12020-07-23 Release Manager 2 3 * GCC 10.2.0 released. 4 52020-05-07 Release Manager 6 7 * GCC 10.1.0 released. 8 92020-04-28 David Malcolm <dmalcolm@redhat.com> 10 11 PR analyzer/94816 12 * engine.cc (impl_region_model_context::on_unexpected_tree_code): 13 Handle NULL tree. 14 * region-model.cc (region_model::add_region_for_type): Handle 15 NULL type. 16 * region-model.h 17 (test_region_model_context::on_unexpected_tree_code): Handle NULL 18 tree. 19 202020-04-28 David Malcolm <dmalcolm@redhat.com> 21 22 PR analyzer/94447 23 PR analyzer/94639 24 PR analyzer/94732 25 PR analyzer/94754 26 * analyzer.opt (Wanalyzer-use-of-uninitialized-value): Delete. 27 * program-state.cc (selftest::test_program_state_dumping): Update 28 expected dump result for removal of "uninit". 29 * region-model.cc (poison_kind_to_str): Delete POISON_KIND_UNINIT 30 case. 31 (root_region::ensure_stack_region): Initialize stack with null 32 svalue_id rather than with a typeless POISON_KIND_UNINIT value. 33 (root_region::ensure_heap_region): Likewise for the heap. 34 (region_model::dump_summary_of_rep_path_vars): Remove 35 summarization of uninit values. 36 (region_model::validate): Remove check that the stack has a 37 POISON_KIND_UNINIT value. 38 (poisoned_value_diagnostic::emit): Remove POISON_KIND_UNINIT 39 case. 40 (poisoned_value_diagnostic::describe_final_event): Likewise. 41 (selftest::test_dump): Update expected dump result for removal of 42 "uninit". 43 (selftest::test_svalue_equality): Remove "uninit" and "freed". 44 * region-model.h (enum poison_kind): Remove POISON_KIND_UNINIT. 45 462020-04-01 David Malcolm <dmalcolm@redhat.com> 47 48 PR analyzer/94378 49 * checker-path.cc: Include "bitmap.h". 50 * constraint-manager.cc: Likewise. 51 * diagnostic-manager.cc: Likewise. 52 * engine.cc: Likewise. 53 (exploded_node::detect_leaks): Pass null region_id to pop_frame. 54 * program-point.cc: Include "bitmap.h". 55 * program-state.cc: Likewise. 56 * region-model.cc (id_set<region_id>::id_set): Convert to... 57 (region_id_set::region_id_set): ...this. 58 (svalue_id_set::svalue_id_set): New ctor. 59 (region_model::copy_region): New function. 60 (region_model::copy_struct_region): New function. 61 (region_model::copy_union_region): New function. 62 (region_model::copy_array_region): New function. 63 (stack_region::pop_frame): Drop return value. Add 64 "result_dst_rid" param; if it is non-null, use copy_region to copy 65 the result to it. Rather than capture and pass a single "known 66 used" return value to be used by purge_unused_values, instead 67 gather and pass a set of known used return values. 68 (root_region::pop_frame): Drop return value. Add "result_dst_rid" 69 param. 70 (region_model::on_assignment): Use copy_region. 71 (region_model::on_return): Likewise for the result. 72 (region_model::on_longjmp): Pass null for pop_frame's 73 result_dst_rid. 74 (region_model::update_for_return_superedge): Pass the region for the 75 return value of the call, if any, to pop_frame, rather than setting 76 the lvalue for the lhs of the result. 77 (region_model::pop_frame): Drop return value. Add 78 "result_dst_rid" param. 79 (region_model::purge_unused_svalues): Convert third param from an 80 svalue_id * to an svalue_id_set *, updating the initial populating 81 of the "used" bitmap accordingly. Don't remap it when done. 82 (struct selftest::coord_test): New selftest fixture, extracted from... 83 (selftest::test_dump_2): ...here. 84 (selftest::test_compound_assignment): New selftest. 85 (selftest::test_stack_frames): Pass null to new param of pop_frame. 86 (selftest::analyzer_region_model_cc_tests): Call the new selftest. 87 * region-model.h (class id_set): Delete template. 88 (class region_id_set): Reimplement, using old id_set implementation. 89 (class svalue_id_set): Likewise. Convert from auto_sbitmap to 90 auto_bitmap. 91 (region::get_active_view): New accessor. 92 (stack_region::pop_frame): Drop return value. Add 93 "result_dst_rid" param. 94 (root_region::pop_frame): Likewise. 95 (region_model::pop_frame): Likewise. 96 (region_model::copy_region): New decl. 97 (region_model::purge_unused_svalues): Convert third param from an 98 svalue_id * to an svalue_id_set *. 99 (region_model::copy_struct_region): New decl. 100 (region_model::copy_union_region): New decl. 101 (region_model::copy_array_region): New decl. 102 1032020-03-27 David Malcolm <dmalcolm@redhat.com> 104 105 * program-state.cc (selftest::test_program_state_dumping): Update 106 expected dump to include symbolic_region's possibly_null field. 107 * region-model.cc (symbolic_region::print_fields): New vfunc 108 implementation. 109 (region_model::add_constraint): Clear m_possibly_null from 110 symbolic_regions now known to be non-NULL. 111 (selftest::test_malloc_constraints): New selftest. 112 (selftest::analyzer_region_model_cc_tests): Call it. 113 * region-model.h (region::dyn_cast_symbolic_region): Add non-const 114 overload. 115 (symbolic_region::dyn_cast_symbolic_region): Implement it. 116 (symbolic_region::print_fields): New vfunc override decl. 117 1182020-03-27 David Malcolm <dmalcolm@redhat.com> 119 120 * analyzer.h (class feasibility_problem): New forward decl. 121 * diagnostic-manager.cc (saved_diagnostic::saved_diagnostic): 122 Initialize new fields m_status, m_epath_length, and m_problem. 123 (saved_diagnostic::~saved_diagnostic): Delete m_problem. 124 (dedupe_candidate::dedupe_candidate): Convert "sd" param from a 125 const ref to a mutable ptr. 126 (dedupe_winners::add): Convert "sd" param from a const ref to a 127 mutable ptr. Record the length of the exploded_path. Record the 128 feasibility/infeasibility of sd into sd, capturing a 129 feasibility_problem when feasible_p fails, and storing it in sd. 130 (diagnostic_manager::emit_saved_diagnostics): Update for pass by 131 ptr rather than by const ref. 132 * diagnostic-manager.h (class saved_diagnostic): Add new enum 133 status. Add fields m_status, m_epath_length and m_problem. 134 (saved_diagnostic::set_feasible): New member function. 135 (saved_diagnostic::set_infeasible): New member function. 136 (saved_diagnostic::get_feasibility_problem): New accessor. 137 (saved_diagnostic::get_status): New accessor. 138 (saved_diagnostic::set_epath_length): New member function. 139 (saved_diagnostic::get_epath_length): New accessor. 140 * engine.cc: Include "gimple-pretty-print.h". 141 (exploded_path::feasible_p): Add OUT param and, if non-NULL, write 142 a new feasibility_problem to it on failure. 143 (viz_callgraph_node::dump_dot): Convert begin_tr calls to 144 begin_trtd. Convert end_tr calls to end_tdtr. 145 (class exploded_graph_annotator): New subclass of dot_annotator. 146 (impl_run_checkers): Add a second -fdump-analyzer-supergraph dump 147 after the analysis runs, using exploded_graph_annotator. dumping 148 to DUMP_BASE_NAME.supergraph-eg.dot. 149 * exploded-graph.h (exploded_node::get_dot_fillcolor): Make 150 public. 151 (exploded_path::feasible_p): Add OUT param. 152 (class feasibility_problem): New class. 153 * state-purge.cc (state_purge_annotator::add_node_annotations): 154 Return a bool, add a "within_table" param. 155 (print_vec_of_names): Convert begin_tr calls to begin_trtd. 156 Convert end_tr calls to end_tdtr. 157 (state_purge_annotator::add_stmt_annotations): Add "within_row" 158 param. 