Hi David,
On Thu, 13 Aug 2020 at 22:58, David Malcolm via Gcc-patches
<gcc-patches@gcc.gnu.org> wrote:
>
> This large patch reimplements how the analyzer tracks regions and
> values.
>
> Elimination of region_id and svalue_id
> **************************************
>
> The patch eliminates region_id and svalue_id in favor of simply
> using pointers. I'd hoped that the ID classes would make it easier
> to compare states, avoiding having to compare long hexadecimal addresses
> in favor of small integers. Unfortunately it added lots of complexity,
> with the need to remap IDs when comparing or purging states, and the
> need to "canonicalize" when comparing states.
>
> Various "state explosion" bugs in the old implementation were due to
> failures in canonicalization, where two states that ought to be equal
> were non-equal due to differences in ID ordering. I spent a lot of
> time trying to fix canonicalization bugs, and there always seemed to
> be one more bug. By eliminating IDs in this new implementation, lots
> of tricky canonicalization goes away and no ID remapping should be
> needed; almost all of the old validation code becomes redundant.
> There's still some canonicalization in the new implementation, mostly
> in constraint_manager, but much less than before.
>
> Ownership of regions and svalues
> ********************************
>
> In the old implementation, each region_model had its own copies of
> regions and svalues, so there was heap bloat and churn as lots of
> little objects were cloned when copying program_state instances. In the
> new implementation the regions and svalues are immutable and are shared
> thoughout the analysis, rather than being per region_model. They are
> owned by a manager class, and are effectively singletons. Region and
> svalue instances can now be compared by pointer rather than by comparing
> their fields (the manager class takes care of uniqueness).
>
> This is a huge simplification, and (I hope) will avoid lots
> of heap churn as states are copied; all mutable state from regions and
> svalues is now stored in a "store" class in the region_model.
>
> Changes to the meaning of a "region"
> ************************************
>
> Region subclasses no longer represent internal structure, but instead
> represent how the regions are reached. So e.g. a global "struct coord
> c;" is now a decl_region, rather than a struct_region.
>
> In the old implementation, the values for each region were stored in the
> region instances, but in the new implementation the regions are immutable.
> Memory is now modeled in a new "store" class: a mapping from keys to
> svalues, where the keys are both concrete bit-offsets from the start of
> a "base region", and "symbolic" keys (thus hopefully making unions,
> casts, aliasing etc easier to deal with). So e.g. for assignments to
> the fields of a struct, it records the mapping from bit-offsets of e.g.
> field to the values; if that memory is cast to another type and written
> to, the appropriate clobbering of the bound values can happen.
>
> The concept of "what the current stack is" moves from the regions to
> being a field within the region_model ("m_current_frame").
>
> Bugs fixed by this patch
> ************************
>
> PR analyzer/93032 (missing leak diagnostic for zlib/contrib/minizip/mztools.c)
> PR analyzer/93938 (ICE in analyzer)
> PR analyzer/94011 (ICE in analyzer)
> PR analyzer/94099 (ICE in analyzer)
> PR analyzer/94399 (leak false positive with __attribute__((cleanup())))
> PR analyzer/94458 (leak false positive)
> PR analyzer/94503 (ICE on C++ return-value-optimization)
> PR analyzer/94640 (leak false positive)
> PR analyzer/94688 (ICE in analyzer)
> PR analyzer/94689 ("arrays of functions are not meaningful" error)
> PR analyzer/94839 (leak false positive)
> PR analyzer/95026 (leak false positive)
> PR analyzer/95042 (ICE merging const and non-const C++ object instances)
> PR analyzer/95240 (leak false positive)
>
> Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu.
> Pushed to master as 808f4dfeb3a95f50f15e71148e5c1067f90a126d.
>
Some of the new tests fail on arm and aarch64.
On arm:
gcc.dg/analyzer/casts-1.c (test for warnings, line 19)
gcc.dg/analyzer/casts-1.c (test for warnings, line 20)
gcc.dg/analyzer/casts-1.c (test for warnings, line 21)
gcc.dg/analyzer/casts-1.c (test for warnings, line 22)
gcc.dg/analyzer/casts-1.c (test for warnings, line 23)
gcc.dg/analyzer/casts-1.c (test for warnings, line 24)
gcc.dg/analyzer/casts-1.c (test for warnings, line 25)
gcc.dg/analyzer/casts-1.c (test for warnings, line 26)
gcc.dg/analyzer/casts-1.c (test for warnings, line 36)
gcc.dg/analyzer/casts-1.c (test for warnings, line 37)
gcc.dg/analyzer/casts-1.c (test for warnings, line 38)
gcc.dg/analyzer/casts-1.c (test for warnings, line 39)
gcc.dg/analyzer/casts-1.c (test for excess errors)
gcc.dg/analyzer/init.c (test for warnings, line 100)
gcc.dg/analyzer/init.c (test for warnings, line 101)
gcc.dg/analyzer/init.c (test for warnings, line 102)
gcc.dg/analyzer/init.c (test for warnings, line 124)
gcc.dg/analyzer/init.c (test for warnings, line 125)
gcc.dg/analyzer/init.c (test for warnings, line 126)
gcc.dg/analyzer/init.c (test for warnings, line 127)
gcc.dg/analyzer/init.c (test for warnings, line 128)
gcc.dg/analyzer/init.c (test for warnings, line 129)
gcc.dg/analyzer/init.c (test for warnings, line 30)
gcc.dg/analyzer/init.c (test for warnings, line 31)
gcc.dg/analyzer/init.c (test for warnings, line 51)
gcc.dg/analyzer/init.c (test for warnings, line 52)
gcc.dg/analyzer/init.c (test for warnings, line 72)
gcc.dg/analyzer/init.c (test for warnings, line 73)
gcc.dg/analyzer/init.c (test for warnings, line 74)
gcc.dg/analyzer/init.c (test for warnings, line 75)
gcc.dg/analyzer/init.c (test for warnings, line 99)
gcc.dg/analyzer/init.c (test for excess errors)
gcc.dg/analyzer/pr93032-mztools.c (test for excess errors)
In my logs I can see:
/gcc/testsuite/gcc.dg/analyzer/casts-1.c: In function 'test_1':
/gcc/testsuite/gcc.dg/analyzer/casts-1.c:19:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/casts-1.c:20:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/casts-1.c:21:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/casts-1.c:22:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/casts-1.c:23:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/casts-1.c:24:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/casts-1.c:25:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/casts-1.c:26:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/casts-1.c:29:3: warning: TRUE
/gcc/testsuite/gcc.dg/analyzer/casts-1.c:30:3: warning: TRUE
/gcc/testsuite/gcc.dg/analyzer/casts-1.c: In function 'test_2':
/gcc/testsuite/gcc.dg/analyzer/casts-1.c:36:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/casts-1.c:37:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/casts-1.c:38:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/casts-1.c:39:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/casts-1.c:41:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/casts-1.c:43:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/casts-1.c:45:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/casts-1.c:47:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:30:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:31:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:51:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:52:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:72:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:73:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:74:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:75:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:99:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:100:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:101:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:102:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:124:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:125:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:126:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:127:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:128:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:129:3: warning: UNKNOWN
FAIL: gcc.dg/analyzer/pr93032-mztools.c (test for excess errors)
Excess errors:
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:174:15: warning:
terminating analysis for this program point: EN: 213-217, EN: 475-477,
EN: 632 [-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:174:15: warning:
terminating analysis for this program point: EN: 213-217, EN: 475-477,
EN: 632 [-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:174:15: warning:
terminating analysis for this program point: EN: 213-217, EN: 475-477,
EN: 632 [-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 831-839
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 831-839
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 831-839
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 831-839
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 831-839
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 831-839
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 831-839
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 831-839
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 831-839
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 831-839
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 831-839
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 831-839
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 831-839
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 831-839
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 831-839
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 831-839
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 831-839
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 831-839
[-Wanalyzer-too-complex]
on aarch64:
gcc.dg/analyzer/init.c (test for warnings, line 124)
gcc.dg/analyzer/init.c (test for warnings, line 125)
gcc.dg/analyzer/init.c (test for warnings, line 126)
gcc.dg/analyzer/init.c (test for warnings, line 127)
gcc.dg/analyzer/init.c (test for warnings, line 128)
gcc.dg/analyzer/init.c (test for warnings, line 129)
gcc.dg/analyzer/init.c (test for excess errors)
gcc.dg/analyzer/pr93032-mztools.c (test for excess errors)
because:
/gcc/testsuite/gcc.dg/analyzer/init.c:124:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:125:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:126:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:127:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:128:3: warning: UNKNOWN
/gcc/testsuite/gcc.dg/analyzer/init.c:129:3: warning: UNKNOWN
FAIL: gcc.dg/analyzer/pr93032-mztools.c (test for excess errors)
Excess errors:
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 810-818
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 810-818
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 810-818
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 810-818
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 810-818
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 810-818
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 810-818
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 810-818
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 810-818
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 810-818
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 810-818
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 810-818
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 810-818
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 810-818
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 810-818
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 810-818
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 810-818
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 810-818
[-Wanalyzer-too-complex]
/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c:261:11: warning:
terminating analysis for this program point: EN: 810-818
[-Wanalyzer-too-complex]
HTH
Christophe
> At 1.1MB the patch exceeds the mailing list limit, so I'm attaching a
> gzipped copy.
> It can also be seen via:
> https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=808f4dfeb3a95f50f15e71148e5c1067f90a126d
>
> gcc/ChangeLog:
> * Makefile.in (ANALYZER_OBJS): Add analyzer/region.o,
> analyzer/region-model-impl-calls.o,
> analyzer/region-model-manager.o,
> analyzer/region-model-reachability.o, analyzer/store.o, and
> analyzer/svalue.o.
> * doc/analyzer.texi: Update for changes to analyzer
> implementation.
> * tristate.h (tristate::get_value): New accessor.
>
> gcc/analyzer/ChangeLog:
> * analyzer-logging.cc: Ignore "-Wformat-diag".
> (logger::enter_scope): Use inc_indent in both overloads.
> (logger::exit_scope): Use dec_indent.
> * analyzer-logging.h (logger::inc_indent): New.
> (logger::dec_indent): New.
> * analyzer-selftests.cc (run_analyzer_selftests): Call
> analyzer_store_cc_tests.
> * analyzer-selftests.h (analyzer_store_cc_tests): New decl.
> * analyzer.cc (get_stmt_location): New function.
> * analyzer.h (class initial_svalue): New forward decl.
> (class unaryop_svalue): New forward decl.
> (class binop_svalue): New forward decl.
> (class sub_svalue): New forward decl.
> (class unmergeable_svalue): New forward decl.
> (class placeholder_svalue): New forward decl.
> (class widening_svalue): New forward decl.
> (class compound_svalue): New forward decl.
> (class conjured_svalue): New forward decl.
> (svalue_set): New typedef.
> (class map_region): Delete.
> (class array_region): Delete.
> (class frame_region): New forward decl.
> (class function_region): New forward decl.
> (class label_region): New forward decl.
> (class decl_region): New forward decl.
> (class element_region): New forward decl.
> (class offset_region): New forward decl.
> (class cast_region): New forward decl.
> (class field_region): New forward decl.
> (class string_region): New forward decl.
> (class region_model_manager): New forward decl.
> (class store_manager): New forward decl.
> (class store): New forward decl.
> (class call_details): New forward decl.
> (struct svalue_id_merger_mapping): Delete.
> (struct canonicalization): Delete.
> (class function_point): New forward decl.
> (class engine): New forward decl.
> (dump_tree): New function decl.
> (print_quoted_type): New function decl.
> (readability_comparator): New function decl.
> (tree_cmp): New function decl.
> (class path_var): Move here from region-model.h
> (bit_offset_t, bit_size_t, byte_size_t): New typedefs.
> (class region_offset): New class.
> (get_stmt_location): New decl.
> (struct member_function_hash_traits): New struct.
> (class consolidation_map): New class.
> Ignore "-Wformat-diag".
> * analyzer.opt (-param=analyzer-max-svalue-depth=): New param.
> (-param=analyzer-max-enodes-for-full-dump=): New param.
> * call-string.cc: Ignore -Wformat-diag.
> * checker-path.cc: Move includes of "analyzer/call-string.h" and
> "analyzer/program-point.h" to before "analyzer/region-model.h",
> and also include "analyzer/store.h" before it.
> (state_change_event::state_change_event): Replace "tree var" param
> with "const svalue *sval". Convert "origin" param from tree to
> "const svalue *".
> (state_change_event::get_desc): Call get_representative_tree to
> convert the var and origin from const svalue * to tree. Use
> svalue::get_desc rather than %qE when describing state changes.
