projects / gcc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
analyzer: fix ICEs in region_model::get_lvalue_1 [PR 93388]
[gcc.git] / gcc / analyzer / ChangeLog
1 2020-02-17 David Malcolm <dmalcolm@redhat.com>
2
3 PR analyzer/93388
4 * engine.cc (impl_region_model_context::on_unknown_tree_code):
5 New.
6 (exploded_graph::get_or_create_node): Reject invalid states.
7 * exploded-graph.h
8 (impl_region_model_context::on_unknown_tree_code): New decl.
9 (point_and_state::point_and_state): Assert that the state is
10 valid.
11 * program-state.cc (program_state::program_state): Initialize
12 m_valid to true.
13 (program_state::operator=): Copy m_valid.
14 (program_state::program_state): Likewise for move constructor.
15 (program_state::print): Print m_valid.
16 (program_state::dump_to_pp): Likewise.
17 * program-state.h (program_state::m_valid): New field.
18 * region-model.cc (region_model::get_lvalue_1): Implement the
19 default case by returning a new symbolic region and calling
20 the context's on_unknown_tree_code, rather than issuing an
21 internal_error. Implement VIEW_CONVERT_EXPR.
22 * region-model.h (region_model_context::on_unknown_tree_code): New
23 vfunc.
24 (test_region_model_context::on_unknown_tree_code): New.
25
26 2020-02-17 David Malcolm <dmalcolm@redhat.com>
27
28 * sm-malloc.cc (malloc_diagnostic::describe_state_change): For
29 transition to the "null" state, only say "assuming" when
30 transitioning from the "unchecked" state.
31
32 2020-02-17 David Malcolm <dmalcolm@redhat.com>
33
34 * diagnostic-manager.h (diagnostic_manager::get_saved_diagnostic):
35 Add const overload.
36 * engine.cc (exploded_node::dump_dot): Dump saved_diagnostics.
37 * exploded-graph.h (exploded_graph::get_diagnostic_manager): Add
38 const overload.
39
40 2020-02-11 David Malcolm <dmalcolm@redhat.com>
41
42 PR analyzer/93288
43 * analysis-plan.cc (analysis_plan::use_summary_p): Look through
44 the ultimate_alias_target when getting the called function.
45 * engine.cc (exploded_node::on_stmt): Rename second "ctxt" to
46 "sm_ctxt". Use the region_model's get_fndecl_for_call rather than
47 gimple_call_fndecl.
48 * region-model.cc (region_model::get_fndecl_for_call): Use
49 ultimate_alias_target on fndecl.
50 * supergraph.cc (get_ultimate_function_for_cgraph_edge): New
51 function.
52 (supergraph_call_edge): Use it when rejecting edges without
53 functions.
54 (supergraph::supergraph): Use it to get the function for the
55 cgraph_edge when building interprocedural superedges.
56 (callgraph_superedge::get_callee_function): Use it.
57 * supergraph.h (supergraph::get_num_snodes): Make param const.
58 (supergraph::function_to_num_snodes_t): Make first type param
59 const.
60
61 2020-02-11 David Malcolm <dmalcolm@redhat.com>
62
63 PR analyzer/93374
64 * engine.cc (exploded_edge::exploded_edge): Add ext_state param
65 and pass it to change.validate.
66 (exploded_graph::get_or_create_node): Move purging of change
67 svalues to also cover the case of reusing an existing enode.
68 (exploded_graph::add_edge): Pass m_ext_state to exploded_edge's
69 ctor.
70 * exploded-graph.h (exploded_edge::exploded_edge): Add ext_state
71 param.
72 * program-state.cc (state_change::sm_change::validate): Likewise.
73 Assert that m_sm_idx is sane. Use ext_state to validate
74 m_old_state and m_new_state.
75 (state_change::validate): Add ext_state param and pass it to
76 the sm_change validate calls.
77 * program-state.h (state_change::sm_change::validate): Add
78 ext_state param.
79 (state_change::validate): Likewise.
80
81 2020-02-11 David Malcolm <dmalcolm@redhat.com>
82
83 PR analyzer/93669
84 * engine.cc (exploded_graph::dump_exploded_nodes): Handle missing
85 case of STATUS_WORKLIST in implementation of
86 "__analyzer_dump_exploded_nodes".
87
88 2020-02-11 David Malcolm <dmalcolm@redhat.com>
89
90 PR analyzer/93649
91 * constraint-manager.cc (constraint_manager::add_constraint): When
92 merging equivalence classes and updating m_constant, also update
93 m_cst_sid.
94 (constraint_manager::validate): If m_constant is non-NULL assert
95 that m_cst_sid is non-null and is valid.
96
97 2020-02-11 David Malcolm <dmalcolm@redhat.com>
98
99 PR analyzer/93657
100 * analyzer.opt (fdump-analyzer): Reword description.