159 * state-purge.h ((state_purge_annotator::add_node_annotations): 160 Return a bool, add a "within_table" param. 161 (state_purge_annotator::add_stmt_annotations): Add "within_row" 162 param. 163 * supergraph.cc (supernode::dump_dot): Call add_node_annotations 164 twice: as before, passing false for "within_table", then again 165 with true when within the TABLE element. Convert some begin_tr 166 calls to begin_trtd, and some end_tr calls to end_tdtr. 167 Repeat each add_stmt_annotations call, distinguishing between 168 calls that add TRs and those that add TDs to an existing TR. 169 Add a call to add_after_node_annotations. 170 * supergraph.h (dot_annotator::add_node_annotations): Add a 171 "within_table" param. 172 (dot_annotator::add_stmt_annotations): Add a "within_row" param. 173 (dot_annotator::add_after_node_annotations): New vfunc. 174 1752020-03-27 David Malcolm <dmalcolm@redhat.com> 176 177 * diagnostic-manager.cc (dedupe_winners::add): Show the 178 exploded_node index in the log messages. 179 (diagnostic_manager::emit_saved_diagnostics): Log a summary of 180 m_saved_diagnostics at entry. 181 1822020-03-27 David Malcolm <dmalcolm@redhat.com> 183 184 * supergraph.cc (superedge::dump): Add space before description; 185 move newline to non-pretty_printer overload. 186 1872020-03-18 David Malcolm <dmalcolm@redhat.com> 188 189 * region-model.cc: Include "stor-layout.h". 190 (region_model::dump_to_pp): Rather than calling 191 dump_summary_of_map on each of the current frame and the globals, 192 instead get a vec of representative path_vars for all regions, 193 and then dump a summary of all of them. 194 (region_model::dump_summary_of_map): Delete, rewriting into... 195 (region_model::dump_summary_of_rep_path_vars): ...this new 196 function, working on a vec of path_vars. 197 (region_model::set_value): New overload. 198 (region_model::get_representative_path_var): Rename 199 "parent_region" local to "parent_reg" and consolidate with other 200 local. Guard test for grandparent being stack on parent_reg being 201 non-NULL. Move handling for parent being an array_region to 202 within guard for parent_reg being non-NULL. 203 (selftest::make_test_compound_type): New function. 204 (selftest::test_dump_2): New selftest. 205 (selftest::test_dump_3): New selftest. 206 (selftest::test_stack_frames): Update expected output from 207 simplified dump to show "a" and "b" from parent frame and "y" in 208 child frame. 209 (selftest::analyzer_region_model_cc_tests): Call test_dump_2 and 210 test_dump_3. 211 * region-model.h (region_model::set_value): New overload decl. 212 (region_model::dump_summary_of_map): Delete. 213 (region_model::dump_summary_of_rep_path_vars): New. 214 2152020-03-18 David Malcolm <dmalcolm@redhat.com> 216 217 * region-model.h (class noop_region_model_context): New subclass 218 of region_model_context. 219 (class tentative_region_model_context): Inherit from 220 noop_region_model_context rather than from region_model_context; 221 drop redundant vfunc implementations. 222 (class test_region_model_context): Likewise. 223 2242020-03-18 David Malcolm <dmalcolm@redhat.com> 225 226 * engine.cc (exploded_node::exploded_node): Move implementation 227 here from header; accept point_and_state by const reference rather 228 than by value. 229 * exploded-graph.h (exploded_node::exploded_node): Pass 230 point_and_state by const reference rather than by value. Move 231 body to engine.cc. 232 2332020-03-18 Jakub Jelinek <jakub@redhat.com> 234 235 * sm-malloc.cc (malloc_state_machine::on_stmt): Fix up duplicated word 236 issue in a comment. 237 * region-model.cc (region_model::make_region_for_unexpected_tree_code, 238 region_model::delete_region_and_descendents): Likewise. 239 * engine.cc (class exploded_cluster): Likewise. 240 * diagnostic-manager.cc (class path_builder): Likewise. 241 2422020-03-13 David Malcolm <dmalcolm@redhat.com> 243 244 PR analyzer/94099 245 PR analyzer/94105 246 * diagnostic-manager.cc (for_each_state_change): Bulletproof 247 against errors in get_rvalue by passing a 248 tentative_region_model_context and rejecting if there's an error. 249 * region-model.cc (region_model::get_lvalue_1): When handling 250 ARRAY_REF, handle results of error-handling. Handle NOP_EXPR. 251 2522020-03-06 David Malcolm <dmalcolm@redhat.com> 253 254 * analyzer.h (class array_region): New forward decl. 255 * program-state.cc (selftest::test_program_state_dumping_2): New. 256 (selftest::analyzer_program_state_cc_tests): Call it. 257 * region-model.cc (array_region::constant_from_key): New. 258 (region_model::get_representative_tree): Handle region_svalue by 259 generating an ADDR_EXPR. 260 (region_model::get_representative_path_var): In view handling, 261 remove erroneous TREE_TYPE when determining the type of the tree. 262 Handle array regions and STRING_CST. 263 (selftest::assert_dump_tree_eq): New. 264 (ASSERT_DUMP_TREE_EQ): New macro. 265 (selftest::test_get_representative_tree): New selftest. 266 (selftest::analyzer_region_model_cc_tests): Call it. 267 * region-model.h (region::dyn_cast_array_region): New vfunc. 268 (array_region::dyn_cast_array_region): New vfunc implementation. 269 (array_region::constant_from_key): New decl. 270 2712020-03-06 David Malcolm <dmalcolm@redhat.com> 272 273 * analyzer.h (dump_quoted_tree): New decl. 274 * engine.cc (exploded_node::dump_dot): Pass region model to 275 sm_state_map::print. 276 * program-state.cc: Include diagnostic-core.h. 277 (sm_state_map::print): Add "model" param and use it to print 278 representative trees. Only print origin information if non-null. 279 (sm_state_map::dump): Pass NULL for model to print call. 280 (program_state::print): Pass region model to sm_state_map::print. 281 (program_state::dump_to_pp): Use spaces rather than newlines when 282 summarizing. Pass region_model to sm_state_map::print. 283 (ana::selftest::assert_dump_eq): New function. 284 (ASSERT_DUMP_EQ): New macro. 285 (ana::selftest::test_program_state_dumping): New function. 286 (ana::selftest::analyzer_program_state_cc_tests): Call it. 287 * program-state.h (program_state::print): Add model param. 288 * region-model.cc (dump_quoted_tree): New function. 289 (map_region::print_fields): Use dump_quoted_tree rather than 290 %qE to avoid lang-dependent output. 291 (map_region::dump_child_label): Likewise. 292 (region_model::dump_summary_of_map): For SK_REGION, when 293 get_representative_path_var fails, print the region id rather than 294 erroneously printing NULL. 295 * sm.cc (state_machine::get_state_by_name): New function. 296 * sm.h (state_machine::get_state_by_name): New decl. 297 2982020-03-04 David Malcolm <dmalcolm@redhat.com> 299 300 * region-model.cc (region::validate): Convert model param from ptr 301 to reference. Update comment to reflect that it's now a vfunc. 302 (map_region::validate): New vfunc implementation. 303 (array_region::validate): New vfunc implementation. 304 (stack_region::validate): New vfunc implementation. 305 (root_region::validate): New vfunc implementation. 306 (region_model::validate): Pass a reference rather than a pointer 307 to the region::validate vfunc. 308 * region-model.h (region::validate): Make virtual. Convert model 309 param from ptr to reference. 