7722 lines
314 KiB
Plaintext
7722 lines
314 KiB
Plaintext
2022-07-26 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/106319
|
||
* store.cc (store::set_value): Don't strip away casts if the
|
||
region has NULL type.
|
||
|
||
2022-07-26 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* region.h (code_region::get_element): Remove stray decl.
|
||
(function_region::get_element): Likewise.
|
||
|
||
2022-07-25 Martin Liska <mliska@suse.cz>
|
||
|
||
* sm-fd.cc: Run dos2unix and fix coding style issues.
|
||
|
||
2022-07-23 Immad Mir <mirimmad@outlook.com>
|
||
|
||
* sm-fd.cc (fd_param_diagnostic): New diagnostic class.
|
||
(fd_access_mode_mismatch): Change inheritance from fd_diagnostic
|
||
to fd_param_diagnostic. Add new overloaded constructor.
|
||
(fd_use_after_close): Likewise.
|
||
(unchecked_use_of_fd): Likewise and also change name to fd_use_without_check.
|
||
(double_close): Change name to fd_double_close.
|
||
(enum access_directions): New.
|
||
(fd_state_machine::on_stmt): Handle calls to function with the
|
||
new three function attributes.
|
||
(fd_state_machine::check_for_fd_attrs): New.
|
||
(fd_state_machine::on_open): Use the new overloaded constructors
|
||
of diagnostic classes.
|
||
|
||
2022-07-22 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/106413
|
||
* varargs.cc (region_model::impl_call_va_start): Avoid iterating
|
||
through non-existant variadic arguments by initializing the
|
||
impl_region to "UNKNOWN" if the va_start occurs in the top-level
|
||
function to the analysis.
|
||
|
||
2022-07-22 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/106401
|
||
* store.cc (binding_cluster::binding_cluster): Remove overzealous
|
||
assertion; we're checking for tracked_p in
|
||
store::get_or_create_cluster.
|
||
|
||
2022-07-22 Tim Lange <mail@tim-lange.me>
|
||
|
||
PR analyzer/106394
|
||
* region-model.cc (capacity_compatible_with_type): Always return true
|
||
if alloc_size is zero.
|
||
|
||
2022-07-21 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/106383
|
||
* varargs.cc (region_model::impl_call_va_arg): When determining if
|
||
we're doing interprocedural analysis, use the stack depth of the
|
||
frame in which va_start was called, rather than the current stack
|
||
depth.
|
||
|
||
2022-07-21 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* sm-taint.cc (tainted_array_index::emit): Bulletproof against
|
||
NULL m_arg.
|
||
(tainted_array_index::describe_final_event): Likewise.
|
||
(tainted_size::emit): Likewise.
|
||
(tainted_size::describe_final_event): Likewise.
|
||
|
||
2022-07-21 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/106374
|
||
* region.cc (decl_region::get_svalue_for_initializer): Bail out on
|
||
untracked regions.
|
||
|
||
2022-07-20 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/106373
|
||
* sm-taint.cc (taint_state_machine::on_condition): Potentially
|
||
update the state of the RHS as well as the LHS.
|
||
|
||
2022-07-20 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/106359
|
||
* region.h (string_region::tracked_p): New.
|
||
* store.cc (binding_cluster::binding_cluster): Move here from
|
||
store.h. Add assertion that base_region is tracked_p.
|
||
* store.h (binding_cluster::binding_cluster): Move to store.cc.
|
||
|
||
2022-07-19 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/106321
|
||
* constraint-manager.h (bounded_ranges::get_count): New.
|
||
(bounded_ranges::get_range): New.
|
||
* engine.cc (impl_region_model_context::on_bounded_ranges): New.
|
||
* exploded-graph.h (impl_region_model_context::on_bounded_ranges):
|
||
New decl.
|
||
* region-model.cc (region_model::apply_constraints_for_gswitch):
|
||
Potentially call ctxt->on_bounded_ranges.
|
||
* region-model.h (region_model_context::on_bounded_ranges): New
|
||
vfunc.
|
||
(noop_region_model_context::on_bounded_ranges): New.
|
||
(region_model_context_decorator::on_bounded_ranges): New.
|
||
* sm-taint.cc: Include "analyzer/constraint-manager.h".
|
||
(taint_state_machine::on_bounded_ranges): New.
|
||
* sm.h (state_machine::on_bounded_ranges): New.
|
||
|
||
2022-07-19 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* engine.cc (exploded_graph::process_node): Show any description
|
||
of the out-edge when logging it for consideration.
|
||
|
||
2022-07-15 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/106284
|
||
* sm-taint.cc (taint_state_machine::on_condition): Handle range
|
||
checks optimized by build_range_check.
|
||
|
||
2022-07-15 Jonathan Wakely <jwakely@redhat.com>
|
||
|
||
* call-info.cc (call_info::print): Adjust to new label_text API.
|
||
* checker-path.cc (checker_event::dump): Likewise.
|
||
(region_creation_event::get_desc): Likewise.
|
||
(state_change_event::get_desc): Likewise.
|
||
(superedge_event::should_filter_p): Likewise.
|
||
(start_cfg_edge_event::get_desc): Likewise.
|
||
(call_event::get_desc): Likewise.
|
||
(return_event::get_desc): Likewise.
|
||
(warning_event::get_desc): Likewise.
|
||
(checker_path::dump): Likewise.
|
||
(checker_path::debug): Likewise.
|
||
* diagnostic-manager.cc (diagnostic_manager::prune_for_sm_diagnostic):
|
||
Likewise.
|
||
(diagnostic_manager::prune_interproc_events): Likewise.
|
||
* engine.cc (feasibility_state::maybe_update_for_edge):
|
||
Likewise.
|
||
* program-state.cc (sm_state_map::to_json): Likewise.
|
||
* region-model-impl-calls.cc (region_model::impl_call_analyzer_describe): Likewise.
|
||
(region_model::impl_call_analyzer_dump_capacity): Likewise.
|
||
* region.cc (region::to_json): Likewise.
|
||
* sm-malloc.cc (inform_nonnull_attribute): Likewise.
|
||
* store.cc (binding_map::to_json): Likewise.
|
||
(store::to_json): Likewise.
|
||
* supergraph.cc (superedge::dump): Likewise.
|
||
* svalue.cc (svalue::to_json): Likewise.
|
||
|
||
2022-07-07 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* checker-path.cc (start_cfg_edge_event::get_desc): Update for
|
||
superedge::get_description returning a label_text.
|
||
* engine.cc (feasibility_state::maybe_update_for_edge): Likewise.
|
||
* supergraph.cc (superedge::dump): Likewise.
|
||
(superedge::get_description): Convert return type from char * to
|
||
label_text.
|
||
* supergraph.h (superedge::get_description): Likewise.
|
||
|
||
2022-07-07 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* call-info.cc (call_info::print): Update for removal of
|
||
label_text::maybe_free in favor of automatic memory management.
|
||
* checker-path.cc (checker_event::dump): Likewise.
|
||
(checker_event::prepare_for_emission): Likewise.
|
||
(state_change_event::get_desc): Likewise.
|
||
(superedge_event::should_filter_p): Likewise.
|
||
(start_cfg_edge_event::get_desc): Likewise.
|
||
(warning_event::get_desc): Likewise.
|
||
(checker_path::dump): Likewise.
|
||
(checker_path::debug): Likewise.
|
||
* diagnostic-manager.cc
|
||
(diagnostic_manager::prune_for_sm_diagnostic): Likewise.
|
||
(diagnostic_manager::prune_interproc_events): Likewise.
|
||
* program-state.cc (sm_state_map::to_json): Likewise.
|
||
* region.cc (region::to_json): Likewise.
|
||
* sm-malloc.cc (inform_nonnull_attribute): Likewise.
|
||
* store.cc (binding_map::to_json): Likewise.
|
||
(store::to_json): Likewise.
|
||
* svalue.cc (svalue::to_json): Likewise.
|
||
|
||
2022-07-07 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/106225
|
||
* sm-taint.cc (taint_state_machine::on_stmt): Move handling of
|
||
assignments from division to...
|
||
(taint_state_machine::check_for_tainted_divisor): ...this new
|
||
function. Reject warning when the divisor is known to be non-zero.
|
||
* sm.cc: Include "analyzer/program-state.h".
|
||
(sm_context::get_old_region_model): New.
|
||
* sm.h (sm_context::get_old_region_model): New decl.
|
||
|
||
2022-07-06 Immad Mir <mirimmad@outlook.com>
|
||
|
||
PR analyzer/106184
|
||
* sm-fd.cc (fd_state_machine): Change ordering of initialization
|
||
of state m_invalid so that the order of initializers is same as
|
||
the ordering of the fields in the class decl.
|
||
|
||
2022-07-06 Immad Mir <mirimmad@outlook.com>
|
||
|
||
* sm-fd.cc (use_after_close): save the "close" event and
|
||
show it where possible.
|
||
|
||
2022-07-06 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/106204
|
||
* region-model.cc (within_short_circuited_stmt_p): Move extraction
|
||
of assign_stmt to caller.
|
||
(due_to_ifn_deferred_init_p): New.
|
||
(region_model::check_for_poison): Move extraction of assign_stmt
|
||
from within_short_circuited_stmt_p to here. Share logic with
|
||
call to due_to_ifn_deferred_init_p.
|
||
|
||
2022-07-02 Tim Lange <mail@tim-lange.me>
|
||
|
||
PR analyzer/105900
|
||
* analyzer.opt: Added Wanalyzer-allocation-size.
|
||
* checker-path.cc (region_creation_event::get_desc): Added call to new
|
||
virtual function pending_diagnostic::describe_region_creation_event.
|
||
* checker-path.h: Added region_creation_event::get_desc.
|
||
* diagnostic-manager.cc (diagnostic_manager::add_event_on_final_node):
|
||
New function.
|
||
* diagnostic-manager.h:
|
||
Added diagnostic_manager::add_event_on_final_node.
|
||
* pending-diagnostic.h (struct region_creation): New event_desc struct.
|
||
(pending_diagnostic::describe_region_creation_event): Added virtual
|
||
function to overwrite description of a region creation.
|
||
* region-model.cc (class dubious_allocation_size): New class.
|
||
(capacity_compatible_with_type): New helper function.
|
||
(class size_visitor): New class.
|
||
(struct_or_union_with_inheritance_p): New helper function.
|
||
(is_any_cast_p): New helper function.
|
||
(region_model::check_region_size): New function.
|
||
(region_model::set_value): Added call to
|
||
region_model::check_region_size.
|
||
* region-model.h (class region_model): New function check_region_size.
|
||
* svalue.cc (region_svalue::accept): Changed to post-order traversal.
|
||
(initial_svalue::accept): Likewise.
|
||
(unaryop_svalue::accept): Likewise.
|
||
(binop_svalue::accept): Likewise.
|
||
(sub_svalue::accept): Likewise.
|
||
(repeated_svalue::accept): Likewise.
|
||
(bits_within_svalue::accept): Likewise.
|
||
(widening_svalue::accept): Likewise.
|
||
(unmergeable_svalue::accept): Likewise.
|
||
(compound_svalue::accept): Likewise.
|
||
(conjured_svalue::accept): Likewise.
|
||
(asm_output_svalue::accept): Likewise.
|
||
(const_fn_result_svalue::accept): Likewise.
|
||
|
||
2022-07-02 Immad Mir <mirimmad17@gmail.com>
|
||
|
||
PR analyzer/106003
|
||
* analyzer.opt (Wanalyzer-fd-leak): New option.
|
||
(Wanalyzer-fd-access-mode-mismatch): New option.
|
||
(Wanalyzer-fd-use-without-check): New option.
|
||
(Wanalyzer-fd-double-close): New option.
|
||
(Wanalyzer-fd-use-after-close): New option.
|
||
* sm.h (make_fd_state_machine): New decl.
|
||
* sm.cc (make_checkers): Call make_fd_state_machine.
|
||
* sm-fd.cc: New file.
|
||
|
||
2022-06-24 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* call-string.cc: Add includes of "analyzer/analyzer.h"
|
||
and "analyzer/analyzer-logging.h".
|
||
(call_string::call_string): Delete copy ctor.
|
||
(call_string::operator=): Delete.
|
||
(call_string::operator==): Delete.
|
||
(call_string::hash): Delete.
|
||
(call_string::push_call): Make const, returning the resulting
|
||
call_string.
|
||
(call_string::pop): Delete.
|
||
(call_string::cmp_ptr_ptr): New.
|
||
(call_string::validate): Assert that m_parent is non-NULL, or
|
||
m_elements is empty.
|
||
(call_string::call_string): Move default ctor here from
|
||
call-string.h and reimplement. Add ctor taking a parent
|
||
and an element.
|
||
(call_string::~call_string): New.
|
||
(call_string::recursive_log): New.
|
||
* call-string.h (call_string::call_string): Move default ctor's
|
||
defn to call-string.cc. Delete copy ctor. Add ctor taking a
|
||
parent and an element.
|
||
(call_string::operator=): Delete.
|
||
(call_string::operator==): Delete.
|
||
(call_string::hash): Delete.
|
||
(call_string::push_call): Make const, returning the resulting
|
||
call_string.
|
||
(call_string::pop): Delete decl.
|
||
(call_string::get_parent): New.
|
||
(call_string::cmp_ptr_ptr): New decl.
|
||
(call_string::get_top_of_stack): New.
|
||
(struct call_string::hashmap_traits_t): New.
|
||
(class call_string): Add friend class region_model_manager. Add
|
||
DISABLE_COPY_AND_ASSIGN.
|
||
(call_string::~call_string): New decl.
|
||
(call_string::recursive_log): New decl.
|
||
(call_string::m_parent): New field.
|
||
(call_string::m_children): New field.
|
||
* constraint-manager.cc (selftest::test_many_constants): Pass
|
||
model manager to program_point::origin.
|
||
* engine.cc (exploded_graph::exploded_graph): Likewise.
|
||
(exploded_graph::add_function_entry): Likewise for
|
||
program_point::from_function_entry.
|
||
(add_tainted_args_callback): Likewise.
|
||
(exploded_graph::maybe_process_run_of_before_supernode_enodes):
|
||
Update for change to program_point.get_call_string.
|
||
(exploded_graph::process_node): Likewise.
|
||
(class function_call_string_cluster): Convert m_cs from a
|
||
call_string to a const call_string &.
|
||
(struct function_call_string): Likewise.
|
||
(pod_hash_traits<function_call_string>::hash): Use pointer_hash
|
||
for m_cs.
|
||
(pod_hash_traits<function_call_string>::equal): Update for change
|
||
to m_cs.
|
||
(root_cluster::add_node): Update for change to
|
||
function_call_string.
|
||
(viz_callgraph_node::dump_dot): Update for change to call_string.
|
||
* exploded-graph.h (per_call_string_data::m_key): Convert to a
|
||
reference.
|
||
(struct eg_call_string_hash_map_traits): Delete.
|
||
(exploded_graph::call_string_data_map_t): Remove traits class.
|
||
* program-point.cc: Move include of "analyzer/call-string.h" to
|
||
after "analyzer/analyzer-logging.h".
|
||
(program_point::print): Update for conversion of m_call_string to
|
||
a pointer.
|
||
(program_point::to_json): Likewise.
|
||
(program_point::push_to_call_stack): Update for immutability of
|
||
call strings.
|
||
(program_point::pop_from_call_stack): Likewise.
|
||
(program_point::hash): Use pointer hashing for m_call_string.
|
||
(program_point::get_function_at_depth): Update for change to
|
||
m_call_string.
|
||
(program_point::validate): Update for changes to call_string.
|
||
(program_point::on_edge): Likewise.
|
||
(program_point::origin): Move here from call-string.h. Add
|
||
region_model_manager param and use it to get empty call string.
|
||
(program_point::from_function_entry): Likewise.
|
||
(selftest::test_function_point_ordering): Likewise.
|
||
(selftest::test_function_point_ordering): Likewise.
|
||
* program-point.h (program_point::program_point): Update for
|
||
change to m_call_string.
|
||
(program_point::get_call_string): Likewise.
|
||
(program_point::get_stack_depth): Likewise.
|
||
(program_point::origin): Add region_model_manager param, and move
|
||
defn to call-string.cc.
|
||
(program_point::from_function_entry): Likewise.
|
||
(program_point::empty): Drop call_string.
|
||
(program_point::deleted): Likewise.
|
||
(program_point::program_point): New private ctor.
|
||
(program_point::m_call_string): Convert from call_string to const
|
||
call_string *.
|
||
* program-state.cc (selftest::test_program_state_merging): Update
|
||
for call_string changes.
|
||
(selftest::test_program_state_merging_2): Likewise.
|
||
* region-model-manager.cc
|
||
(region_model_manager::region_model_manager): Construct
|
||
m_empty_call_string.
|
||
(region_model_manager::log_stats): Log the call strings.
|
||
* region-model.cc (assert_region_models_merge): Pass the
|
||
region_model_manager when creating program_point instances.
|
||
(selftest::test_state_merging): Likewise.
|
||
(selftest::test_constraint_merging): Likewise.
|
||
(selftest::test_widening_constraints): Likewise.
|
||
(selftest::test_iteration_1): Likewise.
|
||
* region-model.h (region_model_manager::get_empty_call_string):
|
||
New.
|
||
(region_model_manager::m_empty_call_string): New.
|
||
* sm-signal.cc (register_signal_handler::impl_transition): Update
|
||
for changes to call_string.
|
||
|
||
2022-06-24 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* call-string.cc (call_string::calc_recursion_depth): Whitespace
|
||
cleanups.
|
||
(call_string::cmp): Likewise.
|
||
(call_string::get_caller_node): Likewise.
|
||
(call_string::validate): Likewise.
|
||
* engine.cc (dynamic_call_info_t::add_events_to_path): Likewise.
|
||
(exploded_graph::get_per_function_data): Likewise.
|
||
(exploded_graph::maybe_create_dynamic_call): Likewise.
|
||
(exploded_graph::maybe_create_dynamic_call): Likewise.
|
||
(exploded_graph::process_node): Likewise.
|
||
|
||
2022-06-16 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* varargs.cc (va_arg_type_mismatch::emit): Associate the warning
|
||
with CWE-686 ("Function Call With Incorrect Argument Type").
|
||
|
||
2022-06-16 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* varargs.cc: Include "diagnostic-metadata.h".
|
||
(va_list_exhausted::emit): Associate the warning with
|
||
CWE-685 ("Function Call With Incorrect Number of Arguments").
|
||
|
||
2022-06-16 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* sm-file.cc (double_fclose::emit): Associate the warning with
|
||
CWE-1341 ("Multiple Releases of Same Resource or Handle").
|
||
|
||
2022-06-15 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/105962
|
||
* analyzer.opt (fanalyzer-undo-inlining): New option.
|
||
* checker-path.cc: Include "diagnostic-core.h" and
|
||
"inlining-iterator.h".
|
||
(event_kind_to_string): Handle EK_INLINED_CALL.
|
||
(class inlining_info): New class.
|
||
(checker_event::checker_event): Move here from checker-path.h.
|
||
Store original fndecl and depth, and calculate effective fndecl
|
||
and depth based on inlining information.
|
||
(checker_event::dump): Emit original depth as well as effective
|
||
depth when they differ; likewise for fndecl.
|
||
(region_creation_event::get_desc): Use m_effective_fndecl.
|
||
(inlined_call_event::get_desc): New.
|
||
(inlined_call_event::get_meaning): New.
|
||
(checker_path::inject_any_inlined_call_events): New.
|
||
* checker-path.h (enum event_kind): Add EK_INLINED_CALL.
|
||
(checker_event::checker_event): Make protected, and move
|
||
definition to checker-path.cc.
|
||
(checker_event::get_fndecl): Use effective fndecl.
|
||
(checker_event::get_stack_depth): Use effective stack depth.
|
||
(checker_event::get_logical_location): Use effective stack depth.
|
||
(checker_event::get_original_stack_depth): New.
|
||
(checker_event::m_fndecl): Rename to...
|
||
(checker_event::m_original_fndecl): ...this.
|
||
(checker_event::m_depth): Rename to...
|
||
(checker_event::m_original_depth): ...this.
|
||
(checker_event::m_effective_fndecl): New field.
|
||
(checker_event::m_effective_depth): New field.
|
||
(class inlined_call_event): New checker_event subclass.
|
||
(checker_path::inject_any_inlined_call_events): New decl.
|
||
* diagnostic-manager.cc: Include "inlining-iterator.h".
|
||
(diagnostic_manager::emit_saved_diagnostic): Call
|
||
checker_path::inject_any_inlined_call_events.
|
||
(diagnostic_manager::prune_for_sm_diagnostic): Handle
|
||
EK_INLINED_CALL.
|
||
* engine.cc (tainted_args_function_custom_event::get_desc): Use
|
||
effective fndecl.
|
||
* inlining-iterator.h: New file.
|
||
|
||
2022-06-15 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* diagnostic-manager.cc (saved_diagnostic::dump_dot_id): New.
|
||
(saved_diagnostic::dump_as_dot_node): New.
|
||
* diagnostic-manager.h (saved_diagnostic::dump_dot_id): New decl.
|
||
(saved_diagnostic::dump_as_dot_node): New decl.
|
||
* engine.cc (exploded_node::dump_dot): Add nodes for saved
|
||
diagnostics.
|
||
|
||
2022-06-02 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* checker-path.cc (checker_event::get_meaning): New.
|
||
(function_entry_event::get_meaning): New.
|
||
(state_change_event::get_desc): Add dump of meaning of the event
|
||
to the -fanalyzer-verbose-state-changes output.
|
||
(state_change_event::get_meaning): New.
|
||
(cfg_edge_event::get_meaning): New.
|
||
(call_event::get_meaning): New.
|
||
(return_event::get_meaning): New.
|
||
(start_consolidated_cfg_edges_event::get_meaning): New.
|
||
(warning_event::get_meaning): New.
|
||
* checker-path.h: Include "tree-logical-location.h".
|
||
(checker_event::checker_event): Construct m_logical_loc.
|
||
(checker_event::get_logical_location): New.
|
||
(checker_event::get_meaning): New decl.
|
||
(checker_event::m_logical_loc): New.
|
||
(function_entry_event::get_meaning): New decl.
|
||
(state_change_event::get_meaning): New decl.
|
||
(cfg_edge_event::get_meaning): New decl.
|
||
(call_event::get_meaning): New decl.
|
||
(return_event::get_meaning): New decl.
|
||
(start_consolidated_cfg_edges_event::get_meaning): New.
|
||
(warning_event::get_meaning): New decl.
|
||
* pending-diagnostic.h: Include "diagnostic-path.h".
|
||
(pending_diagnostic::get_meaning_for_state_change): New vfunc.
|
||
* sm-file.cc (file_diagnostic::get_meaning_for_state_change): New
|
||
vfunc impl.
|
||
* sm-malloc.cc (malloc_diagnostic::get_meaning_for_state_change):
|
||
Likewise.
|
||
* sm-sensitive.cc
|
||
(exposure_through_output_file::get_meaning_for_state_change):
|
||
Likewise.
|
||
* sm-taint.cc (taint_diagnostic::get_meaning_for_state_change):
|
||
Likewise.
|
||
* varargs.cc
|
||
(va_list_sm_diagnostic::get_meaning_for_state_change): Likewise.
|
||
|
||
2022-05-23 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* call-info.cc: Add "final" and "override" to all vfunc
|
||
implementations that were missing them, as appropriate.
|
||
* engine.cc: Likewise.
|
||
* region-model.cc: Likewise.
|
||
* sm-malloc.cc: Likewise.
|
||
* supergraph.h: Likewise.
|
||
* svalue.cc: Likewise.
|
||
* varargs.cc: Likewise.
|
||
|
||
2022-05-20 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* analyzer-pass.cc: Replace uses of "FINAL" and "OVERRIDE" with
|
||
"final" and "override".
|
||
* call-info.h: Likewise.
|
||
* checker-path.h: Likewise.
|
||
* constraint-manager.cc: Likewise.
|
||
* diagnostic-manager.cc: Likewise.
|
||
* engine.cc: Likewise.
|
||
* exploded-graph.h: Likewise.
|
||
* feasible-graph.h: Likewise.
|
||
* pending-diagnostic.h: Likewise.
|
||
* region-model-impl-calls.cc: Likewise.
|
||
* region-model.cc: Likewise.
|
||
* region-model.h: Likewise.
|
||
* region.h: Likewise.
|
||
* sm-file.cc: Likewise.
|
||
* sm-malloc.cc: Likewise.
|
||
* sm-pattern-test.cc: Likewise.
|
||
* sm-sensitive.cc: Likewise.
|
||
* sm-signal.cc: Likewise.
|
||
* sm-taint.cc: Likewise.
|
||
* state-purge.h: Likewise.
|
||
* store.cc: Likewise.
|
||
* store.h: Likewise.
|
||
* supergraph.h: Likewise.
|
||
* svalue.h: Likewise.
|
||
* trimmed-graph.h: Likewise.
|
||
* varargs.cc: Likewise.
|
||
|
||
2022-05-16 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/105103
|
||
* analyzer.cc (make_label_text_n): New.
|
||
* analyzer.h (class var_arg_region): New forward decl.
|
||
(make_label_text_n): New decl.
|
||
* analyzer.opt (Wanalyzer-va-arg-type-mismatch): New option.
|
||
(Wanalyzer-va-list-exhausted): New option.
|
||
(Wanalyzer-va-list-leak): New option.
|
||
(Wanalyzer-va-list-use-after-va-end): New option.
|
||
* checker-path.cc (call_event::get_desc): Split out decl access
|
||
into..
|
||
(call_event::get_caller_fndecl): ...this new function and...
|
||
(call_event::get_callee_fndecl): ...this new function.
|
||
* checker-path.h (call_event::get_desc): Drop "FINAL".
|
||
(call_event::get_caller_fndecl): New decl.
|
||
(call_event::get_callee_fndecl): New decl.
|
||
(class call_event): Make fields protected.
|
||
* diagnostic-manager.cc (null_assignment_sm_context::warn): New
|
||
overload.
|
||
(null_assignment_sm_context::get_new_program_state): New.
|
||
(diagnostic_manager::add_events_for_superedge): Move case
|
||
SUPEREDGE_CALL to a new pending_diagnostic::add_call_event vfunc.
|
||
* engine.cc (impl_sm_context::warn): Implement new override.
|
||
(impl_sm_context::get_new_program_state): New.
|
||
* pending-diagnostic.cc: Include "analyzer/diagnostic-manager.h",
|
||
"cpplib.h", "digraph.h", "ordered-hash-map.h", "cfg.h",
|
||
"basic-block.h", "gimple.h", "gimple-iterator.h", "cgraph.h"
|
||
"analyzer/supergraph.h", "analyzer/program-state.h",
|
||
"alloc-pool.h", "fibonacci_heap.h", "shortest-paths.h",
|
||
"sbitmap.h", "analyzer/exploded-graph.h", "diagnostic-path.h",
|
||
and "analyzer/checker-path.h".
|
||
(ht_ident_eq): New.
|
||
(fixup_location_in_macro_p): New.
|
||
(pending_diagnostic::fixup_location): New.
|
||
(pending_diagnostic::add_call_event): New.
|
||
* pending-diagnostic.h (pending_diagnostic::fixup_location): Drop
|
||
no-op inline implementation in favor of the more complex
|
||
implementation above.
|
||
(pending_diagnostic::add_call_event): New vfunc.
|
||
* region-model-impl-calls.cc: Include "analyzer/sm.h",
|
||
"diagnostic-path.h", and "analyzer/pending-diagnostic.h".
|
||
* region-model-manager.cc
|
||
(region_model_manager::get_var_arg_region): New.
|
||
(region_model_manager::log_stats): Log m_var_arg_regions.
|
||
* region-model.cc (region_model::on_call_pre): Handle IFN_VA_ARG,
|
||
BUILT_IN_VA_START, and BUILT_IN_VA_COPY.
|
||
(region_model::on_call_post): Handle BUILT_IN_VA_END.
|
||
(region_model::get_representative_path_var_1): Handle RK_VAR_ARG.
|
||
(region_model::push_frame): Push variadic arguments.
|
||
* region-model.h (region_model_manager::get_var_arg_region): New
|
||
decl.
|
||
(region_model_manager::m_var_arg_regions): New field.
|
||
(region_model::impl_call_va_start): New decl.
|
||
(region_model::impl_call_va_copy): New decl.
|
||
(region_model::impl_call_va_arg): New decl.
|
||
(region_model::impl_call_va_end): New decl.
|
||
* region.cc (alloca_region::dump_to_pp): Dump the id.
|
||
(var_arg_region::dump_to_pp): New.
|
||
(var_arg_region::get_frame_region): New.
|
||
* region.h (enum region_kind): Add RK_VAR_ARG.
|
||
(region::dyn_cast_var_arg_region): New.
|
||
(class var_arg_region): New.
|
||
(is_a_helper <const var_arg_region *>::test): New.
|
||
(struct default_hash_traits<var_arg_region::key_t>): New.
|
||
* sm.cc (make_checkers): Call make_va_list_state_machine.
|
||
* sm.h (sm_context::warn): New vfunc.
|
||
(sm_context::get_old_svalue): Drop unused decl.
|
||
(sm_context::get_new_program_state): New vfunc.
|
||
(make_va_list_state_machine): New decl.
|
||
* varargs.cc: New file.
|
||
|
||
2022-05-16 Martin Liska <mliska@suse.cz>
|
||
|
||
* engine.cc (exploded_node::get_dot_fillcolor): Use ARRAY_SIZE.
|
||
* function-set.cc (test_stdio_example): Likewise.
|
||
* sm-file.cc (get_file_using_fns): Likewise.
|
||
* sm-malloc.cc (malloc_state_machine::unaffected_by_call_p): Likewise.
|
||
* sm-signal.cc (get_async_signal_unsafe_fns): Likewise.
|
||
|
||
2022-05-13 Richard Biener <rguenther@suse.de>
|
||
|
||
* supergraph.cc: Re-order gimple-fold.h include.
|
||
|
||
2022-05-11 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* checker-path.cc (state_change_event::get_desc): Call maybe_free
|
||
on label_text temporaries.
|
||
* diagnostic-manager.cc
|
||
(diagnostic_manager::prune_for_sm_diagnostic): Likewise.
|
||
* engine.cc (exploded_graph::~exploded_graph): Fix leak of
|
||
m_per_point_data and m_per_call_string_data values. Simplify
|
||
cleanup of m_per_function_stats and m_per_point_data values.
|
||
(feasibility_state::maybe_update_for_edge): Fix leak of result of
|
||
superedge::get_description.
|
||
* region-model-manager.cc
|
||
(region_model_manager::~region_model_manager): Move cleanup of
|
||
m_setjmp_values to match the ordering of the fields within
|
||
region_model_manager. Fix leak of values within
|
||
m_repeated_values_map, m_bits_within_values_map,
|
||
m_asm_output_values_map, and m_const_fn_result_values_map.
|
||
|
||
2022-04-28 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/105285
|
||
* store.cc (binding_cluster::get_any_binding): Handle accessing
|
||
sub_svalues of clusters where the base region has a symbolic
|
||
binding.
|
||
|
||
2022-04-28 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* diagnostic-manager.cc (epath_finder::process_worklist_item):
|
||
Call dump_feasible_path when a path that reaches the the target
|
||
enode is found.
|
||
(epath_finder::dump_feasible_path): New.
|
||
* engine.cc (feasibility_state::dump_to_pp): New.
|
||
* exploded-graph.h (feasibility_state::dump_to_pp): New decl.
|
||
* feasible-graph.cc (feasible_graph::dump_feasible_path): New.
|
||
* feasible-graph.h (feasible_graph::dump_feasible_path): New
|
||
decls.
|
||
* program-point.cc (function_point::print): Fix missing trailing
|
||
newlines.
|
||
* program-point.h (program_point::print_source_line): Remove
|
||
unimplemented decl.
|
||
|
||
2022-04-25 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/105365
|
||
PR analyzer/105366
|
||
* svalue.cc
|
||
(cmp_cst): Rename to...
|
||
(cmp_csts_same_type): ...this. Convert all recursive calls to
|
||
calls to...
|
||
(cmp_csts_and_types): ....this new function.
|
||
(svalue::cmp_ptr): Update for renaming of cmp_cst
|
||
|
||
2022-04-14 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/105264
|
||
* region-model-reachability.cc (reachable_regions::handle_parm):
|
||
Use maybe_get_deref_base_region rather than just region_svalue, to
|
||
handle pointer arithmetic also.
|
||
* svalue.cc (svalue::maybe_get_deref_base_region): New.
|
||
* svalue.h (svalue::maybe_get_deref_base_region): New decl.
|
||
|
||
2022-04-14 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/105252
|
||
* svalue.cc (cmp_cst): When comparing VECTOR_CSTs, compare the
|
||
types of the encoded elements before calling cmp_cst on them.
|
||
|
||
2022-04-09 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/103892
|
||
* region-model-manager.cc
|
||
(region_model_manager::get_unknown_symbolic_region): New,
|
||
extracted from...
|
||
(region_model_manager::get_field_region): ...here.
|
||
(region_model_manager::get_element_region): Use it here.
|
||
(region_model_manager::get_offset_region): Likewise.
|
||
(region_model_manager::get_sized_region): Likewise.
|
||
(region_model_manager::get_cast_region): Likewise.
|
||
(region_model_manager::get_bit_range): Likewise.
|
||
* region-model.h
|
||
(region_model_manager::get_unknown_symbolic_region): New decl.
|
||
* region.cc (symbolic_region::symbolic_region): Handle sval_ptr
|
||
having NULL type.
|
||
(symbolic_region::dump_to_pp): Handle having NULL type.
|
||
|
||
2022-04-07 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/102208
|
||
* store.cc (binding_map::remove_overlapping_bindings): Add
|
||
"always_overlap" param, using it to generalize to the case where
|
||
we want to remove all bindings. Update "uncertainty" logic to
|
||
only record maybe-bound values for cases where there is a symbolic
|
||
write involved.
|
||
(binding_cluster::mark_region_as_unknown): Split param "reg" into
|
||
"reg_to_bind" and "reg_for_overlap".
|
||
(binding_cluster::maybe_get_compound_binding): Pass "false" to
|
||
binding_map::remove_overlapping_bindings new "always_overlap" param.
|
||
(binding_cluster::remove_overlapping_bindings): Determine
|
||
"always_overlap" and pass it to
|
||
binding_map::remove_overlapping_bindings.
|
||
(store::set_value): Pass uncertainty to remove_overlapping_bindings
|
||
call. Update for new param of
|
||
binding_cluster::mark_region_as_unknown, passing both the base
|
||
region of the iter_cluster, and the lhs_reg.
|
||
(store::mark_region_as_unknown): Update for new param of
|
||
binding_cluster::mark_region_as_unknown, passing "reg" for both.
|
||
(store::remove_overlapping_bindings): Add param "uncertainty", and
|
||
pass it on to call to
|
||
binding_cluster::remove_overlapping_bindings.
|
||
* store.h (binding_map::remove_overlapping_bindings): Add
|
||
"always_overlap" param.
|
||
(binding_cluster::mark_region_as_unknown): Split param "reg" into
|
||
"reg_to_bind" and "reg_for_overlap".
|
||
(store::remove_overlapping_bindings): Add param "uncertainty".
|
||
|
||
2022-03-29 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR testsuite/105085
|
||
* region-model-manager.cc (dump_untracked_region): Skip decls in
|
||
the constant pool.
|
||
|
||
2022-03-29 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/105087
|
||
* analyzer.h (class conjured_purge): New forward decl.
|
||
* region-model-asm.cc (region_model::on_asm_stmt): Add
|
||
conjured_purge param to calls binding_cluster::on_asm and
|
||
region_model_manager::get_or_create_conjured_svalue.
|
||
* region-model-impl-calls.cc
|
||
(call_details::get_or_create_conjured_svalue): Likewise for call
|
||
to region_model_manager::get_or_create_conjured_svalue.
|
||
(region_model::impl_call_fgets): Remove call to
|
||
region_model::purge_state_involving, as this is now done
|
||
implicitly by call_details::get_or_create_conjured_svalue.
|
||
(region_model::impl_call_fread): Likewise.
|
||
(region_model::impl_call_strchr): Pass conjured_purge param to
|
||
call to region_model_manager::get_or_create_conjured_svalue.
|
||
* region-model-manager.cc (conjured_purge::purge): New.
|
||
(region_model_manager::get_or_create_conjured_svalue): Add
|
||
param "p". Use it to purge state when reusing an existing
|
||
conjured_svalue.
|
||
* region-model.cc (region_model::on_call_pre): Replace call to
|
||
region_model::purge_state_involving with passing conjured_purge
|
||
to region_model_manager::get_or_create_conjured_svalue.
|
||
(region_model::handle_unrecognized_call): Pass conjured_purge to
|
||
store::on_unknown_fncall.
|
||
* region-model.h
|
||
(region_model_manager::get_or_create_conjured_svalue): Add param
|
||
"p".
|
||
* store.cc (binding_cluster::on_unknown_fncall): Likewise. Pass
|
||
it on to region_model_manager::get_or_create_conjured_svalue.
|
||
(binding_cluster::on_asm): Likewise.
|
||
(store::on_unknown_fncall): Add param "p" and pass it on to
|
||
binding_cluster::on_unknown_fncall.
|
||
* store.h (binding_cluster::on_unknown_fncall): Add param p.
|
||
(binding_cluster::on_asm): Likewise.
|
||
(store::on_unknown_fncall): Likewise.
|
||
* svalue.h (class conjured_purge): New.
|
||
|
||
2022-03-29 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/105074
|
||
* region.cc (ipa_ref_requires_tracking): Drop "context_fndecl",
|
||
instead using the ref->referring to get the cgraph node of the
|
||
caller.
|
||
(symnode_requires_tracking_p): Likewise.
|
||
|
||
2022-03-26 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/105057
|
||
* store.cc (binding_cluster::make_unknown_relative_to): Reject
|
||
attempts to create a cluster for untracked base regions.
|
||
(store::set_value): Likewise.
|
||
(store::fill_region): Likewise.
|
||
(store::mark_region_as_unknown): Likewise.
|
||
|
||
2022-03-25 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/104954
|
||
* analyzer.opt (-fdump-analyzer-untracked): New option.
|
||
* engine.cc (impl_run_checkers): Handle it.
|
||
* region-model-asm.cc (region_model::on_asm_stmt): Don't attempt
|
||
to clobber regions with !tracked_p ().
|
||
* region-model-manager.cc (dump_untracked_region): New.
|
||
(region_model_manager::dump_untracked_regions): New.
|
||
(frame_region::dump_untracked_regions): New.
|
||
* region-model.h (region_model_manager::dump_untracked_regions):
|
||
New decl.
|
||
* region.cc (ipa_ref_requires_tracking): New.
|
||
(symnode_requires_tracking_p): New.
|
||
(decl_region::calc_tracked_p): New.
|
||
* region.h (region::tracked_p): New vfunc.
|
||
(frame_region::dump_untracked_regions): New decl.
|
||
(class decl_region): Note that this is also used fo SSA names.
|
||
(decl_region::decl_region): Initialize m_tracked.
|
||
(decl_region::tracked_p): New.
|
||
(decl_region::calc_tracked_p): New decl.
|
||
(decl_region::m_tracked): New.
|
||
* store.cc (store::get_or_create_cluster): Assert that we
|
||
don't try to create clusters for base regions that aren't
|
||
trackable.
|
||
(store::mark_as_escaped): Don't mark base regions that we're not
|
||
tracking.
|
||
|
||
2022-03-23 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/104979
|
||
* engine.cc (impl_run_checkers): Create the engine after the
|
||
supergraph, and pass the supergraph to the engine.
|
||
* region-model.cc (region_model::get_lvalue_1): Pass ctxt to
|
||
frame_region::get_region_for_local.
|
||
(region_model::update_for_return_gcall): Pass the lvalue for the
|
||
result to pop_frame as a tree, rather than as a region.
|
||
(region_model::pop_frame): Update for above change, determining
|
||
the destination region after the frame is popped and thus with
|
||
respect to the caller frame rather than the called frame.
|
||
Likewise, set the value of the region to the return value after
|
||
the frame is popped.
|
||
(engine::engine): Add supergraph pointer.
|
||
(selftest::test_stack_frames): Set the DECL_CONTECT of PARM_DECLs.
|
||
(selftest::test_get_representative_path_var): Likewise.
|
||
(selftest::test_state_merging): Likewise.
|
||
* region-model.h (region_model::pop_frame): Convert first param
|
||
from a const region * to a tree.
|
||
(engine::engine): Add param "sg".
|
||
(engine::m_sg): New field.
|
||
* region.cc: Include "analyzer/sm.h" and
|
||
"analyzer/program-state.h".
|
||
(frame_region::get_region_for_local): Add "ctxt" param.
|
||
Add assertions that VAR_DECLs are locals, and that expr is for the
|
||
correct function.
|
||
* region.h (frame_region::get_region_for_local): Add "ctxt" param.
|
||
|
||
2022-03-23 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/105017
|
||
* sm-taint.cc (taint_diagnostic::subclass_equal_p): Check
|
||
m_has_bounds as well as m_arg.
|
||
(tainted_allocation_size::subclass_equal_p): Chain up to base
|
||
class implementation. Also check m_mem_space.
|
||
(tainted_allocation_size::emit): Add note showing stack-based vs
|
||
heap-based allocations.
|
||
|
||
2022-03-23 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/104997
|
||
* diagnostic-manager.cc (diagnostic_manager::add_diagnostic):
|
||
Convert return type from "void" to "bool", reporting success vs
|
||
failure to caller, for both overloads.
|
||
* diagnostic-manager.h (diagnostic_manager::add_diagnostic):
|
||
Likewise.
|
||
* engine.cc (impl_region_model_context::warn): Propagate return
|
||
value from diagnostic_manager::add_diagnostic.
|
||
|
||
2022-03-18 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/104943
|
||
PR analyzer/104954
|
||
PR analyzer/103533
|
||
* analyzer.h (class state_purge_per_decl): New forward decl.
|
||
* engine.cc (impl_run_checkers): Pass region_model_manager to
|
||
state_purge_map ctor.
|
||
* program-point.cc (function_point::final_stmt_p): New.
|
||
(function_point::get_next): New.
|
||
* program-point.h (function_point::final_stmt_p): New decl.
|
||
(function_point::get_next): New decl.
|
||
* program-state.cc (program_state::prune_for_point): Generalize to
|
||
purge local decls as well as SSA names.
|
||
(program_state::can_purge_base_region_p): New.
|
||
* program-state.h (program_state::can_purge_base_region_p): New
|
||
decl.
|
||
* region-model.cc (struct append_ssa_names_cb_data): Rename to...
|
||
(struct append_regions_cb_data): ...this.
|
||
(region_model::get_ssa_name_regions_for_current_frame): Rename
|
||
to...
|
||
(region_model::get_regions_for_current_frame): ...this, updating
|
||
for other renamings.
|
||
(region_model::append_ssa_names_cb): Rename to...
|
||
(region_model::append_regions_cb): ...this, and drop the requirement
|
||
that the subregion be a SSA name.
|
||
* region-model.h (struct append_ssa_names_cb_data): Rename decl
|
||
to...
|
||
(struct append_regions_cb_data): ...this.
|
||
(region_model::get_ssa_name_regions_for_current_frame): Rename
|
||
decl to...
|
||
(region_model::get_regions_for_current_frame): ...this.
|
||
(region_model::append_ssa_names_cb): Rename decl to...
|
||
(region_model::append_regions_cb): ...this.
|
||
* state-purge.cc: Include "tristate.h", "selftest.h",
|
||
"analyzer/store.h", "analyzer/region-model.h", and
|
||
"gimple-walk.h".
|
||
(get_candidate_for_purging): New.
|
||
(class gimple_op_visitor): New.
|
||
(my_load_cb): New.
|
||
(my_store_cb): New.
|
||
(my_addr_cb): New.
|
||
(state_purge_map::state_purge_map): Add "mgr" param. Update for
|
||
renamings. Find uses of local variables.
|
||
(state_purge_map::~state_purge_map): Update for renaming of m_map
|
||
to m_ssa_map. Clean up m_decl_map.
|
||
(state_purge_map::get_or_create_data_for_decl): New.
|
||
(state_purge_per_ssa_name::state_purge_per_ssa_name): Update for
|
||
inheriting from state_purge_per_tree.
|
||
(state_purge_per_ssa_name::add_to_worklist): Likewise.
|
||
(state_purge_per_decl::state_purge_per_decl): New.
|
||
(state_purge_per_decl::add_needed_at): New.
|
||
(state_purge_per_decl::add_pointed_to_at): New.
|
||
(state_purge_per_decl::process_worklists): New.
|
||
(state_purge_per_decl::add_to_worklist): New.
|
||
(same_binding_p): New.
|
||
(fully_overwrites_p): New.
|
||
(state_purge_per_decl::process_point_backwards): New.
|
||
(state_purge_per_decl::process_point_forwards): New.
|
||
(state_purge_per_decl::needed_at_point_p): New.
|
||
(state_purge_annotator::print_needed): Generalize to print local
|
||
decls as well as SSA names.
|
||
* state-purge.h (class state_purge_map): Update leading comment.
|
||
(state_purge_map::map_t): Rename to...
|
||
(state_purge_map::ssa_map_t): ...this.
|
||
(state_purge_map::iterator): Rename to...
|
||
(state_purge_map::ssa_iterator): ...this.
|
||
(state_purge_map::decl_map_t): New typedef.
|
||
(state_purge_map::decl_iterator): New typedef.
|
||
(state_purge_map::state_purge_map): Add "mgr" param.
|
||
(state_purge_map::get_data_for_ssa_name): Update for renaming.
|
||
(state_purge_map::get_any_data_for_decl): New.
|
||
(state_purge_map::get_or_create_data_for_decl): New decl.
|
||
(state_purge_map::begin): Rename to...
|
||
(state_purge_map::begin_ssas): ...this.
|
||
(state_purge_map::end): Rename to...
|
||
(state_purge_map::end_ssa): ...this.
|
||
(state_purge_map::begin_decls): New.
|
||
(state_purge_map::end_decls): New.
|
||
(state_purge_map::m_map): Rename to...
|
||
(state_purge_map::m_ssa_map): ...this.
|
||
(state_purge_map::m_decl_map): New field.
|
||
(class state_purge_per_tree): New class.
|
||
(class state_purge_per_ssa_name): Inherit from state_purge_per_tree.
|
||
(state_purge_per_ssa_name::get_function): Move to base class.
|
||
(state_purge_per_ssa_name::point_set_t): Likewise.
|
||
(state_purge_per_ssa_name::m_fun): Likewise.
|
||
(class state_purge_per_decl): New.
|
||
|
||
2022-03-17 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* state-purge.cc (state_purge_annotator::add_node_annotations):
|
||
Avoid duplicate before-supernode annotations when returning from
|
||
an interprocedural call. Show after-supernode annotations.
|
||
|
||
2022-03-17 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* program-point.cc (program_point::get_next): Fix missing
|
||
increment of index.
|
||
|
||
2022-03-16 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/104955
|
||
* diagnostic-manager.cc (get_emission_location): New.
|
||
(diagnostic_manager::diagnostic_manager): Initialize
|
||
m_num_disabled_diagnostics.
|
||
(diagnostic_manager::add_diagnostic): Reject diagnostics that
|
||
will eventually be rejected due to being disabled.
|
||
(diagnostic_manager::emit_saved_diagnostics): Log the number
|
||
of disabled diagnostics.
|
||
(diagnostic_manager::emit_saved_diagnostic): Split out logic for
|
||
determining emission location to get_emission_location.
|
||
* diagnostic-manager.h
|
||
(diagnostic_manager::m_num_disabled_diagnostics): New field.
|
||
* engine.cc (stale_jmp_buf::get_controlling_option): New.
|
||
(stale_jmp_buf::emit): Use it.
|
||
* pending-diagnostic.h
|
||
(pending_diagnostic::get_controlling_option): New vfunc.
