| 2023-05-08 Release Manager |
| |
| * GCC 12.3.0 released. |
| |
| 2023-03-29 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/109094 |
| * region-model.cc (region_model::on_longjmp): Pass false for |
| new "eval_return_svalue" param of pop_frame. |
| (region_model::pop_frame): Add new "eval_return_svalue" param and |
| use it to suppress the call to get_rvalue on the result when |
| needed by on_longjmp. |
| * region-model.h (region_model::pop_frame): Add new |
| "eval_return_svalue" param. |
| |
| 2023-03-29 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/108968 |
| * region-model.cc (region_model::get_rvalue_1): Handle VAR_DECLs |
| with a DECL_HARD_REGISTER by returning UNKNOWN. |
| |
| 2023-03-29 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/108733 |
| * state-purge.cc (get_candidate_for_purging): Add ADDR_EXPR |
| and MEM_REF. |
| |
| 2023-03-29 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/108704 |
| * state-purge.cc (state_purge_per_decl::process_point_backwards): |
| Don't stop processing the decl if it's fully overwritten by |
| this stmt if it's also used by this stmt. |
| |
| 2023-03-29 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/106325 |
| * region-model-manager.cc |
| (region_model_manager::get_or_create_null_ptr): New. |
| * region-model.cc (region_model::on_top_level_param): Add |
| "nonnull" param and make use of it. |
| (region_model::push_frame): When handling a top-level entrypoint |
| to the analysis, determine which params __attribute__((nonnull)) |
| applies to, and pass to on_top_level_param. |
| * region-model.h (region_model_manager::get_or_create_null_ptr): |
| New decl. |
| (region_model::on_top_level_param): Add "nonnull" param. |
| |
| 2023-03-29 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/107948 |
| * region-model-manager.cc |
| (region_model_manager::maybe_fold_binop): Fold (0 - VAL) to -VAL. |
| * region-model.cc (region_model::eval_condition): Handle e.g. |
| "-X <= 0" as equivalent to X >= 0". |
| |
| 2023-03-29 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/105784 |
| * region-model-manager.cc |
| (region_model_manager::maybe_fold_binop): For POINTER_PLUS_EXPR, |
| PLUS_EXPR and MINUS_EXPR, eliminate requirement that the final |
| type matches that of arg0 in favor of a cast. |
| |
| 2023-03-29 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/107582 |
| * engine.cc (dynamic_call_info_t::update_model): Update the model |
| by pushing or pop a frame, rather than by clobbering it with the |
| model from the exploded_node's state. |
| |
| 2023-03-29 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/107345 |
| * region-model.cc (region_model::eval_condition_without_cm): |
| Ensure that constants are on the right-hand side before checking |
| for them. |
| |
| 2023-03-29 David Malcolm <dmalcolm@redhat.com> |
| |
| * region-model-manager.cc |
| (region_model_manager::maybe_fold_unaryop): Fold -(-(VAL)) to VAL. |
| |
| 2023-03-29 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/106573 |
| * region-model.cc (region_model::on_call_pre): Use check_call_args |
| when ensuring that we call get_arg_svalue on all args. Remove |
| redundant call from handling for stdio builtins. |
| |
| 2023-03-29 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/106573 |
| * region-model.cc (region_model::on_call_pre): Ensure that we call |
| get_arg_svalue on all arguments. |
| |
| 2022-08-19 Release Manager |
| |
| * GCC 12.2.0 released. |
| |
| 2022-07-27 David Malcolm <dmalcolm@redhat.com> |
| |
| * region.h (code_region::get_element): Remove stray decl. |
| (function_region::get_element): Likewise. |
| |
| 2022-07-27 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/106225 |
| * sm-taint.cc (taint_state_machine::on_stmt): Move handling of |
| assignments from division to... |
| (taint_state_machine::check_for_tainted_divisor): ...this new |
| function. Reject warning when the divisor is known to be non-zero. |
| * sm.cc: Include "analyzer/program-state.h". |
| (sm_context::get_old_region_model): New. |
| * sm.h (sm_context::get_old_region_model): New decl. |
| |
| 2022-07-27 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/106204 |
| * region-model.cc (within_short_circuited_stmt_p): Move extraction |
| of assign_stmt to caller. |
| (due_to_ifn_deferred_init_p): New. |
| (region_model::check_for_poison): Move extraction of assign_stmt |
| from within_short_circuited_stmt_p to here. Share logic with |
| call to due_to_ifn_deferred_init_p. |
| |
| 2022-07-27 David Malcolm <dmalcolm@redhat.com> |
| |
| * diagnostic-manager.cc (saved_diagnostic::dump_dot_id): New. |
| (saved_diagnostic::dump_as_dot_node): New. |
| * diagnostic-manager.h (saved_diagnostic::dump_dot_id): New decl. |
| (saved_diagnostic::dump_as_dot_node): New decl. |
| * engine.cc (exploded_node::dump_dot): Add nodes for saved |
| diagnostics. |
| |
| 2022-07-27 David Malcolm <dmalcolm@redhat.com> |
| |
| * checker-path.cc (state_change_event::get_desc): Call maybe_free |
| on label_text temporaries. |
| * diagnostic-manager.cc |
| (diagnostic_manager::prune_for_sm_diagnostic): Likewise. |
| * engine.cc (exploded_graph::~exploded_graph): Fix leak of |
| m_per_point_data and m_per_call_string_data values. Simplify |
| cleanup of m_per_function_stats and m_per_point_data values. |
| (feasibility_state::maybe_update_for_edge): Fix leak of result of |
| superedge::get_description. |
| * region-model-manager.cc |
| (region_model_manager::~region_model_manager): Move cleanup of |
| m_setjmp_values to match the ordering of the fields within |
| region_model_manager. Fix leak of values within |
| m_repeated_values_map, m_bits_within_values_map, |
| m_asm_output_values_map, and m_const_fn_result_values_map. |
| |
| 2022-07-27 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/105285 |
| * store.cc (binding_cluster::get_any_binding): Handle accessing |
| sub_svalues of clusters where the base region has a symbolic |
| binding. |
| |
| 2022-07-27 David Malcolm <dmalcolm@redhat.com> |
| |
| * diagnostic-manager.cc (epath_finder::process_worklist_item): |
| Call dump_feasible_path when a path that reaches the the target |
| enode is found. |
| (epath_finder::dump_feasible_path): New. |
| * engine.cc (feasibility_state::dump_to_pp): New. |
| * exploded-graph.h (feasibility_state::dump_to_pp): New decl. |
| * feasible-graph.cc (feasible_graph::dump_feasible_path): New. |
| * feasible-graph.h (feasible_graph::dump_feasible_path): New |
| decls. |
| * program-point.cc (function_point::print): Fix missing trailing |
| newlines. |
| * program-point.h (program_point::print_source_line): Remove |
| unimplemented decl. |
| |
| 2022-05-06 Release Manager |
| |
| * GCC 12.1.0 released. |
| |
| 2022-04-25 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/105365 |
| PR analyzer/105366 |
| * svalue.cc |
| (cmp_cst): Rename to... |
| (cmp_csts_same_type): ...this. Convert all recursive calls to |
| calls to... |
| (cmp_csts_and_types): ....this new function. |
| (svalue::cmp_ptr): Update for renaming of cmp_cst |
| |
| 2022-04-14 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/105264 |
| * region-model-reachability.cc (reachable_regions::handle_parm): |
| Use maybe_get_deref_base_region rather than just region_svalue, to |
| handle pointer arithmetic also. |
| * svalue.cc (svalue::maybe_get_deref_base_region): New. |
| * svalue.h (svalue::maybe_get_deref_base_region): New decl. |
| |
| 2022-04-14 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/105252 |
| * svalue.cc (cmp_cst): When comparing VECTOR_CSTs, compare the |
| types of the encoded elements before calling cmp_cst on them. |
| |
| 2022-04-09 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/103892 |
| * region-model-manager.cc |
| (region_model_manager::get_unknown_symbolic_region): New, |
| extracted from... |
| (region_model_manager::get_field_region): ...here. |
| (region_model_manager::get_element_region): Use it here. |
| (region_model_manager::get_offset_region): Likewise. |
| (region_model_manager::get_sized_region): Likewise. |
| (region_model_manager::get_cast_region): Likewise. |
| (region_model_manager::get_bit_range): Likewise. |
| * region-model.h |
| (region_model_manager::get_unknown_symbolic_region): New decl. |
| * region.cc (symbolic_region::symbolic_region): Handle sval_ptr |
| having NULL type. |
| (symbolic_region::dump_to_pp): Handle having NULL type. |
| |
| 2022-04-07 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/102208 |
| * store.cc (binding_map::remove_overlapping_bindings): Add |
| "always_overlap" param, using it to generalize to the case where |
| we want to remove all bindings. Update "uncertainty" logic to |
| only record maybe-bound values for cases where there is a symbolic |
| write involved. |
| (binding_cluster::mark_region_as_unknown): Split param "reg" into |
| "reg_to_bind" and "reg_for_overlap". |
| (binding_cluster::maybe_get_compound_binding): Pass "false" to |
| binding_map::remove_overlapping_bindings new "always_overlap" param. |
| (binding_cluster::remove_overlapping_bindings): Determine |
| "always_overlap" and pass it to |
| binding_map::remove_overlapping_bindings. |
| (store::set_value): Pass uncertainty to remove_overlapping_bindings |
| call. Update for new param of |
| binding_cluster::mark_region_as_unknown, passing both the base |
| region of the iter_cluster, and the lhs_reg. |
| (store::mark_region_as_unknown): Update for new param of |
| binding_cluster::mark_region_as_unknown, passing "reg" for both. |
| (store::remove_overlapping_bindings): Add param "uncertainty", and |
| pass it on to call to |
| binding_cluster::remove_overlapping_bindings. |
| * store.h (binding_map::remove_overlapping_bindings): Add |
| "always_overlap" param. |
| (binding_cluster::mark_region_as_unknown): Split param "reg" into |
| "reg_to_bind" and "reg_for_overlap". |
| (store::remove_overlapping_bindings): Add param "uncertainty". |
| |
| 2022-03-29 David Malcolm <dmalcolm@redhat.com> |
| |
| PR testsuite/105085 |
| * region-model-manager.cc (dump_untracked_region): Skip decls in |
| the constant pool. |
| |
| 2022-03-29 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/105087 |
| * analyzer.h (class conjured_purge): New forward decl. |
| * region-model-asm.cc (region_model::on_asm_stmt): Add |
| conjured_purge param to calls binding_cluster::on_asm and |
| region_model_manager::get_or_create_conjured_svalue. |
| * region-model-impl-calls.cc |
| (call_details::get_or_create_conjured_svalue): Likewise for call |
| to region_model_manager::get_or_create_conjured_svalue. |
| (region_model::impl_call_fgets): Remove call to |
| region_model::purge_state_involving, as this is now done |
| implicitly by call_details::get_or_create_conjured_svalue. |
| (region_model::impl_call_fread): Likewise. |
| (region_model::impl_call_strchr): Pass conjured_purge param to |
| call to region_model_manager::get_or_create_conjured_svalue. |
| * region-model-manager.cc (conjured_purge::purge): New. |
| (region_model_manager::get_or_create_conjured_svalue): Add |
| param "p". Use it to purge state when reusing an existing |
| conjured_svalue. |
| * region-model.cc (region_model::on_call_pre): Replace call to |
| region_model::purge_state_involving with passing conjured_purge |
| to region_model_manager::get_or_create_conjured_svalue. |
| (region_model::handle_unrecognized_call): Pass conjured_purge to |
| store::on_unknown_fncall. |
| * region-model.h |
| (region_model_manager::get_or_create_conjured_svalue): Add param |
| "p". |
| * store.cc (binding_cluster::on_unknown_fncall): Likewise. Pass |
| it on to region_model_manager::get_or_create_conjured_svalue. |
| (binding_cluster::on_asm): Likewise. |
| (store::on_unknown_fncall): Add param "p" and pass it on to |
| binding_cluster::on_unknown_fncall. |
| * store.h (binding_cluster::on_unknown_fncall): Add param p. |
| (binding_cluster::on_asm): Likewise. |
| (store::on_unknown_fncall): Likewise. |
| * svalue.h (class conjured_purge): New. |
| |
| 2022-03-29 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/105074 |
| * region.cc (ipa_ref_requires_tracking): Drop "context_fndecl", |
| instead using the ref->referring to get the cgraph node of the |
| caller. |
| (symnode_requires_tracking_p): Likewise. |
| |
| 2022-03-26 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/105057 |
| * store.cc (binding_cluster::make_unknown_relative_to): Reject |
| attempts to create a cluster for untracked base regions. |
| (store::set_value): Likewise. |
| (store::fill_region): Likewise. |
| (store::mark_region_as_unknown): Likewise. |
| |
| 2022-03-25 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/104954 |
| * analyzer.opt (-fdump-analyzer-untracked): New option. |
| * engine.cc (impl_run_checkers): Handle it. |
| * region-model-asm.cc (region_model::on_asm_stmt): Don't attempt |
| to clobber regions with !tracked_p (). |
| * region-model-manager.cc (dump_untracked_region): New. |
| (region_model_manager::dump_untracked_regions): New. |
| (frame_region::dump_untracked_regions): New. |
| * region-model.h (region_model_manager::dump_untracked_regions): |
| New decl. |
| * region.cc (ipa_ref_requires_tracking): New. |
| (symnode_requires_tracking_p): New. |
| (decl_region::calc_tracked_p): New. |
| * region.h (region::tracked_p): New vfunc. |
| (frame_region::dump_untracked_regions): New decl. |
| (class decl_region): Note that this is also used fo SSA names. |
| (decl_region::decl_region): Initialize m_tracked. |
| (decl_region::tracked_p): New. |
| (decl_region::calc_tracked_p): New decl. |
| (decl_region::m_tracked): New. |
| * store.cc (store::get_or_create_cluster): Assert that we |
| don't try to create clusters for base regions that aren't |
| trackable. |
| (store::mark_as_escaped): Don't mark base regions that we're not |
| tracking. |
| |
| 2022-03-23 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/104979 |
| * engine.cc (impl_run_checkers): Create the engine after the |
| supergraph, and pass the supergraph to the engine. |
| * region-model.cc (region_model::get_lvalue_1): Pass ctxt to |
| frame_region::get_region_for_local. |
| (region_model::update_for_return_gcall): Pass the lvalue for the |
| result to pop_frame as a tree, rather than as a region. |
| (region_model::pop_frame): Update for above change, determining |
| the destination region after the frame is popped and thus with |
| respect to the caller frame rather than the called frame. |
| Likewise, set the value of the region to the return value after |
| the frame is popped. |
| (engine::engine): Add supergraph pointer. |
| (selftest::test_stack_frames): Set the DECL_CONTECT of PARM_DECLs. |
| (selftest::test_get_representative_path_var): Likewise. |
| (selftest::test_state_merging): Likewise. |
| * region-model.h (region_model::pop_frame): Convert first param |
| from a const region * to a tree. |
| (engine::engine): Add param "sg". |
| (engine::m_sg): New field. |
| * region.cc: Include "analyzer/sm.h" and |
| "analyzer/program-state.h". |
| (frame_region::get_region_for_local): Add "ctxt" param. |
| Add assertions that VAR_DECLs are locals, and that expr is for the |
| correct function. |
| * region.h (frame_region::get_region_for_local): Add "ctxt" param. |
| |
| 2022-03-23 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/105017 |
| * sm-taint.cc (taint_diagnostic::subclass_equal_p): Check |
| m_has_bounds as well as m_arg. |
| (tainted_allocation_size::subclass_equal_p): Chain up to base |
| class implementation. Also check m_mem_space. |
| (tainted_allocation_size::emit): Add note showing stack-based vs |
| heap-based allocations. |
| |
| 2022-03-23 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/104997 |
| * diagnostic-manager.cc (diagnostic_manager::add_diagnostic): |
| Convert return type from "void" to "bool", reporting success vs |
| failure to caller, for both overloads. |
| * diagnostic-manager.h (diagnostic_manager::add_diagnostic): |
| Likewise. |
| * engine.cc (impl_region_model_context::warn): Propagate return |
| value from diagnostic_manager::add_diagnostic. |
| |
| 2022-03-18 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/104943 |
| PR analyzer/104954 |
| PR analyzer/103533 |
| * analyzer.h (class state_purge_per_decl): New forward decl. |
| * engine.cc (impl_run_checkers): Pass region_model_manager to |
| state_purge_map ctor. |
| * program-point.cc (function_point::final_stmt_p): New. |
| (function_point::get_next): New. |
| * program-point.h (function_point::final_stmt_p): New decl. |
| (function_point::get_next): New decl. |
| * program-state.cc (program_state::prune_for_point): Generalize to |
| purge local decls as well as SSA names. |
| (program_state::can_purge_base_region_p): New. |
| * program-state.h (program_state::can_purge_base_region_p): New |
| decl. |
| * region-model.cc (struct append_ssa_names_cb_data): Rename to... |
| (struct append_regions_cb_data): ...this. |
| (region_model::get_ssa_name_regions_for_current_frame): Rename |
| to... |
| (region_model::get_regions_for_current_frame): ...this, updating |
| for other renamings. |
| (region_model::append_ssa_names_cb): Rename to... |
| (region_model::append_regions_cb): ...this, and drop the requirement |
| that the subregion be a SSA name. |
| * region-model.h (struct append_ssa_names_cb_data): Rename decl |
| to... |
| (struct append_regions_cb_data): ...this. |
| (region_model::get_ssa_name_regions_for_current_frame): Rename |
| decl to... |
| (region_model::get_regions_for_current_frame): ...this. |
| (region_model::append_ssa_names_cb): Rename decl to... |
| (region_model::append_regions_cb): ...this. |
| * state-purge.cc: Include "tristate.h", "selftest.h", |
| "analyzer/store.h", "analyzer/region-model.h", and |
| "gimple-walk.h". |
| (get_candidate_for_purging): New. |
| (class gimple_op_visitor): New. |
| (my_load_cb): New. |
| (my_store_cb): New. |
| (my_addr_cb): New. |
| (state_purge_map::state_purge_map): Add "mgr" param. Update for |
| renamings. Find uses of local variables. |
| (state_purge_map::~state_purge_map): Update for renaming of m_map |
| to m_ssa_map. Clean up m_decl_map. |
| (state_purge_map::get_or_create_data_for_decl): New. |
| (state_purge_per_ssa_name::state_purge_per_ssa_name): Update for |
| inheriting from state_purge_per_tree. |
| (state_purge_per_ssa_name::add_to_worklist): Likewise. |
| (state_purge_per_decl::state_purge_per_decl): New. |
| (state_purge_per_decl::add_needed_at): New. |
| (state_purge_per_decl::add_pointed_to_at): New. |
| (state_purge_per_decl::process_worklists): New. |
| (state_purge_per_decl::add_to_worklist): New. |
| (same_binding_p): New. |
| (fully_overwrites_p): New. |
| (state_purge_per_decl::process_point_backwards): New. |
| (state_purge_per_decl::process_point_forwards): New. |
| (state_purge_per_decl::needed_at_point_p): New. |
| (state_purge_annotator::print_needed): Generalize to print local |
| decls as well as SSA names. |
| * state-purge.h (class state_purge_map): Update leading comment. |
| (state_purge_map::map_t): Rename to... |
| (state_purge_map::ssa_map_t): ...this. |
| (state_purge_map::iterator): Rename to... |
| (state_purge_map::ssa_iterator): ...this. |
| (state_purge_map::decl_map_t): New typedef. |
| (state_purge_map::decl_iterator): New typedef. |
| (state_purge_map::state_purge_map): Add "mgr" param. |
| (state_purge_map::get_data_for_ssa_name): Update for renaming. |
| (state_purge_map::get_any_data_for_decl): New. |
| (state_purge_map::get_or_create_data_for_decl): New decl. |
| (state_purge_map::begin): Rename to... |
| (state_purge_map::begin_ssas): ...this. |
| (state_purge_map::end): Rename to... |
| (state_purge_map::end_ssa): ...this. |
| (state_purge_map::begin_decls): New. |
| (state_purge_map::end_decls): New. |
| (state_purge_map::m_map): Rename to... |
| (state_purge_map::m_ssa_map): ...this. |
| (state_purge_map::m_decl_map): New field. |
| (class state_purge_per_tree): New class. |
| (class state_purge_per_ssa_name): Inherit from state_purge_per_tree. |
| (state_purge_per_ssa_name::get_function): Move to base class. |
| (state_purge_per_ssa_name::point_set_t): Likewise. |
| (state_purge_per_ssa_name::m_fun): Likewise. |
| (class state_purge_per_decl): New. |
| |
| 2022-03-17 David Malcolm <dmalcolm@redhat.com> |
| |
| * state-purge.cc (state_purge_annotator::add_node_annotations): |
| Avoid duplicate before-supernode annotations when returning from |
| an interprocedural call. Show after-supernode annotations. |
| |
| 2022-03-17 David Malcolm <dmalcolm@redhat.com> |
| |
| * program-point.cc (program_point::get_next): Fix missing |
| increment of index. |
| |
| 2022-03-16 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/104955 |
| * diagnostic-manager.cc (get_emission_location): New. |
| (diagnostic_manager::diagnostic_manager): Initialize |
| m_num_disabled_diagnostics. |
| (diagnostic_manager::add_diagnostic): Reject diagnostics that |
| will eventually be rejected due to being disabled. |
| (diagnostic_manager::emit_saved_diagnostics): Log the number |
| of disabled diagnostics. |
| (diagnostic_manager::emit_saved_diagnostic): Split out logic for |
| determining emission location to get_emission_location. |
| * diagnostic-manager.h |
| (diagnostic_manager::m_num_disabled_diagnostics): New field. |
| * engine.cc (stale_jmp_buf::get_controlling_option): New. |
| (stale_jmp_buf::emit): Use it. |
| * pending-diagnostic.h |
| (pending_diagnostic::get_controlling_option): New vfunc. |
| * region-model.cc |
| (poisoned_value_diagnostic::get_controlling_option): New. |
| (poisoned_value_diagnostic::emit): Use it. |
| (shift_count_negative_diagnostic::get_controlling_option): New. |
| (shift_count_negative_diagnostic::emit): Use it. |
| (shift_count_overflow_diagnostic::get_controlling_option): New. |
| (shift_count_overflow_diagnostic::emit): Use it. |
| (dump_path_diagnostic::get_controlling_option): New. |
| (dump_path_diagnostic::emit): Use it. |
| (write_to_const_diagnostic::get_controlling_option): New. |
| (write_to_const_diagnostic::emit): Use it. |
| (write_to_string_literal_diagnostic::get_controlling_option): New. |
| (write_to_string_literal_diagnostic::emit): Use it. |
| * sm-file.cc (double_fclose::get_controlling_option): New. |
| (double_fclose::emit): Use it. |
| (file_leak::get_controlling_option): New. |
| (file_leak::emit): Use it. |
| * sm-malloc.cc (mismatching_deallocation::get_controlling_option): |
| New. |
| (mismatching_deallocation::emit): Use it. |
| (double_free::get_controlling_option): New. |
| (double_free::emit): Use it. |
| (possible_null_deref::get_controlling_option): New. |
| (possible_null_deref::emit): Use it. |
| (possible_null_arg::get_controlling_option): New. |
| (possible_null_arg::emit): Use it. |
| (null_deref::get_controlling_option): New. |
| (null_deref::emit): Use it. |
| (null_arg::get_controlling_option): New. |
| (null_arg::emit): Use it. |
