to_pp): Delete.
1811 (region_model::dump_dot_to_file): Delete.
1812 (region_model::dump_dot): Delete.
1813 (region_model::dump_to_pp): Replace "summarize" param with
1814 "simple" and "multiline". Port to store-based implementation.
1815 (region_model::dump): Replace "summarize" param with "simple" and
1816 "multiline".
1817 (dump_vec_of_tree): Delete.
1818 (region_model::dump_summary_of_rep_path_vars): Delete.
1819 (region_model::validate): Delete.
1820 (svalue_id_cmp_by_constant_svalue_model): Delete.
1821 (svalue_id_cmp_by_constant_svalue): Delete.
1822 (region_model::canonicalize): Drop "ctxt" param. Reimplement in
1823 terms of store and constraints.
1824 (region_model::canonicalized_p): Remove NULL arg to canonicalize.
1825 (region_model::loop_replay_fixup): New.
1826 (poisoned_value_diagnostic::emit): Tweak wording of warnings.
1827 (region_model::check_for_poison): Delete.
1828 (region_model::get_gassign_result): New.
1829 (region_model::on_assignment): Port to store-based implementation.
1830 (region_model::on_call_pre): Delete calls to check_for_poison.
1831 Move implementations to region-model-impl-calls.c and port to
1832 store-based implementation.
1833 (region_model::on_call_post): Likewise.
1834 (class reachable_regions): Move to region-model-reachability.h/cc
1835 and port to store-based implementation.
1836 (region_model::handle_unrecognized_call): Port to store-based
1837 implementation.
1838 (region_model::get_reachable_svalues): New.
1839 (region_model::on_setjmp): Port to store-based implementation.
1840 (region_model::on_longjmp): Likewise.
1841 (region_model::handle_phi): Drop is_back_edge param and the logic
1842 using it.
1843 (region_model::get_lvalue_1): Port from region_id to const region *.
1844 (region_model::make_region_for_unexpected_tree_code): Delete.
1845 (assert_compat_types): If the check fails, use internal_error to
1846 show the types.
1847 (region_model::get_lvalue): Port from region_id to const region *.
1848 (region_model::get_rvalue_1): Port from svalue_id to const svalue *.
1849 (region_model::get_rvalue): Likewise.
1850 (region_model::get_or_create_ptr_svalue): Delete.
1851 (region_model::get_or_create_constant_svalue): Delete.
1852 (region_model::get_svalue_for_fndecl): Delete.
1853 (region_model::get_region_for_fndecl): Delete.
1854 (region_model::get_svalue_for_label): Delete.
1855 (region_model::get_region_for_label): Delete.
1856 (build_cast): Delete.
1857 (region_model::maybe_cast_1): Delete.
1858 (region_model::maybe_cast): Delete.
1859 (region_model::get_field_region): Delete.
1860 (region_model::get_store_value): New.
1861 (region_model::region_exists_p): New.
1862 (region_model::deref_rvalue): Port from svalue_id to const svalue *.
1863 (region_model::set_value): Likewise.
1864 (region_model::clobber_region): New.
1865 (region_model::purge_region): New.
1866 (region_model::zero_fill_region): New.
1867 (region_model::mark_region_as_unknown): New.
1868 (region_model::eval_condition): Port from svalue_id to
1869 const svalue *.
1870 (region_model::eval_condition_without_cm): Likewise.
1871 (region_model::compare_initial_and_pointer): New.
1872 (region_model::add_constraint): Port from svalue_id to
1873 const svalue *.
1874 (region_model::maybe_get_constant): Delete.
1875 (region_model::get_representative_path_var): New.
1876 (region_model::add_new_malloc_region): Delete.
1877 (region_model::get_representative_tree): Port to const svalue *.
1878 (region_model::get_representative_path_var): Port to
1879 const region *.
1880 (region_model::get_path_vars_for_svalue): Delete.
1881 (region_model::set_to_new_unknown_value): Delete.
1882 (region_model::update_for_phis): Don't pass is_back_edge to handle_phi.
1883 (region_model::update_for_call_superedge): Port from svalue_id to
1884 const svalue *.
1885 (region_model::update_for_return_superedge): Port to store-based
1886 implementation.
1887 (region_model::update_for_call_summary): Replace
1888 set_to_new_unknown_value with mark_region_as_unknown.
1889 (region_model::get_root_region): Delete.
1890 (region_model::get_stack_region_id): Delete.
1891 (region_model::push_frame): Delete.
1892 (region_model::get_current_frame_id): Delete.
1893 (region_model::get_current_function): Delete.
1894 (region_model::pop_frame): Delete.
1895 (region_model::on_top_level_param): New.
1896 (region_model::get_stack_depth): Delete.
1897 (region_model::get_function_at_depth): Delete.
1898 (region_model::get_globals_region_id): Delete.
1899 (region_model::add_svalue): Delete.
1900 (region_model::replace_svalue): Delete.
1901 (region_model::add_region): Delete.
1902 (region_model::get_svalue): Delete.
1903 (region_model::get_region): Delete.
1904 (make_region_for_type): Delete.
1905 (region_model::add_region_for_type): Delete.
1906 (region_model::on_top_level_param): New.
1907 (class restrict_to_used_svalues): Delete.
1908 (region_model::purge_unused_svalues): Delete.
1909 (region_model::push_frame): New.
1910 (region_model::remap_svalue_ids): Delete.
1911 (region_model::remap_region_ids): Delete.
1912 (region_model::purge_regions): Delete.
1913 (region_model::get_descendents): Delete.
1914 (region_model::delete_region_and_descendents): Delete.
1915 (region_model::poison_any_pointers_to_bad_regions): Delete.
1916 (region_model::can_merge_with_p): Delete.
1917 (region_model::get_current_function): New.
1918 (region_model::get_value_by_name): Delete.
1919 (region_model::convert_byte_offset_to_array_index): Delete.
1920 (region_model::pop_frame): New.
1921 (region_model::get_or_create_mem_ref): Delete.
1922 (region_model::get_stack_depth): New.
1923 (region_model::get_frame_at_index): New.
1924 (region_model::unbind_region_and_descendents): New.
1925 (struct bad_pointer_finder): New.
1926 (region_model::get_or_create_pointer_plus_expr): Delete.
1927 (region_model::poison_any_pointers_to_descendents): New.
1928 (region_model::get_or_create_view): Delete.
1929 (region_model::can_merge_with_p): New.
1930 (region_model::get_fndecl_for_call): Port from svalue_id to
1931 const svalue *.
1932 (struct append_ssa_names_cb_data): New.
1933 (get_ssa_name_regions_for_current_frame): New.
1934 (region_model::append_ssa_names_cb): New.
1935 (model_merger::dump_to_pp): Add "simple" param. Drop dumping of
1936 remappings.
1937 (model_merger::dump): Add "simple" param to both overloads.
1938 (model_merger::can_merge_values_p): Delete.
1939 (model_merger::record_regions): Delete.
1940 (model_merger::record_svalues): Delete.
1941 (svalue_id_merger_mapping::svalue_id_merger_mapping): Delete.
1942 (svalue_id_merger_mapping::dump_to_pp): Delete.
1943 (svalue_id_merger_mapping::dump): Delete.
1944 (region_model::create_region_for_heap_alloc): New.
1945 (region_model::create_region_for_alloca): New.
1946 (region_model::record_dynamic_extents): New.
1947 (canonicalization::canonicalization): Delete.
1948 (canonicalization::walk_rid): Delete.
1949 (canonicalization::walk_sid): Delete.
1950 (canonicalization::dump_to_pp): Delete.
1951 (canonicalization::dump): Delete.
1952 (inchash::add): Delete overloads for svalue_id and region_id.
1953 (engine::log_stats): New.
1954 (assert_condition): Add overload comparing svalues.
1955 (assert_dump_eq): Pass "true" for multiline.
1956 (selftest::test_dump): Update for rewrite of region_model.
1957 (selftest::test_dump_2): Rename to...
1958 (selftest::test_struct): ...this. Provide a region_model_manager
1959 when creating region_model instance. Remove dump test. Add
1960 checks for get_offset.
1961 (selftest::test_dump_3): Rename to...
1962 (selftest::test_array_1): ...this. Provide a region_model_manager
1963 when creating region_model instance. Remove dump test.
1964 (selftest::test_get_representative_tree): Port from svalue_id to
1965 new API. Add test coverage for various expressions.
1966 (selftest::test_unique_constants): Provide a region_model_manager
1967 for the region_model. Add test coverage for comparing const vs
1968 non-const.
1969 (selftest::test_svalue_equality): Delete.
1970 (selftest::test_region_equality): Delete.
1971 (selftest::test_unique_unknowns): New.
1972 (class purge_all_svalue_ids): Delete.
1973 (class purge_one_svalue_id): Delete.
1974 (selftest::test_purging_by_criteria): Delete.
1975 (selftest::test_initial_svalue_folding): New.
1976 (selftest::test_unaryop_svalue_folding): New.
1977 (selftest::test_binop_svalue_folding): New.
1978 (selftest::test_sub_svalue_folding): New.
1979 (selftest::test_purge_unused_svalues): Delete.
1980 (selftest::test_descendent_of_p): New.
1981 (selftest::test_assignment): Provide a region_model_manager for
1982 the region_model. Drop the dump test.
1983 (selftest::test_compound_assignment): Likewise.
1984 (selftest::test_stack_frames): Port to new implementation.
1985 (selftest::test_get_representative_path_var): Likewise.
1986 (selftest::test_canonicalization_1): Rename to...
1987 (selftest::test_equality_1): ...this. Port to new API, and add
1988 (selftest::test_canonicalization_2): Provide a
1989 region_model_manager when creating region_model instances.
1990 Remove redundant canicalization.
1991 (selftest::test_canonicalization_3): Provide a
1992 region_model_manager when creating region_model instances.
1993 Remove param from calls to region_model::canonicalize.
1994 (selftest::test_canonicalization_4): Likewise.
1995 (selftest::assert_region_models_merge): Constify
1996 out_merged_svalue. Port to new API.
1997 (selftest::test_state_merging): Provide a
1998 region_model_manager when creating region_model instances.
1999 Provide a program_point point when merging them. Replace
2000 set_to_new_unknown_value with usage of placeholder_svalues.
2001 Drop get_value_by_name. Port from svalue_id to const svalue *.
2002 Add test of heap allocation.
2003 (selftest::test_constraint_merging): Provide a
2004 region_model_manager when creating region_model instances.
2005 Provide a program_point point when merging them. Eliminate use
2006 of set_to_new_unknown_value.
2007 (selftest::test_widening_constraints): New.
2008 (selftest::test_iteration_1): New.
2009 (selftest::test_malloc_constraints): Port to store-based
2010 implementation.
2011 (selftest::test_var): New test.
2012 (selftest::test_array_2): New test.
2013 (selftest::test_mem_ref): New test.
2014 (selftest::test_POINTER_PLUS_EXPR_then_MEM_REF): New.
2015 (selftest::test_malloc): New.
2016 (selftest::test_alloca): New.
2017 (selftest::analyzer_region_model_cc_tests): Update for renamings.
2018 Call new functions.
2019 * region-model.h (class path_var): Move to analyzer.h.
2020 (class svalue_id): Delete.
2021 (class region_id): Delete.
2022 (class id_map): Delete.
2023 (svalue_id_map): Delete.
2024 (region_id_map): Delete.
2025 (id_map<T>::id_map): Delete.
2026 (id_map<T>::put): Delete.
2027 (id_map<T>::get_dst_for_src): Delete.
2028 (id_map<T>::get_src_for_dst): Delete.
2029 (id_map<T>::dump_to_pp): Delete.
2030 (id_map<T>::dump): Delete.
2031 (id_map<T>::update): Delete.
2032 (one_way_svalue_id_map): Delete.
2033 (one_way_region_id_map): Delete.
2034 (class region_id_set): Delete.
2035 (class svalue_id_set): Delete.
2036 (struct complexity): New.
2037 (class visitor): New.
2038 (enum svalue_kind): Add SK_SETJMP, SK_INITIAL, SK_UNARYOP,
2039 SK_BINOP, SK_SUB,SK_UNMERGEABLE, SK_PLACEHOLDER, SK_WIDENING,
2040 SK_COMPOUND, and SK_CONJURED.
2041 (svalue::operator==): Delete.
2042 (svalue::operator!=): Delete.
2043 (svalue::clone): Delete.
2044 (svalue::hash): Delete.
2045 (svalue::dump_dot_to_pp): Delete.
2046 (svalue::dump_to_pp): New.
2047 (svalue::dump): New.
2048 (svalue::get_desc): New.
2049 (svalue::dyn_cast_initial_svalue): New.
2050 (svalue::dyn_cast_unaryop_svalue): New.
2051 (svalue::dyn_cast_binop_svalue): New.
2052 (svalue::dyn_cast_sub_svalue): New.
2053 (svalue::dyn_cast_unmergeable_svalue): New.
2054 (svalue::dyn_cast_widening_svalue): New.
2055 (svalue::dyn_cast_compound_svalue): New.
2056 (svalue::dyn_cast_conjured_svalue): New.
