| 2021-09-16 Maxim Blinov <maxim.blinov@embecosm.com> |
| |
| PR bootstrap/102242 |
| * engine.cc (INCLUDE_UNIQUE_PTR): Define. |
| |
| 2021-09-08 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/102225 |
| * analyzer.h (compat_types_p): New decl. |
| * constraint-manager.cc |
| (constraint_manager::get_or_add_equiv_class): Guard against NULL |
| type when checking for pointer types. |
| * region-model-impl-calls.cc (region_model::impl_call_realloc): |
| Guard against NULL lhs type/region. Guard against the size value |
| not being of a compatible type for dynamic extents. |
| * region-model.cc (compat_types_p): Make non-static. |
| |
| 2021-08-30 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/99260 |
| * analyzer.h (class custom_edge_info): New class, adapted from |
| exploded_edge::custom_info_t. Make member functions const. |
| Make update_model return bool, converting edge param from |
| reference to a pointer, and adding a ctxt param. |
| (class path_context): New class. |
| * call-info.cc: New file. |
| * call-info.h: New file. |
| * engine.cc: Include "analyzer/call-info.h" and <memory>. |
| (impl_region_model_context::impl_region_model_context): Update for |
| new m_path_ctxt field. |
| (impl_region_model_context::bifurcate): New. |
| (impl_region_model_context::terminate_path): New. |
| (impl_region_model_context::get_malloc_map): New. |
| (impl_sm_context::impl_sm_context): Update for new m_path_ctxt |
| field. |
| (impl_sm_context::get_fndecl_for_call): Likewise. |
| (impl_sm_context::set_next_state): Likewise. |
| (impl_sm_context::warn): Likewise. |
| (impl_sm_context::is_zero_assignment): Likewise. |
| (impl_sm_context::get_path_context): New. |
| (impl_sm_context::m_path_ctxt): New. |
| (impl_region_model_context::on_condition): Update for new |
| path_ctxt param. Handle m_enode_for_diag being NULL. |
| (impl_region_model_context::on_phi): Update for new path_ctxt |
| param. |
| (exploded_node::on_stmt): Add path_ctxt param, updating ctor calls |
| to use it as necessary. Use it to bail out after sm-handling, |
| if needed. |
| (exploded_node::detect_leaks): Update for new path_ctxt param. |
| (dynamic_call_info_t::update_model): Update for conversion of |
| exploded_edge::custom_info_t to custom_edge_info. |
| (dynamic_call_info_t::add_events_to_path): Likewise. |
| (rewind_info_t::update_model): Likewise. |
| (rewind_info_t::add_events_to_path): Likewise. |
| (exploded_edge::exploded_edge): Likewise. |
| (exploded_graph::add_edge): Likewise. |
| (exploded_graph::maybe_process_run_of_before_supernode_enodes): |
| Update for new path_ctxt param. |
| (class impl_path_context): New. |
| (exploded_graph::process_node): Update for new path_ctxt param. |
| Create an impl_path_context and pass it to exploded_node::on_stmt. |
| Use it to terminate iterating stmts if terminate_path is called |
| on it. After processing a run of stmts, query path_ctxt to |
| potentially terminate the analysis path, and/or to "bifurcate" the |
| analysis into multiple additional paths. |
| (feasibility_state::maybe_update_for_edge): Update for new |
| update_model ctxt param. |
| * exploded-graph.h |
| (impl_region_model_context::impl_region_model_context): Add |
| path_ctxt param. |
| (impl_region_model_context::bifurcate): New. |
| (impl_region_model_context::terminate_path): New |
| (impl_region_model_context::get_ext_state): New. |
| (impl_region_model_context::get_malloc_map): New. |
| (impl_region_model_context::m_path_ctxt): New field. |
| (exploded_node::on_stmt): Add path_ctxt param. |
| (class exploded_edge::custom_info_t): Move to analyzer.h, renaming |
| to custom_edge_info, and making the changes as noted in analyzer.h |
| above. |
| (exploded_edge::exploded_edge): Update for these changes to |
| exploded_edge::custom_info_t. |
| (exploded_edge::m_custom_info): Likewise. |
| (class dynamic_call_info_t): Likewise. |
| (class rewind_info_t): Likewise. |
| (exploded_graph::add_edge): Likewise. |
| * program-state.cc (program_state::on_edge): Update for new |
| path_ctxt param. |
| (program_state::push_call): Likewise. |
| (program_state::returning_call): Likewise. |
| (program_state::prune_for_point): Likewise. |
| * region-model-impl-calls.cc: Include "analyzer/call-info.h". |
| (call_details::get_fndecl_for_call): New. |
| (region_model::impl_call_realloc): Reimplement. |
| * region-model.cc (region_model::on_call_pre): Move call to |
| impl_call_realloc to... |
| (region_model::on_call_post): ...here. Consolidate creation |
| of call_details instance. |
| (noop_region_model_context::bifurcate): New. |
| (noop_region_model_context::terminate_path): New. |
| * region-model.h (call_details::get_call_stmt): New. |
| (call_details::get_fndecl_for_call): New. |
| (region_model::on_realloc_with_move): New. |
| (region_model_context::bifurcate): New. |
| (region_model_context::terminate_path): New. |
| (region_model_context::get_ext_state): New. |
| (region_model_context::get_malloc_map): New. |
| (noop_region_model_context::bifurcate): New. |
| (noop_region_model_context::terminate_path): New. |
| (noop_region_model_context::get_ext_state): New. |
| (noop_region_model_context::get_malloc_map): New. |
| * sm-malloc.cc: Include "analyzer/program-state.h". |
| (malloc_state_machine::on_realloc_call): Reimplement. |
| (malloc_state_machine::on_realloc_with_move): New. |
| (region_model::on_realloc_with_move): New. |
| * sm-signal.cc (class signal_delivery_edge_info_t): Update for |
| conversion from exploded_edge::custom_info_t to custom_edge_info. |
| * sm.h (sm_context::get_path_context): New. |
| * svalue.cc (svalue::maybe_get_constant): Call |
| unwrap_any_unmergeable. |
| |
| 2021-08-25 Ankur Saini <arsenic@sourceware.org> |
| |
| PR analyzer/101980 |
| * engine.cc (exploded_graph::maybe_create_dynamic_call): Don't create |
| calls if max recursion limit is reached. |
| |
| 2021-08-23 David Malcolm <dmalcolm@redhat.com> |
| |
| * analyzer.h (struct rejected_constraint): Convert to... |
| (class rejected_constraint): ...this. |
| (class bounded_ranges): New forward decl. |
| (class bounded_ranges_manager): New forward decl. |
| * constraint-manager.cc: Include "analyzer/analyzer-logging.h" and |
| "tree-pretty-print.h". |
| (can_plus_one_p): New. |
| (plus_one): New. |
| (can_minus_one_p): New. |
| (minus_one): New. |
| (bounded_range::bounded_range): New. |
| (dump_cst): New. |
| (bounded_range::dump_to_pp): New. |
| (bounded_range::dump): New. |
| (bounded_range::to_json): New. |
| (bounded_range::set_json_attr): New. |
| (bounded_range::contains_p): New. |
| (bounded_range::intersects_p): New. |
| (bounded_range::operator==): New. |
| (bounded_range::cmp): New. |
| (bounded_ranges::bounded_ranges): New. |
| (bounded_ranges::bounded_ranges): New. |
| (bounded_ranges::bounded_ranges): New. |
| (bounded_ranges::canonicalize): New. |
| (bounded_ranges::validate): New. |
| (bounded_ranges::operator==): New. |
| (bounded_ranges::dump_to_pp): New. |
| (bounded_ranges::dump): New. |
| (bounded_ranges::to_json): New. |
| (bounded_ranges::eval_condition): New. |
| (bounded_ranges::contain_p): New. |
| (bounded_ranges::cmp): New. |
| (bounded_ranges_manager::~bounded_ranges_manager): New. |
| (bounded_ranges_manager::get_or_create_empty): New. |
| (bounded_ranges_manager::get_or_create_point): New. |
| (bounded_ranges_manager::get_or_create_range): New. |
| (bounded_ranges_manager::get_or_create_union): New. |
| (bounded_ranges_manager::get_or_create_intersection): New. |
| (bounded_ranges_manager::get_or_create_inverse): New. |
| (bounded_ranges_manager::consolidate): New. |
| (bounded_ranges_manager::get_or_create_ranges_for_switch): New. |
| (bounded_ranges_manager::create_ranges_for_switch): New. |
| (bounded_ranges_manager::make_case_label_ranges): New. |
| (bounded_ranges_manager::log_stats): New. |
| (bounded_ranges_constraint::print): New. |
| (bounded_ranges_constraint::to_json): New. |
| (bounded_ranges_constraint::operator==): New. |
| (bounded_ranges_constraint::add_to_hash): New. |
| (constraint_manager::constraint_manager): Update for new field |
| m_bounded_ranges_constraints. |
| (constraint_manager::operator=): Likewise. |
| (constraint_manager::hash): Likewise. |
| (constraint_manager::operator==): Likewise. |
| (constraint_manager::print): Likewise. |
| (constraint_manager::dump_to_pp): Likewise. |
| (constraint_manager::to_json): Likewise. |
| (constraint_manager::add_unknown_constraint): Update the lhs_ec_id |
| if necessary in existing constraints when combining equivalence |
| classes. Add similar code for handling |
| m_bounded_ranges_constraints. |
| (constraint_manager::add_constraint_internal): Add comment. |
| (constraint_manager::add_bounded_ranges): New. |
| (constraint_manager::eval_condition): Use new field |
| m_bounded_ranges_constraints. |
| (constraint_manager::purge): Update bounded_ranges_constraint |
| instances. |
| (constraint_manager::canonicalize): Update for new field. |
| (merger_fact_visitor::on_ranges): New. |
| (constraint_manager::for_each_fact): Use new field |
| m_bounded_ranges_constraints. |
| (constraint_manager::validate): Fix off-by-one error needed due |
| to bug fixed above in add_unknown_constraint. Validate the EC IDs |
| in m_bounded_ranges_constraints. |
| (constraint_manager::get_range_manager): New. |
| (selftest::assert_dump_bounded_range_eq): New. |
| (ASSERT_DUMP_BOUNDED_RANGE_EQ): New. |
| (selftest::test_bounded_range): New. |
| (selftest::assert_dump_bounded_ranges_eq): New. |
| (ASSERT_DUMP_BOUNDED_RANGES_EQ): New. |
| (selftest::test_bounded_ranges): New. |
| (selftest::run_constraint_manager_tests): Call the new selftests. |
| * constraint-manager.h (struct bounded_range): New. |
| (struct bounded_ranges): New. |
| (template <> struct default_hash_traits<bounded_ranges::key_t>): New. |
| (class bounded_ranges_manager): New. |
| (fact_visitor::on_ranges): New pure virtual function. |
| (class bounded_ranges_constraint): New. |
| (constraint_manager::add_bounded_ranges): New decl. |
| (constraint_manager::get_range_manager): New decl. |
| (constraint_manager::m_bounded_ranges_constraints): New field. |
| * diagnostic-manager.cc (epath_finder::process_worklist_item): |
| Transfer ownership of rc to add_feasibility_problem. |
| * engine.cc (feasibility_problem::dump_to_pp): Use get_model. |
| * feasible-graph.cc (infeasible_node::dump_dot): Update for |
| conversion of m_rc to a pointer. |
| (feasible_graph::add_feasibility_problem): Pass RC by pointer and |
| take ownership. |
| * feasible-graph.h (infeasible_node::infeasible_node): Pass RC by |
| pointer and take ownership. |
| (infeasible_node::~infeasible_node): New. |
| (infeasible_node::m_rc): Convert to a pointer. |
| (feasible_graph::add_feasibility_problem): Pass RC by pointer and |
| take ownership. |
| * region-model-manager.cc: Include |
| "analyzer/constraint-manager.h". |
| (region_model_manager::region_model_manager): Initializer new |
| field m_range_mgr. |
| (region_model_manager::~region_model_manager): Delete it. |
| (region_model_manager::log_stats): Call log_stats on it. |
| * region-model.cc (region_model::add_constraint): Use new subclass |
| rejected_op_constraint. |
| (region_model::apply_constraints_for_gswitch): Reimplement using |
| bounded_ranges_manager. |
| (rejected_constraint::dump_to_pp): Convert to... |
| (rejected_op_constraint::dump_to_pp): ...this. |
| (rejected_ranges_constraint::dump_to_pp): New. |
| * region-model.h (struct purge_stats): Add field |
| m_num_bounded_ranges_constraints. |
| (region_model_manager::get_range_manager): New. |
| (region_model_manager::m_range_mgr): New. |
| (region_model::get_range_manager): New. |
| (struct rejected_constraint): Split into... |
| (class rejected_constraint):...this new abstract base class, |
| and... |
| (class rejected_op_constraint): ...this new concrete subclass. |
| (class rejected_ranges_constraint): New. |
| * supergraph.cc: Include "tree-cfg.h". |
| (supergraph::supergraph): Drop idx param from add_cfg_edge. |
| (supergraph::add_cfg_edge): Drop idx param. |
| (switch_cfg_superedge::switch_cfg_superedge): Move here from |
| header. Populate m_case_labels with all cases which go to DST. |
| (switch_cfg_superedge::dump_label_to_pp): Reimplement to use |
| m_case_labels. |
| (switch_cfg_superedge::get_case_label): Delete. |
| * supergraph.h (supergraphadd_cfg_edge): Drop "idx" param. |
| (switch_cfg_superedge::switch_cfg_superedge): Drop idx param and |
| move implementation to supergraph.cc. |
| (switch_cfg_superedge::get_case_label): Delete. |
| (switch_cfg_superedge::get_case_labels): New. |
| (switch_cfg_superedge::m_idx): Delete. |
| (switch_cfg_superedge::m_case_labels): New field. |
| |
| 2021-08-23 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/101875 |
| * sm-file.cc (file_diagnostic::describe_state_change): Handle |
| change.m_expr being NULL. |
| |
| 2021-08-23 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/101837 |
| * analyzer.cc (maybe_reconstruct_from_def_stmt): Bail if fn is |
| NULL, and assert that it's non-NULL before passing it to |
| build_call_array_loc. |
| |
| 2021-08-23 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/101962 |
| * region-model.cc (region_model::eval_condition_without_cm): |
| Refactor comparison against zero, adding a check for |
| POINTER_PLUS_EXPR of non-NULL. |
| |
| 2021-08-23 David Malcolm <dmalcolm@redhat.com> |
| |
| * store.cc (bit_range::intersects_p): New overload. |
| (bit_range::operator-): New. |
| (binding_cluster::maybe_get_compound_binding): Handle the partial |
| overlap case. |
| (selftest::test_bit_range_intersects_p): Add test coverage for |
| new overload of bit_range::intersects_p. |
| * store.h (bit_range::intersects_p): New overload. |
| (bit_range::operator-): New. |
| |
| 2021-08-23 Ankur Saini <arsenic@sourceware.org> |
| |
| PR analyzer/102020 |
| * diagnostic-manager.cc |
| (diagnostic_manager::prune_for_sm_diagnostic)<case EK_CALL_EDGE>: Fix typo. |
| |
| 2021-08-21 Ankur Saini <arsenic@sourceware.org> |
| |
| PR analyzer/101980 |
| * diagnostic-manager.cc |
| (diagnostic_manager::prune_for_sm_diagnostic)<case EK_CALL_EDGE>: Use |
| caller_model only when the supergraph_edge doesn't exixt. |
| (diagnostic_manager::prune_for_sm_diagnostic)<case EK_RETURN_EDGE>: |
| Likewise. |
| * engine.cc (exploded_graph::create_dynamic_call): Rename to... |
| (exploded_graph::maybe_create_dynamic_call): ...this, return call |
| creation status. |
| (exploded_graph::process_node): Handle calls which were not dynamically |
| discovered. |
| * exploded-graph.h (exploded_graph::create_dynamic_call): Rename to... |
| (exploded_graph::maybe_create_dynamic_call): ...this. |
| * region-model.cc (region_model::update_for_gcall): New param, use it |
| to push call to frame. |
| (region_model::update_for_call_superedge): Pass callee function to |
| update_for_gcall. |
| * region-model.h (region_model::update_for_gcall): New param. |
| |
| 2021-08-18 Ankur Saini <arsenic@sourceware.org> |
| |
| PR analyzer/97114 |
| * region-model.cc (region_model::get_rvalue_1): Add case for |
| OBJ_TYPE_REF. |
| |
| 2021-08-18 Ankur Saini <arsenic@sourceware.org> |
| |
| PR analyzer/100546 |
| * analysis-plan.cc (analysis_plan::use_summary_p): Don't use call |
| summaries if there is no callgraph edge |
| * checker-path.cc (call_event::call_event): Handle calls events that |
| are not represented by a supergraph call edge |
| (return_event::return_event): Likewise. |
| (call_event::get_desc): Work with new call_event structure. |
| (return_event::get_desc): Likeise. |
| * checker-path.h (call_event::m_src_snode): New field. |
| (call_event::m_dest_snode): New field. |
| (return_event::m_src_snode): New field. |
| (return_event::m_dest_snode): New field. |
| * diagnostic-manager.cc |
| (diagnostic_manager::prune_for_sm_diagnostic)<case EK_CALL_EDGE>: |
| Refactor to work with edges without callgraph edge. |
| (diagnostic_manager::prune_for_sm_diagnostic)<case EK_RETURN_EDGE>: |
| Likewise. |
| * engine.cc (dynamic_call_info_t::update_model): New function. |
| (dynamic_call_info_t::add_events_to_path): New function. |
| (exploded_graph::create_dynamic_call): New function. |
| (exploded_graph::process_node): Work with dynamically discovered calls. |
| * exploded-graph.h (class dynamic_call_info_t): New class. |
| (exploded_graph::create_dynamic_call): New decl. |
| * program-point.cc (program_point::push_to_call_stack): New function. |
| (program_point::pop_from_call_stack): New function. |
| * program-point.h (program_point::push_to_call_stack): New decl. |
| (program_point::pop_from_call_stack): New decl. |
| * program-state.cc (program_state::push_call): New function. |
| (program_state::returning_call): New function. |
| * program-state.h (program_state::push_call): New decl. |
| (program_state::returning_call): New decl. |
| * region-model.cc (region_model::update_for_gcall) New function. |
| (region_model::update_for_return_gcall): New function. |
| (egion_model::update_for_call_superedge): Get the underlying gcall and |
| update for gcall. |
| (region_model::update_for_return_superedge): Likewise. |
| * region-model.h (region_model::update_for_gcall): New decl. |
| (region_model::update_for_return_gcall): New decl. |
| * state-purge.cc (state_purge_per_ssa_name::process_point): Update to |
| work with calls without underlying cgraph edge. |
| * supergraph.cc (supergraph::supergraph) Split snodes at every callsite. |
| * supergraph.h (supernode::get_returning_call) New accessor. |
| |
| 2021-08-04 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/101570 |
| * analyzer.cc (maybe_reconstruct_from_def_stmt): Add GIMPLE_ASM |
| case. |
| * analyzer.h (class asm_output_svalue): New forward decl. |
| (class reachable_regions): New forward decl. |
| * complexity.cc (complexity::from_vec_svalue): New. |
| * complexity.h (complexity::from_vec_svalue): New decl. |
| * engine.cc (feasibility_state::maybe_update_for_edge): Handle |
| asm stmts by calling on_asm_stmt. |
| * region-model-asm.cc: New file. |
| * region-model-manager.cc |
| (region_model_manager::maybe_fold_asm_output_svalue): New. |
| (region_model_manager::get_or_create_asm_output_svalue): New. |
| (region_model_manager::log_stats): Log m_asm_output_values_map. |
| * region-model.cc (region_model::on_stmt_pre): Handle GIMPLE_ASM. |
| * region-model.h (visitor::visit_asm_output_svalue): New. |
| (region_model_manager::get_or_create_asm_output_svalue): New decl. |
| (region_model_manager::maybe_fold_asm_output_svalue): New decl. |
| (region_model_manager::asm_output_values_map_t): New typedef. |
| (region_model_manager::m_asm_output_values_map): New field. |
| (region_model::on_asm_stmt): New. |
| * store.cc (binding_cluster::on_asm): New. |
| * store.h (binding_cluster::on_asm): New decl. |
| * svalue.cc (svalue::cmp_ptr): Handle SK_ASM_OUTPUT. |
| (asm_output_svalue::dump_to_pp): New. |
| (asm_output_svalue::dump_input): New. |
| (asm_output_svalue::input_idx_to_asm_idx): New. |
| (asm_output_svalue::accept): New. |
| * svalue.h (enum svalue_kind): Add SK_ASM_OUTPUT. |
| (svalue::dyn_cast_asm_output_svalue): New. |
| (class asm_output_svalue): New. |
| (is_a_helper <const asm_output_svalue *>::test): New. |
| (struct default_hash_traits<asm_output_svalue::key_t>): New. |
| |
| 2021-08-03 Jakub Jelinek <jakub@redhat.com> |
| |
| PR analyzer/101721 |
| * sm-malloc.cc (known_allocator_p): Only check DECL_FUNCTION_CODE on |
| BUILT_IN_NORMAL builtins. |
| |
| 2021-07-29 Ankur Saini <arsenic@sourceware.org> |
| |
| * call-string.cc (call_string::element_t::operator==): New operator. |
| (call_String::element_t::operator!=): New operator. |
| (call_string::element_t::get_caller_function): New function. |
| (call_string::element_t::get_callee_function): New function. |
| (call_string::call_string): Refactor to Initialise m_elements. |
| (call_string::operator=): Refactor to work with m_elements. |
| (call_string::operator==): Likewise. |
| (call_string::to_json): Likewise. |
| (call_string::hash): Refactor to hash e.m_caller. |
| (call_string::push_call): Refactor to work with m_elements. |
| (call_string::push_call): New overload to push call via supernodes. |
| (call_string::pop): Refactor to work with m_elements. |
| (call_string::calc_recursion_depth): Likewise. |
| (call_string::cmp): Likewise. |
| (call_string::validate): Likewise. |
| (call_string::operator[]): Likewise. |
| * call-string.h (class supernode): New forward decl. |
| (struct call_string::element_t): New struct. |
| (call_string::call_string): Refactor to initialise m_elements. |
| (call_string::bool empty_p): Refactor to work with m_elements. |
| (call_string::get_callee_node): New decl. |
| (call_string::get_caller_node): New decl. |
| (m_elements): Replaces m_return_edges. |
| * program-point.cc (program_point::get_function_at_depth): Refactor to |
| work with new call-string format. |
| (program_point::validate): Likewise. |
| (program_point::on_edge): Likewise. |
| |
| 2021-07-28 David Malcolm <dmalcolm@redhat.com> |
| |
| * region-model.cc (region_model::on_call_pre): Treat |
| IFN_UBSAN_BOUNDS, BUILT_IN_STACK_SAVE, and BUILT_IN_STACK_RESTORE |
| as no-ops, rather than handling them as unknown functions. |
| |
| 2021-07-28 David Malcolm <dmalcolm@redhat.com> |
| |
| * region-model-impl-calls.cc (region_model::impl_call_alloca): |
| Drop redundant return value. |
| (region_model::impl_call_builtin_expect): Likewise. |
| (region_model::impl_call_calloc): Likewise. |
| (region_model::impl_call_malloc): Likewise. |
| (region_model::impl_call_memset): Likewise. |
| (region_model::impl_call_operator_new): Likewise. |
| (region_model::impl_call_operator_delete): Likewise. |
| (region_model::impl_call_strlen): Likewise. |
| * region-model.cc (region_model::on_call_pre): Fix return value of |
| known functions that don't have unknown side-effects. |
| * region-model.h (region_model::impl_call_alloca): Drop redundant |
| return value. |
| (region_model::impl_call_builtin_expect): Likewise. |
| (region_model::impl_call_calloc): Likewise. |
| (region_model::impl_call_malloc): Likewise. |
| (region_model::impl_call_memset): Likewise. |
| (region_model::impl_call_strlen): Likewise. |
| (region_model::impl_call_operator_new): Likewise. |
| (region_model::impl_call_operator_delete): Likewise. |
| |
| 2021-07-28 Siddhesh Poyarekar <siddhesh@gotplt.org> |
| |
| * analyzer.cc (is_named_call_p, is_std_named_call_p): Make |
| first argument a const_tree. |
| * analyzer.h (is_named_call_p, -s_std_named_call_p): Likewise. |
| * sm-malloc.cc (known_allocator_p): New function. |
| (malloc_state_machine::on_stmt): Use it. |
| |
| 2021-07-28 Siddhesh Poyarekar <siddhesh@gotplt.org> |
| |
| * sm-malloc.cc |
| (malloc_state_machine::get_or_create_deallocator): Recognize |
| __builtin_free. |
| |
| 2021-07-26 David Malcolm <dmalcolm@redhat.com> |
| |
| * region-model.cc (region_model::on_call_pre): Always set conjured |
| LHS, not just for SSA names. |
| |
| 2021-07-23 David Malcolm <dmalcolm@redhat.com> |
| |
| * diagnostic-manager.cc |
| (class auto_disable_complexity_checks): New. |
| (epath_finder::explore_feasible_paths): Use it to disable |
| complexity checks whilst processing the worklist. |
| * region-model-manager.cc |
| (region_model_manager::region_model_manager): Initialize |
