From patchwork Wed Jan 8 09:02:21 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Malcolm X-Patchwork-Id: 1219470 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gcc.gnu.org (client-ip=209.132.180.131; helo=sourceware.org; envelope-from=gcc-patches-return-516868-incoming=patchwork.ozlabs.org@gcc.gnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org header.b="pcWrdXCP"; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.b="FMuu9mwI"; dkim-atps=neutral Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 47t3Pk54kkz9sRf for ; Wed, 8 Jan 2020 20:10:50 +1100 (AEDT) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:from :to:cc:subject:date:message-id:mime-version:content-type :content-transfer-encoding; q=dns; s=default; b=q2hmGo+EdDnYD67b q9bylj2130YLCeLEF/A9li4AcbeC8An4PMJxN5N1DsND7U6EQ3t47pgeOKFsPOhF 5m5RsK/VcIFCVKtC163Ro0AC5anC9fOII6Pzv7v8cHhytXGgjEUTGsHn/ULF8vou uzvkUYnDVfGUaYQIIK/V1eb+PLQ= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:from :to:cc:subject:date:message-id:mime-version:content-type :content-transfer-encoding; s=default; bh=fbOBvdEMCjYoP1SEWVT4Jl S+q2c=; b=pcWrdXCPqi/NG/9qcju/NEP5FeBUIl/20oAyZQ/VhLipWTRRQImvjv xyCVz0QN0ep93fBuxjC8KgsdDTzhSGWqAhzq88Gxu7OkX6/DNUaI5xKWW5GRg2VJ 8o9gy5XMTNfFt1aODhwKwbLzgxari1PUb+vz3aKQJz7FFWJ4Wr7Z8= Received: (qmail 75102 invoked by alias); 8 Jan 2020 09:04:22 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Delivered-To: mailing list gcc-patches@gcc.gnu.org Received: (qmail 71827 invoked by uid 89); 8 Jan 2020 09:03:49 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-13.4 required=5.0 tests=AWL, BAYES_00, GIT_PATCH_3, KAM_SHORT, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 spammy=7773, 3583 X-HELO: us-smtp-delivery-1.mimecast.com Received: from us-smtp-1.mimecast.com (HELO us-smtp-delivery-1.mimecast.com) (205.139.110.61) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 08 Jan 2020 09:03:31 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1578474209; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=p6o8T1shgXcsX4gLtYR1ZjRfK9CEMEwxeT/Jz/JsSSU=; b=FMuu9mwI3JUdea1/tSg73MBwyWJRPqOdPpKYFdfKgek5kyDyD0h6xj8Oi5rw1G06Xk+euA qKnEFrdxjjZGfCmpOcrW+j4EmDygpRzedbK+APxOli+MXg87+pLptXLCeVbPRvgh3P72PH RpU96Kkd6ehQgnQmCILLCGPZvwCFfkI= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-24-u-73svNTOLeKSP8SvCxcYQ-1; Wed, 08 Jan 2020 04:03:07 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id B228A800A02 for ; Wed, 8 Jan 2020 09:03:06 +0000 (UTC) Received: from t470.redhat.com (ovpn-117-41.phx2.redhat.com [10.3.117.41]) by smtp.corp.redhat.com (Postfix) with ESMTP id 164CA10013A7; Wed, 8 Jan 2020 09:03:05 +0000 (UTC) From: David Malcolm To: gcc-patches@gcc.gnu.org Cc: David Malcolm Subject: [PATCH 00/41] v5 of analyzer patch kit Date: Wed, 8 Jan 2020 04:02:21 -0500 Message-Id: <20200108090302.2425-1-dmalcolm@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-IsSubscribed: yes Here's an updated version of the analyzer patch kit. The main change in this version of the kit is that I've added notes to the top of each patch describing its review status (e.g. "needs review" vs "approved" etc), to try to clarify what's left to do here. This is v5, and is relative to r279963 (2020-01-07) Earlier versions: v4: https://gcc.gnu.org/ml/gcc-patches/2019-12/msg01002.html v3: https://gcc.gnu.org/ml/gcc-patches/2019-12/msg00529.html v2: https://gcc.gnu.org/ml/gcc-patches/2019-11/msg02024.html v1: https://gcc.gnu.org/ml/gcc-patches/2019-11/msg01543.html In particular, v4 dropped the in-tree plugin idea; with the analyzer becoming part of the compiler, with a configure-time way to disable the build of the compiler (built by default, but requiring -fanalyzer to run the pass; all of the analyzer-specific code is guarded by #if ENABLE_ANALYZER) See also: https://gcc.gnu.org/wiki/DavidMalcolm/StaticAnalyzer High-level changes (relative to v4): - rebased to r279963 (2020-01-07) - added