1 2020-09-22 David Malcolm <dmalcolm@redhat.com>
3 * analysis-plan.cc: Include "json.h".
4 * analyzer.opt (fdump-analyzer-json): New.
5 * call-string.cc: Include "json.h".
6 (call_string::to_json): New.
7 * call-string.h (call_string::to_json): New decl.
8 * checker-path.cc: Include "json.h".
9 * constraint-manager.cc: Include "json.h".
10 (equiv_class::to_json): New.
11 (constraint::to_json): New.
12 (constraint_manager::to_json): New.
13 * constraint-manager.h (equiv_class::to_json): New decl.
14 (constraint::to_json): New decl.
15 (constraint_manager::to_json): New decl.
16 * diagnostic-manager.cc: Include "json.h".
17 (saved_diagnostic::to_json): New.
18 (diagnostic_manager::to_json): New.
19 * diagnostic-manager.h (saved_diagnostic::to_json): New decl.
20 (diagnostic_manager::to_json): New decl.
21 * engine.cc: Include "json.h", <zlib.h>.
22 (exploded_node::status_to_str): New.
23 (exploded_node::to_json): New.
24 (exploded_edge::to_json): New.
25 (exploded_graph::to_json): New.
26 (dump_analyzer_json): New.
27 (impl_run_checkers): Call it.
28 * exploded-graph.h (exploded_node::status_to_str): New decl.
29 (exploded_node::to_json): New.
30 (exploded_edge::to_json): New.
31 (exploded_graph::to_json): New.
32 * pending-diagnostic.cc: Include "json.h".
33 * program-point.cc: Include "json.h".
34 (program_point::to_json): New.
35 * program-point.h (program_point::to_json): New decl.
36 * program-state.cc: Include "json.h".
37 (extrinsic_state::to_json): New.
38 (sm_state_map::to_json): New.
39 (program_state::to_json): New.
40 * program-state.h (extrinsic_state::to_json): New decl.
41 (sm_state_map::to_json): New decl.
42 (program_state::to_json): New decl.
43 * region-model-impl-calls.cc: Include "json.h".
44 * region-model-manager.cc: Include "json.h".
45 * region-model-reachability.cc: Include "json.h".
46 * region-model.cc: Include "json.h".
47 * region-model.h (svalue::to_json): New decl.
48 (region::to_json): New decl.
49 * region.cc: Include "json.h".
50 (region::to_json: New.
51 * sm-file.cc: Include "json.h".
52 * sm-malloc.cc: Include "json.h".
53 * sm-pattern-test.cc: Include "json.h".
54 * sm-sensitive.cc: Include "json.h".
55 * sm-signal.cc: Include "json.h".
56 (signal_delivery_edge_info_t::to_json): New.
57 * sm-taint.cc: Include "json.h".
58 * sm.cc: Include "diagnostic.h", "tree-diagnostic.h", and
60 (state_machine::state::to_json): New.
61 (state_machine::to_json): New.
62 * sm.h (state_machine::state::to_json): New.
63 (state_machine::to_json): New.
64 * state-purge.cc: Include "json.h".
65 * store.cc: Include "json.h".
66 (binding_key::get_desc): New.
67 (binding_map::to_json): New.
68 (binding_cluster::to_json): New.
69 (store::to_json): New.
70 * store.h (binding_key::get_desc): New decl.
71 (binding_map::to_json): New decl.
72 (binding_cluster::to_json): New decl.
73 (store::to_json): New decl.
74 * supergraph.cc: Include "json.h".
75 (supergraph::to_json): New.
76 (supernode::to_json): New.
77 (superedge::to_json): New.
78 * supergraph.h (supergraph::to_json): New decl.
79 (supernode::to_json): New decl.
80 (superedge::to_json): New decl.
81 * svalue.cc: Include "json.h".
82 (svalue::to_json): New.
84 2020-09-21 David Malcolm <dmalcolm@redhat.com>
87 * region-model-impl-calls.cc (call_details::get_arg_type): New.
88 * region-model.cc (region_model::on_call_pre): Check that the
89 initial arg is a pointer before calling impl_call_memset and
91 * region-model.h (call_details::get_arg_type): New decl.
93 2020-09-21 David Malcolm <dmalcolm@redhat.com>
96 * sm-malloc.cc (malloc_state_machine::get_default_state): Look at
97 the base region when considering pointers. Treat pointers to
98 decls as being non-heap.
100 2020-09-18 David Malcolm <dmalcolm@redhat.com>
102 * checker-path.cc (warning_event::get_desc): Handle global state
105 2020-09-18 David Malcolm <dmalcolm@redhat.com>
107 * sm-malloc.cc (malloc_state_machine::on_stmt): Handle strdup and
108 strndup as being malloc-like allocators.
110 2020-09-16 David Malcolm <dmalcolm@redhat.com>
112 * engine.cc (strongly_connected_components::strong_connect): Only
113 consider intraprocedural edges when creating SCCs.
114 (worklist::key_t::cmp): Add comment. Treat call_string
115 differences as more important than differences of program_point
118 2020-09-16 David Malcolm <dmalcolm@redhat.com>
120 * engine.cc (supernode_cluster::dump_dot): Show the SCC id
121 in the per-supernode clusters in FILENAME.eg.dot output.
122 (exploded_graph_annotator::add_node_annotations):
123 Show the SCC of the supernode in FILENAME.supernode.eg.dot output.
124 * exploded-graph.h (worklist::scc_id): New.
125 (exploded_graph::get_scc_id): New.
127 2020-09-16 David Malcolm <dmalcolm@redhat.com>
129 * engine.cc (exploded_node::dump_dot): Show STATUS_BULK_MERGED.
130 (exploded_graph::process_worklist): Call
131 maybe_process_run_of_before_supernode_enodes.
132 (exploded_graph::maybe_process_run_of_before_supernode_enodes):
134 (exploded_graph_annotator::print_enode): Show STATUS_BULK_MERGED.
135 * exploded-graph.h (enum exploded_node::status): Add
138 2020-09-16 David Malcolm <dmalcolm@redhat.com>
141 (exploded_graph::process_node) <case PK_BEFORE_SUPERNODE>:
142 Simplify by using program_point::get_next.
143 * program-point.cc (program_point::get_next): New.
144 * program-point.h (program_point::get_next): New decl.
146 2020-09-16 David Malcolm <dmalcolm@redhat.com>
148 * engine.cc (exploded_graph::get_or_create_node): Show the
149 program point when issuing -Wanalyzer-too-complex due to hitting
150 the per-program-point limit.
152 2020-09-16 David Malcolm <dmalcolm@redhat.com>
154 * region-model.cc (region_model::on_call_pre): Treat getchar as
155 having no side-effects.
157 2020-09-15 David Malcolm <dmalcolm@redhat.com>
160 * constraint-manager.cc (merger_fact_visitor::on_fact): Replace
161 assertion that add_constraint succeeded with an assertion that
162 if it fails, -fanalyzer-transitivity is off.
164 2020-09-14 David Malcolm <dmalcolm@redhat.com>
166 * analyzer.opt (-param=analyzer-max-constraints=): New param.
167 * constraint-manager.cc
168 (constraint_manager::add_constraint_internal): Silently reject
169 attempts to add constraints when the above limit is reached.
171 2020-09-14 David Malcolm <dmalcolm@redhat.com>
174 * constraint-manager.cc
175 (constraint_manager::get_or_add_equiv_class): Don't accumulate
176 transitive closure of all constraints on constants.
178 2020-09-14 David Malcolm <dmalcolm@redhat.com>
181 * analyzer.cc (is_setjmp_call_p): Require the initial arg to be a
183 * region-model.cc (region_model::deref_rvalue): Assert that the
184 svalue is of pointer type.
186 2020-09-11 David Malcolm <dmalcolm@redhat.com>
189 * region-model-impl-calls.cc (region_model::impl_call_memcpy):
191 (region_model::impl_call_strcpy): New.
192 * region-model.cc (region_model::on_call_pre): Flag unhandled
193 builtins that are non-pure as having unknown side-effects.
194 Implement BUILT_IN_MEMCPY, BUILT_IN_MEMCPY_CHK, BUILT_IN_STRCPY,
195 BUILT_IN_STRCPY_CHK, BUILT_IN_FPRINTF, BUILT_IN_FPRINTF_UNLOCKED,
196 BUILT_IN_PUTC, BUILT_IN_PUTC_UNLOCKED, BUILT_IN_FPUTC,
197 BUILT_IN_FPUTC_UNLOCKED, BUILT_IN_FPUTS, BUILT_IN_FPUTS_UNLOCKED,
198 BUILT_IN_FWRITE, BUILT_IN_FWRITE_UNLOCKED, BUILT_IN_PRINTF,
199 BUILT_IN_PRINTF_UNLOCKED, BUILT_IN_PUTCHAR,
200 BUILT_IN_PUTCHAR_UNLOCKED, BUILT_IN_PUTS, BUILT_IN_PUTS_UNLOCKED,
201 BUILT_IN_VFPRINTF, BUILT_IN_VPRINTF.
202 * region-model.h (region_model::impl_call_memcpy): New decl.
203 (region_model::impl_call_strcpy): New decl.
205 2020-09-09 David Malcolm <dmalcolm@redhat.com>
208 * analyzer.opt (Wanalyzer-mismatching-deallocation): New warning.
209 * region-model-impl-calls.cc
210 (region_model::impl_call_operator_new): New.
211 (region_model::impl_call_operator_delete): New.
212 * region-model.cc (region_model::on_call_pre): Detect operator new
214 (region_model::on_call_post): Likewise.
215 (region_model::maybe_update_for_edge): Detect EH edges and call...
216 (region_model::apply_constraints_for_exception): New function.
217 * region-model.h (region_model::impl_call_operator_new): New decl.
218 (region_model::impl_call_operator_delete): New decl.
219 (region_model::apply_constraints_for_exception): New decl.
220 * sm-malloc.cc (enum resource_state): New.
221 (struct allocation_state): New state subclass.
224 (malloc_state_machine::custom_data_t): New typedef.
225 (malloc_state_machine::add_state): New decl.
226 (malloc_state_machine::m_unchecked)
227 (malloc_state_machine::m_nonnull)
228 (malloc_state_machine::m_freed): Delete these states in favor
230 (malloc_state_machine::m_malloc)
231 (malloc_state_machine::m_scalar_new)
232 (malloc_state_machine::m_vector_new): ...this new api instances,
233 which own their own versions of these states.
234 (malloc_state_machine::on_allocator_call): New decl.
235 (malloc_state_machine::on_deallocator_call): New decl.
236 (api::api): New ctor.
237 (dyn_cast_allocation_state): New.
238 (as_a_allocation_state): New.
243 (malloc_diagnostic::describe_state_change): Use unchecked_p and
245 (class mismatching_deallocation): New.
246 (double_free::double_free): Add funcname param for initializing
248 (double_free::emit): Use m_funcname in warning message rather
249 than hardcoding "free".
250 (double_free::describe_state_change): Likewise. Use freed_p.
251 (double_free::describe_call_with_state): Use freed_p.
252 (double_free::describe_final_event): Use m_funcname in message
253 rather than hardcoding "free".
254 (double_free::m_funcname): New field.
255 (possible_null::describe_state_change): Use unchecked_p.
256 (possible_null::describe_return_of_state): Likewise.
257 (use_after_free::use_after_free): Add param for initializing m_api.
258 (use_after_free::emit): Use m_api->m_dealloc_funcname in message
259 rather than hardcoding "free".
260 (use_after_free::describe_state_change): Use freed_p. Change the
261 wording of the message based on the API.
262 (use_after_free::describe_final_event): Use
263 m_api->m_dealloc_funcname in message rather than hardcoding
264 "free". Change the wording of the message based on the API.
265 (use_after_free::m_api): New field.
266 (malloc_leak::describe_state_change): Use unchecked_p. Update
267 for renaming of m_malloc_event to m_alloc_event.
268 (malloc_leak::describe_final_event): Update for renaming of
269 m_malloc_event to m_alloc_event.
270 (malloc_leak::m_malloc_event): Rename...
271 (malloc_leak::m_alloc_event): ...to this.
272 (free_of_non_heap::free_of_non_heap): Add param for initializing
274 (free_of_non_heap::emit): Use m_funcname in message rather than
276 (free_of_non_heap::describe_final_event): Likewise.
277 (free_of_non_heap::m_funcname): New field.
278 (allocation_state::dump_to_pp): New.
279 (allocation_state::get_nonnull): New.
280 (malloc_state_machine::malloc_state_machine): Update for changes
281 to state fields and new api fields.
282 (malloc_state_machine::add_state): New.
283 (malloc_state_machine::on_stmt): Move malloc/calloc handling to
284 on_allocator_call and call it, passing in the API pointer.
285 Likewise for free, moving it to on_deallocator_call. Handle calls
286 to operator new and delete in an analogous way. Use unchecked_p
287 when testing for possibly-null-arg and possibly-null-deref, and
288 transition to the non-null for the correct API. Remove redundant
289 node param from call to on_zero_assignment. Use freed_p for
290 use-after-free check, and pass in API.
291 (malloc_state_machine::on_allocator_call): New, based on code in
293 (malloc_state_machine::on_deallocator_call): Likewise.
294 (malloc_state_machine::on_phi): Mark node param with
295 ATTRIBUTE_UNUSED; don't pass it to on_zero_assignment.
296 (malloc_state_machine::on_condition): Mark node param with
297 ATTRIBUTE_UNUSED. Replace on_transition calls with get_state and
298 set_next_state pairs, transitioning to the non-null state for the
300 (malloc_state_machine::can_purge_p): Port to new state approach.
301 (malloc_state_machine::on_zero_assignment): Replace on_transition
302 calls with get_state and set_next_state pairs. Drop redundant
304 * sm.h (state_machine::add_custom_state): New.
306 2020-09-09 David Malcolm <dmalcolm@redhat.com>
308 * diagnostic-manager.cc
309 (null_assignment_sm_context::warn_for_state): Replace with...
310 (null_assignment_sm_context::warn): ...this.
311 * engine.cc (impl_sm_context::warn_for_state): Replace with...
312 (impl_sm_context::warn): ...this.
313 * sm-file.cc (fileptr_state_machine::on_stmt): Replace
314 warn_for_state and on_transition calls with a get_state
315 test guarding warn and set_next_state calls.
316 * sm-malloc.cc (malloc_state_machine::on_stmt): Likewise.
317 * sm-pattern-test.cc (pattern_test_state_machine::on_condition):
318 Replace warn_for_state call with warn call.
320 (sensitive_state_machine::warn_for_any_exposure): Replace
321 warn_for_state call with a get_state test guarding a warn call.
322 * sm-signal.cc (signal_state_machine::on_stmt): Likewise.
323 * sm-taint.cc (taint_state_machine::on_stmt): Replace
324 warn_for_state and on_transition calls with a get_state
325 test guarding warn and set_next_state calls.
326 * sm.h (sm_context::warn_for_state): Replace with...
327 (sm_context::warn): ...this.
329 2020-09-09 David Malcolm <dmalcolm@redhat.com>
331 * diagnostic-manager.cc
332 (null_assignment_sm_context::null_assignment_sm_context): Add old_state
333 and ext_state params, initializing m_old_state and m_ext_state.
334 (null_assignment_sm_context::on_transition): Split into...
335 (null_assignment_sm_context::get_state): ...this new vfunc
336 implementation and...
337 (null_assignment_sm_context::set_next_state): ...this new vfunc
339 (null_assignment_sm_context::m_old_state): New field.
340 (null_assignment_sm_context::m_ext_state): New field.
341 (diagnostic_manager::add_events_for_eedge): Pass in old state and
342 ext_state when creating sm_ctxt.
343 * engine.cc (impl_sm_context::on_transition): Split into...
344 (impl_sm_context::get_state): ...this new vfunc
345 implementation and...
346 (impl_sm_context::set_next_state): ...this new vfunc
348 * sm.h (sm_context::get_state): New pure virtual function.
349 (sm_context::set_next_state): Likewise.
350 (sm_context::on_transition): Convert from a pure virtual function
351 to a regular function implemented in terms of get_state and
354 2020-09-09 David Malcolm <dmalcolm@redhat.com>
356 * checker-path.cc (state_change_event::get_desc): Update
357 state_machine::get_state_name calls to state::get_name.
358 (warning_event::get_desc): Likewise.
359 * diagnostic-manager.cc
360 (null_assignment_sm_context::on_transition): Update comparison
361 against 0 with comparison with m_sm.get_start_state.
362 (diagnostic_manager::prune_for_sm_diagnostic): Update
363 state_machine::get_state_name calls to state::get_name.
364 * engine.cc (impl_sm_context::on_transition): Likewise.
365 (exploded_node::get_dot_fillcolor): Use get_id when summing
367 * program-state.cc (sm_state_map::sm_state_map): Don't hardcode
368 0 as the start state when initializing m_global_state.
369 (sm_state_map::print): Use dump_to_pp rather than get_state_name
371 (sm_state_map::is_empty_p): Don't hardcode 0 as the start state
372 when examining m_global_state.
373 (sm_state_map::hash): Use get_id when hashing states.
374 (selftest::test_sm_state_map): Use state objects rather than
375 arbitrary hardcoded integers.
376 (selftest::test_program_state_merging): Likewise.
377 (selftest::test_program_state_merging_2): Likewise.
378 * sm-file.cc (fileptr_state_machine::m_start): Move to base class.
379 (file_diagnostic::describe_state_change): Use get_start_state.
380 (fileptr_state_machine::fileptr_state_machine): Drop m_start
382 * sm-malloc.cc (malloc_state_machine::m_start): Move to base
384 (malloc_diagnostic::describe_state_change): Use get_start_state.
385 (possible_null::describe_state_change): Likewise.
386 (malloc_state_machine::malloc_state_machine): Drop m_start
388 * sm-pattern-test.cc (pattern_test_state_machine::m_start): Move
390 (pattern_test_state_machine::pattern_test_state_machine): Drop
391 m_start initialization.
392 * sm-sensitive.cc (sensitive_state_machine::m_start): Move to base
394 (sensitive_state_machine::sensitive_state_machine): Drop m_start
396 * sm-signal.cc (signal_state_machine::m_start): Move to base
398 (signal_state_machine::signal_state_machine): Drop m_start
400 * sm-taint.cc (taint_state_machine::m_start): Move to base class.
401 (taint_state_machine::taint_state_machine): Drop m_start
403 * sm.cc (state_machine::state::dump_to_pp): New.
404 (state_machine::state_machine): Move here from sm.h. Initialize
405 m_next_state_id and m_start.
406 (state_machine::add_state): Reimplement in terms of state objects.
407 (state_machine::get_state_name): Delete.
408 (state_machine::get_state_by_name): Reimplement in terms of state
410 (state_machine::validate): Delete.
411 (state_machine::dump_to_pp): Reimplement in terms of state
413 * sm.h (state_machine::state): New class.
414 (state_machine::state_t): Convert typedef from "unsigned" to
415 "const state_machine::state *".
416 (state_machine::state_machine): Move to sm.cc.
417 (state_machine::get_default_state): Use m_start rather than
419 (state_machine::get_state_name): Delete.
420 (state_machine::get_state_by_name): Make const.
421 (state_machine::get_start_state): New accessor.
422 (state_machine::alloc_state_id): New.
423 (state_machine::m_state_names): Drop in favor of...
424 (state_machine::m_states): New field
425 (state_machine::m_start): New field
426 (start_start_p): Delete.
428 2020-09-08 David Malcolm <dmalcolm@redhat.com>
431 * store.cc (binding_map::apply_ctor_val_to_range): Add
432 error-handling for the cases where we have symbolic offsets.
434 2020-09-08 David Malcolm <dmalcolm@redhat.com>
437 * store.cc (binding_map::apply_ctor_to_region): Handle RANGE_EXPR
438 where min_index == max_index.
439 (binding_map::apply_ctor_val_to_range): Replace assertion that we
440 don't have a CONSTRUCTOR value with error-handling.
442 2020-09-08 David Malcolm <dmalcolm@redhat.com>
445 * region-model.cc (region_model::on_call_pre): Fix guard on switch
446 on built-ins to only consider BUILT_IN_NORMAL, rather than other
449 2020-09-01 David Malcolm <dmalcolm@redhat.com>
452 * region-model.cc (region_model::deref_rvalue): Add the constraint
453 that PTR_SVAL is non-NULL.