2057 (svalue::maybe_undo_cast): New.
2058 (svalue::unwrap_any_unmergeable): New.
2059 (svalue::remap_region_ids): Delete
2060 (svalue::can_merge_p): New.
2061 (svalue::walk_for_canonicalization): Delete
2062 (svalue::get_complexity): New.
2063 (svalue::get_child_sid): Delete
2064 (svalue::accept): New.
2065 (svalue::live_p): New.
2066 (svalue::implicitly_live_p): New.
2067 (svalue::svalue): Add complexity param.
2068 (svalue::add_to_hash): Delete
2069 (svalue::print_details): Delete
2070 (svalue::m_complexity): New field.
2071 (region_svalue::key_t): New struct.
2072 (region_svalue::region_svalue): Port from region_id to
2073 const region_id *. Add complexity.
2074 (region_svalue::compare_fields): Delete.
2075 (region_svalue::clone): Delete.
2076 (region_svalue::dump_dot_to_pp): Delete.
2077 (region_svalue::get_pointee): Port from region_id to
2078 const region_id *.
2079 (region_svalue::remap_region_ids): Delete.
2080 (region_svalue::merge_values): Delete.
2081 (region_svalue::dump_to_pp): New.
2082 (region_svalue::accept): New.
2083 (region_svalue::walk_for_canonicalization): Delete.
2084 (region_svalue::eval_condition): Make params const.
2085 (region_svalue::add_to_hash): Delete.
2086 (region_svalue::print_details): Delete.
2087 (region_svalue::m_rid): Replace with...
2088 (region_svalue::m_reg): ...this.
2089 (is_a_helper <region_svalue *>::test): Convert to...
2090 (is_a_helper <const region_svalue *>::test): ...this.
2091 (template <> struct default_hash_traits<region_svalue::key_t>):
2092 New.
2093 (constant_svalue::constant_svalue): Add complexity.
2094 (constant_svalue::compare_fields): Delete.
2095 (constant_svalue::clone): Delete.
2096 (constant_svalue::add_to_hash): Delete.
2097 (constant_svalue::dump_to_pp): New.
2098 (constant_svalue::accept): New.
2099 (constant_svalue::implicitly_live_p): New.
2100 (constant_svalue::merge_values): Delete.
2101 (constant_svalue::eval_condition): Make params const.
2102 (constant_svalue::get_child_sid): Delete.
2103 (constant_svalue::print_details): Delete.
2104 (is_a_helper <constant_svalue *>::test): Convert to...
2105 (is_a_helper <const constant_svalue *>::test): ...this.
2106 (class unknown_svalue): Update leading comment.
2107 (unknown_svalue::unknown_svalue): Add complexity.
2108 (unknown_svalue::compare_fields): Delete.
2109 (unknown_svalue::add_to_hash): Delete.
2110 (unknown_svalue::dyn_cast_unknown_svalue): Delete.
2111 (unknown_svalue::print_details): Delete.
2112 (unknown_svalue::dump_to_pp): New.
2113 (unknown_svalue::accept): New.
2114 (poisoned_svalue::key_t): New struct.
2115 (poisoned_svalue::poisoned_svalue): Add complexity.
2116 (poisoned_svalue::compare_fields): Delete.
2117 (poisoned_svalue::clone): Delete.
2118 (poisoned_svalue::add_to_hash): Delete.
2119 (poisoned_svalue::dump_to_pp): New.
2120 (poisoned_svalue::accept): New.
2121 (poisoned_svalue::print_details): Delete.
2122 (is_a_helper <poisoned_svalue *>::test): Convert to...
2123 (is_a_helper <const poisoned_svalue *>::test): ...this.
2124 (template <> struct default_hash_traits<poisoned_svalue::key_t>):
2125 New.
2126 (setjmp_record::add_to_hash): New.
2127 (setjmp_svalue::key_t): New struct.
2128 (setjmp_svalue::compare_fields): Delete.
2129 (setjmp_svalue::clone): Delete.
2130 (setjmp_svalue::add_to_hash): Delete.
2131 (setjmp_svalue::setjmp_svalue): Add complexity.
2132 (setjmp_svalue::dump_to_pp): New.
2133 (setjmp_svalue::accept): New.
2134 (setjmp_svalue::void print_details): Delete.
2135 (is_a_helper <const setjmp_svalue *>::test): New.
2136 (template <> struct default_hash_traits<setjmp_svalue::key_t>): New.
2137 (class initial_svalue : public svalue): New.
2138 (is_a_helper <const initial_svalue *>::test): New.
2139 (class unaryop_svalue): New.
2140 (is_a_helper <const unaryop_svalue *>::test): New.
2141 (template <> struct default_hash_traits<unaryop_svalue::key_t>): New.
2142 (class binop_svalue): New.
2143 (is_a_helper <const binop_svalue *>::test): New.
2144 (template <> struct default_hash_traits<binop_svalue::key_t>): New.
2145 (class sub_svalue): New.
2146 (is_a_helper <const sub_svalue *>::test): New.
2147 (template <> struct default_hash_traits<sub_svalue::key_t>): New.
2148 (class unmergeable_svalue): New.
2149 (is_a_helper <const unmergeable_svalue *>::test): New.
2150 (class placeholder_svalue): New.
2151 (is_a_helper <placeholder_svalue *>::test): New.
2152 (class widening_svalue): New.
2153 (is_a_helper <widening_svalue *>::test): New.
2154 (template <> struct default_hash_traits<widening_svalue::key_t>): New.
2155 (class compound_svalue): New.
2156 (is_a_helper <compound_svalue *>::test): New.
2157 (template <> struct default_hash_traits<compound_svalue::key_t>): New.
2158 (class conjured_svalue): New.
2159 (is_a_helper <conjured_svalue *>::test): New.
2160 (template <> struct default_hash_traits<conjured_svalue::key_t>): New.
2161 (enum region_kind): Delete RK_PRIMITIVE, RK_STRUCT, RK_UNION, and
2162 RK_ARRAY. Add RK_LABEL, RK_DECL, RK_FIELD, RK_ELEMENT, RK_OFFSET,
2163 RK_CAST, RK_HEAP_ALLOCATED, RK_ALLOCA, RK_STRING, and RK_UNKNOWN.
2164 (region_kind_to_str): Delete.
2165 (region::~region): Move implementation to region.cc.
2166 (region::operator==): Delete.
2167 (region::operator!=): Delete.
2168 (region::clone): Delete.
2169 (region::get_id): New.
2170 (region::cmp_ids): New.
2171 (region::dyn_cast_map_region): Delete.
2172 (region::dyn_cast_array_region): Delete.
2173 (region::region_id get_parent): Delete.
2174 (region::get_parent_region): Convert to a simple accessor.
2175 (region::void set_value): Delete.
2176 (region::svalue_id get_value): Delete.
2177 (region::svalue_id get_value_direct): Delete.
2178 (region::svalue_id get_inherited_child_sid): Delete.
2179 (region::dyn_cast_frame_region): New.
2180 (region::dyn_cast_function_region): New.
2181 (region::dyn_cast_decl_region): New.
2182 (region::dyn_cast_field_region): New.
2183 (region::dyn_cast_element_region): New.
2184 (region::dyn_cast_offset_region): New.
2185 (region::dyn_cast_cast_region): New.
2186 (region::dyn_cast_string_region): New.
2187 (region::accept): New.
2188 (region::get_base_region): New.
2189 (region::base_region_p): New.
2190 (region::descendent_of_p): New.
2191 (region::maybe_get_frame_region): New.
2192 (region::maybe_get_decl): New.
2193 (region::hash): Delete.
2194 (region::rint): Delete.
2195 (region::dump_dot_to_pp): Delete.
2196 (region::get_desc): New.
2197 (region::dump_to_pp): Convert to vfunc, changing signature.
2198 (region::dump_child_label): Delete.
2199 (region::remap_svalue_ids): Delete.
2200 (region::remap_region_ids): Delete.
2201 (region::dump): New.
2202 (region::walk_for_canonicalization): Delete.
2203 (region::non_null_p): Drop region_model param.
2204 (region::add_view): Delete.
2205 (region::get_view): Delete.
2206 (region::get_active_view): Delete.
2207 (region::is_view_p): Delete.
2208 (region::cmp_ptrs): New.
2209 (region::validate): Delete.
2210 (region::get_offset): New.
2211 (region::get_byte_size): New.
2212 (region::get_bit_size): New.
2213 (region::get_subregions_for_binding): New.
2214 (region::region): Add complexity param. Convert parent from
2215 region_id to const region *. Drop svalue_id. Drop copy ctor.
2216 (region::symbolic_for_unknown_ptr_p): New.
2217 (region::add_to_hash): Delete.
2218 (region::print_fields): Delete.
2219 (region::get_complexity): New accessor.
2220 (region::become_active_view): Delete.
2221 (region::deactivate_any_active_view): Delete.
2222 (region::deactivate_view): Delete.
2223 (region::calc_offset): New.
2224 (region::m_parent_rid): Delete.
2225 (region::m_sval_id): Delete.
2226 (region::m_complexity): New.
2227 (region::m_id): New.
2228 (region::m_parent): New.
2229 (region::m_view_rids): Delete.
2230 (region::m_is_view): Delete.
2231 (region::m_active_view_rid): Delete.
2232 (region::m_cached_offset): New.
2233 (is_a_helper <region *>::test): Convert to...
2234 (is_a_helper <const region *>::test): ... this.
2235 (class primitive_region): Delete.
2236 (class space_region): New.
2237 (class map_region): Delete.
2238 (is_a_helper <map_region *>::test): Delete.
2239 (class frame_region): Reimplement.
2240 (template <> struct default_hash_traits<frame_region::key_t>):
2241 New.
2242 (class globals_region): Reimplement.
2243 (is_a_helper <globals_region *>::test): Convert to...
2244 (is_a_helper <const globals_region *>::test): ...this.
2245 (class struct_or_union_region): Delete.
2246 (is_a_helper <struct_or_union_region *>::test): Delete.
2247 (class code_region): Reimplement.
2248 (is_a_helper <const code_region *>::test): New.
2249 (class struct_region): Delete.
2250 (is_a_helper <struct_region *>::test): Delete.
2251 (class function_region): Reimplement.
2252 (is_a_helper <function_region *>::test): Convert to...
2253 (is_a_helper <const function_region *>::test): ...this.
2254 (class union_region): Delete.
2255 (is_a_helper <union_region *>::test): Delete.
2256 (class label_region): New.
2257 (is_a_helper <const label_region *>::test): New.
2258 (class scope_region): Delete.
2259 (class stack_region): Reimplement.
2260 (is_a_helper <stack_region *>::test): Convert to...
2261 (is_a_helper <const stack_region *>::test): ...this.
2262 (class heap_region): Reimplement.
2263 (is_a_helper <heap_region *>::test): Convert to...
2264 (is_a_helper <const heap_region *>::test): ...this.
2265 (class root_region): Reimplement.
2266 (is_a_helper <root_region *>::test): Convert to...
2267 (is_a_helper <const root_region *>::test): ...this.
2268 (class symbolic_region): Reimplement.
2269 (is_a_helper <const symbolic_region *>::test): New.
2270 (template <> struct default_hash_traits<symbolic_region::key_t>):
2271 New.
2272 (class decl_region): New.
2273 (is_a_helper <const decl_region *>::test): New.
2274 (class field_region): New.
2275 (template <> struct default_hash_traits<field_region::key_t>): New.
2276 (class array_region): Delete.
2277 (class element_region): New.
2278 (is_a_helper <array_region *>::test): Delete.
2279 (is_a_helper <const element_region *>::test): New.
2280 (template <> struct default_hash_traits<element_region::key_t>):
2281 New.
2282 (class offset_region): New.
2283 (is_a_helper <const offset_region *>::test): New.
2284 (template <> struct default_hash_traits<offset_region::key_t>):
2285 New.
2286 (class cast_region): New.
2287 (is_a_helper <const cast_region *>::test): New.
2288 (template <> struct default_hash_traits<cast_region::key_t>): New.
2289 (class heap_allocated_region): New.
2290 (class alloca_region): New.
2291 (class string_region): New.
2292 (is_a_helper <const string_region *>::test): New.
2293 (class unknown_region): New.
2294 (class region_model_manager): New.
2295 (struct append_ssa_names_cb_data): New.
2296 (class call_details): New.
2297 (region_model::region_model): Add region_model_manager param.
2298 (region_model::print_svalue): Delete.
2299 (region_model::dump_dot_to_pp): Delete.
2300 (region_model::dump_dot_to_file): Delete.
2301 (region_model::dump_dot): Delete.
2302 (region_model::dump_to_pp): Drop summarize param in favor of
2303 simple and multiline.
2304 (region_model::dump): Likewise.
2305 (region_model::summarize_to_pp): Delete.
2306 (region_model::summarize): Delete.
2307 (region_model::void canonicalize): Drop ctxt param.
2308 (region_model::void check_for_poison): Delete.
2309 (region_model::get_gassign_result): New.
2310 (region_model::impl_call_alloca): New.
2311 (region_model::impl_call_analyzer_describe): New.
2312 (region_model::impl_call_analyzer_eval): New.
