aboutsummaryrefslogtreecommitdiff
path: root/gcc/analyzer/engine.cc
AgeCommit message (Collapse)AuthorFilesLines
2025-01-02Update copyright years.Jakub Jelinek1-1/+1
2024-11-27analyzer,timevar: avoid naked "new" in JSON-handlingDavid Malcolm1-1/+1
Now that <memory> is always included, use std::unique_ptr in a few more places to avoid naked "new". No functional change intended. gcc/analyzer/ChangeLog: * engine.cc (strongly_connected_components::to_json): Avoid naked "new". * infinite-loop.cc (infinite_loop::to_json): Convert return type to unique_ptr. Avoid naked "new". * sm-signal.cc (signal_delivery_edge_info_t::to_json): Delete unused function. * supergraph.cc (supernode::to_json): Avoid naked "new". gcc/ChangeLog: * timevar.cc: Include "make-unique.h". (timer::named_items::make_json): Convert return type to unique_ptr. Avoid naked "new". (make_json_for_timevar_time_def): Likewise. (timer::timevar_def::make_json): Likewise. (timer::make_json): Likewise. * timevar.h (timer::make_json): Likewise. (timer::timevar_def::make_json): Likewise. * tree-diagnostic-client-data-hooks.cc: Update for above changes. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2024-11-22build: Remove INCLUDE_MEMORY [PR117737]Andrew Pinski1-1/+0
Since diagnostic.h is included in over half of the sources, requiring to `#define INCLUDE_MEMORY` does not make sense. Instead lets unconditionally include memory in system.h. The majority of this patch is just removing `#define INCLUDE_MEMORY` from the sources which currently have it. This should also fix the mingw build issue but I have not tried it. Bootstrapped and tested on x86_64-linux-gnu. PR bootstrap/117737 gcc/ada/ChangeLog: * gcc-interface/misc.cc (INCLUDE_MEMORY): Remove. * gcc-interface/trans.cc (INCLUDE_MEMORY): Remove. * gcc-interface/utils.cc (INCLUDE_MEMORY): Remove. gcc/analyzer/ChangeLog: * access-diagram.cc (INCLUDE_MEMORY): Remove. * analysis-plan.cc (INCLUDE_MEMORY): Remove. * analyzer-language.cc (INCLUDE_MEMORY): Remove. * analyzer-logging.cc (INCLUDE_MEMORY): Remove. * analyzer-pass.cc (INCLUDE_MEMORY): Remove. * analyzer-selftests.cc (INCLUDE_MEMORY): Remove. * analyzer.cc (INCLUDE_MEMORY): Remove. * bar-chart.cc (INCLUDE_MEMORY): Remove. * bounds-checking.cc (INCLUDE_MEMORY): Remove. * call-details.cc (INCLUDE_MEMORY): Remove. * call-info.cc (INCLUDE_MEMORY): Remove. * call-string.cc (INCLUDE_MEMORY): Remove. * call-summary.cc (INCLUDE_MEMORY): Remove. * checker-event.cc (INCLUDE_MEMORY): Remove. * checker-path.cc (INCLUDE_MEMORY): Remove. * complexity.cc (INCLUDE_MEMORY): Remove. * constraint-manager.cc (INCLUDE_MEMORY): Remove. * diagnostic-manager.cc (INCLUDE_MEMORY): Remove. * engine.cc (INCLUDE_MEMORY): Remove. * feasible-graph.cc (INCLUDE_MEMORY): Remove. * infinite-loop.cc (INCLUDE_MEMORY): Remove. * infinite-recursion.cc (INCLUDE_MEMORY): Remove. * kf-analyzer.cc (INCLUDE_MEMORY): Remove. * kf-lang-cp.cc (INCLUDE_MEMORY): Remove. * kf.cc (INCLUDE_MEMORY): Remove. * known-function-manager.cc (INCLUDE_MEMORY): Remove. * pending-diagnostic.cc (INCLUDE_MEMORY): Remove. * program-point.cc (INCLUDE_MEMORY): Remove. * program-state.cc (INCLUDE_MEMORY): Remove. * ranges.cc (INCLUDE_MEMORY): Remove. * record-layout.cc (INCLUDE_MEMORY): Remove. * region-model-asm.cc (INCLUDE_MEMORY): Remove. * region-model-manager.cc (INCLUDE_MEMORY): Remove. * region-model-reachability.cc (INCLUDE_MEMORY): Remove. * region-model.cc (INCLUDE_MEMORY): Remove. * region.cc (INCLUDE_MEMORY): Remove. * sm-fd.cc (INCLUDE_MEMORY): Remove. * sm-file.cc (INCLUDE_MEMORY): Remove. * sm-malloc.cc (INCLUDE_MEMORY): Remove. * sm-pattern-test.cc (INCLUDE_MEMORY): Remove. * sm-sensitive.cc (INCLUDE_MEMORY): Remove. * sm-signal.cc (INCLUDE_MEMORY): Remove. * sm-taint.cc (INCLUDE_MEMORY): Remove. * sm.cc (INCLUDE_MEMORY): Remove. * state-purge.cc (INCLUDE_MEMORY): Remove. * store.cc (INCLUDE_MEMORY): Remove. * supergraph.cc (INCLUDE_MEMORY): Remove. * svalue.cc (INCLUDE_MEMORY): Remove. * symbol.cc (INCLUDE_MEMORY): Remove. * trimmed-graph.cc (INCLUDE_MEMORY): Remove. * varargs.cc (INCLUDE_MEMORY): Remove. gcc/ChangeLog: * asan.cc (INCLUDE_MEMORY): Remove. * attribs.cc (INCLUDE_MEMORY): Remove. * auto-profile.cc (INCLUDE_MEMORY): Remove. * calls.cc (INCLUDE_MEMORY): Remove. * cfganal.cc (INCLUDE_MEMORY): Remove. * cfgexpand.cc (INCLUDE_MEMORY): Remove. * cfghooks.cc (INCLUDE_MEMORY): Remove. * cfgloop.cc (INCLUDE_MEMORY): Remove. * cgraph.cc (INCLUDE_MEMORY): Remove. * cgraphclones.cc (INCLUDE_MEMORY): Remove. * cgraphunit.cc (INCLUDE_MEMORY): Remove. * collect-utils.cc (INCLUDE_MEMORY): Remove. * collect2.cc (INCLUDE_MEMORY): Remove. * common/config/aarch64/aarch64-common.cc (INCLUDE_MEMORY): Remove. * common/config/arm/arm-common.cc (INCLUDE_MEMORY): Remove. * common/config/avr/avr-common.cc (INCLUDE_MEMORY): Remove. * config/aarch64/aarch64-cc-fusion.cc (INCLUDE_MEMORY): Remove. * config/aarch64/aarch64-early-ra.cc (INCLUDE_MEMORY): Remove. * config/aarch64/aarch64-sve-builtins.cc (INCLUDE_MEMORY): Remove. * config/aarch64/aarch64.cc (INCLUDE_MEMORY): Remove. * config/arc/arc.cc (INCLUDE_MEMORY): Remove. * config/arm/aarch-common.cc (INCLUDE_MEMORY) Remove.: * config/arm/arm-mve-builtins.cc (INCLUDE_MEMORY): Remove. * config/arm/arm.cc (INCLUDE_MEMORY): Remove. * config/avr/avr-devices.cc (INCLUDE_MEMORY): Remove. * config/avr/driver-avr.cc (INCLUDE_MEMORY): Remove. * config/bpf/bpf.cc (INCLUDE_MEMORY): Remove. * config/bpf/btfext-out.cc (INCLUDE_MEMORY): Remove. * config/bpf/core-builtins.cc (INCLUDE_MEMORY): Remove. * config/darwin.cc (INCLUDE_MEMORY): Remove. * config/gcn/mkoffload.cc (INCLUDE_MEMORY): Remove. * config/i386/driver-i386.cc (INCLUDE_MEMORY): Remove. * config/i386/i386-builtins.cc (INCLUDE_MEMORY): Remove. * config/i386/i386-expand.cc (INCLUDE_MEMORY): Remove. * config/i386/i386-features.cc (INCLUDE_MEMORY): Remove. * config/i386/i386-options.cc (INCLUDE_MEMORY): Remove. * config/i386/i386.cc (INCLUDE_MEMORY): Remove. * config/loongarch/loongarch-builtins.cc (INCLUDE_MEMORY): Remove. * config/loongarch/loongarch.cc (INCLUDE_MEMORY): Remove. * config/mingw/winnt-cxx.cc (INCLUDE_MEMORY): Remove. * config/mingw/winnt.cc (INCLUDE_MEMORY): Remove. * config/mips/mips.cc (INCLUDE_MEMORY): Remove. * config/msp430/driver-msp430.cc (INCLUDE_MEMORY): Remove. * config/nvptx/mkoffload.cc (INCLUDE_MEMORY): Remove. * config/nvptx/nvptx.cc (INCLUDE_MEMORY): Remove. * config/riscv/riscv-avlprop.cc (INCLUDE_MEMORY): Remove. * config/riscv/riscv-target-attr.cc (INCLUDE_MEMORY): Remove. * config/riscv/riscv-vector-builtins.cc (INCLUDE_MEMORY): Remove. * config/riscv/riscv-vector-costs.cc (INCLUDE_MEMORY): Remove. * config/riscv/riscv-vsetvl.cc (INCLUDE_MEMORY): Remove. * config/riscv/riscv.cc (INCLUDE_MEMORY): Remove. * config/rs6000/driver-rs6000.cc (INCLUDE_MEMORY): Remove. * config/rs6000/host-darwin.cc (INCLUDE_MEMORY): Remove. * config/rs6000/rs6000-c.cc (INCLUDE_MEMORY): Remove. * config/rs6000/rs6000.cc (INCLUDE_MEMORY): Remove. * config/s390/s390-c.cc (INCLUDE_MEMORY): Remove. * config/s390/s390.cc (INCLUDE_MEMORY): Remove. * config/sol2-cxx.cc (INCLUDE_MEMORY): Remove. * config/vms/vms-c.cc (INCLUDE_MEMORY): Remove. * config/xtensa/xtensa-dynconfig.cc (INCLUDE_MEMORY): Remove. * coroutine-passes.cc (INCLUDE_MEMORY): Remove. * coverage.cc (INCLUDE_MEMORY): Remove. * data-streamer-in.cc (INCLUDE_MEMORY): Remove. * data-streamer-out.cc (INCLUDE_MEMORY): Remove. * data-streamer.cc (INCLUDE_MEMORY): Remove. * diagnostic-format-json.cc (INCLUDE_MEMORY): Remove. * diagnostic-format-sarif.cc (INCLUDE_MEMORY): Remove. * diagnostic-format-text.cc (INCLUDE_MEMORY): Remove. * diagnostic-global-context.cc (INCLUDE_MEMORY): Remove. * diagnostic-macro-unwinding.cc (INCLUDE_MEMORY): Remove. * diagnostic-path.cc (INCLUDE_MEMORY): Remove. * diagnostic-show-locus.cc (INCLUDE_MEMORY): Remove. * diagnostic-spec.cc (INCLUDE_MEMORY): Remove. * diagnostic.cc (INCLUDE_MEMORY): Remove. * diagnostic.h: Remove check for INCLUDE_MEMORY. * digraph.cc (INCLUDE_MEMORY): Remove. * dumpfile.cc (INCLUDE_MEMORY): Remove. * dwarf2out.cc (INCLUDE_MEMORY): Remove. * edit-context.cc (INCLUDE_MEMORY): Remove. * except.cc (INCLUDE_MEMORY): Remove. * expr.cc (INCLUDE_MEMORY): Remove. * file-prefix-map.cc (INCLUDE_MEMORY): Remove. * final.cc (INCLUDE_MEMORY): Remove. * fwprop.cc (INCLUDE_MEMORY): Remove. * gcc-plugin.h (INCLUDE_MEMORY): Remove. * gcc-rich-location.cc (INCLUDE_MEMORY): Remove. * gcc-urlifier.cc (INCLUDE_MEMORY): Remove. * gcc.cc (INCLUDE_MEMORY): Remove. * gcov-dump.cc (INCLUDE_MEMORY): Remove. * gcov-tool.cc (INCLUDE_MEMORY): Remove. * gcov.cc (INCLUDE_MEMORY): Remove. * gengtype.cc (open_base_files): Don't print `#define INCLUDE_MEMORY`. * genmatch.cc (INCLUDE_MEMORY): Remove. * gimple-fold.cc (INCLUDE_MEMORY): Remove. * gimple-harden-conditionals.cc (INCLUDE_MEMORY): Remove. * gimple-harden-control-flow.cc (INCLUDE_MEMORY): Remove. * gimple-if-to-switch.cc (INCLUDE_MEMORY): Remove. * gimple-loop-interchange.cc (INCLUDE_MEMORY): Remove. * gimple-loop-jam.cc (INCLUDE_MEMORY): Remove. * gimple-loop-versioning.cc (INCLUDE_MEMORY): Remove. * gimple-lower-bitint.cc (INCLUDE_MEMORY): Remove. * gimple-predicate-analysis.cc (INCLUDE_MEMORY): Remove. * gimple-pretty-print.cc (INCLUDE_MEMORY): Remove. * gimple-range-cache.cc (INCLUDE_MEMORY): Remove. * gimple-range-edge.cc (INCLUDE_MEMORY): Remove. * gimple-range-fold.cc (INCLUDE_MEMORY): Remove. * gimple-range-gori.cc (INCLUDE_MEMORY): Remove. * gimple-range-infer.cc (INCLUDE_MEMORY): Remove. * gimple-range-op.cc (INCLUDE_MEMORY): Remove. * gimple-range-path.cc (INCLUDE_MEMORY): Remove. * gimple-range-phi.cc (INCLUDE_MEMORY): Remove. * gimple-range-trace.cc (INCLUDE_MEMORY): Remove. * gimple-range.cc (INCLUDE_MEMORY): Remove. * gimple-ssa-backprop.cc (INCLUDE_MEMORY): Remove. * gimple-ssa-sprintf.cc (INCLUDE_MEMORY): Remove. * gimple-ssa-store-merging.cc (INCLUDE_MEMORY): Remove. * gimple-ssa-strength-reduction.cc (INCLUDE_MEMORY): Remove. * gimple-ssa-warn-access.cc (INCLUDE_MEMORY): Remove. * gimple-ssa-warn-alloca.cc (INCLUDE_MEMORY): Remove. * gimple-ssa-warn-restrict.cc (INCLUDE_MEMORY): Remove. * gimple-streamer-in.cc (INCLUDE_MEMORY): Remove. * gimple-streamer-out.cc (INCLUDE_MEMORY): Remove. * gimple.cc (INCLUDE_MEMORY): Remove. * gimplify.cc (INCLUDE_MEMORY): Remove. * graph.cc (INCLUDE_MEMORY): Remove. * graphite-dependences.cc (INCLUDE_MEMORY): Remove. * graphite-isl-ast-to-gimple.cc (INCLUDE_MEMORY): Remove. * graphite-optimize-isl.cc (INCLUDE_MEMORY): Remove. * graphite-poly.cc (INCLUDE_MEMORY): Remove. * graphite-scop-detection.cc (INCLUDE_MEMORY): Remove. * graphite-sese-to-poly.cc (INCLUDE_MEMORY): Remove. * graphite.cc (INCLUDE_MEMORY): Remove. * graphviz.cc (INCLUDE_MEMORY): Remove. * input.cc (INCLUDE_MEMORY): Remove. * ipa-cp.cc (INCLUDE_MEMORY): Remove. * ipa-devirt.cc (INCLUDE_MEMORY): Remove. * ipa-fnsummary.cc (INCLUDE_MEMORY): Remove. * ipa-free-lang-data.cc (INCLUDE_MEMORY): Remove. * ipa-icf-gimple.cc (INCLUDE_MEMORY): Remove. * ipa-icf.cc (INCLUDE_MEMORY): Remove. * ipa-inline-analysis.cc (INCLUDE_MEMORY): Remove. * ipa-inline.cc (INCLUDE_MEMORY): Remove. * ipa-modref-tree.cc (INCLUDE_MEMORY): Remove. * ipa-modref.cc (INCLUDE_MEMORY): Remove. * ipa-param-manipulation.cc (INCLUDE_MEMORY): Remove. * ipa-polymorphic-call.cc (INCLUDE_MEMORY): Remove. * ipa-predicate.cc (INCLUDE_MEMORY): Remove. * ipa-profile.cc (INCLUDE_MEMORY): Remove. * ipa-prop.cc (INCLUDE_MEMORY): Remove. * ipa-pure-const.cc (INCLUDE_MEMORY): Remove. * ipa-reference.cc (INCLUDE_MEMORY): Remove. * ipa-split.cc (INCLUDE_MEMORY): Remove. * ipa-sra.cc (INCLUDE_MEMORY): Remove. * ipa-strub.cc (INCLUDE_MEMORY): Remove. * ipa-utils.cc (INCLUDE_MEMORY): Remove. * json-parsing.cc (INCLUDE_MEMORY): Remove. * json.cc (INCLUDE_MEMORY): Remove. * json.h: Don't check INCLUDE_MEMORY. * langhooks.cc (INCLUDE_MEMORY): Remove. * late-combine.cc (INCLUDE_MEMORY): Remove. * lazy-diagnostic-path.cc (INCLUDE_MEMORY): Remove. * libdiagnostics.cc (INCLUDE_MEMORY): Remove. * libsarifreplay.cc (INCLUDE_MEMORY): Remove. * lto-cgraph.cc (INCLUDE_MEMORY): Remove. * lto-compress.cc (INCLUDE_MEMORY): Remove. * lto-opts.cc (INCLUDE_MEMORY): Remove. * lto-section-in.cc (INCLUDE_MEMORY): Remove. * lto-section-out.cc (INCLUDE_MEMORY): Remove. * lto-streamer-in.cc (INCLUDE_MEMORY): Remove. * lto-streamer-out.cc (INCLUDE_MEMORY): Remove. * lto-streamer.cc (INCLUDE_MEMORY): Remove. * lto-wrapper.cc (INCLUDE_MEMORY): Remove. * make-unique.h (GCC_MAKE_UNIQUE): Remove. * multiple_target.cc (INCLUDE_MEMORY): Remove. * omp-expand.cc (INCLUDE_MEMORY): Remove. * omp-general.cc (INCLUDE_MEMORY): Remove. * omp-low.cc (INCLUDE_MEMORY): Remove. * omp-oacc-neuter-broadcast.cc (INCLUDE_MEMORY): Remove. * omp-offload.cc (INCLUDE_MEMORY): Remove. * omp-simd-clone.cc (INCLUDE_MEMORY): Remove. * opt-problem.cc (INCLUDE_MEMORY): Remove. * optinfo-emit-json.cc (INCLUDE_MEMORY): Remove. * optinfo.cc (INCLUDE_MEMORY): Remove. * optinfo.h: Don't check INCLUDE_MEMORY. * opts-common.cc (INCLUDE_MEMORY): Remove. * opts-diagnostic.cc (INCLUDE_MEMORY): Remove. * opts-global.cc (INCLUDE_MEMORY): Remove. * opts.cc (INCLUDE_MEMORY): Remove. * pair-fusion.cc (INCLUDE_MEMORY): Remove. * passes.cc (INCLUDE_MEMORY): Remove. * pointer-query.cc (INCLUDE_MEMORY): Remove. * predict.cc (INCLUDE_MEMORY): Remove. * pretty-print.cc (INCLUDE_MEMORY): Remove. * pretty-print.h: Don't check INCLUDE_MEMORY. * print-rtl.cc (INCLUDE_MEMORY): Remove. * print-tree.cc (INCLUDE_MEMORY): Remove. * profile-count.cc (INCLUDE_MEMORY): Remove. * range-op-float.cc (INCLUDE_MEMORY): Remove. * range-op-ptr.cc (INCLUDE_MEMORY): Remove. * range-op.cc (INCLUDE_MEMORY): Remove. * range.cc (INCLUDE_MEMORY): Remove. * read-rtl-function.cc (INCLUDE_MEMORY): Remove. * rtl-error.cc (INCLUDE_MEMORY): Remove. * rtl-ssa/accesses.cc (INCLUDE_MEMORY): Remove. * rtl-ssa/blocks.cc (INCLUDE_MEMORY): Remove. * rtl-ssa/changes.cc (INCLUDE_MEMORY): Remove. * rtl-ssa/functions.cc (INCLUDE_MEMORY): Remove. * rtl-ssa/insns.cc (INCLUDE_MEMORY): Remove. * rtl-ssa/movement.cc (INCLUDE_MEMORY): Remove. * rtl-tests.cc (INCLUDE_MEMORY): Remove. * sanopt.cc (INCLUDE_MEMORY): Remove. * sched-rgn.cc (INCLUDE_MEMORY): Remove. * selftest-diagnostic-path.cc (INCLUDE_MEMORY): Remove. * selftest-diagnostic.cc (INCLUDE_MEMORY): Remove. * selftest-json.cc (INCLUDE_MEMORY): Remove. * sese.cc (INCLUDE_MEMORY): Remove. * simple-diagnostic-path.cc (INCLUDE_MEMORY): Remove. * splay-tree-utils.cc (INCLUDE_MEMORY): Remove. * sreal.cc (INCLUDE_MEMORY): Remove. * stmt.cc (INCLUDE_MEMORY): Remove. * substring-locations.cc (INCLUDE_MEMORY): Remove. * symtab-clones.cc (INCLUDE_MEMORY): Remove. * symtab-thunks.cc (INCLUDE_MEMORY): Remove. * symtab.cc (INCLUDE_MEMORY): Remove. * system.h: Include memory unconditionally for C++. Also remove support for INCLUDE_MEMORY. * targhooks.cc (INCLUDE_MEMORY): Remove. * text-art/box-drawing.cc (INCLUDE_MEMORY): Remove. * text-art/canvas.cc (INCLUDE_MEMORY): Remove. * text-art/ruler.cc (INCLUDE_MEMORY): Remove. * text-art/selftests.cc (INCLUDE_MEMORY): Remove. * text-art/style.cc (INCLUDE_MEMORY): Remove. * text-art/styled-string.cc (INCLUDE_MEMORY): Remove. * text-art/table.cc (INCLUDE_MEMORY): Remove. * text-art/theme.cc (INCLUDE_MEMORY): Remove. * text-art/tree-widget.cc (INCLUDE_MEMORY): Remove. * text-art/widget.cc (INCLUDE_MEMORY): Remove. * timevar.cc (INCLUDE_MEMORY): Remove. * toplev.cc (INCLUDE_MEMORY): Remove. * trans-mem.cc (INCLUDE_MEMORY): Remove. * tree-affine.cc (INCLUDE_MEMORY): Remove. * tree-assume.cc (INCLUDE_MEMORY): Remove. * tree-call-cdce.cc (INCLUDE_MEMORY): Remove. * tree-cfg.cc (INCLUDE_MEMORY): Remove. * tree-chrec.cc (INCLUDE_MEMORY): Remove. * tree-data-ref.cc (INCLUDE_MEMORY): Remove. * tree-dfa.cc (INCLUDE_MEMORY): Remove. * tree-diagnostic-client-data-hooks.cc (INCLUDE_MEMORY): Remove. * tree-diagnostic.cc (INCLUDE_MEMORY): Remove. * tree-dump.cc (INCLUDE_MEMORY): Remove. * tree-if-conv.cc (INCLUDE_MEMORY): Remove. * tree-inline.cc (INCLUDE_MEMORY): Remove. * tree-into-ssa.cc (INCLUDE_MEMORY): Remove. * tree-logical-location.cc (INCLUDE_MEMORY): Remove. * tree-loop-distribution.cc (INCLUDE_MEMORY): Remove. * tree-nested.cc (INCLUDE_MEMORY): Remove. * tree-nrv.cc (INCLUDE_MEMORY): Remove. * tree-object-size.cc (INCLUDE_MEMORY): Remove. * tree-outof-ssa.cc (INCLUDE_MEMORY): Remove. * tree-parloops.cc (INCLUDE_MEMORY): Remove. * tree-predcom.cc (INCLUDE_MEMORY): Remove. * tree-pretty-print.cc (INCLUDE_MEMORY): Remove. * tree-profile.cc (INCLUDE_MEMORY): Remove. * tree-scalar-evolution.cc (INCLUDE_MEMORY): Remove. * tree-sra.cc (INCLUDE_MEMORY): Remove. * tree-ssa-address.cc (INCLUDE_MEMORY): Remove. * tree-ssa-alias.cc (INCLUDE_MEMORY): Remove. * tree-ssa-ccp.cc (INCLUDE_MEMORY): Remove. * tree-ssa-coalesce.cc (INCLUDE_MEMORY): Remove. * tree-ssa-copy.cc (INCLUDE_MEMORY): Remove. * tree-ssa-dce.cc (INCLUDE_MEMORY): Remove. * tree-ssa-dom.cc (INCLUDE_MEMORY): Remove. * tree-ssa-dse.cc (INCLUDE_MEMORY): Remove. * tree-ssa-forwprop.cc (INCLUDE_MEMORY): Remove. * tree-ssa-ifcombine.cc (INCLUDE_MEMORY): Remove. * tree-ssa-live.cc (INCLUDE_MEMORY): Remove. * tree-ssa-loop-ch.cc (INCLUDE_MEMORY): Remove. * tree-ssa-loop-im.cc (INCLUDE_MEMORY): Remove. * tree-ssa-loop-ivcanon.cc (INCLUDE_MEMORY): Remove. * tree-ssa-loop-ivopts.cc (INCLUDE_MEMORY): Remove. * tree-ssa-loop-manip.cc (INCLUDE_MEMORY): Remove. * tree-ssa-loop-niter.cc (INCLUDE_MEMORY): Remove. * tree-ssa-loop-prefetch.cc (INCLUDE_MEMORY): Remove. * tree-ssa-loop-split.cc (INCLUDE_MEMORY): Remove. * tree-ssa-loop-unswitch.cc (INCLUDE_MEMORY): Remove. * tree-ssa-math-opts.cc (INCLUDE_MEMORY): Remove. * tree-ssa-operands.cc (INCLUDE_MEMORY): Remove. * tree-ssa-phiopt.cc (INCLUDE_MEMORY): Remove. * tree-ssa-phiprop.cc (INCLUDE_MEMORY): Remove. * tree-ssa-pre.cc (INCLUDE_MEMORY): Remove. * tree-ssa-propagate.cc (INCLUDE_MEMORY): Remove. * tree-ssa-reassoc.cc (INCLUDE_MEMORY): Remove. * tree-ssa-sccvn.cc (INCLUDE_MEMORY): Remove. * tree-ssa-scopedtables.cc (INCLUDE_MEMORY): Remove. * tree-ssa-sink.cc (INCLUDE_MEMORY): Remove. * tree-ssa-strlen.cc (INCLUDE_MEMORY): Remove. * tree-ssa-structalias.cc (INCLUDE_MEMORY): Remove. * tree-ssa-ter.cc (INCLUDE_MEMORY): Remove. * tree-ssa-threadbackward.cc (INCLUDE_MEMORY): Remove. * tree-ssa-threadupdate.cc (INCLUDE_MEMORY): Remove. * tree-ssa-uninit.cc (INCLUDE_MEMORY): Remove. * tree-ssa.cc (INCLUDE_MEMORY): Remove. * tree-ssanames.cc (INCLUDE_MEMORY): Remove. * tree-stdarg.cc (INCLUDE_MEMORY): Remove. * tree-streamer-in.cc (INCLUDE_MEMORY): Remove. * tree-streamer-out.cc (INCLUDE_MEMORY): Remove. * tree-streamer.cc (INCLUDE_MEMORY): Remove. * tree-switch-conversion.cc (INCLUDE_MEMORY): Remove. * tree-tailcall.cc (INCLUDE_MEMORY): Remove. * tree-vect-data-refs.cc (INCLUDE_MEMORY): Remove. * tree-vect-generic.cc (INCLUDE_MEMORY): Remove. * tree-vect-loop-manip.cc (INCLUDE_MEMORY): Remove. * tree-vect-loop.cc (INCLUDE_MEMORY): Remove. * tree-vect-patterns.cc (INCLUDE_MEMORY): Remove. * tree-vect-slp-patterns.cc (INCLUDE_MEMORY): Remove. * tree-vect-slp.cc (INCLUDE_MEMORY): Remove. * tree-vect-stmts.cc (INCLUDE_MEMORY): Remove. * tree-vectorizer.cc (INCLUDE_MEMORY): Remove. * tree-vrp.cc (INCLUDE_MEMORY): Remove. * tree.cc (INCLUDE_MEMORY): Remove. * ubsan.cc (INCLUDE_MEMORY): Remove. * value-pointer-equiv.cc (INCLUDE_MEMORY): Remove. * value-prof.cc (INCLUDE_MEMORY): Remove. * value-query.cc (INCLUDE_MEMORY): Remove. * value-range-pretty-print.cc (INCLUDE_MEMORY): Remove. * value-range-storage.cc (INCLUDE_MEMORY): Remove. * value-range.cc (INCLUDE_MEMORY): Remove. * value-relation.cc (INCLUDE_MEMORY): Remove. * var-tracking.cc (INCLUDE_MEMORY): Remove. * varpool.cc (INCLUDE_MEMORY): Remove. * vr-values.cc (INCLUDE_MEMORY): Remove. * wide-int-print.cc (INCLUDE_MEMORY): Remove. gcc/c-family/ChangeLog: * c-ada-spec.cc (INCLUDE_MEMORY): Remove. * c-attribs.cc (INCLUDE_MEMORY): Remove. * c-common.cc (INCLUDE_MEMORY): Remove. * c-format.cc (INCLUDE_MEMORY): Remove. * c-gimplify.cc (INCLUDE_MEMORY): Remove. * c-indentation.cc (INCLUDE_MEMORY): Remove. * c-opts.cc (INCLUDE_MEMORY): Remove. * c-pch.cc (INCLUDE_MEMORY): Remove. * c-pragma.cc (INCLUDE_MEMORY): Remove. * c-pretty-print.cc (INCLUDE_MEMORY): Remove. * c-type-mismatch.cc (INCLUDE_MEMORY): Remove. * c-warn.cc (INCLUDE_MEMORY): Remove. * known-headers.cc (INCLUDE_MEMORY): Remove. * name-hint.h: Remove check of INCLUDE_MEMORY. gcc/c/ChangeLog: * c-aux-info.cc (INCLUDE_MEMORY): Remove. * c-convert.cc (INCLUDE_MEMORY): Remove. * c-decl.cc (INCLUDE_MEMORY): Remove. * c-errors.cc (INCLUDE_MEMORY): Remove. * c-fold.cc (INCLUDE_MEMORY): Remove. * c-lang.cc (INCLUDE_MEMORY): Remove. * c-objc-common.cc (INCLUDE_MEMORY): Remove. * c-parser.cc (INCLUDE_MEMORY): Remove. * c-typeck.cc (INCLUDE_MEMORY): Remove. * gimple-parser.cc (INCLUDE_MEMORY): Remove. gcc/cp/ChangeLog: * call.cc (INCLUDE_MEMORY): Remove. * class.cc (INCLUDE_MEMORY): Remove. * constexpr.cc (INCLUDE_MEMORY): Remove. * constraint.cc (INCLUDE_MEMORY): Remove. * contracts.cc (INCLUDE_MEMORY): Remove. * coroutines.cc (INCLUDE_MEMORY): Remove. * cp-gimplify.cc (INCLUDE_MEMORY): Remove. * cp-lang.cc (INCLUDE_MEMORY): Remove. * cp-objcp-common.cc (INCLUDE_MEMORY): Remove. * cp-ubsan.cc (INCLUDE_MEMORY): Remove. * cvt.cc (INCLUDE_MEMORY): Remove. * cxx-pretty-print.cc (INCLUDE_MEMORY): Remove. * decl.cc (INCLUDE_MEMORY): Remove. * decl2.cc (INCLUDE_MEMORY): Remove. * dump.cc (INCLUDE_MEMORY): Remove. * error.cc (INCLUDE_MEMORY): Remove. * except.cc (INCLUDE_MEMORY): Remove. * expr.cc (INCLUDE_MEMORY): Remove. * friend.cc (INCLUDE_MEMORY): Remove. * init.cc (INCLUDE_MEMORY): Remove. * lambda.cc (INCLUDE_MEMORY): Remove. * lex.cc (INCLUDE_MEMORY): Remove. * logic.cc (INCLUDE_MEMORY): Remove. * mangle.cc (INCLUDE_MEMORY): Remove. * mapper-client.cc (INCLUDE_MEMORY): Remove. * mapper-resolver.cc (INCLUDE_MEMORY): Remove. * method.cc (INCLUDE_MEMORY): Remove. * module.cc (INCLUDE_MEMORY): Remove. * name-lookup.cc (INCLUDE_MEMORY): Remove. * optimize.cc (INCLUDE_MEMORY): Remove. * parser.cc (INCLUDE_MEMORY): Remove. * pt.cc (INCLUDE_MEMORY): Remove. * ptree.cc (INCLUDE_MEMORY): Remove. * rtti.cc (INCLUDE_MEMORY): Remove. * search.cc (INCLUDE_MEMORY): Remove. * semantics.cc (INCLUDE_MEMORY): Remove. * tree.cc (INCLUDE_MEMORY): Remove. * typeck.cc (INCLUDE_MEMORY): Remove. * typeck2.cc (INCLUDE_MEMORY): Remove. * vtable-class-hierarchy.cc (INCLUDE_MEMORY): Remove. gcc/d/ChangeLog: * d-attribs.cc (INCLUDE_MEMORY): Remove. * d-builtins.cc (INCLUDE_MEMORY): Remove. * d-codegen.cc (INCLUDE_MEMORY): Remove. * d-convert.cc (INCLUDE_MEMORY): Remove. * d-diagnostic.cc (INCLUDE_MEMORY): Remove. * d-frontend.cc (INCLUDE_MEMORY): Remove. * d-lang.cc (INCLUDE_MEMORY): Remove. * d-longdouble.cc (INCLUDE_MEMORY): Remove. * d-target.cc (INCLUDE_MEMORY): Remove. * decl.cc (INCLUDE_MEMORY): Remove. * expr.cc (INCLUDE_MEMORY): Remove. * intrinsics.cc (INCLUDE_MEMORY): Remove. * modules.cc (INCLUDE_MEMORY): Remove. * toir.cc (INCLUDE_MEMORY): Remove. * typeinfo.cc (INCLUDE_MEMORY): Remove. * types.cc (INCLUDE_MEMORY): Remove. gcc/fortran/ChangeLog: * arith.cc (INCLUDE_MEMORY): Remove. * array.cc (INCLUDE_MEMORY): Remove. * bbt.cc (INCLUDE_MEMORY): Remove. * check.cc (INCLUDE_MEMORY): Remove. * class.cc (INCLUDE_MEMORY): Remove. * constructor.cc (INCLUDE_MEMORY): Remove. * convert.cc (INCLUDE_MEMORY): Remove. * cpp.cc (INCLUDE_MEMORY): Remove. * data.cc (INCLUDE_MEMORY): Remove. * decl.cc (INCLUDE_MEMORY): Remove. * dependency.cc (INCLUDE_MEMORY): Remove. * dump-parse-tree.cc (INCLUDE_MEMORY): Remove. * error.cc (INCLUDE_MEMORY): Remove. * expr.cc (INCLUDE_MEMORY): Remove. * f95-lang.cc (INCLUDE_MEMORY): Remove. * frontend-passes.cc (INCLUDE_MEMORY): Remove. * interface.cc (INCLUDE_MEMORY): Remove. * intrinsic.cc (INCLUDE_MEMORY): Remove. * io.cc (INCLUDE_MEMORY): Remove. * iresolve.cc (INCLUDE_MEMORY): Remove. * match.cc (INCLUDE_MEMORY): Remove. * matchexp.cc (INCLUDE_MEMORY): Remove. * misc.cc (INCLUDE_MEMORY): Remove. * module.cc (INCLUDE_MEMORY): Remove. * openmp.cc (INCLUDE_MEMORY): Remove. * options.cc (INCLUDE_MEMORY): Remove. * parse.cc (INCLUDE_MEMORY): Remove. * primary.cc (INCLUDE_MEMORY): Remove. * resolve.cc (INCLUDE_MEMORY): Remove. * scanner.cc (INCLUDE_MEMORY): Remove. * simplify.cc (INCLUDE_MEMORY): Remove. * st.cc (INCLUDE_MEMORY): Remove. * symbol.cc (INCLUDE_MEMORY): Remove. * target-memory.cc (INCLUDE_MEMORY): Remove. * trans-array.cc (INCLUDE_MEMORY): Remove. * trans-common.cc (INCLUDE_MEMORY): Remove. * trans-const.cc (INCLUDE_MEMORY): Remove. * trans-decl.cc (INCLUDE_MEMORY): Remove. * trans-expr.cc (INCLUDE_MEMORY): Remove. * trans-intrinsic.cc (INCLUDE_MEMORY): Remove. * trans-io.cc (INCLUDE_MEMORY): Remove. * trans-openmp.cc (INCLUDE_MEMORY): Remove. * trans-stmt.cc (INCLUDE_MEMORY): Remove. * trans-types.cc (INCLUDE_MEMORY): Remove. * trans.cc (INCLUDE_MEMORY): Remove. gcc/go/ChangeLog: * go-backend.cc (INCLUDE_MEMORY): Remove. * go-lang.cc (INCLUDE_MEMORY): Remove. gcc/jit/ChangeLog: * dummy-frontend.cc (INCLUDE_MEMORY): Remove. * jit-playback.cc (INCLUDE_MEMORY): Remove. * jit-recording.cc (INCLUDE_MEMORY): Remove. gcc/lto/ChangeLog: * lto-common.cc (INCLUDE_MEMORY): Remove. * lto-dump.cc (INCLUDE_MEMORY): Remove. * lto-partition.cc (INCLUDE_MEMORY): Remove. * lto-symtab.cc (INCLUDE_MEMORY): Remove. * lto.cc (INCLUDE_MEMORY): Remove. gcc/m2/ChangeLog: * gm2-gcc/gcc-consolidation.h (INCLUDE_MEMORY): Remove. * gm2-gcc/m2configure.cc (INCLUDE_MEMORY): Remove. * mc-boot/GASCII.cc (INCLUDE_MEMORY): Remove. * mc-boot/GASCII.h (INCLUDE_MEMORY): Remove. * mc-boot/GArgs.cc (INCLUDE_MEMORY): Remove. * mc-boot/GArgs.h (INCLUDE_MEMORY): Remove. * mc-boot/GAssertion.cc (INCLUDE_MEMORY): Remove. * mc-boot/GAssertion.h (INCLUDE_MEMORY): Remove. * mc-boot/GBreak.cc (INCLUDE_MEMORY): Remove. * mc-boot/GBreak.h (INCLUDE_MEMORY): Remove. * mc-boot/GCOROUTINES.h (INCLUDE_MEMORY): Remove. * mc-boot/GCmdArgs.cc (INCLUDE_MEMORY): Remove. * mc-boot/GCmdArgs.h (INCLUDE_MEMORY): Remove. * mc-boot/GDebug.cc (INCLUDE_MEMORY): Remove. * mc-boot/GDebug.h (INCLUDE_MEMORY): Remove. Remove. * mc-boot/GDynamicStrings.cc (INCLUDE_MEMORY): Remove. * mc-boot/GDynamicStrings.h (INCLUDE_MEMORY): Remove. * mc-boot/GEnvironment.cc (INCLUDE_MEMORY): Remove. * mc-boot/GEnvironment.h (INCLUDE_MEMORY): Remove. * mc-boot/GFIO.cc (INCLUDE_MEMORY): Remove. * mc-boot/GFIO.h (INCLUDE_MEMORY): Remove. * mc-boot/GFormatStrings.cc (INCLUDE_MEMORY): Remove. * mc-boot/GFormatStrings.h (INCLUDE_MEMORY): Remove. * mc-boot/GFpuIO.cc (INCLUDE_MEMORY): Remove. * mc-boot/GFpuIO.h (INCLUDE_MEMORY): Remove. * mc-boot/GIO.cc (INCLUDE_MEMORY): Remove. * mc-boot/GIO.h (INCLUDE_MEMORY): Remove. * mc-boot/GIndexing.cc (INCLUDE_MEMORY): Remove. * mc-boot/GIndexing.h (INCLUDE_MEMORY): Remove. * mc-boot/GM2Dependent.cc (INCLUDE_MEMORY): Remove. * mc-boot/GM2Dependent.h (INCLUDE_MEMORY): Remove. * mc-boot/GM2EXCEPTION.cc (INCLUDE_MEMORY): Remove. * mc-boot/GM2EXCEPTION.h (INCLUDE_MEMORY): Remove. * mc-boot/GM2RTS.cc (INCLUDE_MEMORY): Remove. * mc-boot/GM2RTS.h (INCLUDE_MEMORY): Remove. Remove. * mc-boot/GMemUtils.cc (INCLUDE_MEMORY): Remove. * mc-boot/GMemUtils.h (INCLUDE_MEMORY): Remove. * mc-boot/GNumberIO.cc (INCLUDE_MEMORY): Remove. * mc-boot/GNumberIO.h (INCLUDE_MEMORY): Remove. * mc-boot/GPushBackInput.cc (INCLUDE_MEMORY): Remove. * mc-boot/GPushBackInput.h (INCLUDE_MEMORY): Remove. * mc-boot/GRTExceptions.cc (INCLUDE_MEMORY): Remove. * mc-boot/GRTExceptions.h (INCLUDE_MEMORY): Remove. * mc-boot/GRTco.h (INCLUDE_MEMORY): Remove. * mc-boot/GRTentity.h (INCLUDE_MEMORY): Remove. * mc-boot/GRTint.cc (INCLUDE_MEMORY): Remove. * mc-boot/GRTint.h (INCLUDE_MEMORY): Remove. * mc-boot/GSArgs.cc (INCLUDE_MEMORY): Remove. * mc-boot/GSArgs.h (INCLUDE_MEMORY): Remove. * mc-boot/GSFIO.cc (INCLUDE_MEMORY): Remove. * mc-boot/GSFIO.h (INCLUDE_MEMORY): Remove. * mc-boot/GSYSTEM.h (INCLUDE_MEMORY): Remove. * mc-boot/GSelective.h (INCLUDE_MEMORY): Remove. * mc-boot/GStdIO.cc (INCLUDE_MEMORY): Remove. * mc-boot/GStdIO.h (INCLUDE_MEMORY): Remove. * mc-boot/GStorage.cc (INCLUDE_MEMORY): Remove. * mc-boot/GStorage.h (INCLUDE_MEMORY): Remove. * mc-boot/GStrCase.cc (INCLUDE_MEMORY): Remove. * mc-boot/GStrCase.h (INCLUDE_MEMORY): Remove. * mc-boot/GStrIO.cc (INCLUDE_MEMORY): Remove. * mc-boot/GStrIO.h (INCLUDE_MEMORY): Remove. * mc-boot/GStrLib.cc (INCLUDE_MEMORY): Remove. * mc-boot/GStrLib.h (INCLUDE_MEMORY): Remove. * mc-boot/GStringConvert.cc (INCLUDE_MEMORY): Remove. * mc-boot/GStringConvert.h (INCLUDE_MEMORY): Remove. * mc-boot/GSysExceptions.h (INCLUDE_MEMORY): Remove. * mc-boot/GSysStorage.cc (INCLUDE_MEMORY): Remove. * mc-boot/GSysStorage.h (INCLUDE_MEMORY): Remove. * mc-boot/GTimeString.cc (INCLUDE_MEMORY): Remove. * mc-boot/GTimeString.h (INCLUDE_MEMORY): Remove. * mc-boot/GUnixArgs.h (INCLUDE_MEMORY): Remove. * mc-boot/Galists.cc (INCLUDE_MEMORY): Remove. * mc-boot/Galists.h (INCLUDE_MEMORY): Remove. * mc-boot/Gdecl.cc (INCLUDE_MEMORY): Remove. * mc-boot/Gdecl.h (INCLUDE_MEMORY): Remove. * mc-boot/Gdtoa.h (INCLUDE_MEMORY): Remove. * mc-boot/Gerrno.h (INCLUDE_MEMORY): Remove. * mc-boot/Gkeyc.cc (INCLUDE_MEMORY): Remove. (checkGccConfigSystem): Remove printing out `#define INCLUDE_MEMORY`. * mc-boot/Gkeyc.h (INCLUDE_MEMORY): Remove. * mc-boot/Gldtoa.h (INCLUDE_MEMORY): Remove. * mc-boot/Glibc.h (INCLUDE_MEMORY): Remove. * mc-boot/Glibm.h (INCLUDE_MEMORY): Remove. * mc-boot/Glists.cc (INCLUDE_MEMORY): Remove. * mc-boot/Glists.h (INCLUDE_MEMORY): Remove. * mc-boot/GmcComment.cc (INCLUDE_MEMORY): Remove. * mc-boot/GmcComment.h (INCLUDE_MEMORY): Remove. * mc-boot/GmcComp.cc (INCLUDE_MEMORY): Remove. * mc-boot/GmcComp.h (INCLUDE_MEMORY): Remove. * mc-boot/GmcDebug.cc (INCLUDE_MEMORY): Remove. * mc-boot/GmcDebug.h (INCLUDE_MEMORY): Remove. * mc-boot/GmcError.cc (INCLUDE_MEMORY): Remove. * mc-boot/GmcError.h (INCLUDE_MEMORY): Remove. * mc-boot/GmcFileName.cc (INCLUDE_MEMORY): Remove. * mc-boot/GmcFileName.h (INCLUDE_MEMORY): Remove. * mc-boot/GmcLexBuf.cc (INCLUDE_MEMORY): Remove. * mc-boot/GmcLexBuf.h (INCLUDE_MEMORY): Remove. * mc-boot/GmcMetaError.cc (INCLUDE_MEMORY): Remove. * mc-boot/GmcMetaError.h (INCLUDE_MEMORY): Remove. * mc-boot/GmcOptions.cc (INCLUDE_MEMORY): Remove. * mc-boot/GmcOptions.h (INCLUDE_MEMORY): Remove. * mc-boot/GmcPreprocess.cc (INCLUDE_MEMORY): Remove. * mc-boot/GmcPreprocess.h (INCLUDE_MEMORY): Remove. * mc-boot/GmcPretty.cc (INCLUDE_MEMORY): Remove. * mc-boot/GmcPretty.h (INCLUDE_MEMORY): Remove. * mc-boot/GmcPrintf.cc (INCLUDE_MEMORY): Remove. * mc-boot/GmcPrintf.h (INCLUDE_MEMORY): Remove. * mc-boot/GmcQuiet.cc (INCLUDE_MEMORY): Remove. * mc-boot/GmcQuiet.h (INCLUDE_MEMORY): Remove. * mc-boot/GmcReserved.cc (INCLUDE_MEMORY): Remove. * mc-boot/GmcReserved.h (INCLUDE_MEMORY): Remove. * mc-boot/GmcSearch.cc (INCLUDE_MEMORY): Remove. * mc-boot/GmcSearch.h (INCLUDE_MEMORY): Remove. * mc-boot/GmcStack.cc (INCLUDE_MEMORY): Remove. * mc-boot/GmcStack.h (INCLUDE_MEMORY): Remove. * mc-boot/GmcStream.cc (INCLUDE_MEMORY): Remove. * mc-boot/GmcStream.h (INCLUDE_MEMORY): Remove. * mc-boot/Gmcflex.h (INCLUDE_MEMORY): Remove. * mc-boot/Gmcp1.cc (INCLUDE_MEMORY): Remove. * mc-boot/Gmcp1.h (INCLUDE_MEMORY): Remove. * mc-boot/Gmcp2.cc (INCLUDE_MEMORY): Remove. * mc-boot/Gmcp2.h (INCLUDE_MEMORY): Remove. * mc-boot/Gmcp3.cc (INCLUDE_MEMORY): Remove. * mc-boot/Gmcp3.h (INCLUDE_MEMORY): Remove. * mc-boot/Gmcp4.cc (INCLUDE_MEMORY): Remove. * mc-boot/Gmcp4.h (INCLUDE_MEMORY): Remove. * mc-boot/Gmcp5.cc (INCLUDE_MEMORY): Remove. * mc-boot/Gmcp5.h (INCLUDE_MEMORY): Remove. * mc-boot/GnameKey.cc (INCLUDE_MEMORY): Remove. * mc-boot/GnameKey.h (INCLUDE_MEMORY): Remove. * mc-boot/GsymbolKey.cc (INCLUDE_MEMORY): Remove. * mc-boot/GsymbolKey.h (INCLUDE_MEMORY): Remove. * mc-boot/Gtermios.h (INCLUDE_MEMORY): Remove. * mc-boot/Gtop.cc (INCLUDE_MEMORY): Remove. * mc-boot/Gvarargs.cc (INCLUDE_MEMORY): Remove. * mc-boot/Gvarargs.h (INCLUDE_MEMORY): Remove. * mc-boot/Gwlists.cc (INCLUDE_MEMORY): Remove. * mc-boot/Gwlists.h (INCLUDE_MEMORY): Remove. * mc-boot/Gwrapc.h (INCLUDE_MEMORY): Remove. * pge-boot/GIndexing.h (INCLUDE_MEMORY): Remove. * pge-boot/GSEnvironment.h (INCLUDE_MEMORY): Remove. * pge-boot/GScan.h (INCLUDE_MEMORY): Remove. gcc/objc/ChangeLog: * objc-act.cc (INCLUDE_MEMORY): Remove. * objc-encoding.cc (INCLUDE_MEMORY): Remove. * objc-gnu-runtime-abi-01.cc (INCLUDE_MEMORY): Remove. * objc-lang.cc (INCLUDE_MEMORY): Remove. * objc-next-runtime-abi-01.cc (INCLUDE_MEMORY): Remove. * objc-next-runtime-abi-02.cc (INCLUDE_MEMORY): Remove. * objc-runtime-shared-support.cc (INCLUDE_MEMORY): Remove. gcc/objcp/ChangeLog: * objcp-decl.cc (INCLUDE_MEMORY): Remove. * objcp-lang.cc (INCLUDE_MEMORY): Remove. gcc/rust/ChangeLog: * resolve/rust-ast-resolve-expr.cc (INCLUDE_MEMORY): Remove. * rust-attribs.cc (INCLUDE_MEMORY): Remove. * rust-system.h (INCLUDE_MEMORY): Remove. Signed-off-by: Andrew Pinski <quic_apinski@quicinc.com>
2024-11-01analyzer: use std::unique_ptr in "to_json" functionsDavid Malcolm1-17/+15
No functional change intended. gcc/analyzer/ChangeLog: * analyzer.cc: Include "make-unique.h". Convert "to_json" functions to use std::unique_ptr. * call-string.cc: Likewise. * constraint-manager.cc: Likewise. * diagnostic-manager.cc: Likewise. * engine.cc: Likewise. * program-point.cc: Likewise. * program-state.cc: Likewise. * ranges.cc: Likewise. * region-model.cc: Likewise. * region.cc: Likewise. * svalue.cc: Likewise. * sm.cc: Likewise. * store.cc: Likewise. * supergraph.cc: Likewise. * analyzer.h: Convert "to_json" functions to return std::unique_ptr. * call-string.h: Likewise. * constraint-manager.h: Likewise. (bounded_range::set_json_attr): Pass "obj" by reference. * diagnostic-manager.h: Convert "to_json" functions to return std::unique_ptr. * exploded-graph.h: Likewise. * program-point.h: Likewise. * program-state.h: Likewise. * ranges.h: Likewise. * region-model.h: Likewise. * region.h: Likewise. * sm.h: Likewise. * store.h: Likewise. * supergraph.h: Likewise. * svalue.h: Likewise. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2024-10-29diagnostics: support multiple output formats simultaneously [PR116613]David Malcolm1-1/+1
This patch generalizes diagnostic_context so that rather than having a single output format, it has a vector of zero or more. It adds new two options: -fdiagnostics-add-output=DIAGNOSTICS-OUTPUT-SPEC -fdiagnostics-set-output=DIAGNOSTICS-OUTPUT-SPEC which both take a new configuration syntax of the form SCHEME ("text" or "sarif"), optionally followed by ":" and one or more KEY=VALUE pairs, in this form: <SCHEME> <SCHEME>:<KEY>=<VALUE> <SCHEME>:<KEY>=<VALUE>,<KEY2>=<VALUE2> ...etc where each SCHEME supports some set of keys. For example, it's now possible to use: -fdiagnostics-add-output=sarif:version=2.1,file=foo.2.1.sarif \ -fdiagnostics-add-output=sarif:version=2.2-prerelease,file=foo.2.2.sarif to add a pair of outputs, each writing to a different file, using versions 2.1 and 2.2 of the SARIF standard respectively, whilst also emitting the classic text form of the diagnostics to stderr. I hope the new syntax gives us room to potentially add new kinds of output sink in the future (e.g. RPC notifications), and to add new key/value pairs as needed by the different sinks. Implementation-wise, the diagnostic_context's m_printer which previously was used directly by the single output format now becomes a "reference printer", created by the client (such as the frontend), with defaults modified by command-line options. Each of the multiple output sinks has its own pretty_printer instance, created by cloning the context's reference printer. gcc/ChangeLog: PR other/116613 * Makefile.in (OBJS-libcommon-target): Add opts-diagnostic.o. * common.opt (fdiagnostics-add-output=): New. (fdiagnostics-set-output=): New. (diagnostics_output_format): Drop sarif-file-2.2-prerelease from enum. * common.opt.urls: Regenerate. * diagnostic-buffer.h (diagnostic_buffer::~diagnostic_buffer): New. (diagnostic_buffer::ensure_per_format_buffer): Rename to... (diagnostic_buffer::ensure_per_format_buffers): ...this. (diagnostic_buffer::m_per_format_buffer): Replace with... (diagnostic_buffer::m_per_format_buffers): ...this, updating type. * diagnostic-format-json.cc (json_output_format::update_printer): New. (json_output_format::follows_reference_printer_p): New. (diagnostic_output_format_init_json): Drop redundant call to set_path_format, as this is not a text output format. * diagnostic-format-sarif.cc: Include "diagnostic-format-text.h". (sarif_builder::set_printer): New. (sarif_builder::sarif_builder): Add "printer" param and use it for m_printer. (sarif_builder::make_location_object::escape_nonascii_renderer::render): Rather than using dc.m_printer, create a diagnostic_text_output_format instance and use its printer. (sarif_output_format::follows_reference_printer_p): New. (sarif_output_format::update_printer): New. (sarif_output_format::sarif_output_format): Pass in correct printer to m_builder's ctor. (diagnostic_output_format_init_sarif): Drop redundant call to set_path_format, as this is not a text output format. Replace calls to pp_show_color and set_token_printer with call to update_printer. Drop redundant call to set_show_highlight_colors, as this printer does not show colors. (diagnostic_output_format_init_sarif_file): Split out file opening into... (diagnostic_output_format_open_sarif_file): ...this new function. (make_sarif_sink): New. (selftest::test_make_location_object): Provide a pp for the builder. * diagnostic-format-sarif.h (diagnostic_output_format_open_sarif_file): New decl. (make_sarif_sink): New decl. * diagnostic-format-text.cc (diagnostic_text_output_format::dump): Dump sm_follows_reference_printer. (diagnostic_text_output_format::on_report_verbatim): New. (diagnostic_text_output_format::follows_reference_printer_p): New. (diagnostic_text_output_format::update_printer): New. * diagnostic-format-text.h (diagnostic_text_output_format::diagnostic_text_output_format): Add optional "follows_reference_printer" param. (diagnostic_text_output_format::on_report_verbatim): New decl. (diagnostic_text_output_format::after_diagnostic): Drop "final". (diagnostic_text_output_format::follows_reference_printer_p): New decl. (class diagnostic_text_output_format): Convert private members to protected. (diagnostic_text_output_format::m_follows_reference_printer): New field. * diagnostic-format.h (diagnostic_output_format::on_report_verbatim): New vfunc. (diagnostic_output_format::follows_reference_printer_p): New vfunc. (diagnostic_output_format::update_printer): New vfunc. (diagnostic_output_format::get_printer): Use m_printer rather than a printer from m_context. (diagnostic_output_format::diagnostic_output_format): Initialize m_printer by cloning the context's printer. (diagnostic_output_format::m_printer): New field. * diagnostic-global-context.cc (verbatim): Reimplement in terms of global_dc->report_verbatim, moving existing implementation to diagnostic_text_output_format::on_report_verbatim. (fnotice): Support multiple output sinks by using a new global_dc->supports_fnotice_on_stderr_p. * diagnostic-output-file.h (diagnostic_output_file::diagnostic_output_file): New default ctor. (diagnostic_output_file::operator=): Implement move assignment. * diagnostic-path.cc (selftest::test_interprocedural_path_1): Pass false for new param of text_output's ctor. * diagnostic-show-locus.cc (selftest::test_layout_x_offset_display_utf8): Use reference printer. (selftest::test_layout_x_offset_display_tab): Likewise. (selftest::test_one_liner_fixit_remove): Likewise. * diagnostic.cc: Include "pretty-print-urlifier.h". (diagnostic_set_caret_max_width): Update for global_dc's m_printer becoming reference printer. (diagnostic_context::initialize): Update for m_printer becoming m_reference_printer. Use ::make_unique to create it. Update for m_output_format becoming m_output_sinks. (diagnostic_context::color_init): Update the reference printer, then update the printers for any output sinks that follow it. (diagnostic_context::urls_init): Likewise. (diagnostic_context::finish): Update comment. Update for m_output_format becoming m_output_sinks. Update for m_printer becoming m_reference_printer and use "delete" on it rather than XDELETE. (diagnostic_context::dump): Update for m_printer becoming reference printer, and for multiple output sinks. (diagnostic_context::set_output_format): Reimplement for supporting multiple output sinks. (diagnostic_context::get_output_format): Likewise. (diagnostic_context::add_sink): New. (diagnostic_context::supports_fnotice_on_stderr_p): New. (diagnostic_context::set_pretty_printer): New. (diagnostic_context::refresh_output_sinks): New. (diagnostic_context::set_format_decoder): New. (diagnostic_context::set_show_highlight_colors): New. (diagnostic_context::set_prefixing_rule): New. (diagnostic_context::report_diagnostic): Update to support multiple output sinks. (diagnostic_context::report_verbatim): New. (diagnostic_context::emit_diagram): Update to support multiple output sinks. (diagnostic_context::error_recursion): Update to use m_reference_printer. (fancy_abort): Likewise. (diagnostic_context::end_group): Update to support multiple output sinks. (diagnostic_output_format::dump): Implement. (diagnostic_output_format::on_report_verbatim): Likewise. (diagnostic_output_format_init): Drop DIAGNOSTICS_OUTPUT_FORMAT_SARIF_FILE_2_2_PRERELEASE. (diagnostic_context::set_diagnostic_buffer): Reimplement to support multiple output sinks. (diagnostic_context::clear_diagnostic_buffer): Likewise. (diagnostic_context::flush_diagnostic_buffer): Likewise. (diagnostic_buffer::diagnostic_buffer): Initialize m_per_format_buffers. (diagnostic_buffer::~diagnostic_buffer): New dtor. (diagnostic_buffer::dump): Reimplement to support multiple output sinks. (diagnostic_buffer::empty_p): Likewise. (diagnostic_buffer::move_to): Likewise. (diagnostic_buffer::ensure_per_format_buffer): Likewise, renaming to... (diagnostic_buffer::ensure_per_format_buffers): ...this. * diagnostic.h (DIAGNOSTICS_OUTPUT_FORMAT_SARIF_FILE_2_2_PRERELEASE): Delete. (class diagnostic_context): Add friend class diagnostic_buffer. (diagnostic_context::set_pretty_printer): New decl. (diagnostic_context::refresh_output_sinks): New decl. (diagnostic_context::report_verbatim): New decl. (diagnostic_context::get_output_format): Drop. (diagnostic_context::set_show_highlight_colors): Drop body. (diagnostic_context::set_format_decoder): New decl. (diagnostic_context::set_prefixing_rule): New decl. (diagnostic_context::clone_printer): Reimplement. (diagnostic_context::get_reference_printer): New accessor. (diagnostic_context::add_sink): New decl. (diagnostic_context::supports_fnotice_on_stderr_p): New decl. (diagnostic_context::m_printer): Replace with... (diagnostic_context::m_reference_printer): ...this, and make private. (diagnostic_context::m_output_format): Replace with... (diagnostic_context::m_output_sinks): ...this. (diagnostic_format_decoder): Delete. (diagnostic_prefixing_rule): Delete. (diagnostic_ready_p): Delete. * doc/invoke.texi: Document -fdiagnostics-add-output= and -fdiagnostics-set-output=. * gcc.cc: Include "opts-diagnostic.h". (driver_handle_option): Handle cases OPT_fdiagnostics_add_output_ and OPT_fdiagnostics_set_output_. * opts-diagnostic.cc: New file. * opts-diagnostic.h (handle_OPT_fdiagnostics_add_output_): New decl. (handle_OPT_fdiagnostics_set_output_): New decl. * opts-global.cc (init_options_once): Update for global_dc's m_printer becoming reference printer. Call global_dc->refresh_output_sinks. * opts.cc (common_handle_option): Replace use of diagnostic_prefixing_rule with dc->set_prefixing_rule. Handle cases OPT_fdiagnostics_add_output_ and OPT_fdiagnostics_set_output_. Update for m_printer becoming reference printer. * selftest-diagnostic.cc (selftest::test_diagnostic_context::test_diagnostic_context): Update for m_printer becoming reference printer. (test_diagnostic_context::test_show_locus): Likewise. * selftest-run-tests.cc (selftest::run_tests): Call selftest::opts_diagnostic_cc_tests. * selftest.h (selftest::opts_diagnostic_cc_tests): New decl. * simple-diagnostic-path.cc (selftest::simple_diagnostic_path_cc_tests): Use reference printer. * toplev.cc (announce_function): Update for global_dc's m_printer becoming reference printer. (toplev::main): Likewise. * tree-diagnostic.cc (tree_diagnostics_defaults): Replace use of diagnostic_format_decoder with context->set_format_decoder. * tree-diagnostic.h (tree_dump_pretty_printer::tree_dump_pretty_printer): Update for global_dc's m_printer becoming reference printer. * tree.cc (escaped_string::escape): Likewise. (selftest::test_escaped_strings): Likewise. gcc/ada/ChangeLog: PR other/116613 * gcc-interface/misc.cc (internal_error_function): Update for m_printer becoming reference printer. gcc/analyzer/ChangeLog: PR other/116613 * analyzer-language.cc (on_finish_translation_unit): Update for m_printer becoming reference printer. * engine.cc (run_checkers): Likewise. * program-point.cc (function_point::print_source_line): Likewise. gcc/c-family/ChangeLog: PR other/116613 * c-format.cc (selftest::test_type_mismatch_range_labels): Update for m_printer becoming reference printer. (selftest::test_type_mismatch_range_labels): Likewise. gcc/c/ChangeLog: PR other/116613 * c-objc-common.cc: Include "make-unique.h". (c_initialize_diagnostics): Use unique_ptr for pretty_printer. Use context->set_format_decoder. gcc/cp/ChangeLog: PR other/116613 * error.cc (cxx_initialize_diagnostics): Use unique_ptr for pretty_printer. Use context->set_format_decoder. * module.cc (noisy_p): Update for global_dc's m_printer becoming reference printer. gcc/d/ChangeLog: PR other/116613 * d-diagnostic.cc (d_diagnostic_report_diagnostic): Update for m_printer becoming reference printer. gcc/fortran/ChangeLog: PR other/116613 * error.cc (gfc_diagnostic_build_kind_prefix): Update for global_dc's m_printer becoming reference printer. (gfc_diagnostics_init): Replace usage of diagnostic_format_decoder with global_dc->set_format_decoder. gcc/jit/ChangeLog: PR other/116613 * dummy-frontend.cc: Include "make-unique.h". (class jit_diagnostic_listener): New. (jit_begin_diagnostic): Update comment. (jit_end_diagnostic): Drop call to add_diagnostic. (jit_langhook_init): Set the output format to a new jit_diagnostic_listener. * jit-playback.cc (playback::context::add_diagnostic): Add "text" param and use that rather than trying to get the text from a pretty_printer. * jit-playback.h (playback::context::add_diagnostic): Add "text" param. gcc/testsuite/ChangeLog: PR other/116613 * gcc.dg/plugin/analyzer_cpython_plugin.c (dump_refcnt_info): Update for global_dc's m_printer becoming reference printer. * gcc.dg/plugin/crash-test-ice-in-header-sarif-2.2.c: Replace usage of -fdiagnostics-format=sarif-file-2.2-prerelease with -fdiagnostics-set-output=sarif:version=2.2-prerelease. * gcc.dg/plugin/diagnostic_plugin_test_paths.c: Update for global_dc's m_printer becoming reference printer. * gcc.dg/plugin/diagnostic_plugin_xhtml_format.c: Update for changes to output formats. * gcc.dg/plugin/expensive_selftests_plugin.c: Update for global_dc's m_printer becoming reference printer. * gcc.dg/sarif-output/add-output-sarif-defaults.c: New test. * gcc.dg/sarif-output/bad-binary-op.c: New test. * gcc.dg/sarif-output/bad-binary-op.py: New support script. * gcc.dg/sarif-output/multiple-outputs.c: New test. * gcc.dg/sarif-output/multiple-outputs.py: New support script. * lib/scansarif.exp (verify-sarif-file): Add an optional second argument specifying the expected filename of the .sarif file. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2024-10-24analyzer: avoid implicit use of global_dc's pretty_printer [PR116613]David Malcolm1-29/+34