|
||
* region-model.cc
|
||
(poisoned_value_diagnostic::get_controlling_option): New.
|
||
(poisoned_value_diagnostic::emit): Use it.
|
||
(shift_count_negative_diagnostic::get_controlling_option): New.
|
||
(shift_count_negative_diagnostic::emit): Use it.
|
||
(shift_count_overflow_diagnostic::get_controlling_option): New.
|
||
(shift_count_overflow_diagnostic::emit): Use it.
|
||
(dump_path_diagnostic::get_controlling_option): New.
|
||
(dump_path_diagnostic::emit): Use it.
|
||
(write_to_const_diagnostic::get_controlling_option): New.
|
||
(write_to_const_diagnostic::emit): Use it.
|
||
(write_to_string_literal_diagnostic::get_controlling_option): New.
|
||
(write_to_string_literal_diagnostic::emit): Use it.
|
||
* sm-file.cc (double_fclose::get_controlling_option): New.
|
||
(double_fclose::emit): Use it.
|
||
(file_leak::get_controlling_option): New.
|
||
(file_leak::emit): Use it.
|
||
* sm-malloc.cc (mismatching_deallocation::get_controlling_option):
|
||
New.
|
||
(mismatching_deallocation::emit): Use it.
|
||
(double_free::get_controlling_option): New.
|
||
(double_free::emit): Use it.
|
||
(possible_null_deref::get_controlling_option): New.
|
||
(possible_null_deref::emit): Use it.
|
||
(possible_null_arg::get_controlling_option): New.
|
||
(possible_null_arg::emit): Use it.
|
||
(null_deref::get_controlling_option): New.
|
||
(null_deref::emit): Use it.
|
||
(null_arg::get_controlling_option): New.
|
||
(null_arg::emit): Use it.
|
||
(use_after_free::get_controlling_option): New.
|
||
(use_after_free::emit): Use it.
|
||
(malloc_leak::get_controlling_option): New.
|
||
(malloc_leak::emit): Use it.
|
||
(free_of_non_heap::get_controlling_option): New.
|
||
(free_of_non_heap::emit): Use it.
|
||
* sm-pattern-test.cc (pattern_match::get_controlling_option): New.
|
||
(pattern_match::emit): Use it.
|
||
* sm-sensitive.cc
|
||
(exposure_through_output_file::get_controlling_option): New.
|
||
(exposure_through_output_file::emit): Use it.
|
||
* sm-signal.cc (signal_unsafe_call::get_controlling_option): New.
|
||
(signal_unsafe_call::emit): Use it.
|
||
* sm-taint.cc (tainted_array_index::get_controlling_option): New.
|
||
(tainted_array_index::emit): Use it.
|
||
(tainted_offset::get_controlling_option): New.
|
||
(tainted_offset::emit): Use it.
|
||
(tainted_size::get_controlling_option): New.
|
||
(tainted_size::emit): Use it.
|
||
(tainted_divisor::get_controlling_option): New.
|
||
(tainted_divisor::emit): Use it.
|
||
(tainted_allocation_size::get_controlling_option): New.
|
||
(tainted_allocation_size::emit): Use it.
|
||
|
||
2022-03-15 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* store.cc (store::store): Presize m_cluster_map.
|
||
|
||
2022-03-10 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/104863
|
||
* constraint-manager.cc (constraint_manager::add_constraint):
|
||
Refresh the EC IDs when adding constraints implied by offsets.
|
||
|
||
2022-03-10 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/104793
|
||
* analyzer.h (class pending_note): New forward decl.
|
||
* diagnostic-manager.cc (saved_diagnostic::saved_diagnostic):
|
||
Initialize m_notes.
|
||
(saved_diagnostic::operator==): Compare m_notes.
|
||
(saved_diagnostic::add_note): New.
|
||
(saved_diagnostic::emit_any_notes): New.
|
||
(diagnostic_manager::add_note): New.
|
||
(diagnostic_manager::emit_saved_diagnostic): Call emit_any_notes
|
||
after emitting the warning.
|
||
* diagnostic-manager.h (saved_diagnostic::add_note): New decl.
|
||
(saved_diagnostic::emit_any_notes): New decl.
|
||
(saved_diagnostic::m_notes): New field.
|
||
(diagnostic_manager::add_note): New decl.
|
||
* engine.cc (impl_region_model_context::add_note): New.
|
||
* exploded-graph.h (impl_region_model_context::add_note): New
|
||
decl.
|
||
* pending-diagnostic.h (class pending_note): New.
|
||
(class pending_note_subclass): New template.
|
||
* region-model.cc (class reason_attr_access): New.
|
||
(check_external_function_for_access_attr): Add class
|
||
annotating_ctxt and use it when checking region.
|
||
(noop_region_model_context::add_note): New.
|
||
* region-model.h (region_model_context::add_note): New vfunc.
|
||
(noop_region_model_context::add_note): New decl.
|
||
(class region_model_context_decorator): New.
|
||
(class note_adding_context): New.
|
||
|
||
2022-03-10 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/104793
|
||
* region-model.cc
|
||
(region_model::check_external_function_for_access_attr): New.
|
||
(region_model::handle_unrecognized_call): Call it.
|
||
* region-model.h
|
||
(region_model::check_external_function_for_access_attr): New decl.
|
||
(region_model::handle_unrecognized_call): New decl.
|
||
|
||
2022-03-10 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* sm-taint.cc (taint_state_machine::check_for_tainted_size_arg):
|
||
Avoid generating duplicate saved_diagnostics by only handling the
|
||
rdwr_map entry for the ptrarg, not the duplicate entry for the
|
||
sizarg.
|
||
|
||
2022-03-07 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/101983
|
||
* engine.cc (returning_from_function_p): New.
|
||
(impl_region_model_context::on_state_leak): Use it when rejecting
|
||
leaks at the return from "main".
|
||
|
||
2022-03-07 Jakub Jelinek <jakub@redhat.com>
|
||
|
||
* store.cc: Fix up duplicated word issue in a comment.
|
||
* analyzer.cc: Likewise.
|
||
* engine.cc: Likewise.
|
||
* sm-taint.cc: Likewise.
|
||
|
||
2022-03-04 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/103521
|
||
* analyzer.opt (-param=analyzer-max-svalue-depth=): Reduce from 13
|
||
to 12.
|
||
|
||
2022-02-23 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/104434
|
||
* analyzer.h (class const_fn_result_svalue): New decl.
|
||
* region-model-impl-calls.cc (call_details::get_manager): New.
|
||
* region-model-manager.cc
|
||
(region_model_manager::get_or_create_const_fn_result_svalue): New.
|
||
(region_model_manager::log_stats): Log
|
||
m_const_fn_result_values_map.
|
||
* region-model.cc (const_fn_p): New.
|
||
(maybe_get_const_fn_result): New.
|
||
(region_model::on_call_pre): Handle fndecls with
|
||
__attribute__((const)) by calling the above rather than making
|
||
a conjured_svalue.
|
||
* region-model.h (visitor::visit_const_fn_result_svalue): New.
|
||
(region_model_manager::get_or_create_const_fn_result_svalue): New
|
||
decl.
|
||
(region_model_manager::const_fn_result_values_map_t): New typedef.
|
||
(region_model_manager::m_const_fn_result_values_map): New field.
|
||
(call_details::get_manager): New decl.
|
||
* svalue.cc (svalue::cmp_ptr): Handle SK_CONST_FN_RESULT.
|
||
(const_fn_result_svalue::dump_to_pp): New.
|
||
(const_fn_result_svalue::dump_input): New.
|
||
(const_fn_result_svalue::accept): New.
|
||
* svalue.h (enum svalue_kind): Add SK_CONST_FN_RESULT.
|
||
(svalue::dyn_cast_const_fn_result_svalue): New.
|
||
(class const_fn_result_svalue): New.
|
||
(is_a_helper <const const_fn_result_svalue *>::test): New.
|
||
(template <> struct default_hash_traits<const_fn_result_svalue::key_t>):
|
||
New.
|
||
|
||
2022-02-17 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/104576
|
||
* region-model.cc: Include "calls.h".
|
||
(region_model::on_call_pre): Use flags_from_decl_or_type to
|
||
generalize check for DECL_PURE_P to also check for ECF_CONST.
|
||
|
||
2022-02-16 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/104560
|
||
* diagnostic-manager.cc (diagnostic_manager::build_emission_path):
|
||
Add region creation events for globals of interest.
|
||
(null_assignment_sm_context::get_old_program_state): New.
|
||
(diagnostic_manager::add_events_for_eedge): Move check for
|
||
changing dynamic extents from PK_BEFORE_STMT case to after the
|
||
switch on the dst_point's kind so that we can emit them for the
|
||
final stmt in a basic block.
|
||
* engine.cc (impl_sm_context::get_old_program_state): New.
|
||
* sm-malloc.cc (malloc_state_machine::get_default_state): Rewrite
|
||
detection of m_non_heap to use get_memory_space.
|
||
(free_of_non_heap::free_of_non_heap): Add freed_reg param.
|
||
(free_of_non_heap::subclass_equal_p): Update for changes to
|
||
fields.
|
||
(free_of_non_heap::emit): Drop m_kind in favor of
|
||
get_memory_space.
|
||
(free_of_non_heap::describe_state_change): Remove logic for
|
||
detecting alloca.
|
||
(free_of_non_heap::mark_interesting_stuff): Add region-creation of
|
||
m_freed_reg.
|
||
(free_of_non_heap::get_memory_space): New.
|
||
(free_of_non_heap::kind): Drop enum.
|
||
(free_of_non_heap::m_freed_reg): New field.
|
||
(free_of_non_heap::m_kind): Drop field.
|
||
(malloc_state_machine::on_stmt): Drop transition to m_non_heap.
|
||
(malloc_state_machine::handle_free_of_non_heap): New function,
|
||
split out from on_deallocator_call and on_realloc_call, adding
|
||
detection of the freed region.
|
||
(malloc_state_machine::on_deallocator_call): Use it.
|
||
(malloc_state_machine::on_realloc_call): Likewise.
|
||
* sm.h (sm_context::get_old_program_state): New vfunc.
|
||
|
||
2022-02-15 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/104524
|
||
* region-model-manager.cc
|
||
(region_model_manager::maybe_fold_sub_svalue): Only call
|
||
get_or_create_cast if type is non-NULL.
|
||
|
||
2022-02-15 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/102692
|
||
* exploded-graph.h (impl_region_model_context::get_stmt): New.
|
||
* region-model.cc: Include "gimple-ssa.h", "tree-phinodes.h",
|
||
"tree-ssa-operands.h", and "ssa-iterators.h".
|
||
(within_short_circuited_stmt_p): New.
|
||
(region_model::check_for_poison): Don't warn about uninit values
|
||
if within_short_circuited_stmt_p.
|
||
* region-model.h (region_model_context::get_stmt): New vfunc.
|
||
(noop_region_model_context::get_stmt): New.
|
||
|
||
2022-02-11 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/104274
|
||
* region-model.cc (region_model::check_for_poison): Ignore
|
||
uninitialized uses of empty types.
|
||
|
||
2022-02-10 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/98797
|
||
* region-model-manager.cc
|
||
(region_model_manager::maybe_fold_sub_svalue): Generalize getting
|
||
individual chars of a STRING_CST from element_region to any
|
||
subregion which is a concrete access of a single byte from its
|
||
parent region.
|
||
* region.cc (region::get_relative_concrete_byte_range): New.
|
||
* region.h (region::get_relative_concrete_byte_range): New decl.
|
||
|
||
2022-02-09 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/104452
|
||
* region-model.cc (selftest::test_bit_range_regions): New.
|
||
(selftest::analyzer_region_model_cc_tests): Call it.
|
||
* region.h (bit_range_region::key_t::hash): Fix hashing of m_bits
|
||
to avoid using uninitialized data.
|
||
|
||
2022-02-07 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/104417
|
||
* sm-taint.cc (tainted_allocation_size::tainted_allocation_size):
|
||
Remove overzealous assertion.
|
||
(tainted_allocation_size::emit): Likewise.
|
||
(region_model::check_dynamic_size_for_taint): Likewise.
|
||
|
||
2022-02-07 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/103872
|
||
* region-model-impl-calls.cc (region_model::impl_call_memcpy):
|
||
Reimplement in terms of a get_store_value followed by a set_value.
|
||
|
||
2022-02-03 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/104369
|
||
* engine.cc (exploded_graph::process_node): Use the node for any
|
||
diagnostics, avoiding ICE if a bifurcation update adds a
|
||
saved_diagnostic, such as for a tainted realloc size.
|
||
* region-model-impl-calls.cc
|
||
(region_model::impl_call_realloc::success_no_move::update_model):
|
||
Require the old pointer to be non-NULL to be able successfully
|
||
grow in place. Use model->deref_rvalue rather than maybe_get_region
|
||
to support the old pointer being symbolic.
|
||
(region_model::impl_call_realloc::success_with_move::update_model):
|
||
Likewise. Add a constraint that the new pointer != the old pointer.
|
||
Use a sized_region when setting the value of the new region.
|
||
Handle the case where we don't know the dynamic size of the old
|
||
region by marking the new region as unknown.
|
||
* sm-taint.cc (tainted_allocation_size::tainted_allocation_size):
|
||
Update assertion to also allow for MEMSPACE_UNKNOWN.
|
||
(tainted_allocation_size::emit): Likewise.
|
||
(region_model::check_dynamic_size_for_taint): Likewise.
|
||
|
||
2022-02-03 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* region-model-impl-calls.cc (region_model::impl_call_calloc): Use
|
||
a sized_region when calling zero_fill_region.
|
||
|
||
2022-02-02 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* region-model.cc (region_model::on_return): Replace usage of
|
||
copy_region with get_rvalue/set_value pair.
|
||
(region_model::pop_frame): Likewise.
|
||
(selftest::test_compound_assignment): Likewise.
|
||
* region-model.h (region_model::copy_region): Delete decl.
|
||
* region.cc (region_model::copy_region): Delete.
|
||
|
||
2022-02-02 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* region.cc (region::calc_offset): Consolidate effectively
|
||
identical cases.
|
||
|
||
2022-02-02 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* analyzer.h (class bit_range_region): New forward decl.
|
||
* region-model-manager.cc (region_model_manager::get_bit_range):
|
||
New.
|
||
(region_model_manager::log_stats): Handle m_bit_range_regions.
|
||
* region-model.cc (region_model::get_lvalue_1): Handle
|
||
BIT_FIELD_REF.
|
||
* region-model.h (region_model_manager::get_bit_range): New decl.
|
||
(region_model_manager::m_bit_range_regions): New field.
|
||
* region.cc (region::get_base_region): Handle RK_BIT_RANGE.
|
||
(region::base_region_p): Likewise.
|
||
(region::calc_offset): Likewise.
|
||
(bit_range_region::dump_to_pp): New.
|
||
(bit_range_region::get_byte_size): New.
|
||
(bit_range_region::get_bit_size): New.
|
||
(bit_range_region::get_byte_size_sval): New.
|
||
(bit_range_region::get_relative_concrete_offset): New.
|
||
* region.h (enum region_kind): Add RK_BIT_RANGE.
|
||
(region::dyn_cast_bit_range_region): New vfunc.
|
||
(class bit_range_region): New.
|
||
(is_a_helper <const bit_range_region *>::test): New.
|
||
(default_hash_traits<bit_range_region::key_t>): New.
|
||
|
||
2022-02-02 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/104270
|
||
* region-model.cc (region_model::on_call_pre): Handle
|
||
IFN_DEFERRED_INIT.
|
||
|
||
2022-01-27 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* checker-path.cc (event_kind_to_string): Handle
|
||
EK_REGION_CREATION.
|
||
(region_creation_event::region_creation_event): New.
|
||
(region_creation_event::get_desc): New.
|
||
(checker_path::add_region_creation_event): New.
|
||
* checker-path.h (enum event_kind): Add EK_REGION_CREATION.
|
||
(class region_creation_event): New subclass.
|
||
(checker_path::add_region_creation_event): New decl.
|
||
* diagnostic-manager.cc
|
||
(diagnostic_manager::emit_saved_diagnostic): Pass NULL for new
|
||
param to add_events_for_eedge when handling trailing eedge.
|
||
(diagnostic_manager::build_emission_path): Create an interesting_t
|
||
instance, allow the pending diagnostic to populate it, and pass it
|
||
to the calls to add_events_for_eedge.
|
||
(diagnostic_manager::add_events_for_eedge): Add "interest" param.
|
||
Use it to add region_creation_events for on-stack regions created
|
||
within at function entry, and when pertinent dynamically-sized
|
||
regions are created.
|
||
(diagnostic_manager::prune_for_sm_diagnostic): Add case for
|
||
EK_REGION_CREATION.
|
||
* diagnostic-manager.h (diagnostic_manager::add_events_for_eedge):
|
||
Add "interest" param.
|
||
* pending-diagnostic.cc: Include "selftest.h", "tristate.h",
|
||
"analyzer/call-string.h", "analyzer/program-point.h",
|
||
"analyzer/store.h", and "analyzer/region-model.h".
|
||
(interesting_t::add_region_creation): New.
|
||
(interesting_t::dump_to_pp): New.
|
||
* pending-diagnostic.h (struct interesting_t): New.
|
||
(pending_diagnostic::mark_interesting_stuff): New vfunc.
|
||
* region-model.cc
|
||
(poisoned_value_diagnostic::poisoned_value_diagnostic): Add
|
||
(poisoned_value_diagnostic::operator==): Compare m_pkind and
|
||
m_src_region fields.
|
||
(poisoned_value_diagnostic::mark_interesting_stuff): New.
|
||
(poisoned_value_diagnostic::m_src_region): New.
|
||
(region_model::check_for_poison): Call
|
||
get_region_for_poisoned_expr for uninit values and pass the resul
|
||
to the diagnostic.
|
||
(region_model::get_region_for_poisoned_expr): New.
|
||
(region_model::deref_rvalue): Pass NULL for
|
||
poisoned_value_diagnostic's src_region.
|
||
* region-model.h (region_model::get_region_for_poisoned_expr): New
|
||
decl.
|
||
* region.h (frame_region::get_fndecl): New.
|
||
|
||
2022-01-27 Martin Liska <mliska@suse.cz>
|
||
|
||
PR analyzer/104247
|
||
* constraint-manager.cc (bounded_ranges_manager::log_stats):
|
||
Cast to long for format purpose.
|
||
* region-model-manager.cc (log_uniq_map): Likewise.
|
||
|
||
2022-01-26 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/104224
|
||
* region-model.cc (region_model::check_call_args): New.
|
||
(region_model::on_call_pre): Call it when ignoring stdio builtins.
|
||
* region-model.h (region_model::check_call_args): New decl
|
||
|
||
2022-01-26 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/94362
|
||
* constraint-manager.cc (range::add_bound): Fix tests for
|
||
discarding redundant constraints. Perform test for rejecting
|
||
unsatisfiable constraints earlier so that they don't update
|
||
the object on failure.
|
||
(selftest::test_range): New.
|
||
(selftest::test_constant_comparisons): Add test coverage for
|
||
existing constraints becoming narrower until they are
|
||
unsatisfiable.
|
||
(selftest::run_constraint_manager_tests): Call test_range.
|
||
|
||
2022-01-22 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/104159
|
||
* region-model-manager.cc
|
||
(region_model_manager::get_or_create_cast): Bail out if the types
|
||
are the same. Don't attempt to handle casts involving vector
|
||
types.
|
||
|
||
2022-01-20 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/94362
|
||
* constraint-manager.cc (bound::ensure_closed): Convert param to
|
||
enum bound_kind.
|
||
(range::constrained_to_single_element): Likewise.
|
||
(range::add_bound): New.
|
||
(constraint_manager::add_constraint): Handle SVAL + OFFSET
|
||
compared to a constant.
|
||
(constraint_manager::get_ec_bounds): Rewrite in terms of
|
||
range::add_bound.
|
||
(constraint_manager::eval_condition): Reject if range::add_bound
|
||
fails.
|
||
(selftest::test_constant_comparisons): Add test coverage for
|
||
various impossible combinations of integer comparisons.
|
||
* constraint-manager.h (enum bound_kind): New.
|
||
(struct bound): Likewise.
|
||
(bound::ensure_closed): Convert to param to enum bound_kind.
|
||
(struct range): Convert to...
|
||
(class range): ...this, making fields private.
|
||
(range::add_bound): New decls.
|
||
* region-model.cc (region_model::add_constraint): Fail if
|
||
constraint_manager::add_constraint fails.
|
||
|
||
2022-01-18 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/104089
|
||
* region-model-manager.cc
|
||
(region_model_manager::get_or_create_constant_svalue): Assert that
|
||
we have a CONSTANT_CLASS_P.
|
||
(region_model_manager::maybe_fold_unaryop): Only fold a constant
|
||
when fold_unary's result is a constant or a cast of a constant.
|
||
|
||
2022-01-18 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/104062
|
||
* region-model-manager.cc
|
||
(region_model_manager::maybe_fold_sub_svalue): Avoid casting to
|
||
NULL type when folding access to repeated svalue.
|
||
|
||
2022-01-17 Martin Liska <mliska@suse.cz>
|
||
|
||
* analyzer.cc (is_special_named_call_p): Rename .c names to .cc.
|
||
(is_named_call_p): Likewise.
|
||
* region-model-asm.cc (deterministic_p): Likewise.
|
||
* region.cc (field_region::get_relative_concrete_offset): Likewise.
|
||
* sm-malloc.cc (method_p): Likewise.
|
||
* supergraph.cc (superedge::dump_dot): Likewise.
|
||
|
||
2022-01-14 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* sm-taint.cc (taint_state_machine::combine_states): Handle combination
|
||
of has_ub and has_lb.
|
||
|
||
2022-01-14 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/104029
|
||
* sm-taint.cc (taint_state_machine::alt_get_inherited_state):
|
||
Remove gcc_unreachable from default case for unary ops.
|
||
|
||
2022-01-14 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* engine.cc: Include "stringpool.h", "attribs.h", and
|
||
"tree-dfa.h".
|
||
(mark_params_as_tainted): New.
|
||
(class tainted_args_function_custom_event): New.
|
||
(class tainted_args_function_info): New.
|
||
(exploded_graph::add_function_entry): Handle functions with
|
||
"tainted_args" attribute.
|
||
(class tainted_args_field_custom_event): New.
|
||
(class tainted_args_callback_custom_event): New.
|
||
(class tainted_args_call_info): New.
|
||
(add_tainted_args_callback): New.
|
||
(add_any_callbacks): New.
|
||
(exploded_graph::build_initial_worklist): Likewise.
|
||
(exploded_graph::build_initial_worklist): Find callbacks that are
|
||
reachable from global initializers, calling add_any_callbacks on
|
||
them.
|
||
|
||
2022-01-12 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/103940
|
||
* engine.cc (impl_sm_context::impl_sm_context): Add
|
||
"unknown_side_effects" param and use it to initialize
|
||
new m_unknown_side_effects field.
|
||
(impl_sm_context::unknown_side_effects_p): New.
|
||
(impl_sm_context::m_unknown_side_effects): New.
|
||
(exploded_node::on_stmt): Pass unknown_side_effects to sm_ctxt
|
||
ctor.
|
||
* sm-taint.cc: Include "stringpool.h" and "attribs.h".
|
||
(tainted_size::tainted_size): Drop "dir" param.
|
||
(tainted_size::get_kind): Drop "FINAL".
|
||
(tainted_size::emit): Likewise.
|
||
(tainted_size::m_dir): Drop unused field.
|
||
(class tainted_access_attrib_size): New subclass.
|
||
(taint_state_machine::on_stmt): Call check_for_tainted_size_arg on
|
||
external functions with unknown side effects.
|
||
(taint_state_machine::check_for_tainted_size_arg): New.
|
||
(region_model::check_region_for_taint): Drop "dir" param from
|
||
tainted_size ctor.
|
||
* sm.h (sm_context::unknown_side_effects_p): New.
|
||
|
||
2022-01-11 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/102692
|
||
* diagnostic-manager.cc
|
||
(class auto_disable_complexity_checks): Rename to...
|
||
(class auto_checking_feasibility): ...this, updating
|
||
the calls accordingly.
|
||
(epath_finder::explore_feasible_paths): Update for renaming.
|
||
* region-model-manager.cc
|
||
(region_model_manager::region_model_manager): Update for change from
|
||
m_check_complexity to m_checking_feasibility.
|
||
(region_model_manager::reject_if_too_complex): Likewise.
|
||
(region_model_manager::get_or_create_unknown_svalue): Handle
|
||
m_checking_feasibility.
|
||
(region_model_manager::create_unique_svalue): New.
|
||
(region_model_manager::maybe_fold_binop): Handle BIT_AND_EXPR and
|
||
BIT_IOR_EXPRs on booleans where we know the result.
|
||
* region-model.cc (test_binop_svalue_folding): Add test coverage
|
||
for the above.
|
||
* region-model.h (region_model_manager::create_unique_svalue): New
|
||
decl.
|
||
(region_model_manager::enable_complexity_check): Replace with...
|
||
(region_model_manager::begin_checking_feasibility): ...this.
|
||
(region_model_manager::disable_complexity_check): Replace with...
|
||
(region_model_manager::end_checking_feasibility): ...this.
|
||
(region_model_manager::m_check_complexity): Replace with...
|
||
(region_model_manager::m_checking_feasibility): ...this.
|
||
(region_model_manager::m_managed_dynamic_svalues): New field.
|
||
|
||
2022-01-08 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* engine.cc (impl_run_checkers): Pass logger to engine ctor.
|
||
* region-model-manager.cc
|
||
(region_model_manager::region_model_manager): Add logger param and
|
||
use it to initialize m_logger.
|
||
* region-model.cc (engine::engine): New.
|
||
* region-model.h (region_model_manager::region_model_manager):
|
||
Add logger param.
|
||
(region_model_manager::get_logger): New.
|
||
(region_model_manager::m_logger): New field.
|
||
(engine::engine): New.
|
||
* store.cc (store_manager::get_logger): New.
|
||
(store::set_value): Log scope. Log when marking a cluster as
|
||
unknown due to possible aliasing.
|
||
* store.h (store_manager::get_logger): New decl.
|
||
|
||
2022-01-08 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* region-model-impl-calls.cc (cmp_decls): New.
|
||
(cmp_decls_ptr_ptr): New.
|
||
(region_model::impl_call_analyzer_dump_escaped): New.
|
||
* region-model.cc (region_model::on_stmt_pre): Handle
|
||
__analyzer_dump_escaped.
|
||
* region-model.h (region_model::impl_call_analyzer_dump_escaped):
|
||
New decl.
|
||
* store.h (binding_cluster::get_base_region): New accessor.
|
||
|
||
2022-01-08 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* region.cc (region::is_named_decl_p): New.
|
||
* region.h (region::is_named_decl_p): New decl.
|
||
|
||
2022-01-06 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/103546
|
||
* store.cc (store::eval_alias_1): Refactor handling of decl
|
||
regions, adding a test for may_be_aliased, rejecting those for
|
||
which it returns false.
|
||
|
||
2021-12-12 Jonathan Wakely <jwakely@redhat.com>
|
||
|
||
* engine.cc: Define INCLUDE_MEMORY instead of INCLUDE_UNIQUE_PTR.
|
||
|
||
2021-12-06 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/103533
|
||
* constraint-manager.cc (equiv_class::contains_non_constant_p):
|
||
New.
|
||
(constraint_manager::canonicalize): Call it when determining
|
||
redundant ECs.
|
||
(selftest::test_purging): New selftest.
|
||
(selftest::run_constraint_manager_tests): Likewise.
|
||
* constraint-manager.h (equiv_class::contains_non_constant_p):
|
||
New decl.
|
||
|
||
2021-12-01 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/102471
|
||
* region-model-reachability.cc (reachable_regions::handle_parm):
|
||
Treat all svalues within a compound parm has reachable, and those
|
||
wrapped in a cast.
|
||
|
||
2021-11-29 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/103217
|
||
* store.cc (binding_cluster::can_merge_p): For the "key is bound"
|
||
vs "key is not bound" merger case, check that the bound svalue
|
||
is mergeable before merging it to "unknown", rejecting the merger
|
||
otherwise.
|
||
|
||
2021-11-19 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/103217
|
||
* engine.cc (exploded_graph::get_or_create_node): Pass in
|
||
m_ext_state to program_state::can_merge_with_p.
|
||
(exploded_graph::process_worklist): Likewise.
|
||
(exploded_graph::maybe_process_run_of_before_supernode_enodes):
|
||
Likewise.
|
||
(exploded_graph::process_node): Add missing call to detect_leaks
|
||
when handling phi nodes.
|
||
* program-state.cc (program_state::can_merge_with_p): Add
|
||
"ext_state" param. Pass it and state ptrs to
|
||
region_model::can_merge_with_p.
|
||
(selftest::test_program_state_merging): Update for new ext_state
|
||
param of program_state::can_merge_with_p.
|
||
(selftest::test_program_state_merging_2): Likewise.
|
||
* program-state.h (program_state::can_purge_p): Make const.
|
||
(program_state::can_merge_with_p): Add "ext_state" param.
|
||
* region-model.cc: Include "analyzer/program-state.h".
|
||
(region_model::can_merge_with_p): Add params "ext_state",
|
||
"state_a", and "state_b", use them when creating model_merger
|
||
object.
|
||
(model_merger::mergeable_svalue_p): New.
|
||
* region-model.h (region_model::can_merge_with_p): Add params
|
||
"ext_state", "state_a", and "state_b".
|
||
(model_merger::model_merger) Likewise, initializing new fields.
|
||
(model_merger::mergeable_svalue_p): New decl.
|
||
(model_merger::m_ext_state): New field.
|
||
(model_merger::m_state_a): New field.
|
||
(model_merger::m_state_b): New field.
|
||
* svalue.cc (svalue::can_merge_p): Call
|
||
model_merger::mergeable_svalue_p on both states and reject the
|
||
merger accordingly.
|
||
|
||
2021-11-17 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/102695
|
||
* region-model-impl-calls.cc (region_model::impl_call_strchr): New.
|
||
* region-model-manager.cc
|
||
(region_model_manager::maybe_fold_unaryop): Simplify cast to
|
||
pointer type of an existing pointer to a region.
|
||
* region-model.cc (region_model::on_call_pre): Handle
|
||
BUILT_IN_STRCHR and "strchr".
|
||
(write_to_const_diagnostic::emit): Add auto_diagnostic_group. Add
|
||
alternate wordings for functions and labels.
|
||
(write_to_const_diagnostic::describe_final_event): Add alternate
|
||
wordings for functions and labels.
|
||
(region_model::check_for_writable_region): Handle RK_FUNCTION and
|
||
RK_LABEL.
|
||
* region-model.h (region_model::impl_call_strchr): New decl.
|
||
|
||
2021-11-16 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/102662
|
||
* constraint-manager.cc (bounded_range::operator==): Require the
|
||
types to be the same for equality.
|
||
|
||
2021-11-13 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* analyzer.opt (Wanalyzer-tainted-allocation-size): New.
|
||
(Wanalyzer-tainted-divisor): New.
|
||
(Wanalyzer-tainted-offset): New.
|
||
(Wanalyzer-tainted-size): New.
|
||
* engine.cc (impl_region_model_context::get_taint_map): New.
|
||
* exploded-graph.h (impl_region_model_context::get_taint_map):
|
||
New decl.
|
||
* program-state.cc (sm_state_map::get_state): Call
|
||
alt_get_inherited_state.
|
||
(sm_state_map::impl_set_state): Modify states within
|
||
compound svalues.
|
||
(program_state::impl_call_analyzer_dump_state): Undo casts.
|
||
(selftest::test_program_state_1): Update for new context param of
|
||
create_region_for_heap_alloc.
|
||
(selftest::test_program_state_merging): Likewise.
|
||
* region-model-impl-calls.cc (region_model::impl_call_alloca):
|
||
Likewise.
|
||
(region_model::impl_call_calloc): Likewise.
|
||
(region_model::impl_call_malloc): Likewise.
|
||
(region_model::impl_call_operator_new): Likewise.
|
||
(region_model::impl_call_realloc): Likewise.
|
||
* region-model.cc (region_model::check_region_access): Call
|
||
check_region_for_taint.
|
||
(region_model::get_representative_path_var_1): Handle binops.
|
||
(region_model::create_region_for_heap_alloc): Add "ctxt" param and
|
||
pass it to set_dynamic_extents.
|
||
(region_model::create_region_for_alloca): Likewise.
|
||
(region_model::set_dynamic_extents): Add "ctxt" param and use it
|
||
to call check_dynamic_size_for_taint.
|
||
(selftest::test_state_merging): Update for new context param of
|
||
create_region_for_heap_alloc.
|
||
(selftest::test_malloc_constraints): Likewise.
|
||
(selftest::test_malloc): Likewise.
|
||
(selftest::test_alloca): Likewise for create_region_for_alloca.
|
||
* region-model.h (region_model::create_region_for_heap_alloc): Add
|
||
"ctxt" param.
|
||
(region_model::create_region_for_alloca): Likewise.
|
||
(region_model::set_dynamic_extents): Likewise.
|
||
(region_model::check_dynamic_size_for_taint): New decl.
|
||
(region_model::check_region_for_taint): New decl.
|
||
(region_model_context::get_taint_map): New vfunc.
|
||
(noop_region_model_context::get_taint_map): New.
|
||
* sm-taint.cc: Remove include of "diagnostic-event-id.h"; add
|
||
includes of "gimple-iterator.h", "tristate.h", "selftest.h",
|
||
"ordered-hash-map.h", "cgraph.h", "cfg.h", "digraph.h",
|
||
"analyzer/supergraph.h", "analyzer/call-string.h",
|
||
"analyzer/program-point.h", "analyzer/store.h",
|
||
"analyzer/region-model.h", and "analyzer/program-state.h".
|
||
(enum bounds): Move to top of file.
|
||
(class taint_diagnostic): New.
|
||
(class tainted_array_index): Convert to subclass of taint_diagnostic.
|
||
(tainted_array_index::emit): Add CWE-129. Reword warning to use
|
||
"attacker-controlled" rather than "tainted".
|
||
(tainted_array_index::describe_state_change): Move to
|
||
taint_diagnostic::describe_state_change.
|
||
(tainted_array_index::describe_final_event): Reword to use
|
||
"attacker-controlled" rather than "tainted".
|
||
(class tainted_offset): New.
|
||
(class tainted_size): New.
|
||
(class tainted_divisor): New.
|
||
(class tainted_allocation_size): New.
|
||
(taint_state_machine::alt_get_inherited_state): New.
|
||
(taint_state_machine::on_stmt): In assignment handling, remove
|
||
ARRAY_REF handling in favor of check_region_for_taint. Add
|
||
detection of tainted divisors.
|
||
(taint_state_machine::get_taint): New.
|
||
(taint_state_machine::combine_states): New.
|
||
(region_model::check_region_for_taint): New.
|
||
(region_model::check_dynamic_size_for_taint): New.
|
||
* sm.h (state_machine::alt_get_inherited_state): New.
|
||
|
||
2021-11-12 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* engine.cc (exploded_node::on_stmt_pre): Return when handling
|
||
"__analyzer_dump_state".
|
||
|
||
2021-11-11 Richard Biener <rguenther@suse.de>
|
||
|
||
* supergraph.cc: Include bitmap.h.
|
||
|
||
2021-11-04 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* program-state.cc (sm_state_map::dump): Use default_tree_printer
|
||
as format decoder.
|
||
|
||
2021-09-16 Maxim Blinov <maxim.blinov@embecosm.com>
|
||
|
||
PR bootstrap/102242
|
||
* engine.cc (INCLUDE_UNIQUE_PTR): Define.
|
||
|
||
2021-09-08 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/102225
|
||
* analyzer.h (compat_types_p): New decl.
|
||
* constraint-manager.cc
|
||
(constraint_manager::get_or_add_equiv_class): Guard against NULL
|
||
type when checking for pointer types.
|
||
* region-model-impl-calls.cc (region_model::impl_call_realloc):
|
||
Guard against NULL lhs type/region. Guard against the size value
|
||
not being of a compatible type for dynamic extents.
|
||
* region-model.cc (compat_types_p): Make non-static.
|
||
|
||
2021-08-30 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/99260
|
||
* analyzer.h (class custom_edge_info): New class, adapted from
|
||
exploded_edge::custom_info_t. Make member functions const.
|
||
Make update_model return bool, converting edge param from
|
||
reference to a pointer, and adding a ctxt param.
|
||
(class path_context): New class.
|
||
* call-info.cc: New file.
|
||
* call-info.h: New file.
|
||
* engine.cc: Include "analyzer/call-info.h" and <memory>.
|
||
(impl_region_model_context::impl_region_model_context): Update for
|
||
new m_path_ctxt field.
|
||
(impl_region_model_context::bifurcate): New.
|
||
(impl_region_model_context::terminate_path): New.
|
||
(impl_region_model_context::get_malloc_map): New.
|
||
(impl_sm_context::impl_sm_context): Update for new m_path_ctxt
|
||
field.
|
||
(impl_sm_context::get_fndecl_for_call): Likewise.
|
||
(impl_sm_context::set_next_state): Likewise.
|
||
(impl_sm_context::warn): Likewise.
|
||
(impl_sm_context::is_zero_assignment): Likewise.
|
||
(impl_sm_context::get_path_context): New.
|
||
(impl_sm_context::m_path_ctxt): New.
|
||
(impl_region_model_context::on_condition): Update for new
|
||
path_ctxt param. Handle m_enode_for_diag being NULL.
|
||
(impl_region_model_context::on_phi): Update for new path_ctxt
|
||
param.
|
||
(exploded_node::on_stmt): Add path_ctxt param, updating ctor calls
|
||
to use it as necessary. Use it to bail out after sm-handling,
|
||
if needed.
|
||
(exploded_node::detect_leaks): Update for new path_ctxt param.
|
||
(dynamic_call_info_t::update_model): Update for conversion of
|
||
exploded_edge::custom_info_t to custom_edge_info.
|
||
(dynamic_call_info_t::add_events_to_path): Likewise.
|
||
(rewind_info_t::update_model): Likewise.
|
||
(rewind_info_t::add_events_to_path): Likewise.
|
||
(exploded_edge::exploded_edge): Likewise.
|
||
(exploded_graph::add_edge): Likewise.
|
||
(exploded_graph::maybe_process_run_of_before_supernode_enodes):
|
||
Update for new path_ctxt param.
|
||
(class impl_path_context): New.
|
||
(exploded_graph::process_node): Update for new path_ctxt param.
|
||
Create an impl_path_context and pass it to exploded_node::on_stmt.
|
||
Use it to terminate iterating stmts if terminate_path is called
|
||
on it. After processing a run of stmts, query path_ctxt to
|
||
potentially terminate the analysis path, and/or to "bifurcate" the
|
||
analysis into multiple additional paths.
|
||
(feasibility_state::maybe_update_for_edge): Update for new
|
||
update_model ctxt param.
|
||
* exploded-graph.h
|
||
(impl_region_model_context::impl_region_model_context): Add
|
||
path_ctxt param.
|
||
(impl_region_model_context::bifurcate): New.
|
||
(impl_region_model_context::terminate_path): New
|
||
(impl_region_model_context::get_ext_state): New.
|
||
(impl_region_model_context::get_malloc_map): New.
|
||
(impl_region_model_context::m_path_ctxt): New field.
|
||
(exploded_node::on_stmt): Add path_ctxt param.
|
||
(class exploded_edge::custom_info_t): Move to analyzer.h, renaming
|
||
to custom_edge_info, and making the changes as noted in analyzer.h
|
||
above.
|
||
(exploded_edge::exploded_edge): Update for these changes to
|
||
exploded_edge::custom_info_t.
|
||
(exploded_edge::m_custom_info): Likewise.
|
||
(class dynamic_call_info_t): Likewise.
|
||
(class rewind_info_t): Likewise.
|
||
(exploded_graph::add_edge): Likewise.
|
||
* program-state.cc (program_state::on_edge): Update for new
|
||
path_ctxt param.
|
||
(program_state::push_call): Likewise.
|
||
(program_state::returning_call): Likewise.
|
||
(program_state::prune_for_point): Likewise.
|
||
* region-model-impl-calls.cc: Include "analyzer/call-info.h".
|
||
(call_details::get_fndecl_for_call): New.
|
||
(region_model::impl_call_realloc): Reimplement.
|
||
* region-model.cc (region_model::on_call_pre): Move call to
|
||
impl_call_realloc to...
|
||
(region_model::on_call_post): ...here. Consolidate creation
|
||
of call_details instance.
|
||
(noop_region_model_context::bifurcate): New.
|
||
(noop_region_model_context::terminate_path): New.
|
||
* region-model.h (call_details::get_call_stmt): New.
|
||
(call_details::get_fndecl_for_call): New.
|
||
(region_model::on_realloc_with_move): New.
|
||
(region_model_context::bifurcate): New.
|
||
(region_model_context::terminate_path): New.
|
||
(region_model_context::get_ext_state): New.
|
||
(region_model_context::get_malloc_map): New.
|
||
(noop_region_model_context::bifurcate): New.
|
||
(noop_region_model_context::terminate_path): New.
|
||
(noop_region_model_context::get_ext_state): New.
|
||
(noop_region_model_context::get_malloc_map): New.
|
||
* sm-malloc.cc: Include "analyzer/program-state.h".
|
||
(malloc_state_machine::on_realloc_call): Reimplement.
|
||
(malloc_state_machine::on_realloc_with_move): New.
|
||
(region_model::on_realloc_with_move): New.
|
||
* sm-signal.cc (class signal_delivery_edge_info_t): Update for
|
||
conversion from exploded_edge::custom_info_t to custom_edge_info.
|
||
* sm.h (sm_context::get_path_context): New.
|
||
* svalue.cc (svalue::maybe_get_constant): Call
|
||
unwrap_any_unmergeable.
|
||
|
||
2021-08-25 Ankur Saini <arsenic@sourceware.org>
|
||
|
||
PR analyzer/101980
|
||
* engine.cc (exploded_graph::maybe_create_dynamic_call): Don't create
|
||
calls if max recursion limit is reached.
|
||
|
||
2021-08-23 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* analyzer.h (struct rejected_constraint): Convert to...
|
||
(class rejected_constraint): ...this.
|
||
(class bounded_ranges): New forward decl.
|
||
(class bounded_ranges_manager): New forward decl.
|
||
* constraint-manager.cc: Include "analyzer/analyzer-logging.h" and
|
||
"tree-pretty-print.h".
|
||
(can_plus_one_p): New.
|
||
(plus_one): New.
|
||
(can_minus_one_p): New.
|
||
(minus_one): New.
|
||
(bounded_range::bounded_range): New.
|
||
(dump_cst): New.
|
||
(bounded_range::dump_to_pp): New.
|
||
(bounded_range::dump): New.
|
||
(bounded_range::to_json): New.
|
||
(bounded_range::set_json_attr): New.
|
||
(bounded_range::contains_p): New.
|
||
(bounded_range::intersects_p): New.
|
||
(bounded_range::operator==): New.
|
||
(bounded_range::cmp): New.
|
||
(bounded_ranges::bounded_ranges): New.
|
||
(bounded_ranges::bounded_ranges): New.
|
||
(bounded_ranges::bounded_ranges): New.
|
||
(bounded_ranges::canonicalize): New.
|
||
(bounded_ranges::validate): New.
|
||
(bounded_ranges::operator==): New.
|
||
(bounded_ranges::dump_to_pp): New.
|
||
(bounded_ranges::dump): New.
|
||
(bounded_ranges::to_json): New.
|
||
(bounded_ranges::eval_condition): New.
|
||
(bounded_ranges::contain_p): New.
|
||
(bounded_ranges::cmp): New.
|
||
(bounded_ranges_manager::~bounded_ranges_manager): New.
|
||
(bounded_ranges_manager::get_or_create_empty): New.
|
||
(bounded_ranges_manager::get_or_create_point): New.
|
||
(bounded_ranges_manager::get_or_create_range): New.
|
||
(bounded_ranges_manager::get_or_create_union): New.
|
||
(bounded_ranges_manager::get_or_create_intersection): New.
|
||
(bounded_ranges_manager::get_or_create_inverse): New.
|
||
(bounded_ranges_manager::consolidate): New.
|
||
(bounded_ranges_manager::get_or_create_ranges_for_switch): New.
|
||
(bounded_ranges_manager::create_ranges_for_switch): New.
|
||
(bounded_ranges_manager::make_case_label_ranges): New.
|
||
(bounded_ranges_manager::log_stats): New.
|
||
(bounded_ranges_constraint::print): New.
|
||
(bounded_ranges_constraint::to_json): New.
|
||
(bounded_ranges_constraint::operator==): New.
|
||
(bounded_ranges_constraint::add_to_hash): New.
|
||
(constraint_manager::constraint_manager): Update for new field
|
||
m_bounded_ranges_constraints.
|
||
(constraint_manager::operator=): Likewise.
|
||
(constraint_manager::hash): Likewise.
|
||
(constraint_manager::operator==): Likewise.
|
||
(constraint_manager::print): Likewise.
|
||
(constraint_manager::dump_to_pp): Likewise.
|
||
(constraint_manager::to_json): Likewise.
|
||
(constraint_manager::add_unknown_constraint): Update the lhs_ec_id
|
||
if necessary in existing constraints when combining equivalence
|
||
classes. Add similar code for handling
|
||
m_bounded_ranges_constraints.
|
||
(constraint_manager::add_constraint_internal): Add comment.
|
||
(constraint_manager::add_bounded_ranges): New.
|
||
(constraint_manager::eval_condition): Use new field
|
||
m_bounded_ranges_constraints.
|
||
(constraint_manager::purge): Update bounded_ranges_constraint
|
||
instances.
|
||
(constraint_manager::canonicalize): Update for new field.
|
||
(merger_fact_visitor::on_ranges): New.
|
||
(constraint_manager::for_each_fact): Use new field
|
||
m_bounded_ranges_constraints.
|
||
(constraint_manager::validate): Fix off-by-one error needed due
|
||
to bug fixed above in add_unknown_constraint. Validate the EC IDs
|
||
in m_bounded_ranges_constraints.
|
||
(constraint_manager::get_range_manager): New.
|
||
(selftest::assert_dump_bounded_range_eq): New.
|
||
(ASSERT_DUMP_BOUNDED_RANGE_EQ): New.
|
||
(selftest::test_bounded_range): New.
|
||
(selftest::assert_dump_bounded_ranges_eq): New.
|
||
(ASSERT_DUMP_BOUNDED_RANGES_EQ): New.
|
||
(selftest::test_bounded_ranges): New.
|
||
(selftest::run_constraint_manager_tests): Call the new selftests.
|
||
* constraint-manager.h (struct bounded_range): New.
|
||
(struct bounded_ranges): New.
|
||
(template <> struct default_hash_traits<bounded_ranges::key_t>): New.
|
||
(class bounded_ranges_manager): New.
|
||
(fact_visitor::on_ranges): New pure virtual function.
|
||
(class bounded_ranges_constraint): New.
|
||
(constraint_manager::add_bounded_ranges): New decl.
|
||
(constraint_manager::get_range_manager): New decl.
|
||
(constraint_manager::m_bounded_ranges_constraints): New field.
|
||
* diagnostic-manager.cc (epath_finder::process_worklist_item):
|
||
Transfer ownership of rc to add_feasibility_problem.
|
||
* engine.cc (feasibility_problem::dump_to_pp): Use get_model.
|
||
* feasible-graph.cc (infeasible_node::dump_dot): Update for
|
||
conversion of m_rc to a pointer.
|
||
(feasible_graph::add_feasibility_problem): Pass RC by pointer and
|
||
take ownership.
|
||
* feasible-graph.h (infeasible_node::infeasible_node): Pass RC by
|
||
pointer and take ownership.
|
||
(infeasible_node::~infeasible_node): New.
|
||
(infeasible_node::m_rc): Convert to a pointer.
|
||
(feasible_graph::add_feasibility_problem): Pass RC by pointer and
|
||
take ownership.
