| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Previously, various places in the analyzer generated message strings
by cloning the diagnostic_context's pretty_printer, printing to that
pretty_printer's buffer, and then returning a copy of the buffer
contents.
This implicit use of a particular pretty printer doesn't work well for
the "multiple diagnostic output formats" case (PR other/116613), such as
differences in colorization, or in how phase 3 of formatting works.
Hence as enabling work towards that, the following patch reworks the
various functions returning a label_text string in favor of functions
that print to a specific pretty_printer, such as diagnotic_event's
"get_desc" vfunc, which becomes "print_desc". This makes the particular
pretty_printer in use explicit in each case.
Previously, the various pending_diagnostic::describe_* vfuncs returned a
label_text, with the return of an empty string signifying that no
description could be generated. With this patch, these vfuncs gain a
"pretty_printer &" param and a bool return value and now either print to
the pretty_printer and return true, or return false to signify the
"no description available" case.
No functional change intended.
gcc/analyzer/ChangeLog:
PR other/116613
* bounds-checking.cc
(concrete_buffer_overflow::describe_final_event): Convert return
type from label_text to bool. Add "pp" param and either print to
it and return true, or return false.
(concrete_buffer_overflow::describe_final_event_as_bytes): Convert
to print to a pp rather than returning a label_text.
(concrete_buffer_overflow::describe_final_event_as_bits):
Likewise.
(class concrete_buffer_over_read): Analogous changes to above.
(class concrete_buffer_underwrite): Likewise.
(class concrete_buffer_under_read): Likewise.
(class symbolic_buffer_overflow): Likewise.
(class symbolic_buffer_over_read): Likewise.
* call-details.cc (class overlapping_buffers): Likewise.
* call-info.cc (call_info::print): Reimplement.
(class call_info::add_events_to_path::call_event): Convert
"get_desc" vfunc to "print_desc", dropping return type, adding
"pp" param, and printing to it.
(class succeed_or_fail_call_info): Likewise.
* call-info.h (class call_info): Likewise.
(class succeed_or_fail_call_info): Likewise.
* checker-event.cc (checker_event::dump): Reimplement.
(checker_event::prepare_for_emission): Update for change from
get_desc to print_desc.
(debug_event::get_desc): Convert to...
(debug_event::print_desc): ...this.
(precanned_custom_event::get_desc): Convert to...
(precanned_custom_event::print_desc): ...this.
(statement_event::get_desc): Convert to...
(statement_event::print_desc): ...this.
(region_creation_event_memory_space::get_desc): Convert to...
(region_creation_event_memory_space::print_desc): ...this.
(region_creation_event_capacity::get_desc): Convert to...
(region_creation_event_capacity::print_desc): ...this.
(region_creation_event_allocation_size::get_desc): Convert to...
(region_creation_event_allocation_size::print_desc): ...this.
(region_creation_event_debug::get_desc): Convert to...
(region_creation_event_debug::print_desc): ...this.
(function_entry_event::get_desc): Convert to...
(function_entry_event::print_desc): ...this.
(state_change_event::get_desc): Convert to...
(state_change_event::print_desc): ...this.
(state_change_event::get_meaning): Update for change to
pending_diagnostic::get_meaning_for_state_change.
(superedge_event::should_filter_p): Convert from usage of get_desc
to print_desc.
(start_cfg_edge_event::get_desc): Convert to...
(start_cfg_edge_event::print_desc): ...this.
(call_event::get_desc): Convert to...
(call_event::print_desc): ...this.
(return_event::get_desc): Convert to...
(return_event::print_desc): ...this.
(start_consolidated_cfg_edges_event::get_desc): Convert to...
(start_consolidated_cfg_edges_event::print_desc): ...this.
(inlined_call_event::get_desc): Convert to...
(inlined_call_event::print_desc): ...this.
(setjmp_event::get_desc): Convert to...
(setjmp_event::print_desc): ...this.
(rewind_from_longjmp_event::get_desc): Convert to...
(rewind_from_longjmp_event::print_desc): ...this.
(rewind_to_setjmp_event::get_desc): Convert to...
(rewind_to_setjmp_event::print_desc): ...this.
(warning_event::get_desc): Convert to...
(warning_event::print_desc): ...this.
* checker-event.h: Convert the various "get_desc" vfunc decls to
"print_desc".
* checker-path.cc (checker_path::dump): Convert to usage of
checker_event::print_desc.
(checker_path::debug): Convert to debug form of
checker_event::get_desc.
* diagnostic-manager.cc
(diagnostic_manager::prune_interproc_events): Likewise.
(diagnostic_manager::prune_system_headers): Likewise.
* engine.cc (call_summary_edge_info::get_desc): Convert to...
(call_summary_edge_info::print_desc): ...this.
(stale_jmp_buf::describe_final_event): Update for change to
this vfunc.
(tainted_args_function_custom_event::get_desc): Convert to...
(tainted_args_function_custom_event::print_desc): ...this.
(tainted_args_field_custom_event::get_desc): Convert to...
(tainted_args_field_custom_event::print_desc): ...this.
(tainted_args_callback_custom_event::get_desc): Convert to...
(tainted_args_callback_custom_event::print_desc): ...this.
(jump_through_null::describe_final_event): Update for change to
this vfunc.
* infinite-loop.cc (perpetual_start_cfg_edge_event::get_desc):
Convert to...
(perpetual_start_cfg_edge_event::print_desc): ...this.
(looping_back_event::get_desc): Convert to...
(looping_back_event::print_desc): ...this.
(looping_back_event::describe_final_event): Update for change to
this vfunc.
* infinite-recursion.cc (class infinite_recursion_diagnostic):
Update for changes to pending_diagnostic.
* kf.cc (class putenv_of_auto_var): Likewise.
(kf_realloc::impl_call_post): Update for changes to call_info.
(kf_strchr::impl_call_post): Likewise.
(kf_strncpy::impl_call_post): Likewise.
(kf_strstr::impl_call_post): Likewise.
(class kf_strtok::undefined_behavior): Update for changes to
pending_diagnostic.
(class strtok_call_info): Update for changes to call_info.
* pending-diagnostic.cc (evdesc::event_desc::formatted_print):
Delete.
* pending-diagnostic.h (struct event_desc): Delete.
(struct state_change): Drop event_desc base class.
(struct call_with_state): Likewise.
(struct return_of_state): Likewise.
(struct final_event): Likewise.
(pending_event::describe_state_change): Convert return
type from label_text to bool. Add "pp" param and either print to
it and return true, or return false. Do the latter for the base
class implementation.
(pending_event::describe_call_with_state): Likewise.
(pending_event::describe_return_of_state): Likewise.
(pending_event::describe_final_event): Likewise.
* region-model.cc
(poisoned_value_diagnostic::describe_final_event): Update for
change to this vfunc.
(shift_count_negative_diagnostic::describe_final_event): Likewise.
(shift_count_overflow_diagnostic::describe_final_event): Likewise.
(ptrdiff_region_creation_event::get_desc): Convert to...
(ptrdiff_region_creation_event::print_desc): ...this.
(undefined_ptrdiff_diagnostic::describe_final_event): Update for
change to this vfunc.
(write_to_const_diagnostic::describe_final_event): Likewise.
(write_to_string_literal_diagnostic::describe_final_event):
Likewise.
(dubious_allocation_size::describe_final_event): Likewise.
(null_terminator_check_event::get_desc): Convert to...
(null_terminator_check_event::print_desc): ...this.
(float_as_size_arg::describe_final_event): Update for change to
this vfunc.
(exposure_through_uninit_copy::describe_final_event): Likewise.
* sm-fd.cc: Include "diagnostic-core.h". Update throughout for
changes to pending_diagnostic vfuncs.
* sm-file.cc: Likewise.
* sm-malloc.cc: Likewise.
* sm-sensitive.cc: Likewise.
* sm-signal.cc: Likewise.
* sm-taint.cc: Likewise.
* varargs.cc: Likewise.
gcc/ChangeLog:
PR other/116613
* diagnostic-format-json.cc (make_json_for_path): Add "ref_pp"
param and use when obtaining event descriptions.
(json_output_format::on_report_diagnostic): Pass this format's
printer as the above.
* diagnostic-format-sarif.cc
(sarif_builder::make_location_object): Clone this format's printer
and use it to obtain the text of the message.
* diagnostic-path.cc: Include "pretty-print-markup.h".
(diagnostic_event::get_desc): New.
(path_label::get_text): Update for changes to diagnostic_event.
(event_range::print): Likewise.
(class element_event_desc): New.
(diagnostic_text_output_format::print_path): Update for changes to
diagnostic_event.
* diagnostic-path.h (diagnostic_event::get_desc): Replace with...
(diagnostic_event::print_desc): ...this.
(diagnostic_event::get_desc): Add this back for debugging, without
the bool param.
* pretty-print.cc (pp_printf_n): New.
* pretty-print.h (pp_printf_n): New decl.
* selftest-diagnostic-path.h (test_diagnostic_event::get_desc):
Convert to...
(test_diagnostic_event::print_desc): ...this.
* simple-diagnostic-path.cc (simple_diagnostic_event::print_desc):
New.
(selftest::test_intraprocedural_path): Use debug form of get_desc.
* simple-diagnostic-path.h (simple_diagnostic_event::get_desc):
Convert to...
(simple_diagnostic_event::print_desc): ...this, moving
implementation to test_diagnostic_event.
gcc/testsuite/ChangeLog:
PR other/116613
* gcc.dg/plugin/analyzer_cpython_plugin.c: Convert call outcomes
from "get_desc" to print_desc".
* gcc.dg/plugin/analyzer_gil_plugin.c: Update for changes to
pending_diagnostic vfuncs.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
|
|
These are never nullptr and never change, so use a reference rather
than a pointer.
No functional change intended.
gcc/analyzer/ChangeLog:
* diagnostic-manager.cc
(diagnostic_manager::add_events_for_eedge): Pass sm_ctxt by
reference.
* engine.cc (impl_region_model_context::on_condition): Likewise.
(impl_region_model_context::on_bounded_ranges): Likewise.
(impl_region_model_context::on_phi): Likewise.
(exploded_node::on_stmt): Likewise.
* sm-fd.cc: Update all uses of sm_context * to sm_context &.
* sm-file.cc: Likewise.
* sm-malloc.cc: Likewise.
* sm-pattern-test.cc: Likewise.
* sm-sensitive.cc: Likewise.
* sm-signal.cc: Likewise.
* sm-taint.cc: Likewise.
* sm.h: Likewise.
* varargs.cc: Likewise.
gcc/testsuite/ChangeLog:
* gcc.dg/plugin/analyzer_gil_plugin.c: Update all uses of
sm_context * to sm_context &.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
|
|
This patch adds a new text_art::tree_widget, which makes it easy
to generate hierarchical visualizations using either ASCII:
+- Child 0
| +- Grandchild 0 0
| +- Grandchild 0 1
| `- Grandchild 0 2
+- Child 1
| +- Grandchild 1 0
| +- Grandchild 1 1
| `- Grandchild 1 2
`- Child 2
+- Grandchild 2 0
+- Grandchild 2 1
`- Grandchild 2 2
or Unicode:
Root
├─ Child 0
│ ├─ Grandchild 0 0
│ ├─ Grandchild 0 1
│ ╰─ Grandchild 0 2
├─ Child 1
│ ├─ Grandchild 1 0
│ ├─ Grandchild 1 1
│ ╰─ Grandchild 1 2
╰─ Child 2
├─ Grandchild 2 0
├─ Grandchild 2 1
╰─ Grandchild 2 2
potentially with colorization of the connecting lines.
It adds a new template for typename T:
void text_art::dump<T> (const T&);
for using this to dump any object to stderr that supports a
make_dump_widget method, with similar templates for dumping to
a pretty_printer * and a FILE *.
It uses this within the analyzer to add two new families of dumping
methods: one for program states, e.g.:
(gdb) call state->dump()
State
├─ Region Model
│ ├─ Current Frame: frame: ‘calls_malloc’@2
│ ├─ Store
│ │ ├─ m_called_unknown_fn: false
│ │ ├─ frame: ‘test’@1
│ │ │ ╰─ _1: (INIT_VAL(n_2(D))*(size_t)4)
│ │ ╰─ frame: ‘calls_malloc’@2
│ │ ├─ result_4: &HEAP_ALLOCATED_REGION(27)
│ │ ╰─ _5: &HEAP_ALLOCATED_REGION(27)
│ ╰─ Dynamic Extents
│ ╰─ HEAP_ALLOCATED_REGION(27): (INIT_VAL(n_2(D))*(size_t)4)
╰─ ‘malloc’ state machine
╰─ 0x468cb40: &HEAP_ALLOCATED_REGION(27): unchecked ({free}) (‘result_4’)
and the other for showing the detail of the recursive makeup of svalues
and regions, e.g. the (INIT_VAL(n_2(D))*(size_t)4) from above:
(gdb) call size_in_bytes->dump()
(17): ‘long unsigned int’: binop_svalue(mult_expr: ‘*’)
├─ (15): ‘size_t’: initial_svalue
│ ╰─ m_reg: (12): ‘size_t’: decl_region(‘n_2(D)’)
│ ╰─ parent: (9): frame_region(‘test’, index: 0, depth: 1)
│ ╰─ parent: (1): stack region
│ ╰─ parent: (0): root region
╰─ (16): ‘size_t’: constant_svalue (‘4’)
I've already found both of these useful when debugging analyzer issues.
The patch uses the former to update the output of
-fdump-analyzer-exploded-nodes-2 and
-fdump-analyzer-exploded-nodes-3.
The older dumping functions within the analyzer are retained in case
they turn out to still be useful for debugging.
gcc/ChangeLog:
* Makefile.in (OBJS-libcommon): Add text-art/tree-widget.o.
* doc/analyzer.texi: Rewrite discussion of dumping state to
cover the text_art::tree_widget-based dumps, with a more
interesting example.
* text-art/dump-widget-info.h: New file.
* text-art/dump.h: New file.
* text-art/selftests.cc (selftest::text_art_tests): Call
text_art_tree_widget_cc_tests.
* text-art/selftests.h (selftest::text_art_tree_widget_cc_tests):
New decl.
* text-art/theme.cc (ascii_theme::get_cppchar): Handle the various
cell_kind::TREE_*.
(unicode_theme::get_cppchar): Likewise.
* text-art/theme.h (enum class theme::cell_kind): Add
TREE_CHILD_NON_FINAL, TREE_CHILD_FINAL, TREE_X_CONNECTOR, and
TREE_Y_CONNECTOR.
* text-art/tree-widget.cc: New file.
gcc/analyzer/ChangeLog:
* call-details.cc: Define INCLUDE_VECTOR.
* call-info.cc: Likewise.
* call-summary.cc: Likewise.
* checker-event.cc: Likewise.
* checker-path.cc: Likewise.
* complexity.cc: Likewise.
* constraint-manager.cc: Likewise.
(bounded_range::make_dump_widget): New.
(bounded_ranges::add_to_dump_widget): New.
(equiv_class::make_dump_widget): New.
(constraint::make_dump_widget): New.
(bounded_ranges_constraint::make_dump_widget): New.
(constraint_manager::make_dump_widget): New.
* constraint-manager.h (bounded_range::make_dump_widget): New
decl.
(bounded_ranges::add_to_dump_widget): New decl.
(equiv_class::make_dump_widget): New decl.
(constraint::make_dump_widget): New decl.
(bounded_ranges_constraint::make_dump_widget): New decl.
(constraint_manager::make_dump_widget): New decl.
* diagnostic-manager.cc: Define INCLUDE_VECTOR.
* engine.cc: Likewise. Include "text-art/dump.h".
(setjmp_svalue::print_dump_widget_label): New.
(setjmp_svalue::add_dump_widget_children): New.
(exploded_graph::dump_exploded_nodes): Use text_art::dump_to_file
for -fdump-analyzer-exploded-nodes-2 and
-fdump-analyzer-exploded-nodes-3. Fix overlong line.
* feasible-graph.cc: Define INCLUDE_VECTOR.
* infinite-recursion.cc: Likewise.
* kf-analyzer.cc: Likewise.
* kf-lang-cp.cc: Likewise.
* kf.cc: Likewise.
* known-function-manager.cc: Likewise.
* pending-diagnostic.cc: Likewise.
* program-point.cc: Likewise.
* program-state.cc: Likewise. Include "text-art/tree-widget" and
"text-art/dump.h".
(sm_state_map::make_dump_widget): New.
(program_state::dump): New.
(program_state::make_dump_widget): New.
* program-state.h: Include "text-art/widget.h".
(sm_state_map::make_dump_widget): New decl.
(program_state::dump): New decl.
(program_state::make_dump_widget): New decl.
* ranges.cc: Define INCLUDE_VECTOR.
* record-layout.cc: Likewise.
* region-model-asm.cc: Likewise.
* region-model-manager.cc: Likewise.
* region-model-reachability.cc: Likewise.
* region-model.cc: Likewise. Include "text-art/tree-widget.h".
(region_to_value_map::make_dump_widget): New.
(region_model::dump): New.
(region_model::make_dump_widget): New.
(selftest::test_dump): Add test of dump_to_pp<region_model>.
* region-model.h: Include "text-art/widget.h" and
"text-art/dump.h".
(region_to_value_map::make_dump_widget): New decl.
(region_model::dump): New decl.
(region_model::make_dump_widget): New decl.
* region.cc: Define INCLUDE_VECTOR and include "text-art/dump.h".
(region::dump): New.
(region::make_dump_widget): New.
(region::add_dump_widget_children): New.
(frame_region::print_dump_widget_label): New.
(globals_region::print_dump_widget_label): New.
(code_region::print_dump_widget_label): New.
(function_region::print_dump_widget_label): New.
(label_region::print_dump_widget_label): New.
(stack_region::print_dump_widget_label): New.
(heap_region::print_dump_widget_label): New.
(root_region::print_dump_widget_label): New.
(thread_local_region::print_dump_widget_label): New.
(symbolic_region::print_dump_widget_label): New.
(symbolic_region::add_dump_widget_children): New.
(decl_region::print_dump_widget_label): New.
(field_region::print_dump_widget_label): New.
(element_region::print_dump_widget_label): New.
(element_region::add_dump_widget_children): New.
(offset_region::print_dump_widget_label): New.
(offset_region::add_dump_widget_children): New.
(sized_region::print_dump_widget_label): New.
(sized_region::add_dump_widget_children): New.
(cast_region::print_dump_widget_label): New.
(cast_region::add_dump_widget_children): New.
(heap_allocated_region::print_dump_widget_label): New.
(alloca_region::print_dump_widget_label): New.
(string_region::print_dump_widget_label): New.
(bit_range_region::print_dump_widget_label): New.
(var_arg_region::print_dump_widget_label): New.
(errno_region::print_dump_widget_label): New.
(private_region::print_dump_widget_label): New.
(unknown_region::print_dump_widget_label): New.
* region.h: Include "text-art/widget.h".
(region::dump): New decl.
(region::make_dump_widget): New decl.
(region::add_dump_widget_children): New decl.
(frame_region::print_dump_widget_label): New decl.
(globals_region::print_dump_widget_label): New decl.
(code_region::print_dump_widget_label): New decl.
(function_region::print_dump_widget_label): New decl.
(label_region::print_dump_widget_label): New decl.
(stack_region::print_dump_widget_label): New decl.
(heap_region::print_dump_widget_label): New decl.
(root_region::print_dump_widget_label): New decl.
(thread_local_region::print_dump_widget_label): New decl.
(symbolic_region::print_dump_widget_label): New decl.
(symbolic_region::add_dump_widget_children): New decl.
(decl_region::print_dump_widget_label): New decl.
(field_region::print_dump_widget_label): New decl.
(element_region::print_dump_widget_label): New decl.
(element_region::add_dump_widget_children): New decl.
(offset_region::print_dump_widget_label): New decl.
(offset_region::add_dump_widget_children): New decl.
(sized_region::print_dump_widget_label): New decl.
(sized_region::add_dump_widget_children): New decl.
(cast_region::print_dump_widget_label): New decl.
(cast_region::add_dump_widget_children): New decl.
(heap_allocated_region::print_dump_widget_label): New decl.
(alloca_region::print_dump_widget_label): New decl.
(string_region::print_dump_widget_label): New decl.
(bit_range_region::print_dump_widget_label): New decl.
(var_arg_region::print_dump_widget_label): New decl.
(errno_region::print_dump_widget_label): New decl.
(private_region::print_dump_widget_label): New decl.
(unknown_region::print_dump_widget_label): New decl.
* sm-fd.cc: Define INCLUDE_VECTOR.
* sm-file.cc: Likewise.
* sm-malloc.cc: Likewise.
* sm-pattern-test.cc: Likewise.
* sm-signal.cc: Likewise.
* sm-taint.cc: Likewise.
* sm.cc: Likewise.
* state-purge.cc: Likewise.
* store.cc: Likewise. Include "text-art/tree-widget.h".
(add_binding_to_tree_widget): New.
(binding_map::add_to_tree_widget): New.
(binding_cluster::make_dump_widget): New.
(store::make_dump_widget): New.
* store.h: Include "text-art/tree-widget.h".
(binding_map::add_to_tree_widget): New decl.
(binding_cluster::make_dump_widget): New decl.
(store::make_dump_widget): New decl.
* svalue.cc: Define INCLUDE_VECTOR. Include "make-unique.h" and
"text-art/dump.h".
(svalue::dump): New.
(svalue::make_dump_widget): New.
(region_svalue::print_dump_widget_label): New.
(region_svalue::add_dump_widget_children): New.
(constant_svalue::print_dump_widget_label): New.
(constant_svalue::add_dump_widget_children): New.
(unknown_svalue::print_dump_widget_label): New.
(unknown_svalue::add_dump_widget_children): New.
(poisoned_svalue::print_dump_widget_label): New.
(poisoned_svalue::add_dump_widget_children): New.
(initial_svalue::print_dump_widget_label): New.
(initial_svalue::add_dump_widget_children): New.
(unaryop_svalue::print_dump_widget_label): New.
(unaryop_svalue::add_dump_widget_children): New.
(binop_svalue::print_dump_widget_label): New.
(binop_svalue::add_dump_widget_children): New.
(sub_svalue::print_dump_widget_label): New.
(sub_svalue::add_dump_widget_children): New.
(repeated_svalue::print_dump_widget_label): New.
(repeated_svalue::add_dump_widget_children): New.
(bits_within_svalue::print_dump_widget_label): New.
(bits_within_svalue::add_dump_widget_children): New.
(widening_svalue::print_dump_widget_label): New.
(widening_svalue::add_dump_widget_children): New.
(placeholder_svalue::print_dump_widget_label): New.
(placeholder_svalue::add_dump_widget_children): New.
(unmergeable_svalue::print_dump_widget_label): New.
(unmergeable_svalue::add_dump_widget_children): New.
(compound_svalue::print_dump_widget_label): New.
(compound_svalue::add_dump_widget_children): New.
(conjured_svalue::print_dump_widget_label): New.
(conjured_svalue::add_dump_widget_children): New.
(asm_output_svalue::print_dump_widget_label): New.
(asm_output_svalue::add_dump_widget_children): New.
(const_fn_result_svalue::print_dump_widget_label): New.
(const_fn_result_svalue::add_dump_widget_children): New.
* svalue.h: Include "text-art/widget.h". Add "using
text_art::dump_widget_info".
(svalue::dump): New decl.
(svalue::make_dump_widget): New decl.
(svalue::print_dump_widget_label): New decl.
(svalue::print_dump_widget_label): New decl.
(svalue::add_dump_widget_children): New decl.
(region_svalue::print_dump_widget_label): New decl.
(region_svalue::add_dump_widget_children): New decl.
(constant_svalue::print_dump_widget_label): New decl.
(constant_svalue::add_dump_widget_children): New decl.
(unknown_svalue::print_dump_widget_label): New decl.
(unknown_svalue::add_dump_widget_children): New decl.
(poisoned_svalue::print_dump_widget_label): New decl.
(poisoned_svalue::add_dump_widget_children): New decl.
(initial_svalue::print_dump_widget_label): New decl.
(initial_svalue::add_dump_widget_children): New decl.
(unaryop_svalue::print_dump_widget_label): New decl.
(unaryop_svalue::add_dump_widget_children): New decl.
(binop_svalue::print_dump_widget_label): New decl.
(binop_svalue::add_dump_widget_children): New decl.
(sub_svalue::print_dump_widget_label): New decl.
(sub_svalue::add_dump_widget_children): New decl.
(repeated_svalue::print_dump_widget_label): New decl.
(repeated_svalue::add_dump_widget_children): New decl.
(bits_within_svalue::print_dump_widget_label): New decl.
(bits_within_svalue::add_dump_widget_children): New decl.
(widening_svalue::print_dump_widget_label): New decl.
(widening_svalue::add_dump_widget_children): New decl.
(placeholder_svalue::print_dump_widget_label): New decl.
(placeholder_svalue::add_dump_widget_children): New decl.
(unmergeable_svalue::print_dump_widget_label): New decl.
(unmergeable_svalue::add_dump_widget_children): New decl.
(compound_svalue::print_dump_widget_label): New decl.
(compound_svalue::add_dump_widget_children): New decl.
(conjured_svalue::print_dump_widget_label): New decl.
(conjured_svalue::add_dump_widget_children): New decl.
(asm_output_svalue::print_dump_widget_label): New decl.
(asm_output_svalue::add_dump_widget_children): New decl.
(const_fn_result_svalue::print_dump_widget_label): New decl.
(const_fn_result_svalue::add_dump_widget_children): New decl.
* trimmed-graph.cc: Define INCLUDE_VECTOR.
* varargs.cc: Likewise.
gcc/testsuite/ChangeLog:
* gcc.dg/plugin/analyzer_cpython_plugin.c: Define INCLUDE_VECTOR.
* gcc.dg/plugin/analyzer_gil_plugin.c: Likewise.
* gcc.dg/plugin/analyzer_kernel_plugin.c: Likewise.
* gcc.dg/plugin/analyzer_known_fns_plugin.c: Likewise.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
|
|
As part of PR analyzer/96395, these patches moved testcases from
gcc.dg/analyzer to c-c++-common/analyzer:
- r14-3503-g55f6a7d949abc7
- r14-3823-g50b5199cff6908
- r14-6564-gae034b9106fbdd
Unfortunately this led to numerous g++ testsuite failures on Solaris,
tracked as PR analyzer/111475.