| (use_after_free::get_controlling_option): New. |
| (use_after_free::emit): Use it. |
| (malloc_leak::get_controlling_option): New. |
| (malloc_leak::emit): Use it. |
| (free_of_non_heap::get_controlling_option): New. |
| (free_of_non_heap::emit): Use it. |
| * sm-pattern-test.cc (pattern_match::get_controlling_option): New. |
| (pattern_match::emit): Use it. |
| * sm-sensitive.cc |
| (exposure_through_output_file::get_controlling_option): New. |
| (exposure_through_output_file::emit): Use it. |
| * sm-signal.cc (signal_unsafe_call::get_controlling_option): New. |
| (signal_unsafe_call::emit): Use it. |
| * sm-taint.cc (tainted_array_index::get_controlling_option): New. |
| (tainted_array_index::emit): Use it. |
| (tainted_offset::get_controlling_option): New. |
| (tainted_offset::emit): Use it. |
| (tainted_size::get_controlling_option): New. |
| (tainted_size::emit): Use it. |
| (tainted_divisor::get_controlling_option): New. |
| (tainted_divisor::emit): Use it. |
| (tainted_allocation_size::get_controlling_option): New. |
| (tainted_allocation_size::emit): Use it. |
| |
| 2022-03-15 David Malcolm <dmalcolm@redhat.com> |
| |
| * store.cc (store::store): Presize m_cluster_map. |
| |
| 2022-03-10 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/104863 |
| * constraint-manager.cc (constraint_manager::add_constraint): |
| Refresh the EC IDs when adding constraints implied by offsets. |
| |
| 2022-03-10 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/104793 |
| * analyzer.h (class pending_note): New forward decl. |
| * diagnostic-manager.cc (saved_diagnostic::saved_diagnostic): |
| Initialize m_notes. |
| (saved_diagnostic::operator==): Compare m_notes. |
| (saved_diagnostic::add_note): New. |
| (saved_diagnostic::emit_any_notes): New. |
| (diagnostic_manager::add_note): New. |
| (diagnostic_manager::emit_saved_diagnostic): Call emit_any_notes |
| after emitting the warning. |
| * diagnostic-manager.h (saved_diagnostic::add_note): New decl. |
| (saved_diagnostic::emit_any_notes): New decl. |
| (saved_diagnostic::m_notes): New field. |
| (diagnostic_manager::add_note): New decl. |
| * engine.cc (impl_region_model_context::add_note): New. |
| * exploded-graph.h (impl_region_model_context::add_note): New |
| decl. |
| * pending-diagnostic.h (class pending_note): New. |
| (class pending_note_subclass): New template. |
| * region-model.cc (class reason_attr_access): New. |
| (check_external_function_for_access_attr): Add class |
| annotating_ctxt and use it when checking region. |
| (noop_region_model_context::add_note): New. |
| * region-model.h (region_model_context::add_note): New vfunc. |
| (noop_region_model_context::add_note): New decl. |
| (class region_model_context_decorator): New. |
| (class note_adding_context): New. |
| |
| 2022-03-10 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/104793 |
| * region-model.cc |
| (region_model::check_external_function_for_access_attr): New. |
| (region_model::handle_unrecognized_call): Call it. |
| * region-model.h |
| (region_model::check_external_function_for_access_attr): New decl. |
| (region_model::handle_unrecognized_call): New decl. |
| |
| 2022-03-10 David Malcolm <dmalcolm@redhat.com> |
| |
| * sm-taint.cc (taint_state_machine::check_for_tainted_size_arg): |
| Avoid generating duplicate saved_diagnostics by only handling the |
| rdwr_map entry for the ptrarg, not the duplicate entry for the |
| sizarg. |
| |
| 2022-03-07 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/101983 |
| * engine.cc (returning_from_function_p): New. |
| (impl_region_model_context::on_state_leak): Use it when rejecting |
| leaks at the return from "main". |
| |
| 2022-03-07 Jakub Jelinek <jakub@redhat.com> |
| |
| * store.cc: Fix up duplicated word issue in a comment. |
| * analyzer.cc: Likewise. |
| * engine.cc: Likewise. |
| * sm-taint.cc: Likewise. |
| |
| 2022-03-04 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/103521 |
| * analyzer.opt (-param=analyzer-max-svalue-depth=): Reduce from 13 |
| to 12. |
| |
| 2022-02-23 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/104434 |
| * analyzer.h (class const_fn_result_svalue): New decl. |
| * region-model-impl-calls.cc (call_details::get_manager): New. |
| * region-model-manager.cc |
| (region_model_manager::get_or_create_const_fn_result_svalue): New. |
| (region_model_manager::log_stats): Log |
| m_const_fn_result_values_map. |
| * region-model.cc (const_fn_p): New. |
| (maybe_get_const_fn_result): New. |
| (region_model::on_call_pre): Handle fndecls with |
| __attribute__((const)) by calling the above rather than making |
| a conjured_svalue. |
| * region-model.h (visitor::visit_const_fn_result_svalue): New. |
| (region_model_manager::get_or_create_const_fn_result_svalue): New |
| decl. |
| (region_model_manager::const_fn_result_values_map_t): New typedef. |
| (region_model_manager::m_const_fn_result_values_map): New field. |
| (call_details::get_manager): New decl. |
| * svalue.cc (svalue::cmp_ptr): Handle SK_CONST_FN_RESULT. |
| (const_fn_result_svalue::dump_to_pp): New. |
| (const_fn_result_svalue::dump_input): New. |
| (const_fn_result_svalue::accept): New. |
| * svalue.h (enum svalue_kind): Add SK_CONST_FN_RESULT. |
| (svalue::dyn_cast_const_fn_result_svalue): New. |
| (class const_fn_result_svalue): New. |
| (is_a_helper <const const_fn_result_svalue *>::test): New. |
| (template <> struct default_hash_traits<const_fn_result_svalue::key_t>): |
| New. |
| |
| 2022-02-17 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/104576 |
| * region-model.cc: Include "calls.h". |
| (region_model::on_call_pre): Use flags_from_decl_or_type to |
| generalize check for DECL_PURE_P to also check for ECF_CONST. |
| |
| 2022-02-16 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/104560 |
| * diagnostic-manager.cc (diagnostic_manager::build_emission_path): |
| Add region creation events for globals of interest. |
| (null_assignment_sm_context::get_old_program_state): New. |
| (diagnostic_manager::add_events_for_eedge): Move check for |
| changing dynamic extents from PK_BEFORE_STMT case to after the |
| switch on the dst_point's kind so that we can emit them for the |
| final stmt in a basic block. |
| * engine.cc (impl_sm_context::get_old_program_state): New. |
| * sm-malloc.cc (malloc_state_machine::get_default_state): Rewrite |
| detection of m_non_heap to use get_memory_space. |
| (free_of_non_heap::free_of_non_heap): Add freed_reg param. |
| (free_of_non_heap::subclass_equal_p): Update for changes to |
| fields. |
| (free_of_non_heap::emit): Drop m_kind in favor of |
| get_memory_space. |
| (free_of_non_heap::describe_state_change): Remove logic for |
| detecting alloca. |
| (free_of_non_heap::mark_interesting_stuff): Add region-creation of |
| m_freed_reg. |
| (free_of_non_heap::get_memory_space): New. |
| (free_of_non_heap::kind): Drop enum. |
| (free_of_non_heap::m_freed_reg): New field. |
| (free_of_non_heap::m_kind): Drop field. |
| (malloc_state_machine::on_stmt): Drop transition to m_non_heap. |
| (malloc_state_machine::handle_free_of_non_heap): New function, |
| split out from on_deallocator_call and on_realloc_call, adding |
| detection of the freed region. |
| (malloc_state_machine::on_deallocator_call): Use it. |
| (malloc_state_machine::on_realloc_call): Likewise. |
| * sm.h (sm_context::get_old_program_state): New vfunc. |
| |
| 2022-02-15 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/104524 |
| * region-model-manager.cc |
| (region_model_manager::maybe_fold_sub_svalue): Only call |
| get_or_create_cast if type is non-NULL. |
| |
| 2022-02-15 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/102692 |
| * exploded-graph.h (impl_region_model_context::get_stmt): New. |
| * region-model.cc: Include "gimple-ssa.h", "tree-phinodes.h", |
| "tree-ssa-operands.h", and "ssa-iterators.h". |
| (within_short_circuited_stmt_p): New. |
| (region_model::check_for_poison): Don't warn about uninit values |
| if within_short_circuited_stmt_p. |
| * region-model.h (region_model_context::get_stmt): New vfunc. |
| (noop_region_model_context::get_stmt): New. |
| |
| 2022-02-11 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/104274 |
| * region-model.cc (region_model::check_for_poison): Ignore |
| uninitialized uses of empty types. |
| |
| 2022-02-10 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/98797 |
| * region-model-manager.cc |
| (region_model_manager::maybe_fold_sub_svalue): Generalize getting |
| individual chars of a STRING_CST from element_region to any |
| subregion which is a concrete access of a single byte from its |
| parent region. |
| * region.cc (region::get_relative_concrete_byte_range): New. |
| * region.h (region::get_relative_concrete_byte_range): New decl. |
| |
| 2022-02-09 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/104452 |
| * region-model.cc (selftest::test_bit_range_regions): New. |
| (selftest::analyzer_region_model_cc_tests): Call it. |
| * region.h (bit_range_region::key_t::hash): Fix hashing of m_bits |
| to avoid using uninitialized data. |
| |
| 2022-02-07 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/104417 |
| * sm-taint.cc (tainted_allocation_size::tainted_allocation_size): |
| Remove overzealous assertion. |
| (tainted_allocation_size::emit): Likewise. |
| (region_model::check_dynamic_size_for_taint): Likewise. |
| |
| 2022-02-07 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/103872 |
| * region-model-impl-calls.cc (region_model::impl_call_memcpy): |
| Reimplement in terms of a get_store_value followed by a set_value. |
| |
| 2022-02-03 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/104369 |
| * engine.cc (exploded_graph::process_node): Use the node for any |
| diagnostics, avoiding ICE if a bifurcation update adds a |
| saved_diagnostic, such as for a tainted realloc size. |
| * region-model-impl-calls.cc |
| (region_model::impl_call_realloc::success_no_move::update_model): |
| Require the old pointer to be non-NULL to be able successfully |
| grow in place. Use model->deref_rvalue rather than maybe_get_region |
| to support the old pointer being symbolic. |
| (region_model::impl_call_realloc::success_with_move::update_model): |
| Likewise. Add a constraint that the new pointer != the old pointer. |
| Use a sized_region when setting the value of the new region. |
| Handle the case where we don't know the dynamic size of the old |
| region by marking the new region as unknown. |
| * sm-taint.cc (tainted_allocation_size::tainted_allocation_size): |
| Update assertion to also allow for MEMSPACE_UNKNOWN. |
| (tainted_allocation_size::emit): Likewise. |
| (region_model::check_dynamic_size_for_taint): Likewise. |
| |
| 2022-02-03 David Malcolm <dmalcolm@redhat.com> |
| |
| * region-model-impl-calls.cc (region_model::impl_call_calloc): Use |
| a sized_region when calling zero_fill_region. |
| |
| 2022-02-02 David Malcolm <dmalcolm@redhat.com> |
| |
| * region-model.cc (region_model::on_return): Replace usage of |
| copy_region with get_rvalue/set_value pair. |
| (region_model::pop_frame): Likewise. |
| (selftest::test_compound_assignment): Likewise. |
| * region-model.h (region_model::copy_region): Delete decl. |
| * region.cc (region_model::copy_region): Delete. |
| |
| 2022-02-02 David Malcolm <dmalcolm@redhat.com> |
| |
| * region.cc (region::calc_offset): Consolidate effectively |
| identical cases. |
| |
| 2022-02-02 David Malcolm <dmalcolm@redhat.com> |
| |
| * analyzer.h (class bit_range_region): New forward decl. |
| * region-model-manager.cc (region_model_manager::get_bit_range): |
| New. |
| (region_model_manager::log_stats): Handle m_bit_range_regions. |
| * region-model.cc (region_model::get_lvalue_1): Handle |
| BIT_FIELD_REF. |
| * region-model.h (region_model_manager::get_bit_range): New decl. |
| (region_model_manager::m_bit_range_regions): New field. |
| * region.cc (region::get_base_region): Handle RK_BIT_RANGE. |
| (region::base_region_p): Likewise. |
| (region::calc_offset): Likewise. |
| (bit_range_region::dump_to_pp): New. |
| (bit_range_region::get_byte_size): New. |
| (bit_range_region::get_bit_size): New. |
| (bit_range_region::get_byte_size_sval): New. |
| (bit_range_region::get_relative_concrete_offset): New. |
| * region.h (enum region_kind): Add RK_BIT_RANGE. |
| (region::dyn_cast_bit_range_region): New vfunc. |
| (class bit_range_region): New. |
| (is_a_helper <const bit_range_region *>::test): New. |
| (default_hash_traits<bit_range_region::key_t>): New. |
| |
| 2022-02-02 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/104270 |
| * region-model.cc (region_model::on_call_pre): Handle |
| IFN_DEFERRED_INIT. |
| |
| 2022-01-27 David Malcolm <dmalcolm@redhat.com> |
| |
| * checker-path.cc (event_kind_to_string): Handle |
| EK_REGION_CREATION. |
| (region_creation_event::region_creation_event): New. |
| (region_creation_event::get_desc): New. |
| (checker_path::add_region_creation_event): New. |
| * checker-path.h (enum event_kind): Add EK_REGION_CREATION. |
| (class region_creation_event): New subclass. |
| (checker_path::add_region_creation_event): New decl. |
| * diagnostic-manager.cc |
| (diagnostic_manager::emit_saved_diagnostic): Pass NULL for new |
| param to add_events_for_eedge when handling trailing eedge. |
| (diagnostic_manager::build_emission_path): Create an interesting_t |
| instance, allow the pending diagnostic to populate it, and pass it |
| to the calls to add_events_for_eedge. |
| (diagnostic_manager::add_events_for_eedge): Add "interest" param. |
| Use it to add region_creation_events for on-stack regions created |
| within at function entry, and when pertinent dynamically-sized |
| regions are created. |
| (diagnostic_manager::prune_for_sm_diagnostic): Add case for |
| EK_REGION_CREATION. |
| * diagnostic-manager.h (diagnostic_manager::add_events_for_eedge): |
| Add "interest" param. |
| * pending-diagnostic.cc: Include "selftest.h", "tristate.h", |
| "analyzer/call-string.h", "analyzer/program-point.h", |
| "analyzer/store.h", and "analyzer/region-model.h". |
| (interesting_t::add_region_creation): New. |
| (interesting_t::dump_to_pp): New. |
| * pending-diagnostic.h (struct interesting_t): New. |
| (pending_diagnostic::mark_interesting_stuff): New vfunc. |
| * region-model.cc |
| (poisoned_value_diagnostic::poisoned_value_diagnostic): Add |
| (poisoned_value_diagnostic::operator==): Compare m_pkind and |
| m_src_region fields. |
| (poisoned_value_diagnostic::mark_interesting_stuff): New. |
| (poisoned_value_diagnostic::m_src_region): New. |
| (region_model::check_for_poison): Call |
| get_region_for_poisoned_expr for uninit values and pass the resul |
| to the diagnostic. |
| (region_model::get_region_for_poisoned_expr): New. |
| (region_model::deref_rvalue): Pass NULL for |
| poisoned_value_diagnostic's src_region. |
| * region-model.h (region_model::get_region_for_poisoned_expr): New |
| decl. |
| * region.h (frame_region::get_fndecl): New. |
| |
| 2022-01-27 Martin Liska <mliska@suse.cz> |
| |
| PR analyzer/104247 |
| * constraint-manager.cc (bounded_ranges_manager::log_stats): |
| Cast to long for format purpose. |
| * region-model-manager.cc (log_uniq_map): Likewise. |
| |
| 2022-01-26 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/104224 |
| * region-model.cc (region_model::check_call_args): New. |
| (region_model::on_call_pre): Call it when ignoring stdio builtins. |
| * region-model.h (region_model::check_call_args): New decl |
| |
| 2022-01-26 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/94362 |
| * constraint-manager.cc (range::add_bound): Fix tests for |
| discarding redundant constraints. Perform test for rejecting |
| unsatisfiable constraints earlier so that they don't update |
| the object on failure. |
| (selftest::test_range): New. |
| (selftest::test_constant_comparisons): Add test coverage for |
| existing constraints becoming narrower until they are |
| unsatisfiable. |
| (selftest::run_constraint_manager_tests): Call test_range. |
| |
| 2022-01-22 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/104159 |
| * region-model-manager.cc |
| (region_model_manager::get_or_create_cast): Bail out if the types |
| are the same. Don't attempt to handle casts involving vector |
| types. |
| |
| 2022-01-20 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/94362 |
| * constraint-manager.cc (bound::ensure_closed): Convert param to |
| enum bound_kind. |
| (range::constrained_to_single_element): Likewise. |
| (range::add_bound): New. |
| (constraint_manager::add_constraint): Handle SVAL + OFFSET |
| compared to a constant. |
| (constraint_manager::get_ec_bounds): Rewrite in terms of |
| range::add_bound. |
| (constraint_manager::eval_condition): Reject if range::add_bound |
| fails. |
| (selftest::test_constant_comparisons): Add test coverage for |
| various impossible combinations of integer comparisons. |
| * constraint-manager.h (enum bound_kind): New. |
| (struct bound): Likewise. |
| (bound::ensure_closed): Convert to param to enum bound_kind. |
| (struct range): Convert to... |
| (class range): ...this, making fields private. |
| (range::add_bound): New decls. |
| * region-model.cc (region_model::add_constraint): Fail if |
| constraint_manager::add_constraint fails. |
| |
| 2022-01-18 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/104089 |
| * region-model-manager.cc |
| (region_model_manager::get_or_create_constant_svalue): Assert that |
| we have a CONSTANT_CLASS_P. |
| (region_model_manager::maybe_fold_unaryop): Only fold a constant |
| when fold_unary's result is a constant or a cast of a constant. |
| |
| 2022-01-18 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/104062 |
| * region-model-manager.cc |
| (region_model_manager::maybe_fold_sub_svalue): Avoid casting to |
| NULL type when folding access to repeated svalue. |
| |
| 2022-01-17 Martin Liska <mliska@suse.cz> |
| |
| * analyzer.cc (is_special_named_call_p): Rename .c names to .cc. |
| (is_named_call_p): Likewise. |
| * region-model-asm.cc (deterministic_p): Likewise. |
| * region.cc (field_region::get_relative_concrete_offset): Likewise. |
| * sm-malloc.cc (method_p): Likewise. |
| * supergraph.cc (superedge::dump_dot): Likewise. |
| |
| 2022-01-14 David Malcolm <dmalcolm@redhat.com> |
| |
| * sm-taint.cc (taint_state_machine::combine_states): Handle combination |
| of has_ub and has_lb. |
| |
| 2022-01-14 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/104029 |
| * sm-taint.cc (taint_state_machine::alt_get_inherited_state): |
| Remove gcc_unreachable from default case for unary ops. |
| |
| 2022-01-14 David Malcolm <dmalcolm@redhat.com> |
| |
| * engine.cc: Include "stringpool.h", "attribs.h", and |
| "tree-dfa.h". |
| (mark_params_as_tainted): New. |
| (class tainted_args_function_custom_event): New. |
| (class tainted_args_function_info): New. |
| (exploded_graph::add_function_entry): Handle functions with |
| "tainted_args" attribute. |
| (class tainted_args_field_custom_event): New. |
| (class tainted_args_callback_custom_event): New. |
| (class tainted_args_call_info): New. |
| (add_tainted_args_callback): New. |
| (add_any_callbacks): New. |
| (exploded_graph::build_initial_worklist): Likewise. |
| (exploded_graph::build_initial_worklist): Find callbacks that are |
| reachable from global initializers, calling add_any_callbacks on |
| them. |
| |
| 2022-01-12 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/103940 |
| * engine.cc (impl_sm_context::impl_sm_context): Add |
| "unknown_side_effects" param and use it to initialize |
| new m_unknown_side_effects field. |
| (impl_sm_context::unknown_side_effects_p): New. |
| (impl_sm_context::m_unknown_side_effects): New. |
| (exploded_node::on_stmt): Pass unknown_side_effects to sm_ctxt |
| ctor. |
| * sm-taint.cc: Include "stringpool.h" and "attribs.h". |
| (tainted_size::tainted_size): Drop "dir" param. |
| (tainted_size::get_kind): Drop "FINAL". |
| (tainted_size::emit): Likewise. |
| (tainted_size::m_dir): Drop unused field. |
| (class tainted_access_attrib_size): New subclass. |
| (taint_state_machine::on_stmt): Call check_for_tainted_size_arg on |
| external functions with unknown side effects. |
| (taint_state_machine::check_for_tainted_size_arg): New. |
| (region_model::check_region_for_taint): Drop "dir" param from |
| tainted_size ctor. |
| * sm.h (sm_context::unknown_side_effects_p): New. |
| |
| 2022-01-11 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/102692 |
| * diagnostic-manager.cc |
| (class auto_disable_complexity_checks): Rename to... |
| (class auto_checking_feasibility): ...this, updating |
| the calls accordingly. |
| (epath_finder::explore_feasible_paths): Update for renaming. |
| * region-model-manager.cc |
| (region_model_manager::region_model_manager): Update for change from |
| m_check_complexity to m_checking_feasibility. |
| (region_model_manager::reject_if_too_complex): Likewise. |
| (region_model_manager::get_or_create_unknown_svalue): Handle |
| m_checking_feasibility. |
| (region_model_manager::create_unique_svalue): New. |
| (region_model_manager::maybe_fold_binop): Handle BIT_AND_EXPR and |
| BIT_IOR_EXPRs on booleans where we know the result. |
| * region-model.cc (test_binop_svalue_folding): Add test coverage |
| for the above. |
| * region-model.h (region_model_manager::create_unique_svalue): New |
| decl. |
| (region_model_manager::enable_complexity_check): Replace with... |
| (region_model_manager::begin_checking_feasibility): ...this. |
| (region_model_manager::disable_complexity_check): Replace with... |
| (region_model_manager::end_checking_feasibility): ...this. |
| (region_model_manager::m_check_complexity): Replace with... |
| (region_model_manager::m_checking_feasibility): ...this. |
| (region_model_manager::m_managed_dynamic_svalues): New field. |
| |
| 2022-01-08 David Malcolm <dmalcolm@redhat.com> |
| |
| * engine.cc (impl_run_checkers): Pass logger to engine ctor. |
| * region-model-manager.cc |
| (region_model_manager::region_model_manager): Add logger param and |
| use it to initialize m_logger. |
| * region-model.cc (engine::engine): New. |
| * region-model.h (region_model_manager::region_model_manager): |
| Add logger param. |
| (region_model_manager::get_logger): New. |
| (region_model_manager::m_logger): New field. |
| (engine::engine): New. |
| * store.cc (store_manager::get_logger): New. |
| (store::set_value): Log scope. Log when marking a cluster as |
| unknown due to possible aliasing. |
| * store.h (store_manager::get_logger): New decl. |
| |
| 2022-01-08 David Malcolm <dmalcolm@redhat.com> |
| |
| * region-model-impl-calls.cc (cmp_decls): New. |
| (cmp_decls_ptr_ptr): New. |
| (region_model::impl_call_analyzer_dump_escaped): New. |
| * region-model.cc (region_model::on_stmt_pre): Handle |
| __analyzer_dump_escaped. |
| * region-model.h (region_model::impl_call_analyzer_dump_escaped): |
| New decl. |
| * store.h (binding_cluster::get_base_region): New accessor. |