310 (map_region::validate): New vfunc decl. 311 (array_region::validate): New vfunc decl. 312 (stack_region::validate): New vfunc decl. 313 (root_region::validate): New vfunc decl. 314 3152020-03-04 David Malcolm <dmalcolm@redhat.com> 316 317 PR analyzer/93993 318 * region-model.cc (region_model::on_call_pre): Handle 319 BUILT_IN_EXPECT and its variants. 320 (region_model::add_any_constraints_from_ssa_def_stmt): Split out 321 gassign handling into add_any_constraints_from_gassign; add gcall 322 handling. 323 (region_model::add_any_constraints_from_gassign): New function, 324 based on the above. Add handling for NOP_EXPR. 325 (region_model::add_any_constraints_from_gcall): New function. 326 (region_model::get_representative_path_var): Handle views. 327 * region-model.h 328 (region_model::add_any_constraints_from_ssa_def_stmt): New decl. 329 (region_model::add_any_constraints_from_gassign): New decl. 330 3312020-03-04 David Malcolm <dmalcolm@redhat.com> 332 333 PR analyzer/93993 334 * checker-path.h (state_change_event::get_lvalue): Add ctxt param 335 and pass it to region_model::get_value call. 336 * diagnostic-manager.cc (get_any_origin): Pass a 337 tentative_region_model_context to the calls to get_lvalue and reject 338 the comparison if errors occur. 339 (can_be_expr_of_interest_p): New function. 340 (diagnostic_manager::prune_for_sm_diagnostic): Replace checks for 341 CONSTANT_CLASS_P with calls to update_for_unsuitable_sm_exprs. 342 Pass a tentative_region_model_context to the calls to 343 state_change_event::get_lvalue and reject the comparison if errors 344 occur. 345 (diagnostic_manager::update_for_unsuitable_sm_exprs): New. 346 * diagnostic-manager.h 347 (diagnostic_manager::update_for_unsuitable_sm_exprs): New decl. 348 * region-model.h (class tentative_region_model_context): New class. 349 3502020-03-04 David Malcolm <dmalcolm@redhat.com> 351 352 * engine.cc (worklist::worklist): Remove unused field m_eg. 353 (class viz_callgraph_edge): Remove unused field m_call_sedge. 354 (class viz_callgraph): Remove unused field m_sg. 355 * exploded-graph.h (worklist::::m_eg): Remove unused field. 356 3572020-03-02 David Malcolm <dmalcolm@redhat.com> 358 359 * analyzer.opt (fanalyzer-show-duplicate-count): New option. 360 * diagnostic-manager.cc 361 (diagnostic_manager::emit_saved_diagnostic): Use the above to 362 guard the printing of the duplicate count. 363 3642020-03-02 David Malcolm <dmalcolm@redhat.com> 365 366 PR analyzer/93959 367 * analyzer.cc (is_std_function_p): New function. 368 (is_std_named_call_p): New functions. 369 * analyzer.h (is_std_named_call_p): New decl. 370 * sm-malloc.cc (malloc_state_machine::on_stmt): Check for "std::" 371 variants when checking for malloc, calloc and free. 372 3732020-02-26 David Malcolm <dmalcolm@redhat.com> 374 375 PR analyzer/93950 376 * diagnostic-manager.cc 377 (diagnostic_manager::prune_for_sm_diagnostic): Assert that var is 378 either NULL or not a constant. When updating var, bulletproof 379 against constant values. 380 3812020-02-26 David Malcolm <dmalcolm@redhat.com> 382 383 PR analyzer/93947 384 * region-model.cc (region_model::get_fndecl_for_call): Gracefully 385 fail for fn_decls that don't have a cgraph_node. 386 3872020-02-26 David Malcolm <dmalcolm@redhat.com> 388 389 * bar-chart.cc: New file. 390 * bar-chart.h: New file. 391 * engine.cc: Include "analyzer/bar-chart.h". 392 (stats::log): Only log the m_num_nodes kinds that are non-zero. 393 (stats::dump): Likewise when dumping. 394 (stats::get_total_enodes): New. 395 (exploded_graph::get_or_create_node): Increment the per-point-data 396 m_excess_enodes when hitting the per-program-point limit on 397 enodes. 398 (exploded_graph::print_bar_charts): New. 399 (exploded_graph::log_stats): Log the number of unprocessed enodes 400 in the worklist. Call print_bar_charts. 401 (exploded_graph::dump_stats): Print the number of unprocessed 402 enodes in the worklist. 403 * exploded-graph.h (stats::get_total_enodes): New decl. 404 (struct per_program_point_data): Add field m_excess_enodes. 405 (exploded_graph::print_bar_charts): New decl. 406 * supergraph.cc (superedge::dump): New. 407 (superedge::dump): New. 408 * supergraph.h (supernode::get_function): New. 409 (superedge::dump): New decl. 410 (superedge::dump): New decl. 411 4122020-02-24 David Malcolm <dmalcolm@redhat.com> 413 414 * engine.cc (exploded_graph::get_or_create_node): Dump the 415 program_state to the pp, rather than to stderr. 416 4172020-02-24 David Malcolm <dmalcolm@redhat.com> 418 419 PR analyzer/93032 420 * sm.cc (make_checkers): Require the "taint" checker to be 421 explicitly enabled. 422 4232020-02-24 David Malcolm <dmalcolm@redhat.com> 424 425 PR analyzer/93899 426 * engine.cc 427 (impl_region_model_context::impl_region_model_context): Add logger 428 param. 429 * engine.cc (exploded_graph::add_function_entry): Create an 430 impl_region_model_context and pass it to the push_frame call. 431 Bail if the resulting state is invalid. 432 (exploded_graph::build_initial_worklist): Likewise. 433 (exploded_graph::build_initial_worklist): Handle the case where 434 add_function_entry fails. 435 * exploded-graph.h 436 (impl_region_model_context::impl_region_model_context): Add logger 437 param. 438 * region-model.cc (map_region::get_or_create): Add ctxt param and 439 pass it to add_region_for_type. 440 (map_region::can_merge_p): Pass NULL as a ctxt to call to 441 get_or_create. 442 (array_region::get_element): Pass ctxt to call to get_or_create. 443 (array_region::get_or_create): Add ctxt param and pass it to 444 add_region_for_type. 445 (root_region::push_frame): Pass ctxt to get_or_create calls. 446 (region_model::get_lvalue_1): Likewise. 447 (region_model::make_region_for_unexpected_tree_code): Assert that 448 ctxt is non-NULL. 449 (region_model::get_rvalue_1): Pass ctxt to get_svalue_for_fndecl 450 and get_svalue_for_label calls. 451 (region_model::get_svalue_for_fndecl): Add ctxt param and pass it 452 to get_region_for_fndecl. 453 (region_model::get_region_for_fndecl): Add ctxt param and pass it 454 to get_or_create. 455 (region_model::get_svalue_for_label): Add ctxt param and pass it 456 to get_region_for_label. 457 (region_model::get_region_for_label): Add ctxt param and pass it 458 to get_region_for_fndecl and get_or_create. 459 (region_model::get_field_region): Add ctxt param and pass it to 460 get_or_create_view and get_or_create. 461 (make_region_for_type): Replace gcc_unreachable with return NULL. 462 (region_model::add_region_for_type): Add ctxt param. Handle a 463 return of NULL from make_region_for_type by calling 464 make_region_for_unexpected_tree_code. 465 (region_model::get_or_create_mem_ref): Pass ctxt to calls to 466 get_or_create_view. 467 (region_model::get_or_create_view): Add ctxt param and pass it to 468 add_region_for_type. 469 (selftest::test_state_merging): Pass ctxt to get_or_create_view. 470 * region-model.h (region_model::get_or_create): Add ctxt param. 471 (region_model::add_region_for_type): Likewise. 472 (region_model::get_svalue_for_fndecl): Likewise. 473 (region_model::get_svalue_for_label): Likewise. 474 (region_model::get_region_for_fndecl): Likewise. 475 (region_model::get_region_for_label): Likewise. 476 (region_model::get_field_region): Likewise. 477 (region_model::get_or_create_view): Likewise. 478 4792020-02-24 David Malcolm <dmalcolm@redhat.com> 480 481 * checker-path.cc (superedge_event::should_filter_p): Update 482 filter for empty descriptions to cover verbosity level 3 as well 483 as 2. 