Almost all of the failures are due to standard library differences where
including a C standard library on C++ e.g. <stdlib.h> leads to the plain
symbols referencing the symbols "std::" via a "using" declaration,
whereas I had written the code expecting them to use symbols in the root
namespace.
The analyzer has special-case handling of many functions by name.
This patch generalizes such handling to also match against functions
in "std::" for all of the cases I found in the testsuite (via manual
inspection of the preprocessed test cases against Solaris headers).
This fixes cases where the analyzer was failing to "know about" the
behavior of such functions.
Other such failures are due to "std::" prefixes appearing in names of
functions in the output, leading to mismatches against expected output.
The patch adds regexes to some cases, and moves some other cases back
from c-c++-common to gcc.dg where the dg-multiline syntax isn't
expressive enough.
Various "fd-*.c" failures relate to Solaris's socket-handling functions
not being marked with "noexcept", where due to PR analyzer/97111 we
mishandle the exception-handling edges in the CFG, leading to leak
false positives. The patch works around this by adding -fno-exceptions
to these cases, pending a proper fix for PR analyzer/97111.
gcc/analyzer/ChangeLog:
PR analyzer/111475
* analyzer.cc (is_special_named_call_p): Add "look_in_std" param.
(is_std_function_p): Make non-static.
* analyzer.h (is_special_named_call_p): Add optional "look_in_std"
param.
(is_std_function_p): New decl.
* engine.cc (stmt_requires_new_enode_p): Look for both "signal"
and "std::signal".
* kf.cc (register_known_functions): Add various "std::" copies
of the known functions.
* known-function-manager.cc
(known_function_manager::~known_function_manager): Clean up
m_std_ns_map_id_to_kf.
(known_function_manager::add_std_ns): New.
(known_function_manager::get_match): Also look for known "std::"
functions.
(known_function_manager::get_by_identifier_in_std_ns): New.
* known-function-manager.h
(known_function_manager::add_std_ns): New decl.
(known_function_manager::get_by_identifier_in_std_ns): New decl.
(known_function_manager::m_std_ns_map_id_to_kf): New field.
* sm-file.cc (register_known_file_functions): Add various "std::"
copies of the known functions.
* sm-malloc.cc (malloc_state_machine::on_stmt): Handle
"std::realloc".
* sm-signal.cc (signal_unsafe_p): Consider "std::" copies of the
functions as also being async-signal-unsafe.
(signal_state_machine::on_stmt): Consider "std::signal".
gcc/testsuite/ChangeLog:
PR analyzer/111475
* c-c++-common/analyzer/fd-glibc-byte-stream-socket.c: Add
-fno-exceptions for now.
* c-c++-common/analyzer/fd-manpage-getaddrinfo-client.c: Likewise.
* c-c++-common/analyzer/fd-mappage-getaddrinfo-server.c: Rename to...
* c-c++-common/analyzer/fd-manpage-getaddrinfo-server.c: ...this, and
add -fno-exceptions for now.
* c-c++-common/analyzer/fd-socket-meaning.c: Add -fno-exceptions
for now.
* c-c++-common/analyzer/fd-symbolic-socket.c: Likewise.
* c-c++-common/analyzer/flexible-array-member-1.c: Use regexp to
handle C vs C++ differences in spelling of function name, which
could have a "std::" prefix on some targets.
* c-c++-common/analyzer/pr106539.c: Likewise.
* c-c++-common/analyzer/malloc-ipa-8-unchecked.c: Move back to...
* gcc.dg/analyzer/malloc-ipa-8-unchecked.c: ...here, dropping
attempt to generalize output for C vs C++.
* c-c++-common/analyzer/signal-4a.c: Move back to...
* gcc.dg/analyzer/signal-4a.c: ...here, dropping attempt to
generalize output for C vs C++.
* c-c++-common/analyzer/signal-4b.c: Move back to...
* gcc.dg/analyzer/signal-4b.c: ...here, dropping attempt to
generalize output for C vs C++.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
|
|
PR analyzer/114159 reports an ICE inside playback of call summaries
for very low values of --param=analyzer-max-svalue-depth=VAL.
Root cause is that call_summary_edge_info's ctor tries to evaluate
the function ptr of a gimple call stmt and assumes it gets a function *,
but with low values of --param=analyzer-max-svalue-depth=VAL we get
back an UNKNOWN svalue, rather than a pointer to a specific function.
Fix by adding a new call_info ctor that passes a specific
const function & from the call_summary_edge_info, rather than trying
to compute the function.
In doing so, I noticed that the analyzer was using "function *" despite
not modifying functions, and was sloppy about can-be-null versus
must-be-non-null function pointers, so I "constified" the function, and
converted the many places where the function must be non-null to be
"const function &".
gcc/analyzer/ChangeLog:
PR analyzer/114159
* analyzer.cc: Include "tree-dfa.h".
(get_ssa_default_def): New decl.
* analyzer.h (get_ssa_default_def): New.
* call-info.cc (call_info::call_info): New ctor taking an explicit
called_fn.
* call-info.h (call_info::call_info): Likewise.
* call-summary.cc (call_summary_replay::call_summary_replay):
Convert param from function * to const function &.
* call-summary.h (call_summary_replay::call_summary_replay):
Likewise.
* checker-event.h (state_change_event::get_dest_function):
Constify return value.
* engine.cc (point_and_state::validate): Update for conversion to
const function &.
(exploded_node::on_stmt): Likewise.
(call_summary_edge_info::call_summary_edge_info): Likewise.
Pass in called_fn to call_info ctor.
(exploded_node::replay_call_summaries): Update for conversion to
const function &. Convert per_function_data from * to &.
(exploded_node::replay_call_summary): Update for conversion to
const function &.
(exploded_graph::add_function_entry): Likewise.
(toplevel_function_p): Likewise.
(add_tainted_args_callback): Likewise.
(exploded_graph::build_initial_worklist): Likewise.
(exploded_graph::maybe_create_dynamic_call): Likewise.
(maybe_update_for_edge): Likewise.
(exploded_graph::on_escaped_function): Likewise.
* exploded-graph.h (exploded_node::replay_call_summaries):
Likewise.
(exploded_node::replay_call_summary): Likewise.
(exploded_graph::add_function_entry): Likewise.
* program-point.cc (function_point::from_function_entry):
Likewise.
(program_point::from_function_entry): Likewise.
* program-point.h (function_point::from_function_entry): Likewise.
(program_point::from_function_entry): Likewise.
* program-state.cc (program_state::push_frame): Likewise.
(program_state::get_current_function): Constify return type.
* program-state.h (program_state::push_frame): Update for
conversion to const function &.
(program_state::get_current_function): Likewise.
* region-model-manager.cc
(region_model_manager::get_frame_region): Likewise.
* region-model-manager.h
(region_model_manager::get_frame_region): Likewise.
* region-model.cc (region_model::called_from_main_p): Likewise.
(region_model::update_for_gcall): Likewise.
(region_model::push_frame): Likewise.
(region_model::get_current_function): Constify return type.
(region_model::pop_frame): Update for conversion to
const function &.
(selftest::test_stack_frames): Likewise.
(selftest::test_get_representative_path_var): Likewise.
(selftest::test_state_merging): Likewise.
(selftest::test_alloca): Likewise.
* region-model.h (region_model::push_frame): Likewise.
(region_model::get_current_function): Likewise.
* region.cc (frame_region::dump_to_pp): Likewise.
(frame_region::get_region_for_local): Likewise.
* region.h (class frame_region): Likewise.
* sm-signal.cc (signal_unsafe_call::describe_state_change):
Likewise.
(update_model_for_signal_handler): Likewise.
(signal_delivery_edge_info_t::update_model): Likewise.
(register_signal_handler::impl_transition): Likewise.
* state-purge.cc (class gimple_op_visitor): Likewise.
(state_purge_map::state_purge_map): Likewise.
(state_purge_map::get_or_create_data_for_decl): Likewise.
(state_purge_per_ssa_name::state_purge_per_ssa_name): Likewise.
(state_purge_per_ssa_name::add_to_worklist): Likewise.
(state_purge_per_ssa_name::process_point): Likewise.
(state_purge_per_decl::add_to_worklist): Likewise.
(state_purge_annotator::print_needed): Likewise.
* state-purge.h
(state_purge_map::get_or_create_data_for_decl): Likewise.
(class state_purge_per_tree): Likewise.
(class state_purge_per_ssa_name): Likewise.
(class state_purge_per_decl): Likewise.
* supergraph.cc (supergraph::dump_dot_to_pp): Likewise.
* supergraph.h
(supergraph::get_node_for_function_entry): Likewise.
(supergraph::get_node_for_function_exit): Likewise.
gcc/ChangeLog:
PR analyzer/114159
* function.cc (function_name): Make param const.
* function.h (function_name): Likewise.
gcc/testsuite/ChangeLog:
PR analyzer/114159
* c-c++-common/analyzer/call-summaries-pr114159.c: New test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
|
|
|
|
Avoid copying eedges in infinite_loop::infinite_loop.
Use initializer lists in the various places reported in
PR analyzer/112655 (apart from coord_test's ctor, which
would require nontrivial refactoring).
gcc/analyzer/ChangeLog:
PR analyzer/112655
* infinite-loop.cc (infinite_loop::infinite_loop): Pass eedges
via rvalue reference rather than by value.
(starts_infinite_loop_p): Move eedges when constructing an
infinite_loop instance.
* sm-file.cc (fileptr_state_machine::fileptr_state_machine): Use
initializer list for states.
* sm-sensitive.cc
(sensitive_state_machine::sensitive_state_machine): Likewise.
* sm-signal.cc (signal_state_machine::signal_state_machine):
Likewise.
* sm-taint.cc (taint_state_machine::taint_state_machine):
Likewise.
* varargs.cc (va_list_state_machine::va_list_state_machine): Likewise.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
|
|
I've found it useful in debugging the analyzer for the SARIF output to
contain extra analyzer-specific data in each diagnostic.
This patch:
* adds a way for a diagnostic_metadata to populate a property
bag within a SARIF "result" object based on a new vfunc
* reworks how diagnostics are emitted within the analyzer so
that a custom diagnostic_metadata subclass is used, which populates
the property bag with information from the saved_diagnostic, and with
a vfunc hook allowing for per-pending_diagnotic-subclass extra
properties.
Doing so makes it trivial to go from the SARIF output back to
pertinent parts of the analyzer's internals (e.g. the index of
the diagnostic within the ana::diagnostic_manager, the index of
the ana::exploded_node, etc).
It also replaces a lot of boilerplate in the "emit" implementations
in the various pending_diagnostics subclasses. In particular, doing
so fixes missing CVE metadata for -Wanalyzer-fd-phase-mismatch (where
sm-fd.cc's fd_phase_mismatch::emit was failing to use its
diagnostic_metadata instance).
gcc/analyzer/ChangeLog:
* analyzer.h (class saved_diagnostic): New forward decl.
* bounds-checking.cc: Update for changes to
pending_diagnostic::emit.
* call-details.cc: Likewise.
* diagnostic-manager.cc: Include "diagnostic-format-sarif.h".
(saved_diagnostic::maybe_add_sarif_properties): New.
(class pending_diagnostic_metadata): New.
(diagnostic_manager::emit_saved_diagnostic): Create a
pending_diagnostic_metadata and a diagnostic_emission_context.
Pass the latter to the pending_diagnostic::emit vfunc.
* diagnostic-manager.h
(saved_diagnostic::maybe_add_sarif_properties): New decl.
* engine.cc: Update for changes to pending_diagnostic::emit.
* infinite-loop.cc: Likewise.
* infinite-recursion.cc: Likewise.
* kf-analyzer.cc: Likewise.
* kf.cc: Likewise.
* pending-diagnostic.cc
(diagnostic_emission_context::get_pending_diagnostic): New.
(diagnostic_emission_context::warn): New.
(diagnostic_emission_context::inform): New.
* pending-diagnostic.h (class diagnostic_emission_context): New.
(pending_diagnostic::emit): Update params.
(pending_diagnostic::maybe_add_sarif_properties): New vfunc.
* region.cc: Don't include "diagnostic-metadata.h".
* region-model.cc: Include "diagnostic-format-sarif.h". Update
for changes to pending_diagnostic::emit.
(exposure_through_uninit_copy::maybe_add_sarif_properties): New.
* sm-fd.cc: Update for changes to pending_diagnostic::emit.
* sm-file.cc: Likewise.
* sm-malloc.cc: Likewise.
* sm-pattern-test.cc: Likewise.
* sm-sensitive.cc: Likewise.
* sm-signal.cc: Likewise.
* sm-taint.cc: Likewise.
* store.cc: Don't include "diagnostic-metadata.h".
* varargs.cc: Update for changes to pending_diagnostic::emit.
gcc/ChangeLog:
* diagnostic-core.h (emit_diagnostic_valist): New overload decl.
* diagnostic-format-sarif.cc (sarif_builder::make_result_object):
When we have metadata, call its maybe_add_sarif_properties vfunc.
* diagnostic-metadata.h (class sarif_object): Forward decl.
(diagnostic_metadata::~diagnostic_metadata): New.
(diagnostic_metadata::maybe_add_sarif_properties): New vfunc.
* diagnostic.cc (emit_diagnostic_valist): New overload.
gcc/testsuite/ChangeLog:
* gcc.dg/analyzer/fd-accept.c: Update for fix to missing CWE
metadata for -Wanalyzer-fd-phase-mismatch.
* gcc.dg/analyzer/fd-bind.c: Likewise.
* gcc.dg/analyzer/fd-socket-misuse.c: Likewise.
* gcc.dg/plugin/analyzer_cpython_plugin.c: Update for changes to
pending_diagnostic::emit.
* gcc.dg/plugin/analyzer_gil_plugin.c: Likewise.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
|
|
This patch implements a new analyzer warning: -Wanalyzer-infinite-loop.
It works by examining the exploded graph once the latter has been
fully built. It attempts to detect cycles in the exploded graph in
which:
- no externally visible work occurs
- no escape is possible from the cycle once it has been entered
- the program state is "sufficiently concrete" at each step:
- no unknown activity could be occurring
- the worklist was fully drained for each enode in the cycle
i.e. every enode in the cycle is processed
For example, it correctly complains about this bogus "for" loop:
int sum = 0;
for (struct node *iter = n; iter; iter->next)
sum += n->val;
return sum;
like this:
infinite-loop-linked-list.c: In function ‘for_loop_noop_next’:
infinite-loop-linked-list.c:110:31: warning: infinite loop [CWE-835] [-Wanalyzer-infinite-loop]
110 | for (struct node *iter = n; iter; iter->next)
| ^~~~
‘for_loop_noop_next’: events 1-5
|
| 110 | for (struct node *iter = n; iter; iter->next)
| | ^~~~
| | |
| | (1) infinite loop here
| | (2) when ‘iter’ is non-NULL: always following ‘true’ branch...
| | (5) ...to here
| 111 | sum += n->val;
| | ~~~~~~~~~~~~~
| | | |
| | | (3) ...to here
| | (4) looping back...
|
gcc/ChangeLog:
PR analyzer/106147
* Makefile.in (ANALYZER_OBJS): Add analyzer/infinite-loop.o.
* doc/invoke.texi: Add -fdump-analyzer-infinite-loop and
-Wanalyzer-infinite-loop. Add missing CWE link for
-Wanalyzer-infinite-recursion.
* timevar.def (TV_ANALYZER_INFINITE_LOOPS): New.
gcc/analyzer/ChangeLog:
PR analyzer/106147
* analyzer.opt (Wanalyzer-infinite-loop): New option.
(fdump-analyzer-infinite-loop): New option.
* checker-event.h (start_cfg_edge_event::get_desc): Drop "final".
(start_cfg_edge_event::maybe_describe_condition): Convert from
private to protected.
* checker-path.h (checker_path::get_logger): New.
* diagnostic-manager.cc (process_worklist_item): Update for
new context param of maybe_update_for_edge.
* engine.cc
(impl_region_model_context::impl_region_model_context): Add
out_could_have_done_work param to both ctors and use it to
initialize mm_out_could_have_done_work.
(impl_region_model_context::maybe_did_work): New vfunc
implementation.
(exploded_node::on_stmt): Add out_could_have_done_work param and
pass to ctxt ctor.
(exploded_node::on_stmt_pre): Treat setjmp and longjmp as "doing
work".
(exploded_node::on_longjmp): Likewise.
(exploded_edge::exploded_edge): Add "could_do_work" param and use
it to initialize m_could_do_work_p.
(exploded_edge::dump_dot_label): Add result of could_do_work_p.
(exploded_graph::add_function_entry): Mark edge as doing no work.
(exploded_graph::add_edge): Add "could_do_work" param and pass to
exploded_edge ctor.
(add_tainted_args_callback): Treat as doing no work.
(exploded_graph::process_worklist): Likewise when merging nodes.
(maybe_process_run_of_before_supernode_enodes::item): Likewise.
(exploded_graph::maybe_create_dynamic_call): Likewise.
(exploded_graph::process_node): Likewise for phi nodes.
Pass in a "could_have_done_work" bool when handling stmts and use
when creating edges. Assume work is done at bifurcation.
(exploded_path::feasible_p): Update for new context param of
maybe_update_for_edge.
(feasibility_state::feasibility_state): New ctor.
(feasibility_state::operator=): New.
(feasibility_state::maybe_update_for_edge): Add ctxt param and use
it. Fix missing newline when logging state.
(impl_run_checkers): Call exploded_graph::detect_infinite_loops.
* exploded-graph.h
(impl_region_model_context::impl_region_model_context): Add
out_could_have_done_work param to both ctors.
(impl_region_model_context::maybe_did_work): New decl.
(impl_region_model_context::checking_for_infinite_loop_p): New.
(impl_region_model_context::on_unusable_in_infinite_loop): New.
(impl_region_model_context::m_out_could_have_done_work): New
field.
(exploded_node::on_stmt): Add "out_could_have_done_work" param.
(exploded_edge::exploded_edge): Add "could_do_work" param.
(exploded_edge::could_do_work_p): New accessor.
(exploded_edge::m_could_do_work_p): New field.
(exploded_graph::add_edge): Add "could_do_work" param.
(exploded_graph::detect_infinite_loops): New decl.
(feasibility_state::feasibility_state): New ctor.
(feasibility_state::operator=): New decl.
(feasibility_state::maybe_update_for_edge): Add ctxt param.
* infinite-loop.cc: New file.
* program-state.cc (program_state::on_edge): Log the rejected
constraint when region_model::maybe_update_for_edge fails.
* region-model.cc (region_model::on_assignment): Treat any writes
other than to the stack as "doing work".
(region_model::on_stmt_pre): Treat all asm stmts as "doing work".
(region_model::on_call_post): Likewise for all calls to functions
with unknown side effects.
(region_model::handle_phi): Add svals_changing_meaning param.
Mark widening svalue in phi nodes as changing meaning.
(unusable_in_infinite_loop_constraint_p): New.
(region_model::add_constraint): If we're checking for an infinite
loop, bail out on unusable svalues, or if we don't have a definite
true/false for the constraint.
(region_model::update_for_phis): Gather all svalues changing
meaning in phi nodes, and purge constraints involving them.
(region_model::replay_call_summary): Treat all call summaries as
doing work.
(region_model::can_merge_with_p): Purge constraints involving
svalues that change meaning.
(model_merger::on_widening_reuse): New.
(test_iteration_1): Likewise.
(selftest::test_iteration_1): Remove assertion that model6 "knows"
that i < 157.
* region-model.h (region_model::handle_phi): Add
svals_changing_meaning param
(region_model_context::maybe_did_work): New pure virtual func.
(region_model_context::checking_for_infinite_loop_p): Likewise.
(region_model_context::on_unusable_in_infinite_loop): Likewise.
(noop_region_model_context::maybe_did_work): Implement.
(noop_region_model_context::checking_for_infinite_loop_p):
Likewise.
(noop_region_model_context::on_unusable_in_infinite_loop):
Likewise.
(region_model_context_decorator::maybe_did_work): Implement.
(region_model_context_decorator::checking_for_infinite_loop_p):
Likewise.
(region_model_context_decorator::on_unusable_in_infinite_loop):
Likewise.
(model_merger::on_widening_reuse): New decl.
(model_merger::m_svals_changing_meaning): New field.
* sm-signal.cc (register_signal_handler::impl_transition): Assume
the edge "does work".
* supergraph.cc (supernode::get_start_location): Use CFG edge's
goto_locus if available.
(supernode::get_end_location): Likewise.
(cfg_superedge::dump_label_to_pp): Dump edges with a "goto_locus"
* supergraph.h (cfg_superedge::get_goto_locus): New.
* svalue.cc (svalue::can_merge_p): Call on_widening_reuse for
widening values.
(involvement_visitor::visit_widening_svalue): New.
(svalue::involves_p): Update assertion to allow widening svalues.
gcc/testsuite/ChangeLog:
PR analyzer/106147
* c-c++-common/analyzer/gzio-2.c: Add dg-warning for infinite
loop, marked as xfail.
* c-c++-common/analyzer/infinite-loop-2.c: New test.
* c-c++-common/analyzer/infinite-loop-4.c: New test.
* c-c++-common/analyzer/infinite-loop-crc32c.c: New test.
* c-c++-common/analyzer/infinite-loop-doom-d_main-IdentifyVersion.c:
New test.
* c-c++-common/analyzer/infinite-loop-doom-v_video.c: New test.
* c-c++-common/analyzer/infinite-loop-g_error.c: New test.
* c-c++-common/analyzer/infinite-loop-linked-list.c: New test.
* c-c++-common/analyzer/infinite-recursion-inlining.c: Add
dg-warning directives for infinite loop.
* c-c++-common/analyzer/inlining-4-multiline.c: Update expected
paths for event 5 having a location.
* gcc.dg/analyzer/boxed-malloc-1.c: Add dg-warning for infinite
loop.
* gcc.dg/analyzer/data-model-20.c: Likewise. Add comment about
suspect code, and create...
* gcc.dg/analyzer/data-model-20a.c: ...this new test by cleaning
it up.
* gcc.dg/analyzer/edges-1.c: Add a placeholder statement to avoid
the "...to here" from the if stmt occurring at the "while", and
thus being treated as a bogus event.
* gcc.dg/analyzer/explode-2a.c: Add dg-warning for infinite loop.
* gcc.dg/analyzer/infinite-loop-1.c: New test.
* gcc.dg/analyzer/malloc-1.c: Add dg-warning for infinite loop.
* gcc.dg/analyzer/out-of-bounds-coreutils.c: Add TODO.
* gcc.dg/analyzer/paths-4.c: Add dg-warning for infinite loop.
* gcc.dg/analyzer/pr103892.c: Likewise.
* gcc.dg/analyzer/pr93546.c: Likewise.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
|
|
This patch extends -Wanalyzer-out-of-bounds so that, where possible, it
will emit a text art diagram visualizing the spatial relationship between
(a) the memory region that the analyzer predicts would be accessed, versus
(b) the range of memory that is valid to access - whether they overlap,
are touching, are close or far apart; which one is before or after in
memory, the relative sizes involved, the direction of the access (read vs
write), and, in some cases, the values of data involved. This diagram
can be suppressed using -fdiagnostics-text-art-charset=none.
For example, given:
int32_t arr[10];
int32_t int_arr_read_element_before_start_far(void)
{
return arr[-100];
}
it emits:
demo-1.c: In function ‘int_arr_read_element_before_start_far’:
demo-1.c:7:13: warning: buffer under-read [CWE-127] [-Wanalyzer-out-of-bounds]
7 | return arr[-100];
| ~~~^~~~~~
‘int_arr_read_element_before_start_far’: event 1
|
| 7 | return arr[-100];
| | ~~~^~~~~~
| | |
| | (1) out-of-bounds read from byte -400 till byte -397 but ‘arr’ starts at byte 0
|
demo-1.c:7:13: note: valid subscripts for ‘arr’ are ‘[0]’ to ‘[9]’
┌───────────────────────────┐
│read of ‘int32_t’ (4 bytes)│
└───────────────────────────┘
^
│
│
┌───────────────────────────┐ ┌────────┬────────┬─────────┐
│ │ │ [0] │ ... │ [9] │
│ before valid range │ ├────────┴────────┴─────────┤
│ │ │‘arr’ (type: ‘int32_t[10]’)│
└───────────────────────────┘ └───────────────────────────┘
├─────────────┬─────────────┤├─────┬──────┤├─────────────┬─────────────┤
│ │ │
╭────────────┴───────────╮ ╭────┴────╮ ╭───────┴──────╮
│⚠️ under-read of 4 bytes│ │396 bytes│ │size: 40 bytes│
╰────────────────────────╯ ╰─────────╯ ╰──────────────╯
and given:
#include <string.h>
void
test_non_ascii ()
{
char buf[5];
strcpy (buf, "文字化け");
}
it emits:
demo-2.c: In function ‘test_non_ascii’:
demo-2.c:7:3: warning: stack-based buffer overflow [CWE-121] [-Wanalyzer-out-of-bounds]
7 | strcpy (buf, "文字化け");
| ^~~~~~~~~~~~~~~~~~~~~~~~
‘test_non_ascii’: events 1-2
|
| 6 | char buf[5];
| | ^~~
| | |
| | (1) capacity: 5 bytes
| 7 | strcpy (buf, "文字化け");
| | ~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (2) out-of-bounds write from byte 5 till byte 12 but ‘buf’ ends at byte 5
|
demo-2.c:7:3: note: write of 8 bytes to beyond the end of ‘buf’
7 | strcpy (buf, "文字化け");
| ^~~~~~~~~~~~~~~~~~~~~~~~
demo-2.c:7:3: note: valid subscripts for ‘buf’ are ‘[0]’ to ‘[4]’
┌─────┬─────┬─────┬────┬────┐┌────┬────┬────┬────┬────┬────┬────┬──────┐
│ [0] │ [1] │ [2] │[3] │[4] ││[5] │[6] │[7] │[8] │[9] │[10]│[11]│ [12] │
├─────┼─────┼─────┼────┼────┤├────┼────┼────┼────┼────┼────┼────┼──────┤
│0xe6 │0x96 │0x87 │0xe5│0xad││0x97│0xe5│0x8c│0x96│0xe3│0x81│0x91│ 0x00 │
├─────┴─────┴─────┼────┴────┴┴────┼────┴────┴────┼────┴────┴────┼──────┤
│ U+6587 │ U+5b57 │ U+5316 │ U+3051 │U+0000│
├─────────────────┼───────────────┼──────────────┼──────────────┼──────┤
│ 文 │ 字 │ 化 │ け │ NUL │
├─────────────────┴───────────────┴──────────────┴──────────────┴──────┤
│ string literal (type: ‘char[13]’) │
└──────────────────────────────────────────────────────────────────────┘
│ │ │ │ │ │ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │ │ │ │ │ │
v v v v v v v v v v v v v
┌─────┬────────────────┬────┐┌─────────────────────────────────────────┐
│ [0] │ ... │[4] ││ │
├─────┴────────────────┴────┤│ after valid range │
│ ‘buf’ (type: ‘char[5]’) ││ │
└───────────────────────────┘└─────────────────────────────────────────┘
├─────────────┬─────────────┤├────────────────────┬────────────────────┤
│ │
╭────────┴────────╮ ╭───────────┴──────────╮
│capacity: 5 bytes│ │⚠️ overflow of 8 bytes│
╰─────────────────╯ ╰──────────────────────╯
showing that the overflow occurs partway through the UTF-8 encoding of
the U+5b57 code point.