455 2020-08-31 David Malcolm <dmalcolm@redhat.com>
458 * region-model.cc (region_model::on_call_pre): Handle
461 2020-08-31 David Malcolm <dmalcolm@redhat.com>
463 * region-model.cc (region_model::on_call_pre): Gather handling of
464 builtins and of internal fns into switch statements. Handle
465 "alloca" and BUILT_IN_ALLOCA_WITH_ALIGN.
467 2020-08-31 David Malcolm <dmalcolm@redhat.com>
470 * region.cc (decl_region::get_svalue_for_constructor): Support
471 apply_ctor_to_region failing.
472 * store.cc (binding_map::apply_ctor_to_region): Add failure
474 (binding_map::apply_ctor_val_to_range): Likewise.
475 (binding_map::apply_ctor_pair_to_child_region): Likewise. Replace
476 assertion that child_base_offset is not symbolic with error
478 * store.h (binding_map::apply_ctor_to_region): Convert return type
480 (binding_map::apply_ctor_val_to_range): Likewise.
481 (binding_map::apply_ctor_pair_to_child_region): Likewise.
483 2020-08-31 David Malcolm <dmalcolm@redhat.com>
486 * store.cc (binding_map::apply_ctor_to_region): Handle RANGE_EXPR
487 by calling a new binding_map::apply_ctor_val_to_range subroutine.
488 Split out the existing non-CONSTRUCTOR-handling code to a new
489 apply_ctor_pair_to_child_region subroutine.
490 (binding_map::apply_ctor_val_to_range): New.
491 (binding_map::apply_ctor_pair_to_child_region): New, split out
492 from binding_map::apply_ctor_to_region as noted above.
493 * store.h (binding_map::apply_ctor_val_to_range): New decl.
494 (binding_map::apply_ctor_pair_to_child_region): New decl.
496 2020-08-31 David Malcolm <dmalcolm@redhat.com>
499 * region-model-manager.cc
500 (region_model_manager::maybe_fold_unaryop): Handle VIEW_CONVERT_EXPR.
501 (region_model_manager::get_or_create_cast): Move logic for
502 real->integer casting to...
503 (get_code_for_cast): ...this new function, and add logic for
504 real->non-integer casts.
505 (region_model_manager::maybe_fold_sub_svalue): Handle
508 (region_model::add_any_constraints_from_gassign): Likewise.
509 * svalue.cc (svalue::maybe_undo_cast): Likewise.
510 (unaryop_svalue::dump_to_pp): Likewise.
512 2020-08-26 David Malcolm <dmalcolm@redhat.com>
515 * region-model-manager.cc
516 (region_model_manager::get_or_create_widening_svalue): Assert that
517 neither of the inputs are themselves widenings.
518 * store.cc (store::eval_alias_1): The initial value of a pointer
519 can't point to a region that was allocated on the heap after the
520 beginning of the path. A widened pointer value can't alias anything
521 that the initial pointer value can't alias.
522 * svalue.cc (svalue::can_merge_p): Merge BINOP (X, OP, CST) with X
523 to a widening svalue. Merge
524 BINOP(WIDENING(BASE, BINOP(BASE, X)), X) and BINOP(BASE, X) to
525 to the LHS of the first BINOP.
527 2020-08-26 David Malcolm <dmalcolm@redhat.com>
530 * region-model.h (class compound_svalue): Document that all keys
532 (compound_svalue::compound_svalue): Move definition to svalue.cc.
533 * store.cc (binding_map::apply_ctor_to_region): Handle
534 initializers for trailing arrays with incomplete size.
535 * svalue.cc (compound_svalue::compound_svalue): Move definition
536 here from region-model.h. Add assertion that all keys are
539 2020-08-22 David Malcolm <dmalcolm@redhat.com>
542 * region-model-manager.cc
543 (region_model_manager::maybe_fold_binop): Fold bitwise "& 0" to 0.
545 2020-08-22 David Malcolm <dmalcolm@redhat.com>
547 * store.cc (store::eval_alias): Make const. Split out 2nd half
548 into store::eval_alias_1 and call it twice for symmetry, avoiding
550 (store::eval_alias_1): New function, split out from the above.
551 * store.h (store::eval_alias): Make const.
552 (store::eval_alias_1): New decl.
554 2020-08-22 David Malcolm <dmalcolm@redhat.com>
556 * region-model.cc (region_model::push_frame): Bind the default
557 SSA name for each parm if it exists, falling back to the parm
558 itself otherwise, rather than doing both.
560 2020-08-20 David Malcolm <dmalcolm@redhat.com>
563 * region-model-manager.cc
564 (region_model_manager::get_field_region): Assert that field is a
566 * region.cc (region::get_subregions_for_binding): In
567 union-handling, filter the TYPE_FIELDS traversal to just FIELD_DECLs.
569 2020-08-20 David Malcolm <dmalcolm@redhat.com>
572 * region-model.cc (region_model::get_gassign_result): For
573 comparisons, only use eval_condition when the lhs has boolean
574 type, and use get_or_create_constant_svalue on the boolean
575 constants directly rather than via get_rvalue.
577 2020-08-19 David Malcolm <dmalcolm@redhat.com>
580 * region-model.cc (region_model::deref_rvalue): Rather than
581 attempting to handle all svalue kinds in the switch, only cover
582 the special cases, and move symbolic-region handling to after
583 the switch, thus implicitly handling the missing case SK_COMPOUND.
585 2020-08-19 David Malcolm <dmalcolm@redhat.com>
588 * region-model-manager.cc
589 (region_model_manager::maybe_fold_binop): Check that we have an
590 integral type before calling build_int_cst.
592 2020-08-19 David Malcolm <dmalcolm@redhat.com>
595 * region-model-manager.cc
596 (region_model_manager::get_or_create_cast): Use FIX_TRUNC_EXPR for
597 casting from REAL_TYPE to INTEGER_TYPE.
599 2020-08-19 David Malcolm <dmalcolm@redhat.com>
602 * region-model.cc (region_model::called_from_main_p): New.
603 (region_model::get_store_value): Move handling for globals into...
604 (region_model::get_initial_value_for_global): ...this new
605 function, and add logic for extracting values from decl
607 * region-model.h (decl_region::get_svalue_for_constructor): New
609 (decl_region::get_svalue_for_initializer): New decl.
610 (region_model::called_from_main_p): New decl.
611 (region_model::get_initial_value_for_global): New.
612 * region.cc (decl_region::maybe_get_constant_value): Move logic
613 for getting an svalue from a CONSTRUCTOR node to...
614 (decl_region::get_svalue_for_constructor): ...this new function.
615 (decl_region::get_svalue_for_initializer): New.
616 * store.cc (get_svalue_for_ctor_val): Rewrite in terms of
617 region_model::get_rvalue.
618 * store.h (binding_cluster::get_map): New accessor.
620 2020-08-19 David Malcolm <dmalcolm@redhat.com>
623 * region.cc (get_field_at_bit_offset): Gracefully handle negative
624 values for bit_offset.
626 2020-08-18 David Malcolm <dmalcolm@redhat.com>
628 * region-model.cc (region_model::get_rvalue_1): Fix name of local.
630 2020-08-18 David Malcolm <dmalcolm@redhat.com>
633 * region-model.cc (region_model::get_rvalue_1): Handle
634 unrecognized tree codes by returning "UNKNOWN.
636 2020-08-18 David Malcolm <dmalcolm@redhat.com>
639 * region-model.cc (region_model::get_gassign_result): Handle various
640 VEC_* tree codes by returning UNKNOWN.
641 (region_model::on_assignment): Handle unrecognized tree codes by
642 setting lhs to an unknown value, rather than issuing a "sorry" and
645 2020-08-17 David Malcolm <dmalcolm@redhat.com>
648 * region-model-manager.cc (get_region_for_unexpected_tree_code):
649 Handle ctxt being NULL.
651 2020-08-17 David Malcolm <dmalcolm@redhat.com>
654 * region.cc (region::get_subregions_for_binding): Check for "type"
657 2020-08-17 David Malcolm <dmalcolm@redhat.com>
660 * store.cc (get_svalue_for_ctor_val): New.
661 (binding_map::apply_ctor_to_region): Call it.
663 2020-08-14 David Malcolm <dmalcolm@redhat.com>
667 * region-model.cc (region_model::get_store_value): Call
668 maybe_get_constant_value on decl_regions first.
669 * region-model.h (decl_region::maybe_get_constant_value): New decl.
670 * region.cc (decl_region::get_stack_depth): Likewise.
671 (decl_region::maybe_get_constant_value): New.
672 * store.cc (get_subregion_within_ctor): New.
673 (binding_map::apply_ctor_to_region): New.
674 * store.h (binding_map::apply_ctor_to_region): New decl.
676 2020-08-14 David Malcolm <dmalcolm@redhat.com>
679 * store.cc (store::mark_as_escaped): Reject attempts to
680 get a cluster for an unknown pointer.
682 2020-08-13 David Malcolm <dmalcolm@redhat.com>
698 * analyzer-logging.cc: Ignore "-Wformat-diag".
699 (logger::enter_scope): Use inc_indent in both overloads.
700 (logger::exit_scope): Use dec_indent.
701 * analyzer-logging.h (logger::inc_indent): New.
702 (logger::dec_indent): New.
703 * analyzer-selftests.cc (run_analyzer_selftests): Call
704 analyzer_store_cc_tests.
705 * analyzer-selftests.h (analyzer_store_cc_tests): New decl.
706 * analyzer.cc (get_stmt_location): New function.
707 * analyzer.h (class initial_svalue): New forward decl.
708 (class unaryop_svalue): New forward decl.
709 (class binop_svalue): New forward decl.
710 (class sub_svalue): New forward decl.
711 (class unmergeable_svalue): New forward decl.
712 (class placeholder_svalue): New forward decl.
713 (class widening_svalue): New forward decl.
714 (class compound_svalue): New forward decl.
715 (class conjured_svalue): New forward decl.
716 (svalue_set): New typedef.
717 (class map_region): Delete.
718 (class array_region): Delete.
719 (class frame_region): New forward decl.
720 (class function_region): New forward decl.
721 (class label_region): New forward decl.
722 (class decl_region): New forward decl.
723 (class element_region): New forward decl.
724 (class offset_region): New forward decl.
725 (class cast_region): New forward decl.
726 (class field_region): New forward decl.
727 (class string_region): New forward decl.
728 (class region_model_manager): New forward decl.
729 (class store_manager): New forward decl.
730 (class store): New forward decl.
731 (class call_details): New forward decl.
732 (struct svalue_id_merger_mapping): Delete.
733 (struct canonicalization): Delete.
734 (class function_point): New forward decl.
735 (class engine): New forward decl.
736 (dump_tree): New function decl.
737 (print_quoted_type): New function decl.
738 (readability_comparator): New function decl.
739 (tree_cmp): New function decl.
740 (class path_var): Move here from region-model.h
741 (bit_offset_t, bit_size_t, byte_size_t): New typedefs.
742 (class region_offset): New class.
743 (get_stmt_location): New decl.
744 (struct member_function_hash_traits): New struct.
745 (class consolidation_map): New class.
746 Ignore "-Wformat-diag".
747 * analyzer.opt (-param=analyzer-max-svalue-depth=): New param.
748 (-param=analyzer-max-enodes-for-full-dump=): New param.
749 * call-string.cc: Ignore -Wformat-diag.
750 * checker-path.cc: Move includes of "analyzer/call-string.h" and
751 "analyzer/program-point.h" to before "analyzer/region-model.h",
752 and also include "analyzer/store.h" before it.
753 (state_change_event::state_change_event): Replace "tree var" param
754 with "const svalue *sval". Convert "origin" param from tree to
756 (state_change_event::get_desc): Call get_representative_tree to
757 convert the var and origin from const svalue * to tree. Use
758 svalue::get_desc rather than %qE when describing state changes.
759 (checker_path::add_final_event): Use get_stmt_location.
760 * checker-path.h (state_change_event::state_change_event): Port
761 from tree to const svalue *.
762 (state_change_event::get_lvalue): Delete.
763 (state_change_event::get_dest_function): New.
764 (state_change_event::m_var): Replace with...
765 (state_change_event::m_sval): ...this.
766 (state_change_event::m_origin): Convert from tree to
768 * constraint-manager.cc: Include "analyzer/call-string.h",
769 "analyzer/program-point.h", and "analyzer/store.h" before
770 "analyzer/region-model.h".
771 (struct bound, struct range): Move to constraint-manager.h.
772 (compare_constants): New function.
773 (range::dump): Rename to...
774 (range::dump_to_pp): ...this. Support NULL constants.
775 (range::dump): Reintroduce for dumping to stderr.
776 (range::constrained_to_single_element): Return result, rather than
778 (range::eval_condition): New.
779 (range::below_lower_bound): New.
780 (range::above_upper_bound): New.
781 (equiv_class::equiv_class): Port from svalue_id to const svalue *.
782 (equiv_class::print): Likewise.
783 (equiv_class::hash): Likewise.
784 (equiv_class::operator==): Port from svalue_id to const svalue *.
785 (equiv_class::add): Port from svalue_id to const svalue *. Drop
787 (equiv_class::del): Port from svalue_id to const svalue *.
788 (equiv_class::get_representative): Likewise.
789 (equiv_class::remap_svalue_ids): Delete.
790 (svalue_id_cmp_by_id): Rename to...
791 (svalue_cmp_by_ptr): ...this, porting from svalue_id to
793 (equiv_class::canonicalize): Update qsort comparator.
794 (constraint::implied_by): New.
795 (constraint_manager::constraint_manager): Copy m_mgr in copy ctor.
796 (constraint_manager::dump_to_pp): Add "multiline" param
797 (constraint_manager::dump): Pass "true" for "multiline".
798 (constraint_manager::add_constraint): Port from svalue_id to
799 const svalue *. Split out second part into...
800 (constraint_manager::add_unknown_constraint): ...this new
801 function. Remove self-constraints when merging equivalence
803 (constraint_manager::add_constraint_internal): Remove constraints
804 that would be implied by the new constraint. Port from svalue_id
806 (constraint_manager::get_equiv_class_by_sid): Rename to...
807 (constraint_manager::get_equiv_class_by_svalue): ...this, porting
808 from svalue_id to const svalue *.
809 (constraint_manager::get_or_add_equiv_class): Port from svalue_id
811 (constraint_manager::eval_condition): Make const. Call
812 compare_constants and return early if it provides a known result.
813 (constraint_manager::get_ec_bounds): New.
814 (constraint_manager::eval_condition): New overloads. Make
815 existing one const, and use compare_constants.
816 (constraint_manager::purge): Convert "p" param to a template
817 rather that an abstract base class. Port from svalue_id to
819 (class dead_svalue_purger): New class.
820 (constraint_manager::remap_svalue_ids): Delete.
821 (constraint_manager::on_liveness_change): New.
822 (equiv_class_cmp): Port from svalue_id to const svalue *.
823 (constraint_manager::canonicalize): Likewise. Combine with
824 purging of redundant equivalence classes and constraints.
825 (class cleaned_constraint_manager): Delete.
826 (class merger_fact_visitor): Make "m_cm_b" const. Add "m_merger"
828 (merger_fact_visitor::fact): Port from svalue_id to const svalue *.
829 Add special case for widening.
830 (constraint_manager::merge): Port from svalue_id to const svalue *.
831 (constraint_manager::clean_merger_input): Delete.
832 (constraint_manager::for_each_fact): Port from svalue_id to
834 (constraint_manager::validate): Likewise.
835 (selftest::test_constraint_conditions): Provide a
836 region_model_manager when creating region_model instances.
837 Add test for self-equality not creating equivalence classes.
838 (selftest::test_transitivity): Provide a region_model_manager when
839 creating region_model instances. Verify that EC-merging happens
840 when constraints are implied.
841 (selftest::test_constant_comparisons): Provide a
842 region_model_manager when creating region_model instances.
843 (selftest::test_constraint_impl): Likewise. Remove over-specified
845 (selftest::test_equality): Provide a region_model_manager when
846 creating region_model instances.
847 (selftest::test_many_constants): Likewise. Provide a
848 program_point when testing merging.
849 (selftest::run_constraint_manager_tests): Move call to
850 test_constant_comparisons to outside the transitivity guard.
851 * constraint-manager.h (struct bound): Move here from
852 constraint-manager.cc.
853 (struct range): Likewise.
854 (struct::eval_condition): New decl.
855 (struct::below_lower_bound): New decl.
856 (struct::above_upper_bound): New decl.
857 (equiv_class::add): Port from svalue_id to const svalue *.
858 (equiv_class::del): Likewise.
859 (equiv_class::get_representative): Likewise.
860 (equiv_class::remap_svalue_ids): Drop.
861 (equiv_class::m_cst_sid): Convert to..
862 (equiv_class::m_cst_sval): ...this.
863 (equiv_class::m_vars): Port from svalue_id to const svalue *.
864 (constraint::bool implied_by): New decl.
865 (fact_visitor::on_fact): Port from svalue_id to const svalue *.
866 (constraint_manager::constraint_manager): Add mgr param.
867 (constraint_manager::clone): Delete.
868 (constraint_manager::maybe_get_constant): Delete.
869 (constraint_manager::get_sid_for_constant): Delete.
870 (constraint_manager::get_num_svalues): Delete.
871 (constraint_manager::dump_to_pp): Add "multiline" param.
872 (constraint_manager::get_equiv_class): Port from svalue_id to
874 (constraint_manager::add_constraint): Likewise.
875 (constraint_manager::get_equiv_class_by_sid): Rename to...
876 (constraint_manager::get_equiv_class_by_svalue): ...this, porting
877 from svalue_id to const svalue *.
878 (constraint_manager::add_unknown_constraint): New decl.
879 (constraint_manager::get_or_add_equiv_class): Port from svalue_id
881 (constraint_manager::eval_condition): Likewise. Add overloads.
882 (constraint_manager::get_ec_bounds): New decl.
883 (constraint_manager::purge): Convert to template.
884 (constraint_manager::remap_svalue_ids): Delete.
885 (constraint_manager::on_liveness_change): New decl.
886 (constraint_manager::canonicalize): Drop param.
887 (constraint_manager::clean_merger_input): Delete.
888 (constraint_manager::m_mgr): New field.
889 * diagnostic-manager.cc: Move includes of
890 "analyzer/call-string.h" and "analyzer/program-point.h" to before
891 "analyzer/region-model.h", and also include "analyzer/store.h"
893 (saved_diagnostic::saved_diagnostic): Add "sval" param.
894 (diagnostic_manager::diagnostic_manager): Add engine param.
895 (diagnostic_manager::add_diagnostic): Add "sval" param, passing it
896 to saved_diagnostic ctor. Update overload to pass NULL for it.
897 (dedupe_winners::dedupe_winners): Add engine param.
898 (dedupe_winners::add): Add "eg" param. Pass m_engine to
900 (dedupe_winner::m_engine): New field.
901 (diagnostic_manager::emit_saved_diagnostics): Pass engine to
902 dedupe_winners. Pass &eg when adding candidates. Pass svalue
903 rather than tree to prune_path. Use get_stmt_location to get
904 primary location of diagnostic.
905 (diagnostic_manager::emit_saved_diagnostic): Likewise.
906 (get_any_origin): Drop.
907 (state_change_event_creator::on_global_state_change): Pass NULL
908 const svalue * rather than NULL_TREE trees to state_change_event
910 (state_change_event_creator::on_state_change): Port from tree and
911 svalue_id to const svalue *.
912 (for_each_state_change): Port from svalue_id to const svalue *.
913 (struct null_assignment_sm_context): New.
914 (diagnostic_manager::add_events_for_eedge): Add state change
915 events for assignment to NULL.
916 (diagnostic_manager::prune_path): Update param from tree to
918 (diagnostic_manager::prune_for_sm_diagnostic): Port from tracking
919 by tree to by const svalue *.
920 * diagnostic-manager.h (saved_diagnostic::saved_diagnostic): Add sval
922 (saved_diagnostic::m_sval): New field.
923 (diagnostic_manager::diagnostic_manager): Add engine param.
924 (diagnostic_manager::get_engine): New.
925 (diagnostic_manager::add_diagnostic): Add "sval" param.
926 (diagnostic_manager::prune_path): Likewise.
927 (diagnostic_manager::prune_for_sm_diagnostic): New overload.
928 (diagnostic_manager::m_eng): New field.
