aboutsummaryrefslogtreecommitdiff
path: root/gcc/analyzer/svalue.cc
AgeCommit message (Collapse)AuthorFilesLines
2025-06-30analyzer: use nullptr rather than NULLDavid Malcolm1-24/+24
Modernization; no functional change intended. gcc/analyzer/ChangeLog: * access-diagram.cc: Use nullptr rather than NULL where appropriate. * analyzer-language.cc: Likewise. * analyzer-language.h: Likewise. * analyzer-logging.h: Likewise. * analyzer-pass.cc: Likewise. * analyzer.cc: Likewise. * bounds-checking.cc: Likewise. * call-details.cc: Likewise. * call-string.cc: Likewise. * call-string.h: Likewise. * call-summary.cc: Likewise. * checker-event.cc: Likewise. * common.h: Likewise. * constraint-manager.cc: Likewise. * constraint-manager.h: Likewise. * diagnostic-manager.cc: Likewise. * engine.cc: Likewise. * exploded-graph.h: Likewise. * function-set.cc: Likewise * infinite-recursion.cc: Likewise * inlining-iterator.h: Likewise * kf.cc: Likewise * known-function-manager.cc: Likewise * pending-diagnostic.cc: Likewise * program-point.cc: Likewise * program-point.h: Likewise * program-state.cc: Likewise * program-state.h: Likewise * record-layout.cc: Likewise * region-model-asm.cc: Likewise * region-model-manager.cc: Likewise * region-model-manager.h: Likewise * region-model-reachability.cc: Likewise * region-model.cc: Likewise * region-model.h: Likewise * region.cc: Likewise * region.h: Likewise * sm-fd.cc: Likewise * sm-malloc.cc: Likewise * sm-pattern-test.cc: Likewise * sm-signal.cc: Likewise * sm-taint.cc: Likewise * sm.cc: Likewise * sm.h: Likewise * state-purge.cc: Likewise * state-purge.h: Likewise * store.cc: Likewise * store.h: Likewise * supergraph.cc: Likewise * supergraph.h: Likewise * svalue.cc: Likewise * svalue.h: Likewise * varargs.cc: Likewise Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2025-04-28analyzer: initial implementation of exception handling [PR97111]David Malcolm1-0/+13
This patch adds initial support for exception-handling to -fanalyzer, handling eh_dispatch for regions of type ERT_TRY and ERT_ALLOWED_EXCEPTIONS. I haven't managed yet seen eh_dispatch for regions of type ERT_CLEANUP and ERT_MUST_NOT_THROW in the analyzer; with this patch it will ICE if it sees those. Additionally, this patch only checks for exact matches of exception types, rather than supporting subclasses and references. I'm deferring fixing this for now whilst figuring out how best to interact with the C++ type system; I'm tracking it as PR analyzer/119697. The patch adds event classes for throwing and catching exceptions, and seems to generate readable warnings for the kinds of leak that might occur due to trying to manage resources manually and forgetting about exceptions; for example: exception-leak-1.C: In function ‘int test()’: exception-leak-1.C:7:9: warning: leak of ‘ptr’ [CWE-401] [-Wanalyzer-malloc-leak] 7 | throw 42; | ^~ ‘int test()’: events 1-3 5 | void *ptr = __builtin_malloc (1024); | ~~~~~~~~~~~~~~~~~^~~~~~ | | | (1) allocated here 6 | 7 | throw 42; | ~~ | | | (2) throwing exception of type ‘int’ here... | (3) ⚠️ ‘ptr’ leaks here; was allocated at (1) Although dynamic exception specifications are only available in C++14 and earlier, the need to support them meant it seemed relatively easy to add a warning to check them, hence the patch adds a new warning for code paths that throw an exception that doesn't match a dynamic exception specification: -Wanalyzer-throw-of-unexpected-type. gcc/analyzer/ChangeLog: PR analyzer/97111 * analyzer.cc (is_cxa_throw_p): New. (is_cxa_rethrow_p): New. * analyzer.opt (Wanalyzer-throw-of-unexpected-type): New. * analyzer.opt.urls: Regenerate. * call-info.cc (custom_edge_info::create_enode): New. * call-info.h (call_info::print): Drop "final". (call_info::add_events_to_path): Likewise. * checker-event.cc (event_kind_to_string): Add cases for event_kind::catch_, event_kind::throw_, and event_kind::unwind. (explicit_throw_event::print_desc): New. (throw_from_call_to_external_fn_event::print_desc): New. (unwind_event::print_desc): New. * checker-event.h (enum class event_kind): Add catch_, throw_, and unwind. (class catch_cfg_edge_event): New. (class throw_event): New. (class explicit_throw_event): New. (class throw_from_call_to_external_fn_event): New. (class unwind_event): New. * common.h (class eh_dispatch_cfg_superedge): New forward decl. (class eh_dispatch_try_cfg_superedge): New forward decl. (class eh_dispatch_allowed_cfg_superedge): New forward decl. (custom_edge_info::create_enode): New vfunc decl. (is_cxa_throw_p): New decl. (is_cxa_rethrow_p): New decl. * diagnostic-manager.cc (diagnostic_manager::add_events_for_superedge): Special-case edges for eh_dispach_try. (diagnostic_manager::prune_path): Call consolidate_unwind_events. (diagnostic_manager::prune_for_sm_diagnostic): Don't filter the new event_kinds. (diagnostic_manager::consolidate_unwind_events): New. * diagnostic-manager.h (diagnostic_manager::consolidate_unwind_events): New decl. * engine.cc (exploded_node::on_stmt_pre): Handle "__cxa_throw", "__cxa_rethrow", and resx statements. (class throw_custom_edge): New. (class unwind_custom_edge): New. (get_eh_outedge): New. (exploded_graph::unwind_from_exception): New. (exploded_node::on_throw): New. (exploded_node::on_resx): New. (exploded_graph::get_or_create_node): Add "add_to_worklist" param and use it. (exploded_graph::process_node): Use edge_info's create_enode vfunc to create enodes, rather than calling get_or_create_node directly. Ignore CFG edges in the sgraph flagged with EH whilst we're exploring the egraph. (exploded_graph_annotator::print_enode): Handle case exploded_node::status::special. * exploded-graph.h (exploded_node::status): Add value "special". (exploded_node::on_throw): New decl. (exploded_node::on_resx): New decl. (exploded_graph::get_or_create_node): Add optional "add_to_worklist" param. (exploded_graph::unwind_from_exception): New decl. * kf-lang-cp.cc (class kf_cxa_allocate_exception): New. (class kf_cxa_begin_catch): New. (class kf_cxa_end_catch): New. (class throw_of_unexpected_type): New. (class kf_cxa_call_unexpected): New. (register_known_functions_lang_cp): Register known functions "__cxa_allocate_exception", "__cxa_begin_catch", "__cxa_end_catch", and "__cxa_call_unexpected". * kf.cc (class kf_eh_pointer): New. (register_known_functions): Register it for BUILT_IN_EH_POINTER. * region-model.cc: Include "analyzer/function-set.h". (exception_node::operator==): New. (exception_node::dump_to_pp): New. (exception_node::dump): New. (exception_node::to_json): New. (exception_node::make_dump_widget): New. (exception_node::maybe_get_type): New. (exception_node::add_to_reachable_regions): New. (region_model::region_model): Initialize m_thrown_exceptions_stack and m_caught_exceptions_stack. (region_model::operator=): Likewise. (region_model::operator==): Compare them. (region_model::dump_to_pp): Dump exception stacks. (region_model::to_json): Add exception stacks. (region_model::make_dump_widget): Likewise. (class exception_thrown_from_unrecognized_call): New. (get_fns_assumed_not_to_throw): New. (can_throw_p): New. (region_model::check_for_throw_inside_call): New. (region_model::on_call_pre): Call check_for_throw_inside_call on unknown fns or those we don't have a body for. (region_model::maybe_update_for_edge): Handle eh_dispatch_stmt statements. Drop old code that called apply_constraints_for_exception on EDGE_EH edges. (class rejected_eh_dispatch): New. (exception_matches_type_p): New. (matches_any_exception_type_p): New. (region_model::apply_constraints_for_eh_dispatch): New. (region_model::apply_constraints_for_eh_dispatch_try): New. (region_model::apply_constraints_for_eh_dispatch_allowed): New. (region_model::apply_constraints_for_exception): Delete. (region_model::can_merge_with_p): Don't merge models with non-equal exception stacks. (region_model::get_referenced_base_regions): Add regions from exception stacks. * region-model.h (struct exception_node): New. (region_model::push_thrown_exception): New. (region_model::get_current_thrown_exception): New. (region_model::pop_thrown_exception): New. (region_model::push_caught_exception): New. (region_model::get_current_caught_exception): New. (region_model::pop_caught_exception): New. (region_model::apply_constraints_for_eh_dispatch_try): New decl. (region_model::apply_constraints_for_eh_dispatch_allowed) New decl. (region_model::apply_constraints_for_exception): Delete. (region_model::apply_constraints_for_eh_dispatch): New decl. (region_model::check_for_throw_inside_call): New decl. (region_model::m_thrown_exceptions_stack): New field. (region_model::m_caught_exceptions_stack): New field. * supergraph.cc: Include "except.h" and "analyzer/region-model.h". (supergraph::add_cfg_edge): Special-case eh_dispatch edges. (superedge::get_description): Use default_tree_printer. (get_catch): New. (eh_dispatch_cfg_superedge::make): New. (eh_dispatch_cfg_superedge::eh_dispatch_cfg_superedge): New. (eh_dispatch_cfg_superedge::get_eh_status): New. (eh_dispatch_try_cfg_superedge::dump_label_to_pp): New. (eh_dispatch_try_cfg_superedge::apply_constraints): New. (eh_dispatch_allowed_cfg_superedge::eh_dispatch_allowed_cfg_superedge): New. (eh_dispatch_allowed_cfg_superedge::dump_label_to_pp): New. (eh_dispatch_allowed_cfg_superedge::apply_constraints): New. * supergraph.h: Include "except.h". (superedge::dyn_cast_eh_dispatch_cfg_superedge): New vfunc. (superedge::dyn_cast_eh_dispatch_try_cfg_superedge): New vfunc. (superedge::dyn_cast_eh_dispatch_allowed_cfg_superedge): New vfunc. (class eh_dispatch_cfg_superedge): New. (is_a_helper <const eh_dispatch_cfg_superedge *>::test): New. (class eh_dispatch_try_cfg_superedge): New. (is_a_helper <const eh_dispatch_try_cfg_superedge *>::test): New. (class eh_dispatch_allowed_cfg_superedge): New. (is_a_helper <const eh_dispatch_allowed_cfg_superedge *>::test): New. * svalue.cc (svalue::maybe_get_type_from_typeinfo): New. * svalue.h (svalue::maybe_get_type_from_typeinfo): New decl. gcc/ChangeLog: PR analyzer/97111 * doc/invoke.texi: Add -Wanalyzer-throw-of-unexpected-type. * gimple.h (gimple_call_nothrow_p): Make arg const. gcc/testsuite/ChangeLog: PR analyzer/97111 * c-c++-common/analyzer/analyzer-verbosity-2a.c: Add -fno-exceptions. * c-c++-common/analyzer/analyzer-verbosity-3a.c: Likewise. * c-c++-common/analyzer/attr-const-2.c: Add __attribute__((nothrow)). * c-c++-common/analyzer/attr-malloc-4.c: Likewise. * c-c++-common/analyzer/attr-malloc-5.c: Likewise. * c-c++-common/analyzer/attr-malloc-6.c: Add -fno-exceptions. * c-c++-common/analyzer/attr-malloc-CVE-2019-19078-usb-leak.c: Likewise. * c-c++-common/analyzer/attr-malloc-exception.c: New test. * c-c++-common/analyzer/call-summaries-pr107158-2.c: Add -fno-exceptions. * c-c++-common/analyzer/call-summaries-pr107158.c: Likewise. * c-c++-common/analyzer/capacity-2.c: Likewise. * c-c++-common/analyzer/coreutils-sum-pr108666.c: Likewise. * c-c++-common/analyzer/data-model-22.c: Likewise. * c-c++-common/analyzer/data-model-5d.c: Likewise. * c-c++-common/analyzer/deref-before-check-pr108455-git-pack-revindex.c: Likewise. * c-c++-common/analyzer/deref-before-check-pr108475-haproxy-tcpcheck.c: Likewise. * c-c++-common/analyzer/edges-2.c: Likewise. * c-c++-common/analyzer/fd-2.c: Likewise. * c-c++-common/analyzer/fd-3.c: Likewise. * c-c++-common/analyzer/fd-meaning.c: Likewise. * c-c++-common/analyzer/file-1.c: Likewise. * c-c++-common/analyzer/file-3.c: Likewise. * c-c++-common/analyzer/file-meaning-1.c: Likewise. * c-c++-common/analyzer/infinite-recursion.c: Likewise. * c-c++-common/analyzer/leak-3.c: Likewise. * c-c++-common/analyzer/malloc-dedupe-1.c: Likewise. * c-c++-common/analyzer/malloc-in-loop.c: Likewise. * c-c++-common/analyzer/malloc-many-paths-3.c: Likewise. * c-c++-common/analyzer/malloc-paths-5.c: Likewise. * c-c++-common/analyzer/malloc-paths-7.c: Likewise. * c-c++-common/analyzer/malloc-paths-8.c: Likewise. * c-c++-common/analyzer/malloc-vs-local-1a.c: Likewise. * c-c++-common/analyzer/malloc-vs-local-2.c: Likewise. * c-c++-common/analyzer/malloc-vs-local-3.c: Likewise. * c-c++-common/analyzer/paths-7.c: Likewise. * c-c++-common/analyzer/pr110830.c: Likewise. * c-c++-common/analyzer/pr93032-mztools-simplified.c: Likewise. * c-c++-common/analyzer/pr93355-localealias-feasibility-3.c: Likewise. * c-c++-common/analyzer/pr93355-localealias-simplified.c: Likewise. * c-c++-common/analyzer/pr96650-1-trans.c: Likewise. * c-c++-common/analyzer/pr97072.c: Add __attribute__((nothrow)). * c-c++-common/analyzer/pr98575-1.c: Likewise. * c-c++-common/analyzer/pr99716-1.c: Add -fno-exceptions. * c-c++-common/analyzer/pr99716-2.c: Likewise. * c-c++-common/analyzer/pr99716-3.c: Likewise. * c-c++-common/analyzer/pragma-2.c: Likewise. * c-c++-common/analyzer/rhbz1878600.c: Likewise. * c-c++-common/analyzer/strndup-1.c: Likewise. * c-c++-common/analyzer/write-to-string-literal-4-disabled.c: Likewise. * c-c++-common/analyzer/write-to-string-literal-4.c: Likewise. * c-c++-common/analyzer/write-to-string-literal-5.c: Likewise. * c-c++-common/analyzer/zlib-5.c: Likewise. * g++.dg/analyzer/exception-could-throw-1.C: New test. * g++.dg/analyzer/exception-could-throw-2.C: New test. * g++.dg/analyzer/exception-dynamic-spec.C: New test. * g++.dg/analyzer/exception-leak-1.C: New test. * g++.dg/analyzer/exception-leak-2.C: New test. * g++.dg/analyzer/exception-leak-3.C: New test. * g++.dg/analyzer/exception-leak-4.C: New test. * g++.dg/analyzer/exception-leak-5.C: New test. * g++.dg/analyzer/exception-leak-6.C: New test. * g++.dg/analyzer/exception-nothrow.C: New test. * g++.dg/analyzer/exception-path-1.C: New test. * g++.dg/analyzer/exception-path-catch-all-1.C: New test. * g++.dg/analyzer/exception-path-catch-all-2.C: New test. * g++.dg/analyzer/exception-path-unwind-multiple-2.C: New test. * g++.dg/analyzer/exception-path-unwind-multiple.C: New test. * g++.dg/analyzer/exception-path-unwind-single.C: New test. * g++.dg/analyzer/exception-path-with-cleanups.C: New test. * g++.dg/analyzer/exception-rethrow-1.C: New test. * g++.dg/analyzer/exception-rethrow-2.C: New test. * g++.dg/analyzer/exception-stack-1.C: New test. * g++.dg/analyzer/exception-stack-2.C: New test. * g++.dg/analyzer/exception-subclass-1.C: New test. * g++.dg/analyzer/exception-subclass-2.C: New test. * g++.dg/analyzer/exception-value-1.C: New test. * g++.dg/analyzer/exception-value-2.C: New test. * g++.dg/analyzer/fno-exception.C: New test. * g++.dg/analyzer/pr94028.C: Drop xfail. * g++.dg/analyzer/std-unexpected.C: New test. * g++.dg/coroutines/pr105287.C: Drop dg-excess-errors. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2025-04-28Eliminate make-unique.h and ::make_uniqueDavid Malcolm1-3/+1
C++11 does not provide a std::make_unique so in r13-3627-g00d7c8ff16e683 I added a make-unique.h declaring a ::make_unique. As of r15-4719-ga9ec1bc06bd3cc we can use C++14, so make-unique.h is no longer needed: we can use simply use std::make_unique instead. This patch removes make-unique.h and updates every place using it to use std::make_unique. No functional change intended. gcc/analyzer/ChangeLog: * access-diagram.cc: Replace uses of ::make_unique with std::make_unique. * analyzer.cc: Likewise. * bounds-checking.cc: Likewise. * call-details.cc: Likewise. * call-info.cc: Likewise. * call-string.cc: Likewise. * checker-path.cc: Likewise. * common.h: Drop include of "make-unique.h". * constraint-manager.cc: Replace uses of ::make_unique with std::make_unique. * diagnostic-manager.cc: Likewise. * engine.cc: Likewise. * infinite-loop.cc: Likewise. * infinite-recursion.cc: Likewise. * kf-analyzer.cc: Likewise. * kf-lang-cp.cc: Likewise. * kf.cc: Likewise. * pending-diagnostic.cc: Likewise. * program-point.cc: Likewise; drop #include. * program-state.cc: Likewise. * ranges.cc: Likewise. * region-model.cc: Likewise. * region.cc: Likewise; drop #include. * sm-fd.cc: Likewise. * sm-file.cc: Likewise. * sm-malloc.cc: Likewise. * sm-pattern-test.cc: Likewise. * sm-sensitive.cc: Likewise. * sm-signal.cc: Likewise. * sm-taint.cc: Likewise. * sm.cc: Likewise. * store.cc: Likewise. * supergraph.cc: Likewise. * svalue.cc: Likewise; drop #include. * varargs.cc: Likewise. gcc/c-family/ChangeLog: * c-pretty-print.cc: Drop include of "make-unique.h". Replace uses of ::make_unique with std::make_unique. gcc/c/ChangeLog: * c-decl.cc: Drop include of "make-unique.h". Replace uses of ::make_unique with std::make_unique. * c-objc-common.cc: Likewise. * c-parser.cc: Likewise. gcc/cp/ChangeLog: * cxx-pretty-print.cc: Drop include of "make-unique.h". Replace uses of ::make_unique with std::make_unique. * error.cc: Likewise. * name-lookup.cc: Likewise. * parser.cc: Likewise. gcc/ChangeLog: * diagnostic-format-json.cc: Drop include of "make-unique.h". Replace uses of ::make_unique with std::make_unique. * diagnostic-format-sarif.cc: Likewise. * diagnostic-format-text.cc: Likewise. * diagnostic.cc: Likewise. * dumpfile.cc: Likewise. * gcc-attribute-urlifier.cc: Likewise. * gcc-urlifier.cc: Likewise. * json-parsing.cc: Likewise. * json.cc: Likewise. * lazy-diagnostic-path.cc: Likewise. * libgdiagnostics.cc: Likewise. * libsarifreplay.cc: Likewise. * lto-wrapper.cc: Likewise. * make-unique.h: Delete. * opts-diagnostic.cc: Drop include of "make-unique.h". Replace uses of ::make_unique with std::make_unique. * pretty-print.cc: Likewise. * text-art/style.cc: Likewise. * text-art/styled-string.cc: Likewise. * text-art/table.cc: Likewise. * text-art/tree-widget.cc: Likewise. * text-art/widget.cc: Likewise. * timevar.cc: Likewise. * toplev.cc: Likewise. * tree-diagnostic-client-data-hooks.cc: Likewise. gcc/jit/ChangeLog: * dummy-frontend.cc: Drop include of "make-unique.h". Replace uses of ::make_unique with std::make_unique. gcc/testsuite/ChangeLog: * gcc.dg/plugin/analyzer_cpython_plugin.cc: Drop include of "make-unique.h". Replace uses of ::make_unique with std::make_unique. * gcc.dg/plugin/analyzer_gil_plugin.cc: Likewise. * gcc.dg/plugin/analyzer_kernel_plugin.cc: Likewise. * gcc.dg/plugin/analyzer_known_fns_plugin.cc: Likewise. * gcc.dg/plugin/diagnostic_group_plugin.cc: Likewise. * gcc.dg/plugin/diagnostic_plugin_xhtml_format.cc: Likewise. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2025-04-28analyzer: convert various enums to "enum class"David Malcolm1-6/+6
Modernization; no functional change intended. gcc/analyzer/ChangeLog: * access-diagram.cc: Convert enum access_direction to "enum class". * bounds-checking.cc: Likewise. * checker-event.cc: Convert enum event_kind to "enum class". * checker-event.h: Likewise. * checker-path.cc: Likewise. * common.h: Convert enum access_direction to "enum class". * constraint-manager.cc: Convert enum bound_kind to "enum class". * constraint-manager.h: Likewise. * diagnostic-manager.cc: Convert enum event_kind to "enum class". * engine.cc: Convert enum status to "enum class". * exploded-graph.h: Likewise. * infinite-loop.cc: Likewise. * kf-lang-cp.cc: Convert enum poison_kind to "enum class". * kf.cc: Likewise. * region-model-manager.cc: Likewise. * region-model.cc: Likewise; also for enum access_direction. * svalue.cc: Likewise. * svalue.h: Likewise. gcc/testsuite/ChangeLog: * gcc.dg/plugin/analyzer_cpython_plugin.cc: Convert enum poison_kind to "enum class". Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2025-04-28analyzer: use analyzer/common.h as a common headerDavid Malcolm1-25/+10
Our headers are a major pain to work with: many require certain other headers to be included in a particular (undocumented) order in order to be includable. Simplify includes in the analyzer by renaming analyzer/analyzer.h to analyzer/common.h and have it include all the common headers needed throughout the analyzer, thus encapsulating the rules about e.g. being able to include "gimple.h" in one place in the analyzer subdirectory. Doing so also makes it easier to e.g. define INCLUDE_SET in one place, rather than in many source files. gcc/analyzer/ChangeLog: * analyzer.h: Rename to... * common.h: ...this. Add define of INCLUDE_VECTOR, includes of "config.h", "system.h", "coretypes.h", "make-unique.h", "tree.h", "function.h", "basic-block.h", "gimple.h", "options.h", "bitmap.h", "diagnostic-core.h", and "diagnostic-path.h". * access-diagram.h: Don't include "analyzer/analyzer.h". * access-diagram.cc: Reorganize includes to #include "analyzer/common.h" first, then group by subsystem, dropping redundant headers. * analysis-plan.cc: Likewise. * analyzer-language.cc: Likewise. * analyzer-pass.cc: Likewise. * analyzer-selftests.cc: Likewise. * analyzer.cc: Likewise. * bounds-checking.cc: Likewise. * call-details.cc: Likewise. * call-info.cc: Likewise. * call-string.cc: Likewise. * call-summary.cc: Likewise. * checker-event.cc: Likewise. * checker-path.cc: Likewise. * complexity.cc: Likewise. * constraint-manager.cc: Likewise. * diagnostic-manager.cc: Likewise. * engine.cc: Likewise. * feasible-graph.cc: Likewise. * infinite-loop.cc: Likewise. * infinite-recursion.cc: Likewise. * kf-analyzer.cc: Likewise. * kf-lang-cp.cc: Likewise. * kf.cc: Likewise. * known-function-manager.cc: Likewise. * pending-diagnostic.cc: Likewise. * program-point.cc: Likewise. * program-state.cc: Likewise. * ranges.cc: Likewise. * record-layout.cc: Likewise. * region-model-asm.cc: Likewise. * region-model-manager.cc: Likewise. * region-model-reachability.cc: Likewise. * region-model.cc: Likewise. * region.cc: Likewise. * sm-fd.cc: Likewise. * sm-file.cc: Likewise. * sm-malloc.cc: Likewise. * sm-pattern-test.cc: Likewise. * sm-sensitive.cc: Likewise. * sm-signal.cc: Likewise. * sm-taint.cc: Likewise. * sm.cc: Likewise. * state-purge.cc: Likewise. * store.cc: Likewise. * supergraph.cc: Likewise. * svalue.cc: Likewise. * symbol.cc: Likewise. * trimmed-graph.cc: Likewise. * varargs.cc: Likewise. gcc/testsuite/ChangeLog: * gcc.dg/plugin/analyzer_cpython_plugin.cc: Update for renaming of analyzer/analyzer.h to analyzer/common.h. * gcc.dg/plugin/analyzer_gil_plugin.cc: Likewise. * gcc.dg/plugin/analyzer_kernel_plugin.cc: Likewise. * gcc.dg/plugin/analyzer_known_fns_plugin.cc: Likewise. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2025-03-14analyzer: Fix ICE in cmp_csts_same_type on RAW_DATA_CST [PR119278]Jakub Jelinek1-2/+15
The following testcase ICEs in cmp_csts_same_type because RAW_DATA_CST isn't handled there. As TREE_TYPE (cst1) in that case is INTEGER_TYPE, e.g. char/signed char/unsigned char, the type itself doesn't imply the size, so the length is compared first, followed by comparing the data. While at it, I've noticed STRING_CST handling is wrong, because STRING_CST can represent even string literals with embedded nul characters. We shouldn't stop at those, hence memcmp. While for STRING_CST TREE_TYPE should likely already imply the length and so same type should imply same TREE_STRING_LENGTH, I've repeated the comparisons in there just in case. 2025-03-14 Jakub Jelinek <jakub@redhat.com> PR analyzer/119278 * svalue.cc (cmp_csts_same_type): For STRING_CST, compare TREE_STRING_LENGTH first just in case and use memcmp rather than strcmp. Handle RAW_DATA_CST. * c-c++-common/analyzer/pr119278.c: New test.