There are lots more examples in the test suite.
It doesn't show up in this email, but the above diagrams are colorized
to constrast the valid and invalid access ranges.
gcc/ChangeLog:
PR analyzer/106626
* Makefile.in (ANALYZER_OBJS): Add analyzer/access-diagram.o.
* doc/invoke.texi (Wanalyzer-out-of-bounds): Add description of
text art.
(fanalyzer-debug-text-art): New.
gcc/analyzer/ChangeLog:
PR analyzer/106626
* access-diagram.cc: New file.
* access-diagram.h: New file.
* analyzer.h (class region_offset): Add default ctor.
(region_offset::make_byte_offset): New decl.
(region_offset::concrete_p): New.
(region_offset::get_concrete_byte_offset): New.
(region_offset::calc_symbolic_bit_offset): New decl.
(region_offset::calc_symbolic_byte_offset): New decl.
(region_offset::dump_to_pp): New decl.
(region_offset::dump): New decl.
(operator<, operator<=, operator>, operator>=): New decls for
region_offset.
* analyzer.opt
(-param=analyzer-text-art-string-ellipsis-threshold=): New.
(-param=analyzer-text-art-string-ellipsis-head-len=): New.
(-param=analyzer-text-art-string-ellipsis-tail-len=): New.
(-param=analyzer-text-art-ideal-canvas-width=): New.
(fanalyzer-debug-text-art): New.
* bounds-checking.cc: Include "intl.h", "diagnostic-diagram.h",
and "analyzer/access-diagram.h".
(class out_of_bounds::oob_region_creation_event_capacity): New.
(out_of_bounds::out_of_bounds): Add "model" and "sval_hint"
params.
(out_of_bounds::mark_interesting_stuff): Use the base region.
(out_of_bounds::add_region_creation_events): Use
oob_region_creation_event_capacity.
(out_of_bounds::get_dir): New pure vfunc.
(out_of_bounds::maybe_show_notes): New.
(out_of_bounds::maybe_show_diagram): New.
(out_of_bounds::make_access_diagram): New.
(out_of_bounds::m_model): New field.
(out_of_bounds::m_sval_hint): New field.
(out_of_bounds::m_region_creation_event_id): New field.
(concrete_out_of_bounds::concrete_out_of_bounds): Update for new
fields.
(concrete_past_the_end::concrete_past_the_end): Likewise.
(concrete_past_the_end::add_region_creation_events): Use
oob_region_creation_event_capacity.
(concrete_buffer_overflow::concrete_buffer_overflow): Update for
new fields.
(concrete_buffer_overflow::emit): Replace call to
maybe_describe_array_bounds with maybe_show_notes.
(concrete_buffer_overflow::get_dir): New.
(concrete_buffer_over_read::concrete_buffer_over_read): Update for
new fields.
(concrete_buffer_over_read::emit): Replace call to
maybe_describe_array_bounds with maybe_show_notes.
(concrete_buffer_overflow::get_dir): New.
(concrete_buffer_underwrite::concrete_buffer_underwrite): Update
for new fields.
(concrete_buffer_underwrite::emit): Replace call to
maybe_describe_array_bounds with maybe_show_notes.
(concrete_buffer_underwrite::get_dir): New.
(concrete_buffer_under_read::concrete_buffer_under_read): Update
for new fields.
(concrete_buffer_under_read::emit): Replace call to
maybe_describe_array_bounds with maybe_show_notes.
(concrete_buffer_under_read::get_dir): New.
(symbolic_past_the_end::symbolic_past_the_end): Update for new
fields.
(symbolic_buffer_overflow::symbolic_buffer_overflow): Likewise.
(symbolic_buffer_overflow::emit): Call maybe_show_notes.
(symbolic_buffer_overflow::get_dir): New.
(symbolic_buffer_over_read::symbolic_buffer_over_read): Update for
new fields.
(symbolic_buffer_over_read::emit): Call maybe_show_notes.
(symbolic_buffer_over_read::get_dir): New.
(region_model::check_symbolic_bounds): Add "sval_hint" param. Pass
it and sized_offset_reg to diagnostics.
(region_model::check_region_bounds): Add "sval_hint" param, passing
it to diagnostics.
* diagnostic-manager.cc
(diagnostic_manager::emit_saved_diagnostic): Pass logger to
pending_diagnostic::emit.
* engine.cc: Add logger param to pending_diagnostic::emit
implementations.
* infinite-recursion.cc: Likewise.
* kf-analyzer.cc: Likewise.
* kf.cc: Likewise. Add nullptr for new param of
check_region_for_write.
* pending-diagnostic.h: Likewise in decl.
* region-model-manager.cc
(region_model_manager::get_or_create_int_cst): Convert param from
poly_int64 to const poly_wide_int_ref &.
(region_model_manager::maybe_fold_binop): Support type being NULL
when checking for floating-point types.
Check for (X + Y) - X => Y. Be less strict about types when folding
associative ops. Check for (X + Y) * CST => (X * CST) + (Y * CST).
* region-model-manager.h
(region_model_manager::get_or_create_int_cst): Convert param from
poly_int64 to const poly_wide_int_ref &.
* region-model.cc: Add logger param to pending_diagnostic::emit
implementations.
(region_model::check_external_function_for_access_attr): Update
for new param of check_region_for_write.
(region_model::deref_rvalue): Use nullptr rather than NULL.
(region_model::get_capacity): Handle RK_STRING.
(region_model::check_region_access): Add "sval_hint" param; pass it to
check_region_bounds.
(region_model::check_region_for_write): Add "sval_hint" param;
pass it to check_region_access.
(region_model::check_region_for_read): Add NULL for new param to
check_region_access.
(region_model::set_value): Pass rhs_sval to
check_region_for_write.
(region_model::get_representative_path_var_1): Handle SK_CONSTANT
in the check for infinite recursion.
* region-model.h (region_model::check_region_for_write): Add
"sval_hint" param.
(region_model::check_region_access): Likewise.
(region_model::check_symbolic_bounds): Likewise.
(region_model::check_region_bounds): Likewise.
* region.cc (region_offset::make_byte_offset): New.
(region_offset::calc_symbolic_bit_offset): New.
(region_offset::calc_symbolic_byte_offset): New.
(region_offset::dump_to_pp): New.
(region_offset::dump): New.
(struct linear_op): New.
(operator<, operator<=, operator>, operator>=): New, for
region_offset.
(region::get_next_offset): New.
(region::get_relative_symbolic_offset): Use ptrdiff_type_node.
(field_region::get_relative_symbolic_offset): Likewise.
(element_region::get_relative_symbolic_offset): Likewise.
(bit_range_region::get_relative_symbolic_offset): Likewise.
* region.h (region::get_next_offset): New decl.
* sm-fd.cc: Add logger param to pending_diagnostic::emit
implementations.
* sm-file.cc: Likewise.
* sm-malloc.cc: Likewise.
* sm-pattern-test.cc: Likewise.
* sm-sensitive.cc: Likewise.
* sm-signal.cc: Likewise.
* sm-taint.cc: Likewise.
* store.cc (bit_range::contains_p): Allow "out" to be null.
* store.h (byte_range::get_start_bit_offset): New.
(byte_range::get_next_bit_offset): New.
* varargs.cc: Add logger param to pending_diagnostic::emit
implementations.
gcc/testsuite/ChangeLog:
PR analyzer/106626
* gcc.dg/analyzer/data-model-1.c (test_16): Update for
out-of-bounds working.
* gcc.dg/analyzer/out-of-bounds-diagram-1-ascii.c: New test.
* gcc.dg/analyzer/out-of-bounds-diagram-1-debug.c: New test.
* gcc.dg/analyzer/out-of-bounds-diagram-1-emoji.c: New test.
* gcc.dg/analyzer/out-of-bounds-diagram-1-json.c: New test.
* gcc.dg/analyzer/out-of-bounds-diagram-1-sarif.c: New test.
* gcc.dg/analyzer/out-of-bounds-diagram-1-unicode.c: New test.
* gcc.dg/analyzer/out-of-bounds-diagram-10.c: New test.
* gcc.dg/analyzer/out-of-bounds-diagram-11.c: New test.
* gcc.dg/analyzer/out-of-bounds-diagram-12.c: New test.
* gcc.dg/analyzer/out-of-bounds-diagram-13.c: New test.
* gcc.dg/analyzer/out-of-bounds-diagram-14.c: New test.
* gcc.dg/analyzer/out-of-bounds-diagram-15.c: New test.
* gcc.dg/analyzer/out-of-bounds-diagram-2.c: New test.
* gcc.dg/analyzer/out-of-bounds-diagram-3.c: New test.
* gcc.dg/analyzer/out-of-bounds-diagram-4.c: New test.
* gcc.dg/analyzer/out-of-bounds-diagram-5-ascii.c: New test.
* gcc.dg/analyzer/out-of-bounds-diagram-5-unicode.c: New test.
* gcc.dg/analyzer/out-of-bounds-diagram-6.c: New test.
* gcc.dg/analyzer/out-of-bounds-diagram-7.c: New test.
* gcc.dg/analyzer/out-of-bounds-diagram-8.c: New test.
* gcc.dg/analyzer/out-of-bounds-diagram-9.c: New test.
* gcc.dg/analyzer/pattern-test-2.c: Update expected results.
* gcc.dg/analyzer/pr101962.c: Update expected results.
* gcc.dg/plugin/analyzer_gil_plugin.c: Add logger param to
pending_diagnostic::emit implementations.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
|
|
|
|
gcc/analyzer/ChangeLog:
* analyzer.h (struct event_loc_info): New forward decl.
* bounds-checking.cc: Use event_loc_info throughout to bundle the
loc, fndecl, depth triples.
* call-info.cc: Likewise.
* checker-event.cc: Likewise.
* checker-event.h (struct event_loc_info): New decl. Use it
throughout to bundle the loc, fndecl, depth triples.
* checker-path.cc: Likewise.
* checker-path.h: Likewise.
* diagnostic-manager.cc: Likewise.
* engine.cc: Likewise.
* infinite-recursion.cc: Likewise.
* pending-diagnostic.cc: Likewise.
* pending-diagnostic.h: Likewise.
* region-model.cc: Likewise.
* sm-signal.cc: Likewise.
* varargs.cc: Likewise.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
|
|
gcc/analyzer/ChangeLog:
* call-info.cc: Use std::unique_ptr for checker_event.
* checker-path.cc: Likewise.
* checker-path.h: Likewise.
* diagnostic-manager.cc: Likewise.
* engine.cc: Likewise.
* pending-diagnostic.cc: Likewise.
* sm-signal.cc: Likewise.
* varargs.cc: Likewise.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
|
|
gcc/analyzer/ChangeLog:
* checker-path.cc (rewind_event::rewind_event): Update for usage of
std::unique_ptr on custom_edge_info.
* engine.cc (exploded_node::on_longjmp): Likewise.
(exploded_edge::exploded_edge): Likewise.
(exploded_edge::~exploded_edge): Delete.
(exploded_graph::add_function_entry): Update for usage of
std::unique_ptr on custom_edge_info.
(exploded_graph::add_edge): Likewise.
(add_tainted_args_callback): Likewise.
(exploded_graph::maybe_create_dynamic_call): Likewise.
(exploded_graph::process_node): Likewise.
* exploded-graph.h (exploded_edge::~exploded_edge): Delete.
(exploded_edge::m_custom_info): Use std::unique_ptr.
(exploded_edge::add_edge): Likewise.
* sm-signal.cc (register_signal_handler::impl_transition): Use
make_unique.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
|
|
gcc/analyzer/ChangeLog:
* call-info.cc: Add define of INCLUDE_MEMORY.
* call-summary.cc: Likewise.
* checker-path.cc: Likewise.
* constraint-manager.cc: Likewise.
* diagnostic-manager.cc: Likewise.
(saved_diagnostic::saved_diagnostic): Use std::unique_ptr for
param d and field m_d.
(saved_diagnostic::~saved_diagnostic): Remove explicit delete of m_d.
(saved_diagnostic::add_note): Use std::unique_ptr for
param pn.
(saved_diagnostic::get_pending_diagnostic): Update for conversion
of m_sd.m_d to unique_ptr.
(diagnostic_manager::add_diagnostic): Use std::unique_ptr for
param d. Remove explicit deletion.
(diagnostic_manager::add_note): Use std::unique_ptr for param pn.
(diagnostic_manager::emit_saved_diagnostic): Update for conversion
of m_sd.m_d to unique_ptr.
(null_assignment_sm_context::warn): Use std::unique_ptr for
param d. Remove explicit deletion.
* diagnostic-manager.h (saved_diagnostic::saved_diagnostic): Use
std::unique_ptr for param d.
(saved_diagnostic::add_note): Likewise for param pn.
(saved_diagnostic::m_d): Likewise.
(diagnostic_manager::add_diagnostic): Use std::unique_ptr for
param d.
(diagnostic_manager::add_note): Use std::unique_ptr for param pn.
* engine.cc: Include "make-unique.h".
(impl_region_model_context::warn): Update to use std::unique_ptr
for param, removing explicit deletion.
(impl_region_model_context::add_note): Likewise.
(impl_sm_context::warn): Update to use std::unique_ptr
for param.
(impl_region_model_context::on_state_leak): Likewise for result of
on_leak.
(exploded_node::on_longjmp): Use make_unique when creating
pending_diagnostic.
(exploded_graph::process_node): Likewise.
* exploded-graph.h (impl_region_model_context::warn): Update to
use std::unique_ptr for param.
(impl_region_model_context::add_note): Likewise.
* feasible-graph.cc: Add define of INCLUDE_MEMORY.
* pending-diagnostic.cc: Likewise.
* pending-diagnostic.h: Include analyzer.sm.h"
* program-point.cc: Add define of INCLUDE_MEMORY.
* program-state.cc: Likewise.
* region-model-asm.cc: Likewise.
* region-model-impl-calls.cc: Likewise. Include "make-unique.h".
(region_model::impl_call_putenv): Use make_unique when creating
pending_diagnostic.
* region-model-manager.cc: Add define of INCLUDE_MEMORY.
* region-model-reachability.cc: Likewise.
* region-model.cc: Likewise. Include "make-unique.h".
(region_model::get_gassign_result): Use make_unique when creating
pending_diagnostic.
(region_model::check_for_poison): Likewise.
(region_model::on_stmt_pre): Likewise.
(region_model::check_symbolic_bounds): Likewise.
(region_model::check_region_bounds): Likewise.
(annotating_ctxt: make_note): Use std::unique_ptr for result.
(region_model::deref_rvalue): Use make_unique when creating
pending_diagnostic.
(region_model::check_for_writable_region): Likewise.
(region_model::check_region_size): Likewise.
(region_model::check_dynamic_size_for_floats): Likewise.
(region_model::maybe_complain_about_infoleak): Likewise.
(noop_region_model_context::add_note): Use std::unique_ptr for
param. Remove explicit deletion.
* region-model.h: Include "analyzer/pending-diagnostic.h".
(region_model_context::warn): Convert param to std::unique_ptr.
(region_model_context::add_note): Likewise.
(noop_region_model_context::warn): Likewise.
(noop_region_model_context::add_note): Likewise.
(region_model_context_decorator::warn): Likewise.
(region_model_context_decorator::add_note): Likewise.
(note_adding_context::warn): Likewise.
(note_adding_context::make_note): Likewise for return type.
(test_region_model_context::warn): Convert param to
std::unique_ptr.
* region.cc: Add define of INCLUDE_MEMORY.
* sm-fd.cc: Likewise. Include "make-unique.h".
(fd_state_machine::check_for_fd_attrs): Use make_unique when
creating pending_diagnostics.
(fd_state_machine::on_open): Likewise.
(fd_state_machine::on_creat): Likewise.
(fd_state_machine::check_for_dup): Likewise.
(fd_state_machine::on_close): Likewise.
(fd_state_machine::check_for_open_fd): Likewise.
(fd_state_machine::on_leak): Likewise, converting return type to
std::unique_ptr.
* sm-file.cc: Add define of INCLUDE_MEMORY. Include
"make-unique.h".
(fileptr_state_machine::on_stmt): Use make_unique when creating
pending_diagnostic.
(fileptr_state_machine::on_leak): Likewise, converting return type
to std::unique_ptr.
* sm-malloc.cc: Add define of INCLUDE_MEMORY. Include
"make-unique.h".
(malloc_state_machine::on_stmt): Use make_unique when creating
pending_diagnostic.
(malloc_state_machine::handle_free_of_non_heap): Likewise.
(malloc_state_machine::on_deallocator_call): Likewise.
(malloc_state_machine::on_realloc_call): Likewise.
(malloc_state_machine::on_leak): Likewise, converting return type
to std::unique_ptr.
* sm-pattern-test.cc: Add define of INCLUDE_MEMORY. Include
"make-unique.h".
(pattern_test_state_machine::on_condition): Use make_unique when
creating pending_diagnostic.
* sm-sensitive.cc: Add define of INCLUDE_MEMORY. Include
"make-unique.h".
(sensitive_state_machine::warn_for_any_exposure): Use make_unique
when creating pending_diagnostic.
* sm-signal.cc: Add define of INCLUDE_MEMORY. Include
"make-unique.h".
(signal_state_machine::on_stmt): Use make_unique when creating
pending_diagnostic.
* sm-taint.cc: Add define of INCLUDE_MEMORY. Include
"make-unique.h".
(taint_state_machine::check_for_tainted_size_arg): Use make_unique
when creating pending_diagnostic.
(taint_state_machine::check_for_tainted_divisor): Likewise.
(region_model::check_region_for_taint): Likewise.
(region_model::check_dynamic_size_for_taint): Likewise.
* sm.cc: Add define of INCLUDE_MEMORY. Include
"analyzer/pending-diagnostic.h".
(state_machine::on_leak): Move here from sm.h, changing return
type to std::unique_ptr.
* sm.h (state_machine::on_leak): Change return type to
std::unique_ptr. Move defn of base impl to sm.cc
(sm_context::warn): Convert param d to std_unique_ptr.
* state-purge.cc: Add define of INCLUDE_MEMORY.
* store.cc: Likewise.
* svalue.cc: Likewise.
* trimmed-graph.cc: Likewise.
* varargs.cc: Likewise. Include "make-unique.h".
(va_list_state_machine::check_for_ended_va_list): Use make_unique
when creating pending_diagnostic.
(va_list_state_machine::on_leak): Likewise, converting return type
to std::unique_ptr.
(region_model::impl_call_va_arg): Use make_unique when creating
pending_diagnostic.
gcc/testsuite/ChangeLog:
* gcc.dg/plugin/analyzer_gil_plugin.c: Add define of
INCLUDE_MEMORY. Include "make-unique.h".
(gil_state_machine::check_for_pyobject_in_call): Use make_unique
when creating pending_diagnostic.
(gil_state_machine::on_stmt): Likewise.
(gil_state_machine::check_for_pyobject_usage_without_gil): Likewise.
* gcc.dg/plugin/analyzer_kernel_plugin.c: : Add define of
INCLUDE_MEMORY.
* gcc.dg/plugin/analyzer_known_fns_plugin.c: Likewise.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
|
|
gcc/analyzer/ChangeLog:
* analysis-plan.cc: Simplify includes.
* analyzer-pass.cc: Likewise.
* analyzer-selftests.cc: Likewise.
* analyzer.cc: Likewise.
* analyzer.h: Add includes of "json.h" and "tristate.h".
* call-info.cc: Simplify includes.
* call-string.cc: Likewise.
* call-summary.cc: Likewise.
* checker-path.cc: Likewise.
* complexity.cc: Likewise.
* constraint-manager.cc: Likewise.
* diagnostic-manager.cc: Likewise.
* engine.cc: Likewise.
* feasible-graph.cc: Likewise.
* known-function-manager.cc: Likewise.
* pending-diagnostic.cc: Likewise.
* program-point.cc: Likewise.
* program-state.cc: Likewise.
* region-model-asm.cc: Likewise.
* region-model-impl-calls.cc: Likewise.
* region-model-manager.cc: Likewise.
* region-model-reachability.cc: Likewise.
* region-model.cc: Likewise.
* region-model.h: Include "selftest.h".
* region.cc: Simplify includes.
* sm-fd.cc: Likewise.
* sm-file.cc: Likewise.
* sm-malloc.cc: Likewise.
* sm-pattern-test.cc: Likewise.
* sm-sensitive.cc: Likewise.
* sm-signal.cc: Likewise.
* sm-taint.cc: Likewise.
* sm.cc: Likewise.
* state-purge.cc: Likewise.
* store.cc: Likewise.
* store.h: Likewise.
* supergraph.cc: Likewise.
* svalue.cc: Likewise.
* svalue.h: Likewise.
* trimmed-graph.cc: Likewise.
* varargs.cc: Likewise.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
|
|
ana::call_string is a wrapper around an auto_vec of callsites, leading
to non-trivial copying when copying around call_string instances, e.g.
in ana::program_point.
This patch consolidates call_string instances within the
region_model_manager: it now owns the root/empty call_string, and
each call_string instance tracks its children, lazily creating them on
demand, so that the call_string instances form a tree-like hierarchy in
memory. Doing this requires passing the region_model_manager to the
various program_point factory methods, so that they can get at the root
call_string.
Instances of call_string become immutable (apart from their internal
cache for looking up their children); operations that previously
modified them now return the call_string for the result of the
operation.
I wasn't able to observe any performance impact of this, but it
simplifies call_string and program_point management, and thus I hope
will make it easier to improve call summarization. In particular,
region_model_manager::log_stats will now print a hierarchical dump of
all the call_string instances used in the analysis (in -fdump-analyzer
and -fdump-analyzer-stderr).
gcc/analyzer/ChangeLog:
* call-string.cc: Add includes of "analyzer/analyzer.h"
and "analyzer/analyzer-logging.h".
(call_string::call_string): Delete copy ctor.
(call_string::operator=): Delete.
(call_string::operator==): Delete.
(call_string::hash): Delete.
(call_string::push_call): Make const, returning the resulting
call_string.
(call_string::pop): Delete.
(call_string::cmp_ptr_ptr): New.
(call_string::validate): Assert that m_parent is non-NULL, or
m_elements is empty.
(call_string::call_string): Move default ctor here from
call-string.h and reimplement. Add ctor taking a parent
and an element.
(call_string::~call_string): New.
(call_string::recursive_log): New.
* call-string.h (call_string::call_string): Move default ctor's
defn to call-string.cc. Delete copy ctor. Add ctor taking a
parent and an element.
(call_string::operator=): Delete.
(call_string::operator==): Delete.
(call_string::hash): Delete.
(call_string::push_call): Make const, returning the resulting
call_string.
(call_string::pop): Delete decl.
(call_string::get_parent): New.
(call_string::cmp_ptr_ptr): New decl.
(call_string::get_top_of_stack): New.
(struct call_string::hashmap_traits_t): New.
(class call_string): Add friend class region_model_manager. Add
DISABLE_COPY_AND_ASSIGN.
(call_string::~call_string): New decl.
(call_string::recursive_log): New decl.
(call_string::m_parent): New field.
(call_string::m_children): New field.
* constraint-manager.cc (selftest::test_many_constants): Pass
model manager to program_point::origin.
* engine.cc (exploded_graph::exploded_graph): Likewise.
(exploded_graph::add_function_entry): Likewise for
program_point::from_function_entry.
(add_tainted_args_callback): Likewise.
(exploded_graph::maybe_process_run_of_before_supernode_enodes):
Update for change to program_point.get_call_string.
(exploded_graph::process_node): Likewise.
(class function_call_string_cluster): Convert m_cs from a
call_string to a const call_string &.
(struct function_call_string): Likewise.
(pod_hash_traits<function_call_string>::hash): Use pointer_hash
for m_cs.
(pod_hash_traits<function_call_string>::equal): Update for change
to m_cs.
(root_cluster::add_node): Update for change to
function_call_string.
(viz_callgraph_node::dump_dot): Update for change to call_string.
* exploded-graph.h (per_call_string_data::m_key): Convert to a
reference.
(struct eg_call_string_hash_map_traits): Delete.
(exploded_graph::call_string_data_map_t): Remove traits class.
* program-point.cc: Move include of "analyzer/call-string.h" to
after "analyzer/analyzer-logging.h".
(program_point::print): Update for conversion of m_call_string to
a pointer.
(program_point::to_json): Likewise.
(program_point::push_to_call_stack): Update for immutability of
call strings.
(program_point::pop_from_call_stack): Likewise.
(program_point::hash): Use pointer hashing for m_call_string.
(program_point::get_function_at_depth): Update for change to
m_call_string.
(program_point::validate): Update for changes to call_string.
(program_point::on_edge): Likewise.
(program_point::origin): Move here from call-string.h. Add
region_model_manager param and use it to get empty call string.
(program_point::from_function_entry): Likewise.
(selftest::test_function_point_ordering): Likewise.
(selftest::test_function_point_ordering): Likewise.
* program-point.h (program_point::program_point): Update for
change to m_call_string.
(program_point::get_call_string): Likewise.
(program_point::get_stack_depth): Likewise.
(program_point::origin): Add region_model_manager param, and move
defn to call-string.cc.