| m_check_complexity. |
| (region_model_manager::reject_if_too_complex): Bail if |
| m_check_complexity is false. |
| * region-model.h |
| (region_model_manager::enable_complexity_check): New. |
| (region_model_manager::disable_complexity_check): New. |
| (region_model_manager::m_check_complexity): New. |
| |
| 2021-07-21 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/101547 |
| * sm-file.cc (file_leak::emit): Handle m_arg being NULL. |
| (file_leak::describe_final_event): Handle ev.m_expr being NULL. |
| |
| 2021-07-21 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/101522 |
| * store.cc (binding_cluster::purge_state_involving): Don't change |
| m_map whilst iterating through it. |
| |
| 2021-07-21 David Malcolm <dmalcolm@redhat.com> |
| |
| * region-model.cc (region_model::handle_phi): Add "old_state" |
| param and use it. |
| (region_model::update_for_phis): Update so that all of the phi |
| stmts are effectively handled simultaneously, rather than in |
| order. |
| * region-model.h (region_model::handle_phi): Add "old_state" |
| param. |
| * state-purge.cc (self_referential_phi_p): Replace with... |
| (name_used_by_phis_p): ...this new function. |
| (state_purge_per_ssa_name::process_point): Update to use the |
| above, so that all phi stmts at a basic block are effectively |
| considered simultaneously, and only consider the phi arguments for |
| the pertinent in-edge. |
| * supergraph.cc (cfg_superedge::get_phi_arg_idx): New. |
| (cfg_superedge::get_phi_arg): Use the above. |
| * supergraph.h (cfg_superedge::get_phi_arg_idx): New decl. |
| |
| 2021-07-21 David Malcolm <dmalcolm@redhat.com> |
| |
| * state-purge.cc (state_purge_annotator::add_node_annotations): |
| Rather than erroneously always using the NULL in-edge, determine |
| each relevant in-edge, and print the appropriate data for each |
| in-edge. Use print_needed to print the data as comma-separated |
| lists of SSA names. |
| (print_vec_of_names): Add "within_table" param and use it. |
| (state_purge_annotator::add_stmt_annotations): Factor out |
| collation and printing code into... |
| (state_purge_annotator::print_needed): ...this new function. |
| * state-purge.h (state_purge_annotator::print_needed): New decl. |
| |
| 2021-07-21 David Malcolm <dmalcolm@redhat.com> |
| |
| * program-point.cc (function_point::print): Show src BB index at |
| BEFORE_SUPERNODE. |
| |
| 2021-07-21 David Malcolm <dmalcolm@redhat.com> |
| |
| * svalue.cc (infix_p): New. |
| (binop_svalue::dump_to_pp): Use it to print MIN_EXPR and MAX_EXPR |
| in prefix form, rather than infix. |
| |
| 2021-07-19 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/101503 |
| * constraint-manager.cc (constraint_manager::add_constraint): Use |
| can_have_associated_state_p rather than testing for unknown. |
| (constraint_manager::get_or_add_equiv_class): Likewise. |
| * program-state.cc (sm_state_map::set_state): Likewise. |
| (sm_state_map::impl_set_state): Add assertion. |
| * region-model-manager.cc |
| (region_model_manager::maybe_fold_unaryop): Handle poisoned |
| values. |
| (region_model_manager::maybe_fold_binop): Move handling of unknown |
| values... |
| (region_model_manager::get_or_create_binop): ...to here, and |
| generalize to use can_have_associated_state_p. |
| (region_model_manager::maybe_fold_sub_svalue): Use |
| can_have_associated_state_p rather than testing for unknown. |
| (region_model_manager::maybe_fold_repeated_svalue): Use unknown |
| when the size or repeated value is "unknown"/"poisoned". |
| * region-model.cc (region_model::purge_state_involving): Reject |
| attempts to purge unknown/poisoned svalues, as these svalues |
| should not have state associated with them. |
| * svalue.cc (sub_svalue::sub_svalue): Assert that we're building |
| on top of an svalue with can_have_associated_state_p. |
| (repeated_svalue::repeated_svalue): Likewise. |
| (bits_within_svalue::bits_within_svalue): Likewise. |
| * svalue.h (svalue::can_have_associated_state_p): New. |
| (unknown_svalue::can_have_associated_state_p): New. |
| (poisoned_svalue::can_have_associated_state_p): New. |
| (unaryop_svalue::unaryop_svalue): Assert that we're building on |
| top of an svalue with can_have_associated_state_p. |
| (binop_svalue::binop_svalue): Likewise. |
| (widening_svalue::widening_svalue): Likewise. |
| |
| 2021-07-16 David Malcolm <dmalcolm@redhat.com> |
| |
| * analyzer.h (enum access_direction): New. |
| * engine.cc (exploded_node::on_longjmp): Update for new param of |
| get_store_value. |
| * program-state.cc (program_state::prune_for_point): Likewise. |
| * region-model-impl-calls.cc (region_model::impl_call_memcpy): |
| Replace call to check_for_writable_region with call to |
| check_region_for_write. |
| (region_model::impl_call_memset): Likewise. |
| (region_model::impl_call_strcpy): Likewise. |
| * region-model-reachability.cc (reachable_regions::add): Update |
| for new param of get_store_value. |
| * region-model.cc (region_model::get_rvalue_1): Likewise, also for |
| get_rvalue_for_bits. |
| (region_model::get_store_value): Add ctxt param and use it to call |
| check_region_for_read. |
| (region_model::get_rvalue_for_bits): Add ctxt param and use it to |
| call get_store_value. |
| (region_model::check_region_access): New. |
| (region_model::check_region_for_write): New. |
| (region_model::check_region_for_read): New. |
| (region_model::set_value): Update comment. Replace call to |
| check_for_writable_region with call to check_region_for_write. |
| * region-model.h (region_model::get_rvalue_for_bits): Add ctxt |
| param. |
| (region_model::get_store_value): Add ctxt param. |
| (region_model::check_region_access): New decl. |
| (region_model::check_region_for_write): New decl. |
| (region_model::check_region_for_read): New decl. |
| * region.cc (region_model::copy_region): Update call to |
| get_store_value. |
| * svalue.cc (initial_svalue::implicitly_live_p): Likewise. |
| |
| 2021-07-16 David Malcolm <dmalcolm@redhat.com> |
| |
| * engine.cc (exploded_node::on_stmt_pre): Handle |
| __analyzer_dump_state. |
| * program-state.cc (extrinsic_state::get_sm_idx_by_name): New. |
| (program_state::impl_call_analyzer_dump_state): New. |
| * program-state.h (extrinsic_state::get_sm_idx_by_name): New decl. |
| (program_state::impl_call_analyzer_dump_state): New decl. |
| * region-model-impl-calls.cc |
| (call_details::get_arg_string_literal): New. |
| * region-model.h (call_details::get_arg_string_literal): New decl. |
| |
| 2021-07-16 David Malcolm <dmalcolm@redhat.com> |
| |
| * program-state.cc (program_state::detect_leaks): Simplify using |
| svalue::maybe_get_region. |
| * region-model-impl-calls.cc (region_model::impl_call_fgets): Likewise. |
| (region_model::impl_call_fread): Likewise. |
| (region_model::impl_call_free): Likewise. |
| (region_model::impl_call_operator_delete): Likewise. |
| * region-model.cc (selftest::test_stack_frames): Likewise. |
| (selftest::test_state_merging): Likewise. |
| * svalue.cc (svalue::maybe_get_region): New. |
| * svalue.h (svalue::maybe_get_region): New decl. |
| |
| 2021-07-15 David Malcolm <dmalcolm@redhat.com> |
| |
| * svalue.h (is_a_helper <placeholder_svalue *>::test): Make |
| param and template param const. |
| (is_a_helper <widening_svalue *>::test): Likewise. |
| (is_a_helper <compound_svalue *>::test): Likewise. |
| (is_a_helper <conjured_svalue *>::test): Likewise. |
| |
| 2021-07-15 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/95006 |
| PR analyzer/94713 |
| PR analyzer/94714 |
| * analyzer.cc (maybe_reconstruct_from_def_stmt): Split out |
| GIMPLE_ASSIGN case into... |
| (get_diagnostic_tree_for_gassign_1): New. |
| (get_diagnostic_tree_for_gassign): New. |
| * analyzer.h (get_diagnostic_tree_for_gassign): New decl. |
| * analyzer.opt (Wanalyzer-write-to-string-literal): New. |
| * constraint-manager.cc (class svalue_purger): New. |
| (constraint_manager::purge_state_involving): New. |
| * constraint-manager.h |
| (constraint_manager::purge_state_involving): New. |
| * diagnostic-manager.cc (saved_diagnostic::supercedes_p): New. |
| (dedupe_winners::handle_interactions): New. |
| (diagnostic_manager::emit_saved_diagnostics): Call it. |
| * diagnostic-manager.h (saved_diagnostic::supercedes_p): New decl. |
| * engine.cc (impl_region_model_context::warn): Convert return type |
| to bool. Return false if the diagnostic isn't saved. |
| (impl_region_model_context::purge_state_involving): New. |
| (impl_sm_context::get_state): Use NULL ctxt when querying old |
| rvalue. |
| (impl_sm_context::set_next_state): Use new sval when querying old |
| state. |
| (class dump_path_diagnostic): Move to region-model.cc |
| (exploded_node::on_stmt): Move to on_stmt_pre and on_stmt_post. |
| Remove call to purge_state_involving. |
| (exploded_node::on_stmt_pre): New, based on the above. Move most |
| of it to region_model::on_stmt_pre. |
| (exploded_node::on_stmt_post): Likewise, moving to |
| region_model::on_stmt_post. |
| (class stale_jmp_buf): Fix parent class to use curiously recurring |
| template pattern. |
| (feasibility_state::maybe_update_for_edge): Call on_call_pre and |
| on_call_post on gcalls. |
| * exploded-graph.h (impl_region_model_context::warn): Return bool. |
| (impl_region_model_context::purge_state_involving): New decl. |
| (exploded_node::on_stmt_pre): New decl. |
| (exploded_node::on_stmt_post): New decl. |
| * pending-diagnostic.h (pending_diagnostic::use_of_uninit_p): New. |
| (pending_diagnostic::supercedes_p): New. |
| * program-state.cc (sm_state_map::get_state): Inherit state for |
| conjured_svalue as well as initial_svalue. |
| (sm_state_map::purge_state_involving): Also support SK_CONJURED. |
| * region-model-impl-calls.cc (call_details::get_uncertainty): |
| Handle m_ctxt being NULL. |
| (call_details::get_or_create_conjured_svalue): New. |
| (region_model::impl_call_fgets): New. |
| (region_model::impl_call_fread): New. |
| * region-model-manager.cc |
| (region_model_manager::get_or_create_initial_value): Return an |
| uninitialized poisoned value for regions that can't have initial |
| values. |
| * region-model-reachability.cc |
| (reachable_regions::mark_escaped_clusters): Handle ctxt being |
| NULL. |
| * region-model.cc (region_to_value_map::purge_state_involving): New. |
| (poisoned_value_diagnostic::use_of_uninit_p): New. |
| (poisoned_value_diagnostic::emit): Handle POISON_KIND_UNINIT. |
| (poisoned_value_diagnostic::describe_final_event): Likewise. |
| (region_model::check_for_poison): New. |
| (region_model::on_assignment): Call it. |
| (class dump_path_diagnostic): Move here from engine.cc. |
| (region_model::on_stmt_pre): New, based on exploded_node::on_stmt. |
| (region_model::on_call_pre): Move the setting of the LHS to a |
| conjured svalue to before the checks for specific functions. |
| Handle "fgets", "fgets_unlocked", and "fread". |
| (region_model::purge_state_involving): New. |
| (region_model::handle_unrecognized_call): Handle ctxt being NULL. |
| (region_model::get_rvalue): Call check_for_poison. |
| (selftest::test_stack_frames): Use NULL for context when getting |
| uninitialized rvalue. |
| (selftest::test_alloca): Likewise. |
| * region-model.h (region_to_value_map::purge_state_involving): New |
| decl. |
| (call_details::get_or_create_conjured_svalue): New decl. |
| (region_model::on_stmt_pre): New decl. |
| (region_model::purge_state_involving): New decl. |
| (region_model::impl_call_fgets): New decl. |
| (region_model::impl_call_fread): New decl. |
| (region_model::check_for_poison): New decl. |
| (region_model_context::warn): Return bool. |
| (region_model_context::purge_state_involving): New. |
| (noop_region_model_context::warn): Return bool. |
| (noop_region_model_context::purge_state_involving): New. |
| (test_region_model_context:: warn): Return bool. |
| * region.cc (region::get_memory_space): New. |
| (region::can_have_initial_svalue_p): New. |
| (region::involves_p): New. |
| * region.h (enum memory_space): New. |
| (region::get_memory_space): New decl. |
| (region::can_have_initial_svalue_p): New decl. |
| (region::involves_p): New decl. |
| * sm-malloc.cc (use_after_free::supercedes_p): New. |
| * store.cc (binding_cluster::purge_state_involving): New. |
| (store::purge_state_involving): New. |
| * store.h (class symbolic_binding): New forward decl. |
| (binding_key::dyn_cast_symbolic_binding): New. |
| (symbolic_binding::dyn_cast_symbolic_binding): New. |
| (binding_cluster::purge_state_involving): New. |
| (store::purge_state_involving): New. |
| * svalue.cc (svalue::can_merge_p): Reject attempts to merge |
| poisoned svalues with other svalues, so that we identify |
| paths in which a variable is conditionally uninitialized. |
| (involvement_visitor::visit_conjured_svalue): New. |
| (svalue::involves_p): Also handle SK_CONJURED. |
| (poison_kind_to_str): Handle POISON_KIND_UNINIT. |
| (poisoned_svalue::maybe_fold_bits_within): New. |
| * svalue.h (enum poison_kind): Add POISON_KIND_UNINIT. |
| (poisoned_svalue::maybe_fold_bits_within): New decl. |
| |
| 2021-07-15 David Malcolm <dmalcolm@redhat.com> |
| |
| * analyzer.opt (fdump-analyzer-exploded-paths): New. |
| * diagnostic-manager.cc |
| (diagnostic_manager::emit_saved_diagnostic): Implement it. |
| * engine.cc (exploded_path::dump_to_pp): Add ext_state param and |
| use it to dump states if non-NULL. |
| (exploded_path::dump): Likewise. |
| (exploded_path::dump_to_file): New. |
| * exploded-graph.h (exploded_path::dump_to_pp): Add ext_state |
| param. |
| (exploded_path::dump): Likewise. |
| (exploded_path::dump): Likewise. |
| (exploded_path::dump_to_file): New. |
| |
| 2021-07-15 David Malcolm <dmalcolm@redhat.com> |
| |
| * analyzer.cc (fixup_tree_for_diagnostic_1): Use DECL_DEBUG_EXPR |
| if it's available. |
| * engine.cc (readability): Likewise. |
| |
| 2021-07-15 David Malcolm <dmalcolm@redhat.com> |
| |
| * state-purge.cc (self_referential_phi_p): New. |
| (state_purge_per_ssa_name::process_point): Don't purge an SSA name |
| at its def-stmt if the def-stmt is self-referential. |
| |
| 2021-07-07 David Malcolm <dmalcolm@redhat.com> |
| |
| * diagnostic-manager.cc (null_assignment_sm_context::get_state): |
| New overload. |
| (null_assignment_sm_context::set_next_state): New overload. |
| (null_assignment_sm_context::get_diagnostic_tree): New. |
| * engine.cc (impl_sm_context::get_state): New overload. |
| (impl_sm_context::set_next_state): New overload. |
| (impl_sm_context::get_diagnostic_tree): New overload. |
| (impl_region_model_context::on_condition): Convert params from |
| tree to const svalue *. |
| * exploded-graph.h (impl_region_model_context::on_condition): |
| Likewise. |
| * region-model.cc (region_model::on_call_pre): Move handling of |
| internal calls to before checking for get_fndecl_for_call. |
| (region_model::add_constraints_from_binop): New. |
| (region_model::add_constraint): Split out into a new overload |
| working on const svalue * rather than tree. Call |
| add_constraints_from_binop. Drop call to |
| add_any_constraints_from_ssa_def_stmt. |
| (region_model::add_any_constraints_from_ssa_def_stmt): Delete. |
| (region_model::add_any_constraints_from_gassign): Delete. |
| (region_model::add_any_constraints_from_gcall): Delete. |
| * region-model.h |
| (region_model::add_any_constraints_from_ssa_def_stmt): Delete. |
| (region_model::add_any_constraints_from_gassign): Delete. |
| (region_model::add_any_constraints_from_gcall): Delete. |
| (region_model::add_constraint): Add overload decl. |
| (region_model::add_constraints_from_binop): New decl. |
| (region_model_context::on_condition): Convert params from tree to |
| const svalue *. |
| (noop_region_model_context::on_condition): Likewise. |
| * sm-file.cc (fileptr_state_machine::condition): Likewise. |
| * sm-malloc.cc (malloc_state_machine::on_condition): Likewise. |
| * sm-pattern-test.cc: Include tristate.h, selftest.h, |
| analyzer/call-string.h, analyzer/program-point.h, |
| analyzer/store.h, and analyzer/region-model.h. |
| (pattern_test_state_machine::on_condition): Convert params from tree to |
| const svalue *. |
| * sm-sensitive.cc (sensitive_state_machine::on_condition): Delete. |
| * sm-signal.cc (signal_state_machine::on_condition): Delete. |
| * sm-taint.cc (taint_state_machine::on_condition): Convert params |
| from tree to const svalue *. |
| * sm.cc: Include tristate.h, selftest.h, analyzer/call-string.h, |
| analyzer/program-point.h, analyzer/store.h, and |
| analyzer/region-model.h. |
| (any_pointer_p): Add overload taking const svalue *sval. |
| * sm.h (any_pointer_p): Add overload taking const svalue *sval. |
| (state_machine::on_condition): Convert params from tree to |
| const svalue *. Provide no-op default implementation. |
| (sm_context::get_state): Add overload taking const svalue *sval. |
| (sm_context::set_next_state): Likewise. |
| (sm_context::on_transition): Likewise. |
| (sm_context::get_diagnostic_tree): Likewise. |
| * svalue.cc (svalue::all_zeroes_p): New. |
| (constant_svalue::all_zeroes_p): New. |
| (repeated_svalue::all_zeroes_p): Convert to vfunc. |
| * svalue.h (svalue::all_zeroes_p): New decl. |
| (constant_svalue::all_zeroes_p): New decl. |
| (repeated_svalue::all_zeroes_p): Convert decl to vfunc. |
| |
| 2021-06-30 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/95006 |
| * analyzer.h (class repeated_svalue): New forward decl. |
| (class bits_within_svalue): New forward decl. |
| (class sized_region): New forward decl. |
| (get_field_at_bit_offset): New forward decl. |
| * engine.cc (exploded_graph::get_or_create_node): Validate the |
| merged state. |
| (exploded_graph::maybe_process_run_of_before_supernode_enodes): |
| Validate the states at each stage. |
| * program-state.cc (program_state::validate): Validate |
| m_region_model. |
| * region-model-impl-calls.cc (region_model::impl_call_memset): |
| Replace special-case logic for handling constant sizes with |
| a call to fill_region of a sized_region with the given fill value. |
| * region-model-manager.cc (maybe_undo_optimize_bit_field_compare): |
| Drop DK_direct. |
| (region_model_manager::maybe_fold_sub_svalue): Fold element-based |
| subregions of an initial value into initial values of an element. |
| Fold subvalues of repeated svalues. |
| (region_model_manager::maybe_fold_repeated_svalue): New. |
| (region_model_manager::get_or_create_repeated_svalue): New. |
| (get_bit_range_for_field): New. |
| (get_byte_range_for_field): New. |
| (get_field_at_byte_range): New. |
| (region_model_manager::maybe_fold_bits_within_svalue): New. |
| (region_model_manager::get_or_create_bits_within): New. |
| (region_model_manager::get_sized_region): New. |
| (region_model_manager::log_stats): Update for addition of |
| m_repeated_values_map, m_bits_within_values_map, and |
| m_sized_regions. |
| * region-model.cc (region_model::validate): New. |
| (region_model::on_assignment): Drop enum binding_kind. |
| (region_model::get_initial_value_for_global): Likewise. |
| (region_model::get_rvalue_for_bits): Replace body with call to |
| get_or_create_bits_within. |
| (region_model::get_capacity): Handle RK_SIZED. |
| (region_model::set_value): Drop enum binding_kind. |
| (region_model::fill_region): New. |
| (region_model::get_representative_path_var_1): Handle RK_SIZED. |
| * region-model.h (visitor::visit_repeated_svalue): New. |
| (visitor::visit_bits_within_svalue): New. |
| (region_model_manager::get_or_create_repeated_svalue): New decl. |
| (region_model_manager::get_or_create_bits_within): New decl. |
| (region_model_manager::get_sized_region): New decl. |
| (region_model_manager::maybe_fold_repeated_svalue): New decl. |
| (region_model_manager::maybe_fold_bits_within_svalue): New decl. |
| (region_model_manager::repeated_values_map_t): New typedef. |
| (region_model_manager::m_repeated_values_map): New field. |
| (region_model_manager::bits_within_values_map_t): New typedef. |
| (region_model_manager::m_bits_within_values_map): New field. |
| (region_model_manager::m_sized_regions): New field. |
| (region_model::fill_region): New decl. |
| * region.cc (region::get_base_region): Handle RK_SIZED. |
| (region::base_region_p): Likewise. |
| (region::get_byte_size_sval): New. |
| (get_field_at_bit_offset): Make non-static. |
| (region::calc_offset): Move implementation of cases to |
| get_relative_concrete_offset vfunc implementations. Handle |
| RK_SIZED. |
| (region::get_relative_concrete_offset): New. |
| (decl_region::get_svalue_for_initializer): Drop enum binding_kind. |
| (field_region::get_relative_concrete_offset): New, from |
| region::calc_offset. |
| (element_region::get_relative_concrete_offset): Likewise. |
| (offset_region::get_relative_concrete_offset): Likewise. |
| (sized_region::accept): New. |
| (sized_region::dump_to_pp): New. |
| (sized_region::get_byte_size): New. |
| (sized_region::get_bit_size): New. |
| * region.h (enum region_kind): Add RK_SIZED. |
| (region::dyn_cast_sized_region): New. |
| (region::get_byte_size): Make virtual. |
| (region::get_bit_size): Likewise. |
| (region::get_byte_size_sval): New decl. |
| (region::get_relative_concrete_offset): New decl. |
| (field_region::get_relative_concrete_offset): New decl. |
| (element_region::get_relative_concrete_offset): Likewise. |
| (offset_region::get_relative_concrete_offset): Likewise. |
| (class sized_region): New. |
| * store.cc (binding_kind_to_string): Delete. |
| (binding_key::make): Drop enum binding_kind. |
| (binding_key::dump_to_pp): Delete. |
| (binding_key::cmp_ptrs): Drop enum binding_kind. |
| (bit_range::contains_p): New. |
| (byte_range::dump): New. |
| (byte_range::contains_p): New. |
| (byte_range::cmp): New. |
| (concrete_binding::dump_to_pp): Drop enum binding_kind. |
| (concrete_binding::cmp_ptr_ptr): Likewise. |
| (symbolic_binding::dump_to_pp): Likewise. |
| (symbolic_binding::cmp_ptr_ptr): Likewise. |
| (binding_map::apply_ctor_val_to_range): Likewise. |
| (binding_map::apply_ctor_pair_to_child_region): Likewise. |
| (binding_map::get_overlapping_bindings): New. |
| (binding_map::remove_overlapping_bindings): New. |
| (binding_cluster::validate): New. |
| (binding_cluster::bind): Drop enum binding_kind. |
| (binding_cluster::bind_compound_sval): Likewise. |
| (binding_cluster::purge_region): Likewise. |
| (binding_cluster::zero_fill_region): Reimplement in terms of... |
| (binding_cluster::fill_region): New. |
| (binding_cluster::mark_region_as_unknown): Drop enum binding_kind. |
| (binding_cluster::get_binding): Likewise. |
| (binding_cluster::get_binding_recursive): Likewise. |
| (binding_cluster::get_any_binding): Likewise. |
| (binding_cluster::maybe_get_compound_binding): Reimplement. |
| (binding_cluster::get_overlapping_bindings): Delete. |
| (binding_cluster::remove_overlapping_bindings): Reimplement in |
| terms of binding_map::remove_overlapping_bindings. |
| (binding_cluster::can_merge_p): Update for removal of |
| enum binding_kind. |
| (binding_cluster::on_unknown_fncall): Drop enum binding_kind. |
| (binding_cluster::maybe_get_simple_value): Likewise. |
| (store_manager::get_concrete_binding): Likewise. |
| (store_manager::get_symbolic_binding): Likewise. |
| (store::validate): New. |
| (store::set_value): Drop enum binding_kind. |
| (store::zero_fill_region): Reimplement in terms of... |