2313 (region_model::impl_call_builtin_expect): New.
2314 (region_model::impl_call_calloc): New.
2315 (region_model::impl_call_free): New.
2316 (region_model::impl_call_malloc): New.
2317 (region_model::impl_call_memset): New.
2318 (region_model::impl_call_strlen): New.
2319 (region_model::get_reachable_svalues): New.
2320 (region_model::handle_phi): Drop is_back_edge param.
2321 (region_model::region_id get_root_rid): Delete.
2322 (region_model::root_region *get_root_region): Delete.
2323 (region_model::region_id get_stack_region_id): Delete.
2324 (region_model::push_frame): Convert from region_id and svalue_id
2325 to const region * and const svalue *.
2326 (region_model::get_current_frame_id): Replace with...
2327 (region_model::get_current_frame): ...this.
2328 (region_model::pop_frame): Convert from region_id to
2329 const region *. Drop purge and stats param. Add out_result.
2330 (region_model::function *get_function_at_depth): Delete.
2331 (region_model::get_globals_region_id): Delete.
2332 (region_model::add_svalue): Delete.
2333 (region_model::replace_svalue): Delete.
2334 (region_model::add_region): Delete.
2335 (region_model::add_region_for_type): Delete.
2336 (region_model::get_svalue): Delete.
2337 (region_model::get_region): Delete.
2338 (region_model::get_lvalue): Convert from region_id to
2339 const region *.
2340 (region_model::get_rvalue): Convert from svalue_id to
2341 const svalue *.
2342 (region_model::get_or_create_ptr_svalue): Delete.
2343 (region_model::get_or_create_constant_svalue): Delete.
2344 (region_model::get_svalue_for_fndecl): Delete.
2345 (region_model::get_svalue_for_label): Delete.
2346 (region_model::get_region_for_fndecl): Delete.
2347 (region_model::get_region_for_label): Delete.
2348 (region_model::get_frame_at_index (int index) const;): New.
2349 (region_model::maybe_cast): Delete.
2350 (region_model::maybe_cast_1): Delete.
2351 (region_model::get_field_region): Delete.
2352 (region_model::id deref_rvalue): Convert from region_id and
2353 svalue_id to const region * and const svalue *. Drop overload,
2354 passing in both a tree and an svalue.
2355 (region_model::set_value): Convert from region_id and svalue_id to
2356 const region * and const svalue *.
2357 (region_model::set_to_new_unknown_value): Delete.
2358 (region_model::clobber_region (const region *reg);): New.
2359 (region_model::purge_region (const region *reg);): New.
2360 (region_model::zero_fill_region (const region *reg);): New.
2361 (region_model::mark_region_as_unknown (const region *reg);): New.
2362 (region_model::copy_region): Convert from region_id to
2363 const region *.
2364 (region_model::eval_condition): Convert from svalue_id to
2365 const svalue *.
2366 (region_model::eval_condition_without_cm): Likewise.
2367 (region_model::compare_initial_and_pointer): New.
2368 (region_model:maybe_get_constant): Delete.
2369 (region_model::add_new_malloc_region): Delete.
2370 (region_model::get_representative_tree): Convert from svalue_id to
2371 const svalue *.
2372 (region_model::get_representative_path_var): Delete decl taking a
2373 region_id in favor of two decls, for svalue vs region, with an
2374 svalue_set to ensure termination.
2375 (region_model::get_path_vars_for_svalue): Delete.
2376 (region_model::create_region_for_heap_alloc): New.
2377 (region_model::create_region_for_alloca): New.
2378 (region_model::purge_unused_svalues): Delete.
2379 (region_model::remap_svalue_ids): Delete.
2380 (region_model::remap_region_ids): Delete.
2381 (region_model::purge_regions): Delete.
2382 (region_model::get_num_svalues): Delete.
2383 (region_model::get_num_regions): Delete.
2384 (region_model::get_descendents): Delete.
2385 (region_model::get_store): New.
2386 (region_model::delete_region_and_descendents): Delete.
2387 (region_model::get_manager): New.
2388 (region_model::unbind_region_and_descendents): New.
2389 (region_model::can_merge_with_p): Add point param. Drop
2390 svalue_id_merger_mapping.
2391 (region_model::get_value_by_name): Delete.
2392 (region_model::convert_byte_offset_to_array_index): Delete.
2393 (region_model::get_or_create_mem_ref): Delete.
2394 (region_model::get_or_create_pointer_plus_expr): Delete.
2395 (region_model::get_or_create_view): Delete.
2396 (region_model::get_lvalue_1): Convert from region_id to
2397 const region *.
2398 (region_model::get_rvalue_1): Convert from svalue_id to
2399 const svalue *.
2400 (region_model::get_ssa_name_regions_for_current_frame): New.
2401 (region_model::append_ssa_names_cb): New.
2402 (region_model::get_store_value): New.
2403 (region_model::copy_struct_region): Delete.
2404 (region_model::copy_union_region): Delete.
2405 (region_model::copy_array_region): Delete.
2406 (region_model::region_exists_p): New.
2407 (region_model::make_region_for_unexpected_tree_code): Delete.
2408 (region_model::loop_replay_fixup): New.
2409 (region_model::poison_any_pointers_to_bad_regions): Delete.
2410 (region_model::poison_any_pointers_to_descendents): New.
2411 (region_model::dump_summary_of_rep_path_vars): Delete.
2412 (region_model::on_top_level_param): New.
2413 (region_model::record_dynamic_extents): New.
2414 (region_model::m_mgr;): New.
2415 (region_model::m_store;): New.
2416 (region_model::m_svalues;): Delete.
2417 (region_model::m_regions;): Delete.
2418 (region_model::m_root_rid;): Delete.
2419 (region_model::m_current_frame;): New.
2420 (region_model_context::remap_svalue_ids): Delete.
2421 (region_model_context::can_purge_p): Delete.
2422 (region_model_context::on_svalue_leak): New.
2423 (region_model_context::on_svalue_purge): Delete.
2424 (region_model_context::on_liveness_change): New.
2425 (region_model_context::on_inherited_svalue): Delete.
2426 (region_model_context::on_cast): Delete.
2427 (region_model_context::on_unknown_change): Convert from svalue_id to
2428 const svalue * and add is_mutable.
2429 (class noop_region_model_context): Update for region_model_context
2430 changes.
2431 (model_merger::model_merger): Add program_point. Drop
2432 svalue_id_merger_mapping.
2433 (model_merger::dump_to_pp): Add "simple" param.
2434 (model_merger::dump): Likewise.
2435 (model_merger::get_region_a): Delete.
2436 (model_merger::get_region_b): Delete.
2437 (model_merger::can_merge_values_p): Delete.
2438 (model_merger::record_regions): Delete.
2439 (model_merger::record_svalues): Delete.
2440 (model_merger::m_point): New field.
2441 (model_merger::m_map_regions_from_a_to_m): Delete.
2442 (model_merger::m_map_regions_from_b_to_m): Delete.
2443 (model_merger::m_sid_mapping): Delete.
2444 (struct svalue_id_merger_mapping): Delete.
2445 (class engine): New.
2446 (struct canonicalization): Delete.
2447 (inchash::add): Delete decls for hashing svalue_id and region_id.
2448 (test_region_model_context::on_unexpected_tree_code): Require t to
2449 be non-NULL.
2450 (selftest::assert_condition): Add overload comparing a pair of
2451 const svalue *.
2452 * sm-file.cc: Include "tristate.h", "selftest.h",
2453 "analyzer/call-string.h", "analyzer/program-point.h",
2454 "analyzer/store.h", and "analyzer/region-model.h".
2455 (fileptr_state_machine::get_default_state): New.
2456 (fileptr_state_machine::on_stmt): Remove calls to
2457 get_readable_tree in favor of get_diagnostic_tree.
2458 * sm-malloc.cc: Include "tristate.h", "selftest.h",
2459 "analyzer/call-string.h", "analyzer/program-point.h",
2460 "analyzer/store.h", and "analyzer/region-model.h".
2461 (malloc_state_machine::get_default_state): New.
2462 (malloc_state_machine::reset_when_passed_to_unknown_fn_p): New.
2463 (malloc_diagnostic::describe_state_change): Handle change.m_expr
2464 being NULL.
2465 (null_arg::emit): Avoid printing "NULL '0'".
2466 (null_arg::describe_final_event): Avoid printing "(0) NULL".
2467 (malloc_leak::emit): Handle m_arg being NULL.
2468 (malloc_leak::describe_final_event): Handle ev.m_expr being NULL.
2469 (malloc_state_machine::on_stmt): Don't call get_readable_tree.
2470 Call get_diagnostic_tree when creating pending diagnostics.
2471 Update for is_zero_assignment becoming a member function of
2472 sm_ctxt.
2473 Don't transition to m_non_heap for ADDR_EXPR(MEM_REF()).
2474 (malloc_state_machine::reset_when_passed_to_unknown_fn_p): New
2475 vfunc implementation.
2476 * sm-sensitive.cc (sensitive_state_machine::warn_for_any_exposure): Call
2477 get_diagnostic_tree and pass the result to warn_for_state.
2478 * sm-signal.cc: Move includes of "analyzer/call-string.h" and
2479 "analyzer/program-point.h" to before "analyzer/region-model.h",
2480 and also include "analyzer/store.h" before it.
2481 (signal_unsafe_call::describe_state_change): Use
2482 get_dest_function to get handler.
2483 (update_model_for_signal_handler): Pass manager to region_model
2484 ctor.
2485 (register_signal_handler::impl_transition): Update for changes to
2486 get_or_create_node and add_edge.
2487 * sm-taint.cc (taint_state_machine::on_stmt): Remove calls to
2488 get_readable_tree, replacing them when calling warn_for_state with
2489 calls to get_diagnostic_tree.
2490 * sm.cc (is_zero_assignment): Delete.
2491 (any_pointer_p): Move to within namespace ana.
2492 * sm.h (is_zero_assignment): Remove decl.
2493 (any_pointer_p): Move decl to within namespace ana.
2494 (state_machine::get_default_state): New vfunc.
2495 (state_machine::reset_when_passed_to_unknown_fn_p): New vfunc.
2496 (sm_context::get_readable_tree): Rename to...
2497 (sm_context::get_diagnostic_tree): ...this.
2498 (sm_context::is_zero_assignment): New vfunc.
2499 * store.cc: New file.
2500 * store.h: New file.
2501 * svalue.cc: New file.
2502
2503 2020-05-22 Mark Wielaard <mark@klomp.org>
2504
2505 * sm-signal.cc(signal_unsafe_call::emit): Possibly add
2506 gcc_rich_location note for replacement.
2507 (signal_unsafe_call::get_replacement_fn): New private function.
2508 (get_async_signal_unsafe_fns): Add "exit".
2509
2510 2020-04-28 David Malcolm <dmalcolm@redhat.com>
2511
2512 PR analyzer/94816
2513 * engine.cc (impl_region_model_context::on_unexpected_tree_code):
2514 Handle NULL tree.
2515 * region-model.cc (region_model::add_region_for_type): Handle
2516 NULL type.
2517 * region-model.h
2518 (test_region_model_context::on_unexpected_tree_code): Handle NULL
2519 tree.
2520
2521 2020-04-28 David Malcolm <dmalcolm@redhat.com>
2522
2523 PR analyzer/94447
2524 PR analyzer/94639
2525 PR analyzer/94732
2526 PR analyzer/94754
2527 * analyzer.opt (Wanalyzer-use-of-uninitialized-value): Delete.
2528 * program-state.cc (selftest::test_program_state_dumping): Update
2529 expected dump result for removal of "uninit".
2530 * region-model.cc (poison_kind_to_str): Delete POISON_KIND_UNINIT
2531 case.
2532 (root_region::ensure_stack_region): Initialize stack with null
2533 svalue_id rather than with a typeless POISON_KIND_UNINIT value.
2534 (root_region::ensure_heap_region): Likewise for the heap.
2535 (region_model::dump_summary_of_rep_path_vars): Remove
2536 summarization of uninit values.
2537 (region_model::validate): Remove check that the stack has a
2538 POISON_KIND_UNINIT value.
2539 (poisoned_value_diagnostic::emit): Remove POISON_KIND_UNINIT
2540 case.
2541 (poisoned_value_diagnostic::describe_final_event): Likewise.
2542 (selftest::test_dump): Update expected dump result for removal of
2543 "uninit".
2544 (selftest::test_svalue_equality): Remove "uninit" and "freed".
2545 * region-model.h (enum poison_kind): Remove POISON_KIND_UNINIT.
2546
2547 2020-04-01 David Malcolm <dmalcolm@redhat.com>
2548
2549 PR analyzer/94378
2550 * checker-path.cc: Include "bitmap.h".
2551 * constraint-manager.cc: Likewise.
2552 * diagnostic-manager.cc: Likewise.
2553 * engine.cc: Likewise.
2554 (exploded_node::detect_leaks): Pass null region_id to pop_frame.
2555 * program-point.cc: Include "bitmap.h".
2556 * program-state.cc: Likewise.
2557 * region-model.cc (id_set<region_id>::id_set): Convert to...