Previously, various places in the analyzer generated message strings by cloning the diagnostic_context's pretty_printer, printing to that pretty_printer's buffer, and then returning a copy of the buffer contents. This implicit use of a particular pretty printer doesn't work well for the "multiple diagnostic output formats" case (PR other/116613), such as differences in colorization, or in how phase 3 of formatting works. Hence as enabling work towards that, the following patch reworks the various functions returning a label_text string in favor of functions that print to a specific pretty_printer, such as diagnotic_event's "get_desc" vfunc, which becomes "print_desc". This makes the particular pretty_printer in use explicit in each case. Previously, the various pending_diagnostic::describe_* vfuncs returned a label_text, with the return of an empty string signifying that no description could be generated. With this patch, these vfuncs gain a "pretty_printer &" param and a bool return value and now either print to the pretty_printer and return true, or return false to signify the "no description available" case. No functional change intended. gcc/analyzer/ChangeLog: PR other/116613 * bounds-checking.cc (concrete_buffer_overflow::describe_final_event): Convert return type from label_text to bool. Add "pp" param and either print to it and return true, or return false. (concrete_buffer_overflow::describe_final_event_as_bytes): Convert to print to a pp rather than returning a label_text. (concrete_buffer_overflow::describe_final_event_as_bits): Likewise. (class concrete_buffer_over_read): Analogous changes to above. (class concrete_buffer_underwrite): Likewise. (class concrete_buffer_under_read): Likewise. (class symbolic_buffer_overflow): Likewise. (class symbolic_buffer_over_read): Likewise. * call-details.cc (class overlapping_buffers): Likewise. * call-info.cc (call_info::print): Reimplement. (class call_info::add_events_to_path::call_event): Convert "get_desc" vfunc to "print_desc", dropping return type, adding "pp" param, and printing to it. (class succeed_or_fail_call_info): Likewise. * call-info.h (class call_info): Likewise. (class succeed_or_fail_call_info): Likewise. * checker-event.cc (checker_event::dump): Reimplement. (checker_event::prepare_for_emission): Update for change from get_desc to print_desc. (debug_event::get_desc): Convert to... (debug_event::print_desc): ...this. (precanned_custom_event::get_desc): Convert to... (precanned_custom_event::print_desc): ...this. (statement_event::get_desc): Convert to... (statement_event::print_desc): ...this. (region_creation_event_memory_space::get_desc): Convert to... (region_creation_event_memory_space::print_desc): ...this. (region_creation_event_capacity::get_desc): Convert to... (region_creation_event_capacity::print_desc): ...this. (region_creation_event_allocation_size::get_desc): Convert to... (region_creation_event_allocation_size::print_desc): ...this. (region_creation_event_debug::get_desc): Convert to... (region_creation_event_debug::print_desc): ...this. (function_entry_event::get_desc): Convert to... (function_entry_event::print_desc): ...this. (state_change_event::get_desc): Convert to... (state_change_event::print_desc): ...this. (state_change_event::get_meaning): Update for change to pending_diagnostic::get_meaning_for_state_change. (superedge_event::should_filter_p): Convert from usage of get_desc to print_desc. (start_cfg_edge_event::get_desc): Convert to... (start_cfg_edge_event::print_desc): ...this. (call_event::get_desc): Convert to... (call_event::print_desc): ...this. (return_event::get_desc): Convert to... (return_event::print_desc): ...this. (start_consolidated_cfg_edges_event::get_desc): Convert to... (start_consolidated_cfg_edges_event::print_desc): ...this. (inlined_call_event::get_desc): Convert to... (inlined_call_event::print_desc): ...this. (setjmp_event::get_desc): Convert to... (setjmp_event::print_desc): ...this. (rewind_from_longjmp_event::get_desc): Convert to... (rewind_from_longjmp_event::print_desc): ...this. (rewind_to_setjmp_event::get_desc): Convert to... (rewind_to_setjmp_event::print_desc): ...this. (warning_event::get_desc): Convert to... (warning_event::print_desc): ...this. * checker-event.h: Convert the various "get_desc" vfunc decls to "print_desc". * checker-path.cc (checker_path::dump): Convert to usage of checker_event::print_desc. (checker_path::debug): Convert to debug form of checker_event::get_desc. * diagnostic-manager.cc (diagnostic_manager::prune_interproc_events): Likewise. (diagnostic_manager::prune_system_headers): Likewise. * engine.cc (call_summary_edge_info::get_desc): Convert to... (call_summary_edge_info::print_desc): ...this. (stale_jmp_buf::describe_final_event): Update for change to this vfunc. (tainted_args_function_custom_event::get_desc): Convert to... (tainted_args_function_custom_event::print_desc): ...this. (tainted_args_field_custom_event::get_desc): Convert to... (tainted_args_field_custom_event::print_desc): ...this. (tainted_args_callback_custom_event::get_desc): Convert to... (tainted_args_callback_custom_event::print_desc): ...this. (jump_through_null::describe_final_event): Update for change to this vfunc. * infinite-loop.cc (perpetual_start_cfg_edge_event::get_desc): Convert to... (perpetual_start_cfg_edge_event::print_desc): ...this. (looping_back_event::get_desc): Convert to... (looping_back_event::print_desc): ...this. (looping_back_event::describe_final_event): Update for change to this vfunc. * infinite-recursion.cc (class infinite_recursion_diagnostic): Update for changes to pending_diagnostic. * kf.cc (class putenv_of_auto_var): Likewise. (kf_realloc::impl_call_post): Update for changes to call_info. (kf_strchr::impl_call_post): Likewise. (kf_strncpy::impl_call_post): Likewise. (kf_strstr::impl_call_post): Likewise. (class kf_strtok::undefined_behavior): Update for changes to pending_diagnostic. (class strtok_call_info): Update for changes to call_info. * pending-diagnostic.cc (evdesc::event_desc::formatted_print): Delete. * pending-diagnostic.h (struct event_desc): Delete. (struct state_change): Drop event_desc base class. (struct call_with_state): Likewise. (struct return_of_state): Likewise. (struct final_event): Likewise. (pending_event::describe_state_change): Convert return type from label_text to bool. Add "pp" param and either print to it and return true, or return false. Do the latter for the base class implementation. (pending_event::describe_call_with_state): Likewise. (pending_event::describe_return_of_state): Likewise. (pending_event::describe_final_event): Likewise. * region-model.cc (poisoned_value_diagnostic::describe_final_event): Update for change to this vfunc. (shift_count_negative_diagnostic::describe_final_event): Likewise. (shift_count_overflow_diagnostic::describe_final_event): Likewise. (ptrdiff_region_creation_event::get_desc): Convert to... (ptrdiff_region_creation_event::print_desc): ...this. (undefined_ptrdiff_diagnostic::describe_final_event): Update for change to this vfunc. (write_to_const_diagnostic::describe_final_event): Likewise. (write_to_string_literal_diagnostic::describe_final_event): Likewise. (dubious_allocation_size::describe_final_event): Likewise. (null_terminator_check_event::get_desc): Convert to... (null_terminator_check_event::print_desc): ...this. (float_as_size_arg::describe_final_event): Update for change to this vfunc. (exposure_through_uninit_copy::describe_final_event): Likewise. * sm-fd.cc: Include "diagnostic-core.h". Update throughout for changes to pending_diagnostic vfuncs. * sm-file.cc: Likewise. * sm-malloc.cc: Likewise. * sm-sensitive.cc: Likewise. * sm-signal.cc: Likewise. * sm-taint.cc: Likewise. * varargs.cc: Likewise. gcc/ChangeLog: PR other/116613 * diagnostic-format-json.cc (make_json_for_path): Add "ref_pp" param and use when obtaining event descriptions. (json_output_format::on_report_diagnostic): Pass this format's printer as the above. * diagnostic-format-sarif.cc (sarif_builder::make_location_object): Clone this format's printer and use it to obtain the text of the message. * diagnostic-path.cc: Include "pretty-print-markup.h". (diagnostic_event::get_desc): New. (path_label::get_text): Update for changes to diagnostic_event. (event_range::print): Likewise. (class element_event_desc): New. (diagnostic_text_output_format::print_path): Update for changes to diagnostic_event. * diagnostic-path.h (diagnostic_event::get_desc): Replace with... (diagnostic_event::print_desc): ...this. (diagnostic_event::get_desc): Add this back for debugging, without the bool param. * pretty-print.cc (pp_printf_n): New. * pretty-print.h (pp_printf_n): New decl. * selftest-diagnostic-path.h (test_diagnostic_event::get_desc): Convert to... (test_diagnostic_event::print_desc): ...this. * simple-diagnostic-path.cc (simple_diagnostic_event::print_desc): New. (selftest::test_intraprocedural_path): Use debug form of get_desc. * simple-diagnostic-path.h (simple_diagnostic_event::get_desc): Convert to... (simple_diagnostic_event::print_desc): ...this, moving implementation to test_diagnostic_event. gcc/testsuite/ChangeLog: PR other/116613 * gcc.dg/plugin/analyzer_cpython_plugin.c: Convert call outcomes from "get_desc" to print_desc". * gcc.dg/plugin/analyzer_gil_plugin.c: Update for changes to pending_diagnostic vfuncs. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2024-09-20analyzer: simplify dumps using tree_dump_pretty_printer [PR116613]David Malcolm1-10/+2
There are numerous "dump" member functions in the analyzer with copied-and-pasted logic. Simplify them by moving the shared code to a new class tree_dump_pretty_printer. As well as reducing code duplication, this eliminates numerous uses of pp_show_color (global_dc->m_printer), which should ultimately help with supporting multiple diagnostic sinks. No functional change intended. gcc/analyzer/ChangeLog: PR other/116613 * access-diagram.cc (access_range::dump): Simplify using tree_dump_pretty_printer. * call-details.cc (call_details::dump): Likewise. * call-summary.cc (call_summary::dump): Likewise. (call_summary_replay::dump): Likewise. * checker-event.cc (checker_event::debug): Likewise. * constraint-manager.cc (range::dump): Likewise. (bounded_range::dump): Likewise. (bounded_ranges::dump): Likewise. (constraint_manager::dump): Likewise. * engine.cc (exploded_node::dump): Likewise. (exploded_path::dump): Likewise. * program-point.cc (program_point::dump): Likewise. * program-state.cc (extrinsic_state::dump_to_file): Likewise. (sm_state_map::dump): Likewise. (program_state::dump_to_file): Likewise. * ranges.cc (symbolic_byte_offset::dump): Likewise. (symbolic_byte_range::dump): Likewise. * record-layout.cc (record_layout::dump): Likewise. * region-model-reachability.cc (reachable_regions::dump): Likewise. * region-model.cc (region_to_value_map::dump): Likewise. (region_model::dump): Likewise. (model_merger::dump): Likewise. * region.cc (region_offset::dump): Likewise. (region::dump): Likewise. * sm-malloc.cc (deallocator_set::dump): Likewise. * store.cc (uncertainty_t::dump): Likewise. (binding_key::dump): Likewise. (bit_range::dump): Likewise. (byte_range::dump): Likewise. (binding_map::dump): Likewise. (binding_cluster::dump): Likewise. (store::dump): Likewise. * supergraph.cc (superedge::dump): Likewise. * svalue.cc (svalue::dump): Likewise. gcc/ChangeLog: PR other/116613 * text-art/dump.h (dump_to_file): Simplify using tree_dump_pretty_printer. * tree-diagnostic.h (class tree_dump_pretty_printer): New. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2024-09-09diagnostics: rename dc.printer to m_printer [PR116613]David Malcolm1-3/+3
Rename diagnostic_context's "printer" field to "m_printer", for consistency with other fields, and to highlight places where we currently use this, to help assess feasibility of supporting multiple output sinks (PR other/116613). No functional change intended. gcc/ChangeLog: PR other/116613 * attribs.cc (decls_mismatched_attributes): Rename diagnostic_context's "printer" field to "m_printer". (attr_access::array_as_string): Likewise. * diagnostic-format-json.cc (json_output_format::on_report_diagnostic): Likewise. (diagnostic_output_format_init_json): Likewise. * diagnostic-format-sarif.cc (sarif_result::on_nested_diagnostic): Likewise. (sarif_ice_notification): Likewise. (sarif_builder::on_report_diagnostic): Likewise. (sarif_builder::make_result_object): Likewise. (sarif_builder::make_location_object): Likewise. (sarif_builder::make_message_object_for_diagram): Likewise. (diagnostic_output_format_init_sarif): Likewise. * diagnostic-format-text.cc (diagnostic_text_output_format::~diagnostic_text_output_format): Likewise. (diagnostic_text_output_format::on_report_diagnostic): Likewise. (diagnostic_text_output_format::on_diagram): Likewise. (diagnostic_text_output_format::print_any_cwe): Likewise. (diagnostic_text_output_format::print_any_rules): Likewise. (diagnostic_text_output_format::print_option_information): Likewise. * diagnostic-format.h (diagnostic_output_format::get_printer): New. * diagnostic-global-context.cc (verbatim): Rename diagnostic_context's "printer" field to "m_printer". * diagnostic-path.cc (path_label::get_text): Likewise. (print_path_summary_as_text): Likewise. (diagnostic_context::print_path): Likewise. (selftest::test_empty_path): Likewise. (selftest::test_intraprocedural_path): Likewise. (selftest::test_interprocedural_path_1): Likewise. (selftest::test_interprocedural_path_2): Likewise. (selftest::test_recursion): Likewise. (selftest::test_control_flow_1): Likewise. (selftest::test_control_flow_2): Likewise. (selftest::test_control_flow_3): Likewise. (assert_cfg_edge_path_streq): Likewise. (selftest::test_control_flow_5): Likewise. (selftest::test_control_flow_6): Likewise. * diagnostic-show-locus.cc (layout::layout): Likewise. (selftest::test_layout_x_offset_display_utf8): Likewise. (selftest::test_layout_x_offset_display_tab): Likewise. (selftest::test_diagnostic_show_locus_unknown_location): Likewise. (selftest::test_one_liner_simple_caret): Likewise. (selftest::test_one_liner_no_column): Likewise. (selftest::test_one_liner_caret_and_range): Likewise. (selftest::test_one_liner_multiple_carets_and_ranges): Likewise. (selftest::test_one_liner_fixit_insert_before): Likewise. (selftest::test_one_liner_fixit_insert_after): Likewise. (selftest::test_one_liner_fixit_remove): Likewise. (selftest::test_one_liner_fixit_replace): Likewise. (selftest::test_one_liner_fixit_replace_non_equal_range): Likewise. (selftest::test_one_liner_fixit_replace_equal_secondary_range): Likewise. (selftest::test_one_liner_fixit_validation_adhoc_locations): Likewise. (selftest::test_one_liner_many_fixits_1): Likewise. (selftest::test_one_liner_many_fixits_2): Likewise. (selftest::test_one_liner_labels): Likewise. (selftest::test_one_liner_simple_caret_utf8): Likewise. (selftest::test_one_liner_caret_and_range_utf8): Likewise. (selftest::test_one_liner_multiple_carets_and_ranges_utf8): Likewise. (selftest::test_one_liner_fixit_insert_before_utf8): Likewise. (selftest::test_one_liner_fixit_insert_after_utf8): Likewise. (selftest::test_one_liner_fixit_remove_utf8): Likewise. (selftest::test_one_liner_fixit_replace_utf8): Likewise. (selftest::test_one_liner_fixit_replace_non_equal_range_utf8): Likewise. (selftest::test_one_liner_fixit_replace_equal_secondary_range_utf8): Likewise. (selftest::test_one_liner_fixit_validation_adhoc_locations_utf8): Likewise. (selftest::test_one_liner_many_fixits_1_utf8): Likewise. (selftest::test_one_liner_many_fixits_2_utf8): Likewise. (selftest::test_one_liner_labels_utf8): Likewise. (selftest::test_one_liner_colorized_utf8): Likewise. (selftest::test_add_location_if_nearby): Likewise. (selftest::test_diagnostic_show_locus_fixit_lines): Likewise. (selftest::test_overlapped_fixit_printing): Likewise. (selftest::test_overlapped_fixit_printing_utf8): Likewise. (selftest::test_overlapped_fixit_printing_2): Likewise. (selftest::test_fixit_insert_containing_newline): Likewise. (selftest::test_fixit_insert_containing_newline_2): Likewise. (selftest::test_fixit_replace_containing_newline): Likewise. (selftest::test_fixit_deletion_affecting_newline): Likewise. (selftest::test_tab_expansion): Likewise. (selftest::test_escaping_bytes_1): Likewise. (selftest::test_escaping_bytes_2): Likewise. (selftest::test_line_numbers_multiline_range): Likewise. * diagnostic.cc (file_name_as_prefix): Likewise. (diagnostic_set_caret_max_width): Likewise. (diagnostic_context::initialize): Likewise. (diagnostic_context::color_init): Likewise. (diagnostic_context::urls_init): Likewise. (diagnostic_context::finish): Likewise. (diagnostic_context::get_location_text): Likewise. (diagnostic_build_prefix): Likewise. (diagnostic_context::report_current_module): Likewise. (default_diagnostic_starter): Likewise. (default_diagnostic_start_span_fn): Likewise. (default_diagnostic_finalizer): Likewise. (diagnostic_context::report_diagnostic): Likewise. (diagnostic_append_note): Likewise. (diagnostic_context::error_recursion): Likewise. (fancy_abort): Likewise. * diagnostic.h (diagnostic_context::set_show_highlight_colors): Likewise. (diagnostic_context::printer): Rename to... (diagnostic_context::m_printer): ...this. (diagnostic_format_decoder): Rename diagnostic_context's "printer" field to "m_printer". (diagnostic_prefixing_rule): Likewise. (diagnostic_ready_p): Likewise. * gimple-ssa-warn-access.cc (pass_waccess::maybe_warn_memmodel): Likewise. * langhooks.cc (lhd_print_error_function): Likewise. * lto-wrapper.cc (print_lto_docs_link): Likewise. * opts-global.cc (init_options_once): Likewise. * opts.cc (common_handle_option): Likewise. * simple-diagnostic-path.cc (simple_diagnostic_path_cc_tests): Likewise. * text-art/dump.h (dump_to_file<T>): Likewise. * toplev.cc (announce_function): Likewise. (toplev::main): Likewise. * tree-diagnostic.cc (default_tree_diagnostic_starter): Likewise. * tree.cc (escaped_string::escape): Likewise. (selftest::test_escaped_strings): Likewise. gcc/ada/ChangeLog: PR other/116613 * gcc-interface/misc.cc (internal_error_function): Rename diagnostic_context's "printer" field to "m_printer". gcc/analyzer/ChangeLog: PR other/116613 * access-diagram.cc (access_range::dump): Rename diagnostic_context's "printer" field to "m_printer". * analyzer-language.cc (on_finish_translation_unit): Likewise. * analyzer.cc (make_label_text): Likewise. (make_label_text_n): Likewise. * call-details.cc (call_details::dump): Likewise. * call-summary.cc (call_summary::dump): Likewise. (call_summary_replay::dump): Likewise. * checker-event.cc (checker_event::debug): Likewise. * constraint-manager.cc (range::dump): Likewise. (bounded_range::dump): Likewise. (bounded_ranges::dump): Likewise. (constraint_manager::dump): Likewise. * diagnostic-manager.cc (diagnostic_manager::emit_saved_diagnostic): Likewise. * engine.cc (exploded_node::dump): Likewise. (exploded_path::dump): Likewise. (run_checkers): Likewise. * kf-analyzer.cc (kf_analyzer_dump_escaped::impl_call_pre): Likewise. * pending-diagnostic.cc (evdesc::event_desc::formatted_print): Likewise. * program-point.cc (function_point::print_source_line): Likewise. (program_point::dump): Likewise. * program-state.cc (extrinsic_state::dump_to_file): Likewise. (sm_state_map::dump): Likewise. (program_state::dump_to_file): Likewise. * ranges.cc (symbolic_byte_offset::dump): Likewise. (symbolic_byte_range::dump): Likewise. * region-model-reachability.cc (reachable_regions::dump): Likewise. * region-model.cc (region_to_value_map::dump): Likewise. (region_model::dump): Likewise. (model_merger::dump): Likewise. * region.cc (region_offset::dump): Likewise. (region::dump): Likewise. * sm-malloc.cc (deallocator_set::dump): Likewise. (sufficiently_similar_p): Likewise. * store.cc (uncertainty_t::dump): Likewise. (binding_key::dump): Likewise. (binding_map::dump): Likewise. (binding_cluster::dump): Likewise. (store::dump): Likewise. * supergraph.cc (supergraph::dump_dot_to_file): Likewise. (superedge::dump): Likewise. * svalue.cc (svalue::dump): Likewise. gcc/c-family/ChangeLog: PR other/116613 * c-format.cc (selftest::test_type_mismatch_range_labels): Rename diagnostic_context's "printer" field to "m_printer". (selftest::test_type_mismatch_range_labels): Likewise. * c-opts.cc (c_diagnostic_finalizer): Likewise. gcc/c/ChangeLog: PR other/116613 * c-objc-common.cc (c_initialize_diagnostics): Rename diagnostic_context's "printer" field to "m_printer". gcc/cp/ChangeLog: PR other/116613 * error.cc (cxx_initialize_diagnostics): Rename diagnostic_context's "printer" field to "m_printer". (cxx_print_error_function): Likewise. (cp_diagnostic_starter): Likewise. (cp_print_error_function): Likewise. (print_instantiation_full_context): Likewise. (print_instantiation_partial_context_line): Likewise. (maybe_print_constexpr_context): Likewise. (print_location): Likewise. (print_constrained_decl_info): Likewise. (print_concept_check_info): Likewise. (print_constraint_context_head): Likewise. (print_requires_expression_info): Likewise. * module.cc (noisy_p): Likewise. gcc/d/ChangeLog: PR other/116613 * d-diagnostic.cc (d_diagnostic_report_diagnostic): Rename diagnostic_context's "printer" field to "m_printer". gcc/fortran/ChangeLog: PR other/116613 * error.cc (gfc_clear_pp_buffer): Rename diagnostic_context's "printer" field to "m_printer". (gfc_warning): Likewise. (gfc_diagnostic_build_kind_prefix): Likewise. (gfc_diagnostic_build_locus_prefix): Likewise. (gfc_diagnostic_starter): Likewise. (gfc_diagnostic_starter): Likewise. (gfc_diagnostic_start_span): Likewise. (gfc_diagnostic_finalizer): Likewise. (gfc_warning_check): Likewise. (gfc_error_opt): Likewise. (gfc_error_check): Likewise. gcc/jit/ChangeLog: PR other/116613 * jit-playback.cc (add_diagnostic): Rename diagnostic_context's "printer" field to "m_printer". gcc/testsuite/ChangeLog: PR other/116613 * gcc.dg/plugin/analyzer_cpython_plugin.c (dump_refcnt_info): Update for renaming of field "printer" to "m_printer". * gcc.dg/plugin/diagnostic_group_plugin.c (test_diagnostic_starter): Likewise. (test_diagnostic_start_span_fn): Likewise. (test_output_format::on_begin_group): Likewise. (test_output_format::on_end_group): Likewise. * gcc.dg/plugin/diagnostic_plugin_test_paths.c: Likewise. * gcc.dg/plugin/diagnostic_plugin_test_show_locus.c (custom_diagnostic_finalizer): Likewise. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2024-07-24analyzer: reduce use of naked "new" for json dumpsDavid Malcolm1-7/+6
No functional change intended. gcc/analyzer/ChangeLog: * call-string.cc (call_string::to_json): Avoid naked "new". * constraint-manager.cc (bounded_range::set_json_attr): Likewise. (equiv_class::to_json): Likewise. (constraint::to_json): Likewise. (bounded_ranges_constraint::to_json): Likewise. * diagnostic-manager.cc (saved_diagnostic::to_json): Likewise. (saved_diagnostic::maybe_add_sarif_properties): Likewise. * engine.cc (exploded_node::to_json): Likewise. (exploded_edge::to_json): Likewise. * program-point.cc (program_point::to_json): Likewise. * program-state.cc (program_state::to_json): Likewise. * sm.cc (state_machine::to_json): Likewise. * store.cc (binding_cluster::to_json): Likewise. (store::to_json): Likewise. * supergraph.cc (supernode::to_json): Likewise. (superedge::to_json): Likewise. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2024-07-04analyzer: convert sm_context * to sm_context &David Malcolm1-4/+4
These are never nullptr and never change, so use a reference rather than a pointer. No functional change intended. gcc/analyzer/ChangeLog: * diagnostic-manager.cc (diagnostic_manager::add_events_for_eedge): Pass sm_ctxt by reference. * engine.cc (impl_region_model_context::on_condition): Likewise. (impl_region_model_context::on_bounded_ranges): Likewise. (impl_region_model_context::on_phi): Likewise. (exploded_node::on_stmt): Likewise. * sm-fd.cc: Update all uses of sm_context * to sm_context &. * sm-file.cc: Likewise. * sm-malloc.cc: Likewise. * sm-pattern-test.cc: Likewise. * sm-sensitive.cc: Likewise. * sm-signal.cc: Likewise. * sm-taint.cc: Likewise. * sm.h: Likewise. * varargs.cc: Likewise. gcc/testsuite/ChangeLog: * gcc.dg/plugin/analyzer_gil_plugin.c: Update all uses of sm_context * to sm_context &. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2024-06-12pretty_printer: make all fields privateDavid Malcolm1-3/+3