notes to the top of each patch on its review status - removed various preliminary patches that I've already merged to trunk - removed analyzer-specific builtins - added a gcc/analyzer/ChangeLog and updated ChangeLog paths accordingly - updated copyright years in new files to include 2020 There are various bug-fixing follow-ups that I've posted earlier to gcc-patches and pushed to the "dmalcolm/analyzer" git branch which I'll save for now to try to keep review manageable. Also to be resolved is the hash_table issue here: https://gcc.gnu.org/ml/gcc-patches/2019-12/msg00777.html (which I've been looking at and will post about separately) One of the high-level questions is what to do about the less mature sm-*.cc files. Currently: - sm-malloc.cc is most mature - sm-signal.cc and sm-file.cc are fairly mature once all bug-fixes from the branch are applied - sm-taint.cc and sm-sensitive.cc are not production-ready and won't be any time soon Possible approaches: (a) omit the less mature sm files altogether from the initial release, retaining them as followup work on the branch, with the obvious changes to the docs (b) disable them by default, requiring the user to manually use -fanalyzer-checker= to select them. Complicates the documentation. (c) something else I haven't thought of I think I prefer (a), but perhaps deferring this to a followup, or, at least another iteration of this kit (it interacts with the docs) Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu, with the workaround for the hash_table issue from: https://gcc.gnu.org/ml/gcc-patches/2019-12/msg00776.html Pushed to the git mirror as branch "dmalcolm/analyzer-v5": https://gcc.gnu.org/git/?p=gcc.git;a=shortlog;h=refs/heads/dmalcolm/analyzer-v5 David Malcolm (41): analyzer: user-facing documentation analyzer: internal documentation sbitmap.h: add operator const_sbitmap to auto_sbitmap vec.h: add auto_delete_vec Add -fdiagnostics-nn-line-numbers Add diagnostic paths Add ordered_hash_map timevar.def: add TVs for analyzer analyzer: add ChangeLog analyzer: changes to configure.ac analyzer: add new files to Makefile.in analyzer: new files: analyzer-selftests.{cc|h} analyzer: command-line options analyzer: logging support analyzer: new file: analyzer-pass.cc and pass registration analyzer: new files: graphviz.{cc|h} analyzer: new files: digraph.{cc|h} and shortest-paths.h analyzer: new files: supergraph.{cc|h} analyzer: new files: analyzer.{cc|h} analyzer: new files: tristate.{cc|h} analyzer: new files: constraint-manager.{cc|h} analyzer: new files: region-model.{cc|h} analyzer: new files: pending-diagnostic.{cc|h} analyzer: new files: sm.{cc|h} analyzer: new files: sm-malloc.cc and sm-malloc.dot analyzer: new file: sm-file.cc analyzer: new file: sm-pattern-test.cc analyzer: new file: sm-sensitive.cc analyzer: new file: sm-signal.cc analyzer: new file: sm-taint.cc analyzer: new files: analysis-plan.{cc|h} analyzer: new files: call-string.{cc|h} analyzer: new files: program-point.{cc|h} analyzer: new files: program-state.{cc|h} analyzer: new file: exploded-graph.h analyzer: new files: state-purge.{cc|h} analyzer: new files: engine.{cc|h} analyzer: new files: checker-path.{cc|h} analyzer: new files: diagnostic-manager.{cc|h} gdbinit.in: add break-on-saved-diagnostic analyzer: test suite gcc/Makefile.in | 36 +- gcc/analyzer/ChangeLog | 10 + gcc/analyzer/analysis-plan.cc | 118 + gcc/analyzer/analysis-plan.h | 58 + gcc/analyzer/analyzer-logging.cc | 224 + gcc/analyzer/analyzer-logging.h | 262 + gcc/analyzer/analyzer-pass.cc | 102 + gcc/analyzer/analyzer-selftests.cc | 60 + gcc/analyzer/analyzer-selftests.h | 44 + gcc/analyzer/analyzer.cc | 150 + gcc/analyzer/analyzer.h | 124 + gcc/analyzer/analyzer.opt | 181 + gcc/analyzer/call-string.cc | 224 + gcc/analyzer/call-string.h | 76 + gcc/analyzer/checker-path.cc | 931 ++ gcc/analyzer/checker-path.h | 589 ++ gcc/analyzer/constraint-manager.cc | 2251 +++++ gcc/analyzer/constraint-manager.h | 248 + gcc/analyzer/diagnostic-manager.cc | 1217 +++ gcc/analyzer/diagnostic-manager.h | 137 + gcc/analyzer/engine.cc | 3583 ++++++++ gcc/analyzer/engine.h | 26 + gcc/analyzer/exploded-graph.h | 830 ++ gcc/analyzer/pending-diagnostic.cc | 64 + gcc/analyzer/pending-diagnostic.h | 269 + gcc/analyzer/program-point.cc | 529 ++ gcc/analyzer/program-point.h | 313 + gcc/analyzer/program-state.cc | 1331 +++ gcc/analyzer/program-state.h | 365 + gcc/analyzer/region-model.cc | 7773 +++++++++++++++++ gcc/analyzer/region-model.h | 2065 +++++ gcc/analyzer/sm-file.cc | 334 + gcc/analyzer/sm-malloc.cc | 794 ++ gcc/analyzer/sm-malloc.dot | 89 + gcc/analyzer/sm-pattern-test.cc | 149 + gcc/analyzer/sm-sensitive.cc | 245 + gcc/analyzer/sm-signal.cc | 306 + gcc/analyzer/sm-taint.cc | 325 + gcc/analyzer/sm.cc | 136 + gcc/analyzer/sm.h | 182 + gcc/analyzer/state-purge.cc | 524 ++ gcc/analyzer/state-purge.h | 164 + gcc/analyzer/supergraph.cc | 955 ++ gcc/analyzer/supergraph.h | 564 ++ gcc/c-family/c-format.c | 7 + gcc/c-family/c-format.h | 1 + gcc/common.opt | 28 + gcc/configure.ac | 14 +- gcc/coretypes.h | 1 + gcc/diagnostic-color.c | 3 +- gcc/diagnostic-event-id.h | 61 + gcc/diagnostic-format-json.cc | 10 +- gcc/diagnostic-path.h | 149 + gcc/diagnostic-show-locus.c | 79 +- gcc/diagnostic.c | 139 +- gcc/diagnostic.def | 5 + gcc/diagnostic.h | 36 +- gcc/digraph.cc | 188 + gcc/digraph.h | 246 + gcc/doc/analyzer.texi | 513 ++ gcc/doc/gccint.texi | 2 + gcc/doc/invoke.texi | 607 +- gcc/dwarf2out.c | 1 + gcc/gcc-rich-location.h | 4 +- gcc/gdbinit.in | 10 + gcc/graphviz.cc | 100 + gcc/graphviz.h | 53 + gcc/lto-wrapper.c | 3 + gcc/opts.c | 12 + gcc/ordered-hash-map-tests.cc | 247 + gcc/ordered-hash-map.h | 184 + gcc/passes.def | 1 + gcc/pretty-print.c | 32 + gcc/sbitmap.h | 1 + gcc/selftest-run-tests.c | 8 + gcc/selftest.h | 4 + gcc/shortest-paths.h | 145 + .../gcc.dg/analyzer/CVE-2005-1689-minimal.c | 30 + gcc/testsuite/gcc.dg/analyzer/abort.c | 72 + gcc/testsuite/gcc.dg/analyzer/alloca-leak.c | 8 + .../gcc.dg/analyzer/analyzer-decls.h | 36 + .../gcc.dg/analyzer/analyzer-verbosity-0.c | 162 + .../gcc.dg/analyzer/analyzer-verbosity-1.c | 190 + .../gcc.dg/analyzer/analyzer-verbosity-2.c | 221 + gcc/testsuite/gcc.dg/analyzer/analyzer.exp | 49 + .../gcc.dg/analyzer/attribute-nonnull.c | 81 + .../gcc.dg/analyzer/call-summaries-1.c | 14 + .../gcc.dg/analyzer/conditionals-2.c | 45 + .../gcc.dg/analyzer/conditionals-3.c | 47 + .../gcc.dg/analyzer/conditionals-notrans.c | 159 + .../gcc.dg/analyzer/conditionals-trans.c | 144 + gcc/testsuite/gcc.dg/analyzer/data-model-1.c | 1085 +++ gcc/testsuite/gcc.dg/analyzer/data-model-10.c | 17 + gcc/testsuite/gcc.dg/analyzer/data-model-11.c | 6 + gcc/testsuite/gcc.dg/analyzer/data-model-12.c | 13 + gcc/testsuite/gcc.dg/analyzer/data-model-13.c | 21 + gcc/testsuite/gcc.dg/analyzer/data-model-14.c | 24 + gcc/testsuite/gcc.dg/analyzer/data-model-15.c | 34 + gcc/testsuite/gcc.dg/analyzer/data-model-16.c | 52 + gcc/testsuite/gcc.dg/analyzer/data-model-17.c | 20 + gcc/testsuite/gcc.dg/analyzer/data-model-18.c | 22 + gcc/testsuite/gcc.dg/analyzer/data-model-19.c | 31 + gcc/testsuite/gcc.dg/analyzer/data-model-2.c | 13 + gcc/testsuite/gcc.dg/analyzer/data-model-3.c | 15 + gcc/testsuite/gcc.dg/analyzer/data-model-4.c | 16 + gcc/testsuite/gcc.dg/analyzer/data-model-5.c | 100 + gcc/testsuite/gcc.dg/analyzer/data-model-5b.c | 91 + gcc/testsuite/gcc.dg/analyzer/data-model-5c.c | 84 + gcc/testsuite/gcc.dg/analyzer/data-model-5d.c | 64 + gcc/testsuite/gcc.dg/analyzer/data-model-6.c | 14 + gcc/testsuite/gcc.dg/analyzer/data-model-7.c | 20 + gcc/testsuite/gcc.dg/analyzer/data-model-8.c | 26 + gcc/testsuite/gcc.dg/analyzer/data-model-9.c | 33 + .../gcc.dg/analyzer/data-model-path-1.c | 13 + gcc/testsuite/gcc.dg/analyzer/disabling.c | 10 + gcc/testsuite/gcc.dg/analyzer/dot-output.c | 33 + .../gcc.dg/analyzer/double-free-lto-1-a.c | 16 + .../gcc.dg/analyzer/double-free-lto-1-b.c | 8 + .../gcc.dg/analyzer/double-free-lto-1.h | 1 + gcc/testsuite/gcc.dg/analyzer/equivalence.c | 31 + gcc/testsuite/gcc.dg/analyzer/explode-1.c | 60 + gcc/testsuite/gcc.dg/analyzer/explode-2.c | 50 + gcc/testsuite/gcc.dg/analyzer/factorial.c | 7 + gcc/testsuite/gcc.dg/analyzer/fibonacci.c | 9 + gcc/testsuite/gcc.dg/analyzer/fields.c | 41 + gcc/testsuite/gcc.dg/analyzer/file-1.c | 37 + gcc/testsuite/gcc.dg/analyzer/file-2.c | 18 + .../gcc.dg/analyzer/function-ptr-1.c | 8 + .../gcc.dg/analyzer/function-ptr-2.c | 44 + .../gcc.dg/analyzer/function-ptr-3.c | 17 + gcc/testsuite/gcc.dg/analyzer/gzio-2.c | 11 + gcc/testsuite/gcc.dg/analyzer/gzio-3.c | 31 + gcc/testsuite/gcc.dg/analyzer/gzio-3a.c | 27 + gcc/testsuite/gcc.dg/analyzer/gzio.c | 17 + .../gcc.dg/analyzer/infinite-recursion.c | 55 + gcc/testsuite/gcc.dg/analyzer/loop-2.c | 37 + gcc/testsuite/gcc.dg/analyzer/loop-2a.c | 40 + gcc/testsuite/gcc.dg/analyzer/loop-3.c | 17 + gcc/testsuite/gcc.dg/analyzer/loop-4.c | 43 + gcc/testsuite/gcc.dg/analyzer/loop.c | 35 + gcc/testsuite/gcc.dg/analyzer/malloc-1.c | 585 ++ gcc/testsuite/gcc.dg/analyzer/malloc-2.c | 23 + gcc/testsuite/gcc.dg/analyzer/malloc-3.c | 8 + .../gcc.dg/analyzer/malloc-callbacks.c | 84 + gcc/testsuite/gcc.dg/analyzer/malloc-dce.c | 12 + .../gcc.dg/analyzer/malloc-dedupe-1.c | 46 + gcc/testsuite/gcc.dg/analyzer/malloc-ipa-1.c | 24 + gcc/testsuite/gcc.dg/analyzer/malloc-ipa-10.c | 32 + gcc/testsuite/gcc.dg/analyzer/malloc-ipa-11.c | 95 + gcc/testsuite/gcc.dg/analyzer/malloc-ipa-12.c | 7 + gcc/testsuite/gcc.dg/analyzer/malloc-ipa-13.c | 30 + gcc/testsuite/gcc.dg/analyzer/malloc-ipa-2.c | 34 + gcc/testsuite/gcc.dg/analyzer/malloc-ipa-3.c | 23 + gcc/testsuite/gcc.dg/analyzer/malloc-ipa-4.c | 13 + gcc/testsuite/gcc.dg/analyzer/malloc-ipa-5.c | 13 + gcc/testsuite/gcc.dg/analyzer/malloc-ipa-6.c | 22 + gcc/testsuite/gcc.dg/analyzer/malloc-ipa-7.c | 29 + .../analyzer/malloc-ipa-8-double-free.c | 172 + .../gcc.dg/analyzer/malloc-ipa-8-lto-a.c | 12 + .../gcc.dg/analyzer/malloc-ipa-8-lto-b.c | 18 + .../gcc.dg/analyzer/malloc-ipa-8-lto-c.c | 17 + .../gcc.dg/analyzer/malloc-ipa-8-lto.h | 12 + .../gcc.dg/analyzer/malloc-ipa-8-unchecked.c | 66 + gcc/testsuite/gcc.dg/analyzer/malloc-ipa-9.c | 18 + .../analyzer/malloc-macro-inline-events.c | 45 + .../analyzer/malloc-macro-separate-events.c | 15 + gcc/testsuite/gcc.dg/analyzer/malloc-macro.h | 2 + .../gcc.dg/analyzer/malloc-many-paths-1.c | 14 + .../gcc.dg/analyzer/malloc-many-paths-2.c | 30 + .../gcc.dg/analyzer/malloc-many-paths-3.c | 36 + .../gcc.dg/analyzer/malloc-paths-1.c | 15 + .../gcc.dg/analyzer/malloc-paths-10.c | 20 + .../gcc.dg/analyzer/malloc-paths-2.c | 13 + .../gcc.dg/analyzer/malloc-paths-3.c | 14 + .../gcc.dg/analyzer/malloc-paths-4.c | 20 + .../gcc.dg/analyzer/malloc-paths-5.c | 43 + .../gcc.dg/analyzer/malloc-paths-6.c | 11 + .../gcc.dg/analyzer/malloc-paths-7.c | 21 + .../gcc.dg/analyzer/malloc-paths-8.c | 54 + .../gcc.dg/analyzer/malloc-paths-9.c | 298 + .../gcc.dg/analyzer/malloc-vs-local-1a.c | 181 + .../gcc.dg/analyzer/malloc-vs-local-1b.c | 176 + .../gcc.dg/analyzer/malloc-vs-local-2.c | 179 + .../gcc.dg/analyzer/malloc-vs-local-3.c | 66 + .../gcc.dg/analyzer/malloc-vs-local-4.c | 40 + gcc/testsuite/gcc.dg/analyzer/operations.c | 44 + gcc/testsuite/gcc.dg/analyzer/params-2.c | 17 + gcc/testsuite/gcc.dg/analyzer/params.c | 34 + gcc/testsuite/gcc.dg/analyzer/paths-1.c | 18 + gcc/testsuite/gcc.dg/analyzer/paths-1a.c | 18 + gcc/testsuite/gcc.dg/analyzer/paths-2.c | 27 + gcc/testsuite/gcc.dg/analyzer/paths-3.c | 49 + gcc/testsuite/gcc.dg/analyzer/paths-4.c | 51 + gcc/testsuite/gcc.dg/analyzer/paths-5.c | 12 + gcc/testsuite/gcc.dg/analyzer/paths-6.c | 119 + gcc/testsuite/gcc.dg/analyzer/paths-7.c | 59 + .../gcc.dg/analyzer/pattern-test-1.c | 28 + .../gcc.dg/analyzer/pattern-test-2.c | 29 + .../gcc.dg/analyzer/pointer-merging.c | 16 + gcc/testsuite/gcc.dg/analyzer/pr61861.c | 2 + gcc/testsuite/gcc.dg/analyzer/pragma-1.c | 26 + gcc/testsuite/gcc.dg/analyzer/scope-1.c | 23 + gcc/testsuite/gcc.dg/analyzer/sensitive-1.c | 55 + gcc/testsuite/gcc.dg/analyzer/setjmp-1.c | 1 + gcc/testsuite/gcc.dg/analyzer/setjmp-2.c | 98 + gcc/testsuite/gcc.dg/analyzer/setjmp-3.c | 107 + gcc/testsuite/gcc.dg/analyzer/setjmp-4.c | 108 + gcc/testsuite/gcc.dg/analyzer/setjmp-5.c | 66 + gcc/testsuite/gcc.dg/analyzer/setjmp-6.c | 31 + gcc/testsuite/gcc.dg/analyzer/setjmp-7.c | 36 + gcc/testsuite/gcc.dg/analyzer/setjmp-7a.c | 110 + gcc/testsuite/gcc.dg/analyzer/setjmp-8.c | 108 + gcc/testsuite/gcc.dg/analyzer/setjmp-9.c | 110 + gcc/testsuite/gcc.dg/analyzer/signal-1.c | 31 + gcc/testsuite/gcc.dg/analyzer/signal-2.c | 34 + gcc/testsuite/gcc.dg/analyzer/signal-3.c | 23 + gcc/testsuite/gcc.dg/analyzer/signal-4a.c | 74 + gcc/testsuite/gcc.dg/analyzer/signal-4b.c | 89 + gcc/testsuite/gcc.dg/analyzer/strcmp-1.c | 35 + gcc/testsuite/gcc.dg/analyzer/switch.c | 30 + gcc/testsuite/gcc.dg/analyzer/taint-1.c | 128 + gcc/testsuite/gcc.dg/analyzer/zlib-1.c | 69 + gcc/testsuite/gcc.dg/analyzer/zlib-2.c | 51 + gcc/testsuite/gcc.dg/analyzer/zlib-3.c | 214 + gcc/testsuite/gcc.dg/analyzer/zlib-4.c | 20 + gcc/testsuite/gcc.dg/analyzer/zlib-5.c | 51 + gcc/testsuite/gcc.dg/analyzer/zlib-6.c | 47 + gcc/testsuite/gcc.dg/format/gcc_diag-10.c | 6 +- .../plugin/diagnostic-path-format-default.c | 142 + .../diagnostic-path-format-inline-events-1.c | 142 + .../diagnostic-path-format-inline-events-2.c | 154 + .../diagnostic-path-format-inline-events-3.c | 153 + .../plugin/diagnostic-path-format-none.c | 43 + .../diagnostic-path-format-separate-events.c | 44 + .../gcc.dg/plugin/diagnostic-test-paths-1.c | 38 + .../gcc.dg/plugin/diagnostic-test-paths-2.c | 56 + .../gcc.dg/plugin/diagnostic-test-paths-3.c | 38 + .../gcc.dg/plugin/diagnostic-test-paths-4.c | 83 + .../plugin/diagnostic_plugin_test_paths.c | 460 + gcc/testsuite/gcc.dg/plugin/plugin.exp | 11 + gcc/testsuite/lib/gcc-defs.exp | 21 + gcc/testsuite/lib/target-supports-dg.exp | 10 + gcc/testsuite/lib/target-supports.exp | 21 + gcc/timevar.def | 11 + gcc/toplev.c | 6 + gcc/tree-diagnostic-path.cc | 820 ++ gcc/tree-diagnostic.c | 12 +- gcc/tree-diagnostic.h | 8 + gcc/tree-pass.h | 1 + gcc/tristate.cc | 221 + gcc/tristate.h | 82 + gcc/vec.c | 27 + gcc/vec.h | 38 + libcpp/include/line-map.h | 7 + libcpp/line-map.c | 3 +- 255 files changed, 43231 insertions(+), 39 deletions(-) create mode 100644 gcc/analyzer/ChangeLog create mode 100644 gcc/analyzer/analysis-plan.cc create mode 100644 gcc/analyzer/analysis-plan.h create mode 100644 gcc/analyzer/analyzer-logging.cc create mode 100644 gcc/analyzer/analyzer-logging.h create mode 100644 gcc/analyzer/analyzer-pass.cc create mode 100644 gcc/analyzer/analyzer-selftests.cc create mode 100644 gcc/analyzer/analyzer-selftests.h create mode 100644 gcc/analyzer/analyzer.cc create mode 100644 gcc/analyzer/analyzer.h create mode 100644 gcc/analyzer/analyzer.opt create mode 100644 gcc/analyzer/call-string.cc create mode 100644 gcc/analyzer/call-string.h create mode 100644 gcc/analyzer/checker-path.cc create mode 100644 gcc/analyzer/checker-path.h create mode 100644 gcc/analyzer/constraint-manager.cc create mode 100644 gcc/analyzer/constraint-manager.h create mode 100644 gcc/analyzer/diagnostic-manager.cc create mode 100644 gcc/analyzer/diagnostic-manager.h create mode 100644 gcc/analyzer/engine.cc create mode 100644 gcc/analyzer/engine.h create mode 100644 gcc/analyzer/exploded-graph.h create mode 100644 gcc/analyzer/pending-diagnostic.cc create mode 100644 gcc/analyzer/pending-diagnostic.h create mode 100644 gcc/analyzer/program-point.cc create mode 100644 gcc/analyzer/program-point.h create mode 100644 gcc/analyzer/program-state.cc create mode 100644 gcc/analyzer/program-state.h create mode 100644 gcc/analyzer/region-model.cc