2558 (region_id_set::region_id_set): ...this.
2559 (svalue_id_set::svalue_id_set): New ctor.
2560 (region_model::copy_region): New function.
2561 (region_model::copy_struct_region): New function.
2562 (region_model::copy_union_region): New function.
2563 (region_model::copy_array_region): New function.
2564 (stack_region::pop_frame): Drop return value. Add
2565 "result_dst_rid" param; if it is non-null, use copy_region to copy
2566 the result to it. Rather than capture and pass a single "known
2567 used" return value to be used by purge_unused_values, instead
2568 gather and pass a set of known used return values.
2569 (root_region::pop_frame): Drop return value. Add "result_dst_rid"
2570 param.
2571 (region_model::on_assignment): Use copy_region.
2572 (region_model::on_return): Likewise for the result.
2573 (region_model::on_longjmp): Pass null for pop_frame's
2574 result_dst_rid.
2575 (region_model::update_for_return_superedge): Pass the region for the
2576 return value of the call, if any, to pop_frame, rather than setting
2577 the lvalue for the lhs of the result.
2578 (region_model::pop_frame): Drop return value. Add
2579 "result_dst_rid" param.
2580 (region_model::purge_unused_svalues): Convert third param from an
2581 svalue_id * to an svalue_id_set *, updating the initial populating
2582 of the "used" bitmap accordingly. Don't remap it when done.
2583 (struct selftest::coord_test): New selftest fixture, extracted from...
2584 (selftest::test_dump_2): ...here.
2585 (selftest::test_compound_assignment): New selftest.
2586 (selftest::test_stack_frames): Pass null to new param of pop_frame.
2587 (selftest::analyzer_region_model_cc_tests): Call the new selftest.
2588 * region-model.h (class id_set): Delete template.
2589 (class region_id_set): Reimplement, using old id_set implementation.
2590 (class svalue_id_set): Likewise. Convert from auto_sbitmap to
2591 auto_bitmap.
2592 (region::get_active_view): New accessor.
2593 (stack_region::pop_frame): Drop return value. Add
2594 "result_dst_rid" param.
2595 (root_region::pop_frame): Likewise.
2596 (region_model::pop_frame): Likewise.
2597 (region_model::copy_region): New decl.
2598 (region_model::purge_unused_svalues): Convert third param from an
2599 svalue_id * to an svalue_id_set *.
2600 (region_model::copy_struct_region): New decl.
2601 (region_model::copy_union_region): New decl.
2602 (region_model::copy_array_region): New decl.
2603
2604 2020-03-27 David Malcolm <dmalcolm@redhat.com>
2605
2606 * program-state.cc (selftest::test_program_state_dumping): Update
2607 expected dump to include symbolic_region's possibly_null field.
2608 * region-model.cc (symbolic_region::print_fields): New vfunc
2609 implementation.
2610 (region_model::add_constraint): Clear m_possibly_null from
2611 symbolic_regions now known to be non-NULL.
2612 (selftest::test_malloc_constraints): New selftest.
2613 (selftest::analyzer_region_model_cc_tests): Call it.
2614 * region-model.h (region::dyn_cast_symbolic_region): Add non-const
2615 overload.
2616 (symbolic_region::dyn_cast_symbolic_region): Implement it.
2617 (symbolic_region::print_fields): New vfunc override decl.
2618
2619 2020-03-27 David Malcolm <dmalcolm@redhat.com>
2620
2621 * analyzer.h (class feasibility_problem): New forward decl.
2622 * diagnostic-manager.cc (saved_diagnostic::saved_diagnostic):
2623 Initialize new fields m_status, m_epath_length, and m_problem.
2624 (saved_diagnostic::~saved_diagnostic): Delete m_problem.
2625 (dedupe_candidate::dedupe_candidate): Convert "sd" param from a
2626 const ref to a mutable ptr.
2627 (dedupe_winners::add): Convert "sd" param from a const ref to a
2628 mutable ptr. Record the length of the exploded_path. Record the
2629 feasibility/infeasibility of sd into sd, capturing a
2630 feasibility_problem when feasible_p fails, and storing it in sd.
2631 (diagnostic_manager::emit_saved_diagnostics): Update for pass by
2632 ptr rather than by const ref.
2633 * diagnostic-manager.h (class saved_diagnostic): Add new enum
2634 status. Add fields m_status, m_epath_length and m_problem.
2635 (saved_diagnostic::set_feasible): New member function.
2636 (saved_diagnostic::set_infeasible): New member function.
2637 (saved_diagnostic::get_feasibility_problem): New accessor.
2638 (saved_diagnostic::get_status): New accessor.
2639 (saved_diagnostic::set_epath_length): New member function.
2640 (saved_diagnostic::get_epath_length): New accessor.
2641 * engine.cc: Include "gimple-pretty-print.h".
2642 (exploded_path::feasible_p): Add OUT param and, if non-NULL, write
2643 a new feasibility_problem to it on failure.
2644 (viz_callgraph_node::dump_dot): Convert begin_tr calls to
2645 begin_trtd. Convert end_tr calls to end_tdtr.
2646 (class exploded_graph_annotator): New subclass of dot_annotator.
2647 (impl_run_checkers): Add a second -fdump-analyzer-supergraph dump
2648 after the analysis runs, using exploded_graph_annotator. dumping
2649 to DUMP_BASE_NAME.supergraph-eg.dot.
2650 * exploded-graph.h (exploded_node::get_dot_fillcolor): Make
2651 public.
2652 (exploded_path::feasible_p): Add OUT param.
2653 (class feasibility_problem): New class.
2654 * state-purge.cc (state_purge_annotator::add_node_annotations):
2655 Return a bool, add a "within_table" param.
2656 (print_vec_of_names): Convert begin_tr calls to begin_trtd.
2657 Convert end_tr calls to end_tdtr.
2658 (state_purge_annotator::add_stmt_annotations): Add "within_row"
2659 param.
2660 * state-purge.h ((state_purge_annotator::add_node_annotations):
2661 Return a bool, add a "within_table" param.
2662 (state_purge_annotator::add_stmt_annotations): Add "within_row"
2663 param.
2664 * supergraph.cc (supernode::dump_dot): Call add_node_annotations
2665 twice: as before, passing false for "within_table", then again
2666 with true when within the TABLE element. Convert some begin_tr
2667 calls to begin_trtd, and some end_tr calls to end_tdtr.
2668 Repeat each add_stmt_annotations call, distinguishing between
2669 calls that add TRs and those that add TDs to an existing TR.
2670 Add a call to add_after_node_annotations.
2671 * supergraph.h (dot_annotator::add_node_annotations): Add a
2672 "within_table" param.
2673 (dot_annotator::add_stmt_annotations): Add a "within_row" param.
2674 (dot_annotator::add_after_node_annotations): New vfunc.
2675
2676 2020-03-27 David Malcolm <dmalcolm@redhat.com>
2677
2678 * diagnostic-manager.cc (dedupe_winners::add): Show the
2679 exploded_node index in the log messages.
2680 (diagnostic_manager::emit_saved_diagnostics): Log a summary of
2681 m_saved_diagnostics at entry.
2682
2683 2020-03-27 David Malcolm <dmalcolm@redhat.com>
2684
2685 * supergraph.cc (superedge::dump): Add space before description;
2686 move newline to non-pretty_printer overload.
2687
2688 2020-03-18 David Malcolm <dmalcolm@redhat.com>
2689
2690 * region-model.cc: Include "stor-layout.h".
2691 (region_model::dump_to_pp): Rather than calling
2692 dump_summary_of_map on each of the current frame and the globals,
2693 instead get a vec of representative path_vars for all regions,
2694 and then dump a summary of all of them.
2695 (region_model::dump_summary_of_map): Delete, rewriting into...
2696 (region_model::dump_summary_of_rep_path_vars): ...this new
2697 function, working on a vec of path_vars.
2698 (region_model::set_value): New overload.
2699 (region_model::get_representative_path_var): Rename
2700 "parent_region" local to "parent_reg" and consolidate with other
2701 local. Guard test for grandparent being stack on parent_reg being
2702 non-NULL. Move handling for parent being an array_region to
2703 within guard for parent_reg being non-NULL.
2704 (selftest::make_test_compound_type): New function.
2705 (selftest::test_dump_2): New selftest.
2706 (selftest::test_dump_3): New selftest.
2707 (selftest::test_stack_frames): Update expected output from
2708 simplified dump to show "a" and "b" from parent frame and "y" in
2709 child frame.
2710 (selftest::analyzer_region_model_cc_tests): Call test_dump_2 and
2711 test_dump_3.
2712 * region-model.h (region_model::set_value): New overload decl.
2713 (region_model::dump_summary_of_map): Delete.
2714 (region_model::dump_summary_of_rep_path_vars): New.
2715
2716 2020-03-18 David Malcolm <dmalcolm@redhat.com>
2717
2718 * region-model.h (class noop_region_model_context): New subclass
2719 of region_model_context.
2720 (class tentative_region_model_context): Inherit from
2721 noop_region_model_context rather than from region_model_context;
2722 drop redundant vfunc implementations.
2723 (class test_region_model_context): Likewise.
2724
2725 2020-03-18 David Malcolm <dmalcolm@redhat.com>
2726
2727 * engine.cc (exploded_node::exploded_node): Move implementation
2728 here from header; accept point_and_state by const reference rather
2729 than by value.
2730 * exploded-graph.h (exploded_node::exploded_node): Pass
2731 point_and_state by const reference rather than by value. Move
2732 body to engine.cc.
2733
2734 2020-03-18 Jakub Jelinek <jakub@redhat.com>
2735
2736 * sm-malloc.cc (malloc_state_machine::on_stmt): Fix up duplicated word
2737 issue in a comment.
2738 * region-model.cc (region_model::make_region_for_unexpected_tree_code,
2739 region_model::delete_region_and_descendents): Likewise.
2740 * engine.cc (class exploded_cluster): Likewise.
2741 * diagnostic-manager.cc (class path_builder): Likewise.
2742
2743 2020-03-13 David Malcolm <dmalcolm@redhat.com>
2744
2745 PR analyzer/94099
2746 PR analyzer/94105
2747 * diagnostic-manager.cc (for_each_state_change): Bulletproof
2748 against errors in get_rvalue by passing a
2749 tentative_region_model_context and rejecting if there's an error.
2750 * region-model.cc (region_model::get_lvalue_1): When handling
2751 ARRAY_REF, handle results of error-handling. Handle NOP_EXPR.
2752
2753 2020-03-06 David Malcolm <dmalcolm@redhat.com>
2754
2755 * analyzer.h (class array_region): New forward decl.
2756 * program-state.cc (selftest::test_program_state_dumping_2): New.
2757 (selftest::analyzer_program_state_cc_tests): Call it.
2758 * region-model.cc (array_region::constant_from_key): New.
2759 (region_model::get_representative_tree): Handle region_svalue by
2760 generating an ADDR_EXPR.
2761 (region_model::get_representative_path_var): In view handling,
2762 remove erroneous TREE_TYPE when determining the type of the tree.
2763 Handle array regions and STRING_CST.
2764 (selftest::assert_dump_tree_eq): New.
2765 (ASSERT_DUMP_TREE_EQ): New macro.
2766 (selftest::test_get_representative_tree): New selftest.
2767 (selftest::analyzer_region_model_cc_tests): Call it.
2768 * region-model.h (region::dyn_cast_array_region): New vfunc.
2769 (array_region::dyn_cast_array_region): New vfunc implementation.
2770 (array_region::constant_from_key): New decl.
2771
2772 2020-03-06 David Malcolm <dmalcolm@redhat.com>
2773
2774 * analyzer.h (dump_quoted_tree): New decl.
2775 * engine.cc (exploded_node::dump_dot): Pass region model to
2776 sm_state_map::print.
2777 * program-state.cc: Include diagnostic-core.h.
2778 (sm_state_map::print): Add "model" param and use it to print
2779 representative trees. Only print origin information if non-null.
2780 (sm_state_map::dump): Pass NULL for model to print call.
2781 (program_state::print): Pass region model to sm_state_map::print.
2782 (program_state::dump_to_pp): Use spaces rather than newlines when
2783 summarizing. Pass region_model to sm_state_map::print.
2784 (ana::selftest::assert_dump_eq): New function.
2785 (ASSERT_DUMP_EQ): New macro.
2786 (ana::selftest::test_program_state_dumping): New function.
2787 (ana::selftest::analyzer_program_state_cc_tests): Call it.
2788 * program-state.h (program_state::print): Add model param.
2789 * region-model.cc (dump_quoted_tree): New function.
2790 (map_region::print_fields): Use dump_quoted_tree rather than
2791 %qE to avoid lang-dependent output.
2792 (map_region::dump_child_label): Likewise.
2793 (region_model::dump_summary_of_map): For SK_REGION, when
2794 get_representative_path_var fails, print the region id rather than
2795 erroneously printing NULL.
2796 * sm.cc (state_machine::get_state_by_name): New function.
2797 * sm.h (state_machine::get_state_by_name): New decl.