(program_point::from_function_entry): Likewise.
(program_point::empty): Drop call_string.
(program_point::deleted): Likewise.
(program_point::program_point): New private ctor.
(program_point::m_call_string): Convert from call_string to const
call_string *.
* program-state.cc (selftest::test_program_state_merging): Update
for call_string changes.
(selftest::test_program_state_merging_2): Likewise.
* region-model-manager.cc
(region_model_manager::region_model_manager): Construct
m_empty_call_string.
(region_model_manager::log_stats): Log the call strings.
* region-model.cc (assert_region_models_merge): Pass the
region_model_manager when creating program_point instances.
(selftest::test_state_merging): Likewise.
(selftest::test_constraint_merging): Likewise.
(selftest::test_widening_constraints): Likewise.
(selftest::test_iteration_1): Likewise.
* region-model.h (region_model_manager::get_empty_call_string):
New.
(region_model_manager::m_empty_call_string): New.
* sm-signal.cc (register_signal_handler::impl_transition): Update
for changes to call_string.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
|
|
As of GCC 11 onwards we have required a C++11 compiler, such as GCC 4.8
or later. On the assumption that any such compiler correctly implements
"final" and "override", this patch updates the source tree to stop using
the FINAL and OVERRIDE macros from ansidecl.h, in favor of simply using
"final" and "override" directly.
libcpp/ChangeLog:
* lex.cc: Replace uses of "FINAL" and "OVERRIDE" with "final" and
"override".
gcc/analyzer/ChangeLog:
* analyzer-pass.cc: Replace uses of "FINAL" and "OVERRIDE" with
"final" and "override".
* call-info.h: Likewise.
* checker-path.h: Likewise.
* constraint-manager.cc: Likewise.
* diagnostic-manager.cc: Likewise.
* engine.cc: Likewise.
* exploded-graph.h: Likewise.
* feasible-graph.h: Likewise.
* pending-diagnostic.h: Likewise.
* region-model-impl-calls.cc: Likewise.
* region-model.cc: Likewise.
* region-model.h: Likewise.
* region.h: Likewise.
* sm-file.cc: Likewise.
* sm-malloc.cc: Likewise.
* sm-pattern-test.cc: Likewise.
* sm-sensitive.cc: Likewise.
* sm-signal.cc: Likewise.
* sm-taint.cc: Likewise.
* state-purge.h: Likewise.
* store.cc: Likewise.
* store.h: Likewise.
* supergraph.h: Likewise.
* svalue.h: Likewise.
* trimmed-graph.h: Likewise.
* varargs.cc: Likewise.
gcc/c-family/ChangeLog:
* c-format.cc: Replace uses of "FINAL" and "OVERRIDE" with "final"
and "override".
* c-pretty-print.h: Likewise.
gcc/cp/ChangeLog:
* cxx-pretty-print.h: Replace uses of "FINAL" and "OVERRIDE" with
"final" and "override".
* error.cc: Likewise.
gcc/jit/ChangeLog:
* jit-playback.h: Replace uses of "FINAL" and "OVERRIDE" with
"final" and "override".
* jit-recording.cc: Likewise.
* jit-recording.h: Likewise.
gcc/ChangeLog:
* config/aarch64/aarch64-sve-builtins-base.cc: Replace uses of
"FINAL" and "OVERRIDE" with "final" and "override".
* config/aarch64/aarch64-sve-builtins-functions.h: Likewise.
* config/aarch64/aarch64-sve-builtins-shapes.cc: Likewise.
* config/aarch64/aarch64-sve-builtins-sve2.cc: Likewise.
* diagnostic-path.h: Likewise.
* digraph.cc: Likewise.
* gcc-rich-location.h: Likewise.
* gimple-array-bounds.cc: Likewise.
* gimple-loop-versioning.cc: Likewise.
* gimple-range-cache.cc: Likewise.
* gimple-range-cache.h: Likewise.
* gimple-range-fold.cc: Likewise.
* gimple-range-fold.h: Likewise.
* gimple-range-tests.cc: Likewise.
* gimple-range.h: Likewise.
* gimple-ssa-evrp.cc: Likewise.
* input.cc: Likewise.
* json.h: Likewise.
* read-rtl-function.cc: Likewise.
* tree-complex.cc: Likewise.
* tree-diagnostic-path.cc: Likewise.
* tree-ssa-ccp.cc: Likewise.
* tree-ssa-copy.cc: Likewise.
* tree-vrp.cc: Likewise.
* value-query.h: Likewise.
* vr-values.h: Likewise.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
|
|
gcc/ada/ChangeLog:
* locales.c (iso_639_1_to_639_3): Use ARRAY_SIZE.
(language_name_to_639_3): Likewise.
(country_name_to_3166): Likewise.
gcc/analyzer/ChangeLog:
* engine.cc (exploded_node::get_dot_fillcolor): Use ARRAY_SIZE.
* function-set.cc (test_stdio_example): Likewise.
* sm-file.cc (get_file_using_fns): Likewise.
* sm-malloc.cc (malloc_state_machine::unaffected_by_call_p): Likewise.
* sm-signal.cc (get_async_signal_unsafe_fns): Likewise.
gcc/ChangeLog:
* attribs.cc (diag_attr_exclusions): Use ARRAY_SIZE.
(decls_mismatched_attributes): Likewise.
* builtins.cc (c_strlen): Likewise.
* cfg.cc (DEF_BASIC_BLOCK_FLAG): Likewise.
* common/config/aarch64/aarch64-common.cc (aarch64_option_init_struct): Likewise.
* config/aarch64/aarch64-builtins.cc (aarch64_lookup_simd_builtin_type): Likewise.
(aarch64_init_simd_builtin_types): Likewise.
(aarch64_init_builtin_rsqrt): Likewise.
* config/aarch64/aarch64.cc (is_madd_op): Likewise.
* config/arm/arm-builtins.cc (arm_lookup_simd_builtin_type): Likewise.
(arm_init_simd_builtin_types): Likewise.
* config/avr/gen-avr-mmcu-texi.cc (mcus[ARRAY_SIZE): Likewise.
(c_prefix): Likewise.
(main): Likewise.
* config/c6x/c6x.cc (N_SAVE_ORDER): Likewise.
* config/darwin-c.cc (darwin_register_frameworks): Likewise.
* config/gcn/mkoffload.cc (process_obj): Likewise.
* config/i386/i386-builtins.cc (get_builtin_code_for_version): Likewise.
(fold_builtin_cpu): Likewise.
* config/m32c/m32c.cc (PUSHM_N): Likewise.
* config/nvptx/mkoffload.cc (process): Likewise.
* config/rs6000/driver-rs6000.cc (host_detect_local_cpu): Likewise.
* config/s390/s390.cc (NR_C_MODES): Likewise.
* config/tilepro/gen-mul-tables.cc (find_sequences): Likewise.
(create_insn_code_compression_table): Likewise.
* config/vms/vms.cc (NBR_CRTL_NAMES): Likewise.
* diagnostic-format-json.cc (json_from_expanded_location): Likewise.
* dwarf2out.cc (ARRAY_SIZE): Likewise.
* genhooks.cc (emit_documentation): Likewise.
(emit_init_macros): Likewise.
* gimple-ssa-sprintf.cc (format_floating): Likewise.
* gimple-ssa-warn-access.cc (memmodel_name): Likewise.
* godump.cc (keyword_hash_init): Likewise.
* hash-table.cc (hash_table_higher_prime_index): Likewise.
* input.cc (for_each_line_table_case): Likewise.
* ipa-free-lang-data.cc (free_lang_data): Likewise.
* ipa-inline.cc (sanitize_attrs_match_for_inline_p): Likewise.
* optc-save-gen.awk: Likewise.
* spellcheck.cc (test_metric_conditions): Likewise.
* tree-vect-slp-patterns.cc (sizeof): Likewise.
(ARRAY_SIZE): Likewise.
* tree.cc (build_common_tree_nodes): Likewise.
gcc/c-family/ChangeLog:
* c-common.cc (ARRAY_SIZE): Use ARRAY_SIZE.
(c_common_nodes_and_builtins): Likewise.
* c-format.cc (check_tokens): Likewise.
(check_plain): Likewise.
* c-pragma.cc (c_pp_lookup_pragma): Likewise.
(init_pragma): Likewise.
* known-headers.cc (get_string_macro_hint): Likewise.
(get_stdlib_header_for_name): Likewise.
* c-attribs.cc: Likewise.
gcc/c/ChangeLog:
* c-decl.cc (match_builtin_function_types): Use ARRAY_SIZE.
gcc/cp/ChangeLog:
* module.cc (depset::entity_kind_name): Use ARRAY_SIZE.
* name-lookup.cc (get_std_name_hint): Likewise.
* parser.cc (cp_parser_new): Likewise.
gcc/fortran/ChangeLog:
* frontend-passes.cc (gfc_code_walker): Use ARRAY_SIZE.
* openmp.cc (gfc_match_omp_context_selector_specification): Likewise.
* trans-intrinsic.cc (conv_intrinsic_ieee_builtin): Likewise.
* trans-types.cc (gfc_get_array_descr_info): Likewise.
gcc/jit/ChangeLog:
* jit-builtins.cc (find_builtin_by_name): Use ARRAY_SIZE.
(get_string_for_type_id): Likewise.
* jit-recording.cc (recording::context::context): Likewise.
gcc/lto/ChangeLog:
* lto-common.cc (lto_resolution_read): Use ARRAY_SIZE.
* lto-lang.cc (lto_init): Likewise.
|
|
Avoid generating execution paths for warnings that are ultimately
rejected due to -Wno-analyzer-* flags.
This improves the test case from taking at least several minutes
(before I killed it) to taking under a second.
This doesn't fix the slowdown seen in PR analyzer/104955 with large
numbers of warnings when the warnings are still enabled.
gcc/analyzer/ChangeLog:
PR analyzer/104955
* diagnostic-manager.cc (get_emission_location): New.
(diagnostic_manager::diagnostic_manager): Initialize
m_num_disabled_diagnostics.
(diagnostic_manager::add_diagnostic): Reject diagnostics that
will eventually be rejected due to being disabled.
(diagnostic_manager::emit_saved_diagnostics): Log the number
of disabled diagnostics.
(diagnostic_manager::emit_saved_diagnostic): Split out logic for
determining emission location to get_emission_location.
* diagnostic-manager.h
(diagnostic_manager::m_num_disabled_diagnostics): New field.
* engine.cc (stale_jmp_buf::get_controlling_option): New.
(stale_jmp_buf::emit): Use it.
* pending-diagnostic.h
(pending_diagnostic::get_controlling_option): New vfunc.
* region-model.cc
(poisoned_value_diagnostic::get_controlling_option): New.
(poisoned_value_diagnostic::emit): Use it.
(shift_count_negative_diagnostic::get_controlling_option): New.
(shift_count_negative_diagnostic::emit): Use it.
(shift_count_overflow_diagnostic::get_controlling_option): New.
(shift_count_overflow_diagnostic::emit): Use it.
(dump_path_diagnostic::get_controlling_option): New.
(dump_path_diagnostic::emit): Use it.
(write_to_const_diagnostic::get_controlling_option): New.
(write_to_const_diagnostic::emit): Use it.
(write_to_string_literal_diagnostic::get_controlling_option): New.
(write_to_string_literal_diagnostic::emit): Use it.
* sm-file.cc (double_fclose::get_controlling_option): New.
(double_fclose::emit): Use it.
(file_leak::get_controlling_option): New.
(file_leak::emit): Use it.
* sm-malloc.cc (mismatching_deallocation::get_controlling_option):
New.
(mismatching_deallocation::emit): Use it.
(double_free::get_controlling_option): New.
(double_free::emit): Use it.
(possible_null_deref::get_controlling_option): New.
(possible_null_deref::emit): Use it.
(possible_null_arg::get_controlling_option): New.
(possible_null_arg::emit): Use it.
(null_deref::get_controlling_option): New.
(null_deref::emit): Use it.
(null_arg::get_controlling_option): New.
(null_arg::emit): Use it.
(use_after_free::get_controlling_option): New.
(use_after_free::emit): Use it.
(malloc_leak::get_controlling_option): New.
(malloc_leak::emit): Use it.
(free_of_non_heap::get_controlling_option): New.
(free_of_non_heap::emit): Use it.
* sm-pattern-test.cc (pattern_match::get_controlling_option): New.
(pattern_match::emit): Use it.
* sm-sensitive.cc
(exposure_through_output_file::get_controlling_option): New.
(exposure_through_output_file::emit): Use it.
* sm-signal.cc (signal_unsafe_call::get_controlling_option): New.
(signal_unsafe_call::emit): Use it.
* sm-taint.cc (tainted_array_index::get_controlling_option): New.
(tainted_array_index::emit): Use it.
(tainted_offset::get_controlling_option): New.
(tainted_offset::emit): Use it.
(tainted_size::get_controlling_option): New.
(tainted_size::emit): Use it.
(tainted_divisor::get_controlling_option): New.
(tainted_divisor::emit): Use it.
(tainted_allocation_size::get_controlling_option): New.
(tainted_allocation_size::emit): Use it.
gcc/testsuite/ChangeLog:
* gcc.dg/analyzer/many-disabled-diagnostics.c: New test.
* gcc.dg/plugin/analyzer_gil_plugin.c
(gil_diagnostic::get_controlling_option): New.
(double_save_thread::emit): Use it.
(fncall_without_gil::emit): Likewise.
(pyobject_usage_without_gil::emit): Likewise.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
|
|
|
|
Most of the state-management code in the analyzer involves
modifying state objects in-place, which implies a single outcome.
(I originally implemented in-place modification because I wanted
to avoid having to create copies of state objects, and it's now
very difficult to change this aspect of the analyzer's design)
However, there are various special-cases such as "realloc" for which
it's best to split the state into multiple outcomes.
This patch adds a mechanism for "bifurcating" the analysis in places
where there isn't a split in the CFG, and uses it to implement realloc,
in this case treating it as having 3 possible outcomes:
- failure, returning NULL
- success, growing the buffer in-place without moving it
- success, allocating a new buffer, copying the content of the old
buffer to it, and freeing the old buffer.
gcc/ChangeLog:
PR analyzer/99260
* Makefile.in (ANALYZER_OBJS): Add analyzer/call-info.o.
gcc/analyzer/ChangeLog:
PR analyzer/99260
* analyzer.h (class custom_edge_info): New class, adapted from
exploded_edge::custom_info_t. Make member functions const.
Make update_model return bool, converting edge param from
reference to a pointer, and adding a ctxt param.
(class path_context): New class.
* call-info.cc: New file.
* call-info.h: New file.
* engine.cc: Include "analyzer/call-info.h" and <memory>.
(impl_region_model_context::impl_region_model_context): Update for
new m_path_ctxt field.
(impl_region_model_context::bifurcate): New.
(impl_region_model_context::terminate_path): New.
(impl_region_model_context::get_malloc_map): New.
(impl_sm_context::impl_sm_context): Update for new m_path_ctxt
field.
(impl_sm_context::get_fndecl_for_call): Likewise.
(impl_sm_context::set_next_state): Likewise.
(impl_sm_context::warn): Likewise.
(impl_sm_context::is_zero_assignment): Likewise.
(impl_sm_context::get_path_context): New.
(impl_sm_context::m_path_ctxt): New.
(impl_region_model_context::on_condition): Update for new
path_ctxt param. Handle m_enode_for_diag being NULL.
(impl_region_model_context::on_phi): Update for new path_ctxt
param.
(exploded_node::on_stmt): Add path_ctxt param, updating ctor calls
to use it as necessary. Use it to bail out after sm-handling,
if needed.
(exploded_node::detect_leaks): Update for new path_ctxt param.
(dynamic_call_info_t::update_model): Update for conversion of
exploded_edge::custom_info_t to custom_edge_info.
(dynamic_call_info_t::add_events_to_path): Likewise.
(rewind_info_t::update_model): Likewise.
(rewind_info_t::add_events_to_path): Likewise.
(exploded_edge::exploded_edge): Likewise.
(exploded_graph::add_edge): Likewise.
(exploded_graph::maybe_process_run_of_before_supernode_enodes):
Update for new path_ctxt param.
(class impl_path_context): New.
(exploded_graph::process_node): Update for new path_ctxt param.
Create an impl_path_context and pass it to exploded_node::on_stmt.
Use it to terminate iterating stmts if terminate_path is called
on it. After processing a run of stmts, query path_ctxt to
potentially terminate the analysis path, and/or to "bifurcate" the
analysis into multiple additional paths.
(feasibility_state::maybe_update_for_edge): Update for new
update_model ctxt param.
* exploded-graph.h
(impl_region_model_context::impl_region_model_context): Add
path_ctxt param.
(impl_region_model_context::bifurcate): New.
(impl_region_model_context::terminate_path): New
(impl_region_model_context::get_ext_state): New.
(impl_region_model_context::get_malloc_map): New.
(impl_region_model_context::m_path_ctxt): New field.
(exploded_node::on_stmt): Add path_ctxt param.
(class exploded_edge::custom_info_t): Move to analyzer.h, renaming
to custom_edge_info, and making the changes as noted in analyzer.h
above.
(exploded_edge::exploded_edge): Update for these changes to
exploded_edge::custom_info_t.
(exploded_edge::m_custom_info): Likewise.
(class dynamic_call_info_t): Likewise.
(class rewind_info_t): Likewise.
(exploded_graph::add_edge): Likewise.
* program-state.cc (program_state::on_edge): Update for new
path_ctxt param.
(program_state::push_call): Likewise.
(program_state::returning_call): Likewise.
(program_state::prune_for_point): Likewise.
* region-model-impl-calls.cc: Include "analyzer/call-info.h".
(call_details::get_fndecl_for_call): New.
(region_model::impl_call_realloc): Reimplement.
* region-model.cc (region_model::on_call_pre): Move call to
impl_call_realloc to...
(region_model::on_call_post): ...here. Consolidate creation
of call_details instance.
(noop_region_model_context::bifurcate): New.
(noop_region_model_context::terminate_path): New.
* region-model.h (call_details::get_call_stmt): New.
(call_details::get_fndecl_for_call): New.
(region_model::on_realloc_with_move): New.
(region_model_context::bifurcate): New.
(region_model_context::terminate_path): New.
(region_model_context::get_ext_state): New.
(region_model_context::get_malloc_map): New.
(noop_region_model_context::bifurcate): New.
(noop_region_model_context::terminate_path): New.
(noop_region_model_context::get_ext_state): New.
(noop_region_model_context::get_malloc_map): New.
* sm-malloc.cc: Include "analyzer/program-state.h".
(malloc_state_machine::on_realloc_call): Reimplement.
(malloc_state_machine::on_realloc_with_move): New.
(region_model::on_realloc_with_move): New.
* sm-signal.cc (class signal_delivery_edge_info_t): Update for
conversion from exploded_edge::custom_info_t to custom_edge_info.
* sm.h (sm_context::get_path_context): New.
* svalue.cc (svalue::maybe_get_constant): Call
unwrap_any_unmergeable.
gcc/testsuite/ChangeLog:
PR analyzer/99260
* gcc.dg/analyzer/capacity-2.c: Update for changes to realloc
analysis.
* gcc.dg/analyzer/pr99193-1.c: Likewise.
* gcc.dg/analyzer/pr99193-3.c: Likewise.
* gcc.dg/analyzer/realloc-1.c: Likewise. Add test coverage for
realloc of non-heap pointer, realloc from mismatching allocator,
and realloc on a freed pointer.
* gcc.dg/analyzer/realloc-2.c: New test.
|
|
I'm working on reimplementing -Wanalyzer-use-of-uninitialized-value, but
I ran into issues with
region_model::add_any_constraints_from_ssa_def_stmt.
This function is from the initial commit of the analyzer and walks the
SSA names finding conditions that were missed due to the GCC 10 era
region_model not retaining useful information on how values were
created; as of GCC 11 the symbolic values contain this information,
and so the conditions can be reconstructed from them instead.
region_model::add_any_constraints_from_ssa_def_stmt is a liability
when tracking uninitialized values as it requires looking up SSA
values when those values may have been purged, thus greatly complicating
detection of uses of uninitialized values.
It's simplest to eliminate it and reimplement the condition-finding
via the makeup of the svalues, which this patch does. Doing so requires
supporting add_condition on svalues rather than just on trees, which
requires some changes to ana::state_machine and its subclasses.
gcc/analyzer/ChangeLog:
* diagnostic-manager.cc (null_assignment_sm_context::get_state):
New overload.
(null_assignment_sm_context::set_next_state): New overload.
(null_assignment_sm_context::get_diagnostic_tree): New.
* engine.cc (impl_sm_context::get_state): New overload.
(impl_sm_context::set_next_state): New overload.
(impl_sm_context::get_diagnostic_tree): New overload.
(impl_region_model_context::on_condition): Convert params from
tree to const svalue *.
* exploded-graph.h (impl_region_model_context::on_condition):
Likewise.
* region-model.cc (region_model::on_call_pre): Move handling of
internal calls to before checking for get_fndecl_for_call.
(region_model::add_constraints_from_binop): New.
(region_model::add_constraint): Split out into a new overload
working on const svalue * rather than tree. Call
add_constraints_from_binop. Drop call to
add_any_constraints_from_ssa_def_stmt.
(region_model::add_any_constraints_from_ssa_def_stmt): Delete.
(region_model::add_any_constraints_from_gassign): Delete.
(region_model::add_any_constraints_from_gcall): Delete.
* region-model.h
(region_model::add_any_constraints_from_ssa_def_stmt): Delete.
(region_model::add_any_constraints_from_gassign): Delete.
(region_model::add_any_constraints_from_gcall): Delete.
(region_model::add_constraint): Add overload decl.
(region_model::add_constraints_from_binop): New decl.
(region_model_context::on_condition): Convert params from tree to
const svalue *.
(noop_region_model_context::on_condition): Likewise.
* sm-file.cc (fileptr_state_machine::condition): Likewise.
* sm-malloc.cc (malloc_state_machine::on_condition): Likewise.
* sm-pattern-test.cc: Include tristate.h, selftest.h,
analyzer/call-string.h, analyzer/program-point.h,
analyzer/store.h, and analyzer/region-model.h.
(pattern_test_state_machine::on_condition): Convert params from tree to
const svalue *.
* sm-sensitive.cc (sensitive_state_machine::on_condition): Delete.
* sm-signal.cc (signal_state_machine::on_condition): Delete.
* sm-taint.cc (taint_state_machine::on_condition): Convert params
from tree to const svalue *.
* sm.cc: Include tristate.h, selftest.h, analyzer/call-string.h,
analyzer/program-point.h, analyzer/store.h, and
analyzer/region-model.h.
(any_pointer_p): Add overload taking const svalue *sval.
* sm.h (any_pointer_p): Add overload taking const svalue *sval.
(state_machine::on_condition): Convert params from tree to
const svalue *. Provide no-op default implementation.
(sm_context::get_state): Add overload taking const svalue *sval.
(sm_context::set_next_state): Likewise.
(sm_context::on_transition): Likewise.
(sm_context::get_diagnostic_tree): Likewise.
* svalue.cc (svalue::all_zeroes_p): New.
(constant_svalue::all_zeroes_p): New.
(repeated_svalue::all_zeroes_p): Convert to vfunc.
* svalue.h (svalue::all_zeroes_p): New decl.
(constant_svalue::all_zeroes_p): New decl.
(repeated_svalue::all_zeroes_p): Convert decl to vfunc.
gcc/testsuite/ChangeLog:
* gcc.dg/analyzer/pattern-test-2.c: Update expected results.
* gcc.dg/plugin/analyzer_gil_plugin.c
(gil_state_machine::on_condition): Remove.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
|
|
I have followup work where a custom event's description would be better
handled via a vfunc rather that a precanned string, hence this
refactoring to make it easy to add custom_event subclasses.
gcc/analyzer/ChangeLog:
* checker-path.cc (class custom_event): Make abstract to allow for
custom vfuncs, splitting existing implementation into...
(class precanned_custom_event): New subclass.
(custom_event::get_desc): Move to...
(precanned_custom_event::get_desc): ...subclass.
* checker-path.h (class custom_event): Make abstract to allow for
custom vfuncs, splitting existing implementation into...
(class precanned_custom_event): New subclass.
* diagnostic-manager.cc (diagnostic_manager::add_events_for_eedge):
Use precanned_custom_event.
* engine.cc
(stale_jmp_buf::maybe_add_custom_events_for_superedge): Likewise.
* sm-signal.cc (signal_delivery_edge_info_t::add_events_to_path):
Likewise.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
|
|
|
|
I've found this useful for debugging state explosions in the analyzer.
gcc/analyzer/ChangeLog:
* analysis-plan.cc: Include "json.h".
* analyzer.opt (fdump-analyzer-json): New.
* call-string.cc: Include "json.h".
(call_string::to_json): New.
* call-string.h (call_string::to_json): New decl.
* checker-path.cc: Include "json.h".
* constraint-manager.cc: Include "json.h".
(equiv_class::to_json): New.
(constraint::to_json): New.
(constraint_manager::to_json): New.
* constraint-manager.h (equiv_class::to_json): New decl.
(constraint::to_json): New decl.
(constraint_manager::to_json): New decl.
* diagnostic-manager.cc: Include "json.h".
(saved_diagnostic::to_json): New.
(diagnostic_manager::to_json): New.
* diagnostic-manager.h (saved_diagnostic::to_json): New decl.
(diagnostic_manager::to_json): New decl.
* engine.cc: Include "json.h", <zlib.h>.
(exploded_node::status_to_str): New.
(exploded_node::to_json): New.
(exploded_edge::to_json): New.
(exploded_graph::to_json): New.
(dump_analyzer_json): New.
(impl_run_checkers): Call it.
* exploded-graph.h (exploded_node::status_to_str): New decl.
(exploded_node::to_json): New.
(exploded_edge::to_json): New.
(exploded_graph::to_json): New.
* pending-diagnostic.cc: Include "json.h".
* program-point.cc: Include "json.h".
(program_point::to_json): New.
* program-point.h (program_point::to_json): New decl.
* program-state.cc: Include "json.h".
(extrinsic_state::to_json): New.
(sm_state_map::to_json): New.
(program_state::to_json): New.
* program-state.h (extrinsic_state::to_json): New decl.
(sm_state_map::to_json): New decl.
(program_state::to_json): New decl.