> (checker_path::add_final_event): Use get_stmt_location.
> * checker-path.h (state_change_event::state_change_event): Port
> from tree to const svalue *.
> (state_change_event::get_lvalue): Delete.
> (state_change_event::get_dest_function): New.
> (state_change_event::m_var): Replace with...
> (state_change_event::m_sval): ...this.
> (state_change_event::m_origin): Convert from tree to
> const svalue *.
> * constraint-manager.cc: Include "analyzer/call-string.h",
> "analyzer/program-point.h", and "analyzer/store.h" before
> "analyzer/region-model.h".
> (struct bound, struct range): Move to constraint-manager.h.
> (compare_constants): New function.
> (range::dump): Rename to...
> (range::dump_to_pp): ...this. Support NULL constants.
> (range::dump): Reintroduce for dumping to stderr.
> (range::constrained_to_single_element): Return result, rather than
> writing to *OUT.
> (range::eval_condition): New.
> (range::below_lower_bound): New.
> (range::above_upper_bound): New.
> (equiv_class::equiv_class): Port from svalue_id to const svalue *.
> (equiv_class::print): Likewise.
> (equiv_class::hash): Likewise.
> (equiv_class::operator==): Port from svalue_id to const svalue *.
> (equiv_class::add): Port from svalue_id to const svalue *. Drop
> "cm" param.
> (equiv_class::del): Port from svalue_id to const svalue *.
> (equiv_class::get_representative): Likewise.
> (equiv_class::remap_svalue_ids): Delete.
> (svalue_id_cmp_by_id): Rename to...
> (svalue_cmp_by_ptr): ...this, porting from svalue_id to
> const svalue *.
> (equiv_class::canonicalize): Update qsort comparator.
> (constraint::implied_by): New.
> (constraint_manager::constraint_manager): Copy m_mgr in copy ctor.
> (constraint_manager::dump_to_pp): Add "multiline" param
> (constraint_manager::dump): Pass "true" for "multiline".
> (constraint_manager::add_constraint): Port from svalue_id to
> const svalue *. Split out second part into...
> (constraint_manager::add_unknown_constraint): ...this new
> function. Remove self-constraints when merging equivalence
> classes.
> (constraint_manager::add_constraint_internal): Remove constraints
> that would be implied by the new constraint. Port from svalue_id
> to const svalue *.
> (constraint_manager::get_equiv_class_by_sid): Rename to...
> (constraint_manager::get_equiv_class_by_svalue): ...this, porting
> from svalue_id to const svalue *.
> (constraint_manager::get_or_add_equiv_class): Port from svalue_id
> to const svalue *.
> (constraint_manager::eval_condition): Make const. Call
> compare_constants and return early if it provides a known result.
> (constraint_manager::get_ec_bounds): New.
> (constraint_manager::eval_condition): New overloads. Make
> existing one const, and use compare_constants.
> (constraint_manager::purge): Convert "p" param to a template
> rather that an abstract base class. Port from svalue_id to
> const svalue *.
> (class dead_svalue_purger): New class.
> (constraint_manager::remap_svalue_ids): Delete.
> (constraint_manager::on_liveness_change): New.
> (equiv_class_cmp): Port from svalue_id to const svalue *.
> (constraint_manager::canonicalize): Likewise. Combine with
> purging of redundant equivalence classes and constraints.
> (class cleaned_constraint_manager): Delete.
> (class merger_fact_visitor): Make "m_cm_b" const. Add "m_merger"
> field.
> (merger_fact_visitor::fact): Port from svalue_id to const svalue *.
> Add special case for widening.
> (constraint_manager::merge): Port from svalue_id to const svalue *.
> (constraint_manager::clean_merger_input): Delete.
> (constraint_manager::for_each_fact): Port from svalue_id to
> const svalue *.
> (constraint_manager::validate): Likewise.
> (selftest::test_constraint_conditions): Provide a
> region_model_manager when creating region_model instances.
> Add test for self-equality not creating equivalence classes.
> (selftest::test_transitivity): Provide a region_model_manager when
> creating region_model instances. Verify that EC-merging happens
> when constraints are implied.
> (selftest::test_constant_comparisons): Provide a
> region_model_manager when creating region_model instances.
> (selftest::test_constraint_impl): Likewise. Remove over-specified
> assertions.
> (selftest::test_equality): Provide a region_model_manager when
> creating region_model instances.
> (selftest::test_many_constants): Likewise. Provide a
> program_point when testing merging.
> (selftest::run_constraint_manager_tests): Move call to
> test_constant_comparisons to outside the transitivity guard.
> * constraint-manager.h (struct bound): Move here from
> constraint-manager.cc.
> (struct range): Likewise.
> (struct::eval_condition): New decl.
> (struct::below_lower_bound): New decl.
> (struct::above_upper_bound): New decl.
> (equiv_class::add): Port from svalue_id to const svalue *.
> (equiv_class::del): Likewise.
> (equiv_class::get_representative): Likewise.
> (equiv_class::remap_svalue_ids): Drop.
> (equiv_class::m_cst_sid): Convert to..
> (equiv_class::m_cst_sval): ...this.
> (equiv_class::m_vars): Port from svalue_id to const svalue *.
> (constraint::bool implied_by): New decl.
> (fact_visitor::on_fact): Port from svalue_id to const svalue *.
> (constraint_manager::constraint_manager): Add mgr param.
> (constraint_manager::clone): Delete.
> (constraint_manager::maybe_get_constant): Delete.
> (constraint_manager::get_sid_for_constant): Delete.
> (constraint_manager::get_num_svalues): Delete.
> (constraint_manager::dump_to_pp): Add "multiline" param.
> (constraint_manager::get_equiv_class): Port from svalue_id to
> const svalue *.
> (constraint_manager::add_constraint): Likewise.
> (constraint_manager::get_equiv_class_by_sid): Rename to...
> (constraint_manager::get_equiv_class_by_svalue): ...this, porting
> from svalue_id to const svalue *.
> (constraint_manager::add_unknown_constraint): New decl.
> (constraint_manager::get_or_add_equiv_class): Port from svalue_id
> to const svalue *.
> (constraint_manager::eval_condition): Likewise. Add overloads.
> (constraint_manager::get_ec_bounds): New decl.
> (constraint_manager::purge): Convert to template.
> (constraint_manager::remap_svalue_ids): Delete.
> (constraint_manager::on_liveness_change): New decl.
> (constraint_manager::canonicalize): Drop param.
> (constraint_manager::clean_merger_input): Delete.
> (constraint_manager::m_mgr): New field.
> * diagnostic-manager.cc: Move includes of
> "analyzer/call-string.h" and "analyzer/program-point.h" to before
> "analyzer/region-model.h", and also include "analyzer/store.h"
> before it.
> (saved_diagnostic::saved_diagnostic): Add "sval" param.
> (diagnostic_manager::diagnostic_manager): Add engine param.
> (diagnostic_manager::add_diagnostic): Add "sval" param, passing it
> to saved_diagnostic ctor. Update overload to pass NULL for it.
> (dedupe_winners::dedupe_winners): Add engine param.
> (dedupe_winners::add): Add "eg" param. Pass m_engine to
> feasible_p.
> (dedupe_winner::m_engine): New field.
> (diagnostic_manager::emit_saved_diagnostics): Pass engine to
> dedupe_winners. Pass &eg when adding candidates. Pass svalue
> rather than tree to prune_path. Use get_stmt_location to get
> primary location of diagnostic.
> (diagnostic_manager::emit_saved_diagnostic): Likewise.
> (get_any_origin): Drop.
> (state_change_event_creator::on_global_state_change): Pass NULL
> const svalue * rather than NULL_TREE trees to state_change_event
> ctor.
> (state_change_event_creator::on_state_change): Port from tree and
> svalue_id to const svalue *.
> (for_each_state_change): Port from svalue_id to const svalue *.
> (struct null_assignment_sm_context): New.
> (diagnostic_manager::add_events_for_eedge): Add state change
> events for assignment to NULL.
> (diagnostic_manager::prune_path): Update param from tree to
> const svalue *.
> (diagnostic_manager::prune_for_sm_diagnostic): Port from tracking
> by tree to by const svalue *.
> * diagnostic-manager.h (saved_diagnostic::saved_diagnostic): Add sval
> param.
> (saved_diagnostic::m_sval): New field.
> (diagnostic_manager::diagnostic_manager): Add engine param.
> (diagnostic_manager::get_engine): New.
> (diagnostic_manager::add_diagnostic): Add "sval" param.
> (diagnostic_manager::prune_path): Likewise.
> (diagnostic_manager::prune_for_sm_diagnostic): New overload.
> (diagnostic_manager::m_eng): New field.
> * engine.cc: Move includes of "analyzer/call-string.h" and
> "analyzer/program-point.h" to before "analyzer/region-model.h",
> and also include "analyzer/store.h" before it.
> (impl_region_model_context::impl_region_model_context): Update for
> removal of m_change field.
> (impl_region_model_context::remap_svalue_ids): Delete.
> (impl_region_model_context::on_svalue_leak): New.
> (impl_region_model_context::on_svalue_purge): Delete.
> (impl_region_model_context::on_liveness_change): New.
> (impl_region_model_context::on_unknown_change): Update param
> from svalue_id to const svalue *. Add is_mutable param.
> (setjmp_svalue::compare_fields): Delete.
> (setjmp_svalue::accept): New.
> (setjmp_svalue::add_to_hash): Delete.
> (setjmp_svalue::dump_to_pp): New.
> (setjmp_svalue::print_details): Delete.
> (impl_sm_context::impl_sm_context): Drop "change" param.
> (impl_sm_context::get_fndecl_for_call): Drop "m_change".
> (impl_sm_context::on_transition): Drop ATTRIBUTE_UNUSED from
> "stmt" param. Drop m_change. Port from svalue_id to
> const svalue *.
> (impl_sm_context::warn_for_state): Drop m_change. Port from
> svalue_id to const svalue *.
> (impl_sm_context::get_readable_tree): Rename to...
> (impl_sm_context::get_diagnostic_tree): ...this. Port from
> svalue_id to const svalue *.
> (impl_sm_context::is_zero_assignment): New.
> (impl_sm_context::m_change): Delete field.
> (leak_stmt_finder::find_stmt): Handle m_var being NULL.
> (readability): Increase penalty for MEM_REF. For SSA_NAMEs,
> slightly favor the underlying var over the SSA name. Heavily
> penalize temporaries. Handle RESULT_DECL.
> (readability_comparator): Make non-static. Consider stack depths.
> (impl_region_model_context::on_state_leak): Convert from svalue_id
> to const svalue *, updating for region_model changes. Use
> id_equal.
> (impl_region_model_context::on_inherited_svalue): Delete.
> (impl_region_model_context::on_cast): Delete.
> (impl_region_model_context::on_condition): Drop m_change.
> (impl_region_model_context::on_phi): Likewise.
> (impl_region_model_context::on_unexpected_tree_code): Handle t
> being NULL.
> (point_and_state::validate): Update stack checking for
> region_model changes.
> (eg_traits::dump_args_t::show_enode_details_p): New.
> (exploded_node::exploded_node): Initialize m_num_processed_stmts.
> (exploded_node::get_processed_stmt): New function.
> (exploded_node::get_dot_fillcolor): Add more colors.
> (exploded_node::dump_dot): Guard the printing of the point and
> state with show_enode_details_p. Print the processed stmts for
> this enode after the initial state.
> (exploded_node::dump_to_pp): Pass true for new multiline param
> of program_state::dump_to_pp.
> (exploded_node::on_stmt): Drop "change" param. Log the stmt.
> Set input_location. Implement __analyzer_describe. Update
> implementation of __analyzer_dump and __analyzer_eval.
> Remove purging of sm-state for unknown fncalls from here.
> (exploded_node::on_edge): Drop "change" param.
> (exploded_node::on_longjmp): Port from region_id/svalue_id to
> const region */const svalue *. Call program_state::detect_leaks.
> Drop state_change.
> (exploded_node::detect_leaks): Update for changes to region_model.
> Call program_state::detect_leaks.
> (exploded_edge::exploded_edge): Drop ext_state and change params.
> (exploded_edge::dump_dot): "args" is no longer used. Drop dumping
> of m_change.
> (exploded_graph::exploded_graph): Pass engine to
> m_diagnostic_manager ctor. Use program_point::origin.
> (exploded_graph::add_function_entry): Drop ctxt. Use
> program_state::push_frame. Drop state_change.
> (exploded_graph::get_or_create_node): Drop "change" param. Add
> "enode_for_diag" param. Update dumping calls for API changes.