| |
| 2022-01-08 David Malcolm <dmalcolm@redhat.com> |
| |
| * region.cc (region::is_named_decl_p): New. |
| * region.h (region::is_named_decl_p): New decl. |
| |
| 2022-01-06 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/103546 |
| * store.cc (store::eval_alias_1): Refactor handling of decl |
| regions, adding a test for may_be_aliased, rejecting those for |
| which it returns false. |
| |
| 2021-12-12 Jonathan Wakely <jwakely@redhat.com> |
| |
| * engine.cc: Define INCLUDE_MEMORY instead of INCLUDE_UNIQUE_PTR. |
| |
| 2021-12-06 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/103533 |
| * constraint-manager.cc (equiv_class::contains_non_constant_p): |
| New. |
| (constraint_manager::canonicalize): Call it when determining |
| redundant ECs. |
| (selftest::test_purging): New selftest. |
| (selftest::run_constraint_manager_tests): Likewise. |
| * constraint-manager.h (equiv_class::contains_non_constant_p): |
| New decl. |
| |
| 2021-12-01 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/102471 |
| * region-model-reachability.cc (reachable_regions::handle_parm): |
| Treat all svalues within a compound parm has reachable, and those |
| wrapped in a cast. |
| |
| 2021-11-29 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/103217 |
| * store.cc (binding_cluster::can_merge_p): For the "key is bound" |
| vs "key is not bound" merger case, check that the bound svalue |
| is mergeable before merging it to "unknown", rejecting the merger |
| otherwise. |
| |
| 2021-11-19 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/103217 |
| * engine.cc (exploded_graph::get_or_create_node): Pass in |
| m_ext_state to program_state::can_merge_with_p. |
| (exploded_graph::process_worklist): Likewise. |
| (exploded_graph::maybe_process_run_of_before_supernode_enodes): |
| Likewise. |
| (exploded_graph::process_node): Add missing call to detect_leaks |
| when handling phi nodes. |
| * program-state.cc (program_state::can_merge_with_p): Add |
| "ext_state" param. Pass it and state ptrs to |
| region_model::can_merge_with_p. |
| (selftest::test_program_state_merging): Update for new ext_state |
| param of program_state::can_merge_with_p. |
| (selftest::test_program_state_merging_2): Likewise. |
| * program-state.h (program_state::can_purge_p): Make const. |
| (program_state::can_merge_with_p): Add "ext_state" param. |
| * region-model.cc: Include "analyzer/program-state.h". |
| (region_model::can_merge_with_p): Add params "ext_state", |
| "state_a", and "state_b", use them when creating model_merger |
| object. |
| (model_merger::mergeable_svalue_p): New. |
| * region-model.h (region_model::can_merge_with_p): Add params |
| "ext_state", "state_a", and "state_b". |
| (model_merger::model_merger) Likewise, initializing new fields. |
| (model_merger::mergeable_svalue_p): New decl. |
| (model_merger::m_ext_state): New field. |
| (model_merger::m_state_a): New field. |
| (model_merger::m_state_b): New field. |
| * svalue.cc (svalue::can_merge_p): Call |
| model_merger::mergeable_svalue_p on both states and reject the |
| merger accordingly. |
| |
| 2021-11-17 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/102695 |
| * region-model-impl-calls.cc (region_model::impl_call_strchr): New. |
| * region-model-manager.cc |
| (region_model_manager::maybe_fold_unaryop): Simplify cast to |
| pointer type of an existing pointer to a region. |
| * region-model.cc (region_model::on_call_pre): Handle |
| BUILT_IN_STRCHR and "strchr". |
| (write_to_const_diagnostic::emit): Add auto_diagnostic_group. Add |
| alternate wordings for functions and labels. |
| (write_to_const_diagnostic::describe_final_event): Add alternate |
| wordings for functions and labels. |
| (region_model::check_for_writable_region): Handle RK_FUNCTION and |
| RK_LABEL. |
| * region-model.h (region_model::impl_call_strchr): New decl. |
| |
| 2021-11-16 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/102662 |
| * constraint-manager.cc (bounded_range::operator==): Require the |
| types to be the same for equality. |
| |
| 2021-11-13 David Malcolm <dmalcolm@redhat.com> |
| |
| * analyzer.opt (Wanalyzer-tainted-allocation-size): New. |
| (Wanalyzer-tainted-divisor): New. |
| (Wanalyzer-tainted-offset): New. |
| (Wanalyzer-tainted-size): New. |
| * engine.cc (impl_region_model_context::get_taint_map): New. |
| * exploded-graph.h (impl_region_model_context::get_taint_map): |
| New decl. |
| * program-state.cc (sm_state_map::get_state): Call |
| alt_get_inherited_state. |
| (sm_state_map::impl_set_state): Modify states within |
| compound svalues. |
| (program_state::impl_call_analyzer_dump_state): Undo casts. |
| (selftest::test_program_state_1): Update for new context param of |
| create_region_for_heap_alloc. |
| (selftest::test_program_state_merging): Likewise. |
| * region-model-impl-calls.cc (region_model::impl_call_alloca): |
| Likewise. |
| (region_model::impl_call_calloc): Likewise. |
| (region_model::impl_call_malloc): Likewise. |
| (region_model::impl_call_operator_new): Likewise. |
| (region_model::impl_call_realloc): Likewise. |
| * region-model.cc (region_model::check_region_access): Call |
| check_region_for_taint. |
| (region_model::get_representative_path_var_1): Handle binops. |
| (region_model::create_region_for_heap_alloc): Add "ctxt" param and |
| pass it to set_dynamic_extents. |
| (region_model::create_region_for_alloca): Likewise. |
| (region_model::set_dynamic_extents): Add "ctxt" param and use it |
| to call check_dynamic_size_for_taint. |
| (selftest::test_state_merging): Update for new context param of |
| create_region_for_heap_alloc. |
| (selftest::test_malloc_constraints): Likewise. |
| (selftest::test_malloc): Likewise. |
| (selftest::test_alloca): Likewise for create_region_for_alloca. |
| * region-model.h (region_model::create_region_for_heap_alloc): Add |
| "ctxt" param. |
| (region_model::create_region_for_alloca): Likewise. |
| (region_model::set_dynamic_extents): Likewise. |
| (region_model::check_dynamic_size_for_taint): New decl. |
| (region_model::check_region_for_taint): New decl. |
| (region_model_context::get_taint_map): New vfunc. |
| (noop_region_model_context::get_taint_map): New. |
| * sm-taint.cc: Remove include of "diagnostic-event-id.h"; add |
| includes of "gimple-iterator.h", "tristate.h", "selftest.h", |
| "ordered-hash-map.h", "cgraph.h", "cfg.h", "digraph.h", |
| "analyzer/supergraph.h", "analyzer/call-string.h", |
| "analyzer/program-point.h", "analyzer/store.h", |
| "analyzer/region-model.h", and "analyzer/program-state.h". |
| (enum bounds): Move to top of file. |
| (class taint_diagnostic): New. |
| (class tainted_array_index): Convert to subclass of taint_diagnostic. |
| (tainted_array_index::emit): Add CWE-129. Reword warning to use |
| "attacker-controlled" rather than "tainted". |
| (tainted_array_index::describe_state_change): Move to |
| taint_diagnostic::describe_state_change. |
| (tainted_array_index::describe_final_event): Reword to use |
| "attacker-controlled" rather than "tainted". |
| (class tainted_offset): New. |
| (class tainted_size): New. |
| (class tainted_divisor): New. |
| (class tainted_allocation_size): New. |
| (taint_state_machine::alt_get_inherited_state): New. |
| (taint_state_machine::on_stmt): In assignment handling, remove |
| ARRAY_REF handling in favor of check_region_for_taint. Add |
| detection of tainted divisors. |
| (taint_state_machine::get_taint): New. |
| (taint_state_machine::combine_states): New. |
| (region_model::check_region_for_taint): New. |
| (region_model::check_dynamic_size_for_taint): New. |
| * sm.h (state_machine::alt_get_inherited_state): New. |
| |
| 2021-11-12 David Malcolm <dmalcolm@redhat.com> |
| |
| * engine.cc (exploded_node::on_stmt_pre): Return when handling |
| "__analyzer_dump_state". |
| |
| 2021-11-11 Richard Biener <rguenther@suse.de> |
| |
| * supergraph.cc: Include bitmap.h. |
| |
| 2021-11-04 David Malcolm <dmalcolm@redhat.com> |
| |
| * program-state.cc (sm_state_map::dump): Use default_tree_printer |
| as format decoder. |
| |
| 2021-09-16 Maxim Blinov <maxim.blinov@embecosm.com> |
| |
| PR bootstrap/102242 |
| * engine.cc (INCLUDE_UNIQUE_PTR): Define. |
| |
| 2021-09-08 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/102225 |
| * analyzer.h (compat_types_p): New decl. |
| * constraint-manager.cc |
| (constraint_manager::get_or_add_equiv_class): Guard against NULL |
| type when checking for pointer types. |
| * region-model-impl-calls.cc (region_model::impl_call_realloc): |
| Guard against NULL lhs type/region. Guard against the size value |
| not being of a compatible type for dynamic extents. |
| * region-model.cc (compat_types_p): Make non-static. |
| |
| 2021-08-30 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/99260 |
| * analyzer.h (class custom_edge_info): New class, adapted from |
| exploded_edge::custom_info_t. Make member functions const. |
| Make update_model return bool, converting edge param from |
| reference to a pointer, and adding a ctxt param. |
| (class path_context): New class. |
| * call-info.cc: New file. |
| * call-info.h: New file. |
| * engine.cc: Include "analyzer/call-info.h" and <memory>. |
| (impl_region_model_context::impl_region_model_context): Update for |
| new m_path_ctxt field. |
| (impl_region_model_context::bifurcate): New. |
| (impl_region_model_context::terminate_path): New. |
| (impl_region_model_context::get_malloc_map): New. |
| (impl_sm_context::impl_sm_context): Update for new m_path_ctxt |
| field. |
| (impl_sm_context::get_fndecl_for_call): Likewise. |
| (impl_sm_context::set_next_state): Likewise. |
| (impl_sm_context::warn): Likewise. |
| (impl_sm_context::is_zero_assignment): Likewise. |
| (impl_sm_context::get_path_context): New. |
| (impl_sm_context::m_path_ctxt): New. |
| (impl_region_model_context::on_condition): Update for new |
| path_ctxt param. Handle m_enode_for_diag being NULL. |
| (impl_region_model_context::on_phi): Update for new path_ctxt |
| param. |
| (exploded_node::on_stmt): Add path_ctxt param, updating ctor calls |
| to use it as necessary. Use it to bail out after sm-handling, |
| if needed. |
| (exploded_node::detect_leaks): Update for new path_ctxt param. |
| (dynamic_call_info_t::update_model): Update for conversion of |
| exploded_edge::custom_info_t to custom_edge_info. |
| (dynamic_call_info_t::add_events_to_path): Likewise. |
| (rewind_info_t::update_model): Likewise. |
| (rewind_info_t::add_events_to_path): Likewise. |
| (exploded_edge::exploded_edge): Likewise. |
| (exploded_graph::add_edge): Likewise. |
| (exploded_graph::maybe_process_run_of_before_supernode_enodes): |
| Update for new path_ctxt param. |
| (class impl_path_context): New. |
| (exploded_graph::process_node): Update for new path_ctxt param. |
| Create an impl_path_context and pass it to exploded_node::on_stmt. |
| Use it to terminate iterating stmts if terminate_path is called |
| on it. After processing a run of stmts, query path_ctxt to |
| potentially terminate the analysis path, and/or to "bifurcate" the |
| analysis into multiple additional paths. |
| (feasibility_state::maybe_update_for_edge): Update for new |
| update_model ctxt param. |
| * exploded-graph.h |
| (impl_region_model_context::impl_region_model_context): Add |
| path_ctxt param. |
| (impl_region_model_context::bifurcate): New. |
| (impl_region_model_context::terminate_path): New |
| (impl_region_model_context::get_ext_state): New. |
| (impl_region_model_context::get_malloc_map): New. |
| (impl_region_model_context::m_path_ctxt): New field. |
| (exploded_node::on_stmt): Add path_ctxt param. |
| (class exploded_edge::custom_info_t): Move to analyzer.h, renaming |
| to custom_edge_info, and making the changes as noted in analyzer.h |
| above. |
| (exploded_edge::exploded_edge): Update for these changes to |
| exploded_edge::custom_info_t. |
| (exploded_edge::m_custom_info): Likewise. |
| (class dynamic_call_info_t): Likewise. |
| (class rewind_info_t): Likewise. |
| (exploded_graph::add_edge): Likewise. |
| * program-state.cc (program_state::on_edge): Update for new |
| path_ctxt param. |
| (program_state::push_call): Likewise. |
| (program_state::returning_call): Likewise. |
| (program_state::prune_for_point): Likewise. |
| * region-model-impl-calls.cc: Include "analyzer/call-info.h". |
| (call_details::get_fndecl_for_call): New. |
| (region_model::impl_call_realloc): Reimplement. |
| * region-model.cc (region_model::on_call_pre): Move call to |
| impl_call_realloc to... |
| (region_model::on_call_post): ...here. Consolidate creation |
| of call_details instance. |
| (noop_region_model_context::bifurcate): New. |
| (noop_region_model_context::terminate_path): New. |
| * region-model.h (call_details::get_call_stmt): New. |
| (call_details::get_fndecl_for_call): New. |
| (region_model::on_realloc_with_move): New. |
| (region_model_context::bifurcate): New. |
| (region_model_context::terminate_path): New. |
| (region_model_context::get_ext_state): New. |
| (region_model_context::get_malloc_map): New. |
| (noop_region_model_context::bifurcate): New. |
| (noop_region_model_context::terminate_path): New. |
| (noop_region_model_context::get_ext_state): New. |
| (noop_region_model_context::get_malloc_map): New. |
| * sm-malloc.cc: Include "analyzer/program-state.h". |
| (malloc_state_machine::on_realloc_call): Reimplement. |
| (malloc_state_machine::on_realloc_with_move): New. |
| (region_model::on_realloc_with_move): New. |
| * sm-signal.cc (class signal_delivery_edge_info_t): Update for |
| conversion from exploded_edge::custom_info_t to custom_edge_info. |
| * sm.h (sm_context::get_path_context): New. |
| * svalue.cc (svalue::maybe_get_constant): Call |
| unwrap_any_unmergeable. |
| |
| 2021-08-25 Ankur Saini <arsenic@sourceware.org> |
| |
| PR analyzer/101980 |
| * engine.cc (exploded_graph::maybe_create_dynamic_call): Don't create |
| calls if max recursion limit is reached. |
| |
| 2021-08-23 David Malcolm <dmalcolm@redhat.com> |
| |
| * analyzer.h (struct rejected_constraint): Convert to... |
| (class rejected_constraint): ...this. |
| (class bounded_ranges): New forward decl. |
| (class bounded_ranges_manager): New forward decl. |
| * constraint-manager.cc: Include "analyzer/analyzer-logging.h" and |
| "tree-pretty-print.h". |
| (can_plus_one_p): New. |
| (plus_one): New. |
| (can_minus_one_p): New. |
| (minus_one): New. |
| (bounded_range::bounded_range): New. |
| (dump_cst): New. |
| (bounded_range::dump_to_pp): New. |
| (bounded_range::dump): New. |
| (bounded_range::to_json): New. |
| (bounded_range::set_json_attr): New. |
| (bounded_range::contains_p): New. |
| (bounded_range::intersects_p): New. |
| (bounded_range::operator==): New. |
| (bounded_range::cmp): New. |
| (bounded_ranges::bounded_ranges): New. |
| (bounded_ranges::bounded_ranges): New. |
| (bounded_ranges::bounded_ranges): New. |
| (bounded_ranges::canonicalize): New. |
| (bounded_ranges::validate): New. |
| (bounded_ranges::operator==): New. |
| (bounded_ranges::dump_to_pp): New. |
| (bounded_ranges::dump): New. |
| (bounded_ranges::to_json): New. |
| (bounded_ranges::eval_condition): New. |
| (bounded_ranges::contain_p): New. |
| (bounded_ranges::cmp): New. |
| (bounded_ranges_manager::~bounded_ranges_manager): New. |
| (bounded_ranges_manager::get_or_create_empty): New. |
| (bounded_ranges_manager::get_or_create_point): New. |
| (bounded_ranges_manager::get_or_create_range): New. |
| (bounded_ranges_manager::get_or_create_union): New. |
| (bounded_ranges_manager::get_or_create_intersection): New. |
| (bounded_ranges_manager::get_or_create_inverse): New. |
| (bounded_ranges_manager::consolidate): New. |
| (bounded_ranges_manager::get_or_create_ranges_for_switch): New. |
| (bounded_ranges_manager::create_ranges_for_switch): New. |
| (bounded_ranges_manager::make_case_label_ranges): New. |
| (bounded_ranges_manager::log_stats): New. |
| (bounded_ranges_constraint::print): New. |
| (bounded_ranges_constraint::to_json): New. |
| (bounded_ranges_constraint::operator==): New. |
| (bounded_ranges_constraint::add_to_hash): New. |
| (constraint_manager::constraint_manager): Update for new field |
| m_bounded_ranges_constraints. |
| (constraint_manager::operator=): Likewise. |
| (constraint_manager::hash): Likewise. |
| (constraint_manager::operator==): Likewise. |
| (constraint_manager::print): Likewise. |
| (constraint_manager::dump_to_pp): Likewise. |
| (constraint_manager::to_json): Likewise. |
| (constraint_manager::add_unknown_constraint): Update the lhs_ec_id |
| if necessary in existing constraints when combining equivalence |
| classes. Add similar code for handling |
| m_bounded_ranges_constraints. |
| (constraint_manager::add_constraint_internal): Add comment. |
| (constraint_manager::add_bounded_ranges): New. |
| (constraint_manager::eval_condition): Use new field |
| m_bounded_ranges_constraints. |
| (constraint_manager::purge): Update bounded_ranges_constraint |
| instances. |
| (constraint_manager::canonicalize): Update for new field. |
| (merger_fact_visitor::on_ranges): New. |
| (constraint_manager::for_each_fact): Use new field |
| m_bounded_ranges_constraints. |
| (constraint_manager::validate): Fix off-by-one error needed due |
| to bug fixed above in add_unknown_constraint. Validate the EC IDs |
| in m_bounded_ranges_constraints. |
| (constraint_manager::get_range_manager): New. |
| (selftest::assert_dump_bounded_range_eq): New. |
| (ASSERT_DUMP_BOUNDED_RANGE_EQ): New. |
| (selftest::test_bounded_range): New. |
| (selftest::assert_dump_bounded_ranges_eq): New. |
| (ASSERT_DUMP_BOUNDED_RANGES_EQ): New. |
| (selftest::test_bounded_ranges): New. |
| (selftest::run_constraint_manager_tests): Call the new selftests. |
| * constraint-manager.h (struct bounded_range): New. |
| (struct bounded_ranges): New. |
| (template <> struct default_hash_traits<bounded_ranges::key_t>): New. |
| (class bounded_ranges_manager): New. |
| (fact_visitor::on_ranges): New pure virtual function. |
| (class bounded_ranges_constraint): New. |
| (constraint_manager::add_bounded_ranges): New decl. |
| (constraint_manager::get_range_manager): New decl. |
| (constraint_manager::m_bounded_ranges_constraints): New field. |
| * diagnostic-manager.cc (epath_finder::process_worklist_item): |
| Transfer ownership of rc to add_feasibility_problem. |
| * engine.cc (feasibility_problem::dump_to_pp): Use get_model. |
| * feasible-graph.cc (infeasible_node::dump_dot): Update for |
| conversion of m_rc to a pointer. |
| (feasible_graph::add_feasibility_problem): Pass RC by pointer and |
| take ownership. |
| * feasible-graph.h (infeasible_node::infeasible_node): Pass RC by |
| pointer and take ownership. |
| (infeasible_node::~infeasible_node): New. |
| (infeasible_node::m_rc): Convert to a pointer. |
| (feasible_graph::add_feasibility_problem): Pass RC by pointer and |
| take ownership. |
| * region-model-manager.cc: Include |
| "analyzer/constraint-manager.h". |
| (region_model_manager::region_model_manager): Initializer new |
| field m_range_mgr. |
| (region_model_manager::~region_model_manager): Delete it. |
| (region_model_manager::log_stats): Call log_stats on it. |
| * region-model.cc (region_model::add_constraint): Use new subclass |
| rejected_op_constraint. |
| (region_model::apply_constraints_for_gswitch): Reimplement using |
| bounded_ranges_manager. |
| (rejected_constraint::dump_to_pp): Convert to... |
| (rejected_op_constraint::dump_to_pp): ...this. |
| (rejected_ranges_constraint::dump_to_pp): New. |
| * region-model.h (struct purge_stats): Add field |
| m_num_bounded_ranges_constraints. |
| (region_model_manager::get_range_manager): New. |
| (region_model_manager::m_range_mgr): New. |
| (region_model::get_range_manager): New. |
| (struct rejected_constraint): Split into... |
| (class rejected_constraint):...this new abstract base class, |
| and... |
| (class rejected_op_constraint): ...this new concrete subclass. |
| (class rejected_ranges_constraint): New. |
| * supergraph.cc: Include "tree-cfg.h". |
| (supergraph::supergraph): Drop idx param from add_cfg_edge. |
| (supergraph::add_cfg_edge): Drop idx param. |
| (switch_cfg_superedge::switch_cfg_superedge): Move here from |
| header. Populate m_case_labels with all cases which go to DST. |
| (switch_cfg_superedge::dump_label_to_pp): Reimplement to use |
| m_case_labels. |
| (switch_cfg_superedge::get_case_label): Delete. |
| * supergraph.h (supergraphadd_cfg_edge): Drop "idx" param. |
| (switch_cfg_superedge::switch_cfg_superedge): Drop idx param and |
| move implementation to supergraph.cc. |
| (switch_cfg_superedge::get_case_label): Delete. |
| (switch_cfg_superedge::get_case_labels): New. |
| (switch_cfg_superedge::m_idx): Delete. |
| (switch_cfg_superedge::m_case_labels): New field. |
| |
| 2021-08-23 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/101875 |
| * sm-file.cc (file_diagnostic::describe_state_change): Handle |
| change.m_expr being NULL. |
| |
| 2021-08-23 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/101837 |
| * analyzer.cc (maybe_reconstruct_from_def_stmt): Bail if fn is |
| NULL, and assert that it's non-NULL before passing it to |
| build_call_array_loc. |
| |
| 2021-08-23 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/101962 |
| * region-model.cc (region_model::eval_condition_without_cm): |
| Refactor comparison against zero, adding a check for |
| POINTER_PLUS_EXPR of non-NULL. |
| |
| 2021-08-23 David Malcolm <dmalcolm@redhat.com> |
| |
| * store.cc (bit_range::intersects_p): New overload. |
| (bit_range::operator-): New. |
| (binding_cluster::maybe_get_compound_binding): Handle the partial |
| overlap case. |
| (selftest::test_bit_range_intersects_p): Add test coverage for |
| new overload of bit_range::intersects_p. |
| * store.h (bit_range::intersects_p): New overload. |
| (bit_range::operator-): New. |
| |
| 2021-08-23 Ankur Saini <arsenic@sourceware.org> |
| |
| PR analyzer/102020 |
| * diagnostic-manager.cc |
| (diagnostic_manager::prune_for_sm_diagnostic)<case EK_CALL_EDGE>: Fix typo. |
| |
| 2021-08-21 Ankur Saini <arsenic@sourceware.org> |
| |
| PR analyzer/101980 |
| * diagnostic-manager.cc |
| (diagnostic_manager::prune_for_sm_diagnostic)<case EK_CALL_EDGE>: Use |
| caller_model only when the supergraph_edge doesn't exixt. |
| (diagnostic_manager::prune_for_sm_diagnostic)<case EK_RETURN_EDGE>: |
| Likewise. |
| * engine.cc (exploded_graph::create_dynamic_call): Rename to... |
| (exploded_graph::maybe_create_dynamic_call): ...this, return call |
| creation status. |
| (exploded_graph::process_node): Handle calls which were not dynamically |
| discovered. |
| * exploded-graph.h (exploded_graph::create_dynamic_call): Rename to... |
| (exploded_graph::maybe_create_dynamic_call): ...this. |
| * region-model.cc (region_model::update_for_gcall): New param, use it |
| to push call to frame. |
| (region_model::update_for_call_superedge): Pass callee function to |