101 (fdump-analyzer-stderr): Likewise.
102
103 2020-02-11 David Malcolm <dmalcolm@redhat.com>
104
105 * region-model.cc (print_quoted_type): New function.
106 (svalue::print): Use it to replace %qT.
107 (region::dump_to_pp): Likewise.
108 (region::dump_child_label): Likewise.
109 (region::print_fields): Likewise.
110
111 2020-02-10 David Malcolm <dmalcolm@redhat.com>
112
113 PR analyzer/93659
114 * analyzer.opt (-param=analyzer-max-recursion-depth=): Fix "tha"
115 -> "that" typo.
116 (Wanalyzer-use-of-uninitialized-value): Fix "initialized" ->
117 "uninitialized" typo.
118
119 2020-02-10 David Malcolm <dmalcolm@redhat.com>
120
121 PR analyzer/93350
122 * region-model.cc (region_model::get_lvalue_1):
123 Handle BIT_FIELD_REF.
124 (make_region_for_type): Handle VECTOR_TYPE.
125
126 2020-02-10 David Malcolm <dmalcolm@redhat.com>
127
128 PR analyzer/93647
129 * diagnostic-manager.cc
130 (diagnostic_manager::prune_for_sm_diagnostic): Bulletproof against
131 VAR being constant.
132 * region-model.cc (region_model::get_lvalue_1): Provide a better
133 error message when encountering an unhandled tree code.
134
135 2020-02-10 David Malcolm <dmalcolm@redhat.com>
136
137 PR analyzer/93405
138 * region-model.cc (region_model::get_lvalue_1): Implement
139 CONST_DECL.
140
141 2020-02-06 David Malcolm <dmalcolm@redhat.com>
142
143 * region-model.cc (region_model::maybe_cast_1): Attempt to provide
144 a region_svalue if either type is a pointer, rather than if both
145 types are pointers.
146
147 2020-02-05 David Malcolm <dmalcolm@redhat.com>
148
149 * engine.cc (exploded_node::dump_dot): Show merger enodes.
150 (worklist::add_node): Assert that the node's m_status is
151 STATUS_WORKLIST.
152 (exploded_graph::process_worklist): Likewise for nodes from the
153 worklist. Set status of merged nodes to STATUS_MERGER.
154 (exploded_graph::process_node): Set status of node to
155 STATUS_PROCESSED.
156 (exploded_graph::dump_exploded_nodes): Rework handling of
157 "__analyzer_dump_exploded_nodes", splitting enodes by status into
158 "processed" and "merger", showing the count of just the processed
159 enodes at the call, rather than the count of all enodes.
160 * exploded-graph.h (exploded_node::status): New enum.
161 (exploded_node::exploded_node): Initialize m_status to
162 STATUS_WORKLIST.
163 (exploded_node::get_status): New getter.
164 (exploded_node::set_status): New setter.
165
166 2020-02-04 David Malcolm <dmalcolm@redhat.com>
167
168 PR analyzer/93543
169 * engine.cc (pod_hash_traits<function_call_string>::mark_empty):
170 Eliminate reinterpret_cast.
171 (pod_hash_traits<function_call_string>::is_empty): Likewise.
172
173 2020-02-03 David Malcolm <dmalcolm@redhat.com>
174
175 * constraint-manager.cc (range::constrained_to_single_element):
176 Replace fold_build2 with fold_binary. Remove unnecessary newline.
177 (constraint_manager::get_or_add_equiv_class): Replace fold_build2
178 with fold_binary in two places, and remove out-of-date comment.
179 (constraint_manager::eval_condition): Replace fold_build2 with
180 fold_binary.
181 * region-model.cc (constant_svalue::eval_condition): Likewise.
182 (region_model::on_assignment): Likewise.
183
184 2020-02-03 David Malcolm <dmalcolm@redhat.com>
185
186 PR analyzer/93544
187 * diagnostic-manager.cc
188 (diagnostic_manager::prune_for_sm_diagnostic): Bulletproof
189 against bad choices due to bad paths.
190 * engine.cc (impl_region_model_context::on_phi): New.
191 * exploded-graph.h (impl_region_model_context::on_phi): New decl.
192 * region-model.cc (region_model::on_longjmp): Likewise.
193 (region_model::handle_phi): Add phi param. Call the ctxt's on_phi
194 vfunc.
195 (region_model::update_for_phis): Pass phi to handle_phi.
196 * region-model.h (region_model::handle_phi): Add phi param.
197 (region_model_context::on_phi): New vfunc.
198 (test_region_model_context::on_phi): New.
199 * sm-malloc.cc (malloc_state_machine::on_phi): New.
200 (malloc_state_machine::on_zero_assignment): New.