> Pass point to can_merge_with_p. Show enode indices
> within -Wanalyzer-too-complex diagnostic for hitting the per-point
> limit.
> (exploded_graph::add_edge): Drop "change" param. Log which nodes
> are being connected. Update for changes to exploded_edge ctor.
> (exploded_graph::get_per_program_point_data): New.
> (exploded_graph::process_worklist): Pass point to
> can_merge_with_p. Drop state_change. Update dumping call for API
> change.
> (exploded_graph::process_node): Drop state_change. Split the
> node in-place if an sm-state-change occurs. Update
> m_num_processed_stmts. Update dumping calls for API change.
> (exploded_graph::log_stats): Call engine::log_stats.
> (exploded_graph::dump_states_for_supernode): Update dumping
> call.
> (exploded_path::feasible_p): Add "eng" and "eg" params.
> Rename "i" to "end_idx". Pass the manager to the region_model
> ctor. Update for every processed stmt in the enode, not just the
> first. Keep track of which snodes have been visited, and call
> loop_replay_fixup when revisiting one.
> (enode_label::get_text): Update dump call for new param.
> (exploded_graph::dump_exploded_nodes): Likewise.
> (exploded_graph::get_node_by_index): New.
> (impl_run_checkers): Create engine instance and pass its address
> to extrinsic_state ctor.
> * exploded-graph.h
> (impl_region_model_context::impl_region_model_context): Drop
> "change" params.
> (impl_region_model_context::void remap_svalue_ids): Delete.
> (impl_region_model_context::on_svalue_purge): Delete.
> (impl_region_model_context::on_svalue_leak): New.
> (impl_region_model_context::on_liveness_change): New.
> (impl_region_model_context::on_state_leak): Update signature.
> (impl_region_model_context::on_inherited_svalue): Delete.
> (impl_region_model_context::on_cast): Delete.
> (impl_region_model_context::on_unknown_change): Update signature.
> (impl_region_model_context::m_change): Delete.
> (eg_traits::dump_args_t::show_enode_details_p): New.
> (exploded_node::on_stmt): Drop "change" param.
> (exploded_node::on_edge): Likewise.
> (exploded_node::get_processed_stmt): New decl.
> (exploded_node::m_num_processed_stmts): New field.
> (exploded_edge::exploded_edge): Drop ext_state and change params.
> (exploded_edge::m_change): Delete.
> (exploded_graph::get_engine): New accessor.
> (exploded_graph::get_or_create_node): Drop "change" param. Add
> "enode_for_diag" param.
> (exploded_graph::add_edge): Drop "change" param.
> (exploded_graph::get_per_program_point_data): New decl.
> (exploded_graph::get_node_by_index): New decl.
> (exploded_path::feasible_p): Add "eng" and "eg" params.
> * program-point.cc: Include "analyzer/store.h" before including
> "analyzer/region-model.h".
> (function_point::function_point): Move here from
> program-point.h.
> (function_point::get_function): Likewise.
> (function_point::from_function_entry): Likewise.
> (function_point::before_supernode): Likewise.
> (function_point::next_stmt): New function.
> * program-point.h (function_point::function_point): Move
> implementation from here to program-point.cc.
> (function_point::get_function): Likewise.
> (function_point::from_function_entry): Likewise.
> (function_point::before_supernode): Likewise.
> (function_point::next_stmt): New decl.
> (program_point::operator!=): New.
> (program_point::origin): New.
> (program_point::next_stmt): New.
> (program_point::m_function_point): Make non-const.
> * program-state.cc: Move includes of "analyzer/call-string.h" and
> "analyzer/program-point.h" to before "analyzer/region-model.h",
> and also include "analyzer/store.h" before it.
> (extrinsic_state::get_model_manager): New.
> (sm_state_map::sm_state_map): Pass in sm and sm_idx to ctor,
> rather than pass the around.
> (sm_state_map::clone_with_remapping): Delete.
> (sm_state_map::print): Remove "sm" param in favor of "m_sm". Add
> "simple" and "multiline" params and support multiline vs single
> line dumping.
> (sm_state_map::dump): Remove "sm" param in favor of "m_sm". Add
> "simple" param.
> (sm_state_map::hash): Port from svalue_id to const svalue *.
> (sm_state_map::operator==): Likewise.
> (sm_state_map::get_state): Likewise. Call canonicalize_svalue on
> input. Handle inheritance of sm-state. Call get_default_state.
> (sm_state_map::get_origin): Port from svalue_id to const svalue *.
> (sm_state_map::set_state): Likewise. Pass in ext_state. Reject
> attempts to set state on UNKNOWN.
> (sm_state_map::impl_set_state): Port from svalue_id to
> const svalue *. Pass in ext_state. Call canonicalize_svalue on
> input.
> (sm_state_map::purge_for_unknown_fncall): Delete.
> (sm_state_map::on_svalue_leak): New.
> (sm_state_map::remap_svalue_ids): Delete.
> (sm_state_map::on_liveness_change): New.
> (sm_state_map::on_unknown_change): Reimplement.
> (sm_state_map::on_svalue_purge): Delete.
> (sm_state_map::on_inherited_svalue): Delete.
> (sm_state_map::on_cast): Delete.
> (sm_state_map::validate): Delete.
> (sm_state_map::canonicalize_svalue): New.
> (program_state::program_state): Update to pass manager to
> region_model's ctor. Constify num_states and pass state machine
> and index to sm_state_map ctor.
> (program_state::print): Update for changes to dump API.
> (program_state::dump_to_pp): Ignore the summarize param. Add
> "multiline" param.
> (program_state::dump_to_file): Add "multiline" param.
> (program_state::dump): Pass "true" for new "multiline" param.
> (program_state::push_frame): New.
> (program_state::on_edge): Drop "change" param. Call
> program_state::detect_leaks.
> (program_state::prune_for_point): Add enode_for_diag param.
> Reimplement based on store class. Call detect_leaks
> (program_state::remap_svalue_ids): Delete.
> (program_state::get_representative_tree): Port from svalue_id to
> const svalue *.
> (program_state::can_merge_with_p): Add "point" param. Add early
> reject for sm-differences. Drop id remapping.
> (program_state::validate): Drop region model and sm_state_map
> validation.
> (state_change::sm_change::dump): Delete.
> (state_change::sm_change::remap_svalue_ids): Delete.
> (state_change::sm_change::on_svalue_purge): Delete.
> (log_set_of_svalues): New.
> (state_change::sm_change::validate): Delete.
> (state_change::state_change): Delete.
> (state_change::add_sm_change): Delete.
> (state_change::affects_p): Delete.
> (state_change::dump): Delete.
> (state_change::remap_svalue_ids): Delete.
> (state_change::on_svalue_purge): Delete.
> (state_change::validate): Delete.
> (selftest::assert_dump_eq): Delete.
> (ASSERT_DUMP_EQ): Delete.
> (selftest::test_sm_state_map): Update for changes to region_model
> and sm_state_map, porting from svalue_id to const svalue *.
> (selftest::test_program_state_dumping): Likewise. Drop test of
> dumping, renaming to...
> (selftest::test_program_state_1): ...this.
> (selftest::test_program_state_dumping_2): Likewise, renaming to...
> (selftest::test_program_state_2): ...this.
> (selftest::test_program_state_merging): Update for changes to
> region_model.
> (selftest::test_program_state_merging_2): Likewise.
> (selftest::analyzer_program_state_cc_tests): Update for renamed
> tests.
> * program-state.h (extrinsic_state::extrinsic_state): Add logger
> and engine params.
> (extrinsic_state::get_logger): New accessor.
> (extrinsic_state::get_engine): New accessor.
> (extrinsic_state::get_model_manager): New accessor.
> (extrinsic_state::m_logger): New field.
> (extrinsic_state::m_engine): New field.
> (struct default_hash_traits<svalue_id>): Delete.
> (pod_hash_traits<svalue_id>::hash): Delete.
> (pod_hash_traits<svalue_id>::equal): Delete.
> (pod_hash_traits<svalue_id>::mark_deleted): Delete.
> (pod_hash_traits<svalue_id>::mark_empty): Delete.
> (pod_hash_traits<svalue_id>::is_deleted): Delete.
> (pod_hash_traits<svalue_id>::is_empty): Delete.
> (sm_state_map::entry_t::entry_t): Port from svalue_id to
> const svalue *.
> (sm_state_map::entry_t::m_origin): Likewise.
> (sm_state_map::map_t): Likewise.
> (sm_state_map::sm_state_map): Add state_machine and index params.
> (sm_state_map::clone_with_remapping): Delete.
> (sm_state_map::print): Drop sm param; add simple and multiline
> params.
> (sm_state_map::dump): Drop sm param; add simple param.
> (sm_state_map::get_state): Port from svalue_id to const svalue *.
> Add ext_state param.
> (sm_state_map::get_origin): Likewise.
> (sm_state_map::set_state): Likewise.
> (sm_state_map::impl_set_state): Likewise.
> (sm_state_map::purge_for_unknown_fncall): Delete.
> (sm_state_map::remap_svalue_ids): Delete.
> (sm_state_map::on_svalue_purge): Delete.
> (sm_state_map::on_svalue_leak): New.
> (sm_state_map::on_liveness_change): New.
> (sm_state_map::on_inherited_svalue): Delete.
> (sm_state_map::on_cast): Delete.
> (sm_state_map::validate): Delete.
> (sm_state_map::on_unknown_change): Port from svalue_id to
> const svalue *. Add is_mutable and ext_state params.
> (sm_state_map::canonicalize_svalue): New.
> (sm_state_map::m_sm): New field.
> (sm_state_map::m_sm_idx): New field.
> (program_state::operator=): Delete.
> (program_state::dump_to_pp): Drop "summarize" param, adding
> "simple" and "multiline".
> (program_state::dump_to_file): Likewise.
> (program_state::dump): Rename "summarize" to "simple".
> (program_state::push_frame): New.
> (program_state::get_current_function): New.
> (program_state::on_edge): Drop "change" param.
> (program_state::prune_for_point): Likewise. Add enode_for_diag
> param.
> (program_state::remap_svalue_ids): Delete.
> (program_state::get_representative_tree): Port from svalue_id to
> const svalue *.
> (program_state::can_purge_p): Likewise. Pass ext_state to get_state.
> (program_state::can_merge_with_p): Add point param.
> (program_state::detect_leaks): New.
> (state_change_visitor::on_state_change): Port from tree and
> svalue_id to a pair of const svalue *.
> (class state_change): Delete.
> * region.cc: New file.
> * region-model-impl-calls.cc: New file.
> * region-model-manager.cc: New file.
> * region-model-reachability.cc: New file.
> * region-model-reachability.h: New file.
> * region-model.cc: Include "analyzer/call-string.h",
> "analyzer/program-point.h", and "analyzer/store.h" before
> "analyzer/region-model.h". Include
> "analyzer/region-model-reachability.h".
> (dump_tree): Make non-static.
> (dump_quoted_tree): Make non-static.
> (print_quoted_type): Make non-static.
> (path_var::dump): Delete.
> (dump_separator): Delete.
> (class impl_constraint_manager): Delete.
> (svalue_id::print): Delete.
> (svalue_id::dump_node_name_to_pp): Delete.
> (svalue_id::validate): Delete.
> (region_id::print): Delete.
> (region_id::dump_node_name_to_pp): Delete.
> (region_id::validate): Delete.
> (region_id_set::region_id_set): Delete.
> (svalue_id_set::svalue_id_set): Delete.
> (svalue::operator==): Delete.
> (svalue::hash): Delete.
> (svalue::print): Delete.
> (svalue::dump_dot_to_pp): Delete.
> (svalue::remap_region_ids): Delete.
> (svalue::walk_for_canonicalization): Delete.
> (svalue::get_child_sid): Delete.
> (svalue::maybe_get_constant): Delete.
> (region_svalue::compare_fields): Delete.
> (region_svalue::add_to_hash): Delete.
> (region_svalue::print_details): Delete.
> (region_svalue::dump_dot_to_pp): Delete.
> (region_svalue::remap_region_ids): Delete.
> (region_svalue::merge_values): Delete.
> (region_svalue::walk_for_canonicalization): Delete.
> (region_svalue::eval_condition): Delete.
> (constant_svalue::compare_fields): Delete.
> (constant_svalue::add_to_hash): Delete.
> (constant_svalue::merge_values): Delete.
> (constant_svalue::eval_condition): Move to svalue.cc.
> (constant_svalue::print_details): Delete.
> (constant_svalue::get_child_sid): Delete.
> (unknown_svalue::compare_fields): Delete.
> (unknown_svalue::add_to_hash): Delete.