| update_for_gcall. |
| * region-model.h (region_model::update_for_gcall): New param. |
| |
| 2021-08-18 Ankur Saini <arsenic@sourceware.org> |
| |
| PR analyzer/97114 |
| * region-model.cc (region_model::get_rvalue_1): Add case for |
| OBJ_TYPE_REF. |
| |
| 2021-08-18 Ankur Saini <arsenic@sourceware.org> |
| |
| PR analyzer/100546 |
| * analysis-plan.cc (analysis_plan::use_summary_p): Don't use call |
| summaries if there is no callgraph edge |
| * checker-path.cc (call_event::call_event): Handle calls events that |
| are not represented by a supergraph call edge |
| (return_event::return_event): Likewise. |
| (call_event::get_desc): Work with new call_event structure. |
| (return_event::get_desc): Likeise. |
| * checker-path.h (call_event::m_src_snode): New field. |
| (call_event::m_dest_snode): New field. |
| (return_event::m_src_snode): New field. |
| (return_event::m_dest_snode): New field. |
| * diagnostic-manager.cc |
| (diagnostic_manager::prune_for_sm_diagnostic)<case EK_CALL_EDGE>: |
| Refactor to work with edges without callgraph edge. |
| (diagnostic_manager::prune_for_sm_diagnostic)<case EK_RETURN_EDGE>: |
| Likewise. |
| * engine.cc (dynamic_call_info_t::update_model): New function. |
| (dynamic_call_info_t::add_events_to_path): New function. |
| (exploded_graph::create_dynamic_call): New function. |
| (exploded_graph::process_node): Work with dynamically discovered calls. |
| * exploded-graph.h (class dynamic_call_info_t): New class. |
| (exploded_graph::create_dynamic_call): New decl. |
| * program-point.cc (program_point::push_to_call_stack): New function. |
| (program_point::pop_from_call_stack): New function. |
| * program-point.h (program_point::push_to_call_stack): New decl. |
| (program_point::pop_from_call_stack): New decl. |
| * program-state.cc (program_state::push_call): New function. |
| (program_state::returning_call): New function. |
| * program-state.h (program_state::push_call): New decl. |
| (program_state::returning_call): New decl. |
| * region-model.cc (region_model::update_for_gcall) New function. |
| (region_model::update_for_return_gcall): New function. |
| (egion_model::update_for_call_superedge): Get the underlying gcall and |
| update for gcall. |
| (region_model::update_for_return_superedge): Likewise. |
| * region-model.h (region_model::update_for_gcall): New decl. |
| (region_model::update_for_return_gcall): New decl. |
| * state-purge.cc (state_purge_per_ssa_name::process_point): Update to |
| work with calls without underlying cgraph edge. |
| * supergraph.cc (supergraph::supergraph) Split snodes at every callsite. |
| * supergraph.h (supernode::get_returning_call) New accessor. |
| |
| 2021-08-04 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/101570 |
| * analyzer.cc (maybe_reconstruct_from_def_stmt): Add GIMPLE_ASM |
| case. |
| * analyzer.h (class asm_output_svalue): New forward decl. |
| (class reachable_regions): New forward decl. |
| * complexity.cc (complexity::from_vec_svalue): New. |
| * complexity.h (complexity::from_vec_svalue): New decl. |
| * engine.cc (feasibility_state::maybe_update_for_edge): Handle |
| asm stmts by calling on_asm_stmt. |
| * region-model-asm.cc: New file. |
| * region-model-manager.cc |
| (region_model_manager::maybe_fold_asm_output_svalue): New. |
| (region_model_manager::get_or_create_asm_output_svalue): New. |
| (region_model_manager::log_stats): Log m_asm_output_values_map. |
| * region-model.cc (region_model::on_stmt_pre): Handle GIMPLE_ASM. |
| * region-model.h (visitor::visit_asm_output_svalue): New. |
| (region_model_manager::get_or_create_asm_output_svalue): New decl. |
| (region_model_manager::maybe_fold_asm_output_svalue): New decl. |
| (region_model_manager::asm_output_values_map_t): New typedef. |
| (region_model_manager::m_asm_output_values_map): New field. |
| (region_model::on_asm_stmt): New. |
| * store.cc (binding_cluster::on_asm): New. |
| * store.h (binding_cluster::on_asm): New decl. |
| * svalue.cc (svalue::cmp_ptr): Handle SK_ASM_OUTPUT. |
| (asm_output_svalue::dump_to_pp): New. |
| (asm_output_svalue::dump_input): New. |
| (asm_output_svalue::input_idx_to_asm_idx): New. |
| (asm_output_svalue::accept): New. |
| * svalue.h (enum svalue_kind): Add SK_ASM_OUTPUT. |
| (svalue::dyn_cast_asm_output_svalue): New. |
| (class asm_output_svalue): New. |
| (is_a_helper <const asm_output_svalue *>::test): New. |
| (struct default_hash_traits<asm_output_svalue::key_t>): New. |
| |
| 2021-08-03 Jakub Jelinek <jakub@redhat.com> |
| |
| PR analyzer/101721 |
| * sm-malloc.cc (known_allocator_p): Only check DECL_FUNCTION_CODE on |
| BUILT_IN_NORMAL builtins. |
| |
| 2021-07-29 Ankur Saini <arsenic@sourceware.org> |
| |
| * call-string.cc (call_string::element_t::operator==): New operator. |
| (call_String::element_t::operator!=): New operator. |
| (call_string::element_t::get_caller_function): New function. |
| (call_string::element_t::get_callee_function): New function. |
| (call_string::call_string): Refactor to Initialise m_elements. |
| (call_string::operator=): Refactor to work with m_elements. |
| (call_string::operator==): Likewise. |
| (call_string::to_json): Likewise. |
| (call_string::hash): Refactor to hash e.m_caller. |
| (call_string::push_call): Refactor to work with m_elements. |
| (call_string::push_call): New overload to push call via supernodes. |
| (call_string::pop): Refactor to work with m_elements. |
| (call_string::calc_recursion_depth): Likewise. |
| (call_string::cmp): Likewise. |
| (call_string::validate): Likewise. |
| (call_string::operator[]): Likewise. |
| * call-string.h (class supernode): New forward decl. |
| (struct call_string::element_t): New struct. |
| (call_string::call_string): Refactor to initialise m_elements. |
| (call_string::bool empty_p): Refactor to work with m_elements. |
| (call_string::get_callee_node): New decl. |
| (call_string::get_caller_node): New decl. |
| (m_elements): Replaces m_return_edges. |
| * program-point.cc (program_point::get_function_at_depth): Refactor to |
| work with new call-string format. |
| (program_point::validate): Likewise. |
| (program_point::on_edge): Likewise. |
| |
| 2021-07-28 David Malcolm <dmalcolm@redhat.com> |
| |
| * region-model.cc (region_model::on_call_pre): Treat |
| IFN_UBSAN_BOUNDS, BUILT_IN_STACK_SAVE, and BUILT_IN_STACK_RESTORE |
| as no-ops, rather than handling them as unknown functions. |
| |
| 2021-07-28 David Malcolm <dmalcolm@redhat.com> |
| |
| * region-model-impl-calls.cc (region_model::impl_call_alloca): |
| Drop redundant return value. |
| (region_model::impl_call_builtin_expect): Likewise. |
| (region_model::impl_call_calloc): Likewise. |
| (region_model::impl_call_malloc): Likewise. |
| (region_model::impl_call_memset): Likewise. |
| (region_model::impl_call_operator_new): Likewise. |
| (region_model::impl_call_operator_delete): Likewise. |
| (region_model::impl_call_strlen): Likewise. |
| * region-model.cc (region_model::on_call_pre): Fix return value of |
| known functions that don't have unknown side-effects. |
| * region-model.h (region_model::impl_call_alloca): Drop redundant |
| return value. |
| (region_model::impl_call_builtin_expect): Likewise. |
| (region_model::impl_call_calloc): Likewise. |
| (region_model::impl_call_malloc): Likewise. |
| (region_model::impl_call_memset): Likewise. |
| (region_model::impl_call_strlen): Likewise. |
| (region_model::impl_call_operator_new): Likewise. |
| (region_model::impl_call_operator_delete): Likewise. |
| |
| 2021-07-28 Siddhesh Poyarekar <siddhesh@gotplt.org> |
| |
| * analyzer.cc (is_named_call_p, is_std_named_call_p): Make |
| first argument a const_tree. |
| * analyzer.h (is_named_call_p, -s_std_named_call_p): Likewise. |
| * sm-malloc.cc (known_allocator_p): New function. |
| (malloc_state_machine::on_stmt): Use it. |
| |
| 2021-07-28 Siddhesh Poyarekar <siddhesh@gotplt.org> |
| |
| * sm-malloc.cc |
| (malloc_state_machine::get_or_create_deallocator): Recognize |
| __builtin_free. |
| |
| 2021-07-26 David Malcolm <dmalcolm@redhat.com> |
| |
| * region-model.cc (region_model::on_call_pre): Always set conjured |
| LHS, not just for SSA names. |
| |
| 2021-07-23 David Malcolm <dmalcolm@redhat.com> |
| |
| * diagnostic-manager.cc |
| (class auto_disable_complexity_checks): New. |
| (epath_finder::explore_feasible_paths): Use it to disable |
| complexity checks whilst processing the worklist. |
| * region-model-manager.cc |
| (region_model_manager::region_model_manager): Initialize |
| m_check_complexity. |
| (region_model_manager::reject_if_too_complex): Bail if |
| m_check_complexity is false. |
| * region-model.h |
| (region_model_manager::enable_complexity_check): New. |
| (region_model_manager::disable_complexity_check): New. |
| (region_model_manager::m_check_complexity): New. |
| |
| 2021-07-21 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/101547 |
| * sm-file.cc (file_leak::emit): Handle m_arg being NULL. |
| (file_leak::describe_final_event): Handle ev.m_expr being NULL. |
| |
| 2021-07-21 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/101522 |
| * store.cc (binding_cluster::purge_state_involving): Don't change |
| m_map whilst iterating through it. |
| |
| 2021-07-21 David Malcolm <dmalcolm@redhat.com> |
| |
| * region-model.cc (region_model::handle_phi): Add "old_state" |
| param and use it. |
| (region_model::update_for_phis): Update so that all of the phi |
| stmts are effectively handled simultaneously, rather than in |
| order. |
| * region-model.h (region_model::handle_phi): Add "old_state" |
| param. |
| * state-purge.cc (self_referential_phi_p): Replace with... |
| (name_used_by_phis_p): ...this new function. |
| (state_purge_per_ssa_name::process_point): Update to use the |
| above, so that all phi stmts at a basic block are effectively |
| considered simultaneously, and only consider the phi arguments for |
| the pertinent in-edge. |
| * supergraph.cc (cfg_superedge::get_phi_arg_idx): New. |
| (cfg_superedge::get_phi_arg): Use the above. |
| * supergraph.h (cfg_superedge::get_phi_arg_idx): New decl. |
| |
| 2021-07-21 David Malcolm <dmalcolm@redhat.com> |
| |
| * state-purge.cc (state_purge_annotator::add_node_annotations): |
| Rather than erroneously always using the NULL in-edge, determine |
| each relevant in-edge, and print the appropriate data for each |
| in-edge. Use print_needed to print the data as comma-separated |
| lists of SSA names. |
| (print_vec_of_names): Add "within_table" param and use it. |
| (state_purge_annotator::add_stmt_annotations): Factor out |
| collation and printing code into... |
| (state_purge_annotator::print_needed): ...this new function. |
| * state-purge.h (state_purge_annotator::print_needed): New decl. |
| |
| 2021-07-21 David Malcolm <dmalcolm@redhat.com> |
| |
| * program-point.cc (function_point::print): Show src BB index at |
| BEFORE_SUPERNODE. |
| |
| 2021-07-21 David Malcolm <dmalcolm@redhat.com> |
| |
| * svalue.cc (infix_p): New. |
| (binop_svalue::dump_to_pp): Use it to print MIN_EXPR and MAX_EXPR |
| in prefix form, rather than infix. |
| |
| 2021-07-19 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/101503 |
| * constraint-manager.cc (constraint_manager::add_constraint): Use |
| can_have_associated_state_p rather than testing for unknown. |
| (constraint_manager::get_or_add_equiv_class): Likewise. |
| * program-state.cc (sm_state_map::set_state): Likewise. |
| (sm_state_map::impl_set_state): Add assertion. |
| * region-model-manager.cc |
| (region_model_manager::maybe_fold_unaryop): Handle poisoned |
| values. |
| (region_model_manager::maybe_fold_binop): Move handling of unknown |
| values... |
| (region_model_manager::get_or_create_binop): ...to here, and |
| generalize to use can_have_associated_state_p. |
| (region_model_manager::maybe_fold_sub_svalue): Use |
| can_have_associated_state_p rather than testing for unknown. |
| (region_model_manager::maybe_fold_repeated_svalue): Use unknown |
| when the size or repeated value is "unknown"/"poisoned". |
| * region-model.cc (region_model::purge_state_involving): Reject |
| attempts to purge unknown/poisoned svalues, as these svalues |
| should not have state associated with them. |
| * svalue.cc (sub_svalue::sub_svalue): Assert that we're building |
| on top of an svalue with can_have_associated_state_p. |
| (repeated_svalue::repeated_svalue): Likewise. |
| (bits_within_svalue::bits_within_svalue): Likewise. |
| * svalue.h (svalue::can_have_associated_state_p): New. |
| (unknown_svalue::can_have_associated_state_p): New. |
| (poisoned_svalue::can_have_associated_state_p): New. |
| (unaryop_svalue::unaryop_svalue): Assert that we're building on |
| top of an svalue with can_have_associated_state_p. |
| (binop_svalue::binop_svalue): Likewise. |
| (widening_svalue::widening_svalue): Likewise. |
| |
| 2021-07-16 David Malcolm <dmalcolm@redhat.com> |
| |
| * analyzer.h (enum access_direction): New. |
| * engine.cc (exploded_node::on_longjmp): Update for new param of |
| get_store_value. |
| * program-state.cc (program_state::prune_for_point): Likewise. |
| * region-model-impl-calls.cc (region_model::impl_call_memcpy): |
| Replace call to check_for_writable_region with call to |
| check_region_for_write. |
| (region_model::impl_call_memset): Likewise. |
| (region_model::impl_call_strcpy): Likewise. |
| * region-model-reachability.cc (reachable_regions::add): Update |
| for new param of get_store_value. |
| * region-model.cc (region_model::get_rvalue_1): Likewise, also for |
| get_rvalue_for_bits. |
| (region_model::get_store_value): Add ctxt param and use it to call |
| check_region_for_read. |
| (region_model::get_rvalue_for_bits): Add ctxt param and use it to |
| call get_store_value. |
| (region_model::check_region_access): New. |
| (region_model::check_region_for_write): New. |
| (region_model::check_region_for_read): New. |
| (region_model::set_value): Update comment. Replace call to |
| check_for_writable_region with call to check_region_for_write. |
| * region-model.h (region_model::get_rvalue_for_bits): Add ctxt |
| param. |
| (region_model::get_store_value): Add ctxt param. |
| (region_model::check_region_access): New decl. |
| (region_model::check_region_for_write): New decl. |
| (region_model::check_region_for_read): New decl. |
| * region.cc (region_model::copy_region): Update call to |
| get_store_value. |
| * svalue.cc (initial_svalue::implicitly_live_p): Likewise. |
| |
| 2021-07-16 David Malcolm <dmalcolm@redhat.com> |
| |
| * engine.cc (exploded_node::on_stmt_pre): Handle |
| __analyzer_dump_state. |
| * program-state.cc (extrinsic_state::get_sm_idx_by_name): New. |
| (program_state::impl_call_analyzer_dump_state): New. |
| * program-state.h (extrinsic_state::get_sm_idx_by_name): New decl. |
| (program_state::impl_call_analyzer_dump_state): New decl. |
| * region-model-impl-calls.cc |
| (call_details::get_arg_string_literal): New. |
| * region-model.h (call_details::get_arg_string_literal): New decl. |
| |
| 2021-07-16 David Malcolm <dmalcolm@redhat.com> |
| |
| * program-state.cc (program_state::detect_leaks): Simplify using |
| svalue::maybe_get_region. |
| * region-model-impl-calls.cc (region_model::impl_call_fgets): Likewise. |
| (region_model::impl_call_fread): Likewise. |
| (region_model::impl_call_free): Likewise. |
| (region_model::impl_call_operator_delete): Likewise. |
| * region-model.cc (selftest::test_stack_frames): Likewise. |
| (selftest::test_state_merging): Likewise. |
| * svalue.cc (svalue::maybe_get_region): New. |
| * svalue.h (svalue::maybe_get_region): New decl. |
| |
| 2021-07-15 David Malcolm <dmalcolm@redhat.com> |
| |
| * svalue.h (is_a_helper <placeholder_svalue *>::test): Make |
| param and template param const. |
| (is_a_helper <widening_svalue *>::test): Likewise. |
| (is_a_helper <compound_svalue *>::test): Likewise. |
| (is_a_helper <conjured_svalue *>::test): Likewise. |
| |
| 2021-07-15 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/95006 |
| PR analyzer/94713 |
| PR analyzer/94714 |
| * analyzer.cc (maybe_reconstruct_from_def_stmt): Split out |
| GIMPLE_ASSIGN case into... |
| (get_diagnostic_tree_for_gassign_1): New. |
| (get_diagnostic_tree_for_gassign): New. |
| * analyzer.h (get_diagnostic_tree_for_gassign): New decl. |
| * analyzer.opt (Wanalyzer-write-to-string-literal): New. |
| * constraint-manager.cc (class svalue_purger): New. |
| (constraint_manager::purge_state_involving): New. |
| * constraint-manager.h |
| (constraint_manager::purge_state_involving): New. |
| * diagnostic-manager.cc (saved_diagnostic::supercedes_p): New. |
| (dedupe_winners::handle_interactions): New. |
| (diagnostic_manager::emit_saved_diagnostics): Call it. |
| * diagnostic-manager.h (saved_diagnostic::supercedes_p): New decl. |
| * engine.cc (impl_region_model_context::warn): Convert return type |
| to bool. Return false if the diagnostic isn't saved. |
| (impl_region_model_context::purge_state_involving): New. |
| (impl_sm_context::get_state): Use NULL ctxt when querying old |
| rvalue. |
| (impl_sm_context::set_next_state): Use new sval when querying old |
| state. |
| (class dump_path_diagnostic): Move to region-model.cc |
| (exploded_node::on_stmt): Move to on_stmt_pre and on_stmt_post. |
| Remove call to purge_state_involving. |
| (exploded_node::on_stmt_pre): New, based on the above. Move most |
| of it to region_model::on_stmt_pre. |
| (exploded_node::on_stmt_post): Likewise, moving to |
| region_model::on_stmt_post. |
| (class stale_jmp_buf): Fix parent class to use curiously recurring |
| template pattern. |
| (feasibility_state::maybe_update_for_edge): Call on_call_pre and |
| on_call_post on gcalls. |
| * exploded-graph.h (impl_region_model_context::warn): Return bool. |
| (impl_region_model_context::purge_state_involving): New decl. |
| (exploded_node::on_stmt_pre): New decl. |
| (exploded_node::on_stmt_post): New decl. |
| * pending-diagnostic.h (pending_diagnostic::use_of_uninit_p): New. |
| (pending_diagnostic::supercedes_p): New. |
| * program-state.cc (sm_state_map::get_state): Inherit state for |
| conjured_svalue as well as initial_svalue. |
| (sm_state_map::purge_state_involving): Also support SK_CONJURED. |
| * region-model-impl-calls.cc (call_details::get_uncertainty): |
| Handle m_ctxt being NULL. |
| (call_details::get_or_create_conjured_svalue): New. |
| (region_model::impl_call_fgets): New. |
| (region_model::impl_call_fread): New. |
| * region-model-manager.cc |
| (region_model_manager::get_or_create_initial_value): Return an |
| uninitialized poisoned value for regions that can't have initial |
| values. |
| * region-model-reachability.cc |
| (reachable_regions::mark_escaped_clusters): Handle ctxt being |
| NULL. |
| * region-model.cc (region_to_value_map::purge_state_involving): New. |
| (poisoned_value_diagnostic::use_of_uninit_p): New. |
| (poisoned_value_diagnostic::emit): Handle POISON_KIND_UNINIT. |
| (poisoned_value_diagnostic::describe_final_event): Likewise. |
| (region_model::check_for_poison): New. |
| (region_model::on_assignment): Call it. |
| (class dump_path_diagnostic): Move here from engine.cc. |
| (region_model::on_stmt_pre): New, based on exploded_node::on_stmt. |
| (region_model::on_call_pre): Move the setting of the LHS to a |
| conjured svalue to before the checks for specific functions. |
| Handle "fgets", "fgets_unlocked", and "fread". |
| (region_model::purge_state_involving): New. |
| (region_model::handle_unrecognized_call): Handle ctxt being NULL. |
| (region_model::get_rvalue): Call check_for_poison. |
| (selftest::test_stack_frames): Use NULL for context when getting |
| uninitialized rvalue. |
| (selftest::test_alloca): Likewise. |
| * region-model.h (region_to_value_map::purge_state_involving): New |
| decl. |
| (call_details::get_or_create_conjured_svalue): New decl. |
| (region_model::on_stmt_pre): New decl. |
| (region_model::purge_state_involving): New decl. |
| (region_model::impl_call_fgets): New decl. |
| (region_model::impl_call_fread): New decl. |
| (region_model::check_for_poison): New decl. |
| (region_model_context::warn): Return bool. |
| (region_model_context::purge_state_involving): New. |
| (noop_region_model_context::warn): Return bool. |
| (noop_region_model_context::purge_state_involving): New. |
| (test_region_model_context:: warn): Return bool. |
| * region.cc (region::get_memory_space): New. |
| (region::can_have_initial_svalue_p): New. |
| (region::involves_p): New. |
| * region.h (enum memory_space): New. |
| (region::get_memory_space): New decl. |
| (region::can_have_initial_svalue_p): New decl. |
| (region::involves_p): New decl. |
| * sm-malloc.cc (use_after_free::supercedes_p): New. |
| * store.cc (binding_cluster::purge_state_involving): New. |
| (store::purge_state_involving): New. |
| * store.h (class symbolic_binding): New forward decl. |
| (binding_key::dyn_cast_symbolic_binding): New. |
| (symbolic_binding::dyn_cast_symbolic_binding): New. |
| (binding_cluster::purge_state_involving): New. |
| (store::purge_state_involving): New. |
| * svalue.cc (svalue::can_merge_p): Reject attempts to merge |
| poisoned svalues with other svalues, so that we identify |
| paths in which a variable is conditionally uninitialized. |
| (involvement_visitor::visit_conjured_svalue): New. |
| (svalue::involves_p): Also handle SK_CONJURED. |
| (poison_kind_to_str): Handle POISON_KIND_UNINIT. |
| (poisoned_svalue::maybe_fold_bits_within): New. |
| * svalue.h (enum poison_kind): Add POISON_KIND_UNINIT. |
| (poisoned_svalue::maybe_fold_bits_within): New decl. |
| |
| 2021-07-15 David Malcolm <dmalcolm@redhat.com> |
| |
| * analyzer.opt (fdump-analyzer-exploded-paths): New. |
| * diagnostic-manager.cc |
| (diagnostic_manager::emit_saved_diagnostic): Implement it. |
| * engine.cc (exploded_path::dump_to_pp): Add ext_state param and |
| use it to dump states if non-NULL. |
| (exploded_path::dump): Likewise. |
| (exploded_path::dump_to_file): New. |
| * exploded-graph.h (exploded_path::dump_to_pp): Add ext_state |
| param. |
| (exploded_path::dump): Likewise. |
| (exploded_path::dump): Likewise. |
| (exploded_path::dump_to_file): New. |
| |
| 2021-07-15 David Malcolm <dmalcolm@redhat.com> |
| |
| * analyzer.cc (fixup_tree_for_diagnostic_1): Use DECL_DEBUG_EXPR |
| if it's available. |
| * engine.cc (readability): Likewise. |
| |
| 2021-07-15 David Malcolm <dmalcolm@redhat.com> |
| |
| * state-purge.cc (self_referential_phi_p): New. |
| (state_purge_per_ssa_name::process_point): Don't purge an SSA name |
| at its def-stmt if the def-stmt is self-referential. |
| |
| 2021-07-07 David Malcolm <dmalcolm@redhat.com> |
| |
| * diagnostic-manager.cc (null_assignment_sm_context::get_state): |
| New overload. |
| (null_assignment_sm_context::set_next_state): New overload. |
| (null_assignment_sm_context::get_diagnostic_tree): New. |
| * engine.cc (impl_sm_context::get_state): New overload. |
| (impl_sm_context::set_next_state): New overload. |