No functional change intended. gcc/analyzer/ChangeLog: * access-diagram.cc (access_range::dump): Update for fields of pretty_printer becoming private. * call-details.cc (call_details::dump): Likewise. * call-summary.cc (call_summary::dump): Likewise. (call_summary_replay::dump): Likewise. * checker-event.cc (checker_event::debug): Likewise. * constraint-manager.cc (range::dump): Likewise. (bounded_range::dump): Likewise. (constraint_manager::dump): Likewise. * engine.cc (exploded_node::dump): Likewise. (exploded_path::dump): Likewise. (exploded_path::dump_to_file): Likewise. * feasible-graph.cc (feasible_graph::dump_feasible_path): Likewise. * program-point.cc (program_point::dump): Likewise. * program-state.cc (extrinsic_state::dump_to_file): Likewise. (sm_state_map::dump): Likewise. (program_state::dump_to_file): Likewise. * ranges.cc (symbolic_byte_offset::dump): Likewise. (symbolic_byte_range::dump): Likewise. * record-layout.cc (record_layout::dump): Likewise. * region-model-reachability.cc (reachable_regions::dump): Likewise. * region-model.cc (region_to_value_map::dump): Likewise. (region_model::dump): Likewise. (model_merger::dump): Likewise. * region-model.h (one_way_id_map<T>::dump): Likewise. * region.cc (region_offset::dump): Likewise. (region::dump): Likewise. * sm-malloc.cc (deallocator_set::dump): Likewise. * store.cc (uncertainty_t::dump): Likewise. (binding_key::dump): Likewise. (bit_range::dump): Likewise. (byte_range::dump): Likewise. (binding_map::dump): Likewise. (binding_cluster::dump): Likewise. (store::dump): Likewise. * supergraph.cc (supergraph::dump_dot_to_file): Likewise. (superedge::dump): Likewise. * svalue.cc (svalue::dump): Likewise. gcc/c-family/ChangeLog: * c-ada-spec.cc (dump_ads): Update for fields of pretty_printer becoming private. * c-pretty-print.cc: Likewise throughout. gcc/c/ChangeLog: * c-objc-common.cc (print_type): Update for fields of pretty_printer becoming private. (c_tree_printer): Likewise. gcc/cp/ChangeLog: * cxx-pretty-print.cc: Update throughout for fields of pretty_printer becoming private. * error.cc: Likewise. gcc/ChangeLog: * diagnostic.cc (diagnostic_context::urls_init): Update for fields of pretty_printer becoming private. (diagnostic_context::print_any_cwe): Likewise. (diagnostic_context::print_any_rules): Likewise. (diagnostic_context::print_option_information): Likewise. * diagnostic.h (diagnostic_format_decoder): Likewise. (diagnostic_prefixing_rule): Likewise, fixing typo. * digraph.cc (test_dump_to_dot): Likewise. * digraph.h (digraph<GraphTraits>::dump_dot_to_file): Likewise. * dumpfile.cc (dump_pretty_printer::emit_any_pending_textual_chunks): Likewise. * gimple-pretty-print.cc (print_gimple_stmt): Likewise. (print_gimple_expr): Likewise. (print_gimple_seq): Likewise. (dump_ssaname_info_to_file): Likewise. (gimple_dump_bb): Likewise. * graph.cc (print_graph_cfg): Likewise. (start_graph_dump): Likewise. * langhooks.cc (lhd_print_error_function): Likewise. * lto-wrapper.cc (print_lto_docs_link): Likewise. * pretty-print.cc (pp_set_real_maximum_length): Convert to... (pretty_printer::set_real_maximum_length): ...this. (pp_clear_state): Convert to... (pretty_printer::clear_state): ...this. (pp_wrap_text): Update for pp_remaining_character_count_for_line becoming a member function. (urlify_quoted_string): Update for fields of pretty_printer becoming private. (pp_format): Convert to... (pretty_printer::format): ...this. Reduce the scope of local variables "old_line_length" and "old_wrapping_mode" and make const. Reduce the scope of locals "args", "new_chunk_array", "curarg", "any_unnumbered", and "any_numbered". (pp_output_formatted_text): Update for fields of pretty_printer becoming private. (pp_flush): Likewise. (pp_really_flush): Likewise. (pp_set_line_maximum_length): Likewise. (pp_set_prefix): Convert to... (pretty_printer::set_prefix): ...this. (pp_take_prefix): Update for fields of pretty_printer gaining "m_" prefixes. (pp_destroy_prefix): Likewise. (pp_emit_prefix): Convert to... (pretty_printer::emit_prefix): ...this. (pretty_printer::pretty_printer): Update both ctors for fields gaining "m_" prefixes. (pretty_printer::~pretty_printer): Likewise for dtor. (pp_append_text): Update for pp_emit_prefix becoming pretty_printer::emit_prefix. (pp_remaining_character_count_for_line): Convert to... (pretty_printer::remaining_character_count_for_line): ...this. (pp_character): Update for above change. (pp_maybe_space): Convert to... (pretty_printer::maybe_space): ...this. (pp_begin_url): Convert to... (pretty_printer::begin_url): ...this. (get_end_url_string): Update for fields of pretty_printer becoming private. (pp_end_url): Convert to... (pretty_printer::end_url): ...this. (selftest::test_pretty_printer::test_pretty_printer): Update for fields of pretty_printer becoming private. (selftest::test_urls): Likewise. (selftest::test_null_urls): Likewise. (selftest::test_urlification): Likewise. * pretty-print.h (pp_line_cutoff): Convert from macro to inline function. (pp_prefixing_rule): Likewise. (pp_wrapping_mode): Likewise. (pp_format_decoder): Likewise. (pp_needs_newline): Likewise. (pp_indentation): Likewise. (pp_translate_identifiers): Likewise. (pp_show_color): Likewise. (pp_buffer): Likewise. (pp_get_prefix): Add forward decl to allow friend decl. (pp_take_prefix): Likewise. (pp_destroy_prefix): Likewise. (class pretty_printer): Fix typo in leading comment. Add "friend" decls for the various new accessor functions that were formerly macros and for pp_get_prefix, pp_take_prefix, and pp_destroy_prefix. Make all fields private. (pretty_printer::set_output_stream): New. (pretty_printer::set_prefix): New decl. (pretty_printer::emit_prefix): New decl. (pretty_printer::format): New decl. (pretty_printer::maybe_space): New decl. (pretty_printer::supports_urls_p): New. (pretty_printer::get_url_format): New. (pretty_printer::set_url_format): New. (pretty_printer::begin_url): New decl. (pretty_printer::end_url): New decl. (pretty_printer::set_verbatim_wrapping): New. (pretty_printer::set_padding): New. (pretty_printer::get_padding): New. (pretty_printer::clear_state): New decl. (pretty_printer::set_real_maximum_length): New decl. (pretty_printer::remaining_character_count_for_line): New decl. (pretty_printer::buffer): Rename to... (pretty_printer::m_buffer): ...this. (pretty_printer::prefix): Rename to... (pretty_printer::m_prefix): ...this; (pretty_printer::padding): Rename to... (pretty_printer::m_padding): ...this; (pretty_printer::maximum_length): Rename to... (pretty_printer::m_maximum_length): ...this; (pretty_printer::indent_skip): Rename to... (pretty_printer::m_indent_skip): ...this; (pretty_printer::wrapping): Rename to... (pretty_printer::m_wrapping): ...this; (pretty_printer::format_decoder): Rename to... (pretty_printer::m_format_decoder): ...this; (pretty_printer::emitted_prefix): Rename to... (pretty_printer::m_emitted_prefix): ...this; (pretty_printer::need_newline): Rename to... (pretty_printer::m_need_newline): ...this; (pretty_printer::translate_identifiers): Rename to... (pretty_printer::m_translate_identifiers): ...this; (pretty_printer::show_color): Rename to... (pretty_printer::m_show_color): ...this; (pretty_printer::url_format): Rename to... (pretty_printer::m_url_format): ...this; (pp_get_prefix): Reformat. (pp_format_postprocessor): New inline function. (pp_take_prefix): Move decl to before class pretty_printer. (pp_destroy_prefix): Likewise. (pp_set_prefix): Convert to inline function. (pp_emit_prefix): Convert to inline function. (pp_format): Convert to inline function. (pp_maybe_space): Convert to inline function. (pp_begin_url): Convert to inline function. (pp_end_url): Convert to inline function. (pp_set_verbatim_wrapping): Convert from macro to inline function, renaming... (pp_set_verbatim_wrapping_): ...this. * print-rtl.cc (dump_value_slim): Update for fields of pretty_printer becoming private. (dump_insn_slim): Likewise. (dump_rtl_slim): Likewise. * print-tree.cc (print_node): Likewise. * sched-rgn.cc (dump_rgn_dependencies_dot): Likewise. * text-art/canvas.cc (canvas::print_to_pp): Likewise. (canvas::debug): Likewise. (selftest::test_canvas_urls): Likewise. * text-art/dump.h (dump_to_file): Likewise. * text-art/selftests.cc (selftest::assert_canvas_streq): Likewise. * text-art/style.cc (style::print_changes): Likewise. * text-art/styled-string.cc (styled_string::from_fmt_va): Likewise. * tree-diagnostic-path.cc (control_flow_tests): Update for pp_show_color becoming an inline function. * tree-loop-distribution.cc (dot_rdg_1): Update for fields of pretty_printer becoming private. * tree-pretty-print.cc (maybe_init_pretty_print): Likewise. * value-range.cc (vrange::dump): Likewise. (irange_bitmask::dump): Likewise. gcc/fortran/ChangeLog: * error.cc (gfc_clear_pp_buffer): Likewise. (gfc_warning): Likewise. (gfc_warning_check): Likewise. (gfc_error_opt): Likewise. (gfc_error_check): Likewise. gcc/jit/ChangeLog: * jit-recording.cc (recording::function::dump_to_dot): Update for fields of pretty_printer becoming private. gcc/testsuite/ChangeLog: * gcc.dg/plugin/analyzer_cpython_plugin.c (dump_refcnt_info): Update for fields of pretty_printer becoming private. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2024-06-07analyzer: add logging to get_representative_path_varDavid Malcolm1-1/+2
This was very helpful when debugging the cast_region::m_original_region removal, but is probably too verbose to enable except by hand on specific calls to get_representative_tree. gcc/analyzer/ChangeLog: * engine.cc (impl_region_model_context::on_state_leak): Pass nullptr to get_representative_path_var. * region-model.cc (region_model::get_representative_path_var_1): Add logger param and use it in both overloads. (region_model::get_representative_path_var): Likewise. (region_model::get_representative_tree): Likewise. (selftest::test_get_representative_path_var): Pass nullptr to get_representative_path_var. * region-model.h (region_model::get_representative_tree): Add optional logger param to both overloads. (region_model::get_representative_path_var): Add logger param to both overloads. (region_model::get_representative_path_var_1): Likewise. * store.cc (binding_cluster::get_representative_path_vars): Add logger param and use it. (store::get_representative_path_vars): Likewise. * store.h (binding_cluster::get_representative_path_vars): Add logger param. (store::get_representative_path_vars): Likewise. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2024-06-01analyzer: detect -Wanalyzer-allocation-size at call stmts [PR106203]David Malcolm1-1/+6
gcc/analyzer/ChangeLog: PR analyzer/106203 * checker-event.h: Include "analyzer/event-loc-info.h". (struct event_loc_info): Move to its own header file. * diagnostic-manager.cc (diagnostic_manager::emit_saved_diagnostic): Move creation of event_loc_info here from add_final_event, and if we have a stmt_finder, call its update_event_loc_info method. * engine.cc (leak_stmt_finder::update_event_loc_info): New. (exploded_node::detect_leaks): Likewise. (exploded_node::detect_leaks): Pass nullptr as call_stmt arg to region_model::pop_frame. * event-loc-info.h: New file, with content taken from checker-event.h. * exploded-graph.h (stmt_finder::update_event_loc_info): New pure virtual function. * infinite-loop.cc (infinite_loop_diagnostic::add_final_event): Update for change to vfunc signature. * infinite-recursion.cc (infinite_recursion_diagnostic::add_final_event): Likewise. * pending-diagnostic.cc (pending_diagnostic::add_final_event): Pass in the event_loc_info from the caller, rather than generating it from a gimple stmt and enode. * pending-diagnostic.h (pending_diagnostic::add_final_event): Likewise. * region-model.cc (region_model::on_longjmp): Pass nullptr as call_stmt arg to region_model::pop_frame. (region_model::update_for_return_gcall): Likewise, but pass call_stmt. (class caller_context): New. (region_model::pop_frame): Add "call_stmt" argument. Use it and the frame_region with a caller_context when setting result_dst_reg's value so that any diagnostic is reported at the call stmt in the caller. (selftest::test_stack_frames): Pass nullptr as call_stmt arg to region_model::pop_frame. (selftest::test_alloca): Likewise. * region-model.h (region_model::pop_frame): Add "call_stmt" argument. gcc/testsuite/ChangeLog: PR analyzer/106203 * c-c++-common/analyzer/allocation-size-1.c (test_9): Remove xfail. * c-c++-common/analyzer/allocation-size-2.c (test_8): Likewise. * gcc.dg/analyzer/allocation-size-multiline-4.c: New test. * gcc.dg/plugin/analyzer_cpython_plugin.c (refcnt_stmt_finder::update_event_loc_info): New. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2024-05-30Add new text_art::tree_widget and use it in analyzerDavid Malcolm1-3/+26
This patch adds a new text_art::tree_widget, which makes it easy to generate hierarchical visualizations using either ASCII: +- Child 0 | +- Grandchild 0 0 | +- Grandchild 0 1 | `- Grandchild 0 2 +- Child 1 | +- Grandchild 1 0 | +- Grandchild 1 1 | `- Grandchild 1 2 `- Child 2 +- Grandchild 2 0 +- Grandchild 2 1 `- Grandchild 2 2 or Unicode: Root ├─ Child 0 │ ├─ Grandchild 0 0 │ ├─ Grandchild 0 1 │ ╰─ Grandchild 0 2 ├─ Child 1 │ ├─ Grandchild 1 0 │ ├─ Grandchild 1 1 │ ╰─ Grandchild 1 2 ╰─ Child 2 ├─ Grandchild 2 0 ├─ Grandchild 2 1 ╰─ Grandchild 2 2 potentially with colorization of the connecting lines. It adds a new template for typename T: void text_art::dump<T> (const T&); for using this to dump any object to stderr that supports a make_dump_widget method, with similar templates for dumping to a pretty_printer * and a FILE *. It uses this within the analyzer to add two new families of dumping methods: one for program states, e.g.: (gdb) call state->dump() State ├─ Region Model │ ├─ Current Frame: frame: ‘calls_malloc’@2 │ ├─ Store │ │ ├─ m_called_unknown_fn: false │ │ ├─ frame: ‘test’@1 │ │ │ ╰─ _1: (INIT_VAL(n_2(D))*(size_t)4) │ │ ╰─ frame: ‘calls_malloc’@2 │ │ ├─ result_4: &HEAP_ALLOCATED_REGION(27) │ │ ╰─ _5: &HEAP_ALLOCATED_REGION(27) │ ╰─ Dynamic Extents │ ╰─ HEAP_ALLOCATED_REGION(27): (INIT_VAL(n_2(D))*(size_t)4) ╰─ ‘malloc’ state machine ╰─ 0x468cb40: &HEAP_ALLOCATED_REGION(27): unchecked ({free}) (‘result_4’) and the other for showing the detail of the recursive makeup of svalues and regions, e.g. the (INIT_VAL(n_2(D))*(size_t)4) from above: (gdb) call size_in_bytes->dump() (17): ‘long unsigned int’: binop_svalue(mult_expr: ‘*’) ├─ (15): ‘size_t’: initial_svalue │ ╰─ m_reg: (12): ‘size_t’: decl_region(‘n_2(D)’) │ ╰─ parent: (9): frame_region(‘test’, index: 0, depth: 1) │ ╰─ parent: (1): stack region │ ╰─ parent: (0): root region ╰─ (16): ‘size_t’: constant_svalue (‘4’) I've already found both of these useful when debugging analyzer issues. The patch uses the former to update the output of -fdump-analyzer-exploded-nodes-2 and -fdump-analyzer-exploded-nodes-3. The older dumping functions within the analyzer are retained in case they turn out to still be useful for debugging. gcc/ChangeLog: * Makefile.in (OBJS-libcommon): Add text-art/tree-widget.o. * doc/analyzer.texi: Rewrite discussion of dumping state to cover the text_art::tree_widget-based dumps, with a more interesting example. * text-art/dump-widget-info.h: New file. * text-art/dump.h: New file. * text-art/selftests.cc (selftest::text_art_tests): Call text_art_tree_widget_cc_tests. * text-art/selftests.h (selftest::text_art_tree_widget_cc_tests): New decl. * text-art/theme.cc (ascii_theme::get_cppchar): Handle the various cell_kind::TREE_*. (unicode_theme::get_cppchar): Likewise. * text-art/theme.h (enum class theme::cell_kind): Add TREE_CHILD_NON_FINAL, TREE_CHILD_FINAL, TREE_X_CONNECTOR, and TREE_Y_CONNECTOR. * text-art/tree-widget.cc: New file. gcc/analyzer/ChangeLog: * call-details.cc: Define INCLUDE_VECTOR. * call-info.cc: Likewise. * call-summary.cc: Likewise. * checker-event.cc: Likewise. * checker-path.cc: Likewise. * complexity.cc: Likewise. * constraint-manager.cc: Likewise. (bounded_range::make_dump_widget): New. (bounded_ranges::add_to_dump_widget): New. (equiv_class::make_dump_widget): New. (constraint::make_dump_widget): New. (bounded_ranges_constraint::make_dump_widget): New. (constraint_manager::make_dump_widget): New. * constraint-manager.h (bounded_range::make_dump_widget): New decl. (bounded_ranges::add_to_dump_widget): New decl. (equiv_class::make_dump_widget): New decl. (constraint::make_dump_widget): New decl. (bounded_ranges_constraint::make_dump_widget): New decl. (constraint_manager::make_dump_widget): New decl. * diagnostic-manager.cc: Define INCLUDE_VECTOR. * engine.cc: Likewise. Include "text-art/dump.h". (setjmp_svalue::print_dump_widget_label): New. (setjmp_svalue::add_dump_widget_children): New. (exploded_graph::dump_exploded_nodes): Use text_art::dump_to_file for -fdump-analyzer-exploded-nodes-2 and -fdump-analyzer-exploded-nodes-3. Fix overlong line. * feasible-graph.cc: Define INCLUDE_VECTOR. * infinite-recursion.cc: Likewise. * kf-analyzer.cc: Likewise. * kf-lang-cp.cc: Likewise. * kf.cc: Likewise. * known-function-manager.cc: Likewise. * pending-diagnostic.cc: Likewise. * program-point.cc: Likewise. * program-state.cc: Likewise. Include "text-art/tree-widget" and "text-art/dump.h". (sm_state_map::make_dump_widget): New. (program_state::dump): New. (program_state::make_dump_widget): New. * program-state.h: Include "text-art/widget.h". (sm_state_map::make_dump_widget): New decl. (program_state::dump): New decl. (program_state::make_dump_widget): New decl. * ranges.cc: Define INCLUDE_VECTOR. * record-layout.cc: Likewise. * region-model-asm.cc: Likewise. * region-model-manager.cc: Likewise. * region-model-reachability.cc: Likewise. * region-model.cc: Likewise. Include "text-art/tree-widget.h". (region_to_value_map::make_dump_widget): New. (region_model::dump): New. (region_model::make_dump_widget): New. (selftest::test_dump): Add test of dump_to_pp<region_model>. * region-model.h: Include "text-art/widget.h" and "text-art/dump.h". (region_to_value_map::make_dump_widget): New decl. (region_model::dump): New decl. (region_model::make_dump_widget): New decl. * region.cc: Define INCLUDE_VECTOR and include "text-art/dump.h". (region::dump): New. (region::make_dump_widget): New. (region::add_dump_widget_children): New. (frame_region::print_dump_widget_label): New. (globals_region::print_dump_widget_label): New. (code_region::print_dump_widget_label): New. (function_region::print_dump_widget_label): New. (label_region::print_dump_widget_label): New. (stack_region::print_dump_widget_label): New. (heap_region::print_dump_widget_label): New. (root_region::print_dump_widget_label): New. (thread_local_region::print_dump_widget_label): New. (symbolic_region::print_dump_widget_label): New. (symbolic_region::add_dump_widget_children): New. (decl_region::print_dump_widget_label): New. (field_region::print_dump_widget_label): New. (element_region::print_dump_widget_label): New. (element_region::add_dump_widget_children): New. (offset_region::print_dump_widget_label): New. (offset_region::add_dump_widget_children): New. (sized_region::print_dump_widget_label): New. (sized_region::add_dump_widget_children): New. (cast_region::print_dump_widget_label): New. (cast_region::add_dump_widget_children): New. (heap_allocated_region::print_dump_widget_label): New. (alloca_region::print_dump_widget_label): New. (string_region::print_dump_widget_label): New. (bit_range_region::print_dump_widget_label): New. (var_arg_region::print_dump_widget_label): New. (errno_region::print_dump_widget_label): New. (private_region::print_dump_widget_label): New. (unknown_region::print_dump_widget_label): New. * region.h: Include "text-art/widget.h". (region::dump): New decl. (region::make_dump_widget): New decl. (region::add_dump_widget_children): New decl. (frame_region::print_dump_widget_label): New decl. (globals_region::print_dump_widget_label): New decl. (code_region::print_dump_widget_label): New decl. (function_region::print_dump_widget_label): New decl. (label_region::print_dump_widget_label): New decl. (stack_region::print_dump_widget_label): New decl. (heap_region::print_dump_widget_label): New decl. (root_region::print_dump_widget_label): New decl. (thread_local_region::print_dump_widget_label): New decl. (symbolic_region::print_dump_widget_label): New decl. (symbolic_region::add_dump_widget_children): New decl. (decl_region::print_dump_widget_label): New decl. (field_region::print_dump_widget_label): New decl. (element_region::print_dump_widget_label): New decl. (element_region::add_dump_widget_children): New decl. (offset_region::print_dump_widget_label): New decl. (offset_region::add_dump_widget_children): New decl. (sized_region::print_dump_widget_label): New decl. (sized_region::add_dump_widget_children): New decl. (cast_region::print_dump_widget_label): New decl. (cast_region::add_dump_widget_children): New decl. (heap_allocated_region::print_dump_widget_label): New decl. (alloca_region::print_dump_widget_label): New decl. (string_region::print_dump_widget_label): New decl. (bit_range_region::print_dump_widget_label): New decl. (var_arg_region::print_dump_widget_label): New decl. (errno_region::print_dump_widget_label): New decl. (private_region::print_dump_widget_label): New decl. (unknown_region::print_dump_widget_label): New decl. * sm-fd.cc: Define INCLUDE_VECTOR. * sm-file.cc: Likewise. * sm-malloc.cc: Likewise. * sm-pattern-test.cc: Likewise. * sm-signal.cc: Likewise. * sm-taint.cc: Likewise. * sm.cc: Likewise. * state-purge.cc: Likewise. * store.cc: Likewise. Include "text-art/tree-widget.h". (add_binding_to_tree_widget): New. (binding_map::add_to_tree_widget): New. (binding_cluster::make_dump_widget): New. (store::make_dump_widget): New. * store.h: Include "text-art/tree-widget.h". (binding_map::add_to_tree_widget): New decl. (binding_cluster::make_dump_widget): New decl. (store::make_dump_widget): New decl. * svalue.cc: Define INCLUDE_VECTOR. Include "make-unique.h" and "text-art/dump.h". (svalue::dump): New. (svalue::make_dump_widget): New. (region_svalue::print_dump_widget_label): New. (region_svalue::add_dump_widget_children): New. (constant_svalue::print_dump_widget_label): New. (constant_svalue::add_dump_widget_children): New. (unknown_svalue::print_dump_widget_label): New. (unknown_svalue::add_dump_widget_children): New. (poisoned_svalue::print_dump_widget_label): New. (poisoned_svalue::add_dump_widget_children): New. (initial_svalue::print_dump_widget_label): New. (initial_svalue::add_dump_widget_children): New. (unaryop_svalue::print_dump_widget_label): New. (unaryop_svalue::add_dump_widget_children): New. (binop_svalue::print_dump_widget_label): New. (binop_svalue::add_dump_widget_children): New. (sub_svalue::print_dump_widget_label): New. (sub_svalue::add_dump_widget_children): New. (repeated_svalue::print_dump_widget_label): New. (repeated_svalue::add_dump_widget_children): New. (bits_within_svalue::print_dump_widget_label): New. (bits_within_svalue::add_dump_widget_children): New. (widening_svalue::print_dump_widget_label): New. (widening_svalue::add_dump_widget_children): New. (placeholder_svalue::print_dump_widget_label): New. (placeholder_svalue::add_dump_widget_children): New. (unmergeable_svalue::print_dump_widget_label): New. (unmergeable_svalue::add_dump_widget_children): New. (compound_svalue::print_dump_widget_label): New. (compound_svalue::add_dump_widget_children): New. (conjured_svalue::print_dump_widget_label): New. (conjured_svalue::add_dump_widget_children): New. (asm_output_svalue::print_dump_widget_label): New. (asm_output_svalue::add_dump_widget_children): New. (const_fn_result_svalue::print_dump_widget_label): New. (const_fn_result_svalue::add_dump_widget_children): New. * svalue.h: Include "text-art/widget.h". Add "using text_art::dump_widget_info". (svalue::dump): New decl. (svalue::make_dump_widget): New decl. (svalue::print_dump_widget_label): New decl. (svalue::print_dump_widget_label): New decl. (svalue::add_dump_widget_children): New decl. (region_svalue::print_dump_widget_label): New decl. (region_svalue::add_dump_widget_children): New decl. (constant_svalue::print_dump_widget_label): New decl. (constant_svalue::add_dump_widget_children): New decl. (unknown_svalue::print_dump_widget_label): New decl. (unknown_svalue::add_dump_widget_children): New decl. (poisoned_svalue::print_dump_widget_label): New decl. (poisoned_svalue::add_dump_widget_children): New decl. (initial_svalue::print_dump_widget_label): New decl. (initial_svalue::add_dump_widget_children): New decl. (unaryop_svalue::print_dump_widget_label): New decl. (unaryop_svalue::add_dump_widget_children): New decl. (binop_svalue::print_dump_widget_label): New decl. (binop_svalue::add_dump_widget_children): New decl. (sub_svalue::print_dump_widget_label): New decl. (sub_svalue::add_dump_widget_children): New decl. (repeated_svalue::print_dump_widget_label): New decl. (repeated_svalue::add_dump_widget_children): New decl. (bits_within_svalue::print_dump_widget_label): New decl. (bits_within_svalue::add_dump_widget_children): New decl. (widening_svalue::print_dump_widget_label): New decl. (widening_svalue::add_dump_widget_children): New decl. (placeholder_svalue::print_dump_widget_label): New decl. (placeholder_svalue::add_dump_widget_children): New decl. (unmergeable_svalue::print_dump_widget_label): New decl. (unmergeable_svalue::add_dump_widget_children): New decl. (compound_svalue::print_dump_widget_label): New decl. (compound_svalue::add_dump_widget_children): New decl. (conjured_svalue::print_dump_widget_label): New decl. (conjured_svalue::add_dump_widget_children): New decl. (asm_output_svalue::print_dump_widget_label): New decl. (asm_output_svalue::add_dump_widget_children): New decl. (const_fn_result_svalue::print_dump_widget_label): New decl. (const_fn_result_svalue::add_dump_widget_children): New decl. * trimmed-graph.cc: Define INCLUDE_VECTOR. * varargs.cc: Likewise. gcc/testsuite/ChangeLog: * gcc.dg/plugin/analyzer_cpython_plugin.c: Define INCLUDE_VECTOR. * gcc.dg/plugin/analyzer_gil_plugin.c: Likewise. * gcc.dg/plugin/analyzer_kernel_plugin.c: Likewise. * gcc.dg/plugin/analyzer_known_fns_plugin.c: Likewise. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2024-05-03testsuite: fix analyzer C++ failures on Solaris [PR111475]David Malcolm1-1/+1
As part of PR analyzer/96395, these patches moved testcases from gcc.dg/analyzer to c-c++-common/analyzer: - r14-3503-g55f6a7d949abc7 - r14-3823-g50b5199cff6908 - r14-6564-gae034b9106fbdd Unfortunately this led to numerous g++ testsuite failures on Solaris, tracked as PR analyzer/111475. Almost all of the failures are due to standard library differences where including a C standard library on C++ e.g. <stdlib.h> leads to the plain symbols referencing the symbols "std::" via a "using" declaration, whereas I had written the code expecting them to use symbols in the root namespace. The analyzer has special-case handling of many functions by name. This patch generalizes such handling to also match against functions in "std::" for all of the cases I found in the testsuite (via manual inspection of the preprocessed test cases against Solaris headers). This fixes cases where the analyzer was failing to "know about" the behavior of such functions. Other such failures are due to "std::" prefixes appearing in names of functions in the output, leading to mismatches against expected output. The patch adds regexes to some cases, and moves some other cases back from c-c++-common to gcc.dg where the dg-multiline syntax isn't expressive enough. Various "fd-*.c" failures relate to Solaris's socket-handling functions not being marked with "noexcept", where due to PR analyzer/97111 we mishandle the exception-handling edges in the CFG, leading to leak false positives. The patch works around this by adding -fno-exceptions to these cases, pending a proper fix for PR analyzer/97111. gcc/analyzer/ChangeLog: PR analyzer/111475 * analyzer.cc (is_special_named_call_p): Add "look_in_std" param. (is_std_function_p): Make non-static. * analyzer.h (is_special_named_call_p): Add optional "look_in_std" param. (is_std_function_p): New decl. * engine.cc (stmt_requires_new_enode_p): Look for both "signal" and "std::signal". * kf.cc (register_known_functions): Add various "std::" copies of the known functions. * known-function-manager.cc (known_function_manager::~known_function_manager): Clean up m_std_ns_map_id_to_kf. (known_function_manager::add_std_ns): New. (known_function_manager::get_match): Also look for known "std::" functions. (known_function_manager::get_by_identifier_in_std_ns): New. * known-function-manager.h (known_function_manager::add_std_ns): New decl. (known_function_manager::get_by_identifier_in_std_ns): New decl. (known_function_manager::m_std_ns_map_id_to_kf): New field. * sm-file.cc (register_known_file_functions): Add various "std::" copies of the known functions. * sm-malloc.cc (malloc_state_machine::on_stmt): Handle "std::realloc". * sm-signal.cc (signal_unsafe_p): Consider "std::" copies of the functions as also being async-signal-unsafe. (signal_state_machine::on_stmt): Consider "std::signal". gcc/testsuite/ChangeLog: PR analyzer/111475 * c-c++-common/analyzer/fd-glibc-byte-stream-socket.c: Add -fno-exceptions for now. * c-c++-common/analyzer/fd-manpage-getaddrinfo-client.c: Likewise. * c-c++-common/analyzer/fd-mappage-getaddrinfo-server.c: Rename to... * c-c++-common/analyzer/fd-manpage-getaddrinfo-server.c: ...this, and add -fno-exceptions for now. * c-c++-common/analyzer/fd-socket-meaning.c: Add -fno-exceptions for now. * c-c++-common/analyzer/fd-symbolic-socket.c: Likewise. * c-c++-common/analyzer/flexible-array-member-1.c: Use regexp to handle C vs C++ differences in spelling of function name, which could have a "std::" prefix on some targets. * c-c++-common/analyzer/pr106539.c: Likewise. * c-c++-common/analyzer/malloc-ipa-8-unchecked.c: Move back to... * gcc.dg/analyzer/malloc-ipa-8-unchecked.c: ...here, dropping attempt to generalize output for C vs C++. * c-c++-common/analyzer/signal-4a.c: Move back to... * gcc.dg/analyzer/signal-4a.c: ...here, dropping attempt to generalize output for C vs C++. * c-c++-common/analyzer/signal-4b.c: Move back to... * gcc.dg/analyzer/signal-4b.c: ...here, dropping attempt to generalize output for C vs C++. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2024-03-23analyzer: fix ICE and false positive with -Wanalyzer-deref-before-check ↵David Malcolm1-0/+7