> (unknown_svalue::print_details): Delete.
> (poison_kind_to_str): Move to svalue.cc.
> (poisoned_svalue::compare_fields): Delete.
> (poisoned_svalue::add_to_hash): Delete.
> (poisoned_svalue::print_details): Delete.
> (region_kind_to_str): Move to region.cc and reimplement.
> (region::operator==): Delete.
> (region::get_parent_region): Delete.
> (region::set_value): Delete.
> (region::become_active_view): Delete.
> (region::deactivate_any_active_view): Delete.
> (region::deactivate_view): Delete.
> (region::get_value): Delete.
> (region::get_inherited_child_sid): Delete.
> (region_model::copy_region): Delete.
> (region_model::copy_struct_region): Delete.
> (region_model::copy_union_region): Delete.
> (region_model::copy_array_region): Delete.
> (region::hash): Delete.
> (region::print): Delete.
> (region::dump_dot_to_pp): Delete.
> (region::dump_to_pp): Delete.
> (region::dump_child_label): Delete.
> (region::validate): Delete.
> (region::remap_svalue_ids): Delete.
> (region::remap_region_ids): Delete.
> (region::add_view): Delete.
> (region::get_view): Delete.
> (region::region): Move to region.cc.
> (region::add_to_hash): Delete.
> (region::print_fields): Delete.
> (region::non_null_p): Delete.
> (primitive_region::clone): Delete.
> (primitive_region::walk_for_canonicalization): Delete.
> (map_region::map_region): Delete.
> (map_region::compare_fields): Delete.
> (map_region::print_fields): Delete.
> (map_region::validate): Delete.
> (map_region::dump_dot_to_pp): Delete.
> (map_region::dump_child_label): Delete.
> (map_region::get_or_create): Delete.
> (map_region::get): Delete.
> (map_region::add_to_hash): Delete.
> (map_region::remap_region_ids): Delete.
> (map_region::unbind): Delete.
> (map_region::get_tree_for_child_region): Delete.
> (map_region::get_tree_for_child_region): Delete.
> (tree_cmp): Move to region.cc.
> (map_region::can_merge_p): Delete.
> (map_region::walk_for_canonicalization): Delete.
> (map_region::get_value_by_name): Delete.
> (struct_or_union_region::valid_key_p): Delete.
> (struct_or_union_region::compare_fields): Delete.
> (struct_region::clone): Delete.
> (struct_region::compare_fields): Delete.
> (union_region::clone): Delete.
> (union_region::compare_fields): Delete.
> (frame_region::compare_fields): Delete.
> (frame_region::clone): Delete.
> (frame_region::valid_key_p): Delete.
> (frame_region::print_fields): Delete.
> (frame_region::add_to_hash): Delete.
> (globals_region::compare_fields): Delete.
> (globals_region::clone): Delete.
> (globals_region::valid_key_p): Delete.
> (code_region::compare_fields): Delete.
> (code_region::clone): Delete.
> (code_region::valid_key_p): Delete.
> (array_region::array_region): Delete.
> (array_region::get_element): Delete.
> (array_region::clone): Delete.
> (array_region::compare_fields): Delete.
> (array_region::print_fields): Delete.
> (array_region::validate): Delete.
> (array_region::dump_dot_to_pp): Delete.
> (array_region::dump_child_label): Delete.
> (array_region::get_or_create): Delete.
> (array_region::get): Delete.
> (array_region::add_to_hash): Delete.
> (array_region::remap_region_ids): Delete.
> (array_region::get_key_for_child_region): Delete.
> (array_region::key_cmp): Delete.
> (array_region::walk_for_canonicalization): Delete.
> (array_region::key_from_constant): Delete.
> (array_region::constant_from_key): Delete.
> (function_region::compare_fields): Delete.
> (function_region::clone): Delete.
> (function_region::valid_key_p): Delete.
> (stack_region::stack_region): Delete.
> (stack_region::compare_fields): Delete.
> (stack_region::clone): Delete.
> (stack_region::print_fields): Delete.
> (stack_region::dump_child_label): Delete.
> (stack_region::validate): Delete.
> (stack_region::push_frame): Delete.
> (stack_region::get_current_frame_id): Delete.
> (stack_region::pop_frame): Delete.
> (stack_region::add_to_hash): Delete.
> (stack_region::remap_region_ids): Delete.
> (stack_region::can_merge_p): Delete.
> (stack_region::walk_for_canonicalization): Delete.
> (stack_region::get_value_by_name): Delete.
> (heap_region::heap_region): Delete.
> (heap_region::compare_fields): Delete.
> (heap_region::clone): Delete.
> (heap_region::walk_for_canonicalization): Delete.
> (root_region::root_region): Delete.
> (root_region::compare_fields): Delete.
> (root_region::clone): Delete.
> (root_region::print_fields): Delete.
> (root_region::validate): Delete.
> (root_region::dump_child_label): Delete.
> (root_region::push_frame): Delete.
> (root_region::get_current_frame_id): Delete.
> (root_region::pop_frame): Delete.
> (root_region::ensure_stack_region): Delete.
> (root_region::get_stack_region): Delete.
> (root_region::ensure_globals_region): Delete.
> (root_region::get_code_region): Delete.
> (root_region::ensure_code_region): Delete.
> (root_region::get_globals_region): Delete.
> (root_region::ensure_heap_region): Delete.
> (root_region::get_heap_region): Delete.
> (root_region::remap_region_ids): Delete.
> (root_region::can_merge_p): Delete.
> (root_region::add_to_hash): Delete.
> (root_region::walk_for_canonicalization): Delete.
> (root_region::get_value_by_name): Delete.
> (symbolic_region::symbolic_region): Delete.
> (symbolic_region::compare_fields): Delete.
> (symbolic_region::clone): Delete.
> (symbolic_region::walk_for_canonicalization): Delete.
> (symbolic_region::print_fields): Delete.
> (region_model::region_model): Add region_model_manager * param.
> Reimplement in terms of store, dropping impl_constraint_manager
> subclass.
> (region_model::operator=): Reimplement in terms of store
> (region_model::operator==): Likewise.
> (region_model::hash): Likewise.
> (region_model::print): Delete.
> (region_model::print_svalue): Delete.
> (region_model::dump_dot_to_pp): Delete.
> (region_model::dump_dot_to_file): Delete.
> (region_model::dump_dot): Delete.
> (region_model::dump_to_pp): Replace "summarize" param with
> "simple" and "multiline". Port to store-based implementation.
> (region_model::dump): Replace "summarize" param with "simple" and
> "multiline".
> (dump_vec_of_tree): Delete.
> (region_model::dump_summary_of_rep_path_vars): Delete.
> (region_model::validate): Delete.
> (svalue_id_cmp_by_constant_svalue_model): Delete.
> (svalue_id_cmp_by_constant_svalue): Delete.
> (region_model::canonicalize): Drop "ctxt" param. Reimplement in
> terms of store and constraints.
> (region_model::canonicalized_p): Remove NULL arg to canonicalize.
> (region_model::loop_replay_fixup): New.
> (poisoned_value_diagnostic::emit): Tweak wording of warnings.
> (region_model::check_for_poison): Delete.
> (region_model::get_gassign_result): New.
> (region_model::on_assignment): Port to store-based implementation.
> (region_model::on_call_pre): Delete calls to check_for_poison.
> Move implementations to region-model-impl-calls.c and port to
> store-based implementation.
> (region_model::on_call_post): Likewise.
> (class reachable_regions): Move to region-model-reachability.h/cc
> and port to store-based implementation.
> (region_model::handle_unrecognized_call): Port to store-based
> implementation.
> (region_model::get_reachable_svalues): New.
> (region_model::on_setjmp): Port to store-based implementation.
> (region_model::on_longjmp): Likewise.
> (region_model::handle_phi): Drop is_back_edge param and the logic
> using it.
> (region_model::get_lvalue_1): Port from region_id to const region *.
> (region_model::make_region_for_unexpected_tree_code): Delete.
> (assert_compat_types): If the check fails, use internal_error to
> show the types.
> (region_model::get_lvalue): Port from region_id to const region *.
> (region_model::get_rvalue_1): Port from svalue_id to const svalue *.
> (region_model::get_rvalue): Likewise.
> (region_model::get_or_create_ptr_svalue): Delete.
> (region_model::get_or_create_constant_svalue): Delete.
> (region_model::get_svalue_for_fndecl): Delete.
> (region_model::get_region_for_fndecl): Delete.
> (region_model::get_svalue_for_label): Delete.
> (region_model::get_region_for_label): Delete.
> (build_cast): Delete.
> (region_model::maybe_cast_1): Delete.
> (region_model::maybe_cast): Delete.
> (region_model::get_field_region): Delete.
> (region_model::get_store_value): New.
> (region_model::region_exists_p): New.
> (region_model::deref_rvalue): Port from svalue_id to const svalue *.
> (region_model::set_value): Likewise.
> (region_model::clobber_region): New.
> (region_model::purge_region): New.
> (region_model::zero_fill_region): New.
> (region_model::mark_region_as_unknown): New.
> (region_model::eval_condition): Port from svalue_id to
> const svalue *.
> (region_model::eval_condition_without_cm): Likewise.
> (region_model::compare_initial_and_pointer): New.
> (region_model::add_constraint): Port from svalue_id to
> const svalue *.
> (region_model::maybe_get_constant): Delete.
> (region_model::get_representative_path_var): New.
> (region_model::add_new_malloc_region): Delete.
> (region_model::get_representative_tree): Port to const svalue *.
> (region_model::get_representative_path_var): Port to
> const region *.
> (region_model::get_path_vars_for_svalue): Delete.
> (region_model::set_to_new_unknown_value): Delete.
> (region_model::update_for_phis): Don't pass is_back_edge to
> handle_phi.
> (region_model::update_for_call_superedge): Port from svalue_id to
> const svalue *.
> (region_model::update_for_return_superedge): Port to store-based
> implementation.
> (region_model::update_for_call_summary): Replace
> set_to_new_unknown_value with mark_region_as_unknown.
> (region_model::get_root_region): Delete.
> (region_model::get_stack_region_id): Delete.
> (region_model::push_frame): Delete.
> (region_model::get_current_frame_id): Delete.
> (region_model::get_current_function): Delete.
> (region_model::pop_frame): Delete.
> (region_model::on_top_level_param): New.
> (region_model::get_stack_depth): Delete.
> (region_model::get_function_at_depth): Delete.
> (region_model::get_globals_region_id): Delete.
> (region_model::add_svalue): Delete.
> (region_model::replace_svalue): Delete.
> (region_model::add_region): Delete.
> (region_model::get_svalue): Delete.
> (region_model::get_region): Delete.
> (make_region_for_type): Delete.
> (region_model::add_region_for_type): Delete.
> (region_model::on_top_level_param): New.
> (class restrict_to_used_svalues): Delete.
> (region_model::purge_unused_svalues): Delete.
> (region_model::push_frame): New.
> (region_model::remap_svalue_ids): Delete.
> (region_model::remap_region_ids): Delete.
> (region_model::purge_regions): Delete.
> (region_model::get_descendents): Delete.
> (region_model::delete_region_and_descendents): Delete.
> (region_model::poison_any_pointers_to_bad_regions): Delete.
> (region_model::can_merge_with_p): Delete.
> (region_model::get_current_function): New.
> (region_model::get_value_by_name): Delete.
> (region_model::convert_byte_offset_to_array_index): Delete.
> (region_model::pop_frame): New.
> (region_model::get_or_create_mem_ref): Delete.
> (region_model::get_stack_depth): New.
> (region_model::get_frame_at_index): New.
> (region_model::unbind_region_and_descendents): New.
> (struct bad_pointer_finder): New.
> (region_model::get_or_create_pointer_plus_expr): Delete.
> (region_model::poison_any_pointers_to_descendents): New.
> (region_model::get_or_create_view): Delete.
> (region_model::can_merge_with_p): New.
> (region_model::get_fndecl_for_call): Port from svalue_id to
> const svalue *.
> (struct append_ssa_names_cb_data): New.
> (get_ssa_name_regions_for_current_frame): New.
> (region_model::append_ssa_names_cb): New.
> (model_merger::dump_to_pp): Add "simple" param. Drop dumping of
> remappings.
> (model_merger::dump): Add "simple" param to both overloads.
> (model_merger::can_merge_values_p): Delete.
> (model_merger::record_regions): Delete.
> (model_merger::record_svalues): Delete.
> (svalue_id_merger_mapping::svalue_id_merger_mapping): Delete.
> (svalue_id_merger_mapping::dump_to_pp): Delete.
> (svalue_id_merger_mapping::dump): Delete.