| (store::fill_region): New. |
| (selftest::test_binding_key_overlap): Drop enum binding_kind. |
| * store.h (enum binding_kind): Delete. |
| (binding_kind_to_string): Delete decl. |
| (binding_key::make): Drop enum binding_kind. |
| (binding_key::dump_to_pp): Make pure virtual. |
| (binding_key::get_kind): Delete. |
| (binding_key::mark_deleted): Delete. |
| (binding_key::mark_empty): Delete. |
| (binding_key::is_deleted): Delete. |
| (binding_key::is_empty): Delete. |
| (binding_key::binding_key): Delete. |
| (binding_key::impl_hash): Delete. |
| (binding_key::impl_eq): Delete. |
| (binding_key::m_kind): Delete. |
| (bit_range::get_last_bit_offset): New. |
| (bit_range::contains_p): New. |
| (byte_range::contains_p): New. |
| (byte_range::operator==): New. |
| (byte_range::get_start_byte_offset): New. |
| (byte_range::get_next_byte_offset): New. |
| (byte_range::get_last_byte_offset): New. |
| (byte_range::as_bit_range): New. |
| (byte_range::cmp): New. |
| (concrete_binding::concrete_binding): Drop enum binding_kind. |
| (concrete_binding::hash): Likewise. |
| (concrete_binding::operator==): Likewise. |
| (concrete_binding::mark_deleted): New. |
| (concrete_binding::mark_empty): New. |
| (concrete_binding::is_deleted): New. |
| (concrete_binding::is_empty): New. |
| (default_hash_traits<ana::concrete_binding>::empty_zero_p): Make false. |
| (symbolic_binding::symbolic_binding): Drop enum binding_kind. |
| (symbolic_binding::hash): Likewise. |
| (symbolic_binding::operator==): Likewise. |
| (symbolic_binding::mark_deleted): New. |
| (symbolic_binding::mark_empty): New. |
| (symbolic_binding::is_deleted): New. |
| (symbolic_binding::is_empty): New. |
| (binding_map::remove_overlapping_bindings): New decl. |
| (binding_map::get_overlapping_bindings): New decl. |
| (binding_cluster::validate): New decl. |
| (binding_cluster::bind): Drop enum binding_kind. |
| (binding_cluster::fill_region): New decl. |
| (binding_cluster::get_binding): Drop enum binding_kind. |
| (binding_cluster::get_binding_recursive): Likewise. |
| (binding_cluster::get_overlapping_bindings): Delete. |
| (store::validate): New decl. |
| (store::set_value): Drop enum binding_kind. |
| (store::fill_region): New decl. |
| (store_manager::get_concrete_binding): Drop enum binding_kind. |
| (store_manager::get_symbolic_binding): Likewise. |
| * svalue.cc (svalue::cmp_ptr): Handle SK_REPEATED and |
| SK_BITS_WITHIN. |
| (svalue::extract_bit_range): New. |
| (svalue::maybe_fold_bits_within): New. |
| (constant_svalue::maybe_fold_bits_within): New. |
| (unknown_svalue::maybe_fold_bits_within): New. |
| (unaryop_svalue::maybe_fold_bits_within): New. |
| (repeated_svalue::repeated_svalue): New. |
| (repeated_svalue::dump_to_pp): New. |
| (repeated_svalue::accept): New. |
| (repeated_svalue::all_zeroes_p): New. |
| (repeated_svalue::maybe_fold_bits_within): New. |
| (bits_within_svalue::bits_within_svalue): New. |
| (bits_within_svalue::dump_to_pp): New. |
| (bits_within_svalue::maybe_fold_bits_within): New. |
| (bits_within_svalue::accept): New. |
| (bits_within_svalue::implicitly_live_p): New. |
| (compound_svalue::maybe_fold_bits_within): New. |
| * svalue.h (enum svalue_kind): Add SK_REPEATED and SK_BITS_WITHIN. |
| (svalue::dyn_cast_repeated_svalue): New. |
| (svalue::dyn_cast_bits_within_svalue): New. |
| (svalue::extract_bit_range): New decl. |
| (svalue::maybe_fold_bits_within): New vfunc decl. |
| (region_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE. |
| (region_svalue::key_t::is_empty): Likewise. |
| (default_hash_traits<region_svalue::key_t>::empty_zero_p): Make false. |
| (constant_svalue::maybe_fold_bits_within): New. |
| (unknown_svalue::maybe_fold_bits_within): New. |
| (poisoned_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE. |
| (poisoned_svalue::key_t::is_empty): Likewise. |
| (default_hash_traits<poisoned_svalue::key_t>::empty_zero_p): Make |
| false. |
| (setjmp_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE. |
| (setjmp_svalue::key_t::is_empty): Likewise. |
| (default_hash_traits<setjmp_svalue::key_t>::empty_zero_p): Make |
| false. |
| (unaryop_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE. |
| (unaryop_svalue::key_t::is_empty): Likewise. |
| (unaryop_svalue::maybe_fold_bits_within): New. |
| (default_hash_traits<unaryop_svalue::key_t>::empty_zero_p): Make |
| false. |
| (binop_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE. |
| (binop_svalue::key_t::is_empty): Likewise. |
| (default_hash_traits<binop_svalue::key_t>::empty_zero_p): Make |
| false. |
| (sub_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE. |
| (sub_svalue::key_t::is_empty): Likewise. |
| (default_hash_traits<sub_svalue::key_t>::empty_zero_p): Make |
| false. |
| (class repeated_svalue): New. |
| (is_a_helper <const repeated_svalue *>::test): New. |
| (struct default_hash_traits<repeated_svalue::key_t>): New. |
| (class bits_within_svalue): New. |
| (is_a_helper <const bits_within_svalue *>::test): New. |
| (struct default_hash_traits<bits_within_svalue::key_t>): New. |
| (widening_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE. |
| (widening_svalue::key_t::is_empty): Likewise. |
| (default_hash_traits<widening_svalue::key_t>::empty_zero_p): Make |
| false. |
| (compound_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE. |
| (compound_svalue::key_t::is_empty): Likewise. |
| (compound_svalue::maybe_fold_bits_within): New. |
| (default_hash_traits<compound_svalue::key_t>::empty_zero_p): Make |
| false. |
| |
| 2021-06-28 David Malcolm <dmalcolm@redhat.com> |
| |
| * analyzer.h (byte_offset_t): New typedef. |
| * store.cc (bit_range::dump_to_pp): Dump as a byte range if |
| possible. |
| (bit_range::as_byte_range): New. |
| (byte_range::dump_to_pp): New. |
| * store.h (class byte_range): New forward decl. |
| (struct bit_range): Add comment. |
| (bit_range::as_byte_range): New decl. |
| (struct byte_range): New. |
| |
| 2021-06-22 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/101143 |
| * region-model.cc (compat_types_p): New function. |
| (region_model::create_region_for_heap_alloc): Convert assertion to |
| an error check. |
| (region_model::create_region_for_alloca): Likewise. |
| |
| 2021-06-18 David Malcolm <dmalcolm@redhat.com> |
| |
| * store.cc (binding_cluster::get_any_binding): Make symbolic reads |
| from a cluster with concrete bindings return unknown. |
| |
| 2021-06-18 David Malcolm <dmalcolm@redhat.com> |
| |
| * region-model-manager.cc |
| (region_model_manager::get_or_create_int_cst): New. |
| (region_model_manager::maybe_undo_optimize_bit_field_compare): Use |
| it to simplify away a local tree. |
| * region-model.cc (region_model::on_setjmp): Likewise. |
| (region_model::on_longjmp): Likewise. |
| * region-model.h (region_model_manager::get_or_create_int_cst): |
| New decl. |
| * store.cc (binding_cluster::zero_fill_region): Use it to simplify |
| away a local tree. |
| |
| 2021-06-18 David Malcolm <dmalcolm@redhat.com> |
| |
| * checker-path.cc (class custom_event): Make abstract to allow for |
| custom vfuncs, splitting existing implementation into... |
| (class precanned_custom_event): New subclass. |
| (custom_event::get_desc): Move to... |
| (precanned_custom_event::get_desc): ...subclass. |
| * checker-path.h (class custom_event): Make abstract to allow for |
| custom vfuncs, splitting existing implementation into... |
| (class precanned_custom_event): New subclass. |
| * diagnostic-manager.cc (diagnostic_manager::add_events_for_eedge): |
| Use precanned_custom_event. |
| * engine.cc |
| (stale_jmp_buf::maybe_add_custom_events_for_superedge): Likewise. |
| * sm-signal.cc (signal_delivery_edge_info_t::add_events_to_path): |
| Likewise. |
| |
| 2021-06-15 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/99212 |
| PR analyzer/101082 |
| * engine.cc: Include "target.h". |
| (impl_run_checkers): Log BITS_BIG_ENDIAN, BYTES_BIG_ENDIAN, and |
| WORDS_BIG_ENDIAN. |
| * region-model-manager.cc |
| (region_model_manager::maybe_fold_binop): Move support for masking |
| via ARG0 & CST into... |
| (region_model_manager::maybe_undo_optimize_bit_field_compare): |
| ...this new function. Flatten by converting from nested |
| conditionals to a series of early return statements to reject |
| failures. Reject if type is not unsigned_char_type_node. |
| Handle BYTES_BIG_ENDIAN when determining which bits are bound |
| in the binding_map. |
| * region-model.h |
| (region_model_manager::maybe_undo_optimize_bit_field_compare): |
| New decl. |
| * store.cc (bit_range::dump): New function. |
| * store.h (bit_range::dump): New decl. |
| |
| 2021-06-15 David Malcolm <dmalcolm@redhat.com> |
| |
| * engine.cc (exploded_node::on_stmt): Handle __analyzer_dump_capacity. |
| (exploded_node::on_stmt): Drop m_sm_changes from on_stmt_flags. |
| (state_change_requires_new_enode_p): New function... |
| (exploded_graph::process_node): Call it, rather than querying |
| flags.m_sm_changes, so that dynamic-extent differences can also |
| trigger the splitting of nodes. |
| * exploded-graph.h (struct on_stmt_flags): Drop field m_sm_changes. |
| * program-state.cc (program_state::detect_leaks): Purge dead |
| heap-allocated regions from dynamic extents. |
| (selftest::test_program_state_1): Fix type of "size_in_bytes". |
| (selftest::test_program_state_merging): Likewise. |
| * region-model-impl-calls.cc |
| (region_model::impl_call_analyzer_dump_capacity): New. |
| (region_model::impl_call_free): Remove dynamic extents from the |
| freed region. |
| * region-model-reachability.h |
| (reachable_regions::begin_mutable_base_regs): New. |
| (reachable_regions::end_mutable_base_regs): New. |
| * region-model.cc: Include "tree-object-size.h". |
| (region_model::region_model): Support new field m_dynamic_extents. |
| (region_model::operator=): Likewise. |
| (region_model::operator==): Likewise. |
| (region_model::dump_to_pp): Dump sizes of dynamic regions. |
| (region_model::handle_unrecognized_call): Purge dynamic extents |
| from any regions that have escaped mutably:. |
| (region_model::get_capacity): New function. |
| (region_model::add_constraint): Unset dynamic extents when a |
| heap-allocated region's address is NULL. |
| (region_model::unbind_region_and_descendents): Purge dynamic |
| extents of unbound regions. |
| (region_model::can_merge_with_p): Call |
| m_dynamic_extents.can_merge_with_p. |
| (region_model::create_region_for_heap_alloc): Assert that |
| size_in_bytes's type is compatible with size_type_node. Update |
| for renaming of record_dynamic_extents to set_dynamic_extents. |
| (region_model::create_region_for_alloca): Likewise. |
| (region_model::record_dynamic_extents): Rename to... |
| (region_model::set_dynamic_extents): ...this. Assert that |
| size_in_bytes's type is compatible with size_type_node. Add it |
| to the m_dynamic_extents map. |
| (region_model::get_dynamic_extents): New. |
| (region_model::unset_dynamic_extents): New. |
| (selftest::test_state_merging): Fix type of "size". |
| (selftest::test_malloc_constraints): Likewise. |
| (selftest::test_malloc): Verify dynamic extents. |
| (selftest::test_alloca): Likewise. |
| * region-model.h (region_to_value_map::is_empty): New. |
| (region_model::dynamic_extents_t): New typedef. |
| (region_model::impl_call_analyzer_dump_capacity): New decl. |
| (region_model::get_dynamic_extents): New function. |
| (region_model::get_dynamic_extents): New decl. |
| (region_model::set_dynamic_extents): New decl. |
| (region_model::unset_dynamic_extents): New decl. |
| (region_model::get_capacity): New decl. |
| (region_model::record_dynamic_extents): Rename to set_dynamic_extents. |
| (region_model::m_dynamic_extents): New field. |
| |
| 2021-06-15 David Malcolm <dmalcolm@redhat.com> |
| |
| * region-model.cc (region_to_value_map::operator=): New. |
| (region_to_value_map::operator==): New. |
| (region_to_value_map::dump_to_pp): New. |
| (region_to_value_map::dump): New. |
| (region_to_value_map::can_merge_with_p): New. |
| * region-model.h (class region_to_value_map): New class. |
| |
| 2021-06-13 Trevor Saunders <tbsaunde@tbsaunde.org> |
| |
| * call-string.cc (call_string::call_string): Use range based for |
| to iterate over vec<>. |
| (call_string::to_json): Likewise. |
| (call_string::hash): Likewise. |
| (call_string::calc_recursion_depth): Likewise. |
| * checker-path.cc (checker_path::fixup_locations): Likewise. |
| * constraint-manager.cc (equiv_class::equiv_class): Likewise. |
| (equiv_class::to_json): Likewise. |
| (equiv_class::hash): Likewise. |
| (constraint_manager::to_json): Likewise. |
| * engine.cc (impl_region_model_context::on_svalue_leak): |
| Likewise. |
| (on_liveness_change): Likewise. |
| (impl_region_model_context::on_unknown_change): Likewise. |
| * program-state.cc (sm_state_map::set_state): Likewise. |
| * region-model.cc (test_canonicalization_4): Likewise. |
| |
| 2021-06-11 David Malcolm <dmalcolm@redhat.com> |
| |
| * engine.cc (worklist::key_t::cmp): Move sort by call_string to |
| before SCC. |
| |
| 2021-06-09 David Malcolm <dmalcolm@redhat.com> |
| |
| * region-model.cc (region_model::get_lvalue_1): Make const. |
| (region_model::get_lvalue): Likewise. |
| (region_model::get_rvalue_1): Likewise. |
| (region_model::get_rvalue): Likewise. |
| (region_model::deref_rvalue): Likewise. |
| (region_model::get_rvalue_for_bits): Likewise. |
| * region-model.h (region_model::get_lvalue): Likewise. |
| (region_model::get_rvalue): Likewise. |
| (region_model::deref_rvalue): Likewise. |
| (region_model::get_rvalue_for_bits): Likewise. |
| (region_model::get_lvalue_1): Likewise. |
| (region_model::get_rvalue_1): Likewise. |
| |
| 2021-06-08 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/99212 |
| * region-model-manager.cc |
| (region_model_manager::maybe_fold_binop): Add support for folding |
| BIT_AND_EXPR of compound_svalue and a mask constant. |
| * region-model.cc (region_model::get_rvalue_1): Implement |
| BIT_FIELD_REF in terms of... |
| (region_model::get_rvalue_for_bits): New function. |
| * region-model.h (region_model::get_rvalue_for_bits): New decl. |
| * store.cc (bit_range::from_mask): New function. |
| (selftest::test_bit_range_intersects_p): New selftest. |
| (selftest::assert_bit_range_from_mask_eq): New. |
| (ASSERT_BIT_RANGE_FROM_MASK_EQ): New macro. |
| (selftest::assert_no_bit_range_from_mask_eq): New. |
| (ASSERT_NO_BIT_RANGE_FROM_MASK): New macro. |
| (selftest::test_bit_range_from_mask): New selftest. |
| (selftest::analyzer_store_cc_tests): Call the new selftests. |
| * store.h (bit_range::intersects_p): New. |
| (bit_range::from_mask): New decl. |
| (concrete_binding::get_bit_range): New accessor. |
| (store_manager::get_concrete_binding): New overload taking |
| const bit_range &. |
| |
| 2021-06-08 David Malcolm <dmalcolm@redhat.com> |
| |
| * analyzer.h (int_size_in_bits): New decl. |
| * region.cc (int_size_in_bits): New function. |
| (region::get_bit_size): Reimplement in terms of the above. |
| |
| 2021-06-08 David Malcolm <dmalcolm@redhat.com> |
| |
| * store.cc (concrete_binding::dump_to_pp): Move bulk of |
| implementation to... |
| (bit_range::dump_to_pp): ...this new function. |
| (bit_range::cmp): New. |
| (concrete_binding::overlaps_p): Update for use of bit_range. |
| (concrete_binding::cmp_ptr_ptr): Likewise. |
| * store.h (struct bit_range): New. |
| (class concrete_binding): Replace fields m_start_bit_offset and |
| m_size_in_bits with new field m_bit_range. |
| |
| 2021-06-08 David Malcolm <dmalcolm@redhat.com> |
| |
| * svalue.h (conjured_svalue::iterator_t): Delete. |
| |
| 2021-06-03 David Malcolm <dmalcolm@redhat.com> |
| |
| * store.h (store::get_direct_binding): Remove unused decl. |
| (store::get_default_binding): Likewise. |
| |
| 2021-06-03 David Malcolm <dmalcolm@redhat.com> |
| |
| * svalue.cc (poisoned_svalue::dump_to_pp): Dump type. |
| (compound_svalue::dump_to_pp): Dump any type. |
| |
| 2021-05-18 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/100615 |
| * sm-malloc.cc: Include "analyzer/function-set.h". |
| (malloc_state_machine::on_stmt): Call unaffected_by_call_p and |
| bail on the functions it recognizes. |
| (malloc_state_machine::unaffected_by_call_p): New. |
| |
| 2021-05-10 Martin Liska <mliska@suse.cz> |
| |
| * sm-file.cc (is_file_using_fn_p): Use startswith |
| function instead of strncmp. |
| |
| 2021-05-10 Martin Liska <mliska@suse.cz> |
| |
| * program-state.cc (program_state::operator=): Remove |
| __cplusplus >= 201103. |
| (program_state::program_state): Likewise. |
| * program-state.h: Likewise. |
| * region-model.h (class region_model): Remove dead code. |
| |
| 2021-04-24 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/100244 |
| * sm-malloc.cc (free_of_non_heap::describe_state_change): |
| Bulletproof against change.m_expr being NULL. |
| |
| 2021-04-13 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/98599 |
| * supergraph.cc (saved_uids::make_uid_unique): New. |
| (saved_uids::restore_uids): New. |
| (supergraph::supergraph): Replace assignments to stmt->uid with |
| calls to m_stmt_uids.make_uid_unique. |
| (supergraph::~supergraph): New. |
| * supergraph.h (class saved_uids): New. |
| (supergraph::~supergraph): New decl. |
| (supergraph::m_stmt_uids): New field. |
| |
| 2021-04-10 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/100011 |
| * region-model.cc (region_model::on_assignment): Avoid NULL |
| dereference if ctxt is NULL when assigning from a STRING_CST. |
| |
| 2021-04-08 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/99042 |
| PR analyzer/99774 |
| * engine.cc |
| (impl_region_model_context::impl_region_model_context): Add |
| uncertainty param and use it to initialize m_uncertainty. |
| (impl_region_model_context::get_uncertainty): New. |
| (impl_sm_context::get_fndecl_for_call): Add NULL for new |
| uncertainty param when constructing impl_region_model_context. |
| (impl_sm_context::get_state): Likewise. |
| (impl_sm_context::set_next_state): Likewise. |
| (impl_sm_context::warn): Likewise. |
| (exploded_node::on_stmt): Add uncertainty param |
| and use it when constructing impl_region_model_context. |
| (exploded_node::on_edge): Add uncertainty param and pass |
| to on_edge call. |
| (exploded_node::detect_leaks): Create uncertainty_t and pass to |
| impl_region_model_context. |
| (exploded_graph::get_or_create_node): Create uncertainty_t and |
| pass to prune_for_point. |
| (maybe_process_run_of_before_supernode_enodes): Create |
| uncertainty_t and pass to impl_region_model_context. |
| (exploded_graph::process_node): Create uncertainty_t instances and |
| pass around as needed. |
| * exploded-graph.h |
| (impl_region_model_context::impl_region_model_context): Add |
| uncertainty param. |
| (impl_region_model_context::get_uncertainty): New decl. |
| (impl_region_model_context::m_uncertainty): New field. |
| (exploded_node::on_stmt): Add uncertainty param. |
| (exploded_node::on_edge): Likewise. |
| * program-state.cc (sm_state_map::on_liveness_change): Get |
| uncertainty from context and use it to unset sm-state from |
| svalues as appropriate. |
| (program_state::on_edge): Add uncertainty param and use it when |
| constructing impl_region_model_context. Fix indentation. |
| (program_state::prune_for_point): Add uncertainty param and use it |
| when constructing impl_region_model_context. |
| (program_state::detect_leaks): Get any uncertainty from ctxt and |
| use it to get maybe-live svalues for dest_state, rather than |
| definitely-live ones; use this when determining which svalues |
| have leaked. |
| (selftest::test_program_state_merging): Create uncertainty_t and |
| pass to impl_region_model_context. |
| * program-state.h (program_state::on_edge): Add uncertainty param. |
| (program_state::prune_for_point): Likewise. |
| * region-model-impl-calls.cc (call_details::get_uncertainty): New. |
| (region_model::impl_call_memcpy): Pass uncertainty to |
| mark_region_as_unknown call. |
| (region_model::impl_call_memset): Likewise. |
| (region_model::impl_call_strcpy): Likewise. |
| * region-model-reachability.cc (reachable_regions::handle_sval): |
| Also add sval to m_mutable_svals. |
| * region-model.cc (region_model::on_assignment): Pass any |
| uncertainty from ctxt to the store::set_value call. |
| (region_model::handle_unrecognized_call): Get any uncertainty from |
| ctxt and use it to record mutable svalues at the unknown call. |
| (region_model::get_reachable_svalues): Add uncertainty param and |
| use it to mark any maybe-bound svalues as being reachable. |
| (region_model::set_value): Pass any uncertainty from ctxt to the |
| store::set_value call. |
| (region_model::mark_region_as_unknown): Add uncertainty param and |
| pass it on to the store::mark_region_as_unknown call. |
| (region_model::update_for_call_summary): Add uncertainty param and |
| pass it on to the region_model::mark_region_as_unknown call. |
| * region-model.h (call_details::get_uncertainty): New decl. |
| (region_model::get_reachable_svalues): Add uncertainty param. |
| (region_model::mark_region_as_unknown): Add uncertainty param. |
| (region_model_context::get_uncertainty): New vfunc. |
| (noop_region_model_context::get_uncertainty): New vfunc |
| implementation. |
| * store.cc (dump_svalue_set): New. |
| (uncertainty_t::dump_to_pp): New. |
| (uncertainty_t::dump): New. |
| (binding_cluster::clobber_region): Pass NULL for uncertainty to |
| remove_overlapping_bindings. |
| (binding_cluster::mark_region_as_unknown): Add uncertainty param |
| and pass it to remove_overlapping_bindings. |
| (binding_cluster::remove_overlapping_bindings): Add uncertainty param. |
| Use it to record any svalues that were in clobbered bindings. |
| (store::set_value): Add uncertainty param. Pass it to |
| binding_cluster::mark_region_as_unknown when handling symbolic |
| regions. |
| (store::mark_region_as_unknown): Add uncertainty param and pass it |
| to binding_cluster::mark_region_as_unknown. |
| (store::remove_overlapping_bindings): Add uncertainty param and |
| pass it to binding_cluster::remove_overlapping_bindings. |
| * store.h (binding_cluster::mark_region_as_unknown): Add |
| uncertainty param. |
| (binding_cluster::remove_overlapping_bindings): Likewise. |
| (store::set_value): Likewise. |
| (store::mark_region_as_unknown): Likewise. |
| |
| 2021-04-05 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/99906 |
| * analyzer.cc (maybe_reconstruct_from_def_stmt): Fix NULL |
| dereference on calls with zero arguments. |
| * sm-malloc.cc (malloc_state_machine::on_stmt): When handling |
| __attribute__((nonnull)), only call get_diagnostic_tree if the |
| result will be used. |
| |
| 2021-04-05 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/99886 |
| * diagnostic-manager.cc |
| (diagnostic_manager::prune_interproc_events): Use signed integers |
| when subtracting one from path->num_events (). |
| (diagnostic_manager::consolidate_conditions): Likewise. Convert |
| next_idx to a signed int. |
| |
| 2021-04-01 David Malcolm <dmalcolm@redhat.com> |
| |
| * diagnostic-manager.cc (diagnostic_manager::add_diagnostic): Make |
| enode param non-constant, and call add_diagnostic on it. Add |
| enode index to log message. |
| (diagnostic_manager::add_diagnostic): Make enode param |
| non-constant. |
| * diagnostic-manager.h (diagnostic_manager::add_diagnostic): |