|
||
* region-model-manager.cc: Include
|
||
"analyzer/constraint-manager.h".
|
||
(region_model_manager::region_model_manager): Initializer new
|
||
field m_range_mgr.
|
||
(region_model_manager::~region_model_manager): Delete it.
|
||
(region_model_manager::log_stats): Call log_stats on it.
|
||
* region-model.cc (region_model::add_constraint): Use new subclass
|
||
rejected_op_constraint.
|
||
(region_model::apply_constraints_for_gswitch): Reimplement using
|
||
bounded_ranges_manager.
|
||
(rejected_constraint::dump_to_pp): Convert to...
|
||
(rejected_op_constraint::dump_to_pp): ...this.
|
||
(rejected_ranges_constraint::dump_to_pp): New.
|
||
* region-model.h (struct purge_stats): Add field
|
||
m_num_bounded_ranges_constraints.
|
||
(region_model_manager::get_range_manager): New.
|
||
(region_model_manager::m_range_mgr): New.
|
||
(region_model::get_range_manager): New.
|
||
(struct rejected_constraint): Split into...
|
||
(class rejected_constraint):...this new abstract base class,
|
||
and...
|
||
(class rejected_op_constraint): ...this new concrete subclass.
|
||
(class rejected_ranges_constraint): New.
|
||
* supergraph.cc: Include "tree-cfg.h".
|
||
(supergraph::supergraph): Drop idx param from add_cfg_edge.
|
||
(supergraph::add_cfg_edge): Drop idx param.
|
||
(switch_cfg_superedge::switch_cfg_superedge): Move here from
|
||
header. Populate m_case_labels with all cases which go to DST.
|
||
(switch_cfg_superedge::dump_label_to_pp): Reimplement to use
|
||
m_case_labels.
|
||
(switch_cfg_superedge::get_case_label): Delete.
|
||
* supergraph.h (supergraphadd_cfg_edge): Drop "idx" param.
|
||
(switch_cfg_superedge::switch_cfg_superedge): Drop idx param and
|
||
move implementation to supergraph.cc.
|
||
(switch_cfg_superedge::get_case_label): Delete.
|
||
(switch_cfg_superedge::get_case_labels): New.
|
||
(switch_cfg_superedge::m_idx): Delete.
|
||
(switch_cfg_superedge::m_case_labels): New field.
|
||
|
||
2021-08-23 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/101875
|
||
* sm-file.cc (file_diagnostic::describe_state_change): Handle
|
||
change.m_expr being NULL.
|
||
|
||
2021-08-23 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/101837
|
||
* analyzer.cc (maybe_reconstruct_from_def_stmt): Bail if fn is
|
||
NULL, and assert that it's non-NULL before passing it to
|
||
build_call_array_loc.
|
||
|
||
2021-08-23 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/101962
|
||
* region-model.cc (region_model::eval_condition_without_cm):
|
||
Refactor comparison against zero, adding a check for
|
||
POINTER_PLUS_EXPR of non-NULL.
|
||
|
||
2021-08-23 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* store.cc (bit_range::intersects_p): New overload.
|
||
(bit_range::operator-): New.
|
||
(binding_cluster::maybe_get_compound_binding): Handle the partial
|
||
overlap case.
|
||
(selftest::test_bit_range_intersects_p): Add test coverage for
|
||
new overload of bit_range::intersects_p.
|
||
* store.h (bit_range::intersects_p): New overload.
|
||
(bit_range::operator-): New.
|
||
|
||
2021-08-23 Ankur Saini <arsenic@sourceware.org>
|
||
|
||
PR analyzer/102020
|
||
* diagnostic-manager.cc
|
||
(diagnostic_manager::prune_for_sm_diagnostic)<case EK_CALL_EDGE>: Fix typo.
|
||
|
||
2021-08-21 Ankur Saini <arsenic@sourceware.org>
|
||
|
||
PR analyzer/101980
|
||
* diagnostic-manager.cc
|
||
(diagnostic_manager::prune_for_sm_diagnostic)<case EK_CALL_EDGE>: Use
|
||
caller_model only when the supergraph_edge doesn't exixt.
|
||
(diagnostic_manager::prune_for_sm_diagnostic)<case EK_RETURN_EDGE>:
|
||
Likewise.
|
||
* engine.cc (exploded_graph::create_dynamic_call): Rename to...
|
||
(exploded_graph::maybe_create_dynamic_call): ...this, return call
|
||
creation status.
|
||
(exploded_graph::process_node): Handle calls which were not dynamically
|
||
discovered.
|
||
* exploded-graph.h (exploded_graph::create_dynamic_call): Rename to...
|
||
(exploded_graph::maybe_create_dynamic_call): ...this.
|
||
* region-model.cc (region_model::update_for_gcall): New param, use it
|
||
to push call to frame.
|
||
(region_model::update_for_call_superedge): Pass callee function to
|
||
update_for_gcall.
|
||
* region-model.h (region_model::update_for_gcall): New param.
|
||
|
||
2021-08-18 Ankur Saini <arsenic@sourceware.org>
|
||
|
||
PR analyzer/97114
|
||
* region-model.cc (region_model::get_rvalue_1): Add case for
|
||
OBJ_TYPE_REF.
|
||
|
||
2021-08-18 Ankur Saini <arsenic@sourceware.org>
|
||
|
||
PR analyzer/100546
|
||
* analysis-plan.cc (analysis_plan::use_summary_p): Don't use call
|
||
summaries if there is no callgraph edge
|
||
* checker-path.cc (call_event::call_event): Handle calls events that
|
||
are not represented by a supergraph call edge
|
||
(return_event::return_event): Likewise.
|
||
(call_event::get_desc): Work with new call_event structure.
|
||
(return_event::get_desc): Likeise.
|
||
* checker-path.h (call_event::m_src_snode): New field.
|
||
(call_event::m_dest_snode): New field.
|
||
(return_event::m_src_snode): New field.
|
||
(return_event::m_dest_snode): New field.
|
||
* diagnostic-manager.cc
|
||
(diagnostic_manager::prune_for_sm_diagnostic)<case EK_CALL_EDGE>:
|
||
Refactor to work with edges without callgraph edge.
|
||
(diagnostic_manager::prune_for_sm_diagnostic)<case EK_RETURN_EDGE>:
|
||
Likewise.
|
||
* engine.cc (dynamic_call_info_t::update_model): New function.
|
||
(dynamic_call_info_t::add_events_to_path): New function.
|
||
(exploded_graph::create_dynamic_call): New function.
|
||
(exploded_graph::process_node): Work with dynamically discovered calls.
|
||
* exploded-graph.h (class dynamic_call_info_t): New class.
|
||
(exploded_graph::create_dynamic_call): New decl.
|
||
* program-point.cc (program_point::push_to_call_stack): New function.
|
||
(program_point::pop_from_call_stack): New function.
|
||
* program-point.h (program_point::push_to_call_stack): New decl.
|
||
(program_point::pop_from_call_stack): New decl.
|
||
* program-state.cc (program_state::push_call): New function.
|
||
(program_state::returning_call): New function.
|
||
* program-state.h (program_state::push_call): New decl.
|
||
(program_state::returning_call): New decl.
|
||
* region-model.cc (region_model::update_for_gcall) New function.
|
||
(region_model::update_for_return_gcall): New function.
|
||
(egion_model::update_for_call_superedge): Get the underlying gcall and
|
||
update for gcall.
|
||
(region_model::update_for_return_superedge): Likewise.
|
||
* region-model.h (region_model::update_for_gcall): New decl.
|
||
(region_model::update_for_return_gcall): New decl.
|
||
* state-purge.cc (state_purge_per_ssa_name::process_point): Update to
|
||
work with calls without underlying cgraph edge.
|
||
* supergraph.cc (supergraph::supergraph) Split snodes at every callsite.
|
||
* supergraph.h (supernode::get_returning_call) New accessor.
|
||
|
||
2021-08-04 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/101570
|
||
* analyzer.cc (maybe_reconstruct_from_def_stmt): Add GIMPLE_ASM
|
||
case.
|
||
* analyzer.h (class asm_output_svalue): New forward decl.
|
||
(class reachable_regions): New forward decl.
|
||
* complexity.cc (complexity::from_vec_svalue): New.
|
||
* complexity.h (complexity::from_vec_svalue): New decl.
|
||
* engine.cc (feasibility_state::maybe_update_for_edge): Handle
|
||
asm stmts by calling on_asm_stmt.
|
||
* region-model-asm.cc: New file.
|
||
* region-model-manager.cc
|
||
(region_model_manager::maybe_fold_asm_output_svalue): New.
|
||
(region_model_manager::get_or_create_asm_output_svalue): New.
|
||
(region_model_manager::log_stats): Log m_asm_output_values_map.
|
||
* region-model.cc (region_model::on_stmt_pre): Handle GIMPLE_ASM.
|
||
* region-model.h (visitor::visit_asm_output_svalue): New.
|
||
(region_model_manager::get_or_create_asm_output_svalue): New decl.
|
||
(region_model_manager::maybe_fold_asm_output_svalue): New decl.
|
||
(region_model_manager::asm_output_values_map_t): New typedef.
|
||
(region_model_manager::m_asm_output_values_map): New field.
|
||
(region_model::on_asm_stmt): New.
|
||
* store.cc (binding_cluster::on_asm): New.
|
||
* store.h (binding_cluster::on_asm): New decl.
|
||
* svalue.cc (svalue::cmp_ptr): Handle SK_ASM_OUTPUT.
|
||
(asm_output_svalue::dump_to_pp): New.
|
||
(asm_output_svalue::dump_input): New.
|
||
(asm_output_svalue::input_idx_to_asm_idx): New.
|
||
(asm_output_svalue::accept): New.
|
||
* svalue.h (enum svalue_kind): Add SK_ASM_OUTPUT.
|
||
(svalue::dyn_cast_asm_output_svalue): New.
|
||
(class asm_output_svalue): New.
|
||
(is_a_helper <const asm_output_svalue *>::test): New.
|
||
(struct default_hash_traits<asm_output_svalue::key_t>): New.
|
||
|
||
2021-08-03 Jakub Jelinek <jakub@redhat.com>
|
||
|
||
PR analyzer/101721
|
||
* sm-malloc.cc (known_allocator_p): Only check DECL_FUNCTION_CODE on
|
||
BUILT_IN_NORMAL builtins.
|
||
|
||
2021-07-29 Ankur Saini <arsenic@sourceware.org>
|
||
|
||
* call-string.cc (call_string::element_t::operator==): New operator.
|
||
(call_String::element_t::operator!=): New operator.
|
||
(call_string::element_t::get_caller_function): New function.
|
||
(call_string::element_t::get_callee_function): New function.
|
||
(call_string::call_string): Refactor to Initialise m_elements.
|
||
(call_string::operator=): Refactor to work with m_elements.
|
||
(call_string::operator==): Likewise.
|
||
(call_string::to_json): Likewise.
|
||
(call_string::hash): Refactor to hash e.m_caller.
|
||
(call_string::push_call): Refactor to work with m_elements.
|
||
(call_string::push_call): New overload to push call via supernodes.
|
||
(call_string::pop): Refactor to work with m_elements.
|
||
(call_string::calc_recursion_depth): Likewise.
|
||
(call_string::cmp): Likewise.
|
||
(call_string::validate): Likewise.
|
||
(call_string::operator[]): Likewise.
|
||
* call-string.h (class supernode): New forward decl.
|
||
(struct call_string::element_t): New struct.
|
||
(call_string::call_string): Refactor to initialise m_elements.
|
||
(call_string::bool empty_p): Refactor to work with m_elements.
|
||
(call_string::get_callee_node): New decl.
|
||
(call_string::get_caller_node): New decl.
|
||
(m_elements): Replaces m_return_edges.
|
||
* program-point.cc (program_point::get_function_at_depth): Refactor to
|
||
work with new call-string format.
|
||
(program_point::validate): Likewise.
|
||
(program_point::on_edge): Likewise.
|
||
|
||
2021-07-28 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* region-model.cc (region_model::on_call_pre): Treat
|
||
IFN_UBSAN_BOUNDS, BUILT_IN_STACK_SAVE, and BUILT_IN_STACK_RESTORE
|
||
as no-ops, rather than handling them as unknown functions.
|
||
|
||
2021-07-28 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* region-model-impl-calls.cc (region_model::impl_call_alloca):
|
||
Drop redundant return value.
|
||
(region_model::impl_call_builtin_expect): Likewise.
|
||
(region_model::impl_call_calloc): Likewise.
|
||
(region_model::impl_call_malloc): Likewise.
|
||
(region_model::impl_call_memset): Likewise.
|
||
(region_model::impl_call_operator_new): Likewise.
|
||
(region_model::impl_call_operator_delete): Likewise.
|
||
(region_model::impl_call_strlen): Likewise.
|
||
* region-model.cc (region_model::on_call_pre): Fix return value of
|
||
known functions that don't have unknown side-effects.
|
||
* region-model.h (region_model::impl_call_alloca): Drop redundant
|
||
return value.
|
||
(region_model::impl_call_builtin_expect): Likewise.
|
||
(region_model::impl_call_calloc): Likewise.
|
||
(region_model::impl_call_malloc): Likewise.
|
||
(region_model::impl_call_memset): Likewise.
|
||
(region_model::impl_call_strlen): Likewise.
|
||
(region_model::impl_call_operator_new): Likewise.
|
||
(region_model::impl_call_operator_delete): Likewise.
|
||
|
||
2021-07-28 Siddhesh Poyarekar <siddhesh@gotplt.org>
|
||
|
||
* analyzer.cc (is_named_call_p, is_std_named_call_p): Make
|
||
first argument a const_tree.
|
||
* analyzer.h (is_named_call_p, -s_std_named_call_p): Likewise.
|
||
* sm-malloc.cc (known_allocator_p): New function.
|
||
(malloc_state_machine::on_stmt): Use it.
|
||
|
||
2021-07-28 Siddhesh Poyarekar <siddhesh@gotplt.org>
|
||
|
||
* sm-malloc.cc
|
||
(malloc_state_machine::get_or_create_deallocator): Recognize
|
||
__builtin_free.
|
||
|
||
2021-07-26 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* region-model.cc (region_model::on_call_pre): Always set conjured
|
||
LHS, not just for SSA names.
|
||
|
||
2021-07-23 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* diagnostic-manager.cc
|
||
(class auto_disable_complexity_checks): New.
|
||
(epath_finder::explore_feasible_paths): Use it to disable
|
||
complexity checks whilst processing the worklist.
|
||
* region-model-manager.cc
|
||
(region_model_manager::region_model_manager): Initialize
|
||
m_check_complexity.
|
||
(region_model_manager::reject_if_too_complex): Bail if
|
||
m_check_complexity is false.
|
||
* region-model.h
|
||
(region_model_manager::enable_complexity_check): New.
|
||
(region_model_manager::disable_complexity_check): New.
|
||
(region_model_manager::m_check_complexity): New.
|
||
|
||
2021-07-21 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/101547
|
||
* sm-file.cc (file_leak::emit): Handle m_arg being NULL.
|
||
(file_leak::describe_final_event): Handle ev.m_expr being NULL.
|
||
|
||
2021-07-21 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/101522
|
||
* store.cc (binding_cluster::purge_state_involving): Don't change
|
||
m_map whilst iterating through it.
|
||
|
||
2021-07-21 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* region-model.cc (region_model::handle_phi): Add "old_state"
|
||
param and use it.
|
||
(region_model::update_for_phis): Update so that all of the phi
|
||
stmts are effectively handled simultaneously, rather than in
|
||
order.
|
||
* region-model.h (region_model::handle_phi): Add "old_state"
|
||
param.
|
||
* state-purge.cc (self_referential_phi_p): Replace with...
|
||
(name_used_by_phis_p): ...this new function.
|
||
(state_purge_per_ssa_name::process_point): Update to use the
|
||
above, so that all phi stmts at a basic block are effectively
|
||
considered simultaneously, and only consider the phi arguments for
|
||
the pertinent in-edge.
|
||
* supergraph.cc (cfg_superedge::get_phi_arg_idx): New.
|
||
(cfg_superedge::get_phi_arg): Use the above.
|
||
* supergraph.h (cfg_superedge::get_phi_arg_idx): New decl.
|
||
|
||
2021-07-21 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* state-purge.cc (state_purge_annotator::add_node_annotations):
|
||
Rather than erroneously always using the NULL in-edge, determine
|
||
each relevant in-edge, and print the appropriate data for each
|
||
in-edge. Use print_needed to print the data as comma-separated
|
||
lists of SSA names.
|
||
(print_vec_of_names): Add "within_table" param and use it.
|
||
(state_purge_annotator::add_stmt_annotations): Factor out
|
||
collation and printing code into...
|
||
(state_purge_annotator::print_needed): ...this new function.
|
||
* state-purge.h (state_purge_annotator::print_needed): New decl.
|
||
|
||
2021-07-21 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* program-point.cc (function_point::print): Show src BB index at
|
||
BEFORE_SUPERNODE.
|
||
|
||
2021-07-21 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* svalue.cc (infix_p): New.
|
||
(binop_svalue::dump_to_pp): Use it to print MIN_EXPR and MAX_EXPR
|
||
in prefix form, rather than infix.
|
||
|
||
2021-07-19 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/101503
|
||
* constraint-manager.cc (constraint_manager::add_constraint): Use
|
||
can_have_associated_state_p rather than testing for unknown.
|
||
(constraint_manager::get_or_add_equiv_class): Likewise.
|
||
* program-state.cc (sm_state_map::set_state): Likewise.
|
||
(sm_state_map::impl_set_state): Add assertion.
|
||
* region-model-manager.cc
|
||
(region_model_manager::maybe_fold_unaryop): Handle poisoned
|
||
values.
|
||
(region_model_manager::maybe_fold_binop): Move handling of unknown
|
||
values...
|
||
(region_model_manager::get_or_create_binop): ...to here, and
|
||
generalize to use can_have_associated_state_p.
|
||
(region_model_manager::maybe_fold_sub_svalue): Use
|
||
can_have_associated_state_p rather than testing for unknown.
|
||
(region_model_manager::maybe_fold_repeated_svalue): Use unknown
|
||
when the size or repeated value is "unknown"/"poisoned".
|
||
* region-model.cc (region_model::purge_state_involving): Reject
|
||
attempts to purge unknown/poisoned svalues, as these svalues
|
||
should not have state associated with them.
|
||
* svalue.cc (sub_svalue::sub_svalue): Assert that we're building
|
||
on top of an svalue with can_have_associated_state_p.
|
||
(repeated_svalue::repeated_svalue): Likewise.
|
||
(bits_within_svalue::bits_within_svalue): Likewise.
|
||
* svalue.h (svalue::can_have_associated_state_p): New.
|
||
(unknown_svalue::can_have_associated_state_p): New.
|
||
(poisoned_svalue::can_have_associated_state_p): New.
|
||
(unaryop_svalue::unaryop_svalue): Assert that we're building on
|
||
top of an svalue with can_have_associated_state_p.
|
||
(binop_svalue::binop_svalue): Likewise.
|
||
(widening_svalue::widening_svalue): Likewise.
|
||
|
||
2021-07-16 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* analyzer.h (enum access_direction): New.
|
||
* engine.cc (exploded_node::on_longjmp): Update for new param of
|
||
get_store_value.
|
||
* program-state.cc (program_state::prune_for_point): Likewise.
|
||
* region-model-impl-calls.cc (region_model::impl_call_memcpy):
|
||
Replace call to check_for_writable_region with call to
|
||
check_region_for_write.
|
||
(region_model::impl_call_memset): Likewise.
|
||
(region_model::impl_call_strcpy): Likewise.
|
||
* region-model-reachability.cc (reachable_regions::add): Update
|
||
for new param of get_store_value.
|
||
* region-model.cc (region_model::get_rvalue_1): Likewise, also for
|
||
get_rvalue_for_bits.
|
||
(region_model::get_store_value): Add ctxt param and use it to call
|
||
check_region_for_read.
|
||
(region_model::get_rvalue_for_bits): Add ctxt param and use it to
|
||
call get_store_value.
|
||
(region_model::check_region_access): New.
|
||
(region_model::check_region_for_write): New.
|
||
(region_model::check_region_for_read): New.
|
||
(region_model::set_value): Update comment. Replace call to
|
||
check_for_writable_region with call to check_region_for_write.
|
||
* region-model.h (region_model::get_rvalue_for_bits): Add ctxt
|
||
param.
|
||
(region_model::get_store_value): Add ctxt param.
|
||
(region_model::check_region_access): New decl.
|
||
(region_model::check_region_for_write): New decl.
|
||
(region_model::check_region_for_read): New decl.
|
||
* region.cc (region_model::copy_region): Update call to
|
||
get_store_value.
|
||
* svalue.cc (initial_svalue::implicitly_live_p): Likewise.
|
||
|
||
2021-07-16 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* engine.cc (exploded_node::on_stmt_pre): Handle
|
||
__analyzer_dump_state.
|
||
* program-state.cc (extrinsic_state::get_sm_idx_by_name): New.
|
||
(program_state::impl_call_analyzer_dump_state): New.
|
||
* program-state.h (extrinsic_state::get_sm_idx_by_name): New decl.
|
||
(program_state::impl_call_analyzer_dump_state): New decl.
|
||
* region-model-impl-calls.cc
|
||
(call_details::get_arg_string_literal): New.
|
||
* region-model.h (call_details::get_arg_string_literal): New decl.
|
||
|
||
2021-07-16 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* program-state.cc (program_state::detect_leaks): Simplify using
|
||
svalue::maybe_get_region.
|
||
* region-model-impl-calls.cc (region_model::impl_call_fgets): Likewise.
|
||
(region_model::impl_call_fread): Likewise.
|
||
(region_model::impl_call_free): Likewise.
|
||
(region_model::impl_call_operator_delete): Likewise.
|
||
* region-model.cc (selftest::test_stack_frames): Likewise.
|
||
(selftest::test_state_merging): Likewise.
|
||
* svalue.cc (svalue::maybe_get_region): New.
|
||
* svalue.h (svalue::maybe_get_region): New decl.
|
||
|
||
2021-07-15 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* svalue.h (is_a_helper <placeholder_svalue *>::test): Make
|
||
param and template param const.
|
||
(is_a_helper <widening_svalue *>::test): Likewise.
|
||
(is_a_helper <compound_svalue *>::test): Likewise.
|
||
(is_a_helper <conjured_svalue *>::test): Likewise.
|
||
|
||
2021-07-15 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/95006
|
||
PR analyzer/94713
|
||
PR analyzer/94714
|
||
* analyzer.cc (maybe_reconstruct_from_def_stmt): Split out
|
||
GIMPLE_ASSIGN case into...
|
||
(get_diagnostic_tree_for_gassign_1): New.
|
||
(get_diagnostic_tree_for_gassign): New.
|
||
* analyzer.h (get_diagnostic_tree_for_gassign): New decl.
|
||
* analyzer.opt (Wanalyzer-write-to-string-literal): New.
|
||
* constraint-manager.cc (class svalue_purger): New.
|
||
(constraint_manager::purge_state_involving): New.
|
||
* constraint-manager.h
|
||
(constraint_manager::purge_state_involving): New.
|
||
* diagnostic-manager.cc (saved_diagnostic::supercedes_p): New.
|
||
(dedupe_winners::handle_interactions): New.
|
||
(diagnostic_manager::emit_saved_diagnostics): Call it.
|
||
* diagnostic-manager.h (saved_diagnostic::supercedes_p): New decl.
|
||
* engine.cc (impl_region_model_context::warn): Convert return type
|
||
to bool. Return false if the diagnostic isn't saved.
|
||
(impl_region_model_context::purge_state_involving): New.
|
||
(impl_sm_context::get_state): Use NULL ctxt when querying old
|
||
rvalue.
|
||
(impl_sm_context::set_next_state): Use new sval when querying old
|
||
state.
|
||
(class dump_path_diagnostic): Move to region-model.cc
|
||
(exploded_node::on_stmt): Move to on_stmt_pre and on_stmt_post.
|
||
Remove call to purge_state_involving.
|
||
(exploded_node::on_stmt_pre): New, based on the above. Move most
|
||
of it to region_model::on_stmt_pre.
|
||
(exploded_node::on_stmt_post): Likewise, moving to
|
||
region_model::on_stmt_post.
|
||
(class stale_jmp_buf): Fix parent class to use curiously recurring
|
||
template pattern.
|
||
(feasibility_state::maybe_update_for_edge): Call on_call_pre and
|
||
on_call_post on gcalls.
|
||
* exploded-graph.h (impl_region_model_context::warn): Return bool.
|
||
(impl_region_model_context::purge_state_involving): New decl.
|
||
(exploded_node::on_stmt_pre): New decl.
|
||
(exploded_node::on_stmt_post): New decl.
|
||
* pending-diagnostic.h (pending_diagnostic::use_of_uninit_p): New.
|
||
(pending_diagnostic::supercedes_p): New.
|
||
* program-state.cc (sm_state_map::get_state): Inherit state for
|
||
conjured_svalue as well as initial_svalue.
|
||
(sm_state_map::purge_state_involving): Also support SK_CONJURED.
|
||
* region-model-impl-calls.cc (call_details::get_uncertainty):
|
||
Handle m_ctxt being NULL.
|
||
(call_details::get_or_create_conjured_svalue): New.
|
||
(region_model::impl_call_fgets): New.
|
||
(region_model::impl_call_fread): New.
|
||
* region-model-manager.cc
|
||
(region_model_manager::get_or_create_initial_value): Return an
|
||
uninitialized poisoned value for regions that can't have initial
|
||
values.
|
||
* region-model-reachability.cc
|
||
(reachable_regions::mark_escaped_clusters): Handle ctxt being
|
||
NULL.
|
||
* region-model.cc (region_to_value_map::purge_state_involving): New.
|
||
(poisoned_value_diagnostic::use_of_uninit_p): New.
|
||
(poisoned_value_diagnostic::emit): Handle POISON_KIND_UNINIT.
|
||
(poisoned_value_diagnostic::describe_final_event): Likewise.
|
||
(region_model::check_for_poison): New.
|
||
(region_model::on_assignment): Call it.
|
||
(class dump_path_diagnostic): Move here from engine.cc.
|
||
(region_model::on_stmt_pre): New, based on exploded_node::on_stmt.
|
||
(region_model::on_call_pre): Move the setting of the LHS to a
|
||
conjured svalue to before the checks for specific functions.
|
||
Handle "fgets", "fgets_unlocked", and "fread".
|
||
(region_model::purge_state_involving): New.
|
||
(region_model::handle_unrecognized_call): Handle ctxt being NULL.
|
||
(region_model::get_rvalue): Call check_for_poison.
|
||
(selftest::test_stack_frames): Use NULL for context when getting
|
||
uninitialized rvalue.
|
||
(selftest::test_alloca): Likewise.
|
||
* region-model.h (region_to_value_map::purge_state_involving): New
|
||
decl.
|
||
(call_details::get_or_create_conjured_svalue): New decl.
|
||
(region_model::on_stmt_pre): New decl.
|
||
(region_model::purge_state_involving): New decl.
|
||
(region_model::impl_call_fgets): New decl.
|
||
(region_model::impl_call_fread): New decl.
|
||
(region_model::check_for_poison): New decl.
|
||
(region_model_context::warn): Return bool.
|
||
(region_model_context::purge_state_involving): New.
|
||
(noop_region_model_context::warn): Return bool.
|
||
(noop_region_model_context::purge_state_involving): New.
|
||
(test_region_model_context:: warn): Return bool.
|
||
* region.cc (region::get_memory_space): New.
|
||
(region::can_have_initial_svalue_p): New.
|
||
(region::involves_p): New.
|
||
* region.h (enum memory_space): New.
|
||
(region::get_memory_space): New decl.
|
||
(region::can_have_initial_svalue_p): New decl.
|
||
(region::involves_p): New decl.
|
||
* sm-malloc.cc (use_after_free::supercedes_p): New.
|
||
* store.cc (binding_cluster::purge_state_involving): New.
|
||
(store::purge_state_involving): New.
|
||
* store.h (class symbolic_binding): New forward decl.
|
||
(binding_key::dyn_cast_symbolic_binding): New.
|
||
(symbolic_binding::dyn_cast_symbolic_binding): New.
|
||
(binding_cluster::purge_state_involving): New.
|
||
(store::purge_state_involving): New.
|
||
* svalue.cc (svalue::can_merge_p): Reject attempts to merge
|
||
poisoned svalues with other svalues, so that we identify
|
||
paths in which a variable is conditionally uninitialized.
|
||
(involvement_visitor::visit_conjured_svalue): New.
|
||
(svalue::involves_p): Also handle SK_CONJURED.
|
||
(poison_kind_to_str): Handle POISON_KIND_UNINIT.
|
||
(poisoned_svalue::maybe_fold_bits_within): New.
|
||
* svalue.h (enum poison_kind): Add POISON_KIND_UNINIT.
|
||
(poisoned_svalue::maybe_fold_bits_within): New decl.
|
||
|
||
2021-07-15 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* analyzer.opt (fdump-analyzer-exploded-paths): New.
|
||
* diagnostic-manager.cc
|
||
(diagnostic_manager::emit_saved_diagnostic): Implement it.
|
||
* engine.cc (exploded_path::dump_to_pp): Add ext_state param and
|
||
use it to dump states if non-NULL.
|
||
(exploded_path::dump): Likewise.
|
||
(exploded_path::dump_to_file): New.
|
||
* exploded-graph.h (exploded_path::dump_to_pp): Add ext_state
|
||
param.
|
||
(exploded_path::dump): Likewise.
|
||
(exploded_path::dump): Likewise.
|
||
(exploded_path::dump_to_file): New.
|
||
|
||
2021-07-15 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* analyzer.cc (fixup_tree_for_diagnostic_1): Use DECL_DEBUG_EXPR
|
||
if it's available.
|
||
* engine.cc (readability): Likewise.
|
||
|
||
2021-07-15 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* state-purge.cc (self_referential_phi_p): New.
|
||
(state_purge_per_ssa_name::process_point): Don't purge an SSA name
|
||
at its def-stmt if the def-stmt is self-referential.
|
||
|
||
2021-07-07 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* diagnostic-manager.cc (null_assignment_sm_context::get_state):
|
||
New overload.
|
||
(null_assignment_sm_context::set_next_state): New overload.
|
||
(null_assignment_sm_context::get_diagnostic_tree): New.
|
||
* engine.cc (impl_sm_context::get_state): New overload.
|
||
(impl_sm_context::set_next_state): New overload.
|
||
(impl_sm_context::get_diagnostic_tree): New overload.
|
||
(impl_region_model_context::on_condition): Convert params from
|
||
tree to const svalue *.
|
||
* exploded-graph.h (impl_region_model_context::on_condition):
|
||
Likewise.
|
||
* region-model.cc (region_model::on_call_pre): Move handling of
|
||
internal calls to before checking for get_fndecl_for_call.
|
||
(region_model::add_constraints_from_binop): New.
|
||
(region_model::add_constraint): Split out into a new overload
|
||
working on const svalue * rather than tree. Call
|
||
add_constraints_from_binop. Drop call to
|
||
add_any_constraints_from_ssa_def_stmt.
|
||
(region_model::add_any_constraints_from_ssa_def_stmt): Delete.
|
||
(region_model::add_any_constraints_from_gassign): Delete.
|
||
(region_model::add_any_constraints_from_gcall): Delete.
|
||
* region-model.h
|
||
(region_model::add_any_constraints_from_ssa_def_stmt): Delete.
|
||
(region_model::add_any_constraints_from_gassign): Delete.
|
||
(region_model::add_any_constraints_from_gcall): Delete.
|
||
(region_model::add_constraint): Add overload decl.
|
||
(region_model::add_constraints_from_binop): New decl.
|
||
(region_model_context::on_condition): Convert params from tree to
|
||
const svalue *.
|
||
(noop_region_model_context::on_condition): Likewise.
|
||
* sm-file.cc (fileptr_state_machine::condition): Likewise.
|
||
* sm-malloc.cc (malloc_state_machine::on_condition): Likewise.
|
||
* sm-pattern-test.cc: Include tristate.h, selftest.h,
|
||
analyzer/call-string.h, analyzer/program-point.h,
|
||
analyzer/store.h, and analyzer/region-model.h.
|
||
(pattern_test_state_machine::on_condition): Convert params from tree to
|
||
const svalue *.
|
||
* sm-sensitive.cc (sensitive_state_machine::on_condition): Delete.
|
||
* sm-signal.cc (signal_state_machine::on_condition): Delete.
|
||
* sm-taint.cc (taint_state_machine::on_condition): Convert params
|
||
from tree to const svalue *.
|
||
* sm.cc: Include tristate.h, selftest.h, analyzer/call-string.h,
|
||
analyzer/program-point.h, analyzer/store.h, and
|
||
analyzer/region-model.h.
|
||
(any_pointer_p): Add overload taking const svalue *sval.
|
||
* sm.h (any_pointer_p): Add overload taking const svalue *sval.
|
||
(state_machine::on_condition): Convert params from tree to
|
||
const svalue *. Provide no-op default implementation.
|
||
(sm_context::get_state): Add overload taking const svalue *sval.
|
||
(sm_context::set_next_state): Likewise.
|
||
(sm_context::on_transition): Likewise.
|
||
(sm_context::get_diagnostic_tree): Likewise.
|
||
* svalue.cc (svalue::all_zeroes_p): New.
|
||
(constant_svalue::all_zeroes_p): New.
|
||
(repeated_svalue::all_zeroes_p): Convert to vfunc.
|
||
* svalue.h (svalue::all_zeroes_p): New decl.
|
||
(constant_svalue::all_zeroes_p): New decl.
|
||
(repeated_svalue::all_zeroes_p): Convert decl to vfunc.
|
||
|
||
2021-06-30 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/95006
|
||
* analyzer.h (class repeated_svalue): New forward decl.
|
||
(class bits_within_svalue): New forward decl.
|
||
(class sized_region): New forward decl.
|
||
(get_field_at_bit_offset): New forward decl.
|
||
* engine.cc (exploded_graph::get_or_create_node): Validate the
|
||
merged state.
|
||
(exploded_graph::maybe_process_run_of_before_supernode_enodes):
|
||
Validate the states at each stage.
|
||
* program-state.cc (program_state::validate): Validate
|
||
m_region_model.
|
||
* region-model-impl-calls.cc (region_model::impl_call_memset):
|
||
Replace special-case logic for handling constant sizes with
|
||
a call to fill_region of a sized_region with the given fill value.
|
||
* region-model-manager.cc (maybe_undo_optimize_bit_field_compare):
|
||
Drop DK_direct.
|
||
(region_model_manager::maybe_fold_sub_svalue): Fold element-based
|
||
subregions of an initial value into initial values of an element.
|
||
Fold subvalues of repeated svalues.
|
||
(region_model_manager::maybe_fold_repeated_svalue): New.
|
||
(region_model_manager::get_or_create_repeated_svalue): New.
|
||
(get_bit_range_for_field): New.
|
||
(get_byte_range_for_field): New.
|
||
(get_field_at_byte_range): New.
|
||
(region_model_manager::maybe_fold_bits_within_svalue): New.
|
||
(region_model_manager::get_or_create_bits_within): New.
|
||
(region_model_manager::get_sized_region): New.
|
||
(region_model_manager::log_stats): Update for addition of
|
||
m_repeated_values_map, m_bits_within_values_map, and
|
||
m_sized_regions.
|
||
* region-model.cc (region_model::validate): New.
|
||
(region_model::on_assignment): Drop enum binding_kind.
|
||
(region_model::get_initial_value_for_global): Likewise.
|
||
(region_model::get_rvalue_for_bits): Replace body with call to
|
||
get_or_create_bits_within.
|
||
(region_model::get_capacity): Handle RK_SIZED.
|
||
(region_model::set_value): Drop enum binding_kind.
|
||
(region_model::fill_region): New.
|
||
(region_model::get_representative_path_var_1): Handle RK_SIZED.
|
||
* region-model.h (visitor::visit_repeated_svalue): New.
|
||
(visitor::visit_bits_within_svalue): New.
|
||
(region_model_manager::get_or_create_repeated_svalue): New decl.
|
||
(region_model_manager::get_or_create_bits_within): New decl.
|
||
(region_model_manager::get_sized_region): New decl.
|
||
(region_model_manager::maybe_fold_repeated_svalue): New decl.
|
||
(region_model_manager::maybe_fold_bits_within_svalue): New decl.
|
||
(region_model_manager::repeated_values_map_t): New typedef.
|
||
(region_model_manager::m_repeated_values_map): New field.
|
||
(region_model_manager::bits_within_values_map_t): New typedef.
|
||
(region_model_manager::m_bits_within_values_map): New field.
|
||
(region_model_manager::m_sized_regions): New field.
|
||
(region_model::fill_region): New decl.
|
||
* region.cc (region::get_base_region): Handle RK_SIZED.
|
||
(region::base_region_p): Likewise.
|
||
(region::get_byte_size_sval): New.
|
||
(get_field_at_bit_offset): Make non-static.
|
||
(region::calc_offset): Move implementation of cases to
|
||
get_relative_concrete_offset vfunc implementations. Handle
|
||
RK_SIZED.
|
||
(region::get_relative_concrete_offset): New.
|
||
(decl_region::get_svalue_for_initializer): Drop enum binding_kind.
|
||
(field_region::get_relative_concrete_offset): New, from
|
||
region::calc_offset.
|
||
(element_region::get_relative_concrete_offset): Likewise.
|
||
(offset_region::get_relative_concrete_offset): Likewise.
|
||
(sized_region::accept): New.
|
||
(sized_region::dump_to_pp): New.
|
||
(sized_region::get_byte_size): New.
|
||
(sized_region::get_bit_size): New.
|
||
* region.h (enum region_kind): Add RK_SIZED.
|
||
(region::dyn_cast_sized_region): New.
|
||
(region::get_byte_size): Make virtual.
|
||
(region::get_bit_size): Likewise.
|
||
(region::get_byte_size_sval): New decl.
|
||
(region::get_relative_concrete_offset): New decl.
|
||
(field_region::get_relative_concrete_offset): New decl.
|
||
(element_region::get_relative_concrete_offset): Likewise.
|
||
(offset_region::get_relative_concrete_offset): Likewise.
|
||
(class sized_region): New.
|
||
* store.cc (binding_kind_to_string): Delete.
|
||
(binding_key::make): Drop enum binding_kind.
|
||
(binding_key::dump_to_pp): Delete.
|
||
(binding_key::cmp_ptrs): Drop enum binding_kind.
|
||
(bit_range::contains_p): New.
|
||
(byte_range::dump): New.
|
||
(byte_range::contains_p): New.
|
||
(byte_range::cmp): New.
|
||
(concrete_binding::dump_to_pp): Drop enum binding_kind.
|
||
(concrete_binding::cmp_ptr_ptr): Likewise.
|
||
(symbolic_binding::dump_to_pp): Likewise.
|
||
(symbolic_binding::cmp_ptr_ptr): Likewise.
|
||
(binding_map::apply_ctor_val_to_range): Likewise.
|
||
(binding_map::apply_ctor_pair_to_child_region): Likewise.
|
||
(binding_map::get_overlapping_bindings): New.
|
||
(binding_map::remove_overlapping_bindings): New.
|
||
(binding_cluster::validate): New.
|
||
(binding_cluster::bind): Drop enum binding_kind.
|
||
(binding_cluster::bind_compound_sval): Likewise.
|
||
(binding_cluster::purge_region): Likewise.
|
||
(binding_cluster::zero_fill_region): Reimplement in terms of...
|
||
(binding_cluster::fill_region): New.
|
||
(binding_cluster::mark_region_as_unknown): Drop enum binding_kind.
|
||
(binding_cluster::get_binding): Likewise.
|
||
(binding_cluster::get_binding_recursive): Likewise.
|
||
(binding_cluster::get_any_binding): Likewise.
|
||
(binding_cluster::maybe_get_compound_binding): Reimplement.
|
||
(binding_cluster::get_overlapping_bindings): Delete.
|
||
(binding_cluster::remove_overlapping_bindings): Reimplement in
|
||
terms of binding_map::remove_overlapping_bindings.
|
||
(binding_cluster::can_merge_p): Update for removal of
|
||
enum binding_kind.
|
||
(binding_cluster::on_unknown_fncall): Drop enum binding_kind.
|
||
(binding_cluster::maybe_get_simple_value): Likewise.
|
||
(store_manager::get_concrete_binding): Likewise.
|
||
(store_manager::get_symbolic_binding): Likewise.
|
||
(store::validate): New.
|
||
(store::set_value): Drop enum binding_kind.
|
||
(store::zero_fill_region): Reimplement in terms of...
|
||
(store::fill_region): New.
|
||
(selftest::test_binding_key_overlap): Drop enum binding_kind.
|
||
* store.h (enum binding_kind): Delete.
|
||
(binding_kind_to_string): Delete decl.
|
||
(binding_key::make): Drop enum binding_kind.
|
||
(binding_key::dump_to_pp): Make pure virtual.
|
||
(binding_key::get_kind): Delete.
|
||
(binding_key::mark_deleted): Delete.
|
||
(binding_key::mark_empty): Delete.
|
||
(binding_key::is_deleted): Delete.
|
||
(binding_key::is_empty): Delete.
|
||
(binding_key::binding_key): Delete.
|
||
(binding_key::impl_hash): Delete.
|
||
(binding_key::impl_eq): Delete.
|
||
(binding_key::m_kind): Delete.
|
||
(bit_range::get_last_bit_offset): New.
|
||
(bit_range::contains_p): New.
|
||
(byte_range::contains_p): New.
|
||
(byte_range::operator==): New.
|
||
(byte_range::get_start_byte_offset): New.
|
||
(byte_range::get_next_byte_offset): New.
|
||
(byte_range::get_last_byte_offset): New.
|
||
(byte_range::as_bit_range): New.
|
||
(byte_range::cmp): New.
|
||
(concrete_binding::concrete_binding): Drop enum binding_kind.
|
||
(concrete_binding::hash): Likewise.
|
||
(concrete_binding::operator==): Likewise.
|
||
(concrete_binding::mark_deleted): New.
|
||
(concrete_binding::mark_empty): New.
|
||
(concrete_binding::is_deleted): New.
|
||
(concrete_binding::is_empty): New.
|
||
(default_hash_traits<ana::concrete_binding>::empty_zero_p): Make false.
|
||
(symbolic_binding::symbolic_binding): Drop enum binding_kind.
|
||
(symbolic_binding::hash): Likewise.
|
||
(symbolic_binding::operator==): Likewise.
|
||
(symbolic_binding::mark_deleted): New.
|
||
(symbolic_binding::mark_empty): New.
|
||
(symbolic_binding::is_deleted): New.
|
||
(symbolic_binding::is_empty): New.
|
||
(binding_map::remove_overlapping_bindings): New decl.
|
||
(binding_map::get_overlapping_bindings): New decl.
|
||
(binding_cluster::validate): New decl.
|
||
(binding_cluster::bind): Drop enum binding_kind.
|
||
(binding_cluster::fill_region): New decl.
|
||
(binding_cluster::get_binding): Drop enum binding_kind.
|
||
(binding_cluster::get_binding_recursive): Likewise.
|
||
(binding_cluster::get_overlapping_bindings): Delete.
|
||
(store::validate): New decl.
|
||
(store::set_value): Drop enum binding_kind.
|
||
(store::fill_region): New decl.
|
||
(store_manager::get_concrete_binding): Drop enum binding_kind.
|
||
(store_manager::get_symbolic_binding): Likewise.
|
||
* svalue.cc (svalue::cmp_ptr): Handle SK_REPEATED and
|
||
SK_BITS_WITHIN.
|
||
(svalue::extract_bit_range): New.
|
||
(svalue::maybe_fold_bits_within): New.
|
||
(constant_svalue::maybe_fold_bits_within): New.
|
||
(unknown_svalue::maybe_fold_bits_within): New.
|
||
(unaryop_svalue::maybe_fold_bits_within): New.
|
||
(repeated_svalue::repeated_svalue): New.
|
||
(repeated_svalue::dump_to_pp): New.
|
||
(repeated_svalue::accept): New.
|
||
(repeated_svalue::all_zeroes_p): New.
|
||
(repeated_svalue::maybe_fold_bits_within): New.
|
||
(bits_within_svalue::bits_within_svalue): New.
|
||
(bits_within_svalue::dump_to_pp): New.
|
||
(bits_within_svalue::maybe_fold_bits_within): New.
|
||
(bits_within_svalue::accept): New.
|
||
(bits_within_svalue::implicitly_live_p): New.
|
||
(compound_svalue::maybe_fold_bits_within): New.
|
||
* svalue.h (enum svalue_kind): Add SK_REPEATED and SK_BITS_WITHIN.
|
||
(svalue::dyn_cast_repeated_svalue): New.
|
||
(svalue::dyn_cast_bits_within_svalue): New.
|
||
(svalue::extract_bit_range): New decl.
|
||
(svalue::maybe_fold_bits_within): New vfunc decl.
|
||
(region_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE.
|
||
(region_svalue::key_t::is_empty): Likewise.
|
||
(default_hash_traits<region_svalue::key_t>::empty_zero_p): Make false.
|
||
(constant_svalue::maybe_fold_bits_within): New.
|
||
(unknown_svalue::maybe_fold_bits_within): New.
|
||
(poisoned_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE.
|
||
(poisoned_svalue::key_t::is_empty): Likewise.
|
||
(default_hash_traits<poisoned_svalue::key_t>::empty_zero_p): Make
|
||
false.
|
||
(setjmp_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE.
|
||
(setjmp_svalue::key_t::is_empty): Likewise.
|
||
(default_hash_traits<setjmp_svalue::key_t>::empty_zero_p): Make
|
||
false.
|
||
(unaryop_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE.
|
||
(unaryop_svalue::key_t::is_empty): Likewise.
|
||
(unaryop_svalue::maybe_fold_bits_within): New.
|
||
(default_hash_traits<unaryop_svalue::key_t>::empty_zero_p): Make
|
||
false.
|
||
(binop_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE.
|
||
(binop_svalue::key_t::is_empty): Likewise.
|
||
(default_hash_traits<binop_svalue::key_t>::empty_zero_p): Make
|
||
false.
|
||
(sub_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE.
|
||
(sub_svalue::key_t::is_empty): Likewise.
|
||
(default_hash_traits<sub_svalue::key_t>::empty_zero_p): Make
|
||
false.
|
||
(class repeated_svalue): New.
|
||
(is_a_helper <const repeated_svalue *>::test): New.
|
||
(struct default_hash_traits<repeated_svalue::key_t>): New.
|
||
(class bits_within_svalue): New.
|
||
(is_a_helper <const bits_within_svalue *>::test): New.
|
||
(struct default_hash_traits<bits_within_svalue::key_t>): New.
|
||
(widening_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE.
|
||
(widening_svalue::key_t::is_empty): Likewise.
|
||
(default_hash_traits<widening_svalue::key_t>::empty_zero_p): Make
|
||
false.
|
||
(compound_svalue::key_t::mark_empty): Use 2 rather than NULL_TREE.
|
||
(compound_svalue::key_t::is_empty): Likewise.
|
||
(compound_svalue::maybe_fold_bits_within): New.
|
||
(default_hash_traits<compound_svalue::key_t>::empty_zero_p): Make
|
||
false.
|
||
|
||
2021-06-28 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* analyzer.h (byte_offset_t): New typedef.
|
||
* store.cc (bit_range::dump_to_pp): Dump as a byte range if
|
||
possible.
|
||
(bit_range::as_byte_range): New.
|
||
(byte_range::dump_to_pp): New.
|
||
* store.h (class byte_range): New forward decl.
|
||
(struct bit_range): Add comment.
|
||
(bit_range::as_byte_range): New decl.
|
||
(struct byte_range): New.
|
||
|
||
2021-06-22 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/101143
|
||
* region-model.cc (compat_types_p): New function.