484 * diagnostic-manager.cc: Include "analyzer/reachability.h". 485 (class path_builder): New class. 486 (diagnostic_manager::emit_saved_diagnostic): Create a path_builder 487 and pass it to build_emission_path, rather passing eg; similarly 488 for add_events_for_eedge and ext_state. 489 (diagnostic_manager::build_emission_path): Replace "eg" param 490 with a path_builder, pass it to add_events_for_eedge. 491 (diagnostic_manager::add_events_for_eedge): Replace ext_state 492 param with path_builder; pass it to add_events_for_superedge. 493 (diagnostic_manager::significant_edge_p): New. 494 (diagnostic_manager::add_events_for_superedge): Add path_builder 495 param. Reject insignificant edges at verbosity levels below 3. 496 (diagnostic_manager::prune_for_sm_diagnostic): Update highest 497 verbosity level to 4. 498 * diagnostic-manager.h (class path_builder): New forward decl. 499 (diagnostic_manager::build_emission_path): Replace "eg" param 500 with a path_builder. 501 (diagnostic_manager::add_events_for_eedge): Replace ext_state 502 param with path_builder. 503 (diagnostic_manager::significant_edge_p): New. 504 (diagnostic_manager::add_events_for_superedge): Add path_builder 505 param. 506 * reachability.h: New file. 507 5082020-02-18 David Malcolm <dmalcolm@redhat.com> 509 510 PR analyzer/93692 511 * analyzer.opt (fdump-analyzer-callgraph): Rewrite description. 512 5132020-02-18 David Malcolm <dmalcolm@redhat.com> 514 515 PR analyzer/93777 516 * region-model.cc (region_model::maybe_cast_1): Replace assertion 517 that build_cast returns non-NULL with a conditional, falling 518 through to the logic which returns a new unknown value of the 519 desired type if it fails. 520 5212020-02-18 David Malcolm <dmalcolm@redhat.com> 522 523 PR analyzer/93778 524 * engine.cc (impl_region_model_context::on_unknown_tree_code): 525 Rename to... 526 (impl_region_model_context::on_unexpected_tree_code): ...this and 527 convert first argument from path_var to tree. 528 (exploded_node::on_stmt): Pass ctxt to purge_for_unknown_fncall. 529 * exploded-graph.h (region_model_context::on_unknown_tree_code): 530 Rename to... 531 (region_model_context::on_unexpected_tree_code): ...this and 532 convert first argument from path_var to tree. 533 * program-state.cc (sm_state_map::purge_for_unknown_fncall): Add 534 ctxt param and pass on to calls to get_rvalue. 535 * program-state.h (sm_state_map::purge_for_unknown_fncall): Add 536 ctxt param. 537 * region-model.cc (region_model::handle_unrecognized_call): Pass 538 ctxt on to call to get_rvalue. 539 (region_model::get_lvalue_1): Move body of default case to 540 region_model::make_region_for_unexpected_tree_code and call it. 541 Within COMPONENT_REF case, reject attempts to handle types other 542 than RECORD_TYPE and UNION_TYPE. 543 (region_model::make_region_for_unexpected_tree_code): New 544 function, based on default case of region_model::get_lvalue_1. 545 * region-model.h 546 (region_model::make_region_for_unexpected_tree_code): New decl. 547 (region_model::on_unknown_tree_code): Rename to... 548 (region_model::on_unexpected_tree_code): ...this and convert first 549 argument from path_var to tree. 550 (class test_region_model_context): Update vfunc implementation for 551 above change. 552 5532020-02-18 David Malcolm <dmalcolm@redhat.com> 554 555 PR analyzer/93774 556 * region-model.cc 557 (region_model::convert_byte_offset_to_array_index): Use 558 int_size_in_bytes before calling size_in_bytes, to gracefully fail 559 on incomplete types. 560 5612020-02-17 David Malcolm <dmalcolm@redhat.com> 562 563 PR analyzer/93775 564 * region-model.cc (region_model::get_fndecl_for_call): Handle the 565 case where the code_region's get_tree_for_child_region returns 566 NULL. 567 5682020-02-17 David Malcolm <dmalcolm@redhat.com> 569 570 PR analyzer/93388 571 * engine.cc (impl_region_model_context::on_unknown_tree_code): 572 New. 573 (exploded_graph::get_or_create_node): Reject invalid states. 574 * exploded-graph.h 575 (impl_region_model_context::on_unknown_tree_code): New decl. 576 (point_and_state::point_and_state): Assert that the state is 577 valid. 578 * program-state.cc (program_state::program_state): Initialize 579 m_valid to true. 580 (program_state::operator=): Copy m_valid. 581 (program_state::program_state): Likewise for move constructor. 582 (program_state::print): Print m_valid. 583 (program_state::dump_to_pp): Likewise. 584 * program-state.h (program_state::m_valid): New field. 585 * region-model.cc (region_model::get_lvalue_1): Implement the 586 default case by returning a new symbolic region and calling 587 the context's on_unknown_tree_code, rather than issuing an 588 internal_error. Implement VIEW_CONVERT_EXPR. 589 * region-model.h (region_model_context::on_unknown_tree_code): New 590 vfunc. 591 (test_region_model_context::on_unknown_tree_code): New. 592 5932020-02-17 David Malcolm <dmalcolm@redhat.com> 594 595 * sm-malloc.cc (malloc_diagnostic::describe_state_change): For 596 transition to the "null" state, only say "assuming" when 597 transitioning from the "unchecked" state. 598 5992020-02-17 David Malcolm <dmalcolm@redhat.com> 600 601 * diagnostic-manager.h (diagnostic_manager::get_saved_diagnostic): 602 Add const overload. 603 * engine.cc (exploded_node::dump_dot): Dump saved_diagnostics. 604 * exploded-graph.h (exploded_graph::get_diagnostic_manager): Add 605 const overload. 606 6072020-02-11 David Malcolm <dmalcolm@redhat.com> 608 609 PR analyzer/93288 610 * analysis-plan.cc (analysis_plan::use_summary_p): Look through 611 the ultimate_alias_target when getting the called function. 612 * engine.cc (exploded_node::on_stmt): Rename second "ctxt" to 613 "sm_ctxt". Use the region_model's get_fndecl_for_call rather than 614 gimple_call_fndecl. 615 * region-model.cc (region_model::get_fndecl_for_call): Use 616 ultimate_alias_target on fndecl. 617 * supergraph.cc (get_ultimate_function_for_cgraph_edge): New 618 function. 619 (supergraph_call_edge): Use it when rejecting edges without 620 functions. 621 (supergraph::supergraph): Use it to get the function for the 622 cgraph_edge when building interprocedural superedges. 623 (callgraph_superedge::get_callee_function): Use it. 624 * supergraph.h (supergraph::get_num_snodes): Make param const. 625 (supergraph::function_to_num_snodes_t): Make first type param 626 const. 627 6282020-02-11 David Malcolm <dmalcolm@redhat.com> 629 630 PR analyzer/93374 631 * engine.cc (exploded_edge::exploded_edge): Add ext_state param 632 and pass it to change.validate. 633 (exploded_graph::get_or_create_node): Move purging of change 634 svalues to also cover the case of reusing an existing enode. 635 (exploded_graph::add_edge): Pass m_ext_state to exploded_edge's 636 ctor. 637 * exploded-graph.h (exploded_edge::exploded_edge): Add ext_state 638 param. 639 * program-state.cc (state_change::sm_change::validate): Likewise. 640 Assert that m_sm_idx is sane. Use ext_state to validate 641 m_old_state and m_new_state. 642 (state_change::validate): Add ext_state param and pass it to 643 the sm_change validate calls. 644 * program-state.h (state_change::sm_change::validate): Add 645 ext_state param. 646 (state_change::validate): Likewise. 