201 * sm.h (state_machine::on_phi): New vfunc.
202
203 2020-02-03 David Malcolm <dmalcolm@redhat.com>
204
205 * engine.cc (supernode_cluster::dump_dot): Show BB index as
206 well as SN index.
207 * supergraph.cc (supernode::dump_dot): Likewise.
208
209 2020-02-03 David Malcolm <dmalcolm@redhat.com>
210
211 PR analyzer/93546
212 * region-model.cc (region_model::on_call_pre): Update for new
213 param of symbolic_region ctor.
214 (region_model::deref_rvalue): Likewise.
215 (region_model::add_new_malloc_region): Likewise.
216 (make_region_for_type): Likewise, preserving type.
217 * region-model.h (symbolic_region::symbolic_region): Add "type"
218 param and pass it to base class ctor.
219
220 2020-02-03 David Malcolm <dmalcolm@redhat.com>
221
222 PR analyzer/93547
223 * constraint-manager.cc
224 (constraint_manager::get_or_add_equiv_class): Ensure types are
225 compatible before comparing constants.
226
227 2020-01-31 David Malcolm <dmalcolm@redhat.com>
228
229 PR analyzer/93457
230 * region-model.cc (make_region_for_type): Use VOID_TYPE_P rather
231 than checking against void_type_node.
232
233 2020-01-31 David Malcolm <dmalcolm@redhat.com>
234
235 PR analyzer/93373
236 * region-model.cc (ASSERT_COMPAT_TYPES): Convert to...
237 (assert_compat_types): ...this, and bail when either type is NULL,
238 or when VOID_TYPE_P (dst_type).
239 (region_model::get_lvalue): Update for above conversion.
240 (region_model::get_rvalue): Likewise.
241
242 2020-01-31 David Malcolm <dmalcolm@redhat.com>
243
244 PR analyzer/93379
245 * region-model.cc (region_model::update_for_return_superedge):
246 Move check for null result so that it also guards setting the
247 lhs.
248
249 2020-01-31 David Malcolm <dmalcolm@redhat.com>
250
251 PR analyzer/93438
252 * region-model.cc (stack_region::can_merge_p): Split into a two
253 pass approach, creating all stack regions first, then populating
254 them.
255 (selftest::test_state_merging): Add test coverage for (a) the case
256 of self-merging a model in which a local in an older stack frame
257 points to a local in a more recent stack frame (which previously
258 would ICE), and (b) the case of self-merging a model in which a
259 local points to a global (which previously worked OK).
260
261 2020-01-31 David Malcolm <dmalcolm@redhat.com>
262
263 * analyzer.cc (is_named_call_p): Replace tests for fndecl being
264 extern at file scope and having a non-NULL DECL_NAME with a call
265 to maybe_special_function_p.
266 * function-set.cc (function_set::contains_decl_p): Add call to
267 maybe_special_function_p.
268
269 2020-01-31 David Malcolm <dmalcolm@redhat.com>
270
271 PR analyzer/93450
272 * constraint-manager.cc
273 (constraint_manager::get_or_add_equiv_class): Only compare constants
274 if their types are compatible.
275 * region-model.cc (constant_svalue::eval_condition): Replace check
276 for identical types with call to types_compatible_p.
277
278 2020-01-30 David Malcolm <dmalcolm@redhat.com>
279
280 * program-state.cc (extrinsic_state::dump_to_pp): New.
281 (extrinsic_state::dump_to_file): New.
282 (extrinsic_state::dump): New.
283 * program-state.h (extrinsic_state::dump_to_pp): New decl.
284 (extrinsic_state::dump_to_file): New decl.
285 (extrinsic_state::dump): New decl.
286 * sm.cc: Include "pretty-print.h".
287 (state_machine::dump_to_pp): New.
288 * sm.h (state_machine::dump_to_pp): New decl.
289
290 2020-01-30 David Malcolm <dmalcolm@redhat.com>
291
292 * diagnostic-manager.cc (for_each_state_change): Use
293 extrinsic_state::get_num_checkers rather than accessing m_checkers
294 directly.
295 * program-state.cc (program_state::program_state): Likewise.
296 * program-state.h (extrinsic_state::m_checkers): Make private.
297
298 2020-01-30 David Malcolm <dmalcolm@redhat.com>
299
300 PR analyzer/93356
301 * region-model.cc (region_model::eval_condition): In both
302 overloads, bail out immediately on floating-point types.
303 (region_model::eval_condition_without_cm): Likewise.
304 (region_model::add_constraint): Likewise.
305
306 2020-01-30 David Malcolm <dmalcolm@redhat.com>
307
308 PR analyzer/93450
309 * program-state.cc (sm_state_map::set_state): For the overload
310 taking an svalue_id, bail out if the set_state on the ec does
311 nothing. Convert the latter's return type from void to bool,
312 returning true if anything changed.