|
||
(region_model::create_region_for_heap_alloc): Convert assertion to
|
||
an error check.
|
||
(region_model::create_region_for_alloca): Likewise.
|
||
|
||
2021-06-18 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* store.cc (binding_cluster::get_any_binding): Make symbolic reads
|
||
from a cluster with concrete bindings return unknown.
|
||
|
||
2021-06-18 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* region-model-manager.cc
|
||
(region_model_manager::get_or_create_int_cst): New.
|
||
(region_model_manager::maybe_undo_optimize_bit_field_compare): Use
|
||
it to simplify away a local tree.
|
||
* region-model.cc (region_model::on_setjmp): Likewise.
|
||
(region_model::on_longjmp): Likewise.
|
||
* region-model.h (region_model_manager::get_or_create_int_cst):
|
||
New decl.
|
||
* store.cc (binding_cluster::zero_fill_region): Use it to simplify
|
||
away a local tree.
|
||
|
||
2021-06-18 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* checker-path.cc (class custom_event): Make abstract to allow for
|
||
custom vfuncs, splitting existing implementation into...
|
||
(class precanned_custom_event): New subclass.
|
||
(custom_event::get_desc): Move to...
|
||
(precanned_custom_event::get_desc): ...subclass.
|
||
* checker-path.h (class custom_event): Make abstract to allow for
|
||
custom vfuncs, splitting existing implementation into...
|
||
(class precanned_custom_event): New subclass.
|
||
* diagnostic-manager.cc (diagnostic_manager::add_events_for_eedge):
|
||
Use precanned_custom_event.
|
||
* engine.cc
|
||
(stale_jmp_buf::maybe_add_custom_events_for_superedge): Likewise.
|
||
* sm-signal.cc (signal_delivery_edge_info_t::add_events_to_path):
|
||
Likewise.
|
||
|
||
2021-06-15 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/99212
|
||
PR analyzer/101082
|
||
* engine.cc: Include "target.h".
|
||
(impl_run_checkers): Log BITS_BIG_ENDIAN, BYTES_BIG_ENDIAN, and
|
||
WORDS_BIG_ENDIAN.
|
||
* region-model-manager.cc
|
||
(region_model_manager::maybe_fold_binop): Move support for masking
|
||
via ARG0 & CST into...
|
||
(region_model_manager::maybe_undo_optimize_bit_field_compare):
|
||
...this new function. Flatten by converting from nested
|
||
conditionals to a series of early return statements to reject
|
||
failures. Reject if type is not unsigned_char_type_node.
|
||
Handle BYTES_BIG_ENDIAN when determining which bits are bound
|
||
in the binding_map.
|
||
* region-model.h
|
||
(region_model_manager::maybe_undo_optimize_bit_field_compare):
|
||
New decl.
|
||
* store.cc (bit_range::dump): New function.
|
||
* store.h (bit_range::dump): New decl.
|
||
|
||
2021-06-15 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* engine.cc (exploded_node::on_stmt): Handle __analyzer_dump_capacity.
|
||
(exploded_node::on_stmt): Drop m_sm_changes from on_stmt_flags.
|
||
(state_change_requires_new_enode_p): New function...
|
||
(exploded_graph::process_node): Call it, rather than querying
|
||
flags.m_sm_changes, so that dynamic-extent differences can also
|
||
trigger the splitting of nodes.
|
||
* exploded-graph.h (struct on_stmt_flags): Drop field m_sm_changes.
|
||
* program-state.cc (program_state::detect_leaks): Purge dead
|
||
heap-allocated regions from dynamic extents.
|
||
(selftest::test_program_state_1): Fix type of "size_in_bytes".
|
||
(selftest::test_program_state_merging): Likewise.
|
||
* region-model-impl-calls.cc
|
||
(region_model::impl_call_analyzer_dump_capacity): New.
|
||
(region_model::impl_call_free): Remove dynamic extents from the
|
||
freed region.
|
||
* region-model-reachability.h
|
||
(reachable_regions::begin_mutable_base_regs): New.
|
||
(reachable_regions::end_mutable_base_regs): New.
|
||
* region-model.cc: Include "tree-object-size.h".
|
||
(region_model::region_model): Support new field m_dynamic_extents.
|
||
(region_model::operator=): Likewise.
|
||
(region_model::operator==): Likewise.
|
||
(region_model::dump_to_pp): Dump sizes of dynamic regions.
|
||
(region_model::handle_unrecognized_call): Purge dynamic extents
|
||
from any regions that have escaped mutably:.
|
||
(region_model::get_capacity): New function.
|
||
(region_model::add_constraint): Unset dynamic extents when a
|
||
heap-allocated region's address is NULL.
|
||
(region_model::unbind_region_and_descendents): Purge dynamic
|
||
extents of unbound regions.
|
||
(region_model::can_merge_with_p): Call
|
||
m_dynamic_extents.can_merge_with_p.
|
||
(region_model::create_region_for_heap_alloc): Assert that
|
||
size_in_bytes's type is compatible with size_type_node. Update
|
||
for renaming of record_dynamic_extents to set_dynamic_extents.
|
||
(region_model::create_region_for_alloca): Likewise.
|
||
(region_model::record_dynamic_extents): Rename to...
|
||
(region_model::set_dynamic_extents): ...this. Assert that
|
||
size_in_bytes's type is compatible with size_type_node. Add it
|
||
to the m_dynamic_extents map.
|
||
(region_model::get_dynamic_extents): New.
|
||
(region_model::unset_dynamic_extents): New.
|
||
(selftest::test_state_merging): Fix type of "size".
|
||
(selftest::test_malloc_constraints): Likewise.
|
||
(selftest::test_malloc): Verify dynamic extents.
|
||
(selftest::test_alloca): Likewise.
|
||
* region-model.h (region_to_value_map::is_empty): New.
|
||
(region_model::dynamic_extents_t): New typedef.
|
||
(region_model::impl_call_analyzer_dump_capacity): New decl.
|
||
(region_model::get_dynamic_extents): New function.
|
||
(region_model::get_dynamic_extents): New decl.
|
||
(region_model::set_dynamic_extents): New decl.
|
||
(region_model::unset_dynamic_extents): New decl.
|
||
(region_model::get_capacity): New decl.
|
||
(region_model::record_dynamic_extents): Rename to set_dynamic_extents.
|
||
(region_model::m_dynamic_extents): New field.
|
||
|
||
2021-06-15 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* region-model.cc (region_to_value_map::operator=): New.
|
||
(region_to_value_map::operator==): New.
|
||
(region_to_value_map::dump_to_pp): New.
|
||
(region_to_value_map::dump): New.
|
||
(region_to_value_map::can_merge_with_p): New.
|
||
* region-model.h (class region_to_value_map): New class.
|
||
|
||
2021-06-13 Trevor Saunders <tbsaunde@tbsaunde.org>
|
||
|
||
* call-string.cc (call_string::call_string): Use range based for
|
||
to iterate over vec<>.
|
||
(call_string::to_json): Likewise.
|
||
(call_string::hash): Likewise.
|
||
(call_string::calc_recursion_depth): Likewise.
|
||
* checker-path.cc (checker_path::fixup_locations): Likewise.
|
||
* constraint-manager.cc (equiv_class::equiv_class): Likewise.
|
||
(equiv_class::to_json): Likewise.
|
||
(equiv_class::hash): Likewise.
|
||
(constraint_manager::to_json): Likewise.
|
||
* engine.cc (impl_region_model_context::on_svalue_leak):
|
||
Likewise.
|
||
(on_liveness_change): Likewise.
|
||
(impl_region_model_context::on_unknown_change): Likewise.
|
||
* program-state.cc (sm_state_map::set_state): Likewise.
|
||
* region-model.cc (test_canonicalization_4): Likewise.
|
||
|
||
2021-06-11 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* engine.cc (worklist::key_t::cmp): Move sort by call_string to
|
||
before SCC.
|
||
|
||
2021-06-09 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* region-model.cc (region_model::get_lvalue_1): Make const.
|
||
(region_model::get_lvalue): Likewise.
|
||
(region_model::get_rvalue_1): Likewise.
|
||
(region_model::get_rvalue): Likewise.
|
||
(region_model::deref_rvalue): Likewise.
|
||
(region_model::get_rvalue_for_bits): Likewise.
|
||
* region-model.h (region_model::get_lvalue): Likewise.
|
||
(region_model::get_rvalue): Likewise.
|
||
(region_model::deref_rvalue): Likewise.
|
||
(region_model::get_rvalue_for_bits): Likewise.
|
||
(region_model::get_lvalue_1): Likewise.
|
||
(region_model::get_rvalue_1): Likewise.
|
||
|
||
2021-06-08 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/99212
|
||
* region-model-manager.cc
|
||
(region_model_manager::maybe_fold_binop): Add support for folding
|
||
BIT_AND_EXPR of compound_svalue and a mask constant.
|
||
* region-model.cc (region_model::get_rvalue_1): Implement
|
||
BIT_FIELD_REF in terms of...
|
||
(region_model::get_rvalue_for_bits): New function.
|
||
* region-model.h (region_model::get_rvalue_for_bits): New decl.
|
||
* store.cc (bit_range::from_mask): New function.
|
||
(selftest::test_bit_range_intersects_p): New selftest.
|
||
(selftest::assert_bit_range_from_mask_eq): New.
|
||
(ASSERT_BIT_RANGE_FROM_MASK_EQ): New macro.
|
||
(selftest::assert_no_bit_range_from_mask_eq): New.
|
||
(ASSERT_NO_BIT_RANGE_FROM_MASK): New macro.
|
||
(selftest::test_bit_range_from_mask): New selftest.
|
||
(selftest::analyzer_store_cc_tests): Call the new selftests.
|
||
* store.h (bit_range::intersects_p): New.
|
||
(bit_range::from_mask): New decl.
|
||
(concrete_binding::get_bit_range): New accessor.
|
||
(store_manager::get_concrete_binding): New overload taking
|
||
const bit_range &.
|
||
|
||
2021-06-08 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* analyzer.h (int_size_in_bits): New decl.
|
||
* region.cc (int_size_in_bits): New function.
|
||
(region::get_bit_size): Reimplement in terms of the above.
|
||
|
||
2021-06-08 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* store.cc (concrete_binding::dump_to_pp): Move bulk of
|
||
implementation to...
|
||
(bit_range::dump_to_pp): ...this new function.
|
||
(bit_range::cmp): New.
|
||
(concrete_binding::overlaps_p): Update for use of bit_range.
|
||
(concrete_binding::cmp_ptr_ptr): Likewise.
|
||
* store.h (struct bit_range): New.
|
||
(class concrete_binding): Replace fields m_start_bit_offset and
|
||
m_size_in_bits with new field m_bit_range.
|
||
|
||
2021-06-08 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* svalue.h (conjured_svalue::iterator_t): Delete.
|
||
|
||
2021-06-03 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* store.h (store::get_direct_binding): Remove unused decl.
|
||
(store::get_default_binding): Likewise.
|
||
|
||
2021-06-03 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* svalue.cc (poisoned_svalue::dump_to_pp): Dump type.
|
||
(compound_svalue::dump_to_pp): Dump any type.
|
||
|
||
2021-05-18 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/100615
|
||
* sm-malloc.cc: Include "analyzer/function-set.h".
|
||
(malloc_state_machine::on_stmt): Call unaffected_by_call_p and
|
||
bail on the functions it recognizes.
|
||
(malloc_state_machine::unaffected_by_call_p): New.
|
||
|
||
2021-05-10 Martin Liska <mliska@suse.cz>
|
||
|
||
* sm-file.cc (is_file_using_fn_p): Use startswith
|
||
function instead of strncmp.
|
||
|
||
2021-05-10 Martin Liska <mliska@suse.cz>
|
||
|
||
* program-state.cc (program_state::operator=): Remove
|
||
__cplusplus >= 201103.
|
||
(program_state::program_state): Likewise.
|
||
* program-state.h: Likewise.
|
||
* region-model.h (class region_model): Remove dead code.
|
||
|
||
2021-04-24 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/100244
|
||
* sm-malloc.cc (free_of_non_heap::describe_state_change):
|
||
Bulletproof against change.m_expr being NULL.
|
||
|
||
2021-04-13 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/98599
|
||
* supergraph.cc (saved_uids::make_uid_unique): New.
|
||
(saved_uids::restore_uids): New.
|
||
(supergraph::supergraph): Replace assignments to stmt->uid with
|
||
calls to m_stmt_uids.make_uid_unique.
|
||
(supergraph::~supergraph): New.
|
||
* supergraph.h (class saved_uids): New.
|
||
(supergraph::~supergraph): New decl.
|
||
(supergraph::m_stmt_uids): New field.
|
||
|
||
2021-04-10 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/100011
|
||
* region-model.cc (region_model::on_assignment): Avoid NULL
|
||
dereference if ctxt is NULL when assigning from a STRING_CST.
|
||
|
||
2021-04-08 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/99042
|
||
PR analyzer/99774
|
||
* engine.cc
|
||
(impl_region_model_context::impl_region_model_context): Add
|
||
uncertainty param and use it to initialize m_uncertainty.
|
||
(impl_region_model_context::get_uncertainty): New.
|
||
(impl_sm_context::get_fndecl_for_call): Add NULL for new
|
||
uncertainty param when constructing impl_region_model_context.
|
||
(impl_sm_context::get_state): Likewise.
|
||
(impl_sm_context::set_next_state): Likewise.
|
||
(impl_sm_context::warn): Likewise.
|
||
(exploded_node::on_stmt): Add uncertainty param
|
||
and use it when constructing impl_region_model_context.
|
||
(exploded_node::on_edge): Add uncertainty param and pass
|
||
to on_edge call.
|
||
(exploded_node::detect_leaks): Create uncertainty_t and pass to
|
||
impl_region_model_context.
|
||
(exploded_graph::get_or_create_node): Create uncertainty_t and
|
||
pass to prune_for_point.
|
||
(maybe_process_run_of_before_supernode_enodes): Create
|
||
uncertainty_t and pass to impl_region_model_context.
|
||
(exploded_graph::process_node): Create uncertainty_t instances and
|
||
pass around as needed.
|
||
* exploded-graph.h
|
||
(impl_region_model_context::impl_region_model_context): Add
|
||
uncertainty param.
|
||
(impl_region_model_context::get_uncertainty): New decl.
|
||
(impl_region_model_context::m_uncertainty): New field.
|
||
(exploded_node::on_stmt): Add uncertainty param.
|
||
(exploded_node::on_edge): Likewise.
|
||
* program-state.cc (sm_state_map::on_liveness_change): Get
|
||
uncertainty from context and use it to unset sm-state from
|
||
svalues as appropriate.
|
||
(program_state::on_edge): Add uncertainty param and use it when
|
||
constructing impl_region_model_context. Fix indentation.
|
||
(program_state::prune_for_point): Add uncertainty param and use it
|
||
when constructing impl_region_model_context.
|
||
(program_state::detect_leaks): Get any uncertainty from ctxt and
|
||
use it to get maybe-live svalues for dest_state, rather than
|
||
definitely-live ones; use this when determining which svalues
|
||
have leaked.
|
||
(selftest::test_program_state_merging): Create uncertainty_t and
|
||
pass to impl_region_model_context.
|
||
* program-state.h (program_state::on_edge): Add uncertainty param.
|
||
(program_state::prune_for_point): Likewise.
|
||
* region-model-impl-calls.cc (call_details::get_uncertainty): New.
|
||
(region_model::impl_call_memcpy): Pass uncertainty to
|
||
mark_region_as_unknown call.
|
||
(region_model::impl_call_memset): Likewise.
|
||
(region_model::impl_call_strcpy): Likewise.
|
||
* region-model-reachability.cc (reachable_regions::handle_sval):
|
||
Also add sval to m_mutable_svals.
|
||
* region-model.cc (region_model::on_assignment): Pass any
|
||
uncertainty from ctxt to the store::set_value call.
|
||
(region_model::handle_unrecognized_call): Get any uncertainty from
|
||
ctxt and use it to record mutable svalues at the unknown call.
|
||
(region_model::get_reachable_svalues): Add uncertainty param and
|
||
use it to mark any maybe-bound svalues as being reachable.
|
||
(region_model::set_value): Pass any uncertainty from ctxt to the
|
||
store::set_value call.
|
||
(region_model::mark_region_as_unknown): Add uncertainty param and
|
||
pass it on to the store::mark_region_as_unknown call.
|
||
(region_model::update_for_call_summary): Add uncertainty param and
|
||
pass it on to the region_model::mark_region_as_unknown call.
|
||
* region-model.h (call_details::get_uncertainty): New decl.
|
||
(region_model::get_reachable_svalues): Add uncertainty param.
|
||
(region_model::mark_region_as_unknown): Add uncertainty param.
|
||
(region_model_context::get_uncertainty): New vfunc.
|
||
(noop_region_model_context::get_uncertainty): New vfunc
|
||
implementation.
|
||
* store.cc (dump_svalue_set): New.
|
||
(uncertainty_t::dump_to_pp): New.
|
||
(uncertainty_t::dump): New.
|
||
(binding_cluster::clobber_region): Pass NULL for uncertainty to
|
||
remove_overlapping_bindings.
|
||
(binding_cluster::mark_region_as_unknown): Add uncertainty param
|
||
and pass it to remove_overlapping_bindings.
|
||
(binding_cluster::remove_overlapping_bindings): Add uncertainty param.
|
||
Use it to record any svalues that were in clobbered bindings.
|
||
(store::set_value): Add uncertainty param. Pass it to
|
||
binding_cluster::mark_region_as_unknown when handling symbolic
|
||
regions.
|
||
(store::mark_region_as_unknown): Add uncertainty param and pass it
|
||
to binding_cluster::mark_region_as_unknown.
|
||
(store::remove_overlapping_bindings): Add uncertainty param and
|
||
pass it to binding_cluster::remove_overlapping_bindings.
|
||
* store.h (binding_cluster::mark_region_as_unknown): Add
|
||
uncertainty param.
|
||
(binding_cluster::remove_overlapping_bindings): Likewise.
|
||
(store::set_value): Likewise.
|
||
(store::mark_region_as_unknown): Likewise.
|
||
|
||
2021-04-05 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/99906
|
||
* analyzer.cc (maybe_reconstruct_from_def_stmt): Fix NULL
|
||
dereference on calls with zero arguments.
|
||
* sm-malloc.cc (malloc_state_machine::on_stmt): When handling
|
||
__attribute__((nonnull)), only call get_diagnostic_tree if the
|
||
result will be used.
|
||
|
||
2021-04-05 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/99886
|
||
* diagnostic-manager.cc
|
||
(diagnostic_manager::prune_interproc_events): Use signed integers
|
||
when subtracting one from path->num_events ().
|
||
(diagnostic_manager::consolidate_conditions): Likewise. Convert
|
||
next_idx to a signed int.
|
||
|
||
2021-04-01 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* diagnostic-manager.cc (diagnostic_manager::add_diagnostic): Make
|
||
enode param non-constant, and call add_diagnostic on it. Add
|
||
enode index to log message.
|
||
(diagnostic_manager::add_diagnostic): Make enode param
|
||
non-constant.
|
||
* diagnostic-manager.h (diagnostic_manager::add_diagnostic):
|
||
Likewise for both decls.
|
||
* engine.cc
|
||
(impl_region_model_context::impl_region_model_context): Likewise
|
||
for enode_for_diag.
|
||
(impl_sm_context::impl_sm_context): Likewise.
|
||
(impl_sm_context::m_enode_for_diag): Likewise.
|
||
(exploded_node::dump_dot): Don't pass the diagnostic manager
|
||
to dump_saved_diagnostics.
|
||
(exploded_node::dump_saved_diagnostics): Drop param. Iterate
|
||
directly through all saved diagnostics for the enode, rather
|
||
than all saved diagnostics in the diagnostic_manager and
|
||
filtering.
|
||
(exploded_node::on_stmt): Make non-const.
|
||
(exploded_node::on_edge): Likewise.
|
||
(exploded_node::on_longjmp): Likewise.
|
||
(exploded_node::detect_leaks): Likewise.
|
||
(exploded_graph::get_or_create_node): Make enode_for_diag param
|
||
non-const.
|
||
(exploded_graph_annotator::print_enode): Iterate
|
||
directly through all saved diagnostics for the enode, rather
|
||
than all saved diagnostics in the diagnostic_manager and
|
||
filtering.
|
||
* exploded-graph.h
|
||
(impl_region_model_context::impl_region_model_context): Make
|
||
enode_for_diag param non-constant.
|
||
(impl_region_model_context::m_enode_for_diag): Likewise.
|
||
(exploded_node::dump_saved_diagnostics): Drop param.
|
||
(exploded_node::on_stmt): Make non-const.
|
||
(exploded_node::on_edge): Likewise.
|
||
(exploded_node::on_longjmp): Likewise.
|
||
(exploded_node::detect_leaks): Likewise.
|
||
(exploded_node::add_diagnostic): New.
|
||
(exploded_node::get_num_diagnostics): New.
|
||
(exploded_node::get_saved_diagnostic): New.
|
||
(exploded_node::m_saved_diagnostics): New.
|
||
(exploded_graph::get_or_create_node): Make enode_for_diag param
|
||
non-constant.
|
||
* feasible-graph.cc (feasible_node::dump_dot): Drop
|
||
diagnostic_manager from call to dump_saved_diagnostics.
|
||
* program-state.cc (program_state::on_edge): Convert enode param
|
||
to non-const pointer.
|
||
(program_state::prune_for_point): Likewise for enode_for_diag
|
||
param.
|
||
* program-state.h (program_state::on_edge): Convert enode param
|
||
to non-const pointer.
|
||
(program_state::prune_for_point): Likewise for enode_for_diag
|
||
param.
|
||
|
||
2021-03-31 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/99771
|
||
* analyzer.cc (maybe_reconstruct_from_def_stmt): New.
|
||
(fixup_tree_for_diagnostic_1): New.
|
||
(fixup_tree_for_diagnostic): New.
|
||
* analyzer.h (fixup_tree_for_diagnostic): New decl.
|
||
* checker-path.cc (call_event::get_desc): Call
|
||
fixup_tree_for_diagnostic and use it for the call_with_state call.
|
||
(warning_event::get_desc): Likewise for the final_event and
|
||
make_label_text calls.
|
||
* engine.cc (impl_region_model_context::on_state_leak): Likewise
|
||
for the on_leak and add_diagnostic calls.
|
||
* region-model.cc (region_model::get_representative_tree):
|
||
Likewise for the result.
|
||
|
||
2021-03-30 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* region.h (region::dump_to_pp): Remove old decl.
|
||
|
||
2021-03-30 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* sm-file.cc (fileptr_state_machine::on_stmt): Only call
|
||
get_diagnostic_tree if the result will be used.
|
||
* sm-malloc.cc (malloc_state_machine::on_stmt): Likewise.
|
||
(malloc_state_machine::on_deallocator_call): Likewise.
|
||
(malloc_state_machine::on_realloc_call): Likewise.
|
||
(malloc_state_machine::on_realloc_call): Likewise.
|
||
* sm-sensitive.cc
|
||
(sensitive_state_machine::warn_for_any_exposure): Likewise.
|
||
* sm-taint.cc (taint_state_machine::on_stmt): Likewise.
|
||
|
||
2021-03-25 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93695
|
||
PR analyzer/99044
|
||
PR analyzer/99716
|
||
* engine.cc (exploded_node::on_stmt): Clear sm-state involving
|
||
an SSA name at the def-stmt of that SSA name.
|
||
* program-state.cc (sm_state_map::purge_state_involving): New.
|
||
* program-state.h (sm_state_map::purge_state_involving): New decl.
|
||
* region-model.cc (selftest::test_involves_p): New.
|
||
(selftest::analyzer_region_model_cc_tests): Call it.
|
||
* svalue.cc (class involvement_visitor): New class
|
||
(svalue::involves_p): New.
|
||
* svalue.h (svalue::involves_p): New decl.
|
||
|
||
2021-03-19 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/99614
|
||
* diagnostic-manager.cc (class epath_finder): Add
|
||
DISABLE_COPY_AND_ASSIGN.
|
||
|
||
2021-03-15 Martin Liska <mliska@suse.cz>
|
||
|
||
* sm-file.cc (get_file_using_fns): Add missing comma in initializer.
|
||
|
||
2021-03-11 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/96374
|
||
* analyzer.opt (-param=analyzer-max-infeasible-edges=): New param.
|
||
(fdump-analyzer-feasibility): New flag.
|
||
* diagnostic-manager.cc: Include "analyzer/trimmed-graph.h" and
|
||
"analyzer/feasible-graph.h".
|
||
(epath_finder::epath_finder): Convert m_sep to a pointer and
|
||
only create it if !flag_analyzer_feasibility.
|
||
(epath_finder::~epath_finder): New.
|
||
(epath_finder::m_sep): Convert to a pointer.
|
||
(epath_finder::get_best_epath): Add param "diag_idx" and use it
|
||
when logging. Rather than finding the shortest path and then
|
||
checking feasibility, instead use explore_feasible_paths unless
|
||
!flag_analyzer_feasibility, in which case simply use the shortest
|
||
path, and note if it is infeasible. Update for m_sep becoming a
|
||
pointer.
|
||
(class feasible_worklist): New.
|
||
(epath_finder::explore_feasible_paths): New.
|
||
(epath_finder::process_worklist_item): New.
|
||
(class dump_eg_with_shortest_path): New.
|
||
(epath_finder::dump_trimmed_graph): New.
|
||
(epath_finder::dump_feasible_graph): New.
|
||
(saved_diagnostic::saved_diagnostic): Add "idx" param, using it
|
||
on new field m_idx.
|
||
(saved_diagnostic::to_json): Dump m_idx.
|
||
(saved_diagnostic::calc_best_epath): Pass m_idx to get_best_epath.
|
||
Remove assertion that m_problem was set when m_best_epath is NULL.
|
||
(diagnostic_manager::add_diagnostic): Pass an index when created
|
||
saved_diagnostic instances.
|
||
* diagnostic-manager.h (saved_diagnostic::saved_diagnostic): Add
|
||
"idx" param.
|
||
(saved_diagnostic::get_index): New accessor.
|
||
(saved_diagnostic::m_idx): New field.
|
||
* engine.cc (exploded_node::dump_dot): Call args.dump_extra_info.
|
||
Move code to...
|
||
(exploded_node::dump_processed_stmts): ...this new function and...
|
||
(exploded_node::dump_saved_diagnostics): ...this new function.
|
||
Add index of each diagnostic.
|
||
(exploded_edge::dump_dot): Move bulk of code to...
|
||
(exploded_edge::dump_dot_label): ...this new function.
|
||
* exploded-graph.h (eg_traits::dump_args_t::dump_extra_info): New
|
||
vfunc.
|
||
(exploded_node::dump_processed_stmts): New decl.
|
||
(exploded_node::dump_saved_diagnostics): New decl.
|
||
(exploded_edge::dump_dot_label): New decl.
|
||
* feasible-graph.cc: New file.
|
||
* feasible-graph.h: New file.
|
||
* trimmed-graph.cc: New file.
|
||
* trimmed-graph.h: New file.
|
||
|
||
2021-03-11 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* diagnostic-manager.cc (epath_finder::epath_finder):
|
||
Update shortest_paths init for new param.
|
||
|
||
2021-03-10 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/96374
|
||
* engine.cc (exploded_path::feasible_p): Move "snodes_visited" and
|
||
"model" locals into a new class feasibility_state. Move heart
|
||
of per-edge processing into
|
||
feasibility_state::maybe_update_for_edge.
|
||
(feasibility_state::feasibility_state): New.
|
||
(feasibility_state::maybe_update_for_edge): New, based on loop
|
||
body in exploded_path::feasible_p.
|
||
* exploded-graph.h (class feasibility_state): New.
|
||
|
||
2021-03-10 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* supergraph.h
|
||
(callgraph_superedge::dyn_cast_callgraph_superedge): New.
|
||
(call_superedge::dyn_cast_callgraph_superedge): Delete.
|
||
(return_superedge::dyn_cast_callgraph_superedge): Delete.
|
||
|
||
2021-03-02 Martin Liska <mliska@suse.cz>
|
||
|
||
* diagnostic-manager.cc (diagnostic_manager::emit_saved_diagnostics):
|
||
Do not pass engine.
|
||
|
||
2021-02-26 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* engine.cc (exploded_path::exploded_path): New copy-ctor.
|
||
* exploded-graph.h (exploded_path::operator=): Drop decl.
|
||
|
||
2021-02-26 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/96374
|
||
* diagnostic-manager.cc (class epath_finder): New.
|
||
(epath_finder::get_best_epath): New.
|
||
(saved_diagnostic::saved_diagnostic): Update for replacement of
|
||
m_state and m_epath_length with m_best_epath.
|
||
(saved_diagnostic::~saved_diagnostic): Delete m_best_epath.
|
||
(saved_diagnostic::to_json): Update "path_length" to be optional.
|
||
(saved_diagnostic::calc_best_epath): New, based on
|
||
dedupe_winners::add and parts of dedupe_key::dedupe_key.
|
||
(saved_diagnostic::get_epath_length): New.
|
||
(saved_diagnostic::add_duplicate): New.
|
||
(dedupe_key::dedupe_key): Drop epath param. Move invocation of
|
||
stmt_finder to saved_diagnostic::calc_best_epath.
|
||
(class dedupe_candidate): Delete.
|
||
(class dedupe_hash_map_traits): Update to use saved_diagnotic *
|
||
rather than dedupe_candidate * as the value_type/compare_type.
|
||
(dedupe_winners::~dedupe_winners): Don't delete the values.
|
||
(dedupe_winners::add): Convert param from shortest_exploded_paths to
|
||
epath_finder. Drop "eg" param. Drop dedupe_candidate, moving
|
||
path generation and feasiblity checking to
|
||
epath_finder::get_best_epath. Update winner-selection for move
|
||
of epaths from dedupe_candidate to saved_diagnostic.
|
||
(dedupe_winners::emit_best): Update for removal of class
|
||
dedupe_candidate.
|
||
(dedupe_winners::map_t): Update to use saved_diagnotic * rather
|
||
than dedupe_candidate * as the value_type/compare_type.
|
||
(diagnostic_manager::emit_saved_diagnostics): Move
|
||
shortest_exploded_paths instance into epath_finder and pass that
|
||
around instead.
|
||
(diagnostic_manager::emit_saved_diagnostic): Drop epath, stmt
|
||
and num_dupes params, instead getting these from the
|
||
saved_diagnostic. Use correct location in inform_n call.
|
||
* diagnostic-manager.h (class epath_finder): New forward decl.
|
||
(saved_diagnostic::status): Drop enum.
|
||
(saved_diagnostic::set_feasible): Drop.
|
||
(saved_diagnostic::set_infeasible): Drop.
|
||
(saved_diagnostic::get_status): Drop.
|
||
(saved_diagnostic::calc_best_epath): New decl.
|
||
(saved_diagnostic::get_best_epath): New decl.
|
||
(saved_diagnostic::get_epath_length): New decl.
|
||
(saved_diagnostic::set_epath_length): Drop.
|
||
(saved_diagnostic::get_epath_length): Drop inline implementation.
|
||
(saved_diagnostic::add_duplicate): New.
|
||
(saved_diagnostic::get_num_dupes): New.
|
||
(saved_diagnostic::m_d): Document ownership.
|
||
(saved_diagnostic::m_trailing_eedge): Make const.
|
||
(saved_diagnostic::m_status): Drop field.
|
||
(saved_diagnostic::m_epath_length): Drop field.
|
||
(saved_diagnostic::m_best_epath): New field.
|
||
(saved_diagnostic::m_problem): Document ownership.
|
||
(saved_diagnostic::m_duplicates): New field.
|
||
(diagnostic_manager::emit_saved_diagnostic): Drop params epath,
|
||
stmt, and num_dupes.
|
||
* engine.cc (exploded_graph_annotator::print_saved_diagnostic):
|
||
Update for changes to saved_diagnostic class.
|
||
* exploded-graph.h (exploded_path::feasible_p): Drop unused
|
||
overloaded decl.
|
||
|
||
2021-02-25 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/99193
|
||
* region-model-impl-calls.cc (region_model::impl_call_realloc): New.
|
||
* region-model.cc (region_model::on_call_pre): Call it.
|
||
* region-model.h (region_model::impl_call_realloc): New decl.
|
||
* sm-malloc.cc (enum wording): Add WORDING_REALLOCATED.
|
||
(malloc_state_machine::m_realloc): New field.
|
||
(use_after_free::describe_state_change): Add case for
|
||
WORDING_REALLOCATED.
|
||
(use_after_free::describe_final_event): Likewise.
|
||
(malloc_state_machine::malloc_state_machine): Initialize
|
||
m_realloc.
|
||
(malloc_state_machine::on_stmt): Handle realloc by calling...
|
||
(malloc_state_machine::on_realloc_call): New.
|
||
|
||
2021-02-22 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/99196
|
||
* engine.cc (exploded_node::on_stmt): Provide terminate_path
|
||
flag as a way for on_call_pre to terminate the current analysis
|
||
path.
|
||
* region-model-impl-calls.cc (call_details::num_args): New.
|
||
(region_model::impl_call_error): New.
|
||
* region-model.cc (region_model::on_call_pre): Add param
|
||
"out_terminate_path". Handle "error" and "error_at_line".
|
||
* region-model.h (call_details::num_args): New decl.
|
||
(region_model::on_call_pre): Add param "out_terminate_path".
|
||
(region_model::impl_call_error): New decl.
|
||
|
||
2021-02-17 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/98969
|
||
* constraint-manager.cc (dead_svalue_purger::should_purge_p):
|
||
Update for change to svalue::live_p.
|
||
* program-state.cc (sm_state_map::on_liveness_change): Likewise.
|
||
(program_state::detect_leaks): Likewise.
|
||
* region-model-reachability.cc (reachable_regions::init_cluster):
|
||
When dealing with a symbolic region, if the underlying pointer is
|
||
implicitly live, add the region to the reachable regions.
|
||
* region-model.cc (region_model::compare_initial_and_pointer):
|
||
Move logic for detecting initial values of params to
|
||
initial_svalue::initial_value_of_param_p.
|
||
* svalue.cc (svalue::live_p): Convert "live_svalues" from a
|
||
reference to a pointer; support it being NULL.
|
||
(svalue::implicitly_live_p): Convert first param from a
|
||
refererence to a pointer.
|
||
(region_svalue::implicitly_live_p): Likewise.
|
||
(constant_svalue::implicitly_live_p): Likewise.
|
||
(initial_svalue::implicitly_live_p): Likewise. Treat the initial
|
||
values of params for the top level frame as still live.
|
||
(initial_svalue::initial_value_of_param_p): New function, taken
|
||
from a test in region_model::compare_initial_and_pointer.
|
||
(unaryop_svalue::implicitly_live_p): Convert first param from a
|
||
refererence to a pointer.
|
||
(binop_svalue::implicitly_live_p): Likewise.
|
||
(sub_svalue::implicitly_live_p): Likewise.
|
||
(unmergeable_svalue::implicitly_live_p): Likewise.
|
||
* svalue.h (svalue::live_p): Likewise.
|
||
(svalue::implicitly_live_p): Likewise.
|
||
(region_svalue::implicitly_live_p): Likewise.
|
||
(constant_svalue::implicitly_live_p): Likewise.
|
||
(initial_svalue::implicitly_live_p): Likewise.
|
||
(initial_svalue::initial_value_of_param_p): New decl.
|
||
(unaryop_svalue::implicitly_live_p): Convert first param from a
|
||
refererence to a pointer.
|
||
(binop_svalue::implicitly_live_p): Likewise.
|
||
(sub_svalue::implicitly_live_p): Likewise.
|
||
(unmergeable_svalue::implicitly_live_p): Likewise.
|
||
|
||
2021-02-12 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/98969
|
||
* engine.cc (readability): Add names for the various arbitrary
|
||
values. Handle NOP_EXPR and INTEGER_CST.
|
||
(readability_comparator): Combine the readability tests for
|
||
tree and stack depth, rather than performing them sequentially.
|
||
(impl_region_model_context::on_state_leak): Strip off top-level
|
||
casts.
|
||
* region-model.cc (region_model::get_representative_path_var): Add
|
||
type-checking, moving the bulk of the implementation to...
|
||
(region_model::get_representative_path_var_1): ...here. Respect
|
||
types in casts by recursing and re-adding the cast, rather than
|
||
merely stripping them off. Use the correct type when handling
|
||
region_svalue.
|
||
(region_model::get_representative_tree): Strip off any top-level
|
||
cast.
|
||
(region_model::get_representative_path_var): Add type-checking,
|
||
moving the bulk of the implementation to...
|
||
(region_model::get_representative_path_var_1): ...here.
|
||
* region-model.h (region_model::get_representative_path_var_1):
|
||
New decl
|
||
(region_model::get_representative_path_var_1): New decl.
|
||
* store.cc (append_pathvar_with_type): New.
|
||
(binding_cluster::get_representative_path_vars): Cast path_vars
|
||
to the correct type when adding them to *OUT_PVS.
|
||
|
||
2021-02-09 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/98575
|
||
* sm-file.cc (is_file_using_fn_p): Support "_IO_"-prefixed
|
||
variants.
|
||
|
||
2021-02-09 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/98575
|
||
* store.cc (store::set_value): Treat a pointer written to *UNKNOWN
|
||
as having escaped.
|
||
|
||
2021-02-02 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93355
|
||
PR analyzer/96374
|
||
* engine.cc (toplevel_function_p): Simplify so that
|
||
we only reject functions with a "__analyzer_" prefix.
|
||
(add_any_callbacks): Delete.
|
||
(exploded_graph::build_initial_worklist): Update for
|
||
dropped param of toplevel_function_p.
|
||
(exploded_graph::build_initial_worklist): Don't bother
|
||
looking for callbacks that are reachable from global
|
||
initializers.
|
||
|
||
2021-02-01 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/98918
|
||
* region-model-manager.cc
|
||
(region_model_manager::get_or_create_initial_value):
|
||
Fold the initial value of *UNKNOWN_PTR to an UNKNOWN value.
|
||
(region_model_manager::get_field_region): Fold the value
|
||
of UNKNOWN_PTR->FIELD to *UNKNOWN_PTR_OF_&FIELD_TYPE.
|
||
|
||
2021-01-29 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* checker-path.cc (event_kind_to_string): Handle
|
||
EK_START_CONSOLIDATED_CFG_EDGES and
|
||
EK_END_CONSOLIDATED_CFG_EDGES.
|
||
(start_consolidated_cfg_edges_event::get_desc): New.
|
||
(checker_path::cfg_edge_pair_at_p): New.
|
||
* checker-path.h (enum event_kind): Add
|
||
EK_START_CONSOLIDATED_CFG_EDGES and
|
||
EK_END_CONSOLIDATED_CFG_EDGES.
|
||
(class start_consolidated_cfg_edges_event): New class.
|
||
(class end_consolidated_cfg_edges_event): New class.
|
||
(checker_path::delete_events): New.
|
||
(checker_path::replace_event): New.
|
||
(checker_path::cfg_edge_pair_at_p): New decl.
|
||
* diagnostic-manager.cc (diagnostic_manager::prune_path): Call
|
||
consolidate_conditions.
|
||
(same_line_as_p): New.
|
||
(diagnostic_manager::consolidate_conditions): New.
|
||
* diagnostic-manager.h
|
||
(diagnostic_manager::consolidate_conditions): New decl.
|
||
|
||
2021-01-18 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* analyzer.h (is_std_named_call_p): New decl.
|
||
* diagnostic-manager.cc (path_builder::get_sm): New.
|
||
(state_change_event_creator::state_change_event_creator): Add "pb"
|
||
param.
|
||
(state_change_event_creator::on_global_state_change): Don't consider
|
||
state changes affecting other state_machines.
|
||
(state_change_event_creator::on_state_change): Likewise.
|
||
(state_change_event_creator::m_pb): New field.
|
||
(diagnostic_manager::add_events_for_eedge): Pass pb to visitor
|
||
ctor.
|
||
* region-model-impl-calls.cc
|
||
(region_model::impl_deallocation_call): New.
|
||
* region-model.cc: Include "attribs.h".
|
||
(region_model::on_call_post): Handle fndecls referenced by
|
||
__attribute__((deallocated_by(FOO))).
|
||
* region-model.h (region_model::impl_deallocation_call): New decl.
|
||
* sm-malloc.cc: Include "stringpool.h" and "attribs.h". Add
|
||
leading comment.
|
||
(class api): Delete.
|
||
(enum resource_state): Update comment for change from api to
|
||
deallocator and deallocator_set.
|
||
(allocation_state::allocation_state): Drop api param. Add
|
||
"deallocators" and "deallocator".
|
||
(allocation_state::m_api): Drop field in favor of...
|
||
(allocation_state::m_deallocators): New field.
|
||
(allocation_state::m_deallocator): New field.
|
||
(enum wording): Add WORDING_DEALLOCATED.
|
||
(struct deallocator): New.
|
||
(struct standard_deallocator): New.
|
||
(struct custom_deallocator): New.
|
||
(struct deallocator_set): New.
|
||
(struct custom_deallocator_set): New.
|
||
(struct standard_deallocator_set): New.
|
||
(struct deallocator_set_map_traits): New.
|
||
(malloc_state_machine::m_malloc): Drop field
|
||
(malloc_state_machine::m_scalar_new): Likewise.
|
||
(malloc_state_machine::m_vector_new): Likewise.
|
||
(malloc_state_machine::m_free): New field
|
||
(malloc_state_machine::m_scalar_delete): Likewise.
|
||
(malloc_state_machine::m_vector_delete): Likewise.
|
||
(malloc_state_machine::deallocator_map_t): New typedef.
|
||
(malloc_state_machine::m_deallocator_map): New field.
|
||
(malloc_state_machine::deallocator_set_cache_t): New typedef.
|
||
(malloc_state_machine::m_custom_deallocator_set_cache): New field.
|
||
(malloc_state_machine::custom_deallocator_set_map_t): New typedef.
|
||
(malloc_state_machine::m_custom_deallocator_set_map): New field.
|
||
(malloc_state_machine::m_dynamic_sets): New field.
|
||
(malloc_state_machine::m_dynamic_deallocators): New field.
|
||
(api::api): Delete.
|
||
(deallocator::deallocator): New ctor.
|
||
(deallocator::hash): New.
|
||
(deallocator::dump_to_pp): New.
|
||
(deallocator::cmp): New.
|
||
(deallocator::cmp_ptr_ptr): New.
|
||
(standard_deallocator::standard_deallocator): New ctor.
|
||
(deallocator_set::deallocator_set): New ctor.
|
||
(deallocator_set::dump): New.
|
||
(custom_deallocator_set::custom_deallocator_set): New ctor.
|
||
(custom_deallocator_set::contains_p): New.
|
||
(custom_deallocator_set::maybe_get_single): New.
|
||
(custom_deallocator_set::dump_to_pp): New.
|
||
(standard_deallocator_set::standard_deallocator_set): New ctor.
|
||
(standard_deallocator_set::contains_p): New.
|
||
(standard_deallocator_set::maybe_get_single): New.
|
||
(standard_deallocator_set::dump_to_pp): New.
|
||
(start_p): New.
|
||
(class mismatching_deallocation): Update for conversion from api
|
||
to deallocator_set and deallocator.
|
||
(double_free::emit): Use %qs.
|
||
(class use_after_free): Update for conversion from api to
|
||
deallocator_set and deallocator.
|
||
(malloc_leak::describe_state_change): Only emit "allocated here" on
|
||
a start->nonnull transition, rather than on other transitions to
|
||
nonnull.
|
||
(allocation_state::dump_to_pp): Update for conversion from api to
|
||
deallocator_set.
|
||
(allocation_state::get_nonnull): Likewise.
|
||
(malloc_state_machine::malloc_state_machine): Likewise.
|
||
(malloc_state_machine::~malloc_state_machine): New.
|
||
(malloc_state_machine::add_state): Update for conversion from api
|
||
to deallocator_set.
|
||
(malloc_state_machine::get_or_create_custom_deallocator_set): New.
|
||
(malloc_state_machine::maybe_create_custom_deallocator_set): New.
|
||
(malloc_state_machine::get_or_create_deallocator): New.
|
||
(malloc_state_machine::on_stmt): Update for conversion from api
|
||
to deallocator_set. Handle "__attribute__((malloc(FOO)))", and
|
||
the special attribute set on FOO.
|
||
(malloc_state_machine::on_allocator_call): Update for conversion
|
||
from api to deallocator_set. Add "returns_nonnull" param and use
|
||
it to affect which state to transition to.
|
||
(malloc_state_machine::on_deallocator_call): Update for conversion
|
||
from api to deallocator_set.
|
||
|
||
2021-01-14 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* engine.cc (strongly_connected_components::to_json): New.
|
||
(worklist::to_json): New.
|
||
(exploded_graph::to_json): JSON-ify the worklist.
|
||
* exploded-graph.h (strongly_connected_components::to_json): New
|
||
decl.
|
||
(worklist::to_json): New decl.
|
||
* store.cc (store::to_json): Fix comment.
|
||
* supergraph.cc (supernode::to_json): Fix reference to
|
||
"returning_call" in comment. Add optional "fun" to JSON.
|
||
(edge_kind_to_string): New.
|
||
(superedge::to_json): Add "kind" to JSON.
|
||
|
||
2021-01-14 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/98679
|
||
* analyzer.h (region_offset::operator==): Make const.
|
||
* pending-diagnostic.h (pending_diagnostic::equal_p): Likewise.
|
||
* store.h (binding_cluster::for_each_value): Likewise.
|
||
(binding_cluster::for_each_binding): Likewise.
|
||
|
||
2021-01-12 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/98628
|
||
* store.cc (binding_cluster::make_unknown_relative_to): Don't mark
|
||
dereferenced unknown pointers as having escaped.
|
||
|
||
2021-01-07 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/98580
|
||
* region.cc (decl_region::get_svalue_for_initializer): Gracefully
|
||
handle when LTO writes out DECL_INITIAL as error_mark_node.
|
||
|
||
2021-01-07 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/97074
|
||
* store.cc (binding_cluster::can_merge_p): Add "out_store" param
|
||
and pass to calls to binding_cluster::make_unknown_relative_to.
|
||
(binding_cluster::make_unknown_relative_to): Add "out_store"
|
||
param. Use it to mark base regions that are pointed to by
|
||
pointers that become unknown as having escaped.
|
||
(store::can_merge_p): Pass out_store to
|
||
binding_cluster::can_merge_p.
|
||
* store.h (binding_cluster::can_merge_p): Add "out_store" param.
|
||
(binding_cluster::make_unknown_relative_to): Likewise.
|
||
* svalue.cc (region_svalue::implicitly_live_p): New vfunc.
|
||
* svalue.h (region_svalue::implicitly_live_p): New vfunc decl.
|
||
|
||
2021-01-07 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/98564
|
||
* engine.cc (exploded_path::feasible_p): Add missing call to
|
||
bitmap_clear.
|
||
|
||
2021-01-06 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/97072
|
||
* region-model-reachability.cc (reachable_regions::init_cluster):
|
||
Convert symbolic region handling to a switch statement. Add cases
|
||
to handle SK_UNKNOWN and SK_CONJURED.
|
||
|
||
2021-01-05 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/98293
|
||
* store.cc (binding_map::apply_ctor_to_region): When "index" is
|
||
NULL, iterate through the fields for RECORD_TYPEs, rather than
|
||
creating an INTEGER_CST index.
|
||
|
||
2020-11-30 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* analyzer-pass.cc: Include "analyzer/analyzer.h" for the
|
||
declaration of sorry_no_analyzer; include "tree.h" and
|
||
"function.h" as these are needed by it.
|
||
|
||
2020-11-30 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* analyzer-pass.cc (pass_analyzer::execute): Move sorry call to...
|
||
(sorry_no_analyzer): New.
|
||
* analyzer.h (class state_machine): New forward decl.
|
||
(class logger): New forward decl.
|
||
(class plugin_analyzer_init_iface): New.