2798
2799 2020-03-04 David Malcolm <dmalcolm@redhat.com>
2800
2801 * region-model.cc (region::validate): Convert model param from ptr
2802 to reference. Update comment to reflect that it's now a vfunc.
2803 (map_region::validate): New vfunc implementation.
2804 (array_region::validate): New vfunc implementation.
2805 (stack_region::validate): New vfunc implementation.
2806 (root_region::validate): New vfunc implementation.
2807 (region_model::validate): Pass a reference rather than a pointer
2808 to the region::validate vfunc.
2809 * region-model.h (region::validate): Make virtual. Convert model
2810 param from ptr to reference.
2811 (map_region::validate): New vfunc decl.
2812 (array_region::validate): New vfunc decl.
2813 (stack_region::validate): New vfunc decl.
2814 (root_region::validate): New vfunc decl.
2815
2816 2020-03-04 David Malcolm <dmalcolm@redhat.com>
2817
2818 PR analyzer/93993
2819 * region-model.cc (region_model::on_call_pre): Handle
2820 BUILT_IN_EXPECT and its variants.
2821 (region_model::add_any_constraints_from_ssa_def_stmt): Split out
2822 gassign handling into add_any_constraints_from_gassign; add gcall
2823 handling.
2824 (region_model::add_any_constraints_from_gassign): New function,
2825 based on the above. Add handling for NOP_EXPR.
2826 (region_model::add_any_constraints_from_gcall): New function.
2827 (region_model::get_representative_path_var): Handle views.
2828 * region-model.h
2829 (region_model::add_any_constraints_from_ssa_def_stmt): New decl.
2830 (region_model::add_any_constraints_from_gassign): New decl.
2831
2832 2020-03-04 David Malcolm <dmalcolm@redhat.com>
2833
2834 PR analyzer/93993
2835 * checker-path.h (state_change_event::get_lvalue): Add ctxt param
2836 and pass it to region_model::get_value call.
2837 * diagnostic-manager.cc (get_any_origin): Pass a
2838 tentative_region_model_context to the calls to get_lvalue and reject
2839 the comparison if errors occur.
2840 (can_be_expr_of_interest_p): New function.
2841 (diagnostic_manager::prune_for_sm_diagnostic): Replace checks for
2842 CONSTANT_CLASS_P with calls to update_for_unsuitable_sm_exprs.
2843 Pass a tentative_region_model_context to the calls to
2844 state_change_event::get_lvalue and reject the comparison if errors
2845 occur.
2846 (diagnostic_manager::update_for_unsuitable_sm_exprs): New.
2847 * diagnostic-manager.h
2848 (diagnostic_manager::update_for_unsuitable_sm_exprs): New decl.
2849 * region-model.h (class tentative_region_model_context): New class.
2850
2851 2020-03-04 David Malcolm <dmalcolm@redhat.com>
2852
2853 * engine.cc (worklist::worklist): Remove unused field m_eg.
2854 (class viz_callgraph_edge): Remove unused field m_call_sedge.
2855 (class viz_callgraph): Remove unused field m_sg.
2856 * exploded-graph.h (worklist::::m_eg): Remove unused field.
2857
2858 2020-03-02 David Malcolm <dmalcolm@redhat.com>
2859
2860 * analyzer.opt (fanalyzer-show-duplicate-count): New option.
2861 * diagnostic-manager.cc
2862 (diagnostic_manager::emit_saved_diagnostic): Use the above to
2863 guard the printing of the duplicate count.
2864
2865 2020-03-02 David Malcolm <dmalcolm@redhat.com>
2866
2867 PR analyzer/93959
2868 * analyzer.cc (is_std_function_p): New function.
2869 (is_std_named_call_p): New functions.
2870 * analyzer.h (is_std_named_call_p): New decl.
2871 * sm-malloc.cc (malloc_state_machine::on_stmt): Check for "std::"
2872 variants when checking for malloc, calloc and free.
2873
2874 2020-02-26 David Malcolm <dmalcolm@redhat.com>
2875
2876 PR analyzer/93950
2877 * diagnostic-manager.cc
2878 (diagnostic_manager::prune_for_sm_diagnostic): Assert that var is
2879 either NULL or not a constant. When updating var, bulletproof
2880 against constant values.
2881
2882 2020-02-26 David Malcolm <dmalcolm@redhat.com>
2883
2884 PR analyzer/93947
2885 * region-model.cc (region_model::get_fndecl_for_call): Gracefully
2886 fail for fn_decls that don't have a cgraph_node.
2887
2888 2020-02-26 David Malcolm <dmalcolm@redhat.com>
2889
2890 * bar-chart.cc: New file.
2891 * bar-chart.h: New file.
2892 * engine.cc: Include "analyzer/bar-chart.h".
2893 (stats::log): Only log the m_num_nodes kinds that are non-zero.
2894 (stats::dump): Likewise when dumping.
2895 (stats::get_total_enodes): New.
2896 (exploded_graph::get_or_create_node): Increment the per-point-data
2897 m_excess_enodes when hitting the per-program-point limit on
2898 enodes.
2899 (exploded_graph::print_bar_charts): New.
2900 (exploded_graph::log_stats): Log the number of unprocessed enodes
2901 in the worklist. Call print_bar_charts.
2902 (exploded_graph::dump_stats): Print the number of unprocessed
2903 enodes in the worklist.
2904 * exploded-graph.h (stats::get_total_enodes): New decl.
2905 (struct per_program_point_data): Add field m_excess_enodes.
2906 (exploded_graph::print_bar_charts): New decl.
2907 * supergraph.cc (superedge::dump): New.
2908 (superedge::dump): New.
2909 * supergraph.h (supernode::get_function): New.
2910 (superedge::dump): New decl.
2911 (superedge::dump): New decl.
2912
2913 2020-02-24 David Malcolm <dmalcolm@redhat.com>
2914
2915 * engine.cc (exploded_graph::get_or_create_node): Dump the
2916 program_state to the pp, rather than to stderr.
2917
2918 2020-02-24 David Malcolm <dmalcolm@redhat.com>
2919
2920 PR analyzer/93032
2921 * sm.cc (make_checkers): Require the "taint" checker to be
2922 explicitly enabled.
2923
2924 2020-02-24 David Malcolm <dmalcolm@redhat.com>
2925
2926 PR analyzer/93899
2927 * engine.cc
2928 (impl_region_model_context::impl_region_model_context): Add logger
2929 param.
2930 * engine.cc (exploded_graph::add_function_entry): Create an
2931 impl_region_model_context and pass it to the push_frame call.
2932 Bail if the resulting state is invalid.
2933 (exploded_graph::build_initial_worklist): Likewise.
2934 (exploded_graph::build_initial_worklist): Handle the case where
2935 add_function_entry fails.
2936 * exploded-graph.h
2937 (impl_region_model_context::impl_region_model_context): Add logger
2938 param.
2939 * region-model.cc (map_region::get_or_create): Add ctxt param and
2940 pass it to add_region_for_type.
2941 (map_region::can_merge_p): Pass NULL as a ctxt to call to
2942 get_or_create.
2943 (array_region::get_element): Pass ctxt to call to get_or_create.
2944 (array_region::get_or_create): Add ctxt param and pass it to
2945 add_region_for_type.
2946 (root_region::push_frame): Pass ctxt to get_or_create calls.
2947 (region_model::get_lvalue_1): Likewise.
2948 (region_model::make_region_for_unexpected_tree_code): Assert that
2949 ctxt is non-NULL.
2950 (region_model::get_rvalue_1): Pass ctxt to get_svalue_for_fndecl
2951 and get_svalue_for_label calls.
2952 (region_model::get_svalue_for_fndecl): Add ctxt param and pass it
2953 to get_region_for_fndecl.
2954 (region_model::get_region_for_fndecl): Add ctxt param and pass it
2955 to get_or_create.
2956 (region_model::get_svalue_for_label): Add ctxt param and pass it
2957 to get_region_for_label.
2958 (region_model::get_region_for_label): Add ctxt param and pass it
2959 to get_region_for_fndecl and get_or_create.
2960 (region_model::get_field_region): Add ctxt param and pass it to
2961 get_or_create_view and get_or_create.
2962 (make_region_for_type): Replace gcc_unreachable with return NULL.
2963 (region_model::add_region_for_type): Add ctxt param. Handle a
2964 return of NULL from make_region_for_type by calling
2965 make_region_for_unexpected_tree_code.
2966 (region_model::get_or_create_mem_ref): Pass ctxt to calls to
2967 get_or_create_view.
2968 (region_model::get_or_create_view): Add ctxt param and pass it to
2969 add_region_for_type.
2970 (selftest::test_state_merging): Pass ctxt to get_or_create_view.
2971 * region-model.h (region_model::get_or_create): Add ctxt param.
2972 (region_model::add_region_for_type): Likewise.
2973 (region_model::get_svalue_for_fndecl): Likewise.
2974 (region_model::get_svalue_for_label): Likewise.
2975 (region_model::get_region_for_fndecl): Likewise.
2976 (region_model::get_region_for_label): Likewise.
2977 (region_model::get_field_region): Likewise.
2978 (region_model::get_or_create_view): Likewise.
2979
2980 2020-02-24 David Malcolm <dmalcolm@redhat.com>
2981
2982 * checker-path.cc (superedge_event::should_filter_p): Update
2983 filter for empty descriptions to cover verbosity level 3 as well
2984 as 2.
2985 * diagnostic-manager.cc: Include "analyzer/reachability.h".
2986 (class path_builder): New class.
2987 (diagnostic_manager::emit_saved_diagnostic): Create a path_builder
2988 and pass it to build_emission_path, rather passing eg; similarly
2989 for add_events_for_eedge and ext_state.
2990 (diagnostic_manager::build_emission_path): Replace "eg" param
2991 with a path_builder, pass it to add_events_for_eedge.
2992 (diagnostic_manager::add_events_for_eedge): Replace ext_state
2993 param with path_builder; pass it to add_events_for_superedge.
2994 (diagnostic_manager::significant_edge_p): New.
2995 (diagnostic_manager::add_events_for_superedge): Add path_builder
2996 param. Reject insignificant edges at verbosity levels below 3.
2997 (diagnostic_manager::prune_for_sm_diagnostic): Update highest
2998 verbosity level to 4.
2999 * diagnostic-manager.h (class path_builder): New forward decl.
3000 (diagnostic_manager::build_emission_path): Replace "eg" param
3001 with a path_builder.
3002 (diagnostic_manager::add_events_for_eedge): Replace ext_state
3003 param with path_builder.
3004 (diagnostic_manager::significant_edge_p): New.
3005 (diagnostic_manager::add_events_for_superedge): Add path_builder
3006 param.
3007 * reachability.h: New file.
3008
3009 2020-02-18 David Malcolm <dmalcolm@redhat.com>
3010
3011 PR analyzer/93692
3012 * analyzer.opt (fdump-analyzer-callgraph): Rewrite description.
3013
3014 2020-02-18 David Malcolm <dmalcolm@redhat.com>
3015
3016 PR analyzer/93777
3017 * region-model.cc (region_model::maybe_cast_1): Replace assertion
3018 that build_cast returns non-NULL with a conditional, falling
3019 through to the logic which returns a new unknown value of the
3020 desired type if it fails.
3021
3022 2020-02-18 David Malcolm <dmalcolm@redhat.com>
3023
3024 PR analyzer/93778
3025 * engine.cc (impl_region_model_context::on_unknown_tree_code):
3026 Rename to...
3027 (impl_region_model_context::on_unexpected_tree_code): ...this and
3028 convert first argument from path_var to tree.
3029 (exploded_node::on_stmt): Pass ctxt to purge_for_unknown_fncall.
3030 * exploded-graph.h (region_model_context::on_unknown_tree_code):
3031 Rename to...
3032 (region_model_context::on_unexpected_tree_code): ...this and
3033 convert first argument from path_var to tree.
3034 * program-state.cc (sm_state_map::purge_for_unknown_fncall): Add
3035 ctxt param and pass on to calls to get_rvalue.
3036 * program-state.h (sm_state_map::purge_for_unknown_fncall): Add
3037 ctxt param.
3038 * region-model.cc (region_model::handle_unrecognized_call): Pass
3039 ctxt on to call to get_rvalue.
3040 (region_model::get_lvalue_1): Move body of default case to
3041 region_model::make_region_for_unexpected_tree_code and call it.
3042 Within COMPONENT_REF case, reject attempts to handle types other
3043 than RECORD_TYPE and UNION_TYPE.
3044 (region_model::make_region_for_unexpected_tree_code): New
3045 function, based on default case of region_model::get_lvalue_1.
3046 * region-model.h
3047 (region_model::make_region_for_unexpected_tree_code): New decl.
3048 (region_model::on_unknown_tree_code): Rename to...
3049 (region_model::on_unexpected_tree_code): ...this and convert first
3050 argument from path_var to tree.
3051 (class test_region_model_context): Update vfunc implementation for
3052 above change.
3053
3054 2020-02-18 David Malcolm <dmalcolm@redhat.com>
3055
3056 PR analyzer/93774
3057 * region-model.cc
3058 (region_model::convert_byte_offset_to_array_index): Use
3059 int_size_in_bytes before calling size_in_bytes, to gracefully fail
3060 on incomplete types.