313 (sm_state_map::impl_set_state): Convert the return type from void
314 to bool, returning true if the state changed.
315 * program-state.h (sm_state_map::set_state): Convert return type
316 from void to bool.
317 (sm_state_map::impl_set_state): Likewise.
318 * region-model.cc (constant_svalue::eval_condition): Only call
319 fold_build2 if the types are the same.
320
321 2020-01-29 Jakub Jelinek <jakub@redhat.com>
322
323 * analyzer.h (PUSH_IGNORE_WFORMAT, POP_IGNORE_WFORMAT): Remove.
324 * constraint-manager.cc: Include diagnostic-core.h before graphviz.h.
325 (range::dump, equiv_class::print): Don't use PUSH_IGNORE_WFORMAT or
326 POP_IGNORE_WFORMAT.
327 * state-purge.cc: Include diagnostic-core.h before
328 gimple-pretty-print.h.
329 (state_purge_annotator::add_node_annotations, print_vec_of_names):
330 Don't use PUSH_IGNORE_WFORMAT or POP_IGNORE_WFORMAT.
331 * region-model.cc: Move diagnostic-core.h include before graphviz.h.
332 (path_var::dump, svalue::print, constant_svalue::print_details,
333 region::dump_to_pp, region::dump_child_label, region::print_fields,
334 map_region::print_fields, map_region::dump_dot_to_pp,
335 map_region::dump_child_label, array_region::print_fields,
336 array_region::dump_dot_to_pp): Don't use PUSH_IGNORE_WFORMAT or
337 POP_IGNORE_WFORMAT.
338
339 2020-01-28 David Malcolm <dmalcolm@redhat.com>
340
341 PR analyzer/93316
342 * engine.cc (rewind_info_t::update_model): Get the longjmp call
343 stmt via get_longjmp_call () rather than assuming it is the last
344 stmt in the longjmp's supernode.
345 (rewind_info_t::add_events_to_path): Get the location_t for the
346 rewind_from_longjmp_event via get_longjmp_call () rather than from
347 the supernode's get_end_location ().
348
349 2020-01-28 David Malcolm <dmalcolm@redhat.com>
350
351 * region-model.cc (poisoned_value_diagnostic::emit): Update for
352 renaming of warning_at overload to warning_meta.
353 * sm-file.cc (file_leak::emit): Likewise.
354 * sm-malloc.cc (double_free::emit): Likewise.
355 (possible_null_deref::emit): Likewise.
356 (possible_null_arg::emit): Likewise.
357 (null_deref::emit): Likewise.
358 (null_arg::emit): Likewise.
359 (use_after_free::emit): Likewise.
360 (malloc_leak::emit): Likewise.
361 (free_of_non_heap::emit): Likewise.
362 * sm-sensitive.cc (exposure_through_output_file::emit): Likewise.
363 * sm-signal.cc (signal_unsafe_call::emit): Likewise.
364 * sm-taint.cc (tainted_array_index::emit): Likewise.
365
366 2020-01-27 David Malcolm <dmalcolm@redhat.com>
367
368 PR analyzer/93451
369 * region-model.cc (tree_cmp): For the REAL_CST case, impose an
370 arbitrary order on NaNs relative to other NaNs and to non-NaNs;
371 const-correctness tweak.
372 (ana::selftests::build_real_cst_from_string): New function.
373 (ana::selftests::append_interesting_constants): New function.
374 (ana::selftests::test_tree_cmp_on_constants): New test.
375 (ana::selftests::test_canonicalization_4): New test.
376 (ana::selftests::analyzer_region_model_cc_tests): Call the new
377 tests.
378
379 2020-01-27 David Malcolm <dmalcolm@redhat.com>
380
381 PR analyzer/93349
382 * engine.cc (run_checkers): Save and restore input_location.
383
384 2020-01-27 David Malcolm <dmalcolm@redhat.com>
385
386 * call-string.cc (call_string::cmp_1): Delete, moving body to...
387 (call_string::cmp): ...here.
388 * call-string.h (call_string::cmp_1): Delete decl.
389 * engine.cc (worklist::key_t::cmp_1): Delete, moving body to...
390 (worklist::key_t::cmp): ...here. Implement hash comparisons
391 via comparison rather than subtraction to avoid overflow issues.
392 * exploded-graph.h (worklist::key_t::cmp_1): Delete decl.
393 * region-model.cc (tree_cmp): Eliminate buggy checking for
394 symmetry.
395
396 2020-01-27 David Malcolm <dmalcolm@redhat.com>
397
398 * analyzer.cc (is_named_call_p): Check that fndecl is "extern"
399 and at file scope. Potentially disregard prefix _ or __ in
400 fndecl's name. Bail if the identifier is NULL.