create mode 100644 gcc/analyzer/region-model.h create mode 100644 gcc/analyzer/sm-file.cc create mode 100644 gcc/analyzer/sm-malloc.cc create mode 100644 gcc/analyzer/sm-malloc.dot create mode 100644 gcc/analyzer/sm-pattern-test.cc create mode 100644 gcc/analyzer/sm-sensitive.cc create mode 100644 gcc/analyzer/sm-signal.cc create mode 100644 gcc/analyzer/sm-taint.cc create mode 100644 gcc/analyzer/sm.cc create mode 100644 gcc/analyzer/sm.h create mode 100644 gcc/analyzer/state-purge.cc create mode 100644 gcc/analyzer/state-purge.h create mode 100644 gcc/analyzer/supergraph.cc create mode 100644 gcc/analyzer/supergraph.h create mode 100644 gcc/diagnostic-event-id.h create mode 100644 gcc/diagnostic-path.h create mode 100644 gcc/digraph.cc create mode 100644 gcc/digraph.h create mode 100644 gcc/doc/analyzer.texi create mode 100644 gcc/graphviz.cc create mode 100644 gcc/graphviz.h create mode 100644 gcc/ordered-hash-map-tests.cc create mode 100644 gcc/ordered-hash-map.h create mode 100644 gcc/shortest-paths.h create mode 100644 gcc/testsuite/gcc.dg/analyzer/CVE-2005-1689-minimal.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/abort.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/alloca-leak.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/analyzer-decls.h create mode 100644 gcc/testsuite/gcc.dg/analyzer/analyzer-verbosity-0.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/analyzer-verbosity-1.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/analyzer-verbosity-2.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/analyzer.exp create mode 100644 gcc/testsuite/gcc.dg/analyzer/attribute-nonnull.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/call-summaries-1.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/conditionals-2.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/conditionals-3.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/conditionals-notrans.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/conditionals-trans.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/data-model-1.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/data-model-10.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/data-model-11.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/data-model-12.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/data-model-13.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/data-model-14.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/data-model-15.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/data-model-16.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/data-model-17.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/data-model-18.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/data-model-19.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/data-model-2.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/data-model-3.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/data-model-4.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/data-model-5.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/data-model-5b.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/data-model-5c.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/data-model-5d.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/data-model-6.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/data-model-7.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/data-model-8.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/data-model-9.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/data-model-path-1.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/disabling.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/dot-output.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/double-free-lto-1-a.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/double-free-lto-1-b.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/double-free-lto-1.h create mode 100644 gcc/testsuite/gcc.dg/analyzer/equivalence.