| (impl_sm_context::get_diagnostic_tree): New overload. |
| (impl_region_model_context::on_condition): Convert params from |
| tree to const svalue *. |
| * exploded-graph.h (impl_region_model_context::on_condition): |
| Likewise. |
| * region-model.cc (region_model::on_call_pre): Move handling of |
| internal calls to before checking for get_fndecl_for_call. |
| (region_model::add_constraints_from_binop): New. |
| (region_model::add_constraint): Split out into a new overload |
| working on const svalue * rather than tree. Call |
| add_constraints_from_binop. Drop call to |
| add_any_constraints_from_ssa_def_stmt. |
| (region_model::add_any_constraints_from_ssa_def_stmt): Delete. |
| (region_model::add_any_constraints_from_gassign): Delete. |
| (region_model::add_any_constraints_from_gcall): Delete. |
| * region-model.h |
| (region_model::add_any_constraints_from_ssa_def_stmt): Delete. |
| (region_model::add_any_constraints_from_gassign): Delete. |
| (region_model::add_any_constraints_from_gcall): Delete. |
| (region_model::add_constraint): Add overload decl. |
| (region_model::add_constraints_from_binop): New decl. |
| (region_model_context::on_condition): Convert params from tree to |
| const svalue *. |
| (noop_region_model_context::on_condition): Likewise. |
| * sm-file.cc (fileptr_state_machine::condition): Likewise. |
| * sm-malloc.cc (malloc_state_machine::on_condition): Likewise. |
| * sm-pattern-test.cc: Include tristate.h, selftest.h, |
| analyzer/call-string.h, analyzer/program-point.h, |
| analyzer/store.h, and analyzer/region-model.h. |
| (pattern_test_state_machine::on_condition): Convert params from tree to |
| const svalue *. |
| * sm-sensitive.cc (sensitive_state_machine::on_condition): Delete. |
| * sm-signal.cc (signal_state_machine::on_condition): Delete. |
| * sm-taint.cc (taint_state_machine::on_condition): Convert params |
| from tree to const svalue *. |
| * sm.cc: Include tristate.h, selftest.h, analyzer/call-string.h, |
| analyzer/program-point.h, analyzer/store.h, and |
| analyzer/region-model.h. |
| (any_pointer_p): Add overload taking const svalue *sval. |
| * sm.h (any_pointer_p): Add overload taking const svalue *sval. |
| (state_machine::on_condition): Convert params from tree to |
| const svalue *. Provide no-op default implementation. |
| (sm_context::get_state): Add overload taking const svalue *sval. |
| (sm_context::set_next_state): Likewise. |
| (sm_context::on_transition): Likewise. |
| (sm_context::get_diagnostic_tree): Likewise. |
| * svalue.cc (svalue::all_zeroes_p): New. |
| (constant_svalue::all_zeroes_p): New. |
| (repeated_svalue::all_zeroes_p): Convert to vfunc. |
| * svalue.h (svalue::all_zeroes_p): New decl. |
| (constant_svalue::all_zeroes_p): New decl. |
| (repeated_svalue::all_zeroes_p): Convert decl to vfunc. |
| |
| 2021-06-30 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/95006 |
| * analyzer.h (class repeated_svalue): New forward decl. |
| (class bits_within_svalue): New forward decl. |
| (class sized_region): New forward decl. |
| (get_field_at_bit_offset): New forward decl. |
| * engine.cc (exploded_graph::get_or_create_node): Validate the |
| merged state. |
| (exploded_graph::maybe_process_run_of_before_supernode_enodes): |
| Validate the states at each stage. |
| * program-state.cc (program_state::validate): Validate |
| m_region_model. |
| * region-model-impl-calls.cc (region_model::impl_call_memset): |
| Replace special-case logic for handling constant sizes with |
| a call to fill_region of a sized_region with the given fill value. |
| * region-model-manager.cc (maybe_undo_optimize_bit_field_compare): |
| Drop DK_direct. |
| (region_model_manager::maybe_fold_sub_svalue): Fold element-based |
| subregions of an initial value into initial values of an element. |
| Fold subvalues of repeated svalues. |
| (region_model_manager::maybe_fold_repeated_svalue): New. |
| (region_model_manager::get_or_create_repeated_svalue): New. |
| (get_bit_range_for_field): New. |
| (get_byte_range_for_field): New. |
| (get_field_at_byte_range): New. |
| (region_model_manager::maybe_fold_bits_within_svalue): New. |
| (region_model_manager::get_or_create_bits_within): New. |
| (region_model_manager::get_sized_region): New. |
| (region_model_manager::log_stats): Update for addition of |
| m_repeated_values_map, m_bits_within_values_map, and |
| m_sized_regions. |
| * region-model.cc (region_model::validate): New. |
| (region_model::on_assignment): Drop enum binding_kind. |
| (region_model::get_initial_value_for_global): Likewise. |
| (region_model::get_rvalue_for_bits): Replace body with call to |
| get_or_create_bits_within. |
| (region_model::get_capacity): Handle RK_SIZED. |
| (region_model::set_value): Drop enum binding_kind. |
| (region_model::fill_region): New. |
| (region_model::get_representative_path_var_1): Handle RK_SIZED. |
| * region-model.h (visitor::visit_repeated_svalue): New. |
| (visitor::visit_bits_within_svalue): New. |
| (region_model_manager::get_or_create_repeated_svalue): New decl. |
| (region_model_manager::get_or_create_bits_within): New decl. |
| (region_model_manager::get_sized_region): New decl. |
| (region_model_manager::maybe_fold_repeated_svalue): New decl. |
| (region_model_manager::maybe_fold_bits_within_svalue): New decl. |
| (region_model_manager::repeated_values_map_t): New typedef. |
| (region_model_manager::m_repeated_values_map): New field. |
| (region_model_manager::bits_within_values_map_t): New typedef. |
| (region_model_manager::m_bits_within_values_map): New field. |
| (region_model_manager::m_sized_regions): New field. |
| (region_model::fill_region): New decl. |
| * region.cc (region::get_base_region): Handle RK_SIZED. |
| (region::base_region_p): Likewise. |
| (region::get_byte_size_sval): New. |
| (get_field_at_bit_offset): Make non-static. |
| (region::calc_offset): Move implementation of cases to |
| get_relative_concrete_offset vfunc implementations. Handle |
| RK_SIZED. |
| (region::get_relative_concrete_offset): New. |
| (decl_region::get_svalue_for_initializer): Drop enum binding_kind. |
| (field_region::get_relative_concrete_offset): New, from |
| region::calc_offset. |
| (element_region::get_relative_concrete_offset): Likewise. |
| (offset_region::get_relative_concrete_offset): Likewise. |
| (sized_region::accept): New. |
| (sized_region::dump_to_pp): New. |
| (sized_region::get_byte_size): New. |
| (sized_region::get_bit_size): New. |
| * region.h (enum region_kind): Add RK_SIZED. |
| (region::dyn_cast_sized_region): New. |
| (region::get_byte_size): Make virtual. |
| (region::get_bit_size): Likewise. |
| (region::get_byte_size_sval): New decl. |
| (region::get_relative_concrete_offset): New decl. |
| (field_region::get_relative_concrete_offset): New decl. |
| (element_region::get_relative_concrete_offset): Likewise. |
| (offset_region::get_relative_concrete_offset): Likewise. |
| (class sized_region): New. |
| * store.cc (binding_kind_to_string): Delete. |
| (binding_key::make): Drop enum binding_kind. |
| (binding_key::dump_to_pp): Delete. |
| (binding_key::cmp_ptrs): Drop enum binding_kind. |
| (bit_range::contains_p): New. |
| (byte_range::dump): New. |
| (byte_range::contains_p): New. |
| (byte_range::cmp): New. |
| (concrete_binding::dump_to_pp): Drop enum binding_kind. |
| (concrete_binding::cmp_ptr_ptr): Likewise. |
| (symbolic_binding::dump_to_pp): Likewise. |
| (symbolic_binding::cmp_ptr_ptr): Likewise. |
| (binding_map::apply_ctor_val_to_range): Likewise. |
| (binding_map::apply_ctor_pair_to_child_region): Likewise. |
| (binding_map::get_overlapping_bindings): New. |
| (binding_map::remove_overlapping_bindings): New. |
| (binding_cluster::validate): New. |
| (binding_cluster::bind): Drop enum binding_kind. |
| (binding_cluster::bind_compound_sval): Likewise. |
| (binding_cluster::purge_region): Likewise. |
| (binding_cluster::zero_fill_region): Reimplement in terms of... |
| (binding_cluster::fill_region): New. |
| (binding_cluster::mark_region_as_unknown): Drop enum binding_kind. |
| (binding_cluster::get_binding): Likewise. |
| (binding_cluster::get_binding_recursive): Likewise. |
| (binding_cluster::get_any_binding): Likewise. |
| (binding_cluster::maybe_get_compound_binding): Reimplement. |
| (binding_cluster::get_overlapping_bindings): Delete. |
| (binding_cluster::remove_overlapping_bindings): Reimplement in |
| terms of binding_map::remove_overlapping_bindings. |
| (binding_cluster::can_merge_p): Update for removal of |
| enum binding_kind. |
| (binding_cluster::on_unknown_fncall): Drop enum binding_kind. |
| (binding_cluster::maybe_get_simple_value): Likewise. |
| (store_manager::get_concrete_binding): Likewise. |
| (store_manager::get_symbolic_binding): Likewise. |
| (store::validate): New. |
| (store::set_value): Drop enum binding_kind. |
| (store::zero_fill_region): Reimplement in terms of... |
| (store::fill_region): New. |
| (selftest::test_binding_key_overlap): Drop enum binding_kind. |
| * store.h (enum binding_kind): Delete. |
| (binding_kind_to_string): Delete decl. |
| (binding_key::make): Drop enum binding_kind. |
| (binding_key::dump_to_pp): Make pure virtual. |
| (binding_key::get_kind): Delete. |
| (binding_key::mark_deleted): Delete. |
| (binding_key::mark_empty): Delete. |
| (binding_key::is_deleted): Delete. |
| (binding_key::is_empty): Delete. |
| (binding_key::binding_key): Delete. |
| (binding_key::impl_hash): Delete. |
| (binding_key::impl_eq): Delete. |
| (binding_key::m_kind): Delete. |
| (bit_range::get_last_bit_offset): New. |
| (bit_range::contains_p): New. |
| (byte_range::contains_p): New. |
| (byte_range::operator==): New. |
| (byte_range::get_start_byte_offset): New. |
| (byte_range::get_next_byte_offset): New. |
| (byte_range::get_last_byte_offset): New. |
| (byte_range::as_bit_range): New. |
| (byte_range::cmp): New. |
| (concrete_binding::concrete_binding): Drop enum binding_kind. |
| (concrete_binding::hash): Likewise. |
| (concrete_binding::operator==): Likewise. |
| (concrete_binding::mark_deleted): New. |
| (concrete_binding::mark_empty): New. |
| (concrete_binding::is_deleted): New. |
| (concrete_binding::is_empty): New. |
| (default_hash_traits<ana::concrete_binding>::empty_zero_p): Make false. |
| (symbolic_binding::symbolic_binding): Drop enum binding_kind. |
| (symbolic_binding::hash): Likewise. |
| (symbolic_binding::operator==): Likewise. |
| (symbolic_binding::mark_deleted): New. |
| (symbolic_binding::mark_empty): New. |
| (symbolic_binding::is_deleted): New. |
| (symbolic_binding::is_empty): New. |
| (binding_map::remove_overlapping_bindings): New decl. |
| (binding_map::get_overlapping_bindings): New decl. |
| (binding_cluster::validate): New decl. |
| (binding_cluster::bind): Drop enum binding_kind. |
| (binding_cluster::fill_region): New decl. |
| (binding_cluster::get_binding): Drop enum binding_kind. |
| (binding_cluster::get_binding_recursive): Likewise. |
| (binding_cluster::get_overlapping_bindings): Delete. |
| (store::validate): New decl. |
| (store::set_value): Drop enum binding_kind. |
| (store::fill_region): New decl. |
| (store_manager::get_concrete_binding): Drop enum binding_kind. |
| (store_manager::get_symbolic_binding): Likewise. |
| * svalue.cc (svalue::cmp_ptr): Handle SK_REPEATED and |
| SK_BITS_WITHIN. |
| (svalue::extract_bit_range): New. |
| (svalue::maybe_fold_bits_within): New. |
| (constant_svalue::maybe_fold_bits_within): New. |
| (unknown_svalue::maybe_fold_bits_within): New. |
| (unaryop_svalue::maybe_fold_bits_within): New. |
| (repeated_svalue::repeated_svalue): New. |
| (repeated_svalue::dump_to_pp): New. |
| (repeated_svalue::accept): New. |
| (repeated_svalue::all_zeroes_p): New. |
| (repeated_svalue::maybe_fold_bits_within): New. |
| (bits_within_svalue::bits_within_svalue): New. |
| (bits_within_svalue::dump_to_pp): New. |
| (bits_within_svalue::maybe_fold_bits_within): New. |
| (bits_within_svalue::accept): New. |
| (bits_within_svalue::implicitly_live_p): New. |
| (compound_svalue::maybe_fold_bits_within): New. |
| * svalue.h (enum svalue_kind): Add SK_REPEATED and SK_BITS_WITHIN. |
| (svalue::dyn_cast_repeated_svalue): New. |
| (svalue::dyn_cast_bits_within_svalue): New. |
| (svalue::extract_bit_range): New decl. |
| (svalue::maybe_fold_bits_within): New vfunc decl. |
| (region_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE. |
| (region_svalue::key_t::is_empty): Likewise. |
| (default_hash_traits<region_svalue::key_t>::empty_zero_p): Make false. |
| (constant_svalue::maybe_fold_bits_within): New. |
| (unknown_svalue::maybe_fold_bits_within): New. |
| (poisoned_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE. |
| (poisoned_svalue::key_t::is_empty): Likewise. |
| (default_hash_traits<poisoned_svalue::key_t>::empty_zero_p): Make |
| false. |
| (setjmp_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE. |
| (setjmp_svalue::key_t::is_empty): Likewise. |
| (default_hash_traits<setjmp_svalue::key_t>::empty_zero_p): Make |
| false. |
| (unaryop_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE. |
| (unaryop_svalue::key_t::is_empty): Likewise. |
| (unaryop_svalue::maybe_fold_bits_within): New. |
| (default_hash_traits<unaryop_svalue::key_t>::empty_zero_p): Make |
| false. |
| (binop_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE. |
| (binop_svalue::key_t::is_empty): Likewise. |
| (default_hash_traits<binop_svalue::key_t>::empty_zero_p): Make |
| false. |
| (sub_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE. |
| (sub_svalue::key_t::is_empty): Likewise. |
| (default_hash_traits<sub_svalue::key_t>::empty_zero_p): Make |
| false. |
| (class repeated_svalue): New. |
| (is_a_helper <const repeated_svalue *>::test): New. |
| (struct default_hash_traits<repeated_svalue::key_t>): New. |
| (class bits_within_svalue): New. |
| (is_a_helper <const bits_within_svalue *>::test): New. |
| (struct default_hash_traits<bits_within_svalue::key_t>): New. |
| (widening_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE. |
| (widening_svalue::key_t::is_empty): Likewise. |
| (default_hash_traits<widening_svalue::key_t>::empty_zero_p): Make |
| false. |
| (compound_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE. |
| (compound_svalue::key_t::is_empty): Likewise. |
| (compound_svalue::maybe_fold_bits_within): New. |
| (default_hash_traits<compound_svalue::key_t>::empty_zero_p): Make |
| false. |
| |
| 2021-06-28 David Malcolm <dmalcolm@redhat.com> |
| |
| * analyzer.h (byte_offset_t): New typedef. |
| * store.cc (bit_range::dump_to_pp): Dump as a byte range if |
| possible. |
| (bit_range::as_byte_range): New. |
| (byte_range::dump_to_pp): New. |
| * store.h (class byte_range): New forward decl. |
| (struct bit_range): Add comment. |
| (bit_range::as_byte_range): New decl. |
| (struct byte_range): New. |
| |
| 2021-06-22 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/101143 |
| * region-model.cc (compat_types_p): New function. |
| (region_model::create_region_for_heap_alloc): Convert assertion to |
| an error check. |
| (region_model::create_region_for_alloca): Likewise. |
| |
| 2021-06-18 David Malcolm <dmalcolm@redhat.com> |
| |
| * store.cc (binding_cluster::get_any_binding): Make symbolic reads |
| from a cluster with concrete bindings return unknown. |
| |
| 2021-06-18 David Malcolm <dmalcolm@redhat.com> |
| |
| * region-model-manager.cc |
| (region_model_manager::get_or_create_int_cst): New. |
| (region_model_manager::maybe_undo_optimize_bit_field_compare): Use |
| it to simplify away a local tree. |
| * region-model.cc (region_model::on_setjmp): Likewise. |
| (region_model::on_longjmp): Likewise. |
| * region-model.h (region_model_manager::get_or_create_int_cst): |
| New decl. |
| * store.cc (binding_cluster::zero_fill_region): Use it to simplify |
| away a local tree. |
| |
| 2021-06-18 David Malcolm <dmalcolm@redhat.com> |
| |
| * checker-path.cc (class custom_event): Make abstract to allow for |
| custom vfuncs, splitting existing implementation into... |
| (class precanned_custom_event): New subclass. |
| (custom_event::get_desc): Move to... |
| (precanned_custom_event::get_desc): ...subclass. |
| * checker-path.h (class custom_event): Make abstract to allow for |
| custom vfuncs, splitting existing implementation into... |
| (class precanned_custom_event): New subclass. |
| * diagnostic-manager.cc (diagnostic_manager::add_events_for_eedge): |
| Use precanned_custom_event. |
| * engine.cc |
| (stale_jmp_buf::maybe_add_custom_events_for_superedge): Likewise. |
| * sm-signal.cc (signal_delivery_edge_info_t::add_events_to_path): |
| Likewise. |
| |
| 2021-06-15 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/99212 |
| PR analyzer/101082 |
| * engine.cc: Include "target.h". |
| (impl_run_checkers): Log BITS_BIG_ENDIAN, BYTES_BIG_ENDIAN, and |
| WORDS_BIG_ENDIAN. |
| * region-model-manager.cc |
| (region_model_manager::maybe_fold_binop): Move support for masking |
| via ARG0 & CST into... |
| (region_model_manager::maybe_undo_optimize_bit_field_compare): |
| ...this new function. Flatten by converting from nested |
| conditionals to a series of early return statements to reject |
| failures. Reject if type is not unsigned_char_type_node. |
| Handle BYTES_BIG_ENDIAN when determining which bits are bound |
| in the binding_map. |
| * region-model.h |
| (region_model_manager::maybe_undo_optimize_bit_field_compare): |
| New decl. |
| * store.cc (bit_range::dump): New function. |
| * store.h (bit_range::dump): New decl. |
| |
| 2021-06-15 David Malcolm <dmalcolm@redhat.com> |
| |
| * engine.cc (exploded_node::on_stmt): Handle __analyzer_dump_capacity. |
| (exploded_node::on_stmt): Drop m_sm_changes from on_stmt_flags. |
| (state_change_requires_new_enode_p): New function... |
| (exploded_graph::process_node): Call it, rather than querying |
| flags.m_sm_changes, so that dynamic-extent differences can also |
| trigger the splitting of nodes. |
| * exploded-graph.h (struct on_stmt_flags): Drop field m_sm_changes. |
| * program-state.cc (program_state::detect_leaks): Purge dead |
| heap-allocated regions from dynamic extents. |
| (selftest::test_program_state_1): Fix type of "size_in_bytes". |
| (selftest::test_program_state_merging): Likewise. |
| * region-model-impl-calls.cc |
| (region_model::impl_call_analyzer_dump_capacity): New. |
| (region_model::impl_call_free): Remove dynamic extents from the |
| freed region. |
| * region-model-reachability.h |
| (reachable_regions::begin_mutable_base_regs): New. |
| (reachable_regions::end_mutable_base_regs): New. |
| * region-model.cc: Include "tree-object-size.h". |
| (region_model::region_model): Support new field m_dynamic_extents. |
| (region_model::operator=): Likewise. |
| (region_model::operator==): Likewise. |
| (region_model::dump_to_pp): Dump sizes of dynamic regions. |
| (region_model::handle_unrecognized_call): Purge dynamic extents |
| from any regions that have escaped mutably:. |
| (region_model::get_capacity): New function. |
| (region_model::add_constraint): Unset dynamic extents when a |
| heap-allocated region's address is NULL. |
| (region_model::unbind_region_and_descendents): Purge dynamic |
| extents of unbound regions. |
| (region_model::can_merge_with_p): Call |
| m_dynamic_extents.can_merge_with_p. |
| (region_model::create_region_for_heap_alloc): Assert that |
| size_in_bytes's type is compatible with size_type_node. Update |
| for renaming of record_dynamic_extents to set_dynamic_extents. |
| (region_model::create_region_for_alloca): Likewise. |
| (region_model::record_dynamic_extents): Rename to... |
| (region_model::set_dynamic_extents): ...this. Assert that |
| size_in_bytes's type is compatible with size_type_node. Add it |
| to the m_dynamic_extents map. |
| (region_model::get_dynamic_extents): New. |
| (region_model::unset_dynamic_extents): New. |
| (selftest::test_state_merging): Fix type of "size". |
| (selftest::test_malloc_constraints): Likewise. |
| (selftest::test_malloc): Verify dynamic extents. |
| (selftest::test_alloca): Likewise. |
| * region-model.h (region_to_value_map::is_empty): New. |
| (region_model::dynamic_extents_t): New typedef. |
| (region_model::impl_call_analyzer_dump_capacity): New decl. |
| (region_model::get_dynamic_extents): New function. |
| (region_model::get_dynamic_extents): New decl. |
| (region_model::set_dynamic_extents): New decl. |
| (region_model::unset_dynamic_extents): New decl. |
| (region_model::get_capacity): New decl. |
| (region_model::record_dynamic_extents): Rename to set_dynamic_extents. |
| (region_model::m_dynamic_extents): New field. |
| |
| 2021-06-15 David Malcolm <dmalcolm@redhat.com> |
| |
| * region-model.cc (region_to_value_map::operator=): New. |
| (region_to_value_map::operator==): New. |
| (region_to_value_map::dump_to_pp): New. |
| (region_to_value_map::dump): New. |
| (region_to_value_map::can_merge_with_p): New. |
| * region-model.h (class region_to_value_map): New class. |
| |
| 2021-06-13 Trevor Saunders <tbsaunde@tbsaunde.org> |
| |
| * call-string.cc (call_string::call_string): Use range based for |
| to iterate over vec<>. |
| (call_string::to_json): Likewise. |
| (call_string::hash): Likewise. |
| (call_string::calc_recursion_depth): Likewise. |
| * checker-path.cc (checker_path::fixup_locations): Likewise. |
| * constraint-manager.cc (equiv_class::equiv_class): Likewise. |
| (equiv_class::to_json): Likewise. |
| (equiv_class::hash): Likewise. |
| (constraint_manager::to_json): Likewise. |
| * engine.cc (impl_region_model_context::on_svalue_leak): |
| Likewise. |
| (on_liveness_change): Likewise. |
| (impl_region_model_context::on_unknown_change): Likewise. |
| * program-state.cc (sm_state_map::set_state): Likewise. |
| * region-model.cc (test_canonicalization_4): Likewise. |
| |
| 2021-06-11 David Malcolm <dmalcolm@redhat.com> |
| |
| * engine.cc (worklist::key_t::cmp): Move sort by call_string to |
| before SCC. |
| |
| 2021-06-09 David Malcolm <dmalcolm@redhat.com> |
| |
| * region-model.cc (region_model::get_lvalue_1): Make const. |
| (region_model::get_lvalue): Likewise. |
| (region_model::get_rvalue_1): Likewise. |
| (region_model::get_rvalue): Likewise. |
| (region_model::deref_rvalue): Likewise. |
| (region_model::get_rvalue_for_bits): Likewise. |
| * region-model.h (region_model::get_lvalue): Likewise. |
| (region_model::get_rvalue): Likewise. |
| (region_model::deref_rvalue): Likewise. |
| (region_model::get_rvalue_for_bits): Likewise. |
| (region_model::get_lvalue_1): Likewise. |
| (region_model::get_rvalue_1): Likewise. |
| |
| 2021-06-08 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/99212 |
| * region-model-manager.cc |
| (region_model_manager::maybe_fold_binop): Add support for folding |
| BIT_AND_EXPR of compound_svalue and a mask constant. |
| * region-model.cc (region_model::get_rvalue_1): Implement |
| BIT_FIELD_REF in terms of... |
| (region_model::get_rvalue_for_bits): New function. |
| * region-model.h (region_model::get_rvalue_for_bits): New decl. |