647 6482020-02-11 David Malcolm <dmalcolm@redhat.com> 649 650 PR analyzer/93669 651 * engine.cc (exploded_graph::dump_exploded_nodes): Handle missing 652 case of STATUS_WORKLIST in implementation of 653 "__analyzer_dump_exploded_nodes". 654 6552020-02-11 David Malcolm <dmalcolm@redhat.com> 656 657 PR analyzer/93649 658 * constraint-manager.cc (constraint_manager::add_constraint): When 659 merging equivalence classes and updating m_constant, also update 660 m_cst_sid. 661 (constraint_manager::validate): If m_constant is non-NULL assert 662 that m_cst_sid is non-null and is valid. 663 6642020-02-11 David Malcolm <dmalcolm@redhat.com> 665 666 PR analyzer/93657 667 * analyzer.opt (fdump-analyzer): Reword description. 668 (fdump-analyzer-stderr): Likewise. 669 6702020-02-11 David Malcolm <dmalcolm@redhat.com> 671 672 * region-model.cc (print_quoted_type): New function. 673 (svalue::print): Use it to replace %qT. 674 (region::dump_to_pp): Likewise. 675 (region::dump_child_label): Likewise. 676 (region::print_fields): Likewise. 677 6782020-02-10 David Malcolm <dmalcolm@redhat.com> 679 680 PR analyzer/93659 681 * analyzer.opt (-param=analyzer-max-recursion-depth=): Fix "tha" 682 -> "that" typo. 683 (Wanalyzer-use-of-uninitialized-value): Fix "initialized" -> 684 "uninitialized" typo. 685 6862020-02-10 David Malcolm <dmalcolm@redhat.com> 687 688 PR analyzer/93350 689 * region-model.cc (region_model::get_lvalue_1): 690 Handle BIT_FIELD_REF. 691 (make_region_for_type): Handle VECTOR_TYPE. 692 6932020-02-10 David Malcolm <dmalcolm@redhat.com> 694 695 PR analyzer/93647 696 * diagnostic-manager.cc 697 (diagnostic_manager::prune_for_sm_diagnostic): Bulletproof against 698 VAR being constant. 699 * region-model.cc (region_model::get_lvalue_1): Provide a better 700 error message when encountering an unhandled tree code. 701 7022020-02-10 David Malcolm <dmalcolm@redhat.com> 703 704 PR analyzer/93405 705 * region-model.cc (region_model::get_lvalue_1): Implement 706 CONST_DECL. 707 7082020-02-06 David Malcolm <dmalcolm@redhat.com> 709 710 * region-model.cc (region_model::maybe_cast_1): Attempt to provide 711 a region_svalue if either type is a pointer, rather than if both 712 types are pointers. 713 7142020-02-05 David Malcolm <dmalcolm@redhat.com> 715 716 * engine.cc (exploded_node::dump_dot): Show merger enodes. 717 (worklist::add_node): Assert that the node's m_status is 718 STATUS_WORKLIST. 719 (exploded_graph::process_worklist): Likewise for nodes from the 720 worklist. Set status of merged nodes to STATUS_MERGER. 721 (exploded_graph::process_node): Set status of node to 722 STATUS_PROCESSED. 723 (exploded_graph::dump_exploded_nodes): Rework handling of 724 "__analyzer_dump_exploded_nodes", splitting enodes by status into 725 "processed" and "merger", showing the count of just the processed 726 enodes at the call, rather than the count of all enodes. 727 * exploded-graph.h (exploded_node::status): New enum. 728 (exploded_node::exploded_node): Initialize m_status to 729 STATUS_WORKLIST. 730 (exploded_node::get_status): New getter. 731 (exploded_node::set_status): New setter. 732 7332020-02-04 David Malcolm <dmalcolm@redhat.com> 734 735 PR analyzer/93543 736 * engine.cc (pod_hash_traits<function_call_string>::mark_empty): 737 Eliminate reinterpret_cast. 738 (pod_hash_traits<function_call_string>::is_empty): Likewise. 739 7402020-02-03 David Malcolm <dmalcolm@redhat.com> 741 742 * constraint-manager.cc (range::constrained_to_single_element): 743 Replace fold_build2 with fold_binary. Remove unnecessary newline. 744 (constraint_manager::get_or_add_equiv_class): Replace fold_build2 745 with fold_binary in two places, and remove out-of-date comment. 746 (constraint_manager::eval_condition): Replace fold_build2 with 747 fold_binary. 748 * region-model.cc (constant_svalue::eval_condition): Likewise. 749 (region_model::on_assignment): Likewise. 750 7512020-02-03 David Malcolm <dmalcolm@redhat.com> 752 753 PR analyzer/93544 754 * diagnostic-manager.cc 755 (diagnostic_manager::prune_for_sm_diagnostic): Bulletproof 756 against bad choices due to bad paths. 757 * engine.cc (impl_region_model_context::on_phi): New. 758 * exploded-graph.h (impl_region_model_context::on_phi): New decl. 759 * region-model.cc (region_model::on_longjmp): Likewise. 760 (region_model::handle_phi): Add phi param. Call the ctxt's on_phi 761 vfunc. 762 (region_model::update_for_phis): Pass phi to handle_phi. 763 * region-model.h (region_model::handle_phi): Add phi param. 764 (region_model_context::on_phi): New vfunc. 765 (test_region_model_context::on_phi): New. 766 * sm-malloc.cc (malloc_state_machine::on_phi): New. 767 (malloc_state_machine::on_zero_assignment): New. 768 * sm.h (state_machine::on_phi): New vfunc. 769 7702020-02-03 David Malcolm <dmalcolm@redhat.com> 771 772 * engine.cc (supernode_cluster::dump_dot): Show BB index as 773 well as SN index. 774 * supergraph.cc (supernode::dump_dot): Likewise. 775 7762020-02-03 David Malcolm <dmalcolm@redhat.com> 777 778 PR analyzer/93546 779 * region-model.cc (region_model::on_call_pre): Update for new 780 param of symbolic_region ctor. 781 (region_model::deref_rvalue): Likewise. 782 (region_model::add_new_malloc_region): Likewise. 783 (make_region_for_type): Likewise, preserving type. 784 * region-model.h (symbolic_region::symbolic_region): Add "type" 785 param and pass it to base class ctor. 786 7872020-02-03 David Malcolm <dmalcolm@redhat.com> 788 789 PR analyzer/93547 790 * constraint-manager.cc 791 (constraint_manager::get_or_add_equiv_class): Ensure types are 792 compatible before comparing constants. 793 7942020-01-31 David Malcolm <dmalcolm@redhat.com> 795 796 PR analyzer/93457 797 * region-model.cc (make_region_for_type): Use VOID_TYPE_P rather 798 than checking against void_type_node. 799 8002020-01-31 David Malcolm <dmalcolm@redhat.com> 801 802 PR analyzer/93373 803 * region-model.cc (ASSERT_COMPAT_TYPES): Convert to... 804 (assert_compat_types): ...this, and bail when either type is NULL, 805 or when VOID_TYPE_P (dst_type). 806 (region_model::get_lvalue): Update for above conversion. 807 (region_model::get_rvalue): Likewise. 808 8092020-01-31 David Malcolm <dmalcolm@redhat.com> 810 811 PR analyzer/93379 812 * region-model.cc (region_model::update_for_return_superedge): 813 Move check for null result so that it also guards setting the 814 lhs. 815 8162020-01-31 David Malcolm <dmalcolm@redhat.com> 817 818 PR analyzer/93438 819 * region-model.cc (stack_region::can_merge_p): Split into a two 820 pass approach, creating all stack regions first, then populating 821 them. 822 (selftest::test_state_merging): Add test coverage for (a) the case 823 of self-merging a model in which a local in an older stack frame 824 points to a local in a more recent stack frame (which previously 825 would ICE), and (b) the case of self-merging a model in which a 826 local points to a global (which previously worked OK). 827 8282020-01-31 David Malcolm <dmalcolm@redhat.com> 829 830 * analyzer.cc (is_named_call_p): Replace tests for fndecl being 831 extern at file scope and having a non-NULL DECL_NAME with a call 832 to maybe_special_function_p. 833 * function-set.cc (function_set::contains_decl_p): Add call to 834 maybe_special_function_p. 835 8362020-01-31 David Malcolm <dmalcolm@redhat.com> 837 838 PR analyzer/93450 839 * constraint-manager.cc 840 (constraint_manager::get_or_add_equiv_class): Only compare constants 841 if their types are compatible. 