* region-model-impl-calls.cc: Include "json.h".
* region-model-manager.cc: Include "json.h".
* region-model-reachability.cc: Include "json.h".
* region-model.cc: Include "json.h".
* region-model.h (svalue::to_json): New decl.
(region::to_json): New decl.
* region.cc: Include "json.h".
(region::to_json: New.
* sm-file.cc: Include "json.h".
* sm-malloc.cc: Include "json.h".
* sm-pattern-test.cc: Include "json.h".
* sm-sensitive.cc: Include "json.h".
* sm-signal.cc: Include "json.h".
(signal_delivery_edge_info_t::to_json): New.
* sm-taint.cc: Include "json.h".
* sm.cc: Include "diagnostic.h", "tree-diagnostic.h", and
"json.h".
(state_machine::state::to_json): New.
(state_machine::to_json): New.
* sm.h (state_machine::state::to_json): New.
(state_machine::to_json): New.
* state-purge.cc: Include "json.h".
* store.cc: Include "json.h".
(binding_key::get_desc): New.
(binding_map::to_json): New.
(binding_cluster::to_json): New.
(store::to_json): New.
* store.h (binding_key::get_desc): New decl.
(binding_map::to_json): New decl.
(binding_cluster::to_json): New decl.
(store::to_json): New decl.
* supergraph.cc: Include "json.h".
(supergraph::to_json): New.
(supernode::to_json): New.
(superedge::to_json): New.
* supergraph.h (supergraph::to_json): New decl.
(supernode::to_json): New decl.
(superedge::to_json): New decl.
* svalue.cc: Include "json.h".
(svalue::to_json): New.
gcc/ChangeLog:
* doc/analyzer.texi (Other Debugging Techniques): Mention
-fdump-analyzer-json.
* doc/invoke.texi (Static Analyzer Options): Add
-fdump-analyzer-json.
|
|
This patch is yet more preliminary work towards generalizing sm-malloc.cc
beyond just malloc/free.
It eliminates sm_context::warn_for_state in terms of a new sm_context::warn
vfunc, guarded by sm_context::get_state calls.
gcc/analyzer/ChangeLog:
* diagnostic-manager.cc
(null_assignment_sm_context::warn_for_state): Replace with...
(null_assignment_sm_context::warn): ...this.
* engine.cc (impl_sm_context::warn_for_state): Replace with...
(impl_sm_context::warn): ...this.
* sm-file.cc (fileptr_state_machine::on_stmt): Replace
warn_for_state and on_transition calls with a get_state
test guarding warn and set_next_state calls.
* sm-malloc.cc (malloc_state_machine::on_stmt): Likewise.
* sm-pattern-test.cc (pattern_test_state_machine::on_condition):
Replace warn_for_state call with warn call.
* sm-sensitive.cc
(sensitive_state_machine::warn_for_any_exposure): Replace
warn_for_state call with a get_state test guarding a warn call.
* sm-signal.cc (signal_state_machine::on_stmt): Likewise.
* sm-taint.cc (taint_state_machine::on_stmt): Replace
warn_for_state and on_transition calls with a get_state
test guarding warn and set_next_state calls.
* sm.h (sm_context::warn_for_state): Replace with...
(sm_context::warn): ...this.
|
|
This patch is preliminary work towards generalizing sm-malloc.cc so that
it can check APIs other than just malloc/free (and e.g. detect
mismatching alloc/dealloc pairs).
Generalize states in state machines so that, rather than state_t being
just an "unsigned", it becomes a "const state *", where the underlying
state objects are immutable objects managed by the state machine in
question, and can e.g. have vfuncs and extra fields. The start state
m_start becomes a member of the state_machine base_class.
gcc/analyzer/ChangeLog:
* checker-path.cc (state_change_event::get_desc): Update
state_machine::get_state_name calls to state::get_name.
(warning_event::get_desc): Likewise.
* diagnostic-manager.cc
(null_assignment_sm_context::on_transition): Update comparison
against 0 with comparison with m_sm.get_start_state.
(diagnostic_manager::prune_for_sm_diagnostic): Update
state_machine::get_state_name calls to state::get_name.
* engine.cc (impl_sm_context::on_transition): Likewise.
(exploded_node::get_dot_fillcolor): Use get_id when summing
the sm states.
* program-state.cc (sm_state_map::sm_state_map): Don't hardcode
0 as the start state when initializing m_global_state.
(sm_state_map::print): Use dump_to_pp rather than get_state_name
when dumping states.
(sm_state_map::is_empty_p): Don't hardcode 0 as the start state
when examining m_global_state.
(sm_state_map::hash): Use get_id when hashing states.
(selftest::test_sm_state_map): Use state objects rather than
arbitrary hardcoded integers.
(selftest::test_program_state_merging): Likewise.
(selftest::test_program_state_merging_2): Likewise.
* sm-file.cc (fileptr_state_machine::m_start): Move to base class.
(file_diagnostic::describe_state_change): Use get_start_state.
(fileptr_state_machine::fileptr_state_machine): Drop m_start
initialization.
* sm-malloc.cc (malloc_state_machine::m_start): Move to base
class.
(malloc_diagnostic::describe_state_change): Use get_start_state.
(possible_null::describe_state_change): Likewise.
(malloc_state_machine::malloc_state_machine): Drop m_start
initialization.
* sm-pattern-test.cc (pattern_test_state_machine::m_start): Move
to base class.
(pattern_test_state_machine::pattern_test_state_machine): Drop
m_start initialization.
* sm-sensitive.cc (sensitive_state_machine::m_start): Move to base
class.
(sensitive_state_machine::sensitive_state_machine): Drop m_start
initialization.
* sm-signal.cc (signal_state_machine::m_start): Move to base
class.
(signal_state_machine::signal_state_machine): Drop m_start
initialization.
* sm-taint.cc (taint_state_machine::m_start): Move to base class.
(taint_state_machine::taint_state_machine): Drop m_start
initialization.
* sm.cc (state_machine::state::dump_to_pp): New.
(state_machine::state_machine): Move here from sm.h. Initialize
m_next_state_id and m_start.
(state_machine::add_state): Reimplement in terms of state objects.
(state_machine::get_state_name): Delete.
(state_machine::get_state_by_name): Reimplement in terms of state
objects. Make const.
(state_machine::validate): Delete.
(state_machine::dump_to_pp): Reimplement in terms of state
objects.
* sm.h (state_machine::state): New class.
(state_machine::state_t): Convert typedef from "unsigned" to
"const state_machine::state *".
(state_machine::state_machine): Move to sm.cc.
(state_machine::get_default_state): Use m_start rather than
hardcoding 0.
(state_machine::get_state_name): Delete.
(state_machine::get_state_by_name): Make const.
(state_machine::get_start_state): New accessor.
(state_machine::alloc_state_id): New.
(state_machine::m_state_names): Drop in favor of...
(state_machine::m_states): New field
(state_machine::m_start): New field
(start_start_p): Delete.
|
|
This large patch reimplements how the analyzer tracks regions and
values.
Elimination of region_id and svalue_id
**************************************
The patch eliminates region_id and svalue_id in favor of simply
using pointers. I'd hoped that the ID classes would make it easier
to compare states, avoiding having to compare long hexadecimal addresses
in favor of small integers. Unfortunately it added lots of complexity,
with the need to remap IDs when comparing or purging states, and the
need to "canonicalize" when comparing states.
Various "state explosion" bugs in the old implementation were due to
failures in canonicalization, where two states that ought to be equal
were non-equal due to differences in ID ordering. I spent a lot of
time trying to fix canonicalization bugs, and there always seemed to
be one more bug. By eliminating IDs in this new implementation, lots
of tricky canonicalization goes away and no ID remapping should be
needed; almost all of the old validation code becomes redundant.
There's still some canonicalization in the new implementation, mostly
in constraint_manager, but much less than before.
Ownership of regions and svalues
********************************
In the old implementation, each region_model had its own copies of
regions and svalues, so there was heap bloat and churn as lots of
little objects were cloned when copying program_state instances. In the
new implementation the regions and svalues are immutable and are shared
thoughout the analysis, rather than being per region_model. They are
owned by a manager class, and are effectively singletons. Region and
svalue instances can now be compared by pointer rather than by comparing
their fields (the manager class takes care of uniqueness).
This is a huge simplification, and (I hope) will avoid lots
of heap churn as states are copied; all mutable state from regions and
svalues is now stored in a "store" class in the region_model.
Changes to the meaning of a "region"
************************************
Region subclasses no longer represent internal structure, but instead
represent how the regions are reached. So e.g. a global "struct coord
c;" is now a decl_region, rather than a struct_region.
In the old implementation, the values for each region were stored in the
region instances, but in the new implementation the regions are immutable.
Memory is now modeled in a new "store" class: a mapping from keys to
svalues, where the keys are both concrete bit-offsets from the start of
a "base region", and "symbolic" keys (thus hopefully making unions,
casts, aliasing etc easier to deal with). So e.g. for assignments to
the fields of a struct, it records the mapping from bit-offsets of e.g.
field to the values; if that memory is cast to another type and written
to, the appropriate clobbering of the bound values can happen.
The concept of "what the current stack is" moves from the regions to
being a field within the region_model ("m_current_frame").
Bugs fixed by this patch
************************
PR analyzer/93032 (missing leak diagnostic for zlib/contrib/minizip/mztools.c)
PR analyzer/93938 (ICE in analyzer)
PR analyzer/94011 (ICE in analyzer)
PR analyzer/94099 (ICE in analyzer)
PR analyzer/94399 (leak false positive with __attribute__((cleanup())))
PR analyzer/94458 (leak false positive)
PR analyzer/94503 (ICE on C++ return-value-optimization)
PR analyzer/94640 (leak false positive)
PR analyzer/94688 (ICE in analyzer)
PR analyzer/94689 ("arrays of functions are not meaningful" error)
PR analyzer/94839 (leak false positive)
PR analyzer/95026 (leak false positive)
PR analyzer/95042 (ICE merging const and non-const C++ object instances)
PR analyzer/95240 (leak false positive)
gcc/ChangeLog:
* Makefile.in (ANALYZER_OBJS): Add analyzer/region.o,
analyzer/region-model-impl-calls.o,
analyzer/region-model-manager.o,
analyzer/region-model-reachability.o, analyzer/store.o, and
analyzer/svalue.o.
* doc/analyzer.texi: Update for changes to analyzer
implementation.
* tristate.h (tristate::get_value): New accessor.
gcc/analyzer/ChangeLog:
* analyzer-logging.cc: Ignore "-Wformat-diag".
(logger::enter_scope): Use inc_indent in both overloads.
(logger::exit_scope): Use dec_indent.
* analyzer-logging.h (logger::inc_indent): New.
(logger::dec_indent): New.
* analyzer-selftests.cc (run_analyzer_selftests): Call
analyzer_store_cc_tests.
* analyzer-selftests.h (analyzer_store_cc_tests): New decl.
* analyzer.cc (get_stmt_location): New function.
* analyzer.h (class initial_svalue): New forward decl.
(class unaryop_svalue): New forward decl.
(class binop_svalue): New forward decl.
(class sub_svalue): New forward decl.
(class unmergeable_svalue): New forward decl.
(class placeholder_svalue): New forward decl.
(class widening_svalue): New forward decl.
(class compound_svalue): New forward decl.
(class conjured_svalue): New forward decl.
(svalue_set): New typedef.
(class map_region): Delete.
(class array_region): Delete.
(class frame_region): New forward decl.
(class function_region): New forward decl.
(class label_region): New forward decl.
(class decl_region): New forward decl.
(class element_region): New forward decl.
(class offset_region): New forward decl.
(class cast_region): New forward decl.
(class field_region): New forward decl.
(class string_region): New forward decl.
(class region_model_manager): New forward decl.
(class store_manager): New forward decl.
(class store): New forward decl.
(class call_details): New forward decl.
(struct svalue_id_merger_mapping): Delete.
(struct canonicalization): Delete.
(class function_point): New forward decl.
(class engine): New forward decl.
(dump_tree): New function decl.
(print_quoted_type): New function decl.
(readability_comparator): New function decl.
(tree_cmp): New function decl.
(class path_var): Move here from region-model.h
(bit_offset_t, bit_size_t, byte_size_t): New typedefs.
(class region_offset): New class.
(get_stmt_location): New decl.
(struct member_function_hash_traits): New struct.
(class consolidation_map): New class.
Ignore "-Wformat-diag".
* analyzer.opt (-param=analyzer-max-svalue-depth=): New param.
(-param=analyzer-max-enodes-for-full-dump=): New param.
* call-string.cc: Ignore -Wformat-diag.
* checker-path.cc: Move includes of "analyzer/call-string.h" and
"analyzer/program-point.h" to before "analyzer/region-model.h",
and also include "analyzer/store.h" before it.
(state_change_event::state_change_event): Replace "tree var" param
with "const svalue *sval". Convert "origin" param from tree to
"const svalue *".
(state_change_event::get_desc): Call get_representative_tree to
convert the var and origin from const svalue * to tree. Use
svalue::get_desc rather than %qE when describing state changes.
(checker_path::add_final_event): Use get_stmt_location.
* checker-path.h (state_change_event::state_change_event): Port
from tree to const svalue *.
(state_change_event::get_lvalue): Delete.
(state_change_event::get_dest_function): New.
(state_change_event::m_var): Replace with...
(state_change_event::m_sval): ...this.
(state_change_event::m_origin): Convert from tree to
const svalue *.
* constraint-manager.cc: Include "analyzer/call-string.h",
"analyzer/program-point.h", and "analyzer/store.h" before
"analyzer/region-model.h".
(struct bound, struct range): Move to constraint-manager.h.
(compare_constants): New function.
(range::dump): Rename to...
(range::dump_to_pp): ...this. Support NULL constants.
(range::dump): Reintroduce for dumping to stderr.
(range::constrained_to_single_element): Return result, rather than
writing to *OUT.
(range::eval_condition): New.
(range::below_lower_bound): New.
(range::above_upper_bound): New.
(equiv_class::equiv_class): Port from svalue_id to const svalue *.
(equiv_class::print): Likewise.
(equiv_class::hash): Likewise.
(equiv_class::operator==): Port from svalue_id to const svalue *.
(equiv_class::add): Port from svalue_id to const svalue *. Drop
"cm" param.
(equiv_class::del): Port from svalue_id to const svalue *.
(equiv_class::get_representative): Likewise.
(equiv_class::remap_svalue_ids): Delete.
(svalue_id_cmp_by_id): Rename to...
(svalue_cmp_by_ptr): ...this, porting from svalue_id to
const svalue *.
(equiv_class::canonicalize): Update qsort comparator.
(constraint::implied_by): New.
(constraint_manager::constraint_manager): Copy m_mgr in copy ctor.
(constraint_manager::dump_to_pp): Add "multiline" param
(constraint_manager::dump): Pass "true" for "multiline".
(constraint_manager::add_constraint): Port from svalue_id to
const svalue *. Split out second part into...
(constraint_manager::add_unknown_constraint): ...this new
function. Remove self-constraints when merging equivalence
classes.
(constraint_manager::add_constraint_internal): Remove constraints
that would be implied by the new constraint. Port from svalue_id
to const svalue *.
(constraint_manager::get_equiv_class_by_sid): Rename to...
(constraint_manager::get_equiv_class_by_svalue): ...this, porting
from svalue_id to const svalue *.
(constraint_manager::get_or_add_equiv_class): Port from svalue_id
to const svalue *.
(constraint_manager::eval_condition): Make const. Call
compare_constants and return early if it provides a known result.
(constraint_manager::get_ec_bounds): New.
(constraint_manager::eval_condition): New overloads. Make
existing one const, and use compare_constants.
(constraint_manager::purge): Convert "p" param to a template
rather that an abstract base class. Port from svalue_id to
const svalue *.
(class dead_svalue_purger): New class.
(constraint_manager::remap_svalue_ids): Delete.
(constraint_manager::on_liveness_change): New.
(equiv_class_cmp): Port from svalue_id to const svalue *.
(constraint_manager::canonicalize): Likewise. Combine with
purging of redundant equivalence classes and constraints.
(class cleaned_constraint_manager): Delete.
(class merger_fact_visitor): Make "m_cm_b" const. Add "m_merger"
field.
(merger_fact_visitor::fact): Port from svalue_id to const svalue *.
Add special case for widening.
(constraint_manager::merge): Port from svalue_id to const svalue *.
(constraint_manager::clean_merger_input): Delete.
(constraint_manager::for_each_fact): Port from svalue_id to
const svalue *.
(constraint_manager::validate): Likewise.
(selftest::test_constraint_conditions): Provide a
region_model_manager when creating region_model instances.
Add test for self-equality not creating equivalence classes.
(selftest::test_transitivity): Provide a region_model_manager when
creating region_model instances. Verify that EC-merging happens
when constraints are implied.
(selftest::test_constant_comparisons): Provide a
region_model_manager when creating region_model instances.
(selftest::test_constraint_impl): Likewise. Remove over-specified
assertions.
(selftest::test_equality): Provide a region_model_manager when
creating region_model instances.
(selftest::test_many_constants): Likewise. Provide a
program_point when testing merging.
(selftest::run_constraint_manager_tests): Move call to
test_constant_comparisons to outside the transitivity guard.
* constraint-manager.h (struct bound): Move here from
constraint-manager.cc.
(struct range): Likewise.
(struct::eval_condition): New decl.
(struct::below_lower_bound): New decl.
(struct::above_upper_bound): New decl.
(equiv_class::add): Port from svalue_id to const svalue *.
(equiv_class::del): Likewise.
(equiv_class::get_representative): Likewise.
(equiv_class::remap_svalue_ids): Drop.
(equiv_class::m_cst_sid): Convert to..
(equiv_class::m_cst_sval): ...this.
(equiv_class::m_vars): Port from svalue_id to const svalue *.
(constraint::bool implied_by): New decl.
(fact_visitor::on_fact): Port from svalue_id to const svalue *.
(constraint_manager::constraint_manager): Add mgr param.
(constraint_manager::clone): Delete.
(constraint_manager::maybe_get_constant): Delete.
(constraint_manager::get_sid_for_constant): Delete.
(constraint_manager::get_num_svalues): Delete.
(constraint_manager::dump_to_pp): Add "multiline" param.
(constraint_manager::get_equiv_class): Port from svalue_id to
const svalue *.
(constraint_manager::add_constraint): Likewise.
(constraint_manager::get_equiv_class_by_sid): Rename to...
(constraint_manager::get_equiv_class_by_svalue): ...this, porting
from svalue_id to const svalue *.
(constraint_manager::add_unknown_constraint): New decl.
(constraint_manager::get_or_add_equiv_class): Port from svalue_id
to const svalue *.
(constraint_manager::eval_condition): Likewise. Add overloads.
(constraint_manager::get_ec_bounds): New decl.
(constraint_manager::purge): Convert to template.
(constraint_manager::remap_svalue_ids): Delete.
(constraint_manager::on_liveness_change): New decl.
(constraint_manager::canonicalize): Drop param.
(constraint_manager::clean_merger_input): Delete.
(constraint_manager::m_mgr): New field.
* diagnostic-manager.cc: Move includes of
"analyzer/call-string.h" and "analyzer/program-point.h" to before
"analyzer/region-model.h", and also include "analyzer/store.h"
before it.
(saved_diagnostic::saved_diagnostic): Add "sval" param.
(diagnostic_manager::diagnostic_manager): Add engine param.
(diagnostic_manager::add_diagnostic): Add "sval" param, passing it
to saved_diagnostic ctor. Update overload to pass NULL for it.
(dedupe_winners::dedupe_winners): Add engine param.
(dedupe_winners::add): Add "eg" param. Pass m_engine to
feasible_p.
(dedupe_winner::m_engine): New field.
(diagnostic_manager::emit_saved_diagnostics): Pass engine to
dedupe_winners. Pass &eg when adding candidates. Pass svalue
rather than tree to prune_path. Use get_stmt_location to get
primary location of diagnostic.
(diagnostic_manager::emit_saved_diagnostic): Likewise.
(get_any_origin): Drop.
(state_change_event_creator::on_global_state_change): Pass NULL
const svalue * rather than NULL_TREE trees to state_change_event
ctor.
(state_change_event_creator::on_state_change): Port from tree and
svalue_id to const svalue *.
(for_each_state_change): Port from svalue_id to const svalue *.
(struct null_assignment_sm_context): New.
(diagnostic_manager::add_events_for_eedge): Add state change
events for assignment to NULL.
(diagnostic_manager::prune_path): Update param from tree to
const svalue *.
(diagnostic_manager::prune_for_sm_diagnostic): Port from tracking
by tree to by const svalue *.
* diagnostic-manager.h (saved_diagnostic::saved_diagnostic): Add sval
param.
(saved_diagnostic::m_sval): New field.
(diagnostic_manager::diagnostic_manager): Add engine param.
(diagnostic_manager::get_engine): New.
(diagnostic_manager::add_diagnostic): Add "sval" param.
(diagnostic_manager::prune_path): Likewise.
(diagnostic_manager::prune_for_sm_diagnostic): New overload.
(diagnostic_manager::m_eng): New field.
* engine.cc: Move includes of "analyzer/call-string.h" and
"analyzer/program-point.h" to before "analyzer/region-model.h",
and also include "analyzer/store.h" before it.
(impl_region_model_context::impl_region_model_context): Update for
removal of m_change field.
(impl_region_model_context::remap_svalue_ids): Delete.
(impl_region_model_context::on_svalue_leak): New.
(impl_region_model_context::on_svalue_purge): Delete.
(impl_region_model_context::on_liveness_change): New.
(impl_region_model_context::on_unknown_change): Update param
from svalue_id to const svalue *. Add is_mutable param.
(setjmp_svalue::compare_fields): Delete.
(setjmp_svalue::accept): New.
(setjmp_svalue::add_to_hash): Delete.
(setjmp_svalue::dump_to_pp): New.
(setjmp_svalue::print_details): Delete.
(impl_sm_context::impl_sm_context): Drop "change" param.
(impl_sm_context::get_fndecl_for_call): Drop "m_change".
(impl_sm_context::on_transition): Drop ATTRIBUTE_UNUSED from
"stmt" param. Drop m_change. Port from svalue_id to
const svalue *.
(impl_sm_context::warn_for_state): Drop m_change. Port from
svalue_id to const svalue *.
(impl_sm_context::get_readable_tree): Rename to...
(impl_sm_context::get_diagnostic_tree): ...this. Port from
svalue_id to const svalue *.
(impl_sm_context::is_zero_assignment): New.
(impl_sm_context::m_change): Delete field.
(leak_stmt_finder::find_stmt): Handle m_var being NULL.
(readability): Increase penalty for MEM_REF. For SSA_NAMEs,
slightly favor the underlying var over the SSA name. Heavily
penalize temporaries. Handle RESULT_DECL.
(readability_comparator): Make non-static. Consider stack depths.
(impl_region_model_context::on_state_leak): Convert from svalue_id
to const svalue *, updating for region_model changes. Use
id_equal.
(impl_region_model_context::on_inherited_svalue): Delete.
(impl_region_model_context::on_cast): Delete.
(impl_region_model_context::on_condition): Drop m_change.
(impl_region_model_context::on_phi): Likewise.
(impl_region_model_context::on_unexpected_tree_code): Handle t
being NULL.
(point_and_state::validate): Update stack checking for
region_model changes.
(eg_traits::dump_args_t::show_enode_details_p): New.
(exploded_node::exploded_node): Initialize m_num_processed_stmts.
(exploded_node::get_processed_stmt): New function.
(exploded_node::get_dot_fillcolor): Add more colors.
(exploded_node::dump_dot): Guard the printing of the point and
state with show_enode_details_p. Print the processed stmts for
this enode after the initial state.
(exploded_node::dump_to_pp): Pass true for new multiline param
of program_state::dump_to_pp.
(exploded_node::on_stmt): Drop "change" param. Log the stmt.
Set input_location. Implement __analyzer_describe. Update
implementation of __analyzer_dump and __analyzer_eval.
Remove purging of sm-state for unknown fncalls from here.
(exploded_node::on_edge): Drop "change" param.
(exploded_node::on_longjmp): Port from region_id/svalue_id to
const region */const svalue *. Call program_state::detect_leaks.
Drop state_change.
(exploded_node::detect_leaks): Update for changes to region_model.
Call program_state::detect_leaks.
(exploded_edge::exploded_edge): Drop ext_state and change params.
(exploded_edge::dump_dot): "args" is no longer used. Drop dumping
of m_change.
(exploded_graph::exploded_graph): Pass engine to
m_diagnostic_manager ctor. Use program_point::origin.
(exploded_graph::add_function_entry): Drop ctxt. Use
program_state::push_frame. Drop state_change.
(exploded_graph::get_or_create_node): Drop "change" param. Add
"enode_for_diag" param. Update dumping calls for API changes.
Pass point to can_merge_with_p. Show enode indices
within -Wanalyzer-too-complex diagnostic for hitting the per-point
limit.
(exploded_graph::add_edge): Drop "change" param. Log which nodes
are being connected. Update for changes to exploded_edge ctor.
(exploded_graph::get_per_program_point_data): New.
(exploded_graph::process_worklist): Pass point to
can_merge_with_p. Drop state_change. Update dumping call for API
change.
(exploded_graph::process_node): Drop state_change. Split the
node in-place if an sm-state-change occurs. Update
m_num_processed_stmts. Update dumping calls for API change.
(exploded_graph::log_stats): Call engine::log_stats.
(exploded_graph::dump_states_for_supernode): Update dumping
call.
(exploded_path::feasible_p): Add "eng" and "eg" params.
Rename "i" to "end_idx". Pass the manager to the region_model
ctor. Update for every processed stmt in the enode, not just the
first. Keep track of which snodes have been visited, and call
loop_replay_fixup when revisiting one.
(enode_label::get_text): Update dump call for new param.
(exploded_graph::dump_exploded_nodes): Likewise.
(exploded_graph::get_node_by_index): New.
(impl_run_checkers): Create engine instance and pass its address
to extrinsic_state ctor.
* exploded-graph.h
(impl_region_model_context::impl_region_model_context): Drop
"change" params.
(impl_region_model_context::void remap_svalue_ids): Delete.
(impl_region_model_context::on_svalue_purge): Delete.
(impl_region_model_context::on_svalue_leak): New.