3061
3062 2020-02-17 David Malcolm <dmalcolm@redhat.com>
3063
3064 PR analyzer/93775
3065 * region-model.cc (region_model::get_fndecl_for_call): Handle the
3066 case where the code_region's get_tree_for_child_region returns
3067 NULL.
3068
3069 2020-02-17 David Malcolm <dmalcolm@redhat.com>
3070
3071 PR analyzer/93388
3072 * engine.cc (impl_region_model_context::on_unknown_tree_code):
3073 New.
3074 (exploded_graph::get_or_create_node): Reject invalid states.
3075 * exploded-graph.h
3076 (impl_region_model_context::on_unknown_tree_code): New decl.
3077 (point_and_state::point_and_state): Assert that the state is
3078 valid.
3079 * program-state.cc (program_state::program_state): Initialize
3080 m_valid to true.
3081 (program_state::operator=): Copy m_valid.
3082 (program_state::program_state): Likewise for move constructor.
3083 (program_state::print): Print m_valid.
3084 (program_state::dump_to_pp): Likewise.
3085 * program-state.h (program_state::m_valid): New field.
3086 * region-model.cc (region_model::get_lvalue_1): Implement the
3087 default case by returning a new symbolic region and calling
3088 the context's on_unknown_tree_code, rather than issuing an
3089 internal_error. Implement VIEW_CONVERT_EXPR.
3090 * region-model.h (region_model_context::on_unknown_tree_code): New
3091 vfunc.
3092 (test_region_model_context::on_unknown_tree_code): New.
3093
3094 2020-02-17 David Malcolm <dmalcolm@redhat.com>
3095
3096 * sm-malloc.cc (malloc_diagnostic::describe_state_change): For
3097 transition to the "null" state, only say "assuming" when
3098 transitioning from the "unchecked" state.
3099
3100 2020-02-17 David Malcolm <dmalcolm@redhat.com>
3101
3102 * diagnostic-manager.h (diagnostic_manager::get_saved_diagnostic):
3103 Add const overload.
3104 * engine.cc (exploded_node::dump_dot): Dump saved_diagnostics.
3105 * exploded-graph.h (exploded_graph::get_diagnostic_manager): Add
3106 const overload.
3107
3108 2020-02-11 David Malcolm <dmalcolm@redhat.com>
3109
3110 PR analyzer/93288
3111 * analysis-plan.cc (analysis_plan::use_summary_p): Look through
3112 the ultimate_alias_target when getting the called function.
3113 * engine.cc (exploded_node::on_stmt): Rename second "ctxt" to
3114 "sm_ctxt". Use the region_model's get_fndecl_for_call rather than
3115 gimple_call_fndecl.
3116 * region-model.cc (region_model::get_fndecl_for_call): Use
3117 ultimate_alias_target on fndecl.
3118 * supergraph.cc (get_ultimate_function_for_cgraph_edge): New
3119 function.
3120 (supergraph_call_edge): Use it when rejecting edges without
3121 functions.
3122 (supergraph::supergraph): Use it to get the function for the
3123 cgraph_edge when building interprocedural superedges.
3124 (callgraph_superedge::get_callee_function): Use it.
3125 * supergraph.h (supergraph::get_num_snodes): Make param const.
3126 (supergraph::function_to_num_snodes_t): Make first type param
3127 const.
3128
3129 2020-02-11 David Malcolm <dmalcolm@redhat.com>
3130
3131 PR analyzer/93374
3132 * engine.cc (exploded_edge::exploded_edge): Add ext_state param
3133 and pass it to change.validate.
3134 (exploded_graph::get_or_create_node): Move purging of change
3135 svalues to also cover the case of reusing an existing enode.
3136 (exploded_graph::add_edge): Pass m_ext_state to exploded_edge's
3137 ctor.
3138 * exploded-graph.h (exploded_edge::exploded_edge): Add ext_state
3139 param.
3140 * program-state.cc (state_change::sm_change::validate): Likewise.
3141 Assert that m_sm_idx is sane. Use ext_state to validate
3142 m_old_state and m_new_state.
3143 (state_change::validate): Add ext_state param and pass it to
3144 the sm_change validate calls.
3145 * program-state.h (state_change::sm_change::validate): Add
3146 ext_state param.
3147 (state_change::validate): Likewise.
3148
3149 2020-02-11 David Malcolm <dmalcolm@redhat.com>
3150
3151 PR analyzer/93669
3152 * engine.cc (exploded_graph::dump_exploded_nodes): Handle missing
3153 case of STATUS_WORKLIST in implementation of
3154 "__analyzer_dump_exploded_nodes".
3155
3156 2020-02-11 David Malcolm <dmalcolm@redhat.com>
3157
3158 PR analyzer/93649
3159 * constraint-manager.cc (constraint_manager::add_constraint): When
3160 merging equivalence classes and updating m_constant, also update
3161 m_cst_sid.
3162 (constraint_manager::validate): If m_constant is non-NULL assert
3163 that m_cst_sid is non-null and is valid.
3164
3165 2020-02-11 David Malcolm <dmalcolm@redhat.com>
3166
3167 PR analyzer/93657
3168 * analyzer.opt (fdump-analyzer): Reword description.
3169 (fdump-analyzer-stderr): Likewise.
3170
3171 2020-02-11 David Malcolm <dmalcolm@redhat.com>
3172
3173 * region-model.cc (print_quoted_type): New function.
3174 (svalue::print): Use it to replace %qT.
3175 (region::dump_to_pp): Likewise.
3176 (region::dump_child_label): Likewise.
3177 (region::print_fields): Likewise.
3178
3179 2020-02-10 David Malcolm <dmalcolm@redhat.com>
3180
3181 PR analyzer/93659
3182 * analyzer.opt (-param=analyzer-max-recursion-depth=): Fix "tha"
3183 -> "that" typo.
3184 (Wanalyzer-use-of-uninitialized-value): Fix "initialized" ->
3185 "uninitialized" typo.
3186
3187 2020-02-10 David Malcolm <dmalcolm@redhat.com>
3188
3189 PR analyzer/93350
3190 * region-model.cc (region_model::get_lvalue_1):
3191 Handle BIT_FIELD_REF.
3192 (make_region_for_type): Handle VECTOR_TYPE.
3193
3194 2020-02-10 David Malcolm <dmalcolm@redhat.com>
3195
3196 PR analyzer/93647
3197 * diagnostic-manager.cc
3198 (diagnostic_manager::prune_for_sm_diagnostic): Bulletproof against
3199 VAR being constant.
3200 * region-model.cc (region_model::get_lvalue_1): Provide a better
3201 error message when encountering an unhandled tree code.
3202
3203 2020-02-10 David Malcolm <dmalcolm@redhat.com>
3204
3205 PR analyzer/93405
3206 * region-model.cc (region_model::get_lvalue_1): Implement
3207 CONST_DECL.
3208
3209 2020-02-06 David Malcolm <dmalcolm@redhat.com>
3210
3211 * region-model.cc (region_model::maybe_cast_1): Attempt to provide
3212 a region_svalue if either type is a pointer, rather than if both
3213 types are pointers.
3214
3215 2020-02-05 David Malcolm <dmalcolm@redhat.com>
3216
3217 * engine.cc (exploded_node::dump_dot): Show merger enodes.
3218 (worklist::add_node): Assert that the node's m_status is
3219 STATUS_WORKLIST.
3220 (exploded_graph::process_worklist): Likewise for nodes from the
3221 worklist. Set status of merged nodes to STATUS_MERGER.
3222 (exploded_graph::process_node): Set status of node to
3223 STATUS_PROCESSED.
3224 (exploded_graph::dump_exploded_nodes): Rework handling of
3225 "__analyzer_dump_exploded_nodes", splitting enodes by status into
3226 "processed" and "merger", showing the count of just the processed
3227 enodes at the call, rather than the count of all enodes.
3228 * exploded-graph.h (exploded_node::status): New enum.
3229 (exploded_node::exploded_node): Initialize m_status to
3230 STATUS_WORKLIST.
3231 (exploded_node::get_status): New getter.
3232 (exploded_node::set_status): New setter.
3233
3234 2020-02-04 David Malcolm <dmalcolm@redhat.com>
3235
3236 PR analyzer/93543
3237 * engine.cc (pod_hash_traits<function_call_string>::mark_empty):
3238 Eliminate reinterpret_cast.
3239 (pod_hash_traits<function_call_string>::is_empty): Likewise.
3240
3241 2020-02-03 David Malcolm <dmalcolm@redhat.com>
3242
3243 * constraint-manager.cc (range::constrained_to_single_element):
3244 Replace fold_build2 with fold_binary. Remove unnecessary newline.
3245 (constraint_manager::get_or_add_equiv_class): Replace fold_build2
3246 with fold_binary in two places, and remove out-of-date comment.
3247 (constraint_manager::eval_condition): Replace fold_build2 with
3248 fold_binary.
3249 * region-model.cc (constant_svalue::eval_condition): Likewise.
3250 (region_model::on_assignment): Likewise.
3251
3252 2020-02-03 David Malcolm <dmalcolm@redhat.com>
3253
3254 PR analyzer/93544
3255 * diagnostic-manager.cc
3256 (diagnostic_manager::prune_for_sm_diagnostic): Bulletproof
3257 against bad choices due to bad paths.
3258 * engine.cc (impl_region_model_context::on_phi): New.
3259 * exploded-graph.h (impl_region_model_context::on_phi): New decl.
3260 * region-model.cc (region_model::on_longjmp): Likewise.
3261 (region_model::handle_phi): Add phi param. Call the ctxt's on_phi
3262 vfunc.
3263 (region_model::update_for_phis): Pass phi to handle_phi.
3264 * region-model.h (region_model::handle_phi): Add phi param.
3265 (region_model_context::on_phi): New vfunc.
3266 (test_region_model_context::on_phi): New.
3267 * sm-malloc.cc (malloc_state_machine::on_phi): New.
3268 (malloc_state_machine::on_zero_assignment): New.
3269 * sm.h (state_machine::on_phi): New vfunc.
3270
3271 2020-02-03 David Malcolm <dmalcolm@redhat.com>
3272
3273 * engine.cc (supernode_cluster::dump_dot): Show BB index as
3274 well as SN index.
3275 * supergraph.cc (supernode::dump_dot): Likewise.
3276
3277 2020-02-03 David Malcolm <dmalcolm@redhat.com>
3278
3279 PR analyzer/93546
3280 * region-model.cc (region_model::on_call_pre): Update for new
3281 param of symbolic_region ctor.
3282 (region_model::deref_rvalue): Likewise.
3283 (region_model::add_new_malloc_region): Likewise.
3284 (make_region_for_type): Likewise, preserving type.
3285 * region-model.h (symbolic_region::symbolic_region): Add "type"
3286 param and pass it to base class ctor.
3287
3288 2020-02-03 David Malcolm <dmalcolm@redhat.com>
3289
3290 PR analyzer/93547
3291 * constraint-manager.cc
3292 (constraint_manager::get_or_add_equiv_class): Ensure types are
3293 compatible before comparing constants.
3294
3295 2020-01-31 David Malcolm <dmalcolm@redhat.com>
3296
3297 PR analyzer/93457
3298 * region-model.cc (make_region_for_type): Use VOID_TYPE_P rather
3299 than checking against void_type_node.
3300
3301 2020-01-31 David Malcolm <dmalcolm@redhat.com>
3302
3303 PR analyzer/93373
3304 * region-model.cc (ASSERT_COMPAT_TYPES): Convert to...
3305 (assert_compat_types): ...this, and bail when either type is NULL,
3306 or when VOID_TYPE_P (dst_type).
3307 (region_model::get_lvalue): Update for above conversion.
3308 (region_model::get_rvalue): Likewise.
3309
3310 2020-01-31 David Malcolm <dmalcolm@redhat.com>
3311
3312 PR analyzer/93379
3313 * region-model.cc (region_model::update_for_return_superedge):
3314 Move check for null result so that it also guards setting the
3315 lhs.
3316
3317 2020-01-31 David Malcolm <dmalcolm@redhat.com>
3318
3319 PR analyzer/93438
3320 * region-model.cc (stack_region::can_merge_p): Split into a two
3321 pass approach, creating all stack regions first, then populating
3322 them.
3323 (selftest::test_state_merging): Add test coverage for (a) the case
3324 of self-merging a model in which a local in an older stack frame
3325 points to a local in a more recent stack frame (which previously
3326 would ICE), and (b) the case of self-merging a model in which a
3327 local points to a global (which previously worked OK).
3328
3329 2020-01-31 David Malcolm <dmalcolm@redhat.com>
3330
3331 * analyzer.cc (is_named_call_p): Replace tests for fndecl being
3332 extern at file scope and having a non-NULL DECL_NAME with a call
3333 to maybe_special_function_p.
3334 * function-set.cc (function_set::contains_decl_p): Add call to
3335 maybe_special_function_p.
3336
3337 2020-01-31 David Malcolm <dmalcolm@redhat.com>
3338
3339 PR analyzer/93450
3340 * constraint-manager.cc
3341 (constraint_manager::get_or_add_equiv_class): Only compare constants
3342 if their types are compatible.