842 * region-model.cc (constant_svalue::eval_condition): Replace check 843 for identical types with call to types_compatible_p. 844 8452020-01-30 David Malcolm <dmalcolm@redhat.com> 846 847 * program-state.cc (extrinsic_state::dump_to_pp): New. 848 (extrinsic_state::dump_to_file): New. 849 (extrinsic_state::dump): New. 850 * program-state.h (extrinsic_state::dump_to_pp): New decl. 851 (extrinsic_state::dump_to_file): New decl. 852 (extrinsic_state::dump): New decl. 853 * sm.cc: Include "pretty-print.h". 854 (state_machine::dump_to_pp): New. 855 * sm.h (state_machine::dump_to_pp): New decl. 856 8572020-01-30 David Malcolm <dmalcolm@redhat.com> 858 859 * diagnostic-manager.cc (for_each_state_change): Use 860 extrinsic_state::get_num_checkers rather than accessing m_checkers 861 directly. 862 * program-state.cc (program_state::program_state): Likewise. 863 * program-state.h (extrinsic_state::m_checkers): Make private. 864 8652020-01-30 David Malcolm <dmalcolm@redhat.com> 866 867 PR analyzer/93356 868 * region-model.cc (region_model::eval_condition): In both 869 overloads, bail out immediately on floating-point types. 870 (region_model::eval_condition_without_cm): Likewise. 871 (region_model::add_constraint): Likewise. 872 8732020-01-30 David Malcolm <dmalcolm@redhat.com> 874 875 PR analyzer/93450 876 * program-state.cc (sm_state_map::set_state): For the overload 877 taking an svalue_id, bail out if the set_state on the ec does 878 nothing. Convert the latter's return type from void to bool, 879 returning true if anything changed. 880 (sm_state_map::impl_set_state): Convert the return type from void 881 to bool, returning true if the state changed. 882 * program-state.h (sm_state_map::set_state): Convert return type 883 from void to bool. 884 (sm_state_map::impl_set_state): Likewise. 885 * region-model.cc (constant_svalue::eval_condition): Only call 886 fold_build2 if the types are the same. 887 8882020-01-29 Jakub Jelinek <jakub@redhat.com> 889 890 * analyzer.h (PUSH_IGNORE_WFORMAT, POP_IGNORE_WFORMAT): Remove. 891 * constraint-manager.cc: Include diagnostic-core.h before graphviz.h. 892 (range::dump, equiv_class::print): Don't use PUSH_IGNORE_WFORMAT or 893 POP_IGNORE_WFORMAT. 894 * state-purge.cc: Include diagnostic-core.h before 895 gimple-pretty-print.h. 896 (state_purge_annotator::add_node_annotations, print_vec_of_names): 897 Don't use PUSH_IGNORE_WFORMAT or POP_IGNORE_WFORMAT. 898 * region-model.cc: Move diagnostic-core.h include before graphviz.h. 899 (path_var::dump, svalue::print, constant_svalue::print_details, 900 region::dump_to_pp, region::dump_child_label, region::print_fields, 901 map_region::print_fields, map_region::dump_dot_to_pp, 902 map_region::dump_child_label, array_region::print_fields, 903 array_region::dump_dot_to_pp): Don't use PUSH_IGNORE_WFORMAT or 904 POP_IGNORE_WFORMAT. 905 9062020-01-28 David Malcolm <dmalcolm@redhat.com> 907 908 PR analyzer/93316 909 * engine.cc (rewind_info_t::update_model): Get the longjmp call 910 stmt via get_longjmp_call () rather than assuming it is the last 911 stmt in the longjmp's supernode. 912 (rewind_info_t::add_events_to_path): Get the location_t for the 913 rewind_from_longjmp_event via get_longjmp_call () rather than from 914 the supernode's get_end_location (). 915 9162020-01-28 David Malcolm <dmalcolm@redhat.com> 917 918 * region-model.cc (poisoned_value_diagnostic::emit): Update for 919 renaming of warning_at overload to warning_meta. 920 * sm-file.cc (file_leak::emit): Likewise. 921 * sm-malloc.cc (double_free::emit): Likewise. 922 (possible_null_deref::emit): Likewise. 923 (possible_null_arg::emit): Likewise. 924 (null_deref::emit): Likewise. 925 (null_arg::emit): Likewise. 926 (use_after_free::emit): Likewise. 927 (malloc_leak::emit): Likewise. 928 (free_of_non_heap::emit): Likewise. 929 * sm-sensitive.cc (exposure_through_output_file::emit): Likewise. 930 * sm-signal.cc (signal_unsafe_call::emit): Likewise. 931 * sm-taint.cc (tainted_array_index::emit): Likewise. 932 9332020-01-27 David Malcolm <dmalcolm@redhat.com> 934 935 PR analyzer/93451 936 * region-model.cc (tree_cmp): For the REAL_CST case, impose an 937 arbitrary order on NaNs relative to other NaNs and to non-NaNs; 938 const-correctness tweak. 939 (ana::selftests::build_real_cst_from_string): New function. 940 (ana::selftests::append_interesting_constants): New function. 941 (ana::selftests::test_tree_cmp_on_constants): New test. 942 (ana::selftests::test_canonicalization_4): New test. 943 (ana::selftests::analyzer_region_model_cc_tests): Call the new 944 tests. 945 9462020-01-27 David Malcolm <dmalcolm@redhat.com> 947 948 PR analyzer/93349 949 * engine.cc (run_checkers): Save and restore input_location. 950 9512020-01-27 David Malcolm <dmalcolm@redhat.com> 952 953 * call-string.cc (call_string::cmp_1): Delete, moving body to... 954 (call_string::cmp): ...here. 955 * call-string.h (call_string::cmp_1): Delete decl. 956 * engine.cc (worklist::key_t::cmp_1): Delete, moving body to... 957 (worklist::key_t::cmp): ...here. Implement hash comparisons 958 via comparison rather than subtraction to avoid overflow issues. 959 * exploded-graph.h (worklist::key_t::cmp_1): Delete decl. 960 * region-model.cc (tree_cmp): Eliminate buggy checking for 961 symmetry. 962 9632020-01-27 David Malcolm <dmalcolm@redhat.com> 964 965 * analyzer.cc (is_named_call_p): Check that fndecl is "extern" 966 and at file scope. Potentially disregard prefix _ or __ in 967 fndecl's name. Bail if the identifier is NULL. 968 (is_setjmp_call_p): Expect a gcall rather than plain gimple. 969 Remove special-case check for leading prefix, and also check for 970 sigsetjmp. 971 (is_longjmp_call_p): Also check for siglongjmp. 972 (get_user_facing_name): New function. 973 * analyzer.h (is_setjmp_call_p): Expect a gcall rather than plain 974 gimple. 975 (get_user_facing_name): New decl. 976 * checker-path.cc (setjmp_event::get_desc): Use 977 get_user_facing_name to avoid hardcoding the function name. 978 (rewind_event::rewind_event): Add rewind_info param, using it to 979 initialize new m_rewind_info field, and strengthen the assertion. 980 (rewind_from_longjmp_event::get_desc): Use get_user_facing_name to 981 avoid hardcoding the function name. 982 (rewind_to_setjmp_event::get_desc): Likewise. 983 * checker-path.h (setjmp_event::setjmp_event): Add setjmp_call 984 param and use it to initialize... 985 (setjmp_event::m_setjmp_call): New field. 986 (rewind_event::rewind_event): Add rewind_info param. 987 (rewind_event::m_rewind_info): New protected field. 988 (rewind_from_longjmp_event::rewind_from_longjmp_event): Add 989 rewind_info param. 990 (class rewind_to_setjmp_event): Move rewind_info field to parent 991 class. 992 * diagnostic-manager.cc (diagnostic_manager::add_events_for_eedge): 993 Update setjmp-handling for is_setjmp_call_p requiring a gcall; 994 pass the call to the new setjmp_event. 995 * engine.cc (exploded_node::on_stmt): Update for is_setjmp_call_p 996 requiring a gcall. 997 (stale_jmp_buf::emit): Use get_user_facing_name to avoid 998 hardcoding the function names. 999 (exploded_node::on_longjmp): Pass the longjmp_call when 1000 constructing rewind_info. 1001 (rewind_info_t::add_events_to_path): Pass the rewind_info_t to the 1002 rewind_from_longjmp_event's ctor. 1003 * exploded-graph.h (rewind_info_t::rewind_info_t): Add 1004 longjmp_call param. 