(impl_region_model_context::on_liveness_change): New.
(impl_region_model_context::on_state_leak): Update signature.
(impl_region_model_context::on_inherited_svalue): Delete.
(impl_region_model_context::on_cast): Delete.
(impl_region_model_context::on_unknown_change): Update signature.
(impl_region_model_context::m_change): Delete.
(eg_traits::dump_args_t::show_enode_details_p): New.
(exploded_node::on_stmt): Drop "change" param.
(exploded_node::on_edge): Likewise.
(exploded_node::get_processed_stmt): New decl.
(exploded_node::m_num_processed_stmts): New field.
(exploded_edge::exploded_edge): Drop ext_state and change params.
(exploded_edge::m_change): Delete.
(exploded_graph::get_engine): New accessor.
(exploded_graph::get_or_create_node): Drop "change" param. Add
"enode_for_diag" param.
(exploded_graph::add_edge): Drop "change" param.
(exploded_graph::get_per_program_point_data): New decl.
(exploded_graph::get_node_by_index): New decl.
(exploded_path::feasible_p): Add "eng" and "eg" params.
* program-point.cc: Include "analyzer/store.h" before including
"analyzer/region-model.h".
(function_point::function_point): Move here from
program-point.h.
(function_point::get_function): Likewise.
(function_point::from_function_entry): Likewise.
(function_point::before_supernode): Likewise.
(function_point::next_stmt): New function.
* program-point.h (function_point::function_point): Move
implementation from here to program-point.cc.
(function_point::get_function): Likewise.
(function_point::from_function_entry): Likewise.
(function_point::before_supernode): Likewise.
(function_point::next_stmt): New decl.
(program_point::operator!=): New.
(program_point::origin): New.
(program_point::next_stmt): New.
(program_point::m_function_point): Make non-const.
* program-state.cc: Move includes of "analyzer/call-string.h" and
"analyzer/program-point.h" to before "analyzer/region-model.h",
and also include "analyzer/store.h" before it.
(extrinsic_state::get_model_manager): New.
(sm_state_map::sm_state_map): Pass in sm and sm_idx to ctor,
rather than pass the around.
(sm_state_map::clone_with_remapping): Delete.
(sm_state_map::print): Remove "sm" param in favor of "m_sm". Add
"simple" and "multiline" params and support multiline vs single
line dumping.
(sm_state_map::dump): Remove "sm" param in favor of "m_sm". Add
"simple" param.
(sm_state_map::hash): Port from svalue_id to const svalue *.
(sm_state_map::operator==): Likewise.
(sm_state_map::get_state): Likewise. Call canonicalize_svalue on
input. Handle inheritance of sm-state. Call get_default_state.
(sm_state_map::get_origin): Port from svalue_id to const svalue *.
(sm_state_map::set_state): Likewise. Pass in ext_state. Reject
attempts to set state on UNKNOWN.
(sm_state_map::impl_set_state): Port from svalue_id to
const svalue *. Pass in ext_state. Call canonicalize_svalue on
input.
(sm_state_map::purge_for_unknown_fncall): Delete.
(sm_state_map::on_svalue_leak): New.
(sm_state_map::remap_svalue_ids): Delete.
(sm_state_map::on_liveness_change): New.
(sm_state_map::on_unknown_change): Reimplement.
(sm_state_map::on_svalue_purge): Delete.
(sm_state_map::on_inherited_svalue): Delete.
(sm_state_map::on_cast): Delete.
(sm_state_map::validate): Delete.
(sm_state_map::canonicalize_svalue): New.
(program_state::program_state): Update to pass manager to
region_model's ctor. Constify num_states and pass state machine
and index to sm_state_map ctor.
(program_state::print): Update for changes to dump API.
(program_state::dump_to_pp): Ignore the summarize param. Add
"multiline" param.
(program_state::dump_to_file): Add "multiline" param.
(program_state::dump): Pass "true" for new "multiline" param.
(program_state::push_frame): New.
(program_state::on_edge): Drop "change" param. Call
program_state::detect_leaks.
(program_state::prune_for_point): Add enode_for_diag param.
Reimplement based on store class. Call detect_leaks
(program_state::remap_svalue_ids): Delete.
(program_state::get_representative_tree): Port from svalue_id to
const svalue *.
(program_state::can_merge_with_p): Add "point" param. Add early
reject for sm-differences. Drop id remapping.
(program_state::validate): Drop region model and sm_state_map
validation.
(state_change::sm_change::dump): Delete.
(state_change::sm_change::remap_svalue_ids): Delete.
(state_change::sm_change::on_svalue_purge): Delete.
(log_set_of_svalues): New.
(state_change::sm_change::validate): Delete.
(state_change::state_change): Delete.
(state_change::add_sm_change): Delete.
(state_change::affects_p): Delete.
(state_change::dump): Delete.
(state_change::remap_svalue_ids): Delete.
(state_change::on_svalue_purge): Delete.
(state_change::validate): Delete.
(selftest::assert_dump_eq): Delete.
(ASSERT_DUMP_EQ): Delete.
(selftest::test_sm_state_map): Update for changes to region_model
and sm_state_map, porting from svalue_id to const svalue *.
(selftest::test_program_state_dumping): Likewise. Drop test of
dumping, renaming to...
(selftest::test_program_state_1): ...this.
(selftest::test_program_state_dumping_2): Likewise, renaming to...
(selftest::test_program_state_2): ...this.
(selftest::test_program_state_merging): Update for changes to
region_model.
(selftest::test_program_state_merging_2): Likewise.
(selftest::analyzer_program_state_cc_tests): Update for renamed
tests.
* program-state.h (extrinsic_state::extrinsic_state): Add logger
and engine params.
(extrinsic_state::get_logger): New accessor.
(extrinsic_state::get_engine): New accessor.
(extrinsic_state::get_model_manager): New accessor.
(extrinsic_state::m_logger): New field.
(extrinsic_state::m_engine): New field.
(struct default_hash_traits<svalue_id>): Delete.
(pod_hash_traits<svalue_id>::hash): Delete.
(pod_hash_traits<svalue_id>::equal): Delete.
(pod_hash_traits<svalue_id>::mark_deleted): Delete.
(pod_hash_traits<svalue_id>::mark_empty): Delete.
(pod_hash_traits<svalue_id>::is_deleted): Delete.
(pod_hash_traits<svalue_id>::is_empty): Delete.
(sm_state_map::entry_t::entry_t): Port from svalue_id to
const svalue *.
(sm_state_map::entry_t::m_origin): Likewise.
(sm_state_map::map_t): Likewise.
(sm_state_map::sm_state_map): Add state_machine and index params.
(sm_state_map::clone_with_remapping): Delete.
(sm_state_map::print): Drop sm param; add simple and multiline
params.
(sm_state_map::dump): Drop sm param; add simple param.
(sm_state_map::get_state): Port from svalue_id to const svalue *.
Add ext_state param.
(sm_state_map::get_origin): Likewise.
(sm_state_map::set_state): Likewise.
(sm_state_map::impl_set_state): Likewise.
(sm_state_map::purge_for_unknown_fncall): Delete.
(sm_state_map::remap_svalue_ids): Delete.
(sm_state_map::on_svalue_purge): Delete.
(sm_state_map::on_svalue_leak): New.
(sm_state_map::on_liveness_change): New.
(sm_state_map::on_inherited_svalue): Delete.
(sm_state_map::on_cast): Delete.
(sm_state_map::validate): Delete.
(sm_state_map::on_unknown_change): Port from svalue_id to
const svalue *. Add is_mutable and ext_state params.
(sm_state_map::canonicalize_svalue): New.
(sm_state_map::m_sm): New field.
(sm_state_map::m_sm_idx): New field.
(program_state::operator=): Delete.
(program_state::dump_to_pp): Drop "summarize" param, adding
"simple" and "multiline".
(program_state::dump_to_file): Likewise.
(program_state::dump): Rename "summarize" to "simple".
(program_state::push_frame): New.
(program_state::get_current_function): New.
(program_state::on_edge): Drop "change" param.
(program_state::prune_for_point): Likewise. Add enode_for_diag
param.
(program_state::remap_svalue_ids): Delete.
(program_state::get_representative_tree): Port from svalue_id to
const svalue *.
(program_state::can_purge_p): Likewise. Pass ext_state to get_state.
(program_state::can_merge_with_p): Add point param.
(program_state::detect_leaks): New.
(state_change_visitor::on_state_change): Port from tree and
svalue_id to a pair of const svalue *.
(class state_change): Delete.
* region.cc: New file.
* region-model-impl-calls.cc: New file.
* region-model-manager.cc: New file.
* region-model-reachability.cc: New file.
* region-model-reachability.h: New file.
* region-model.cc: Include "analyzer/call-string.h",
"analyzer/program-point.h", and "analyzer/store.h" before
"analyzer/region-model.h". Include
"analyzer/region-model-reachability.h".
(dump_tree): Make non-static.
(dump_quoted_tree): Make non-static.
(print_quoted_type): Make non-static.
(path_var::dump): Delete.
(dump_separator): Delete.
(class impl_constraint_manager): Delete.
(svalue_id::print): Delete.
(svalue_id::dump_node_name_to_pp): Delete.
(svalue_id::validate): Delete.
(region_id::print): Delete.
(region_id::dump_node_name_to_pp): Delete.
(region_id::validate): Delete.
(region_id_set::region_id_set): Delete.
(svalue_id_set::svalue_id_set): Delete.
(svalue::operator==): Delete.
(svalue::hash): Delete.
(svalue::print): Delete.
(svalue::dump_dot_to_pp): Delete.
(svalue::remap_region_ids): Delete.
(svalue::walk_for_canonicalization): Delete.
(svalue::get_child_sid): Delete.
(svalue::maybe_get_constant): Delete.
(region_svalue::compare_fields): Delete.
(region_svalue::add_to_hash): Delete.
(region_svalue::print_details): Delete.
(region_svalue::dump_dot_to_pp): Delete.
(region_svalue::remap_region_ids): Delete.
(region_svalue::merge_values): Delete.
(region_svalue::walk_for_canonicalization): Delete.
(region_svalue::eval_condition): Delete.
(constant_svalue::compare_fields): Delete.
(constant_svalue::add_to_hash): Delete.
(constant_svalue::merge_values): Delete.
(constant_svalue::eval_condition): Move to svalue.cc.
(constant_svalue::print_details): Delete.
(constant_svalue::get_child_sid): Delete.
(unknown_svalue::compare_fields): Delete.
(unknown_svalue::add_to_hash): Delete.
(unknown_svalue::print_details): Delete.
(poison_kind_to_str): Move to svalue.cc.
(poisoned_svalue::compare_fields): Delete.
(poisoned_svalue::add_to_hash): Delete.
(poisoned_svalue::print_details): Delete.
(region_kind_to_str): Move to region.cc and reimplement.
(region::operator==): Delete.
(region::get_parent_region): Delete.
(region::set_value): Delete.
(region::become_active_view): Delete.
(region::deactivate_any_active_view): Delete.
(region::deactivate_view): Delete.
(region::get_value): Delete.
(region::get_inherited_child_sid): Delete.
(region_model::copy_region): Delete.
(region_model::copy_struct_region): Delete.
(region_model::copy_union_region): Delete.
(region_model::copy_array_region): Delete.
(region::hash): Delete.
(region::print): Delete.
(region::dump_dot_to_pp): Delete.
(region::dump_to_pp): Delete.
(region::dump_child_label): Delete.
(region::validate): Delete.
(region::remap_svalue_ids): Delete.
(region::remap_region_ids): Delete.
(region::add_view): Delete.
(region::get_view): Delete.
(region::region): Move to region.cc.
(region::add_to_hash): Delete.
(region::print_fields): Delete.
(region::non_null_p): Delete.
(primitive_region::clone): Delete.
(primitive_region::walk_for_canonicalization): Delete.
(map_region::map_region): Delete.
(map_region::compare_fields): Delete.
(map_region::print_fields): Delete.
(map_region::validate): Delete.
(map_region::dump_dot_to_pp): Delete.
(map_region::dump_child_label): Delete.
(map_region::get_or_create): Delete.
(map_region::get): Delete.
(map_region::add_to_hash): Delete.
(map_region::remap_region_ids): Delete.
(map_region::unbind): Delete.
(map_region::get_tree_for_child_region): Delete.
(map_region::get_tree_for_child_region): Delete.
(tree_cmp): Move to region.cc.
(map_region::can_merge_p): Delete.
(map_region::walk_for_canonicalization): Delete.
(map_region::get_value_by_name): Delete.
(struct_or_union_region::valid_key_p): Delete.
(struct_or_union_region::compare_fields): Delete.
(struct_region::clone): Delete.
(struct_region::compare_fields): Delete.
(union_region::clone): Delete.
(union_region::compare_fields): Delete.
(frame_region::compare_fields): Delete.
(frame_region::clone): Delete.
(frame_region::valid_key_p): Delete.
(frame_region::print_fields): Delete.
(frame_region::add_to_hash): Delete.
(globals_region::compare_fields): Delete.
(globals_region::clone): Delete.
(globals_region::valid_key_p): Delete.
(code_region::compare_fields): Delete.
(code_region::clone): Delete.
(code_region::valid_key_p): Delete.
(array_region::array_region): Delete.
(array_region::get_element): Delete.
(array_region::clone): Delete.
(array_region::compare_fields): Delete.
(array_region::print_fields): Delete.
(array_region::validate): Delete.
(array_region::dump_dot_to_pp): Delete.
(array_region::dump_child_label): Delete.
(array_region::get_or_create): Delete.
(array_region::get): Delete.
(array_region::add_to_hash): Delete.
(array_region::remap_region_ids): Delete.
(array_region::get_key_for_child_region): Delete.
(array_region::key_cmp): Delete.
(array_region::walk_for_canonicalization): Delete.
(array_region::key_from_constant): Delete.
(array_region::constant_from_key): Delete.
(function_region::compare_fields): Delete.
(function_region::clone): Delete.
(function_region::valid_key_p): Delete.
(stack_region::stack_region): Delete.
(stack_region::compare_fields): Delete.
(stack_region::clone): Delete.
(stack_region::print_fields): Delete.
(stack_region::dump_child_label): Delete.
(stack_region::validate): Delete.
(stack_region::push_frame): Delete.
(stack_region::get_current_frame_id): Delete.
(stack_region::pop_frame): Delete.
(stack_region::add_to_hash): Delete.
(stack_region::remap_region_ids): Delete.
(stack_region::can_merge_p): Delete.
(stack_region::walk_for_canonicalization): Delete.
(stack_region::get_value_by_name): Delete.
(heap_region::heap_region): Delete.
(heap_region::compare_fields): Delete.
(heap_region::clone): Delete.
(heap_region::walk_for_canonicalization): Delete.
(root_region::root_region): Delete.
(root_region::compare_fields): Delete.
(root_region::clone): Delete.
(root_region::print_fields): Delete.
(root_region::validate): Delete.
(root_region::dump_child_label): Delete.
(root_region::push_frame): Delete.
(root_region::get_current_frame_id): Delete.
(root_region::pop_frame): Delete.
(root_region::ensure_stack_region): Delete.
(root_region::get_stack_region): Delete.
(root_region::ensure_globals_region): Delete.
(root_region::get_code_region): Delete.
(root_region::ensure_code_region): Delete.
(root_region::get_globals_region): Delete.
(root_region::ensure_heap_region): Delete.
(root_region::get_heap_region): Delete.
(root_region::remap_region_ids): Delete.
(root_region::can_merge_p): Delete.
(root_region::add_to_hash): Delete.
(root_region::walk_for_canonicalization): Delete.
(root_region::get_value_by_name): Delete.
(symbolic_region::symbolic_region): Delete.
(symbolic_region::compare_fields): Delete.
(symbolic_region::clone): Delete.
(symbolic_region::walk_for_canonicalization): Delete.
(symbolic_region::print_fields): Delete.
(region_model::region_model): Add region_model_manager * param.
Reimplement in terms of store, dropping impl_constraint_manager
subclass.
(region_model::operator=): Reimplement in terms of store
(region_model::operator==): Likewise.
(region_model::hash): Likewise.
(region_model::print): Delete.
(region_model::print_svalue): Delete.
(region_model::dump_dot_to_pp): Delete.
(region_model::dump_dot_to_file): Delete.
(region_model::dump_dot): Delete.
(region_model::dump_to_pp): Replace "summarize" param with
"simple" and "multiline". Port to store-based implementation.
(region_model::dump): Replace "summarize" param with "simple" and
"multiline".
(dump_vec_of_tree): Delete.
(region_model::dump_summary_of_rep_path_vars): Delete.
(region_model::validate): Delete.
(svalue_id_cmp_by_constant_svalue_model): Delete.
(svalue_id_cmp_by_constant_svalue): Delete.
(region_model::canonicalize): Drop "ctxt" param. Reimplement in
terms of store and constraints.
(region_model::canonicalized_p): Remove NULL arg to canonicalize.
(region_model::loop_replay_fixup): New.
(poisoned_value_diagnostic::emit): Tweak wording of warnings.
(region_model::check_for_poison): Delete.
(region_model::get_gassign_result): New.
(region_model::on_assignment): Port to store-based implementation.
(region_model::on_call_pre): Delete calls to check_for_poison.
Move implementations to region-model-impl-calls.c and port to
store-based implementation.
(region_model::on_call_post): Likewise.
(class reachable_regions): Move to region-model-reachability.h/cc
and port to store-based implementation.
(region_model::handle_unrecognized_call): Port to store-based
implementation.
(region_model::get_reachable_svalues): New.
(region_model::on_setjmp): Port to store-based implementation.
(region_model::on_longjmp): Likewise.
(region_model::handle_phi): Drop is_back_edge param and the logic
using it.
(region_model::get_lvalue_1): Port from region_id to const region *.
(region_model::make_region_for_unexpected_tree_code): Delete.
(assert_compat_types): If the check fails, use internal_error to
show the types.
(region_model::get_lvalue): Port from region_id to const region *.
(region_model::get_rvalue_1): Port from svalue_id to const svalue *.
(region_model::get_rvalue): Likewise.
(region_model::get_or_create_ptr_svalue): Delete.
(region_model::get_or_create_constant_svalue): Delete.
(region_model::get_svalue_for_fndecl): Delete.
(region_model::get_region_for_fndecl): Delete.
(region_model::get_svalue_for_label): Delete.
(region_model::get_region_for_label): Delete.
(build_cast): Delete.
(region_model::maybe_cast_1): Delete.
(region_model::maybe_cast): Delete.
(region_model::get_field_region): Delete.
(region_model::get_store_value): New.
(region_model::region_exists_p): New.
(region_model::deref_rvalue): Port from svalue_id to const svalue *.
(region_model::set_value): Likewise.
(region_model::clobber_region): New.
(region_model::purge_region): New.
(region_model::zero_fill_region): New.
(region_model::mark_region_as_unknown): New.
(region_model::eval_condition): Port from svalue_id to
const svalue *.
(region_model::eval_condition_without_cm): Likewise.
(region_model::compare_initial_and_pointer): New.
(region_model::add_constraint): Port from svalue_id to
const svalue *.
(region_model::maybe_get_constant): Delete.
(region_model::get_representative_path_var): New.
(region_model::add_new_malloc_region): Delete.
(region_model::get_representative_tree): Port to const svalue *.
(region_model::get_representative_path_var): Port to
const region *.
(region_model::get_path_vars_for_svalue): Delete.
(region_model::set_to_new_unknown_value): Delete.
(region_model::update_for_phis): Don't pass is_back_edge to handle_phi.
(region_model::update_for_call_superedge): Port from svalue_id to
const svalue *.
(region_model::update_for_return_superedge): Port to store-based
implementation.
(region_model::update_for_call_summary): Replace
set_to_new_unknown_value with mark_region_as_unknown.
(region_model::get_root_region): Delete.
(region_model::get_stack_region_id): Delete.
(region_model::push_frame): Delete.
(region_model::get_current_frame_id): Delete.
(region_model::get_current_function): Delete.
(region_model::pop_frame): Delete.
(region_model::on_top_level_param): New.
(region_model::get_stack_depth): Delete.
(region_model::get_function_at_depth): Delete.
(region_model::get_globals_region_id): Delete.
(region_model::add_svalue): Delete.
(region_model::replace_svalue): Delete.
(region_model::add_region): Delete.
(region_model::get_svalue): Delete.
(region_model::get_region): Delete.
(make_region_for_type): Delete.
(region_model::add_region_for_type): Delete.
(region_model::on_top_level_param): New.
(class restrict_to_used_svalues): Delete.
(region_model::purge_unused_svalues): Delete.
(region_model::push_frame): New.
(region_model::remap_svalue_ids): Delete.
(region_model::remap_region_ids): Delete.
(region_model::purge_regions): Delete.
(region_model::get_descendents): Delete.
(region_model::delete_region_and_descendents): Delete.
(region_model::poison_any_pointers_to_bad_regions): Delete.
(region_model::can_merge_with_p): Delete.
(region_model::get_current_function): New.
(region_model::get_value_by_name): Delete.
(region_model::convert_byte_offset_to_array_index): Delete.
(region_model::pop_frame): New.
(region_model::get_or_create_mem_ref): Delete.
(region_model::get_stack_depth): New.
(region_model::get_frame_at_index): New.
(region_model::unbind_region_and_descendents): New.
(struct bad_pointer_finder): New.
(region_model::get_or_create_pointer_plus_expr): Delete.
(region_model::poison_any_pointers_to_descendents): New.
(region_model::get_or_create_view): Delete.
(region_model::can_merge_with_p): New.
(region_model::get_fndecl_for_call): Port from svalue_id to
const svalue *.
(struct append_ssa_names_cb_data): New.
(get_ssa_name_regions_for_current_frame): New.
(region_model::append_ssa_names_cb): New.
(model_merger::dump_to_pp): Add "simple" param. Drop dumping of
remappings.
(model_merger::dump): Add "simple" param to both overloads.
(model_merger::can_merge_values_p): Delete.
(model_merger::record_regions): Delete.
(model_merger::record_svalues): Delete.
(svalue_id_merger_mapping::svalue_id_merger_mapping): Delete.
(svalue_id_merger_mapping::dump_to_pp): Delete.
(svalue_id_merger_mapping::dump): Delete.
(region_model::create_region_for_heap_alloc): New.
(region_model::create_region_for_alloca): New.
(region_model::record_dynamic_extents): New.
(canonicalization::canonicalization): Delete.
(canonicalization::walk_rid): Delete.
(canonicalization::walk_sid): Delete.
(canonicalization::dump_to_pp): Delete.
(canonicalization::dump): Delete.
(inchash::add): Delete overloads for svalue_id and region_id.
(engine::log_stats): New.
(assert_condition): Add overload comparing svalues.
(assert_dump_eq): Pass "true" for multiline.
(selftest::test_dump): Update for rewrite of region_model.
(selftest::test_dump_2): Rename to...
(selftest::test_struct): ...this. Provide a region_model_manager
when creating region_model instance. Remove dump test. Add
checks for get_offset.
(selftest::test_dump_3): Rename to...
(selftest::test_array_1): ...this. Provide a region_model_manager
when creating region_model instance. Remove dump test.
(selftest::test_get_representative_tree): Port from svalue_id to
new API. Add test coverage for various expressions.
(selftest::test_unique_constants): Provide a region_model_manager
for the region_model. Add test coverage for comparing const vs
non-const.
(selftest::test_svalue_equality): Delete.
(selftest::test_region_equality): Delete.
(selftest::test_unique_unknowns): New.
(class purge_all_svalue_ids): Delete.
(class purge_one_svalue_id): Delete.
(selftest::test_purging_by_criteria): Delete.
(selftest::test_initial_svalue_folding): New.
(selftest::test_unaryop_svalue_folding): New.
(selftest::test_binop_svalue_folding): New.
(selftest::test_sub_svalue_folding): New.
(selftest::test_purge_unused_svalues): Delete.
(selftest::test_descendent_of_p): New.
(selftest::test_assignment): Provide a region_model_manager for
the region_model. Drop the dump test.
(selftest::test_compound_assignment): Likewise.
(selftest::test_stack_frames): Port to new implementation.
(selftest::test_get_representative_path_var): Likewise.
(selftest::test_canonicalization_1): Rename to...
(selftest::test_equality_1): ...this. Port to new API, and add
(selftest::test_canonicalization_2): Provide a
region_model_manager when creating region_model instances.
Remove redundant canicalization.
(selftest::test_canonicalization_3): Provide a
region_model_manager when creating region_model instances.
Remove param from calls to region_model::canonicalize.
(selftest::test_canonicalization_4): Likewise.
(selftest::assert_region_models_merge): Constify
out_merged_svalue. Port to new API.
(selftest::test_state_merging): Provide a
region_model_manager when creating region_model instances.
Provide a program_point point when merging them. Replace
set_to_new_unknown_value with usage of placeholder_svalues.
Drop get_value_by_name. Port from svalue_id to const svalue *.
Add test of heap allocation.
(selftest::test_constraint_merging): Provide a
region_model_manager when creating region_model instances.
Provide a program_point point when merging them. Eliminate use
of set_to_new_unknown_value.
(selftest::test_widening_constraints): New.
(selftest::test_iteration_1): New.
(selftest::test_malloc_constraints): Port to store-based
implementation.
(selftest::test_var): New test.
(selftest::test_array_2): New test.
(selftest::test_mem_ref): New test.
(selftest::test_POINTER_PLUS_EXPR_then_MEM_REF): New.
(selftest::test_malloc): New.
(selftest::test_alloca): New.
(selftest::analyzer_region_model_cc_tests): Update for renamings.
Call new functions.
* region-model.h (class path_var): Move to analyzer.h.
(class svalue_id): Delete.
(class region_id): Delete.
(class id_map): Delete.
(svalue_id_map): Delete.
(region_id_map): Delete.
(id_map<T>::id_map): Delete.
(id_map<T>::put): Delete.
(id_map<T>::get_dst_for_src): Delete.
(id_map<T>::get_src_for_dst): Delete.
(id_map<T>::dump_to_pp): Delete.
(id_map<T>::dump): Delete.
(id_map<T>::update): Delete.
(one_way_svalue_id_map): Delete.
(one_way_region_id_map): Delete.
(class region_id_set): Delete.
(class svalue_id_set): Delete.
(struct complexity): New.
(class visitor): New.