> (region_model::create_region_for_heap_alloc): New.
> (region_model::create_region_for_alloca): New.
> (region_model::record_dynamic_extents): New.
> (canonicalization::canonicalization): Delete.
> (canonicalization::walk_rid): Delete.
> (canonicalization::walk_sid): Delete.
> (canonicalization::dump_to_pp): Delete.
> (canonicalization::dump): Delete.
> (inchash::add): Delete overloads for svalue_id and region_id.
> (engine::log_stats): New.
> (assert_condition): Add overload comparing svalues.
> (assert_dump_eq): Pass "true" for multiline.
> (selftest::test_dump): Update for rewrite of region_model.
> (selftest::test_dump_2): Rename to...
> (selftest::test_struct): ...this. Provide a region_model_manager
> when creating region_model instance. Remove dump test. Add
> checks for get_offset.
> (selftest::test_dump_3): Rename to...
> (selftest::test_array_1): ...this. Provide a region_model_manager
> when creating region_model instance. Remove dump test.
> (selftest::test_get_representative_tree): Port from svalue_id to
> new API. Add test coverage for various expressions.
> (selftest::test_unique_constants): Provide a region_model_manager
> for the region_model. Add test coverage for comparing const vs
> non-const.
> (selftest::test_svalue_equality): Delete.
> (selftest::test_region_equality): Delete.
> (selftest::test_unique_unknowns): New.
> (class purge_all_svalue_ids): Delete.
> (class purge_one_svalue_id): Delete.
> (selftest::test_purging_by_criteria): Delete.
> (selftest::test_initial_svalue_folding): New.
> (selftest::test_unaryop_svalue_folding): New.
> (selftest::test_binop_svalue_folding): New.
> (selftest::test_sub_svalue_folding): New.
> (selftest::test_purge_unused_svalues): Delete.
> (selftest::test_descendent_of_p): New.
> (selftest::test_assignment): Provide a region_model_manager for
> the region_model. Drop the dump test.
> (selftest::test_compound_assignment): Likewise.
> (selftest::test_stack_frames): Port to new implementation.
> (selftest::test_get_representative_path_var): Likewise.
> (selftest::test_canonicalization_1): Rename to...
> (selftest::test_equality_1): ...this. Port to new API, and add
> (selftest::test_canonicalization_2): Provide a
> region_model_manager when creating region_model instances.
> Remove redundant canicalization.
> (selftest::test_canonicalization_3): Provide a
> region_model_manager when creating region_model instances.
> Remove param from calls to region_model::canonicalize.
> (selftest::test_canonicalization_4): Likewise.
> (selftest::assert_region_models_merge): Constify
> out_merged_svalue. Port to new API.
> (selftest::test_state_merging): Provide a
> region_model_manager when creating region_model instances.
> Provide a program_point point when merging them. Replace
> set_to_new_unknown_value with usage of placeholder_svalues.
> Drop get_value_by_name. Port from svalue_id to const svalue *.
> Add test of heap allocation.
> (selftest::test_constraint_merging): Provide a
> region_model_manager when creating region_model instances.
> Provide a program_point point when merging them. Eliminate use
> of set_to_new_unknown_value.
> (selftest::test_widening_constraints): New.
> (selftest::test_iteration_1): New.
> (selftest::test_malloc_constraints): Port to store-based
> implementation.
> (selftest::test_var): New test.
> (selftest::test_array_2): New test.
> (selftest::test_mem_ref): New test.
> (selftest::test_POINTER_PLUS_EXPR_then_MEM_REF): New.
> (selftest::test_malloc): New.
> (selftest::test_alloca): New.
> (selftest::analyzer_region_model_cc_tests): Update for renamings.
> Call new functions.
> * region-model.h (class path_var): Move to analyzer.h.
> (class svalue_id): Delete.
> (class region_id): Delete.
> (class id_map): Delete.
> (svalue_id_map): Delete.
> (region_id_map): Delete.
> (id_map<T>::id_map): Delete.
> (id_map<T>::put): Delete.
> (id_map<T>::get_dst_for_src): Delete.
> (id_map<T>::get_src_for_dst): Delete.
> (id_map<T>::dump_to_pp): Delete.
> (id_map<T>::dump): Delete.
> (id_map<T>::update): Delete.
> (one_way_svalue_id_map): Delete.
> (one_way_region_id_map): Delete.
> (class region_id_set): Delete.
> (class svalue_id_set): Delete.
> (struct complexity): New.
> (class visitor): New.
> (enum svalue_kind): Add SK_SETJMP, SK_INITIAL, SK_UNARYOP,
> SK_BINOP, SK_SUB,SK_UNMERGEABLE, SK_PLACEHOLDER, SK_WIDENING,
> SK_COMPOUND, and SK_CONJURED.
> (svalue::operator==): Delete.
> (svalue::operator!=): Delete.
> (svalue::clone): Delete.
> (svalue::hash): Delete.
> (svalue::dump_dot_to_pp): Delete.
> (svalue::dump_to_pp): New.
> (svalue::dump): New.
> (svalue::get_desc): New.
> (svalue::dyn_cast_initial_svalue): New.
> (svalue::dyn_cast_unaryop_svalue): New.
> (svalue::dyn_cast_binop_svalue): New.
> (svalue::dyn_cast_sub_svalue): New.
> (svalue::dyn_cast_unmergeable_svalue): New.
> (svalue::dyn_cast_widening_svalue): New.
> (svalue::dyn_cast_compound_svalue): New.
> (svalue::dyn_cast_conjured_svalue): New.
> (svalue::maybe_undo_cast): New.
> (svalue::unwrap_any_unmergeable): New.
> (svalue::remap_region_ids): Delete
> (svalue::can_merge_p): New.
> (svalue::walk_for_canonicalization): Delete
> (svalue::get_complexity): New.
> (svalue::get_child_sid): Delete
> (svalue::accept): New.
> (svalue::live_p): New.
> (svalue::implicitly_live_p): New.
> (svalue::svalue): Add complexity param.
> (svalue::add_to_hash): Delete
> (svalue::print_details): Delete
> (svalue::m_complexity): New field.
> (region_svalue::key_t): New struct.
> (region_svalue::region_svalue): Port from region_id to
> const region_id *. Add complexity.
> (region_svalue::compare_fields): Delete.
> (region_svalue::clone): Delete.
> (region_svalue::dump_dot_to_pp): Delete.
> (region_svalue::get_pointee): Port from region_id to
> const region_id *.
> (region_svalue::remap_region_ids): Delete.
> (region_svalue::merge_values): Delete.
> (region_svalue::dump_to_pp): New.
> (region_svalue::accept): New.
> (region_svalue::walk_for_canonicalization): Delete.
> (region_svalue::eval_condition): Make params const.
> (region_svalue::add_to_hash): Delete.
> (region_svalue::print_details): Delete.
> (region_svalue::m_rid): Replace with...
> (region_svalue::m_reg): ...this.
> (is_a_helper <region_svalue *>::test): Convert to...
> (is_a_helper <const region_svalue *>::test): ...this.
> (template <> struct default_hash_traits<region_svalue::key_t>):
> New.
> (constant_svalue::constant_svalue): Add complexity.
> (constant_svalue::compare_fields): Delete.
> (constant_svalue::clone): Delete.
> (constant_svalue::add_to_hash): Delete.
> (constant_svalue::dump_to_pp): New.
> (constant_svalue::accept): New.
> (constant_svalue::implicitly_live_p): New.
> (constant_svalue::merge_values): Delete.
> (constant_svalue::eval_condition): Make params const.
> (constant_svalue::get_child_sid): Delete.
> (constant_svalue::print_details): Delete.
> (is_a_helper <constant_svalue *>::test): Convert to...
> (is_a_helper <const constant_svalue *>::test): ...this.
> (class unknown_svalue): Update leading comment.
> (unknown_svalue::unknown_svalue): Add complexity.
> (unknown_svalue::compare_fields): Delete.
> (unknown_svalue::add_to_hash): Delete.
> (unknown_svalue::dyn_cast_unknown_svalue): Delete.
> (unknown_svalue::print_details): Delete.
> (unknown_svalue::dump_to_pp): New.
> (unknown_svalue::accept): New.
> (poisoned_svalue::key_t): New struct.
> (poisoned_svalue::poisoned_svalue): Add complexity.
> (poisoned_svalue::compare_fields): Delete.
> (poisoned_svalue::clone): Delete.
> (poisoned_svalue::add_to_hash): Delete.
> (poisoned_svalue::dump_to_pp): New.
> (poisoned_svalue::accept): New.
> (poisoned_svalue::print_details): Delete.
> (is_a_helper <poisoned_svalue *>::test): Convert to...
> (is_a_helper <const poisoned_svalue *>::test): ...this.
> (template <> struct default_hash_traits<poisoned_svalue::key_t>):
> New.
> (setjmp_record::add_to_hash): New.
> (setjmp_svalue::key_t): New struct.
> (setjmp_svalue::compare_fields): Delete.
> (setjmp_svalue::clone): Delete.
> (setjmp_svalue::add_to_hash): Delete.
> (setjmp_svalue::setjmp_svalue): Add complexity.
> (setjmp_svalue::dump_to_pp): New.
> (setjmp_svalue::accept): New.
> (setjmp_svalue::void print_details): Delete.
> (is_a_helper <const setjmp_svalue *>::test): New.
> (template <> struct default_hash_traits<setjmp_svalue::key_t>): New.
> (class initial_svalue : public svalue): New.
> (is_a_helper <const initial_svalue *>::test): New.
> (class unaryop_svalue): New.
> (is_a_helper <const unaryop_svalue *>::test): New.
> (template <> struct default_hash_traits<unaryop_svalue::key_t>): New.
> (class binop_svalue): New.
> (is_a_helper <const binop_svalue *>::test): New.
> (template <> struct default_hash_traits<binop_svalue::key_t>): New.
> (class sub_svalue): New.
> (is_a_helper <const sub_svalue *>::test): New.
> (template <> struct default_hash_traits<sub_svalue::key_t>): New.
> (class unmergeable_svalue): New.
> (is_a_helper <const unmergeable_svalue *>::test): New.
> (class placeholder_svalue): New.
> (is_a_helper <placeholder_svalue *>::test): New.
> (class widening_svalue): New.
> (is_a_helper <widening_svalue *>::test): New.
> (template <> struct default_hash_traits<widening_svalue::key_t>): New.
> (class compound_svalue): New.
> (is_a_helper <compound_svalue *>::test): New.
> (template <> struct default_hash_traits<compound_svalue::key_t>): New.
> (class conjured_svalue): New.
> (is_a_helper <conjured_svalue *>::test): New.
> (template <> struct default_hash_traits<conjured_svalue::key_t>): New.
> (enum region_kind): Delete RK_PRIMITIVE, RK_STRUCT, RK_UNION, and
> RK_ARRAY. Add RK_LABEL, RK_DECL, RK_FIELD, RK_ELEMENT, RK_OFFSET,
> RK_CAST, RK_HEAP_ALLOCATED, RK_ALLOCA, RK_STRING, and RK_UNKNOWN.
> (region_kind_to_str): Delete.
> (region::~region): Move implementation to region.cc.
> (region::operator==): Delete.
> (region::operator!=): Delete.
> (region::clone): Delete.
> (region::get_id): New.
> (region::cmp_ids): New.
> (region::dyn_cast_map_region): Delete.
> (region::dyn_cast_array_region): Delete.
> (region::region_id get_parent): Delete.
> (region::get_parent_region): Convert to a simple accessor.
> (region::void set_value): Delete.
> (region::svalue_id get_value): Delete.
> (region::svalue_id get_value_direct): Delete.
> (region::svalue_id get_inherited_child_sid): Delete.
> (region::dyn_cast_frame_region): New.
> (region::dyn_cast_function_region): New.
> (region::dyn_cast_decl_region): New.
> (region::dyn_cast_field_region): New.
> (region::dyn_cast_element_region): New.
> (region::dyn_cast_offset_region): New.
> (region::dyn_cast_cast_region): New.
> (region::dyn_cast_string_region): New.
> (region::accept): New.
> (region::get_base_region): New.
> (region::base_region_p): New.
> (region::descendent_of_p): New.
> (region::maybe_get_frame_region): New.
> (region::maybe_get_decl): New.
> (region::hash): Delete.
> (region::rint): Delete.
> (region::dump_dot_to_pp): Delete.
> (region::get_desc): New.
> (region::dump_to_pp): Convert to vfunc, changing signature.
> (region::dump_child_label): Delete.
> (region::remap_svalue_ids): Delete.
> (region::remap_region_ids): Delete.