1005 (rewind_info_t::get_longjmp_call): New. 1006 (rewind_info_t::m_longjmp_call): New. 1007 * region-model.cc (region_model::on_setjmp): Update comment to 1008 indicate this is also for sigsetjmp. 1009 * region-model.h (struct setjmp_record): Likewise. 1010 (class setjmp_svalue): Likewise. 1011 10122020-01-27 David Malcolm <dmalcolm@redhat.com> 1013 1014 PR analyzer/93276 1015 * analyzer.h (PUSH_IGNORE_WFORMAT, POP_IGNORE_WFORMAT): Guard these 1016 macros with GCC_VERSION >= 4006, making them no-op otherwise. 1017 * engine.cc (exploded_edge::exploded_edge): Specify template for 1018 base class initializer. 1019 (exploded_graph::add_edge): Specify template when chaining up to 1020 base class add_edge implementation. 1021 (viz_callgraph_node::dump_dot): Drop redundant "typename". 1022 (viz_callgraph_edge::viz_callgraph_edge): Specify template for 1023 base class initializer. 1024 * program-state.cc (sm_state_map::clone_with_remapping): Drop 1025 redundant "typename". 1026 (sm_state_map::print): Likewise. 1027 (sm_state_map::hash): Likewise. 1028 (sm_state_map::operator==): Likewise. 1029 (sm_state_map::remap_svalue_ids): Likewise. 1030 (sm_state_map::on_svalue_purge): Likewise. 1031 (sm_state_map::validate): Likewise. 1032 * program-state.h (sm_state_map::iterator_t): Likewise. 1033 * supergraph.h (superedge::superedge): Specify template for base 1034 class initializer. 1035 10362020-01-23 David Malcolm <dmalcolm@redhat.com> 1037 1038 PR analyzer/93375 1039 * supergraph.cc (callgraph_superedge::get_arg_for_parm): Fail 1040 gracefully is the number of parameters at the callee exceeds the 1041 number of arguments at the call stmt. 1042 (callgraph_superedge::get_parm_for_arg): Likewise. 1043 10442020-01-22 David Malcolm <dmalcolm@redhat.com> 1045 1046 PR analyzer/93382 1047 * program-state.cc (sm_state_map::on_svalue_purge): If the 1048 entry survives, but the origin is being purged, then reset the 1049 origin to null. 1050 10512020-01-22 David Malcolm <dmalcolm@redhat.com> 1052 1053 * sm-signal.cc: Fix nesting of CHECKING_P and namespace ana. 1054 10552020-01-22 David Malcolm <dmalcolm@redhat.com> 1056 1057 PR analyzer/93378 1058 * engine.cc (setjmp_svalue::compare_fields): Update for 1059 replacement of m_enode with m_setjmp_record. 1060 (setjmp_svalue::add_to_hash): Likewise. 1061 (setjmp_svalue::get_index): Rename... 1062 (setjmp_svalue::get_enode_index): ...to this. 1063 (setjmp_svalue::print_details): Update for replacement of m_enode 1064 with m_setjmp_record. 1065 (exploded_node::on_longjmp): Likewise. 1066 * exploded-graph.h (rewind_info_t::m_enode_origin): Replace... 1067 (rewind_info_t::m_setjmp_record): ...with this. 1068 (rewind_info_t::rewind_info_t): Update for replacement of m_enode 1069 with m_setjmp_record. 1070 (rewind_info_t::get_setjmp_point): Likewise. 1071 (rewind_info_t::get_setjmp_call): Likewise. 1072 * region-model.cc (region_model::dump_summary_of_map): Likewise. 1073 (region_model::on_setjmp): Likewise. 1074 * region-model.h (struct setjmp_record): New struct. 1075 (setjmp_svalue::m_enode): Replace... 1076 (setjmp_svalue::m_setjmp_record): ...with this. 1077 (setjmp_svalue::setjmp_svalue): Update for replacement of m_enode 1078 with m_setjmp_record. 1079 (setjmp_svalue::clone): Likewise. 1080 (setjmp_svalue::get_index): Rename... 1081 (setjmp_svalue::get_enode_index): ...to this. 1082 (setjmp_svalue::get_exploded_node): Replace... 1083 (setjmp_svalue::get_setjmp_record): ...with this. 1084 10852020-01-22 David Malcolm <dmalcolm@redhat.com> 1086 1087 PR analyzer/93316 1088 * analyzer.cc (is_setjmp_call_p): Check for "setjmp" as well as 1089 "_setjmp". 1090 10912020-01-22 David Malcolm <dmalcolm@redhat.com> 1092 1093 PR analyzer/93307 1094 * analysis-plan.h: Wrap everything namespace "ana". 1095 * analyzer-logging.cc: Likewise. 1096 * analyzer-logging.h: Likewise. 1097 * analyzer-pass.cc (pass_analyzer::execute): Update for "ana" 1098 namespace. 1099 * analyzer-selftests.cc: Wrap everything namespace "ana". 1100 * analyzer-selftests.h: Likewise. 1101 * analyzer.h: Likewise for forward decls of types. 1102 * call-string.h: Likewise. 1103 * checker-path.cc: Likewise. 1104 * checker-path.h: Likewise. 1105 * constraint-manager.cc: Likewise. 1106 * constraint-manager.h: Likewise. 1107 * diagnostic-manager.cc: Likewise. 1108 * diagnostic-manager.h: Likewise. 1109 * engine.cc: Likewise. 1110 * engine.h: Likewise. 1111 * exploded-graph.h: Likewise. 1112 * function-set.cc: Likewise. 1113 * function-set.h: Likewise. 1114 * pending-diagnostic.cc: Likewise. 1115 * pending-diagnostic.h: Likewise. 1116 * program-point.cc: Likewise. 1117 * program-point.h: Likewise. 1118 * program-state.cc: Likewise. 1119 * program-state.h: Likewise. 1120 * region-model.cc: Likewise. 1121 * region-model.h: Likewise. 1122 * sm-file.cc: Likewise. 1123 * sm-malloc.cc: Likewise. 1124 * sm-pattern-test.cc: Likewise. 1125 * sm-sensitive.cc: Likewise. 1126 * sm-signal.cc: Likewise. 1127 * sm-taint.cc: Likewise. 1128 * sm.cc: Likewise. 1129 * sm.h: Likewise. 1130 * state-purge.h: Likewise. 1131 * supergraph.cc: Likewise. 1132 * supergraph.h: Likewise. 1133 11342020-01-21 David Malcolm <dmalcolm@redhat.com> 1135 1136 PR analyzer/93352 1137 * region-model.cc (int_cmp): Rename to... 1138 (array_region::key_cmp): ...this, using key_t rather than int. 1139 Rewrite in terms of comparisons rather than subtraction to 1140 ensure qsort is anti-symmetric when handling extreme values. 1141 (array_region::walk_for_canonicalization): Update for above 1142 renaming. 1143 * region-model.h (array_region::key_cmp): New decl. 1144 11452020-01-17 David Malcolm <dmalcolm@redhat.com> 1146 1147 PR analyzer/93290 1148 * region-model.cc (region_model::eval_condition_without_cm): Avoid 1149 gcc_unreachable for unexpected operations for the case where 1150 we're comparing an svalue against itself. 1151 11522020-01-17 David Malcolm <dmalcolm@redhat.com> 1153 1154 PR analyzer/93281 1155 * region-model.cc 1156 (region_model::convert_byte_offset_to_array_index): Convert to 1157 ssizetype before dividing by byte_size. Use fold_binary rather 1158 than fold_build2 to avoid needlessly constructing a tree for the 1159 non-const case. 1160 11612020-01-15 David Malcolm <dmalcolm@redhat.com> 1162 1163 * engine.cc (class impl_region_model_context): Fix comment. 1164 11652020-01-14 David Malcolm <dmalcolm@redhat.com> 1166 1167 PR analyzer/93212 1168 * region-model.cc (make_region_for_type): Use 1169 FUNC_OR_METHOD_TYPE_P rather than comparing against FUNCTION_TYPE. 1170 * region-model.h (function_region::function_region): Likewise. 1171 11722020-01-14 David Malcolm <dmalcolm@redhat.com> 1173 1174 * program-state.cc (sm_state_map::clone_with_remapping): Copy 1175 m_global_state. 1176 (selftest::test_program_state_merging_2): New selftest. 1177 (selftest::analyzer_program_state_cc_tests): Call it. 1178 11792020-01-14 David Malcolm <dmalcolm@redhat.com> 1180 1181 * checker-path.h (checker_path::get_checker_event): New function. 1182 (checker_path): Add DISABLE_COPY_AND_ASSIGN; make fields private. 1183 * diagnostic-manager.cc 1184 (diagnostic_manager::prune_for_sm_diagnostic): Replace direct 1185 access to checker_path::m_events with accessor functions. Fix 1186 overlong line. 1187 (diagnostic_manager::prune_interproc_events): Replace direct 1188 access to checker_path::m_events with accessor functions. 