401 (is_setjmp_call_p): Expect a gcall rather than plain gimple.
402 Remove special-case check for leading prefix, and also check for
403 sigsetjmp.
404 (is_longjmp_call_p): Also check for siglongjmp.
405 (get_user_facing_name): New function.
406 * analyzer.h (is_setjmp_call_p): Expect a gcall rather than plain
407 gimple.
408 (get_user_facing_name): New decl.
409 * checker-path.cc (setjmp_event::get_desc): Use
410 get_user_facing_name to avoid hardcoding the function name.
411 (rewind_event::rewind_event): Add rewind_info param, using it to
412 initialize new m_rewind_info field, and strengthen the assertion.
413 (rewind_from_longjmp_event::get_desc): Use get_user_facing_name to
414 avoid hardcoding the function name.
415 (rewind_to_setjmp_event::get_desc): Likewise.
416 * checker-path.h (setjmp_event::setjmp_event): Add setjmp_call
417 param and use it to initialize...
418 (setjmp_event::m_setjmp_call): New field.
419 (rewind_event::rewind_event): Add rewind_info param.
420 (rewind_event::m_rewind_info): New protected field.
421 (rewind_from_longjmp_event::rewind_from_longjmp_event): Add
422 rewind_info param.
423 (class rewind_to_setjmp_event): Move rewind_info field to parent
424 class.
425 * diagnostic-manager.cc (diagnostic_manager::add_events_for_eedge):
426 Update setjmp-handling for is_setjmp_call_p requiring a gcall;
427 pass the call to the new setjmp_event.
428 * engine.cc (exploded_node::on_stmt): Update for is_setjmp_call_p
429 requiring a gcall.
430 (stale_jmp_buf::emit): Use get_user_facing_name to avoid
431 hardcoding the function names.
432 (exploded_node::on_longjmp): Pass the longjmp_call when
433 constructing rewind_info.
434 (rewind_info_t::add_events_to_path): Pass the rewind_info_t to the
435 rewind_from_longjmp_event's ctor.
436 * exploded-graph.h (rewind_info_t::rewind_info_t): Add
437 longjmp_call param.
438 (rewind_info_t::get_longjmp_call): New.
439 (rewind_info_t::m_longjmp_call): New.
440 * region-model.cc (region_model::on_setjmp): Update comment to
441 indicate this is also for sigsetjmp.
442 * region-model.h (struct setjmp_record): Likewise.
443 (class setjmp_svalue): Likewise.
444
445 2020-01-27 David Malcolm <dmalcolm@redhat.com>
446
447 PR analyzer/93276
448 * analyzer.h (PUSH_IGNORE_WFORMAT, POP_IGNORE_WFORMAT): Guard these
449 macros with GCC_VERSION >= 4006, making them no-op otherwise.
450 * engine.cc (exploded_edge::exploded_edge): Specify template for
451 base class initializer.
452 (exploded_graph::add_edge): Specify template when chaining up to
453 base class add_edge implementation.
454 (viz_callgraph_node::dump_dot): Drop redundant "typename".
455 (viz_callgraph_edge::viz_callgraph_edge): Specify template for
456 base class initializer.
457 * program-state.cc (sm_state_map::clone_with_remapping): Drop
458 redundant "typename".
459 (sm_state_map::print): Likewise.
460 (sm_state_map::hash): Likewise.
461 (sm_state_map::operator==): Likewise.
462 (sm_state_map::remap_svalue_ids): Likewise.
463 (sm_state_map::on_svalue_purge): Likewise.
464 (sm_state_map::validate): Likewise.
465 * program-state.h (sm_state_map::iterator_t): Likewise.
466 * supergraph.h (superedge::superedge): Specify template for base
467 class initializer.
468
469 2020-01-23 David Malcolm <dmalcolm@redhat.com>
470
471 PR analyzer/93375
472 * supergraph.cc (callgraph_superedge::get_arg_for_parm): Fail
473 gracefully is the number of parameters at the callee exceeds the
474 number of arguments at the call stmt.
475 (callgraph_superedge::get_parm_for_arg): Likewise.
476
477 2020-01-22 David Malcolm <dmalcolm@redhat.com>
478
479 PR analyzer/93382
480 * program-state.cc (sm_state_map::on_svalue_purge): If the
481 entry survives, but the origin is being purged, then reset the
482 origin to null.
483
484 2020-01-22 David Malcolm <dmalcolm@redhat.com>
485
486 * sm-signal.cc: Fix nesting of CHECKING_P and namespace ana.
487
488 2020-01-22 David Malcolm <dmalcolm@redhat.com>
489
490 PR analyzer/93378
491 * engine.cc (setjmp_svalue::compare_fields): Update for
492 replacement of m_enode with m_setjmp_record.