| * store.cc (bit_range::from_mask): New function. |
| (selftest::test_bit_range_intersects_p): New selftest. |
| (selftest::assert_bit_range_from_mask_eq): New. |
| (ASSERT_BIT_RANGE_FROM_MASK_EQ): New macro. |
| (selftest::assert_no_bit_range_from_mask_eq): New. |
| (ASSERT_NO_BIT_RANGE_FROM_MASK): New macro. |
| (selftest::test_bit_range_from_mask): New selftest. |
| (selftest::analyzer_store_cc_tests): Call the new selftests. |
| * store.h (bit_range::intersects_p): New. |
| (bit_range::from_mask): New decl. |
| (concrete_binding::get_bit_range): New accessor. |
| (store_manager::get_concrete_binding): New overload taking |
| const bit_range &. |
| |
| 2021-06-08 David Malcolm <dmalcolm@redhat.com> |
| |
| * analyzer.h (int_size_in_bits): New decl. |
| * region.cc (int_size_in_bits): New function. |
| (region::get_bit_size): Reimplement in terms of the above. |
| |
| 2021-06-08 David Malcolm <dmalcolm@redhat.com> |
| |
| * store.cc (concrete_binding::dump_to_pp): Move bulk of |
| implementation to... |
| (bit_range::dump_to_pp): ...this new function. |
| (bit_range::cmp): New. |
| (concrete_binding::overlaps_p): Update for use of bit_range. |
| (concrete_binding::cmp_ptr_ptr): Likewise. |
| * store.h (struct bit_range): New. |
| (class concrete_binding): Replace fields m_start_bit_offset and |
| m_size_in_bits with new field m_bit_range. |
| |
| 2021-06-08 David Malcolm <dmalcolm@redhat.com> |
| |
| * svalue.h (conjured_svalue::iterator_t): Delete. |
| |
| 2021-06-03 David Malcolm <dmalcolm@redhat.com> |
| |
| * store.h (store::get_direct_binding): Remove unused decl. |
| (store::get_default_binding): Likewise. |
| |
| 2021-06-03 David Malcolm <dmalcolm@redhat.com> |
| |
| * svalue.cc (poisoned_svalue::dump_to_pp): Dump type. |
| (compound_svalue::dump_to_pp): Dump any type. |
| |
| 2021-05-18 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/100615 |
| * sm-malloc.cc: Include "analyzer/function-set.h". |
| (malloc_state_machine::on_stmt): Call unaffected_by_call_p and |
| bail on the functions it recognizes. |
| (malloc_state_machine::unaffected_by_call_p): New. |
| |
| 2021-05-10 Martin Liska <mliska@suse.cz> |
| |
| * sm-file.cc (is_file_using_fn_p): Use startswith |
| function instead of strncmp. |
| |
| 2021-05-10 Martin Liska <mliska@suse.cz> |
| |
| * program-state.cc (program_state::operator=): Remove |
| __cplusplus >= 201103. |
| (program_state::program_state): Likewise. |
| * program-state.h: Likewise. |
| * region-model.h (class region_model): Remove dead code. |
| |
| 2021-04-24 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/100244 |
| * sm-malloc.cc (free_of_non_heap::describe_state_change): |
| Bulletproof against change.m_expr being NULL. |
| |
| 2021-04-13 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/98599 |
| * supergraph.cc (saved_uids::make_uid_unique): New. |
| (saved_uids::restore_uids): New. |
| (supergraph::supergraph): Replace assignments to stmt->uid with |
| calls to m_stmt_uids.make_uid_unique. |
| (supergraph::~supergraph): New. |
| * supergraph.h (class saved_uids): New. |
| (supergraph::~supergraph): New decl. |
| (supergraph::m_stmt_uids): New field. |
| |
| 2021-04-10 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/100011 |
| * region-model.cc (region_model::on_assignment): Avoid NULL |
| dereference if ctxt is NULL when assigning from a STRING_CST. |
| |
| 2021-04-08 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/99042 |
| PR analyzer/99774 |
| * engine.cc |
| (impl_region_model_context::impl_region_model_context): Add |
| uncertainty param and use it to initialize m_uncertainty. |
| (impl_region_model_context::get_uncertainty): New. |
| (impl_sm_context::get_fndecl_for_call): Add NULL for new |
| uncertainty param when constructing impl_region_model_context. |
| (impl_sm_context::get_state): Likewise. |
| (impl_sm_context::set_next_state): Likewise. |
| (impl_sm_context::warn): Likewise. |
| (exploded_node::on_stmt): Add uncertainty param |
| and use it when constructing impl_region_model_context. |
| (exploded_node::on_edge): Add uncertainty param and pass |
| to on_edge call. |
| (exploded_node::detect_leaks): Create uncertainty_t and pass to |
| impl_region_model_context. |
| (exploded_graph::get_or_create_node): Create uncertainty_t and |
| pass to prune_for_point. |
| (maybe_process_run_of_before_supernode_enodes): Create |
| uncertainty_t and pass to impl_region_model_context. |
| (exploded_graph::process_node): Create uncertainty_t instances and |
| pass around as needed. |
| * exploded-graph.h |
| (impl_region_model_context::impl_region_model_context): Add |
| uncertainty param. |
| (impl_region_model_context::get_uncertainty): New decl. |
| (impl_region_model_context::m_uncertainty): New field. |
| (exploded_node::on_stmt): Add uncertainty param. |
| (exploded_node::on_edge): Likewise. |
| * program-state.cc (sm_state_map::on_liveness_change): Get |
| uncertainty from context and use it to unset sm-state from |
| svalues as appropriate. |
| (program_state::on_edge): Add uncertainty param and use it when |
| constructing impl_region_model_context. Fix indentation. |
| (program_state::prune_for_point): Add uncertainty param and use it |
| when constructing impl_region_model_context. |
| (program_state::detect_leaks): Get any uncertainty from ctxt and |
| use it to get maybe-live svalues for dest_state, rather than |
| definitely-live ones; use this when determining which svalues |
| have leaked. |
| (selftest::test_program_state_merging): Create uncertainty_t and |
| pass to impl_region_model_context. |
| * program-state.h (program_state::on_edge): Add uncertainty param. |
| (program_state::prune_for_point): Likewise. |
| * region-model-impl-calls.cc (call_details::get_uncertainty): New. |
| (region_model::impl_call_memcpy): Pass uncertainty to |
| mark_region_as_unknown call. |
| (region_model::impl_call_memset): Likewise. |
| (region_model::impl_call_strcpy): Likewise. |
| * region-model-reachability.cc (reachable_regions::handle_sval): |
| Also add sval to m_mutable_svals. |
| * region-model.cc (region_model::on_assignment): Pass any |
| uncertainty from ctxt to the store::set_value call. |
| (region_model::handle_unrecognized_call): Get any uncertainty from |
| ctxt and use it to record mutable svalues at the unknown call. |
| (region_model::get_reachable_svalues): Add uncertainty param and |
| use it to mark any maybe-bound svalues as being reachable. |
| (region_model::set_value): Pass any uncertainty from ctxt to the |
| store::set_value call. |
| (region_model::mark_region_as_unknown): Add uncertainty param and |
| pass it on to the store::mark_region_as_unknown call. |
| (region_model::update_for_call_summary): Add uncertainty param and |
| pass it on to the region_model::mark_region_as_unknown call. |
| * region-model.h (call_details::get_uncertainty): New decl. |
| (region_model::get_reachable_svalues): Add uncertainty param. |
| (region_model::mark_region_as_unknown): Add uncertainty param. |
| (region_model_context::get_uncertainty): New vfunc. |
| (noop_region_model_context::get_uncertainty): New vfunc |
| implementation. |
| * store.cc (dump_svalue_set): New. |
| (uncertainty_t::dump_to_pp): New. |
| (uncertainty_t::dump): New. |
| (binding_cluster::clobber_region): Pass NULL for uncertainty to |
| remove_overlapping_bindings. |
| (binding_cluster::mark_region_as_unknown): Add uncertainty param |
| and pass it to remove_overlapping_bindings. |
| (binding_cluster::remove_overlapping_bindings): Add uncertainty param. |
| Use it to record any svalues that were in clobbered bindings. |
| (store::set_value): Add uncertainty param. Pass it to |
| binding_cluster::mark_region_as_unknown when handling symbolic |
| regions. |
| (store::mark_region_as_unknown): Add uncertainty param and pass it |
| to binding_cluster::mark_region_as_unknown. |
| (store::remove_overlapping_bindings): Add uncertainty param and |
| pass it to binding_cluster::remove_overlapping_bindings. |
| * store.h (binding_cluster::mark_region_as_unknown): Add |
| uncertainty param. |
| (binding_cluster::remove_overlapping_bindings): Likewise. |
| (store::set_value): Likewise. |
| (store::mark_region_as_unknown): Likewise. |
| |
| 2021-04-05 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/99906 |
| * analyzer.cc (maybe_reconstruct_from_def_stmt): Fix NULL |
| dereference on calls with zero arguments. |
| * sm-malloc.cc (malloc_state_machine::on_stmt): When handling |
| __attribute__((nonnull)), only call get_diagnostic_tree if the |
| result will be used. |
| |
| 2021-04-05 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/99886 |
| * diagnostic-manager.cc |
| (diagnostic_manager::prune_interproc_events): Use signed integers |
| when subtracting one from path->num_events (). |
| (diagnostic_manager::consolidate_conditions): Likewise. Convert |
| next_idx to a signed int. |
| |
| 2021-04-01 David Malcolm <dmalcolm@redhat.com> |
| |
| * diagnostic-manager.cc (diagnostic_manager::add_diagnostic): Make |
| enode param non-constant, and call add_diagnostic on it. Add |
| enode index to log message. |
| (diagnostic_manager::add_diagnostic): Make enode param |
| non-constant. |
| * diagnostic-manager.h (diagnostic_manager::add_diagnostic): |
| Likewise for both decls. |
| * engine.cc |
| (impl_region_model_context::impl_region_model_context): Likewise |
| for enode_for_diag. |
| (impl_sm_context::impl_sm_context): Likewise. |
| (impl_sm_context::m_enode_for_diag): Likewise. |
| (exploded_node::dump_dot): Don't pass the diagnostic manager |
| to dump_saved_diagnostics. |
| (exploded_node::dump_saved_diagnostics): Drop param. Iterate |
| directly through all saved diagnostics for the enode, rather |
| than all saved diagnostics in the diagnostic_manager and |
| filtering. |
| (exploded_node::on_stmt): Make non-const. |
| (exploded_node::on_edge): Likewise. |
| (exploded_node::on_longjmp): Likewise. |
| (exploded_node::detect_leaks): Likewise. |
| (exploded_graph::get_or_create_node): Make enode_for_diag param |
| non-const. |
| (exploded_graph_annotator::print_enode): Iterate |
| directly through all saved diagnostics for the enode, rather |
| than all saved diagnostics in the diagnostic_manager and |
| filtering. |
| * exploded-graph.h |
| (impl_region_model_context::impl_region_model_context): Make |
| enode_for_diag param non-constant. |
| (impl_region_model_context::m_enode_for_diag): Likewise. |
| (exploded_node::dump_saved_diagnostics): Drop param. |
| (exploded_node::on_stmt): Make non-const. |
| (exploded_node::on_edge): Likewise. |
| (exploded_node::on_longjmp): Likewise. |
| (exploded_node::detect_leaks): Likewise. |
| (exploded_node::add_diagnostic): New. |
| (exploded_node::get_num_diagnostics): New. |
| (exploded_node::get_saved_diagnostic): New. |
| (exploded_node::m_saved_diagnostics): New. |
| (exploded_graph::get_or_create_node): Make enode_for_diag param |
| non-constant. |
| * feasible-graph.cc (feasible_node::dump_dot): Drop |
| diagnostic_manager from call to dump_saved_diagnostics. |
| * program-state.cc (program_state::on_edge): Convert enode param |
| to non-const pointer. |
| (program_state::prune_for_point): Likewise for enode_for_diag |
| param. |
| * program-state.h (program_state::on_edge): Convert enode param |
| to non-const pointer. |
| (program_state::prune_for_point): Likewise for enode_for_diag |
| param. |
| |
| 2021-03-31 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/99771 |
| * analyzer.cc (maybe_reconstruct_from_def_stmt): New. |
| (fixup_tree_for_diagnostic_1): New. |
| (fixup_tree_for_diagnostic): New. |
| * analyzer.h (fixup_tree_for_diagnostic): New decl. |
| * checker-path.cc (call_event::get_desc): Call |
| fixup_tree_for_diagnostic and use it for the call_with_state call. |
| (warning_event::get_desc): Likewise for the final_event and |
| make_label_text calls. |
| * engine.cc (impl_region_model_context::on_state_leak): Likewise |
| for the on_leak and add_diagnostic calls. |
| * region-model.cc (region_model::get_representative_tree): |
| Likewise for the result. |
| |
| 2021-03-30 David Malcolm <dmalcolm@redhat.com> |
| |
| * region.h (region::dump_to_pp): Remove old decl. |
| |
| 2021-03-30 David Malcolm <dmalcolm@redhat.com> |
| |
| * sm-file.cc (fileptr_state_machine::on_stmt): Only call |
| get_diagnostic_tree if the result will be used. |
| * sm-malloc.cc (malloc_state_machine::on_stmt): Likewise. |
| (malloc_state_machine::on_deallocator_call): Likewise. |
| (malloc_state_machine::on_realloc_call): Likewise. |
| (malloc_state_machine::on_realloc_call): Likewise. |
| * sm-sensitive.cc |
| (sensitive_state_machine::warn_for_any_exposure): Likewise. |
| * sm-taint.cc (taint_state_machine::on_stmt): Likewise. |
| |
| 2021-03-25 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/93695 |
| PR analyzer/99044 |
| PR analyzer/99716 |
| * engine.cc (exploded_node::on_stmt): Clear sm-state involving |
| an SSA name at the def-stmt of that SSA name. |
| * program-state.cc (sm_state_map::purge_state_involving): New. |
| * program-state.h (sm_state_map::purge_state_involving): New decl. |
| * region-model.cc (selftest::test_involves_p): New. |
| (selftest::analyzer_region_model_cc_tests): Call it. |
| * svalue.cc (class involvement_visitor): New class |
| (svalue::involves_p): New. |
| * svalue.h (svalue::involves_p): New decl. |
| |
| 2021-03-19 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/99614 |
| * diagnostic-manager.cc (class epath_finder): Add |
| DISABLE_COPY_AND_ASSIGN. |
| |
| 2021-03-15 Martin Liska <mliska@suse.cz> |
| |
| * sm-file.cc (get_file_using_fns): Add missing comma in initializer. |
| |
| 2021-03-11 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/96374 |
| * analyzer.opt (-param=analyzer-max-infeasible-edges=): New param. |
| (fdump-analyzer-feasibility): New flag. |
| * diagnostic-manager.cc: Include "analyzer/trimmed-graph.h" and |
| "analyzer/feasible-graph.h". |
| (epath_finder::epath_finder): Convert m_sep to a pointer and |
| only create it if !flag_analyzer_feasibility. |
| (epath_finder::~epath_finder): New. |
| (epath_finder::m_sep): Convert to a pointer. |
| (epath_finder::get_best_epath): Add param "diag_idx" and use it |
| when logging. Rather than finding the shortest path and then |
| checking feasibility, instead use explore_feasible_paths unless |
| !flag_analyzer_feasibility, in which case simply use the shortest |
| path, and note if it is infeasible. Update for m_sep becoming a |
| pointer. |
| (class feasible_worklist): New. |
| (epath_finder::explore_feasible_paths): New. |
| (epath_finder::process_worklist_item): New. |
| (class dump_eg_with_shortest_path): New. |
| (epath_finder::dump_trimmed_graph): New. |
| (epath_finder::dump_feasible_graph): New. |
| (saved_diagnostic::saved_diagnostic): Add "idx" param, using it |
| on new field m_idx. |
| (saved_diagnostic::to_json): Dump m_idx. |
| (saved_diagnostic::calc_best_epath): Pass m_idx to get_best_epath. |
| Remove assertion that m_problem was set when m_best_epath is NULL. |
| (diagnostic_manager::add_diagnostic): Pass an index when created |
| saved_diagnostic instances. |
| * diagnostic-manager.h (saved_diagnostic::saved_diagnostic): Add |
| "idx" param. |
| (saved_diagnostic::get_index): New accessor. |
| (saved_diagnostic::m_idx): New field. |
| * engine.cc (exploded_node::dump_dot): Call args.dump_extra_info. |
| Move code to... |
| (exploded_node::dump_processed_stmts): ...this new function and... |
| (exploded_node::dump_saved_diagnostics): ...this new function. |
| Add index of each diagnostic. |
| (exploded_edge::dump_dot): Move bulk of code to... |
| (exploded_edge::dump_dot_label): ...this new function. |
| * exploded-graph.h (eg_traits::dump_args_t::dump_extra_info): New |
| vfunc. |
| (exploded_node::dump_processed_stmts): New decl. |
| (exploded_node::dump_saved_diagnostics): New decl. |
| (exploded_edge::dump_dot_label): New decl. |
| * feasible-graph.cc: New file. |
| * feasible-graph.h: New file. |
| * trimmed-graph.cc: New file. |
| * trimmed-graph.h: New file. |
| |
| 2021-03-11 David Malcolm <dmalcolm@redhat.com> |
| |
| * diagnostic-manager.cc (epath_finder::epath_finder): |
| Update shortest_paths init for new param. |
| |
| 2021-03-10 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/96374 |
| * engine.cc (exploded_path::feasible_p): Move "snodes_visited" and |
| "model" locals into a new class feasibility_state. Move heart |
| of per-edge processing into |
| feasibility_state::maybe_update_for_edge. |
| (feasibility_state::feasibility_state): New. |
| (feasibility_state::maybe_update_for_edge): New, based on loop |
| body in exploded_path::feasible_p. |
| * exploded-graph.h (class feasibility_state): New. |
| |
| 2021-03-10 David Malcolm <dmalcolm@redhat.com> |
| |
| * supergraph.h |
| (callgraph_superedge::dyn_cast_callgraph_superedge): New. |
| (call_superedge::dyn_cast_callgraph_superedge): Delete. |
| (return_superedge::dyn_cast_callgraph_superedge): Delete. |
| |
| 2021-03-02 Martin Liska <mliska@suse.cz> |
| |
| * diagnostic-manager.cc (diagnostic_manager::emit_saved_diagnostics): |
| Do not pass engine. |
| |
| 2021-02-26 David Malcolm <dmalcolm@redhat.com> |
| |
| * engine.cc (exploded_path::exploded_path): New copy-ctor. |
| * exploded-graph.h (exploded_path::operator=): Drop decl. |
| |
| 2021-02-26 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/96374 |
| * diagnostic-manager.cc (class epath_finder): New. |
| (epath_finder::get_best_epath): New. |
| (saved_diagnostic::saved_diagnostic): Update for replacement of |
| m_state and m_epath_length with m_best_epath. |
| (saved_diagnostic::~saved_diagnostic): Delete m_best_epath. |
| (saved_diagnostic::to_json): Update "path_length" to be optional. |
| (saved_diagnostic::calc_best_epath): New, based on |
| dedupe_winners::add and parts of dedupe_key::dedupe_key. |
| (saved_diagnostic::get_epath_length): New. |
| (saved_diagnostic::add_duplicate): New. |
| (dedupe_key::dedupe_key): Drop epath param. Move invocation of |
| stmt_finder to saved_diagnostic::calc_best_epath. |
| (class dedupe_candidate): Delete. |
| (class dedupe_hash_map_traits): Update to use saved_diagnotic * |
| rather than dedupe_candidate * as the value_type/compare_type. |
| (dedupe_winners::~dedupe_winners): Don't delete the values. |
| (dedupe_winners::add): Convert param from shortest_exploded_paths to |
| epath_finder. Drop "eg" param. Drop dedupe_candidate, moving |
| path generation and feasiblity checking to |
| epath_finder::get_best_epath. Update winner-selection for move |
| of epaths from dedupe_candidate to saved_diagnostic. |
| (dedupe_winners::emit_best): Update for removal of class |
| dedupe_candidate. |
| (dedupe_winners::map_t): Update to use saved_diagnotic * rather |
| than dedupe_candidate * as the value_type/compare_type. |
| (diagnostic_manager::emit_saved_diagnostics): Move |
| shortest_exploded_paths instance into epath_finder and pass that |
| around instead. |
| (diagnostic_manager::emit_saved_diagnostic): Drop epath, stmt |
| and num_dupes params, instead getting these from the |
| saved_diagnostic. Use correct location in inform_n call. |
| * diagnostic-manager.h (class epath_finder): New forward decl. |
| (saved_diagnostic::status): Drop enum. |
| (saved_diagnostic::set_feasible): Drop. |
| (saved_diagnostic::set_infeasible): Drop. |
| (saved_diagnostic::get_status): Drop. |
| (saved_diagnostic::calc_best_epath): New decl. |
| (saved_diagnostic::get_best_epath): New decl. |
| (saved_diagnostic::get_epath_length): New decl. |
| (saved_diagnostic::set_epath_length): Drop. |
| (saved_diagnostic::get_epath_length): Drop inline implementation. |
| (saved_diagnostic::add_duplicate): New. |
| (saved_diagnostic::get_num_dupes): New. |
| (saved_diagnostic::m_d): Document ownership. |
| (saved_diagnostic::m_trailing_eedge): Make const. |
| (saved_diagnostic::m_status): Drop field. |
| (saved_diagnostic::m_epath_length): Drop field. |
| (saved_diagnostic::m_best_epath): New field. |
| (saved_diagnostic::m_problem): Document ownership. |
| (saved_diagnostic::m_duplicates): New field. |
| (diagnostic_manager::emit_saved_diagnostic): Drop params epath, |
| stmt, and num_dupes. |
| * engine.cc (exploded_graph_annotator::print_saved_diagnostic): |
| Update for changes to saved_diagnostic class. |
| * exploded-graph.h (exploded_path::feasible_p): Drop unused |
| overloaded decl. |
| |
| 2021-02-25 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/99193 |
| * region-model-impl-calls.cc (region_model::impl_call_realloc): New. |
| * region-model.cc (region_model::on_call_pre): Call it. |
| * region-model.h (region_model::impl_call_realloc): New decl. |
| * sm-malloc.cc (enum wording): Add WORDING_REALLOCATED. |
| (malloc_state_machine::m_realloc): New field. |
| (use_after_free::describe_state_change): Add case for |
| WORDING_REALLOCATED. |
| (use_after_free::describe_final_event): Likewise. |
| (malloc_state_machine::malloc_state_machine): Initialize |
| m_realloc. |
| (malloc_state_machine::on_stmt): Handle realloc by calling... |
| (malloc_state_machine::on_realloc_call): New. |
| |
| 2021-02-22 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/99196 |
| * engine.cc (exploded_node::on_stmt): Provide terminate_path |
| flag as a way for on_call_pre to terminate the current analysis |
| path. |
| * region-model-impl-calls.cc (call_details::num_args): New. |
| (region_model::impl_call_error): New. |
| * region-model.cc (region_model::on_call_pre): Add param |
| "out_terminate_path". Handle "error" and "error_at_line". |
| * region-model.h (call_details::num_args): New decl. |
| (region_model::on_call_pre): Add param "out_terminate_path". |
| (region_model::impl_call_error): New decl. |
| |
| 2021-02-17 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/98969 |
| * constraint-manager.cc (dead_svalue_purger::should_purge_p): |
| Update for change to svalue::live_p. |
| * program-state.cc (sm_state_map::on_liveness_change): Likewise. |
| (program_state::detect_leaks): Likewise. |
| * region-model-reachability.cc (reachable_regions::init_cluster): |
| When dealing with a symbolic region, if the underlying pointer is |
| implicitly live, add the region to the reachable regions. |
| * region-model.cc (region_model::compare_initial_and_pointer): |
| Move logic for detecting initial values of params to |
| initial_svalue::initial_value_of_param_p. |
| * svalue.cc (svalue::live_p): Convert "live_svalues" from a |
| reference to a pointer; support it being NULL. |
| (svalue::implicitly_live_p): Convert first param from a |
| refererence to a pointer. |
| (region_svalue::implicitly_live_p): Likewise. |
| (constant_svalue::implicitly_live_p): Likewise. |
| (initial_svalue::implicitly_live_p): Likewise. Treat the initial |
| values of params for the top level frame as still live. |
| (initial_svalue::initial_value_of_param_p): New function, taken |