|
||
(sorry_no_analyzer): New decl.
|
||
* checker-path.cc (checker_path::fixup_locations): New.
|
||
* checker-path.h (checker_event::set_location): New.
|
||
(checker_path::fixup_locations): New decl.
|
||
* diagnostic-manager.cc
|
||
(diagnostic_manager::emit_saved_diagnostic): Call
|
||
checker_path::fixup_locations, and call fixup_location
|
||
on the primary location.
|
||
* engine.cc: Include "plugin.h".
|
||
(class plugin_analyzer_init_impl): New.
|
||
(impl_run_checkers): Invoke PLUGIN_ANALYZER_INIT callbacks.
|
||
* pending-diagnostic.h (pending_diagnostic::fixup_location): New
|
||
vfunc.
|
||
|
||
2020-11-18 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/97893
|
||
* sm-malloc.cc (null_deref::emit): Use CWE-476 rather than
|
||
CWE-690, as this isn't due to an unchecked return value.
|
||
(null_arg::emit): Likewise.
|
||
|
||
2020-11-12 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* checker-path.h (checker_event::get_id_ptr): New.
|
||
* diagnostic-manager.cc (path_builder::path_builder): Add "sd"
|
||
param and use it to initialize new field "m_sd".
|
||
(path_builder::get_pending_diagnostic): New.
|
||
(path_builder::m_sd): New field.
|
||
(diagnostic_manager::emit_saved_diagnostic): Pass sd to
|
||
path_builder ctor.
|
||
(diagnostic_manager::add_events_for_superedge): Call new
|
||
maybe_add_custom_events_for_superedge vfunc.
|
||
* engine.cc (stale_jmp_buf::stale_jmp_buf): Add "setjmp_point"
|
||
param and use it to initialize new field "m_setjmp_point".
|
||
Initialize new field "m_stack_pop_event".
|
||
(stale_jmp_buf::maybe_add_custom_events_for_superedge): New vfunc
|
||
implementation.
|
||
(stale_jmp_buf::describe_final_event): New vfunc implementation.
|
||
(stale_jmp_buf::m_setjmp_point): New field.
|
||
(stale_jmp_buf::m_stack_pop_event): New field.
|
||
(exploded_node::on_longjmp): Pass setjmp_point to stale_jmp_buf
|
||
ctor.
|
||
* pending-diagnostic.h
|
||
(pending_diagnostic::maybe_add_custom_events_for_superedge): New
|
||
vfunc.
|
||
|
||
2020-11-12 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR tree-optimization/97424
|
||
* analyzer.opt (Wanalyzer-shift-count-negative): New.
|
||
(Wanalyzer-shift-count-overflow): New.
|
||
* region-model.cc (class shift_count_negative_diagnostic): New.
|
||
(class shift_count_overflow_diagnostic): New.
|
||
(region_model::get_gassign_result): Complain about shift counts that
|
||
are negative or are >= the operand's type's width.
|
||
|
||
2020-11-10 Martin Liska <mliska@suse.cz>
|
||
|
||
* constraint-manager.cc (constraint_manager::merge): Remove
|
||
unused code.
|
||
* constraint-manager.h: Likewise.
|
||
* program-state.cc (sm_state_map::sm_state_map): Likewise.
|
||
(program_state::program_state): Likewise.
|
||
(test_sm_state_map): Likewise.
|
||
* program-state.h: Likewise.
|
||
* region-model-reachability.cc (reachable_regions::reachable_regions): Likewise.
|
||
* region-model-reachability.h: Likewise.
|
||
* region-model.cc (region_model::handle_unrecognized_call): Likewise.
|
||
(region_model::get_reachable_svalues): Likewise.
|
||
(region_model::can_merge_with_p): Likewise.
|
||
|
||
2020-11-05 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/97668
|
||
* svalue.cc (cmp_cst): Handle COMPLEX_CST.
|
||
|
||
2020-10-29 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* program-state.cc (sm_state_map::on_liveness_change): Sort the
|
||
leaking svalues before calling on_state_leak.
|
||
(program_state::detect_leaks): Likewise when calling
|
||
on_svalue_leak.
|
||
* region-model-reachability.cc
|
||
(reachable_regions::mark_escaped_clusters): Likewise when
|
||
calling on_escaped_function.
|
||
|
||
2020-10-29 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/97608
|
||
* region-model-reachability.cc (reachable_regions::handle_sval):
|
||
Operands of reachable reversible operations are reachable.
|
||
|
||
2020-10-29 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* analyzer.h (class state_machine): New forward decl.
|
||
(class logger): Likewise.
|
||
(class visitor): Likewise.
|
||
* complexity.cc: New file, taken from svalue.cc.
|
||
* complexity.h: New file, taken from region-model.h.
|
||
* region-model.h: Include "analyzer/svalue.h" and
|
||
"analyzer/region.h". Move struct complexity to complexity.h.
|
||
Move svalue, its subclasses and supporting decls to svalue.h.
|
||
Move region, its subclasses and supporting decls to region.h.
|
||
* region.cc: Include "analyzer/region.h".
|
||
(symbolic_region::symbolic_region): Move here from region-model.h.
|
||
* region.h: New file, based on material from region-model.h.
|
||
* svalue.cc: Include "analyzer/svalue.h".
|
||
(complexity::complexity): Move to complexity.cc.
|
||
(complexity::from_pair): Likewise.
|
||
* svalue.h: New file, based on material from region-model.h.
|
||
|
||
2020-10-29 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* program-state.cc (sm_state_map::print): Guard the printing of
|
||
the origin pointer with !flag_dump_noaddr.
|
||
* region.cc (string_region::dump_to_pp): Likewise for
|
||
m_string_cst.
|
||
|
||
2020-10-27 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/97568
|
||
* region-model.cc (region_model::get_initial_value_for_global):
|
||
Move check that !DECL_EXTERNAL from here to...
|
||
* region.cc (decl_region::get_svalue_for_initializer): ...here,
|
||
using it to reject zero initialization.
|
||
|
||
2020-10-27 Markus Böck <markus.boeck02@gmail.com>
|
||
|
||
PR analyzer/96608
|
||
* store.h (hash): Cast to intptr_t instead of long
|
||
|
||
2020-10-27 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* constraint-manager.cc (svalue_cmp_by_ptr): Delete.
|
||
(equiv_class::canonicalize): Use svalue::cmp_ptr_ptr instead.
|
||
(equiv_class_cmp): Eliminate pointer comparison.
|
||
* diagnostic-manager.cc (dedupe_key::comparator): If they are at
|
||
the same location, also compare epath ength and pending_diagnostic
|
||
kind.
|
||
* engine.cc (readability_comparator): If two path_vars have the
|
||
same readability, then impose an arbitrary ordering on them.
|
||
(worklist::key_t::cmp): If two points have the same plan ordering,
|
||
continue the comparison. Call sm_state_map::cmp rather than
|
||
comparing hash values.
|
||
* program-state.cc (sm_state_map::entry_t::cmp): New.
|
||
(sm_state_map::cmp): New.
|
||
* program-state.h (sm_state_map::entry_t::cmp): New decl.
|
||
(sm_state_map::elements): New.
|
||
(sm_state_map::cmp): New.
|
||
|
||
2020-10-27 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* engine.cc (setjmp_record::cmp): New.
|
||
(supernode_cluster::dump_dot): Avoid embedding pointer in cluster
|
||
name.
|
||
(supernode_cluster::cmp_ptr_ptr): New.
|
||
(function_call_string_cluster::dump_dot): Avoid embedding pointer
|
||
in cluster name. Sort m_map when dumping child clusters.
|
||
(function_call_string_cluster::cmp_ptr_ptr): New.
|
||
(root_cluster::dump_dot): Sort m_map when dumping child clusters.
|
||
* program-point.cc (function_point::cmp): New.
|
||
(function_point::cmp_ptr): New.
|
||
* program-point.h (function_point::cmp): New decl.
|
||
(function_point::cmp_ptr): New decl.
|
||
* program-state.cc (sm_state_map::print): Sort the values. Guard
|
||
the printing of pointers with !flag_dump_noaddr.
|
||
(program_state::prune_for_point): Sort the regions.
|
||
(log_set_of_svalues): Sort the values. Guard the printing of
|
||
pointers with !flag_dump_noaddr.
|
||
* region-model-manager.cc (log_uniq_map): Sort the values.
|
||
* region-model-reachability.cc (dump_set): New function template.
|
||
(reachable_regions::dump_to_pp): Use it.
|
||
* region-model.h (svalue::cmp_ptr): New decl.
|
||
(svalue::cmp_ptr_ptr): New decl.
|
||
(setjmp_record::cmp): New decl.
|
||
(placeholder_svalue::get_name): New accessor.
|
||
(widening_svalue::get_point): New accessor.
|
||
(compound_svalue::get_map): New accessor.
|
||
(conjured_svalue::get_stmt): New accessor.
|
||
(conjured_svalue::get_id_region): New accessor.
|
||
(region::cmp_ptrs): Rename to...
|
||
(region::cmp_ptr_ptr): ...this.
|
||
* region.cc (region::cmp_ptrs): Rename to...
|
||
(region::cmp_ptr_ptr): ...this.
|
||
* state-purge.cc
|
||
(state_purge_per_ssa_name::state_purge_per_ssa_name): Sort
|
||
m_points_needing_name when dumping.
|
||
* store.cc (concrete_binding::cmp_ptr_ptr): New.
|
||
(symbolic_binding::cmp_ptr_ptr): New.
|
||
(binding_map::cmp): New.
|
||
(get_sorted_parent_regions): Update for renaming of
|
||
region::cmp_ptrs to region::cmp_ptr_ptr.
|
||
(store::dump_to_pp): Likewise.
|
||
(store::to_json): Likewise.
|
||
(store::can_merge_p): Sort the base regions before considering
|
||
them.
|
||
* store.h (concrete_binding::cmp_ptr_ptr): New decl.
|
||
(symbolic_binding::cmp_ptr_ptr): New decl.
|
||
(binding_map::cmp): New decl.
|
||
* supergraph.cc (supergraph::supergraph): Assign UIDs to the
|
||
gimple stmts.
|
||
* svalue.cc (cmp_cst): New.
|
||
(svalue::cmp_ptr): New.
|
||
(svalue::cmp_ptr_ptr): New.
|
||
|
||
2020-10-27 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* engine.cc (exploded_graph::get_or_create_node): Fix off-by-one
|
||
when imposing param_analyzer_max_enodes_per_program_point limit.
|
||
|
||
2020-10-27 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* region-model.cc (region_model::get_representative_path_var):
|
||
Implement case RK_LABEL.
|
||
* region-model.h (label_region::get_label): New accessor.
|
||
|
||
2020-10-22 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/97514
|
||
* engine.cc (exploded_graph::add_function_entry): Handle failure
|
||
to create an enode, rather than asserting.
|
||
|
||
2020-10-22 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/97489
|
||
* engine.cc (exploded_graph::add_function_entry): Assert that we
|
||
have a function body.
|
||
(exploded_graph::on_escaped_function): Reject fndecls that don't
|
||
have a function body.
|
||
|
||
2020-10-14 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93388
|
||
* region-model.cc (region_model::get_initial_value_for_global):
|
||
Fall back to returning an initial_svalue if
|
||
decl_region::get_svalue_for_initializer fails.
|
||
* region.cc (decl_region::get_svalue_for_initializer): Don't
|
||
attempt to create a compound_svalue if the region has an unknown
|
||
size.
|
||
|
||
2020-10-14 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93723
|
||
* store.cc (binding_map::apply_ctor_to_region): Remove redundant
|
||
assertion.
|
||
|
||
2020-10-12 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/97258
|
||
* engine.cc (impl_region_model_context::on_escaped_function): New
|
||
vfunc.
|
||
(exploded_graph::add_function_entry): Use m_functions_with_enodes
|
||
to implement idempotency.
|
||
(add_any_callbacks): New.
|
||
(exploded_graph::build_initial_worklist): Use the above to find
|
||
callbacks that are reachable from global initializers.
|
||
(exploded_graph::on_escaped_function): New.
|
||
* exploded-graph.h
|
||
(impl_region_model_context::on_escaped_function): New decl.
|
||
(exploded_graph::on_escaped_function): New decl.
|
||
(exploded_graph::m_functions_with_enodes): New field.
|
||
* region-model-reachability.cc
|
||
(reachable_regions::reachable_regions): Replace "store" param with
|
||
"model" param; use it to initialize m_model.
|
||
(reachable_regions::add): When getting the svalue for the region,
|
||
call get_store_value on the model rather than using an initial
|
||
value.
|
||
(reachable_regions::mark_escaped_clusters): Add ctxt param and
|
||
use it to call on_escaped_function when a function_region escapes.
|
||
* region-model-reachability.h
|
||
(reachable_regions::reachable_regions): Replace "store" param with
|
||
"model" param.
|
||
(reachable_regions::mark_escaped_clusters): Add ctxt param.
|
||
(reachable_regions::m_model): New field.
|
||
* region-model.cc (region_model::handle_unrecognized_call): Update
|
||
for change in reachable_regions ctor.
|
||
(region_model::handle_unrecognized_call): Pass ctxt to
|
||
mark_escaped_clusters.
|
||
(region_model::get_reachable_svalues): Update for change in
|
||
reachable_regions ctor.
|
||
(region_model::get_initial_value_for_global): Read-only variables
|
||
keep their initial values.
|
||
* region-model.h (region_model_context::on_escaped_function): New
|
||
vfunc.
|
||
(noop_region_model_context::on_escaped_function): New.
|
||
|
||
2020-10-12 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* analyzer.opt (Wanalyzer-write-to-const): New.
|
||
(Wanalyzer-write-to-string-literal): New.
|
||
* region-model-impl-calls.cc (region_model::impl_call_memcpy):
|
||
Call check_for_writable_region.
|
||
(region_model::impl_call_memset): Likewise.
|
||
(region_model::impl_call_strcpy): Likewise.
|
||
* region-model.cc (class write_to_const_diagnostic): New.
|
||
(class write_to_string_literal_diagnostic): New.
|
||
(region_model::check_for_writable_region): New.
|
||
(region_model::set_value): Call check_for_writable_region.
|
||
* region-model.h (region_model::check_for_writable_region): New
|
||
decl.
|
||
|
||
2020-10-07 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/97116
|
||
* sm-malloc.cc (method_p): New.
|
||
(describe_argument_index): New.
|
||
(inform_nonnull_attribute): Use describe_argument_index.
|
||
(possible_null_arg::describe_final_event): Likewise.
|
||
(null_arg::describe_final_event): Likewise.
|
||
|
||
2020-09-29 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/95188
|
||
* engine.cc (stmt_requires_new_enode_p): Split enodes before
|
||
"signal" calls.
|
||
|
||
2020-09-29 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* constraint-manager.cc
|
||
(constraint_manager::add_constraint_internal): Whitespace fixes.
|
||
Silence -Wsign-compare warning.
|
||
* engine.cc (maybe_process_run_of_before_supernode_enodes):
|
||
Silence -Wsign-compare warning.
|
||
|
||
2020-09-28 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* region-model.h (binop_svalue::dyn_cast_binop_svalue): Remove
|
||
redundant "virtual". Add FINAL OVERRIDE.
|
||
(widening_svalue::dyn_cast_widening_svalue): Add FINAL OVERRIDE.
|
||
(compound_svalue::dyn_cast_compound_svalue): Likewise.
|
||
(conjured_svalue::dyn_cast_conjured_svalue): Likewise.
|
||
|
||
2020-09-28 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* diagnostic-manager.cc (null_assignment_sm_context::m_visitor):
|
||
Remove unused field.
|
||
|
||
2020-09-28 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/97233
|
||
* analyzer.cc (is_longjmp_call_p): Require the initial argument
|
||
to be a pointer.
|
||
* engine.cc (exploded_node::on_longjmp): Likewise.
|
||
|
||
2020-09-28 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* program-state.cc (sm_state_map::print): Update check
|
||
for m_global_state being the start state.
|
||
|
||
2020-09-26 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/96646
|
||
PR analyzer/96841
|
||
* region-model.cc (region_model::get_representative_path_var):
|
||
When handling offset_region, wrap the MEM_REF's first argument in
|
||
an ADDR_EXPR of pointer type, rather than simply using the tree
|
||
for the parent region. Require the MEM_REF's second argument to
|
||
be an integer constant.
|
||
|
||
2020-09-24 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* analyzer.h (struct rejected_constraint): New decl.
|
||
* analyzer.opt (fanalyzer-feasibility): New option.
|
||
* diagnostic-manager.cc (path_builder::path_builder): Add
|
||
"problem" param and use it to initialize new field.
|
||
(path_builder::get_feasibility_problem): New accessor.
|
||
(path_builder::m_feasibility_problem): New field.
|
||
(dedupe_winners::add): Remove inversion of logic in "if" clause,
|
||
swapping if/else suites. In the !feasible_p suite, inspect
|
||
flag_analyzer_feasibility and add code to handle when this
|
||
is off, accepting the infeasible path, but recording the
|
||
feasibility_problem.
|
||
(diagnostic_manager::emit_saved_diagnostic): Pass the
|
||
feasibility_problem to the path_builder.
|
||
(diagnostic_manager::add_events_for_eedge): If we have
|
||
a feasibility_problem at this edge, use it to add a custom event.
|
||
* engine.cc (exploded_path::feasible_p): Pass a
|
||
rejected_constraint ** to model.maybe_update_for_edge and transfer
|
||
ownership of any created instance to any feasibility_problem.
|
||
(feasibility_problem::dump_to_pp): New.
|
||
* exploded-graph.h (feasibility_problem::feasibility_problem):
|
||
Drop "model" param; add rejected_constraint * param.
|
||
(feasibility_problem::~feasibility_problem): New.
|
||
(feasibility_problem::dump_to_pp): New decl.
|
||
(feasibility_problem::m_model): Drop field.
|
||
(feasibility_problem::m_rc): New field.
|
||
* program-point.cc (function_point::get_location): Handle
|
||
PK_BEFORE_SUPERNODE and PK_AFTER_SUPERNODE.
|
||
* program-state.cc (program_state::on_edge): Pass NULL to new
|
||
param of region_model::maybe_update_for_edge.
|
||
* region-model.cc (region_model::add_constraint): New overload
|
||
adding a rejected_constraint ** param.
|
||
(region_model::maybe_update_for_edge): Add rejected_constraint **
|
||
param and pass it to the various apply_constraints_for_ calls.
|
||
(region_model::apply_constraints_for_gcond): Add
|
||
rejected_constraint ** param and pass it to add_constraint calls.
|
||
(region_model::apply_constraints_for_gswitch): Likewise.
|
||
(region_model::apply_constraints_for_exception): Likewise.
|
||
(rejected_constraint::dump_to_pp): New.
|
||
* region-model.h (region_model::maybe_update_for_edge):
|
||
Add rejected_constraint ** param.
|
||
(region_model::add_constraint): New overload adding a
|
||
rejected_constraint ** param.
|
||
(region_model::apply_constraints_for_gcond): Add
|
||
rejected_constraint ** param.
|
||
(region_model::apply_constraints_for_gswitch): Likewise.
|
||
(region_model::apply_constraints_for_exception): Likewise.
|
||
(struct rejected_constraint): New.
|
||
|
||
2020-09-23 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/97178
|
||
* engine.cc (impl_run_checkers): Update for change to ext_state
|
||
ctor.
|
||
* program-state.cc (selftest::test_sm_state_map): Pass an engine
|
||
instance to ext_state ctor.
|
||
(selftest::test_program_state_1): Likewise.
|
||
(selftest::test_program_state_2): Likewise.
|
||
(selftest::test_program_state_merging): Likewise.
|
||
(selftest::test_program_state_merging_2): Likewise.
|
||
* program-state.h (extrinsic_state::extrinsic_state): Remove NULL
|
||
default value for "eng" param.
|
||
|
||
2020-09-23 Tobias Burnus <tobias@codesourcery.com>
|
||
|
||
* analyzer-logging.cc: Guard '#pragma ... ignored "-Wformat-diag"'
|
||
by '#if __GNUC__ >= 10'
|
||
* analyzer.h: Likewise.
|
||
* call-string.cc: Likewise.
|
||
|
||
2020-09-23 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* engine.cc (exploded_node::on_stmt): Replace sequence of dyn_cast
|
||
with switch.
|
||
|
||
2020-09-22 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* analysis-plan.cc: Include "json.h".
|
||
* analyzer.opt (fdump-analyzer-json): New.
|
||
* call-string.cc: Include "json.h".
|
||
(call_string::to_json): New.
|
||
* call-string.h (call_string::to_json): New decl.
|
||
* checker-path.cc: Include "json.h".
|
||
* constraint-manager.cc: Include "json.h".
|
||
(equiv_class::to_json): New.
|
||
(constraint::to_json): New.
|
||
(constraint_manager::to_json): New.
|
||
* constraint-manager.h (equiv_class::to_json): New decl.
|
||
(constraint::to_json): New decl.
|
||
(constraint_manager::to_json): New decl.
|
||
* diagnostic-manager.cc: Include "json.h".
|
||
(saved_diagnostic::to_json): New.
|
||
(diagnostic_manager::to_json): New.
|
||
* diagnostic-manager.h (saved_diagnostic::to_json): New decl.
|
||
(diagnostic_manager::to_json): New decl.
|
||
* engine.cc: Include "json.h", <zlib.h>.
|
||
(exploded_node::status_to_str): New.
|
||
(exploded_node::to_json): New.
|
||
(exploded_edge::to_json): New.
|
||
(exploded_graph::to_json): New.
|
||
(dump_analyzer_json): New.
|
||
(impl_run_checkers): Call it.
|
||
* exploded-graph.h (exploded_node::status_to_str): New decl.
|
||
(exploded_node::to_json): New.
|
||
(exploded_edge::to_json): New.
|
||
(exploded_graph::to_json): New.
|
||
* pending-diagnostic.cc: Include "json.h".
|
||
* program-point.cc: Include "json.h".
|
||
(program_point::to_json): New.
|
||
* program-point.h (program_point::to_json): New decl.
|
||
* program-state.cc: Include "json.h".
|
||
(extrinsic_state::to_json): New.
|
||
(sm_state_map::to_json): New.
|
||
(program_state::to_json): New.
|
||
* program-state.h (extrinsic_state::to_json): New decl.
|
||
(sm_state_map::to_json): New decl.
|
||
(program_state::to_json): New decl.
|
||
* region-model-impl-calls.cc: Include "json.h".
|
||
* region-model-manager.cc: Include "json.h".
|
||
* region-model-reachability.cc: Include "json.h".
|
||
* region-model.cc: Include "json.h".
|
||
* region-model.h (svalue::to_json): New decl.
|
||
(region::to_json): New decl.
|
||
* region.cc: Include "json.h".
|
||
(region::to_json: New.
|
||
* sm-file.cc: Include "json.h".
|
||
* sm-malloc.cc: Include "json.h".
|
||
* sm-pattern-test.cc: Include "json.h".
|
||
* sm-sensitive.cc: Include "json.h".
|
||
* sm-signal.cc: Include "json.h".
|
||
(signal_delivery_edge_info_t::to_json): New.
|
||
* sm-taint.cc: Include "json.h".
|
||
* sm.cc: Include "diagnostic.h", "tree-diagnostic.h", and
|
||
"json.h".
|
||
(state_machine::state::to_json): New.
|
||
(state_machine::to_json): New.
|
||
* sm.h (state_machine::state::to_json): New.
|
||
(state_machine::to_json): New.
|
||
* state-purge.cc: Include "json.h".
|
||
* store.cc: Include "json.h".
|
||
(binding_key::get_desc): New.
|
||
(binding_map::to_json): New.
|
||
(binding_cluster::to_json): New.
|
||
(store::to_json): New.
|
||
* store.h (binding_key::get_desc): New decl.
|
||
(binding_map::to_json): New decl.
|
||
(binding_cluster::to_json): New decl.
|
||
(store::to_json): New decl.
|
||
* supergraph.cc: Include "json.h".
|
||
(supergraph::to_json): New.
|
||
(supernode::to_json): New.
|
||
(superedge::to_json): New.
|
||
* supergraph.h (supergraph::to_json): New decl.
|
||
(supernode::to_json): New decl.
|
||
(superedge::to_json): New decl.
|
||
* svalue.cc: Include "json.h".
|
||
(svalue::to_json): New.
|
||
|
||
2020-09-21 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/97130
|
||
* region-model-impl-calls.cc (call_details::get_arg_type): New.
|
||
* region-model.cc (region_model::on_call_pre): Check that the
|
||
initial arg is a pointer before calling impl_call_memset and
|
||
impl_call_strlen.
|
||
* region-model.h (call_details::get_arg_type): New decl.
|
||
|
||
2020-09-21 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93355
|
||
* sm-malloc.cc (malloc_state_machine::get_default_state): Look at
|
||
the base region when considering pointers. Treat pointers to
|
||
decls as being non-heap.
|
||
|
||
2020-09-18 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* checker-path.cc (warning_event::get_desc): Handle global state
|
||
changes.
|
||
|
||
2020-09-18 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* sm-malloc.cc (malloc_state_machine::on_stmt): Handle strdup and
|
||
strndup as being malloc-like allocators.
|
||
|
||
2020-09-16 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* engine.cc (strongly_connected_components::strong_connect): Only
|
||
consider intraprocedural edges when creating SCCs.
|
||
(worklist::key_t::cmp): Add comment. Treat call_string
|
||
differences as more important than differences of program_point
|
||
within a supernode.
|
||
|
||
2020-09-16 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* engine.cc (supernode_cluster::dump_dot): Show the SCC id
|
||
in the per-supernode clusters in FILENAME.eg.dot output.
|
||
(exploded_graph_annotator::add_node_annotations):
|
||
Show the SCC of the supernode in FILENAME.supernode.eg.dot output.
|
||
* exploded-graph.h (worklist::scc_id): New.
|
||
(exploded_graph::get_scc_id): New.
|
||
|
||
2020-09-16 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* engine.cc (exploded_node::dump_dot): Show STATUS_BULK_MERGED.
|
||
(exploded_graph::process_worklist): Call
|
||
maybe_process_run_of_before_supernode_enodes.
|
||
(exploded_graph::maybe_process_run_of_before_supernode_enodes):
|
||
New.
|
||
(exploded_graph_annotator::print_enode): Show STATUS_BULK_MERGED.
|
||
* exploded-graph.h (enum exploded_node::status): Add
|
||
STATUS_BULK_MERGED.
|
||
|
||
2020-09-16 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* engine.cc
|
||
(exploded_graph::process_node) <case PK_BEFORE_SUPERNODE>:
|
||
Simplify by using program_point::get_next.
|
||
* program-point.cc (program_point::get_next): New.
|
||
* program-point.h (program_point::get_next): New decl.
|
||
|
||
2020-09-16 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* engine.cc (exploded_graph::get_or_create_node): Show the
|
||
program point when issuing -Wanalyzer-too-complex due to hitting
|
||
the per-program-point limit.
|
||
|
||
2020-09-16 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* region-model.cc (region_model::on_call_pre): Treat getchar as
|
||
having no side-effects.
|
||
|
||
2020-09-15 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/96650
|
||
* constraint-manager.cc (merger_fact_visitor::on_fact): Replace
|
||
assertion that add_constraint succeeded with an assertion that
|
||
if it fails, -fanalyzer-transitivity is off.
|
||
|
||
2020-09-14 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* analyzer.opt (-param=analyzer-max-constraints=): New param.
|
||
* constraint-manager.cc
|
||
(constraint_manager::add_constraint_internal): Silently reject
|
||
attempts to add constraints when the above limit is reached.
|
||
|
||
2020-09-14 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/96653
|
||
* constraint-manager.cc
|
||
(constraint_manager::get_or_add_equiv_class): Don't accumulate
|
||
transitive closure of all constraints on constants.
|
||
|
||
2020-09-14 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/97029
|
||
* analyzer.cc (is_setjmp_call_p): Require the initial arg to be a
|
||
pointer.
|
||
* region-model.cc (region_model::deref_rvalue): Assert that the
|
||
svalue is of pointer type.
|
||
|
||
2020-09-11 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/96798
|
||
* region-model-impl-calls.cc (region_model::impl_call_memcpy):
|
||
New.
|
||
(region_model::impl_call_strcpy): New.
|
||
* region-model.cc (region_model::on_call_pre): Flag unhandled
|
||
builtins that are non-pure as having unknown side-effects.
|
||
Implement BUILT_IN_MEMCPY, BUILT_IN_MEMCPY_CHK, BUILT_IN_STRCPY,
|
||
BUILT_IN_STRCPY_CHK, BUILT_IN_FPRINTF, BUILT_IN_FPRINTF_UNLOCKED,
|
||
BUILT_IN_PUTC, BUILT_IN_PUTC_UNLOCKED, BUILT_IN_FPUTC,
|
||
BUILT_IN_FPUTC_UNLOCKED, BUILT_IN_FPUTS, BUILT_IN_FPUTS_UNLOCKED,
|
||
BUILT_IN_FWRITE, BUILT_IN_FWRITE_UNLOCKED, BUILT_IN_PRINTF,
|
||
BUILT_IN_PRINTF_UNLOCKED, BUILT_IN_PUTCHAR,
|
||
BUILT_IN_PUTCHAR_UNLOCKED, BUILT_IN_PUTS, BUILT_IN_PUTS_UNLOCKED,
|
||
BUILT_IN_VFPRINTF, BUILT_IN_VPRINTF.
|
||
* region-model.h (region_model::impl_call_memcpy): New decl.
|
||
(region_model::impl_call_strcpy): New decl.
|
||
|
||
2020-09-09 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/94355
|
||
* analyzer.opt (Wanalyzer-mismatching-deallocation): New warning.
|
||
* region-model-impl-calls.cc
|
||
(region_model::impl_call_operator_new): New.
|
||
(region_model::impl_call_operator_delete): New.
|
||
* region-model.cc (region_model::on_call_pre): Detect operator new
|
||
and operator delete.
|
||
(region_model::on_call_post): Likewise.
|
||
(region_model::maybe_update_for_edge): Detect EH edges and call...
|
||
(region_model::apply_constraints_for_exception): New function.
|
||
* region-model.h (region_model::impl_call_operator_new): New decl.
|
||
(region_model::impl_call_operator_delete): New decl.
|
||
(region_model::apply_constraints_for_exception): New decl.
|
||
* sm-malloc.cc (enum resource_state): New.
|
||
(struct allocation_state): New state subclass.
|
||
(enum wording): New.
|
||
(struct api): New.
|
||
(malloc_state_machine::custom_data_t): New typedef.
|
||
(malloc_state_machine::add_state): New decl.
|
||
(malloc_state_machine::m_unchecked)
|
||
(malloc_state_machine::m_nonnull)
|
||
(malloc_state_machine::m_freed): Delete these states in favor
|
||
of...
|
||
(malloc_state_machine::m_malloc)
|
||
(malloc_state_machine::m_scalar_new)
|
||
(malloc_state_machine::m_vector_new): ...this new api instances,
|
||
which own their own versions of these states.
|
||
(malloc_state_machine::on_allocator_call): New decl.
|
||
(malloc_state_machine::on_deallocator_call): New decl.
|
||
(api::api): New ctor.
|
||
(dyn_cast_allocation_state): New.
|
||
(as_a_allocation_state): New.
|
||
(get_rs): New.
|
||
(unchecked_p): New.
|
||
(nonnull_p): New.
|
||
(freed_p): New.
|
||
(malloc_diagnostic::describe_state_change): Use unchecked_p and
|
||
nonnull_p.
|
||
(class mismatching_deallocation): New.
|
||
(double_free::double_free): Add funcname param for initializing
|
||
m_funcname.
|
||
(double_free::emit): Use m_funcname in warning message rather
|
||
than hardcoding "free".
|
||
(double_free::describe_state_change): Likewise. Use freed_p.
|
||
(double_free::describe_call_with_state): Use freed_p.
|
||
(double_free::describe_final_event): Use m_funcname in message
|
||
rather than hardcoding "free".
|
||
(double_free::m_funcname): New field.
|
||
(possible_null::describe_state_change): Use unchecked_p.
|
||
(possible_null::describe_return_of_state): Likewise.
|
||
(use_after_free::use_after_free): Add param for initializing m_api.
|
||
(use_after_free::emit): Use m_api->m_dealloc_funcname in message
|
||
rather than hardcoding "free".
|
||
(use_after_free::describe_state_change): Use freed_p. Change the
|
||
wording of the message based on the API.
|
||
(use_after_free::describe_final_event): Use
|
||
m_api->m_dealloc_funcname in message rather than hardcoding
|
||
"free". Change the wording of the message based on the API.
|
||
(use_after_free::m_api): New field.
|
||
(malloc_leak::describe_state_change): Use unchecked_p. Update
|
||
for renaming of m_malloc_event to m_alloc_event.
|
||
(malloc_leak::describe_final_event): Update for renaming of
|
||
m_malloc_event to m_alloc_event.
|
||
(malloc_leak::m_malloc_event): Rename...
|
||
(malloc_leak::m_alloc_event): ...to this.
|
||
(free_of_non_heap::free_of_non_heap): Add param for initializing
|
||
m_funcname.
|
||
(free_of_non_heap::emit): Use m_funcname in message rather than
|
||
hardcoding "free".
|
||
(free_of_non_heap::describe_final_event): Likewise.
|
||
(free_of_non_heap::m_funcname): New field.
|
||
(allocation_state::dump_to_pp): New.
|
||
(allocation_state::get_nonnull): New.
|
||
(malloc_state_machine::malloc_state_machine): Update for changes
|
||
to state fields and new api fields.
|
||
(malloc_state_machine::add_state): New.
|
||
(malloc_state_machine::on_stmt): Move malloc/calloc handling to
|
||
on_allocator_call and call it, passing in the API pointer.
|
||
Likewise for free, moving it to on_deallocator_call. Handle calls
|
||
to operator new and delete in an analogous way. Use unchecked_p
|
||
when testing for possibly-null-arg and possibly-null-deref, and
|
||
transition to the non-null for the correct API. Remove redundant
|
||
node param from call to on_zero_assignment. Use freed_p for
|
||
use-after-free check, and pass in API.
|
||
(malloc_state_machine::on_allocator_call): New, based on code in
|
||
on_stmt.
|
||
(malloc_state_machine::on_deallocator_call): Likewise.
|
||
(malloc_state_machine::on_phi): Mark node param with
|
||
ATTRIBUTE_UNUSED; don't pass it to on_zero_assignment.
|
||
(malloc_state_machine::on_condition): Mark node param with
|
||
ATTRIBUTE_UNUSED. Replace on_transition calls with get_state and
|
||
set_next_state pairs, transitioning to the non-null state for the
|
||
appropriate API.
|
||
(malloc_state_machine::can_purge_p): Port to new state approach.
|
||
(malloc_state_machine::on_zero_assignment): Replace on_transition
|
||
calls with get_state and set_next_state pairs. Drop redundant
|
||
node param.
|
||
* sm.h (state_machine::add_custom_state): New.
|
||
|
||
2020-09-09 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* diagnostic-manager.cc
|
||
(null_assignment_sm_context::warn_for_state): Replace with...
|
||
(null_assignment_sm_context::warn): ...this.
|
||
* engine.cc (impl_sm_context::warn_for_state): Replace with...
|
||
(impl_sm_context::warn): ...this.
|
||
* sm-file.cc (fileptr_state_machine::on_stmt): Replace
|
||
warn_for_state and on_transition calls with a get_state
|
||
test guarding warn and set_next_state calls.
|
||
* sm-malloc.cc (malloc_state_machine::on_stmt): Likewise.
|
||
* sm-pattern-test.cc (pattern_test_state_machine::on_condition):
|
||
Replace warn_for_state call with warn call.
|
||
* sm-sensitive.cc
|
||
(sensitive_state_machine::warn_for_any_exposure): Replace
|
||
warn_for_state call with a get_state test guarding a warn call.
|
||
* sm-signal.cc (signal_state_machine::on_stmt): Likewise.
|
||
* sm-taint.cc (taint_state_machine::on_stmt): Replace
|
||
warn_for_state and on_transition calls with a get_state
|
||
test guarding warn and set_next_state calls.
|
||
* sm.h (sm_context::warn_for_state): Replace with...
|
||
(sm_context::warn): ...this.
|
||
|
||
2020-09-09 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* diagnostic-manager.cc
|
||
(null_assignment_sm_context::null_assignment_sm_context): Add old_state
|
||
and ext_state params, initializing m_old_state and m_ext_state.
|
||
(null_assignment_sm_context::on_transition): Split into...
|
||
(null_assignment_sm_context::get_state): ...this new vfunc
|
||
implementation and...
|
||
(null_assignment_sm_context::set_next_state): ...this new vfunc
|
||
implementation.
|
||
(null_assignment_sm_context::m_old_state): New field.
|
||
(null_assignment_sm_context::m_ext_state): New field.
|
||
(diagnostic_manager::add_events_for_eedge): Pass in old state and
|
||
ext_state when creating sm_ctxt.
|
||
* engine.cc (impl_sm_context::on_transition): Split into...
|
||
(impl_sm_context::get_state): ...this new vfunc
|
||
implementation and...
|
||
(impl_sm_context::set_next_state): ...this new vfunc
|
||
implementation.
|
||
* sm.h (sm_context::get_state): New pure virtual function.
|
||
(sm_context::set_next_state): Likewise.
|
||
(sm_context::on_transition): Convert from a pure virtual function
|
||
to a regular function implemented in terms of get_state and
|
||
set_next_state.
|
||
|
||
2020-09-09 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* checker-path.cc (state_change_event::get_desc): Update
|
||
state_machine::get_state_name calls to state::get_name.
|
||
(warning_event::get_desc): Likewise.
|
||
* diagnostic-manager.cc
|
||
(null_assignment_sm_context::on_transition): Update comparison
|
||
against 0 with comparison with m_sm.get_start_state.
|
||
(diagnostic_manager::prune_for_sm_diagnostic): Update
|
||
state_machine::get_state_name calls to state::get_name.
|
||
* engine.cc (impl_sm_context::on_transition): Likewise.
|
||
(exploded_node::get_dot_fillcolor): Use get_id when summing
|
||
the sm states.
|
||
* program-state.cc (sm_state_map::sm_state_map): Don't hardcode
|
||
0 as the start state when initializing m_global_state.
|
||
(sm_state_map::print): Use dump_to_pp rather than get_state_name
|
||
when dumping states.
|
||
(sm_state_map::is_empty_p): Don't hardcode 0 as the start state
|
||
when examining m_global_state.
|
||
(sm_state_map::hash): Use get_id when hashing states.
|
||
(selftest::test_sm_state_map): Use state objects rather than
|
||
arbitrary hardcoded integers.
|
||
(selftest::test_program_state_merging): Likewise.
|
||
(selftest::test_program_state_merging_2): Likewise.
|
||
* sm-file.cc (fileptr_state_machine::m_start): Move to base class.
|
||
(file_diagnostic::describe_state_change): Use get_start_state.
|
||
(fileptr_state_machine::fileptr_state_machine): Drop m_start
|
||
initialization.
|
||
* sm-malloc.cc (malloc_state_machine::m_start): Move to base
|
||
class.
|
||
(malloc_diagnostic::describe_state_change): Use get_start_state.
|
||
(possible_null::describe_state_change): Likewise.
|
||
(malloc_state_machine::malloc_state_machine): Drop m_start
|
||
initialization.
|
||
* sm-pattern-test.cc (pattern_test_state_machine::m_start): Move
|
||
to base class.
|
||
(pattern_test_state_machine::pattern_test_state_machine): Drop
|
||
m_start initialization.
|
||
* sm-sensitive.cc (sensitive_state_machine::m_start): Move to base
|
||
class.
|
||
(sensitive_state_machine::sensitive_state_machine): Drop m_start
|
||
initialization.
|
||
* sm-signal.cc (signal_state_machine::m_start): Move to base
|
||
class.
|
||
(signal_state_machine::signal_state_machine): Drop m_start
|
||
initialization.
|
||
* sm-taint.cc (taint_state_machine::m_start): Move to base class.
|
||
(taint_state_machine::taint_state_machine): Drop m_start
|
||
initialization.
|
||
* sm.cc (state_machine::state::dump_to_pp): New.
|
||
(state_machine::state_machine): Move here from sm.h. Initialize
|
||
m_next_state_id and m_start.
|
||
(state_machine::add_state): Reimplement in terms of state objects.
|
||
(state_machine::get_state_name): Delete.
|
||
(state_machine::get_state_by_name): Reimplement in terms of state
|
||
objects. Make const.
|
||
(state_machine::validate): Delete.
|
||
(state_machine::dump_to_pp): Reimplement in terms of state
|
||
objects.
|
||
* sm.h (state_machine::state): New class.
|
||
(state_machine::state_t): Convert typedef from "unsigned" to
|
||
"const state_machine::state *".
|
||
(state_machine::state_machine): Move to sm.cc.
|
||
(state_machine::get_default_state): Use m_start rather than
|
||
hardcoding 0.
|
||
(state_machine::get_state_name): Delete.
|
||
(state_machine::get_state_by_name): Make const.
|
||
(state_machine::get_start_state): New accessor.
|
||
(state_machine::alloc_state_id): New.
|
||
(state_machine::m_state_names): Drop in favor of...
|
||
(state_machine::m_states): New field
|
||
(state_machine::m_start): New field
|
||
(start_start_p): Delete.
|
||
|
||
2020-09-08 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/96949
|
||
* store.cc (binding_map::apply_ctor_val_to_range): Add
|
||
error-handling for the cases where we have symbolic offsets.
|
||
|
||
2020-09-08 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/96950
|
||
* store.cc (binding_map::apply_ctor_to_region): Handle RANGE_EXPR
|
||
where min_index == max_index.
|
||
(binding_map::apply_ctor_val_to_range): Replace assertion that we
|
||
don't have a CONSTRUCTOR value with error-handling.
|
||
|
||
2020-09-08 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/96962
|
||
* region-model.cc (region_model::on_call_pre): Fix guard on switch
|
||
on built-ins to only consider BUILT_IN_NORMAL, rather than other
|
||
kinds of build-ins.
|
||
|
||
2020-09-01 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/96792
|
||
* region-model.cc (region_model::deref_rvalue): Add the constraint
|
||
that PTR_SVAL is non-NULL.
|
||
|
||
2020-08-31 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/96798
|
||
* region-model.cc (region_model::on_call_pre): Handle
|
||
BUILT_IN_MEMSET_CHK.
|
||
|
||
2020-08-31 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* region-model.cc (region_model::on_call_pre): Gather handling of
|
||
builtins and of internal fns into switch statements. Handle
|
||
"alloca" and BUILT_IN_ALLOCA_WITH_ALIGN.
|
||
|
||
2020-08-31 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/96860
|
||
* region.cc (decl_region::get_svalue_for_constructor): Support
|
||
apply_ctor_to_region failing.
|
||
* store.cc (binding_map::apply_ctor_to_region): Add failure
|
||
handling.
|
||
(binding_map::apply_ctor_val_to_range): Likewise.
|
||
(binding_map::apply_ctor_pair_to_child_region): Likewise. Replace
|
||
assertion that child_base_offset is not symbolic with error
|
||
handling.
|
||
* store.h (binding_map::apply_ctor_to_region): Convert return type
|
||
from void to bool.
|
||
(binding_map::apply_ctor_val_to_range): Likewise.
|
||
(binding_map::apply_ctor_pair_to_child_region): Likewise.
|
||
|
||
2020-08-31 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/96763
|
||
* store.cc (binding_map::apply_ctor_to_region): Handle RANGE_EXPR
|
||
by calling a new binding_map::apply_ctor_val_to_range subroutine.
|
||
Split out the existing non-CONSTRUCTOR-handling code to a new
|
||
apply_ctor_pair_to_child_region subroutine.
|
||
(binding_map::apply_ctor_val_to_range): New.
|
||
(binding_map::apply_ctor_pair_to_child_region): New, split out
|
||
from binding_map::apply_ctor_to_region as noted above.
|
||
* store.h (binding_map::apply_ctor_val_to_range): New decl.
|
||
(binding_map::apply_ctor_pair_to_child_region): New decl.
|
||
|
||
2020-08-31 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/96764
|
||
* region-model-manager.cc
|
||
(region_model_manager::maybe_fold_unaryop): Handle VIEW_CONVERT_EXPR.
|
||
(region_model_manager::get_or_create_cast): Move logic for
|
||
real->integer casting to...
|
||
(get_code_for_cast): ...this new function, and add logic for
|
||
real->non-integer casts.
|
||
(region_model_manager::maybe_fold_sub_svalue): Handle
|
||
VIEW_CONVERT_EXPR.
|
||
* region-model.cc
|
||
(region_model::add_any_constraints_from_gassign): Likewise.
|
||
* svalue.cc (svalue::maybe_undo_cast): Likewise.
|
||
(unaryop_svalue::dump_to_pp): Likewise.
|
||
|
||
2020-08-26 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/94858
|
||
* region-model-manager.cc
|
||
(region_model_manager::get_or_create_widening_svalue): Assert that
|
||
neither of the inputs are themselves widenings.
|
||
* store.cc (store::eval_alias_1): The initial value of a pointer
|
||
can't point to a region that was allocated on the heap after the
|
||
beginning of the path. A widened pointer value can't alias anything
|
||
that the initial pointer value can't alias.
|
||
* svalue.cc (svalue::can_merge_p): Merge BINOP (X, OP, CST) with X
|
||
to a widening svalue. Merge
|
||
BINOP(WIDENING(BASE, BINOP(BASE, X)), X) and BINOP(BASE, X) to
|
||
to the LHS of the first BINOP.
|
||
|
||
2020-08-26 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/96777
|
||
* region-model.h (class compound_svalue): Document that all keys
|
||
must be concrete.
|
||
(compound_svalue::compound_svalue): Move definition to svalue.cc.
|
||
* store.cc (binding_map::apply_ctor_to_region): Handle
|
||
initializers for trailing arrays with incomplete size.
|
||
* svalue.cc (compound_svalue::compound_svalue): Move definition
|
||
here from region-model.h. Add assertion that all keys are
|
||
concrete.
|
||
|
||
2020-08-22 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/94851
|
||
* region-model-manager.cc
|
||
(region_model_manager::maybe_fold_binop): Fold bitwise "& 0" to 0.
|
||
|
||
2020-08-22 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* store.cc (store::eval_alias): Make const. Split out 2nd half
|
||
into store::eval_alias_1 and call it twice for symmetry, avoiding
|
||
test duplication.
|
||
(store::eval_alias_1): New function, split out from the above.
|
||
* store.h (store::eval_alias): Make const.
|
||
(store::eval_alias_1): New decl.
|
||
|
||
2020-08-22 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* region-model.cc (region_model::push_frame): Bind the default
|
||
SSA name for each parm if it exists, falling back to the parm
|
||
itself otherwise, rather than doing both.
|
||
|
||
2020-08-20 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/96723
|
||
* region-model-manager.cc
|
||
(region_model_manager::get_field_region): Assert that field is a
|
||
FIELD_DECL.
|
||
* region.cc (region::get_subregions_for_binding): In
|
||
union-handling, filter the TYPE_FIELDS traversal to just FIELD_DECLs.
|
||
|
||
2020-08-20 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/96713
|
||
* region-model.cc (region_model::get_gassign_result): For
|
||
comparisons, only use eval_condition when the lhs has boolean
|
||
type, and use get_or_create_constant_svalue on the boolean
|
||
constants directly rather than via get_rvalue.
|
||
|
||
2020-08-19 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/96643
|
||
* region-model.cc (region_model::deref_rvalue): Rather than
|
||
attempting to handle all svalue kinds in the switch, only cover
|
||
the special cases, and move symbolic-region handling to after
|
||
the switch, thus implicitly handling the missing case SK_COMPOUND.
|
||
|
||
2020-08-19 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/96705
|
||
* region-model-manager.cc
|
||
(region_model_manager::maybe_fold_binop): Check that we have an
|
||
integral type before calling build_int_cst.