929 * engine.cc: Move includes of "analyzer/call-string.h" and
930 "analyzer/program-point.h" to before "analyzer/region-model.h",
931 and also include "analyzer/store.h" before it.
932 (impl_region_model_context::impl_region_model_context): Update for
933 removal of m_change field.
934 (impl_region_model_context::remap_svalue_ids): Delete.
935 (impl_region_model_context::on_svalue_leak): New.
936 (impl_region_model_context::on_svalue_purge): Delete.
937 (impl_region_model_context::on_liveness_change): New.
938 (impl_region_model_context::on_unknown_change): Update param
939 from svalue_id to const svalue *. Add is_mutable param.
940 (setjmp_svalue::compare_fields): Delete.
941 (setjmp_svalue::accept): New.
942 (setjmp_svalue::add_to_hash): Delete.
943 (setjmp_svalue::dump_to_pp): New.
944 (setjmp_svalue::print_details): Delete.
945 (impl_sm_context::impl_sm_context): Drop "change" param.
946 (impl_sm_context::get_fndecl_for_call): Drop "m_change".
947 (impl_sm_context::on_transition): Drop ATTRIBUTE_UNUSED from
948 "stmt" param. Drop m_change. Port from svalue_id to
950 (impl_sm_context::warn_for_state): Drop m_change. Port from
951 svalue_id to const svalue *.
952 (impl_sm_context::get_readable_tree): Rename to...
953 (impl_sm_context::get_diagnostic_tree): ...this. Port from
954 svalue_id to const svalue *.
955 (impl_sm_context::is_zero_assignment): New.
956 (impl_sm_context::m_change): Delete field.
957 (leak_stmt_finder::find_stmt): Handle m_var being NULL.
958 (readability): Increase penalty for MEM_REF. For SSA_NAMEs,
959 slightly favor the underlying var over the SSA name. Heavily
960 penalize temporaries. Handle RESULT_DECL.
961 (readability_comparator): Make non-static. Consider stack depths.
962 (impl_region_model_context::on_state_leak): Convert from svalue_id
963 to const svalue *, updating for region_model changes. Use
965 (impl_region_model_context::on_inherited_svalue): Delete.
966 (impl_region_model_context::on_cast): Delete.
967 (impl_region_model_context::on_condition): Drop m_change.
968 (impl_region_model_context::on_phi): Likewise.
969 (impl_region_model_context::on_unexpected_tree_code): Handle t
971 (point_and_state::validate): Update stack checking for
972 region_model changes.
973 (eg_traits::dump_args_t::show_enode_details_p): New.
974 (exploded_node::exploded_node): Initialize m_num_processed_stmts.
975 (exploded_node::get_processed_stmt): New function.
976 (exploded_node::get_dot_fillcolor): Add more colors.
977 (exploded_node::dump_dot): Guard the printing of the point and
978 state with show_enode_details_p. Print the processed stmts for
979 this enode after the initial state.
980 (exploded_node::dump_to_pp): Pass true for new multiline param
981 of program_state::dump_to_pp.
982 (exploded_node::on_stmt): Drop "change" param. Log the stmt.
983 Set input_location. Implement __analyzer_describe. Update
984 implementation of __analyzer_dump and __analyzer_eval.
985 Remove purging of sm-state for unknown fncalls from here.
986 (exploded_node::on_edge): Drop "change" param.
987 (exploded_node::on_longjmp): Port from region_id/svalue_id to
988 const region */const svalue *. Call program_state::detect_leaks.
990 (exploded_node::detect_leaks): Update for changes to region_model.
991 Call program_state::detect_leaks.
992 (exploded_edge::exploded_edge): Drop ext_state and change params.
993 (exploded_edge::dump_dot): "args" is no longer used. Drop dumping
995 (exploded_graph::exploded_graph): Pass engine to
996 m_diagnostic_manager ctor. Use program_point::origin.
997 (exploded_graph::add_function_entry): Drop ctxt. Use
998 program_state::push_frame. Drop state_change.
999 (exploded_graph::get_or_create_node): Drop "change" param. Add
1000 "enode_for_diag" param. Update dumping calls for API changes.
1001 Pass point to can_merge_with_p. Show enode indices
1002 within -Wanalyzer-too-complex diagnostic for hitting the per-point
1004 (exploded_graph::add_edge): Drop "change" param. Log which nodes
1005 are being connected. Update for changes to exploded_edge ctor.
1006 (exploded_graph::get_per_program_point_data): New.
1007 (exploded_graph::process_worklist): Pass point to
1008 can_merge_with_p. Drop state_change. Update dumping call for API
1010 (exploded_graph::process_node): Drop state_change. Split the
1011 node in-place if an sm-state-change occurs. Update
1012 m_num_processed_stmts. Update dumping calls for API change.
1013 (exploded_graph::log_stats): Call engine::log_stats.
1014 (exploded_graph::dump_states_for_supernode): Update dumping
1016 (exploded_path::feasible_p): Add "eng" and "eg" params.
1017 Rename "i" to "end_idx". Pass the manager to the region_model
1018 ctor. Update for every processed stmt in the enode, not just the
1019 first. Keep track of which snodes have been visited, and call
1020 loop_replay_fixup when revisiting one.
1021 (enode_label::get_text): Update dump call for new param.
1022 (exploded_graph::dump_exploded_nodes): Likewise.
1023 (exploded_graph::get_node_by_index): New.
1024 (impl_run_checkers): Create engine instance and pass its address
1025 to extrinsic_state ctor.
1027 (impl_region_model_context::impl_region_model_context): Drop
1029 (impl_region_model_context::void remap_svalue_ids): Delete.
1030 (impl_region_model_context::on_svalue_purge): Delete.
1031 (impl_region_model_context::on_svalue_leak): New.
1032 (impl_region_model_context::on_liveness_change): New.
1033 (impl_region_model_context::on_state_leak): Update signature.
1034 (impl_region_model_context::on_inherited_svalue): Delete.
1035 (impl_region_model_context::on_cast): Delete.
1036 (impl_region_model_context::on_unknown_change): Update signature.
1037 (impl_region_model_context::m_change): Delete.
1038 (eg_traits::dump_args_t::show_enode_details_p): New.
1039 (exploded_node::on_stmt): Drop "change" param.
1040 (exploded_node::on_edge): Likewise.
1041 (exploded_node::get_processed_stmt): New decl.
1042 (exploded_node::m_num_processed_stmts): New field.
1043 (exploded_edge::exploded_edge): Drop ext_state and change params.
1044 (exploded_edge::m_change): Delete.
1045 (exploded_graph::get_engine): New accessor.
1046 (exploded_graph::get_or_create_node): Drop "change" param. Add
1047 "enode_for_diag" param.
1048 (exploded_graph::add_edge): Drop "change" param.
1049 (exploded_graph::get_per_program_point_data): New decl.
1050 (exploded_graph::get_node_by_index): New decl.
1051 (exploded_path::feasible_p): Add "eng" and "eg" params.
1052 * program-point.cc: Include "analyzer/store.h" before including
1053 "analyzer/region-model.h".
1054 (function_point::function_point): Move here from
1056 (function_point::get_function): Likewise.
1057 (function_point::from_function_entry): Likewise.
1058 (function_point::before_supernode): Likewise.
1059 (function_point::next_stmt): New function.
1060 * program-point.h (function_point::function_point): Move
1061 implementation from here to program-point.cc.
1062 (function_point::get_function): Likewise.
1063 (function_point::from_function_entry): Likewise.
1064 (function_point::before_supernode): Likewise.
1065 (function_point::next_stmt): New decl.
1066 (program_point::operator!=): New.
1067 (program_point::origin): New.
1068 (program_point::next_stmt): New.
1069 (program_point::m_function_point): Make non-const.
1070 * program-state.cc: Move includes of "analyzer/call-string.h" and
1071 "analyzer/program-point.h" to before "analyzer/region-model.h",
1072 and also include "analyzer/store.h" before it.
1073 (extrinsic_state::get_model_manager): New.
1074 (sm_state_map::sm_state_map): Pass in sm and sm_idx to ctor,
1075 rather than pass the around.
1076 (sm_state_map::clone_with_remapping): Delete.
1077 (sm_state_map::print): Remove "sm" param in favor of "m_sm". Add
1078 "simple" and "multiline" params and support multiline vs single
1080 (sm_state_map::dump): Remove "sm" param in favor of "m_sm". Add
1082 (sm_state_map::hash): Port from svalue_id to const svalue *.
1083 (sm_state_map::operator==): Likewise.
1084 (sm_state_map::get_state): Likewise. Call canonicalize_svalue on
1085 input. Handle inheritance of sm-state. Call get_default_state.
1086 (sm_state_map::get_origin): Port from svalue_id to const svalue *.
1087 (sm_state_map::set_state): Likewise. Pass in ext_state. Reject
1088 attempts to set state on UNKNOWN.
1089 (sm_state_map::impl_set_state): Port from svalue_id to
1090 const svalue *. Pass in ext_state. Call canonicalize_svalue on
1092 (sm_state_map::purge_for_unknown_fncall): Delete.
1093 (sm_state_map::on_svalue_leak): New.
1094 (sm_state_map::remap_svalue_ids): Delete.
1095 (sm_state_map::on_liveness_change): New.
1096 (sm_state_map::on_unknown_change): Reimplement.
1097 (sm_state_map::on_svalue_purge): Delete.
1098 (sm_state_map::on_inherited_svalue): Delete.
1099 (sm_state_map::on_cast): Delete.
1100 (sm_state_map::validate): Delete.
1101 (sm_state_map::canonicalize_svalue): New.
1102 (program_state::program_state): Update to pass manager to
1103 region_model's ctor. Constify num_states and pass state machine
1104 and index to sm_state_map ctor.
1105 (program_state::print): Update for changes to dump API.
1106 (program_state::dump_to_pp): Ignore the summarize param. Add
1108 (program_state::dump_to_file): Add "multiline" param.
1109 (program_state::dump): Pass "true" for new "multiline" param.
1110 (program_state::push_frame): New.
1111 (program_state::on_edge): Drop "change" param. Call
1112 program_state::detect_leaks.
1113 (program_state::prune_for_point): Add enode_for_diag param.
1114 Reimplement based on store class. Call detect_leaks
1115 (program_state::remap_svalue_ids): Delete.
1116 (program_state::get_representative_tree): Port from svalue_id to
1118 (program_state::can_merge_with_p): Add "point" param. Add early
1119 reject for sm-differences. Drop id remapping.
1120 (program_state::validate): Drop region model and sm_state_map
1122 (state_change::sm_change::dump): Delete.
1123 (state_change::sm_change::remap_svalue_ids): Delete.
1124 (state_change::sm_change::on_svalue_purge): Delete.
1125 (log_set_of_svalues): New.
1126 (state_change::sm_change::validate): Delete.
1127 (state_change::state_change): Delete.
1128 (state_change::add_sm_change): Delete.
1129 (state_change::affects_p): Delete.
1130 (state_change::dump): Delete.
1131 (state_change::remap_svalue_ids): Delete.
1132 (state_change::on_svalue_purge): Delete.
1133 (state_change::validate): Delete.
1134 (selftest::assert_dump_eq): Delete.
1135 (ASSERT_DUMP_EQ): Delete.
1136 (selftest::test_sm_state_map): Update for changes to region_model
1137 and sm_state_map, porting from svalue_id to const svalue *.
1138 (selftest::test_program_state_dumping): Likewise. Drop test of
1139 dumping, renaming to...
1140 (selftest::test_program_state_1): ...this.
1141 (selftest::test_program_state_dumping_2): Likewise, renaming to...
1142 (selftest::test_program_state_2): ...this.
1143 (selftest::test_program_state_merging): Update for changes to
1145 (selftest::test_program_state_merging_2): Likewise.
1146 (selftest::analyzer_program_state_cc_tests): Update for renamed
1148 * program-state.h (extrinsic_state::extrinsic_state): Add logger
1150 (extrinsic_state::get_logger): New accessor.
1151 (extrinsic_state::get_engine): New accessor.
1152 (extrinsic_state::get_model_manager): New accessor.
1153 (extrinsic_state::m_logger): New field.
1154 (extrinsic_state::m_engine): New field.
1155 (struct default_hash_traits<svalue_id>): Delete.
1156 (pod_hash_traits<svalue_id>::hash): Delete.
1157 (pod_hash_traits<svalue_id>::equal): Delete.
1158 (pod_hash_traits<svalue_id>::mark_deleted): Delete.
1159 (pod_hash_traits<svalue_id>::mark_empty): Delete.
1160 (pod_hash_traits<svalue_id>::is_deleted): Delete.
1161 (pod_hash_traits<svalue_id>::is_empty): Delete.
1162 (sm_state_map::entry_t::entry_t): Port from svalue_id to
1164 (sm_state_map::entry_t::m_origin): Likewise.
1165 (sm_state_map::map_t): Likewise.
1166 (sm_state_map::sm_state_map): Add state_machine and index params.
1167 (sm_state_map::clone_with_remapping): Delete.
1168 (sm_state_map::print): Drop sm param; add simple and multiline
1170 (sm_state_map::dump): Drop sm param; add simple param.
1171 (sm_state_map::get_state): Port from svalue_id to const svalue *.
1172 Add ext_state param.
1173 (sm_state_map::get_origin): Likewise.
1174 (sm_state_map::set_state): Likewise.
1175 (sm_state_map::impl_set_state): Likewise.
1176 (sm_state_map::purge_for_unknown_fncall): Delete.
1177 (sm_state_map::remap_svalue_ids): Delete.
1178 (sm_state_map::on_svalue_purge): Delete.
1179 (sm_state_map::on_svalue_leak): New.
1180 (sm_state_map::on_liveness_change): New.
1181 (sm_state_map::on_inherited_svalue): Delete.
1182 (sm_state_map::on_cast): Delete.
1183 (sm_state_map::validate): Delete.
1184 (sm_state_map::on_unknown_change): Port from svalue_id to
1185 const svalue *. Add is_mutable and ext_state params.
1186 (sm_state_map::canonicalize_svalue): New.
1187 (sm_state_map::m_sm): New field.
1188 (sm_state_map::m_sm_idx): New field.
1189 (program_state::operator=): Delete.
1190 (program_state::dump_to_pp): Drop "summarize" param, adding
1191 "simple" and "multiline".
1192 (program_state::dump_to_file): Likewise.
1193 (program_state::dump): Rename "summarize" to "simple".
1194 (program_state::push_frame): New.
1195 (program_state::get_current_function): New.
1196 (program_state::on_edge): Drop "change" param.
1197 (program_state::prune_for_point): Likewise. Add enode_for_diag
1199 (program_state::remap_svalue_ids): Delete.
1200 (program_state::get_representative_tree): Port from svalue_id to
1202 (program_state::can_purge_p): Likewise. Pass ext_state to get_state.
1203 (program_state::can_merge_with_p): Add point param.
1204 (program_state::detect_leaks): New.
1205 (state_change_visitor::on_state_change): Port from tree and
1206 svalue_id to a pair of const svalue *.
1207 (class state_change): Delete.
1208 * region.cc: New file.
1209 * region-model-impl-calls.cc: New file.
1210 * region-model-manager.cc: New file.
1211 * region-model-reachability.cc: New file.
1212 * region-model-reachability.h: New file.
1213 * region-model.cc: Include "analyzer/call-string.h",
1214 "analyzer/program-point.h", and "analyzer/store.h" before
1215 "analyzer/region-model.h". Include
1216 "analyzer/region-model-reachability.h".
1217 (dump_tree): Make non-static.
1218 (dump_quoted_tree): Make non-static.
1219 (print_quoted_type): Make non-static.
1220 (path_var::dump): Delete.
1221 (dump_separator): Delete.
1222 (class impl_constraint_manager): Delete.
1223 (svalue_id::print): Delete.
1224 (svalue_id::dump_node_name_to_pp): Delete.
1225 (svalue_id::validate): Delete.
1226 (region_id::print): Delete.
1227 (region_id::dump_node_name_to_pp): Delete.
1228 (region_id::validate): Delete.
1229 (region_id_set::region_id_set): Delete.
1230 (svalue_id_set::svalue_id_set): Delete.
1231 (svalue::operator==): Delete.
1232 (svalue::hash): Delete.
1233 (svalue::print): Delete.
1234 (svalue::dump_dot_to_pp): Delete.
1235 (svalue::remap_region_ids): Delete.
1236 (svalue::walk_for_canonicalization): Delete.
1237 (svalue::get_child_sid): Delete.
1238 (svalue::maybe_get_constant): Delete.
1239 (region_svalue::compare_fields): Delete.
1240 (region_svalue::add_to_hash): Delete.
1241 (region_svalue::print_details): Delete.
1242 (region_svalue::dump_dot_to_pp): Delete.
1243 (region_svalue::remap_region_ids): Delete.
1244 (region_svalue::merge_values): Delete.
1245 (region_svalue::walk_for_canonicalization): Delete.
1246 (region_svalue::eval_condition): Delete.
1247 (constant_svalue::compare_fields): Delete.
1248 (constant_svalue::add_to_hash): Delete.
1249 (constant_svalue::merge_values): Delete.
1250 (constant_svalue::eval_condition): Move to svalue.cc.
1251 (constant_svalue::print_details): Delete.
1252 (constant_svalue::get_child_sid): Delete.
1253 (unknown_svalue::compare_fields): Delete.
1254 (unknown_svalue::add_to_hash): Delete.
1255 (unknown_svalue::print_details): Delete.
1256 (poison_kind_to_str): Move to svalue.cc.
1257 (poisoned_svalue::compare_fields): Delete.
1258 (poisoned_svalue::add_to_hash): Delete.
1259 (poisoned_svalue::print_details): Delete.
1260 (region_kind_to_str): Move to region.cc and reimplement.
1261 (region::operator==): Delete.
1262 (region::get_parent_region): Delete.
1263 (region::set_value): Delete.
1264 (region::become_active_view): Delete.
1265 (region::deactivate_any_active_view): Delete.
1266 (region::deactivate_view): Delete.
1267 (region::get_value): Delete.
1268 (region::get_inherited_child_sid): Delete.
1269 (region_model::copy_region): Delete.
1270 (region_model::copy_struct_region): Delete.
1271 (region_model::copy_union_region): Delete.
1272 (region_model::copy_array_region): Delete.
1273 (region::hash): Delete.
1274 (region::print): Delete.
1275 (region::dump_dot_to_pp): Delete.
1276 (region::dump_to_pp): Delete.
1277 (region::dump_child_label): Delete.
1278 (region::validate): Delete.
1279 (region::remap_svalue_ids): Delete.
1280 (region::remap_region_ids): Delete.
1281 (region::add_view): Delete.
1282 (region::get_view): Delete.
1283 (region::region): Move to region.cc.
1284 (region::add_to_hash): Delete.
1285 (region::print_fields): Delete.
1286 (region::non_null_p): Delete.
1287 (primitive_region::clone): Delete.
1288 (primitive_region::walk_for_canonicalization): Delete.
1289 (map_region::map_region): Delete.
1290 (map_region::compare_fields): Delete.
1291 (map_region::print_fields): Delete.
1292 (map_region::validate): Delete.
1293 (map_region::dump_dot_to_pp): Delete.
1294 (map_region::dump_child_label): Delete.
1295 (map_region::get_or_create): Delete.
1296 (map_region::get): Delete.
1297 (map_region::add_to_hash): Delete.
1298 (map_region::remap_region_ids): Delete.
1299 (map_region::unbind): Delete.
1300 (map_region::get_tree_for_child_region): Delete.
1301 (map_region::get_tree_for_child_region): Delete.
1302 (tree_cmp): Move to region.cc.
1303 (map_region::can_merge_p): Delete.
1304 (map_region::walk_for_canonicalization): Delete.
1305 (map_region::get_value_by_name): Delete.
1306 (struct_or_union_region::valid_key_p): Delete.
1307 (struct_or_union_region::compare_fields): Delete.
1308 (struct_region::clone): Delete.
1309 (struct_region::compare_fields): Delete.
1310 (union_region::clone): Delete.
1311 (union_region::compare_fields): Delete.
1312 (frame_region::compare_fields): Delete.
1313 (frame_region::clone): Delete.
1314 (frame_region::valid_key_p): Delete.
1315 (frame_region::print_fields): Delete.
1316 (frame_region::add_to_hash): Delete.
1317 (globals_region::compare_fields): Delete.