[PR114408] gcc/analyzer/ChangeLog: PR analyzer/114408 * engine.cc (impl_run_checkers): Free up any dominance info that we may have created. * kf.cc (class kf_ubsan_handler): New. (register_sanitizer_builtins): New. (register_known_functions): Call register_sanitizer_builtins. gcc/testsuite/ChangeLog: PR analyzer/114408 * c-c++-common/analyzer/deref-before-check-pr114408.c: New test. * c-c++-common/ubsan/analyzer-ice-pr114408.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2024-02-29analyzer: fix ICE in call summarization [PR114159]David Malcolm1-41/+42
PR analyzer/114159 reports an ICE inside playback of call summaries for very low values of --param=analyzer-max-svalue-depth=VAL. Root cause is that call_summary_edge_info's ctor tries to evaluate the function ptr of a gimple call stmt and assumes it gets a function *, but with low values of --param=analyzer-max-svalue-depth=VAL we get back an UNKNOWN svalue, rather than a pointer to a specific function. Fix by adding a new call_info ctor that passes a specific const function & from the call_summary_edge_info, rather than trying to compute the function. In doing so, I noticed that the analyzer was using "function *" despite not modifying functions, and was sloppy about can-be-null versus must-be-non-null function pointers, so I "constified" the function, and converted the many places where the function must be non-null to be "const function &". gcc/analyzer/ChangeLog: PR analyzer/114159 * analyzer.cc: Include "tree-dfa.h". (get_ssa_default_def): New decl. * analyzer.h (get_ssa_default_def): New. * call-info.cc (call_info::call_info): New ctor taking an explicit called_fn. * call-info.h (call_info::call_info): Likewise. * call-summary.cc (call_summary_replay::call_summary_replay): Convert param from function * to const function &. * call-summary.h (call_summary_replay::call_summary_replay): Likewise. * checker-event.h (state_change_event::get_dest_function): Constify return value. * engine.cc (point_and_state::validate): Update for conversion to const function &. (exploded_node::on_stmt): Likewise. (call_summary_edge_info::call_summary_edge_info): Likewise. Pass in called_fn to call_info ctor. (exploded_node::replay_call_summaries): Update for conversion to const function &. Convert per_function_data from * to &. (exploded_node::replay_call_summary): Update for conversion to const function &. (exploded_graph::add_function_entry): Likewise. (toplevel_function_p): Likewise. (add_tainted_args_callback): Likewise. (exploded_graph::build_initial_worklist): Likewise. (exploded_graph::maybe_create_dynamic_call): Likewise. (maybe_update_for_edge): Likewise. (exploded_graph::on_escaped_function): Likewise. * exploded-graph.h (exploded_node::replay_call_summaries): Likewise. (exploded_node::replay_call_summary): Likewise. (exploded_graph::add_function_entry): Likewise. * program-point.cc (function_point::from_function_entry): Likewise. (program_point::from_function_entry): Likewise. * program-point.h (function_point::from_function_entry): Likewise. (program_point::from_function_entry): Likewise. * program-state.cc (program_state::push_frame): Likewise. (program_state::get_current_function): Constify return type. * program-state.h (program_state::push_frame): Update for conversion to const function &. (program_state::get_current_function): Likewise. * region-model-manager.cc (region_model_manager::get_frame_region): Likewise. * region-model-manager.h (region_model_manager::get_frame_region): Likewise. * region-model.cc (region_model::called_from_main_p): Likewise. (region_model::update_for_gcall): Likewise. (region_model::push_frame): Likewise. (region_model::get_current_function): Constify return type. (region_model::pop_frame): Update for conversion to const function &. (selftest::test_stack_frames): Likewise. (selftest::test_get_representative_path_var): Likewise. (selftest::test_state_merging): Likewise. (selftest::test_alloca): Likewise. * region-model.h (region_model::push_frame): Likewise. (region_model::get_current_function): Likewise. * region.cc (frame_region::dump_to_pp): Likewise. (frame_region::get_region_for_local): Likewise. * region.h (class frame_region): Likewise. * sm-signal.cc (signal_unsafe_call::describe_state_change): Likewise. (update_model_for_signal_handler): Likewise. (signal_delivery_edge_info_t::update_model): Likewise. (register_signal_handler::impl_transition): Likewise. * state-purge.cc (class gimple_op_visitor): Likewise. (state_purge_map::state_purge_map): Likewise. (state_purge_map::get_or_create_data_for_decl): Likewise. (state_purge_per_ssa_name::state_purge_per_ssa_name): Likewise. (state_purge_per_ssa_name::add_to_worklist): Likewise. (state_purge_per_ssa_name::process_point): Likewise. (state_purge_per_decl::add_to_worklist): Likewise. (state_purge_annotator::print_needed): Likewise. * state-purge.h (state_purge_map::get_or_create_data_for_decl): Likewise. (class state_purge_per_tree): Likewise. (class state_purge_per_ssa_name): Likewise. (class state_purge_per_decl): Likewise. * supergraph.cc (supergraph::dump_dot_to_pp): Likewise. * supergraph.h (supergraph::get_node_for_function_entry): Likewise. (supergraph::get_node_for_function_exit): Likewise. gcc/ChangeLog: PR analyzer/114159 * function.cc (function_name): Make param const. * function.h (function_name): Likewise. gcc/testsuite/ChangeLog: PR analyzer/114159 * c-c++-common/analyzer/call-summaries-pr114159.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2024-01-24analyzer: fix taint false +ve due to overzealous state purging [PR112977]David Malcolm1-1/+1
gcc/analyzer/ChangeLog: PR analyzer/112977 * engine.cc (impl_region_model_context::on_liveness_change): Pass m_ext_state to sm_state_map::on_liveness_change. * program-state.cc (sm_state_map::on_svalue_leak): Guard removal of map entry based on can_purge_p. (sm_state_map::on_liveness_change): Add ext_state param. Add workaround for bad interaction between state purging and alt-inherited sm-state. * program-state.h (sm_state_map::on_liveness_change): Add ext_state param. * sm-taint.cc (taint_state_machine::has_alt_get_inherited_state_p): New. (taint_state_machine::can_purge_p): Return false for "has_lb" and "has_ub". * sm.h (state_machine::has_alt_get_inherited_state_p): New vfunc. gcc/testsuite/ChangeLog: PR analyzer/112977 * gcc.dg/plugin/plugin.exp: Add taint-pr112977.c. * gcc.dg/plugin/taint-pr112977.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2024-01-03Update copyright years.Jakub Jelinek1-1/+1
2023-12-11analyzer: fix uninitialized bitmap [PR112955]David Malcolm1-0/+1
In r14-5566-g841008d3966c0f I added a new ctor for feasibility_state, but failed to call bitmap_clear on m_snodes_visited. Fixed thusly. gcc/analyzer/ChangeLog: PR analyzer/112955 * engine.cc (feasibility_state::feasibility_state): Initialize m_snodes_visited. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-12-06analyzer: fix taint false positives with UNKNOWN [PR112850]David Malcolm1-0/+5
PR analyzer/112850 reports a false positive from -Wanalyzer-tainted-allocation-size on the Linux kernel [1] where -fanalyzer complains that an allocation size is attacker-controlled despite the value being correctly sanitized against upper and lower limits. The root cause is that the expression is sufficiently complex to exceed the -param=analyzer-max-svalue-depth= threshold, currently at 12, with depth 13, and so it is treated as UNKNOWN. Hence the sanitizations are seen as comparisons of an UNKNOWN symbolic value against constants, and these were being ignored by the taint state machine. The expression in question is relatively typical for those seen in Linux kernel ioctl handlers, and I was surprised that it had exceeded the analyzer's default expression complexity limit. This patch addresses this problem in three ways: (a) the default value of the threshold parameter is increased, from 12 to 18, so that such expressions are precisely handled (b) adding a new -Wanalyzer-symbol-too-complex to warn when the symbol complexity limit is reached. This is off by default for users, and on by default in the test suite. (c) the taint state machine handles comparisons against UNKNOWN svalues by dropping all taint information on that execution path, so that if the complexity limit has been exceeded we don't generate false positives As well as fixing the taint false positive (PR analyzer/112850), the patch also fixes a couple of leak false positives seen on flex-generated scanners (PR analyzer/103546). [1] specifically, in sound/core/rawmidi.c's handler for SNDRV_RAWMIDI_STREAM_OUTPUT. gcc/ChangeLog: PR analyzer/103546 PR analyzer/112850 * doc/invoke.texi: Add -Wanalyzer-symbol-too-complex. gcc/analyzer/ChangeLog: PR analyzer/103546 PR analyzer/112850 * analyzer.opt (-param=analyzer-max-svalue-depth=): Increase from 12 to 18. (Wanalyzer-symbol-too-complex): New. * diagnostic-manager.cc (null_assignment_sm_context::clear_all_per_svalue_state): New. * engine.cc (impl_sm_context::clear_all_per_svalue_state): New. * program-state.cc (sm_state_map::clear_all_per_svalue_state): New. * program-state.h (sm_state_map::clear_all_per_svalue_state): New decl. * region-model-manager.cc (region_model_manager::reject_if_too_complex): Add -Wanalyzer-symbol-too-complex. * sm-taint.cc (taint_state_machine::on_condition): Handle comparisons against UNKNOWN. * sm.h (sm_context::clear_all_per_svalue_state): New. gcc/testsuite/ChangeLog: PR analyzer/103546 PR analyzer/112850 * c-c++-common/analyzer/call-summaries-pr107158-2.c: Add -Wno-analyzer-symbol-too-complex. * c-c++-common/analyzer/call-summaries-pr107158.c: Likewise. * c-c++-common/analyzer/deref-before-check-pr109060-haproxy-cfgparse.c: Likewise. * c-c++-common/analyzer/feasibility-3.c: Add -Wno-analyzer-too-complex and -Wno-analyzer-symbol-too-complex. * c-c++-common/analyzer/flex-with-call-summaries.c: Add -Wno-analyzer-symbol-too-complex. Remove fail for PR analyzer/103546 leak false positive. * c-c++-common/analyzer/flex-without-call-summaries.c: Remove xfail for PR analyzer/103546 leak false positive. * c-c++-common/analyzer/infinite-recursion-3.c: Add -Wno-analyzer-symbol-too-complex. * c-c++-common/analyzer/null-deref-pr108251-smp_fetch_ssl_fc_has_early-O2.c: Likewise. * c-c++-common/analyzer/null-deref-pr108251-smp_fetch_ssl_fc_has_early.c: Likewise. * c-c++-common/analyzer/null-deref-pr108400-SoftEtherVPN-WebUi.c: Likewise. * c-c++-common/analyzer/null-deref-pr108806-qemu.c: Likewise. * c-c++-common/analyzer/null-deref-pr108830.c: Likewise. * c-c++-common/analyzer/pr94596.c: Likewise. * c-c++-common/analyzer/strtok-2.c: Likewise. * c-c++-common/analyzer/strtok-4.c: Add -Wno-analyzer-too-complex and -Wno-analyzer-symbol-too-complex. * c-c++-common/analyzer/strtok-cppreference.c: Likewise. * gcc.dg/analyzer/analyzer.exp: Add -Wanalyzer-symbol-too-complex to DEFAULT_CFLAGS. * gcc.dg/analyzer/attr-const-3.c: Add -Wno-analyzer-symbol-too-complex. * gcc.dg/analyzer/call-summaries-pr107072.c: Likewise. * gcc.dg/analyzer/doom-s_sound-pr108867.c: Likewise. * gcc.dg/analyzer/explode-4.c: Likewise. * gcc.dg/analyzer/null-deref-pr102671-1.c: Likewise. * gcc.dg/analyzer/null-deref-pr105755.c: Likewise. * gcc.dg/analyzer/out-of-bounds-curl.c: Likewise. * gcc.dg/analyzer/pr101503.c: Likewise. * gcc.dg/analyzer/pr103892.c: Add -Wno-analyzer-too-complex and -Wno-analyzer-symbol-too-complex. * gcc.dg/analyzer/pr94851-4.c: Add -Wno-analyzer-symbol-too-complex. * gcc.dg/analyzer/pr96860-1.c: Likewise. * gcc.dg/analyzer/pr96860-2.c: Likewise. * gcc.dg/analyzer/pr98918.c: Likewise. * gcc.dg/analyzer/pr99044-2.c: Likewise. * gcc.dg/analyzer/uninit-pr108806-qemu.c: Likewise. * gcc.dg/analyzer/use-after-free.c: Add -Wno-analyzer-too-complex and -Wno-analyzer-symbol-too-complex. * gcc.dg/plugin/plugin.exp: Add new tests for analyzer_kernel_plugin.c. * gcc.dg/plugin/taint-CVE-2011-0521-4.c: Update expected results. * gcc.dg/plugin/taint-CVE-2011-0521-5.c: Likewise. * gcc.dg/plugin/taint-CVE-2011-0521-6.c: Likewise. * gcc.dg/plugin/taint-CVE-2011-0521-5-fixed.c: Remove xfail. * gcc.dg/plugin/taint-pr112850-precise.c: New test. * gcc.dg/plugin/taint-pr112850-too-complex.c: New test. * gcc.dg/plugin/taint-pr112850-unsanitized.c: New test. * gcc.dg/plugin/taint-pr112850.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-12-06diagnostics: prettify JSON output formatsDavid Malcolm1-1/+1
Previously our JSON output emitted the JSON all on one line, with no indentation to show the structure of the values. Although it's easy to reformat such output (e.g. with "python -m json.tool"), I've found it's a pain to need to do so e.g. my text editor sometimes hangs when opening a multimegabyte json file all on one line. Similarly diff-ing is easier if the json is already formatted. This patch add whitespace to json output to show the structure. It turned out to be fairly easy to implement using pretty_printer's existing indentation machinery. The patch uses this formatting for the various JSON-based diagnostic output formats. For example, with this patch, the output from fdiagnostics-format=json-stderr looks like: [{"kind": "warning", "message": "stack-based buffer overflow", "option": "-Wanalyzer-out-of-bounds", "option_url": "https://gcc.gnu.org/onlinedocs/gcc/Static-Analyzer-Options.html#index-Wanalyzer-out-of-bounds", "children": [{"kind": "note", "message": "write of 350 bytes to beyond the end of ‘buf’", "locations": [{"caret": {"file": "../../src/gcc/testsuite/gcc.dg/analyzer/out-of-bounds-diagram-19.c", "line": 20, "display-column": 3, "byte-column": 3, "column": 3}, "finish": {"file": "../../src/gcc/testsuite/gcc.dg/analyzer/out-of-bounds-diagram-19.c", "line": 20, "display-column": 27, "byte-column": 27, "column": 27}}], "escape-source": false}, {"kind": "note", "message": "valid subscripts for ‘buf’ are ‘[0]’ to ‘[99]’", "locations": [{"caret": {"file": "../../src/gcc/testsuite/gcc.dg/analyzer/out-of-bounds-diagram-19.c", "line": 20, "display-column": 3, "byte-column": 3, "column": 3}, "finish": {"file": "../../src/gcc/testsuite/gcc.dg/analyzer/out-of-bounds-diagram-19.c", "line": 20, "display-column": 27, "byte-column": 27, "column": 27}}], "escape-source": false}], "column-origin": 1, ...snip...] I was able to update almost all of our DejaGnu test cases for JSON to handle this format tweak, and IMHO it improved the readability of these test cases, but a couple were more awkward. Hence I added -fno-diagnostics-json-formatting as an option to disable this formatting. The formatting does not affect the output of -fsave-optimization-record or the JSON output from gcov (but this could be enabled if desirable). gcc/analyzer/ChangeLog: * engine.cc (dump_analyzer_json): Use flag_diagnostics_json_formatting. gcc/ChangeLog: * common.opt (fdiagnostics-json-formatting): New. * diagnostic-format-json.cc: Add "formatted" boolean to json_output_format and subclasses, and to the diagnostic_output_format_init_json_* functions. Use it when printing JSON. * diagnostic-format-sarif.cc: Likewise for sarif_builder, sarif_output_format, and the various diagnostic_output_format_init_sarif_* functions. * diagnostic.cc (diagnostic_output_format_init): Add "json_formatting" boolean and pass on to the various cases. * diagnostic.h (diagnostic_output_format_init): Add "json_formatted" param. (diagnostic_output_format_init_json_stderr): Add "formatted" param (diagnostic_output_format_init_json_file): Likewise. (diagnostic_output_format_init_sarif_stderr): Likewise. (diagnostic_output_format_init_sarif_file): Likewise. (diagnostic_output_format_init_sarif_stream): Likewise. * doc/invoke.texi (-fdiagnostics-format=json): Remove discussion about JSON output needing formatting. (-fno-diagnostics-json-formatting): Add. * gcc.cc (driver_handle_option): Use opts->x_flag_diagnostics_json_formatting. * gcov.cc (generate_results): Pass "false" for new formatting option when printing json. * json.cc (value::dump): Add new "formatted" param. (object::print): Likewise, using it to add whitespace to format the JSON output. (array::print): Likewise. (float_number::print): Add new "formatted" param. (integer_number::print): Likewise. (string::print): Likewise. (literal::print): Likewise. (selftest::assert_print_eq): Add "formatted" param. (ASSERT_PRINT_EQ): Add "FORMATTED" param. (selftest::test_writing_objects): Test both formatted and unformatted printing. (selftest::test_writing_arrays): Likewise. (selftest::test_writing_float_numbers): Update for new param of ASSERT_PRINT_EQ. (selftest::test_writing_integer_numbers): Likewise. (selftest::test_writing_strings): Likewise. (selftest::test_writing_literals): Likewise. (selftest::test_formatting): New. (selftest::json_cc_tests): Call it. * json.h (value::print): Add "formatted" param. (value::dump): Likewise. (object::print): Likewise. (array::print): Likewise. (float_number::print): Likewise. (integer_number::print): Likewise. (string::print): Likewise. (literal::print): Likewise. * optinfo-emit-json.cc (optrecord_json_writer::write): Pass "false" for new formatting option when printing json. (selftest::test_building_json_from_dump_calls): Likewise. * opts.cc (common_handle_option): Use opts->x_flag_diagnostics_json_formatting. gcc/testsuite/ChangeLog: * c-c++-common/diagnostic-format-json-1.c: Update expected JSON output to reflect whitespace. * c-c++-common/diagnostic-format-json-2.c: Likewise. * c-c++-common/diagnostic-format-json-3.c: Likewise. * c-c++-common/diagnostic-format-json-4.c: Likewise. * c-c++-common/diagnostic-format-json-5.c: Likewise. * c-c++-common/diagnostic-format-json-stderr-1.c: Likewise. * g++.dg/pr90462.C: Add -fno-diagnostics-json-formatting. * gcc.dg/analyzer/malloc-sarif-1.c: Likewise. * gcc.dg/plugin/diagnostic-test-paths-3.c: Update expected JSON output to reflect whitespace. * gfortran.dg/diagnostic-format-json-1.F90: Likewise. * gfortran.dg/diagnostic-format-json-2.F90: Likewise. * gfortran.dg/diagnostic-format-json-3.F90: Likewise. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-12-01diagnostics, analyzer: add optional per-diagnostic property bags to SARIFDavid Malcolm1-9/+6
I've found it useful in debugging the analyzer for the SARIF output to contain extra analyzer-specific data in each diagnostic. This patch: * adds a way for a diagnostic_metadata to populate a property bag within a SARIF "result" object based on a new vfunc * reworks how diagnostics are emitted within the analyzer so that a custom diagnostic_metadata subclass is used, which populates the property bag with information from the saved_diagnostic, and with a vfunc hook allowing for per-pending_diagnotic-subclass extra properties. Doing so makes it trivial to go from the SARIF output back to pertinent parts of the analyzer's internals (e.g. the index of the diagnostic within the ana::diagnostic_manager, the index of the ana::exploded_node, etc). It also replaces a lot of boilerplate in the "emit" implementations in the various pending_diagnostics subclasses. In particular, doing so fixes missing CVE metadata for -Wanalyzer-fd-phase-mismatch (where sm-fd.cc's fd_phase_mismatch::emit was failing to use its diagnostic_metadata instance). gcc/analyzer/ChangeLog: * analyzer.h (class saved_diagnostic): New forward decl. * bounds-checking.cc: Update for changes to pending_diagnostic::emit. * call-details.cc: Likewise. * diagnostic-manager.cc: Include "diagnostic-format-sarif.h". (saved_diagnostic::maybe_add_sarif_properties): New. (class pending_diagnostic_metadata): New. (diagnostic_manager::emit_saved_diagnostic): Create a pending_diagnostic_metadata and a diagnostic_emission_context. Pass the latter to the pending_diagnostic::emit vfunc. * diagnostic-manager.h (saved_diagnostic::maybe_add_sarif_properties): New decl. * engine.cc: Update for changes to pending_diagnostic::emit. * infinite-loop.cc: Likewise. * infinite-recursion.cc: Likewise. * kf-analyzer.cc: Likewise. * kf.cc: Likewise. * pending-diagnostic.cc (diagnostic_emission_context::get_pending_diagnostic): New. (diagnostic_emission_context::warn): New. (diagnostic_emission_context::inform): New. * pending-diagnostic.h (class diagnostic_emission_context): New. (pending_diagnostic::emit): Update params. (pending_diagnostic::maybe_add_sarif_properties): New vfunc. * region.cc: Don't include "diagnostic-metadata.h". * region-model.cc: Include "diagnostic-format-sarif.h". Update for changes to pending_diagnostic::emit. (exposure_through_uninit_copy::maybe_add_sarif_properties): New. * sm-fd.cc: Update for changes to pending_diagnostic::emit. * sm-file.cc: Likewise. * sm-malloc.cc: Likewise. * sm-pattern-test.cc: Likewise. * sm-sensitive.cc: Likewise. * sm-signal.cc: Likewise. * sm-taint.cc: Likewise. * store.cc: Don't include "diagnostic-metadata.h". * varargs.cc: Update for changes to pending_diagnostic::emit. gcc/ChangeLog: * diagnostic-core.h (emit_diagnostic_valist): New overload decl. * diagnostic-format-sarif.cc (sarif_builder::make_result_object): When we have metadata, call its maybe_add_sarif_properties vfunc. * diagnostic-metadata.h (class sarif_object): Forward decl. (diagnostic_metadata::~diagnostic_metadata): New. (diagnostic_metadata::maybe_add_sarif_properties): New vfunc. * diagnostic.cc (emit_diagnostic_valist): New overload. gcc/testsuite/ChangeLog: * gcc.dg/analyzer/fd-accept.c: Update for fix to missing CWE metadata for -Wanalyzer-fd-phase-mismatch. * gcc.dg/analyzer/fd-bind.c: Likewise. * gcc.dg/analyzer/fd-socket-misuse.c: Likewise. * gcc.dg/plugin/analyzer_cpython_plugin.c: Update for changes to pending_diagnostic::emit. * gcc.dg/plugin/analyzer_gil_plugin.c: Likewise. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-11-18analyzer: new warning: -Wanalyzer-undefined-behavior-strtok [PR107573]David Malcolm1-1/+2
This patch: - adds support to the analyzer for tracking API-private state or which we don't have a decl (such as strtok's internal state), - uses it to implement a new -Wanalyzer-undefined-behavior-strtok which warns when strtok (NULL, delim) is called as the first call to strtok after main. gcc/analyzer/ChangeLog: PR analyzer/107573 * analyzer.h (register_known_functions): Add region_model_manager param. * analyzer.opt (Wanalyzer-undefined-behavior-strtok): New. * call-summary.cc (call_summary_replay::convert_region_from_summary_1): Handle RK_PRIVATE. * engine.cc (impl_run_checkers): Pass model manager to register_known_functions. * kf.cc (class undefined_function_behavior): New. (class kf_strtok): New. (register_known_functions): Add region_model_manager param. Use it to register "strtok". * region-model-manager.cc (region_model_manager::get_or_create_conjured_svalue): Add "idx" param. * region-model-manager.h (region_model_manager::get_or_create_conjured_svalue): Add "idx" param. (region_model_manager::get_root_region): New accessor. * region-model.cc (region_model::scan_for_null_terminator): Handle "expr" being null. (region_model::get_representative_path_var_1): Handle RK_PRIVATE. * region-model.h (region_model::called_from_main_p): Make public. * region.cc (region::get_memory_space): Handle RK_PRIVATE. (region::can_have_initial_svalue_p): Handle MEMSPACE_PRIVATE. (private_region::dump_to_pp): New. * region.h (MEMSPACE_PRIVATE): New. (RK_PRIVATE): New. (class private_region): New. (is_a_helper <const private_region *>::test): New. * store.cc (store::replay_call_summary_cluster): Handle RK_PRIVATE. * svalue.h (struct conjured_svalue::key_t): Add "idx" param to ctor and "m_idx" field. (class conjured_svalue::conjured_svalue): Likewise. gcc/ChangeLog: PR analyzer/107573 * doc/invoke.texi: Add -Wanalyzer-undefined-behavior-strtok. gcc/testsuite/ChangeLog: PR analyzer/107573 * c-c++-common/analyzer/strtok-1.c: New test. * c-c++-common/analyzer/strtok-2.c: New test. * c-c++-common/analyzer/strtok-3.c: New test. * c-c++-common/analyzer/strtok-4.c: New test. * c-c++-common/analyzer/strtok-cppreference.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-11-17analyzer: new warning: -Wanalyzer-infinite-loop [PR106147]David Malcolm1-34/+88