|
||
|
||
2020-08-19 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/96699
|
||
* region-model-manager.cc
|
||
(region_model_manager::get_or_create_cast): Use FIX_TRUNC_EXPR for
|
||
casting from REAL_TYPE to INTEGER_TYPE.
|
||
|
||
2020-08-19 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/96651
|
||
* region-model.cc (region_model::called_from_main_p): New.
|
||
(region_model::get_store_value): Move handling for globals into...
|
||
(region_model::get_initial_value_for_global): ...this new
|
||
function, and add logic for extracting values from decl
|
||
initializers.
|
||
* region-model.h (decl_region::get_svalue_for_constructor): New
|
||
decl.
|
||
(decl_region::get_svalue_for_initializer): New decl.
|
||
(region_model::called_from_main_p): New decl.
|
||
(region_model::get_initial_value_for_global): New.
|
||
* region.cc (decl_region::maybe_get_constant_value): Move logic
|
||
for getting an svalue from a CONSTRUCTOR node to...
|
||
(decl_region::get_svalue_for_constructor): ...this new function.
|
||
(decl_region::get_svalue_for_initializer): New.
|
||
* store.cc (get_svalue_for_ctor_val): Rewrite in terms of
|
||
region_model::get_rvalue.
|
||
* store.h (binding_cluster::get_map): New accessor.
|
||
|
||
2020-08-19 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/96648
|
||
* region.cc (get_field_at_bit_offset): Gracefully handle negative
|
||
values for bit_offset.
|
||
|
||
2020-08-18 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* region-model.cc (region_model::get_rvalue_1): Fix name of local.
|
||
|
||
2020-08-18 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/96641
|
||
* region-model.cc (region_model::get_rvalue_1): Handle
|
||
unrecognized tree codes by returning "UNKNOWN.
|
||
|
||
2020-08-18 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/96640
|
||
* region-model.cc (region_model::get_gassign_result): Handle various
|
||
VEC_* tree codes by returning UNKNOWN.
|
||
(region_model::on_assignment): Handle unrecognized tree codes by
|
||
setting lhs to an unknown value, rather than issuing a "sorry" and
|
||
asserting.
|
||
|
||
2020-08-17 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/96644
|
||
* region-model-manager.cc (get_region_for_unexpected_tree_code):
|
||
Handle ctxt being NULL.
|
||
|
||
2020-08-17 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/96639
|
||
* region.cc (region::get_subregions_for_binding): Check for "type"
|
||
being NULL.
|
||
|
||
2020-08-17 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/96642
|
||
* store.cc (get_svalue_for_ctor_val): New.
|
||
(binding_map::apply_ctor_to_region): Call it.
|
||
|
||
2020-08-14 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR testsuite/96609
|
||
PR analyzer/96616
|
||
* region-model.cc (region_model::get_store_value): Call
|
||
maybe_get_constant_value on decl_regions first.
|
||
* region-model.h (decl_region::maybe_get_constant_value): New decl.
|
||
* region.cc (decl_region::get_stack_depth): Likewise.
|
||
(decl_region::maybe_get_constant_value): New.
|
||
* store.cc (get_subregion_within_ctor): New.
|
||
(binding_map::apply_ctor_to_region): New.
|
||
* store.h (binding_map::apply_ctor_to_region): New decl.
|
||
|
||
2020-08-14 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/96611
|
||
* store.cc (store::mark_as_escaped): Reject attempts to
|
||
get a cluster for an unknown pointer.
|
||
|
||
2020-08-13 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93032
|
||
PR analyzer/93938
|
||
PR analyzer/94011
|
||
PR analyzer/94099
|
||
PR analyzer/94399
|
||
PR analyzer/94458
|
||
PR analyzer/94503
|
||
PR analyzer/94640
|
||
PR analyzer/94688
|
||
PR analyzer/94689
|
||
PR analyzer/94839
|
||
PR analyzer/95026
|
||
PR analyzer/95042
|
||
PR analyzer/95240
|
||
* analyzer-logging.cc: Ignore "-Wformat-diag".
|
||
(logger::enter_scope): Use inc_indent in both overloads.
|
||
(logger::exit_scope): Use dec_indent.
|
||
* analyzer-logging.h (logger::inc_indent): New.
|
||
(logger::dec_indent): New.
|
||
* analyzer-selftests.cc (run_analyzer_selftests): Call
|
||
analyzer_store_cc_tests.
|
||
* analyzer-selftests.h (analyzer_store_cc_tests): New decl.
|
||
* analyzer.cc (get_stmt_location): New function.
|
||
* analyzer.h (class initial_svalue): New forward decl.
|
||
(class unaryop_svalue): New forward decl.
|
||
(class binop_svalue): New forward decl.
|
||
(class sub_svalue): New forward decl.
|
||
(class unmergeable_svalue): New forward decl.
|
||
(class placeholder_svalue): New forward decl.
|
||
(class widening_svalue): New forward decl.
|
||
(class compound_svalue): New forward decl.
|
||
(class conjured_svalue): New forward decl.
|
||
(svalue_set): New typedef.
|
||
(class map_region): Delete.
|
||
(class array_region): Delete.
|
||
(class frame_region): New forward decl.
|
||
(class function_region): New forward decl.
|
||
(class label_region): New forward decl.
|
||
(class decl_region): New forward decl.
|
||
(class element_region): New forward decl.
|
||
(class offset_region): New forward decl.
|
||
(class cast_region): New forward decl.
|
||
(class field_region): New forward decl.
|
||
(class string_region): New forward decl.
|
||
(class region_model_manager): New forward decl.
|
||
(class store_manager): New forward decl.
|
||
(class store): New forward decl.
|
||
(class call_details): New forward decl.
|
||
(struct svalue_id_merger_mapping): Delete.
|
||
(struct canonicalization): Delete.
|
||
(class function_point): New forward decl.
|
||
(class engine): New forward decl.
|
||
(dump_tree): New function decl.
|
||
(print_quoted_type): New function decl.
|
||
(readability_comparator): New function decl.
|
||
(tree_cmp): New function decl.
|
||
(class path_var): Move here from region-model.h
|
||
(bit_offset_t, bit_size_t, byte_size_t): New typedefs.
|
||
(class region_offset): New class.
|
||
(get_stmt_location): New decl.
|
||
(struct member_function_hash_traits): New struct.
|
||
(class consolidation_map): New class.
|
||
Ignore "-Wformat-diag".
|
||
* analyzer.opt (-param=analyzer-max-svalue-depth=): New param.
|
||
(-param=analyzer-max-enodes-for-full-dump=): New param.
|
||
* call-string.cc: Ignore -Wformat-diag.
|
||
* checker-path.cc: Move includes of "analyzer/call-string.h" and
|
||
"analyzer/program-point.h" to before "analyzer/region-model.h",
|
||
and also include "analyzer/store.h" before it.
|
||
(state_change_event::state_change_event): Replace "tree var" param
|
||
with "const svalue *sval". Convert "origin" param from tree to
|
||
"const svalue *".
|
||
(state_change_event::get_desc): Call get_representative_tree to
|
||
convert the var and origin from const svalue * to tree. Use
|
||
svalue::get_desc rather than %qE when describing state changes.
|
||
(checker_path::add_final_event): Use get_stmt_location.
|
||
* checker-path.h (state_change_event::state_change_event): Port
|
||
from tree to const svalue *.
|
||
(state_change_event::get_lvalue): Delete.
|
||
(state_change_event::get_dest_function): New.
|
||
(state_change_event::m_var): Replace with...
|
||
(state_change_event::m_sval): ...this.
|
||
(state_change_event::m_origin): Convert from tree to
|
||
const svalue *.
|
||
* constraint-manager.cc: Include "analyzer/call-string.h",
|
||
"analyzer/program-point.h", and "analyzer/store.h" before
|
||
"analyzer/region-model.h".
|
||
(struct bound, struct range): Move to constraint-manager.h.
|
||
(compare_constants): New function.
|
||
(range::dump): Rename to...
|
||
(range::dump_to_pp): ...this. Support NULL constants.
|
||
(range::dump): Reintroduce for dumping to stderr.
|
||
(range::constrained_to_single_element): Return result, rather than
|
||
writing to *OUT.
|
||
(range::eval_condition): New.
|
||
(range::below_lower_bound): New.
|
||
(range::above_upper_bound): New.
|
||
(equiv_class::equiv_class): Port from svalue_id to const svalue *.
|
||
(equiv_class::print): Likewise.
|
||
(equiv_class::hash): Likewise.
|
||
(equiv_class::operator==): Port from svalue_id to const svalue *.
|
||
(equiv_class::add): Port from svalue_id to const svalue *. Drop
|
||
"cm" param.
|
||
(equiv_class::del): Port from svalue_id to const svalue *.
|
||
(equiv_class::get_representative): Likewise.
|
||
(equiv_class::remap_svalue_ids): Delete.
|
||
(svalue_id_cmp_by_id): Rename to...
|
||
(svalue_cmp_by_ptr): ...this, porting from svalue_id to
|
||
const svalue *.
|
||
(equiv_class::canonicalize): Update qsort comparator.
|
||
(constraint::implied_by): New.
|
||
(constraint_manager::constraint_manager): Copy m_mgr in copy ctor.
|
||
(constraint_manager::dump_to_pp): Add "multiline" param
|
||
(constraint_manager::dump): Pass "true" for "multiline".
|
||
(constraint_manager::add_constraint): Port from svalue_id to
|
||
const svalue *. Split out second part into...
|
||
(constraint_manager::add_unknown_constraint): ...this new
|
||
function. Remove self-constraints when merging equivalence
|
||
classes.
|
||
(constraint_manager::add_constraint_internal): Remove constraints
|
||
that would be implied by the new constraint. Port from svalue_id
|
||
to const svalue *.
|
||
(constraint_manager::get_equiv_class_by_sid): Rename to...
|
||
(constraint_manager::get_equiv_class_by_svalue): ...this, porting
|
||
from svalue_id to const svalue *.
|
||
(constraint_manager::get_or_add_equiv_class): Port from svalue_id
|
||
to const svalue *.
|
||
(constraint_manager::eval_condition): Make const. Call
|
||
compare_constants and return early if it provides a known result.
|
||
(constraint_manager::get_ec_bounds): New.
|
||
(constraint_manager::eval_condition): New overloads. Make
|
||
existing one const, and use compare_constants.
|
||
(constraint_manager::purge): Convert "p" param to a template
|
||
rather that an abstract base class. Port from svalue_id to
|
||
const svalue *.
|
||
(class dead_svalue_purger): New class.
|
||
(constraint_manager::remap_svalue_ids): Delete.
|
||
(constraint_manager::on_liveness_change): New.
|
||
(equiv_class_cmp): Port from svalue_id to const svalue *.
|
||
(constraint_manager::canonicalize): Likewise. Combine with
|
||
purging of redundant equivalence classes and constraints.
|
||
(class cleaned_constraint_manager): Delete.
|
||
(class merger_fact_visitor): Make "m_cm_b" const. Add "m_merger"
|
||
field.
|
||
(merger_fact_visitor::fact): Port from svalue_id to const svalue *.
|
||
Add special case for widening.
|
||
(constraint_manager::merge): Port from svalue_id to const svalue *.
|
||
(constraint_manager::clean_merger_input): Delete.
|
||
(constraint_manager::for_each_fact): Port from svalue_id to
|
||
const svalue *.
|
||
(constraint_manager::validate): Likewise.
|
||
(selftest::test_constraint_conditions): Provide a
|
||
region_model_manager when creating region_model instances.
|
||
Add test for self-equality not creating equivalence classes.
|
||
(selftest::test_transitivity): Provide a region_model_manager when
|
||
creating region_model instances. Verify that EC-merging happens
|
||
when constraints are implied.
|
||
(selftest::test_constant_comparisons): Provide a
|
||
region_model_manager when creating region_model instances.
|
||
(selftest::test_constraint_impl): Likewise. Remove over-specified
|
||
assertions.
|
||
(selftest::test_equality): Provide a region_model_manager when
|
||
creating region_model instances.
|
||
(selftest::test_many_constants): Likewise. Provide a
|
||
program_point when testing merging.
|
||
(selftest::run_constraint_manager_tests): Move call to
|
||
test_constant_comparisons to outside the transitivity guard.
|
||
* constraint-manager.h (struct bound): Move here from
|
||
constraint-manager.cc.
|
||
(struct range): Likewise.
|
||
(struct::eval_condition): New decl.
|
||
(struct::below_lower_bound): New decl.
|
||
(struct::above_upper_bound): New decl.
|
||
(equiv_class::add): Port from svalue_id to const svalue *.
|
||
(equiv_class::del): Likewise.
|
||
(equiv_class::get_representative): Likewise.
|
||
(equiv_class::remap_svalue_ids): Drop.
|
||
(equiv_class::m_cst_sid): Convert to..
|
||
(equiv_class::m_cst_sval): ...this.
|
||
(equiv_class::m_vars): Port from svalue_id to const svalue *.
|
||
(constraint::bool implied_by): New decl.
|
||
(fact_visitor::on_fact): Port from svalue_id to const svalue *.
|
||
(constraint_manager::constraint_manager): Add mgr param.
|
||
(constraint_manager::clone): Delete.
|
||
(constraint_manager::maybe_get_constant): Delete.
|
||
(constraint_manager::get_sid_for_constant): Delete.
|
||
(constraint_manager::get_num_svalues): Delete.
|
||
(constraint_manager::dump_to_pp): Add "multiline" param.
|
||
(constraint_manager::get_equiv_class): Port from svalue_id to
|
||
const svalue *.
|
||
(constraint_manager::add_constraint): Likewise.
|
||
(constraint_manager::get_equiv_class_by_sid): Rename to...
|
||
(constraint_manager::get_equiv_class_by_svalue): ...this, porting
|
||
from svalue_id to const svalue *.
|
||
(constraint_manager::add_unknown_constraint): New decl.
|
||
(constraint_manager::get_or_add_equiv_class): Port from svalue_id
|
||
to const svalue *.
|
||
(constraint_manager::eval_condition): Likewise. Add overloads.
|
||
(constraint_manager::get_ec_bounds): New decl.
|
||
(constraint_manager::purge): Convert to template.
|
||
(constraint_manager::remap_svalue_ids): Delete.
|
||
(constraint_manager::on_liveness_change): New decl.
|
||
(constraint_manager::canonicalize): Drop param.
|
||
(constraint_manager::clean_merger_input): Delete.
|
||
(constraint_manager::m_mgr): New field.
|
||
* diagnostic-manager.cc: Move includes of
|
||
"analyzer/call-string.h" and "analyzer/program-point.h" to before
|
||
"analyzer/region-model.h", and also include "analyzer/store.h"
|
||
before it.
|
||
(saved_diagnostic::saved_diagnostic): Add "sval" param.
|
||
(diagnostic_manager::diagnostic_manager): Add engine param.
|
||
(diagnostic_manager::add_diagnostic): Add "sval" param, passing it
|
||
to saved_diagnostic ctor. Update overload to pass NULL for it.
|
||
(dedupe_winners::dedupe_winners): Add engine param.
|
||
(dedupe_winners::add): Add "eg" param. Pass m_engine to
|
||
feasible_p.
|
||
(dedupe_winner::m_engine): New field.
|
||
(diagnostic_manager::emit_saved_diagnostics): Pass engine to
|
||
dedupe_winners. Pass &eg when adding candidates. Pass svalue
|
||
rather than tree to prune_path. Use get_stmt_location to get
|
||
primary location of diagnostic.
|
||
(diagnostic_manager::emit_saved_diagnostic): Likewise.
|
||
(get_any_origin): Drop.
|
||
(state_change_event_creator::on_global_state_change): Pass NULL
|
||
const svalue * rather than NULL_TREE trees to state_change_event
|
||
ctor.
|
||
(state_change_event_creator::on_state_change): Port from tree and
|
||
svalue_id to const svalue *.
|
||
(for_each_state_change): Port from svalue_id to const svalue *.
|
||
(struct null_assignment_sm_context): New.
|
||
(diagnostic_manager::add_events_for_eedge): Add state change
|
||
events for assignment to NULL.
|
||
(diagnostic_manager::prune_path): Update param from tree to
|
||
const svalue *.
|
||
(diagnostic_manager::prune_for_sm_diagnostic): Port from tracking
|
||
by tree to by const svalue *.
|
||
* diagnostic-manager.h (saved_diagnostic::saved_diagnostic): Add sval
|
||
param.
|
||
(saved_diagnostic::m_sval): New field.
|
||
(diagnostic_manager::diagnostic_manager): Add engine param.
|
||
(diagnostic_manager::get_engine): New.
|
||
(diagnostic_manager::add_diagnostic): Add "sval" param.
|
||
(diagnostic_manager::prune_path): Likewise.
|
||
(diagnostic_manager::prune_for_sm_diagnostic): New overload.
|
||
(diagnostic_manager::m_eng): New field.
|
||
* engine.cc: Move includes of "analyzer/call-string.h" and
|
||
"analyzer/program-point.h" to before "analyzer/region-model.h",
|
||
and also include "analyzer/store.h" before it.
|
||
(impl_region_model_context::impl_region_model_context): Update for
|
||
removal of m_change field.
|
||
(impl_region_model_context::remap_svalue_ids): Delete.
|
||
(impl_region_model_context::on_svalue_leak): New.
|
||
(impl_region_model_context::on_svalue_purge): Delete.
|
||
(impl_region_model_context::on_liveness_change): New.
|
||
(impl_region_model_context::on_unknown_change): Update param
|
||
from svalue_id to const svalue *. Add is_mutable param.
|
||
(setjmp_svalue::compare_fields): Delete.
|
||
(setjmp_svalue::accept): New.
|
||
(setjmp_svalue::add_to_hash): Delete.
|
||
(setjmp_svalue::dump_to_pp): New.
|
||
(setjmp_svalue::print_details): Delete.
|
||
(impl_sm_context::impl_sm_context): Drop "change" param.
|
||
(impl_sm_context::get_fndecl_for_call): Drop "m_change".
|
||
(impl_sm_context::on_transition): Drop ATTRIBUTE_UNUSED from
|
||
"stmt" param. Drop m_change. Port from svalue_id to
|
||
const svalue *.
|
||
(impl_sm_context::warn_for_state): Drop m_change. Port from
|
||
svalue_id to const svalue *.
|
||
(impl_sm_context::get_readable_tree): Rename to...
|
||
(impl_sm_context::get_diagnostic_tree): ...this. Port from
|
||
svalue_id to const svalue *.
|
||
(impl_sm_context::is_zero_assignment): New.
|
||
(impl_sm_context::m_change): Delete field.
|
||
(leak_stmt_finder::find_stmt): Handle m_var being NULL.
|
||
(readability): Increase penalty for MEM_REF. For SSA_NAMEs,
|
||
slightly favor the underlying var over the SSA name. Heavily
|
||
penalize temporaries. Handle RESULT_DECL.
|
||
(readability_comparator): Make non-static. Consider stack depths.
|
||
(impl_region_model_context::on_state_leak): Convert from svalue_id
|
||
to const svalue *, updating for region_model changes. Use
|
||
id_equal.
|
||
(impl_region_model_context::on_inherited_svalue): Delete.
|
||
(impl_region_model_context::on_cast): Delete.
|
||
(impl_region_model_context::on_condition): Drop m_change.
|
||
(impl_region_model_context::on_phi): Likewise.
|
||
(impl_region_model_context::on_unexpected_tree_code): Handle t
|
||
being NULL.
|
||
(point_and_state::validate): Update stack checking for
|
||
region_model changes.
|
||
(eg_traits::dump_args_t::show_enode_details_p): New.
|
||
(exploded_node::exploded_node): Initialize m_num_processed_stmts.
|
||
(exploded_node::get_processed_stmt): New function.
|
||
(exploded_node::get_dot_fillcolor): Add more colors.
|
||
(exploded_node::dump_dot): Guard the printing of the point and
|
||
state with show_enode_details_p. Print the processed stmts for
|
||
this enode after the initial state.
|
||
(exploded_node::dump_to_pp): Pass true for new multiline param
|
||
of program_state::dump_to_pp.
|
||
(exploded_node::on_stmt): Drop "change" param. Log the stmt.
|
||
Set input_location. Implement __analyzer_describe. Update
|
||
implementation of __analyzer_dump and __analyzer_eval.
|
||
Remove purging of sm-state for unknown fncalls from here.
|
||
(exploded_node::on_edge): Drop "change" param.
|
||
(exploded_node::on_longjmp): Port from region_id/svalue_id to
|
||
const region */const svalue *. Call program_state::detect_leaks.
|
||
Drop state_change.
|
||
(exploded_node::detect_leaks): Update for changes to region_model.
|
||
Call program_state::detect_leaks.
|
||
(exploded_edge::exploded_edge): Drop ext_state and change params.
|
||
(exploded_edge::dump_dot): "args" is no longer used. Drop dumping
|
||
of m_change.
|
||
(exploded_graph::exploded_graph): Pass engine to
|
||
m_diagnostic_manager ctor. Use program_point::origin.
|
||
(exploded_graph::add_function_entry): Drop ctxt. Use
|
||
program_state::push_frame. Drop state_change.
|
||
(exploded_graph::get_or_create_node): Drop "change" param. Add
|
||
"enode_for_diag" param. Update dumping calls for API changes.
|
||
Pass point to can_merge_with_p. Show enode indices
|
||
within -Wanalyzer-too-complex diagnostic for hitting the per-point
|
||
limit.
|
||
(exploded_graph::add_edge): Drop "change" param. Log which nodes
|
||
are being connected. Update for changes to exploded_edge ctor.
|
||
(exploded_graph::get_per_program_point_data): New.
|
||
(exploded_graph::process_worklist): Pass point to
|
||
can_merge_with_p. Drop state_change. Update dumping call for API
|
||
change.
|
||
(exploded_graph::process_node): Drop state_change. Split the
|
||
node in-place if an sm-state-change occurs. Update
|
||
m_num_processed_stmts. Update dumping calls for API change.
|
||
(exploded_graph::log_stats): Call engine::log_stats.
|
||
(exploded_graph::dump_states_for_supernode): Update dumping
|
||
call.
|
||
(exploded_path::feasible_p): Add "eng" and "eg" params.
|
||
Rename "i" to "end_idx". Pass the manager to the region_model
|
||
ctor. Update for every processed stmt in the enode, not just the
|
||
first. Keep track of which snodes have been visited, and call
|
||
loop_replay_fixup when revisiting one.
|
||
(enode_label::get_text): Update dump call for new param.
|
||
(exploded_graph::dump_exploded_nodes): Likewise.
|
||
(exploded_graph::get_node_by_index): New.
|
||
(impl_run_checkers): Create engine instance and pass its address
|
||
to extrinsic_state ctor.
|
||
* exploded-graph.h
|
||
(impl_region_model_context::impl_region_model_context): Drop
|
||
"change" params.
|
||
(impl_region_model_context::void remap_svalue_ids): Delete.
|
||
(impl_region_model_context::on_svalue_purge): Delete.
|
||
(impl_region_model_context::on_svalue_leak): New.
|
||
(impl_region_model_context::on_liveness_change): New.
|
||
(impl_region_model_context::on_state_leak): Update signature.
|
||
(impl_region_model_context::on_inherited_svalue): Delete.
|
||
(impl_region_model_context::on_cast): Delete.
|
||
(impl_region_model_context::on_unknown_change): Update signature.
|
||
(impl_region_model_context::m_change): Delete.
|
||
(eg_traits::dump_args_t::show_enode_details_p): New.
|
||
(exploded_node::on_stmt): Drop "change" param.
|
||
(exploded_node::on_edge): Likewise.
|
||
(exploded_node::get_processed_stmt): New decl.
|
||
(exploded_node::m_num_processed_stmts): New field.
|
||
(exploded_edge::exploded_edge): Drop ext_state and change params.
|
||
(exploded_edge::m_change): Delete.
|
||
(exploded_graph::get_engine): New accessor.
|
||
(exploded_graph::get_or_create_node): Drop "change" param. Add
|
||
"enode_for_diag" param.
|
||
(exploded_graph::add_edge): Drop "change" param.
|
||
(exploded_graph::get_per_program_point_data): New decl.
|
||
(exploded_graph::get_node_by_index): New decl.
|
||
(exploded_path::feasible_p): Add "eng" and "eg" params.
|
||
* program-point.cc: Include "analyzer/store.h" before including
|
||
"analyzer/region-model.h".
|
||
(function_point::function_point): Move here from
|
||
program-point.h.
|
||
(function_point::get_function): Likewise.
|
||
(function_point::from_function_entry): Likewise.
|
||
(function_point::before_supernode): Likewise.
|
||
(function_point::next_stmt): New function.
|
||
* program-point.h (function_point::function_point): Move
|
||
implementation from here to program-point.cc.
|
||
(function_point::get_function): Likewise.
|
||
(function_point::from_function_entry): Likewise.
|
||
(function_point::before_supernode): Likewise.
|
||
(function_point::next_stmt): New decl.
|
||
(program_point::operator!=): New.
|
||
(program_point::origin): New.
|
||
(program_point::next_stmt): New.
|
||
(program_point::m_function_point): Make non-const.
|
||
* program-state.cc: Move includes of "analyzer/call-string.h" and
|
||
"analyzer/program-point.h" to before "analyzer/region-model.h",
|
||
and also include "analyzer/store.h" before it.
|
||
(extrinsic_state::get_model_manager): New.
|
||
(sm_state_map::sm_state_map): Pass in sm and sm_idx to ctor,
|
||
rather than pass the around.
|
||
(sm_state_map::clone_with_remapping): Delete.
|
||
(sm_state_map::print): Remove "sm" param in favor of "m_sm". Add
|
||
"simple" and "multiline" params and support multiline vs single
|
||
line dumping.
|
||
(sm_state_map::dump): Remove "sm" param in favor of "m_sm". Add
|
||
"simple" param.
|
||
(sm_state_map::hash): Port from svalue_id to const svalue *.
|
||
(sm_state_map::operator==): Likewise.
|
||
(sm_state_map::get_state): Likewise. Call canonicalize_svalue on
|
||
input. Handle inheritance of sm-state. Call get_default_state.
|
||
(sm_state_map::get_origin): Port from svalue_id to const svalue *.
|
||
(sm_state_map::set_state): Likewise. Pass in ext_state. Reject
|
||
attempts to set state on UNKNOWN.
|
||
(sm_state_map::impl_set_state): Port from svalue_id to
|
||
const svalue *. Pass in ext_state. Call canonicalize_svalue on
|
||
input.
|
||
(sm_state_map::purge_for_unknown_fncall): Delete.
|
||
(sm_state_map::on_svalue_leak): New.
|
||
(sm_state_map::remap_svalue_ids): Delete.
|
||
(sm_state_map::on_liveness_change): New.
|
||
(sm_state_map::on_unknown_change): Reimplement.
|
||
(sm_state_map::on_svalue_purge): Delete.
|
||
(sm_state_map::on_inherited_svalue): Delete.
|
||
(sm_state_map::on_cast): Delete.
|
||
(sm_state_map::validate): Delete.
|
||
(sm_state_map::canonicalize_svalue): New.
|
||
(program_state::program_state): Update to pass manager to
|
||
region_model's ctor. Constify num_states and pass state machine
|
||
and index to sm_state_map ctor.
|
||
(program_state::print): Update for changes to dump API.
|
||
(program_state::dump_to_pp): Ignore the summarize param. Add
|
||
"multiline" param.
|
||
(program_state::dump_to_file): Add "multiline" param.
|
||
(program_state::dump): Pass "true" for new "multiline" param.
|
||
(program_state::push_frame): New.
|
||
(program_state::on_edge): Drop "change" param. Call
|
||
program_state::detect_leaks.
|
||
(program_state::prune_for_point): Add enode_for_diag param.
|
||
Reimplement based on store class. Call detect_leaks
|
||
(program_state::remap_svalue_ids): Delete.
|
||
(program_state::get_representative_tree): Port from svalue_id to
|
||
const svalue *.
|
||
(program_state::can_merge_with_p): Add "point" param. Add early
|
||
reject for sm-differences. Drop id remapping.
|
||
(program_state::validate): Drop region model and sm_state_map
|
||
validation.
|
||
(state_change::sm_change::dump): Delete.
|
||
(state_change::sm_change::remap_svalue_ids): Delete.
|
||
(state_change::sm_change::on_svalue_purge): Delete.
|
||
(log_set_of_svalues): New.
|
||
(state_change::sm_change::validate): Delete.
|
||
(state_change::state_change): Delete.
|
||
(state_change::add_sm_change): Delete.
|
||
(state_change::affects_p): Delete.
|
||
(state_change::dump): Delete.
|
||
(state_change::remap_svalue_ids): Delete.
|
||
(state_change::on_svalue_purge): Delete.
|
||
(state_change::validate): Delete.
|
||
(selftest::assert_dump_eq): Delete.
|
||
(ASSERT_DUMP_EQ): Delete.
|
||
(selftest::test_sm_state_map): Update for changes to region_model
|
||
and sm_state_map, porting from svalue_id to const svalue *.
|
||
(selftest::test_program_state_dumping): Likewise. Drop test of
|
||
dumping, renaming to...
|
||
(selftest::test_program_state_1): ...this.
|
||
(selftest::test_program_state_dumping_2): Likewise, renaming to...
|
||
(selftest::test_program_state_2): ...this.
|
||
(selftest::test_program_state_merging): Update for changes to
|
||
region_model.
|
||
(selftest::test_program_state_merging_2): Likewise.
|
||
(selftest::analyzer_program_state_cc_tests): Update for renamed
|
||
tests.
|
||
* program-state.h (extrinsic_state::extrinsic_state): Add logger
|
||
and engine params.
|
||
(extrinsic_state::get_logger): New accessor.
|
||
(extrinsic_state::get_engine): New accessor.
|
||
(extrinsic_state::get_model_manager): New accessor.
|
||
(extrinsic_state::m_logger): New field.
|
||
(extrinsic_state::m_engine): New field.
|
||
(struct default_hash_traits<svalue_id>): Delete.
|
||
(pod_hash_traits<svalue_id>::hash): Delete.
|
||
(pod_hash_traits<svalue_id>::equal): Delete.
|
||
(pod_hash_traits<svalue_id>::mark_deleted): Delete.
|
||
(pod_hash_traits<svalue_id>::mark_empty): Delete.
|
||
(pod_hash_traits<svalue_id>::is_deleted): Delete.
|
||
(pod_hash_traits<svalue_id>::is_empty): Delete.
|
||
(sm_state_map::entry_t::entry_t): Port from svalue_id to
|
||
const svalue *.
|
||
(sm_state_map::entry_t::m_origin): Likewise.
|
||
(sm_state_map::map_t): Likewise.
|
||
(sm_state_map::sm_state_map): Add state_machine and index params.
|
||
(sm_state_map::clone_with_remapping): Delete.
|
||
(sm_state_map::print): Drop sm param; add simple and multiline
|
||
params.
|
||
(sm_state_map::dump): Drop sm param; add simple param.
|
||
(sm_state_map::get_state): Port from svalue_id to const svalue *.
|
||
Add ext_state param.
|
||
(sm_state_map::get_origin): Likewise.
|
||
(sm_state_map::set_state): Likewise.
|
||
(sm_state_map::impl_set_state): Likewise.
|
||
(sm_state_map::purge_for_unknown_fncall): Delete.
|
||
(sm_state_map::remap_svalue_ids): Delete.
|
||
(sm_state_map::on_svalue_purge): Delete.
|
||
(sm_state_map::on_svalue_leak): New.
|
||
(sm_state_map::on_liveness_change): New.
|
||
(sm_state_map::on_inherited_svalue): Delete.
|
||
(sm_state_map::on_cast): Delete.
|
||
(sm_state_map::validate): Delete.
|
||
(sm_state_map::on_unknown_change): Port from svalue_id to
|
||
const svalue *. Add is_mutable and ext_state params.
|
||
(sm_state_map::canonicalize_svalue): New.
|
||
(sm_state_map::m_sm): New field.
|
||
(sm_state_map::m_sm_idx): New field.
|
||
(program_state::operator=): Delete.
|
||
(program_state::dump_to_pp): Drop "summarize" param, adding
|
||
"simple" and "multiline".
|
||
(program_state::dump_to_file): Likewise.
|
||
(program_state::dump): Rename "summarize" to "simple".
|
||
(program_state::push_frame): New.
|
||
(program_state::get_current_function): New.
|
||
(program_state::on_edge): Drop "change" param.
|
||
(program_state::prune_for_point): Likewise. Add enode_for_diag
|
||
param.
|
||
(program_state::remap_svalue_ids): Delete.
|
||
(program_state::get_representative_tree): Port from svalue_id to
|
||
const svalue *.
|
||
(program_state::can_purge_p): Likewise. Pass ext_state to get_state.
|
||
(program_state::can_merge_with_p): Add point param.
|
||
(program_state::detect_leaks): New.
|
||
(state_change_visitor::on_state_change): Port from tree and
|
||
svalue_id to a pair of const svalue *.
|
||
(class state_change): Delete.
|
||
* region.cc: New file.
|
||
* region-model-impl-calls.cc: New file.
|
||
* region-model-manager.cc: New file.
|
||
* region-model-reachability.cc: New file.
|
||
* region-model-reachability.h: New file.
|
||
* region-model.cc: Include "analyzer/call-string.h",
|
||
"analyzer/program-point.h", and "analyzer/store.h" before
|
||
"analyzer/region-model.h". Include
|
||
"analyzer/region-model-reachability.h".
|
||
(dump_tree): Make non-static.
|
||
(dump_quoted_tree): Make non-static.
|
||
(print_quoted_type): Make non-static.
|
||
(path_var::dump): Delete.
|
||
(dump_separator): Delete.
|
||
(class impl_constraint_manager): Delete.
|
||
(svalue_id::print): Delete.
|
||
(svalue_id::dump_node_name_to_pp): Delete.
|
||
(svalue_id::validate): Delete.
|
||
(region_id::print): Delete.
|
||
(region_id::dump_node_name_to_pp): Delete.
|
||
(region_id::validate): Delete.
|
||
(region_id_set::region_id_set): Delete.
|
||
(svalue_id_set::svalue_id_set): Delete.
|
||
(svalue::operator==): Delete.
|
||
(svalue::hash): Delete.
|
||
(svalue::print): Delete.
|
||
(svalue::dump_dot_to_pp): Delete.
|
||
(svalue::remap_region_ids): Delete.
|
||
(svalue::walk_for_canonicalization): Delete.
|
||
(svalue::get_child_sid): Delete.
|
||
(svalue::maybe_get_constant): Delete.
|
||
(region_svalue::compare_fields): Delete.
|
||
(region_svalue::add_to_hash): Delete.
|
||
(region_svalue::print_details): Delete.
|
||
(region_svalue::dump_dot_to_pp): Delete.
|
||
(region_svalue::remap_region_ids): Delete.
|
||
(region_svalue::merge_values): Delete.
|
||
(region_svalue::walk_for_canonicalization): Delete.
|
||
(region_svalue::eval_condition): Delete.
|
||
(constant_svalue::compare_fields): Delete.
|
||
(constant_svalue::add_to_hash): Delete.
|
||
(constant_svalue::merge_values): Delete.
|
||
(constant_svalue::eval_condition): Move to svalue.cc.
|
||
(constant_svalue::print_details): Delete.
|
||
(constant_svalue::get_child_sid): Delete.
|
||
(unknown_svalue::compare_fields): Delete.
|
||
(unknown_svalue::add_to_hash): Delete.
|
||
(unknown_svalue::print_details): Delete.
|
||
(poison_kind_to_str): Move to svalue.cc.
|
||
(poisoned_svalue::compare_fields): Delete.
|
||
(poisoned_svalue::add_to_hash): Delete.
|
||
(poisoned_svalue::print_details): Delete.
|
||
(region_kind_to_str): Move to region.cc and reimplement.
|
||
(region::operator==): Delete.
|
||
(region::get_parent_region): Delete.
|
||
(region::set_value): Delete.
|
||
(region::become_active_view): Delete.
|
||
(region::deactivate_any_active_view): Delete.
|
||
(region::deactivate_view): Delete.
|
||
(region::get_value): Delete.
|
||
(region::get_inherited_child_sid): Delete.
|
||
(region_model::copy_region): Delete.
|
||
(region_model::copy_struct_region): Delete.
|
||
(region_model::copy_union_region): Delete.
|
||
(region_model::copy_array_region): Delete.
|
||
(region::hash): Delete.
|
||
(region::print): Delete.
|
||
(region::dump_dot_to_pp): Delete.
|
||
(region::dump_to_pp): Delete.
|
||
(region::dump_child_label): Delete.
|
||
(region::validate): Delete.
|
||
(region::remap_svalue_ids): Delete.
|
||
(region::remap_region_ids): Delete.
|
||
(region::add_view): Delete.
|
||
(region::get_view): Delete.
|
||
(region::region): Move to region.cc.
|
||
(region::add_to_hash): Delete.
|
||
(region::print_fields): Delete.
|
||
(region::non_null_p): Delete.
|
||
(primitive_region::clone): Delete.
|
||
(primitive_region::walk_for_canonicalization): Delete.
|
||
(map_region::map_region): Delete.
|
||
(map_region::compare_fields): Delete.
|
||
(map_region::print_fields): Delete.
|
||
(map_region::validate): Delete.
|
||
(map_region::dump_dot_to_pp): Delete.
|
||
(map_region::dump_child_label): Delete.
|
||
(map_region::get_or_create): Delete.
|
||
(map_region::get): Delete.
|
||
(map_region::add_to_hash): Delete.
|
||
(map_region::remap_region_ids): Delete.
|
||
(map_region::unbind): Delete.
|
||
(map_region::get_tree_for_child_region): Delete.
|
||
(map_region::get_tree_for_child_region): Delete.
|
||
(tree_cmp): Move to region.cc.
|
||
(map_region::can_merge_p): Delete.
|
||
(map_region::walk_for_canonicalization): Delete.
|
||
(map_region::get_value_by_name): Delete.
|
||
(struct_or_union_region::valid_key_p): Delete.
|
||
(struct_or_union_region::compare_fields): Delete.
|
||
(struct_region::clone): Delete.
|
||
(struct_region::compare_fields): Delete.
|
||
(union_region::clone): Delete.
|
||
(union_region::compare_fields): Delete.
|
||
(frame_region::compare_fields): Delete.
|
||
(frame_region::clone): Delete.
|
||
(frame_region::valid_key_p): Delete.
|
||
(frame_region::print_fields): Delete.
|
||
(frame_region::add_to_hash): Delete.
|
||
(globals_region::compare_fields): Delete.
|
||
(globals_region::clone): Delete.
|
||
(globals_region::valid_key_p): Delete.
|
||
(code_region::compare_fields): Delete.
|
||
(code_region::clone): Delete.
|
||
(code_region::valid_key_p): Delete.
|
||
(array_region::array_region): Delete.
|
||
(array_region::get_element): Delete.
|
||
(array_region::clone): Delete.
|
||
(array_region::compare_fields): Delete.
|
||
(array_region::print_fields): Delete.
|
||
(array_region::validate): Delete.
|
||
(array_region::dump_dot_to_pp): Delete.
|
||
(array_region::dump_child_label): Delete.
|
||
(array_region::get_or_create): Delete.
|
||
(array_region::get): Delete.
|
||
(array_region::add_to_hash): Delete.
|
||
(array_region::remap_region_ids): Delete.
|
||
(array_region::get_key_for_child_region): Delete.
|
||
(array_region::key_cmp): Delete.
|
||
(array_region::walk_for_canonicalization): Delete.
|
||
(array_region::key_from_constant): Delete.
|
||
(array_region::constant_from_key): Delete.
|
||
(function_region::compare_fields): Delete.
|
||
(function_region::clone): Delete.
|
||
(function_region::valid_key_p): Delete.
|
||
(stack_region::stack_region): Delete.
|
||
(stack_region::compare_fields): Delete.
|
||
(stack_region::clone): Delete.
|
||
(stack_region::print_fields): Delete.
|
||
(stack_region::dump_child_label): Delete.
|
||
(stack_region::validate): Delete.
|
||
(stack_region::push_frame): Delete.
|
||
(stack_region::get_current_frame_id): Delete.
|
||
(stack_region::pop_frame): Delete.
|
||
(stack_region::add_to_hash): Delete.
|
||
(stack_region::remap_region_ids): Delete.
|
||
(stack_region::can_merge_p): Delete.
|
||
(stack_region::walk_for_canonicalization): Delete.
|
||
(stack_region::get_value_by_name): Delete.
|
||
(heap_region::heap_region): Delete.
|
||
(heap_region::compare_fields): Delete.
|
||
(heap_region::clone): Delete.
|
||
(heap_region::walk_for_canonicalization): Delete.
|
||
(root_region::root_region): Delete.
|
||
(root_region::compare_fields): Delete.
|
||
(root_region::clone): Delete.
|
||
(root_region::print_fields): Delete.
|
||
(root_region::validate): Delete.
|
||
(root_region::dump_child_label): Delete.
|
||
(root_region::push_frame): Delete.
|
||
(root_region::get_current_frame_id): Delete.
|
||
(root_region::pop_frame): Delete.
|
||
(root_region::ensure_stack_region): Delete.
|
||
(root_region::get_stack_region): Delete.
|
||
(root_region::ensure_globals_region): Delete.
|
||
(root_region::get_code_region): Delete.
|
||
(root_region::ensure_code_region): Delete.
|
||
(root_region::get_globals_region): Delete.
|
||
(root_region::ensure_heap_region): Delete.
|
||
(root_region::get_heap_region): Delete.
|
||
(root_region::remap_region_ids): Delete.
|
||
(root_region::can_merge_p): Delete.
|
||
(root_region::add_to_hash): Delete.
|
||
(root_region::walk_for_canonicalization): Delete.
|
||
(root_region::get_value_by_name): Delete.
|
||
(symbolic_region::symbolic_region): Delete.
|
||
(symbolic_region::compare_fields): Delete.
|
||
(symbolic_region::clone): Delete.
|
||
(symbolic_region::walk_for_canonicalization): Delete.
|
||
(symbolic_region::print_fields): Delete.
|
||
(region_model::region_model): Add region_model_manager * param.
|
||
Reimplement in terms of store, dropping impl_constraint_manager
|
||
subclass.
|
||
(region_model::operator=): Reimplement in terms of store
|
||
(region_model::operator==): Likewise.
|
||
(region_model::hash): Likewise.
|
||
(region_model::print): Delete.
|
||
(region_model::print_svalue): Delete.
|
||
(region_model::dump_dot_to_pp): Delete.
|
||
(region_model::dump_dot_to_file): Delete.
|
||
(region_model::dump_dot): Delete.
|
||
(region_model::dump_to_pp): Replace "summarize" param with
|
||
"simple" and "multiline". Port to store-based implementation.
|
||
(region_model::dump): Replace "summarize" param with "simple" and
|
||
"multiline".
|
||
(dump_vec_of_tree): Delete.
|
||
(region_model::dump_summary_of_rep_path_vars): Delete.
|
||
(region_model::validate): Delete.
|
||
(svalue_id_cmp_by_constant_svalue_model): Delete.
|
||
(svalue_id_cmp_by_constant_svalue): Delete.
|
||
(region_model::canonicalize): Drop "ctxt" param. Reimplement in
|
||
terms of store and constraints.
|
||
(region_model::canonicalized_p): Remove NULL arg to canonicalize.
|
||
(region_model::loop_replay_fixup): New.
|
||
(poisoned_value_diagnostic::emit): Tweak wording of warnings.
|
||
(region_model::check_for_poison): Delete.
|
||
(region_model::get_gassign_result): New.
|
||
(region_model::on_assignment): Port to store-based implementation.
|
||
(region_model::on_call_pre): Delete calls to check_for_poison.
|
||
Move implementations to region-model-impl-calls.c and port to
|
||
store-based implementation.
|
||
(region_model::on_call_post): Likewise.
|
||
(class reachable_regions): Move to region-model-reachability.h/cc
|
||
and port to store-based implementation.
|
||
(region_model::handle_unrecognized_call): Port to store-based
|
||
implementation.
|
||
(region_model::get_reachable_svalues): New.
|
||
(region_model::on_setjmp): Port to store-based implementation.
|
||
(region_model::on_longjmp): Likewise.
|
||
(region_model::handle_phi): Drop is_back_edge param and the logic
|
||
using it.
|
||
(region_model::get_lvalue_1): Port from region_id to const region *.
|
||
(region_model::make_region_for_unexpected_tree_code): Delete.
|
||
(assert_compat_types): If the check fails, use internal_error to
|
||
show the types.
|
||
(region_model::get_lvalue): Port from region_id to const region *.
|
||
(region_model::get_rvalue_1): Port from svalue_id to const svalue *.
|
||
(region_model::get_rvalue): Likewise.
|
||
(region_model::get_or_create_ptr_svalue): Delete.
|
||
(region_model::get_or_create_constant_svalue): Delete.
|
||
(region_model::get_svalue_for_fndecl): Delete.
|
||
(region_model::get_region_for_fndecl): Delete.
|
||
(region_model::get_svalue_for_label): Delete.
|
||
(region_model::get_region_for_label): Delete.
|
||
(build_cast): Delete.
|
||
(region_model::maybe_cast_1): Delete.
|
||
(region_model::maybe_cast): Delete.
|
||
(region_model::get_field_region): Delete.
|
||
(region_model::get_store_value): New.
|
||
(region_model::region_exists_p): New.
|
||
(region_model::deref_rvalue): Port from svalue_id to const svalue *.
|
||
(region_model::set_value): Likewise.
|
||
(region_model::clobber_region): New.
|
||
(region_model::purge_region): New.
|
||
(region_model::zero_fill_region): New.
|
||
(region_model::mark_region_as_unknown): New.
|
||
(region_model::eval_condition): Port from svalue_id to
|
||
const svalue *.
|
||
(region_model::eval_condition_without_cm): Likewise.
|
||
(region_model::compare_initial_and_pointer): New.
|
||
(region_model::add_constraint): Port from svalue_id to
|
||
const svalue *.
|
||
(region_model::maybe_get_constant): Delete.
|
||
(region_model::get_representative_path_var): New.
|
||
(region_model::add_new_malloc_region): Delete.
|
||
(region_model::get_representative_tree): Port to const svalue *.
|
||
(region_model::get_representative_path_var): Port to
|
||
const region *.
|
||
(region_model::get_path_vars_for_svalue): Delete.
|
||
(region_model::set_to_new_unknown_value): Delete.
|
||
(region_model::update_for_phis): Don't pass is_back_edge to handle_phi.
|
||
(region_model::update_for_call_superedge): Port from svalue_id to
|
||
const svalue *.
|
||
(region_model::update_for_return_superedge): Port to store-based
|
||
implementation.
|
||
(region_model::update_for_call_summary): Replace
|
||
set_to_new_unknown_value with mark_region_as_unknown.
|
||
(region_model::get_root_region): Delete.
|
||
(region_model::get_stack_region_id): Delete.
|
||
(region_model::push_frame): Delete.
|
||
(region_model::get_current_frame_id): Delete.
|
||
(region_model::get_current_function): Delete.
|
||
(region_model::pop_frame): Delete.
|
||
(region_model::on_top_level_param): New.
|
||
(region_model::get_stack_depth): Delete.
|
||
(region_model::get_function_at_depth): Delete.
|
||
(region_model::get_globals_region_id): Delete.
|
||
(region_model::add_svalue): Delete.
|
||
(region_model::replace_svalue): Delete.
|
||
(region_model::add_region): Delete.
|
||
(region_model::get_svalue): Delete.
|
||
(region_model::get_region): Delete.
|
||
(make_region_for_type): Delete.
|
||
(region_model::add_region_for_type): Delete.
|
||
(region_model::on_top_level_param): New.
|
||
(class restrict_to_used_svalues): Delete.
|
||
(region_model::purge_unused_svalues): Delete.
|
||
(region_model::push_frame): New.
|
||
(region_model::remap_svalue_ids): Delete.
|
||
(region_model::remap_region_ids): Delete.