| Likewise for both decls. |
| * engine.cc |
| (impl_region_model_context::impl_region_model_context): Likewise |
| for enode_for_diag. |
| (impl_sm_context::impl_sm_context): Likewise. |
| (impl_sm_context::m_enode_for_diag): Likewise. |
| (exploded_node::dump_dot): Don't pass the diagnostic manager |
| to dump_saved_diagnostics. |
| (exploded_node::dump_saved_diagnostics): Drop param. Iterate |
| directly through all saved diagnostics for the enode, rather |
| than all saved diagnostics in the diagnostic_manager and |
| filtering. |
| (exploded_node::on_stmt): Make non-const. |
| (exploded_node::on_edge): Likewise. |
| (exploded_node::on_longjmp): Likewise. |
| (exploded_node::detect_leaks): Likewise. |
| (exploded_graph::get_or_create_node): Make enode_for_diag param |
| non-const. |
| (exploded_graph_annotator::print_enode): Iterate |
| directly through all saved diagnostics for the enode, rather |
| than all saved diagnostics in the diagnostic_manager and |
| filtering. |
| * exploded-graph.h |
| (impl_region_model_context::impl_region_model_context): Make |
| enode_for_diag param non-constant. |
| (impl_region_model_context::m_enode_for_diag): Likewise. |
| (exploded_node::dump_saved_diagnostics): Drop param. |
| (exploded_node::on_stmt): Make non-const. |
| (exploded_node::on_edge): Likewise. |
| (exploded_node::on_longjmp): Likewise. |
| (exploded_node::detect_leaks): Likewise. |
| (exploded_node::add_diagnostic): New. |
| (exploded_node::get_num_diagnostics): New. |
| (exploded_node::get_saved_diagnostic): New. |
| (exploded_node::m_saved_diagnostics): New. |
| (exploded_graph::get_or_create_node): Make enode_for_diag param |
| non-constant. |
| * feasible-graph.cc (feasible_node::dump_dot): Drop |
| diagnostic_manager from call to dump_saved_diagnostics. |
| * program-state.cc (program_state::on_edge): Convert enode param |
| to non-const pointer. |
| (program_state::prune_for_point): Likewise for enode_for_diag |
| param. |
| * program-state.h (program_state::on_edge): Convert enode param |
| to non-const pointer. |
| (program_state::prune_for_point): Likewise for enode_for_diag |
| param. |
| |
| 2021-03-31 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/99771 |
| * analyzer.cc (maybe_reconstruct_from_def_stmt): New. |
| (fixup_tree_for_diagnostic_1): New. |
| (fixup_tree_for_diagnostic): New. |
| * analyzer.h (fixup_tree_for_diagnostic): New decl. |
| * checker-path.cc (call_event::get_desc): Call |
| fixup_tree_for_diagnostic and use it for the call_with_state call. |
| (warning_event::get_desc): Likewise for the final_event and |
| make_label_text calls. |
| * engine.cc (impl_region_model_context::on_state_leak): Likewise |
| for the on_leak and add_diagnostic calls. |
| * region-model.cc (region_model::get_representative_tree): |
| Likewise for the result. |
| |
| 2021-03-30 David Malcolm <dmalcolm@redhat.com> |
| |
| * region.h (region::dump_to_pp): Remove old decl. |
| |
| 2021-03-30 David Malcolm <dmalcolm@redhat.com> |
| |
| * sm-file.cc (fileptr_state_machine::on_stmt): Only call |
| get_diagnostic_tree if the result will be used. |
| * sm-malloc.cc (malloc_state_machine::on_stmt): Likewise. |
| (malloc_state_machine::on_deallocator_call): Likewise. |
| (malloc_state_machine::on_realloc_call): Likewise. |
| (malloc_state_machine::on_realloc_call): Likewise. |
| * sm-sensitive.cc |
| (sensitive_state_machine::warn_for_any_exposure): Likewise. |
| * sm-taint.cc (taint_state_machine::on_stmt): Likewise. |
| |
| 2021-03-25 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/93695 |
| PR analyzer/99044 |
| PR analyzer/99716 |
| * engine.cc (exploded_node::on_stmt): Clear sm-state involving |
| an SSA name at the def-stmt of that SSA name. |
| * program-state.cc (sm_state_map::purge_state_involving): New. |
| * program-state.h (sm_state_map::purge_state_involving): New decl. |
| * region-model.cc (selftest::test_involves_p): New. |
| (selftest::analyzer_region_model_cc_tests): Call it. |
| * svalue.cc (class involvement_visitor): New class |
| (svalue::involves_p): New. |
| * svalue.h (svalue::involves_p): New decl. |
| |
| 2021-03-19 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/99614 |
| * diagnostic-manager.cc (class epath_finder): Add |
| DISABLE_COPY_AND_ASSIGN. |
| |
| 2021-03-15 Martin Liska <mliska@suse.cz> |
| |
| * sm-file.cc (get_file_using_fns): Add missing comma in initializer. |
| |
| 2021-03-11 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/96374 |
| * analyzer.opt (-param=analyzer-max-infeasible-edges=): New param. |
| (fdump-analyzer-feasibility): New flag. |
| * diagnostic-manager.cc: Include "analyzer/trimmed-graph.h" and |
| "analyzer/feasible-graph.h". |
| (epath_finder::epath_finder): Convert m_sep to a pointer and |
| only create it if !flag_analyzer_feasibility. |
| (epath_finder::~epath_finder): New. |
| (epath_finder::m_sep): Convert to a pointer. |
| (epath_finder::get_best_epath): Add param "diag_idx" and use it |
| when logging. Rather than finding the shortest path and then |
| checking feasibility, instead use explore_feasible_paths unless |
| !flag_analyzer_feasibility, in which case simply use the shortest |
| path, and note if it is infeasible. Update for m_sep becoming a |
| pointer. |
| (class feasible_worklist): New. |
| (epath_finder::explore_feasible_paths): New. |
| (epath_finder::process_worklist_item): New. |
| (class dump_eg_with_shortest_path): New. |
| (epath_finder::dump_trimmed_graph): New. |
| (epath_finder::dump_feasible_graph): New. |
| (saved_diagnostic::saved_diagnostic): Add "idx" param, using it |
| on new field m_idx. |
| (saved_diagnostic::to_json): Dump m_idx. |
| (saved_diagnostic::calc_best_epath): Pass m_idx to get_best_epath. |
| Remove assertion that m_problem was set when m_best_epath is NULL. |
| (diagnostic_manager::add_diagnostic): Pass an index when created |
| saved_diagnostic instances. |
| * diagnostic-manager.h (saved_diagnostic::saved_diagnostic): Add |
| "idx" param. |
| (saved_diagnostic::get_index): New accessor. |
| (saved_diagnostic::m_idx): New field. |
| * engine.cc (exploded_node::dump_dot): Call args.dump_extra_info. |
| Move code to... |
| (exploded_node::dump_processed_stmts): ...this new function and... |
| (exploded_node::dump_saved_diagnostics): ...this new function. |
| Add index of each diagnostic. |
| (exploded_edge::dump_dot): Move bulk of code to... |
| (exploded_edge::dump_dot_label): ...this new function. |
| * exploded-graph.h (eg_traits::dump_args_t::dump_extra_info): New |
| vfunc. |
| (exploded_node::dump_processed_stmts): New decl. |
| (exploded_node::dump_saved_diagnostics): New decl. |
| (exploded_edge::dump_dot_label): New decl. |
| * feasible-graph.cc: New file. |
| * feasible-graph.h: New file. |
| * trimmed-graph.cc: New file. |
| * trimmed-graph.h: New file. |
| |
| 2021-03-11 David Malcolm <dmalcolm@redhat.com> |
| |
| * diagnostic-manager.cc (epath_finder::epath_finder): |
| Update shortest_paths init for new param. |
| |
| 2021-03-10 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/96374 |
| * engine.cc (exploded_path::feasible_p): Move "snodes_visited" and |
| "model" locals into a new class feasibility_state. Move heart |
| of per-edge processing into |
| feasibility_state::maybe_update_for_edge. |
| (feasibility_state::feasibility_state): New. |
| (feasibility_state::maybe_update_for_edge): New, based on loop |
| body in exploded_path::feasible_p. |
| * exploded-graph.h (class feasibility_state): New. |
| |
| 2021-03-10 David Malcolm <dmalcolm@redhat.com> |
| |
| * supergraph.h |
| (callgraph_superedge::dyn_cast_callgraph_superedge): New. |
| (call_superedge::dyn_cast_callgraph_superedge): Delete. |
| (return_superedge::dyn_cast_callgraph_superedge): Delete. |
| |
| 2021-03-02 Martin Liska <mliska@suse.cz> |
| |
| * diagnostic-manager.cc (diagnostic_manager::emit_saved_diagnostics): |
| Do not pass engine. |
| |
| 2021-02-26 David Malcolm <dmalcolm@redhat.com> |
| |
| * engine.cc (exploded_path::exploded_path): New copy-ctor. |
| * exploded-graph.h (exploded_path::operator=): Drop decl. |
| |
| 2021-02-26 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/96374 |
| * diagnostic-manager.cc (class epath_finder): New. |
| (epath_finder::get_best_epath): New. |
| (saved_diagnostic::saved_diagnostic): Update for replacement of |
| m_state and m_epath_length with m_best_epath. |
| (saved_diagnostic::~saved_diagnostic): Delete m_best_epath. |
| (saved_diagnostic::to_json): Update "path_length" to be optional. |
| (saved_diagnostic::calc_best_epath): New, based on |
| dedupe_winners::add and parts of dedupe_key::dedupe_key. |
| (saved_diagnostic::get_epath_length): New. |
| (saved_diagnostic::add_duplicate): New. |
| (dedupe_key::dedupe_key): Drop epath param. Move invocation of |
| stmt_finder to saved_diagnostic::calc_best_epath. |
| (class dedupe_candidate): Delete. |
| (class dedupe_hash_map_traits): Update to use saved_diagnotic * |
| rather than dedupe_candidate * as the value_type/compare_type. |
| (dedupe_winners::~dedupe_winners): Don't delete the values. |
| (dedupe_winners::add): Convert param from shortest_exploded_paths to |
| epath_finder. Drop "eg" param. Drop dedupe_candidate, moving |
| path generation and feasiblity checking to |
| epath_finder::get_best_epath. Update winner-selection for move |
| of epaths from dedupe_candidate to saved_diagnostic. |
| (dedupe_winners::emit_best): Update for removal of class |
| dedupe_candidate. |
| (dedupe_winners::map_t): Update to use saved_diagnotic * rather |
| than dedupe_candidate * as the value_type/compare_type. |
| (diagnostic_manager::emit_saved_diagnostics): Move |
| shortest_exploded_paths instance into epath_finder and pass that |
| around instead. |
| (diagnostic_manager::emit_saved_diagnostic): Drop epath, stmt |
| and num_dupes params, instead getting these from the |
| saved_diagnostic. Use correct location in inform_n call. |
| * diagnostic-manager.h (class epath_finder): New forward decl. |
| (saved_diagnostic::status): Drop enum. |
| (saved_diagnostic::set_feasible): Drop. |
| (saved_diagnostic::set_infeasible): Drop. |
| (saved_diagnostic::get_status): Drop. |
| (saved_diagnostic::calc_best_epath): New decl. |
| (saved_diagnostic::get_best_epath): New decl. |
| (saved_diagnostic::get_epath_length): New decl. |
| (saved_diagnostic::set_epath_length): Drop. |
| (saved_diagnostic::get_epath_length): Drop inline implementation. |
| (saved_diagnostic::add_duplicate): New. |
| (saved_diagnostic::get_num_dupes): New. |
| (saved_diagnostic::m_d): Document ownership. |
| (saved_diagnostic::m_trailing_eedge): Make const. |
| (saved_diagnostic::m_status): Drop field. |
| (saved_diagnostic::m_epath_length): Drop field. |
| (saved_diagnostic::m_best_epath): New field. |
| (saved_diagnostic::m_problem): Document ownership. |
| (saved_diagnostic::m_duplicates): New field. |
| (diagnostic_manager::emit_saved_diagnostic): Drop params epath, |
| stmt, and num_dupes. |
| * engine.cc (exploded_graph_annotator::print_saved_diagnostic): |
| Update for changes to saved_diagnostic class. |
| * exploded-graph.h (exploded_path::feasible_p): Drop unused |
| overloaded decl. |
| |
| 2021-02-25 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/99193 |
| * region-model-impl-calls.cc (region_model::impl_call_realloc): New. |
| * region-model.cc (region_model::on_call_pre): Call it. |
| * region-model.h (region_model::impl_call_realloc): New decl. |
| * sm-malloc.cc (enum wording): Add WORDING_REALLOCATED. |
| (malloc_state_machine::m_realloc): New field. |
| (use_after_free::describe_state_change): Add case for |
| WORDING_REALLOCATED. |
| (use_after_free::describe_final_event): Likewise. |
| (malloc_state_machine::malloc_state_machine): Initialize |
| m_realloc. |
| (malloc_state_machine::on_stmt): Handle realloc by calling... |
| (malloc_state_machine::on_realloc_call): New. |
| |
| 2021-02-22 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/99196 |
| * engine.cc (exploded_node::on_stmt): Provide terminate_path |
| flag as a way for on_call_pre to terminate the current analysis |
| path. |
| * region-model-impl-calls.cc (call_details::num_args): New. |
| (region_model::impl_call_error): New. |
| * region-model.cc (region_model::on_call_pre): Add param |
| "out_terminate_path". Handle "error" and "error_at_line". |
| * region-model.h (call_details::num_args): New decl. |
| (region_model::on_call_pre): Add param "out_terminate_path". |
| (region_model::impl_call_error): New decl. |
| |
| 2021-02-17 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/98969 |
| * constraint-manager.cc (dead_svalue_purger::should_purge_p): |
| Update for change to svalue::live_p. |
| * program-state.cc (sm_state_map::on_liveness_change): Likewise. |
| (program_state::detect_leaks): Likewise. |
| * region-model-reachability.cc (reachable_regions::init_cluster): |
| When dealing with a symbolic region, if the underlying pointer is |
| implicitly live, add the region to the reachable regions. |
| * region-model.cc (region_model::compare_initial_and_pointer): |
| Move logic for detecting initial values of params to |
| initial_svalue::initial_value_of_param_p. |
| * svalue.cc (svalue::live_p): Convert "live_svalues" from a |
| reference to a pointer; support it being NULL. |
| (svalue::implicitly_live_p): Convert first param from a |
| refererence to a pointer. |
| (region_svalue::implicitly_live_p): Likewise. |
| (constant_svalue::implicitly_live_p): Likewise. |
| (initial_svalue::implicitly_live_p): Likewise. Treat the initial |
| values of params for the top level frame as still live. |
| (initial_svalue::initial_value_of_param_p): New function, taken |
| from a test in region_model::compare_initial_and_pointer. |
| (unaryop_svalue::implicitly_live_p): Convert first param from a |
| refererence to a pointer. |
| (binop_svalue::implicitly_live_p): Likewise. |
| (sub_svalue::implicitly_live_p): Likewise. |
| (unmergeable_svalue::implicitly_live_p): Likewise. |
| * svalue.h (svalue::live_p): Likewise. |
| (svalue::implicitly_live_p): Likewise. |
| (region_svalue::implicitly_live_p): Likewise. |
| (constant_svalue::implicitly_live_p): Likewise. |
| (initial_svalue::implicitly_live_p): Likewise. |
| (initial_svalue::initial_value_of_param_p): New decl. |
| (unaryop_svalue::implicitly_live_p): Convert first param from a |
| refererence to a pointer. |
| (binop_svalue::implicitly_live_p): Likewise. |
| (sub_svalue::implicitly_live_p): Likewise. |
| (unmergeable_svalue::implicitly_live_p): Likewise. |
| |
| 2021-02-12 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/98969 |
| * engine.cc (readability): Add names for the various arbitrary |
| values. Handle NOP_EXPR and INTEGER_CST. |
| (readability_comparator): Combine the readability tests for |
| tree and stack depth, rather than performing them sequentially. |
| (impl_region_model_context::on_state_leak): Strip off top-level |
| casts. |
| * region-model.cc (region_model::get_representative_path_var): Add |
| type-checking, moving the bulk of the implementation to... |
| (region_model::get_representative_path_var_1): ...here. Respect |
| types in casts by recursing and re-adding the cast, rather than |
| merely stripping them off. Use the correct type when handling |
| region_svalue. |
| (region_model::get_representative_tree): Strip off any top-level |
| cast. |
| (region_model::get_representative_path_var): Add type-checking, |
| moving the bulk of the implementation to... |
| (region_model::get_representative_path_var_1): ...here. |
| * region-model.h (region_model::get_representative_path_var_1): |
| New decl |
| (region_model::get_representative_path_var_1): New decl. |
| * store.cc (append_pathvar_with_type): New. |
| (binding_cluster::get_representative_path_vars): Cast path_vars |
| to the correct type when adding them to *OUT_PVS. |
| |
| 2021-02-09 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/98575 |
| * sm-file.cc (is_file_using_fn_p): Support "_IO_"-prefixed |
| variants. |
| |
| 2021-02-09 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/98575 |
| * store.cc (store::set_value): Treat a pointer written to *UNKNOWN |
| as having escaped. |
| |
| 2021-02-02 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/93355 |
| PR analyzer/96374 |
| * engine.cc (toplevel_function_p): Simplify so that |
| we only reject functions with a "__analyzer_" prefix. |
| (add_any_callbacks): Delete. |
| (exploded_graph::build_initial_worklist): Update for |
| dropped param of toplevel_function_p. |
| (exploded_graph::build_initial_worklist): Don't bother |
| looking for callbacks that are reachable from global |
| initializers. |
| |
| 2021-02-01 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/98918 |
| * region-model-manager.cc |
| (region_model_manager::get_or_create_initial_value): |
| Fold the initial value of *UNKNOWN_PTR to an UNKNOWN value. |
| (region_model_manager::get_field_region): Fold the value |
| of UNKNOWN_PTR->FIELD to *UNKNOWN_PTR_OF_&FIELD_TYPE. |
| |
| 2021-01-29 David Malcolm <dmalcolm@redhat.com> |
| |
| * checker-path.cc (event_kind_to_string): Handle |
| EK_START_CONSOLIDATED_CFG_EDGES and |
| EK_END_CONSOLIDATED_CFG_EDGES. |
| (start_consolidated_cfg_edges_event::get_desc): New. |
| (checker_path::cfg_edge_pair_at_p): New. |
| * checker-path.h (enum event_kind): Add |
| EK_START_CONSOLIDATED_CFG_EDGES and |
| EK_END_CONSOLIDATED_CFG_EDGES. |
| (class start_consolidated_cfg_edges_event): New class. |
| (class end_consolidated_cfg_edges_event): New class. |
| (checker_path::delete_events): New. |
| (checker_path::replace_event): New. |
| (checker_path::cfg_edge_pair_at_p): New decl. |
| * diagnostic-manager.cc (diagnostic_manager::prune_path): Call |
| consolidate_conditions. |
| (same_line_as_p): New. |
| (diagnostic_manager::consolidate_conditions): New. |
| * diagnostic-manager.h |
| (diagnostic_manager::consolidate_conditions): New decl. |
| |
| 2021-01-18 David Malcolm <dmalcolm@redhat.com> |
| |
| * analyzer.h (is_std_named_call_p): New decl. |
| * diagnostic-manager.cc (path_builder::get_sm): New. |
| (state_change_event_creator::state_change_event_creator): Add "pb" |
| param. |
| (state_change_event_creator::on_global_state_change): Don't consider |
| state changes affecting other state_machines. |
| (state_change_event_creator::on_state_change): Likewise. |
| (state_change_event_creator::m_pb): New field. |
| (diagnostic_manager::add_events_for_eedge): Pass pb to visitor |
| ctor. |
| * region-model-impl-calls.cc |
| (region_model::impl_deallocation_call): New. |
| * region-model.cc: Include "attribs.h". |
| (region_model::on_call_post): Handle fndecls referenced by |
| __attribute__((deallocated_by(FOO))). |
| * region-model.h (region_model::impl_deallocation_call): New decl. |
| * sm-malloc.cc: Include "stringpool.h" and "attribs.h". Add |
| leading comment. |
| (class api): Delete. |
| (enum resource_state): Update comment for change from api to |
| deallocator and deallocator_set. |
| (allocation_state::allocation_state): Drop api param. Add |
| "deallocators" and "deallocator". |
| (allocation_state::m_api): Drop field in favor of... |
| (allocation_state::m_deallocators): New field. |
| (allocation_state::m_deallocator): New field. |
| (enum wording): Add WORDING_DEALLOCATED. |
| (struct deallocator): New. |
| (struct standard_deallocator): New. |
| (struct custom_deallocator): New. |
| (struct deallocator_set): New. |
| (struct custom_deallocator_set): New. |
| (struct standard_deallocator_set): New. |
| (struct deallocator_set_map_traits): New. |
| (malloc_state_machine::m_malloc): Drop field |
| (malloc_state_machine::m_scalar_new): Likewise. |
| (malloc_state_machine::m_vector_new): Likewise. |
| (malloc_state_machine::m_free): New field |
| (malloc_state_machine::m_scalar_delete): Likewise. |
| (malloc_state_machine::m_vector_delete): Likewise. |
| (malloc_state_machine::deallocator_map_t): New typedef. |
| (malloc_state_machine::m_deallocator_map): New field. |
| (malloc_state_machine::deallocator_set_cache_t): New typedef. |
| (malloc_state_machine::m_custom_deallocator_set_cache): New field. |
| (malloc_state_machine::custom_deallocator_set_map_t): New typedef. |
| (malloc_state_machine::m_custom_deallocator_set_map): New field. |
| (malloc_state_machine::m_dynamic_sets): New field. |
| (malloc_state_machine::m_dynamic_deallocators): New field. |
| (api::api): Delete. |
| (deallocator::deallocator): New ctor. |
| (deallocator::hash): New. |
| (deallocator::dump_to_pp): New. |
| (deallocator::cmp): New. |
| (deallocator::cmp_ptr_ptr): New. |
| (standard_deallocator::standard_deallocator): New ctor. |
| (deallocator_set::deallocator_set): New ctor. |
| (deallocator_set::dump): New. |
| (custom_deallocator_set::custom_deallocator_set): New ctor. |
| (custom_deallocator_set::contains_p): New. |
| (custom_deallocator_set::maybe_get_single): New. |
| (custom_deallocator_set::dump_to_pp): New. |
| (standard_deallocator_set::standard_deallocator_set): New ctor. |
| (standard_deallocator_set::contains_p): New. |
| (standard_deallocator_set::maybe_get_single): New. |
| (standard_deallocator_set::dump_to_pp): New. |
| (start_p): New. |
| (class mismatching_deallocation): Update for conversion from api |
| to deallocator_set and deallocator. |
| (double_free::emit): Use %qs. |
| (class use_after_free): Update for conversion from api to |
| deallocator_set and deallocator. |
| (malloc_leak::describe_state_change): Only emit "allocated here" on |
| a start->nonnull transition, rather than on other transitions to |
| nonnull. |
| (allocation_state::dump_to_pp): Update for conversion from api to |
| deallocator_set. |
| (allocation_state::get_nonnull): Likewise. |
| (malloc_state_machine::malloc_state_machine): Likewise. |
| (malloc_state_machine::~malloc_state_machine): New. |
| (malloc_state_machine::add_state): Update for conversion from api |
| to deallocator_set. |
| (malloc_state_machine::get_or_create_custom_deallocator_set): New. |
| (malloc_state_machine::maybe_create_custom_deallocator_set): New. |
| (malloc_state_machine::get_or_create_deallocator): New. |
| (malloc_state_machine::on_stmt): Update for conversion from api |
| to deallocator_set. Handle "__attribute__((malloc(FOO)))", and |
| the special attribute set on FOO. |
| (malloc_state_machine::on_allocator_call): Update for conversion |
| from api to deallocator_set. Add "returns_nonnull" param and use |
| it to affect which state to transition to. |
| (malloc_state_machine::on_deallocator_call): Update for conversion |
| from api to deallocator_set. |
| |
| 2021-01-14 David Malcolm <dmalcolm@redhat.com> |
| |
| * engine.cc (strongly_connected_components::to_json): New. |
| (worklist::to_json): New. |
| (exploded_graph::to_json): JSON-ify the worklist. |
| * exploded-graph.h (strongly_connected_components::to_json): New |
| decl. |
| (worklist::to_json): New decl. |
| * store.cc (store::to_json): Fix comment. |
| * supergraph.cc (supernode::to_json): Fix reference to |
| "returning_call" in comment. Add optional "fun" to JSON. |
| (edge_kind_to_string): New. |
| (superedge::to_json): Add "kind" to JSON. |
| |
| 2021-01-14 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/98679 |
| * analyzer.h (region_offset::operator==): Make const. |
| * pending-diagnostic.h (pending_diagnostic::equal_p): Likewise. |