This patch implements a new analyzer warning: -Wanalyzer-infinite-loop. It works by examining the exploded graph once the latter has been fully built. It attempts to detect cycles in the exploded graph in which: - no externally visible work occurs - no escape is possible from the cycle once it has been entered - the program state is "sufficiently concrete" at each step: - no unknown activity could be occurring - the worklist was fully drained for each enode in the cycle i.e. every enode in the cycle is processed For example, it correctly complains about this bogus "for" loop: int sum = 0; for (struct node *iter = n; iter; iter->next) sum += n->val; return sum; like this: infinite-loop-linked-list.c: In function ‘for_loop_noop_next’: infinite-loop-linked-list.c:110:31: warning: infinite loop [CWE-835] [-Wanalyzer-infinite-loop] 110 | for (struct node *iter = n; iter; iter->next) | ^~~~ ‘for_loop_noop_next’: events 1-5 | | 110 | for (struct node *iter = n; iter; iter->next) | | ^~~~ | | | | | (1) infinite loop here | | (2) when ‘iter’ is non-NULL: always following ‘true’ branch... | | (5) ...to here | 111 | sum += n->val; | | ~~~~~~~~~~~~~ | | | | | | | (3) ...to here | | (4) looping back... | gcc/ChangeLog: PR analyzer/106147 * Makefile.in (ANALYZER_OBJS): Add analyzer/infinite-loop.o. * doc/invoke.texi: Add -fdump-analyzer-infinite-loop and -Wanalyzer-infinite-loop. Add missing CWE link for -Wanalyzer-infinite-recursion. * timevar.def (TV_ANALYZER_INFINITE_LOOPS): New. gcc/analyzer/ChangeLog: PR analyzer/106147 * analyzer.opt (Wanalyzer-infinite-loop): New option. (fdump-analyzer-infinite-loop): New option. * checker-event.h (start_cfg_edge_event::get_desc): Drop "final". (start_cfg_edge_event::maybe_describe_condition): Convert from private to protected. * checker-path.h (checker_path::get_logger): New. * diagnostic-manager.cc (process_worklist_item): Update for new context param of maybe_update_for_edge. * engine.cc (impl_region_model_context::impl_region_model_context): Add out_could_have_done_work param to both ctors and use it to initialize mm_out_could_have_done_work. (impl_region_model_context::maybe_did_work): New vfunc implementation. (exploded_node::on_stmt): Add out_could_have_done_work param and pass to ctxt ctor. (exploded_node::on_stmt_pre): Treat setjmp and longjmp as "doing work". (exploded_node::on_longjmp): Likewise. (exploded_edge::exploded_edge): Add "could_do_work" param and use it to initialize m_could_do_work_p. (exploded_edge::dump_dot_label): Add result of could_do_work_p. (exploded_graph::add_function_entry): Mark edge as doing no work. (exploded_graph::add_edge): Add "could_do_work" param and pass to exploded_edge ctor. (add_tainted_args_callback): Treat as doing no work. (exploded_graph::process_worklist): Likewise when merging nodes. (maybe_process_run_of_before_supernode_enodes::item): Likewise. (exploded_graph::maybe_create_dynamic_call): Likewise. (exploded_graph::process_node): Likewise for phi nodes. Pass in a "could_have_done_work" bool when handling stmts and use when creating edges. Assume work is done at bifurcation. (exploded_path::feasible_p): Update for new context param of maybe_update_for_edge. (feasibility_state::feasibility_state): New ctor. (feasibility_state::operator=): New. (feasibility_state::maybe_update_for_edge): Add ctxt param and use it. Fix missing newline when logging state. (impl_run_checkers): Call exploded_graph::detect_infinite_loops. * exploded-graph.h (impl_region_model_context::impl_region_model_context): Add out_could_have_done_work param to both ctors. (impl_region_model_context::maybe_did_work): New decl. (impl_region_model_context::checking_for_infinite_loop_p): New. (impl_region_model_context::on_unusable_in_infinite_loop): New. (impl_region_model_context::m_out_could_have_done_work): New field. (exploded_node::on_stmt): Add "out_could_have_done_work" param. (exploded_edge::exploded_edge): Add "could_do_work" param. (exploded_edge::could_do_work_p): New accessor. (exploded_edge::m_could_do_work_p): New field. (exploded_graph::add_edge): Add "could_do_work" param. (exploded_graph::detect_infinite_loops): New decl. (feasibility_state::feasibility_state): New ctor. (feasibility_state::operator=): New decl. (feasibility_state::maybe_update_for_edge): Add ctxt param. * infinite-loop.cc: New file. * program-state.cc (program_state::on_edge): Log the rejected constraint when region_model::maybe_update_for_edge fails. * region-model.cc (region_model::on_assignment): Treat any writes other than to the stack as "doing work". (region_model::on_stmt_pre): Treat all asm stmts as "doing work". (region_model::on_call_post): Likewise for all calls to functions with unknown side effects. (region_model::handle_phi): Add svals_changing_meaning param. Mark widening svalue in phi nodes as changing meaning. (unusable_in_infinite_loop_constraint_p): New. (region_model::add_constraint): If we're checking for an infinite loop, bail out on unusable svalues, or if we don't have a definite true/false for the constraint. (region_model::update_for_phis): Gather all svalues changing meaning in phi nodes, and purge constraints involving them. (region_model::replay_call_summary): Treat all call summaries as doing work. (region_model::can_merge_with_p): Purge constraints involving svalues that change meaning. (model_merger::on_widening_reuse): New. (test_iteration_1): Likewise. (selftest::test_iteration_1): Remove assertion that model6 "knows" that i < 157. * region-model.h (region_model::handle_phi): Add svals_changing_meaning param (region_model_context::maybe_did_work): New pure virtual func. (region_model_context::checking_for_infinite_loop_p): Likewise. (region_model_context::on_unusable_in_infinite_loop): Likewise. (noop_region_model_context::maybe_did_work): Implement. (noop_region_model_context::checking_for_infinite_loop_p): Likewise. (noop_region_model_context::on_unusable_in_infinite_loop): Likewise. (region_model_context_decorator::maybe_did_work): Implement. (region_model_context_decorator::checking_for_infinite_loop_p): Likewise. (region_model_context_decorator::on_unusable_in_infinite_loop): Likewise. (model_merger::on_widening_reuse): New decl. (model_merger::m_svals_changing_meaning): New field. * sm-signal.cc (register_signal_handler::impl_transition): Assume the edge "does work". * supergraph.cc (supernode::get_start_location): Use CFG edge's goto_locus if available. (supernode::get_end_location): Likewise. (cfg_superedge::dump_label_to_pp): Dump edges with a "goto_locus" * supergraph.h (cfg_superedge::get_goto_locus): New. * svalue.cc (svalue::can_merge_p): Call on_widening_reuse for widening values. (involvement_visitor::visit_widening_svalue): New. (svalue::involves_p): Update assertion to allow widening svalues. gcc/testsuite/ChangeLog: PR analyzer/106147 * c-c++-common/analyzer/gzio-2.c: Add dg-warning for infinite loop, marked as xfail. * c-c++-common/analyzer/infinite-loop-2.c: New test. * c-c++-common/analyzer/infinite-loop-4.c: New test. * c-c++-common/analyzer/infinite-loop-crc32c.c: New test. * c-c++-common/analyzer/infinite-loop-doom-d_main-IdentifyVersion.c: New test. * c-c++-common/analyzer/infinite-loop-doom-v_video.c: New test. * c-c++-common/analyzer/infinite-loop-g_error.c: New test. * c-c++-common/analyzer/infinite-loop-linked-list.c: New test. * c-c++-common/analyzer/infinite-recursion-inlining.c: Add dg-warning directives for infinite loop. * c-c++-common/analyzer/inlining-4-multiline.c: Update expected paths for event 5 having a location. * gcc.dg/analyzer/boxed-malloc-1.c: Add dg-warning for infinite loop. * gcc.dg/analyzer/data-model-20.c: Likewise. Add comment about suspect code, and create... * gcc.dg/analyzer/data-model-20a.c: ...this new test by cleaning it up. * gcc.dg/analyzer/edges-1.c: Add a placeholder statement to avoid the "...to here" from the if stmt occurring at the "while", and thus being treated as a bogus event. * gcc.dg/analyzer/explode-2a.c: Add dg-warning for infinite loop. * gcc.dg/analyzer/infinite-loop-1.c: New test. * gcc.dg/analyzer/malloc-1.c: Add dg-warning for infinite loop. * gcc.dg/analyzer/out-of-bounds-coreutils.c: Add TODO. * gcc.dg/analyzer/paths-4.c: Add dg-warning for infinite loop. * gcc.dg/analyzer/pr103892.c: Likewise. * gcc.dg/analyzer/pr93546.c: Likewise. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-09-15analyzer: introduce pending_locationDavid Malcolm1-9/+19
No functional change intended. gcc/analyzer/ChangeLog: * analyzer.h (struct pending_location): New forward decl. * diagnostic-manager.cc (saved_diagnostic::saved_diagnostic): Replace params "enode", "snode", "stmt", and "stmt_finder" with "ploc". (diagnostic_manager::add_diagnostic): Likewise for both overloads. * diagnostic-manager.h (saved_diagnostic::saved_diagnostic): Likewise. (struct pending_location): New. (diagnostic_manager::add_diagnostic): Replace params "enode", "snode", "stmt", and "stmt_finder" with "ploc". * engine.cc (impl_region_model_context::warn): Update call to add_diagnostic for above change. (impl_sm_context::warn): Likewise. (impl_region_model_context::on_state_leak): Likewise. * infinite-recursion.cc (exploded_graph::detect_infinite_recursion): Likewise. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-09-14analyzer: use unique_ptr for rejected_constraintDavid Malcolm1-8/+8
gcc/analyzer/ChangeLog: * diagnostic-manager.cc (process_worklist_item): Use std::unique_ptr rather than plain rejected_constraint *. * engine.cc (exploded_path::feasible_p): Likewise. (feasibility_state::maybe_update_for_edge): Likewise. * exploded-graph.h (feasibility_problem::feasibility_problem): Likewise. (feasibility_problem::~feasibility_problem): Delete. (feasibility_problem::m_rc): Use std::unique_ptr. (feasibility_state::maybe_update_for_edge): Likewise. * feasible-graph.cc (feasible_graph::add_feasibility_problem): Likewise. * feasible-graph.h (class infeasible_node): Likewise. (feasible_graph::add_feasibility_problem): Likewise. * region-model.cc (region_model::add_constraint): Likewise. (region_model::maybe_update_for_edge): Likewise. (region_model::apply_constraints_for_gcond): Likewise. (region_model::apply_constraints_for_gswitch): Likewise. (region_model::apply_constraints_for_exception): Likewise. * region-model.h (class region_model): Likewise for decls. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-08-30analyzer: implement reference count checking for CPython plugin [PR107646]Eric Feng1-3/+5
This patch introduces initial support for reference count checking of PyObjects in relation to the Python/C API for the CPython plugin. Additionally, the core analyzer underwent several modifications to accommodate this feature. These include: - Introducing support for callbacks at the end of region_model::pop_frame. This is our current point of validation for the reference count of PyObjects. - An added optional custom stmt_finder parameter to region_model_context::warn. This aids in emitting a diagnostic concerning the reference count, especially when the stmt_finder is NULL, which is currently the case during region_model::pop_frame. The current diagnostic we emit relating to the reference count appears as follows: rc3.c:23:10: warning: expected ‘item’ to have reference count: ‘1’ but ob_refcnt field is: ‘2’ 23 | return list; | ^~~~ ‘create_py_object’: events 1-4 | | 4 | PyObject* item = PyLong_FromLong(3); | | ^~~~~~~~~~~~~~~~~~ | | | | | (1) when ‘PyLong_FromLong’ succeeds | 5 | PyObject* list = PyList_New(1); | | ~~~~~~~~~~~~~ | | | | | (2) when ‘PyList_New’ succeeds |...... | 14 | PyList_Append(list, item); | | ~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (3) when ‘PyList_Append’ succeeds, moving buffer |...... | 23 | return list; | | ~~~~ | | | | | (4) here | This is a WIP in several ways: - Currently, functions returning PyObject * are assumed to always produce a new reference. - The validation of reference count is only for PyObjects created within a function body. Verifying reference counts for PyObjects passed as parameters is not supported in this patch. gcc/analyzer/ChangeLog: PR analyzer/107646 * engine.cc (impl_region_model_context::warn): New optional parameter. * exploded-graph.h (class impl_region_model_context): Likewise. * region-model.cc (region_model::pop_frame): New callback feature for region_model::pop_frame. * region-model.h (struct append_regions_cb_data): Likewise. (class region_model): Likewise. (class region_model_context): New optional parameter. (class region_model_context_decorator): Likewise. gcc/testsuite/ChangeLog: PR analyzer/107646 * gcc.dg/plugin/analyzer_cpython_plugin.c: Implements reference count checking for PyObjects. * gcc.dg/plugin/cpython-plugin-test-2.c: Moved to... * gcc.dg/plugin/cpython-plugin-test-PyList_Append.c: ...here (and added more tests). * gcc.dg/plugin/cpython-plugin-test-1.c: Moved to... * gcc.dg/plugin/cpython-plugin-test-no-Python-h.c: ...here (and added more tests). * gcc.dg/plugin/plugin.exp: New tests. * gcc.dg/plugin/cpython-plugin-test-PyList_New.c: New test. * gcc.dg/plugin/cpython-plugin-test-PyLong_FromLong.c: New test. Signed-off-by: Eric Feng <ef2648@columbia.edu>
2023-08-24analyzer: add logging to impl_path_contextDavid Malcolm1-2/+11
gcc/analyzer/ChangeLog: * engine.cc (impl_path_context::impl_path_context): Add logger param. (impl_path_context::bifurcate): Add log message. (impl_path_context::terminate_path): Likewise. (impl_path_context::m_logger): New field. (exploded_graph::process_node): Pass logger to path_ctxt ctor. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-08-21analyzer: add ability for context to add events to a saved_diagnosticDavid Malcolm1-0/+8
gcc/analyzer/ChangeLog: * diagnostic-manager.cc (saved_diagnostic::add_event): New. (saved_diagnostic::add_any_saved_events): New. (diagnostic_manager::add_event): New. (dedupe_winners::emit_best): New. (diagnostic_manager::emit_saved_diagnostic): Make "sd" param non-const. Call saved_diagnostic::add_any_saved_events. * diagnostic-manager.h (saved_diagnostic::add_event): New decl. (saved_diagnostic::add_any_saved_events): New decl. (saved_diagnostic::m_saved_events): New field. (diagnostic_manager::add_event): New decl. (diagnostic_manager::emit_saved_diagnostic): Make "sd" param non-const. * engine.cc (impl_region_model_context::add_event): New. * exploded-graph.h (impl_region_model_context::add_event): New decl. * region-model.cc (noop_region_model_context::add_event): New. (region_model_context_decorator::add_event): New. * region-model.h (region_model_context::add_event): New vfunc. (noop_region_model_context::add_event): New decl. (region_model_context_decorator::add_event): New decl. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-06-21analyzer: add text-art visualizations of out-of-bounds accesses [PR106626]David Malcolm1-2/+2
This patch extends -Wanalyzer-out-of-bounds so that, where possible, it will emit a text art diagram visualizing the spatial relationship between (a) the memory region that the analyzer predicts would be accessed, versus (b) the range of memory that is valid to access - whether they overlap, are touching, are close or far apart; which one is before or after in memory, the relative sizes involved, the direction of the access (read vs write), and, in some cases, the values of data involved. This diagram can be suppressed using -fdiagnostics-text-art-charset=none. For example, given: int32_t arr[10]; int32_t int_arr_read_element_before_start_far(void) { return arr[-100]; } it emits: demo-1.c: In function ‘int_arr_read_element_before_start_far’: demo-1.c:7:13: warning: buffer under-read [CWE-127] [-Wanalyzer-out-of-bounds] 7 | return arr[-100]; | ~~~^~~~~~ ‘int_arr_read_element_before_start_far’: event 1 | | 7 | return arr[-100]; | | ~~~^~~~~~ | | | | | (1) out-of-bounds read from byte -400 till byte -397 but ‘arr’ starts at byte 0 | demo-1.c:7:13: note: valid subscripts for ‘arr’ are ‘[0]’ to ‘[9]’ ┌───────────────────────────┐ │read of ‘int32_t’ (4 bytes)│ └───────────────────────────┘ ^ │ │ ┌───────────────────────────┐ ┌────────┬────────┬─────────┐ │ │ │ [0] │ ... │ [9] │ │ before valid range │ ├────────┴────────┴─────────┤ │ │ │‘arr’ (type: ‘int32_t[10]’)│ └───────────────────────────┘ └───────────────────────────┘ ├─────────────┬─────────────┤├─────┬──────┤├─────────────┬─────────────┤ │ │ │ ╭────────────┴───────────╮ ╭────┴────╮ ╭───────┴──────╮ │⚠️ under-read of 4 bytes│ │396 bytes│ │size: 40 bytes│ ╰────────────────────────╯ ╰─────────╯ ╰──────────────╯ and given: #include <string.h> void test_non_ascii () { char buf[5]; strcpy (buf, "文字化け"); } it emits: demo-2.c: In function ‘test_non_ascii’: demo-2.c:7:3: warning: stack-based buffer overflow [CWE-121] [-Wanalyzer-out-of-bounds] 7 | strcpy (buf, "文字化け"); | ^~~~~~~~~~~~~~~~~~~~~~~~ ‘test_non_ascii’: events 1-2 | | 6 | char buf[5]; | | ^~~ | | | | | (1) capacity: 5 bytes | 7 | strcpy (buf, "文字化け"); | | ~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (2) out-of-bounds write from byte 5 till byte 12 but ‘buf’ ends at byte 5 | demo-2.c:7:3: note: write of 8 bytes to beyond the end of ‘buf’ 7 | strcpy (buf, "文字化け"); | ^~~~~~~~~~~~~~~~~~~~~~~~ demo-2.c:7:3: note: valid subscripts for ‘buf’ are ‘[0]’ to ‘[4]’ ┌─────┬─────┬─────┬────┬────┐┌────┬────┬────┬────┬────┬────┬────┬──────┐ │ [0] │ [1] │ [2] │[3] │[4] ││[5] │[6] │[7] │[8] │[9] │[10]│[11]│ [12] │ ├─────┼─────┼─────┼────┼────┤├────┼────┼────┼────┼────┼────┼────┼──────┤ │0xe6 │0x96 │0x87 │0xe5│0xad││0x97│0xe5│0x8c│0x96│0xe3│0x81│0x91│ 0x00 │ ├─────┴─────┴─────┼────┴────┴┴────┼────┴────┴────┼────┴────┴────┼──────┤ │ U+6587 │ U+5b57 │ U+5316 │ U+3051 │U+0000│ ├─────────────────┼───────────────┼──────────────┼──────────────┼──────┤ │ 文 │ 字 │ 化 │ け │ NUL │ ├─────────────────┴───────────────┴──────────────┴──────────────┴──────┤ │ string literal (type: ‘char[13]’) │ └──────────────────────────────────────────────────────────────────────┘ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ v v v v v v v v v v v v v ┌─────┬────────────────┬────┐┌─────────────────────────────────────────┐ │ [0] │ ... │[4] ││ │ ├─────┴────────────────┴────┤│ after valid range │ │ ‘buf’ (type: ‘char[5]’) ││ │ └───────────────────────────┘└─────────────────────────────────────────┘ ├─────────────┬─────────────┤├────────────────────┬────────────────────┤ │ │ ╭────────┴────────╮ ╭───────────┴──────────╮ │capacity: 5 bytes│ │⚠️ overflow of 8 bytes│ ╰─────────────────╯ ╰──────────────────────╯ showing that the overflow occurs partway through the UTF-8 encoding of the U+5b57 code point. There are lots more examples in the test suite. It doesn't show up in this email, but the above diagrams are colorized to constrast the valid and invalid access ranges. gcc/ChangeLog: PR analyzer/106626 * Makefile.in (ANALYZER_OBJS): Add analyzer/access-diagram.o. * doc/invoke.texi (Wanalyzer-out-of-bounds): Add description of text art. (fanalyzer-debug-text-art): New. gcc/analyzer/ChangeLog: PR analyzer/106626 * access-diagram.cc: New file. * access-diagram.h: New file. * analyzer.h (class region_offset): Add default ctor. (region_offset::make_byte_offset): New decl. (region_offset::concrete_p): New. (region_offset::get_concrete_byte_offset): New. (region_offset::calc_symbolic_bit_offset): New decl. (region_offset::calc_symbolic_byte_offset): New decl. (region_offset::dump_to_pp): New decl. (region_offset::dump): New decl. (operator<, operator<=, operator>, operator>=): New decls for region_offset. * analyzer.opt (-param=analyzer-text-art-string-ellipsis-threshold=): New. (-param=analyzer-text-art-string-ellipsis-head-len=): New. (-param=analyzer-text-art-string-ellipsis-tail-len=): New. (-param=analyzer-text-art-ideal-canvas-width=): New. (fanalyzer-debug-text-art): New. * bounds-checking.cc: Include "intl.h", "diagnostic-diagram.h", and "analyzer/access-diagram.h". (class out_of_bounds::oob_region_creation_event_capacity): New. (out_of_bounds::out_of_bounds): Add "model" and "sval_hint" params. (out_of_bounds::mark_interesting_stuff): Use the base region. (out_of_bounds::add_region_creation_events): Use oob_region_creation_event_capacity. (out_of_bounds::get_dir): New pure vfunc. (out_of_bounds::maybe_show_notes): New. (out_of_bounds::maybe_show_diagram): New. (out_of_bounds::make_access_diagram): New. (out_of_bounds::m_model): New field. (out_of_bounds::m_sval_hint): New field. (out_of_bounds::m_region_creation_event_id): New field. (concrete_out_of_bounds::concrete_out_of_bounds): Update for new fields. (concrete_past_the_end::concrete_past_the_end): Likewise. (concrete_past_the_end::add_region_creation_events): Use oob_region_creation_event_capacity. (concrete_buffer_overflow::concrete_buffer_overflow): Update for new fields. (concrete_buffer_overflow::emit): Replace call to maybe_describe_array_bounds with maybe_show_notes. (concrete_buffer_overflow::get_dir): New. (concrete_buffer_over_read::concrete_buffer_over_read): Update for new fields. (concrete_buffer_over_read::emit): Replace call to maybe_describe_array_bounds with maybe_show_notes. (concrete_buffer_overflow::get_dir): New. (concrete_buffer_underwrite::concrete_buffer_underwrite): Update for new fields. (concrete_buffer_underwrite::emit): Replace call to maybe_describe_array_bounds with maybe_show_notes. (concrete_buffer_underwrite::get_dir): New. (concrete_buffer_under_read::concrete_buffer_under_read): Update for new fields. (concrete_buffer_under_read::emit): Replace call to maybe_describe_array_bounds with maybe_show_notes. (concrete_buffer_under_read::get_dir): New. (symbolic_past_the_end::symbolic_past_the_end): Update for new fields. (symbolic_buffer_overflow::symbolic_buffer_overflow): Likewise. (symbolic_buffer_overflow::emit): Call maybe_show_notes. (symbolic_buffer_overflow::get_dir): New. (symbolic_buffer_over_read::symbolic_buffer_over_read): Update for new fields. (symbolic_buffer_over_read::emit): Call maybe_show_notes. (symbolic_buffer_over_read::get_dir): New. (region_model::check_symbolic_bounds): Add "sval_hint" param. Pass it and sized_offset_reg to diagnostics. (region_model::check_region_bounds): Add "sval_hint" param, passing it to diagnostics. * diagnostic-manager.cc (diagnostic_manager::emit_saved_diagnostic): Pass logger to pending_diagnostic::emit. * engine.cc: Add logger param to pending_diagnostic::emit implementations. * infinite-recursion.cc: Likewise. * kf-analyzer.cc: Likewise. * kf.cc: Likewise. Add nullptr for new param of check_region_for_write. * pending-diagnostic.h: Likewise in decl. * region-model-manager.cc (region_model_manager::get_or_create_int_cst): Convert param from poly_int64 to const poly_wide_int_ref &. (region_model_manager::maybe_fold_binop): Support type being NULL when checking for floating-point types. Check for (X + Y) - X => Y. Be less strict about types when folding associative ops. Check for (X + Y) * CST => (X * CST) + (Y * CST). * region-model-manager.h (region_model_manager::get_or_create_int_cst): Convert param from poly_int64 to const poly_wide_int_ref &. * region-model.cc: Add logger param to pending_diagnostic::emit implementations. (region_model::check_external_function_for_access_attr): Update for new param of check_region_for_write. (region_model::deref_rvalue): Use nullptr rather than NULL. (region_model::get_capacity): Handle RK_STRING. (region_model::check_region_access): Add "sval_hint" param; pass it to check_region_bounds. (region_model::check_region_for_write): Add "sval_hint" param; pass it to check_region_access. (region_model::check_region_for_read): Add NULL for new param to check_region_access. (region_model::set_value): Pass rhs_sval to check_region_for_write. (region_model::get_representative_path_var_1): Handle SK_CONSTANT in the check for infinite recursion. * region-model.h (region_model::check_region_for_write): Add "sval_hint" param. (region_model::check_region_access): Likewise. (region_model::check_symbolic_bounds): Likewise. (region_model::check_region_bounds): Likewise. * region.cc (region_offset::make_byte_offset): New. (region_offset::calc_symbolic_bit_offset): New. (region_offset::calc_symbolic_byte_offset): New. (region_offset::dump_to_pp): New. (region_offset::dump): New. (struct linear_op): New. (operator<, operator<=, operator>, operator>=): New, for region_offset. (region::get_next_offset): New. (region::get_relative_symbolic_offset): Use ptrdiff_type_node. (field_region::get_relative_symbolic_offset): Likewise. (element_region::get_relative_symbolic_offset): Likewise. (bit_range_region::get_relative_symbolic_offset): Likewise. * region.h (region::get_next_offset): New decl. * sm-fd.cc: Add logger param to pending_diagnostic::emit implementations. * sm-file.cc: Likewise. * sm-malloc.cc: Likewise. * sm-pattern-test.cc: Likewise. * sm-sensitive.cc: Likewise. * sm-signal.cc: Likewise. * sm-taint.cc: Likewise. * store.cc (bit_range::contains_p): Allow "out" to be null. * store.h (byte_range::get_start_bit_offset): New. (byte_range::get_next_bit_offset): New. * varargs.cc: Add logger param to pending_diagnostic::emit implementations. gcc/testsuite/ChangeLog: PR analyzer/106626 * gcc.dg/analyzer/data-model-1.c (test_16): Update for out-of-bounds working. * gcc.dg/analyzer/out-of-bounds-diagram-1-ascii.c: New test. * gcc.dg/analyzer/out-of-bounds-diagram-1-debug.c: New test. * gcc.dg/analyzer/out-of-bounds-diagram-1-emoji.c: New test. * gcc.dg/analyzer/out-of-bounds-diagram-1-json.c: New test. * gcc.dg/analyzer/out-of-bounds-diagram-1-sarif.c: New test. * gcc.dg/analyzer/out-of-bounds-diagram-1-unicode.c: New test. * gcc.dg/analyzer/out-of-bounds-diagram-10.c: New test. * gcc.dg/analyzer/out-of-bounds-diagram-11.c: New test. * gcc.dg/analyzer/out-of-bounds-diagram-12.c: New test. * gcc.dg/analyzer/out-of-bounds-diagram-13.c: New test. * gcc.dg/analyzer/out-of-bounds-diagram-14.c: New test. * gcc.dg/analyzer/out-of-bounds-diagram-15.c: New test. * gcc.dg/analyzer/out-of-bounds-diagram-2.c: New test. * gcc.dg/analyzer/out-of-bounds-diagram-3.c: New test. * gcc.dg/analyzer/out-of-bounds-diagram-4.c: New test. * gcc.dg/analyzer/out-of-bounds-diagram-5-ascii.c: New test. * gcc.dg/analyzer/out-of-bounds-diagram-5-unicode.c: New test. * gcc.dg/analyzer/out-of-bounds-diagram-6.c: New test. * gcc.dg/analyzer/out-of-bounds-diagram-7.c: New test. * gcc.dg/analyzer/out-of-bounds-diagram-8.c: New test. * gcc.dg/analyzer/out-of-bounds-diagram-9.c: New test. * gcc.dg/analyzer/pattern-test-2.c: Update expected results. * gcc.dg/analyzer/pr101962.c: Update expected results. * gcc.dg/plugin/analyzer_gil_plugin.c: Add logger param to pending_diagnostic::emit implementations. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-02-21analyzer: stop exploring the path after certain diagnostics [PR108830]David Malcolm1-5/+24