> (region::dump): New.
> (region::walk_for_canonicalization): Delete.
> (region::non_null_p): Drop region_model param.
> (region::add_view): Delete.
> (region::get_view): Delete.
> (region::get_active_view): Delete.
> (region::is_view_p): Delete.
> (region::cmp_ptrs): New.
> (region::validate): Delete.
> (region::get_offset): New.
> (region::get_byte_size): New.
> (region::get_bit_size): New.
> (region::get_subregions_for_binding): New.
> (region::region): Add complexity param. Convert parent from
> region_id to const region *. Drop svalue_id. Drop copy ctor.
> (region::symbolic_for_unknown_ptr_p): New.
> (region::add_to_hash): Delete.
> (region::print_fields): Delete.
> (region::get_complexity): New accessor.
> (region::become_active_view): Delete.
> (region::deactivate_any_active_view): Delete.
> (region::deactivate_view): Delete.
> (region::calc_offset): New.
> (region::m_parent_rid): Delete.
> (region::m_sval_id): Delete.
> (region::m_complexity): New.
> (region::m_id): New.
> (region::m_parent): New.
> (region::m_view_rids): Delete.
> (region::m_is_view): Delete.
> (region::m_active_view_rid): Delete.
> (region::m_cached_offset): New.
> (is_a_helper <region *>::test): Convert to...
> (is_a_helper <const region *>::test): ... this.
> (class primitive_region): Delete.
> (class space_region): New.
> (class map_region): Delete.
> (is_a_helper <map_region *>::test): Delete.
> (class frame_region): Reimplement.
> (template <> struct default_hash_traits<frame_region::key_t>):
> New.
> (class globals_region): Reimplement.
> (is_a_helper <globals_region *>::test): Convert to...
> (is_a_helper <const globals_region *>::test): ...this.
> (class struct_or_union_region): Delete.
> (is_a_helper <struct_or_union_region *>::test): Delete.
> (class code_region): Reimplement.
> (is_a_helper <const code_region *>::test): New.
> (class struct_region): Delete.
> (is_a_helper <struct_region *>::test): Delete.
> (class function_region): Reimplement.
> (is_a_helper <function_region *>::test): Convert to...
> (is_a_helper <const function_region *>::test): ...this.
> (class union_region): Delete.
> (is_a_helper <union_region *>::test): Delete.
> (class label_region): New.
> (is_a_helper <const label_region *>::test): New.
> (class scope_region): Delete.
> (class stack_region): Reimplement.
> (is_a_helper <stack_region *>::test): Convert to...
> (is_a_helper <const stack_region *>::test): ...this.
> (class heap_region): Reimplement.
> (is_a_helper <heap_region *>::test): Convert to...
> (is_a_helper <const heap_region *>::test): ...this.
> (class root_region): Reimplement.
> (is_a_helper <root_region *>::test): Convert to...
> (is_a_helper <const root_region *>::test): ...this.
> (class symbolic_region): Reimplement.
> (is_a_helper <const symbolic_region *>::test): New.
> (template <> struct default_hash_traits<symbolic_region::key_t>):
> New.
> (class decl_region): New.
> (is_a_helper <const decl_region *>::test): New.
> (class field_region): New.
> (template <> struct default_hash_traits<field_region::key_t>): New.
> (class array_region): Delete.
> (class element_region): New.
> (is_a_helper <array_region *>::test): Delete.
> (is_a_helper <const element_region *>::test): New.
> (template <> struct default_hash_traits<element_region::key_t>):
> New.
> (class offset_region): New.
> (is_a_helper <const offset_region *>::test): New.
> (template <> struct default_hash_traits<offset_region::key_t>):
> New.
> (class cast_region): New.
> (is_a_helper <const cast_region *>::test): New.
> (template <> struct default_hash_traits<cast_region::key_t>): New.
> (class heap_allocated_region): New.
> (class alloca_region): New.
> (class string_region): New.
> (is_a_helper <const string_region *>::test): New.
> (class unknown_region): New.
> (class region_model_manager): New.
> (struct append_ssa_names_cb_data): New.
> (class call_details): New.
> (region_model::region_model): Add region_model_manager param.
> (region_model::print_svalue): Delete.
> (region_model::dump_dot_to_pp): Delete.
> (region_model::dump_dot_to_file): Delete.
> (region_model::dump_dot): Delete.
> (region_model::dump_to_pp): Drop summarize param in favor of
> simple and multiline.
> (region_model::dump): Likewise.
> (region_model::summarize_to_pp): Delete.
> (region_model::summarize): Delete.
> (region_model::void canonicalize): Drop ctxt param.
> (region_model::void check_for_poison): Delete.
> (region_model::get_gassign_result): New.
> (region_model::impl_call_alloca): New.
> (region_model::impl_call_analyzer_describe): New.
> (region_model::impl_call_analyzer_eval): New.
> (region_model::impl_call_builtin_expect): New.
> (region_model::impl_call_calloc): New.
> (region_model::impl_call_free): New.
> (region_model::impl_call_malloc): New.
> (region_model::impl_call_memset): New.
> (region_model::impl_call_strlen): New.
> (region_model::get_reachable_svalues): New.
> (region_model::handle_phi): Drop is_back_edge param.
> (region_model::region_id get_root_rid): Delete.
> (region_model::root_region *get_root_region): Delete.
> (region_model::region_id get_stack_region_id): Delete.
> (region_model::push_frame): Convert from region_id and svalue_id
> to const region * and const svalue *.
> (region_model::get_current_frame_id): Replace with...
> (region_model::get_current_frame): ...this.
> (region_model::pop_frame): Convert from region_id to
> const region *. Drop purge and stats param. Add out_result.
> (region_model::function *get_function_at_depth): Delete.
> (region_model::get_globals_region_id): Delete.
> (region_model::add_svalue): Delete.
> (region_model::replace_svalue): Delete.
> (region_model::add_region): Delete.
> (region_model::add_region_for_type): Delete.
> (region_model::get_svalue): Delete.
> (region_model::get_region): Delete.
> (region_model::get_lvalue): Convert from region_id to
> const region *.
> (region_model::get_rvalue): Convert from svalue_id to
> const svalue *.
> (region_model::get_or_create_ptr_svalue): Delete.
> (region_model::get_or_create_constant_svalue): Delete.
> (region_model::get_svalue_for_fndecl): Delete.
> (region_model::get_svalue_for_label): Delete.
> (region_model::get_region_for_fndecl): Delete.
> (region_model::get_region_for_label): Delete.
> (region_model::get_frame_at_index (int index) const;): New.
> (region_model::maybe_cast): Delete.
> (region_model::maybe_cast_1): Delete.
> (region_model::get_field_region): Delete.
> (region_model::id deref_rvalue): Convert from region_id and
> svalue_id to const region * and const svalue *. Drop overload,
> passing in both a tree and an svalue.
> (region_model::set_value): Convert from region_id and svalue_id to
> const region * and const svalue *.
> (region_model::set_to_new_unknown_value): Delete.
> (region_model::clobber_region (const region *reg);): New.
> (region_model::purge_region (const region *reg);): New.
> (region_model::zero_fill_region (const region *reg);): New.
> (region_model::mark_region_as_unknown (const region *reg);): New.
> (region_model::copy_region): Convert from region_id to
> const region *.
> (region_model::eval_condition): Convert from svalue_id to
> const svalue *.
> (region_model::eval_condition_without_cm): Likewise.
> (region_model::compare_initial_and_pointer): New.
> (region_model:maybe_get_constant): Delete.
> (region_model::add_new_malloc_region): Delete.
> (region_model::get_representative_tree): Convert from svalue_id to
> const svalue *.
> (region_model::get_representative_path_var): Delete decl taking a
> region_id in favor of two decls, for svalue vs region, with an
> svalue_set to ensure termination.
> (region_model::get_path_vars_for_svalue): Delete.
> (region_model::create_region_for_heap_alloc): New.
> (region_model::create_region_for_alloca): New.
> (region_model::purge_unused_svalues): Delete.
> (region_model::remap_svalue_ids): Delete.
> (region_model::remap_region_ids): Delete.
> (region_model::purge_regions): Delete.
> (region_model::get_num_svalues): Delete.
> (region_model::get_num_regions): Delete.
> (region_model::get_descendents): Delete.
> (region_model::get_store): New.
> (region_model::delete_region_and_descendents): Delete.
> (region_model::get_manager): New.
> (region_model::unbind_region_and_descendents): New.
> (region_model::can_merge_with_p): Add point param. Drop
> svalue_id_merger_mapping.
> (region_model::get_value_by_name): Delete.
> (region_model::convert_byte_offset_to_array_index): Delete.
> (region_model::get_or_create_mem_ref): Delete.
> (region_model::get_or_create_pointer_plus_expr): Delete.
> (region_model::get_or_create_view): Delete.
> (region_model::get_lvalue_1): Convert from region_id to
> const region *.
> (region_model::get_rvalue_1): Convert from svalue_id to
> const svalue *.
> (region_model::get_ssa_name_regions_for_current_frame): New.
> (region_model::append_ssa_names_cb): New.
> (region_model::get_store_value): New.
> (region_model::copy_struct_region): Delete.
> (region_model::copy_union_region): Delete.
> (region_model::copy_array_region): Delete.
> (region_model::region_exists_p): New.
> (region_model::make_region_for_unexpected_tree_code): Delete.
> (region_model::loop_replay_fixup): New.
> (region_model::poison_any_pointers_to_bad_regions): Delete.
> (region_model::poison_any_pointers_to_descendents): New.
> (region_model::dump_summary_of_rep_path_vars): Delete.
> (region_model::on_top_level_param): New.
> (region_model::record_dynamic_extents): New.
> (region_model::m_mgr;): New.
> (region_model::m_store;): New.
> (region_model::m_svalues;): Delete.
> (region_model::m_regions;): Delete.
> (region_model::m_root_rid;): Delete.
> (region_model::m_current_frame;): New.
> (region_model_context::remap_svalue_ids): Delete.
> (region_model_context::can_purge_p): Delete.
> (region_model_context::on_svalue_leak): New.
> (region_model_context::on_svalue_purge): Delete.
> (region_model_context::on_liveness_change): New.
> (region_model_context::on_inherited_svalue): Delete.
> (region_model_context::on_cast): Delete.
> (region_model_context::on_unknown_change): Convert from svalue_id to
> const svalue * and add is_mutable.
> (class noop_region_model_context): Update for region_model_context
> changes.
> (model_merger::model_merger): Add program_point. Drop
> svalue_id_merger_mapping.
> (model_merger::dump_to_pp): Add "simple" param.
> (model_merger::dump): Likewise.
> (model_merger::get_region_a): Delete.
> (model_merger::get_region_b): Delete.
> (model_merger::can_merge_values_p): Delete.
> (model_merger::record_regions): Delete.
> (model_merger::record_svalues): Delete.
> (model_merger::m_point): New field.
> (model_merger::m_map_regions_from_a_to_m): Delete.
> (model_merger::m_map_regions_from_b_to_m): Delete.
> (model_merger::m_sid_mapping): Delete.
> (struct svalue_id_merger_mapping): Delete.
> (class engine): New.
> (struct canonicalization): Delete.
> (inchash::add): Delete decls for hashing svalue_id and region_id.
> (test_region_model_context::on_unexpected_tree_code): Require t to
> be non-NULL.
> (selftest::assert_condition): Add overload comparing a pair of
> const svalue *.
> * sm-file.cc: Include "tristate.h", "selftest.h",
> "analyzer/call-string.h", "analyzer/program-point.h",
> "analyzer/store.h", and "analyzer/region-model.h".
> (fileptr_state_machine::get_default_state): New.
> (fileptr_state_machine::on_stmt): Remove calls to
> get_readable_tree in favor of get_diagnostic_tree.
> * sm-malloc.cc: Include "tristate.h", "selftest.h",
> "analyzer/call-string.h", "analyzer/program-point.h",
> "analyzer/store.h", and "analyzer/region-model.h".
> (malloc_state_machine::get_default_state): New.
> (malloc_state_machine::reset_when_passed_to_unknown_fn_p): New.
> (malloc_diagnostic::describe_state_change): Handle change.m_expr
> being NULL.
> (null_arg::emit): Avoid printing "NULL '0'".
> (null_arg::describe_final_event): Avoid printing "(0) NULL".
> (malloc_leak::emit): Handle m_arg being NULL.
> (malloc_leak::describe_final_event): Handle ev.m_expr being NULL.
> (malloc_state_machine::on_stmt): Don't call get_readable_tree.
> Call get_diagnostic_tree when creating pending diagnostics.