1189 (diagnostic_manager::finish_pruning): Likewise. 1190 11912020-01-14 David Malcolm <dmalcolm@redhat.com> 1192 1193 * checker-path.h (checker_event::clone): Delete vfunc decl. 1194 (debug_event::clone): Delete vfunc impl. 1195 (custom_event::clone): Delete vfunc impl. 1196 (statement_event::clone): Delete vfunc impl. 1197 (function_entry_event::clone): Delete vfunc impl. 1198 (state_change_event::clone): Delete vfunc impl. 1199 (start_cfg_edge_event::clone): Delete vfunc impl. 1200 (end_cfg_edge_event::clone): Delete vfunc impl. 1201 (call_event::clone): Delete vfunc impl. 1202 (return_event::clone): Delete vfunc impl. 1203 (setjmp_event::clone): Delete vfunc impl. 1204 (rewind_from_longjmp_event::clone): Delete vfunc impl. 1205 (rewind_to_setjmp_event::clone): Delete vfunc impl. 1206 (warning_event::clone): Delete vfunc impl. 1207 12082020-01-14 David Malcolm <dmalcolm@redhat.com> 1209 1210 * supergraph.cc (supernode::dump_dot): Ensure that the TABLE 1211 element has at least one TR. 1212 12132020-01-14 David Malcolm <dmalcolm@redhat.com> 1214 1215 PR analyzer/58237 1216 * engine.cc (leak_stmt_finder::find_stmt): Use get_pure_location 1217 when comparing against UNKNOWN_LOCATION. 1218 (stmt_requires_new_enode_p): Likewise. 1219 (exploded_graph::dump_exploded_nodes): Likewise. 1220 * supergraph.cc (supernode::get_start_location): Likewise. 1221 (supernode::get_end_location): Likewise. 1222 12232020-01-14 David Malcolm <dmalcolm@redhat.com> 1224 1225 PR analyzer/58237 1226 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call 1227 selftest::analyzer_sm_file_cc_tests. 1228 * analyzer-selftests.h (selftest::analyzer_sm_file_cc_tests): New 1229 decl. 1230 * sm-file.cc: Include "analyzer/function-set.h" and 1231 "analyzer/analyzer-selftests.h". 1232 (get_file_using_fns): New function. 1233 (is_file_using_fn_p): New function. 1234 (fileptr_state_machine::on_stmt): Return true for known functions. 1235 (selftest::analyzer_sm_file_cc_tests): New function. 1236 12372020-01-14 David Malcolm <dmalcolm@redhat.com> 1238 1239 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call 1240 selftest::analyzer_sm_signal_cc_tests. 1241 * analyzer-selftests.h (selftest::analyzer_sm_signal_cc_tests): 1242 New decl. 1243 * sm-signal.cc: Include "analyzer/function-set.h" and 1244 "analyzer/analyzer-selftests.h". 1245 (get_async_signal_unsafe_fns): New function. 1246 (signal_unsafe_p): Reimplement in terms of the above. 1247 (selftest::analyzer_sm_signal_cc_tests): New function. 1248 12492020-01-14 David Malcolm <dmalcolm@redhat.com> 1250 1251 * analyzer-selftests.cc (selftest::run_analyzer_selftests): Call 1252 selftest::analyzer_function_set_cc_tests. 1253 * analyzer-selftests.h (selftest::analyzer_function_set_cc_tests): 1254 New decl. 1255 * function-set.cc: New file. 1256 * function-set.h: New file. 1257 12582020-01-14 David Malcolm <dmalcolm@redhat.com> 1259 1260 * analyzer.h (fndecl_has_gimple_body_p): New decl. 1261 * engine.cc (impl_region_model_context::on_unknown_change): New 1262 function. 1263 (fndecl_has_gimple_body_p): Make non-static. 1264 (exploded_node::on_stmt): Treat __analyzer_dump_exploded_nodes as 1265 known. Track whether we have a call with unknown side-effects and 1266 pass it to on_call_post. 1267 * exploded-graph.h (impl_region_model_context::on_unknown_change): 1268 New decl. 1269 * program-state.cc (sm_state_map::on_unknown_change): New function. 1270 * program-state.h (sm_state_map::on_unknown_change): New decl. 1271 * region-model.cc: Include "bitmap.h". 1272 (region_model::on_call_pre): Return a bool, capturing whether the 1273 call has unknown side effects. 1274 (region_model::on_call_post): Add arg "bool unknown_side_effects" 1275 and if true, call handle_unrecognized_call. 1276 (class reachable_regions): New class. 1277 (region_model::handle_unrecognized_call): New function. 1278 * region-model.h (region_model::on_call_pre): Return a bool. 1279 (region_model::on_call_post): Add arg "bool unknown_side_effects". 1280 (region_model::handle_unrecognized_call): New decl. 1281 (region_model_context::on_unknown_change): New vfunc. 1282 (test_region_model_context::on_unknown_change): New function. 1283 12842020-01-14 David Malcolm <dmalcolm@redhat.com> 1285 1286 * diagnostic-manager.cc (saved_diagnostic::operator==): Move here 1287 from header. Replace pointer equality test on m_var with call to 1288 pending_diagnostic::same_tree_p. 1289 * diagnostic-manager.h (saved_diagnostic::operator==): Move to 1290 diagnostic-manager.cc. 1291 * pending-diagnostic.cc (pending_diagnostic::same_tree_p): New. 1292 * pending-diagnostic.h (pending_diagnostic::same_tree_p): New. 1293 * sm-file.cc (file_diagnostic::subclass_equal_p): Replace pointer 1294 equality on m_arg with call to pending_diagnostic::same_tree_p. 1295 * sm-malloc.cc (malloc_diagnostic::subclass_equal_p): Likewise. 1296 (possible_null_arg::subclass_equal_p): Likewise. 1297 (null_arg::subclass_equal_p): Likewise. 1298 (free_of_non_heap::subclass_equal_p): Likewise. 1299 * sm-pattern-test.cc (pattern_match::operator==): Likewise. 1300 * sm-sensitive.cc (exposure_through_output_file::operator==): 1301 Likewise. 1302 * sm-taint.cc (tainted_array_index::operator==): Likewise. 1303 13042020-01-14 David Malcolm <dmalcolm@redhat.com> 1305 1306 * diagnostic-manager.cc (dedupe_winners::add): Add logging 1307 of deduplication decisions made. 1308 13092020-01-14 David Malcolm <dmalcolm@redhat.com> 1310 1311 * ChangeLog: New file. 1312 * analyzer-selftests.cc: New file. 1313 * analyzer-selftests.h: New file. 1314 * analyzer.opt: New file. 1315 * analysis-plan.cc: New file. 1316 * analysis-plan.h: New file. 1317 * analyzer-logging.cc: New file. 1318 * analyzer-logging.h: New file. 1319 * analyzer-pass.cc: New file. 1320 * analyzer.cc: New file. 1321 * analyzer.h: New file. 1322 * call-string.cc: New file. 1323 * call-string.h: New file. 1324 * checker-path.cc: New file. 1325 * checker-path.h: New file. 1326 * constraint-manager.cc: New file. 1327 * constraint-manager.h: New file. 1328 * diagnostic-manager.cc: New file. 1329 * diagnostic-manager.h: New file. 1330 * engine.cc: New file. 1331 * engine.h: New file. 1332 * exploded-graph.h: New file. 1333 * pending-diagnostic.cc: New file. 1334 * pending-diagnostic.h: New file. 1335 * program-point.cc: New file. 1336 * program-point.h: New file. 1337 * program-state.cc: New file. 1338 * program-state.h: New file. 1339 * region-model.cc: New file. 1340 * region-model.h: New file. 1341 * sm-file.cc: New file. 1342 * sm-malloc.cc: New file. 1343 * sm-malloc.dot: New file. 1344 * sm-pattern-test.cc: New file. 1345 * sm-sensitive.cc: New file. 1346 * sm-signal.cc: New file. 1347 * sm-taint.cc: New file. 1348 * sm.cc: New file. 1349 * sm.h: New file. 1350 * state-purge.cc: New file. 1351 * state-purge.h: New file. 1352 * supergraph.cc: New file. 1353 * supergraph.h: New file. 1354 13552019-12-13 David Malcolm <dmalcolm@redhat.com> 1356 1357 * Initial creation 1358 1359 1360Copyright (C) 2019-2020 Free Software Foundation, Inc. 1361 1362Copying and distribution of this file, with or without modification, 1363are permitted in any medium without royalty provided the copyright 1364notice and this notice are preserved. 1365