PR analyzer/108830 reports a situation in which there are lots of followup -Wanalyzer-null-dereference warnings after the first access of a NULL pointer, leading to very noisy output from -fanalyzer. The analyzer's logic for stopping emitting multiple warnings from a state machine doesn't quite work for NULL pointers: it attempts to transition the malloc state machine's NULL pointer to the "stop" state, which doesn't seem to make much sense in retrospect, and seems to get confused over types. Similarly, poisoned_value_diagnostic can be very noisy for uninit variables, emitting a warning for every access to an uninitialized variable. In theory, region_model::check_for_poison makes some attempts to suppress followups, but only for the symbolic value itself; if the user's code keeps accessing the same region, we would get a warning on each one. For example, this showed up in Doom's s_sound.c where there were 7 followup uninit warnings after the first uninit warning in "S_ChangeMusic". This patch adds an extra mechanism, giving pending diagnostics the option of stopping the analysis of an execution path if they're saved for emission on it, and turning this on for these warnings: -Wanalyzer-null-dereference -Wanalyzer-null-argument -Wanalyzer-use-after-free -Wanalyzer-use-of-pointer-in-stale-stack-frame -Wanalyzer-use-of-uninitialized-value Doing so should hopefully reduce the cascades of diagnostics that -fanalyzer can sometimes emit. I added a -fno-analyzer-suppress-followups for the cases where you really want the followup warnings (e.g. in some DejaGnu tests, and for microbenchmarks of UB detection, such as PR analyzer/104224). Integration testing shows this patch reduces the number of probable false positives reported by 94, and finds one more true positive: Comparison: 9.34% -> 10.91% GOOD: 66 -> 67 (+1) BAD: 641 -> 547 (-94) where the affected warnings/projects are: -Wanalyzer-null-dereference: 0.00% GOOD: 0 BAD: 269 -> 239 (-30) Unclassified: 257 -> 228 (-29) apr-1.7.0: 12 -> 5 (-7) doom: 1 -> 0 (-1) haproxy-2.7.1: 47 -> 41 (-6) ImageMagick-7.1.0-57: 13 -> 9 (-4) qemu-7.2.0: 165 -> 154 (-11) Known false: 7 -> 6 (-1) xz-5.4.0: 4 -> 3 (-1) -Wanalyzer-use-of-uninitialized-value: 0.00% GOOD: 0 BAD: 143 -> 80 (-63) Known false: 47 -> 16 (-31) doom: 42 -> 11 (-31) Unclassified: 96 -> 64 (-32) coreutils-9.1: 14 -> 10 (-4) haproxy-2.7.1: 29 -> 23 (-6) qemu-7.2.0: 48 -> 26 (-22) -Wanalyzer-null-argument: 0.00% -> 2.33% GOOD: 0 -> 1 (+1) BAD: 43 -> 42 (-1) Unclassified: 39 -> 38 (-1) due to coreutils-9.1: 9 -> 8 (-1) True positive: 0 -> 1 (+1) (in haproxy-2.7.1) gcc/analyzer/ChangeLog: PR analyzer/108830 * analyzer.opt (fanalyzer-suppress-followups): New option. * engine.cc (impl_region_model_context::warn): Terminate the path if the diagnostic's terminate_path_p vfunc returns true and -fanalyzer-suppress-followups is true (the default). (impl_sm_context::warn): Likewise, for both overloads. * pending-diagnostic.h (pending_diagnostic::terminate_path_p): New vfunc. * program-state.cc (program_state::on_edge): Terminate the path if the ctxt requests it during updating the edge. * region-model.cc (poisoned_value_diagnostic::terminate_path_p): New vfunc. * sm-malloc.cc (null_deref::terminate_path_p): New vfunc. (null_arg::terminate_path_p): New vfunc. gcc/ChangeLog: PR analyzer/108830 * doc/invoke.texi: Document -fno-analyzer-suppress-followups. gcc/testsuite/ChangeLog: PR analyzer/108830 * gcc.dg/analyzer/attribute-nonnull.c: Update for -Wanalyzer-use-of-uninitialized-value terminating analysis along a path. * gcc.dg/analyzer/call-summaries-2.c: Likewise. * gcc.dg/analyzer/data-model-1.c: Likewise. * gcc.dg/analyzer/data-model-5.c: Likewise. * gcc.dg/analyzer/doom-s_sound-pr108867.c: New test. * gcc.dg/analyzer/memset-CVE-2017-18549-1.c: Add -fno-analyzer-suppress-followups. * gcc.dg/analyzer/null-deref-pr108830.c: New test. * gcc.dg/analyzer/pipe-1.c: Add -fno-analyzer-suppress-followups. * gcc.dg/analyzer/pipe-void-return.c: Likewise. * gcc.dg/analyzer/pipe2-1.c: Likewise. * gcc.dg/analyzer/pr101547.c: Update for -Wanalyzer-use-of-uninitialized-value terminating analysis along a path. * gcc.dg/analyzer/pr101875.c: Likewise. * gcc.dg/analyzer/pr104224-split.c: New test, based on... * gcc.dg/analyzer/pr104224.c: Add -fno-analyzer-suppress-followups. * gcc.dg/analyzer/realloc-2.c: Add -fno-analyzer-suppress-followups. * gcc.dg/analyzer/realloc-3.c: Likewise. * gcc.dg/analyzer/realloc-5.c: Likewise. * gcc.dg/analyzer/stdarg-1-ms_abi.c: Likewise. * gcc.dg/analyzer/stdarg-1-sysv_abi.c: Likewise. * gcc.dg/analyzer/stdarg-1.c: Likewise. * gcc.dg/analyzer/symbolic-1.c: Likewise. * gcc.dg/analyzer/symbolic-7.c: Update for -Wanalyzer-use-of-uninitialized-value terminating analysis along a path. * gcc.dg/analyzer/uninit-4.c: Likewise. * gcc.dg/analyzer/uninit-8.c: New test. * gcc.dg/analyzer/uninit-pr94713.c: Update for -Wanalyzer-use-of-uninitialized-value terminating analysis along a path. * gcc.dg/analyzer/zlib-6a.c: Add -fno-analyzer-suppress-followups. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-02-15analyzer: fix uninit false +ves [PR108664,PR108666,PR108725]David Malcolm1-11/+19
This patch updates poisoned_value_diagnostic so that, where possible, it checks to see if the value is still poisoned along the execution path seen during feasibility analysis, rather than just that seen in the exploded graph. Integration testing shows this reduction in the number of false positives: -Wanalyzer-use-of-uninitialized-value: 191 -> 153 (-38) where the changes happen in: coreutils-9.1: 34 -> 20 (-14) qemu-7.2.0: 78 -> 54 (-24) gcc/analyzer/ChangeLog: PR analyzer/108664 PR analyzer/108666 PR analyzer/108725 * diagnostic-manager.cc (epath_finder::get_best_epath): Add "target_stmt" param. (epath_finder::explore_feasible_paths): Likewise. (epath_finder::process_worklist_item): Likewise. (saved_diagnostic::calc_best_epath): Pass m_stmt to epath_finder::get_best_epath. * engine.cc (feasibility_state::maybe_update_for_edge): Move per-stmt logic to... (feasibility_state::update_for_stmt): ...this new function. * exploded-graph.h (feasibility_state::update_for_stmt): New decl. * feasible-graph.cc (feasible_node::get_state_at_stmt): New. * feasible-graph.h: Include "analyzer/exploded-graph.h". (feasible_node::get_state_at_stmt): New decl. * infinite-recursion.cc (infinite_recursion_diagnostic::check_valid_fpath_p): Update for vfunc signature change. * pending-diagnostic.h (pending_diagnostic::check_valid_fpath_p): Convert first param to a reference. Add stmt param. * region-model.cc: Include "analyzer/feasible-graph.h". (poisoned_value_diagnostic::poisoned_value_diagnostic): Add "check_expr" param. (poisoned_value_diagnostic::check_valid_fpath_p): New. (poisoned_value_diagnostic::m_check_expr): New field. (region_model::check_for_poison): Attempt to supply a check_expr to the diagnostic (region_model::deref_rvalue): Add NULL for new check_expr param of poisoned_value_diagnostic. (region_model::get_or_create_region_for_heap_alloc): Don't reuse regions that are marked as TOUCHED. gcc/testsuite/ChangeLog: PR analyzer/108664 PR analyzer/108666 PR analyzer/108725 * gcc.dg/analyzer/coreutils-cksum-pr108664.c: New test. * gcc.dg/analyzer/coreutils-sum-pr108666.c: New test. * gcc.dg/analyzer/torture/uninit-pr108725.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2023-01-16Update copyright years.Jakub Jelinek1-1/+1
2022-12-02analyzer: introduce struct event_loc_infoDavid Malcolm1-29/+34
gcc/analyzer/ChangeLog: * analyzer.h (struct event_loc_info): New forward decl. * bounds-checking.cc: Use event_loc_info throughout to bundle the loc, fndecl, depth triples. * call-info.cc: Likewise. * checker-event.cc: Likewise. * checker-event.h (struct event_loc_info): New decl. Use it throughout to bundle the loc, fndecl, depth triples. * checker-path.cc: Likewise. * checker-path.h: Likewise. * diagnostic-manager.cc: Likewise. * engine.cc: Likewise. * infinite-recursion.cc: Likewise. * pending-diagnostic.cc: Likewise. * pending-diagnostic.h: Likewise. * region-model.cc: Likewise. * sm-signal.cc: Likewise. * varargs.cc: Likewise. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2022-11-30analyzer: unify bounds-checking class hierarchiesDavid Malcolm1-19/+5
Convert out-of-bounds class hierarchy from: pending_diagnostic out_of_bounds past_the_end buffer_overflow (*) buffer_over_read (*) buffer_underwrite (*) buffer_under_read (*) symbolic_past_the_end symbolic_buffer_overflow (*) symbolic_buffer_over_read (*) to: pending_diagnostic out_of_bounds concrete_out_of_bounds concrete_past_the_end concrete_buffer_overflow (*) concrete_buffer_over_read (*) concrete_buffer_underwrite (*) concrete_buffer_under_read (*) symbolic_past_the_end symbolic_buffer_overflow (*) symbolic_buffer_over_read (*) where the concrete classes (i.e. the instantiable ones) are marked with a (*). Doing so undercovered a bug where, for CWE-131-examples.c, we were emitting an extra: warning: heap-based buffer over-read [CWE-122] [-Wanalyzer-out-of-bounds] at the: WidgetList[numWidgets] = NULL; The issue was that within set_next_state we get the rvalue for the LHS, which looks like a read to the bounds-checker. The patch fixes this by passing NULL as the region_model_context * for such accesses. gcc/analyzer/ChangeLog: * bounds-checking.cc (class out_of_bounds): Split out from... (class concrete_out_of_bounds): New abstract subclass. (class past_the_end): Rename to... (class concrete_past_the_end): ...this, and make a subclass of concrete_out_of_bounds. (class buffer_overflow): Rename to... (class concrete_buffer_overflow): ...this, and make a subclass of concrete_past_the_end. (class buffer_over_read): Rename to... (class concrete_buffer_over_read): ...this, and make a subclass of concrete_past_the_end. (class buffer_underwrite): Rename to... (class concrete_buffer_underwrite): ...this, and make a subclass of concrete_out_of_bounds. (class buffer_under_read): Rename to... (class concrete_buffer_under_read): ...this, and make a subclass of concrete_out_of_bounds. (class symbolic_past_the_end): Convert to a subclass of out_of_bounds. (symbolic_buffer_overflow::get_kind): New. (symbolic_buffer_over_read::get_kind): New. (region_model::check_region_bounds): Update for renamings. * engine.cc (impl_sm_context::set_next_state): Eliminate "new_ctxt", passing NULL to get_rvalue instead. (impl_sm_context::warn): Likewise. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2022-11-22analyzer: eliminate region_model::impl_call_* special casesDavid Malcolm1-4/+1
Eliminate all of the remaining special cases in class region_model that handle various specific functions, replacing them with uses of known_function subclasses. Add various type-checks that ought to prevent ICEs for cases where functions match the name of a standard C library or POSIX function, but have incompatible arguments. gcc/analyzer/ChangeLog: * analyzer.h (class internal_known_function): New. (register_varargs_builtins): New decl. * engine.cc (exploded_node::on_stmt_pre): Remove "out_terminate_path" param from call to region_model::on_stmt_pre. (feasibility_state::maybe_update_for_edge): Likewise. * known-function-manager.cc: Include "basic-block.h", "gimple.h", and "analyzer/region-model.h". (known_function_manager::known_function_manager): Initialize m_combined_fns_arr. (known_function_manager::~known_function_manager): Clean up m_combined_fns_arr. (known_function_manager::get_by_identifier): Make const. (known_function_manager::add): New overloaded definitions for enum built_in_function and enum internal_fn. (known_function_manager::get_by_fndecl): Delete. (known_function_manager::get_match): New. (known_function_manager::get_internal_fn): New. (known_function_manager::get_normal_builtin): New. * known-function-manager.h (known_function_manager::get_by_identifier): Make private and add const qualifier. (known_function_manager::get_by_fndecl): Delete. (known_function_manager::add): Add overloaded decls for enum built_in_function name and enum internal_fn. (known_function_manager::get_match): New decl. (known_function_manager::get_internal_fn): New decl. (known_function_manager::get_normal_builtin): New decl. (known_function_manager::m_combined_fns_arr): New field. * region-model-impl-calls.cc (call_details::arg_is_size_p): New. (class kf_alloca): New. (region_model::impl_call_alloca): Convert to... (kf_alloca::impl_call_pre): ...this. (kf_analyzer_dump_capacity::matches_call_types_p): Rewrite check to use call_details::arg_is_pointer_p. (region_model::impl_call_builtin_expect): Convert to... (class kf_expect): ...this. (class kf_calloc): New, adding check that both arguments are size_t. (region_model::impl_call_calloc): Convert to... (kf_calloc::impl_call_pre): ...this. (kf_connect::matches_call_types_p): Rewrite check to use call_details::arg_is_pointer_p. (region_model::impl_call_error): Convert to... (class kf_error): ...this, and... (kf_error::impl_call_pre): ...this. (class kf_fgets): New, adding checks that args 0 and 2 are pointers. (region_model::impl_call_fgets): Convert to... (kf_fgets::impl_call_pre): ...this. (class kf_fread): New, adding checks on the argument types. (region_model::impl_call_fread): Convert to... (kf_fread::impl_call_pre): ...this. (class kf_free): New, adding check that the argument is a pointer. (region_model::impl_call_free): Convert to... (kf_free::impl_call_post): ...this. (class kf_getchar): New. (class kf_malloc): New, adding check that the argument is a size_t. (region_model::impl_call_malloc): Convert to... (kf_malloc::impl_call_pre): ...this. (class kf_memcpy): New, adding checks on arguments. (region_model::impl_call_memcpy): Convert to... (kf_memcpy::impl_call_pre): ...this. (class kf_memset): New. (region_model::impl_call_memset): Convert to... (kf_memset::impl_call_pre): ...this. (kf_pipe::matches_call_types_p): Rewrite check to use call_details::arg_is_pointer_p. (kf_putenv::matches_call_types_p): Likewise. (class kf_realloc): New, adding checks on the argument types. (region_model::impl_call_realloc): Convert to... (kf_realloc::impl_call_post): ...this. (class kf_strchr): New. (region_model::impl_call_strchr): Convert to... (kf_strchr::impl_call_post): ...this. (class kf_stack_restore): New. (class kf_stack_save): New. (class kf_stdio_output_fn): New. (class kf_strcpy): New, (region_model::impl_call_strcpy): Convert to... (kf_strcpy::impl_call_pre): ...this. (class kf_strlen): New. (region_model::impl_call_strlen): Convert to... (kf_strlen::impl_call_pre): ...this. (class kf_ubsan_bounds): New. (region_model::impl_deallocation_call): Reimplement to avoid call to impl_call_free. (register_known_functions): Add handlers for IFN_BUILTIN_EXPECT and IFN_UBSAN_BOUNDS. Add handlers for BUILT_IN_ALLOCA, BUILT_IN_ALLOCA_WITH_ALIGN, BUILT_IN_CALLOC, BUILT_IN_EXPECT, BUILT_IN_EXPECT_WITH_PROBABILITY, BUILT_IN_FPRINTF, BUILT_IN_FPRINTF_UNLOCKED, BUILT_IN_FPUTC, BUILT_IN_FPUTC_UNLOCKED, BUILT_IN_FPUTS, BUILT_IN_FPUTS_UNLOCKED, BUILT_IN_FREE, BUILT_IN_FWRITE, BUILT_IN_FWRITE_UNLOCKED, BUILT_IN_MALLOC, BUILT_IN_MEMCPY, BUILT_IN_MEMCPY_CHK, BUILT_IN_MEMSET, BUILT_IN_MEMSET_CHK, BUILT_IN_PRINTF, BUILT_IN_PRINTF_UNLOCKED, BUILT_IN_PUTC, BUILT_IN_PUTCHAR, BUILT_IN_PUTCHAR_UNLOCKED, BUILT_IN_PUTC_UNLOCKED, BUILT_IN_PUTS, BUILT_IN_PUTS_UNLOCKED, BUILT_IN_REALLOC, BUILT_IN_STACK_RESTORE, BUILT_IN_STACK_SAVE, BUILT_IN_STRCHR, BUILT_IN_STRCPY, BUILT_IN_STRCPY_CHK, BUILT_IN_STRLEN, BUILT_IN_VFPRINTF, and BUILT_IN_VPRINTF. Call register_varargs_builtins. Add handlers for "getchar", "memset", "fgets", "fgets_unlocked", "fread", "error", and "error_at_line". * region-model.cc (region_model::on_stmt_pre): Drop "out_terminate_path" param. (region_model::get_known_function): Reimplement by calling known_function_manager::get_match, passing new "cd" param. Add overload taking enum internal_fn. (region_model::on_call_pre): Drop "out_terminate_path" param. Remove special-case handling of internal fns IFN_BUILTIN_EXPECT, IFN_UBSAN_BOUNDS, and IFN_VA_ARG, of built-in fns BUILT_IN_ALLOCA, BUILT_IN_ALLOCA_WITH_ALIGN, BUILT_IN_CALLOC, BUILT_IN_EXPECT, BUILT_IN_EXPECT_WITH_PROBABILITY, BUILT_IN_FREE, BUILT_IN_MALLOC, BUILT_IN_MEMCPY, BUILT_IN_MEMCPY_CHK, BUILT_IN_MEMSET, BUILT_IN_MEMSET_CHK, BUILT_IN_REALLOC, BUILT_IN_STRCHR, BUILT_IN_STRCPY, BUILT_IN_STRCPY_CHK, BUILT_IN_STRLEN, BUILT_IN_STACK_SAVE, BUILT_IN_STACK_RESTORE, BUILT_IN_FPRINTF, BUILT_IN_FPRINTF_UNLOCKED, BUILT_IN_PUTC, BUILT_IN_PUTC_UNLOCKED, BUILT_IN_FPUTC, BUILT_IN_FPUTC_UNLOCKED, BUILT_IN_FPUTS, BUILT_IN_FPUTS_UNLOCKED, BUILT_IN_FWRITE, BUILT_IN_FWRITE_UNLOCKED, BUILT_IN_PRINTF, BUILT_IN_PRINTF_UNLOCKED, BUILT_IN_PUTCHAR, BUILT_IN_PUTCHAR_UNLOCKED, BUILT_IN_PUTS, BUILT_IN_PUTS_UNLOCKED, BUILT_IN_VFPRINTF, BUILT_IN_VPRINTF, BUILT_IN_VA_START, and BUILT_IN_VA_COPY, and of named functions "malloc", "calloc", "alloca", "realloc", "error", "error_at_line", "fgets", "fgets_unlocked", "fread", "getchar", "memset", "strchr", and "strlen". Replace all this special-casing with calls to get_known_function for internal fns and for fn decls. (region_model::on_call_post): Remove special-casing handling for "free" and "strchr", and for BUILT_IN_REALLOC, BUILT_IN_STRCHR, and BUILT_IN_VA_END. Replace by consolidating on usage of get_known_function. * region-model.h (call_details::arg_is_size_p): New. (region_model::on_stmt_pre): Drop "out_terminate_path" param. (region_model::on_call_pre): Likewise. (region_model::impl_call_alloca): Delete. (region_model::impl_call_builtin_expect): Delete. (region_model::impl_call_calloc): Delete. (region_model::impl_call_error): Delete. (region_model::impl_call_fgets): Delete. (region_model::impl_call_fread): Delete. (region_model::impl_call_free): Delete. (region_model::impl_call_malloc): Delete. (region_model::impl_call_memcpy): Delete. (region_model::impl_call_memset): Delete. (region_model::impl_call_realloc): Delete. (region_model::impl_call_strchr): Delete. (region_model::impl_call_strcpy): Delete. (region_model::impl_call_strlen): Delete. (region_model::impl_call_va_start): Delete. (region_model::impl_call_va_copy): Delete. (region_model::impl_call_va_arg): Delete. (region_model::impl_call_va_end): Delete. (region_model::check_region_for_write): Public. (region_model::get_known_function): Add "cd" param. Add overloaded decl taking enum internal_fn. * sm-malloc.cc: Update comments. * varargs.cc (class kf_va_start): New. (region_model::impl_call_va_start): Convert to... (kf_va_start::impl_call_pre): ...this. (class kf_va_copy): New. (region_model::impl_call_va_copy): Convert to... (kf_va_copy::impl_call_pre): ...this. (class kf_va_arg): New. (region_model::impl_call_va_arg): Convert to... (kf_va_arg::impl_call_pre): ...this. (class kf_va_end): New. (region_model::impl_call_va_end): Delete. (register_varargs_builtins): New. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2022-11-18analyzer: fix feasibility false +ve on jumps through function ptrs [PR107582]David Malcolm1-4/+10
PR analyzer/107582 reports a false +ve from -Wanalyzer-use-of-uninitialized-value where the analyzer's feasibility checker erroneously decides that point (B) in the code below is reachable, with "x" being uninitialized there: pthread_cleanup_push(func, NULL); while (ret != ETIMEDOUT) ret = rand() % 1000; /* (A): after the while loop */ if (ret != ETIMEDOUT) x = &z; pthread_cleanup_pop(1); if (ret == ETIMEDOUT) return 0; /* (B): after not bailing out */ due to these contradictionary conditions somehow both holding: * (ret == ETIMEDOUT), at (A) (skipping the initialization of x), and * (ret != ETIMEDOUT), at (B) The root cause is that after the while loop, state merger puts ret in the exploded graph in an UNKNOWN state, and saves the diagnostic at (B). Later, as we explore the feasibilty of reaching the enode for (B), dynamic_call_info_t::update_model is called to push/pop the frames for handling the call to "func" in pthread_cleanup_pop. The "ret" at these nodes in the feasible_graph has a conjured_svalue for "ret", and a constraint on it being either == *or* != ETIMEDOUT. However dynamic_call_info_t::update_model blithely clobbers the model with a copy from the exploded_graph, in which "ret" is UNKNOWN. This patch fixes dynamic_call_info_t::update_model so that it simulates pushing/popping a frame on the model we're working with, preserving knowledge of the constraint on "ret", and enabling the analyzer to "know" that the bail-out must happen. Doing so fixes the false positive. gcc/analyzer/ChangeLog: PR analyzer/107582 * engine.cc (dynamic_call_info_t::update_model): Update the model by pushing or pop a frame, rather than by clobbering it with the model from the exploded_node's state. gcc/testsuite/ChangeLog: PR analyzer/107582 * gcc.dg/analyzer/feasibility-4.c: New test. * gcc.dg/analyzer/feasibility-pr107582-1.c: New test. * gcc.dg/analyzer/feasibility-pr107582-2.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2022-11-16analyzer: log the stashing of named constants [PR107711]David Malcolm1-16/+34
PR analyzer/107711 seems to be a bug in how named constants are looked up by the analyzer in the C frontend. To help debug this, this patch extends -fdump-analyzer and -fdump-analyzer-stderr so that they dump this part of the analyzer's startup. gcc/analyzer/ChangeLog: PR analyzer/107711 * analyzer-language.cc: Include "diagnostic.h". (maybe_stash_named_constant): Add logger param and use it to log the name being looked up, and the result. (stash_named_constants): New, splitting out from... (on_finish_translation_unit): ...this function. Call get_or_create_logfile and use the result to create a logger instance, passing it to stash_named_constants. * analyzer.h (get_or_create_any_logfile): New decl. * engine.cc (dump_fout, owns_dump_fout): New globals, split out from run_checkers. (get_or_create_any_logfile): New function, split out from... (run_checkers): ...here, so that the logfile can be opened by on_finish_translation_unit. Clear the globals when closing the dump file. gcc/testsuite/ChangeLog: PR analyzer/107711 * gcc.dg/analyzer/fdump-analyzer-1.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2022-11-16analyzer: use known_function to simplify region_model::on_call_{pre,post}David Malcolm1-0/+2