3343 * region-model.cc (constant_svalue::eval_condition): Replace check
3344 for identical types with call to types_compatible_p.
3345
3346 2020-01-30 David Malcolm <dmalcolm@redhat.com>
3347
3348 * program-state.cc (extrinsic_state::dump_to_pp): New.
3349 (extrinsic_state::dump_to_file): New.
3350 (extrinsic_state::dump): New.
3351 * program-state.h (extrinsic_state::dump_to_pp): New decl.
3352 (extrinsic_state::dump_to_file): New decl.
3353 (extrinsic_state::dump): New decl.
3354 * sm.cc: Include "pretty-print.h".
3355 (state_machine::dump_to_pp): New.
3356 * sm.h (state_machine::dump_to_pp): New decl.
3357
3358 2020-01-30 David Malcolm <dmalcolm@redhat.com>
3359
3360 * diagnostic-manager.cc (for_each_state_change): Use
3361 extrinsic_state::get_num_checkers rather than accessing m_checkers
3362 directly.
3363 * program-state.cc (program_state::program_state): Likewise.
3364 * program-state.h (extrinsic_state::m_checkers): Make private.
3365
3366 2020-01-30 David Malcolm <dmalcolm@redhat.com>
3367
3368 PR analyzer/93356
3369 * region-model.cc (region_model::eval_condition): In both
3370 overloads, bail out immediately on floating-point types.
3371 (region_model::eval_condition_without_cm): Likewise.
3372 (region_model::add_constraint): Likewise.
3373
3374 2020-01-30 David Malcolm <dmalcolm@redhat.com>
3375
3376 PR analyzer/93450
3377 * program-state.cc (sm_state_map::set_state): For the overload
3378 taking an svalue_id, bail out if the set_state on the ec does
3379 nothing. Convert the latter's return type from void to bool,
3380 returning true if anything changed.
3381 (sm_state_map::impl_set_state): Convert the return type from void
3382 to bool, returning true if the state changed.
3383 * program-state.h (sm_state_map::set_state): Convert return type
3384 from void to bool.
3385 (sm_state_map::impl_set_state): Likewise.
3386 * region-model.cc (constant_svalue::eval_condition): Only call
3387 fold_build2 if the types are the same.
3388
3389 2020-01-29 Jakub Jelinek <jakub@redhat.com>
3390
3391 * analyzer.h (PUSH_IGNORE_WFORMAT, POP_IGNORE_WFORMAT): Remove.
3392 * constraint-manager.cc: Include diagnostic-core.h before graphviz.h.
3393 (range::dump, equiv_class::print): Don't use PUSH_IGNORE_WFORMAT or
3394 POP_IGNORE_WFORMAT.
3395 * state-purge.cc: Include diagnostic-core.h before
3396 gimple-pretty-print.h.
3397 (state_purge_annotator::add_node_annotations, print_vec_of_names):
3398 Don't use PUSH_IGNORE_WFORMAT or POP_IGNORE_WFORMAT.
3399 * region-model.cc: Move diagnostic-core.h include before graphviz.h.
3400 (path_var::dump, svalue::print, constant_svalue::print_details,
3401 region::dump_to_pp, region::dump_child_label, region::print_fields,
3402 map_region::print_fields, map_region::dump_dot_to_pp,
3403 map_region::dump_child_label, array_region::print_fields,
3404 array_region::dump_dot_to_pp): Don't use PUSH_IGNORE_WFORMAT or
3405 POP_IGNORE_WFORMAT.
3406
3407 2020-01-28 David Malcolm <dmalcolm@redhat.com>
3408
3409 PR analyzer/93316
3410 * engine.cc (rewind_info_t::update_model): Get the longjmp call
3411 stmt via get_longjmp_call () rather than assuming it is the last
3412 stmt in the longjmp's supernode.
3413 (rewind_info_t::add_events_to_path): Get the location_t for the
3414 rewind_from_longjmp_event via get_longjmp_call () rather than from
3415 the supernode's get_end_location ().
3416
3417 2020-01-28 David Malcolm <dmalcolm@redhat.com>
3418
3419 * region-model.cc (poisoned_value_diagnostic::emit): Update for
3420 renaming of warning_at overload to warning_meta.
3421 * sm-file.cc (file_leak::emit): Likewise.
3422 * sm-malloc.cc (double_free::emit): Likewise.
3423 (possible_null_deref::emit): Likewise.
3424 (possible_null_arg::emit): Likewise.
3425 (null_deref::emit): Likewise.
3426 (null_arg::emit): Likewise.
3427 (use_after_free::emit): Likewise.
3428 (malloc_leak::emit): Likewise.
3429 (free_of_non_heap::emit): Likewise.
3430 * sm-sensitive.cc (exposure_through_output_file::emit): Likewise.
3431 * sm-signal.cc (signal_unsafe_call::emit): Likewise.
3432 * sm-taint.cc (tainted_array_index::emit): Likewise.
3433
3434 2020-01-27 David Malcolm <dmalcolm@redhat.com>
3435
3436 PR analyzer/93451
3437 * region-model.cc (tree_cmp): For the REAL_CST case, impose an
3438 arbitrary order on NaNs relative to other NaNs and to non-NaNs;
3439 const-correctness tweak.
3440 (ana::selftests::build_real_cst_from_string): New function.
3441 (ana::selftests::append_interesting_constants): New function.
3442 (ana::selftests::test_tree_cmp_on_constants): New test.
3443 (ana::selftests::test_canonicalization_4): New test.
3444 (ana::selftests::analyzer_region_model_cc_tests): Call the new
3445 tests.
3446
3447 2020-01-27 David Malcolm <dmalcolm@redhat.com>
3448
3449 PR analyzer/93349
3450 * engine.cc (run_checkers): Save and restore input_location.
3451
3452 2020-01-27 David Malcolm <dmalcolm@redhat.com>
3453
3454 * call-string.cc (call_string::cmp_1): Delete, moving body to...
3455 (call_string::cmp): ...here.
3456 * call-string.h (call_string::cmp_1): Delete decl.
3457 * engine.cc (worklist::key_t::cmp_1): Delete, moving body to...
3458 (worklist::key_t::cmp): ...here. Implement hash comparisons
3459 via comparison rather than subtraction to avoid overflow issues.
3460 * exploded-graph.h (worklist::key_t::cmp_1): Delete decl.
3461 * region-model.cc (tree_cmp): Eliminate buggy checking for
3462 symmetry.
3463
3464 2020-01-27 David Malcolm <dmalcolm@redhat.com>
3465
3466 * analyzer.cc (is_named_call_p): Check that fndecl is "extern"
3467 and at file scope. Potentially disregard prefix _ or __ in
3468 fndecl's name. Bail if the identifier is NULL.
3469 (is_setjmp_call_p): Expect a gcall rather than plain gimple.
3470 Remove special-case check for leading prefix, and also check for
3471 sigsetjmp.
3472 (is_longjmp_call_p): Also check for siglongjmp.
3473 (get_user_facing_name): New function.
3474 * analyzer.h (is_setjmp_call_p): Expect a gcall rather than plain
3475 gimple.
3476 (get_user_facing_name): New decl.
3477 * checker-path.cc (setjmp_event::get_desc): Use
3478 get_user_facing_name to avoid hardcoding the function name.
3479 (rewind_event::rewind_event): Add rewind_info param, using it to
3480 initialize new m_rewind_info field, and strengthen the assertion.
3481 (rewind_from_longjmp_event::get_desc): Use get_user_facing_name to
3482 avoid hardcoding the function name.
3483 (rewind_to_setjmp_event::get_desc): Likewise.
3484 * checker-path.h (setjmp_event::setjmp_event): Add setjmp_call
3485 param and use it to initialize...
3486 (setjmp_event::m_setjmp_call): New field.
3487 (rewind_event::rewind_event): Add rewind_info param.
3488 (rewind_event::m_rewind_info): New protected field.
3489 (rewind_from_longjmp_event::rewind_from_longjmp_event): Add
3490 rewind_info param.
3491 (class rewind_to_setjmp_event): Move rewind_info field to parent
3492 class.
3493 * diagnostic-manager.cc (diagnostic_manager::add_events_for_eedge):
3494 Update setjmp-handling for is_setjmp_call_p requiring a gcall;
3495 pass the call to the new setjmp_event.
3496 * engine.cc (exploded_node::on_stmt): Update for is_setjmp_call_p
3497 requiring a gcall.
3498 (stale_jmp_buf::emit): Use get_user_facing_name to avoid
3499 hardcoding the function names.
3500 (exploded_node::on_longjmp): Pass the longjmp_call when
3501 constructing rewind_info.
3502 (rewind_info_t::add_events_to_path): Pass the rewind_info_t to the
3503 rewind_from_longjmp_event's ctor.
3504 * exploded-graph.h (rewind_info_t::rewind_info_t): Add
3505 longjmp_call param.
3506 (rewind_info_t::get_longjmp_call): New.
3507 (rewind_info_t::m_longjmp_call): New.
3508 * region-model.cc (region_model::on_setjmp): Update comment to
3509 indicate this is also for sigsetjmp.
3510 * region-model.h (struct setjmp_record): Likewise.
3511 (class setjmp_svalue): Likewise.
3512
3513 2020-01-27 David Malcolm <dmalcolm@redhat.com>
3514
3515 PR analyzer/93276
3516 * analyzer.h (PUSH_IGNORE_WFORMAT, POP_IGNORE_WFORMAT): Guard these
3517 macros with GCC_VERSION >= 4006, making them no-op otherwise.
3518 * engine.cc (exploded_edge::exploded_edge): Specify template for
3519 base class initializer.
3520 (exploded_graph::add_edge): Specify template when chaining up to
3521 base class add_edge implementation.
3522 (viz_callgraph_node::dump_dot): Drop redundant "typename".
3523 (viz_callgraph_edge::viz_callgraph_edge): Specify template for
3524 base class initializer.
3525 * program-state.cc (sm_state_map::clone_with_remapping): Drop
3526 redundant "typename".
3527 (sm_state_map::print): Likewise.
3528 (sm_state_map::hash): Likewise.
3529 (sm_state_map::operator==): Likewise.
3530 (sm_state_map::remap_svalue_ids): Likewise.
3531 (sm_state_map::on_svalue_purge): Likewise.
3532 (sm_state_map::validate): Likewise.
3533 * program-state.h (sm_state_map::iterator_t): Likewise.
3534 * supergraph.h (superedge::superedge): Specify template for base
3535 class initializer.
3536
3537 2020-01-23 David Malcolm <dmalcolm@redhat.com>
3538
3539 PR analyzer/93375
3540 * supergraph.cc (callgraph_superedge::get_arg_for_parm): Fail
3541 gracefully is the number of parameters at the callee exceeds the
3542 number of arguments at the call stmt.
3543 (callgraph_superedge::get_parm_for_arg): Likewise.
3544
3545 2020-01-22 David Malcolm <dmalcolm@redhat.com>
3546
3547 PR analyzer/93382
3548 * program-state.cc (sm_state_map::on_svalue_purge): If the
3549 entry survives, but the origin is being purged, then reset the
3550 origin to null.
3551
3552 2020-01-22 David Malcolm <dmalcolm@redhat.com>
3553
3554 * sm-signal.cc: Fix nesting of CHECKING_P and namespace ana.
3555
3556 2020-01-22 David Malcolm <dmalcolm@redhat.com>
3557
3558 PR analyzer/93378
3559 * engine.cc (setjmp_svalue::compare_fields): Update for
3560 replacement of m_enode with m_setjmp_record.
3561 (setjmp_svalue::add_to_hash): Likewise.
3562 (setjmp_svalue::get_index): Rename...
3563 (setjmp_svalue::get_enode_index): ...to this.
3564 (setjmp_svalue::print_details): Update for replacement of m_enode
3565 with m_setjmp_record.
3566 (exploded_node::on_longjmp): Likewise.
3567 * exploded-graph.h (rewind_info_t::m_enode_origin): Replace...
3568 (rewind_info_t::m_setjmp_record): ...with this.
3569 (rewind_info_t::rewind_info_t): Update for replacement of m_enode
3570 with m_setjmp_record.
3571 (rewind_info_t::get_setjmp_point): Likewise.
3572 (rewind_info_t::get_setjmp_call): Likewise.
3573 * region-model.cc (region_model::dump_summary_of_map): Likewise.
3574 (region_model::on_setjmp): Likewise.
3575 * region-model.h (struct setjmp_record): New struct.
3576 (setjmp_svalue::m_enode): Replace...
3577 (setjmp_svalue::m_setjmp_record): ...with this.
3578 (setjmp_svalue::setjmp_svalue): Update for replacement of m_enode
3579 with m_setjmp_record.
3580 (setjmp_svalue::clone): Likewise.
3581 (setjmp_svalue::get_index): Rename...
3582 (setjmp_svalue::get_enode_index): ...to this.
3583 (setjmp_svalue::get_exploded_node): Replace...
3584 (setjmp_svalue::get_setjmp_record): ...with this.