2025-01-02Update copyright years.Jakub Jelinek1-1/+1
2024-11-22build: Remove INCLUDE_MEMORY [PR117737]Andrew Pinski1-1/+0
Since diagnostic.h is included in over half of the sources, requiring to `#define INCLUDE_MEMORY` does not make sense. Instead lets unconditionally include memory in system.h. The majority of this patch is just removing `#define INCLUDE_MEMORY` from the sources which currently have it. This should also fix the mingw build issue but I have not tried it. Bootstrapped and tested on x86_64-linux-gnu. PR bootstrap/117737 gcc/ada/ChangeLog: * gcc-interface/misc.cc (INCLUDE_MEMORY): Remove. * gcc-interface/trans.cc (INCLUDE_MEMORY): Remove. * gcc-interface/utils.cc (INCLUDE_MEMORY): Remove. gcc/analyzer/ChangeLog: * access-diagram.cc (INCLUDE_MEMORY): Remove. * analysis-plan.cc (INCLUDE_MEMORY): Remove. * analyzer-language.cc (INCLUDE_MEMORY): Remove. * analyzer-logging.cc (INCLUDE_MEMORY): Remove. * analyzer-pass.cc (INCLUDE_MEMORY): Remove. * analyzer-selftests.cc (INCLUDE_MEMORY): Remove. * analyzer.cc (INCLUDE_MEMORY): Remove. * bar-chart.cc (INCLUDE_MEMORY): Remove. * bounds-checking.cc (INCLUDE_MEMORY): Remove. * call-details.cc (INCLUDE_MEMORY): Remove. * call-info.cc (INCLUDE_MEMORY): Remove. * call-string.cc (INCLUDE_MEMORY): Remove. * call-summary.cc (INCLUDE_MEMORY): Remove. * checker-event.cc (INCLUDE_MEMORY): Remove. * checker-path.cc (INCLUDE_MEMORY): Remove. * complexity.cc (INCLUDE_MEMORY): Remove. * constraint-manager.cc (INCLUDE_MEMORY): Remove. * diagnostic-manager.cc (INCLUDE_MEMORY): Remove. * engine.cc (INCLUDE_MEMORY): Remove. * feasible-graph.cc (INCLUDE_MEMORY): Remove. * infinite-loop.cc (INCLUDE_MEMORY): Remove. * infinite-recursion.cc (INCLUDE_MEMORY): Remove. * kf-analyzer.cc (INCLUDE_MEMORY): Remove. * kf-lang-cp.cc (INCLUDE_MEMORY): Remove. * kf.cc (INCLUDE_MEMORY): Remove. * known-function-manager.cc (INCLUDE_MEMORY): Remove. * pending-diagnostic.cc (INCLUDE_MEMORY): Remove. * program-point.cc (INCLUDE_MEMORY): Remove. * program-state.cc (INCLUDE_MEMORY): Remove. * ranges.cc (INCLUDE_MEMORY): Remove. * record-layout.cc (INCLUDE_MEMORY): Remove. * region-model-asm.cc (INCLUDE_MEMORY): Remove. * region-model-manager.cc (INCLUDE_MEMORY): Remove. * region-model-reachability.cc (INCLUDE_MEMORY): Remove. * region-model.cc (INCLUDE_MEMORY): Remove. * region.cc (INCLUDE_MEMORY): Remove. * sm-fd.cc (INCLUDE_MEMORY): Remove. * sm-file.cc (INCLUDE_MEMORY): Remove. * sm-malloc.cc (INCLUDE_MEMORY): Remove. * sm-pattern-test.cc (INCLUDE_MEMORY): Remove. * sm-sensitive.cc (INCLUDE_MEMORY): Remove. * sm-signal.cc (INCLUDE_MEMORY): Remove. * sm-taint.cc (INCLUDE_MEMORY): Remove. * sm.cc (INCLUDE_MEMORY): Remove. * state-purge.cc (INCLUDE_MEMORY): Remove. * store.cc (INCLUDE_MEMORY): Remove. * supergraph.cc (INCLUDE_MEMORY): Remove. * svalue.cc (INCLUDE_MEMORY): Remove. * symbol.cc (INCLUDE_MEMORY): Remove. * trimmed-graph.cc (INCLUDE_MEMORY): Remove. * varargs.cc (INCLUDE_MEMORY): Remove. gcc/ChangeLog: * asan.cc (INCLUDE_MEMORY): Remove. * attribs.cc (INCLUDE_MEMORY): Remove. * auto-profile.cc (INCLUDE_MEMORY): Remove. * calls.cc (INCLUDE_MEMORY): Remove. * cfganal.cc (INCLUDE_MEMORY): Remove. * cfgexpand.cc (INCLUDE_MEMORY): Remove. * cfghooks.cc (INCLUDE_MEMORY): Remove. * cfgloop.cc (INCLUDE_MEMORY): Remove. * cgraph.cc (INCLUDE_MEMORY): Remove. * cgraphclones.cc (INCLUDE_MEMORY): Remove. * cgraphunit.cc (INCLUDE_MEMORY): Remove. * collect-utils.cc (INCLUDE_MEMORY): Remove. * collect2.cc (INCLUDE_MEMORY): Remove. * common/config/aarch64/aarch64-common.cc (INCLUDE_MEMORY): Remove. * common/config/arm/arm-common.cc (INCLUDE_MEMORY): Remove. * common/config/avr/avr-common.cc (INCLUDE_MEMORY): Remove. * config/aarch64/aarch64-cc-fusion.cc (INCLUDE_MEMORY): Remove. * config/aarch64/aarch64-early-ra.cc (INCLUDE_MEMORY): Remove. * config/aarch64/aarch64-sve-builtins.cc (INCLUDE_MEMORY): Remove. * config/aarch64/aarch64.cc (INCLUDE_MEMORY): Remove. * config/arc/arc.cc (INCLUDE_MEMORY): Remove. * config/arm/aarch-common.cc (INCLUDE_MEMORY) Remove.: * config/arm/arm-mve-builtins.cc (INCLUDE_MEMORY): Remove. * config/arm/arm.cc (INCLUDE_MEMORY): Remove. * config/avr/avr-devices.cc (INCLUDE_MEMORY): Remove. * config/avr/driver-avr.cc (INCLUDE_MEMORY): Remove. * config/bpf/bpf.cc (INCLUDE_MEMORY): Remove. * config/bpf/btfext-out.cc (INCLUDE_MEMORY): Remove. * config/bpf/core-builtins.cc (INCLUDE_MEMORY): Remove. * config/darwin.cc (INCLUDE_MEMORY): Remove. * config/gcn/mkoffload.cc (INCLUDE_MEMORY): Remove. * config/i386/driver-i386.cc (INCLUDE_MEMORY): Remove. * config/i386/i386-builtins.cc (INCLUDE_MEMORY): Remove. * config/i386/i386-expand.cc (INCLUDE_MEMORY): Remove. * config/i386/i386-features.cc (INCLUDE_MEMORY): Remove. * config/i386/i386-options.cc (INCLUDE_MEMORY): Remove. * config/i386/i386.cc (INCLUDE_MEMORY): Remove. * config/loongarch/loongarch-builtins.cc (INCLUDE_MEMORY): Remove. * config/loongarch/loongarch.cc (INCLUDE_MEMORY): Remove. * config/mingw/winnt-cxx.cc (INCLUDE_MEMORY): Remove. * config/mingw/winnt.cc (INCLUDE_MEMORY): Remove. * config/mips/mips.cc (INCLUDE_MEMORY): Remove. * config/msp430/driver-msp430.cc (INCLUDE_MEMORY): Remove. * config/nvptx/mkoffload.cc (INCLUDE_MEMORY): Remove. * config/nvptx/nvptx.cc (INCLUDE_MEMORY): Remove. * config/riscv/riscv-avlprop.cc (INCLUDE_MEMORY): Remove. * config/riscv/riscv-target-attr.cc (INCLUDE_MEMORY): Remove. * config/riscv/riscv-vector-builtins.cc (INCLUDE_MEMORY): Remove. * config/riscv/riscv-vector-costs.cc (INCLUDE_MEMORY): Remove. * config/riscv/riscv-vsetvl.cc (INCLUDE_MEMORY): Remove. * config/riscv/riscv.cc (INCLUDE_MEMORY): Remove. * config/rs6000/driver-rs6000.cc (INCLUDE_MEMORY): Remove. * config/rs6000/host-darwin.cc (INCLUDE_MEMORY): Remove. * config/rs6000/rs6000-c.cc (INCLUDE_MEMORY): Remove. * config/rs6000/rs6000.cc (INCLUDE_MEMORY): Remove. * config/s390/s390-c.cc (INCLUDE_MEMORY): Remove. * config/s390/s390.cc (INCLUDE_MEMORY): Remove. * config/sol2-cxx.cc (INCLUDE_MEMORY): Remove. * config/vms/vms-c.cc (INCLUDE_MEMORY): Remove. * config/xtensa/xtensa-dynconfig.cc (INCLUDE_MEMORY): Remove. * coroutine-passes.cc (INCLUDE_MEMORY): Remove. * coverage.cc (INCLUDE_MEMORY): Remove. * data-streamer-in.cc (INCLUDE_MEMORY): Remove. * data-streamer-out.cc (INCLUDE_MEMORY): Remove. * data-streamer.cc (INCLUDE_MEMORY): Remove. * diagnostic-format-json.cc (INCLUDE_MEMORY): Remove. * diagnostic-format-sarif.cc (INCLUDE_MEMORY): Remove. * diagnostic-format-text.cc (INCLUDE_MEMORY): Remove. * diagnostic-global-context.cc (INCLUDE_MEMORY): Remove. * diagnostic-macro-unwinding.cc (INCLUDE_MEMORY): Remove. * diagnostic-path.cc (INCLUDE_MEMORY): Remove. * diagnostic-show-locus.cc (INCLUDE_MEMORY): Remove. * diagnostic-spec.cc (INCLUDE_MEMORY): Remove. * diagnostic.cc (INCLUDE_MEMORY): Remove. * diagnostic.h: Remove check for INCLUDE_MEMORY. * digraph.cc (INCLUDE_MEMORY): Remove. * dumpfile.cc (INCLUDE_MEMORY): Remove. * dwarf2out.cc (INCLUDE_MEMORY): Remove. * edit-context.cc (INCLUDE_MEMORY): Remove. * except.cc (INCLUDE_MEMORY): Remove. * expr.cc (INCLUDE_MEMORY): Remove. * file-prefix-map.cc (INCLUDE_MEMORY): Remove. * final.cc (INCLUDE_MEMORY): Remove. * fwprop.cc (INCLUDE_MEMORY): Remove. * gcc-plugin.h (INCLUDE_MEMORY): Remove. * gcc-rich-location.cc (INCLUDE_MEMORY): Remove. * gcc-urlifier.cc (INCLUDE_MEMORY): Remove. * gcc.cc (INCLUDE_MEMORY): Remove. * gcov-dump.cc (INCLUDE_MEMORY): Remove. * gcov-tool.cc (INCLUDE_MEMORY): Remove. * gcov.cc (INCLUDE_MEMORY): Remove. * gengtype.cc (open_base_files): Don't print `#define INCLUDE_MEMORY`. * genmatch.cc (INCLUDE_MEMORY): Remove. * gimple-fold.cc (INCLUDE_MEMORY): Remove. * gimple-harden-conditionals.cc (INCLUDE_MEMORY): Remove. * gimple-harden-control-flow.cc (INCLUDE_MEMORY): Remove. * gimple-if-to-switch.cc (INCLUDE_MEMORY): Remove. * gimple-loop-interchange.cc (INCLUDE_MEMORY): Remove. * gimple-loop-jam.cc (INCLUDE_MEMORY): Remove. * gimple-loop-versioning.cc (INCLUDE_MEMORY): Remove. * gimple-lower-bitint.cc (INCLUDE_MEMORY): Remove. * gimple-predicate-analysis.cc (INCLUDE_MEMORY): Remove. * gimple-pretty-print.cc (INCLUDE_MEMORY): Remove. * gimple-range-cache.cc (INCLUDE_MEMORY): Remove. * gimple-range-edge.cc (INCLUDE_MEMORY): Remove. * gimple-range-fold.cc (INCLUDE_MEMORY): Remove. * gimple-range-gori.cc (INCLUDE_MEMORY): Remove. * gimple-range-infer.cc (INCLUDE_MEMORY): Remove. * gimple-range-op.cc (INCLUDE_MEMORY): Remove. * gimple-range-path.cc (INCLUDE_MEMORY): Remove. * gimple-range-phi.cc (INCLUDE_MEMORY): Remove. * gimple-range-trace.cc (INCLUDE_MEMORY): Remove. * gimple-range.cc (INCLUDE_MEMORY): Remove. * gimple-ssa-backprop.cc (INCLUDE_MEMORY): Remove. * gimple-ssa-sprintf.cc (INCLUDE_MEMORY): Remove. * gimple-ssa-store-merging.cc (INCLUDE_MEMORY): Remove. * gimple-ssa-strength-reduction.cc (INCLUDE_MEMORY): Remove. * gimple-ssa-warn-access.cc (INCLUDE_MEMORY): Remove. * gimple-ssa-warn-alloca.cc (INCLUDE_MEMORY): Remove. * gimple-ssa-warn-restrict.cc (INCLUDE_MEMORY): Remove. * gimple-streamer-in.cc (INCLUDE_MEMORY): Remove. * gimple-streamer-out.cc (INCLUDE_MEMORY): Remove. * gimple.cc (INCLUDE_MEMORY): Remove. * gimplify.cc (INCLUDE_MEMORY): Remove. * graph.cc (INCLUDE_MEMORY): Remove. * graphite-dependences.cc (INCLUDE_MEMORY): Remove. * graphite-isl-ast-to-gimple.cc (INCLUDE_MEMORY): Remove. * graphite-optimize-isl.cc (INCLUDE_MEMORY): Remove. * graphite-poly.cc (INCLUDE_MEMORY): Remove. * graphite-scop-detection.cc (INCLUDE_MEMORY): Remove. * graphite-sese-to-poly.cc (INCLUDE_MEMORY): Remove. * graphite.cc (INCLUDE_MEMORY): Remove. * graphviz.cc (INCLUDE_MEMORY): Remove. * input.cc (INCLUDE_MEMORY): Remove. * ipa-cp.cc (INCLUDE_MEMORY): Remove. * ipa-devirt.cc (INCLUDE_MEMORY): Remove. * ipa-fnsummary.cc (INCLUDE_MEMORY): Remove. * ipa-free-lang-data.cc (INCLUDE_MEMORY): Remove. * ipa-icf-gimple.cc (INCLUDE_MEMORY): Remove. * ipa-icf.cc (INCLUDE_MEMORY): Remove. * ipa-inline-analysis.cc (INCLUDE_MEMORY): Remove. * ipa-inline.cc (INCLUDE_MEMORY): Remove. * ipa-modref-tree.cc (INCLUDE_MEMORY): Remove. * ipa-modref.cc (INCLUDE_MEMORY): Remove. * ipa-param-manipulation.cc (INCLUDE_MEMORY): Remove. * ipa-polymorphic-call.cc (INCLUDE_MEMORY): Remove. * ipa-predicate.cc (INCLUDE_MEMORY): Remove. * ipa-profile.cc (INCLUDE_MEMORY): Remove. * ipa-prop.cc (INCLUDE_MEMORY): Remove. * ipa-pure-const.cc (INCLUDE_MEMORY): Remove. * ipa-reference.cc (INCLUDE_MEMORY): Remove. * ipa-split.cc (INCLUDE_MEMORY): Remove. * ipa-sra.cc (INCLUDE_MEMORY): Remove. * ipa-strub.cc (INCLUDE_MEMORY): Remove. * ipa-utils.cc (INCLUDE_MEMORY): Remove. * json-parsing.cc (INCLUDE_MEMORY): Remove. * json.cc (INCLUDE_MEMORY): Remove. * json.h: Don't check INCLUDE_MEMORY. * langhooks.cc (INCLUDE_MEMORY): Remove. * late-combine.cc (INCLUDE_MEMORY): Remove. * lazy-diagnostic-path.cc (INCLUDE_MEMORY): Remove. * libdiagnostics.cc (INCLUDE_MEMORY): Remove. * libsarifreplay.cc (INCLUDE_MEMORY): Remove. * lto-cgraph.cc (INCLUDE_MEMORY): Remove. * lto-compress.cc (INCLUDE_MEMORY): Remove. * lto-opts.cc (INCLUDE_MEMORY): Remove. * lto-section-in.cc (INCLUDE_MEMORY): Remove. * lto-section-out.cc (INCLUDE_MEMORY): Remove. * lto-streamer-in.cc (INCLUDE_MEMORY): Remove. * lto-streamer-out.cc (INCLUDE_MEMORY): Remove. * lto-streamer.cc (INCLUDE_MEMORY): Remove. * lto-wrapper.cc (INCLUDE_MEMORY): Remove. * make-unique.h (GCC_MAKE_UNIQUE): Remove. * multiple_target.cc (INCLUDE_MEMORY): Remove. * omp-expand.cc (INCLUDE_MEMORY): Remove. * omp-general.cc (INCLUDE_MEMORY): Remove. * omp-low.cc (INCLUDE_MEMORY): Remove. * omp-oacc-neuter-broadcast.cc (INCLUDE_MEMORY): Remove. * omp-offload.cc (INCLUDE_MEMORY): Remove. * omp-simd-clone.cc (INCLUDE_MEMORY): Remove. * opt-problem.cc (INCLUDE_MEMORY): Remove. * optinfo-emit-json.cc (INCLUDE_MEMORY): Remove. * optinfo.cc (INCLUDE_MEMORY): Remove. * optinfo.h: Don't check INCLUDE_MEMORY. * opts-common.cc (INCLUDE_MEMORY): Remove. * opts-diagnostic.cc (INCLUDE_MEMORY): Remove. * opts-global.cc (INCLUDE_MEMORY): Remove. * opts.cc (INCLUDE_MEMORY): Remove. * pair-fusion.cc (INCLUDE_MEMORY): Remove. * passes.cc (INCLUDE_MEMORY): Remove. * pointer-query.cc (INCLUDE_MEMORY): Remove. * predict.cc (INCLUDE_MEMORY): Remove. * pretty-print.cc (INCLUDE_MEMORY): Remove. * pretty-print.h: Don't check INCLUDE_MEMORY. * print-rtl.cc (INCLUDE_MEMORY): Remove. * print-tree.cc (INCLUDE_MEMORY): Remove. * profile-count.cc (INCLUDE_MEMORY): Remove. * range-op-float.cc (INCLUDE_MEMORY): Remove. * range-op-ptr.cc (INCLUDE_MEMORY): Remove. * range-op.cc (INCLUDE_MEMORY): Remove. * range.cc (INCLUDE_MEMORY): Remove. * read-rtl-function.cc (INCLUDE_MEMORY): Remove. * rtl-error.cc (INCLUDE_MEMORY): Remove. * rtl-ssa/accesses.cc (INCLUDE_MEMORY): Remove. * rtl-ssa/blocks.cc (INCLUDE_MEMORY): Remove. * rtl-ssa/changes.cc (INCLUDE_MEMORY): Remove. * rtl-ssa/functions.cc (INCLUDE_MEMORY): Remove. * rtl-ssa/insns.cc (INCLUDE_MEMORY): Remove. * rtl-ssa/movement.cc (INCLUDE_MEMORY): Remove. * rtl-tests.cc (INCLUDE_MEMORY): Remove. * sanopt.cc (INCLUDE_MEMORY): Remove. * sched-rgn.cc (INCLUDE_MEMORY): Remove. * selftest-diagnostic-path.cc (INCLUDE_MEMORY): Remove. * selftest-diagnostic.cc (INCLUDE_MEMORY): Remove. * selftest-json.cc (INCLUDE_MEMORY): Remove. * sese.cc (INCLUDE_MEMORY): Remove. * simple-diagnostic-path.cc (INCLUDE_MEMORY): Remove. * splay-tree-utils.cc (INCLUDE_MEMORY): Remove. * sreal.cc (INCLUDE_MEMORY): Remove. * stmt.cc (INCLUDE_MEMORY): Remove. * substring-locations.cc (INCLUDE_MEMORY): Remove. * symtab-clones.cc (INCLUDE_MEMORY): Remove. * symtab-thunks.cc (INCLUDE_MEMORY): Remove. * symtab.cc (INCLUDE_MEMORY): Remove. * system.h: Include memory unconditionally for C++. Also remove support for INCLUDE_MEMORY. * targhooks.cc (INCLUDE_MEMORY): Remove. * text-art/box-drawing.cc (INCLUDE_MEMORY): Remove. * text-art/canvas.cc (INCLUDE_MEMORY): Remove. * text-art/ruler.cc (INCLUDE_MEMORY): Remove. * text-art/selftests.cc (INCLUDE_MEMORY): Remove. * text-art/style.cc (INCLUDE_MEMORY): Remove. * text-art/styled-string.cc (INCLUDE_MEMORY): Remove. * text-art/table.cc (INCLUDE_MEMORY): Remove. * text-art/theme.cc (INCLUDE_MEMORY): Remove. * text-art/tree-widget.cc (INCLUDE_MEMORY): Remove. * text-art/widget.cc (INCLUDE_MEMORY): Remove. * timevar.cc (INCLUDE_MEMORY): Remove. * toplev.cc (INCLUDE_MEMORY): Remove. * trans-mem.cc (INCLUDE_MEMORY): Remove. * tree-affine.cc (INCLUDE_MEMORY): Remove. * tree-assume.cc (INCLUDE_MEMORY): Remove. * tree-call-cdce.cc (INCLUDE_MEMORY): Remove. * tree-cfg.cc (INCLUDE_MEMORY): Remove. * tree-chrec.cc (INCLUDE_MEMORY): Remove. * tree-data-ref.cc (INCLUDE_MEMORY): Remove. * tree-dfa.cc (INCLUDE_MEMORY): Remove. * tree-diagnostic-client-data-hooks.cc (INCLUDE_MEMORY): Remove. * tree-diagnostic.cc (INCLUDE_MEMORY): Remove. * tree-dump.cc (INCLUDE_MEMORY): Remove. * tree-if-conv.cc (INCLUDE_MEMORY): Remove. * tree-inline.cc (INCLUDE_MEMORY): Remove. * tree-into-ssa.cc (INCLUDE_MEMORY): Remove. * tree-logical-location.cc (INCLUDE_MEMORY): Remove. * tree-loop-distribution.cc (INCLUDE_MEMORY): Remove. * tree-nested.cc (INCLUDE_MEMORY): Remove. * tree-nrv.cc (INCLUDE_MEMORY): Remove. * tree-object-size.cc (INCLUDE_MEMORY): Remove. * tree-outof-ssa.cc (INCLUDE_MEMORY): Remove. * tree-parloops.cc (INCLUDE_MEMORY): Remove. * tree-predcom.cc (INCLUDE_MEMORY): Remove. * tree-pretty-print.cc (INCLUDE_MEMORY): Remove. * tree-profile.cc (INCLUDE_MEMORY): Remove. * tree-scalar-evolution.cc (INCLUDE_MEMORY): Remove. * tree-sra.cc (INCLUDE_MEMORY): Remove. * tree-ssa-address.cc (INCLUDE_MEMORY): Remove. * tree-ssa-alias.cc (INCLUDE_MEMORY): Remove. * tree-ssa-ccp.cc (INCLUDE_MEMORY): Remove. * tree-ssa-coalesce.cc (INCLUDE_MEMORY): Remove. * tree-ssa-copy.cc (INCLUDE_MEMORY): Remove. * tree-ssa-dce.cc (INCLUDE_MEMORY): Remove. * tree-ssa-dom.cc (INCLUDE_MEMORY): Remove. * tree-ssa-dse.cc (INCLUDE_MEMORY): Remove. * tree-ssa-forwprop.cc (INCLUDE_MEMORY): Remove. * tree-ssa-ifcombine.cc (INCLUDE_MEMORY): Remove. * tree-ssa-live.cc (INCLUDE_MEMORY): Remove. * tree-ssa-loop-ch.cc (INCLUDE_MEMORY): Remove. * tree-ssa-loop-im.cc (INCLUDE_MEMORY): Remove. * tree-ssa-loop-ivcanon.cc (INCLUDE_MEMORY): Remove. * tree-ssa-loop-ivopts.cc (INCLUDE_MEMORY): Remove. * tree-ssa-loop-manip.cc (INCLUDE_MEMORY): Remove. * tree-ssa-loop-niter.cc (INCLUDE_MEMORY): Remove. * tree-ssa-loop-prefetch.cc (INCLUDE_MEMORY): Remove. * tree-ssa-loop-split.cc (INCLUDE_MEMORY): Remove. * tree-ssa-loop-unswitch.cc (INCLUDE_MEMORY): Remove. * tree-ssa-math-opts.cc (INCLUDE_MEMORY): Remove. * tree-ssa-operands.cc (INCLUDE_MEMORY): Remove. * tree-ssa-phiopt.cc (INCLUDE_MEMORY): Remove. * tree-ssa-phiprop.cc (INCLUDE_MEMORY): Remove. * tree-ssa-pre.cc (INCLUDE_MEMORY): Remove. * tree-ssa-propagate.cc (INCLUDE_MEMORY): Remove. * tree-ssa-reassoc.cc (INCLUDE_MEMORY): Remove. * tree-ssa-sccvn.cc (INCLUDE_MEMORY): Remove. * tree-ssa-scopedtables.cc (INCLUDE_MEMORY): Remove. * tree-ssa-sink.cc (INCLUDE_MEMORY): Remove. * tree-ssa-strlen.cc (INCLUDE_MEMORY): Remove. * tree-ssa-structalias.cc (INCLUDE_MEMORY): Remove. * tree-ssa-ter.cc (INCLUDE_MEMORY): Remove. * tree-ssa-threadbackward.cc (INCLUDE_MEMORY): Remove. * tree-ssa-threadupdate.cc (INCLUDE_MEMORY): Remove. * tree-ssa-uninit.cc (INCLUDE_MEMORY): Remove. * tree-ssa.cc (INCLUDE_MEMORY): Remove. * tree-ssanames.cc (INCLUDE_MEMORY): Remove. * tree-stdarg.cc (INCLUDE_MEMORY): Remove. * tree-streamer-in.cc (INCLUDE_MEMORY): Remove. * tree-streamer-out.cc (INCLUDE_MEMORY): Remove. * tree-streamer.cc (INCLUDE_MEMORY): Remove. * tree-switch-conversion.cc (INCLUDE_MEMORY): Remove. * tree-tailcall.cc (INCLUDE_MEMORY): Remove. * tree-vect-data-refs.cc (INCLUDE_MEMORY): Remove. * tree-vect-generic.cc (INCLUDE_MEMORY): Remove. * tree-vect-loop-manip.cc (INCLUDE_MEMORY): Remove. * tree-vect-loop.cc (INCLUDE_MEMORY): Remove. * tree-vect-patterns.cc (INCLUDE_MEMORY): Remove. * tree-vect-slp-patterns.cc (INCLUDE_MEMORY): Remove. * tree-vect-slp.cc (INCLUDE_MEMORY): Remove. * tree-vect-stmts.cc (INCLUDE_MEMORY): Remove. * tree-vectorizer.cc (INCLUDE_MEMORY): Remove. * tree-vrp.cc (INCLUDE_MEMORY): Remove. * tree.cc (INCLUDE_MEMORY): Remove. * ubsan.cc (INCLUDE_MEMORY): Remove. * value-pointer-equiv.cc (INCLUDE_MEMORY): Remove. * value-prof.cc (INCLUDE_MEMORY): Remove. * value-query.cc (INCLUDE_MEMORY): Remove. * value-range-pretty-print.cc (INCLUDE_MEMORY): Remove. * value-range-storage.cc (INCLUDE_MEMORY): Remove. * value-range.cc (INCLUDE_MEMORY): Remove. * value-relation.cc (INCLUDE_MEMORY): Remove. * var-tracking.cc (INCLUDE_MEMORY): Remove. * varpool.cc (INCLUDE_MEMORY): Remove. * vr-values.cc (INCLUDE_MEMORY): Remove. * wide-int-print.cc (INCLUDE_MEMORY): Remove. gcc/c-family/ChangeLog: * c-ada-spec.cc (INCLUDE_MEMORY): Remove. * c-attribs.cc (INCLUDE_MEMORY): Remove. * c-common.cc (INCLUDE_MEMORY): Remove. * c-format.cc (INCLUDE_MEMORY): Remove. * c-gimplify.cc (INCLUDE_MEMORY): Remove. * c-indentation.cc (INCLUDE_MEMORY): Remove. * c-opts.cc (INCLUDE_MEMORY): Remove. * c-pch.cc (INCLUDE_MEMORY): Remove. * c-pragma.cc (INCLUDE_MEMORY): Remove. * c-pretty-print.cc (INCLUDE_MEMORY): Remove. * c-type-mismatch.cc (INCLUDE_MEMORY): Remove. * c-warn.cc (INCLUDE_MEMORY): Remove. * known-headers.cc (INCLUDE_MEMORY): Remove. * name-hint.h: Remove check of INCLUDE_MEMORY. gcc/c/ChangeLog: * c-aux-info.cc (INCLUDE_MEMORY): Remove. * c-convert.cc (INCLUDE_MEMORY): Remove. * c-decl.cc (INCLUDE_MEMORY): Remove. * c-errors.cc (INCLUDE_MEMORY): Remove. * c-fold.cc (INCLUDE_MEMORY): Remove. * c-lang.cc (INCLUDE_MEMORY): Remove. * c-objc-common.cc (INCLUDE_MEMORY): Remove. * c-parser.cc (INCLUDE_MEMORY): Remove. * c-typeck.cc (INCLUDE_MEMORY): Remove. * gimple-parser.cc (INCLUDE_MEMORY): Remove. gcc/cp/ChangeLog: * call.cc (INCLUDE_MEMORY): Remove. * class.cc (INCLUDE_MEMORY): Remove. * constexpr.cc (INCLUDE_MEMORY): Remove. * constraint.cc (INCLUDE_MEMORY): Remove. * contracts.cc (INCLUDE_MEMORY): Remove. * coroutines.cc (INCLUDE_MEMORY): Remove. * cp-gimplify.cc (INCLUDE_MEMORY): Remove. * cp-lang.cc (INCLUDE_MEMORY): Remove. * cp-objcp-common.cc (INCLUDE_MEMORY): Remove. * cp-ubsan.cc (INCLUDE_MEMORY): Remove. * cvt.cc (INCLUDE_MEMORY): Remove. * cxx-pretty-print.cc (INCLUDE_MEMORY): Remove. * decl.cc (INCLUDE_MEMORY): Remove. * decl2.cc (INCLUDE_MEMORY): Remove. * dump.cc (INCLUDE_MEMORY): Remove. * error.cc (INCLUDE_MEMORY): Remove. * except.cc (INCLUDE_MEMORY): Remove. * expr.cc (INCLUDE_MEMORY): Remove. * friend.cc (INCLUDE_MEMORY): Remove. * init.cc (INCLUDE_MEMORY): Remove. * lambda.cc (INCLUDE_MEMORY): Remove. * lex.cc (INCLUDE_MEMORY): Remove. * logic.cc (INCLUDE_MEMORY): Remove. * mangle.cc (INCLUDE_MEMORY): Remove. * mapper-client.cc (INCLUDE_MEMORY): Remove. * mapper-resolver.cc (INCLUDE_MEMORY): Remove. * method.cc (INCLUDE_MEMORY): Remove. * module.cc (INCLUDE_MEMORY): Remove. * name-lookup.cc (INCLUDE_MEMORY): Remove. * optimize.cc (INCLUDE_MEMORY): Remove. * parser.cc (INCLUDE_MEMORY): Remove. * pt.cc (INCLUDE_MEMORY): Remove. * ptree.cc (INCLUDE_MEMORY): Remove. * rtti.cc (INCLUDE_MEMORY): Remove. * search.cc (INCLUDE_MEMORY): Remove. * semantics.cc (INCLUDE_MEMORY): Remove. * tree.cc (INCLUDE_MEMORY): Remove. * typeck.cc (INCLUDE_MEMORY): Remove. * typeck2.cc (INCLUDE_MEMORY): Remove. * vtable-class-hierarchy.cc (INCLUDE_MEMORY): Remove. gcc/d/ChangeLog: * d-attribs.cc (INCLUDE_MEMORY): Remove. * d-builtins.cc (INCLUDE_MEMORY): Remove. * d-codegen.cc (INCLUDE_MEMORY): Remove. * d-convert.cc (INCLUDE_MEMORY): Remove. * d-diagnostic.cc (INCLUDE_MEMORY): Remove. * d-frontend.cc (INCLUDE_MEMORY): Remove. * d-lang.cc (INCLUDE_MEMORY): Remove. * d-longdouble.cc (INCLUDE_MEMORY): Remove. * d-target.cc (INCLUDE_MEMORY): Remove. * decl.cc (INCLUDE_MEMORY): Remove. * expr.cc (INCLUDE_MEMORY): Remove. * intrinsics.cc (INCLUDE_MEMORY): Remove. * modules.cc (INCLUDE_MEMORY): Remove. * toir.cc (INCLUDE_MEMORY): Remove. * typeinfo.cc (INCLUDE_MEMORY): Remove. * types.cc (INCLUDE_MEMORY): Remove. gcc/fortran/ChangeLog: * arith.cc (INCLUDE_MEMORY): Remove. * array.cc (INCLUDE_MEMORY): Remove. * bbt.cc (INCLUDE_MEMORY): Remove. * check.cc (INCLUDE_MEMORY): Remove. * class.cc (INCLUDE_MEMORY): Remove. * constructor.cc (INCLUDE_MEMORY): Remove. * convert.cc (INCLUDE_MEMORY): Remove. * cpp.cc (INCLUDE_MEMORY): Remove. * data.cc (INCLUDE_MEMORY): Remove. * decl.cc (INCLUDE_MEMORY): Remove. * dependency.cc (INCLUDE_MEMORY): Remove. * dump-parse-tree.cc (INCLUDE_MEMORY): Remove. * error.cc (INCLUDE_MEMORY): Remove. * expr.cc (INCLUDE_MEMORY): Remove. * f95-lang.cc (INCLUDE_MEMORY): Remove. * frontend-passes.cc (INCLUDE_MEMORY): Remove. * interface.cc (INCLUDE_MEMORY): Remove. * intrinsic.cc (INCLUDE_MEMORY): Remove. * io.cc (INCLUDE_MEMORY): Remove. * iresolve.cc (INCLUDE_MEMORY): Remove. * match.cc (INCLUDE_MEMORY): Remove. * matchexp.cc (INCLUDE_MEMORY): Remove. * misc.cc (INCLUDE_MEMORY): Remove. * module.cc (INCLUDE_MEMORY): Remove. * openmp.cc (INCLUDE_MEMORY): Remove. * options.cc (INCLUDE_MEMORY): Remove. * parse.cc (INCLUDE_MEMORY): Remove. * primary.cc (INCLUDE_MEMORY): Remove. * resolve.cc (INCLUDE_MEMORY): Remove. * scanner.cc (INCLUDE_MEMORY): Remove. * simplify.cc (INCLUDE_MEMORY): Remove. * st.cc (INCLUDE_MEMORY): Remove. * symbol.cc (INCLUDE_MEMORY): Remove. * target-memory.cc (INCLUDE_MEMORY): Remove. * trans-array.cc (INCLUDE_MEMORY): Remove. * trans-common.cc (INCLUDE_MEMORY): Remove. * trans-const.cc (INCLUDE_MEMORY): Remove. * trans-decl.cc (INCLUDE_MEMORY): Remove. * trans-expr.cc (INCLUDE_MEMORY): Remove. * trans-intrinsic.cc (INCLUDE_MEMORY): Remove. * trans-io.cc (INCLUDE_MEMORY): Remove. * trans-openmp.cc (INCLUDE_MEMORY): Remove. * trans-stmt.cc (INCLUDE_MEMORY): Remove. * trans-types.cc (INCLUDE_MEMORY): Remove. * trans.cc (INCLUDE_MEMORY): Remove. gcc/go/ChangeLog: * go-backend.cc (INCLUDE_MEMORY): Remove. * go-lang.cc (INCLUDE_MEMORY): Remove. gcc/jit/ChangeLog: * dummy-frontend.cc (INCLUDE_MEMORY): Remove. * jit-playback.cc (INCLUDE_MEMORY): Remove. * jit-recording.cc (INCLUDE_MEMORY): Remove. gcc/lto/ChangeLog: * lto-common.cc (INCLUDE_MEMORY): Remove. * lto-dump.cc (INCLUDE_MEMORY): Remove. * lto-partition.cc (INCLUDE_MEMORY): Remove. * lto-symtab.cc (INCLUDE_MEMORY): Remove. * lto.cc (INCLUDE_MEMORY): Remove. gcc/m2/ChangeLog: * gm2-gcc/gcc-consolidation.h (INCLUDE_MEMORY): Remove. * gm2-gcc/m2configure.cc (INCLUDE_MEMORY): Remove. * mc-boot/GASCII.cc (INCLUDE_MEMORY): Remove. * mc-boot/GASCII.h (INCLUDE_MEMORY): Remove. * mc-boot/GArgs.cc (INCLUDE_MEMORY): Remove. * mc-boot/GArgs.h (INCLUDE_MEMORY): Remove. * mc-boot/GAssertion.cc (INCLUDE_MEMORY): Remove. * mc-boot/GAssertion.h (INCLUDE_MEMORY): Remove. * mc-boot/GBreak.cc (INCLUDE_MEMORY): Remove. * mc-boot/GBreak.h (INCLUDE_MEMORY): Remove. * mc-boot/GCOROUTINES.h (INCLUDE_MEMORY): Remove. * mc-boot/GCmdArgs.cc (INCLUDE_MEMORY): Remove. * mc-boot/GCmdArgs.h (INCLUDE_MEMORY): Remove. * mc-boot/GDebug.cc (INCLUDE_MEMORY): Remove. * mc-boot/GDebug.h (INCLUDE_MEMORY): Remove. Remove. * mc-boot/GDynamicStrings.cc (INCLUDE_MEMORY): Remove. * mc-boot/GDynamicStrings.h (INCLUDE_MEMORY): Remove. * mc-boot/GEnvironment.cc (INCLUDE_MEMORY): Remove. * mc-boot/GEnvironment.h (INCLUDE_MEMORY): Remove. * mc-boot/GFIO.cc (INCLUDE_MEMORY): Remove. * mc-boot/GFIO.h (INCLUDE_MEMORY): Remove. * mc-boot/GFormatStrings.cc (INCLUDE_MEMORY): Remove. * mc-boot/GFormatStrings.h (INCLUDE_MEMORY): Remove. * mc-boot/GFpuIO.cc (INCLUDE_MEMORY): Remove. * mc-boot/GFpuIO.h (INCLUDE_MEMORY): Remove. * mc-boot/GIO.cc (INCLUDE_MEMORY): Remove. * mc-boot/GIO.h (INCLUDE_MEMORY): Remove. * mc-boot/GIndexing.cc (INCLUDE_MEMORY): Remove. * mc-boot/GIndexing.h (INCLUDE_MEMORY): Remove. * mc-boot/GM2Dependent.cc (INCLUDE_MEMORY): Remove. * mc-boot/GM2Dependent.h (INCLUDE_MEMORY): Remove. * mc-boot/GM2EXCEPTION.cc (INCLUDE_MEMORY): Remove. * mc-boot/GM2EXCEPTION.h (INCLUDE_MEMORY): Remove. * mc-boot/GM2RTS.cc (INCLUDE_MEMORY): Remove. * mc-boot/GM2RTS.h (INCLUDE_MEMORY): Remove. Remove. * mc-boot/GMemUtils.cc (INCLUDE_MEMORY): Remove. * mc-boot/GMemUtils.h (INCLUDE_MEMORY): Remove. * mc-boot/GNumberIO.cc (INCLUDE_MEMORY): Remove. * mc-boot/GNumberIO.h (INCLUDE_MEMORY): Remove. * mc-boot/GPushBackInput.cc (INCLUDE_MEMORY): Remove. * mc-boot/GPushBackInput.h (INCLUDE_MEMORY): Remove. * mc-boot/GRTExceptions.cc (INCLUDE_MEMORY): Remove. * mc-boot/GRTExceptions.h (INCLUDE_MEMORY): Remove. * mc-boot/GRTco.h (INCLUDE_MEMORY): Remove. * mc-boot/GRTentity.h (INCLUDE_MEMORY): Remove. * mc-boot/GRTint.cc (INCLUDE_MEMORY): Remove. * mc-boot/GRTint.h (INCLUDE_MEMORY): Remove. * mc-boot/GSArgs.cc (INCLUDE_MEMORY): Remove. * mc-boot/GSArgs.h (INCLUDE_MEMORY): Remove. * mc-boot/GSFIO.cc (INCLUDE_MEMORY): Remove. * mc-boot/GSFIO.h (INCLUDE_MEMORY): Remove. * mc-boot/GSYSTEM.h (INCLUDE_MEMORY): Remove. * mc-boot/GSelective.h (INCLUDE_MEMORY): Remove. * mc-boot/GStdIO.cc (INCLUDE_MEMORY): Remove. * mc-boot/GStdIO.h (INCLUDE_MEMORY): Remove. * mc-boot/GStorage.cc (INCLUDE_MEMORY): Remove. * mc-boot/GStorage.h (INCLUDE_MEMORY): Remove. * mc-boot/GStrCase.cc (INCLUDE_MEMORY): Remove. * mc-boot/GStrCase.h (INCLUDE_MEMORY): Remove. * mc-boot/GStrIO.cc (INCLUDE_MEMORY): Remove. * mc-boot/GStrIO.h (INCLUDE_MEMORY): Remove. * mc-boot/GStrLib.cc (INCLUDE_MEMORY): Remove. * mc-boot/GStrLib.h (INCLUDE_MEMORY): Remove. * mc-boot/GStringConvert.cc (INCLUDE_MEMORY): Remove. * mc-boot/GStringConvert.h (INCLUDE_MEMORY): Remove. * mc-boot/GSysExceptions.h (INCLUDE_MEMORY): Remove. * mc-boot/GSysStorage.cc (INCLUDE_MEMORY): Remove. * mc-boot/GSysStorage.h (INCLUDE_MEMORY): Remove. * mc-boot/GTimeString.cc (INCLUDE_MEMORY): Remove. * mc-boot/GTimeString.h (INCLUDE_MEMORY): Remove. * mc-boot/GUnixArgs.h (INCLUDE_MEMORY): Remove. * mc-boot/Galists.cc (INCLUDE_MEMORY): Remove. * mc-boot/Galists.h (INCLUDE_MEMORY): Remove. * mc-boot/Gdecl.cc (INCLUDE_MEMORY): Remove. * mc-boot/Gdecl.h (INCLUDE_MEMORY): Remove. * mc-boot/Gdtoa.h (INCLUDE_MEMORY): Remove. * mc-boot/Gerrno.h (INCLUDE_MEMORY): Remove. * mc-boot/Gkeyc.cc (INCLUDE_MEMORY): Remove. (checkGccConfigSystem): Remove printing out `#define INCLUDE_MEMORY`. * mc-boot/Gkeyc.h (INCLUDE_MEMORY): Remove. * mc-boot/Gldtoa.h (INCLUDE_MEMORY): Remove. * mc-boot/Glibc.h (INCLUDE_MEMORY): Remove. * mc-boot/Glibm.h (INCLUDE_MEMORY): Remove. * mc-boot/Glists.cc (INCLUDE_MEMORY): Remove. * mc-boot/Glists.h (INCLUDE_MEMORY): Remove. * mc-boot/GmcComment.cc (INCLUDE_MEMORY): Remove. * mc-boot/GmcComment.h (INCLUDE_MEMORY): Remove. * mc-boot/GmcComp.cc (INCLUDE_MEMORY): Remove. * mc-boot/GmcComp.h (INCLUDE_MEMORY): Remove. * mc-boot/GmcDebug.cc (INCLUDE_MEMORY): Remove. * mc-boot/GmcDebug.h (INCLUDE_MEMORY): Remove. * mc-boot/GmcError.cc (INCLUDE_MEMORY): Remove. * mc-boot/GmcError.h (INCLUDE_MEMORY): Remove. * mc-boot/GmcFileName.cc (INCLUDE_MEMORY): Remove. * mc-boot/GmcFileName.h (INCLUDE_MEMORY): Remove. * mc-boot/GmcLexBuf.cc (INCLUDE_MEMORY): Remove. * mc-boot/GmcLexBuf.h (INCLUDE_MEMORY): Remove. * mc-boot/GmcMetaError.cc (INCLUDE_MEMORY): Remove. * mc-boot/GmcMetaError.h (INCLUDE_MEMORY): Remove. * mc-boot/GmcOptions.cc (INCLUDE_MEMORY): Remove. * mc-boot/GmcOptions.h (INCLUDE_MEMORY): Remove. * mc-boot/GmcPreprocess.cc (INCLUDE_MEMORY): Remove. * mc-boot/GmcPreprocess.h (INCLUDE_MEMORY): Remove. * mc-boot/GmcPretty.cc (INCLUDE_MEMORY): Remove. * mc-boot/GmcPretty.h (INCLUDE_MEMORY): Remove. * mc-boot/GmcPrintf.cc (INCLUDE_MEMORY): Remove. * mc-boot/GmcPrintf.h (INCLUDE_MEMORY): Remove. * mc-boot/GmcQuiet.cc (INCLUDE_MEMORY): Remove. * mc-boot/GmcQuiet.h (INCLUDE_MEMORY): Remove. * mc-boot/GmcReserved.cc (INCLUDE_MEMORY): Remove. * mc-boot/GmcReserved.h (INCLUDE_MEMORY): Remove. * mc-boot/GmcSearch.cc (INCLUDE_MEMORY): Remove. * mc-boot/GmcSearch.h (INCLUDE_MEMORY): Remove. * mc-boot/GmcStack.cc (INCLUDE_MEMORY): Remove. * mc-boot/GmcStack.h (INCLUDE_MEMORY): Remove. * mc-boot/GmcStream.cc (INCLUDE_MEMORY): Remove. * mc-boot/GmcStream.h (INCLUDE_MEMORY): Remove. * mc-boot/Gmcflex.h (INCLUDE_MEMORY): Remove. * mc-boot/Gmcp1.cc (INCLUDE_MEMORY): Remove. * mc-boot/Gmcp1.h (INCLUDE_MEMORY): Remove. * mc-boot/Gmcp2.cc (INCLUDE_MEMORY): Remove. * mc-boot/Gmcp2.h (INCLUDE_MEMORY): Remove. * mc-boot/Gmcp3.cc (INCLUDE_MEMORY): Remove. * mc-boot/Gmcp3.h (INCLUDE_MEMORY): Remove. * mc-boot/Gmcp4.cc (INCLUDE_MEMORY): Remove. * mc-boot/Gmcp4.h (INCLUDE_MEMORY): Remove. * mc-boot/Gmcp5.cc (INCLUDE_MEMORY): Remove. * mc-boot/Gmcp5.h (INCLUDE_MEMORY): Remove. * mc-boot/GnameKey.cc (INCLUDE_MEMORY): Remove. * mc-boot/GnameKey.h (INCLUDE_MEMORY): Remove. * mc-boot/GsymbolKey.cc (INCLUDE_MEMORY): Remove. * mc-boot/GsymbolKey.h (INCLUDE_MEMORY): Remove. * mc-boot/Gtermios.h (INCLUDE_MEMORY): Remove. * mc-boot/Gtop.cc (INCLUDE_MEMORY): Remove. * mc-boot/Gvarargs.cc (INCLUDE_MEMORY): Remove. * mc-boot/Gvarargs.h (INCLUDE_MEMORY): Remove. * mc-boot/Gwlists.cc (INCLUDE_MEMORY): Remove. * mc-boot/Gwlists.h (INCLUDE_MEMORY): Remove. * mc-boot/Gwrapc.h (INCLUDE_MEMORY): Remove. * pge-boot/GIndexing.h (INCLUDE_MEMORY): Remove. * pge-boot/GSEnvironment.h (INCLUDE_MEMORY): Remove. * pge-boot/GScan.h (INCLUDE_MEMORY): Remove. gcc/objc/ChangeLog: * objc-act.cc (INCLUDE_MEMORY): Remove. * objc-encoding.cc (INCLUDE_MEMORY): Remove. * objc-gnu-runtime-abi-01.cc (INCLUDE_MEMORY): Remove. * objc-lang.cc (INCLUDE_MEMORY): Remove. * objc-next-runtime-abi-01.cc (INCLUDE_MEMORY): Remove. * objc-next-runtime-abi-02.cc (INCLUDE_MEMORY): Remove. * objc-runtime-shared-support.cc (INCLUDE_MEMORY): Remove. gcc/objcp/ChangeLog: * objcp-decl.cc (INCLUDE_MEMORY): Remove. * objcp-lang.cc (INCLUDE_MEMORY): Remove. gcc/rust/ChangeLog: * resolve/rust-ast-resolve-expr.cc (INCLUDE_MEMORY): Remove. * rust-attribs.cc (INCLUDE_MEMORY): Remove. * rust-system.h (INCLUDE_MEMORY): Remove. Signed-off-by: Andrew Pinski <quic_apinski@quicinc.com>
2024-11-01analyzer: use std::unique_ptr in "to_json" functionsDavid Malcolm1-2/+2
No functional change intended. gcc/analyzer/ChangeLog: * analyzer.cc: Include "make-unique.h". Convert "to_json" functions to use std::unique_ptr. * call-string.cc: Likewise. * constraint-manager.cc: Likewise. * diagnostic-manager.cc: Likewise. * engine.cc: Likewise. * program-point.cc: Likewise. * program-state.cc: Likewise. * ranges.cc: Likewise. * region-model.cc: Likewise. * region.cc: Likewise. * svalue.cc: Likewise. * sm.cc: Likewise. * store.cc: Likewise. * supergraph.cc: Likewise. * analyzer.h: Convert "to_json" functions to return std::unique_ptr. * call-string.h: Likewise. * constraint-manager.h: Likewise. (bounded_range::set_json_attr): Pass "obj" by reference. * diagnostic-manager.h: Convert "to_json" functions to return std::unique_ptr. * exploded-graph.h: Likewise. * program-point.h: Likewise. * program-state.h: Likewise. * ranges.h: Likewise. * region-model.h: Likewise. * region.h: Likewise. * sm.h: Likewise. * store.h: Likewise. * supergraph.h: Likewise. * svalue.h: Likewise. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2024-09-20analyzer: simplify dumps using tree_dump_pretty_printer [PR116613]David Malcolm1-5/+1
There are numerous "dump" member functions in the analyzer with copied-and-pasted logic. Simplify them by moving the shared code to a new class tree_dump_pretty_printer. As well as reducing code duplication, this eliminates numerous uses of pp_show_color (global_dc->m_printer), which should ultimately help with supporting multiple diagnostic sinks. No functional change intended. gcc/analyzer/ChangeLog: PR other/116613 * access-diagram.cc (access_range::dump): Simplify using tree_dump_pretty_printer. * call-details.cc (call_details::dump): Likewise. * call-summary.cc (call_summary::dump): Likewise. (call_summary_replay::dump): Likewise. * checker-event.cc (checker_event::debug): Likewise. * constraint-manager.cc (range::dump): Likewise. (bounded_range::dump): Likewise. (bounded_ranges::dump): Likewise. (constraint_manager::dump): Likewise. * engine.cc (exploded_node::dump): Likewise. (exploded_path::dump): Likewise. * program-point.cc (program_point::dump): Likewise. * program-state.cc (extrinsic_state::dump_to_file): Likewise. (sm_state_map::dump): Likewise. (program_state::dump_to_file): Likewise. * ranges.cc (symbolic_byte_offset::dump): Likewise. (symbolic_byte_range::dump): Likewise. * record-layout.cc (record_layout::dump): Likewise. * region-model-reachability.cc (reachable_regions::dump): Likewise. * region-model.cc (region_to_value_map::dump): Likewise. (region_model::dump): Likewise. (model_merger::dump): Likewise. * region.cc (region_offset::dump): Likewise. (region::dump): Likewise. * sm-malloc.cc (deallocator_set::dump): Likewise. * store.cc (uncertainty_t::dump): Likewise. (binding_key::dump): Likewise. (bit_range::dump): Likewise. (byte_range::dump): Likewise. (binding_map::dump): Likewise. (binding_cluster::dump): Likewise. (store::dump): Likewise. * supergraph.cc (superedge::dump): Likewise. * svalue.cc (svalue::dump): Likewise. gcc/ChangeLog: PR other/116613 * text-art/dump.h (dump_to_file): Simplify using tree_dump_pretty_printer. * tree-diagnostic.h (class tree_dump_pretty_printer): New. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2024-09-09diagnostics: rename dc.printer to m_printer [PR116613]David Malcolm1-1/+1
Rename diagnostic_context's "printer" field to "m_printer", for consistency with other fields, and to highlight places where we currently use this, to help assess feasibility of supporting multiple output sinks (PR other/116613). No functional change intended. gcc/ChangeLog: PR other/116613 * attribs.cc (decls_mismatched_attributes): Rename diagnostic_context's "printer" field to "m_printer". (attr_access::array_as_string): Likewise. * diagnostic-format-json.cc (json_output_format::on_report_diagnostic): Likewise. (diagnostic_output_format_init_json): Likewise. * diagnostic-format-sarif.cc (sarif_result::on_nested_diagnostic): Likewise. (sarif_ice_notification): Likewise. (sarif_builder::on_report_diagnostic): Likewise. (sarif_builder::make_result_object): Likewise. (sarif_builder::make_location_object): Likewise. (sarif_builder::make_message_object_for_diagram): Likewise. (diagnostic_output_format_init_sarif): Likewise. * diagnostic-format-text.cc (diagnostic_text_output_format::~diagnostic_text_output_format): Likewise. (diagnostic_text_output_format::on_report_diagnostic): Likewise. (diagnostic_text_output_format::on_diagram): Likewise. (diagnostic_text_output_format::print_any_cwe): Likewise. (diagnostic_text_output_format::print_any_rules): Likewise. (diagnostic_text_output_format::print_option_information): Likewise. * diagnostic-format.h (diagnostic_output_format::get_printer): New. * diagnostic-global-context.cc (verbatim): Rename diagnostic_context's "printer" field to "m_printer". * diagnostic-path.cc (path_label::get_text): Likewise. (print_path_summary_as_text): Likewise. (diagnostic_context::print_path): Likewise. (selftest::test_empty_path): Likewise. (selftest::test_intraprocedural_path): Likewise. (selftest::test_interprocedural_path_1): Likewise. (selftest::test_interprocedural_path_2): Likewise. (selftest::test_recursion): Likewise. (selftest::test_control_flow_1): Likewise. (selftest::test_control_flow_2): Likewise. (selftest::test_control_flow_3): Likewise. (assert_cfg_edge_path_streq): Likewise. (selftest::test_control_flow_5): Likewise. (selftest::test_control_flow_6): Likewise. * diagnostic-show-locus.cc (layout::layout): Likewise. (selftest::test_layout_x_offset_display_utf8): Likewise. (selftest::test_layout_x_offset_display_tab): Likewise. (selftest::test_diagnostic_show_locus_unknown_location): Likewise. (selftest::test_one_liner_simple_caret): Likewise. (selftest::test_one_liner_no_column): Likewise. (selftest::test_one_liner_caret_and_range): Likewise. (selftest::test_one_liner_multiple_carets_and_ranges): Likewise. (selftest::test_one_liner_fixit_insert_before): Likewise. (selftest::test_one_liner_fixit_insert_after): Likewise. (selftest::test_one_liner_fixit_remove): Likewise. (selftest::test_one_liner_fixit_replace): Likewise. (selftest::test_one_liner_fixit_replace_non_equal_range): Likewise. (selftest::test_one_liner_fixit_replace_equal_secondary_range): Likewise. (selftest::test_one_liner_fixit_validation_adhoc_locations): Likewise. (selftest::test_one_liner_many_fixits_1): Likewise. (selftest::test_one_liner_many_fixits_2): Likewise. (selftest::test_one_liner_labels): Likewise. (selftest::test_one_liner_simple_caret_utf8): Likewise. (selftest::test_one_liner_caret_and_range_utf8): Likewise. (selftest::test_one_liner_multiple_carets_and_ranges_utf8): Likewise. (selftest::test_one_liner_fixit_insert_before_utf8): Likewise. (selftest::test_one_liner_fixit_insert_after_utf8): Likewise. (selftest::test_one_liner_fixit_remove_utf8): Likewise. (selftest::test_one_liner_fixit_replace_utf8): Likewise. (selftest::test_one_liner_fixit_replace_non_equal_range_utf8): Likewise. (selftest::test_one_liner_fixit_replace_equal_secondary_range_utf8): Likewise. (selftest::test_one_liner_fixit_validation_adhoc_locations_utf8): Likewise. (selftest::test_one_liner_many_fixits_1_utf8): Likewise. (selftest::test_one_liner_many_fixits_2_utf8): Likewise. (selftest::test_one_liner_labels_utf8): Likewise. (selftest::test_one_liner_colorized_utf8): Likewise. (selftest::test_add_location_if_nearby): Likewise. (selftest::test_diagnostic_show_locus_fixit_lines): Likewise. (selftest::test_overlapped_fixit_printing): Likewise. (selftest::test_overlapped_fixit_printing_utf8): Likewise. (selftest::test_overlapped_fixit_printing_2): Likewise. (selftest::test_fixit_insert_containing_newline): Likewise. (selftest::test_fixit_insert_containing_newline_2): Likewise. (selftest::test_fixit_replace_containing_newline): Likewise. (selftest::test_fixit_deletion_affecting_newline): Likewise. (selftest::test_tab_expansion): Likewise. (selftest::test_escaping_bytes_1): Likewise. (selftest::test_escaping_bytes_2): Likewise. (selftest::test_line_numbers_multiline_range): Likewise. * diagnostic.cc (file_name_as_prefix): Likewise. (diagnostic_set_caret_max_width): Likewise. (diagnostic_context::initialize): Likewise. (diagnostic_context::color_init): Likewise. (diagnostic_context::urls_init): Likewise. (diagnostic_context::finish): Likewise. (diagnostic_context::get_location_text): Likewise. (diagnostic_build_prefix): Likewise. (diagnostic_context::report_current_module): Likewise. (default_diagnostic_starter): Likewise. (default_diagnostic_start_span_fn): Likewise. (default_diagnostic_finalizer): Likewise. (diagnostic_context::report_diagnostic): Likewise. (diagnostic_append_note): Likewise. (diagnostic_context::error_recursion): Likewise. (fancy_abort): Likewise. * diagnostic.h (diagnostic_context::set_show_highlight_colors): Likewise. (diagnostic_context::printer): Rename to... (diagnostic_context::m_printer): ...this. (diagnostic_format_decoder): Rename diagnostic_context's "printer" field to "m_printer". (diagnostic_prefixing_rule): Likewise. (diagnostic_ready_p): Likewise. * gimple-ssa-warn-access.cc (pass_waccess::maybe_warn_memmodel): Likewise. * langhooks.cc (lhd_print_error_function): Likewise. * lto-wrapper.cc (print_lto_docs_link): Likewise. * opts-global.cc (init_options_once): Likewise. * opts.cc (common_handle_option): Likewise. * simple-diagnostic-path.cc (simple_diagnostic_path_cc_tests): Likewise. * text-art/dump.h (dump_to_file<T>): Likewise. * toplev.cc (announce_function): Likewise. (toplev::main): Likewise. * tree-diagnostic.cc (default_tree_diagnostic_starter): Likewise. * tree.cc (escaped_string::escape): Likewise. (selftest::test_escaped_strings): Likewise. gcc/ada/ChangeLog: PR other/116613 * gcc-interface/misc.cc (internal_error_function): Rename diagnostic_context's "printer" field to "m_printer". gcc/analyzer/ChangeLog: PR other/116613 * access-diagram.cc (access_range::dump): Rename diagnostic_context's "printer" field to "m_printer". * analyzer-language.cc (on_finish_translation_unit): Likewise. * analyzer.cc (make_label_text): Likewise. (make_label_text_n): Likewise. * call-details.cc (call_details::dump): Likewise. * call-summary.cc (call_summary::dump): Likewise. (call_summary_replay::dump): Likewise. * checker-event.cc (checker_event::debug): Likewise. * constraint-manager.cc (range::dump): Likewise. (bounded_range::dump): Likewise. (bounded_ranges::dump): Likewise. (constraint_manager::dump): Likewise. * diagnostic-manager.cc (diagnostic_manager::emit_saved_diagnostic): Likewise. * engine.cc (exploded_node::dump): Likewise. (exploded_path::dump): Likewise. (run_checkers): Likewise. * kf-analyzer.cc (kf_analyzer_dump_escaped::impl_call_pre): Likewise. * pending-diagnostic.cc (evdesc::event_desc::formatted_print): Likewise. * program-point.cc (function_point::print_source_line): Likewise. (program_point::dump): Likewise. * program-state.cc (extrinsic_state::dump_to_file): Likewise. (sm_state_map::dump): Likewise. (program_state::dump_to_file): Likewise. * ranges.cc (symbolic_byte_offset::dump): Likewise. (symbolic_byte_range::dump): Likewise. * region-model-reachability.cc (reachable_regions::dump): Likewise. * region-model.cc (region_to_value_map::dump): Likewise. (region_model::dump): Likewise. (model_merger::dump): Likewise. * region.cc (region_offset::dump): Likewise. (region::dump): Likewise. * sm-malloc.cc (deallocator_set::dump): Likewise. (sufficiently_similar_p): Likewise. * store.cc (uncertainty_t::dump): Likewise. (binding_key::dump): Likewise. (binding_map::dump): Likewise. (binding_cluster::dump): Likewise. (store::dump): Likewise. * supergraph.cc (supergraph::dump_dot_to_file): Likewise. (superedge::dump): Likewise. * svalue.cc (svalue::dump): Likewise. gcc/c-family/ChangeLog: PR other/116613 * c-format.cc (selftest::test_type_mismatch_range_labels): Rename diagnostic_context's "printer" field to "m_printer". (selftest::test_type_mismatch_range_labels): Likewise. * c-opts.cc (c_diagnostic_finalizer): Likewise. gcc/c/ChangeLog: PR other/116613 * c-objc-common.cc (c_initialize_diagnostics): Rename diagnostic_context's "printer" field to "m_printer". gcc/cp/ChangeLog: PR other/116613 * error.cc (cxx_initialize_diagnostics): Rename diagnostic_context's "printer" field to "m_printer". (cxx_print_error_function): Likewise. (cp_diagnostic_starter): Likewise. (cp_print_error_function): Likewise. (print_instantiation_full_context): Likewise. (print_instantiation_partial_context_line): Likewise. (maybe_print_constexpr_context): Likewise. (print_location): Likewise. (print_constrained_decl_info): Likewise. (print_concept_check_info): Likewise. (print_constraint_context_head): Likewise. (print_requires_expression_info): Likewise. * module.cc (noisy_p): Likewise. gcc/d/ChangeLog: PR other/116613 * d-diagnostic.cc (d_diagnostic_report_diagnostic): Rename diagnostic_context's "printer" field to "m_printer". gcc/fortran/ChangeLog: PR other/116613 * error.cc (gfc_clear_pp_buffer): Rename diagnostic_context's "printer" field to "m_printer". (gfc_warning): Likewise. (gfc_diagnostic_build_kind_prefix): Likewise. (gfc_diagnostic_build_locus_prefix): Likewise. (gfc_diagnostic_starter): Likewise. (gfc_diagnostic_starter): Likewise. (gfc_diagnostic_start_span): Likewise. (gfc_diagnostic_finalizer): Likewise. (gfc_warning_check): Likewise. (gfc_error_opt): Likewise. (gfc_error_check): Likewise. gcc/jit/ChangeLog: PR other/116613 * jit-playback.cc (add_diagnostic): Rename diagnostic_context's "printer" field to "m_printer". gcc/testsuite/ChangeLog: PR other/116613 * gcc.dg/plugin/analyzer_cpython_plugin.c (dump_refcnt_info): Update for renaming of field "printer" to "m_printer". * gcc.dg/plugin/diagnostic_group_plugin.c (test_diagnostic_starter): Likewise. (test_diagnostic_start_span_fn): Likewise. (test_output_format::on_begin_group): Likewise. (test_output_format::on_end_group): Likewise. * gcc.dg/plugin/diagnostic_plugin_test_paths.c: Likewise. * gcc.dg/plugin/diagnostic_plugin_test_show_locus.c (custom_diagnostic_finalizer): Likewise. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2024-06-18analyzer: Fix g++ 4.8 bootstrap without using std::move to return ↵Jonathan Wakely1-2/+2
std::unique_ptr Revert the changes in r15-1111-ge22b7f741ab54f and fix bootstrap with GCC 4.8 a different way. The original problem is not related to C++17 guaranteed copy elision, it's related to Core DR 1579 [1], which was part of C++14 but only implemented in G++ as a C++11 DR with r5-1576-gfb682f9458c6cf (so GCC 4.8 doesn't implement it). The original fix causes -Wredundant-move warnings with GCC trunk. [1] https://cplusplus.github.io/CWG/issues/1579.html gcc/analyzer/ChangeLog * constraint-manager.cc (equiv_class::make_dump_widget): Change return type to match return value and do not use std::move on return value. (bounded_ranges_constraint::make_dump_widget): Likewise. (constraint_manager::make_dump_widget): Likewise. * constraint-manager.h (equiv_class::make_dump_widget): Change return type. (bounded_ranges_constraint::make_dump_widget): Likewise. (constraint_manager::make_dump_widget): Likewise. * program-state.cc (sm_state_map::make_dump_widget): Likewise. (program_state::make_dump_widget): Likewise. * program-state.h (sm_state_map::make_dump_widget): Likewise. (program_state::make_dump_widget): Likewise. * region-model.cc (region_to_value_map::make_dump_widget): Likewise. (region_model::make_dump_widget): Likewise. * region-model.h (region_to_value_map::make_dump_widget): Likewise. (region_model::make_dump_widget): Likewise. * region.cc (region::make_dump_widget): Likewise. * region.h (region::make_dump_widget): Likewise. * store.cc (binding_cluster::make_dump_widget): Likewise. (store::make_dump_widget): Likewise. * store.h (binding_cluster::make_dump_widget): Likewise. (store::make_dump_widget): Likewise. * svalue.cc (svalue::make_dump_widget): Likewise. * svalue.h (svalue::make_dump_widget): Likewise.
2024-06-12pretty_printer: make all fields privateDavid Malcolm1-1/+1
No functional change intended. gcc/analyzer/ChangeLog: * access-diagram.cc (access_range::dump): Update for fields of pretty_printer becoming private. * call-details.cc (call_details::dump): Likewise. * call-summary.cc (call_summary::dump): Likewise. (call_summary_replay::dump): Likewise. * checker-event.cc (checker_event::debug): Likewise. * constraint-manager.cc (range::dump): Likewise. (bounded_range::dump): Likewise. (constraint_manager::dump): Likewise. * engine.cc (exploded_node::dump): Likewise. (exploded_path::dump): Likewise. (exploded_path::dump_to_file): Likewise. * feasible-graph.cc (feasible_graph::dump_feasible_path): Likewise. * program-point.cc (program_point::dump): Likewise. * program-state.cc (extrinsic_state::dump_to_file): Likewise. (sm_state_map::dump): Likewise. (program_state::dump_to_file): Likewise. * ranges.cc (symbolic_byte_offset::dump): Likewise. (symbolic_byte_range::dump): Likewise. * record-layout.cc (record_layout::dump): Likewise. * region-model-reachability.cc (reachable_regions::dump): Likewise. * region-model.cc (region_to_value_map::dump): Likewise. (region_model::dump): Likewise. (model_merger::dump): Likewise. * region-model.h (one_way_id_map<T>::dump): Likewise. * region.cc (region_offset::dump): Likewise. (region::dump): Likewise. * sm-malloc.cc (deallocator_set::dump): Likewise. * store.cc (uncertainty_t::dump): Likewise. (binding_key::dump): Likewise. (bit_range::dump): Likewise. (byte_range::dump): Likewise. (binding_map::dump): Likewise. (binding_cluster::dump): Likewise. (store::dump): Likewise. * supergraph.cc (supergraph::dump_dot_to_file): Likewise. (superedge::dump): Likewise. * svalue.cc (svalue::dump): Likewise. gcc/c-family/ChangeLog: * c-ada-spec.cc (dump_ads): Update for fields of pretty_printer becoming private. * c-pretty-print.cc: Likewise throughout. gcc/c/ChangeLog: * c-objc-common.cc (print_type): Update for fields of pretty_printer becoming private. (c_tree_printer): Likewise. gcc/cp/ChangeLog: * cxx-pretty-print.cc: Update throughout for fields of pretty_printer becoming private. * error.cc: Likewise. gcc/ChangeLog: * diagnostic.cc (diagnostic_context::urls_init): Update for fields of pretty_printer becoming private. (diagnostic_context::print_any_cwe): Likewise. (diagnostic_context::print_any_rules): Likewise. (diagnostic_context::print_option_information): Likewise. * diagnostic.h (diagnostic_format_decoder): Likewise. (diagnostic_prefixing_rule): Likewise, fixing typo. * digraph.cc (test_dump_to_dot): Likewise. * digraph.h (digraph<GraphTraits>::dump_dot_to_file): Likewise. * dumpfile.cc (dump_pretty_printer::emit_any_pending_textual_chunks): Likewise. * gimple-pretty-print.cc (print_gimple_stmt): Likewise. (print_gimple_expr): Likewise. (print_gimple_seq): Likewise. (dump_ssaname_info_to_file): Likewise. (gimple_dump_bb): Likewise. * graph.cc (print_graph_cfg): Likewise. (start_graph_dump): Likewise. * langhooks.cc (lhd_print_error_function): Likewise. * lto-wrapper.cc (print_lto_docs_link): Likewise. * pretty-print.cc (pp_set_real_maximum_length): Convert to... (pretty_printer::set_real_maximum_length): ...this. (pp_clear_state): Convert to... (pretty_printer::clear_state): ...this. (pp_wrap_text): Update for pp_remaining_character_count_for_line becoming a member function. (urlify_quoted_string): Update for fields of pretty_printer becoming private. (pp_format): Convert to... (pretty_printer::format): ...this. Reduce the scope of local variables "old_line_length" and "old_wrapping_mode" and make const. Reduce the scope of locals "args", "new_chunk_array", "curarg", "any_unnumbered", and "any_numbered". (pp_output_formatted_text): Update for fields of pretty_printer becoming private. (pp_flush): Likewise. (pp_really_flush): Likewise. (pp_set_line_maximum_length): Likewise. (pp_set_prefix): Convert to... (pretty_printer::set_prefix): ...this. (pp_take_prefix): Update for fields of pretty_printer gaining "m_" prefixes. (pp_destroy_prefix): Likewise. (pp_emit_prefix): Convert to... (pretty_printer::emit_prefix): ...this. (pretty_printer::pretty_printer): Update both ctors for fields gaining "m_" prefixes. (pretty_printer::~pretty_printer): Likewise for dtor. (pp_append_text): Update for pp_emit_prefix becoming pretty_printer::emit_prefix. (pp_remaining_character_count_for_line): Convert to... (pretty_printer::remaining_character_count_for_line): ...this. (pp_character): Update for above change. (pp_maybe_space): Convert to... (pretty_printer::maybe_space): ...this. (pp_begin_url): Convert to... (pretty_printer::begin_url): ...this. (get_end_url_string): Update for fields of pretty_printer becoming private. (pp_end_url): Convert to... (pretty_printer::end_url): ...this. (selftest::test_pretty_printer::test_pretty_printer): Update for fields of pretty_printer becoming private. (selftest::test_urls): Likewise. (selftest::test_null_urls): Likewise. (selftest::test_urlification): Likewise. * pretty-print.h (pp_line_cutoff): Convert from macro to inline function. (pp_prefixing_rule): Likewise. (pp_wrapping_mode): Likewise. (pp_format_decoder): Likewise. (pp_needs_newline): Likewise. (pp_indentation): Likewise. (pp_translate_identifiers): Likewise. (pp_show_color): Likewise. (pp_buffer): Likewise. (pp_get_prefix): Add forward decl to allow friend decl. (pp_take_prefix): Likewise. (pp_destroy_prefix): Likewise. (class pretty_printer): Fix typo in leading comment. Add "friend" decls for the various new accessor functions that were formerly macros and for pp_get_prefix, pp_take_prefix, and pp_destroy_prefix. Make all fields private. (pretty_printer::set_output_stream): New. (pretty_printer::set_prefix): New decl. (pretty_printer::emit_prefix): New decl. (pretty_printer::format): New decl. (pretty_printer::maybe_space): New decl. (pretty_printer::supports_urls_p): New. (pretty_printer::get_url_format): New. (pretty_printer::set_url_format): New. (pretty_printer::begin_url): New decl. (pretty_printer::end_url): New decl. (pretty_printer::set_verbatim_wrapping): New. (pretty_printer::set_padding): New. (pretty_printer::get_padding): New. (pretty_printer::clear_state): New decl. (pretty_printer::set_real_maximum_length): New decl. (pretty_printer::remaining_character_count_for_line): New decl. (pretty_printer::buffer): Rename to... (pretty_printer::m_buffer): ...this. (pretty_printer::prefix): Rename to... (pretty_printer::m_prefix): ...this; (pretty_printer::padding): Rename to... (pretty_printer::m_padding): ...this; (pretty_printer::maximum_length): Rename to... (pretty_printer::m_maximum_length): ...this; (pretty_printer::indent_skip): Rename to... (pretty_printer::m_indent_skip): ...this; (pretty_printer::wrapping): Rename to... (pretty_printer::m_wrapping): ...this; (pretty_printer::format_decoder): Rename to... (pretty_printer::m_format_decoder): ...this; (pretty_printer::emitted_prefix): Rename to... (pretty_printer::m_emitted_prefix): ...this; (pretty_printer::need_newline): Rename to... (pretty_printer::m_need_newline): ...this; (pretty_printer::translate_identifiers): Rename to... (pretty_printer::m_translate_identifiers): ...this; (pretty_printer::show_color): Rename to... (pretty_printer::m_show_color): ...this; (pretty_printer::url_format): Rename to... (pretty_printer::m_url_format): ...this; (pp_get_prefix): Reformat. (pp_format_postprocessor): New inline function. (pp_take_prefix): Move decl to before class pretty_printer. (pp_destroy_prefix): Likewise. (pp_set_prefix): Convert to inline function. (pp_emit_prefix): Convert to inline function. (pp_format): Convert to inline function. (pp_maybe_space): Convert to inline function. (pp_begin_url): Convert to inline function. (pp_end_url): Convert to inline function. (pp_set_verbatim_wrapping): Convert from macro to inline function, renaming... (pp_set_verbatim_wrapping_): ...this. * print-rtl.cc (dump_value_slim): Update for fields of pretty_printer becoming private. (dump_insn_slim): Likewise. (dump_rtl_slim): Likewise. * print-tree.cc (print_node): Likewise. * sched-rgn.cc (dump_rgn_dependencies_dot): Likewise. * text-art/canvas.cc (canvas::print_to_pp): Likewise. (canvas::debug): Likewise. (selftest::test_canvas_urls): Likewise. * text-art/dump.h (dump_to_file): Likewise. * text-art/selftests.cc (selftest::assert_canvas_streq): Likewise. * text-art/style.cc (style::print_changes): Likewise. * text-art/styled-string.cc (styled_string::from_fmt_va): Likewise. * tree-diagnostic-path.cc (control_flow_tests): Update for pp_show_color becoming an inline function. * tree-loop-distribution.cc (dot_rdg_1): Update for fields of pretty_printer becoming private. * tree-pretty-print.cc (maybe_init_pretty_print): Likewise. * value-range.cc (vrange::dump): Likewise. (irange_bitmask::dump): Likewise. gcc/fortran/ChangeLog: * error.cc (gfc_clear_pp_buffer): Likewise. (gfc_warning): Likewise. (gfc_warning_check): Likewise. (gfc_error_opt): Likewise. (gfc_error_check): Likewise. gcc/jit/ChangeLog: * jit-recording.cc (recording::function::dump_to_dot): Update for fields of pretty_printer becoming private. gcc/testsuite/ChangeLog: * gcc.dg/plugin/analyzer_cpython_plugin.c (dump_refcnt_info): Update for fields of pretty_printer becoming private. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2024-06-08analyzer: Restore g++ 4.8 bootstrap; use std::move to return std::unique_ptr.Roger Sayle1-1/+1
This patch restores bootstrap when using g++ 4.8 as a host compiler. Returning a std::unique_ptr requires a std::move on C++ compilers (pre-C++17) that don't guarantee copy elision/return value optimization. 2024-06-08 Roger Sayle <roger@nextmovesoftware.com> gcc/analyzer/ChangeLog * constraint-manager.cc (equiv_class::make_dump_widget): Use std::move to return a std::unique_ptr. (bounded_ranges_constraint::make_dump_widget): Likewise. (constraint_manager::make_dump_widget): Likewise. * program-state.cc (sm_state_map::make_dump_widget): Likewise. (program_state::make_dump_widget): Likewise. * region-model.cc (region_to_value_map::make_dump_widget): Likewise. (region_model::make_dump_widget): Likewise. * region.cc (region::make_dump_widget): Likewise. * store.cc (binding_cluster::make_dump_widget): Likewise. (store::make_dump_widget): Likewise. * svalue.cc (svalue::make_dump_widget): Likewise.