> Update for is_zero_assignment becoming a member function of
> sm_ctxt.
> Don't transition to m_non_heap for ADDR_EXPR(MEM_REF()).
> (malloc_state_machine::reset_when_passed_to_unknown_fn_p): New
> vfunc implementation.
> * sm-sensitive.cc (sensitive_state_machine::warn_for_any_exposure):
> Call
> get_diagnostic_tree and pass the result to warn_for_state.
> * sm-signal.cc: Move includes of "analyzer/call-string.h" and
> "analyzer/program-point.h" to before "analyzer/region-model.h",
> and also include "analyzer/store.h" before it.
> (signal_unsafe_call::describe_state_change): Use
> get_dest_function to get handler.
> (update_model_for_signal_handler): Pass manager to region_model
> ctor.
> (register_signal_handler::impl_transition): Update for changes to
> get_or_create_node and add_edge.
> * sm-taint.cc (taint_state_machine::on_stmt): Remove calls to
> get_readable_tree, replacing them when calling warn_for_state with
> calls to get_diagnostic_tree.
> * sm.cc (is_zero_assignment): Delete.
> (any_pointer_p): Move to within namespace ana.
> * sm.h (is_zero_assignment): Remove decl.
> (any_pointer_p): Move decl to within namespace ana.
> (state_machine::get_default_state): New vfunc.
> (state_machine::reset_when_passed_to_unknown_fn_p): New vfunc.
> (sm_context::get_readable_tree): Rename to...
> (sm_context::get_diagnostic_tree): ...this.
> (sm_context::is_zero_assignment): New vfunc.
> * store.cc: New file.
> * store.h: New file.
> * svalue.cc: New file.
>
> gcc/testsuite/ChangeLog:
> PR analyzer/93032
> PR analyzer/93938
> PR analyzer/94011
> PR analyzer/94099
> PR analyzer/94399
> PR analyzer/94458
> PR analyzer/94503
> PR analyzer/94640
> PR analyzer/94688
> PR analyzer/94689
> PR analyzer/94839
> PR analyzer/95026
> PR analyzer/95042
> PR analyzer/95240
> * g++.dg/analyzer/pr93212.C: Add dg-warning for dangling
> reference.
> * g++.dg/analyzer/pr93950.C: Remove xfail.
> * g++.dg/analyzer/pr94011.C: New test.
> * g++.dg/analyzer/pr94028.C: Remove leak false positives; mark as
> failing on C++98.
> * g++.dg/analyzer/pr94503.C: New test.
> * g++.dg/analyzer/pr95042.C: New test.
> * gcc.dg/analyzer/CVE-2005-1689-dedupe-issue-2.c: New test.
> * gcc.dg/analyzer/CVE-2005-1689-dedupe-issue.c: Add xfail.
> * gcc.dg/analyzer/CVE-2005-1689-minimal.c:
> Include "analyzer-decls.h".
> (test_4, test_5, test_6, test_7, test_8): New tests.
> * gcc.dg/analyzer/abs-1.c: New test.
> * gcc.dg/analyzer/aliasing-1.c: New test.
> * gcc.dg/analyzer/aliasing-2.c: New test.
> * gcc.dg/analyzer/analyzer-decls.h (__analyzer_describe): New
> decl.
> (__analyzer_dump_num_heap_regions): Remove.
> * gcc.dg/analyzer/attribute-nonnull.c: Add dg-warnings for cases
> where NULL is directly used as an argument.
> * gcc.dg/analyzer/bzero-1.c: New test.
> * gcc.dg/analyzer/casts-1.c: New test.
> * gcc.dg/analyzer/casts-2.c: New test.
> * gcc.dg/analyzer/compound-assignment-1.c
> (test_4): Remove xfail from leak false positive.
> (called_by_test_5a): Add "allocated here" expected message.
> (called_by_test_5b): Make expected leak message more precise.
> * gcc.dg/analyzer/compound-assignment-3.c: Update expected leak
> message.
> * gcc.dg/analyzer/compound-assignment-4.c: New test.
> * gcc.dg/analyzer/compound-assignment-5.c: New test.
> * gcc.dg/analyzer/conditionals-notrans.c: Remove xfails.
> * gcc.dg/analyzer/data-model-1.c (test_12d): Update expected
> results.
> (test_13): Remove xfail.
> (test_14): Remove xfail.
> (test_15): Remove xfail.
> (test_16): Remove xfails. Add out-of-bounds access.
> (test_16_alt): Remove xfails.
> (test_23): Remove xfail.
> (test_24): Remove xfail.
> (test_25): Remove xfail.
> (test_26): Update expected result. Remove xfail. Add xfail.
> (test_27): Remove xfails.
> (test_29): Add __analyzer_eval pointer comparisons.
> (test_41): Generalize expected output for u.ptr comparison with
> NULL for targets where this could be known to be false.
> (test_42): Remove xfail.
> (test_51): Remove xfails.
> * gcc.dg/analyzer/data-model-13.c: Update for improvements to
> source location and wording of leak message.
> * gcc.dg/analyzer/data-model-14.c: Remove -fanalyzer-fine-grained.
> (test_1): Update for improvement to expected message.
> (test_2): Remove xfail.
> * gcc.dg/analyzer/data-model-18.c: Remove xfail.
> * gcc.dg/analyzer/data-model-20.c: New test.
> * gcc.dg/analyzer/data-model-5.c: Add dg-warning for deref of
> NULL. Add xfailing false leak.
> * gcc.dg/analyzer/data-model-5b.c: Add xfailing false leak.
> * gcc.dg/analyzer/data-model-5c.c: Update xfailing false leak.
> * gcc.dg/analyzer/data-model-5d.c: Reimplement.
> * gcc.dg/analyzer/data-model-6.c: Delete test.
> * gcc.dg/analyzer/data-model-8.c: Remove xfail.
> * gcc.dg/analyzer/describe-1.c: New test.
> * gcc.dg/analyzer/dot-output.c: Remove xfail.
> * gcc.dg/analyzer/explode-1.c: Add expected leak warning.
> * gcc.dg/analyzer/explode-2.c: Add expected leak warnings. Mark
> double-free warnings as xfail for now.
> * gcc.dg/analyzer/feasibility-1.c: New test.
> * gcc.dg/analyzer/first-field-1.c: New test.
> * gcc.dg/analyzer/first-field-2.c: New test.
> * gcc.dg/analyzer/init.c: New test.
> * gcc.dg/analyzer/leak-2.c: New test.
> * gcc.dg/analyzer/loop-0-up-to-n-by-1-with-iter-obj.c: New test.
> * gcc.dg/analyzer/loop-0-up-to-n-by-1.c: New test.
> * gcc.dg/analyzer/loop-2a.c: Update expected behavior.
> * gcc.dg/analyzer/loop-3.c: Mark use-after-free as xfail. Add
> expected warning about deref of unchecked pointer.
> * gcc.dg/analyzer/loop-4.c: Remove -fno-analyzer-state-purge.
> Update expected behavior.
> * gcc.dg/analyzer/loop-n-down-to-1-by-1.c: New test.
> * gcc.dg/analyzer/loop-start-down-to-end-by-1.c: New test.
> * gcc.dg/analyzer/loop-start-down-to-end-by-step.c: New test.
> * gcc.dg/analyzer/loop-start-to-end-by-step.c: New test.
> * gcc.dg/analyzer/loop-start-up-to-end-by-1.c: New test.
> * gcc.dg/analyzer/loop.c: Remove -fno-analyzer-state-purge.
> Update expected behavior.
> * gcc.dg/analyzer/malloc-1.c: Remove xfails from leak false
> positives. Update expected wording of global_link.m_ptr leak.
> (test_49): New test.
> * gcc.dg/analyzer/malloc-4.c: Remove leak false positive. Update
> expected wording of leak warning.
> * gcc.dg/analyzer/malloc-in-loop.c: New test.
> * gcc.dg/analyzer/malloc-ipa-8-double-free.c: Update expected path
> to show call to wrapped_malloc.
> * gcc.dg/analyzer/malloc-ipa-8-unchecked.c: Remove
> -fanalyzer-verbose-state-changes.
> * gcc.dg/analyzer/malloc-paths-9.c: Remove comment about duplicate
> warnings. Remove duplicate use-after-free paths.
> * gcc.dg/analyzer/malloc-vs-local-1a.c: Add dg-warning for deref
> of unchecked pointer. Update expected number of enodes.
> * gcc.dg/analyzer/malloc-vs-local-2.c: Likewise.
> * gcc.dg/analyzer/malloc-vs-local-3.c: Add dg-warning for deref of
> unchecked pointer. Update expected number of enodes. Avoid
> overspecifying the leak message.
> * gcc.dg/analyzer/memset-1.c: New test.
> * gcc.dg/analyzer/paths-3.c: Update expected number of enodes.
> * gcc.dg/analyzer/paths-4.c: Likewise.
> * gcc.dg/analyzer/paths-6.c: Likewise.
> * gcc.dg/analyzer/paths-7.c: Likewise.
> * gcc.dg/analyzer/pr93032-mztools-simplified.c: New test.
> * gcc.dg/analyzer/pr93032-mztools.c: New test.
> * gcc.dg/analyzer/pr93382.c: Mark taint tests as failing.
> * gcc.dg/analyzer/pr93938.c: New test.
> * gcc.dg/analyzer/pr94099.c: Replace uninit dg-warning with
> dg-warning for NULL dereference.
> * gcc.dg/analyzer/pr94399.c: New test.
> * gcc.dg/analyzer/pr94447.c: Add dg-warning for NULL dereference.
> * gcc.dg/analyzer/pr94458.c: New test.
> * gcc.dg/analyzer/pr94640.c: New test.
> * gcc.dg/analyzer/pr94688.c: New test.
> * gcc.dg/analyzer/pr94689.c: New test.
> * gcc.dg/analyzer/pr94839.c: New test.
> * gcc.dg/analyzer/pr95026.c: New test.
> * gcc.dg/analyzer/pr95240.c: New test.
> * gcc.dg/analyzer/refcounting-1.c: New test.
> * gcc.dg/analyzer/single-field.c: New test.
> * gcc.dg/analyzer/stale-frame-1.c: New test.
> * gcc.dg/analyzer/symbolic-1.c: New test.
> * gcc.dg/analyzer/symbolic-2.c: New test.
> * gcc.dg/analyzer/symbolic-3.c: New test.
> * gcc.dg/analyzer/symbolic-4.c: New test.
> * gcc.dg/analyzer/symbolic-5.c: New test.
> * gcc.dg/analyzer/symbolic-6.c: New test.
> * gcc.dg/analyzer/taint-1.c: Mark the "gets unchecked value"
> events as failing for now. Update dg-message directives to avoid
> relying on numbering.
> * gcc.dg/analyzer/torture/loop-inc-ptr-1.c: New test.
> * gcc.dg/analyzer/torture/loop-inc-ptr-2.c: New test.
> * gcc.dg/analyzer/torture/loop-inc-ptr-3.c: New test.
> * gcc.dg/analyzer/unknown-fns-2.c: New test.
> * gcc.dg/analyzer/unknown-fns-3.c: New test.
> * gcc.dg/analyzer/unknown-fns-4.c: New test.
> * gcc.dg/analyzer/unknown-fns.c: Update dg-warning to reflect fixed
> source location for leak diagnostic.
> * gcc.dg/analyzer/use-after-free.c: New test.
> * gcc.dg/analyzer/vla-1.c: New test.
> * gcc.dg/analyzer/zlib-4.c: Rewrite to avoid "exit" calls. Add
> expected leak warnings.
> * gfortran.dg/analyzer/pr93993.f90: Remove leak of tm warning,
> which seems to have been a false positive.