| from a test in region_model::compare_initial_and_pointer. |
| (unaryop_svalue::implicitly_live_p): Convert first param from a |
| refererence to a pointer. |
| (binop_svalue::implicitly_live_p): Likewise. |
| (sub_svalue::implicitly_live_p): Likewise. |
| (unmergeable_svalue::implicitly_live_p): Likewise. |
| * svalue.h (svalue::live_p): Likewise. |
| (svalue::implicitly_live_p): Likewise. |
| (region_svalue::implicitly_live_p): Likewise. |
| (constant_svalue::implicitly_live_p): Likewise. |
| (initial_svalue::implicitly_live_p): Likewise. |
| (initial_svalue::initial_value_of_param_p): New decl. |
| (unaryop_svalue::implicitly_live_p): Convert first param from a |
| refererence to a pointer. |
| (binop_svalue::implicitly_live_p): Likewise. |
| (sub_svalue::implicitly_live_p): Likewise. |
| (unmergeable_svalue::implicitly_live_p): Likewise. |
| |
| 2021-02-12 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/98969 |
| * engine.cc (readability): Add names for the various arbitrary |
| values. Handle NOP_EXPR and INTEGER_CST. |
| (readability_comparator): Combine the readability tests for |
| tree and stack depth, rather than performing them sequentially. |
| (impl_region_model_context::on_state_leak): Strip off top-level |
| casts. |
| * region-model.cc (region_model::get_representative_path_var): Add |
| type-checking, moving the bulk of the implementation to... |
| (region_model::get_representative_path_var_1): ...here. Respect |
| types in casts by recursing and re-adding the cast, rather than |
| merely stripping them off. Use the correct type when handling |
| region_svalue. |
| (region_model::get_representative_tree): Strip off any top-level |
| cast. |
| (region_model::get_representative_path_var): Add type-checking, |
| moving the bulk of the implementation to... |
| (region_model::get_representative_path_var_1): ...here. |
| * region-model.h (region_model::get_representative_path_var_1): |
| New decl |
| (region_model::get_representative_path_var_1): New decl. |
| * store.cc (append_pathvar_with_type): New. |
| (binding_cluster::get_representative_path_vars): Cast path_vars |
| to the correct type when adding them to *OUT_PVS. |
| |
| 2021-02-09 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/98575 |
| * sm-file.cc (is_file_using_fn_p): Support "_IO_"-prefixed |
| variants. |
| |
| 2021-02-09 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/98575 |
| * store.cc (store::set_value): Treat a pointer written to *UNKNOWN |
| as having escaped. |
| |
| 2021-02-02 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/93355 |
| PR analyzer/96374 |
| * engine.cc (toplevel_function_p): Simplify so that |
| we only reject functions with a "__analyzer_" prefix. |
| (add_any_callbacks): Delete. |
| (exploded_graph::build_initial_worklist): Update for |
| dropped param of toplevel_function_p. |
| (exploded_graph::build_initial_worklist): Don't bother |
| looking for callbacks that are reachable from global |
| initializers. |
| |
| 2021-02-01 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/98918 |
| * region-model-manager.cc |
| (region_model_manager::get_or_create_initial_value): |
| Fold the initial value of *UNKNOWN_PTR to an UNKNOWN value. |
| (region_model_manager::get_field_region): Fold the value |
| of UNKNOWN_PTR->FIELD to *UNKNOWN_PTR_OF_&FIELD_TYPE. |
| |
| 2021-01-29 David Malcolm <dmalcolm@redhat.com> |
| |
| * checker-path.cc (event_kind_to_string): Handle |
| EK_START_CONSOLIDATED_CFG_EDGES and |
| EK_END_CONSOLIDATED_CFG_EDGES. |
| (start_consolidated_cfg_edges_event::get_desc): New. |
| (checker_path::cfg_edge_pair_at_p): New. |
| * checker-path.h (enum event_kind): Add |
| EK_START_CONSOLIDATED_CFG_EDGES and |
| EK_END_CONSOLIDATED_CFG_EDGES. |
| (class start_consolidated_cfg_edges_event): New class. |
| (class end_consolidated_cfg_edges_event): New class. |
| (checker_path::delete_events): New. |
| (checker_path::replace_event): New. |
| (checker_path::cfg_edge_pair_at_p): New decl. |
| * diagnostic-manager.cc (diagnostic_manager::prune_path): Call |
| consolidate_conditions. |
| (same_line_as_p): New. |
| (diagnostic_manager::consolidate_conditions): New. |
| * diagnostic-manager.h |
| (diagnostic_manager::consolidate_conditions): New decl. |
| |
| 2021-01-18 David Malcolm <dmalcolm@redhat.com> |
| |
| * analyzer.h (is_std_named_call_p): New decl. |
| * diagnostic-manager.cc (path_builder::get_sm): New. |
| (state_change_event_creator::state_change_event_creator): Add "pb" |
| param. |
| (state_change_event_creator::on_global_state_change): Don't consider |
| state changes affecting other state_machines. |
| (state_change_event_creator::on_state_change): Likewise. |
| (state_change_event_creator::m_pb): New field. |
| (diagnostic_manager::add_events_for_eedge): Pass pb to visitor |
| ctor. |
| * region-model-impl-calls.cc |
| (region_model::impl_deallocation_call): New. |
| * region-model.cc: Include "attribs.h". |
| (region_model::on_call_post): Handle fndecls referenced by |
| __attribute__((deallocated_by(FOO))). |
| * region-model.h (region_model::impl_deallocation_call): New decl. |
| * sm-malloc.cc: Include "stringpool.h" and "attribs.h". Add |
| leading comment. |
| (class api): Delete. |
| (enum resource_state): Update comment for change from api to |
| deallocator and deallocator_set. |
| (allocation_state::allocation_state): Drop api param. Add |
| "deallocators" and "deallocator". |
| (allocation_state::m_api): Drop field in favor of... |
| (allocation_state::m_deallocators): New field. |
| (allocation_state::m_deallocator): New field. |
| (enum wording): Add WORDING_DEALLOCATED. |
| (struct deallocator): New. |
| (struct standard_deallocator): New. |
| (struct custom_deallocator): New. |
| (struct deallocator_set): New. |
| (struct custom_deallocator_set): New. |
| (struct standard_deallocator_set): New. |
| (struct deallocator_set_map_traits): New. |
| (malloc_state_machine::m_malloc): Drop field |
| (malloc_state_machine::m_scalar_new): Likewise. |
| (malloc_state_machine::m_vector_new): Likewise. |
| (malloc_state_machine::m_free): New field |
| (malloc_state_machine::m_scalar_delete): Likewise. |
| (malloc_state_machine::m_vector_delete): Likewise. |
| (malloc_state_machine::deallocator_map_t): New typedef. |
| (malloc_state_machine::m_deallocator_map): New field. |
| (malloc_state_machine::deallocator_set_cache_t): New typedef. |
| (malloc_state_machine::m_custom_deallocator_set_cache): New field. |
| (malloc_state_machine::custom_deallocator_set_map_t): New typedef. |
| (malloc_state_machine::m_custom_deallocator_set_map): New field. |
| (malloc_state_machine::m_dynamic_sets): New field. |
| (malloc_state_machine::m_dynamic_deallocators): New field. |
| (api::api): Delete. |
| (deallocator::deallocator): New ctor. |
| (deallocator::hash): New. |
| (deallocator::dump_to_pp): New. |
| (deallocator::cmp): New. |
| (deallocator::cmp_ptr_ptr): New. |
| (standard_deallocator::standard_deallocator): New ctor. |
| (deallocator_set::deallocator_set): New ctor. |
| (deallocator_set::dump): New. |
| (custom_deallocator_set::custom_deallocator_set): New ctor. |
| (custom_deallocator_set::contains_p): New. |
| (custom_deallocator_set::maybe_get_single): New. |
| (custom_deallocator_set::dump_to_pp): New. |
| (standard_deallocator_set::standard_deallocator_set): New ctor. |
| (standard_deallocator_set::contains_p): New. |
| (standard_deallocator_set::maybe_get_single): New. |
| (standard_deallocator_set::dump_to_pp): New. |
| (start_p): New. |
| (class mismatching_deallocation): Update for conversion from api |
| to deallocator_set and deallocator. |
| (double_free::emit): Use %qs. |
| (class use_after_free): Update for conversion from api to |
| deallocator_set and deallocator. |
| (malloc_leak::describe_state_change): Only emit "allocated here" on |
| a start->nonnull transition, rather than on other transitions to |
| nonnull. |
| (allocation_state::dump_to_pp): Update for conversion from api to |
| deallocator_set. |
| (allocation_state::get_nonnull): Likewise. |
| (malloc_state_machine::malloc_state_machine): Likewise. |
| (malloc_state_machine::~malloc_state_machine): New. |
| (malloc_state_machine::add_state): Update for conversion from api |
| to deallocator_set. |
| (malloc_state_machine::get_or_create_custom_deallocator_set): New. |
| (malloc_state_machine::maybe_create_custom_deallocator_set): New. |
| (malloc_state_machine::get_or_create_deallocator): New. |
| (malloc_state_machine::on_stmt): Update for conversion from api |
| to deallocator_set. Handle "__attribute__((malloc(FOO)))", and |
| the special attribute set on FOO. |
| (malloc_state_machine::on_allocator_call): Update for conversion |
| from api to deallocator_set. Add "returns_nonnull" param and use |
| it to affect which state to transition to. |
| (malloc_state_machine::on_deallocator_call): Update for conversion |
| from api to deallocator_set. |
| |
| 2021-01-14 David Malcolm <dmalcolm@redhat.com> |
| |
| * engine.cc (strongly_connected_components::to_json): New. |
| (worklist::to_json): New. |
| (exploded_graph::to_json): JSON-ify the worklist. |
| * exploded-graph.h (strongly_connected_components::to_json): New |
| decl. |
| (worklist::to_json): New decl. |
| * store.cc (store::to_json): Fix comment. |
| * supergraph.cc (supernode::to_json): Fix reference to |
| "returning_call" in comment. Add optional "fun" to JSON. |
| (edge_kind_to_string): New. |
| (superedge::to_json): Add "kind" to JSON. |
| |
| 2021-01-14 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/98679 |
| * analyzer.h (region_offset::operator==): Make const. |
| * pending-diagnostic.h (pending_diagnostic::equal_p): Likewise. |
| * store.h (binding_cluster::for_each_value): Likewise. |
| (binding_cluster::for_each_binding): Likewise. |
| |
| 2021-01-12 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/98628 |
| * store.cc (binding_cluster::make_unknown_relative_to): Don't mark |
| dereferenced unknown pointers as having escaped. |
| |
| 2021-01-07 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/98580 |
| * region.cc (decl_region::get_svalue_for_initializer): Gracefully |
| handle when LTO writes out DECL_INITIAL as error_mark_node. |
| |
| 2021-01-07 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/97074 |
| * store.cc (binding_cluster::can_merge_p): Add "out_store" param |
| and pass to calls to binding_cluster::make_unknown_relative_to. |
| (binding_cluster::make_unknown_relative_to): Add "out_store" |
| param. Use it to mark base regions that are pointed to by |
| pointers that become unknown as having escaped. |
| (store::can_merge_p): Pass out_store to |
| binding_cluster::can_merge_p. |
| * store.h (binding_cluster::can_merge_p): Add "out_store" param. |
| (binding_cluster::make_unknown_relative_to): Likewise. |
| * svalue.cc (region_svalue::implicitly_live_p): New vfunc. |
| * svalue.h (region_svalue::implicitly_live_p): New vfunc decl. |
| |
| 2021-01-07 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/98564 |
| * engine.cc (exploded_path::feasible_p): Add missing call to |
| bitmap_clear. |
| |
| 2021-01-06 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/97072 |
| * region-model-reachability.cc (reachable_regions::init_cluster): |
| Convert symbolic region handling to a switch statement. Add cases |
| to handle SK_UNKNOWN and SK_CONJURED. |
| |
| 2021-01-05 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/98293 |
| * store.cc (binding_map::apply_ctor_to_region): When "index" is |
| NULL, iterate through the fields for RECORD_TYPEs, rather than |
| creating an INTEGER_CST index. |
| |
| 2020-11-30 David Malcolm <dmalcolm@redhat.com> |
| |
| * analyzer-pass.cc: Include "analyzer/analyzer.h" for the |
| declaration of sorry_no_analyzer; include "tree.h" and |
| "function.h" as these are needed by it. |
| |
| 2020-11-30 David Malcolm <dmalcolm@redhat.com> |
| |
| * analyzer-pass.cc (pass_analyzer::execute): Move sorry call to... |
| (sorry_no_analyzer): New. |
| * analyzer.h (class state_machine): New forward decl. |
| (class logger): New forward decl. |
| (class plugin_analyzer_init_iface): New. |
| (sorry_no_analyzer): New decl. |
| * checker-path.cc (checker_path::fixup_locations): New. |
| * checker-path.h (checker_event::set_location): New. |
| (checker_path::fixup_locations): New decl. |
| * diagnostic-manager.cc |
| (diagnostic_manager::emit_saved_diagnostic): Call |
| checker_path::fixup_locations, and call fixup_location |
| on the primary location. |
| * engine.cc: Include "plugin.h". |
| (class plugin_analyzer_init_impl): New. |
| (impl_run_checkers): Invoke PLUGIN_ANALYZER_INIT callbacks. |
| * pending-diagnostic.h (pending_diagnostic::fixup_location): New |
| vfunc. |
| |
| 2020-11-18 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/97893 |
| * sm-malloc.cc (null_deref::emit): Use CWE-476 rather than |
| CWE-690, as this isn't due to an unchecked return value. |
| (null_arg::emit): Likewise. |
| |
| 2020-11-12 David Malcolm <dmalcolm@redhat.com> |
| |
| * checker-path.h (checker_event::get_id_ptr): New. |
| * diagnostic-manager.cc (path_builder::path_builder): Add "sd" |
| param and use it to initialize new field "m_sd". |
| (path_builder::get_pending_diagnostic): New. |
| (path_builder::m_sd): New field. |
| (diagnostic_manager::emit_saved_diagnostic): Pass sd to |
| path_builder ctor. |
| (diagnostic_manager::add_events_for_superedge): Call new |
| maybe_add_custom_events_for_superedge vfunc. |
| * engine.cc (stale_jmp_buf::stale_jmp_buf): Add "setjmp_point" |
| param and use it to initialize new field "m_setjmp_point". |
| Initialize new field "m_stack_pop_event". |
| (stale_jmp_buf::maybe_add_custom_events_for_superedge): New vfunc |
| implementation. |
| (stale_jmp_buf::describe_final_event): New vfunc implementation. |
| (stale_jmp_buf::m_setjmp_point): New field. |
| (stale_jmp_buf::m_stack_pop_event): New field. |
| (exploded_node::on_longjmp): Pass setjmp_point to stale_jmp_buf |
| ctor. |
| * pending-diagnostic.h |
| (pending_diagnostic::maybe_add_custom_events_for_superedge): New |
| vfunc. |
| |
| 2020-11-12 David Malcolm <dmalcolm@redhat.com> |
| |
| PR tree-optimization/97424 |
| * analyzer.opt (Wanalyzer-shift-count-negative): New. |
| (Wanalyzer-shift-count-overflow): New. |
| * region-model.cc (class shift_count_negative_diagnostic): New. |
| (class shift_count_overflow_diagnostic): New. |
| (region_model::get_gassign_result): Complain about shift counts that |
| are negative or are >= the operand's type's width. |
| |
| 2020-11-10 Martin Liska <mliska@suse.cz> |
| |
| * constraint-manager.cc (constraint_manager::merge): Remove |
| unused code. |
| * constraint-manager.h: Likewise. |
| * program-state.cc (sm_state_map::sm_state_map): Likewise. |
| (program_state::program_state): Likewise. |
| (test_sm_state_map): Likewise. |
| * program-state.h: Likewise. |
| * region-model-reachability.cc (reachable_regions::reachable_regions): Likewise. |
| * region-model-reachability.h: Likewise. |
| * region-model.cc (region_model::handle_unrecognized_call): Likewise. |
| (region_model::get_reachable_svalues): Likewise. |
| (region_model::can_merge_with_p): Likewise. |
| |
| 2020-11-05 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/97668 |
| * svalue.cc (cmp_cst): Handle COMPLEX_CST. |
| |
| 2020-10-29 David Malcolm <dmalcolm@redhat.com> |
| |
| * program-state.cc (sm_state_map::on_liveness_change): Sort the |
| leaking svalues before calling on_state_leak. |
| (program_state::detect_leaks): Likewise when calling |
| on_svalue_leak. |
| * region-model-reachability.cc |
| (reachable_regions::mark_escaped_clusters): Likewise when |
| calling on_escaped_function. |
| |
| 2020-10-29 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/97608 |
| * region-model-reachability.cc (reachable_regions::handle_sval): |
| Operands of reachable reversible operations are reachable. |
| |
| 2020-10-29 David Malcolm <dmalcolm@redhat.com> |
| |
| * analyzer.h (class state_machine): New forward decl. |
| (class logger): Likewise. |
| (class visitor): Likewise. |
| * complexity.cc: New file, taken from svalue.cc. |
| * complexity.h: New file, taken from region-model.h. |
| * region-model.h: Include "analyzer/svalue.h" and |
| "analyzer/region.h". Move struct complexity to complexity.h. |
| Move svalue, its subclasses and supporting decls to svalue.h. |
| Move region, its subclasses and supporting decls to region.h. |
| * region.cc: Include "analyzer/region.h". |
| (symbolic_region::symbolic_region): Move here from region-model.h. |
| * region.h: New file, based on material from region-model.h. |
| * svalue.cc: Include "analyzer/svalue.h". |
| (complexity::complexity): Move to complexity.cc. |
| (complexity::from_pair): Likewise. |
| * svalue.h: New file, based on material from region-model.h. |
| |
| 2020-10-29 David Malcolm <dmalcolm@redhat.com> |
| |
| * program-state.cc (sm_state_map::print): Guard the printing of |
| the origin pointer with !flag_dump_noaddr. |
| * region.cc (string_region::dump_to_pp): Likewise for |
| m_string_cst. |
| |
| 2020-10-27 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/97568 |
| * region-model.cc (region_model::get_initial_value_for_global): |
| Move check that !DECL_EXTERNAL from here to... |
| * region.cc (decl_region::get_svalue_for_initializer): ...here, |
| using it to reject zero initialization. |
| |
| 2020-10-27 Markus Böck <markus.boeck02@gmail.com> |
| |
| PR analyzer/96608 |
| * store.h (hash): Cast to intptr_t instead of long |
| |
| 2020-10-27 David Malcolm <dmalcolm@redhat.com> |
| |
| * constraint-manager.cc (svalue_cmp_by_ptr): Delete. |
| (equiv_class::canonicalize): Use svalue::cmp_ptr_ptr instead. |
| (equiv_class_cmp): Eliminate pointer comparison. |
| * diagnostic-manager.cc (dedupe_key::comparator): If they are at |
| the same location, also compare epath ength and pending_diagnostic |
| kind. |
| * engine.cc (readability_comparator): If two path_vars have the |
| same readability, then impose an arbitrary ordering on them. |
| (worklist::key_t::cmp): If two points have the same plan ordering, |
| continue the comparison. Call sm_state_map::cmp rather than |
| comparing hash values. |
| * program-state.cc (sm_state_map::entry_t::cmp): New. |
| (sm_state_map::cmp): New. |
| * program-state.h (sm_state_map::entry_t::cmp): New decl. |
| (sm_state_map::elements): New. |
| (sm_state_map::cmp): New. |
| |
| 2020-10-27 David Malcolm <dmalcolm@redhat.com> |
| |
| * engine.cc (setjmp_record::cmp): New. |
| (supernode_cluster::dump_dot): Avoid embedding pointer in cluster |
| name. |
| (supernode_cluster::cmp_ptr_ptr): New. |
| (function_call_string_cluster::dump_dot): Avoid embedding pointer |
| in cluster name. Sort m_map when dumping child clusters. |
| (function_call_string_cluster::cmp_ptr_ptr): New. |
| (root_cluster::dump_dot): Sort m_map when dumping child clusters. |
| * program-point.cc (function_point::cmp): New. |
| (function_point::cmp_ptr): New. |
| * program-point.h (function_point::cmp): New decl. |
| (function_point::cmp_ptr): New decl. |
| * program-state.cc (sm_state_map::print): Sort the values. Guard |
| the printing of pointers with !flag_dump_noaddr. |
| (program_state::prune_for_point): Sort the regions. |
| (log_set_of_svalues): Sort the values. Guard the printing of |
| pointers with !flag_dump_noaddr. |
| * region-model-manager.cc (log_uniq_map): Sort the values. |
| * region-model-reachability.cc (dump_set): New function template. |
| (reachable_regions::dump_to_pp): Use it. |
| * region-model.h (svalue::cmp_ptr): New decl. |
| (svalue::cmp_ptr_ptr): New decl. |
| (setjmp_record::cmp): New decl. |
| (placeholder_svalue::get_name): New accessor. |
| (widening_svalue::get_point): New accessor. |
| (compound_svalue::get_map): New accessor. |
| (conjured_svalue::get_stmt): New accessor. |
| (conjured_svalue::get_id_region): New accessor. |
| (region::cmp_ptrs): Rename to... |
| (region::cmp_ptr_ptr): ...this. |
| * region.cc (region::cmp_ptrs): Rename to... |
| (region::cmp_ptr_ptr): ...this. |
| * state-purge.cc |
| (state_purge_per_ssa_name::state_purge_per_ssa_name): Sort |
| m_points_needing_name when dumping. |
| * store.cc (concrete_binding::cmp_ptr_ptr): New. |
| (symbolic_binding::cmp_ptr_ptr): New. |
| (binding_map::cmp): New. |
| (get_sorted_parent_regions): Update for renaming of |
| region::cmp_ptrs to region::cmp_ptr_ptr. |
| (store::dump_to_pp): Likewise. |
| (store::to_json): Likewise. |
| (store::can_merge_p): Sort the base regions before considering |
| them. |
| * store.h (concrete_binding::cmp_ptr_ptr): New decl. |
| (symbolic_binding::cmp_ptr_ptr): New decl. |
| (binding_map::cmp): New decl. |
| * supergraph.cc (supergraph::supergraph): Assign UIDs to the |
| gimple stmts. |
| * svalue.cc (cmp_cst): New. |
| (svalue::cmp_ptr): New. |
| (svalue::cmp_ptr_ptr): New. |
| |
| 2020-10-27 David Malcolm <dmalcolm@redhat.com> |
| |
| * engine.cc (exploded_graph::get_or_create_node): Fix off-by-one |
| when imposing param_analyzer_max_enodes_per_program_point limit. |
| |
| 2020-10-27 David Malcolm <dmalcolm@redhat.com> |
| |
| * region-model.cc (region_model::get_representative_path_var): |
| Implement case RK_LABEL. |
| * region-model.h (label_region::get_label): New accessor. |
| |
| 2020-10-22 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/97514 |
| * engine.cc (exploded_graph::add_function_entry): Handle failure |
| to create an enode, rather than asserting. |
| |
| 2020-10-22 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/97489 |
| * engine.cc (exploded_graph::add_function_entry): Assert that we |
| have a function body. |
| (exploded_graph::on_escaped_function): Reject fndecls that don't |
| have a function body. |
| |
| 2020-10-14 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/93388 |
| * region-model.cc (region_model::get_initial_value_for_global): |
| Fall back to returning an initial_svalue if |
| decl_region::get_svalue_for_initializer fails. |
| * region.cc (decl_region::get_svalue_for_initializer): Don't |
| attempt to create a compound_svalue if the region has an unknown |
| size. |
| |
| 2020-10-14 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/93723 |
| * store.cc (binding_map::apply_ctor_to_region): Remove redundant |
| assertion. |
| |
| 2020-10-12 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/97258 |
| * engine.cc (impl_region_model_context::on_escaped_function): New |
| vfunc. |
| (exploded_graph::add_function_entry): Use m_functions_with_enodes |
| to implement idempotency. |
| (add_any_callbacks): New. |
| (exploded_graph::build_initial_worklist): Use the above to find |
| callbacks that are reachable from global initializers. |
| (exploded_graph::on_escaped_function): New. |
| * exploded-graph.h |
| (impl_region_model_context::on_escaped_function): New decl. |
| (exploded_graph::on_escaped_function): New decl. |
| (exploded_graph::m_functions_with_enodes): New field. |