3585
3586 2020-01-22 David Malcolm <dmalcolm@redhat.com>
3587
3588 PR analyzer/93316
3589 * analyzer.cc (is_setjmp_call_p): Check for "setjmp" as well as
3590 "_setjmp".
3591
3592 2020-01-22 David Malcolm <dmalcolm@redhat.com>
3593
3594 PR analyzer/93307
3595 * analysis-plan.h: Wrap everything namespace "ana".
3596 * analyzer-logging.cc: Likewise.
3597 * analyzer-logging.h: Likewise.
3598 * analyzer-pass.cc (pass_analyzer::execute): Update for "ana"
3599 namespace.
3600 * analyzer-selftests.cc: Wrap everything namespace "ana".
3601 * analyzer-selftests.h: Likewise.
3602 * analyzer.h: Likewise for forward decls of types.
3603 * call-string.h: Likewise.
3604 * checker-path.cc: Likewise.
3605 * checker-path.h: Likewise.
3606 * constraint-manager.cc: Likewise.
3607 * constraint-manager.h: Likewise.
3608 * diagnostic-manager.cc: Likewise.
3609 * diagnostic-manager.h: Likewise.
3610 * engine.cc: Likewise.
3611 * engine.h: Likewise.
3612 * exploded-graph.h: Likewise.
3613 * function-set.cc: Likewise.
3614 * function-set.h: Likewise.
3615 * pending-diagnostic.cc: Likewise.
3616 * pending-diagnostic.h: Likewise.
3617 * program-point.cc: Likewise.
3618 * program-point.h: Likewise.
3619 * program-state.cc: Likewise.
3620 * program-state.h: Likewise.
3621 * region-model.cc: Likewise.
3622 * region-model.h: Likewise.
3623 * sm-file.cc: Likewise.
3624 * sm-malloc.cc: Likewise.
3625 * sm-pattern-test.cc: Likewise.
3626 * sm-sensitive.cc: Likewise.
3627 * sm-signal.cc: Likewise.
3628 * sm-taint.cc: Likewise.
3629 * sm.cc: Likewise.
3630 * sm.h: Likewise.
3631 * state-purge.h: Likewise.
3632 * supergraph.cc: Likewise.
3633 * supergraph.h: Likewise.
3634
3635 2020-01-21 David Malcolm <dmalcolm@redhat.com>
3636
3637 PR analyzer/93352
3638 * region-model.cc (int_cmp): Rename to...
3639 (array_region::key_cmp): ...this, using key_t rather than int.
3640 Rewrite in terms of comparisons rather than subtraction to
3641 ensure qsort is anti-symmetric when handling extreme values.
3642 (array_region::walk_for_canonicalization): Update for above
3643 renaming.
3644 * region-model.h (array_region::key_cmp): New decl.
3645
3646 2020-01-17 David Malcolm <dmalcolm@redhat.com>
3647
3648 PR analyzer/93290
3649 * region-model.cc (region_model::eval_condition_without_cm): Avoid
3650 gcc_unreachable for unexpected operations for the case where
3651 we're comparing an svalue against itself.
3652
3653 2020-01-17 David Malcolm <dmalcolm@redhat.com>
3654
3655 PR analyzer/93281
3656 * region-model.cc
3657 (region_model::convert_byte_offset_to_array_index): Convert to
3658 ssizetype before dividing by byte_size. Use fold_binary rather
3659 than fold_build2 to avoid needlessly constructing a tree for the
3660 non-const case.
3661
3662 2020-01-15 David Malcolm <dmalcolm@redhat.com>
3663
3664 * engine.cc (class impl_region_model_context): Fix comment.
3665
3666 2020-01-14 David Malcolm <dmalcolm@redhat.com>
3667
3668 PR analyzer/93212
3669 * region-model.cc (make_region_for_type): Use
3670 FUNC_OR_METHOD_TYPE_P rather than comparing against FUNCTION_TYPE.
3671 * region-model.h (function_region::function_region): Likewise.
3672
3673 2020-01-14 David Malcolm <dmalcolm@redhat.com>
3674
3675 * program-state.cc (sm_state_map::clone_with_remapping): Copy
3676 m_global_state.
3677 (selftest::test_program_state_merging_2): New selftest.
3678 (selftest::analyzer_program_state_cc_tests): Call it.
3679
3680 2020-01-14 David Malcolm <dmalcolm@redhat.com>
3681
3682 * checker-path.h (checker_path::get_checker_event): New function.
3683 (checker_path): Add DISABLE_COPY_AND_ASSIGN; make fields private.
3684 * diagnostic-manager.cc
3685 (diagnostic_manager::prune_for_sm_diagnostic): Replace direct
3686 access to checker_path::m_events with accessor functions. Fix
3687 overlong line.
3688 (diagnostic_manager::prune_interproc_events): Replace direct
3689 access to checker_path::m_events with accessor functions.
3690 (diagnostic_manager::finish_pruning): Likewise.
3691
3692 2020-01-14 David Malcolm <dmalcolm@redhat.com>
3693
3694 * checker-path.h (checker_event::clone): Delete vfunc decl.
3695 (debug_event::clone): Delete vfunc impl.
3696 (custom_event::clone): Delete vfunc impl.
3697 (statement_event::clone): Delete vfunc impl.
3698 (function_entry_event::clone): Delete vfunc impl.
3699 (state_change_event::clone): Delete vfunc impl.
3700 (start_cfg_edge_event::clone): Delete vfunc impl.
3701 (end_cfg_edge_event::clone): Delete vfunc impl.
3702 (call_event::clone): Delete vfunc impl.
3703 (return_event::clone): Delete vfunc impl.
3704 (setjmp_event::clone): Delete vfunc impl.
3705 (rewind_from_longjmp_event::clone): Delete vfunc impl.
3706 (rewind_to_setjmp_event::clone): Delete vfunc impl.
3707 (warning_event::clone): Delete vfunc impl.
3708
3709 2020-01-14 David Malcolm <dmalcolm@redhat.com>
3710
3711 * supergraph.cc (supernode::dump_dot): Ensure that the TABLE
3712 element has at least one TR.
3713
3714 2020-01-14 David Malcolm <dmalcolm@redhat.com>
3715
3716 PR analyzer/58237
3717 * engine.cc (leak_stmt_finder::find_stmt): Use get_pure_location
3718 when comparing against UNKNOWN_LOCATION.
3719 (stmt_requires_new_enode_p): Likewise.
3720 (exploded_graph::dump_exploded_nodes): Likewise.
3721 * supergraph.cc (supernode::get_start_location): Likewise.
3722 (supernode::get_end_location): Likewise.
3723
3724 2020-01-14 David Malcolm <dmalcolm@redhat.com>
3725
3726 PR analyzer/58237
3727 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
3728 selftest::analyzer_sm_file_cc_tests.
3729 * analyzer-selftests.h (selftest::analyzer_sm_file_cc_tests): New
3730 decl.
3731 * sm-file.cc: Include "analyzer/function-set.h" and
3732 "analyzer/analyzer-selftests.h".
3733 (get_file_using_fns): New function.
3734 (is_file_using_fn_p): New function.
3735 (fileptr_state_machine::on_stmt): Return true for known functions.
3736 (selftest::analyzer_sm_file_cc_tests): New function.
3737
3738 2020-01-14 David Malcolm <dmalcolm@redhat.com>
3739
3740 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
3741 selftest::analyzer_sm_signal_cc_tests.
3742 * analyzer-selftests.h (selftest::analyzer_sm_signal_cc_tests):
3743 New decl.
3744 * sm-signal.cc: Include "analyzer/function-set.h" and
3745 "analyzer/analyzer-selftests.h".
3746 (get_async_signal_unsafe_fns): New function.
3747 (signal_unsafe_p): Reimplement in terms of the above.
3748 (selftest::analyzer_sm_signal_cc_tests): New function.
3749
3750 2020-01-14 David Malcolm <dmalcolm@redhat.com>
3751
3752 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
3753 selftest::analyzer_function_set_cc_tests.
3754 * analyzer-selftests.h (selftest::analyzer_function_set_cc_tests):
3755 New decl.
3756 * function-set.cc: New file.
3757 * function-set.h: New file.
3758
3759 2020-01-14 David Malcolm <dmalcolm@redhat.com>
3760
3761 * analyzer.h (fndecl_has_gimple_body_p): New decl.
3762 * engine.cc (impl_region_model_context::on_unknown_change): New
3763 function.
3764 (fndecl_has_gimple_body_p): Make non-static.
3765 (exploded_node::on_stmt): Treat __analyzer_dump_exploded_nodes as
3766 known. Track whether we have a call with unknown side-effects and
3767 pass it to on_call_post.
3768 * exploded-graph.h (impl_region_model_context::on_unknown_change):
3769 New decl.
3770 * program-state.cc (sm_state_map::on_unknown_change): New function.
3771 * program-state.h (sm_state_map::on_unknown_change): New decl.
3772 * region-model.cc: Include "bitmap.h".
3773 (region_model::on_call_pre): Return a bool, capturing whether the
3774 call has unknown side effects.
3775 (region_model::on_call_post): Add arg "bool unknown_side_effects"
3776 and if true, call handle_unrecognized_call.
3777 (class reachable_regions): New class.
3778 (region_model::handle_unrecognized_call): New function.
3779 * region-model.h (region_model::on_call_pre): Return a bool.
3780 (region_model::on_call_post): Add arg "bool unknown_side_effects".
3781 (region_model::handle_unrecognized_call): New decl.
3782 (region_model_context::on_unknown_change): New vfunc.
3783 (test_region_model_context::on_unknown_change): New function.
3784
3785 2020-01-14 David Malcolm <dmalcolm@redhat.com>
3786
3787 * diagnostic-manager.cc (saved_diagnostic::operator==): Move here
3788 from header. Replace pointer equality test on m_var with call to
3789 pending_diagnostic::same_tree_p.
3790 * diagnostic-manager.h (saved_diagnostic::operator==): Move to
3791 diagnostic-manager.cc.
3792 * pending-diagnostic.cc (pending_diagnostic::same_tree_p): New.
3793 * pending-diagnostic.h (pending_diagnostic::same_tree_p): New.
3794 * sm-file.cc (file_diagnostic::subclass_equal_p): Replace pointer
3795 equality on m_arg with call to pending_diagnostic::same_tree_p.
3796 * sm-malloc.cc (malloc_diagnostic::subclass_equal_p): Likewise.
3797 (possible_null_arg::subclass_equal_p): Likewise.
3798 (null_arg::subclass_equal_p): Likewise.
3799 (free_of_non_heap::subclass_equal_p): Likewise.
3800 * sm-pattern-test.cc (pattern_match::operator==): Likewise.
3801 * sm-sensitive.cc (exposure_through_output_file::operator==):
3802 Likewise.
3803 * sm-taint.cc (tainted_array_index::operator==): Likewise.
3804
3805 2020-01-14 David Malcolm <dmalcolm@redhat.com>
3806
3807 * diagnostic-manager.cc (dedupe_winners::add): Add logging
3808 of deduplication decisions made.
3809
3810 2020-01-14 David Malcolm <dmalcolm@redhat.com>
3811
3812 * ChangeLog: New file.
3813 * analyzer-selftests.cc: New file.
3814 * analyzer-selftests.h: New file.
3815 * analyzer.opt: New file.
3816 * analysis-plan.cc: New file.
3817 * analysis-plan.h: New file.
3818 * analyzer-logging.cc: New file.
3819 * analyzer-logging.h: New file.
3820 * analyzer-pass.cc: New file.
3821 * analyzer.cc: New file.
3822 * analyzer.h: New file.
3823 * call-string.cc: New file.
3824 * call-string.h: New file.
3825 * checker-path.cc: New file.
3826 * checker-path.h: New file.
3827 * constraint-manager.cc: New file.
3828 * constraint-manager.h: New file.
3829 * diagnostic-manager.cc: New file.
3830 * diagnostic-manager.h: New file.
3831 * engine.cc: New file.
3832 * engine.h: New file.
3833 * exploded-graph.h: New file.
3834 * pending-diagnostic.cc: New file.
3835 * pending-diagnostic.h: New file.
3836 * program-point.cc: New file.
3837 * program-point.h: New file.
3838 * program-state.cc: New file.
3839 * program-state.h: New file.
3840 * region-model.cc: New file.
3841 * region-model.h: New file.
3842 * sm-file.cc: New file.
3843 * sm-malloc.cc: New file.
3844 * sm-malloc.dot: New file.
3845 * sm-pattern-test.cc: New file.
3846 * sm-sensitive.cc: New file.
3847 * sm-signal.cc: New file.
3848 * sm-taint.cc: New file.
3849 * sm.cc: New file.
3850 * sm.h: New file.
3851 * state-purge.cc: New file.
3852 * state-purge.h: New file.
3853 * supergraph.cc: New file.
3854 * supergraph.h: New file.
3855
3856 2019-12-13 David Malcolm <dmalcolm@redhat.com>
3857
3858 * Initial creation
3859
3860 \f
3861 Copyright (C) 2019-2020 Free Software Foundation, Inc.
3862
3863 Copying and distribution of this file, with or without modification,
3864 are permitted in any medium without royalty provided the copyright
3865 notice and this notice are preserved.