2024-05-30Add new text_art::tree_widget and use it in analyzerDavid Malcolm1-0/+421
This patch adds a new text_art::tree_widget, which makes it easy to generate hierarchical visualizations using either ASCII: +- Child 0 | +- Grandchild 0 0 | +- Grandchild 0 1 | `- Grandchild 0 2 +- Child 1 | +- Grandchild 1 0 | +- Grandchild 1 1 | `- Grandchild 1 2 `- Child 2 +- Grandchild 2 0 +- Grandchild 2 1 `- Grandchild 2 2 or Unicode: Root ├─ Child 0 │ ├─ Grandchild 0 0 │ ├─ Grandchild 0 1 │ ╰─ Grandchild 0 2 ├─ Child 1 │ ├─ Grandchild 1 0 │ ├─ Grandchild 1 1 │ ╰─ Grandchild 1 2 ╰─ Child 2 ├─ Grandchild 2 0 ├─ Grandchild 2 1 ╰─ Grandchild 2 2 potentially with colorization of the connecting lines. It adds a new template for typename T: void text_art::dump<T> (const T&); for using this to dump any object to stderr that supports a make_dump_widget method, with similar templates for dumping to a pretty_printer * and a FILE *. It uses this within the analyzer to add two new families of dumping methods: one for program states, e.g.: (gdb) call state->dump() State ├─ Region Model │ ├─ Current Frame: frame: ‘calls_malloc’@2 │ ├─ Store │ │ ├─ m_called_unknown_fn: false │ │ ├─ frame: ‘test’@1 │ │ │ ╰─ _1: (INIT_VAL(n_2(D))*(size_t)4) │ │ ╰─ frame: ‘calls_malloc’@2 │ │ ├─ result_4: &HEAP_ALLOCATED_REGION(27) │ │ ╰─ _5: &HEAP_ALLOCATED_REGION(27) │ ╰─ Dynamic Extents │ ╰─ HEAP_ALLOCATED_REGION(27): (INIT_VAL(n_2(D))*(size_t)4) ╰─ ‘malloc’ state machine ╰─ 0x468cb40: &HEAP_ALLOCATED_REGION(27): unchecked ({free}) (‘result_4’) and the other for showing the detail of the recursive makeup of svalues and regions, e.g. the (INIT_VAL(n_2(D))*(size_t)4) from above: (gdb) call size_in_bytes->dump() (17): ‘long unsigned int’: binop_svalue(mult_expr: ‘*’) ├─ (15): ‘size_t’: initial_svalue │ ╰─ m_reg: (12): ‘size_t’: decl_region(‘n_2(D)’) │ ╰─ parent: (9): frame_region(‘test’, index: 0, depth: 1) │ ╰─ parent: (1): stack region │ ╰─ parent: (0): root region ╰─ (16): ‘size_t’: constant_svalue (‘4’) I've already found both of these useful when debugging analyzer issues. The patch uses the former to update the output of -fdump-analyzer-exploded-nodes-2 and -fdump-analyzer-exploded-nodes-3. The older dumping functions within the analyzer are retained in case they turn out to still be useful for debugging. gcc/ChangeLog: * Makefile.in (OBJS-libcommon): Add text-art/tree-widget.o. * doc/analyzer.texi: Rewrite discussion of dumping state to cover the text_art::tree_widget-based dumps, with a more interesting example. * text-art/dump-widget-info.h: New file. * text-art/dump.h: New file. * text-art/selftests.cc (selftest::text_art_tests): Call text_art_tree_widget_cc_tests. * text-art/selftests.h (selftest::text_art_tree_widget_cc_tests): New decl. * text-art/theme.cc (ascii_theme::get_cppchar): Handle the various cell_kind::TREE_*. (unicode_theme::get_cppchar): Likewise. * text-art/theme.h (enum class theme::cell_kind): Add TREE_CHILD_NON_FINAL, TREE_CHILD_FINAL, TREE_X_CONNECTOR, and TREE_Y_CONNECTOR. * text-art/tree-widget.cc: New file. gcc/analyzer/ChangeLog: * call-details.cc: Define INCLUDE_VECTOR. * call-info.cc: Likewise. * call-summary.cc: Likewise. * checker-event.cc: Likewise. * checker-path.cc: Likewise. * complexity.cc: Likewise. * constraint-manager.cc: Likewise. (bounded_range::make_dump_widget): New. (bounded_ranges::add_to_dump_widget): New. (equiv_class::make_dump_widget): New. (constraint::make_dump_widget): New. (bounded_ranges_constraint::make_dump_widget): New. (constraint_manager::make_dump_widget): New. * constraint-manager.h (bounded_range::make_dump_widget): New decl. (bounded_ranges::add_to_dump_widget): New decl. (equiv_class::make_dump_widget): New decl. (constraint::make_dump_widget): New decl. (bounded_ranges_constraint::make_dump_widget): New decl. (constraint_manager::make_dump_widget): New decl. * diagnostic-manager.cc: Define INCLUDE_VECTOR. * engine.cc: Likewise. Include "text-art/dump.h". (setjmp_svalue::print_dump_widget_label): New. (setjmp_svalue::add_dump_widget_children): New. (exploded_graph::dump_exploded_nodes): Use text_art::dump_to_file for -fdump-analyzer-exploded-nodes-2 and -fdump-analyzer-exploded-nodes-3. Fix overlong line. * feasible-graph.cc: Define INCLUDE_VECTOR. * infinite-recursion.cc: Likewise. * kf-analyzer.cc: Likewise. * kf-lang-cp.cc: Likewise. * kf.cc: Likewise. * known-function-manager.cc: Likewise. * pending-diagnostic.cc: Likewise. * program-point.cc: Likewise. * program-state.cc: Likewise. Include "text-art/tree-widget" and "text-art/dump.h". (sm_state_map::make_dump_widget): New. (program_state::dump): New. (program_state::make_dump_widget): New. * program-state.h: Include "text-art/widget.h". (sm_state_map::make_dump_widget): New decl. (program_state::dump): New decl. (program_state::make_dump_widget): New decl. * ranges.cc: Define INCLUDE_VECTOR. * record-layout.cc: Likewise. * region-model-asm.cc: Likewise. * region-model-manager.cc: Likewise. * region-model-reachability.cc: Likewise. * region-model.cc: Likewise. Include "text-art/tree-widget.h". (region_to_value_map::make_dump_widget): New. (region_model::dump): New. (region_model::make_dump_widget): New. (selftest::test_dump): Add test of dump_to_pp<region_model>. * region-model.h: Include "text-art/widget.h" and "text-art/dump.h". (region_to_value_map::make_dump_widget): New decl. (region_model::dump): New decl. (region_model::make_dump_widget): New decl. * region.cc: Define INCLUDE_VECTOR and include "text-art/dump.h". (region::dump): New. (region::make_dump_widget): New. (region::add_dump_widget_children): New. (frame_region::print_dump_widget_label): New. (globals_region::print_dump_widget_label): New. (code_region::print_dump_widget_label): New. (function_region::print_dump_widget_label): New. (label_region::print_dump_widget_label): New. (stack_region::print_dump_widget_label): New. (heap_region::print_dump_widget_label): New. (root_region::print_dump_widget_label): New. (thread_local_region::print_dump_widget_label): New. (symbolic_region::print_dump_widget_label): New. (symbolic_region::add_dump_widget_children): New. (decl_region::print_dump_widget_label): New. (field_region::print_dump_widget_label): New. (element_region::print_dump_widget_label): New. (element_region::add_dump_widget_children): New. (offset_region::print_dump_widget_label): New. (offset_region::add_dump_widget_children): New. (sized_region::print_dump_widget_label): New. (sized_region::add_dump_widget_children): New. (cast_region::print_dump_widget_label): New. (cast_region::add_dump_widget_children): New. (heap_allocated_region::print_dump_widget_label): New. (alloca_region::print_dump_widget_label): New. (string_region::print_dump_widget_label): New. (bit_range_region::print_dump_widget_label): New. (var_arg_region::print_dump_widget_label): New. (errno_region::print_dump_widget_label): New. (private_region::print_dump_widget_label): New. (unknown_region::print_dump_widget_label): New. * region.h: Include "text-art/widget.h". (region::dump): New decl. (region::make_dump_widget): New decl. (region::add_dump_widget_children): New decl. (frame_region::print_dump_widget_label): New decl. (globals_region::print_dump_widget_label): New decl. (code_region::print_dump_widget_label): New decl. (function_region::print_dump_widget_label): New decl. (label_region::print_dump_widget_label): New decl. (stack_region::print_dump_widget_label): New decl. (heap_region::print_dump_widget_label): New decl. (root_region::print_dump_widget_label): New decl. (thread_local_region::print_dump_widget_label): New decl. (symbolic_region::print_dump_widget_label): New decl. (symbolic_region::add_dump_widget_children): New decl. (decl_region::print_dump_widget_label): New decl. (field_region::print_dump_widget_label): New decl. (element_region::print_dump_widget_label): New decl. (element_region::add_dump_widget_children): New decl. (offset_region::print_dump_widget_label): New decl. (offset_region::add_dump_widget_children): New decl. (sized_region::print_dump_widget_label): New decl. (sized_region::add_dump_widget_children): New decl. (cast_region::print_dump_widget_label): New decl. (cast_region::add_dump_widget_children): New decl. (heap_allocated_region::print_dump_widget_label): New decl. (alloca_region::print_dump_widget_label): New decl. (string_region::print_dump_widget_label): New decl. (bit_range_region::print_dump_widget_label): New decl. (var_arg_region::print_dump_widget_label): New decl. (errno_region::print_dump_widget_label): New decl. (private_region::print_dump_widget_label): New decl. (unknown_region::print_dump_widget_label): New decl. * sm-fd.cc: Define INCLUDE_VECTOR. * sm-file.cc: Likewise. * sm-malloc.cc: Likewise. * sm-pattern-test.cc: Likewise. * sm-signal.cc: Likewise. * sm-taint.cc: Likewise. * sm.cc: Likewise. * state-purge.cc: Likewise. * store.cc: Likewise. Include "text-art/tree-widget.h". (add_binding_to_tree_widget): New. (binding_map::add_to_tree_widget): New. (binding_cluster::make_dump_widget): New. (store::make_dump_widget): New. * store.h: Include "text-art/tree-widget.h". (binding_map::add_to_tree_widget): New decl. (binding_cluster::make_dump_widget): New decl. (store::make_dump_widget): New decl. * svalue.cc: Define INCLUDE_VECTOR. Include "make-unique.h" and "text-art/dump.h". (svalue::dump): New. (svalue::make_dump_widget): New. (region_svalue::print_dump_widget_label): New. (region_svalue::add_dump_widget_children): New. (constant_svalue::print_dump_widget_label): New. (constant_svalue::add_dump_widget_children): New. (unknown_svalue::print_dump_widget_label): New. (unknown_svalue::add_dump_widget_children): New. (poisoned_svalue::print_dump_widget_label): New. (poisoned_svalue::add_dump_widget_children): New. (initial_svalue::print_dump_widget_label): New. (initial_svalue::add_dump_widget_children): New. (unaryop_svalue::print_dump_widget_label): New. (unaryop_svalue::add_dump_widget_children): New. (binop_svalue::print_dump_widget_label): New. (binop_svalue::add_dump_widget_children): New. (sub_svalue::print_dump_widget_label): New. (sub_svalue::add_dump_widget_children): New. (repeated_svalue::print_dump_widget_label): New. (repeated_svalue::add_dump_widget_children): New. (bits_within_svalue::print_dump_widget_label): New. (bits_within_svalue::add_dump_widget_children): New. (widening_svalue::print_dump_widget_label): New. (widening_svalue::add_dump_widget_children): New. (placeholder_svalue::print_dump_widget_label): New. (placeholder_svalue::add_dump_widget_children): New. (unmergeable_svalue::print_dump_widget_label): New. (unmergeable_svalue::add_dump_widget_children): New. (compound_svalue::print_dump_widget_label): New. (compound_svalue::add_dump_widget_children): New. (conjured_svalue::print_dump_widget_label): New. (conjured_svalue::add_dump_widget_children): New. (asm_output_svalue::print_dump_widget_label): New. (asm_output_svalue::add_dump_widget_children): New. (const_fn_result_svalue::print_dump_widget_label): New. (const_fn_result_svalue::add_dump_widget_children): New. * svalue.h: Include "text-art/widget.h". Add "using text_art::dump_widget_info". (svalue::dump): New decl. (svalue::make_dump_widget): New decl. (svalue::print_dump_widget_label): New decl. (svalue::print_dump_widget_label): New decl. (svalue::add_dump_widget_children): New decl. (region_svalue::print_dump_widget_label): New decl. (region_svalue::add_dump_widget_children): New decl. (constant_svalue::print_dump_widget_label): New decl. (constant_svalue::add_dump_widget_children): New decl. (unknown_svalue::print_dump_widget_label): New decl. (unknown_svalue::add_dump_widget_children): New decl. (poisoned_svalue::print_dump_widget_label): New decl. (poisoned_svalue::add_dump_widget_children): New decl. (initial_svalue::print_dump_widget_label): New decl. (initial_svalue::add_dump_widget_children): New decl. (unaryop_svalue::print_dump_widget_label): New decl. (unaryop_svalue::add_dump_widget_children): New decl. (binop_svalue::print_dump_widget_label): New decl. (binop_svalue::add_dump_widget_children): New decl. (sub_svalue::print_dump_widget_label): New decl. (sub_svalue::add_dump_widget_children): New decl. (repeated_svalue::print_dump_widget_label): New decl. (repeated_svalue::add_dump_widget_children): New decl. (bits_within_svalue::print_dump_widget_label): New decl. (bits_within_svalue::add_dump_widget_children): New decl. (widening_svalue::print_dump_widget_label): New decl. (widening_svalue::add_dump_widget_children): New decl. (placeholder_svalue::print_dump_widget_label): New decl. (placeholder_svalue::add_dump_widget_children): New decl. (unmergeable_svalue::print_dump_widget_label): New decl. (unmergeable_svalue::add_dump_widget_children): New decl. (compound_svalue::print_dump_widget_label): New decl. (compound_svalue::add_dump_widget_children): New decl. (conjured_svalue::print_dump_widget_label): New decl. (conjured_svalue::add_dump_widget_children): New decl. (asm_output_svalue::print_dump_widget_label): New decl. (asm_output_svalue::add_dump_widget_children): New decl. (const_fn_result_svalue::print_dump_widget_label): New decl. (const_fn_result_svalue::add_dump_widget_children): New decl. * trimmed-graph.cc: Define INCLUDE_VECTOR. * varargs.cc: Likewise. gcc/testsuite/ChangeLog: * gcc.dg/plugin/analyzer_cpython_plugin.c: Define INCLUDE_VECTOR. * gcc.dg/plugin/analyzer_gil_plugin.c: Likewise. * gcc.dg/plugin/analyzer_kernel_plugin.c: Likewise. * gcc.dg/plugin/analyzer_known_fns_plugin.c: Likewise. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2024-03-18analyzer: fix ICEs due to sloppy types in bounds-checking ↵David Malcolm1-8/+148
[PR110902,PR110928,PR111305,PR111441] Various analyzer ICEs in our bugzilla relate to sloppy use of types within bounds-checking. The bounds-checking code works by comparing symbolic *bit* offsets, and we don't have a good user-facing type that can represent such an offset (ptrdiff_type_node is for *byte* offsets). ana::svalue doesn't enforce valid combinations of types for things like binary operations. When I added the access diagrams for GCC 14, this could lead to attempts to generate trees for such svalues, leading to trees with invalid combinations of types (e.g. PLUS_EXPR or MULT_EXPR of incompatible types), leading to ICEs inside the tree folding logic. I tried two approaches to fixing this. My first approach was to fix the type-handling throughout the bounds-checking code to use correct types, using size_type_node for sizes, ptrdiff_type_node for byte offsets, and trying ptrdiff_type_node for bit offsets. I implemented this, and it fixed the crashes, but unfortunately it led to: (a) numerous false negatives from the bounds-checking code, due to it becoming unable to be sure that the accessed offset was beyond the valid bounds, due to the expressions involved gaining complicated sets of nested casts. (b) ugly access diagrams full of nested casts (for capacities, gap measurements, etc) So my second approach, implemented in this patch, is to accept that we don't have a tree type for representing bit offsets. The patch represents bit offsets using "typeless" symbolic values i.e. ones for which get_type () is NULL_TREE, and implements enough support for basic arithemetic as if these are mathematical integers (albeit ones for which concrete values within an expression must fit within a signed wide int). Such values can't be converted to tree, so the patch avoids such conversions, instead implementing a new svalue::maybe_print_for_user for printing them to a pretty_printer. The patch uses ptrdiff_type_node for byte offsets. Doing so fixes the crashes, whilst appearing to preserve the behavior of -Wanalyzer-out-of-bounds in my testing. gcc/analyzer/ChangeLog: PR analyzer/110902 PR analyzer/110928 PR analyzer/111305 PR analyzer/111441 * access-diagram.cc: Include "analyzer/analyzer-selftests.h". (get_access_size_str): Reimplement for conversion of implmementation of bit_size_expr from tree to const svalue &. Use svalue::maybe_print_for_user rather than tree printing routines. (remove_ssa_names): Make non-static. (bit_size_expr::get_formatted_str): Rename to... (bit_size_expr::maybe_get_formatted_str): ...this, adding "model" param and converting return type to a unique_ptr. Update for conversion of implementation of bit_size_expr from tree to const svalue &. Use svalue::maybe_print_for_user rather than tree printing routines. (bit_size_expr::print): Rename to... (bit_size_expr::maybe_print_for_user): ...this, adding "model" param and converting return type to bool. Update for conversion of implementation of bit_size_expr from tree to const svalue &. Use svalue::maybe_print_for_user rather than tree printing routines. (bit_size_expr::maybe_get_as_bytes): Add "mgr" param and convert return type from tree to const svalue *; reimplement. (access_range::access_range): Call strip_types when on region_offset intializations. (access_range::get_size): Update for conversion of implementation of bit_size_expr from tree to const svalue &. (access_operation::get_valid_bits): Pass manager to access_range ctor. (access_operation::maybe_get_invalid_before_bits): Likewise. (access_operation::maybe_get_invalid_after_bits): Likewise. (boundaries::add): Likewise. (bit_to_table_map::populate): Add "mgr" param and pass it to access_range ctor. (access_diagram_impl::access_diagram_impl): Pass manager to bit_to_table_map::populate. (access_diagram_impl::maybe_add_gap): Use svalue rather than tree for symbolic bit offsets. Port to new bit_size_expr representation. (access_diagram_impl::add_valid_vs_invalid_ruler): Port to new bit_size_expr representation. (selftest::assert_eq_typeless_integer): New. (ASSERT_EQ_TYPELESS_INTEGER): New. (selftest::test_bit_size_expr_to_bytes): New. (selftest::analyzer_access_diagram_cc_tests): New. * access-diagram.h (class bit_size_expr): Reimplement, converting implementation from tree to const svalue &. (access_range::access_range): Add "mgr" param. Call strip_types on region_offset initializations. (access_range::get_size): Update decl for reimplementation. * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call selftest::analyzer_access_diagram_cc_tests. * analyzer-selftests.h (selftest::analyzer_checker_script_cc_tests): Delete this stray typo. (selftest::analyzer_access_diagram_cc_tests): New decl. * analyzer.h (print_expr_for_user): New decl. (calc_symbolic_bit_offset): Update decl for reimplementation. (strip_types): New decls. (remove_ssa_names): New decl. * bounds-checking.cc (strip_types): New. (region_model::check_symbolic_bounds): Use typeless svalues. * region-model-manager.cc (region_model_manager::get_or_create_constant_svalue): Add "type" param. Add overload with old signature. (region_model_manager::get_or_create_int_cst): Support type being NULL_TREE. (region_model_manager::maybe_fold_unaryop): Gracefully reject folding of casts to NULL_TREE type. (get_code_for_cast): Use NOP_EXPR for "casting" svalues to NULL_TREE type. (region_model_manager::get_or_create_cast): Support "casting" svalues to NULL_TREE type. (region_model_manager::maybe_fold_binop): Don't crash on inputs with NULL_TREE type. Handle folding of binops on constants with NULL_TREE type. Add missing cast from PR analyzer/110902. Support enough folding of other ops on NULL_TREE type to support bounds checking. (region_model_manager::get_or_create_const_fn_result_svalue): Remove assertion that type is nonnull. * region-model-manager.h (region_model_manager::get_or_create_constant_svalue): Add overloaded decl taking a type. (region_model_manager::maybe_fold_binop): Make public. (region_model_manager::constants_map_t): Use constant_svalue::key_t for the key, rather than just tree. * region-model.cc (print_expr_for_user): New. (selftest::test_array_2): Handle casts. * region.cc (region_offset::calc_symbolic_bit_offset): Return const svalue & rather than tree, and reimplement accordingly. (region::calc_offset): Use ptrdiff_type_node for types of byte offsets. (region::maybe_print_for_user): New. (element_region::get_relative_symbolic_offset): Use NULL_TREE for types of bit offsets. (offset_region::get_bit_offset): Likewise. (sized_region::get_bit_size_sval): Likewise for bit sizes. * region.h (region::maybe_print_for_user): New decl. * svalue.cc (class auto_add_parens): New. (svalue::maybe_print_for_user): New. (svalue::cmp_ptr): Support typeless constant svalues. (tristate_from_boolean_tree_node): New, taken from... (constant_svalue::eval_condition): ...here. Handle comparison of typeless integer svalue constants. * svalue.h (svalue::maybe_print_for_user): New decl. (class constant_svalue): Support the type of the svalue being NULL_TREE. (struct default_hash_traits<constant_svalue::key_t>): New. gcc/ChangeLog: PR analyzer/110902 PR analyzer/110928 PR analyzer/111305 PR analyzer/111441 * selftest.h (ASSERT_NE_AT): New macro. gcc/testsuite/ChangeLog: PR analyzer/110902 PR analyzer/110928 PR analyzer/111305 PR analyzer/111441 * c-c++-common/analyzer/out-of-bounds-const-fn.c: New test. * c-c++-common/analyzer/out-of-bounds-diagram-11.c: Update expected diagram output. * c-c++-common/analyzer/out-of-bounds-diagram-pr110928.c: New test. * c-c++-common/analyzer/out-of-bounds-diagram-pr111305.c: New test. * c-c++-common/analyzer/out-of-bounds-diagram-pr111441.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2024-01-03Update copyright years.Jakub Jelinek1-1/+1
2023-11-17analyzer: new warning: -Wanalyzer-infinite-loop [PR106147]David Malcolm1-1/+9
This patch implements a new analyzer warning: -Wanalyzer-infinite-loop. It works by examining the exploded graph once the latter has been fully built. It attempts to detect cycles in the exploded graph in which: - no externally visible work occurs - no escape is possible from the cycle once it has been entered - the program state is "sufficiently concrete" at each step: - no unknown activity could be occurring - the worklist was fully drained for each enode in the cycle i.e. every enode in the cycle is processed For example, it correctly complains about this bogus "for" loop: int sum = 0; for (struct node *iter = n; iter; iter->next) sum += n->val; return sum; like this: infinite-loop-linked-list.c: In function ‘for_loop_noop_next’: infinite-loop-linked-list.c:110:31: warning: infinite loop [CWE-835] [-Wanalyzer-infinite-loop] 110 | for (struct node *iter = n; iter; iter->next) | ^~~~ ‘for_loop_noop_next’: events 1-5 | | 110 | for (struct node *iter = n; iter; iter->next) | | ^~~~ | | | | | (1) infinite loop here | | (2) when ‘iter’ is non-NULL: always following ‘true’ branch... | | (5) ...to here | 111 | sum += n->val; | | ~~~~~~~~~~~~~ | | | | | | | (3) ...to here | | (4) looping back... | gcc/ChangeLog: PR analyzer/106147 * Makefile.in (ANALYZER_OBJS): Add analyzer/infinite-loop.o. * doc/invoke.texi: Add -fdump-analyzer-infinite-loop and -Wanalyzer-infinite-loop. Add missing CWE link for -Wanalyzer-infinite-recursion. * timevar.def (TV_ANALYZER_INFINITE_LOOPS): New. gcc/analyzer/ChangeLog: PR analyzer/106147 * analyzer.opt (Wanalyzer-infinite-loop): New option. (fdump-analyzer-infinite-loop): New option. * checker-event.h (start_cfg_edge_event::get_desc): Drop "final". (start_cfg_edge_event::maybe_describe_condition): Convert from private to protected. * checker-path.h (checker_path::get_logger): New. * diagnostic-manager.cc (process_worklist_item): Update for new context param of maybe_update_for_edge. * engine.cc (impl_region_model_context::impl_region_model_context): Add out_could_have_done_work param to both ctors and use it to initialize mm_out_could_have_done_work. (impl_region_model_context::maybe_did_work): New vfunc implementation. (exploded_node::on_stmt): Add out_could_have_done_work param and pass to ctxt ctor. (exploded_node::on_stmt_pre): Treat setjmp and longjmp as "doing work". (exploded_node::on_longjmp): Likewise. (exploded_edge::exploded_edge): Add "could_do_work" param and use it to initialize m_could_do_work_p. (exploded_edge::dump_dot_label): Add result of could_do_work_p. (exploded_graph::add_function_entry): Mark edge as doing no work. (exploded_graph::add_edge): Add "could_do_work" param and pass to exploded_edge ctor. (add_tainted_args_callback): Treat as doing no work. (exploded_graph::process_worklist): Likewise when merging nodes. (maybe_process_run_of_before_supernode_enodes::item): Likewise. (exploded_graph::maybe_create_dynamic_call): Likewise. (exploded_graph::process_node): Likewise for phi nodes. Pass in a "could_have_done_work" bool when handling stmts and use when creating edges. Assume work is done at bifurcation. (exploded_path::feasible_p): Update for new context param of maybe_update_for_edge. (feasibility_state::feasibility_state): New ctor. (feasibility_state::operator=): New. (feasibility_state::maybe_update_for_edge): Add ctxt param and use it. Fix missing newline when logging state. (impl_run_checkers): Call exploded_graph::detect_infinite_loops. * exploded-graph.h (impl_region_model_context::impl_region_model_context): Add out_could_have_done_work param to both ctors. (impl_region_model_context::maybe_did_work): New decl. (impl_region_model_context::checking_for_infinite_loop_p): New. (impl_region_model_context::on_unusable_in_infinite_loop): New. (impl_region_model_context::m_out_could_have_done_work): New field. (exploded_node::on_stmt): Add "out_could_have_done_work" param. (exploded_edge::exploded_edge): Add "could_do_work" param. (exploded_edge::could_do_work_p): New accessor. (exploded_edge::m_could_do_work_p): New field. (exploded_graph::add_edge): Add "could_do_work" param. (exploded_graph::detect_infinite_loops): New decl. (feasibility_state::feasibility_state): New ctor. (feasibility_state::operator=): New decl. (feasibility_state::maybe_update_for_edge): Add ctxt param. * infinite-loop.cc: New file. * program-state.cc (program_state::on_edge): Log the rejected constraint when region_model::maybe_update_for_edge fails. * region-model.cc (region_model::on_assignment): Treat any writes other than to the stack as "doing work". (region_model::on_stmt_pre): Treat all asm stmts as "doing work". (region_model::on_call_post): Likewise for all calls to functions with unknown side effects. (region_model::handle_phi): Add svals_changing_meaning param. Mark widening svalue in phi nodes as changing meaning. (unusable_in_infinite_loop_constraint_p): New. (region_model::add_constraint): If we're checking for an infinite loop, bail out on unusable svalues, or if we don't have a definite true/false for the constraint. (region_model::update_for_phis): Gather all svalues changing meaning in phi nodes, and purge constraints involving them. (region_model::replay_call_summary): Treat all call summaries as doing work. (region_model::can_merge_with_p): Purge constraints involving svalues that change meaning. (model_merger::on_widening_reuse): New. (test_iteration_1): Likewise. (selftest::test_iteration_1): Remove assertion that model6 "knows" that i < 157. * region-model.h (region_model::handle_phi): Add svals_changing_meaning param (region_model_context::maybe_did_work): New pure virtual func. (region_model_context::checking_for_infinite_loop_p): Likewise. (region_model_context::on_unusable_in_infinite_loop): Likewise. (noop_region_model_context::maybe_did_work): Implement. (noop_region_model_context::checking_for_infinite_loop_p): Likewise. (noop_region_model_context::on_unusable_in_infinite_loop): Likewise. (region_model_context_decorator::maybe_did_work): Implement. (region_model_context_decorator::checking_for_infinite_loop_p): Likewise. (region_model_context_decorator::on_unusable_in_infinite_loop): Likewise. (model_merger::on_widening_reuse): New decl. (model_merger::m_svals_changing_meaning): New field. * sm-signal.cc (register_signal_handler::impl_transition): Assume the edge "does work". * supergraph.cc (supernode::get_start_location): Use CFG edge's goto_locus if available. (supernode::get_end_location): Likewise. (cfg_superedge::dump_label_to_pp): Dump edges with a "goto_locus" * supergraph.h (cfg_superedge::get_goto_locus): New. * svalue.cc (svalue::can_merge_p): Call on_widening_reuse for widening values. (involvement_visitor::visit_widening_svalue): New. (svalue::involves_p): Update assertion to allow widening svalues. gcc/testsuite/ChangeLog: PR analyzer/106147 * c-c++-common/analyzer/gzio-2.c: Add dg-warning for infinite loop, marked as xfail. * c-c++-common/analyzer/infinite-loop-2.c: New test. * c-c++-common/analyzer/infinite-loop-4.c: New test. * c-c++-common/analyzer/infinite-loop-crc32c.c: New test. * c-c++-common/analyzer/infinite-loop-doom-d_main-IdentifyVersion.c: New test. * c-c++-common/analyzer/infinite-loop-doom-v_video.c: New test. * c-c++-common/analyzer/infinite-loop-g_error.c: New test. * c-c++-common/analyzer/infinite-loop-linked-list.c: New test. * c-c++-common/analyzer/infinite-recursion-inlining.c: Add dg-warning directives for infinite loop. * c-c++-common/analyzer/inlining-4-multiline.c: Update expected paths for event 5 having a location. * gcc.dg/analyzer/boxed-malloc-1.c: Add dg-warning for infinite loop. * gcc.dg/analyzer/data-model-20.c: Likewise. Add comment about suspect code, and create... * gcc.dg/analyzer/data-model-20a.c: ...this new test by cleaning it up. * gcc.dg/analyzer/edges-1.c: Add a placeholder statement to avoid the "...to here" from the if stmt occurring at the "while", and thus being treated as a bogus event. * gcc.dg/analyzer/explode-2a.c: Add dg-warning for infinite loop. * gcc.dg/analyzer/infinite-loop-1.c: New test. * gcc.dg/analyzer/malloc-1.c: Add dg-warning for infinite loop. * gcc.dg/analyzer/out-of-bounds-coreutils.c: Add TODO. * gcc.dg/analyzer/paths-4.c: Add dg-warning for infinite loop. * gcc.dg/analyzer/pr103892.c: Likewise. * gcc.dg/analyzer/pr93546.c: Likewise. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-09-01analyzer: Add support of placement new and improved operator new ↵benjamin priour1-0/+2
[PR105948,PR94355] Fixed spurious possibly-NULL warning always tagging along throwing operator new despite it never returning NULL. Now operator new is correctly recognized as possibly returning NULL if and only if it is non-throwing or exceptions have been disabled. Different standard signatures of operator new are now properly recognized. Added support of placement new, so that it is now properly recognized, and a 'heap_allocated' region is no longer created for it. Placement new size is also checked and a 'Wanalyzer-allocation-size' is emitted when relevant, as well as always a 'Wanalyzer-out-of-bounds'. 'operator new' non-throwing variants are detected y checking the types of the parameters. Indeed, in a call to new (std::nothrow) () the chosen overload has signature 'operator new (void*, std::nothrow_t&)', where the second parameter is a reference. In a placement new, the second parameter will always be a void pointer. Prior to this patch, some buffers first allocated with 'new', then deleted an thereafter used would result in a 'Wanalyzer-user-after-free' warning. However the wording was "use after 'free'" instead of the expected "use after 'delete'". This patch fixes this by introducing a new kind of poisoned value, namely POISON_KIND_DELETED. Due to how the analyzer sees calls to non-throwing variants of operator new, dereferencing a pointer freshly allocated in this fashion caused both a 'Wanalyzer-use-of-uninitialized-value' and a 'Wanalyzer-null-dereference' to be emitted, while only the latter was relevant. As a result, 'null-dereference' now supersedes 'use-of-uninitialized'. Signed-off-by: benjamin priour <vultkayn@gcc.gnu.org> gcc/analyzer/ChangeLog: PR analyzer/105948 PR analyzer/94355 * analyzer.h (is_placement_new_p): New declaration. * call-details.cc (call_details::deref_ptr_arg): New function. Dereference the argument at given index if possible. * call-details.h: Declaration of the above function. * kf-lang-cp.cc (is_placement_new_p): Returns true if the gcall is recognized as a placement new. (kf_operator_delete::impl_call_post): Unbinding a region and its descendents now poisons with POISON_KIND_DELETED. (register_known_functions_lang_cp): Known function "operator delete" is now registered only once independently of its number of arguments. * region-model.cc (region_model::eval_condition): Now recursively calls itself if any of the operand is wrapped in a cast. * sm-malloc.cc (malloc_state_machine::on_stmt): Add placement new recognition. * svalue.cc (poison_kind_to_str): Wording for the new PK. * svalue.h (enum poison_kind): Add value POISON_KIND_DELETED. gcc/testsuite/ChangeLog: PR analyzer/105948 PR analyzer/94355 * g++.dg/analyzer/out-of-bounds-placement-new.C: Added a directive. * g++.dg/analyzer/placement-new.C: Added tests. * g++.dg/analyzer/new-2.C: New test. * g++.dg/analyzer/noexcept-new.C: New test. * g++.dg/analyzer/placement-new-size.C: New test.