(enum svalue_kind): Add SK_SETJMP, SK_INITIAL, SK_UNARYOP,
SK_BINOP, SK_SUB,SK_UNMERGEABLE, SK_PLACEHOLDER, SK_WIDENING,
SK_COMPOUND, and SK_CONJURED.
(svalue::operator==): Delete.
(svalue::operator!=): Delete.
(svalue::clone): Delete.
(svalue::hash): Delete.
(svalue::dump_dot_to_pp): Delete.
(svalue::dump_to_pp): New.
(svalue::dump): New.
(svalue::get_desc): New.
(svalue::dyn_cast_initial_svalue): New.
(svalue::dyn_cast_unaryop_svalue): New.
(svalue::dyn_cast_binop_svalue): New.
(svalue::dyn_cast_sub_svalue): New.
(svalue::dyn_cast_unmergeable_svalue): New.
(svalue::dyn_cast_widening_svalue): New.
(svalue::dyn_cast_compound_svalue): New.
(svalue::dyn_cast_conjured_svalue): New.
(svalue::maybe_undo_cast): New.
(svalue::unwrap_any_unmergeable): New.
(svalue::remap_region_ids): Delete
(svalue::can_merge_p): New.
(svalue::walk_for_canonicalization): Delete
(svalue::get_complexity): New.
(svalue::get_child_sid): Delete
(svalue::accept): New.
(svalue::live_p): New.
(svalue::implicitly_live_p): New.
(svalue::svalue): Add complexity param.
(svalue::add_to_hash): Delete
(svalue::print_details): Delete
(svalue::m_complexity): New field.
(region_svalue::key_t): New struct.
(region_svalue::region_svalue): Port from region_id to
const region_id *. Add complexity.
(region_svalue::compare_fields): Delete.
(region_svalue::clone): Delete.
(region_svalue::dump_dot_to_pp): Delete.
(region_svalue::get_pointee): Port from region_id to
const region_id *.
(region_svalue::remap_region_ids): Delete.
(region_svalue::merge_values): Delete.
(region_svalue::dump_to_pp): New.
(region_svalue::accept): New.
(region_svalue::walk_for_canonicalization): Delete.
(region_svalue::eval_condition): Make params const.
(region_svalue::add_to_hash): Delete.
(region_svalue::print_details): Delete.
(region_svalue::m_rid): Replace with...
(region_svalue::m_reg): ...this.
(is_a_helper <region_svalue *>::test): Convert to...
(is_a_helper <const region_svalue *>::test): ...this.
(template <> struct default_hash_traits<region_svalue::key_t>):
New.
(constant_svalue::constant_svalue): Add complexity.
(constant_svalue::compare_fields): Delete.
(constant_svalue::clone): Delete.
(constant_svalue::add_to_hash): Delete.
(constant_svalue::dump_to_pp): New.
(constant_svalue::accept): New.
(constant_svalue::implicitly_live_p): New.
(constant_svalue::merge_values): Delete.
(constant_svalue::eval_condition): Make params const.
(constant_svalue::get_child_sid): Delete.
(constant_svalue::print_details): Delete.
(is_a_helper <constant_svalue *>::test): Convert to...
(is_a_helper <const constant_svalue *>::test): ...this.
(class unknown_svalue): Update leading comment.
(unknown_svalue::unknown_svalue): Add complexity.
(unknown_svalue::compare_fields): Delete.
(unknown_svalue::add_to_hash): Delete.
(unknown_svalue::dyn_cast_unknown_svalue): Delete.
(unknown_svalue::print_details): Delete.
(unknown_svalue::dump_to_pp): New.
(unknown_svalue::accept): New.
(poisoned_svalue::key_t): New struct.
(poisoned_svalue::poisoned_svalue): Add complexity.
(poisoned_svalue::compare_fields): Delete.
(poisoned_svalue::clone): Delete.
(poisoned_svalue::add_to_hash): Delete.
(poisoned_svalue::dump_to_pp): New.
(poisoned_svalue::accept): New.
(poisoned_svalue::print_details): Delete.
(is_a_helper <poisoned_svalue *>::test): Convert to...
(is_a_helper <const poisoned_svalue *>::test): ...this.
(template <> struct default_hash_traits<poisoned_svalue::key_t>):
New.
(setjmp_record::add_to_hash): New.
(setjmp_svalue::key_t): New struct.
(setjmp_svalue::compare_fields): Delete.
(setjmp_svalue::clone): Delete.
(setjmp_svalue::add_to_hash): Delete.
(setjmp_svalue::setjmp_svalue): Add complexity.
(setjmp_svalue::dump_to_pp): New.
(setjmp_svalue::accept): New.
(setjmp_svalue::void print_details): Delete.
(is_a_helper <const setjmp_svalue *>::test): New.
(template <> struct default_hash_traits<setjmp_svalue::key_t>): New.
(class initial_svalue : public svalue): New.
(is_a_helper <const initial_svalue *>::test): New.
(class unaryop_svalue): New.
(is_a_helper <const unaryop_svalue *>::test): New.
(template <> struct default_hash_traits<unaryop_svalue::key_t>): New.
(class binop_svalue): New.
(is_a_helper <const binop_svalue *>::test): New.
(template <> struct default_hash_traits<binop_svalue::key_t>): New.
(class sub_svalue): New.
(is_a_helper <const sub_svalue *>::test): New.
(template <> struct default_hash_traits<sub_svalue::key_t>): New.
(class unmergeable_svalue): New.
(is_a_helper <const unmergeable_svalue *>::test): New.
(class placeholder_svalue): New.
(is_a_helper <placeholder_svalue *>::test): New.
(class widening_svalue): New.
(is_a_helper <widening_svalue *>::test): New.
(template <> struct default_hash_traits<widening_svalue::key_t>): New.
(class compound_svalue): New.
(is_a_helper <compound_svalue *>::test): New.
(template <> struct default_hash_traits<compound_svalue::key_t>): New.
(class conjured_svalue): New.
(is_a_helper <conjured_svalue *>::test): New.
(template <> struct default_hash_traits<conjured_svalue::key_t>): New.
(enum region_kind): Delete RK_PRIMITIVE, RK_STRUCT, RK_UNION, and
RK_ARRAY. Add RK_LABEL, RK_DECL, RK_FIELD, RK_ELEMENT, RK_OFFSET,
RK_CAST, RK_HEAP_ALLOCATED, RK_ALLOCA, RK_STRING, and RK_UNKNOWN.
(region_kind_to_str): Delete.
(region::~region): Move implementation to region.cc.
(region::operator==): Delete.
(region::operator!=): Delete.
(region::clone): Delete.
(region::get_id): New.
(region::cmp_ids): New.
(region::dyn_cast_map_region): Delete.
(region::dyn_cast_array_region): Delete.
(region::region_id get_parent): Delete.
(region::get_parent_region): Convert to a simple accessor.
(region::void set_value): Delete.
(region::svalue_id get_value): Delete.
(region::svalue_id get_value_direct): Delete.
(region::svalue_id get_inherited_child_sid): Delete.
(region::dyn_cast_frame_region): New.
(region::dyn_cast_function_region): New.
(region::dyn_cast_decl_region): New.
(region::dyn_cast_field_region): New.
(region::dyn_cast_element_region): New.
(region::dyn_cast_offset_region): New.
(region::dyn_cast_cast_region): New.
(region::dyn_cast_string_region): New.
(region::accept): New.
(region::get_base_region): New.
(region::base_region_p): New.
(region::descendent_of_p): New.
(region::maybe_get_frame_region): New.
(region::maybe_get_decl): New.
(region::hash): Delete.
(region::rint): Delete.
(region::dump_dot_to_pp): Delete.
(region::get_desc): New.
(region::dump_to_pp): Convert to vfunc, changing signature.
(region::dump_child_label): Delete.
(region::remap_svalue_ids): Delete.
(region::remap_region_ids): Delete.
(region::dump): New.
(region::walk_for_canonicalization): Delete.
(region::non_null_p): Drop region_model param.
(region::add_view): Delete.
(region::get_view): Delete.
(region::get_active_view): Delete.
(region::is_view_p): Delete.
(region::cmp_ptrs): New.
(region::validate): Delete.
(region::get_offset): New.
(region::get_byte_size): New.
(region::get_bit_size): New.
(region::get_subregions_for_binding): New.
(region::region): Add complexity param. Convert parent from
region_id to const region *. Drop svalue_id. Drop copy ctor.
(region::symbolic_for_unknown_ptr_p): New.
(region::add_to_hash): Delete.
(region::print_fields): Delete.
(region::get_complexity): New accessor.
(region::become_active_view): Delete.
(region::deactivate_any_active_view): Delete.
(region::deactivate_view): Delete.
(region::calc_offset): New.
(region::m_parent_rid): Delete.
(region::m_sval_id): Delete.
(region::m_complexity): New.
(region::m_id): New.
(region::m_parent): New.
(region::m_view_rids): Delete.
(region::m_is_view): Delete.
(region::m_active_view_rid): Delete.
(region::m_cached_offset): New.
(is_a_helper <region *>::test): Convert to...
(is_a_helper <const region *>::test): ... this.
(class primitive_region): Delete.
(class space_region): New.
(class map_region): Delete.
(is_a_helper <map_region *>::test): Delete.
(class frame_region): Reimplement.
(template <> struct default_hash_traits<frame_region::key_t>):
New.
(class globals_region): Reimplement.
(is_a_helper <globals_region *>::test): Convert to...
(is_a_helper <const globals_region *>::test): ...this.
(class struct_or_union_region): Delete.
(is_a_helper <struct_or_union_region *>::test): Delete.
(class code_region): Reimplement.
(is_a_helper <const code_region *>::test): New.
(class struct_region): Delete.
(is_a_helper <struct_region *>::test): Delete.
(class function_region): Reimplement.
(is_a_helper <function_region *>::test): Convert to...
(is_a_helper <const function_region *>::test): ...this.
(class union_region): Delete.
(is_a_helper <union_region *>::test): Delete.
(class label_region): New.
(is_a_helper <const label_region *>::test): New.
(class scope_region): Delete.
(class stack_region): Reimplement.
(is_a_helper <stack_region *>::test): Convert to...
(is_a_helper <const stack_region *>::test): ...this.
(class heap_region): Reimplement.
(is_a_helper <heap_region *>::test): Convert to...
(is_a_helper <const heap_region *>::test): ...this.
(class root_region): Reimplement.
(is_a_helper <root_region *>::test): Convert to...
(is_a_helper <const root_region *>::test): ...this.
(class symbolic_region): Reimplement.
(is_a_helper <const symbolic_region *>::test): New.
(template <> struct default_hash_traits<symbolic_region::key_t>):
New.
(class decl_region): New.
(is_a_helper <const decl_region *>::test): New.
(class field_region): New.
(template <> struct default_hash_traits<field_region::key_t>): New.
(class array_region): Delete.
(class element_region): New.
(is_a_helper <array_region *>::test): Delete.
(is_a_helper <const element_region *>::test): New.
(template <> struct default_hash_traits<element_region::key_t>):
New.
(class offset_region): New.
(is_a_helper <const offset_region *>::test): New.
(template <> struct default_hash_traits<offset_region::key_t>):
New.
(class cast_region): New.
(is_a_helper <const cast_region *>::test): New.
(template <> struct default_hash_traits<cast_region::key_t>): New.
(class heap_allocated_region): New.
(class alloca_region): New.
(class string_region): New.
(is_a_helper <const string_region *>::test): New.
(class unknown_region): New.
(class region_model_manager): New.
(struct append_ssa_names_cb_data): New.
(class call_details): New.
(region_model::region_model): Add region_model_manager param.
(region_model::print_svalue): Delete.
(region_model::dump_dot_to_pp): Delete.
(region_model::dump_dot_to_file): Delete.
(region_model::dump_dot): Delete.
(region_model::dump_to_pp): Drop summarize param in favor of
simple and multiline.
(region_model::dump): Likewise.
(region_model::summarize_to_pp): Delete.
(region_model::summarize): Delete.
(region_model::void canonicalize): Drop ctxt param.
(region_model::void check_for_poison): Delete.
(region_model::get_gassign_result): New.
(region_model::impl_call_alloca): New.
(region_model::impl_call_analyzer_describe): New.
(region_model::impl_call_analyzer_eval): New.
(region_model::impl_call_builtin_expect): New.
(region_model::impl_call_calloc): New.
(region_model::impl_call_free): New.
(region_model::impl_call_malloc): New.
(region_model::impl_call_memset): New.
(region_model::impl_call_strlen): New.
(region_model::get_reachable_svalues): New.
(region_model::handle_phi): Drop is_back_edge param.
(region_model::region_id get_root_rid): Delete.
(region_model::root_region *get_root_region): Delete.
(region_model::region_id get_stack_region_id): Delete.
(region_model::push_frame): Convert from region_id and svalue_id
to const region * and const svalue *.
(region_model::get_current_frame_id): Replace with...
(region_model::get_current_frame): ...this.
(region_model::pop_frame): Convert from region_id to
const region *. Drop purge and stats param. Add out_result.
(region_model::function *get_function_at_depth): Delete.
(region_model::get_globals_region_id): Delete.
(region_model::add_svalue): Delete.
(region_model::replace_svalue): Delete.
(region_model::add_region): Delete.
(region_model::add_region_for_type): Delete.
(region_model::get_svalue): Delete.
(region_model::get_region): Delete.
(region_model::get_lvalue): Convert from region_id to
const region *.
(region_model::get_rvalue): Convert from svalue_id to
const svalue *.
(region_model::get_or_create_ptr_svalue): Delete.
(region_model::get_or_create_constant_svalue): Delete.
(region_model::get_svalue_for_fndecl): Delete.
(region_model::get_svalue_for_label): Delete.
(region_model::get_region_for_fndecl): Delete.
(region_model::get_region_for_label): Delete.
(region_model::get_frame_at_index (int index) const;): New.
(region_model::maybe_cast): Delete.
(region_model::maybe_cast_1): Delete.
(region_model::get_field_region): Delete.
(region_model::id deref_rvalue): Convert from region_id and
svalue_id to const region * and const svalue *. Drop overload,
passing in both a tree and an svalue.
(region_model::set_value): Convert from region_id and svalue_id to
const region * and const svalue *.
(region_model::set_to_new_unknown_value): Delete.
(region_model::clobber_region (const region *reg);): New.
(region_model::purge_region (const region *reg);): New.
(region_model::zero_fill_region (const region *reg);): New.
(region_model::mark_region_as_unknown (const region *reg);): New.
(region_model::copy_region): Convert from region_id to
const region *.
(region_model::eval_condition): Convert from svalue_id to
const svalue *.
(region_model::eval_condition_without_cm): Likewise.
(region_model::compare_initial_and_pointer): New.
(region_model:maybe_get_constant): Delete.
(region_model::add_new_malloc_region): Delete.
(region_model::get_representative_tree): Convert from svalue_id to
const svalue *.
(region_model::get_representative_path_var): Delete decl taking a
region_id in favor of two decls, for svalue vs region, with an
svalue_set to ensure termination.
(region_model::get_path_vars_for_svalue): Delete.
(region_model::create_region_for_heap_alloc): New.
(region_model::create_region_for_alloca): New.
(region_model::purge_unused_svalues): Delete.
(region_model::remap_svalue_ids): Delete.
(region_model::remap_region_ids): Delete.
(region_model::purge_regions): Delete.
(region_model::get_num_svalues): Delete.
(region_model::get_num_regions): Delete.
(region_model::get_descendents): Delete.
(region_model::get_store): New.
(region_model::delete_region_and_descendents): Delete.
(region_model::get_manager): New.
(region_model::unbind_region_and_descendents): New.
(region_model::can_merge_with_p): Add point param. Drop
svalue_id_merger_mapping.
(region_model::get_value_by_name): Delete.
(region_model::convert_byte_offset_to_array_index): Delete.
(region_model::get_or_create_mem_ref): Delete.
(region_model::get_or_create_pointer_plus_expr): Delete.
(region_model::get_or_create_view): Delete.
(region_model::get_lvalue_1): Convert from region_id to
const region *.
(region_model::get_rvalue_1): Convert from svalue_id to
const svalue *.
(region_model::get_ssa_name_regions_for_current_frame): New.
(region_model::append_ssa_names_cb): New.
(region_model::get_store_value): New.
(region_model::copy_struct_region): Delete.
(region_model::copy_union_region): Delete.
(region_model::copy_array_region): Delete.
(region_model::region_exists_p): New.
(region_model::make_region_for_unexpected_tree_code): Delete.
(region_model::loop_replay_fixup): New.
(region_model::poison_any_pointers_to_bad_regions): Delete.
(region_model::poison_any_pointers_to_descendents): New.
(region_model::dump_summary_of_rep_path_vars): Delete.
(region_model::on_top_level_param): New.
(region_model::record_dynamic_extents): New.
(region_model::m_mgr;): New.
(region_model::m_store;): New.
(region_model::m_svalues;): Delete.
(region_model::m_regions;): Delete.
(region_model::m_root_rid;): Delete.
(region_model::m_current_frame;): New.
(region_model_context::remap_svalue_ids): Delete.
(region_model_context::can_purge_p): Delete.
(region_model_context::on_svalue_leak): New.
(region_model_context::on_svalue_purge): Delete.
(region_model_context::on_liveness_change): New.
(region_model_context::on_inherited_svalue): Delete.
(region_model_context::on_cast): Delete.
(region_model_context::on_unknown_change): Convert from svalue_id to
const svalue * and add is_mutable.
(class noop_region_model_context): Update for region_model_context
changes.
(model_merger::model_merger): Add program_point. Drop
svalue_id_merger_mapping.
(model_merger::dump_to_pp): Add "simple" param.
(model_merger::dump): Likewise.
(model_merger::get_region_a): Delete.
(model_merger::get_region_b): Delete.
(model_merger::can_merge_values_p): Delete.
(model_merger::record_regions): Delete.
(model_merger::record_svalues): Delete.
(model_merger::m_point): New field.
(model_merger::m_map_regions_from_a_to_m): Delete.
(model_merger::m_map_regions_from_b_to_m): Delete.
(model_merger::m_sid_mapping): Delete.
(struct svalue_id_merger_mapping): Delete.
(class engine): New.
(struct canonicalization): Delete.
(inchash::add): Delete decls for hashing svalue_id and region_id.
(test_region_model_context::on_unexpected_tree_code): Require t to
be non-NULL.
(selftest::assert_condition): Add overload comparing a pair of
const svalue *.
* sm-file.cc: Include "tristate.h", "selftest.h",
"analyzer/call-string.h", "analyzer/program-point.h",
"analyzer/store.h", and "analyzer/region-model.h".
(fileptr_state_machine::get_default_state): New.
(fileptr_state_machine::on_stmt): Remove calls to
get_readable_tree in favor of get_diagnostic_tree.
* sm-malloc.cc: Include "tristate.h", "selftest.h",
"analyzer/call-string.h", "analyzer/program-point.h",
"analyzer/store.h", and "analyzer/region-model.h".
(malloc_state_machine::get_default_state): New.
(malloc_state_machine::reset_when_passed_to_unknown_fn_p): New.
(malloc_diagnostic::describe_state_change): Handle change.m_expr
being NULL.
(null_arg::emit): Avoid printing "NULL '0'".
(null_arg::describe_final_event): Avoid printing "(0) NULL".
(malloc_leak::emit): Handle m_arg being NULL.
(malloc_leak::describe_final_event): Handle ev.m_expr being NULL.
(malloc_state_machine::on_stmt): Don't call get_readable_tree.
Call get_diagnostic_tree when creating pending diagnostics.
Update for is_zero_assignment becoming a member function of
sm_ctxt.
Don't transition to m_non_heap for ADDR_EXPR(MEM_REF()).
(malloc_state_machine::reset_when_passed_to_unknown_fn_p): New
vfunc implementation.
* sm-sensitive.cc (sensitive_state_machine::warn_for_any_exposure): Call
get_diagnostic_tree and pass the result to warn_for_state.
* sm-signal.cc: Move includes of "analyzer/call-string.h" and
"analyzer/program-point.h" to before "analyzer/region-model.h",
and also include "analyzer/store.h" before it.
(signal_unsafe_call::describe_state_change): Use
get_dest_function to get handler.
(update_model_for_signal_handler): Pass manager to region_model
ctor.
(register_signal_handler::impl_transition): Update for changes to
get_or_create_node and add_edge.
* sm-taint.cc (taint_state_machine::on_stmt): Remove calls to
get_readable_tree, replacing them when calling warn_for_state with
calls to get_diagnostic_tree.
* sm.cc (is_zero_assignment): Delete.
(any_pointer_p): Move to within namespace ana.
* sm.h (is_zero_assignment): Remove decl.
(any_pointer_p): Move decl to within namespace ana.
(state_machine::get_default_state): New vfunc.
(state_machine::reset_when_passed_to_unknown_fn_p): New vfunc.
(sm_context::get_readable_tree): Rename to...
(sm_context::get_diagnostic_tree): ...this.
(sm_context::is_zero_assignment): New vfunc.
* store.cc: New file.
* store.h: New file.
* svalue.cc: New file.
gcc/testsuite/ChangeLog:
PR analyzer/93032
PR analyzer/93938
PR analyzer/94011
PR analyzer/94099
PR analyzer/94399
PR analyzer/94458
PR analyzer/94503
PR analyzer/94640
PR analyzer/94688
PR analyzer/94689
PR analyzer/94839
PR analyzer/95026
PR analyzer/95042
PR analyzer/95240
* g++.dg/analyzer/pr93212.C: Add dg-warning for dangling
reference.
* g++.dg/analyzer/pr93950.C: Remove xfail.
* g++.dg/analyzer/pr94011.C: New test.
* g++.dg/analyzer/pr94028.C: Remove leak false positives; mark as
failing on C++98.
* g++.dg/analyzer/pr94503.C: New test.
* g++.dg/analyzer/pr95042.C: New test.
* gcc.dg/analyzer/CVE-2005-1689-dedupe-issue-2.c: New test.
* gcc.dg/analyzer/CVE-2005-1689-dedupe-issue.c: Add xfail.
* gcc.dg/analyzer/CVE-2005-1689-minimal.c:
Include "analyzer-decls.h".
(test_4, test_5, test_6, test_7, test_8): New tests.
* gcc.dg/analyzer/abs-1.c: New test.
* gcc.dg/analyzer/aliasing-1.c: New test.
* gcc.dg/analyzer/aliasing-2.c: New test.
* gcc.dg/analyzer/analyzer-decls.h (__analyzer_describe): New
decl.
(__analyzer_dump_num_heap_regions): Remove.
* gcc.dg/analyzer/attribute-nonnull.c: Add dg-warnings for cases
where NULL is directly used as an argument.
* gcc.dg/analyzer/bzero-1.c: New test.
* gcc.dg/analyzer/casts-1.c: New test.
* gcc.dg/analyzer/casts-2.c: New test.
* gcc.dg/analyzer/compound-assignment-1.c
(test_4): Remove xfail from leak false positive.
(called_by_test_5a): Add "allocated here" expected message.
(called_by_test_5b): Make expected leak message more precise.
* gcc.dg/analyzer/compound-assignment-3.c: Update expected leak
message.
* gcc.dg/analyzer/compound-assignment-4.c: New test.
* gcc.dg/analyzer/compound-assignment-5.c: New test.
* gcc.dg/analyzer/conditionals-notrans.c: Remove xfails.
* gcc.dg/analyzer/data-model-1.c (test_12d): Update expected
results.
(test_13): Remove xfail.
(test_14): Remove xfail.
(test_15): Remove xfail.
(test_16): Remove xfails. Add out-of-bounds access.
(test_16_alt): Remove xfails.
(test_23): Remove xfail.
(test_24): Remove xfail.
(test_25): Remove xfail.
(test_26): Update expected result. Remove xfail. Add xfail.
(test_27): Remove xfails.
(test_29): Add __analyzer_eval pointer comparisons.
(test_41): Generalize expected output for u.ptr comparison with
NULL for targets where this could be known to be false.
(test_42): Remove xfail.
(test_51): Remove xfails.
* gcc.dg/analyzer/data-model-13.c: Update for improvements to
source location and wording of leak message.
* gcc.dg/analyzer/data-model-14.c: Remove -fanalyzer-fine-grained.
(test_1): Update for improvement to expected message.
(test_2): Remove xfail.
* gcc.dg/analyzer/data-model-18.c: Remove xfail.
* gcc.dg/analyzer/data-model-20.c: New test.
* gcc.dg/analyzer/data-model-5.c: Add dg-warning for deref of
NULL. Add xfailing false leak.
* gcc.dg/analyzer/data-model-5b.c: Add xfailing false leak.
* gcc.dg/analyzer/data-model-5c.c: Update xfailing false leak.
* gcc.dg/analyzer/data-model-5d.c: Reimplement.
* gcc.dg/analyzer/data-model-6.c: Delete test.
* gcc.dg/analyzer/data-model-8.c: Remove xfail.
* gcc.dg/analyzer/describe-1.c: New test.
* gcc.dg/analyzer/dot-output.c: Remove xfail.
* gcc.dg/analyzer/explode-1.c: Add expected leak warning.
* gcc.dg/analyzer/explode-2.c: Add expected leak warnings. Mark
double-free warnings as xfail for now.
* gcc.dg/analyzer/feasibility-1.c: New test.
* gcc.dg/analyzer/first-field-1.c: New test.
* gcc.dg/analyzer/first-field-2.c: New test.
* gcc.dg/analyzer/init.c: New test.
* gcc.dg/analyzer/leak-2.c: New test.
* gcc.dg/analyzer/loop-0-up-to-n-by-1-with-iter-obj.c: New test.
* gcc.dg/analyzer/loop-0-up-to-n-by-1.c: New test.
* gcc.dg/analyzer/loop-2a.c: Update expected behavior.
* gcc.dg/analyzer/loop-3.c: Mark use-after-free as xfail. Add
expected warning about deref of unchecked pointer.
* gcc.dg/analyzer/loop-4.c: Remove -fno-analyzer-state-purge.
Update expected behavior.
* gcc.dg/analyzer/loop-n-down-to-1-by-1.c: New test.
* gcc.dg/analyzer/loop-start-down-to-end-by-1.c: New test.
* gcc.dg/analyzer/loop-start-down-to-end-by-step.c: New test.
* gcc.dg/analyzer/loop-start-to-end-by-step.c: New test.