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/explode-1.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/explode-2.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/factorial.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/fibonacci.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/fields.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/file-1.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/file-2.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/function-ptr-1.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/function-ptr-2.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/function-ptr-3.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/gzio-2.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/gzio-3.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/gzio-3a.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/gzio.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/infinite-recursion.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/loop-2.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/loop-2a.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/loop-3.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/loop-4.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/loop.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-1.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-2.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-3.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-callbacks.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-dce.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-dedupe-1.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-ipa-1.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-ipa-10.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-ipa-11.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-ipa-12.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-ipa-13.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-ipa-2.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-ipa-3.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-ipa-4.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-ipa-5.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-ipa-6.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-ipa-7.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-ipa-8-double-free.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-ipa-8-lto-a.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-ipa-8-lto-b.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-ipa-8-lto-c.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-ipa-8-lto.h create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-ipa-8-unchecked.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-ipa-9.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-macro-inline-events.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-macro-separate-events.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-macro.h create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-many-paths-1.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-many-paths-2.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-many-paths-3.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-paths-1.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-paths-10.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-paths-2.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-paths-3.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-paths-4.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-paths-5.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-paths-6.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-paths-7.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-paths-8.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-paths-9.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-vs-local-1a.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-vs-local-1b.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-vs-local-2.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-vs-local-3.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-vs-local-4.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/operations.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/params-2.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/params.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/paths-1.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/paths-1a.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/paths-2.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/paths-3.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/paths-4.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/paths-5.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/paths-6.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/paths-7.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/pattern-test-1.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/pattern-test-2.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/pointer-merging.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/pr61861.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/pragma-1.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/scope-1.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/sensitive-1.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/setjmp-1.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/setjmp-2.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/setjmp-3.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/setjmp-4.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/setjmp-5.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/setjmp-6.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/setjmp-7.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/setjmp-7a.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/setjmp-8.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/setjmp-9.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/signal-1.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/signal-2.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/signal-3.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/signal-4a.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/signal-4b.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/strcmp-1.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/switch.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/taint-1.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/zlib-1.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/zlib-2.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/zlib-3.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/zlib-4.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/zlib-5.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/zlib-6.c create mode 100644 gcc/testsuite/gcc.dg/plugin/diagnostic-path-format-default.c create mode 100644 gcc/testsuite/gcc.dg/plugin/diagnostic-path-format-inline-events-1.c create mode 100644 gcc/testsuite/gcc.dg/plugin/diagnostic-path-format-inline-events-2.c create mode 100644 gcc/testsuite/gcc.dg/plugin/diagnostic-path-format-inline-events-3.c create mode 100644 gcc/testsuite/gcc.dg/plugin/diagnostic-path-format-none.c create mode 100644 gcc/testsuite/gcc.dg/plugin/diagnostic-path-format-separate-events.c create mode 100644 gcc/testsuite/gcc.dg/plugin/diagnostic-test-paths-1.c create mode 100644 gcc/testsuite/gcc.dg/plugin/diagnostic-test-paths-2.c create mode 100644 gcc/testsuite/gcc.dg/plugin/diagnostic-test-paths-3.c create mode 100644 gcc/testsuite/gcc.dg/plugin/diagnostic-test-paths-4.c create mode 100644 gcc/testsuite/gcc.dg/plugin/diagnostic_plugin_test_paths.c create mode 100644 gcc/tree-diagnostic-path.cc create mode 100644 gcc/tristate.cc create mode 100644 gcc/tristate.h