493 (setjmp_svalue::add_to_hash): Likewise.
494 (setjmp_svalue::get_index): Rename...
495 (setjmp_svalue::get_enode_index): ...to this.
496 (setjmp_svalue::print_details): Update for replacement of m_enode
497 with m_setjmp_record.
498 (exploded_node::on_longjmp): Likewise.
499 * exploded-graph.h (rewind_info_t::m_enode_origin): Replace...
500 (rewind_info_t::m_setjmp_record): ...with this.
501 (rewind_info_t::rewind_info_t): Update for replacement of m_enode
502 with m_setjmp_record.
503 (rewind_info_t::get_setjmp_point): Likewise.
504 (rewind_info_t::get_setjmp_call): Likewise.
505 * region-model.cc (region_model::dump_summary_of_map): Likewise.
506 (region_model::on_setjmp): Likewise.
507 * region-model.h (struct setjmp_record): New struct.
508 (setjmp_svalue::m_enode): Replace...
509 (setjmp_svalue::m_setjmp_record): ...with this.
510 (setjmp_svalue::setjmp_svalue): Update for replacement of m_enode
511 with m_setjmp_record.
512 (setjmp_svalue::clone): Likewise.
513 (setjmp_svalue::get_index): Rename...
514 (setjmp_svalue::get_enode_index): ...to this.
515 (setjmp_svalue::get_exploded_node): Replace...
516 (setjmp_svalue::get_setjmp_record): ...with this.
517
518 2020-01-22 David Malcolm <dmalcolm@redhat.com>
519
520 PR analyzer/93316
521 * analyzer.cc (is_setjmp_call_p): Check for "setjmp" as well as
522 "_setjmp".
523
524 2020-01-22 David Malcolm <dmalcolm@redhat.com>
525
526 PR analyzer/93307
527 * analysis-plan.h: Wrap everything namespace "ana".
528 * analyzer-logging.cc: Likewise.
529 * analyzer-logging.h: Likewise.
530 * analyzer-pass.cc (pass_analyzer::execute): Update for "ana"
531 namespace.
532 * analyzer-selftests.cc: Wrap everything namespace "ana".
533 * analyzer-selftests.h: Likewise.
534 * analyzer.h: Likewise for forward decls of types.
535 * call-string.h: Likewise.
536 * checker-path.cc: Likewise.
537 * checker-path.h: Likewise.
538 * constraint-manager.cc: Likewise.
539 * constraint-manager.h: Likewise.
540 * diagnostic-manager.cc: Likewise.
541 * diagnostic-manager.h: Likewise.
542 * engine.cc: Likewise.
543 * engine.h: Likewise.
544 * exploded-graph.h: Likewise.
545 * function-set.cc: Likewise.
546 * function-set.h: Likewise.
547 * pending-diagnostic.cc: Likewise.
548 * pending-diagnostic.h: Likewise.
549 * program-point.cc: Likewise.
550 * program-point.h: Likewise.
551 * program-state.cc: Likewise.
552 * program-state.h: Likewise.
553 * region-model.cc: Likewise.
554 * region-model.h: Likewise.
555 * sm-file.cc: Likewise.
556 * sm-malloc.cc: Likewise.
557 * sm-pattern-test.cc: Likewise.
558 * sm-sensitive.cc: Likewise.
559 * sm-signal.cc: Likewise.
560 * sm-taint.cc: Likewise.
561 * sm.cc: Likewise.
562 * sm.h: Likewise.
563 * state-purge.h: Likewise.
564 * supergraph.cc: Likewise.
565 * supergraph.h: Likewise.
566
567 2020-01-21 David Malcolm <dmalcolm@redhat.com>
568
569 PR analyzer/93352
570 * region-model.cc (int_cmp): Rename to...
571 (array_region::key_cmp): ...this, using key_t rather than int.
572 Rewrite in terms of comparisons rather than subtraction to
573 ensure qsort is anti-symmetric when handling extreme values.
574 (array_region::walk_for_canonicalization): Update for above
575 renaming.
576 * region-model.h (array_region::key_cmp): New decl.
577
578 2020-01-17 David Malcolm <dmalcolm@redhat.com>
579
580 PR analyzer/93290
581 * region-model.cc (region_model::eval_condition_without_cm): Avoid
582 gcc_unreachable for unexpected operations for the case where
583 we're comparing an svalue against itself.
584
585 2020-01-17 David Malcolm <dmalcolm@redhat.com>
586
587 PR analyzer/93281
588 * region-model.cc
589 (region_model::convert_byte_offset_to_array_index): Convert to
590 ssizetype before dividing by byte_size. Use fold_binary rather
591 than fold_build2 to avoid needlessly constructing a tree for the
592 non-const case.