| * store.h (binding_cluster::for_each_value): Likewise. |
| (binding_cluster::for_each_binding): Likewise. |
| |
| 2021-01-12 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/98628 |
| * store.cc (binding_cluster::make_unknown_relative_to): Don't mark |
| dereferenced unknown pointers as having escaped. |
| |
| 2021-01-07 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/98580 |
| * region.cc (decl_region::get_svalue_for_initializer): Gracefully |
| handle when LTO writes out DECL_INITIAL as error_mark_node. |
| |
| 2021-01-07 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/97074 |
| * store.cc (binding_cluster::can_merge_p): Add "out_store" param |
| and pass to calls to binding_cluster::make_unknown_relative_to. |
| (binding_cluster::make_unknown_relative_to): Add "out_store" |
| param. Use it to mark base regions that are pointed to by |
| pointers that become unknown as having escaped. |
| (store::can_merge_p): Pass out_store to |
| binding_cluster::can_merge_p. |
| * store.h (binding_cluster::can_merge_p): Add "out_store" param. |
| (binding_cluster::make_unknown_relative_to): Likewise. |
| * svalue.cc (region_svalue::implicitly_live_p): New vfunc. |
| * svalue.h (region_svalue::implicitly_live_p): New vfunc decl. |
| |
| 2021-01-07 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/98564 |
| * engine.cc (exploded_path::feasible_p): Add missing call to |
| bitmap_clear. |
| |
| 2021-01-06 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/97072 |
| * region-model-reachability.cc (reachable_regions::init_cluster): |
| Convert symbolic region handling to a switch statement. Add cases |
| to handle SK_UNKNOWN and SK_CONJURED. |
| |
| 2021-01-05 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/98293 |
| * store.cc (binding_map::apply_ctor_to_region): When "index" is |
| NULL, iterate through the fields for RECORD_TYPEs, rather than |
| creating an INTEGER_CST index. |
| |
| 2020-11-30 David Malcolm <dmalcolm@redhat.com> |
| |
| * analyzer-pass.cc: Include "analyzer/analyzer.h" for the |
| declaration of sorry_no_analyzer; include "tree.h" and |
| "function.h" as these are needed by it. |
| |
| 2020-11-30 David Malcolm <dmalcolm@redhat.com> |
| |
| * analyzer-pass.cc (pass_analyzer::execute): Move sorry call to... |
| (sorry_no_analyzer): New. |
| * analyzer.h (class state_machine): New forward decl. |
| (class logger): New forward decl. |
| (class plugin_analyzer_init_iface): New. |
| (sorry_no_analyzer): New decl. |
| * checker-path.cc (checker_path::fixup_locations): New. |
| * checker-path.h (checker_event::set_location): New. |
| (checker_path::fixup_locations): New decl. |
| * diagnostic-manager.cc |
| (diagnostic_manager::emit_saved_diagnostic): Call |
| checker_path::fixup_locations, and call fixup_location |
| on the primary location. |
| * engine.cc: Include "plugin.h". |
| (class plugin_analyzer_init_impl): New. |
| (impl_run_checkers): Invoke PLUGIN_ANALYZER_INIT callbacks. |
| * pending-diagnostic.h (pending_diagnostic::fixup_location): New |
| vfunc. |
| |
| 2020-11-18 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/97893 |
| * sm-malloc.cc (null_deref::emit): Use CWE-476 rather than |
| CWE-690, as this isn't due to an unchecked return value. |
| (null_arg::emit): Likewise. |
| |
| 2020-11-12 David Malcolm <dmalcolm@redhat.com> |
| |
| * checker-path.h (checker_event::get_id_ptr): New. |
| * diagnostic-manager.cc (path_builder::path_builder): Add "sd" |
| param and use it to initialize new field "m_sd". |
| (path_builder::get_pending_diagnostic): New. |
| (path_builder::m_sd): New field. |
| (diagnostic_manager::emit_saved_diagnostic): Pass sd to |
| path_builder ctor. |
| (diagnostic_manager::add_events_for_superedge): Call new |
| maybe_add_custom_events_for_superedge vfunc. |
| * engine.cc (stale_jmp_buf::stale_jmp_buf): Add "setjmp_point" |
| param and use it to initialize new field "m_setjmp_point". |
| Initialize new field "m_stack_pop_event". |
| (stale_jmp_buf::maybe_add_custom_events_for_superedge): New vfunc |
| implementation. |
| (stale_jmp_buf::describe_final_event): New vfunc implementation. |
| (stale_jmp_buf::m_setjmp_point): New field. |
| (stale_jmp_buf::m_stack_pop_event): New field. |
| (exploded_node::on_longjmp): Pass setjmp_point to stale_jmp_buf |
| ctor. |
| * pending-diagnostic.h |
| (pending_diagnostic::maybe_add_custom_events_for_superedge): New |
| vfunc. |
| |
| 2020-11-12 David Malcolm <dmalcolm@redhat.com> |
| |
| PR tree-optimization/97424 |
| * analyzer.opt (Wanalyzer-shift-count-negative): New. |
| (Wanalyzer-shift-count-overflow): New. |
| * region-model.cc (class shift_count_negative_diagnostic): New. |
| (class shift_count_overflow_diagnostic): New. |
| (region_model::get_gassign_result): Complain about shift counts that |
| are negative or are >= the operand's type's width. |
| |
| 2020-11-10 Martin Liska <mliska@suse.cz> |
| |
| * constraint-manager.cc (constraint_manager::merge): Remove |
| unused code. |
| * constraint-manager.h: Likewise. |
| * program-state.cc (sm_state_map::sm_state_map): Likewise. |
| (program_state::program_state): Likewise. |
| (test_sm_state_map): Likewise. |
| * program-state.h: Likewise. |
| * region-model-reachability.cc (reachable_regions::reachable_regions): Likewise. |
| * region-model-reachability.h: Likewise. |
| * region-model.cc (region_model::handle_unrecognized_call): Likewise. |
| (region_model::get_reachable_svalues): Likewise. |
| (region_model::can_merge_with_p): Likewise. |
| |
| 2020-11-05 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/97668 |
| * svalue.cc (cmp_cst): Handle COMPLEX_CST. |
| |
| 2020-10-29 David Malcolm <dmalcolm@redhat.com> |
| |
| * program-state.cc (sm_state_map::on_liveness_change): Sort the |
| leaking svalues before calling on_state_leak. |
| (program_state::detect_leaks): Likewise when calling |
| on_svalue_leak. |
| * region-model-reachability.cc |
| (reachable_regions::mark_escaped_clusters): Likewise when |
| calling on_escaped_function. |
| |
| 2020-10-29 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/97608 |
| * region-model-reachability.cc (reachable_regions::handle_sval): |
| Operands of reachable reversible operations are reachable. |
| |
| 2020-10-29 David Malcolm <dmalcolm@redhat.com> |
| |
| * analyzer.h (class state_machine): New forward decl. |
| (class logger): Likewise. |
| (class visitor): Likewise. |
| * complexity.cc: New file, taken from svalue.cc. |
| * complexity.h: New file, taken from region-model.h. |
| * region-model.h: Include "analyzer/svalue.h" and |
| "analyzer/region.h". Move struct complexity to complexity.h. |
| Move svalue, its subclasses and supporting decls to svalue.h. |
| Move region, its subclasses and supporting decls to region.h. |
| * region.cc: Include "analyzer/region.h". |
| (symbolic_region::symbolic_region): Move here from region-model.h. |
| * region.h: New file, based on material from region-model.h. |
| * svalue.cc: Include "analyzer/svalue.h". |
| (complexity::complexity): Move to complexity.cc. |
| (complexity::from_pair): Likewise. |
| * svalue.h: New file, based on material from region-model.h. |
| |
| 2020-10-29 David Malcolm <dmalcolm@redhat.com> |
| |
| * program-state.cc (sm_state_map::print): Guard the printing of |
| the origin pointer with !flag_dump_noaddr. |
| * region.cc (string_region::dump_to_pp): Likewise for |
| m_string_cst. |
| |
| 2020-10-27 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/97568 |
| * region-model.cc (region_model::get_initial_value_for_global): |
| Move check that !DECL_EXTERNAL from here to... |
| * region.cc (decl_region::get_svalue_for_initializer): ...here, |
| using it to reject zero initialization. |
| |
| 2020-10-27 Markus Böck <markus.boeck02@gmail.com> |
| |
| PR analyzer/96608 |
| * store.h (hash): Cast to intptr_t instead of long |
| |
| 2020-10-27 David Malcolm <dmalcolm@redhat.com> |
| |
| * constraint-manager.cc (svalue_cmp_by_ptr): Delete. |
| (equiv_class::canonicalize): Use svalue::cmp_ptr_ptr instead. |
| (equiv_class_cmp): Eliminate pointer comparison. |
| * diagnostic-manager.cc (dedupe_key::comparator): If they are at |
| the same location, also compare epath ength and pending_diagnostic |
| kind. |
| * engine.cc (readability_comparator): If two path_vars have the |
| same readability, then impose an arbitrary ordering on them. |
| (worklist::key_t::cmp): If two points have the same plan ordering, |
| continue the comparison. Call sm_state_map::cmp rather than |
| comparing hash values. |
| * program-state.cc (sm_state_map::entry_t::cmp): New. |
| (sm_state_map::cmp): New. |
| * program-state.h (sm_state_map::entry_t::cmp): New decl. |
| (sm_state_map::elements): New. |
| (sm_state_map::cmp): New. |
| |
| 2020-10-27 David Malcolm <dmalcolm@redhat.com> |
| |
| * engine.cc (setjmp_record::cmp): New. |
| (supernode_cluster::dump_dot): Avoid embedding pointer in cluster |
| name. |
| (supernode_cluster::cmp_ptr_ptr): New. |
| (function_call_string_cluster::dump_dot): Avoid embedding pointer |
| in cluster name. Sort m_map when dumping child clusters. |
| (function_call_string_cluster::cmp_ptr_ptr): New. |
| (root_cluster::dump_dot): Sort m_map when dumping child clusters. |
| * program-point.cc (function_point::cmp): New. |
| (function_point::cmp_ptr): New. |
| * program-point.h (function_point::cmp): New decl. |
| (function_point::cmp_ptr): New decl. |
| * program-state.cc (sm_state_map::print): Sort the values. Guard |
| the printing of pointers with !flag_dump_noaddr. |
| (program_state::prune_for_point): Sort the regions. |
| (log_set_of_svalues): Sort the values. Guard the printing of |
| pointers with !flag_dump_noaddr. |
| * region-model-manager.cc (log_uniq_map): Sort the values. |
| * region-model-reachability.cc (dump_set): New function template. |
| (reachable_regions::dump_to_pp): Use it. |
| * region-model.h (svalue::cmp_ptr): New decl. |
| (svalue::cmp_ptr_ptr): New decl. |
| (setjmp_record::cmp): New decl. |
| (placeholder_svalue::get_name): New accessor. |
| (widening_svalue::get_point): New accessor. |
| (compound_svalue::get_map): New accessor. |
| (conjured_svalue::get_stmt): New accessor. |
| (conjured_svalue::get_id_region): New accessor. |
| (region::cmp_ptrs): Rename to... |
| (region::cmp_ptr_ptr): ...this. |
| * region.cc (region::cmp_ptrs): Rename to... |
| (region::cmp_ptr_ptr): ...this. |
| * state-purge.cc |
| (state_purge_per_ssa_name::state_purge_per_ssa_name): Sort |
| m_points_needing_name when dumping. |
| * store.cc (concrete_binding::cmp_ptr_ptr): New. |
| (symbolic_binding::cmp_ptr_ptr): New. |
| (binding_map::cmp): New. |
| (get_sorted_parent_regions): Update for renaming of |
| region::cmp_ptrs to region::cmp_ptr_ptr. |
| (store::dump_to_pp): Likewise. |
| (store::to_json): Likewise. |
| (store::can_merge_p): Sort the base regions before considering |
| them. |
| * store.h (concrete_binding::cmp_ptr_ptr): New decl. |
| (symbolic_binding::cmp_ptr_ptr): New decl. |
| (binding_map::cmp): New decl. |
| * supergraph.cc (supergraph::supergraph): Assign UIDs to the |
| gimple stmts. |
| * svalue.cc (cmp_cst): New. |
| (svalue::cmp_ptr): New. |
| (svalue::cmp_ptr_ptr): New. |
| |
| 2020-10-27 David Malcolm <dmalcolm@redhat.com> |
| |
| * engine.cc (exploded_graph::get_or_create_node): Fix off-by-one |
| when imposing param_analyzer_max_enodes_per_program_point limit. |
| |
| 2020-10-27 David Malcolm <dmalcolm@redhat.com> |
| |
| * region-model.cc (region_model::get_representative_path_var): |
| Implement case RK_LABEL. |
| * region-model.h (label_region::get_label): New accessor. |
| |
| 2020-10-22 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/97514 |
| * engine.cc (exploded_graph::add_function_entry): Handle failure |
| to create an enode, rather than asserting. |
| |
| 2020-10-22 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/97489 |
| * engine.cc (exploded_graph::add_function_entry): Assert that we |
| have a function body. |
| (exploded_graph::on_escaped_function): Reject fndecls that don't |
| have a function body. |
| |
| 2020-10-14 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/93388 |
| * region-model.cc (region_model::get_initial_value_for_global): |
| Fall back to returning an initial_svalue if |
| decl_region::get_svalue_for_initializer fails. |
| * region.cc (decl_region::get_svalue_for_initializer): Don't |
| attempt to create a compound_svalue if the region has an unknown |
| size. |
| |
| 2020-10-14 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/93723 |
| * store.cc (binding_map::apply_ctor_to_region): Remove redundant |
| assertion. |
| |
| 2020-10-12 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/97258 |
| * engine.cc (impl_region_model_context::on_escaped_function): New |
| vfunc. |
| (exploded_graph::add_function_entry): Use m_functions_with_enodes |
| to implement idempotency. |
| (add_any_callbacks): New. |
| (exploded_graph::build_initial_worklist): Use the above to find |
| callbacks that are reachable from global initializers. |
| (exploded_graph::on_escaped_function): New. |
| * exploded-graph.h |
| (impl_region_model_context::on_escaped_function): New decl. |
| (exploded_graph::on_escaped_function): New decl. |
| (exploded_graph::m_functions_with_enodes): New field. |
| * region-model-reachability.cc |
| (reachable_regions::reachable_regions): Replace "store" param with |
| "model" param; use it to initialize m_model. |
| (reachable_regions::add): When getting the svalue for the region, |
| call get_store_value on the model rather than using an initial |
| value. |
| (reachable_regions::mark_escaped_clusters): Add ctxt param and |
| use it to call on_escaped_function when a function_region escapes. |
| * region-model-reachability.h |
| (reachable_regions::reachable_regions): Replace "store" param with |
| "model" param. |
| (reachable_regions::mark_escaped_clusters): Add ctxt param. |
| (reachable_regions::m_model): New field. |
| * region-model.cc (region_model::handle_unrecognized_call): Update |
| for change in reachable_regions ctor. |
| (region_model::handle_unrecognized_call): Pass ctxt to |
| mark_escaped_clusters. |
| (region_model::get_reachable_svalues): Update for change in |
| reachable_regions ctor. |
| (region_model::get_initial_value_for_global): Read-only variables |
| keep their initial values. |
| * region-model.h (region_model_context::on_escaped_function): New |
| vfunc. |
| (noop_region_model_context::on_escaped_function): New. |
| |
| 2020-10-12 David Malcolm <dmalcolm@redhat.com> |
| |
| * analyzer.opt (Wanalyzer-write-to-const): New. |
| (Wanalyzer-write-to-string-literal): New. |
| * region-model-impl-calls.cc (region_model::impl_call_memcpy): |
| Call check_for_writable_region. |
| (region_model::impl_call_memset): Likewise. |
| (region_model::impl_call_strcpy): Likewise. |
| * region-model.cc (class write_to_const_diagnostic): New. |
| (class write_to_string_literal_diagnostic): New. |
| (region_model::check_for_writable_region): New. |
| (region_model::set_value): Call check_for_writable_region. |
| * region-model.h (region_model::check_for_writable_region): New |
| decl. |
| |
| 2020-10-07 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/97116 |
| * sm-malloc.cc (method_p): New. |
| (describe_argument_index): New. |
| (inform_nonnull_attribute): Use describe_argument_index. |
| (possible_null_arg::describe_final_event): Likewise. |
| (null_arg::describe_final_event): Likewise. |
| |
| 2020-09-29 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/95188 |
| * engine.cc (stmt_requires_new_enode_p): Split enodes before |
| "signal" calls. |
| |
| 2020-09-29 David Malcolm <dmalcolm@redhat.com> |
| |
| * constraint-manager.cc |
| (constraint_manager::add_constraint_internal): Whitespace fixes. |
| Silence -Wsign-compare warning. |
| * engine.cc (maybe_process_run_of_before_supernode_enodes): |
| Silence -Wsign-compare warning. |
| |
| 2020-09-28 David Malcolm <dmalcolm@redhat.com> |
| |
| * region-model.h (binop_svalue::dyn_cast_binop_svalue): Remove |
| redundant "virtual". Add FINAL OVERRIDE. |
| (widening_svalue::dyn_cast_widening_svalue): Add FINAL OVERRIDE. |
| (compound_svalue::dyn_cast_compound_svalue): Likewise. |
| (conjured_svalue::dyn_cast_conjured_svalue): Likewise. |
| |
| 2020-09-28 David Malcolm <dmalcolm@redhat.com> |
| |
| * diagnostic-manager.cc (null_assignment_sm_context::m_visitor): |
| Remove unused field. |
| |
| 2020-09-28 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/97233 |
| * analyzer.cc (is_longjmp_call_p): Require the initial argument |
| to be a pointer. |
| * engine.cc (exploded_node::on_longjmp): Likewise. |
| |
| 2020-09-28 David Malcolm <dmalcolm@redhat.com> |
| |
| * program-state.cc (sm_state_map::print): Update check |
| for m_global_state being the start state. |
| |
| 2020-09-26 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/96646 |
| PR analyzer/96841 |
| * region-model.cc (region_model::get_representative_path_var): |
| When handling offset_region, wrap the MEM_REF's first argument in |
| an ADDR_EXPR of pointer type, rather than simply using the tree |
| for the parent region. Require the MEM_REF's second argument to |
| be an integer constant. |
| |
| 2020-09-24 David Malcolm <dmalcolm@redhat.com> |
| |
| * analyzer.h (struct rejected_constraint): New decl. |
| * analyzer.opt (fanalyzer-feasibility): New option. |
| * diagnostic-manager.cc (path_builder::path_builder): Add |
| "problem" param and use it to initialize new field. |
| (path_builder::get_feasibility_problem): New accessor. |
| (path_builder::m_feasibility_problem): New field. |
| (dedupe_winners::add): Remove inversion of logic in "if" clause, |
| swapping if/else suites. In the !feasible_p suite, inspect |
| flag_analyzer_feasibility and add code to handle when this |
| is off, accepting the infeasible path, but recording the |
| feasibility_problem. |
| (diagnostic_manager::emit_saved_diagnostic): Pass the |
| feasibility_problem to the path_builder. |
| (diagnostic_manager::add_events_for_eedge): If we have |
| a feasibility_problem at this edge, use it to add a custom event. |
| * engine.cc (exploded_path::feasible_p): Pass a |
| rejected_constraint ** to model.maybe_update_for_edge and transfer |
| ownership of any created instance to any feasibility_problem. |
| (feasibility_problem::dump_to_pp): New. |
| * exploded-graph.h (feasibility_problem::feasibility_problem): |
| Drop "model" param; add rejected_constraint * param. |
| (feasibility_problem::~feasibility_problem): New. |
| (feasibility_problem::dump_to_pp): New decl. |
| (feasibility_problem::m_model): Drop field. |
| (feasibility_problem::m_rc): New field. |
| * program-point.cc (function_point::get_location): Handle |
| PK_BEFORE_SUPERNODE and PK_AFTER_SUPERNODE. |
| * program-state.cc (program_state::on_edge): Pass NULL to new |
| param of region_model::maybe_update_for_edge. |
| * region-model.cc (region_model::add_constraint): New overload |
| adding a rejected_constraint ** param. |
| (region_model::maybe_update_for_edge): Add rejected_constraint ** |
| param and pass it to the various apply_constraints_for_ calls. |
| (region_model::apply_constraints_for_gcond): Add |
| rejected_constraint ** param and pass it to add_constraint calls. |
| (region_model::apply_constraints_for_gswitch): Likewise. |
| (region_model::apply_constraints_for_exception): Likewise. |
| (rejected_constraint::dump_to_pp): New. |
| * region-model.h (region_model::maybe_update_for_edge): |
| Add rejected_constraint ** param. |
| (region_model::add_constraint): New overload adding a |
| rejected_constraint ** param. |
| (region_model::apply_constraints_for_gcond): Add |
| rejected_constraint ** param. |
| (region_model::apply_constraints_for_gswitch): Likewise. |
| (region_model::apply_constraints_for_exception): Likewise. |
| (struct rejected_constraint): New. |
| |
| 2020-09-23 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/97178 |
| * engine.cc (impl_run_checkers): Update for change to ext_state |
| ctor. |
| * program-state.cc (selftest::test_sm_state_map): Pass an engine |
| instance to ext_state ctor. |
| (selftest::test_program_state_1): Likewise. |
| (selftest::test_program_state_2): Likewise. |
| (selftest::test_program_state_merging): Likewise. |
| (selftest::test_program_state_merging_2): Likewise. |
| * program-state.h (extrinsic_state::extrinsic_state): Remove NULL |
| default value for "eng" param. |
| |
| 2020-09-23 Tobias Burnus <tobias@codesourcery.com> |
| |
| * analyzer-logging.cc: Guard '#pragma ... ignored "-Wformat-diag"' |
| by '#if __GNUC__ >= 10' |
| * analyzer.h: Likewise. |
| * call-string.cc: Likewise. |
| |
| 2020-09-23 David Malcolm <dmalcolm@redhat.com> |
| |
| * engine.cc (exploded_node::on_stmt): Replace sequence of dyn_cast |
| with switch. |
| |
| 2020-09-22 David Malcolm <dmalcolm@redhat.com> |
| |
| * analysis-plan.cc: Include "json.h". |
| * analyzer.opt (fdump-analyzer-json): New. |
| * call-string.cc: Include "json.h". |
| (call_string::to_json): New. |
| * call-string.h (call_string::to_json): New decl. |
| * checker-path.cc: Include "json.h". |
| * constraint-manager.cc: Include "json.h". |
| (equiv_class::to_json): New. |
| (constraint::to_json): New. |
| (constraint_manager::to_json): New. |
| * constraint-manager.h (equiv_class::to_json): New decl. |
| (constraint::to_json): New decl. |
| (constraint_manager::to_json): New decl. |
| * diagnostic-manager.cc: Include "json.h". |
| (saved_diagnostic::to_json): New. |
| (diagnostic_manager::to_json): New. |
| * diagnostic-manager.h (saved_diagnostic::to_json): New decl. |
| (diagnostic_manager::to_json): New decl. |
| * engine.cc: Include "json.h", <zlib.h>. |
| (exploded_node::status_to_str): New. |
| (exploded_node::to_json): New. |
| (exploded_edge::to_json): New. |
| (exploded_graph::to_json): New. |
| (dump_analyzer_json): New. |
| (impl_run_checkers): Call it. |
| * exploded-graph.h (exploded_node::status_to_str): New decl. |
| (exploded_node::to_json): New. |
| (exploded_edge::to_json): New. |
| (exploded_graph::to_json): New. |
| * pending-diagnostic.cc: Include "json.h". |
| * program-point.cc: Include "json.h". |
| (program_point::to_json): New. |
| * program-point.h (program_point::to_json): New decl. |
| * program-state.cc: Include "json.h". |
| (extrinsic_state::to_json): New. |
| (sm_state_map::to_json): New. |
| (program_state::to_json): New. |
| * program-state.h (extrinsic_state::to_json): New decl. |
| (sm_state_map::to_json): New decl. |
| (program_state::to_json): New decl. |
| * region-model-impl-calls.cc: Include "json.h". |
| * region-model-manager.cc: Include "json.h". |
| * region-model-reachability.cc: Include "json.h". |
| * region-model.cc: Include "json.h". |
| * region-model.h (svalue::to_json): New decl. |
| (region::to_json): New decl. |
| * region.cc: Include "json.h". |
| (region::to_json: New. |
| * sm-file.cc: Include "json.h". |
| * sm-malloc.cc: Include "json.h". |
| * sm-pattern-test.cc: Include "json.h". |
| * sm-sensitive.cc: Include "json.h". |
| * sm-signal.cc: Include "json.h". |
| (signal_delivery_edge_info_t::to_json): New. |
| * sm-taint.cc: Include "json.h". |
| * sm.cc: Include "diagnostic.h", "tree-diagnostic.h", and |
| "json.h". |
| (state_machine::state::to_json): New. |
| (state_machine::to_json): New. |