| * region-model-reachability.cc |
| (reachable_regions::reachable_regions): Replace "store" param with |
| "model" param; use it to initialize m_model. |
| (reachable_regions::add): When getting the svalue for the region, |
| call get_store_value on the model rather than using an initial |
| value. |
| (reachable_regions::mark_escaped_clusters): Add ctxt param and |
| use it to call on_escaped_function when a function_region escapes. |
| * region-model-reachability.h |
| (reachable_regions::reachable_regions): Replace "store" param with |
| "model" param. |
| (reachable_regions::mark_escaped_clusters): Add ctxt param. |
| (reachable_regions::m_model): New field. |
| * region-model.cc (region_model::handle_unrecognized_call): Update |
| for change in reachable_regions ctor. |
| (region_model::handle_unrecognized_call): Pass ctxt to |
| mark_escaped_clusters. |
| (region_model::get_reachable_svalues): Update for change in |
| reachable_regions ctor. |
| (region_model::get_initial_value_for_global): Read-only variables |
| keep their initial values. |
| * region-model.h (region_model_context::on_escaped_function): New |
| vfunc. |
| (noop_region_model_context::on_escaped_function): New. |
| |
| 2020-10-12 David Malcolm <dmalcolm@redhat.com> |
| |
| * analyzer.opt (Wanalyzer-write-to-const): New. |
| (Wanalyzer-write-to-string-literal): New. |
| * region-model-impl-calls.cc (region_model::impl_call_memcpy): |
| Call check_for_writable_region. |
| (region_model::impl_call_memset): Likewise. |
| (region_model::impl_call_strcpy): Likewise. |
| * region-model.cc (class write_to_const_diagnostic): New. |
| (class write_to_string_literal_diagnostic): New. |
| (region_model::check_for_writable_region): New. |
| (region_model::set_value): Call check_for_writable_region. |
| * region-model.h (region_model::check_for_writable_region): New |
| decl. |
| |
| 2020-10-07 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/97116 |
| * sm-malloc.cc (method_p): New. |
| (describe_argument_index): New. |
| (inform_nonnull_attribute): Use describe_argument_index. |
| (possible_null_arg::describe_final_event): Likewise. |
| (null_arg::describe_final_event): Likewise. |
| |
| 2020-09-29 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/95188 |
| * engine.cc (stmt_requires_new_enode_p): Split enodes before |
| "signal" calls. |
| |
| 2020-09-29 David Malcolm <dmalcolm@redhat.com> |
| |
| * constraint-manager.cc |
| (constraint_manager::add_constraint_internal): Whitespace fixes. |
| Silence -Wsign-compare warning. |
| * engine.cc (maybe_process_run_of_before_supernode_enodes): |
| Silence -Wsign-compare warning. |
| |
| 2020-09-28 David Malcolm <dmalcolm@redhat.com> |
| |
| * region-model.h (binop_svalue::dyn_cast_binop_svalue): Remove |
| redundant "virtual". Add FINAL OVERRIDE. |
| (widening_svalue::dyn_cast_widening_svalue): Add FINAL OVERRIDE. |
| (compound_svalue::dyn_cast_compound_svalue): Likewise. |
| (conjured_svalue::dyn_cast_conjured_svalue): Likewise. |
| |
| 2020-09-28 David Malcolm <dmalcolm@redhat.com> |
| |
| * diagnostic-manager.cc (null_assignment_sm_context::m_visitor): |
| Remove unused field. |
| |
| 2020-09-28 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/97233 |
| * analyzer.cc (is_longjmp_call_p): Require the initial argument |
| to be a pointer. |
| * engine.cc (exploded_node::on_longjmp): Likewise. |
| |
| 2020-09-28 David Malcolm <dmalcolm@redhat.com> |
| |
| * program-state.cc (sm_state_map::print): Update check |
| for m_global_state being the start state. |
| |
| 2020-09-26 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/96646 |
| PR analyzer/96841 |
| * region-model.cc (region_model::get_representative_path_var): |
| When handling offset_region, wrap the MEM_REF's first argument in |
| an ADDR_EXPR of pointer type, rather than simply using the tree |
| for the parent region. Require the MEM_REF's second argument to |
| be an integer constant. |
| |
| 2020-09-24 David Malcolm <dmalcolm@redhat.com> |
| |
| * analyzer.h (struct rejected_constraint): New decl. |
| * analyzer.opt (fanalyzer-feasibility): New option. |
| * diagnostic-manager.cc (path_builder::path_builder): Add |
| "problem" param and use it to initialize new field. |
| (path_builder::get_feasibility_problem): New accessor. |
| (path_builder::m_feasibility_problem): New field. |
| (dedupe_winners::add): Remove inversion of logic in "if" clause, |
| swapping if/else suites. In the !feasible_p suite, inspect |
| flag_analyzer_feasibility and add code to handle when this |
| is off, accepting the infeasible path, but recording the |
| feasibility_problem. |
| (diagnostic_manager::emit_saved_diagnostic): Pass the |
| feasibility_problem to the path_builder. |
| (diagnostic_manager::add_events_for_eedge): If we have |
| a feasibility_problem at this edge, use it to add a custom event. |
| * engine.cc (exploded_path::feasible_p): Pass a |
| rejected_constraint ** to model.maybe_update_for_edge and transfer |
| ownership of any created instance to any feasibility_problem. |
| (feasibility_problem::dump_to_pp): New. |
| * exploded-graph.h (feasibility_problem::feasibility_problem): |
| Drop "model" param; add rejected_constraint * param. |
| (feasibility_problem::~feasibility_problem): New. |
| (feasibility_problem::dump_to_pp): New decl. |
| (feasibility_problem::m_model): Drop field. |
| (feasibility_problem::m_rc): New field. |
| * program-point.cc (function_point::get_location): Handle |
| PK_BEFORE_SUPERNODE and PK_AFTER_SUPERNODE. |
| * program-state.cc (program_state::on_edge): Pass NULL to new |
| param of region_model::maybe_update_for_edge. |
| * region-model.cc (region_model::add_constraint): New overload |
| adding a rejected_constraint ** param. |
| (region_model::maybe_update_for_edge): Add rejected_constraint ** |
| param and pass it to the various apply_constraints_for_ calls. |
| (region_model::apply_constraints_for_gcond): Add |
| rejected_constraint ** param and pass it to add_constraint calls. |
| (region_model::apply_constraints_for_gswitch): Likewise. |
| (region_model::apply_constraints_for_exception): Likewise. |
| (rejected_constraint::dump_to_pp): New. |
| * region-model.h (region_model::maybe_update_for_edge): |
| Add rejected_constraint ** param. |
| (region_model::add_constraint): New overload adding a |
| rejected_constraint ** param. |
| (region_model::apply_constraints_for_gcond): Add |
| rejected_constraint ** param. |
| (region_model::apply_constraints_for_gswitch): Likewise. |
| (region_model::apply_constraints_for_exception): Likewise. |
| (struct rejected_constraint): New. |
| |
| 2020-09-23 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/97178 |
| * engine.cc (impl_run_checkers): Update for change to ext_state |
| ctor. |
| * program-state.cc (selftest::test_sm_state_map): Pass an engine |
| instance to ext_state ctor. |
| (selftest::test_program_state_1): Likewise. |
| (selftest::test_program_state_2): Likewise. |
| (selftest::test_program_state_merging): Likewise. |
| (selftest::test_program_state_merging_2): Likewise. |
| * program-state.h (extrinsic_state::extrinsic_state): Remove NULL |
| default value for "eng" param. |
| |
| 2020-09-23 Tobias Burnus <tobias@codesourcery.com> |
| |
| * analyzer-logging.cc: Guard '#pragma ... ignored "-Wformat-diag"' |
| by '#if __GNUC__ >= 10' |
| * analyzer.h: Likewise. |
| * call-string.cc: Likewise. |
| |
| 2020-09-23 David Malcolm <dmalcolm@redhat.com> |
| |
| * engine.cc (exploded_node::on_stmt): Replace sequence of dyn_cast |
| with switch. |
| |
| 2020-09-22 David Malcolm <dmalcolm@redhat.com> |
| |
| * analysis-plan.cc: Include "json.h". |
| * analyzer.opt (fdump-analyzer-json): New. |
| * call-string.cc: Include "json.h". |
| (call_string::to_json): New. |
| * call-string.h (call_string::to_json): New decl. |
| * checker-path.cc: Include "json.h". |
| * constraint-manager.cc: Include "json.h". |
| (equiv_class::to_json): New. |
| (constraint::to_json): New. |
| (constraint_manager::to_json): New. |
| * constraint-manager.h (equiv_class::to_json): New decl. |
| (constraint::to_json): New decl. |
| (constraint_manager::to_json): New decl. |
| * diagnostic-manager.cc: Include "json.h". |
| (saved_diagnostic::to_json): New. |
| (diagnostic_manager::to_json): New. |
| * diagnostic-manager.h (saved_diagnostic::to_json): New decl. |
| (diagnostic_manager::to_json): New decl. |
| * engine.cc: Include "json.h", <zlib.h>. |
| (exploded_node::status_to_str): New. |
| (exploded_node::to_json): New. |
| (exploded_edge::to_json): New. |
| (exploded_graph::to_json): New. |
| (dump_analyzer_json): New. |
| (impl_run_checkers): Call it. |
| * exploded-graph.h (exploded_node::status_to_str): New decl. |
| (exploded_node::to_json): New. |
| (exploded_edge::to_json): New. |
| (exploded_graph::to_json): New. |
| * pending-diagnostic.cc: Include "json.h". |
| * program-point.cc: Include "json.h". |
| (program_point::to_json): New. |
| * program-point.h (program_point::to_json): New decl. |
| * program-state.cc: Include "json.h". |
| (extrinsic_state::to_json): New. |
| (sm_state_map::to_json): New. |
| (program_state::to_json): New. |
| * program-state.h (extrinsic_state::to_json): New decl. |
| (sm_state_map::to_json): New decl. |
| (program_state::to_json): New decl. |
| * region-model-impl-calls.cc: Include "json.h". |
| * region-model-manager.cc: Include "json.h". |
| * region-model-reachability.cc: Include "json.h". |
| * region-model.cc: Include "json.h". |
| * region-model.h (svalue::to_json): New decl. |
| (region::to_json): New decl. |
| * region.cc: Include "json.h". |
| (region::to_json: New. |
| * sm-file.cc: Include "json.h". |
| * sm-malloc.cc: Include "json.h". |
| * sm-pattern-test.cc: Include "json.h". |
| * sm-sensitive.cc: Include "json.h". |
| * sm-signal.cc: Include "json.h". |
| (signal_delivery_edge_info_t::to_json): New. |
| * sm-taint.cc: Include "json.h". |
| * sm.cc: Include "diagnostic.h", "tree-diagnostic.h", and |
| "json.h". |
| (state_machine::state::to_json): New. |
| (state_machine::to_json): New. |
| * sm.h (state_machine::state::to_json): New. |
| (state_machine::to_json): New. |
| * state-purge.cc: Include "json.h". |
| * store.cc: Include "json.h". |
| (binding_key::get_desc): New. |
| (binding_map::to_json): New. |
| (binding_cluster::to_json): New. |
| (store::to_json): New. |
| * store.h (binding_key::get_desc): New decl. |
| (binding_map::to_json): New decl. |
| (binding_cluster::to_json): New decl. |
| (store::to_json): New decl. |
| * supergraph.cc: Include "json.h". |
| (supergraph::to_json): New. |
| (supernode::to_json): New. |
| (superedge::to_json): New. |
| * supergraph.h (supergraph::to_json): New decl. |
| (supernode::to_json): New decl. |
| (superedge::to_json): New decl. |
| * svalue.cc: Include "json.h". |
| (svalue::to_json): New. |
| |
| 2020-09-21 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/97130 |
| * region-model-impl-calls.cc (call_details::get_arg_type): New. |
| * region-model.cc (region_model::on_call_pre): Check that the |
| initial arg is a pointer before calling impl_call_memset and |
| impl_call_strlen. |
| * region-model.h (call_details::get_arg_type): New decl. |
| |
| 2020-09-21 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/93355 |
| * sm-malloc.cc (malloc_state_machine::get_default_state): Look at |
| the base region when considering pointers. Treat pointers to |
| decls as being non-heap. |
| |
| 2020-09-18 David Malcolm <dmalcolm@redhat.com> |
| |
| * checker-path.cc (warning_event::get_desc): Handle global state |
| changes. |
| |
| 2020-09-18 David Malcolm <dmalcolm@redhat.com> |
| |
| * sm-malloc.cc (malloc_state_machine::on_stmt): Handle strdup and |
| strndup as being malloc-like allocators. |
| |
| 2020-09-16 David Malcolm <dmalcolm@redhat.com> |
| |
| * engine.cc (strongly_connected_components::strong_connect): Only |
| consider intraprocedural edges when creating SCCs. |
| (worklist::key_t::cmp): Add comment. Treat call_string |
| differences as more important than differences of program_point |
| within a supernode. |
| |
| 2020-09-16 David Malcolm <dmalcolm@redhat.com> |
| |
| * engine.cc (supernode_cluster::dump_dot): Show the SCC id |
| in the per-supernode clusters in FILENAME.eg.dot output. |
| (exploded_graph_annotator::add_node_annotations): |
| Show the SCC of the supernode in FILENAME.supernode.eg.dot output. |
| * exploded-graph.h (worklist::scc_id): New. |
| (exploded_graph::get_scc_id): New. |
| |
| 2020-09-16 David Malcolm <dmalcolm@redhat.com> |
| |
| * engine.cc (exploded_node::dump_dot): Show STATUS_BULK_MERGED. |
| (exploded_graph::process_worklist): Call |
| maybe_process_run_of_before_supernode_enodes. |
| (exploded_graph::maybe_process_run_of_before_supernode_enodes): |
| New. |
| (exploded_graph_annotator::print_enode): Show STATUS_BULK_MERGED. |
| * exploded-graph.h (enum exploded_node::status): Add |
| STATUS_BULK_MERGED. |
| |
| 2020-09-16 David Malcolm <dmalcolm@redhat.com> |
| |
| * engine.cc |
| (exploded_graph::process_node) <case PK_BEFORE_SUPERNODE>: |
| Simplify by using program_point::get_next. |
| * program-point.cc (program_point::get_next): New. |
| * program-point.h (program_point::get_next): New decl. |
| |
| 2020-09-16 David Malcolm <dmalcolm@redhat.com> |
| |
| * engine.cc (exploded_graph::get_or_create_node): Show the |
| program point when issuing -Wanalyzer-too-complex due to hitting |
| the per-program-point limit. |
| |
| 2020-09-16 David Malcolm <dmalcolm@redhat.com> |
| |
| * region-model.cc (region_model::on_call_pre): Treat getchar as |
| having no side-effects. |
| |
| 2020-09-15 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/96650 |
| * constraint-manager.cc (merger_fact_visitor::on_fact): Replace |
| assertion that add_constraint succeeded with an assertion that |
| if it fails, -fanalyzer-transitivity is off. |
| |
| 2020-09-14 David Malcolm <dmalcolm@redhat.com> |
| |
| * analyzer.opt (-param=analyzer-max-constraints=): New param. |
| * constraint-manager.cc |
| (constraint_manager::add_constraint_internal): Silently reject |
| attempts to add constraints when the above limit is reached. |
| |
| 2020-09-14 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/96653 |
| * constraint-manager.cc |
| (constraint_manager::get_or_add_equiv_class): Don't accumulate |
| transitive closure of all constraints on constants. |
| |
| 2020-09-14 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/97029 |
| * analyzer.cc (is_setjmp_call_p): Require the initial arg to be a |
| pointer. |
| * region-model.cc (region_model::deref_rvalue): Assert that the |
| svalue is of pointer type. |
| |
| 2020-09-11 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/96798 |
| * region-model-impl-calls.cc (region_model::impl_call_memcpy): |
| New. |
| (region_model::impl_call_strcpy): New. |
| * region-model.cc (region_model::on_call_pre): Flag unhandled |
| builtins that are non-pure as having unknown side-effects. |
| Implement BUILT_IN_MEMCPY, BUILT_IN_MEMCPY_CHK, BUILT_IN_STRCPY, |
| BUILT_IN_STRCPY_CHK, BUILT_IN_FPRINTF, BUILT_IN_FPRINTF_UNLOCKED, |
| BUILT_IN_PUTC, BUILT_IN_PUTC_UNLOCKED, BUILT_IN_FPUTC, |
| BUILT_IN_FPUTC_UNLOCKED, BUILT_IN_FPUTS, BUILT_IN_FPUTS_UNLOCKED, |
| BUILT_IN_FWRITE, BUILT_IN_FWRITE_UNLOCKED, BUILT_IN_PRINTF, |
| BUILT_IN_PRINTF_UNLOCKED, BUILT_IN_PUTCHAR, |
| BUILT_IN_PUTCHAR_UNLOCKED, BUILT_IN_PUTS, BUILT_IN_PUTS_UNLOCKED, |
| BUILT_IN_VFPRINTF, BUILT_IN_VPRINTF. |
| * region-model.h (region_model::impl_call_memcpy): New decl. |
| (region_model::impl_call_strcpy): New decl. |
| |
| 2020-09-09 David Malcolm <dmalcolm@redhat.com> |
| |
| PR analyzer/94355 |
| * analyzer.opt (Wanalyzer-mismatching-deallocation): New warning. |
| * region-model-impl-calls.cc |
| (region_model::impl_call_operator_new): New. |
| (region_model::impl_call_operator_delete): New. |
| * region-model.cc (region_model::on_call_pre): Detect operator new |
| and operator delete. |
| (region_model::on_call_post): Likewise. |
| (region_model::maybe_update_for_edge): Detect EH edges and call... |
| (region_model::apply_constraints_for_exception): New function. |
| * region-model.h (region_model::impl_call_operator_new): New decl. |
| (region_model::impl_call_operator_delete): New decl. |
| (region_model::apply_constraints_for_exception): New decl. |
| * sm-malloc.cc (enum resource_state): New. |
| (struct allocation_state): New state subclass. |
| (enum wording): New. |
| (struct api): New. |
| (malloc_state_machine::custom_data_t): New typedef. |
| (malloc_state_machine::add_state): New decl. |
| (malloc_state_machine::m_unchecked) |
| (malloc_state_machine::m_nonnull) |
| (malloc_state_machine::m_freed): Delete these states in favor |
| of... |
| (malloc_state_machine::m_malloc) |
| (malloc_state_machine::m_scalar_new) |
| (malloc_state_machine::m_vector_new): ...this new api instances, |
| which own their own versions of these states. |
| (malloc_state_machine::on_allocator_call): New decl. |
| (malloc_state_machine::on_deallocator_call): New decl. |
| (api::api): New ctor. |
| (dyn_cast_allocation_state): New. |
| (as_a_allocation_state): New. |
| (get_rs): New. |
| (unchecked_p): New. |
| (nonnull_p): New. |
| (freed_p): New. |
| (malloc_diagnostic::describe_state_change): Use unchecked_p and |
| nonnull_p. |
| (class mismatching_deallocation): New. |
| (double_free::double_free): Add funcname param for initializing |
| m_funcname. |
| (double_free::emit): Use m_funcname in warning message rather |
| than hardcoding "free". |
| (double_free::describe_state_change): Likewise. Use freed_p. |
| (double_free::describe_call_with_state): Use freed_p. |
| (double_free::describe_final_event): Use m_funcname in message |
| rather than hardcoding "free". |
| (double_free::m_funcname): New field. |
| (possible_null::describe_state_change): Use unchecked_p. |
| (possible_null::describe_return_of_state): Likewise. |
| (use_after_free::use_after_free): Add param for initializing m_api. |
| (use_after_free::emit): Use m_api->m_dealloc_funcname in message |
| rather than hardcoding "free". |
| (use_after_free::describe_state_change): Use freed_p. Change the |
| wording of the message based on the API. |
| (use_after_free::describe_final_event): Use |
| m_api->m_dealloc_funcname in message rather than hardcoding |
| "free". Change the wording of the message based on the API. |
| (use_after_free::m_api): New field. |
| (malloc_leak::describe_state_change): Use unchecked_p. Update |
| for renaming of m_malloc_event to m_alloc_event. |
| (malloc_leak::describe_final_event): Update for renaming of |
| m_malloc_event to m_alloc_event. |
| (malloc_leak::m_malloc_event): Rename... |
| (malloc_leak::m_alloc_event): ...to this. |
| (free_of_non_heap::free_of_non_heap): Add param for initializing |
| m_funcname. |
| (free_of_non_heap::emit): Use m_funcname in message rather than |
| hardcoding "free". |
| (free_of_non_heap::describe_final_event): Likewise. |
| (free_of_non_heap::m_funcname): New field. |
| (allocation_state::dump_to_pp): New. |
| (allocation_state::get_nonnull): New. |
| (malloc_state_machine::malloc_state_machine): Update for changes |
| to state fields and new api fields. |
| (malloc_state_machine::add_state): New. |
| (malloc_state_machine::on_stmt): Move malloc/calloc handling to |
| on_allocator_call and call it, passing in the API pointer. |
| Likewise for free, moving it to on_deallocator_call. Handle calls |
| to operator new and delete in an analogous way. Use unchecked_p |
| when testing for possibly-null-arg and possibly-null-deref, and |
| transition to the non-null for the correct API. Remove redundant |
| node param from call to on_zero_assignment. Use freed_p for |
| use-after-free check, and pass in API. |
| (malloc_state_machine::on_allocator_call): New, based on code in |
| on_stmt. |
| (malloc_state_machine::on_deallocator_call): Likewise. |
| (malloc_state_machine::on_phi): Mark node param with |
| ATTRIBUTE_UNUSED; don't pass it to on_zero_assignment. |
| (malloc_state_machine::on_condition): Mark node param with |
| ATTRIBUTE_UNUSED. Replace on_transition calls with get_state and |
| set_next_state pairs, transitioning to the non-null state for the |
| appropriate API. |
| (malloc_state_machine::can_purge_p): Port to new state approach. |
| (malloc_state_machine::on_zero_assignment): Replace on_transition |
| calls with get_state and set_next_state pairs. Drop redundant |
| node param. |
| * sm.h (state_machine::add_custom_state): New. |
| |
| 2020-09-09 David Malcolm <dmalcolm@redhat.com> |
| |
| * diagnostic-manager.cc |
| (null_assignment_sm_context::warn_for_state): Replace with... |
| (null_assignment_sm_context::warn): ...this. |
| * engine.cc (impl_sm_context::warn_for_state): Replace with... |
| (impl_sm_context::warn): ...this. |
| * sm-file.cc (fileptr_state_machine::on_stmt): Replace |
| warn_for_state and on_transition calls with a get_state |
| test guarding warn and set_next_state calls. |
| * sm-malloc.cc (malloc_state_machine::on_stmt): Likewise. |
| * sm-pattern-test.cc (pattern_test_state_machine::on_condition): |
| Replace warn_for_state call with warn call. |
| * sm-sensitive.cc |
| (sensitive_state_machine::warn_for_any_exposure): Replace |
| warn_for_state call with a get_state test guarding a warn call. |
| * sm-signal.cc (signal_state_machine::on_stmt): Likewise. |
| * sm-taint.cc (taint_state_machine::on_stmt): Replace |
| warn_for_state and on_transition calls with a get_state |
| test guarding warn and set_next_state calls. |
| * sm.h (sm_context::warn_for_state): Replace with... |
| (sm_context::warn): ...this. |
| |
| 2020-09-09 David Malcolm <dmalcolm@redhat.com> |
| |
| * diagnostic-manager.cc |
| (null_assignment_sm_context::null_assignment_sm_context): Add old_state |
| and ext_state params, initializing m_old_state and m_ext_state. |
| (null_assignment_sm_context::on_transition): Split into... |
| (null_assignment_sm_context::get_state): ...this new vfunc |
| implementation and... |
| (null_assignment_sm_context::set_next_state): ...this new vfunc |
| implementation. |
| (null_assignment_sm_context::m_old_state): New field. |
| (null_assignment_sm_context::m_ext_state): New field. |
| (diagnostic_manager::add_events_for_eedge): Pass in old state and |
| ext_state when creating sm_ctxt. |
| * engine.cc (impl_sm_context::on_transition): Split into... |
| (impl_sm_context::get_state): ...this new vfunc |
| implementation and... |
| (impl_sm_context::set_next_state): ...this new vfunc |
| implementation. |
| * sm.h (sm_context::get_state): New pure virtual function. |
| (sm_context::set_next_state): Likewise. |
| (sm_context::on_transition): Convert from a pure virtual function |
| to a regular function implemented in terms of get_state and |
| set_next_state. |
| |
| 2020-09-09 David Malcolm <dmalcolm@redhat.com> |
| |
| * checker-path.cc (state_change_event::get_desc): Update |
|