593
594 2020-01-15 David Malcolm <dmalcolm@redhat.com>
595
596 * engine.cc (class impl_region_model_context): Fix comment.
597
598 2020-01-14 David Malcolm <dmalcolm@redhat.com>
599
600 PR analyzer/93212
601 * region-model.cc (make_region_for_type): Use
602 FUNC_OR_METHOD_TYPE_P rather than comparing against FUNCTION_TYPE.
603 * region-model.h (function_region::function_region): Likewise.
604
605 2020-01-14 David Malcolm <dmalcolm@redhat.com>
606
607 * program-state.cc (sm_state_map::clone_with_remapping): Copy
608 m_global_state.
609 (selftest::test_program_state_merging_2): New selftest.
610 (selftest::analyzer_program_state_cc_tests): Call it.
611
612 2020-01-14 David Malcolm <dmalcolm@redhat.com>
613
614 * checker-path.h (checker_path::get_checker_event): New function.
615 (checker_path): Add DISABLE_COPY_AND_ASSIGN; make fields private.
616 * diagnostic-manager.cc
617 (diagnostic_manager::prune_for_sm_diagnostic): Replace direct
618 access to checker_path::m_events with accessor functions. Fix
619 overlong line.
620 (diagnostic_manager::prune_interproc_events): Replace direct
621 access to checker_path::m_events with accessor functions.
622 (diagnostic_manager::finish_pruning): Likewise.
623
624 2020-01-14 David Malcolm <dmalcolm@redhat.com>
625
626 * checker-path.h (checker_event::clone): Delete vfunc decl.
627 (debug_event::clone): Delete vfunc impl.
628 (custom_event::clone): Delete vfunc impl.
629 (statement_event::clone): Delete vfunc impl.
630 (function_entry_event::clone): Delete vfunc impl.
631 (state_change_event::clone): Delete vfunc impl.
632 (start_cfg_edge_event::clone): Delete vfunc impl.
633 (end_cfg_edge_event::clone): Delete vfunc impl.
634 (call_event::clone): Delete vfunc impl.
635 (return_event::clone): Delete vfunc impl.
636 (setjmp_event::clone): Delete vfunc impl.
637 (rewind_from_longjmp_event::clone): Delete vfunc impl.
638 (rewind_to_setjmp_event::clone): Delete vfunc impl.
639 (warning_event::clone): Delete vfunc impl.
640
641 2020-01-14 David Malcolm <dmalcolm@redhat.com>
642
643 * supergraph.cc (supernode::dump_dot): Ensure that the TABLE
644 element has at least one TR.
645
646 2020-01-14 David Malcolm <dmalcolm@redhat.com>
647
648 PR analyzer/58237
649 * engine.cc (leak_stmt_finder::find_stmt): Use get_pure_location
650 when comparing against UNKNOWN_LOCATION.
651 (stmt_requires_new_enode_p): Likewise.
652 (exploded_graph::dump_exploded_nodes): Likewise.
653 * supergraph.cc (supernode::get_start_location): Likewise.
654 (supernode::get_end_location): Likewise.
655
656 2020-01-14 David Malcolm <dmalcolm@redhat.com>
657
658 PR analyzer/58237
659 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
660 selftest::analyzer_sm_file_cc_tests.
661 * analyzer-selftests.h (selftest::analyzer_sm_file_cc_tests): New
662 decl.
663 * sm-file.cc: Include "analyzer/function-set.h" and
664 "analyzer/analyzer-selftests.h".
665 (get_file_using_fns): New function.
666 (is_file_using_fn_p): New function.
667 (fileptr_state_machine::on_stmt): Return true for known functions.
668 (selftest::analyzer_sm_file_cc_tests): New function.
669
670 2020-01-14 David Malcolm <dmalcolm@redhat.com>
671
672 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
673 selftest::analyzer_sm_signal_cc_tests.
674 * analyzer-selftests.h (selftest::analyzer_sm_signal_cc_tests):
675 New decl.
676 * sm-signal.cc: Include "analyzer/function-set.h" and
677 "analyzer/analyzer-selftests.h".
678 (get_async_signal_unsafe_fns): New function.
679 (signal_unsafe_p): Reimplement in terms of the above.
680 (selftest::analyzer_sm_signal_cc_tests): New function.
681
682 2020-01-14 David Malcolm <dmalcolm@redhat.com>
683
684 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
685 selftest::analyzer_function_set_cc_tests.
686 * analyzer-selftests.h (selftest::analyzer_function_set_cc_tests):
687 New decl.
688 * function-set.cc: New file.
689 * function-set.h: New file.
690
691 2020-01-14 David Malcolm <dmalcolm@redhat.com>
692
693 * analyzer.h (fndecl_has_gimple_body_p): New decl.
