analyzer: fix issues with phi handling

The analyzer's state purging code was overzealously purging state
for ssa names that might be used within phi nodes, leading to
false positives from -Wanalyzer-use-of-uninitialized-value.

This patch updates phi handling in the analyzer to fix these issues.

	* (region_model::handle_phi): Add "old_state"
	param and use it.
	(region_model::update_for_phis): Update so that all of the phi
	stmts are effectively handled simultaneously, rather than in
	* region-model.h (region_model::handle_phi): Add "old_state"
	* (self_referential_phi_p): Replace with...
	(name_used_by_phis_p): ...this new function.
	(state_purge_per_ssa_name::process_point): Update to use the
	above, so that all phi stmts at a basic block are effectively
	considered simultaneously, and only consider the phi arguments for
	the pertinent in-edge.
	* (cfg_superedge::get_phi_arg_idx): New.
	(cfg_superedge::get_phi_arg): Use the above.
	* supergraph.h (cfg_superedge::get_phi_arg_idx): New decl.

	* gcc.dg/analyzer/explode-2.c: Remove xfail.
	* gcc.dg/analyzer/explode-2a.c: Remove expected leak warning on
	while stmt.
	* gcc.dg/analyzer/phi-2.c: New test.

Signed-off-by: David Malcolm <>
8 files changed