Replace lots of repeated checks against strings with a hash_map lookup. Add some missing type-checking for handling known functions (e.g. checks for pointer types). gcc/analyzer/ChangeLog: * analyzer.h (known_function::matches_call_types_p): New vfunc. (known_function::impl_call_pre): Provide base implementation. (known_function::impl_call_post): New vfunc. (register_known_functions): New. * engine.cc (impl_run_checkers): Call register_known_functions. * region-model-impl-calls.cc (region_model::impl_call_accept): Convert to... (class known_function_accept): ...this. (region_model::impl_call_bind): Convert to... (class known_function_bind): ...this. (region_model::impl_call_connect): Convert to... (class known_function_connect): ...this. (region_model::impl_call_listen): Convert to... (class known_function_listen): ...this. (region_model::impl_call_socket): Convert to... (class known_function_socket): ...this. (register_known_functions): New. * region-model.cc (region_model::on_call_pre): Remove special case for "bind" in favor of the known_function-handling dispatch. Add call to known_function::matches_call_types_p to latter. (region_model::on_call_post): Remove special cases for "accept", "bind", "connect", "listen", and "socket" in favor of dispatch to known_function::impl_call_post. * region-model.h (region_model::impl_call_accept): Delete decl. (region_model::impl_call_bind): Delete decl. (region_model::impl_call_connect): Delete decl. (region_model::impl_call_listen): Delete decl. (region_model::impl_call_socket): Delete decl. * sm-fd.cc: Update comments. gcc/testsuite/ChangeLog: * gcc.dg/plugin/analyzer_kernel_plugin.c (copy_across_boundary_fn::matches_call_types_p): New. * gcc.dg/plugin/analyzer_known_fns_plugin.c (known_function_returns_42::matches_call_types_p): New. (known_function_attempt_to_copy::matches_call_types_p): New. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2022-11-15analyzer: add warnings relating to sockets [PR106140]David Malcolm1-19/+41
This patch generalizes the analyzer's file descriptor state machine so that it tracks the states of sockets. It adds two new warnings relating to misuses of socket APIs: * -Wanalyzer-fd-phase-mismatch (e.g. calling 'accept' on a socket before calling 'listen' on it) * -Wanalyzer-fd-type-mismatch (e.g. using a stream socket operation on a datagram socket) gcc/analyzer/ChangeLog: PR analyzer/106140 * analyzer-language.cc (on_finish_translation_unit): Stash named constants "SOCK_STREAM" and "SOCK_DGRAM". * analyzer.opt (Wanalyzer-fd-phase-mismatch): New. (Wanalyzer-fd-type-mismatch): New. * engine.cc (impl_region_model_context::get_state_map_by_name): Add "out_sm_context" param. Allow out_sm_idx to be NULL. * exploded-graph.h (impl_region_model_context::get_state_map_by_name): Add "out_sm_context" param. * region-model-impl-calls.cc (region_model::impl_call_accept): New. (region_model::impl_call_bind): New. (region_model::impl_call_connect): New. (region_model::impl_call_listen): New. (region_model::impl_call_socket): New. * region-model.cc (region_model::on_call_pre): Special-case "bind". (region_model::on_call_post): Special-case "accept", "bind", "connect", "listen", and "socket". * region-model.h (region_model::impl_call_accept): New decl. (region_model::impl_call_bind): New decl. (region_model::impl_call_connect): New decl. (region_model::impl_call_listen): New decl. (region_model::impl_call_socket): New decl. (region_model::on_socket): New decl. (region_model::on_bind): New decl. (region_model::on_listen): New decl. (region_model::on_accept): New decl. (region_model::on_connect): New decl. (region_model::add_constraint): Make public. (region_model::check_for_poison): Make public. (region_model_context::get_state_map_by_name): Add out_sm_context param. (region_model_context::get_fd_map): Likewise. (region_model_context::get_malloc_map): Likewise. (region_model_context::get_taint_map): Likewise. (noop_region_model_context::get_state_map_by_name): Likewise. (region_model_context_decorator::get_state_map_by_name): Likewise. * sm-fd.cc: Include "analyzer/supergraph.h" and "analyzer/analyzer-language.h". (enum expected_phase): New enum. (fd_state_machine::m_new_datagram_socket): New. (fd_state_machine::m_new_stream_socket): New. (fd_state_machine::m_new_unknown_socket): New. (fd_state_machine::m_bound_datagram_socket): New. (fd_state_machine::m_bound_stream_socket): New. (fd_state_machine::m_bound_unknown_socket): New. (fd_state_machine::m_listening_stream_socket): New. (fd_state_machine::m_m_connected_stream_socket): New. (fd_state_machine::m_SOCK_STREAM): New. (fd_state_machine::m_SOCK_DGRAM): New. (fd_diagnostic::describe_state_change): Handle socket states. (fd_diagnostic::get_meaning_for_state_change): Likewise. (class fd_phase_mismatch): New. (enum expected_type): New enum. (class fd_type_mismatch): New. (fd_state_machine::fd_state_machine): Initialize new states and stashed named constants. (fd_state_machine::is_socket_fd_p): New. (fd_state_machine::is_datagram_socket_fd_p): New. (fd_state_machine::is_stream_socket_fd_p): New. (fd_state_machine::on_close): Handle the socket states. (fd_state_machine::check_for_open_fd): Complain about fncalls on sockets in the wrong phase. Support socket FDs. (add_constraint_ge_zero): New. (fd_state_machine::get_state_for_socket_type): New. (fd_state_machine::on_socket): New. (fd_state_machine::check_for_socket_fd): New. (fd_state_machine::check_for_new_socket_fd): New. (fd_state_machine::on_bind): New. (fd_state_machine::on_listen): New. (fd_state_machine::on_accept): New. (fd_state_machine::on_connect): New. (fd_state_machine::can_purge_p): Don't purge socket values. (get_fd_state): New. (region_model::mark_as_valid_fd): Use get_fd_state. (region_model::on_socket): New. (region_model::on_bind): New. (region_model::on_listen): New. (region_model::on_accept): New. (region_model::on_connect): New. * sm-fd.dot: Update to reflect sm-fd.cc changes. gcc/ChangeLog: PR analyzer/106140 * doc/invoke.texi (Static Analyzer Options): Add -Wanalyzer-fd-phase-mismatch and -Wanalyzer-fd-type-mismatch. Add "socket", "bind", "listen", "accept", and "connect" to the list of functions known to the analyzer. gcc/testsuite/ChangeLog: PR analyzer/106140 * gcc.dg/analyzer/fd-accept.c: New test. * gcc.dg/analyzer/fd-bind.c: New test. * gcc.dg/analyzer/fd-connect.c: New test. * gcc.dg/analyzer/fd-datagram-socket.c: New test. * gcc.dg/analyzer/fd-glibc-byte-stream-connection-server.c: New test. * gcc.dg/analyzer/fd-glibc-byte-stream-socket.c: New test. * gcc.dg/analyzer/fd-glibc-datagram-client.c: New test. * gcc.dg/analyzer/fd-glibc-datagram-socket.c: New test. * gcc.dg/analyzer/fd-glibc-make_named_socket.h: New test. * gcc.dg/analyzer/fd-listen.c: New test. * gcc.dg/analyzer/fd-manpage-getaddrinfo-client.c: New test. * gcc.dg/analyzer/fd-mappage-getaddrinfo-server.c: New test. * gcc.dg/analyzer/fd-socket-meaning.c: New test. * gcc.dg/analyzer/fd-socket-misuse.c: New test. * gcc.dg/analyzer/fd-stream-socket-active-open.c: New test. * gcc.dg/analyzer/fd-stream-socket-passive-open.c: New test. * gcc.dg/analyzer/fd-stream-socket.c: New test. * gcc.dg/analyzer/fd-symbolic-socket.c: New test. * gcc.dg/analyzer/pr104369-1.c: Add -Wno-analyzer-too-complex and -Wno-analyzer-fd-leak to options. * gcc.dg/analyzer/pr104369-2.c: Add -Wno-analyzer-fd-leak to options. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2022-11-15c, analyzer: support named constants in analyzer [PR106302]David Malcolm1-0/+1
The analyzer's file-descriptor state machine tracks the access mode of opened files, so that it can emit -Wanalyzer-fd-access-mode-mismatch. To do this, its symbolic execution needs to "know" the values of the constants "O_RDONLY", "O_WRONLY", and "O_ACCMODE". Currently analyzer/sm-fd.cc simply uses these values directly from the build-time header files, but these are the values on the host, not those from the target, which could be different (PR analyzer/106302). In an earlier discussion of this issue: https://gcc.gnu.org/pipermail/gcc/2022-June/238954.html we talked about adding a target hook for this. However, I've also been experimenting with extending the fd state machine to track sockets (PR analyzer/106140). For this, it's useful to "know" the values of the constants "SOCK_STREAM" and "SOCK_DGRAM". Unfortunately, these seem to have many arbitrary differences from target to target. For example: Linux/glibc general has SOCK_STREAM == 1, SOCK_DGRAM == 2, as does AIX, but annoyingly, e.g. Linux on MIPS has them the other way around. It seems to me that as the analyzer grows more ambitious modeling of the behavior of APIs (perhaps via plugins) it's more likely that the analyzer will need to know the values of named constants, which might not even exist on the host. For example, at LPC it was suggested to me that -fanalyzer could check rules about memory management inside the Linux kernel (probably via a plugin), but doing so involves a bunch of GFP_* flags (see PR 107472). So rather than trying to capture all this knowledge in a target hook, this patch attempts to get at named constant values from the user's source code. The patch adds an interface for frontends to call into the analyzer as the translation unit finishes. The analyzer can then call back into the frontend to ask about the values of the named constants it cares about whilst the frontend's data structures are still around. The patch implements this for the C frontend, which looks up the names by looking for named CONST_DECLs (which handles enum values). Failing that, it attempts to look up the values of macros but only the simplest cases are supported (a non-traditional macro with a single CPP_NUMBER token). It does this by building a buffer containing the macro definition and rerunning a lexer on it. The analyzer gracefully handles the cases where named values aren't found (such as anything more complicated than described above). The patch ports the analyzer to use this mechanism for "O_RDONLY", "O_WRONLY", and "O_ACCMODE". I have successfully tested my socket patch to also use this for "SOCK_STREAM" and "SOCK_DGRAM", so the technique seems to work. gcc/ChangeLog: PR analyzer/106302 * Makefile.in (ANALYZER_OBJS): Add analyzer/analyzer-language.o. (GTFILES): Add analyzer/analyzer-language.cc. * doc/analyzer.texi: Document __analyzer_dump_named_constant. gcc/analyzer/ChangeLog: PR analyzer/106302 * analyzer-language.cc: New file. * analyzer-language.h: New file. * analyzer.h (get_stashed_constant_by_name): New decl. (log_stashed_constants): New decl. * engine.cc (impl_run_checkers): Call log_stashed_constants. * region-model-impl-calls.cc (region_model::impl_call_analyzer_dump_named_constant): New. * region-model.cc (region_model::on_stmt_pre): Handle __analyzer_dump_named_constant. * region-model.h (region_model::impl_call_analyzer_dump_named_constant): New decl. * sm-fd.cc (fd_state_machine::m_O_ACCMODE): New. (fd_state_machine::m_O_RDONLY): New. (fd_state_machine::m_O_WRONLY): New. (fd_state_machine::fd_state_machine): Initialize the new fields. (fd_state_machine::get_access_mode_from_flag): Use the new fields, rather than using the host values. gcc/c/ChangeLog: PR analyzer/106302 * c-parser.cc: Include "analyzer/analyzer-language.h" and "toplev.h". (class ana::c_translation_unit): New. (c_parser_translation_unit): Call ana::on_finish_translation_unit. gcc/testsuite/ChangeLog: * gcc.dg/analyzer/analyzer-decls.h (__analyzer_dump_named_constant): New decl. * gcc.dg/analyzer/fd-4.c (void): Likewise. (O_ACCMODE): Define. * gcc.dg/analyzer/fd-access-mode-enum.c: New test, based on . * gcc.dg/analyzer/fd-5.c: ...this. Rename to... * gcc.dg/analyzer/fd-access-mode-macros.c: ...this. (O_ACCMODE): Define. * gcc.dg/analyzer/fd-access-mode-target-headers.c: New test, also based on fd-5.c. (test_sm_fd_constants): New. * gcc.dg/analyzer/fd-dup-1.c (O_ACCMODE): Define. * gcc.dg/analyzer/named-constants-via-enum.c: New test. * gcc.dg/analyzer/named-constants-via-enum-and-macro.c: New test. * gcc.dg/analyzer/named-constants-via-macros-2.c: New test. * gcc.dg/analyzer/named-constants-via-macros.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2022-11-11analyzer: new warning: -Wanalyzer-infinite-recursion [PR106147]David Malcolm1-1/+6
This patch adds a new -Wanalyzer-infinite-recursion warning to -fanalyzer, which complains about certain cases of infinite recursion. Specifically, when it detects recursion during its symbolic execution of the user's code, it compares the state of memory to that at the previous level of recursion, and if nothing appears to have effectively changed, it issues a warning. Unlike the middle-end warning -Winfinite-recursion (added by Martin Sebor in GCC 12; r12-5483-g30ba058f77eedf), the analyzer warning complains if there exists an interprocedural path in which recursion occurs in which memory has not changed, whereas -Winfinite-recursion complains if *every* intraprocedural path through the function leads to a self-call. Hence the warnings complement each other: there's some overlap, but each also catches issues that the other misses. For example, the new warning complains about a guarded recursion in which the guard is passed unchanged: void test_guarded (int flag) { if (flag) test_guarded (flag); } t.c: In function 'test_guarded': t.c:4:5: warning: infinite recursion [CWE-674] [-Wanalyzer-infinite-recursion] 4 | test_guarded (flag); | ^~~~~~~~~~~~~~~~~~~ 'test_guarded': events 1-4 | | 1 | void test_guarded (int flag) | | ^~~~~~~~~~~~ | | | | | (1) initial entry to 'test_guarded' | 2 | { | 3 | if (flag) | | ~ | | | | | (2) following 'true' branch (when 'flag != 0')... | 4 | test_guarded (flag); | | ~~~~~~~~~~~~~~~~~~~ | | | | | (3) ...to here | | (4) calling 'test_guarded' from 'test_guarded' | +--> 'test_guarded': events 5-6 | | 1 | void test_guarded (int flag) | | ^~~~~~~~~~~~ | | | | | (5) recursive entry to 'test_guarded'; previously entered at (1) | | (6) apparently infinite recursion | whereas the existing warning doesn't complain, since when "flag" is false the function doesn't recurse. The new warning doesn't trigger for e.g.: void test_param_variant (int depth) { if (depth > 0) test_param_variant (depth - 1); } on the grounds that "depth" is changing, and appears to be a variant that enforces termination of the recursion. gcc/ChangeLog: PR analyzer/106147 * Makefile.in (ANALYZER_OBJS): Add analyzer/infinite-recursion.o. gcc/analyzer/ChangeLog: PR analyzer/106147 * analyzer.opt (Wanalyzer-infinite-recursion): New. * call-string.cc (call_string::count_occurrences_of_function): New. * call-string.h (call_string::count_occurrences_of_function): New decl. * checker-path.cc (function_entry_event::function_entry_event): New ctor. (checker_path::add_final_event): Delete. * checker-path.h (function_entry_event::function_entry_event): New ctor. (function_entry_event::get_desc): Drop "final". (checker_path::add_final_event): Delete. * diagnostic-manager.cc (diagnostic_manager::emit_saved_diagnostic): Create the final event via a new pending_diagnostic::add_final_event vfunc, rather than checker_path::add_final_event. (diagnostic_manager::add_events_for_eedge): Create function entry events via a new pending_diagnostic::add_function_entry_event vfunc. * engine.cc (exploded_graph::process_node): When creating a new PK_BEFORE_SUPERNODE node, call exploded_graph::detect_infinite_recursion on it after adding the in-edge. * exploded-graph.h (exploded_graph::detect_infinite_recursion): New decl. (exploded_graph::find_previous_entry_to): New decl. * infinite-recursion.cc: New file. * pending-diagnostic.cc (pending_diagnostic::add_function_entry_event): New. (pending_diagnostic::add_final_event): New. * pending-diagnostic.h (pending_diagnostic::add_function_entry_event): New vfunc. (pending_diagnostic::add_final_event): New vfunc. gcc/ChangeLog: PR analyzer/106147 * doc/gcc/gcc-command-options/options-that-control-static-analysis.rst: Add -Wanalyzer-infinite-recursion. * doc/gcc/gcc-command-options/options-to-request-or-suppress-warnings.rst (-Winfinite-recursion): Mention -Wanalyzer-infinite-recursion. gcc/testsuite/ChangeLog: PR analyzer/106147 * g++.dg/analyzer/infinite-recursion-1.C: New test. * g++.dg/analyzer/infinite-recursion-2.C: New test, copied from g++.dg/warn/Winfinite-recursion-2.C. * g++.dg/analyzer/infinite-recursion-3.C: New test, adapted from g++.dg/warn/Winfinite-recursion-3.C. * gcc.dg/analyzer/infinite-recursion-2.c: New test. * gcc.dg/analyzer/infinite-recursion-3.c: New test. * gcc.dg/analyzer/infinite-recursion-4-limited-buggy.c: New test. * gcc.dg/analyzer/infinite-recursion-4-limited.c: New test. * gcc.dg/analyzer/infinite-recursion-4-unlimited-buggy.c: New test. * gcc.dg/analyzer/infinite-recursion-4-unlimited.c: New test. * gcc.dg/analyzer/infinite-recursion-5.c: New test, adapted from gcc.dg/Winfinite-recursion.c. * gcc.dg/analyzer/infinite-recursion-alloca.c: New test. * gcc.dg/analyzer/infinite-recursion-inlining.c: New test. * gcc.dg/analyzer/infinite-recursion-multiline-1.c: New test. * gcc.dg/analyzer/infinite-recursion-multiline-2.c: New test. * gcc.dg/analyzer/infinite-recursion-variadic.c: New test. * gcc.dg/analyzer/infinite-recursion.c: Add dg-warning directives where infinite recursions occur. * gcc.dg/analyzer/malloc-ipa-12.c: Likewise. * gcc.dg/analyzer/pr105365.c: Likewise. * gcc.dg/analyzer/pr105366.c: Likewise. * gcc.dg/analyzer/pr97029.c: Likewise. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2022-11-10analyzer: new warning: -Wanalyzer-deref-before-check [PR99671]David Malcolm1-0/+16
This patch implements a new -Wanalyzer-deref-before-check within -fanalyzer. It complains about code paths in which a pointer is checked for NULL after it has already been dereferenced. For example, for the testcase in PR 77432 the diagnostic emits: deref-before-check-1.c: In function 'test_from_pr77432': deref-before-check-1.c:6:8: warning: check of 'a' for NULL after already dereferencing it [-Wanalyzer-deref-before-check] 6 | if (a) | ^ 'test_from_pr77432': events 1-2 | | 5 | int b = *a; | | ^ | | | | | (1) pointer 'a' is dereferenced here | 6 | if (a) | | ~ | | | | | (2) pointer 'a' is checked for NULL here but it was already dereferenced at (1) | and in PR 77425 we had an instance of this hidden behind a macro, which the diagnostic complains about as follows: deref-before-check-pr77425.c: In function 'get_odr_type': deref-before-check-pr77425.c:35:10: warning: check of 'odr_types_ptr' for NULL after already dereferencing it [-Wanalyzer-deref-before-check] 35 | if (odr_types_ptr) | ^ 'get_odr_type': events 1-3 | | 27 | if (cond) | | ^ | | | | | (1) following 'false' branch... |...... | 31 | else if (other_cond) | | ~~~~~~~~~~~ | | || | | |(2) ...to here | | (3) following 'true' branch... | 'get_odr_type': event 4 | | 11 | #define odr_types (*odr_types_ptr) | | ~^~~~~~~~~~~~~~~ | | | | | (4) ...to here deref-before-check-pr77425.c:33:7: note: in expansion of macro 'odr_types' | 33 | odr_types[val->id] = 0; | | ^~~~~~~~~ | 'get_odr_type': event 5 | | 11 | #define odr_types (*odr_types_ptr) | | ~^~~~~~~~~~~~~~~ | | | | | (5) pointer 'odr_types_ptr' is dereferenced here deref-before-check-pr77425.c:33:7: note: in expansion of macro 'odr_types' | 33 | odr_types[val->id] = 0; | | ^~~~~~~~~ | 'get_odr_type': event 6 | | 35 | if (odr_types_ptr) | | ^ | | | | | (6) pointer 'odr_types_ptr' is checked for NULL here but it was already dereferenced at (5) | gcc/analyzer/ChangeLog: PR analyzer/99671 * analyzer.opt (Wanalyzer-deref-before-check): New warning. * diagnostic-manager.cc (null_assignment_sm_context::set_next_state): Only add state change events for transition to "null" state. (null_assignment_sm_context::is_transition_to_null): New. * engine.cc (impl_region_model_context::on_pop_frame): New. * exploded-graph.h (impl_region_model_context::on_pop_frame): New decl. * program-state.cc (sm_state_map::clear_any_state): New. (sm_state_map::can_merge_with_p): New. (program_state::can_merge_with_p): Replace requirement that sm-states be equal in favor of an attempt to merge them. * program-state.h (sm_state_map::clear_any_state): New decl. (sm_state_map::can_merge_with_p): New decl. * region-model.cc (region_model::eval_condition): Make const. (region_model::pop_frame): Call ctxt->on_pop_frame. * region-model.h (region_model::eval_condition): Make const. (region_model_context::on_pop_frame): New vfunc. (noop_region_model_context::on_pop_frame): New. (region_model_context_decorator::on_pop_frame): New. * sm-malloc.cc (enum resource_state): Add RS_ASSUMED_NON_NULL. (allocation_state::dump_to_pp): Drop "final". (struct assumed_non_null_state): New subclass. (malloc_state_machine::m_assumed_non_null): New. (assumed_non_null_p): New. (class deref_before_check): New. (assumed_non_null_state::dump_to_pp): New. (malloc_state_machine::get_or_create_assumed_non_null_state_for_frame): New. (malloc_state_machine::maybe_assume_non_null): New. (malloc_state_machine::on_stmt): Transition from start state to "assumed-non-null" state for pointers passed to __attribute__((nonnull)) arguments, and for pointers explicitly dereferenced. Call maybe_complain_about_deref_before_check for pointers explicitly compared against NULL. (malloc_state_machine::maybe_complain_about_deref_before_check): New. (malloc_state_machine::on_deallocator_call): Also transition "assumed-non-null" states to "freed". (malloc_state_machine::on_pop_frame): New. (malloc_state_machine::maybe_get_merged_states_nonequal): New. * sm-malloc.dot: Update for changes to sm-malloc.cc. * sm.h (state_machine::on_pop_frame): New. (state_machine::maybe_get_merged_state): New. (state_machine::maybe_get_merged_states_nonequal): New. gcc/ChangeLog: * doc/gcc/gcc-command-options/options-that-control-static-analysis.rst: Add -Wanalyzer-deref-before-check. gcc/testsuite/ChangeLog: * gcc.dg/analyzer/deref-before-check-1.c: New test. * gcc.dg/analyzer/deref-before-check-2.c: New test. * gcc.dg/analyzer/deref-before-check-pr77425.c: New test. * gcc.dg/analyzer/malloc-1.c (test_51): New test. gcc/ChangeLog: PR analyzer/99671 * tristate.h (tristate::is_unknown): New. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2022-11-03analyzer: use std::unique_ptr for state machines from pluginsDavid Malcolm1-2/+2
gcc/analyzer/ChangeLog: * analyzer.h: Use std::unique_ptr for state machines from plugins. * engine.cc: Likewise. gcc/testsuite/ChangeLog: * gcc.dg/plugin/analyzer_gil_plugin.c: Use std::unique_ptr for state machines from plugins. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2022-11-03analyzer: use std::unique_ptr for known functionsDavid Malcolm1-2/+2
gcc/analyzer/ChangeLog: * analyzer.h: Use std::unique_ptr for known functions. * engine.cc: Likewise. * known-function-manager.cc: Likewise. * known-function-manager.h: Likewise. gcc/testsuite/ChangeLog: * gcc.dg/plugin/analyzer_kernel_plugin.c: Use std::unique_ptr for known functions. * gcc.dg/plugin/analyzer_known_fns_plugin.c: Likewise. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2022-11-03analyzer: use std::unique_ptr during bifurcationDavid Malcolm1-10/+8
gcc/analyzer/ChangeLog: * analysis-plan.cc: Define INCLUDE_MEMORY before including system.h. * analyzer-pass.cc: Likewise. * analyzer-selftests.cc: Likewise. * analyzer.cc: Likewise. * analyzer.h: Use std::unique_ptr in bifurcation code. * call-string.cc: Define INCLUDE_MEMORY before including system.h. * complexity.cc: Likewise. * engine.cc: Use std::unique_ptr in bifurcation code. * exploded-graph.h: Likewise. * known-function-manager.cc: Define INCLUDE_MEMORY before including system.h. * region-model-impl-calls.cc: Use std::unique_ptr in bifurcation code. * region-model.cc: Likewise. * region-model.h: Likewise. * supergraph.cc: Define INCLUDE_MEMORY before including system.h. gcc/testsuite/ChangeLog: * gcc.dg/plugin/analyzer_kernel_plugin.c: Include "make-unique.h". Use std::unique_ptr in bifurcation code. * gcc.dg/plugin/analyzer_known_fns_plugin.c: Likewise. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2022-11-03analyzer: use std::unique_ptr for checker_eventDavid Malcolm1-18/+22
gcc/analyzer/ChangeLog: * call-info.cc: Use std::unique_ptr for checker_event. * checker-path.cc: Likewise. * checker-path.h: Likewise. * diagnostic-manager.cc: Likewise. * engine.cc: Likewise. * pending-diagnostic.cc: Likewise. * sm-signal.cc: Likewise. * varargs.cc: Likewise. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2022-11-03analyzer: use std::unique_ptr for feasibility_problems and exploded_pathDavid Malcolm1-4/+5
gcc/analyzer/ChangeLog: * diagnostic-manager.cc: Include "make-unique.h". Use std::unique_ptr for feasibility_problems and exploded_path. Delete explicit saved_diagnostic dtor. * diagnostic-manager.h: Likewise. * engine.cc: Likewise. * exploded-graph.h: Likewise. * feasible-graph.cc: Likewise. * feasible-graph.h: Likewise. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
2022-11-03analyzer: use std::unique_ptr for custom_edge_info pointersDavid Malcolm1-33/+19
gcc/analyzer/ChangeLog: * checker-path.cc (rewind_event::rewind_event): Update for usage of std::unique_ptr on custom_edge_info. * engine.cc (exploded_node::on_longjmp): Likewise. (exploded_edge::exploded_edge): Likewise. (exploded_edge::~exploded_edge): Delete. (exploded_graph::add_function_entry): Update for usage of std::unique_ptr on custom_edge_info. (exploded_graph::add_edge): Likewise. (add_tainted_args_callback): Likewise. (exploded_graph::maybe_create_dynamic_call): Likewise. (exploded_graph::process_node): Likewise. * exploded-graph.h (exploded_edge::~exploded_edge): Delete. (exploded_edge::m_custom_info): Use std::unique_ptr. (exploded_edge::add_edge): Likewise. * sm-signal.cc (register_signal_handler::impl_transition): Use make_unique. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
generated by cgit v1.1 at 2025-03-31 22:25:58 +0000