1318 (globals_region::clone): Delete.
1319 (globals_region::valid_key_p): Delete.
1320 (code_region::compare_fields): Delete.
1321 (code_region::clone): Delete.
1322 (code_region::valid_key_p): Delete.
1323 (array_region::array_region): Delete.
1324 (array_region::get_element): Delete.
1325 (array_region::clone): Delete.
1326 (array_region::compare_fields): Delete.
1327 (array_region::print_fields): Delete.
1328 (array_region::validate): Delete.
1329 (array_region::dump_dot_to_pp): Delete.
1330 (array_region::dump_child_label): Delete.
1331 (array_region::get_or_create): Delete.
1332 (array_region::get): Delete.
1333 (array_region::add_to_hash): Delete.
1334 (array_region::remap_region_ids): Delete.
1335 (array_region::get_key_for_child_region): Delete.
1336 (array_region::key_cmp): Delete.
1337 (array_region::walk_for_canonicalization): Delete.
1338 (array_region::key_from_constant): Delete.
1339 (array_region::constant_from_key): Delete.
1340 (function_region::compare_fields): Delete.
1341 (function_region::clone): Delete.
1342 (function_region::valid_key_p): Delete.
1343 (stack_region::stack_region): Delete.
1344 (stack_region::compare_fields): Delete.
1345 (stack_region::clone): Delete.
1346 (stack_region::print_fields): Delete.
1347 (stack_region::dump_child_label): Delete.
1348 (stack_region::validate): Delete.
1349 (stack_region::push_frame): Delete.
1350 (stack_region::get_current_frame_id): Delete.
1351 (stack_region::pop_frame): Delete.
1352 (stack_region::add_to_hash): Delete.
1353 (stack_region::remap_region_ids): Delete.
1354 (stack_region::can_merge_p): Delete.
1355 (stack_region::walk_for_canonicalization): Delete.
1356 (stack_region::get_value_by_name): Delete.
1357 (heap_region::heap_region): Delete.
1358 (heap_region::compare_fields): Delete.
1359 (heap_region::clone): Delete.
1360 (heap_region::walk_for_canonicalization): Delete.
1361 (root_region::root_region): Delete.
1362 (root_region::compare_fields): Delete.
1363 (root_region::clone): Delete.
1364 (root_region::print_fields): Delete.
1365 (root_region::validate): Delete.
1366 (root_region::dump_child_label): Delete.
1367 (root_region::push_frame): Delete.
1368 (root_region::get_current_frame_id): Delete.
1369 (root_region::pop_frame): Delete.
1370 (root_region::ensure_stack_region): Delete.
1371 (root_region::get_stack_region): Delete.
1372 (root_region::ensure_globals_region): Delete.
1373 (root_region::get_code_region): Delete.
1374 (root_region::ensure_code_region): Delete.
1375 (root_region::get_globals_region): Delete.
1376 (root_region::ensure_heap_region): Delete.
1377 (root_region::get_heap_region): Delete.
1378 (root_region::remap_region_ids): Delete.
1379 (root_region::can_merge_p): Delete.
1380 (root_region::add_to_hash): Delete.
1381 (root_region::walk_for_canonicalization): Delete.
1382 (root_region::get_value_by_name): Delete.
1383 (symbolic_region::symbolic_region): Delete.
1384 (symbolic_region::compare_fields): Delete.
1385 (symbolic_region::clone): Delete.
1386 (symbolic_region::walk_for_canonicalization): Delete.
1387 (symbolic_region::print_fields): Delete.
1388 (region_model::region_model): Add region_model_manager * param.
1389 Reimplement in terms of store, dropping impl_constraint_manager
1391 (region_model::operator=): Reimplement in terms of store
1392 (region_model::operator==): Likewise.
1393 (region_model::hash): Likewise.
1394 (region_model::print): Delete.
1395 (region_model::print_svalue): Delete.
1396 (region_model::dump_dot_to_pp): Delete.
1397 (region_model::dump_dot_to_file): Delete.
1398 (region_model::dump_dot): Delete.
1399 (region_model::dump_to_pp): Replace "summarize" param with
1400 "simple" and "multiline". Port to store-based implementation.
1401 (region_model::dump): Replace "summarize" param with "simple" and
1403 (dump_vec_of_tree): Delete.
1404 (region_model::dump_summary_of_rep_path_vars): Delete.
1405 (region_model::validate): Delete.
1406 (svalue_id_cmp_by_constant_svalue_model): Delete.
1407 (svalue_id_cmp_by_constant_svalue): Delete.
1408 (region_model::canonicalize): Drop "ctxt" param. Reimplement in
1409 terms of store and constraints.
1410 (region_model::canonicalized_p): Remove NULL arg to canonicalize.
1411 (region_model::loop_replay_fixup): New.
1412 (poisoned_value_diagnostic::emit): Tweak wording of warnings.
1413 (region_model::check_for_poison): Delete.
1414 (region_model::get_gassign_result): New.
1415 (region_model::on_assignment): Port to store-based implementation.
1416 (region_model::on_call_pre): Delete calls to check_for_poison.
1417 Move implementations to region-model-impl-calls.c and port to
1418 store-based implementation.
1419 (region_model::on_call_post): Likewise.
1420 (class reachable_regions): Move to region-model-reachability.h/cc
1421 and port to store-based implementation.
1422 (region_model::handle_unrecognized_call): Port to store-based
1424 (region_model::get_reachable_svalues): New.
1425 (region_model::on_setjmp): Port to store-based implementation.
1426 (region_model::on_longjmp): Likewise.
1427 (region_model::handle_phi): Drop is_back_edge param and the logic
1429 (region_model::get_lvalue_1): Port from region_id to const region *.
1430 (region_model::make_region_for_unexpected_tree_code): Delete.
1431 (assert_compat_types): If the check fails, use internal_error to
1433 (region_model::get_lvalue): Port from region_id to const region *.
1434 (region_model::get_rvalue_1): Port from svalue_id to const svalue *.
1435 (region_model::get_rvalue): Likewise.
1436 (region_model::get_or_create_ptr_svalue): Delete.
1437 (region_model::get_or_create_constant_svalue): Delete.
1438 (region_model::get_svalue_for_fndecl): Delete.
1439 (region_model::get_region_for_fndecl): Delete.
1440 (region_model::get_svalue_for_label): Delete.
1441 (region_model::get_region_for_label): Delete.
1442 (build_cast): Delete.
1443 (region_model::maybe_cast_1): Delete.
1444 (region_model::maybe_cast): Delete.
1445 (region_model::get_field_region): Delete.
1446 (region_model::get_store_value): New.
1447 (region_model::region_exists_p): New.
1448 (region_model::deref_rvalue): Port from svalue_id to const svalue *.
1449 (region_model::set_value): Likewise.
1450 (region_model::clobber_region): New.
1451 (region_model::purge_region): New.
1452 (region_model::zero_fill_region): New.
1453 (region_model::mark_region_as_unknown): New.
1454 (region_model::eval_condition): Port from svalue_id to
1456 (region_model::eval_condition_without_cm): Likewise.
1457 (region_model::compare_initial_and_pointer): New.
1458 (region_model::add_constraint): Port from svalue_id to
1460 (region_model::maybe_get_constant): Delete.
1461 (region_model::get_representative_path_var): New.
1462 (region_model::add_new_malloc_region): Delete.
1463 (region_model::get_representative_tree): Port to const svalue *.
1464 (region_model::get_representative_path_var): Port to
1466 (region_model::get_path_vars_for_svalue): Delete.
1467 (region_model::set_to_new_unknown_value): Delete.
1468 (region_model::update_for_phis): Don't pass is_back_edge to handle_phi.
1469 (region_model::update_for_call_superedge): Port from svalue_id to
1471 (region_model::update_for_return_superedge): Port to store-based
1473 (region_model::update_for_call_summary): Replace
1474 set_to_new_unknown_value with mark_region_as_unknown.
1475 (region_model::get_root_region): Delete.
1476 (region_model::get_stack_region_id): Delete.
1477 (region_model::push_frame): Delete.
1478 (region_model::get_current_frame_id): Delete.
1479 (region_model::get_current_function): Delete.
1480 (region_model::pop_frame): Delete.
1481 (region_model::on_top_level_param): New.
1482 (region_model::get_stack_depth): Delete.
1483 (region_model::get_function_at_depth): Delete.
1484 (region_model::get_globals_region_id): Delete.
1485 (region_model::add_svalue): Delete.
1486 (region_model::replace_svalue): Delete.
1487 (region_model::add_region): Delete.
1488 (region_model::get_svalue): Delete.
1489 (region_model::get_region): Delete.
1490 (make_region_for_type): Delete.
1491 (region_model::add_region_for_type): Delete.
1492 (region_model::on_top_level_param): New.
1493 (class restrict_to_used_svalues): Delete.
1494 (region_model::purge_unused_svalues): Delete.
1495 (region_model::push_frame): New.
1496 (region_model::remap_svalue_ids): Delete.
1497 (region_model::remap_region_ids): Delete.
1498 (region_model::purge_regions): Delete.
1499 (region_model::get_descendents): Delete.
1500 (region_model::delete_region_and_descendents): Delete.
1501 (region_model::poison_any_pointers_to_bad_regions): Delete.
1502 (region_model::can_merge_with_p): Delete.
1503 (region_model::get_current_function): New.
1504 (region_model::get_value_by_name): Delete.
1505 (region_model::convert_byte_offset_to_array_index): Delete.
1506 (region_model::pop_frame): New.
1507 (region_model::get_or_create_mem_ref): Delete.
1508 (region_model::get_stack_depth): New.
1509 (region_model::get_frame_at_index): New.
1510 (region_model::unbind_region_and_descendents): New.
1511 (struct bad_pointer_finder): New.
1512 (region_model::get_or_create_pointer_plus_expr): Delete.
1513 (region_model::poison_any_pointers_to_descendents): New.
1514 (region_model::get_or_create_view): Delete.
1515 (region_model::can_merge_with_p): New.
1516 (region_model::get_fndecl_for_call): Port from svalue_id to
1518 (struct append_ssa_names_cb_data): New.
1519 (get_ssa_name_regions_for_current_frame): New.
1520 (region_model::append_ssa_names_cb): New.
1521 (model_merger::dump_to_pp): Add "simple" param. Drop dumping of
1523 (model_merger::dump): Add "simple" param to both overloads.
1524 (model_merger::can_merge_values_p): Delete.
1525 (model_merger::record_regions): Delete.
1526 (model_merger::record_svalues): Delete.
1527 (svalue_id_merger_mapping::svalue_id_merger_mapping): Delete.
1528 (svalue_id_merger_mapping::dump_to_pp): Delete.
1529 (svalue_id_merger_mapping::dump): Delete.
1530 (region_model::create_region_for_heap_alloc): New.
1531 (region_model::create_region_for_alloca): New.
1532 (region_model::record_dynamic_extents): New.
1533 (canonicalization::canonicalization): Delete.
1534 (canonicalization::walk_rid): Delete.
1535 (canonicalization::walk_sid): Delete.
1536 (canonicalization::dump_to_pp): Delete.
1537 (canonicalization::dump): Delete.
1538 (inchash::add): Delete overloads for svalue_id and region_id.
1539 (engine::log_stats): New.
1540 (assert_condition): Add overload comparing svalues.
1541 (assert_dump_eq): Pass "true" for multiline.
1542 (selftest::test_dump): Update for rewrite of region_model.
1543 (selftest::test_dump_2): Rename to...
1544 (selftest::test_struct): ...this. Provide a region_model_manager
1545 when creating region_model instance. Remove dump test. Add
1546 checks for get_offset.
1547 (selftest::test_dump_3): Rename to...
1548 (selftest::test_array_1): ...this. Provide a region_model_manager
1549 when creating region_model instance. Remove dump test.
1550 (selftest::test_get_representative_tree): Port from svalue_id to
1551 new API. Add test coverage for various expressions.
1552 (selftest::test_unique_constants): Provide a region_model_manager
1553 for the region_model. Add test coverage for comparing const vs
1555 (selftest::test_svalue_equality): Delete.
1556 (selftest::test_region_equality): Delete.
1557 (selftest::test_unique_unknowns): New.
1558 (class purge_all_svalue_ids): Delete.
1559 (class purge_one_svalue_id): Delete.
1560 (selftest::test_purging_by_criteria): Delete.
1561 (selftest::test_initial_svalue_folding): New.
1562 (selftest::test_unaryop_svalue_folding): New.
1563 (selftest::test_binop_svalue_folding): New.
1564 (selftest::test_sub_svalue_folding): New.
1565 (selftest::test_purge_unused_svalues): Delete.
1566 (selftest::test_descendent_of_p): New.
1567 (selftest::test_assignment): Provide a region_model_manager for
1568 the region_model. Drop the dump test.
1569 (selftest::test_compound_assignment): Likewise.
1570 (selftest::test_stack_frames): Port to new implementation.
1571 (selftest::test_get_representative_path_var): Likewise.
1572 (selftest::test_canonicalization_1): Rename to...
1573 (selftest::test_equality_1): ...this. Port to new API, and add
1574 (selftest::test_canonicalization_2): Provide a
1575 region_model_manager when creating region_model instances.
1576 Remove redundant canicalization.
1577 (selftest::test_canonicalization_3): Provide a
1578 region_model_manager when creating region_model instances.
1579 Remove param from calls to region_model::canonicalize.
1580 (selftest::test_canonicalization_4): Likewise.
1581 (selftest::assert_region_models_merge): Constify
1582 out_merged_svalue. Port to new API.
1583 (selftest::test_state_merging): Provide a
1584 region_model_manager when creating region_model instances.
1585 Provide a program_point point when merging them. Replace
1586 set_to_new_unknown_value with usage of placeholder_svalues.
1587 Drop get_value_by_name. Port from svalue_id to const svalue *.
1588 Add test of heap allocation.
1589 (selftest::test_constraint_merging): Provide a
1590 region_model_manager when creating region_model instances.
1591 Provide a program_point point when merging them. Eliminate use
1592 of set_to_new_unknown_value.
1593 (selftest::test_widening_constraints): New.
1594 (selftest::test_iteration_1): New.
1595 (selftest::test_malloc_constraints): Port to store-based
1597 (selftest::test_var): New test.
1598 (selftest::test_array_2): New test.
1599 (selftest::test_mem_ref): New test.
1600 (selftest::test_POINTER_PLUS_EXPR_then_MEM_REF): New.
1601 (selftest::test_malloc): New.
1602 (selftest::test_alloca): New.
1603 (selftest::analyzer_region_model_cc_tests): Update for renamings.
1605 * region-model.h (class path_var): Move to analyzer.h.
1606 (class svalue_id): Delete.
1607 (class region_id): Delete.
1608 (class id_map): Delete.
1609 (svalue_id_map): Delete.
1610 (region_id_map): Delete.
1611 (id_map<T>::id_map): Delete.
1612 (id_map<T>::put): Delete.
1613 (id_map<T>::get_dst_for_src): Delete.
1614 (id_map<T>::get_src_for_dst): Delete.
1615 (id_map<T>::dump_to_pp): Delete.
1616 (id_map<T>::dump): Delete.
1617 (id_map<T>::update): Delete.
1618 (one_way_svalue_id_map): Delete.
1619 (one_way_region_id_map): Delete.
1620 (class region_id_set): Delete.
1621 (class svalue_id_set): Delete.
1622 (struct complexity): New.
1623 (class visitor): New.
1624 (enum svalue_kind): Add SK_SETJMP, SK_INITIAL, SK_UNARYOP,
1625 SK_BINOP, SK_SUB,SK_UNMERGEABLE, SK_PLACEHOLDER, SK_WIDENING,
1626 SK_COMPOUND, and SK_CONJURED.
1627 (svalue::operator==): Delete.
1628 (svalue::operator!=): Delete.
1629 (svalue::clone): Delete.
1630 (svalue::hash): Delete.
1631 (svalue::dump_dot_to_pp): Delete.
1632 (svalue::dump_to_pp): New.
1633 (svalue::dump): New.
1634 (svalue::get_desc): New.
1635 (svalue::dyn_cast_initial_svalue): New.
1636 (svalue::dyn_cast_unaryop_svalue): New.
1637 (svalue::dyn_cast_binop_svalue): New.
1638 (svalue::dyn_cast_sub_svalue): New.
1639 (svalue::dyn_cast_unmergeable_svalue): New.
1640 (svalue::dyn_cast_widening_svalue): New.
1641 (svalue::dyn_cast_compound_svalue): New.
1642 (svalue::dyn_cast_conjured_svalue): New.
1643 (svalue::maybe_undo_cast): New.
1644 (svalue::unwrap_any_unmergeable): New.
1645 (svalue::remap_region_ids): Delete
1646 (svalue::can_merge_p): New.
1647 (svalue::walk_for_canonicalization): Delete
1648 (svalue::get_complexity): New.
1649 (svalue::get_child_sid): Delete
1650 (svalue::accept): New.
1651 (svalue::live_p): New.
1652 (svalue::implicitly_live_p): New.
1653 (svalue::svalue): Add complexity param.
1654 (svalue::add_to_hash): Delete
1655 (svalue::print_details): Delete
1656 (svalue::m_complexity): New field.
1657 (region_svalue::key_t): New struct.
1658 (region_svalue::region_svalue): Port from region_id to
1659 const region_id *. Add complexity.
1660 (region_svalue::compare_fields): Delete.
1661 (region_svalue::clone): Delete.
1662 (region_svalue::dump_dot_to_pp): Delete.
1663 (region_svalue::get_pointee): Port from region_id to
1665 (region_svalue::remap_region_ids): Delete.
1666 (region_svalue::merge_values): Delete.
1667 (region_svalue::dump_to_pp): New.
1668 (region_svalue::accept): New.
1669 (region_svalue::walk_for_canonicalization): Delete.
1670 (region_svalue::eval_condition): Make params const.
1671 (region_svalue::add_to_hash): Delete.
1672 (region_svalue::print_details): Delete.
1673 (region_svalue::m_rid): Replace with...
1674 (region_svalue::m_reg): ...this.
1675 (is_a_helper <region_svalue *>::test): Convert to...
1676 (is_a_helper <const region_svalue *>::test): ...this.
1677 (template <> struct default_hash_traits<region_svalue::key_t>):
1679 (constant_svalue::constant_svalue): Add complexity.
1680 (constant_svalue::compare_fields): Delete.
1681 (constant_svalue::clone): Delete.
1682 (constant_svalue::add_to_hash): Delete.
1683 (constant_svalue::dump_to_pp): New.
1684 (constant_svalue::accept): New.
1685 (constant_svalue::implicitly_live_p): New.
1686 (constant_svalue::merge_values): Delete.
1687 (constant_svalue::eval_condition): Make params const.
1688 (constant_svalue::get_child_sid): Delete.
1689 (constant_svalue::print_details): Delete.
1690 (is_a_helper <constant_svalue *>::test): Convert to...
1691 (is_a_helper <const constant_svalue *>::test): ...this.
1692 (class unknown_svalue): Update leading comment.
1693 (unknown_svalue::unknown_svalue): Add complexity.
1694 (unknown_svalue::compare_fields): Delete.
1695 (unknown_svalue::add_to_hash): Delete.
1696 (unknown_svalue::dyn_cast_unknown_svalue): Delete.
1697 (unknown_svalue::print_details): Delete.
1698 (unknown_svalue::dump_to_pp): New.
1699 (unknown_svalue::accept): New.
1700 (poisoned_svalue::key_t): New struct.
1701 (poisoned_svalue::poisoned_svalue): Add complexity.
1702 (poisoned_svalue::compare_fields): Delete.
1703 (poisoned_svalue::clone): Delete.
1704 (poisoned_svalue::add_to_hash): Delete.
1705 (poisoned_svalue::dump_to_pp): New.
1706 (poisoned_svalue::accept): New.
1707 (poisoned_svalue::print_details): Delete.
1708 (is_a_helper <poisoned_svalue *>::test): Convert to...
1709 (is_a_helper <const poisoned_svalue *>::test): ...this.
1710 (template <> struct default_hash_traits<poisoned_svalue::key_t>):
1712 (setjmp_record::add_to_hash): New.
1713 (setjmp_svalue::key_t): New struct.
1714 (setjmp_svalue::compare_fields): Delete.
1715 (setjmp_svalue::clone): Delete.
1716 (setjmp_svalue::add_to_hash): Delete.