> ---
> gcc/Makefile.in | 8 +-
> gcc/analyzer/analyzer-logging.cc | 8 +-
> gcc/analyzer/analyzer-logging.h | 2 +
> gcc/analyzer/analyzer-selftests.cc | 1 +
> gcc/analyzer/analyzer-selftests.h | 1 +
> gcc/analyzer/analyzer.cc | 30 +
> gcc/analyzer/analyzer.h | 192 +-
> gcc/analyzer/analyzer.opt | 8 +
> gcc/analyzer/call-string.cc | 2 +
> gcc/analyzer/checker-path.cc | 52 +-
> gcc/analyzer/checker-path.h | 12 +-
> gcc/analyzer/constraint-manager.cc | 1226 ++-
> gcc/analyzer/constraint-manager.h | 113 +-
> gcc/analyzer/diagnostic-manager.cc | 451 +-
> gcc/analyzer/diagnostic-manager.h | 20 +-
> gcc/analyzer/engine.cc | 790 +-
> gcc/analyzer/exploded-graph.h | 55 +-
> gcc/analyzer/program-point.cc | 61 +
> gcc/analyzer/program-point.h | 52 +-
> gcc/analyzer/program-state.cc | 1271 +--
> gcc/analyzer/program-state.h | 240 +-
> gcc/analyzer/region-model-impl-calls.cc | 352 +
> gcc/analyzer/region-model-manager.cc | 1088 ++
> gcc/analyzer/region-model-reachability.cc | 280 +
> gcc/analyzer/region-model-reachability.h | 117 +
> gcc/analyzer/region-model.cc | 8931 +++++------------
> gcc/analyzer/region-model.h | 3140 +++---
> gcc/analyzer/region.cc | 1064 ++
> gcc/analyzer/sm-file.cc | 26 +-
> gcc/analyzer/sm-malloc.cc | 164 +-
> gcc/analyzer/sm-sensitive.cc | 3 +-
> gcc/analyzer/sm-signal.cc | 15 +-
> gcc/analyzer/sm-taint.cc | 9 +-
> gcc/analyzer/sm.cc | 21 +-
> gcc/analyzer/sm.h | 35 +-
> gcc/analyzer/store.cc | 2008 ++++
> gcc/analyzer/store.h | 613 ++
> gcc/analyzer/svalue.cc | 1004 ++
> gcc/doc/analyzer.texi | 110 +-
> gcc/testsuite/g++.dg/analyzer/pr93212.C | 5 +-
> gcc/testsuite/g++.dg/analyzer/pr93950.C | 4 +-
> gcc/testsuite/g++.dg/analyzer/pr94011.C | 16 +
> gcc/testsuite/g++.dg/analyzer/pr94028.C | 4 +-
> gcc/testsuite/g++.dg/analyzer/pr94503.C | 25 +
> gcc/testsuite/g++.dg/analyzer/pr95042.C | 28 +
> .../analyzer/CVE-2005-1689-dedupe-issue-2.c | 30 +
> .../analyzer/CVE-2005-1689-dedupe-issue.c | 2 +-
> .../gcc.dg/analyzer/CVE-2005-1689-minimal.c | 61 +
> gcc/testsuite/gcc.dg/analyzer/abs-1.c | 22 +
> gcc/testsuite/gcc.dg/analyzer/aliasing-1.c | 25 +
> gcc/testsuite/gcc.dg/analyzer/aliasing-2.c | 32 +
> .../gcc.dg/analyzer/analyzer-decls.h | 7 +-
> .../gcc.dg/analyzer/attribute-nonnull.c | 12 +-
> gcc/testsuite/gcc.dg/analyzer/bzero-1.c | 11 +
> gcc/testsuite/gcc.dg/analyzer/casts-1.c | 49 +
> gcc/testsuite/gcc.dg/analyzer/casts-2.c | 15 +
> .../gcc.dg/analyzer/compound-assignment-1.c | 9 +-
> .../gcc.dg/analyzer/compound-assignment-3.c | 2 +-
> .../gcc.dg/analyzer/compound-assignment-4.c | 28 +
> .../gcc.dg/analyzer/compound-assignment-5.c | 142 +
> .../gcc.dg/analyzer/conditionals-notrans.c | 33 +-
> gcc/testsuite/gcc.dg/analyzer/data-model-1.c | 96 +-
> gcc/testsuite/gcc.dg/analyzer/data-model-13.c | 7 +-
> gcc/testsuite/gcc.dg/analyzer/data-model-14.c | 9 +-
> gcc/testsuite/gcc.dg/analyzer/data-model-18.c | 4 +-
> gcc/testsuite/gcc.dg/analyzer/data-model-20.c | 25 +
> gcc/testsuite/gcc.dg/analyzer/data-model-5.c | 13 +-
> gcc/testsuite/gcc.dg/analyzer/data-model-5b.c | 12 +-
> gcc/testsuite/gcc.dg/analyzer/data-model-5c.c | 13 +-
> gcc/testsuite/gcc.dg/analyzer/data-model-5d.c | 61 +-
> gcc/testsuite/gcc.dg/analyzer/data-model-6.c | 14 -
> gcc/testsuite/gcc.dg/analyzer/data-model-8.c | 3 +-
> gcc/testsuite/gcc.dg/analyzer/describe-1.c | 11 +
> gcc/testsuite/gcc.dg/analyzer/dot-output.c | 3 +-
> gcc/testsuite/gcc.dg/analyzer/explode-1.c | 2 +-
> gcc/testsuite/gcc.dg/analyzer/explode-2.c | 16 +-
> gcc/testsuite/gcc.dg/analyzer/feasibility-1.c | 62 +
> gcc/testsuite/gcc.dg/analyzer/first-field-1.c | 24 +
> gcc/testsuite/gcc.dg/analyzer/first-field-2.c | 33 +
> gcc/testsuite/gcc.dg/analyzer/init.c | 136 +
> gcc/testsuite/gcc.dg/analyzer/leak-2.c | 9 +
> .../loop-0-up-to-n-by-1-with-iter-obj.c | 73 +
> .../gcc.dg/analyzer/loop-0-up-to-n-by-1.c | 31 +
> gcc/testsuite/gcc.dg/analyzer/loop-2a.c | 10 +-
> gcc/testsuite/gcc.dg/analyzer/loop-3.c | 7 +-
> gcc/testsuite/gcc.dg/analyzer/loop-4.c | 13 +-
> .../gcc.dg/analyzer/loop-n-down-to-1-by-1.c | 35 +
> .../analyzer/loop-start-down-to-end-by-1.c | 35 +
> .../analyzer/loop-start-down-to-end-by-step.c | 30 +
> .../analyzer/loop-start-to-end-by-step.c | 36 +
> .../analyzer/loop-start-up-to-end-by-1.c | 34 +
> gcc/testsuite/gcc.dg/analyzer/loop.c | 9 +-
> gcc/testsuite/gcc.dg/analyzer/malloc-1.c | 26 +-
> gcc/testsuite/gcc.dg/analyzer/malloc-4.c | 4 +-
> .../gcc.dg/analyzer/malloc-in-loop.c | 19 +
> .../analyzer/malloc-ipa-8-double-free.c | 82 +-
> .../gcc.dg/analyzer/malloc-ipa-8-unchecked.c | 6 +-
> .../gcc.dg/analyzer/malloc-paths-9.c | 59 +-
> .../gcc.dg/analyzer/malloc-vs-local-1a.c | 22 +-
> .../gcc.dg/analyzer/malloc-vs-local-2.c | 16 +-
> .../gcc.dg/analyzer/malloc-vs-local-3.c | 7 +-
> gcc/testsuite/gcc.dg/analyzer/memset-1.c | 100 +
> gcc/testsuite/gcc.dg/analyzer/paths-3.c | 4 +-
> gcc/testsuite/gcc.dg/analyzer/paths-4.c | 10 +-
> gcc/testsuite/gcc.dg/analyzer/paths-6.c | 4 +-
> gcc/testsuite/gcc.dg/analyzer/paths-7.c | 3 +-
> .../analyzer/pr93032-mztools-simplified.c | 22 +
> .../gcc.dg/analyzer/pr93032-mztools.c | 331 +
> gcc/testsuite/gcc.dg/analyzer/pr93382.c | 6 +-
> gcc/testsuite/gcc.dg/analyzer/pr93938.c | 13 +
> gcc/testsuite/gcc.dg/analyzer/pr94099.c | 3 +-
> gcc/testsuite/gcc.dg/analyzer/pr94399.c | 13 +
> gcc/testsuite/gcc.dg/analyzer/pr94447.c | 2 +-
> gcc/testsuite/gcc.dg/analyzer/pr94458.c | 23 +
> gcc/testsuite/gcc.dg/analyzer/pr94640.c | 17 +
> gcc/testsuite/gcc.dg/analyzer/pr94688.c | 6 +
> gcc/testsuite/gcc.dg/analyzer/pr94689.c | 8 +
> gcc/testsuite/gcc.dg/analyzer/pr94839.c | 20 +
> gcc/testsuite/gcc.dg/analyzer/pr95026.c | 17 +
> gcc/testsuite/gcc.dg/analyzer/pr95240.c | 27 +
> gcc/testsuite/gcc.dg/analyzer/refcounting-1.c | 31 +
> gcc/testsuite/gcc.dg/analyzer/single-field.c | 37 +
> gcc/testsuite/gcc.dg/analyzer/stale-frame-1.c | 15 +
> gcc/testsuite/gcc.dg/analyzer/symbolic-1.c | 43 +
> gcc/testsuite/gcc.dg/analyzer/symbolic-2.c | 32 +
> gcc/testsuite/gcc.dg/analyzer/symbolic-3.c | 12 +
> gcc/testsuite/gcc.dg/analyzer/symbolic-4.c | 20 +
> gcc/testsuite/gcc.dg/analyzer/symbolic-5.c | 29 +
> gcc/testsuite/gcc.dg/analyzer/symbolic-6.c | 24 +
> gcc/testsuite/gcc.dg/analyzer/taint-1.c | 22 +-
> .../gcc.dg/analyzer/torture/loop-inc-ptr-1.c | 15 +
> .../gcc.dg/analyzer/torture/loop-inc-ptr-2.c | 17 +
> .../gcc.dg/analyzer/torture/loop-inc-ptr-3.c | 18 +
> gcc/testsuite/gcc.dg/analyzer/unknown-fns-2.c | 238 +
> gcc/testsuite/gcc.dg/analyzer/unknown-fns-3.c | 67 +
> gcc/testsuite/gcc.dg/analyzer/unknown-fns-4.c | 15 +
> gcc/testsuite/gcc.dg/analyzer/unknown-fns.c | 8 +-
> .../gcc.dg/analyzer/use-after-free.c | 12 +
> gcc/testsuite/gcc.dg/analyzer/vla-1.c | 13 +
> gcc/testsuite/gcc.dg/analyzer/zlib-4.c | 10 +-
> .../gfortran.dg/analyzer/pr93993.f90 | 2 +-
> gcc/tristate.h | 2 +
> 142 files changed, 16153 insertions(+), 10402 deletions(-)
> create mode 100644 gcc/analyzer/region-model-impl-calls.cc
> create mode 100644 gcc/analyzer/region-model-manager.cc
> create mode 100644 gcc/analyzer/region-model-reachability.cc
> create mode 100644 gcc/analyzer/region-model-reachability.h
> create mode 100644 gcc/analyzer/region.cc
> create mode 100644 gcc/analyzer/store.cc
> create mode 100644 gcc/analyzer/store.h
> create mode 100644 gcc/analyzer/svalue.cc
> create mode 100644 gcc/testsuite/g++.dg/analyzer/pr94011.C
> create mode 100644 gcc/testsuite/g++.dg/analyzer/pr94503.C
> create mode 100644 gcc/testsuite/g++.dg/analyzer/pr95042.C
> create mode 100644
> gcc/testsuite/gcc.dg/analyzer/CVE-2005-1689-dedupe-issue-2.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/abs-1.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/aliasing-1.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/aliasing-2.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/bzero-1.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/casts-1.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/casts-2.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/compound-assignment-4.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/compound-assignment-5.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/data-model-20.c
> delete mode 100644 gcc/testsuite/gcc.dg/analyzer/data-model-6.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/describe-1.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/feasibility-1.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/first-field-1.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/first-field-2.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/init.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/leak-2.c
> create mode 100644
> gcc/testsuite/gcc.dg/analyzer/loop-0-up-to-n-by-1-with-iter-obj.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/loop-0-up-to-n-by-1.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/loop-n-down-to-1-by-1.c
> create mode 100644
> gcc/testsuite/gcc.dg/analyzer/loop-start-down-to-end-by-1.c
> create mode 100644
> gcc/testsuite/gcc.dg/analyzer/loop-start-down-to-end-by-step.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/loop-start-to-end-by-step.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/loop-start-up-to-end-by-1.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-in-loop.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/memset-1.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr93032-mztools-simplified.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr93032-mztools.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr93938.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr94399.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr94458.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr94640.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr94688.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr94689.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr94839.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr95026.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr95240.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/refcounting-1.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/single-field.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/stale-frame-1.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/symbolic-1.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/symbolic-2.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/symbolic-3.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/symbolic-4.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/symbolic-5.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/symbolic-6.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/torture/loop-inc-ptr-1.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/torture/loop-inc-ptr-2.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/torture/loop-inc-ptr-3.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/unknown-fns-2.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/unknown-fns-3.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/unknown-fns-4.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/use-after-free.c
> create mode 100644 gcc/testsuite/gcc.dg/analyzer/vla-1.c
>