* gcc.dg/analyzer/loop-start-up-to-end-by-1.c: New test.
* gcc.dg/analyzer/loop.c: Remove -fno-analyzer-state-purge.
Update expected behavior.
* gcc.dg/analyzer/malloc-1.c: Remove xfails from leak false
positives. Update expected wording of global_link.m_ptr leak.
(test_49): New test.
* gcc.dg/analyzer/malloc-4.c: Remove leak false positive. Update
expected wording of leak warning.
* gcc.dg/analyzer/malloc-in-loop.c: New test.
* gcc.dg/analyzer/malloc-ipa-8-double-free.c: Update expected path
to show call to wrapped_malloc.
* gcc.dg/analyzer/malloc-ipa-8-unchecked.c: Remove
-fanalyzer-verbose-state-changes.
* gcc.dg/analyzer/malloc-paths-9.c: Remove comment about duplicate
warnings. Remove duplicate use-after-free paths.
* gcc.dg/analyzer/malloc-vs-local-1a.c: Add dg-warning for deref
of unchecked pointer. Update expected number of enodes.
* gcc.dg/analyzer/malloc-vs-local-2.c: Likewise.
* gcc.dg/analyzer/malloc-vs-local-3.c: Add dg-warning for deref of
unchecked pointer. Update expected number of enodes. Avoid
overspecifying the leak message.
* gcc.dg/analyzer/memset-1.c: New test.
* gcc.dg/analyzer/paths-3.c: Update expected number of enodes.
* gcc.dg/analyzer/paths-4.c: Likewise.
* gcc.dg/analyzer/paths-6.c: Likewise.
* gcc.dg/analyzer/paths-7.c: Likewise.
* gcc.dg/analyzer/pr93032-mztools-simplified.c: New test.
* gcc.dg/analyzer/pr93032-mztools.c: New test.
* gcc.dg/analyzer/pr93382.c: Mark taint tests as failing.
* gcc.dg/analyzer/pr93938.c: New test.
* gcc.dg/analyzer/pr94099.c: Replace uninit dg-warning with
dg-warning for NULL dereference.
* gcc.dg/analyzer/pr94399.c: New test.
* gcc.dg/analyzer/pr94447.c: Add dg-warning for NULL dereference.
* gcc.dg/analyzer/pr94458.c: New test.
* gcc.dg/analyzer/pr94640.c: New test.
* gcc.dg/analyzer/pr94688.c: New test.
* gcc.dg/analyzer/pr94689.c: New test.
* gcc.dg/analyzer/pr94839.c: New test.
* gcc.dg/analyzer/pr95026.c: New test.
* gcc.dg/analyzer/pr95240.c: New test.
* gcc.dg/analyzer/refcounting-1.c: New test.
* gcc.dg/analyzer/single-field.c: New test.
* gcc.dg/analyzer/stale-frame-1.c: New test.
* gcc.dg/analyzer/symbolic-1.c: New test.
* gcc.dg/analyzer/symbolic-2.c: New test.
* gcc.dg/analyzer/symbolic-3.c: New test.
* gcc.dg/analyzer/symbolic-4.c: New test.
* gcc.dg/analyzer/symbolic-5.c: New test.
* gcc.dg/analyzer/symbolic-6.c: New test.
* gcc.dg/analyzer/taint-1.c: Mark the "gets unchecked value"
events as failing for now. Update dg-message directives to avoid
relying on numbering.
* gcc.dg/analyzer/torture/loop-inc-ptr-1.c: New test.
* gcc.dg/analyzer/torture/loop-inc-ptr-2.c: New test.
* gcc.dg/analyzer/torture/loop-inc-ptr-3.c: New test.
* gcc.dg/analyzer/unknown-fns-2.c: New test.
* gcc.dg/analyzer/unknown-fns-3.c: New test.
* gcc.dg/analyzer/unknown-fns-4.c: New test.
* gcc.dg/analyzer/unknown-fns.c: Update dg-warning to reflect fixed
source location for leak diagnostic.
* gcc.dg/analyzer/use-after-free.c: New test.
* gcc.dg/analyzer/vla-1.c: New test.
* gcc.dg/analyzer/zlib-4.c: Rewrite to avoid "exit" calls. Add
expected leak warnings.
* gfortran.dg/analyzer/pr93993.f90: Remove leak of tm warning,
which seems to have been a false positive.
|
|
Warn about using exit in signal handler and suggest _exit as alternative.
gcc/analyzer/ChangeLog:
* sm-signal.cc(signal_unsafe_call::emit): Possibly add
gcc_rich_location note for replacement.
(signal_unsafe_call::get_replacement_fn): New private function.
(get_async_signal_unsafe_fns): Add "exit".
gcc/testsuite/ChangeLog:
* gcc.dg/analyzer/signal-exit.c: New testcase.
|
|
|
|
Changed in v2:
- rename from warning_with_metadata_at to warning_meta
- fix test plugins
While C++ can have overloads, xgettext can't deal with overloads that have
different argument positions, leading to two failures in "make gcc.pot":
emit_diagnostic_valist used incompatibly as both
--keyword=emit_diagnostic_valist:4
--flag=emit_diagnostic_valist:4:gcc-internal-format and
--keyword=emit_diagnostic_valist:5
--flag=emit_diagnostic_valist:5:gcc-internal-format
warning_at used incompatibly as both
--keyword=warning_at:3 --flag=warning_at:3:gcc-internal-format and
--keyword=warning_at:4 --flag=warning_at:4:gcc-internal-format
The emit_diagnostic_valist overload isn't used anywhere (I think it's
a leftover from an earlier iteration of the analyzer patch kit).
The warning_at overload is used throughout the analyzer but nowhere else.
Ideally I'd like to consolidate this argument with something
constructable in various ways:
- from a metadata and an int or
- from an int (or, better an "enum opt_code"),
so that the overload happens when implicitly choosing the ctor, but
that feels like stage 1 material.
In the meantime, fix xgettext by deleting the unused overload and
renaming the used one.
gcc/analyzer/ChangeLog:
* region-model.cc (poisoned_value_diagnostic::emit): Update for
renaming of warning_at overload to warning_meta.
* sm-file.cc (file_leak::emit): Likewise.
* sm-malloc.cc (double_free::emit): Likewise.
(possible_null_deref::emit): Likewise.
(possible_null_arg::emit): Likewise.
(null_deref::emit): Likewise.
(null_arg::emit): Likewise.
(use_after_free::emit): Likewise.
(malloc_leak::emit): Likewise.
(free_of_non_heap::emit): Likewise.
* sm-sensitive.cc (exposure_through_output_file::emit): Likewise.
* sm-signal.cc (signal_unsafe_call::emit): Likewise.
* sm-taint.cc (tainted_array_index::emit): Likewise.
gcc/ChangeLog:
* diagnostic-core.h (warning_at): Rename overload to...
(warning_meta): ...this.
(emit_diagnostic_valist): Delete decl of overload taking
diagnostic_metadata.
* diagnostic.c (emit_diagnostic_valist): Likewise for defn.
(warning_at): Rename overload taking diagnostic_metadata to...
(warning_meta): ...this.
gcc/testsuite/ChangeLog:
* gcc.dg/plugin/diagnostic_plugin_test_metadata.c: Update for
renaming of warning_at overload to warning_meta.
* gcc.dg/plugin/diagnostic_plugin_test_paths.c: Likewise.
|
|
When adding namespaces to the analyzer in
r10-6151-g75038aa6aa5b562e6358108619d66ef2ccab9a53
I messed up the nesting of the #endif for #if CHECKING_P
and the closing of namespace ana.
This patch fixes it.
gcc/analyzer/ChangeLog:
* sm-signal.cc: Fix nesting of CHECKING_P and namespace ana.
|
|
PR analyzer/93307 reports that in an LTO bootstrap, there are ODR
violations between:
- the "region" type:
gcc/analyzer/region-model.h:792
vs:
gcc/sched-int.h:1443
- the "constraint" type:
gcc/analyzer/constraint-manager.h:121
vs:
gcc/tree-ssa-structalias.c:533
This patches solves this clash by putting all of the analyzer names
within a namespace. I chose "ana" as it is short (to save typing).
The analyzer selftests are moved from namespace "selftest" to
"ana::selftest".
There are various places where the namespace has to be closed
and reopened, to allow e.g. for specializations of templates
in the global namespace.
gcc/analyzer/ChangeLog:
PR analyzer/93307
* analysis-plan.h: Wrap everything namespace "ana".
* analyzer-logging.cc: Likewise.
* analyzer-logging.h: Likewise.
* analyzer-pass.cc (pass_analyzer::execute): Update for "ana"
namespace.
* analyzer-selftests.cc: Wrap everything namespace "ana".
* analyzer-selftests.h: Likewise.
* analyzer.h: Likewise for forward decls of types.
* call-string.h: Likewise.
* checker-path.cc: Likewise.
* checker-path.h: Likewise.
* constraint-manager.cc: Likewise.
* constraint-manager.h: Likewise.
* diagnostic-manager.cc: Likewise.
* diagnostic-manager.h: Likewise.
* engine.cc: Likewise.
* engine.h: Likewise.
* exploded-graph.h: Likewise.
* function-set.cc: Likewise.
* function-set.h: Likewise.
* pending-diagnostic.cc: Likewise.
* pending-diagnostic.h: Likewise.
* program-point.cc: Likewise.
* program-point.h: Likewise.
* program-state.cc: Likewise.
* program-state.h: Likewise.
* region-model.cc: Likewise.
* region-model.h: Likewise.
* sm-file.cc: Likewise.
* sm-malloc.cc: Likewise.
* sm-pattern-test.cc: Likewise.
* sm-sensitive.cc: Likewise.
* sm-signal.cc: Likewise.
* sm-taint.cc: Likewise.
* sm.cc: Likewise.
* sm.h: Likewise.
* state-purge.h: Likewise.
* supergraph.cc: Likewise.
* supergraph.h: Likewise.
gcc/ChangeLog:
PR analyzer/93307
* gdbinit.in (break-on-saved-diagnostic): Update for move of
diagnostic_manager into "ana" namespace.
* selftest-run-tests.c (selftest::run_tests): Update for move of
selftest::run_analyzer_selftests to
ana::selftest::run_analyzer_selftests.
|
|
This patch uses the class function_set from the previous patch to
generalize the test for an fprintf inside a signal handler to
check for a set of known async-signal-unsafe functions.
gcc/analyzer/ChangeLog:
* analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
selftest::analyzer_sm_signal_cc_tests.
* analyzer-selftests.h (selftest::analyzer_sm_signal_cc_tests):
New decl.
* sm-signal.cc: Include "analyzer/function-set.h" and
"analyzer/analyzer-selftests.h".
(get_async_signal_unsafe_fns): New function.
(signal_unsafe_p): Reimplement in terms of the above.
(selftest::analyzer_sm_signal_cc_tests): New function.
gcc/testsuite/ChangeLog:
* gcc.dg/analyzer/signal-5.c: New test.
|
|
This patch adds a static analysis pass to the middle-end, focusing
for this release on C code, and malloc/free issues in particular.
See:
https://gcc.gnu.org/wiki/DavidMalcolm/StaticAnalyzer
gcc/ChangeLog:
* Makefile.in (lang_opt_files): Add analyzer.opt.
(ANALYZER_OBJS): New.
(OBJS): Add digraph.o, graphviz.o, ordered-hash-map-tests.o,
tristate.o and ANALYZER_OBJS.
(TEXI_GCCINT_FILES): Add analyzer.texi.
* common.opt (-fanalyzer): New driver option.
* config.in: Regenerate.
* configure: Regenerate.
* configure.ac (--disable-analyzer, ENABLE_ANALYZER): New option.
(gccdepdir): Also create depdir for "analyzer" subdir.
* digraph.cc: New file.
* digraph.h: New file.
* doc/analyzer.texi: New file.
* doc/gccint.texi ("Static Analyzer") New menu item.
(analyzer.texi): Include it.
* doc/invoke.texi ("Static Analyzer Options"): New list and new section.
("Warning Options"): Add static analysis warnings to the list.
(-Wno-analyzer-double-fclose): New option.
(-Wno-analyzer-double-free): New option.
(-Wno-analyzer-exposure-through-output-file): New option.
(-Wno-analyzer-file-leak): New option.
(-Wno-analyzer-free-of-non-heap): New option.
(-Wno-analyzer-malloc-leak): New option.
(-Wno-analyzer-possible-null-argument): New option.
(-Wno-analyzer-possible-null-dereference): New option.
(-Wno-analyzer-null-argument): New option.
(-Wno-analyzer-null-dereference): New option.
(-Wno-analyzer-stale-setjmp-buffer): New option.
(-Wno-analyzer-tainted-array-index): New option.
(-Wno-analyzer-use-after-free): New option.
(-Wno-analyzer-use-of-pointer-in-stale-stack-frame): New option.
(-Wno-analyzer-use-of-uninitialized-value): New option.
(-Wanalyzer-too-complex): New option.
(-fanalyzer-call-summaries): New warning.
(-fanalyzer-checker=): New warning.
(-fanalyzer-fine-grained): New warning.
(-fno-analyzer-state-merge): New warning.
(-fno-analyzer-state-purge): New warning.
(-fanalyzer-transitivity): New warning.
(-fanalyzer-verbose-edges): New warning.
(-fanalyzer-verbose-state-changes): New warning.
(-fanalyzer-verbosity=): New warning.
(-fdump-analyzer): New warning.
(-fdump-analyzer-callgraph): New warning.
(-fdump-analyzer-exploded-graph): New warning.
(-fdump-analyzer-exploded-nodes): New warning.
(-fdump-analyzer-exploded-nodes-2): New warning.
(-fdump-analyzer-exploded-nodes-3): New warning.
(-fdump-analyzer-supergraph): New warning.
* doc/sourcebuild.texi (dg-require-dot): New.
(dg-check-dot): New.
* gdbinit.in (break-on-saved-diagnostic): New command.
* graphviz.cc: New file.
* graphviz.h: New file.
* ordered-hash-map-tests.cc: New file.
* ordered-hash-map.h: New file.
* passes.def (pass_analyzer): Add before
pass_ipa_whole_program_visibility.
* selftest-run-tests.c (selftest::run_tests): Call
selftest::ordered_hash_map_tests_cc_tests.
* selftest.h (selftest::ordered_hash_map_tests_cc_tests): New
decl.
* shortest-paths.h: New file.
* timevar.def (TV_ANALYZER): New timevar.
(TV_ANALYZER_SUPERGRAPH): Likewise.
(TV_ANALYZER_STATE_PURGE): Likewise.
(TV_ANALYZER_PLAN): Likewise.
(TV_ANALYZER_SCC): Likewise.
(TV_ANALYZER_WORKLIST): Likewise.
(TV_ANALYZER_DUMP): Likewise.
(TV_ANALYZER_DIAGNOSTICS): Likewise.
(TV_ANALYZER_SHORTEST_PATHS): Likewise.
* tree-pass.h (make_pass_analyzer): New decl.
* tristate.cc: New file.
* tristate.h: New file.
gcc/analyzer/ChangeLog:
* ChangeLog: New file.
* analyzer-selftests.cc: New file.
* analyzer-selftests.h: New file.
* analyzer.opt: New file.
* analysis-plan.cc: New file.
* analysis-plan.h: New file.
* analyzer-logging.cc: New file.
* analyzer-logging.h: New file.
* analyzer-pass.cc: New file.
* analyzer.cc: New file.
* analyzer.h: New file.
* call-string.cc: New file.
* call-string.h: New file.
* checker-path.cc: New file.
* checker-path.h: New file.
* constraint-manager.cc: New file.
* constraint-manager.h: New file.
* diagnostic-manager.cc: New file.
* diagnostic-manager.h: New file.
* engine.cc: New file.
* engine.h: New file.
* exploded-graph.h: New file.
* pending-diagnostic.cc: New file.
* pending-diagnostic.h: New file.
* program-point.cc: New file.
* program-point.h: New file.
* program-state.cc: New file.
* program-state.h: New file.
* region-model.cc: New file.
* region-model.h: New file.
* sm-file.cc: New file.
* sm-malloc.cc: New file.
* sm-malloc.dot: New file.
* sm-pattern-test.cc: New file.
* sm-sensitive.cc: New file.
* sm-signal.cc: New file.
* sm-taint.cc: New file.
* sm.cc: New file.
* sm.h: New file.
* state-purge.cc: New file.
* state-purge.h: New file.
* supergraph.cc: New file.
* supergraph.h: New file.
gcc/testsuite/ChangeLog:
* gcc.dg/analyzer/CVE-2005-1689-minimal.c: New test.
* gcc.dg/analyzer/abort.c: New test.
* gcc.dg/analyzer/alloca-leak.c: New test.
* gcc.dg/analyzer/analyzer-decls.h: New header.
* gcc.dg/analyzer/analyzer-verbosity-0.c: New test.
* gcc.dg/analyzer/analyzer-verbosity-1.c: New test.
* gcc.dg/analyzer/analyzer-verbosity-2.c: New test.
* gcc.dg/analyzer/analyzer.exp: New suite.
* gcc.dg/analyzer/attribute-nonnull.c: New test.
* gcc.dg/analyzer/call-summaries-1.c: New test.
* gcc.dg/analyzer/conditionals-2.c: New test.
* gcc.dg/analyzer/conditionals-3.c: New test.
* gcc.dg/analyzer/conditionals-notrans.c: New test.
* gcc.dg/analyzer/conditionals-trans.c: New test.
* gcc.dg/analyzer/data-model-1.c: New test.
* gcc.dg/analyzer/data-model-2.c: New test.
* gcc.dg/analyzer/data-model-3.c: New test.
* gcc.dg/analyzer/data-model-4.c: New test.
* gcc.dg/analyzer/data-model-5.c: New test.
* gcc.dg/analyzer/data-model-5b.c: New test.
* gcc.dg/analyzer/data-model-5c.c: New test.
* gcc.dg/analyzer/data-model-5d.c: New test.
* gcc.dg/analyzer/data-model-6.c: New test.
* gcc.dg/analyzer/data-model-7.c: New test.
* gcc.dg/analyzer/data-model-8.c: New test.
* gcc.dg/analyzer/data-model-9.c: New test.
* gcc.dg/analyzer/data-model-11.c: New test.
* gcc.dg/analyzer/data-model-12.c: New test.
* gcc.dg/analyzer/data-model-13.c: New test.
* gcc.dg/analyzer/data-model-14.c: New test.
* gcc.dg/analyzer/data-model-15.c: New test.
* gcc.dg/analyzer/data-model-16.c: New test.
* gcc.dg/analyzer/data-model-17.c: New test.
* gcc.dg/analyzer/data-model-18.c: New test.
* gcc.dg/analyzer/data-model-19.c: New test.
* gcc.dg/analyzer/data-model-path-1.c: New test.
* gcc.dg/analyzer/disabling.c: New test.
* gcc.dg/analyzer/dot-output.c: New test.
* gcc.dg/analyzer/double-free-lto-1-a.c: New test.
* gcc.dg/analyzer/double-free-lto-1-b.c: New test.
* gcc.dg/analyzer/double-free-lto-1.h: New header.
* gcc.dg/analyzer/equivalence.c: New test.
* gcc.dg/analyzer/explode-1.c: New test.
* gcc.dg/analyzer/explode-2.c: New test.
* gcc.dg/analyzer/factorial.c: New test.
* gcc.dg/analyzer/fibonacci.c: New test.
* gcc.dg/analyzer/fields.c: New test.
* gcc.dg/analyzer/file-1.c: New test.
* gcc.dg/analyzer/file-2.c: New test.
* gcc.dg/analyzer/function-ptr-1.c: New test.
* gcc.dg/analyzer/function-ptr-2.c: New test.
* gcc.dg/analyzer/function-ptr-3.c: New test.
* gcc.dg/analyzer/gzio-2.c: New test.
* gcc.dg/analyzer/gzio-3.c: New test.
* gcc.dg/analyzer/gzio-3a.c: New test.
* gcc.dg/analyzer/gzio.c: New test.
* gcc.dg/analyzer/infinite-recursion.c: New test.
* gcc.dg/analyzer/loop-2.c: New test.
* gcc.dg/analyzer/loop-2a.c: New test.
* gcc.dg/analyzer/loop-3.c: New test.
* gcc.dg/analyzer/loop-4.c: New test.
* gcc.dg/analyzer/loop.c: New test.
* gcc.dg/analyzer/malloc-1.c: New test.
* gcc.dg/analyzer/malloc-2.c: New test.
* gcc.dg/analyzer/malloc-3.c: New test.
* gcc.dg/analyzer/malloc-callbacks.c: New test.
* gcc.dg/analyzer/malloc-dce.c: New test.
* gcc.dg/analyzer/malloc-dedupe-1.c: New test.
* gcc.dg/analyzer/malloc-ipa-1.c: New test.
* gcc.dg/analyzer/malloc-ipa-10.c: New test.
* gcc.dg/analyzer/malloc-ipa-11.c: New test.
* gcc.dg/analyzer/malloc-ipa-12.c: New test.
* gcc.dg/analyzer/malloc-ipa-13.c: New test.
* gcc.dg/analyzer/malloc-ipa-2.c: New test.
* gcc.dg/analyzer/malloc-ipa-3.c: New test.
* gcc.dg/analyzer/malloc-ipa-4.c: New test.
* gcc.dg/analyzer/malloc-ipa-5.c: New test.
* gcc.dg/analyzer/malloc-ipa-6.c: New test.
* gcc.dg/analyzer/malloc-ipa-7.c: New test.
* gcc.dg/analyzer/malloc-ipa-8-double-free.c: New test.
* gcc.dg/analyzer/malloc-ipa-8-lto-a.c: New test.
* gcc.dg/analyzer/malloc-ipa-8-lto-b.c: New test.
* gcc.dg/analyzer/malloc-ipa-8-lto-c.c: New test.
* gcc.dg/analyzer/malloc-ipa-8-lto.h: New test.
* gcc.dg/analyzer/malloc-ipa-8-unchecked.c: New test.
* gcc.dg/analyzer/malloc-ipa-9.c: New test.
* gcc.dg/analyzer/malloc-macro-inline-events.c: New test.
* gcc.dg/analyzer/malloc-macro-separate-events.c: New test.
* gcc.dg/analyzer/malloc-macro.h: New header.
* gcc.dg/analyzer/malloc-many-paths-1.c: New test.
* gcc.dg/analyzer/malloc-many-paths-2.c: New test.
* gcc.dg/analyzer/malloc-many-paths-3.c: New test.
* gcc.dg/analyzer/malloc-paths-1.c: New test.
* gcc.dg/analyzer/malloc-paths-10.c: New test.
* gcc.dg/analyzer/malloc-paths-2.c: New test.
* gcc.dg/analyzer/malloc-paths-3.c: New test.
* gcc.dg/analyzer/malloc-paths-4.c: New test.
* gcc.dg/analyzer/malloc-paths-5.c: New test.
* gcc.dg/analyzer/malloc-paths-6.c: New test.
* gcc.dg/analyzer/malloc-paths-7.c: New test.
* gcc.dg/analyzer/malloc-paths-8.c: New test.
* gcc.dg/analyzer/malloc-paths-9.c: New test.
* gcc.dg/analyzer/malloc-vs-local-1a.c: New test.
* gcc.dg/analyzer/malloc-vs-local-1b.c: New test.
* gcc.dg/analyzer/malloc-vs-local-2.c: New test.
* gcc.dg/analyzer/malloc-vs-local-3.c: New test.
* gcc.dg/analyzer/malloc-vs-local-4.c: New test.
* gcc.dg/analyzer/operations.c: New test.
* gcc.dg/analyzer/params-2.c: New test.
* gcc.dg/analyzer/params.c: New test.
* gcc.dg/analyzer/paths-1.c: New test.
* gcc.dg/analyzer/paths-1a.c: New test.
* gcc.dg/analyzer/paths-2.c: New test.
* gcc.dg/analyzer/paths-3.c: New test.
* gcc.dg/analyzer/paths-4.c: New test.
* gcc.dg/analyzer/paths-5.c: New test.
* gcc.dg/analyzer/paths-6.c: New test.
* gcc.dg/analyzer/paths-7.c: New test.
* gcc.dg/analyzer/pattern-test-1.c: New test.
* gcc.dg/analyzer/pattern-test-2.c: New test.
* gcc.dg/analyzer/pointer-merging.c: New test.
* gcc.dg/analyzer/pr61861.c: New test.
* gcc.dg/analyzer/pragma-1.c: New test.
* gcc.dg/analyzer/scope-1.c: New test.
* gcc.dg/analyzer/sensitive-1.c: New test.
* gcc.dg/analyzer/setjmp-1.c: New test.
* gcc.dg/analyzer/setjmp-2.c: New test.
* gcc.dg/analyzer/setjmp-3.c: New test.
* gcc.dg/analyzer/setjmp-4.c: New test.
* gcc.dg/analyzer/setjmp-5.c: New test.
* gcc.dg/analyzer/setjmp-6.c: New test.
* gcc.dg/analyzer/setjmp-7.c: New test.
* gcc.dg/analyzer/setjmp-7a.c: New test.
* gcc.dg/analyzer/setjmp-8.c: New test.
* gcc.dg/analyzer/setjmp-9.c: New test.
* gcc.dg/analyzer/signal-1.c: New test.
* gcc.dg/analyzer/signal-2.c: New test.
* gcc.dg/analyzer/signal-3.c: New test.
* gcc.dg/analyzer/signal-4a.c: New test.
* gcc.dg/analyzer/signal-4b.c: New test.
* gcc.dg/analyzer/strcmp-1.c: New test.
* gcc.dg/analyzer/switch.c: New test.
* gcc.dg/analyzer/taint-1.c: New test.
* gcc.dg/analyzer/zlib-1.c: New test.
* gcc.dg/analyzer/zlib-2.c: New test.
* gcc.dg/analyzer/zlib-3.c: New test.
* gcc.dg/analyzer/zlib-4.c: New test.
* gcc.dg/analyzer/zlib-5.c: New test.
* gcc.dg/analyzer/zlib-6.c: New test.
* lib/gcc-defs.exp (dg-check-dot): New procedure.
* lib/target-supports.exp (check_dot_available): New procedure.
(check_effective_target_analyzer): New.
* lib/target-supports-dg.exp (dg-require-dot): New procedure.
|