1717 (setjmp_svalue::setjmp_svalue): Add complexity.
1718 (setjmp_svalue::dump_to_pp): New.
1719 (setjmp_svalue::accept): New.
1720 (setjmp_svalue::void print_details): Delete.
1721 (is_a_helper <const setjmp_svalue *>::test): New.
1722 (template <> struct default_hash_traits<setjmp_svalue::key_t>): New.
1723 (class initial_svalue : public svalue): New.
1724 (is_a_helper <const initial_svalue *>::test): New.
1725 (class unaryop_svalue): New.
1726 (is_a_helper <const unaryop_svalue *>::test): New.
1727 (template <> struct default_hash_traits<unaryop_svalue::key_t>): New.
1728 (class binop_svalue): New.
1729 (is_a_helper <const binop_svalue *>::test): New.
1730 (template <> struct default_hash_traits<binop_svalue::key_t>): New.
1731 (class sub_svalue): New.
1732 (is_a_helper <const sub_svalue *>::test): New.
1733 (template <> struct default_hash_traits<sub_svalue::key_t>): New.
1734 (class unmergeable_svalue): New.
1735 (is_a_helper <const unmergeable_svalue *>::test): New.
1736 (class placeholder_svalue): New.
1737 (is_a_helper <placeholder_svalue *>::test): New.
1738 (class widening_svalue): New.
1739 (is_a_helper <widening_svalue *>::test): New.
1740 (template <> struct default_hash_traits<widening_svalue::key_t>): New.
1741 (class compound_svalue): New.
1742 (is_a_helper <compound_svalue *>::test): New.
1743 (template <> struct default_hash_traits<compound_svalue::key_t>): New.
1744 (class conjured_svalue): New.
1745 (is_a_helper <conjured_svalue *>::test): New.
1746 (template <> struct default_hash_traits<conjured_svalue::key_t>): New.
1747 (enum region_kind): Delete RK_PRIMITIVE, RK_STRUCT, RK_UNION, and
1748 RK_ARRAY. Add RK_LABEL, RK_DECL, RK_FIELD, RK_ELEMENT, RK_OFFSET,
1749 RK_CAST, RK_HEAP_ALLOCATED, RK_ALLOCA, RK_STRING, and RK_UNKNOWN.
1750 (region_kind_to_str): Delete.
1751 (region::~region): Move implementation to region.cc.
1752 (region::operator==): Delete.
1753 (region::operator!=): Delete.
1754 (region::clone): Delete.
1755 (region::get_id): New.
1756 (region::cmp_ids): New.
1757 (region::dyn_cast_map_region): Delete.
1758 (region::dyn_cast_array_region): Delete.
1759 (region::region_id get_parent): Delete.
1760 (region::get_parent_region): Convert to a simple accessor.
1761 (region::void set_value): Delete.
1762 (region::svalue_id get_value): Delete.
1763 (region::svalue_id get_value_direct): Delete.
1764 (region::svalue_id get_inherited_child_sid): Delete.
1765 (region::dyn_cast_frame_region): New.
1766 (region::dyn_cast_function_region): New.
1767 (region::dyn_cast_decl_region): New.
1768 (region::dyn_cast_field_region): New.
1769 (region::dyn_cast_element_region): New.
1770 (region::dyn_cast_offset_region): New.
1771 (region::dyn_cast_cast_region): New.
1772 (region::dyn_cast_string_region): New.
1773 (region::accept): New.
1774 (region::get_base_region): New.
1775 (region::base_region_p): New.
1776 (region::descendent_of_p): New.
1777 (region::maybe_get_frame_region): New.
1778 (region::maybe_get_decl): New.
1779 (region::hash): Delete.
1780 (region::rint): Delete.
1781 (region::dump_dot_to_pp): Delete.
1782 (region::get_desc): New.
1783 (region::dump_to_pp): Convert to vfunc, changing signature.
1784 (region::dump_child_label): Delete.
1785 (region::remap_svalue_ids): Delete.
1786 (region::remap_region_ids): Delete.
1787 (region::dump): New.
1788 (region::walk_for_canonicalization): Delete.
1789 (region::non_null_p): Drop region_model param.
1790 (region::add_view): Delete.
1791 (region::get_view): Delete.
1792 (region::get_active_view): Delete.
1793 (region::is_view_p): Delete.
1794 (region::cmp_ptrs): New.
1795 (region::validate): Delete.
1796 (region::get_offset): New.
1797 (region::get_byte_size): New.
1798 (region::get_bit_size): New.
1799 (region::get_subregions_for_binding): New.
1800 (region::region): Add complexity param. Convert parent from
1801 region_id to const region *. Drop svalue_id. Drop copy ctor.
1802 (region::symbolic_for_unknown_ptr_p): New.
1803 (region::add_to_hash): Delete.
1804 (region::print_fields): Delete.
1805 (region::get_complexity): New accessor.
1806 (region::become_active_view): Delete.
1807 (region::deactivate_any_active_view): Delete.
1808 (region::deactivate_view): Delete.
1809 (region::calc_offset): New.
1810 (region::m_parent_rid): Delete.
1811 (region::m_sval_id): Delete.
1812 (region::m_complexity): New.
1813 (region::m_id): New.
1814 (region::m_parent): New.
1815 (region::m_view_rids): Delete.
1816 (region::m_is_view): Delete.
1817 (region::m_active_view_rid): Delete.
1818 (region::m_cached_offset): New.
1819 (is_a_helper <region *>::test): Convert to...
1820 (is_a_helper <const region *>::test): ... this.
1821 (class primitive_region): Delete.
1822 (class space_region): New.
1823 (class map_region): Delete.
1824 (is_a_helper <map_region *>::test): Delete.
1825 (class frame_region): Reimplement.
1826 (template <> struct default_hash_traits<frame_region::key_t>):
1828 (class globals_region): Reimplement.
1829 (is_a_helper <globals_region *>::test): Convert to...
1830 (is_a_helper <const globals_region *>::test): ...this.
1831 (class struct_or_union_region): Delete.
1832 (is_a_helper <struct_or_union_region *>::test): Delete.
1833 (class code_region): Reimplement.
1834 (is_a_helper <const code_region *>::test): New.
1835 (class struct_region): Delete.
1836 (is_a_helper <struct_region *>::test): Delete.
1837 (class function_region): Reimplement.
1838 (is_a_helper <function_region *>::test): Convert to...
1839 (is_a_helper <const function_region *>::test): ...this.
1840 (class union_region): Delete.
1841 (is_a_helper <union_region *>::test): Delete.
1842 (class label_region): New.
1843 (is_a_helper <const label_region *>::test): New.
1844 (class scope_region): Delete.
1845 (class stack_region): Reimplement.
1846 (is_a_helper <stack_region *>::test): Convert to...
1847 (is_a_helper <const stack_region *>::test): ...this.
1848 (class heap_region): Reimplement.
1849 (is_a_helper <heap_region *>::test): Convert to...
1850 (is_a_helper <const heap_region *>::test): ...this.
1851 (class root_region): Reimplement.
1852 (is_a_helper <root_region *>::test): Convert to...
1853 (is_a_helper <const root_region *>::test): ...this.
1854 (class symbolic_region): Reimplement.
1855 (is_a_helper <const symbolic_region *>::test): New.
1856 (template <> struct default_hash_traits<symbolic_region::key_t>):
1858 (class decl_region): New.
1859 (is_a_helper <const decl_region *>::test): New.
1860 (class field_region): New.
1861 (template <> struct default_hash_traits<field_region::key_t>): New.
1862 (class array_region): Delete.
1863 (class element_region): New.
1864 (is_a_helper <array_region *>::test): Delete.
1865 (is_a_helper <const element_region *>::test): New.
1866 (template <> struct default_hash_traits<element_region::key_t>):
1868 (class offset_region): New.
1869 (is_a_helper <const offset_region *>::test): New.
1870 (template <> struct default_hash_traits<offset_region::key_t>):
1872 (class cast_region): New.
1873 (is_a_helper <const cast_region *>::test): New.
1874 (template <> struct default_hash_traits<cast_region::key_t>): New.
1875 (class heap_allocated_region): New.
1876 (class alloca_region): New.
1877 (class string_region): New.
1878 (is_a_helper <const string_region *>::test): New.
1879 (class unknown_region): New.
1880 (class region_model_manager): New.
1881 (struct append_ssa_names_cb_data): New.
1882 (class call_details): New.
1883 (region_model::region_model): Add region_model_manager param.
1884 (region_model::print_svalue): Delete.
1885 (region_model::dump_dot_to_pp): Delete.
1886 (region_model::dump_dot_to_file): Delete.
1887 (region_model::dump_dot): Delete.
1888 (region_model::dump_to_pp): Drop summarize param in favor of
1889 simple and multiline.
1890 (region_model::dump): Likewise.
1891 (region_model::summarize_to_pp): Delete.
1892 (region_model::summarize): Delete.
1893 (region_model::void canonicalize): Drop ctxt param.
1894 (region_model::void check_for_poison): Delete.
1895 (region_model::get_gassign_result): New.
1896 (region_model::impl_call_alloca): New.
1897 (region_model::impl_call_analyzer_describe): New.
1898 (region_model::impl_call_analyzer_eval): New.
1899 (region_model::impl_call_builtin_expect): New.
1900 (region_model::impl_call_calloc): New.
1901 (region_model::impl_call_free): New.
1902 (region_model::impl_call_malloc): New.
1903 (region_model::impl_call_memset): New.
1904 (region_model::impl_call_strlen): New.
1905 (region_model::get_reachable_svalues): New.
1906 (region_model::handle_phi): Drop is_back_edge param.
1907 (region_model::region_id get_root_rid): Delete.
1908 (region_model::root_region *get_root_region): Delete.
1909 (region_model::region_id get_stack_region_id): Delete.
1910 (region_model::push_frame): Convert from region_id and svalue_id
1911 to const region * and const svalue *.
1912 (region_model::get_current_frame_id): Replace with...
1913 (region_model::get_current_frame): ...this.
1914 (region_model::pop_frame): Convert from region_id to
1915 const region *. Drop purge and stats param. Add out_result.
1916 (region_model::function *get_function_at_depth): Delete.
1917 (region_model::get_globals_region_id): Delete.
1918 (region_model::add_svalue): Delete.
1919 (region_model::replace_svalue): Delete.
1920 (region_model::add_region): Delete.
1921 (region_model::add_region_for_type): Delete.
1922 (region_model::get_svalue): Delete.
1923 (region_model::get_region): Delete.
1924 (region_model::get_lvalue): Convert from region_id to
1926 (region_model::get_rvalue): Convert from svalue_id to
1928 (region_model::get_or_create_ptr_svalue): Delete.
1929 (region_model::get_or_create_constant_svalue): Delete.
1930 (region_model::get_svalue_for_fndecl): Delete.
1931 (region_model::get_svalue_for_label): Delete.
1932 (region_model::get_region_for_fndecl): Delete.
1933 (region_model::get_region_for_label): Delete.
1934 (region_model::get_frame_at_index (int index) const;): New.
1935 (region_model::maybe_cast): Delete.
1936 (region_model::maybe_cast_1): Delete.
1937 (region_model::get_field_region): Delete.
1938 (region_model::id deref_rvalue): Convert from region_id and
1939 svalue_id to const region * and const svalue *. Drop overload,
1940 passing in both a tree and an svalue.
1941 (region_model::set_value): Convert from region_id and svalue_id to
1942 const region * and const svalue *.
1943 (region_model::set_to_new_unknown_value): Delete.
1944 (region_model::clobber_region (const region *reg);): New.
1945 (region_model::purge_region (const region *reg);): New.
1946 (region_model::zero_fill_region (const region *reg);): New.
1947 (region_model::mark_region_as_unknown (const region *reg);): New.
1948 (region_model::copy_region): Convert from region_id to
1950 (region_model::eval_condition): Convert from svalue_id to
1952 (region_model::eval_condition_without_cm): Likewise.
1953 (region_model::compare_initial_and_pointer): New.
1954 (region_model:maybe_get_constant): Delete.
1955 (region_model::add_new_malloc_region): Delete.
1956 (region_model::get_representative_tree): Convert from svalue_id to
1958 (region_model::get_representative_path_var): Delete decl taking a
1959 region_id in favor of two decls, for svalue vs region, with an
1960 svalue_set to ensure termination.
1961 (region_model::get_path_vars_for_svalue): Delete.
1962 (region_model::create_region_for_heap_alloc): New.
1963 (region_model::create_region_for_alloca): New.
1964 (region_model::purge_unused_svalues): Delete.
1965 (region_model::remap_svalue_ids): Delete.
1966 (region_model::remap_region_ids): Delete.
1967 (region_model::purge_regions): Delete.
1968 (region_model::get_num_svalues): Delete.
1969 (region_model::get_num_regions): Delete.
1970 (region_model::get_descendents): Delete.
1971 (region_model::get_store): New.
1972 (region_model::delete_region_and_descendents): Delete.
1973 (region_model::get_manager): New.
1974 (region_model::unbind_region_and_descendents): New.
1975 (region_model::can_merge_with_p): Add point param. Drop
1976 svalue_id_merger_mapping.
1977 (region_model::get_value_by_name): Delete.
1978 (region_model::convert_byte_offset_to_array_index): Delete.
1979 (region_model::get_or_create_mem_ref): Delete.
1980 (region_model::get_or_create_pointer_plus_expr): Delete.
1981 (region_model::get_or_create_view): Delete.
1982 (region_model::get_lvalue_1): Convert from region_id to
1984 (region_model::get_rvalue_1): Convert from svalue_id to
1986 (region_model::get_ssa_name_regions_for_current_frame): New.
1987 (region_model::append_ssa_names_cb): New.
1988 (region_model::get_store_value): New.
1989 (region_model::copy_struct_region): Delete.
1990 (region_model::copy_union_region): Delete.
1991 (region_model::copy_array_region): Delete.
1992 (region_model::region_exists_p): New.
1993 (region_model::make_region_for_unexpected_tree_code): Delete.
1994 (region_model::loop_replay_fixup): New.
1995 (region_model::poison_any_pointers_to_bad_regions): Delete.
1996 (region_model::poison_any_pointers_to_descendents): New.
1997 (region_model::dump_summary_of_rep_path_vars): Delete.
1998 (region_model::on_top_level_param): New.
1999 (region_model::record_dynamic_extents): New.
2000 (region_model::m_mgr;): New.
2001 (region_model::m_store;): New.
2002 (region_model::m_svalues;): Delete.
2003 (region_model::m_regions;): Delete.
2004 (region_model::m_root_rid;): Delete.
2005 (region_model::m_current_frame;): New.
2006 (region_model_context::remap_svalue_ids): Delete.
2007 (region_model_context::can_purge_p): Delete.
2008 (region_model_context::on_svalue_leak): New.
2009 (region_model_context::on_svalue_purge): Delete.
2010 (region_model_context::on_liveness_change): New.
2011 (region_model_context::on_inherited_svalue): Delete.
2012 (region_model_context::on_cast): Delete.
2013 (region_model_context::on_unknown_change): Convert from svalue_id to
2014 const svalue * and add is_mutable.
2015 (class noop_region_model_context): Update for region_model_context
2017 (model_merger::model_merger): Add program_point. Drop
2018 svalue_id_merger_mapping.
2019 (model_merger::dump_to_pp): Add "simple" param.
2020 (model_merger::dump): Likewise.
2021 (model_merger::get_region_a): Delete.
2022 (model_merger::get_region_b): Delete.
2023 (model_merger::can_merge_values_p): Delete.
2024 (model_merger::record_regions): Delete.
2025 (model_merger::record_svalues): Delete.
2026 (model_merger::m_point): New field.
2027 (model_merger::m_map_regions_from_a_to_m): Delete.
2028 (model_merger::m_map_regions_from_b_to_m): Delete.
2029 (model_merger::m_sid_mapping): Delete.
2030 (struct svalue_id_merger_mapping): Delete.
2031 (class engine): New.
2032 (struct canonicalization): Delete.
2033 (inchash::add): Delete decls for hashing svalue_id and region_id.
2034 (test_region_model_context::on_unexpected_tree_code): Require t to
2036 (selftest::assert_condition): Add overload comparing a pair of
2038 * sm-file.cc: Include "tristate.h", "selftest.h",
2039 "analyzer/call-string.h", "analyzer/program-point.h",
2040 "analyzer/store.h", and "analyzer/region-model.h".
2041 (fileptr_state_machine::get_default_state): New.
2042 (fileptr_state_machine::on_stmt): Remove calls to
2043 get_readable_tree in favor of get_diagnostic_tree.
2044 * sm-malloc.cc: Include "tristate.h", "selftest.h",
2045 "analyzer/call-string.h", "analyzer/program-point.h",
2046 "analyzer/store.h", and "analyzer/region-model.h".
2047 (malloc_state_machine::get_default_state): New.
2048 (malloc_state_machine::reset_when_passed_to_unknown_fn_p): New.
2049 (malloc_diagnostic::describe_state_change): Handle change.m_expr
2051 (null_arg::emit): Avoid printing "NULL '0'".
2052 (null_arg::describe_final_event): Avoid printing "(0) NULL".
2053 (malloc_leak::emit): Handle m_arg being NULL.
2054 (malloc_leak::describe_final_event): Handle ev.m_expr being NULL.
2055 (malloc_state_machine::on_stmt): Don't call get_readable_tree.
2056 Call get_diagnostic_tree when creating pending diagnostics.
2057 Update for is_zero_assignment becoming a member function of
2059 Don't transition to m_non_heap for ADDR_EXPR(MEM_REF()).
2060 (malloc_state_machine::reset_when_passed_to_unknown_fn_p): New
2061 vfunc implementation.
2062 * sm-sensitive.cc (sensitive_state_machine::warn_for_any_exposure): Call
2063 get_diagnostic_tree and pass the result to warn_for_state.
2064 * sm-signal.cc: Move includes of "analyzer/call-string.h" and
2065 "analyzer/program-point.h" to before "analyzer/region-model.h",
2066 and also include "analyzer/store.h" before it.
2067 (signal_unsafe_call::describe_state_change): Use
2068 get_dest_function to get handler.
2069 (update_model_for_signal_handler): Pass manager to region_model
2071 (register_signal_handler::impl_transition): Update for changes to
2072 get_or_create_node and add_edge.
2073 * sm-taint.cc (taint_state_machine::on_stmt): Remove calls to
2074 get_readable_tree, replacing them when calling warn_for_state with
2075 calls to get_diagnostic_tree.
2076 * sm.cc (is_zero_assignment): Delete.
2077 (any_pointer_p): Move to within namespace ana.
2078 * sm.h (is_zero_assignment): Remove decl.
2079 (any_pointer_p): Move decl to within namespace ana.
2080 (state_machine::get_default_state): New vfunc.
2081 (state_machine::reset_when_passed_to_unknown_fn_p): New vfunc.
2082 (sm_context::get_readable_tree): Rename to...
2083 (sm_context::get_diagnostic_tree): ...this.
2084 (sm_context::is_zero_assignment): New vfunc.
2085 * store.cc: New file.
2086 * store.h: New file.
2087 * svalue.cc: New file.
2089 2020-05-22 Mark Wielaard <mark@klomp.org>
2091 * sm-signal.cc(signal_unsafe_call::emit): Possibly add
2092 gcc_rich_location note for replacement.
2093 (signal_unsafe_call::get_replacement_fn): New private function.
2094 (get_async_signal_unsafe_fns): Add "exit".
2096 2020-04-28 David Malcolm <dmalcolm@redhat.com>
2099 * engine.cc (impl_region_model_context::on_unexpected_tree_code):
2101 * region-model.cc (region_model::add_region_for_type): Handle
2104 (test_region_model_context::on_unexpected_tree_code): Handle NULL
2107 2020-04-28 David Malcolm <dmalcolm@redhat.com>
2113 * analyzer.opt (Wanalyzer-use-of-uninitialized-value): Delete.
2114 * program-state.cc (selftest::test_program_state_dumping): Update
2115 expected dump result for removal of "uninit".
2116 * region-model.cc (poison_kind_to_str): Delete POISON_KIND_UNINIT
2118 (root_region::ensure_stack_region): Initialize stack with null
2119 svalue_id rather than with a typeless POISON_KIND_UNINIT value.
2120 (root_region::ensure_heap_region): Likewise for the heap.