| * sm.h (state_machine::state::to_json): New. |
| (state_machine::to_json): New. |
| * state-purge.cc: Include "json.h". |
| * store.cc: Include "json.h". |
| (binding_key::get_desc): New. |
| (binding_map::to_json): New. |
| (binding_cluster::to_json): New. |
| (store::to_json): New. |
| * store.h (binding_key::get_desc): New decl. |
| (binding_map::to_json): New decl. |
| (binding_cluster::to_json): New decl. |
| (store::to_json): New decl. |
| * supergraph.cc: Include "json.h". |
| (supergraph::to_json): New. |
| (supernode::to_json): New. |
| (superedge::to_json): New. |
| * supergraph.h (supergraph::to_json): New decl. |
| (supernode::to_json): New decl. |
| (superedge::to_json): New decl. |
| * svalue.cc: Include "json.h". |
| (svalue::to_json): New. |
| |
| 2020-09-21 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/97130 |
| * region-model-impl-calls.cc (call_details::get_arg_type): New. |
| * region-model.cc (region_model::on_call_pre): Check that the |
| initial arg is a pointer before calling impl_call_memset and |
| impl_call_strlen. |
| * region-model.h (call_details::get_arg_type): New decl. |
| |
| 2020-09-21 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/93355 |
| * sm-malloc.cc (malloc_state_machine::get_default_state): Look at |
| the base region when considering pointers. Treat pointers to |
| decls as being non-heap. |
| |
| 2020-09-18 David Malcolm <dmalcolm@redhat.com> |
| |
| * checker-path.cc (warning_event::get_desc): Handle global state |
| changes. |
| |
| 2020-09-18 David Malcolm <dmalcolm@redhat.com> |
| |
| * sm-malloc.cc (malloc_state_machine::on_stmt): Handle strdup and |
| strndup as being malloc-like allocators. |
| |
| 2020-09-16 David Malcolm <dmalcolm@redhat.com> |
| |
| * engine.cc (strongly_connected_components::strong_connect): Only |
| consider intraprocedural edges when creating SCCs. |
| (worklist::key_t::cmp): Add comment. Treat call_string |
| differences as more important than differences of program_point |
| within a supernode. |
| |
| 2020-09-16 David Malcolm <dmalcolm@redhat.com> |
| |
| * engine.cc (supernode_cluster::dump_dot): Show the SCC id |
| in the per-supernode clusters in FILENAME.eg.dot output. |
| (exploded_graph_annotator::add_node_annotations): |
| Show the SCC of the supernode in FILENAME.supernode.eg.dot output. |
| * exploded-graph.h (worklist::scc_id): New. |
| (exploded_graph::get_scc_id): New. |
| |
| 2020-09-16 David Malcolm <dmalcolm@redhat.com> |
| |
| * engine.cc (exploded_node::dump_dot): Show STATUS_BULK_MERGED. |
| (exploded_graph::process_worklist): Call |
| maybe_process_run_of_before_supernode_enodes. |
| (exploded_graph::maybe_process_run_of_before_supernode_enodes): |
| New. |
| (exploded_graph_annotator::print_enode): Show STATUS_BULK_MERGED. |
| * exploded-graph.h (enum exploded_node::status): Add |
| STATUS_BULK_MERGED. |
| |
| 2020-09-16 David Malcolm <dmalcolm@redhat.com> |
| |
| * engine.cc |
| (exploded_graph::process_node) <case PK_BEFORE_SUPERNODE>: |
| Simplify by using program_point::get_next. |
| * program-point.cc (program_point::get_next): New. |
| * program-point.h (program_point::get_next): New decl. |
| |
| 2020-09-16 David Malcolm <dmalcolm@redhat.com> |
| |
| * engine.cc (exploded_graph::get_or_create_node): Show the |
| program point when issuing -Wanalyzer-too-complex due to hitting |
| the per-program-point limit. |
| |
| 2020-09-16 David Malcolm <dmalcolm@redhat.com> |
| |
| * region-model.cc (region_model::on_call_pre): Treat getchar as |
| having no side-effects. |
| |
| 2020-09-15 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/96650 |
| * constraint-manager.cc (merger_fact_visitor::on_fact): Replace |
| assertion that add_constraint succeeded with an assertion that |
| if it fails, -fanalyzer-transitivity is off. |
| |
| 2020-09-14 David Malcolm <dmalcolm@redhat.com> |
| |
| * analyzer.opt (-param=analyzer-max-constraints=): New param. |
| * constraint-manager.cc |
| (constraint_manager::add_constraint_internal): Silently reject |
| attempts to add constraints when the above limit is reached. |
| |
| 2020-09-14 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/96653 |
| * constraint-manager.cc |
| (constraint_manager::get_or_add_equiv_class): Don't accumulate |
| transitive closure of all constraints on constants. |
| |
| 2020-09-14 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/97029 |
| * analyzer.cc (is_setjmp_call_p): Require the initial arg to be a |
| pointer. |
| * region-model.cc (region_model::deref_rvalue): Assert that the |
| svalue is of pointer type. |
| |
| 2020-09-11 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/96798 |
| * region-model-impl-calls.cc (region_model::impl_call_memcpy): |
| New. |
| (region_model::impl_call_strcpy): New. |
| * region-model.cc (region_model::on_call_pre): Flag unhandled |
| builtins that are non-pure as having unknown side-effects. |
| Implement BUILT_IN_MEMCPY, BUILT_IN_MEMCPY_CHK, BUILT_IN_STRCPY, |
| BUILT_IN_STRCPY_CHK, BUILT_IN_FPRINTF, BUILT_IN_FPRINTF_UNLOCKED, |
| BUILT_IN_PUTC, BUILT_IN_PUTC_UNLOCKED, BUILT_IN_FPUTC, |
| BUILT_IN_FPUTC_UNLOCKED, BUILT_IN_FPUTS, BUILT_IN_FPUTS_UNLOCKED, |
| BUILT_IN_FWRITE, BUILT_IN_FWRITE_UNLOCKED, BUILT_IN_PRINTF, |
| BUILT_IN_PRINTF_UNLOCKED, BUILT_IN_PUTCHAR, |
| BUILT_IN_PUTCHAR_UNLOCKED, BUILT_IN_PUTS, BUILT_IN_PUTS_UNLOCKED, |
| BUILT_IN_VFPRINTF, BUILT_IN_VPRINTF. |
| * region-model.h (region_model::impl_call_memcpy): New decl. |
| (region_model::impl_call_strcpy): New decl. |
| |
| 2020-09-09 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/94355 |
| * analyzer.opt (Wanalyzer-mismatching-deallocation): New warning. |
| * region-model-impl-calls.cc |
| (region_model::impl_call_operator_new): New. |
| (region_model::impl_call_operator_delete): New. |
| * region-model.cc (region_model::on_call_pre): Detect operator new |
| and operator delete. |
| (region_model::on_call_post): Likewise. |
| (region_model::maybe_update_for_edge): Detect EH edges and call... |
| (region_model::apply_constraints_for_exception): New function. |
| * region-model.h (region_model::impl_call_operator_new): New decl. |
| (region_model::impl_call_operator_delete): New decl. |
| (region_model::apply_constraints_for_exception): New decl. |
| * sm-malloc.cc (enum resource_state): New. |
| (struct allocation_state): New state subclass. |
| (enum wording): New. |
| (struct api): New. |
| (malloc_state_machine::custom_data_t): New typedef. |
| (malloc_state_machine::add_state): New decl. |
| (malloc_state_machine::m_unchecked) |
| (malloc_state_machine::m_nonnull) |
| (malloc_state_machine::m_freed): Delete these states in favor |
| of... |
| (malloc_state_machine::m_malloc) |
| (malloc_state_machine::m_scalar_new) |
| (malloc_state_machine::m_vector_new): ...this new api instances, |
| which own their own versions of these states. |
| (malloc_state_machine::on_allocator_call): New decl. |
| (malloc_state_machine::on_deallocator_call): New decl. |
| (api::api): New ctor. |
| (dyn_cast_allocation_state): New. |
| (as_a_allocation_state): New. |
| (get_rs): New. |
| (unchecked_p): New. |
| (nonnull_p): New. |
| (freed_p): New. |
| (malloc_diagnostic::describe_state_change): Use unchecked_p and |
| nonnull_p. |
| (class mismatching_deallocation): New. |
| (double_free::double_free): Add funcname param for initializing |
| m_funcname. |
| (double_free::emit): Use m_funcname in warning message rather |
| than hardcoding "free". |
| (double_free::describe_state_change): Likewise. Use freed_p. |
| (double_free::describe_call_with_state): Use freed_p. |
| (double_free::describe_final_event): Use m_funcname in message |
| rather than hardcoding "free". |
| (double_free::m_funcname): New field. |
| (possible_null::describe_state_change): Use unchecked_p. |
| (possible_null::describe_return_of_state): Likewise. |
| (use_after_free::use_after_free): Add param for initializing m_api. |
| (use_after_free::emit): Use m_api->m_dealloc_funcname in message |
| rather than hardcoding "free". |
| (use_after_free::describe_state_change): Use freed_p. Change the |
| wording of the message based on the API. |
| (use_after_free::describe_final_event): Use |
| m_api->m_dealloc_funcname in message rather than hardcoding |
| "free". Change the wording of the message based on the API. |
| (use_after_free::m_api): New field. |
| (malloc_leak::describe_state_change): Use unchecked_p. Update |
| for renaming of m_malloc_event to m_alloc_event. |
| (malloc_leak::describe_final_event): Update for renaming of |
| m_malloc_event to m_alloc_event. |
| (malloc_leak::m_malloc_event): Rename... |
| (malloc_leak::m_alloc_event): ...to this. |
| (free_of_non_heap::free_of_non_heap): Add param for initializing |
| m_funcname. |
| (free_of_non_heap::emit): Use m_funcname in message rather than |
| hardcoding "free". |
| (free_of_non_heap::describe_final_event): Likewise. |
| (free_of_non_heap::m_funcname): New field. |
| (allocation_state::dump_to_pp): New. |
| (allocation_state::get_nonnull): New. |
| (malloc_state_machine::malloc_state_machine): Update for changes |
| to state fields and new api fields. |
| (malloc_state_machine::add_state): New. |
| (malloc_state_machine::on_stmt): Move malloc/calloc handling to |
| on_allocator_call and call it, passing in the API pointer. |
| Likewise for free, moving it to on_deallocator_call. Handle calls |
| to operator new and delete in an analogous way. Use unchecked_p |
| when testing for possibly-null-arg and possibly-null-deref, and |
| transition to the non-null for the correct API. Remove redundant |
| node param from call to on_zero_assignment. Use freed_p for |
| use-after-free check, and pass in API. |
| (malloc_state_machine::on_allocator_call): New, based on code in |
| on_stmt. |
| (malloc_state_machine::on_deallocator_call): Likewise. |
| (malloc_state_machine::on_phi): Mark node param with |
| ATTRIBUTE_UNUSED; don't pass it to on_zero_assignment. |
| (malloc_state_machine::on_condition): Mark node param with |
| ATTRIBUTE_UNUSED. Replace on_transition calls with get_state and |
| set_next_state pairs, transitioning to the non-null state for the |
| appropriate API. |
| (malloc_state_machine::can_purge_p): Port to new state approach. |
| (malloc_state_machine::on_zero_assignment): Replace on_transition |
| calls with get_state and set_next_state pairs. Drop redundant |
| node param. |
| * sm.h (state_machine::add_custom_state): New. |
| |
| 2020-09-09 David Malcolm <dmalcolm@redhat.com> |
| |
| * diagnostic-manager.cc |
| (null_assignment_sm_context::warn_for_state): Replace with... |
| (null_assignment_sm_context::warn): ...this. |
| * engine.cc (impl_sm_context::warn_for_state): Replace with... |
| (impl_sm_context::warn): ...this. |
| * sm-file.cc (fileptr_state_machine::on_stmt): Replace |
| warn_for_state and on_transition calls with a get_state |
| test guarding warn and set_next_state calls. |
| * sm-malloc.cc (malloc_state_machine::on_stmt): Likewise. |
| * sm-pattern-test.cc (pattern_test_state_machine::on_condition): |
| Replace warn_for_state call with warn call. |
| * sm-sensitive.cc |
| (sensitive_state_machine::warn_for_any_exposure): Replace |
| warn_for_state call with a get_state test guarding a warn call. |
| * sm-signal.cc (signal_state_machine::on_stmt): Likewise. |
| * sm-taint.cc (taint_state_machine::on_stmt): Replace |
| warn_for_state and on_transition calls with a get_state |
| test guarding warn and set_next_state calls. |
| * sm.h (sm_context::warn_for_state): Replace with... |
| (sm_context::warn): ...this. |
| |
| 2020-09-09 David Malcolm <dmalcolm@redhat.com> |
| |
| * diagnostic-manager.cc |
| (null_assignment_sm_context::null_assignment_sm_context): Add old_state |
| and ext_state params, initializing m_old_state and m_ext_state. |
| (null_assignment_sm_context::on_transition): Split into... |
| (null_assignment_sm_context::get_state): ...this new vfunc |
| implementation and... |
| (null_assignment_sm_context::set_next_state): ...this new vfunc |
| implementation. |
| (null_assignment_sm_context::m_old_state): New field. |
| (null_assignment_sm_context::m_ext_state): New field. |
| (diagnostic_manager::add_events_for_eedge): Pass in old state and |
| ext_state when creating sm_ctxt. |
| * engine.cc (impl_sm_context::on_transition): Split into... |
| (impl_sm_context::get_state): ...this new vfunc |
| implementation and... |
| (impl_sm_context::set_next_state): ...this new vfunc |
| implementation. |
| * sm.h (sm_context::get_state): New pure virtual function. |
| (sm_context::set_next_state): Likewise. |
| (sm_context::on_transition): Convert from a pure virtual function |
| to a regular function implemented in terms of get_state and |
| set_next_state. |
| |
| 2020-09-09 David Malcolm <dmalcolm@redhat.com> |
| |
| * checker-path.cc (state_change_event::get_desc): Update |
| state_machine::get_state_name calls to state::get_name. |
| (warning_event::get_desc): Likewise. |
| * diagnostic-manager.cc |
| (null_assignment_sm_context::on_transition): Update comparison |
| against 0 with comparison with m_sm.get_start_state. |
| (diagnostic_manager::prune_for_sm_diagnostic): Update |
| state_machine::get_state_name calls to state::get_name. |
| * engine.cc (impl_sm_context::on_transition): Likewise. |
| (exploded_node::get_dot_fillcolor): Use get_id when summing |
| the sm states. |
| * program-state.cc (sm_state_map::sm_state_map): Don't hardcode |
| 0 as the start state when initializing m_global_state. |
| (sm_state_map::print): Use dump_to_pp rather than get_state_name |
| when dumping states. |
| (sm_state_map::is_empty_p): Don't hardcode 0 as the start state |
| when examining m_global_state. |
| (sm_state_map::hash): Use get_id when hashing states. |
| (selftest::test_sm_state_map): Use state objects rather than |
| arbitrary hardcoded integers. |
| (selftest::test_program_state_merging): Likewise. |
| (selftest::test_program_state_merging_2): Likewise. |
| * sm-file.cc (fileptr_state_machine::m_start): Move to base class. |
| (file_diagnostic::describe_state_change): Use get_start_state. |
| (fileptr_state_machine::fileptr_state_machine): Drop m_start |
| initialization. |
| * sm-malloc.cc (malloc_state_machine::m_start): Move to base |
| class. |
| (malloc_diagnostic::describe_state_change): Use get_start_state. |
| (possible_null::describe_state_change): Likewise. |
| (malloc_state_machine::malloc_state_machine): Drop m_start |
| initialization. |
| * sm-pattern-test.cc (pattern_test_state_machine::m_start): Move |
| to base class. |
| (pattern_test_state_machine::pattern_test_state_machine): Drop |
| m_start initialization. |
| * sm-sensitive.cc (sensitive_state_machine::m_start): Move to base |
| class. |
| (sensitive_state_machine::sensitive_state_machine): Drop m_start |
| initialization. |
| * sm-signal.cc (signal_state_machine::m_start): Move to base |
| class. |
| (signal_state_machine::signal_state_machine): Drop m_start |
| initialization. |
| * sm-taint.cc (taint_state_machine::m_start): Move to base class. |
| (taint_state_machine::taint_state_machine): Drop m_start |
| initialization. |
| * sm.cc (state_machine::state::dump_to_pp): New. |
| (state_machine::state_machine): Move here from sm.h. Initialize |
| m_next_state_id and m_start. |
| (state_machine::add_state): Reimplement in terms of state objects. |
| (state_machine::get_state_name): Delete. |
| (state_machine::get_state_by_name): Reimplement in terms of state |
| objects. Make const. |
| (state_machine::validate): Delete. |
| (state_machine::dump_to_pp): Reimplement in terms of state |
| objects. |
| * sm.h (state_machine::state): New class. |
| (state_machine::state_t): Convert typedef from "unsigned" to |
| "const state_machine::state *". |
| (state_machine::state_machine): Move to sm.cc. |
| (state_machine::get_default_state): Use m_start rather than |
| hardcoding 0. |
| (state_machine::get_state_name): Delete. |
| (state_machine::get_state_by_name): Make const. |
| (state_machine::get_start_state): New accessor. |
| (state_machine::alloc_state_id): New. |
| (state_machine::m_state_names): Drop in favor of... |
| (state_machine::m_states): New field |
| (state_machine::m_start): New field |
| (start_start_p): Delete. |
| |
| 2020-09-08 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/96949 |
| * store.cc (binding_map::apply_ctor_val_to_range): Add |
| error-handling for the cases where we have symbolic offsets. |
| |
| 2020-09-08 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/96950 |
| * store.cc (binding_map::apply_ctor_to_region): Handle RANGE_EXPR |
| where min_index == max_index. |
| (binding_map::apply_ctor_val_to_range): Replace assertion that we |
| don't have a CONSTRUCTOR value with error-handling. |
| |
| 2020-09-08 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/96962 |
| * region-model.cc (region_model::on_call_pre): Fix guard on switch |
| on built-ins to only consider BUILT_IN_NORMAL, rather than other |
| kinds of build-ins. |
| |
| 2020-09-01 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/96792 |
| * region-model.cc (region_model::deref_rvalue): Add the constraint |
| that PTR_SVAL is non-NULL. |
| |
| 2020-08-31 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/96798 |
| * region-model.cc (region_model::on_call_pre): Handle |
| BUILT_IN_MEMSET_CHK. |
| |
| 2020-08-31 David Malcolm <dmalcolm@redhat.com> |
| |
| * region-model.cc (region_model::on_call_pre): Gather handling of |
| builtins and of internal fns into switch statements. Handle |
| "alloca" and BUILT_IN_ALLOCA_WITH_ALIGN. |
| |
| 2020-08-31 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/96860 |
| * region.cc (decl_region::get_svalue_for_constructor): Support |
| apply_ctor_to_region failing. |
| * store.cc (binding_map::apply_ctor_to_region): Add failure |
| handling. |
| (binding_map::apply_ctor_val_to_range): Likewise. |
| (binding_map::apply_ctor_pair_to_child_region): Likewise. Replace |
| assertion that child_base_offset is not symbolic with error |
| handling. |
| * store.h (binding_map::apply_ctor_to_region): Convert return type |
| from void to bool. |
| (binding_map::apply_ctor_val_to_range): Likewise. |
| (binding_map::apply_ctor_pair_to_child_region): Likewise. |
| |
| 2020-08-31 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/96763 |
| * store.cc (binding_map::apply_ctor_to_region): Handle RANGE_EXPR |
| by calling a new binding_map::apply_ctor_val_to_range subroutine. |
| Split out the existing non-CONSTRUCTOR-handling code to a new |
| apply_ctor_pair_to_child_region subroutine. |
| (binding_map::apply_ctor_val_to_range): New. |
| (binding_map::apply_ctor_pair_to_child_region): New, split out |
| from binding_map::apply_ctor_to_region as noted above. |
| * store.h (binding_map::apply_ctor_val_to_range): New decl. |
| (binding_map::apply_ctor_pair_to_child_region): New decl. |
| |
| 2020-08-31 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/96764 |
| * region-model-manager.cc |
| (region_model_manager::maybe_fold_unaryop): Handle VIEW_CONVERT_EXPR. |
| (region_model_manager::get_or_create_cast): Move logic for |
| real->integer casting to... |
| (get_code_for_cast): ...this new function, and add logic for |
| real->non-integer casts. |
| (region_model_manager::maybe_fold_sub_svalue): Handle |
| VIEW_CONVERT_EXPR. |
| * region-model.cc |
| (region_model::add_any_constraints_from_gassign): Likewise. |
| * svalue.cc (svalue::maybe_undo_cast): Likewise. |
| (unaryop_svalue::dump_to_pp): Likewise. |
| |
| 2020-08-26 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/94858 |
| * region-model-manager.cc |
| (region_model_manager::get_or_create_widening_svalue): Assert that |
| neither of the inputs are themselves widenings. |
| * store.cc (store::eval_alias_1): The initial value of a pointer |
| can't point to a region that was allocated on the heap after the |
| beginning of the path. A widened pointer value can't alias anything |
| that the initial pointer value can't alias. |
| * svalue.cc (svalue::can_merge_p): Merge BINOP (X, OP, CST) with X |
| to a widening svalue. Merge |
| BINOP(WIDENING(BASE, BINOP(BASE, X)), X) and BINOP(BASE, X) to |
| to the LHS of the first BINOP. |
| |
| 2020-08-26 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/96777 |
| * region-model.h (class compound_svalue): Document that all keys |
| must be concrete. |
| (compound_svalue::compound_svalue): Move definition to svalue.cc. |
| * store.cc (binding_map::apply_ctor_to_region): Handle |
| initializers for trailing arrays with incomplete size. |
| * svalue.cc (compound_svalue::compound_svalue): Move definition |
| here from region-model.h. Add assertion that all keys are |
| concrete. |
| |
| 2020-08-22 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/94851 |
| * region-model-manager.cc |
| (region_model_manager::maybe_fold_binop): Fold bitwise "& 0" to 0. |
| |
| 2020-08-22 David Malcolm <dmalcolm@redhat.com> |
| |
| * store.cc (store::eval_alias): Make const. Split out 2nd half |
| into store::eval_alias_1 and call it twice for symmetry, avoiding |
| test duplication. |
| (store::eval_alias_1): New function, split out from the above. |
| * store.h (store::eval_alias): Make const. |
| (store::eval_alias_1): New decl. |
| |
| 2020-08-22 David Malcolm <dmalcolm@redhat.com> |
| |
| * region-model.cc (region_model::push_frame): Bind the default |
| SSA name for each parm if it exists, falling back to the parm |
| itself otherwise, rather than doing both. |
| |
| 2020-08-20 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/96723 |
| * region-model-manager.cc |
| (region_model_manager::get_field_region): Assert that field is a |
| FIELD_DECL. |
| * region.cc (region::get_subregions_for_binding): In |
| union-handling, filter the TYPE_FIELDS traversal to just FIELD_DECLs. |
| |
| 2020-08-20 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/96713 |
| * region-model.cc (region_model::get_gassign_result): For |
| comparisons, only use eval_condition when the lhs has boolean |
| type, and use get_or_create_constant_svalue on the boolean |
| constants directly rather than via get_rvalue. |
| |
| 2020-08-19 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/96643 |
| * region-model.cc (region_model::deref_rvalue): Rather than |
| attempting to handle all svalue kinds in the switch, only cover |
| the special cases, and move symbolic-region handling to after |
| the switch, thus implicitly handling the missing case SK_COMPOUND. |
| |
| 2020-08-19 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/96705 |
| * region-model-manager.cc |
| (region_model_manager::maybe_fold_binop): Check that we have an |
| integral type before calling build_int_cst. |
| |
| 2020-08-19 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/96699 |
| * region-model-manager.cc |
| (region_model_manager::get_or_create_cast): Use FIX_TRUNC_EXPR for |
| casting from REAL_TYPE to INTEGER_TYPE. |
| |
| 2020-08-19 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/96651 |
| * region-model.cc (region_model::called_from_main_p): New. |
| (region_model::get_store_value): Move handling for globals into... |
| (region_model::get_initial_value_for_global): ...this new |
| function, and add logic for extracting values from decl |
| initializers. |
| * region-model.h (decl_region::get_svalue_for_constructor): New |