|
||
(region_model::purge_regions): Delete.
|
||
(region_model::get_descendents): Delete.
|
||
(region_model::delete_region_and_descendents): Delete.
|
||
(region_model::poison_any_pointers_to_bad_regions): Delete.
|
||
(region_model::can_merge_with_p): Delete.
|
||
(region_model::get_current_function): New.
|
||
(region_model::get_value_by_name): Delete.
|
||
(region_model::convert_byte_offset_to_array_index): Delete.
|
||
(region_model::pop_frame): New.
|
||
(region_model::get_or_create_mem_ref): Delete.
|
||
(region_model::get_stack_depth): New.
|
||
(region_model::get_frame_at_index): New.
|
||
(region_model::unbind_region_and_descendents): New.
|
||
(struct bad_pointer_finder): New.
|
||
(region_model::get_or_create_pointer_plus_expr): Delete.
|
||
(region_model::poison_any_pointers_to_descendents): New.
|
||
(region_model::get_or_create_view): Delete.
|
||
(region_model::can_merge_with_p): New.
|
||
(region_model::get_fndecl_for_call): Port from svalue_id to
|
||
const svalue *.
|
||
(struct append_ssa_names_cb_data): New.
|
||
(get_ssa_name_regions_for_current_frame): New.
|
||
(region_model::append_ssa_names_cb): New.
|
||
(model_merger::dump_to_pp): Add "simple" param. Drop dumping of
|
||
remappings.
|
||
(model_merger::dump): Add "simple" param to both overloads.
|
||
(model_merger::can_merge_values_p): Delete.
|
||
(model_merger::record_regions): Delete.
|
||
(model_merger::record_svalues): Delete.
|
||
(svalue_id_merger_mapping::svalue_id_merger_mapping): Delete.
|
||
(svalue_id_merger_mapping::dump_to_pp): Delete.
|
||
(svalue_id_merger_mapping::dump): Delete.
|
||
(region_model::create_region_for_heap_alloc): New.
|
||
(region_model::create_region_for_alloca): New.
|
||
(region_model::record_dynamic_extents): New.
|
||
(canonicalization::canonicalization): Delete.
|
||
(canonicalization::walk_rid): Delete.
|
||
(canonicalization::walk_sid): Delete.
|
||
(canonicalization::dump_to_pp): Delete.
|
||
(canonicalization::dump): Delete.
|
||
(inchash::add): Delete overloads for svalue_id and region_id.
|
||
(engine::log_stats): New.
|
||
(assert_condition): Add overload comparing svalues.
|
||
(assert_dump_eq): Pass "true" for multiline.
|
||
(selftest::test_dump): Update for rewrite of region_model.
|
||
(selftest::test_dump_2): Rename to...
|
||
(selftest::test_struct): ...this. Provide a region_model_manager
|
||
when creating region_model instance. Remove dump test. Add
|
||
checks for get_offset.
|
||
(selftest::test_dump_3): Rename to...
|
||
(selftest::test_array_1): ...this. Provide a region_model_manager
|
||
when creating region_model instance. Remove dump test.
|
||
(selftest::test_get_representative_tree): Port from svalue_id to
|
||
new API. Add test coverage for various expressions.
|
||
(selftest::test_unique_constants): Provide a region_model_manager
|
||
for the region_model. Add test coverage for comparing const vs
|
||
non-const.
|
||
(selftest::test_svalue_equality): Delete.
|
||
(selftest::test_region_equality): Delete.
|
||
(selftest::test_unique_unknowns): New.
|
||
(class purge_all_svalue_ids): Delete.
|
||
(class purge_one_svalue_id): Delete.
|
||
(selftest::test_purging_by_criteria): Delete.
|
||
(selftest::test_initial_svalue_folding): New.
|
||
(selftest::test_unaryop_svalue_folding): New.
|
||
(selftest::test_binop_svalue_folding): New.
|
||
(selftest::test_sub_svalue_folding): New.
|
||
(selftest::test_purge_unused_svalues): Delete.
|
||
(selftest::test_descendent_of_p): New.
|
||
(selftest::test_assignment): Provide a region_model_manager for
|
||
the region_model. Drop the dump test.
|
||
(selftest::test_compound_assignment): Likewise.
|
||
(selftest::test_stack_frames): Port to new implementation.
|
||
(selftest::test_get_representative_path_var): Likewise.
|
||
(selftest::test_canonicalization_1): Rename to...
|
||
(selftest::test_equality_1): ...this. Port to new API, and add
|
||
(selftest::test_canonicalization_2): Provide a
|
||
region_model_manager when creating region_model instances.
|
||
Remove redundant canicalization.
|
||
(selftest::test_canonicalization_3): Provide a
|
||
region_model_manager when creating region_model instances.
|
||
Remove param from calls to region_model::canonicalize.
|
||
(selftest::test_canonicalization_4): Likewise.
|
||
(selftest::assert_region_models_merge): Constify
|
||
out_merged_svalue. Port to new API.
|
||
(selftest::test_state_merging): Provide a
|
||
region_model_manager when creating region_model instances.
|
||
Provide a program_point point when merging them. Replace
|
||
set_to_new_unknown_value with usage of placeholder_svalues.
|
||
Drop get_value_by_name. Port from svalue_id to const svalue *.
|
||
Add test of heap allocation.
|
||
(selftest::test_constraint_merging): Provide a
|
||
region_model_manager when creating region_model instances.
|
||
Provide a program_point point when merging them. Eliminate use
|
||
of set_to_new_unknown_value.
|
||
(selftest::test_widening_constraints): New.
|
||
(selftest::test_iteration_1): New.
|
||
(selftest::test_malloc_constraints): Port to store-based
|
||
implementation.
|
||
(selftest::test_var): New test.
|
||
(selftest::test_array_2): New test.
|
||
(selftest::test_mem_ref): New test.
|
||
(selftest::test_POINTER_PLUS_EXPR_then_MEM_REF): New.
|
||
(selftest::test_malloc): New.
|
||
(selftest::test_alloca): New.
|
||
(selftest::analyzer_region_model_cc_tests): Update for renamings.
|
||
Call new functions.
|
||
* region-model.h (class path_var): Move to analyzer.h.
|
||
(class svalue_id): Delete.
|
||
(class region_id): Delete.
|
||
(class id_map): Delete.
|
||
(svalue_id_map): Delete.
|
||
(region_id_map): Delete.
|
||
(id_map<T>::id_map): Delete.
|
||
(id_map<T>::put): Delete.
|
||
(id_map<T>::get_dst_for_src): Delete.
|
||
(id_map<T>::get_src_for_dst): Delete.
|
||
(id_map<T>::dump_to_pp): Delete.
|
||
(id_map<T>::dump): Delete.
|
||
(id_map<T>::update): Delete.
|
||
(one_way_svalue_id_map): Delete.
|
||
(one_way_region_id_map): Delete.
|
||
(class region_id_set): Delete.
|
||
(class svalue_id_set): Delete.
|
||
(struct complexity): New.
|
||
(class visitor): New.
|
||
(enum svalue_kind): Add SK_SETJMP, SK_INITIAL, SK_UNARYOP,
|
||
SK_BINOP, SK_SUB,SK_UNMERGEABLE, SK_PLACEHOLDER, SK_WIDENING,
|
||
SK_COMPOUND, and SK_CONJURED.
|
||
(svalue::operator==): Delete.
|
||
(svalue::operator!=): Delete.
|
||
(svalue::clone): Delete.
|
||
(svalue::hash): Delete.
|
||
(svalue::dump_dot_to_pp): Delete.
|
||
(svalue::dump_to_pp): New.
|
||
(svalue::dump): New.
|
||
(svalue::get_desc): New.
|
||
(svalue::dyn_cast_initial_svalue): New.
|
||
(svalue::dyn_cast_unaryop_svalue): New.
|
||
(svalue::dyn_cast_binop_svalue): New.
|
||
(svalue::dyn_cast_sub_svalue): New.
|
||
(svalue::dyn_cast_unmergeable_svalue): New.
|
||
(svalue::dyn_cast_widening_svalue): New.
|
||
(svalue::dyn_cast_compound_svalue): New.
|
||
(svalue::dyn_cast_conjured_svalue): New.
|
||
(svalue::maybe_undo_cast): New.
|
||
(svalue::unwrap_any_unmergeable): New.
|
||
(svalue::remap_region_ids): Delete
|
||
(svalue::can_merge_p): New.
|
||
(svalue::walk_for_canonicalization): Delete
|
||
(svalue::get_complexity): New.
|
||
(svalue::get_child_sid): Delete
|
||
(svalue::accept): New.
|
||
(svalue::live_p): New.
|
||
(svalue::implicitly_live_p): New.
|
||
(svalue::svalue): Add complexity param.
|
||
(svalue::add_to_hash): Delete
|
||
(svalue::print_details): Delete
|
||
(svalue::m_complexity): New field.
|
||
(region_svalue::key_t): New struct.
|
||
(region_svalue::region_svalue): Port from region_id to
|
||
const region_id *. Add complexity.
|
||
(region_svalue::compare_fields): Delete.
|
||
(region_svalue::clone): Delete.
|
||
(region_svalue::dump_dot_to_pp): Delete.
|
||
(region_svalue::get_pointee): Port from region_id to
|
||
const region_id *.
|
||
(region_svalue::remap_region_ids): Delete.
|
||
(region_svalue::merge_values): Delete.
|
||
(region_svalue::dump_to_pp): New.
|
||
(region_svalue::accept): New.
|
||
(region_svalue::walk_for_canonicalization): Delete.
|
||
(region_svalue::eval_condition): Make params const.
|
||
(region_svalue::add_to_hash): Delete.
|
||
(region_svalue::print_details): Delete.
|
||
(region_svalue::m_rid): Replace with...
|
||
(region_svalue::m_reg): ...this.
|
||
(is_a_helper <region_svalue *>::test): Convert to...
|
||
(is_a_helper <const region_svalue *>::test): ...this.
|
||
(template <> struct default_hash_traits<region_svalue::key_t>):
|
||
New.
|
||
(constant_svalue::constant_svalue): Add complexity.
|
||
(constant_svalue::compare_fields): Delete.
|
||
(constant_svalue::clone): Delete.
|
||
(constant_svalue::add_to_hash): Delete.
|
||
(constant_svalue::dump_to_pp): New.
|
||
(constant_svalue::accept): New.
|
||
(constant_svalue::implicitly_live_p): New.
|
||
(constant_svalue::merge_values): Delete.
|
||
(constant_svalue::eval_condition): Make params const.
|
||
(constant_svalue::get_child_sid): Delete.
|
||
(constant_svalue::print_details): Delete.
|
||
(is_a_helper <constant_svalue *>::test): Convert to...
|
||
(is_a_helper <const constant_svalue *>::test): ...this.
|
||
(class unknown_svalue): Update leading comment.
|
||
(unknown_svalue::unknown_svalue): Add complexity.
|
||
(unknown_svalue::compare_fields): Delete.
|
||
(unknown_svalue::add_to_hash): Delete.
|
||
(unknown_svalue::dyn_cast_unknown_svalue): Delete.
|
||
(unknown_svalue::print_details): Delete.
|
||
(unknown_svalue::dump_to_pp): New.
|
||
(unknown_svalue::accept): New.
|
||
(poisoned_svalue::key_t): New struct.
|
||
(poisoned_svalue::poisoned_svalue): Add complexity.
|
||
(poisoned_svalue::compare_fields): Delete.
|
||
(poisoned_svalue::clone): Delete.
|
||
(poisoned_svalue::add_to_hash): Delete.
|
||
(poisoned_svalue::dump_to_pp): New.
|
||
(poisoned_svalue::accept): New.
|
||
(poisoned_svalue::print_details): Delete.
|
||
(is_a_helper <poisoned_svalue *>::test): Convert to...
|
||
(is_a_helper <const poisoned_svalue *>::test): ...this.
|
||
(template <> struct default_hash_traits<poisoned_svalue::key_t>):
|
||
New.
|
||
(setjmp_record::add_to_hash): New.
|
||
(setjmp_svalue::key_t): New struct.
|
||
(setjmp_svalue::compare_fields): Delete.
|
||
(setjmp_svalue::clone): Delete.
|
||
(setjmp_svalue::add_to_hash): Delete.
|
||
(setjmp_svalue::setjmp_svalue): Add complexity.
|
||
(setjmp_svalue::dump_to_pp): New.
|
||
(setjmp_svalue::accept): New.
|
||
(setjmp_svalue::void print_details): Delete.
|
||
(is_a_helper <const setjmp_svalue *>::test): New.
|
||
(template <> struct default_hash_traits<setjmp_svalue::key_t>): New.
|
||
(class initial_svalue : public svalue): New.
|
||
(is_a_helper <const initial_svalue *>::test): New.
|
||
(class unaryop_svalue): New.
|
||
(is_a_helper <const unaryop_svalue *>::test): New.
|
||
(template <> struct default_hash_traits<unaryop_svalue::key_t>): New.
|
||
(class binop_svalue): New.
|
||
(is_a_helper <const binop_svalue *>::test): New.
|
||
(template <> struct default_hash_traits<binop_svalue::key_t>): New.
|
||
(class sub_svalue): New.
|
||
(is_a_helper <const sub_svalue *>::test): New.
|
||
(template <> struct default_hash_traits<sub_svalue::key_t>): New.
|
||
(class unmergeable_svalue): New.
|
||
(is_a_helper <const unmergeable_svalue *>::test): New.
|
||
(class placeholder_svalue): New.
|
||
(is_a_helper <placeholder_svalue *>::test): New.
|
||
(class widening_svalue): New.
|
||
(is_a_helper <widening_svalue *>::test): New.
|
||
(template <> struct default_hash_traits<widening_svalue::key_t>): New.
|
||
(class compound_svalue): New.
|
||
(is_a_helper <compound_svalue *>::test): New.
|
||
(template <> struct default_hash_traits<compound_svalue::key_t>): New.
|
||
(class conjured_svalue): New.
|
||
(is_a_helper <conjured_svalue *>::test): New.
|
||
(template <> struct default_hash_traits<conjured_svalue::key_t>): New.
|
||
(enum region_kind): Delete RK_PRIMITIVE, RK_STRUCT, RK_UNION, and
|
||
RK_ARRAY. Add RK_LABEL, RK_DECL, RK_FIELD, RK_ELEMENT, RK_OFFSET,
|
||
RK_CAST, RK_HEAP_ALLOCATED, RK_ALLOCA, RK_STRING, and RK_UNKNOWN.
|
||
(region_kind_to_str): Delete.
|
||
(region::~region): Move implementation to region.cc.
|
||
(region::operator==): Delete.
|
||
(region::operator!=): Delete.
|
||
(region::clone): Delete.
|
||
(region::get_id): New.
|
||
(region::cmp_ids): New.
|
||
(region::dyn_cast_map_region): Delete.
|
||
(region::dyn_cast_array_region): Delete.
|
||
(region::region_id get_parent): Delete.
|
||
(region::get_parent_region): Convert to a simple accessor.
|
||
(region::void set_value): Delete.
|
||
(region::svalue_id get_value): Delete.
|
||
(region::svalue_id get_value_direct): Delete.
|
||
(region::svalue_id get_inherited_child_sid): Delete.
|
||
(region::dyn_cast_frame_region): New.
|
||
(region::dyn_cast_function_region): New.
|
||
(region::dyn_cast_decl_region): New.
|
||
(region::dyn_cast_field_region): New.
|
||
(region::dyn_cast_element_region): New.
|
||
(region::dyn_cast_offset_region): New.
|
||
(region::dyn_cast_cast_region): New.
|
||
(region::dyn_cast_string_region): New.
|
||
(region::accept): New.
|
||
(region::get_base_region): New.
|
||
(region::base_region_p): New.
|
||
(region::descendent_of_p): New.
|
||
(region::maybe_get_frame_region): New.
|
||
(region::maybe_get_decl): New.
|
||
(region::hash): Delete.
|
||
(region::rint): Delete.
|
||
(region::dump_dot_to_pp): Delete.
|
||
(region::get_desc): New.
|
||
(region::dump_to_pp): Convert to vfunc, changing signature.
|
||
(region::dump_child_label): Delete.
|
||
(region::remap_svalue_ids): Delete.
|
||
(region::remap_region_ids): Delete.
|
||
(region::dump): New.
|
||
(region::walk_for_canonicalization): Delete.
|
||
(region::non_null_p): Drop region_model param.
|
||
(region::add_view): Delete.
|
||
(region::get_view): Delete.
|
||
(region::get_active_view): Delete.
|
||
(region::is_view_p): Delete.
|
||
(region::cmp_ptrs): New.
|
||
(region::validate): Delete.
|
||
(region::get_offset): New.
|
||
(region::get_byte_size): New.
|
||
(region::get_bit_size): New.
|
||
(region::get_subregions_for_binding): New.
|
||
(region::region): Add complexity param. Convert parent from
|
||
region_id to const region *. Drop svalue_id. Drop copy ctor.
|
||
(region::symbolic_for_unknown_ptr_p): New.
|
||
(region::add_to_hash): Delete.
|
||
(region::print_fields): Delete.
|
||
(region::get_complexity): New accessor.
|
||
(region::become_active_view): Delete.
|
||
(region::deactivate_any_active_view): Delete.
|
||
(region::deactivate_view): Delete.
|
||
(region::calc_offset): New.
|
||
(region::m_parent_rid): Delete.
|
||
(region::m_sval_id): Delete.
|
||
(region::m_complexity): New.
|
||
(region::m_id): New.
|
||
(region::m_parent): New.
|
||
(region::m_view_rids): Delete.
|
||
(region::m_is_view): Delete.
|
||
(region::m_active_view_rid): Delete.
|
||
(region::m_cached_offset): New.
|
||
(is_a_helper <region *>::test): Convert to...
|
||
(is_a_helper <const region *>::test): ... this.
|
||
(class primitive_region): Delete.
|
||
(class space_region): New.
|
||
(class map_region): Delete.
|
||
(is_a_helper <map_region *>::test): Delete.
|
||
(class frame_region): Reimplement.
|
||
(template <> struct default_hash_traits<frame_region::key_t>):
|
||
New.
|
||
(class globals_region): Reimplement.
|
||
(is_a_helper <globals_region *>::test): Convert to...
|
||
(is_a_helper <const globals_region *>::test): ...this.
|
||
(class struct_or_union_region): Delete.
|
||
(is_a_helper <struct_or_union_region *>::test): Delete.
|
||
(class code_region): Reimplement.
|
||
(is_a_helper <const code_region *>::test): New.
|
||
(class struct_region): Delete.
|
||
(is_a_helper <struct_region *>::test): Delete.
|
||
(class function_region): Reimplement.
|
||
(is_a_helper <function_region *>::test): Convert to...
|
||
(is_a_helper <const function_region *>::test): ...this.
|
||
(class union_region): Delete.
|
||
(is_a_helper <union_region *>::test): Delete.
|
||
(class label_region): New.
|
||
(is_a_helper <const label_region *>::test): New.
|
||
(class scope_region): Delete.
|
||
(class stack_region): Reimplement.
|
||
(is_a_helper <stack_region *>::test): Convert to...
|
||
(is_a_helper <const stack_region *>::test): ...this.
|
||
(class heap_region): Reimplement.
|
||
(is_a_helper <heap_region *>::test): Convert to...
|
||
(is_a_helper <const heap_region *>::test): ...this.
|
||
(class root_region): Reimplement.
|
||
(is_a_helper <root_region *>::test): Convert to...
|
||
(is_a_helper <const root_region *>::test): ...this.
|
||
(class symbolic_region): Reimplement.
|
||
(is_a_helper <const symbolic_region *>::test): New.
|
||
(template <> struct default_hash_traits<symbolic_region::key_t>):
|
||
New.
|
||
(class decl_region): New.
|
||
(is_a_helper <const decl_region *>::test): New.
|
||
(class field_region): New.
|
||
(template <> struct default_hash_traits<field_region::key_t>): New.
|
||
(class array_region): Delete.
|
||
(class element_region): New.
|
||
(is_a_helper <array_region *>::test): Delete.
|
||
(is_a_helper <const element_region *>::test): New.
|
||
(template <> struct default_hash_traits<element_region::key_t>):
|
||
New.
|
||
(class offset_region): New.
|
||
(is_a_helper <const offset_region *>::test): New.
|
||
(template <> struct default_hash_traits<offset_region::key_t>):
|
||
New.
|
||
(class cast_region): New.
|
||
(is_a_helper <const cast_region *>::test): New.
|
||
(template <> struct default_hash_traits<cast_region::key_t>): New.
|
||
(class heap_allocated_region): New.
|
||
(class alloca_region): New.
|
||
(class string_region): New.
|
||
(is_a_helper <const string_region *>::test): New.
|
||
(class unknown_region): New.
|
||
(class region_model_manager): New.
|
||
(struct append_ssa_names_cb_data): New.
|
||
(class call_details): New.
|
||
(region_model::region_model): Add region_model_manager param.
|
||
(region_model::print_svalue): Delete.
|
||
(region_model::dump_dot_to_pp): Delete.
|
||
(region_model::dump_dot_to_file): Delete.
|
||
(region_model::dump_dot): Delete.
|
||
(region_model::dump_to_pp): Drop summarize param in favor of
|
||
simple and multiline.
|
||
(region_model::dump): Likewise.
|
||
(region_model::summarize_to_pp): Delete.
|
||
(region_model::summarize): Delete.
|
||
(region_model::void canonicalize): Drop ctxt param.
|
||
(region_model::void check_for_poison): Delete.
|
||
(region_model::get_gassign_result): New.
|
||
(region_model::impl_call_alloca): New.
|
||
(region_model::impl_call_analyzer_describe): New.
|
||
(region_model::impl_call_analyzer_eval): New.
|
||
(region_model::impl_call_builtin_expect): New.
|
||
(region_model::impl_call_calloc): New.
|
||
(region_model::impl_call_free): New.
|
||
(region_model::impl_call_malloc): New.
|
||
(region_model::impl_call_memset): New.
|
||
(region_model::impl_call_strlen): New.
|
||
(region_model::get_reachable_svalues): New.
|
||
(region_model::handle_phi): Drop is_back_edge param.
|
||
(region_model::region_id get_root_rid): Delete.
|
||
(region_model::root_region *get_root_region): Delete.
|
||
(region_model::region_id get_stack_region_id): Delete.
|
||
(region_model::push_frame): Convert from region_id and svalue_id
|
||
to const region * and const svalue *.
|
||
(region_model::get_current_frame_id): Replace with...
|
||
(region_model::get_current_frame): ...this.
|
||
(region_model::pop_frame): Convert from region_id to
|
||
const region *. Drop purge and stats param. Add out_result.
|
||
(region_model::function *get_function_at_depth): Delete.
|
||
(region_model::get_globals_region_id): Delete.
|
||
(region_model::add_svalue): Delete.
|
||
(region_model::replace_svalue): Delete.
|
||
(region_model::add_region): Delete.
|
||
(region_model::add_region_for_type): Delete.
|
||
(region_model::get_svalue): Delete.
|
||
(region_model::get_region): Delete.
|
||
(region_model::get_lvalue): Convert from region_id to
|
||
const region *.
|
||
(region_model::get_rvalue): Convert from svalue_id to
|
||
const svalue *.
|
||
(region_model::get_or_create_ptr_svalue): Delete.
|
||
(region_model::get_or_create_constant_svalue): Delete.
|
||
(region_model::get_svalue_for_fndecl): Delete.
|
||
(region_model::get_svalue_for_label): Delete.
|
||
(region_model::get_region_for_fndecl): Delete.
|
||
(region_model::get_region_for_label): Delete.
|
||
(region_model::get_frame_at_index (int index) const;): New.
|
||
(region_model::maybe_cast): Delete.
|
||
(region_model::maybe_cast_1): Delete.
|
||
(region_model::get_field_region): Delete.
|
||
(region_model::id deref_rvalue): Convert from region_id and
|
||
svalue_id to const region * and const svalue *. Drop overload,
|
||
passing in both a tree and an svalue.
|
||
(region_model::set_value): Convert from region_id and svalue_id to
|
||
const region * and const svalue *.
|
||
(region_model::set_to_new_unknown_value): Delete.
|
||
(region_model::clobber_region (const region *reg);): New.
|
||
(region_model::purge_region (const region *reg);): New.
|
||
(region_model::zero_fill_region (const region *reg);): New.
|
||
(region_model::mark_region_as_unknown (const region *reg);): New.
|
||
(region_model::copy_region): Convert from region_id to
|
||
const region *.
|
||
(region_model::eval_condition): Convert from svalue_id to
|
||
const svalue *.
|
||
(region_model::eval_condition_without_cm): Likewise.
|
||
(region_model::compare_initial_and_pointer): New.
|
||
(region_model:maybe_get_constant): Delete.
|
||
(region_model::add_new_malloc_region): Delete.
|
||
(region_model::get_representative_tree): Convert from svalue_id to
|
||
const svalue *.
|
||
(region_model::get_representative_path_var): Delete decl taking a
|
||
region_id in favor of two decls, for svalue vs region, with an
|
||
svalue_set to ensure termination.
|
||
(region_model::get_path_vars_for_svalue): Delete.
|
||
(region_model::create_region_for_heap_alloc): New.
|
||
(region_model::create_region_for_alloca): New.
|
||
(region_model::purge_unused_svalues): Delete.
|
||
(region_model::remap_svalue_ids): Delete.
|
||
(region_model::remap_region_ids): Delete.
|
||
(region_model::purge_regions): Delete.
|
||
(region_model::get_num_svalues): Delete.
|
||
(region_model::get_num_regions): Delete.
|
||
(region_model::get_descendents): Delete.
|
||
(region_model::get_store): New.
|
||
(region_model::delete_region_and_descendents): Delete.
|
||
(region_model::get_manager): New.
|
||
(region_model::unbind_region_and_descendents): New.
|
||
(region_model::can_merge_with_p): Add point param. Drop
|
||
svalue_id_merger_mapping.
|
||
(region_model::get_value_by_name): Delete.
|
||
(region_model::convert_byte_offset_to_array_index): Delete.
|
||
(region_model::get_or_create_mem_ref): Delete.
|
||
(region_model::get_or_create_pointer_plus_expr): Delete.
|
||
(region_model::get_or_create_view): Delete.
|
||
(region_model::get_lvalue_1): Convert from region_id to
|
||
const region *.
|
||
(region_model::get_rvalue_1): Convert from svalue_id to
|
||
const svalue *.
|
||
(region_model::get_ssa_name_regions_for_current_frame): New.
|
||
(region_model::append_ssa_names_cb): New.
|
||
(region_model::get_store_value): New.
|
||
(region_model::copy_struct_region): Delete.
|
||
(region_model::copy_union_region): Delete.
|
||
(region_model::copy_array_region): Delete.
|
||
(region_model::region_exists_p): New.
|
||
(region_model::make_region_for_unexpected_tree_code): Delete.
|
||
(region_model::loop_replay_fixup): New.
|
||
(region_model::poison_any_pointers_to_bad_regions): Delete.
|
||
(region_model::poison_any_pointers_to_descendents): New.
|
||
(region_model::dump_summary_of_rep_path_vars): Delete.
|
||
(region_model::on_top_level_param): New.
|
||
(region_model::record_dynamic_extents): New.
|
||
(region_model::m_mgr;): New.
|
||
(region_model::m_store;): New.
|
||
(region_model::m_svalues;): Delete.
|
||
(region_model::m_regions;): Delete.
|
||
(region_model::m_root_rid;): Delete.
|
||
(region_model::m_current_frame;): New.
|
||
(region_model_context::remap_svalue_ids): Delete.
|
||
(region_model_context::can_purge_p): Delete.
|
||
(region_model_context::on_svalue_leak): New.
|
||
(region_model_context::on_svalue_purge): Delete.
|
||
(region_model_context::on_liveness_change): New.
|
||
(region_model_context::on_inherited_svalue): Delete.
|
||
(region_model_context::on_cast): Delete.
|
||
(region_model_context::on_unknown_change): Convert from svalue_id to
|
||
const svalue * and add is_mutable.
|
||
(class noop_region_model_context): Update for region_model_context
|
||
changes.
|
||
(model_merger::model_merger): Add program_point. Drop
|
||
svalue_id_merger_mapping.
|
||
(model_merger::dump_to_pp): Add "simple" param.
|
||
(model_merger::dump): Likewise.
|
||
(model_merger::get_region_a): Delete.
|
||
(model_merger::get_region_b): Delete.
|
||
(model_merger::can_merge_values_p): Delete.
|
||
(model_merger::record_regions): Delete.
|
||
(model_merger::record_svalues): Delete.
|
||
(model_merger::m_point): New field.
|
||
(model_merger::m_map_regions_from_a_to_m): Delete.
|
||
(model_merger::m_map_regions_from_b_to_m): Delete.
|
||
(model_merger::m_sid_mapping): Delete.
|
||
(struct svalue_id_merger_mapping): Delete.
|
||
(class engine): New.
|
||
(struct canonicalization): Delete.
|
||
(inchash::add): Delete decls for hashing svalue_id and region_id.
|
||
(test_region_model_context::on_unexpected_tree_code): Require t to
|
||
be non-NULL.
|
||
(selftest::assert_condition): Add overload comparing a pair of
|
||
const svalue *.
|
||
* sm-file.cc: Include "tristate.h", "selftest.h",
|
||
"analyzer/call-string.h", "analyzer/program-point.h",
|
||
"analyzer/store.h", and "analyzer/region-model.h".
|
||
(fileptr_state_machine::get_default_state): New.
|
||
(fileptr_state_machine::on_stmt): Remove calls to
|
||
get_readable_tree in favor of get_diagnostic_tree.
|
||
* sm-malloc.cc: Include "tristate.h", "selftest.h",
|
||
"analyzer/call-string.h", "analyzer/program-point.h",
|
||
"analyzer/store.h", and "analyzer/region-model.h".
|
||
(malloc_state_machine::get_default_state): New.
|
||
(malloc_state_machine::reset_when_passed_to_unknown_fn_p): New.
|
||
(malloc_diagnostic::describe_state_change): Handle change.m_expr
|
||
being NULL.
|
||
(null_arg::emit): Avoid printing "NULL '0'".
|
||
(null_arg::describe_final_event): Avoid printing "(0) NULL".
|
||
(malloc_leak::emit): Handle m_arg being NULL.
|
||
(malloc_leak::describe_final_event): Handle ev.m_expr being NULL.
|
||
(malloc_state_machine::on_stmt): Don't call get_readable_tree.
|
||
Call get_diagnostic_tree when creating pending diagnostics.
|
||
Update for is_zero_assignment becoming a member function of
|
||
sm_ctxt.
|
||
Don't transition to m_non_heap for ADDR_EXPR(MEM_REF()).
|
||
(malloc_state_machine::reset_when_passed_to_unknown_fn_p): New
|
||
vfunc implementation.
|
||
* sm-sensitive.cc (sensitive_state_machine::warn_for_any_exposure): Call
|
||
get_diagnostic_tree and pass the result to warn_for_state.
|
||
* sm-signal.cc: Move includes of "analyzer/call-string.h" and
|
||
"analyzer/program-point.h" to before "analyzer/region-model.h",
|
||
and also include "analyzer/store.h" before it.
|
||
(signal_unsafe_call::describe_state_change): Use
|
||
get_dest_function to get handler.
|
||
(update_model_for_signal_handler): Pass manager to region_model
|
||
ctor.
|
||
(register_signal_handler::impl_transition): Update for changes to
|
||
get_or_create_node and add_edge.
|
||
* sm-taint.cc (taint_state_machine::on_stmt): Remove calls to
|
||
get_readable_tree, replacing them when calling warn_for_state with
|
||
calls to get_diagnostic_tree.
|
||
* sm.cc (is_zero_assignment): Delete.
|
||
(any_pointer_p): Move to within namespace ana.
|
||
* sm.h (is_zero_assignment): Remove decl.
|
||
(any_pointer_p): Move decl to within namespace ana.
|
||
(state_machine::get_default_state): New vfunc.
|
||
(state_machine::reset_when_passed_to_unknown_fn_p): New vfunc.
|
||
(sm_context::get_readable_tree): Rename to...
|
||
(sm_context::get_diagnostic_tree): ...this.
|
||
(sm_context::is_zero_assignment): New vfunc.
|
||
* store.cc: New file.
|
||
* store.h: New file.
|
||
* svalue.cc: New file.
|
||
|
||
2020-05-22 Mark Wielaard <mark@klomp.org>
|
||
|
||
* sm-signal.cc(signal_unsafe_call::emit): Possibly add
|
||
gcc_rich_location note for replacement.
|
||
(signal_unsafe_call::get_replacement_fn): New private function.
|
||
(get_async_signal_unsafe_fns): Add "exit".
|
||
|
||
2020-04-28 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/94816
|
||
* engine.cc (impl_region_model_context::on_unexpected_tree_code):
|
||
Handle NULL tree.
|
||
* region-model.cc (region_model::add_region_for_type): Handle
|
||
NULL type.
|
||
* region-model.h
|
||
(test_region_model_context::on_unexpected_tree_code): Handle NULL
|
||
tree.
|
||
|
||
2020-04-28 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/94447
|
||
PR analyzer/94639
|
||
PR analyzer/94732
|
||
PR analyzer/94754
|
||
* analyzer.opt (Wanalyzer-use-of-uninitialized-value): Delete.
|
||
* program-state.cc (selftest::test_program_state_dumping): Update
|
||
expected dump result for removal of "uninit".
|
||
* region-model.cc (poison_kind_to_str): Delete POISON_KIND_UNINIT
|
||
case.
|
||
(root_region::ensure_stack_region): Initialize stack with null
|
||
svalue_id rather than with a typeless POISON_KIND_UNINIT value.
|
||
(root_region::ensure_heap_region): Likewise for the heap.
|
||
(region_model::dump_summary_of_rep_path_vars): Remove
|
||
summarization of uninit values.
|
||
(region_model::validate): Remove check that the stack has a
|
||
POISON_KIND_UNINIT value.
|
||
(poisoned_value_diagnostic::emit): Remove POISON_KIND_UNINIT
|
||
case.
|
||
(poisoned_value_diagnostic::describe_final_event): Likewise.
|
||
(selftest::test_dump): Update expected dump result for removal of
|
||
"uninit".
|
||
(selftest::test_svalue_equality): Remove "uninit" and "freed".
|
||
* region-model.h (enum poison_kind): Remove POISON_KIND_UNINIT.
|
||
|
||
2020-04-01 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/94378
|
||
* checker-path.cc: Include "bitmap.h".
|
||
* constraint-manager.cc: Likewise.
|
||
* diagnostic-manager.cc: Likewise.
|
||
* engine.cc: Likewise.
|
||
(exploded_node::detect_leaks): Pass null region_id to pop_frame.
|
||
* program-point.cc: Include "bitmap.h".
|
||
* program-state.cc: Likewise.
|
||
* region-model.cc (id_set<region_id>::id_set): Convert to...
|
||
(region_id_set::region_id_set): ...this.
|
||
(svalue_id_set::svalue_id_set): New ctor.
|
||
(region_model::copy_region): New function.
|
||
(region_model::copy_struct_region): New function.
|
||
(region_model::copy_union_region): New function.
|
||
(region_model::copy_array_region): New function.
|
||
(stack_region::pop_frame): Drop return value. Add
|
||
"result_dst_rid" param; if it is non-null, use copy_region to copy
|
||
the result to it. Rather than capture and pass a single "known
|
||
used" return value to be used by purge_unused_values, instead
|
||
gather and pass a set of known used return values.
|
||
(root_region::pop_frame): Drop return value. Add "result_dst_rid"
|
||
param.
|
||
(region_model::on_assignment): Use copy_region.
|
||
(region_model::on_return): Likewise for the result.
|
||
(region_model::on_longjmp): Pass null for pop_frame's
|
||
result_dst_rid.
|
||
(region_model::update_for_return_superedge): Pass the region for the
|
||
return value of the call, if any, to pop_frame, rather than setting
|
||
the lvalue for the lhs of the result.
|
||
(region_model::pop_frame): Drop return value. Add
|
||
"result_dst_rid" param.
|
||
(region_model::purge_unused_svalues): Convert third param from an
|
||
svalue_id * to an svalue_id_set *, updating the initial populating
|
||
of the "used" bitmap accordingly. Don't remap it when done.
|
||
(struct selftest::coord_test): New selftest fixture, extracted from...
|
||
(selftest::test_dump_2): ...here.
|
||
(selftest::test_compound_assignment): New selftest.
|
||
(selftest::test_stack_frames): Pass null to new param of pop_frame.
|
||
(selftest::analyzer_region_model_cc_tests): Call the new selftest.
|
||
* region-model.h (class id_set): Delete template.
|
||
(class region_id_set): Reimplement, using old id_set implementation.
|
||
(class svalue_id_set): Likewise. Convert from auto_sbitmap to
|
||
auto_bitmap.
|
||
(region::get_active_view): New accessor.
|
||
(stack_region::pop_frame): Drop return value. Add
|
||
"result_dst_rid" param.
|
||
(root_region::pop_frame): Likewise.
|
||
(region_model::pop_frame): Likewise.
|
||
(region_model::copy_region): New decl.
|
||
(region_model::purge_unused_svalues): Convert third param from an
|
||
svalue_id * to an svalue_id_set *.
|
||
(region_model::copy_struct_region): New decl.
|
||
(region_model::copy_union_region): New decl.
|
||
(region_model::copy_array_region): New decl.
|
||
|
||
2020-03-27 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* program-state.cc (selftest::test_program_state_dumping): Update
|
||
expected dump to include symbolic_region's possibly_null field.
|
||
* region-model.cc (symbolic_region::print_fields): New vfunc
|
||
implementation.
|
||
(region_model::add_constraint): Clear m_possibly_null from
|
||
symbolic_regions now known to be non-NULL.
|
||
(selftest::test_malloc_constraints): New selftest.
|
||
(selftest::analyzer_region_model_cc_tests): Call it.
|
||
* region-model.h (region::dyn_cast_symbolic_region): Add non-const
|
||
overload.
|
||
(symbolic_region::dyn_cast_symbolic_region): Implement it.
|
||
(symbolic_region::print_fields): New vfunc override decl.
|
||
|
||
2020-03-27 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* analyzer.h (class feasibility_problem): New forward decl.
|
||
* diagnostic-manager.cc (saved_diagnostic::saved_diagnostic):
|
||
Initialize new fields m_status, m_epath_length, and m_problem.
|
||
(saved_diagnostic::~saved_diagnostic): Delete m_problem.
|
||
(dedupe_candidate::dedupe_candidate): Convert "sd" param from a
|
||
const ref to a mutable ptr.
|
||
(dedupe_winners::add): Convert "sd" param from a const ref to a
|
||
mutable ptr. Record the length of the exploded_path. Record the
|
||
feasibility/infeasibility of sd into sd, capturing a
|
||
feasibility_problem when feasible_p fails, and storing it in sd.
|
||
(diagnostic_manager::emit_saved_diagnostics): Update for pass by
|
||
ptr rather than by const ref.
|
||
* diagnostic-manager.h (class saved_diagnostic): Add new enum
|
||
status. Add fields m_status, m_epath_length and m_problem.
|
||
(saved_diagnostic::set_feasible): New member function.
|
||
(saved_diagnostic::set_infeasible): New member function.
|
||
(saved_diagnostic::get_feasibility_problem): New accessor.
|
||
(saved_diagnostic::get_status): New accessor.
|
||
(saved_diagnostic::set_epath_length): New member function.
|
||
(saved_diagnostic::get_epath_length): New accessor.
|
||
* engine.cc: Include "gimple-pretty-print.h".
|
||
(exploded_path::feasible_p): Add OUT param and, if non-NULL, write
|
||
a new feasibility_problem to it on failure.
|
||
(viz_callgraph_node::dump_dot): Convert begin_tr calls to
|
||
begin_trtd. Convert end_tr calls to end_tdtr.
|
||
(class exploded_graph_annotator): New subclass of dot_annotator.
|
||
(impl_run_checkers): Add a second -fdump-analyzer-supergraph dump
|
||
after the analysis runs, using exploded_graph_annotator. dumping
|
||
to DUMP_BASE_NAME.supergraph-eg.dot.
|
||
* exploded-graph.h (exploded_node::get_dot_fillcolor): Make
|
||
public.
|
||
(exploded_path::feasible_p): Add OUT param.
|
||
(class feasibility_problem): New class.
|
||
* state-purge.cc (state_purge_annotator::add_node_annotations):
|
||
Return a bool, add a "within_table" param.
|
||
(print_vec_of_names): Convert begin_tr calls to begin_trtd.
|
||
Convert end_tr calls to end_tdtr.
|
||
(state_purge_annotator::add_stmt_annotations): Add "within_row"
|
||
param.
|
||
* state-purge.h ((state_purge_annotator::add_node_annotations):
|
||
Return a bool, add a "within_table" param.
|
||
(state_purge_annotator::add_stmt_annotations): Add "within_row"
|
||
param.
|
||
* supergraph.cc (supernode::dump_dot): Call add_node_annotations
|
||
twice: as before, passing false for "within_table", then again
|
||
with true when within the TABLE element. Convert some begin_tr
|
||
calls to begin_trtd, and some end_tr calls to end_tdtr.
|
||
Repeat each add_stmt_annotations call, distinguishing between
|
||
calls that add TRs and those that add TDs to an existing TR.
|
||
Add a call to add_after_node_annotations.
|
||
* supergraph.h (dot_annotator::add_node_annotations): Add a
|
||
"within_table" param.
|
||
(dot_annotator::add_stmt_annotations): Add a "within_row" param.
|
||
(dot_annotator::add_after_node_annotations): New vfunc.
|
||
|
||
2020-03-27 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* diagnostic-manager.cc (dedupe_winners::add): Show the
|
||
exploded_node index in the log messages.
|
||
(diagnostic_manager::emit_saved_diagnostics): Log a summary of
|
||
m_saved_diagnostics at entry.
|
||
|
||
2020-03-27 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* supergraph.cc (superedge::dump): Add space before description;
|
||
move newline to non-pretty_printer overload.
|
||
|
||
2020-03-18 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* region-model.cc: Include "stor-layout.h".
|
||
(region_model::dump_to_pp): Rather than calling
|
||
dump_summary_of_map on each of the current frame and the globals,
|
||
instead get a vec of representative path_vars for all regions,
|
||
and then dump a summary of all of them.
|
||
(region_model::dump_summary_of_map): Delete, rewriting into...
|
||
(region_model::dump_summary_of_rep_path_vars): ...this new
|
||
function, working on a vec of path_vars.
|
||
(region_model::set_value): New overload.
|
||
(region_model::get_representative_path_var): Rename
|
||
"parent_region" local to "parent_reg" and consolidate with other
|
||
local. Guard test for grandparent being stack on parent_reg being
|
||
non-NULL. Move handling for parent being an array_region to
|
||
within guard for parent_reg being non-NULL.
|
||
(selftest::make_test_compound_type): New function.
|
||
(selftest::test_dump_2): New selftest.
|
||
(selftest::test_dump_3): New selftest.
|
||
(selftest::test_stack_frames): Update expected output from
|
||
simplified dump to show "a" and "b" from parent frame and "y" in
|
||
child frame.
|
||
(selftest::analyzer_region_model_cc_tests): Call test_dump_2 and
|
||
test_dump_3.
|
||
* region-model.h (region_model::set_value): New overload decl.
|
||
(region_model::dump_summary_of_map): Delete.
|
||
(region_model::dump_summary_of_rep_path_vars): New.
|
||
|
||
2020-03-18 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* region-model.h (class noop_region_model_context): New subclass
|
||
of region_model_context.
|
||
(class tentative_region_model_context): Inherit from
|
||
noop_region_model_context rather than from region_model_context;
|
||
drop redundant vfunc implementations.
|
||
(class test_region_model_context): Likewise.
|
||
|
||
2020-03-18 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* engine.cc (exploded_node::exploded_node): Move implementation
|
||
here from header; accept point_and_state by const reference rather
|
||
than by value.
|
||
* exploded-graph.h (exploded_node::exploded_node): Pass
|
||
point_and_state by const reference rather than by value. Move
|
||
body to engine.cc.
|
||
|
||
2020-03-18 Jakub Jelinek <jakub@redhat.com>
|
||
|
||
* sm-malloc.cc (malloc_state_machine::on_stmt): Fix up duplicated word
|
||
issue in a comment.
|
||
* region-model.cc (region_model::make_region_for_unexpected_tree_code,
|
||
region_model::delete_region_and_descendents): Likewise.
|
||
* engine.cc (class exploded_cluster): Likewise.
|
||
* diagnostic-manager.cc (class path_builder): Likewise.
|
||
|
||
2020-03-13 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/94099
|
||
PR analyzer/94105
|
||
* diagnostic-manager.cc (for_each_state_change): Bulletproof
|
||
against errors in get_rvalue by passing a
|
||
tentative_region_model_context and rejecting if there's an error.
|
||
* region-model.cc (region_model::get_lvalue_1): When handling
|
||
ARRAY_REF, handle results of error-handling. Handle NOP_EXPR.
|
||
|
||
2020-03-06 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* analyzer.h (class array_region): New forward decl.
|
||
* program-state.cc (selftest::test_program_state_dumping_2): New.
|
||
(selftest::analyzer_program_state_cc_tests): Call it.
|
||
* region-model.cc (array_region::constant_from_key): New.
|
||
(region_model::get_representative_tree): Handle region_svalue by
|
||
generating an ADDR_EXPR.
|
||
(region_model::get_representative_path_var): In view handling,
|
||
remove erroneous TREE_TYPE when determining the type of the tree.
|
||
Handle array regions and STRING_CST.
|
||
(selftest::assert_dump_tree_eq): New.
|
||
(ASSERT_DUMP_TREE_EQ): New macro.
|
||
(selftest::test_get_representative_tree): New selftest.
|
||
(selftest::analyzer_region_model_cc_tests): Call it.
|
||
* region-model.h (region::dyn_cast_array_region): New vfunc.
|
||
(array_region::dyn_cast_array_region): New vfunc implementation.
|
||
(array_region::constant_from_key): New decl.
|
||
|
||
2020-03-06 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* analyzer.h (dump_quoted_tree): New decl.
|
||
* engine.cc (exploded_node::dump_dot): Pass region model to
|
||
sm_state_map::print.
|
||
* program-state.cc: Include diagnostic-core.h.
|
||
(sm_state_map::print): Add "model" param and use it to print
|
||
representative trees. Only print origin information if non-null.
|
||
(sm_state_map::dump): Pass NULL for model to print call.
|
||
(program_state::print): Pass region model to sm_state_map::print.
|
||
(program_state::dump_to_pp): Use spaces rather than newlines when
|
||
summarizing. Pass region_model to sm_state_map::print.
|
||
(ana::selftest::assert_dump_eq): New function.
|
||
(ASSERT_DUMP_EQ): New macro.
|
||
(ana::selftest::test_program_state_dumping): New function.
|
||
(ana::selftest::analyzer_program_state_cc_tests): Call it.
|
||
* program-state.h (program_state::print): Add model param.
|
||
* region-model.cc (dump_quoted_tree): New function.
|
||
(map_region::print_fields): Use dump_quoted_tree rather than
|
||
%qE to avoid lang-dependent output.
|
||
(map_region::dump_child_label): Likewise.
|
||
(region_model::dump_summary_of_map): For SK_REGION, when
|
||
get_representative_path_var fails, print the region id rather than
|
||
erroneously printing NULL.
|
||
* sm.cc (state_machine::get_state_by_name): New function.
|
||
* sm.h (state_machine::get_state_by_name): New decl.
|
||
|
||
2020-03-04 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* region-model.cc (region::validate): Convert model param from ptr
|
||
to reference. Update comment to reflect that it's now a vfunc.
|
||
(map_region::validate): New vfunc implementation.
|
||
(array_region::validate): New vfunc implementation.
|
||
(stack_region::validate): New vfunc implementation.
|
||
(root_region::validate): New vfunc implementation.