2023-08-04analyzer: handle function attribute "alloc_size" [PR110426]David Malcolm1-0/+11
This patch makes -fanalyzer make use of the function attribute "alloc_size", allowing -fanalyzer to emit -Wanalyzer-allocation-size, -Wanalyzer-out-of-bounds, and -Wanalyzer-tainted-allocation-size on execution paths involving allocations using such functions. gcc/analyzer/ChangeLog: PR analyzer/110426 * bounds-checking.cc (region_model::check_region_bounds): Handle symbolic base regions. * call-details.cc: Include "stringpool.h" and "attribs.h". (call_details::lookup_function_attribute): New function. * call-details.h (call_details::lookup_function_attribute): New function decl. * region-model-manager.cc (region_model_manager::maybe_fold_binop): Add reference to PR analyzer/110902. * region-model-reachability.cc (reachable_regions::handle_sval): Add symbolic regions for pointers that are conjured svalues for the LHS of a stmt. * region-model.cc (region_model::canonicalize): Purge dynamic extents for regions that aren't referenced. (get_result_size_in_bytes): New function. (region_model::on_call_pre): Use get_result_size_in_bytes and potentially set the dynamic extents of the region pointed to by the return value. (region_model::deref_rvalue): Add param "add_nonnull_constraint" and use it to conditionalize adding the constraint. (pending_diagnostic_subclass::dubious_allocation_size): Add "stmt" param to both ctors and use it to initialize new "m_stmt" field. (pending_diagnostic_subclass::operator==): Use m_stmt; don't use m_lhs or m_rhs. (pending_diagnostic_subclass::m_stmt): New field. (region_model::check_region_size): Generalize to any kind of pointer svalue by using deref_rvalue rather than checking for region_svalue. Pass stmt to dubious_allocation_size ctor. * region-model.h (region_model::deref_rvalue): Add param "add_nonnull_constraint". * svalue.cc (conjured_svalue::lhs_value_p): New function. * svalue.h (conjured_svalue::lhs_value_p): New decl. gcc/testsuite/ChangeLog: PR analyzer/110426 * gcc.dg/analyzer/allocation-size-1.c: Update expected message to reflect consolidation of size and assignment into a single event. * gcc.dg/analyzer/allocation-size-2.c: Likewise. * gcc.dg/analyzer/allocation-size-3.c: Likewise. * gcc.dg/analyzer/allocation-size-4.c: Likewise. * gcc.dg/analyzer/allocation-size-multiline-1.c: Likewise. * gcc.dg/analyzer/allocation-size-multiline-2.c: Likewise. * gcc.dg/analyzer/allocation-size-multiline-3.c: Likewise. * gcc.dg/analyzer/attr-alloc_size-1.c: New test. * gcc.dg/analyzer/attr-alloc_size-2.c: New test. * gcc.dg/analyzer/attr-alloc_size-3.c: New test. * gcc.dg/analyzer/explode-4.c: New test. * gcc.dg/analyzer/taint-size-1.c: Add test coverage for __attribute__ alloc_size. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-08-04analyzer: fix some svalue::dump_to_pp implementationsDavid Malcolm1-7/+20
gcc/analyzer/ChangeLog: * svalue.cc (region_svalue::dump_to_pp): Support NULL type. (constant_svalue::dump_to_pp): Likewise. (initial_svalue::dump_to_pp): Likewise. (conjured_svalue::dump_to_pp): Likewise. Fix missing print of the type. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-07-26analyzer: add symbol base class, moving region id to there [PR104940]David Malcolm1-7/+13
This patch introduces a "symbol" base class that region and svalue both inherit from, generalizing the ID from the region class so it's also used by svalues. This gives a way of sorting regions and svalues into creation order, which I've found useful in my experiments with adding SMT support (PR analyzer/104940). gcc/ChangeLog: PR analyzer/104940 * Makefile.in (ANALYZER_OBJS): Add analyzer/symbol.o. gcc/analyzer/ChangeLog: PR analyzer/104940 * region-model-manager.cc (region_model_manager::region_model_manager): Update for generalizing region ids to also cover svalues. (region_model_manager::get_or_create_constant_svalue): Likewise. (region_model_manager::get_or_create_unknown_svalue): Likewise. (region_model_manager::create_unique_svalue): Likewise. (region_model_manager::get_or_create_initial_value): Likewise. (region_model_manager::get_or_create_setjmp_svalue): Likewise. (region_model_manager::get_or_create_poisoned_svalue): Likewise. (region_model_manager::get_ptr_svalue): Likewise. (region_model_manager::get_or_create_unaryop): Likewise. (region_model_manager::get_or_create_binop): Likewise. (region_model_manager::get_or_create_sub_svalue): Likewise. (region_model_manager::get_or_create_repeated_svalue): Likewise. (region_model_manager::get_or_create_bits_within): Likewise. (region_model_manager::get_or_create_unmergeable): Likewise. (region_model_manager::get_or_create_widening_svalue): Likewise. (region_model_manager::get_or_create_compound_svalue): Likewise. (region_model_manager::get_or_create_conjured_svalue): Likewise. (region_model_manager::get_or_create_asm_output_svalue): Likewise. (region_model_manager::get_or_create_const_fn_result_svalue): Likewise. (region_model_manager::get_region_for_fndecl): Likewise. (region_model_manager::get_region_for_label): Likewise. (region_model_manager::get_region_for_global): Likewise. (region_model_manager::get_field_region): Likewise. (region_model_manager::get_element_region): Likewise. (region_model_manager::get_offset_region): Likewise. (region_model_manager::get_sized_region): Likewise. (region_model_manager::get_cast_region): Likewise. (region_model_manager::get_frame_region): Likewise. (region_model_manager::get_symbolic_region): Likewise. (region_model_manager::get_region_for_string): Likewise. (region_model_manager::get_bit_range): Likewise. (region_model_manager::get_var_arg_region): Likewise. (region_model_manager::get_region_for_unexpected_tree_code): Likewise. (region_model_manager::get_or_create_region_for_heap_alloc): Likewise. (region_model_manager::create_region_for_alloca): Likewise. (region_model_manager::log_stats): Likewise. * region-model-manager.h (region_model_manager::get_num_regions): Replace with... (region_model_manager::get_num_symbols): ...this. (region_model_manager::alloc_region_id): Replace with... (region_model_manager::alloc_symbol_id): ...this. (region_model_manager::m_next_region_id): Replace with... (region_model_manager::m_next_symbol_id): ...this. * region-model.cc (selftest::test_get_representative_tree): Update for generalizing region ids to also cover svalues. (selftest::test_binop_svalue_folding): Likewise. (selftest::test_state_merging): Likewise. * region.cc (region::cmp_ids): Delete, in favor of symbol::cmp_ids. (region::region): Update for introduction of symbol base class. (frame_region::get_region_for_local): Likewise. (root_region::root_region): Likewise. (symbolic_region::symbolic_region): Likewise. * region.h: Replace include of "analyzer/complexity.h" with "analyzer/symbol.h". (class region): Make a subclass of symbol. (region::get_id): Delete in favor of symbol::get_id. (region::cmp_ids): Delete in favor of symbol::cmp_ids. (region::get_complexity): Delete in favor of symbol::get_complexity. (region::region): Use symbol::id_t for "id" param. (region::m_complexity): Move field to symbol base class. (region::m_id): Likewise. (space_region::space_region): Use symbol::id_t for "id" param. (frame_region::frame_region): Likewise. (globals_region::globals_region): Likewise. (code_region::code_region): Likewise. (function_region::function_region): Likewise. (label_region::label_region): Likewise. (stack_region::stack_region): Likewise. (heap_region::heap_region): Likewise. (thread_local_region::thread_local_region): Likewise. (root_region::root_region): Likewise. (symbolic_region::symbolic_region): Likewise. (decl_region::decl_region): Likewise. (field_region::field_region): Likewise. (element_region::element_region): Likewise. (offset_region::offset_region): Likewise. (sized_region::sized_region): Likewise. (cast_region::cast_region): Likewise. (heap_allocated_region::heap_allocated_region): Likewise. (alloca_region::alloca_region): Likewise. (string_region::string_region): Likewise. (bit_range_region::bit_range_region): Likewise. (var_arg_region::var_arg_region): Likewise. (errno_region::errno_region): Likewise. (unknown_region::unknown_region): Likewise. * svalue.cc (sub_svalue::sub_svalue): Add symbol::id_t param. (repeated_svalue::repeated_svalue): Likewise. (bits_within_svalue::bits_within_svalue): Likewise. (compound_svalue::compound_svalue): Likewise. * svalue.h: Replace include of "analyzer/complexity.h" with "analyzer/symbol.h". (class svalue): Make a subclass of symbol. (svalue::get_complexity): Delete in favor of symbol::get_complexity. (svalue::svalue): Add symbol::id_t param. Update for new base class. (svalue::m_complexity): Delete in favor of symbol::m_complexity. (region_svalue::region_svalue): Add symbol::id_t param (constant_svalue::constant_svalue): Likewise. (unknown_svalue::unknown_svalue): Likewise. (poisoned_svalue::poisoned_svalue): Likewise. (setjmp_svalue::setjmp_svalue): Likewise. (initial_svalue::initial_svalue): Likewise. (unaryop_svalue::unaryop_svalue): Likewise. (binop_svalue::binop_svalue): Likewise. (sub_svalue::sub_svalue): Likewise. (repeated_svalue::repeated_svalue): Likewise. (bits_within_svalue::bits_within_svalue): Likewise. (unmergeable_svalue::unmergeable_svalue): Likewise. (placeholder_svalue::placeholder_svalue): Likewise. (widening_svalue::widening_svalue): Likewise. (compound_svalue::compound_svalue): Likewise. (conjured_svalue::conjured_svalue): Likewise. (asm_output_svalue::asm_output_svalue): Likewise. (const_fn_result_svalue::const_fn_result_svalue): Likewise. * symbol.cc: New file. * symbol.h: New file. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-01-16Update copyright years.Jakub Jelinek1-1/+1
2022-11-03analyzer: use std::unique_ptr for pending_diagnostic/noteDavid Malcolm1-0/+1
gcc/analyzer/ChangeLog: * call-info.cc: Add define of INCLUDE_MEMORY. * call-summary.cc: Likewise. * checker-path.cc: Likewise. * constraint-manager.cc: Likewise. * diagnostic-manager.cc: Likewise. (saved_diagnostic::saved_diagnostic): Use std::unique_ptr for param d and field m_d. (saved_diagnostic::~saved_diagnostic): Remove explicit delete of m_d. (saved_diagnostic::add_note): Use std::unique_ptr for param pn. (saved_diagnostic::get_pending_diagnostic): Update for conversion of m_sd.m_d to unique_ptr. (diagnostic_manager::add_diagnostic): Use std::unique_ptr for param d. Remove explicit deletion. (diagnostic_manager::add_note): Use std::unique_ptr for param pn. (diagnostic_manager::emit_saved_diagnostic): Update for conversion of m_sd.m_d to unique_ptr. (null_assignment_sm_context::warn): Use std::unique_ptr for param d. Remove explicit deletion. * diagnostic-manager.h (saved_diagnostic::saved_diagnostic): Use std::unique_ptr for param d. (saved_diagnostic::add_note): Likewise for param pn. (saved_diagnostic::m_d): Likewise. (diagnostic_manager::add_diagnostic): Use std::unique_ptr for param d. (diagnostic_manager::add_note): Use std::unique_ptr for param pn. * engine.cc: Include "make-unique.h". (impl_region_model_context::warn): Update to use std::unique_ptr for param, removing explicit deletion. (impl_region_model_context::add_note): Likewise. (impl_sm_context::warn): Update to use std::unique_ptr for param. (impl_region_model_context::on_state_leak): Likewise for result of on_leak. (exploded_node::on_longjmp): Use make_unique when creating pending_diagnostic. (exploded_graph::process_node): Likewise. * exploded-graph.h (impl_region_model_context::warn): Update to use std::unique_ptr for param. (impl_region_model_context::add_note): Likewise. * feasible-graph.cc: Add define of INCLUDE_MEMORY. * pending-diagnostic.cc: Likewise. * pending-diagnostic.h: Include analyzer.sm.h" * program-point.cc: Add define of INCLUDE_MEMORY. * program-state.cc: Likewise. * region-model-asm.cc: Likewise. * region-model-impl-calls.cc: Likewise. Include "make-unique.h". (region_model::impl_call_putenv): Use make_unique when creating pending_diagnostic. * region-model-manager.cc: Add define of INCLUDE_MEMORY. * region-model-reachability.cc: Likewise. * region-model.cc: Likewise. Include "make-unique.h". (region_model::get_gassign_result): Use make_unique when creating pending_diagnostic. (region_model::check_for_poison): Likewise. (region_model::on_stmt_pre): Likewise. (region_model::check_symbolic_bounds): Likewise. (region_model::check_region_bounds): Likewise. (annotating_ctxt: make_note): Use std::unique_ptr for result. (region_model::deref_rvalue): Use make_unique when creating pending_diagnostic. (region_model::check_for_writable_region): Likewise. (region_model::check_region_size): Likewise. (region_model::check_dynamic_size_for_floats): Likewise. (region_model::maybe_complain_about_infoleak): Likewise. (noop_region_model_context::add_note): Use std::unique_ptr for param. Remove explicit deletion. * region-model.h: Include "analyzer/pending-diagnostic.h". (region_model_context::warn): Convert param to std::unique_ptr. (region_model_context::add_note): Likewise. (noop_region_model_context::warn): Likewise. (noop_region_model_context::add_note): Likewise. (region_model_context_decorator::warn): Likewise. (region_model_context_decorator::add_note): Likewise. (note_adding_context::warn): Likewise. (note_adding_context::make_note): Likewise for return type. (test_region_model_context::warn): Convert param to std::unique_ptr. * region.cc: Add define of INCLUDE_MEMORY. * sm-fd.cc: Likewise. Include "make-unique.h". (fd_state_machine::check_for_fd_attrs): Use make_unique when creating pending_diagnostics. (fd_state_machine::on_open): Likewise. (fd_state_machine::on_creat): Likewise. (fd_state_machine::check_for_dup): Likewise. (fd_state_machine::on_close): Likewise. (fd_state_machine::check_for_open_fd): Likewise. (fd_state_machine::on_leak): Likewise, converting return type to std::unique_ptr. * sm-file.cc: Add define of INCLUDE_MEMORY. Include "make-unique.h". (fileptr_state_machine::on_stmt): Use make_unique when creating pending_diagnostic. (fileptr_state_machine::on_leak): Likewise, converting return type to std::unique_ptr. * sm-malloc.cc: Add define of INCLUDE_MEMORY. Include "make-unique.h". (malloc_state_machine::on_stmt): Use make_unique when creating pending_diagnostic. (malloc_state_machine::handle_free_of_non_heap): Likewise. (malloc_state_machine::on_deallocator_call): Likewise. (malloc_state_machine::on_realloc_call): Likewise. (malloc_state_machine::on_leak): Likewise, converting return type to std::unique_ptr. * sm-pattern-test.cc: Add define of INCLUDE_MEMORY. Include "make-unique.h". (pattern_test_state_machine::on_condition): Use make_unique when creating pending_diagnostic. * sm-sensitive.cc: Add define of INCLUDE_MEMORY. Include "make-unique.h". (sensitive_state_machine::warn_for_any_exposure): Use make_unique when creating pending_diagnostic. * sm-signal.cc: Add define of INCLUDE_MEMORY. Include "make-unique.h". (signal_state_machine::on_stmt): Use make_unique when creating pending_diagnostic. * sm-taint.cc: Add define of INCLUDE_MEMORY. Include "make-unique.h". (taint_state_machine::check_for_tainted_size_arg): Use make_unique when creating pending_diagnostic. (taint_state_machine::check_for_tainted_divisor): Likewise. (region_model::check_region_for_taint): Likewise. (region_model::check_dynamic_size_for_taint): Likewise. * sm.cc: Add define of INCLUDE_MEMORY. Include "analyzer/pending-diagnostic.h". (state_machine::on_leak): Move here from sm.h, changing return type to std::unique_ptr. * sm.h (state_machine::on_leak): Change return type to std::unique_ptr. Move defn of base impl to sm.cc (sm_context::warn): Convert param d to std_unique_ptr. * state-purge.cc: Add define of INCLUDE_MEMORY. * store.cc: Likewise. * svalue.cc: Likewise. * trimmed-graph.cc: Likewise. * varargs.cc: Likewise. Include "make-unique.h". (va_list_state_machine::check_for_ended_va_list): Use make_unique when creating pending_diagnostic. (va_list_state_machine::on_leak): Likewise, converting return type to std::unique_ptr. (region_model::impl_call_va_arg): Use make_unique when creating pending_diagnostic. gcc/testsuite/ChangeLog: * gcc.dg/plugin/analyzer_gil_plugin.c: Add define of INCLUDE_MEMORY. Include "make-unique.h". (gil_state_machine::check_for_pyobject_in_call): Use make_unique when creating pending_diagnostic. (gil_state_machine::on_stmt): Likewise. (gil_state_machine::check_for_pyobject_usage_without_gil): Likewise. * gcc.dg/plugin/analyzer_kernel_plugin.c: : Add define of INCLUDE_MEMORY. * gcc.dg/plugin/analyzer_known_fns_plugin.c: Likewise. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2022-10-13analyzer: fix ICE introduced in r13-3168 [PR107210]David Malcolm1-1/+2
gcc/analyzer/ChangeLog: PR analyzer/107210 * svalue.cc (constant_svalue::maybe_fold_bits_within): Only attempt to extract individual bits when tree_fits_uhwi_p. gcc/testsuite/ChangeLog: PR analyzer/107210 * gfortran.dg/analyzer/pr107210.f90: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2022-10-07analyzer: extract bits from integer constants [PR105783]David Malcolm1-1/+16
Fix a false positive from -Wanalyzer-null-dereference due to -fanalyzer failing to grok the value of a particular boolean field initialized to a constant. gcc/analyzer/ChangeLog: PR analyzer/105783 * region-model.cc (selftest::get_bit): New function. (selftest::test_bits_within_svalue_folding): New. (selfftest::analyzer_region_model_cc_tests): Call it. * svalue.cc (constant_svalue::maybe_fold_bits_within): Handle the case of extracting a single bit. gcc/testsuite/ChangeLog: PR analyzer/105783 * gcc.dg/analyzer/pr105783.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2022-10-05analyzer: simplify some includesDavid Malcolm1-8/+2
gcc/analyzer/ChangeLog: * analysis-plan.cc: Simplify includes. * analyzer-pass.cc: Likewise. * analyzer-selftests.cc: Likewise. * analyzer.cc: Likewise. * analyzer.h: Add includes of "json.h" and "tristate.h". * call-info.cc: Simplify includes. * call-string.cc: Likewise. * call-summary.cc: Likewise. * checker-path.cc: Likewise. * complexity.cc: Likewise. * constraint-manager.cc: Likewise. * diagnostic-manager.cc: Likewise. * engine.cc: Likewise. * feasible-graph.cc: Likewise. * known-function-manager.cc: Likewise. * pending-diagnostic.cc: Likewise. * program-point.cc: Likewise. * program-state.cc: Likewise. * region-model-asm.cc: Likewise. * region-model-impl-calls.cc: Likewise. * region-model-manager.cc: Likewise. * region-model-reachability.cc: Likewise. * region-model.cc: Likewise. * region-model.h: Include "selftest.h". * region.cc: Simplify includes. * sm-fd.cc: Likewise. * sm-file.cc: Likewise. * sm-malloc.cc: Likewise. * sm-pattern-test.cc: Likewise. * sm-sensitive.cc: Likewise. * sm-signal.cc: Likewise. * sm-taint.cc: Likewise. * sm.cc: Likewise. * state-purge.cc: Likewise. * store.cc: Likewise. * store.h: Likewise. * supergraph.cc: Likewise. * svalue.cc: Likewise. * svalue.h: Likewise. * trimmed-graph.cc: Likewise. * varargs.cc: Likewise. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2022-10-04analyzer: revamp side-effects of call summaries [PR107072]David Malcolm1-2/+6
With -fanalyzer-call-summaries the analyzer canl attempt to summarize the effects of some function calls at their call site, rather than simulate the call directly, which can avoid big slowdowns during analysis. Previously, this summarization was extremely simplistic: no attempt was made to update sm-state, and region_model::update_for_call_summary would simply set the return value of the function to UNKNOWN, and assume the function had no side effects. This patch implements less simplistic summarizations: it tracks each possible return enode from the called function, and attempts to generate a successor enode from the callsite for each that have compatible conditions, mapping state changes in the summary to state changes at the callsite. It also implements the beginnings of heuristics for generating user-facing descriptions of a summary e.g. "when 'foo' returns NULL" versus: "when 'foo' returns a heap-allocated buffer" This still has some bugs, but much more accurately tracks the effects of a call, and so is an improvement; it should only have an effect when -fanalyzer-call-summaries is enabled. As before, -fanalyzer-call-summaries is disabled by default in analyzer.opt (but enabled by default in the test suite). gcc/ChangeLog: PR analyzer/107072 * Makefile.in (ANALYZER_OBJS): Add analyzer/call-summary.o. gcc/analyzer/ChangeLog: PR analyzer/107072 * analyzer-logging.h: Include "diagnostic-core.h". * analyzer.h: Include "function.h". (class call_summary): New forward decl. (class call_summary_replay): New forward decl. (struct per_function_data): New forward decl. (struct interesting_t): New forward decl. (custom_edge_info::update_state): New vfunc. * call-info.cc (custom_edge_info::update_state): New. * call-summary.cc: New file. * call-summary.h: New file. * constraint-manager.cc: Include "analyzer/call-summary.h". (class replay_fact_visitor): New. (constraint_manager::replay_call_summary): New. * constraint-manager.h (constraint_manager::replay_call_summary): New. * engine.cc: Include "analyzer/call-summary.h". (exploded_node::on_stmt): Handle call summaries. (class call_summary_edge_info): New. (exploded_node::replay_call_summaries): New. (exploded_node::replay_call_summary): New. (per_function_data::~per_function_data): New. (per_function_data::add_call_summary): Move here from header and reimplement. (exploded_graph::process_node): Call update_state rather than update_model when handling bifurcation (viz_callgraph_node::dump_dot): Use a regular label rather than an HTML table; add summaries to dump. * exploded-graph.h: Include "alloc-pool.h", "fibonacci_heap.h", "supergraph.h", "sbitmap.h", "shortest-paths.h", "analyzer/sm.h", "analyzer/program-state.h", and "analyzer/diagnostic-manager.h". (exploded_node::replay_call_summaries): New decl. (exploded_node::replay_call_summary): New decl. (per_function_data::~per_function_data): New decl. (per_function_data::add_call_summary): Move implemention from header. (per_function_data::m_summaries): Update type of element. * known-function-manager.h: Include "analyzer/analyzer-logging.h". * program-point.h: Include "pretty-print.h" and "analyzer/call-string.h". * program-state.cc: Include "analyzer/call-summary.h". (sm_state_map::replay_call_summary): New. (program_state::replay_call_summary): New. * program-state.h (sm_state_map::replay_call_summary): New decl. (program_state::replay_call_summary): New decl. * region-model-manager.cc (region_model_manager::get_or_create_asm_output_svalue): New overload. * region-model-manager.h (region_model_manager::get_or_create_asm_output_svalue): New overload decl. * region-model.cc: Include "analyzer/call-summary.h". (region_model::maybe_update_for_edge): Remove call to region_model::update_for_call_summary on SUPEREDGE_INTRAPROCEDURAL_CALL. (region_model::update_for_call_summary): Delete. (region_model::replay_call_summary): New. * region-model.h (region_model::replay_call_summary): New decl. (region_model::update_for_call_summary): Delete decl. * store.cc: Include "analyzer/call-summary.h". (store::replay_call_summary): New. (store::replay_call_summary_cluster): New. * store.h: Include "tristate.h". (is_a_helper <const ana::concrete_binding *>::test): New. (store::replay_call_summary): New decl. (store::replay_call_summary_cluster): New decl. * supergraph.cc (get_ultimate_function_for_cgraph_edge): Remove "static" from decl. (supergraph_call_edge): Make stmt param const. * supergraph.h: Include "ordered-hash-map.h", "cfg.h", "basic-block.h", "gimple.h", "gimple-iterator.h", and "digraph.h". (supergraph_call_edge): Make stmt param const. (get_ultimate_function_for_cgraph_edge): New decl. * svalue.cc (compound_svalue::compound_svalue): Assert that we're not nesting compound_svalues. * svalue.h: Include "json.h", "analyzer/store.h", and "analyzer/program-point.h". (asm_output_svalue::get_num_outputs): New accessor. gcc/testsuite/ChangeLog: PR analyzer/107072 * gcc.dg/analyzer/call-summaries-2.c: New test. * gcc.dg/analyzer/call-summaries-3.c: New test. * gcc.dg/analyzer/call-summaries-asm-x86.c: New test. * gcc.dg/analyzer/call-summaries-malloc.c: New test. * gcc.dg/analyzer/call-summaries-pr107072.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2022-10-04analyzer: widening_svalues take a function_point rather than a program_pointDavid Malcolm1-2/+2
Enabling work towrads better call summarization. gcc/analyzer/ChangeLog: * region-model-manager.cc (region_model_manager::get_or_create_widening_svalue): Use a function_point rather than a program_point. * region-model.cc (selftest::test_widening_constraints): Likewise. * region-model.h (region_model_manager::get_or_create_widening_svalue): Likewise. (model_merger::get_function_point): New. * svalue.cc (svalue::can_merge_p): Use a function_point rather than a program_point. (svalue::can_merge_p): Likewise. * svalue.h (widening_svalue::key_t): Likewise. (widening_svalue::widening_svalue): Likewise. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2022-07-15libcpp: Improve encapsulation of label_textJonathan Wakely1-1/+1
This adjusts the API of label_text so that the data members are private and cannot be modified by callers. Add accessors for them instead, and make the accessors const-correct. Also rename moved_from () to the more idiomatic release (). Also remove the unused take_or_copy () member function which has confusing ownership semantics. gcc/analyzer/ChangeLog: * call-info.cc (call_info::print): Adjust to new label_text API. * checker-path.cc (checker_event::dump): Likewise. (region_creation_event::get_desc): Likewise. (state_change_event::get_desc): Likewise. (superedge_event::should_filter_p): Likewise. (start_cfg_edge_event::get_desc): Likewise. (call_event::get_desc): Likewise. (return_event::get_desc): Likewise. (warning_event::get_desc): Likewise. (checker_path::dump): Likewise. (checker_path::debug): Likewise. * diagnostic-manager.cc (diagnostic_manager::prune_for_sm_diagnostic): Likewise. (diagnostic_manager::prune_interproc_events): Likewise. * engine.cc (feasibility_state::maybe_update_for_edge): Likewise. * program-state.cc (sm_state_map::to_json): Likewise. * region-model-impl-calls.cc (region_model::impl_call_analyzer_describe): Likewise. (region_model::impl_call_analyzer_dump_capacity): Likewise. * region.cc (region::to_json): Likewise. * sm-malloc.cc (inform_nonnull_attribute): Likewise. * store.cc (binding_map::to_json): Likewise. (store::to_json): Likewise. * supergraph.cc (superedge::dump): Likewise. * svalue.cc (svalue::to_json): Likewise. gcc/c-family/ChangeLog: * c-format.cc (class range_label_for_format_type_mismatch): Adjust to new label_text API. gcc/ChangeLog: * diagnostic-format-json.cc (json_from_location_range): Adjust to new label_text API. * diagnostic-format-sarif.cc (sarif_builder::make_location_object): Likewise. * diagnostic-show-locus.cc (struct pod_label_text): Likewise. (layout::print_any_labels): Likewise. * tree-diagnostic-path.cc (class path_label): Likewise. (struct event_range): Likewise. (default_tree_diagnostic_path_printer): Likewise. (default_tree_make_json_for_path): Likewise. libcpp/ChangeLog: * include/line-map.h (label_text::take_or_copy): Remove. (label_text::moved_from): Rename to release. (label_text::m_buffer, label_text::m_owned): Make private. (label_text::get, label_text::is_owned): New accessors.