| decl. |
| (decl_region::get_svalue_for_initializer): New decl. |
| (region_model::called_from_main_p): New decl. |
| (region_model::get_initial_value_for_global): New. |
| * region.cc (decl_region::maybe_get_constant_value): Move logic |
| for getting an svalue from a CONSTRUCTOR node to... |
| (decl_region::get_svalue_for_constructor): ...this new function. |
| (decl_region::get_svalue_for_initializer): New. |
| * store.cc (get_svalue_for_ctor_val): Rewrite in terms of |
| region_model::get_rvalue. |
| * store.h (binding_cluster::get_map): New accessor. |
| |
| 2020-08-19 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/96648 |
| * region.cc (get_field_at_bit_offset): Gracefully handle negative |
| values for bit_offset. |
| |
| 2020-08-18 David Malcolm <dmalcolm@redhat.com> |
| |
| * region-model.cc (region_model::get_rvalue_1): Fix name of local. |
| |
| 2020-08-18 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/96641 |
| * region-model.cc (region_model::get_rvalue_1): Handle |
| unrecognized tree codes by returning "UNKNOWN. |
| |
| 2020-08-18 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/96640 |
| * region-model.cc (region_model::get_gassign_result): Handle various |
| VEC_* tree codes by returning UNKNOWN. |
| (region_model::on_assignment): Handle unrecognized tree codes by |
| setting lhs to an unknown value, rather than issuing a "sorry" and |
| asserting. |
| |
| 2020-08-17 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/96644 |
| * region-model-manager.cc (get_region_for_unexpected_tree_code): |
| Handle ctxt being NULL. |
| |
| 2020-08-17 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/96639 |
| * region.cc (region::get_subregions_for_binding): Check for "type" |
| being NULL. |
| |
| 2020-08-17 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/96642 |
| * store.cc (get_svalue_for_ctor_val): New. |
| (binding_map::apply_ctor_to_region): Call it. |
| |
| 2020-08-14 David Malcolm <dmalcolm@redhat.com> |
| |
| PR testsuite/96609 |
| PR analyzer/96616 |
| * region-model.cc (region_model::get_store_value): Call |
| maybe_get_constant_value on decl_regions first. |
| * region-model.h (decl_region::maybe_get_constant_value): New decl. |
| * region.cc (decl_region::get_stack_depth): Likewise. |
| (decl_region::maybe_get_constant_value): New. |
| * store.cc (get_subregion_within_ctor): New. |
| (binding_map::apply_ctor_to_region): New. |
| * store.h (binding_map::apply_ctor_to_region): New decl. |
| |
| 2020-08-14 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/96611 |
| * store.cc (store::mark_as_escaped): Reject attempts to |
| get a cluster for an unknown pointer. |
| |
| 2020-08-13 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/93032 |
| PR analyzer/93938 |
| PR analyzer/94011 |
| PR analyzer/94099 |
| PR analyzer/94399 |
| PR analyzer/94458 |
| PR analyzer/94503 |
| PR analyzer/94640 |
| PR analyzer/94688 |
| PR analyzer/94689 |
| PR analyzer/94839 |
| PR analyzer/95026 |
| PR analyzer/95042 |
| PR analyzer/95240 |
| * analyzer-logging.cc: Ignore "-Wformat-diag". |
| (logger::enter_scope): Use inc_indent in both overloads. |
| (logger::exit_scope): Use dec_indent. |
| * analyzer-logging.h (logger::inc_indent): New. |
| (logger::dec_indent): New. |
| * analyzer-selftests.cc (run_analyzer_selftests): Call |
| analyzer_store_cc_tests. |
| * analyzer-selftests.h (analyzer_store_cc_tests): New decl. |
| * analyzer.cc (get_stmt_location): New function. |
| * analyzer.h (class initial_svalue): New forward decl. |
| (class unaryop_svalue): New forward decl. |
| (class binop_svalue): New forward decl. |
| (class sub_svalue): New forward decl. |
| (class unmergeable_svalue): New forward decl. |
| (class placeholder_svalue): New forward decl. |
| (class widening_svalue): New forward decl. |
| (class compound_svalue): New forward decl. |
| (class conjured_svalue): New forward decl. |
| (svalue_set): New typedef. |
| (class map_region): Delete. |
| (class array_region): Delete. |
| (class frame_region): New forward decl. |
| (class function_region): New forward decl. |
| (class label_region): New forward decl. |
| (class decl_region): New forward decl. |
| (class element_region): New forward decl. |
| (class offset_region): New forward decl. |
| (class cast_region): New forward decl. |
| (class field_region): New forward decl. |
| (class string_region): New forward decl. |
| (class region_model_manager): New forward decl. |
| (class store_manager): New forward decl. |
| (class store): New forward decl. |
| (class call_details): New forward decl. |
| (struct svalue_id_merger_mapping): Delete. |
| (struct canonicalization): Delete. |
| (class function_point): New forward decl. |
| (class engine): New forward decl. |
| (dump_tree): New function decl. |
| (print_quoted_type): New function decl. |
| (readability_comparator): New function decl. |
| (tree_cmp): New function decl. |
| (class path_var): Move here from region-model.h |
| (bit_offset_t, bit_size_t, byte_size_t): New typedefs. |
| (class region_offset): New class. |
| (get_stmt_location): New decl. |
| (struct member_function_hash_traits): New struct. |
| (class consolidation_map): New class. |
| Ignore "-Wformat-diag". |
| * analyzer.opt (-param=analyzer-max-svalue-depth=): New param. |
| (-param=analyzer-max-enodes-for-full-dump=): New param. |
| * call-string.cc: Ignore -Wformat-diag. |
| * checker-path.cc: Move includes of "analyzer/call-string.h" and |
| "analyzer/program-point.h" to before "analyzer/region-model.h", |
| and also include "analyzer/store.h" before it. |
| (state_change_event::state_change_event): Replace "tree var" param |
| with "const svalue *sval". Convert "origin" param from tree to |
| "const svalue *". |
| (state_change_event::get_desc): Call get_representative_tree to |
| convert the var and origin from const svalue * to tree. Use |
| svalue::get_desc rather than %qE when describing state changes. |
| (checker_path::add_final_event): Use get_stmt_location. |
| * checker-path.h (state_change_event::state_change_event): Port |
| from tree to const svalue *. |
| (state_change_event::get_lvalue): Delete. |
| (state_change_event::get_dest_function): New. |
| (state_change_event::m_var): Replace with... |
| (state_change_event::m_sval): ...this. |
| (state_change_event::m_origin): Convert from tree to |
| const svalue *. |
| * constraint-manager.cc: Include "analyzer/call-string.h", |
| "analyzer/program-point.h", and "analyzer/store.h" before |
| "analyzer/region-model.h". |
| (struct bound, struct range): Move to constraint-manager.h. |
| (compare_constants): New function. |
| (range::dump): Rename to... |
| (range::dump_to_pp): ...this. Support NULL constants. |
| (range::dump): Reintroduce for dumping to stderr. |
| (range::constrained_to_single_element): Return result, rather than |
| writing to *OUT. |
| (range::eval_condition): New. |
| (range::below_lower_bound): New. |
| (range::above_upper_bound): New. |
| (equiv_class::equiv_class): Port from svalue_id to const svalue *. |
| (equiv_class::print): Likewise. |
| (equiv_class::hash): Likewise. |
| (equiv_class::operator==): Port from svalue_id to const svalue *. |
| (equiv_class::add): Port from svalue_id to const svalue *. Drop |
| "cm" param. |
| (equiv_class::del): Port from svalue_id to const svalue *. |
| (equiv_class::get_representative): Likewise. |
| (equiv_class::remap_svalue_ids): Delete. |
| (svalue_id_cmp_by_id): Rename to... |
| (svalue_cmp_by_ptr): ...this, porting from svalue_id to |
| const svalue *. |
| (equiv_class::canonicalize): Update qsort comparator. |
| (constraint::implied_by): New. |
| (constraint_manager::constraint_manager): Copy m_mgr in copy ctor. |
| (constraint_manager::dump_to_pp): Add "multiline" param |
| (constraint_manager::dump): Pass "true" for "multiline". |
| (constraint_manager::add_constraint): Port from svalue_id to |
| const svalue *. Split out second part into... |
| (constraint_manager::add_unknown_constraint): ...this new |
| function. Remove self-constraints when merging equivalence |
| classes. |
| (constraint_manager::add_constraint_internal): Remove constraints |
| that would be implied by the new constraint. Port from svalue_id |
| to const svalue *. |
| (constraint_manager::get_equiv_class_by_sid): Rename to... |
| (constraint_manager::get_equiv_class_by_svalue): ...this, porting |
| from svalue_id to const svalue *. |
| (constraint_manager::get_or_add_equiv_class): Port from svalue_id |
| to const svalue *. |
| (constraint_manager::eval_condition): Make const. Call |
| compare_constants and return early if it provides a known result. |
| (constraint_manager::get_ec_bounds): New. |
| (constraint_manager::eval_condition): New overloads. Make |
| existing one const, and use compare_constants. |
| (constraint_manager::purge): Convert "p" param to a template |
| rather that an abstract base class. Port from svalue_id to |
| const svalue *. |
| (class dead_svalue_purger): New class. |
| (constraint_manager::remap_svalue_ids): Delete. |
| (constraint_manager::on_liveness_change): New. |
| (equiv_class_cmp): Port from svalue_id to const svalue *. |
| (constraint_manager::canonicalize): Likewise. Combine with |
| purging of redundant equivalence classes and constraints. |
| (class cleaned_constraint_manager): Delete. |
| (class merger_fact_visitor): Make "m_cm_b" const. Add "m_merger" |
| field. |
| (merger_fact_visitor::fact): Port from svalue_id to const svalue *. |
| Add special case for widening. |
| (constraint_manager::merge): Port from svalue_id to const svalue *. |
| (constraint_manager::clean_merger_input): Delete. |
| (constraint_manager::for_each_fact): Port from svalue_id to |
| const svalue *. |
| (constraint_manager::validate): Likewise. |
| (selftest::test_constraint_conditions): Provide a |
| region_model_manager when creating region_model instances. |
| Add test for self-equality not creating equivalence classes. |
| (selftest::test_transitivity): Provide a region_model_manager when |
| creating region_model instances. Verify that EC-merging happens |
| when constraints are implied. |
| (selftest::test_constant_comparisons): Provide a |
| region_model_manager when creating region_model instances. |
| (selftest::test_constraint_impl): Likewise. Remove over-specified |
| assertions. |
| (selftest::test_equality): Provide a region_model_manager when |
| creating region_model instances. |
| (selftest::test_many_constants): Likewise. Provide a |
| program_point when testing merging. |
| (selftest::run_constraint_manager_tests): Move call to |
| test_constant_comparisons to outside the transitivity guard. |
| * constraint-manager.h (struct bound): Move here from |
| constraint-manager.cc. |
| (struct range): Likewise. |
| (struct::eval_condition): New decl. |
| (struct::below_lower_bound): New decl. |
| (struct::above_upper_bound): New decl. |
| (equiv_class::add): Port from svalue_id to const svalue *. |
| (equiv_class::del): Likewise. |
| (equiv_class::get_representative): Likewise. |
| (equiv_class::remap_svalue_ids): Drop. |
| (equiv_class::m_cst_sid): Convert to.. |
| (equiv_class::m_cst_sval): ...this. |
| (equiv_class::m_vars): Port from svalue_id to const svalue *. |
| (constraint::bool implied_by): New decl. |
| (fact_visitor::on_fact): Port from svalue_id to const svalue *. |
| (constraint_manager::constraint_manager): Add mgr param. |
| (constraint_manager::clone): Delete. |
| (constraint_manager::maybe_get_constant): Delete. |
| (constraint_manager::get_sid_for_constant): Delete. |
| (constraint_manager::get_num_svalues): Delete. |
| (constraint_manager::dump_to_pp): Add "multiline" param. |
| (constraint_manager::get_equiv_class): Port from svalue_id to |
| const svalue *. |
| (constraint_manager::add_constraint): Likewise. |
| (constraint_manager::get_equiv_class_by_sid): Rename to... |
| (constraint_manager::get_equiv_class_by_svalue): ...this, porting |
| from svalue_id to const svalue *. |
| (constraint_manager::add_unknown_constraint): New decl. |
| (constraint_manager::get_or_add_equiv_class): Port from svalue_id |
| to const svalue *. |
| (constraint_manager::eval_condition): Likewise. Add overloads. |
| (constraint_manager::get_ec_bounds): New decl. |
| (constraint_manager::purge): Convert to template. |
| (constraint_manager::remap_svalue_ids): Delete. |
| (constraint_manager::on_liveness_change): New decl. |
| (constraint_manager::canonicalize): Drop param. |
| (constraint_manager::clean_merger_input): Delete. |
| (constraint_manager::m_mgr): New field. |
| * diagnostic-manager.cc: Move includes of |
| "analyzer/call-string.h" and "analyzer/program-point.h" to before |
| "analyzer/region-model.h", and also include "analyzer/store.h" |
| before it. |
| (saved_diagnostic::saved_diagnostic): Add "sval" param. |
| (diagnostic_manager::diagnostic_manager): Add engine param. |
| (diagnostic_manager::add_diagnostic): Add "sval" param, passing it |
| to saved_diagnostic ctor. Update overload to pass NULL for it. |
| (dedupe_winners::dedupe_winners): Add engine param. |
| (dedupe_winners::add): Add "eg" param. Pass m_engine to |
| feasible_p. |
| (dedupe_winner::m_engine): New field. |
| (diagnostic_manager::emit_saved_diagnostics): Pass engine to |
| dedupe_winners. Pass &eg when adding candidates. Pass svalue |
| rather than tree to prune_path. Use get_stmt_location to get |
| primary location of diagnostic. |
| (diagnostic_manager::emit_saved_diagnostic): Likewise. |
| (get_any_origin): Drop. |
| (state_change_event_creator::on_global_state_change): Pass NULL |
| const svalue * rather than NULL_TREE trees to state_change_event |
| ctor. |
| (state_change_event_creator::on_state_change): Port from tree and |
| svalue_id to const svalue *. |
| (for_each_state_change): Port from svalue_id to const svalue *. |
| (struct null_assignment_sm_context): New. |
| (diagnostic_manager::add_events_for_eedge): Add state change |
| events for assignment to NULL. |
| (diagnostic_manager::prune_path): Update param from tree to |
| const svalue *. |
| (diagnostic_manager::prune_for_sm_diagnostic): Port from tracking |
| by tree to by const svalue *. |
| * diagnostic-manager.h (saved_diagnostic::saved_diagnostic): Add sval |
| param. |
| (saved_diagnostic::m_sval): New field. |
| (diagnostic_manager::diagnostic_manager): Add engine param. |
| (diagnostic_manager::get_engine): New. |
| (diagnostic_manager::add_diagnostic): Add "sval" param. |
| (diagnostic_manager::prune_path): Likewise. |
| (diagnostic_manager::prune_for_sm_diagnostic): New overload. |
| (diagnostic_manager::m_eng): New field. |
| * engine.cc: Move includes of "analyzer/call-string.h" and |
| "analyzer/program-point.h" to before "analyzer/region-model.h", |
| and also include "analyzer/store.h" before it. |
| (impl_region_model_context::impl_region_model_context): Update for |
| removal of m_change field. |
| (impl_region_model_context::remap_svalue_ids): Delete. |
| (impl_region_model_context::on_svalue_leak): New. |
| (impl_region_model_context::on_svalue_purge): Delete. |
| (impl_region_model_context::on_liveness_change): New. |
| (impl_region_model_context::on_unknown_change): Update param |
| from svalue_id to const svalue *. Add is_mutable param. |
| (setjmp_svalue::compare_fields): Delete. |
| (setjmp_svalue::accept): New. |
| (setjmp_svalue::add_to_hash): Delete. |
| (setjmp_svalue::dump_to_pp): New. |
| (setjmp_svalue::print_details): Delete. |
| (impl_sm_context::impl_sm_context): Drop "change" param. |
| (impl_sm_context::get_fndecl_for_call): Drop "m_change". |
| (impl_sm_context::on_transition): Drop ATTRIBUTE_UNUSED from |
| "stmt" param. Drop m_change. Port from svalue_id to |
| const svalue *. |
| (impl_sm_context::warn_for_state): Drop m_change. Port from |
| svalue_id to const svalue *. |
| (impl_sm_context::get_readable_tree): Rename to... |
| (impl_sm_context::get_diagnostic_tree): ...this. Port from |
| svalue_id to const svalue *. |
| (impl_sm_context::is_zero_assignment): New. |
| (impl_sm_context::m_change): Delete field. |
| (leak_stmt_finder::find_stmt): Handle m_var being NULL. |
| (readability): Increase penalty for MEM_REF. For SSA_NAMEs, |
| slightly favor the underlying var over the SSA name. Heavily |
| penalize temporaries. Handle RESULT_DECL. |
| (readability_comparator): Make non-static. Consider stack depths. |
| (impl_region_model_context::on_state_leak): Convert from svalue_id |
| to const svalue *, updating for region_model changes. Use |
| id_equal. |
| (impl_region_model_context::on_inherited_svalue): Delete. |
| (impl_region_model_context::on_cast): Delete. |
| (impl_region_model_context::on_condition): Drop m_change. |
| (impl_region_model_context::on_phi): Likewise. |
| (impl_region_model_context::on_unexpected_tree_code): Handle t |
| being NULL. |
| (point_and_state::validate): Update stack checking for |
| region_model changes. |
| (eg_traits::dump_args_t::show_enode_details_p): New. |
| (exploded_node::exploded_node): Initialize m_num_processed_stmts. |
| (exploded_node::get_processed_stmt): New function. |
| (exploded_node::get_dot_fillcolor): Add more colors. |
| (exploded_node::dump_dot): Guard the printing of the point and |
| state with show_enode_details_p. Print the processed stmts for |
| this enode after the initial state. |
| (exploded_node::dump_to_pp): Pass true for new multiline param |
| of program_state::dump_to_pp. |
| (exploded_node::on_stmt): Drop "change" param. Log the stmt. |
| Set input_location. Implement __analyzer_describe. Update |
| implementation of __analyzer_dump and __analyzer_eval. |
| Remove purging of sm-state for unknown fncalls from here. |
| (exploded_node::on_edge): Drop "change" param. |
| (exploded_node::on_longjmp): Port from region_id/svalue_id to |
| const region */const svalue *. Call program_state::detect_leaks. |
| Drop state_change. |
| (exploded_node::detect_leaks): Update for changes to region_model. |
| Call program_state::detect_leaks. |
| (exploded_edge::exploded_edge): Drop ext_state and change params. |
| (exploded_edge::dump_dot): "args" is no longer used. Drop dumping |
| of m_change. |
| (exploded_graph::exploded_graph): Pass engine to |
| m_diagnostic_manager ctor. Use program_point::origin. |
| (exploded_graph::add_function_entry): Drop ctxt. Use |
| program_state::push_frame. Drop state_change. |
| (exploded_graph::get_or_create_node): Drop "change" param. Add |
| "enode_for_diag" param. Update dumping calls for API changes. |
| Pass point to can_merge_with_p. Show enode indices |
| within -Wanalyzer-too-complex diagnostic for hitting the per-point |
| limit. |
| (exploded_graph::add_edge): Drop "change" param. Log which nodes |
| are being connected. Update for changes to exploded_edge ctor. |
| (exploded_graph::get_per_program_point_data): New. |
| (exploded_graph::process_worklist): Pass point to |
| can_merge_with_p. Drop state_change. Update dumping call for API |
| change. |
| (exploded_graph::process_node): Drop state_change. Split the |
| node in-place if an sm-state-change occurs. Update |
| m_num_processed_stmts. Update dumping calls for API change. |
| (exploded_graph::log_stats): Call engine::log_stats. |
| (exploded_graph::dump_states_for_supernode): Update dumping |
| call. |
| (exploded_path::feasible_p): Add "eng" and "eg" params. |
| Rename "i" to "end_idx". Pass the manager to the region_model |
| ctor. Update for every processed stmt in the enode, not just the |
| first. Keep track of which snodes have been visited, and call |
| loop_replay_fixup when revisiting one. |
| (enode_label::get_text): Update dump call for new param. |
| (exploded_graph::dump_exploded_nodes): Likewise. |
| (exploded_graph::get_node_by_index): New. |
| (impl_run_checkers): Create engine instance and pass its address |
| to extrinsic_state ctor. |
| * exploded-graph.h |
| (impl_region_model_context::impl_region_model_context): Drop |
| "change" params. |
| (impl_region_model_context::void remap_svalue_ids): Delete. |
| (impl_region_model_context::on_svalue_purge): Delete. |
| (impl_region_model_context::on_svalue_leak): New. |
| (impl_region_model_context::on_liveness_change): New. |
| (impl_region_model_context::on_state_leak): Update signature. |
| (impl_region_model_context::on_inherited_svalue): Delete. |
| (impl_region_model_context::on_cast): Delete. |
| (impl_region_model_context::on_unknown_change): Update signature. |
| (impl_region_model_context::m_change): Delete. |
| (eg_traits::dump_args_t::show_enode_details_p): New. |
| (exploded_node::on_stmt): Drop "change" param. |
| (exploded_node::on_edge): Likewise. |
| (exploded_node::get_processed_stmt): New decl. |
| (exploded_node::m_num_processed_stmts): New field. |
| (exploded_edge::exploded_edge): Drop ext_state and change params. |
| (exploded_edge::m_change): Delete. |
| (exploded_graph::get_engine): New accessor. |
| (exploded_graph::get_or_create_node): Drop "change" param. Add |
| "enode_for_diag" param. |
| (exploded_graph::add_edge): Drop "change" param. |
| (exploded_graph::get_per_program_point_data): New decl. |
| (exploded_graph::get_node_by_index): New decl. |
| (exploded_path::feasible_p): Add "eng" and "eg" params. |
| * program-point.cc: Include "analyzer/store.h" before including |
| "analyzer/region-model.h". |
| (function_point::function_point): Move here from |
| program-point.h. |
| (function_point::get_function): Likewise. |
| (function_point::from_function_entry): Likewise. |
| (function_point::before_supernode): Likewise. |
| (function_point::next_stmt): New function. |
| * program-point.h (function_point::function_point): Move |
| implementation from here to program-point.cc. |
| (function_point::get_function): Likewise. |
| (function_point::from_function_entry): Likewise. |
| (function_point::before_supernode): Likewise. |
| (function_point::next_stmt): New decl. |
| (program_point::operator!=): New. |
| (program_point::origin): New. |
| (program_point::next_stmt): New. |
| (program_point::m_function_point): Make non-const. |
| * program-state.cc: Move includes of "analyzer/call-string.h" and |
| "analyzer/program-point.h" to before "analyzer/region-model.h", |
| and also include "analyzer/store.h" before it. |
| (extrinsic_state::get_model_manager): New. |
| (sm_state_map::sm_state_map): Pass in sm and sm_idx to ctor, |
| rather than pass the around. |
| (sm_state_map::clone_with_remapping): Delete. |
| (sm_state_map::print): Remove "sm" param in favor of "m_sm". Add |
| "simple" and "multiline" params and support multiline vs single |
| line dumping. |
| (sm_state_map::dump): Remove "sm" param in favor of "m_sm". Add |
| "simple" param. |
| (sm_state_map::hash): Port from svalue_id to const svalue *. |
| (sm_state_map::operator==): Likewise. |
| (sm_state_map::get_state): Likewise. Call canonicalize_svalue on |
| input. Handle inheritance of sm-state. Call get_default_state. |
| (sm_state_map::get_origin): Port from svalue_id to const svalue *. |
| (sm_state_map::set_state): Likewise. Pass in ext_state. Reject |
| attempts to set state on UNKNOWN. |
| (sm_state_map::impl_set_state): Port from svalue_id to |
| const svalue *. Pass in ext_state. Call canonicalize_svalue on |
| input. |
| (sm_state_map::purge_for_unknown_fncall): Delete. |
| (sm_state_map::on_svalue_leak): New. |
| (sm_state_map::remap_svalue_ids): Delete. |