694 * engine.cc (impl_region_model_context::on_unknown_change): New
695 function.
696 (fndecl_has_gimple_body_p): Make non-static.
697 (exploded_node::on_stmt): Treat __analyzer_dump_exploded_nodes as
698 known. Track whether we have a call with unknown side-effects and
699 pass it to on_call_post.
700 * exploded-graph.h (impl_region_model_context::on_unknown_change):
701 New decl.
702 * program-state.cc (sm_state_map::on_unknown_change): New function.
703 * program-state.h (sm_state_map::on_unknown_change): New decl.
704 * region-model.cc: Include "bitmap.h".
705 (region_model::on_call_pre): Return a bool, capturing whether the
706 call has unknown side effects.
707 (region_model::on_call_post): Add arg "bool unknown_side_effects"
708 and if true, call handle_unrecognized_call.
709 (class reachable_regions): New class.
710 (region_model::handle_unrecognized_call): New function.
711 * region-model.h (region_model::on_call_pre): Return a bool.
712 (region_model::on_call_post): Add arg "bool unknown_side_effects".
713 (region_model::handle_unrecognized_call): New decl.
714 (region_model_context::on_unknown_change): New vfunc.
715 (test_region_model_context::on_unknown_change): New function.
716
717 2020-01-14 David Malcolm <dmalcolm@redhat.com>
718
719 * diagnostic-manager.cc (saved_diagnostic::operator==): Move here
720 from header. Replace pointer equality test on m_var with call to
721 pending_diagnostic::same_tree_p.
722 * diagnostic-manager.h (saved_diagnostic::operator==): Move to
723 diagnostic-manager.cc.
724 * pending-diagnostic.cc (pending_diagnostic::same_tree_p): New.
725 * pending-diagnostic.h (pending_diagnostic::same_tree_p): New.
726 * sm-file.cc (file_diagnostic::subclass_equal_p): Replace pointer
727 equality on m_arg with call to pending_diagnostic::same_tree_p.
728 * sm-malloc.cc (malloc_diagnostic::subclass_equal_p): Likewise.
729 (possible_null_arg::subclass_equal_p): Likewise.
730 (null_arg::subclass_equal_p): Likewise.
731 (free_of_non_heap::subclass_equal_p): Likewise.
732 * sm-pattern-test.cc (pattern_match::operator==): Likewise.
733 * sm-sensitive.cc (exposure_through_output_file::operator==):
734 Likewise.
735 * sm-taint.cc (tainted_array_index::operator==): Likewise.
736
737 2020-01-14 David Malcolm <dmalcolm@redhat.com>
738
739 * diagnostic-manager.cc (dedupe_winners::add): Add logging
740 of deduplication decisions made.
741
742 2020-01-14 David Malcolm <dmalcolm@redhat.com>
743
744 * ChangeLog: New file.
745 * analyzer-selftests.cc: New file.
746 * analyzer-selftests.h: New file.
747 * analyzer.opt: New file.
748 * analysis-plan.cc: New file.
749 * analysis-plan.h: New file.
750 * analyzer-logging.cc: New file.
751 * analyzer-logging.h: New file.
752 * analyzer-pass.cc: New file.
753 * analyzer.cc: New file.
754 * analyzer.h: New file.
755 * call-string.cc: New file.
756 * call-string.h: New file.
757 * checker-path.cc: New file.
758 * checker-path.h: New file.
759 * constraint-manager.cc: New file.
760 * constraint-manager.h: New file.
761 * diagnostic-manager.cc: New file.
762 * diagnostic-manager.h: New file.
763 * engine.cc: New file.
764 * engine.h: New file.
765 * exploded-graph.h: New file.
766 * pending-diagnostic.cc: New file.
767 * pending-diagnostic.h: New file.
768 * program-point.cc: New file.
769 * program-point.h: New file.
770 * program-state.cc: New file.
771 * program-state.h: New file.
772 * region-model.cc: New file.
773 * region-model.h: New file.
774 * sm-file.cc: New file.
775 * sm-malloc.cc: New file.
776 * sm-malloc.dot: New file.
777 * sm-pattern-test.cc: New file.
778 * sm-sensitive.cc: New file.
779 * sm-signal.cc: New file.
780 * sm-taint.cc: New file.
781 * sm.cc: New file.
782 * sm.h: New file.
783 * state-purge.cc: New file.
784 * state-purge.h: New file.
785 * supergraph.cc: New file.
786 * supergraph.h: New file.
787
788 2019-12-13 David Malcolm <dmalcolm@redhat.com>
789
790 * Initial creation
791
792 \f
793 Copyright (C) 2019-2020 Free Software Foundation, Inc.
794
795 Copying and distribution of this file, with or without modification,
796 are permitted in any medium without royalty provided the copyright
797 notice and this notice are preserved.