2022-07-07Convert label_text to C++11 move semanticsDavid Malcolm1-1/+0
libcpp's class label_text stores a char * for a string and a flag saying whether it owns the buffer. I added this class before we could use C++11, and so to avoid lots of copying it required an explicit call to label_text::maybe_free to potentially free the buffer. Now that we can use C++11, this patch removes label_text::maybe_free in favor of doing the cleanup in the destructor, and using C++ move semantics to avoid any copying. This allows lots of messy cleanup code to be eliminated in favor of implicit destruction (mostly in the analyzer). No functional change intended. gcc/analyzer/ChangeLog: * call-info.cc (call_info::print): Update for removal of label_text::maybe_free in favor of automatic memory management. * checker-path.cc (checker_event::dump): Likewise. (checker_event::prepare_for_emission): Likewise. (state_change_event::get_desc): Likewise. (superedge_event::should_filter_p): Likewise. (start_cfg_edge_event::get_desc): Likewise. (warning_event::get_desc): Likewise. (checker_path::dump): Likewise. (checker_path::debug): Likewise. * diagnostic-manager.cc (diagnostic_manager::prune_for_sm_diagnostic): Likewise. (diagnostic_manager::prune_interproc_events): Likewise. * program-state.cc (sm_state_map::to_json): Likewise. * region.cc (region::to_json): Likewise. * sm-malloc.cc (inform_nonnull_attribute): Likewise. * store.cc (binding_map::to_json): Likewise. (store::to_json): Likewise. * svalue.cc (svalue::to_json): Likewise. gcc/c-family/ChangeLog: * c-format.cc (range_label_for_format_type_mismatch::get_text): Update for removal of label_text::maybe_free in favor of automatic memory management. gcc/ChangeLog: * diagnostic-format-json.cc (json_from_location_range): Update for removal of label_text::maybe_free in favor of automatic memory management. * diagnostic-format-sarif.cc (sarif_builder::make_location_object): Likewise. * diagnostic-show-locus.cc (struct pod_label_text): New. (class line_label): Convert m_text from label_text to pod_label_text. (layout::print_any_labels): Move "text" to the line_label. * tree-diagnostic-path.cc (path_label::get_text): Update for removal of label_text::maybe_free in favor of automatic memory management. (event_range::print): Likewise. (default_tree_diagnostic_path_printer): Likewise. (default_tree_make_json_for_path): Likewise. libcpp/ChangeLog: * include/line-map.h: Include <utility>. (class label_text): Delete maybe_free method in favor of a destructor. Add move ctor and assignment operator. Add deletion of the copy ctor and copy-assignment operator. Rename field m_caller_owned to m_owned. Add std::move where necessary; add moved_from member function. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2022-07-02analyzer: add allocation size checker [PR105900]Tim Lange1-13/+13
This patch adds an checker that warns about code paths in which a buffer is assigned to a incompatible type, i.e. when the allocated buffer size is not a multiple of the pointee's size. Regression-tested on x86_64 Linux. Also compiled coreutils, curl, openssh and httpd with the patch enabled. 2022-07-01 Tim Lange <mail@tim-lange.me> gcc/analyzer/ChangeLog: PR analyzer/105900 * analyzer.opt: Added Wanalyzer-allocation-size. * checker-path.cc (region_creation_event::get_desc): Added call to new virtual function pending_diagnostic::describe_region_creation_event. * checker-path.h: Added region_creation_event::get_desc. * diagnostic-manager.cc (diagnostic_manager::add_event_on_final_node): New function. * diagnostic-manager.h: Added diagnostic_manager::add_event_on_final_node. * pending-diagnostic.h (struct region_creation): New event_desc struct. (pending_diagnostic::describe_region_creation_event): Added virtual function to overwrite description of a region creation. * region-model.cc (class dubious_allocation_size): New class. (capacity_compatible_with_type): New helper function. (class size_visitor): New class. (struct_or_union_with_inheritance_p): New helper function. (is_any_cast_p): New helper function. (region_model::check_region_size): New function. (region_model::set_value): Added call to region_model::check_region_size. * region-model.h (class region_model): New function check_region_size. * svalue.cc (region_svalue::accept): Changed to post-order traversal. (initial_svalue::accept): Likewise. (unaryop_svalue::accept): Likewise. (binop_svalue::accept): Likewise. (sub_svalue::accept): Likewise. (repeated_svalue::accept): Likewise. (bits_within_svalue::accept): Likewise. (widening_svalue::accept): Likewise. (unmergeable_svalue::accept): Likewise. (compound_svalue::accept): Likewise. (conjured_svalue::accept): Likewise. (asm_output_svalue::accept): Likewise. (const_fn_result_svalue::accept): Likewise. gcc/ChangeLog: PR analyzer/105900 * doc/invoke.texi: Added Wanalyzer-allocation-size. gcc/testsuite/ChangeLog: PR analyzer/105900 * gcc.dg/analyzer/pr96639.c: Changed buffer size to omit warning. * gcc.dg/analyzer/allocation-size-1.c: New test. * gcc.dg/analyzer/allocation-size-2.c: New test. * gcc.dg/analyzer/allocation-size-3.c: New test. * gcc.dg/analyzer/allocation-size-4.c: New test. * gcc.dg/analyzer/allocation-size-5.c: New test. Signed-off-by: Tim Lange <mail@tim-lange.me>
2022-05-23analyzer: use 'final' and 'override' where appropriateDavid Malcolm1-2/+2
gcc/analyzer/ChangeLog: * call-info.cc: Add "final" and "override" to all vfunc implementations that were missing them, as appropriate. * engine.cc: Likewise. * region-model.cc: Likewise. * sm-malloc.cc: Likewise. * supergraph.h: Likewise. * svalue.cc: Likewise. * varargs.cc: Likewise. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2022-04-25analyzer: fix ICEs on complex constants [PR105365,105366]David Malcolm1-9/+21
gcc/analyzer/ChangeLog: PR analyzer/105365 PR analyzer/105366 * svalue.cc (cmp_cst): Rename to... (cmp_csts_same_type): ...this. Convert all recursive calls to calls to... (cmp_csts_and_types): ....this new function. (svalue::cmp_ptr): Update for renaming of cmp_cst gcc/testsuite/ChangeLog: PR analyzer/105365 PR analyzer/105366 * gcc.dg/analyzer/pr105365.c: New test. * gcc.dg/analyzer/pr105366.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2022-04-14analyzer: fix escaping of pointer arithmetic [PR105264]David Malcolm1-0/+42
PR analyzer/105264 reports that the analyzer can fail to treat (PTR + IDX) and PTR[IDX] as referring to the same memory under some situations. There are various ways in which this can happen when IDX is a symbolic value, due to having several ways in which such memory regions can be referred to symbolically. I attempted to fix this by being smarter when folding svalues and regions, but this fix seems too fiddly to attempt in stage 4. Instead, this less ambitious patch fixes a false positive from -Wanalyzer-use-of-uninitialized-value by making the analyzer's escape analysis smarter, so that it treats *PTR as escaping when (PTR + OFFSET) is passed to an external function, and thus it treats *PTR as possibly-initialized (the "passing &PTR[IDX]" case was already working). gcc/analyzer/ChangeLog: PR analyzer/105264 * region-model-reachability.cc (reachable_regions::handle_parm): Use maybe_get_deref_base_region rather than just region_svalue, to handle pointer arithmetic also. * svalue.cc (svalue::maybe_get_deref_base_region): New. * svalue.h (svalue::maybe_get_deref_base_region): New decl. gcc/testsuite/ChangeLog: PR analyzer/105264 * gcc.dg/analyzer/torture/symbolic-10.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2022-04-14analyzer: fix ICE comparing VECTOR_CSTs [PR105252]David Malcolm1-3/+10
gcc/analyzer/ChangeLog: PR analyzer/105252 * svalue.cc (cmp_cst): When comparing VECTOR_CSTs, compare the types of the encoded elements before calling cmp_cst on them. gcc/testsuite/ChangeLog: PR analyzer/105252 * gcc.dg/analyzer/pr105252.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2022-02-23analyzer: handle __attribute__((const)) [PR104434]David Malcolm1-0/+73
When testing -fanalyzer on openblas-0.3, I noticed slightly over 2000 false positives from -Wanalyzer-malloc-leak on code like this: if( LAPACKE_lsame( vect, 'b' ) || LAPACKE_lsame( vect, 'p' ) ) { pt_t = (lapack_complex_float*) LAPACKE_malloc( sizeof(lapack_complex_float) * ldpt_t * MAX(1,n) ); [...snip...] } [...snip lots of code...] if( LAPACKE_lsame( vect, 'b' ) || LAPACKE_lsame( vect, 'q' ) ) { LAPACKE_free( pt_t ); } where LAPACKE_lsame is a char-comparison function implemented in a different TU. The analyzer naively considers the execution path where: LAPACKE_lsame( vect, 'b' ) || LAPACKE_lsame( vect, 'p' ) is true at the malloc guard, but then false at the free guard, which is thus a memory leak. This patch makes -fanalyer respect __attribute__((const)), so that the analyzer treats such functions as returning the same value when given the same inputs. I've filed https://github.com/xianyi/OpenBLAS/issues/3543 suggesting that LAPACKE_lsame be annotated with __attribute__((const)); with that, and with this patch, the false positives seem to be fixed. gcc/analyzer/ChangeLog: PR analyzer/104434 * analyzer.h (class const_fn_result_svalue): New decl. * region-model-impl-calls.cc (call_details::get_manager): New. * region-model-manager.cc (region_model_manager::get_or_create_const_fn_result_svalue): New. (region_model_manager::log_stats): Log m_const_fn_result_values_map. * region-model.cc (const_fn_p): New. (maybe_get_const_fn_result): New. (region_model::on_call_pre): Handle fndecls with __attribute__((const)) by calling the above rather than making a conjured_svalue. * region-model.h (visitor::visit_const_fn_result_svalue): New. (region_model_manager::get_or_create_const_fn_result_svalue): New decl. (region_model_manager::const_fn_result_values_map_t): New typedef. (region_model_manager::m_const_fn_result_values_map): New field. (call_details::get_manager): New decl. * svalue.cc (svalue::cmp_ptr): Handle SK_CONST_FN_RESULT. (const_fn_result_svalue::dump_to_pp): New. (const_fn_result_svalue::dump_input): New. (const_fn_result_svalue::accept): New. * svalue.h (enum svalue_kind): Add SK_CONST_FN_RESULT. (svalue::dyn_cast_const_fn_result_svalue): New. (class const_fn_result_svalue): New. (is_a_helper <const const_fn_result_svalue *>::test): New. (template <> struct default_hash_traits<const_fn_result_svalue::key_t>): New. gcc/testsuite/ChangeLog: PR analyzer/104434 * gcc.dg/analyzer/attr-const-1.c: New test. * gcc.dg/analyzer/attr-const-2.c: New test. * gcc.dg/analyzer/attr-const-3.c: New test. * gcc.dg/analyzer/pr104434-const.c: New test. * gcc.dg/analyzer/pr104434-nonconst.c: New test. * gcc.dg/analyzer/pr104434.h: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2022-01-03Update copyright years.Jakub Jelinek1-1/+1
2021-11-19analyzer: fix false leak due to overeager state merging [PR103217]David Malcolm1-0/+8
PR analyzer/103217 reports a false positive from -Wanalyzer-malloc-leak. The root cause is due to overzealous state merger, where the state-merging code decided to merge these two states by merging the stores: state A: clusters within frame: ‘main’@1 cluster for: one_3: CONJURED(val_4 = strdup (src_2(D));, val_4) cluster for: two_4: UNKNOWN(char *) cluster for: one_21: CONJURED(val_4 = strdup (src_2(D));, val_4) state B: clusters within frame: ‘main’@1 cluster for: one_3: UNKNOWN(char *) cluster for: two_4: CONJURED(val_4 = strdup (src_2(D));, val_4) cluster for: two_18: CONJURED(val_4 = strdup (src_2(D));, val_4) into: clusters within frame: ‘main’@1 cluster for: one_3: UNKNOWN(char *) cluster for: two_4: UNKNOWN(char *) cluster for: one_21: UNKNOWN(char *) cluster for: two_18: UNKNOWN(char *) despite "CONJURED(val_4 = strdup (src_2(D));, val_4)" having sm-state, in this case malloc:nonnull ({free}), thus leading to both references to the conjured svalue being lost at merger. This patch tweaks the state merger code so that it will not consider merging two different svalues for the value of a region if either svalue has non-purgable sm-state (in the above example, malloc:nonnull). This fixes the false leak report above. Doing so uncovered an issue with explode-2a.c in which the warnings moved from the correct location to the "while" stmt. This turned out to be a missing call to detect_leaks in phi-handling, which the patch also fixes (in the PK_BEFORE_SUPERNODE case in exploded_graph::process_node). Doing this fixed the regression in explode-2a.c and also fixed the location of the leak warning in explode-1.c. The other side effect of the change is that pr94858-1.c now emits a -Wanalyzer-too-complex warning, since pertinent state is no longer being thrown away. There doesn't seem to be a good way of avoiding this, so the patch also adds -Wno-analyzer-too-complex to that test case (restoring the default). gcc/analyzer/ChangeLog: PR analyzer/103217 * engine.cc (exploded_graph::get_or_create_node): Pass in m_ext_state to program_state::can_merge_with_p. (exploded_graph::process_worklist): Likewise. (exploded_graph::maybe_process_run_of_before_supernode_enodes): Likewise. (exploded_graph::process_node): Add missing call to detect_leaks when handling phi nodes. * program-state.cc (program_state::can_merge_with_p): Add "ext_state" param. Pass it and state ptrs to region_model::can_merge_with_p. (selftest::test_program_state_merging): Update for new ext_state param of program_state::can_merge_with_p. (selftest::test_program_state_merging_2): Likewise. * program-state.h (program_state::can_purge_p): Make const. (program_state::can_merge_with_p): Add "ext_state" param. * region-model.cc: Include "analyzer/program-state.h". (region_model::can_merge_with_p): Add params "ext_state", "state_a", and "state_b", use them when creating model_merger object. (model_merger::mergeable_svalue_p): New. * region-model.h (region_model::can_merge_with_p): Add params "ext_state", "state_a", and "state_b". (model_merger::model_merger) Likewise, initializing new fields. (model_merger::mergeable_svalue_p): New decl. (model_merger::m_ext_state): New field. (model_merger::m_state_a): New field. (model_merger::m_state_b): New field. * svalue.cc (svalue::can_merge_p): Call model_merger::mergeable_svalue_p on both states and reject the merger accordingly. gcc/testsuite/ChangeLog: PR analyzer/103217 * gcc.dg/analyzer/explode-1.c: Update for improvement to location of leak warning. * gcc.dg/analyzer/pr103217.c: New test. * gcc.dg/analyzer/pr94858-1.c: Add -Wno-analyzer-too-complex. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2021-08-30analyzer: support "bifurcation"; reimplement realloc [PR99260]David Malcolm1-1/+2
Most of the state-management code in the analyzer involves modifying state objects in-place, which implies a single outcome. (I originally implemented in-place modification because I wanted to avoid having to create copies of state objects, and it's now very difficult to change this aspect of the analyzer's design) However, there are various special-cases such as "realloc" for which it's best to split the state into multiple outcomes. This patch adds a mechanism for "bifurcating" the analysis in places where there isn't a split in the CFG, and uses it to implement realloc, in this case treating it as having 3 possible outcomes: - failure, returning NULL - success, growing the buffer in-place without moving it - success, allocating a new buffer, copying the content of the old buffer to it, and freeing the old buffer. gcc/ChangeLog: PR analyzer/99260 * Makefile.in (ANALYZER_OBJS): Add analyzer/call-info.o. gcc/analyzer/ChangeLog: PR analyzer/99260 * analyzer.h (class custom_edge_info): New class, adapted from exploded_edge::custom_info_t. Make member functions const. Make update_model return bool, converting edge param from reference to a pointer, and adding a ctxt param. (class path_context): New class. * call-info.cc: New file. * call-info.h: New file. * engine.cc: Include "analyzer/call-info.h" and <memory>. (impl_region_model_context::impl_region_model_context): Update for new m_path_ctxt field. (impl_region_model_context::bifurcate): New. (impl_region_model_context::terminate_path): New. (impl_region_model_context::get_malloc_map): New. (impl_sm_context::impl_sm_context): Update for new m_path_ctxt field. (impl_sm_context::get_fndecl_for_call): Likewise. (impl_sm_context::set_next_state): Likewise. (impl_sm_context::warn): Likewise. (impl_sm_context::is_zero_assignment): Likewise. (impl_sm_context::get_path_context): New. (impl_sm_context::m_path_ctxt): New. (impl_region_model_context::on_condition): Update for new path_ctxt param. Handle m_enode_for_diag being NULL. (impl_region_model_context::on_phi): Update for new path_ctxt param. (exploded_node::on_stmt): Add path_ctxt param, updating ctor calls to use it as necessary. Use it to bail out after sm-handling, if needed. (exploded_node::detect_leaks): Update for new path_ctxt param. (dynamic_call_info_t::update_model): Update for conversion of exploded_edge::custom_info_t to custom_edge_info. (dynamic_call_info_t::add_events_to_path): Likewise. (rewind_info_t::update_model): Likewise. (rewind_info_t::add_events_to_path): Likewise. (exploded_edge::exploded_edge): Likewise. (exploded_graph::add_edge): Likewise. (exploded_graph::maybe_process_run_of_before_supernode_enodes): Update for new path_ctxt param. (class impl_path_context): New. (exploded_graph::process_node): Update for new path_ctxt param. Create an impl_path_context and pass it to exploded_node::on_stmt. Use it to terminate iterating stmts if terminate_path is called on it. After processing a run of stmts, query path_ctxt to potentially terminate the analysis path, and/or to "bifurcate" the analysis into multiple additional paths. (feasibility_state::maybe_update_for_edge): Update for new update_model ctxt param. * exploded-graph.h (impl_region_model_context::impl_region_model_context): Add path_ctxt param. (impl_region_model_context::bifurcate): New. (impl_region_model_context::terminate_path): New (impl_region_model_context::get_ext_state): New. (impl_region_model_context::get_malloc_map): New. (impl_region_model_context::m_path_ctxt): New field. (exploded_node::on_stmt): Add path_ctxt param. (class exploded_edge::custom_info_t): Move to analyzer.h, renaming to custom_edge_info, and making the changes as noted in analyzer.h above. (exploded_edge::exploded_edge): Update for these changes to exploded_edge::custom_info_t. (exploded_edge::m_custom_info): Likewise. (class dynamic_call_info_t): Likewise. (class rewind_info_t): Likewise. (exploded_graph::add_edge): Likewise. * program-state.cc (program_state::on_edge): Update for new path_ctxt param. (program_state::push_call): Likewise. (program_state::returning_call): Likewise. (program_state::prune_for_point): Likewise. * region-model-impl-calls.cc: Include "analyzer/call-info.h". (call_details::get_fndecl_for_call): New. (region_model::impl_call_realloc): Reimplement. * region-model.cc (region_model::on_call_pre): Move call to impl_call_realloc to... (region_model::on_call_post): ...here. Consolidate creation of call_details instance. (noop_region_model_context::bifurcate): New. (noop_region_model_context::terminate_path): New. * region-model.h (call_details::get_call_stmt): New. (call_details::get_fndecl_for_call): New. (region_model::on_realloc_with_move): New. (region_model_context::bifurcate): New. (region_model_context::terminate_path): New. (region_model_context::get_ext_state): New. (region_model_context::get_malloc_map): New. (noop_region_model_context::bifurcate): New. (noop_region_model_context::terminate_path): New. (noop_region_model_context::get_ext_state): New. (noop_region_model_context::get_malloc_map): New. * sm-malloc.cc: Include "analyzer/program-state.h". (malloc_state_machine::on_realloc_call): Reimplement. (malloc_state_machine::on_realloc_with_move): New. (region_model::on_realloc_with_move): New. * sm-signal.cc (class signal_delivery_edge_info_t): Update for conversion from exploded_edge::custom_info_t to custom_edge_info. * sm.h (sm_context::get_path_context): New. * svalue.cc (svalue::maybe_get_constant): Call unwrap_any_unmergeable. gcc/testsuite/ChangeLog: PR analyzer/99260 * gcc.dg/analyzer/capacity-2.c: Update for changes to realloc analysis. * gcc.dg/analyzer/pr99193-1.c: Likewise. * gcc.dg/analyzer/pr99193-3.c: Likewise. * gcc.dg/analyzer/realloc-1.c: Likewise. Add test coverage for realloc of non-heap pointer, realloc from mismatching allocator, and realloc on a freed pointer. * gcc.dg/analyzer/realloc-2.c: New test.
2021-08-04analyzer: initial implementation of asm support [PR101570]David Malcolm1-0/+89
gcc/ChangeLog: PR analyzer/101570 * Makefile.in (ANALYZER_OBJS): Add analyzer/region-model-asm.o. gcc/analyzer/ChangeLog: PR analyzer/101570 * analyzer.cc (maybe_reconstruct_from_def_stmt): Add GIMPLE_ASM case. * analyzer.h (class asm_output_svalue): New forward decl. (class reachable_regions): New forward decl. * complexity.cc (complexity::from_vec_svalue): New. * complexity.h (complexity::from_vec_svalue): New decl. * engine.cc (feasibility_state::maybe_update_for_edge): Handle asm stmts by calling on_asm_stmt. * region-model-asm.cc: New file. * region-model-manager.cc (region_model_manager::maybe_fold_asm_output_svalue): New. (region_model_manager::get_or_create_asm_output_svalue): New. (region_model_manager::log_stats): Log m_asm_output_values_map. * region-model.cc (region_model::on_stmt_pre): Handle GIMPLE_ASM. * region-model.h (visitor::visit_asm_output_svalue): New. (region_model_manager::get_or_create_asm_output_svalue): New decl. (region_model_manager::maybe_fold_asm_output_svalue): New decl. (region_model_manager::asm_output_values_map_t): New typedef. (region_model_manager::m_asm_output_values_map): New field. (region_model::on_asm_stmt): New. * store.cc (binding_cluster::on_asm): New. * store.h (binding_cluster::on_asm): New decl. * svalue.cc (svalue::cmp_ptr): Handle SK_ASM_OUTPUT. (asm_output_svalue::dump_to_pp): New. (asm_output_svalue::dump_input): New. (asm_output_svalue::input_idx_to_asm_idx): New. (asm_output_svalue::accept): New. * svalue.h (enum svalue_kind): Add SK_ASM_OUTPUT. (svalue::dyn_cast_asm_output_svalue): New. (class asm_output_svalue): New. (is_a_helper <const asm_output_svalue *>::test): New. (struct default_hash_traits<asm_output_svalue::key_t>): New. gcc/testsuite/ChangeLog: PR analyzer/101570 * gcc.dg/analyzer/asm-x86-1.c: New test. * gcc.dg/analyzer/asm-x86-lp64-1.c: New test. * gcc.dg/analyzer/asm-x86-lp64-2.c: New test. * gcc.dg/analyzer/pr101570.c: New test. * gcc.dg/analyzer/torture/asm-x86-linux-array_index_mask_nospec.c: New test. * gcc.dg/analyzer/torture/asm-x86-linux-cpuid-paravirt-1.c: New test. * gcc.dg/analyzer/torture/asm-x86-linux-cpuid-paravirt-2.c: New test. * gcc.dg/analyzer/torture/asm-x86-linux-cpuid.c: New test. * gcc.dg/analyzer/torture/asm-x86-linux-rdmsr-paravirt.c: New test. * gcc.dg/analyzer/torture/asm-x86-linux-rdmsr.c: New test. * gcc.dg/analyzer/torture/asm-x86-linux-wfx_get_ps_timeout-full.c: New test. * gcc.dg/analyzer/torture/asm-x86-linux-wfx_get_ps_timeout-reduced.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2021-07-21analyzer: tweak dumping of min_expr/max_exprDavid Malcolm1-5/+34
gcc/analyzer/ChangeLog: * svalue.cc (infix_p): New. (binop_svalue::dump_to_pp): Use it to print MIN_EXPR and MAX_EXPR in prefix form, rather than infix. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2021-07-19analyzer: add svalue::can_have_associated_state_p [PR101503]David Malcolm1-0/+4
PR analyzer/101503 reports an assertion failure due to an unexpected "UNKNOWN" value (due to using --param analyzer-max-svalue-depth=0). This patch fixes this by rejecting attempts to purge state involving unknown/poisoned svalues (in region_model::purge_state_involving), as these svalues should not have state associated with them - they are singletons w.r.t each type. To be more systematic about this, the patch also introduces a new svalue::can_have_associated_state_p which returns false for unknown/poisoned svalues, so that we can reject adding constraints or sm-state on them, or building various kinds of svalue in terms of them (e.g. unary ops, binary ops, etc). gcc/analyzer/ChangeLog: PR analyzer/101503 * constraint-manager.cc (constraint_manager::add_constraint): Use can_have_associated_state_p rather than testing for unknown. (constraint_manager::get_or_add_equiv_class): Likewise. * program-state.cc (sm_state_map::set_state): Likewise. (sm_state_map::impl_set_state): Add assertion. * region-model-manager.cc (region_model_manager::maybe_fold_unaryop): Handle poisoned values. (region_model_manager::maybe_fold_binop): Move handling of unknown values... (region_model_manager::get_or_create_binop): ...to here, and generalize to use can_have_associated_state_p. (region_model_manager::maybe_fold_sub_svalue): Use can_have_associated_state_p rather than testing for unknown. (region_model_manager::maybe_fold_repeated_svalue): Use unknown when the size or repeated value is "unknown"/"poisoned". * region-model.cc (region_model::purge_state_involving): Reject attempts to purge unknown/poisoned svalues, as these svalues should not have state associated with them. * svalue.cc (sub_svalue::sub_svalue): Assert that we're building on top of an svalue with can_have_associated_state_p. (repeated_svalue::repeated_svalue): Likewise. (bits_within_svalue::bits_within_svalue): Likewise. * svalue.h (svalue::can_have_associated_state_p): New. (unknown_svalue::can_have_associated_state_p): New. (poisoned_svalue::can_have_associated_state_p): New. (unaryop_svalue::unaryop_svalue): Assert that we're building on top of an svalue with can_have_associated_state_p. (binop_svalue::binop_svalue): Likewise. (widening_svalue::widening_svalue): Likewise. gcc/testsuite/ChangeLog: PR analyzer/101503 * gcc.dg/analyzer/pr101503.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2021-07-16analyzer: add region_model::check_region_accessDavid Malcolm1-1/+1
I've been experimenting with various new diagnostics that require a common place for the analyzer to check the validity of reads or writes to memory (e.g. buffer overflow). As preliminary work, this patch adds new region_model::check_region_for_{read|write} functions which are called anywhere that the analyzer "sees" memory being read from or written to (via region_model::get_store_value and region_model::set_value). This takes over the hardcoded calls to check_for_writable_region (allowing for other kinds of checks on writes); checking reads is currently a no-op. gcc/analyzer/ChangeLog: * analyzer.h (enum access_direction): New. * engine.cc (exploded_node::on_longjmp): Update for new param of get_store_value. * program-state.cc (program_state::prune_for_point): Likewise. * region-model-impl-calls.cc (region_model::impl_call_memcpy): Replace call to check_for_writable_region with call to check_region_for_write. (region_model::impl_call_memset): Likewise. (region_model::impl_call_strcpy): Likewise. * region-model-reachability.cc (reachable_regions::add): Update for new param of get_store_value. * region-model.cc (region_model::get_rvalue_1): Likewise, also for get_rvalue_for_bits. (region_model::get_store_value): Add ctxt param and use it to call check_region_for_read. (region_model::get_rvalue_for_bits): Add ctxt param and use it to call get_store_value. (region_model::check_region_access): New. (region_model::check_region_for_write): New. (region_model::check_region_for_read): New. (region_model::set_value): Update comment. Replace call to check_for_writable_region with call to check_region_for_write. * region-model.h (region_model::get_rvalue_for_bits): Add ctxt param. (region_model::get_store_value): Add ctxt param. (region_model::check_region_access): New decl. (region_model::check_region_for_write): New decl. (region_model::check_region_for_read): New decl. * region.cc (region_model::copy_region): Update call to get_store_value. * svalue.cc (initial_svalue::implicitly_live_p): Likewise. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2021-07-16analyzer: add svalue::maybe_get_regionDavid Malcolm1-0/+12