|
||
(region_model::validate): Pass a reference rather than a pointer
|
||
to the region::validate vfunc.
|
||
* region-model.h (region::validate): Make virtual. Convert model
|
||
param from ptr to reference.
|
||
(map_region::validate): New vfunc decl.
|
||
(array_region::validate): New vfunc decl.
|
||
(stack_region::validate): New vfunc decl.
|
||
(root_region::validate): New vfunc decl.
|
||
|
||
2020-03-04 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93993
|
||
* region-model.cc (region_model::on_call_pre): Handle
|
||
BUILT_IN_EXPECT and its variants.
|
||
(region_model::add_any_constraints_from_ssa_def_stmt): Split out
|
||
gassign handling into add_any_constraints_from_gassign; add gcall
|
||
handling.
|
||
(region_model::add_any_constraints_from_gassign): New function,
|
||
based on the above. Add handling for NOP_EXPR.
|
||
(region_model::add_any_constraints_from_gcall): New function.
|
||
(region_model::get_representative_path_var): Handle views.
|
||
* region-model.h
|
||
(region_model::add_any_constraints_from_ssa_def_stmt): New decl.
|
||
(region_model::add_any_constraints_from_gassign): New decl.
|
||
|
||
2020-03-04 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93993
|
||
* checker-path.h (state_change_event::get_lvalue): Add ctxt param
|
||
and pass it to region_model::get_value call.
|
||
* diagnostic-manager.cc (get_any_origin): Pass a
|
||
tentative_region_model_context to the calls to get_lvalue and reject
|
||
the comparison if errors occur.
|
||
(can_be_expr_of_interest_p): New function.
|
||
(diagnostic_manager::prune_for_sm_diagnostic): Replace checks for
|
||
CONSTANT_CLASS_P with calls to update_for_unsuitable_sm_exprs.
|
||
Pass a tentative_region_model_context to the calls to
|
||
state_change_event::get_lvalue and reject the comparison if errors
|
||
occur.
|
||
(diagnostic_manager::update_for_unsuitable_sm_exprs): New.
|
||
* diagnostic-manager.h
|
||
(diagnostic_manager::update_for_unsuitable_sm_exprs): New decl.
|
||
* region-model.h (class tentative_region_model_context): New class.
|
||
|
||
2020-03-04 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* engine.cc (worklist::worklist): Remove unused field m_eg.
|
||
(class viz_callgraph_edge): Remove unused field m_call_sedge.
|
||
(class viz_callgraph): Remove unused field m_sg.
|
||
* exploded-graph.h (worklist::::m_eg): Remove unused field.
|
||
|
||
2020-03-02 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* analyzer.opt (fanalyzer-show-duplicate-count): New option.
|
||
* diagnostic-manager.cc
|
||
(diagnostic_manager::emit_saved_diagnostic): Use the above to
|
||
guard the printing of the duplicate count.
|
||
|
||
2020-03-02 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93959
|
||
* analyzer.cc (is_std_function_p): New function.
|
||
(is_std_named_call_p): New functions.
|
||
* analyzer.h (is_std_named_call_p): New decl.
|
||
* sm-malloc.cc (malloc_state_machine::on_stmt): Check for "std::"
|
||
variants when checking for malloc, calloc and free.
|
||
|
||
2020-02-26 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93950
|
||
* diagnostic-manager.cc
|
||
(diagnostic_manager::prune_for_sm_diagnostic): Assert that var is
|
||
either NULL or not a constant. When updating var, bulletproof
|
||
against constant values.
|
||
|
||
2020-02-26 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93947
|
||
* region-model.cc (region_model::get_fndecl_for_call): Gracefully
|
||
fail for fn_decls that don't have a cgraph_node.
|
||
|
||
2020-02-26 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* bar-chart.cc: New file.
|
||
* bar-chart.h: New file.
|
||
* engine.cc: Include "analyzer/bar-chart.h".
|
||
(stats::log): Only log the m_num_nodes kinds that are non-zero.
|
||
(stats::dump): Likewise when dumping.
|
||
(stats::get_total_enodes): New.
|
||
(exploded_graph::get_or_create_node): Increment the per-point-data
|
||
m_excess_enodes when hitting the per-program-point limit on
|
||
enodes.
|
||
(exploded_graph::print_bar_charts): New.
|
||
(exploded_graph::log_stats): Log the number of unprocessed enodes
|
||
in the worklist. Call print_bar_charts.
|
||
(exploded_graph::dump_stats): Print the number of unprocessed
|
||
enodes in the worklist.
|
||
* exploded-graph.h (stats::get_total_enodes): New decl.
|
||
(struct per_program_point_data): Add field m_excess_enodes.
|
||
(exploded_graph::print_bar_charts): New decl.
|
||
* supergraph.cc (superedge::dump): New.
|
||
(superedge::dump): New.
|
||
* supergraph.h (supernode::get_function): New.
|
||
(superedge::dump): New decl.
|
||
(superedge::dump): New decl.
|
||
|
||
2020-02-24 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* engine.cc (exploded_graph::get_or_create_node): Dump the
|
||
program_state to the pp, rather than to stderr.
|
||
|
||
2020-02-24 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93032
|
||
* sm.cc (make_checkers): Require the "taint" checker to be
|
||
explicitly enabled.
|
||
|
||
2020-02-24 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93899
|
||
* engine.cc
|
||
(impl_region_model_context::impl_region_model_context): Add logger
|
||
param.
|
||
* engine.cc (exploded_graph::add_function_entry): Create an
|
||
impl_region_model_context and pass it to the push_frame call.
|
||
Bail if the resulting state is invalid.
|
||
(exploded_graph::build_initial_worklist): Likewise.
|
||
(exploded_graph::build_initial_worklist): Handle the case where
|
||
add_function_entry fails.
|
||
* exploded-graph.h
|
||
(impl_region_model_context::impl_region_model_context): Add logger
|
||
param.
|
||
* region-model.cc (map_region::get_or_create): Add ctxt param and
|
||
pass it to add_region_for_type.
|
||
(map_region::can_merge_p): Pass NULL as a ctxt to call to
|
||
get_or_create.
|
||
(array_region::get_element): Pass ctxt to call to get_or_create.
|
||
(array_region::get_or_create): Add ctxt param and pass it to
|
||
add_region_for_type.
|
||
(root_region::push_frame): Pass ctxt to get_or_create calls.
|
||
(region_model::get_lvalue_1): Likewise.
|
||
(region_model::make_region_for_unexpected_tree_code): Assert that
|
||
ctxt is non-NULL.
|
||
(region_model::get_rvalue_1): Pass ctxt to get_svalue_for_fndecl
|
||
and get_svalue_for_label calls.
|
||
(region_model::get_svalue_for_fndecl): Add ctxt param and pass it
|
||
to get_region_for_fndecl.
|
||
(region_model::get_region_for_fndecl): Add ctxt param and pass it
|
||
to get_or_create.
|
||
(region_model::get_svalue_for_label): Add ctxt param and pass it
|
||
to get_region_for_label.
|
||
(region_model::get_region_for_label): Add ctxt param and pass it
|
||
to get_region_for_fndecl and get_or_create.
|
||
(region_model::get_field_region): Add ctxt param and pass it to
|
||
get_or_create_view and get_or_create.
|
||
(make_region_for_type): Replace gcc_unreachable with return NULL.
|
||
(region_model::add_region_for_type): Add ctxt param. Handle a
|
||
return of NULL from make_region_for_type by calling
|
||
make_region_for_unexpected_tree_code.
|
||
(region_model::get_or_create_mem_ref): Pass ctxt to calls to
|
||
get_or_create_view.
|
||
(region_model::get_or_create_view): Add ctxt param and pass it to
|
||
add_region_for_type.
|
||
(selftest::test_state_merging): Pass ctxt to get_or_create_view.
|
||
* region-model.h (region_model::get_or_create): Add ctxt param.
|
||
(region_model::add_region_for_type): Likewise.
|
||
(region_model::get_svalue_for_fndecl): Likewise.
|
||
(region_model::get_svalue_for_label): Likewise.
|
||
(region_model::get_region_for_fndecl): Likewise.
|
||
(region_model::get_region_for_label): Likewise.
|
||
(region_model::get_field_region): Likewise.
|
||
(region_model::get_or_create_view): Likewise.
|
||
|
||
2020-02-24 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* checker-path.cc (superedge_event::should_filter_p): Update
|
||
filter for empty descriptions to cover verbosity level 3 as well
|
||
as 2.
|
||
* diagnostic-manager.cc: Include "analyzer/reachability.h".
|
||
(class path_builder): New class.
|
||
(diagnostic_manager::emit_saved_diagnostic): Create a path_builder
|
||
and pass it to build_emission_path, rather passing eg; similarly
|
||
for add_events_for_eedge and ext_state.
|
||
(diagnostic_manager::build_emission_path): Replace "eg" param
|
||
with a path_builder, pass it to add_events_for_eedge.
|
||
(diagnostic_manager::add_events_for_eedge): Replace ext_state
|
||
param with path_builder; pass it to add_events_for_superedge.
|
||
(diagnostic_manager::significant_edge_p): New.
|
||
(diagnostic_manager::add_events_for_superedge): Add path_builder
|
||
param. Reject insignificant edges at verbosity levels below 3.
|
||
(diagnostic_manager::prune_for_sm_diagnostic): Update highest
|
||
verbosity level to 4.
|
||
* diagnostic-manager.h (class path_builder): New forward decl.
|
||
(diagnostic_manager::build_emission_path): Replace "eg" param
|
||
with a path_builder.
|
||
(diagnostic_manager::add_events_for_eedge): Replace ext_state
|
||
param with path_builder.
|
||
(diagnostic_manager::significant_edge_p): New.
|
||
(diagnostic_manager::add_events_for_superedge): Add path_builder
|
||
param.
|
||
* reachability.h: New file.
|
||
|
||
2020-02-18 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93692
|
||
* analyzer.opt (fdump-analyzer-callgraph): Rewrite description.
|
||
|
||
2020-02-18 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93777
|
||
* region-model.cc (region_model::maybe_cast_1): Replace assertion
|
||
that build_cast returns non-NULL with a conditional, falling
|
||
through to the logic which returns a new unknown value of the
|
||
desired type if it fails.
|
||
|
||
2020-02-18 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93778
|
||
* engine.cc (impl_region_model_context::on_unknown_tree_code):
|
||
Rename to...
|
||
(impl_region_model_context::on_unexpected_tree_code): ...this and
|
||
convert first argument from path_var to tree.
|
||
(exploded_node::on_stmt): Pass ctxt to purge_for_unknown_fncall.
|
||
* exploded-graph.h (region_model_context::on_unknown_tree_code):
|
||
Rename to...
|
||
(region_model_context::on_unexpected_tree_code): ...this and
|
||
convert first argument from path_var to tree.
|
||
* program-state.cc (sm_state_map::purge_for_unknown_fncall): Add
|
||
ctxt param and pass on to calls to get_rvalue.
|
||
* program-state.h (sm_state_map::purge_for_unknown_fncall): Add
|
||
ctxt param.
|
||
* region-model.cc (region_model::handle_unrecognized_call): Pass
|
||
ctxt on to call to get_rvalue.
|
||
(region_model::get_lvalue_1): Move body of default case to
|
||
region_model::make_region_for_unexpected_tree_code and call it.
|
||
Within COMPONENT_REF case, reject attempts to handle types other
|
||
than RECORD_TYPE and UNION_TYPE.
|
||
(region_model::make_region_for_unexpected_tree_code): New
|
||
function, based on default case of region_model::get_lvalue_1.
|
||
* region-model.h
|
||
(region_model::make_region_for_unexpected_tree_code): New decl.
|
||
(region_model::on_unknown_tree_code): Rename to...
|
||
(region_model::on_unexpected_tree_code): ...this and convert first
|
||
argument from path_var to tree.
|
||
(class test_region_model_context): Update vfunc implementation for
|
||
above change.
|
||
|
||
2020-02-18 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93774
|
||
* region-model.cc
|
||
(region_model::convert_byte_offset_to_array_index): Use
|
||
int_size_in_bytes before calling size_in_bytes, to gracefully fail
|
||
on incomplete types.
|
||
|
||
2020-02-17 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93775
|
||
* region-model.cc (region_model::get_fndecl_for_call): Handle the
|
||
case where the code_region's get_tree_for_child_region returns
|
||
NULL.
|
||
|
||
2020-02-17 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93388
|
||
* engine.cc (impl_region_model_context::on_unknown_tree_code):
|
||
New.
|
||
(exploded_graph::get_or_create_node): Reject invalid states.
|
||
* exploded-graph.h
|
||
(impl_region_model_context::on_unknown_tree_code): New decl.
|
||
(point_and_state::point_and_state): Assert that the state is
|
||
valid.
|
||
* program-state.cc (program_state::program_state): Initialize
|
||
m_valid to true.
|
||
(program_state::operator=): Copy m_valid.
|
||
(program_state::program_state): Likewise for move constructor.
|
||
(program_state::print): Print m_valid.
|
||
(program_state::dump_to_pp): Likewise.
|
||
* program-state.h (program_state::m_valid): New field.
|
||
* region-model.cc (region_model::get_lvalue_1): Implement the
|
||
default case by returning a new symbolic region and calling
|
||
the context's on_unknown_tree_code, rather than issuing an
|
||
internal_error. Implement VIEW_CONVERT_EXPR.
|
||
* region-model.h (region_model_context::on_unknown_tree_code): New
|
||
vfunc.
|
||
(test_region_model_context::on_unknown_tree_code): New.
|
||
|
||
2020-02-17 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* sm-malloc.cc (malloc_diagnostic::describe_state_change): For
|
||
transition to the "null" state, only say "assuming" when
|
||
transitioning from the "unchecked" state.
|
||
|
||
2020-02-17 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* diagnostic-manager.h (diagnostic_manager::get_saved_diagnostic):
|
||
Add const overload.
|
||
* engine.cc (exploded_node::dump_dot): Dump saved_diagnostics.
|
||
* exploded-graph.h (exploded_graph::get_diagnostic_manager): Add
|
||
const overload.
|
||
|
||
2020-02-11 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93288
|
||
* analysis-plan.cc (analysis_plan::use_summary_p): Look through
|
||
the ultimate_alias_target when getting the called function.
|
||
* engine.cc (exploded_node::on_stmt): Rename second "ctxt" to
|
||
"sm_ctxt". Use the region_model's get_fndecl_for_call rather than
|
||
gimple_call_fndecl.
|
||
* region-model.cc (region_model::get_fndecl_for_call): Use
|
||
ultimate_alias_target on fndecl.
|
||
* supergraph.cc (get_ultimate_function_for_cgraph_edge): New
|
||
function.
|
||
(supergraph_call_edge): Use it when rejecting edges without
|
||
functions.
|
||
(supergraph::supergraph): Use it to get the function for the
|
||
cgraph_edge when building interprocedural superedges.
|
||
(callgraph_superedge::get_callee_function): Use it.
|
||
* supergraph.h (supergraph::get_num_snodes): Make param const.
|
||
(supergraph::function_to_num_snodes_t): Make first type param
|
||
const.
|
||
|
||
2020-02-11 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93374
|
||
* engine.cc (exploded_edge::exploded_edge): Add ext_state param
|
||
and pass it to change.validate.
|
||
(exploded_graph::get_or_create_node): Move purging of change
|
||
svalues to also cover the case of reusing an existing enode.
|
||
(exploded_graph::add_edge): Pass m_ext_state to exploded_edge's
|
||
ctor.
|
||
* exploded-graph.h (exploded_edge::exploded_edge): Add ext_state
|
||
param.
|
||
* program-state.cc (state_change::sm_change::validate): Likewise.
|
||
Assert that m_sm_idx is sane. Use ext_state to validate
|
||
m_old_state and m_new_state.
|
||
(state_change::validate): Add ext_state param and pass it to
|
||
the sm_change validate calls.
|
||
* program-state.h (state_change::sm_change::validate): Add
|
||
ext_state param.
|
||
(state_change::validate): Likewise.
|
||
|
||
2020-02-11 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93669
|
||
* engine.cc (exploded_graph::dump_exploded_nodes): Handle missing
|
||
case of STATUS_WORKLIST in implementation of
|
||
"__analyzer_dump_exploded_nodes".
|
||
|
||
2020-02-11 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93649
|
||
* constraint-manager.cc (constraint_manager::add_constraint): When
|
||
merging equivalence classes and updating m_constant, also update
|
||
m_cst_sid.
|
||
(constraint_manager::validate): If m_constant is non-NULL assert
|
||
that m_cst_sid is non-null and is valid.
|
||
|
||
2020-02-11 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93657
|
||
* analyzer.opt (fdump-analyzer): Reword description.
|
||
(fdump-analyzer-stderr): Likewise.
|
||
|
||
2020-02-11 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* region-model.cc (print_quoted_type): New function.
|
||
(svalue::print): Use it to replace %qT.
|
||
(region::dump_to_pp): Likewise.
|
||
(region::dump_child_label): Likewise.
|
||
(region::print_fields): Likewise.
|
||
|
||
2020-02-10 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93659
|
||
* analyzer.opt (-param=analyzer-max-recursion-depth=): Fix "tha"
|
||
-> "that" typo.
|
||
(Wanalyzer-use-of-uninitialized-value): Fix "initialized" ->
|
||
"uninitialized" typo.
|
||
|
||
2020-02-10 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93350
|
||
* region-model.cc (region_model::get_lvalue_1):
|
||
Handle BIT_FIELD_REF.
|
||
(make_region_for_type): Handle VECTOR_TYPE.
|
||
|
||
2020-02-10 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93647
|
||
* diagnostic-manager.cc
|
||
(diagnostic_manager::prune_for_sm_diagnostic): Bulletproof against
|
||
VAR being constant.
|
||
* region-model.cc (region_model::get_lvalue_1): Provide a better
|
||
error message when encountering an unhandled tree code.
|
||
|
||
2020-02-10 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93405
|
||
* region-model.cc (region_model::get_lvalue_1): Implement
|
||
CONST_DECL.
|
||
|
||
2020-02-06 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* region-model.cc (region_model::maybe_cast_1): Attempt to provide
|
||
a region_svalue if either type is a pointer, rather than if both
|
||
types are pointers.
|
||
|
||
2020-02-05 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* engine.cc (exploded_node::dump_dot): Show merger enodes.
|
||
(worklist::add_node): Assert that the node's m_status is
|
||
STATUS_WORKLIST.
|
||
(exploded_graph::process_worklist): Likewise for nodes from the
|
||
worklist. Set status of merged nodes to STATUS_MERGER.
|
||
(exploded_graph::process_node): Set status of node to
|
||
STATUS_PROCESSED.
|
||
(exploded_graph::dump_exploded_nodes): Rework handling of
|
||
"__analyzer_dump_exploded_nodes", splitting enodes by status into
|
||
"processed" and "merger", showing the count of just the processed
|
||
enodes at the call, rather than the count of all enodes.
|
||
* exploded-graph.h (exploded_node::status): New enum.
|
||
(exploded_node::exploded_node): Initialize m_status to
|
||
STATUS_WORKLIST.
|
||
(exploded_node::get_status): New getter.
|
||
(exploded_node::set_status): New setter.
|
||
|
||
2020-02-04 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93543
|
||
* engine.cc (pod_hash_traits<function_call_string>::mark_empty):
|
||
Eliminate reinterpret_cast.
|
||
(pod_hash_traits<function_call_string>::is_empty): Likewise.
|
||
|
||
2020-02-03 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* constraint-manager.cc (range::constrained_to_single_element):
|
||
Replace fold_build2 with fold_binary. Remove unnecessary newline.
|
||
(constraint_manager::get_or_add_equiv_class): Replace fold_build2
|
||
with fold_binary in two places, and remove out-of-date comment.
|
||
(constraint_manager::eval_condition): Replace fold_build2 with
|
||
fold_binary.
|
||
* region-model.cc (constant_svalue::eval_condition): Likewise.
|
||
(region_model::on_assignment): Likewise.
|
||
|
||
2020-02-03 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93544
|
||
* diagnostic-manager.cc
|
||
(diagnostic_manager::prune_for_sm_diagnostic): Bulletproof
|
||
against bad choices due to bad paths.
|
||
* engine.cc (impl_region_model_context::on_phi): New.
|
||
* exploded-graph.h (impl_region_model_context::on_phi): New decl.
|
||
* region-model.cc (region_model::on_longjmp): Likewise.
|
||
(region_model::handle_phi): Add phi param. Call the ctxt's on_phi
|
||
vfunc.
|
||
(region_model::update_for_phis): Pass phi to handle_phi.
|
||
* region-model.h (region_model::handle_phi): Add phi param.
|
||
(region_model_context::on_phi): New vfunc.
|
||
(test_region_model_context::on_phi): New.
|
||
* sm-malloc.cc (malloc_state_machine::on_phi): New.
|
||
(malloc_state_machine::on_zero_assignment): New.
|
||
* sm.h (state_machine::on_phi): New vfunc.
|
||
|
||
2020-02-03 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* engine.cc (supernode_cluster::dump_dot): Show BB index as
|
||
well as SN index.
|
||
* supergraph.cc (supernode::dump_dot): Likewise.
|
||
|
||
2020-02-03 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93546
|
||
* region-model.cc (region_model::on_call_pre): Update for new
|
||
param of symbolic_region ctor.
|
||
(region_model::deref_rvalue): Likewise.
|
||
(region_model::add_new_malloc_region): Likewise.
|
||
(make_region_for_type): Likewise, preserving type.
|
||
* region-model.h (symbolic_region::symbolic_region): Add "type"
|
||
param and pass it to base class ctor.
|
||
|
||
2020-02-03 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93547
|
||
* constraint-manager.cc
|
||
(constraint_manager::get_or_add_equiv_class): Ensure types are
|
||
compatible before comparing constants.
|
||
|
||
2020-01-31 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93457
|
||
* region-model.cc (make_region_for_type): Use VOID_TYPE_P rather
|
||
than checking against void_type_node.
|
||
|
||
2020-01-31 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93373
|
||
* region-model.cc (ASSERT_COMPAT_TYPES): Convert to...
|
||
(assert_compat_types): ...this, and bail when either type is NULL,
|
||
or when VOID_TYPE_P (dst_type).
|
||
(region_model::get_lvalue): Update for above conversion.
|
||
(region_model::get_rvalue): Likewise.
|
||
|
||
2020-01-31 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93379
|
||
* region-model.cc (region_model::update_for_return_superedge):
|
||
Move check for null result so that it also guards setting the
|
||
lhs.
|
||
|
||
2020-01-31 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93438
|
||
* region-model.cc (stack_region::can_merge_p): Split into a two
|
||
pass approach, creating all stack regions first, then populating
|
||
them.
|
||
(selftest::test_state_merging): Add test coverage for (a) the case
|
||
of self-merging a model in which a local in an older stack frame
|
||
points to a local in a more recent stack frame (which previously
|
||
would ICE), and (b) the case of self-merging a model in which a
|
||
local points to a global (which previously worked OK).
|
||
|
||
2020-01-31 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* analyzer.cc (is_named_call_p): Replace tests for fndecl being
|
||
extern at file scope and having a non-NULL DECL_NAME with a call
|
||
to maybe_special_function_p.
|
||
* function-set.cc (function_set::contains_decl_p): Add call to
|
||
maybe_special_function_p.
|
||
|
||
2020-01-31 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93450
|
||
* constraint-manager.cc
|
||
(constraint_manager::get_or_add_equiv_class): Only compare constants
|
||
if their types are compatible.
|
||
* region-model.cc (constant_svalue::eval_condition): Replace check
|
||
for identical types with call to types_compatible_p.
|
||
|
||
2020-01-30 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* program-state.cc (extrinsic_state::dump_to_pp): New.
|
||
(extrinsic_state::dump_to_file): New.
|
||
(extrinsic_state::dump): New.
|
||
* program-state.h (extrinsic_state::dump_to_pp): New decl.
|
||
(extrinsic_state::dump_to_file): New decl.
|
||
(extrinsic_state::dump): New decl.
|
||
* sm.cc: Include "pretty-print.h".
|
||
(state_machine::dump_to_pp): New.
|
||
* sm.h (state_machine::dump_to_pp): New decl.
|
||
|
||
2020-01-30 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* diagnostic-manager.cc (for_each_state_change): Use
|
||
extrinsic_state::get_num_checkers rather than accessing m_checkers
|
||
directly.
|
||
* program-state.cc (program_state::program_state): Likewise.
|
||
* program-state.h (extrinsic_state::m_checkers): Make private.
|
||
|
||
2020-01-30 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93356
|
||
* region-model.cc (region_model::eval_condition): In both
|
||
overloads, bail out immediately on floating-point types.
|
||
(region_model::eval_condition_without_cm): Likewise.
|
||
(region_model::add_constraint): Likewise.
|
||
|
||
2020-01-30 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93450
|
||
* program-state.cc (sm_state_map::set_state): For the overload
|
||
taking an svalue_id, bail out if the set_state on the ec does
|
||
nothing. Convert the latter's return type from void to bool,
|
||
returning true if anything changed.
|
||
(sm_state_map::impl_set_state): Convert the return type from void
|
||
to bool, returning true if the state changed.
|
||
* program-state.h (sm_state_map::set_state): Convert return type
|
||
from void to bool.
|
||
(sm_state_map::impl_set_state): Likewise.
|
||
* region-model.cc (constant_svalue::eval_condition): Only call
|
||
fold_build2 if the types are the same.
|
||
|
||
2020-01-29 Jakub Jelinek <jakub@redhat.com>
|
||
|
||
* analyzer.h (PUSH_IGNORE_WFORMAT, POP_IGNORE_WFORMAT): Remove.
|
||
* constraint-manager.cc: Include diagnostic-core.h before graphviz.h.
|
||
(range::dump, equiv_class::print): Don't use PUSH_IGNORE_WFORMAT or
|
||
POP_IGNORE_WFORMAT.
|
||
* state-purge.cc: Include diagnostic-core.h before
|
||
gimple-pretty-print.h.
|
||
(state_purge_annotator::add_node_annotations, print_vec_of_names):
|
||
Don't use PUSH_IGNORE_WFORMAT or POP_IGNORE_WFORMAT.
|
||
* region-model.cc: Move diagnostic-core.h include before graphviz.h.
|
||
(path_var::dump, svalue::print, constant_svalue::print_details,
|
||
region::dump_to_pp, region::dump_child_label, region::print_fields,
|
||
map_region::print_fields, map_region::dump_dot_to_pp,
|
||
map_region::dump_child_label, array_region::print_fields,
|
||
array_region::dump_dot_to_pp): Don't use PUSH_IGNORE_WFORMAT or
|
||
POP_IGNORE_WFORMAT.
|
||
|
||
2020-01-28 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93316
|
||
* engine.cc (rewind_info_t::update_model): Get the longjmp call
|
||
stmt via get_longjmp_call () rather than assuming it is the last
|
||
stmt in the longjmp's supernode.
|
||
(rewind_info_t::add_events_to_path): Get the location_t for the
|
||
rewind_from_longjmp_event via get_longjmp_call () rather than from
|
||
the supernode's get_end_location ().
|
||
|
||
2020-01-28 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* region-model.cc (poisoned_value_diagnostic::emit): Update for
|
||
renaming of warning_at overload to warning_meta.
|
||
* sm-file.cc (file_leak::emit): Likewise.
|
||
* sm-malloc.cc (double_free::emit): Likewise.
|
||
(possible_null_deref::emit): Likewise.
|
||
(possible_null_arg::emit): Likewise.
|
||
(null_deref::emit): Likewise.
|
||
(null_arg::emit): Likewise.
|
||
(use_after_free::emit): Likewise.
|
||
(malloc_leak::emit): Likewise.
|
||
(free_of_non_heap::emit): Likewise.
|
||
* sm-sensitive.cc (exposure_through_output_file::emit): Likewise.
|
||
* sm-signal.cc (signal_unsafe_call::emit): Likewise.
|
||
* sm-taint.cc (tainted_array_index::emit): Likewise.
|
||
|
||
2020-01-27 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93451
|
||
* region-model.cc (tree_cmp): For the REAL_CST case, impose an
|
||
arbitrary order on NaNs relative to other NaNs and to non-NaNs;
|
||
const-correctness tweak.
|
||
(ana::selftests::build_real_cst_from_string): New function.
|
||
(ana::selftests::append_interesting_constants): New function.
|
||
(ana::selftests::test_tree_cmp_on_constants): New test.
|
||
(ana::selftests::test_canonicalization_4): New test.
|
||
(ana::selftests::analyzer_region_model_cc_tests): Call the new
|
||
tests.
|
||
|
||
2020-01-27 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93349
|
||
* engine.cc (run_checkers): Save and restore input_location.
|
||
|
||
2020-01-27 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* call-string.cc (call_string::cmp_1): Delete, moving body to...
|
||
(call_string::cmp): ...here.
|
||
* call-string.h (call_string::cmp_1): Delete decl.
|
||
* engine.cc (worklist::key_t::cmp_1): Delete, moving body to...
|
||
(worklist::key_t::cmp): ...here. Implement hash comparisons
|
||
via comparison rather than subtraction to avoid overflow issues.
|
||
* exploded-graph.h (worklist::key_t::cmp_1): Delete decl.
|
||
* region-model.cc (tree_cmp): Eliminate buggy checking for
|
||
symmetry.
|
||
|
||
2020-01-27 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* analyzer.cc (is_named_call_p): Check that fndecl is "extern"
|
||
and at file scope. Potentially disregard prefix _ or __ in
|
||
fndecl's name. Bail if the identifier is NULL.
|
||
(is_setjmp_call_p): Expect a gcall rather than plain gimple.
|
||
Remove special-case check for leading prefix, and also check for
|
||
sigsetjmp.
|
||
(is_longjmp_call_p): Also check for siglongjmp.
|
||
(get_user_facing_name): New function.
|
||
* analyzer.h (is_setjmp_call_p): Expect a gcall rather than plain
|
||
gimple.
|
||
(get_user_facing_name): New decl.
|
||
* checker-path.cc (setjmp_event::get_desc): Use
|
||
get_user_facing_name to avoid hardcoding the function name.
|
||
(rewind_event::rewind_event): Add rewind_info param, using it to
|
||
initialize new m_rewind_info field, and strengthen the assertion.
|
||
(rewind_from_longjmp_event::get_desc): Use get_user_facing_name to
|
||
avoid hardcoding the function name.
|
||
(rewind_to_setjmp_event::get_desc): Likewise.
|
||
* checker-path.h (setjmp_event::setjmp_event): Add setjmp_call
|
||
param and use it to initialize...
|
||
(setjmp_event::m_setjmp_call): New field.
|
||
(rewind_event::rewind_event): Add rewind_info param.
|
||
(rewind_event::m_rewind_info): New protected field.
|
||
(rewind_from_longjmp_event::rewind_from_longjmp_event): Add
|
||
rewind_info param.
|
||
(class rewind_to_setjmp_event): Move rewind_info field to parent
|
||
class.
|
||
* diagnostic-manager.cc (diagnostic_manager::add_events_for_eedge):
|
||
Update setjmp-handling for is_setjmp_call_p requiring a gcall;
|
||
pass the call to the new setjmp_event.
|
||
* engine.cc (exploded_node::on_stmt): Update for is_setjmp_call_p
|
||
requiring a gcall.
|
||
(stale_jmp_buf::emit): Use get_user_facing_name to avoid
|
||
hardcoding the function names.
|
||
(exploded_node::on_longjmp): Pass the longjmp_call when
|
||
constructing rewind_info.
|
||
(rewind_info_t::add_events_to_path): Pass the rewind_info_t to the
|
||
rewind_from_longjmp_event's ctor.
|
||
* exploded-graph.h (rewind_info_t::rewind_info_t): Add
|
||
longjmp_call param.
|
||
(rewind_info_t::get_longjmp_call): New.
|
||
(rewind_info_t::m_longjmp_call): New.
|
||
* region-model.cc (region_model::on_setjmp): Update comment to
|
||
indicate this is also for sigsetjmp.
|
||
* region-model.h (struct setjmp_record): Likewise.
|
||
(class setjmp_svalue): Likewise.
|
||
|
||
2020-01-27 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93276
|
||
* analyzer.h (PUSH_IGNORE_WFORMAT, POP_IGNORE_WFORMAT): Guard these
|
||
macros with GCC_VERSION >= 4006, making them no-op otherwise.
|
||
* engine.cc (exploded_edge::exploded_edge): Specify template for
|
||
base class initializer.
|
||
(exploded_graph::add_edge): Specify template when chaining up to
|
||
base class add_edge implementation.
|
||
(viz_callgraph_node::dump_dot): Drop redundant "typename".
|
||
(viz_callgraph_edge::viz_callgraph_edge): Specify template for
|
||
base class initializer.
|
||
* program-state.cc (sm_state_map::clone_with_remapping): Drop
|
||
redundant "typename".
|
||
(sm_state_map::print): Likewise.
|
||
(sm_state_map::hash): Likewise.
|
||
(sm_state_map::operator==): Likewise.
|
||
(sm_state_map::remap_svalue_ids): Likewise.
|
||
(sm_state_map::on_svalue_purge): Likewise.
|
||
(sm_state_map::validate): Likewise.
|
||
* program-state.h (sm_state_map::iterator_t): Likewise.
|
||
* supergraph.h (superedge::superedge): Specify template for base
|
||
class initializer.
|
||
|
||
2020-01-23 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93375
|
||
* supergraph.cc (callgraph_superedge::get_arg_for_parm): Fail
|
||
gracefully is the number of parameters at the callee exceeds the
|
||
number of arguments at the call stmt.
|
||
(callgraph_superedge::get_parm_for_arg): Likewise.
|
||
|
||
2020-01-22 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93382
|
||
* program-state.cc (sm_state_map::on_svalue_purge): If the
|
||
entry survives, but the origin is being purged, then reset the
|
||
origin to null.
|
||
|
||
2020-01-22 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* sm-signal.cc: Fix nesting of CHECKING_P and namespace ana.
|
||
|
||
2020-01-22 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93378
|
||
* engine.cc (setjmp_svalue::compare_fields): Update for
|
||
replacement of m_enode with m_setjmp_record.
|
||
(setjmp_svalue::add_to_hash): Likewise.
|
||
(setjmp_svalue::get_index): Rename...
|
||
(setjmp_svalue::get_enode_index): ...to this.
|
||
(setjmp_svalue::print_details): Update for replacement of m_enode
|
||
with m_setjmp_record.
|
||
(exploded_node::on_longjmp): Likewise.
|
||
* exploded-graph.h (rewind_info_t::m_enode_origin): Replace...
|
||
(rewind_info_t::m_setjmp_record): ...with this.
|
||
(rewind_info_t::rewind_info_t): Update for replacement of m_enode
|
||
with m_setjmp_record.
|
||
(rewind_info_t::get_setjmp_point): Likewise.
|
||
(rewind_info_t::get_setjmp_call): Likewise.
|
||
* region-model.cc (region_model::dump_summary_of_map): Likewise.
|
||
(region_model::on_setjmp): Likewise.
|
||
* region-model.h (struct setjmp_record): New struct.
|
||
(setjmp_svalue::m_enode): Replace...
|
||
(setjmp_svalue::m_setjmp_record): ...with this.
|
||
(setjmp_svalue::setjmp_svalue): Update for replacement of m_enode
|
||
with m_setjmp_record.
|
||
(setjmp_svalue::clone): Likewise.
|
||
(setjmp_svalue::get_index): Rename...
|
||
(setjmp_svalue::get_enode_index): ...to this.
|
||
(setjmp_svalue::get_exploded_node): Replace...
|
||
(setjmp_svalue::get_setjmp_record): ...with this.
|
||
|
||
2020-01-22 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93316
|
||
* analyzer.cc (is_setjmp_call_p): Check for "setjmp" as well as
|
||
"_setjmp".
|
||
|
||
2020-01-22 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93307
|
||
* analysis-plan.h: Wrap everything namespace "ana".
|
||
* analyzer-logging.cc: Likewise.
|
||
* analyzer-logging.h: Likewise.
|
||
* analyzer-pass.cc (pass_analyzer::execute): Update for "ana"
|
||
namespace.
|
||
* analyzer-selftests.cc: Wrap everything namespace "ana".
|
||
* analyzer-selftests.h: Likewise.
|
||
* analyzer.h: Likewise for forward decls of types.
|
||
* call-string.h: Likewise.
|
||
* checker-path.cc: Likewise.
|
||
* checker-path.h: Likewise.
|
||
* constraint-manager.cc: Likewise.
|
||
* constraint-manager.h: Likewise.
|
||
* diagnostic-manager.cc: Likewise.
|
||
* diagnostic-manager.h: Likewise.
|
||
* engine.cc: Likewise.
|
||
* engine.h: Likewise.
|
||
* exploded-graph.h: Likewise.
|
||
* function-set.cc: Likewise.
|
||
* function-set.h: Likewise.
|
||
* pending-diagnostic.cc: Likewise.
|
||
* pending-diagnostic.h: Likewise.
|
||
* program-point.cc: Likewise.
|
||
* program-point.h: Likewise.
|
||
* program-state.cc: Likewise.
|
||
* program-state.h: Likewise.
|
||
* region-model.cc: Likewise.
|
||
* region-model.h: Likewise.
|
||
* sm-file.cc: Likewise.
|
||
* sm-malloc.cc: Likewise.
|
||
* sm-pattern-test.cc: Likewise.
|
||
* sm-sensitive.cc: Likewise.
|
||
* sm-signal.cc: Likewise.
|
||
* sm-taint.cc: Likewise.
|
||
* sm.cc: Likewise.
|
||
* sm.h: Likewise.
|
||
* state-purge.h: Likewise.
|
||
* supergraph.cc: Likewise.
|
||
* supergraph.h: Likewise.
|
||
|
||
2020-01-21 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93352
|
||
* region-model.cc (int_cmp): Rename to...
|
||
(array_region::key_cmp): ...this, using key_t rather than int.
|
||
Rewrite in terms of comparisons rather than subtraction to
|
||
ensure qsort is anti-symmetric when handling extreme values.
|
||
(array_region::walk_for_canonicalization): Update for above
|
||
renaming.
|
||
* region-model.h (array_region::key_cmp): New decl.
|
||
|
||
2020-01-17 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93290
|
||
* region-model.cc (region_model::eval_condition_without_cm): Avoid
|
||
gcc_unreachable for unexpected operations for the case where
|
||
we're comparing an svalue against itself.
|
||
|
||
2020-01-17 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93281
|
||
* region-model.cc
|
||
(region_model::convert_byte_offset_to_array_index): Convert to
|
||
ssizetype before dividing by byte_size. Use fold_binary rather
|
||
than fold_build2 to avoid needlessly constructing a tree for the
|
||
non-const case.
|
||
|
||
2020-01-15 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* engine.cc (class impl_region_model_context): Fix comment.
|
||
|
||
2020-01-14 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/93212
|
||
* region-model.cc (make_region_for_type): Use
|
||
FUNC_OR_METHOD_TYPE_P rather than comparing against FUNCTION_TYPE.
|
||
* region-model.h (function_region::function_region): Likewise.
|
||
|
||
2020-01-14 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* program-state.cc (sm_state_map::clone_with_remapping): Copy
|
||
m_global_state.
|
||
(selftest::test_program_state_merging_2): New selftest.
|
||
(selftest::analyzer_program_state_cc_tests): Call it.
|
||
|
||
2020-01-14 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* checker-path.h (checker_path::get_checker_event): New function.
|
||
(checker_path): Add DISABLE_COPY_AND_ASSIGN; make fields private.
|
||
* diagnostic-manager.cc
|
||
(diagnostic_manager::prune_for_sm_diagnostic): Replace direct
|
||
access to checker_path::m_events with accessor functions. Fix
|
||
overlong line.
|
||
(diagnostic_manager::prune_interproc_events): Replace direct
|
||
access to checker_path::m_events with accessor functions.
|
||
(diagnostic_manager::finish_pruning): Likewise.
|
||
|
||
2020-01-14 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* checker-path.h (checker_event::clone): Delete vfunc decl.
|
||
(debug_event::clone): Delete vfunc impl.
|
||
(custom_event::clone): Delete vfunc impl.
|
||
(statement_event::clone): Delete vfunc impl.
|
||
(function_entry_event::clone): Delete vfunc impl.
|
||
(state_change_event::clone): Delete vfunc impl.
|
||
(start_cfg_edge_event::clone): Delete vfunc impl.
|
||
(end_cfg_edge_event::clone): Delete vfunc impl.
|
||
(call_event::clone): Delete vfunc impl.
|
||
(return_event::clone): Delete vfunc impl.
|
||
(setjmp_event::clone): Delete vfunc impl.
|
||
(rewind_from_longjmp_event::clone): Delete vfunc impl.
|
||
(rewind_to_setjmp_event::clone): Delete vfunc impl.
|
||
(warning_event::clone): Delete vfunc impl.
|
||
|
||
2020-01-14 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* supergraph.cc (supernode::dump_dot): Ensure that the TABLE
|
||
element has at least one TR.
|
||
|
||
2020-01-14 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/58237
|
||
* engine.cc (leak_stmt_finder::find_stmt): Use get_pure_location
|
||
when comparing against UNKNOWN_LOCATION.
|
||
(stmt_requires_new_enode_p): Likewise.
|
||
(exploded_graph::dump_exploded_nodes): Likewise.
|
||
* supergraph.cc (supernode::get_start_location): Likewise.
|
||
(supernode::get_end_location): Likewise.
|
||
|
||
2020-01-14 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
PR analyzer/58237
|
||
* analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
|
||
selftest::analyzer_sm_file_cc_tests.
|
||
* analyzer-selftests.h (selftest::analyzer_sm_file_cc_tests): New
|
||
decl.
|
||
* sm-file.cc: Include "analyzer/function-set.h" and
|
||
"analyzer/analyzer-selftests.h".
|
||
(get_file_using_fns): New function.
|
||
(is_file_using_fn_p): New function.
|
||
(fileptr_state_machine::on_stmt): Return true for known functions.
|
||
(selftest::analyzer_sm_file_cc_tests): New function.
|
||
|
||
2020-01-14 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
|
||
selftest::analyzer_sm_signal_cc_tests.
|
||
* analyzer-selftests.h (selftest::analyzer_sm_signal_cc_tests):
|
||
New decl.
|
||
* sm-signal.cc: Include "analyzer/function-set.h" and
|
||
"analyzer/analyzer-selftests.h".
|
||
(get_async_signal_unsafe_fns): New function.
|
||
(signal_unsafe_p): Reimplement in terms of the above.
|
||
(selftest::analyzer_sm_signal_cc_tests): New function.
|
||
|
||
2020-01-14 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* analyzer-selftests.cc (selftest::run_analyzer_selftests): Call
|
||
selftest::analyzer_function_set_cc_tests.
|
||
* analyzer-selftests.h (selftest::analyzer_function_set_cc_tests):
|
||
New decl.
|
||
* function-set.cc: New file.
|
||
* function-set.h: New file.
|
||
|
||
2020-01-14 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* analyzer.h (fndecl_has_gimple_body_p): New decl.
|
||
* engine.cc (impl_region_model_context::on_unknown_change): New
|
||
function.
|
||
(fndecl_has_gimple_body_p): Make non-static.
|
||
(exploded_node::on_stmt): Treat __analyzer_dump_exploded_nodes as
|
||
known. Track whether we have a call with unknown side-effects and
|
||
pass it to on_call_post.
|
||
* exploded-graph.h (impl_region_model_context::on_unknown_change):
|
||
New decl.
|
||
* program-state.cc (sm_state_map::on_unknown_change): New function.
|
||
* program-state.h (sm_state_map::on_unknown_change): New decl.
|
||
* region-model.cc: Include "bitmap.h".
|
||
(region_model::on_call_pre): Return a bool, capturing whether the
|
||
call has unknown side effects.
|
||
(region_model::on_call_post): Add arg "bool unknown_side_effects"
|
||
and if true, call handle_unrecognized_call.
|
||
(class reachable_regions): New class.
|
||
(region_model::handle_unrecognized_call): New function.
|
||
* region-model.h (region_model::on_call_pre): Return a bool.
|
||
(region_model::on_call_post): Add arg "bool unknown_side_effects".
|
||
(region_model::handle_unrecognized_call): New decl.
|
||
(region_model_context::on_unknown_change): New vfunc.
|
||
(test_region_model_context::on_unknown_change): New function.
|
||
|
||
2020-01-14 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* diagnostic-manager.cc (saved_diagnostic::operator==): Move here
|
||
from header. Replace pointer equality test on m_var with call to
|
||
pending_diagnostic::same_tree_p.
|
||
* diagnostic-manager.h (saved_diagnostic::operator==): Move to
|
||
diagnostic-manager.cc.
|
||
* pending-diagnostic.cc (pending_diagnostic::same_tree_p): New.
|
||
* pending-diagnostic.h (pending_diagnostic::same_tree_p): New.
|
||
* sm-file.cc (file_diagnostic::subclass_equal_p): Replace pointer
|
||
equality on m_arg with call to pending_diagnostic::same_tree_p.
|
||
* sm-malloc.cc (malloc_diagnostic::subclass_equal_p): Likewise.
|
||
(possible_null_arg::subclass_equal_p): Likewise.
|
||
(null_arg::subclass_equal_p): Likewise.
|
||
(free_of_non_heap::subclass_equal_p): Likewise.
|
||
* sm-pattern-test.cc (pattern_match::operator==): Likewise.
|
||
* sm-sensitive.cc (exposure_through_output_file::operator==):
|
||
Likewise.
|
||
* sm-taint.cc (tainted_array_index::operator==): Likewise.
|
||
|
||
2020-01-14 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* diagnostic-manager.cc (dedupe_winners::add): Add logging
|
||
of deduplication decisions made.
|
||
|
||
2020-01-14 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* ChangeLog: New file.
|
||
* analyzer-selftests.cc: New file.
|
||
* analyzer-selftests.h: New file.
|
||
* analyzer.opt: New file.
|
||
* analysis-plan.cc: New file.
|
||
* analysis-plan.h: New file.
|
||
* analyzer-logging.cc: New file.
|
||
* analyzer-logging.h: New file.
|
||
* analyzer-pass.cc: New file.
|
||
* analyzer.cc: New file.
|
||
* analyzer.h: New file.
|
||
* call-string.cc: New file.
|
||
* call-string.h: New file.
|
||
* checker-path.cc: New file.
|
||
* checker-path.h: New file.
|
||
* constraint-manager.cc: New file.
|
||
* constraint-manager.h: New file.
|
||
* diagnostic-manager.cc: New file.
|
||
* diagnostic-manager.h: New file.
|
||
* engine.cc: New file.
|
||
* engine.h: New file.
|
||
* exploded-graph.h: New file.
|
||
* pending-diagnostic.cc: New file.
|
||
* pending-diagnostic.h: New file.
|
||
* program-point.cc: New file.
|
||
* program-point.h: New file.
|
||
* program-state.cc: New file.
|
||
* program-state.h: New file.
|
||
* region-model.cc: New file.
|
||
* region-model.h: New file.
|
||
* sm-file.cc: New file.
|
||
* sm-malloc.cc: New file.
|
||
* sm-malloc.dot: New file.
|
||
* sm-pattern-test.cc: New file.
|
||
* sm-sensitive.cc: New file.
|
||
* sm-signal.cc: New file.
|
||
* sm-taint.cc: New file.
|
||
* sm.cc: New file.
|
||
* sm.h: New file.
|
||
* state-purge.cc: New file.
|
||
* state-purge.h: New file.
|
||
* supergraph.cc: New file.
|
||
* supergraph.h: New file.
|
||
|
||
2019-12-13 David Malcolm <dmalcolm@redhat.com>
|
||
|
||
* Initial creation
|
||
|
||
|
||
Copyright (C) 2019-2022 Free Software Foundation, Inc.
|
||
|
||
Copying and distribution of this file, with or without modification,
|
||
are permitted in any medium without royalty provided the copyright
|
||
notice and this notice are preserved.
|