2121 (region_model::dump_summary_of_rep_path_vars): Remove
2122 summarization of uninit values.
2123 (region_model::validate): Remove check that the stack has a
2124 POISON_KIND_UNINIT value.
2125 (poisoned_value_diagnostic::emit): Remove POISON_KIND_UNINIT
2127 (poisoned_value_diagnostic::describe_final_event): Likewise.
2128 (selftest::test_dump): Update expected dump result for removal of
2130 (selftest::test_svalue_equality): Remove "uninit" and "freed".
2131 * region-model.h (enum poison_kind): Remove POISON_KIND_UNINIT.
2133 2020-04-01 David Malcolm <dmalcolm@redhat.com>
2136 * checker-path.cc: Include "bitmap.h".
2137 * constraint-manager.cc: Likewise.
2138 * diagnostic-manager.cc: Likewise.
2139 * engine.cc: Likewise.
2140 (exploded_node::detect_leaks): Pass null region_id to pop_frame.
2141 * program-point.cc: Include "bitmap.h".
2142 * program-state.cc: Likewise.
2143 * region-model.cc (id_set<region_id>::id_set): Convert to...
2144 (region_id_set::region_id_set): ...this.
2145 (svalue_id_set::svalue_id_set): New ctor.
2146 (region_model::copy_region): New function.
2147 (region_model::copy_struct_region): New function.
2148 (region_model::copy_union_region): New function.
2149 (region_model::copy_array_region): New function.
2150 (stack_region::pop_frame): Drop return value. Add
2151 "result_dst_rid" param; if it is non-null, use copy_region to copy
2152 the result to it. Rather than capture and pass a single "known
2153 used" return value to be used by purge_unused_values, instead
2154 gather and pass a set of known used return values.
2155 (root_region::pop_frame): Drop return value. Add "result_dst_rid"
2157 (region_model::on_assignment): Use copy_region.
2158 (region_model::on_return): Likewise for the result.
2159 (region_model::on_longjmp): Pass null for pop_frame's
2161 (region_model::update_for_return_superedge): Pass the region for the
2162 return value of the call, if any, to pop_frame, rather than setting
2163 the lvalue for the lhs of the result.
2164 (region_model::pop_frame): Drop return value. Add
2165 "result_dst_rid" param.
2166 (region_model::purge_unused_svalues): Convert third param from an
2167 svalue_id * to an svalue_id_set *, updating the initial populating
2168 of the "used" bitmap accordingly. Don't remap it when done.
2169 (struct selftest::coord_test): New selftest fixture, extracted from...
2170 (selftest::test_dump_2): ...here.
2171 (selftest::test_compound_assignment): New selftest.
2172 (selftest::test_stack_frames): Pass null to new param of pop_frame.
2173 (selftest::analyzer_region_model_cc_tests): Call the new selftest.
2174 * region-model.h (class id_set): Delete template.
2175 (class region_id_set): Reimplement, using old id_set implementation.
2176 (class svalue_id_set): Likewise. Convert from auto_sbitmap to
2178 (region::get_active_view): New accessor.
2179 (stack_region::pop_frame): Drop return value. Add
2180 "result_dst_rid" param.
2181 (root_region::pop_frame): Likewise.
2182 (region_model::pop_frame): Likewise.
2183 (region_model::copy_region): New decl.
2184 (region_model::purge_unused_svalues): Convert third param from an
2185 svalue_id * to an svalue_id_set *.
2186 (region_model::copy_struct_region): New decl.
2187 (region_model::copy_union_region): New decl.
2188 (region_model::copy_array_region): New decl.
2190 2020-03-27 David Malcolm <dmalcolm@redhat.com>
2192 * program-state.cc (selftest::test_program_state_dumping): Update
2193 expected dump to include symbolic_region's possibly_null field.
2194 * region-model.cc (symbolic_region::print_fields): New vfunc
2196 (region_model::add_constraint): Clear m_possibly_null from
2197 symbolic_regions now known to be non-NULL.
2198 (selftest::test_malloc_constraints): New selftest.
2199 (selftest::analyzer_region_model_cc_tests): Call it.
2200 * region-model.h (region::dyn_cast_symbolic_region): Add non-const
2202 (symbolic_region::dyn_cast_symbolic_region): Implement it.
2203 (symbolic_region::print_fields): New vfunc override decl.
2205 2020-03-27 David Malcolm <dmalcolm@redhat.com>
2207 * analyzer.h (class feasibility_problem): New forward decl.
2208 * diagnostic-manager.cc (saved_diagnostic::saved_diagnostic):
2209 Initialize new fields m_status, m_epath_length, and m_problem.
2210 (saved_diagnostic::~saved_diagnostic): Delete m_problem.
2211 (dedupe_candidate::dedupe_candidate): Convert "sd" param from a
2212 const ref to a mutable ptr.
2213 (dedupe_winners::add): Convert "sd" param from a const ref to a
2214 mutable ptr. Record the length of the exploded_path. Record the
2215 feasibility/infeasibility of sd into sd, capturing a
2216 feasibility_problem when feasible_p fails, and storing it in sd.
2217 (diagnostic_manager::emit_saved_diagnostics): Update for pass by
2218 ptr rather than by const ref.
2219 * diagnostic-manager.h (class saved_diagnostic): Add new enum
2220 status. Add fields m_status, m_epath_length and m_problem.
2221 (saved_diagnostic::set_feasible): New member function.
2222 (saved_diagnostic::set_infeasible): New member function.
2223 (saved_diagnostic::get_feasibility_problem): New accessor.
2224 (saved_diagnostic::get_status): New accessor.
2225 (saved_diagnostic::set_epath_length): New member function.
2226 (saved_diagnostic::get_epath_length): New accessor.
2227 * engine.cc: Include "gimple-pretty-print.h".
2228 (exploded_path::feasible_p): Add OUT param and, if non-NULL, write
2229 a new feasibility_problem to it on failure.
2230 (viz_callgraph_node::dump_dot): Convert begin_tr calls to
2231 begin_trtd. Convert end_tr calls to end_tdtr.
2232 (class exploded_graph_annotator): New subclass of dot_annotator.
2233 (impl_run_checkers): Add a second -fdump-analyzer-supergraph dump
2234 after the analysis runs, using exploded_graph_annotator. dumping
2235 to DUMP_BASE_NAME.supergraph-eg.dot.
2236 * exploded-graph.h (exploded_node::get_dot_fillcolor): Make
2238 (exploded_path::feasible_p): Add OUT param.
2239 (class feasibility_problem): New class.
2240 * state-purge.cc (state_purge_annotator::add_node_annotations):
2241 Return a bool, add a "within_table" param.
2242 (print_vec_of_names): Convert begin_tr calls to begin_trtd.
2243 Convert end_tr calls to end_tdtr.
2244 (state_purge_annotator::add_stmt_annotations): Add "within_row"
2246 * state-purge.h ((state_purge_annotator::add_node_annotations):
2247 Return a bool, add a "within_table" param.
2248 (state_purge_annotator::add_stmt_annotations): Add "within_row"
2250 * supergraph.cc (supernode::dump_dot): Call add_node_annotations
2251 twice: as before, passing false for "within_table", then again
2252 with true when within the TABLE element. Convert some begin_tr
2253 calls to begin_trtd, and some end_tr calls to end_tdtr.
2254 Repeat each add_stmt_annotations call, distinguishing between
2255 calls that add TRs and those that add TDs to an existing TR.
2256 Add a call to add_after_node_annotations.
2257 * supergraph.h (dot_annotator::add_node_annotations): Add a
2258 "within_table" param.
2259 (dot_annotator::add_stmt_annotations): Add a "within_row" param.
2260 (dot_annotator::add_after_node_annotations): New vfunc.
2262 2020-03-27 David Malcolm <dmalcolm@redhat.com>
2264 * diagnostic-manager.cc (dedupe_winners::add): Show the
2265 exploded_node index in the log messages.
2266 (diagnostic_manager::emit_saved_diagnostics): Log a summary of
2267 m_saved_diagnostics at entry.
2269 2020-03-27 David Malcolm <dmalcolm@redhat.com>
2271 * supergraph.cc (superedge::dump): Add space before description;
2272 move newline to non-pretty_printer overload.
2274 2020-03-18 David Malcolm <dmalcolm@redhat.com>
2276 * region-model.cc: Include "stor-layout.h".
2277 (region_model::dump_to_pp): Rather than calling
2278 dump_summary_of_map on each of the current frame and the globals,
2279 instead get a vec of representative path_vars for all regions,
2280 and then dump a summary of all of them.
2281 (region_model::dump_summary_of_map): Delete, rewriting into...
2282 (region_model::dump_summary_of_rep_path_vars): ...this new
2283 function, working on a vec of path_vars.
2284 (region_model::set_value): New overload.
2285 (region_model::get_representative_path_var): Rename
2286 "parent_region" local to "parent_reg" and consolidate with other
2287 local. Guard test for grandparent being stack on parent_reg being
2288 non-NULL. Move handling for parent being an array_region to
2289 within guard for parent_reg being non-NULL.
2290 (selftest::make_test_compound_type): New function.
2291 (selftest::test_dump_2): New selftest.
2292 (selftest::test_dump_3): New selftest.
2293 (selftest::test_stack_frames): Update expected output from
2294 simplified dump to show "a" and "b" from parent frame and "y" in
2296 (selftest::analyzer_region_model_cc_tests): Call test_dump_2 and
2298 * region-model.h (region_model::set_value): New overload decl.
2299 (region_model::dump_summary_of_map): Delete.
2300 (region_model::dump_summary_of_rep_path_vars): New.
2302 2020-03-18 David Malcolm <dmalcolm@redhat.com>
2304 * region-model.h (class noop_region_model_context): New subclass
2305 of region_model_context.
2306 (class tentative_region_model_context): Inherit from
2307 noop_region_model_context rather than from region_model_context;
2308 drop redundant vfunc implementations.
2309 (class test_region_model_context): Likewise.
2311 2020-03-18 David Malcolm <dmalcolm@redhat.com>
2313 * engine.cc (exploded_node::exploded_node): Move implementation
2314 here from header; accept point_and_state by const reference rather
2316 * exploded-graph.h (exploded_node::exploded_node): Pass
2317 point_and_state by const reference rather than by value. Move
2320 2020-03-18 Jakub Jelinek <jakub@redhat.com>
2322 * sm-malloc.cc (malloc_state_machine::on_stmt): Fix up duplicated word
2324 * region-model.cc (region_model::make_region_for_unexpected_tree_code,
2325 region_model::delete_region_and_descendents): Likewise.
2326 * engine.cc (class exploded_cluster): Likewise.
2327 * diagnostic-manager.cc (class path_builder): Likewise.
2329 2020-03-13 David Malcolm <dmalcolm@redhat.com>
2333 * diagnostic-manager.cc (for_each_state_change): Bulletproof
2334 against errors in get_rvalue by passing a
2335 tentative_region_model_context and rejecting if there's an error.
2336 * region-model.cc (region_model::get_lvalue_1): When handling
2337 ARRAY_REF, handle results of error-handling. Handle NOP_EXPR.
2339 2020-03-06 David Malcolm <dmalcolm@redhat.com>
2341 * analyzer.h (class array_region): New forward decl.
2342 * program-state.cc (selftest::test_program_state_dumping_2): New.
2343 (selftest::analyzer_program_state_cc_tests): Call it.
2344 * region-model.cc (array_region::constant_from_key): New.
2345 (region_model::get_representative_tree): Handle region_svalue by
2346 generating an ADDR_EXPR.
2347 (region_model::get_representative_path_var): In view handling,
2348 remove erroneous TREE_TYPE when determining the type of the tree.
2349 Handle array regions and STRING_CST.
2350 (selftest::assert_dump_tree_eq): New.
2351 (ASSERT_DUMP_TREE_EQ): New macro.
2352 (selftest::test_get_representative_tree): New selftest.
2353 (selftest::analyzer_region_model_cc_tests): Call it.
2354 * region-model.h (region::dyn_cast_array_region): New vfunc.
2355 (array_region::dyn_cast_array_region): New vfunc implementation.
2356 (array_region::constant_from_key): New decl.
2358 2020-03-06 David Malcolm <dmalcolm@redhat.com>
2360 * analyzer.h (dump_quoted_tree): New decl.
2361 * engine.cc (exploded_node::dump_dot): Pass region model to
2362 sm_state_map::print.
2363 * program-state.cc: Include diagnostic-core.h.
2364 (sm_state_map::print): Add "model" param and use it to print
2365 representative trees. Only print origin information if non-null.
2366 (sm_state_map::dump): Pass NULL for model to print call.
2367 (program_state::print): Pass region model to sm_state_map::print.
2368 (program_state::dump_to_pp): Use spaces rather than newlines when
2369 summarizing. Pass region_model to sm_state_map::print.
2370 (ana::selftest::assert_dump_eq): New function.
2371 (ASSERT_DUMP_EQ): New macro.
2372 (ana::selftest::test_program_state_dumping): New function.
2373 (ana::selftest::analyzer_program_state_cc_tests): Call it.
2374 * program-state.h (program_state::print): Add model param.
2375 * region-model.cc (dump_quoted_tree): New function.
2376 (map_region::print_fields): Use dump_quoted_tree rather than
2377 %qE to avoid lang-dependent output.
2378 (map_region::dump_child_label): Likewise.
2379 (region_model::dump_summary_of_map): For SK_REGION, when
2380 get_representative_path_var fails, print the region id rather than
2381 erroneously printing NULL.
2382 * sm.cc (state_machine::get_state_by_name): New function.
2383 * sm.h (state_machine::get_state_by_name): New decl.
2385 2020-03-04 David Malcolm <dmalcolm@redhat.com>
2387 * region-model.cc (region::validate): Convert model param from ptr
2388 to reference. Update comment to reflect that it's now a vfunc.
2389 (map_region::validate): New vfunc implementation.
2390 (array_region::validate): New vfunc implementation.
2391 (stack_region::validate): New vfunc implementation.
2392 (root_region::validate): New vfunc implementation.
2393 (region_model::validate): Pass a reference rather than a pointer
2394 to the region::validate vfunc.
2395 * region-model.h (region::validate): Make virtual. Convert model
2396 param from ptr to reference.
2397 (map_region::validate): New vfunc decl.
2398 (array_region::validate): New vfunc decl.
2399 (stack_region::validate): New vfunc decl.
2400 (root_region::validate): New vfunc decl.
2402 2020-03-04 David Malcolm <dmalcolm@redhat.com>
2405 * region-model.cc (region_model::on_call_pre): Handle
2406 BUILT_IN_EXPECT and its variants.
2407 (region_model::add_any_constraints_from_ssa_def_stmt): Split out
2408 gassign handling into add_any_constraints_from_gassign; add gcall
2410 (region_model::add_any_constraints_from_gassign): New function,
2411 based on the above. Add handling for NOP_EXPR.
2412 (region_model::add_any_constraints_from_gcall): New function.
2413 (region_model::get_representative_path_var): Handle views.
2415 (region_model::add_any_constraints_from_ssa_def_stmt): New decl.
2416 (region_model::add_any_constraints_from_gassign): New decl.
2418 2020-03-04 David Malcolm <dmalcolm@redhat.com>
2421 * checker-path.h (state_change_event::get_lvalue): Add ctxt param
2422 and pass it to region_model::get_value call.
2423 * diagnostic-manager.cc (get_any_origin): Pass a
2424 tentative_region_model_context to the calls to get_lvalue and reject
2425 the comparison if errors occur.
2426 (can_be_expr_of_interest_p): New function.
2427 (diagnostic_manager::prune_for_sm_diagnostic): Replace checks for
2428 CONSTANT_CLASS_P with calls to update_for_unsuitable_sm_exprs.
2429 Pass a tentative_region_model_context to the calls to
2430 state_change_event::get_lvalue and reject the comparison if errors
2432 (diagnostic_manager::update_for_unsuitable_sm_exprs): New.
2433 * diagnostic-manager.h
2434 (diagnostic_manager::update_for_unsuitable_sm_exprs): New decl.
2435 * region-model.h (class tentative_region_model_context): New class.
2437 2020-03-04 David Malcolm <dmalcolm@redhat.com>
2439 * engine.cc (worklist::worklist): Remove unused field m_eg.
2440 (class viz_callgraph_edge): Remove unused field m_call_sedge.
2441 (class viz_callgraph): Remove unused field m_sg.
2442 * exploded-graph.h (worklist::::m_eg): Remove unused field.
2444 2020-03-02 David Malcolm <dmalcolm@redhat.com>
2446 * analyzer.opt (fanalyzer-show-duplicate-count): New option.
2447 * diagnostic-manager.cc
2448 (diagnostic_manager::emit_saved_diagnostic): Use the above to
2449 guard the printing of the duplicate count.
2451 2020-03-02 David Malcolm <dmalcolm@redhat.com>
2454 * analyzer.cc (is_std_function_p): New function.
2455 (is_std_named_call_p): New functions.
2456 * analyzer.h (is_std_named_call_p): New decl.
2457 * sm-malloc.cc (malloc_state_machine::on_stmt): Check for "std::"
2458 variants when checking for malloc, calloc and free.
2460 2020-02-26 David Malcolm <dmalcolm@redhat.com>
2463 * diagnostic-manager.cc
2464 (diagnostic_manager::prune_for_sm_diagnostic): Assert that var is
2465 either NULL or not a constant. When updating var, bulletproof
2466 against constant values.
2468 2020-02-26 David Malcolm <dmalcolm@redhat.com>
2471 * region-model.cc (region_model::get_fndecl_for_call): Gracefully
2472 fail for fn_decls that don't have a cgraph_node.
2474 2020-02-26 David Malcolm <dmalcolm@redhat.com>
2476 * bar-chart.cc: New file.
2477 * bar-chart.h: New file.
2478 * engine.cc: Include "analyzer/bar-chart.h".
2479 (stats::log): Only log the m_num_nodes kinds that are non-zero.
2480 (stats::dump): Likewise when dumping.
2481 (stats::get_total_enodes): New.
2482 (exploded_graph::get_or_create_node): Increment the per-point-data
2483 m_excess_enodes when hitting the per-program-point limit on
2485 (exploded_graph::print_bar_charts): New.
2486 (exploded_graph::log_stats): Log the number of unprocessed enodes
2487 in the worklist. Call print_bar_charts.
2488 (exploded_graph::dump_stats): Print the number of unprocessed
2489 enodes in the worklist.
2490 * exploded-graph.h (stats::get_total_enodes): New decl.
2491 (struct per_program_point_data): Add field m_excess_enodes.
2492 (exploded_graph::print_bar_charts): New decl.
2493 * supergraph.cc (superedge::dump): New.
2494 (superedge::dump): New.
2495 * supergraph.h (supernode::get_function): New.
2496 (superedge::dump): New decl.
2497 (superedge::dump): New decl.
2499 2020-02-24 David Malcolm <dmalcolm@redhat.com>
2501 * engine.cc (exploded_graph::get_or_create_node): Dump the
2502 program_state to the pp, rather than to stderr.
2504 2020-02-24 David Malcolm <dmalcolm@redhat.com>
2507 * sm.cc (make_checkers): Require the "taint" checker to be
2510 2020-02-24 David Malcolm <dmalcolm@redhat.com>
2514 (impl_region_model_context::impl_region_model_context): Add logger
2516 * engine.cc (exploded_graph::add_function_entry): Create an
2517 impl_region_model_context and pass it to the push_frame call.
2518 Bail if the resulting state is invalid.
2519 (exploded_graph::build_initial_worklist): Likewise.
2520 (exploded_graph::build_initial_worklist): Handle the case where
2521 add_function_entry fails.
2523 (impl_region_model_context::impl_region_model_context): Add logger
2525 * region-model.cc (map_region::get_or_create): Add ctxt param and
2526 pass it to add_region_for_type.
2527 (map_region::can_merge_p): Pass NULL as a ctxt to call to
2529 (array_region::get_element): Pass ctxt to call to get_or_create.
2530 (array_region::get_or_create): Add ctxt param and pass it to
2531 add_region_for_type.
2532 (root_region::push_frame): Pass ctxt to get_or_create calls.
2533 (region_model::get_lvalue_1): Likewise.
2534 (region_model::make_region_for_unexpected_tree_code): Assert that
2536 (region_model::get_rvalue_1): Pass ctxt to get_svalue_for_fndecl
2537 and get_svalue_for_label calls.