gcc/analyzer/ChangeLog: * program-state.cc (program_state::detect_leaks): Simplify using svalue::maybe_get_region. * region-model-impl-calls.cc (region_model::impl_call_fgets): Likewise. (region_model::impl_call_fread): Likewise. (region_model::impl_call_free): Likewise. (region_model::impl_call_operator_delete): Likewise. * region-model.cc (selftest::test_stack_frames): Likewise. (selftest::test_state_merging): Likewise. * svalue.cc (svalue::maybe_get_region): New. * svalue.h (svalue::maybe_get_region): New decl. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2021-07-15analyzer: reimplement -Wanalyzer-use-of-uninitialized-value [PR95006 et al]David Malcolm1-2/+30
The initial gcc 10 era commit of the analyzer (in 757bf1dff5e8cee34c0a75d06140ca972bfecfa7) had an implementation of -Wanalyzer-use-of-uninitialized-value, but was sufficiently buggy that I removed it in 78b9783774bfd3540f38f5b1e3c7fc9f719653d7 before the release of gcc 10.1 This patch reintroduces the warning, heavily rewritten, with (I hope) a less buggy implementation this time, for GCC 12. gcc/analyzer/ChangeLog: PR analyzer/95006 PR analyzer/94713 PR analyzer/94714 * analyzer.cc (maybe_reconstruct_from_def_stmt): Split out GIMPLE_ASSIGN case into... (get_diagnostic_tree_for_gassign_1): New. (get_diagnostic_tree_for_gassign): New. * analyzer.h (get_diagnostic_tree_for_gassign): New decl. * analyzer.opt (Wanalyzer-write-to-string-literal): New. * constraint-manager.cc (class svalue_purger): New. (constraint_manager::purge_state_involving): New. * constraint-manager.h (constraint_manager::purge_state_involving): New. * diagnostic-manager.cc (saved_diagnostic::supercedes_p): New. (dedupe_winners::handle_interactions): New. (diagnostic_manager::emit_saved_diagnostics): Call it. * diagnostic-manager.h (saved_diagnostic::supercedes_p): New decl. * engine.cc (impl_region_model_context::warn): Convert return type to bool. Return false if the diagnostic isn't saved. (impl_region_model_context::purge_state_involving): New. (impl_sm_context::get_state): Use NULL ctxt when querying old rvalue. (impl_sm_context::set_next_state): Use new sval when querying old state. (class dump_path_diagnostic): Move to region-model.cc (exploded_node::on_stmt): Move to on_stmt_pre and on_stmt_post. Remove call to purge_state_involving. (exploded_node::on_stmt_pre): New, based on the above. Move most of it to region_model::on_stmt_pre. (exploded_node::on_stmt_post): Likewise, moving to region_model::on_stmt_post. (class stale_jmp_buf): Fix parent class to use curiously recurring template pattern. (feasibility_state::maybe_update_for_edge): Call on_call_pre and on_call_post on gcalls. * exploded-graph.h (impl_region_model_context::warn): Return bool. (impl_region_model_context::purge_state_involving): New decl. (exploded_node::on_stmt_pre): New decl. (exploded_node::on_stmt_post): New decl. * pending-diagnostic.h (pending_diagnostic::use_of_uninit_p): New. (pending_diagnostic::supercedes_p): New. * program-state.cc (sm_state_map::get_state): Inherit state for conjured_svalue as well as initial_svalue. (sm_state_map::purge_state_involving): Also support SK_CONJURED. * region-model-impl-calls.cc (call_details::get_uncertainty): Handle m_ctxt being NULL. (call_details::get_or_create_conjured_svalue): New. (region_model::impl_call_fgets): New. (region_model::impl_call_fread): New. * region-model-manager.cc (region_model_manager::get_or_create_initial_value): Return an uninitialized poisoned value for regions that can't have initial values. * region-model-reachability.cc (reachable_regions::mark_escaped_clusters): Handle ctxt being NULL. * region-model.cc (region_to_value_map::purge_state_involving): New. (poisoned_value_diagnostic::use_of_uninit_p): New. (poisoned_value_diagnostic::emit): Handle POISON_KIND_UNINIT. (poisoned_value_diagnostic::describe_final_event): Likewise. (region_model::check_for_poison): New. (region_model::on_assignment): Call it. (class dump_path_diagnostic): Move here from engine.cc. (region_model::on_stmt_pre): New, based on exploded_node::on_stmt. (region_model::on_call_pre): Move the setting of the LHS to a conjured svalue to before the checks for specific functions. Handle "fgets", "fgets_unlocked", and "fread". (region_model::purge_state_involving): New. (region_model::handle_unrecognized_call): Handle ctxt being NULL. (region_model::get_rvalue): Call check_for_poison. (selftest::test_stack_frames): Use NULL for context when getting uninitialized rvalue. (selftest::test_alloca): Likewise. * region-model.h (region_to_value_map::purge_state_involving): New decl. (call_details::get_or_create_conjured_svalue): New decl. (region_model::on_stmt_pre): New decl. (region_model::purge_state_involving): New decl. (region_model::impl_call_fgets): New decl. (region_model::impl_call_fread): New decl. (region_model::check_for_poison): New decl. (region_model_context::warn): Return bool. (region_model_context::purge_state_involving): New. (noop_region_model_context::warn): Return bool. (noop_region_model_context::purge_state_involving): New. (test_region_model_context:: warn): Return bool. * region.cc (region::get_memory_space): New. (region::can_have_initial_svalue_p): New. (region::involves_p): New. * region.h (enum memory_space): New. (region::get_memory_space): New decl. (region::can_have_initial_svalue_p): New decl. (region::involves_p): New decl. * sm-malloc.cc (use_after_free::supercedes_p): New. * store.cc (binding_cluster::purge_state_involving): New. (store::purge_state_involving): New. * store.h (class symbolic_binding): New forward decl. (binding_key::dyn_cast_symbolic_binding): New. (symbolic_binding::dyn_cast_symbolic_binding): New. (binding_cluster::purge_state_involving): New. (store::purge_state_involving): New. * svalue.cc (svalue::can_merge_p): Reject attempts to merge poisoned svalues with other svalues, so that we identify paths in which a variable is conditionally uninitialized. (involvement_visitor::visit_conjured_svalue): New. (svalue::involves_p): Also handle SK_CONJURED. (poison_kind_to_str): Handle POISON_KIND_UNINIT. (poisoned_svalue::maybe_fold_bits_within): New. * svalue.h (enum poison_kind): Add POISON_KIND_UNINIT. (poisoned_svalue::maybe_fold_bits_within): New decl. gcc/ChangeLog: PR analyzer/95006 PR analyzer/94713 PR analyzer/94714 * doc/invoke.texi: Add -Wanalyzer-use-of-uninitialized-value. gcc/testsuite/ChangeLog: PR analyzer/95006 PR analyzer/94713 PR analyzer/94714 * g++.dg/analyzer/pr93212.C: Update location of warning. * g++.dg/analyzer/pr94011.C: Add -Wno-analyzer-use-of-uninitialized-value. * g++.dg/analyzer/pr94503.C: Likewise. * gcc.dg/analyzer/clobbers-1.c: Convert "f" from a local to a param to avoid uninitialized warning. * gcc.dg/analyzer/data-model-1.c (test_12): Add test for uninitialized value on result of alloca. (test_12a): Add expected warning. (test_12c): Likewise. (test_19): Likewise. (test_29b): Likewise. (test_29c): Likewise. (test_37): Remove xfail. (test_37a): Likewise. * gcc.dg/analyzer/data-model-20.c: Add warning about leak. * gcc.dg/analyzer/explode-2.c: Remove params; add -Wno-analyzer-too-complex, -Wno-analyzer-malloc-leak, and xfails. Initialize the locals. * gcc.dg/analyzer/explode-2a.c: Initialize the locals. Add expected leak. * gcc.dg/analyzer/fgets-1.c: New test. * gcc.dg/analyzer/fread-1.c: New test. * gcc.dg/analyzer/malloc-1.c (test_16): Add expected warning. (test_40): Likewise. * gcc.dg/analyzer/memset-CVE-2017-18549-1.c: Check for uninitialized padding. * gcc.dg/analyzer/pr93355-localealias-feasibility.c (fread): New decl. (read_alias_file): Call it. * gcc.dg/analyzer/pr94047.c: Add expected warnings. * gcc.dg/analyzer/pr94851-2.c: Likewise. * gcc.dg/analyzer/pr96841.c: Convert local to a param. * gcc.dg/analyzer/pr98628.c: Likewise. * gcc.dg/analyzer/pr99042.c: Updated expected location of leak diagnostics. * gcc.dg/analyzer/symbolic-1.c: Add expected warnings. * gcc.dg/analyzer/symbolic-7.c: Likewise. * gcc.dg/analyzer/torture/pr93649.c: Add expected warning. Skip with -fno-fat-lto-objects. * gcc.dg/analyzer/uninit-1.c: New test. * gcc.dg/analyzer/uninit-2.c: New test. * gcc.dg/analyzer/uninit-3.c: New test. * gcc.dg/analyzer/uninit-4.c: New test. * gcc.dg/analyzer/uninit-pr94713.c: New test. * gcc.dg/analyzer/uninit-pr94714.c: New test. * gcc.dg/analyzer/use-after-free-2.c: New test. * gcc.dg/analyzer/use-after-free-3.c: New test. * gcc.dg/analyzer/zlib-3.c: Add expected warning. * gcc.dg/analyzer/zlib-6.c: Convert locals to params to avoid uninitialized warnings. Remove xfail. * gcc.dg/analyzer/zlib-6a.c: New test, based on the old version of the above. * gfortran.dg/analyzer/pr97668.f: Add -Wno-analyzer-use-of-uninitialized-value and -Wno-analyzer-too-complex. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2021-07-07analyzer: remove add_any_constraints_from_ssa_def_stmtDavid Malcolm1-5/+19
I'm working on reimplementing -Wanalyzer-use-of-uninitialized-value, but I ran into issues with region_model::add_any_constraints_from_ssa_def_stmt. This function is from the initial commit of the analyzer and walks the SSA names finding conditions that were missed due to the GCC 10 era region_model not retaining useful information on how values were created; as of GCC 11 the symbolic values contain this information, and so the conditions can be reconstructed from them instead. region_model::add_any_constraints_from_ssa_def_stmt is a liability when tracking uninitialized values as it requires looking up SSA values when those values may have been purged, thus greatly complicating detection of uses of uninitialized values. It's simplest to eliminate it and reimplement the condition-finding via the makeup of the svalues, which this patch does. Doing so requires supporting add_condition on svalues rather than just on trees, which requires some changes to ana::state_machine and its subclasses. gcc/analyzer/ChangeLog: * diagnostic-manager.cc (null_assignment_sm_context::get_state): New overload. (null_assignment_sm_context::set_next_state): New overload. (null_assignment_sm_context::get_diagnostic_tree): New. * engine.cc (impl_sm_context::get_state): New overload. (impl_sm_context::set_next_state): New overload. (impl_sm_context::get_diagnostic_tree): New overload. (impl_region_model_context::on_condition): Convert params from tree to const svalue *. * exploded-graph.h (impl_region_model_context::on_condition): Likewise. * region-model.cc (region_model::on_call_pre): Move handling of internal calls to before checking for get_fndecl_for_call. (region_model::add_constraints_from_binop): New. (region_model::add_constraint): Split out into a new overload working on const svalue * rather than tree. Call add_constraints_from_binop. Drop call to add_any_constraints_from_ssa_def_stmt. (region_model::add_any_constraints_from_ssa_def_stmt): Delete. (region_model::add_any_constraints_from_gassign): Delete. (region_model::add_any_constraints_from_gcall): Delete. * region-model.h (region_model::add_any_constraints_from_ssa_def_stmt): Delete. (region_model::add_any_constraints_from_gassign): Delete. (region_model::add_any_constraints_from_gcall): Delete. (region_model::add_constraint): Add overload decl. (region_model::add_constraints_from_binop): New decl. (region_model_context::on_condition): Convert params from tree to const svalue *. (noop_region_model_context::on_condition): Likewise. * sm-file.cc (fileptr_state_machine::condition): Likewise. * sm-malloc.cc (malloc_state_machine::on_condition): Likewise. * sm-pattern-test.cc: Include tristate.h, selftest.h, analyzer/call-string.h, analyzer/program-point.h, analyzer/store.h, and analyzer/region-model.h. (pattern_test_state_machine::on_condition): Convert params from tree to const svalue *. * sm-sensitive.cc (sensitive_state_machine::on_condition): Delete. * sm-signal.cc (signal_state_machine::on_condition): Delete. * sm-taint.cc (taint_state_machine::on_condition): Convert params from tree to const svalue *. * sm.cc: Include tristate.h, selftest.h, analyzer/call-string.h, analyzer/program-point.h, analyzer/store.h, and analyzer/region-model.h. (any_pointer_p): Add overload taking const svalue *sval. * sm.h (any_pointer_p): Add overload taking const svalue *sval. (state_machine::on_condition): Convert params from tree to const svalue *. Provide no-op default implementation. (sm_context::get_state): Add overload taking const svalue *sval. (sm_context::set_next_state): Likewise. (sm_context::on_transition): Likewise. (sm_context::get_diagnostic_tree): Likewise. * svalue.cc (svalue::all_zeroes_p): New. (constant_svalue::all_zeroes_p): New. (repeated_svalue::all_zeroes_p): Convert to vfunc. * svalue.h (svalue::all_zeroes_p): New decl. (constant_svalue::all_zeroes_p): New decl. (repeated_svalue::all_zeroes_p): Convert decl to vfunc. gcc/testsuite/ChangeLog: * gcc.dg/analyzer/pattern-test-2.c: Update expected results. * gcc.dg/plugin/analyzer_gil_plugin.c (gil_state_machine::on_condition): Remove. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2021-06-30analyzer: eliminate enum binding_key [PR95006]David Malcolm1-0/+381
I rewrote the way the analyzer's region_model tracks the state of memory in GCC 11 (in 808f4dfeb3a95f50f15e71148e5c1067f90a126d), which introduced a store with a binding_map class, mapping binding keys to symbolic values. The GCC 11 implementation of binding keys has an enum binding_kind, which can be "default" vs "direct"; the idea being that direct bindings take priority over default bindings, where the latter could be used to represent e.g. a zero-fill of a buffer, and the former expresses those subregions that have since been touched. This doesn't work well: it doesn't express the idea of filling different subregions with different values, or a memset that only touches part of a buffer, leading to numerous XFAILs in the memset test cases (and elsewhere). As preparatory work towards tracking uninitialized values, this patch eliminates the enum binding_kind, so that all bindings have equal weight; the order in which they happen is all that matters. If a write happens which partially overwrites an existing binding, the new code can partially overwrite a binding, potentially punching a hole so that an existing binding is split into two parts. The patch adds some new classes: - a new "bits_within_svalue" symbolic value to support extracting parts of an existing value when its binding is partially clobbered - a new "repeated_svalue" symbolic value to better express filling a region with repeated copies of a symbolic value (e.g. constant zero) - a new "sized_region" region to express accessing a subregion with a symbolic size in bytes and it rewrites e.g. how memset is implemented, so that we can precisely track which bits in a region have not been touched. That said, the patch doesn't actually implement "uninitialized" values; I'm saving that for a followup. gcc/analyzer/ChangeLog: PR analyzer/95006 * analyzer.h (class repeated_svalue): New forward decl. (class bits_within_svalue): New forward decl. (class sized_region): New forward decl. (get_field_at_bit_offset): New forward decl. * engine.cc (exploded_graph::get_or_create_node): Validate the merged state. (exploded_graph::maybe_process_run_of_before_supernode_enodes): Validate the states at each stage. * program-state.cc (program_state::validate): Validate m_region_model. * region-model-impl-calls.cc (region_model::impl_call_memset): Replace special-case logic for handling constant sizes with a call to fill_region of a sized_region with the given fill value. * region-model-manager.cc (maybe_undo_optimize_bit_field_compare): Drop DK_direct. (region_model_manager::maybe_fold_sub_svalue): Fold element-based subregions of an initial value into initial values of an element. Fold subvalues of repeated svalues. (region_model_manager::maybe_fold_repeated_svalue): New. (region_model_manager::get_or_create_repeated_svalue): New. (get_bit_range_for_field): New. (get_byte_range_for_field): New. (get_field_at_byte_range): New. (region_model_manager::maybe_fold_bits_within_svalue): New. (region_model_manager::get_or_create_bits_within): New. (region_model_manager::get_sized_region): New. (region_model_manager::log_stats): Update for addition of m_repeated_values_map, m_bits_within_values_map, and m_sized_regions. * region-model.cc (region_model::validate): New. (region_model::on_assignment): Drop enum binding_kind. (region_model::get_initial_value_for_global): Likewise. (region_model::get_rvalue_for_bits): Replace body with call to get_or_create_bits_within. (region_model::get_capacity): Handle RK_SIZED. (region_model::set_value): Drop enum binding_kind. (region_model::fill_region): New. (region_model::get_representative_path_var_1): Handle RK_SIZED. * region-model.h (visitor::visit_repeated_svalue): New. (visitor::visit_bits_within_svalue): New. (region_model_manager::get_or_create_repeated_svalue): New decl. (region_model_manager::get_or_create_bits_within): New decl. (region_model_manager::get_sized_region): New decl. (region_model_manager::maybe_fold_repeated_svalue): New decl. (region_model_manager::maybe_fold_bits_within_svalue): New decl. (region_model_manager::repeated_values_map_t): New typedef. (region_model_manager::m_repeated_values_map): New field. (region_model_manager::bits_within_values_map_t): New typedef. (region_model_manager::m_bits_within_values_map): New field. (region_model_manager::m_sized_regions): New field. (region_model::fill_region): New decl. * region.cc (region::get_base_region): Handle RK_SIZED. (region::base_region_p): Likewise. (region::get_byte_size_sval): New. (get_field_at_bit_offset): Make non-static. (region::calc_offset): Move implementation of cases to get_relative_concrete_offset vfunc implementations. Handle RK_SIZED. (region::get_relative_concrete_offset): New. (decl_region::get_svalue_for_initializer): Drop enum binding_kind. (field_region::get_relative_concrete_offset): New, from region::calc_offset. (element_region::get_relative_concrete_offset): Likewise. (offset_region::get_relative_concrete_offset): Likewise. (sized_region::accept): New. (sized_region::dump_to_pp): New. (sized_region::get_byte_size): New. (sized_region::get_bit_size): New. * region.h (enum region_kind): Add RK_SIZED. (region::dyn_cast_sized_region): New. (region::get_byte_size): Make virtual. (region::get_bit_size): Likewise. (region::get_byte_size_sval): New decl. (region::get_relative_concrete_offset): New decl. (field_region::get_relative_concrete_offset): New decl. (element_region::get_relative_concrete_offset): Likewise. (offset_region::get_relative_concrete_offset): Likewise. (class sized_region): New. * store.cc (binding_kind_to_string): Delete. (binding_key::make): Drop enum binding_kind. (binding_key::dump_to_pp): Delete. (binding_key::cmp_ptrs): Drop enum binding_kind. (bit_range::contains_p): New. (byte_range::dump): New. (byte_range::contains_p): New. (byte_range::cmp): New. (concrete_binding::dump_to_pp): Drop enum binding_kind. (concrete_binding::cmp_ptr_ptr): Likewise. (symbolic_binding::dump_to_pp): Likewise. (symbolic_binding::cmp_ptr_ptr): Likewise. (binding_map::apply_ctor_val_to_range): Likewise. (binding_map::apply_ctor_pair_to_child_region): Likewise. (binding_map::get_overlapping_bindings): New. (binding_map::remove_overlapping_bindings): New. (binding_cluster::validate): New. (binding_cluster::bind): Drop enum binding_kind. (binding_cluster::bind_compound_sval): Likewise. (binding_cluster::purge_region): Likewise. (binding_cluster::zero_fill_region): Reimplement in terms of... (binding_cluster::fill_region): New. (binding_cluster::mark_region_as_unknown): Drop enum binding_kind. (binding_cluster::get_binding): Likewise. (binding_cluster::get_binding_recursive): Likewise. (binding_cluster::get_any_binding): Likewise. (binding_cluster::maybe_get_compound_binding): Reimplement. (binding_cluster::get_overlapping_bindings): Delete. (binding_cluster::remove_overlapping_bindings): Reimplement in terms of binding_map::remove_overlapping_bindings. (binding_cluster::can_merge_p): Update for removal of enum binding_kind. (binding_cluster::on_unknown_fncall): Drop enum binding_kind. (binding_cluster::maybe_get_simple_value): Likewise. (store_manager::get_concrete_binding): Likewise. (store_manager::get_symbolic_binding): Likewise. (store::validate): New. (store::set_value): Drop enum binding_kind. (store::zero_fill_region): Reimplement in terms of... (store::fill_region): New. (selftest::test_binding_key_overlap): Drop enum binding_kind. * store.h (enum binding_kind): Delete. (binding_kind_to_string): Delete decl. (binding_key::make): Drop enum binding_kind. (binding_key::dump_to_pp): Make pure virtual. (binding_key::get_kind): Delete. (binding_key::mark_deleted): Delete. (binding_key::mark_empty): Delete. (binding_key::is_deleted): Delete. (binding_key::is_empty): Delete. (binding_key::binding_key): Delete. (binding_key::impl_hash): Delete. (binding_key::impl_eq): Delete. (binding_key::m_kind): Delete. (bit_range::get_last_bit_offset): New. (bit_range::contains_p): New. (byte_range::contains_p): New. (byte_range::operator==): New. (byte_range::get_start_byte_offset): New. (byte_range::get_next_byte_offset): New. (byte_range::get_last_byte_offset): New. (byte_range::as_bit_range): New. (byte_range::cmp): New. (concrete_binding::concrete_binding): Drop enum binding_kind. (concrete_binding::hash): Likewise. (concrete_binding::operator==): Likewise. (concrete_binding::mark_deleted): New. (concrete_binding::mark_empty): New. (concrete_binding::is_deleted): New. (concrete_binding::is_empty): New. (default_hash_traits<ana::concrete_binding>::empty_zero_p): Make false. (symbolic_binding::symbolic_binding): Drop enum binding_kind. (symbolic_binding::hash): Likewise. (symbolic_binding::operator==): Likewise. (symbolic_binding::mark_deleted): New. (symbolic_binding::mark_empty): New. (symbolic_binding::is_deleted): New. (symbolic_binding::is_empty): New. (binding_map::remove_overlapping_bindings): New decl. (binding_map::get_overlapping_bindings): New decl. (binding_cluster::validate): New decl. (binding_cluster::bind): Drop enum binding_kind. (binding_cluster::fill_region): New decl. (binding_cluster::get_binding): Drop enum binding_kind. (binding_cluster::get_binding_recursive): Likewise. (binding_cluster::get_overlapping_bindings): Delete. (store::validate): New decl. (store::set_value): Drop enum binding_kind. (store::fill_region): New decl. (store_manager::get_concrete_binding): Drop enum binding_kind. (store_manager::get_symbolic_binding): Likewise. * svalue.cc (svalue::cmp_ptr): Handle SK_REPEATED and SK_BITS_WITHIN. (svalue::extract_bit_range): New. (svalue::maybe_fold_bits_within): New. (constant_svalue::maybe_fold_bits_within): New. (unknown_svalue::maybe_fold_bits_within): New. (unaryop_svalue::maybe_fold_bits_within): New. (repeated_svalue::repeated_svalue): New. (repeated_svalue::dump_to_pp): New. (repeated_svalue::accept): New. (repeated_svalue::all_zeroes_p): New. (repeated_svalue::maybe_fold_bits_within): New. (bits_within_svalue::bits_within_svalue): New. (bits_within_svalue::dump_to_pp): New. (bits_within_svalue::maybe_fold_bits_within): New. (bits_within_svalue::accept): New. (bits_within_svalue::implicitly_live_p): New. (compound_svalue::maybe_fold_bits_within): New. * svalue.h (enum svalue_kind): Add SK_REPEATED and SK_BITS_WITHIN. (svalue::dyn_cast_repeated_svalue): New. (svalue::dyn_cast_bits_within_svalue): New. (svalue::extract_bit_range): New decl. (svalue::maybe_fold_bits_within): New vfunc decl. (region_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE. (region_svalue::key_t::is_empty): Likewise. (default_hash_traits<region_svalue::key_t>::empty_zero_p): Make false. (constant_svalue::maybe_fold_bits_within): New. (unknown_svalue::maybe_fold_bits_within): New. (poisoned_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE. (poisoned_svalue::key_t::is_empty): Likewise. (default_hash_traits<poisoned_svalue::key_t>::empty_zero_p): Make false. (setjmp_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE. (setjmp_svalue::key_t::is_empty): Likewise. (default_hash_traits<setjmp_svalue::key_t>::empty_zero_p): Make false. (unaryop_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE. (unaryop_svalue::key_t::is_empty): Likewise. (unaryop_svalue::maybe_fold_bits_within): New. (default_hash_traits<unaryop_svalue::key_t>::empty_zero_p): Make false. (binop_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE. (binop_svalue::key_t::is_empty): Likewise. (default_hash_traits<binop_svalue::key_t>::empty_zero_p): Make false. (sub_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE. (sub_svalue::key_t::is_empty): Likewise. (default_hash_traits<sub_svalue::key_t>::empty_zero_p): Make false. (class repeated_svalue): New. (is_a_helper <const repeated_svalue *>::test): New. (struct default_hash_traits<repeated_svalue::key_t>): New. (class bits_within_svalue): New. (is_a_helper <const bits_within_svalue *>::test): New. (struct default_hash_traits<bits_within_svalue::key_t>): New. (widening_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE. (widening_svalue::key_t::is_empty): Likewise. (default_hash_traits<widening_svalue::key_t>::empty_zero_p): Make false. (compound_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE. (compound_svalue::key_t::is_empty): Likewise. (compound_svalue::maybe_fold_bits_within): New. (default_hash_traits<compound_svalue::key_t>::empty_zero_p): Make false. gcc/testsuite/ChangeLog: PR analyzer/95006 * gcc.dg/analyzer/clobbers-1.c: New test. * gcc.dg/analyzer/clobbers-2.c: New test. * gcc.dg/analyzer/data-model-1.c (test_26): Mark xfail as fixed. (test_28): Likewise. (test_52): Likewise. Add coverage for end of buffer. * gcc.dg/analyzer/explode-1.c: Add leak warning. * gcc.dg/analyzer/memset-1.c (test_3): Mark xfail as fixed. (test_4): Use char. Mark xfail as fixed. (test_6b): New. (test_7): Mark xfail as fixed. Add coverage for start of buffer. (test_8): New. (test_9): New. * gcc.dg/analyzer/memset-CVE-2017-18549-1.c: New test. * gcc.dg/analyzer/symbolic-8.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2021-06-03analyzer: show types for poisoned_svalue and compound_svalueDavid Malcolm1-6/+23
gcc/analyzer/ChangeLog: * svalue.cc (poisoned_svalue::dump_to_pp): Dump type. (compound_svalue::dump_to_pp): Dump any type. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2021-03-24analyzer; reset sm-state for SSA names at def-stmts [PR93695,PR99044,PR99716]David Malcolm1-0/+34
Various false positives from -fanalyzer involve SSA names in loops, where sm-state associated with an SSA name from one iteration is erroneously reused in a subsequent iteration. For example, PR analyzer/99716 describes a false "double 'fclose' of FILE 'fp'" on: for (i = 0; i < 2; ++i) { FILE *fp = fopen ("/tmp/test", "w"); fprintf (fp, "hello"); fclose (fp); } where the gimple of the loop body is: fp_7 = fopen ("/tmp/test", "w"); __builtin_fwrite ("hello", 1, 5, fp_7); fclose (fp_7); i_10 = i_1 + 1; where fp_7 transitions to "closed" at the fclose, but is not reset at the subsequent fopen, leading to the false positive when the fclose is re-reached. The fix is to reset sm-state for svalues that involve an SSA name at the SSA name's def-stmt, since the def-stmt effectively changes the meaning of those related svalues. gcc/analyzer/ChangeLog: PR analyzer/93695 PR analyzer/99044 PR analyzer/99716 * engine.cc (exploded_node::on_stmt): Clear sm-state involving an SSA name at the def-stmt of that SSA name. * program-state.cc (sm_state_map::purge_state_involving): New. * program-state.h (sm_state_map::purge_state_involving): New decl. * region-model.cc (selftest::test_involves_p): New. (selftest::analyzer_region_model_cc_tests): Call it. * svalue.cc (class involvement_visitor): New class (svalue::involves_p): New. * svalue.h (svalue::involves_p): New decl. gcc/testsuite/ChangeLog: PR analyzer/93695 PR analyzer/99044 PR analyzer/99716 * gcc.dg/analyzer/attr-malloc-CVE-2019-19078-usb-leak.c: Remove xfail. * gcc.dg/analyzer/pr93695-1.c: New test. * gcc.dg/analyzer/pr99044-1.c: New test. * gcc.dg/analyzer/pr99044-2.c: New test. * gcc.dg/analyzer/pr99716-1.c: New test. * gcc.dg/analyzer/pr99716-2.c: New test. * gcc.dg/analyzer/pr99716-3.c: New test.
generated by cgit v1.1 at 2025-09-01 14:40:17 +0000