| (sm_state_map::on_liveness_change): New. |
| (sm_state_map::on_unknown_change): Reimplement. |
| (sm_state_map::on_svalue_purge): Delete. |
| (sm_state_map::on_inherited_svalue): Delete. |
| (sm_state_map::on_cast): Delete. |
| (sm_state_map::validate): Delete. |
| (sm_state_map::canonicalize_svalue): New. |
| (program_state::program_state): Update to pass manager to |
| region_model's ctor. Constify num_states and pass state machine |
| and index to sm_state_map ctor. |
| (program_state::print): Update for changes to dump API. |
| (program_state::dump_to_pp): Ignore the summarize param. Add |
| "multiline" param. |
| (program_state::dump_to_file): Add "multiline" param. |
| (program_state::dump): Pass "true" for new "multiline" param. |
| (program_state::push_frame): New. |
| (program_state::on_edge): Drop "change" param. Call |
| program_state::detect_leaks. |
| (program_state::prune_for_point): Add enode_for_diag param. |
| Reimplement based on store class. Call detect_leaks |
| (program_state::remap_svalue_ids): Delete. |
| (program_state::get_representative_tree): Port from svalue_id to |
| const svalue *. |
| (program_state::can_merge_with_p): Add "point" param. Add early |
| reject for sm-differences. Drop id remapping. |
| (program_state::validate): Drop region model and sm_state_map |
| validation. |
| (state_change::sm_change::dump): Delete. |
| (state_change::sm_change::remap_svalue_ids): Delete. |
| (state_change::sm_change::on_svalue_purge): Delete. |
| (log_set_of_svalues): New. |
| (state_change::sm_change::validate): Delete. |
| (state_change::state_change): Delete. |
| (state_change::add_sm_change): Delete. |
| (state_change::affects_p): Delete. |
| (state_change::dump): Delete. |
| (state_change::remap_svalue_ids): Delete. |
| (state_change::on_svalue_purge): Delete. |
| (state_change::validate): Delete. |
| (selftest::assert_dump_eq): Delete. |
| (ASSERT_DUMP_EQ): Delete. |
| (selftest::test_sm_state_map): Update for changes to region_model |
| and sm_state_map, porting from svalue_id to const svalue *. |
| (selftest::test_program_state_dumping): Likewise. Drop test of |
| dumping, renaming to... |
| (selftest::test_program_state_1): ...this. |
| (selftest::test_program_state_dumping_2): Likewise, renaming to... |
| (selftest::test_program_state_2): ...this. |
| (selftest::test_program_state_merging): Update for changes to |
| region_model. |
| (selftest::test_program_state_merging_2): Likewise. |
| (selftest::analyzer_program_state_cc_tests): Update for renamed |
| tests. |
| * program-state.h (extrinsic_state::extrinsic_state): Add logger |
| and engine params. |
| (extrinsic_state::get_logger): New accessor. |
| (extrinsic_state::get_engine): New accessor. |
| (extrinsic_state::get_model_manager): New accessor. |
| (extrinsic_state::m_logger): New field. |
| (extrinsic_state::m_engine): New field. |
| (struct default_hash_traits<svalue_id>): Delete. |
| (pod_hash_traits<svalue_id>::hash): Delete. |
| (pod_hash_traits<svalue_id>::equal): Delete. |
| (pod_hash_traits<svalue_id>::mark_deleted): Delete. |
| (pod_hash_traits<svalue_id>::mark_empty): Delete. |
| (pod_hash_traits<svalue_id>::is_deleted): Delete. |
| (pod_hash_traits<svalue_id>::is_empty): Delete. |
| (sm_state_map::entry_t::entry_t): Port from svalue_id to |
| const svalue *. |
| (sm_state_map::entry_t::m_origin): Likewise. |
| (sm_state_map::map_t): Likewise. |
| (sm_state_map::sm_state_map): Add state_machine and index params. |
| (sm_state_map::clone_with_remapping): Delete. |
| (sm_state_map::print): Drop sm param; add simple and multiline |
| params. |
| (sm_state_map::dump): Drop sm param; add simple param. |
| (sm_state_map::get_state): Port from svalue_id to const svalue *. |
| Add ext_state param. |
| (sm_state_map::get_origin): Likewise. |
| (sm_state_map::set_state): Likewise. |
| (sm_state_map::impl_set_state): Likewise. |
| (sm_state_map::purge_for_unknown_fncall): Delete. |
| (sm_state_map::remap_svalue_ids): Delete. |
| (sm_state_map::on_svalue_purge): Delete. |
| (sm_state_map::on_svalue_leak): New. |
| (sm_state_map::on_liveness_change): New. |
| (sm_state_map::on_inherited_svalue): Delete. |
| (sm_state_map::on_cast): Delete. |
| (sm_state_map::validate): Delete. |
| (sm_state_map::on_unknown_change): Port from svalue_id to |
| const svalue *. Add is_mutable and ext_state params. |
| (sm_state_map::canonicalize_svalue): New. |
| (sm_state_map::m_sm): New field. |
| (sm_state_map::m_sm_idx): New field. |
| (program_state::operator=): Delete. |
| (program_state::dump_to_pp): Drop "summarize" param, adding |
| "simple" and "multiline". |
| (program_state::dump_to_file): Likewise. |
| (program_state::dump): Rename "summarize" to "simple". |
| (program_state::push_frame): New. |
| (program_state::get_current_function): New. |
| (program_state::on_edge): Drop "change" param. |
| (program_state::prune_for_point): Likewise. Add enode_for_diag |
| param. |
| (program_state::remap_svalue_ids): Delete. |
| (program_state::get_representative_tree): Port from svalue_id to |
| const svalue *. |
| (program_state::can_purge_p): Likewise. Pass ext_state to get_state. |
| (program_state::can_merge_with_p): Add point param. |
| (program_state::detect_leaks): New. |
| (state_change_visitor::on_state_change): Port from tree and |
| svalue_id to a pair of const svalue *. |
| (class state_change): Delete. |
| * region.cc: New file. |
| * region-model-impl-calls.cc: New file. |
| * region-model-manager.cc: New file. |
| * region-model-reachability.cc: New file. |
| * region-model-reachability.h: New file. |
| * region-model.cc: Include "analyzer/call-string.h", |
| "analyzer/program-point.h", and "analyzer/store.h" before |
| "analyzer/region-model.h". Include |
| "analyzer/region-model-reachability.h". |
| (dump_tree): Make non-static. |
| (dump_quoted_tree): Make non-static. |
| (print_quoted_type): Make non-static. |
| (path_var::dump): Delete. |
| (dump_separator): Delete. |
| (class impl_constraint_manager): Delete. |
| (svalue_id::print): Delete. |
| (svalue_id::dump_node_name_to_pp): Delete. |
| (svalue_id::validate): Delete. |
| (region_id::print): Delete. |
| (region_id::dump_node_name_to_pp): Delete. |
| (region_id::validate): Delete. |
| (region_id_set::region_id_set): Delete. |
| (svalue_id_set::svalue_id_set): Delete. |
| (svalue::operator==): Delete. |
| (svalue::hash): Delete. |
| (svalue::print): Delete. |
| (svalue::dump_dot_to_pp): Delete. |
| (svalue::remap_region_ids): Delete. |
| (svalue::walk_for_canonicalization): Delete. |
| (svalue::get_child_sid): Delete. |
| (svalue::maybe_get_constant): Delete. |
| (region_svalue::compare_fields): Delete. |
| (region_svalue::add_to_hash): Delete. |
| (region_svalue::print_details): Delete. |
| (region_svalue::dump_dot_to_pp): Delete. |
| (region_svalue::remap_region_ids): Delete. |
| (region_svalue::merge_values): Delete. |
| (region_svalue::walk_for_canonicalization): Delete. |
| (region_svalue::eval_condition): Delete. |
| (constant_svalue::compare_fields): Delete. |
| (constant_svalue::add_to_hash): Delete. |
| (constant_svalue::merge_values): Delete. |
| (constant_svalue::eval_condition): Move to svalue.cc. |
| (constant_svalue::print_details): Delete. |
| (constant_svalue::get_child_sid): Delete. |
| (unknown_svalue::compare_fields): Delete. |
| (unknown_svalue::add_to_hash): Delete. |
| (unknown_svalue::print_details): Delete. |
| (poison_kind_to_str): Move to svalue.cc. |
| (poisoned_svalue::compare_fields): Delete. |
| (poisoned_svalue::add_to_hash): Delete. |
| (poisoned_svalue::print_details): Delete. |
| (region_kind_to_str): Move to region.cc and reimplement. |
| (region::operator==): Delete. |
| (region::get_parent_region): Delete. |
| (region::set_value): Delete. |
| (region::become_active_view): Delete. |
| (region::deactivate_any_active_view): Delete. |
| (region::deactivate_view): Delete. |
| (region::get_value): Delete. |
| (region::get_inherited_child_sid): Delete. |
| (region_model::copy_region): Delete. |
| (region_model::copy_struct_region): Delete. |
| (region_model::copy_union_region): Delete. |
| (region_model::copy_array_region): Delete. |
| (region::hash): Delete. |
| (region::print): Delete. |
| (region::dump_dot_to_pp): Delete. |
| (region::dump_to_pp): Delete. |
| (region::dump_child_label): Delete. |
| (region::validate): Delete. |
| (region::remap_svalue_ids): Delete. |
| (region::remap_region_ids): Delete. |
| (region::add_view): Delete. |
| (region::get_view): Delete. |
| (region::region): Move to region.cc. |
| (region::add_to_hash): Delete. |
| (region::print_fields): Delete. |
| (region::non_null_p): Delete. |
| (primitive_region::clone): Delete. |
| (primitive_region::walk_for_canonicalization): Delete. |
| (map_region::map_region): Delete. |
| (map_region::compare_fields): Delete. |
| (map_region::print_fields): Delete. |
| (map_region::validate): Delete. |
| (map_region::dump_dot_to_pp): Delete. |
| (map_region::dump_child_label): Delete. |
| (map_region::get_or_create): Delete. |
| (map_region::get): Delete. |
| (map_region::add_to_hash): Delete. |
| (map_region::remap_region_ids): Delete. |
| (map_region::unbind): Delete. |
| (map_region::get_tree_for_child_region): Delete. |
| (map_region::get_tree_for_child_region): Delete. |
| (tree_cmp): Move to region.cc. |
| (map_region::can_merge_p): Delete. |
| (map_region::walk_for_canonicalization): Delete. |
| (map_region::get_value_by_name): Delete. |
| (struct_or_union_region::valid_key_p): Delete. |
| (struct_or_union_region::compare_fields): Delete. |
| (struct_region::clone): Delete. |
| (struct_region::compare_fields): Delete. |
| (union_region::clone): Delete. |
| (union_region::compare_fields): Delete. |
| (frame_region::compare_fields): Delete. |
| (frame_region::clone): Delete. |
| (frame_region::valid_key_p): Delete. |
| (frame_region::print_fields): Delete. |
| (frame_region::add_to_hash): Delete. |
| (globals_region::compare_fields): Delete. |
| (globals_region::clone): Delete. |
| (globals_region::valid_key_p): Delete. |
| (code_region::compare_fields): Delete. |
| (code_region::clone): Delete. |
| (code_region::valid_key_p): Delete. |
| (array_region::array_region): Delete. |
| (array_region::get_element): Delete. |
| (array_region::clone): Delete. |
| (array_region::compare_fields): Delete. |
| (array_region::print_fields): Delete. |
| (array_region::validate): Delete. |
| (array_region::dump_dot_to_pp): Delete. |
| (array_region::dump_child_label): Delete. |
| (array_region::get_or_create): Delete. |
| (array_region::get): Delete. |
| (array_region::add_to_hash): Delete. |
| (array_region::remap_region_ids): Delete. |
| (array_region::get_key_for_child_region): Delete. |
| (array_region::key_cmp): Delete. |
| (array_region::walk_for_canonicalization): Delete. |
| (array_region::key_from_constant): Delete. |
| (array_region::constant_from_key): Delete. |
| (function_region::compare_fields): Delete. |
| (function_region::clone): Delete. |
| (function_region::valid_key_p): Delete. |
| (stack_region::stack_region): Delete. |
| (stack_region::compare_fields): Delete. |
| (stack_region::clone): Delete. |
| (stack_region::print_fields): Delete. |
| (stack_region::dump_child_label): Delete. |
| (stack_region::validate): Delete. |
| (stack_region::push_frame): Delete. |
| (stack_region::get_current_frame_id): Delete. |
| (stack_region::pop_frame): Delete. |
| (stack_region::add_to_hash): Delete. |
| (stack_region::remap_region_ids): Delete. |
| (stack_region::can_merge_p): Delete. |
| (stack_region::walk_for_canonicalization): Delete. |
| (stack_region::get_value_by_name): Delete. |
| (heap_region::heap_region): Delete. |
| (heap_region::compare_fields): Delete. |
| (heap_region::clone): Delete. |
| (heap_region::walk_for_canonicalization): Delete. |
| (root_region::root_region): Delete. |
| (root_region::compare_fields): Delete. |
| (root_region::clone): Delete. |
| (root_region::print_fields): Delete. |
| (root_region::validate): Delete. |
| (root_region::dump_child_label): Delete. |
| (root_region::push_frame): Delete. |
| (root_region::get_current_frame_id): Delete. |
| (root_region::pop_frame): Delete. |
| (root_region::ensure_stack_region): Delete. |
| (root_region::get_stack_region): Delete. |
| (root_region::ensure_globals_region): Delete. |
| (root_region::get_code_region): Delete. |
| (root_region::ensure_code_region): Delete. |
| (root_region::get_globals_region): Delete. |
| (root_region::ensure_heap_region): Delete. |
| (root_region::get_heap_region): Delete. |
| (root_region::remap_region_ids): Delete. |
| (root_region::can_merge_p): Delete. |
| (root_region::add_to_hash): Delete. |
| (root_region::walk_for_canonicalization): Delete. |
| (root_region::get_value_by_name): Delete. |
| (symbolic_region::symbolic_region): Delete. |
| (symbolic_region::compare_fields): Delete. |
| (symbolic_region::clone): Delete. |
| (symbolic_region::walk_for_canonicalization): Delete. |
| (symbolic_region::print_fields): Delete. |
| (region_model::region_model): Add region_model_manager * param. |
| Reimplement in terms of store, dropping impl_constraint_manager |
| subclass. |
| (region_model::operator=): Reimplement in terms of store |
| (region_model::operator==): Likewise. |
| (region_model::hash): Likewise. |
| (region_model::print): Delete. |
| (region_model::print_svalue): Delete. |
| (region_model::dump_dot_to_pp): Delete. |
| (region_model::dump_dot_to_file): Delete. |
| (region_model::dump_dot): Delete. |
| (region_model::dump_to_pp): Replace "summarize" param with |
| "simple" and "multiline". Port to store-based implementation. |
| (region_model::dump): Replace "summarize" param with "simple" and |
| "multiline". |
| (dump_vec_of_tree): Delete. |
| (region_model::dump_summary_of_rep_path_vars): Delete. |
| (region_model::validate): Delete. |
| (svalue_id_cmp_by_constant_svalue_model): Delete. |
| (svalue_id_cmp_by_constant_svalue): Delete. |
| (region_model::canonicalize): Drop "ctxt" param. Reimplement in |
| terms of store and constraints. |
| (region_model::canonicalized_p): Remove NULL arg to canonicalize. |
| (region_model::loop_replay_fixup): New. |
| (poisoned_value_diagnostic::emit): Tweak wording of warnings. |
| (region_model::check_for_poison): Delete. |
| (region_model::get_gassign_result): New. |
| (region_model::on_assignment): Port to store-based implementation. |
| (region_model::on_call_pre): Delete calls to check_for_poison. |
| Move implementations to region-model-impl-calls.c and port to |
| store-based implementation. |
| (region_model::on_call_post): Likewise. |
| (class reachable_regions): Move to region-model-reachability.h/cc |
| and port to store-based implementation. |
| (region_model::handle_unrecognized_call): Port to store-based |
| implementation. |
| (region_model::get_reachable_svalues): New. |
| (region_model::on_setjmp): Port to store-based implementation. |
| (region_model::on_longjmp): Likewise. |
| (region_model::handle_phi): Drop is_back_edge param and the logic |
| using it. |
| (region_model::get_lvalue_1): Port from region_id to const region *. |
| (region_model::make_region_for_unexpected_tree_code): Delete. |
| (assert_compat_types): If the check fails, use internal_error to |
| show the types. |
| (region_model::get_lvalue): Port from region_id to const region *. |
| (region_model::get_rvalue_1): Port from svalue_id to const svalue *. |
| (region_model::get_rvalue): Likewise. |
| (region_model::get_or_create_ptr_svalue): Delete. |
| (region_model::get_or_create_constant_svalue): Delete. |
| (region_model::get_svalue_for_fndecl): Delete. |
| (region_model::get_region_for_fndecl): Delete. |
| (region_model::get_svalue_for_label): Delete. |
| (region_model::get_region_for_label): Delete. |
| (build_cast): Delete. |
| (region_model::maybe_cast_1): Delete. |
| (region_model::maybe_cast): Delete. |
| (region_model::get_field_region): Delete. |
| (region_model::get_store_value): New. |
| (region_model::region_exists_p): New. |
| (region_model::deref_rvalue): Port from svalue_id to const svalue *. |
| (region_model::set_value): Likewise. |
| (region_model::clobber_region): New. |
| (region_model::purge_region): New. |
| (region_model::zero_fill_region): New. |
| (region_model::mark_region_as_unknown): New. |
| (region_model::eval_condition): Port from svalue_id to |
| const svalue *. |
| (region_model::eval_condition_without_cm): Likewise. |
| (region_model::compare_initial_and_pointer): New. |
| (region_model::add_constraint): Port from svalue_id to |
| const svalue *. |
| (region_model::maybe_get_constant): Delete. |
| (region_model::get_representative_path_var): New. |
| (region_model::add_new_malloc_region): Delete. |
| (region_model::get_representative_tree): Port to const svalue *. |
| (region_model::get_representative_path_var): Port to |
| const region *. |
| (region_model::get_path_vars_for_svalue): Delete. |
| (region_model::set_to_new_unknown_value): Delete. |
| (region_model::update_for_phis): Don't pass is_back_edge to handle_phi. |
| (region_model::update_for_call_superedge): Port from svalue_id to |
| const svalue *. |
| (region_model::update_for_return_superedge): Port to store-based |
| implementation. |
| (region_model::update_for_call_summary): Replace |
| set_to_new_unknown_value with mark_region_as_unknown. |
| (region_model::get_root_region): Delete. |
| (region_model::get_stack_region_id): Delete. |
| (region_model::push_frame): Delete. |
| (region_model::get_current_frame_id): Delete. |
| (region_model::get_current_function): Delete. |
| (region_model::pop_frame): Delete. |
| (region_model::on_top_level_param): New. |
| (region_model::get_stack_depth): Delete. |
| (region_model::get_function_at_depth): Delete. |
| (region_model::get_globals_region_id): Delete. |
| (region_model::add_svalue): Delete. |
| (region_model::replace_svalue): Delete. |
| (region_model::add_region): Delete. |
| (region_model::get_svalue): Delete. |
| (region_model::get_region): Delete. |
| (make_region_for_type): Delete. |
| (region_model::add_region_for_type): Delete. |
| (region_model::on_top_level_param): New. |
| (class restrict_to_used_svalues): Delete. |
| (region_model::purge_unused_svalues): Delete. |
| (region_model::push_frame): New. |
| (region_model::remap_svalue_ids): Delete. |
| (region_model::remap_region_ids): Delete. |
| (region_model::purge_regions): Delete. |
| (region_model::get_descendents): Delete. |
| (region_model::delete_region_and_descendents): Delete. |
| (region_model::poison_any_pointers_to_bad_regions): Delete. |
| (region_model::can_merge_with_p): Delete. |
| (region_model::get_current_function): New. |
| (region_model::get_value_by_name): Delete. |
| (region_model::convert_byte_offset_to_array_index): Delete. |
| (region_model::pop_frame): New. |
| (region_model::get_or_create_mem_ref): Delete. |
| (region_model::get_stack_depth): New. |
| (region_model::get_frame_at_index): New. |
| (region_model::unbind_region_and_descendents): New. |
| (struct bad_pointer_finder): New. |
| (region_model::get_or_create_pointer_plus_expr): Delete. |
| (region_model::poison_any_pointers_to_descendents): New. |
| (region_model::get_or_create_view): Delete. |
| (region_model::can_merge_with_p): New. |
| (region_model::get_fndecl_for_call): Port from svalue_id to |
| const svalue *. |
| (struct append_ssa_names_cb_data): New. |
| (get_ssa_name_regions_for_current_frame): New. |
| (region_model::append_ssa_names_cb): New. |
| (model_merger::dump_to_pp): Add "simple" param. Drop dumping of |
| remappings. |
| (model_merger::dump): Add "simple" param to both overloads. |
| (model_merger::can_merge_values_p): Delete. |
| (model_merger::record_regions): Delete. |
| (model_merger::record_svalues): Delete. |
| (svalue_id_merger_mapping::svalue_id_merger_mapping): Delete. |
| (svalue_id_merger_mapping::dump_to_pp): Delete. |
| (svalue_id_merger_mapping::dump): Delete. |
| (region_model::create_region_for_heap_alloc): New. |
| (region_model::create_region_for_alloca): New. |
| (region_model::record_dynamic_extents): New. |
| (canonicalization::canonicalization): Delete. |
| (canonicalization::walk_rid): Delete. |
| (canonicalization::walk_sid): Delete. |
| (canonicalization::dump_to_pp): Delete. |
| (canonicalization::dump): Delete. |
| (inchash::add): Delete overloads for svalue_id and region_id. |
| (engine::log_stats): New. |
| (assert_condition): Add overload comparing svalues. |
| (assert_dump_eq): Pass "true" for multiline. |
| (selftest::test_dump): Update for rewrite of region_model. |
| (selftest::test_dump_2): Rename to... |
| (selftest::test_struct): ...this. Provide a region_model_manager |
| when creating region_model instance. Remove dump test. Add |
| checks for get_offset. |
| (selftest::test_dump_3): Rename to... |
| (selftest::test_array_1): ...this. Provide a region_model_manager |
| when creating region_model instance. Remove dump test. |
| (selftest::test_get_representative_tree): Port from svalue_id to |
| new API. Add test coverage for various expressions. |
| (selftest::test_unique_constants): Provide a region_model_manager |
| for the region_model. Add test coverage for comparing const vs |
| non-const. |
| (selftest::test_svalue_equality): Delete. |
| (selftest::test_region_equality): Delete. |
| (selftest::test_unique_unknowns): New. |
| (class purge_all_svalue_ids): Delete. |
| (class purge_one_svalue_id): Delete. |
| (selftest::test_purging_by_criteria): Delete. |
| (selftest::test_initial_svalue_folding): New. |
| (selftest::test_unaryop_svalue_folding): New. |
| (selftest::test_binop_svalue_folding): New. |
| (selftest::test_sub_svalue_folding): New. |
| (selftest::test_purge_unused_svalues): Delete. |
| (selftest::test_descendent_of_p): New. |
| (selftest::test_assignment): Provide a region_model_manager for |
| the region_model. Drop the dump test. |
| (selftest::test_compound_assignment): Likewise. |
| (selftest::test_stack_frames): Port to new implementation. |
| (selftest::test_get_representative_path_var): Likewise. |
| (selftest::test_canonicalization_1): Rename to... |
| (selftest::test_equality_1): ...this. Port to new API, and add |
| (selftest::test_canonicalization_2): Provide a |
| region_model_manager when creating region_model instances. |
| Remove redundant canicalization. |
| (selftest::test_canonicalization_3): Provide a |
| region_model_manager when creating region_model instances. |
| Remove param from calls to region_model::canonicalize. |
| (selftest::test_canonicalization_4): Likewise. |
| (selftest::assert_region_models_merge): Constify |
| out_merged_svalue. Port to new API. |
| (selftest::test_state_merging): Provide a |
| region_model_manager when creating region_model instances. |
| Provide a program_point point when merging them. Replace |
| set_to_new_unknown_value with usage of placeholder_svalues. |
| Drop get_value_by_name. Port from svalue_id to const svalue *. |
| Add test of heap allocation. |
| (selftest::test_constraint_merging): Provide a |
| region_model_manager when creating region_model instances. |
| Provide a program_point point when merging them. Eliminate use |
| of set_to_new_unknown_value. |
| (selftest::test_widening_constraints): New. |
| (selftest::test_iteration_1): New. |
| (selftest::test_malloc_constraints): Port to store-based |
| implementation. |
| (selftest::test_var): New test. |
| |