2538 (region_model::get_svalue_for_fndecl): Add ctxt param and pass it
2539 to get_region_for_fndecl.
2540 (region_model::get_region_for_fndecl): Add ctxt param and pass it
2542 (region_model::get_svalue_for_label): Add ctxt param and pass it
2543 to get_region_for_label.
2544 (region_model::get_region_for_label): Add ctxt param and pass it
2545 to get_region_for_fndecl and get_or_create.
2546 (region_model::get_field_region): Add ctxt param and pass it to
2547 get_or_create_view and get_or_create.
2548 (make_region_for_type): Replace gcc_unreachable with return NULL.
2549 (region_model::add_region_for_type): Add ctxt param. Handle a
2550 return of NULL from make_region_for_type by calling
2551 make_region_for_unexpected_tree_code.
2552 (region_model::get_or_create_mem_ref): Pass ctxt to calls to
2554 (region_model::get_or_create_view): Add ctxt param and pass it to
2555 add_region_for_type.
2556 (selftest::test_state_merging): Pass ctxt to get_or_create_view.
2557 * region-model.h (region_model::get_or_create): Add ctxt param.
2558 (region_model::add_region_for_type): Likewise.
2559 (region_model::get_svalue_for_fndecl): Likewise.
2560 (region_model::get_svalue_for_label): Likewise.
2561 (region_model::get_region_for_fndecl): Likewise.
2562 (region_model::get_region_for_label): Likewise.
2563 (region_model::get_field_region): Likewise.
2564 (region_model::get_or_create_view): Likewise.
2566 2020-02-24 David Malcolm <dmalcolm@redhat.com>
2568 * checker-path.cc (superedge_event::should_filter_p): Update
2569 filter for empty descriptions to cover verbosity level 3 as well
2571 * diagnostic-manager.cc: Include "analyzer/reachability.h".
2572 (class path_builder): New class.
2573 (diagnostic_manager::emit_saved_diagnostic): Create a path_builder
2574 and pass it to build_emission_path, rather passing eg; similarly
2575 for add_events_for_eedge and ext_state.
2576 (diagnostic_manager::build_emission_path): Replace "eg" param
2577 with a path_builder, pass it to add_events_for_eedge.
2578 (diagnostic_manager::add_events_for_eedge): Replace ext_state
2579 param with path_builder; pass it to add_events_for_superedge.
2580 (diagnostic_manager::significant_edge_p): New.
2581 (diagnostic_manager::add_events_for_superedge): Add path_builder
2582 param. Reject insignificant edges at verbosity levels below 3.
2583 (diagnostic_manager::prune_for_sm_diagnostic): Update highest
2584 verbosity level to 4.
2585 * diagnostic-manager.h (class path_builder): New forward decl.
2586 (diagnostic_manager::build_emission_path): Replace "eg" param
2587 with a path_builder.
2588 (diagnostic_manager::add_events_for_eedge): Replace ext_state
2589 param with path_builder.
2590 (diagnostic_manager::significant_edge_p): New.
2591 (diagnostic_manager::add_events_for_superedge): Add path_builder
2593 * reachability.h: New file.
2595 2020-02-18 David Malcolm <dmalcolm@redhat.com>
2598 * analyzer.opt (fdump-analyzer-callgraph): Rewrite description.
2600 2020-02-18 David Malcolm <dmalcolm@redhat.com>
2603 * region-model.cc (region_model::maybe_cast_1): Replace assertion
2604 that build_cast returns non-NULL with a conditional, falling
2605 through to the logic which returns a new unknown value of the
2606 desired type if it fails.
2608 2020-02-18 David Malcolm <dmalcolm@redhat.com>
2611 * engine.cc (impl_region_model_context::on_unknown_tree_code):
2613 (impl_region_model_context::on_unexpected_tree_code): ...this and
2614 convert first argument from path_var to tree.
2615 (exploded_node::on_stmt): Pass ctxt to purge_for_unknown_fncall.
2616 * exploded-graph.h (region_model_context::on_unknown_tree_code):
2618 (region_model_context::on_unexpected_tree_code): ...this and
2619 convert first argument from path_var to tree.
2620 * program-state.cc (sm_state_map::purge_for_unknown_fncall): Add
2621 ctxt param and pass on to calls to get_rvalue.
2622 * program-state.h (sm_state_map::purge_for_unknown_fncall): Add
2624 * region-model.cc (region_model::handle_unrecognized_call): Pass
2625 ctxt on to call to get_rvalue.
2626 (region_model::get_lvalue_1): Move body of default case to
2627 region_model::make_region_for_unexpected_tree_code and call it.
2628 Within COMPONENT_REF case, reject attempts to handle types other
2629 than RECORD_TYPE and UNION_TYPE.
2630 (region_model::make_region_for_unexpected_tree_code): New
2631 function, based on default case of region_model::get_lvalue_1.
2633 (region_model::make_region_for_unexpected_tree_code): New decl.
2634 (region_model::on_unknown_tree_code): Rename to...
2635 (region_model::on_unexpected_tree_code): ...this and convert first
2636 argument from path_var to tree.
2637 (class test_region_model_context): Update vfunc implementation for
2640 2020-02-18 David Malcolm <dmalcolm@redhat.com>
2644 (region_model::convert_byte_offset_to_array_index): Use
2645 int_size_in_bytes before calling size_in_bytes, to gracefully fail
2646 on incomplete types.
2648 2020-02-17 David Malcolm <dmalcolm@redhat.com>
2651 * region-model.cc (region_model::get_fndecl_for_call): Handle the
2652 case where the code_region's get_tree_for_child_region returns
2655 2020-02-17 David Malcolm <dmalcolm@redhat.com>
2658 * engine.cc (impl_region_model_context::on_unknown_tree_code):
2660 (exploded_graph::get_or_create_node): Reject invalid states.
2662 (impl_region_model_context::on_unknown_tree_code): New decl.
2663 (point_and_state::point_and_state): Assert that the state is
2665 * program-state.cc (program_state::program_state): Initialize
2667 (program_state::operator=): Copy m_valid.
2668 (program_state::program_state): Likewise for move constructor.
2669 (program_state::print): Print m_valid.
2670 (program_state::dump_to_pp): Likewise.
2671 * program-state.h (program_state::m_valid): New field.
2672 * region-model.cc (region_model::get_lvalue_1): Implement the
2673 default case by returning a new symbolic region and calling
2674 the context's on_unknown_tree_code, rather than issuing an
2675 internal_error. Implement VIEW_CONVERT_EXPR.
2676 * region-model.h (region_model_context::on_unknown_tree_code): New
2678 (test_region_model_context::on_unknown_tree_code): New.
2680 2020-02-17 David Malcolm <dmalcolm@redhat.com>
2682 * sm-malloc.cc (malloc_diagnostic::describe_state_change): For
2683 transition to the "null" state, only say "assuming" when
2684 transitioning from the "unchecked" state.
2686 2020-02-17 David Malcolm <dmalcolm@redhat.com>
2688 * diagnostic-manager.h (diagnostic_manager::get_saved_diagnostic):
2690 * engine.cc (exploded_node::dump_dot): Dump saved_diagnostics.
2691 * exploded-graph.h (exploded_graph::get_diagnostic_manager): Add
2694 2020-02-11 David Malcolm <dmalcolm@redhat.com>
2697 * analysis-plan.cc (analysis_plan::use_summary_p): Look through
2698 the ultimate_alias_target when getting the called function.
2699 * engine.cc (exploded_node::on_stmt): Rename second "ctxt" to
2700 "sm_ctxt". Use the region_model's get_fndecl_for_call rather than
2702 * region-model.cc (region_model::get_fndecl_for_call): Use
2703 ultimate_alias_target on fndecl.
2704 * supergraph.cc (get_ultimate_function_for_cgraph_edge): New
2706 (supergraph_call_edge): Use it when rejecting edges without
2708 (supergraph::supergraph): Use it to get the function for the
2709 cgraph_edge when building interprocedural superedges.
2710 (callgraph_superedge::get_callee_function): Use it.
2711 * supergraph.h (supergraph::get_num_snodes): Make param const.
2712 (supergraph::function_to_num_snodes_t): Make first type param
2715 2020-02-11 David Malcolm <dmalcolm@redhat.com>
2718 * engine.cc (exploded_edge::exploded_edge): Add ext_state param
2719 and pass it to change.validate.
2720 (exploded_graph::get_or_create_node): Move purging of change
2721 svalues to also cover the case of reusing an existing enode.
2722 (exploded_graph::add_edge): Pass m_ext_state to exploded_edge's
2724 * exploded-graph.h (exploded_edge::exploded_edge): Add ext_state
2726 * program-state.cc (state_change::sm_change::validate): Likewise.
2727 Assert that m_sm_idx is sane. Use ext_state to validate
2728 m_old_state and m_new_state.
2729 (state_change::validate): Add ext_state param and pass it to
2730 the sm_change validate calls.
2731 * program-state.h (state_change::sm_change::validate): Add
2733 (state_change::validate): Likewise.
2735 2020-02-11 David Malcolm <dmalcolm@redhat.com>
2738 * engine.cc (exploded_graph::dump_exploded_nodes): Handle missing
2739 case of STATUS_WORKLIST in implementation of
2740 "__analyzer_dump_exploded_nodes".
2742 2020-02-11 David Malcolm <dmalcolm@redhat.com>
2745 * constraint-manager.cc (constraint_manager::add_constraint): When
2746 merging equivalence classes and updating m_constant, also update
2748 (constraint_manager::validate): If m_constant is non-NULL assert
2749 that m_cst_sid is non-null and is valid.
2751 2020-02-11 David Malcolm <dmalcolm@redhat.com>
2754 * analyzer.opt (fdump-analyzer): Reword description.
2755 (fdump-analyzer-stderr): Likewise.
2757 2020-02-11 David Malcolm <dmalcolm@redhat.com>
2759 * region-model.cc (print_quoted_type): New function.
2760 (svalue::print): Use it to replace %qT.
2761 (region::dump_to_pp): Likewise.
2762 (region::dump_child_label): Likewise.
2763 (region::print_fields): Likewise.
2765 2020-02-10 David Malcolm <dmalcolm@redhat.com>
2768 * analyzer.opt (-param=analyzer-max-recursion-depth=): Fix "tha"
2770 (Wanalyzer-use-of-uninitialized-value): Fix "initialized" ->
2771 "uninitialized" typo.
2773 2020-02-10 David Malcolm <dmalcolm@redhat.com>
2776 * region-model.cc (region_model::get_lvalue_1):
2777 Handle BIT_FIELD_REF.
2778 (make_region_for_type): Handle VECTOR_TYPE.
2780 2020-02-10 David Malcolm <dmalcolm@redhat.com>
2783 * diagnostic-manager.cc
2784 (diagnostic_manager::prune_for_sm_diagnostic): Bulletproof against
2786 * region-model.cc (region_model::get_lvalue_1): Provide a better
2787 error message when encountering an unhandled tree code.
2789 2020-02-10 David Malcolm <dmalcolm@redhat.com>
2792 * region-model.cc (region_model::get_lvalue_1): Implement
2795 2020-02-06 David Malcolm <dmalcolm@redhat.com>
2797 * region-model.cc (region_model::maybe_cast_1): Attempt to provide
2798 a region_svalue if either type is a pointer, rather than if both
2801 2020-02-05 David Malcolm <dmalcolm@redhat.com>
2803 * engine.cc (exploded_node::dump_dot): Show merger enodes.
2804 (worklist::add_node): Assert that the node's m_status is
2806 (exploded_graph::process_worklist): Likewise for nodes from the
2807 worklist. Set status of merged nodes to STATUS_MERGER.
2808 (exploded_graph::process_node): Set status of node to
2810 (exploded_graph::dump_exploded_nodes): Rework handling of
2811 "__analyzer_dump_exploded_nodes", splitting enodes by status into
2812 "processed" and "merger", showing the count of just the processed
2813 enodes at the call, rather than the count of all enodes.
2814 * exploded-graph.h (exploded_node::status): New enum.
2815 (exploded_node::exploded_node): Initialize m_status to
2817 (exploded_node::get_status): New getter.
2818 (exploded_node::set_status): New setter.
2820 2020-02-04 David Malcolm <dmalcolm@redhat.com>
2823 * engine.cc (pod_hash_traits<function_call_string>::mark_empty):
2824 Eliminate reinterpret_cast.
2825 (pod_hash_traits<function_call_string>::is_empty): Likewise.
2827 2020-02-03 David Malcolm <dmalcolm@redhat.com>
2829 * constraint-manager.cc (range::constrained_to_single_element):
2830 Replace fold_build2 with fold_binary. Remove unnecessary newline.
2831 (constraint_manager::get_or_add_equiv_class): Replace fold_build2
2832 with fold_binary in two places, and remove out-of-date comment.
2833 (constraint_manager::eval_condition): Replace fold_build2 with
2835 * region-model.cc (constant_svalue::eval_condition): Likewise.
2836 (region_model::on_assignment): Likewise.
2838 2020-02-03 David Malcolm <dmalcolm@redhat.com>
2841 * diagnostic-manager.cc
2842 (diagnostic_manager::prune_for_sm_diagnostic): Bulletproof
2843 against bad choices due to bad paths.
2844 * engine.cc (impl_region_model_context::on_phi): New.
2845 * exploded-graph.h (impl_region_model_context::on_phi): New decl.
2846 * region-model.cc (region_model::on_longjmp): Likewise.
2847 (region_model::handle_phi): Add phi param. Call the ctxt's on_phi
2849 (region_model::update_for_phis): Pass phi to handle_phi.
2850 * region-model.h (region_model::handle_phi): Add phi param.
2851 (region_model_context::on_phi): New vfunc.
2852 (test_region_model_context::on_phi): New.
2853 * sm-malloc.cc (malloc_state_machine::on_phi): New.
2854 (malloc_state_machine::on_zero_assignment): New.
2855 * sm.h (state_machine::on_phi): New vfunc.
2857 2020-02-03 David Malcolm <dmalcolm@redhat.com>
2859 * engine.cc (supernode_cluster::dump_dot): Show BB index as
2861 * supergraph.cc (supernode::dump_dot): Likewise.
2863 2020-02-03 David Malcolm <dmalcolm@redhat.com>
2866 * region-model.cc (region_model::on_call_pre): Update for new
2867 param of symbolic_region ctor.
2868 (region_model::deref_rvalue): Likewise.
2869 (region_model::add_new_malloc_region): Likewise.
2870 (make_region_for_type): Likewise, preserving type.
2871 * region-model.h (symbolic_region::symbolic_region): Add "type"
2872 param and pass it to base class ctor.
2874 2020-02-03 David Malcolm <dmalcolm@redhat.com>
2877 * constraint-manager.cc
2878 (constraint_manager::get_or_add_equiv_class): Ensure types are
2879 compatible before comparing constants.
2881 2020-01-31 David Malcolm <dmalcolm@redhat.com>
2884 * region-model.cc (make_region_for_type): Use VOID_TYPE_P rather
2885 than checking against void_type_node.
2887 2020-01-31 David Malcolm <dmalcolm@redhat.com>
2890 * region-model.cc (ASSERT_COMPAT_TYPES): Convert to...
2891 (assert_compat_types): ...this, and bail when either type is NULL,
2892 or when VOID_TYPE_P (dst_type).
2893 (region_model::get_lvalue): Update for above conversion.
2894 (region_model::get_rvalue): Likewise.
2896 2020-01-31 David Malcolm <dmalcolm@redhat.com>
2899 * region-model.cc (region_model::update_for_return_superedge):
2900 Move check for null result so that it also guards setting the
2903 2020-01-31 David Malcolm <dmalcolm@redhat.com>
2906 * region-model.cc (stack_region::can_merge_p): Split into a two
2907 pass approach, creating all stack regions first, then populating
2909 (selftest::test_state_merging): Add test coverage for (a) the case
2910 of self-merging a model in which a local in an older stack frame
2911 points to a local in a more recent stack frame (which previously
2912 would ICE), and (b) the case of self-merging a model in which a
2913 local points to a global (which previously worked OK).
2915 2020-01-31 David Malcolm <dmalcolm@redhat.com>
2917 * analyzer.cc (is_named_call_p): Replace tests for fndecl being
2918 extern at file scope and having a non-NULL DECL_NAME with a call
2919 to maybe_special_function_p.
2920 * function-set.cc (function_set::contains_decl_p): Add call to
2921 maybe_special_function_p.
2923 2020-01-31 David Malcolm <dmalcolm@redhat.com>
2926 * constraint-manager.cc
2927 (constraint_manager::get_or_add_equiv_class): Only compare constants
2928 if their types are compatible.
2929 * region-model.cc (constant_svalue::eval_condition): Replace check
2930 for identical types with call to types_compatible_p.
2932 2020-01-30 David Malcolm <dmalcolm@redhat.com>
2934 * program-state.cc (extrinsic_state::dump_to_pp): New.
2935 (extrinsic_state::dump_to_file): New.
2936 (extrinsic_state::dump): New.
2937 * program-state.h (extrinsic_state::dump_to_pp): New decl.
2938 (extrinsic_state::dump_to_file): New decl.
2939 (extrinsic_state::dump): New decl.
2940 * sm.cc: Include "pretty-print.h".
2941 (state_machine::dump_to_pp): New.
2942 * sm.h (state_machine::dump_to_pp): New decl.
2944 2020-01-30 David Malcolm <dmalcolm@redhat.com>
2946 * diagnostic-manager.cc (for_each_state_change): Use
2947 extrinsic_state::get_num_checkers rather than accessing m_checkers
2949 * program-state.cc (program_state::program_state): Likewise.
2950 * program-state.h (extrinsic_state::m_checkers): Make private.
2952 2020-01-30 David Malcolm <dmalcolm@redhat.com>
2955 * region-model.cc (region_model::eval_condition): In both
2956 overloads, bail out immediately on floating-point types.
2957 (region_model::eval_condition_without_cm): Likewise.
2958 (region_model::add_constraint): Likewise.
2960 2020-01-30 David Malcolm <dmalcolm@redhat.com>
2963 * program-state.cc (sm_state_map::set_state): For the overload
2964 taking an svalue_id, bail out if the set_state on the ec does
2965 nothing. Convert the latter's return type from void to bool,
2966 returning true if anything changed.
2967 (sm_state_map::impl_set_state): Convert the return type from void
2968 to bool, returning true if the state changed.
2969 * program-state.h (sm_state_map::set_state): Convert return type
2971 (sm_state_map::impl_set_state): Likewise.
2972 * region-model.cc (constant_svalue::eval_condition): Only call
2973 fold_build2 if the types are the same.
2975 2020-01-29 Jakub Jelinek <jakub@redhat.com>
2977 * analyzer.h (PUSH_IGNORE_WFORMAT, POP_IGNORE_WFORMAT): Remove.
2978 * constraint-manager.cc: Include diagnostic-core.h before graphviz.h.
2979 (range::dump, equiv_class::print): Don't use PUSH_IGNORE_WFORMAT or
2981 * state-purge.cc: Include diagnostic-core.h before
2982 gimple-pretty-print.h.
2983 (state_purge_annotator::add_node_annotations, print_vec_of_names):
2984 Don't use PUSH_IGNORE_WFORMAT or POP_IGNORE_WFORMAT.
2985 * region-model.cc: Move diagnostic-core.h include before graphviz.h.
2986 (path_var::dump, svalue::print, constant_svalue::print_details,
2987 region::dump_to_pp, region::dump_child_label, region::print_fields,
2988 map_region::print_fields, map_region::dump_dot_to_pp,
2989 map_region::dump_child_label, array_region::print_fields,
2990 array_region::dump_dot_to_pp): Don't use PUSH_IGNORE_WFORMAT or
2993 2020-01-28 David Malcolm <dmalcolm@redhat.com>
2996 * engine.cc (rewind_info_t::update_model): Get the longjmp call
2997 stmt via get_longjmp_call () rather than assuming it is the last
2998 stmt in the longjmp's supernode.
2999 (rewind_info_t::add_events_to_path): Get the location_t for the
3000 rewind_from_longjmp_event via get_longjmp_call () rather than from
3001 the supernode's get_end_location ().
3003 2020-01-28 David Malcolm <dmalcolm@redhat.com>
3005 * region-model.cc (poisoned_value_diagnostic::emit): Update for
3006 renaming of warning_at overload to warning_meta.
3007 * sm-file.cc (file_leak::emit): Likewise.
3008 * sm-malloc.cc (double_free::emit): Likewise.
3009 (possible_null_deref::emit): Likewise.
3010 (possible_null_arg::emit): Likewise.
3011 (null_deref::emit): Likewise.
3012 (null_arg::emit): Likewise.
3013 (use_after_free::emit): Likewise.
3014 (malloc_leak::emit): Likewise.
3015 (free_of_non_heap::emit): Likewise.
3016 * sm-sensitive.cc (exposure_through_output_file::emit): Likewise.
3017 * sm-signal.cc (signal_unsafe_call::emit): Likewise.
3018 * sm-taint.cc (tainted_array_index::emit): Likewise.
3020 2020-01-27 David Malcolm <dmalcolm@redhat.com>
3023 * region-model.cc (tree_cmp): For the REAL_CST case, impose an
3024 arbitrary order on NaNs relative to other NaNs and to non-NaNs;
3025 const-correctness tweak.
3026 (ana::selftests::build_real_cst_from_string): New function.
3027 (ana::selftests::append_interesting_constants): New function.
3028 (ana::selftests::test_tree_cmp_on_constants): New test.
3029 (ana::selftests::test_canonicalization_4): New test.
3030 (ana::selftests::analyzer_region_model_cc_tests): Call the new
3033 2020-01-27 David Malcolm <dmalcolm@redhat.com>
3036 * engine.cc (run_checkers): Save and restore input_location.
3038 2020-01-27 David Malcolm <dmalcolm@redhat.com>
3040 * call-string.cc (call_string::cmp_1): Delete, moving body to...
3041 (call_string::cmp): ...here.
3042 * call-string.h (call_string::cmp_1): Delete decl.
3043 * engine.cc (worklist::key_t::cmp_1): Delete, moving body to...
3044 (worklist::key_t::cmp): ...here. Implement hash comparisons
3045 via comparison rather than subtraction to avoid overflow issues.
3046 * exploded-graph.h (worklist::key_t::cmp_1): Delete decl.
3047 * region-model.cc (tree_cmp): Eliminate buggy checking for
3050 2020-01-27 David Malcolm <dmalcolm@redhat.com>
3052 * analyzer.cc (is_named_call_p): Check that fndecl is "extern"
3053 and at file scope. Potentially disregard prefix _ or __ in
3054 fndecl's name. Bail if the identifier is NULL.
3055 (is_setjmp_call_p): Expect a gcall rather than plain gimple.
3056 Remove special-case check for leading prefix, and also check for
3058 (is_longjmp_call_p): Also check for siglongjmp.
3059 (get_user_facing_name): New function.
3060 * analyzer.h (is_setjmp_call_p): Expect a gcall rather than plain
3062 (get_user_facing_name): New decl.
3063 * checker-path.cc (setjmp_event::get_desc): Use
3064 get_user_facing_name to avoid hardcoding the function name.
3065 (rewind_event::rewind_event): Add rewind_info param, using it to
3066 initialize new m_rewind_info field, and strengthen the assertion.
3067 (rewind_from_longjmp_event::get_desc): Use get_user_facing_name to
3068 avoid hardcoding the function name.
3069 (rewind_to_setjmp_event::get_desc): Likewise.
3070 * checker-path.h (setjmp_event::setjmp_event): Add setjmp_call
3071 param and use it to initialize...
3072 (setjmp_event::m_setjmp_call): New field.
3073 (rewind_event::rewind_event): Add rewind_info param.
3074 (rewind_event::m_rewind_info): New protected field.
3075 (rewind_from_longjmp_event::rewind_from_longjmp_event): Add
3077 (class rewind_to_setjmp_event): Move rewind_info field to parent
3079 * diagnostic-manager.cc (diagnostic_manager::add_events_for_eedge):
3080 Update setjmp-handling for is_setjmp_call_p requiring a gcall;
3081 pass the call to the new setjmp_event.
3082 * engine.cc (exploded_node::on_stmt): Update for is_setjmp_call_p
3084 (stale_jmp_buf::emit): Use get_user_facing_name to avoid
3085 hardcoding the function names.
3086 (exploded_node::on_longjmp): Pass the longjmp_call when
3087 constructing rewind_info.
3088 (rewind_info_t::add_events_to_path): Pass the rewind_info_t to the
3089 rewind_from_longjmp_event's ctor.
3090 * exploded-graph.h (rewind_info_t::rewind_info_t): Add
3092 (rewind_info_t::get_longjmp_call): New.
3093 (rewind_info_t::m_longjmp_call): New.
3094 * region-model.cc (region_model::on_setjmp): Update comment to
3095 indicate this is also for sigsetjmp.
3096 * region-model.h (struct setjmp_record): Likewise.
3097 (class setjmp_svalue): Likewise.
3099 2020-01-27 David Malcolm <dmalcolm@redhat.com>
3102 * analyzer.h (PUSH_IGNORE_WFORMAT, POP_IGNORE_WFORMAT): Guard these
3103 macros with GCC_VERSION >= 4006, making them no-op otherwise.
3104 * engine.cc (exploded_edge::exploded_edge): Specify template for
3105 base class initializer.
3106 (exploded_graph::add_edge): Specify template when chaining up to
3107 base class add_edge implementation.
3108 (viz_callgraph_node::dump_dot): Drop redundant "typename".
3109 (viz_callgraph_edge::viz_callgraph_edge): Specify template for
3110 base class initializer.
3111 * program-state.cc (sm_state_map::clone_with_remapping): Drop
3112 redundant "typename".
3113 (sm_state_map::print): Likewise.
3114 (sm_state_map::hash): Likewise.
3115 (sm_state_map::operator==): Likewise.
3116 (sm_state_map::remap_svalue_ids): Likewise.
3117 (sm_state_map::on_svalue_purge): Likewise.
3118 (sm_state_map::validate): Likewise.
3119 * program-state.h (sm_state_map::iterator_t): Likewise.
3120 * supergraph.h (superedge::superedge): Specify template for base
3123 2020-01-23 David Malcolm <dmalcolm@redhat.com>
3126 * supergraph.cc (callgraph_superedge::get_arg_for_parm): Fail
3127 gracefully is the number of parameters at the callee exceeds the
3128 number of arguments at the call stmt.
3129 (callgraph_superedge::get_parm_for_arg): Likewise.
3131 2020-01-22 David Malcolm <dmalcolm@redhat.com>
3134 * program-state.cc (sm_state_map::on_svalue_purge): If the
3135 entry survives, but the origin is being purged, then reset the
3138 2020-01-22 David Malcolm <dmalcolm@redhat.com>
3140 * sm-signal.cc: Fix nesting of CHECKING_P and namespace ana.
3142 2020-01-22 David Malcolm <dmalcolm@redhat.com>
3145 * engine.cc (setjmp_svalue::compare_fields): Update for
3146 replacement of m_enode with m_setjmp_record.
3147 (setjmp_svalue::add_to_hash): Likewise.
3148 (setjmp_svalue::get_index): Rename...
3149 (setjmp_svalue::get_enode_index): ...to this.
3150 (setjmp_svalue::print_details): Update for replacement of m_enode
3151 with m_setjmp_record.
3152 (exploded_node::on_longjmp): Likewise.
3153 * exploded-graph.h (rewind_info_t::m_enode_origin): Replace...
3154 (rewind_info_t::m_setjmp_record): ...with this.
3155 (rewind_info_t::rewind_info_t): Update for replacement of m_enode
3156 with m_setjmp_record.
3157 (rewind_info_t::get_setjmp_point): Likewise.
3158 (rewind_info_t::get_setjmp_call): Likewise.
3159 * region-model.cc (region_model::dump_summary_of_map): Likewise.
3160 (region_model::on_setjmp): Likewise.
3161 * region-model.h (struct setjmp_record): New struct.
3162 (setjmp_svalue::m_enode): Replace...
3163 (setjmp_svalue::m_setjmp_record): ...with this.
3164 (setjmp_svalue::setjmp_svalue): Update for replacement of m_enode
3165 with m_setjmp_record.
3166 (setjmp_svalue::clone): Likewise.
3167 (setjmp_svalue::get_index): Rename...
3168 (setjmp_svalue::get_enode_index): ...to this.
3169 (setjmp_svalue::get_exploded_node): Replace...
3170 (setjmp_svalue::get_setjmp_record): ...with this.
3172 2020-01-22 David Malcolm <dmalcolm@redhat.com>
3175 * analyzer.cc (is_setjmp_call_p): Check for "setjmp" as well as
3178 2020-01-22 David Malcolm <dmalcolm@redhat.com>
3181 * analysis-plan.h: Wrap everything namespace "ana".
3182 * analyzer-logging.cc: Likewise.
3183 * analyzer-logging.h: Likewise.
3184 * analyzer-pass.cc (pass_analyzer::execute): Update for "ana"
3186 * analyzer-selftests.cc: Wrap everything namespace "ana".
3187 * analyzer-selftests.h: Likewise.
3188 * analyzer.h: Likewise for forward decls of types.
3189 * call-string.h: Likewise.
3190 * checker-path.cc: Likewise.
3191 * checker-path.h: Likewise.
3192 * constraint-manager.cc: Likewise.
3193 * constraint-manager.h: Likewise.
3194 * diagnostic-manager.cc: Likewise.
3195 * diagnostic-manager.h: Likewise.
3196 * engine.cc: Likewise.
3197 * engine.h: Likewise.
3198 * exploded-graph.h: Likewise.
3199 * function-set.cc: Likewise.
3200 * function-set.h: Likewise.
3201 * pending-diagnostic.cc: Likewise.
3202 * pending-diagnostic.h: Likewise.
3203 * program-point.cc: Likewise.
3204 * program-point.h: Likewise.
3205 * program-state.cc: Likewise.
3206 * program-state.h: Likewise.
3207 * region-model.cc: Likewise.
3208 * region-model.h: Likewise.
3209 * sm-file.cc: Likewise.
3210 * sm-malloc.cc: Likewise.
3211 * sm-pattern-test.cc: Likewise.
3212 * sm-sensitive.cc: Likewise.
3213 * sm-signal.cc: Likewise.
3214 * sm-taint.cc: Likewise.
3217 * state-purge.h: Likewise.
3218 * supergraph.cc: Likewise.
3219 * supergraph.h: Likewise.
3221 2020-01-21 David Malcolm <dmalcolm@redhat.com>
3224 * region-model.cc (int_cmp): Rename to...
3225 (array_region::key_cmp): ...this, using key_t rather than int.
3226 Rewrite in terms of comparisons rather than subtraction to
3227 ensure qsort is anti-symmetric when handling extreme values.
3228 (array_region::walk_for_canonicalization): Update for above
3230 * region-model.h (array_region::key_cmp): New decl.
3232 2020-01-17 David Malcolm <dmalcolm@redhat.com>
3235 * region-model.cc (region_model::eval_condition_without_cm): Avoid
3236 gcc_unreachable for unexpected operations for the case where
3237 we're comparing an svalue against itself.
3239 2020-01-17 David Malcolm <dmalcolm@redhat.com>
3243 (region_model::convert_byte_offset_to_array_index): Convert to
3244 ssizetype before dividing by byte_size. Use fold_binary rather
3245 than fold_build2 to avoid needlessly constructing a tree for the
3248 2020-01-15 David Malcolm <dmalcolm@redhat.com>
3250 * engine.cc (class impl_region_model_context): Fix comment.
3252 2020-01-14 David Malcolm <dmalcolm@redhat.com>
3255 * region-model.cc (make_region_for_type): Use
3256 FUNC_OR_METHOD_TYPE_P rather than comparing against FUNCTION_TYPE.
3257 * region-model.h (function_region::function_region): Likewise.
3259 2020-01-14 David Malcolm <dmalcolm@redhat.com>
3261 * program-state.cc (sm_state_map::clone_with_remapping): Copy
3263 (selftest::test_program_state_merging_2): New selftest.
3264 (selftest::analyzer_program_state_cc_tests): Call it.
3266 2020-01-14 David Malcolm <dmalcolm@redhat.com>
3268 * checker-path.h (checker_path::get_checker_event): New function.
3269 (checker_path): Add DISABLE_COPY_AND_ASSIGN; make fields private.
3270 * diagnostic-manager.cc
3271 (diagnostic_manager::prune_for_sm_diagnostic): Replace direct
3272 access to checker_path::m_events with accessor functions. Fix
3274 (diagnostic_manager::prune_interproc_events): Replace direct
3275 access to checker_path::m_events with accessor functions.
3276 (diagnostic_manager::finish_pruning): Likewise.
3278 2020-01-14 David Malcolm <dmalcolm@redhat.com>
3280 * checker-path.h (checker_event::clone): Delete vfunc decl.
3281 (debug_event::clone): Delete vfunc impl.
3282 (custom_event::clone): Delete vfunc impl.
3283 (statement_event::clone): Delete vfunc impl.
3284 (function_entry_event::clone): Delete vfunc impl.
3285 (state_change_event::clone): Delete vfunc impl.
3286 (start_cfg_edge_event::clone): Delete vfunc impl.
3287 (end_cfg_edge_event::clone): Delete vfunc impl.
3288 (call_event::clone): Delete vfunc impl.
3289 (return_event::clone): Delete vfunc impl.
3290 (setjmp_event::clone): Delete vfunc impl.
3291 (rewind_from_longjmp_event::clone): Delete vfunc impl.
3292 (rewind_to_setjmp_event::clone): Delete vfunc impl.
3293 (warning_event::clone): Delete vfunc impl.
3295 2020-01-14 David Malcolm <dmalcolm@redhat.com>
3297 * supergraph.cc (supernode::dump_dot): Ensure that the TABLE
3298 element has at least one TR.
3300 2020-01-14 David Malcolm <dmalcolm@redhat.com>
3303 * engine.cc (leak_stmt_finder::find_stmt): Use get_pure_location
3304 when comparing against UNKNOWN_LOCATION.
3305 (stmt_requires_new_enode_p): Likewise.
3306 (exploded_graph::dump_exploded_nodes): Likewise.
3307 * supergraph.cc (supernode::get_start_location): Likewise.
3308 (supernode::get_end_location): Likewise.
3310 2020-01-14 David Malcolm <dmalcolm@redhat.com>
3313 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
3314 selftest::analyzer_sm_file_cc_tests.
3315 * analyzer-selftests.h (selftest::analyzer_sm_file_cc_tests): New
3317 * sm-file.cc: Include "analyzer/function-set.h" and
3318 "analyzer/analyzer-selftests.h".
3319 (get_file_using_fns): New function.
3320 (is_file_using_fn_p): New function.
3321 (fileptr_state_machine::on_stmt): Return true for known functions.
3322 (selftest::analyzer_sm_file_cc_tests): New function.
3324 2020-01-14 David Malcolm <dmalcolm@redhat.com>
3326 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
3327 selftest::analyzer_sm_signal_cc_tests.
3328 * analyzer-selftests.h (selftest::analyzer_sm_signal_cc_tests):
3330 * sm-signal.cc: Include "analyzer/function-set.h" and
3331 "analyzer/analyzer-selftests.h".
3332 (get_async_signal_unsafe_fns): New function.
3333 (signal_unsafe_p): Reimplement in terms of the above.
3334 (selftest::analyzer_sm_signal_cc_tests): New function.
3336 2020-01-14 David Malcolm <dmalcolm@redhat.com>
3338 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
3339 selftest::analyzer_function_set_cc_tests.
3340 * analyzer-selftests.h (selftest::analyzer_function_set_cc_tests):
3342 * function-set.cc: New file.
3343 * function-set.h: New file.
3345 2020-01-14 David Malcolm <dmalcolm@redhat.com>
3347 * analyzer.h (fndecl_has_gimple_body_p): New decl.
3348 * engine.cc (impl_region_model_context::on_unknown_change): New
3350 (fndecl_has_gimple_body_p): Make non-static.
3351 (exploded_node::on_stmt): Treat __analyzer_dump_exploded_nodes as
3352 known. Track whether we have a call with unknown side-effects and
3353 pass it to on_call_post.
3354 * exploded-graph.h (impl_region_model_context::on_unknown_change):
3356 * program-state.cc (sm_state_map::on_unknown_change): New function.
3357 * program-state.h (sm_state_map::on_unknown_change): New decl.
3358 * region-model.cc: Include "bitmap.h".
3359 (region_model::on_call_pre): Return a bool, capturing whether the
3360 call has unknown side effects.
3361 (region_model::on_call_post): Add arg "bool unknown_side_effects"
3362 and if true, call handle_unrecognized_call.
3363 (class reachable_regions): New class.
3364 (region_model::handle_unrecognized_call): New function.
3365 * region-model.h (region_model::on_call_pre): Return a bool.
3366 (region_model::on_call_post): Add arg "bool unknown_side_effects".
3367 (region_model::handle_unrecognized_call): New decl.
3368 (region_model_context::on_unknown_change): New vfunc.
3369 (test_region_model_context::on_unknown_change): New function.
3371 2020-01-14 David Malcolm <dmalcolm@redhat.com>
3373 * diagnostic-manager.cc (saved_diagnostic::operator==): Move here
3374 from header. Replace pointer equality test on m_var with call to
3375 pending_diagnostic::same_tree_p.
3376 * diagnostic-manager.h (saved_diagnostic::operator==): Move to
3377 diagnostic-manager.cc.
3378 * pending-diagnostic.cc (pending_diagnostic::same_tree_p): New.
3379 * pending-diagnostic.h (pending_diagnostic::same_tree_p): New.
3380 * sm-file.cc (file_diagnostic::subclass_equal_p): Replace pointer
3381 equality on m_arg with call to pending_diagnostic::same_tree_p.
3382 * sm-malloc.cc (malloc_diagnostic::subclass_equal_p): Likewise.
3383 (possible_null_arg::subclass_equal_p): Likewise.
3384 (null_arg::subclass_equal_p): Likewise.
3385 (free_of_non_heap::subclass_equal_p): Likewise.
3386 * sm-pattern-test.cc (pattern_match::operator==): Likewise.
3387 * sm-sensitive.cc (exposure_through_output_file::operator==):
3389 * sm-taint.cc (tainted_array_index::operator==): Likewise.
3391 2020-01-14 David Malcolm <dmalcolm@redhat.com>
3393 * diagnostic-manager.cc (dedupe_winners::add): Add logging
3394 of deduplication decisions made.
3396 2020-01-14 David Malcolm <dmalcolm@redhat.com>
3398 * ChangeLog: New file.
3399 * analyzer-selftests.cc: New file.
3400 * analyzer-selftests.h: New file.
3401 * analyzer.opt: New file.
3402 * analysis-plan.cc: New file.
3403 * analysis-plan.h: New file.
3404 * analyzer-logging.cc: New file.
3405 * analyzer-logging.h: New file.
3406 * analyzer-pass.cc: New file.
3407 * analyzer.cc: New file.
3408 * analyzer.h: New file.
3409 * call-string.cc: New file.
3410 * call-string.h: New file.
3411 * checker-path.cc: New file.
3412 * checker-path.h: New file.
3413 * constraint-manager.cc: New file.
3414 * constraint-manager.h: New file.
3415 * diagnostic-manager.cc: New file.
3416 * diagnostic-manager.h: New file.
3417 * engine.cc: New file.
3418 * engine.h: New file.
3419 * exploded-graph.h: New file.
3420 * pending-diagnostic.cc: New file.
3421 * pending-diagnostic.h: New file.
3422 * program-point.cc: New file.
3423 * program-point.h: New file.
3424 * program-state.cc: New file.
3425 * program-state.h: New file.
3426 * region-model.cc: New file.
3427 * region-model.h: New file.
3428 * sm-file.cc: New file.
3429 * sm-malloc.cc: New file.
3430 * sm-malloc.dot: New file.
3431 * sm-pattern-test.cc: New file.
3432 * sm-sensitive.cc: New file.
3433 * sm-signal.cc: New file.
3434 * sm-taint.cc: New file.
3437 * state-purge.cc: New file.
3438 * state-purge.h: New file.
3439 * supergraph.cc: New file.
3440 * supergraph.h: New file.
3442 2019-12-13 David Malcolm <dmalcolm@redhat.com>
3447 Copyright (C) 2019-2020 Free Software Foundation, Inc.
3449 Copying and distribution of this file, with or without modification,
3450 are permitted in any medium without royalty provided the copyright
3451 notice and this notice are preserved.
projects / gcc.git / blob